Unable to receive dhcplease from ISP
Hi all, I ran into this issue today when I decided to do some maintenance on my home network. My laptop runs OpenBSD 7.2. I attempted to get a dhcplease from Spectrum Internet with a direct connection to my em0 ethernet interface. I got no response. I'm having the same problem with another computer that I wanted to use as my firewall (also running OpenBSD, same ver). There is no dhcpleased.conf on my laptop, as I didn't see how any defaults needed to change. I also haven't had any recent issues getting a lease on it in other situations (yet). Cabling is good. A different (non-OpenBSD) firewall normally sits on this interface, and after I put it back, everything was working as normal. I'm happy to provide any additional information as requested. I tried this several times, cleared and shutdown the iwm0 interface, cleared the em0 interface, etc, this is output from the last time. :~> more /etc/hostname.em0 inet autoconf /etc/hostname.em0 (END) Output from dhcpleased -d -vvv with em0 enabled for 15-20 minutes: state_transition[iwm0] Bound -> Down, timo: 43119 state_transition[em0] Init -> Down, timo: -1 state_transition[em0] Down -> Down, timo: -1 state_transition[em0] Down -> Rebooting, timo: 1 DHCPREQUEST on em0 iface_timeout[2]: Rebooting state_transition[em0] Rebooting -> Rebooting, timo: 2 DHCPREQUEST on em0 iface_timeout[2]: Rebooting deleting 192.168.88.253 from em0 (lease from 0.0.0.0) state_transition[em0] Rebooting -> Init, timo: 1 DHCPDISCOVER on em0 deconfigure_interface em0 iface_timeout[2]: Init state_transition[em0] Init -> Init, timo: 2 DHCPDISCOVER on em0 iface_timeout[2]: Init state_transition[em0] Init -> Init, timo: 4 DHCPDISCOVER on em0 iface_timeout[2]: Init state_transition[em0] Init -> Init, timo: 8 DHCPDISCOVER on em0 iface_timeout[2]: Init state_transition[em0] Init -> Init, timo: 16 DHCPDISCOVER on em0 iface_timeout[2]: Init state_transition[em0] Init -> Init, timo: 32 DHCPDISCOVER on em0 iface_timeout[2]: Init state_transition[em0] Init -> Init, timo: 64 DHCPDISCOVER on em0 iface_timeout[2]: Init state_transition[em0] Init -> Init, timo: 64 DHCPDISCOVER on em0 iface_timeout[2]: Init state_transition[em0] Init -> Init, timo: 64 DHCPDISCOVER on em0 iface_timeout[2]: Init state_transition[em0] Init -> Init, timo: 64 DHCPDISCOVER on em0 iface_timeout[2]: Init state_transition[em0] Init -> Init, timo: 64 DHCPDISCOVER on em0 iface_timeout[2]: Init state_transition[em0] Init -> Init, timo: 64 DHCPDISCOVER on em0 ^Cwaiting for children to terminate frontend exiting engine exiting terminating :~> -- Bill Albertson
Re: OpenBSD Guest under QEMU fails with pid 1 signal 11
Rickard, thanks for your answer and the provided links. I am aware of the install.conf option, but decided to use the expect method to be inline with how I do things on FreeBSD and NetBSD. I believe that FreeBSD has its own method of specifying install configuration which is incompatible with OpenBSD. And NetBSD does not have any method as far as I know. So it looked to me that the most straightforward path was to use the same basic technique on all platforms: an expect script. Nevertheless I will check your links and in particular the “GCE Image Import Post Processor” to see how it sets up OpenBSD for the GCE environment (my remaining task in this part of the project). Bill On 8/4/18, 2:17 AM, Rickard von Essen wrote: Kind of a side note, but I use a simpler process to automate the installation of OpenBSD than using expect. The installer can read a config file see 1). The install.conf is described in the man page for autoinstall 2). I use Packer to create Vagrant boxes, currently only for VirtualBox, VMware, and Parallels Desktop, but Packer also support building on QEMU 3). The latest version, 1.2.5 also has a googlecompute-import post-processor 4) which can take the raw disk image create by QEMU and import it into a GCE image (unfortunately the link to this is lost from the documentation so you need to use the direct link provided). // Rickard 1) https://github.com/boxcutter/bsd/blob/master/openbsd.json#L6-L11 2) https://man.openbsd.org/autoinstall 3) https://www.packer.io/docs/builders/qemu.html 4) https://www.packer.io/docs/post-processors/googlecompute-import.html On Fri, 3 Aug 2018 at 09:28, Bill Zissimopoulos mailto:billz...@navimatics.com>> wrote: Mike, thank you for your multiple responses. My intent is to use the produced images for CI on OpenBSD. Despite this issue the images work reasonably well. So I am planning to use them for my intended purpose and hope that the issue gets resolved in the future. Bill On 8/2/18, 7:48 PM, Mike Larkin wrote: On Thu, Aug 02, 2018 at 05:59:41PM +, Bill Zissimopoulos wrote: > Mike, thank you for your response. > > On 8/2/18, 9:07 AM, Mike Larkin wrote: > > 1. We've seen this message before (usually on APUs), but only a single time (eg, > just one of the signal lines gets displayed). And IIRC it was a different signal. > > The only other instance of this message that I have found online is here: > > https://github.com/yellowman/flashrd/issues/30 > > 2. In your case, the stream of messages seems to stop after some time and boot > proceeds normally after that. > > You are right. Although I believe that I have seen it print the message endlessly as well. > > 3. When I built the image using your script, on the second boot, I saw no > messages. > > I'm not sure what's causing the problem, can you try with 6.3 release? (I'm > assuming you are using -current here? that's what I tested also) > > The problem happens for me with the 6.3 release (install63.iso). I have not tested other releases. > > (I believe I tried the 6.2 release at some point, but did not complete my testing because it needed extensive changes to the expect script.) > > 4. in my test the default install location came up as http, so your script's > pressing of "enter" for install path hung. I had to change the default location > in the script to be cd. > > That does not happen for me, perhaps because of the install image I use (install63.iso). > > 5. Your customization step at the end should probably fixup /etc/ttys or > you won't be able to log in to the machine via serial (since no getty will > be spawned there). I sat there waiting for a while in qemu only to realize > the getty was waiting on the vga console, not serial. YMMV. > > You are right. I have not managed to fix serial access for OpenBSD yet, because I focused on resolving the discussed issue first. > > My understanding is that the instructions at the following link should get serial access fully working: > > https://www.openbsd.org/faq/faq7.html#SerCon > > Bill > > > Unfortunately, I don't have any other ideas for you as to how to stop the segvs. It is not seen on real hardware, so I'm at a loss to explain why qemu exhibits this behaviour. Perhaps try changing the cpu type with -cpu ?
Re: OpenBSD Guest under QEMU fails with pid 1 signal 11
Mike, thank you for your multiple responses. My intent is to use the produced images for CI on OpenBSD. Despite this issue the images work reasonably well. So I am planning to use them for my intended purpose and hope that the issue gets resolved in the future. Bill On 8/2/18, 7:48 PM, Mike Larkin wrote: On Thu, Aug 02, 2018 at 05:59:41PM +, Bill Zissimopoulos wrote: > Mike, thank you for your response. > > On 8/2/18, 9:07 AM, Mike Larkin wrote: > > 1. We've seen this message before (usually on APUs), but only a single time (eg, > just one of the signal lines gets displayed). And IIRC it was a different signal. > > The only other instance of this message that I have found online is here: > > https://github.com/yellowman/flashrd/issues/30 > > 2. In your case, the stream of messages seems to stop after some time and boot > proceeds normally after that. > > You are right. Although I believe that I have seen it print the message endlessly as well. > > 3. When I built the image using your script, on the second boot, I saw no > messages. > > I'm not sure what's causing the problem, can you try with 6.3 release? (I'm > assuming you are using -current here? that's what I tested also) > > The problem happens for me with the 6.3 release (install63.iso). I have not tested other releases. > > (I believe I tried the 6.2 release at some point, but did not complete my testing because it needed extensive changes to the expect script.) > > 4. in my test the default install location came up as http, so your script's > pressing of "enter" for install path hung. I had to change the default location > in the script to be cd. > > That does not happen for me, perhaps because of the install image I use (install63.iso). > > 5. Your customization step at the end should probably fixup /etc/ttys or > you won't be able to log in to the machine via serial (since no getty will > be spawned there). I sat there waiting for a while in qemu only to realize > the getty was waiting on the vga console, not serial. YMMV. > > You are right. I have not managed to fix serial access for OpenBSD yet, because I focused on resolving the discussed issue first. > > My understanding is that the instructions at the following link should get serial access fully working: > > https://www.openbsd.org/faq/faq7.html#SerCon > > Bill > > > Unfortunately, I don't have any other ideas for you as to how to stop the segvs. It is not seen on real hardware, so I'm at a loss to explain why qemu exhibits this behaviour. Perhaps try changing the cpu type with -cpu ?
Re: OpenBSD Guest under QEMU fails with pid 1 signal 11
Mike, thank you for your response. On 8/2/18, 9:07 AM, Mike Larkin wrote: 1. We've seen this message before (usually on APUs), but only a single time (eg, just one of the signal lines gets displayed). And IIRC it was a different signal. The only other instance of this message that I have found online is here: https://github.com/yellowman/flashrd/issues/30 2. In your case, the stream of messages seems to stop after some time and boot proceeds normally after that. You are right. Although I believe that I have seen it print the message endlessly as well. 3. When I built the image using your script, on the second boot, I saw no messages. I'm not sure what's causing the problem, can you try with 6.3 release? (I'm assuming you are using -current here? that's what I tested also) The problem happens for me with the 6.3 release (install63.iso). I have not tested other releases. (I believe I tried the 6.2 release at some point, but did not complete my testing because it needed extensive changes to the expect script.) 4. in my test the default install location came up as http, so your script's pressing of "enter" for install path hung. I had to change the default location in the script to be cd. That does not happen for me, perhaps because of the install image I use (install63.iso). 5. Your customization step at the end should probably fixup /etc/ttys or you won't be able to log in to the machine via serial (since no getty will be spawned there). I sat there waiting for a while in qemu only to realize the getty was waiting on the vga console, not serial. YMMV. You are right. I have not managed to fix serial access for OpenBSD yet, because I focused on resolving the discussed issue first. My understanding is that the instructions at the following link should get serial access fully working: https://www.openbsd.org/faq/faq7.html#SerCon Bill
OpenBSD Guest under QEMU fails with pid 1 signal 11
I am trying to create OpenBSD images for use in Google Compute Engine using an expect script [1]. The expect script is able to drive the OpenBSD installation process successfully, but the created images fail to boot cleanly with a long stream of "Process (pid 1) got signal 11". To reproduce try the following (please note that all my tests are on a macOS host with QEMU installed): - Clone the GitHub project at [2] - Assuming you have QEMU installed and install63.iso downloaded try the command: ./imgtool PATH/TO/install63.iso openbsd/base - The openbsd/base expect script will boot the image and you should see the stream of "Process (pid 1) got signal 11". If not, try running the created image: ./imgtool install63-base.tar.gz shared/run Thank you for your help. Bill [1] https://github.com/billziss-gh/pmci.img/blob/master/openbsd/base [2] https://github.com/billziss-gh/pmci.img
man.openbsd.org via HTTPS
I found a website that provides man.openbsd.org via HTTPS: https://twitter.com/FiloSottile/status/845068942762762241 https://man.filippo.io/ Have a great weekend!
OpenBGPD traps and triggers
Hi, I've been through the man pages a couple of times and am not seeing what I'm looking for. I have a couple of OpenBSD machines running BGP sessions with my ISPs. Yesterday one of the IPv6 sessions went down and I didn't notice for quite a while.. This got me looking for some kind of trigger / trap that would automatically alert me if a BGP session went down, or was flapping. I couldn't see any provision in the man page to execute a external script, and no mention of SNMP. So is there such a feature I missed? I the short term I hacked together a cron job that parses the output of: bgpctl show status terse to send me email alerts, but I'd prefer to not be depending on polling if at all possible. Thanks, Bill Buhler [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Re: Trouble with automatic IPv6
OK, I've upgraded from 5.8 to 5.9, I'm now getting routes, but they point to a link-local address and it won't route past that address. Is a link local address a usual default gateway? Thanks, Bill Buhler -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Bill Buhler Sent: Saturday, June 11, 2016 12:15 PM To: misc@openbsd.org Subject: Trouble with automatic IPv6 Hi, One of the virtual hosting services I'm using requires the use of router detection under IPv6 to get the valid default routes. Since 5.7 removed rtsol I can't figure out how to get this to look. My interface configuration is pretty simple: /etc/hostname.vio0: dhcp rtsol Any suggestions? Bill Buhler [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s] [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Trouble with automatic IPv6
Hi, One of the virtual hosting services I'm using requires the use of router detection under IPv6 to get the valid default routes. Since 5.7 removed rtsol I can't figure out how to get this to look. My interface configuration is pretty simple: /etc/hostname.vio0: dhcp rtsol Any suggestions? Bill Buhler [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Re: Maintaining CAs not in cert.pem
If you are doing it right your CA private key is on a different machine without network connectivity. -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Giancarlo Razzolini Sent: Friday, July 31, 2015 9:34 AM To: Peter Hessler; li...@wrant.com Cc: misc@openbsd.org Subject: Re: Maintaining CAs not in cert.pem Em 31-07-2015 03:07, Peter Hessler escreveu: this is a real problem for real people. Which was pretty much solved with PKP [0]. As I mentioned, custom CA's have their uses, but in the end, they are just one more thing waiting to bite you in the ass. You can pretend to have a decent OPSEC for a while, but in the end you CA private key will end up being on the same machine your certs are being used. With PKP you can disregard the CA completely, but your certificate will be recognized on pretty much every device. It's nice that the discussion spawned a change in the way how the certs.pem is handled on system upgrades, but moving it to examples is not a solution (shouldn't even be discussed ironically). The bottom line is, want your own CA, deal with it. [0] http://tools.ietf.org/html/rfc7469
Router performance amd64 vs i386
I'm preparing a new flash image for an Intel Atom dual core based router with 2gb of ram. I'm curious if there are current comments on the current performance of the two platforms? I know in the past the i386 was actually faster at things like PF, but that was several years ago. Thanks, Bill Buhler
Re: route show does not show routes announce by BGP on OpenBSD 5.5 i386
I can't tell from your output, are your BGP neighbors more than one hop away? If so you will need to add a static route to each neighbor before it will start filling in the local routing table. If that doesn't work, could you give us excerpts of the bgpd.conf file and a rough overview of your routing topology? Thanks, Bill On 5/13/2015 8:58 AM, Motty Cruz wrote: running the command route show does not get the full internet routing table as I should. However, if I run bgpctl show rib I get the full routing table. Router is routing packets fine, however, I am concern that something may be wrong. any explanation as to why this is happening? # bgpctl show Neighbor ASMsgRcvdMsgSent OutQ Up/Down State/PrfRcvd level27X32 100853278 0 02:17:31 532191 level17X32300278 0 02:17:16 1 gateway2 22X8274272 0 02:15:01 1 gateway1 22X8274272 0 02:15:01 1 #netstat -rn Routing tables Internet: DestinationGatewayFlags Refs Use Mtu Prio Iface default19.25.16.13 UGS1 8485 - 8 em0 19.25.16.12/30 link#1 UC 10 - 4 em0 19.25.16.13 2c:6b:f5:a4:df:40 UHLc 2 583 - 4 em0 127/8 127.0.0.1 UGRS 00 33192 8 lo0 127.0.0.1 127.0.0.1 UH 10 33192 4 lo0 19.16.26/24 199.96.38.85 UGS0 882702 - 8 em1 Thanks,
Re: ntpd.conf - add ability to read servers from an include file?
On Jan 29, 2015, at 10:10 AM, Theo de Raadt dera...@cvs.openbsd.org wrote: Basically for the sake of automated deployments it would be nice / clean to be able to do : includeservers /path/to/file And then read them all from the file. And the same file would be used as a table in pf.conf for NTP FW rules. One server per line. This would make initial deployments easier to automate (no need to programmatically alter the config file), and then if you need to change your NTP servers post-deployment it is cleaner as well with less chance of human error. i.e. changing pf.conf is riskier than changing ntpd.conf I do not see much value in these nested include mechanisms. Honestly, OpenBSD is now shipping without a ntpd.conf file. You create this file, thus you own it. Having you create a file (ntpd.conf) which points to another file (/etc/serverlist?) you also create, that is kind of crazy. /etc/pf.conf is also on my list for removal as well, so that it becomes more of a user-owned file. The idea here is that you would look at the examples, and then create your own, and upgrades / sysmerge would not touch your file. I believe if we do this right, it will prod people towards creating narrower role-specific configurations for their machines. having simpler config models, and narrow roles would be a good thing. -Nex6 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: What are the disadvantages of soft updates?
On Jan 23, 2015, at 6:47 PM, Steve Shockley steve.shock...@shockley.net wrote: On 1/22/2015 9:13 AM, Reyk Floeter wrote: What release and what virtualized SCSI controller where you using? I found my old notes, it turns out it was on 4.6 and the crash message was: softdep_setup_freeblocks: got error 5 while accessing filesystem dev = 0x404, block = 1315, fs = /var panic: ffs_blkfree: freeing free frag Stopped at Debugger+0x4: leave I have screenshots of trace and ps I can send if interested, but I'm sure a lot has been fixed in the interim. I can also attempt to reproduce on -current if you want, but even at its worst it'd stay up for a month or two before crashing. I noticed, that with Nix machines and ESXi/SAN setups is that nix is not very forgiving to SAN issues. -Nex6 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: What are the disadvantages of soft updates?
On Jan 23, 2015, at 12:53 PM, Ingo Schwarze schwa...@usta.de wrote: Hi Predrag, Predrag Punosevac wrote on Fri, Jan 23, 2015 at 03:24:00PM -0500: I was following this discussion with the great interest but without intend to participate in it until today. Namely one of my OpenBSD servers (5.6 sparc64) runs Mollify and last night I received an e-mail from an angry user who could not upload files (the upload will fail or upload the file with file size zero). After running df I noticed that /tmp was 100% full (4GB used) but the size of individual files was only 12Kb. That is unlikely to be due to softdep. The usual reason for a file system to be actually full and seemingly almost empty at the same time is somebody doing the following sequence of operations: - open(2) a file for writing - writing a lot of data until the file system is full - unlink(2) the file - keep the process running that open(2)'ed it - let that process keep the file open and *not* close(2) it Specifically, in /tmp, anybody can do that. I thought for a second and I remember seeing this with HAMMER on DF. The above works with almost any file system. Long story short I checked /etc/fstab and sure enough I had rw,softdep next to each partition including tmp. I removed softdep rebooted the sytem and /tmp usage dropped to 0%. That's not likely to be related to softdep either. Chances are just rebooting would have solved the issue as well - simply because rebooting terminates all running processes, and consequently closes all open files. What you should have done instead was run fstat(1), look for processes having files open in /tmp, use ls(1) -iRa /tmp to find the inode numbers of linked files in /tmp, and kill the processes having files open that were *not* linked until you found the one having the big file open - and then have a friendly talk with the responsible user, if any, or figure out what went wrong in case some daemon process caused the issue. My questions is which partitions should be mounted with softdep option? I'm not an expert on that and hardly ever use softdep, but i'd say on file systems where file create/delete performance is *critically* important, performace has been clearly demonstrated to be insufficient without softdep, and you consider data loss harmless. Is there a way to prune metadata which will save me for problems like the one I encountered last night. I'm not convinced that's a good question to ask. Yours, Ingo This email/post has some very good information in it. Thanks -Nex6 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: What are the disadvantages of soft updates?
On Jan 28, 2015, at 9:03 PM, Ted Unangst t...@tedunangst.com wrote: On Fri, Jan 23, 2015 at 21:47, Steve Shockley wrote: On 1/22/2015 9:13 AM, Reyk Floeter wrote: What release and what virtualized SCSI controller where you using? I found my old notes, it turns out it was on 4.6 and the crash message was: softdep_setup_freeblocks: got error 5 while accessing filesystem dev = 0x404, block = 1315, fs = /var panic: ffs_blkfree: freeing free frag Stopped at Debugger+0x4: leave error 5 is EIO, input/output error. softdep does not support disks that don't work, to put it bluntly. The original FFS code can cope with disk failure by backing out of the operation, but soft updates reorders things and can't undo what's already been done. bad multi-path routes, or having bad disks in the array. -Nex6 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: security - pass the hash style attacks?
On Nov 3, 2014, at 4:28 AM, Jérémie Courrèges-Anglas j...@wxcvbn.org wrote: Philip Guenther guent...@gmail.com writes: [apologies for the contentless previous message] On Sun, Nov 2, 2014 at 4:43 PM, Philip Guenther guent...@gmail.com wrote: On Sun, Nov 2, 2014 at 4:41 PM, Nex6|Bill n6gh...@yahoo.com wrote: ... what about kerberos? (windows K5 vs Unix K5?) There's a bunch of *really good* papers on Kerberos's design which discuss exactly these sorts of issues and how they are addressed or completely avoided. I remember finding the one cast as a dialog between two system programmers (one named Athena...) as a good intro on this stuff. Yup. First tutorial link on this page: http://web.mit.edu/kerberos/papers.html -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE Here is a pretty good blackhat talk about this: though its windows specific the gist of it is Kerberos is just as broken as NTLM. since enforcement is client side . -Nex6 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
security - pass the hash style attacks?
I know, that pass the hash is now getting a lot of playtime on windows. and I have heard in a couple of talks that its directly related to SSO part of the OS, and may be part of posix? is OpenBSD, or BSD in general vulnerable to these style attacks? or just the normal unix dump the password /etc/passwd table for offline attacks sorts of stuff? Thoughts -Nex6 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: OpenBSD 5.6 Released
I see, TCP wrappers has been removed i am assuming using only PF is the practice for stuff people who where using TCP wrappers for and, thanks for the hard work -Nex6 On Nov 1, 2014, at 10:22 AM, Antoine Jacoutot ajacou...@openbsd.org wrote: November 1, 2014. We are pleased to announce the official release of OpenBSD 5.6. This is our 36th release on CD-ROM (and 37th via FTP/HTTP). We remain proud of OpenBSD's record of more than ten years with only two remote holes in the default install. As in our previous releases, 5.6 provides significant improvements, including new features, in nearly all areas of the system: - LibreSSL: o This release forks OpenSSL into LibreSSL, a version of the TLS/crypto stack with goals of modernizing the codebase, improving security, and applying best practice development processes. o No support for legacy MacOS, Netware, OS/2, VMS and Windows platforms, as well as antique compilers. o Removal of the IBM 4758, Broadcom ubsec, Sureware, Nuron, GOST, GMP, CSwift, CHIL, CAPI, Atalla and AEP engines, either because the hardware is irrelevant, or because they require external non-free libraries to work. o No support for FIPS-140 compliance. o No EBCDIC support. o No support for big-endian i386 and amd64 platforms. o Use standard routines from the C library (malloc, strdup, snprintf...) instead of rolling our own, sometimes badly. o Remove the old OpenSSL PRNG, and rely upon arc4random_buf from libc for all the entropy needs. o Remove the MD2 and SEED algorithms. o Remove J-PAKE, PSK and SRP (mis)features. o Aggressive cleaning of BN memory when no longer used. o No support for Kerberos. o No support for SSLv2. o No support for the questionable DTLS heartbeat extension. o No support for TLS compression. o No support for US-Export SSL ciphers. o Do not use the current time as a random seed in libssl. o Support for ChaCha and Poly1305 algorithm. o Support for Brainpool and ANSSI elliptic curves. o Support for AES-GCM and ChaCha20-Poly1305 AEAD modes. - Improved hardware support, including: o SCSI Multipathing support via mpath(4) and associated path drivers on several architectures. o New qlw(4) driver for QLogic ISP SCSI HBAs. o New qla(4) driver for QLogic ISP2100/2200/2300 Fibre Channel HBAs. o New upd(4) sensor driver for USB Power Devices (UPS). o New brswphy(4) driver for Broadcom BCM53xx 10/100/1000TX Ethernet PHYs. o New uscom(4) driver for simple USB serial adapters. o New axen(4) driver for ASIX Electronics AX88179 10/100/Gigabit USB Ethernet devices. o The inteldrm(4) and radeondrm(4) drivers have improved suspend/resume support. o The userland interface for the agp(4) driver has been removed. o The rtsx(4) driver now supports card readers based on the RTS5227 and RTL8402 chipsets. o The firmware for the run(4) driver has been updated to version 0.33. o The run(4) driver now supports devices based on the RT3900E chipset. o The zyd(4) driver, which was broken for some time, has been fixed. o The bwi(4) driver now works in systems with more than 1GB of RAM. o The re(4) driver now supports devices based on the RTL8168EP/8111EP, RTL8168G/8111G, and RTL8168GU/8111GU chipsets. - Generic network stack improvements: o divert(4) now supports checksum offload. o IPv6 is now turned off on new interfaces by default. Assigning an IPv6 address will enable IPv6 on an interface. o Support for RFC4620 IPv6 Node Information Queries has been removed. o The kernel no longer supports the SO_DONTROUTE socket option. o The getaddrinfo(3) function now supports the AI_ADDRCONFIG flag defined in RFC 3493. o Include router alert option (RAO) in IGMP packets, as required by RFC2236. o ALTQ has been removed. o The hash table for Protocol Control Block (PCB) of TCP and UDP now resize automatically on load. - Installer improvements: o Remove ftp and tape as install methods. o Preserve the disklabel (and next 6 blocks) when installing boot block on 4k-sector disk drives. o Change the Server? question to HTTP Server? to allow unambiguous autoinstall(8) handling. o Allow autoinstall(8) to fetch and install sets from multiple locations. o Many sample configuration files have moved from /etc to /etc/examples. - Routing daemons and other userland network improvements: o When used with the -v flag, tcpdump(8) now shows the actual bad checksum within the IP/protocol header itself and what the good checksum should be. o ftp(1) now allows its User-Agent to be changed via the -U command-line option. o The -r option of ping(8) and traceroute(8) has been removed. o ifconfig(8) can now explicitly assign an IPv6 link-local address
Re: security - pass the hash style attacks?
On Nov 2, 2014, at 4:30 PM, Philip Guenther guent...@gmail.com wrote: On Sun, Nov 2, 2014 at 4:05 PM, Nex6|Bill n6gh...@yahoo.com wrote: I know, that pass the hash is now getting a lot of playtime on windows. and I have heard in a couple of talks that its directly related to SSO part of the OS, and may be part of posix? Nope. It's just a bad (as in, completely broken) design for the NTLM and LanMan authentication protocols. So, any machine/OS thats authenticating to a PtH vulnerable protocol namely Lanman/NTLM would be vulnerable to this no matter the OS. what about kerberos? (windows K5 vs Unix K5?) is OpenBSD, or BSD in general vulnerable to these style attacks? The vulnerability is the authentication protocol/method, independent the operating system. If you used NTLM or LanMan password authentication on OpenBSD, you would be vulnerable. You would also have to be insane. or just the normal unix dump the password /etc/passwd table for offline attacks sorts of stuff? For the authentication methods in base, correct. so, for OpenBSD you would have to get the /etc/passwd for an offline attack on the password hashes and for that they would need a user account to logon to the system. Or to have compromised the system in such a way as they could copy /etc/passwd. other types of attacks would be brut force against SSHD sorts of stuff which could be detected and mitagated. Philip Guenther [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Laptop Support?
I may be changing positions, so may be getting a new laptop. Would like to request one the has good OpenBSD support. What are some models that are well supported? -Nex6
alias's - ksh
Kinda new to OpenBSD, (have a couple of 5.4 installs in VMs); whats the standard for alias's? i added it to the .profile but some googling seems to indicate that that wont work. that you have to export, and do an .kshrc file? so whats the standard? -Nex6
laptop support for HP 8540W
anyone know how well an HP8540W is supported?
Re: SHA256.sig missing from install55.iso
Kevin Chadwick ma1l1ists at yahoo.co.uk writes: previously on this list frantisek holop contributed: the lack of the same file is stopping sysmerge from working. I'm sure you know but just in case, -S skips the check which you can do manually as Theo mentioned. Also - unless I am having a(nother) Seniour Moment - a non-issue if one cp's the xetc** source over to r/w media, manually adds the separately-pulled SHA goods in the same dirtree... Bill
Gnome and OpenBSD 5.4
I am trying to get Gnome to work, and its giving me fits. I tryed to follow this link: Tutorial: Install Gnome Desktop and Gnome Display Manager on OpenBSD 4.8 - GabSoftware for the most part, but now instead of boot to gdm or xdm it boots to the console and when I startx. it says file /root/.serverauth does not exist. any ideas? on what i missed? -Nex6
Re: cheapest firewall?
An Alix fanless low power dual nic system with case and power supply goes for $120ish. Has slots for 2 mini pci wireless cards. Add an antenna and pigtail for another $15 or so, or use a USB wifi card. Anything more expensive is going to be a Soekris. I would only buy a mini-pci PC board if I had the existing case for it (which I have done recently, for that reason, but for the fan equipped version of this board). Otherwise, all of the RAM and everything else is going to cost extra- which is fine if the firewall is for more than just firewalling, light vpn, and such. Buying the board, ram, and anything extra for the case is going to still cost more than an Alix based system. On Tue, Feb 4, 2014 at 11:42 AM, Theophile Envt theo.e...@gmail.com wrote: Gigabyte GA-C1037UN-EU motherboard ? 2 Lan fanless... 2014-02-01 Adam s...@my-balls.com: Any suggestions for the cheapest possible firewall (that is new hardware not re-purposing some old stuff)? All I need is 2 ethernet interfaces and for it to run openbsd.
Re: Request for Funding our Electricity
On Fri, Jan 17, 2014 at 12:23 PM, Christopher Ahrens n...@leviacomm.netwrote: Kevin Lyda wrote: Regarding the less architecture support to save electricity argument, I'm not sure one follows the other. Computing power has grown to a point that emulators are perfectly valid - particularly for older systems. I think a push to package and maintain emulators for many of these older architectures would be beneficial in many ways. There's some amount of this already - there are instructions for the simh simulator for the VAX arch for instance. The obvious benefits I couldd see would be: 1) You could spin up builds on them w/ little to no effect on electricity usage. 2) Even if the OpenBSD foundation's arch X machine dies, there would still be infrastructure to maintain the port. 3) It would widen the possible number of developers if people could spin up older architectures in an emulator. 4) It would make OpenBSD a valuable tool for accessing older media and documenting older architectures. I know emulators are not perfect, so a physical machine would be superior. But if there was some encouragement for emulators for archs I think those would be useful benefits. Even if emulators did work, you still have a couple of problems: *Instructions are executed as they should, not how they actually work *instructions will, at best, take a two instructions on the host if the architectures and endianness match; if not: The instruction has to matched against a lookup table and if there is a single equivalent instruction to do the same thing and you have the same endianness, that is three processors cycles. If its different endianness, then you now have between 32 and 128 more instructions (convert to the host endianness then back for 16 to 64-bit archs) Now if there isn't an equivalent instructions (welcome to the difference between CISC and RISC machines) you are probably going to have to run two all the way up to a couple dozen instructions to emulate just one, plus you still have the same problem with endianness like before *assuming all the above works, you are still tripling the effort in debugging because now you have to determine if the bug is in the emulated environment, the emulator itself, or the host OS. *Even if the above still works perfectly, you will still miss all the bugs caused by memory alignment (the host will fix any of that), which are the most common we find or the host ends up adding new ones. But all this is ignoring the real purpose of running on real hardware which is that the same code runs on all the boxes, so if one of them outputs something unexpected from the other machines, we know something is wrong. The only way to reduce our power for the older archs is if someone were able to re-build the entire system on more power-efficient, bug-compatible chips Support for multiple archs brings interest and exposes bad code in ways limited arch support does not. Exactly Dropping that to save electricity is not a valid reason with today's compute power. Anyway, it's been a long time since I did stuff with OpenBSD, but I think it would be a shame to drop such support. So I'll back up my words with some cash. And if I get a roundtuit, perhaps some code or docs as well. Please continue to do this. Cash, code and correct docs help OpenBSD, dreaming doesn't. Kevin And now to paraphrase Theo: Shut up, donate, and hack. Please continue to do this. Cash, code and correct docs help OpenBSD, dreaming doesn't. I've donated $20 a month in perpetuity via http://www.openbsdfoundation.org/donations.html. The community needs less than 99 other donors willing to admit that OpenBSD is worth more than a pizza. This doesn't even begin to make up for the benefit I've received from the project, but it is a start. A small suggested change to the OpenBSD.org page header- put a donate button and a small message under the header picture. We need X financial maintainers @ $20 a month. I completely forgot that I could donate until I saw this thread come up on reddit.com/r/programming, and it didn't even occur to me that I should be donating monthly until I read the thread. Sometimes, you just have to be that obvious to people, and it may be easier to ask for a few new donors every so often than to be beholden to a single large donor.
mount partitions from old softRAID
A while ago, I had 2 disks combined in RAID-1 with softraid Later, 1 disk died. I just removed and kept the good remaining disk and now I want to grab some files off of it. The drive shows up as sd1 in dmesg $disklabel sd1 shows that the partition in question is d and has fstype RAID but it won't let me $mount /dev/sd1d /mnt/disk_d If I remember correctly, the RAID was itself (sub?)partitioned (is that the right terminology?) I don't want to rebuild it, or recover it, I just want to get access and copy some of the files off of it. So, what is the best recommended way to mount and get access to the files on a partition with fstype RAID? thanks
Re: www.openbsd.org down?
On 06/25/2013 07:10 AM, Alexander Hall wrote: Can someone please test from Burundi, Johannesburg and Minsk? Because that would probably also be really really really interesting. It works from Anchorage Alaska, if that helps.
GAGNANT(E) MICROSOFT 2012
Honorable lauréat(e), Ceci n'est pas un virus ni un spam, nous vous contactons par cette missive afin de vous informer de votre Gain de 250.000 euros (Deux Cent Cinquante Mille Euros) de la loterie BILL GATES FONDATION. Veuillez compléter le formulaire ci dessous et contacter l'autorité chargée de votre remise de gain. NOM:. PRENOM:.. TELEPHONE:... PAYS: PROFESSION:. CONTACT HUISSIER MAITRE KARL JONES DAY Téléphone : 0044 704 570 2287 / FAX: 0044 703 182 0617 Email :avocatgatesfondat...@mail.mn Cordialement. CHRISTOPHER BOSWELL Du conseil de la loterie BILL GATES FONDATION
Re: time kepping using GPS
Thank you very much Mr de Raadt, for the very complete and insightful information regarding GPS the interaction and actions of clocks with their signal, and loss thereof. On 3/20/2012 11:49 AM, Theo de Raadt wrote: some insights for people using GPS for very critical server time keeping http://www.dw.de/dw/article/0,,15817272,00.html This misses the point in a rather large way. Most of this jamming makes the true GPS signal hard to receive. When the signal cannot be received, the existing free-running clocks in various parts of the system keep working. Since the subsystem as a whole has learned the 1st, 2nd, and hopefully 3rd and further derivatives to tune itself and predicively pace, everything works out. Until the GPS signal or whatever else comes back. Oh my god, sometimes we use net, and we can't talk to remote Internet-based ntp services. Except that's the point -- we only pay attention to the remote services (ntp or gps) to learn how to tune various adjustments to the free-running clocks. Furthermore, some GPS receivers will keep feeding their own free-running clocks but say the service is degraded. It is not like that free-running clock on the GPS is going to go wonky immediately. It is being jammed. It is not being spoofed. The end result is that the clock does not go crazy. It remains stable and the best effort result is good enough. So enough of this oh my god, it is all going to go wrong balony.
Dhcpd.conf
If the name after host starts with a number, I get an error in /var/log/messages and dhcpd fails to load. host 5tbgx280 { hardware ethernet 00:11:43:2f:87:d5; fixed-address 192.168.1.112; } Nov 17 10:53:57 pj dhcpd[8557]: /etc/dhcpd.conf line 115: expecting left brace. Nov 17 10:53:57 pj dhcpd[8557]: host 5tbgx280 Starting the name with a letter fixes the error. I did not find any info on the acceptable format of the host statement in the dhcpd.conf man entry. Is this an oversight on my part, or something that might documented elsewhere? Thanks, Bill OpenBSD 5.0 GENERIC#71 i386 OpenBSD 5.0-current (GENERIC) #71: Fri Oct 7 12:57:13 MDT 2011 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Core(TM)2 Duo CPU E8400 @ 3.00GHz (GenuineIntel 686-class) 3 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1 real mem = 3487547392 (3325MB) avail mem = 3420450816 (3261MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/19/08, BIOS32 rev. 0 @ 0xfdba0, SMBIOS rev. 2.5 @ 0xcfedf000 (39 entries) bios0: vendor Phoenix Technologies LTD version 1.2a date 12/19/2008 bios0: Supermicro X7SBL acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP _MAR TCPA MCFG HPET APIC BOOT SPCR ERST HEST BERT EINJ SLIC SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT acpi0: wakeup devices PEG_(S5) PEX_(S5) LAN_(S5) USB4(S5) USB5(S5) USB7(S5) ESB2(S5) EXP1(S5) EXP5(S5) EXP6(S5) USB1(S5) USB2(S5) USB3(S5) USB6(S5) ESB1(S5) PCIB(S5) KBC0(S1) MSE0(S1) COM1(S5) COM2(S5) PWRB(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimcfg0 at acpi0 addr 0xe000, bus 0-16 acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 332MHz cpu at mainbus0: not configured ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG_) acpiprt2 at acpi0: bus -1 (PEX_) acpiprt3 at acpi0: bus 5 (EXP1) acpiprt4 at acpi0: bus 13 (EXP5) acpiprt5 at acpi0: bus 15 (EXP6) acpiprt6 at acpi0: bus 17 (PCIB) acpicpu0 at acpi0: C3, PSS acpibtn0 at acpi0: PWRB acpivideo0 at acpi0: IGD0 bios0: ROM list: 0xc/0x8000 0xc8000/0x2a00! 0xcaa00/0x1000 ipmi at mainbus0 not configured cpu0: Enhanced SpeedStep 2993 MHz: speeds: 3000, 2667, 2333, 2000 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 3200/3210 Host rev 0x01 uhci0 at pci0 dev 26 function 0 Intel 82801I USB rev 0x02: apic 2 int 16 uhci1 at pci0 dev 26 function 1 Intel 82801I USB rev 0x02: apic 2 int 17 uhci2 at pci0 dev 26 function 2 Intel 82801I USB rev 0x02: apic 2 int 18 ehci0 at pci0 dev 26 function 7 Intel 82801I USB rev 0x02: apic 2 int 18 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb0 at pci0 dev 28 function 0 Intel 82801I PCIE rev 0x02: apic 2 int 16 pci1 at ppb0 bus 5 ppb1 at pci0 dev 28 function 4 Intel 82801I PCIE rev 0x02: apic 2 int 16 pci2 at ppb1 bus 13 em0 at pci2 dev 0 function 0 Intel PRO/1000MT (82573E) rev 0x03: msi, address 00:25:90:25:44:d8 ppb2 at pci0 dev 28 function 5 Intel 82801I PCIE rev 0x02: apic 2 int 17 pci3 at ppb2 bus 15 em1 at pci3 dev 0 function 0 Intel PRO/1000MT (82573L) rev 0x00: msi, address 00:25:90:25:44:d9 uhci3 at pci0 dev 29 function 0 Intel 82801I USB rev 0x02: apic 2 int 23 uhci4 at pci0 dev 29 function 1 Intel 82801I USB rev 0x02: apic 2 int 22 uhci5 at pci0 dev 29 function 2 Intel 82801I USB rev 0x02: apic 2 int 18 ehci1 at pci0 dev 29 function 7 Intel 82801I USB rev 0x02: apic 2 int 23 usb1 at ehci1: USB revision 2.0 uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb3 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x92 pci4 at ppb3 bus 17 em2 at pci4 dev 2 function 0 Intel PRO/1000GT (82541GI) rev 0x05: apic 2 int 20, address 00:1b:21:2d:38:c2 vga1 at pci4 dev 4 function 0 XGI Technology Volari Z9s/Z9m rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ichpcib0 at pci0 dev 31 function 0 Intel 82801IR LPC rev 0x02: PM disabled ahci0 at pci0 dev 31 function 2 Intel 82801I AHCI rev 0x02: msi, AHCI 1.2 scsibus0 at ahci0: 32 targets sd0 at scsibus0 targ 5 lun 0: ATA, ST9750420AS, 0001 SCSI3 0/direct fixed naa.5000c50029e59137 sd0: 715404MB, 512 bytes/sector, 1465149168 sectors ichiic0 at pci0 dev 31 function 3 Intel 82801I SMBus rev 0x02: apic 2 int 17 iic0 at ichiic0 lm1 at iic0 addr 0x2d: W83627HF wbng0 at iic0 addr 0x2f: w83793g spdmem0 at iic0 addr 0x50: 2GB DDR2 SDRAM ECC PC2-6400CL5 spdmem1 at iic0 addr 0x52: 2GB DDR2 SDRAM ECC PC2-6400CL5 Intel 82801I Thermal rev 0x02 at pci0 dev 31 function 6 not configured usb2 at uhci0: USB revision 1.0 uhub2 at usb2 Intel UHCI root hub rev 1.00
Wifi: TL-WN821N could not read ROM / kernel page fault
function 2 Intel SCH SD/MMC rev 0x07: apic 2 int 18 (irq 3) sdmmc2 at sdhc2 pcib0 at pci0 dev 31 function 0 Intel SCH LPC rev 0x07 pciide0 at pci0 dev 31 function 1 Intel SCH IDE rev 0x07: DMA, channel 0 wired to compatibility wd0 at pciide0 channel 0 drive 0: Hitachi HTS545016B9A300 wd0: 16-sector PIO, LBA48, 152627MB, 312581808 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 usb1 at uhci0: USB revision 1.0 uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: probed fifo depth: 15 bytes pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 mtrr: Pentium Pro MTRR support scsibus0 at sdmmc1: 2 targets, initiator 0 sd0 at scsibus0 targ 1 lun 0: SD/MMC, Drive #01, SCSI2 0/direct fixed sd0: 1938MB, 512 bytes/sec, 3970048 sec total athn0 at uhub0 port 1 ATHEROS UB95 rev 2.00/2.02 addr 2 run0 at uhub0 port 7 Ralink 802.11 n WLAN rev 2.00/1.01 addr 3 run0: MAC/BBP RT3070 (rev 0x0201), RF RT3020 (MIMO 1T1R), address 00:0d:f0:8d:e9:2a uhidev0 at uhub1 port 2 configuration 1 interface 0 LiteOn HP USB Multimedia Keyboard rev 1.10/1.22 addr 2 uhidev0: iclass 3/1 ukbd0 at uhidev0: 8 modifier keys, 6 key codes wskbd1 at ukbd0 mux 1 wskbd1: connecting to wsdisplay0 uhidev1 at uhub1 port 2 configuration 1 interface 1 LiteOn HP USB Multimedia Keyboard rev 1.10/1.22 addr 2 uhidev1: iclass 3/0, 3 report ids uhid0 at uhidev1 reportid 1: input=1, output=0, feature=0 uhid1 at uhidev1 reportid 2: input=3, output=0, feature=0 uhid2 at uhidev1 reportid 3: input=3, output=0, feature=4 vscsi0 at root scsibus1 at vscsi0: 256 targets softraid0 at root root on wd0a swap on wd0b dump on wd0b athn0: bad ROM checksum 0x2c17 athn0: could not read ROM athn0: could not attach chip Regards, Bill
Re: Wifi: TL-WN821N could not read ROM / kernel page fault
On 9/11/2011 2:37 PM, patrick keshishian wrote: On Sun, Sep 11, 2011 at 10:10 AM, Bill Allaireopen...@bogoflop.com wrote: TP-Link (TLWN812N 300Mbps) USB device. What I found really surprising was that unplugging the device locked up the OS. Due to message: Sep 7 15:19:08 geeky /bsd: athn0 at uhub0 Sep 7 15:19:08 geeky /bsd: port 1 ATHEROS UB95 rev 2.00/2.02 addr 3 Sep 7 15:19:08 geeky /bsd: athn0: failed loadfirmware of file athn-ar7010-11 (error 2) Sep 7 15:19:08 geeky /bsd: athn0: could not load firmware I downloaded athn-firmware-1.1.tgz and extracted those files into /etc/firmware. That file contained: firmware/athn-ar7010 firmware/athn-ar7010-11 firmware/athn-ar9271 That led to the following when plugged in: Sep 11 10:30:05 geeky /bsd: port 1 ATHEROS UB95 rev 2.00/2.02 addr 3 Sep 11 10:30:07 geeky /bsd: athn0: bad ROM checksum 0x2c17 Sep 11 10:30:07 geeky /bsd: athn0: could not read ROM Sep 11 10:30:07 geeky /bsd: athn0: could not attach chip When unplugged: uvm_fault(0xd0a31aa0, 0x0, 0, 3) - e kernel: page fault trap, code=0 Stopped at ieee80211_ifdetach+0x3e: movl %edx,0(%eax) ddb{1} (lost keyboard response at this point) You in X-Windows, I assume. No, console. Usually a headless device running as a firewall. I did try setting sysctl ddb.console=1 before unplugging the device again but: sysctl: ddb.console: Operation not permitted You can't change that setting at run time. You need to set it in your /etc/sysctl.conf file and reboot the system. I'm not sure how else I can get a trace, ps, show registers, etc... Try your experiment either from the console or set up a serial console for the machine. Made change to /etc/sysctl.conf and rebooted with wireless device connected. When login prompt appeared I unplugged the device and nothing has changed. I notice that once the lock up occurs, pressing the caps lock key no longer lights the indicator light on the keyboard. There is a COM port on this computer but it has a USB interface... --patrick
Re: Wifi: TL-WN821N could not read ROM / kernel page fault
On 9/11/2011 3:08 PM, roberth wrote: On Sun, 11 Sep 2011 13:10:17 -0400 Bill Allaireopen...@bogoflop.com wrote: I downloaded athn-firmware-1.1.tgz and extracted those files into /etc/firmware. It's a package, like the manpage says, use pkg_add. # pkg_add http://firmware.openbsd.org/firmware/athn-firmware-1.1.tgz Maybe, but i doubt that this will resolve your problem. I removed the firmware files and ran pkg_add with the URL you provided. No change with the problem I'm having.
Re: pf ftp-proxy forward AND reverse (Help?)
On 04/11/2011 06:31 PM, Steven R. Gerber wrote: Hi folks. I cannot get reverse? ftp to work from my wireless to my LAN. I seem to have no trouble going from the LAN to the internet. Any thoughts? Thanks, Steven * pf.conf: # filter rules and anchor for ftp-proxy(8) anchor ftp-proxy/* pass in on $wireless_if inet proto tcp to ($wireless_if) port 21 pass out on $int_if inet proto tcp to $ftp_server port 21 user proxy # Translate outgoing ftp control connections to send them to localhost # for proxying with ftp-proxy(8) running on port 8021. #rdr on $int_if proto tcp from any to any port 21 - 127.0.0.1 port 8021 anchor ftp-proxy/* #pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021 pass in quick on $int_if proto tcp to port 21 rdr-to 127.0.0.1 port 8021 * I have the outgoing ftp-proxy listening on the default port. I have the incoming ftp-proxy listening on a different port. I also have only one anchor for ftp-proxy. anchor ftp-proxy/* pass in on $office_network proto tcp to port ftp rdr-to 127.0.0.1 port 8021 pass in log on $external_interface proto tcp from any to $external_interface port ftp flags S/SAFR modulate state (max-src-conn 15, max-src-conn-rate 5/3, overload hmmm flush global) rdr-to 127.0.0.1 port 8031 $ cat /etc/rc.conf.local ntpd_flags=-s # enabled during install # # set these to NO to turn them off. otherwise, they're used as flags #named_flags=-d 3 # for normal use: named_flags= # for normal use: #dhcpd_flags= # for normal use: # ISC dhcpd will be invokd via rc.local!!! # # set the following to YES to turn them on pf=YES # Packet filter / NAT ftpproxy_flags= # for normal use: ftpproxy_flags2=-R xxx.xxx.iii.2 -p 21 -b xxx.xxx.www.1 # for normal use: # # miscellaneous other flags # only used if the appropriate server is marked YES above pflogd_flags= # add more flags, ie. -s 256 * rc.local: # Start ftp-proxy #2 if [ X${ftpproxy_flags2} != XNO ]; then echo -n ' ftp-proxy'; /usr/sbin/ftp-proxy ${ftpproxy_flags2} fi *
Thanks Jacek Artymiak: Book PDF's
A huge Thanks to Jacek Artymiak for the PDF's of Building Firewalls with OpenBSD and PF, 3rd ed. and The OpenBSD Command-LineCompanion. The wait was worth it !!!
Re: Jacek Books
By posting regarding this situation, possibly it will help others from being swindled. I paid for the Firewall Book, and as stated, did receive a few PDF's, but that's it, no paper copy. Going through PayPal is is waste of time, as their time limits have been exceeded many times over (my purchase was Feb 13, 2009) for filing a complaint, unless I'm mistaken. When someone is ripping others off left and right, who gives a hang about copyrights ? Were I not honest, I surely wouldn't; I'd get what I paid for any way I could. Alas, I guess I just lost out, as it's evident from the site that business is in full swing and payment is being accepted by 2 methods. I guess I should have also noted that Artymiak was a Non-verified US vendor on PayPal. Live and learn I guess, at times the very hard way. I really expected much more from Artymiak. On 2/15/2010 2:31 PM, Corey wrote: On 02/15/2010 01:33 PM, open...@e-solutions.re wrote: Im agree with you Aaron, but i bought his books on 14 september 2009, and an other book on 14 october 2009. If you want i can send you my Paypal receipts to prove it. I never received the books. It is a swindle ! nothing else ... And why sell books when nobody to occupies his website? Even if he is ill, it is not a reason (he has to stop selling ebooks) Thank's Report him to PayPal. Depending on the terms of his copyrights, it may not be legal for someone else to send you a copy of his works. And if he is not responding to your personal emails, it is unlikely that posting on this list is going to help any further.
Re: Jacek books
On 2/14/2010 12:26 PM, open...@e-solutions.re wrote: Hello, I bought the books from http://www.devguide.net : OpenBSD Command-Line Companion and Building OpenBSD Firewalls with OpenBSD 3th Ed in PDF and Printed version (since september 2009) Is there someone that will have a copy of these books in pdf format ? I received NOTHING Thank you very much. I did the exact same thing, and I did receive 'snippets' of chapters in PDF format over a period of time, which I've compiled into one printed booklet, but I'd like to receive the book as a whole as was originally stated. I did use Pay Pal, so I do have a valid copy of my payment, shown below. I'm hardly sweating it though, as I've always known Jacek Artymiak to be a man of his word and an exceptional talent that I feel we're very fortunate to have as a developer. Please just give it some time. I've found it's always better to look very closely and very long before leaping to any conclusions. Regards, WED == Business Name: devGuide.net (The recipient of this payment is Non-U.S. - Verified) Email: sa...@devguide.net Payment Sent to: ja...@devguide.net Total Amount: -b,47.00 EUR Fee amount: b,0.00 EUR Net amount: -b,47.00 EUR (equals -$62.21 USD) Conversion from: -$62.21 USD Conversion to: b,47.00 EUR Exchange rate: 1 U.S. Dollar = 0.755505 Euros Item Amount: b,47.00 EUR Shipping: b,0.00 EUR Handling: b,0.00 EUR Quantity: 1 Item Title:OpenBSD Command-Line Companion Editions: PDF + Paper Item Number: 0008 Date: Feb 13, 2009 Time: 16:33:55 CST Status: Completed
Re: [Soekris] Soekris net5501 OpenBSD 4.5 Booting Problem
Hi Ken, On Fri, 2009-07-17 at 09:09 -0400, Hendrickson, Kenneth wrote: *0: A6 0 1 1 -131 127 63 [ 63: 2112516 ] OpenBSD 1: DA131 128 1 -262 254 63 [ 2112579: 2112516 ] Unknown ID 2: DA263 0 1 - 6211 254 63 [ 4225095:95570685 ] Unknown ID 3: DA 6212 0 1 - 12160 254 63 [99795780:95570685 ] Unknown ID Just follow the instructions in the OpenBSD installer, offered by default. When it prompts you 'Do you want to use all of wd0 for OpenBSD', just say yes, it will run fdisk -i It will make partition 3 the default active bootable one But I *never* want to use the entire disk for OpenBSD. I have a system for quick recovery in case of a disaster. I only use half of the disk. When I install a new version of OpenBSD, I use the other half of the disk. That way, if a disaster happens, I can quickly boot, run fdisk -- changing the bootable partition, and then reboot into my previous system. In the above fdisk output, partitions 0 and 2 are my current system, while partitions 1 and 3 are my last and next systems. After I install a new system onto partitions 1 and 3, partitions 0 and 2 will become my last and next systems. (Using 2 partitions like this is a holdover from the days when the bootable partition had to be in the first few cylinders of the drive.) From Absolute OpenBSD - UNIX for the practical paranoid by Michael Lucas I've learned that: OpenBSD partitions need to go within a single MBR partition. Dedicate a single MBR partition ... There can only be one OpenBSD MBR partition per hard disk. I can't make much sense of what you describe here, but to me it looks like it suggests that you're using a single disklabel which spans more than one MBR partition. Or even moving around the disklabel at will. If so, would you be willing to publish something like a howto on this subject?. Or else tell us where to find one? I know about multiple OpenBSD installations inside a single set of subpartitions, but that's still a single MBR partition. No fdisk or disklabel involved after initial setup, but probably more vulnerable than what you describe here. Bill I'm surprised more people don't do this. It provides for very quick and easy recovery in the case of a disaster. (I've only ever had such a disaster once; I've been using OpenBSD since late 1996.) The other advantage of this system is that it provides an easy means for seeing how I did things previously. I can quickly run disklabel, use an empty slice to point to one of my old slices, and then mount it. After I'm done I can run disklabel again and put it back. So I never want to use the entire disk for OpenBSD. Therefore, I will need to remember to escape to a shell and run fdisk -u when installing to a virgin disk. It would be nice if the OpenBSD install procedure checked for the lack of a valid MBR, and installed one automatically (after asking); that would save some people from experiencing the problem I experienced. Ken Hendrickson ___ Soekris-tech mailing list soekris-t...@lists.soekris.com http://lists.soekris.com/mailman/listinfo/soekris-tech
snapshot - ports - gnome
Hi, Got this while trying to compile GNOME from ports on 6/16 snapshot (packages were broken): === Extracting for gst-plugins-good-0.10.8 cp -R /usr/ports/multimedia/gstreamer-0.10/plugins-good/files /usr/ports/obj/gst-plugins-good-0.10.8/gst-plugins-good-0.10.8/ext/libsndio ln: /usr/ports/obj/gst-plugins-good-0.10.8/bin/gconftool-2: File exists *** Error code 1 Stop in /usr/ports/multimedia/gstreamer-0.10/plugins-good (line 2087 of /usr/ports/infrastructure/mk/bsd.port.mk). Is there some quick fix for this? Or is it already fixed? Am I supposed to send messages like this to misc or should they go to ports? Thanks, Bill
Re: Ext2/3 mount trouble
Hi Donald, I'm slowly starting to get the whole picture here.. I'll start with updating my in-memory copy of the FAQ. Thanks, Bill On Wed, 2009-06-10 at 09:13 -0400, Donald Allen wrote: On Wed, Jun 10, 2009 at 10:37 AM, Bill Maas b...@stsx.org wrote: Hi Donald, On Wed, 2009-06-10 at 06:33 -0400, Donald Allen wrote: [...] I had nothing to do with writing the documentation and so have no ax to grind, but FAQ items 8.21 and 14.16 look pretty explicit to me. [...] 8.21: OpenBSD does support journaling fses (ext3 at least), it just doesn't support fs journaling. Maybe 14.16 could do with an addition like this one (or maybe not because it's too specific): 'Ext3 partitions are mounted as ext2, i.e. no journaling is done. In fact, none of the OpenBSD's filesystem tools pay any attention to an existing journal. For that reason, an attempt to have an ext3 partition mounted read-write at boot time through /etc/fstab will cause a filesystem not clean error. This can be circumvented by having the device mounted read-only at boot time, and remounting it read-write manually afterwards.' I agree that it's all a bit nitpickerish (if that's an English word), It is now but the fact that ext3 fses mount without trouble can be confusing. But you must have fibbed to mount about the fs type and mounted it -t ext2fs, which is not true. ext2 being a proper subset of ext3, I'm not surprised that the system didn't say anything. I cited 14.16 because it says ext2 is supported and does not mention ext3. If ext3 were supported, I'm quite confident the FAQ would have said so. Given that, I personally would not have considered mounting an ext3 filesystem writeable with OpenBSD, for fear of getting the ext2 part of the filesystem out of whack with the journal. In other words, I think what you are trying to do may well be hazardous to the health of your ext3 filesystem. Given my conservative bent in my old age (having spent many, many years finding strange and wonderful ways to get computers in undesirable states and watching others do the same), if I really needed to mount that fs writeable with OpenBSD for some reason, I'd boot a Linux rescue cd first and convert the fs to ext2. My $.02. /Don Bill
Re: Ext2/3 mount trouble
Hi Ted, On Tue, 2009-06-09 at 13:01 -0400, Ted Unangst wrote: On Tue, Jun 9, 2009 at 2:03 PM, Bill Maas b...@stsx.org wrote: I posted a message earlier about a kernel panic occurring when I accessed a file on some of my ext3 fses. I've also been having trouble with r/w extfs entries in fstab. At boot time I'm dropped to a shell because fsck thinks the fs is unclean, even when the other side says it's clean. ext3 is marked dirty because the journal hasn't been played back. You have to convert it to ext2 in linux before mounting in openbsd. That makes sense, I guess. And it does keep the unclean fs messages away - not the bad ref count panic however. The docs could be a bit more explicit about the lack of support for ext3 journaling. And in reply to the various why would you want to do that?'s I encountered while searching for the issue: very witty, but ext2 happens to be a widely supported fs, which makes it a good candidate for shared data on multiboot systems (FAT16/32? - can't be serious...!). Moreover, so far OpenBSD has proven to have excellent support for ext2, apart from that single issue. FFS support from Linux on the other hand, is C.R.A.P. Thanks, Bill
Evolution hangs
Hi, it's Evolution once again: hangs for no apparent reason while I'm typing a message (the one previously posted, in fact;). Hope that this will be of any use, grabbed while Evolution was hanging: exo...@borealis:~$ kdump -p 20329 20329 evolution EMUL native 20329 evolution RET poll 0 20329 evolution CALL gettimeofday(0x6859d058,0) 20329 evolution RET gettimeofday 0 20329 evolution CALL poll(0x52cca000,0xb,0x28) 20329 evolution RET poll 0 20329 evolution CALL gettimeofday(0x6859d058,0) 20329 evolution RET gettimeofday 0 20329 evolution CALL clock_gettime(0,0x51f97fa8) 20329 evolution RET clock_gettime 0 20329 evolution CALL poll(0x52cca000,0xa,0) 20329 evolution RET poll 0 20329 evolution CALL poll(0x52cca000,0xb,0x2710) Bill
Re: Evolution hangs
Hi Antoine, On Wed, 2009-06-10 at 11:47 +0200, Antoine Jacoutot wrote: On Wed, 10 Jun 2009, Bill Maas wrote: Hi, it's Evolution once again: hangs for no apparent reason while I'm typing a message (the one previously posted, in fact;). Hope that this will be of any use, grabbed while Evolution was hanging: Are you using current or 4.5? 4.5, without a single patch applied, I'm ashamed to admit (I'm still in transition, desktop-wise). The only relevant patch could be the i386/DMA one, but I doubt that that's the cause. Evolution has seen a bumpy early life on other OSes as well, but you're no doubt aware of that. Bill
Re: Ext2/3 mount trouble
Hi Donald, On Wed, 2009-06-10 at 06:33 -0400, Donald Allen wrote: [...] I had nothing to do with writing the documentation and so have no ax to grind, but FAQ items 8.21 and 14.16 look pretty explicit to me. [...] 8.21: OpenBSD does support journaling fses (ext3 at least), it just doesn't support fs journaling. Maybe 14.16 could do with an addition like this one (or maybe not because it's too specific): 'Ext3 partitions are mounted as ext2, i.e. no journaling is done. In fact, none of the OpenBSD's filesystem tools pay any attention to an existing journal. For that reason, an attempt to have an ext3 partition mounted read-write at boot time through /etc/fstab will cause a filesystem not clean error. This can be circumvented by having the device mounted read-only at boot time, and remounting it read-write manually afterwards.' I agree that it's all a bit nitpickerish (if that's an English word), but the fact that ext3 fses mount without trouble can be confusing. Bill
Re: Separate desktop list?
Hi Antoine, On Mon, 2009-06-08 at 21:39 +0200, Antoine Jacoutot wrote: On Mon, 8 Jun 2009, Bill Maas wrote: - evolution is incredibly slow at startup Known issue. Probably threads related, but it is just a wild guess. I had no time to look into the issue for real yet. - deleting a message before it is fully loaded will cause evolution to crash Interesting, I'll try to reproduce that one. Same with pressing a folder button before the program itself is fully loaded. This occurred yesterday, after I posted this message, as if in protest. Loaded seems to be an issue with Evolution. [...] Also, copying from a vi(m) screen in an xterm window doesn't seem to work (haven't made any attempt to sort that out yet). xterm != GNOME, so I'll leave that one to others ;) Excuse me, I was using the expression xterm in a generic manner. It's acutally a GNOME terminal. Thanks for patience and attention anyway, Bill
Ext2/3 mount trouble
Hi, I posted a message earlier about a kernel panic occurring when I accessed a file on some of my ext3 fses. I've also been having trouble with r/w extfs entries in fstab. At boot time I'm dropped to a shell because fsck thinks the fs is unclean, even when the other side says it's clean. There is a simple workaround: declare all ext2fs mounts ro in /etc/fstab, and remount these r/w after boot. This hasn't given me a single problem so far (except that it's a bit inconvenient). Bill dmesg: OpenBSD 4.5 (GENERIC) #1749: Sat Feb 28 14:51:18 MST 2009 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz (GenuineIntel 686-class) 2.53 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,CX16,xTPR real mem = 3214176256 (3065MB) avail mem = 3114315776 (2970MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 09/24/08, BIOS32 rev. 0 @ 0xfdc80, SMBIOS rev. 2.4 @ 0xe0010 (74 entries) bios0: vendor LENOVO version 6FET46WW (1.16 ) date 09/24/2008 bios0: LENOVO 4058CTO acpi0 at bios0: rev 2 acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET SLIC BOOT ASF! SSDT SSDT SSDT SSDT acpi0: wakeup devices LID_(S3) SLPB(S3) UART(S3) IGBE(S4) EXP0(S4) EXP1(S4) EXP2(S4) EXP3(S4) EXP4(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB3(S3) USB4(S3) USB5(S3) EHC0(S3) EHC1(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 265MHz cpu at mainbus0: not configured ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 2, remapped to apid 1 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (AGP_) acpiprt2 at acpi0: bus 2 (EXP0) acpiprt3 at acpi0: bus 3 (EXP1) acpiprt4 at acpi0: bus -1 (EXP2) acpiprt5 at acpi0: bus 5 (EXP3) acpiprt6 at acpi0: bus 13 (EXP4) acpiprt7 at acpi0: bus 21 (PCI1) acpiec0 at acpi0 acpicpu0 at acpi0: C3, C2 acpitz0 at acpi0: critical temperature 127 degC acpitz1 at acpi0: critical temperature 100 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpibat0 at acpi0: BAT0 model 92P1133 serial 199 type LION oem Panasonic acpibat1 at acpi0: BAT1 not present acpiac0 at acpi0: AC unit online acpithinkpad0 at acpi0 acpidock at acpi0 not configured acpivideo at acpi0 not configured acpivideo at acpi0 not configured bios0: ROM list: 0xc/0xfc00 0xd/0x1000 0xd1000/0x1000 0xd2000/0x1000 0xde000/0x1800! 0xe/0x1 cpu0: unknown Enhanced SpeedStep CPU, msr 0x0617492506004925 cpu0: using only highest and lowest power states cpu0: Enhanced SpeedStep 19467 MHz (1292 mV): speeds: 19467, 1600 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel GM45 Host rev 0x07 ppb0 at pci0 dev 1 function 0 Intel GM45 PCIE rev 0x07: apic 1 int 16 (irq 11) pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 ATI Mobility Radeon HD 3650 rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Intel GM45 HECI rev 0x07 at pci0 dev 3 function 0 not configured em0 at pci0 dev 25 function 0 Intel ICH9 IGP M AMT rev 0x03: apic 1 int 20 (irq 11), address 00:1c:25:97:34:61 uhci0 at pci0 dev 26 function 0 Intel 82801I USB rev 0x03: apic 1 int 20 (irq 11) uhci1 at pci0 dev 26 function 1 Intel 82801I USB rev 0x03: apic 1 int 21 (irq 11) uhci2 at pci0 dev 26 function 2 Intel 82801I USB rev 0x03: apic 1 int 22 (irq 11) ehci0 at pci0 dev 26 function 7 Intel 82801I USB rev 0x03: apic 1 int 23 (irq 11) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 azalia0 at pci0 dev 27 function 0 Intel 82801I HD Audio rev 0x03: apic 1 int 17 (irq 11) azalia0: RIRB time out azalia0: codecs: Conexant CX20561, Conexant/0x2c06, using Conexant CX20561 audio0 at azalia0 ppb1 at pci0 dev 28 function 0 Intel 82801I PCIE rev 0x03: apic 1 int 20 (irq 11) pci2 at ppb1 bus 2 ppb2 at pci0 dev 28 function 1 Intel 82801I PCIE rev 0x03: apic 1 int 21 (irq 11) pci3 at ppb2 bus 3 iwn0 at pci3 dev 0 function 0 Intel WiFi Link 5300AGN rev 0x00: apic 1 int 17 (irq 11), MIMO 3T3R, MoW, address 00:16:ea:a3:00:2c ppb3 at pci0 dev 28 function 3 Intel 82801I PCIE rev 0x03: apic 1 int 23 (irq 11) pci4 at ppb3 bus 5 ppb4 at pci0 dev 28 function 4 Intel 82801I PCIE rev 0x03: apic 1 int 20 (irq 11) pci5 at ppb4 bus 13 uhci3 at pci0 dev 29 function 0 Intel 82801I USB rev 0x03: apic 1 int 16 (irq 11) uhci4 at pci0 dev 29 function 1 Intel 82801I USB rev 0x03: apic 1 int 17 (irq 11) uhci5 at pci0 dev 29 function 2 Intel 82801I USB rev 0x03: apic 1 int 18 (irq 11) ehci1 at pci0 dev 29 function 7 Intel 82801I USB rev 0x03: apic 1 int 19 (irq 11) usb1 at ehci1: USB revision 2.0 uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb5 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev
Ext2/3 mount trouble - follow-up
Hi, I figured I might as well add some disk details to my previous message (Ext2/3 mount trouble), so here's the whole story. r...@happyflowers:~# cat /etc/fstab /dev/sd0a / ffs rw 1 1 /dev/sd0g /home ffs rw,nodev,nosuid 1 2 /dev/sd0f /tmp ffs rw,nodev,nosuid 1 2 /dev/sd0d /usr ffs rw,nodev 1 2 /dev/sd0e /var ffs rw,nodev,nosuid 1 2 /dev/sd0l /mnt/export ext2fs ro,nodev,nosuid 1 2 /dev/sd0m /mnt/home ext2fs ro,nodev,nosuid 1 2 #/dev/sd0n /mnt/ubu ext2fs ro,nodev,nosuid,noauto 1 2 #/dev/sd0o /mnt/misc ext2fs ro,nodev,nosuid,noauto 1 2 #/dev/sd0p /mnt/backup ext2fs ro,nodev,nosuid,noauto 1 2 /dev/cd0a /mnt/cdrom cd9660 noauto,ro 0 0 Devices sd0l and sd0m give no trouble as long as I don't try to have them mounted r/w at boot. Accessing a file (in the broad sense) on any of the other ext2 partitions causes the system to panic. r...@happyflowers:~# disklabel sd0 # Inside MBR partition 2: type A6 start 58605120 size 19535040 # /dev/rsd0c: type: SCSI disk: SCSI disk label: ST9320421AS flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 38913 total sectors: 625142448 rpm: 3600 interleave: 1 trackskew: 0 cylinderskew: 0 headswitch: 0 # microseconds track-to-track seek: 0 # microseconds drivedata: 0 16 partitions: #size offset fstype [fsize bsize cpg] a: 1028160 59633280 4.2BSD 2048 163841 b: 1028160 58605120swap c:6251424480 unused d: 12594960 60661440 4.2BSD 2048 163841 e: 2104515 73256400 4.2BSD 2048 163841 f: 2104515 75360915 4.2BSD 2048 163841 g: 674730 77465430 4.2BSD 2048 163841 i: 58605057 63NTFS j: 11430720613705680 unknown k: 7807527 78140223 unknown l: 19534977 85947813 ext2fs m: 19534977105482853 ext2fs n: 19534977125017893 ext2fs o: 19534977144552933 ext2fs p: 19534977164087973 ext2fs The reason why I use those ext3 partitions will be clear: shared bulk data - can't reach my music videos from OpenBSD right now:-(. r...@happyflowers:~# fdisk sd0 Disk: sd0 geometry: 41345/240/63 [625142448 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: id C H S - C H S [ start:size ] --- *0: 07 0 1 1 - 3875 239 63 [ 63:58605057 ] HPFS/QNX/AUX 1: 12 40589 0 1 - 41344 239 63 [ 613705680:11430720 ] Compaq Diag. 2: A6 3876 0 1 - 5167 239 63 [58605120:19535040 ] OpenBSD 3: 05 5168 0 1 - 40588 239 63 [78140160: 535565520 ] Extended DOS Offset: 78140160Signature: 0xAA55 Starting Ending LBA Info: #: id C H S - C H S [ start:size ] --- 0: 82 5168 1 1 - 5684 89 63 [78140223: 7807527 ] Linux swap 1: 05 5684 90 1 - 6976 89 63 [85947750:19535040 ] Extended DOS 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 3: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused Offset: 85947750Signature: 0xAA55 Starting Ending LBA Info: #: id C H S - C H S [ start:size ] --- 0: 83 5684 91 1 - 6976 89 63 [85947813:19534977 ] Linux files* 1: 05 6976 90 1 - 8268 89 63 [ 105482790:19535040 ] Extended DOS 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 3: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused Offset: 105482790 Signature: 0xAA55 Starting Ending LBA Info: #: id C H S - C H S [ start:size ] --- 0: 83 6976 91 1 - 8268 89 63 [ 105482853:19534977 ] Linux files* 1: 05 8268 90 1 - 9560 89 63 [ 125017830:19535040 ] Extended DOS 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 3: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused Offset: 125017830 Signature: 0xAA55
Re: Separate desktop list?
Hi Antoine, On Mon, 2009-06-08 at 11:50 +0200, Antoine Jacoutot wrote: On Mon, 8 Jun 2009, Bill Maas wrote: [owner-misc: wrong address - sorry - resend] Hi, is there a separate channel for desktop bugs/discussions [planned]? I'm running into GNOME bugs from time to time which are hardly worth $ pkg_info gnome-session |grep Maintainer I was hinting at a somewhat _broader_ medium;) Bill
Re: Separate desktop list?
On Mon, 2009-06-08 at 12:21 +0200, Antoine Jacoutot wrote: On Mon, 8 Jun 2009, Bill Maas wrote: Hi Antoine, On Mon, 2009-06-08 at 11:50 +0200, Antoine Jacoutot wrote: On Mon, 8 Jun 2009, Bill Maas wrote: [owner-misc: wrong address - sorry - resend] Hi, is there a separate channel for desktop bugs/discussions [planned]? I'm running into GNOME bugs from time to time which are hardly worth $ pkg_info gnome-session |grep Maintainer I was hinting at a somewhat _broader_ medium;) Oh. Well then you could try ports@ but there is nothing desktop specific. I'd like to know about these gnome bugs though ;) (By heart): - evolution is incredibly slow at startup - deleting a message before it is fully loaded will cause evolution to crash - PrtScr doesn't work, even though it's registered with the Gnome shortcuts Granted, only the last one is a potential GNOME bug, but they're definitely all desktop. These occur on _my_ machine, I don't know if these quirks are universal and reproducible, hence the need for discussion before firing bug reports at maintainers. I've been reluctant to post a message each time I encounter an issue like these, because I know (and strongly agree) that desktop isn't OpenBSD's core business. I'll file a bug report for the evolution crashes, that's definitely a bug. Having separate support channels for server and desktop is quite commonplace, and usually serves to keep the server channel more interesting and on-topic;). About the 3d bug: I'm not a GNOME expert, so maybe I'm overlooking something, but I tried using xmodmap both ways..: xmodmap -e 'keycode 111 = Print' xmodmap -e 'keysym Print = Print' .. and Take a screenshot is set to Print in the Keyboard shortcuts window. 'gnome-screenshot' works well, both from the commandline and from the launcher, but it's not much use for taking fullscreen shots. Even if the feature is deliberately disabled, the Keyboard shortcuts menu make a false suggestion. Also, copying from a vi(m) screen in an xterm window doesn't seem to work (haven't made any attempt to sort that out yet). That's all, for now;) Bill dmesg: OpenBSD 4.5 (GENERIC) #1749: Sat Feb 28 14:51:18 MST 2009 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz (GenuineIntel 686-class) 2.53 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,CX16,xTPR real mem = 3214176256 (3065MB) avail mem = 3114315776 (2970MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 09/24/08, BIOS32 rev. 0 @ 0xfdc80, SMBIOS rev. 2.4 @ 0xe0010 (74 entries) bios0: vendor LENOVO version 6FET46WW (1.16 ) date 09/24/2008 bios0: LENOVO 4058CTO acpi0 at bios0: rev 2 acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET SLIC BOOT ASF! SSDT SSDT SSDT SSDT acpi0: wakeup devices LID_(S3) SLPB(S3) UART(S3) IGBE(S4) EXP0(S4) EXP1(S4) EXP2(S4) EXP3(S4) EXP4(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB3(S3) USB4(S3) USB5(S3) EHC0(S3) EHC1(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 266MHz cpu at mainbus0: not configured ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 2, remapped to apid 1 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (AGP_) acpiprt2 at acpi0: bus 2 (EXP0) acpiprt3 at acpi0: bus 3 (EXP1) acpiprt4 at acpi0: bus -1 (EXP2) acpiprt5 at acpi0: bus 5 (EXP3) acpiprt6 at acpi0: bus 13 (EXP4) acpiprt7 at acpi0: bus 21 (PCI1) acpiec0 at acpi0 acpicpu0 at acpi0: C3, C2 acpitz0 at acpi0: critical temperature 127 degC acpitz1 at acpi0: critical temperature 100 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpibat0 at acpi0: BAT0 model 92P1133 serial 199 type LION oem Panasonic acpibat1 at acpi0: BAT1 not present acpiac0 at acpi0: AC unit online acpithinkpad0 at acpi0 acpidock at acpi0 not configured acpivideo at acpi0 not configured acpivideo at acpi0 not configured bios0: ROM list: 0xc/0xfc00 0xd/0x1000 0xd1000/0x1000 0xd2000/0x1000 0xde000/0x1800! 0xe/0x1 cpu0: unknown Enhanced SpeedStep CPU, msr 0x0617492506004925 cpu0: using only highest and lowest power states cpu0: Enhanced SpeedStep 19467 MHz (1292 mV): speeds: 19467, 1600 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel GM45 Host rev 0x07 ppb0 at pci0 dev 1 function 0 Intel GM45 PCIE rev 0x07: apic 1 int 16 (irq 11) pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 ATI Mobility Radeon HD 3650 rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Intel GM45 HECI rev 0x07 at pci0 dev 3 function 0 not configured em0 at pci0 dev 25 function 0 Intel ICH9 IGP M AMT rev 0x03: apic
Kernel panic while accessing ext3 partition
Hi, I got a bad ref count panic message while trying to access a directory on a 45 GB ext3 partition. Below is what I managed to salvage. Any workarounds for this? Anyway, got GNOME on OpenBSD up and running, made very easy, great! Bill --- b5 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0x93 pci6 at ppb5 bus 21 cbb0 at pci6 dev 0 function 0 Ricoh 5C476 CardBus rev 0xba: apic 1 int 16 (irq 11) Ricoh 5C832 Firewire rev 0x04 at pci6 dev 0 function 1 not configured sdhc0 at pci6 dev 0 function 2 Ricoh 5C822 SD/MMC rev 0x21: apic 1 int 18 (irq 11) sdmmc0 at sdhc0 Ricoh 5C843 MMC rev 0x11 at pci6 dev 0 function 3 not configured Ricoh 5C592 Memory Stick rev 0x11 at pci6 dev 0 function 4 not configured Ricoh 5C852 xD rev 0x11 at pci6 dev 0 function 5 not configured cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 22 device 0 cacheline 0x0, lattimer 0xb0 pcmcia0 at cardslot0 pcib0 at pci0 dev 31 function 0 Intel 82801IEM LPC rev 0x03 ahci0 at pci0 dev 31 function 2 Intel 82801I AHCI rev 0x03: apic 1 int 16 (irq 11), AHCI 1.2 scsibus0 at ahci0: 32 targets sd0 at scsibus0 targ 0 lun 0: ATA, ST9320421AS, SD13 SCSI3 0/direct fixed sd0: 305245MB, 512 bytes/sec, 625142448 sec total cd0 at scsibus0 targ 1 lun 0: MATSHITA, DVD-RAM UJ862A, SB04 ATAPI 5/cdrom removable ichiic0 at pci0 dev 31 function 3 Intel 82801I SMBus rev 0x03: apic 1 int 23 (irq 11) iic0 at ichiic0 usb2 at uhci0: USB revision 1.0 uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1 usb3 at uhci1: USB revision 1.0 uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1 usb4 at uhci2: USB revision 1.0 uhub4 at usb4 Intel UHCI root hub rev 1.00/1.00 addr 1 usb5 at uhci3: USB revision 1.0 uhub5 at usb5 Intel UHCI root hub rev 1.00/1.00 addr 1 usb6 at uhci4: USB revision 1.0 uhub6 at usb6 Intel UHCI root hub rev 1.00/1.00 addr 1 usb7 at uhci5: USB revision 1.0 uhub7 at usb7 Intel UHCI root hub rev 1.00/1.00 addr 1 isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 aps0 at isa0 port 0x1600/31 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 mtrr: Pentium Pro MTRR support uvideo0 at uhub0 port 6 configuration 1 interface 0 Chicony Electronics Co., Ltd. product 0x4807 rev 2.00/31.34 addr 2 video0 at uvideo0 ubt0 at uhub3 port 2 Lenovo Computer Corp ThinkPad Bluetooth with Enhanced Data Rate II rev 2.00/3.52 addr 2 ugen0 at uhub7 port 2 Lenovo Integrated Smart Card Reader rev 2.00/1.00 addr 2 softraid0 at root root on sd0a swap on sd0b dump on sd0b WARNING: / was not properly unmounted vrele: bad ref count: 0xd99ad788, type VBLK, use 0, write 0, hold 6, flags (VBIOONFREELIST) tag VT_UFS, ino 1188, on dev 4, 0 flags 0x0, effnlink 1, nlink 1 mode 060640, owner 0, group 5, size 0 not locked panic: vrele: ref cnt Stopped at Debugger+0x4: leave RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC! DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION! ddb ddb Debugger(0,d991e550,df754ae0,d99ad788,d99b8008) at Debugger +0x4 panic(d06f545f,d99ad788,0,d991e550,d99532e0) at panic+0x55 vrele(d99ad788,6,0,d0381e08) at vrele+0xa2 ext2fs_reclaim(df754b18,d08106a8,0,d991e550,d07a95e4) at ext2fs_reclaim +0x89 VOP_RECLAIM(d991e550,d99b8008,d99b8008,0) at VOP_RECLAIM+0x28 vclean(d991e550,8,d99b8008,0,d3b36c00) at vclean+0x76 vgonel(d991e550,d99b8008,0,d99b8008,d94a6130) at vgonel+0x3e vrecycle(d991e550,d99b8008,d99b8008,18f3) at vrecycle+0x20 ext2fs_inactive(df754c08,1780,df754c30,d037b6fd,d07a95d8) at ext2fs_inactive+0xdc VOP_INACTIVE(d991e550,d99b8008,df754c80,d0458b27,16) at VOP_INACTIVE +0x28 vput(d991e550,df754c6c,d3b4b400,df754c70,1780) at vput+0x36 ext2fs_vget(d3e0d800,178001,df754d28,178001) at ext2fs_vget+0x167 ext2fs_lookup(df754d58,d99b8008,df754d70,d0380823,d07a94b8) at ext2fs_lookup+0x62e VOP_LOOKUP(d995af28,df754e58,df754e6c,20) at VOP_LOOKUP+0x2e lookup(df754e48,d9814c00,400,df754e60) at lookup+0x1d0 namei(df754e48,20042,0,0) at namei+0x18c sys_lstat(d99b8008,df754f68,df754f58,cfbc2810,d99b8008) at sys_lstat +0x4a syscall() at syscall+0x24e --- syscall (number 293) --- 0x1c023f35: ddbPID PPID PGRPUID S FLAGS WAIT COMMAND 9152 1 24654 1000 3 0x4080 poll notification-are 19989 1 24654 1000 3 0x4080 poll clock-applet 32558 1 24654 1000 3 0x4080 poll mixer_applet2 30896 1 11290 1000 3 0x4080 poll gvfsd-trash 19245 1 19245 1000 30x80 poll gnome-screensave 17846 1 24654 1000 3 0x4080 poll wnck-applet 16498 1 11290 1000 3
Re: No OpenBSD for Lenovo Thinkpad w500 4058CTO
Hi Nick, On Tue, 2009-05-05 at 09:48 -0400, Nick Guenther wrote: Your disks aren't showing up in dmesg. Try tweaking your BIOS settings--i know that I had to change from IDE emulation to AHCI when I upgraded to 4.5. That did the trick. Thanks. I'm hoping to replace my current GNOME desktop with an OpenBSD-based one, so I can keep more in touch with this excellent little system;). Bill On 05/05/2009, Bill Maas b...@stsx.org wrote: Hi, First, and just for the record: while trying to set up an FTP server on OpenBSD 4.2 I got this error message while trying to connect by any other address than 'localhost': 421 Service not available, remote server has closed connection. Reason, it turned out: a missing entry in /etc/hosts.allow. I had a hard time finding anything relevant out there, so now at least the relation between the error message and the missing entry is documented. The reason I needed an FTP server is that I'm trying to install OpenBSD 4.5 on a Lenovo Thinkpad W500 model 4058-CTO, with no success. With obsd 4.4 it never got past hardware initialization, with 4.5 at least I get the installer menu, but no for long: [...] Proceed with install? [n] y [...] No disks found # And no, I don't expect developers to _scramble to their laptops_ just because I as an OpenBSD user am _entitled to have this fixed ASAP_ and stuff like that. I was at least happy to see that the Fathers of OpenBSD in their infinite wisdom decided to use plain ftp for downloading packages, and not some custom-built single-purpose binary-installer-builtin, so I could at least get a dmesg off the box (I didn't manage to get a screen capture over USB). The output from the 'dmesg' command run from the shell commandline is listed below. I'm only an index list member, but feel free to contact me offlist if you need more info. I'll be happy to help testing any updates. And I'll be following any replies through the archives of course. An otherwise very happy OpenBSD user, Bill dmesg: -- OpenBSD 4.5 (RAMDISK_CD) #1112: Sat Feb 28 15:06:26 MST 2009 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/RAMDISK_CD cpu0: Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz (GenuineIntel 686-class) 2.53 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,CX16,xTPR real mem = 3214176256 (3065MB) avail mem = 3115958272 (2971MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 09/24/08, BIOS32 rev. 0 @ 0xfdc80, SMBIOS rev. 2.4 @ 0xe0010 (74 entries) bios0: vendor LENOVO version 6FET46WW (1.16 ) date 09/24/2008 bios0: LENOVO 4058CTO acpi0 at bios0: rev 2 acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET SLIC BOOT ASF! SSDT SSDT SSDT SSDT SSDT acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 265MHz cpu at mainbus0: not configured ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 2, remapped to apid 1 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (AGP_) acpiprt2 at acpi0: bus 2 (EXP0) acpiprt3 at acpi0: bus 3 (EXP1) acpiprt4 at acpi0: bus -1 (EXP2) acpiprt5 at acpi0: bus 5 (EXP3) acpiprt6 at acpi0: bus 13 (EXP4) acpiprt7 at acpi0: bus 21 (PCI1) bios0: ROM list: 0xc/0xfc00 0xd/0x1000 0xd1000/0x1000 0xd2000/0x1000 0xde000/0x1800! 0xe/0x1 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel GM45 Host rev 0x07 ppb0 at pci0 dev 1 function 0 Intel GM45 PCIE rev 0x07: apic 1 int 16 (irq 11) pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 ATI Mobility Radeon HD 3650 rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) Intel GM45 HECI rev 0x07 at pci0 dev 3 function 0 not configured em0 at pci0 dev 25 function 0 Intel ICH9 IGP M AMT rev 0x03: apic 1 int 20 (irq 11), address 00:1c:25:97:34:61 uhci0 at pci0 dev 26 function 0 Intel 82801I USB rev 0x03: apic 1 int 20 (irq 11) uhci1 at pci0 dev 26 function 1 Intel 82801I USB rev 0x03: apic 1 int 21 (irq 11) uhci2 at pci0 dev 26 function 2 Intel 82801I USB rev 0x03: apic 1 int 22 (irq 11) ehci0 at pci0 dev 26 function 7 Intel 82801I USB rev 0x03: apic 1 int 23 (irq 11) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 Intel 82801I HD Audio rev 0x03 at pci0 dev 27 function 0 not configured ppb1 at pci0 dev 28 function 0 Intel 82801I PCIE rev 0x03: apic 1 int 20 (irq 11) pci2 at ppb1 bus 2 ppb2 at pci0 dev 28 function 1 Intel 82801I PCIE rev 0x03: apic 1 int 21 (irq 11) pci3 at ppb2 bus 3 iwn0 at pci3 dev 0 function 0 Intel WiFi Link 5300AGN rev 0x00: apic 1 int 17 (irq 11), MIMO 3T3R, MoW
No OpenBSD for Lenovo Thinkpad w500 4058CTO
Hi, First, and just for the record: while trying to set up an FTP server on OpenBSD 4.2 I got this error message while trying to connect by any other address than 'localhost': 421 Service not available, remote server has closed connection. Reason, it turned out: a missing entry in /etc/hosts.allow. I had a hard time finding anything relevant out there, so now at least the relation between the error message and the missing entry is documented. The reason I needed an FTP server is that I'm trying to install OpenBSD 4.5 on a Lenovo Thinkpad W500 model 4058-CTO, with no success. With obsd 4.4 it never got past hardware initialization, with 4.5 at least I get the installer menu, but no for long: [...] Proceed with install? [n] y [...] No disks found # And no, I don't expect developers to _scramble to their laptops_ just because I as an OpenBSD user am _entitled to have this fixed ASAP_ and stuff like that. I was at least happy to see that the Fathers of OpenBSD in their infinite wisdom decided to use plain ftp for downloading packages, and not some custom-built single-purpose binary-installer-builtin, so I could at least get a dmesg off the box (I didn't manage to get a screen capture over USB). The output from the 'dmesg' command run from the shell commandline is listed below. I'm only an index list member, but feel free to contact me offlist if you need more info. I'll be happy to help testing any updates. And I'll be following any replies through the archives of course. An otherwise very happy OpenBSD user, Bill dmesg: -- OpenBSD 4.5 (RAMDISK_CD) #1112: Sat Feb 28 15:06:26 MST 2009 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/RAMDISK_CD cpu0: Intel(R) Core(TM)2 Duo CPU T9400 @ 2.53GHz (GenuineIntel 686-class) 2.53 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,CX16,xTPR real mem = 3214176256 (3065MB) avail mem = 3115958272 (2971MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 09/24/08, BIOS32 rev. 0 @ 0xfdc80, SMBIOS rev. 2.4 @ 0xe0010 (74 entries) bios0: vendor LENOVO version 6FET46WW (1.16 ) date 09/24/2008 bios0: LENOVO 4058CTO acpi0 at bios0: rev 2 acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET SLIC BOOT ASF! SSDT SSDT SSDT SSDT SSDT acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 265MHz cpu at mainbus0: not configured ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 2, remapped to apid 1 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (AGP_) acpiprt2 at acpi0: bus 2 (EXP0) acpiprt3 at acpi0: bus 3 (EXP1) acpiprt4 at acpi0: bus -1 (EXP2) acpiprt5 at acpi0: bus 5 (EXP3) acpiprt6 at acpi0: bus 13 (EXP4) acpiprt7 at acpi0: bus 21 (PCI1) bios0: ROM list: 0xc/0xfc00 0xd/0x1000 0xd1000/0x1000 0xd2000/0x1000 0xde000/0x1800! 0xe/0x1 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel GM45 Host rev 0x07 ppb0 at pci0 dev 1 function 0 Intel GM45 PCIE rev 0x07: apic 1 int 16 (irq 11) pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 ATI Mobility Radeon HD 3650 rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) Intel GM45 HECI rev 0x07 at pci0 dev 3 function 0 not configured em0 at pci0 dev 25 function 0 Intel ICH9 IGP M AMT rev 0x03: apic 1 int 20 (irq 11), address 00:1c:25:97:34:61 uhci0 at pci0 dev 26 function 0 Intel 82801I USB rev 0x03: apic 1 int 20 (irq 11) uhci1 at pci0 dev 26 function 1 Intel 82801I USB rev 0x03: apic 1 int 21 (irq 11) uhci2 at pci0 dev 26 function 2 Intel 82801I USB rev 0x03: apic 1 int 22 (irq 11) ehci0 at pci0 dev 26 function 7 Intel 82801I USB rev 0x03: apic 1 int 23 (irq 11) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 Intel 82801I HD Audio rev 0x03 at pci0 dev 27 function 0 not configured ppb1 at pci0 dev 28 function 0 Intel 82801I PCIE rev 0x03: apic 1 int 20 (irq 11) pci2 at ppb1 bus 2 ppb2 at pci0 dev 28 function 1 Intel 82801I PCIE rev 0x03: apic 1 int 21 (irq 11) pci3 at ppb2 bus 3 iwn0 at pci3 dev 0 function 0 Intel WiFi Link 5300AGN rev 0x00: apic 1 int 17 (irq 11), MIMO 3T3R, MoW, address 00:16:ea:a3:00:2c ppb3 at pci0 dev 28 function 3 Intel 82801I PCIE rev 0x03: apic 1 int 23 (irq 11) pci4 at ppb3 bus 5 ppb4 at pci0 dev 28 function 4 Intel 82801I PCIE rev 0x03: apic 1 int 20 (irq 11) pci5 at ppb4 bus 13 uhci3 at pci0 dev 29 function 0 Intel 82801I USB rev 0x03: apic 1 int 16 (irq 11) uhci4 at pci0 dev 29 function 1 Intel 82801I USB rev 0x03: apic 1 int 17 (irq 11) uhci5 at pci0 dev 29 function 2 Intel 82801I USB rev 0x03: apic 1 int 18 (irq 11) ehci1 at pci0 dev 29 function 7 Intel 82801I USB rev 0x03: apic 1 int 19 (irq 11) usb1 at ehci1: USB revision 2.0 uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb5
Re: offloading layer 7 packet classification to hardware
On Thu, Oct 30, 2008 at 2:39 PM, Eduardo Meyer [EMAIL PROTECTED] wrote: how does pfsense classify p2p traffic? via the ports it typically uses. --Bill
PF route-to syntax
I discovered that rules like pass in on $int_if route-to ($ext_if2 $ext_gw2) from any to any must route-to an interface and not that interface's ip address. The rule set will load without an error message but the route-to rule will not work if the ip address is specified. My first question is am I correct in this understanding. And if I am, shouldn't the ruleset fail to load if the route-to rule is not given and interface name? Thanks.
need_help() with project
Hi, I'm working on a configuration management system based on siteXX-like archives. While writing the software was mostly fun, the documentation has turned out to be a bit of an ordeal due to motivational issues, illness and stuff. I guess I've mostly been missing the necessary feedback. So please take a look at it if you like, and if it looks interesting enough, don't hesitate to ask me a few questions about How It Works (it actually does - I use it myself). Contact info is on the web site: http://www.filedozer.org/ Mirror (main web hoster can be a bit unreliable): http://stsx.xs4all.nl/www.filedozer.org/index.html Greetings, Bill -- There is nothing to worry about - unknown
Re: RAID Hot Spare
LSI tech support is very helpful. 800-633-4545 in the usofa. Or: http://www.lsi.com/support/support_form.html Gaby Vanhegan wrote: We had a drive failure on a RAID5 (LSI MegaRaid SATA 150-4) volume in our server (OpenBSD 4.1/x86). The hot spare kicked in and the volume rebuilt fine after a successful fsck in single user mode. We put in a new drive as the new hot spare: # bioctl -Div ami0 bioctl: cookie = 0xd2a23c10 bio_inq bio_inq { 0xd2a23c10, ami0, 2, 4 } Volume Status Size Device ami0 0 Online 501991079936 sd0 RAID5 0 Online 250995539968 0:0.0 noencl Maxtor 6V250F0 VA11 'V594LE9G' 1 Online 250995539968 0:1.0 noencl Maxtor 6V250F0 VA11 'V5075JVG' 2 Online 250995539968 0:3.0 noencl Maxtor 6V250F0 VA11 'V5064EEG' ami0 1 Hot spare250053918720 0:2.0 noencl WDC WD2500AAKS-00VSA01.0 ' WD-WMART1158126' # The thing is the hot spare is fractionally smaller than the other drives, which is what happens when you go into a shop and ask for a 250G drive. What's going to happen if another drive fails and the RAID array tries to rebuild onto the slightly smaller hot spare? Will it explode or just error out? Do we need to go back and put a slightly larger drive in? I know this isn't the ideal place to ask the question but I figure we can't be the only people running LSI cards under OpenBSD. So far I can't find any good references on the 'net but my logic and intuition tells me that the drive needs to be bigger... G. -- Being drunk is feeling sophisticated without being able to say it. http://www.playr.co.uk/
Re: Help: OpenBSD 4.2 setup VPN gateway for mobile users
Chiah Tong Kiat wrote: Hi Could anyone give me some pointers in setting up a VPN gateway for mobile users? All the current docs that I've seen are for site-to-site VPN. Existing documents for mobiles uses certpatch to create a SubjectAltName which does not exist anymore Could anyone please help? thanks tongkiat I have found OpenVPN to be an easy solution in the past. I've got Linux, Windows, Mac clients all connecting fine. I have heard that IPSec on OpenBSD over the past few releases has gotten much easier to work with. Lots of doc's on the openvpn web site to help. I've also seen some Howto's for OpenBSD specifically. But with any of these, it is really important to understand why you are doing something.
Re: What does hw.disknames means?
Thank you very much, Paul. I think you have already answered my question clearly. Thanks for your help. Cheers, Hongxing On Mon, Apr 28, 2008 at 8:57 AM, Paul de Weerd [EMAIL PROTECTED] wrote: Redirected to misc@, as it's more appropriate there. On Mon, Apr 28, 2008 at 07:27:23AM -0700, xing93111 wrote: | Hi, | | I use sysctl hw.disknames command on my openBSD system, the system says: | hw.disknames=rd0. What does this means? I also saw other posts in this | forum, their hw.disknames may be wd0, cd0, etc. What do these mean, rd0, | wd0, cd0? Look up the respective manpages of these. `man rd`, `man wd`, `man cd`, and `man sd` will tell you plenty. Basically, these are different types of disks that can be used by your machine. When the system boots, it probes the hardware and enumerates all (usable) types of storage it finds. hw.disknames then lists these. A couple of examples : hw.disknames=sd0,sd1,cd0 hw.disknames=sd0,sd1,cd0,sd2 hw.disknames=wd0,wd1,wd2,wd3 sd are disks find behind a SCSI(-like) bus. The first example are actual SCSI disks, in the second example, sd0 and sd1 are SATA disks (they live behind an AHCI controller) and sd2 is a USB disk. cd are CD-ROM drives (or CD-R, CD-RW, DVD, etc). I think these are quite obvious. wd are basically IDE drives. rd is a ramdisk, most commonly found in install kernels (bsd.rd etc). Read the manpages for these (all in section 4) for more details. Cheers, Paul 'WEiRD' de Weerd -- [++-]+++.+++[---].+++[+ +++-].++[-]+.--.[-] http://www.weirdnet.nl/
OpenBSD compatability with Super Micro Blades
Has anyone had any trouble or any experience using OpenBSD with SuperMicro Blades? We are looking at moving to a blade environment using the Super Micro SBI-7125-T1 blades (Dual Xeons). I dont want to outlay a bunch of cash on hardware that is not going to run OpenBSD. I could not find direct support under hardware for the chipsets listed. For those nice enough :) to take a look - Super Micros website specs for this blade. http://www.supermicro.com/products/SuperBlade/module/SBI-7125B-T1.cfm Chipset information On-Board Devices Chipset Intel. 5000P (Blackford) chipset MCH + PXH + ESB2 SATA ESB2 SATA Controller RAID 0, 1 support IPMI Support for Intelligent Platform Management Interface v.2.0 via Chassis Management Module (CMM) Network Controllers Intel. (ESB2) 82563EB Dual-Port Gigabit Ethernet PHY Controller Supports SerDes (Serializer/Deserializer) Intel. I/OAT support for fast, scaleable, and reliable networking Graphics ATI ES1000 controller with 16 MB of video memory Super I/O Winbond 83627HF chip Clock Generator CK410B chip Thanks Bill No virus found in this outgoing message. Checked by AVG. Version: 7.5.519 / Virus Database: 269.22.3/1354 - Release Date: 4/1/2008 5:38 AM
Re: Where to rent the best dedicated servers?
In response to Kyrre Nygerd [EMAIL PROTECTED]: Sorry, I really don't know where else to ask. I've been using Staminus for a while now and I've had it with the downtime. Basically I want a place to host my Ruby on Rails / Git projects, an IRC server as well as an internet radio channel. Simple website / control panel design is ofcourse a plus. None of that cpanel bullshit though, I prefer to meddle around with simple text files the way it's meant to be done. So, layeredtech.com? rackspace.com? pair.com ? -- Bill Moran http://www.potentialtech.com
HFSC rules not working/parsing as supposed to
Hello all. A while back (several months ago), I had a dialogue with Henning regarding hfsc in pf not working as it was supposed to. To be more specific, according to previous posts and discussions, the following bare-bones ruleset should parse OK: ext_if = hme0 int_if = fxp0 altq on $ext_if hfsc bandwidth 384Kb queue { rtq defq } queue rtq hfsc(realtime 10Kb linkshare 11Kb upperlimit 21Kb) queue defq hfsc(default realtime 0Kb linkshare 200Kb upperlimit 300Kb) However, running pfctl -nv -f pf.conf on this produces the following error right after the first queue rule: pfctl: the sum of the child bandwidth higher than parent root_hme0 According to previous posts by Henning, if the service curves are specified in full, the bandwidth keyword should be unnecessary. I agree with the people who have posted to the lists before regarding the bandwidth keyword in hfsc as being confusing and redundant. So the question is: why do I get this error in the first place? Henning didn't have time to debug this, so it didn't go any further, but I'd appreciate any assistance in trying to figure this out now. I don't want to have to use the hack of bandwidth when the service curves should fully determine the queueing configuration. Thanks for any assistance. Looking for last minute shopping deals? Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
Re: Server room temperature sensors
On Wed, 6 Feb 2008 23:07:01 -0800 Joe [EMAIL PROTECTED] spake: Can anyone recommend a server room temperature sensor that I can use with openbsd? I want to monitor temperature and humidity. I hope to graph the data from the sensor. The sensor can be connected to my openbsd via usb, serial, or even network. I've used AVTECH in a few of my rooms. I think the cheapest is around $240 maybe... bigger models can handle everything from smoke, to noise, etc... Read them via SNMP tied to nagios. Works good, the basic model comes with a temp sensor in the unit and a 25' (I believe) lead to a remote sensor. I also have some NetBotz, and while expensive are pretty cool - airflow, noise, temp, humidity, door sensor, camera, etc... Nice if your not spending out of pocket eh...
Re: KDE presents a distorted screen or quits in the middle of starting up
On 12 Dec 2007, [EMAIL PROTECTED] wrote: Hi, It takes me 3 or 4 startx's before I get a KDE screen that looks normal. When it looks bad, the terminal background is black and other contrast problems exist. Other times it simply locks up in the middle of starting up. Has any one else had these problems? I run KDE on a thinkpad-t43 (-current), and don't have this problem. Could it be an X11 problem with color-depth? Thanks, Rob. -- Regards, Bill Karh
Re: spamd problems
On Sun, 19 Aug 2007 22:09:49 +0300 Edgars MakEa [EMAIL PROTECTED] spake: Hi! Some days ago spamd just started to GREY all incoming connections even if IP address already was a WHITE. Any ideas for waht and where to look? OpenBSD 4.0 Generic those ar my firewall rules: rdr pass on $ext_if proto tcp from spamd to port 25 \ - 127.0.0.1 port 8025 rdr pass on $ext_if proto tcp from !spamd-white to port 25 \ - 127.0.0.1 port 8025 rdr on $ext_if proto tcp from any to any port 25 - 127.0.0.1 Edgars Did you reboot and loose your white table? Did they some how get added to your spamd table? I've always had my spamd-white list match on a no rdr before any of the other rules.
Re: Non critical but weird pf and openvpn problem
On Thu, 19 Jul 2007 15:06:55 -0700 [EMAIL PROTECTED] spake: I have the same problem. I was going to post a this question too along with another question. When I first boot up my OpenBSD 4.1 sever. I can not access my OpenVPN wireless connection. I can access ssh wirelessly though. So what I do is login via ssh and run pfctl -f /etc/pf.conf. Now my OpenVPN connection works just fine. I too have my startup script in /etc/rc.local but it is much simpler: /usr/local/sbin/openvpn /var/openvpn/server.conf I am curious to know why pf requires a command line start for it to work. I have a few OpenVPN installations running and do not have this problem with any of them. I start my PF normally through the rc.conf.local pf= pf_rules=/etc/brock.conf My OpenVPN starts in rc.local echo -n ' openvpn'; /usr/local/sbin/openvpn --cd /etc/openvpn --config server.conf --daemo It all just works(TM). Do you have a hostname.tun0 file in /etc? I forget if OpenVPN will create the tun0, but it could be why PF needs to be run after in your instance. I have simply: UP in this file.
Re: SSH brute force attacks no longer being caught by PF rule
On Thu, 28 Jun 2007 09:02:43 -0500 J.D. Bronson [EMAIL PROTECTED] wrote: At 08:56 AM 06/28/2007, Stuart Henderson wrote: On 2007/06/28 08:46, J.D. Bronson wrote: Will NEW offenders be added to /etc/tables/scanners as they are discovered and therefore not just remain in kernel? No, pf does not write to files. How about cron(8) and pfctl(8) instead? so if it wont write to a file...I presume it blocks whats listed in /etc/tables/scanners permanently and then only blocks NEW offenders via kernel memory? (can someone clarify my understanding of that? I would ideally like to stop attacks and then write the offenders in a file so I dont loose these during a reboot... what if I cron something like this: pfctl -t scanners -T show /etc/tables/scanners pfctl -f /etc/pf.conf Would that work?? The persist thing got me at first too, but the FAQ is quite clear and does not actual say it writes anywhere. I just assumed it for reasons beyond this discussion. Anyway, persist keeps it even if no rules are not using it. The file part is strictly for pre-populating when pf starts up. I am not sure why you have both of those... the top line to output would be fine, and have your pf ruleset use the file at startup to read them in.
Re: Could non-used, but non-upgraded X install freeze a system?
On Tue, 29 May 2007 21:01:21 -0600 Matthieu Herrb [EMAIL PROTECTED] spake: On 5/29/07, Bill [EMAIL PROTECTED] wrote: Hey anyone, We've been having this issue with our router freezing up. Completely dead. No panic, no error, just phooey. Anyway, memory and disk tests did not show anything so we are going to replace the hardware. But in prepping for this I noticed that the original installation had X installed. Now I was unaware of this, and in subsequent upgrades did not install newer X packages. That being said, the problems started after I upgraded from 3.8 - 3.9 - 4.0 (In one sitting). I don't use X on there and even have the aperture disabled in sysconf. Is there any way this could cause my system to completely freeze? No. Definatly not. What is the best way to try to re-mediate from this? A full clean install? It's currently at 4.1 + patches. (X is still at 3.8 I imagine). Errors I could understand, but I don't see think it would lock a system up... but I am not that good, so I am asking here, before yanking the hardware out. I've no idea. You don't provide enough details. Does the box still answer pings? does the caps -lock led still toggle ? post a dmesg ? Sorry for the lack of info. I posted it all before and did not get very far. This was just to check out the X factor so to speak. The box is dead - no caps lock, nothing. The most is that the nic cards I believe still blink some. Other than that its power down completely. Thanks
Could non-used, but non-upgraded X install freeze a system?
Hey anyone, We've been having this issue with our router freezing up. Completely dead. No panic, no error, just phooey. Anyway, memory and disk tests did not show anything so we are going to replace the hardware. But in prepping for this I noticed that the original installation had X installed. Now I was unaware of this, and in subsequent upgrades did not install newer X packages. That being said, the problems started after I upgraded from 3.8 - 3.9 - 4.0 (In one sitting). I don't use X on there and even have the aperture disabled in sysconf. Is there any way this could cause my system to completely freeze? What is the best way to try to re-mediate from this? A full clean install? It's currently at 4.1 + patches. (X is still at 3.8 I imagine). Errors I could understand, but I don't see think it would lock a system up... but I am not that good, so I am asking here, before yanking the hardware out.
Watchdog card for OpenBSD
We've been having a locking up problem with our openbsd based router for a while now. I upgraded to 4.1 about a week ago and so far it has not locked. Later this week we have scheduled some time to take down the router and run some memory / disk tests on it to make sure its not a hardware issue. We are also going to dust it out since it is in a dusty environment. Anyway, we figured while it was down we could possible throw a watchdog card in. I noticed 4.1 added support for the Quancom PWDOG1... anyone have anything good or bad to say about it? I still have to get in to check for the reset pin on the motherboard. Regards, Bill
Problem with lockups after upgrade from 3.8
* * A recent post and a router blowout today has sparked me to report this * * Hey all, We've had a router running openbsd for a while now. A few months ago we upgraded from 3.8 to 4.0 (upgrade technically was 3.8 - 3.9 - 4.0) and it seemed to go as smooth as possible. Then we started having bi-weekly crashes. The system will just simply freeze. The first happened within a day of the upgrade. There is nothing in the logs prior to the crash of note... the only thing for hours previous to that is stuff like: May 7 11:46:28 core /bsd: arplookup: unable to enter address for 0.0.0.0 and the occasional syslogd restart. When the fixes for the mbuf stuff came out for 4.0 I was hopeful that may have been the issue... we have been running 4.0 with all the patches up through 010 through two lockups. There is no pattern I can detect to the lockups - only once has it happened during heavy traffic hours. I am also in the process of building a 4.1 box and compiling it to stable. Once the packages page is up I can try that on the router also if someone would think it would help. This thing was running fine till we went up to 4.0. If anyone thinks it is worth it, we can drop back to 3.8 or 3.9 to get the stability back... Problem is that this router is serving about 5 segments, so it going down is immediately noticeable. The other OpenBSD boxes are running perfectly (but they handle a fraction of the traffic these do). I noticed another post about 4.0 and a suggestion to blow out the P/S which I will do also. This is the item in question: OpenBSD 4.0-stable (GENERIC) #3: Thu Mar 22 07:49:14 EDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) 4 CPU 2.80GHz (GenuineIntel 686-class) 2.81 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID real mem = 536375296 (523804K) avail mem = 481329152 (470048K) using 4256 buffers containing 26923008 bytes (26292K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(00) BIOS, date 10/21/04, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.3 @ 0xf96b0 (58 entries) bios0: Quanta Computer Inc. S20A apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf4630/160 (8 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 6300ESB LPC rev 0x00) pcibios0: PCI bus #4 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9000/0x1000 0xca000/0x1000 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82875P Host rev 0x02 ppb0 at pci0 dev 3 function 0 Intel 82875P PCI-CSA rev 0x02 pci1 at ppb0 bus 1 em0 at pci1 dev 1 function 0 Intel PRO/1000CT (82547GI) rev 0x00: irq 5, address 00:c0:9f:41:a2:14 ppb1 at pci0 dev 28 function 0 Intel 6300ESB PCIX rev 0x02 pci2 at ppb1 bus 2 ppb2 at pci2 dev 1 function 0 IBM 133 PCIX-PCIX rev 0x02 pci3 at ppb2 bus 3 em1 at pci3 dev 4 function 0 Intel PRO/1000MT QP (82546EB) rev 0x01: irq 9, address 00:04:23:bc:1c:4c em2 at pci3 dev 4 function 1 Intel PRO/1000MT QP (82546EB) rev 0x01: irq 9, address 00:04:23:bc:1c:4d em3 at pci3 dev 6 function 0 Intel PRO/1000MT QP (82546EB) rev 0x01: irq 9, address 00:04:23:bc:1c:4e em4 at pci3 dev 6 function 1 Intel PRO/1000MT QP (82546EB) rev 0x01: irq 9, address 00:04:23:bc:1c:4f uhci0 at pci0 dev 29 function 0 Intel 6300ESB USB rev 0x02: irq 9 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 6300ESB USB rev 0x02: irq 11 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered Intel 6300ESB WDT rev 0x02 at pci0 dev 29 function 4 not configured Intel 6300ESB APIC rev 0x02 at pci0 dev 29 function 5 not configured ehci0 at pci0 dev 29 function 7 Intel 6300ESB USB rev 0x02: irq 10 ehci0: timed out waiting for BIOS usb2 at ehci0: USB revision 2.0 uhub2 at usb2 uhub2: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub2: 4 ports with 4 removable, self powered ppb3 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0x0a pci4 at ppb3 bus 4 em5 at pci4 dev 2 function 0 Intel PRO/1000MT (82541GI) rev 0x00: irq 3, address 00:c0:9f:41:a2:15 em6 at pci4 dev 3 function 0 Intel PRO/1000MT (82546GB) rev 0x03: irq 7, address 00:04:23:bd:97:18 em7 at pci4 dev 3 function 1 Intel PRO/1000MT (82546GB) rev 0x03: irq 3, address 00:04:23:bd:97:19 vga1 at pci4 dev 14 function 0 ATI Rage XL rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ichpcib0 at pci0 dev 31 function 0 Intel 6300ESB LPC rev 0x02 pciide0 at pci0 dev 31 function 2 Intel 6300ESB SATA rev 0x02: DMA, channel 0 configured to
Re: a question kinda pff topic
On Thu, 12 Apr 2007 11:38:12 -0400 Dave [EMAIL PROTECTED] wrote: I have a question not about the software but where you put your network stuff has any one built there own rack out of wood I am looking at building my own. Being a fine woodworking freak this was an interesting question. I have built many things our of wood - but I have never built a rack. I've considered making a desktop case out of it once, but that was more for the novelty of it. Personally I don't think its a good idea, but was wondering why were considering it?
Re: bio not working on dl380 g4 with newer ciss fw
On 4/12/07, Kalle Andersson [EMAIL PROTECTED] wrote: Hello Misc! I have a 2 HP DL380 G4 where the ciss bio stuff behaves differently... Im hoping someone can give me a clue... box1: # bioctl ciss0 Volume Status Size Device ciss0 0 Online 293617820160 sd0 RAID5 0 Online 146811543552 1:0.0 noencl COMPAQ BD14689BB9 1 Online 146811543552 1:1.0 noencl COMPAQ BD14689BB9 2 Online 146811543552 1:2.0 noencl COMPAQ BD14689BB9 3 Hot spare146811543552 1:3.0 noencl COMPAQ BD14689BB9 box2: # bioctl ciss0 bioctl: Can't locate ciss0 device via /dev/bio Only difference I can see that might have something to do with it is: box1: ciss0: 1 LD, HW rev 1, FW 2.58/2.58 box2: ciss0: 2 LDs, HW rev 1, FW 2.68/2.68 Is box2's bio not working because the 2.68 FW or that it has two logical drives? Is FW 2.68 going to be supported or should I try to downgrade (if that even is possible)? Two logical drives. Not sure about the firmware version, but the more than one logical drive issue is in the caveats section of ciss(4). --Bill
pfctl question
If I run the command # pfctl -vsr I get counters started from the last time I loaded the rule set. Is there a way to find out the Date and Time I last loaded the rule set so that I can know the length of time it took to acquire x number of packets, etc? I see a line for Status: Enabled ... Thank you very much.
Re: 802.11g in ath(4) driver
On 3/7/07, Jonathan Gray [EMAIL PROTECTED] wrote: On Tue, Mar 06, 2007 at 11:55:10PM -0600, Bill Marquette wrote: Any reason ath(4) only currently supports 11b mode? Looks like it was commented out in the driver in September with the comment for now. Just wondering if we're going to see it back for 4.1, or what's broken with it that it was removed. --Bill The voodoo required to initialise the cards for 11g rates has not been fully worked out yet. Atheros publishes no datasheets on any of their products and are openly hostile to people trying to understand how to interface to them. Thanks for the explanation. Is there anything I can do to help? Testing patches, sending hardware, prodding Atheros? What's the best supported 11g driver these days, is it ral(4)? --Bill
802.11g in ath(4) driver
Any reason ath(4) only currently supports 11b mode? Looks like it was commented out in the driver in September with the comment for now. Just wondering if we're going to see it back for 4.1, or what's broken with it that it was removed. --Bill
pf state limits
I know this has come up in the past but I haven't been able to track down a definitive answer (I'm sure there's a reason why), so I'll ask the question again. Given a i386 kernel, assume I can toss as much RAM at the box as needed (I know this isn't the limitation, it's a kernel memory issue), what's the maximum I can set the state table size to? I have a couple boxes that are running around 200K states with the limit set at 256K. I expect that I will see a growth in that state table size as the traffic to the servers behind these machines increases during our peak season. I can tune the tcp.closed parameter a bit on the external rules as 75% of these states are fin_wait_2:fin_wait_2, but before I start messing with that I'd rather increase the state limit some more. I can also try adaptive timeouts on those rules, but I'm more than a little paranoid about having the system dynamically change timeout values. Any suggestions on what the max might be and how I can monitor the system to see where I'm at in relationship to the max (if there's no hard number, I'm guessing the number depends on hardware and other system options that affect kernel memory). --Bill
SSL Certs on Carp'd web servers
Hello, I have two web servers carp'd that I am getting ssl certs for. I have it all running with my own self signed ones, but need to get a verisign or thwate cert. Is there any issues that are gonna bite me with doing this? Since they all appear the same, the cert info will be very similar and I don't want to buy them without making sure it's gonna be okay if I just apply for them using the info generated on each box? The servers are a master / backup - so the the traffic should mostly be going to one server (unless something bad happens). Any info would be great. Thanks Bill
Re: SSL Certs on Carp'd web servers
On Mon, 19 Feb 2007 16:22:59 +0100 Nico Meijer [EMAIL PROTECTED] wrote: Hey Bill, Is there any issues that are gonna bite me with doing this? No, not that I know of. I do this with a bunch of boxes. I only use the carp'ed IP address on either box when configuring apache. HTH... Nico Thanks Nico, I noticed that Verisign has an option to secure more than one server with a single cert, but it basically doubles the price. The only reason I could think of that would require a single cert for two is if I was load balanced and you never knew what you were going to get on your next request... In fact, I am probably at this point going to self sign the backup, and do a normal cert on the primary. Thanks for the sanity check!
Re: OpenBSD Router woes
On Mon, 5 Feb 2007 13:37:25 -0800 BradenM - Sonoma Computer [EMAIL PROTECTED] wrote: So, it goes like this; OpenBSD is installed and functional and in the process of becoming a PF/Router box. My problem is this, I have three ethernet cards, each assigned the names rl0 - rl2. rl0 is the ethernet card that is recieving an IPv4 address from my SBC router, rl1 will be listening to dhcp requests which I have already setup using dhcpd, and rl2 will be listening for dhcp requests but will not be connected to a computer but a wireless access point. My question, and thus my problem, is this: I have setup ip fowarding using sysctl and am now wondering how I am to distribute my internet connection from rl0 to rl1 and 2? Are PF rules required or do I have to write to the configuration file for the ethernet adapters? Unless they are all public address space, you need to perform NAT on traffic going from r0 - rl1 and r0 - rl2 - which is done through PF. You probably also want some PF rules in there to mitigate traffic. Each card will need to be configured if that is what you mean The OpenBSD FAQ has a great writeup on PF.
Re: Slow write performance on Compaq Smart Array 64xx (ciss0)
On 1/28/07, Henning Brauer [EMAIL PROTECTED] wrote: * Vijay Sankar [EMAIL PROTECTED] [2007-01-28 16:07]: bioctl -h ciss0 gives me bioctl: Can't locate ciss0 device via /dev/bio ciss doesn't support bio yet. Unless I'm mistaken, mickey@ added it pre-4.0 here: http://marc.theaimsgroup.com/?l=openbsd-cvsm=115671197617717w=2 and bio(4) man page claims it's supported as does ciss(4) (albeit with a caveat) --Bill
Re: Low power barebone: MSI Axis 700 Lite with fanless VIA C7 1GHz
Constantine A. Murenin wrote: Hi, Anyone tried subj? http://www.newegg.com/Product/Product.asp?Item=N82E16856167012 http://www.msicomputer.com/product/p_spec.asp?model=Axis_700_Lite It looks pretty-pretty nice, and goes for a very reasonable price -- about 202,32 USD delivered for a complete barebone -- it includes case, PSU, mini-ITX motherboard and a fanless VIA C7 1GHz CPU. It even has two serial ports and accepts one full-size PCI card! If anyone has any experience with this system, a dmesg and `sysctl hw.sensors` along with some acoustical descriptions would be really neat. (I suspect that this candy may have a non-controllable fan in the PSU, which would mean that it may not be 100% quiet in a living room / bedroom setting.) Cheers, Constantine. With the hard drive, cdrom, and nic (re0) in the pci slot it draws 25watts, 21watts without. The PSU Fan is typical noise wise. It did not want to boot from a USB thumb drive. sysctl hw.sensors hw.sensors.0=lm0, VCore A, 2.00 V DC hw.sensors.1=lm0, VCore B, 3.79 V DC hw.sensors.2=lm0, +3.3V, 3.26 V DC hw.sensors.3=lm0, +5V, 5.48 V DC hw.sensors.4=lm0, +12V, 12.29 V DC hw.sensors.5=lm0, -12V, -12.86 V DC hw.sensors.6=lm0, -5V, -4.88 V DC hw.sensors.7=lm0, Temp1, 36.00 degC OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: VIA Esther processor 1000MHz (CentaurHauls 686-class) 1 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,SSE3,EST,TM2 cpu0: unknown Enhanced SpeedStep CPU, msr 0x08100a1308000a13 cpu0: using only highest and lowest power states cpu0: Enhanced SpeedStep 1000 MHz (1004 mV): speeds: 1000, 800 MHz cpu0: RNG AES AES-CTR SHA1 SHA256 RSA real mem = 468217856 (457244K) avail mem = 419028992 (409208K) using 4256 buffers containing 23515136 bytes (22964K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(db) BIOS, date 10/31/06, BIOS32 rev. 0 @ 0xf92c0, SMBIOS rev. 2.3 @ 0xf0800 (33 entries) bios0: MICRO-STAR INTERNATIONAL CO., LTD MS-7199 apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 70102 dobusy 1 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0xbdd4 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfbd50/128 (6 entries) pcibios0: bad IRQ table checksum pcibios0: PCI BIOS has 6 Interrupt Routing table entries pcibios0: PCI Exclusive IRQs: 5 10 11 pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT8237 ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0xfe00 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 VIA CN700 Host rev 0x00 pchb1 at pci0 dev 0 function 1 VIA CN700 Host rev 0x00 pchb2 at pci0 dev 0 function 2 VIA CN700 Host rev 0x00 pchb3 at pci0 dev 0 function 3 VIA PT890 Host rev 0x00 pchb4 at pci0 dev 0 function 4 VIA CN700 Host rev 0x00 pchb5 at pci0 dev 0 function 7 VIA CN700 Host rev 0x00 ppb0 at pci0 dev 1 function 0 VIA VT8377 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 VIA S3 Unichrome PRO IGP rev 0x01: aperture at 0xf400, size 0x1000 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pciide0 at pci0 dev 15 function 0 VIA VT6420 SATA rev 0x80: DMA pciide0: using irq 11 for native-PCI interrupt pciide1 at pci0 dev 15 function 1 VIA VT82C571 IDE rev 0x06: ATA133, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide1 channel 0 drive 0: Maxtor 92049U3 wd0: 16-sector PIO, LBA, 19536MB, 40010544 sectors atapiscsi0 at pciide1 channel 0 drive 1 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: HL-DT-ST, CD-ROM GCR-8521B, 1.00 SCSI0 5/cdrom removable wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 4 cd0(pciide1:0:1): using PIO mode 4, DMA mode 2 pciide1: channel 1 ignored (disabled) uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x81: irq 10 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 16 function 1 VIA VT83C572 USB rev 0x81: irq 10 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 16 function 2 VIA VT83C572 USB rev 0x81: irq 11 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered uhci3 at pci0 dev 16 function 3 VIA VT83C572 USB rev 0x81: irq 11 usb3 at uhci3: USB revision 1.0 uhub3 at usb3 uhub3: VIA UHCI root hub, rev 1.00/1.00, addr 1 uhub3: 2 ports with 2 removable, self powered ehci0 at pci0 dev 16 function 4 VIA VT6202 USB rev 0x86: irq 5 usb4 at ehci0: USB revision 2.0 uhub4 at usb4 uhub4: VIA EHCI root hub, rev 2.00/1.00, addr 1 uhub4: 8 ports with 8 removable, self powered viapm0 at pci0 dev 17 function 0 VIA VT8237
Re: help! 855 chipset resolution
[I'm not good at numbers..]: mount: wrong fs type, bad option, bad superblock on /dev/hda3, missing codepage or other error In some cases useful info is found in syslog - try dmesg | tail or so From 'dmesg|tail': [4429130.194000] ufs_read_super: bad magic number On a PC it does work fine. [[[ This is NOT a question nor an attempt to create a new thread - I'm not asking for solutions here - I can live with it ]]]. Another thing you might bump into using lilo or possibly GRUB (I don't use that - yet another GNU ...), is a complaint about corrupted partition entry or PT entry not aligned or something. Can't remember exactly what the message was, but lilo may see PT entries created with OpenBSD fdisk as invalid/corrupt. Just insert an ignore-table into /etc/lilo.conf and the problem is fixed. Bill Cheers, Pau 2006/12/13, [EMAIL PROTECTED] [EMAIL PROTECTED]: Why don't you just set aside a partiton for OpenBSD and dual-boot until you get your setup to the point that you can work with it? -RjH
Finding missing udp packets?
I have an OpenVPN server running on OpenBSD 3.8 (x86). I've been having intermitten problems with it and reconnection problems. It's openvpn out of ports for 3.8. I have it down to right now, sporadically, the OpenVPN server thinks it is sending UDP packets (and in the logs makes note that it has) but I cannot see them leaving the external interface... What can I do to track down where this is going wrong? Is there some way to see if OpenBSD is taking this packet and then losing it? I am just not sure where to look next. I've watched it happen, and the traffic is very low, the utlization is like so: load averages: 0.40, 0.54, .60 38 processes: 37 idle, 1 on processor CPU states: 2.7% user, 0.0% nice, 3.7% system, 1.6% interrupt, 92.0% idle Memory: Real: 678M/824M act/tot Free: 684M Swap: 0K/3072M used/tot The strange part is that it works fine for a while, then suddenly starts up with this behavior... We've had this happen with clients on all different platforms (windows / mac / linux). We have an upgrade to OpenBSD 4.0 set for the first few weeks of next year... I've another 3.8 machine running this fine with no problems whatsoever... Any pointers would be great and very appreciated. I've tried the OpenVPN lists, but no help there OpenBSD 3.8 (GENERIC) #138: Sat Sep 10 15:41:37 MDT 2005 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Celeron(R) CPU 2.40GHz (GenuineIntel 686-class) 2.41 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID real mem = 1609588736 (1571864K) avail mem = 1461350400 (1427100K) using 4278 buffers containing 80580608 bytes (78692K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(49) BIOS, date 05/19/04, BIOS32 rev. 0 @ 0xfd5b6 pcibios0 at bios0: rev 2.1 @ 0xfd520/0xae0 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfde80/352 (20 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #3 is the last bus bios0: ROM list: 0xc/0x9000 0xc9000/0x1000 0xca000/0x1000 0xcb000/0x1800 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82875P Host rev 0x02 ppb0 at pci0 dev 3 function 0 Intel 82875P PCI-CSA rev 0x02 pci1 at ppb0 bus 1 em0 at pci1 dev 1 function 0 Intel PRO/1000CT (82547GI) rev 0x00: irq 5, address: 00:09:6b:7f:70:93 ppb1 at pci0 dev 28 function 0 Intel 6300ESB PCIX rev 0x02 pci2 at ppb1 bus 2 em1 at pci2 dev 2 function 0 Intel PRO/1000MT (82546GB) rev 0x01: irq 5em1: The EEPROM Checksum Is Not Valid em1: Unable to initialize the hardware em2 at pci2 dev 2 function 1 Intel PRO/1000MT (82546GB) rev 0x01: irq 5em2: The EEPROM Checksum Is Not Valid em2: Unable to initialize the hardware uhci0 at pci0 dev 29 function 0 Intel 6300ESB USB rev 0x02: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 5300ESB USB rev 0x02: irq 5 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered Intel 6300ESB WDT rev 0x02 at pci0 dev 29 function 4 not configured Intel 6300ESB APIC rev 0x02 at pci0 dev 29 function 5 not configured ehci0 at pci0 dev 29 function 7 Intel 6300ESB USB rev 0x02: irq 11 usb2 at ehci0: USB revision 2.0 uhub2 at usb2 uhub2: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub2: 4 ports with 4 removable, self powered ppb2 at pci0 dev 30 function 0 Intel 82801BA AGP rev 0x0a pci3 at ppb2 bus 3 vga1 at pci3 dev 2 function 0 ATI Radeon VE QY rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) fxp0 at pci3 dev 8 function 0 Intel 82557 rev 0x0c, i82550: irq 11, address 00:0e:0c:50:d7:c4 inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 ichpcib0 at pci0 dev 31 function 0 Intel 6300ESB LPC rev 0x02 pciide0 at pci0 dev 31 function 2 Intel 6300ESB SATA rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: HL-DT-ST, CD-ROM GCR-8482B, 1.02 SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 wd0 at pciide0 channel 1 drive 0: Maxtor 6Y080M0 wd0: 16-sector PIO, LBA, 76324MB, 156312576 sectors wd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 5 Intel 6300ESB SMBus rev 0x02 at pci0 dev 31 function 3 not configured isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pmsi0 at pckbc0 (aux slot) pckbc0: using irq 12 for aux slot wsmouse0
Re: What it this mean?
On Mon, 2006-12-11 at 15:47 -0800, Bryan Irvine wrote: On 12/11/06, Nick Guenther [EMAIL PROTECTED] wrote: On 12/11/06, Carlos A. Garcia G [EMAIL PROTECTED] wrote: i have recived a mail from the server with this information Checking setuid/setgid files and devices: Setuid/device find errors: find: /tmp/PerlIO_W32319: No such file or directory what is it? and what can i do to fix the problem? This is not nearly enough information to even begin guessing what the problem is, except that it's something to do with Perl, and looking at http://netpointmexico.com I see that it's a webmail system written in Perl. It's probably a bug in that, potentially one that OpenBSD (if you're even running OpenBSD) exposes? I suspect you are on the right track. My best guess with the complete lack of info is that /var/www/tmp is missing (ie chrooted apache). --Bryan To both commentators: http://www.seas.ucla.edu/classes/mkampe/cs111.sq05/docs/bsd.html Excellent reading! Bill -- Incompetence is our watchword - John Peel
Re: diskless kernel config
On Tue, 2006-12-12 at 11:26 +1100, Craig Barraclough wrote: I tried something similar, because I wanted to see if I could mount an NFS partition from my Soekris, running OpenBSD, but I couldn't get it to work. I also couldn't get NFS support to compile properly, so I left it snip I've had no problem getting a 4.0-current (upgraded from 3.8-current, through 3.9-current) system (Soekris NET4801-50) working in just this way. I was talking about 3.8. Tried configuring GENERIC with NFS support but it failed, and I just didn't feel like going into the details at that time (unaware of the mass of details that bsd.rd / miniroot was going to throw at me;). NFS kernel supplied from a CF based filesystem on one Soekris box, root and swap on a NAS device. Boxes are mounted in the neat kd85.com rack-mount case (Thanks Wim!). Kernel is built using a quick patch: --- GENERIC Thu Jun 8 12:04:42 2006 +++ GENERIC.NFS Tue Jun 13 12:13:35 2006 @@ -39,7 +39,7 @@ #option NTFS# Experimental NTFS support # or use root on nfs swap on nfs -config bsd swap generic +config bsd root on nfs swap on nfs You're right. The motivation for dropping the DISKLESS kernel config, according to a CVS log message (if I remember it well), was indeed a line like now replaced by a single line in GENERIC. Still, mounting / on NFS doesn't seem to be considered the standard procedure it is with e.g. Debian/GNU Linux, and isn't documented extensively - in the FAQ or elsewhere. I'd be happy to do that, _if I find time_. Some day I'll try setting up the diskless environment again, if only for fun education. Maybe some nice doc will spin off of it. Bill -- Incompetence is our watchword - John Peel
Re: diskless kernel config
I tried that too a while ago, without success. If I remember it well, support for diskless booting was dropped for i386 at some point, though the config still contains references to it here and there. But someone kick me if I'm wrong.. Bill On Sun, 2006-12-10 at 22:09 -0600, Jacob Yocom-Piatt wrote: the diskless(8) manpage is quite informative but it omits any discussion of the necessary kernel config for running diskless. the closest thing i could find was http://marc.theaimsgroup.com/?l=openbsd-miscm=107368329021519w=2 the goal is to get a soekris 4801 running diskless and i tried taking the flashdist 4801 config for 4.0 and making a single modification. the only change made was #config bsd root on wd0a config bsd root on nfs swap on nfs and i got an error during the make # make mkdir -p /usr/src/sys/arch/i386/compile/NET4801/lib/kern making sure the kern library is up to date... `libkern.o' is up to date. making sure the compat library is up to date... `libcompat.a' is up to date. sh /usr/src/sys/arch/i386/compile/NET4801/../../../../conf/newvers.sh cc -Werror -Wall -Wstrict-prototypes -Wmissing-prototypes -Wno-uninitialized -Wno-format -Wno-main -Wstack-larger-than-2047 -march=i486 -fno-builtin-printf -fno-builtin-log -O2 -pipe -nostdinc -I. -I/usr/src/sys/arch/i386/compile/NET4801/../../../../arch -I/usr/src/sys/arch/i386/compile/NET4801/../../../.. -DDDB -DDIAGNOSTIC -DKTRACE -DCRYPTO -DFFS -DMFS -DTCP_SACK -DTCP_SIGNATURE -DFDESC -DFIFO -DKERNFS -DPROCFS -DINET -DALTQ -DIPSEC -DBOOT_CONFIG -DI586_CPU -DUSER_PCICONF -DPTRACE -DPCCOMCONSOLE -DCONSPEED=0x4b00 -DPCIVERBOSE -D_KERNEL -Di386 -c vers.c rm -f bsd ld -Ttext 0xD0200120 -e start -N -S -x -o bsd ${SYSTEM_OBJ} vers.o swapbsd.o(.data+0x20): undefined reference to `nfs_mountroot' *** Error code 1 Stop in /usr/src/sys/arch/i386/compile/NET4801 (line 344 of Makefile). suggestions as to the correct config setting would be appreciated. was there ever a DISKLESS config in the source tree? cheers, jake -- Good that there are standards, and enough of them
Re: diskless kernel config
Before I really get kicked: I don't think those refences are in the config, but there certainly are references to i386 diskless booting in some older online docs, like this one: http://www.onlamp.com/pub/a/bsd/2004/04/29/Big_Scary_Daemons.html I tried something similar, because I wanted to see if I could mount an NFS partition from my Soekris, running OpenBSD, but I couldn't get it to work. I also couldn't get NFS support to compile properly, so I left it and dived into the miniroot stuff. This can serve as an alternative to mount / on NFS, except that it has quite stringent size limitations. By the way, the fact that PXE booting is also often referred to as diskless booting (which technically it is), doesn't make life easier for someone who is new to both topics, as they are both quite different. Finally, from the document above: OpenBSD provides a kernel configuration specifically for i386 diskless operations. It's called DISKLESS. That config presumably contained all support that's needed for a Sun-style diskless boot, but it seems to have been obsoleted for i386. And from diskless(8): The procedures for AMD64 and i386 clients vary somewhat to the stages detailed above. See pxeboot(8) for more detailed information. They seem to vary more than somewhat.. Bill On Mon, 2006-12-11 at 06:59 +0100, Bill Maas wrote: I tried that too a while ago, without success. If I remember it well, support for diskless booting was dropped for i386 at some point, though the config still contains references to it here and there. But someone kick me if I'm wrong.. Bill On Sun, 2006-12-10 at 22:09 -0600, Jacob Yocom-Piatt wrote: the diskless(8) manpage is quite informative but it omits any discussion of the necessary kernel config for running diskless. the closest thing i could find was http://marc.theaimsgroup.com/?l=openbsd-miscm=107368329021519w=2 the goal is to get a soekris 4801 running diskless and i tried taking the flashdist 4801 config for 4.0 and making a single modification. the only change made was #config bsd root on wd0a config bsd root on nfs swap on nfs and i got an error during the make # make mkdir -p /usr/src/sys/arch/i386/compile/NET4801/lib/kern making sure the kern library is up to date... `libkern.o' is up to date. making sure the compat library is up to date... `libcompat.a' is up to date. sh /usr/src/sys/arch/i386/compile/NET4801/../../../../conf/newvers.sh cc -Werror -Wall -Wstrict-prototypes -Wmissing-prototypes -Wno-uninitialized -Wno-format -Wno-main -Wstack-larger-than-2047 -march=i486 -fno-builtin-printf -fno-builtin-log -O2 -pipe -nostdinc -I. -I/usr/src/sys/arch/i386/compile/NET4801/../../../../arch -I/usr/src/sys/arch/i386/compile/NET4801/../../../.. -DDDB -DDIAGNOSTIC -DKTRACE -DCRYPTO -DFFS -DMFS -DTCP_SACK -DTCP_SIGNATURE -DFDESC -DFIFO -DKERNFS -DPROCFS -DINET -DALTQ -DIPSEC -DBOOT_CONFIG -DI586_CPU -DUSER_PCICONF -DPTRACE -DPCCOMCONSOLE -DCONSPEED=0x4b00 -DPCIVERBOSE -D_KERNEL -Di386 -c vers.c rm -f bsd ld -Ttext 0xD0200120 -e start -N -S -x -o bsd ${SYSTEM_OBJ} vers.o swapbsd.o(.data+0x20): undefined reference to `nfs_mountroot' *** Error code 1 Stop in /usr/src/sys/arch/i386/compile/NET4801 (line 344 of Makefile). suggestions as to the correct config setting would be appreciated. was there ever a DISKLESS config in the source tree? cheers, jake -- Good that there are standards, and enough of them
Re: ral0: device timeout
On 12/4/06, Markus Bergkvist [EMAIL PROTECTED] wrote: Also, the connection light and the transmission light is always on, regardsless if it is connected to the network or sending/receiving or not. Only when I take the network interface down the lights go out. If that means anything to anyone. Check the other end. I've had a similar problem with sis0 on a Soekris (both LEDs continuously on), and it turned out to be the Vigor ADSL modem that was in trouble. Bill -- Good that there are standards, and enough of them
Re: ral0: device timeout
From http://www.cisco.com/univercd/cc/td/doc/product/rtrmgmt/ie2116/install/cables.htm#wp1043436 : The bottom LED is the Ethernet activity LED. When it flashes, it indicates that data is being transmitted or received between the server and a network device. The flashing frequency is proportional to the amount of traffic on the network link. So if the LED stays ON then something might be flooding the interface with packets [or the interface is trying to send the same packet over and over again - beyond my knowledge]. Which might as well indicate a software [config] problem. Did you run tcpdump(8) on that interface? Did you reboot the device while off the net and was there still a problem? That would indicate that the error is generated internally. I wouldn't bet my life on an OS or hardware issue here. Bill On Tue, 2006-12-05 at 23:11 +0100, Markus Bergkvist wrote: I have a RT2600 also on my AP so I guess I have to get my hands on a working out-of-the-box AP to verify that it is no hardware problem. /Markus Bill Maas wrote: On 12/4/06, Markus Bergkvist [EMAIL PROTECTED] wrote: Also, the connection light and the transmission light is always on, regardsless if it is connected to the network or sending/receiving or not. Only when I take the network interface down the lights go out. If that means anything to anyone. Check the other end. I've had a similar problem with sis0 on a Soekris (both LEDs continuously on), and it turned out to be the Vigor ADSL modem that was in trouble. Bill -- Good that there are standards, and enough of them
Re: file permissions/ownership in base40.tgz
Hello Robert, I don't feel authorized to tell you that everything inside base.tgz is set correctly after untarring (must look inside install script to be 100% sure), but here's a script that I've been using lately. Note Linux' [sS] and OpenBSD's [tT]. Good that there are standards! Bill --- #!/bin/sh # # findperms - find node permissions # Usage: ./findperms [-r [-t]] node # Writes to stdout # Will print: # type mode owner.group path # type mode owner.group path/tree.. [-r] # type mode owner.group /tree.. [-r -t] os=$(uname) if [ X$1 = X-r ]; then recursive=yes shift fi if [ X$1 = X-t ]; then truncate=yes shift fi if [ -z $1 ] || [ -n $truncate -a -z $recursive ]; then echo Usage: ./findperms [-r [-t]] node exit 1 fi node=$1 command=ls -ld $node if [ X$recursive = Xyes ]; then command=find $node -exec ls -ld {} \; fi subst= if [ X$truncate = Xyes ]; then subst= $node fi # OpenBSD and Linux use different output formats with 'ls -l' # Merging the two awk commands into one turned out not to be a good idea (maintenance) if [ X$os = XOpenBSD ]; then eval $command | sed -e 's/, */,/' -e 's/ -.*//' | grep -v ^total | awk -F' ' '{ mod=0 } /^.r/ { mod += 400 } /^..w.../ { mod += 200 } /^...x../ { mod += 100 } /^...s../ { mod += 4000 } /^r./ { mod += 40 } /^.w/ { mod += 20 } /^..x.../ { mod += 10 } /^..s.../ { mod += 2000 } /^...r../ { mod += 4 } /^w./ { mod += 2 } /^.x/ { mod += 1 } /^.T/ { mod += 1000 } /^.t/ { mod += 1001 } { printf %c %04d %s.%s , substr($1, 1, 1), mod, $3, $4 } { if ($9) print $9; else print $8 }' | sed [EMAIL PROTECTED]@ @ elif [ X$os = XLinux ]; then eval $command | sed -e 's/, */,/' -e 's/ -.*//' | grep -v ^total | awk -F' ' '{ mod=0 } /^.r/ { mod += 400 } /^..w.../ { mod += 200 } /^...x../ { mod += 100 } /^...S../ { mod += 4000 } /^...s../ { mod += 4100 } /^r./ { mod += 40 } /^.w/ { mod += 20 } /^..x.../ { mod += 10 } /^..S.../ { mod += 2000 } /^..s.../ { mod += 2010 } /^...r../ { mod += 4 } /^w./ { mod += 2 } /^.x/ { mod += 1 } /^.t/ { mod += 1000 } { printf %c %04d %s.%s , substr($1, 1, 1), mod, $3, $4 } { if ($9) print $9; else print $8 }' | sed [EMAIL PROTECTED]@ @ fi exit 0 --- On Mon, 2006-12-04 at 14:18 +0100, Robert Urban wrote: Hi Misc'ers, I did something stupid on my 4.0 server and lost the contents of /bin. I restored by booting from the install-cd, mounting /, /usr, and /var, and running cd /root-mount; pax -rz -f /cd/4.0/i386/base40.tgz (please don't ask what the stupid thing was). I saved my /etc, /var/db, /var/www, /var/cron beforehand, so these were not affected. The pax-connaisseurs among you will immediately notice that I forgot to use -p e to preserve all permissions. I went through manually and reset setuid/setguid bits for all relevant files, using a 3.9 system as my guide. My question is, does base40.tgz contain the permissions/ownership that the files should have after installation? Is it appropriate to write a script which uses the permissions and owner/group from base40.tgz to restore the same for all existing files in the filesystem? Or do file permissions/ownership somehow get modified during the installation? thanks, Rob Urban
dynamic update of gateway for route-to rules in pf.conf on dhcp interface?
Is there a way to dynamically update the gateway ip address on the dhcp interface along with ip address in the load balancing rules? http://www.openbsd.org/faq/pf/pools.html has a sample pf.conf file ext_if1 = fxp0 ext_if2 = fxp1 ext_gw1 = 68.146.224.1 ext_gw2 = 142.59.76.1 pass out on $ext_if1 route-to ($ext_if2 $ext_gw2) from $ext_if2 to any In this pass out rule it's my understanding that if the $ext_if2 or fxp1 ip address changes the firewall rules will be updated automatically. However, it looks to me like the $ext_gw2 will not be updated if it changes since the variable points to an explicit ip address. Is there a way to update the gateway ip address for that interface without writing some script to modify the pf.conf file and then reload the rule set? Thank You.
Re: Quagga and OpenBGP
On 11/30/06, Demuel I. Bendano, R.E.E [EMAIL PROTECTED] wrote: All, I cannot still see the logic as to why Quagga is part of the OpenBSD ports tree when it has OpenBGP at all in the default install? The documentation of OpenBGP tells us that it is far superior in design as compared to Zebra/Quagga. Side comments? BGP isn't the only reason you might use Quagga. I use it for RIP since routed doesn't have any method of enforcing what networks are learned from what gateways. I've got a couple machines that need to send me a limited number of routes, I know exactly what those routes are, but not which of the gateways will send it and have never figured out a way to restrict that in the routed config. I haven't looked at openripd (or whatever the new RIP daemon is called) yet, but plan on it before our next upgrade to see if I can ditch Quagga. --Bill
Re: livecd error
From my notes (this is apparently the old way to do it, but it might work for you as a quick fix): Error: /usr/bin/ld: cannot find -lstubs Problem: /usr/src/distrib/special/libstubs/libstubs.a does not exist Fix: cd /usr/src/distrib/special/libstubs make Bill On Wed, 2006-11-29 at 09:05 -0700, Carlos A. Garcia G. wrote: Hi, im trying to make a obsd livecd i use the instructions in http://www.onlamp.com/pub/a/bsd/2005/07/14/openbsd_live.html but in one step i get /usr/bin/ld: cannot find -lstubs collect2: ld returned 1 exit status *** Error code 1 Stop in /usr/src/distrib/i386/ramdisk_cd (line 10 of instbin.mk). *** Error code 1 Stop in /usr/src/distrib/i386/ramdisk_cd (line 109 of /usr/src/distrib/i386/ramdisk_cd/../common/Makefile.inc). what can i do to solve the problem?
Re: Baffling problem with OBSD-protected servers and Windows Vista...
I'm not sure if this will be of any help, but at least the Firefox issue sounds like FF is able to connect, but never receives any return traffic. I've had that with misconfigured netmasks I believe. Does Vista use some sort of net group or certificate based access scheme (e.g. if it's not a Vista box talking to me, I won't talk back)? May sound stupid, but you never know. Who on earth knows what MS does with network traffic? Bill On Sun, 2006-11-26 at 21:19 -0600, Reverend Deuce wrote: (This is very long email because it's a very complicated problem... I've included some tcpdump logs below to assist...) The last week and days I've been working with the RTM version of Vista obtained through my MSDN license. This is the gold version of Windows Vista, BTW. It's done. It's been shipped to manufacturing (hence RTM, release to manufacturing). Okay, so I've installed this thing and am testing out all the bells and whistles. I install Firefox, OpenVPN, putty, the Java JRE from Sun, etc. I start to tool around and I notice that none of our company's web sites will load in Firefox any longer. Firefox's status bar says Waiting for www.site.tld... and eventually will time out. It does this for every single web site we host. I fire up IE 7. No problems with any site. I go back to Firefox and it's still having issues -- but *only* with sites hosted behind our OpenBSD firewalls. I fire up telnet (after enabling it through the control panel -- no idea why MS did this). I can telnet to our web servers via port 80, issue GET requests, receive responses. No trouble with Telnet.exe. Putty however, has trouble. Wont work period. Port 80 telnet, ssh port 22, etc. None of them. So now I am thinking that it might just be a Firefox problem... but it's not. Microsoft's own Remote Desktop Connection (terminal services client, rdp client, etc) wont connect to our datacenter servers -- and they are accessed via an openvpn point to point VPN that terminates on the OpenBSD firewall which acts strictly as a routed tunnel between our two networks. I turn off as much of the Vista security features as I can. This does nothing. Since our OBSD firewalls were of the older variety (3.6), I figured I might try an upgrade to 4.0 to see what happens. No dice. To summarize: This **only** is affecting Windows Vista (have not tried the latest betas of Longhorn Server). Windows XP, Windows 2000, Free/OpenBSD, CentOS, and our four Mac users with OSX have zero trouble. None. Nada. They work flawlessly. Okay, so we can blame Vista -- that would be fine with me, but let's face it -- this going to be big come January. I have a month to fix this damn thing and I am really out of ideas. Our network: 100mbit dedicated inet connection through ATT, terminates to a big Cisco setup owned by our datacenter. Firewalls are now OBSD 4.0, single-proc Xeon 2.4gHz, 1GB RAM, etc. -- they are decent systems with six gigabit NICs each. They are all configured with CARP and pfsync. This has worked very, very well since day 1 in 2004! CARP rocks! They connect to an HP ProCurve 5400ZL modular switch, configured with various port VLANs, etc. Everything is gigabit, 'cept for a few databases using 10-gigabit CX4. Here are some tcpdumps from the master FW during connection attempts with a browser: Opera 9: 20:40:45.824144 my.workstation.ip.49370 remote.server.ip.80: S 1215871830:1215871830(0) win 8192 mss 1380,nop,wscale 8,nop,nop,sackOK (DF) 20:40:45.824646 207.218.64.33.80 my.workstation.ip.49370: S 2582857930:2582857930(0) ack 1215871831 win 64240 mss 1460,nop,wscale 0,nop,nop,sackOK 20:40:45.878361 my.workstation.ip.49370 207.218.64.33.80: . ack 1 win 260 (DF) 20:40:45.904597 my.workstation.ip.49370 207.218.64.33.80: P 1:384(383) ack 1 win 260 (DF) 20:40:46.058234 207.218.64.33.80 my.workstation.ip.49370: . ack 384 win 63857 (DF) 20:40:46.061253 my.workstation.ip.49370 207.218.64.33.80: P 1:384(383) ack 1 win 260 (DF) 20:40:46.061726 207.218.64.33.80 my.workstation.ip.49370: . ack 384 win 63857 (DF) (at this point, the connection is hung -- the Vista workstation receives no further communcations -- it's like it just drops the replies) Firefox: 20:38:25.197691 my.workstation.ip.49357 remote.server.ip.80: S 643900711:643900711(0) win 8192 mss 1380,nop,wscale 8,nop,nop,sackOK (DF) 20:38:25.198320 remote.server.ip.80 my.workstation.ip.49357: S 852828096:852828096(0) ack 643900712 win 64240 mss 1460,nop,wscale 0,nop,nop,sackOK 20:38:25.244540 my.workstation.ip.49357 remote.server.ip.80: . ack 1 win 260 (DF) 20:38:25.251037 my.workstation.ip.49357 remote.server.ip.80: P 1:403(402) ack 1 win 260 (DF) 20:38:25.567602 my.workstation.ip.49357 remote.server.ip.80: P 1:403(402) ack 1 win 260 (DF) 20:38:25.568042 remote.server.ip.80 my.workstation.ip.49357: . ack 403 win 63838 (DF) (same deal -- it just seems to die right here
Re: on the remote root login in OpenSSH
Hi, how about this one: PermitRootLogin 192.168.1 Should any of the SSH maintainers be reading this: possible new SSH feature? Bill On Thu, 2006-11-23 at 12:24 +0100, Igor Sobrado wrote: Hi again! I have a question on the default behaviour of OpenSSH. Please, do not understand that I am complaining on it or trying to change its behaviour in relation with remote root logins allowed by default on OpenSSH (but I certainly believe it would be nice, that is the reason I write this message to the misc@ mailing list). Just want to share my opinion with the members of this mailing list. First of all, I understand that remote root logins can be easily avoided by setting PermitRootLogin to no in /etc/ssh/sshd_config. I guess that remote root logins are allowed by default to simplify management of small network appliances that do not have user accounts on them. But these appliances are only a small number of all OpenBSD installations and, even if this number is not so small, a restricted (non-root) account in the group wheel and probably in the group operator too, on these devices is advisable to avoid damaging these appliances by mistake. In my humble opinion, there are three reasons to deny remote root logins by default: 1. Remote root login enabled by default makes the wheel group superfluous (i.e., why are used added to the wheel group when a user not in this group can log in as root, once the root password is known to him, by just typing ssh [EMAIL PROTECTED]?) 2. There are a lot of threats against the root account based in brute force attacks. Most of us see logs on this matter in our workstations and servers. Sometimes these threats, done by humans, network scanners or even worms, are successful. It is just a matter of (bad) luck. 3. OpenBSD is secure by default; all services should be configured to the most secure defaults. I think that this reason is as good as the previous ones. And not allowing remote root logins by default makes sense to me in relation with this goal. Someone that really wants to allow remote root logins should be able to enable this feature just changing /etc/ssh/sshd_config. But, in my humble opinion, most users do not really want this dangerous feature enabled by default. And, even on small network appliances, an unprivileged account in the wheel group (and even in the operator group) is a good management practice. [please, send copies of replies to this post to me if possible. I will do my best to answer any post, even if not sent to me, but it will be more difficult tracking who sent the message I am replying to.] Cheers, Igor.
Re: Just one more cisco... please
On Sat, 11 Nov 2006 08:40:23 -0600 (CST) Jacob Yocom-Piatt [EMAIL PROTECTED] spake: Original message Date: Sat, 11 Nov 2006 00:44:13 -0500 From: Bill [EMAIL PROTECTED] Subject: Just one more cisco... please To: misc@openbsd.org I just found out that to add a 4th interface to our PIX firewall will cost $100 for the card, and $3,000 for the license upgrade to allow us to do that. WTF is all that about the cost of license upgrades on proprietary crapware are so ridiculous. it reminds me of the ~500 USD that sonicwall wants just to support vlans on its enhanced OS. corporate network is coming together nicely... Sn my pretty pix, sn you shall be on Ebay... Any takers? If not, anyone got a six pack and some thermite? hop online and order the magnesium strip, iron (III) oxide and powdered aluminum and get busy! if you do this, please videotape it and post it to the list for all to enjoy. Seriously though - OpenBSD has been incredibly solid - Thanks much to everyone involved from the FAQ guys to the coders, to the planners and the doers. Well, I got a note saying the project itself could use the hardware to hack on, so it may be a tough call... I can use it for good, or for enjoyment... Blowing up stuff (well... melting) or packaging and mailing. I dunno... of course this all assumes I can get it released into my hands...
Just one more cisco... please
I just found out that to add a 4th interface to our PIX firewall will cost $100 for the card, and $3,000 for the license upgrade to allow us to do that. WTF is all that about Anyway, I can't take credit for the PIX, but I've got my boss muttering about it... So screw them, I am dropping a few OpenBSD firewalls (not to replace the PIX, but to compensate for a few things). The IDS boxes running OpenBSD very nicely... the Spamd filtering does a very nice job, the disappointingly easy to configure CARP for redundant web servers was most impressive... The bump in the line (hopefully not easily detected) firewall to keep us safe from the main corporate network is coming together nicely... Sn my pretty pix, sn you shall be on Ebay... Any takers? If not, anyone got a six pack and some thermite? Seriously though - OpenBSD has been incredibly solid - Thanks much to everyone involved from the FAQ guys to the coders, to the planners and the doers.
Re: Large scale deployments
On Fri, 2006-11-03 at 08:45 -0700, Bob Beck wrote: * Michael Lockhart [EMAIL PROTECTED] [2006-11-02 18:33]: All, Wrap your bloody lines! I agree Here's a question that I wanted to pose to the OpenBSD community about managing and maintaining a large number of OpenBSD systems in the field. To provide some background, we currently have 650+ OpenBSD 3.2 systems in the field, and I've been dealing with a fair share of headaches bringing our software to a baseline across the board on all these systems. Keep in mind most of what I'm working on is independent from the OS install itself. Here's the things that I've got solutions in place for, but would like some input on projects available, or good feedback from other's who have maintained a large number of disparate systems: 1. Reliable package building system to auto-generate OpenBSD packages that are compliant as much as possible with the standards enforced by OpenBSD. I've got scripts to do this right now, but I'm not happy with them. I use the built packages from openbsd.org Maybe use a standard install as base and pull the config from a CVS server. There are ways to separate each client's specifics inside a single CVS module, if you're not too fussy about hacks, and if the clients are more or less identical except for simple config issues like IP adresses etc. If some clients differ greatly, maybe put them into separate module groups. In my opinion OpenBSD is extremely easy when it comes to separating different configs. About packages: don't try to re-do what others have already done for you (tell me about it!!). Use the standard base and place your own layers on top of it, whether in the form of a CVS checkout or a site.tgz (which you're probably going to put under some kind of revision control anyway) or whatever. If the same things are done twice that's too bad, but you will be safer than when trying to maintain your own basXX.tgz etc., and keeping it in sync with the main dist. Upgrades are an automation nightmare, Linux distros claim they can do it but they can't (goes wrong more often than not - I've stopped installing updates on my Ubuntu-driven desktop, which saves me lots of reinstalls). I would simply reinstall, after having distilled a working config from a test system. Bill Maas