Re: libiberty
On Mon, 7 Jun 2010 12:57:06 +0300 Gregory Edigarov g...@bestnet.kharkov.ua wrote: On Sun, 06 Jun 2010 12:33:24 +0200 Gabriel Kihlman g...@abc.se wrote: Gabriel Kihlman g...@stacken.kth.se writes: Gregory Edigarov g...@bestnet.kharkov.ua writes: Gabriel, The gcc is already the necessary version: But you missed this part from the faq: [ ... ] rm -rf /usr/include/g++/* cd /usr/src/gnu/lib/libstdc++-v3 make obj make includes make depend make make install [ ... ] You see? Remove old headers.. Oh and it even says: [ ... ] For people updating using snapshots, don't forget to: rm -rf /usr/include/g++/* before installing newer snapshot. [ ... ] So you have no excuse... /gabriel no excuse, you say well... # cat /root/build.sh rm -rf /usr/obj/* rm -rf /usr/include/g++/* cd /usr/src make obj cd /usr/src/etc env DESTDIR=/ make distrib-dirs cd /usr/src make build # sh build this is # sh build.sh of course... but the rest of the question stays :-( [skip many strings] cc -O2 -pipe -g -DHAVE_CONFIG_H -I/usr/src/gnu/lib/libiberty/src -I/usr/src/gnu/lib/libiberty/include -I/usr/src/gnu/lib/libiberty/obj -c /usr/src/gnu/lib/libiberty/src/hex.c -o hex.o /usr/src/gnu/lib/libiberty/src/hex.c:22: error: conflicting types for '_hex_value' /usr/src/gnu/lib/libiberty/include/libiberty.h:338: error: previous declaration of '_hex_value' was here *** Error code 1 Stop in /usr/src/gnu/lib/libiberty (line 92 of /usr/share/mk/sys.mk). *** Error code 1 Stop in /usr/src/gnu/lib (line 48 of /usr/share/mk/bsd.subdir.mk). *** Error code 1 Stop in /usr/src (line 74 of Makefile). Now, where am I wrong? -- With best regards, Gregory Edigarov
libiberty
Hello, I know this is a FAQ, and perhaps I'll be blamed for asking it again... cc -O2 -pipe -g -DHAVE_CONFIG_H -I/usr/src/gnu/lib/libiberty/src -I/usr/src/gnu/lib/libiberty/include -I/usr/src/gnu/lib/libiberty/obj -c /usr/src/gnu/lib/libiberty/src/hex.c -o hex.o /usr/src/gnu/lib/libiberty/src/hex.c:22: error: conflicting types for '_hex_value' /usr/src/gnu/lib/libiberty/include/libiberty.h:338: error: previous declaration of '_hex_value' was here *** Error code 1 Stop in /usr/src/gnu/lib/libiberty (line 92 of /usr/share/mk/sys.mk). # uname -a OpenBSD edigarov.sa.net.ua 4.7 GENERIC#16 amd64 This happen while i am trying to build from sources. The system is the latest binary snapshot as found on ftp.openbsd.org. Upgraded from snapshot, done cvs up -Pd in /usr/src; rm -rf /usr/obj/*; make obj; make build build process stops with above error. Just want to learn how to struggle this. Here's what i tryed: cd /usr/src/gnu/lib/libiberty make -f Makefile.bsd-wrapper cleandir make -f Makefile.bsd-wrapper depend make -f Makefile.bsd-wrapper no success... -- With best regards, Gregory Edigarov
Re: traffic management
On Wed, 2 Jun 2010 03:37:35 +0300 irix i...@ukr.net wrote: Hello Misc, But at least you can say why? Obvious: don't fix what's not broken. no kidding. As we've told irix before, it will not happen. -- With best regards, Gregory Edigarov
what's wrong with ipsec ?
Hello everybody, Since 4.7 has been released, are there any changes in -current that could affect ipsec? here is my 1.2.3.4's ipsec.conf ike esp from 192.168.10.0/24 to 192.168.3.4/30 peer 5.6.7.8 ike esp from 1.2.3.4 to 5.6.7.8 on 5.6.7.8: ike passive esp from 192.168.3.4/30 to 192.168.10.0/24 peer 1.2.3.4 ike passive esp from 5.6.7.8 to 1.2.3.4 on 1.2.3.4 the system is 4.6-rel on 5.6.7.8 the system is 4.7-current somewhere 1 week old pf is disabled on both systems on the moment of test, so it doesn't interfere. isakmpd -DA=9 -K -p 3000 is running on both systems. in tcpdump i am able to see traffic between the two isakmpd's. ipsecctl -sa shows that no sa's got established... -- With best regards, Gregory Edigarov
Re: what's wrong with ipsec ?
On Tue, 1 Jun 2010 15:14:58 +0100 Sevan / Venture37 ventur...@gmail.com wrote: from 47.html Two bugs in IPsec/HMAC-SHA2 were fixed, resulting in an incompatibility with the HMAC-SHA-256/384/512 hash algorithms with previous versions of OpenBSD and other IPsec implementations sharing the bugs. :-) ok, i see. now, what are we expected to do? it could be difficult to change systems on remote end... -- With best regards, Gregory Edigarov
Re: power went off during pk_add and now pkg_tools are useless printing out garbage on screen on 4.7/amd64 SMP
On Thu, 27 May 2010 14:19:20 +0530 Siju George sgeorge...@gmail.com wrote: $ rm -rf * $sudo pkg_delete cairo gettext glib2 glitz jpeg libconfuse libgamin libiconv libungif partial-bzip2 pcre png Unknown element: @A oFG }j6ZWKFD)B7 Ge_F1Qq.Hq4gZ4,VlX2s,.? mWST/[@QQ-Sit{H/!_qW2tl B1a3[?SK 1P What to do now? :-( thanks :-) --Siju I would rm -rf /usr/local/* /var/db/pkg/* /var/db/pkg/.* then install packages of your choice again. -- With best regards, Gregory Edigarov
thinkpad sl500: iwn0: radio is disabled by hardware switch
Hi, Where is that 'hardware switch'? -- With best regards, Gregory Edigarov
Re: thinkpad sl500: iwn0: radio is disabled by hardware switch
Found it thanks everybody On Fri, 21 May 2010 16:29:11 +0400 Sergey Bronnikov este...@gmail.com wrote: hardware switch is switch on front of notebook. For example, when I disable WiFI on my W500 following lines appears in dmesg: iwn0: RF switch: radio disabled iwn0: Radio transmitter is off iwn0: RF switch: radio disabled iwn0: RF switch: radio enabled see on image - http://www.notebookcheck.net/typo3temp/pics/43d96a4ddc.jpg WiFi swith is between FireWire outlet and sound holes. On 14:53 Fri 21 May , Gregory Edigarov wrote: Hi, Where is that 'hardware switch'? -- With best regards, Gregory Edigarov -- With best regards, Gregory Edigarov
Re: Questions about tables on pf
On Thu, 29 Apr 2010 10:15:08 -0300 Leonardo Carneiro - Veltrac lscarne...@veltrac.com.br wrote: Hello everyone. I have a table in my pf.conf: table ips_allowed persist const file /etc/pf.conf.d/ips_allowed If I add or remove IPs from this file mannualy, will the firewall be aware of such changes or do i need to reload pf? Also, pf do map this file in memory or does it read from the disk for every packet? Tks in advance and sorry for my poor english Please read the manual page. you will need to do something like: pfctl -Treplace -tips_allowed in order to reload your table -- With best regards, Gregory Edigarov
Plans about nsd?
Hello, I cannot be the only one noticed nsd import in tree. Therefore the questions arrise about future plans as nsd is an authoritative only name service daemon, so it should be accompanied with unbound to gain the full functionality of named. Is there any work ongoing to eliminate the need in unbound? Or unbound is on the queue to be merged in tree too? Beacuse caching-only name server is much more frequent configuration than an authoritative only and even authoritative nameservers alomost always serve as resolvers for their lans. -- With best regards, Gregory Edigarov
Re: OpenBGPD rtableid option
On Fri, 26 Mar 2010 10:34:48 +0100 Claudio Jeker cje...@diehard.n-r-g.com wrote: Hi, I'm wondering if anyone is using the rtable number config option in OpenBGPD. Upcomming changes are currently conflicting with this feature and I wonder if we should remove it or fix it. I use this feature to provide fine-grained routing in some cases. and I really looking for the same feature in ospfd. so my opinion is to fix it -- With best regards, Gregory Edigarov
Re: OpenBGPD rtableid option
On Fri, 26 Mar 2010 11:49:17 +0100 Claudio Jeker cje...@diehard.n-r-g.com wrote: On Fri, Mar 26, 2010 at 12:13:20PM +0200, Gregory Edigarov wrote: On Fri, 26 Mar 2010 10:34:48 +0100 Claudio Jeker cje...@diehard.n-r-g.com wrote: Hi, I'm wondering if anyone is using the rtable number config option in OpenBGPD. Upcomming changes are currently conflicting with this feature and I wonder if we should remove it or fix it. I use this feature to provide fine-grained routing in some cases. and I really looking for the same feature in ospfd. so my opinion is to fix it So you run multiple bgpd on the same box? No, in the setup I need a default table to be populated by manually added routes, and a second table, which is populated via bgp. Though, on second thought I could use route -T 1 bgpd construct... For ospfd there is something similar. It is possible to run multiple ospfd in different rdomains but that is not the same as the rtableid of bgpd. I can not see how you want to run multiple ospfd instances over the same interface (the protocol does not allow that). -- With best regards, Gregory Edigarov
Re: Abnormally slow and unstable cvs process
On Fri, 26 Mar 2010 16:48:10 +0200 (EET) CzgCr KazanC'C'D1 ozgur.kazan...@info.uvt.ro wrote: Hello. I have a new computer that i'll control remotely, (a Dell PowerEdge 860) it has a newly installed OpenBSD 4.6. When i try to get the src source via cvs, the progress goes extremely slow, it always stops for ~30 seconds, sometimes even few minutes pass almost at every file during the fetching. The same slowness happened also when i pkg_add'ed a package. (I use the nearest cvs mirror - i tried different mirrors as well) for example, U src/gnu/usr.bin/binutils/ld/NEWS (waiting too long, then) U src/gnu/usr.bin/binutils/ld/README (again wait few minutes) U src/gnu/usr.bin/binutils/ld/TODO again.. The current cvs process is running since ~12 hours. I guess it's not because of my computer's internet speed, at least it's not that slow, of course. Not a DNS problem. I suspect the NIC. Broadcom BCM5721. Its driver maybe? Here is the dmesg output: http://openbsd.pastebin.ca/CDtZiOel Would gratefully appreciate any suggestions. Many thanks in advance for your time! try disabling ACPI in the first place. if that helps - welcome to the club :-) -- With best regards, Gregory Edigarov
gnu grep -o flag
Hello Everybody, Just wonder how could one implement what gnu grep -o flag does using our toolchain? from ggrep(1): -o, --only-matching Show only the part of a matching line that matches PATTERN. -- With best regards, Gregory Edigarov
Re: Change root password from shell-script
On Wed, 27 Jan 2010 17:05:17 +0100 Jordi Espasa Clofent jordi.esp...@opengea.org wrote: HI all, ?Is there any way t change the root password using a shell-script (aka non-interactive mod as passwd uses)? I've used pw in FreeBSD and chpasswd in Debian GNU/Linux to do it, bit I've not found a way/command to do it with my OpenBSD boxes. At present my approach will be install except from ports and use it to get my goal. Have you looked at man usermod? -p flag in particular. -- With best regards, Gregory Edigarov
self educating q
Hello Everybody, I noticed it very every time that when question about security of OpenBSD risen, at least one message states: i386 architecture is hardware insecure, and I really agree with it. Then my question is: in your opinion, what is the most secure modern architecture that is supported by the manufacturer(let it be not so mass, but resonable priced), to run OpenBSD on? Thank you. -- With best regards, Gregory Edigarov
Re: OpenSMTPd actual development and integration
On Fri, 15 Jan 2010 09:41:46 +0100 Gilles Chehade gil...@openbsd.org wrote: On Thu, Jan 14, 2010 at 06:50:14PM +0100, Jean-Francois wrote: Hi All, Could you please inform about the actual state of OpenSMTPd and when it shall be fully integrated into OpenBSD ? Thanks. actual state ? work in progress, do not use in production, you will lose your job. actually, I already use it on a couple of my low volume servers. Both as a receiving and as a sending mta. Works just great. -- With best regards, Gregory Edigarov
Re: smtpd + dovecot: virtual map trouble
On Mon, 04 Jan 2010 14:21:58 -0600 Jacob Yocom-Piatt j...@fixedpointgroup.com wrote: i am working on a new production mailserver using smtpd for an mta and dovecot for serving mail. i have run into a problem where i would like to use the same authentication mechanism for smtpd and dovecot so there is only one password database to maintain. as best i can tell i need to use system accounts and virtual user maps to get mail to dump into separate directories. the caveat is getting either dovecot to understand the virtual user mapping to system accounts or smtpd to do smtp authentication through dovecot. i would rather use bsdauth than have dovecot handle authentication. i currently have smtpd setup and delivering mail fine with the following config ext_if = re0 listen on lo0 listen on $ext_if tls enable auth map aliases { source db /etc/mail/aliases.db } map virtual { source db /etc/mail/virtual.db } accept for local alias aliases deliver to mbox accept from all for virtual virtual deliver to maildir /var/vmail/%d/%a accept for all relay with the virtual map specified like so us...@domain1.com: user1_dom1 ... us...@domain1.com: userN_dom1 where i have added users user1_dom1 through userN_dom1 with the false shell to the system. all works fine with the mail delivery and relay. any insight into how i can get dovecot or smtpd to do what i want would be appreciated. I've written a bsdauth module for to authenticate over pop3. since smtpd using bsdauth - you can use it. later today I'll put it on the web to share. -- With best regards, Gregory Edigarov
Re: vi in /bin
On Fri, 18 Dec 2009 10:28:25 +0100 Igor Sobrado igor.sobr...@gmail.com wrote: On Fri, Dec 18, 2009 at 6:07 AM, David Gwynne l...@animata.net wrote: On 18/12/2009, at 1:26 PM, Raymond Lillard wrote: Real men use cat. :-) real men use COPY CON PROGRAM.EXE real men use EDIT/TECO. real men use XEDIT. -- With best regards, Gregory Edigarov
Re: smtpd(8) local delivery failure - help needed with diagnosis
On Thu, 17 Dec 2009 02:45:25 -0600 Adam Thompson athom...@athompso.net wrote: First, some baseline data: skipped So. WTF am I doing wrong? Help! You should add the following line to your smtpd.conf accept for local deliver to mbox or accept from local for local deliver to mbox -Adam Thompson athom...@athompso.net -- With best regards, Gregory Edigarov
ospfd does not follow interface address changes?
hi everybody. if you run ospfd in your setup can you test to confirm the behavior: setup an interface in ospfdfor example - ifconfig vlan3 vlandev rl0 192.168.3.0/30 up add this interface to any known area of ospfd. reload, wait for the route to propagate. then change ip on vlan3. ifconfig vlan3 vlandev rl0 192.168.4.0/30 on some other router do ospfctl sh rib you will see 192.168.3.0/30 again and again and again the only way to change the routes is to fully kill ospfd and then start it again. -- With best regards, Gregory Edigarov
imsg framework
Hello, just wonder is there any information about it available? I mean the source is good to look for details but I would like to have a big picture first. -- With best regards, Gregory Edigarov
Re: Header re-writing and smtpd(8)
On Thu, 29 Oct 2009 10:55:58 -0700 Chris Jones cjo...@gdisoftware.com wrote: Good morning, I'm curious if anyone knows if it's possible to do header re-writing with smtpd(8). I have a project I would love to use smtpd(8) for but I'll need to figure a way to be able to re-write message headers as they relay through this server. The gist of it is, I would like to setup a mailbox server (zimbra) which routes mail to specific relay servers based on email domain. These relay servers would then re-write the Received: fields in the header of a message so that it looks like it's originating from the relay server. I've done this with Postfix before but I would much rather use smtpd(8) for it's security and simplicity. Thanks in advance for any advice or information you have. Cheers, -Chris Hi, Chris. The header rewriting isn't there yet. -- With best regards, Gregory Edigarov
Re: openbsd ca tutorial
On Thu, 29 Oct 2009 16:42:06 -0500 Marco Peereboom sl...@peereboom.us wrote: anything openssl is insufficient. When possible avoid OpenSSL. Sorry, what's your arguments and propositions? On Thu, Oct 29, 2009 at 10:14:05PM +0100, Joachim Schipper wrote: On Thu, Oct 29, 2009 at 09:23:09PM +0100, Abdullah Sendul wrote: I am trying to create my own CA on openbsd. but unfortunately couldnt find any tutorial on this, there are some on freebsd, linux, but they are giving some errors. If I am understanding you correctly, you might want to look here: http://www.openbsd.org/faq/faq10.html#HTTPS sorry not a self signed cert. a certificate authority *Read* the FAQ. It tells you about openssl ca. Is that insufficient? Joachim -- With best regards, Gregory Edigarov
Re: 4.6 hang
wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec mtrr: Pentium Pro MTRR support softraid0 at root root on wd0a swap on wd0b dump on wd0b WARNING: / was not properly unmounted -- With best regards, Gregory Edigarov
Re: smtpd support DIGEST MD5 AUTH ?
On Mon, 26 Oct 2009 02:01:01 -0500 Fernando Quintero fernando.a.quint...@gmail.com wrote: Hi all, first, thx to gilles for this great software, I'm testing smtpd with TLS and SSL an it works ok, I noticed that the AUTH command uses PLAIN LOGIN. The question is: smtpd supports another thing different to PLAIN LOGIN for AUTH?, is possible integrate it to SASL ? short answer: you do not want to I see SASL as a very complex piece of bloatware. a bit longer answer: smtpd is interfaced to bsdauth (see authenticate(3)). so if you want you can implement authentication method, just like I did to authenticate smtpd client to pop3 server. -- With best regards, Gregory Edigarov
Re: mailq: unsupported mode with smtpd
On Mon, 26 Oct 2009 15:19:49 +0100 Bret Lambert bret.lamb...@gmail.com wrote: and by maulq i mean mailq ;-) but maulq is much more full of awesome and win Maul? did you mean Darth Maul? ;-) -- With best regards, Gregory Edigarov
Re: [pf question] Positive condition for adding in the table?
On Thu, 17 Sep 2009 10:20:37 +0200 Ivan Radovanovic riv...@gmail.com wrote: Iqigo Ortiz de Urbina napisa: You could also take a look at the match, tag and tagged keywords in pf.conf. Additionally, you may require parsing your custom logs (pflogN interfaces or binary logs in /var/log/) in order to populate your tables for use in the main ruleset or anchors. Have a nice day, Iqigo I finished simple program that parses pflogN interface and executes actions embedded in labels in pf rules. However I don't have OpenBSD installed so I can't test if it works/compiles on OpenBSD (it works fine on FreeBSD), so it would be nice if someone is interested to try it on OpenBSD before I put it for everyone to download :-) Perhaps it would be interesting, and I could try it, but could you give an example use case? -- With best regards, Gregory Edigarov
Re: smtpd update
Gilles, I've already started using it in production (yes, with my own non_accepted_aliases_patch ;-). So far - all good, seems to be very robust and pretty stable. I will of course send you a note if I will notice some troubles. And for the others to record I have to notice the very clean code which lets me make small changes for myself. On Wed, 16 Sep 2009 13:50:00 +0200 Gilles Chehade gil...@poolp.org wrote: Please, do not wait for others to try it, I just can't hear another I will try it soon, I was just waiting for other people's feedbacks ... Gilles Jacek Masiulaniec a icrit : Hi, smtpd has recently benefited from many changes to the local and remote delivery code paths. Their aim is to advance smtpd few steps further to being well suited for production use. I have been working on this for a number of weeks, and to put it bluntly - the changes are massive. So, please grab the latest smtpd and give it a spin. If you are not already using smtpd but would like to start, edit /etc/mailer.conf sendmail/usr/sbin/smtpctl send-mail /usr/sbin/smtpctl mailq /usr/sbin/smtpctl makemap /usr/libexec/smtpd/makemap newaliases /usr/libexec/smtpd/makemap and run # echo sendmail_flags=NO /etc/rc.conf.local # echo smtpd_flags= /etc/rc.conf.local # newaliases Finally, reboot the box to verify smtpd is started automatically. Thanks, Jacek -- With best regards, Gregory Edigarov
bgpd q
Hi, Could I rewrite as-paths in bgpd? I.e. if I have an incoming as-path like this: 1 2 3 3 3 3 3 3 3 3 4 and would like for some reason to rewrite it like: 1 2 3 4, or 1 2 3 3 4, can I do this? Thank you. -- With best regards, Gregory Edigarov
Re: .xinitrc and new window manager not loading
What do you use? xdm or startx? if you use xdm - you should use .xsession instead On Wed, 19 Aug 2009 11:32:05 + Chris atst...@gmail.com wrote: I am trying to get a new wm (scrotwm) and added it to .xinitrc but it's not working. Every time I press ALT-CRTL-Backspace and log back again, I get landed on fvwm. Not sure what I'm doing wrong. The same .xinitrc works on another box running bash shell for a normal user. My shell is ksh, user chris is a normal user (user's group is user). The .xinitrc file is owned by chris:user and has permission: -rw-r--r-- Here's my .xinitrc file: #!/bin/sh userresources=$HOME/.Xresources usermodmap=$HOME/.Xmodmap sysresources=/usr/X11R6/lib/X11/xinit/.Xresources sysmodmap=/usr/X11R6/lib/X11/xinit/.Xmodmap if [ -f $sysresources ]; then /usr/X11R6/bin/xrdb -merge $sysresources fi if [ -f $sysmodmap ]; then /usr/X11R6/bin/xmodmap $sysmodmap fi if [ -f $userresources ]; then /usr/X11R6/bin/xrdb -merge $userresources fi if [ -f $usermodmap ]; then /usr/X11R6/bin/xmodmap $usermodmap fi if [ -f $HOME/.bashrc ] then . $HOME/.bashrc fi if [ -f $HOME/.muttrc ] then . $HOME/.muttrc fi id1=$HOME/.ssh/identity id2=$HOME/.ssh/id_dsa id3=$HOME/.ssh/id_rsa if [ -x /usr/bin/ssh-agent ] [ -f $id1 -o -f $id2 -o -f $id3 ]; then eval `ssh-agent -s` ssh-add /dev/null fi /usr/local/bin/scrotwm if [ $SSH_AGENT_PID ]; then ssh-add -D /dev/null eval `ssh-agent -s -k` fi xidle -delay 3 -sw -program /usr/X11R6/bin/xlock -mode bat -timeout 5 -- I have also tried /usr/local/bin/scrotwm and exec /usr/local/bin/scrotwm but no luck. Thanks. -- With best regards, Gregory Edigarov
Re: Bug in pppoe ?
sysctl net.inet.ip.forwarding ? fROLOW kONSTANTIN wrote: I have openbsd-based pppoe server for small lan with 20-30 WinXP and Vista clients (based on user-level ppp) After some time some random clients seems to be dead (XP and Vista) When i try disconnect/reconnect dead host to pppoe, connection established but i cannot ping hosts, link is dead. When i try to connect with different ppp username from same computer, connection establised and all OK. I see in firewall log pass rule for this connection, but can't see any traffic Maybe somebody knows where is the problem ? (same pppoe server config with OpenBSD 4.3 works without problems) My config: kernel 4.5 GENERIC + pflow patch from Joerg Goltermann devices --- /dev/tun0..tun100 (i make 100 tun devices with MAKEDEV) /etc/ppp/ppp.secret --- user1 pass1 192.168.100.1 user2 pass2 192.168.100.2 .. user30 pass30 192.168.100.30 /etc/ppp/ppp.conf -- default: set log Phase Chat LCP IPCP CCP tun command set device /dev/cua01 set speed 115200 set dial ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 5 \\ AT OK-AT-OK ATE1Q0 OK \\dATDT\\T TIMEOUT 40 CONNECT pppoe: set timeout 0 set device !/usr/sbin/pppoe -i vr0 set mtu max 1492 set mru max 1492 set speed sync disable acfcomp protocomp deny acfcomp enable chap set ifaddr set dns 192.168.70.250 accept dns set ifaddr 192.168.100.254 192.168.100.1-192.168.100.253 255.255.255.255 disable ipv6cp enable mssfixup enable lqr set lqrperiod 5 /etc/rc.local - /usr/sbin/pppoe -p pppoe -i vr0 -s -- With best regards, Gregory Edigarov
Re: IMPORTANT, DO THIS OR YOUR E-MAIL WON'T WORK
Bob Beck wrote: * Chris Harries ch...@sharescope.co.uk [2009-05-26 10:48]: it sure beats everyone moaning at me as they cannot read e-mails clearly marked IMPORTANT, DO THIS OR YOUR E-MAIL WONT WORK, then moaning when their email doesn't work IMPORTANT, DO THIS OR YOUR E-MAIL WON'T WORK We are refreshing our openbsd mailing lists to ensure that the list memberships correctly match our business process and security roles. In order to ensure your list memberships and email continue to work without interruption, please reply to this email with the following information: Name : ___ Email ID: Password: Thanks for helping to ensure the integrity of our email system. Pardon? I do not understand what is this for -- With best regards, Gregory Edigarov
bsd_auth again
Hello, Perhaps somebody can help me a bit... Here is very simple login_-test.c, just to check if everything works: #include stdio.h int main (int argc, char **argv) { char buf[1024]; int i; for (i=0;iargc;i++) puts(argv[i]); read (3,buf,sizeof(buf)); puts(buf); } And a very simple calling program, that calls auth_userok, using exactly the way it is called from opensmtpd: #include sys/types.h #include login_cap.h #include bsd_auth.h #include stdio.h int main( ) { printf(%d\n,auth_userokay (greg, NULL , auth-smtp,password)); } As the last accord there are lines in /etc/login.conf: auth-smtp:auth=-test: everything other is the file left untouched. As it doesn't seem to be calling login_-test, I think that is because I failed to properly describe what I need in login.conf what should be done? Thank you. -- With best regards, Gregory Edigarov
Re: bsd_auth again
Otto Moerbeek wrote: On Mon, May 25, 2009 at 10:47:11AM +0300, Gregory Edigarov wrote: Hello, Perhaps somebody can help me a bit... Here is very simple login_-test.c, just to check if everything works: #include stdio.h int main (int argc, char **argv) { char buf[1024]; int i; for (i=0;iargc;i++) puts(argv[i]); read (3,buf,sizeof(buf)); puts(buf); } And a very simple calling program, that calls auth_userok, using exactly the way it is called from opensmtpd: #include sys/types.h #include login_cap.h #include bsd_auth.h #include stdio.h int main( ) { printf(%d\n,auth_userokay (greg, NULL , auth-smtp,password)); } As the last accord there are lines in /etc/login.conf: auth-smtp:auth=-test: everything other is the file left untouched. As it doesn't seem to be calling login_-test, I think that is because I failed to properly describe what I need in login.conf what should be done? For one thing (apart from login.conf issues), you do not return an exit code in your program and you do not write anything to fd 3, while login.conf says: In order for authentication to be successful, the authentication program must exit with a value of 0 as well as provide an authorize or authorize root statement on file descriptor 3. First of all, start READING and UNERSTANDING login.conf and study the existing authentication programs source code. Probably login_reject is a goof place to start. And a word of advice: before you attempt writing a bsd_auth login script, you better understand what you are doing. Otherwise you almost certainly will create a hole. This is no place for trial and error. -Otto Otto, As I've written above it is just an experiment, in order to understand and write bigger script, that will do _ALL_ the necessary things, and will be as secure as possible. -- With best regards, Gregory Edigarov
Re: bsd_auth again
Otto Moerbeek wrote: On Mon, May 25, 2009 at 10:47:11AM +0300, Gregory Edigarov wrote: Hello, Perhaps somebody can help me a bit... Here is very simple login_-test.c, just to check if everything works: #include stdio.h int main (int argc, char **argv) { char buf[1024]; int i; for (i=0;iargc;i++) puts(argv[i]); read (3,buf,sizeof(buf)); puts(buf); } And a very simple calling program, that calls auth_userok, using exactly the way it is called from opensmtpd: #include sys/types.h #include login_cap.h #include bsd_auth.h #include stdio.h int main( ) { printf(%d\n,auth_userokay (greg, NULL , auth-smtp,password)); } As the last accord there are lines in /etc/login.conf: auth-smtp:auth=-test: everything other is the file left untouched. As it doesn't seem to be calling login_-test, I think that is because I failed to properly describe what I need in login.conf what should be done? For one thing (apart from login.conf issues), you do not return an exit code in your program and you do not write anything to fd 3, while login.conf says: In order for authentication to be successful, the authentication program must exit with a value of 0 as well as provide an authorize or authorize root statement on file descriptor 3. First of all, start READING and UNERSTANDING login.conf and study the existing authentication programs source code. Probably login_reject is a goof place to start. And a word of advice: before you attempt writing a bsd_auth login script, you better understand what you are doing. Otherwise you almost certainly will create a hole. This is no place for trial and error. Also Otto, the question I've asked was about how to correctly connect the would be script to the authentication mechanism in the login.conf file. It was not about quality of my code. The code is purely experimental, and will not even go into the real script. -- With best regards, Gregory Edigarov
bsd_auth
Hello, Need just a small pointer to information on how to write an authentication program i.e. login_SOMEWHAT ? Because sources left much info outside. Is there a specification or something? Thanks. -- With best regards, Gregory Edigarov
Re: bsd_auth
Joachim Schipper wrote: On Fri, May 22, 2009 at 11:25:17AM +0300, Gregory Edigarov wrote: Hello, Need just a small pointer to information on how to write an authentication program i.e. login_SOMEWHAT ? Because sources left much info outside. Is there a specification or something? Thanks. You'll want to read login.conf(5), in particular the AUTHENTICATION section (it's not just a list of provided programs!). I'm not sure if there are other sources of documentation, but it does appear to document the protocol fairly well. Logically I can understand, that password will be provided as an input on file descriptor 3. But I cannot find that in manual... -- With best regards, Gregory Edigarov
Re: 4.5 - strange performance issue
Gregory Edigarov wrote: Hello, Does anybody else notice strange X performance degradation? It takes forever for X to start, and after it start it takes forever for them to bring up firefox... and after all it is really slw Well I turned off the acpi completely, that seems to solve the problem, but the question is still, it worked on 4.4 perfectly. This means something has changed in a way -- With best regards, Gregory Edigarov
Re: 4.5 - strange performance issue
Tobias Ulmer wrote: Try to enable EXA and play with Option MigrationHeuristic greedy Thanks, I will try that later today. -- With best regards, Gregory Edigarov
4.5 - strange performance issue
Hello, Does anybody else notice strange X performance degradation? It takes forever for X to start, and after it start it takes forever for them to bring up firefox... and after all it is really slw -- With best regards, Gregory Edigarov (--) checkDevMem: using aperture driver /dev/xf86 (--) Using wscons driver on /dev/ttyC4 in pcvt compatibility mode (version 3.32) X.Org X Server 1.5.3 Release Date: 5 November 2008 X Protocol Version 11, Revision 0 Build Operating System: OpenBSD 4.5 amd64 Current Operating System: OpenBSD edigarov.sa.net.ua 4.5 GENERIC#2052 amd64 Build Date: 27 February 2009 04:51:21PM Before reporting problems, check http://wiki.x.org to make sure that you have the latest version. Markers: (--) probed, (**) from config file, (==) default setting, (++) from command line, (!!) notice, (II) informational, (WW) warning, (EE) error, (NI) not implemented, (??) unknown. (==) Log file: /var/log/Xorg.0.log, Time: Sun May 3 12:57:07 2009 (==) Using config file: /etc/X11/xorg.conf (==) ServerLayout X.org Configured (**) |--Screen Screen0 (0) (**) | |--Monitor Monitor0 (**) | |--Device Card0 (**) |--Input Device Mouse0 (**) |--Input Device Keyboard0 (==) Not automatically adding devices (==) Not automatically enabling devices (==) Including the default font path /usr/X11R6/lib/X11/fonts/misc/,/usr/X11R6/lib/X11/fonts/TTF/,/usr/X11R6/lib/X11/fonts/OTF,/usr/X11R6/lib/X11/fonts/Type1/,/usr/X11R6/lib/X11/fonts/100dpi/,/usr/X11R6/lib/X11/fonts/75dpi/. (**) FontPath set to: /usr/X11R6/lib/X11/fonts/misc/, /usr/X11R6/lib/X11/fonts/TTF/, /usr/X11R6/lib/X11/fonts/OTF, /usr/X11R6/lib/X11/fonts/Type1/, /usr/X11R6/lib/X11/fonts/100dpi/, /usr/X11R6/lib/X11/fonts/75dpi/, /usr/X11R6/lib/X11/fonts/cyrillic/, /usr/X11R6/lib/X11/fonts/misc/, /usr/X11R6/lib/X11/fonts/TTF/, /usr/X11R6/lib/X11/fonts/OTF, /usr/X11R6/lib/X11/fonts/Type1/, /usr/X11R6/lib/X11/fonts/100dpi/, /usr/X11R6/lib/X11/fonts/75dpi/ (**) ModulePath set to /usr/X11R6/lib/modules (II) Loader magic: 0x7714e0 (II) Module ABI versions: X.Org ANSI C Emulation: 0.4 X.Org Video Driver: 4.1 X.Org XInput driver : 2.1 X.Org Server Extension : 1.1 X.Org Font Renderer : 0.6 (II) Loader running on openbsd (--) PCI:*(0...@1:0:0) ATI Radeon X550 rev 0, Mem @ 0xd000/134217728, 0xd900/65536, I/O @ 0x9000/256, BIOS @ 0x/131072 (--) PCI: (0...@1:0:1) ATI Radeon X550 Sec rev 0, Mem @ 0xd901/65536 (II) System resource ranges: [0] -1 0 0x0010 - 0x3fff (0x3ff0) MX[B]E(B) [1] -1 0 0x000f - 0x000f (0x1) MX[B] [2] -1 0 0x000c - 0x000e (0x3) MX[B] [3] -1 0 0x - 0x0009 (0xa) MX[B] [4] -1 0 0x - 0x (0x1) IX[B] [5] -1 0 0x - 0x00ff (0x100) IX[B] (II) extmod will be loaded. This was enabled by default and also specified in the config file. (II) dbe will be loaded. This was enabled by default and also specified in the config file. (II) glx will be loaded. This was enabled by default and also specified in the config file. (II) freetype will be loaded. This was enabled by default and also specified in the config file. (II) dri will be loaded. This was enabled by default and also specified in the config file. (II) LoadModule: dbe (II) Loading /usr/X11R6/lib/modules/extensions//libdbe.so (II) Module dbe: vendor=X.Org Foundation compiled for 1.5.3, module version = 1.0.0 Module class: X.Org Server Extension ABI class: X.Org Server Extension, version 1.1 (II) Loading extension DOUBLE-BUFFER (II) LoadModule: dri (II) Loading /usr/X11R6/lib/modules/extensions//libdri.so (II) Module dri: vendor=X.Org Foundation compiled for 1.5.3, module version = 1.0.0 ABI class: X.Org Server Extension, version 1.1 (II) Loading extension XFree86-DRI (II) LoadModule: extmod (II) Loading /usr/X11R6/lib/modules/extensions//libextmod.so (II) Module extmod: vendor=X.Org Foundation compiled for 1.5.3, module version = 1.0.0 Module class: X.Org Server Extension ABI class: X.Org Server Extension, version 1.1 (II) Loading extension SHAPE (II) Loading extension MIT-SUNDRY-NONSTANDARD (II) Loading extension BIG-REQUESTS (II) Loading extension SYNC (II) Loading extension MIT-SCREEN-SAVER (II) Loading extension XC-MISC (II) Loading extension XFree86-VidModeExtension (II) Loading extension XFree86-Misc (II) Loading extension XFree86-DGA (II) Loading extension DPMS (II) Loading extension TOG-CUP (II) Loading extension Extended-Visual-Information (II) Loading extension XVideo (II) Loading extension XVideo-MotionCompensation (II) Loading extension X-Resource (II) LoadModule: glx (II) Loading /usr/X11R6/lib/modules/extensions//libglx.so (II) Module glx
Re: 4.5 - strange performance issue
It's not an interrupt load. top seems normal, even running X, 0.0 - 0.9 % interrupt. but everything is very slow. Otto Moerbeek wrote: Check top(1) without a runing X first. You might have problems with interrupts. If that's the case, top should show prettu high interrupt %'s. Espcially some nvidia chipsets have these problems. If you are suffering from high interrupt load, try disabling acpirt(4) or if that does not work, acpi(4). -Otto On Mon, May 04, 2009 at 12:59:26PM +0300, Gregory Edigarov wrote: Hello, Does anybody else notice strange X performance degradation? It takes forever for X to start, and after it start it takes forever for them to bring up firefox... and after all it is really slw -- With best regards, Gregory Edigarov (--) checkDevMem: using aperture driver /dev/xf86 (--) Using wscons driver on /dev/ttyC4 in pcvt compatibility mode (version 3.32) X.Org X Server 1.5.3 Release Date: 5 November 2008 X Protocol Version 11, Revision 0 Build Operating System: OpenBSD 4.5 amd64 Current Operating System: OpenBSD edigarov.sa.net.ua 4.5 GENERIC#2052 amd64 Build Date: 27 February 2009 04:51:21PM Before reporting problems, check http://wiki.x.org to make sure that you have the latest version. Markers: (--) probed, (**) from config file, (==) default setting, (++) from command line, (!!) notice, (II) informational, (WW) warning, (EE) error, (NI) not implemented, (??) unknown. (==) Log file: /var/log/Xorg.0.log, Time: Sun May 3 12:57:07 2009 (==) Using config file: /etc/X11/xorg.conf (==) ServerLayout X.org Configured (**) |--Screen Screen0 (0) (**) | |--Monitor Monitor0 (**) | |--Device Card0 (**) |--Input Device Mouse0 (**) |--Input Device Keyboard0 (==) Not automatically adding devices (==) Not automatically enabling devices (==) Including the default font path /usr/X11R6/lib/X11/fonts/misc/,/usr/X11R6/lib/X11/fonts/TTF/,/usr/X11R6/lib/X11/fonts/OTF,/usr/X11R6/lib/X11/fonts/Type1/,/usr/X11R6/lib/X11/fonts/100dpi/,/usr/X11R6/lib/X11/fonts/75dpi/. (**) FontPath set to: /usr/X11R6/lib/X11/fonts/misc/, /usr/X11R6/lib/X11/fonts/TTF/, /usr/X11R6/lib/X11/fonts/OTF, /usr/X11R6/lib/X11/fonts/Type1/, /usr/X11R6/lib/X11/fonts/100dpi/, /usr/X11R6/lib/X11/fonts/75dpi/, /usr/X11R6/lib/X11/fonts/cyrillic/, /usr/X11R6/lib/X11/fonts/misc/, /usr/X11R6/lib/X11/fonts/TTF/, /usr/X11R6/lib/X11/fonts/OTF, /usr/X11R6/lib/X11/fonts/Type1/, /usr/X11R6/lib/X11/fonts/100dpi/, /usr/X11R6/lib/X11/fonts/75dpi/ (**) ModulePath set to /usr/X11R6/lib/modules (II) Loader magic: 0x7714e0 (II) Module ABI versions: X.Org ANSI C Emulation: 0.4 X.Org Video Driver: 4.1 X.Org XInput driver : 2.1 X.Org Server Extension : 1.1 X.Org Font Renderer : 0.6 (II) Loader running on openbsd (--) PCI:*(0...@1:0:0) ATI Radeon X550 rev 0, Mem @ 0xd000/134217728, 0xd900/65536, I/O @ 0x9000/256, BIOS @ 0x/131072 (--) PCI: (0...@1:0:1) ATI Radeon X550 Sec rev 0, Mem @ 0xd901/65536 (II) System resource ranges: [0] -1 0 0x0010 - 0x3fff (0x3ff0) MX[B]E(B) [1] -1 0 0x000f - 0x000f (0x1) MX[B] [2] -1 0 0x000c - 0x000e (0x3) MX[B] [3] -1 0 0x - 0x0009 (0xa) MX[B] [4] -1 0 0x - 0x (0x1) IX[B] [5] -1 0 0x - 0x00ff (0x100) IX[B] (II) extmod will be loaded. This was enabled by default and also specified in the config file. (II) dbe will be loaded. This was enabled by default and also specified in the config file. (II) glx will be loaded. This was enabled by default and also specified in the config file. (II) freetype will be loaded. This was enabled by default and also specified in the config file. (II) dri will be loaded. This was enabled by default and also specified in the config file. (II) LoadModule: dbe (II) Loading /usr/X11R6/lib/modules/extensions//libdbe.so (II) Module dbe: vendor=X.Org Foundation compiled for 1.5.3, module version = 1.0.0 Module class: X.Org Server Extension ABI class: X.Org Server Extension, version 1.1 (II) Loading extension DOUBLE-BUFFER (II) LoadModule: dri (II) Loading /usr/X11R6/lib/modules/extensions//libdri.so (II) Module dri: vendor=X.Org Foundation compiled for 1.5.3, module version = 1.0.0 ABI class: X.Org Server Extension, version 1.1 (II) Loading extension XFree86-DRI (II) LoadModule: extmod (II) Loading /usr/X11R6/lib/modules/extensions//libextmod.so (II) Module extmod: vendor=X.Org Foundation compiled for 1.5.3, module version = 1.0.0 Module class: X.Org Server Extension ABI class: X.Org Server Extension, version 1.1 (II) Loading extension SHAPE (II) Loading extension MIT-SUNDRY-NONSTANDARD (II) Loading extension BIG-REQUESTS (II) Loading
Re: autowhitelister for spamd needs testing
Aaron Mason wrote: On Fri, Apr 24, 2009 at 11:01 AM, Dan Harnett dan...@harnett.name wrote: On top of that, if VeriSign could be tricked into signing a fake Microsoft ActiveX key, can you really trust the authorities? Are you implying SPF records are validated somewhere and signed by a trusted third party? They're not. They're provided by the bad guys. A more proper analogy would be that you received an ActiveX control signed by The Bad Guys Who Do Bad Things. They were nice enough to sign it, so you accept it. I was implying no such thing. I was referring to using WHOIS to block spammers on the basis of the date the domain was registered. asfjsakf1359.com TXT v=spf1 a:mail.asfjsakf1359.com ip4:0.0.0.0/0 ~all Ok, now that gives us a pointer by which to block fraudulent folk. That record means anyone and everyone can send an email using that domain name. A proper SPF record wouldn't have an all-encompassing IP range. In fact, who in the world would have anything more than a /7 block? However that alone wouldn't deter any spammer - just limit the range to what's accepted and you're in. And any limit you set will only cause more dramas. Sure you could limit it to /24 and smaller, or even to single addresses, but what about those select folk who have been assigned /8 classless subnets? That's a whole lotta SPF records for one subdomain. No solution is perfect, but a small group of imperfect solutions is a far cry better than no solutions at all and our mailboxes being inundated with spam. The problem's here to stay, all we can do is deal with it as best we can. well nobody's perfect. and there is no solution perfect. And i do not even pretend that i made a perfect solution. It still require /dev/brain, /dev/eyes, and /dev/hands... Ok, thank you all, for the interesting discussion. I think I could develop more advanced solution that will check blocks found by spf lookup through whois lookup... -- With best regards, Gregory Edigarov
Re: autowhitelister for spamd needs testing
Dave Anderson wrote: On Wed, 22 Apr 2009, jared r r spiegel wrote: On Thu, Apr 23, 2009 at 12:30:28AM +, Stuart Henderson wrote: I see a tiny little problem with this method... sometimes people send spam from domains whose DNS they control. +1 i think part of the success i experience using SPF as a means to create whitelists is in the fact that i maintain the list of domains i fancy whitelisting. unfortunately, it would be trivial for someone to take advantage of an spf-based automatic whitelist to slip right on thru spamd(8). it's a pisser. No it's not. What might make sense is to alter the script to generate a list of canditates for whitelisting, but only apply any of them after they are manually approved. Dave And that's what I did it for, really. -- With best regards, Gregory Edigarov
Re: autowhitelister for spamd needs testing
Stuart Henderson wrote: On 2009-04-22, Gregory Edigarov g...@bestnet.kharkov.ua wrote: Hello list, I think spamd users would like to try this small utility. Although its development is in the very beginning it does its job quite well for me it was written for the case where a big mass mailer like google is trying to send us mail. The utility notices such mailers and white lists it by adding its allowed nets taken through spf queries to the white list. i.e. it reads output of spamdb, then checks spf records for all greylisted mails and produces 'whitelist.auto' file which can then be used with spamd-setup. it is small, so I put it into attachment. I see a tiny little problem with this method... sometimes people send spam from domains whose DNS they control. See, in the case of spam there is absolutely no silver bullet. Even with my current setup I get 5-10 spam messages into my personal accounts + tons of spam to role accounts like postmaster, hostmaster etc But at some time I got tired of adding the web-frontedned-mail -senders-which-never-repeat-mail-from-the-same-ip to the whitelist. So I wrote this little thingy. -- With best regards, Gregory Edigarov
Re: autowhitelister for spamd needs testing
Hello list, I think spamd users would like to try this small utility. Although its development is in the very beginning it does its job quite well for me it was written for the case where a big mass mailer like google is trying to send us mail. The utility notices such mailers and white lists it by adding its allowed nets taken through spf queries to the white list. i.e. it reads output of spamdb, then checks spf records for all greylisted mails and produces 'whitelist.auto' file which can then be used with spamd-setup. it is small, so I put it into attachment. -- With best regards, Gregory Edigarov #include sys/types.h #include netinet/in.h #include arpa/nameser.h #include resolv.h #include stdlib.h #include string.h #include stdio.h #define ERREXIT(_p) perror(_p); exit(-1); char *tok[] = {v=spf1, redirect=, include:, ip4:, ip6:}; FILE *out; voidtspf(char *domain); char * txtquery(const char *domain, unsigned int *ttl) { unsigned char answer[PACKETSZ], host[128], *pt, *txt; int len, exp, cttl, size, txtlen, type; if (res_init() 0) { ERREXIT(res_init); } printf(*Querying %s\n, domain); memset(answer, 0, PACKETSZ); if ((len = res_query(domain, C_IN, T_TXT, answer, PACKETSZ)) 0) { ERREXIT(res_query); } pt = answer + sizeof(HEADER); if ((exp = dn_expand(answer, answer + len, pt, host, sizeof(host))) 0) { ERREXIT(dn_expand); } pt += exp; GETSHORT(type, pt); if (type != T_TXT) { ERREXIT(type); } pt += INT16SZ; /* class */ if ((exp = dn_expand(answer, answer + len, pt, host, sizeof(host))) 0) { ERREXIT(dn_expand); } pt += exp; GETSHORT(type, pt); if (type != T_TXT) { ERREXIT(type); } pt += INT16SZ; /* class */ GETLONG(cttl, pt); *ttl = cttl; GETSHORT(size, pt); txtlen = *pt; if (txtlen = size || !txtlen) { ERREXIT(txtlen); } if (!(txt = malloc(txtlen + 2))) { ERREXIT(malloc) } pt++; strlcpy(txt, pt, txtlen + 1); return txt; } void do_redirect(char *p) { char *txt; unsignedttl; p += strlen(tok[1]); puts(p); txt = txtquery(p, ttl); tspf(txt); } void do_include(char *p) { char *txt; unsignedttl; p += strlen(tok[2]); txt = txtquery(p, ttl); tspf(txt); } void do_ipv4(char *p) { p += strlen(tok[3]); fprintf(out, %s\n, p); } void do_ipv6(char *p) { p += strlen(tok[3]); fprintf(out, %s\n, p); } void tspf(char *dom) { char *ans, *p, *last; int spf_v = 0; unsigned intttl; ans = txtquery(dom, ttl); for (p = strtok_r(ans, , last); p; p = strtok_r(NULL, , last)) { if (!strncmp(p, tok[0], strlen(tok[0]))) spf_v = 1; if (!strncmp(p, tok[1], strlen(tok[1])) spf_v) do_redirect(p); if (!strncmp(p, tok[2], strlen(tok[2])) spf_v) do_include(p); if (!strncmp(p, tok[3], strlen(tok[3])) spf_v) do_ipv4(p); if (!strncmp(p, tok[4], strlen(tok[4])) spf_v) do_ipv6(p); } free(ans); } int main(int argc, char **argv) { FILE *in; charbuf[1024]; chartype[64], ip[256], helo[1024], mailfrom[1024], rcptto[1024], td1[1024], td2[1024], td3[1024], trig1[2], trig2[2]; char *p; system(mv whitelist.auto whitelist.old); if (argc 1) out = fopen(argv[1], a+); else out = fopen(whitelist.new, a+); if (out == NULL) { ERREXIT(fopen); } in = popen(spamdb, r); if (in == NULL) { ERREXIT(p); } while (fgets(buf, sizeof(buf), in)) { if (!strncmp(buf, GREY, 4)) { for (p = (char *) buf; *p; p++) if (*p == '|') *p = ' '; sscanf(buf, %s %s %s %s %s %s %s %s %s %s, (char *) type, (char *) ip, (char *) helo, (char *) mailfrom, (char *) rcptto, (char *) td1, (char *) td2, (char *) td3, (char *) trig1, (char *) trig2); puts((char *) type); puts((char *) mailfrom); } p = strchr((char
Re: antispam common practice for dealing with removed users
Jose Fragoso wrote: I would like to hear from members of the list how they are dealing with this sort of situation. hmmm, why not just remove an account? this way your server will reply 550 User unknown, and make sending side bounce the mail effectively notifying postmaster/mailing list manager that this account has removed. -- With best regards, Gregory Edigarov
Re: packets redirected to loopback never appear in tcpdump
Stuart Henderson wrote: On 2009-02-24, Gregory Edigarov g...@bestnet.kharkov.ua wrote: Is this a bug of feature? the test case: # ifconfig lo1 192.168.0.1 up # ping 192.168.0.1 64 bytes from 192.168.0.1: icmp_seq=0 ttl=255 time=0.200 ms 64 bytes from 192.168.0.1: icmp_seq=1 ttl=255 time=0.111 ms 64 bytes from 192.168.0.1: icmp_seq=2 ttl=255 time=0.110 ms 64 bytes from 192.168.0.1: icmp_seq=3 ttl=255 time=0.111 ms 64 bytes from 192.168.0.1: icmp_seq=4 ttl=255 time=0.109 ms this should work. how does your routing table look? Ok, so here is more on the test case... the initial idea was to shape some traffic destined to services settling on the host by redirecting it to lo1, then pointing services to listen on the IP of lo1. * # ifconfig lo1 lo1: flags=8149UP,LOOPBACK,RUNNING,PROMISC,MULTICAST mtu 33204 groups: lo inet 192.168.0.1 netmask 0xff00 # route -n show Routing tables Internet: DestinationGatewayFlags Refs Use Mtu Prio Iface default80.92.224.1UGS8 161457 -48 rl0 80.92.224.0/27 link#1 UC 30 -48 rl0 80.92.224.100:04:4d:39:59:20 UHLc 10 -48 rl0 80.92.224.10 00:50:8d:61:96:65 UHLc 0 15 -48 rl0 80.92.224.20 00:07:e9:05:1e:ec UHLc 0 103 -48 rl0 127.0.0.1 127.0.0.1 UH 00 3320448 lo0 192.168.0.1192.168.0.1UH 0 376 3320448 lo1 * # cat /etc/pf.conf table badhosts persist table sshdeny persist table counters persist table spamd persist table spamd-white persist set ruleset-optimization none scrub all #altq on lo1 cbq bandwidth 5Mb queue { std, ext} #queue std bandwidth 10% cbq(default) #queue ext bandwidth 90% cbq nat on rl0 from 192.168.0.1 to any - (rl0) rdr on rl0 proto tcp from any to (rl0) port 1234 - (lo1) block log all pass out on rl0 pass in on rl0 proto tcp from any to (rl0) port ftp keep state pass in on rl0 proto tcp from any to (rl0) port ftp-data keep state pass in on rl0 proto tcp from any to (rl0) port ssh keep state \ (max-src-conn 3, max-src-conn-rate 1/60, overload sshdeny flush global) pass in on rl0 proto tcp from 194.6.232.83 to (rl0) port ssh keep state pass in on rl0 proto tcp from any to (rl0) port smtp keep state pass in on rl0 proto tcp from any to (rl0) port 4662 keep state pass in on rl0 proto tcp from any to 192.168.0.1 port 1234 keep state pass in on rl0 proto udp from any to (rl0) port 4665 keep state pass in on rl0 proto udp from any to (rl0) port 4672 keep state pass in on rl0 inet proto icmp from any to (rl0) icmp-type echoreq block drop in log on rl0 from sshdeny to (rl0) pass on rl0 from counters to any pass on rl0 from any to counters pass on lo0 pass on lo1 #pass on lo1 queue std ** on this host we run 'nc -l 1234', or this simple C test, just to be sure we are listening on right socket: #include sys/types.h #include sys/socket.h #include netinet/in.h #include netdb.h #include stdio.h #define TRUE 1 /* * This program creates a socket and then begins an infinite loop. Each time * through the loop it accepts a connection and prints out messages from it. * When the connection breaks, or a termination message comes through, the * program accepts a new connection. */ main() { int sock, length; struct sockaddr_in server; int msgsock; char buf[1024]; int rval; int i; /* Create socket */ sock = socket(AF_INET, SOCK_STREAM, 0); if (sock 0) { perror(opening stream socket); exit(1); } /* Name socket using wildcards */ server.sin_family = AF_INET; server.sin_addr.s_addr = inet_addr(192.168.0.1); server.sin_port = htons (1234); if (bind(sock, server, sizeof(server))) { perror(binding stream socket); exit(1); } /* Find out assigned port number and print it out */ length = sizeof(server); if (getsockname(sock, server, length)) { perror(getting socket name); exit(1); } printf(Socket has port #%d\en, ntohs(server.sin_port)); /* Start accepting connections */ listen(sock, 5); do { msgsock = accept(sock, 0, 0); if (msgsock == -1) perror(accept); else do { bzero(buf, sizeof(buf)); if ((rval = read(msgsock, buf, 1024
packets redirected to loopback never appear in tcpdump
Hello, Is this a bug of feature? the test case: # ifconfig lo1 192.168.0.1 up # ping 192.168.0.1 64 bytes from 192.168.0.1: icmp_seq=0 ttl=255 time=0.200 ms 64 bytes from 192.168.0.1: icmp_seq=1 ttl=255 time=0.111 ms 64 bytes from 192.168.0.1: icmp_seq=2 ttl=255 time=0.110 ms 64 bytes from 192.168.0.1: icmp_seq=3 ttl=255 time=0.111 ms 64 bytes from 192.168.0.1: icmp_seq=4 ttl=255 time=0.109 ms # tcpdump -i lo1 tcpdump: listening on lo1, link-type LOOP (shows nothing) this also: nat on rl0 from !(rl0) to any - (rl0) rdr on rl0 proto tcp from any to (rl0) port 1234 - 192.168.0.1 block log all pass in on rl0 proto tcp from any to 192.168.0.1 port 1234 keep state redirect works just fine, but tcpdump again shows nothing. found the hard way while trying to get altq working on lo1 # uname -a OpenBSD greg.bestnet.kharkov.ua 4.4 GENERIC#1021 i386 dmesg is also attached -- With best regards, Gregory Edigarov OpenBSD 4.4 (GENERIC) #1021: Tue Aug 12 17:16:55 MDT 2008 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Celeron(R) CPU 2.00GHz (GenuineIntel 686-class) 2 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR real mem = 259551232 (247MB) avail mem = 242520064 (231MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/17/03, BIOS32 rev. 0 @ 0xfdb30, SMBIOS rev. 2.3 @ 0xf0630 (32 entries) bios0: vendor American Megatrends Inc. version P2.60 date 12/17/2003 acpi0 at bios0: rev 0 acpi0: tables DSDT FACP APIC acpi0: wakeup devices USB1(S4) USB2(S4) USB3(S4) EHCI(S4) ICHB(S4) PS2M(S4) PS2K(S4) UAR1(S4) MC9_(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 3 (ICHB) acpicpu0 at acpi0 acpibtn0 at acpi0: PWRB bios0: ROM list: 0xc/0xb400 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82845G Host rev 0x03 vga1 at pci0 dev 2 function 0 Intel 82845G Video rev 0x03 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) agp0 at vga1: aperture at 0xd000, size 0x800 drm at vga1 unsupported uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x02: irq 11 uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x02: irq 5 uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x02: irq 12 ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x02: irq 10 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb0 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x82 pci1 at ppb0 bus 3 rl0 at pci1 dev 6 function 0 Realtek 8139 rev 0x10: irq 5, address 00:30:4f:23:15:f0 rlphy0 at rl0 phy 0: RTL internal PHY rl1 at pci1 dev 10 function 0 Realtek 8139 rev 0x10: irq 3, address 00:0b:6a:f8:3e:e3 rlphy1 at rl1 phy 0: RTL internal PHY ichpcib0 at pci0 dev 31 function 0 Intel 82801DB LPC rev 0x02 pciide0 at pci0 dev 31 function 1 Intel 82801DB IDE rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: SAMSUNG SP0411N wd0: 16-sector PIO, LBA48, 38204MB, 78242976 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 disabled (no drives) auich0 at pci0 dev 31 function 5 Intel 82801DB AC97 rev 0x02: irq 3, ICH4 AC97 ac97: codec id 0x434d4961 (C-Media Electronics CMI9739) audio0 at auich0 usb1 at uhci0: USB revision 1.0 uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1 isa0 at ichpcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 wbsio0 at isa0 port 0x2e/2: W83627HF rev 0x17 lm1 at wbsio0 port 0x290/8: W83627HF npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask fd65 netmask fd6d ttymask mtrr: Pentium Pro MTRR support uhidev0 at uhub1 port 1 configuration 1 interface 0 Logitech USB-PS/2 Optical Mouse rev 2.00/11.10 addr 2 uhidev0: iclass 3/1 ums0 at uhidev0: 3 buttons, Z dir wsmouse0 at ums0 mux 0 softraid0 at root root on wd0a swap on wd0b dump on wd0b
Re: http version of spamd, anyone?
Bryan Irvine wrote: mod_dosevasive piece of shit cluttering up /tmp to death On Mon, Feb 2, 2009 at 9:47 PM, Jeffrey 'jf' Lim jfs.wo...@gmail.com wrote: Is the project (or anybody) planning to work on something like spamd for http? Or does anybody know of any projects which do this already? I am looking for something to be (as per spamd) put in front of an actual server. A bunch of possible features i would be looking at: - blacklisting (should ideally allow for dynamic reloads without killing any existing valid connections) - tarpitting for open connections (no http request sent) beyond a certain timeout - tarpitting for invalid http requests - greytrapping (let's say u have only specific url patterns which are valid. Anything else, tarpit) thanks, -jf -- In the meantime, here is your PSA: It's so hard to write a graphics driver that open-sourcing it would not help. -- Andrew Fear, Software Product Manager, NVIDIA Corporation http://kerneltrap.org/node/7228 -- With best regards, Gregory Edigarov
Re: relayd (formerly hoststated) for monitoring services
Lars NoodC)n wrote: The main focus of relayd now seems to be for load balancing. Can it / should it be used at all for monitoring services? Or should I turn to Nagios or the late great Spong instead? Well, what's your needs? If nagios seems to be an overhead - I would recommend a nice daemon called 'monit'. I like it very much because of the ease of setup and support it offers. -- With best regards, Gregory Edigarov
Re: spamd won't use my WHITElist
engineer wrote: Hi. I run spamd on 4.4-stable. There are some blacklist and whitelist. But spamd don't use it (at least, whitelist) and use greylist scheme for all connections. I need to get emails from WHITElisted networks immediately, skipping spamd. Please, help me understand where I'm wrong. Here is my configs. $ fgrep -v '#' /etc/mail/spamd.conf all:\ :myblack:uatraps:nixspam:china:korea:mywhite: myblack:\ :black:\ :msg=Your address %A has sent spam to me:\ :method=file:\ :file=/etc/postfix/spamd_black.txt: mywhite:\ :white:\ :method=file:\ :file=/etc/postfix/spamd_white.txt: uatraps:\ :black:\ :msg=Your address %A has sent mail to a ualberta.ca spamtrap\n\ within the last 24 hours:\ :method=http:\ :file=www.openbsd.org/spamd/traplist.gz nixspam:\ :black:\ :msg=Your address %A is in the nixspam list\n\ See http://www.heise.de/ix/nixspam/dnsbl_en/ for details:\ :method=http:\ :file=www.openbsd.org/spamd/nixspam.gz china:\ :black:\ :msg=SPAM. Your address %A appears to be from China\n\ See http://www.okean.com/asianspamblocks.html for more details:\ :method=http:\ :file=www.openbsd.org/spamd/chinacidr.txt.gz: korea:\ :black:\ :msg=SPAM. Your address %A appears to be from Korea\n\ See http://www.okean.com/asianspamblocks.html for more details:\ :method=http:\ :file=www.openbsd.org/spamd/koreacidr.txt.gz: $ fgrep -v '#' /etc/postfix/spamd_white.txt 194.67.23.0 - 194.67.23.255 194.67.57.0 - 194.67.57.255 195.239.211.0 - 195.239.211.255 213.180.192.0 - 213.180.193.255 213.180.200.0 - 213.180.200.255 213.180.223.0 - 213.180.223.255 87.250.251.0 - 87.250.251.255 77.88.21.0 - 77.88.21.255 93.158.134.0 - 93.158.134.255 209.85.128.0 - 209.85.255.255 217.150.32.41 - 217.150.32.42 In /etc/pf.conf ... table spamd-white persist ... rdr on $ext_if proto tcp from any to $mx_IP port smtp - 127.0.0.1 port spamd should be : rdr on $ext_if proto tcp from !spamd-white to $mx_IP port smtp - 127.0.0.1 port spamd And when someone try to send me email from @mail.ru I see this (my ... hides real symbols): # spamdb |fgrep 't...@mail.ru' GREY|194.67.23.194|mx33.mail.ru|t...@mail.ru|s...@ru|1231821097|1231835497|1231835497|1|0 GREY|194.67.23.36|mx40.mail.ru|t...@mail.ru|s...@ru|1231819993|1231834393|1231834393|1|0 It seems like spamd completely skipped WHITElisted network (194.67.23.0 - 194.67.23.255). I was thinking that all WHITElisted nets will be in the spamd-white immediately, just after spamd started... -- With best regards, Gregory Edigarov
Re: quagga-0.99.11
Felipe Alfaro Solana wrote: Are there any plans on bumping net/quagga to 0.99.11? I tried to compile it myself, from the vanilla sources while applying the following two patches: Are you sure you still want to run that piece of shit(quagga)? There is much much better realization of routing protocols readily available to you in the base system. -- With best regards, Gregory Edigarov
pkg_add error
While running pkg_add -u -F updatedenpends: - Cut - Verifying dependencies still match for kdelibs-3.5.8p3, kdebase-3.5.8p1 Can't update forward dependency of kdelibs-3.5.8p3 on OpenEXR-1.2.2p3: ilmbase-1.0.1p2 doesn't match (use -F updatedepends to force it) Can't update OpenEXR-1.2.2p3 into ilmbase-1.0.1p2 Error from ftp://ftp.openbsd.org//pub/OpenBSD/4.4/packages/i386/ilmbase-1.0.1p2.tgz: ftp: -: short write 421 Service not available, remote server has closed connection. /usr/sbin/pkg_add: ilmbase-1.0.1p2:Fatal error --- Cut - What gives? Is this a problem on my side? -- With best regards, Gregory Edigarov
route labels
Hello, Is there any way I could see route labels attached in netstat or route? Thanks in advance. -- With best regards, Gregory Edigarov
Re: route labels
Henning Brauer wrote: * Gregory Edigarov [EMAIL PROTECTED] [2008-07-25 11:48]: Is there any way I could see route labels attached in netstat or route? netstat, no. I have always wanted to write sth that allows you to display all routes with a given label, but never got around to do it. aka netstat -rnf inet -L foo shows only routes with label foo. should not be too had to implement actually. well, easier than not too hard. route can and does display labels. route -n get target shows the abel if it is there. Well, I think better solution would be to show the entire route table just like netstat -rn or route show do. Although it can be easily implemented with a very simple script, I think I could roll my sleeves up, and get this functionality for netstat / route show, in the code. -- With best regards, Gregory Edigarov
Table counters don't work as expected
pf rules: block drop log all pass in quick on rl0 from counters to any no state pass out quick on rl0 from any to counters no state pass out on rl0 all flags S/SA keep state # pfctl -v -Tshow -t counter 80.92.224.118 Cleared:Wed Jul 23 10:15:43 2008 In/Block:[ Packets: 0 Bytes: 0 ] In/Pass:[ Packets: 0 Bytes: 0 ] Out/Block: [ Packets: 0 Bytes: 0 ] Out/Pass:[ Packets: 0 Bytes: 0 ] # ping -c 5 -s1024 80.92.224.118 PING 80.92.224.118 (80.92.224.118): 1024 data bytes 1032 bytes from 80.92.224.118: icmp_seq=0 ttl=63 time=22.269 ms 1032 bytes from 80.92.224.118: icmp_seq=1 ttl=63 time=22.037 ms 1032 bytes from 80.92.224.118: icmp_seq=2 ttl=63 time=21.979 ms 1032 bytes from 80.92.224.118: icmp_seq=3 ttl=63 time=25.287 ms 1032 bytes from 80.92.224.118: icmp_seq=4 ttl=63 time=22.088 ms --- 80.92.224.118 ping statistics --- 5 packets transmitted, 5 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 21.979/22.732/25.287/1.281 ms # pfctl -v -Tshow -t counter 80.92.224.118 Cleared:Wed Jul 23 10:15:43 2008 In/Block:[ Packets: 0 Bytes: 0 ] In/Pass:[ Packets: 0 Bytes: 0 ] Out/Block: [ Packets: 0 Bytes: 0 ] Out/Pass:[ Packets: 0 Bytes: 0 ] What gives? -- With best regards, Gregory Edigarov
Re: Table counters don't work as expected
Ok, it was counter counters discrepancy. kindly disregard. thanks all. Gregory Edigarov wrote: pf rules: block drop log all pass in quick on rl0 from counters to any no state pass out quick on rl0 from any to counters no state pass out on rl0 all flags S/SA keep state # pfctl -v -Tshow -t counter 80.92.224.118 Cleared:Wed Jul 23 10:15:43 2008 In/Block:[ Packets: 0 Bytes: 0 ] In/Pass:[ Packets: 0 Bytes: 0 ] Out/Block: [ Packets: 0 Bytes: 0 ] Out/Pass:[ Packets: 0 Bytes: 0 ] # ping -c 5 -s1024 80.92.224.118 PING 80.92.224.118 (80.92.224.118): 1024 data bytes 1032 bytes from 80.92.224.118: icmp_seq=0 ttl=63 time=22.269 ms 1032 bytes from 80.92.224.118: icmp_seq=1 ttl=63 time=22.037 ms 1032 bytes from 80.92.224.118: icmp_seq=2 ttl=63 time=21.979 ms 1032 bytes from 80.92.224.118: icmp_seq=3 ttl=63 time=25.287 ms 1032 bytes from 80.92.224.118: icmp_seq=4 ttl=63 time=22.088 ms --- 80.92.224.118 ping statistics --- 5 packets transmitted, 5 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 21.979/22.732/25.287/1.281 ms # pfctl -v -Tshow -t counter 80.92.224.118 Cleared:Wed Jul 23 10:15:43 2008 In/Block:[ Packets: 0 Bytes: 0 ] In/Pass:[ Packets: 0 Bytes: 0 ] Out/Block: [ Packets: 0 Bytes: 0 ] Out/Pass:[ Packets: 0 Bytes: 0 ] What gives? -- With best regards, Gregory Edigarov
Re: This is what Linus Torvalds calls openBSD crowd
Marco Peereboom wrote: debian users are masturbating amoebas just cannot imagine how could an amoeba jerk off you will certainly get a prize... :-) :-))) : :D On Wed, Jul 16, 2008 at 07:47:54PM +0100, Nuno Magalh??es wrote: Eheh he's right :-) If you guys get your heads out of your asses and actually read his words with the use of some common sense you might get what he means. It's a balanced opinion. From what i've seen so far in this list, the BSD-crowd *is* a bunch of masturbating monkeys anyway, i get much more decent reasonable answers to my problems in any Debian list, along with constructive criticism. Here it's rtfm and chest-thumping. Flame away boys, so i can gingerly ignore you :) -- Nuno MagalhC#es -- With best regards, Gregory Edigarov
Re: tcpdump -X
GVG GVG wrote: On Tue, Jul 15, 2008 at 3:54 PM, David Hill [EMAIL PROTECTED] wrote: On Tue, Jul 15, 2008 at 03:42:58PM +0200, GVG GVG wrote: Dear list, was going through the OpenBSD tcpdump version and couldn't identify anything like the '-A' flag in order to capture full web sites etc. Tried optin '-X' but didn't work! Should I use '-s snaplen' but what snaplen value do I have to define. Tried few combinations with no success! Thanks for your help George Use the size of your MTU, which can be found my using ifconfig. -- David Hill Thanks for your prompt reply. Just out of curiosity what's this 'MTU' stands for? it's Maximum Transfer Unit -- With best regards, Gregory Edigarov
Re: pf-nat help
Jesus Sanchez wrote: Gregory Edigarov escribis: Jesus Sanchez wrote: Hi, I'm using OpenBSD 4.2. I'm triying to get a very unsafe-simple ruleset to make a nat between a laptop and my OpenBSD box. From my OpenBSD box I have two nics: OpenBSD box: rl0 (witch gets a IP from dhcp and gets to the internet via ADSL) sk0 (directly connected to the laptop via one cable) I seted the int_if ip statically as 192.168.1.1 (the laptop have asigned 192.168.1.2 and they see each other without problem, and I can do FTP transfers and stuff like that) I have set the sysctl net.inet.ip.forwarding=1 my pf.conf (very unsafe and very simple, only to try this) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- ext_if = rl0 int_if = sk0 localnetwork = ${int_if}:network scrub in all nat on $ext_if from $localnetwork to any - (ext_if) =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- then I make on the laptop (wich uses rl0): ifconfig rl0 inet 192.168.1.2 but in the laptop I don't have internet at all, it see the OpenBSD box as 192.168.1.1 but nothing more. What I'm doing wrong? Thanks for your time -Jesus nat pass on $ext_if from $localnetwork to any - (ext_if) or, add these two lines to the end of your pf.conf: block all pass all I tried that and still same thing. Nothing changes with theese rules. are you sure your pf is enabled? pfctl -e -- With best regards, Gregory Edigarov
Re: Sendmail OpenBSD performance
Morris, Roy wrote: I know this is not exactly a OpenBSD question but I am wondering if anyone can give me a sense of the performance/limitations of sendmail? Basically I have a machine that sends out 20,000 mails a day and once and a while the application sending emails for delivery complains that it has to wait for sendmail. I go and check the sendmail machine and it's hardly even breathing hard. Almost no cpu usage, memory fine blah blah .. I am not convinced this is a problem with sendmail, just looking for some feedback from anyone doing volume email on openbsd. cheers Roy What I do always recpomend to people using sendmail for mass mailing (that is having large mailing lists :) ) is to use smtpsend external smtp mailer. it scales much better. Also I would recommend you to use -odq and separate queue runner process. -- With best regards, Gregory Edigarov
4.3 hangs on Intel Celeron
Hello, Everybody. see dmesg in attachment it was rebuilt from sources i got from cvs last week. Hangs after some time of inactivity, when something heavy (like thunderbird) starts up, or just waking up from being swapped after quite a period of inactivity. Let me know, if you need some more info to diagnose the problem better. Thanks. -- With best regards, Gregory Edigarov at 0xd000, size 0x800 vga1 at pci0 dev 2 function 0 Intel 82845G Video rev 0x03 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x02: irq 11 uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x02: irq 5 uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x02: irq 12 ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x02: irq 10 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb0 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x82 pci1 at ppb0 bus 3 rl0 at pci1 dev 10 function 0 Realtek 8139 rev 0x10: irq 3, address 00:0b:6a:f8:3e:e3 rlphy0 at rl0 phy 0: RTL internal PHY ichpcib0 at pci0 dev 31 function 0 Intel 82801DB LPC rev 0x02: 24-bit timer at 3579545Hz pciide0 at pci0 dev 31 function 1 Intel 82801DB IDE rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: SAMSUNG SP0411N wd0: 16-sector PIO, LBA48, 38204MB, 78242976 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 disabled (no drives) auich0 at pci0 dev 31 function 5 Intel 82801DB AC97 rev 0x02: irq 3, ICH4 AC97 ac97: codec id 0x434d4961 (C-Media Electronics CMI9739) audio0 at auich0 usb1 at uhci0: USB revision 1.0 uhub1 at usb1 Intel UHCI root hub rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 lm0 at isa0 port 0x290/8: W83627HF npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask ffe5 netmask ffed ttymask ffef mtrr: Pentium Pro MTRR support uhidev0 at uhub2 port 2 configuration 1 interface 0 Logitech USB-PS/2 Optical Mouse rev 2.00/11.10 addr 2 uhidev0: iclass 3/1 ums0 at uhidev0: 3 buttons and Z dir. wsmouse0 at ums0 mux 0 softraid0 at root root on wd0a swap on wd0b dump on wd0b syncing disks... done rebooting... OpenBSD 4.3 (GREG) #0: Fri Apr 11 11:46:35 EEST 2008 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GREG cpu0: Intel(R) Celeron(R) CPU 2.00GHz (GenuineIntel 686-class) 2 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID,xTPR real mem = 259551232 (247MB) avail mem = 247164928 (235MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/17/03, BIOS32 rev. 0 @ 0xfdb30, SMBIOS rev. 2.3 @ 0xf0630 (32 entries) bios0: vendor American Megatrends Inc. version P2.60 date 12/17/2003 pcibios0 at bios0: rev 2.1 @ 0xf/0x1 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf79e0/176 (9 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82801DB LPC rev 0x00) pcibios0: PCI bus #3 is the last bus bios0: ROM list: 0xc/0xb400 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82845G Host rev 0x03 agp0 at pchb0: aperture at 0xd000, size 0x800 vga1 at pci0 dev 2 function 0 Intel 82845G Video rev 0x03 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x02: irq 11 uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x02: irq 5 uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x02: irq 12 ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x02: irq 10 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb0 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x82 pci1 at ppb0 bus 3 rl0 at pci1 dev 10 function 0 Realtek 8139 rev 0x10: irq 3, address 00:0b:6a:f8:3e:e3 rlphy0 at rl0 phy 0: RTL internal PHY ichpcib0 at pci0 dev 31 function 0 Intel 82801DB LPC rev 0x02: 24-bit timer at 3579545Hz pciide0 at pci0 dev 31 function 1 Intel 82801DB IDE rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: SAMSUNG SP0411N wd0: 16-sector PIO, LBA48, 38204MB, 78242976 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 disabled (no drives) auich0 at pci0 dev 31
Re: What is our ultimate goal??
Come on guys, calm down, just stay what you are currently. Just do your job. Make OpenBSD the best router/firewall/server OS ever, you have the right features for that now, and I hope you will extend it in the nearest future. And do not listen to those trolls. Thank you all for what you do guys. -- With best regards, Gregory Edigarov Mayuresh Kathe wrote: Hi, NOTE: No intention to behave like a troll. I've been following the multi-threaded ssh/scp thread and read Ted's comment that he's stopped working on the kernel threads code because he doesn't have the time for it nor does he need it any more. Also that multi-threaded ssh/scp would weaken security features within the OS. It just led me to ponder, what is OpenBSD's ultimate goal? Is it just to become the worlds most secure OS with as few remote holes in the default install? Shouldn't it also be our goal to be the best UNIX-like operating system which is in tune with the current needs of users? It would have been great to have a threaded kernel, there are developer's I'm gathering around who wanted to change the TCP/IP stack to make it higher performance, more like Project FireEngine under Solaris 10. OpenBSD is an OS with amazing security and stability, but it has too few modern features. It would be great if developers also start working on improving the features currently offered by OpenBSD. Else, we would end up becoming the world's most secure OS which is used by just a handful of us faithful users. You might ask what right do I have for this rant, what am I doing for OpenBSD? Well I can't donate code directly as I'm a Java programmer and my C is quite rusty (haven't coded in it in over 7 years). But, yes, I do donate my time and money, indirectly, by recruiting good C developers to the cause as well as buying stuff for core developers off their wish lists. Hope newer features get added, not that I'm unhappy with the OS (it does almost everything I need an OS to do for me), but it would be great if we had *more* smart developers and a wider base of good users who get attracted to the OS for its robustness as well as feature-set. Best, ~Mayuresh -- With best regards, Gregory Edigarov
Re: Replace sendmail with qmail?
Pete Vickers wrote: In case it's needed (which I doubt), I'll voice my VERY strongly preference for sendmail instead of all these other pretenders. I agree. Please do not remove sendmail. it is the most advanced opensourced mailer, I do strongly prefer it. -- With best regards, Gregory Edigarov
Re: Error while trying to build xenocara
Gregory Edigarov wrote: Just an update: I've made /usr/xobj directory, then run the same command again, with same result. read the README file, under the hopeless case section... that helped me (I am a hopeless case, too, but not hopless ;) OK, thanks, guys. It worked. And sorry for being a bit impolite. Just not hopeless but desperate. That's what led me the wrong way. -- With best regards, Gregory Edigarov
Question on interface enumeration
Hello Everybody, Supposing I have several identical NIC's in my server, can I predict which become int0, which become int1, etc? A link to document explaining (or man something) would absolutely suffice. Thank you. -- With best regards, Gregory Edigarov
Re: 2 internet connections on 1 router
Marian Hettwer wrote: Hi All, Question is: How do I fiddle around with my routing table, that basically the wget running on my router is using sis2 (with the pppoe uplink), while the rest (my existing working lan) is still using sis0 with my good-guys cable modem uplink? just do: route add som.eth.in.g your pppoe server ip and you're set -- With best regards, Gregory Edigarov
Re: Question on interface enumeration
Nick Holland wrote: Gregory Edigarov wrote: Hello Everybody, Supposing I have several identical NIC's in my server, can I predict which become int0, which become int1, etc? A link to document explaining (or man something) would absolutely suffice. Thank you. Not Easily, at least if you are referring to a machine you know nothing about and haven't powered up yet. However, it is easy to make simple tests to find out. Assuming PCI, they go by order of the slots in the bus, which isn't something OpenBSD controls. Many machines have curious orders. For example, I have a Dell GX1 which has five PCI slots; the order is something like: 2 3 4 0 1. (To add insult to injury, I had four port NICs in every slot, took a while to find dc0! :) Now, once I know (er.. knew. The above sequence is from non-ECC and proven faulty memory!) the pattern of slots in a GX1, I can know which NIC will get which identifier. If I put int(4) NICs in slots 3 and 1, the one in slot 1 will be int0, the one in slot 3 will be int1. Now, if I move the NIC from slot 1 into slot 4, they will switch IDs. If I replace the NIC in slot 3 with a NIC of the same type (driver-wise, that is), nothing will change. If I remove int0 and replace it with a different driver, int1 will become int0. How did I identify the slot order in the machine? Stuck identical NICs in all slots. Why did I do that? Because I stuck three NICs in the thing and the ordering was not obvious, so I figured I better get to know this machine better. In all cases, the dmesg will link your MACs to physical IDs, so stick the MAC addr on the spine of the card. In most cases, ifconfig will show you which NICs have link in real time, so an easy way to identify things is drop to shell, plug in one cable, run ifconfig and see which has link. Label. Move cable, repeat until done. None of this is applicable to ISA or USB NICs. It may be applicable to other buses and platforms. Moral: 1) Know your HW 2) Label the MAC address on your NICs 3) Have identical replacement HW in case a non-OpenBSD expert has to do a swap, 4) Know how to reconfig your system if you have to change your NICs. 5) Practice, Practice, Practice 6) Drop to shell before install, look around. Nick. I.e. they depend on the PCI slot they inserted, if I get you correct. Well, thank you for so in-depth explanation, but what I meant really was: is it guaranteed that if one take a card from the server and then install the other card of the same make to the same slot, it will have the same id? I will do more research about it , however :-) The best thing however would be to have the ability to set the name of an intreface based on it's mac address, perhaps somebody is working on it/having it on the todo list? -- With best regards, Gregory Edigarov
Error while trying to build xenocara
Hello Everybody, While trying to build xenocara's most recent sources: === proto/bigreqsproto cd /usr/xenocara/proto/bigreqsproto exec make -f Makefile.bsd-wrapper cleandir cd /usr/xenocara/proto/bigreqsproto exec make -f Makefile.bsd-wrapper depend no dependencies here yet cd /usr/xenocara/proto/bigreqsproto exec make -f Makefile.bsd-wrapper all PKG_CONFIG_LIBDIR=/usr/X11R6/lib/pkgconfig CFLAGS=-O2 -pipe exec sh /usr/xenocara/proto/bigreqsproto/configure --prefix=/usr/X11R6 --sysconfdir=/etc --mandir=/usr/X11R6/man --cache-file=/usr/xobj/xorg-config.cache.amd64 configure: creating cache /usr/xobj/xorg-config.cache.amd64 /usr/xenocara/proto/bigreqsproto/configure[1158]: cannot create /usr/xobj/xorg-config.cache.amd64: No such file or directory checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for gawk... no checking for mawk... no checking for nawk... nawk checking whether make sets $(MAKE)... yes configure: error: source directory already configured; run make distclean there first *** Error code 1 Stop in /usr/xenocara/proto/bigreqsproto (line 97 of /usr/X11R6/share/mk/bsd.xorg.mk). *** Error code 1 Stop in /usr/xenocara/proto/bigreqsproto (line 133 of /usr/X11R6/share/mk/bsd.xorg.mk). *** Error code 1 Stop in /usr/xenocara/proto. *** Error code 1 Stop in /usr/xenocara. command used: cd /usr/xenocara make bootstrap make obj make build What's up? -- With best regards, Gregory Edigarov
Re: Error while trying to build xenocara
Gregory Edigarov wrote: Hello Everybody, While trying to build xenocara's most recent sources: === proto/bigreqsproto cd /usr/xenocara/proto/bigreqsproto exec make -f Makefile.bsd-wrapper cleandir cd /usr/xenocara/proto/bigreqsproto exec make -f Makefile.bsd-wrapper depend no dependencies here yet cd /usr/xenocara/proto/bigreqsproto exec make -f Makefile.bsd-wrapper all PKG_CONFIG_LIBDIR=/usr/X11R6/lib/pkgconfig CFLAGS=-O2 -pipe exec sh /usr/xenocara/proto/bigreqsproto/configure --prefix=/usr/X11R6 --sysconfdir=/etc --mandir=/usr/X11R6/man --cache-file=/usr/xobj/xorg-config.cache.amd64 configure: creating cache /usr/xobj/xorg-config.cache.amd64 /usr/xenocara/proto/bigreqsproto/configure[1158]: cannot create /usr/xobj/xorg-config.cache.amd64: No such file or directory Just an update: I've made /usr/xobj directory, then run the same command again, with same result. checking for a BSD-compatible install... /usr/bin/install -c checking whether build environment is sane... yes checking for gawk... no checking for mawk... no checking for nawk... nawk checking whether make sets $(MAKE)... yes configure: error: source directory already configured; run make distclean there first *** Error code 1 Stop in /usr/xenocara/proto/bigreqsproto (line 97 of /usr/X11R6/share/mk/bsd.xorg.mk). *** Error code 1 Stop in /usr/xenocara/proto/bigreqsproto (line 133 of /usr/X11R6/share/mk/bsd.xorg.mk). *** Error code 1 Stop in /usr/xenocara/proto. *** Error code 1 Stop in /usr/xenocara. command used: cd /usr/xenocara make bootstrap make obj make build What's up? -- With best regards, Gregory Edigarov
Re: Error while trying to build xenocara
Marc Balmer wrote: * Gregory Edigarov wrote: Gregory Edigarov wrote: Hello Everybody, While trying to build xenocara's most recent sources: === proto/bigreqsproto cd /usr/xenocara/proto/bigreqsproto exec make -f Makefile.bsd-wrapper cleandir cd /usr/xenocara/proto/bigreqsproto exec make -f Makefile.bsd-wrapper depend no dependencies here yet cd /usr/xenocara/proto/bigreqsproto exec make -f Makefile.bsd-wrapper all PKG_CONFIG_LIBDIR=/usr/X11R6/lib/pkgconfig CFLAGS=-O2 -pipe exec sh /usr/xenocara/proto/bigreqsproto/configure --prefix=/usr/X11R6 --sysconfdir=/etc --mandir=/usr/X11R6/man --cache-file=/usr/xobj/xorg-config.cache.amd64 configure: creating cache /usr/xobj/xorg-config.cache.amd64 /usr/xenocara/proto/bigreqsproto/configure[1158]: cannot create /usr/xobj/xorg-config.cache.amd64: No such file or directory Just an update: I've made /usr/xobj directory, then run the same command again, with same result. read the README file, under the hopeless case section... that helped me (I am a hopeless case, too, but not hopless ;) Are you kidding? -- With best regards, Gregory Edigarov
bgpd usage
Hi, Just a pure interest: has somebody bgpd in production for, say, 2 or 3 fullview routing? I have 6 routers with bgpd but they are IBGP, and therefore does not do fullview routing. -- With best regards, Gregory Edigarov
Re: pppoe problems
I use amd64 too. Umaxx wrote: oh this is exactly the same behavior as mine... which architecture did you use? i use amd64. On Fre Aug 10 10:40 , Gregory Edigarov sent: Hi! Umaxx wrote: i hope this stupid webmailer does not send this as html mail can you please give more details? is your userland ppp connecting? did you use snapshot or recent current? Yes, with most recent sources from cvs my userland ppp is connecting... But hangs shortly. First I thought it is the problem in the nfe driver, but after switching to rl it hangs too. So, it definitely not a problem with underlaying device. If I ping the other site (no matter which), I could see that it hangs after some 25 - 30 (depending on the situation) pings. is your kernel pppoe connecting or what happens exactly? My kernel mode pppoe even does not connect, though I've tried any option for many times. After looking at sources, it seems like something, in case of userland ppp, is screwed up with locks, possibly in if_tun.c, but I am not sure yet. In case of kernelmode pppoe - I can never use it . It never connect to any of my providers. maybe as cc to the list. regards, joerg *On Don Aug 9 15:18 , Gregory Edigarov sent: * Just want to make a confirmation with two other providers. Also I observe this behavior with both pppoe(4) and pppoe(8). Umaxx wrote: resend, since stupid webmailer killed linebreaks: hi, after upgrading my router to -current the dsl pppoe connection does not work anymore. userland ppp connects fine but freezes after K30 seconds. freeze means the connection is still there no errors shown in logs and ifconfig state is normal but there is no more incoming traffic. the provider and modem hardware is ok since i'm connected now through a netscreen to write this mail. i changed nothing in ppp configuration since years and disabled pf for testing... same problem. as i can see in source changes: not much has changed in userland ppp and nfe code since 4.1. i read in some forums that it would be better to user kernel pppoe... so i tried to use kernel pppoe as workaround, but its does not connect. i used following configuration in /etc/hostname.pppoe0: inet 0.0.0.0 255.255.255.255 0.0.0.1 pppoedev nfe1 \ authproto pap authname authkey up !/sbin/route add default 0.0.0.1 and of course: up in /etc/hostname.nfe1 if i enable debug i see a lot of outgoing packages... and then a timeout after a while. reconnect and again the same... it stays in the sppp phase of establish connection using pap authname I'm located in germany using arcor as provider. anyone else using dsl pppoe (kernel/userland) in current or latest snapshots - maybe in germany with arcor? any hints are really welcome. dmesg follows regards, joerg OpenBSD 4.2 (GENERIC.MP) #0: Wed Aug 8 17:31:49 CEST 2007 [EMAIL PROTECTED] .local [EMAIL PROTECTED] .local','','',''):/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2145972224 (2046MB) avail mem = 2072682496 (1976MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf (78 entries) bios0: vendor Phoenix Technologies, LTD version ASUS M2N32-SLI DELUXE ACPI BIOS Revision 0603 date 06/27/2006 bios0: ASUSTeK Computer INC. M2N32-SLI DELUXE acpi0 at mainbus0: rev 0 acpi0: tables DSDT FACP SSDT MCFG APIC acpitimer at acpi0 not configured acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+, 2411.34 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: apic clock running at 200MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+, 2410.98 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative ioapic0 at mainbus0 apid 2 pa 0xfec0, version 11, 24 pins ioapic0
Re: pppoe problems
James Lepthien wrote: Hi, Am 10.08.2007 um 19:42 schrieb Umaxx: hi, i can show my ppp.conf, because i have the same errors. this config was working since years, i tried to comment lqr lines today... but changed nothing in behavior. default: set log Phase Chat IPCP CCP tun command set redial 15 0 set reconnect 15 1 pppoe: set device !/usr/sbin/pppoe -i nfe1 set server /var/run/pppoe 0177 disable acfcomp protocomp deny acfcomp set mtu max 1454 set mru max 1454 set crtscts off set speed sync enable lqr set lqrperiod 5 set cd 5 set dial set login set timeout 0 set authname ** set authkey ** add! default HISADDR enable dns resolv readonly enable mssfixup Try deleting these two statements: enable lqr set lqrperiod 5 I don't have lqr enabled in my config. So it doesn't help. -- With best regards, Gregory Edigarov
Re: pppoe problems
Hi! Umaxx wrote: i hope this stupid webmailer does not send this as html mail can you please give more details? is your userland ppp connecting? did you use snapshot or recent current? Yes, with most recent sources from cvs my userland ppp is connecting... But hangs shortly. First I thought it is the problem in the nfe driver, but after switching to rl it hangs too. So, it definitely not a problem with underlaying device. If I ping the other site (no matter which), I could see that it hangs after some 25 - 30 (depending on the situation) pings. is your kernel pppoe connecting or what happens exactly? My kernel mode pppoe even does not connect, though I've tried any option for many times. After looking at sources, it seems like something, in case of userland ppp, is screwed up with locks, possibly in if_tun.c, but I am not sure yet. In case of kernelmode pppoe - I can never use it . It never connect to any of my providers. maybe as cc to the list. regards, joerg *On Don Aug 9 15:18 , Gregory Edigarov sent: * Just want to make a confirmation with two other providers. Also I observe this behavior with both pppoe(4) and pppoe(8). Umaxx wrote: resend, since stupid webmailer killed linebreaks: hi, after upgrading my router to -current the dsl pppoe connection does not work anymore. userland ppp connects fine but freezes after K30 seconds. freeze means the connection is still there no errors shown in logs and ifconfig state is normal but there is no more incoming traffic. the provider and modem hardware is ok since i'm connected now through a netscreen to write this mail. i changed nothing in ppp configuration since years and disabled pf for testing... same problem. as i can see in source changes: not much has changed in userland ppp and nfe code since 4.1. i read in some forums that it would be better to user kernel pppoe... so i tried to use kernel pppoe as workaround, but its does not connect. i used following configuration in /etc/hostname.pppoe0: inet 0.0.0.0 255.255.255.255 0.0.0.1 pppoedev nfe1 \ authproto pap authname authkey up !/sbin/route add default 0.0.0.1 and of course: up in /etc/hostname.nfe1 if i enable debug i see a lot of outgoing packages... and then a timeout after a while. reconnect and again the same... it stays in the sppp phase of establish connection using pap authname I'm located in germany using arcor as provider. anyone else using dsl pppoe (kernel/userland) in current or latest snapshots - maybe in germany with arcor? any hints are really welcome. dmesg follows regards, joerg OpenBSD 4.2 (GENERIC.MP) #0: Wed Aug 8 17:31:49 CEST 2007 [EMAIL PROTECTED] javascript:top.opencompose('[EMAIL PROTECTED]','','',''):/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2145972224 (2046MB) avail mem = 2072682496 (1976MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf (78 entries) bios0: vendor Phoenix Technologies, LTD version ASUS M2N32-SLI DELUXE ACPI BIOS Revision 0603 date 06/27/2006 bios0: ASUSTeK Computer INC. M2N32-SLI DELUXE acpi0 at mainbus0: rev 0 acpi0: tables DSDT FACP SSDT MCFG APIC acpitimer at acpi0 not configured acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+, 2411.34 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: apic clock running at 200MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD Athlon(tm) 64 X2 Dual Core Processor 4600+, 2410.98 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative ioapic0 at mainbus0 apid 2 pa 0xfec0, version 11, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 2 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 5 (HUB0) acpicpu at acpi0
Re: pppoe problems
Oops, I am sorry, I cannot show you my ppp.conf. It's at home, and the pc is now turned off. James Lepthien wrote: Hi, Am 10.08.2007 um 09:40 schrieb Gregory Edigarov: Yes, with most recent sources from cvs my userland ppp is connecting... But hangs shortly. First I thought it is the problem in the nfe driver, but after switching to rl it hangs too. So, it definitely not a problem with underlaying device. If I ping the other site (no matter which), I could see that it hangs after some 25 - 30 (depending on the situation) pings. I did not see your ppp.conf but I had a similar problem and my connection dropped every now and then. I had to disable the lqr setting in my ppp.conf. Since then I never had any problems with my connection. Cheers, James -- With best regards, Gregory Edigarov
Re: pppoe problems
addr 0x2e: adt7475 rev 0x69 iic1 at nviic0 iic1: addr 0x18 00=f0 01=00 02=00 03=f0 04=00 05=00 06=00 07=00 08=00 09=10 10=08 11=00 12=00 13=0a 14=00 15=00 16=00 17=34 20=95 21=92 22=00 32=00 NVIDIA MCP55 Memory rev 0xa2 at pci0 dev 9 function 2 not configured ohci0 at pci0 dev 10 function 0 NVIDIA MCP55 USB rev 0xa1: apic 2 int 7 (irq 7), version 1.0, legacy support ehci0 at pci0 dev 10 function 1 NVIDIA MCP55 USB rev 0xa2: apic 2 int 10 (irq 10) usb0 at ehci0: USB revision 2.0 uhub0 at usb0: NVIDIA EHCI root hub, rev 2.00/1.00, addr 1 pciide0 at pci0 dev 12 function 0 NVIDIA MCP55 IDE rev 0xa1: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: HL-DT-ST, DVDRAM GSA-H12N, UL01 SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4 pciide0: channel 1 ignored (disabled) pciide1 at pci0 dev 13 function 0 NVIDIA MCP55 SATA rev 0xa2: DMA pciide1: using apic 2 int 5 (irq 5) for native-PCI interrupt pciide2 at pci0 dev 13 function 1 NVIDIA MCP55 SATA rev 0xa2: DMA pciide2: using apic 2 int 5 (irq 5) for native-PCI interrupt pciide3 at pci0 dev 13 function 2 NVIDIA MCP55 SATA rev 0xa2: DMA pciide3: using apic 2 int 5 (irq 5) for native-PCI interrupt ppb4 at pci0 dev 14 function 0 NVIDIA MCP55 PCI-PCI rev 0xa2 pci5 at ppb4 bus 5 wi0 at pci5 dev 7 function 0 Intersil PRISM2.5 rev 0x01: apic 2 int 10 (irq 10) wi0: PRISM2.5 ISL3874A(Mini-PCI) (0x8013), Firmware 1.0.7 (primary), 1.3.6 (station), address 00:09:5b:2f:6b:8d TI TSB43AB22 FireWire rev 0x00 at pci5 dev 11 function 0 not configured azalia0 at pci0 dev 14 function 1 NVIDIA MCP55 HD Audio rev 0xa2: apic 2 int 11 (irq 11) azalia0: host: High Definition Audio rev. 1.0 azalia0: codec: Analog Devices/0x198b (rev. 2.0), HDA version 1.0 audio0 at azalia0 nfe0 at pci0 dev 16 function 0 NVIDIA MCP55 LAN rev 0xa2: apic 2 int 5 (irq 5), address 00:18:f3:49:aa:86 eephy0 at nfe0 phy 1: Marvell 88E1116 Gigabit PHY, rev. 1 nfe1 at pci0 dev 17 function 0 NVIDIA MCP55 LAN rev 0xa2: apic 2 int 10 (irq 10), address 00:18:f3:49:ad:96 eephy1 at nfe1 phy 1: Marvell 88E1116 Gigabit PHY, rev. 1 ppb5 at pci0 dev 18 function 0 NVIDIA MCP55 PCIE rev 0xa2 pci6 at ppb5 bus 6 ppb6 at pci0 dev 20 function 0 NVIDIA MCP55 PCIE rev 0xa2 pci7 at ppb6 bus 7 ppb7 at pci0 dev 22 function 0 NVIDIA MCP55 PCIE rev 0xa2 pci8 at ppb7 bus 8 sili0 at pci8 dev 0 function 0 CMD Technology SiI3132 SATA rev 0x01: apic 2 int 11 (irq 11) scsibus2 at sili0: 2 targets ppb8 at pci0 dev 23 function 0 NVIDIA MCP55 PCIE rev 0xa2 pci9 at ppb8 bus 9 vga1 at pci9 dev 0 function 0 NVIDIA GeForce 7600 GT rev 0xa1 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pchb0 at pci0 dev 24 function 0 AMD AMD64 HyperTransport rev 0x00 pchb1 at pci0 dev 24 function 1 AMD AMD64 Address Map rev 0x00 pchb2 at pci0 dev 24 function 2 AMD AMD64 DRAM Cfg rev 0x00 pchb3 at pci0 dev 24 function 3 AMD AMD64 Misc Cfg rev 0x00 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 intr_establish: pic ioapic0 pin 7: can't share type 3 with 2 it0 at isa0 port 0x290/8: IT87 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 usb1 at ohci0: USB revision 1.0 uhub1 at usb1: NVIDIA OHCI root hub, rev 1.00/1.00, addr 1 ugen0 at uhub0 port 9 ugen0: Realtek RTL8187, rev 2.00/1.00, addr 2 uts0 at uhub1 port 7 configuration 1 interface 0 uts0: eGalax Touch Panel, rev 1.10/1.00, addr 2 wsmouse0 at uts0 mux 0 ugen1 at uhub1 port 8 ugen1: MConsult IRTrans USB, rev 1.10/4.00, addr 3 dkcsum: sd0 matches BIOS drive 0x80 root on sd0a swap on sd0b dump on sd0b _ versendet mit www.Oleco.de Mail - Anmeldung und Nutzung kostenlos! Oleco www.netlcr.de jetzt auch mit SPAMSCHUTZ. -- With best regards, Gregory Edigarov
Re: Announcing: The OpenBSD Foundation
BEST OF THE LUCK, GUYS!!! DON'T LET THE MONEY TO SPOIL EVERYTHING!!! HOPE ON YOU! Bob Beck wrote: The OpenBSD Foundation is pleased to announce today it has completed its organization as a Canadian federal non-profit corporation and is ready for public interaction. The OpenBSD Foundation has been formed for the purpose of supporting the OpenBSD project, and related projects such as OpenSSH, OpenBGPD, OpenNTPD, and OpenCVS. In particular it will act as a single point of contact for persons and organizations requiring a legal entity to deal with when they wish to support OpenBSD in any way. The OpenBSD Foundation will initially concentrate on facilitating larger donations of equipment, funds, documentation and resources. Small scale donations should continue to be submitted through the existing mechanisms. The OpenBSD Foundation corporate charter, bylaws, and goals can be found at http://www.openbsdfoundation.org. The foundation directors may be contacted via email at [EMAIL PROTECTED] -- With best regards, Gregory Edigarov
ICQ client for X?
Everybody, Tried licq, have been using it happily with FreeBSD, but failed to compile it on OpenBSD. Can someone recommend me a graphical ICQ client for use with OpenBSD? Thank you. -- With best regards, Gregory Edigarov
looking for a good guide on driver writing
Hello, I am looking for a guide about driver writing for OpenBSD. I've found some info on NetBSD, so the question is: is the driver structure in NetBSD any different compared to OpenBSD? -- With best regards, Gregory Edigarov
l2tp solution wanted
Hello list, I am trying to build a drop-in replacement for one of my linux vpn servers(it is dying). I've decided now it will be OpenBSD. Having found nearly all the necessary components compilable under openbsd, the only stop is the lack of L2TP support, which I have to use, as I have many customers here and cannot afford making them to change. Please advise, thanks a lot in advance. -- With best regards, Gregory Edigarov
Re: l2tp solution wanted
Jeroen Massar wrote: Gregory Edigarov wrote: Hello list, I am trying to build a drop-in replacement for one of my linux vpn servers(it is dying). I've decided now it will be OpenBSD. Having found nearly all the necessary components compilable under openbsd, the only stop is the lack of L2TP support, which I have to use, as I have many customers here and cannot afford making them to change. Google(lt2p openbsd): Points to the archives: http://archives.neohapsis.com/archives/openbsd/2007-01/1483.html Which in turn learns you: http://sourceforge.net/projects/l2tpd http://sourceforge.net/projects/rp-l2tp which are also in the google results... Google is your boyfriend ;) yes, I know about these projects, they are used with Linux, in fact (l2tpd). and I've got l2tpd to compile on openbsd. The problem is, I need a confirmation they will work correctly, because I will have only one try. -- With best regards, Gregory Edigarov
Re: DNS, bind9, and other
JOHN LUCKEY wrote: Anyone have or know of a good beginner's tutorial on how to setup/configure a openBSD box to do DNS on a local network? The more concrete/cookbook the examples, the better. It isn't different from any UNIX system with BIND. So just google for the words dns howto, links to tldp.org site should satisfy you. -- With best regards, Gregory Edigarov
in-kernel pppoe troubles
Hello, Using 4.0-RELEASE GENERIC kernel, and nve0 as my NIC just tried to configure kernel level pppoe to connect to my ISP and got troubled because it doesn't work completely. My ifconfig line mostly follows what I found in ifconfig(8) and pppoe(4) manual pages, except for I use chap authorization. Userlevel ppp(8) works just perfectly... But for some reason I don't want to use it. What could be wrong with in-kernel implementation? Any clarifying questions (and answers, of course :-) from developers are welcome. -- With best regards, Gregory Edigarov
Re: in-kernel pppoe troubles
Andrey Shuvikov wrote: On 2/5/07, Gregory Edigarov [EMAIL PROTECTED] wrote: because it doesn't work completely. What does it mean? Any error messages? Also the content of hostname.pppoe0 and hostname.nve0 could be useful. Bu the way, does GENERIC have nve0 device? nve0 == nfe0. sorry about this discrepancy... but after all, it still doesn't work... ok, so here we are: hostname.nfe0 : up there is no hostname.pppoe0 yet, I made ifconfig by hand: ifconfig pppoe0 inet 0.0.0.0 255.255.255.255 0.0.0.1 pppoedev nfe0 authproto chap authname MYNAME authkey MYPASSWORD up after this - i have an interface pppoe0 but no connection, address on this interface stays 0.0.0.0 - 0.0.0.1. Sorry, I do not have an access to this pc now, so I cannot show you the exact output. -- With best regards, Gregory Edigarov
Re: spamd - SPEWS status
Jacob Yocom-Piatt wrote: the only blacklist i use is one i generate for a chunk of the OptInBig.com TLDs. besides that, greylisting does a great job. Yeah, greylisting is good, but this is for only short while, I am afraid. My measurements telling me that spamers are adapting quicker then somebody expected. It seems like their soft started analyzing the return codes, and so they are resending their mail after a short while. So I think blacklisting is still in rule. -- With best regards, Gregory Edigarov
Re: http load balancing with pf (apache access log)
Marian Hettwer wrote: Hi OpenBSD'lers, I'm about to use OpenBSD's pf(4) for load balancing some webservers. So far, everything is looking just perfect. Compared to pound, pf(4) is incredibly fast with few CPU and memory usage. So I'd say: Thats great :) However, one thing is bothering me. Obviously, my apache access logs on those load balanced machines can only show the IP address of my load balancer, not the real remote ip of the request. This is, to my knowledge, due to the fact that pf(4) is working on the TCP layer and is doing NAT. Is there any possible way to get the real ip addresses in my apache access log? I do need them for several reasons. - I'd like to see who's actually accessing the website - If there's some botnet attack, usually I'm using pf(4) to block the offending IP's for a specific time period. This can't be done if all I can see is the load balancers IP address. That's by any means not good and I'm thinking wether this could be a no-go for using pf as a load balancer :-( - web statistics: do look pretty bad too... Uh, see, there's only one user on our website *argh* Okay... anybody with any usable suggestions? There's the X-Forwarded-to Information in a http header, which can be set via some software load balancers. However, those are operating on the application layer, which pf isn't... too bad. Uhmm... Why don't use carp(4). I think it will suit you well. -- With best regards, Gregory Edigarov
Re: A PHP management interface for OpenBSD ?
chefren wrote: On 1/25/07 1:34 AM, Passeur wrote: We are in the process of developing a PHP framework with a web frontend to manage the OpenBSD settings through a web browser. It should be handy, I presume =all= configs, logins, groups, passwords and for example the settings for Apache and PHP itself included? Well, as a matter of fact, create a system that could be used by any fool and it will be used by fools only :-) I don't want OpenBSD such a future .. -- With best regards, Gregory Edigarov
MD5 sum of /bsd on freshly installed system/?
Hello, It would be greatly appreciated if somebody can make an md5 checksum of the generic kernel. Need to check that as my OpenBSD 4.0 install hangs while booting at the very early stage. I was trying to install my openbsd on a reletively old pc, all went just fine. I.e. I've boot from cd, made partitions, etc... Then on the first boot from HDD it hanged after it recognized the second USB controller. I suspect something is wrong with memory/HDD but I can't investigate it right now. Could it be a kernel bug also? -- With best regards, Gregory Edigarov
Need: dmesg from Intel D850GB Motherboard
Hi List, I know it is very old motherboard, but... May be somebody has it under OpenBSD. dmesg from 4.0 GENERIC /bsd would be highly appreciated. Thanks a lot. -- With best regards, Gregory Edigarov
route
Hello, Just wondering, if there is a way to set a route priority manually? Is there plans to implement it? It would be a great feature, after all. Thank you. -- With best regards, Gregory Edigarov
Re: difference between macros and tables in pf
Artyom Goryainov wrote: And when I write for example local_net=192.168.0.0/16 will it be expanded in rules to individual addresses, or it will be processed another way? well, if you ask such questions then i would seriously recommend to read something about how the tcp/ip stack works.
Re: Why Sendmail?
I think it is because of cron jobs, that use to send mails to root . Conrad Winchester wrote: I do have one question though and I apologize if people always ask this: At the end of the install I asked whether I want to run sshd and ntpd by default - very nice BUT why am I not given the option to turn off Sendmail at this point? I NEVER use sendmail and for an OS that prides itself on being as minimal as possible I would have thought giving you the option to not run sendmail would also be there right from the start.