Re: pcengines apu boards

[Christopher Zimmermann]

On 2017-11-30 "Paul B. Henson"  wrote:
> > From: Base Pr1me
> > Sent: Thursday, November 30, 2017 2:08 PM
> > 
> > I run 5 apu2 devices with no problems. I don't have any apu3 devices ... 
> > yet.  
> 
> Thanks for the feedback. Do you by any chance have any USB type Mini PCI 
> cards installed internally? I initially noticed the issue with a mini PCI LTE 
> modem card. Then I realized it was a more generic USB problem; I believe the 
> apu2 has USB1 and USB2 ports, the apu3 has two USB3 ports externally, and 
> then the mini PCI and a couple of internal headers are USB2. The USB3 ports, 
> using the xHCI driver, work fine, I suppose in the worst case I could use an 
> external Mini PCI to USB adapter and plug the card in outside of the case, 
> but that just seems so kludgy .
> 
> I actually found a friend locally who had a apu2 board, he couldn't get the 
> LTE card to work on the internal mini PCI slot, which also appeared to be 
> EHCI based, and it would sometimes work and sometimes not plugged into the 
> external USB ports. It was really weird, when plugged into the same external 
> port, sometimes the device would show up on the EHCI bus (and not work) and 
> sometimes it would show up on the OHCI bus (and work). He didn't seem to have 
> any trouble with USB flash drives on the EHCI bus on his apu2 though.
> 
> 


Hi,

I have the same problem and have tried to hunt the bug, but failed so
far. Have you already identified the quirks linux and freebsd use to
fix this problem?

Christopher


-- 
http://gmerlin.de
OpenPGP: http://gmerlin.de/christopher.pub
2779 7F73 44FD 0736 B67A  C410 69EC 7922 34B4 2566

Fix carp FAQ: net.inet.carp.preempt is not necessary for group demotion failover

[Christopher Zimmermann]

Hi,

if I read the code correctly, the demotion counter would only _prevent_
preemptive failover if the preempting master was demoted.
A demoted master would failover to a less demoted backup no matter what
the advbase / advskew timing says.

The relevant code is following sys/netinet/ip_carp.c:665.

Here's the diff:

--- carp.html.orig  Sun Nov 12 11:26:42 2017
+++ carp.html   Sun Nov 12 11:33:05 2017
@@ -194,8 +194,12 @@
 By default, all carp(4) interfaces are added to the carp group.
 Each group has a carpdemote counter affecting all carp(4)
 interfaces belonging to that group.
-As described below, it can be useful to group certain interfaces together
-for failover purposes.
+This enables failing over the whole group of interfaces in the event that
+one interface goes down.
+If one physical CARP-enabled interface goes down, CARP will increase
+the demotion counter, carpdemote, by 1 on interface groups that
+the carp(4) interface is a member of, in effect causing all group
+members to fail-over together.
 
 ipaddress
 This is the shared IP address assigned to the redundancy group.
@@ -219,12 +223,6 @@
 net.inet.carp.preempt
 Allow hosts within a redundancy group that have a better
 advbase and advskew to preempt the master.
-In addition, this option also enables failing over a group of interfaces
-together in the event that one interface goes down.
-If one physical CARP-enabled interface goes down, CARP will increase
-the demotion counter, carpdemote, by 1 on interface groups that
-the carp(4) interface is a member of, in effect causing all group
-members to fail-over together.
 net.inet.carp.preempt is 0 (disabled) by default.
 
 net.inet.carp.log
@@ -414,7 +412,7 @@
 Configure fw1:
 
 
-! enable preemption and group interface failover
+! enable preemption
 # sysctl net.inet.carp.preempt=1
 # echo 'net.inet.carp.preempt=1' >> /etc/sysctl.conf
 
@@ -437,7 +435,7 @@
 Configure fw2:
 
 
-! enable preemption and group interface failover
+! enable preemption
 # sysctl net.inet.carp.preempt=1
 # echo 'net.inet.carp.preempt=1' >> /etc/sysctl.conf



-- 
http://gmerlin.de
OpenPGP: http://gmerlin.de/christopher.pub
2779 7F73 44FD 0736 B67A  C410 69EC 7922 34B4 2566


pgpLk4KwkZ2vJ.pgp
Description: OpenPGP digital signature

Re: spamd and network whitelisting

[Christopher Zimmermann]

On 2016-12-16 Clint Pachl  wrote:

[...]
> What would be
> best is if we could blacklist these spammers upon first connection

I also wanted to just-in-time decisions, but with dnswl lookups.
I wrote a program to intercept incoming, unknown smtp connections and
do a dnswl lookup to whitelist them just in time. You could do the same
for blacklisting, but only for lookups based on ip because the program
looks only at the initial syn packet.
For me this helped a lot to deliver mails faster which would otherwise
be delayed in the greytrap, or even get stuck, because they come from
smtp pools.


here are the pf rules:
pass in on egress inet proto tcp to (self) port smtp flags S/SA no state
divert-packet port 25
pass in on egress inet proto tcp from  to (self) port smtp keep
state rdr-to 127.0.0.1 port spamd
pass in log (to pflog1) on egress proto tcp from { }
to port smtp keep state

and here's the C program. It still has lots of dead debugging code.:

#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 
#include 


#define DEBUG 0

#define DIVERT_PORT 25

#define NSTATES 10

struct dns_header {
uint16_tid;
uint16_tflags;
#define QR 0x8000
#define OPCODE_MASK 0x7800
#define OPCODE_SHIFT 11
#define AA 0x0400
#define TC 0x0200
#define RD 0x0100
#define RA 0x0080
#define AD 0x0020
#define CD 0x0010
#define RCODE_MASK 0x000f
#define RCODE_SHIFT 0
uint16_tqdcount;
uint16_tancount;
uint16_tnscount;
uint16_tarcount;
};

struct dns_record {
uint16_ttype;
uint16_tclass;
uint32_tttl;
uint16_tlength;
};

struct state {
union {
struct in_addr in4;
struct in6_addr in6;
uint8_t octets[sizeof(struct in6_addr)];
} addr;
struct timespec timeout;
int af;
uint16_t dnskey;
} states[NSTATES];

void send_query(struct state *state, const char *question);
void process_response();

void enlist(struct state *state, int white);

int dnssock, pfdev;

const char *const whitelists[] = {
"list.dnswl.org",
"swl.spamhaus.org",
};

int main(int argc, char *argv[])
{
int i, ret;
time_t t;
struct sockaddr_in sin4;
struct sockaddr_in6 sin6;
struct group *group;
struct passwd *passwd;
struct pollfd fds[3];

tzset();

pfdev = open("/dev/pf", O_RDWR);
if (pfdev == -1) err(1, "open(\"/dev/pf\") failed");

ret = IPPROTO_DIVERT_INIT;
setsockopt(fds[1].fd, IPPROTO_IP, IP_DIVERTFL, , sizeof(ret));
setsockopt(fds[2].fd, IPPROTO_IPV6, IP_DIVERTFL, , sizeof(ret));

/* DNS */
if (res_init() == -1) err(1, "res_init");
assert(_res_ext.nsaddr_list[0].ss_family != 0);
fds[0].fd = dnssock = socket(_res_ext.nsaddr_list[0].ss_family,
   SOCK_DGRAM | SOCK_DNS, 0);
if (fds[0].fd == -1) err(1, "socket");

if (connect(fds[0].fd, (struct sockaddr *)&_res_ext.nsaddr_list[0],
_res_ext.nsaddr_list[0].ss_len) != 0)
err(1, "connect");

/* IPv4 divert */
memset(, 0, sizeof(sin4));
sin4.sin_family = AF_INET;
sin4.sin_port = htons(DIVERT_PORT);
sin4.sin_addr.s_addr = INADDR_ANY;
fds[1].fd = socket(AF_INET, SOCK_RAW, IPPROTO_DIVERT);
if (fds[1].fd == -1) err(1, "socket");
if (bind(fds[1].fd, (struct sockaddr *) , sizeof(sin4)) != 0)
err(1, "bind");

/* IPv6 divert */
memset(, 0, sizeof(sin6));
sin6.sin6_family = AF_INET6;
sin6.sin6_port = htons(DIVERT_PORT);
sin6.sin6_addr = in6addr_any;
fds[2].fd = socket(AF_INET6, SOCK_RAW, IPPROTO_DIVERT);
if (fds[2].fd == -1) err(1, "socket");
if (bind(fds[2].fd, (struct sockaddr *) , sizeof(sin6)) != 0)
err(1, "bind");

group = getgrnam("_spamd");
if (group == NULL) err(1, "getgrnam");
endgrent();
passwd = getpwnam("_spamd");
if (passwd == NULL) err(1, "getpwnam");
if (chroot("/var/empty") != 0) err(1, "chroot");
if (setgroups(0, NULL) != 0) err(1, "setgroups");
if (setgid(group->gr_gid) != 0) err(1, "setgid");
if (setuid(passwd->pw_uid) != 0) err(1, "setuid");

fds[0].events = POLLIN;
fds[1].events = POLLIN;
fds[2].events = POLLIN;

#if 0
states[0].af = AF_INET;
clock_gettime(CLOCK_MONOTONIC, [0].timeout);
states[0].timeout.tv_sec++;
states[0].addr.in4.s_addr = inet_addr("217.72.192.73");
fds[0].events |= POLLOUT;
#endif

while (1) {
char src[48], dst[48];
struct timespec timestamp;

#if DEBUG
for (i=0; i < 3; i++)
fprintf(stderr, "%d: fd:%d events:%hd revents:%hd\n",
i, fds[i].fd, fds[i].events, fds[i].revents);
fprintf(stderr, "Polling");
#endif
ret = -1;
for (i=0; i < NSTATES; i++)
if (states[i].af != 0 &&
(ret == -1 ||

Re: malloc openbsd awesomness

[Christopher Zimmermann]

On 2016-04-04 sven falempin  wrote:
> malloc.conf could be per process ?
>
> extern char *malloc_options;
> malloc_options = "H*>**>*";
>
> This would change the behavior of the program,
> not other ?

True



--
http://gmerlin.de
OpenPGP: http://gmerlin.de/christopher.pub
2779 7F73 44FD 0736 B67A  C410 69EC 7922 34B4 2566

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: groupdel 'command' don't remove group id

[Christopher Zimmermann]

On Wed, 16 Mar 2016 08:21:35 +0100 "Max Power"
 wrote:

> Find! Thank You Paul.
>
> in /etc/passwd [about user]
>
> testx:*:1001:1000::/home/testx:/usr/bin/false
>
> So I have no choice but to replace '1001' with '1000' ?

I like using the users (10) group as primary group for all human users.

> testx:*:1000:1000::/home/testx:/usr/bin/false Ok?
>
>
>
>
> > On Wed, Mar 16, 2016 at 07:10:09AM +0100, Max Power wrote:
> > | Hi Todd, guys.
> > |
> > | LogOut e reboot has been the first thing I have done,
> > | but nothing... gid is always there!
> > |
> > | The group not exist but gid: yes!
> > | # groups testx: group: can't find group 'testx'
> > | # id testx: uid=1001(testx) gid=1001 groups=1001,
> > | 1000(laboratory)
> >
> > The gid id reports here is the group that's configured in your
> > passwd file.  The line will look like this:
> >
> > testx:*:1001:1001:Test User:/home/testx:/bin/ksh
> > -
> >
> > That's the GID right there.  A user always has a login group that's
> > configed in /etc/passwd.  If you don't want this group to be used,
> > don't put users in it (either in /etc/group as additional groups or
> > in /etc/passwd as the login group).
> >
> > Cheers,
> >
> > Paul 'WEiRD' de Weerd
> >
> > | I just can not understand this!
> > | can someone please help me?
> > | Thanks.
> > |
> > | The same situation, with other deleted group, is on another
> > | server with OpenBSD 5.7 amd64.
> > |
> > | > A user's active groups are set at login time.  Removing a group
> > | > from the group file does not affect processes that are already
> > | > running.  If you logout and login again after removing the group
> > | > you should no longer be a member of the group.
> > | >
> > | >  - todd
> > |
> >
> > --
> >>[<++>-]<+++.>+++[<-->-]<.>+++[<+
> > +++>-]<.>++[<>-]<+.--.[-]
> >  http://www.weirdnet.nl/
>


--
http://gmerlin.de
OpenPGP: http://gmerlin.de/christopher.pub
2779 7F73 44FD 0736 B67A  C410 69EC 7922 34B4 2566

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: build an openbsd router/modem

[Christopher Zimmermann]

Hi,

I use GO-DSL-N151, a Zyxel based modem/router. The nice thing about the
Zyxel firmware is that it can do scheduling with four priority queues
in bridge mode.
I tag the packets with vlan prio tags and the modem, which is the
bottleneck does the traffic shaping. I can also use it as wlan bridge
on a separate vlan.

Christopher


-- 
http://gmerlin.de
OpenPGP: http://gmerlin.de/christopher.pub
F190 D013 8F01 AA53 E080  3F3C F17F B0A1 D44E 4FEE

Re: Alix, pppoe(VDSL), extremely low upload speed

[Christopher Zimmermann]

On Fri, 10 Oct 2014 13:19:00 +0200 Mark Patruck m...@wrapped.cx wrote:

 I also get around 6MB/s when using the Alix 2c3 as a simple
 router. Problem seems to be the combination...

 vr2 - vlan7 (vlandev vr2) - pppoe0 (dev vlan7)

vr + vlan makes me think of this:

http://marc.info/?l=openbsd-techm=136042402201839w=2

 I also don't thing the Alix is too slow. As i said...50.000kbit/s
 down via pppoe0 works w/o issues.

 On Fri, Oct 10, 2014 at 01:10:39PM +0200, Stefan Sperling wrote:
  On Fri, Oct 10, 2014 at 12:23:36PM +0200, Mark Patruck wrote:
   I'm running 5.6-current on a Alix 2c3. The box is connected
   via pppoe(4) and VDSL 50Mbit down/10Mbit up - max-mss is set
   to 1440.
  
   Running a few speed tests, i get almost always  50.000kbit/s
   down, but not more than 400-600kbit/s up.
  
   Just for testing purposes, i started httpd(8) and tried to
   download a 1MB test file over the internet from another machine.
  
   $ ftp http://1.2.3.4/test1MB
   Trying 1.2.3.4...
   Requesting http://1.2.3.4/test1MB
  
   After about 8 seconds it shows 128KB, then...few seconds later...
   --stalled--few seconds later 256KB--stalled--
  
   65 seconds later, the download has finished.
  
   The same configuration (freshly installed OpenBSD 5.6-current) on
   another Alix 2c3 shows exactly the same issues...download fine,
   upload  600kbit/s.
  
   Just to make sure there is nothing wrong with cabling, VDSL modem,
   i tried the same configuration on an older Celeron laptop with
   ale(4) nic...no issues at all. I get around 8.000kbit/s.
  
   Any clues? (vr(4) issues?)
 
  I don't think vr(4) is your problem.
  From a net5501 soekris (similar hardware) I can download 6 megabytes
  per second of a file on the soekris' hard disk via a LAN-facing
  vr(4) interface, served over HTTP with nginx (on 5.6-stable).
 
  You could run measurements with tcpbench(1) to rule out problems
  at the network/driver layer. In my testing an Alix.2d2 lx800
  (running 5.6-stable too) is slightly faster with tcpbench (Avg
  Mbps: 92.490) than the net5501 (Avg Mbps: 86.949), both using vr(4)
  interfaces connected to a gigabit switch.
 
  Perhaps it's worth mentioning that the vr(4) interfaces are part
  of a bridge(4). I'm not sure if that affects throughput but if
  it does plain vr(4) interfaces could be faster.
 

 --
 Mark Patruck ( mark at wrapped.cx )
 GPG key 0xF2865E51 / 187F F6D3 EE04 1DCE 1C74  F644 0D3C F66F F286
 5E51

 http://www.wrapped.cx



--
http://gmerlin.de
OpenPGP: http://gmerlin.de/christopher.pub
F190 D013 8F01 AA53 E080  3F3C F17F B0A1 D44E 4FEE

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

httpd URI leading path stripping

[Christopher Zimmermann]

Hi,

I'd like to add an URI stripping option to httpd, which is similar to
apache/nginx's alias options:

root [strip number] directory
Set the document root of the server.  The directory is a pathname
within the chroot(2) root directory of httpd.  If not specified,
it defaults to /htdocs.  If the strip option is set, number path
components are stripped from the beginning of the request URI
before looking up the stripped-down URI at directory.


for example:

location /pub/OpenBSD/snapshots/amd64* {
root strip 4 /OpenBSD.amd64
directory auto index
}  


For serving php:

location /wiki/ {
root strip 1 /dokuwiki
directory index doku.php
fastcgi socket /tmp/doku.sock
}
location /wiki/*.php {
root strip 1 /dokuwiki
fastcgi socket /tmp/doku.sock
}
location /wiki/lib/* {
root strip 1 /dokuwiki
directory no index
}


Comments? OKs?

Christopher


diff --git httpd.conf.5 httpd.conf.5
index 788d0a9..7776131 100644
--- httpd.conf.5
+++ httpd.conf.5
@@ -229,7 +229,7 @@ Enable or disable logging to
 .Xr syslog 3
 instead of the log files.
 .El
-.It Ic root Ar directory
+.It Ic root Oo Ic strip Ar number Oc Ar directory
 Set the document root of the server.
 The
 .Ar directory
@@ -239,6 +239,11 @@ root directory of
 .Nm httpd .
 If not specified, it defaults to
 .Pa /htdocs .
+If the strip option is set,
+.Ar number
+path components are stripped from the beginning of the request URI before
+looking up the stripped-down URI at
+.Ar directory .
 .It Ic ssl Ar option
 Set the SSL configuration for the server.
 These options are only used if SSL has been enabled via the listen directive.
diff --git httpd.h httpd.h
index 04b1f05..45505a1 100644
--- httpd.h
+++ httpd.h
@@ -383,6 +383,7 @@ struct server_config {
char*ssl_key_file;
 
u_int16_tflags;
+   u_int8_t strip;
u_int8_t tcpflags;
int  tcpbufsiz;
int  tcpbacklog;
diff --git parse.y parse.y
index 44cf90c..70e1cf7 100644
--- parse.y
+++ parse.y
@@ -128,12 +128,13 @@ typedef struct {
 %token ACCESS AUTO BACKLOG BODY BUFFER CERTIFICATE CHROOT CIPHERS COMMON
 %token COMBINED CONNECTION DIRECTORY ERR FCGI INDEX IP KEY LISTEN LOCATION
 %token LOG MAXIMUM NO NODELAY ON PORT PREFORK REQUEST REQUESTS ROOT SACK
-%token SERVER SOCKET SSL STYLE SYSLOG TCP TIMEOUT TYPES
+%token SERVER SOCKET SSL STRIP STYLE SYSLOG TCP TIMEOUT TYPES
 %token ERROR INCLUDE
 %token v.string  STRING
 %token  v.number NUMBER
 %type  v.portport
 %type  v.number  optssl
+%type  v.number  optstrip
 %type  v.tv  timeout
 %type  v.string  numberstring
 
@@ -176,6 +177,10 @@ optssl : /*empty*/ { $$ = 0; }
| SSL   { $$ = 1; }
;
 
+optstrip   : /*empty*/ { $$ = 0; }
+   | STRIP NUMBER  { $$ = $2; }
+   ;
+
 main   : PREFORK NUMBER{
if (loadcfg)
break;
@@ -333,16 +338,21 @@ serveroptsl   : LISTEN ON STRING optssl port {
YYERROR;
}
} ssl
-   | ROOT STRING   {
-   if (strlcpy(srv-srv_conf.root, $2,
+   | ROOT optstrip STRING  {
+   if (strlcpy(srv-srv_conf.root, $3,
sizeof(srv-srv_conf.root)) =
sizeof(srv-srv_conf.root)) {
yyerror(document root too long);
-   free($2);
+   free($3);
YYERROR;
}
-   free($2);
+   free($3);
srv-srv_conf.flags |= SRVFLAG_ROOT;
+   if ($2  0 || $2  UINT8_MAX) {
+   yyerror(invalid strip number);
+   YYERROR;
+   }
+   srv-srv_conf.strip = $2;
}
| DIRECTORY dirflags
| DIRECTORY '{' dirflags_l '}'
@@ -848,6 +858,7 @@ lookup(char *s)
{ server, SERVER },
{ socket, SOCKET },
{ ssl,SSL },
+   { strip,  STRIP },
{ style,  STYLE },
{ syslog, SYSLOG },
{ tcp,TCP },
diff --git server_fcgi.c server_fcgi.c
index fe97be0..1d591b8 100644
--- server_fcgi.c
+++ server_fcgi.c
@@ -101,9 +101,12 @@ server_fcgi(struct httpd *env, struct client *clt)
struct fcgi_begin_request_body  *begin;
char hbuf[MAXHOSTNAMELEN];
size_t   

Re: httpd URI rewriting / try_files

[Christopher Zimmermann]

On Thu, 28 Aug 2014 14:37:34 +0300 Gregory Edigarov
ediga...@qarea.com wrote:

 Hello

 are there any plans to implement uri rewriting or something in a manner
 of 'try_files' configuration option of nginx?

I plan to add a URL stripping option, somewhat more powerful than the
nginx alias directive:


root [strip number] directory
Set the document root of the server.  The directory is a
pathname within the chroot(2) root directory of httpd.  If not
specified, it defaults to /htdocs.  If the strip option is set, number
path components are removed from the beginning of the URI before
directory is prepended.

this would allow you to do for example:

location /wiki/ {
strip 1
root /dokuwiki
directory index doku.php
fastcgi socket /tmp/php.sock
}


Christopher


--
http://gmerlin.de
OpenPGP: http://gmerlin.de/christopher.pub
F190 D013 8F01 AA53 E080  3F3C F17F B0A1 D44E 4FEE

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: Did anyone tried WPAWPA2 Enterprise / LEAP on OpenBSD 5.5?

[Christopher Zimmermann]

On Mon, 25 Aug 2014 21:58:58 +0200 somelooser3...@hushmail.com wrote:

 How can I configure (via console, not using GUI) on OpenBSD to connect
 to a

 WPAWPA2 Enterprise / LEAP

 wireless connection? Does anybody has any scripts for this?


echo -n 'setting up wlan: '

ifconfig iwn0 scan |sed -nEe 's/^[[:space:]]*nwid ?([^]*)?
chan .*$/\1/p' | \ while read nwid
do
case $nwid in
eduroam)
echo $nwid.
route delete default
ifconfig iwn0 inet -inet6 \
media autoselect \
-bssid \
-chan \
-nwkey \
nwid $nwid \
wpa \
wpaprotos wpa2 \
wpaakms 802.1x \
wpaciphers ccmp \
wpagroupcipher ccmp \
up
rm -f rm /var/run/wpa_supplicant/iwn0
wpa_supplicant -B -c /etc/wpa_supplicant.conf -D openbsd -i iwn0
dhclient iwn0
break 1
;;
esac
[...]
done


/etc/wpa_supplicant.conf:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
ap_scan=0

network={
ssid=eduroam
key_mgmt=WPA-EAP
eap=PEAP
identity=x...@d.tld
password=XXX
}



--
http://gmerlin.de
OpenPGP: http://gmerlin.de/christopher.pub
F190 D013 8F01 AA53 E080  3F3C F17F B0A1 D44E 4FEE

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: Cloning an OpenBSD system (and potential FAQ (4.15) error?)

[Christopher Zimmermann]

On Fri, 22 Aug 2014 10:04:28 -0400 Alan McKay alan.mc...@gmail.com
wrote:

 Hi folks,

Hi!

 I have also found this : http://www.ualberta.ca/~antoine/clone/openbsd.html
 Also looks promising.

this seems to be helper/wrapper scripts around dump. dump(8) is the way
to go.

I usually do dump -0auf 140822var.dump0 /var for dumping /var in a
file or
dump -0auf - /var |nc -l 1 on source and
restore -rf - |nc source 1

for cloning a partition over the network.

 I like the looks of the latter since it seems to allow me to run the
 first part on a live system, to make a copy of that system (can anyone
 confirm that?).   I'd much rather not have to take it down to make the
 image since I don't have to do that when I clone Linux.   And my
 production systems will be happier that way :-)

This will work. I can confirm that. dump can dump from mounted as well
as unmounted filesystems.

 Clonezilla looks to be all-singing-all-dancing, but seems to require
 me to boot from their CD or USB in order to make a copy of my original
 system (can anyone confirm or refute?).  Not a massive issue in my DEV
 rack but not ideal in production.

 In Linux the way I do systems is to boot the target system in Live
 Linux (Ubuntu), and then partition the HD(s) the way I want, and mount
 them up under /mnt/target/ with that being my root.  Then run rsync
 locally to copy the master live system into /mnt/target.  Use a couple
 of options to tell it what not to copy.   Works awesome.   The above
 perl scripts from U Alberta seem to be at least a bit similar to this
 procedure.

 Are there any options I am missing that I should look at?
 Has anyone used the above methods and can comment on how well they
 work or whether or not I should just avoid one or the other?

after restoring / copying the filesystems using dump/restore and fixing
up /etc/fstab on the target system, you'll need to install boot. see
installboot(8).


Christopher



--
http://gmerlin.de
OpenPGP: http://gmerlin.de/christopher.pub
F190 D013 8F01 AA53 E080  3F3C F17F B0A1 D44E 4FEE

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Interactive Unix System V/386 Release 3.2

[Christopher Zimmermann]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

Hi,

I got two SunSoft Unix System V 3.2 of 1994. With still sealed installation 
diskettes,  user's and maintenance Guides. Anyone interested? I could ship them 
from germany.

Christopher

- --
http://gmerlin.de
OpenPGP: http://gmerlin.de/christopher.pub
F190 D013 8F01 AA53 E080  3F3C F17F B0A1 D44E 4FEE
iQJKBAEBCgA0BQJTVPsuLRxDaHJpc3RvcGhlciBaaW1tZXJtYW5uIDxtYWRyb2Fj
aEBnbWVybGluLmRlPgAKCRB+JNGfNLgqKnjWD/4s0jxVeXH8nABEX6rjTCRelFR3
XreMnh527KRV/T26O70HsMlNJZ2q6yXKOU4BsdCDWP2I7wHafky1l89sJhjBsFo2
f8MYWYrEvkBPAlm6FwVFzOXhDngVT7wVbUIA2YhwaQ1GrsfocAH64NzqcJ1JANbr
wht8z0Ra9SNzxXNmEZGBfMflKkjrpJIkc6FuiJdDgixCQyxzvLu5o72HN2nP7TCV
iaUgoDPCdd7Y5hM0fyfg+SM4eXs+4dPZe6lpyYjFKgyWt9eCyHNWnE85YrK2oW7q
YKXf5Ixzr/Jb8nV8yjj7OqnWS4jGBgXwRjzgtRnCQMxm34bBMAStWBNG/9fayicW
aUsOFDSbnxuGU5Zabc2V6tZ+jDdAnZnwbKXcG2WtgatrE0m2wQdmmjOJY+vrm668
VjoKrY0nSDkzmD/nc0G1BAEsvonnpaDEpDjo4hytVjyCBjLWsuCwTrZ+tpm5YfjV
tf6cDXpJ8wcJhTYK6Ufu5LzIwQoUlUqFEIPvcDFpUkOBsC+rzRbuzUmDn989m3Tb
pgjj7Pa/0xi1Yfibc4ORiG4kwg/kgzeeL5DwWImYJCBunLH9TdscveZ7RCQuD+Ag
2SFBubROZNHBGhD5OteZubxbGEEGFaMfRZil9+wg6tpdnr888a9pxcQlBU+wBeqc
G8huTzyHcaHyxa+j5g==
=pvcj
-END PGP SIGNATURE-

Re: User land notification uppon pppoe(4) changes

[Christopher Zimmermann]

On Sun, 24 Nov 2013 20:40:21 +0100 David Keller
david.kel...@litchis.fr wrote:

 Hello,

 ***
 * My setup

 Say I have a router using pppoe to connect to internet.
 It gets a different ip address from the ISP every day.

 From this router I want to create a gif tunnel to a static-ip host.

 ***
 * My problem

 How can I ensure the src outer address of the gif interface sticks to
 the pppoe dynamic-ip ?

 ***
 * My solution

 I was thinking about updating the gif interface when the pppoe link
 changes its IP using a userland daemon
 which monitors the interface and executes user scripts.

 ***
 * Your feeling

 1) Is this a good idea ?
 2) Does this daemon already exist ?
   2.1) If I write it, would you like me to share it ?

 Regards,

 David



Here's how I do it:

#!/bin/sh

LastIP=0.0.0.0
Route=no
Tunnel=no
Dyndns=no

while true
do

  CurrIP=`ifconfig pppoe0 |awk '/inet / {print $2}'`
  #CurrIP=`ftp -o - 'http://www.meine-aktuelle-ip.de/' 2/dev/null |sed -n
s%^.*Ihre aktuelle IP Adresse: \(.*\)br /.*$%\1%p`

  # Check validity of $CurrIP
  ping -c1 -w1 -- $CurrIP 21 /dev/null || CurrIP=0.0.0.0

  TunnelRemoteV4=`ifconfig gif0 |awk '/physical address inet / {print $6}'`

  # Delete old route when dynamic IP has changed
  if [ $CurrIP != $LastIP ]
  then
if [ $Route = yes ]
then
  route delete $LastIP localhost
fi
Route=no
Tunnel=no
Dyndns=no
  fi

  if [ $CurrIP != 0.0.0.0 ]
  then
# Send mail only when something needs to be done
if [ $Route != yes -o $Dyndns != yes -o $Tunnel != yes ]
then
  mail -s `hostname` dynamic IP update to $CurrIP root |
  exec 5p
  echo Current IP is $CurrIP 5
  echo Last IP was $LastIP 5
  echo Last status: $Route, Tunnel: $Tunnel, Dyndns: $Dyndns\n 5
  echo 5
else
  exec 52
fi

LastIP=$CurrIP

if [ $Route != yes ]
then
  echo -n Adding route:  5
  Reply=`route add $CurrIP localhost 2/dev/null`
  case $Reply in
add host $CurrIP: gateway localhost)
  echo success - $Reply 5

  Route=yes
  ;;
add host $CurrIP: gateway localhost: File exists)
  echo success - $Reply 5

  Route=yes
  ;;
*)
  echo failed - $Reply 5

  Route=failed
  ;;
  esac
fi

if [ $Tunnel != yes ]
then
  echo -n Adding tunnel:  5
  if ifconfig gif0 tunnel $CurrIP $TunnelRemoteV4
  then
echo success: 5
ifconfig gif0 5
Tunnel=yes
  else
echo failed. 5
Tunnel=failed
  fi
fi

if [ $Dyndns != yes ]
then
  for URL in \

'http://ipv4.cloudns.net/api/dynamicURL/?q=X
X' \

'http://ipv4.cloudns.net/api/dynamicURL/?q=X
X' \

'http://ipv4.cloudns.net/api/dynamicURL/?q=X
X'
  do
echo 5
echo Updating ClouDNS \$URL\ 5

Reply=`ftp -Vo - $URL 21`

Dyndns=yes
case $Reply in
  Updated*)
echo success - $Reply 5
;;
  OK)
echo success - $Reply 5
;;
  ERROR:\ Address\ $CurrIP\ has\ not\ changed.)
echo Not changed: $Reply 5
;;
  ERROR*)
echo $Reply 5

Dyndns=failed
;;
  *)
echo Unknown reply - $Reply 5
Dyndns=failed
;;
esac
  done
fi

exec 5-

# Send heartbeat to IPv6 tunnel peer -needed every 60 seconds.
if [ -n $TunnelRemoteV4 ]
then
  # inspired by heartbeat script written by Oliver Walter o...@gmx.de
  Passphrase=''
  RemoteV6='2001:4dd0:ff00:12a8::1'
  LocalV6='2001:4dd0:ff00:12a8::2'

  HB=HEARTBEAT TUNNEL $LocalV6 sender `date +%s`
  echo -n $HB `echo -n $HB $Passphrase |md5` \
|nc -w1 -u $TunnelRemoteV4 3740
fi
  fi

  sleep 55
done



also in /etc/daily.local I do

next_part Force pppoe0 reconnect:
ifconfig pppoe0 down
ifconfig pppoe0 up
# wait for reconnect
sleep 35
ifconfig pppoe0



Have fun!
Christopher

--
http://gmerlin.de
OpenPGP: http://gmerlin.de/christopher.pub
F190 D013 8F01 AA53 E080  3F3C F17F B0A1 D44E 4FEE

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

nat-to static-port chooses random ports

[Christopher Zimmermann]

Hi,

as far as I understand pf, the following rules should behave exactly
the same:

pass out log on pppoe0 inet proto udp from mortimer-ipsec port 5061 nat-to
(pppoe0) static-port
and
pass out log on pppoe0 inet proto udp from mortimer-ipsec port 5061 nat-to
(pppoe0) port 5061

but they don't:

rule 98/(match) pass out on pppoe0: 217.190.89.90.56487  88.215.213.26.5748:
udp 2048
resp.
rule 98/(match) pass out on pppoe0: 217.190.89.90.5061  62.138.116.3.5748:
udp 2048

this is on an OPENBSD_5_4 kernel.

--
http://gmerlin.de
OpenPGP: http://gmerlin.de/christopher.pub
1917 680A 723C BF3D 2CA3  0E44 7E24 D19F 34B8 2A2A

[demime 1.01d removed an attachment of type application/pgp-signature]

routing to IPsec VPN with dummy lo1 broken

[Christopher Zimmermann]

Hi,

My IPsec roadwarrior setup on my laptop broke with one of the latest
snapshots because some outgoing connections are routed wrongly with a
source ip of 127.0.0.1.

On the roadwarrior laptop I use a dummy lo1 interface to which I assign
the internal VPN IP of the laptop.
wlan has the 172.26.153.40/28 subnet, VPN has the 172.26.153.49/28
subnet:

iwn0: flags=28843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,NOINET6 mtu 1500
lladdr 00:21:6b:a3:70:7a
priority: 4
groups: wlan
status: active
inet 172.26.153.40 netmask 0xfff0 broadcast 172.26.153.47
enc0: flags=0
priority: 0
groups: enc
status: active
lo1: flags=8149UP,LOOPBACK,RUNNING,PROMISC,MULTICAST mtu 33144
priority: 0
groups: lo egress
inet 172.26.153.49 netmask 0xfff0
inet6 fe80::1%lo1 prefixlen 64 scopeid 0x5
inet6 2001:4dd0:fbdf:8::49 prefixlen 48

Routing tables

default route goes to the VPN. Because the IPsec flow matches on
source ip, all VPN packets are routed via lo1 to assign the right
source ip:

Internet:
DestinationGatewayFlags   Refs  Use   Mtu  Prio Iface
default172.26.153.49  US 1   62 33144 9 lo1
127/8  127.0.0.1  UGRS   00 33144 8 lo0
127.0.0.1  127.0.0.1  UH 2   36 33144 4 lo0
172.26.153.32/28   link#2 UC 10 - 4 iwn0
172.26.153.33  00:1b:b1:f2:f4:6d  UHLc   10 - 4 iwn0
172.26.153.40  127.0.0.1  UGS00 33144 8 lo0
172.26.153.49  172.26.153.49  UH 0  120 33144 4 lo1
217.190.94.19  172.26.153.33  UGHS   2  215 -12 iwn0
224/4  127.0.0.1  URS00 33144 8 lo0

And route get seems to do the right thing:

$ route get 172.26.153.1
   route to: alix
destination: default
   mask: default
  interface: lo1
 if address: mortimer-ipsec (= 172.26.153.49)
   priority: 9 ()
  flags: UP,DONE,STATIC
 use   mtuexpire
  68 33144 0

In the following tests I run two tcpdumps in the background:

tcpdump: listening on pflog0, link-type PFLOG
tcpdump: listening on enc0, link-type ENC

ICMP echo requests get assigned the correct source ip and are
redirected to IPsec:

$ ping -c1 172.26.153.1
PING 172.26.153.1 (172.26.153.1): 56 data bytes
64 bytes from 172.26.153.1: icmp_seq=0 ttl=255 time=2.635 ms
--- 172.26.153.1 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 2.635/2.635/2.635/0.000 ms

(authentic,confidential): SPI 0x754c6616: 172.26.153.49  172.26.153.1: icmp:
echo request (encap)
(authentic,confidential): SPI 0x9464175d: 172.26.153.1  172.26.153.49: icmp:
echo reply (encap)

But udp/tcp packets get assigned the localhost(!) address and are
blocked by pf, because I disallow any traffic on lo1:

$ nc -u 172.26.153.1 53 /dev/zero

rule 3/(match) block out on lo1: 127.0.0.1.3621  172.26.153.1.53: 0 [0q]
(2048)

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: routing to IPsec VPN with dummy lo1 broken

[Christopher Zimmermann]

On Tue, 2 Jul 2013 10:26:40 +0200
Christopher Zimmermann chr...@openbsd.org wrote:

 Hi,
 
 My IPsec roadwarrior setup on my laptop broke with one of the latest
 snapshots because some outgoing connections are routed wrongly with a
 source ip of 127.0.0.1.

I was wrong in assuming a recent change to the kernel is causing this.
I can reproduce this behaviour with a kernel from 13-05-01 and I'm
pretty sure it did work just fine back then.
Still this looks like a bug to me. ICMP messages being routed with the
correct source ip just fine, but udp and tcp getting a source ip of
127.0.0.1 while leaving on interface lo1 which only has the
172.26.153.49 ip assigned.

Christopherd

Re: routing to IPsec VPN with dummy lo1 broken

[Christopher Zimmermann]

On Tue, 2 Jul 2013 10:26:40 +0200
Christopher Zimmermann chr...@openbsd.org wrote:

 Hi,
 
 My IPsec roadwarrior setup on my laptop broke with one of the latest
 snapshots because some outgoing connections are routed wrongly with a
 source ip of 127.0.0.1.

I found the according line in the source:
netinet/in_pcb.c:836

/*
 * If we found a route, use the address
 * corresponding to the outgoing interface
 * unless it is the loopback (in case a route
 * to our address on another net goes to loopback).
 */
if (ro-ro_rt  ro-ro_rt-rt_ifp 
!(ro-ro_rt-rt_ifp-if_flags  IFF_LOOPBACK)) /* XXX Don't use address of 
any loopback interface */
ia = ifatoia(ro-ro_rt-rt_ifa);
if (ia == 0) {
u_int16_t fport = sin-sin_port;

sin-sin_port = 0;
ia = ifatoia(ifa_ifwithdstaddr(sintosa(sin), rtableid));
if (ia == 0)
ia = ifatoia(ifa_ifwithnet(sintosa(sin), rtableid));
sin-sin_port = fport;
if (ia == 0)
ia = TAILQ_FIRST(in_ifaddr); /* XXX Now use the address of the 
FIRST loopback interface anyways ?!? */
if (ia == 0) {
*errorp = EADDRNOTAVAIL;
return NULL;
}
}

Is this reasonable not to use address of loopback interfaces?
Also this codepath only affects udp/tcp, but NOT icmp.
The icmp codepath will use the address of loopback interfaces.

Christopher

Re: pf filtering encapsulated icmpv6

[Christopher Zimmermann]

ok. But there is no way to match on the outer IPv4 addresses, is there?

Christopher

On Fri, 7 Jun 2013 20:34:12 +0200
Loïc BLOT loic.b...@unix-experience.fr wrote:

 i think:
 Pass in on enc0 proto ipv6-icmp
 
 
 Loic Blot
 
 Le 7 juin 2013 à 19:29, Christopher Zimmermann madro...@gmerlin.de
 a écrit :
 
  Hi,
  
  simple problem: how do I allow this package to pass?
  
  18:59:44.768197 rule 0/(match) [uid 0, pid 1051] block in on enc0:
  172.26.153.7  172.26.153.1: 2001:4dd0:fbdf:0:f8b8:dafc:cff0:ae3b 
  2a00:1450:4001:808::101f: [|icmp6] (len 16, hlim 255) (ttl 64, id
  2105, len 76)
  
  Christopher

pf filtering encapsulated icmpv6

[Christopher Zimmermann]

Hi,

simple problem: how do I allow this package to pass?

18:59:44.768197 rule 0/(match) [uid 0, pid 1051] block in on enc0: 172.26.153.7 
 172.26.153.1: 2001:4dd0:fbdf:0:f8b8:dafc:cff0:ae3b  
2a00:1450:4001:808::101f: [|icmp6] (len 16, hlim 255) (ttl 64, id 2105, len 76)

Christopher

Re: pf queueing and nat

[Christopher Zimmermann]

On Wed, 17 Apr 2013 03:32:52 +1000
John Tate j...@johntate.org wrote:

 I am adding queueing to my pf based nat for my home network. Since
 there isn't a complete example involving nat and queuing I am not
 entirely sure where to put things. I've read the manual and I think I
 put things before the rdr-to rules. I also have a transparent ftp and
 http proxy. I am not entirely sure if I put it before or after the
 divert-to rules. I just need someone to show me where in the pf.conf
 I've already done I should put things.
 
 I need to add the lines like these...
 block out on $ext_if all

Before everything else. Last match wins!

 pass out on $ext_if inet proto tcp from ($ext_if) queue (std_out,
 tcp_ack_out)
 (And so on, including for incoming traffic on $int_if)

I'm not sure whether queue rules are sticky, but later matching ones
will overwrite earlier ones I'd guess, so put them as late as possible.
I'd also put the nat rules as match rules at the very end, so you
don't forget the real source address/port too early.

Christopher

 
 My current pf.conf...
 # grep -v '^#' /etc/pf.conf
 
 int_if=fxp0
 ext_if=pppoe0
 
 murphy=10.0.0.2
 fekete=10.0.0.3
 
 murphy_ports = { 8333 }
 fekete_ports = { 17001, 39191, 5938,  }
 
 tcp_services={ 22 }
 icmp_types=echoreq
 
 set skip on lo
 
 pass in quick on $int_if inet proto tcp to port http divert-to
 127.0.0.1 port 3128
 
 anchor ftp-proxy/*
 pass in quick on $int_if inet proto tcp to port ftp divert-to
 127.0.0.1 port 8021
 
 
 match out on egress inet from !(egress:network) to any nat-to
 (egress:0)
 
 pass# to establish keep-state
 
 
 
 
 block in on ! lo0 proto tcp to port 6000:6010
 
 block in log
 pass out quick
 
 antispoof quick for { lo $int_if }
 
 pass in on egress inet proto tcp from any to (egress) \
 port $tcp_services
 
 pass in on $ext_if proto tcp to port 21
 pass in on $ext_if proto tcp to port  49151
 
 pass in on egress inet proto tcp to (egress) port $murphy_ports rdr-to
 $murphy
 pass in on egress inet proto tcp to (egress) port $fekete_ports rdr-to
 $fekete
 
 pass in inet proto icmp all icmp-type $icmp_types
 
 pass in on $int_if
 
 
 -- 
 www.johntate.org

Problems waking up with latest snapshot

[Christopher Zimmermann]

Hi,

since updating to the latest snapshot my laptop (dmesg below) hang at
the console after waking up from suspend to ram.
The ttyC0 was displayed on both monitors, but neither typing at the
console login prompt, nor switching to X worked.
I was able to enter ddb with ctrl-alt-del and get a trace, which can be
found at ftp://gmerlin.de/pub/ddb_screenshot.jpeg


Christopher




OpenBSD 5.3-current (GENERIC.MP) #60: Tue Apr  2 18:53:53 MDT 2013
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 2052788224 (1957MB)
avail mem = 1990496256 (1898MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (74 entries)
bios0: vendor LENOVO version 7UET49WW (1.19 ) date 10/17/2008
bios0: LENOVO 7440BH1
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET SLIC BOOT ASF! SSDT TCPA DMAR 
SSDT SSDT SSDT
acpi0: wakeup devices LID_(S3) SLPB(S3) UART(S3) IGBE(S4) EXP0(S4) EXP1(S4) 
EXP2(S4) EXP3(S4) EXP4(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB3(S3) 
USB4(S3) USB5(S3) EHC0(S3) EHC1(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiec0 at acpi0
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz, 2261.39 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,NXE,LONG,LAHF,PERF
cpu0: 3MB 64b/line 8-way L2 cache
cpu0: apic clock running at 266MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz, 2261.00 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,NXE,LONG,LAHF,PERF
cpu1: 3MB 64b/line 8-way L2 cache
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 2, remapped to apid 1
acpimcfg0 at acpi0 addr 0xe000, bus 0-63
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (AGP_)
acpiprt2 at acpi0: bus 2 (EXP0)
acpiprt3 at acpi0: bus 3 (EXP1)
acpiprt4 at acpi0: bus -1 (EXP2)
acpiprt5 at acpi0: bus 5 (EXP3)
acpiprt6 at acpi0: bus 13 (EXP4)
acpiprt7 at acpi0: bus 21 (PCI1)
acpicpu0 at acpi0: C3, C2, C1, PSS
acpicpu1 at acpi0: C3, C2, C1, PSS
acpipwrres0 at acpi0: PUBS
acpitz0 at acpi0: critical temperature is 127 degC
acpitz1 at acpi0: critical temperature is 100 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpibat0 at acpi0: BAT0 model 42T4644 serial 14062 type LION oem SANYO
acpibat1 at acpi0: BAT1 not present
acpiac0 at acpi0: AC unit online
acpithinkpad0 at acpi0
acpidock0 at acpi0: GDCK docked (15)
cpu0: Enhanced SpeedStep 2261 MHz: speeds: 2267, 2266, 1600, 800 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 Intel GM45 Host rev 0x07
vga1 at pci0 dev 2 function 0 Intel GM45 Video rev 0x07
intagp0 at vga1
agp0 at intagp0: aperture at 0xd000, size 0x1000
inteldrm0 at vga1
drm0 at inteldrm0
inteldrm0: apic 1 int 16
wsdisplay0 at vga1 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
Intel GM45 Video rev 0x07 at pci0 dev 2 function 1 not configured
Intel GM45 HECI rev 0x07 at pci0 dev 3 function 0 not configured
em0 at pci0 dev 25 function 0 Intel ICH9 IGP M AMT rev 0x03: msi, address 
00:1c:25:9d:78:80
uhci0 at pci0 dev 26 function 0 Intel 82801I USB rev 0x03: apic 1 int 20
uhci1 at pci0 dev 26 function 1 Intel 82801I USB rev 0x03: apic 1 int 21
uhci2 at pci0 dev 26 function 2 Intel 82801I USB rev 0x03: apic 1 int 22
ehci0 at pci0 dev 26 function 7 Intel 82801I USB rev 0x03: apic 1 int 23
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 Intel 82801I HD Audio rev 0x03: msi
azalia0: codecs: Conexant CX20561
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 Intel 82801I PCIE rev 0x03: msi
pci1 at ppb0 bus 2
ppb1 at pci0 dev 28 function 1 Intel 82801I PCIE rev 0x03: msi
pci2 at ppb1 bus 3
iwn0 at pci2 dev 0 function 0 Intel WiFi Link 5100 rev 0x00: msi, MIMO 1T2R, 
MoW, address 00:21:6b:a3:70:7a
ppb2 at pci0 dev 28 function 3 Intel 82801I PCIE rev 0x03: msi
pci3 at ppb2 bus 5
ppb3 at pci0 dev 28 function 4 Intel 82801I PCIE rev 0x03: msi
pci4 at ppb3 bus 13
uhci3 at pci0 dev 29 function 0 Intel 82801I USB rev 0x03: apic 1 int 16
uhci4 at pci0 dev 29 function 1 Intel 82801I USB rev 0x03: apic 1 int 17
uhci5 at pci0 dev 29 function 2 Intel 82801I USB rev 0x03: apic 1 int 18
ehci1 at pci0 dev 29 function 7 Intel 82801I USB rev 0x03: apic 1 int 19
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb4 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0x93
pci5 at ppb4 bus 21
cbb0 at pci5 dev 0 function 0 Ricoh 5C476 CardBus rev 0xba: apic 1 int 16
Ricoh 

How are routes selected from static routing table?

[Christopher Zimmermann]

Hi,

I have the following static routes setup on my laptop.
em0 is a lan connection to my router 172.26.153.1.
tun1 is sometimes used by a ssh tunnel to the same router.
It is now down.
The routing table is attached below.
Now I'm wondering why the first ping seems to use the 172.26.153/24 
route via 172.26.153.18 (which is currently not up and has priority 10) 
instead of the default route via 172.26.153.1 which has a higher 
priority and is up.
The funny thing is that adding another route to 172.26.153/24 via 
gateway 172.26.153.1 fixes this problem and allows the ping to 
happen.
Why is this route used while the default route is ignored, although it 
looks exactly the same (same priority) except having a larger subnet (0/0)??
Are more specific routes somehow preferred?


Any help, especially hints towards helpful documentation, are very 
welcome.

Christopher


$ ifconfig tun1
tun1: flags=51UP,POINTOPOINT,RUNNING mtu 1500
priority: 0
groups: tun
status: down
inet 172.26.153.19 -- 172.26.153.18 netmask 0x
$ route -n show -inet
Routing tables

Internet:
DestinationGatewayFlags   Refs  Use   Mtu  Prio Iface
default172.26.153.1   UGS   29  659 - 8 em0  
default172.26.153.18  GS 00 -10 tun1 
127/8  127.0.0.1  UGRS   00 33152 8 lo0  
127.0.0.1  127.0.0.1  UH 20 33152 4 lo0  
172.26.153.0/28link#1 UC 10 - 4 em0  
172.26.153/24  172.26.153.18  GS 02 -10 tun1 
172.26.153.1   00:0d:b9:24:60:40  UHLc   4   58 - 4 em0  
172.26.153.7   127.0.0.1  UG 00 3315256 lo0  
172.26.153.18  172.26.153.19  H  20 - 4 tun1 
224/4  127.0.0.1  URS00 33152 8 lo0  
$ ping -c 1 -i 1 phone
PING phone.gmerlin.de (172.26.153.17): 56 data bytes
ping: sendto: Host is down
ping: wrote phone.gmerlin.de 64 chars, ret=-1
--- phone.gmerlin.de ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
$ sudo route add 172.26.153/24 172.26.153.1
add net 172.26.153/24: gateway 172.26.153.1
$ route -n show -inet  
Routing tables

Internet:
DestinationGatewayFlags   Refs  Use   Mtu  Prio Iface
default172.26.153.1   UGS   13  659 - 8 em0  
default172.26.153.18  GS 00 -10 tun1 
127/8  127.0.0.1  UGRS   00 33152 8 lo0  
127.0.0.1  127.0.0.1  UH 20 33152 4 lo0  
172.26.153.0/28link#1 UC 10 - 4 em0  
172.26.153/24  172.26.153.1   UGS00 - 8 em0  
172.26.153/24  172.26.153.18  GS 03 -10 tun1 
172.26.153.1   00:0d:b9:24:60:40  UHLc   6   87 - 4 em0  
172.26.153.7   127.0.0.1  UG 00 3315256 lo0  
172.26.153.18  172.26.153.19  H  20 - 4 tun1 
224/4  127.0.0.1  URS00 33152 8 lo0  
$ ping -c 1 -i 1 phone 
PING phone.gmerlin.de (172.26.153.17): 56 data bytes
64 bytes from 172.26.153.17: icmp_seq=0 ttl=127 time=1.071 ms
--- phone.gmerlin.de ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.071/1.071/1.071/0.000 ms

Re: pf 'synproxy state' doesn't work with pppoe

[Christopher Zimmermann]

On Thu, 16 Aug 2012 14:37:50 +0200
LEVAI Daniel l...@ecentrum.hu wrote:

 On cs, aug 16, 2012 at 14:26:05 +0200, LEVAI Daniel wrote:
  On cs, aug 16, 2012 at 12:20:56 +0100, Kevin Chadwick wrote:
Any help would be appreciated.
   
   Works for me on 5.1
   
   I don't think it's the rule but the combination of rules. Try reordering
   your ruleset. I've had a problem before but I forget or never found the
   specific reason.
  
  Okay, okay, I'm trying to get my head around this, but how do you
  explain that changing *only* the 'synproxy' word to 'keep' in the exact
  same rule makes it working again (not changing order, combination,
  nothing, but only changing synproxy state to the default keep state)?
 
 There is definitely something wrong with pppoe + synproxy state:
 
 # pfctl -sr
 pass all flags S/SA
 pass in on pppoe0 inet proto tcp from src to dst port =  flags S/SA 
 synproxy state
 
 This is the only rule. Otherwise it's just 'pass all'. If I remove this
 rule too *or* change synproxy to keep, the connection is working.
 
 I can reproduce this on two different machines, with different ISPs and
 different NICs facing the ISPs using pppoe.


Do you filter on loopback? The handshake between proxy and server
process is done via loopback. You need to pass this traffic, too.

Christopher

Re: apache - built in - and syslog

[Christopher Zimmermann]

On Mon, 30 Jul 2012 13:27:47 -0400
sven falempin sven.falem...@gmail.com wrote:

 HEllo,
 
 I(and google) do not find the apache 1.3.29 documentation for editing conf
 file, neither information to syslog the apache logs.
 
 Pointer anyone ?


See /usr/share/doc/html/httpd/index.html and
/var/www/log/

But you may want to use nginx, which is going to replace apache someday.

Re: mailing list managaers with smtpd

[Christopher Zimmermann]

On Sat, 21 Jul 2012 20:03:04 +0200
Jan Stary h...@stare.cz wrote:

 On Jul 21 18:04:51, Christopher Zimmermann wrote:
  On Sat, 21 Jul 2012 17:28:12 +0200
  Jan Stary h...@stare.cz wrote:
  
   On Jul 21 10:02:10, Christopher Zimmermann wrote:
On Sat, 21 Jul 2012 09:50:40 +0200
Jan Stary h...@stare.cz wrote:

 Having happily switched from postfix to smtpd,
 the one thing I am missing is running mailing lists.
 I see it has been discussed before:
 http://marc.info/?t=13170923832r=1w=2
 
 Is it really possible to use commands as aliases, as said in
 http://marc.info/?l=openbsd-miscm=131714762522589w=2 ?
 Is it docummented?


Hi,

that's how I do it in my aliases using OpenSMTPd:

test:   minimalist
test-owner: postmaster

minimalist: _minimalist

_minimalist:|/usr/local/sbin/minimalist.pl
   
   Ah, minimalist. That's what I use now with Postfix.
   
   However, does this work as quoted? I believe that minimalist.pl
   needs to be called with the list name as an argument, as in
   
   minimalist: |/var/spool/minimalist/minimalist.pl
   listname:   |/var/spool/minimalist/minimalist.pl listname
   listname-owner: s...@guy.org
   
  
  yes. That's true. I did a lot of work on minimalist. Improving security
  and making it work with the aliales file I sent you. See
  https://github.com/madroach/minimalist
 
 I just started making a port of
 http://www.mml.org.ua/LIST/minimalist-2.5.4-1.tgz
 
 Would you advise to use your github minimalist instead?
 Does it work better within smtpd than the original minimalist?
 Do you already have an OpenBSD port of it?

I think it works a lot better than the original minimalist with
OpenSMTPd. I made it perl-taint clean, removed every perl eval(),
chrooted it, made it independent of a sendmail binary, but also removed
some features in the process. The documentation is not yet adapted to
my changes. I intend to maintain it and fix bugs.
Of course I would advise to use my version. At the moment I don't have
much time, but in about two weeks I could do some work to adapt the
documentation and especially the example conffile.


Christopher

Re: mailing list managaers with smtpd

[Christopher Zimmermann]

On Sat, 21 Jul 2012 17:28:12 +0200
Jan Stary h...@stare.cz wrote:

 On Jul 21 10:02:10, Christopher Zimmermann wrote:
  On Sat, 21 Jul 2012 09:50:40 +0200
  Jan Stary h...@stare.cz wrote:
  
   Having happily switched from postfix to smtpd,
   the one thing I am missing is running mailing lists.
   I see it has been discussed before:
   http://marc.info/?t=13170923832r=1w=2
   
   Is it really possible to use commands as aliases, as said in
   http://marc.info/?l=openbsd-miscm=131714762522589w=2 ?
   Is it docummented?
  
  
  Hi,
  
  that's how I do it in my aliases using OpenSMTPd:
  
  test:   minimalist
  test-owner: postmaster
  
  minimalist: _minimalist
  
  _minimalist:|/usr/local/sbin/minimalist.pl
 
 Ah, minimalist. That's what I use now with Postfix.
 
 However, does this work as quoted? I believe that minimalist.pl
 needs to be called with the list name as an argument, as in
 
 minimalist: |/var/spool/minimalist/minimalist.pl
 listname:   |/var/spool/minimalist/minimalist.pl listname
 listname-owner: s...@guy.org
 

yes. That's true. I did a lot of work on minimalist. Improving security
and making it work with the aliales file I sent you. See
https://github.com/madroach/minimalist

Christopher

Re: PF and ftp: to use or not to use ftp-proxy ?

[Christopher Zimmermann]

On Tue, 26 Jun 2012 14:51:35 +0600
Илья Шипицин chipits...@gmail.com wrote:

 Hello!

 I managed to get ftp through PF working either without ftp-proxy ...

 match in inet proto tcp from any to $external port = ftp rdr-to
 $internal port 21
 match in inet proto tcp from any port = ftp-data to $external port
 1024:65535 rdr-to $internal port 1024:65535
 match in inet proto tcp from any to $external port = ftp-data rdr-to
 $internal port 20


 or with ftp-proxy...

 pass in quick on vlan5 inet proto tcp from any to $external port ftp
 divert-to 127.0.0.1 port 8021


 /etc/rc.local:

 /usr/sbin/ftp-proxy -p 8021 -R $internal -P 21 -D7 -v


 I asked question is it possible to use multiple intances of ftp-proxy
 and it turned out that several people are running reverse ftp-proxy in
 production.
 so... can anybody help me to choose between two above options ? with
 ftp-proxy or without ftp-proxy ?

Your solution without ftp-proxy won't work when other services expect
incoming tcp connections in the high ports range. ftp-proxy will only
open and forward ports that have been negotiated in the ftp control
connection. This is safer and will not interfere with other services.
Use ftp-proxy.

Christopher

Re: Mounting a partition, cdrom, usb as a user

[Christopher Zimmermann]

On Mon, 18 Jun 2012 22:26:57 -0700
russell russ...@dotplan.dyndns.org wrote:

 quite suprised.
 no love so far for fbtab(5)

 The fbtab file is used by login(1) to chown(2) the specified files to the
 user who has performed a login.  Additionally, chmod(2) is used to set
 the devices to the specified permission.  When a user logs out, init(8)
 is responsible for performing the inverse operation, which results in the
 files once again belonging to root.

Nice. But how is this supposed to work for multiple logins or system
crashes (power outage during login)?

Re: basic smtpd question

[Christopher Zimmermann]

On Sun, 3 Jun 2012 08:42:48 -0400
bofh goodb...@gmail.com wrote:

 On Sun, Jun 3, 2012 at 8:38 AM, Christopher Zimmermann
 madro...@gmerlin.de wrote:
  On Sun, 3 Jun 2012 08:15:56 -0400
  bofh goodb...@gmail.com wrote:
  Do you want to accept remote mail for your domains? Then you need to
  add from all.
 
 So,
 
 accept from all for domain *.domain1.com deliver to mbox
 
 OK, got it!
 
  accept from 10.1.1.0/24 relay
 
  Relay how? Using smarthost? Possibly password protected? Then you
  need something like this:
 
  map secrets { source db /etc/mail/secrets.db }
  accept from ... for all relay via smarthost tls auth secrets
 
 Still thinking about what I want to do for this - internal network is
 just my house, wpa2 protected wireless.  But thanks for the pointer.

You probably want smtpd to deliver your outgoing mail via a smarthost
of your ISP, because some mailservers reject mail from dynamic IP
ranges or private IP ranges.

Re: SETUID perl script leaves backdoor open

[Christopher Zimmermann]

After short testing I found a bug or at least a dangerous pitfall.

This leaves a backdoor open (probably in the saved UID):

#!/usr/bin/perl -wT

use strict;
require POSIX;

sub ids () { print RUID=$ EUID=$ RGID=$( EGID=$)\n }

print Running $^X $0\n;

ids;
$ = $ = $;
ids;
$ = $ = 0;
ids;

=== OUTPUT: 
Running /usr/bin/perl /dev/fd/3
RUID=1000 EUID=0 RGID=10 10 0 5 9 117 501 1001 EGID=10 10 0 5 9 117 501 1001
RUID=1000 EUID=1000 RGID=10 10 0 5 9 117 501 1001 EGID=10 10 0 5 9 117 501 1001
RUID=0 EUID=0 RGID=10 10 0 5 9 117 501 1001 EGID=10 10 0 5 9 117 501 1001


While this drops privileges permanently:

#!/usr/bin/perl -wT

use strict;
require POSIX;

sub ids () { print RUID=$ EUID=$ RGID=$( EGID=$)\n }

print Running $^X $0\n;

ids;
$ = $ = $;
ids;
$ = $ = 0;
ids;

=== OUTPUT: 
Running /usr/bin/perl /dev/fd/3
RUID=1000 EUID=0 RGID=10 10 0 5 9 117 501 1001 EGID=10 10 0 5 9 117 501 1001
RUID=1000 EUID=1000 RGID=10 10 0 5 9 117 501 1001 EGID=10 10 0 5 9 117 501 1001
RUID=1000 EUID=1000 RGID=10 10 0 5 9 117 501 1001 EGID=10 10 0 5 9 117 501 1001


Backdoor is still open when doing $ = $ = 1000 or
$ = 1000; $ = 1000;. POSIX::setuid($) works fine.

SETUID perl script

[Christopher Zimmermann]

Hi,

I'm trying to chroot and drop privileges in a perl script. But somehow
I'm not even able to run it setuid root. The setuid bit gets ignored
completely. But as I understand sys/sys/exec_script.h. The
SETUIDSCRIPTS feature is enabled by default. What am I missing?


/tmp% ls -l test.pl 
-rwsrwx---  1 root  wheel  165 Apr 24 21:07 test.pl
/tmp% cat test.pl 
#!/usr/bin/perl -wT

use strict;

sub ids () { print RUID=$ EUID=$ RGID=$( EGID=$)\n }

ids;
$ = $ = 1000;
ids;
$ = $ = 0;
ids;
/tmp% ./test.pl 
RUID=1000 EUID=1000 RGID=10 10 0 5 9 117 501 1001 EGID=10 10 0 5 9 117 501 1001
RUID=1000 EUID=1000 RGID=10 10 0 5 9 117 501 1001 EGID=10 10 0 5 9 117 501 1001
RUID=1000 EUID=1000 RGID=10 10 0 5 9 117 501 1001 EGID=10 10 0 5 9 117 501 1001

Re: PF match word

[Christopher Zimmermann]

On Tue, 24 Apr 2012 12:39:35 -0700 (PDT)
Theron ZORBAS theronzor...@yahoo.com wrote:

 Hello Misc,
 
 What is the difference beetwen these two rules:
 match out on egress inet from $int_if:network to any nat-to (egress)
 
 pass out on egress inet from $int_if:network to any nat-to (egress)
 Or there is no difference?

The pass rule does NAT and allows all outgoing packets that match the
source ip. The match rule only does the NAT. You still need some other
rules to actually allow individual packets to leave.

 I could not understand when to use match word.
 
 P.S. It's been very near time that i started to use OpenBSD as a
 firewall. I'm asking this question as a newbie. Sorry if it is a time
 wasting question to you.
 
 Thanks.
 Theron ZORBAS

Re: SETUID perl script

[Christopher Zimmermann]

On Tue, 24 Apr 2012 14:48:18 -0500
Matthew Weigel uni...@idempot.net wrote:

 On 24.04.2012 14:22, Christopher Zimmermann wrote:
  Hi,
 
  I'm trying to chroot and drop privileges in a perl script. But 
  somehow
  I'm not even able to run it setuid root. The setuid bit gets ignored
  completely. But as I understand sys/sys/exec_script.h. The
  SETUIDSCRIPTS feature is enabled by default. What am I missing?
 
  /tmp% ls -l test.pl
 
 Check the mount options for whatever filesystem /tmp lives on.
 Chances are
 good it's its own filesystem, and is mounted nosuid.

Ah, of course. Thanks!

Re: SETUID perl script leaves backdoor open

[Christopher Zimmermann]

After short testing I found a bug or at least a dangerous pitfall.

This leaves a backdoor open (probably in the saved UID):

#!/usr/bin/perl -wT

use strict;
require POSIX;

 sub ids () { print RUID=$ EUID=$ RGID=$( EGID=$)\n }

print Running $^X $0\n;

ids;
$ = $ = $;
ids;
$ = $ = 0;
ids;

=== OUTPUT: 
Running /usr/bin/perl /dev/fd/3
RUID=1000 EUID=0 RGID=10 10 0 5 9 117 501 1001 EGID=10 10 0 5 9 117 501
1001 RUID=1000 EUID=1000 RGID=10 10 0 5 9 117 501 1001 EGID=10 10 0 5 9
117 501 1001 RUID=0 EUID=0 RGID=10 10 0 5 9 117 501 1001 EGID=10 10 0 5
9 117 501 1001


While this drops privileges permanently:

#!/usr/bin/perl -wT

use strict;
require POSIX;

 sub ids () { print RUID=$ EUID=$ RGID=$( EGID=$)\n }

print Running $^X $0\n;

ids;
$ = $ = $;
ids;
$ = $ = 0;
ids;

=== OUTPUT: 
Running /usr/bin/perl /dev/fd/3
RUID=1000 EUID=0 RGID=10 10 0 5 9 117 501 1001 EGID=10 10 0 5 9 117 501
1001 RUID=1000 EUID=1000 RGID=10 10 0 5 9 117 501 1001 EGID=10 10 0 5 9
117 501 1001 RUID=1000 EUID=1000 RGID=10 10 0 5 9 117 501 1001 EGID=10
10 0 5 9 117 501 1001


Backdoor is still open when doing $ = $ = 1000 or
$ = 1000; $ = 1000;. POSIX::setuid($) works fine.

Re: SETUID perl script leaves backdoor open after dropping privileges

[Christopher Zimmermann]

As requested, here's the same test case a little more readable:

This leaves a backdoor open (possibly in the saved UID):

==
#!/usr/bin/perl -wT

use strict;
use English qw(-no_match_vars);

sub ids { print RUID=$REAL_USER_ID EUID=$EFFECTIVE_USER_ID\n }

ids;
$REAL_USER_ID = 1000;
$EFFECTIVE_USER_ID = 1000;
ids;
$REAL_USER_ID = $EFFECTIVE_USER_ID = 0;
ids;

==
OUTPUT:

RUID=1000 EUID=0
RUID=1000 EUID=1000
RUID=0 EUID=0


Still, changing the order of the *_USER_ID = 1000 lines or using 
POSIX::setuid(1000) works as expected.

Christopher

Route packets destined to dynamic public ip locally

[Christopher Zimmermann]

Hi!

I am running a http server on my dynamic public IP. The only thing that
annoys me is that when clients on the http server connect to the public
IP, the packets get routed through my pppoe connection and back:

$ ifconfig pppoe0
pppoe0: [...] inet 217.190.91.237 -- 213.20.223.35 netmask 0x
$ traceroute -P 1 -n 217.190.91.237
traceroute to 217.190.91.237 (217.190.91.237), 64 hops max, 60 byte packets
 1  213.20.223.35  49.180 ms  48.480 ms  48.773 ms
 2  217.190.91.237  98.173 ms  98.30 ms  98.280 ms

How can I route those packets locally? I already tried a
pass out to (pppeo0) route-to 127.0.0.1@lo0
but this cannot work because the routing decision has already been made
when the packet passes an outbound rule.

A simple route add 217.190.91.237 127.0.0.1 helps, but not for long,
becauso the IP changes daily.

Is there some easier solution than daily changing the route with some
script?

Christopher

Re: Route packets destined to dynamic public ip locally

[Christopher Zimmermann]

On Tue, 10 Apr 2012 11:22:54 +0100
ZC) Loff zel...@zeloff.org wrote:

 Is the PPPoE connection handled by another machine, or by the server
 itself?

 Do the clients try to connect to the public IP or to your public
 domain name / hostname / whatever? If this is the case, maybe a proper
 /etc/hosts file can do the trick, but I can't guarantee it won't break
 something else...


The PPPoE connection is handled by the server itself. The server works
fine and is reachable from everywhere. What annoys me is that LOCAL
clients on the server itself get routed to my ISP and back.

Re: smtpd: no user for command execution in aliases

[Christopher Zimmermann]

Begin forwarded message:

Hi,

Yes this bug is still open because we've been focusing primarily on
fixing parts of smtpd that could cause crashes. We will be solving bugs
related to aliases shortly as Eric and I started discussing them just
an hour ago.

Feel free to join #opensmtpd @ freenode to participate ;)

Gilles

nb: jacekm no longer contributes to smtpd, in the future please cc:
eric@ and chl@


On Thu, Feb 02, 2012 at 02:48:21PM +0100, Christopher Zimmermann wrote:
 Hi,
 
 I just noticed this bug is still outstanding. I have a patch attached
 that fixes this problem for me, but I was told there was some clean up
 to be done in lka_session.c before this can be fixed.
 
 
 Christopher
 
 
 Index: aliases.c
 ===
 RCS file: /cvs/src/usr.sbin/smtpd/aliases.c,v
 retrieving revision 1.44
 diff -u -p -r1.44 aliases.c
 --- aliases.c 11 Oct 2011 17:57:10 -  1.44
 +++ aliases.c 2 Feb 2012 13:48:03 -
 @@ -87,6 +87,8 @@ aliases_get(objid_t mapid, struct expand
   /* foreach node in map_alias expandtree, we merge */
   nbaliases = 0;
   RB_FOREACH(expnode, expandtree, map_alias-expandtree) {
 + (void)strlcpy(expnode-as_user, username,
 + sizeof (expnode-as_user));
   if (expnode-type == EXPAND_INCLUDE)
   nbaliases +=
 aliases_expand_include(expandtree, expnode-u.buffer); else {
 
 
 
 On Sun, 11 Dec 2011 22:28:45 +0100
 Christopher Zimmermann madro...@zakweb.de wrote:
 
  Hi,
  
  I want to use a pipe in my aliases, like this test case:
  
  madroach: |true
  
  but smtpd says the following. Look especially for the
  forkmda: to true as line. Seems like somewhere the username gets
  lost.
  
  Christopher
  
  smtp_new: incoming client on listener: 0x3c00ad40
  session_pickup: greeting client
  imsg: PROC_CONTROL - PROC_SMTP: IMSG_SMTP_ENQUEUE (len=0)
  command: EHLO   args: localhost
  imsg: PROC_MFA - PROC_SMTP: IMSG_MFA_HELO (len=8128)
  imsg: PROC_SMTP - PROC_MFA: IMSG_MFA_HELO (len=9428)
  command: MAIL FROM  args: madro...@alix.ftp.sh
  session_rfc5321_mail_handler: sending notification to mfa
  imsg: PROC_MFA - PROC_SMTP: IMSG_MFA_MAIL (len=8128)
  imsg: PROC_LKA - PROC_MFA: IMSG_LKA_MAIL (len=9428)
  imsg: PROC_MFA - PROC_LKA: IMSG_LKA_MAIL (len=9428)
  imsg: PROC_SMTP - PROC_MFA: IMSG_MFA_MAIL (len=9428)
  imsg: PROC_QUEUE - PROC_SMTP: IMSG_QUEUE_CREATE_MESSAGE (len=8128)
  imsg: PROC_SMTP - PROC_QUEUE: IMSG_QUEUE_CREATE_MESSAGE (len=9428)
  command: RCPT TOargs: madro...@alix.ftp.sh
  imsg: PROC_MFA - PROC_SMTP: IMSG_MFA_RCPT (len=8128)
  imsg: PROC_LKA - PROC_MFA: IMSG_LKA_RULEMATCH (len=9428)
  imsg: PROC_MFA - PROC_LKA: IMSG_LKA_RULEMATCH (len=9428)
  imsg: PROC_LKA - PROC_MFA: IMSG_LKA_RCPT (len=9428)
  aliases_exist: 'madroach' exists with 1 expansion nodes
  aliases_get: returned 1 aliases
  lka_resolve_node: node is filter: true
  imsg: PROC_QUEUE - PROC_LKA: IMSG_QUEUE_SUBMIT_ENVELOPE (len=8128)
  imsg: PROC_QUEUE - PROC_LKA: IMSG_QUEUE_COMMIT_ENVELOPES (len=8128)
  imsg: PROC_SMTP - PROC_QUEUE: IMSG_QUEUE_COMMIT_ENVELOPES
  (len=9428) command: DATA   args: (null)
  imsg: PROC_SMTP - PROC_QUEUE: IMSG_QUEUE_MESSAGE_FILE (len=9428)
  imsg: PROC_QUEUE - PROC_SMTP: IMSG_QUEUE_COMMIT_MESSAGE (len=8128)
  imsg: PROC_RUNNER - PROC_QUEUE: IMSG_QUEUE_COMMIT_MESSAGE
  (len=8128) imsg: PROC_SMTP - PROC_QUEUE: IMSG_QUEUE_COMMIT_MESSAGE
  (len=9428) 5c8a626e: from=madro...@alix.ftp.sh, size=349,
  nrcpts=1, proto=ESMTP, relay=1000@localhost [IPv6:::1]
  command: QUIT   args: (null)
  session_destroy: killing client: 0x89a3c000
  runner: nothing to schedule, wake me up. zZzZzZ
  imsg: PROC_QUEUE - PROC_RUNNER: IMSG_MDA_SESS_NEW (len=8128)
  imsg: PROC_MDA - PROC_QUEUE: IMSG_MDA_SESS_NEW (len=8128)
  imsg: PROC_PARENT - PROC_MDA: IMSG_PARENT_FORK_MDA (len=1058)
  forkmda: to true as
  imsg: PROC_MDA - PROC_PARENT: IMSG_MDA_DONE (len=23)
  5c8a626ea8724c2d: to=madro...@alix.ftp.sh, delay=0, stat=Error
  (getpwnam: no such user)
 

-- 
Gilles Chehade

https://www.poolp.org |
http://pool.ps  @poolpOrg

Re: GPIO and rc.securelevel

[Christopher Zimmermann]

On Wed, 04 Apr 2012 12:24:37 -0600
Jack Woehr jwo...@softwoehr.com wrote:

 gpioctl(8) man page says:  Only pins that have been configured at
 securelevel 0, typically during system startup, are accessible once
 the securelevel has been raised.
 
 However, /etc/rc.securelevel first says securelevel=1 and only then
 # Place local actions here.
 
 Should I put gpioctl statements before the  statement
 or is the man page in error, please?
 

place them after the comment. securelevel=1 is just a variable
assignment, which is used in /etc/rc, which sources /etc/rc.securelevel.

Routing to public ip of pppoe(4) interface

[Christopher Zimmermann]

Hi,

for every address of a local interface a loopback route is created on
demand.
Those routes look like the second one here:

192.168.123.252/30 link#3 UC 10 - 4 vr2
192.168.123.25300:0d:b9:24:60:42  UHLc   04 - 4 lo0

But this mechanism does somehow not work for Point to Point interfaces like
pppoe(4) or tun(4). The only routes I get here are the following; the
first one being created by the netstart script like suggested in
pppoe(4).

default213.20.223.35  UGS3 2190 - 8
pppoe0
213.20.223.35  217.190.92.137 UH 00 - 4
pppoe0

I would like to automatically add a route

217.190.92.137 127.0.0.1  UGHS   00 33196 8 lo0

So that local processes talking to my public IP won't get routed to my
ISP and back. The problem is that the IPs are dynamic.

What confuses me is that packets arriving on a local lan interface with
a destination to my public IP already get routed via the loopback
interface. This leads to the strange situation that connections from
lan are faster than connections from localhost.


Christopher

Let aucat mux local and remote

[Christopher Zimmermann]

I want to use aucat as remote and local soundserver. It works with the
following parameters. The only problem is that only one client can
connect at one time. Either remote or local.

-L alix -s default

Christopher

Re: USB serial port adaptor - umct(4) works fine

[Christopher Zimmermann]

On 12/10/11 17:07, Mark Zimmerman wrote:
 Greetings:
 
 I need to buy a USB serial port adapter and there is no specific mention
 of these in the supported hardware list. Archive search indicates that
 they all suck, but the Prolific chipset sucks less. Anyone care to offer
 a recommendation?


For me the umct(4) adapter works fine.
It is part of the Targus USB2.0 Port Replicator with Ethernet
Every component of it works fine. USB hub, PS/2 keybord and mouse,
serial, parallel and 100MBit ethernet.


uhub2 at uhub0 port 3 Philips Semiconductors product 0x1521 rev
2.00/2.00 addr 5
umct0 at uhub2 port 1 Targus Group Intl Targus Group Intl rev
1.10/1.03 addr 6
ucom0 at umct0
uhidev2 at uhub2 port 2 configuration 1 interface 0 MCT USB PS/2
Keyboard - PS/2 Mouse rev 1.01/0.01 addr 7
uhidev2: iclass 3/1
ukbd1 at uhidev2: 8 modifier keys, 6 key codes
wskbd2 at ukbd1 mux 1
wskbd2: connecting to wsdisplay0
uhidev3 at uhub2 port 2 configuration 1 interface 1 MCT USB PS/2
Keyboard - PS/2 Mouse rev 1.01/0.01 addr 7
uhidev3: iclass 3/1, 3 report ids
ums1 at uhidev3 reportid 1: 3 buttons, Z dir
wsmouse3 at ums1 mux 0
uhid0 at uhidev3 reportid 2: input=1, output=0, feature=0
uhid1 at uhidev3 reportid 3: input=1, output=0, feature=0
aue0 at uhub2 port 5 ADMtek USB To LAN Converter rev 2.00/1.01 addr 8
aue0: address 00:05:1b:e5:9a:02
ukphy0 at aue0 phy 1: Generic IEEE 802.3u media interface, rev. 1: OUI
0x000749, model 0x0001
ulpt0 at uhub2 port 6 configuration 1 interface 0 Lucent USS-720
evaluation kit rev 1.00/1.04 addr 9
ulpt0: using bi-directional mode

protecting NFS on IPsec gateway

[Christopher Zimmermann]

Hi!

I want to secure my wlan using IPsec. The simplified setup looks like this:

172.26.153.0/24 .1 public ip
  (wlan clients) --- athn0[OpenBSD gateway]pppoe0 -- ((internet))
IPsec

This works fine so far. But now I want to secure my OpenBSD gateway
which also runs NFS. How can I block NFS packets on the encrypted link
while still allowing ssh, ftp and the like on the encrypted link?
On enc0 I can see only ipencap packets which cannot be filtered by pf.


Christopher

Re: altq on a variable bandwidth interface

[Christopher Zimmermann]

On 11/23/11 20:58, Henning Brauer wrote:
 * Jussi Peltola pe...@pelzi.net [2011-11-20 04:09]:
 On Sat, Nov 19, 2011 at 08:58:46PM -0500, quartz wrote:
 is there a way to set up altq+priq on an internet connection with highly
 variable/unknown bandwidth?

 I'd like to create a simple one layer queue system that prioritizes empty
 ACKs over anything else (always, all the time, no matter the load or
 congestion). it looks like priq is the way to do this, but all the
 documentation I can find seems to say you have to type in a hard number,
 which won't work for my case.
  
 This is usually impossible. The packets get re-queued in the modem or
 whatever device is next to the choke point, and any prioritization you
 configure becomes useless. Typically the only way around it is to send
 at a rate slightly lower than the choke point bandwidth, so the buffer
 of the modem never starts to get utilized. If the bandwidth is variable,
 you're screwed.
 
 this is not true for simple priority queueing. it just reorders the
 packets. the modem is not supposed to, so your higher priority packets
 still go out before the later sent lower priority ones.

This works only as long as the modem doesn't start to drop packets
because its queue is full.
If the modem ist not queueing packets, why do you do priorization?

Most people use priority queueing because they want short delay on some
connections like ssh, VoIP... They don't want the modem to buffer
packets at all because that would add delay.
This means you can priorize packets only on the bottleneck.

 however and admittedly:
 the effect of simple priority queueing isn't all that drastic since
 your machine only reorders within the packets it has in flight at the
 given moment (few less even).
 the combo of the extra buffer and the lower bandwidth link further
 down the road minimizes the effects - foremost when there is congestion
 on that slower link. 

as soon as the modem starts queueing your deley rises (my modem buffers
up to 2500ms - try doing VoIP over such a connection).
as soon as the modem starts dropping packets (because it has a small
buffer or because it gets fed with 100MBit) your priorization won't
work anymore, too.

You cannot do any kind of bandwidth shaping, priorization or fair
queueing on any link but the bottleneck.

Re: NFS not working

[Christopher Zimmermann]

On 11/11/11 14:57, John Tate wrote:
 Sorry I should have posted. mountd, portmap, and also the appropriate
 services are running on the server portmap and nfsd.

what do
rpcinfo -p nfs-server on client and server and netstat -na say?

Re: optimize adsl bandwidth

[Christopher Zimmermann]

You probably won't be able to shape traffic with prio, because it
doesn't limit the bandwidth. Therefore packets will probably be queued
on your router/modem and then get dropped in a random manner. This
queue will also add to you round-trip time.
altq won't be able to count your traffic exactly because of ethernet,
PPPoE and ATM overhead. I use the following quick fix for bw-shaping on
my pppoe connection. You will have to adapt this for your encapsulation
protocols and substract the size of the MAC headers, since you are
already shaping on an ethernet interface.


Index: altq_var.h
===
RCS file: /cvs/src/sys/altq/altq_var.h,v
retrieving revision 1.17
diff -u -p -r1.17 altq_var.h
--- altq_var.h  7 Oct 2011 17:10:08 -   1.17
+++ altq_var.h  10 Nov 2011 11:03:58 -
@@ -91,7 +91,12 @@ struct callout {

 typedef void (timeout_t)(void *);

+#if 1
+#definem_pktlen(m) ( 53 * (
m)-m_pkthdr.len)+18) / 48) \
+ + m)-m_pkthdr.len)+18) % 48 ? 1 :
0) ) )
+#else
 #definem_pktlen(m) ((m)-m_pkthdr.len)
+#endif

 struct ifnet; struct mbuf;
 struct pf_altq; struct pf_qstats;


On 11/09/11 14:02, Wesley M. wrote:
 Hi,
 
 I use OpenBSD 5.0, what is better between use prio or altq on em0 priq
 bandwidth 200Kb queue {q_def,q_pri} ?
 I explain : 
 
 altq on em0 priq bandwidth 200Kb queue {q_def,q_pri}
 queue q_def priority 1
 queue q_pri priority 7 priq(default)
 
 pass out on egress inet proto tcp queue(q_def,q_pri)
 
 
 OR
 
 pass out on egress inet proto tcp prio (1,7)
 
 What is better, or perhaps, it works on the same way...
 If someone can help on ...
 Thank you very much.
 
 Wesley

Re: Mouse0: No Device specified, looking for one.. (it's specified)

[Christopher Zimmermann]

Can you post your Xorg.log and complete xorg.conf?

See also xorg.conf(5); this may be what you need.

Option AllowEmptyInput boolean
   If enabled, don't add the standard keyboard and mouse drivers,
   if there are no input devices in the config file.  Enabled by
   default if AutoAddDevices and AutoEnableDevices is enabled,
   otherwise disabled.  If AllowEmptyInput is on, devices using the
   kbd, mouse or vmmouse driver are ignored.


Christopher


On 07/31/11 17:54, LEVAI Daniel wrote:
 Hali!
 
 
 FWIW, on my thinkpad t60 I can not configure the EmulateWheel option for
 the trackpoint because of this. The configure option for the input
 devices in xorg.conf are simply getting ignored.
 
 
 Daniel
 
 
 Section InputDevice
   Identifier  TrackPoint
   Driver  mouse
   Option  Device/dev/wsmouse
   Option  Emulate3Buttons   false
   Option  EmulateWheel  true
   Option  EmulateWheelButton2
   Option  XAxisMapping  6 7
   Option  YAxisMapping  4 5
 EndSection
 
 
 
 OpenBSD 5.0-beta (GENERIC.MP) #28: Tue Jul 26 20:15:10 MDT 2011
 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
 cpu0: Genuine Intel(R) CPU T2400 @ 1.83GHz (GenuineIntel 686-class) 1.83 GHz
 cpu0: 
 FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR,PDCM
 real mem  = 2145775616 (2046MB)
 avail mem = 2100592640 (2003MB)
 mainbus0 at root
 bios0 at mainbus0: AT/286+ BIOS, date 08/27/09, BIOS32 rev. 0 @ 0xfd6b0, 
 SMBIOS rev. 2.4 @ 0xe0010 (68 entries)
 bios0: vendor LENOVO version 79ETE5WW (2.25 ) date 08/27/2009
 bios0: LENOVO 2007FRG
 acpi0 at bios0: rev 2
 acpi0: sleep states S0 S3 S4 S5
 acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET BOOT SSDT SSDT SSDT SSDT
 acpi0: wakeup devices LID_(S3) SLPB(S3) LURT(S3) DURT(S3) EXP0(S4) EXP1(S4) 
 EXP2(S4) EXP3(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB7(S3) HDEF(S4)
 acpitimer0 at acpi0: 3579545 Hz, 24 bits
 acpiec0 at acpi0
 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
 cpu0 at mainbus0: apid 0 (boot processor)
 cpu0: apic clock running at 166MHz
 cpu1 at mainbus0: apid 1 (application processor)
 cpu1: Genuine Intel(R) CPU T2400 @ 1.83GHz (GenuineIntel 686-class) 1.83 GHz
 cpu1: 
 FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR,PDCM
 ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
 ioapic0: misconfigured as apic 2, remapped to apid 1
 acpimcfg0 at acpi0 addr 0xf000, bus 0-63
 acpihpet0 at acpi0: 14318179 Hz
 acpiprt0 at acpi0: bus 0 (PCI0)
 acpiprt1 at acpi0: bus 1 (AGP_)
 acpiprt2 at acpi0: bus 2 (EXP0)
 acpiprt3 at acpi0: bus 3 (EXP1)
 acpiprt4 at acpi0: bus 4 (EXP2)
 acpiprt5 at acpi0: bus 12 (EXP3)
 acpiprt6 at acpi0: bus 21 (PCI1)
 acpicpu0 at acpi0: C3, C2, C1, PSS
 acpicpu1 at acpi0: C3, C2, C1, PSS
 acpipwrres0 at acpi0: PUBS
 acpitz0 at acpi0: critical temperature is 127 degC
 acpitz1 at acpi0: critical temperature is 99 degC
 acpibtn0 at acpi0: LID_
 acpibtn1 at acpi0: SLPB
 acpibat0 at acpi0: BAT0 model 93P5030 serial  2444 type LION oem SONY
 acpibat1 at acpi0: BAT1 not present
 acpiac0 at acpi0: AC unit online
 acpithinkpad0 at acpi0
 acpidock0 at acpi0: GDCK not docked (0)
 bios0: ROM list: 0xc/0xfe00 0xd/0x1000 0xd1000/0x1000 0xdc000/0x4000! 
 0xe/0x1!
 cpu0: Enhanced SpeedStep 1829 MHz: speeds: 1833, 1333, 1000 MHz
 pci0 at mainbus0 bus 0: configuration mode 1 (bios)
 pchb0 at pci0 dev 0 function 0 Intel 82945GM Host rev 0x03
 ppb0 at pci0 dev 1 function 0 Intel 82945GM PCIE rev 0x03: apic 1 int 16
 pci1 at ppb0 bus 1
 vga1 at pci1 dev 0 function 0 ATI Radeon Mobility X1400 rev 0x00
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
 radeondrm0 at vga1: apic 1 int 16
 drm0 at radeondrm0
 azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x02: msi
 azalia0: codecs: Analog Devices AD1981HD, 0x/0x, using Analog Devices 
 AD1981HD
 audio0 at azalia0
 ppb1 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x02: apic 1 int 20
 pci2 at ppb1 bus 2
 em0 at pci2 dev 0 function 0 Intel PRO/1000MT (82573L) rev 0x00: msi, 
 address 00:16:41:aa:d2:70
 ppb2 at pci0 dev 28 function 1 Intel 82801GB PCIE rev 0x02: apic 1 int 21
 pci3 at ppb2 bus 3
 wpi0 at pci3 dev 0 function 0 Intel PRO/Wireless 3945ABG rev 0x02: msi, 
 MoW2, address 00:18:de:65:2d:37
 ppb3 at pci0 dev 28 function 2 Intel 82801GB PCIE rev 0x02: apic 1 int 22
 pci4 at ppb3 bus 4
 ppb4 at pci0 dev 28 function 3 Intel 82801GB PCIE rev 0x02: apic 1 int 23
 pci5 at ppb4 bus 12
 uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x02: apic 1 int 16
 uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x02: apic 1 int 17
 uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 

pf doesn't filter at all on bge(4)

[Christopher Zimmermann]

Hi,

I have this simple setup:

 [ B ] se0 --- bge0 [ A ] pppoe0  ISP

A and B both -current.

Now my problem is, pf on A won't filter anything on bge0. Even with this 
very simple pf.conf:


set skip on lo

block
pass out inet proto {tcp,udp} to port 53

block in on ! lo0 proto tcp to port 6000:6010


the connection to the internet via pppoe0 is dead, of course. But the
connectio via bge0 to B is completely unfiltered. What the heck is
wrong here?!?


Interfaces:

lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33196
priority: 0
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet 127.0.0.1 netmask 0xff00
bge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:11:25:ae:0e:0c
priority: 0
groups: local
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.23.1 netmask 0xff00 broadcast 192.168.23.255
inet6 fe80::211:25ff:feae:e0c%bge0 prefixlen 64 scopeid 0x1
iwi0: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500
lladdr 00:12:f0:62:22:ba
priority: 4
groups: wlan
media: IEEE802.11 autoselect
status: no network
ieee80211: nwid  100dBm
inet6 fe80::212:f0ff:fe62:22ba%iwi0 prefixlen 64 scopeid 0x2
enc0: flags=0
priority: 0
groups: enc
status: active
ep1: flags=8863UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:00:86:3c:58:ce
priority: 0
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::200:86ff:fe3c:58ce%ep1 prefixlen 64 scopeid 0x5
pppoe0: flags=8851UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST mtu 1492
priority: 0
dev: ep1 state: session
sid: 0x16d0 PADI retries: 1 PADR retries: 0 time: 00:09:27
sppp: phase network authproto pap
groups: pppoe egress
status: active
inet6 fe80::211:25ff:feae:e0c%pppoe0 -  prefixlen 64 scopeid 0x6
inet 92.203.15.60 -- 213.148.133.4 netmask 0x
pflog0: flags=141UP,RUNNING,PROMISC mtu 33196
priority: 0
groups: pflog


pfctl -s all:
FILTER RULES:
block drop all
pass out inet proto tcp from any to any port = domain flags S/SA
pass out inet proto udp from any to any port = domain
block drop in on ! lo0 proto tcp from any to any port 6000:6010
No queue in use

INFO:
Status: Enabled for 0 days 00:12:56  Debug: err

State Table  Total Rate
  current entries0
  searches 3800.5/s
  inserts  1380.2/s
  removals 1380.2/s
Counters
  match2420.3/s
  bad-offset 00.0/s
  fragment   00.0/s
  short  00.0/s
  normalize  00.0/s
  memory 00.0/s
  bad-timestamp  00.0/s
  congestion 00.0/s
  ip-option  00.0/s
  proto-cksum00.0/s
  state-mismatch 00.0/s
  state-insert   00.0/s
  state-limit00.0/s
  src-limit  00.0/s
  synproxy   00.0/s

TIMEOUTS:
tcp.first   120s
tcp.opening  30s
tcp.established   86400s
tcp.closing 900s
tcp.finwait  45s
tcp.closed   90s
tcp.tsdiff   30s
udp.first60s
udp.single   30s
udp.multiple 60s
icmp.first   20s
icmp.error   10s
other.first  60s
other.single 30s
other.multiple   60s
frag 30s
interval 10s
adaptive.start 6000 states
adaptive.end  12000 states
src.track 0s

LIMITS:
stateshard limit1
src-nodes hard limit1
frags hard limit 5000
tableshard limit 1000
table-entries hard limit   20

OS FINGERPRINTS:
700 fingerprints loaded



route -n show:
Routing tables

Internet:
DestinationGatewayFlags   Refs  Use   Mtu  Prio 
Iface
default213.148.133.4  UGS3  183 - 8 
pppoe0
127/8  127.0.0.1  UGRS   00 33196 8 
lo0
127.0.0.1  127.0.0.1  UH 3 3664 33196 4 
lo0
192.168.23/24  link#1  

Re: pf doesn't filter at all on bge(4)

[Christopher Zimmermann]

Ok, solved this one. bge0 was in group local, which is matched by

set skip on lo

is this the desired behavior? It can catch you by surprise easily!


On 07/27/11 18:54, Christopher Zimmermann wrote:

Hi,

I have this simple setup:

[ B ] se0 --- bge0 [ A ] pppoe0  ISP

A and B both -current.

Now my problem is, pf on A won't filter anything on bge0. Even with this
very simple pf.conf:

set skip on lo

block
pass out inet proto {tcp,udp} to port 53

block in on ! lo0 proto tcp to port 6000:6010


the connection to the internet via pppoe0 is dead, of course. But the
connectio via bge0 to B is completely unfiltered. What the heck is
wrong here?!?


Interfaces:

lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33196
priority: 0
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet 127.0.0.1 netmask 0xff00
bge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:11:25:ae:0e:0c
priority: 0
groups: local
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.23.1 netmask 0xff00 broadcast 192.168.23.255
inet6 fe80::211:25ff:feae:e0c%bge0 prefixlen 64 scopeid 0x1
iwi0: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500
lladdr 00:12:f0:62:22:ba
priority: 4
groups: wlan
media: IEEE802.11 autoselect
status: no network
ieee80211: nwid  100dBm
inet6 fe80::212:f0ff:fe62:22ba%iwi0 prefixlen 64 scopeid 0x2
enc0: flags=0
priority: 0
groups: enc
status: active
ep1: flags=8863UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST mtu 1500
lladdr 00:00:86:3c:58:ce
priority: 0
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 fe80::200:86ff:fe3c:58ce%ep1 prefixlen 64 scopeid 0x5
pppoe0: flags=8851UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST mtu 1492
priority: 0
dev: ep1 state: session
sid: 0x16d0 PADI retries: 1 PADR retries: 0 time: 00:09:27
sppp: phase network authproto pap
groups: pppoe egress
status: active
inet6 fe80::211:25ff:feae:e0c%pppoe0 - prefixlen 64 scopeid 0x6
inet 92.203.15.60 -- 213.148.133.4 netmask 0x
pflog0: flags=141UP,RUNNING,PROMISC mtu 33196
priority: 0
groups: pflog


pfctl -s all:
FILTER RULES:
block drop all
pass out inet proto tcp from any to any port = domain flags S/SA
pass out inet proto udp from any to any port = domain
block drop in on ! lo0 proto tcp from any to any port 6000:6010
No queue in use

INFO:
Status: Enabled for 0 days 00:12:56 Debug: err

State Table Total Rate
current entries 0
searches 380 0.5/s
inserts 138 0.2/s
removals 138 0.2/s
Counters
match 242 0.3/s
bad-offset 0 0.0/s
fragment 0 0.0/s
short 0 0.0/s
normalize 0 0.0/s
memory 0 0.0/s
bad-timestamp 0 0.0/s
congestion 0 0.0/s
ip-option 0 0.0/s
proto-cksum 0 0.0/s
state-mismatch 0 0.0/s
state-insert 0 0.0/s
state-limit 0 0.0/s
src-limit 0 0.0/s
synproxy 0 0.0/s

TIMEOUTS:
tcp.first 120s
tcp.opening 30s
tcp.established 86400s
tcp.closing 900s
tcp.finwait 45s
tcp.closed 90s
tcp.tsdiff 30s
udp.first 60s
udp.single 30s
udp.multiple 60s
icmp.first 20s
icmp.error 10s
other.first 60s
other.single 30s
other.multiple 60s
frag 30s
interval 10s
adaptive.start 6000 states
adaptive.end 12000 states
src.track 0s

LIMITS:
states hard limit 1
src-nodes hard limit 1
frags hard limit 5000
tables hard limit 1000
table-entries hard limit 20

OS FINGERPRINTS:
700 fingerprints loaded



route -n show:
Routing tables

Internet:
Destination Gateway Flags Refs Use Mtu Prio Iface
default 213.148.133.4 UGS 3 183 - 8 pppoe0
127/8 127.0.0.1 UGRS 0 0 33196 8 lo0
127.0.0.1 127.0.0.1 UH 3 3664 33196 4 lo0
192.168.23/24 link#1 UC 1 0 - 4 bge0
192.168.23.2 00:15:f2:64:0c:83 UHLc 0 34 - 4 bge0
213.148.133.4 92.203.15.60 UH 0 0 - 4 pppoe0
224/4 127.0.0.1 URS 0 2 33196 8 lo0

Internet6:
Destination Gateway Flags Refs Use Mtu Prio Iface
::/104 ::1 UGRS 0 0 - 8 lo0
::/96 ::1 UGRS 0 0 - 8 lo0
::1 ::1 UH 14 0 33196 4 lo0
::127.0.0.0/104 ::1 UGRS 0 0 - 8 lo0
::224.0.0.0/100 ::1 UGRS 0 0 - 8 lo0
::255.0.0.0/104 ::1 UGRS 0 0 - 8 lo0
:::0.0.0.0/96 ::1 UGRS 0 0 - 8 lo0
2002::/24 ::1 UGRS 0 0 - 8 lo0
2002:7f00::/24 ::1 UGRS 0 0 - 8 lo0
2002:e000::/20 ::1 UGRS 0 0 - 8 lo0
2002:ff00::/24 ::1 UGRS 0 0 - 8 lo0
fe80::/10 ::1 UGRS 0 0 - 8 lo0
fe80::%bge0/64 link#1 UC 0 0 - 4 bge0
fe80::211:25ff:feae:e0c%bge0 00:11:25:ae:0e:0c HL 0 0 - 4 lo0
fe80::%iwi0/64 link#2 C 0 0 - 4 iwi0
fe80::212:f0ff:fe62:22ba%iwi0 00:12:f0:62:22:ba UHL 0 0 - 4 lo0
fe80::%lo0/64 fe80::1%lo0 U 0 0 - 4 lo0
fe80::1%lo0 link#4 UHL 0 0 - 4 lo0
fe80::%ep1/64 link#5 C 0 0 - 4 ep1
fe80::200:86ff:fe3c:58ce%ep1 00:00:86:3c:58:ce HL 0 0 - 4 lo0
fe80::%pppoe0/64 fe80::211:25ff:feae:e0c%pppoe0 U 0 0 - 4 pppoe0
fe80::211:25ff:feae:e0c%pppoe0 link#6 HL 0 0 - 4 lo0
fec0::/10 ::1 UGRS 0 0 - 8 lo0
ff01::/16 ::1 UGRS 0 0 - 8 lo0
ff01::%bge0/32 link#1 UC 0 0 - 4 bge0
ff01::%iwi0/32 link#2 C 0 0 - 4 iwi0
ff01::%lo0/32 fe80::1%lo0 UC 0 0 - 4 lo0
ff01::%ep1/32 link#5 C 0 0 - 4 ep1
ff01::%pppoe0/32 fe80::211:25ff:feae:e0c%pppoe0 UC 0 0 - 4 pppoe0
ff02::/16 ::1 UGRS 0 0 - 8 lo0
ff02::%bge0/32 link#1 UC 0 0 - 4 bge0

nat-to broken: (if) notation increments nat-to ip by one

[Christopher Zimmermann]

Hi,

pppoe0 has 92.203.101.134.
this works fine:

match out log on egress inet from 192.168.23.0/24 nat-to pppoe0

tcpdump while pinging:
92.203.101.134  74.125.39.147: icmp: echo request
74.125.39.147  92.203.101.134: icmp: echo reply
92.203.101.134  74.125.39.147: icmp: echo request
74.125.39.147  92.203.101.134: icmp: echo reply


But this doesn't:

match out log on egress inet from 192.168.23.0/24 nat-to (pppoe0)

tcpdump while pinging:
92.203.101.135  74.125.39.147: icmp: echo request
92.203.101.135  74.125.39.147: icmp: echo request

in the (pppoe0) mode the IP address is always incremented by one. This 
also happens to other ips, not just 92.203.101.134.



pppoe0: flags=8851UP,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST mtu 1492
priority: 0
dev: ep1 state: session
sid: 0x166f PADI retries: 1 PADR retries: 0 time: 00:11:21
sppp: phase network authproto pap
groups: pppoe egress
status: active
inet6 fe80::211:25ff:feae:e0c%pppoe0 -  prefixlen 64 scopeid 0x6
inet 92.203.101.134 -- 213.148.133.4 netmask 0x

Re: Setting up default boot from a wd0d

[Christopher Zimmermann]

On 06/24/11 16:51, Anand Buddhdev wrote:
 Hello list users,
 
 I have a virtual server for testing, on which I have installed OpenBSD 4.8.
 The installation is on wd0a, and there's just a single / partition.
 
 I then did a second installation, and setup OpenBSD 4.9 on wd0d, also with a
 single / partition.
 
 At this point, I can reboot the server, and at the boot prompt, I can
 manually boot into one or the other system as follows:
 
 boot boot hd0a:/bsd (for OpenBSD 4.8)
 boot boot hd0d:/bsd (for OpenBSD 4.9)
 
 Next, I wished to make the 4.9 installation the default. Therefore, I did
 the following:
 
 1. Booted into 4.9
 2. Logged in as root
 3. cd /usr/mdec; ./installboot /boot ./biosboot wd0
 4. echo 'boot hd0d:/bsd'  /etc/boot.conf
 
 My expectation was that after a reboot, the OpenBSD booter would load up,
 look for wd0d:/etc/boot.conf, find the boot command in there, and boot
 automatically into 4.9. This is based on my reading of the boot.conf man
 page, section 5:
 
 5.   If the file */etc/boot.conf* exists on the filesystem *boot* was loaded
   from, open and parse it.  This file may contain any commands *boot*
   accepts at the interactive prompt.  Though default settings usually
   suffice, they can be changed here.
 
 However, this didn't happen. Instead, the server booted off hd0a:/bsd, and
 into 4.8.
 
 Is this a bug, or have I missed something?


The output of installboot -v (-n) could be helpful.
Then read and understand boot_i386(8).
On i386 BIOS loads MBR, (which maybe loads another MBR, ) which loads
the PBR (biosboot), which loads second stage bootloader (/boot), which
loads kernel (/bsd).
Your problem is possibly that the MBR still loads the PBR/biosboot from
your wd0a disklabel partition. Thats because your MBR only knows one
OpenBSD MBR partition, which starts with your wd0a disklabel partition.

I see two possible solutions to achieve dualbooting:

- use only one OpenBSD biosboot and boot bootloader and install both on
  wd0a. You can configure this bootloader with /etc/boot.conf on wd0a.
- If you really, really want to load the bootloaders from wd0d, then
  create another MBR partition using fdisk having same size and
  location as your wd0d disklabel partition. Then you can dualboot by
  activating either your real OpenBSD partition, starting at wd0a or
  this fake partition starting at wd0d.


Christopher

parameter scope in bourne vs ksh functions

[Christopher Zimmermann]

Hi,

ksh(1) states this:

Functions defined with the function reserved word are treated differently
in the following ways from functions defined with the () notation:

[...]

o   Parameter assignments preceding function calls are not kept in the
shell environment (executing Bourne-style functions will keep
assignments).

This does not work for me:

$ i=foo
$ function fun { echo $i; }
$ fun
foo
$ i=bar
$ fun
bar
$ function fun2 { echo $j; }
$ fun2

$ j=foo
$ fun2
foo
$


Have I got something wrong there?


Christopher

Re: parameter scope in bourne vs ksh functions

[Christopher Zimmermann]

On 06/27/11 17:49, Ted Unangst wrote:
 On Mon, Jun 27, 2011 at 11:00 AM, Christopher Zimmermann
 madro...@zakweb.de wrote:
 Hi,

 ksh(1) states this:

 Functions defined with the function reserved word are treated differently
in the following ways from functions defined with the () notation:

[...]

o   Parameter assignments preceding function calls are not kept in the
shell environment (executing Bourne-style functions will keep
assignments).

 This does not work for me:

 $ i=foo
 $ function fun { echo $i; }
 
 That doesn't count as an assignment preceding a function call.
 Compare with what happens running the test below.
 
 function f1 {
 echo $i;
 }
 f2() {
 echo $i;
 }
 
 i=foo
 i=1 f1
 f1
 
 i=bar
 i=2 f2
 f2

$ function f1 { echo $i; }
$ f2 () { echo $i; }
$ i=foo
$ i=1 f1
1
$ echo $i
foo
$ i=1 true
$ echo $i
foo
$ i=1 f2
1
$ echo $i
1

Ok, I got it. But wtf? Thats creepy! Is there any rationale behind this
strange bourne behaviour?!?

umount(8) by device + overloaded mountpoint is not catched

[Christopher Zimmermann]

Hi,

when umount(8)ing by device, umount fetches the mountpoint via
getmntinfo(3), because unmount(2) only supports unmounting via
mountpoint.
This means it is simply impossible to unmount a specific filesystem
from an overloaded mountpoint. I think umount(8) should detect this
case, warn the user and give up. Instead it plays roulette and calls
unmount(2) on the mountpoint.
This should be easy to fix, but it will require some restructuring of
the code. That's because the current code cannot discriminate between
the unmount by special device and unmount by mountpoint cases in
the getmntname() function where the evaluation of the statfs(2)
structures from getmntinfo(3) happens.


Regards,

Christopher



Here's an umount run in which it went wrong.

$ mount
/dev/wd0a on / type ffs (local)
mfs:1701 on /tmp type mfs (asynchronous, local, nodev, nosuid,
size=2096816 512-blocks)
/dev/wd0d on /usr type ffs (local, nodev)
/dev/wd0e on /usr/local type ffs (local, nodev)
/dev/sd0d on /var type ffs (local, nodev, nosuid, softdep)
/dev/sd0e on /home type ffs (local, nodev, nosuid, softdep)
/dev/sd1i on /vol/sd1i type msdos (local, uid=0, gid=10, mask=0660, direxec)
/dev/wd0i on /vol/sd1i type msdos (local, uid=0, gid=10, mask=0770)
$ sudo umount /dev/sd1i
$ mount
/dev/wd0a on / type ffs (local)
mfs:1701 on /tmp type mfs (asynchronous, local, nodev, nosuid,
size=2096816 512-blocks)
/dev/wd0d on /usr type ffs (local, nodev)
/dev/wd0e on /usr/local type ffs (local, nodev)
/dev/sd0d on /var type ffs (local, nodev, nosuid, softdep)
/dev/sd0e on /home type ffs (local, nodev, nosuid, softdep)
/dev/sd1i on /vol/sd1i type msdos (local, uid=0, gid=10, mask=0660, direxec)
$

Re: Mouse0: No Device specified, looking for one.. (it's specified)

[Christopher Zimmermann]

On 06/04/11 16:32, pat wrote:
 Thanks for your reply, but it doesn't work. Logs are still reporting absence
 of device specification, as a result default /dev/wsmouse gets picked up for
 TrackPoint.. Here's the changed fragment:

I had the very same problem and worked around it by renaming
/dev/wsmouse to /dev/wsmouse.rest here's my xorg.conf:
This seems to be a bug in the pointer device driver infrastrucure in
xenocara, I tried to track it down, but gave up after several hours.


Section Files
FontPath   /usr/local/lib/X11/fonts/terminus/
FontPath   /usr/local/lib/X11/fonts/Liberation/
FontPath   /usr/local/lib/X11/fonts/WinFonts/
EndSection

Section InputDevice
Identifier  TouchPad0
Driver  synaptics
Option  Device/dev/wsmouse0
#Option AutoServerLayout  true
EndSection

Section InputDevice
Identifier  TrackPoint1
Driver  mouse
Option  Device/dev/wsmouse1
Option  Emulate3Buttons   false
Option  EmulateWheel  true
Option  EmulateWheelButton2
# No AutoServerLayout here, since xorg automatically
# adds first InputDevice with mouse driver as CorePointer.
#Option AutoServerLayout  true
EndSection

Section InputDevice
Identifier  Mouse
Driver  mouse
Option  Device/dev/wsmouse2
#Option AutoServerLayout  true
EndSection

Section Device
Identifier  ATI FireGL M24
Option  DynamicClocks true
EndSection

Section Screen
Identifier  wide
Device  ATI FireGL M24
SubSection  Display
Virtual 3200 1200
EndSubSection
EndSection

Section ServerLayout
   Identifier  Layout0
   Screen  wide
   InputDevice TouchPad0  SendCoreEvents
   InputDevice TrackPoint1CorePointer
   InputDevice Mouse  SendCoreEvents
   Option  BlankTime  5
EndSection



 
 Section InputDevice
   Identifier  TrackPoint
   Driver  mouse
   Option  Device /dev/wsmouse0
   Option  Protocol wsmouse
   Option  CorePointer
   Option  ZAxisMapping 4 5 6 7
   Option  EmulateWheel yes
   Option  EmulateWheelButton 2
 EndSection
 
 Section InputDevice
   Identifier  USBMouse
   Driver  mouse
   Option  Device /dev/wsmouse1
   Option  Protocol wsmouse
   Option  SendCoreEvents true
   Option  ZAxisMapping 4 5 6 7
 EndSection
 
 
 On Fri, Jun 3, 2011 at 7:04 AM, Tomas Bodzar tomas.bod...@gmail.com wrote:
 
 Set 'Option CorePointer' in InputDevice section for trackpoint and
 'Option SendCoreEvents true' in InputDevice section for mouse.

 On Fri, Jun 3, 2011 at 12:33 AM, pat pkugri...@gmail.com wrote:
 I'm having issues while trying to configure two mice separately in
 xorg.conf. Default mouse driver seems to pick up /dev/wsmouse by
 default
 instead of specified wsmouse0.. looks like it just ignores Option
 Device
 line (I tried to place it in the beginning of section also). Here I just
 want to enable a few additional parameters for Trackpoint. xorg.conf,
 Xorg.0.log files and dmesg are below.

 =
 xorg.conf:
 =

 Section Files
 ModulePath   /usr/X11R6/lib/modules
 FontPath /usr/X11R6/lib/X11/fonts/misc/
 FontPath /usr/X11R6/lib/X11/fonts/TTF/
 FontPath /usr/X11R6/lib/X11/fonts/OTF/
 FontPath /usr/X11R6/lib/X11/fonts/Type1/
 FontPath /usr/X11R6/lib/X11/fonts/100dpi/
 FontPath /usr/X11R6/lib/X11/fonts/75dpi/
 EndSection

 Section Module
 Load  dbe
 Load  dri
 Load  dri2
 Load  extmod
 Load  glx
 Load  record
 EndSection

 Section InputDevice
 Identifier  Keyboard0
 Driver  kbd
 EndSection

 Section InputDevice
 Identifier  TrackPoint
 Driver  mouse
 OptionProtocol wsmouse
 OptionZAxisMapping 4 5 6 7
 OptionEmulateWheel yes
 Option  EmulateWheelButton 2
 OptionDevice /dev/wsmouse0
 EndSection

 Section InputDevice
 Identifier  USBMouse
 Driver  mouse
 OptionProtocol wsmouse
 OptionZAxisMapping 4 5 6 7
 OptionDevice /dev/wsmouse1
 EndSection

 Section Monitor
 Identifier   Monitor0
 VendorName   Monitor Vendor
 ModelNameMonitor Model
 EndSection

 Section Device
### Available Driver options are:-
### Values: i: integer, f: float, bool: True/False,
### string: String, freq: f Hz/kHz/MHz,
### percent: f%
### [arg]: arg optional
#Option NoAccel # [bool]
#Option SWcursor   # [bool]
#Option ColorKey   # i
#Option CacheLines # i
#Option Dac6Bit # [bool]
#Option DRI  

Re: Predictable disk device numbering

[Christopher Zimmermann]

Hi,

I have a similar problem since I an using softraid to encrypt /var and
/home. The softraid device is usually on sd0. But when I have an usb
mass storage device plugged in during boot up it gets assigned to sd0
and softraid gets sd1. Still, my fstab tries to mount from /dev/sd0X.
This can be annoying.
Is there no way to reserve sd0 or tell bioctl to use a higher number for
the softraid sdX? With vnd(3) this is not so much of a problem, because
vnd(3) devices won't conflict with unpredictable things like usb-sticks,
which share the sd(4) namespace.


Christopher

Re: Predictable disk device numbering

[Christopher Zimmermann]

On 02/04/11 15:10, Matthias Guedemann wrote:
 On Fri, 4 Feb 2011 14:32:15 +0100, Christopher Zimmermann 
 madro...@zakweb.de wrote:
 I have a similar problem since I an using softraid to encrypt /var and
 /home. The softraid device is usually on sd0. But when I have an usb
 mass storage device plugged in during boot up it gets assigned to sd0
 and softraid gets sd1. Still, my fstab tries to mount from /dev/sd0X.
 This can be annoying.
 
 it is, but an easy way to avoid this is to use the UID to mount. If your
 sd0X has no UID, simply open it with disklabel and save without other
 changes - this generates one. You can then change /dev/sd0X to UID.X in
 your fstab.
 
 Matthias
 
 


Thanks! Just what I needed :)

high cpu load on small pcmcia ethernet loads

[Christopher Zimmermann]

Hi!

I experience very high cpu loads when using my pcmcia ethernet card
with more than 4Mbit/s. I get the same behaviour for a ep(4) 100MBit
fast ethernet and ne(4) 10MBit ethernet card. Both 16bit pcmcia.
The distribution between interrupt and system load seems to be a bit
strange, also the load goes up very quick after passing the 4MBit
threshold.

NET (Kb)Interrupts (ep1/cbb0)   CPU/Int CPU/Sys
... ... 0   0
4000180 3   1
4500150 32  1
5000155 33  1
5500160 30  2
6000180 40  3
6500210 45  8
7000350 40  23
7500600 15  70
8000730 7   92

any idea how this could be debugged?


Christopher



OpenBSD 4.8-current (GENERIC) #601: Sat Jan  8 19:46:05 MST 2011
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) M processor 2.13GHz (GenuineIntel 686-class)
2.13 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,EST,TM2
real mem  = 2145808384 (2046MB)
avail mem = 2100600832 (2003MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 08/21/06, BIOS32 rev. 0 @ 0xfd760,
SMBIOS rev. 2.33 @ 0xe0010 (64 entries)
bios0: vendor IBM version 1YET65WW (1.29 ) date 08/21/2006
bios0: IBM 2668H2G
apm at bios0 function 0x15 not configured
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG BOOT
acpi0: wakeup devices LID_(S3) SLPB(S3) UART(S3) EXP0(S4) EXP1(S4)
EXP2(S4) EXP3(S4) PCI1(S4) DOCK(S4) USB0(S3) USB1(S3) USB3(S3) USB7(S3)
AC9M(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiec0 at acpi0
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 133MHz
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 1
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (AGP_)
acpiprt2 at acpi0: bus 2 (EXP0)
acpiprt3 at acpi0: bus -1 (EXP1)
acpiprt4 at acpi0: bus 3 (EXP2)
acpiprt5 at acpi0: bus -1 (EXP3)
acpiprt6 at acpi0: bus 11 (PCI1)
acpicpu0 at acpi0: C3, C2, C1, PSS
acpipwrres0 at acpi0: PUBS
acpitz0 at acpi0: critical temperature 99 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpibat0 at acpi0: BAT0 model IBM-92P1077 serial   401 type LION oem
SANYO
acpibat1 at acpi0: BAT1 not present
acpiac0 at acpi0: AC unit online
acpithinkpad0 at acpi0
acpidock0 at acpi0: DOCK not docked (0)
bios0: ROM list: 0xc/0x1 0xd/0x1600 0xd1800/0x1000
0xdc000/0x4000! 0xe/0x1
cpu0: Enhanced SpeedStep 2129 MHz: speeds: 2133, 1866, 1600, 1333, 1066,
800 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel 82915GM Host rev 0x03
ppb0 at pci0 dev 1 function 0 Intel 82915GM PCIE rev 0x03: apic 1 int
16 (irq 11)
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 ATI FireGL M24 GL rev 0x80
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
radeondrm0 at vga1: apic 1 int 16 (irq 11)
drm0 at radeondrm0
ppb1 at pci0 dev 28 function 0 Intel 82801FB PCIE rev 0x03: apic 1 int
20 (irq 11)
pci2 at ppb1 bus 2
bge0 at pci2 dev 0 function 0 Broadcom BCM5751M rev 0x11, BCM5750 B1
(0x4101): apic 1 int 16 (irq 11), address 00:11:25:ae:0e:0c
brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
ppb2 at pci0 dev 28 function 2 Intel 82801FB PCIE rev 0x03: apic 1 int
22 (irq 11)
pci3 at ppb2 bus 3
uhci0 at pci0 dev 29 function 0 Intel 82801FB USB rev 0x03: apic 1 int
16 (irq 11)
uhci1 at pci0 dev 29 function 1 Intel 82801FB USB rev 0x03: apic 1 int
17 (irq 11)
uhci2 at pci0 dev 29 function 2 Intel 82801FB USB rev 0x03: apic 1 int
18 (irq 11)
uhci3 at pci0 dev 29 function 3 Intel 82801FB USB rev 0x03: apic 1 int
19 (irq 11)
ehci0 at pci0 dev 29 function 7 Intel 82801FB USB rev 0x03: apic 1 int
19 (irq 11)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb3 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xd3
pci4 at ppb3 bus 11
cbb0 at pci4 dev 0 function 0 Ricoh 5C476 CardBus rev 0x8d: apic 1 int
16 (irq 11)
iwi0 at pci4 dev 2 function 0 Intel PRO/Wireless 2200BG rev 0x05: apic
1 int 21 (irq 11), address 00:12:f0:62:22:ba
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 12 device 0 cacheline 0x0, lattimer 0xb0
pcmcia0 at cardslot0
auich0 at pci0 dev 30 function 2 Intel 82801FB AC97 rev 0x03: apic 1
int 22 (irq 11), ICH6 AC97
ac97: codec id 0x41445374 (Analog Devices AD1981B)
ac97: codec features headphone, 20 bit DAC, No 3D Stereo
audio0 at auich0
ichpcib0 at pci0 dev 31 function 0 Intel 

Re: high cpu load on small pcmcia ethernet loads

[Christopher Zimmermann]

On 01/15/11 21:26, Ted Unangst wrote:
 On Sat, Jan 15, 2011 at 1:33 PM, Christopher Zimmermann
 madro...@zakweb.de wrote:
 I experience very high cpu loads when using my pcmcia ethernet card
 with more than 4Mbit/s. I get the same behaviour for a ep(4) 100MBit
 fast ethernet and ne(4) 10MBit ethernet card. Both 16bit pcmcia.
 The distribution between interrupt and system load seems to be a bit
 strange, also the load goes up very quick after passing the 4MBit
 threshold.
 
 That doesn't sound surprising.  pcmcia is not, by modern standards, a
 high speed interface.


Hmm, pcmcia should be capable of 16Mbit(byte?)/s. But what I really
don't understand is, why the system load is 0 until the traffic reaches
4MBit and then increases until it reaches 100% at only 8MBit.
I'm also quite sure, the cards did both perform with higher throughputs
on linux 2.4, but I'll test it again with a 2.6 kernel.

Christopher

Re: bioctl -P, change passwords on crypto volumes

[Christopher Zimmermann]

On 10/13/10 21:29, Markus Bergkvist wrote:
 $ sudo bioctl -c C -l /dev/sd1a softraid0
 Passphrase:
 scsibus4 at softraid0: 1 targets
 sd2 at scsibus4 targ 0 lun 0: OPENBSD, SR CRYPTO, 004 SCSI2 0/direct fixed
 sd2: 237MB, 512 bytes/sec, 487409 sec total
 
 $ sudo bioctl -P sd2
 Old passphrase:
 New passphrase:
 Re-type passphrase:
 
 /Markus

Is it possible to change the number of rounds, too, or do I have to
backup/restore the volume? At the moment I have to wait for about 7s for
my crypto volume to come up. I'd rather use a slightly longer passphrase.

Christopher

USB 2.0 transaction translators

[Christopher Zimmermann]

Hello,

I just stumbled over this:

 Error opening low/full speed isoc endpoint.
 A low/full speed device is attached to a USB2 hub, and
 transaction translations are not yet supported.
 Reattach the device to the root hub instead.

It annoyed me that this doesn't yet work. But since I needed to plug my
device into the hub, I found a different solution: Just disable ehci
support in kernel. Works fine :-D keyboard, mouse and full-duplex audio
all at one hub.

Reading the TODO in ehci.c suggests that fixing this the right way would
be a lot of work - writing a scheduler... ?


Christopher

readline and -lhistory in base ?

[Christopher Zimmermann]

Hi!

I'm trying to compile the statistics suite pspp, but it complains about
missing -lhistory. As I understand the description in the readline port,
there should already be a readline implementation included in the base
system. Still I can only find /usr/lib/libreadline.so.3.0, but no
/usr/lib/libhistory.so.*
the readline port includes /usr/local/lib/libehistory.so
Now what's the way to go for this?


Cheers,

Christopher

Re: Remotely connect to gnome

[Christopher Zimmermann]

On 08/21/10 16:45, Jean-Francois wrote:
 Hi All,

 I've understood that unixes are made to work as workstations and that
gnome
 and kde could handle that.

 Could you please help me to get on the way to make remote connections
 possible to gnome for session login and desktop use ?

Here's an excerpt from a setup on a debian lenny server, should work with
OpenBSD as well. If you need some more tipps or other configs I missed,
just
ask. Also note that XDMCP is no secure protocol. Only use it via trusted
links.
Other options would be to run one of the vpn-X-servers, possibly
launched via
gdm.

Have fun,

Christopher


I opened these ports in my firewall:

# XDMCP (X11 remote login)
lan_udp 177
lan_tcp 177
lan_tcp 6000:6010
lan_tcp 16001

# I remember some problems with gdm and IPv4 / IPv6 support. As I
remember IPv4
# is broken when gdm is compiled with IPv6 support. Maybe this issue has
been
# solved since I set up this server. Just google for it if you encounter
# issues.

# X font server - you may wand to run a font server for the remote terminals
lan_tcp 7100


##
# gdm.conf

[daemon]
# Don't know wheather this is needed for xdmcp setup:
VTAllocation=false

RemoteGreeter=/usr/lib/gdm/gdmgreeter

# Needed for Xming clipboard manager, in case you want to start a
session from
# MS Windows clients:
KillInitClients=false

[security]

[xdmcp]

# Enable remote sessions:
Enable=true

MaxPendingIndirect=0

MaxSessions=4

[gui]
GtkRC=

[greeter]
Include=*** some ',' separated usernames ***
IncludeAll=false
Browser=true

[chooser]
[debug]

[servers]

# Multi seat setup. You won't need this for remote logins. I'm also not
sure,
# weather this will work with OpenBSD.


#0=multiseat
0=seat0
1=seat1

[server-multiseat]
name=Multiseat
command=/usr/bin/Xorg -audit 0 -layout multiseat vt9
fleixble=false
handled=false
chooser=false
flexible=true
priority=0

[server-seat0]
name=Seat 0
command=/usr/bin/Xorg -audit 0 -layout seat0 -sharevts -novtswitch vt9
flexible=true

[server-seat1]
name=Seat 1
command=/usr/bin/Xorg -audit 0 -layout seat1 -sharevts -novtswitch vt9
flexible=true

##


You will start the remote X.org servers by:

X -query OpenBSDserver :0

Re: Remotely connect to gnome

[Christopher Zimmermann]

On 08/21/10 17:27, Christopher Zimmermann wrote:
 On 08/21/10 16:45, Jean-Francois wrote:
 Hi All,
 
 I've understood that unixes are made to work as workstations and that
 gnome
 and kde could handle that.

 Could you please help me to get on the way to make remote connections
 possible to gnome for session login and desktop use ?
 
 Here's an excerpt from a setup on a debian lenny server, should work with
 OpenBSD as well. If you need some more tipps or other configs I missed,
 just
 ask. Also note that XDMCP is no secure protocol. Only use it via trusted
 links.
 Other options would be to run one of the vpn-X-servers, possibly
 launched via
 gdm.

arrrg, no, of course not vpn, vnc is what I meant. For example have a
look at the thightvnc package. But this doesn't support encryption
either. ssh tunneling would be the way to go I think. At least this will
probably be easier using a vnc solution, because it does not need dozens
of ports to be forwarded.

Re: OpenBSD users

[Christopher Zimmermann]

On 07/19/10 19:57, Noah Pugsley wrote:

Mateusz Gierblinski wrote:

Hi misc@

I'm just wondering. Where are you OpenBSD users from?

I'm from Belgium, anyone else?

Take care


Central Oregon, USSA.


Tuebingen, germany.

/boot broken on latest snapshot ?

[Christopher Zimmermann]

Hi,

I just upgraded to the very latest snapshot(9.7. 1:50) on i386. Now my 
system does not boot anymore. The only thing I get is:


Using drive 0, partition 3.
Loading...
[cursor sits here]

As I understand the boot process, the PBR boot loader has found /boot, 
verified the magic number and handed control over to the code loaded 
from /boot.


I already booted the latest bsd.rd via pxeboot and did the following:

# fdisk -u wd0
# mount /dev/wd0a /mnt
# /mnt/mdec/installboot -v /mnt/boot /usr/mdev/biosboot wd0

this did not change anything. Same symptoms as before. Next thing I'll 
try is to boot normal bsd kernel via pxeboot and do installboot again 
from there.


To me this looks like /boot is broken. Has anyone else this problem?


Regards,

Christopher

Re: /boot broken on latest snapshot ?

[Christopher Zimmermann]

On 07/09/10 14:19, Christopher Zimmermann wrote:

Hi,

I just upgraded to the very latest snapshot(9.7. 1:50) on i386. Now my
system does not boot anymore. The only thing I get is:

Using drive 0, partition 3.
Loading...
[cursor sits here]

As I understand the boot process, the PBR boot loader has found /boot,
verified the magic number and handed control over to the code loaded
from /boot.

I already booted the latest bsd.rd via pxeboot and did the following:

# fdisk -u wd0
# mount /dev/wd0a /mnt
# /mnt/mdec/installboot -v /mnt/boot /usr/mdev/biosboot wd0

this did not change anything. Same symptoms as before. Next thing I'll
try is to boot normal bsd kernel via pxeboot and do installboot again
from there.


ok. Booting via pxeboot still works with

boot hd0a:/bsd

running installboot from there didn't help either.

Next thing I tried was a complete reinstall of the latest snapshot on an 
alternate root via pxeboot.
Install worked find, booting from harddist still doesn't work. pxeboot 
works fine.


There is something broken in latest snapshots /boot for sure. The system 
is a ThinkPad T43p. I don't have a dmesg to provide at hand, sorry.



Christopher

Re: wlan scan-after-nwid quirk for ThinkPads

[Christopher Zimmermann]

On 07/06/10 10:10, David Coppa wrote:
 On Tue, Jul 6, 2010 at 4:14 AM, Anders 
Langworthylagrang...@gmail.com  wrote:

 On Mon, Jul 5, 2010 at 4:37 PM, Christopher Zimmermann
 madro...@zakweb.de  wrote:

 The only thing I find funny is that the network link only comes
 up after I have run the 'ifconfig iwi0 scan' a second time. See
 below.

 Yeah, this is a quirk with my iwi device[1] also.  A scan needs to be
 run after you change nwid or the network will not come up as active.
 It does work without a scan the first time you connect to a network
 after the machine has been booted, though.

But not if you do a scan before bringing the inferface up for the
first time - as in my case.

 [1]: iwi0 at pci2 dev 2 function 0 Intel PRO/Wireless 2915ABG rev 0x05



 I think there's a probable regression with:

 ppb1 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xd3
 pci2 at ppb1 bus 4

that's what my dmesg says about this:

ppb3 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev
0xd3
pci4 at ppb3 bus 11
iwi0 at pci4 dev 2 function 0 Intel PRO/Wireless 2200BG rev 0x05: irq 
11, address 00:12:f0:62:22:ba


 I have a ralink on my ThinkPad X41 that shows the same weird behavior.

 ral0 at pci2 dev 2 function 0 Ralink RT2561 rev 0x00: irq 10,
 address 00:0d:f0:3e:6e:a0
 ral0: MAC/BBP RT2561C, RF RT2527

 And the same ifconfig scan trick is also needed if I swap the card
 with an Atheros minipci, so I think it's not related to a particular
 wireless device.

 No quirks at all with another Ralink card on cardbus (MSI CB54G2)...
 And I'm 99% sure I didn't have this problem before.

 cheers,
 David

my complete dmesg:

OpenBSD 4.7-current (GENERIC) #34: Wed Jun 23 22:16:39 MDT 2010
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) M processor 2.13GHz (GenuineIntel 686-class) 
2.13 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,EST,TM2

real mem  = 2145808384 (2046MB)
avail mem = 2067968000 (1972MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 08/21/06, BIOS32 rev. 0 @ 0xfd760, 
SMBIOS rev. 2.33 @ 0xe0010 (64 entries)

bios0: vendor IBM version 1YET65WW (1.29 ) date 08/21/2006
bios0: IBM 2668H2G
apm0 at bios0: Power Management spec V1.2
apm0: battery life expectancy 96%
apm0: AC on, battery charge high
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 2.1 @ 0xfd6f0/0x910
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdeb0/256 (14 entries)
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00)
pcibios0: PCI bus #12 is the last bus
bios0: ROM list: 0xc/0x1 0xd/0x1600 0xd1800/0x1000 
0xdc000/0x4000! 0xe/0x1

cpu0 at mainbus0: (uniprocessor)
cpu0: Enhanced SpeedStep 2129 MHz: speeds: 2133, 1867, 1600, 1333, 1067, 
800 MHz

pci0 at mainbus0 bus 0: configuration mode 1 (bios)
io address conflict 0x5800/0x8
io address conflict 0x5808/0x4
io address conflict 0x5810/0x8
io address conflict 0x580c/0x4
pchb0 at pci0 dev 0 function 0 Intel 82915GM Host rev 0x03
ppb0 at pci0 dev 1 function 0 Intel 82915GM PCIE rev 0x03: irq 11
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 ATI FireGL M24 GL rev 0x80
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
radeondrm0 at vga1: irq 11
drm0 at radeondrm0
ppb1 at pci0 dev 28 function 0 Intel 82801FB PCIE rev 0x03: irq 11
pci2 at ppb1 bus 2
bge0 at pci2 dev 0 function 0 Broadcom BCM5751M rev 0x11, BCM5750 B1 
(0x4101): irq 11, address 00:11:25:ae:0e:0c

brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
ppb2 at pci0 dev 28 function 2 Intel 82801FB PCIE rev 0x03: irq 11
pci3 at ppb2 bus 3
uhci0 at pci0 dev 29 function 0 Intel 82801FB USB rev 0x03: irq 11
uhci1 at pci0 dev 29 function 1 Intel 82801FB USB rev 0x03: irq 11
uhci2 at pci0 dev 29 function 2 Intel 82801FB USB rev 0x03: irq 11
uhci3 at pci0 dev 29 function 3 Intel 82801FB USB rev 0x03: irq 11
ehci0 at pci0 dev 29 function 7 Intel 82801FB USB rev 0x03: irq 11
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb3 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xd3
pci4 at ppb3 bus 11
cbb0 at pci4 dev 0 function 0 Ricoh 5C476 CardBus rev 0x8d: irq 11
iwi0 at pci4 dev 2 function 0 Intel PRO/Wireless 2200BG rev 0x05: irq 
11, address 00:12:f0:62:22:ba

cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 12 device 0 cacheline 0x0, lattimer 0xb0
pcmcia0 at cardslot0
auich0 at pci0 dev 30 function 2 Intel 82801FB AC97 rev 0x03: irq 11, 
ICH6 AC97

ac97: codec id 0x41445374 (Analog Devices AD1981B)
ac97: codec features headphone, 20 bit DAC, No 3D Stereo
audio0 at auich0
ichpcib0 at pci0 dev 31 function 0 Intel 82801FBM LPC rev 0x03: PM 
disabled
pciide0 at pci0 dev 31 function 2 Intel 82801FBM SATA rev 0x03: DMA, 
channel 0 wired to compatibility, channel 1 wired to compatibility

wd0 at pciide0 channel 0 drive 0: HTS541080G9AT00
wd0

Re: Connecting to one of available networks on boot

[Christopher Zimmermann]

I tried it using the ifstated approach, but it didn't work as I
hoped it would. So I just wrote a small sh script and put it in
/etc/wlan and sourced that from /etc/rc right after /etc/netstart
is run.

The only thing I find funny is that the network link only comes
up after I have run the 'ifconfig iwi0 scan' a second time. See
below.


Christopher



#!/bin/sh

echo -n 'setting up wlan: '

for nwid in $(ifconfig iwi0 scan |awk '{if($1==nwid) print $2}') 'FAIL'
do
case $nwid in
wurmlingen)
echo $nwid.
ifconfig iwi0 192.168.23.2 netmask 255.255.255.0 \
media autoselect \
-bssid \
-chan \
nwid wurmlingen \
-nwkey \
wpa \
	wpapsk 
0x \

up
route add default -ifp iwi0 192.168.23.1
break
;;

BELWUE)
echo $nwid.
route delete default
ifconfig iwi0 inet \
media autoselect \
-bssid \
-chan \
nwid BELWUE \
-nwkey \
-wpa \
-wpapsk \
down
dhclient iwi0
break
;;
FAIL)
echo no known network found.
;;
esac
done

sleep 2;
ifconfig iwi0 scan /dev/null

pf - allow only inbound packets to be forwarded

[Christopher Zimmermann]

Hi,

I have two machines. One desktop and one mobile laptop. They are
connected to each other via wlan. The desktop is connected to the
internet vie pppoe and provides internet connectivity to the
laptop via nat.
On the desktop I would like to block all incoming packets
destined to the desktop machine (except ssh and icmp echo
requests), but forward all packets destined elsewhere.
The pppoe interface on the desktop is assigned a dynamic ip.

nat-to works fine using the following rules.

# Masquerade and route wlan clients to outside
pass in on ath0 from 192.168.23.0/24
match out on tun0 from 192.168.23.0/24 nat-to (tun0) #intranet via vpn
match out on egress from 192.168.23.0/24 nat-to (egress) #pppoe0

as I understand, pf cannot tell incoming packets destined to the
local machine from incoming packets to be forwarded. With iptables I 
could easily accomplish this using the INPUT

vs. the FORWARD chains. With pf I could do it by blocking all
packets having a destination ip hosted by the desktop. But for
this to work I would need a static ip or modify the pf rules
everytime my public ip changes.
Is there any other, _simple_ way to accomplish this?


Cheers,

Christopher

mouse cursor keeps jumping up and left in latest snapshot

[Christopher Zimmermann]

Hello,

today I upgraded my system to the latest snapshot from some -current 
version end of april.


Now in all gtk application my mouse cursor often jumps to the upper 
and/or left edge of the screen (not of the application window).
I already recompiled gtk+2 and some of the gtk2 applications, but it did 
not help.


Does anyone else have a similar experience? Any ides? The only idea I 
have is reinstalling the whole system :(



Christopher

Re: mouse warp problem - dmesg

[Christopher Zimmermann]

On 06/03/10 17:25, Otto Moerbeek wrote:
 On Thu, Jun 03, 2010 at 04:46:27PM +0200, Christopher Zimmermann wrote:

 Hello,

 today I upgraded my system to the latest snapshot from some -current
 version end of april.

 Now in all gtk application my mouse cursor often jumps to the upper
 and/or left edge of the screen (not of the application window).
 I already recompiled gtk+2 and some of the gtk2 applications, but it
 did not help.

 Does anyone else have a similar experience? Any ides? The only idea
 I have is reinstalling the whole system :(


 Christopher

 a dmesg, my kingdom for a dmesg...

Here's my dmesg, where's your kingdom?  ;)


OpenBSD 4.7-current (sys) #0: Wed Jun  2 17:04:24 CEST 2010
madro...@pundit:/var/obj/sys
real mem = 1071841280 (1022MB)
avail mem = 1029640192 (981MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf04b0 (57 entries)
bios0: vendor American Megatrends Inc. version 0603 date 03/31/2006
bios0: ASUSTeK Computer INC. K8S-MV-P
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP APIC OEMB
acpi0: wakeup devices PS2K(S4) PS2M(S4) EUSB(S4) USB_(S4) USB2(S4) 
USB3(S4) AC97(S4) MC97(S4) PCI1(S4) PCI2(S4) MAC_(S4)

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Sempron(tm) Processor 3000+, 1795.71 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 128KB 
64b/line 16-way L2 cache

cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: AMD erratum 89 present, BIOS upgrade may be required
cpu0: apic clock running at 199MHz
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 14, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (P0P1)
acpiprt2 at acpi0: bus 2 (P0P6)
acpiprt3 at acpi0: bus 3 (P0P7)
acpicpu0 at acpi0: PSS
aibs0 at acpi0
acpibtn0 at acpi0: PWRB
cpu0: Cool'n'Quiet K8 1795 MHz: speeds: 1800 1000 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 SiS 760 PCI rev 0x03
agp at pchb0 not configured
ppb0 at pci0 dev 1 function 0 SiS 86C202 VGA rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 NVIDIA GeForce FX 5200 rev 0xa1
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 2 function 0 SiS 965 ISA rev 0x48
pciide0 at pci0 dev 2 function 5 SiS 5513 EIDE rev 0x01: 760: DMA, 
channel 0 wired to compatibility, channel 1 wired to compatibility

atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: TSSTcorp, DVD-ROM SH-D162C, TS04 ATAPI 
5/cdrom removable

cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 disabled (no drives)
auich0 at pci0 dev 2 function 7 SiS 7012 AC97 rev 0xa0: apic 1 int 18 
(irq 11), SiS7012 AC97

ac97: codec id 0x41445368 (Analog Devices AD1888)
ac97: codec features headphone, 20 bit DAC, No 3D Stereo
audio0 at auich0
ohci0 at pci0 dev 3 function 0 SiS 5597/5598 USB rev 0x0f: apic 1 int 
20 (irq 5), version 1.0, legacy support
ohci1 at pci0 dev 3 function 1 SiS 5597/5598 USB rev 0x0f: apic 1 int 
21 (irq 10), version 1.0, legacy support
ohci2 at pci0 dev 3 function 2 SiS 5597/5598 USB rev 0x0f: apic 1 int 
22 (irq 5), version 1.0, legacy support
ehci0 at pci0 dev 3 function 3 SiS 7002 USB rev 0x00: apic 1 int 23 
(irq 10)

usb0 at ehci0: USB revision 2.0
uhub0 at usb0 SiS EHCI root hub rev 2.00/1.00 addr 1
se0 at pci0 dev 4 function 0 SiS 190 rev 0x00: apic 1 int 19 (irq 5), 
address 00:15:f2:64:0c:83

rlphy0 at se0 phy 1: RTL8201L 10/100 PHY, rev. 1
pciide1 at pci0 dev 5 function 0 SiS 182 SATA rev 0x01: DMA
pciide1: using apic 1 int 17 (irq 10) for native-PCI interrupt
wd0 at pciide1 channel 0 drive 0: SAMSUNG SP2504C
wd0: 16-sector PIO, LBA48, 238475MB, 488397168 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 6
ppb1 at pci0 dev 6 function 0 SiS PCI-PCI rev 0x00
pci2 at ppb1 bus 2
ppb2 at pci0 dev 7 function 0 SiS PCI-PCI rev 0x00
pci3 at ppb2 bus 3
pchb1 at pci0 dev 24 function 0 AMD AMD64 0Fh HyperTransport rev 0x00
pchb2 at pci0 dev 24 function 1 AMD AMD64 0Fh Address Map rev 0x00
pchb3 at pci0 dev 24 function 2 AMD AMD64 0Fh DRAM Cfg rev 0x00
kate0 at pci0 dev 24 function 3 AMD AMD64 0Fh Misc Cfg rev 0x00
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
wbsio0 at isa0 port 0x2e/2: W83627EHF rev 0x54
lm1 at wbsio0 port 0x290/8: W83627EHF-A
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 SiS OHCI root hub rev 1.00/1.00 addr 1
usb2 at ohci1: USB revision 1.0
uhub2 at usb2 SiS OHCI root hub rev

Re: mouse warp problem - dmesg

[Christopher Zimmermann]

On 06/03/10 18:15, Theo de Raadt wrote:
 Are you running an amd64 kernel? Sigh, I wish people would not change
 these things and use the standard compilation setup which allows us to
 see which arch you are running.

yes, I'm running amd64. Sorry for the inconvenience.

 It's simpler than that.  He's running his own custom kernel, so you
 can ignore what he saying.  He's chosen to take care of his own
 problems by choosing to be different.

My kernel contains a bugfix and several improvements for the
auich(4) driver which are waiting to be committed.
Other than that it contains a workaround in USB2.0 takeover code
for my broken BIOS. I think it is very improbable that these
changes have an effect on the apparantly well known mouse warp
problem.
Therefore the dmesg may very well be of some use to debug the
problem.
If some of the kernel developers give me some hints where they
suspect the problem and what information they could use I could
have a look of my own and possibly provide some more infos.


Regards,

Christopher

 OpenBSD 4.7-current (sys) #0: Wed Jun  2 17:04:24 CEST 2010
  madro...@pundit:/var/obj/sys
 real mem = 1071841280 (1022MB)
 avail mem = 1029640192 (981MB)
 mainbus0 at root
 bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf04b0 (57 entries)
 bios0: vendor American Megatrends Inc. version 0603 date 03/31/2006
 bios0: ASUSTeK Computer INC. K8S-MV-P
 acpi0 at bios0: rev 2
 acpi0: tables DSDT FACP APIC OEMB
 acpi0: wakeup devices PS2K(S4) PS2M(S4) EUSB(S4) USB_(S4) USB2(S4)
 USB3(S4) AC97(S4) MC97(S4) PCI1(S4) PCI2(S4) MAC_(S4)
 acpitimer0 at acpi0: 3579545 Hz, 24 bits
 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
 cpu0 at mainbus0: apid 0 (boot processor)
 cpu0: AMD Sempron(tm) Processor 3000+, 1795.71 MHz
 cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW

 cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache,
 128KB 64b/line 16-way L2 cache
 cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully 
associative
 cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully 
associative

 cpu0: AMD erratum 89 present, BIOS upgrade may be required
 cpu0: apic clock running at 199MHz
 ioapic0 at mainbus0: apid 1 pa 0xfec0, version 14, 24 pins
 acpiprt0 at acpi0: bus 0 (PCI0)
 acpiprt1 at acpi0: bus 1 (P0P1)
 acpiprt2 at acpi0: bus 2 (P0P6)
 acpiprt3 at acpi0: bus 3 (P0P7)
 acpicpu0 at acpi0: PSS
 aibs0 at acpi0
 acpibtn0 at acpi0: PWRB
 cpu0: Cool'n'Quiet K8 1795 MHz: speeds: 1800 1000 MHz
 pci0 at mainbus0 bus 0
 pchb0 at pci0 dev 0 function 0 SiS 760 PCI rev 0x03
 agp at pchb0 not configured
 ppb0 at pci0 dev 1 function 0 SiS 86C202 VGA rev 0x00
 pci1 at ppb0 bus 1
 vga1 at pci1 dev 0 function 0 NVIDIA GeForce FX 5200 rev 0xa1
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
 pcib0 at pci0 dev 2 function 0 SiS 965 ISA rev 0x48
 pciide0 at pci0 dev 2 function 5 SiS 5513 EIDE rev 0x01: 760: DMA,
 channel 0 wired to compatibility, channel 1 wired to compatibility
 atapiscsi0 at pciide0 channel 0 drive 0
 scsibus0 at atapiscsi0: 2 targets
 cd0 at scsibus0 targ 0 lun 0:TSSTcorp, DVD-ROM SH-D162C, TS04
 ATAPI 5/cdrom removable
 cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
 pciide0: channel 1 disabled (no drives)
 auich0 at pci0 dev 2 function 7 SiS 7012 AC97 rev 0xa0: apic 1 int
 18 (irq 11), SiS7012 AC97
 ac97: codec id 0x41445368 (Analog Devices AD1888)
 ac97: codec features headphone, 20 bit DAC, No 3D Stereo
 audio0 at auich0
 ohci0 at pci0 dev 3 function 0 SiS 5597/5598 USB rev 0x0f: apic 1
 int 20 (irq 5), version 1.0, legacy support
 ohci1 at pci0 dev 3 function 1 SiS 5597/5598 USB rev 0x0f: apic 1
 int 21 (irq 10), version 1.0, legacy support
 ohci2 at pci0 dev 3 function 2 SiS 5597/5598 USB rev 0x0f: apic 1
 int 22 (irq 5), version 1.0, legacy support
 ehci0 at pci0 dev 3 function 3 SiS 7002 USB rev 0x00: apic 1 int
 23 (irq 10)
 usb0 at ehci0: USB revision 2.0
 uhub0 at usb0 SiS EHCI root hub rev 2.00/1.00 addr 1
 se0 at pci0 dev 4 function 0 SiS 190 rev 0x00: apic 1 int 19 (irq
 5), address 00:15:f2:64:0c:83
 rlphy0 at se0 phy 1: RTL8201L 10/100 PHY, rev. 1
 pciide1 at pci0 dev 5 function 0 SiS 182 SATA rev 0x01: DMA
 pciide1: using apic 1 int 17 (irq 10) for native-PCI interrupt
 wd0 at pciide1 channel 0 drive 0:SAMSUNG SP2504C
 wd0: 16-sector PIO, LBA48, 238475MB, 488397168 sectors
 wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 6
 ppb1 at pci0 dev 6 function 0 SiS PCI-PCI rev 0x00
 pci2 at ppb1 bus 2
 ppb2 at pci0 dev 7 function 0 SiS PCI-PCI rev 0x00
 pci3 at ppb2 bus 3
 pchb1 at pci0 dev 24 function 0 AMD AMD64 0Fh HyperTransport rev 0x00
 pchb2 at pci0 dev 24 function 1 AMD AMD64 0Fh Address Map rev 0x00
 pchb3 at pci0 dev 24 function 2 AMD AMD64 0Fh DRAM Cfg rev 0x00
 kate0 at pci0 dev 24 function 3 AMD AMD64 0Fh Misc Cfg rev 0x00
 isa0 at pcib0
 isadma0 at isa0
 com0 at isa0 port 

Re: mouse warp problem - dmesg

[Christopher Zimmermann]

On 06/03/10 21:33, Theo de Raadt wrote:
 My kernel contains a bugfix and several improvements for the
 auich(4) driver which are waiting to be committed.
 Other than that it contains a workaround in USB2.0 takeover code
 for my broken BIOS. I think it is very improbable that these
 changes have an effect on the apparantly well known mouse warp
 problem.
 Therefore the dmesg may very well be of some use to debug the
 problem.

 OR IT MIGHT NOT BE.

 We don't know what it contains, and you didn't say what it contains,
 so the right thing for us to do is ASSUME IT IS USELESS.

 You've got it all wrong.

Of course you are right. Although it is very improbable, my
changes MAY still have had an effect on the already known
mouse-warp problem. So you are right and I am all wrong. Here you
finally get your dmesg with the original snapshot kernel. Sorry
for the inconvenience once again. As exprected the mouse-warp
problem persisted:


1,2c1,2
 OpenBSD 4.7-current (GENERIC) #14: Wed Jun  2 10:45:51 MDT 2010
 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
---
 OpenBSD 4.7-current (sys) #0: Wed Jun  2 17:04:24 CEST 2010
 madro...@pundit:/var/obj/sys
4c4
 avail mem = 1029517312 (981MB)
---
 avail mem = 1029640192 (981MB)
15c15
 cpu0: AMD Sempron(tm) Processor 3000+, 1795.70 MHz
---
 cpu0: AMD Sempron(tm) Processor 3000+, 1795.71 MHz




OpenBSD 4.7-current (GENERIC) #14: Wed Jun  2 10:45:51 MDT 2010
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 1071841280 (1022MB)
avail mem = 1029517312 (981MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf04b0 (57 entries)
bios0: vendor American Megatrends Inc. version 0603 date 03/31/2006
bios0: ASUSTeK Computer INC. K8S-MV-P
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP APIC OEMB
acpi0: wakeup devices PS2K(S4) PS2M(S4) EUSB(S4) USB_(S4) USB2(S4) 
USB3(S4) AC97(S4) MC97(S4) PCI1(S4) PCI2(S4) MAC_(S4)

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Sempron(tm) Processor 3000+, 1795.70 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 128KB 
64b/line 16-way L2 cache

cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: AMD erratum 89 present, BIOS upgrade may be required
cpu0: apic clock running at 199MHz
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 14, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (P0P1)
acpiprt2 at acpi0: bus 2 (P0P6)
acpiprt3 at acpi0: bus 3 (P0P7)
acpicpu0 at acpi0: PSS
aibs0 at acpi0
acpibtn0 at acpi0: PWRB
cpu0: Cool'n'Quiet K8 1795 MHz: speeds: 1800 1000 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 SiS 760 PCI rev 0x03
agp at pchb0 not configured
ppb0 at pci0 dev 1 function 0 SiS 86C202 VGA rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 NVIDIA GeForce FX 5200 rev 0xa1
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pcib0 at pci0 dev 2 function 0 SiS 965 ISA rev 0x48
pciide0 at pci0 dev 2 function 5 SiS 5513 EIDE rev 0x01: 760: DMA, 
channel 0 wired to compatibility, channel 1 wired to compatibility

atapiscsi0 at pciide0 channel 0 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: TSSTcorp, DVD-ROM SH-D162C, TS04 ATAPI 
5/cdrom removable

cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 disabled (no drives)
auich0 at pci0 dev 2 function 7 SiS 7012 AC97 rev 0xa0: apic 1 int 18 
(irq 11), SiS7012 AC97

ac97: codec id 0x41445368 (Analog Devices AD1888)
ac97: codec features headphone, 20 bit DAC, No 3D Stereo
audio0 at auich0
ohci0 at pci0 dev 3 function 0 SiS 5597/5598 USB rev 0x0f: apic 1 int 
20 (irq 5), version 1.0, legacy support
ohci1 at pci0 dev 3 function 1 SiS 5597/5598 USB rev 0x0f: apic 1 int 
21 (irq 10), version 1.0, legacy support
ohci2 at pci0 dev 3 function 2 SiS 5597/5598 USB rev 0x0f: apic 1 int 
22 (irq 5), version 1.0, legacy support
ehci0 at pci0 dev 3 function 3 SiS 7002 USB rev 0x00: apic 1 int 23 
(irq 10)

usb0 at ehci0: USB revision 2.0
uhub0 at usb0 SiS EHCI root hub rev 2.00/1.00 addr 1
se0 at pci0 dev 4 function 0 SiS 190 rev 0x00: apic 1 int 19 (irq 5), 
address 00:15:f2:64:0c:83

rlphy0 at se0 phy 1: RTL8201L 10/100 PHY, rev. 1
pciide1 at pci0 dev 5 function 0 SiS 182 SATA rev 0x01: DMA
pciide1: using apic 1 int 17 (irq 10) for native-PCI interrupt
wd0 at pciide1 channel 0 drive 0: SAMSUNG SP2504C
wd0: 16-sector PIO, LBA48, 238475MB, 488397168 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 6
ppb1 at pci0 dev 6 function 0 SiS PCI-PCI rev 0x00
pci2 at ppb1 bus 2
ppb2 at pci0 dev 7 function 0 SiS PCI-PCI rev 0x00
pci3 at ppb2 bus 3
pchb1 at 

Re: mouse cursor keeps jumping up and left in latest snapshot

[Christopher Zimmermann]

On 06/03/10 17:12, David Coppa wrote:

On Thu, Jun 3, 2010 at 4:46 PM, Christopher Zimmermann
madro...@zakweb.de  wrote:

Hello,

today I upgraded my system to the latest snapshot from some -current version
end of april.

Now in all gtk application my mouse cursor often jumps to the upper and/or
left edge of the screen (not of the application window).
I already recompiled gtk+2 and some of the gtk2 applications, but it did not
help.

Does anyone else have a similar experience? Any ides? The only idea I have
is reinstalling the whole system :(


I think you have hit the mouse warping problem that is being worked on
by our kernel hackers (yes, it's kernel stuff...)


Are you sure this is a problem in kernel? Christopher Linn and I only 
experience this problem with gtk2 apps. How could the kernel know wether 
the current focus is on a gtk2 window?


Any idea how I could help to track this down?


Christopher

Re: How to work around this compiler bug

[Christopher Zimmermann]

Hi,

I got another problem compiling some strange C++ code with gcc
3.5; still from opal:

std::string a(std::string(A::Class()));

results in:
error: cannot use `::' in parameter declaration

the actual code in opal looks like this:

#define OPAL_DEFINE_COMMAND(command, entity, func) \
  class entity##_##command : public command \
  { \
public: virtual void Process(OpalPresentity  presentity) { 
dynamic_castentity (presentity).func(*this); } \

  }; \
  static PFactoryOpalPresentityCommand::Workerentity##_##command \

s_entity##_##command(PDefaultPFactoryKey(entity::Class())+typeid(command).name())


I have no clue what this is actually about. So I would be really
happy if someone could help me out in changing this piece of code
into something gcc 3.5 understands.


Christopher

Re: How to work around this compiler bug

[Christopher Zimmermann]

On 05/20/10 15:52, Landry Breuil wrote:

On Thu, May 20, 2010 at 3:18 PM, Christopher Zimmermann
madro...@zakweb.de  wrote:

Hi,

I got another problem compiling some strange C++ code with gcc
3.5; still from opal:


Again... what are you trying to achieve ? What's wrong with net/opal
and x11/gnome/ekiga ports/packages ?


I'm doing some work on opal and would like to do it on OpenBSD. Formerly 
I did it on Debian. What I worked on was improving the SBC codec, adding 
stereo support to opal and g711 PLC.


Compiling with the 4.2 g++ from ports works fine, but then even the 
ptlib hello world sample fails at runtime. Using gcc 3.5 at least this 
ptlib sample works fine.



Cheers,

Christopher

Re: [SOLVED] How to work around this compiler bug

[Christopher Zimmermann]

Hey, I could work around this issue. Thanks for you help so far!!

If you are interested see below.


On 05/20/10 15:54, Marc Espie wrote:
 On Thu, May 20, 2010 at 03:18:39PM +0200, Christopher Zimmermann wrote:
 There's no gcc 3.5.

ok, that's true, its 3.3.5 of course.

 std::string a(std::string(A::Class()));

 results in:
 error: cannot use `::' in parameter declaration

 gcc 3.3.5 can't understand chains of constructors relying on temporaries,
 use intermediate variables.

I think I got that.

 e.g.,

 A::Class tmp;
 std:string a(tmp);

Class() is a method of every class in ptlib/opal, which just
returns a string as identifier for that class. (See below for the
code)
So declaring A::Class tmp does not really make sense, does it?

 (the double std::string is non-sensical, btw)

As I said, I tried to strip down the offending code as much as
possible to find out what the compiler is actually complaining
about. The original snippet of code looked like this:

 SNIP ===
#define OPAL_DEFINE_COMMAND(command, entity, func) \
  class entity##_##command : public command \
  { \
public: virtual void Process(OpalPresentity  presentity) { 
dynamic_castentity (presentity).func(*this); } \

  }; \
  static PFactoryOpalPresentityCommand::Workerentity##_##command \

s_entity##_##command(PDefaultPFactoryKey(entity::Class())+typeid(command).name())
 SNIP ===


As I understand it now, the compiler would need to create a
temporary instance of 'entity' to make the call to ::Class(), but
gcc 3.3.5 is not able to do this?

I now tried to fix it this way:


 SNIP ===
#define OPAL_DEFINE_COMMAND(command, entity, func) \
  class entity##_##command : public command \
  { \
public: virtual void Process(OpalPresentity  presentity) { 
dynamic_castentity (presentity).func(*this); } \

  }; \
  entity tmp; \
  static PFactoryOpalPresentityCommand::Workerentity##_##command \

s_entity##_##command(PDefaultPFactoryKey(tmp.Class())+typeid(command).name()) 



OPAL_DEFINE_COMMAND(OpalSetLocalPresenceCommand, OpalPresentity, 
Internal_SendLocalPresence);

 SNIP ===


this doesn't work because:

`OpalPresentity::OpalPresentity()' is protected
within this context cannot declare variable `tmp' to be of type
`OpalPresentity' because the following virtual functions are
abstract:
   virtual bool OpalPresentity::Open()
   virtual bool OpalPresentity::IsOpen() const
   virtual bool OpalPresentity::Close()

 I'm willing to help, but can you at least double check what you type ?


Now anyway this is where the ::Class() method is defined:

 SNIP ===
#define PCLASSINFO(cls, par) \
  public: \
typedef cls P_thisClass; \
static inline const char * Class() \
  { return #cls; } \
 SNIP ===


Since PCLASSINFO gets called with the 'OpalPresenty' as parameter
for 'cls' I could just remove the 'entity::Class()' thingy and
replace it by '#entity':


 SNIP ===
#define OPAL_DEFINE_COMMAND(command, entity, func) \
  class entity##_##command : public command \
  { \
public: virtual void Process(OpalPresentity  presentity) { 
dynamic_castentity (presentity).func(*this); } \

  }; \
  static PFactoryOpalPresentityCommand::Workerentity##_##command \
  s_entity##_##command(PDefaultPFactoryKey(#entity)+typeid(command).name())
 SNIP ===



g, that was too easy. I tried to fix this for several days
now. Sometimes you just need to know where to look.


Anyway thank you very much for your inspiration ;)


Cheers,

Christopher

Re: openfile advice / clarification

[Christopher Zimmermann]

Hi, I got another question regarding this matter.
How is the openfile count accounted for? Is it per process, per user, 
per shell? How does this work?


I recently had problems when running rtorrent, which used about 100 file 
descriptors (sockets). Pjsua then failed with Too many open files 
(sockets, too), although it should not use more then three sockets.


I also once increased openfile-cur to 1024 for one shell, started an 
appilcation using many sockets (200) and then applications on other 
shells with openfile-cur=128 would fail.




Christopher

Re: openfile advice / clarification

[Christopher Zimmermann]

On 05/07/10 11:20, Otto Moerbeek wrote:
 There is an overall system limit, set with sysctl
 kern.maxfiles=n,
 current in-use fds can be displayed with sysctl kern.nfiles.

 There is also a per-process limit.  Processes inherit the limits from
 the parent process, but can change the lmits via system calls (with
 restrictions for non-seuperuser processes).

 Reading what you described above, it looks like you hit the
 system-wide limit.

Ok, so two processes started from the same shell won't take away
descriptors from each other?

for example:

$ ulimit -n 50
$ use_40_fds 
$ use_maby_fds   # - this process can use 10 or 50 fds ??


thanks,

Christopehr

Re: How to work around this compiler bug

[Christopher Zimmermann]

On Sat, 1 May 2010 14:11:22 +0200 Marc Espie wrote:

 On Sat, May 01, 2010 at 11:39:00AM +0200, Christopher Zimmermann wrote:
  Hi,
  
  the following piece of code compiles fine using g++ 4.2.4, but 
  fails using g++ 3.3.5 in the base system:
  
  error: operands to ?: have different types
  
  It is part of ptlib, which is the base library for opal, which in 
  turn is needed for ekiga, which I'm trying to port.
  
  What is your suggestion? Can anyone think of a workaround for 
  this or should I just compile it using eg++ 4.2.4 ?
  
  
  Christopher
  
  
  #includeerr.h
  
  #define WarnIfNULL(x) ((x) ? (x) : (warn(blub),(x)))
  
  class A
  {
protected:
  int a;
  };
  
  class B : A
  {
public:
  void blub()
  {
   WarnIfNULL(A::a);
  }
  };
 
 Why do some C++ programmer still use macros where they're not needed ?
 bunch of idiots, let them stay with C.
 
 #includeerr.h
 
 templatetypename T
 inline T WarnIfNULL(T x)
 {
   if (!x)
   warn(blub);
   return x;
 }
 
 class A
 {
   protected:
 int a;
 };
 
 class B : A
 {
   public:
 void blub()
 {
  WarnIfNULL(A::a);
 }
 };
 

ok, thanks. That seems to be the solution, still I have to wrap it in a macro, 
because I need __LINE__, __FILE__, __CLASS__...

Re: [SOLVED] How to work around this compiler bug

[Christopher Zimmermann]

ok, thanks everyone. Problem is solved and I even learned some things, too.


Christopher

How to work around this compiler bug

[Christopher Zimmermann]

Hi,

the following piece of code compiles fine using g++ 4.2.4, but 
fails using g++ 3.3.5 in the base system:

error: operands to ?: have different types

It is part of ptlib, which is the base library for opal, which in 
turn is needed for ekiga, which I'm trying to port.

What is your suggestion? Can anyone think of a workaround for 
this or should I just compile it using eg++ 4.2.4 ?


Christopher


#includeerr.h

#define WarnIfNULL(x) ((x) ? (x) : (warn(blub),(x)))

class A
{
  protected:
int a;
};

class B : A
{
  public:
void blub()
{
 WarnIfNULL(A::a);
}
};

Re: SiS190 driver: finished.

[Christopher Zimmermann]

On Wed, 9 Dec 2009 23:13:57 -0500 Brad wrote:
 Since the driver at the moment only supports the SiS 190 Fast 
 Ethernet
 chipset then it would be pretty strange to name the driver in such a manner
 to explicitly mention Gigabit. I think se(4) would be Ok to use. Having this 
 driver would be a good thing and I think it would be good if you could 
 continue renaming the driver and doing enough clean up to get it into
 a state to be commited to the tree.

ok. I renamed it to se and cleaned it to conform to style(9).
The only deviation I kept is that the registers names are not
all lower case.
Manpage still needs to be written.

I tested this now for quite a while on my computer I use daily, 
but I am not able to do high load tests, because I use it as 
interface for my pppoe0 connection. I don't have a second box to 
test against.

Here's a diff against current:


Index: arch/amd64/conf/GENERIC
===
RCS file: /cvs/src/sys/arch/amd64/conf/GENERIC,v
retrieving revision 1.288
diff -u -p -r1.288 GENERIC
--- arch/amd64/conf/GENERIC 28 Mar 2010 17:04:27
-   1.288 +++ arch/amd64/conf/GENERIC   2 Apr 2010
11:14:42 - @@ -436,6 +436,7 @@ vr*  at
pci?# VIA Rhine ethernet
#wb*at pci? # Winbond
W89C840F ethernet sf*   at
pci?# Adaptec AIC-6915 ethernet
sis*at pci? # SiS
900/7016 ethernet +se*  at
pci?# SiS 190/191 ethernet
#ste*   at pci? # Sundance
ST201 ethernet BORKED pcn*  at
pci?# AMD PCnet-PCI Ethernet
dc* at pci? # 21143,
tulip clone ethernet Index: dev/pci/files.pci
===
RCS file: /cvs/src/sys/dev/pci/files.pci,v retrieving revision
1.270 diff -u -p -r1.270 files.pci --- dev/pci/files.pci
23 Feb 2010 18:43:15 -  1.270 +++
dev/pci/files.pci   2 Apr 2010 11:14:43 - @@ -467,6
+467,11 @@ device   sis: ether, ifnet, mii, ifmedia
attach  sis at pci file
dev/pci/if_sis.csis +# SiS 190/191 ethernet
+device se: ether, ifnet, mii, ifmedia +attach  se
at pci +filedev/pci/if_se.c se
+
 # Sundance ST201 ethernet
 device ste: ether, ifnet, mii, ifmedia
 attach ste at pci
Index: dev/pci/if_se.c
===
RCS file: dev/pci/if_se.c
diff -N dev/pci/if_se.c
--- /dev/null   1 Jan 1970 00:00:00 -
+++ dev/pci/if_se.c 2 Apr 2010 11:14:44 -
@@ -0,0 +1,1425 @@
+/*-
+ * Copyright (c) 2009, 2010 Christopher Zimmermann
madro...@zakweb.de
+ * Copyright (c) 2007, 2008 Alexander Pohoyda
alexander.poho...@gmx.net
+ * Copyright (c) 1997, 1998, 1999
+ * Bill Paul wp...@ctr.columbia.edu.  All rights
reserved.
+ *
+ * Redistribution and use in source and binary forms, with or
without
+ * modification, are permitted provided that the following
conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above
copyright
+ *notice, this list of conditions and the following
disclaimer.
+ * 2. Redistributions in binary form must reproduce the above
copyright
+ *notice, this list of conditions and the following
disclaimer in the
+ *documentation and/or other materials provided with the
distribution.
+ * 3. All advertising materials mentioning features or use of
this software
+ *must display the following acknowledgement:
+ * This product includes software developed by Bill Paul.
+ * 4. Neither the name of the author nor the names of any
co-contributors
+ *may be used to endorse or promote products derived from
this software
+ *without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY Bill Paul AND CONTRIBUTORS ``AS
IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL
AUTHORS OR
+ * THE VOICES IN THEIR HEADS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
GOODS OR
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include sys/cdefs.h
+
+/*
+ * SiS 190 Fast Ethernet PCI NIC driver.
+ *
+ * Adapted to SiS 190 NIC by Alexander Pohoyda based on the
original
+ * SiS 900 driver by Bill Paul, using SiS 190/191 Solaris
driver by
+ * Masayuki Murayama and SiS 190/191 GNU/Linux driver by K.M.
Liu
+ * km...@sis.com.  Thanks to Pyun YongHyeon
pyu...@gmail.com for
+ * review and very

Re: SiS190 driver: finished.

[Christopher Zimmermann]

sorry for the cross post. The mail was supposed to go only to
tech. It seems like I and my mail client are a bit confused
today...

Christopher

Re: gnu grep -o flag

[Christopher Zimmermann]

On Wed, 24 Mar 2010 19:00:06 +0200 Gregory Edigarov wrote:

 Hello Everybody,
 
 Just wonder how could one implement what gnu grep -o flag does using
 our toolchain? 
 
 from ggrep(1):
 
  -o, --only-matching
   Show  only the part of a matching line that matches
   PATTERN.
 
 


maybe try this:
sed -n -e 's/.*\(PATTERN\).*/\1/ -e /PATTERN/p

Re: gnu grep -o flag

[Christopher Zimmermann]

On Wed, 24 Mar 2010 13:06:12 -0700 Philip Guenther wrote:

 On Wed, Mar 24, 2010 at 10:17 AM, Christopher Zimmermann
 madro...@zakweb.de wrote:
  On Wed, 24 Mar 2010 19:00:06 +0200 Gregory Edigarov wrote:
  Just wonder how could one implement what gnu grep -o flag does using
  our toolchain?
 
  from ggrep(1):
 
   -o, --only-matching
Show  only the part of a matching line that matches
PATTERN.
 
  maybe try this:
  sed -n -e 's/.*\(PATTERN\).*/\1/ -e /PATTERN/p
 
 Hmm, missing quote, and the expressions can be combined, but as a
 portable solution this is indeed the right answer.
 sed -n -e 's/.*\(PATTERN\).*/\1/p'

right. This one looks nicer.

 If you need extended (egrep-style) regexps, then the most portable
 solution is a chunk of awk (left as an exercise for the student); the
 less-portable-but-works-in-4.7 solution is to use -E option to sed:
 sed -n -E 's/.*(PATTERN).*/\1/p'

sed -E !?! Great! Now I know why I upgraded to -current.

ftp-proxy for outgoing connection

[Christopher Zimmermann]

Hi,

my -current firewall is configured to block all in, block all out 
and allow only certain outbound connections.

Now I want to allow outbound ftp connections.

I read ftp-proxy(8) and 
http://openbsd.org/faq/pf/ftp.html#client.

As I understand it, ftp-proxy could be used to create rules for 
inbound and outbound connections on 4.6. Now on -current the rdr 
keyword is missing from the pf.conf syntax. Instead ftp-proxy(8) 
suggests using rdr-to, but this only works for inbound 
connections.

Is it possible to allow ftp connections from a local client to
public ftp serves on the internet? Possibly by using ftp-proxy?


Kind regards,

Christopher

Re: ftp-proxy for outgoing connection

[Christopher Zimmermann]

On Fri, 12 Mar 2010 00:23:00 + (UTC) Stuart Henderson wrote:

 On 2010-03-11, Christopher Zimmermann madro...@zakweb.de wrote:
  Hi,
 
  my -current firewall is configured to block all in, block all out 
  and allow only certain outbound connections.
 
  Now I want to allow outbound ftp connections.
 
  I read ftp-proxy(8) and 
  http://openbsd.org/faq/pf/ftp.html#client.
 
  As I understand it, ftp-proxy could be used to create rules for 
  inbound and outbound connections on 4.6. Now on -current the rdr 
  keyword is missing from the pf.conf syntax. Instead ftp-proxy(8) 
  suggests using rdr-to, but this only works for inbound 
  connections.
 
  Is it possible to allow ftp connections from a local client to
  public ftp serves on the internet? Possibly by using ftp-proxy?
 
 I suspect your understanding of inbound is from the viewpoint
 of your network; PF doesn't care about that at all, it's only
 concerned with whether a packet is inbound or outbound to a
 particular interface.

ok, thanks. Thats clear. I don't have a whole net. Its just a 
single workstation, using pppoe0 to reach the internet. So the 
ftp client is running on the firewall, not behind it. The packets 
will be outbound on my pppoe0, but not inbound any any interface, 
will they?

 rdr only works for inbound connections too.

As I unterstood it, it works _only_ for inbound connections.

 A rule like the following works just fine for a ftp connection
 from a local client to a public ftp server:
 
 pass in quick log on {lan, wifi, natted} inet proto tcp \
 to port 21 rdr-to 127.0.0.1

Isn't this just the example from the default pf.conf with
on {...} added and port 8021 left away?

After reading http://www.openbsd.org/faq/current.html#20090901

it seems to me that it is in fact not possible at the moment to 
use a ftp-client on a firewall until the current restrictio on 
rdr-to in pfctl will be removed. Is this true?


Chrisotpher

include sys/cdefs.h in sys/mmap.h

[Christopher Zimmermann]

Hi!

I just got some errors while trying to compile ptlib:

error: type specifier omitted for parameter `size_t'
[...]

They resulted from size_t not being defined in sys/mmap.h
I could fix this problem by including sys/types.h instead
of sys/cdefs.h in sys/mmap.h

Is this a problem of ptlib, which should not directly
include mmap.h or should this possibly be fixed in OpenBSD?


Christopher

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

how do I do a rename(1) ?

[Christopher Zimmermann]

Hi!

I'm missing the http://linux.die.net/man/1/rename command in
OpenBSD. Preferably with regex support like in Debian. Is
there a similar tool or a port containing this tool? I
couldn't find any.

I often use this to do things like:

rename .jpg .jpeg *.jpg

or

$ ls
10_bulb 11_funny 12_things 1_foo 2_bar 3_blub ... 9_foobar
$ rename '' 0 ?_*
$ ls
01_foo 02_bar 03_blub ... 09_foobar 10_bulb 11_funny 12_things

to let ls sort the files numerically.


Cheers,

Christopher

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: how do I do a rename(1) ?

[Christopher Zimmermann]

On Sat, 16 Jan 2010 14:16:49 +0059
Han Boetes h...@mijncomputer.nl wrote:

 Christopher Zimmermann wrote:
  I'm missing the http://linux.die.net/man/1/rename
  command in OpenBSD.

 Ehm.

 ~% uname -a
 Linux marsupilami 2.6.31-16-generic #53-Ubuntu SMP Tue
 Dec 8 04:02:15 UTC 2009 x86_64 GNU/Linux ~% which
 rename /usr/bin/rename
 ~% file /usr/bin/rename
 /usr/bin/rename: symbolic link to
 `/etc/alternatives/rename' ~% ls
 -l /etc/alternatives/rename lrwxrwxrwx 1 root root 16
 2009-12-28 16:33 /etc/alternatives/rename
 - /usr/bin/prename ~%
 file /usr/bin/prename /usr/bin/prename: a /usr/bin/perl
 -w script text executable

 Copy it.

That was easy. Thanks!


 # Han

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: ComixWall terminated [WAS: ComixWall 4.6 released, December 8, 2009]

[Christopher Zimmermann]

On Wed, 9 Dec 2009 10:37:01 -0700
Bob Beck b...@ualberta.ca wrote:

  COMIXWALL isn't a fork, its just a preinstalled
  configuration panel for OpenBSD and a collection of
  nice utilities.
 
 So it belongs as a a port then. Not as a distibution -
 and not sending release announcements to OpenBSD lists.

as you wish. let's call it a port.

 Do we see release announcements here for other new ports?

I'm quite new to OpenBSD, but I already read a few NEW: 
and UPDATED: announcements on the -ports mailing list.

Anyway, comixwall is not a part of the official ports 
tree. So the release announcements of comixwall should not 
go into the ports list either.

I had a second look at the descriptions of the mailing 
lists:

misc
User questions and answers, general questions. This is the 
most active list. Please, read the FAQ and the installation 
documents, and see How to report a Problem before posting. 

advocacy
Promoting the use of OpenBSD. Non-technical discussions in
misc often get shunted here. 


So as I read this announcements of projects trying to 
promote OpenBSD can (and should) go into the advocacy list.

misc is only for user questions, general questions. Asking 
for translators might fit in here. Still as comixwall is 
trying to promote OpenBSD the request may fit better into 
the advocacy list.
The only problem is the advocacy list is quite dead. So the 
decision to post the announcement of ComixWall to the misc 
list does not seem too stupid to me.
  
 Do we see release announcements on our lists for Firefox?

comixwall is developed to make using OpenBSD easier. It's 
only project goal is to prove that it is possible to create 
high quality, free and open source ISG based on OpenBSD 
(cited from the comixwall homepage).
So I would say its relevance for OpenBSD users (the audience 
of this list) is much higher than firefox releases.

 * Release Announcements For things that are not OpenBSD
 do not belong on OpenBSD lists * - We don't tell people
 who have other ported applications that run on openbsd to
 spew every release announcement over our lists - why
 should ComixWall be any different?

According to the archives at MARC there were exactly two 
release announcements of comixwall on this list. One in 2008 
and one in 2009. This is not exactly the amount it takes to 
pollute a mailing list.
This stupid thread did already produce enough noise to make 
up for 7 years of comixwall release announcements.

I know I just added some additional noise, still I would be 
glad to see this issue settled in a non-destructive way.

OpenBSD is a great OS and ComixWall enables many people to 
use it. I don't see any reason why the two projects should 
not be able to cooperate.


Christopher Zimmermann

Re: ComixWall terminated [WAS: ComixWall 4.6 released, December 8, 2009]

[Christopher Zimmermann]

On Wed, 9 Dec 2009 13:38:56 -0500
Jason Dixon ja...@dixongroup.net wrote:

 How does the announcement of new releases for ComixWall
 help OpenBSD?

It helps in promoting OpenBSD. And this is the official 
purpose of the advocasy mailing list.

So I think that announcements of ComixWall releases could go 
into the advocasy list.
Is this a false conclusion? If not Soner Tari could go on 
with his project and post his announcements to the advocacy 
list.

Anyway, since the advocascy list is dead, the two 
announcements to misc should not be censured in such a harsh 
way.

 How does abstraction of arguably the cleanest, easiest to
 learn UNIX, help OpenBSD?

It helps in promoting OpenBSD. Promoting OpenBSD will make 
OpenBSD more widely known. This will attract more possible 
developers. They will write code for OpenBSD. This will help
OpenBSD.

  I know I just added some additional noise, still I
  would be glad to see this issue settled in a
  non-destructive way.
 
 It is settled.  You're whining.

If this is true, it's a pity. Then comixwall just died.

I still hope this issue can be settled in a NON-DESTRUCTIVE 
way.
And yes. I AM WHINING. It bothers me when people destroy 
such a huge amount of good work just because of a stupid 
attack of bad mood.

  OpenBSD is a great OS and ComixWall enables many people
  to use it. I don't see any reason why the two projects
  should not be able to cooperate.
 
 Because they are not cooperative projects.  OpenBSD
 doesn't need ComixWall.  OpenBSD is Free, Functional and
 Secure(*).
 
 (*) And easy.

Right. And the devil may care.

Not helping comixwall by bearing one release announcement 
per year is not lazy, not even selfish, its just PLAIN 
FUCKING STUPID!

Re: ComixWall terminated [WAS: ComixWall 4.6 released, December 8, 2009]

[Christopher Zimmermann]

On Wed, 9 Dec 2009 20:43:59 +0100
Martin Schr__der mar...@oneiros.de wrote:

 2009/12/9 Christopher Zimmermann madro...@zakweb.de:
  On Wed, 9 Dec 2009 13:38:56 -0500
  Jason Dixon ja...@dixongroup.net wrote:
 
  How does the announcement of new releases for ComixWall
  help OpenBSD?
 
  It helps in promoting OpenBSD. And this is the official
  purpose of the advocasy mailing list.
 
 I seriously doubt that Theo sells any cd more because of
 ComixWall. And sale of cds is what ultimately counts as
 promoting OpenBSD. I can't find Tari's name on
 http://www.openbsd.org/donations.html, nor can I find a
 link to there from http://comixwall.org
 While I applaud him for his effort and think this is a
 great thing, he hides OpenBSD quite well.

He links several times to openbsd. Try clicking on the 
OpenBSD 4.6 cover displayed on the main page.
Since Soner Tari does not sell his project he could 
easily link to the donations page if asked.

  I still hope this issue can be settled in a
  NON-DESTRUCTIVE way.
 
 Same here. The efforts of Comixwall should be folded into
 OpenBSD.

Now that would be great of course. Do you think it would be 
possible to distribute comixwall as several ports in the 
ports tree?
Only installation would become a bit more difficult. But 
this should not be a big deal.

It's just a pity that the constructive proposals come only 
after people already gave up

Re: Dual boot stable and current

[Christopher Zimmermann]

On Fri, 4 Dec 2009 14:04:30 +1100
Aaron Mason simplersolut...@gmail.com wrote:

 On Fri, Dec 4, 2009 at 12:33 PM, Jonathan Thornburg
 jth...@astro.indiana.edu wrote:
  Christopher Zimmermann madroach () zakweb ! de asked
  is it possible to install two OpenBSDs on the same
  disk? I'd like to try -current in a separate
  installation.
 
  Yes.  The way I do it is to have a single fdisk
  partition containing the entire disk (or more
  generally, as much of it as I want to use for all
  OpenBSD stuff combined), then create two separate sets
  of OpenBSD root, var, and usr partitions inside that,
  sharing /home.  That is, I have the following
  'disklabel' partitions: wd0a  root
  #1 /etc/fstab mounts root #1, var #1, usr #1,
  home wd0b  swap wd0c  entire disk wd0d  root
  #2 /etc/fstab mounts root #2, var #2, usr #2,
  home wd0e  var #1 wd0f  var #2
   wd0g  usr #1
   wd0h  usr #2
   wd0j  home
 
  I use the standard OpenBSD bootloader, so by default
  the computer boots system #1.  If I want to boot system
  #2, I just type boot wd0d:/bsd at the boot prompt.
 
  Note that the system #1 /etc/fstab mounts *only* the
  system #1 partitions and home:
  % cat /etc/fstab
  /dev/wd0a  /ffs
  rw,softdep  1
  1 /dev/wd0b  /tmp mfs
  rw,async,nodev,nosuid,-s=2000
  0 /dev/wd0e  /var ffs
  rw,softdep,nodev,nosuid 1
  2 /dev/wd0g  /usr ffs
  rw,softdep,nodev1
  2 /dev/wd0b  /usr/tmp mfs
  rw,async,nodev,nosuid,-s=2000
  0 /dev/wd0j  /homeffs
  rw,softdep,noatime,nodev,nosuid 1 2
 
  Similarly, the system #2 /etc/fstab mounts *only* the
  system #2 partitions and home:
  # mount -r /dev/wd0d /mnt
  # cat /mnt/etc/fstab
  /dev/wd0d  /ffs
  rw,softdep  1
  1 /dev/wd0b  /tmp mfs
  rw,async,nodev,nosuid,-s=2000
  0 /dev/wd0f  /var ffs
  rw,softdep,nodev,nosuid 1
  2 /dev/wd0h  /usr ffs
  rw,softdep,nodev1
  2 /dev/wd0b  /usr/tmp mfs
  rw,async,nodev,nosuid,-s=2000
  0 /dev/wd0j  /homeffs
  rw,softdep,noatime,nodev,nosuid 1 2 #
 
  The two OpenBSD installations are entirely separate,
  and may be as different as desired.  (For example, the
  laptop on which I'm typing this has #1 = 4.6-stable and
  #2 = 4.4-stable.)
 
 
  A couple of important notes if you decide to try this:
 
  First, the standard OpenBSD install hard-codes a as
  the root partition. So... at the (I)nstall, (U)pgrade
  or (S)hell? prompt, type s to get a shell, then
   # ed install.sub
   $-1(go to the 2nd-to-last-line)
   s/a/d/ (change the 'a' to a 'd')
   w  (write the memory buffer
  back to the file) q  (quit the
  ed editor) (maybe follow with 'more install.sub' to
  confirm that all went well) OpenBSD will how happily
  install with root on the wd0d partition.
 
  [An alternative is to install what you want to wind up
  in #2 to the #1 partitions, use dump|restore or tar|tar
  to copy these to the #2 partitions (as per FAQ 10.2),
  run installboot(8) to fixup booting to the #2
 partitions,
  then reinstall what you really want to #1.]
 
 
  Finally, and most important of all, *don't* try this
  unless you know what you're doing!  Playing around with
  partitions this way works fine if you do things
  correctly, but mistakes can easily scramble your disk
  (more accurately, the data on it).  In particular,
  don't try this until you grok the FMs disklabel(8),
  fstab(5), installboot(8).  And have a full backup
  *before* you try it...
 
  --
  -- Jonathan Thornburg [remove -animal to reply]
 jth...@astro.indiana-zebra.edu
Dept of Astronomy, Indiana University, Bloomington,
  Indiana, USA If the triangles made a god, it would
  have three sides. -- Voltaire
 
 
 
 I believe Josh Grosse has the right idea - if your system
 supports booting of USB drives, $5 will buy a 1gb stick
 that is more than adequate for running OpenBSD on.
 

OK, I get it. I thought root always had to be 'a'. But
being able to use the same disklabel for both installations
is even better than using two separate disklabels.

Thanks for the hints and tips!


Christopher

Dual boot stable and current

[Christopher Zimmermann]

Hi,

is it possible to install two OpenBSDs on the same disk? I'd
like to try -current in a separate installation.
As I understand disklabels I would need separate disklabels
for each installation, because I need two separate root 'b'
partitions.

So I would create two fdisk partitions one for each system,
and the two disklabels would be stored on the LBR of these
partitions.

Is this the way to go? Is it a bad idea? Any pitfalls?


Cheers,

Christopher

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: Dual boot stable and current

[Christopher Zimmermann]

On Thu, 3 Dec 2009 14:35:27 -0500
Josh Grosse j...@jggimi.homeip.net wrote:

 Yes it is possible, but not in the way you outline.  A
 single disk can only have one disklabel, regardless of
 the number of MBR partitions... and only a single, A6 MBR
 partition should be configured.

Is this really true? As I understand the disklabel will be
stored in the partition boot record?
I just have to make sure the kernel selects the right
disklabel. I assume OpenBSD automatically selects the one
from the active partition?

Why only a single A6 partition?


 You can have multiple systems installed in different
 disklabel partitions, however.  e.g.  You could install
 -current into, for example, wd0p.  Then, at the boot
 prompt, just do something like boot hd0p/bsd  -a, and
 respond with wd0p as your root kernel.

Ok, that's what I would have done with linux. But on BSD
this violates against the a is root rule. Will this cause
trouble? If not the rest should be easy.


 Note that the bsd.rd installation script will reformat
 and use the a partition as the root partition, and this
 is outside of operator control. This will be a problem.
 You must either relabel partitions with disklabel(8) or
 modify the scripts.   (Note also that relabelling mounted
 on a running system is a very bad idea.  Do it when
 running bsd.rd, so that root partitions are unmounted, if
 you choose this method.)

 The -easiest- way to multiboot two OpenBSD systems is to
 use a second disk (even a USB stick).

that's surely true, but I have neither one handy.

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: Limit speed of dvd-drive

[Christopher Zimmermann]

On Wed, 2 Dec 2009 21:11:14 + (UTC)
Stuart Henderson s...@spacehopper.org wrote:

 On 2009-12-01, Jacob Meuser jake...@sdf.lonestar.org
 wrote:
  On Tue, Dec 01, 2009 at 05:11:03PM -0500, Dope Ice
  Apollyon the Third wrote:
  On Tue, Dec 1, 2009 at 5:10 AM, Christopher Zimmermann
  madro...@zakweb.de wrote:
   Hi!
  
   I'm searching for the OpenBSD equivalent to 'hdparm
   -E' which sets the drive speed of a cd/dvd drive.
   Google did only find an old post without replies.
   Is there a way to do this in OpenBSD?
  
  
   Christopher
 
  If it was possible I would have expected cdio(1) to
  mention it; it can pick write but not read speed, so I
  guess you're out of luck.
 
  there are DMA/PIO flags for atapiscsi(4), but I don't
  know if that's really what the OP is looking for.
 

 more likely looking for controls to restrict the rate at
 which the disk spins, maybe to make it quieter, or
 slightly less unsafe if you have to try and recover data
 from a damaged disk.


exactly. I want it more quiet.

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Limit speed of dvd-drive

[Christopher Zimmermann]

Hi!

I'm searching for the OpenBSD equivalent to 'hdparm -E'
which sets the drive speed of a cd/dvd drive.
Google did only find an old post without replies.
Is there a way to do this in OpenBSD?


Christopher

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]