Re: pcengines apu boards
On 2017-11-30 "Paul B. Henson"wrote: > > From: Base Pr1me > > Sent: Thursday, November 30, 2017 2:08 PM > > > > I run 5 apu2 devices with no problems. I don't have any apu3 devices ... > > yet. > > Thanks for the feedback. Do you by any chance have any USB type Mini PCI > cards installed internally? I initially noticed the issue with a mini PCI LTE > modem card. Then I realized it was a more generic USB problem; I believe the > apu2 has USB1 and USB2 ports, the apu3 has two USB3 ports externally, and > then the mini PCI and a couple of internal headers are USB2. The USB3 ports, > using the xHCI driver, work fine, I suppose in the worst case I could use an > external Mini PCI to USB adapter and plug the card in outside of the case, > but that just seems so kludgy . > > I actually found a friend locally who had a apu2 board, he couldn't get the > LTE card to work on the internal mini PCI slot, which also appeared to be > EHCI based, and it would sometimes work and sometimes not plugged into the > external USB ports. It was really weird, when plugged into the same external > port, sometimes the device would show up on the EHCI bus (and not work) and > sometimes it would show up on the OHCI bus (and work). He didn't seem to have > any trouble with USB flash drives on the EHCI bus on his apu2 though. > > Hi, I have the same problem and have tried to hunt the bug, but failed so far. Have you already identified the quirks linux and freebsd use to fix this problem? Christopher -- http://gmerlin.de OpenPGP: http://gmerlin.de/christopher.pub 2779 7F73 44FD 0736 B67A C410 69EC 7922 34B4 2566
Fix carp FAQ: net.inet.carp.preempt is not necessary for group demotion failover
Hi, if I read the code correctly, the demotion counter would only _prevent_ preemptive failover if the preempting master was demoted. A demoted master would failover to a less demoted backup no matter what the advbase / advskew timing says. The relevant code is following sys/netinet/ip_carp.c:665. Here's the diff: --- carp.html.orig Sun Nov 12 11:26:42 2017 +++ carp.html Sun Nov 12 11:33:05 2017 @@ -194,8 +194,12 @@ By default, all carp(4) interfaces are added to the carp group. Each group has a carpdemote counter affecting all carp(4) interfaces belonging to that group. -As described below, it can be useful to group certain interfaces together -for failover purposes. +This enables failing over the whole group of interfaces in the event that +one interface goes down. +If one physical CARP-enabled interface goes down, CARP will increase +the demotion counter, carpdemote, by 1 on interface groups that +the carp(4) interface is a member of, in effect causing all group +members to fail-over together. ipaddress This is the shared IP address assigned to the redundancy group. @@ -219,12 +223,6 @@ net.inet.carp.preempt Allow hosts within a redundancy group that have a better advbase and advskew to preempt the master. -In addition, this option also enables failing over a group of interfaces -together in the event that one interface goes down. -If one physical CARP-enabled interface goes down, CARP will increase -the demotion counter, carpdemote, by 1 on interface groups that -the carp(4) interface is a member of, in effect causing all group -members to fail-over together. net.inet.carp.preempt is 0 (disabled) by default. net.inet.carp.log @@ -414,7 +412,7 @@ Configure fw1: -! enable preemption and group interface failover +! enable preemption # sysctl net.inet.carp.preempt=1 # echo 'net.inet.carp.preempt=1' >> /etc/sysctl.conf @@ -437,7 +435,7 @@ Configure fw2: -! enable preemption and group interface failover +! enable preemption # sysctl net.inet.carp.preempt=1 # echo 'net.inet.carp.preempt=1' >> /etc/sysctl.conf -- http://gmerlin.de OpenPGP: http://gmerlin.de/christopher.pub 2779 7F73 44FD 0736 B67A C410 69EC 7922 34B4 2566 pgpLk4KwkZ2vJ.pgp Description: OpenPGP digital signature
Re: spamd and network whitelisting
On 2016-12-16 Clint Pachlwrote: [...] > What would be > best is if we could blacklist these spammers upon first connection I also wanted to just-in-time decisions, but with dnswl lookups. I wrote a program to intercept incoming, unknown smtp connections and do a dnswl lookup to whitelist them just in time. You could do the same for blacklisting, but only for lookups based on ip because the program looks only at the initial syn packet. For me this helped a lot to deliver mails faster which would otherwise be delayed in the greytrap, or even get stuck, because they come from smtp pools. here are the pf rules: pass in on egress inet proto tcp to (self) port smtp flags S/SA no state divert-packet port 25 pass in on egress inet proto tcp from to (self) port smtp keep state rdr-to 127.0.0.1 port spamd pass in log (to pflog1) on egress proto tcp from { } to port smtp keep state and here's the C program. It still has lots of dead debugging code.: #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #define DEBUG 0 #define DIVERT_PORT 25 #define NSTATES 10 struct dns_header { uint16_tid; uint16_tflags; #define QR 0x8000 #define OPCODE_MASK 0x7800 #define OPCODE_SHIFT 11 #define AA 0x0400 #define TC 0x0200 #define RD 0x0100 #define RA 0x0080 #define AD 0x0020 #define CD 0x0010 #define RCODE_MASK 0x000f #define RCODE_SHIFT 0 uint16_tqdcount; uint16_tancount; uint16_tnscount; uint16_tarcount; }; struct dns_record { uint16_ttype; uint16_tclass; uint32_tttl; uint16_tlength; }; struct state { union { struct in_addr in4; struct in6_addr in6; uint8_t octets[sizeof(struct in6_addr)]; } addr; struct timespec timeout; int af; uint16_t dnskey; } states[NSTATES]; void send_query(struct state *state, const char *question); void process_response(); void enlist(struct state *state, int white); int dnssock, pfdev; const char *const whitelists[] = { "list.dnswl.org", "swl.spamhaus.org", }; int main(int argc, char *argv[]) { int i, ret; time_t t; struct sockaddr_in sin4; struct sockaddr_in6 sin6; struct group *group; struct passwd *passwd; struct pollfd fds[3]; tzset(); pfdev = open("/dev/pf", O_RDWR); if (pfdev == -1) err(1, "open(\"/dev/pf\") failed"); ret = IPPROTO_DIVERT_INIT; setsockopt(fds[1].fd, IPPROTO_IP, IP_DIVERTFL, , sizeof(ret)); setsockopt(fds[2].fd, IPPROTO_IPV6, IP_DIVERTFL, , sizeof(ret)); /* DNS */ if (res_init() == -1) err(1, "res_init"); assert(_res_ext.nsaddr_list[0].ss_family != 0); fds[0].fd = dnssock = socket(_res_ext.nsaddr_list[0].ss_family, SOCK_DGRAM | SOCK_DNS, 0); if (fds[0].fd == -1) err(1, "socket"); if (connect(fds[0].fd, (struct sockaddr *)&_res_ext.nsaddr_list[0], _res_ext.nsaddr_list[0].ss_len) != 0) err(1, "connect"); /* IPv4 divert */ memset(, 0, sizeof(sin4)); sin4.sin_family = AF_INET; sin4.sin_port = htons(DIVERT_PORT); sin4.sin_addr.s_addr = INADDR_ANY; fds[1].fd = socket(AF_INET, SOCK_RAW, IPPROTO_DIVERT); if (fds[1].fd == -1) err(1, "socket"); if (bind(fds[1].fd, (struct sockaddr *) , sizeof(sin4)) != 0) err(1, "bind"); /* IPv6 divert */ memset(, 0, sizeof(sin6)); sin6.sin6_family = AF_INET6; sin6.sin6_port = htons(DIVERT_PORT); sin6.sin6_addr = in6addr_any; fds[2].fd = socket(AF_INET6, SOCK_RAW, IPPROTO_DIVERT); if (fds[2].fd == -1) err(1, "socket"); if (bind(fds[2].fd, (struct sockaddr *) , sizeof(sin6)) != 0) err(1, "bind"); group = getgrnam("_spamd"); if (group == NULL) err(1, "getgrnam"); endgrent(); passwd = getpwnam("_spamd"); if (passwd == NULL) err(1, "getpwnam"); if (chroot("/var/empty") != 0) err(1, "chroot"); if (setgroups(0, NULL) != 0) err(1, "setgroups"); if (setgid(group->gr_gid) != 0) err(1, "setgid"); if (setuid(passwd->pw_uid) != 0) err(1, "setuid"); fds[0].events = POLLIN; fds[1].events = POLLIN; fds[2].events = POLLIN; #if 0 states[0].af = AF_INET; clock_gettime(CLOCK_MONOTONIC, [0].timeout); states[0].timeout.tv_sec++; states[0].addr.in4.s_addr = inet_addr("217.72.192.73"); fds[0].events |= POLLOUT; #endif while (1) { char src[48], dst[48]; struct timespec timestamp; #if DEBUG for (i=0; i < 3; i++) fprintf(stderr, "%d: fd:%d events:%hd revents:%hd\n", i, fds[i].fd, fds[i].events, fds[i].revents); fprintf(stderr, "Polling"); #endif ret = -1; for (i=0; i < NSTATES; i++) if (states[i].af != 0 && (ret == -1 ||
Re: malloc openbsd awesomness
On 2016-04-04 sven falempinwrote: > malloc.conf could be per process ? > > extern char *malloc_options; > malloc_options = "H*>**>*"; > > This would change the behavior of the program, > not other ? True -- http://gmerlin.de OpenPGP: http://gmerlin.de/christopher.pub 2779 7F73 44FD 0736 B67A C410 69EC 7922 34B4 2566 [demime 1.01d removed an attachment of type application/pgp-signature]
Re: groupdel 'command' don't remove group id
On Wed, 16 Mar 2016 08:21:35 +0100 "Max Power"wrote: > Find! Thank You Paul. > > in /etc/passwd [about user] > > testx:*:1001:1000::/home/testx:/usr/bin/false > > So I have no choice but to replace '1001' with '1000' ? I like using the users (10) group as primary group for all human users. > testx:*:1000:1000::/home/testx:/usr/bin/false Ok? > > > > > > On Wed, Mar 16, 2016 at 07:10:09AM +0100, Max Power wrote: > > | Hi Todd, guys. > > | > > | LogOut e reboot has been the first thing I have done, > > | but nothing... gid is always there! > > | > > | The group not exist but gid: yes! > > | # groups testx: group: can't find group 'testx' > > | # id testx: uid=1001(testx) gid=1001 groups=1001, > > | 1000(laboratory) > > > > The gid id reports here is the group that's configured in your > > passwd file. The line will look like this: > > > > testx:*:1001:1001:Test User:/home/testx:/bin/ksh > > - > > > > That's the GID right there. A user always has a login group that's > > configed in /etc/passwd. If you don't want this group to be used, > > don't put users in it (either in /etc/group as additional groups or > > in /etc/passwd as the login group). > > > > Cheers, > > > > Paul 'WEiRD' de Weerd > > > > | I just can not understand this! > > | can someone please help me? > > | Thanks. > > | > > | The same situation, with other deleted group, is on another > > | server with OpenBSD 5.7 amd64. > > | > > | > A user's active groups are set at login time. Removing a group > > | > from the group file does not affect processes that are already > > | > running. If you logout and login again after removing the group > > | > you should no longer be a member of the group. > > | > > > | > - todd > > | > > > > -- > >>[<++>-]<+++.>+++[<-->-]<.>+++[<+ > > +++>-]<.>++[<>-]<+.--.[-] > > http://www.weirdnet.nl/ > -- http://gmerlin.de OpenPGP: http://gmerlin.de/christopher.pub 2779 7F73 44FD 0736 B67A C410 69EC 7922 34B4 2566 [demime 1.01d removed an attachment of type application/pgp-signature]
Re: build an openbsd router/modem
Hi, I use GO-DSL-N151, a Zyxel based modem/router. The nice thing about the Zyxel firmware is that it can do scheduling with four priority queues in bridge mode. I tag the packets with vlan prio tags and the modem, which is the bottleneck does the traffic shaping. I can also use it as wlan bridge on a separate vlan. Christopher -- http://gmerlin.de OpenPGP: http://gmerlin.de/christopher.pub F190 D013 8F01 AA53 E080 3F3C F17F B0A1 D44E 4FEE
Re: Alix, pppoe(VDSL), extremely low upload speed
On Fri, 10 Oct 2014 13:19:00 +0200 Mark Patruck m...@wrapped.cx wrote: I also get around 6MB/s when using the Alix 2c3 as a simple router. Problem seems to be the combination... vr2 - vlan7 (vlandev vr2) - pppoe0 (dev vlan7) vr + vlan makes me think of this: http://marc.info/?l=openbsd-techm=136042402201839w=2 I also don't thing the Alix is too slow. As i said...50.000kbit/s down via pppoe0 works w/o issues. On Fri, Oct 10, 2014 at 01:10:39PM +0200, Stefan Sperling wrote: On Fri, Oct 10, 2014 at 12:23:36PM +0200, Mark Patruck wrote: I'm running 5.6-current on a Alix 2c3. The box is connected via pppoe(4) and VDSL 50Mbit down/10Mbit up - max-mss is set to 1440. Running a few speed tests, i get almost always 50.000kbit/s down, but not more than 400-600kbit/s up. Just for testing purposes, i started httpd(8) and tried to download a 1MB test file over the internet from another machine. $ ftp http://1.2.3.4/test1MB Trying 1.2.3.4... Requesting http://1.2.3.4/test1MB After about 8 seconds it shows 128KB, then...few seconds later... --stalled--few seconds later 256KB--stalled-- 65 seconds later, the download has finished. The same configuration (freshly installed OpenBSD 5.6-current) on another Alix 2c3 shows exactly the same issues...download fine, upload 600kbit/s. Just to make sure there is nothing wrong with cabling, VDSL modem, i tried the same configuration on an older Celeron laptop with ale(4) nic...no issues at all. I get around 8.000kbit/s. Any clues? (vr(4) issues?) I don't think vr(4) is your problem. From a net5501 soekris (similar hardware) I can download 6 megabytes per second of a file on the soekris' hard disk via a LAN-facing vr(4) interface, served over HTTP with nginx (on 5.6-stable). You could run measurements with tcpbench(1) to rule out problems at the network/driver layer. In my testing an Alix.2d2 lx800 (running 5.6-stable too) is slightly faster with tcpbench (Avg Mbps: 92.490) than the net5501 (Avg Mbps: 86.949), both using vr(4) interfaces connected to a gigabit switch. Perhaps it's worth mentioning that the vr(4) interfaces are part of a bridge(4). I'm not sure if that affects throughput but if it does plain vr(4) interfaces could be faster. -- Mark Patruck ( mark at wrapped.cx ) GPG key 0xF2865E51 / 187F F6D3 EE04 1DCE 1C74 F644 0D3C F66F F286 5E51 http://www.wrapped.cx -- http://gmerlin.de OpenPGP: http://gmerlin.de/christopher.pub F190 D013 8F01 AA53 E080 3F3C F17F B0A1 D44E 4FEE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
httpd URI leading path stripping
Hi, I'd like to add an URI stripping option to httpd, which is similar to apache/nginx's alias options: root [strip number] directory Set the document root of the server. The directory is a pathname within the chroot(2) root directory of httpd. If not specified, it defaults to /htdocs. If the strip option is set, number path components are stripped from the beginning of the request URI before looking up the stripped-down URI at directory. for example: location /pub/OpenBSD/snapshots/amd64* { root strip 4 /OpenBSD.amd64 directory auto index } For serving php: location /wiki/ { root strip 1 /dokuwiki directory index doku.php fastcgi socket /tmp/doku.sock } location /wiki/*.php { root strip 1 /dokuwiki fastcgi socket /tmp/doku.sock } location /wiki/lib/* { root strip 1 /dokuwiki directory no index } Comments? OKs? Christopher diff --git httpd.conf.5 httpd.conf.5 index 788d0a9..7776131 100644 --- httpd.conf.5 +++ httpd.conf.5 @@ -229,7 +229,7 @@ Enable or disable logging to .Xr syslog 3 instead of the log files. .El -.It Ic root Ar directory +.It Ic root Oo Ic strip Ar number Oc Ar directory Set the document root of the server. The .Ar directory @@ -239,6 +239,11 @@ root directory of .Nm httpd . If not specified, it defaults to .Pa /htdocs . +If the strip option is set, +.Ar number +path components are stripped from the beginning of the request URI before +looking up the stripped-down URI at +.Ar directory . .It Ic ssl Ar option Set the SSL configuration for the server. These options are only used if SSL has been enabled via the listen directive. diff --git httpd.h httpd.h index 04b1f05..45505a1 100644 --- httpd.h +++ httpd.h @@ -383,6 +383,7 @@ struct server_config { char*ssl_key_file; u_int16_tflags; + u_int8_t strip; u_int8_t tcpflags; int tcpbufsiz; int tcpbacklog; diff --git parse.y parse.y index 44cf90c..70e1cf7 100644 --- parse.y +++ parse.y @@ -128,12 +128,13 @@ typedef struct { %token ACCESS AUTO BACKLOG BODY BUFFER CERTIFICATE CHROOT CIPHERS COMMON %token COMBINED CONNECTION DIRECTORY ERR FCGI INDEX IP KEY LISTEN LOCATION %token LOG MAXIMUM NO NODELAY ON PORT PREFORK REQUEST REQUESTS ROOT SACK -%token SERVER SOCKET SSL STYLE SYSLOG TCP TIMEOUT TYPES +%token SERVER SOCKET SSL STRIP STYLE SYSLOG TCP TIMEOUT TYPES %token ERROR INCLUDE %token v.string STRING %token v.number NUMBER %type v.portport %type v.number optssl +%type v.number optstrip %type v.tv timeout %type v.string numberstring @@ -176,6 +177,10 @@ optssl : /*empty*/ { $$ = 0; } | SSL { $$ = 1; } ; +optstrip : /*empty*/ { $$ = 0; } + | STRIP NUMBER { $$ = $2; } + ; + main : PREFORK NUMBER{ if (loadcfg) break; @@ -333,16 +338,21 @@ serveroptsl : LISTEN ON STRING optssl port { YYERROR; } } ssl - | ROOT STRING { - if (strlcpy(srv-srv_conf.root, $2, + | ROOT optstrip STRING { + if (strlcpy(srv-srv_conf.root, $3, sizeof(srv-srv_conf.root)) = sizeof(srv-srv_conf.root)) { yyerror(document root too long); - free($2); + free($3); YYERROR; } - free($2); + free($3); srv-srv_conf.flags |= SRVFLAG_ROOT; + if ($2 0 || $2 UINT8_MAX) { + yyerror(invalid strip number); + YYERROR; + } + srv-srv_conf.strip = $2; } | DIRECTORY dirflags | DIRECTORY '{' dirflags_l '}' @@ -848,6 +858,7 @@ lookup(char *s) { server, SERVER }, { socket, SOCKET }, { ssl,SSL }, + { strip, STRIP }, { style, STYLE }, { syslog, SYSLOG }, { tcp,TCP }, diff --git server_fcgi.c server_fcgi.c index fe97be0..1d591b8 100644 --- server_fcgi.c +++ server_fcgi.c @@ -101,9 +101,12 @@ server_fcgi(struct httpd *env, struct client *clt) struct fcgi_begin_request_body *begin; char hbuf[MAXHOSTNAMELEN]; size_t
Re: httpd URI rewriting / try_files
On Thu, 28 Aug 2014 14:37:34 +0300 Gregory Edigarov ediga...@qarea.com wrote: Hello are there any plans to implement uri rewriting or something in a manner of 'try_files' configuration option of nginx? I plan to add a URL stripping option, somewhat more powerful than the nginx alias directive: root [strip number] directory Set the document root of the server. The directory is a pathname within the chroot(2) root directory of httpd. If not specified, it defaults to /htdocs. If the strip option is set, number path components are removed from the beginning of the URI before directory is prepended. this would allow you to do for example: location /wiki/ { strip 1 root /dokuwiki directory index doku.php fastcgi socket /tmp/php.sock } Christopher -- http://gmerlin.de OpenPGP: http://gmerlin.de/christopher.pub F190 D013 8F01 AA53 E080 3F3C F17F B0A1 D44E 4FEE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Did anyone tried WPAWPA2 Enterprise / LEAP on OpenBSD 5.5?
On Mon, 25 Aug 2014 21:58:58 +0200 somelooser3...@hushmail.com wrote: How can I configure (via console, not using GUI) on OpenBSD to connect to a WPAWPA2 Enterprise / LEAP wireless connection? Does anybody has any scripts for this? echo -n 'setting up wlan: ' ifconfig iwn0 scan |sed -nEe 's/^[[:space:]]*nwid ?([^]*)? chan .*$/\1/p' | \ while read nwid do case $nwid in eduroam) echo $nwid. route delete default ifconfig iwn0 inet -inet6 \ media autoselect \ -bssid \ -chan \ -nwkey \ nwid $nwid \ wpa \ wpaprotos wpa2 \ wpaakms 802.1x \ wpaciphers ccmp \ wpagroupcipher ccmp \ up rm -f rm /var/run/wpa_supplicant/iwn0 wpa_supplicant -B -c /etc/wpa_supplicant.conf -D openbsd -i iwn0 dhclient iwn0 break 1 ;; esac [...] done /etc/wpa_supplicant.conf: ctrl_interface=/var/run/wpa_supplicant ctrl_interface_group=wheel ap_scan=0 network={ ssid=eduroam key_mgmt=WPA-EAP eap=PEAP identity=x...@d.tld password=XXX } -- http://gmerlin.de OpenPGP: http://gmerlin.de/christopher.pub F190 D013 8F01 AA53 E080 3F3C F17F B0A1 D44E 4FEE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Cloning an OpenBSD system (and potential FAQ (4.15) error?)
On Fri, 22 Aug 2014 10:04:28 -0400 Alan McKay alan.mc...@gmail.com wrote: Hi folks, Hi! I have also found this : http://www.ualberta.ca/~antoine/clone/openbsd.html Also looks promising. this seems to be helper/wrapper scripts around dump. dump(8) is the way to go. I usually do dump -0auf 140822var.dump0 /var for dumping /var in a file or dump -0auf - /var |nc -l 1 on source and restore -rf - |nc source 1 for cloning a partition over the network. I like the looks of the latter since it seems to allow me to run the first part on a live system, to make a copy of that system (can anyone confirm that?). I'd much rather not have to take it down to make the image since I don't have to do that when I clone Linux. And my production systems will be happier that way :-) This will work. I can confirm that. dump can dump from mounted as well as unmounted filesystems. Clonezilla looks to be all-singing-all-dancing, but seems to require me to boot from their CD or USB in order to make a copy of my original system (can anyone confirm or refute?). Not a massive issue in my DEV rack but not ideal in production. In Linux the way I do systems is to boot the target system in Live Linux (Ubuntu), and then partition the HD(s) the way I want, and mount them up under /mnt/target/ with that being my root. Then run rsync locally to copy the master live system into /mnt/target. Use a couple of options to tell it what not to copy. Works awesome. The above perl scripts from U Alberta seem to be at least a bit similar to this procedure. Are there any options I am missing that I should look at? Has anyone used the above methods and can comment on how well they work or whether or not I should just avoid one or the other? after restoring / copying the filesystems using dump/restore and fixing up /etc/fstab on the target system, you'll need to install boot. see installboot(8). Christopher -- http://gmerlin.de OpenPGP: http://gmerlin.de/christopher.pub F190 D013 8F01 AA53 E080 3F3C F17F B0A1 D44E 4FEE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Interactive Unix System V/386 Release 3.2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, I got two SunSoft Unix System V 3.2 of 1994. With still sealed installation diskettes, user's and maintenance Guides. Anyone interested? I could ship them from germany. Christopher - -- http://gmerlin.de OpenPGP: http://gmerlin.de/christopher.pub F190 D013 8F01 AA53 E080 3F3C F17F B0A1 D44E 4FEE iQJKBAEBCgA0BQJTVPsuLRxDaHJpc3RvcGhlciBaaW1tZXJtYW5uIDxtYWRyb2Fj aEBnbWVybGluLmRlPgAKCRB+JNGfNLgqKnjWD/4s0jxVeXH8nABEX6rjTCRelFR3 XreMnh527KRV/T26O70HsMlNJZ2q6yXKOU4BsdCDWP2I7wHafky1l89sJhjBsFo2 f8MYWYrEvkBPAlm6FwVFzOXhDngVT7wVbUIA2YhwaQ1GrsfocAH64NzqcJ1JANbr wht8z0Ra9SNzxXNmEZGBfMflKkjrpJIkc6FuiJdDgixCQyxzvLu5o72HN2nP7TCV iaUgoDPCdd7Y5hM0fyfg+SM4eXs+4dPZe6lpyYjFKgyWt9eCyHNWnE85YrK2oW7q YKXf5Ixzr/Jb8nV8yjj7OqnWS4jGBgXwRjzgtRnCQMxm34bBMAStWBNG/9fayicW aUsOFDSbnxuGU5Zabc2V6tZ+jDdAnZnwbKXcG2WtgatrE0m2wQdmmjOJY+vrm668 VjoKrY0nSDkzmD/nc0G1BAEsvonnpaDEpDjo4hytVjyCBjLWsuCwTrZ+tpm5YfjV tf6cDXpJ8wcJhTYK6Ufu5LzIwQoUlUqFEIPvcDFpUkOBsC+rzRbuzUmDn989m3Tb pgjj7Pa/0xi1Yfibc4ORiG4kwg/kgzeeL5DwWImYJCBunLH9TdscveZ7RCQuD+Ag 2SFBubROZNHBGhD5OteZubxbGEEGFaMfRZil9+wg6tpdnr888a9pxcQlBU+wBeqc G8huTzyHcaHyxa+j5g== =pvcj -END PGP SIGNATURE-
Re: User land notification uppon pppoe(4) changes
On Sun, 24 Nov 2013 20:40:21 +0100 David Keller david.kel...@litchis.fr wrote: Hello, *** * My setup Say I have a router using pppoe to connect to internet. It gets a different ip address from the ISP every day. From this router I want to create a gif tunnel to a static-ip host. *** * My problem How can I ensure the src outer address of the gif interface sticks to the pppoe dynamic-ip ? *** * My solution I was thinking about updating the gif interface when the pppoe link changes its IP using a userland daemon which monitors the interface and executes user scripts. *** * Your feeling 1) Is this a good idea ? 2) Does this daemon already exist ? 2.1) If I write it, would you like me to share it ? Regards, David Here's how I do it: #!/bin/sh LastIP=0.0.0.0 Route=no Tunnel=no Dyndns=no while true do CurrIP=`ifconfig pppoe0 |awk '/inet / {print $2}'` #CurrIP=`ftp -o - 'http://www.meine-aktuelle-ip.de/' 2/dev/null |sed -n s%^.*Ihre aktuelle IP Adresse: \(.*\)br /.*$%\1%p` # Check validity of $CurrIP ping -c1 -w1 -- $CurrIP 21 /dev/null || CurrIP=0.0.0.0 TunnelRemoteV4=`ifconfig gif0 |awk '/physical address inet / {print $6}'` # Delete old route when dynamic IP has changed if [ $CurrIP != $LastIP ] then if [ $Route = yes ] then route delete $LastIP localhost fi Route=no Tunnel=no Dyndns=no fi if [ $CurrIP != 0.0.0.0 ] then # Send mail only when something needs to be done if [ $Route != yes -o $Dyndns != yes -o $Tunnel != yes ] then mail -s `hostname` dynamic IP update to $CurrIP root | exec 5p echo Current IP is $CurrIP 5 echo Last IP was $LastIP 5 echo Last status: $Route, Tunnel: $Tunnel, Dyndns: $Dyndns\n 5 echo 5 else exec 52 fi LastIP=$CurrIP if [ $Route != yes ] then echo -n Adding route: 5 Reply=`route add $CurrIP localhost 2/dev/null` case $Reply in add host $CurrIP: gateway localhost) echo success - $Reply 5 Route=yes ;; add host $CurrIP: gateway localhost: File exists) echo success - $Reply 5 Route=yes ;; *) echo failed - $Reply 5 Route=failed ;; esac fi if [ $Tunnel != yes ] then echo -n Adding tunnel: 5 if ifconfig gif0 tunnel $CurrIP $TunnelRemoteV4 then echo success: 5 ifconfig gif0 5 Tunnel=yes else echo failed. 5 Tunnel=failed fi fi if [ $Dyndns != yes ] then for URL in \ 'http://ipv4.cloudns.net/api/dynamicURL/?q=X X' \ 'http://ipv4.cloudns.net/api/dynamicURL/?q=X X' \ 'http://ipv4.cloudns.net/api/dynamicURL/?q=X X' do echo 5 echo Updating ClouDNS \$URL\ 5 Reply=`ftp -Vo - $URL 21` Dyndns=yes case $Reply in Updated*) echo success - $Reply 5 ;; OK) echo success - $Reply 5 ;; ERROR:\ Address\ $CurrIP\ has\ not\ changed.) echo Not changed: $Reply 5 ;; ERROR*) echo $Reply 5 Dyndns=failed ;; *) echo Unknown reply - $Reply 5 Dyndns=failed ;; esac done fi exec 5- # Send heartbeat to IPv6 tunnel peer -needed every 60 seconds. if [ -n $TunnelRemoteV4 ] then # inspired by heartbeat script written by Oliver Walter o...@gmx.de Passphrase='' RemoteV6='2001:4dd0:ff00:12a8::1' LocalV6='2001:4dd0:ff00:12a8::2' HB=HEARTBEAT TUNNEL $LocalV6 sender `date +%s` echo -n $HB `echo -n $HB $Passphrase |md5` \ |nc -w1 -u $TunnelRemoteV4 3740 fi fi sleep 55 done also in /etc/daily.local I do next_part Force pppoe0 reconnect: ifconfig pppoe0 down ifconfig pppoe0 up # wait for reconnect sleep 35 ifconfig pppoe0 Have fun! Christopher -- http://gmerlin.de OpenPGP: http://gmerlin.de/christopher.pub F190 D013 8F01 AA53 E080 3F3C F17F B0A1 D44E 4FEE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
nat-to static-port chooses random ports
Hi, as far as I understand pf, the following rules should behave exactly the same: pass out log on pppoe0 inet proto udp from mortimer-ipsec port 5061 nat-to (pppoe0) static-port and pass out log on pppoe0 inet proto udp from mortimer-ipsec port 5061 nat-to (pppoe0) port 5061 but they don't: rule 98/(match) pass out on pppoe0: 217.190.89.90.56487 88.215.213.26.5748: udp 2048 resp. rule 98/(match) pass out on pppoe0: 217.190.89.90.5061 62.138.116.3.5748: udp 2048 this is on an OPENBSD_5_4 kernel. -- http://gmerlin.de OpenPGP: http://gmerlin.de/christopher.pub 1917 680A 723C BF3D 2CA3 0E44 7E24 D19F 34B8 2A2A [demime 1.01d removed an attachment of type application/pgp-signature]
routing to IPsec VPN with dummy lo1 broken
Hi, My IPsec roadwarrior setup on my laptop broke with one of the latest snapshots because some outgoing connections are routed wrongly with a source ip of 127.0.0.1. On the roadwarrior laptop I use a dummy lo1 interface to which I assign the internal VPN IP of the laptop. wlan has the 172.26.153.40/28 subnet, VPN has the 172.26.153.49/28 subnet: iwn0: flags=28843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,NOINET6 mtu 1500 lladdr 00:21:6b:a3:70:7a priority: 4 groups: wlan status: active inet 172.26.153.40 netmask 0xfff0 broadcast 172.26.153.47 enc0: flags=0 priority: 0 groups: enc status: active lo1: flags=8149UP,LOOPBACK,RUNNING,PROMISC,MULTICAST mtu 33144 priority: 0 groups: lo egress inet 172.26.153.49 netmask 0xfff0 inet6 fe80::1%lo1 prefixlen 64 scopeid 0x5 inet6 2001:4dd0:fbdf:8::49 prefixlen 48 Routing tables default route goes to the VPN. Because the IPsec flow matches on source ip, all VPN packets are routed via lo1 to assign the right source ip: Internet: DestinationGatewayFlags Refs Use Mtu Prio Iface default172.26.153.49 US 1 62 33144 9 lo1 127/8 127.0.0.1 UGRS 00 33144 8 lo0 127.0.0.1 127.0.0.1 UH 2 36 33144 4 lo0 172.26.153.32/28 link#2 UC 10 - 4 iwn0 172.26.153.33 00:1b:b1:f2:f4:6d UHLc 10 - 4 iwn0 172.26.153.40 127.0.0.1 UGS00 33144 8 lo0 172.26.153.49 172.26.153.49 UH 0 120 33144 4 lo1 217.190.94.19 172.26.153.33 UGHS 2 215 -12 iwn0 224/4 127.0.0.1 URS00 33144 8 lo0 And route get seems to do the right thing: $ route get 172.26.153.1 route to: alix destination: default mask: default interface: lo1 if address: mortimer-ipsec (= 172.26.153.49) priority: 9 () flags: UP,DONE,STATIC use mtuexpire 68 33144 0 In the following tests I run two tcpdumps in the background: tcpdump: listening on pflog0, link-type PFLOG tcpdump: listening on enc0, link-type ENC ICMP echo requests get assigned the correct source ip and are redirected to IPsec: $ ping -c1 172.26.153.1 PING 172.26.153.1 (172.26.153.1): 56 data bytes 64 bytes from 172.26.153.1: icmp_seq=0 ttl=255 time=2.635 ms --- 172.26.153.1 ping statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 2.635/2.635/2.635/0.000 ms (authentic,confidential): SPI 0x754c6616: 172.26.153.49 172.26.153.1: icmp: echo request (encap) (authentic,confidential): SPI 0x9464175d: 172.26.153.1 172.26.153.49: icmp: echo reply (encap) But udp/tcp packets get assigned the localhost(!) address and are blocked by pf, because I disallow any traffic on lo1: $ nc -u 172.26.153.1 53 /dev/zero rule 3/(match) block out on lo1: 127.0.0.1.3621 172.26.153.1.53: 0 [0q] (2048) [demime 1.01d removed an attachment of type application/pgp-signature]
Re: routing to IPsec VPN with dummy lo1 broken
On Tue, 2 Jul 2013 10:26:40 +0200 Christopher Zimmermann chr...@openbsd.org wrote: Hi, My IPsec roadwarrior setup on my laptop broke with one of the latest snapshots because some outgoing connections are routed wrongly with a source ip of 127.0.0.1. I was wrong in assuming a recent change to the kernel is causing this. I can reproduce this behaviour with a kernel from 13-05-01 and I'm pretty sure it did work just fine back then. Still this looks like a bug to me. ICMP messages being routed with the correct source ip just fine, but udp and tcp getting a source ip of 127.0.0.1 while leaving on interface lo1 which only has the 172.26.153.49 ip assigned. Christopherd
Re: routing to IPsec VPN with dummy lo1 broken
On Tue, 2 Jul 2013 10:26:40 +0200 Christopher Zimmermann chr...@openbsd.org wrote: Hi, My IPsec roadwarrior setup on my laptop broke with one of the latest snapshots because some outgoing connections are routed wrongly with a source ip of 127.0.0.1. I found the according line in the source: netinet/in_pcb.c:836 /* * If we found a route, use the address * corresponding to the outgoing interface * unless it is the loopback (in case a route * to our address on another net goes to loopback). */ if (ro-ro_rt ro-ro_rt-rt_ifp !(ro-ro_rt-rt_ifp-if_flags IFF_LOOPBACK)) /* XXX Don't use address of any loopback interface */ ia = ifatoia(ro-ro_rt-rt_ifa); if (ia == 0) { u_int16_t fport = sin-sin_port; sin-sin_port = 0; ia = ifatoia(ifa_ifwithdstaddr(sintosa(sin), rtableid)); if (ia == 0) ia = ifatoia(ifa_ifwithnet(sintosa(sin), rtableid)); sin-sin_port = fport; if (ia == 0) ia = TAILQ_FIRST(in_ifaddr); /* XXX Now use the address of the FIRST loopback interface anyways ?!? */ if (ia == 0) { *errorp = EADDRNOTAVAIL; return NULL; } } Is this reasonable not to use address of loopback interfaces? Also this codepath only affects udp/tcp, but NOT icmp. The icmp codepath will use the address of loopback interfaces. Christopher
Re: pf filtering encapsulated icmpv6
ok. But there is no way to match on the outer IPv4 addresses, is there? Christopher On Fri, 7 Jun 2013 20:34:12 +0200 Loïc BLOT loic.b...@unix-experience.fr wrote: i think: Pass in on enc0 proto ipv6-icmp Loic Blot Le 7 juin 2013 à 19:29, Christopher Zimmermann madro...@gmerlin.de a écrit : Hi, simple problem: how do I allow this package to pass? 18:59:44.768197 rule 0/(match) [uid 0, pid 1051] block in on enc0: 172.26.153.7 172.26.153.1: 2001:4dd0:fbdf:0:f8b8:dafc:cff0:ae3b 2a00:1450:4001:808::101f: [|icmp6] (len 16, hlim 255) (ttl 64, id 2105, len 76) Christopher
pf filtering encapsulated icmpv6
Hi, simple problem: how do I allow this package to pass? 18:59:44.768197 rule 0/(match) [uid 0, pid 1051] block in on enc0: 172.26.153.7 172.26.153.1: 2001:4dd0:fbdf:0:f8b8:dafc:cff0:ae3b 2a00:1450:4001:808::101f: [|icmp6] (len 16, hlim 255) (ttl 64, id 2105, len 76) Christopher
Re: pf queueing and nat
On Wed, 17 Apr 2013 03:32:52 +1000 John Tate j...@johntate.org wrote: I am adding queueing to my pf based nat for my home network. Since there isn't a complete example involving nat and queuing I am not entirely sure where to put things. I've read the manual and I think I put things before the rdr-to rules. I also have a transparent ftp and http proxy. I am not entirely sure if I put it before or after the divert-to rules. I just need someone to show me where in the pf.conf I've already done I should put things. I need to add the lines like these... block out on $ext_if all Before everything else. Last match wins! pass out on $ext_if inet proto tcp from ($ext_if) queue (std_out, tcp_ack_out) (And so on, including for incoming traffic on $int_if) I'm not sure whether queue rules are sticky, but later matching ones will overwrite earlier ones I'd guess, so put them as late as possible. I'd also put the nat rules as match rules at the very end, so you don't forget the real source address/port too early. Christopher My current pf.conf... # grep -v '^#' /etc/pf.conf int_if=fxp0 ext_if=pppoe0 murphy=10.0.0.2 fekete=10.0.0.3 murphy_ports = { 8333 } fekete_ports = { 17001, 39191, 5938, } tcp_services={ 22 } icmp_types=echoreq set skip on lo pass in quick on $int_if inet proto tcp to port http divert-to 127.0.0.1 port 3128 anchor ftp-proxy/* pass in quick on $int_if inet proto tcp to port ftp divert-to 127.0.0.1 port 8021 match out on egress inet from !(egress:network) to any nat-to (egress:0) pass# to establish keep-state block in on ! lo0 proto tcp to port 6000:6010 block in log pass out quick antispoof quick for { lo $int_if } pass in on egress inet proto tcp from any to (egress) \ port $tcp_services pass in on $ext_if proto tcp to port 21 pass in on $ext_if proto tcp to port 49151 pass in on egress inet proto tcp to (egress) port $murphy_ports rdr-to $murphy pass in on egress inet proto tcp to (egress) port $fekete_ports rdr-to $fekete pass in inet proto icmp all icmp-type $icmp_types pass in on $int_if -- www.johntate.org
Problems waking up with latest snapshot
Hi, since updating to the latest snapshot my laptop (dmesg below) hang at the console after waking up from suspend to ram. The ttyC0 was displayed on both monitors, but neither typing at the console login prompt, nor switching to X worked. I was able to enter ddb with ctrl-alt-del and get a trace, which can be found at ftp://gmerlin.de/pub/ddb_screenshot.jpeg Christopher OpenBSD 5.3-current (GENERIC.MP) #60: Tue Apr 2 18:53:53 MDT 2013 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2052788224 (1957MB) avail mem = 1990496256 (1898MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (74 entries) bios0: vendor LENOVO version 7UET49WW (1.19 ) date 10/17/2008 bios0: LENOVO 7440BH1 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET SLIC BOOT ASF! SSDT TCPA DMAR SSDT SSDT SSDT acpi0: wakeup devices LID_(S3) SLPB(S3) UART(S3) IGBE(S4) EXP0(S4) EXP1(S4) EXP2(S4) EXP3(S4) EXP4(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB3(S3) USB4(S3) USB5(S3) EHC0(S3) EHC1(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiec0 at acpi0 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz, 2261.39 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,NXE,LONG,LAHF,PERF cpu0: 3MB 64b/line 8-way L2 cache cpu0: apic clock running at 266MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz, 2261.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,NXE,LONG,LAHF,PERF cpu1: 3MB 64b/line 8-way L2 cache ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 2, remapped to apid 1 acpimcfg0 at acpi0 addr 0xe000, bus 0-63 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (AGP_) acpiprt2 at acpi0: bus 2 (EXP0) acpiprt3 at acpi0: bus 3 (EXP1) acpiprt4 at acpi0: bus -1 (EXP2) acpiprt5 at acpi0: bus 5 (EXP3) acpiprt6 at acpi0: bus 13 (EXP4) acpiprt7 at acpi0: bus 21 (PCI1) acpicpu0 at acpi0: C3, C2, C1, PSS acpicpu1 at acpi0: C3, C2, C1, PSS acpipwrres0 at acpi0: PUBS acpitz0 at acpi0: critical temperature is 127 degC acpitz1 at acpi0: critical temperature is 100 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpibat0 at acpi0: BAT0 model 42T4644 serial 14062 type LION oem SANYO acpibat1 at acpi0: BAT1 not present acpiac0 at acpi0: AC unit online acpithinkpad0 at acpi0 acpidock0 at acpi0: GDCK docked (15) cpu0: Enhanced SpeedStep 2261 MHz: speeds: 2267, 2266, 1600, 800 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 Intel GM45 Host rev 0x07 vga1 at pci0 dev 2 function 0 Intel GM45 Video rev 0x07 intagp0 at vga1 agp0 at intagp0: aperture at 0xd000, size 0x1000 inteldrm0 at vga1 drm0 at inteldrm0 inteldrm0: apic 1 int 16 wsdisplay0 at vga1 mux 1: console (std, vt100 emulation) wsdisplay0: screen 1-5 added (std, vt100 emulation) Intel GM45 Video rev 0x07 at pci0 dev 2 function 1 not configured Intel GM45 HECI rev 0x07 at pci0 dev 3 function 0 not configured em0 at pci0 dev 25 function 0 Intel ICH9 IGP M AMT rev 0x03: msi, address 00:1c:25:9d:78:80 uhci0 at pci0 dev 26 function 0 Intel 82801I USB rev 0x03: apic 1 int 20 uhci1 at pci0 dev 26 function 1 Intel 82801I USB rev 0x03: apic 1 int 21 uhci2 at pci0 dev 26 function 2 Intel 82801I USB rev 0x03: apic 1 int 22 ehci0 at pci0 dev 26 function 7 Intel 82801I USB rev 0x03: apic 1 int 23 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 azalia0 at pci0 dev 27 function 0 Intel 82801I HD Audio rev 0x03: msi azalia0: codecs: Conexant CX20561 audio0 at azalia0 ppb0 at pci0 dev 28 function 0 Intel 82801I PCIE rev 0x03: msi pci1 at ppb0 bus 2 ppb1 at pci0 dev 28 function 1 Intel 82801I PCIE rev 0x03: msi pci2 at ppb1 bus 3 iwn0 at pci2 dev 0 function 0 Intel WiFi Link 5100 rev 0x00: msi, MIMO 1T2R, MoW, address 00:21:6b:a3:70:7a ppb2 at pci0 dev 28 function 3 Intel 82801I PCIE rev 0x03: msi pci3 at ppb2 bus 5 ppb3 at pci0 dev 28 function 4 Intel 82801I PCIE rev 0x03: msi pci4 at ppb3 bus 13 uhci3 at pci0 dev 29 function 0 Intel 82801I USB rev 0x03: apic 1 int 16 uhci4 at pci0 dev 29 function 1 Intel 82801I USB rev 0x03: apic 1 int 17 uhci5 at pci0 dev 29 function 2 Intel 82801I USB rev 0x03: apic 1 int 18 ehci1 at pci0 dev 29 function 7 Intel 82801I USB rev 0x03: apic 1 int 19 usb1 at ehci1: USB revision 2.0 uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb4 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0x93 pci5 at ppb4 bus 21 cbb0 at pci5 dev 0 function 0 Ricoh 5C476 CardBus rev 0xba: apic 1 int 16 Ricoh
How are routes selected from static routing table?
Hi, I have the following static routes setup on my laptop. em0 is a lan connection to my router 172.26.153.1. tun1 is sometimes used by a ssh tunnel to the same router. It is now down. The routing table is attached below. Now I'm wondering why the first ping seems to use the 172.26.153/24 route via 172.26.153.18 (which is currently not up and has priority 10) instead of the default route via 172.26.153.1 which has a higher priority and is up. The funny thing is that adding another route to 172.26.153/24 via gateway 172.26.153.1 fixes this problem and allows the ping to happen. Why is this route used while the default route is ignored, although it looks exactly the same (same priority) except having a larger subnet (0/0)?? Are more specific routes somehow preferred? Any help, especially hints towards helpful documentation, are very welcome. Christopher $ ifconfig tun1 tun1: flags=51UP,POINTOPOINT,RUNNING mtu 1500 priority: 0 groups: tun status: down inet 172.26.153.19 -- 172.26.153.18 netmask 0x $ route -n show -inet Routing tables Internet: DestinationGatewayFlags Refs Use Mtu Prio Iface default172.26.153.1 UGS 29 659 - 8 em0 default172.26.153.18 GS 00 -10 tun1 127/8 127.0.0.1 UGRS 00 33152 8 lo0 127.0.0.1 127.0.0.1 UH 20 33152 4 lo0 172.26.153.0/28link#1 UC 10 - 4 em0 172.26.153/24 172.26.153.18 GS 02 -10 tun1 172.26.153.1 00:0d:b9:24:60:40 UHLc 4 58 - 4 em0 172.26.153.7 127.0.0.1 UG 00 3315256 lo0 172.26.153.18 172.26.153.19 H 20 - 4 tun1 224/4 127.0.0.1 URS00 33152 8 lo0 $ ping -c 1 -i 1 phone PING phone.gmerlin.de (172.26.153.17): 56 data bytes ping: sendto: Host is down ping: wrote phone.gmerlin.de 64 chars, ret=-1 --- phone.gmerlin.de ping statistics --- 1 packets transmitted, 0 packets received, 100.0% packet loss $ sudo route add 172.26.153/24 172.26.153.1 add net 172.26.153/24: gateway 172.26.153.1 $ route -n show -inet Routing tables Internet: DestinationGatewayFlags Refs Use Mtu Prio Iface default172.26.153.1 UGS 13 659 - 8 em0 default172.26.153.18 GS 00 -10 tun1 127/8 127.0.0.1 UGRS 00 33152 8 lo0 127.0.0.1 127.0.0.1 UH 20 33152 4 lo0 172.26.153.0/28link#1 UC 10 - 4 em0 172.26.153/24 172.26.153.1 UGS00 - 8 em0 172.26.153/24 172.26.153.18 GS 03 -10 tun1 172.26.153.1 00:0d:b9:24:60:40 UHLc 6 87 - 4 em0 172.26.153.7 127.0.0.1 UG 00 3315256 lo0 172.26.153.18 172.26.153.19 H 20 - 4 tun1 224/4 127.0.0.1 URS00 33152 8 lo0 $ ping -c 1 -i 1 phone PING phone.gmerlin.de (172.26.153.17): 56 data bytes 64 bytes from 172.26.153.17: icmp_seq=0 ttl=127 time=1.071 ms --- phone.gmerlin.de ping statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 1.071/1.071/1.071/0.000 ms
Re: pf 'synproxy state' doesn't work with pppoe
On Thu, 16 Aug 2012 14:37:50 +0200 LEVAI Daniel l...@ecentrum.hu wrote: On cs, aug 16, 2012 at 14:26:05 +0200, LEVAI Daniel wrote: On cs, aug 16, 2012 at 12:20:56 +0100, Kevin Chadwick wrote: Any help would be appreciated. Works for me on 5.1 I don't think it's the rule but the combination of rules. Try reordering your ruleset. I've had a problem before but I forget or never found the specific reason. Okay, okay, I'm trying to get my head around this, but how do you explain that changing *only* the 'synproxy' word to 'keep' in the exact same rule makes it working again (not changing order, combination, nothing, but only changing synproxy state to the default keep state)? There is definitely something wrong with pppoe + synproxy state: # pfctl -sr pass all flags S/SA pass in on pppoe0 inet proto tcp from src to dst port = flags S/SA synproxy state This is the only rule. Otherwise it's just 'pass all'. If I remove this rule too *or* change synproxy to keep, the connection is working. I can reproduce this on two different machines, with different ISPs and different NICs facing the ISPs using pppoe. Do you filter on loopback? The handshake between proxy and server process is done via loopback. You need to pass this traffic, too. Christopher
Re: apache - built in - and syslog
On Mon, 30 Jul 2012 13:27:47 -0400 sven falempin sven.falem...@gmail.com wrote: HEllo, I(and google) do not find the apache 1.3.29 documentation for editing conf file, neither information to syslog the apache logs. Pointer anyone ? See /usr/share/doc/html/httpd/index.html and /var/www/log/ But you may want to use nginx, which is going to replace apache someday.
Re: mailing list managaers with smtpd
On Sat, 21 Jul 2012 20:03:04 +0200 Jan Stary h...@stare.cz wrote: On Jul 21 18:04:51, Christopher Zimmermann wrote: On Sat, 21 Jul 2012 17:28:12 +0200 Jan Stary h...@stare.cz wrote: On Jul 21 10:02:10, Christopher Zimmermann wrote: On Sat, 21 Jul 2012 09:50:40 +0200 Jan Stary h...@stare.cz wrote: Having happily switched from postfix to smtpd, the one thing I am missing is running mailing lists. I see it has been discussed before: http://marc.info/?t=13170923832r=1w=2 Is it really possible to use commands as aliases, as said in http://marc.info/?l=openbsd-miscm=131714762522589w=2 ? Is it docummented? Hi, that's how I do it in my aliases using OpenSMTPd: test: minimalist test-owner: postmaster minimalist: _minimalist _minimalist:|/usr/local/sbin/minimalist.pl Ah, minimalist. That's what I use now with Postfix. However, does this work as quoted? I believe that minimalist.pl needs to be called with the list name as an argument, as in minimalist: |/var/spool/minimalist/minimalist.pl listname: |/var/spool/minimalist/minimalist.pl listname listname-owner: s...@guy.org yes. That's true. I did a lot of work on minimalist. Improving security and making it work with the aliales file I sent you. See https://github.com/madroach/minimalist I just started making a port of http://www.mml.org.ua/LIST/minimalist-2.5.4-1.tgz Would you advise to use your github minimalist instead? Does it work better within smtpd than the original minimalist? Do you already have an OpenBSD port of it? I think it works a lot better than the original minimalist with OpenSMTPd. I made it perl-taint clean, removed every perl eval(), chrooted it, made it independent of a sendmail binary, but also removed some features in the process. The documentation is not yet adapted to my changes. I intend to maintain it and fix bugs. Of course I would advise to use my version. At the moment I don't have much time, but in about two weeks I could do some work to adapt the documentation and especially the example conffile. Christopher
Re: mailing list managaers with smtpd
On Sat, 21 Jul 2012 17:28:12 +0200 Jan Stary h...@stare.cz wrote: On Jul 21 10:02:10, Christopher Zimmermann wrote: On Sat, 21 Jul 2012 09:50:40 +0200 Jan Stary h...@stare.cz wrote: Having happily switched from postfix to smtpd, the one thing I am missing is running mailing lists. I see it has been discussed before: http://marc.info/?t=13170923832r=1w=2 Is it really possible to use commands as aliases, as said in http://marc.info/?l=openbsd-miscm=131714762522589w=2 ? Is it docummented? Hi, that's how I do it in my aliases using OpenSMTPd: test: minimalist test-owner: postmaster minimalist: _minimalist _minimalist:|/usr/local/sbin/minimalist.pl Ah, minimalist. That's what I use now with Postfix. However, does this work as quoted? I believe that minimalist.pl needs to be called with the list name as an argument, as in minimalist: |/var/spool/minimalist/minimalist.pl listname: |/var/spool/minimalist/minimalist.pl listname listname-owner: s...@guy.org yes. That's true. I did a lot of work on minimalist. Improving security and making it work with the aliales file I sent you. See https://github.com/madroach/minimalist Christopher
Re: PF and ftp: to use or not to use ftp-proxy ?
On Tue, 26 Jun 2012 14:51:35 +0600 Илья Шипицин chipits...@gmail.com wrote: Hello! I managed to get ftp through PF working either without ftp-proxy ... match in inet proto tcp from any to $external port = ftp rdr-to $internal port 21 match in inet proto tcp from any port = ftp-data to $external port 1024:65535 rdr-to $internal port 1024:65535 match in inet proto tcp from any to $external port = ftp-data rdr-to $internal port 20 or with ftp-proxy... pass in quick on vlan5 inet proto tcp from any to $external port ftp divert-to 127.0.0.1 port 8021 /etc/rc.local: /usr/sbin/ftp-proxy -p 8021 -R $internal -P 21 -D7 -v I asked question is it possible to use multiple intances of ftp-proxy and it turned out that several people are running reverse ftp-proxy in production. so... can anybody help me to choose between two above options ? with ftp-proxy or without ftp-proxy ? Your solution without ftp-proxy won't work when other services expect incoming tcp connections in the high ports range. ftp-proxy will only open and forward ports that have been negotiated in the ftp control connection. This is safer and will not interfere with other services. Use ftp-proxy. Christopher
Re: Mounting a partition, cdrom, usb as a user
On Mon, 18 Jun 2012 22:26:57 -0700 russell russ...@dotplan.dyndns.org wrote: quite suprised. no love so far for fbtab(5) The fbtab file is used by login(1) to chown(2) the specified files to the user who has performed a login. Additionally, chmod(2) is used to set the devices to the specified permission. When a user logs out, init(8) is responsible for performing the inverse operation, which results in the files once again belonging to root. Nice. But how is this supposed to work for multiple logins or system crashes (power outage during login)?
Re: basic smtpd question
On Sun, 3 Jun 2012 08:42:48 -0400 bofh goodb...@gmail.com wrote: On Sun, Jun 3, 2012 at 8:38 AM, Christopher Zimmermann madro...@gmerlin.de wrote: On Sun, 3 Jun 2012 08:15:56 -0400 bofh goodb...@gmail.com wrote: Do you want to accept remote mail for your domains? Then you need to add from all. So, accept from all for domain *.domain1.com deliver to mbox OK, got it! accept from 10.1.1.0/24 relay Relay how? Using smarthost? Possibly password protected? Then you need something like this: map secrets { source db /etc/mail/secrets.db } accept from ... for all relay via smarthost tls auth secrets Still thinking about what I want to do for this - internal network is just my house, wpa2 protected wireless. But thanks for the pointer. You probably want smtpd to deliver your outgoing mail via a smarthost of your ISP, because some mailservers reject mail from dynamic IP ranges or private IP ranges.
Re: SETUID perl script leaves backdoor open
After short testing I found a bug or at least a dangerous pitfall. This leaves a backdoor open (probably in the saved UID): #!/usr/bin/perl -wT use strict; require POSIX; sub ids () { print RUID=$ EUID=$ RGID=$( EGID=$)\n } print Running $^X $0\n; ids; $ = $ = $; ids; $ = $ = 0; ids; === OUTPUT: Running /usr/bin/perl /dev/fd/3 RUID=1000 EUID=0 RGID=10 10 0 5 9 117 501 1001 EGID=10 10 0 5 9 117 501 1001 RUID=1000 EUID=1000 RGID=10 10 0 5 9 117 501 1001 EGID=10 10 0 5 9 117 501 1001 RUID=0 EUID=0 RGID=10 10 0 5 9 117 501 1001 EGID=10 10 0 5 9 117 501 1001 While this drops privileges permanently: #!/usr/bin/perl -wT use strict; require POSIX; sub ids () { print RUID=$ EUID=$ RGID=$( EGID=$)\n } print Running $^X $0\n; ids; $ = $ = $; ids; $ = $ = 0; ids; === OUTPUT: Running /usr/bin/perl /dev/fd/3 RUID=1000 EUID=0 RGID=10 10 0 5 9 117 501 1001 EGID=10 10 0 5 9 117 501 1001 RUID=1000 EUID=1000 RGID=10 10 0 5 9 117 501 1001 EGID=10 10 0 5 9 117 501 1001 RUID=1000 EUID=1000 RGID=10 10 0 5 9 117 501 1001 EGID=10 10 0 5 9 117 501 1001 Backdoor is still open when doing $ = $ = 1000 or $ = 1000; $ = 1000;. POSIX::setuid($) works fine.
SETUID perl script
Hi, I'm trying to chroot and drop privileges in a perl script. But somehow I'm not even able to run it setuid root. The setuid bit gets ignored completely. But as I understand sys/sys/exec_script.h. The SETUIDSCRIPTS feature is enabled by default. What am I missing? /tmp% ls -l test.pl -rwsrwx--- 1 root wheel 165 Apr 24 21:07 test.pl /tmp% cat test.pl #!/usr/bin/perl -wT use strict; sub ids () { print RUID=$ EUID=$ RGID=$( EGID=$)\n } ids; $ = $ = 1000; ids; $ = $ = 0; ids; /tmp% ./test.pl RUID=1000 EUID=1000 RGID=10 10 0 5 9 117 501 1001 EGID=10 10 0 5 9 117 501 1001 RUID=1000 EUID=1000 RGID=10 10 0 5 9 117 501 1001 EGID=10 10 0 5 9 117 501 1001 RUID=1000 EUID=1000 RGID=10 10 0 5 9 117 501 1001 EGID=10 10 0 5 9 117 501 1001
Re: PF match word
On Tue, 24 Apr 2012 12:39:35 -0700 (PDT) Theron ZORBAS theronzor...@yahoo.com wrote: Hello Misc, What is the difference beetwen these two rules: match out on egress inet from $int_if:network to any nat-to (egress) pass out on egress inet from $int_if:network to any nat-to (egress) Or there is no difference? The pass rule does NAT and allows all outgoing packets that match the source ip. The match rule only does the NAT. You still need some other rules to actually allow individual packets to leave. I could not understand when to use match word. P.S. It's been very near time that i started to use OpenBSD as a firewall. I'm asking this question as a newbie. Sorry if it is a time wasting question to you. Thanks. Theron ZORBAS
Re: SETUID perl script
On Tue, 24 Apr 2012 14:48:18 -0500 Matthew Weigel uni...@idempot.net wrote: On 24.04.2012 14:22, Christopher Zimmermann wrote: Hi, I'm trying to chroot and drop privileges in a perl script. But somehow I'm not even able to run it setuid root. The setuid bit gets ignored completely. But as I understand sys/sys/exec_script.h. The SETUIDSCRIPTS feature is enabled by default. What am I missing? /tmp% ls -l test.pl Check the mount options for whatever filesystem /tmp lives on. Chances are good it's its own filesystem, and is mounted nosuid. Ah, of course. Thanks!
Re: SETUID perl script leaves backdoor open
After short testing I found a bug or at least a dangerous pitfall. This leaves a backdoor open (probably in the saved UID): #!/usr/bin/perl -wT use strict; require POSIX; sub ids () { print RUID=$ EUID=$ RGID=$( EGID=$)\n } print Running $^X $0\n; ids; $ = $ = $; ids; $ = $ = 0; ids; === OUTPUT: Running /usr/bin/perl /dev/fd/3 RUID=1000 EUID=0 RGID=10 10 0 5 9 117 501 1001 EGID=10 10 0 5 9 117 501 1001 RUID=1000 EUID=1000 RGID=10 10 0 5 9 117 501 1001 EGID=10 10 0 5 9 117 501 1001 RUID=0 EUID=0 RGID=10 10 0 5 9 117 501 1001 EGID=10 10 0 5 9 117 501 1001 While this drops privileges permanently: #!/usr/bin/perl -wT use strict; require POSIX; sub ids () { print RUID=$ EUID=$ RGID=$( EGID=$)\n } print Running $^X $0\n; ids; $ = $ = $; ids; $ = $ = 0; ids; === OUTPUT: Running /usr/bin/perl /dev/fd/3 RUID=1000 EUID=0 RGID=10 10 0 5 9 117 501 1001 EGID=10 10 0 5 9 117 501 1001 RUID=1000 EUID=1000 RGID=10 10 0 5 9 117 501 1001 EGID=10 10 0 5 9 117 501 1001 RUID=1000 EUID=1000 RGID=10 10 0 5 9 117 501 1001 EGID=10 10 0 5 9 117 501 1001 Backdoor is still open when doing $ = $ = 1000 or $ = 1000; $ = 1000;. POSIX::setuid($) works fine.
Re: SETUID perl script leaves backdoor open after dropping privileges
As requested, here's the same test case a little more readable: This leaves a backdoor open (possibly in the saved UID): == #!/usr/bin/perl -wT use strict; use English qw(-no_match_vars); sub ids { print RUID=$REAL_USER_ID EUID=$EFFECTIVE_USER_ID\n } ids; $REAL_USER_ID = 1000; $EFFECTIVE_USER_ID = 1000; ids; $REAL_USER_ID = $EFFECTIVE_USER_ID = 0; ids; == OUTPUT: RUID=1000 EUID=0 RUID=1000 EUID=1000 RUID=0 EUID=0 Still, changing the order of the *_USER_ID = 1000 lines or using POSIX::setuid(1000) works as expected. Christopher
Route packets destined to dynamic public ip locally
Hi! I am running a http server on my dynamic public IP. The only thing that annoys me is that when clients on the http server connect to the public IP, the packets get routed through my pppoe connection and back: $ ifconfig pppoe0 pppoe0: [...] inet 217.190.91.237 -- 213.20.223.35 netmask 0x $ traceroute -P 1 -n 217.190.91.237 traceroute to 217.190.91.237 (217.190.91.237), 64 hops max, 60 byte packets 1 213.20.223.35 49.180 ms 48.480 ms 48.773 ms 2 217.190.91.237 98.173 ms 98.30 ms 98.280 ms How can I route those packets locally? I already tried a pass out to (pppeo0) route-to 127.0.0.1@lo0 but this cannot work because the routing decision has already been made when the packet passes an outbound rule. A simple route add 217.190.91.237 127.0.0.1 helps, but not for long, becauso the IP changes daily. Is there some easier solution than daily changing the route with some script? Christopher
Re: Route packets destined to dynamic public ip locally
On Tue, 10 Apr 2012 11:22:54 +0100 ZC) Loff zel...@zeloff.org wrote: Is the PPPoE connection handled by another machine, or by the server itself? Do the clients try to connect to the public IP or to your public domain name / hostname / whatever? If this is the case, maybe a proper /etc/hosts file can do the trick, but I can't guarantee it won't break something else... The PPPoE connection is handled by the server itself. The server works fine and is reachable from everywhere. What annoys me is that LOCAL clients on the server itself get routed to my ISP and back.
Re: smtpd: no user for command execution in aliases
Begin forwarded message: Hi, Yes this bug is still open because we've been focusing primarily on fixing parts of smtpd that could cause crashes. We will be solving bugs related to aliases shortly as Eric and I started discussing them just an hour ago. Feel free to join #opensmtpd @ freenode to participate ;) Gilles nb: jacekm no longer contributes to smtpd, in the future please cc: eric@ and chl@ On Thu, Feb 02, 2012 at 02:48:21PM +0100, Christopher Zimmermann wrote: Hi, I just noticed this bug is still outstanding. I have a patch attached that fixes this problem for me, but I was told there was some clean up to be done in lka_session.c before this can be fixed. Christopher Index: aliases.c === RCS file: /cvs/src/usr.sbin/smtpd/aliases.c,v retrieving revision 1.44 diff -u -p -r1.44 aliases.c --- aliases.c 11 Oct 2011 17:57:10 - 1.44 +++ aliases.c 2 Feb 2012 13:48:03 - @@ -87,6 +87,8 @@ aliases_get(objid_t mapid, struct expand /* foreach node in map_alias expandtree, we merge */ nbaliases = 0; RB_FOREACH(expnode, expandtree, map_alias-expandtree) { + (void)strlcpy(expnode-as_user, username, + sizeof (expnode-as_user)); if (expnode-type == EXPAND_INCLUDE) nbaliases += aliases_expand_include(expandtree, expnode-u.buffer); else { On Sun, 11 Dec 2011 22:28:45 +0100 Christopher Zimmermann madro...@zakweb.de wrote: Hi, I want to use a pipe in my aliases, like this test case: madroach: |true but smtpd says the following. Look especially for the forkmda: to true as line. Seems like somewhere the username gets lost. Christopher smtp_new: incoming client on listener: 0x3c00ad40 session_pickup: greeting client imsg: PROC_CONTROL - PROC_SMTP: IMSG_SMTP_ENQUEUE (len=0) command: EHLO args: localhost imsg: PROC_MFA - PROC_SMTP: IMSG_MFA_HELO (len=8128) imsg: PROC_SMTP - PROC_MFA: IMSG_MFA_HELO (len=9428) command: MAIL FROM args: madro...@alix.ftp.sh session_rfc5321_mail_handler: sending notification to mfa imsg: PROC_MFA - PROC_SMTP: IMSG_MFA_MAIL (len=8128) imsg: PROC_LKA - PROC_MFA: IMSG_LKA_MAIL (len=9428) imsg: PROC_MFA - PROC_LKA: IMSG_LKA_MAIL (len=9428) imsg: PROC_SMTP - PROC_MFA: IMSG_MFA_MAIL (len=9428) imsg: PROC_QUEUE - PROC_SMTP: IMSG_QUEUE_CREATE_MESSAGE (len=8128) imsg: PROC_SMTP - PROC_QUEUE: IMSG_QUEUE_CREATE_MESSAGE (len=9428) command: RCPT TOargs: madro...@alix.ftp.sh imsg: PROC_MFA - PROC_SMTP: IMSG_MFA_RCPT (len=8128) imsg: PROC_LKA - PROC_MFA: IMSG_LKA_RULEMATCH (len=9428) imsg: PROC_MFA - PROC_LKA: IMSG_LKA_RULEMATCH (len=9428) imsg: PROC_LKA - PROC_MFA: IMSG_LKA_RCPT (len=9428) aliases_exist: 'madroach' exists with 1 expansion nodes aliases_get: returned 1 aliases lka_resolve_node: node is filter: true imsg: PROC_QUEUE - PROC_LKA: IMSG_QUEUE_SUBMIT_ENVELOPE (len=8128) imsg: PROC_QUEUE - PROC_LKA: IMSG_QUEUE_COMMIT_ENVELOPES (len=8128) imsg: PROC_SMTP - PROC_QUEUE: IMSG_QUEUE_COMMIT_ENVELOPES (len=9428) command: DATA args: (null) imsg: PROC_SMTP - PROC_QUEUE: IMSG_QUEUE_MESSAGE_FILE (len=9428) imsg: PROC_QUEUE - PROC_SMTP: IMSG_QUEUE_COMMIT_MESSAGE (len=8128) imsg: PROC_RUNNER - PROC_QUEUE: IMSG_QUEUE_COMMIT_MESSAGE (len=8128) imsg: PROC_SMTP - PROC_QUEUE: IMSG_QUEUE_COMMIT_MESSAGE (len=9428) 5c8a626e: from=madro...@alix.ftp.sh, size=349, nrcpts=1, proto=ESMTP, relay=1000@localhost [IPv6:::1] command: QUIT args: (null) session_destroy: killing client: 0x89a3c000 runner: nothing to schedule, wake me up. zZzZzZ imsg: PROC_QUEUE - PROC_RUNNER: IMSG_MDA_SESS_NEW (len=8128) imsg: PROC_MDA - PROC_QUEUE: IMSG_MDA_SESS_NEW (len=8128) imsg: PROC_PARENT - PROC_MDA: IMSG_PARENT_FORK_MDA (len=1058) forkmda: to true as imsg: PROC_MDA - PROC_PARENT: IMSG_MDA_DONE (len=23) 5c8a626ea8724c2d: to=madro...@alix.ftp.sh, delay=0, stat=Error (getpwnam: no such user) -- Gilles Chehade https://www.poolp.org | http://pool.ps @poolpOrg
Re: GPIO and rc.securelevel
On Wed, 04 Apr 2012 12:24:37 -0600 Jack Woehr jwo...@softwoehr.com wrote: gpioctl(8) man page says: Only pins that have been configured at securelevel 0, typically during system startup, are accessible once the securelevel has been raised. However, /etc/rc.securelevel first says securelevel=1 and only then # Place local actions here. Should I put gpioctl statements before the statement or is the man page in error, please? place them after the comment. securelevel=1 is just a variable assignment, which is used in /etc/rc, which sources /etc/rc.securelevel.
Routing to public ip of pppoe(4) interface
Hi, for every address of a local interface a loopback route is created on demand. Those routes look like the second one here: 192.168.123.252/30 link#3 UC 10 - 4 vr2 192.168.123.25300:0d:b9:24:60:42 UHLc 04 - 4 lo0 But this mechanism does somehow not work for Point to Point interfaces like pppoe(4) or tun(4). The only routes I get here are the following; the first one being created by the netstart script like suggested in pppoe(4). default213.20.223.35 UGS3 2190 - 8 pppoe0 213.20.223.35 217.190.92.137 UH 00 - 4 pppoe0 I would like to automatically add a route 217.190.92.137 127.0.0.1 UGHS 00 33196 8 lo0 So that local processes talking to my public IP won't get routed to my ISP and back. The problem is that the IPs are dynamic. What confuses me is that packets arriving on a local lan interface with a destination to my public IP already get routed via the loopback interface. This leads to the strange situation that connections from lan are faster than connections from localhost. Christopher
Let aucat mux local and remote
I want to use aucat as remote and local soundserver. It works with the following parameters. The only problem is that only one client can connect at one time. Either remote or local. -L alix -s default Christopher
Re: USB serial port adaptor - umct(4) works fine
On 12/10/11 17:07, Mark Zimmerman wrote: Greetings: I need to buy a USB serial port adapter and there is no specific mention of these in the supported hardware list. Archive search indicates that they all suck, but the Prolific chipset sucks less. Anyone care to offer a recommendation? For me the umct(4) adapter works fine. It is part of the Targus USB2.0 Port Replicator with Ethernet Every component of it works fine. USB hub, PS/2 keybord and mouse, serial, parallel and 100MBit ethernet. uhub2 at uhub0 port 3 Philips Semiconductors product 0x1521 rev 2.00/2.00 addr 5 umct0 at uhub2 port 1 Targus Group Intl Targus Group Intl rev 1.10/1.03 addr 6 ucom0 at umct0 uhidev2 at uhub2 port 2 configuration 1 interface 0 MCT USB PS/2 Keyboard - PS/2 Mouse rev 1.01/0.01 addr 7 uhidev2: iclass 3/1 ukbd1 at uhidev2: 8 modifier keys, 6 key codes wskbd2 at ukbd1 mux 1 wskbd2: connecting to wsdisplay0 uhidev3 at uhub2 port 2 configuration 1 interface 1 MCT USB PS/2 Keyboard - PS/2 Mouse rev 1.01/0.01 addr 7 uhidev3: iclass 3/1, 3 report ids ums1 at uhidev3 reportid 1: 3 buttons, Z dir wsmouse3 at ums1 mux 0 uhid0 at uhidev3 reportid 2: input=1, output=0, feature=0 uhid1 at uhidev3 reportid 3: input=1, output=0, feature=0 aue0 at uhub2 port 5 ADMtek USB To LAN Converter rev 2.00/1.01 addr 8 aue0: address 00:05:1b:e5:9a:02 ukphy0 at aue0 phy 1: Generic IEEE 802.3u media interface, rev. 1: OUI 0x000749, model 0x0001 ulpt0 at uhub2 port 6 configuration 1 interface 0 Lucent USS-720 evaluation kit rev 1.00/1.04 addr 9 ulpt0: using bi-directional mode
protecting NFS on IPsec gateway
Hi! I want to secure my wlan using IPsec. The simplified setup looks like this: 172.26.153.0/24 .1 public ip (wlan clients) --- athn0[OpenBSD gateway]pppoe0 -- ((internet)) IPsec This works fine so far. But now I want to secure my OpenBSD gateway which also runs NFS. How can I block NFS packets on the encrypted link while still allowing ssh, ftp and the like on the encrypted link? On enc0 I can see only ipencap packets which cannot be filtered by pf. Christopher
Re: altq on a variable bandwidth interface
On 11/23/11 20:58, Henning Brauer wrote: * Jussi Peltola pe...@pelzi.net [2011-11-20 04:09]: On Sat, Nov 19, 2011 at 08:58:46PM -0500, quartz wrote: is there a way to set up altq+priq on an internet connection with highly variable/unknown bandwidth? I'd like to create a simple one layer queue system that prioritizes empty ACKs over anything else (always, all the time, no matter the load or congestion). it looks like priq is the way to do this, but all the documentation I can find seems to say you have to type in a hard number, which won't work for my case. This is usually impossible. The packets get re-queued in the modem or whatever device is next to the choke point, and any prioritization you configure becomes useless. Typically the only way around it is to send at a rate slightly lower than the choke point bandwidth, so the buffer of the modem never starts to get utilized. If the bandwidth is variable, you're screwed. this is not true for simple priority queueing. it just reorders the packets. the modem is not supposed to, so your higher priority packets still go out before the later sent lower priority ones. This works only as long as the modem doesn't start to drop packets because its queue is full. If the modem ist not queueing packets, why do you do priorization? Most people use priority queueing because they want short delay on some connections like ssh, VoIP... They don't want the modem to buffer packets at all because that would add delay. This means you can priorize packets only on the bottleneck. however and admittedly: the effect of simple priority queueing isn't all that drastic since your machine only reorders within the packets it has in flight at the given moment (few less even). the combo of the extra buffer and the lower bandwidth link further down the road minimizes the effects - foremost when there is congestion on that slower link. as soon as the modem starts queueing your deley rises (my modem buffers up to 2500ms - try doing VoIP over such a connection). as soon as the modem starts dropping packets (because it has a small buffer or because it gets fed with 100MBit) your priorization won't work anymore, too. You cannot do any kind of bandwidth shaping, priorization or fair queueing on any link but the bottleneck.
Re: NFS not working
On 11/11/11 14:57, John Tate wrote: Sorry I should have posted. mountd, portmap, and also the appropriate services are running on the server portmap and nfsd. what do rpcinfo -p nfs-server on client and server and netstat -na say?
Re: optimize adsl bandwidth
You probably won't be able to shape traffic with prio, because it doesn't limit the bandwidth. Therefore packets will probably be queued on your router/modem and then get dropped in a random manner. This queue will also add to you round-trip time. altq won't be able to count your traffic exactly because of ethernet, PPPoE and ATM overhead. I use the following quick fix for bw-shaping on my pppoe connection. You will have to adapt this for your encapsulation protocols and substract the size of the MAC headers, since you are already shaping on an ethernet interface. Index: altq_var.h === RCS file: /cvs/src/sys/altq/altq_var.h,v retrieving revision 1.17 diff -u -p -r1.17 altq_var.h --- altq_var.h 7 Oct 2011 17:10:08 - 1.17 +++ altq_var.h 10 Nov 2011 11:03:58 - @@ -91,7 +91,12 @@ struct callout { typedef void (timeout_t)(void *); +#if 1 +#definem_pktlen(m) ( 53 * ( m)-m_pkthdr.len)+18) / 48) \ + + m)-m_pkthdr.len)+18) % 48 ? 1 : 0) ) ) +#else #definem_pktlen(m) ((m)-m_pkthdr.len) +#endif struct ifnet; struct mbuf; struct pf_altq; struct pf_qstats; On 11/09/11 14:02, Wesley M. wrote: Hi, I use OpenBSD 5.0, what is better between use prio or altq on em0 priq bandwidth 200Kb queue {q_def,q_pri} ? I explain : altq on em0 priq bandwidth 200Kb queue {q_def,q_pri} queue q_def priority 1 queue q_pri priority 7 priq(default) pass out on egress inet proto tcp queue(q_def,q_pri) OR pass out on egress inet proto tcp prio (1,7) What is better, or perhaps, it works on the same way... If someone can help on ... Thank you very much. Wesley
Re: Mouse0: No Device specified, looking for one.. (it's specified)
Can you post your Xorg.log and complete xorg.conf? See also xorg.conf(5); this may be what you need. Option AllowEmptyInput boolean If enabled, don't add the standard keyboard and mouse drivers, if there are no input devices in the config file. Enabled by default if AutoAddDevices and AutoEnableDevices is enabled, otherwise disabled. If AllowEmptyInput is on, devices using the kbd, mouse or vmmouse driver are ignored. Christopher On 07/31/11 17:54, LEVAI Daniel wrote: Hali! FWIW, on my thinkpad t60 I can not configure the EmulateWheel option for the trackpoint because of this. The configure option for the input devices in xorg.conf are simply getting ignored. Daniel Section InputDevice Identifier TrackPoint Driver mouse Option Device/dev/wsmouse Option Emulate3Buttons false Option EmulateWheel true Option EmulateWheelButton2 Option XAxisMapping 6 7 Option YAxisMapping 4 5 EndSection OpenBSD 5.0-beta (GENERIC.MP) #28: Tue Jul 26 20:15:10 MDT 2011 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Genuine Intel(R) CPU T2400 @ 1.83GHz (GenuineIntel 686-class) 1.83 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR,PDCM real mem = 2145775616 (2046MB) avail mem = 2100592640 (2003MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 08/27/09, BIOS32 rev. 0 @ 0xfd6b0, SMBIOS rev. 2.4 @ 0xe0010 (68 entries) bios0: vendor LENOVO version 79ETE5WW (2.25 ) date 08/27/2009 bios0: LENOVO 2007FRG acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET BOOT SSDT SSDT SSDT SSDT acpi0: wakeup devices LID_(S3) SLPB(S3) LURT(S3) DURT(S3) EXP0(S4) EXP1(S4) EXP2(S4) EXP3(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB7(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiec0 at acpi0 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 166MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Genuine Intel(R) CPU T2400 @ 1.83GHz (GenuineIntel 686-class) 1.83 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR,PDCM ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 2, remapped to apid 1 acpimcfg0 at acpi0 addr 0xf000, bus 0-63 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (AGP_) acpiprt2 at acpi0: bus 2 (EXP0) acpiprt3 at acpi0: bus 3 (EXP1) acpiprt4 at acpi0: bus 4 (EXP2) acpiprt5 at acpi0: bus 12 (EXP3) acpiprt6 at acpi0: bus 21 (PCI1) acpicpu0 at acpi0: C3, C2, C1, PSS acpicpu1 at acpi0: C3, C2, C1, PSS acpipwrres0 at acpi0: PUBS acpitz0 at acpi0: critical temperature is 127 degC acpitz1 at acpi0: critical temperature is 99 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpibat0 at acpi0: BAT0 model 93P5030 serial 2444 type LION oem SONY acpibat1 at acpi0: BAT1 not present acpiac0 at acpi0: AC unit online acpithinkpad0 at acpi0 acpidock0 at acpi0: GDCK not docked (0) bios0: ROM list: 0xc/0xfe00 0xd/0x1000 0xd1000/0x1000 0xdc000/0x4000! 0xe/0x1! cpu0: Enhanced SpeedStep 1829 MHz: speeds: 1833, 1333, 1000 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82945GM Host rev 0x03 ppb0 at pci0 dev 1 function 0 Intel 82945GM PCIE rev 0x03: apic 1 int 16 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 ATI Radeon Mobility X1400 rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) radeondrm0 at vga1: apic 1 int 16 drm0 at radeondrm0 azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x02: msi azalia0: codecs: Analog Devices AD1981HD, 0x/0x, using Analog Devices AD1981HD audio0 at azalia0 ppb1 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x02: apic 1 int 20 pci2 at ppb1 bus 2 em0 at pci2 dev 0 function 0 Intel PRO/1000MT (82573L) rev 0x00: msi, address 00:16:41:aa:d2:70 ppb2 at pci0 dev 28 function 1 Intel 82801GB PCIE rev 0x02: apic 1 int 21 pci3 at ppb2 bus 3 wpi0 at pci3 dev 0 function 0 Intel PRO/Wireless 3945ABG rev 0x02: msi, MoW2, address 00:18:de:65:2d:37 ppb3 at pci0 dev 28 function 2 Intel 82801GB PCIE rev 0x02: apic 1 int 22 pci4 at ppb3 bus 4 ppb4 at pci0 dev 28 function 3 Intel 82801GB PCIE rev 0x02: apic 1 int 23 pci5 at ppb4 bus 12 uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x02: apic 1 int 16 uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x02: apic 1 int 17 uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev
pf doesn't filter at all on bge(4)
Hi, I have this simple setup: [ B ] se0 --- bge0 [ A ] pppoe0 ISP A and B both -current. Now my problem is, pf on A won't filter anything on bge0. Even with this very simple pf.conf: set skip on lo block pass out inet proto {tcp,udp} to port 53 block in on ! lo0 proto tcp to port 6000:6010 the connection to the internet via pppoe0 is dead, of course. But the connectio via bge0 to B is completely unfiltered. What the heck is wrong here?!? Interfaces: lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33196 priority: 0 groups: lo inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 127.0.0.1 netmask 0xff00 bge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:11:25:ae:0e:0c priority: 0 groups: local media: Ethernet autoselect (100baseTX full-duplex) status: active inet 192.168.23.1 netmask 0xff00 broadcast 192.168.23.255 inet6 fe80::211:25ff:feae:e0c%bge0 prefixlen 64 scopeid 0x1 iwi0: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500 lladdr 00:12:f0:62:22:ba priority: 4 groups: wlan media: IEEE802.11 autoselect status: no network ieee80211: nwid 100dBm inet6 fe80::212:f0ff:fe62:22ba%iwi0 prefixlen 64 scopeid 0x2 enc0: flags=0 priority: 0 groups: enc status: active ep1: flags=8863UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:86:3c:58:ce priority: 0 media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::200:86ff:fe3c:58ce%ep1 prefixlen 64 scopeid 0x5 pppoe0: flags=8851UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST mtu 1492 priority: 0 dev: ep1 state: session sid: 0x16d0 PADI retries: 1 PADR retries: 0 time: 00:09:27 sppp: phase network authproto pap groups: pppoe egress status: active inet6 fe80::211:25ff:feae:e0c%pppoe0 - prefixlen 64 scopeid 0x6 inet 92.203.15.60 -- 213.148.133.4 netmask 0x pflog0: flags=141UP,RUNNING,PROMISC mtu 33196 priority: 0 groups: pflog pfctl -s all: FILTER RULES: block drop all pass out inet proto tcp from any to any port = domain flags S/SA pass out inet proto udp from any to any port = domain block drop in on ! lo0 proto tcp from any to any port 6000:6010 No queue in use INFO: Status: Enabled for 0 days 00:12:56 Debug: err State Table Total Rate current entries0 searches 3800.5/s inserts 1380.2/s removals 1380.2/s Counters match2420.3/s bad-offset 00.0/s fragment 00.0/s short 00.0/s normalize 00.0/s memory 00.0/s bad-timestamp 00.0/s congestion 00.0/s ip-option 00.0/s proto-cksum00.0/s state-mismatch 00.0/s state-insert 00.0/s state-limit00.0/s src-limit 00.0/s synproxy 00.0/s TIMEOUTS: tcp.first 120s tcp.opening 30s tcp.established 86400s tcp.closing 900s tcp.finwait 45s tcp.closed 90s tcp.tsdiff 30s udp.first60s udp.single 30s udp.multiple 60s icmp.first 20s icmp.error 10s other.first 60s other.single 30s other.multiple 60s frag 30s interval 10s adaptive.start 6000 states adaptive.end 12000 states src.track 0s LIMITS: stateshard limit1 src-nodes hard limit1 frags hard limit 5000 tableshard limit 1000 table-entries hard limit 20 OS FINGERPRINTS: 700 fingerprints loaded route -n show: Routing tables Internet: DestinationGatewayFlags Refs Use Mtu Prio Iface default213.148.133.4 UGS3 183 - 8 pppoe0 127/8 127.0.0.1 UGRS 00 33196 8 lo0 127.0.0.1 127.0.0.1 UH 3 3664 33196 4 lo0 192.168.23/24 link#1
Re: pf doesn't filter at all on bge(4)
Ok, solved this one. bge0 was in group local, which is matched by set skip on lo is this the desired behavior? It can catch you by surprise easily! On 07/27/11 18:54, Christopher Zimmermann wrote: Hi, I have this simple setup: [ B ] se0 --- bge0 [ A ] pppoe0 ISP A and B both -current. Now my problem is, pf on A won't filter anything on bge0. Even with this very simple pf.conf: set skip on lo block pass out inet proto {tcp,udp} to port 53 block in on ! lo0 proto tcp to port 6000:6010 the connection to the internet via pppoe0 is dead, of course. But the connectio via bge0 to B is completely unfiltered. What the heck is wrong here?!? Interfaces: lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33196 priority: 0 groups: lo inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4 inet 127.0.0.1 netmask 0xff00 bge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:11:25:ae:0e:0c priority: 0 groups: local media: Ethernet autoselect (100baseTX full-duplex) status: active inet 192.168.23.1 netmask 0xff00 broadcast 192.168.23.255 inet6 fe80::211:25ff:feae:e0c%bge0 prefixlen 64 scopeid 0x1 iwi0: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500 lladdr 00:12:f0:62:22:ba priority: 4 groups: wlan media: IEEE802.11 autoselect status: no network ieee80211: nwid 100dBm inet6 fe80::212:f0ff:fe62:22ba%iwi0 prefixlen 64 scopeid 0x2 enc0: flags=0 priority: 0 groups: enc status: active ep1: flags=8863UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:86:3c:58:ce priority: 0 media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::200:86ff:fe3c:58ce%ep1 prefixlen 64 scopeid 0x5 pppoe0: flags=8851UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST mtu 1492 priority: 0 dev: ep1 state: session sid: 0x16d0 PADI retries: 1 PADR retries: 0 time: 00:09:27 sppp: phase network authproto pap groups: pppoe egress status: active inet6 fe80::211:25ff:feae:e0c%pppoe0 - prefixlen 64 scopeid 0x6 inet 92.203.15.60 -- 213.148.133.4 netmask 0x pflog0: flags=141UP,RUNNING,PROMISC mtu 33196 priority: 0 groups: pflog pfctl -s all: FILTER RULES: block drop all pass out inet proto tcp from any to any port = domain flags S/SA pass out inet proto udp from any to any port = domain block drop in on ! lo0 proto tcp from any to any port 6000:6010 No queue in use INFO: Status: Enabled for 0 days 00:12:56 Debug: err State Table Total Rate current entries 0 searches 380 0.5/s inserts 138 0.2/s removals 138 0.2/s Counters match 242 0.3/s bad-offset 0 0.0/s fragment 0 0.0/s short 0 0.0/s normalize 0 0.0/s memory 0 0.0/s bad-timestamp 0 0.0/s congestion 0 0.0/s ip-option 0 0.0/s proto-cksum 0 0.0/s state-mismatch 0 0.0/s state-insert 0 0.0/s state-limit 0 0.0/s src-limit 0 0.0/s synproxy 0 0.0/s TIMEOUTS: tcp.first 120s tcp.opening 30s tcp.established 86400s tcp.closing 900s tcp.finwait 45s tcp.closed 90s tcp.tsdiff 30s udp.first 60s udp.single 30s udp.multiple 60s icmp.first 20s icmp.error 10s other.first 60s other.single 30s other.multiple 60s frag 30s interval 10s adaptive.start 6000 states adaptive.end 12000 states src.track 0s LIMITS: states hard limit 1 src-nodes hard limit 1 frags hard limit 5000 tables hard limit 1000 table-entries hard limit 20 OS FINGERPRINTS: 700 fingerprints loaded route -n show: Routing tables Internet: Destination Gateway Flags Refs Use Mtu Prio Iface default 213.148.133.4 UGS 3 183 - 8 pppoe0 127/8 127.0.0.1 UGRS 0 0 33196 8 lo0 127.0.0.1 127.0.0.1 UH 3 3664 33196 4 lo0 192.168.23/24 link#1 UC 1 0 - 4 bge0 192.168.23.2 00:15:f2:64:0c:83 UHLc 0 34 - 4 bge0 213.148.133.4 92.203.15.60 UH 0 0 - 4 pppoe0 224/4 127.0.0.1 URS 0 2 33196 8 lo0 Internet6: Destination Gateway Flags Refs Use Mtu Prio Iface ::/104 ::1 UGRS 0 0 - 8 lo0 ::/96 ::1 UGRS 0 0 - 8 lo0 ::1 ::1 UH 14 0 33196 4 lo0 ::127.0.0.0/104 ::1 UGRS 0 0 - 8 lo0 ::224.0.0.0/100 ::1 UGRS 0 0 - 8 lo0 ::255.0.0.0/104 ::1 UGRS 0 0 - 8 lo0 :::0.0.0.0/96 ::1 UGRS 0 0 - 8 lo0 2002::/24 ::1 UGRS 0 0 - 8 lo0 2002:7f00::/24 ::1 UGRS 0 0 - 8 lo0 2002:e000::/20 ::1 UGRS 0 0 - 8 lo0 2002:ff00::/24 ::1 UGRS 0 0 - 8 lo0 fe80::/10 ::1 UGRS 0 0 - 8 lo0 fe80::%bge0/64 link#1 UC 0 0 - 4 bge0 fe80::211:25ff:feae:e0c%bge0 00:11:25:ae:0e:0c HL 0 0 - 4 lo0 fe80::%iwi0/64 link#2 C 0 0 - 4 iwi0 fe80::212:f0ff:fe62:22ba%iwi0 00:12:f0:62:22:ba UHL 0 0 - 4 lo0 fe80::%lo0/64 fe80::1%lo0 U 0 0 - 4 lo0 fe80::1%lo0 link#4 UHL 0 0 - 4 lo0 fe80::%ep1/64 link#5 C 0 0 - 4 ep1 fe80::200:86ff:fe3c:58ce%ep1 00:00:86:3c:58:ce HL 0 0 - 4 lo0 fe80::%pppoe0/64 fe80::211:25ff:feae:e0c%pppoe0 U 0 0 - 4 pppoe0 fe80::211:25ff:feae:e0c%pppoe0 link#6 HL 0 0 - 4 lo0 fec0::/10 ::1 UGRS 0 0 - 8 lo0 ff01::/16 ::1 UGRS 0 0 - 8 lo0 ff01::%bge0/32 link#1 UC 0 0 - 4 bge0 ff01::%iwi0/32 link#2 C 0 0 - 4 iwi0 ff01::%lo0/32 fe80::1%lo0 UC 0 0 - 4 lo0 ff01::%ep1/32 link#5 C 0 0 - 4 ep1 ff01::%pppoe0/32 fe80::211:25ff:feae:e0c%pppoe0 UC 0 0 - 4 pppoe0 ff02::/16 ::1 UGRS 0 0 - 8 lo0 ff02::%bge0/32 link#1 UC 0 0 - 4 bge0
nat-to broken: (if) notation increments nat-to ip by one
Hi, pppoe0 has 92.203.101.134. this works fine: match out log on egress inet from 192.168.23.0/24 nat-to pppoe0 tcpdump while pinging: 92.203.101.134 74.125.39.147: icmp: echo request 74.125.39.147 92.203.101.134: icmp: echo reply 92.203.101.134 74.125.39.147: icmp: echo request 74.125.39.147 92.203.101.134: icmp: echo reply But this doesn't: match out log on egress inet from 192.168.23.0/24 nat-to (pppoe0) tcpdump while pinging: 92.203.101.135 74.125.39.147: icmp: echo request 92.203.101.135 74.125.39.147: icmp: echo request in the (pppoe0) mode the IP address is always incremented by one. This also happens to other ips, not just 92.203.101.134. pppoe0: flags=8851UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST mtu 1492 priority: 0 dev: ep1 state: session sid: 0x166f PADI retries: 1 PADR retries: 0 time: 00:11:21 sppp: phase network authproto pap groups: pppoe egress status: active inet6 fe80::211:25ff:feae:e0c%pppoe0 - prefixlen 64 scopeid 0x6 inet 92.203.101.134 -- 213.148.133.4 netmask 0x
Re: Setting up default boot from a wd0d
On 06/24/11 16:51, Anand Buddhdev wrote: Hello list users, I have a virtual server for testing, on which I have installed OpenBSD 4.8. The installation is on wd0a, and there's just a single / partition. I then did a second installation, and setup OpenBSD 4.9 on wd0d, also with a single / partition. At this point, I can reboot the server, and at the boot prompt, I can manually boot into one or the other system as follows: boot boot hd0a:/bsd (for OpenBSD 4.8) boot boot hd0d:/bsd (for OpenBSD 4.9) Next, I wished to make the 4.9 installation the default. Therefore, I did the following: 1. Booted into 4.9 2. Logged in as root 3. cd /usr/mdec; ./installboot /boot ./biosboot wd0 4. echo 'boot hd0d:/bsd' /etc/boot.conf My expectation was that after a reboot, the OpenBSD booter would load up, look for wd0d:/etc/boot.conf, find the boot command in there, and boot automatically into 4.9. This is based on my reading of the boot.conf man page, section 5: 5. If the file */etc/boot.conf* exists on the filesystem *boot* was loaded from, open and parse it. This file may contain any commands *boot* accepts at the interactive prompt. Though default settings usually suffice, they can be changed here. However, this didn't happen. Instead, the server booted off hd0a:/bsd, and into 4.8. Is this a bug, or have I missed something? The output of installboot -v (-n) could be helpful. Then read and understand boot_i386(8). On i386 BIOS loads MBR, (which maybe loads another MBR, ) which loads the PBR (biosboot), which loads second stage bootloader (/boot), which loads kernel (/bsd). Your problem is possibly that the MBR still loads the PBR/biosboot from your wd0a disklabel partition. Thats because your MBR only knows one OpenBSD MBR partition, which starts with your wd0a disklabel partition. I see two possible solutions to achieve dualbooting: - use only one OpenBSD biosboot and boot bootloader and install both on wd0a. You can configure this bootloader with /etc/boot.conf on wd0a. - If you really, really want to load the bootloaders from wd0d, then create another MBR partition using fdisk having same size and location as your wd0d disklabel partition. Then you can dualboot by activating either your real OpenBSD partition, starting at wd0a or this fake partition starting at wd0d. Christopher
parameter scope in bourne vs ksh functions
Hi, ksh(1) states this: Functions defined with the function reserved word are treated differently in the following ways from functions defined with the () notation: [...] o Parameter assignments preceding function calls are not kept in the shell environment (executing Bourne-style functions will keep assignments). This does not work for me: $ i=foo $ function fun { echo $i; } $ fun foo $ i=bar $ fun bar $ function fun2 { echo $j; } $ fun2 $ j=foo $ fun2 foo $ Have I got something wrong there? Christopher
Re: parameter scope in bourne vs ksh functions
On 06/27/11 17:49, Ted Unangst wrote: On Mon, Jun 27, 2011 at 11:00 AM, Christopher Zimmermann madro...@zakweb.de wrote: Hi, ksh(1) states this: Functions defined with the function reserved word are treated differently in the following ways from functions defined with the () notation: [...] o Parameter assignments preceding function calls are not kept in the shell environment (executing Bourne-style functions will keep assignments). This does not work for me: $ i=foo $ function fun { echo $i; } That doesn't count as an assignment preceding a function call. Compare with what happens running the test below. function f1 { echo $i; } f2() { echo $i; } i=foo i=1 f1 f1 i=bar i=2 f2 f2 $ function f1 { echo $i; } $ f2 () { echo $i; } $ i=foo $ i=1 f1 1 $ echo $i foo $ i=1 true $ echo $i foo $ i=1 f2 1 $ echo $i 1 Ok, I got it. But wtf? Thats creepy! Is there any rationale behind this strange bourne behaviour?!?
umount(8) by device + overloaded mountpoint is not catched
Hi, when umount(8)ing by device, umount fetches the mountpoint via getmntinfo(3), because unmount(2) only supports unmounting via mountpoint. This means it is simply impossible to unmount a specific filesystem from an overloaded mountpoint. I think umount(8) should detect this case, warn the user and give up. Instead it plays roulette and calls unmount(2) on the mountpoint. This should be easy to fix, but it will require some restructuring of the code. That's because the current code cannot discriminate between the unmount by special device and unmount by mountpoint cases in the getmntname() function where the evaluation of the statfs(2) structures from getmntinfo(3) happens. Regards, Christopher Here's an umount run in which it went wrong. $ mount /dev/wd0a on / type ffs (local) mfs:1701 on /tmp type mfs (asynchronous, local, nodev, nosuid, size=2096816 512-blocks) /dev/wd0d on /usr type ffs (local, nodev) /dev/wd0e on /usr/local type ffs (local, nodev) /dev/sd0d on /var type ffs (local, nodev, nosuid, softdep) /dev/sd0e on /home type ffs (local, nodev, nosuid, softdep) /dev/sd1i on /vol/sd1i type msdos (local, uid=0, gid=10, mask=0660, direxec) /dev/wd0i on /vol/sd1i type msdos (local, uid=0, gid=10, mask=0770) $ sudo umount /dev/sd1i $ mount /dev/wd0a on / type ffs (local) mfs:1701 on /tmp type mfs (asynchronous, local, nodev, nosuid, size=2096816 512-blocks) /dev/wd0d on /usr type ffs (local, nodev) /dev/wd0e on /usr/local type ffs (local, nodev) /dev/sd0d on /var type ffs (local, nodev, nosuid, softdep) /dev/sd0e on /home type ffs (local, nodev, nosuid, softdep) /dev/sd1i on /vol/sd1i type msdos (local, uid=0, gid=10, mask=0660, direxec) $
Re: Mouse0: No Device specified, looking for one.. (it's specified)
On 06/04/11 16:32, pat wrote: Thanks for your reply, but it doesn't work. Logs are still reporting absence of device specification, as a result default /dev/wsmouse gets picked up for TrackPoint.. Here's the changed fragment: I had the very same problem and worked around it by renaming /dev/wsmouse to /dev/wsmouse.rest here's my xorg.conf: This seems to be a bug in the pointer device driver infrastrucure in xenocara, I tried to track it down, but gave up after several hours. Section Files FontPath /usr/local/lib/X11/fonts/terminus/ FontPath /usr/local/lib/X11/fonts/Liberation/ FontPath /usr/local/lib/X11/fonts/WinFonts/ EndSection Section InputDevice Identifier TouchPad0 Driver synaptics Option Device/dev/wsmouse0 #Option AutoServerLayout true EndSection Section InputDevice Identifier TrackPoint1 Driver mouse Option Device/dev/wsmouse1 Option Emulate3Buttons false Option EmulateWheel true Option EmulateWheelButton2 # No AutoServerLayout here, since xorg automatically # adds first InputDevice with mouse driver as CorePointer. #Option AutoServerLayout true EndSection Section InputDevice Identifier Mouse Driver mouse Option Device/dev/wsmouse2 #Option AutoServerLayout true EndSection Section Device Identifier ATI FireGL M24 Option DynamicClocks true EndSection Section Screen Identifier wide Device ATI FireGL M24 SubSection Display Virtual 3200 1200 EndSubSection EndSection Section ServerLayout Identifier Layout0 Screen wide InputDevice TouchPad0 SendCoreEvents InputDevice TrackPoint1CorePointer InputDevice Mouse SendCoreEvents Option BlankTime 5 EndSection Section InputDevice Identifier TrackPoint Driver mouse Option Device /dev/wsmouse0 Option Protocol wsmouse Option CorePointer Option ZAxisMapping 4 5 6 7 Option EmulateWheel yes Option EmulateWheelButton 2 EndSection Section InputDevice Identifier USBMouse Driver mouse Option Device /dev/wsmouse1 Option Protocol wsmouse Option SendCoreEvents true Option ZAxisMapping 4 5 6 7 EndSection On Fri, Jun 3, 2011 at 7:04 AM, Tomas Bodzar tomas.bod...@gmail.com wrote: Set 'Option CorePointer' in InputDevice section for trackpoint and 'Option SendCoreEvents true' in InputDevice section for mouse. On Fri, Jun 3, 2011 at 12:33 AM, pat pkugri...@gmail.com wrote: I'm having issues while trying to configure two mice separately in xorg.conf. Default mouse driver seems to pick up /dev/wsmouse by default instead of specified wsmouse0.. looks like it just ignores Option Device line (I tried to place it in the beginning of section also). Here I just want to enable a few additional parameters for Trackpoint. xorg.conf, Xorg.0.log files and dmesg are below. = xorg.conf: = Section Files ModulePath /usr/X11R6/lib/modules FontPath /usr/X11R6/lib/X11/fonts/misc/ FontPath /usr/X11R6/lib/X11/fonts/TTF/ FontPath /usr/X11R6/lib/X11/fonts/OTF/ FontPath /usr/X11R6/lib/X11/fonts/Type1/ FontPath /usr/X11R6/lib/X11/fonts/100dpi/ FontPath /usr/X11R6/lib/X11/fonts/75dpi/ EndSection Section Module Load dbe Load dri Load dri2 Load extmod Load glx Load record EndSection Section InputDevice Identifier Keyboard0 Driver kbd EndSection Section InputDevice Identifier TrackPoint Driver mouse OptionProtocol wsmouse OptionZAxisMapping 4 5 6 7 OptionEmulateWheel yes Option EmulateWheelButton 2 OptionDevice /dev/wsmouse0 EndSection Section InputDevice Identifier USBMouse Driver mouse OptionProtocol wsmouse OptionZAxisMapping 4 5 6 7 OptionDevice /dev/wsmouse1 EndSection Section Monitor Identifier Monitor0 VendorName Monitor Vendor ModelNameMonitor Model EndSection Section Device ### Available Driver options are:- ### Values: i: integer, f: float, bool: True/False, ### string: String, freq: f Hz/kHz/MHz, ### percent: f% ### [arg]: arg optional #Option NoAccel # [bool] #Option SWcursor # [bool] #Option ColorKey # i #Option CacheLines # i #Option Dac6Bit # [bool] #Option DRI
Re: Predictable disk device numbering
Hi, I have a similar problem since I an using softraid to encrypt /var and /home. The softraid device is usually on sd0. But when I have an usb mass storage device plugged in during boot up it gets assigned to sd0 and softraid gets sd1. Still, my fstab tries to mount from /dev/sd0X. This can be annoying. Is there no way to reserve sd0 or tell bioctl to use a higher number for the softraid sdX? With vnd(3) this is not so much of a problem, because vnd(3) devices won't conflict with unpredictable things like usb-sticks, which share the sd(4) namespace. Christopher
Re: Predictable disk device numbering
On 02/04/11 15:10, Matthias Guedemann wrote: On Fri, 4 Feb 2011 14:32:15 +0100, Christopher Zimmermann madro...@zakweb.de wrote: I have a similar problem since I an using softraid to encrypt /var and /home. The softraid device is usually on sd0. But when I have an usb mass storage device plugged in during boot up it gets assigned to sd0 and softraid gets sd1. Still, my fstab tries to mount from /dev/sd0X. This can be annoying. it is, but an easy way to avoid this is to use the UID to mount. If your sd0X has no UID, simply open it with disklabel and save without other changes - this generates one. You can then change /dev/sd0X to UID.X in your fstab. Matthias Thanks! Just what I needed :)
high cpu load on small pcmcia ethernet loads
Hi! I experience very high cpu loads when using my pcmcia ethernet card with more than 4Mbit/s. I get the same behaviour for a ep(4) 100MBit fast ethernet and ne(4) 10MBit ethernet card. Both 16bit pcmcia. The distribution between interrupt and system load seems to be a bit strange, also the load goes up very quick after passing the 4MBit threshold. NET (Kb)Interrupts (ep1/cbb0) CPU/Int CPU/Sys ... ... 0 0 4000180 3 1 4500150 32 1 5000155 33 1 5500160 30 2 6000180 40 3 6500210 45 8 7000350 40 23 7500600 15 70 8000730 7 92 any idea how this could be debugged? Christopher OpenBSD 4.8-current (GENERIC) #601: Sat Jan 8 19:46:05 MST 2011 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) M processor 2.13GHz (GenuineIntel 686-class) 2.13 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,EST,TM2 real mem = 2145808384 (2046MB) avail mem = 2100600832 (2003MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 08/21/06, BIOS32 rev. 0 @ 0xfd760, SMBIOS rev. 2.33 @ 0xe0010 (64 entries) bios0: vendor IBM version 1YET65WW (1.29 ) date 08/21/2006 bios0: IBM 2668H2G apm at bios0 function 0x15 not configured acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG BOOT acpi0: wakeup devices LID_(S3) SLPB(S3) UART(S3) EXP0(S4) EXP1(S4) EXP2(S4) EXP3(S4) PCI1(S4) DOCK(S4) USB0(S3) USB1(S3) USB3(S3) USB7(S3) AC9M(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiec0 at acpi0 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 133MHz ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 1 acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (AGP_) acpiprt2 at acpi0: bus 2 (EXP0) acpiprt3 at acpi0: bus -1 (EXP1) acpiprt4 at acpi0: bus 3 (EXP2) acpiprt5 at acpi0: bus -1 (EXP3) acpiprt6 at acpi0: bus 11 (PCI1) acpicpu0 at acpi0: C3, C2, C1, PSS acpipwrres0 at acpi0: PUBS acpitz0 at acpi0: critical temperature 99 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpibat0 at acpi0: BAT0 model IBM-92P1077 serial 401 type LION oem SANYO acpibat1 at acpi0: BAT1 not present acpiac0 at acpi0: AC unit online acpithinkpad0 at acpi0 acpidock0 at acpi0: DOCK not docked (0) bios0: ROM list: 0xc/0x1 0xd/0x1600 0xd1800/0x1000 0xdc000/0x4000! 0xe/0x1 cpu0: Enhanced SpeedStep 2129 MHz: speeds: 2133, 1866, 1600, 1333, 1066, 800 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82915GM Host rev 0x03 ppb0 at pci0 dev 1 function 0 Intel 82915GM PCIE rev 0x03: apic 1 int 16 (irq 11) pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 ATI FireGL M24 GL rev 0x80 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) radeondrm0 at vga1: apic 1 int 16 (irq 11) drm0 at radeondrm0 ppb1 at pci0 dev 28 function 0 Intel 82801FB PCIE rev 0x03: apic 1 int 20 (irq 11) pci2 at ppb1 bus 2 bge0 at pci2 dev 0 function 0 Broadcom BCM5751M rev 0x11, BCM5750 B1 (0x4101): apic 1 int 16 (irq 11), address 00:11:25:ae:0e:0c brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 ppb2 at pci0 dev 28 function 2 Intel 82801FB PCIE rev 0x03: apic 1 int 22 (irq 11) pci3 at ppb2 bus 3 uhci0 at pci0 dev 29 function 0 Intel 82801FB USB rev 0x03: apic 1 int 16 (irq 11) uhci1 at pci0 dev 29 function 1 Intel 82801FB USB rev 0x03: apic 1 int 17 (irq 11) uhci2 at pci0 dev 29 function 2 Intel 82801FB USB rev 0x03: apic 1 int 18 (irq 11) uhci3 at pci0 dev 29 function 3 Intel 82801FB USB rev 0x03: apic 1 int 19 (irq 11) ehci0 at pci0 dev 29 function 7 Intel 82801FB USB rev 0x03: apic 1 int 19 (irq 11) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb3 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xd3 pci4 at ppb3 bus 11 cbb0 at pci4 dev 0 function 0 Ricoh 5C476 CardBus rev 0x8d: apic 1 int 16 (irq 11) iwi0 at pci4 dev 2 function 0 Intel PRO/Wireless 2200BG rev 0x05: apic 1 int 21 (irq 11), address 00:12:f0:62:22:ba cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 12 device 0 cacheline 0x0, lattimer 0xb0 pcmcia0 at cardslot0 auich0 at pci0 dev 30 function 2 Intel 82801FB AC97 rev 0x03: apic 1 int 22 (irq 11), ICH6 AC97 ac97: codec id 0x41445374 (Analog Devices AD1981B) ac97: codec features headphone, 20 bit DAC, No 3D Stereo audio0 at auich0 ichpcib0 at pci0 dev 31 function 0 Intel
Re: high cpu load on small pcmcia ethernet loads
On 01/15/11 21:26, Ted Unangst wrote: On Sat, Jan 15, 2011 at 1:33 PM, Christopher Zimmermann madro...@zakweb.de wrote: I experience very high cpu loads when using my pcmcia ethernet card with more than 4Mbit/s. I get the same behaviour for a ep(4) 100MBit fast ethernet and ne(4) 10MBit ethernet card. Both 16bit pcmcia. The distribution between interrupt and system load seems to be a bit strange, also the load goes up very quick after passing the 4MBit threshold. That doesn't sound surprising. pcmcia is not, by modern standards, a high speed interface. Hmm, pcmcia should be capable of 16Mbit(byte?)/s. But what I really don't understand is, why the system load is 0 until the traffic reaches 4MBit and then increases until it reaches 100% at only 8MBit. I'm also quite sure, the cards did both perform with higher throughputs on linux 2.4, but I'll test it again with a 2.6 kernel. Christopher
Re: bioctl -P, change passwords on crypto volumes
On 10/13/10 21:29, Markus Bergkvist wrote: $ sudo bioctl -c C -l /dev/sd1a softraid0 Passphrase: scsibus4 at softraid0: 1 targets sd2 at scsibus4 targ 0 lun 0: OPENBSD, SR CRYPTO, 004 SCSI2 0/direct fixed sd2: 237MB, 512 bytes/sec, 487409 sec total $ sudo bioctl -P sd2 Old passphrase: New passphrase: Re-type passphrase: /Markus Is it possible to change the number of rounds, too, or do I have to backup/restore the volume? At the moment I have to wait for about 7s for my crypto volume to come up. I'd rather use a slightly longer passphrase. Christopher
USB 2.0 transaction translators
Hello, I just stumbled over this: Error opening low/full speed isoc endpoint. A low/full speed device is attached to a USB2 hub, and transaction translations are not yet supported. Reattach the device to the root hub instead. It annoyed me that this doesn't yet work. But since I needed to plug my device into the hub, I found a different solution: Just disable ehci support in kernel. Works fine :-D keyboard, mouse and full-duplex audio all at one hub. Reading the TODO in ehci.c suggests that fixing this the right way would be a lot of work - writing a scheduler... ? Christopher
readline and -lhistory in base ?
Hi! I'm trying to compile the statistics suite pspp, but it complains about missing -lhistory. As I understand the description in the readline port, there should already be a readline implementation included in the base system. Still I can only find /usr/lib/libreadline.so.3.0, but no /usr/lib/libhistory.so.* the readline port includes /usr/local/lib/libehistory.so Now what's the way to go for this? Cheers, Christopher
Re: Remotely connect to gnome
On 08/21/10 16:45, Jean-Francois wrote: Hi All, I've understood that unixes are made to work as workstations and that gnome and kde could handle that. Could you please help me to get on the way to make remote connections possible to gnome for session login and desktop use ? Here's an excerpt from a setup on a debian lenny server, should work with OpenBSD as well. If you need some more tipps or other configs I missed, just ask. Also note that XDMCP is no secure protocol. Only use it via trusted links. Other options would be to run one of the vpn-X-servers, possibly launched via gdm. Have fun, Christopher I opened these ports in my firewall: # XDMCP (X11 remote login) lan_udp 177 lan_tcp 177 lan_tcp 6000:6010 lan_tcp 16001 # I remember some problems with gdm and IPv4 / IPv6 support. As I remember IPv4 # is broken when gdm is compiled with IPv6 support. Maybe this issue has been # solved since I set up this server. Just google for it if you encounter # issues. # X font server - you may wand to run a font server for the remote terminals lan_tcp 7100 ## # gdm.conf [daemon] # Don't know wheather this is needed for xdmcp setup: VTAllocation=false RemoteGreeter=/usr/lib/gdm/gdmgreeter # Needed for Xming clipboard manager, in case you want to start a session from # MS Windows clients: KillInitClients=false [security] [xdmcp] # Enable remote sessions: Enable=true MaxPendingIndirect=0 MaxSessions=4 [gui] GtkRC= [greeter] Include=*** some ',' separated usernames *** IncludeAll=false Browser=true [chooser] [debug] [servers] # Multi seat setup. You won't need this for remote logins. I'm also not sure, # weather this will work with OpenBSD. #0=multiseat 0=seat0 1=seat1 [server-multiseat] name=Multiseat command=/usr/bin/Xorg -audit 0 -layout multiseat vt9 fleixble=false handled=false chooser=false flexible=true priority=0 [server-seat0] name=Seat 0 command=/usr/bin/Xorg -audit 0 -layout seat0 -sharevts -novtswitch vt9 flexible=true [server-seat1] name=Seat 1 command=/usr/bin/Xorg -audit 0 -layout seat1 -sharevts -novtswitch vt9 flexible=true ## You will start the remote X.org servers by: X -query OpenBSDserver :0
Re: Remotely connect to gnome
On 08/21/10 17:27, Christopher Zimmermann wrote: On 08/21/10 16:45, Jean-Francois wrote: Hi All, I've understood that unixes are made to work as workstations and that gnome and kde could handle that. Could you please help me to get on the way to make remote connections possible to gnome for session login and desktop use ? Here's an excerpt from a setup on a debian lenny server, should work with OpenBSD as well. If you need some more tipps or other configs I missed, just ask. Also note that XDMCP is no secure protocol. Only use it via trusted links. Other options would be to run one of the vpn-X-servers, possibly launched via gdm. arrrg, no, of course not vpn, vnc is what I meant. For example have a look at the thightvnc package. But this doesn't support encryption either. ssh tunneling would be the way to go I think. At least this will probably be easier using a vnc solution, because it does not need dozens of ports to be forwarded.
Re: OpenBSD users
On 07/19/10 19:57, Noah Pugsley wrote: Mateusz Gierblinski wrote: Hi misc@ I'm just wondering. Where are you OpenBSD users from? I'm from Belgium, anyone else? Take care Central Oregon, USSA. Tuebingen, germany.
/boot broken on latest snapshot ?
Hi, I just upgraded to the very latest snapshot(9.7. 1:50) on i386. Now my system does not boot anymore. The only thing I get is: Using drive 0, partition 3. Loading... [cursor sits here] As I understand the boot process, the PBR boot loader has found /boot, verified the magic number and handed control over to the code loaded from /boot. I already booted the latest bsd.rd via pxeboot and did the following: # fdisk -u wd0 # mount /dev/wd0a /mnt # /mnt/mdec/installboot -v /mnt/boot /usr/mdev/biosboot wd0 this did not change anything. Same symptoms as before. Next thing I'll try is to boot normal bsd kernel via pxeboot and do installboot again from there. To me this looks like /boot is broken. Has anyone else this problem? Regards, Christopher
Re: /boot broken on latest snapshot ?
On 07/09/10 14:19, Christopher Zimmermann wrote: Hi, I just upgraded to the very latest snapshot(9.7. 1:50) on i386. Now my system does not boot anymore. The only thing I get is: Using drive 0, partition 3. Loading... [cursor sits here] As I understand the boot process, the PBR boot loader has found /boot, verified the magic number and handed control over to the code loaded from /boot. I already booted the latest bsd.rd via pxeboot and did the following: # fdisk -u wd0 # mount /dev/wd0a /mnt # /mnt/mdec/installboot -v /mnt/boot /usr/mdev/biosboot wd0 this did not change anything. Same symptoms as before. Next thing I'll try is to boot normal bsd kernel via pxeboot and do installboot again from there. ok. Booting via pxeboot still works with boot hd0a:/bsd running installboot from there didn't help either. Next thing I tried was a complete reinstall of the latest snapshot on an alternate root via pxeboot. Install worked find, booting from harddist still doesn't work. pxeboot works fine. There is something broken in latest snapshots /boot for sure. The system is a ThinkPad T43p. I don't have a dmesg to provide at hand, sorry. Christopher
Re: wlan scan-after-nwid quirk for ThinkPads
On 07/06/10 10:10, David Coppa wrote: On Tue, Jul 6, 2010 at 4:14 AM, Anders Langworthylagrang...@gmail.com wrote: On Mon, Jul 5, 2010 at 4:37 PM, Christopher Zimmermann madro...@zakweb.de wrote: The only thing I find funny is that the network link only comes up after I have run the 'ifconfig iwi0 scan' a second time. See below. Yeah, this is a quirk with my iwi device[1] also. A scan needs to be run after you change nwid or the network will not come up as active. It does work without a scan the first time you connect to a network after the machine has been booted, though. But not if you do a scan before bringing the inferface up for the first time - as in my case. [1]: iwi0 at pci2 dev 2 function 0 Intel PRO/Wireless 2915ABG rev 0x05 I think there's a probable regression with: ppb1 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xd3 pci2 at ppb1 bus 4 that's what my dmesg says about this: ppb3 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xd3 pci4 at ppb3 bus 11 iwi0 at pci4 dev 2 function 0 Intel PRO/Wireless 2200BG rev 0x05: irq 11, address 00:12:f0:62:22:ba I have a ralink on my ThinkPad X41 that shows the same weird behavior. ral0 at pci2 dev 2 function 0 Ralink RT2561 rev 0x00: irq 10, address 00:0d:f0:3e:6e:a0 ral0: MAC/BBP RT2561C, RF RT2527 And the same ifconfig scan trick is also needed if I swap the card with an Atheros minipci, so I think it's not related to a particular wireless device. No quirks at all with another Ralink card on cardbus (MSI CB54G2)... And I'm 99% sure I didn't have this problem before. cheers, David my complete dmesg: OpenBSD 4.7-current (GENERIC) #34: Wed Jun 23 22:16:39 MDT 2010 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) M processor 2.13GHz (GenuineIntel 686-class) 2.13 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,EST,TM2 real mem = 2145808384 (2046MB) avail mem = 2067968000 (1972MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 08/21/06, BIOS32 rev. 0 @ 0xfd760, SMBIOS rev. 2.33 @ 0xe0010 (64 entries) bios0: vendor IBM version 1YET65WW (1.29 ) date 08/21/2006 bios0: IBM 2668H2G apm0 at bios0: Power Management spec V1.2 apm0: battery life expectancy 96% apm0: AC on, battery charge high acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xfd6f0/0x910 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdeb0/256 (14 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #12 is the last bus bios0: ROM list: 0xc/0x1 0xd/0x1600 0xd1800/0x1000 0xdc000/0x4000! 0xe/0x1 cpu0 at mainbus0: (uniprocessor) cpu0: Enhanced SpeedStep 2129 MHz: speeds: 2133, 1867, 1600, 1333, 1067, 800 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) io address conflict 0x5800/0x8 io address conflict 0x5808/0x4 io address conflict 0x5810/0x8 io address conflict 0x580c/0x4 pchb0 at pci0 dev 0 function 0 Intel 82915GM Host rev 0x03 ppb0 at pci0 dev 1 function 0 Intel 82915GM PCIE rev 0x03: irq 11 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 ATI FireGL M24 GL rev 0x80 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) radeondrm0 at vga1: irq 11 drm0 at radeondrm0 ppb1 at pci0 dev 28 function 0 Intel 82801FB PCIE rev 0x03: irq 11 pci2 at ppb1 bus 2 bge0 at pci2 dev 0 function 0 Broadcom BCM5751M rev 0x11, BCM5750 B1 (0x4101): irq 11, address 00:11:25:ae:0e:0c brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0 ppb2 at pci0 dev 28 function 2 Intel 82801FB PCIE rev 0x03: irq 11 pci3 at ppb2 bus 3 uhci0 at pci0 dev 29 function 0 Intel 82801FB USB rev 0x03: irq 11 uhci1 at pci0 dev 29 function 1 Intel 82801FB USB rev 0x03: irq 11 uhci2 at pci0 dev 29 function 2 Intel 82801FB USB rev 0x03: irq 11 uhci3 at pci0 dev 29 function 3 Intel 82801FB USB rev 0x03: irq 11 ehci0 at pci0 dev 29 function 7 Intel 82801FB USB rev 0x03: irq 11 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb3 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xd3 pci4 at ppb3 bus 11 cbb0 at pci4 dev 0 function 0 Ricoh 5C476 CardBus rev 0x8d: irq 11 iwi0 at pci4 dev 2 function 0 Intel PRO/Wireless 2200BG rev 0x05: irq 11, address 00:12:f0:62:22:ba cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 12 device 0 cacheline 0x0, lattimer 0xb0 pcmcia0 at cardslot0 auich0 at pci0 dev 30 function 2 Intel 82801FB AC97 rev 0x03: irq 11, ICH6 AC97 ac97: codec id 0x41445374 (Analog Devices AD1981B) ac97: codec features headphone, 20 bit DAC, No 3D Stereo audio0 at auich0 ichpcib0 at pci0 dev 31 function 0 Intel 82801FBM LPC rev 0x03: PM disabled pciide0 at pci0 dev 31 function 2 Intel 82801FBM SATA rev 0x03: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: HTS541080G9AT00 wd0
Re: Connecting to one of available networks on boot
I tried it using the ifstated approach, but it didn't work as I hoped it would. So I just wrote a small sh script and put it in /etc/wlan and sourced that from /etc/rc right after /etc/netstart is run. The only thing I find funny is that the network link only comes up after I have run the 'ifconfig iwi0 scan' a second time. See below. Christopher #!/bin/sh echo -n 'setting up wlan: ' for nwid in $(ifconfig iwi0 scan |awk '{if($1==nwid) print $2}') 'FAIL' do case $nwid in wurmlingen) echo $nwid. ifconfig iwi0 192.168.23.2 netmask 255.255.255.0 \ media autoselect \ -bssid \ -chan \ nwid wurmlingen \ -nwkey \ wpa \ wpapsk 0x \ up route add default -ifp iwi0 192.168.23.1 break ;; BELWUE) echo $nwid. route delete default ifconfig iwi0 inet \ media autoselect \ -bssid \ -chan \ nwid BELWUE \ -nwkey \ -wpa \ -wpapsk \ down dhclient iwi0 break ;; FAIL) echo no known network found. ;; esac done sleep 2; ifconfig iwi0 scan /dev/null
pf - allow only inbound packets to be forwarded
Hi, I have two machines. One desktop and one mobile laptop. They are connected to each other via wlan. The desktop is connected to the internet vie pppoe and provides internet connectivity to the laptop via nat. On the desktop I would like to block all incoming packets destined to the desktop machine (except ssh and icmp echo requests), but forward all packets destined elsewhere. The pppoe interface on the desktop is assigned a dynamic ip. nat-to works fine using the following rules. # Masquerade and route wlan clients to outside pass in on ath0 from 192.168.23.0/24 match out on tun0 from 192.168.23.0/24 nat-to (tun0) #intranet via vpn match out on egress from 192.168.23.0/24 nat-to (egress) #pppoe0 as I understand, pf cannot tell incoming packets destined to the local machine from incoming packets to be forwarded. With iptables I could easily accomplish this using the INPUT vs. the FORWARD chains. With pf I could do it by blocking all packets having a destination ip hosted by the desktop. But for this to work I would need a static ip or modify the pf rules everytime my public ip changes. Is there any other, _simple_ way to accomplish this? Cheers, Christopher
mouse cursor keeps jumping up and left in latest snapshot
Hello, today I upgraded my system to the latest snapshot from some -current version end of april. Now in all gtk application my mouse cursor often jumps to the upper and/or left edge of the screen (not of the application window). I already recompiled gtk+2 and some of the gtk2 applications, but it did not help. Does anyone else have a similar experience? Any ides? The only idea I have is reinstalling the whole system :( Christopher
Re: mouse warp problem - dmesg
On 06/03/10 17:25, Otto Moerbeek wrote: On Thu, Jun 03, 2010 at 04:46:27PM +0200, Christopher Zimmermann wrote: Hello, today I upgraded my system to the latest snapshot from some -current version end of april. Now in all gtk application my mouse cursor often jumps to the upper and/or left edge of the screen (not of the application window). I already recompiled gtk+2 and some of the gtk2 applications, but it did not help. Does anyone else have a similar experience? Any ides? The only idea I have is reinstalling the whole system :( Christopher a dmesg, my kingdom for a dmesg... Here's my dmesg, where's your kingdom? ;) OpenBSD 4.7-current (sys) #0: Wed Jun 2 17:04:24 CEST 2010 madro...@pundit:/var/obj/sys real mem = 1071841280 (1022MB) avail mem = 1029640192 (981MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf04b0 (57 entries) bios0: vendor American Megatrends Inc. version 0603 date 03/31/2006 bios0: ASUSTeK Computer INC. K8S-MV-P acpi0 at bios0: rev 2 acpi0: tables DSDT FACP APIC OEMB acpi0: wakeup devices PS2K(S4) PS2M(S4) EUSB(S4) USB_(S4) USB2(S4) USB3(S4) AC97(S4) MC97(S4) PCI1(S4) PCI2(S4) MAC_(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Sempron(tm) Processor 3000+, 1795.71 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 128KB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: AMD erratum 89 present, BIOS upgrade may be required cpu0: apic clock running at 199MHz ioapic0 at mainbus0: apid 1 pa 0xfec0, version 14, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (P0P1) acpiprt2 at acpi0: bus 2 (P0P6) acpiprt3 at acpi0: bus 3 (P0P7) acpicpu0 at acpi0: PSS aibs0 at acpi0 acpibtn0 at acpi0: PWRB cpu0: Cool'n'Quiet K8 1795 MHz: speeds: 1800 1000 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 SiS 760 PCI rev 0x03 agp at pchb0 not configured ppb0 at pci0 dev 1 function 0 SiS 86C202 VGA rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 NVIDIA GeForce FX 5200 rev 0xa1 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 2 function 0 SiS 965 ISA rev 0x48 pciide0 at pci0 dev 2 function 5 SiS 5513 EIDE rev 0x01: 760: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: TSSTcorp, DVD-ROM SH-D162C, TS04 ATAPI 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 disabled (no drives) auich0 at pci0 dev 2 function 7 SiS 7012 AC97 rev 0xa0: apic 1 int 18 (irq 11), SiS7012 AC97 ac97: codec id 0x41445368 (Analog Devices AD1888) ac97: codec features headphone, 20 bit DAC, No 3D Stereo audio0 at auich0 ohci0 at pci0 dev 3 function 0 SiS 5597/5598 USB rev 0x0f: apic 1 int 20 (irq 5), version 1.0, legacy support ohci1 at pci0 dev 3 function 1 SiS 5597/5598 USB rev 0x0f: apic 1 int 21 (irq 10), version 1.0, legacy support ohci2 at pci0 dev 3 function 2 SiS 5597/5598 USB rev 0x0f: apic 1 int 22 (irq 5), version 1.0, legacy support ehci0 at pci0 dev 3 function 3 SiS 7002 USB rev 0x00: apic 1 int 23 (irq 10) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 SiS EHCI root hub rev 2.00/1.00 addr 1 se0 at pci0 dev 4 function 0 SiS 190 rev 0x00: apic 1 int 19 (irq 5), address 00:15:f2:64:0c:83 rlphy0 at se0 phy 1: RTL8201L 10/100 PHY, rev. 1 pciide1 at pci0 dev 5 function 0 SiS 182 SATA rev 0x01: DMA pciide1: using apic 1 int 17 (irq 10) for native-PCI interrupt wd0 at pciide1 channel 0 drive 0: SAMSUNG SP2504C wd0: 16-sector PIO, LBA48, 238475MB, 488397168 sectors wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 6 ppb1 at pci0 dev 6 function 0 SiS PCI-PCI rev 0x00 pci2 at ppb1 bus 2 ppb2 at pci0 dev 7 function 0 SiS PCI-PCI rev 0x00 pci3 at ppb2 bus 3 pchb1 at pci0 dev 24 function 0 AMD AMD64 0Fh HyperTransport rev 0x00 pchb2 at pci0 dev 24 function 1 AMD AMD64 0Fh Address Map rev 0x00 pchb3 at pci0 dev 24 function 2 AMD AMD64 0Fh DRAM Cfg rev 0x00 kate0 at pci0 dev 24 function 3 AMD AMD64 0Fh Misc Cfg rev 0x00 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 wbsio0 at isa0 port 0x2e/2: W83627EHF rev 0x54 lm1 at wbsio0 port 0x290/8: W83627EHF-A usb1 at ohci0: USB revision 1.0 uhub1 at usb1 SiS OHCI root hub rev 1.00/1.00 addr 1 usb2 at ohci1: USB revision 1.0 uhub2 at usb2 SiS OHCI root hub rev
Re: mouse warp problem - dmesg
On 06/03/10 18:15, Theo de Raadt wrote: Are you running an amd64 kernel? Sigh, I wish people would not change these things and use the standard compilation setup which allows us to see which arch you are running. yes, I'm running amd64. Sorry for the inconvenience. It's simpler than that. He's running his own custom kernel, so you can ignore what he saying. He's chosen to take care of his own problems by choosing to be different. My kernel contains a bugfix and several improvements for the auich(4) driver which are waiting to be committed. Other than that it contains a workaround in USB2.0 takeover code for my broken BIOS. I think it is very improbable that these changes have an effect on the apparantly well known mouse warp problem. Therefore the dmesg may very well be of some use to debug the problem. If some of the kernel developers give me some hints where they suspect the problem and what information they could use I could have a look of my own and possibly provide some more infos. Regards, Christopher OpenBSD 4.7-current (sys) #0: Wed Jun 2 17:04:24 CEST 2010 madro...@pundit:/var/obj/sys real mem = 1071841280 (1022MB) avail mem = 1029640192 (981MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf04b0 (57 entries) bios0: vendor American Megatrends Inc. version 0603 date 03/31/2006 bios0: ASUSTeK Computer INC. K8S-MV-P acpi0 at bios0: rev 2 acpi0: tables DSDT FACP APIC OEMB acpi0: wakeup devices PS2K(S4) PS2M(S4) EUSB(S4) USB_(S4) USB2(S4) USB3(S4) AC97(S4) MC97(S4) PCI1(S4) PCI2(S4) MAC_(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Sempron(tm) Processor 3000+, 1795.71 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 128KB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: AMD erratum 89 present, BIOS upgrade may be required cpu0: apic clock running at 199MHz ioapic0 at mainbus0: apid 1 pa 0xfec0, version 14, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (P0P1) acpiprt2 at acpi0: bus 2 (P0P6) acpiprt3 at acpi0: bus 3 (P0P7) acpicpu0 at acpi0: PSS aibs0 at acpi0 acpibtn0 at acpi0: PWRB cpu0: Cool'n'Quiet K8 1795 MHz: speeds: 1800 1000 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 SiS 760 PCI rev 0x03 agp at pchb0 not configured ppb0 at pci0 dev 1 function 0 SiS 86C202 VGA rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 NVIDIA GeForce FX 5200 rev 0xa1 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 2 function 0 SiS 965 ISA rev 0x48 pciide0 at pci0 dev 2 function 5 SiS 5513 EIDE rev 0x01: 760: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0:TSSTcorp, DVD-ROM SH-D162C, TS04 ATAPI 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 disabled (no drives) auich0 at pci0 dev 2 function 7 SiS 7012 AC97 rev 0xa0: apic 1 int 18 (irq 11), SiS7012 AC97 ac97: codec id 0x41445368 (Analog Devices AD1888) ac97: codec features headphone, 20 bit DAC, No 3D Stereo audio0 at auich0 ohci0 at pci0 dev 3 function 0 SiS 5597/5598 USB rev 0x0f: apic 1 int 20 (irq 5), version 1.0, legacy support ohci1 at pci0 dev 3 function 1 SiS 5597/5598 USB rev 0x0f: apic 1 int 21 (irq 10), version 1.0, legacy support ohci2 at pci0 dev 3 function 2 SiS 5597/5598 USB rev 0x0f: apic 1 int 22 (irq 5), version 1.0, legacy support ehci0 at pci0 dev 3 function 3 SiS 7002 USB rev 0x00: apic 1 int 23 (irq 10) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 SiS EHCI root hub rev 2.00/1.00 addr 1 se0 at pci0 dev 4 function 0 SiS 190 rev 0x00: apic 1 int 19 (irq 5), address 00:15:f2:64:0c:83 rlphy0 at se0 phy 1: RTL8201L 10/100 PHY, rev. 1 pciide1 at pci0 dev 5 function 0 SiS 182 SATA rev 0x01: DMA pciide1: using apic 1 int 17 (irq 10) for native-PCI interrupt wd0 at pciide1 channel 0 drive 0:SAMSUNG SP2504C wd0: 16-sector PIO, LBA48, 238475MB, 488397168 sectors wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 6 ppb1 at pci0 dev 6 function 0 SiS PCI-PCI rev 0x00 pci2 at ppb1 bus 2 ppb2 at pci0 dev 7 function 0 SiS PCI-PCI rev 0x00 pci3 at ppb2 bus 3 pchb1 at pci0 dev 24 function 0 AMD AMD64 0Fh HyperTransport rev 0x00 pchb2 at pci0 dev 24 function 1 AMD AMD64 0Fh Address Map rev 0x00 pchb3 at pci0 dev 24 function 2 AMD AMD64 0Fh DRAM Cfg rev 0x00 kate0 at pci0 dev 24 function 3 AMD AMD64 0Fh Misc Cfg rev 0x00 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port
Re: mouse warp problem - dmesg
On 06/03/10 21:33, Theo de Raadt wrote: My kernel contains a bugfix and several improvements for the auich(4) driver which are waiting to be committed. Other than that it contains a workaround in USB2.0 takeover code for my broken BIOS. I think it is very improbable that these changes have an effect on the apparantly well known mouse warp problem. Therefore the dmesg may very well be of some use to debug the problem. OR IT MIGHT NOT BE. We don't know what it contains, and you didn't say what it contains, so the right thing for us to do is ASSUME IT IS USELESS. You've got it all wrong. Of course you are right. Although it is very improbable, my changes MAY still have had an effect on the already known mouse-warp problem. So you are right and I am all wrong. Here you finally get your dmesg with the original snapshot kernel. Sorry for the inconvenience once again. As exprected the mouse-warp problem persisted: 1,2c1,2 OpenBSD 4.7-current (GENERIC) #14: Wed Jun 2 10:45:51 MDT 2010 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC --- OpenBSD 4.7-current (sys) #0: Wed Jun 2 17:04:24 CEST 2010 madro...@pundit:/var/obj/sys 4c4 avail mem = 1029517312 (981MB) --- avail mem = 1029640192 (981MB) 15c15 cpu0: AMD Sempron(tm) Processor 3000+, 1795.70 MHz --- cpu0: AMD Sempron(tm) Processor 3000+, 1795.71 MHz OpenBSD 4.7-current (GENERIC) #14: Wed Jun 2 10:45:51 MDT 2010 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 1071841280 (1022MB) avail mem = 1029517312 (981MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf04b0 (57 entries) bios0: vendor American Megatrends Inc. version 0603 date 03/31/2006 bios0: ASUSTeK Computer INC. K8S-MV-P acpi0 at bios0: rev 2 acpi0: tables DSDT FACP APIC OEMB acpi0: wakeup devices PS2K(S4) PS2M(S4) EUSB(S4) USB_(S4) USB2(S4) USB3(S4) AC97(S4) MC97(S4) PCI1(S4) PCI2(S4) MAC_(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Sempron(tm) Processor 3000+, 1795.70 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 128KB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: AMD erratum 89 present, BIOS upgrade may be required cpu0: apic clock running at 199MHz ioapic0 at mainbus0: apid 1 pa 0xfec0, version 14, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (P0P1) acpiprt2 at acpi0: bus 2 (P0P6) acpiprt3 at acpi0: bus 3 (P0P7) acpicpu0 at acpi0: PSS aibs0 at acpi0 acpibtn0 at acpi0: PWRB cpu0: Cool'n'Quiet K8 1795 MHz: speeds: 1800 1000 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 SiS 760 PCI rev 0x03 agp at pchb0 not configured ppb0 at pci0 dev 1 function 0 SiS 86C202 VGA rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 NVIDIA GeForce FX 5200 rev 0xa1 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 2 function 0 SiS 965 ISA rev 0x48 pciide0 at pci0 dev 2 function 5 SiS 5513 EIDE rev 0x01: 760: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: TSSTcorp, DVD-ROM SH-D162C, TS04 ATAPI 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 disabled (no drives) auich0 at pci0 dev 2 function 7 SiS 7012 AC97 rev 0xa0: apic 1 int 18 (irq 11), SiS7012 AC97 ac97: codec id 0x41445368 (Analog Devices AD1888) ac97: codec features headphone, 20 bit DAC, No 3D Stereo audio0 at auich0 ohci0 at pci0 dev 3 function 0 SiS 5597/5598 USB rev 0x0f: apic 1 int 20 (irq 5), version 1.0, legacy support ohci1 at pci0 dev 3 function 1 SiS 5597/5598 USB rev 0x0f: apic 1 int 21 (irq 10), version 1.0, legacy support ohci2 at pci0 dev 3 function 2 SiS 5597/5598 USB rev 0x0f: apic 1 int 22 (irq 5), version 1.0, legacy support ehci0 at pci0 dev 3 function 3 SiS 7002 USB rev 0x00: apic 1 int 23 (irq 10) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 SiS EHCI root hub rev 2.00/1.00 addr 1 se0 at pci0 dev 4 function 0 SiS 190 rev 0x00: apic 1 int 19 (irq 5), address 00:15:f2:64:0c:83 rlphy0 at se0 phy 1: RTL8201L 10/100 PHY, rev. 1 pciide1 at pci0 dev 5 function 0 SiS 182 SATA rev 0x01: DMA pciide1: using apic 1 int 17 (irq 10) for native-PCI interrupt wd0 at pciide1 channel 0 drive 0: SAMSUNG SP2504C wd0: 16-sector PIO, LBA48, 238475MB, 488397168 sectors wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 6 ppb1 at pci0 dev 6 function 0 SiS PCI-PCI rev 0x00 pci2 at ppb1 bus 2 ppb2 at pci0 dev 7 function 0 SiS PCI-PCI rev 0x00 pci3 at ppb2 bus 3 pchb1 at
Re: mouse cursor keeps jumping up and left in latest snapshot
On 06/03/10 17:12, David Coppa wrote: On Thu, Jun 3, 2010 at 4:46 PM, Christopher Zimmermann madro...@zakweb.de wrote: Hello, today I upgraded my system to the latest snapshot from some -current version end of april. Now in all gtk application my mouse cursor often jumps to the upper and/or left edge of the screen (not of the application window). I already recompiled gtk+2 and some of the gtk2 applications, but it did not help. Does anyone else have a similar experience? Any ides? The only idea I have is reinstalling the whole system :( I think you have hit the mouse warping problem that is being worked on by our kernel hackers (yes, it's kernel stuff...) Are you sure this is a problem in kernel? Christopher Linn and I only experience this problem with gtk2 apps. How could the kernel know wether the current focus is on a gtk2 window? Any idea how I could help to track this down? Christopher
Re: How to work around this compiler bug
Hi, I got another problem compiling some strange C++ code with gcc 3.5; still from opal: std::string a(std::string(A::Class())); results in: error: cannot use `::' in parameter declaration the actual code in opal looks like this: #define OPAL_DEFINE_COMMAND(command, entity, func) \ class entity##_##command : public command \ { \ public: virtual void Process(OpalPresentity presentity) { dynamic_castentity (presentity).func(*this); } \ }; \ static PFactoryOpalPresentityCommand::Workerentity##_##command \ s_entity##_##command(PDefaultPFactoryKey(entity::Class())+typeid(command).name()) I have no clue what this is actually about. So I would be really happy if someone could help me out in changing this piece of code into something gcc 3.5 understands. Christopher
Re: How to work around this compiler bug
On 05/20/10 15:52, Landry Breuil wrote: On Thu, May 20, 2010 at 3:18 PM, Christopher Zimmermann madro...@zakweb.de wrote: Hi, I got another problem compiling some strange C++ code with gcc 3.5; still from opal: Again... what are you trying to achieve ? What's wrong with net/opal and x11/gnome/ekiga ports/packages ? I'm doing some work on opal and would like to do it on OpenBSD. Formerly I did it on Debian. What I worked on was improving the SBC codec, adding stereo support to opal and g711 PLC. Compiling with the 4.2 g++ from ports works fine, but then even the ptlib hello world sample fails at runtime. Using gcc 3.5 at least this ptlib sample works fine. Cheers, Christopher
Re: [SOLVED] How to work around this compiler bug
Hey, I could work around this issue. Thanks for you help so far!! If you are interested see below. On 05/20/10 15:54, Marc Espie wrote: On Thu, May 20, 2010 at 03:18:39PM +0200, Christopher Zimmermann wrote: There's no gcc 3.5. ok, that's true, its 3.3.5 of course. std::string a(std::string(A::Class())); results in: error: cannot use `::' in parameter declaration gcc 3.3.5 can't understand chains of constructors relying on temporaries, use intermediate variables. I think I got that. e.g., A::Class tmp; std:string a(tmp); Class() is a method of every class in ptlib/opal, which just returns a string as identifier for that class. (See below for the code) So declaring A::Class tmp does not really make sense, does it? (the double std::string is non-sensical, btw) As I said, I tried to strip down the offending code as much as possible to find out what the compiler is actually complaining about. The original snippet of code looked like this: SNIP === #define OPAL_DEFINE_COMMAND(command, entity, func) \ class entity##_##command : public command \ { \ public: virtual void Process(OpalPresentity presentity) { dynamic_castentity (presentity).func(*this); } \ }; \ static PFactoryOpalPresentityCommand::Workerentity##_##command \ s_entity##_##command(PDefaultPFactoryKey(entity::Class())+typeid(command).name()) SNIP === As I understand it now, the compiler would need to create a temporary instance of 'entity' to make the call to ::Class(), but gcc 3.3.5 is not able to do this? I now tried to fix it this way: SNIP === #define OPAL_DEFINE_COMMAND(command, entity, func) \ class entity##_##command : public command \ { \ public: virtual void Process(OpalPresentity presentity) { dynamic_castentity (presentity).func(*this); } \ }; \ entity tmp; \ static PFactoryOpalPresentityCommand::Workerentity##_##command \ s_entity##_##command(PDefaultPFactoryKey(tmp.Class())+typeid(command).name()) OPAL_DEFINE_COMMAND(OpalSetLocalPresenceCommand, OpalPresentity, Internal_SendLocalPresence); SNIP === this doesn't work because: `OpalPresentity::OpalPresentity()' is protected within this context cannot declare variable `tmp' to be of type `OpalPresentity' because the following virtual functions are abstract: virtual bool OpalPresentity::Open() virtual bool OpalPresentity::IsOpen() const virtual bool OpalPresentity::Close() I'm willing to help, but can you at least double check what you type ? Now anyway this is where the ::Class() method is defined: SNIP === #define PCLASSINFO(cls, par) \ public: \ typedef cls P_thisClass; \ static inline const char * Class() \ { return #cls; } \ SNIP === Since PCLASSINFO gets called with the 'OpalPresenty' as parameter for 'cls' I could just remove the 'entity::Class()' thingy and replace it by '#entity': SNIP === #define OPAL_DEFINE_COMMAND(command, entity, func) \ class entity##_##command : public command \ { \ public: virtual void Process(OpalPresentity presentity) { dynamic_castentity (presentity).func(*this); } \ }; \ static PFactoryOpalPresentityCommand::Workerentity##_##command \ s_entity##_##command(PDefaultPFactoryKey(#entity)+typeid(command).name()) SNIP === g, that was too easy. I tried to fix this for several days now. Sometimes you just need to know where to look. Anyway thank you very much for your inspiration ;) Cheers, Christopher
Re: openfile advice / clarification
Hi, I got another question regarding this matter. How is the openfile count accounted for? Is it per process, per user, per shell? How does this work? I recently had problems when running rtorrent, which used about 100 file descriptors (sockets). Pjsua then failed with Too many open files (sockets, too), although it should not use more then three sockets. I also once increased openfile-cur to 1024 for one shell, started an appilcation using many sockets (200) and then applications on other shells with openfile-cur=128 would fail. Christopher
Re: openfile advice / clarification
On 05/07/10 11:20, Otto Moerbeek wrote: There is an overall system limit, set with sysctl kern.maxfiles=n, current in-use fds can be displayed with sysctl kern.nfiles. There is also a per-process limit. Processes inherit the limits from the parent process, but can change the lmits via system calls (with restrictions for non-seuperuser processes). Reading what you described above, it looks like you hit the system-wide limit. Ok, so two processes started from the same shell won't take away descriptors from each other? for example: $ ulimit -n 50 $ use_40_fds $ use_maby_fds # - this process can use 10 or 50 fds ?? thanks, Christopehr
Re: How to work around this compiler bug
On Sat, 1 May 2010 14:11:22 +0200 Marc Espie wrote: On Sat, May 01, 2010 at 11:39:00AM +0200, Christopher Zimmermann wrote: Hi, the following piece of code compiles fine using g++ 4.2.4, but fails using g++ 3.3.5 in the base system: error: operands to ?: have different types It is part of ptlib, which is the base library for opal, which in turn is needed for ekiga, which I'm trying to port. What is your suggestion? Can anyone think of a workaround for this or should I just compile it using eg++ 4.2.4 ? Christopher #includeerr.h #define WarnIfNULL(x) ((x) ? (x) : (warn(blub),(x))) class A { protected: int a; }; class B : A { public: void blub() { WarnIfNULL(A::a); } }; Why do some C++ programmer still use macros where they're not needed ? bunch of idiots, let them stay with C. #includeerr.h templatetypename T inline T WarnIfNULL(T x) { if (!x) warn(blub); return x; } class A { protected: int a; }; class B : A { public: void blub() { WarnIfNULL(A::a); } }; ok, thanks. That seems to be the solution, still I have to wrap it in a macro, because I need __LINE__, __FILE__, __CLASS__...
Re: [SOLVED] How to work around this compiler bug
ok, thanks everyone. Problem is solved and I even learned some things, too. Christopher
How to work around this compiler bug
Hi, the following piece of code compiles fine using g++ 4.2.4, but fails using g++ 3.3.5 in the base system: error: operands to ?: have different types It is part of ptlib, which is the base library for opal, which in turn is needed for ekiga, which I'm trying to port. What is your suggestion? Can anyone think of a workaround for this or should I just compile it using eg++ 4.2.4 ? Christopher #includeerr.h #define WarnIfNULL(x) ((x) ? (x) : (warn(blub),(x))) class A { protected: int a; }; class B : A { public: void blub() { WarnIfNULL(A::a); } };
Re: SiS190 driver: finished.
On Wed, 9 Dec 2009 23:13:57 -0500 Brad wrote: Since the driver at the moment only supports the SiS 190 Fast Ethernet chipset then it would be pretty strange to name the driver in such a manner to explicitly mention Gigabit. I think se(4) would be Ok to use. Having this driver would be a good thing and I think it would be good if you could continue renaming the driver and doing enough clean up to get it into a state to be commited to the tree. ok. I renamed it to se and cleaned it to conform to style(9). The only deviation I kept is that the registers names are not all lower case. Manpage still needs to be written. I tested this now for quite a while on my computer I use daily, but I am not able to do high load tests, because I use it as interface for my pppoe0 connection. I don't have a second box to test against. Here's a diff against current: Index: arch/amd64/conf/GENERIC === RCS file: /cvs/src/sys/arch/amd64/conf/GENERIC,v retrieving revision 1.288 diff -u -p -r1.288 GENERIC --- arch/amd64/conf/GENERIC 28 Mar 2010 17:04:27 - 1.288 +++ arch/amd64/conf/GENERIC 2 Apr 2010 11:14:42 - @@ -436,6 +436,7 @@ vr* at pci?# VIA Rhine ethernet #wb*at pci? # Winbond W89C840F ethernet sf* at pci?# Adaptec AIC-6915 ethernet sis*at pci? # SiS 900/7016 ethernet +se* at pci?# SiS 190/191 ethernet #ste* at pci? # Sundance ST201 ethernet BORKED pcn* at pci?# AMD PCnet-PCI Ethernet dc* at pci? # 21143, tulip clone ethernet Index: dev/pci/files.pci === RCS file: /cvs/src/sys/dev/pci/files.pci,v retrieving revision 1.270 diff -u -p -r1.270 files.pci --- dev/pci/files.pci 23 Feb 2010 18:43:15 - 1.270 +++ dev/pci/files.pci 2 Apr 2010 11:14:43 - @@ -467,6 +467,11 @@ device sis: ether, ifnet, mii, ifmedia attach sis at pci file dev/pci/if_sis.csis +# SiS 190/191 ethernet +device se: ether, ifnet, mii, ifmedia +attach se at pci +filedev/pci/if_se.c se + # Sundance ST201 ethernet device ste: ether, ifnet, mii, ifmedia attach ste at pci Index: dev/pci/if_se.c === RCS file: dev/pci/if_se.c diff -N dev/pci/if_se.c --- /dev/null 1 Jan 1970 00:00:00 - +++ dev/pci/if_se.c 2 Apr 2010 11:14:44 - @@ -0,0 +1,1425 @@ +/*- + * Copyright (c) 2009, 2010 Christopher Zimmermann madro...@zakweb.de + * Copyright (c) 2007, 2008 Alexander Pohoyda alexander.poho...@gmx.net + * Copyright (c) 1997, 1998, 1999 + * Bill Paul wp...@ctr.columbia.edu. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + *notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + *notice, this list of conditions and the following disclaimer in the + *documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + *must display the following acknowledgement: + * This product includes software developed by Bill Paul. + * 4. Neither the name of the author nor the names of any co-contributors + *may be used to endorse or promote products derived from this software + *without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS IS'' + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL AUTHORS OR + * THE VOICES IN THEIR HEADS BE LIABLE FOR ANY DIRECT, INDIRECT, + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include sys/cdefs.h + +/* + * SiS 190 Fast Ethernet PCI NIC driver. + * + * Adapted to SiS 190 NIC by Alexander Pohoyda based on the original + * SiS 900 driver by Bill Paul, using SiS 190/191 Solaris driver by + * Masayuki Murayama and SiS 190/191 GNU/Linux driver by K.M. Liu + * km...@sis.com. Thanks to Pyun YongHyeon pyu...@gmail.com for + * review and very
Re: SiS190 driver: finished.
sorry for the cross post. The mail was supposed to go only to tech. It seems like I and my mail client are a bit confused today... Christopher
Re: gnu grep -o flag
On Wed, 24 Mar 2010 19:00:06 +0200 Gregory Edigarov wrote: Hello Everybody, Just wonder how could one implement what gnu grep -o flag does using our toolchain? from ggrep(1): -o, --only-matching Show only the part of a matching line that matches PATTERN. maybe try this: sed -n -e 's/.*\(PATTERN\).*/\1/ -e /PATTERN/p
Re: gnu grep -o flag
On Wed, 24 Mar 2010 13:06:12 -0700 Philip Guenther wrote: On Wed, Mar 24, 2010 at 10:17 AM, Christopher Zimmermann madro...@zakweb.de wrote: On Wed, 24 Mar 2010 19:00:06 +0200 Gregory Edigarov wrote: Just wonder how could one implement what gnu grep -o flag does using our toolchain? from ggrep(1): -o, --only-matching Show only the part of a matching line that matches PATTERN. maybe try this: sed -n -e 's/.*\(PATTERN\).*/\1/ -e /PATTERN/p Hmm, missing quote, and the expressions can be combined, but as a portable solution this is indeed the right answer. sed -n -e 's/.*\(PATTERN\).*/\1/p' right. This one looks nicer. If you need extended (egrep-style) regexps, then the most portable solution is a chunk of awk (left as an exercise for the student); the less-portable-but-works-in-4.7 solution is to use -E option to sed: sed -n -E 's/.*(PATTERN).*/\1/p' sed -E !?! Great! Now I know why I upgraded to -current.
ftp-proxy for outgoing connection
Hi, my -current firewall is configured to block all in, block all out and allow only certain outbound connections. Now I want to allow outbound ftp connections. I read ftp-proxy(8) and http://openbsd.org/faq/pf/ftp.html#client. As I understand it, ftp-proxy could be used to create rules for inbound and outbound connections on 4.6. Now on -current the rdr keyword is missing from the pf.conf syntax. Instead ftp-proxy(8) suggests using rdr-to, but this only works for inbound connections. Is it possible to allow ftp connections from a local client to public ftp serves on the internet? Possibly by using ftp-proxy? Kind regards, Christopher
Re: ftp-proxy for outgoing connection
On Fri, 12 Mar 2010 00:23:00 + (UTC) Stuart Henderson wrote: On 2010-03-11, Christopher Zimmermann madro...@zakweb.de wrote: Hi, my -current firewall is configured to block all in, block all out and allow only certain outbound connections. Now I want to allow outbound ftp connections. I read ftp-proxy(8) and http://openbsd.org/faq/pf/ftp.html#client. As I understand it, ftp-proxy could be used to create rules for inbound and outbound connections on 4.6. Now on -current the rdr keyword is missing from the pf.conf syntax. Instead ftp-proxy(8) suggests using rdr-to, but this only works for inbound connections. Is it possible to allow ftp connections from a local client to public ftp serves on the internet? Possibly by using ftp-proxy? I suspect your understanding of inbound is from the viewpoint of your network; PF doesn't care about that at all, it's only concerned with whether a packet is inbound or outbound to a particular interface. ok, thanks. Thats clear. I don't have a whole net. Its just a single workstation, using pppoe0 to reach the internet. So the ftp client is running on the firewall, not behind it. The packets will be outbound on my pppoe0, but not inbound any any interface, will they? rdr only works for inbound connections too. As I unterstood it, it works _only_ for inbound connections. A rule like the following works just fine for a ftp connection from a local client to a public ftp server: pass in quick log on {lan, wifi, natted} inet proto tcp \ to port 21 rdr-to 127.0.0.1 Isn't this just the example from the default pf.conf with on {...} added and port 8021 left away? After reading http://www.openbsd.org/faq/current.html#20090901 it seems to me that it is in fact not possible at the moment to use a ftp-client on a firewall until the current restrictio on rdr-to in pfctl will be removed. Is this true? Chrisotpher
include sys/cdefs.h in sys/mmap.h
Hi! I just got some errors while trying to compile ptlib: error: type specifier omitted for parameter `size_t' [...] They resulted from size_t not being defined in sys/mmap.h I could fix this problem by including sys/types.h instead of sys/cdefs.h in sys/mmap.h Is this a problem of ptlib, which should not directly include mmap.h or should this possibly be fixed in OpenBSD? Christopher [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
how do I do a rename(1) ?
Hi! I'm missing the http://linux.die.net/man/1/rename command in OpenBSD. Preferably with regex support like in Debian. Is there a similar tool or a port containing this tool? I couldn't find any. I often use this to do things like: rename .jpg .jpeg *.jpg or $ ls 10_bulb 11_funny 12_things 1_foo 2_bar 3_blub ... 9_foobar $ rename '' 0 ?_* $ ls 01_foo 02_bar 03_blub ... 09_foobar 10_bulb 11_funny 12_things to let ls sort the files numerically. Cheers, Christopher [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: how do I do a rename(1) ?
On Sat, 16 Jan 2010 14:16:49 +0059 Han Boetes h...@mijncomputer.nl wrote: Christopher Zimmermann wrote: I'm missing the http://linux.die.net/man/1/rename command in OpenBSD. Ehm. ~% uname -a Linux marsupilami 2.6.31-16-generic #53-Ubuntu SMP Tue Dec 8 04:02:15 UTC 2009 x86_64 GNU/Linux ~% which rename /usr/bin/rename ~% file /usr/bin/rename /usr/bin/rename: symbolic link to `/etc/alternatives/rename' ~% ls -l /etc/alternatives/rename lrwxrwxrwx 1 root root 16 2009-12-28 16:33 /etc/alternatives/rename - /usr/bin/prename ~% file /usr/bin/prename /usr/bin/prename: a /usr/bin/perl -w script text executable Copy it. That was easy. Thanks! # Han [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: ComixWall terminated [WAS: ComixWall 4.6 released, December 8, 2009]
On Wed, 9 Dec 2009 10:37:01 -0700 Bob Beck b...@ualberta.ca wrote: COMIXWALL isn't a fork, its just a preinstalled configuration panel for OpenBSD and a collection of nice utilities. So it belongs as a a port then. Not as a distibution - and not sending release announcements to OpenBSD lists. as you wish. let's call it a port. Do we see release announcements here for other new ports? I'm quite new to OpenBSD, but I already read a few NEW: and UPDATED: announcements on the -ports mailing list. Anyway, comixwall is not a part of the official ports tree. So the release announcements of comixwall should not go into the ports list either. I had a second look at the descriptions of the mailing lists: misc User questions and answers, general questions. This is the most active list. Please, read the FAQ and the installation documents, and see How to report a Problem before posting. advocacy Promoting the use of OpenBSD. Non-technical discussions in misc often get shunted here. So as I read this announcements of projects trying to promote OpenBSD can (and should) go into the advocacy list. misc is only for user questions, general questions. Asking for translators might fit in here. Still as comixwall is trying to promote OpenBSD the request may fit better into the advocacy list. The only problem is the advocacy list is quite dead. So the decision to post the announcement of ComixWall to the misc list does not seem too stupid to me. Do we see release announcements on our lists for Firefox? comixwall is developed to make using OpenBSD easier. It's only project goal is to prove that it is possible to create high quality, free and open source ISG based on OpenBSD (cited from the comixwall homepage). So I would say its relevance for OpenBSD users (the audience of this list) is much higher than firefox releases. * Release Announcements For things that are not OpenBSD do not belong on OpenBSD lists * - We don't tell people who have other ported applications that run on openbsd to spew every release announcement over our lists - why should ComixWall be any different? According to the archives at MARC there were exactly two release announcements of comixwall on this list. One in 2008 and one in 2009. This is not exactly the amount it takes to pollute a mailing list. This stupid thread did already produce enough noise to make up for 7 years of comixwall release announcements. I know I just added some additional noise, still I would be glad to see this issue settled in a non-destructive way. OpenBSD is a great OS and ComixWall enables many people to use it. I don't see any reason why the two projects should not be able to cooperate. Christopher Zimmermann
Re: ComixWall terminated [WAS: ComixWall 4.6 released, December 8, 2009]
On Wed, 9 Dec 2009 13:38:56 -0500 Jason Dixon ja...@dixongroup.net wrote: How does the announcement of new releases for ComixWall help OpenBSD? It helps in promoting OpenBSD. And this is the official purpose of the advocasy mailing list. So I think that announcements of ComixWall releases could go into the advocasy list. Is this a false conclusion? If not Soner Tari could go on with his project and post his announcements to the advocacy list. Anyway, since the advocascy list is dead, the two announcements to misc should not be censured in such a harsh way. How does abstraction of arguably the cleanest, easiest to learn UNIX, help OpenBSD? It helps in promoting OpenBSD. Promoting OpenBSD will make OpenBSD more widely known. This will attract more possible developers. They will write code for OpenBSD. This will help OpenBSD. I know I just added some additional noise, still I would be glad to see this issue settled in a non-destructive way. It is settled. You're whining. If this is true, it's a pity. Then comixwall just died. I still hope this issue can be settled in a NON-DESTRUCTIVE way. And yes. I AM WHINING. It bothers me when people destroy such a huge amount of good work just because of a stupid attack of bad mood. OpenBSD is a great OS and ComixWall enables many people to use it. I don't see any reason why the two projects should not be able to cooperate. Because they are not cooperative projects. OpenBSD doesn't need ComixWall. OpenBSD is Free, Functional and Secure(*). (*) And easy. Right. And the devil may care. Not helping comixwall by bearing one release announcement per year is not lazy, not even selfish, its just PLAIN FUCKING STUPID!
Re: ComixWall terminated [WAS: ComixWall 4.6 released, December 8, 2009]
On Wed, 9 Dec 2009 20:43:59 +0100 Martin Schr__der mar...@oneiros.de wrote: 2009/12/9 Christopher Zimmermann madro...@zakweb.de: On Wed, 9 Dec 2009 13:38:56 -0500 Jason Dixon ja...@dixongroup.net wrote: How does the announcement of new releases for ComixWall help OpenBSD? It helps in promoting OpenBSD. And this is the official purpose of the advocasy mailing list. I seriously doubt that Theo sells any cd more because of ComixWall. And sale of cds is what ultimately counts as promoting OpenBSD. I can't find Tari's name on http://www.openbsd.org/donations.html, nor can I find a link to there from http://comixwall.org While I applaud him for his effort and think this is a great thing, he hides OpenBSD quite well. He links several times to openbsd. Try clicking on the OpenBSD 4.6 cover displayed on the main page. Since Soner Tari does not sell his project he could easily link to the donations page if asked. I still hope this issue can be settled in a NON-DESTRUCTIVE way. Same here. The efforts of Comixwall should be folded into OpenBSD. Now that would be great of course. Do you think it would be possible to distribute comixwall as several ports in the ports tree? Only installation would become a bit more difficult. But this should not be a big deal. It's just a pity that the constructive proposals come only after people already gave up
Re: Dual boot stable and current
On Fri, 4 Dec 2009 14:04:30 +1100 Aaron Mason simplersolut...@gmail.com wrote: On Fri, Dec 4, 2009 at 12:33 PM, Jonathan Thornburg jth...@astro.indiana.edu wrote: Christopher Zimmermann madroach () zakweb ! de asked is it possible to install two OpenBSDs on the same disk? I'd like to try -current in a separate installation. Yes. The way I do it is to have a single fdisk partition containing the entire disk (or more generally, as much of it as I want to use for all OpenBSD stuff combined), then create two separate sets of OpenBSD root, var, and usr partitions inside that, sharing /home. That is, I have the following 'disklabel' partitions: wd0a root #1 /etc/fstab mounts root #1, var #1, usr #1, home wd0b swap wd0c entire disk wd0d root #2 /etc/fstab mounts root #2, var #2, usr #2, home wd0e var #1 wd0f var #2 wd0g usr #1 wd0h usr #2 wd0j home I use the standard OpenBSD bootloader, so by default the computer boots system #1. If I want to boot system #2, I just type boot wd0d:/bsd at the boot prompt. Note that the system #1 /etc/fstab mounts *only* the system #1 partitions and home: % cat /etc/fstab /dev/wd0a /ffs rw,softdep 1 1 /dev/wd0b /tmp mfs rw,async,nodev,nosuid,-s=2000 0 /dev/wd0e /var ffs rw,softdep,nodev,nosuid 1 2 /dev/wd0g /usr ffs rw,softdep,nodev1 2 /dev/wd0b /usr/tmp mfs rw,async,nodev,nosuid,-s=2000 0 /dev/wd0j /homeffs rw,softdep,noatime,nodev,nosuid 1 2 Similarly, the system #2 /etc/fstab mounts *only* the system #2 partitions and home: # mount -r /dev/wd0d /mnt # cat /mnt/etc/fstab /dev/wd0d /ffs rw,softdep 1 1 /dev/wd0b /tmp mfs rw,async,nodev,nosuid,-s=2000 0 /dev/wd0f /var ffs rw,softdep,nodev,nosuid 1 2 /dev/wd0h /usr ffs rw,softdep,nodev1 2 /dev/wd0b /usr/tmp mfs rw,async,nodev,nosuid,-s=2000 0 /dev/wd0j /homeffs rw,softdep,noatime,nodev,nosuid 1 2 # The two OpenBSD installations are entirely separate, and may be as different as desired. (For example, the laptop on which I'm typing this has #1 = 4.6-stable and #2 = 4.4-stable.) A couple of important notes if you decide to try this: First, the standard OpenBSD install hard-codes a as the root partition. So... at the (I)nstall, (U)pgrade or (S)hell? prompt, type s to get a shell, then # ed install.sub $-1(go to the 2nd-to-last-line) s/a/d/ (change the 'a' to a 'd') w (write the memory buffer back to the file) q (quit the ed editor) (maybe follow with 'more install.sub' to confirm that all went well) OpenBSD will how happily install with root on the wd0d partition. [An alternative is to install what you want to wind up in #2 to the #1 partitions, use dump|restore or tar|tar to copy these to the #2 partitions (as per FAQ 10.2), run installboot(8) to fixup booting to the #2 partitions, then reinstall what you really want to #1.] Finally, and most important of all, *don't* try this unless you know what you're doing! Playing around with partitions this way works fine if you do things correctly, but mistakes can easily scramble your disk (more accurately, the data on it). In particular, don't try this until you grok the FMs disklabel(8), fstab(5), installboot(8). And have a full backup *before* you try it... -- -- Jonathan Thornburg [remove -animal to reply] jth...@astro.indiana-zebra.edu Dept of Astronomy, Indiana University, Bloomington, Indiana, USA If the triangles made a god, it would have three sides. -- Voltaire I believe Josh Grosse has the right idea - if your system supports booting of USB drives, $5 will buy a 1gb stick that is more than adequate for running OpenBSD on. OK, I get it. I thought root always had to be 'a'. But being able to use the same disklabel for both installations is even better than using two separate disklabels. Thanks for the hints and tips! Christopher
Dual boot stable and current
Hi, is it possible to install two OpenBSDs on the same disk? I'd like to try -current in a separate installation. As I understand disklabels I would need separate disklabels for each installation, because I need two separate root 'b' partitions. So I would create two fdisk partitions one for each system, and the two disklabels would be stored on the LBR of these partitions. Is this the way to go? Is it a bad idea? Any pitfalls? Cheers, Christopher [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Dual boot stable and current
On Thu, 3 Dec 2009 14:35:27 -0500 Josh Grosse j...@jggimi.homeip.net wrote: Yes it is possible, but not in the way you outline. A single disk can only have one disklabel, regardless of the number of MBR partitions... and only a single, A6 MBR partition should be configured. Is this really true? As I understand the disklabel will be stored in the partition boot record? I just have to make sure the kernel selects the right disklabel. I assume OpenBSD automatically selects the one from the active partition? Why only a single A6 partition? You can have multiple systems installed in different disklabel partitions, however. e.g. You could install -current into, for example, wd0p. Then, at the boot prompt, just do something like boot hd0p/bsd -a, and respond with wd0p as your root kernel. Ok, that's what I would have done with linux. But on BSD this violates against the a is root rule. Will this cause trouble? If not the rest should be easy. Note that the bsd.rd installation script will reformat and use the a partition as the root partition, and this is outside of operator control. This will be a problem. You must either relabel partitions with disklabel(8) or modify the scripts. (Note also that relabelling mounted on a running system is a very bad idea. Do it when running bsd.rd, so that root partitions are unmounted, if you choose this method.) The -easiest- way to multiboot two OpenBSD systems is to use a second disk (even a USB stick). that's surely true, but I have neither one handy. [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Limit speed of dvd-drive
On Wed, 2 Dec 2009 21:11:14 + (UTC) Stuart Henderson s...@spacehopper.org wrote: On 2009-12-01, Jacob Meuser jake...@sdf.lonestar.org wrote: On Tue, Dec 01, 2009 at 05:11:03PM -0500, Dope Ice Apollyon the Third wrote: On Tue, Dec 1, 2009 at 5:10 AM, Christopher Zimmermann madro...@zakweb.de wrote: Hi! I'm searching for the OpenBSD equivalent to 'hdparm -E' which sets the drive speed of a cd/dvd drive. Google did only find an old post without replies. Is there a way to do this in OpenBSD? Christopher If it was possible I would have expected cdio(1) to mention it; it can pick write but not read speed, so I guess you're out of luck. there are DMA/PIO flags for atapiscsi(4), but I don't know if that's really what the OP is looking for. more likely looking for controls to restrict the rate at which the disk spins, maybe to make it quieter, or slightly less unsafe if you have to try and recover data from a damaged disk. exactly. I want it more quiet. [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Limit speed of dvd-drive
Hi! I'm searching for the OpenBSD equivalent to 'hdparm -E' which sets the drive speed of a cd/dvd drive. Google did only find an old post without replies. Is there a way to do this in OpenBSD? Christopher [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]