Unable to receive dhcplease from ISP

[Bill A]

Hi all,

I ran into this issue today when I decided to do some maintenance on my home 
network.  My laptop runs OpenBSD 7.2.  I attempted to get a dhcplease from 
Spectrum Internet with a direct connection to my em0 ethernet interface.  I got 
no response.  I'm having the same problem with another computer that I wanted 
to use as my firewall (also running OpenBSD, same ver).

There is no dhcpleased.conf on my laptop, as I didn't see how any defaults 
needed to change.  I also haven't had any recent issues getting a lease on it 
in other situations (yet).

Cabling is good.  A different (non-OpenBSD) firewall normally sits on this 
interface, and after I put it back, everything was working as normal.  I'm 
happy to provide any additional information as requested.

I tried this several times, cleared and shutdown the iwm0 interface, cleared 
the em0 interface, etc, this is output from the last time.

:~> more /etc/hostname.em0
inet autoconf
/etc/hostname.em0 (END)

Output from dhcpleased -d -vvv with em0 enabled for 15-20 minutes:
state_transition[iwm0] Bound -> Down, timo: 43119
state_transition[em0] Init -> Down, timo: -1
state_transition[em0] Down -> Down, timo: -1
state_transition[em0] Down -> Rebooting, timo: 1
DHCPREQUEST on em0
iface_timeout[2]: Rebooting
state_transition[em0] Rebooting -> Rebooting, timo: 2
DHCPREQUEST on em0
iface_timeout[2]: Rebooting
deleting 192.168.88.253 from em0 (lease from 0.0.0.0)
state_transition[em0] Rebooting -> Init, timo: 1
DHCPDISCOVER on em0
deconfigure_interface em0
iface_timeout[2]: Init
state_transition[em0] Init -> Init, timo: 2
DHCPDISCOVER on em0
iface_timeout[2]: Init
state_transition[em0] Init -> Init, timo: 4
DHCPDISCOVER on em0
iface_timeout[2]: Init
state_transition[em0] Init -> Init, timo: 8
DHCPDISCOVER on em0
iface_timeout[2]: Init
state_transition[em0] Init -> Init, timo: 16
DHCPDISCOVER on em0
iface_timeout[2]: Init
state_transition[em0] Init -> Init, timo: 32
DHCPDISCOVER on em0
iface_timeout[2]: Init
state_transition[em0] Init -> Init, timo: 64
DHCPDISCOVER on em0
iface_timeout[2]: Init
state_transition[em0] Init -> Init, timo: 64
DHCPDISCOVER on em0
iface_timeout[2]: Init
state_transition[em0] Init -> Init, timo: 64
DHCPDISCOVER on em0
iface_timeout[2]: Init
state_transition[em0] Init -> Init, timo: 64
DHCPDISCOVER on em0
iface_timeout[2]: Init
state_transition[em0] Init -> Init, timo: 64
DHCPDISCOVER on em0
iface_timeout[2]: Init
state_transition[em0] Init -> Init, timo: 64
DHCPDISCOVER on em0
^Cwaiting for children to terminate
frontend exiting
engine exiting
terminating
:~>


-- 
Bill Albertson

Re: OpenBSD Guest under QEMU fails with pid 1 signal 11

[Bill Zissimopoulos]

Rickard, thanks for your answer and the provided links.

I am aware of the install.conf option, but decided to use the expect method to 
be inline with how I do things on FreeBSD and NetBSD.

I believe that FreeBSD has its own method of specifying install configuration 
which is incompatible with OpenBSD. And NetBSD does not have any method as far 
as I know. So it looked to me that the most straightforward path was to use the 
same basic technique on all platforms: an expect script.

Nevertheless I will check your links and in particular the “GCE Image Import 
Post Processor” to see how it sets up OpenBSD for the GCE environment (my 
remaining task in this part of the project).

Bill


On 8/4/18, 2:17 AM, Rickard von Essen wrote:

Kind of a side note, but I use a simpler process to automate the installation 
of OpenBSD than using expect. The installer can read a config file see 1). The 
install.conf is described in the man page for autoinstall 2). I use Packer to 
create Vagrant boxes, currently only for VirtualBox, VMware, and Parallels 
Desktop, but Packer also support building on QEMU 3). The latest version, 1.2.5 
also has a googlecompute-import post-processor 4) which can take the raw disk 
image create by QEMU and import it into a GCE image (unfortunately the link to 
this is lost from the documentation so you need to use the direct link 
provided).

// Rickard

1) https://github.com/boxcutter/bsd/blob/master/openbsd.json#L6-L11
2) https://man.openbsd.org/autoinstall
3) https://www.packer.io/docs/builders/qemu.html
4) https://www.packer.io/docs/post-processors/googlecompute-import.html

On Fri, 3 Aug 2018 at 09:28, Bill Zissimopoulos 
mailto:billz...@navimatics.com>> wrote:
Mike, thank you for your multiple responses.

My intent is to use the produced images for CI on OpenBSD. Despite this issue 
the images work reasonably well. So I am planning to use them for my intended 
purpose and hope that the issue gets resolved in the future.

Bill


On 8/2/18, 7:48 PM, Mike Larkin wrote:

On Thu, Aug 02, 2018 at 05:59:41PM +, Bill Zissimopoulos wrote:
> Mike, thank you for your response.
>
> On 8/2/18, 9:07 AM, Mike Larkin wrote:
>
> 1. We've seen this message before (usually on APUs), but only a 
single time (eg,
> just one of the signal lines gets displayed). And IIRC it was a 
different signal.
>
> The only other instance of this message that I have found online is here:
>
> https://github.com/yellowman/flashrd/issues/30
>
> 2. In your case, the stream of messages seems to stop after some time 
and boot
> proceeds normally after that.
>
> You are right. Although I believe that I have seen it print the message 
endlessly as well.
>
> 3. When I built the image using your script, on the second boot, I 
saw no
> messages.
>
> I'm not sure what's causing the problem, can you try with 6.3 
release? (I'm
> assuming you are using -current here? that's what I tested also)
>
> The problem happens for me with the 6.3 release (install63.iso). I have 
not tested other releases.
>
> (I believe I tried the 6.2 release at some point, but did not complete my 
testing because it needed extensive changes to the expect script.)
>
> 4. in my test the default install location came up as http, so your 
script's
> pressing of "enter" for install path hung. I had to change the 
default location
> in the script to be cd.
>
> That does not happen for me, perhaps because of the install image I use 
(install63.iso).
>
> 5. Your customization step at the end should probably fixup /etc/ttys 
or
> you won't be able to log in to the machine via serial (since no getty 
will
> be spawned there). I sat there waiting for a while in qemu only to 
realize
> the getty was waiting on the vga console, not serial. YMMV.
>
> You are right. I have not managed to fix serial access for OpenBSD yet, 
because I focused on resolving the discussed issue first.
>
> My understanding is that the instructions at the following link should 
get serial access fully working:
>
> https://www.openbsd.org/faq/faq7.html#SerCon
>
> Bill
>
>
>

Unfortunately, I don't have any other ideas for you as to how to stop the
segvs. It is not seen on real hardware, so I'm at a loss to explain why qemu
exhibits this behaviour.

Perhaps try changing the cpu type with -cpu  ?

Re: OpenBSD Guest under QEMU fails with pid 1 signal 11

[Bill Zissimopoulos]

Mike, thank you for your multiple responses.

My intent is to use the produced images for CI on OpenBSD. Despite this issue 
the images work reasonably well. So I am planning to use them for my intended 
purpose and hope that the issue gets resolved in the future.

Bill


On 8/2/18, 7:48 PM, Mike Larkin wrote:

On Thu, Aug 02, 2018 at 05:59:41PM +, Bill Zissimopoulos wrote:
> Mike, thank you for your response.
> 
> On 8/2/18, 9:07 AM, Mike Larkin wrote:
> 
> 1. We've seen this message before (usually on APUs), but only a 
single time (eg,
> just one of the signal lines gets displayed). And IIRC it was a 
different signal.
> 
> The only other instance of this message that I have found online is here:
> 
> https://github.com/yellowman/flashrd/issues/30
> 
> 2. In your case, the stream of messages seems to stop after some time 
and boot
> proceeds normally after that.
> 
> You are right. Although I believe that I have seen it print the message 
endlessly as well.
> 
> 3. When I built the image using your script, on the second boot, I 
saw no
> messages.
> 
> I'm not sure what's causing the problem, can you try with 6.3 
release? (I'm
> assuming you are using -current here? that's what I tested also)
> 
> The problem happens for me with the 6.3 release (install63.iso). I have 
not tested other releases.
> 
> (I believe I tried the 6.2 release at some point, but did not complete my 
testing because it needed extensive changes to the expect script.)
> 
> 4. in my test the default install location came up as http, so your 
script's
> pressing of "enter" for install path hung. I had to change the 
default location
> in the script to be cd.
> 
> That does not happen for me, perhaps because of the install image I use 
(install63.iso).
> 
> 5. Your customization step at the end should probably fixup /etc/ttys 
or
> you won't be able to log in to the machine via serial (since no getty 
will
> be spawned there). I sat there waiting for a while in qemu only to 
realize
> the getty was waiting on the vga console, not serial. YMMV.
> 
> You are right. I have not managed to fix serial access for OpenBSD yet, 
because I focused on resolving the discussed issue first.
> 
> My understanding is that the instructions at the following link should 
get serial access fully working:
> 
> https://www.openbsd.org/faq/faq7.html#SerCon
> 
> Bill
> 
>  
> 

Unfortunately, I don't have any other ideas for you as to how to stop the 
segvs. It is not seen on real hardware, so I'm at a loss to explain why qemu
exhibits this behaviour.

Perhaps try changing the cpu type with -cpu  ?

Re: OpenBSD Guest under QEMU fails with pid 1 signal 11

[Bill Zissimopoulos]

Mike, thank you for your response.

On 8/2/18, 9:07 AM, Mike Larkin wrote:

1. We've seen this message before (usually on APUs), but only a single time 
(eg,
just one of the signal lines gets displayed). And IIRC it was a different 
signal.

The only other instance of this message that I have found online is here:

https://github.com/yellowman/flashrd/issues/30

2. In your case, the stream of messages seems to stop after some time and 
boot
proceeds normally after that.

You are right. Although I believe that I have seen it print the message 
endlessly as well.

3. When I built the image using your script, on the second boot, I saw no
messages.

I'm not sure what's causing the problem, can you try with 6.3 release? (I'm
assuming you are using -current here? that's what I tested also)

The problem happens for me with the 6.3 release (install63.iso). I have not 
tested other releases.

(I believe I tried the 6.2 release at some point, but did not complete my 
testing because it needed extensive changes to the expect script.)

4. in my test the default install location came up as http, so your script's
pressing of "enter" for install path hung. I had to change the default 
location
in the script to be cd.

That does not happen for me, perhaps because of the install image I use 
(install63.iso).

5. Your customization step at the end should probably fixup /etc/ttys or
you won't be able to log in to the machine via serial (since no getty will
be spawned there). I sat there waiting for a while in qemu only to realize
the getty was waiting on the vga console, not serial. YMMV.

You are right. I have not managed to fix serial access for OpenBSD yet, because 
I focused on resolving the discussed issue first.

My understanding is that the instructions at the following link should get 
serial access fully working:

https://www.openbsd.org/faq/faq7.html#SerCon

Bill

 

OpenBSD Guest under QEMU fails with pid 1 signal 11

[Bill Zissimopoulos]

I am trying to create OpenBSD images for use in Google Compute Engine using an 
expect script [1]. The expect script is able to drive the OpenBSD installation 
process successfully, but the created images fail to boot cleanly with a long 
stream of "Process (pid 1) got signal 11".

To reproduce try the following (please note that all my tests are on a macOS 
host with QEMU installed):

- Clone the GitHub project at [2]
- Assuming you have QEMU installed and install63.iso downloaded try the command:
./imgtool PATH/TO/install63.iso openbsd/base
- The openbsd/base expect script will boot the image and you should see the 
stream of "Process (pid 1) got signal 11". If not, try running the created 
image:
./imgtool install63-base.tar.gz shared/run

Thank you for your help.

Bill

[1] https://github.com/billziss-gh/pmci.img/blob/master/openbsd/base
[2] https://github.com/billziss-gh/pmci.img

man.openbsd.org via HTTPS

[Peter Bill]

I found a website that provides man.openbsd.org via HTTPS: 

https://twitter.com/FiloSottile/status/845068942762762241

https://man.filippo.io/

Have a great weekend!

OpenBGPD traps and triggers

[Bill Buhler]

Hi,

 

I've been through the man pages a couple of times and am not seeing what I'm
looking for. I have a couple of OpenBSD machines running BGP sessions with
my ISPs. Yesterday one of the IPv6 sessions went down and I didn't notice
for quite a while..

 

This got me looking for some kind of trigger / trap that would automatically
alert me if a BGP session went down, or was flapping. I couldn't see any
provision in the man page to execute a external script, and no mention of
SNMP. So is there such a feature I missed?

 

I the short term I hacked together a cron job that parses the output of:
bgpctl show status terse to send me email alerts, but I'd prefer to not be
depending on polling if at all possible.

 

Thanks,

 

Bill Buhler

[demime 1.01d removed an attachment of type application/pkcs7-signature which 
had a name of smime.p7s]

Re: Trouble with automatic IPv6

[Bill Buhler]

OK,

I've upgraded from 5.8 to 5.9, I'm now getting routes, but they point to a
link-local address and it won't route past that address. Is a link local
address a usual default gateway?

Thanks,

Bill Buhler

-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
Bill Buhler
Sent: Saturday, June 11, 2016 12:15 PM
To: misc@openbsd.org
Subject: Trouble with automatic IPv6

Hi,

 

One of the virtual hosting services I'm using requires the use of router
detection under IPv6 to get the valid default routes. Since 5.7 removed
rtsol I can't figure out how to get this to look. My interface configuration
is pretty simple:

 

/etc/hostname.vio0:

dhcp

rtsol

 

Any suggestions?

 

Bill Buhler

[demime 1.01d removed an attachment of type application/pkcs7-signature
which had a name of smime.p7s]

[demime 1.01d removed an attachment of type application/pkcs7-signature which 
had a name of smime.p7s]

Trouble with automatic IPv6

[Bill Buhler]

Hi,

 

One of the virtual hosting services I'm using requires the use of router
detection under IPv6 to get the valid default routes. Since 5.7 removed
rtsol I can't figure out how to get this to look. My interface configuration
is pretty simple:

 

/etc/hostname.vio0:

dhcp

rtsol

 

Any suggestions?

 

Bill Buhler

[demime 1.01d removed an attachment of type application/pkcs7-signature which 
had a name of smime.p7s]

Re: Maintaining CAs not in cert.pem

[Bill Buhler]

If you are doing it right your CA private key is on a different machine
without network connectivity.

-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
Giancarlo Razzolini
Sent: Friday, July 31, 2015 9:34 AM
To: Peter Hessler; li...@wrant.com
Cc: misc@openbsd.org
Subject: Re: Maintaining CAs not in cert.pem

Em 31-07-2015 03:07, Peter Hessler escreveu:
 this is a real problem for real people.
Which was pretty much solved with PKP [0]. As I mentioned, custom CA's have
their uses, but in the end, they are just one more thing waiting to bite you
in the ass. You can pretend to have a decent OPSEC for a while, but in the
end you CA private key will end up being on the same machine your certs are
being used. With PKP you can disregard the CA completely, but your
certificate will be recognized on pretty much every device.
It's nice that the discussion spawned a change in the way how the certs.pem
is handled on system upgrades, but moving it to examples is not a solution
(shouldn't even be discussed ironically). The bottom line is, want your own
CA, deal with it.

[0] http://tools.ietf.org/html/rfc7469

Router performance amd64 vs i386

[Bill Buhler]

I'm preparing a new flash image for an Intel Atom dual core based router
with 2gb of ram. I'm curious if there are current comments on the current
performance of the two platforms? I know in the past the i386 was actually
faster at things like PF, but that was several years ago.

 

Thanks,

 

Bill Buhler

Re: route show does not show routes announce by BGP on OpenBSD 5.5 i386

[Bill Buhler]

I can't tell from your output, are your BGP neighbors more than one hop 
away? If so you will need to add a static route to each neighbor before 
it will start filling in the local routing table.


If that doesn't work, could you give us excerpts of the bgpd.conf file 
and a rough overview of your routing topology?


Thanks,

Bill

On 5/13/2015 8:58 AM, Motty Cruz wrote:
running the command route show does not get the full internet 
routing table as I should. However, if I run bgpctl show rib I get 
the full routing table. Router is routing packets fine, however, I am 
concern that something may be wrong.


any explanation as to why this is happening?

# bgpctl show
Neighbor   ASMsgRcvdMsgSent  OutQ Up/Down 
State/PrfRcvd
level27X32 100853278 0 
02:17:31 532191
level17X32300278 0 
02:17:16  1
gateway2  22X8274272 0 
02:15:01  1
gateway1  22X8274272 0 
02:15:01  1


#netstat -rn
Routing tables

Internet:
DestinationGatewayFlags   Refs  Use   Mtu Prio 
Iface

default19.25.16.13 UGS1 8485 - 8 em0
19.25.16.12/30  link#1 UC 10 - 4 em0
19.25.16.13 2c:6b:f5:a4:df:40  UHLc   2  583 - 4 em0
127/8  127.0.0.1  UGRS   00 33192 
8 lo0
127.0.0.1  127.0.0.1  UH 10 33192 
4 lo0

19.16.26/24   199.96.38.85   UGS0   882702 - 8 em1


Thanks,

Re: ntpd.conf - add ability to read servers from an include file?

[Nex6|Bill]

 On Jan 29, 2015, at 10:10 AM, Theo de Raadt dera...@cvs.openbsd.org
wrote:

 Basically for the sake of automated deployments it would be nice / clean
 to be able to do :

 includeservers /path/to/file

 And then read them all from the file.  And the same file would be used
 as a table in pf.conf for NTP FW rules.  One server per line.

 This would make initial deployments easier to automate (no need to
 programmatically alter the config file), and then if you need to change
 your NTP servers post-deployment it is cleaner as well with less chance
 of human error. i.e. changing pf.conf is riskier than changing ntpd.conf

 I do not see much value in these nested include mechanisms.  Honestly,
 OpenBSD is now shipping without a ntpd.conf file.  You create this
 file, thus you own it.  Having you create a file (ntpd.conf) which
 points to another file (/etc/serverlist?) you also create, that is
 kind of crazy.

 /etc/pf.conf is also on my list for removal as well, so that it
 becomes more of a user-owned file.  The idea here is that you would
 look at the examples, and then create your own, and upgrades /
 sysmerge would not touch your file.

 I believe if we do this right, it will prod people towards creating
 narrower role-specific configurations for their machines.


having simpler config models, and narrow roles would be a good thing.

-Nex6

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: What are the disadvantages of soft updates?

[Nex6|Bill]

 On Jan 23, 2015, at 6:47 PM, Steve Shockley steve.shock...@shockley.net
wrote:

 On 1/22/2015 9:13 AM, Reyk Floeter wrote:
 What release and what virtualized SCSI controller where you using?

 I found my old notes, it turns out it was on 4.6 and the crash message was:

 softdep_setup_freeblocks: got error 5 while accessing filesystem
 dev = 0x404, block = 1315, fs = /var
 panic: ffs_blkfree: freeing free frag
 Stopped at  Debugger+0x4:   leave

 I have screenshots of trace and ps I can send if interested, but I'm sure a
lot has been fixed in the interim.  I can also attempt to reproduce on
-current if you want, but even at its worst it'd stay up for a month or two
before crashing.


I noticed, that with Nix machines and ESXi/SAN setups is that nix is not very
forgiving to SAN issues.

-Nex6

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: What are the disadvantages of soft updates?

[Nex6|Bill]

 On Jan 23, 2015, at 12:53 PM, Ingo Schwarze schwa...@usta.de wrote:
 
 Hi Predrag,
 
 Predrag Punosevac wrote on Fri, Jan 23, 2015 at 03:24:00PM -0500:
 
 I was following this discussion with the great interest but without
 intend to participate in it until today.
 
 Namely one of my OpenBSD servers (5.6 sparc64) runs Mollify and last
 night I received an e-mail from an angry user who could not upload files
 (the upload will fail or upload the file with file size zero). After
 running df I noticed that /tmp was 100% full (4GB used) but the size of
 individual files was only 12Kb.
 
 That is unlikely to be due to softdep.  The usual reason for a file
 system to be actually full and seemingly almost empty at the same
 time is somebody doing the following sequence of operations:
 
 - open(2) a file for writing
 - writing a lot of data until the file system is full
 - unlink(2) the file
 - keep the process running that open(2)'ed it
 - let that process keep the file open and *not* close(2) it
 
 Specifically, in /tmp, anybody can do that.
 
 I thought for a second and I remember seeing this with HAMMER on DF.
 
 The above works with almost any file system.
 
 Long story short I checked /etc/fstab and
 sure enough I had rw,softdep next to each partition including tmp. I
 removed softdep rebooted the sytem and /tmp usage dropped to 0%.
 
 That's not likely to be related to softdep either.  Chances are
 just rebooting would have solved the issue as well - simply because
 rebooting terminates all running processes, and consequently closes
 all open files.
 
 What you should have done instead was run fstat(1), look for processes
 having files open in /tmp, use ls(1) -iRa /tmp to find the inode
 numbers of linked files in /tmp, and kill the processes having files
 open that were *not* linked until you found the one having the big
 file open - and then have a friendly talk with the responsible user,
 if any, or figure out what went wrong in case some daemon process
 caused the issue.
 
 My questions is which partitions should be mounted with softdep
 option?
 
 I'm not an expert on that and hardly ever use softdep, but i'd say
 on file systems where file create/delete performance is *critically*
 important, performace has been clearly demonstrated to be insufficient
 without softdep, and you consider data loss harmless.
 
 Is there a way to prune metadata which will save me for problems like
 the one I encountered last night.
 
 I'm not convinced that's a good question to ask.
 
 Yours,
  Ingo
 



This email/post has some very good information in it.  Thanks


-Nex6

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: What are the disadvantages of soft updates?

[Nex6|Bill]

 On Jan 28, 2015, at 9:03 PM, Ted Unangst t...@tedunangst.com wrote:

 On Fri, Jan 23, 2015 at 21:47, Steve Shockley wrote:
 On 1/22/2015 9:13 AM, Reyk Floeter wrote:
 What release and what virtualized SCSI controller where you using?

 I found my old notes, it turns out it was on 4.6 and the crash message
was:

 softdep_setup_freeblocks: got error 5 while accessing filesystem
 dev = 0x404, block = 1315, fs = /var
 panic: ffs_blkfree: freeing free frag
 Stopped at  Debugger+0x4:   leave

 error 5 is EIO, input/output error. softdep does not support disks
 that don't work, to put it bluntly. The original FFS code can cope
 with disk failure by backing out of the operation, but soft updates
 reorders things and can't undo what's already been done.


bad multi-path routes, or having bad disks in the array.

-Nex6

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: security - pass the hash style attacks?

[Nex6|Bill]

On Nov 3, 2014, at 4:28 AM, Jérémie Courrèges-Anglas j...@wxcvbn.org wrote:

 Philip Guenther guent...@gmail.com writes:

 [apologies for the contentless previous message]

 On Sun, Nov 2, 2014 at 4:43 PM, Philip Guenther guent...@gmail.com
wrote:
 On Sun, Nov 2, 2014 at 4:41 PM, Nex6|Bill n6gh...@yahoo.com wrote:
 ...
 what about kerberos? (windows K5 vs Unix K5?)

 There's a bunch of *really good* papers on Kerberos's design which
 discuss exactly these sorts of issues and how they are addressed or
 completely avoided.  I remember finding the one cast as a dialog
 between two system programmers (one named Athena...) as a good intro
 on this stuff.

 Yup.  First tutorial link on this page:

  http://web.mit.edu/kerberos/papers.html

 --
 jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE


Here is a pretty good blackhat talk about this:  though its windows specific
the gist of it is Kerberos is just as
broken as NTLM.  since enforcement is client side….


-Nex6

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

security - pass the hash style attacks?

[Nex6|Bill]

I know, that “pass the hash” is now getting a lot of playtime on windows. and
I have heard in a couple of talks
that its directly related to “SSO” part of the OS, and may be part of posix?

is OpenBSD, or BSD in general vulnerable to these style attacks? or just the
normal unix dump the password /etc/passwd table for offline attacks sorts of
stuff?

Thoughts


-Nex6

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: OpenBSD 5.6 Released

[Nex6|Bill]

I see, TCP wrappers has been removed i am assuming  using only PF is the
practice for stuff people who where using TCP wrappers for…

and, thanks for the hard work…



-Nex6


On Nov 1, 2014, at 10:22 AM, Antoine Jacoutot ajacou...@openbsd.org wrote:

 November 1, 2014.

 We are pleased to announce the official release of OpenBSD 5.6.
 This is our 36th release on CD-ROM (and 37th via FTP/HTTP).  We remain
 proud of OpenBSD's record of more than ten years with only two remote
 holes in the default install.

 As in our previous releases, 5.6 provides significant improvements,
 including new features, in nearly all areas of the system:

 - LibreSSL:
o This release forks OpenSSL into LibreSSL, a version of the
  TLS/crypto stack with goals of modernizing the codebase, improving
  security, and applying best practice development processes.
o No support for legacy MacOS, Netware, OS/2, VMS and Windows
  platforms, as well as antique compilers.
o Removal of the IBM 4758, Broadcom ubsec, Sureware, Nuron, GOST,
  GMP, CSwift, CHIL, CAPI, Atalla and AEP engines, either because
  the hardware is irrelevant, or because they require external
  non-free libraries to work.
o No support for FIPS-140 compliance.
o No EBCDIC support.
o No support for big-endian i386 and amd64 platforms.
o Use standard routines from the C library (malloc, strdup,
  snprintf...) instead of rolling our own, sometimes badly.
o Remove the old OpenSSL PRNG, and rely upon arc4random_buf from
  libc for all the entropy needs.
o Remove the MD2 and SEED algorithms.
o Remove J-PAKE, PSK and SRP (mis)features.
o Aggressive cleaning of BN memory when no longer used.
o No support for Kerberos.
o No support for SSLv2.
o No support for the questionable DTLS heartbeat extension.
o No support for TLS compression.
o No support for US-Export SSL ciphers.
o Do not use the current time as a random seed in libssl.
o Support for ChaCha and Poly1305 algorithm.
o Support for Brainpool and ANSSI elliptic curves.
o Support for AES-GCM and ChaCha20-Poly1305 AEAD modes.

 - Improved hardware support, including:
o SCSI Multipathing support via mpath(4) and associated path drivers
  on several architectures.
o New qlw(4) driver for QLogic ISP SCSI HBAs.
o New qla(4) driver for QLogic ISP2100/2200/2300 Fibre Channel HBAs.
o New upd(4) sensor driver for USB Power Devices (UPS).
o New brswphy(4) driver for Broadcom BCM53xx 10/100/1000TX Ethernet
  PHYs.
o New uscom(4) driver for simple USB serial adapters.
o New axen(4) driver for ASIX Electronics AX88179 10/100/Gigabit USB
  Ethernet devices.
o The inteldrm(4) and radeondrm(4) drivers have improved
  suspend/resume support.
o The userland interface for the agp(4) driver has been removed.
o The rtsx(4) driver now supports card readers based on the RTS5227
  and RTL8402 chipsets.
o The firmware for the run(4) driver has been updated to version 0.33.
o The run(4) driver now supports devices based on the RT3900E
  chipset.
o The zyd(4) driver, which was broken for some time, has been fixed.
o The bwi(4) driver now works in systems with more than 1GB of RAM.
o The re(4) driver now supports devices based on the RTL8168EP/8111EP,
  RTL8168G/8111G, and RTL8168GU/8111GU chipsets.

 - Generic network stack improvements:
o divert(4) now supports checksum offload.
o IPv6 is now turned off on new interfaces by default. Assigning an
  IPv6 address will enable IPv6 on an interface.
o Support for RFC4620 IPv6 Node Information Queries has been removed.
o The kernel no longer supports the SO_DONTROUTE socket option.
o The getaddrinfo(3) function now supports the AI_ADDRCONFIG flag
  defined in RFC 3493.
o Include router alert option (RAO) in IGMP packets, as required by
  RFC2236.
o ALTQ has been removed.
o The hash table for Protocol Control Block (PCB) of TCP and UDP now
  resize automatically on load.

 - Installer improvements:
o Remove ftp and tape as install methods.
o Preserve the disklabel (and next 6 blocks) when installing boot
  block on 4k-sector disk drives.
o Change the Server? question to HTTP Server? to allow unambiguous
  autoinstall(8) handling.
o Allow autoinstall(8) to fetch and install sets from multiple
  locations.
o Many sample configuration files have moved from /etc to
  /etc/examples.

 - Routing daemons and other userland network improvements:
o When used with the -v flag, tcpdump(8) now shows the actual bad
  checksum within the IP/protocol header itself and what the good
  checksum should be.
o ftp(1) now allows its User-Agent to be changed via the -U
  command-line option.
o The -r option of ping(8) and traceroute(8) has been removed.
o ifconfig(8) can now explicitly assign an IPv6 link-local address

Re: security - pass the hash style attacks?

[Nex6|Bill]

On Nov 2, 2014, at 4:30 PM, Philip Guenther guent...@gmail.com wrote:

 On Sun, Nov 2, 2014 at 4:05 PM, Nex6|Bill n6gh...@yahoo.com wrote:
 I know, that “pass the hash” is now getting a lot of playtime on windows.
and
 I have heard in a couple of talks
 that its directly related to “SSO” part of the OS, and may be part of
posix?

 Nope.  It's just a bad (as in, completely broken) design for the NTLM
 and LanMan authentication protocols.

So, any machine/OS thats authenticating to a PtH vulnerable protocol namely
Lanman/NTLM would be vulnerable to this no matter the OS.

what about kerberos? (windows K5 vs Unix K5?)




 is OpenBSD, or BSD in general vulnerable to these style attacks?

 The vulnerability is the authentication protocol/method, independent
 the operating system.
 If you used NTLM or LanMan password authentication on OpenBSD,  you
 would be vulnerable.
 You would also have to be insane.


 or just the normal unix dump the password /etc/passwd table for offline
attacks sorts of
 stuff?

 For the authentication methods in base, correct.

so, for OpenBSD you would have to get the /etc/passwd for an offline attack on
the password hashes
and for that they would need a user account to logon to the system. Or to have
compromised the system in such a
way as they could copy /etc/passwd.

other types of attacks would be brut force against SSHD sorts of stuff which
could be detected and mitagated.






 Philip Guenther

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Laptop Support?

[Nex6|Bill]

I may be changing positions, so may be getting a new laptop. Would like to 
request one the has good OpenBSD support. What are some models that are well
supported?

-Nex6

alias's - ksh

[Nex6|Bill]

Kinda new to OpenBSD, (have a couple of 5.4 installs in VMs); whats the 
standard for alias's? i added it to the .profile but some googling seems to
indicate that that wont work. that you have to export, and do an .kshrc file? 
so whats the standard?

-Nex6

laptop support for HP 8540W

[Nex6|Bill]

anyone know how well an HP8540W is supported?

Re: SHA256.sig missing from install55.iso

[Bill Hacker]

Kevin Chadwick ma1l1ists at yahoo.co.uk writes:

 
 previously on this list frantisek holop contributed:
 
  the lack of the same file is stopping sysmerge
  from working.
 
 I'm sure you know but just in case, -S skips the check which you can do
 manually as Theo mentioned.
 

Also - unless I am having a(nother) Seniour Moment - a non-issue if one cp's
the xetc** source over to r/w media, manually adds the separately-pulled SHA
goods in the same dirtree...

Bill

Gnome and OpenBSD 5.4

[Nex6|Bill]

I am trying to get Gnome to work, and its giving me fits. I tryed to follow
this link:
Tutorial: Install Gnome Desktop and Gnome Display Manager on
OpenBSD 4.8 - GabSoftware


for the most part, but now instead of boot to gdm
or xdm it boots to the console and when I startx. it 
says file
/root/.serverauth does not exist. 

any ideas? on what i missed?

-Nex6

Re: cheapest firewall?

[Bill Albertson]

An Alix fanless low power dual nic system with case and power supply goes
for $120ish.  Has slots for 2 mini pci wireless cards.  Add an antenna and
pigtail for another $15 or so, or use a USB wifi card.  Anything more
expensive is going to be a Soekris.

I would only buy a mini-pci PC board if I had the existing case for it
(which I have done recently, for that reason, but for the fan equipped
version of this board).  Otherwise, all of the RAM and everything else is
going to cost extra- which is fine if the firewall is for more than just
firewalling, light vpn, and such.  Buying the board, ram, and anything
extra for the case is going to still cost more than an Alix based system.


On Tue, Feb 4, 2014 at 11:42 AM, Theophile Envt theo.e...@gmail.com wrote:

  Gigabyte GA-C1037UN-EU  motherboard ? 2 Lan fanless...


 2014-02-01 Adam s...@my-balls.com:

  Any suggestions for the cheapest possible firewall (that is new hardware
  not re-purposing some old stuff)?  All I need is 2 ethernet interfaces
 and
  for it to run openbsd.

Re: Request for Funding our Electricity

[Bill Albertson]

On Fri, Jan 17, 2014 at 12:23 PM, Christopher Ahrens n...@leviacomm.netwrote:

 Kevin Lyda wrote:

 Regarding the less architecture support to save electricity
 argument, I'm not sure one follows the other. Computing power has
 grown to a point that emulators are perfectly valid - particularly for
 older systems.

 I think a push to package and maintain emulators for many of these
 older architectures would be beneficial in many ways. There's some
 amount of this already - there are instructions for the simh simulator
 for the VAX arch for instance. The obvious benefits I couldd see would
 be:

 1) You could spin up builds on them w/ little to no effect on electricity
 usage.
 2) Even if the OpenBSD foundation's arch X machine dies, there would
 still be infrastructure to maintain the port.
 3) It would widen the possible number of developers if people could
 spin up older architectures in an emulator.
 4) It would make OpenBSD a valuable tool for accessing older media and
 documenting older architectures.

 I know emulators are not perfect, so a physical machine would be
 superior.  But if there was some encouragement for emulators for archs
 I think those would be useful benefits.



 Even if emulators did work, you still have a couple of problems:

 *Instructions are executed as they should, not how they actually work
 *instructions will, at best, take a two instructions on the host if
  the architectures and endianness match; if not:
   The instruction has to matched against a lookup table and if there
   is a single equivalent instruction to do the same thing and you have
   the same endianness, that is three processors cycles.  If its
   different endianness, then you now have between 32 and 128 more
   instructions (convert to the host endianness then back for 16 to
   64-bit archs)
   Now if there isn't an equivalent instructions (welcome to the
   difference between CISC and RISC machines)  you are probably going to
   have to run two all the way up to a couple dozen instructions to
   emulate just one, plus you still have the same problem with
   endianness like before
 *assuming all the above works, you are still tripling the effort in
  debugging because now you have to determine if the bug is in the
  emulated environment, the emulator itself, or the host OS.
 *Even if the above still works perfectly, you will still miss all the
  bugs caused by memory alignment (the host will fix any of that), which
  are the most common we find or the host ends up adding new ones.

 But all this is ignoring the real purpose of running on real hardware
 which is that the same code runs on all the boxes, so if one of them
 outputs something unexpected from the other machines, we know something
 is wrong.

 The only way to reduce our power for the older archs is if someone were
 able to re-build the entire system on more power-efficient,
 bug-compatible chips

  Support for multiple archs brings interest and exposes bad code in
 ways limited arch support does not.


 Exactly

  Dropping that to save electricity
 is not a valid reason with today's compute power.

 Anyway, it's been a long time since I did stuff with OpenBSD, but I
 think it would be a shame to drop such support. So I'll back up my
 words with some cash.  And if I get a roundtuit, perhaps some code or
 docs as well.


 Please continue to do this.  Cash, code and correct docs help OpenBSD,
 dreaming doesn't.


 Kevin



 And now to paraphrase Theo:
 Shut up, donate, and hack.


Please continue to do this.  Cash, code and correct docs help OpenBSD,
dreaming doesn't.

I've donated $20 a month in perpetuity via
http://www.openbsdfoundation.org/donations.html.  The community needs less
than 99 other donors willing to admit that OpenBSD is worth more than a
pizza.  This doesn't even begin to make up for the benefit I've received
from the project, but it is a start.

A small suggested change to the OpenBSD.org page header- put a donate
button and a small message under the header picture.  We need X financial
maintainers @ $20 a month.  I completely forgot that I could donate until
I saw this thread come up on reddit.com/r/programming, and it didn't even
occur to me that I should be donating monthly until I read the thread.
 Sometimes, you just have to be that obvious to people, and it may be
easier to ask for a few new donors every so often than to be beholden to a
single large donor.

mount partitions from old softRAID

[Bill Clay]

A while ago, I had 2 disks combined in RAID-1 with softraid
Later, 1 disk died. I just removed and kept the good
remaining disk and now I want to grab some files off of it.

The drive shows up as sd1 in dmesg
$disklabel sd1
shows that the partition in question is d and has fstype RAID
but it won't let me
$mount /dev/sd1d /mnt/disk_d

If I remember correctly, the RAID was itself (sub?)partitioned
(is that the right terminology?)
I don't want to rebuild it, or recover it,
I just want to get access and copy some of the files off of it.

So, what is the best recommended way to mount and get access
to the files on a partition with fstype RAID?

thanks

Re: www.openbsd.org down?

[Bill Swisher]

On 06/25/2013 07:10 AM, Alexander Hall wrote:

Can someone please test from Burundi, Johannesburg and Minsk? Because that 
would probably also be really really really interesting.


It works from Anchorage Alaska, if that helps.

GAGNANT(E) MICROSOFT 2012

[BILL GATES FONDATION]

Honorable lauréat(e),
Ceci n'est pas un virus ni un spam, nous  vous  contactons par cette missive
afin de vous informer de votre Gain de 250.000 euros (Deux Cent Cinquante
Mille Euros) de la loterie BILL GATES FONDATION.
Veuillez compléter le formulaire ci dessous  et contacter  l'autorité chargée
de votre remise de gain.

NOM:.
PRENOM:..
TELEPHONE:...
PAYS:
PROFESSION:.


CONTACT HUISSIER
MAITRE KARL JONES DAY
Téléphone : 0044 704 570 2287 / FAX: 0044 703 182 0617
Email :avocatgatesfondat...@mail.mn


Cordialement.
CHRISTOPHER BOSWELL
Du conseil de la loterie
BILL GATES FONDATION

Re: time kepping using GPS

[Bill Dunshie]

Thank you very much Mr de Raadt, for the very complete and insightful 
information regarding GPS  the interaction and actions of clocks with 
their signal, and loss thereof.


On 3/20/2012 11:49 AM, Theo de Raadt wrote:
 some insights for people using GPS for very critical server time keeping
 http://www.dw.de/dw/article/0,,15817272,00.html
 This misses the point in a rather large way.

 Most of this jamming makes the true GPS signal hard to receive.

 When the signal cannot be received, the existing free-running clocks
 in various parts of the system keep working.  Since the subsystem as
 a whole has learned the 1st, 2nd, and hopefully 3rd and further
 derivatives to tune itself and predicively pace, everything works out.
 Until the GPS signal or whatever else comes back.

 Oh my god, sometimes we use net, and we can't talk to remote
 Internet-based ntp services. Except that's the point -- we only pay
 attention to the remote services (ntp or gps) to learn how to tune
 various adjustments to the free-running clocks.

 Furthermore, some GPS receivers will keep feeding their own
 free-running clocks but say the service is degraded.  It is not like
 that free-running clock on the GPS is going to go wonky immediately.

 It is being jammed.  It is not being spoofed.

 The end result is that the clock does not go crazy.  It remains stable
 and the best effort result is good enough.

 So enough of this oh my god, it is all going to go wrong balony.

Dhcpd.conf

[Bill Meigs]

If the name after host starts with a number, I get an error in 
/var/log/messages and dhcpd fails to load.


host 5tbgx280 {
hardware ethernet 00:11:43:2f:87:d5;
fixed-address 192.168.1.112;
}

Nov 17 10:53:57 pj dhcpd[8557]: /etc/dhcpd.conf line 115: expecting left 
brace.

Nov 17 10:53:57 pj dhcpd[8557]: host 5tbgx280


Starting the name with a letter fixes the error.

I did not find any info on the acceptable format of the host statement
in the dhcpd.conf man entry.

Is this an oversight on my part, or something that might documented 
elsewhere?


Thanks,
Bill

OpenBSD 5.0 GENERIC#71 i386

OpenBSD 5.0-current (GENERIC) #71: Fri Oct  7 12:57:13 MDT 2011
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz (GenuineIntel 
686-class) 3 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1

real mem  = 3487547392 (3325MB)
avail mem = 3420450816 (3261MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 12/19/08, BIOS32 rev. 0 @ 0xfdba0, 
SMBIOS rev. 2.5 @ 0xcfedf000 (39 entries)

bios0: vendor Phoenix Technologies LTD version 1.2a date 12/19/2008
bios0: Supermicro X7SBL
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT FACP _MAR TCPA MCFG HPET APIC BOOT SPCR ERST HEST 
BERT EINJ SLIC SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT
acpi0: wakeup devices PEG_(S5) PEX_(S5) LAN_(S5) USB4(S5) USB5(S5) 
USB7(S5) ESB2(S5) EXP1(S5) EXP5(S5) EXP6(S5) USB1(S5) USB2(S5) USB3(S5) 
USB6(S5) ESB1(S5) PCIB(S5) KBC0(S1) MSE0(S1) COM1(S5) COM2(S5) PWRB(S3)

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimcfg0 at acpi0 addr 0xe000, bus 0-16
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 332MHz
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG_)
acpiprt2 at acpi0: bus -1 (PEX_)
acpiprt3 at acpi0: bus 5 (EXP1)
acpiprt4 at acpi0: bus 13 (EXP5)
acpiprt5 at acpi0: bus 15 (EXP6)
acpiprt6 at acpi0: bus 17 (PCIB)
acpicpu0 at acpi0: C3, PSS
acpibtn0 at acpi0: PWRB
acpivideo0 at acpi0: IGD0
bios0: ROM list: 0xc/0x8000 0xc8000/0x2a00! 0xcaa00/0x1000
ipmi at mainbus0 not configured
cpu0: Enhanced SpeedStep 2993 MHz: speeds: 3000, 2667, 2333, 2000 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel 3200/3210 Host rev 0x01
uhci0 at pci0 dev 26 function 0 Intel 82801I USB rev 0x02: apic 2 int 16
uhci1 at pci0 dev 26 function 1 Intel 82801I USB rev 0x02: apic 2 int 17
uhci2 at pci0 dev 26 function 2 Intel 82801I USB rev 0x02: apic 2 int 18
ehci0 at pci0 dev 26 function 7 Intel 82801I USB rev 0x02: apic 2 int 18
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb0 at pci0 dev 28 function 0 Intel 82801I PCIE rev 0x02: apic 2 int 16
pci1 at ppb0 bus 5
ppb1 at pci0 dev 28 function 4 Intel 82801I PCIE rev 0x02: apic 2 int 16
pci2 at ppb1 bus 13
em0 at pci2 dev 0 function 0 Intel PRO/1000MT (82573E) rev 0x03: msi, 
address 00:25:90:25:44:d8

ppb2 at pci0 dev 28 function 5 Intel 82801I PCIE rev 0x02: apic 2 int 17
pci3 at ppb2 bus 15
em1 at pci3 dev 0 function 0 Intel PRO/1000MT (82573L) rev 0x00: msi, 
address 00:25:90:25:44:d9

uhci3 at pci0 dev 29 function 0 Intel 82801I USB rev 0x02: apic 2 int 23
uhci4 at pci0 dev 29 function 1 Intel 82801I USB rev 0x02: apic 2 int 22
uhci5 at pci0 dev 29 function 2 Intel 82801I USB rev 0x02: apic 2 int 18
ehci1 at pci0 dev 29 function 7 Intel 82801I USB rev 0x02: apic 2 int 23
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb3 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x92
pci4 at ppb3 bus 17
em2 at pci4 dev 2 function 0 Intel PRO/1000GT (82541GI) rev 0x05: apic 
2 int 20, address 00:1b:21:2d:38:c2

vga1 at pci4 dev 4 function 0 XGI Technology Volari Z9s/Z9m rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ichpcib0 at pci0 dev 31 function 0 Intel 82801IR LPC rev 0x02: PM disabled
ahci0 at pci0 dev 31 function 2 Intel 82801I AHCI rev 0x02: msi, AHCI 1.2
scsibus0 at ahci0: 32 targets
sd0 at scsibus0 targ 5 lun 0: ATA, ST9750420AS, 0001 SCSI3 0/direct 
fixed naa.5000c50029e59137

sd0: 715404MB, 512 bytes/sector, 1465149168 sectors
ichiic0 at pci0 dev 31 function 3 Intel 82801I SMBus rev 0x02: apic 2 
int 17

iic0 at ichiic0
lm1 at iic0 addr 0x2d: W83627HF
wbng0 at iic0 addr 0x2f: w83793g
spdmem0 at iic0 addr 0x50: 2GB DDR2 SDRAM ECC PC2-6400CL5
spdmem1 at iic0 addr 0x52: 2GB DDR2 SDRAM ECC PC2-6400CL5
Intel 82801I Thermal rev 0x02 at pci0 dev 31 function 6 not configured
usb2 at uhci0: USB revision 1.0
uhub2 at usb2 Intel UHCI root hub rev 1.00

Wifi: TL-WN821N could not read ROM / kernel page fault

[Bill Allaire]

 function 2 Intel SCH SD/MMC rev 0x07: apic 2 int 
18 (irq 3)

sdmmc2 at sdhc2
pcib0 at pci0 dev 31 function 0 Intel SCH LPC rev 0x07
pciide0 at pci0 dev 31 function 1 Intel SCH IDE rev 0x07: DMA, channel 
0 wired to compatibility

wd0 at pciide0 channel 0 drive 0: Hitachi HTS545016B9A300
wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: probed fifo depth: 15 bytes
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
mtrr: Pentium Pro MTRR support
scsibus0 at sdmmc1: 2 targets, initiator 0
sd0 at scsibus0 targ 1 lun 0: SD/MMC, Drive #01,  SCSI2 0/direct fixed
sd0: 1938MB, 512 bytes/sec, 3970048 sec total
athn0 at uhub0 port 1 ATHEROS UB95 rev 2.00/2.02 addr 2
run0 at uhub0 port 7 Ralink 802.11 n WLAN rev 2.00/1.01 addr 3
run0: MAC/BBP RT3070 (rev 0x0201), RF RT3020 (MIMO 1T1R), address 
00:0d:f0:8d:e9:2a
uhidev0 at uhub1 port 2 configuration 1 interface 0 LiteOn HP USB 
Multimedia Keyboard rev 1.10/1.22 addr 2

uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 modifier keys, 6 key codes
wskbd1 at ukbd0 mux 1
wskbd1: connecting to wsdisplay0
uhidev1 at uhub1 port 2 configuration 1 interface 1 LiteOn HP USB 
Multimedia Keyboard rev 1.10/1.22 addr 2

uhidev1: iclass 3/0, 3 report ids
uhid0 at uhidev1 reportid 1: input=1, output=0, feature=0
uhid1 at uhidev1 reportid 2: input=3, output=0, feature=0
uhid2 at uhidev1 reportid 3: input=3, output=0, feature=4
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
root on wd0a swap on wd0b dump on wd0b
athn0: bad ROM checksum 0x2c17
athn0: could not read ROM
athn0: could not attach chip


Regards,
Bill

Re: Wifi: TL-WN821N could not read ROM / kernel page fault

[Bill Allaire]

On 9/11/2011 2:37 PM, patrick keshishian wrote:

On Sun, Sep 11, 2011 at 10:10 AM, Bill Allaireopen...@bogoflop.com  wrote:

TP-Link (TLWN812N 300Mbps) USB device.  What I found really surprising was
that unplugging the device locked up the OS.

Due to message:
Sep  7 15:19:08 geeky /bsd: athn0 at uhub0
Sep  7 15:19:08 geeky /bsd:  port 1 ATHEROS UB95 rev 2.00/2.02 addr 3
Sep  7 15:19:08 geeky /bsd: athn0: failed loadfirmware of file
athn-ar7010-11 (error 2)
Sep  7 15:19:08 geeky /bsd: athn0: could not load firmware

I downloaded athn-firmware-1.1.tgz and extracted those files into
/etc/firmware.  That file contained:
firmware/athn-ar7010
firmware/athn-ar7010-11
firmware/athn-ar9271


That led to the following when plugged in:

Sep 11 10:30:05 geeky /bsd:  port 1 ATHEROS UB95 rev 2.00/2.02 addr 3
Sep 11 10:30:07 geeky /bsd: athn0: bad ROM checksum 0x2c17
Sep 11 10:30:07 geeky /bsd: athn0: could not read ROM
Sep 11 10:30:07 geeky /bsd: athn0: could not attach chip


When unplugged:

uvm_fault(0xd0a31aa0, 0x0, 0, 3) -  e
kernel: page fault trap, code=0
Stopped at   ieee80211_ifdetach+0x3e: movl %edx,0(%eax)
ddb{1}  (lost keyboard response at this point)

You in X-Windows, I assume.

No, console.  Usually a headless device running as a firewall.



I did try setting sysctl ddb.console=1 before unplugging the device again
but:
sysctl: ddb.console: Operation not permitted

You can't change that setting at run time. You need to set it in your
/etc/sysctl.conf file and reboot the system.


I'm not sure how else I can get a trace, ps, show registers, etc...

Try your experiment either from the console or set up a serial console
for the machine.


Made change to /etc/sysctl.conf and rebooted with wireless device 
connected.  When login prompt appeared I unplugged the device and 
nothing has changed.


I notice that once the lock up occurs, pressing the caps lock key no 
longer lights the indicator light on the keyboard.  There is a COM port 
on this computer but it has a USB interface...




--patrick

Re: Wifi: TL-WN821N could not read ROM / kernel page fault

[Bill Allaire]

On 9/11/2011 3:08 PM, roberth wrote:

On Sun, 11 Sep 2011 13:10:17 -0400
Bill Allaireopen...@bogoflop.com  wrote:


I downloaded athn-firmware-1.1.tgz and extracted those files into
/etc/firmware.

It's a package, like the manpage says, use pkg_add.
# pkg_add http://firmware.openbsd.org/firmware/athn-firmware-1.1.tgz

Maybe, but i doubt that this will resolve your problem.
I removed the firmware files and ran pkg_add with the URL you provided.  
No change with the problem I'm having.

Re: pf ftp-proxy forward AND reverse (Help?)

[Bill Allaire]

On 04/11/2011 06:31 PM, Steven R. Gerber wrote:

Hi folks.
I cannot get reverse? ftp to work from my wireless to my LAN.
I seem to have no trouble going from the LAN to the internet.
Any thoughts?




Thanks,
Steven
*
pf.conf:

# filter rules and anchor for ftp-proxy(8)
anchor ftp-proxy/*
pass in on $wireless_if inet proto tcp to ($wireless_if) port 21
pass out on $int_if inet proto tcp to $ftp_server port 21 user proxy

# Translate outgoing ftp control connections to send them to localhost
# for proxying with ftp-proxy(8) running on port 8021.
#rdr on $int_if proto tcp from any to any port 21 -  127.0.0.1 port 8021
anchor ftp-proxy/*
#pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021
pass in quick on $int_if proto tcp to port 21 rdr-to 127.0.0.1 port 8021
*


I have the outgoing ftp-proxy listening on the default port.  I have the 
incoming ftp-proxy listening on a different port.  I also have only one 
anchor for ftp-proxy.


anchor ftp-proxy/*
pass in on $office_network proto tcp to port ftp rdr-to 127.0.0.1 port 8021
pass in log on $external_interface proto tcp from any to 
$external_interface port ftp flags S/SAFR modulate state (max-src-conn 
15, max-src-conn-rate 5/3, overload hmmm flush global) rdr-to 
127.0.0.1 port 8031





$ cat /etc/rc.conf.local
ntpd_flags=-s # enabled during install
#
# set these to NO to turn them off.  otherwise, they're used as flags
#named_flags=-d 3 # for normal use: 
named_flags=  # for normal use: 
#dhcpd_flags= # for normal use: 
# ISC dhcpd will be invokd via rc.local!!!
#
# set the following to YES to turn them on
pf=YES  # Packet filter / NAT

ftpproxy_flags=   # for normal use: 
ftpproxy_flags2=-R xxx.xxx.iii.2 -p 21 -b xxx.xxx.www.1   # for
normal use: 
#
# miscellaneous other flags
# only used if the appropriate server is marked YES above
pflogd_flags=   # add more flags, ie. -s 256
*
rc.local:

# Start ftp-proxy #2
if [ X${ftpproxy_flags2} != XNO ]; then
 echo -n ' ftp-proxy';   /usr/sbin/ftp-proxy ${ftpproxy_flags2}
fi
*

Thanks Jacek Artymiak: Book PDF's

[Bill Dunshie]

A huge Thanks to Jacek Artymiak for the PDF's of Building Firewalls 
with OpenBSD and PF, 3rd ed. and  The OpenBSD Command-LineCompanion. 
The wait was worth it !!!

Re: Jacek Books

[Bill Dunshie]

By posting regarding this situation, possibly it will help others from 
being swindled. I paid for the Firewall Book, and as stated, did 
receive a few PDF's, but that's it, no paper copy. Going through PayPal 
is is waste of time, as their time limits have been exceeded many times 
over (my purchase was Feb 13, 2009) for filing a complaint, unless I'm 
mistaken.
When someone is ripping others off  left and right, who gives a hang 
about copyrights ? Were I not honest, I surely wouldn't; I'd get what I 
paid for any way I could. Alas, I guess I just lost out, as it's evident 
from the site that business is in full swing and payment is being
accepted by 2 methods. I guess I should have also noted that Artymiak 
was a Non-verified US vendor on PayPal.
Live and learn I guess, at times the very hard way. I really expected 
much more from Artymiak.


On 2/15/2010 2:31 PM, Corey wrote:

On 02/15/2010 01:33 PM, open...@e-solutions.re wrote:
Im agree with you Aaron, but i bought his books on 14 september 2009, 
and

an other book on 14 october 2009.
If you want i can send you my Paypal receipts to prove it. I never 
received

the books.
It is a swindle ! nothing else ... And why sell books when nobody to
occupies his website? Even if he is ill, it is not a reason (he has 
to stop

selling ebooks)
Thank's



Report him to PayPal.

Depending on the terms of his copyrights, it may not be legal for 
someone else to send you a copy of his works.  And if he is not 
responding to your personal emails, it is unlikely that posting on 
this list is going to help any further.

Re: Jacek books

[Bill Dunshie]

On 2/14/2010 12:26 PM, open...@e-solutions.re wrote:

Hello,

I bought the books from http://www.devguide.net :
OpenBSD Command-Line Companion and Building OpenBSD Firewalls with
OpenBSD 3th Ed in PDF and Printed version (since september 2009)
Is there someone that will have a copy of these books in pdf format ?
I received NOTHING

Thank you very much.
   


I did the exact same thing, and I did receive 'snippets' of chapters in 
PDF format over a period of time, which I've compiled into one printed 
booklet, but I'd like to receive the book as a whole as was originally 
stated.

I did use Pay Pal, so I do have a valid copy of my payment, shown below.
I'm hardly sweating it though, as I've always known Jacek Artymiak to
be a man of his word and an exceptional talent that I feel we're
very fortunate to have as a developer.
Please just give it some time. I've found it's always better to look very
closely and very long before leaping to any conclusions.

Regards,
WED
==
Business Name: devGuide.net  (The recipient of this payment is Non-U.S. 
- Verified)

Email: sa...@devguide.net
Payment Sent to: ja...@devguide.net
Total Amount: -b,47.00 EUR
Fee amount: b,0.00 EUR
Net amount:  -b,47.00 EUR (equals -$62.21 USD)
Conversion from: -$62.21 USD
Conversion to: b,47.00 EUR
Exchange rate: 1 U.S. Dollar = 0.755505 Euros
Item Amount: b,47.00 EUR
Shipping: b,0.00 EUR
Handling: b,0.00 EUR
Quantity: 1
Item Title:OpenBSD Command-Line Companion Editions: PDF + Paper
Item Number: 0008
Date: Feb 13, 2009
Time: 16:33:55 CST
Status: Completed

Re: [Soekris] Soekris net5501 OpenBSD 4.5 Booting Problem

[Bill Maas]

Hi Ken,

On Fri, 2009-07-17 at 09:09 -0400, Hendrickson, Kenneth wrote:
   *0: A6  0   1   1 -131 127  63 [  63: 2112516 ] 
   OpenBSD 
1: DA131 128   1 -262 254  63 [ 2112579: 2112516 ] 
   Unknown ID
2: DA263   0   1 -   6211 254  63 [ 4225095:95570685 ] 
   Unknown ID
3: DA   6212   0   1 -  12160 254  63 [99795780:95570685 ] 
   Unknown ID
  
  Just follow the instructions in the OpenBSD installer, offered by
  default. When it prompts you 'Do you want to use all of wd0 for OpenBSD',
  just say yes, it will run fdisk -i
  
  It will make partition 3 the default active bootable one
 
 But I *never* want to use the entire disk for OpenBSD.  I have a system for
 quick recovery in case of a disaster.  I only use half of the disk.  When I
 install a new version of OpenBSD, I use the other half of the disk.  That way,
 if a disaster happens, I can quickly boot, run fdisk -- changing the bootable
 partition, and then reboot into my previous system.
 
 In the above fdisk output, partitions 0 and 2 are my current system, while
 partitions 1 and 3 are my last and next systems.  After I install a new system
 onto partitions 1 and 3, partitions 0 and 2 will become my last and next
 systems.
 
 (Using 2 partitions like this is a holdover from the days when the bootable
 partition had to be in the first few cylinders of the drive.)

From Absolute OpenBSD - UNIX for the practical paranoid by Michael Lucas
I've learned that:

OpenBSD partitions need to go within a single MBR partition. Dedicate a
single MBR partition ... There can only be one OpenBSD MBR partition per
hard disk.

I can't make much sense of what you describe here, but to me it looks
like it suggests that you're using a single disklabel which spans more
than one MBR partition. Or even moving around the disklabel at will. If
so, would you be willing to publish something like a howto on this
subject?. Or else tell us where to find one? I know about multiple
OpenBSD installations inside a single set of subpartitions, but that's
still a single MBR partition. No fdisk or disklabel involved after
initial setup, but probably more vulnerable than what you describe here.

Bill 

 I'm surprised more people don't do this.  It provides for very quick and easy
 recovery in the case of a disaster.  (I've only ever had such a disaster once;
 I've been using OpenBSD since late 1996.)
 
 The other advantage of this system is that it provides an easy means for
 seeing how I did things previously.  I can quickly run disklabel, use an
 empty slice to point to one of my old slices, and then mount it.  After I'm
 done I can run disklabel again and put it back.
 
 So I never want to use the entire disk for OpenBSD.  Therefore, I will need
 to remember to escape to a shell and run fdisk -u when installing to a
 virgin disk.
 
 It would be nice if the OpenBSD install procedure checked for the lack of
 a valid MBR, and installed one automatically (after asking); that would
 save some people from experiencing the problem I experienced.
 
 Ken Hendrickson
 ___
 Soekris-tech mailing list
 soekris-t...@lists.soekris.com
 http://lists.soekris.com/mailman/listinfo/soekris-tech

snapshot - ports - gnome

[Bill Maas]

Hi,

Got this while trying to compile GNOME from ports on 6/16 snapshot
(packages were broken):

===  Extracting for gst-plugins-good-0.10.8
cp
-R /usr/ports/multimedia/gstreamer-0.10/plugins-good/files 
/usr/ports/obj/gst-plugins-good-0.10.8/gst-plugins-good-0.10.8/ext/libsndio
ln: /usr/ports/obj/gst-plugins-good-0.10.8/bin/gconftool-2: File exists
*** Error code 1

Stop in /usr/ports/multimedia/gstreamer-0.10/plugins-good (line 2087
of /usr/ports/infrastructure/mk/bsd.port.mk).


Is there some quick fix for this? Or is it already fixed? Am I supposed
to send messages like this to misc or should they go to ports?

Thanks,


Bill

Re: Ext2/3 mount trouble

[Bill Maas]

Hi Donald,

I'm slowly starting to get the whole picture here.. I'll start with
updating my in-memory copy of the FAQ.

Thanks,

Bill

On Wed, 2009-06-10 at 09:13 -0400, Donald Allen wrote:
 
 
 On Wed, Jun 10, 2009 at 10:37 AM, Bill Maas b...@stsx.org wrote:
 Hi Donald,
 
 On Wed, 2009-06-10 at 06:33 -0400, Donald Allen wrote:
 [...]
 
  I had nothing to do with writing the documentation and so
 have no ax
  to grind, but FAQ items 8.21 and 14.16 look pretty explicit
 to me.
 
 [...]
 
 8.21: OpenBSD does support journaling fses (ext3 at least), it
 just
 doesn't support fs journaling.
 
 Maybe 14.16 could do with an addition like this one (or maybe
 not
 because it's too specific):
 
 'Ext3 partitions are mounted as ext2, i.e. no journaling is
 done. In
 fact, none of the OpenBSD's filesystem tools pay any attention
 to an
 existing journal. For that reason, an attempt to have an ext3
 partition
 mounted read-write at boot time through /etc/fstab will cause
 a
 filesystem not clean error. This can be circumvented by
 having the
 device mounted read-only at boot time, and remounting it
 read-write
 manually afterwards.'
 
 I agree that it's all a bit nitpickerish (if that's an English
 word),
 
 It is now 
 
 
 but the fact that ext3 fses mount without trouble can be
 confusing.
 
 But you must have fibbed to mount about the fs type and mounted it -t
 ext2fs, which is not true. ext2 being a proper subset of ext3, I'm not
 surprised that the system didn't say anything.
 
 I cited 14.16 because it says ext2 is supported and does not mention
 ext3. If ext3 were supported, I'm quite confident the FAQ would have
 said so. Given that, I personally would not have considered mounting
 an ext3 filesystem writeable with OpenBSD, for fear of getting the
 ext2 part of the filesystem out of whack with the journal. In other
 words, I think what you are trying to do may well be hazardous to the
 health of your ext3 filesystem. Given my conservative bent in my old
 age (having spent many, many years finding strange and wonderful ways
 to get computers in undesirable states and watching others do the
 same), if I really needed to mount that fs writeable with OpenBSD for
 some reason, I'd boot a Linux rescue cd first and convert the fs to
 ext2. My $.02.
 
 /Don
 
 
 
 
 Bill

Re: Ext2/3 mount trouble

[Bill Maas]

Hi Ted,

On Tue, 2009-06-09 at 13:01 -0400, Ted Unangst wrote:
 On Tue, Jun 9, 2009 at 2:03 PM, Bill Maas b...@stsx.org wrote:
  I posted a message earlier about a kernel panic occurring when I
  accessed a file on some of my ext3 fses. I've also been having trouble
  with r/w extfs entries in fstab. At boot time I'm dropped to a shell
  because fsck thinks the fs is unclean, even when the other side says
  it's clean.
 
 ext3 is marked dirty because the journal hasn't been played back.  You
 have to convert it to ext2 in linux before mounting in openbsd.
 

That makes sense, I guess. And it does keep the unclean fs messages away
- not the bad ref count panic however. The docs could be a bit more
explicit about the lack of support for ext3 journaling.

And in reply to the various why would you want to do that?'s I
encountered while searching for the issue: very witty, but ext2 happens
to be a widely supported fs, which makes it a good candidate for shared
data on multiboot systems (FAT16/32? - can't be serious...!). Moreover,
so far OpenBSD has proven to have excellent support for ext2, apart from
that single issue. FFS support from Linux on the other hand, is C.R.A.P.

Thanks,

Bill

Evolution hangs

[Bill Maas]

Hi,

it's Evolution once again: hangs for no apparent reason while I'm typing
a message (the one previously posted, in fact;). Hope that this will be
of any use, grabbed while Evolution was hanging:

exo...@borealis:~$ kdump -p 20329  
 20329 evolution EMUL  native
 20329 evolution RET   poll 0
 20329 evolution CALL  gettimeofday(0x6859d058,0)
 20329 evolution RET   gettimeofday 0
 20329 evolution CALL  poll(0x52cca000,0xb,0x28)
 20329 evolution RET   poll 0
 20329 evolution CALL  gettimeofday(0x6859d058,0)
 20329 evolution RET   gettimeofday 0
 20329 evolution CALL  clock_gettime(0,0x51f97fa8)
 20329 evolution RET   clock_gettime 0
 20329 evolution CALL  poll(0x52cca000,0xa,0)
 20329 evolution RET   poll 0
 20329 evolution CALL  poll(0x52cca000,0xb,0x2710)

Bill

Re: Evolution hangs

[Bill Maas]

Hi Antoine,

On Wed, 2009-06-10 at 11:47 +0200, Antoine Jacoutot wrote:
 On Wed, 10 Jun 2009, Bill Maas wrote:
 
  Hi,
  
  it's Evolution once again: hangs for no apparent reason while I'm typing
  a message (the one previously posted, in fact;). Hope that this will be
  of any use, grabbed while Evolution was hanging:
 
 Are you using current or 4.5?
 

4.5, without a single patch applied, I'm ashamed to admit (I'm still in
transition, desktop-wise). The only relevant patch could be the i386/DMA
one, but I doubt that that's the cause. Evolution has seen a bumpy early
life on other OSes as well, but you're no doubt aware of that.

Bill

Re: Ext2/3 mount trouble

[Bill Maas]

Hi Donald,

On Wed, 2009-06-10 at 06:33 -0400, Donald Allen wrote:
[...]

 I had nothing to do with writing the documentation and so have no ax
 to grind, but FAQ items 8.21 and 14.16 look pretty explicit to me.
[...]

8.21: OpenBSD does support journaling fses (ext3 at least), it just
doesn't support fs journaling.

Maybe 14.16 could do with an addition like this one (or maybe not
because it's too specific):

'Ext3 partitions are mounted as ext2, i.e. no journaling is done. In
fact, none of the OpenBSD's filesystem tools pay any attention to an
existing journal. For that reason, an attempt to have an ext3 partition
mounted read-write at boot time through /etc/fstab will cause a
filesystem not clean error. This can be circumvented by having the
device mounted read-only at boot time, and remounting it read-write
manually afterwards.'

I agree that it's all a bit nitpickerish (if that's an English word),
but the fact that ext3 fses mount without trouble can be confusing.

Bill

Re: Separate desktop list?

[Bill Maas]

Hi Antoine,

On Mon, 2009-06-08 at 21:39 +0200, Antoine Jacoutot wrote:
 On Mon, 8 Jun 2009, Bill Maas wrote:
  - evolution is incredibly slow at startup
 
 Known issue. Probably threads related, but it is just a wild guess. I 
 had no time to look into the issue for real yet.
 
  - deleting a message before it is fully loaded will cause evolution to
crash
 
 Interesting, I'll try to reproduce that one.

Same with pressing a folder button before the program itself is fully
loaded. This occurred yesterday, after I posted this message, as if in
protest. Loaded seems to be an issue with Evolution. 

[...]

  Also, copying from a vi(m) screen in an xterm window doesn't seem to
  work (haven't made any attempt to sort that out yet).
 
 xterm != GNOME, so I'll leave that one to others ;)

Excuse me, I was using the expression xterm in a generic manner. It's
acutally a GNOME terminal.

Thanks for patience and attention anyway,

Bill

Ext2/3 mount trouble

[Bill Maas]

Hi,

I posted a message earlier about a kernel panic occurring when I
accessed a file on some of my ext3 fses. I've also been having trouble
with r/w extfs entries in fstab. At boot time I'm dropped to a shell
because fsck thinks the fs is unclean, even when the other side says
it's clean.

There is a simple workaround: declare all ext2fs mounts ro
in /etc/fstab, and remount these r/w after boot. This hasn't given me a
single problem so far (except that it's a bit inconvenient).

Bill

dmesg:
OpenBSD 4.5 (GENERIC) #1749: Sat Feb 28 14:51:18 MST 2009
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz (GenuineIntel
686-class) 2.53 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,CX16,xTPR
real mem  = 3214176256 (3065MB)
avail mem = 3114315776 (2970MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 09/24/08, BIOS32 rev. 0 @ 0xfdc80,
SMBIOS rev. 2.4 @ 0xe0010 (74 entries)
bios0: vendor LENOVO version 6FET46WW (1.16 ) date 09/24/2008
bios0: LENOVO 4058CTO
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET SLIC BOOT ASF! SSDT
SSDT SSDT SSDT
acpi0: wakeup devices LID_(S3) SLPB(S3) UART(S3) IGBE(S4) EXP0(S4)
EXP1(S4) EXP2(S4) EXP3(S4) EXP4(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3)
USB3(S3) USB4(S3) USB5(S3) EHC0(S3) EHC1(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 265MHz
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 2, remapped to apid 1
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (AGP_)
acpiprt2 at acpi0: bus 2 (EXP0)
acpiprt3 at acpi0: bus 3 (EXP1)
acpiprt4 at acpi0: bus -1 (EXP2)
acpiprt5 at acpi0: bus 5 (EXP3)
acpiprt6 at acpi0: bus 13 (EXP4)
acpiprt7 at acpi0: bus 21 (PCI1)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C2
acpitz0 at acpi0: critical temperature 127 degC
acpitz1 at acpi0: critical temperature 100 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpibat0 at acpi0: BAT0 model 92P1133 serial   199 type LION oem
Panasonic
acpibat1 at acpi0: BAT1 not present
acpiac0 at acpi0: AC unit online
acpithinkpad0 at acpi0
acpidock at acpi0 not configured
acpivideo at acpi0 not configured
acpivideo at acpi0 not configured
bios0: ROM list: 0xc/0xfc00 0xd/0x1000 0xd1000/0x1000
0xd2000/0x1000 0xde000/0x1800! 0xe/0x1
cpu0: unknown Enhanced SpeedStep CPU, msr 0x0617492506004925
cpu0: using only highest and lowest power states
cpu0: Enhanced SpeedStep 19467 MHz (1292 mV): speeds: 19467, 1600 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel GM45 Host rev 0x07
ppb0 at pci0 dev 1 function 0 Intel GM45 PCIE rev 0x07: apic 1 int 16
(irq 11)
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 ATI Mobility Radeon HD 3650 rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
Intel GM45 HECI rev 0x07 at pci0 dev 3 function 0 not configured
em0 at pci0 dev 25 function 0 Intel ICH9 IGP M AMT rev 0x03: apic 1
int 20 (irq 11), address 00:1c:25:97:34:61
uhci0 at pci0 dev 26 function 0 Intel 82801I USB rev 0x03: apic 1 int
20 (irq 11)
uhci1 at pci0 dev 26 function 1 Intel 82801I USB rev 0x03: apic 1 int
21 (irq 11)
uhci2 at pci0 dev 26 function 2 Intel 82801I USB rev 0x03: apic 1 int
22 (irq 11)
ehci0 at pci0 dev 26 function 7 Intel 82801I USB rev 0x03: apic 1 int
23 (irq 11)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 Intel 82801I HD Audio rev 0x03: apic
1 int 17 (irq 11)
azalia0: RIRB time out
azalia0: codecs: Conexant CX20561, Conexant/0x2c06, using Conexant
CX20561
audio0 at azalia0
ppb1 at pci0 dev 28 function 0 Intel 82801I PCIE rev 0x03: apic 1 int
20 (irq 11)
pci2 at ppb1 bus 2
ppb2 at pci0 dev 28 function 1 Intel 82801I PCIE rev 0x03: apic 1 int
21 (irq 11)
pci3 at ppb2 bus 3
iwn0 at pci3 dev 0 function 0 Intel WiFi Link 5300AGN rev 0x00: apic 1
int 17 (irq 11), MIMO 3T3R, MoW, address 00:16:ea:a3:00:2c
ppb3 at pci0 dev 28 function 3 Intel 82801I PCIE rev 0x03: apic 1 int
23 (irq 11)
pci4 at ppb3 bus 5
ppb4 at pci0 dev 28 function 4 Intel 82801I PCIE rev 0x03: apic 1 int
20 (irq 11)
pci5 at ppb4 bus 13
uhci3 at pci0 dev 29 function 0 Intel 82801I USB rev 0x03: apic 1 int
16 (irq 11)
uhci4 at pci0 dev 29 function 1 Intel 82801I USB rev 0x03: apic 1 int
17 (irq 11)
uhci5 at pci0 dev 29 function 2 Intel 82801I USB rev 0x03: apic 1 int
18 (irq 11)
ehci1 at pci0 dev 29 function 7 Intel 82801I USB rev 0x03: apic 1 int
19 (irq 11)
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb5 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev

Ext2/3 mount trouble - follow-up

[Bill Maas]

Hi,

I figured I might as well add some disk details to my previous
message (Ext2/3 mount trouble), so here's the whole story.


r...@happyflowers:~# cat /etc/fstab 

/dev/sd0a / ffs rw 1 1
/dev/sd0g /home ffs rw,nodev,nosuid 1 2
/dev/sd0f /tmp ffs rw,nodev,nosuid 1 2
/dev/sd0d /usr ffs rw,nodev 1 2
/dev/sd0e /var ffs rw,nodev,nosuid 1 2
/dev/sd0l /mnt/export ext2fs ro,nodev,nosuid 1 2
/dev/sd0m /mnt/home ext2fs ro,nodev,nosuid 1 2
#/dev/sd0n /mnt/ubu ext2fs ro,nodev,nosuid,noauto 1 2
#/dev/sd0o /mnt/misc ext2fs ro,nodev,nosuid,noauto 1 2
#/dev/sd0p /mnt/backup ext2fs ro,nodev,nosuid,noauto 1 2
/dev/cd0a /mnt/cdrom cd9660 noauto,ro 0 0


Devices sd0l and sd0m give no trouble as long as I don't try to
have them mounted r/w at boot. Accessing a file (in the broad
sense) on any of the other ext2 partitions causes the system
to panic.


r...@happyflowers:~# disklabel sd0 
# Inside MBR partition 2: type A6 start 58605120 size 19535040
# /dev/rsd0c:
type: SCSI
disk: SCSI disk
label: ST9320421AS 
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 38913
total sectors: 625142448
rpm: 3600
interleave: 1
trackskew: 0
cylinderskew: 0
headswitch: 0   # microseconds
track-to-track seek: 0  # microseconds
drivedata: 0 

16 partitions:
#size   offset  fstype [fsize bsize  cpg]
  a:  1028160 59633280  4.2BSD   2048 163841 
  b:  1028160 58605120swap   
  c:6251424480  unused   
  d: 12594960 60661440  4.2BSD   2048 163841 
  e:  2104515 73256400  4.2BSD   2048 163841 
  f:  2104515 75360915  4.2BSD   2048 163841 
  g:   674730 77465430  4.2BSD   2048 163841 
  i: 58605057   63NTFS   
  j: 11430720613705680 unknown   
  k:  7807527 78140223 unknown   
  l: 19534977 85947813  ext2fs   
  m: 19534977105482853  ext2fs   
  n: 19534977125017893  ext2fs   
  o: 19534977144552933  ext2fs   
  p: 19534977164087973  ext2fs   


The reason why I use those ext3 partitions will be clear: shared
bulk data - can't reach my music  videos from OpenBSD right now:-(.


r...@happyflowers:~# fdisk sd0 
Disk: sd0   geometry: 41345/240/63 [625142448 Sectors]
Offset: 0   Signature: 0xAA55
Starting Ending LBA Info:
 #: id  C   H   S -  C   H   S [   start:size ]
---
*0: 07  0   1   1 -   3875 239  63 [  63:58605057 ] HPFS/QNX/AUX
 1: 12  40589   0   1 -  41344 239  63 [   613705680:11430720 ] Compaq Diag.
 2: A6   3876   0   1 -   5167 239  63 [58605120:19535040 ] OpenBSD 
 3: 05   5168   0   1 -  40588 239  63 [78140160:   535565520 ] Extended DOS
Offset: 78140160Signature: 0xAA55
Starting Ending LBA Info:
 #: id  C   H   S -  C   H   S [   start:size ]
---
 0: 82   5168   1   1 -   5684  89  63 [78140223: 7807527 ] Linux swap  
 1: 05   5684  90   1 -   6976  89  63 [85947750:19535040 ] Extended DOS
 2: 00  0   0   0 -  0   0   0 [   0:   0 ] unused  
 3: 00  0   0   0 -  0   0   0 [   0:   0 ] unused  
Offset: 85947750Signature: 0xAA55
Starting Ending LBA Info:
 #: id  C   H   S -  C   H   S [   start:size ]
---
 0: 83   5684  91   1 -   6976  89  63 [85947813:19534977 ] Linux files*
 1: 05   6976  90   1 -   8268  89  63 [   105482790:19535040 ] Extended DOS
 2: 00  0   0   0 -  0   0   0 [   0:   0 ] unused  
 3: 00  0   0   0 -  0   0   0 [   0:   0 ] unused  
Offset: 105482790   Signature: 0xAA55
Starting Ending LBA Info:
 #: id  C   H   S -  C   H   S [   start:size ]
---
 0: 83   6976  91   1 -   8268  89  63 [   105482853:19534977 ] Linux files*
 1: 05   8268  90   1 -   9560  89  63 [   125017830:19535040 ] Extended DOS
 2: 00  0   0   0 -  0   0   0 [   0:   0 ] unused  
 3: 00  0   0   0 -  0   0   0 [   0:   0 ] unused  
Offset: 125017830   Signature: 0xAA55

Re: Separate desktop list?

[Bill Maas]

Hi Antoine,

On Mon, 2009-06-08 at 11:50 +0200, Antoine Jacoutot wrote:
 On Mon, 8 Jun 2009, Bill Maas wrote:
 
  [owner-misc: wrong address - sorry - resend]
  
  Hi,
  
  is there a separate channel for desktop bugs/discussions [planned]? I'm
  running into GNOME bugs from time to time which are hardly worth
 
 $ pkg_info gnome-session |grep Maintainer

I was hinting at a somewhat _broader_ medium;)

Bill

Re: Separate desktop list?

[Bill Maas]

On Mon, 2009-06-08 at 12:21 +0200, Antoine Jacoutot wrote: 
 On Mon, 8 Jun 2009, Bill Maas wrote:
 
  Hi Antoine,
  
  On Mon, 2009-06-08 at 11:50 +0200, Antoine Jacoutot wrote:
   On Mon, 8 Jun 2009, Bill Maas wrote:
   
[owner-misc: wrong address - sorry - resend]

Hi,

is there a separate channel for desktop bugs/discussions [planned]? I'm
running into GNOME bugs from time to time which are hardly worth
   
   $ pkg_info gnome-session |grep Maintainer
  
  I was hinting at a somewhat _broader_ medium;)
 
 Oh. Well then you could try ports@ but there is nothing desktop 
 specific. I'd like to know about these gnome bugs though ;)

(By heart):

- evolution is incredibly slow at startup
- deleting a message before it is fully loaded will cause evolution to
  crash
- PrtScr doesn't work, even though it's registered with the Gnome
  shortcuts

Granted, only the last one is a potential GNOME bug, but they're
definitely all desktop. These occur on _my_ machine, I don't know if
these quirks are universal and reproducible, hence the need for
discussion before firing bug reports at maintainers. I've been reluctant
to post a message each time I encounter an issue like these, because I
know (and strongly agree) that desktop isn't OpenBSD's core business.
I'll file a bug report for the evolution crashes, that's definitely a
bug. Having separate support channels for server and desktop is
quite commonplace, and usually serves to keep the server channel more
interesting and on-topic;).

About the 3d bug: I'm not a GNOME expert, so maybe I'm overlooking
something, but I tried using xmodmap both ways..:

xmodmap -e 'keycode 111 = Print'
xmodmap -e 'keysym Print = Print'

.. and Take a screenshot is set to Print in the Keyboard shortcuts
window. 'gnome-screenshot' works well, both from the commandline and
from the launcher, but it's not much use for taking fullscreen shots.
Even if the feature is deliberately disabled, the Keyboard shortcuts
menu make a false suggestion. 

Also, copying from a vi(m) screen in an xterm window doesn't seem to
work (haven't made any attempt to sort that out yet).

That's all, for now;) 

Bill

dmesg:
OpenBSD 4.5 (GENERIC) #1749: Sat Feb 28 14:51:18 MST 2009
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz (GenuineIntel
686-class) 2.53 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,CX16,xTPR
real mem  = 3214176256 (3065MB)
avail mem = 3114315776 (2970MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 09/24/08, BIOS32 rev. 0 @ 0xfdc80,
SMBIOS rev. 2.4 @ 0xe0010 (74 entries)
bios0: vendor LENOVO version 6FET46WW (1.16 ) date 09/24/2008
bios0: LENOVO 4058CTO
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET SLIC BOOT ASF! SSDT
SSDT SSDT SSDT
acpi0: wakeup devices LID_(S3) SLPB(S3) UART(S3) IGBE(S4) EXP0(S4)
EXP1(S4) EXP2(S4) EXP3(S4) EXP4(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3)
USB3(S3) USB4(S3) USB5(S3) EHC0(S3) EHC1(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 266MHz
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 2, remapped to apid 1
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (AGP_)
acpiprt2 at acpi0: bus 2 (EXP0)
acpiprt3 at acpi0: bus 3 (EXP1)
acpiprt4 at acpi0: bus -1 (EXP2)
acpiprt5 at acpi0: bus 5 (EXP3)
acpiprt6 at acpi0: bus 13 (EXP4)
acpiprt7 at acpi0: bus 21 (PCI1)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C2
acpitz0 at acpi0: critical temperature 127 degC
acpitz1 at acpi0: critical temperature 100 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpibat0 at acpi0: BAT0 model 92P1133 serial   199 type LION oem
Panasonic
acpibat1 at acpi0: BAT1 not present
acpiac0 at acpi0: AC unit online
acpithinkpad0 at acpi0
acpidock at acpi0 not configured
acpivideo at acpi0 not configured
acpivideo at acpi0 not configured
bios0: ROM list: 0xc/0xfc00 0xd/0x1000 0xd1000/0x1000
0xd2000/0x1000 0xde000/0x1800! 0xe/0x1
cpu0: unknown Enhanced SpeedStep CPU, msr 0x0617492506004925
cpu0: using only highest and lowest power states
cpu0: Enhanced SpeedStep 19467 MHz (1292 mV): speeds: 19467, 1600 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel GM45 Host rev 0x07
ppb0 at pci0 dev 1 function 0 Intel GM45 PCIE rev 0x07: apic 1 int 16
(irq 11)
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 ATI Mobility Radeon HD 3650 rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
Intel GM45 HECI rev 0x07 at pci0 dev 3 function 0 not configured
em0 at pci0 dev 25 function 0 Intel ICH9 IGP M AMT rev 0x03: apic

Kernel panic while accessing ext3 partition

[Bill Maas]

Hi,

I got a bad ref count panic message while trying to access a directory
on a 45 GB ext3 partition. Below is what I managed to salvage. Any
workarounds for this? Anyway, got GNOME on OpenBSD up and running, made
very easy, great!

Bill

---
b5 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0x93
pci6 at ppb5 bus 21
cbb0 at pci6 dev 0 function 0 Ricoh 5C476 CardBus rev 0xba: apic 1 int
16 (irq 11)
Ricoh 5C832 Firewire rev 0x04 at pci6 dev 0 function 1 not configured
sdhc0 at pci6 dev 0 function 2 Ricoh 5C822 SD/MMC rev 0x21: apic 1 int
18 (irq 11)
sdmmc0 at sdhc0
Ricoh 5C843 MMC rev 0x11 at pci6 dev 0 function 3 not configured
Ricoh 5C592 Memory Stick rev 0x11 at pci6 dev 0 function 4 not
configured
Ricoh 5C852 xD rev 0x11 at pci6 dev 0 function 5 not configured
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 22 device 0 cacheline 0x0, lattimer 0xb0
pcmcia0 at cardslot0
pcib0 at pci0 dev 31 function 0 Intel 82801IEM LPC rev 0x03
ahci0 at pci0 dev 31 function 2 Intel 82801I AHCI rev 0x03: apic 1 int
16 (irq 11), AHCI 1.2
scsibus0 at ahci0: 32 targets
sd0 at scsibus0 targ 0 lun 0: ATA, ST9320421AS, SD13 SCSI3 0/direct
fixed
sd0: 305245MB, 512 bytes/sec, 625142448 sec total
cd0 at scsibus0 targ 1 lun 0: MATSHITA, DVD-RAM UJ862A, SB04 ATAPI
5/cdrom removable
ichiic0 at pci0 dev 31 function 3 Intel 82801I SMBus rev 0x03: apic 1
int 23 (irq 11)
iic0 at ichiic0
usb2 at uhci0: USB revision 1.0
uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1
usb3 at uhci1: USB revision 1.0
uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1
usb4 at uhci2: USB revision 1.0
uhub4 at usb4 Intel UHCI root hub rev 1.00/1.00 addr 1
usb5 at uhci3: USB revision 1.0
uhub5 at usb5 Intel UHCI root hub rev 1.00/1.00 addr 1
usb6 at uhci4: USB revision 1.0
uhub6 at usb6 Intel UHCI root hub rev 1.00/1.00 addr 1
usb7 at uhci5: USB revision 1.0
uhub7 at usb7 Intel UHCI root hub rev 1.00/1.00 addr 1
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
aps0 at isa0 port 0x1600/31
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
mtrr: Pentium Pro MTRR support
uvideo0 at uhub0 port 6 configuration 1 interface 0 Chicony Electronics
Co., Ltd. product 0x4807 rev 2.00/31.34 addr 2
video0 at uvideo0
ubt0 at uhub3 port 2 Lenovo Computer Corp ThinkPad Bluetooth with
Enhanced Data Rate II rev 2.00/3.52 addr 2
ugen0 at uhub7 port 2 Lenovo Integrated Smart Card Reader rev
2.00/1.00 addr 2
softraid0 at root
root on sd0a swap on sd0b dump on sd0b
WARNING: / was not properly unmounted
vrele: bad ref count: 0xd99ad788, type VBLK, use 0, write 0, hold 6,
flags (VBIOONFREELIST)
tag VT_UFS, ino 1188, on dev 4, 0 flags 0x0, effnlink 1, nlink 1
mode 060640, owner 0, group 5, size 0 not locked
panic: vrele: ref cnt
Stopped at  Debugger+0x4:   leave   
RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS
PANIC!
DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION!
ddb ddb Debugger(0,d991e550,df754ae0,d99ad788,d99b8008) at Debugger
+0x4
panic(d06f545f,d99ad788,0,d991e550,d99532e0) at panic+0x55
vrele(d99ad788,6,0,d0381e08) at vrele+0xa2
ext2fs_reclaim(df754b18,d08106a8,0,d991e550,d07a95e4) at ext2fs_reclaim
+0x89
VOP_RECLAIM(d991e550,d99b8008,d99b8008,0) at VOP_RECLAIM+0x28
vclean(d991e550,8,d99b8008,0,d3b36c00) at vclean+0x76
vgonel(d991e550,d99b8008,0,d99b8008,d94a6130) at vgonel+0x3e
vrecycle(d991e550,d99b8008,d99b8008,18f3) at vrecycle+0x20
ext2fs_inactive(df754c08,1780,df754c30,d037b6fd,d07a95d8) at
ext2fs_inactive+0xdc
VOP_INACTIVE(d991e550,d99b8008,df754c80,d0458b27,16) at VOP_INACTIVE
+0x28
vput(d991e550,df754c6c,d3b4b400,df754c70,1780) at vput+0x36
ext2fs_vget(d3e0d800,178001,df754d28,178001) at ext2fs_vget+0x167
ext2fs_lookup(df754d58,d99b8008,df754d70,d0380823,d07a94b8) at
ext2fs_lookup+0x62e
VOP_LOOKUP(d995af28,df754e58,df754e6c,20) at VOP_LOOKUP+0x2e
lookup(df754e48,d9814c00,400,df754e60) at lookup+0x1d0
namei(df754e48,20042,0,0) at namei+0x18c
sys_lstat(d99b8008,df754f68,df754f58,cfbc2810,d99b8008) at sys_lstat
+0x4a
syscall() at syscall+0x24e
--- syscall (number 293) ---
0x1c023f35:
ddbPID   PPID   PGRPUID  S   FLAGS  WAIT
COMMAND 
  9152  1  24654   1000  3  0x4080  poll
notification-are
 19989  1  24654   1000  3  0x4080  poll
clock-applet
 32558  1  24654   1000  3  0x4080  poll
mixer_applet2   
 30896  1  11290   1000  3  0x4080  poll
gvfsd-trash 
 19245  1  19245   1000  30x80  poll
gnome-screensave
 17846  1  24654   1000  3  0x4080  poll
wnck-applet 
 16498  1  11290   1000  3

Re: No OpenBSD for Lenovo Thinkpad w500 4058CTO

[Bill Maas]

Hi Nick,

On Tue, 2009-05-05 at 09:48 -0400, Nick Guenther wrote:
 Your disks aren't showing up in dmesg. Try tweaking your BIOS
 settings--i know that I had to change from IDE emulation to AHCI when
 I upgraded to 4.5.

That did the trick. Thanks. I'm hoping to replace my current GNOME
desktop with an OpenBSD-based one, so I can keep more in touch with this
excellent little system;).

Bill

 On 05/05/2009, Bill Maas b...@stsx.org wrote:
  Hi,
 
  First, and just for the record: while trying to set up an FTP server on
  OpenBSD 4.2 I got this error message while trying to connect by any
  other address than 'localhost':
 
  421 Service not available, remote server has closed connection.
 
  Reason, it turned out: a missing entry in /etc/hosts.allow. I had a hard
  time finding anything relevant out there, so now at least the relation
  between the error message and the missing entry is documented.
 
 
  The reason I needed an FTP server is that I'm trying to install OpenBSD
  4.5 on a Lenovo Thinkpad W500 model 4058-CTO, with no success. With obsd
  4.4 it never got past hardware initialization, with 4.5 at least I get
  the installer menu, but no for long:
 
  [...]
  Proceed with install? [n] y
  [...]
 
  No disks found
  #
 
  And no, I don't expect developers to _scramble to their laptops_ just
  because I as an OpenBSD user am _entitled to have this fixed ASAP_ and
  stuff like that. I was at least happy to see that the Fathers of OpenBSD
  in their infinite wisdom decided to use plain ftp for downloading
  packages, and not some custom-built single-purpose
  binary-installer-builtin, so I could at least get a dmesg off the box (I
  didn't manage to get a screen capture over USB).
 
  The output from the 'dmesg' command run from the shell commandline is
  listed below. I'm only an index list member, but feel free to contact
  me offlist if you need more info. I'll be happy to help testing any
  updates. And I'll be following any replies through the archives of
  course.
 
  An otherwise very happy OpenBSD user,
 
 
  Bill
 
 
  dmesg:
  --
  OpenBSD 4.5 (RAMDISK_CD) #1112: Sat Feb 28 15:06:26 MST 2009
  dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/RAMDISK_CD
  cpu0: Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz (GenuineIntel
  686-class) 2.53 GHz
  cpu0:
  FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,CX16,xTPR
  real mem  = 3214176256 (3065MB)
  avail mem = 3115958272 (2971MB)
  mainbus0 at root
  bios0 at mainbus0: AT/286+ BIOS, date 09/24/08, BIOS32 rev. 0 @ 0xfdc80,
  SMBIOS rev. 2.4 @ 0xe0010 (74 entries)
  bios0: vendor LENOVO version 6FET46WW (1.16 ) date 09/24/2008
  bios0: LENOVO 4058CTO
  acpi0 at bios0: rev 2
  acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET SLIC BOOT ASF! SSDT
  SSDT SSDT SSDT SSDT
  acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
  cpu0 at mainbus0: apid 0 (boot processor)
  cpu0: apic clock running at 265MHz
  cpu at mainbus0: not configured
  ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
  ioapic0: misconfigured as apic 2, remapped to apid 1
  acpiprt0 at acpi0: bus 0 (PCI0)
  acpiprt1 at acpi0: bus 1 (AGP_)
  acpiprt2 at acpi0: bus 2 (EXP0)
  acpiprt3 at acpi0: bus 3 (EXP1)
  acpiprt4 at acpi0: bus -1 (EXP2)
  acpiprt5 at acpi0: bus 5 (EXP3)
  acpiprt6 at acpi0: bus 13 (EXP4)
  acpiprt7 at acpi0: bus 21 (PCI1)
  bios0: ROM list: 0xc/0xfc00 0xd/0x1000 0xd1000/0x1000
  0xd2000/0x1000 0xde000/0x1800! 0xe/0x1
  pci0 at mainbus0 bus 0: configuration mode 1 (bios)
  pchb0 at pci0 dev 0 function 0 Intel GM45 Host rev 0x07
  ppb0 at pci0 dev 1 function 0 Intel GM45 PCIE rev 0x07: apic 1 int 16
  (irq 11)
  pci1 at ppb0 bus 1
  vga1 at pci1 dev 0 function 0 ATI Mobility Radeon HD 3650 rev 0x00
  wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
  Intel GM45 HECI rev 0x07 at pci0 dev 3 function 0 not configured
  em0 at pci0 dev 25 function 0 Intel ICH9 IGP M AMT rev 0x03: apic 1
  int 20 (irq 11), address 00:1c:25:97:34:61
  uhci0 at pci0 dev 26 function 0 Intel 82801I USB rev 0x03: apic 1 int
  20 (irq 11)
  uhci1 at pci0 dev 26 function 1 Intel 82801I USB rev 0x03: apic 1 int
  21 (irq 11)
  uhci2 at pci0 dev 26 function 2 Intel 82801I USB rev 0x03: apic 1 int
  22 (irq 11)
  ehci0 at pci0 dev 26 function 7 Intel 82801I USB rev 0x03: apic 1 int
  23 (irq 11)
  usb0 at ehci0: USB revision 2.0
  uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
  Intel 82801I HD Audio rev 0x03 at pci0 dev 27 function 0 not
  configured
  ppb1 at pci0 dev 28 function 0 Intel 82801I PCIE rev 0x03: apic 1 int
  20 (irq 11)
  pci2 at ppb1 bus 2
  ppb2 at pci0 dev 28 function 1 Intel 82801I PCIE rev 0x03: apic 1 int
  21 (irq 11)
  pci3 at ppb2 bus 3
  iwn0 at pci3 dev 0 function 0 Intel WiFi Link 5300AGN rev 0x00: apic 1
  int 17 (irq 11), MIMO 3T3R, MoW

No OpenBSD for Lenovo Thinkpad w500 4058CTO

[Bill Maas]

Hi,

First, and just for the record: while trying to set up an FTP server on
OpenBSD 4.2 I got this error message while trying to connect by any
other address than 'localhost':

421 Service not available, remote server has closed connection.

Reason, it turned out: a missing entry in /etc/hosts.allow. I had a hard
time finding anything relevant out there, so now at least the relation
between the error message and the missing entry is documented.


The reason I needed an FTP server is that I'm trying to install OpenBSD
4.5 on a Lenovo Thinkpad W500 model 4058-CTO, with no success. With obsd
4.4 it never got past hardware initialization, with 4.5 at least I get
the installer menu, but no for long:

[...]
Proceed with install? [n] y
[...]

No disks found
#

And no, I don't expect developers to _scramble to their laptops_ just
because I as an OpenBSD user am _entitled to have this fixed ASAP_ and
stuff like that. I was at least happy to see that the Fathers of OpenBSD
in their infinite wisdom decided to use plain ftp for downloading
packages, and not some custom-built single-purpose
binary-installer-builtin, so I could at least get a dmesg off the box (I
didn't manage to get a screen capture over USB).

The output from the 'dmesg' command run from the shell commandline is
listed below. I'm only an index list member, but feel free to contact
me offlist if you need more info. I'll be happy to help testing any
updates. And I'll be following any replies through the archives of
course.

An otherwise very happy OpenBSD user,


Bill


dmesg:
--
OpenBSD 4.5 (RAMDISK_CD) #1112: Sat Feb 28 15:06:26 MST 2009
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/RAMDISK_CD
cpu0: Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz (GenuineIntel
686-class) 2.53 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,CX16,xTPR
real mem  = 3214176256 (3065MB)
avail mem = 3115958272 (2971MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 09/24/08, BIOS32 rev. 0 @ 0xfdc80,
SMBIOS rev. 2.4 @ 0xe0010 (74 entries)
bios0: vendor LENOVO version 6FET46WW (1.16 ) date 09/24/2008
bios0: LENOVO 4058CTO
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET SLIC BOOT ASF! SSDT
SSDT SSDT SSDT SSDT
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 265MHz
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 2, remapped to apid 1
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (AGP_)
acpiprt2 at acpi0: bus 2 (EXP0)
acpiprt3 at acpi0: bus 3 (EXP1)
acpiprt4 at acpi0: bus -1 (EXP2)
acpiprt5 at acpi0: bus 5 (EXP3)
acpiprt6 at acpi0: bus 13 (EXP4)
acpiprt7 at acpi0: bus 21 (PCI1)
bios0: ROM list: 0xc/0xfc00 0xd/0x1000 0xd1000/0x1000
0xd2000/0x1000 0xde000/0x1800! 0xe/0x1
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel GM45 Host rev 0x07
ppb0 at pci0 dev 1 function 0 Intel GM45 PCIE rev 0x07: apic 1 int 16
(irq 11)
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 ATI Mobility Radeon HD 3650 rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
Intel GM45 HECI rev 0x07 at pci0 dev 3 function 0 not configured
em0 at pci0 dev 25 function 0 Intel ICH9 IGP M AMT rev 0x03: apic 1
int 20 (irq 11), address 00:1c:25:97:34:61
uhci0 at pci0 dev 26 function 0 Intel 82801I USB rev 0x03: apic 1 int
20 (irq 11)
uhci1 at pci0 dev 26 function 1 Intel 82801I USB rev 0x03: apic 1 int
21 (irq 11)
uhci2 at pci0 dev 26 function 2 Intel 82801I USB rev 0x03: apic 1 int
22 (irq 11)
ehci0 at pci0 dev 26 function 7 Intel 82801I USB rev 0x03: apic 1 int
23 (irq 11)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
Intel 82801I HD Audio rev 0x03 at pci0 dev 27 function 0 not
configured
ppb1 at pci0 dev 28 function 0 Intel 82801I PCIE rev 0x03: apic 1 int
20 (irq 11)
pci2 at ppb1 bus 2
ppb2 at pci0 dev 28 function 1 Intel 82801I PCIE rev 0x03: apic 1 int
21 (irq 11)
pci3 at ppb2 bus 3
iwn0 at pci3 dev 0 function 0 Intel WiFi Link 5300AGN rev 0x00: apic 1
int 17 (irq 11), MIMO 3T3R, MoW, address 00:16:ea:a3:00:2c
ppb3 at pci0 dev 28 function 3 Intel 82801I PCIE rev 0x03: apic 1 int
23 (irq 11)
pci4 at ppb3 bus 5
ppb4 at pci0 dev 28 function 4 Intel 82801I PCIE rev 0x03: apic 1 int
20 (irq 11)
pci5 at ppb4 bus 13
uhci3 at pci0 dev 29 function 0 Intel 82801I USB rev 0x03: apic 1 int
16 (irq 11)
uhci4 at pci0 dev 29 function 1 Intel 82801I USB rev 0x03: apic 1 int
17 (irq 11)
uhci5 at pci0 dev 29 function 2 Intel 82801I USB rev 0x03: apic 1 int
18 (irq 11)
ehci1 at pci0 dev 29 function 7 Intel 82801I USB rev 0x03: apic 1 int
19 (irq 11)
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb5

Re: offloading layer 7 packet classification to hardware

[Bill Marquette]

On Thu, Oct 30, 2008 at 2:39 PM, Eduardo Meyer [EMAIL PROTECTED] wrote:
 how does pfsense classify p2p traffic?

via the ports it typically uses.

--Bill

PF route-to syntax

[Bill Meigs]

I discovered that rules like
pass in on $int_if route-to ($ext_if2 $ext_gw2) from any to any
must route-to an interface and not that interface's ip address. The rule 
set will load without an error message but the route-to rule will not 
work if the ip address is specified.


My first question is am I correct in this understanding. And if I am, 
shouldn't the ruleset fail to load if the route-to rule is not given and 
interface name?


Thanks.

need_help() with project

[Bill Maas]

Hi,

I'm working on a configuration management system based on siteXX-like
archives. While writing the software was mostly fun, the documentation
has turned out to be a bit of an ordeal due to motivational issues,
illness and stuff. I guess I've mostly been missing the necessary
feedback. So please take a look at it if you like, and if it looks
interesting enough, don't hesitate to ask me a few questions about How
It Works (it actually does - I use it myself). Contact info is on the
web site:

http://www.filedozer.org/

Mirror (main web hoster can be a bit unreliable):

http://stsx.xs4all.nl/www.filedozer.org/index.html

Greetings,

Bill


-- 
There is nothing to worry about - unknown

Re: RAID Hot Spare

[Bill Meigs]

LSI tech support is very helpful. 800-633-4545 in the usofa. Or:
http://www.lsi.com/support/support_form.html

Gaby Vanhegan wrote:
We had a drive failure on a RAID5 (LSI MegaRaid SATA 150-4) volume in 
our server (OpenBSD 4.1/x86).  The hot spare kicked in and the volume 
rebuilt fine after a successful fsck in single user mode.  We put in a 
new drive as the new hot spare:


# bioctl -Div ami0
bioctl: cookie = 0xd2a23c10
bio_inq
bio_inq { 0xd2a23c10, ami0, 2, 4 }
Volume  Status   Size Device
 ami0 0 Online   501991079936 sd0 RAID5
  0 Online   250995539968 0:0.0   noencl Maxtor  
6V250F0 VA11

 'V594LE9G'
  1 Online   250995539968 0:1.0   noencl Maxtor  
6V250F0 VA11

 'V5075JVG'
  2 Online   250995539968 0:3.0   noencl Maxtor  
6V250F0 VA11

 'V5064EEG'
 ami0 1 Hot spare250053918720 0:2.0   noencl WDC 
WD2500AAKS-00VSA01.0

 ' WD-WMART1158126'
#

The thing is the hot spare is fractionally smaller than the other 
drives, which is what happens when you go into a shop and ask for a 
250G drive.  What's going to happen if another drive fails and the 
RAID array tries to rebuild onto the slightly smaller hot spare?  Will 
it explode or just error out?  Do we need to go back and put a 
slightly larger drive in?


I know this isn't the ideal place to ask the question but I figure we 
can't be the only people running LSI cards under OpenBSD.  So far I 
can't find any good references on the 'net but my logic and intuition 
tells me that the drive needs to be bigger...


G.

--
Being drunk is feeling sophisticated without being able to say it.
http://www.playr.co.uk/

Re: Help: OpenBSD 4.2 setup VPN gateway for mobile users

[Bill Chmura]

Chiah Tong Kiat wrote:
 Hi

 Could anyone give me some pointers in setting up a VPN gateway for mobile 
 users?

 All the current docs that I've seen are for site-to-site VPN.  Existing 
 documents for mobiles uses certpatch to create a SubjectAltName which does 
 not exist anymore

 Could anyone please help?

 thanks
 tongkiat

   

I have found OpenVPN to be an easy solution in the past. I've got Linux, 
Windows, Mac clients all connecting fine. I have heard that IPSec on 
OpenBSD over the past few releases has gotten much easier to work with.

Lots of doc's on the openvpn web site to help. I've also seen some 
Howto's for OpenBSD specifically. But with any of these, it is really 
important to understand why you are doing something.

Re: What does hw.disknames means?

[Bill]

Thank you very much, Paul. I think you have already answered my question
clearly. Thanks for your help.

Cheers,

Hongxing

On Mon, Apr 28, 2008 at 8:57 AM, Paul de Weerd [EMAIL PROTECTED] wrote:

 Redirected to misc@, as it's more appropriate there.

 On Mon, Apr 28, 2008 at 07:27:23AM -0700, xing93111 wrote:
 | Hi,
 |
 | I use sysctl hw.disknames command on my openBSD system, the system says:
 | hw.disknames=rd0. What does this means? I also saw other posts in this
 | forum, their hw.disknames may be wd0, cd0, etc. What do these mean, rd0,
 | wd0, cd0?

 Look up the respective manpages of these. `man rd`, `man wd`, `man
 cd`, and `man sd` will tell you plenty. Basically, these are different
 types of disks that can be used by your machine. When the system
 boots, it probes the hardware and enumerates all (usable) types of
 storage it finds. hw.disknames then lists these.

 A couple of examples :
 hw.disknames=sd0,sd1,cd0
 hw.disknames=sd0,sd1,cd0,sd2
 hw.disknames=wd0,wd1,wd2,wd3

 sd are disks find behind a SCSI(-like) bus. The first example are
 actual SCSI disks, in the second example, sd0 and sd1 are SATA disks
 (they live behind an AHCI controller) and sd2 is a USB disk.

 cd are CD-ROM drives (or CD-R, CD-RW, DVD, etc). I think these are
 quite obvious.

 wd are basically IDE drives.

 rd is a ramdisk, most commonly found in install kernels (bsd.rd etc).

 Read the manpages for these (all in section 4) for more details.

 Cheers,

 Paul 'WEiRD' de Weerd

 --
 [++-]+++.+++[---].+++[+
 +++-].++[-]+.--.[-]
 http://www.weirdnet.nl/

OpenBSD compatability with Super Micro Blades

[Bill Jones]

Has anyone had any trouble or any experience using OpenBSD with SuperMicro
Blades?
We are looking at moving to a blade environment using the Super Micro
SBI-7125-T1 blades (Dual Xeons). I dont want to outlay a bunch of cash on
hardware that is not going to run OpenBSD.

I could not find direct support under hardware for the chipsets listed.

For those nice enough :) to take a look - Super Micros website specs for this
blade.
http://www.supermicro.com/products/SuperBlade/module/SBI-7125B-T1.cfm

Chipset information
On-Board Devices

Chipset
 Intel. 5000P (Blackford) chipset
 MCH + PXH + ESB2
SATA
 ESB2 SATA Controller
 RAID 0, 1 support
IPMI
 Support for Intelligent Platform Management Interface v.2.0 via Chassis
Management Module (CMM)
Network Controllers
 Intel. (ESB2) 82563EB Dual-Port Gigabit Ethernet PHY Controller
 Supports SerDes (Serializer/Deserializer)
 Intel. I/OAT support for fast, scaleable, and reliable networking
Graphics
 ATI ES1000 controller with 16 MB of video memory
Super I/O
 Winbond 83627HF chip
Clock Generator
 CK410B chip


Thanks
Bill


No virus found in this outgoing message.
Checked by AVG.
Version: 7.5.519 / Virus Database: 269.22.3/1354 - Release Date: 4/1/2008 5:38
AM

Re: Where to rent the best dedicated servers?

[Bill Moran]

In response to Kyrre Nygerd [EMAIL PROTECTED]:

 Sorry, I really don't know where else to ask.

 I've been using Staminus for a while now and I've had it with the downtime.

 Basically I want a place to host my Ruby on Rails / Git projects, an IRC
server as well as an internet radio channel.

 Simple website / control panel design is ofcourse a plus. None of that
cpanel bullshit though, I prefer to meddle around with simple text files the
way it's meant to be done.

 So, layeredtech.com? rackspace.com?

pair.com ?

--
Bill Moran
http://www.potentialtech.com

HFSC rules not working/parsing as supposed to

[Bill Johnstone]

Hello all.

A while back (several months ago), I had a dialogue with Henning
regarding hfsc in pf not working as it was supposed to.  To be more
specific, according to previous posts and discussions, the following
bare-bones ruleset should parse OK:

  ext_if = hme0
  int_if = fxp0

  altq on $ext_if hfsc bandwidth 384Kb queue { rtq defq }
  queue  rtq hfsc(realtime 10Kb linkshare 11Kb upperlimit 21Kb)
  queue defq hfsc(default realtime 0Kb linkshare 200Kb upperlimit
300Kb)

However, running pfctl -nv -f pf.conf on this produces the following
error right after the first queue rule:

  pfctl: the sum of the child bandwidth higher than parent root_hme0

According to previous posts by Henning, if the service curves are
specified in full, the bandwidth keyword should be unnecessary.  I
agree with the people who have posted to the lists before regarding the
bandwidth keyword in hfsc as being confusing and redundant.

So the question is: why do I get this error in the first place? 
Henning didn't have time to debug this, so it didn't go any further,
but I'd appreciate any assistance in trying to figure this out now.  I
don't want to have to use the hack of bandwidth when the service
curves should fully determine the queueing configuration.

Thanks for any assistance.



  

Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  
http://tools.search.yahoo.com/newsearch/category.php?category=shopping

Re: Server room temperature sensors

[Bill]

On Wed, 6 Feb 2008 23:07:01 -0800
Joe [EMAIL PROTECTED] spake:

 Can anyone recommend a server room temperature sensor that I can use  
 with openbsd?
 
 I want to monitor temperature and humidity.
 
 I hope to graph the data from the sensor.
 
 The sensor can be connected to my openbsd via usb, serial, or even  
 network.
 

I've used AVTECH in a few of my rooms.  I think the cheapest is around
$240 maybe... bigger models can handle everything from smoke, to noise,
etc...

Read them via SNMP tied to nagios.  Works good, the basic model comes
with a temp sensor in the unit and a 25' (I believe) lead to a remote
sensor.  

I also have some NetBotz, and while expensive are pretty cool -
airflow, noise, temp, humidity, door sensor, camera, etc...  Nice if
your not spending out of pocket eh...

Re: KDE presents a distorted screen or quits in the middle of starting up

[Bill Karh]

On 12 Dec 2007, [EMAIL PROTECTED] wrote:
 Hi,

 It takes me 3 or 4 startx's before I get a KDE screen that looks
 normal.  When it looks bad, the terminal background is black and other
 contrast problems exist.  Other times it simply locks up in the middle
 of starting up.

 Has any one else had these problems?

I run KDE on a thinkpad-t43 (-current), and don't have this problem.
Could it be an X11 problem with color-depth?

 Thanks,  Rob.

-- 
Regards,
Bill Karh

Re: spamd problems

[Bill]

On Sun, 19 Aug 2007 22:09:49 +0300
Edgars MakEa [EMAIL PROTECTED] spake:

 Hi!
 Some days ago spamd just started to GREY all incoming connections even 
 if IP address already was a WHITE.
 Any ideas for waht and where to look?
 
 OpenBSD 4.0 Generic
 those ar my firewall rules:
 rdr pass on $ext_if proto tcp from spamd to port 25 \
 - 127.0.0.1 port 8025
 rdr pass on $ext_if proto tcp from !spamd-white to port 25 \
 - 127.0.0.1 port 8025
 rdr on $ext_if proto tcp from any to any port 25 - 127.0.0.1
 
 Edgars
 

Did you reboot and loose your white table?
Did they some how get added to your spamd table?

I've always had my spamd-white list match on a no rdr before any of
the other rules.  

Re: Non critical but weird pf and openvpn problem

[Bill]

On Thu, 19 Jul 2007 15:06:55 -0700
[EMAIL PROTECTED] spake:

 I have the same problem.  I was going to post a this question too 
 along with another question.
 
 When I first boot up my OpenBSD 4.1 sever.  I can not access my 
 OpenVPN wireless connection.  I can access ssh wirelessly though.  
 So what I do is login via ssh and run pfctl -f /etc/pf.conf.  Now 
 my OpenVPN connection works just fine.  I too have my startup 
 script in /etc/rc.local but it is much simpler:
 
 /usr/local/sbin/openvpn /var/openvpn/server.conf
 
 I am curious to know why pf requires a command line start for it to 
 work.

I have a few OpenVPN installations running and do not have this problem
with any of them.  I start my PF normally through the rc.conf.local 

pf=
pf_rules=/etc/brock.conf

My OpenVPN starts in rc.local

 echo -n ' openvpn'; /usr/local/sbin/openvpn --cd /etc/openvpn --config
server.conf --daemo

It all just works(TM).

Do you have a hostname.tun0 file in /etc?  

I forget if OpenVPN will create the tun0, but it could be why PF needs
to be run after in your instance.  I have simply:

UP

in this file.

Re: SSH brute force attacks no longer being caught by PF rule

[Bill]

On Thu, 28 Jun 2007 09:02:43 -0500
J.D. Bronson [EMAIL PROTECTED] wrote:

 At 08:56 AM 06/28/2007, Stuart Henderson wrote:
 On 2007/06/28 08:46, J.D. Bronson wrote:
   Will NEW offenders be added to /etc/tables/scanners
   as they are discovered and therefore not just remain in kernel?
 
 No, pf does not write to files.
 How about cron(8) and pfctl(8) instead?
 
 so if it wont write to a file...I presume it blocks
 whats listed in /etc/tables/scanners permanently and then only
 blocks NEW offenders via kernel memory?
 (can someone clarify my understanding of that?
 
 I would ideally like to stop attacks and then write the offenders in a file
 so I dont loose these during a reboot...
 
 what if I cron something like this:
 
 pfctl -t scanners -T show  /etc/tables/scanners
 pfctl -f /etc/pf.conf
 
 Would that work?? 
 

The persist thing got me at first too, but the FAQ is quite clear and does not 
actual say it writes anywhere.  I just assumed it for reasons beyond this 
discussion.  Anyway, persist keeps it even if no rules are not using it.   The 
file part is strictly for pre-populating when pf starts up.

I am not sure why you have both of those... the top line to output would be 
fine, and have your pf ruleset use the file at startup to read them in.

Re: Could non-used, but non-upgraded X install freeze a system?

[Bill]

On Tue, 29 May 2007 21:01:21 -0600
Matthieu Herrb [EMAIL PROTECTED] spake:

 On 5/29/07, Bill [EMAIL PROTECTED] wrote:
  Hey anyone,
 
  We've been having this issue with our router freezing up.  Completely
  dead.  No panic, no error, just phooey.
 
  Anyway, memory and disk tests did not show anything so we are going to
  replace the hardware.
 
  But in prepping for this I noticed that the original installation had X
  installed.  Now I was unaware of this, and in subsequent upgrades did
  not install newer X packages.
 
  That being said, the problems started after I upgraded from 3.8 - 3.9
  - 4.0 (In one sitting).
 
  I don't use X on there and even have the aperture disabled in sysconf.
  Is there any way this could cause my system to completely freeze?
 
 No. Definatly not.
 
 
  What is the best way to try to re-mediate from this?  A full
   clean install?
 
  It's currently at 4.1 + patches.  (X is still at 3.8 I imagine).
 
  Errors I could understand, but I don't see think it would lock a system
  up... but I am not that good, so I am asking here, before yanking the
  hardware out.
 
 I've no idea. You don't provide enough details. Does the box still
 answer pings?
 does the caps -lock led still toggle ? post a dmesg ?
 

Sorry for the lack of info.  I posted it all before and did not get
very far.  This was just to check out the X factor so to speak.

The box is dead - no caps lock, nothing.  The most is that the nic
cards I believe still blink some.  Other than that its power down
completely.  

Thanks

Could non-used, but non-upgraded X install freeze a system?

[Bill]

Hey anyone,

We've been having this issue with our router freezing up.  Completely
dead.  No panic, no error, just phooey.

Anyway, memory and disk tests did not show anything so we are going to
replace the hardware.

But in prepping for this I noticed that the original installation had X
installed.  Now I was unaware of this, and in subsequent upgrades did
not install newer X packages.

That being said, the problems started after I upgraded from 3.8 - 3.9
- 4.0 (In one sitting).

I don't use X on there and even have the aperture disabled in sysconf.
Is there any way this could cause my system to completely freeze?  

What is the best way to try to re-mediate from this?  A full
 clean install?  

It's currently at 4.1 + patches.  (X is still at 3.8 I imagine).

Errors I could understand, but I don't see think it would lock a system
up... but I am not that good, so I am asking here, before yanking the
hardware out.

Watchdog card for OpenBSD

[Bill]

We've been having a locking up problem with our openbsd based router for a 
while now.  I upgraded to 4.1 about a week ago and so far it has not locked.  
Later this week we have scheduled some time to take down the router and run 
some memory / disk tests on it to make sure its not a hardware issue.  We are 
also going to dust it out since it is in a dusty environment.

Anyway, we figured while it was down we could possible throw a watchdog card 
in.  I noticed 4.1 added support for the Quancom PWDOG1...  anyone have 
anything good or bad to say about it?   I still have to get in to check for the 
reset pin on the motherboard.

Regards,

Bill

Problem with lockups after upgrade from 3.8

[Bill]

* * A recent post and a router blowout 
today has sparked me to report this * *


Hey all,

We've had a router running openbsd for a while now.  A few months ago
we upgraded from 3.8 to 4.0  (upgrade technically was 3.8 - 3.9 -
4.0) and it seemed to go as smooth as possible.

Then we started having bi-weekly crashes.  The system will just simply
freeze.  The first happened within a day of the upgrade.

There is nothing in the logs prior to the crash of note...  the only
thing for hours previous to that is stuff like:

May  7 11:46:28 core /bsd: arplookup: unable to enter address for
0.0.0.0

and the occasional syslogd restart.

When the fixes for the mbuf stuff came out for 4.0 I was hopeful that
may have been the issue... we have been running 4.0 with all the
patches up through 010 through two lockups.  There is no
pattern I can detect to the lockups - only once has it happened during
heavy traffic hours.

I am also in the process of building a 4.1 box and compiling it to
stable.  Once the packages page is up I can try that on the router also
if someone would think it would help.

This thing was running fine till we went up to 4.0.  If anyone thinks
it is worth it, we can drop back to 3.8 or 3.9 to get the stability
back...   Problem is that this router is serving about 5 segments, so
it going down is immediately noticeable.

The other OpenBSD boxes are running perfectly (but they handle a
fraction of the traffic these do).  I noticed another post about 4.0
and a suggestion to blow out the P/S which I will do also.



This is the item in question:

OpenBSD 4.0-stable (GENERIC) #3: Thu Mar 22 07:49:14 EDT 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) 4 CPU 2.80GHz (GenuineIntel 686-class) 2.81
GHz cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID
real mem  = 536375296 (523804K) avail mem = 481329152 (470048K)
using 4256 buffers containing 26923008 bytes (26292K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 10/21/04, BIOS32 rev. 0 @
0xf0010, SMBIOS rev. 2.3 @ 0xf96b0 (58 entries) bios0: Quanta Computer
Inc. S20A apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf4630/160 (8 entries)
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 6300ESB LPC rev
0x00) pcibios0: PCI bus #4 is the last bus
bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9000/0x1000
0xca000/0x1000 cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82875P Host rev 0x02
ppb0 at pci0 dev 3 function 0 Intel 82875P PCI-CSA rev 0x02
pci1 at ppb0 bus 1
em0 at pci1 dev 1 function 0 Intel PRO/1000CT (82547GI) rev 0x00: irq
5, address 00:c0:9f:41:a2:14 ppb1 at pci0 dev 28 function 0 Intel
6300ESB PCIX rev 0x02 pci2 at ppb1 bus 2
ppb2 at pci2 dev 1 function 0 IBM 133 PCIX-PCIX rev 0x02
pci3 at ppb2 bus 3
em1 at pci3 dev 4 function 0 Intel PRO/1000MT QP (82546EB) rev 0x01:
irq 9, address 00:04:23:bc:1c:4c em2 at pci3 dev 4 function 1 Intel
PRO/1000MT QP (82546EB) rev 0x01: irq 9, address 00:04:23:bc:1c:4d em3
at pci3 dev 6 function 0 Intel PRO/1000MT QP (82546EB) rev 0x01: irq
9, address 00:04:23:bc:1c:4e em4 at pci3 dev 6 function 1 Intel
PRO/1000MT QP (82546EB) rev 0x01: irq 9, address 00:04:23:bc:1c:4f
uhci0 at pci0 dev 29 function 0 Intel 6300ESB USB rev 0x02: irq 9
usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root
hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 Intel 6300ESB USB rev 0x02: irq 11
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
Intel 6300ESB WDT rev 0x02 at pci0 dev 29 function 4 not configured
Intel 6300ESB APIC rev 0x02 at pci0 dev 29 function 5 not configured
ehci0 at pci0 dev 29 function 7 Intel 6300ESB USB rev 0x02: irq 10
ehci0: timed out waiting for BIOS
usb2 at ehci0: USB revision 2.0
uhub2 at usb2
uhub2: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub2: 4 ports with 4 removable, self powered
ppb3 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0x0a
pci4 at ppb3 bus 4
em5 at pci4 dev 2 function 0 Intel PRO/1000MT (82541GI) rev 0x00: irq
3, address 00:c0:9f:41:a2:15 em6 at pci4 dev 3 function 0 Intel
PRO/1000MT (82546GB) rev 0x03: irq 7, address 00:04:23:bd:97:18 em7 at
pci4 dev 3 function 1 Intel PRO/1000MT (82546GB) rev 0x03: irq 3,
address 00:04:23:bd:97:19 vga1 at pci4 dev 14 function 0 ATI Rage XL
rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ichpcib0 at pci0
dev 31 function 0 Intel 6300ESB LPC rev 0x02 pciide0 at pci0 dev 31
function 2 Intel 6300ESB SATA rev 0x02: DMA, channel 0 configured to

Re: a question kinda pff topic

[Bill Chmura]

On Thu, 12 Apr 2007 11:38:12 -0400
Dave [EMAIL PROTECTED] wrote:

 I have a question not about the software but where you put your network stuff
 has any one built there own rack out of wood I am looking at building my own.
 

Being a fine woodworking freak this was an interesting question.  I have built 
many things our of wood - but I have never built a rack.  I've considered 
making a desktop case out of it once, but that was more for the novelty of it.

   Personally I don't think its a good idea, but was wondering why were 
considering it?  

Re: bio not working on dl380 g4 with newer ciss fw

[Bill Marquette]

On 4/12/07, Kalle Andersson [EMAIL PROTECTED] wrote:

Hello Misc!
I have a 2 HP DL380 G4 where the ciss bio stuff behaves differently...
Im hoping someone can give me a clue...

box1:
# bioctl ciss0
Volume  Status   Size Device
ciss0 0 Online   293617820160 sd0 RAID5
  0 Online   146811543552 1:0.0   noencl COMPAQ  BD14689BB9  
  1 Online   146811543552 1:1.0   noencl COMPAQ  BD14689BB9  
  2 Online   146811543552 1:2.0   noencl COMPAQ  BD14689BB9  
  3 Hot spare146811543552 1:3.0   noencl COMPAQ  BD14689BB9  

box2:
# bioctl ciss0
bioctl: Can't locate ciss0 device via /dev/bio


Only difference I can see that might have something to do with it is:
box1: ciss0: 1 LD, HW rev 1, FW 2.58/2.58
box2: ciss0: 2 LDs, HW rev 1, FW 2.68/2.68

Is box2's bio not working because the 2.68 FW or that it has two logical drives?
Is FW 2.68 going to be supported or should I try to downgrade (if that
even is possible)?


Two logical drives.  Not sure about the firmware version, but the
more than one logical drive issue is in the caveats section of
ciss(4).

--Bill

pfctl question

[Bill Meigs]

If I run the command
# pfctl -vsr
I get counters started from the last time I loaded the rule set.

Is there a way to find out the Date and Time I last loaded the rule set 
so that

I can know the length of time it took to acquire x number of packets, etc?
I see a line for Status: Enabled ...

Thank you very much.

Re: 802.11g in ath(4) driver

[Bill Marquette]

On 3/7/07, Jonathan Gray [EMAIL PROTECTED] wrote:

On Tue, Mar 06, 2007 at 11:55:10PM -0600, Bill Marquette wrote:
 Any reason ath(4) only currently supports 11b mode?  Looks like it was
 commented out in the driver in September with the comment for now.
 Just wondering if we're going to see it back for 4.1, or what's broken
 with it that it was removed.

 --Bill

The voodoo required to initialise the cards for 11g rates has not
been fully worked out yet.  Atheros publishes no datasheets on
any of their products and are openly hostile to people trying
to understand how to interface to them.


Thanks for the explanation.  Is there anything I can do to help?
Testing patches, sending hardware, prodding Atheros?  What's the best
supported 11g driver these days, is it ral(4)?

--Bill

802.11g in ath(4) driver

[Bill Marquette]

Any reason ath(4) only currently supports 11b mode?  Looks like it was
commented out in the driver in September with the comment for now.
Just wondering if we're going to see it back for 4.1, or what's broken
with it that it was removed.

--Bill

pf state limits

[Bill Marquette]

I know this has come up in the past but I haven't been able to track
down a definitive answer (I'm sure there's a reason why), so I'll ask
the question again.

Given a i386 kernel, assume I can toss as much RAM at the box as
needed (I know this isn't the limitation, it's a kernel memory issue),
what's the maximum I can set the state table size to?  I have a couple
boxes that are running around 200K states with the limit set at 256K.
I expect that I will see a growth in that state table size as the
traffic to the servers behind these machines increases during our peak
season.  I can tune the tcp.closed parameter a bit on the external
rules as 75% of these states are fin_wait_2:fin_wait_2, but before I
start messing with that I'd rather increase the state limit some more.
I can also try adaptive timeouts on those rules, but I'm more than a
little paranoid about having the system dynamically change timeout
values.

Any suggestions on what the max might be and how I can monitor the
system to see where I'm at in relationship to the max (if there's no
hard number, I'm guessing the number depends on hardware and other
system options that affect kernel memory).

--Bill

SSL Certs on Carp'd web servers

[Bill Chmura]

Hello,

I have two web servers carp'd that I am getting ssl certs for.  I have it all 
running with my own self signed ones, but need to get a verisign or thwate cert.

Is there any issues that are gonna bite me with doing this?  Since they all 
appear the same, the cert info will be very similar and I don't want to buy 
them without making sure it's gonna be okay if I just apply for them using the 
info generated on each box?

The servers are a master / backup - so the the traffic should mostly be going 
to one server (unless something bad happens).

Any info would be great.

Thanks

Bill

Re: SSL Certs on Carp'd web servers

[Bill Chmura]

On Mon, 19 Feb 2007 16:22:59 +0100
Nico Meijer [EMAIL PROTECTED] wrote:

 Hey Bill,
 
  Is there any issues that are gonna bite me with doing this?
 
 No, not that I know of.
 
 I do this with a bunch of boxes. I only use the carp'ed IP address on
 either box when configuring apache.
 
 HTH... Nico

Thanks Nico,

I noticed that Verisign has an option to secure more than one server with a 
single cert, but it basically doubles the price. 

The only reason I could think of that would require a single cert for two is if 
I was load balanced and you never knew what you were going to get on your next 
request...  In fact, I am probably at this point going to self sign the backup, 
and do a normal cert on the primary.

Thanks for the sanity check!

Re: OpenBSD Router woes

[Bill Chmura]

On Mon, 5 Feb 2007 13:37:25 -0800
BradenM - Sonoma Computer [EMAIL PROTECTED] wrote:

 So, it goes like this;
 OpenBSD is installed and functional and in the process of becoming a PF/Router
 box. My problem is this, I have three ethernet cards, each assigned the names
 rl0 - rl2. rl0 is the ethernet card that is recieving an IPv4 address from my
 SBC router, rl1 will be listening to dhcp requests which I have already setup
 using dhcpd, and rl2 will be listening for dhcp requests but will not be
 connected to a computer but a wireless access point. My question, and thus my
 problem, is this: I have setup ip fowarding using sysctl and am now wondering
 how I am to distribute my internet connection from rl0 to rl1 and 2? Are PF
 rules required or do I have to write to the configuration file for the
 ethernet adapters?
 

Unless they are all public address space, you need to perform NAT on traffic 
going from r0 - rl1 and r0 - rl2 - which is done through PF.  You probably 
also want some PF rules in there to mitigate traffic.

Each card will need to be configured if that is what you mean

The OpenBSD FAQ has a great writeup on PF.  

Re: Slow write performance on Compaq Smart Array 64xx (ciss0)

[Bill Marquette]

On 1/28/07, Henning Brauer [EMAIL PROTECTED] wrote:

* Vijay Sankar [EMAIL PROTECTED] [2007-01-28 16:07]:
 bioctl -h ciss0 gives me

 bioctl: Can't locate ciss0 device via /dev/bio

ciss doesn't support bio yet.


Unless I'm mistaken, mickey@ added it pre-4.0 here:
http://marc.theaimsgroup.com/?l=openbsd-cvsm=115671197617717w=2

and bio(4) man page claims it's supported as does ciss(4) (albeit with a caveat)

--Bill

Re: Low power barebone: MSI Axis 700 Lite with fanless VIA C7 1GHz

[Bill Meigs]

Constantine A. Murenin wrote:

Hi,

Anyone tried subj?

http://www.newegg.com/Product/Product.asp?Item=N82E16856167012
http://www.msicomputer.com/product/p_spec.asp?model=Axis_700_Lite

It looks pretty-pretty nice, and goes for a very reasonable price --
about 202,32 USD delivered for a complete barebone -- it includes
case, PSU, mini-ITX motherboard and a fanless VIA C7 1GHz CPU. It even
has two serial ports and accepts one full-size PCI card!

If anyone has any experience with this system, a dmesg and `sysctl
hw.sensors` along with some acoustical descriptions would be really
neat. (I suspect that this candy may have a non-controllable fan in
the PSU, which would mean that it may not be 100% quiet in a living
room / bedroom setting.)

Cheers,
Constantine.




With the hard drive, cdrom, and nic (re0) in the pci slot it draws 25watts,
21watts without.
The PSU Fan is typical noise wise.
It did not want to boot from a USB thumb drive.

sysctl hw.sensors
hw.sensors.0=lm0, VCore A, 2.00 V DC
hw.sensors.1=lm0, VCore B, 3.79 V DC
hw.sensors.2=lm0, +3.3V, 3.26 V DC
hw.sensors.3=lm0, +5V, 5.48 V DC
hw.sensors.4=lm0, +12V, 12.29 V DC
hw.sensors.5=lm0, -12V, -12.86 V DC
hw.sensors.6=lm0, -5V, -4.88 V DC
hw.sensors.7=lm0, Temp1, 36.00 degC


OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006
   [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: VIA Esther processor 1000MHz (CentaurHauls 686-class) 1 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,SSE3,EST,TM2

cpu0: unknown Enhanced SpeedStep CPU, msr 0x08100a1308000a13
cpu0: using only highest and lowest power states
cpu0: Enhanced SpeedStep 1000 MHz (1004 mV): speeds: 1000, 800 MHz
cpu0: RNG AES AES-CTR SHA1 SHA256 RSA
real mem  = 468217856 (457244K)
avail mem = 419028992 (409208K)
using 4256 buffers containing 23515136 bytes (22964K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(db) BIOS, date 10/31/06, BIOS32 rev. 0 @ 
0xf92c0, SMBIOS rev. 2.3 @ 0xf0800 (33 entries)

bios0: MICRO-STAR INTERNATIONAL CO., LTD MS-7199
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 70102 dobusy 1 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0xbdd4
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfbd50/128 (6 entries)
pcibios0: bad IRQ table checksum
pcibios0: PCI BIOS has 6 Interrupt Routing table entries
pcibios0: PCI Exclusive IRQs: 5 10 11
pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT8237 ISA rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0xfe00
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 VIA CN700 Host rev 0x00
pchb1 at pci0 dev 0 function 1 VIA CN700 Host rev 0x00
pchb2 at pci0 dev 0 function 2 VIA CN700 Host rev 0x00
pchb3 at pci0 dev 0 function 3 VIA PT890 Host rev 0x00
pchb4 at pci0 dev 0 function 4 VIA CN700 Host rev 0x00
pchb5 at pci0 dev 0 function 7 VIA CN700 Host rev 0x00
ppb0 at pci0 dev 1 function 0 VIA VT8377 AGP rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 VIA S3 Unichrome PRO IGP rev 0x01: 
aperture at 0xf400, size 0x1000

wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pciide0 at pci0 dev 15 function 0 VIA VT6420 SATA rev 0x80: DMA
pciide0: using irq 11 for native-PCI interrupt
pciide1 at pci0 dev 15 function 1 VIA VT82C571 IDE rev 0x06: ATA133, 
channel 0 configured to compatibility, channel 1 configured to compatibility

wd0 at pciide1 channel 0 drive 0: Maxtor 92049U3
wd0: 16-sector PIO, LBA, 19536MB, 40010544 sectors
atapiscsi0 at pciide1 channel 0 drive 1
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: HL-DT-ST, CD-ROM GCR-8521B, 1.00 SCSI0 
5/cdrom removable

wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 4
cd0(pciide1:0:1): using PIO mode 4, DMA mode 2
pciide1: channel 1 ignored (disabled)
uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x81: irq 10
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 16 function 1 VIA VT83C572 USB rev 0x81: irq 10
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 16 function 2 VIA VT83C572 USB rev 0x81: irq 11
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
uhci3 at pci0 dev 16 function 3 VIA VT83C572 USB rev 0x81: irq 11
usb3 at uhci3: USB revision 1.0
uhub3 at usb3
uhub3: VIA UHCI root hub, rev 1.00/1.00, addr 1
uhub3: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 16 function 4 VIA VT6202 USB rev 0x86: irq 5
usb4 at ehci0: USB revision 2.0
uhub4 at usb4
uhub4: VIA EHCI root hub, rev 2.00/1.00, addr 1
uhub4: 8 ports with 8 removable, self powered
viapm0 at pci0 dev 17 function 0 VIA VT8237 

Re: help! 855 chipset resolution

[Bill Maas]

 [I'm not good at numbers..]:

mount: wrong fs type, bad option, bad superblock on /dev/hda3,
   missing codepage or other error
   In some cases useful info is found in syslog - try
   dmesg | tail  or so

From 'dmesg|tail':

[4429130.194000] ufs_read_super: bad magic number

On a PC it does work fine.

[[[ This is NOT a question nor an attempt to create a new thread - I'm
not asking for solutions here - I can live with it ]]].


Another thing you might bump into using lilo or possibly GRUB (I don't
use that - yet another GNU ...), is a complaint about corrupted
partition entry or PT entry not aligned or something. Can't remember
exactly what the message was, but lilo may see PT entries created with
OpenBSD fdisk as invalid/corrupt. Just insert an ignore-table
into /etc/lilo.conf and the problem is fixed.


Bill

 Cheers,
 
 Pau
 
 2006/12/13, [EMAIL PROTECTED] [EMAIL PROTECTED]:
  Why don't you just set aside a partiton for OpenBSD and dual-boot until
  you get your setup to the point that you can work with it?
 
  -RjH

Finding missing udp packets?

[Bill]

I have an OpenVPN server running on OpenBSD 3.8 (x86).  I've been having 
intermitten problems with it and reconnection problems. It's openvpn out of 
ports for 3.8.

I have it down to right now, sporadically, the OpenVPN server thinks it is 
sending UDP packets (and in the logs makes note that it has) but I cannot see 
them leaving the external interface...

What can I do to track down where this is going wrong?  Is there some way to 
see if OpenBSD is taking this packet and then losing it?  

I am just not sure where to look next.  I've watched it happen, and the traffic 
is very low, the utlization is like so:

load averages: 0.40, 0.54, .60  

 
38 processes:  37 idle, 1 on processor
CPU states:  2.7% user,  0.0% nice,  3.7% system,  1.6% interrupt, 92.0% idle
Memory: Real: 678M/824M act/tot  Free: 684M  Swap: 0K/3072M used/tot

The strange part is that it works fine for a while, then suddenly starts up 
with this behavior...  We've had this happen with clients on all different 
platforms (windows / mac / linux).

We have an upgrade to OpenBSD 4.0 set for the first few weeks of next year...  
I've another 3.8 machine running this fine with no problems whatsoever...

Any pointers would be great and very appreciated.  I've tried the OpenVPN 
lists, but no help there


OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Celeron(R) CPU 2.40GHz (GenuineIntel 686-class) 2.41 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID
real mem  = 1609588736 (1571864K)
avail mem = 1461350400 (1427100K)
using 4278 buffers containing 80580608 bytes (78692K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(49) BIOS, date 05/19/04, BIOS32 rev. 0 @ 0xfd5b6
pcibios0 at bios0: rev 2.1 @ 0xfd520/0xae0
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfde80/352 (20 entries)
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00)
pcibios0: PCI bus #3 is the last bus
bios0: ROM list: 0xc/0x9000 0xc9000/0x1000 0xca000/0x1000 0xcb000/0x1800
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82875P Host rev 0x02
ppb0 at pci0 dev 3 function 0 Intel 82875P PCI-CSA rev 0x02
pci1 at ppb0 bus 1
em0 at pci1 dev 1 function 0 Intel PRO/1000CT (82547GI) rev 0x00: irq 5, 
address: 00:09:6b:7f:70:93
ppb1 at pci0 dev 28 function 0 Intel 6300ESB PCIX rev 0x02
pci2 at ppb1 bus 2
em1 at pci2 dev 2 function 0 Intel PRO/1000MT (82546GB) rev 0x01: irq 5em1: 
The EEPROM Checksum Is Not Valid
em1: Unable to initialize the hardware
em2 at pci2 dev 2 function 1 Intel PRO/1000MT (82546GB) rev 0x01: irq 5em2: 
The EEPROM Checksum Is Not Valid
em2: Unable to initialize the hardware
uhci0 at pci0 dev 29 function 0 Intel 6300ESB USB rev 0x02: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 Intel 5300ESB USB rev 0x02: irq 5
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
Intel 6300ESB WDT rev 0x02 at pci0 dev 29 function 4 not configured
Intel 6300ESB APIC rev 0x02 at pci0 dev 29 function 5 not configured
ehci0 at pci0 dev 29 function 7 Intel 6300ESB USB rev 0x02: irq 11
usb2 at ehci0: USB revision 2.0
uhub2 at usb2
uhub2: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub2: 4 ports with 4 removable, self powered
ppb2 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0x0a
pci3 at ppb2 bus 3
vga1 at pci3 dev 2 function 0 ATI Radeon VE QY rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
fxp0 at pci3 dev 8 function 0 Intel 82557 rev 0x0c, i82550: irq 11, address 
00:0e:0c:50:d7:c4
inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
ichpcib0 at pci0 dev 31 function 0 Intel 6300ESB LPC rev 0x02
pciide0 at pci0 dev 31 function 2 Intel 6300ESB SATA rev 0x02: DMA, channel 0 
configured to compatibility, channel 1 configured to compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: HL-DT-ST, CD-ROM GCR-8482B, 1.02 SCSI0 5/cdrom 
removable
cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
wd0 at pciide0 channel 1 drive 0: Maxtor 6Y080M0
wd0: 16-sector PIO, LBA, 76324MB, 156312576 sectors
wd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 5
Intel 6300ESB SMBus rev 0x02 at pci0 dev 31 function 3 not configured
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 

Re: What it this mean?

[Bill Maas]

On Mon, 2006-12-11 at 15:47 -0800, Bryan Irvine wrote:
 On 12/11/06, Nick Guenther [EMAIL PROTECTED] wrote:
 
  On 12/11/06, Carlos A. Garcia G [EMAIL PROTECTED] wrote:
   i have recived a mail from the server with this information
  
   Checking setuid/setgid files and devices:
   Setuid/device find errors:
   find: /tmp/PerlIO_W32319: No such file or directory
  
   what is it? and what can i do to fix the problem?
  
 
  This is not nearly enough information to even begin guessing what the
  problem is, except that it's something to do with Perl, and looking at
  http://netpointmexico.com I see that it's a webmail system written in
  Perl. It's probably a bug in that, potentially one that OpenBSD (if
  you're even running OpenBSD) exposes?
 
 
 
 I suspect you are on the right track.  My best guess with the complete lack
 of info is that /var/www/tmp is missing (ie chrooted apache).
 
 --Bryan
 

To both commentators:

http://www.seas.ucla.edu/classes/mkampe/cs111.sq05/docs/bsd.html

Excellent reading!

Bill

 
-- 
Incompetence is our watchword - John Peel

Re: diskless kernel config

[Bill Maas]

On Tue, 2006-12-12 at 11:26 +1100, Craig Barraclough wrote:
  I tried something similar, because I wanted to see if I could mount an
  NFS partition from my Soekris, running OpenBSD, but I 
  couldn't get it to
  work. I also couldn't get NFS support to compile properly, so 
  I left it
 snip
 
 I've had no problem getting a 4.0-current (upgraded from 3.8-current,
 through 3.9-current) system (Soekris NET4801-50) working in just this
 way.

I was talking about 3.8. Tried configuring GENERIC with NFS support but
it failed, and I just didn't feel like going into the details at that
time (unaware of the mass of details that bsd.rd / miniroot was going
to throw at me;).

 NFS kernel supplied from a CF based filesystem on one Soekris box, root
 and swap on a NAS device.
 Boxes are mounted in the neat kd85.com rack-mount case (Thanks Wim!).
 Kernel is built using a quick patch:
 
 --- GENERIC   Thu Jun  8 12:04:42 2006
 +++ GENERIC.NFS   Tue Jun 13 12:13:35 2006
 @@ -39,7 +39,7 @@
  #option  NTFS# Experimental NTFS support
  
  # or use root on nfs swap on nfs
 -config   bsd swap generic
 +config   bsd root on nfs swap on nfs
 

You're right. The motivation for dropping the DISKLESS kernel config,
according to a CVS log message (if I remember it well), was indeed a
line like now replaced by a single line in GENERIC.

Still, mounting / on NFS doesn't seem to be considered the standard
procedure it is with e.g. Debian/GNU Linux, and isn't documented
extensively - in the FAQ or elsewhere. I'd be happy to do that, _if I
find time_.

Some day I'll try setting up the diskless environment again, if only
for fun  education. Maybe some nice doc will spin off of it.


Bill

-- 
Incompetence is our watchword - John Peel

Re: diskless kernel config

[Bill Maas]

I tried that too a while ago, without success. If I remember it well,
support for diskless booting was dropped for i386 at some point, though
the config still contains references to it here and there. But someone
kick me if I'm wrong..

Bill

On Sun, 2006-12-10 at 22:09 -0600, Jacob Yocom-Piatt wrote:
 the diskless(8) manpage is quite informative but it omits any discussion of 
 the
 necessary kernel config for running diskless. the closest thing i could find 
 was
 
 http://marc.theaimsgroup.com/?l=openbsd-miscm=107368329021519w=2
 
 the goal is to get a soekris 4801 running diskless and i tried taking the
 flashdist 4801 config for 4.0 and making a single modification. the only 
 change
 made was
 
 #config bsd root on wd0a
 config  bsd root on nfs swap on nfs
 
 and i got an error during the make
 
 # make
 mkdir -p /usr/src/sys/arch/i386/compile/NET4801/lib/kern
 making sure the kern library is up to date...
 `libkern.o' is up to date.
 making sure the compat library is up to date...
 `libcompat.a' is up to date.
 sh /usr/src/sys/arch/i386/compile/NET4801/../../../../conf/newvers.sh
 cc  -Werror -Wall -Wstrict-prototypes -Wmissing-prototypes  -Wno-uninitialized
 -Wno-format -Wno-main  -Wstack-larger-than-2047 -march=i486 
 -fno-builtin-printf
 -fno-builtin-log -O2 -pipe -nostdinc -I.
 -I/usr/src/sys/arch/i386/compile/NET4801/../../../../arch
 -I/usr/src/sys/arch/i386/compile/NET4801/../../../.. -DDDB -DDIAGNOSTIC 
 -DKTRACE
 -DCRYPTO -DFFS -DMFS -DTCP_SACK -DTCP_SIGNATURE -DFDESC -DFIFO -DKERNFS 
 -DPROCFS
 -DINET -DALTQ -DIPSEC -DBOOT_CONFIG -DI586_CPU -DUSER_PCICONF -DPTRACE
 -DPCCOMCONSOLE -DCONSPEED=0x4b00 -DPCIVERBOSE -D_KERNEL -Di386  -c vers.c
 rm -f bsd
 ld -Ttext 0xD0200120 -e start -N -S -x -o bsd ${SYSTEM_OBJ} vers.o
 swapbsd.o(.data+0x20): undefined reference to `nfs_mountroot'
 *** Error code 1
 
 Stop in /usr/src/sys/arch/i386/compile/NET4801 (line 344 of Makefile).
 
 suggestions as to the correct config setting would be appreciated. was there
 ever a DISKLESS config in the source tree?
 
 cheers,
 jake
 
 
-- 
Good that there are standards, and enough of them

Re: diskless kernel config

[Bill Maas]

Before I really get kicked: I don't think those refences are in the
config, but there certainly are references to i386 diskless booting in
some older online docs, like this one:

http://www.onlamp.com/pub/a/bsd/2004/04/29/Big_Scary_Daemons.html

I tried something similar, because I wanted to see if I could mount an
NFS partition from my Soekris, running OpenBSD, but I couldn't get it to
work. I also couldn't get NFS support to compile properly, so I left it
and dived into the miniroot stuff. This can serve as an alternative to
mount / on NFS, except that it has quite stringent size limitations.

By the way, the fact that PXE booting is also often referred to as
diskless booting (which technically it is), doesn't make life easier
for someone who is new to both topics, as they are both quite different.

Finally, from the document above:

OpenBSD provides a kernel configuration specifically for i386 diskless
operations. It's called DISKLESS.

That config presumably contained all support that's needed for a
Sun-style diskless boot, but it seems to have been obsoleted for i386.

And from diskless(8):

The procedures for AMD64 and i386 clients vary somewhat to the stages
detailed above. See pxeboot(8) for more detailed information.

They seem to vary more than somewhat..


Bill
 
On Mon, 2006-12-11 at 06:59 +0100, Bill Maas wrote:
 I tried that too a while ago, without success. If I remember it well,
 support for diskless booting was dropped for i386 at some point, though
 the config still contains references to it here and there. But someone
 kick me if I'm wrong..
 
 Bill
 
 On Sun, 2006-12-10 at 22:09 -0600, Jacob Yocom-Piatt wrote:
  the diskless(8) manpage is quite informative but it omits any discussion of 
  the
  necessary kernel config for running diskless. the closest thing i could 
  find was
  
  http://marc.theaimsgroup.com/?l=openbsd-miscm=107368329021519w=2
  
  the goal is to get a soekris 4801 running diskless and i tried taking the
  flashdist 4801 config for 4.0 and making a single modification. the only 
  change
  made was
  
  #config bsd root on wd0a
  config  bsd root on nfs swap on nfs
  
  and i got an error during the make
  
  # make
  mkdir -p /usr/src/sys/arch/i386/compile/NET4801/lib/kern
  making sure the kern library is up to date...
  `libkern.o' is up to date.
  making sure the compat library is up to date...
  `libcompat.a' is up to date.
  sh /usr/src/sys/arch/i386/compile/NET4801/../../../../conf/newvers.sh
  cc  -Werror -Wall -Wstrict-prototypes -Wmissing-prototypes  
  -Wno-uninitialized
  -Wno-format -Wno-main  -Wstack-larger-than-2047 -march=i486 
  -fno-builtin-printf
  -fno-builtin-log -O2 -pipe -nostdinc -I.
  -I/usr/src/sys/arch/i386/compile/NET4801/../../../../arch
  -I/usr/src/sys/arch/i386/compile/NET4801/../../../.. -DDDB -DDIAGNOSTIC 
  -DKTRACE
  -DCRYPTO -DFFS -DMFS -DTCP_SACK -DTCP_SIGNATURE -DFDESC -DFIFO -DKERNFS 
  -DPROCFS
  -DINET -DALTQ -DIPSEC -DBOOT_CONFIG -DI586_CPU -DUSER_PCICONF -DPTRACE
  -DPCCOMCONSOLE -DCONSPEED=0x4b00 -DPCIVERBOSE -D_KERNEL -Di386  -c vers.c
  rm -f bsd
  ld -Ttext 0xD0200120 -e start -N -S -x -o bsd ${SYSTEM_OBJ} vers.o
  swapbsd.o(.data+0x20): undefined reference to `nfs_mountroot'
  *** Error code 1
  
  Stop in /usr/src/sys/arch/i386/compile/NET4801 (line 344 of Makefile).
  
  suggestions as to the correct config setting would be appreciated. was there
  ever a DISKLESS config in the source tree?
  
  cheers,
  jake
  
  
-- 
Good that there are standards, and enough of them

Re: ral0: device timeout

[Bill Maas]

On 12/4/06, Markus Bergkvist [EMAIL PROTECTED] wrote:
 Also, the connection light and the transmission light is always on,
 regardsless if it is connected to the network or sending/receiving or
 not. Only when I take the network interface down the lights go out. If
 that means anything to anyone.

Check the other end. I've had a similar problem with sis0 on a Soekris
(both LEDs continuously on), and it turned out to be the Vigor ADSL
modem that was in trouble.

Bill

-- 
Good that there are standards, and enough of them

Re: ral0: device timeout

[Bill Maas]

From
http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/ie2116/install/cables.htm#wp1043436
:

The bottom LED is the Ethernet activity LED. When it flashes, it
indicates that data is being transmitted or received between the server
and a network device. The flashing frequency is proportional to the
amount of traffic on the network link.

So if the LED stays ON then something might be flooding the interface
with packets [or the interface is trying to send the same packet over
and over again - beyond my knowledge]. Which might as well indicate a
software [config] problem. Did you run tcpdump(8) on that interface? Did
you reboot the device while off the net and was there still a problem?
That would indicate that the error is generated internally. I wouldn't
bet my life on an OS or hardware issue here.

Bill

On Tue, 2006-12-05 at 23:11 +0100, Markus Bergkvist wrote:
 I have a RT2600 also on my AP so I guess I have to get my hands on a 
 working out-of-the-box AP to verify that it is no hardware problem.
 
 /Markus
 
 Bill Maas wrote:
  On 12/4/06, Markus Bergkvist [EMAIL PROTECTED] wrote:
  Also, the connection light and the transmission light is always on,
  regardsless if it is connected to the network or sending/receiving or
  not. Only when I take the network interface down the lights go out. If
  that means anything to anyone.
  
  Check the other end. I've had a similar problem with sis0 on a Soekris
  (both LEDs continuously on), and it turned out to be the Vigor ADSL
  modem that was in trouble.
  
  Bill
  
 
-- 
Good that there are standards, and enough of them

Re: file permissions/ownership in base40.tgz

[Bill Maas]

Hello Robert,

I don't feel authorized to tell you that everything inside base.tgz is
set correctly after untarring (must look inside install script to be
100% sure), but here's a script that I've been using lately. Note
Linux' [sS] and OpenBSD's [tT]. Good that there are standards!


Bill

---
#!/bin/sh
#
# findperms - find node permissions

# Usage: ./findperms [-r [-t]] node
# Writes to stdout

# Will print:
# type mode owner.group path
# type mode owner.group path/tree.. [-r]
# type mode owner.group /tree.. [-r -t]

os=$(uname)

if [ X$1 = X-r ]; then
recursive=yes
shift
fi

if [ X$1 = X-t ]; then
truncate=yes
shift
fi

if [ -z $1 ] || [ -n $truncate -a -z $recursive ]; then
echo Usage: ./findperms [-r [-t]] node
exit 1
fi

node=$1

command=ls -ld $node
if [ X$recursive = Xyes ]; then
command=find $node -exec ls -ld {} \;
fi

subst= 
if [ X$truncate = Xyes ]; then
subst= $node
fi

# OpenBSD and Linux use different output formats with 'ls -l'
# Merging the two awk commands into one turned out not to be a good idea 
(maintenance)
if [ X$os = XOpenBSD ]; then

eval $command |
sed -e 's/,  */,/' -e 's/ -.*//' |
grep -v ^total |
awk -F' ' '{ mod=0 }
   /^.r/ { mod += 400 }
   /^..w.../ { mod += 200 }
   /^...x../ { mod += 100 }
   /^...s../ { mod += 4000 }
   /^r./ { mod += 40 }
   /^.w/ { mod += 20 }
   /^..x.../ { mod += 10 }
   /^..s.../ { mod += 2000 }
   /^...r../ { mod += 4 }
   /^w./ { mod += 2 }
   /^.x/ { mod += 1 }
   /^.T/ { mod += 1000 }
   /^.t/ { mod += 1001 }
   { printf %c %04d %s.%s , substr($1, 1, 1), mod, $3, $4 }
   { if ($9) print $9; else print $8 }' |
 sed [EMAIL PROTECTED]@ @

elif [ X$os = XLinux ]; then

eval $command |
sed -e 's/,  */,/' -e 's/ -.*//' |
grep -v ^total |
awk -F' ' '{ mod=0 }
   /^.r/ { mod += 400 }
   /^..w.../ { mod += 200 }
   /^...x../ { mod += 100 }
   /^...S../ { mod += 4000 }
   /^...s../ { mod += 4100 }
   /^r./ { mod += 40 }
   /^.w/ { mod += 20 }
   /^..x.../ { mod += 10 }
   /^..S.../ { mod += 2000 }
   /^..s.../ { mod += 2010 }
   /^...r../ { mod += 4 }
   /^w./ { mod += 2 }
   /^.x/ { mod += 1 }
   /^.t/ { mod += 1000 }
   { printf %c %04d %s.%s , substr($1, 1, 1), mod, $3, $4 }
   { if ($9) print $9; else print $8 }' |
 sed [EMAIL PROTECTED]@ @

fi


exit 0
---

On Mon, 2006-12-04 at 14:18 +0100, Robert Urban wrote:
 Hi Misc'ers,
 
 I did something stupid on my 4.0 server and lost the contents of /bin.  
 I restored by
 booting from the install-cd, mounting /, /usr, and /var, and running
 
 cd /root-mount; pax -rz -f /cd/4.0/i386/base40.tgz
 
 (please don't ask what the stupid thing was).
 
 I saved my /etc, /var/db, /var/www, /var/cron beforehand, so these were 
 not affected.
 
 The pax-connaisseurs among you will immediately notice that I forgot to 
 use -p e to
 preserve all permissions. I went through manually and reset 
 setuid/setguid bits for all
 relevant files, using a 3.9 system as my guide.
 
 My question is, does base40.tgz contain the permissions/ownership that 
 the files should
 have after installation?
 Is it appropriate to write a script which uses the permissions and
 owner/group from base40.tgz to restore the same for all existing files 
 in the filesystem?
 Or do file permissions/ownership somehow get modified during the 
 installation?
 
 thanks,
 
 Rob Urban

dynamic update of gateway for route-to rules in pf.conf on dhcp interface?

[Bill Meigs]

Is there a way to dynamically update the gateway ip address on the dhcp 
interface along with ip address in the load balancing rules?


http://www.openbsd.org/faq/pf/pools.html has a sample pf.conf file

ext_if1 = fxp0
ext_if2 = fxp1
ext_gw1 = 68.146.224.1
ext_gw2 = 142.59.76.1

pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any


In this pass out rule it's my understanding that if the $ext_if2 or fxp1 
ip address changes the firewall rules will be updated automatically.
However, it looks to me like the $ext_gw2 will not be updated if it 
changes since the variable points to an explicit ip address.
Is there a way to update the gateway ip address for that interface 
without writing some script to modify the pf.conf file and then reload 
the rule set?


Thank You.

Re: Quagga and OpenBGP

[Bill Marquette]

On 11/30/06, Demuel I. Bendano, R.E.E [EMAIL PROTECTED] wrote:

All,

I cannot still see the logic as to why Quagga is part of the OpenBSD ports
tree when it has OpenBGP at all in the default install? The documentation
of OpenBGP tells us that it is far superior in design as compared to
Zebra/Quagga.

Side comments?


BGP isn't the only reason you might use Quagga.  I use it for RIP
since routed doesn't have any method of enforcing what networks are
learned from what gateways.  I've got a couple machines that need to
send me a limited number of routes, I know exactly what those routes
are, but not which of the gateways will send it and have never figured
out a way to restrict that in the routed config.  I haven't looked at
openripd (or whatever the new RIP daemon is called) yet, but plan on
it before our next upgrade to see if I can ditch Quagga.

--Bill

Re: livecd error

[Bill Maas]

From my notes (this is apparently the old way to do it,
but it might work for you as a quick fix):

Error: /usr/bin/ld: cannot find -lstubs

Problem: /usr/src/distrib/special/libstubs/libstubs.a does not exist

Fix:

cd /usr/src/distrib/special/libstubs
make


Bill

On Wed, 2006-11-29 at 09:05 -0700, Carlos A. Garcia G. wrote:
 Hi, im trying to make a obsd livecd i use the instructions in
 http://www.onlamp.com/pub/a/bsd/2005/07/14/openbsd_live.html
 but in one step i get
 /usr/bin/ld: cannot find -lstubs
 collect2: ld returned 1 exit status
 *** Error code 1
 
 Stop in /usr/src/distrib/i386/ramdisk_cd (line 10 of instbin.mk).
 *** Error code 1
 
 Stop in /usr/src/distrib/i386/ramdisk_cd (line 109 of 
 /usr/src/distrib/i386/ramdisk_cd/../common/Makefile.inc).
 
 what can i do to solve the problem?

Re: Baffling problem with OBSD-protected servers and Windows Vista...

[Bill Maas]

I'm not sure if this will be of any help, but at least the Firefox issue
sounds like FF is able to connect, but never receives any return
traffic. I've had that with misconfigured netmasks I believe. Does Vista
use some sort of net group or certificate based access scheme (e.g. if
it's not a Vista box talking to me, I won't talk back)? May sound
stupid, but you never know. Who on earth knows what MS does with network
traffic?

Bill

On Sun, 2006-11-26 at 21:19 -0600, Reverend Deuce wrote:
 (This is very long email because it's a very complicated problem...
 I've included some tcpdump logs below to assist...)
 
 The last week and days I've been working with the RTM version of Vista
 obtained through my MSDN license. This is the gold version of
 Windows Vista, BTW. It's done. It's been shipped to manufacturing
 (hence RTM, release to manufacturing).
 
 Okay, so I've installed this thing and am testing out all the bells
 and whistles.
 
 I install Firefox, OpenVPN, putty, the Java JRE from Sun, etc.
 
 I start to tool around and I notice that none of our company's web
 sites will load in Firefox any longer. Firefox's status bar says
 Waiting for www.site.tld... and eventually will time out. It does
 this for every single web site we host.
 
 I fire up IE 7. No problems with any site.
 
 I go back to Firefox and it's still having issues -- but *only* with
 sites hosted behind our OpenBSD firewalls.
 
 I fire up telnet (after enabling it through the control panel -- no
 idea why MS did this). I can telnet to our web servers via port 80,
 issue GET requests, receive responses. No trouble with Telnet.exe.
 
 Putty however, has trouble. Wont work period. Port 80 telnet, ssh port
 22, etc. None of them.
 
 So now I am thinking that it might just be a Firefox problem... but
 it's not. Microsoft's own Remote Desktop Connection (terminal services
 client, rdp client, etc) wont connect to our datacenter servers -- and
 they are accessed via an openvpn point to point VPN that terminates on
 the OpenBSD firewall which acts strictly as a routed tunnel between
 our two networks.
 
 I turn off as much of the Vista security features as I can. This does 
 nothing.
 
 Since our OBSD firewalls were of the older variety (3.6), I figured I
 might try an upgrade to 4.0 to see what happens. No dice.
 
 To summarize:
 
 This **only** is affecting Windows Vista (have not tried the latest
 betas of Longhorn Server). Windows XP, Windows 2000, Free/OpenBSD,
 CentOS, and our four Mac users with OSX have zero trouble. None. Nada.
 They work flawlessly.
 
 Okay, so we can blame Vista -- that would be fine with me, but let's
 face it -- this going to be big come January. I have a month to fix
 this damn thing and I am really out of ideas.
 
 Our network:
 
 100mbit dedicated inet connection through ATT, terminates to a big
 Cisco setup owned by our datacenter.
 
 Firewalls are now OBSD 4.0, single-proc Xeon 2.4gHz, 1GB RAM, etc. --
 they are decent systems with six gigabit NICs each.
 
 They are all configured with CARP and pfsync. This has worked very,
 very well since day 1 in 2004! CARP rocks!
 
 They connect to an HP ProCurve 5400ZL modular switch, configured with
 various port VLANs, etc. Everything is gigabit, 'cept for a few
 databases using 10-gigabit CX4.
 
 Here are some tcpdumps from the master FW during connection attempts
 with a browser:
 
 
 
 Opera 9:
 
 20:40:45.824144 my.workstation.ip.49370  remote.server.ip.80: S
 1215871830:1215871830(0) win 8192 mss 1380,nop,wscale
 8,nop,nop,sackOK (DF)
 20:40:45.824646 207.218.64.33.80  my.workstation.ip.49370: S
 2582857930:2582857930(0) ack 1215871831 win 64240 mss 1460,nop,wscale
 0,nop,nop,sackOK
 20:40:45.878361 my.workstation.ip.49370  207.218.64.33.80: . ack 1 win 260 
 (DF)
 20:40:45.904597 my.workstation.ip.49370  207.218.64.33.80: P
 1:384(383) ack 1 win 260 (DF)
 20:40:46.058234 207.218.64.33.80  my.workstation.ip.49370: . ack 384
 win 63857 (DF)
 20:40:46.061253 my.workstation.ip.49370  207.218.64.33.80: P
 1:384(383) ack 1 win 260 (DF)
 20:40:46.061726 207.218.64.33.80  my.workstation.ip.49370: . ack 384
 win 63857 (DF)
 (at this point, the connection is hung -- the Vista workstation
 receives no further communcations -- it's like it just drops the
 replies)
 
 
 
 Firefox:
 
 20:38:25.197691 my.workstation.ip.49357  remote.server.ip.80: S
 643900711:643900711(0) win 8192 mss 1380,nop,wscale 8,nop,nop,sackOK
 (DF)
 20:38:25.198320 remote.server.ip.80  my.workstation.ip.49357: S
 852828096:852828096(0) ack 643900712 win 64240 mss 1460,nop,wscale
 0,nop,nop,sackOK
 20:38:25.244540 my.workstation.ip.49357  remote.server.ip.80: . ack 1
 win 260 (DF)
 20:38:25.251037 my.workstation.ip.49357  remote.server.ip.80: P
 1:403(402) ack 1 win 260 (DF)
 20:38:25.567602 my.workstation.ip.49357  remote.server.ip.80: P
 1:403(402) ack 1 win 260 (DF)
 20:38:25.568042 remote.server.ip.80  my.workstation.ip.49357: . ack
 403 win 63838 (DF)
 (same deal -- it just seems to die right here

Re: on the remote root login in OpenSSH

[Bill Maas]

Hi,

how about this one:

PermitRootLogin 192.168.1

Should any of the SSH maintainers be reading this: possible new SSH
feature?

Bill


On Thu, 2006-11-23 at 12:24 +0100, Igor Sobrado wrote:
 Hi again!
 
 I have a question on the default behaviour of OpenSSH.  Please, do not
 understand that I am complaining on it or trying to change its behaviour
 in relation with remote root logins allowed by default on OpenSSH (but
 I certainly believe it would be nice, that is the reason I write this
 message to the misc@ mailing list).  Just want to share my opinion with
 the members of this mailing list.
 
 First of all, I understand that remote root logins can be easily
 avoided by setting PermitRootLogin to no in /etc/ssh/sshd_config.
 I guess that remote root logins are allowed by default to simplify
 management of small network appliances that do not have user accounts
 on them.  But these appliances are only a small number of all OpenBSD
 installations and, even if this number is not so small, a restricted
 (non-root) account in the group wheel and probably in the group operator
 too, on these devices is advisable to avoid damaging these appliances
 by mistake.
 
 In my humble opinion, there are three reasons to deny remote root logins
 by default:
 
   1. Remote root login enabled by default makes the wheel group
  superfluous (i.e., why are used added to the wheel group when
  a user not in this group can log in as root, once the root
  password is known to him, by just typing ssh [EMAIL PROTECTED]?)
 
   2. There are a lot of threats against the root account based in
  brute force attacks.  Most of us see logs on this matter in our
  workstations and servers.  Sometimes these threats, done by
  humans, network scanners or even worms, are successful.  It is
  just a matter of (bad) luck.
 
   3. OpenBSD is secure by default; all services should be configured
  to the most secure defaults.  I think that this reason is as good
  as the previous ones.  And not allowing remote root logins by
  default makes sense to me in relation with this goal.
 
 Someone that really wants to allow remote root logins should be able to
 enable this feature just changing /etc/ssh/sshd_config.  But, in my
 humble opinion, most users do not really want this dangerous feature
 enabled by default.  And, even on small network appliances, an unprivileged
 account in the wheel group (and even in the operator group) is a good
 management practice.
 
 [please, send copies of replies to this post to me if possible.  I will
 do my best to answer any post, even if not sent to me, but it will be
 more difficult tracking who sent the message I am replying to.]
 
 Cheers,
 Igor.

Re: Just one more cisco... please

[Bill]

On Sat, 11 Nov 2006 08:40:23 -0600 (CST)
Jacob Yocom-Piatt [EMAIL PROTECTED] spake:

  Original message 
 Date: Sat, 11 Nov 2006 00:44:13 -0500
 From: Bill [EMAIL PROTECTED]  
 Subject: Just one more cisco... please  
 To: misc@openbsd.org
 
 I just found out that to add a 4th interface to our PIX firewall will
 cost $100 for the card, and $3,000 for the license upgrade to allow us
 to do that.  WTF is all that about
 
 
 the cost of license upgrades on proprietary crapware are so ridiculous. it
 reminds me of the ~500 USD that sonicwall wants just to support vlans on its
 enhanced OS.
 
 corporate network is coming together nicely... Sn my pretty pix,
 sn you shall be on Ebay... Any takers?  If not, anyone got a six
 pack and some thermite?
 
 
 hop online and order the magnesium strip, iron (III) oxide and powdered 
 aluminum
 and get busy! if you do this, please videotape it and post it to the list for
 all to enjoy.
 
 Seriously though - OpenBSD has been incredibly solid - Thanks much to
 everyone involved from the FAQ guys to the coders, to the planners and
 the doers.  

Well, I got a note saying the project itself could use the hardware to
hack on, so it may be a tough call...  I can use it for good, or for
enjoyment...  Blowing up stuff (well... melting) or packaging and
mailing.  I dunno... of course this all assumes I can get it released
into my hands...

Just one more cisco... please

[Bill]

I just found out that to add a 4th interface to our PIX firewall will
cost $100 for the card, and $3,000 for the license upgrade to allow us
to do that.  WTF is all that about

Anyway, I can't take credit for the PIX, but I've got my boss muttering
about it...

So screw them, I am dropping a few OpenBSD firewalls (not to replace
the PIX, but to compensate for a few things).  

The IDS boxes running OpenBSD very nicely... the Spamd filtering does a
very nice job, the disappointingly easy to configure CARP for redundant
web servers was most impressive...  The bump in the line
(hopefully not easily detected) firewall to keep us safe from the main
corporate network is coming together nicely... Sn my pretty pix,
sn you shall be on Ebay... Any takers?  If not, anyone got a six
pack and some thermite?

Seriously though - OpenBSD has been incredibly solid - Thanks much to
everyone involved from the FAQ guys to the coders, to the planners and
the doers.  

Re: Large scale deployments

[Bill Maas]

On Fri, 2006-11-03 at 08:45 -0700, Bob Beck wrote:
 * Michael Lockhart [EMAIL PROTECTED] [2006-11-02 18:33]:
  All,
 
   Wrap your bloody lines!

I agree

  
  Here's a question that I wanted to pose to the OpenBSD community about 
  managing and maintaining a large number of OpenBSD systems in the field.  
  To provide some background, we currently have 650+ OpenBSD 3.2 systems in 
  the field, and I've been dealing with a fair share of headaches bringing 
  our software to a baseline across the board on all these systems.  Keep in 
  mind most of what I'm working on is independent from the OS install itself. 
   Here's the things that I've got solutions in place for, but would like 
  some input on projects available, or good feedback from other's who have 
  maintained a large number of disparate systems:
  
  1. Reliable package building system to auto-generate OpenBSD packages that 
  are compliant as much as possible with the standards enforced by OpenBSD.  
  I've got scripts to do this right now, but I'm not happy with them.
 
 
   I use the built packages from openbsd.org
  

Maybe use a standard install as base and pull the config from a CVS
server. There are ways to separate each client's specifics inside a
single CVS module, if you're not too fussy about hacks, and if the
clients are more or less identical except for simple config issues like
IP adresses etc. If some clients differ greatly, maybe put them into
separate module groups. In my opinion OpenBSD is extremely easy when it
comes to separating different configs.

About packages: don't try to re-do what others have already done for you
(tell me about it!!). Use the standard base and place your own layers on
top of it, whether in the form of a CVS checkout or a site.tgz (which
you're probably going to put under some kind of revision control anyway)
or whatever. If the same things are done twice that's too bad, but you
will be safer than when trying to maintain your own basXX.tgz etc., and
keeping it in sync with the main dist.

Upgrades are an automation nightmare, Linux distros claim they can do it
but they can't (goes wrong more often than not - I've stopped installing
updates on my Ubuntu-driven desktop, which saves me lots of reinstalls).
I would simply reinstall, after having distilled a working config from a
test system.

Bill Maas