Re: libiberty

2010-06-07 Thread Gregory Edigarov 
On Mon, 7 Jun 2010 12:57:06 +0300
Gregory Edigarov g...@bestnet.kharkov.ua wrote:

 On Sun, 06 Jun 2010 12:33:24 +0200
 Gabriel Kihlman g...@abc.se wrote:
 
  Gabriel Kihlman g...@stacken.kth.se writes:
  
   Gregory Edigarov g...@bestnet.kharkov.ua writes:
  
   Gabriel, 
  
   The gcc is already the necessary version:
  
  
   But you missed this part from the faq:
  
   [ ... ]
   rm -rf /usr/include/g++/*
   cd /usr/src/gnu/lib/libstdc++-v3
   make obj  make includes  make depend  make  make install
   [ ... ]
  
   You see? Remove old headers..
  
  Oh and it even says:
  
  [ ... ]
  For people updating using snapshots, don't forget to:
  
  rm -rf /usr/include/g++/*
  
  before installing newer snapshot. 
  [ ... ]
  
  
  So you have no excuse...
  
  /gabriel
 
 no excuse, you say
 well...
 
 # cat /root/build.sh
 rm -rf /usr/obj/*
 rm -rf /usr/include/g++/*
 cd /usr/src  make obj
 cd /usr/src/etc  env DESTDIR=/ make distrib-dirs
 cd /usr/src  make build
 
 # sh build
this is 
# sh build.sh 
of course...
but the rest of the question stays :-(
 
 [skip many strings]
 
 cc -O2 -pipe -g   -DHAVE_CONFIG_H -I/usr/src/gnu/lib/libiberty/src
 -I/usr/src/gnu/lib/libiberty/include -I/usr/src/gnu/lib/libiberty/obj
 -c /usr/src/gnu/lib/libiberty/src/hex.c -o
 hex.o /usr/src/gnu/lib/libiberty/src/hex.c:22: error: conflicting
 types for
 '_hex_value' /usr/src/gnu/lib/libiberty/include/libiberty.h:338:
 error: previous declaration of '_hex_value' was here *** Error code 1
 
 Stop in /usr/src/gnu/lib/libiberty (line 92 of /usr/share/mk/sys.mk).
 *** Error code 1
 
 Stop in /usr/src/gnu/lib (line 48 of /usr/share/mk/bsd.subdir.mk).
 *** Error code 1
 
 Stop in /usr/src (line 74 of Makefile).
 
 Now, where am I wrong?
 


-- 
With best regards,
Gregory Edigarov

libiberty

2010-06-05 Thread Gregory Edigarov 
Hello,

I know this is a FAQ, and perhaps I'll be blamed for asking it again...

cc -O2 -pipe -g   -DHAVE_CONFIG_H -I/usr/src/gnu/lib/libiberty/src
-I/usr/src/gnu/lib/libiberty/include -I/usr/src/gnu/lib/libiberty/obj
-c /usr/src/gnu/lib/libiberty/src/hex.c -o
hex.o /usr/src/gnu/lib/libiberty/src/hex.c:22: error: conflicting types
for '_hex_value' /usr/src/gnu/lib/libiberty/include/libiberty.h:338:
error: previous declaration of '_hex_value' was here *** Error code 1

Stop in /usr/src/gnu/lib/libiberty (line 92 of /usr/share/mk/sys.mk).
# uname -a
OpenBSD edigarov.sa.net.ua 4.7 GENERIC#16 amd64

This happen while i am trying to build from sources. The system is
the latest binary snapshot as found on ftp.openbsd.org.
Upgraded from snapshot, done 
cvs up -Pd in /usr/src; rm -rf /usr/obj/*; make obj; make build
build process stops with above error. 

Just want to learn how to struggle this.

Here's what i tryed:

cd /usr/src/gnu/lib/libiberty
make -f Makefile.bsd-wrapper cleandir 
make -f Makefile.bsd-wrapper depend
make -f Makefile.bsd-wrapper

no success...


-- 
With best regards,
Gregory Edigarov

Re: traffic management

2010-06-02 Thread Gregory Edigarov 
On Wed, 2 Jun 2010 03:37:35 +0300
irix i...@ukr.net wrote:

 Hello Misc,
 
  But at least you can say why?
Obvious: don't fix what's not broken.
 
 no kidding.  As we've told irix before, it will not happen.
 


-- 
With best regards,
Gregory Edigarov

what's wrong with ipsec ?

2010-06-01 Thread Gregory Edigarov 
Hello everybody,

Since 4.7 has been released, are there any changes in -current that
could affect ipsec?

here is my 1.2.3.4's ipsec.conf

ike  esp from 192.168.10.0/24 to 192.168.3.4/30 peer 5.6.7.8
ike  esp from 1.2.3.4 to 5.6.7.8

on 5.6.7.8:

ike passive esp from  192.168.3.4/30 to 192.168.10.0/24 peer 1.2.3.4
ike passive esp from 5.6.7.8 to 1.2.3.4

on 1.2.3.4 the system is 4.6-rel
on 5.6.7.8 the system is 4.7-current somewhere 1 week old
pf is disabled on both systems on the moment of test, so it doesn't
interfere.  

isakmpd  -DA=9 -K -p 3000 is running on both systems.

in tcpdump i am able to see traffic between the two isakmpd's.

ipsecctl -sa shows that no sa's got established...  




-- 
With best regards,
Gregory Edigarov

Re: what's wrong with ipsec ?

2010-06-01 Thread Gregory Edigarov 
On Tue, 1 Jun 2010 15:14:58 +0100
Sevan / Venture37 ventur...@gmail.com wrote:

 from 47.html
 
 Two bugs in IPsec/HMAC-SHA2 were fixed, resulting in an
 incompatibility with the HMAC-SHA-256/384/512 hash algorithms with
 previous versions of OpenBSD and other IPsec implementations sharing
 the bugs.
 
:-) ok, i see.
now, what are we expected to do? it could be difficult to change
systems on remote end...


-- 
With best regards,
Gregory Edigarov

Re: power went off during pk_add and now pkg_tools are useless printing out garbage on screen on 4.7/amd64 SMP

2010-05-27 Thread Gregory Edigarov 
On Thu, 27 May 2010 14:19:20 +0530
Siju George sgeorge...@gmail.com wrote:

 $ rm -rf *
 $sudo pkg_delete cairo gettext glib2 glitz jpeg libconfuse libgamin
 libiconv libungif partial-bzip2 pcre png
   
 Unknown element: @A oFG }j6ZWKFD)B7
 Ge_F1Qq.Hq4gZ4,VlX2s,.?   mWST/[@QQ-Sit{H/!_qW2tl
  B1a3[?SK 1P

 What to do now? :-(

 thanks :-)

 --Siju

I would rm -rf /usr/local/* /var/db/pkg/* /var/db/pkg/.*

then install packages of your choice again.


--
With best regards,
Gregory Edigarov

thinkpad sl500: iwn0: radio is disabled by hardware switch

2010-05-21 Thread Gregory Edigarov 
Hi,

Where is that 'hardware switch'? 


-- 
With best regards,
Gregory Edigarov

Re: thinkpad sl500: iwn0: radio is disabled by hardware switch

2010-05-21 Thread Gregory Edigarov 
Found it
thanks everybody

On Fri, 21 May 2010 16:29:11 +0400
Sergey Bronnikov este...@gmail.com wrote:

 hardware switch is switch on front of notebook.
 For example, when I disable WiFI on my W500 following lines appears
 in dmesg:
 
 iwn0: RF switch: radio disabled
 iwn0: Radio transmitter is off
 iwn0: RF switch: radio disabled
 iwn0: RF switch: radio enabled
 
 
 see on image -
 http://www.notebookcheck.net/typo3temp/pics/43d96a4ddc.jpg WiFi swith
 is between FireWire outlet and sound holes.
 
 On 14:53 Fri 21 May , Gregory Edigarov wrote:
  Hi,
  
  Where is that 'hardware switch'? 
  
  
  -- 
  With best regards,
  Gregory Edigarov
  
 


-- 
With best regards,
Gregory Edigarov

Re: Questions about tables on pf

2010-04-29 Thread Gregory Edigarov 
On Thu, 29 Apr 2010 10:15:08 -0300
Leonardo Carneiro - Veltrac lscarne...@veltrac.com.br wrote:

 Hello everyone.
 
 I have a table in my pf.conf:
 
 table ips_allowed persist const file /etc/pf.conf.d/ips_allowed
 
 If I add or remove IPs from this file mannualy, will the firewall be 
 aware of such changes or do i need to reload pf? Also, pf do map this 
 file in memory or does it read from the disk for every packet?
 
 Tks in advance and sorry for my poor english

Please read the manual page.
you will need to do something like:

pfctl -Treplace -tips_allowed

in order to reload your table 
-- 
With best regards,
Gregory Edigarov

Plans about nsd?

2010-03-29 Thread Gregory Edigarov 
Hello,

I cannot be the only one noticed nsd import in tree. Therefore the
questions arrise about future plans as nsd is an authoritative only 
name service daemon, so it should be accompanied with unbound to gain
the full functionality of named. Is there any work ongoing to eliminate 
the need in unbound? Or unbound is on the queue to be merged in tree
too? Beacuse caching-only name server is much more frequent
configuration than an authoritative  only and even authoritative
nameservers alomost always serve as resolvers for their lans.

-- 
With best regards,
Gregory Edigarov

Re: OpenBGPD rtableid option

2010-03-26 Thread Gregory Edigarov 
On Fri, 26 Mar 2010 10:34:48 +0100
Claudio Jeker cje...@diehard.n-r-g.com wrote:

 Hi,
 
 I'm wondering if anyone is using the rtable number config option in
 OpenBGPD. Upcomming changes are currently conflicting with this
 feature and I wonder if we should remove it or fix it.
 

I use this feature to provide fine-grained routing in some cases.
and I really looking  for the same feature in ospfd. 
so my opinion is to fix it  

-- 
With best regards,
Gregory Edigarov

Re: OpenBGPD rtableid option

2010-03-26 Thread Gregory Edigarov 
On Fri, 26 Mar 2010 11:49:17 +0100
Claudio Jeker cje...@diehard.n-r-g.com wrote:

 On Fri, Mar 26, 2010 at 12:13:20PM +0200, Gregory Edigarov wrote:
  On Fri, 26 Mar 2010 10:34:48 +0100
  Claudio Jeker cje...@diehard.n-r-g.com wrote:
  
   Hi,
   
   I'm wondering if anyone is using the rtable number config
   option in OpenBGPD. Upcomming changes are currently conflicting
   with this feature and I wonder if we should remove it or fix it.
   
  
  I use this feature to provide fine-grained routing in some cases.
  and I really looking  for the same feature in ospfd. 
  so my opinion is to fix it  
  
 
 So you run multiple bgpd on the same box?
No, in the setup I need a default table to be populated by manually
added routes, and a second table, which is populated via bgp. 
Though, on second thought I could use route -T 1 bgpd construct...
  
 For ospfd there is something similar. It is possible to run multiple
 ospfd in different rdomains but that is not the same as the rtableid
 of bgpd. I can not see how you want to run multiple ospfd instances
 over the same interface (the protocol does not allow that).




-- 
With best regards,
Gregory Edigarov

Re: Abnormally slow and unstable cvs process

2010-03-26 Thread Gregory Edigarov 
On Fri, 26 Mar 2010 16:48:10 +0200 (EET)
CzgCr KazanC'C'D1 ozgur.kazan...@info.uvt.ro wrote:

 Hello.

 I have a new computer that i'll control remotely, (a Dell PowerEdge
 860) it has a newly installed OpenBSD 4.6.

 When i try to get the src source via cvs, the progress goes extremely
 slow, it always stops for ~30 seconds,
 sometimes even few minutes pass almost at every file during the
 fetching.

 The same slowness happened also when i pkg_add'ed a package.

 (I use the nearest cvs mirror - i tried different mirrors as well)

 for example,

 U src/gnu/usr.bin/binutils/ld/NEWS
 (waiting too long, then)
 U src/gnu/usr.bin/binutils/ld/README
 (again wait few minutes)
 U src/gnu/usr.bin/binutils/ld/TODO
 again..

 The current cvs process is running since ~12 hours.

 I guess it's not because of my computer's internet speed,
 at least it's not that slow, of course.
 Not a DNS problem.

 I suspect the NIC. Broadcom BCM5721. Its driver maybe?

 Here is the dmesg output:

 http://openbsd.pastebin.ca/CDtZiOel

 Would gratefully appreciate any suggestions.

 Many thanks in advance for your time!
try disabling ACPI in the first place.

if that helps - welcome to the
club :-)

--
With best regards,
Gregory Edigarov

gnu grep -o flag

2010-03-24 Thread Gregory Edigarov 
Hello Everybody,

Just wonder how could one implement what gnu grep -o flag does using
our toolchain? 

from ggrep(1):

 -o, --only-matching
  Show  only the part of a matching line that matches
  PATTERN.


-- 
With best regards,
Gregory Edigarov

Re: Change root password from shell-script

2010-01-27 Thread Gregory Edigarov 
On Wed, 27 Jan 2010 17:05:17 +0100
Jordi Espasa Clofent jordi.esp...@opengea.org wrote:

 HI all,
 
 ?Is there any way t change the root password using a shell-script
 (aka non-interactive mod as passwd uses)?
 
 I've used pw in FreeBSD and chpasswd in Debian GNU/Linux to do it,
 bit I've not found a way/command to do it with my OpenBSD boxes.
 
 At present my approach will be install except from ports and use it
 to get my goal.
 
Have you looked at man usermod? -p flag in particular. 

-- 
With best regards,
Gregory Edigarov

self educating q

2010-01-22 Thread Gregory Edigarov 
Hello Everybody,

I noticed it  very every time that when question about security of
OpenBSD risen, at least one message states: i386 architecture is
hardware insecure, and I really  agree with it.

Then my question is: in your opinion, what is the most secure
modern architecture that is supported by the manufacturer(let it be
not so mass, but resonable priced), to run OpenBSD on?   

Thank you.

-- 
With best regards,
Gregory Edigarov

Re: OpenSMTPd actual development and integration

2010-01-15 Thread Gregory Edigarov 
On Fri, 15 Jan 2010 09:41:46 +0100
Gilles Chehade gil...@openbsd.org wrote:

 On Thu, Jan 14, 2010 at 06:50:14PM +0100, Jean-Francois wrote:
  Hi All,
  
  Could you please inform about the actual state of OpenSMTPd and
  when it shall be fully integrated into OpenBSD ?
  
  Thanks.
  
 
 actual state ?
   work in progress, do not use in production, you will lose
 your job. 

actually, I already use it on a couple of my low volume servers. Both
as a receiving and as a sending mta. Works just great.

-- 
With best regards,
Gregory Edigarov

Re: smtpd + dovecot: virtual map trouble

2010-01-05 Thread Gregory Edigarov 
On Mon, 04 Jan 2010 14:21:58 -0600
Jacob Yocom-Piatt j...@fixedpointgroup.com wrote:

 i am working on a new production mailserver using smtpd for an mta
 and dovecot for serving mail. i have run into a problem where i would
 like to use the same authentication mechanism for smtpd and dovecot
 so there is only one password database to maintain.
 
 as best i can tell i need to use system accounts and virtual user
 maps to get mail to dump into separate directories. the caveat is
 getting either dovecot to understand the virtual user mapping to
 system accounts or smtpd to do smtp authentication through dovecot. i
 would rather use bsdauth than have dovecot handle authentication.
 
 i currently have smtpd setup and delivering mail fine with the
 following config
 
 ext_if = re0
 
 listen on lo0
 listen on $ext_if tls enable auth
 
 map aliases { source db /etc/mail/aliases.db }
 map virtual { source db /etc/mail/virtual.db }
 
 accept for local alias aliases deliver to mbox
 accept from all for virtual virtual deliver to maildir
 /var/vmail/%d/%a accept for all relay
 
 with the virtual map specified like so
 
 us...@domain1.com: user1_dom1
 ...
 us...@domain1.com: userN_dom1
 
 where i have added users user1_dom1 through userN_dom1 with the false 
 shell to the system. all works fine with the mail delivery and relay.
 
 any insight into how i can get dovecot or smtpd to do what i want
 would be appreciated.

I've written a bsdauth module for to authenticate  over pop3.
since smtpd using bsdauth - you can use it. later today I'll put it on
the web to share. 

-- 
With best regards,
Gregory Edigarov

Re: vi in /bin

2009-12-18 Thread Gregory Edigarov 
On Fri, 18 Dec 2009 10:28:25 +0100
Igor Sobrado igor.sobr...@gmail.com wrote:

 On Fri, Dec 18, 2009 at 6:07 AM, David Gwynne l...@animata.net
 wrote:
  On 18/12/2009, at 1:26 PM, Raymond Lillard wrote:
 
  Real men use cat. :-)
 
  real men use COPY CON PROGRAM.EXE
 
 real men use EDIT/TECO.
 
real men use XEDIT.

-- 
With best regards,
Gregory Edigarov

Re: smtpd(8) local delivery failure - help needed with diagnosis

2009-12-17 Thread Gregory Edigarov 
On Thu, 17 Dec 2009 02:45:25 -0600
Adam Thompson athom...@athompso.net wrote:

 First, some baseline data:

skipped

 
 So.  WTF am I doing wrong?  Help!

You should add the following line to your smtpd.conf

accept for local deliver to mbox

or

accept from local for local deliver to mbox


 
 -Adam Thompson
  athom...@athompso.net
 


-- 
With best regards,
Gregory Edigarov

ospfd does not follow interface address changes?

2009-11-27 Thread Gregory Edigarov 
hi everybody.

if you run ospfd in your setup can you test to confirm the behavior:
setup an interface in ospfdfor example - 
ifconfig vlan3 vlandev rl0 192.168.3.0/30   up
add this interface to any known area of ospfd. reload, wait for the
route to propagate. then change ip on vlan3.  
ifconfig vlan3 vlandev rl0 192.168.4.0/30

on some other router do
ospfctl sh rib
 
you will see 192.168.3.0/30 again and again and again
the only way to change the routes is to fully kill ospfd and then start
it again. 

-- 
With best regards,
Gregory Edigarov

imsg framework

2009-11-19 Thread Gregory Edigarov 
Hello,

just wonder is there any information about it available?
I mean the source is good to look for details but I would like to have
a big picture first.

-- 
With best regards,
Gregory Edigarov

Re: Header re-writing and smtpd(8)

2009-10-30 Thread Gregory Edigarov 
On Thu, 29 Oct 2009 10:55:58 -0700
Chris Jones cjo...@gdisoftware.com wrote:

 Good morning,
 
 I'm curious if anyone knows if it's possible to do header re-writing 
 with smtpd(8). I have a project I would love to use smtpd(8) for but 
 I'll need to figure a way to be able to re-write message headers as
 they relay through this server. The gist of it is, I would like to
 setup a mailbox server (zimbra) which routes mail to specific relay
 servers based on email domain. These relay servers would then
 re-write the Received: fields in the header of a message so that it
 looks like it's originating from the relay server.
 
 I've done this with Postfix before but I would much rather use
 smtpd(8) for it's security and simplicity. Thanks in advance for any
 advice or information you have.
 
 Cheers,
 -Chris
 
Hi, Chris.

The header rewriting isn't there yet. 

-- 
With best regards,
Gregory Edigarov

Re: openbsd ca tutorial

2009-10-30 Thread Gregory Edigarov 
On Thu, 29 Oct 2009 16:42:06 -0500
Marco Peereboom sl...@peereboom.us wrote:

 anything openssl is insufficient.  When possible avoid OpenSSL.
 
Sorry, what's your arguments and propositions?

 On Thu, Oct 29, 2009 at 10:14:05PM +0100, Joachim Schipper wrote:
  On Thu, Oct 29, 2009 at 09:23:09PM +0100, Abdullah Sendul wrote:
I am trying to create my own CA on openbsd. but unfortunately
couldnt find any tutorial on this, there are some on freebsd,
linux, but they are giving some errors.
   
If I am understanding you correctly, you might want to look
here: http://www.openbsd.org/faq/faq10.html#HTTPS
   
   sorry not a self signed cert.
   a certificate authority
  
  *Read* the FAQ. It tells you about openssl ca. Is that
  insufficient?
  
  Joachim
 


-- 
With best regards,
Gregory Edigarov

Re: 4.6 hang

2009-10-27 Thread Gregory Edigarov 
 wsmouse0 at pms0 mux 0
 pcppi0 at isa0 port 0x61
 midi0 at pcppi0: PC speaker
 spkr0 at pcppi0
 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
 mtrr: Pentium Pro MTRR support
 softraid0 at root
 root on wd0a swap on wd0b dump on wd0b
 WARNING: / was not properly unmounted
 


-- 
With best regards,
Gregory Edigarov

Re: smtpd support DIGEST MD5 AUTH ?

2009-10-26 Thread Gregory Edigarov 
On Mon, 26 Oct 2009 02:01:01 -0500
Fernando Quintero fernando.a.quint...@gmail.com wrote:

 Hi all,
 
 first, thx to gilles for this great software,
 I'm testing smtpd with TLS and SSL an it works ok, I noticed that the
 AUTH command uses PLAIN LOGIN.
 
 The question is: smtpd supports another thing different to PLAIN LOGIN
 for AUTH?, is possible integrate it to SASL ?

short answer: you do not want to I see SASL as a very complex piece
of bloatware.
a bit longer answer: smtpd is interfaced to bsdauth (see
authenticate(3)). so if you want you can implement authentication
method, just like I did to authenticate smtpd client to pop3 server.

-- 
With best regards,
Gregory Edigarov

Re: mailq: unsupported mode with smtpd

2009-10-26 Thread Gregory Edigarov 
On Mon, 26 Oct 2009 15:19:49 +0100
Bret Lambert bret.lamb...@gmail.com wrote:

  and by maulq i mean mailq ;-)
 
 but maulq is much more full of awesome and win
 
Maul? did you mean Darth Maul? ;-)

-- 
With best regards,
Gregory Edigarov

Re: [pf question] Positive condition for adding in the table?

2009-09-17 Thread Gregory Edigarov 
On Thu, 17 Sep 2009 10:20:37 +0200
Ivan Radovanovic riv...@gmail.com wrote:

 Iqigo Ortiz de Urbina napisa:
  You could also take a look at the match, tag and tagged keywords in
  pf.conf.
  
  Additionally, you may require parsing your custom logs (pflogN
  interfaces or binary logs in /var/log/) in order to populate your
  tables for use in the main ruleset or anchors.
  
  Have a nice day,
  
  Iqigo
  
 
 I finished simple program that parses pflogN interface and executes 
 actions embedded in labels in pf rules. However I don't have OpenBSD 
 installed so I can't test if it works/compiles on OpenBSD (it works
 fine on FreeBSD), so it would be nice if someone is interested to try
 it on OpenBSD before I put it for everyone to download :-)

Perhaps it would be interesting, and I could try it, but could you give
an example use case?

-- 
With best regards,
Gregory Edigarov

Re: smtpd update

2009-09-16 Thread Gregory Edigarov 
Gilles,

I've already started using it in production (yes, with my own
non_accepted_aliases_patch ;-). So far - all good, seems to be 
very robust and pretty stable.
I will of course send you a note if I will notice some troubles.
And for the others to record I have to notice the very clean code which
lets me make small changes for myself. 


On Wed, 16 Sep 2009 13:50:00 +0200
Gilles Chehade gil...@poolp.org wrote:

 Please, do not wait for others to try it, I just can't hear another
 I will try it
 soon, I was just waiting for other people's feedbacks ...
 
 Gilles
 
 
 Jacek Masiulaniec a icrit :
  Hi,
 
  smtpd has recently benefited from many changes to the local and
  remote delivery code paths.  Their aim is to advance smtpd few
  steps further to being well suited for production use.  I have been
  working on this for a number of weeks, and to put it bluntly - the
  changes are massive.
 
  So, please grab the latest smtpd and give it a spin.
 
  If you are not already using smtpd but would like to start, edit
  /etc/mailer.conf
 
  sendmail/usr/sbin/smtpctl
  send-mail   /usr/sbin/smtpctl
  mailq   /usr/sbin/smtpctl
  makemap /usr/libexec/smtpd/makemap
  newaliases  /usr/libexec/smtpd/makemap
 
  and run
 
  # echo sendmail_flags=NO  /etc/rc.conf.local
  # echo smtpd_flags=  /etc/rc.conf.local
  # newaliases
 
  Finally, reboot the box to verify smtpd is started automatically.
 
  Thanks,
 
  Jacek
 


-- 
With best regards,
Gregory Edigarov

bgpd q

2009-08-26 Thread Gregory Edigarov 
Hi,

Could I rewrite as-paths in bgpd? I.e. if I have an incoming as-path
like this:

1 2 3 3 3 3 3 3 3 3 4 

and would like for some reason to rewrite it like: 1 2 3 4, or 
1 2 3 3 4, can I do this? 

Thank you.

-- 
With best regards,
Gregory Edigarov

Re: .xinitrc and new window manager not loading

2009-08-19 Thread Gregory Edigarov 
What do you use? xdm or startx?
if you use xdm - you should use .xsession instead 

On Wed, 19 Aug 2009 11:32:05 +
Chris atst...@gmail.com wrote:

 I am trying to get a new wm (scrotwm) and added it to .xinitrc but
 it's not working. Every time I press ALT-CRTL-Backspace and log back
 again, I get landed on fvwm. Not sure what I'm doing wrong.
 The same .xinitrc works on another box running bash shell for a
 normal user.
 
 My shell is ksh, user chris is a normal user (user's group is user).
 The .xinitrc file is owned by chris:user
 and has permission:  -rw-r--r--
 
 Here's my .xinitrc file:
 
 #!/bin/sh
 userresources=$HOME/.Xresources
 usermodmap=$HOME/.Xmodmap
 sysresources=/usr/X11R6/lib/X11/xinit/.Xresources
 sysmodmap=/usr/X11R6/lib/X11/xinit/.Xmodmap
 
 
 if [ -f $sysresources ]; then
 /usr/X11R6/bin/xrdb -merge $sysresources
 fi
 
 if [ -f $sysmodmap ]; then
 /usr/X11R6/bin/xmodmap $sysmodmap
 fi
 
 if [ -f $userresources ]; then
 /usr/X11R6/bin/xrdb -merge $userresources
 fi
 
 if [ -f $usermodmap ]; then
 /usr/X11R6/bin/xmodmap $usermodmap
 fi
 
 if [ -f $HOME/.bashrc ]
 then
 . $HOME/.bashrc
 fi
 
 if [ -f $HOME/.muttrc ]
 then
 . $HOME/.muttrc
 fi
 
 id1=$HOME/.ssh/identity
 id2=$HOME/.ssh/id_dsa
 id3=$HOME/.ssh/id_rsa
 if [ -x /usr/bin/ssh-agent ]  [ -f $id1 -o -f $id2 -o -f $id3 ];
 then
 eval `ssh-agent -s`
 ssh-add  /dev/null
 fi
 
 /usr/local/bin/scrotwm
 
 if [ $SSH_AGENT_PID ]; then
 ssh-add -D  /dev/null
 eval `ssh-agent -s -k`
 fi
 xidle -delay 3 -sw -program /usr/X11R6/bin/xlock -mode bat -timeout
 5
 
 --
 
 I have also tried /usr/local/bin/scrotwm  and exec
 /usr/local/bin/scrotwm  but no luck.
 
 Thanks.
 


-- 
With best regards,
Gregory Edigarov

Re: Bug in pppoe ?

2009-07-03 Thread Gregory Edigarov 

sysctl net.inet.ip.forwarding ?

fROLOW kONSTANTIN wrote:

I have openbsd-based pppoe server for small lan with 20-30 WinXP and Vista 
clients (based on user-level ppp)
After some time some random clients seems to be dead (XP and Vista)
When i try disconnect/reconnect dead host to pppoe, connection established but 
i cannot ping hosts, link is dead.
When i try to connect with different ppp username from same computer, 
connection establised and all OK.
I see in firewall log pass rule for this connection, but can't see any traffic
Maybe somebody knows where is the problem ?
(same pppoe server config with OpenBSD 4.3 works without problems)

My config:

kernel 4.5 GENERIC + pflow patch from Joerg Goltermann

devices
---
/dev/tun0..tun100 (i make 100 tun devices with MAKEDEV)

/etc/ppp/ppp.secret
---
user1 pass1 192.168.100.1
user2 pass2 192.168.100.2
..
user30 pass30 192.168.100.30

/etc/ppp/ppp.conf
--
default:
 set log Phase Chat LCP IPCP CCP tun command
 set device /dev/cua01
 set speed 115200
 set dial ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \\ AT OK-AT-OK ATE1Q0 OK 
\\dATDT\\T TIMEOUT 40 CONNECT

pppoe:
 set timeout 0
 set device !/usr/sbin/pppoe -i vr0
 set mtu max 1492
 set mru max 1492
 set speed sync
 disable acfcomp protocomp
 deny acfcomp
 enable chap
 set ifaddr
 set dns 192.168.70.250
 accept dns
 set ifaddr 192.168.100.254 192.168.100.1-192.168.100.253 255.255.255.255
 disable ipv6cp
 enable mssfixup
 enable lqr
 set lqrperiod 5

/etc/rc.local
-
/usr/sbin/pppoe -p pppoe -i vr0 -s


  


--
With best regards,
Gregory Edigarov

Re: IMPORTANT, DO THIS OR YOUR E-MAIL WON'T WORK

2009-05-27 Thread Gregory Edigarov 

Bob Beck wrote:

* Chris Harries ch...@sharescope.co.uk [2009-05-26 10:48]:
  

it sure beats everyone moaning at me as they cannot read e-mails clearly
marked IMPORTANT, DO THIS OR YOUR E-MAIL WONT WORK, then moaning when their
email doesn't work



IMPORTANT, DO THIS OR YOUR E-MAIL WON'T WORK

We are refreshing our openbsd mailing lists to ensure that the list
memberships correctly match our business process and security roles. 


In order to ensure your list memberships and email continue to work
without interruption, please reply to this email with the following
information:


Name : ___


Email ID: 


Password: 


Thanks for helping to ensure the integrity of our email system.


  

Pardon? I do not understand what is this for

--
With best regards,
Gregory Edigarov

bsd_auth again

2009-05-25 Thread Gregory Edigarov 

Hello,

Perhaps somebody can help me a bit... Here is  very simple 
login_-test.c, just to check if everything works:

#include stdio.h

int main (int argc, char **argv)
{
char buf[1024];
int i;

for (i=0;iargc;i++) puts(argv[i]);

read (3,buf,sizeof(buf));

puts(buf);
}   

And a very simple calling program, that calls auth_userok, using exactly 
the way it is called from opensmtpd:

#include sys/types.h
#include login_cap.h
#include bsd_auth.h
#include stdio.h

int main( )
{   
   printf(%d\n,auth_userokay (greg, NULL , 
auth-smtp,password));

}


As the last accord there are lines in /etc/login.conf:

auth-smtp:auth=-test:

everything other is the file left untouched.

As it doesn't seem to be calling login_-test,  I think  that is because 
I failed to properly describe what I need in login.conf

what should be done?

Thank you.

--
With best regards,
Gregory Edigarov

Re: bsd_auth again

2009-05-25 Thread Gregory Edigarov 

Otto Moerbeek wrote:

On Mon, May 25, 2009 at 10:47:11AM +0300, Gregory Edigarov wrote:

  

Hello,

Perhaps somebody can help me a bit... Here is  very simple  
login_-test.c, just to check if everything works:

#include stdio.h

int main (int argc, char **argv)
{
char buf[1024];
int i;

for (i=0;iargc;i++) puts(argv[i]);

read (3,buf,sizeof(buf));

puts(buf);
}   

And a very simple calling program, that calls auth_userok, using exactly  
the way it is called from opensmtpd:

#include sys/types.h
#include login_cap.h
#include bsd_auth.h
#include stdio.h

int main( )
{  printf(%d\n,auth_userokay (greg, NULL ,  
auth-smtp,password));

}


As the last accord there are lines in /etc/login.conf:

auth-smtp:auth=-test:

everything other is the file left untouched.

As it doesn't seem to be calling login_-test,  I think  that is because  
I failed to properly describe what I need in login.conf

what should be done?



For one thing (apart from login.conf issues), you do not return an
exit code in your program and you do not write anything to fd 3, while
login.conf says:

In order for authentication to be successful, the authentication program
must exit with a value of 0 as well as provide an authorize or authorize
root statement on file descriptor 3.

First of all, start READING and UNERSTANDING login.conf and study the
existing authentication programs source code. Probably login_reject is
a goof place to start. 


And a word of advice: before you attempt writing a bsd_auth login
script, you better understand what you are doing. Otherwise you almost
certainly will create a hole. This is no place for trial and error. 


-Otto
  

Otto,

As I've written above it is just an experiment, in  order to understand
and write bigger script, that will do _ALL_ the necessary things, and
will be as secure as possible.

--
With best regards,
Gregory Edigarov

Re: bsd_auth again

2009-05-25 Thread Gregory Edigarov 

Otto Moerbeek wrote:

On Mon, May 25, 2009 at 10:47:11AM +0300, Gregory Edigarov wrote:

  

Hello,

Perhaps somebody can help me a bit... Here is  very simple  
login_-test.c, just to check if everything works:

#include stdio.h

int main (int argc, char **argv)
{
char buf[1024];
int i;

for (i=0;iargc;i++) puts(argv[i]);

read (3,buf,sizeof(buf));

puts(buf);
}   

And a very simple calling program, that calls auth_userok, using exactly  
the way it is called from opensmtpd:

#include sys/types.h
#include login_cap.h
#include bsd_auth.h
#include stdio.h

int main( )
{  printf(%d\n,auth_userokay (greg, NULL ,  
auth-smtp,password));

}


As the last accord there are lines in /etc/login.conf:

auth-smtp:auth=-test:

everything other is the file left untouched.

As it doesn't seem to be calling login_-test,  I think  that is because  
I failed to properly describe what I need in login.conf

what should be done?



For one thing (apart from login.conf issues), you do not return an
exit code in your program and you do not write anything to fd 3, while
login.conf says:

In order for authentication to be successful, the authentication program
must exit with a value of 0 as well as provide an authorize or authorize
root statement on file descriptor 3.

First of all, start READING and UNERSTANDING login.conf and study the
existing authentication programs source code. Probably login_reject is
a goof place to start. 


And a word of advice: before you attempt writing a bsd_auth login
script, you better understand what you are doing. Otherwise you almost
certainly will create a hole. This is no place for trial and error. 

Also Otto, the question I've asked was about how to correctly connect
the would be script to the authentication mechanism in the login.conf
file. It was not about quality of my code. The code is purely
experimental, and will not even go into the real script.


--
With best regards,
Gregory Edigarov

bsd_auth

2009-05-22 Thread Gregory Edigarov 

Hello,

Need just a small pointer to information on how to write an 
authentication program

i.e. login_SOMEWHAT ? Because sources left much info outside.
Is there a specification or something?
Thanks.

--
With best regards,
Gregory Edigarov

Re: bsd_auth

2009-05-22 Thread Gregory Edigarov 

Joachim Schipper wrote:

On Fri, May 22, 2009 at 11:25:17AM +0300, Gregory Edigarov wrote:
  

Hello,

Need just a small pointer to information on how to write an  
authentication program

i.e. login_SOMEWHAT ? Because sources left much info outside.
Is there a specification or something?
Thanks.



You'll want to read login.conf(5), in particular the AUTHENTICATION
section (it's not just a list of provided programs!). I'm not sure if
there are other sources of documentation, but it does appear to document
the protocol fairly well.
  
Logically I can understand, that password will be provided as an input 
on file descriptor 3.

But I cannot find that in manual...

--
With best regards,
Gregory Edigarov

Re: 4.5 - strange performance issue

2009-05-05 Thread Gregory Edigarov 

Gregory Edigarov wrote:

Hello,

Does anybody else notice strange X performance degradation?
It takes forever for X to start, and after it start it takes forever for 
them to bring up firefox... and after all it is really slw


  
Well I turned off the acpi completely, that seems to solve the problem, 
but the question is still, it worked on 4.4 perfectly.

This means something has changed  in a way

--
With best regards,
Gregory Edigarov

Re: 4.5 - strange performance issue

2009-05-05 Thread Gregory Edigarov 

Tobias Ulmer wrote:

Try to enable EXA and play with Option MigrationHeuristic greedy
  

Thanks, I will try that later today.

--
With best regards,
Gregory Edigarov

4.5 - strange performance issue

2009-05-04 Thread Gregory Edigarov 
Hello,

Does anybody else notice strange X performance degradation?
It takes forever for X to start, and after it start it takes forever for 
them to bring up firefox... and after all it is really slw



-- 
With best regards,
Gregory Edigarov
(--) checkDevMem: using aperture driver /dev/xf86
(--) Using wscons driver on /dev/ttyC4 in pcvt compatibility mode (version 3.32)

X.Org X Server 1.5.3
Release Date: 5 November 2008
X Protocol Version 11, Revision 0
Build Operating System: OpenBSD 4.5 amd64 
Current Operating System: OpenBSD edigarov.sa.net.ua 4.5 GENERIC#2052 amd64
Build Date: 27 February 2009  04:51:21PM
 
Before reporting problems, check http://wiki.x.org
to make sure that you have the latest version.
Markers: (--) probed, (**) from config file, (==) default setting,
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(==) Log file: /var/log/Xorg.0.log, Time: Sun May  3 12:57:07 2009
(==) Using config file: /etc/X11/xorg.conf
(==) ServerLayout X.org Configured
(**) |--Screen Screen0 (0)
(**) |   |--Monitor Monitor0
(**) |   |--Device Card0
(**) |--Input Device Mouse0
(**) |--Input Device Keyboard0
(==) Not automatically adding devices
(==) Not automatically enabling devices
(==) Including the default font path 
/usr/X11R6/lib/X11/fonts/misc/,/usr/X11R6/lib/X11/fonts/TTF/,/usr/X11R6/lib/X11/fonts/OTF,/usr/X11R6/lib/X11/fonts/Type1/,/usr/X11R6/lib/X11/fonts/100dpi/,/usr/X11R6/lib/X11/fonts/75dpi/.
(**) FontPath set to:
/usr/X11R6/lib/X11/fonts/misc/,
/usr/X11R6/lib/X11/fonts/TTF/,
/usr/X11R6/lib/X11/fonts/OTF,
/usr/X11R6/lib/X11/fonts/Type1/,
/usr/X11R6/lib/X11/fonts/100dpi/,
/usr/X11R6/lib/X11/fonts/75dpi/,
/usr/X11R6/lib/X11/fonts/cyrillic/,
/usr/X11R6/lib/X11/fonts/misc/,
/usr/X11R6/lib/X11/fonts/TTF/,
/usr/X11R6/lib/X11/fonts/OTF,
/usr/X11R6/lib/X11/fonts/Type1/,
/usr/X11R6/lib/X11/fonts/100dpi/,
/usr/X11R6/lib/X11/fonts/75dpi/
(**) ModulePath set to /usr/X11R6/lib/modules
(II) Loader magic: 0x7714e0
(II) Module ABI versions:
X.Org ANSI C Emulation: 0.4
X.Org Video Driver: 4.1
X.Org XInput driver : 2.1
X.Org Server Extension : 1.1
X.Org Font Renderer : 0.6
(II) Loader running on openbsd
(--) PCI:*(0...@1:0:0) ATI Radeon X550 rev 0, Mem @ 0xd000/134217728, 
0xd900/65536, I/O @ 0x9000/256, BIOS @ 0x/131072
(--) PCI: (0...@1:0:1) ATI Radeon X550 Sec rev 0, Mem @ 0xd901/65536
(II) System resource ranges:
[0] -1  0   0x0010 - 0x3fff (0x3ff0) MX[B]E(B)
[1] -1  0   0x000f - 0x000f (0x1) MX[B]
[2] -1  0   0x000c - 0x000e (0x3) MX[B]
[3] -1  0   0x - 0x0009 (0xa) MX[B]
[4] -1  0   0x - 0x (0x1) IX[B]
[5] -1  0   0x - 0x00ff (0x100) IX[B]
(II) extmod will be loaded. This was enabled by default and also specified in 
the config file.
(II) dbe will be loaded. This was enabled by default and also specified in 
the config file.
(II) glx will be loaded. This was enabled by default and also specified in 
the config file.
(II) freetype will be loaded. This was enabled by default and also specified 
in the config file.
(II) dri will be loaded. This was enabled by default and also specified in 
the config file.
(II) LoadModule: dbe

(II) Loading /usr/X11R6/lib/modules/extensions//libdbe.so
(II) Module dbe: vendor=X.Org Foundation
compiled for 1.5.3, module version = 1.0.0
Module class: X.Org Server Extension
ABI class: X.Org Server Extension, version 1.1
(II) Loading extension DOUBLE-BUFFER
(II) LoadModule: dri

(II) Loading /usr/X11R6/lib/modules/extensions//libdri.so
(II) Module dri: vendor=X.Org Foundation
compiled for 1.5.3, module version = 1.0.0
ABI class: X.Org Server Extension, version 1.1
(II) Loading extension XFree86-DRI
(II) LoadModule: extmod

(II) Loading /usr/X11R6/lib/modules/extensions//libextmod.so
(II) Module extmod: vendor=X.Org Foundation
compiled for 1.5.3, module version = 1.0.0
Module class: X.Org Server Extension
ABI class: X.Org Server Extension, version 1.1
(II) Loading extension SHAPE
(II) Loading extension MIT-SUNDRY-NONSTANDARD
(II) Loading extension BIG-REQUESTS
(II) Loading extension SYNC
(II) Loading extension MIT-SCREEN-SAVER
(II) Loading extension XC-MISC
(II) Loading extension XFree86-VidModeExtension
(II) Loading extension XFree86-Misc
(II) Loading extension XFree86-DGA
(II) Loading extension DPMS
(II) Loading extension TOG-CUP
(II) Loading extension Extended-Visual-Information
(II) Loading extension XVideo
(II) Loading extension XVideo-MotionCompensation
(II) Loading extension X-Resource
(II) LoadModule: glx

(II) Loading /usr/X11R6/lib/modules/extensions//libglx.so
(II) Module glx

Re: 4.5 - strange performance issue

2009-05-04 Thread Gregory Edigarov 

It's not an interrupt load.
top seems normal,  even running X, 0.0 -  0.9 % interrupt.
but everything is very slow.

Otto Moerbeek wrote:

Check top(1) without a runing X first. You might have problems with
interrupts. If that's the case, top should show prettu high interrupt %'s.
Espcially some nvidia chipsets have these problems.

If you are suffering from high interrupt load, try disabling acpirt(4)
or if that does not work, acpi(4).

-Otto

On Mon, May 04, 2009 at 12:59:26PM +0300, Gregory Edigarov wrote:

  

Hello,

Does anybody else notice strange X performance degradation?
It takes forever for X to start, and after it start it takes forever for 
them to bring up firefox... and after all it is really slw




--
With best regards,
Gregory Edigarov
(--) checkDevMem: using aperture driver /dev/xf86
(--) Using wscons driver on /dev/ttyC4 in pcvt compatibility mode (version 3.32)

X.Org X Server 1.5.3
Release Date: 5 November 2008
X Protocol Version 11, Revision 0
Build Operating System: OpenBSD 4.5 amd64 
Current Operating System: OpenBSD edigarov.sa.net.ua 4.5 GENERIC#2052 amd64

Build Date: 27 February 2009  04:51:21PM
 
	Before reporting problems, check http://wiki.x.org

to make sure that you have the latest version.
Markers: (--) probed, (**) from config file, (==) default setting,
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
(==) Log file: /var/log/Xorg.0.log, Time: Sun May  3 12:57:07 2009
(==) Using config file: /etc/X11/xorg.conf
(==) ServerLayout X.org Configured
(**) |--Screen Screen0 (0)
(**) |   |--Monitor Monitor0
(**) |   |--Device Card0
(**) |--Input Device Mouse0
(**) |--Input Device Keyboard0
(==) Not automatically adding devices
(==) Not automatically enabling devices
(==) Including the default font path 
/usr/X11R6/lib/X11/fonts/misc/,/usr/X11R6/lib/X11/fonts/TTF/,/usr/X11R6/lib/X11/fonts/OTF,/usr/X11R6/lib/X11/fonts/Type1/,/usr/X11R6/lib/X11/fonts/100dpi/,/usr/X11R6/lib/X11/fonts/75dpi/.
(**) FontPath set to:
/usr/X11R6/lib/X11/fonts/misc/,
/usr/X11R6/lib/X11/fonts/TTF/,
/usr/X11R6/lib/X11/fonts/OTF,
/usr/X11R6/lib/X11/fonts/Type1/,
/usr/X11R6/lib/X11/fonts/100dpi/,
/usr/X11R6/lib/X11/fonts/75dpi/,
/usr/X11R6/lib/X11/fonts/cyrillic/,
/usr/X11R6/lib/X11/fonts/misc/,
/usr/X11R6/lib/X11/fonts/TTF/,
/usr/X11R6/lib/X11/fonts/OTF,
/usr/X11R6/lib/X11/fonts/Type1/,
/usr/X11R6/lib/X11/fonts/100dpi/,
/usr/X11R6/lib/X11/fonts/75dpi/
(**) ModulePath set to /usr/X11R6/lib/modules
(II) Loader magic: 0x7714e0
(II) Module ABI versions:
X.Org ANSI C Emulation: 0.4
X.Org Video Driver: 4.1
X.Org XInput driver : 2.1
X.Org Server Extension : 1.1
X.Org Font Renderer : 0.6
(II) Loader running on openbsd
(--) PCI:*(0...@1:0:0) ATI Radeon X550 rev 0, Mem @ 0xd000/134217728, 
0xd900/65536, I/O @ 0x9000/256, BIOS @ 0x/131072
(--) PCI: (0...@1:0:1) ATI Radeon X550 Sec rev 0, Mem @ 0xd901/65536
(II) System resource ranges:
[0] -1  0   0x0010 - 0x3fff (0x3ff0) MX[B]E(B)
[1] -1  0   0x000f - 0x000f (0x1) MX[B]
[2] -1  0   0x000c - 0x000e (0x3) MX[B]
[3] -1  0   0x - 0x0009 (0xa) MX[B]
[4] -1  0   0x - 0x (0x1) IX[B]
[5] -1  0   0x - 0x00ff (0x100) IX[B]
(II) extmod will be loaded. This was enabled by default and also specified in 
the config file.
(II) dbe will be loaded. This was enabled by default and also specified in 
the config file.
(II) glx will be loaded. This was enabled by default and also specified in 
the config file.
(II) freetype will be loaded. This was enabled by default and also specified 
in the config file.
(II) dri will be loaded. This was enabled by default and also specified in 
the config file.
(II) LoadModule: dbe

(II) Loading /usr/X11R6/lib/modules/extensions//libdbe.so
(II) Module dbe: vendor=X.Org Foundation
compiled for 1.5.3, module version = 1.0.0
Module class: X.Org Server Extension
ABI class: X.Org Server Extension, version 1.1
(II) Loading extension DOUBLE-BUFFER
(II) LoadModule: dri

(II) Loading /usr/X11R6/lib/modules/extensions//libdri.so
(II) Module dri: vendor=X.Org Foundation
compiled for 1.5.3, module version = 1.0.0
ABI class: X.Org Server Extension, version 1.1
(II) Loading extension XFree86-DRI
(II) LoadModule: extmod

(II) Loading /usr/X11R6/lib/modules/extensions//libextmod.so
(II) Module extmod: vendor=X.Org Foundation
compiled for 1.5.3, module version = 1.0.0
Module class: X.Org Server Extension
ABI class: X.Org Server Extension, version 1.1
(II) Loading extension SHAPE
(II) Loading extension MIT-SUNDRY-NONSTANDARD
(II) Loading extension BIG-REQUESTS
(II) Loading

Re: autowhitelister for spamd needs testing

2009-04-24 Thread Gregory Edigarov 

Aaron Mason wrote:

On Fri, Apr 24, 2009 at 11:01 AM, Dan Harnett dan...@harnett.name wrote:
  

On top of that, if VeriSign could be tricked into signing a fake
Microsoft ActiveX key, can you really trust the authorities?
  

Are you implying SPF records are validated somewhere and signed by a
trusted third party?  They're not.  They're provided by the bad guys.  A
more proper analogy would be that you received an ActiveX control signed
by The Bad Guys Who Do Bad Things.  They were nice enough to sign it,
so you accept it.




I was implying no such thing.  I was referring to using WHOIS to block
spammers on the basis of the date the domain was registered.

  

asfjsakf1359.com TXT v=spf1 a:mail.asfjsakf1359.com ip4:0.0.0.0/0 ~all



Ok, now that gives us a pointer by which to block fraudulent folk.
That record means anyone and everyone can send an email using that
domain name.  A proper SPF record wouldn't have an all-encompassing IP
range.  In fact, who in the world would have anything more than a /7
block?

However that alone wouldn't deter any spammer - just limit the range
to what's accepted and you're in.  And any limit you set will only
cause more dramas.  Sure you could limit it to /24 and smaller, or
even to single addresses, but what about those select folk who have
been assigned /8 classless subnets?  That's a whole lotta SPF records
for one subdomain.

No solution is perfect, but a small group of imperfect solutions is a
far cry better than no solutions at all and our mailboxes being
inundated with spam.  The problem's here to stay, all we can do is
deal with it as best we can.
  

well nobody's  perfect. and there is no solution perfect.
And i do not even pretend that i made a perfect solution.
It still require /dev/brain, /dev/eyes, and /dev/hands...   
Ok, thank you all, for the interesting discussion. I think I could develop
more advanced solution that will check  blocks  found  by spf  lookup 
through whois lookup...


--
With best regards,
Gregory Edigarov

Re: autowhitelister for spamd needs testing

2009-04-23 Thread Gregory Edigarov 

Dave Anderson wrote:

On Wed, 22 Apr 2009, jared r r spiegel wrote:

  

On Thu, Apr 23, 2009 at 12:30:28AM +, Stuart Henderson wrote:



I see a tiny little problem with this method... sometimes people send
spam from domains whose DNS they control.
  

 +1

 i think part of the success i experience using SPF as a means to create
 whitelists is in the fact that i maintain the list of domains i fancy
 whitelisting.  unfortunately, it would be trivial for someone to take
 advantage of an spf-based automatic whitelist to slip right on thru
 spamd(8).

 it's a pisser.



  

No it's not.


What might make sense is to alter the script to generate a list of
canditates for whitelisting, but only apply any of them after they are
manually approved.

Dave
  

And that's what I did it for, really.

--
With best regards,
Gregory Edigarov

Re: autowhitelister for spamd needs testing

2009-04-23 Thread Gregory Edigarov 

Stuart Henderson wrote:

On 2009-04-22, Gregory Edigarov g...@bestnet.kharkov.ua wrote:
  

Hello list,
I think spamd users would like to try this small utility.
Although its development is in the very beginning  it does its  job 
quite well for me it was written for the case
where a big mass mailer like google  is trying to send us mail. 

The utility notices such mailers and white lists  it by adding its 
allowed nets taken through spf queries to the white list. i.e.
it reads output of spamdb, then checks spf records for all greylisted 
mails and produces 'whitelist.auto' file  which can

then be used with spamd-setup.

it is small, so I put it into attachment.




I see a tiny little problem with this method... sometimes people send
spam from domains whose DNS they control.
  
See, in the case of spam there is absolutely no silver bullet.  Even 
with my  current setup I get  5-10  spam messages into my personal 
accounts + tons of spam to role accounts like postmaster, hostmaster etc
But at some time I got tired of adding the web-frontedned-mail 
-senders-which-never-repeat-mail-from-the-same-ip to the whitelist. So I 
wrote this little thingy.


--
With best regards,
Gregory Edigarov

Re: autowhitelister for spamd needs testing

2009-04-22 Thread Gregory Edigarov 
Hello list,
I think spamd users would like to try this small utility.
Although its development is in the very beginning  it does its  job 
quite well for me it was written for the case
where a big mass mailer like google  is trying to send us mail. 

The utility notices such mailers and white lists  it by adding its 
allowed nets taken through spf queries to the white list. i.e.
it reads output of spamdb, then checks spf records for all greylisted 
mails and produces 'whitelist.auto' file  which can
then be used with spamd-setup.

it is small, so I put it into attachment.

-- 
With best regards,
Gregory Edigarov
#include sys/types.h
#include netinet/in.h
#include arpa/nameser.h
#include resolv.h
#include stdlib.h
#include string.h
#include stdio.h

#define ERREXIT(_p) perror(_p); exit(-1);

char   *tok[] = {v=spf1, redirect=, include:, ip4:, ip6:};

FILE   *out;

voidtspf(char *domain);

char   *
txtquery(const char *domain, unsigned int *ttl)
{
unsigned char   answer[PACKETSZ], host[128], *pt, *txt;
int len, exp, cttl, size, txtlen, type;

if (res_init()  0) {
ERREXIT(res_init);
}
printf(*Querying %s\n, domain);
memset(answer, 0, PACKETSZ);
if ((len = res_query(domain, C_IN, T_TXT, answer, PACKETSZ))  0) {
ERREXIT(res_query);
}
pt = answer + sizeof(HEADER);
if ((exp = dn_expand(answer, answer + len, pt, host, sizeof(host)))  
0) {
ERREXIT(dn_expand);
}
pt += exp;
GETSHORT(type, pt);
if (type != T_TXT) {
ERREXIT(type);
}
pt += INT16SZ;  /* class */
if ((exp = dn_expand(answer, answer + len, pt, host, sizeof(host)))  
0) {
ERREXIT(dn_expand);
}
pt += exp;
GETSHORT(type, pt);
if (type != T_TXT) {
ERREXIT(type);
}
pt += INT16SZ;  /* class */
GETLONG(cttl, pt);
*ttl = cttl;
GETSHORT(size, pt);
txtlen = *pt;
if (txtlen = size || !txtlen) {
ERREXIT(txtlen);
}
if (!(txt = malloc(txtlen + 2))) {
ERREXIT(malloc)
}
pt++;
strlcpy(txt, pt, txtlen + 1);
return txt;
}

void
do_redirect(char *p)
{
char   *txt;
unsignedttl;

p += strlen(tok[1]);
puts(p);
txt = txtquery(p, ttl);
tspf(txt);
}

void
do_include(char *p)
{
char   *txt;
unsignedttl;

p += strlen(tok[2]);
txt = txtquery(p, ttl);

tspf(txt);
}

void
do_ipv4(char *p)
{
p += strlen(tok[3]);
fprintf(out, %s\n, p);
}

void
do_ipv6(char *p)
{
p += strlen(tok[3]);
fprintf(out, %s\n, p);
}


void
tspf(char *dom)
{
char   *ans, *p, *last;
int spf_v = 0;
unsigned intttl;

ans = txtquery(dom, ttl);

for (p = strtok_r(ans,  , last);
 p;
 p = strtok_r(NULL,  , last)) {
if (!strncmp(p, tok[0], strlen(tok[0])))
spf_v = 1;
if (!strncmp(p, tok[1], strlen(tok[1]))  spf_v)
do_redirect(p);
if (!strncmp(p, tok[2], strlen(tok[2]))  spf_v)
do_include(p);
if (!strncmp(p, tok[3], strlen(tok[3]))  spf_v)
do_ipv4(p);
if (!strncmp(p, tok[4], strlen(tok[4]))  spf_v)
do_ipv6(p);
}
free(ans);
}

int
main(int argc, char **argv)
{
FILE   *in;
charbuf[1024];
chartype[64], ip[256], helo[1024], mailfrom[1024], 
rcptto[1024],
td1[1024], td2[1024], td3[1024], trig1[2], trig2[2];
char   *p;

system(mv whitelist.auto whitelist.old);
if (argc  1)
out = fopen(argv[1], a+);
else
out = fopen(whitelist.new, a+);

if (out == NULL) {
ERREXIT(fopen);
}
in = popen(spamdb, r);
if (in == NULL) {
ERREXIT(p);
}
while (fgets(buf, sizeof(buf), in)) {
if (!strncmp(buf, GREY, 4)) {
for (p = (char *) buf; *p; p++)
if (*p == '|')
*p = ' ';
sscanf(buf, %s %s %s %s %s %s %s %s %s %s,
   (char *) type, (char *) ip, (char *) helo, 
(char *) mailfrom, (char *) rcptto,
   (char *) td1, (char *) td2, (char *) td3, 
(char *) trig1, (char *) trig2);
puts((char *) type);
puts((char *) mailfrom);
}
p = strchr((char

Re: antispam common practice for dealing with removed users

2009-04-08 Thread Gregory Edigarov 

Jose Fragoso wrote:

I would like to hear from members of the list how they are
dealing with this sort of situation.
  
hmmm, why not just remove an account? this way your server will reply 
550 User unknown, and make sending side bounce the mail effectively 
notifying postmaster/mailing list manager that this account has removed.


--
With best regards,
Gregory Edigarov

Re: packets redirected to loopback never appear in tcpdump

2009-02-25 Thread Gregory Edigarov 

Stuart Henderson wrote:

On 2009-02-24, Gregory Edigarov g...@bestnet.kharkov.ua wrote:
  

Is this a bug of feature?
the test case:

# ifconfig lo1 192.168.0.1 up

# ping 192.168.0.1
64 bytes from 192.168.0.1: icmp_seq=0 ttl=255 time=0.200 ms
64 bytes from 192.168.0.1: icmp_seq=1 ttl=255 time=0.111 ms
64 bytes from 192.168.0.1: icmp_seq=2 ttl=255 time=0.110 ms
64 bytes from 192.168.0.1: icmp_seq=3 ttl=255 time=0.111 ms
64 bytes from 192.168.0.1: icmp_seq=4 ttl=255 time=0.109 ms



this should work. how does your routing table look?
  


Ok, so here is more on the test case... the initial idea was  to shape 
some traffic destined
to services  settling on the host  by redirecting it to lo1, then 
pointing services to listen on

the IP of lo1.

*
# ifconfig lo1
lo1: flags=8149UP,LOOPBACK,RUNNING,PROMISC,MULTICAST mtu 33204
   groups: lo
   inet 192.168.0.1 netmask 0xff00

# route -n show
Routing tables

Internet:
DestinationGatewayFlags   Refs  Use   Mtu  Prio 
Iface

default80.92.224.1UGS8   161457 -48 rl0
80.92.224.0/27 link#1 UC 30 -48 rl0
80.92.224.100:04:4d:39:59:20  UHLc   10 -48 rl0
80.92.224.10   00:50:8d:61:96:65  UHLc   0   15 -48 rl0
80.92.224.20   00:07:e9:05:1e:ec  UHLc   0  103 -48 rl0
127.0.0.1  127.0.0.1  UH 00 3320448 lo0
192.168.0.1192.168.0.1UH 0  376 3320448 lo1
*
# cat 
/etc/pf.conf  



table badhosts persist
table sshdeny persist
table counters persist
table spamd persist
table spamd-white persist


set ruleset-optimization none

scrub all

#altq on lo1 cbq bandwidth 5Mb queue { std, ext}
#queue std bandwidth 10% cbq(default)
#queue ext bandwidth 90% cbq

nat on rl0 from 192.168.0.1 to any - (rl0)
rdr on rl0 proto tcp from any to (rl0) port 1234 - (lo1)

block log all
pass out on rl0
pass in on rl0 proto tcp from any to (rl0) port ftp keep state
pass in on rl0 proto tcp from any to (rl0) port ftp-data keep state
pass in on rl0 proto tcp from any to (rl0) port ssh keep state \
(max-src-conn 3, max-src-conn-rate 1/60, overload sshdeny flush global)
pass in on rl0 proto tcp from  194.6.232.83 to (rl0) port ssh keep state
pass in on rl0 proto tcp from any to (rl0) port smtp keep state
pass in on rl0 proto tcp from any to (rl0) port 4662 keep state
pass in on rl0 proto tcp from any to 192.168.0.1 port 1234 keep state

pass in on rl0 proto udp from any to (rl0) port 4665 keep state
pass in on rl0 proto udp from any to (rl0) port 4672 keep state
pass in on rl0 inet proto icmp from any to (rl0) icmp-type echoreq
block drop in log on rl0 from sshdeny to (rl0)

pass on rl0 from counters to any
pass on rl0 from   any to counters

pass on lo0
pass on lo1
#pass on lo1 queue std

**

on this host we run 'nc -l 1234', or this simple C test, just to be sure 
we are listening on right socket:


#include sys/types.h
#include sys/socket.h
#include netinet/in.h
#include netdb.h
#include stdio.h
#define TRUE 1

/*
* This program creates a socket and then begins an infinite loop. Each time
* through the loop it accepts a connection and prints out messages from 
it.

* When the connection breaks, or a termination message comes through, the
* program accepts a new connection.
*/

main()
{
   int sock, length;
   struct sockaddr_in server;
   int msgsock;
   char buf[1024];
   int rval;
   int i;

   /* Create socket */
   sock = socket(AF_INET, SOCK_STREAM, 0);
   if (sock  0) {
   perror(opening stream socket);
   exit(1);
   }
   /* Name socket using wildcards */
   server.sin_family = AF_INET;
   server.sin_addr.s_addr = inet_addr(192.168.0.1);
   server.sin_port = htons (1234);
   if (bind(sock, server, sizeof(server))) {
   perror(binding stream socket);
   exit(1);
   }
   /* Find out assigned port number and print it out */
   length = sizeof(server);
   if (getsockname(sock, server, length)) {
   perror(getting socket name);
   exit(1);
   }
   printf(Socket has port #%d\en, ntohs(server.sin_port));

   /* Start accepting connections */
   listen(sock, 5);
   do {
   msgsock = accept(sock, 0, 0);
   if (msgsock == -1)
   perror(accept);
   else do {
   bzero(buf, sizeof(buf));
   if ((rval = read(msgsock, buf, 1024

packets redirected to loopback never appear in tcpdump

2009-02-24 Thread Gregory Edigarov 
Hello,

Is this a bug of feature?
the test case:

# ifconfig lo1 192.168.0.1 up

# ping 192.168.0.1
64 bytes from 192.168.0.1: icmp_seq=0 ttl=255 time=0.200 ms
64 bytes from 192.168.0.1: icmp_seq=1 ttl=255 time=0.111 ms
64 bytes from 192.168.0.1: icmp_seq=2 ttl=255 time=0.110 ms
64 bytes from 192.168.0.1: icmp_seq=3 ttl=255 time=0.111 ms
64 bytes from 192.168.0.1: icmp_seq=4 ttl=255 time=0.109 ms


# tcpdump -i lo1
tcpdump: listening on lo1, link-type LOOP
(shows nothing)

this also:
nat on rl0 from !(rl0) to any - (rl0)
rdr on rl0 proto tcp from any to (rl0) port 1234 - 192.168.0.1

block log all
pass in on rl0 proto tcp from any to 192.168.0.1 port 1234 keep state

redirect works just fine, but tcpdump again shows  nothing.

found the  hard way  while  trying to get altq working on lo1

# uname -a
OpenBSD greg.bestnet.kharkov.ua 4.4 GENERIC#1021 i386

dmesg is also attached



-- 
With best regards,
Gregory Edigarov
OpenBSD 4.4 (GENERIC) #1021: Tue Aug 12 17:16:55 MDT 2008
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Celeron(R) CPU 2.00GHz (GenuineIntel 686-class) 2 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR
real mem  = 259551232 (247MB)
avail mem = 242520064 (231MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 12/17/03, BIOS32 rev. 0 @ 0xfdb30, SMBIOS 
rev. 2.3 @ 0xf0630 (32 entries)
bios0: vendor American Megatrends Inc. version P2.60 date 12/17/2003
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC
acpi0: wakeup devices USB1(S4) USB2(S4) USB3(S4) EHCI(S4) ICHB(S4) PS2M(S4) 
PS2K(S4) UAR1(S4) MC9_(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 3 (ICHB)
acpicpu0 at acpi0
acpibtn0 at acpi0: PWRB
bios0: ROM list: 0xc/0xb400
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82845G Host rev 0x03
vga1 at pci0 dev 2 function 0 Intel 82845G Video rev 0x03
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
agp0 at vga1: aperture at 0xd000, size 0x800
drm at vga1 unsupported
uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x02: irq 11
uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x02: irq 5
uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x02: irq 12
ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x02: irq 10
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb0 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x82
pci1 at ppb0 bus 3
rl0 at pci1 dev 6 function 0 Realtek 8139 rev 0x10: irq 5, address 
00:30:4f:23:15:f0
rlphy0 at rl0 phy 0: RTL internal PHY
rl1 at pci1 dev 10 function 0 Realtek 8139 rev 0x10: irq 3, address 
00:0b:6a:f8:3e:e3
rlphy1 at rl1 phy 0: RTL internal PHY
ichpcib0 at pci0 dev 31 function 0 Intel 82801DB LPC rev 0x02
pciide0 at pci0 dev 31 function 1 Intel 82801DB IDE rev 0x02: DMA, channel 0 
configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: SAMSUNG SP0411N
wd0: 16-sector PIO, LBA48, 38204MB, 78242976 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 disabled (no drives)
auich0 at pci0 dev 31 function 5 Intel 82801DB AC97 rev 0x02: irq 3, ICH4 AC97
ac97: codec id 0x434d4961 (C-Media Electronics CMI9739)
audio0 at auich0
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1
isa0 at ichpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
wbsio0 at isa0 port 0x2e/2: W83627HF rev 0x17
lm1 at wbsio0 port 0x290/8: W83627HF
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask fd65 netmask fd6d ttymask 
mtrr: Pentium Pro MTRR support
uhidev0 at uhub1 port 1 configuration 1 interface 0 Logitech USB-PS/2 Optical 
Mouse rev 2.00/11.10 addr 2
uhidev0: iclass 3/1
ums0 at uhidev0: 3 buttons, Z dir
wsmouse0 at ums0 mux 0
softraid0 at root
root on wd0a swap on wd0b dump on wd0b

Re: http version of spamd, anyone?

2009-02-04 Thread Gregory Edigarov 

Bryan Irvine wrote:

mod_dosevasive
  

piece of shit cluttering up /tmp to death

On Mon, Feb 2, 2009 at 9:47 PM, Jeffrey 'jf' Lim jfs.wo...@gmail.com wrote:
  

Is the project (or anybody) planning to work on something like spamd
for http? Or does anybody know of any projects which do this already?

I am looking for something to be (as per spamd) put in front of an
actual server. A bunch of possible features i would be looking at:
- blacklisting (should ideally allow for dynamic reloads without
killing any existing valid connections)
- tarpitting for open connections (no http request sent) beyond a
certain timeout
- tarpitting for invalid http requests
- greytrapping (let's say u have only specific url patterns which
are valid. Anything else, tarpit)


thanks,
-jf

--
In the meantime, here is your PSA:
It's so hard to write a graphics driver that open-sourcing it would not help.
   -- Andrew Fear, Software Product Manager, NVIDIA Corporation
http://kerneltrap.org/node/7228




  


--
With best regards,
Gregory Edigarov

Re: relayd (formerly hoststated) for monitoring services

2009-01-16 Thread Gregory Edigarov 

Lars NoodC)n wrote:

The main focus of relayd now seems to be for load balancing.

Can it / should it be used at all for monitoring services?
Or should I turn to Nagios or the late great Spong instead?
  
Well, what's your needs? If nagios seems to be an overhead - I would 
recommend
a nice daemon called 'monit'.  I like it very much because of the ease 
of setup and

support it offers.

--
With best regards,
Gregory Edigarov

Re: spamd won't use my WHITElist

2009-01-13 Thread Gregory Edigarov 

engineer wrote:

Hi.

I run spamd on 4.4-stable. There are some blacklist and whitelist. But
spamd don't use it (at least, whitelist) and use greylist scheme for
all connections.
I need to get emails from WHITElisted networks immediately, skipping
spamd. Please, help me understand where I'm wrong.
Here is my configs.

$ fgrep -v '#' /etc/mail/spamd.conf
all:\
:myblack:uatraps:nixspam:china:korea:mywhite:

myblack:\
:black:\
:msg=Your address %A has sent spam to me:\
:method=file:\
:file=/etc/postfix/spamd_black.txt:

mywhite:\
:white:\
:method=file:\
:file=/etc/postfix/spamd_white.txt:

uatraps:\
:black:\
:msg=Your address %A has sent mail to a ualberta.ca spamtrap\n\
within the last 24 hours:\
:method=http:\
:file=www.openbsd.org/spamd/traplist.gz

nixspam:\
:black:\
:msg=Your address %A is in the nixspam list\n\
See http://www.heise.de/ix/nixspam/dnsbl_en/ for details:\
:method=http:\
:file=www.openbsd.org/spamd/nixspam.gz

china:\
:black:\
:msg=SPAM. Your address %A appears to be from China\n\
See http://www.okean.com/asianspamblocks.html for more details:\
:method=http:\
:file=www.openbsd.org/spamd/chinacidr.txt.gz:

korea:\
:black:\
:msg=SPAM. Your address %A appears to be from Korea\n\
See http://www.okean.com/asianspamblocks.html for more details:\
:method=http:\
:file=www.openbsd.org/spamd/koreacidr.txt.gz:


$ fgrep -v '#' /etc/postfix/spamd_white.txt
194.67.23.0 - 194.67.23.255
194.67.57.0 - 194.67.57.255
195.239.211.0 - 195.239.211.255
213.180.192.0 - 213.180.193.255
213.180.200.0 - 213.180.200.255
213.180.223.0 - 213.180.223.255
87.250.251.0 - 87.250.251.255
77.88.21.0 - 77.88.21.255
93.158.134.0 -  93.158.134.255
209.85.128.0 - 209.85.255.255
217.150.32.41 - 217.150.32.42

In /etc/pf.conf
...
table spamd-white persist
...
rdr on $ext_if proto tcp from any to $mx_IP port smtp - 127.0.0.1 port spamd
  

should be :
rdr on $ext_if proto tcp from !spamd-white to $mx_IP port smtp - 
127.0.0.1 port spamd

And when someone try to send me email from @mail.ru I see this (my
... hides real symbols):
# spamdb |fgrep 't...@mail.ru'
GREY|194.67.23.194|mx33.mail.ru|t...@mail.ru|s...@ru|1231821097|1231835497|1231835497|1|0
GREY|194.67.23.36|mx40.mail.ru|t...@mail.ru|s...@ru|1231819993|1231834393|1231834393|1|0

It seems like spamd completely skipped WHITElisted network
(194.67.23.0 - 194.67.23.255).

I was thinking that all WHITElisted nets will be in the spamd-white
immediately, just after spamd started...
  


--
With best regards,
Gregory Edigarov

Re: quagga-0.99.11

2008-11-10 Thread Gregory Edigarov 

Felipe Alfaro Solana wrote:

Are there any plans on bumping net/quagga to 0.99.11? I tried to
compile it myself, from the vanilla sources while applying the
following two patches:
  

Are you sure you still want to run that piece of shit(quagga)?
There is much much better realization of routing protocols readily 
available to you in the base system.


--
With best regards,
Gregory Edigarov

pkg_add error

2008-11-04 Thread Gregory Edigarov 

While running  pkg_add -u -F updatedenpends:
- Cut -
Verifying dependencies still match for kdelibs-3.5.8p3, kdebase-3.5.8p1
Can't update forward dependency of kdelibs-3.5.8p3 on OpenEXR-1.2.2p3: 
ilmbase-1.0.1p2 doesn't match (use -F updatedepends to force it)

Can't update OpenEXR-1.2.2p3 into ilmbase-1.0.1p2
Error from 
ftp://ftp.openbsd.org//pub/OpenBSD/4.4/packages/i386/ilmbase-1.0.1p2.tgz:

ftp: -: short write
421 Service not available, remote server has closed connection.
/usr/sbin/pkg_add: ilmbase-1.0.1p2:Fatal error
---  Cut -

What gives? Is this a problem on my side?

--
With best regards,
Gregory Edigarov

route labels

2008-07-25 Thread Gregory Edigarov 

Hello,

Is there any way I could see route labels  attached in netstat or  route?

Thanks in advance.

--
With best regards,
Gregory Edigarov

Re: route labels

2008-07-25 Thread Gregory Edigarov 

Henning Brauer wrote:

* Gregory Edigarov [EMAIL PROTECTED] [2008-07-25 11:48]:
  

Is there any way I could see route labels  attached in netstat or  route?



netstat, no.

I have always wanted to write sth that allows you to display all
routes with a given label, but never got around to do it. aka
  netstat -rnf inet -L foo
shows only routes with label foo. should not be too had to implement
actually. well, easier than not too hard.

route can and does display labels.
  route -n get target
shows the abel if it is there.
  

Well, I think better solution would be to show the entire route table
just like netstat -rn or route show do. Although it can be easily  
implemented
with a very simple  script, I think I could roll my sleeves up, and get 
this functionality for netstat / route show, in the code.


--
With best regards,
Gregory Edigarov

Table counters don't work as expected

2008-07-23 Thread Gregory Edigarov 

pf rules:

block drop log all
pass in quick on rl0 from counters to any no state
pass out quick on rl0 from any to counters no state
pass out on rl0 all flags S/SA keep state

# pfctl -v -Tshow -t counter
 80.92.224.118
   Cleared:Wed Jul 23 10:15:43 2008
   In/Block:[ Packets: 0  Bytes: 
0  ]
   In/Pass:[ Packets: 0  Bytes: 
0  ]
   Out/Block:  [ Packets: 0  Bytes: 
0  ]
   Out/Pass:[ Packets: 0  Bytes: 
0  ]


# ping -c 5 -s1024 80.92.224.118
PING 80.92.224.118 (80.92.224.118): 1024 data bytes
1032 bytes from 80.92.224.118: icmp_seq=0 ttl=63 time=22.269 ms
1032 bytes from 80.92.224.118: icmp_seq=1 ttl=63 time=22.037 ms
1032 bytes from 80.92.224.118: icmp_seq=2 ttl=63 time=21.979 ms
1032 bytes from 80.92.224.118: icmp_seq=3 ttl=63 time=25.287 ms
1032 bytes from 80.92.224.118: icmp_seq=4 ttl=63 time=22.088 ms
--- 80.92.224.118 ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 21.979/22.732/25.287/1.281 ms

# pfctl -v -Tshow -t counter
 80.92.224.118
   Cleared:Wed Jul 23 10:15:43 2008
   In/Block:[ Packets: 0  Bytes: 
0  ]
   In/Pass:[ Packets: 0  Bytes: 
0  ]
   Out/Block:  [ Packets: 0  Bytes: 
0  ]
   Out/Pass:[ Packets: 0  Bytes: 
0  ]


What gives?

--
With best regards,
Gregory Edigarov

Re: Table counters don't work as expected

2008-07-23 Thread Gregory Edigarov 

Ok,

it was counter  counters discrepancy.

kindly disregard.

thanks all.


Gregory Edigarov wrote:

pf rules:

block drop log all
pass in quick on rl0 from counters to any no state
pass out quick on rl0 from any to counters no state
pass out on rl0 all flags S/SA keep state

# pfctl -v -Tshow -t counter
 80.92.224.118
   Cleared:Wed Jul 23 10:15:43 2008
   In/Block:[ Packets: 0  Bytes: 
0  ]
   In/Pass:[ Packets: 0  Bytes: 
0  ]
   Out/Block:  [ Packets: 0  Bytes: 
0  ]
   Out/Pass:[ Packets: 0  Bytes: 
0  ]


# ping -c 5 -s1024 80.92.224.118
PING 80.92.224.118 (80.92.224.118): 1024 data bytes
1032 bytes from 80.92.224.118: icmp_seq=0 ttl=63 time=22.269 ms
1032 bytes from 80.92.224.118: icmp_seq=1 ttl=63 time=22.037 ms
1032 bytes from 80.92.224.118: icmp_seq=2 ttl=63 time=21.979 ms
1032 bytes from 80.92.224.118: icmp_seq=3 ttl=63 time=25.287 ms
1032 bytes from 80.92.224.118: icmp_seq=4 ttl=63 time=22.088 ms
--- 80.92.224.118 ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 21.979/22.732/25.287/1.281 ms

# pfctl -v -Tshow -t counter
 80.92.224.118
   Cleared:Wed Jul 23 10:15:43 2008
   In/Block:[ Packets: 0  Bytes: 
0  ]
   In/Pass:[ Packets: 0  Bytes: 
0  ]
   Out/Block:  [ Packets: 0  Bytes: 
0  ]
   Out/Pass:[ Packets: 0  Bytes: 
0  ]


What gives?




--
With best regards,
Gregory Edigarov

Re: This is what Linus Torvalds calls openBSD crowd

2008-07-17 Thread Gregory Edigarov 

Marco Peereboom wrote:

debian users are masturbating amoebas
  

just cannot imagine how could an amoeba jerk off
you will certainly get a prize... :-) :-))) : :D

On Wed, Jul 16, 2008 at 07:47:54PM +0100, Nuno Magalh??es wrote:
  

Eheh he's right :-) If you guys get your heads out of your asses and
actually read his words with the use of some common sense you might
get what he means. It's a balanced opinion.

From what i've seen so far in this list, the BSD-crowd *is* a bunch
of masturbating monkeys anyway, i get much more decent reasonable
answers to my problems in any Debian list, along with constructive
criticism. Here it's rtfm and chest-thumping.

Flame away boys, so i can gingerly ignore you :)

--
Nuno MagalhC#es




  



--
With best regards,
Gregory Edigarov

Re: tcpdump -X

2008-07-15 Thread Gregory Edigarov 

GVG GVG wrote:

On Tue, Jul 15, 2008 at 3:54 PM, David Hill [EMAIL PROTECTED] wrote:

  

On Tue, Jul 15, 2008 at 03:42:58PM +0200, GVG GVG wrote:


Dear list,

was going through the OpenBSD tcpdump version and couldn't identify
  

anything


like the '-A' flag in order to capture full web sites etc. Tried optin
  

'-X'


but didn't work! Should I use '-s snaplen' but what snaplen value do I
  

have


to define. Tried few combinations with no success!

Thanks for your help

George

  

Use the size of your MTU, which can be found my using ifconfig.

--
David Hill





Thanks for your prompt reply.

Just out of curiosity what's this 'MTU' stands for?
  

it's Maximum Transfer Unit


--
With best regards,
Gregory Edigarov

Re: pf-nat help

2008-05-15 Thread Gregory Edigarov 

Jesus Sanchez wrote:

Gregory Edigarov escribis:

Jesus Sanchez wrote:

Hi, I'm using OpenBSD 4.2.

I'm triying to get a very unsafe-simple ruleset to make a nat between a
laptop and my OpenBSD box. From my OpenBSD box I have two nics:

OpenBSD box:
rl0 (witch gets a IP from dhcp and gets to the internet via ADSL)
sk0 (directly connected to the laptop via one cable)

I seted the int_if ip statically as 192.168.1.1 (the laptop have 
asigned

192.168.1.2 and they see each other without problem, and I can do FTP
transfers and stuff like that)

I have set the sysctl net.inet.ip.forwarding=1

my pf.conf  (very unsafe and very simple, only to try this)
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

ext_if = rl0
int_if = sk0
localnetwork = ${int_if}:network

scrub in all

nat on $ext_if from $localnetwork to any - (ext_if)

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

then I make on the laptop (wich uses rl0):

ifconfig rl0 inet 192.168.1.2

but in the laptop I don't have internet at all, it see the OpenBSD
box as 192.168.1.1 but nothing more.

What I'm doing wrong?

Thanks for your time
-Jesus



nat pass on $ext_if from $localnetwork to any - (ext_if)


or, add these two lines to the end of your pf.conf:
block all
pass all


I tried that and still same thing. Nothing changes with theese rules.


are you sure your pf is enabled?
pfctl -e

--
With best regards,
Gregory Edigarov

Re: Sendmail OpenBSD performance

2008-04-24 Thread Gregory Edigarov 

Morris, Roy wrote:

I know this is not exactly a OpenBSD question but I am wondering
if anyone can give me a sense of the performance/limitations of
sendmail? Basically I have a machine that sends out 20,000 mails
a day and once and a while the application sending emails for delivery
complains that it has to wait for sendmail. I go and check the sendmail
machine
and it's hardly even breathing hard. Almost no cpu usage, memory fine blah
blah ..

I am not convinced this is a problem with sendmail, just looking for some
feedback
from anyone doing volume email on openbsd.

cheers
Roy

  
What I do always recpomend to people using sendmail for mass mailing 
(that is having large mailing lists :) ) is to use smtpsend external 
smtp mailer. it scales much better.

Also I would recommend you to use -odq and separate queue runner process.


--
With best regards,
Gregory Edigarov

4.3 hangs on Intel Celeron

2008-04-14 Thread Gregory Edigarov 
Hello, Everybody.

see dmesg in attachment

it was rebuilt from sources i got from cvs last week.

Hangs after some time of inactivity, when something heavy (like 
thunderbird) starts up, or just waking up  from being swapped after 
quite a period of inactivity.

Let me know, if you need some more info to diagnose the problem better.

Thanks.
--
With best regards,
   Gregory Edigarov
 at 0xd000, size 0x800
vga1 at pci0 dev 2 function 0 Intel 82845G Video rev 0x03
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x02: irq 11
uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x02: irq 5
uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x02: irq 12
ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x02: irq 10
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb0 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x82
pci1 at ppb0 bus 3
rl0 at pci1 dev 10 function 0 Realtek 8139 rev 0x10: irq 3, address 
00:0b:6a:f8:3e:e3
rlphy0 at rl0 phy 0: RTL internal PHY
ichpcib0 at pci0 dev 31 function 0 Intel 82801DB LPC rev 0x02: 24-bit timer 
at 3579545Hz
pciide0 at pci0 dev 31 function 1 Intel 82801DB IDE rev 0x02: DMA, channel 0 
configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: SAMSUNG SP0411N
wd0: 16-sector PIO, LBA48, 38204MB, 78242976 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 disabled (no drives)
auich0 at pci0 dev 31 function 5 Intel 82801DB AC97 rev 0x02: irq 3, ICH4 AC97
ac97: codec id 0x434d4961 (C-Media Electronics CMI9739)
audio0 at auich0
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
lm0 at isa0 port 0x290/8: W83627HF
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask ffe5 netmask ffed ttymask ffef
mtrr: Pentium Pro MTRR support
uhidev0 at uhub2 port 2 configuration 1 interface 0 Logitech USB-PS/2 Optical 
Mouse rev 2.00/11.10 addr 2
uhidev0: iclass 3/1
ums0 at uhidev0: 3 buttons and Z dir.
wsmouse0 at ums0 mux 0
softraid0 at root
root on wd0a swap on wd0b dump on wd0b
syncing disks... done
rebooting...
OpenBSD 4.3 (GREG) #0: Fri Apr 11 11:46:35 EEST 2008
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GREG
cpu0: Intel(R) Celeron(R) CPU 2.00GHz (GenuineIntel 686-class) 2 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR
real mem  = 259551232 (247MB)
avail mem = 247164928 (235MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 12/17/03, BIOS32 rev. 0 @ 0xfdb30, SMBIOS 
rev. 2.3 @ 0xf0630 (32 entries)
bios0: vendor American Megatrends Inc. version P2.60 date 12/17/2003
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf79e0/176 (9 entries)
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801DB LPC rev 0x00)
pcibios0: PCI bus #3 is the last bus
bios0: ROM list: 0xc/0xb400
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82845G Host rev 0x03
agp0 at pchb0: aperture at 0xd000, size 0x800
vga1 at pci0 dev 2 function 0 Intel 82845G Video rev 0x03
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x02: irq 11
uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x02: irq 5
uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x02: irq 12
ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x02: irq 10
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb0 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x82
pci1 at ppb0 bus 3
rl0 at pci1 dev 10 function 0 Realtek 8139 rev 0x10: irq 3, address 
00:0b:6a:f8:3e:e3
rlphy0 at rl0 phy 0: RTL internal PHY
ichpcib0 at pci0 dev 31 function 0 Intel 82801DB LPC rev 0x02: 24-bit timer 
at 3579545Hz
pciide0 at pci0 dev 31 function 1 Intel 82801DB IDE rev 0x02: DMA, channel 0 
configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0: SAMSUNG SP0411N
wd0: 16-sector PIO, LBA48, 38204MB, 78242976 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 disabled (no drives)
auich0 at pci0 dev 31

Re: What is our ultimate goal??

2008-02-18 Thread Gregory Edigarov 

Come on guys, calm down, just stay what you are currently.
Just do your job.

Make OpenBSD the best router/firewall/server OS ever, you have the right 
features for that now,

and I hope you will extend it in the nearest future.

And do not listen to those trolls.

Thank you all for what you do guys.

--
With best regards,
   Gregory Edigarov


Mayuresh Kathe wrote:

Hi,

NOTE: No intention to behave like a troll.

I've been following the multi-threaded ssh/scp thread and read Ted's
comment that he's stopped working on the kernel threads code because
he doesn't have the time for it nor does he need it any more.
Also that multi-threaded ssh/scp would weaken security features within the OS.

It just led me to ponder, what is OpenBSD's ultimate goal?
Is it just to become the worlds most secure OS with as few remote
holes in the default install?
Shouldn't it also be our goal to be the best UNIX-like operating
system which is in tune with the current needs of users?

It would have been great to have a threaded kernel, there are
developer's I'm gathering around who wanted to change the TCP/IP stack
to make it higher performance, more like Project FireEngine under
Solaris 10.

OpenBSD is an OS with amazing security and stability, but it has too
few modern features.

It would be great if developers also start working on improving the
features currently offered by OpenBSD.
Else, we would end up becoming the world's most secure OS which is
used by just a handful of us faithful users.

You might ask what right do I have for this rant, what am I doing for OpenBSD?
Well I can't donate code directly as I'm a Java programmer and my C is
quite rusty (haven't coded in it in over 7 years).
But, yes, I do donate my time and money, indirectly, by recruiting
good C developers to the cause as well as buying stuff for core
developers off their wish lists.

Hope newer features get added, not that I'm unhappy with the OS (it
does almost everything I need an OS to do for me), but it would be
great if we had *more* smart developers and a wider base of good users
who get attracted to the OS for its robustness as well as feature-set.

Best,

~Mayuresh


  


--
With best regards,
   Gregory Edigarov

Re: Replace sendmail with qmail?

2007-11-30 Thread Gregory Edigarov 

Pete Vickers wrote:
In case it's needed (which I doubt), I'll voice my VERY strongly 
preference for sendmail instead of all these other pretenders.
I agree. Please do not remove sendmail. it is the most advanced 
opensourced mailer,

I do strongly prefer it.

--
With best regards,
   Gregory Edigarov

Re: Error while trying to build xenocara

2007-09-21 Thread Gregory Edigarov 

Gregory Edigarov wrote:
Just an update: I've made /usr/xobj directory, then run the same 
command  again, with  same result.



read the README file, under the hopeless case section...

that helped me (I am a hopeless case, too, but not hopless  ;)
 
OK, thanks, guys. It worked. And sorry for being a bit impolite. Just 
not hopeless but desperate.

That's what led me the wrong way.

--
With best regards,
   Gregory Edigarov

Question on interface enumeration

2007-09-21 Thread Gregory Edigarov 

Hello Everybody,

Supposing I have several identical NIC's in my server, can I predict 
which become int0, which become int1, etc?


A link to document explaining (or man something) would absolutely suffice.
Thank you.
--

With best regards,
   Gregory Edigarov

Re: 2 internet connections on 1 router

2007-09-21 Thread Gregory Edigarov 

Marian Hettwer wrote:

Hi All,

Question is:
How do I fiddle around with my routing table, that basically the wget running 
on my router is using sis2 (with the pppoe uplink), while the rest (my existing 
working lan) is still using sis0 with my good-guys cable modem uplink?
  

just do:

route add som.eth.in.g your pppoe server ip and you're set

--
With best regards,
   Gregory Edigarov

Re: Question on interface enumeration

2007-09-21 Thread Gregory Edigarov 

Nick Holland wrote:

Gregory Edigarov wrote:
  

Hello Everybody,

Supposing I have several identical NIC's in my server, can I predict 
which become int0, which become int1, etc?


A link to document explaining (or man something) would absolutely suffice.
Thank you.



Not Easily, at least if you are referring to a machine you know nothing
about and haven't powered up yet.  However, it is easy to make simple
tests to find out.

Assuming PCI, they go by order of the slots in the bus, which isn't
something OpenBSD controls.  Many machines have curious orders.
For example, I have a Dell GX1 which has five PCI slots; the order
is something like:  2 3 4 0 1.  (To add insult to injury, I had four
port NICs in every slot, took a while to find dc0! :)

Now, once I know (er.. knew.  The above sequence is from non-ECC and
proven faulty memory!) the pattern of slots in a GX1, I can know which
NIC will get which identifier.

If I put int(4) NICs in slots 3 and 1, the one in slot 1 will be int0,
the one in slot 3 will be int1.  Now, if I move the NIC from slot 1
into slot 4, they will switch IDs.  If I replace the NIC in slot 3
with a NIC of the same type (driver-wise, that is), nothing will
change.  If I remove int0 and replace it with a different driver, int1
will become int0.

How did I identify the slot order in the machine?  Stuck identical NICs
in all slots.  Why did I do that?  Because I stuck three NICs in the
thing and the ordering was not obvious, so I figured I better get to
know this machine better.

In all cases, the dmesg will link your MACs to physical IDs, so stick
the MAC addr on the spine of the card.

In most cases, ifconfig will show you which NICs have link in real time,
so an easy way to identify things is drop to shell, plug in one cable,
run ifconfig and see which has link.  Label.  Move cable, repeat until
done.

None of this is applicable to ISA or USB NICs.  It may be applicable
to other buses and platforms.

Moral:
  1) Know your HW
  2) Label the MAC address on your NICs
  3) Have identical replacement HW in case a non-OpenBSD expert has to
do a swap,
  4) Know how to reconfig your system if you have to change your NICs.
  5) Practice, Practice, Practice
  6) Drop to shell before install, look around.

Nick.


  

I.e. they depend on the PCI slot they inserted, if I get you correct.
Well, thank you for so in-depth explanation, but what I meant really 
was: is it guaranteed that if one take a card from the server and then 
install the other card of the same make to the same slot, it will have 
the same id?

I will do more research about it , however :-)

The best thing however would be to have the ability to set the name of 
an intreface based on it's mac address, perhaps somebody is working on 
it/having it on the todo list?


--
With best regards,
   Gregory Edigarov

Error while trying to build xenocara

2007-09-20 Thread Gregory Edigarov 

Hello Everybody,

While trying to build xenocara's most recent sources:

=== proto/bigreqsproto
cd /usr/xenocara/proto/bigreqsproto  exec make -f Makefile.bsd-wrapper 
cleandir
cd /usr/xenocara/proto/bigreqsproto  exec make -f Makefile.bsd-wrapper 
depend

no dependencies here yet
cd /usr/xenocara/proto/bigreqsproto  exec make -f Makefile.bsd-wrapper all
PKG_CONFIG_LIBDIR=/usr/X11R6/lib/pkgconfig  CFLAGS=-O2 -pipe exec sh 
/usr/xenocara/proto/bigreqsproto/configure --prefix=/usr/X11R6  
--sysconfdir=/etc  --mandir=/usr/X11R6/man  
--cache-file=/usr/xobj/xorg-config.cache.amd64 
configure: creating cache /usr/xobj/xorg-config.cache.amd64
/usr/xenocara/proto/bigreqsproto/configure[1158]: cannot create 
/usr/xobj/xorg-config.cache.amd64: No such file or directory

checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for gawk... no
checking for mawk... no
checking for nawk... nawk
checking whether make sets $(MAKE)... yes
configure: error: source directory already configured; run make 
distclean there first

*** Error code 1

Stop in /usr/xenocara/proto/bigreqsproto (line 97 of 
/usr/X11R6/share/mk/bsd.xorg.mk).

*** Error code 1

Stop in /usr/xenocara/proto/bigreqsproto (line 133 of 
/usr/X11R6/share/mk/bsd.xorg.mk).

*** Error code 1

Stop in /usr/xenocara/proto.
*** Error code 1

Stop in /usr/xenocara.

command used:
cd /usr/xenocara  make bootstrap  make obj  make build


What's up?

--
With best regards,
   Gregory Edigarov

Re: Error while trying to build xenocara

2007-09-20 Thread Gregory Edigarov 

Gregory Edigarov wrote:

Hello Everybody,

While trying to build xenocara's most recent sources:

=== proto/bigreqsproto
cd /usr/xenocara/proto/bigreqsproto  exec make -f 
Makefile.bsd-wrapper cleandir
cd /usr/xenocara/proto/bigreqsproto  exec make -f 
Makefile.bsd-wrapper depend

no dependencies here yet
cd /usr/xenocara/proto/bigreqsproto  exec make -f 
Makefile.bsd-wrapper all
PKG_CONFIG_LIBDIR=/usr/X11R6/lib/pkgconfig  CFLAGS=-O2 -pipe exec 
sh /usr/xenocara/proto/bigreqsproto/configure --prefix=/usr/X11R6  
--sysconfdir=/etc  --mandir=/usr/X11R6/man  
--cache-file=/usr/xobj/xorg-config.cache.amd64 configure: creating 
cache /usr/xobj/xorg-config.cache.amd64
/usr/xenocara/proto/bigreqsproto/configure[1158]: cannot create 
/usr/xobj/xorg-config.cache.amd64: No such file or directory
Just an update: I've made /usr/xobj directory, then run the same 
command  again, with  same result.

checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for gawk... no
checking for mawk... no
checking for nawk... nawk
checking whether make sets $(MAKE)... yes
configure: error: source directory already configured; run make 
distclean there first

*** Error code 1

Stop in /usr/xenocara/proto/bigreqsproto (line 97 of 
/usr/X11R6/share/mk/bsd.xorg.mk).

*** Error code 1

Stop in /usr/xenocara/proto/bigreqsproto (line 133 of 
/usr/X11R6/share/mk/bsd.xorg.mk).

*** Error code 1

Stop in /usr/xenocara/proto.
*** Error code 1

Stop in /usr/xenocara.

command used:
cd /usr/xenocara  make bootstrap  make obj  make build


What's up?



--
With best regards,
   Gregory Edigarov

Re: Error while trying to build xenocara

2007-09-20 Thread Gregory Edigarov 

Marc Balmer wrote:

* Gregory Edigarov wrote:
  

Gregory Edigarov wrote:


Hello Everybody,

While trying to build xenocara's most recent sources:

=== proto/bigreqsproto
cd /usr/xenocara/proto/bigreqsproto  exec make -f 
Makefile.bsd-wrapper cleandir
cd /usr/xenocara/proto/bigreqsproto  exec make -f 
Makefile.bsd-wrapper depend

no dependencies here yet
cd /usr/xenocara/proto/bigreqsproto  exec make -f 
Makefile.bsd-wrapper all
PKG_CONFIG_LIBDIR=/usr/X11R6/lib/pkgconfig  CFLAGS=-O2 -pipe exec 
sh /usr/xenocara/proto/bigreqsproto/configure --prefix=/usr/X11R6  
--sysconfdir=/etc  --mandir=/usr/X11R6/man  
--cache-file=/usr/xobj/xorg-config.cache.amd64 configure: creating 
cache /usr/xobj/xorg-config.cache.amd64
/usr/xenocara/proto/bigreqsproto/configure[1158]: cannot create 
/usr/xobj/xorg-config.cache.amd64: No such file or directory
  
Just an update: I've made /usr/xobj directory, then run the same 
command  again, with  same result.



read the README file, under the hopeless case section...

that helped me (I am a hopeless case, too, but not hopless  ;)
  

Are you kidding?

--
With best regards,
   Gregory Edigarov

bgpd usage

2007-09-17 Thread Gregory Edigarov 

Hi,

Just a pure interest: has somebody bgpd in production for, say, 2 or 3 
fullview routing?  I have 6 routers with bgpd but they are IBGP, and 
therefore does not do fullview routing.


--
With best regards,
   Gregory Edigarov

Re: pppoe problems

2007-08-13 Thread Gregory Edigarov 

I use amd64 too.

Umaxx wrote:

oh this is exactly the same behavior as mine... which architecture did
you use? i use amd64.

On Fre Aug 10 10:40 , Gregory Edigarov sent:

  Hi!

  Umaxx wrote:
  
  
   i hope this stupid webmailer does not send this as html mail
  
   can you please give more details? is your userland ppp connecting?
  did
   you use snapshot or recent current?
  
  Yes, with most recent sources from cvs my userland ppp is
  connecting...
  But hangs shortly.
  First I thought it is the problem in the nfe driver, but after
  switching
  to rl it hangs too. So, it definitely not a problem with underlaying
  device.
  If I ping the other site (no matter which), I could see that it hangs
  after some 25 - 30 (depending on the situation) pings.
  
  
   is your kernel pppoe connecting or what happens exactly?
  
  My kernel mode pppoe even does not connect, though I've tried any
  option
  for many times.

  After looking at sources, it seems like something, in case of
  userland
  ppp, is screwed up with locks, possibly in if_tun.c, but I am not
  sure yet.

  In case of kernelmode pppoe - I can never use it . It never connect
  to
  any of my providers.
  
   maybe as cc to the list.
  
   regards,
  
  
  
   joerg
  
  
   *On Don Aug 9 15:18 , Gregory Edigarov sent:
  
   *
  
   Just want to make a confirmation with two other providers. Also I
   observe this behavior with both pppoe(4) and pppoe(8).
  
   Umaxx wrote:
resend, since stupid webmailer killed linebreaks:
   
   
   
hi,
   
after upgrading my router to -current the dsl pppoe connection
   does not work
anymore.
userland ppp connects fine but freezes after K30 seconds.
   freeze means the
connection is still there no errors shown in logs and ifconfig
   state is normal
but there is no more incoming traffic. the provider and modem
   hardware is ok
since i'm connected now through a netscreen to write this mail.
   i changed
nothing
in ppp configuration since years and disabled pf for testing...
   same problem.
as i can see in source changes: not much has changed in userland
   ppp and nfe
code
since 4.1.
   
i read in some forums that it would be better to user kernel
   pppoe...
so i tried to use kernel pppoe as workaround, but its does not
   connect. i used
following configuration in /etc/hostname.pppoe0:
   
inet 0.0.0.0 255.255.255.255 0.0.0.1 pppoedev nfe1 \
authproto pap authname  authkey  up
!/sbin/route add default 0.0.0.1
   
and of course: up in /etc/hostname.nfe1
   
if i enable debug i see a lot of outgoing packages... and then a
   timeout after
a
while. reconnect and again the same...
it stays in the sppp phase of establish connection using pap
   authname 
   
I'm located in germany using arcor as provider.
anyone else using dsl pppoe (kernel/userland) in current or
   latest snapshots -
maybe in germany with arcor?
   
any hints are really welcome.
dmesg follows
   
regards,
   
joerg
   
OpenBSD 4.2 (GENERIC.MP) #0: Wed Aug 8 17:31:49 CEST 2007
[EMAIL PROTECTED] .local
   [EMAIL PROTECTED] 
.local','','',''):/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 2145972224 (2046MB)
avail mem = 2072682496 (1976MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf (78 entries)
bios0: vendor Phoenix Technologies, LTD version ASUS M2N32-SLI
   DELUXE ACPI
BIOS
Revision 0603 date 06/27/2006
bios0: ASUSTeK Computer INC. M2N32-SLI DELUXE
acpi0 at mainbus0: rev 0
acpi0: tables DSDT FACP SSDT MCFG APIC
acpitimer at acpi0 not configured
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+, 2411.34 MHz
cpu0:
   
  
  FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
   
  H,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache,
   512KB 64b/line
16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully
   associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully
   associative
cpu0: apic clock running at 200MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+, 2410.98 MHz
cpu1:
   
  
  FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
   
  H,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache,
   512KB 64b/line
16-way L2 cache
cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully
   associative
cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully
   associative
ioapic0 at mainbus0 apid 2 pa 0xfec0, version 11, 24 pins
ioapic0

Re: pppoe problems

2007-08-13 Thread Gregory Edigarov 

James Lepthien wrote:

Hi,

Am 10.08.2007 um 19:42 schrieb Umaxx:



hi,


i can show my ppp.conf, because i have the same errors. this config 
was working since years, i tried to comment lqr lines today... but 
changed nothing in behavior.


default:
 set log Phase Chat IPCP CCP tun command
 set redial 15 0
 set reconnect 15 1

pppoe:
 set device !/usr/sbin/pppoe -i nfe1
 set server /var/run/pppoe  0177
 disable acfcomp protocomp
 deny acfcomp
 set mtu max 1454
 set mru max 1454
 set crtscts off
 set speed sync
 enable lqr
 set lqrperiod 5
 set cd 5
 set dial
 set login
 set timeout 0
 set authname **
 set authkey **
 add! default HISADDR
 enable dns
 resolv readonly
 enable mssfixup




Try deleting these two statements:


 enable lqr
 set lqrperiod 5



I don't have lqr enabled in my config. So it doesn't help.

--
With best regards,
   Gregory Edigarov

Re: pppoe problems

2007-08-10 Thread Gregory Edigarov 

Hi!

Umaxx wrote:



i hope this stupid webmailer does not send this as html mail

can you please give more details? is your userland ppp connecting? did 
you use snapshot or recent current?


Yes, with most recent sources from cvs my userland ppp is connecting... 
But hangs shortly.
First I thought it is the problem in the nfe driver, but after switching 
to rl it hangs  too.  So, it definitely not a problem with underlaying 
device. 
If I ping the other site (no matter which), I could see that it hangs 
after  some 25 - 30 (depending on the situation) pings.



is your kernel pppoe connecting or what happens exactly?

My kernel mode pppoe even does not connect, though I've tried any option 
for many times.


After looking at sources, it seems like something, in  case of userland 
ppp, is screwed up with locks, possibly in if_tun.c, but I am not sure yet.


In case of kernelmode pppoe - I can never use it . It never connect to 
any of my providers.


maybe as cc to the list. 


regards,

 


joerg


*On Don Aug 9 15:18 , Gregory Edigarov sent:

*

Just want to make a confirmation with two other providers. Also I
observe this behavior with both pppoe(4) and pppoe(8).

Umaxx wrote:
 resend, since stupid webmailer killed linebreaks:



 hi,

 after upgrading my router to -current the dsl pppoe connection
does not work
 anymore.
 userland ppp connects fine but freezes after K30 seconds.
freeze means the
 connection is still there no errors shown in logs and ifconfig
state is normal
 but there is no more incoming traffic. the provider and modem
hardware is ok
 since i'm connected now through a netscreen to write this mail.
i changed
 nothing
 in ppp configuration since years and disabled pf for testing...
same problem.
 as i can see in source changes: not much has changed in userland
ppp and nfe
 code
 since 4.1.

 i read in some forums that it would be better to user kernel
pppoe...
 so i tried to use kernel pppoe as workaround, but its does not
connect. i used
 following configuration in /etc/hostname.pppoe0:

 inet 0.0.0.0 255.255.255.255 0.0.0.1 pppoedev nfe1 \
 authproto pap authname  authkey  up
 !/sbin/route add default 0.0.0.1

 and of course: up in /etc/hostname.nfe1

 if i enable debug i see a lot of outgoing packages... and then a
timeout after
 a
 while. reconnect and again the same...
 it stays in the sppp phase of establish connection using pap
authname 

 I'm located in germany using arcor as provider.
 anyone else using dsl pppoe (kernel/userland) in current or
latest snapshots -
 maybe in germany with arcor?

 any hints are really welcome.
 dmesg follows

 regards,

 joerg

 OpenBSD 4.2 (GENERIC.MP) #0: Wed Aug 8 17:31:49 CEST 2007
 [EMAIL PROTECTED]
javascript:top.opencompose('[EMAIL 
PROTECTED]','','',''):/usr/src/sys/arch/amd64/compile/GENERIC.MP
 real mem = 2145972224 (2046MB)
 avail mem = 2072682496 (1976MB)
 mainbus0 at root
 bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf (78 entries)
 bios0: vendor Phoenix Technologies, LTD version ASUS M2N32-SLI
DELUXE ACPI
 BIOS
 Revision 0603 date 06/27/2006
 bios0: ASUSTeK Computer INC. M2N32-SLI DELUXE
 acpi0 at mainbus0: rev 0
 acpi0: tables DSDT FACP SSDT MCFG APIC
 acpitimer at acpi0 not configured
 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
 cpu0 at mainbus0: apid 0 (boot processor)
 cpu0: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+, 2411.34 MHz
 cpu0:


FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
 H,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
 cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache,
512KB 64b/line
 16-way L2 cache
 cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully
associative
 cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully
associative
 cpu0: apic clock running at 200MHz
 cpu1 at mainbus0: apid 1 (application processor)
 cpu1: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+, 2410.98 MHz
 cpu1:


FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
 H,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
 cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache,
512KB 64b/line
 16-way L2 cache
 cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully
associative
 cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully
associative
 ioapic0 at mainbus0 apid 2 pa 0xfec0, version 11, 24 pins
 ioapic0: misconfigured as apic 0, remapped to apid 2
 acpiprt0 at acpi0: bus 0 (PCI0)
 acpiprt1 at acpi0: bus 5 (HUB0)
 acpicpu at acpi0

Re: pppoe problems

2007-08-10 Thread Gregory Edigarov 
Oops, I am sorry, I cannot show you my ppp.conf. It's at home, and the 
pc is now turned  off.


James Lepthien wrote:

Hi,

Am 10.08.2007 um 09:40 schrieb Gregory Edigarov:
Yes, with most recent sources from cvs my userland ppp is 
connecting... But hangs shortly.
First I thought it is the problem in the nfe driver, but after 
switching to rl it hangs  too.  So, it definitely not a problem with 
underlaying device. If I ping the other site (no matter which), I 
could see that it hangs after  some 25 - 30 (depending on the 
situation) pings.


I did not see your ppp.conf but I had a similar problem and my 
connection dropped every now and then. I had to disable the lqr 
setting in my ppp.conf. Since then I never had any problems with my 
connection.


Cheers,
James




--
With best regards,
   Gregory Edigarov

Re: pppoe problems

2007-08-09 Thread Gregory Edigarov 
 addr 0x2e: adt7475 rev 0x69
iic1 at nviic0
iic1: addr 0x18 00=f0 01=00 02=00 03=f0 04=00 05=00 06=00 07=00 08=00 09=10
10=08
11=00 12=00 13=0a 14=00 15=00 16=00 17=34 20=95 21=92 22=00 32=00
NVIDIA MCP55 Memory rev 0xa2 at pci0 dev 9 function 2 not configured
ohci0 at pci0 dev 10 function 0 NVIDIA MCP55 USB rev 0xa1: apic 2 int 7 (irq
7), version 1.0, legacy support
ehci0 at pci0 dev 10 function 1 NVIDIA MCP55 USB rev 0xa2: apic 2 int 10
(irq 10)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0: NVIDIA EHCI root hub, rev 2.00/1.00, addr 1
pciide0 at pci0 dev 12 function 0 NVIDIA MCP55 IDE rev 0xa1: DMA, channel 0
configured to compatibility, channel 1 configured to compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0: HL-DT-ST, DVDRAM GSA-H12N, UL01 SCSI0 5/cdrom
removable
cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4
pciide0: channel 1 ignored (disabled)
pciide1 at pci0 dev 13 function 0 NVIDIA MCP55 SATA rev 0xa2: DMA
pciide1: using apic 2 int 5 (irq 5) for native-PCI interrupt
pciide2 at pci0 dev 13 function 1 NVIDIA MCP55 SATA rev 0xa2: DMA
pciide2: using apic 2 int 5 (irq 5) for native-PCI interrupt
pciide3 at pci0 dev 13 function 2 NVIDIA MCP55 SATA rev 0xa2: DMA
pciide3: using apic 2 int 5 (irq 5) for native-PCI interrupt
ppb4 at pci0 dev 14 function 0 NVIDIA MCP55 PCI-PCI rev 0xa2
pci5 at ppb4 bus 5
wi0 at pci5 dev 7 function 0 Intersil PRISM2.5 rev 0x01: apic 2 int 10 (irq
10)
wi0: PRISM2.5 ISL3874A(Mini-PCI) (0x8013), Firmware 1.0.7 (primary), 1.3.6
(station), address 00:09:5b:2f:6b:8d
TI TSB43AB22 FireWire rev 0x00 at pci5 dev 11 function 0 not configured
azalia0 at pci0 dev 14 function 1 NVIDIA MCP55 HD Audio rev 0xa2: apic 2 int
11
(irq 11)
azalia0: host: High Definition Audio rev. 1.0
azalia0: codec: Analog Devices/0x198b (rev. 2.0), HDA version 1.0
audio0 at azalia0
nfe0 at pci0 dev 16 function 0 NVIDIA MCP55 LAN rev 0xa2: apic 2 int 5 (irq
5),
address 00:18:f3:49:aa:86
eephy0 at nfe0 phy 1: Marvell 88E1116 Gigabit PHY, rev. 1
nfe1 at pci0 dev 17 function 0 NVIDIA MCP55 LAN rev 0xa2: apic 2 int 10 (irq
10), address 00:18:f3:49:ad:96
eephy1 at nfe1 phy 1: Marvell 88E1116 Gigabit PHY, rev. 1
ppb5 at pci0 dev 18 function 0 NVIDIA MCP55 PCIE rev 0xa2
pci6 at ppb5 bus 6
ppb6 at pci0 dev 20 function 0 NVIDIA MCP55 PCIE rev 0xa2
pci7 at ppb6 bus 7
ppb7 at pci0 dev 22 function 0 NVIDIA MCP55 PCIE rev 0xa2
pci8 at ppb7 bus 8
sili0 at pci8 dev 0 function 0 CMD Technology SiI3132 SATA rev 0x01: apic 2
int
11 (irq 11)
scsibus2 at sili0: 2 targets
ppb8 at pci0 dev 23 function 0 NVIDIA MCP55 PCIE rev 0xa2
pci9 at ppb8 bus 9
vga1 at pci9 dev 0 function 0 NVIDIA GeForce 7600 GT rev 0xa1
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
pchb0 at pci0 dev 24 function 0 AMD AMD64 HyperTransport rev 0x00
pchb1 at pci0 dev 24 function 1 AMD AMD64 Address Map rev 0x00
pchb2 at pci0 dev 24 function 2 AMD AMD64 DRAM Cfg rev 0x00
pchb3 at pci0 dev 24 function 3 AMD AMD64 Misc Cfg rev 0x00
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: PC speaker
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
intr_establish: pic ioapic0 pin 7: can't share type 3 with 2
it0 at isa0 port 0x290/8: IT87
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
usb1 at ohci0: USB revision 1.0
uhub1 at usb1: NVIDIA OHCI root hub, rev 1.00/1.00, addr 1
ugen0 at uhub0 port 9
ugen0: Realtek RTL8187, rev 2.00/1.00, addr 2
uts0 at uhub1 port 7 configuration 1 interface 0
uts0: eGalax Touch Panel, rev 1.10/1.00, addr 2
wsmouse0 at uts0 mux 0
ugen1 at uhub1 port 8
ugen1: MConsult IRTrans USB, rev 1.10/4.00, addr 3
dkcsum: sd0 matches BIOS drive 0x80
root on sd0a swap on sd0b dump on sd0b






_
versendet mit www.Oleco.de Mail - Anmeldung und Nutzung kostenlos!
Oleco www.netlcr.de jetzt auch mit SPAMSCHUTZ.


  


--
With best regards,
   Gregory Edigarov

Re: Announcing: The OpenBSD Foundation

2007-07-26 Thread Gregory Edigarov 

BEST OF THE LUCK, GUYS!!!

DON'T LET THE MONEY TO SPOIL EVERYTHING!!!

HOPE ON YOU!

Bob Beck wrote:

The OpenBSD Foundation is pleased to announce today it has completed
its organization as a Canadian federal non-profit corporation and is
ready for public interaction.

The OpenBSD Foundation has been formed for the purpose of supporting

the OpenBSD project, and related projects such as OpenSSH, OpenBGPD,
OpenNTPD, and OpenCVS.

In particular it will act as a single point of contact for persons and
organizations requiring a legal entity to deal with when they wish to
support OpenBSD in any way.
  
The OpenBSD Foundation will initially concentrate on facilitating

larger donations of equipment, funds, documentation and
resources. Small scale donations should continue to be submitted
through the existing mechanisms.
  
The OpenBSD Foundation corporate charter, bylaws, and goals can be found at

http://www.openbsdfoundation.org. The foundation directors may be contacted
via email at [EMAIL PROTECTED]


  


--
With best regards,
   Gregory Edigarov

ICQ client for X?

2007-07-19 Thread Gregory Edigarov 

Everybody,

Tried licq, have been using it happily with FreeBSD,  but failed to 
compile it on OpenBSD.

Can someone recommend me a graphical ICQ client for use with OpenBSD?

Thank you.

--
With best regards,
   Gregory Edigarov

looking for a good guide on driver writing

2007-06-27 Thread Gregory Edigarov 

Hello,

I am looking for a guide about driver writing for OpenBSD. I've found 
some info on NetBSD, so the question is: is the driver structure in 
NetBSD any different compared to OpenBSD?


--
With best regards,
   Gregory Edigarov

l2tp solution wanted

2007-03-24 Thread Gregory Edigarov 

Hello list,

I am trying to build a drop-in  replacement for  one of my linux  vpn  
servers(it is dying). I've decided now it will be OpenBSD. Having found  
nearly all the  necessary components  compilable under openbsd, the only 
stop is the lack of L2TP support, which I have to use, as I have many 
customers here and cannot afford making them to change.


Please advise, thanks a lot in advance.   


--
With best regards,
   Gregory Edigarov

Re: l2tp solution wanted

2007-03-24 Thread Gregory Edigarov 

Jeroen Massar wrote:

Gregory Edigarov wrote:
  

Hello list,

I am trying to build a drop-in  replacement for  one of my linux  vpn
servers(it is dying). I've decided now it will be OpenBSD. Having found
nearly all the  necessary components  compilable under openbsd, the only
stop is the lack of L2TP support, which I have to use, as I have many
customers here and cannot afford making them to change.



Google(lt2p openbsd):

Points to the archives:
http://archives.neohapsis.com/archives/openbsd/2007-01/1483.html

Which in turn learns you:
http://sourceforge.net/projects/l2tpd
http://sourceforge.net/projects/rp-l2tp
which are also in the google results...

Google is your boyfriend ;)
 
  
yes, I know about these projects, they are used with Linux, in fact  
(l2tpd). and I've got l2tpd to compile on openbsd. The  problem is,  I 
need  a  confirmation  they will work  correctly, because I will have 
only one try.


--
With best regards,
Gregory Edigarov

Re: DNS, bind9, and other

2007-03-19 Thread Gregory Edigarov 

JOHN LUCKEY wrote:

Anyone have or know of a good beginner's tutorial on how to
setup/configure a openBSD box to do DNS on a local network?
The more concrete/cookbook the examples, the better.

  
It isn't different from any UNIX system with BIND. So just google for 
the words dns howto, links to tldp.org site should satisfy you.


--
With best regards,
   Gregory Edigarov

in-kernel pppoe troubles

2007-02-05 Thread Gregory Edigarov 

Hello,

Using 4.0-RELEASE GENERIC kernel, and nve0 as my NIC just tried to 
configure kernel level pppoe  to connect to my ISP and got troubled
because it doesn't work completely. My ifconfig line mostly follows what 
I found in ifconfig(8) and pppoe(4) manual pages, except for I use chap 
authorization.
Userlevel  ppp(8)  works just perfectly... But for some reason I don't 
want to use it. What could be wrong with in-kernel implementation?
Any clarifying questions  (and answers, of course :-) from developers 
are welcome.

--
With best regards,
   Gregory Edigarov

Re: in-kernel pppoe troubles

2007-02-05 Thread Gregory Edigarov 

Andrey Shuvikov wrote:

On 2/5/07, Gregory Edigarov [EMAIL PROTECTED] wrote:


because it doesn't work completely.


What does it mean? Any error messages? Also the content of
hostname.pppoe0 and hostname.nve0 could be useful. Bu the way, does
GENERIC have nve0 device?


nve0 == nfe0. sorry about this discrepancy... but after all, it still 
doesn't work...


ok, so here we are:

hostname.nfe0  :
up

there is no hostname.pppoe0 yet, I made ifconfig by hand:

ifconfig pppoe0 inet 0.0.0.0 255.255.255.255 0.0.0.1 pppoedev nfe0 
authproto chap authname MYNAME authkey MYPASSWORD up



after this - i have an interface pppoe0 but no connection, address on 
this interface stays 0.0.0.0 - 0.0.0.1. 

Sorry, I do not have an access to this pc now, so I cannot show you the 
exact output.


--
With best regards,
   Gregory Edigarov

Re: spamd - SPEWS status

2007-02-02 Thread Gregory Edigarov 

Jacob Yocom-Piatt wrote:


the only blacklist i use is one i generate for a chunk of the 
OptInBig.com TLDs. besides that, greylisting does a great job.


Yeah, greylisting is good, but this is for only short while, I am 
afraid. My measurements telling me that spamers  are adapting quicker 
then somebody expected.


It seems like their soft started analyzing  the return codes, and so 
they are resending their mail after a short while. So I think 
blacklisting is still in rule.

--
With best regards,
   Gregory Edigarov

Re: http load balancing with pf (apache access log)

2007-01-29 Thread Gregory Edigarov 

Marian Hettwer wrote:

Hi OpenBSD'lers,

I'm about to use OpenBSD's pf(4) for load balancing some webservers. 
So far, everything is looking just perfect.
Compared to pound, pf(4) is incredibly fast with few CPU and memory 
usage.

So I'd say: Thats great :)

However, one thing is bothering me.
Obviously, my apache access logs on those load balanced machines can 
only show the IP address of my load balancer, not the real remote ip 
of the request.
This is, to my knowledge, due to the fact that pf(4) is working on the 
TCP layer and is doing NAT.
Is there any possible way to get the real ip addresses in my apache 
access log?


I do need them for several reasons.
- I'd like to see who's actually accessing the website
- If there's some botnet attack, usually I'm using pf(4) to block the 
offending IP's for a specific time period. This can't be done if all I 
can see is the load balancers IP address.
That's by any means not good and I'm thinking wether this could be a 
no-go for using pf as a load balancer :-(


- web statistics: do look pretty bad too... Uh, see, there's only one 
user on our website *argh*


Okay... anybody with any usable suggestions?
There's the X-Forwarded-to Information in a http header, which can be 
set via some software load balancers. However, those are operating on 
the application layer, which pf isn't... too bad.



Uhmm... Why don't use carp(4). I think it will suit you well.

--
With best regards,
   Gregory Edigarov

Re: A PHP management interface for OpenBSD ?

2007-01-25 Thread Gregory Edigarov 

chefren wrote:

On 1/25/07 1:34 AM, Passeur wrote:
We are in the process of developing a PHP framework with a web 
frontend to

manage the OpenBSD settings through a web browser.


It should be handy, I presume =all= configs, logins, groups, passwords 
and for example the settings for Apache and PHP itself included?
Well, as a matter of fact, create a system that could be used by any 
fool and it will be used by fools  only :-)

I don't want OpenBSD such a future ..

--
With best regards,
   Gregory Edigarov

MD5 sum of /bsd on freshly installed system/?

2007-01-15 Thread Gregory Edigarov 

Hello,

It would be greatly appreciated if somebody can make an md5 checksum of 
the generic kernel.
Need to check that  as my OpenBSD 4.0 install hangs while booting at the 
very early stage.


I was trying to install my openbsd on a reletively old pc, all went just 
fine. I.e. I've boot from cd, made partitions, etc...
Then on the first boot from HDD it hanged after it recognized  the 
second  USB  controller.
I suspect something is wrong with memory/HDD but I can't investigate it 
right now. Could it be a kernel bug also?

--
With best regards,
   Gregory Edigarov

Need: dmesg from Intel D850GB Motherboard

2007-01-15 Thread Gregory Edigarov 

Hi List,

I know it is very old motherboard, but... May be somebody has it under 
OpenBSD. dmesg from 4.0 GENERIC /bsd would be highly appreciated.


Thanks a lot.

--
With best regards,
   Gregory Edigarov

route

2007-01-10 Thread Gregory Edigarov 

Hello,

Just wondering, if there is a way to set a route priority manually? Is 
there plans to implement it? It would be a great feature, after all.


Thank you.
--
With best regards,
  Gregory Edigarov

Re: difference between macros and tables in pf

2007-01-09 Thread Gregory Edigarov 

Artyom Goryainov wrote:

And when I write for example local_net=192.168.0.0/16 will it be expanded in
rules to individual addresses, or it will be processed another way?


  
well, if you ask such questions then i would seriously recommend to read 
something about how the  tcp/ip  stack works.

Re: Why Sendmail?

2006-11-23 Thread Gregory Edigarov 

I think it is because of cron jobs, that use to send mails to root .

Conrad Winchester wrote:

I do have one question though and I apologize if people always ask this: At
the end of the install I asked whether I want to run sshd and ntpd by
default - very nice BUT why am I not given the option to turn off Sendmail
at this point? I NEVER use sendmail and for an OS that prides itself on
being as minimal as possible I would have thought giving you the option to
not run sendmail would also be there right from the start.

<    1   2   3   4