headers
Bogdan Andu | 22 May 2013 12:30
Picon
Favicon

__guard_local issue

Hello,

I compile from source Erlang R14B04 on a freshly installed OpenBSD 5.3 amd64 machine, configured with
preinstalled opensssl library /usr/lib/libssl.so.19.0 .

$ /usr/sbin/openssl
OpenSSL> version
OpenSSL 1.0.1c 10 May 2012
OpenSSL>
^D

when I try to load the crypto module I get the follwing error:

$erl
Erlang R14B04 (erts-5.8.5) [source] [64-bit] [smp:2:2] [rq:2] [async-threads:0] [kernel-poll:false]

Eshell V5.8.5  (abort with ^G)
1>
crypto:start().
/usr/local/lib/erlang/erts-5.8.5/bin/beam.smp:/usr/local/lib/erlang/lib/crypto-2.0.4/priv/lib/crypto.so:
undefined symbol
'__guard_local'
/usr/local/lib/erlang/erts-5.8.5/bin/beam.smp:/usr/local/lib/erlang/lib/crypto-2.0.4/priv/lib/crypto.so:
undefined symbol
'__guard_local'
/usr/local/lib/erlang/erts-5.8.5/bin/beam.smp:/usr/local/lib/erlang/lib/crypto-2.0.4/priv/lib/crypto.so:
undefined symbol
'__guard_local'
/usr/local/lib/erlang/erts-5.8.5/bin/beam.smp:/usr/local/lib/erlang/lib/crypto-2.0.4/priv/lib/crypto.so:
undefined symbol
(Continue reading)

Permalink | Reply | 0 comments |
headers
C. L. Martinez | 22 May 2013 11:24
Picon

Re: Problem with a startup script

On Wed, May 22, 2013 at 9:15 AM, Vadim Zhukov <persgray <at> gmail.com> wrote:
> 2013/5/22 C. L. Martinez <carlopmart <at> gmail.com>
>
>> On Wed, May 22, 2013 at 8:44 AM, Vadim Zhukov <persgray <at> gmail.com> wrote:
>> > 22.05.2013 10:19 пользователь "C. L. Martinez" <carlopmart <at> gmail.com>
>> > написал:
>> >
>> >
>> >>
>> >> Hi all,
>> >>
>> >>  I have a problem with some tcl rc.d startup scripts. Start and status
>> >> works ok but stop and restart, doesn't.
>> >
>> > Stupid question: does it stop if you kill it by pid directly? I've seen
>> > at
>> > least one daemon do far that ignores SIGTERM...
>> >
>>
>> Yes, doing a kill -9 pid, works and doing pkill -f "${pexp}", too ...
>> from command line ...
>
>
> Okay... Another stupid questions: did you modify your /etc/rc.d/rc.subr?
> What version has it in its RCS header, did you run sysmerge(8)? What if you
> add rc_stop() manually in your rcscript, same as in /etc/rc.d/rc.subr?
>

No, I have not modified rc.subr:
(Continue reading)

Permalink | Reply | 0 comments |
headers
Antoine Jacoutot | 22 May 2013 10:04

Re: Problem with a startup script

On Wed, May 22, 2013 at 07:41:38AM +0000, C. L. Martinez wrote:
> On Wed, May 22, 2013 at 7:37 AM, Antoine Jacoutot <ajacoutot <at> bsdfrog.org> wrote:
> > On Wed, May 22, 2013 at 07:30:19AM +0000, C. L. Martinez wrote:
> >> On Wed, May 22, 2013 at 7:02 AM, Antoine Jacoutot <ajacoutot <at> bsdfrog.org> wrote:
> >> > On Wed, May 22, 2013 at 06:57:16AM +0000, C. L. Martinez wrote:
> >> >> On Wed, May 22, 2013 at 6:50 AM, Antoine Jacoutot <ajacoutot <at> bsdfrog.org> wrote:
> >> >> > On Wed, May 22, 2013 at 06:18:04AM +0000, C. L. Martinez wrote:
> >> >> >> Hi all,
> >> >> >>
> >> >> >>  I have a problem with some tcl rc.d startup scripts. Start and status
> >> >> >
> >> >> > You mean check instead of status, right?
> >> >>
> >> >> Yep, you are rigth Antoine ..
> >> >>
> >> >> >
> >> >> >> works ok but stop and restart, doesn't.
> >> >> >
> >> >> > Running the rc script in debug mode may give you some clue (-d).
> >> >> >
> >> >>
> >> >>
> >> >> Uhmm .. no clues:
> >> >>
> >> >> /usr/local/etc/rc.d/suricata_proxyin_agent -d stop
> >> >>
> >> >> + [ -n /usr/local/bin/suricata_proxyin_agent.tcl ]
> >> >> + unset _RC_DEBUG _RC_FORCE
> >> >> + getopts df c
> >> >> + _RC_DEBUG=-d
(Continue reading)

Permalink | Reply | 0 comments |
headers
C. L. Martinez | 22 May 2013 08:18
Picon

Problem with a startup script

Hi all,

 I have a problem with some tcl rc.d startup scripts. Start and status
works ok but stop and restart, doesn't.

 Script:

#!/bin/sh -x
#
# $OpenBSD: suricata_proxyin_agent,v 1.0

daemon="/usr/local/bin/suricata_proxyin_agent.tcl"
daemon_flags="-c /data/config/etc/sguil/suricata_proxyin_agent.conf -D"

. /etc/rc.d/rc.subr

pexp="/usr/local/bin/tclsh8.5 $daemon"

rc_cmd $1

I have tried several variants like to insert rc_stop specific option
or changing pexp to "/usr/local/bin/tclsh8.5 $daemon $daemon_args"
without luck.

Debugging script, acts as like the other system startup scripts:

.....

+ echo NO
+ : NO
(Continue reading)

Permalink | Reply | 7 comments |
headers
Jiri B | 21 May 2013 21:52
Picon
Favicon

a sftp user can enter into a directory which he does not have rights

I'm very surprised to see something like this. Comparing with
normal unix filesystem, 'sftpuser' would not even enter such
directory. Is this OK?

* sftpuser has only group 'sftpuser'

$ sftp sftpuser <at> localhost 
Connected to localhost.
sftp> cd /
sftp> ls -l
drwxr-xr-x    2 0        0             512 May 21 18:43 dev
drwx-----x   12 1000     1000          512 May 21 18:32 jirib
drwxr-xr-x   10 1000     1000          512 May 21 18:32 pub
sftp> cd jirib
sftp> pwd
Remote working directory: /jirib
sftp> ls -al
remote readdir("/jirib"): Permission denied

j.
Permalink | Reply | 3 comments |
headers
Aaron Dewell | 21 May 2013 19:58
Picon

Policy Based Routing/pfctl help

Hey all,

I know this is slightly off-topic on this list, I'm hoping the OpenBSD answer will be "close enough" to the
MacOS X (10.8) answer that I'll get what I need done.  I have gotten zero replies from the Apple communities,
so I'm asking here.  That said, here's what I'm trying to accomplish.

This server has 5 VLAN tagged interfaces (already set up and reachable).
First one holds the default route (used for administration).
Ostinato (traffic generator) is installed.
The other 4 VLAN interfaces are to be used for traffic generation/receiving.

What I want is for traffic sourced (via Ostinato) from a particular IP address to be sent via it's own VLAN
interface to it's own router.  I have accomplished this on Linux (the far end of this test) using:

ip route add default via <gateway-X> dev ethX table X
ip rule add from <network-X> table X priority X

Research online suggests that this used to work before ipfw was deprecated:

ipfw add X fwd <gateway-X> ip from <IP-address-X> to any

(I did try this, and nothing actually happened.)

Further searching led me to this as the possible OpenBSD answer:

route -T X add 0.0.0.0/0 -iface <gateway-X>
echo pass in from <network-X> to 0.0.0.0/0 rtable X | pfctl -mf -

However, this particular version of the OS does not support the -T option to route, so I presume that
multiple tables are not supported.  However, that step may be not needed.
(Continue reading)

Permalink | Reply | 3 comments |
headers
Jean Lucas | 21 May 2013 19:47

HD4000 problems

I've an (Intel) HD4000 and from the point that inteldrm was added to current, X freezes on launch, and have to
SSH in to reboot nicely. Read a post with a similar problem; reducing video memory to <128 MB was the trick to
have X start on current.

I'm running yesterdays (20th May) -current, on a Lenovo Yoga 13, and there is no option for video memory in
the BIOS. For 5.3 release however, X starts when I disable DPTF ( Intel dynamic platform & thermal
framework). 5.2 release worked fine with this enabled.

Question: is there a kernel option to reduce video memory used by the OS to see if the workaround is valid?

Back to the point, X -configure returns a Segmentation fault 0x28, and when just running startx,
Xorg.0.log reveals Output LVDS1 has no monitor section. (Note: 5.2 & 5.3 release returned same segfault,
though X worked flawlessly with startx)

A few snapshots back, X would start after booting single-user and rebooting, though failure-success rate
was around 4:1. When it would start, running xbacklight would freeze X again. Also idling too long would
cause X to freeze.

Files attached: X -configure and startx logs, and pcidump

Best,
Jean

[demime 1.01d removed an attachment of type application/x-gtar which had a name of yoga.tgz]
Permalink | Reply | 1 comment |
headers
Peter J. Philipp | 21 May 2013 19:26
Picon
Favicon

how long should CD orders take?

I ordered my CD through a german bookstore that is listed at 
www.openbsd.org/orders.html.  Only it's now the 21st of May and my 
computers have all been upgraded via FTP around the 1st of May.  And I 
still have no CD (and no stickers).

Last year they were slow as well, which leads me to believe that the 
store is sloppy in its orders.  Can someone confirm that the CD's have 
all been sent out from Calgary?  It's really a shame that I must use 
resources of OpenBSD when not needed, my order went in around the end of 
March 2013 and there was lots of time to deliver this as a pre-order.

-peter
Permalink | Reply | 4 comments |
headers
C. L. Martinez | 21 May 2013 09:53
Picon

OT: trying to install vortex-idx in OpenBSD 5.3

Hi all,

 I am trying to compile vortex-ids
(http://sourceforge.net/projects/vortex-ids/?source=directory) under
OpenBSD 5.3, but this error is returned:

vortex.c: In function 'errors_thread':
vortex.c:686: error: '__NR_gettid' undeclared (first use in this function)
vortex.c:686: error: (Each undeclared identifier is reported only once
vortex.c:686: error: for each function it appears in.)
vortex.c:693: error: 'cpu_set_t' undeclared (first use in this function)
vortex.c:693: error: expected ';' before 'csmask'
vortex.c:694: error: 'csmask' undeclared (first use in this function)
vortex.c: In function 'stats_thread':
vortex.c:768: error: '__NR_gettid' undeclared (first use in this function)
vortex.c:776: error: 'cpu_set_t' undeclared (first use in this function)
vortex.c:776: error: expected ';' before 'csmask'
vortex.c:777: error: 'csmask' undeclared (first use in this function)
vortex.c: In function 'conn_writer':
vortex.c:950: error: '__NR_gettid' undeclared (first use in this function)
vortex.c:958: error: 'cpu_set_t' undeclared (first use in this function)
vortex.c:958: error: expected ';' before 'csmask'
vortex.c:959: error: 'csmask' undeclared (first use in this function)
vortex.c: In function 'main':
vortex.c:1917: error: '__NR_gettid' undeclared (first use in this function)
vortex.c:1925: error: 'cpu_set_t' undeclared (first use in this function)
vortex.c:1925: error: expected ';' before 'csmask'
vortex.c:1926: error: 'csmask' undeclared (first use in this function)

I have installed libnet-1.1.2.1p0, glib2-2.34.3 and libnids-1.24 packages.
(Continue reading)

Permalink | Reply | 2 comments |
headers
unk | 20 May 2013 21:35
Picon

Re: multicast via non-primary interface

2013/5/20 Stijn <mail.stijn <at> telenet.be>

> sysctl net.inet.ip.mforwarding=1
>

bash-4.2$ sudo sysctl net.inet.ip.mforwarding=1
Password:
net.inet.ip.mforwarding: 0 -> 1
bash-4.2$ ./mcast
mcast: sendto: No route to host

so, this does not help.

--

-- 
/unk
Permalink | Reply | 2 comments |
headers
unk | 20 May 2013 16:01
Picon

multicast via non-primary interface

Hello misc <at> !

My goal is send few multicast datagrams via "non-primary network interface"
at multihomed host without affecting system wide defaults. After reading
man 4 ip:
---
     For hosts with multiple interfaces, each multicast transmission is sent
     from the primary network interface.  The IP_MULTICAST_IF option
overrides
     the default for subsequent transmissions from a given socket:

           struct in_addr addr;
           setsockopt(s, IPPROTO_IP, IP_MULTICAST_IF, &addr, sizeof(addr));

     where addr is the local IP address of the desired interface or
INADDR_ANY
     to specify the default interface.  An interface's local IP address and
     multicast capability can be obtained via the SIOCGIFCONF and
SIOCGIFFLAGS
     ioctl(2)'s.  Normal applications should not need to use this option.
---
I wrote this simple code:
---
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/stat.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <err.h>
#include <fcntl.h>
(Continue reading)

Permalink | Reply | 0 comments |

Gmane