Re: usb wifi wpa2 enterprise

On Sat, Sep 5, 2015 at 4:21 AM Shaun Reiger [srei...@sprmail.net] wrote: > Hi I'm trying to find out if obsd supports any usb wifi > adapters that can connect to a wpa2 enterprise network. > I have read through a couple driver man pages urtwn, iwn, > rsu..etc but can't determine if the adapt

Re: issue with pf syntax parser

On Fri, Sep 04, 2015 at 07:43:35PM +0200, Joseph A Borg wrote: > this is all very fascinating. Is it possible to contemplate a pre-filter that > chomps out trailing whitespace and comments? Would this overly complicate the > parsing process and introduce security issues? Nah... you'll loose all

Re: usb wifi wpa2 enterprise

On Sat, Sep 05, 2015 at 05:21:03AM BST, Shaun Reiger wrote: > Hi I'm trying to find out if obsd supports any usb wifi adapters that can > connect to a wpa2 enterprise network. I have read through a couple driver > man pages urtwn, iwn, rsu..etc but can't determine if the adapters listed > will con

usb wifi wpa2 enterprise

Hi I'm trying to find out if obsd supports any usb wifi adapters that can connect to a wpa2 enterprise network. I have read through a couple driver man pages urtwn, iwn, rsu..etc but can't determine if the adapters listed will connect. Anyone with any experience in this would be helpful. Thanks -

Re: Native EFI Bootloader Support

On Fri, Sep 4, 2015 at 18:22:48, Chris Cappuccio [ch...@nmedia.net] wrote: > So, the tree won't develop support for this standard until UEFI > systems require it. Alternately, if someone writes it ahead of > time, maybe that will be useful. (Useful in making it easier to > boot OpenBSD witho

Re: Native EFI Bootloader Support

Romain FABBRI [romain.fab...@alienconsulting.net] wrote: > Could help some people like me who have an asus t100 which only accept UEFI > boot. (scarry) > Except, your T100 can also have secure boot disabled. OpenBSD UEFI support is coming together right now, just for your T100.

Re: issue with pf syntax parser

On Fri, Sep 04, 2015 at 05:49:34PM -0600, Theo de Raadt wrote: > > > --- /usr/share/man/man5/pf.conf.5 Wed Mar 5 16:22:58 2014 > > > +++ var1/man5/pf.conf.5 Thu Sep 3 16:19:21 2015 > > > @@ -63,7 +63,7 @@ A method for detecting a host's operating system. > > > Some example rulesets. > > >

Re: issue with pf syntax parser

> > --- /usr/share/man/man5/pf.conf.5 Wed Mar 5 16:22:58 2014 > > +++ var1/man5/pf.conf.5 Thu Sep 3 16:19:21 2015 > > @@ -63,7 +63,7 @@ A method for detecting a host's operating system. > > Some example rulesets. > > .El > > .Pp > > -The current line can be extended over multiple line

Re: issue with pf syntax parser

On 09/04/15 09:26, Raul Miller wrote: As a general rule, whenever a syntax error is not obvious, the real error happened before that point... But looking at my copy of `man pf.conf`, I don't see any mention of backslash in the section on Grammar. The only sentence using the word backslash is th

Re: issue with pf syntax parser

On 09/04/15 19:43, Joseph A Borg wrote: > this is all very fascinating. Is it possible to contemplate a pre-filter that > chomps out trailing whitespace and comments? Would this overly complicate the > parsing process and introduce security issues? Backslash at end of line meaning join with next

Re: Native EFI Bootloader Support

On Fri, Sep 04, 2015 at 11:22:48AM -0700, Chris Cappuccio wrote: > Since the purpose of Secure Boot provide little to no benefit to users (in > fact > quite the opposite), the question becomes why? UEFI does not always imply Secure Boot. There are modern systems which do not feature legacy b

Re: spamassasin large CPU usage on new snapshot and a huge bayes_toks file not reported in df

On Fri, 4 Sep 2015 11:37:09 -0700 Chris Cappuccio wrote: > Adam Wolk [adam.w...@tintagel.pl] wrote: > > > > -rw--- 1 _spampd _spampd 9.8M Sep 3 22:52 bayes_seen > > > > -rw--- 1 _spampd _spampd 65.3G Sep 3 22:55 bayes_toks > > > > > > > > > > What are your memory limits for the

Re: issue with pf syntax parser

On Fri, Sep 4, 2015 at 1:43 PM, Joseph A Borg wrote: > I’m asking because this might improve readability, usability and security for > less gifted users like me… Or it might not? Seriously, how could we even tell the difference? I mean, I get as frustrated as anyone when I'm trying to read doc

icmp block/pass rules in PF

thank you o great one… I am humbled by my total obliviousness. > On 04 Sep 2015, at 21:43, Christian Weisgerber wrote: > > On 2015-09-04, Joseph Borg wrote: > >> this doesn’t work: >> pass out on $DMZ_if inet proto icmp icmp-type echoreq from 192.168.2.1 >> these work: >> pass out o

Re: spamassasin large CPU usage on new snapshot and a huge bayes_toks file not reported in df

> $ cat /etc/login.conf | grep -i spam > $ UUOC grep -i spam /etc/login.conf But that is not actually answering the question as we don't know the login class you are using and what it's limits are like ;-) You can get the login class by using id(1). For the limits I think you need to read lo

Re: icmp block/pass rules in PF

On 2015-09-04, Joseph Borg wrote: > this doesn’t work: > pass out on $DMZ_if inet proto icmp icmp-type echoreq from 192.168.2.1 > these work: > pass out on $DMZ_if inet proto icmp from 192.168.2.1 > pass out on $DMZ_if inet proto icmp icmp-type echoreq Simply searching for "ic

Re: dmesg Intel NUC5CPYH

Op 04-09-15 om 21:01 schreef Ted Unangst: Tim Kuijsten wrote: tl;dr no network, dmesg for 5.7 release, 5.8 current mp and sp included. With 5.7 release a dhcp response is received, but no other addresses than the one that is assigned to the machine can be pinged (the dhcp server is in the arp

Re: dmesg Intel NUC5CPYH

Tim Kuijsten wrote: > tl;dr no network, dmesg for 5.7 release, 5.8 current mp and sp included. > > > With 5.7 release a dhcp response is received, but no other addresses > than the one that is assigned to the machine can be pinged (the dhcp > server is in the arp cache, but no ping reply is rec

dmesg Intel NUC5CPYH

tl;dr no network, dmesg for 5.7 release, 5.8 current mp and sp included. With 5.7 release a dhcp response is received, but no other addresses than the one that is assigned to the machine can be pinged (the dhcp server is in the arp cache, but no ping reply is received from it). with 5.8 no d

Re: spamassasin large CPU usage on new snapshot and a huge bayes_toks file not reported in df

Adam Wolk [adam.w...@tintagel.pl] wrote: > > > -rw--- 1 _spampd _spampd 9.8M Sep 3 22:52 bayes_seen > > > -rw--- 1 _spampd _spampd 65.3G Sep 3 22:55 bayes_toks > > > > > > > What are your memory limits for the user/daemon class that runs > > spamassassin? > > Touche, not set. Th

Re: Native EFI Bootloader Support

Gerald Hanuer [ghanuer497...@gmail.com] wrote: > Hello misc@, > > Native UEFI goes in tree. > http://marc.info/?l=openbsd-cvs&m=144115942223734&w=2 > . > Great work all. > > So what might the future hold for UEFI Secure Boot. > So, the

Re: spamassasin large CPU usage on new snapshot and a huge bayes_toks file not reported in df

On Fri, 4 Sep 2015 11:08:35 -0700 Chris Cappuccio wrote: > Adam Wolk [adam.w...@tintagel.pl] wrote: > > Hi misc@ > > > > I upgraded my mail server to an amd64 snapshot from Sep 2nd and > > found the server stuck delivering mail in the morning with > > spamassasin churning at 90% CPU usage. > >

Re: spamassasin large CPU usage on new snapshot and a huge bayes_toks file not reported in df

Adam Wolk [adam.w...@tintagel.pl] wrote: > Hi misc@ > > I upgraded my mail server to an amd64 snapshot from Sep 2nd and found > the server stuck delivering mail in the morning with spamassasin > churning at 90% CPU usage. > > Quick investigation lead me to a huge bayes_toks file of 65.3G in > /va

Re: spamassasin large CPU usage on new snapshot and a huge bayes_toks file not reported in df

On Fri, Sep 04, 2015 at 10:20:01AM +0200, Adam Wolk wrote: | Hi misc@ | | I upgraded my mail server to an amd64 snapshot from Sep 2nd and found | the server stuck delivering mail in the morning with spamassasin | churning at 90% CPU usage. | | Quick investigation lead me to a huge bayes_toks file

Re: Another working USB WiFi adapter:

On Thu, Sep 03, 2015 at 10:50:02AM +0200, Stefan Sperling wrote: > On Thu, Sep 03, 2015 at 08:53:11AM +0100, Craig Skinner wrote: > > For the archives, > > > > A friend loaned me this while I gave an Unbound & NSD talk in a pub: > > > > TP-Link TL-WN722N "High-Gain 150Mbps" > > > > athn1 at uhub

Re: issue with pf syntax parser

this is all very fascinating. Is it possible to contemplate a pre-filter that chomps out trailing whitespace and comments? Would this overly complicate the parsing process and introduce security issues? I’m asking because this might improve readability, usability and security for less gifted us

Re: issue with pf syntax parser

On Fri, Sep 04, 2015 at 05:51:54PM +0300, Kimmo Paasiala wrote: > On Fri, Sep 4, 2015 at 4:02 PM, Joseph A Borg wrote: > > maybe the syntax error should point to the line where there are extra > > characters after the escape? > > > > > > That would require making the backslash a lexical token i

Spamd TLS and exchange

On a machine just after 5.7 bumped to get spamd TLS support where changes to spamd have been minimal since (I have tested the compat mode diff with no effect). I've had reports of mails not coming through and they have been quite tricky to find (traffic logs of known incoming mail) as they do not

Re: spamassasin large CPU usage on new snapshot and a huge bayes_toks file not reported in df

On Fri, 4 Sep 2015 12:31:13 -0400 Michael McConville wrote: > k...@kurawa.no-ip.org wrote: > > Adam Wolk wrote: > > > After deleting the file, restarting the service processing a > > > single email brought the DB to reported size 37.9M, few emails > > > later it's already reported as 113M I have

Re: spamassasin large CPU usage on new snapshot and a huge bayes_toks file not reported in df

k...@kurawa.no-ip.org wrote: > Adam Wolk wrote: > > After deleting the file, restarting the service processing a single > > email brought the DB to reported size 37.9M, few emails later it's > > already reported as 113M I have a hunch that it will bloat again > > really fast. > > try to disable b

Re: issue with pf syntax parser

On Fri, Sep 4, 2015 at 4:02 PM, Joseph A Borg wrote: > maybe the syntax error should point to the line where there are extra > characters after the escape? > > That would require making the backslash a lexical token in the pf.conf(5) syntax. Now it's just a simple escape character that gets eate

Re: issue with pf syntax parser

As a general rule, whenever a syntax error is not obvious, the real error happened before that point... But looking at my copy of `man pf.conf`, I don't see any mention of backslash in the section on Grammar. The only sentence using the word backslash is the one at the begining which states "The

Re: issue with pf syntax parser

maybe the syntax error should point to the line where there are extra characters after the escape? > On 04 Sep 2015, at 14:53, Peter Hessler wrote: > > Backslash says "ignore the following charecter". You are using it to > ignore the newline. > > If you ignore the space instead, the newline

Re: issue with pf syntax parser

ok got it. Treat it as an escape character. At least a note somewhere might help the nincompoops like me. is it possible to make it more resilient though? maybe use a different escape character that would ignore all trailing whitespace? heck! having a comment after the escape would be great for

Re: issue with pf syntax parser

Backslash says "ignore the following charecter". You are using it to ignore the newline. If you ignore the space instead, the newline then matters. This is not a bug, this is 100% by design. You'll need to ensure there are no trailing spaces after a backslash (and we do recommend removing trail

issue with pf syntax parser

I have something like this in pf.conf: services= "{ ssh, \ http, https, 8000, 8080, 8088,

Re: icmp block/pass rules in PF

tried that and myriad other configurations, including one liners as I want to understand the parser from a user perspective. this doesn’t work: pass out on $DMZ_if inet proto icmp icmp-type echoreq from 192.168.2.1 these work: pass out on $DMZ_if inet proto icmp from 192.168.2.1

Re: icmp block/pass rules in PF

tried that and myriad other configurations, including one liners as I want to understand the parser from a user perspective. this doesn’t work: pass out on $DMZ_if inet proto icmp icmp-type echoreq from 192.168.2.1 these work: pass out on $DMZ_if inet proto icmp from 192.168.2.1

Re: Ospf multiple areas not redistributing

On Wed, Sep 2, 2015 at 1:54 PM, Kapetanakis Giannis < bil...@edu.physics.uoc.gr> wrote: > On 02/09/15 10:31, Roger Skjetlein wrote: > >> Hi, >> >> >> have an issue with ospfd when using multiple areas and networks from area >> 10.0.30.0 not distributed to 0.0.0.0. >> >> eg >> >> the network for em

Re: Ospf multiple areas not redistributing

This is the interface status when in area 0.0.0.0 Interface em0, line protocol is UP Internet address 10.0.30.1/24, Area 0.0.0.0 Linkstate unknown Router ID 10.0.11.2, network type BROADCAST, cost: 10 Transmit delay is 1 sec(s), state DR, priority 1 Designated Router (ID) 10.0.11.2, inte

Re: spamassasin large CPU usage on new snapshot and a huge bayes_toks file not reported in df

On Fri, 4 Sep 2015 10:20:01 +0200 Adam Wolk wrote: > After deleting the file, restarting the service processing a single > email brought the DB to reported size 37.9M, few emails later it's > already reported as 113M I have a hunch that it will bloat again really > fast. > try to disable bayes,

spamassasin large CPU usage on new snapshot and a huge bayes_toks file not reported in df

Hi misc@ I upgraded my mail server to an amd64 snapshot from Sep 2nd and found the server stuck delivering mail in the morning with spamassasin churning at 90% CPU usage. Quick investigation lead me to a huge bayes_toks file of 65.3G in /var/spampd/.spamassasin/. $ ls -alh total 4738352 drwx