Problem with libiconv-1.9.2p3 on 4.2
There seems to be a problem with the libiconv-1.9.2p3 package; I took it from the main FTP server, as well as several mirrors and had this problem. $ date Fri Mar 14 03:47:34 CDT 2008 $ uname -a OpenBSD foo.example.org 4.2 GENERIC#375 i386 $ sudo pkg_add gettext-0.14.6p0.tgz Can't install gettext-0.14.6p0: lib not found expat.8.0 Dependencies for gettext-0.14.6p0 resolve to: libiconv-1.9.2p3 Full dependency tree is libiconv-1.9.2p3 $ md5 libiconv-1.9.2p3.tgz MD5 (libiconv-1.9.2p3.tgz) = e0c719123bc569b450898b20c910cd46 $ pkg_info -L libiconv-1.9.2p3.tgz Information for file:./libiconv-1.9.2p3.tgz Files: /usr/local/lib/libcharset.so.1.0 /usr/local/lib/libiconv.so.4.0 /usr/local/bin/iconv /usr/local/include/iconv.h /usr/local/include/libcharset.h /usr/local/include/localcharset.h /usr/local/lib/charset.alias /usr/local/lib/libcharset.a /usr/local/lib/libcharset.la /usr/local/lib/libiconv.a /usr/local/lib/libiconv.la /usr/local/man/man1/iconv.1 /usr/local/man/man3/iconv.3 /usr/local/man/man3/iconv_close.3 /usr/local/man/man3/iconv_open.3 /usr/local/share/doc/libiconv/iconv.1.html /usr/local/share/doc/libiconv/iconv.3.html /usr/local/share/doc/libiconv/iconv_close.3.html /usr/local/share/doc/libiconv/iconv_open.3.html
Bad Hard Disk?
I had a machine crash which runs syslog-ng and takes syslog for some
heavily-loaded firewalls. Over the weekend, we saw the machine crash on two
ocassions. I believe there may be a bad hard disk in this host as well.
This is a Dell 2850. We have several in production that work without
problem.
See the following...
# disklabel sd3
disklabel: /dev/rsd3c: Device not configured
Here's a dmesg...see the last few lines. Any insight is appreciated.
WARNING: terminal is not fully functional
OpenBSD 3.9 (GENERIC) #617: Thu Mar 2 02:26:48 MST 2006
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Xeon(TM) CPU 3.40GHz ("GenuineIntel" 686-class) 3.40 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF
LUSH,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,EST,CNXT-ID
cpu0: Enhanced SpeedStep disabled by BIOS
real mem = 1073065984 (1047916K)
avail mem = 972435456 (949644K)
using 4278 buffers containing 53755904 bytes (52496K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(00) BIOS, date 09/22/05, BIOS32 rev. 0 @ 0xffe90
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfb600/320 (18 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801EB/ER LPC" rev 0x00)
pcibios0: PCI bus #9 is the last bus
bios0: ROM list: 0xc/0xb000! 0xcb000/0x4000 0xec000/0x4000!
ipmi0 at mainbus0: version 1.5 interface KCS iobase 0xca8/8 spacing 4
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel E7520 MCH" rev 0x09
ppb0 at pci0 dev 2 function 0 "Intel MCH PCIE" rev 0x09
pci1 at ppb0 bus 1
ppb1 at pci1 dev 0 function 0 "Intel IOP331 Channel 0" rev 0x06
pci2 at ppb1 bus 2
mpt0 at pci2 dev 5 function 0 "Symbios Logic 53c1030" rev 0x08: irq 7
scsibus0 at mpt0: 16 targets
sd0 at scsibus0 targ 0 lun 0: SCSI3 0/direct
fixed
sd0: 34732MB, 50824 cyl, 2 head, 699 sec, 512 bytes/sec, 71132959 sec total
sd1 at scsibus0 targ 1 lun 0: SCSI3 0/direct
fixed
sd1: 34732MB, 50824 cyl, 2 head, 699 sec, 512 bytes/sec, 71132959 sec total
sd2 at scsibus0 targ 2 lun 0: SCSI3
0/direct fi
xed
sd2: 140014MB, 48242 cyl, 8 head, 742 sec, 512 bytes/sec, 286749480 sec
total
sd3 at scsibus0 targ 6 lun 0: <, , > SCSI0 0/direct fixed
sd3: drive offline
mpt0: target 0 Synchronous at 160MHz width 16bit offset 63 QAS 0 DT 1 IU 1
mpt0: target 1 Synchronous at 160MHz width 16bit offset 63 QAS 0 DT 1 IU 1
mpt0: target 2 Synchronous at 160MHz width 16bit offset 127 QAS 0 DT 1 IU 1
mpt0: target 6 Asynchronous at 0MHz width 8bit offset 0 QAS 0 DT 0 IU 0
mpt1 at pci2 dev 5 function 1 "Symbios Logic 53c1030" rev 0x08: irq 5
scsibus1 at mpt1: 16 targets
ppb2 at pci1 dev 0 function 2 "Intel IOP331 Channel 1" rev 0x06
pci3 at ppb2 bus 3
ppb3 at pci0 dev 4 function 0 "Intel MCH PCIE" rev 0x09
pci4 at ppb3 bus 4
ppb4 at pci0 dev 5 function 0 "Intel MCH PCIE" rev 0x09
pci5 at ppb4 bus 5
ppb5 at pci5 dev 0 function 0 "Intel PCIE-PCIE" rev 0x09
pci6 at ppb5 bus 6
em0 at pci6 dev 7 function 0 "Intel PRO/1000MT (82541GI)" rev 0x05: irq 11,
addr
ess 00:14:22:21:70:1c
ppb6 at pci5 dev 0 function 2 "Intel PCIE-PCIE" rev 0x09
pci7 at ppb6 bus 7
em1 at pci7 dev 8 function 0 "Intel PRO/1000MT (82541GI)" rev 0x05: irq 5,
addre
ss 00:14:22:21:70:1d
ppb7 at pci0 dev 6 function 0 "Intel MCH PCIE" rev 0x09
pci8 at ppb7 bus 8
uhci0 at pci0 dev 29 function 0 "Intel 82801EB/ER USB" rev 0x02: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
uhci1 at pci0 dev 29 function 1 "Intel 82801EB/ER USB" rev 0x02: irq 10
usb1 at uhci1: USB revision 1.0
uhub1 at usb1
uhub1: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub1: 2 ports with 2 removable, self powered
uhci2 at pci0 dev 29 function 2 "Intel 82801EB/ER USB" rev 0x02: irq 7
usb2 at uhci2: USB revision 1.0
uhub2 at usb2
uhub2: Intel UHCI root hub, rev 1.00/1.00, addr 1
uhub2: 2 ports with 2 removable, self powered
ehci0 at pci0 dev 29 function 7 "Intel 82801EB/ER USB2" rev 0x02: irq 6
usb3 at ehci0: USB revision 2.0
uhub3 at usb3
uhub3: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub3: 6 ports with 6 removable, self powered
ppb8 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0xc2
pci9 at ppb8 bus 9
vga1 at pci9 dev 13 function 0 "ATI Radeon VE QY" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ichpcib0 at pci0 dev 31 function 0 "Intel 82801EB/ER LPC" rev 0x02
pciide0 at pci0 dev 31 function 1 "Intel 82801EB/ER IDE" rev 0x02: DMA,
channel
0 configured to compatibility, channel 1 configured to compatibility
atapiscsi0 at pciide0 channel 0 drive 0
scsibus2 at atapiscsi0: 2 targets
cd0 at scsibus2 targ 0 lun 0: SCSI0
5/cdrom r
emovable
cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 disabled (no drives)
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
Re: News From HiFn
On Fri, 2006-06-30 at 19:11:50 -0600, Theo de Raadt wrote... > To make ourselves feel better? I think it is pointless. They still > did not apologize. Really, come on. Stop being childish.
Re: News From HiFn
On Fri, 2006-06-30 at 20:09:50 -0600, Theo de Raadt wrote... > 95% of the planet does nothing to complain when there is a serious > problem with a company, and then when < 5% of the people complain > enough to force them fix it, you wish to congratulate the ... company? > > How American. > Please stop making snide comments and generalizing, it makes you look like an idiot.
Re: X not found
On Wed, 2006-07-05 at 11:42:22 -0700, Lawrence Horvath wrote... > so how do you install that, i was thinking it would just be > # pkg_add /home/music/xbase39.tgz > Can't resolve /home/music/xbase39.tgz > Get the tarballs from a mirror, then... $ su - root # cd / # tar zxpvf /path/to/xbase39.tgz
Re: Do mp3 concatenation programs exist?
On Sat, 2006-07-15 at 22:39:48 +0200, Peter Philipp wrote... > Illegal activities? Naw man! I just like moving like a Mack truck. See, > I'm already gone! Once I was upset that they didn't give everyone static > IP's, and then I thought about the words Vint Cerf said, and I got > enlightened. Anonymity rocks when you're taking charge of it. If you > linger around for 20 hours a day someone can track you and the dynamic IP > is useless. So I'm turning it around, into the intended direction. And I > know I'm on the right path. > Anyhow per day I see around 1440 IP's, I know my connecting netblock.. do you > know yours? Jesus you're a fucking idiot. I mean, seriously: this thread has got to be one of the more idiotic things I've ever read here. Anyway - the truly paranoid connect to different ISPs. Your provider has the source port you're coming from, your MAC address, and prolly the MAC of your DSL router in their CAM tables. You've achieved nothing, lackey.
Re: BOB is dying.
On Mon, 2006-07-17 at 17:55:14 +0200, Han Boetes wrote... > I know a very peculiar fellow named Bob, his health is failing, > but I don't think it's that bad. Give him beer.
Re: OT: (don't open if you don't like) Kerberized FTP client/Server
On Mon, 2006-07-17 at 20:34:36 -0600, Bob Beck wrote... > Authenticating using kerberos and ftp is possible, but why > use clear text passwords. Set up ssh to use kerberos and use sftp/scp. > There are many windows things out there to provide a bozo front end to > sftp/scp. i.e. WinSCP, Secure Iexporer, etc. etc. I think he meant a kerberized ftp client, which means the password should never go across the wire. I know umich used to have one, and it had a "private" directive, but I don't think it's around anymore. - Eric
Re: best place to specify ipv6 default route
On Tue, 2006-07-18 at 16:37:23 -0400, Will H. Backman wrote... > The man page for mygate says that one can add an IPv6 gateway address to > /etc/mygate, but it doesn't seem to add an entry to the routing table > upon reboot. I'm not using rtsol anywhere. > Most of my searching on the internet shows people adding a line to the > /etc/hostname.gif0 file, i.e: > > !route -n add -host -inet6 default 2001:470:1f00:::244 > > Adding the line to the hostname.if file does work, but putting the gateway > IPv6 address in /etc/mygate doesn't. > What is the suggested way to do this? > This is on 3.9-RELEASE. Put it in /etc/hostname.gifX. Such as this.. $ cat /etc/hostname.gif0 giftunnel 207.227.243.193 205.234.148.199 !ifconfig gif0 inet6 2001:4830:e5:6::2 2001:4830:e5:6::1 prefixlen 128 mtu 1480 !route -n add -inet6 default 2001:4830:e5:6::1 Then you'll be all set to go.
Re: best place to specify ipv6 default route
On Tue, 2006-07-18 at 17:13:30 -0400, Will H. Backman wrote... > Yes, that does work, but I'm curious if /etc/mygate should work. I > usually use /etc/mygate for IPv4, so I'm inclined to use it for IPv6 also. Send a patch if you really want the behavior, but I'm pretty sure that's only intended for IPv4. $ grep -A 2 -B 2 mygate /etc/netstart done # /etc/mygate, if it exists, contains the name of my gateway host # that name must be in /etc/hosts. if [ -f /etc/mygate ]; then route -qn delete default > /dev/null 2>&1 route -qn add -host default `stripcom /etc/mygate` fi - Eric
Re: best place to specify ipv6 default route
On Wed, 2006-07-19 at 00:05:25 +0200, Paul de Weerd wrote... > You should a) use grep -C and b) check out 3.9 or -current ;) Yea I'm on 3.7-RELEASE still. ugh. > [1]: http://marc.theaimsgroup.com/?l=openbsd-cvs&m=112930507105045&w=2 Aw damn, that's nice! Thanks todd@ - Eric
Re: web based FTP client?
On Wed, 2006-07-19 at 19:22:00 +0200, FTP wrote... > is any 'good' web based ftp client around which can run in chrooted Apache? Runs in chroot'ed apachehrmm...methinks you are new to all of this, right? Maybe you should contact your local sysadmin and ask him the explain how things work between client, server, and where things are run. If you mean that a client executable served back from a webserver, thats easy: it'd be a non-executable object under any document root. > Thanks for your help If you have a browser, you have an FTP client. However, FTP over HTTP is the major suck.
Re: looking for clue
On Wed, 2006-07-19 at 20:21:01 +0200, Peter Philipp wrote... > Hi I'm looking for clue. Does anyone have any? > Hey, aren't you the idiot that kept renegotiating your DHCP lease? There's no clue here for you to find; we don't speak Martian. - Eric
Re: web based FTP client?
On Wed, 2006-07-19 at 20:27:52 +0200, FTP wrote... > the browser itself is only for anonymous ftp :-( I actually wanted FTP > over HTTP Browser can do authenticated FTP. Please consult your documentation, this is not an OpenBSD problem. - Eric
Re: looking for clue
On Thu, 2006-07-20 at 22:54:28 +0530, Rahul Sharma wrote... > It is not Mr. Eric Pancer but me (rahulthehacker) who is asking for help on > dhcpd lease. I wasn't referring to that, please learn how to read a mailing list. I was referring to the user wanting dhcp leases to change every one-minute. > I am not speak any Martian also. I didn't say you did. Get with the discussion. - Eric
Netflow Reflector -or- Re-writing UDP packets using dup-to
We are taking netflow from various Cisco devices throughout our enterprise to argus-3.0 running on OpenBSD 4.2. Unfortunately we've also got some Cisco products in our environment that require us to have netflow sent to more than 2 versions, which means we need a netflow reflector built. I understand the "dup-to" syntax in pf.conf(5) but it may not meet the requirements for the reason that we wish not to re-write the source IP address (as our netflow aggregation depends on the source address of those packets). Has anyone ever crafted a UDP reflector which could re-write the destination address while keeping the source address intact? If you have done it using pf(4), were there any hurdles that you had to jump through to get things working? Thanks in advance, - Eric -- ``...don't you know, black is this years pink.''
Re: Netflow Reflector -or- Re-writing UDP packets using dup-to
Shoot the messenger, this was my fault: On Sun, 2008-04-06 at 22:47:06 -0500, Eric Pancer proclaimed... > We are taking netflow from various Cisco devices throughout our enterprise > to argus-3.0 running on OpenBSD 4.2. Unfortunately we've also got some Cisco > products in our environment that require us to have netflow sent to more > than 2 versions, which means we need a netflow reflector built. correction: destinations Sorry about that! - Eric
Re: Bind or Djbdns
On Mon, 2006-04-10 at 13:51:29 -0300, Joco Salvatti proclaimed... > I'd like to know your opinion about to major DNS servers: Bind and > djbdns. Which one is the best (I'm not sure if I may ask it this way)? > Which one you'd best recommend? I've already used Bind (and I still > use it) and I know it works perfectly fine. But before getting in > touch with OpenBSD and their users I realized that I had an wrong > opinion about a lot of softwares. So I'd like to know your opinion. I'll say one thing about BIND; it's come a very long way in the past few years. Using "views" really offers a lot of flexibility, and native IPv6 is also something that prompted me to start using it again. While djb's software is very fast and resilient, I couldn't find a reason to add more complexity to my system. Also, I prefer the query logs that BIND gives you, and there's more software available to eat those logs and report back. But hey, don't let me persuade you. Try them out yourself, side by side, and see which one you like. dnscache/tinydns *are* much faster (from my tests), on the order of 3x's faster than BIND. But there's just less benefits. YMMV. - eric
Re: OpenBSD todo list?
On Mon, 2006-04-10 at 20:44:36 -0700, Shawn Nock proclaimed... > A quick search of the archive and google didn't turn anything up, so > I'll ask here. r'ut r'oh, you must be new here... don your flame suit, gay apparel!
Re: OpenBSD todo list?
On Tue, 2006-04-11 at 09:25:55 -0700, Kent Watsen proclaimed... > Christmas in April? ;) A couple requests I recall seeing (*cough* > posting *cough*): > > - enable chroot-ed apps to dump core (this is an easy one) > - enable openbsd to run as a para-virtualized Xen guest (this is more > involved) I see your two requests, and up you the following. IPv6 enabled syslogd(8)
Re: Openvpn plugin for passwd authentication
On Wed, 2006-04-12 at 12:21:33 -0300, Giancarlo Razzolini proclaimed... > I wrote a plugin for Openvpn that does authentication using the passwd > or the shadow files. I wrote it cause the only authentication plugin for > openvpn is the auth-pam, and i needed to do authentication using the > shadow suite. I then wrote a small C program that did this, and used the > --auth-user-pass-verify directive from the openvpn. But in this setup, > you can't drop the privileges nor chroot the openvpn process. > > So, i wrote the plugin. As there isn't an easy way to check if the > system is using shadow passwords or not, you must alter a compiler > directive in the makefile. On BSD systems, the getpwnam(3) is a wrapper > function that does authentication from the file that have the user > passwords, in the OpenBSD, master.passwd. So, to make it work in > OpenBSD, you have to set the compiler directive USE_SHADOW to 0. I've > tested it in OpenBSD 3.8, and it works, but more testing is needed. I > would appreciate any suggestions, reports and comments. Shadow passwords? Auth pam? You must have the wrong mailing list; we don't use those broken technologies here.
Re: Openvpn plugin for passwd authentication
On Wed, 2006-04-12 at 14:07:53 -0300, Giancarlo Razzolini proclaimed... > Did you read my mail at all? The plugin authenticate itself from > master.passwd on OpenBSD and from shadow on linux distributions. I > mentioned PAM, case the only plugin that existed for authentication in > openvpn uses PAM. I hate PAM, so i wrote the plugin. Next time read the > entire message before saying anything. Heh, indeed I didn't. I just saw those linux related things and panicked! I thought for a moment you were intending to help us increase the market viability of OpenBSD by implementing some uberlite way of making OpenBSD understood by linux idiots. I apologize! Continue on with more pointfilled discussions!
Re: pf blocking nets in a way like *.google.com ?
On Fri, 2006-04-21 at 01:52:19 +0200, [EMAIL PROTECTED] proclaimed... > Is there any way to block networks by using a joker in the hostname? > > Lets take as example google. Google has many different Networks and such foo. > I found no way to block them all (during reading the PF manpage) using > something simple like *.google.com/de/foo. > Is there any way to do this because the IPSec-Framework can handle > Hostnames without problems. If yo'ure talking HTTP/FTP traffic, try using an application proxy such as squid.
Re: Patch make question
On Tue, 2006-05-02 at 10:28:30 -0400, Will H. Backman proclaimed... > 001_sendmail.patch for 3.9 says: > > make obj > make depend > make > make install > > Is there anything wrong with > > make obj && make depend && make && make install No.
Re: EHNT or other NetFlow tools
On Wed, 2006-05-03 at 18:12:12 -0400, [EMAIL PROTECTED] proclaimed... > net/flowd/ > net/flow-tools/ > net/softflowd/ I'll add argus
Re: Emacs's "WoMan" man reader
On Mon, 2006-05-08 at 16:13:42 -0400, Peter Fraser proclaimed... > I know how to invoke "woman", but when I do "woman" does > not find any man pages. I agree that it is slower > but I like its formatting better. Many people cannot understand what the woman does. It's unfortunate; I haven't found a comprehensive set of man pages for them either. I'm speaking a a male, of course :)
Re: Firefox keeps crashing
On Thu, 2006-05-11 at 22:14:47 -0400, Nick Holland proclaimed... > Firefox is a resource hog, and tends to leak resources worse than the > plumbing job I've been working on for my girlfriend. The difference is, > my plumbing leaks will be fixed, and I'm not going to be telling > everyone how wonderful it is until they are. Nick, you really should get informed of the newest programming techniques! Try using some teflon tape around your keyboard and screen. That should keep firefox from leaking! :) - Eric
Re: Group editing
On Wed, 2006-05-17 at 08:28:28 -0700, stupidmail4me proclaimed... > I've created a website. Let's say it's in /website. > > What's the best way to give all 10 developers access > to those files? I can create a group called > webdevelopers and have that group own /website. I can > also change permissions to 775 on that directory so > that they can create files and directories. But then > that's as much as they can do, the developers can't > edit each others files. Is there any way to change the > umask for a directory and subdirectories? > I always use a sgid bit on a directory.. drwxrws--x 4 bob exampleorg 512 Nov 15 2003 example.org This just means that "bob" owns the directory, but anyone in the "exampleorg" group can manipulate files, etc.
Re: Group editing
On Wed, 2006-05-17 at 12:10:27 -0700, stupidmail4me proclaimed... > That's exactly what I was trying to do, but I can't > get chmod to work as I want it to. Any help? Um, it's really not difficult if you read the manpage for chmod. $ chmod g+s /var/www/html/this/is/a/dir/
Re: OT: DDoS questions
On Mon, 2006-05-22 at 22:52:53 -0500, Jacob Yocom-Piatt proclaimed... > what are some methods of launching a DDoS attack? syn floods (old skool), udp floods, lots of small packets, icmp floods, whatever. my favorite is seeing a host flooded with protocol 50nearly everyone passes it and hardly anyone rate limits it. Methods mostly include botnets, but if I'm on a 1Gbps link and you're on a 1.544Mbps link, I win. > what countermeasures can i take against such an attack? Know your providers; be friends with your providers. Know who to talk to for filters upstream. You can also do egress/ingress limited if you're on a big fat pipe, look into RED (random early detection), configure ECN in all of your applications and devices, etc. But there's no solution for drinking out of a firehose at full blast. Sometimes you just have to be "A Man" a drink! > feel free to reply off list if you like ;). i am asking this here since, IMO, > openbsd has highest average "1337n355" among its user base. Uh yea, it's 2006we don't talk like that anymore. - Eric
Re: OT: DDoS questions
On Tue, 2006-05-23 at 10:02:24 -0400, Jeff Quast proclaimed... > Thankfully those kids have grown up and have jobs now, and the > point-and-click attack tools aren't as dangerous as they used to be. Surely you must be joking, right? Not only is it easy, with little experience you can write your own bots that A/V scanners won't immediately pick up!
Re: Windows to "copy" open bsd
On Fri, 2006-06-02 at 12:58:43 -0700, akonsu wrote... > no way. trust me. ;) Who the fuck are you to trust?
Re: Windows to "copy" open bsd
On Fri, 2006-06-02 at 20:48:06 +, [EMAIL PROTECTED] wrote... > you're just a warm and fuzzy kind of guy, aren't you? > Only on friday's.
