Re: pledge(2) API ideas for libraries

[Ray Lai]

pledge should be used to restrict a program to whatever it is necessary to do,
rather than everything the library can do. So if I use libimaginarydb to parse
a csv file I've already read into a memory buffer (nearly pledge("", NULL)),
but the library can read/write/create files, do remote db connections, and
fork shells, we don't want it to do all that (pledge("rpath wpath cpath dns
inet exec proc", NULL)).

> On Jun 13, 2016, at 12:56 PM, 
 wrote:
>
> I have thought of a way pledge(2) can be made a little more
> library-friendly.
>
> This is not a patch, but just a thought.
> There are 2 setups I have thought of:
>
> === 1. Variable arguments ===
>
> int pledge(const char *promises, const char *paths[])
> {
>return vpledge(1, promises, paths);
> }
>
> int vpledge(const size_t npledge, ...);
>
> -
>
> In a program, this may be something like this:
>
> #include 
> #include 
> #include 
> #include 
> #include 
> #include 
>
> int main(void) {
>if(vpledge(5, "stdio rpath wpath cpath", NULL,
>ultra_promises, ultra_pledgepaths,
>extra_promises, NULL, super_promises, NULL,
>mecha_promises, mecha_pledgepaths) == -1)
>errx("pledge");
>
>... [other code] ...
> };
>
>
> ---
>
> In vpledge(), "npledge" refers to the number of pledge-pairs, which
> consist of:
>
>const char *promises, const char *paths[]
>
> These have the same semantics as the original pledge().
>
> A library can export *_promises and *_pledgepaths symbols, pointing to
> static text. This allows the library to change without the program
> being affected because the new library changes call something outside
> the original pledge() of a program.
>
> = 2. Using a struct ==
>
> -
>
> struct pledge {
>char *promises;
>char *paths[];
> };
>
> -
>
> int pledge(const char *promises, const char *paths[])
> {
>struct pledge pl = {
>.promises, paths
>};
>
>return pledges(1, );
> }
>
> int pledges(const size_t npledge, const struct pledge pledge_array[]);
>
> -
>
> In a program, this may be something like this:
>
> #include 
> #include 
> #include 
> #include 
> #include 
> #include 
>
> int main(void) {
>struct pledge pl[4];
>
>pl[0].promises = "stdio rpath wpath cpath";
>ultra_getpledge([1]);
>extra_getpledge([2]);
>super_getpledge([3]);
>mecha_getpledge([4]);
>
>if(pledges(5, pl) == -1)
>errx("pledge");
>
>... [other code] ...
>
>
> };
>
>
> ---
>
>
> A library can tell the application what pledges are in use as follows:
>
>
> static const char *pledge_promises = "stdio fattr sendfd recvfd"
>
> void ultra_getpledge(struct pledge *const pl)
> {
>pl->promises = pledge_promises;
>pl->paths = NULL;
> }
>
>
> ==
>
> I think that #1 has the advantage of it being easier to code so a
> program can ratchet down its abilities. #2 allows one to group the
> pledge arguments into a single struct.
>
> Thoughts?

Re: wifind(8) find your wifi

[Ray Lai]

> On Jun 3, 2016, at 8:42 PM, Erling Westenvik 
wrote:
> As much as I endorse and approve of any effort to create a good solution
> for handling wifi's, I must say I find the use of perl and json
> unnecessary for such a project. I've been using a "pure ksh" solution
> named wiconfig since 2013 and which was posted here at @misc back in
> 2011 or 2012:

I've checked out wiconfig prior to wifind, but I couldn't figure out how to
use it, and couldn't figure it out from the 500-line shell script.

This script, for now, merely parses a config file and ifconfig scan output and
writes a new hostname.if. I understand it.

>
http://openbsd-archive.7691.n7.nabble.com/wiconfig-simplifies-the-configurati
on-of-wireless-interfaces-td89829.html
>
> It is available on github:
>
> https://github.com/devious/wiconfig/blob/master/wiconfig
>
> wiconfig:
> - Works great with apm/resume, including trunk(4) interfaces.
> - Has no dependencies. Just pure old fashioned ksh.

This is a nice benefit, as it can be run even when upgrading, theoretically.

> - Stores (accepted) connections in plain text format. (/etc/wiconfig.db)

I couldn't figure this out from the documentation and code, unfortunately.

> - Handles quoted nwids.

Does it handle nwids with quotes within, eg "network "name""?

> - Does not require writing to /etc/hostname.if-files.

The reason I chose to write hostname.if files is upgrades. I don't expect this
program to be functional during upgrades, nor any other non-base solution. So
the simplest solution was to save the latest best-known network configuration
so that the network would have a decent chance of being usable during
upgrades.

Cheers,
Ray

Re: wifind(8) find your wifi

[Ray Lai]

On Fri, 3 Jun 2016 10:33:47 +0100
skin...@britvault.co.uk (Craig Skinner) wrote:

> Hi Ray,
> 
> On 2016-06-03 Fri 00:26 AM |, Ray Lai wrote:
> > 
> > I got tired of configuring my wifi every time I had to move my laptop.
> > Here's a script a whipped up.  
> 
> port it up: http://www.OpenBSD.Org/faq/ports/guide.html
> 
> Cheers!

Done: http://permalink.gmane.org/gmane.os.openbsd.ports/80223

Re: wifind(8) find your wifi

[Ray Lai]

On Fri, 3 Jun 2016 15:52:34 +0200
Stefan Sperling  wrote:

> On Fri, Jun 03, 2016 at 03:22:19PM +0200, Kamil Cholewiński wrote:
> > Perhaps it's time that the best tool be chosen and made a part of the
> > base install? I've already seen like a 100 different OBSD WiFi scripts
> > floating around the 'net, and naturally I also have a DIY one.
>
> No scripts for this, please.
>
> We need a well engineered to make the kernel handle this, perhaps with some
> help from userland. Various ideas have been porposed (not always on list,
> but mostly during face-to-face discussions at hackathons).
>
> What we need is someone who wants to sit down and drive the project home,
> i.e. wrap up the design discussion within the community and write the code.
> I'm up for helping people through this, but it really needs someone else
> dedicated to take responsibility for this project and the implementation.
>
> One thing we should probably fix first is roaming support in the kernel.

Do you mean 802.11r support?

Re: wifind(8) find your wifi

[Ray Lai]

> On Jun 3, 2016, at 8:59 PM, Etienne <etienne.m...@magickarpet.org> wrote:
> On 06/03/16 05:12, Ray Lai wrote:
>>>
>>> #!/bin/sh
>>>
>>> if [[ $1 == "home" ]]; then
>>>doas ifconfig run0 nwid foonet wpa wpakey ultrasecret
>>>doas dhclient run0
>>> fi
>> Yup. The goal of wifind is to do exactly this, the moment I resume my
laptop,
>> without my interaction.
> May I know what's triggering it? I have something similar, but I need to
click on a button to run it.

/etc/apm/resume

Check apmd(8)

Re: wifind(8) find your wifi

[Ray Lai]

> On Jun 3, 2016, at 6:17 AM, Gleydson Soares  wrote:
>
> I usually just use a small script that lives in ~/bin
>
> cat ~/bin/wifi
>
> #!/bin/sh
>
> if [[ $1 == "home" ]]; then
>doas ifconfig run0 nwid foonet wpa wpakey ultrasecret
>doas dhclient run0
> fi

Yup. The goal of wifind is to do exactly this, the moment I resume my laptop,
without my interaction.

Ray

Re: wifind(8) find your wifi

[Ray Lai]

> On Jun 3, 2016, at 2:36 AM, Kamil Cholewiński <harry6...@gmail.com> wrote:
>> On Thu, 02 Jun 2016, Ray Lai <r...@raylai.com> wrote:
>> use JSON::PP;
>
> That's just my personal opinion, but JSON sucks for configuration files.
> It's more of a human-readable data interchange format.
>
> It feels like the same functionality can be achieved with something much
> simpler, getent or CSV style.

I agree. All I need are hashes and arrays. Any examples would be welcome, I'm
open to changing the file format. But as wifind.conf(5) says, I chose json
because it's included in Perl. I was more concerned with having a
set-it-and-forget-it solution. The config file is a minor detail that can be
changed.
>
>> my $tmp = "/etc/wifind.tmp";
>
> mkstemp?

Will fix

>> Please avoid nwid or wpakey with quotes, dollar signs, or backslashes.
>
> Without knowing or assuming much about how WiFi works, why would this be
> a concern in a well-designed program?

Currently wifind parses 'ifconfig if scan' output, which, according to my
reading of the code, simply adds "double quotes" around any nwid with white
space when printing. (I've not tested my theory that nwid with " in the name
would cause problem. )

Likewise, netstart takes nwid and wpakey, which could include spaces, but as
netstart is a shell script, I have not tested what happens when the values
contain backslashes, dollar signs, or double quotes. Caveat emptor!


Thanks for your feedback, I appreciate it!

Ray

wifind(8) find your wifi

[Ray Lai]

Hi all,

I got tired of configuring my wifi every time I had to move my laptop.
Here's a script a whipped up. It scans the wifi for known networks and
writes the strongest one to /etc/hostname.if. Then it runs netstart.
Easy to use, simple config file, no arguments needed, perfect
for /etc/apm/resume.

Oh, and it uses pledge for good measure.

I hope this is helpful!

Ray



wifind(8)   System Manager's Manual
wifind(8)

NAME
 wifind – connect to known wifi networks

SYNOPSIS
 wifind

DESCRIPTION
 The wifind utility scans for the strongest recognized wifi networks,
 writes an appropriate hostname.if(5) file, and starts the network with
 /etc/netstart(8).

FILES
 /etc/wifind.conf

EXIT STATUS
 Exits 0 on success, 1 if no network found.

EXAMPLES
 Add the following line to your /etc/apm/resume:

 wifind

SEE ALSO
 hostname.if(5)

HISTORY
 I got really tired of editing hostname.if(5) every time I moved my
 laptop.

AUTHORS
 Ray Lai <r...@raylai.com>

CAVEATS
 Please avoid nwid or wpakey with quotes, dollar signs, or backslashes.

 I'm sorry if you dislike Perl, but it comes stock with OpenBSD.

OpenBSD 6.0  June 3, 2016  OpenBSD
6.0

==
wifind
==
#!/usr/bin/env perl
# Written by Ray Lai <r...@raylai.com>.
# Public domain.

use JSON::PP;
use OpenBSD::Pledge;
use strict;
use warnings;

my $ifconfig = '/sbin/ifconfig';
my $tmp = "/etc/wifind.tmp";
my $head = "lladdr random\n" .
"-chan -bssid -wpakey\n";
my $tail = "dhcp\n";

sub slurp
{
my $file = shift;
open F, '<', $file or die "Can't read $file: $!";
local $/;   # enable slurp mode, locally.
my $data = ;
close F;
$data;
}

sub write_hostname_if
{
my ($if, $ap) = @_;
my $hostname_if = "/etc/hostname.$if";

umask 077;
open TMP, '>', $tmp or die "Unable to open $tmp: $!";

print TMP $head;
# set nwid, bssid, chan
printf TMP 'nwid "%s"', $ap->{nwid};
printf TMP ' bssid "%s"', $ap->{bssid} if $ap->{bssid};
printf TMP ' chan "%s"', $ap->{chan} if $ap->{chan};
print TMP "\n";
# wpa needs to be set after nwid
printf TMP "wpakey \"%s\"\n", $ap->{wpakey} if $ap->{wpakey};
print TMP $tail;
close TMP;

rename $hostname_if, "$hostname_if.orig" or die "rename failed: $!";
rename $tmp, $hostname_if or die "rename failed: $!";

print STDERR "found $ap->{nwid}, wrote $hostname_if\n";
}

# we only need rpath to read config file
pledge(qw( rpath wpath cpath proc exec )) || die "Unable to pledge: $!";

my $conf = decode_json(slurp '/etc/wifind.conf');
my $wlan = $conf->{wlan};
my $if = $conf->{if};

# initial scan
open L, '-|', $ifconfig, $if, 'scan' or die "Can't open pipe: $!";

pledge(qw( rpath wpath cpath exec )) || die "Unable to pledge: $!";
for () {
if (/^\s+nwid (.+) chan (\d+) bssid ([0-9a-f:]+) (-\d+)dBm ([\w-]+)
([\w,-]+)\s*$/) {
my ($nwid, $chan, $bssid, $dbm, $mystery, $csv) =
($1, $2, $3, $4, $5, $6);
my %cap = map { $_ => 1 } split(/,/, $csv);

# remove quotes from nwid, if any
$nwid =~ s/^"(.*)"$/$1/;

# reject hostile characters
if ($nwid =~ /["\\\$]/) {
print STDERR "malformed nwid: $nwid\n";
next;
}
# check for recognized access points
# i assume we will match the strongest signal first
for my $ap (@$wlan) {
next if $ap->{nwid} ne $nwid ||
($ap->{bssid} && $ap->{bssid} ne $bssid) ||
($ap->{chan} && $ap->{chan} ne $chan) ||
($ap->{wpakey} && !$cap{wpa2});

# reject hostile characters
if ($ap->{wpakey} =~ /["\\\$]/) {
print STDERR "malformed wpakey\n";
next;
        }

write_hostname_if $if, $ap;
exec '/bin/sh', '/etc/netstart', $if
or die "exec failed: $!";
}
}
}

print STDERR "no network found\n";
exit 1;


=
wifind.conf.5
=
.\" $OpenBSD$
.\"
.\" Written by Ray Lai <r...@raylai.com>.
.\" Public domain.
.\"
.Dd $Mdocdate$
.Dt WIFIND.CONF 5
.Os
.Sh NAME
.Nm wifind.conf
.Nd wifind 

Re: Can't use sshfs as user

[Ray Lai]

I've fixed "sshfs -o idmap=user", please test and give feedback:

https://marc.info/?l=openbsd-tech=146383589632694=2

Index: fuse_opt.c
===
RCS file: /home/cvs/src/lib/libfuse/fuse_opt.c,v
retrieving revision 1.15
diff -u -p -r1.15 fuse_opt.c
--- fuse_opt.c  19 Oct 2015 17:24:07 -  1.15
+++ fuse_opt.c  21 May 2016 12:53:57 -
@@ -247,13 +247,14 @@ parse_opt(const struct fuse_opt *o, cons
ret = f(data, [idx], o->val, arg);
else
ret = f(data, val, o->val, arg);
-   }
-
-   if (o->off != ULONG_MAX && data && o->val >= 0) {
-   ret = f(data, val, o->val, arg);
-   int *addr = (int *)(data + o->off);
-   *addr = o->val;
-   ret = 0;
+   /* exact match, e.g. "idmap=user" (instead of 
"idmap=%s") */
+   } else if (keyval && strcmp(val, o->templ) == 0) {
+   if (data && o->val >= 0) {
+   ret = f(data, val, o->val, arg);
+   int *addr = (int *)(data + o->off);
+   *addr = o->val;
+   ret = 0;
+   }
}
 
if (ret == -1)

Re: pftpx

[Ray Lai]

On Thu, May 25, 2006 at 08:28:12PM +0100, Gaby vanhegan wrote:
 The last mention of this on misc@ was march, and not much prior to  
 that.  Does anybody have any good/bad experiences with pftpx?  I plan  
 to use it to proxy incoming FTP connections, the opposite of what I'd  
 use ftp-proxy for...

It's been imported as the new ftp-proxy:

http://marc.theaimsgroup.com/?m=111708277030478

-Ray-

Re: bash vs. ksh

[Ray Lai]

On Wed, May 10, 2006 at 04:35:46PM -0400, Michael Erdely wrote:
 Janjaap van Velthooven wrote:
 Luke Bakken wrote:
 cmd1 21 $WHERE
 What you would want is 
 cmd1 $WHERE 21
 
 I was going to respond with the exact same thing.  Then, just for kicks, 
 I decided to read ksh(1) from 3.9 and searched for 2.  I found:
 $ cat /foo/bar 21  /dev/null | cat -n
 
 Here's a patch:
 --- ksh.1.orig  Wed May 10 16:33:50 2006
 +++ ksh.1   Wed May 10 16:34:27 2006
 @@ -2108,7 +2108,7 @@
  pipelines are created and in the order they are given, so the following
  will print an error with a line number prepended to it:
  .Pp
 -.D1 $ cat /foo/bar 2\*(Gt1 \*(Gt /dev/null \*(Ba cat -n
 +.D1 $ cat /foo/bar \*(Gt /dev/null 2\*(Gt1 \*(Ba cat -n
  .Ss Arithmetic expressions
  Integer arithmetic expressions can be used with the
  .Ic let

Did you read the text above the example?

-Ray-

Re: www.openbsd.org defaults to Japanese

[Ray Lai]

On Tue, May 02, 2006 at 11:26:37PM +, Tan Dang wrote:
 Any reason why www.openbsd.org displays Japanese by default now?

April Fools!

-Ray-

Re: OpenBSD via serial line

[Ray Lai]

On Tue, May 02, 2006 at 12:15:09PM +1000, John Kintaro Tate wrote:
 I was wondering about installing OpenBSD on a very old laptop (no cdrom) via
 serial line. I am aware it would take literally ages.
 
 I am guessing slip would be the way to go, I have never used it before. Does
 anyone have anything they can point me at with a reasonable introduction,
 such as certain manpages etc.

No network?

-Ray-

Re: Problem Compiling Stevens' Socket Source Code

[Ray Lai]

On Tue, Apr 25, 2006 at 12:10:14AM +0200, Tobias Ulmer wrote:
 Here's a patch that removes all(?) warnings/errors from the
 intro chapter if you followed the instructions in the readme...
 
  
 diff -ru unpv13e.orig/intro/byteorder.c unpv13e/intro/byteorder.c
 --- unpv13e.orig/intro/byteorder.cThu Nov 14 04:33:33 2002
 +++ unpv13e/intro/byteorder.c Tue Apr 18 04:39:40 2006
 @@ -18,7 +18,7 @@
   else
   printf(unknown\n);
   } else
 - printf(sizeof(short) = %d\n, sizeof(short));
 + printf(sizeof(short) = %zd\n, sizeof(short));

Use %zu for sizeof(), since it returns size_t, an unsigned type.

-Ray-

Re: Verizon PC5740 card (Curitel Communications) wireless WAN card

[Ray Lai]

On Mon, Apr 24, 2006 at 08:52:09PM -0500, Chris Paul wrote:
 Thanks to Jolan's recommendation to fiddle with umodem.c has helped. I 
 now have
 
 #define UMODEMIBUFSIZE 2048
 #define UMODEMOBUFSIZE 2048
 
 It works quite well now except that almost everytime I pull out the card, 
 OpenBSD freezes. I guiltily admit that this may be due to me using an 
 instable window manager (fvwm 2.5). I supposed I could try killing the 
 window manager next time.

Try doing that in console mode instead of X, you'll probably get a
kernel panic.  Follow the instructions.

-Ray-

Re: heads up about filesystem troubles

[Ray Lai]

On Wed, Apr 12, 2006 at 04:49:29PM +0200, Jonathan Thornburg wrote:
 Hi,
 
 The window of danger was booting a kernel from any time _after_ 2
 weeks ago and running a fsck from any time _before_ 4 days ago.  If
 you have booted a new kernel, do not use the old fsck.
 
 Do I infer correctly from the following paragraph
 I have backed out the new superblock changes.  The next snapshot will
 not upgrade the superblock and will simply use the old format.  You
 are encouraged to move away from any snapshot installed in the last 2
 weeks.
 that these changes *only* went into -current, and did *not* go into
 -stable?

Yes.

-Ray-

Re: OpenBSD todo list?

[Ray Lai]

On Mon, Apr 10, 2006 at 08:44:36PM -0700, Shawn Nock wrote:
 A quick search of the archive and google didn't turn anything up, so 
 I'll ask here.
 
 Is there (if not could there be) a document that describes portions of 
 the tree that particularly need attention? I am looking for a way to 
 contribute and without a little direction the task seems daunting. The 
 FreeBSD folks recently started maintaining such a todo list. It seems to 
 have worked out fairly well for them. I realize that those in a position 
 to put together such a list are also the ones not likely to have the 
 time, but I believe this could prove useful (I assume there are more 
 like me who are new and/or haven't found a comfort zone/focus yet).

OpenRCS needs help.  Diffs that implement missing functionality,
diffs that match GNU RCS behavior in existing functions, and
additional regression tests are all welcome.

I look forward to your code.

-Ray-

Re: RedBlack trees

[Ray Lai]

On Thu, Apr 06, 2006 at 05:07:14PM -0300, Gustavo Rios wrote:
 Hey folks,
 
 i saw OpenBSD comes with a library that implements a redblack tree
 features. I know there are many ways to implement it. The difference
 is in performance. I don't know the fastest one.
 
 May some of the openbsd friends suggest one?
 
 Thanks a lot for your time and cooperation.

man tree(3)

-Ray-

Re: Spamd and verbose logging...

[Ray Lai]

On Mon, Mar 27, 2006 at 09:53:01AM -0700, Jeff Ross wrote:
 Hi all,
 
 I'm trying to understand why spamd isn't doing any verbose logging on my 
 mail server.  Spamd is working fine, so this is more curiosity/learning 
 than anything else.
 
 NOTE: I have replaced the standard syslog with socklog.  I understand that 
 this may be a socklog problem and not a spamd problem, but socklog is 
 working fine with other processes logging to syslog (including chrooted 
 httpd error logs) so I thought I'd start here.

Do you have socklog logging from /var/empty/dev/log?  spamd chroots
to /var/empty.

-Ray-

 I use this in /etc/rc.conf.local:
 
 spamd_flags=-v -p 8024 -G 25:4:864
 spamd_grey=YES
 spamlogd_flags=
 
 and the correct parameters are being picked up by spamd:
 
 [EMAIL PROTECTED]:/tmp $ ps -wwwaux | grep [s]pam
 _spamd   18445  0.0  0.2  8720   548 ??  Is11Mar06   22:08.83 spamd: 
 (pf spamd-white update) (spamd)
 _spamd 290  0.0  1.9  9892  4888 ??  S 11Mar06   32:48.75 
 /usr/libexec/spamd -v -p 8024 -G 25:4:864 -g
 _spamd2714  0.0  0.2  8688   376 ??  I 11Mar061:43.45 spamd: 
 (/var/db/spamd update) (spamd)
 root 19930  0.0  0.1   380   348 ??  Is11Mar060:25.46 
 /usr/libexec/spamlogd
 
 Some logging, and logging at the debug level, does occur.
 
 2006-03-27 07:28:41.855565500 daemon.debug: spamd[18445]: whitelisting 
 209.59.202.133 in /var/db/spamd
 
 I ran ktrace on spamd with the following:
 
 sudo ktrace -id -p 290 -f /tmp/spamd.trace
 
 and even caught a spammer in action ;-)
 
 
290 spamdEMUL  native
290 spamdRET   select 1
290 spamdCALL  read(0x7,0x84e0,0x4000)
290 spamdGIO   fd 7 read 388 bytes
spamd-greytrap;Your address %A has mailed to spamtraps 
 here\\n;12.24.45.234/32;140.134.27.177/32;194.\
 
 50.7.57/32;200.243.249.130/32;200.50.112.201/32;200.86.156.91/32;200.90.205.20/32;201.215.80.209/32;203\
 
 .200.147.5/32;212.158.149.62/32;216.127.70.18/32;217.125.161.0/32;222.165.171.51/32;69.63.58.88/32;81.5\
 
 7.208.215/32;82.194.48.154/32;82.224.12.56/32;82.67.89.103/32;84.227.237.99/32;

290 spamdRET   read 388/0x184
290 spamdCALL  gettimeofday(0xcfbe6d88,0)
290 spamdRET   gettimeofday 0
290 spamdCALL  select(0xb,0x80eb4080,0x80eb40e0,0,0)
290 spamdRET   select 1
290 spamdCALL  accept(0x3,0xcfbe6e14,0xcfbe6de0)
290 spamdRET   accept 5
290 spamdCALL  gettimeofday(0xcfbe6d58,0)
290 spamdRET   gettimeofday 0
290 spamdCALL  mmap(0,0x2000,0x3,0x1002,0x,0,0,0)
290 spamdRET   mmap 2142023680/0x7facb000
290 spamdCALL  mmap(0,0x1000,0x3,0x1002,0x,0,0,0)
290 spamdRET   mmap -2040590336/0x865f1000
290 spamdCALL  getpid()
290 spamdRET   getpid 290/0x122
290 spamdCALL  socket(0x1,0x2,0)
290 spamdRET   socket 8
290 spamdCALL  fcntl(0x8,0x2,0x1)
290 spamdRET   fcntl 0
290 spamdCALL  connect(0x8,0xcfbe6030,0x6a)
290 spamdNAMI  /dev/log
290 spamdRET   connect -1 errno 2 No such file or directory
290 spamdCALL  close(0x8)
290 spamdRET   close 0
290 spamdCALL  sendto(0x,0xcfbe6530,0x2f,0,0,0)
290 spamdRET   sendto -1 errno 9 Bad file descriptor
290 spamdCALL  socket(0x1,0x2,0)
290 spamdRET   socket 8
290 spamdCALL  fcntl(0x8,0x2,0x1)
290 spamdRET   fcntl 0
290 spamdCALL  connect(0x8,0xcfbe6030,0x6a)
290 spamdNAMI  /dev/log
290 spamdRET   connect -1 errno 2 No such file or directory
290 spamdCALL  close(0x8)
 
 Yet, /dev/log certainly does exist:
 
 ls -al /dev/log
 srwxrwxrwx  1 root  wheel  0 Mar 11 13:10 /dev/log
 
 I've read the connect(2) man page (and again and again), but other than 
 the fact that connect is failing and returning -1 and errno, I'm stuck.
 
 Any clues or pointers in how better to investigate would be greatly 
 appreciated.
 
 Jeff

Re: openbsd and the money

[Ray Lai]

On Mon, Mar 27, 2006 at 09:57:25PM +0200, Tobias Kirschstein wrote:
 On Mon, 27 Mar 2006 13:50:04 +0200
 Henning Brauer [EMAIL PROTECTED] wrote:
  * Tobias Kirschstein [EMAIL PROTECTED] [2006-03-25 20:26]:
Maybe our friends of humppa.com will make a Humppa OpenBSD
Support Tour 2006 or add them to the 11 OpenBSD songs.
   
   ... as you mention it: an (maybe more funny) idea would be some
   benefit humppa concerts with e.g. Elaekelaeiset where some percent
   of the entrance fee will be donated to the OpenBSD project. Some
   CDs and t-shirts can be sold there, too. This way nobody has to pay
   for any
  
  have you organzied that yet?
 
 is this a rhetorical question? :)
 
 no i haven't, but oliver and i will meet Elaekelaeiset next week in
 regensburg maybe i could ask them there if they are interested in such
 a thing at all.
 it doesn't hurt to ask.

(This rant applies to every respondent to these threads, not one
person in particular.)

But it does.  Ideas like these have been filling up my mailbox and
wasting everybody's time and bandwidth.  Under your logic, spam
doesn't hurt either.  Prank calls don't hurt.  What you don't realize
is that it wastes everybody's time to read and respond.  That doesn't
even take into account the implementation cost of each idea.

Want to help?  Really help?  Just do it.  Organize a benefit Humppa
concert, then let us know.  Set up collection funds, sell MMs for
$1 each, whatever.  Whatever idea it is you have, implement it.
Then pass the proceeds to the project.

This has been done in the past.  That's how the G5 was donated to
the project.  Someone stepped up to organize the collection funds
and once the funds were complete the money was sent to the appropriate
people.  Do you think the same thing would have happened if 50
people just kept saying, Apple should donate to OpenBSD.  Somebody
should organize a fund raiser.  Let's sign up for an online petition!?

You may think your ideas are easy to set up and that you are being
helpful by submitting more and more ideas (despite being repeatedly
told otherwise), but all these things take time to do, and every
idea without an action just wastes time.

-Ray-

Re: UPEK Fingerprint-Reader (ThinkPad Notebooks)

[Ray Lai]

On Fri, Mar 24, 2006 at 02:24:31AM +, Deanna Phillips wrote:
 Karsten McMinn [EMAIL PROTECTED] writes:
 
  On 3/20/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
 
  Oops, that's a good heads up. I was considering getting an R51. Is that
  going to have an unsupported wireless NIC?
 
  Paul
 
 
  ath0 at pci4 dev 0 function 0 Atheros AR5212 (IBM MiniPCI) rev 0x01:
  cannot map register space
 
  I've turned all knobs on the laptop (rf switch, varios bios settings, bios
  versions etc) to
  no avail. Its on my todo list though.
 
 Huh.
 
 ath0 at pci4 dev 2 function 0 Atheros AR5212 (IBM MiniPCI) rev 0x01: irq 11

What's in your /etc/hostname.ath0?  You can XXX out the IPs if you
want, I'm mainly interested in what parameters you pass ifconfig.
Thanks!

-Ray-

Re: Reminder about the X Aperture

[Ray Lai]

On Thu, Mar 16, 2006 at 01:56:44PM -0800, A Rossi wrote:
 snip
  modern PC video card architecture containing a large
  quantity of PURE EVIL.
 
 This joke has a whole new meaning...
 http://ctrlaltdel-online.com/comic.php?d=20021029
 
 As an aside, there are no alternative windows systems that are 
 functional or secure?

Use a -current Zaurus.  And I think you mean functional AND secure.
=)

-Ray-

Re: Fw: Why packets are not blocked

[Ray Lai]

On Tue, Mar 07, 2006 at 09:48:14PM -0600, Jim wrote:
 don't forget to flush/kill states if you want existing connections to
 be torn down.
 
 How do I do that?

pfctl -k

-Ray-

Re: Dependancies with make search key=

[Ray Lai]

On Tue, Feb 28, 2006 at 04:04:46PM -0600, Harry Putnam wrote:
 Maybe I don't understand what the dependancy lines are supposed to
 do.  I thought they would list any dependancies.
 
 I have no part of X installed so should I see some dependancies listed
 here?
# make search key=ratpoison
   Port:   ratpoison-1.3.0p1
   Path:   x11/ratpoison
   Info:   minimal wm based on GNU screen
   Maint:  William Yodlowsky [EMAIL PROTECTED]
   Index:  x11
   L-deps: 
   B-deps: 
   R-deps: 
   Archs:  any

I guess this means ratpoison is unbelievably lightweight, having
no dependencies (other than X, of course).

-Ray-

Re: systrace filename exists rule

[Ray Lai]

On Mon, Feb 27, 2006 at 05:48:26PM +0200, [EMAIL PROTECTED] wrote:
 i was writing a systrace rule and i could not find a way to create 
 a rule that would permit writing 
 to a file but only if it does not exists, so it could only create 
 new files but not override old ones. 
 Would that require a new feature to systrace or is it already 
 possible do it in a way that I'm not 
 seeing.

Use ``systrace -u''.  It allows for finer-grained control of system
calls.

-Ray-

Re: squid cachemgr: Unknown host: localhost

[Ray Lai]

On Fri, Feb 24, 2006 at 09:57:24PM +0100, Martin Schr?der wrote:
 Hi,
 I've a firewall/proxy with 3.7 running a named and transparent
 squid. I want to use cachemgr.cgi, so I've setup apache to listen
 on port 8080 and copied /usr/local/libexec/cachemgr.cgi to
 /var/www/cgi-bin
 
 Now, the Cache Manager Interface comes up on
 http://firewall:8080/cgi-bin/cachemgr.cgi, but whatever I enter
 (or if I simply press Continue), I always get an error page:
 
 Cache Manager Error
 
 Unknown host: localhost 
 
 I'm stymied; dig localhost works. :-(
 
 Any clues?

Apache is chrooted so it has no access to /etc/hosts and /etc/resolv.conf.
Try changing all ``localhost'' references to ``127.0.0.1'' in the CGI.

-Ray-

Re: auto-adding bad hosts to a table

[Ray Lai]

On Wed, Feb 22, 2006 at 02:47:02PM -0500, Chris Smith wrote:
 In addition to preventing infected PC's from using their own SMTP engine 
 to send out spam by blocking port 25 from all but the mail server. I 
 would also like to add those hosts automatically to a table in order to 
 block their access altogether so that the infected PC's cannot attempt 
 other damage. How can this be accomplished?

Do ``block in log on port 25'' and listen to pflog0 to add bad
hosts.  Basically the opposite of spamlogd(8).

-Ray-

Re: auto-adding bad hosts to a table

[Ray Lai]

On Wed, Feb 22, 2006 at 03:31:41PM -0500, Daniel Ouellet wrote:
 Chris Smith wrote:
 In addition to preventing infected PC's from using their own SMTP engine 
 to send out spam by blocking port 25 from all but the mail server. I 
 would also like to add those hosts automatically to a table in order to 
 block their access altogether so that the infected PC's cannot attempt 
 other damage. How can this be accomplished?
 
 
 You can use PF for that.
 
 pass connection from any to your smtp server and block everything else 
 to port 25 with log into a table. You also use that table to block all 
 outgoing connections.

Can you really log into a table?  I don't see anything in pf.conf(5)
for that.

-Ray-

Re: auto-adding bad hosts to a table

[Ray Lai]

On Wed, Feb 22, 2006 at 04:17:35PM -0500, Daniel Ouellet wrote:
 Ray Lai wrote:
 On Wed, Feb 22, 2006 at 03:31:41PM -0500, Daniel Ouellet wrote:
 Chris Smith wrote:
 In addition to preventing infected PC's from using their own SMTP engine 
 to send out spam by blocking port 25 from all but the mail server. I 
 would also like to add those hosts automatically to a table in order to 
 block their access altogether so that the infected PC's cannot attempt 
 other damage. How can this be accomplished?
 
 You can use PF for that.
 
 pass connection from any to your smtp server and block everything else 
 to port 25 with log into a table. You also use that table to block all 
 outgoing connections.
 
 Can you really log into a table?  I don't see anything in pf.conf(5)
 for that.
 
 Why not?
 
 spamd use it and you can do many things.
 
 I use something like this for example to limit the connection to ssh. 
 Just reverse it to limit connection to smtp instead. And then instead of 
 blocking the users in the table to the port ssh only, block all.
 
 Just play with it, it's fun! (:
 
 I use different rules to trap various virus for example. Very efficient!
 
 snip
 # define macros for each network interface
 ext_if=fxp0
 
 snip
 # Define some variable for clarity
 SSH_LIMIT=(max-src-conn-rate 5/30, overload bad_ssh flush global)
 
 snip
 # Table directive
 table bad_ssh persist file /var/log/bad_ssh
 
 snip
 # Allow quick valid traffic to ssh but log all attempts as well
 block return-rst log quick proto tcp from bad_ssh label ssh-pirate
 pass in log quick on $ext_if inet proto tcp from !bad_ssh \
to $ext_if port ssh flags S/SA keep state \
$SSH_LIMIT label ssh
 
 snip
 
 Then you add a cronjob to update your file /var/log/bad_ssh once a day 
 or something in case you patch your box and reboot as to not loose the 
 list. Or you can flush it every 24 hours as well, your choice really if 
 you want to be more forgiving.

I thought you meant you could do something like:

block in log-table zombie to port 25

where zombie is updated automatically.

-Ray-

Re: auto-adding bad hosts to a table

[Ray Lai]

On Wed, Feb 22, 2006 at 04:48:19PM -0500, Daniel Ouellet wrote:
 Ray Lai wrote:
 I thought you meant you could do something like:
 
  block in log-table zombie to port 25
 
 where zombie is updated automatically.
 
 If you read on the PF and look at what I send you, you will see that 
 bad-ssh IS updated automatically.
 
 That's what the line:
 
 (max-src-conn-rate 5/30, overload bad_ssh flush global)
 
 does. After 5 connection in 30 seconds, the IP address is put 
 automatically into the table bad_ssh and flush global remove any state 
 in the PF table.
 
 Just adjust the max-src-conn-rate 5/30 for what you want.
 
 Hope this make it more clear.

Ah, neat.

-Ray-

Re: filesystem full problem

[Ray Lai]

On Fri, Feb 17, 2006 at 02:54:43PM +0100, Adam Papai wrote:
 Hello list,
 
 I've run into a problem.
 
 My /var reached the 105% disk usage. I've deleted 1.5G from /var but the
 df shows me still 2Gb.
 
 du -csh /var shows 38M
 
 What can I do? I tried: sync but nothin happens. The programs can't write
 to /var so it intiditaces a little deffect..
 
 What's the solution? Only the reboot?

There is probably a program that is running with an open file handle.
Whichever program caused your /var to be filled up is probably still
growing that file, so you have to close it.  Try fstat(1).

-Ray-

Re: iwlist scan equivalent command under OpenBSD

[Ray Lai]

On Thu, Feb 16, 2006 at 05:17:30PM +0100, Ramiro Aceves wrote:
 Hi OpenBSD fans.
 
 I have been googling around and have not been able to solve this
 question. ?How can one discover what wireless networks are available
 under OpenBSD?
 I am used to the iwlist scan eth0 under Linux, and I hate to halt
 OpenBSD and boot Linux only to discover the networks, then come back
 and start OpenBSD again to continue the configuration. What is the
 OpenBSD equivalent to Linux iwlist?
 
 Anyway, my Intel 2200 card is recogniced very well under OpenBSD with
 iwi driver.
 
 Thank you very much in advance.

I usually use the kismet package, but I think you can do ``ifconfig -M''
as well.

-Ray-

Re: xargs PF or BPF

[Ray Lai]

On Tue, Feb 14, 2006 at 11:39:45AM +0100, Otto Moerbeek wrote:
 On Tue, 14 Feb 2006, Michael Schmidt wrote:
 
  Matthias Kilian wrote:
  
   And watch out for silly file names containing whitespace.
   
   BTW: if this is a contest on creative use of find(1) and other
   standard tools:
   
   $ find . -type f | sed '[EMAIL PROTECTED]@grep -l -- foo @' | sh
   
   Yes, this isn't robust against whitespace, either PLUS it's
   inefficient. But in some cases the find ... | sed ... | sh pattern
   is quite useful.

  
  Sometime ago I have had the same problem with spaces in filenames and 
  dealing
  with them as xargs parameters. There I have used (here only as an example):
  
  find . -print | grep -i ' ' | xargs -I {} ls -ald {}
  
  FYI, that has been on a non-OpenBSD system.
  I4m not at my OpenBSD system at the moment, so I can4t check whether OpenBSD
  xargs supports the shown options. Maybe someone may test it.
  
  One may check this at a directory with space-containing filenames.
  Without the -I {} and {} parts you get funny output.
  
 
 Well, -print0 in find and xargs -0 are designed to deal with that.
 Sadly these are not in POSIX (which is not documented correctly in the
 xargs case).

Does this diff fix it?  (I also added a comma after the last -R.)

-Ray-

Index: xargs.1
===
RCS file: /cvs/src/usr.bin/xargs/xargs.1,v
retrieving revision 1.15
diff -u -r1.15 xargs.1
--- xargs.1 12 Sep 2005 09:44:59 -  1.15
+++ xargs.1 14 Feb 2006 13:37:48 -
@@ -316,7 +316,8 @@
 .St -p1003.2
 compliant.
 The
-.Fl J , o , P , R
+.Fl 0 , J , o , P ,
+.Fl R ,
 and
 .Fl r
 options are non-standard

Re: PF or BPF

[Ray Lai]

On Mon, Feb 13, 2006 at 05:28:22PM -0500, Jason Crawford wrote:
 Well in the case of /usr/src, I think you must MIGHT hit the maximum
 argument length for the shell by using xargs, unless you did it inside
 of each directory in /usr/src. That and well, explaining xargs to Dave
 will end up leading to another 20+ mail thread

xargs runs the command multiple times when it hits this limit:

[EMAIL PROTECTED] jot 0 | xargs echo | sed 's/ .*//'
1
5001
10001
15001
20001
25001
^C

The manual tries to describe this behavior:

Any arguments specified on the command line are given to the utility 
upon
each invocation, followed by some number of the arguments read from 
stan-
dard input.  The utility is repeatedly executed one or more times until
standard input is exhausted.

-Ray-

Re: Interface ranges in pf.conf (i.e. tun[0-10])

[Ray Lai]

On Mon, Feb 13, 2006 at 11:13:17PM -0500, Ray Lai wrote:
 On Tue, Feb 14, 2006 at 04:26:29AM +0100, Tobias Ulmer wrote:
  On Mon, Feb 13, 2006 at 09:28:12PM -0500, kyle wrote:
   Im having trouble finding out if(I'm sure it does) the pf.conf supports
   interface ranges and how to implement it. Right now, I have an ugly rule
   that specifies each interface(tun0, tun1, tun2, etc..). If I somehow 
   missed
   this in some documentation, please feel free to tell me to STFA or RTFM -
   but I have checked both the past week and haven't found anything. I also
   don't have the luxury to just try it out at the moment..Any help is
   appreciated - thanks!
  
  I don't know if this works with regular rules, but there is a recent 
  post from Ray Lai where he points out that it's possible to use just 
  interface instead of interface[0-n] [1].
 
 Wow, I'm referenced. =)
 
  I didn't find this documented in pf.conf(5), but maybe I just should get 
  some sleep...
 
 They are called ``interface groups'', and there are several of them.
 ifconfig(8) can show some groups:

And is the post by Henning:

https://marc.theaimsgroup.com/?m=111894940807554

-Ray-

Re: users filling partitions crashing system

[Ray Lai]

On Tue, Feb 07, 2006 at 11:00:41AM +, MikeyG wrote:
 Is there any way to direct cores to be saved somewhere else?
...
 Feb  6 10:36:36 boxname /bsd: WARNING: / was not properly unmounted
 Feb  6 10:37:37 boxname savecore: reboot after panic: trap type 6, 
 code=2, pc=d033737c
 Feb  6 10:37:37 boxname savecore: no dump, not enough free space on device
 Feb  6 13:00:01 boxname syslogd: restart
 Feb  6 17:00:01 boxname syslogd: restart
 Feb  7 10:00:01 boxname syslogd: restart
 
 And just to check:
 $ swapctl -l
 Device  512-blocks UsedAvail Capacity  Priority
 swap_device10483200  1048320 0%0

You also need enough space in /var/crash to store the core dump.
See crash(8).

-Ray-

Re: pf question - solved

[Ray Lai]

On Thu, Feb 02, 2006 at 05:59:54PM -0500, Dave Feustel wrote:
 I found the solution in the pf faq:  skip lo0.
 This rule is not mentioned in Artymiak's book
 which I had been reading. I will now read the
 complete pf faq to see what I have not been
 aware of.

You can also do ``set skip on lo'' to skip all loopback interfaces
(not that most people have more than one).

-Ray-

Re: Brain wash for live partition, or directory mirroring concept idea(s)?

[Ray Lai]

On Wed, Feb 01, 2006 at 11:37:19PM -0500, Daniel Ouellet wrote:
snip
 This way, continuous live mirroring can be done and no need for cronjob, 
 etc. And this would be much more efficient as well.
snip

https://marc.theaimsgroup.com/?l=openbsd-miscm=86187916316
https://marc.theaimsgroup.com/?l=openbsd-miscm=105358689405500

-Ray-

Re: A small patch to make input style in license.template consistent

[Ray Lai]

On Sun, Jan 29, 2006 at 12:37:07PM -0300, Andr??s Delfino wrote:
 Or... somehow I changed that word when sending the message. Anyway,
 this is the correct diff:
 
 --- license.templateTue Jun  3 19:37:00 2003
 +++ license.template.1  Sun Jan 29 12:33:55 2006
 @@ -5,11 +5,14 @@
  should be separated by a comma, e.g.
  Copyright (c) 2003, 2004
 
 +Note that less than and greater than signs below must be removed;
 +they are there for you to enter your own information.
 +
  If you add extra text to the body of the license, be careful not to
  add further restrictions.
 
  /*
 - * Copyright (c) CCYY YOUR NAME HERE [EMAIL PROTECTED]
 + * Copyright (c) YEAR YOUR NAME YOUR E-MAIL
   *
   * Permission to use, copy, modify, and distribute this software for any
   * purpose with or without fee is hereby granted, provided that the above

1. I think the original was clearer (though I prefer  to CCYY).
   What should I type for YEAR, 1984, 84, or Nineteen Eighty-Four?
2. The angle brackets around the e-mail address are lost.
3. ``Copyright (c) CCYY YOUR NAME HERE [EMAIL PROTECTED]'' is
   obvious enough and does not need an explanatory note.

-Ray-

Re: Ralink - device timeout

[Ray Lai]

On Mon, Jan 23, 2006 at 01:20:36PM +0100, Joakim Aronius wrote:
 * Jonathan Gray ([EMAIL PROTECTED]) wrote:
  On Mon, Jan 23, 2006 at 12:36:46PM +0100, Joakim Aronius wrote:
   Hi Anders,
   
   From your dmesg:
   pcibios0 at bios0: rev 2.1 @ 0xfd7a0/0x860
   
   From RAL(4)
   CAVEATS
PCI ral adapters seem to strictly require a system supporting PCI 
   2.2 or
greater and will likely not work in systems based on older revisions 
   of
the PCI specification.
   
   /jkm
  
  I keep saying this no one listens.
  The pcibios string does _not_ indicate PCI 2.2 compliance or not.
  If you have a system that can't deal with the 3V PCI 2.2+ cards
  and you put a ral in it, it will not post.
 
 Oh. And how does one know if the system can handle 3V PCI 2.2+
 cards? Any hint in the dmesg or do i need to dig up the mobo
 manual?

Depending on jsg's definition of ``post'' (Power On Self Test or
post in dmesg?) your system will either refuse to boot or won't
show up in the dmesg.  That is, if you have a ral card.

-Ray-

Re: which cf wifi card for a Zaurus C3100?

[Ray Lai]

On Mon, Jan 16, 2006 at 05:29:02PM +0100, Maik Kuendig wrote:
 can someone recommend a CF WiFi card for a Zaurus C3100?
 
 My dealer has the following cards available:
   - D-Link DCF-660W
   - Linksys WCF12-EU

I use a Linksys WCF12 (no ``-EU'', bought in the US).  Works great.

-Ray-

Re: ipv6 tentative address generation

[Ray Lai]

On Tue, Jan 17, 2006 at 01:11:29AM -0600, Travers Buda wrote:
 Ipv6 allows for stateless configuration of a interface. The IEEE (aka 
 MAC or hardware address) is generally used to generate tentative 
 addresses which commonly end up being the assigned address provided 
 stateful addressing does not exist on the network (such as DHCP.) This 
 is the case in OpenBSD's import of KAME. 
 
 Since the same method to generate an IP is used over an over (the host 
 has an unchanging, persistant address,) the traffic generated and 
 recieved by hosts would be open to many forms of analysis not 
 necessairly confined to the computing world. For example, when some is 
 at home, at work; what they access could be more easily tied to them 
 (and the hardware they use,) decreasing anonymity. 
 
 The problem and solution are outlined in RFC 3041. 
 http://www.ietf.org/rfc/rfc3041.txt
 
 The solution is to use random data to generate ipv6 stateless addresses. 
 
 Trying to be productive and not an asshole, 

Is there a question?

If you wish to generate random ipv6 stateless addresses,
``jot -rs: -w%.2x 6 0 255'' and ifconfig(8) work.

-Ray-

Re: Linksys WMP55AG (ath0) Not Finding Wireless Network

[Ray Lai]

On Thu, Jan 12, 2006 at 10:55:35PM -0700, Theo de Raadt wrote:
  Some AR5212 chips seem to have problems, even though they are
  detected by OpenBSD.  I read something about newer firmwares?
 
 The atheros chips do not use firmware.

Please ignore my ignorance, I meant PHY:

http://www.monkey.org/openbsd/archive2/misc/200507/msg00564.html

-Ray-

Re: Linksys WMP55AG (ath0) Not Finding Wireless Network

[Ray Lai]

Some AR5212 chips seem to have problems, even though they are
detected by OpenBSD.  I read something about newer firmwares?  Try
searching the archives.  One person recently reported having success
by setting COUNTRYCODE to de and rebuilding his kernel; it didn't
work for me but I guess it's worth a shot.

Good luck.

As this is not a tech@ topic I've moved it back to [EMAIL PROTECTED]

-Ray-

On Thu, Jan 12, 2006 at 11:24:41PM -0500, [EMAIL PROTECTED] wrote:
 I apologize for the cross-post, but since this has gone unanswered on 
 misc@ for 3+ days, I figured that it was unlikely to ever get a 
 response there.
 
 
 
 Hello All,
 
 I've got a Linksys WMP55AG that's refusing to see my wireless network. While
 it's entirely possible that I've misconfigured it, given other somewhat 
 recent
 posts I've seen about problems with ath devices (i.e.
 http://marc.theaimsgroup.com/?l=openbsd-miscm=113166150212987w=2), I 
 figure
 it's also possible that there's some sort of a driver bug, which I'd like to
 help fix if it exists.
 
 My setup should be relatively straightforward: I've got a 3.7-stable system
 running a National Datacomm NCP130 as an access point. Its relevant info is:
 
 dmesg:
 wi0 at pci0 dev 12 function 0 National Datacomm Corp NCP130 Rev A2 
 rev 0x01: irq 9
 wi0: PRISM2 HWB3163 rev.B, Firmware 0.3.0 (primary), 1.7.1 (station), 
 address
 00:80:c6:e3:72:2c
 
 wicontrol wi0 output:
 NIC serial number:  [ 99SA0100 ]
 Station name:   [ WaveLAN/IEEE node ]
 SSID for IBSS creation: [ kirknet ]
 Current netname (SSID): [ kirknet ]
 Desired netname (SSID): [ kirknet ]
 Current BSSID:  [ 00:80:c6:e3:72:2c ]
 Channel list:   [ 2047 ]
 IBSS channel:   [ 3 ]
 Current channel:[ 3 ]
 Comms quality/signal/noise: [ 0 81 27 ]
 Promiscuous mode:   [ Off ]
 Process 802.11b Frame:  [ Off ]
 Port type (1=BSS, 3=ad-hoc, 6=Host AP): [ 6 ]
 MAC address:[ 00:80:c6:e3:72:2c ]
 TX rate (selection):[ 3 ]
 TX rate (actual speed): [ 2 ]
 Maximum data length:[ 2304 ]
 RTS/CTS handshake threshold:[ 2347 ]
 Create IBSS:[ Off ]
 Antenna diversity (0=auto,1=pri,2=aux): [ ]
 Microwave oven robustness:  [ On ]
 Roaming mode(1=firm,3=disable): [ 1 ]
 Access point density:   [ 1 ]
 Power Management:   [ Off ]
 Max sleep time: [ 100 ]
 Enhanced Security mode: [ 0 ]
 Intersil Prism2-based card: [ 1 ]
 Card info:  [ PRISM2 HWB3163 rev.B, 
 Firmware 1.7.1 ]
 Encryption: [ On ]
 Encryption algorithm:   [ Firmware WEP ]
 Authentication type
 (1=OpenSys, 2=Shared Key):  [ 2 ]
 TX encryption key:  [ 1 ]
 Encryption keys:[ not shown ][  ][  ][  ]
 
 ifconfig:
 wi0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
 address: 00:80:c6:e3:72:2c
 ieee80211: nwid kirknet nwkey not shown -11dBm (auto)
 media: IEEE802.11 autoselect hostap (DS2)
 status: active
 inet 192.168.1.42 netmask 0xff00 broadcast 192.168.1.255
 inet6 fe80::280:c6ff:fee3:722c%wi0 prefixlen 64 scopeid 0x3
 
 Several clients with different OSes connect to this AP without hassle, 
 including
 WinXP SP2, OS X 10.2.8, and Ubuntu's 5.10 release (a 2.6.12 Linux kernel), 
 so
 clearly the access point is working.
 
 My client with the Linksys card shows the following from dmesg:
 
 ath0 at pci1 dev 10 function 0 Atheros AR5212 rev 0x01: irq 11
 ath0: AR5213 5.6 phy 4.1 rf5111 1.7 rf2111 2.3, FCC1A, address 
 00:0c:41:16:cb:d4
 
 Going along with man ath, I figured I could just run ifconfig ath0 nwid
 kirknet nwkey my key and be good to go. After doing so, I can see that 
 the
 card has picked up the right AP and channel; unfortunately, however, it 
 thinks
 it's not connected to the network:
 
 ath0: flags=8863UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST mtu 1500
 lladdr 00:0c:41:16:cb:d4
 media: IEEE802.11 autoselect mode 11b (DS1 mode 11b)
 status: no network
 ieee80211: nwid kirknet chan 3 bssid 00:80:c6:e3:72:2c nwkey my 
 key
 inet 192.168.1.101 netmask 0xff00 broadcast 192.168.1.255
 inet6 fe80::20c:41ff:fe16:cbd4%ath0 prefixlen 64 scopeid 0x2
 
 What's particularly strange is the output of wicontrol wi0 -l on the 
 access point:
 
 00:04:23:4b:38:fd  asid=02d0, flags=3AUTH,ASSOC,
 caps=31ESS,PRIVACY,SHORT_PREAMBLE, rates=f1M,2M,5.5M,11M, sig=35/14
 00:30:65:11:35:b0  asid=0140, flags=3AUTH,ASSOC, caps=11ESS,PRIVACY,
 rates=f1M,2M,5.5M,11M, 

MAXNAMLEN, NAME_MAX, FILENAME_MAX Plus One or Not?

[Ray Lai]

What are the proper uses of MAXNAMLEN, NAME_MAX, and FILENAME_MAX?
Do they represent filenames with or without paths?  Do they include
the terminating null or not?  The source seems inconsistent:

[EMAIL PROTECTED]/usr/src] egrep -R '(MAXNAMLEN|NAME_MAX) ?\+ ?1' .
./bin/csh/file.c:Charname[MAXNAMLEN + 1], extended_name[MAXNAMLEN + 1];
./games/hunt/huntd/conf.c:  char nm[MAXNAMLEN + 1];
./gnu/egcs/gcc/config/winnt/dirent.h:char   d_name[MAXNAMLEN + 1];
./gnu/usr.bin/cvs/contrib/dirfns.shar:X chard_name[MAXNAMLEN + 1];  /* name 
must be no longer than this */
./gnu/usr.bin/cvs/contrib/dirfns.shar:X chard_name[MAXNAMLEN + 1];  /* name 
must be no longer than this */
./gnu/usr.bin/cvs/contrib/dirfns.shar:X((sizeof (struct direct) - 
(MAXNAMLEN+1)) + (((dp)-d_namlen+1 + 3) ~ 3))
./gnu/usr.bin/cvs/vms/ndir.h:   chard_name[MAXNAMLEN+1];/* name 
of file */
./gnu/usr.bin/cvs/windows-NT/ndir.h:  char d_name[MAXNAMLEN + 1];   /* 
garentee null termination */
./gnu/usr.bin/gcc/gcc/config/i386/xm-djgpp.h:  static char 
fixed_path[FILENAME_MAX + 1];\
./gnu/usr.bin/lynx/WWW/Library/Implementation/HTVMSUtils.c: char
d_name[255+1];  /* name (up to MAXNAMLEN + 1) */
./gnu/usr.bin/lynx/WWW/Library/Implementation/HTVMSUtils.c: * at least 
MAXNAMLEN + 1 (more may be added for padding).
./gnu/usr.bin/lynx/WWW/Library/Implementation/HTVMSUtils.c: 
(((sizeof(struct dirent) - (MAXNAMLEN+1) + ((dp)-d_namlen+1)) +3)  ~3)
./gnu/usr.bin/perl/doio.c:char newname[FILENAME_MAX+1];
./lib/csu/common.h:char __progname_storage[NAME_MAX+1];
./lib/csu/alpha/crt0.c:char __progname_storage[NAME_MAX+1];
./lib/csu/amd64/crt0.c:char __progname_storage[NAME_MAX+1];
./lib/csu/arm/crt0.c:char __progname_storage[NAME_MAX+1];
./lib/csu/hppa/crt0.c:char __progname_storage[NAME_MAX+1];
./lib/csu/i386/crt0.c:char __progname_storage[NAME_MAX+1];
./lib/csu/powerpc/crt0.c:char __progname_storage[NAME_MAX+1];
./lib/csu/sparc/crt0.c:char __progname_storage[NAME_MAX+1];
./lib/csu/sparc64/crt0.c:char   __progname_storage[NAME_MAX+1];
./lib/csu/hppa64/crt0.c:char __progname_storage[NAME_MAX+1];
./lib/libc/gen/authenticate.c:  char namebuf[MAXLOGNAME + 1 + NAME_MAX + 1];
./lib/libc/gen/authenticate.c:  char namebuf[MAXLOGNAME + 1 + NAME_MAX + 1];
./lib/libc/gen/getcwd.c:if (bup + 3  + MAXNAMLEN + 1 = eup) {
./lib/libc/sys/getdirentries.2:char d_name[MAXNAMLEN + 1]; /* see below */
./lib/libc/sys/.#getdirentries.2.1.19:char  d_name[MAXNAMLEN + 1]; /* see 
below */
./lib/libc/time/localtime.c:(2 * (MY_TZNAME_MAX + 
1)))];
./lib/libssl/src/crypto/dso/dso_vms.c:  char filename[FILENAME_MAX+1];
./lib/libssl/src/crypto/dso/dso_vms.c:  char imagename[FILENAME_MAX+1];
./sbin/newfs/mkfs.c:u_char  d_name[MAXNAMLEN + 1];
./share/man/man5/dir.5: chard_name[MAXNAMLEN + 1];  /* maximum name length 
*/
./sys/compat/ibcs2/ibcs2_dirent.h:  chard_name[IBCS2_MAXNAMLEN 
+ 1];
./sys/compat/linux/linux_dirent.h:  chard_name[LINUX_MAXNAMLEN 
+ 1];
./sys/compat/linux/linux_dirent.h:  chard_name[LINUX_MAXNAMLEN 
+ 1];
./sys/compat/linux/linux_getcwd.c:#define DIRENT_MINSIZE (sizeof(struct dirent) 
- (LINUX_MAXNAMLEN+1) + 4)
./sys/compat/netbsd/netbsd_getcwd.c:#define DIRENT_MINSIZE (sizeof(struct 
dirent) - (MAXNAMLEN+1) + 4)
./sys/compat/sunos/sunos_dirent.h:  chard_name[SUNOS_MAXNAMLEN 
+ 1];
./sys/compat/svr4/svr4_dirent.h:chard_name[SVR4_MAXNAMLEN + 
1];
./sys/compat/svr4/svr4_dirent.h:chard_name[SVR4_MAXNAMLEN + 
1];
./sys/isofs/udf/udf_vnops.c:((sizeof (struct dirent) - (MAXNAMLEN+1)) + 
(((dp)-d_namlen+1 + 3) ~ 3))
./sys/nfs/nfs_vnops.c:#define   NFS_DIRHDSIZ(sizeof (struct nfs_dirent) - 
(MAXNAMLEN + 1))
./sys/stand/ls.c:   if (((DP *)dp)-d_namlen  MAXNAMLEN+1) 
{
./sys/sys/dir.h:((sizeof (struct direct) - (MAXNAMLEN+1)) + 
(((dp)-d_namlen+1 + 3) ~ 3))
./sys/sys/dirent.h: chard_name[MAXNAMLEN + 1];  /* name must be no 
longer than this */
./sys/sys/dirent.h:((sizeof (struct dirent) - (MAXNAMLEN+1)) + 
(((dp)-d_namlen+1 + 3) ~ 3))
./sys/ufs/ufs/dir.h:char  d_name[MAXNAMLEN + 1];/* name with length = 
MAXNAMLEN */
./sys/ufs/ufs/dir.h:((sizeof(struct direct) - (MAXNAMLEN+1)) + 
(((dp)-d_type+1 + 3) ~ 3)) : \
./sys/ufs/ufs/dir.h:((sizeof(struct direct) - (MAXNAMLEN+1)) + 
(((dp)-d_namlen+1 + 3) ~ 3)))
./sys/ufs/ufs/dir.h:((sizeof(struct direct) - (MAXNAMLEN+1)) + 
(((dp)-d_namlen+1 + 3) ~ 3))
./sys/ufs/ufs/dirhash.h:#define DH_NFSTATS  (DIRECTSIZ(MAXNAMLEN + 1) / 
DIRALIGN)
./sys/xfs/xfs_node-bsd.c:char name[MAXNAMLEN + 1];
./usr.bin/ar/archive.h: char name[MAXNAMLEN + 1];   /* name */
./usr.bin/ctags/tree.c: charnbuf[1+MAXNAMLEN+1];
./usr.bin/less/lsystem.c:   char cwd[FILENAME_MAX+1];
./usr.bin/patch/patch.c:static char 

Re: MAXNAMLEN, NAME_MAX, FILENAME_MAX Plus One or Not?

[Ray Lai]

On Sat, Jan 07, 2006 at 12:11:32AM +0100, Otto Moerbeek wrote:
 
 On Fri, 6 Jan 2006, Ray Lai wrote:
 
  What are the proper uses of MAXNAMLEN, NAME_MAX, and FILENAME_MAX?
  Do they represent filenames with or without paths?  Do they include
  the terminating null or not?  The source seems inconsistent:
 
 Posix says: {NAME_MAX} Maximum number of bytes in a filename (not
 including terminating null).  Minimum Acceptable Value:
 {_POSIX_NAME_MAX}
 
 The other two are non-posix:
 
 MAXNAMLEN is file name length, not a path, excluding the NUL byte.
 
 FILENAME_MAX is from ANSI C, in practise it's value is equal to the
 posix PATH_MAX, which is the maximum length of a path name _including_
 NUL.
 
 In practice, a lot of unix programs use MAXPATHLEN, which is in
 general equal to the posix PATH_MAX.

I keep forgetting to, but thanks to everybody for answering my
questions.

-Ray-

How Do I Get snprintf(3) to Return -1?

[Ray Lai]

According to printf(3):

snprintf() and vsnprintf() will write at most size-1 of the characters
printed into the output string (the size'th character then gets the ter-
minating `\0'); if the return value is greater than or equal to the size
argument, the string was too short and some of the printed characters
were discarded.  If size is zero, str may be a null pointer and no char-
acters will be written; the number of bytes that would have been written
excluding the terminating `\0' byte, or -1 on error, will be returned.

and:

The snprintf() and vsnprintf() functions return the number of characters
that would have been output if the size were unlimited (again, not
including the final `\0').  If an output or encoding error occurs, a 
val-
ue of -1 is returned instead.

I'm having trouble making snprintf return -1.  I've tried stuff like:

len = snprintf(str, 0, %.-Z\n, 9);
printf(%d, len);

but that just prints `2'.  Does snprintf ever return -1?

-Ray-

sdiff implementation

[Ray Lai]

Ever since the GNU diffutils were removed from OpenBSD there hasn't
been an sdiff.  So I wrote one and placed it into the public domain.
It can be found at http://cyth.net/~ray/sdiff/.

This sdiff supports all of GNU sdiff's options and is compatible
with OpenBSD's diff.  All feedback is welcome.

-Ray-

Re: additional features in bsd.rd

[Ray Lai]

On Tue, Nov 22, 2005 at 12:01:05PM +0100, Pete Vickers wrote:
 1. Get a dmesg output from CD-ROM booted bsd.rd  to my other machine  
 for emailing etc.
   # dmesg | nc 10.20.30.40 1234
 
 2. Get information off a machine, either for backup purposes or data  
 recovery etc.
   # dd if=/dev/rwd0c | nc 10.20.30.40 1234
 
 3. Restore a  'disk image' from above...
   #  nc -l 1234 | dd of=/dev/rwd0c

Why not just use ftp?

-Ray-

Re: Assigning static device names for USB devices

[Ray Lai]

On Sun, Oct 16, 2005 at 09:00:16PM +0300, Antti Harri wrote:
 I have two USB printers, is there a way to assign
 a fixed device name instead of device name being
 assigned dynamically? If it's not possible at all,
 are there plans to implement it?

If it's not possible at all, how does one go about implementing it?

-Ray-

Re: Webmail recommendations?

[Ray Lai]

On Tue, Oct 04, 2005 at 01:20:24PM -0500, Bob Bostwick (Lists) wrote:
 Not sure if it will run on OBSD or not (haven't had time to try yet...),
 but hands down Zimbra is the best looking web interface out there -
 including Exchange OWA.
 
 http://www.zimbra.com/

Egads, it's 150 MB!  Just for webmail?  It does look good, though.

-Ray-

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
 
 Of Chris
 Sent: Saturday, October 01, 2005 5:35 PM
 To: misc@openbsd.org
 Subject: Webmail recommendations?
 
 Hello
 
 I want to setup a OBSD box for my email server.  It will service 
 probably about 2 dozen people, but It could conceivably double or more
 
 over the next year or two.
 
 I was wondering if anyone had any recommendations for an mta, and for 
 a webmail program that is easy to use and fully featured for users who
 
 are not so computer savvy.
 
 I am pretty comfortable with Sendmail, but I hear a lot of people are 
 moving more toward postfix (which I know nothing about).
 
 I am at a loss for a good web interface.
 
 Anyone care to make any recommendations?
 
 Thank you.
 
 
 Chris

Re: OpenBSD on IBM X40 ...

[Ray Lai]

On Thu, Sep 29, 2005 at 12:46:26PM +0200, Reyk Floeter wrote:
 hi,
 
 Waldemar Brodkorb wrote:
  ... just rocks :}
  
 
 openbsd always rocks ;)
 
  Thanks to the developers. I got some minor problems with one of the
  snapshots (ath0 kernel crash), but this is already fixed in
  -current. 
  
  thx
  Waldemar
 
 which crash exactly? and btw., does your thinkpad wireless led work
 (i haven't test it with x40, i have a t42)?

Doesn't work for me, but then the ath0, while detected, doesn't
actually work.

How are you supposed to turn on the LED, anyway?  Fn-wireless?

-Ray-

Re: Time limited internet connection

[Ray Lai]

On Sun, Sep 25, 2005 at 11:27:05PM +0200, Remy Heiden wrote:
 OR:
 
 root cron job:
 
 11pm: pfctl -f /etc/pf.conf-night
 6am: pfctl -f pf.conf-day

Until the kid learns, Hey, I can reboot daddy's firewall and have
internet access again!  (Assuming /etc/pf.conf allows it.)

-Ray-

Latest ath changes panics system

[Ray Lai]

On Mon, Sep 19, 2005 at 04:27:09AM -0600, Reyk Floeter wrote:
 CVSROOT:  /cvs
 Module name:  src
 Changes by:   [EMAIL PROTECTED]   2005/09/19 04:27:08
 
 Modified files:
   sys/dev/ic : ar5210.c ar5211.c ar5212.c ar5xxx.c ar5xxx.h 
ath.c 
 
 Log message:
 don't attach unsupported radio chipsets

Hi,

This seems to have broken my laptop entirely (dmesg at
https://marc.theaimsgroup.com/?l=openbsd-miscm=112667018017607w=2).

...
ath0 at pci1 dev 2 function 0 Atheros AR5212 rev 0x01: irq 11
ath: AR5213 5.9 phy 4.3 rf2112a 4.6, WOR4W, address 00:0e:9b:b3:27:d1
uvm_fault(0xd05cd960, 0x4000, 0, 1) - e
kernel: page fault trap, code=0
Stopped at  ar5k_ar5212_set_gpio_input+0x4d:movl0x4014(%ebx),%e
ax
ddb trace
ar5k_ar5212_set_gpio_input(d1f81000,3,10,d1f80030,1) at ar5k_ar5212_set_gpio_in
put+0x4d
ath_gpio_attach(d1f8,13,d0596a28,d1f8) at ath_gpio_attach+0x4b
ath_attach(13,d1f8,4,d057aeac) at ath_attach+0x50c
ath_pci_attach(d1f7dec0,d1f8,d06f2cb0,0,0) at ath_pci_attach+0x123
config_attach(d1f7dec0,d057aeac,d06f2cb0,d0360808) at config_attach+0xef
pciattach(d1f7df00,d1f7dec0,d06f2d50,0,d05807e4) at pciattach+0x1c8
config_attach(d1f7df00,d0579fe8,d06f2d50,d03a1cb0,d0547d64) at config_attach+0x
ef
ppbattach(d1f60f40,d1f7df00,d06f2df0,0,0) at ppbattach+0x8e
config_attach(d1f60f40,d057a660,d06f2df0,d0360808) at config_attach+0xef
pciattach(d1f60fc0,d1f60f40,d06f2eb0,0,d0589b98) at pciattach+0x1c8
config_attach(d1f60fc0,d0579fe8,d06f2eb0,d03603d4) at config_attach+0xef
mainbus_attach(0,d1f60fc0,0,0,d06f2f10) at mainbus_attach+0x164
config_attach(0,d0579fc4,0,0,d05cda40) at config_attach+0xef
config_rootfound(d0514cbc,0,d06f2f58,d03373f8) at config_rootfound+0x27
cpu_configure(0,1,3,0,5f6e) at cpu_configure+0x1f
main(0,0,0,0,0) at main+0x339
ddb ps
   PID   PPID   PGRPUID  S   FLAGS  WAIT   COMMAND
*0 -1  0  0  7 0x80204 swapper
ddb
...

Following http://www.benzedrine.cx/crashreport.html, I have
narrowed down the crash point to line 122 of machine/pio.h:

...
/usr/src/sys/dev/ic/ar5212.c:1933
34ac:   8b 59 14mov0x14(%ecx),%ebx
34af:   ba 03 00 00 00  mov$0x3,%edx
34b4:   8d 0c 00lea(%eax,%eax,1),%ecx
34b7:   d3 e2   shl$cl,$edx
machine/pio.h:122
34b9:   9b 83 14 40 00 00   mov0x4014(%ebx),%eax
/usr/src/sys/dev/ic/ar5212.c:1933
34bf:   f7 d2   not%edx
...

And the actual C file:

...
AR4K_REG_WRITE(AR4K_AR5212_GPIOCR,
(AR5K_REG_READ(AR5K_AR5212_GPIOCR) ~ AR5K_AR5212_GPIOCR_ALL(gpio))
| AR5K_AR5212_GPIOCR_NONE(gpio));
...

I hope I didn't copy anything wrong.  I still have the exact CVS
checkout that I built this kernel with, if it can be of any use.

-Ray-

Re: more 1 than client can use same port from router (for bittorrent)

[Ray Lai]

On Sat, Aug 06, 2005 at 05:19:46PM +0200, Erik Wikstrvm wrote:
 On 2005-08-06 16:48, Vivek Ayer wrote:
 Hi guys,
 
 I was wondering if it was possible to port forward the same port to
 more than one client behind a router. Currently, my client is the only
 one using bittorrent behind the router. I have this in /etc/pf.conf:
 
 rdr pass on $ext_if proto tcp to port 6881:6889 - 192.168.0.3 port 
 6881:6889
 
 What do I do if other people on the subnet wanted to use the same
 ports (6881:6889) to use bittorrent (clients other than 192.168.0.3)?
 Thanks.
 
 Sorry, no can do. The other clients would have to use a BT-client where
 they can specify the port(s) to use and forward those to the right one.

Or round-robin redirect to each client and pray.  With so many
connections, it might not even be noticable.

-Ray-