Re: ssh and skey
On Thu, May 17, 2007 at 02:14:55PM -0500, Eric Johnson wrote: Obviously, a fake skey challenge would need to be saved so that if the attacker tried again, he would see the same challenge. Instead of saving the challenge, just regenerate it each time. E.g., hash a 128-bit secret with the username, and then format this as an skey challenge.
Re: ssh and skey
On Thu, May 17, 2007 at 02:47:37PM -0500, Matthew R. Dempsky wrote: Instead of saving the challenge, just regenerate it each time. E.g., hash a 128-bit secret with the username, and then format this as an skey challenge. Oops, nevermind, libskey already does this in skey_fakeprompt.
Re: Performance: OpenVPN vs IPsec
On Wed, May 09, 2007 at 02:51:35PM +0200, Michael wrote: Now, as I understand it, it isn't possible to create an IPsec connection from a single host within a NATed network to an external server but OpenVPN works great here. Please correct me if I am wrong. (I have no access to the NAT router here.) If the router allows UDP traffic on ports 500 and 4500, isakmpd will fall back to NAT-traversal automatically if it decides it's necessary.
Preventing man-in-the-middle attack on authpf?
Suppose I setup a wireless network and use authpf to restrict access to some resource (e.g., Internet access) to registered users. It seems there's a fairly simple man-in-the-middle attack: An attacker sets up a system with two wireless NICs: one associated to my network and another configured as an access point pretending to be an access point for my network. He runs a DHCP server on the AP interface and NATs traffic to my network. (I can imagine a sufficiently clever bridge setup that would be even harder to detect, but I don't know for certain if it could work.) A legitimate user (e.g., a university student) sits down somewhere in range of the fake AP but outside of range of any legit APs (in a part of campus not yet with wifi access, or where the signal is low, or where the attacker has unplugged the APs), and connects his laptop to my network via the attacker's fake network. The user ssh's to authpf.mydomain.com, but his connection is NAT'd via the attacker's system, and so my gateway now assumes all traffic from the attacker's IP belongs to the duped user. Is there anything I'm forgetting that makes this attack infeasible? If not, is there anything that can be done to prevent it?
Tracking down bugs uncovered by enabling ``Pointer Protection''
I've found a lot of documents cause xpdf to crash when using MALLOC_OPTIONS=P, and now I've found a way to crash firefox as well. Does anyone have advice on tracking down and fixing these bugs?
Re: radeon driver in -current Xorg 7.2?
On Tue, Apr 24, 2007 at 10:25:27AM -0400, Dan Farrell wrote: So the word is that -generic- won't support 3d because it doesn't have DRM, but you could always have an OpenBSD kernel with DRM compiled in? The ``it'' that doesn't have support for DRM isn't just the GENERIC configuration---it's the OpenBSD kernel sources. There's as much source code supporting DRM in the kernel as there is supporting Reiser4 or ZFS. Getting past that, yeah, you could have an OpenBSD kernel with DRM compiled in. ;-)
Re: radeon driver in -current Xorg 7.2?
On Tue, Apr 24, 2007 at 03:23:59AM +1000, Sunnz wrote: So I am wondering if anyone knows what radeon cards are supported by this radeon driver in Xorg 7.2 and what's the state of its 3D capability on OpenBSD using 100% free code? OpenBSD doesn't have DRI, so there's no 3D acceleration with any graphics card. Everything is done using software rendering.
Re: radeon driver in -current Xorg 7.2?
On Tue, Apr 24, 2007 at 04:47:20AM +1000, Sunnz wrote: Ohhh I see now that's why it says 2d only. Thanks. Those man pages are from X.org. X.org supports 3d acceleration on some (older) graphics cards but only 2d on some (newer) others. OpenBSD does not support 3d acceleration on any cards.
Re: 4.1 packages on the ftp sites
On Tue, Apr 24, 2007 at 12:37:52AM +0200, frantisek holop wrote: i can't think of any serious reason, could you help out a bit? 4.1 isn't released yet.
Re: xenocara in /usr/src can cause problems ?
On Mon, Apr 16, 2007 at 01:51:19PM -0600, Shane Harbour wrote: Something went wrong when you pulled the tree down. Last I checked xenocara should be under /usr like XF4 is and not under your src directory. /usr/src should only contain the kernel and userland for the base system. Someone correct me if I'm wrong. release(8) says ``Xenocara sources are supposed to be in XSRCDIR which defaults to /usr/src/xenocara.''
Re: scp problem with remote filename escaping
On Thu, Apr 12, 2007 at 10:44:52AM -0400, Dan Farrell wrote: Wait, so every time documentation is inaccurate or incomplete or simply not to your liking, you're going to call it a bug ``incorrect documentation is a bug'' --http://www.openbsd.org/papers/opencon06-culture.pdf (of the application no less!)? He never said it was the application's fault, just that `file1', `file2', ... are shell expanded by the remote host, but the documentation does not point this out. How about something like below? (I don't love the wording, but hopefully it's a start.) Index: scp.1 === RCS file: /cvs/src/usr.bin/ssh/scp.1,v retrieving revision 1.40 diff -u -r1.40 scp.1 --- scp.1 18 Jul 2006 07:56:28 - 1.40 +++ scp.1 12 Apr 2007 15:47:32 - @@ -58,6 +58,8 @@ .Pp Any file name may contain a host and user specification to indicate that the file is to be copied to/from that host. +The file name component of such an argument is also passed +to the specified host's login shell for expansion and splitting. Copies between two remote hosts are permitted. .Pp The options are as follows:
Re: GRAPE cluster supercomputer + OpenBSD
On Thu, Apr 12, 2007 at 08:12:20PM +0200, Vim Visual wrote: According to them, there aren't any drivers for the Raid Controller... Is that true? OpenBSD has drivers for RAID controllers, but you'll need to provide more details to answer the question of whether OpenBSD has drivers for your RAID controllers. Alternatively, just try booting the OpenBSD CD image and see what it detects.
Re: rdate(8) manpage clarification
On Thu, Apr 12, 2007 at 10:34:25PM +0200, Maurice Janssen wrote: The manpage for rdate(8) uses the -c option in the examples at the bottom (leap second correction), but the given host (ptbtime1.ptb.de) doesn't need this. SNTP gives time in UTC, but some sysadmins would prefer to synchronize their system time to TAI rather than UTC (e.g., so time values returned by gettimeofday(2) progresses normally during leap seconds). The -c argument for rdate is intended for their use. Basic rule of thumb is use -c if and only if you're using a timezone file under /usr/share/zoneinfo/right/ (i.e., one that includes leap second info). Otherwise your clock will most likely be off by 23 seconds.
Re: GPL is [blah blah blah ...]
On Wed, Apr 11, 2007 at 04:18:41PM +0100, Jeroen Massar wrote: Good that I PGP sign my messages [...] And the mailing list strips your signatures: [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: scp problem with remote filename escaping
On Wed, Apr 11, 2007 at 10:02:50PM +0100, Stuart Henderson wrote: On 2007/04/11 13:41, Bryan Irvine wrote: scp [EMAIL PROTECTED]:a\ b . you have to escape to *both* your local shell, and the remote shell This has always seemed silly to me. Does anyone intentionally use $ scp host:a b . instead of $ scp host:{a,b} . or $ scp host:a host:b . or is just that having whatever does the globbing on the host not split at white space too difficult?
Re: scp problem with remote filename escaping
On Wed, Apr 11, 2007 at 04:33:32PM -0400, Nick ! wrote: Karel, single quotes cause backslashes to be backslashes, instead of escape chars (*except* if it's a backslash in front of a single quote, so that you can escape single quotes to include them). No, backslashes have no special meaning inside single quotes. $ echo '\' \
Re: bcw(4) is gone
On Fri, Apr 06, 2007 at 11:50:15AM -0400, Marcus Watts wrote: It's a shame the gnu folks didn't release their reversed engineered specifications separately. They did: http://bcm-specs.sipsolutions.net and http://bcm-v4.sipsolutions.net.
Re: hw.sensor empty
On Fri, Mar 30, 2007 at 10:34:44AM +0200, giovanni wrote: on my box, 4.1-current, sysctl -a hw.sensor is empty Assuming you actually typed ``sysctl -a hw.sensors'' at the command-line, I would suspect you compiled and are running a new kernel, but did not recompile sysctl against the new sys/sensors.h interface.
Re: code analysis tools
On Tue, Mar 27, 2007 at 05:10:48AM +, [EMAIL PROTECTED] wrote: Has anyone played with OpenGrok yet? http://opengrok.creo.hu/openbsd/
Re: Saving memory on small machines
On Fri, Mar 23, 2007 at 10:27:45AM -0700, J.C. Roberts wrote: No. You've just destroyed your libraries in a way that's worse than just deleting them since now you will need to wade through strange error messages which are trying to tell you why your stripped libraries no longer work. Stripping symbols from a .a archive does render it useless, but I suspect otherwise you're thinking about .so libraries. Archives are only used at link-time. ld.so(1) deals with shared objects files (i.e., .so files).
Re: strange output on openbsd C code
On Mon, Mar 19, 2007 at 08:02:10PM -0400, Nick ! wrote: Wait, how is * defined on two voids? That shouldn't even compile (unless it's autocasting to int?). ``unsigned'' is short for ``unsigned int''. The ``(void *)'' cast is a red herring.
Re: strange output on openbsd C code
On Tue, Mar 20, 2007 at 01:35:28AM +0100, Frank Denis wrote: Le Mon, Mar 19, 2007 at 07:12:24PM -0300, Gustavo Rios ecrivait : I am writing a very simple program but the output change for the c variable value change every time i run it. int main(int argc, char **argv) { unsigned long long x, c; unsigned*p; p = (void *)x; fprintf(stdout, 0,1:%u,%u\n, p[0], p[1]); p is the address of x. That address is not supposed to be anything fixed. He never prints p.
Re: strange output on openbsd C code
On Mon, Mar 19, 2007 at 09:55:04PM -0400, Paul D. Ouderkirk wrote: And because I love to reply to myself, if I compile it with -O3, I can reproduce your results: -O3 enables -fstrict-aliasing, which this program violates. The man page explains in more detail.
Re: Daylight Saving Time (DST)
On Wed, Mar 07, 2007 at 11:48:05AM -0500, Jason Beaudoin wrote: The timezone data is simply a set of dates and times to tell the system when to switch to/from DST. So without the patch, the system will not make any changes. Ntpd won't change this, as the DST change occurs on the next level. (i.e. ntp sets the system time, the system will then change that time based on the DST settings) please correct me if I am wrong.. The kernel and ntpd only deal with UTC time. The zoneinfo files deal with conversion from UTC to local time (including DST).
Re: X package sets not listed in MD5
On Fri, Mar 02, 2007 at 02:55:25PM +, Stuart Henderson wrote: MD5 is built as part of the main OS release (/usr/src/etc/Makefile); X is built separately. What about a patch like this? (Just a proof of concept; completely untested.) Index: Makefile === RCS file: /cvs/XF4/Makefile,v retrieving revision 1.54 diff -u -r1.54 Makefile --- Makefile12 Aug 2006 16:48:52 - 1.54 +++ Makefile2 Mar 2007 18:57:42 - @@ -149,6 +149,11 @@ cd distrib/sets \ env MACHINE=${MACHINE} ksh ./maketars ${OSrev} ${OSREV} \ (env MACHINE=${MACHINE} ksh ./checkflist ${OSREV} || true) + -cd ${RELEASEDIR}; md5 x*.tgz MD5.XF4 + -cd ${RELEASEDIR}; cksum x*.tgz CKSUM.XF4 + -cd ${RELEASEDIR} sort -o MD5.XF4 MD5.XF4 + -cd ${RELEASEDIR} sort -o CKSUM.XF4 -k 3 CKSUM.XF4 + install: install-xc install-xc-old install-extra install-distrib .ifndef NOFONTS
Re: X package sets not listed in MD5
On Fri, Mar 02, 2007 at 01:01:22PM -0600, Matthew R. Dempsky wrote: What about a patch like this? (Just a proof of concept; completely untested.) Sorry, copy/paste mangled the tabs in that. It also occured to me the sort invocations are probably unnecessary. Index: Makefile === RCS file: /cvs/XF4/Makefile,v retrieving revision 1.54 diff -u -r1.54 Makefile --- Makefile12 Aug 2006 16:48:52 - 1.54 +++ Makefile2 Mar 2007 19:47:18 - @@ -149,6 +149,8 @@ cd distrib/sets \ env MACHINE=${MACHINE} ksh ./maketars ${OSrev} ${OSREV} \ (env MACHINE=${MACHINE} ksh ./checkflist ${OSREV} || true) + -cd ${RELEASEDIR} md5 x*.tgz MD5.XF4 + -cd ${RELEASEDIR} cksum x*.tgz CKSUM.XF4 install: install-xc install-xc-old install-extra install-distrib .ifndef NOFONTS
Re: OT? Is this bad news?
On Wed, Feb 14, 2007 at 12:51:36PM +0100, Han Boetes wrote: Most GPL fans don't want this deal at all. Real GPL fans appear to be an increasingly diminishing subset of Linux users today though. They're being supplanted by users who want snazzy 3D desktops and simply embrace ``Free Software'' because it's free of cost.
Re: linux emulation without redhat_base
On Tue, Feb 13, 2007 at 11:21:19AM +0100, Karel Kulhavy wrote: [EMAIL PROTECTED]:~$ ./ekiga ./ekiga: error while loading shared libraries: libstdc++.so.6: cannot handle TLS data TLS in this context probably refers to Thread Local Storage. I don't think it's C++ specific though.
Re: dmesg and fdisk do not match about usb external disk
On Tue, Feb 13, 2007 at 08:18:50AM -0500, Kenneth R Westerback wrote: So OpenBSD uses 64*32, divides the number of sectors (which all devices do provide) by this value to give a cylinder count, and truncates the fractional cylinder. So up to 64*31 = 1984 sectors will be 'wasted'. Windows uses 255 * 63, so up to 255 * 62 = 15,810 sectors could be 'wasted'. Shouldn't the potential waste be 64*32-1 = 2047 and 255*63-1 = 16064, respectively?
Re: Aironet MPI-350 Wireless
On Mon, Jan 29, 2007 at 01:30:01PM -0600, Travers Buda wrote: Well I think both are equally dangerous (binary firmware and binary drivers.) They're basically the same thing. My understanding has always been that a bad binary driver can corrupt main memory, but a bad binary firmware is limited to making the device useless. Is this not the case?
Re: Aironet MPI-350 Wireless
On Mon, Jan 29, 2007 at 03:52:03PM -0600, Travers Buda wrote: Well there is that proof-of-concept that debuted at BlackHat where those researchers compromised the OS of a macintosh. I was under the impression that they compromised it via the firmware, but it is equally possible it was achieved via the driver. This article seems to suggest it was a driver issue: http://blog.washingtonpost.com/securityfix/2006/08/the_macbook_wireless_exploit_i.html At the very least you could do some nefarious things to the firmware to say, retransmit hardware wep'ed traffic without wep. Which doesn't significantly change the security vs. having WEP enabled.
Re: atactl smartstatus to email other than cron user
On Wed, Jan 24, 2007 at 03:08:50PM +0059, Han Boetes wrote: Joachim Schipper wrote: You'd need to use 0 * * * * /sbin/atactl /dev/wd0c smartstatus 21 /dev/null | \ mail -s wd0 ERRORS on serverXYZ [EMAIL PROTECTED] You just sent _all_ output to /dev/null No he didn't.
Re: Why setresuid() and not setuid() is used?
On Mon, Jan 22, 2007 at 12:19:16PM +0100, Alexander Farber wrote: I'm writing a small network daemon program and want it to drop priviliges after it opens a listening port. You might also be interested in looking at the ucspi-tcp and ipsvd packages. They both include programs to listen on a port and change UID before accepting any connections. ucspi-tcp's homepage: http://cr.yp.to/ucspi-tcp.html ipsvd's homepage: http://smarden.org/ipsvd/ (ipsvd is also packaged by OpenBSD.)
Re: Should fopen() succeed on a directory?
On Fri, Jan 19, 2007 at 11:07:14AM -0500, Adam wrote: If you can't fread() from a stream that is associated with a directory, then why associate the stream with a directory in the first place? Does the C (or any) standard say it should fail? fopen(3) works on directories under Linux and Solaris, so OpenBSD certainly isn't unique in this regard.
Re: spamd started missing some fakes?
On Thu, Jan 18, 2007 at 07:41:07AM -0500, Seth Hanford wrote: 1) Does it make sense to have spamd discard malformed sender / recipient addresses? In this case, there is no envelope sender address at all, which I seem to recall violates an RFC Null return paths are used for delivery failure notifications. Check section 6.1 of RFC 2821.
Re: php mail() function fails
On Fri, Jan 12, 2007 at 11:53:34AM -0800, Bryan Irvine wrote: isn't that the recomended method in C too? I have no authority in this but my ancient C CGI book does it that way too IIRC. Maybe for when you're using a fixed string, but when you want to pass user input as an argument to a command, using exec*() prevents problems from users including shell escape characters that can cause problems with popen().
Patch to handle empty sed expressions
Some packages (e.g., binutils 2.17) want to issue sed commands like s,^.*/,,;s,^,avr-,;;s/$// but OpenBSD's sed doesn't handle empty expressions as in this. The patch below adds support for this. (It also eliminates a useless null pointer check: p is checked for nullity when it is set a few lines above the hunk, and p is also dereferenced later without null checks.) Index: src/usr.bin/sed/compile.c === RCS file: /cvs/src/usr.bin/sed/compile.c,v retrieving revision 1.22 diff -p -u -r1.22 compile.c --- src/usr.bin/sed/compile.c 9 Oct 2006 00:23:56 - 1.22 +++ src/usr.bin/sed/compile.c 2 Jan 2007 04:28:29 - @@ -161,8 +161,12 @@ compile_stream(struct s_command **link) } semicolon: EATSPACE(); - if (p (*p == '#' || *p == '\0')) + if (*p == '#' || *p == '\0') continue; + if (*p == ';') { + p++; + goto semicolon; + } *link = cmd = xmalloc(sizeof(struct s_command)); link = cmd-next; cmd-nonsel = cmd-inrange = 0;
Re: Thinkpad X40 running OpenBSD has trouble recognizing SD cards
On Thu, Dec 28, 2006 at 09:42:45AM +0100, Claudio Jeker wrote: Btw. I'm rebooting with the SD card inserted perhaps that does the trick. Hm, I think I'm having the same experience then. If I reboot(1) and have a (512MB) SD card inserted, I get the ``sdmmc0: can't enable card'' message at boot time, but upon reinserting it, OpenBSD recognizes it. If I don't have an SD card inserted, I have to poweroff(1) and power back on to get OpenBSD to recognize the SD card reader again.
Re: Thinkpad X40 running OpenBSD has trouble recognizing SD cards
On Wed, Dec 27, 2006 at 11:12:00AM +0100, Claudio Jeker wrote: I have the same issue on my X40. After I used the SD slot I need to reboot to make it work again. Hard reboot, not soft reboot, right? I have the feeling this is a BIOS issue as other X40 users (like uwe@) do not seem to have this issue. I just upgraded my BIOS and Embedded Controller software to the latest available on IBM's website, and still no luck. Right after upgrading, I was able to insert an SD card twice and have it recognized both times, but after rebooting I'm back to just one shot per hard reboot. Upgrading my X40 BIOS seems to be impossible without some Virus Runtime Environment from Redmond. I extracted the floppy disk images as per Stuart's instructions, and then used pxelinux + memdisk to netboot the updater programs. Regards.
Thinkpad X40 running OpenBSD has trouble recognizing SD cards
The other night I was playing with the SD card reader in my Thinkpad X40 (dmesg below), and I noticed it began misbehaving. The problem seemed to arise after issuing ``eject sd0'' (but I suspect that was purely coincidental). Just now I've updated to the latest 4.0-current snapshot, and here's what I can reliably reproduce: If I insert my 512MB or 2GB SD card, I get a message such as (for the 512MB card): scsibus0 at sdmmc0: 2 targets sd0 at scsibus0 targ 1 lun 0: SD/MMC, Drive #01, SCSI2 0/direct fixed sd0: 488MB, 488 cyl, 64 head, 32 sec, 512 bytes/sec, 1000448 sec total When I remove the card, I get sd0 detached scsibus0 detached However, trying to insert it again shows nothing in dmesg. Rebooting doesn't help either. I have to power down and then power back up before I get another shot at using the SD reader. Also, if I insert a 4GB card before inserting a 512MB or 2GB card, I see sdmmc0: can't enable card (After inserting and removing the 512MB/2GB cards, the 4GB card is ignored the same as the others.) Any idea what's wrong? Thanks. OpenBSD 4.0-current (GENERIC) #1321: Tue Dec 26 15:22:12 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) M processor 1.10GHz (GenuineIntel 686-class) 1.10 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,EST,TM2 real mem = 258437120 (252380K) avail mem = 227876864 (222536K) using 3185 buffers containing 13045760 bytes (12740K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(f2) BIOS, date 06/15/05, BIOS32 rev. 0 @ 0xfd740, SMBIOS rev. 2.33 @ 0xe0010 (56 entries) bios0: IBM 2371BMU apm0 at bios0: Power Management spec V1.2 apm0: battery life expectancy 100% apm0: AC on, battery charge high apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd6d0/0x930 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdeb0/256 (14 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #3 is the last bus bios0: ROM list: 0xc/0xc800! 0xcc800/0x1000 0xcd800/0x1000 0xdc000/0x4000! 0xe/0x1 acpi at mainbus0 not configured cpu0 at mainbus0 cpu0: Enhanced SpeedStep 1100 MHz (940 mV): speeds: 1100, 1000, 900, 800, 600 MHz pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82852GM Hub-PCI rev 0x02 Intel 82852GM Memory rev 0x02 at pci0 dev 0 function 1 not configured Intel 82852GM Configuration rev 0x02 at pci0 dev 0 function 3 not configured vga1 at pci0 dev 2 function 0 Intel 82852GM AGP rev 0x02: aperture at 0xe000, size 0x800 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Intel 82852GM AGP rev 0x02 at pci0 dev 2 function 1 not configured uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x01: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x01: irq 11 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x01: irq 11 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x01: irq 11 usb3 at ehci0: USB revision 2.0 uhub3 at usb3 uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub3: 6 ports with 6 removable, self powered ppb0 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0x81 pci1 at ppb0 bus 2 cbb0 at pci1 dev 0 function 0 Ricoh 5C476 CardBus rev 0x8d: irq 11 sdhc0 at pci1 dev 0 function 1 Ricoh 5C822 SD/MMC rev 0x13: irq 11 sdmmc0 at sdhc0 em0 at pci1 dev 1 function 0 Intel PRO/1000MT Mobile (82541GI) rev 0x00: irq 11, address 00:0a:e4:37:61:6a ral0 at pci1 dev 2 function 0 Ralink RT2560 rev 0x01: irq 11, address 00:13:d3:76:35:c6 ral0: MAC/BBP RT2560 (rev 0x04), RF RT2525 cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 3 device 0 cacheline 0x0, lattimer 0xb0 pcmcia0 at cardslot0 ichpcib0 at pci0 dev 31 function 0 Intel 82801DBM LPC rev 0x01 pciide0 at pci0 dev 31 function 1 Intel 82801DBM IDE rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: HTC426030G7AT00 wd0: 16-sector PIO, LBA, 28615MB, 58605120 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 pciide0: channel 1 disabled (no drives) ichiic0 at pci0 dev 31 function 3 Intel 82801DB SMBus rev 0x01: irq 11 iic0 at ichiic0 auich0 at pci0 dev 31 function 5 Intel 82801DB AC97 rev 0x01: irq 11, ICH4 AC97 ac97: codec id 0x41445374 (Analog Devices AD1981B) ac97: codec features headphone, 20 bit DAC, No 3D Stereo audio0 at auich0 Intel 82801DB Modem rev 0x01
Weird values in sensors values from it(4)
When I run ``sysctl hw.sensors'' on one of my machines, I get the following output: $ sysctl hw.sensors hw.sensors.0=it0, Fan1, 5113 RPM hw.sensors.3=it0, VCORE_A, 1.25 V DC hw.sensors.4=it0, VCORE_B, 2.56 V DC hw.sensors.5=it0, +3.3V, 2.38 V DC hw.sensors.6=it0, +5V, 3.52 V DC hw.sensors.7=it0, +12V, 10.69 V DC hw.sensors.8=it0, Unused, -2.75 V DC hw.sensors.9=it0, -12V, -11.40 V DC hw.sensors.10=it0, +5VSB, 4.87 V DC hw.sensors.11=it0, VBAT, 4.08 V DC hw.sensors.12=it0, Temp 1, 33.00 degC hw.sensors.13=it0, Temp 2, 35.00 degC hw.sensors.14=it0, Temp 3, 36.00 degC It would look like those values are *way* out of range, but the machine's been otherwise running without problems. Is the power supply really that crappy, or is it(4) not reporting correct values? dmesg on this machine is: OpenBSD 4.0 (GENERIC) #1107: Sat Sep 16 19:15:58 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: AMD Geode NX (AuthenticAMD 686-class, 256KB L2 cache) 1.40 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 637038592 (622108K) avail mem = 572289024 (558876K) using 4256 buffers containing 31952896 bytes (31204K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(1f) BIOS, date 10/18/05, BIOS32 rev. 0 @ 0xfb490, SMBIOS rev. 2.2 @ 0xf (33 entries) apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 70102 dobusy 1 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xf/0xdef4 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfde60/144 (7 entries) pcibios0: PCI Exclusive IRQs: 3 5 9 10 11 pcibios0: PCI Interrupt Router at 000:02:0 (SiS 85C503 System rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x8000 0xc8000/0x8000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 SiS 741 PCI rev 0x03 ppb0 at pci0 dev 1 function 0 SiS 648FX AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 SiS 6330 VGA rev 0x00: aperture at 0xd800, size 0x40 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) pcib0 at pci0 dev 2 function 0 SiS 964 ISA rev 0x36 pciide0 at pci0 dev 2 function 5 SiS 5513 EIDE rev 0x01: 741: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: ST340015A wd0: 16-sector PIO, LBA, 38166MB, 78165360 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 1 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: ATAPI-CD, ROM-DRIVE-52MAX, 52PP SCSI0 5/cdrom removable cd0(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 2 auich0 at pci0 dev 2 function 7 SiS 7012 AC97 rev 0xa0: irq 5, SiS7012 AC97 ac97: codec id 0x414c4760 (Avance Logic ALC655 rev 0) audio0 at auich0 ohci0 at pci0 dev 3 function 0 SiS 5597/5598 USB rev 0x0f: irq 10, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 uhub0: SiS OHCI root hub, rev 1.00/1.00, addr 1 uhub0: 3 ports with 3 removable, self powered ohci1 at pci0 dev 3 function 1 SiS 5597/5598 USB rev 0x0f: irq 11, version 1.0, legacy support usb1 at ohci1: USB revision 1.0 uhub1 at usb1 uhub1: SiS OHCI root hub, rev 1.00/1.00, addr 1 uhub1: 3 ports with 3 removable, self powered ohci2 at pci0 dev 3 function 2 SiS 5597/5598 USB rev 0x0f: irq 9, version 1.0, legacy support usb2 at ohci2: USB revision 1.0 uhub2 at usb2 uhub2: SiS OHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ehci0 at pci0 dev 3 function 3 SiS 7002 USB rev 0x00: irq 3 usb3 at ehci0: USB revision 2.0 uhub3 at usb3 uhub3: SiS EHCI root hub, rev 2.00/1.00, addr 1 uhub3: 8 ports with 8 removable, self powered sis0 at pci0 dev 4 function 0 SiS 900 10/100BaseTX rev 0x91: irq 11, address 00:14:2a:b7:c9:17 rlphy0 at sis0 phy 9: RTL8201L 10/100 PHY, rev. 1 rl0 at pci0 dev 11 function 0 Accton MPX 5030/5038 rev 0x10: irq 11, address 00:e0:29:58:9b:eb rlphy1 at rl0 phy 0: RTL internal PHY isa0 at pcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 it0 at isa0 port 0x290/8: IT87 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask ff4d netmask ff4d ttymask ffcf pctr: user-level cycle counter enabled mtrr: Pentium Pro MTRR support uhidev0 at uhub1 port 1 configuration 1 interface 0 uhidev0: Qtronix Generic USB K/B, rev 1.10/0.01, addr 2, iclass 3/1 ukbd0 at uhidev0: 8 modifier keys, 6 key codes wskbd1 at ukbd0 mux 1 wskbd1: connecting to wsdisplay0 uhidev1 at uhub1 port 1 configuration 1 interface 1
Re: Weird values in sensors values from it(4)
On Sat, Dec 23, 2006 at 09:18:54PM -0600, Matthew R. Dempsky wrote: It would look like those values are *way* out of range, [...] Sorry, I just meant the voltage values.
Re: openbsd 4.0 ralink problem low operation range
On Mon, Dec 18, 2006 at 02:02:00AM +, pedro la peu wrote: Don't let this interrupt your complain-fest, but if you want to move beyond whinging and start trying to figure out what the bad performing cards have in common then you know what you have to do... Don't let this interrupt your comprehension. The common factor is ral radios. People using 802.11 is also a common factor here. Is it unfathomable to you that the issue can be more nuanced than wireless chipset?
Re: ksh input control: read
On Thu, Dec 14, 2006 at 12:55:42PM -0600, Jacob Yocom-Piatt wrote: print testing | read testread This is a known problem with pdksh that the developers have stated they don't plan to change. `read' only updates the value of `testread' in the child shell process, not the parent. E.g., ``print testing | ( read testread; echo $testread )'' will work.
Re: Which tools the OpenBSD developers are using?
On Wed, Nov 29, 2006 at 06:31:21AM -0700, Diana Eichert wrote: just remember you may end up spawning a daemon child or even worse, some of you may fork a child. Personally, I'm wary of zombies.
Two quick NFS questions
I'm trying to setup a few diskless Linux machines using an OpenBSD 4.0 machine to provide NFS, and two questions have arisen: First, if I edit a line in /etc/exports, does it suffice to send SIGHUP to mountd on the server and remount the filesystem on the affected clients? If not, what are the proper actions to take? Second, should the following line in /etc/exports allow IP 192.168.1.34 to edit files as root in /edgy-root? /edgy-root -maproot=root -network=192.168.1 -mask=255.255.255.0 I've only had success when I replace ``-network=192.168.1 -mask=255.255.255.0'' with ``192.168.1.34'', but my tests may be invalidated by the answer to question #1... (I realize there are security risks implied above, but the machines are just for fun/experimentation, so those are low priority until I can get things working reliably.) Thanks.
Re: How to set proxy authentication when installing?
On Sat, Nov 18, 2006 at 06:36:35PM +0800, Jing Peng wrote: Supposing my proxy server use http protocol, and its IP address is *.*.0.9, and the username is abc.s34(please notice that it has a dot inside), the password is abc. So, what should I input for HTTP/FTP proxy URL? Looking at ftp(1)'s source code, I don't think the '.' should throw off the username/password parsing, so try: http://abc.s34:[EMAIL PROTECTED]
Re: How to set proxy authentication when installing?
On Sat, Nov 18, 2006 at 11:56:13PM +0800, Jing Peng wrote: I had tried it for times, but with no success. Does your proxy support FTP? Have you tried telling the installer to use HTTP instead of FTP?
Re: How to set proxy authentication when installing?
On Sat, Nov 18, 2006 at 09:13:36PM +0100, Joachim Schipper wrote: IIRC, the version of FTP built for the RAMDISK kernel does not support proxy authentication. If this is correct, what you are seeing is unsurprising. I thought it only lacks HTTPS support?
Re: OpenBSD 4.0 sparc64
On Fri, Nov 10, 2006 at 03:42:41PM +0800, Ikmal Ahmad wrote: Based on http://www.openbsd.org.my/sparc64.html, seem that OpenBSD can install on Sun Blade 100/150 machine. I have this problem when do disk installation on Blade 100. Below is the error. Funny you should mention this. I just installed OpenBSD 4.0 without any problem (other than I had never used OpenBoot before in my life) on two Sun Blade 100s earlier this week. ok boot disk /bsd Boot device: /[EMAIL PROTECTED],0/[EMAIL PROTECTED]/[EMAIL PROTECTED],0 File and args: /bsd ERROR: Last Trap: Fast Data Access MMU Miss Error -256 ERROR: Last Trap: Fast Data Access MMU Miss Error -256 ok The only boot commands I needed were ``boot cdrom'' to boot off the cd40.iso image to get the installer going and ``boot disk:a'' to boot off the hard disk after the install. (I tried using ``boot floppy bsd'' to boot from a floppy disk at first, but it would not even touch the floppy drive before returning an error.)
Re: Uptime and pf stats difference.
On Thu, Oct 26, 2006 at 12:44:25PM +0100, RCF wrote: The server had been in testing for almost a month with rdate configured to run every 6 hours before I rebooted. So I don't really think the clock was off. Clocks naturally drift over time. Four minutes over about 1.5 years seems reasonable.
gdb misprints arguments passed to regcomp(3) library call
I came across a the below peculiarity in gdb: the third argument to regcomp(3) appears mangled in gdb's output when I set a breakpoint and run it. Even though I pass 1 (i.e., REG_EXTENDED) to regcomp, gdb says that -809753220 was passed. I see this behavior on 3.9 and a now rather of date 4.0 snapshot (at least a month or so old). Is this a bug in gdb, or is it some goofy (but expected) behavior caused by the linker resolving? Thanks. $ cat gdb-bug.c #include regex.h int main () { regex_t r; regcomp (r, foo, 1 /* REG_EXTENDED */); return 0; } $ cc -o gdb-bug gdb-bug.c -W -Wall -g $ gdb ./gdb-bug GNU gdb 6.3 Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type show copying to see the conditions. There is absolutely no warranty for GDB. Type show warranty for details. This GDB was configured as i386-unknown-openbsd3.9... (gdb) break regcomp Function regcomp not defined. Make breakpoint pending on future shared library load? (y or [n]) y Breakpoint 1 (regcomp) pending. (gdb) run Starting program: /tmp/gdb-bug Breakpoint 2 at 0x8349314: file /usr/src/lib/libc/regex/regcomp.c, line 162. Pending breakpoint regcomp resolved Breakpoint 2, regcomp (preg=0xcfbc25d0, pattern=0x3c01 foo, cflags=-809753220) at /usr/src/lib/libc/regex/regcomp.c:162 162 /usr/src/lib/libc/regex/regcomp.c: No such file or directory. in /usr/src/lib/libc/regex/regcomp.c (gdb) quit The program is running. Exit anyway? (y or n) y
Re: need help in dealing with a simple thing (file permissions)
On Sat, Oct 21, 2006 at 02:50:57PM +0200, LeVA wrote: Then the umask command came to my mind, but then I would have to make a script, which contains the umask line, and after that call cronolog, and pipe the logs to this script. Would someone please hint me with a more simple and elegant solution? I think the shell script solution is fine, but if you want something more flexible, put the following into /usr/local/bin/with-umask: #!/bin/sh -e umask $1; shift exec $@ and then change your call to cronolog... to with-umask 027 cronolog
Re: pgt-Driver in 4.0-Beta (installed 2 weeks ago) buggy?
On Tue, Oct 17, 2006 at 11:36:53PM +0200, [EMAIL PROTECTED] wrote: Well the discussion tiself is useless because the developers have to decide if they wanna fix the DoS or not. ^^^ You keep using that word. I do not think it means what you think it means.
Re: Fast Xorg Performance
On Tue, Oct 17, 2006 at 02:37:32PM -0700, Karsten McMinn wrote: OpenBSD 3.9 (GENERIC) #617: Thu Mar 2 02:26:48 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Celeron(R) CPU 2.00GHz (GenuineIntel 686-class) 2 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,CNXT-ID real mem = 527495168 (515132K) vga1 at pci0 dev 2 function 0 Intel 82845G/GL Video rev 0x01: aperture at 0xe800, size 0x800 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) My laptop: OpenBSD 4.0 (GENERIC) #2: Sat Sep 2 09:49:35 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) M processor 1.10GHz (GenuineIntel 686-class) 599 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,EST,TM2 cpu0: Enhanced SpeedStep 600 MHz (812 mV): speeds: 1100, 1000, 900, 800, 600 MHz real mem = 258437120 (252380K) vga1 at pci0 dev 2 function 0 Intel 82852GM AGP rev 0x02: aperture at 0xe000, size 0x800 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) X runs fine with the X i810 driver. I can watch movies with mplayer, and my window manager switches between windows just fine.
Re: pgt-Driver in 4.0-Beta (installed 2 weeks ago) buggy?
On Wed, Oct 18, 2006 at 02:18:03AM +0200, [EMAIL PROTECTED] wrote: Exmaple: You`re at meeting and somebody unplugs your pgt-Card and voila your kernel crashs. I would call this a clearly DoS. Because after the attack your OS is kinda useless because of the kernel panic. Kernel panics suck, but they do not qualify as DoS attacks when physical access is necessary to cause them. That somebody in your example could have just poured water onto your machine and rendered it unusable for much longer than a kernel panic.
How open is Intel?
Lately, I have been in several discussions regarding Intel's stance towards the open source community, and the topic of providing hardware documentation frequently arises. However, since I am not much of a kernel hacker, I do not have a good perspective on what documentation is necessary. For example, recently Intel was very boastful about demonstrating their ``ongoing commitment to providing free software drivers for Intel hardware''[1]. When I first read the announcement, I was excited, but after re-reading it, I caught on that nowhere did they mention providing documentation---just an open source driver. I emailed Keith Packard about this, but never got a reply. I also found some technical documentation on intel.com about the G965 chipset[2], but it does not appear complete. It seems to explain how to setup DMA to communicate with the card, but not what data should be sent over DMA. Of course, because of my lack of expertise in this field, I may just be looking in the wrong places. Another example appears to be the Intel PRO/1000 MT card. Intel has an open source driver for it, but when I search their web site the most I find are product briefs and white papers[3]. (I know the link is for their PRO/1000 XF card, but that is the page I was directed to when I clicked on ``Technical Documents'' from the PRO/1000 GT page.) On the other hand, there appears to perhaps be sufficient technical documentation on their I/O Controller Hubs for OpenBSD to support them soon after introduction... or maybe they are just easy to reverse engineer? So how open is Intel? Which chipsets do they provide sufficient documentation to fully support? Which chipsets do they provide some documentation, but omit important parts (and what are these parts)? And which chipsets are they completely unproviding for? Thanks. [1] http://lists.freedesktop.org/archives/xorg/2006-August/017404.html [2] http://www.intel.com/design/chipsets/datashts/313053.htm [3] http://www.intel.com/network/connectivity/products/pro1000xf_server_adapter_docs.htm
Re: Intel Firmware license analysis
On Sun, Oct 01, 2006 at 12:06:46PM -0600, Theo de Raadt wrote: But this does bring up the side question: Is all of Red Hat Enterprise Linux licensed under the licenses stated at http://opensource.org/licenses, [...] Obviously not---they include the IPW firmware.
Spurious close parenthesis in wait(2)
The stanza describing WIFCONTINUED has a close parenthesis, but no corresponding open parenthesis. The WIFSTOPPED description doesn't parenthesize the statement describing when the macro can evaluate to true, so this shouldn't be parenthesized either. --- wait.2~ Tue Sep 26 14:55:36 2006 +++ wait.2 Tue Sep 26 14:55:36 2006 @@ -166,7 +166,7 @@ control stop. This macro can be true only if the wait call specified the .Dv WCONTINUED -option). +option. .It Fn WIFEXITED status True if the process terminated normally by a call to .Xr _exit 2
Re: How do I redirect the daily log messages to another address?
On Thu, Sep 21, 2006 at 02:24:29PM -0700, Steve B wrote: I'd like to redirect the daily log messages that go to root to an external email address. Explanations have already been given on how to redirect all of root's mail to someone else, but in case you really want just the daily log messages directed elsewhere, you can edit root's crontab to mail to a different address. Just replace ``root'' in ``mail -s ... root'' with an appropriate alternative address.
Re: mbuf leak with rl
On Wed, Sep 20, 2006 at 10:29:10AM -0500, Karle, Chris wrote: That looks suspect to me; that seems like a lot for cable modem level traffic. I'd check if your mbufs number ever goes down. I've rechecked the output of netstat -m occasionally since then, and I haven't seen them go down at all--only steadily increase. As of typing this email, the output is: $ netstat -m 3616 mbufs in use: 3593 mbufs allocated to data 6 mbufs allocated to packet headers 17 mbufs allocated to socket names and addresses 855/870/6144 mbuf clusters in use (current/peak/max) 2656 Kbytes allocated to network (98% in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines
Re: mbuf leak with rl
On Thu, Sep 14, 2006 at 10:38:35AM -0500, Karle, Chris wrote: If you're using a rl* can you take a look at your mbuf usage (netstat -m)? On my OpenBSD 3.9 firewall, sis0 is connected to my internal network, and rl0 is connected to my cable modem. $ netstat -m 2546 mbufs in use: 2525 mbufs allocated to data 5 mbufs allocated to packet headers 16 mbufs allocated to socket names and addresses 630/648/6144 mbuf clusters in use (current/peak/max) 1952 Kbytes allocated to network (97% in use) 0 requests for memory denied 0 requests for memory delayed 0 calls to protocol drain routines $ dmesg | grep -e GENERIC -e rl -e sis OpenBSD 3.9 (GENERIC) #617: Thu Mar 2 02:26:48 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC sis0 at pci0 dev 4 function 0 SiS 900 10/100BaseTX rev 0x91: irq 11, address 00:14:2a:b7:c9:17 rlphy0 at sis0 phy 9: RTL8201L 10/100 PHY, rev. 1 rl0 at pci0 dev 11 function 0 Accton MPX 5030/5038 rev 0x10: irq 11, address 00:e0:29:58:9b:eb rlphy1 at rl0 phy 0: RTL internal PHY
Re: figures with magicpoint
On Mon, Sep 11, 2006 at 02:18:31PM +0530, Girish Venkatachalam wrote: What do I use? I need a spartan simple tool like magicpoint itself. Is xfig the right choice? I have used xfig for creating simple graphs and diagrams for homework assignments, and I think it does the job well. I found the user-interface a little counter-intuitive at first, but nothing reading the documentation can't fix.
Re: trunk consisting of bge and iwi
On Sat, Sep 09, 2006 at 03:45:35AM +, Tan Dang wrote: Is it just not possible to setup a trunk with an iwi device? It's possible. I used to trunk em(4) and iwi(4) without problems, but I never set the nwid/nwkey before creating the trunk. (I've since then both replaced the iwi(4) with a ral(4), and mostly given up on using trunk(4) because it won't work with wpa_supplicant.)
Re: can www execute sendmail -t?
On Sat, Sep 09, 2006 at 09:50:16AM -0400, Woodchuck wrote: FILE *mail; char sendmail[512]; sprintf(sendmail, %s %s, SENDMAIL_PATH, RECIPIENT); use snprintf here, this is exactly the sort of code that some joker will try to do a buffer overflow on. Assuming RECPIENT is actually something that will be user controllable, doesn't he need to worry about quoting RECIPIENT and making sure it doesn't start with a dash? Does OpenBSD have a popen(3) replacement but with an exec(3)-like interface instead of a system(3)-like one?
Re: can www execute sendmail -t?
On Sat, Sep 09, 2006 at 10:23:05PM +0200, Joachim Schipper wrote: On Sat, Sep 09, 2006 at 12:30:27PM -0500, Matthew R. Dempsky wrote: Does OpenBSD have a popen(3) replacement but with an exec(3)-like interface instead of a system(3)-like one? Not really, IIRC; using pipe() and exec() is the way to go... That's what I suspected. I could image it worth while, however, to have a popen_execl (or whatever) function to let you avoid dealing with shell quoting. (On the other hand, I'm pretty comfortable using pipe/fork/exec, so I don't know how big of an issue this is in practice.)
Re: network cards - which one is the best ;
On Mon, Sep 04, 2006 at 09:30:13AM +, Marcus Popp wrote: On 2006-09-03T23:16, Bill Marquette wrote: Other than Intel, is anyone else making quad port gig cards? Silicom makes em-based quad/six port cards. I thought the point of this subthread was Bill trying to avoid em(4)-based cards?
Re: automated source code scanning
On Mon, Sep 04, 2006 at 11:01:20AM -0700, Darrin Chandler wrote: On Mon, Sep 04, 2006 at 11:27:32AM -0500, Matthew R. Dempsky wrote: On Mon, Sep 04, 2006 at 09:11:52AM -0500, [EMAIL PROTECTED] wrote: Automating stuff you do NOT understand stands little chance of making anything better. Me, I just lurk here and do not speak for anyone, but I can assure you that the OpenBSD folks are not so naive as to put any trust in automated gizmos. Coverity found at least 30 bugs in OpenBSD (counting the number of commits to the cvs mailing list containing ``coverity'', according to marc), so it seems the OpenBSD developers *do* acknowledge the value of some automated testing. Also, tedu@ is a Coverity employee. Yes. *Relying* on such tools is foolish, as is not availing yourself of the information they *do* provide. Agreed, but Tony said ``the OpenBSD folks are not so naive as to put _any_ trust in automated gizmos,'' not ``[...] to _only_ put trust in [...].''
Re: broadcom wireless card
On Mon, Sep 04, 2006 at 01:30:47PM -0500, Roger Midmore wrote: I recently got a acer aspire 3000 laptop which i got for a good price. Unfortunately it's got a broadcom wireless card which won't work under openbsd. I was wondering if there's some way to get it working or if i have to replace it what would be a good cheap alternative. You can get an MSI MP54G4 from newegg.com for about $20[1]. Only problem I've had so far is the wireless activity LED on my laptop doesn't illuminate anymore, but I haven't determined the cause. Before ordering a replacement, make sure to check how accessible the Mini-PCI slot is. My Thinkpad X40 required unscrewing just three screws to get access to it, while an Averatec whose card I tried replacing involved removing two dozen screws and disconnecting various unrelated cables, and I eventually gave up without ever seeing the slot. [1] http://www.newegg.com/Product/Product.asp?Item=N82E16833158115
Re: network cards - which one is the best ;
On Sun, Sep 03, 2006 at 05:00:37PM -0700, Ray Percival wrote: On Sep 3, 2006, at 3:59 PM, Sylwester S. Biernacki wrote: Theo wrote about em driver in OpenBSD and bad vendor design of Intel NICs in general. Exactly the opposite I have used Intel server cards with ~320Mbps traffic (max of old PCI board ;P) and everything worked as it should. I think he was writing about WiFi cards. I've yet to find anything bad about old-skool ethernet cards. Also the ethernet cards *do* have free drivers unlike the wifi cards. No, he made it explicitly clear he was talking about their gigabit ethernet cards: Approximately six years ago Intel gave the *BSD projects a driver for the Intel gigabit cards, the so-called em(4) driver. http://marc.theaimsgroup.com/?l=openbsd-miscm=115707648205545w=2
Changing WEP keys without resetting the NIC
I just hacked the FreeBSD backend of wpa_supplicant enough to connect my OpenBSD laptop to my university's wireless network (just Dynamic WEP, not TKIP or CCMP). I also had to add an ugly hack to dev/ic/rt2560.c to ignore ENETRESET when issuing a SIOCS80211NWKEY ioctl(2) (see below). The patch works for my needs, but I'm not familiar enough with 802.11 to know if there are any cases where changing a WEP key necessitates a reset. Would it be better if the no-reset behavior had to be explicitly requested in the ioctl(2)? (I was thinking perhaps adding an extra IEEE80211_C_DYNAMICWEP capability bit for devices to provide, and changing ieee80211_ioctl to check for this capability and to return a different value if i_wepon has a IEEE80211_NWKEY_DYNAMIC bit set.) Thanks. --- dev/ic/rt2560.c~Sat Sep 2 09:18:46 2006 +++ dev/ic/rt2560.c Sat Sep 2 09:19:13 2006 @@ -2153,6 +2153,13 @@ } break; + case SIOCS80211NWKEY: + /* Allow key changes without resetting. */ + error = ieee80211_ioctl(ifp, cmd, data); + if (error == ENETRESET) + error = 0; + break; + default: error = ieee80211_ioctl(ifp, cmd, data); }
Replaced wireless card and now activity LED no longer blinks
I just replaced the IPW2200 mini-PCI card in my Thinkpad with a ral(4)-based MSI MP54G4 (MS-6833A-010) from newegg.com (dmesg snippet below). It works great so far, except the radio activity LED that used to indicate association with an access point and network activity no longer lights up at all. Any ideas if this is just a software issue or maybe a hardware incompatibility between mini-PCI cards? Thanks. ral0 at pci1 dev 2 function 0 Ralink RT2560 rev 0x01: irq 11, address 00:13:d3:76:35:c6 ral0: MAC/BBP RT2560 (rev 0x04), RF RT2525
Re: sysctl modifications during install?
On Fri, Aug 25, 2006 at 05:38:19AM +1000, Scott Radvan wrote: Or am I missing something which could allow the install to use all available bandwidth? Can you first choose S for shell, run the necessary sysctl commands, then exit the shell and start the install process as usual?
Re: Daemon supervisor
On Mon, Aug 21, 2006 at 02:31:20PM +0400, Bruno Carnazzi wrote: I'd like to implement a daemon supervisor that could automatically restart a daemon when it crashes. I like runit[1] or daemontools[2] for this purpose. [1] http://smarden.sunsite.dk/runit/ [2] http://cr.yp.to/daemontools.html
Re: Sun Ultra 25
On Wed, Aug 16, 2006 at 09:27:35AM -0700, Darrin Chandler wrote: On Thu, Aug 17, 2006 at 01:30:43AM +1000, John Tate wrote: -- /(bb|[^b]{2})/ that is the Question: I believe the question is 0x2b|~0x2b, and the answer is 0xff. This is tautalogical and not restricted to 0x2b. Which OpenBSD architecture has 8-bit ints? ;-)
Re: Porting firewall/routing script to OpenBSD from linux?
On Sun, Aug 13, 2006 at 01:19:31PM -0400, Nick Guenther wrote: I think you're looking for ifconfig(8). Wait, doesn't linux have ifconfig? What's ip for? ip is from the iproute2 package. From the lartc.org manual, ``Why iproute2?''[1]: Most Linux distributions, and most UNIX's, currently use the venerable arp, ifconfig and route commands. While these tools work, they show some unexpected behaviour under Linux 2.2 and up. For example, GRE tunnels are an integral part of routing these days, but require completely different tools. With iproute2, tunnels are an integral part of the tool set. [1] http://lartc.org/howto/lartc.iproute2.html
Re: connect to a wep accesspoint (wpi0) howto?
On Mon, Aug 14, 2006 at 03:56:13PM -0400, Nick Guenther wrote: I could imagine the openbsd crew having simply not written in support for shared key, but I can't speak for them. There's some support for shared key authentication in the kernel, but it was disabled in sys/net80211/ieee80211_input.c rev 1.14: Disable shared key mode until we have a way for the user to specify that they explicitly want it. What we have currently doesn't seem to work anyway. Add support for specifying a status type when sending managemnent frames; adapted from FreeBSD. OK jsg@
Tuning OpenBSD network throughput
I have three machines that I'm using for testing network performance: - 2.0GHz Pentium 4, 256MiB RAM, Ubuntu 6.06, e1000 - 266MHz Pentium II, 192MiB RAM, Debian Unstable, sk98lin - 600MHz Pentium M, 256MiB RAM, OpenBSD 4.0-current, em(4) All network settings are still at their respective defaults. First, I connected the two Linux boxes with an Ethernet cable and ran ``iperf -s'' on the 2.0GHz machine and ``iperf -c 192.168.10.1'' on the 266MHz machine, and iperf reported a bandwidth of about 224 Mbits/sec. Then, I substituted out the 266MHz machine and replaced it with the 600MHz machine (i.e., faster processor, more ram, and better software), but running ``iperf -c 192.168.10.1'' under OpenBSD reported a mere 3.8 Mbits/sec---nearly two orders of magnitude less! Can anyone explain the huge discrepancy here? Can I do anything to get OpenBSD to achieve at least 150 Mbits/sec? Thanks. (I've omitted the Linux dmesgs, but can provide them if they would be considered useful and not just line noise.) OpenBSD 4.0-beta (GENERIC) #1055: Thu Aug 3 11:39:24 MDT 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) M processor 1.10GHz (GenuineIntel 686-class) 599 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,TM,SBF,EST,TM2 cpu0: Enhanced SpeedStep 600 MHz (812 mV): speeds: 1100, 1000, 900, 800, 600 MHz real mem = 258437120 (252380K) avail mem = 228171776 (222824K) using 3180 buffers containing 13025280 bytes (12720K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(77) BIOS, date 06/15/05, BIOS32 rev. 0 @ 0xfd740, SMBIOS rev. 2.33 @ 0xe0010 (56 entries) bios0: IBM 2371BMU apm0 at bios0: Power Management spec V1.2 apm0: battery life expectancy 35% apm0: AC off, battery charge high, estimated 1:42 hours apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd6d0/0x930 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdeb0/256 (14 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #2 is the last bus bios0: ROM list: 0xc/0xc800! 0xcc800/0x1000 0xcd800/0x1000 0xdc000/0x4000! 0xe/0x1 cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82852GM Hub-PCI rev 0x02 Intel 82852GM Memory rev 0x02 at pci0 dev 0 function 1 not configured Intel 82852GM Configuration rev 0x02 at pci0 dev 0 function 3 not configured vga1 at pci0 dev 2 function 0 Intel 82852GM AGP rev 0x02: aperture at 0xe000, size 0x800 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) Intel 82852GM AGP rev 0x02 at pci0 dev 2 function 1 not configured uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x01: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x01: irq 11 usb1 at uhci1: USB revision 1.0 uhub1 at usb1 uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub1: 2 ports with 2 removable, self powered uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x01: irq 11 usb2 at uhci2: USB revision 1.0 uhub2 at usb2 uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub2: 2 ports with 2 removable, self powered ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x01: irq 11 usb3 at ehci0: USB revision 2.0 uhub3 at usb3 uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1 uhub3: 6 ports with 6 removable, self powered ppb0 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0x81 pci1 at ppb0 bus 1 cbb0 at pci1 dev 0 function 0 Ricoh 5C476 CardBus rev 0x8d: irq 11 sdhc0 at pci1 dev 0 function 1 Ricoh 5C822 SD/MMC rev 0x13: irq 11 sdmmc0 at sdhc0 em0 at pci1 dev 1 function 0 Intel PRO/1000MT Mobile (82541GI) rev 0x00: irq 11, address 00:0a:e4:37:61:6a iwi0 at pci1 dev 2 function 0 Intel PRO/Wireless 2200BG rev 0x05: irq 11, address 00:13:ce:58:8f:14 cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 2 device 0 cacheline 0x0, lattimer 0xb0 pcmcia0 at cardslot0 ichpcib0 at pci0 dev 31 function 0 Intel 82801DBM LPC rev 0x01 pciide0 at pci0 dev 31 function 1 Intel 82801DBM IDE rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: HTC426030G7AT00 wd0: 16-sector PIO, LBA, 28615MB, 58605120 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 pciide0: channel 1 disabled (no drives) ichiic0 at pci0 dev 31 function 3 Intel 82801DB SMBus rev 0x01: irq 11 iic0 at ichiic0 auich0 at pci0 dev 31 function 5 Intel 82801DB AC97 rev 0x01: irq 11, ICH4 AC97 ac97: codec id 0x41445374 (Analog Devices AD1981B) ac97: codec features headphone, 20 bit DAC, No 3D Stereo audio0 at auich0 Intel 82801DB Modem rev 0x01 at pci0 dev 31 function 6 not configured isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5
Re: WPA support / creating a cf image
On Thu, Aug 03, 2006 at 11:27:16PM +1000, Shane J Pearson wrote: What about an open wireless network, which does not allow anything to be routed out of the OpenBSD WAP unless it is authpf authorised. Then only VPN traffic. What does authpf+VPN provide in this use case that VPN alone doesn't?
Re: Network equipment testing with two NICs
On Wed, Aug 02, 2006 at 06:04:19PM +0200, Michal Soltys wrote: [ reminder about the routing table works ] Whoops, you're right. It wasn't anything specific to sk0 and sk1, just because of how I assigned IP addresses. Small correction to my prev post - messing with route / PF to enforce going over cable in both ways shouldn't probably yield any results here. The following seems to work: # ifconfig sk0 192.168.50.1 # ifconfig sk1 192.168.51.1 # route delete 192.168.50 # route delete 192.168.51 # route add 192.168.50 -interface 192.168.51.1 # route add 192.168.51 -interface 192.168.50.1 # ping 192.168.50.1 # ping 192.168.51.1 (I put sk0 and sk1 on separate subnets because route didn't seem to like routing packets for a single host via an interface.) ``tcpdump -i lo0'' shows no output during the pings, so it seems like the packets are all going over the ethernet cable. Thanks.
Re: Network equipment testing with two NICs
On Tue, Aug 01, 2006 at 11:24:17PM +0200, Michal Soltys wrote: icmp's replies would go through loopback in such case. Really? I got the impression from tcpdump that traffic from sk0 to sk1 (whether ICMP request or reply) always went over the ethernet cable while traffic from sk1 to sk0 did not. The output of ``tcpdump -i sk0'' shows only and all packets that were sent through or received from sk0's PHY, right? (And if not, what output will?) If you wanted to force it to go over the cable, you could use route(8) to manually set routing or use pf and set reply-to option on interface, where icmp request is incoming. I'll give those a try. (FYI, later I plan to replace ping with iperf or something more thorough/intensive, so ICMP-specific fixes will not suffice.) Thanks.
Re: Watching daemons
On Fri, Jul 28, 2006 at 10:38:49AM -0400, Carlos A. Carnero Delgado wrote: In the mean time, I'd like to keep ftp-proxy running most of the time. What do you guys use/recommend to watch if a process dies and restart it? I would use daemontools[1] or runit[2]. There's also freedt in ports, but I've not tried it. [1] http://cr.yp.to/daemontools.html [2] http://smarden.sunsite.dk/runit/
ping brad (was Re: em(4) remains in unknown link state until inserting a cable)
(Apologies to the list: I was unable to make direct contact with Brad.) Brad: I sent you email twice this month regarding em(4)'s unknown link state behavior, but have not heard back yet. Have you simply not had time to reply yet or were my messages lost in transit? Thanks. Date: Sun, 9 Jul 2006 12:30:23 -0500 From: Matthew R. Dempsky [EMAIL PROTECTED] To: Brad [EMAIL PROTECTED] Subject: Re: em(4) remains in unknown link state until inserting a cable Message-ID: [EMAIL PROTECTED] On Sun, Jul 09, 2006 at 12:36:51PM -0400, Brad wrote: Are you running 3.9 -release/-stable or -current? -current. If I send you a diff could you test it out? Sure. Date: Fri, 21 Jul 2006 20:26:57 -0500 From: Matthew R. Dempsky [EMAIL PROTECTED] To: Brad [EMAIL PROTECTED] Subject: Re: em(4) remains in unknown link state until inserting a cable Message-ID: [EMAIL PROTECTED] On Sun, Jul 09, 2006 at 12:30:00PM -0500, Matthew R. Dempsky wrote: On Sun, Jul 09, 2006 at 12:36:51PM -0400, Brad wrote: If I send you a diff could you test it out? Sure. Did I miss this patch or is it still forthcoming? Thanks.
Re: restarting DHCP not described in manpages
On Mon, Jul 10, 2006 at 12:45:04PM +0200, Henning Brauer wrote: two seconds is too close. due to the weird dhclient architecture (dhclient-script has to die for interface IP configuration!) we have to work with time windows. it is 5 seconds afair. I notice this issue is not limited to starting multiple dhclients within N seconds of each other, but also starting dhclient within N seconds of other's renew time. Is there a better way of reliably restarting dhclient on a single interface than ``pkill -f dhclient: $IF dhclient $IF''?
GCC 4.1 stack smashing protection
I notice GCC 4.1 includes a reimplementation of the stack smashing protection already included in OpenBSD. Have there been any comments on this new functionality from the OpenBSD community? Anyone know of differences between IBM's old and the new merged functionality? (I realize upgrading toolchains is anything but a trivial undertaking, so I don't expect to see OpenBSD considering switching to GCC 4.x anytime soon. I'm just curious.) Thanks.
em(4) remains in unknown link state until inserting a cable
On my laptop, starting at reboot and until I have inserted an ethernet cable, em(4) leaves its if_link_state as LINK_STATE_UNKNOWN. This causes problems for me because when trunk(4) is setup to use em(4) as the master port, it will not failover to the secondary port until if_link_state changes to LINK_STATE_DOWN, i.e. until an ethernet cable has been inserted and removed once. Is this intentional? Below is a patch that seems to fix the problem for me, but it's just a guess on my part. Better solutions welcome. Thanks. Index: sys/dev/pci/if_em.c === RCS file: /cvs/src/sys/dev/pci/if_em.c,v retrieving revision 1.137 diff -p -u -r1.137 if_em.c --- sys/dev/pci/if_em.c 8 Jul 2006 04:34:34 - 1.137 +++ sys/dev/pci/if_em.c 9 Jul 2006 06:58:47 - @@ -1276,7 +1276,7 @@ em_update_link_status(struct em_softc *s struct ifnet *ifp = sc-interface_data.ac_if; if (E1000_READ_REG(sc-hw, STATUS) E1000_STATUS_LU) { - if (sc-link_active == 0) { + if (ifp-if_link_state != LINK_STATE_UP) { em_get_speed_and_duplex(sc-hw, sc-link_speed, sc-link_duplex); @@ -1296,7 +1296,7 @@ em_update_link_status(struct em_softc *s if_link_state_change(ifp); } } else { - if (sc-link_active == 1) { + if (ifp-if_link_state != LINK_STATE_DOWN) { ifp-if_baudrate = sc-link_speed = 0; sc-link_duplex = 0; sc-link_active = 0;
Re: restarting DHCP not described in manpages
On Sun, Jul 09, 2006 at 08:31:23PM +0159, Han Boetes wrote: Karel Kulhavy wrote: I read man dhcp and man dhclient and wasn't able to determine how to restart the DHCP process (or the whole network) if my cable modem with DHCP server crashes and I have to reboot it. I suggest this information to be added, but I don't know where it belongs. Default behaviour for _any_ daemon is the restart on the HUP signal; ie: $ sudo pkill -HUP dhcpd The OP seems interested in restarting dhclient too, but SIGHUP kills dhclient.
Re: What (stream) ciphers exist in the kernel?
On Sun, Jul 09, 2006 at 09:37:12PM +0200, Peter Philipp wrote: I'm trying to encrypt a stream, per byte (8 bit) instead of per block (usually 8 bytes) in the kernel. CFB and OFB ciphers are ok if they are a block cipher as they pretty well can encrypt per byte according to applied cryptography from schneier. What about CTR? OpenBSD can do AES-CTR.
Re: restarting DHCP not described in manpages
On Sun, Jul 09, 2006 at 09:22:05PM +0200, Paul de Weerd wrote: Sure, just 'dhclient ${if}'. When 'something' (even another dhclient process) touches the networking config of a dhclient-configured interface, dhclient will exit (as not to change the new config later). Not true. I started five instances of ``dhclient trunk0'' on my laptop two seconds apart, and all five are still running: Jul 9 14:34:40 whelp dhclient[5289]: DHCPREQUEST on trunk0 to 192.168.0.12 port 67 Jul 9 14:34:40 whelp dhclient[5289]: DHCPACK from 192.168.0.12 Jul 9 14:34:40 whelp dhclient[5289]: bound to 192.168.0.50 -- renewal in 60 seconds. Jul 9 14:34:42 whelp dhclient[20283]: DHCPREQUEST on trunk0 to 192.168.0.12 port 67 Jul 9 14:34:42 whelp dhclient[20283]: DHCPACK from 192.168.0.12 Jul 9 14:34:42 whelp dhclient[20283]: bound to 192.168.0.50 -- renewal in 60 seconds. Jul 9 14:34:44 whelp dhclient[31937]: DHCPREQUEST on trunk0 to 192.168.0.12 port 67 Jul 9 14:34:44 whelp dhclient[31937]: DHCPACK from 192.168.0.12 Jul 9 14:34:44 whelp dhclient[31937]: bound to 192.168.0.50 -- renewal in 60 seconds. Jul 9 14:34:46 whelp dhclient[407]: DHCPREQUEST on trunk0 to 192.168.0.12 port 67 Jul 9 14:34:46 whelp dhclient[407]: DHCPACK from 192.168.0.12 Jul 9 14:34:46 whelp dhclient[407]: bound to 192.168.0.50 -- renewal in 60 seconds. Jul 9 14:34:48 whelp dhclient[13503]: DHCPREQUEST on trunk0 to 192.168.0.12 port 67 Jul 9 14:34:48 whelp dhclient[13503]: DHCPACK from 192.168.0.12 Jul 9 14:34:48 whelp dhclient[13503]: bound to 192.168.0.50 -- renewal in 60 seconds.
Re: restarting DHCP not described in manpages
(I tried sending a similar email to this one about an hour ago, but it has not turned up yet, while other emails sent since then have appeared on the mailing list. I apologize if this results in redundant mail.) On Sun, Jul 09, 2006 at 09:22:05PM +0200, Paul de Weerd wrote: Sure, just 'dhclient ${if}'. When 'something' (even another dhclient process) touches the networking config of a dhclient-configured interface, dhclient will exit (as not to change the new config later). Not true. As I type this message, I have 10 dhclients running concurrently on my laptop for the same interface. The cause seems to be that I have setup dhcpd on my network to give my laptop a static IP, so all of the dhclients are trying to set the same IP and don't notice the others running. This would not be a problem (other than the extra network and memory resource usage) were it not for /etc/resolv.conf occasionally getting obliterated.
Re: What (stream) ciphers exist in the kernel?
On Sun, Jul 09, 2006 at 10:47:54PM +0200, Peter Philipp wrote: I'm talking about this: for (i = 0; i AESCTR_BLOCKSIZE; i++) data[i] ^= keystream[i]; Hm, I'm not familiar with OpenBSD's crypto layer, but CTR mode should not require padding. Perhaps its a limitation of the APIs? Why is there a AESCTR_BLOCKSIZE? Pardon my ignorance on this cipher, cipher mode and implementation in OpenBSD's kernel. Any provided official stream cipher would beat a simple XOR. Stream ciphers typically use a simple XOR.
Re: Preventing password reuse
On Wed, Jul 05, 2006 at 12:24:34PM +0200, Joachim Schipper wrote: Consider five lower-case words chosen from 1024 possibilities each, for instance - this has 50 bits of entropy, roughly equivalent to a 10-character password based on natural language [1]; a little fuzzing and use of capitals will make the passwords chosen much more powerful, but a 10-character password based on natural language really isn't that shabby for a lower bound on password complexity. Diceware[1] is a list of 6^5 short, easy-to-remember words along with instructions on how to generate passwords with a few dice rolls. Five words from their list gives you a little over 64 bits of entropy. [1] http://world.std.com/~reinhold/diceware.html
Re: tcpdump on enc0
On Wed, Jul 05, 2006 at 11:30:54AM -0600, Stephen Bosch wrote: I am not seeing any traffic on enc0 when using tcpdump, that is why I asked. Are you sure IPsec is being used? Can you see IPsec-processed traffic on the physical interface?
Re: Preventing password reuse
On Tue, Jul 04, 2006 at 12:04:11AM -0400, Chet Uber wrote: Not to bicker, but the resources needed to use a database of all possible passwords even with alphanumerics and salted is very finite -- albeit large. OpenBSD's blowfish passwords have 128-bits of salt. A table of all 8 character (lower-case only) alphanumeric passwords would require 2^128 * (26+10)^8 ~= 9.6*10^50 entries. Being ``very finite'' is irrelevant at this order of magnitude. Just don't want people to think that they are safe as is not an NP- complete problem. It is an NP-hard problem however. You are aware NP-complete problems are, by definition, reducible to NP-hard problems, right? In other words, NP-hard problems are ``harder'' than NP-complete ones.
Re: Preventing password reuse
On Tue, Jul 04, 2006 at 02:29:56AM -0400, Chet Uber wrote: NP-complete problems are the most difficult complexity problems. No, NP-complete problems are the most difficult problems _in NP_.
Re: kernel settings for pf default block
On Tue, Jul 04, 2006 at 12:12:22PM -0700, c.s.r.c.murthy wrote: Also please confirm that there is no kernel parameter to make pf block everything by default. Yes, there is no kernel parameter to make pf block everything by default. You make pf block everything by default by putting ``block all'' at the appropriate place in your pf.conf file. This is spelt out for you in the pf.conf(5) man page: To block everything by default and only pass packets that match explicit rules, one uses block all as the first filter rule.
Re: Encryption and Compression with ipsecctl?
On Fri, Jun 30, 2006 at 04:43:21PM -0500, Todd T. Fries wrote: IPcomp is known broken for at least two years, perhaps longer. Do not use it. What makes you say that? I can't find any mention of this in the man pages, on openbsd.org, or misc's archives.
Re-requesting DHCP lease on media change
Is it possible to configure dhclient(8) to automatically re-request a DHCP lease on media changes (e.g., plugging in a new ethernet cable, associating with a new wireless access point, trunk(4) switching between interfaces)? If not, does anyone else think this a worthwhile feature to add? Thanks.
Re: Re-requesting DHCP lease on media change
On Tue, Jun 20, 2006 at 11:36:06AM -0400, Nick Guenther wrote: I think hotplugd(8) might help here. The manpage says: 3 network interface so you should be able to just write a one-liner to do it. I'm not sure hotplug is useful here. hotplug(4) says the only events signaled are device attachment and device detachment, and I don't believe any of the example scenarios I provided would result in those events.
Re: slow realloc: alternate method?
On Fri, Jun 16, 2006 at 10:55:05AM -0500, Jacob Yocom-Piatt wrote: the current code uses realloc in the manner suggested by the manpage: newsize = size + 1; time(t1); // start timing realloc if ((newap = (int *)realloc(ap, newsize*sizeof(int))) == NULL) { free(ap); ap = NULL; size = 0; return (NULL); } time(t2); // stop timing realloc; start timing fscanf as the size of ap grows, so does the time it takes to realloc the space. Growing your array by only a constant amount each iteration takes quadratic time. By instead doubling the array size each time as necessary, you can reduce this to (amortized) linear time. (I believe the man page's intention was to show how to avoid leaking memory, not how to write an efficient program.) Alternatively, just do as others have suggested and mmap() the file and make an extra preliminary pass.