Re: Package dependencies size estimate script
Hi Aaron On 11/6/09, Aaron Mason wrote: > On Fri, Nov 6, 2009 at 2:42 AM, wrote: >> Hi >> >> Just wanted to share a script with fellow OpenBSD >> desktop users who like to keep minimal non-base >> software on the machine and prefer to use lighter >> alternatives whenever possible. >> >> This script will help you estimate the total space >> which will be used by a given package as well as >> all the dependencies (recursively). >> >> It has to be run inside a directory with your >> mirror of all packages. The o/p is a text file >> in /tmp directory. >> >> This was made quickly for myself long time back. >> Please consider the quality as such. Works for me. >> Hope it can come in handy to someone. >> >> Take care. >> >> Srikant. >> >> - >> >> #!/bin/sh >> # Find the full depency list for a given package >> # in cmd. line >> # Assumes one is in a dir with all packages >> >> # Temporary files >> tmp_file_1=$(mktemp) >> tmp_file_2=$(mktemp) >> tmp_file_3=$(mktemp) >> >> echo $1 > $tmp_file_1 >> >> ctr=0 >> over=0 >> while [ $over -ne 1 ] >> do >>cat $tmp_file_1 | fgrep -v -f $tmp_file_3 \ >>| xargs -I % pkg_info -f % \ >>| fgrep @depend | cut -d : -f 3 \ >>| grep -v '^$' | sort \ >>| uniq >> $tmp_file_2 >> >>md5_old=`cat $tmp_file_1 | md5` >>md5_new=`cat $tmp_file_2 | md5` >>if [ `echo $md5_new | fgrep -xc $md5_old` -eq 1 ]; then >>over=1 >>fi >>cat $tmp_file_1 >> $tmp_file_3 >>cat $tmp_file_2 > $tmp_file_1 >>ctr=$(( ctr+1 )) >> done >> >> cat $tmp_file_2 | sort | uniq > /tmp/$1-dependencies >> echo "-" >> /tmp/$1-dependencies >> ctr=$(( ctr-2 )) >> echo "No. of levels of dependencies : $ctr" \ >>>> /tmp/$1-dependencies >> count=`cat $tmp_file_2 | sort | uniq | wc -l | sed 's/ //g'` >> echo "No. of dependencies : $count" \ >>>> /tmp/$1-dependencies >> >> cat $tmp_file_2 | sort | uniq | xargs -I % pkg_info -s % \ >>| fgrep Size: | awk '{ print $2 }' > $tmp_file_3 >> siz=0 >> { >> while read rline >> do >>siz=$(( siz+rline )) >> done >> } < $tmp_file_3 >> echo "Estimated total size of dependencies: $siz" \ >>>> /tmp/$1-dependencies >> >> rm -rf $tmp_file_1 >> rm -rf $tmp_file_2 >> rm -rf $tmp_file_3 >> >> > > pkg-info will also look for PKG_PATH and check remotely if there are > any addresses there, I believe, so having a local mirror isn't > necessary. > > -- > Aaron Mason - Programmer, open source addict > I've taken my software vows - for beta or for worse > Thanks for pointing it out as well as the diff. Learnt a couple of things from it. Take care. Srikant.
ichiic0 errors on 4.3
Hi I have been noticing these kernel messages once in a while on my i386 machine running 4.3 (+ all patches up to date). The drive is brand new 500GB SATA. ichiic0: exec: op 1, addr 0x2e, cmdlen 1, len 1, flags 0x00: timeout, status 0x0 ichiic0: abort failed, status 0x0 ichiic0: exec: op 1, addr 0x2e, cmdlen 1, len 1, flags 0x00: timeout, status 0x0 ichiic0: abort failed, status 0x0 ichiic0: exec: op 1, addr 0x2e, cmdlen 1, len 1, flags 0x00: timeout, status 0x40 ichiic0: abort failed, status 0x0 ichiic0: exec: op 1, addr 0x2e, cmdlen 1, len 1, flags 0x00: timeout, status 0x40 ichiic0: abort failed, status 0x40 Is this the sign of an impending motherboard failure? It is an intel D915GVWB. Can someone please shed some light on the meaning of these. I know 4.5 is about to be released. I will definitely move on to it. If this regards some issue which was fixed in 4.4 or later, I apologize for bringing this up again. The dmesg is as follows. Let me know if anything else is required for analysis . OpenBSD 4.3 (GENERIC) #0: Thu Feb 12 22:22:54 IST 2009 root@:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) 4 CPU 3.06GHz ("GenuineIntel" 686-class) 3.07 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,CNXT-ID,CX16,xTPR real mem = 1599647744 (1525MB) avail mem = 1537679360 (1466MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 10/12/05, SMBIOS rev. 2.3 @ 0xe5bf1 (32 entries) bios0: vendor Intel Corp. version "WB91X10J.86A.1319.2005.1012.0939" date 10/12/2005 bios0: Intel Corporation D915GVWB apm0 at bios0: Power Management spec V1.2 apm0: battery life expectancy 0% apm0: AC off, battery charge unknown, estimated 0:00 hours acpi at bios0 function 0x0 not configured pcibios at bios0 function 0x1a not configured bios0: ROM list: 0xc/0xae00! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel 82915G Host" rev 0x04 agp0 at pchb0: aperture at 0x6000, size 0x1000 vga1 at pci0 dev 2 function 0 "Intel 82915G Video" rev 0x04 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) azalia0 at pci0 dev 27 function 0 "Intel 82801FB HD Audio" rev 0x03: irq 11 azalia0: codec[s]: Realtek ALC880 audio0 at azalia0 ppb0 at pci0 dev 28 function 0 "Intel 82801FB PCIE" rev 0x03 pci1 at ppb0 bus 1 ppb1 at pci0 dev 28 function 1 "Intel 82801FB PCIE" rev 0x03 pci2 at ppb1 bus 2 ppb2 at pci0 dev 28 function 2 "Intel 82801FB PCIE" rev 0x03 pci3 at ppb2 bus 3 ppb3 at pci0 dev 28 function 3 "Intel 82801FB PCIE" rev 0x03 pci4 at ppb3 bus 4 uhci0 at pci0 dev 29 function 0 "Intel 82801FB USB" rev 0x03: irq 9 uhci1 at pci0 dev 29 function 1 "Intel 82801FB USB" rev 0x03: irq 10 uhci2 at pci0 dev 29 function 2 "Intel 82801FB USB" rev 0x03: irq 11 uhci3 at pci0 dev 29 function 3 "Intel 82801FB USB" rev 0x03: irq 11 ehci0 at pci0 dev 29 function 7 "Intel 82801FB USB" rev 0x03: irq 9 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 ppb4 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xd3 pci5 at ppb4 bus 5 vr0 at pci5 dev 0 function 0 "VIA VT6105 RhineIII" rev 0x8b: irq 11, address 00:21:91:8e:3f:4b ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 9: OUI 0x004063, model 0x0034 vr1 at pci5 dev 1 function 0 "VIA VT6105 RhineIII" rev 0x8b: irq 11, address 00:21:91:8d:e8:be ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 9: OUI 0x004063, model 0x0034 fxp0 at pci5 dev 8 function 0 "Intel 82801FB LAN" rev 0x01, i82562: irq 11, address 00:16:76:63:2f:e3 inphy0 at fxp0 phy 1: i82562ET 10/100 PHY, rev. 0 ichpcib0 at pci0 dev 31 function 0 "Intel 82801FB LPC" rev 0x03: PM disabled pciide0 at pci0 dev 31 function 1 "Intel 82801FB IDE" rev 0x03: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: SCSI0 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 ignored (disabled) pciide1 at pci0 dev 31 function 2 "Intel 82801FB SATA" rev 0x03: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide1: using irq 10 for native-PCI interrupt wd0 at pciide1 channel 0 drive 0: wd0: 16-sector PIO, LBA48, 476940MB, 976773168 sectors wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5 ichiic0 at pci0 dev 31 function 3 "Intel 82801FB SMBus" rev 0x03: irq 10 iic0 at ichiic0 adt0 at iic0 addr 0x2e: emc6d100 rev 0x68 spdmem0 at iic0 addr 0x50: 256MB DDR SDRAM non-parity PC3200CL2.5 spdmem1 at iic0 addr 0x51: 1GB DDR SDRAM non-parity PC3200CL3.0 spdmem2 at iic0 addr 0x52: 256MB DDR SDRAM non-parity PC2700CL2.5 usb1 at uhci0: USB revision 1.0 uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2
Re: PF issue
Have you tried doing a tcpdump on fxp0 and pflog0 while trying to access the web server on home firewall? Might give you clues. Srikant.
Re: separating normal ssh logins from authpf logins
If I am not misreading your question, Few things which I can think of are: 1. For regular logins, shell in /etc/passwd will be regular shell while for authpf users, /usr/sbin/authpf 2. See login.conf man page. Having a separate login class for authpf and regular users will give good control on what they can do 3. Separate small partition for regular remote users with noexec mount flag in /etc/fstab helps security 4. Seperate groups for each class of users coupled with dir and file system permissions helps security 5. In case some users only do SFTP, see internal-sftp option for sshd_config Hope this helps. Srikant.
Re: How to filter based on application protocol being used
Thanks a lot jean-philippe ! Will give it a try immediately. Regards Srikant Tangirala.
Re: How to filter based on application protocol being used
Thanks for such a prompt reply. I will not use Linux even if you pay me. It has been OpenBSD for me for past three years and it will remain so as long as OpenBSD remains what it stands for. That aside, see, I have used this tool called ourmon successfully on OpenBSD to detect P2P traffic and block the users in conjunction with authpf and pf. The tool can do other detections as well. It matches packets/traffic-patterns with those observed by network admins as being related to a specific type of application protocol. Payload is not inspected, although a grep may be happening. It works by passively monitoring the packets flowing by, no kernel stuff involved. Just want to know if anyone has come up with a good solution to this problem. If there is none yet, fine, we continue with what we have or even partial solutions will help a bit. Thanks for your time. Srikant Tangirala. On Fri, May 9, 2008 at 11:55 AM, Reyk Floeter <[EMAIL PROTECTED]> wrote: > On Fri, May 09, 2008 at 10:40:18AM +0530, Srikant Tangirala wrote: > > for all the common protocols? With my little bit > > of knowledge what I figure is that we need some > > piece of software(s) which understands each protocol > > thoroughly, can look at raw packets in real-time > > and detect the protocol being used. Even then, > > ah, i'm just looking at your mail again - you a are kidding, there is > no way to do content inspection in "real-time". go and use linux where > you can use stupid and dangerous stuff in the kernel. this is not what > openbsd is about. > > reyk
How to filter based on application protocol being used
Hello All Since many of standard services can be made to listen on any port on the server side, and proxies with custom configuration can be used in cases otherwise, how effective is a firewall if it blocks based on standard service ports? Is there a way in which the application protocols being used can be detected and then this knowledge be used to let pf know what to filter and what not? So, is there some way to ensure that traffic to port 53 is in fact not from a program like iodine and what goes to port 80 is only HTTP/HTTPS, and so on for all the common protocols? With my little bit of knowledge what I figure is that we need some piece of software(s) which understands each protocol thoroughly, can look at raw packets in real-time and detect the protocol being used. Even then, it may get bypassed in cases like 'protocol obfuscation' feature of eMule being used, or if sufficient amount of random garbage traffic is generated to deter proper analysis. Please correct if I am wrong or the question itself is impertinent to this list. Any help will be great. Thanks in advance. Srikant Tangirala.
Routing trouble with PPPoE on 3.8
Hello I am trying to connect my obsd 3.8-stable system to internet via PPPoE ( ISDN connection-64Kbps). ppp program reports an established connection, ifconfig shows an IP address assigned to tun0 interface. But i simply can't use any program like ping, ftp or firefox to connect to any server. They say "no route to host". I must be doing something stupid. Is the pf ruleset the problem? I have configured the userland pppoe with a plain ppp.conf: default: set log Phase Chat LCP IPCP CCP tun command pppoe: set device "!/usr/sbin/pppoe -i rl0" set mtu max 1492 set mru max 1492 set speed sync disable acfcomp protocomp deny acfcomp set authname "[EMAIL PROTECTED]" set authkey "" When i run ppp, here is what i see- #ifconfig rl0 up #ppp pppoe Working in interactive mode Using interface tun0: ppp ON mycomp> dial ppp ON mycomp> Warning: deflink: Reducing configured MRU from 1500 to 1492 Ppp ON mycomp> PPp ON mycomp> PPP ON mycomp> $ifconfig lo0: flags=8049 mtu 33224 groups: lo0 inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5 rl0: flags=8843 mtu 1500 lladr 00:50:ba:a1:b1:0c media: Ethernet autoselect (none) status no carrier inet6 fe80::250:baff:fea7:b47c%rl0 prefixlen 64 scopeid 0x1 pflog0: flags=141 mtu 33224 pfsync0: flags=0<> mtu 1348 enc0: flags=0<> mtu 1536 tun0: flags=8011 mtu 1492 inet 210.211.129.64 --> 210.211.128.1 netmask 0x inet6 fe80::250:baff:fea7:b47c%tun0 -> prefixlen 64 tentative scopeid 0x6 #cat pf.conf scrub in all block in all block out all antispoof quick for { rl0 tun0 lo0 } pass in log on tun0 proto tcp from any to any port ssh flags S/SA \ synproxy state pass out on tun0 proto tcp all modulate state flags S/SA pass out on tun0 proto { icmp, udp } all keep state pass in log on rl0 proto tcp from any to any port ssh flags S/SA \ synproxy state pass out on rl0 proto tcp all modulate state flags S/SA pass out on rl0 proto { icmp, udp } all keep state Do i need to have the above three rules for both tun0 and rl0? pf is enabled in rc.conf apart from inetd and sshd. Not running named. This is a simple home PC- i386 with GENERIC kernel patched up to date. rl0 is definitely the right interface, got it from dmesg output. Sorry, did not include dmesg output since it is too long to type. If needed, i will. I did not customize dhclient.conf. I created a hostname.tun0 with just "dhcp" in it. That did not solve my problem. Still cannot connect. I do not have any other hostname.rl0 etc.No other config files in /etc/ppp directory were changed. I did not customize resolv.conf by hand. Seems like ppp puts stuff in it everytime i invoke it. #cat resolv.conf nameserver 203.197.30.4 nameserver 202.54.2.17 Kindly let me know what i'm doing wrong. Thanks a lot for your time. Srikant. -- Srikant Tangirala [EMAIL PROTECTED] -- http://www.fastmail.fm - The professional email service