Re: Search with regex in nvi

[Martijn van Duren]

>From what I can see your regex is the same as Attiva.*XXL[1],
so why not just that one?

Or what pattern are you trying to match exactly?

On 02/26/16 04:39, Артур Истомин wrote:
> Suppose I have file with next lines among others:
> 
> Omsa Attiva 40 cioccolato 2
> Omsa Attiva 40 blue XXL
> Omsa Attiva 40 milk S
> Omsa Attiva 40 sierra XXL
> Omsa Attiva 40 nero M
> Omsa Attiva 40 nero XXL
> 
> I need to find lines, where size is XXL. I can do it with "Attiva\&.*XXL" in 
> vim
> but it doesn't work in nvi. Are there any general way to do it in both 
> editors?
> 
> Thank you.
> 
[1] use both /Attiva\&.*XXL and /Attiva.*XXL in vim with :set hlsearch

Search with regex in nvi

[Артур Истомин]

Suppose I have file with next lines among others:

Omsa Attiva 40 cioccolato 2
Omsa Attiva 40 blue XXL
Omsa Attiva 40 milk S
Omsa Attiva 40 sierra XXL
Omsa Attiva 40 nero M
Omsa Attiva 40 nero XXL

I need to find lines, where size is XXL. I can do it with "Attiva\&.*XXL" in vim
but it doesn't work in nvi. Are there any general way to do it in both editors?

Thank you.

Re: e-commerce framework suggestion? medoc?

[Dan Jones]

> On Feb 25, 2016, at 1:28 AM, li...@wrant.com wrote:
>
> Don't fall for regulation scare talks, there should be no reason to
> put something outside local premises except payment processing which
> is a well developed monetary system service from banks etc.
>

Since I deal with credit card security in my professional life I’ll chime
in.  PCIDSS are the primary security standards you (or your client) need to
deal with.  These are not governmental standards but are set by the payment
card industry (JCB International, Visa, MasterCard, etc.). While there may be
government regulations they are typically less stringent than PCIDSS.

The standards vary based on how credit cards are being handled. If, as
suggested, you allow a third party (Paypal, Square, your bank) to do the
actual payment processing and at no point in time your does server asks for
(or handles) a credit card number your life is much simpler.  If you develop a
web form that asks for a credit card number (even if you pass it back to the
bank for processing) you have to comply with more regulations.  You can choose
the path that makes the most sense by taking at look at the requirements at
https://www.pcisecuritystandards.org/.

Re: how to send email via Mail

[Nick Holland]

On 02/25/16 17:01, Jaap Bosman wrote:
> Hallo, I would like to use mail(1) for email client.

No, really, you don't.

> In man mail(1) I read nothing about configure mail to send and receive
> email from outside. I would like to find how to configure mail(1).

Step 1: you need to read the first few chapters of the Sendmail book.
You can skip all the stuff about sendmail configuration, but you don't
seem to understand how mail works.

And ... hopefully you realize you don't want to get involved in that
side of the mail system.  Just pay someone to do that for you.

> I guess email addresses have to be listed somewhere? where? How?
> ISP adresses and POP or whatever should be listed somewhere?

No.
All mail(1) does is read data from a mailbox file, and create mail for
delivery to a local Mail Transport Agent.

How does data get into the mailbox file?  Not mail(1)'s problem.  What
happens after it is delivered to the MTA?  Not mail(1)'s problem.

A few things on an OpenBSD (or any Unix) box will generate system mail
that will be dropped in mailbox files; mail(1) does a good job of
helping you extract that mail to find out why it did.  mail(1) also does
a good job of creating mail to be delivered somewhere (not it's
problem!) from scripts and such in a Unix-y way.

Nick.

Re: how to Bridging with a wireless NIC

[Stuart Henderson]

On 2016-02-25, Stefan Sperling  wrote:
> On Tue, Feb 23, 2016 at 08:07:31PM +0900, Tuyosi Takesima wrote:
>> auto wlan0
>> iface wlan0 inet dhcp
>> wpa-ssid URoad-9BF
>> wpa-ap-scan 1
>> wpa-key-mgmt WPA-PSK
>> wpa-psk 4955
>
>> # iw wlan0 info
>> command failed: No such device (-19)
>
> I don't understand how iw can fail like this if you have wlan0 configured.
> Either you have a wlan0 interface or you don't.
>
> I expected the iw command to show that WDS ("Wireless Distribution System")
> is in use on wlan0. WDS is what makes bridging across wireless work, and
> WDS is not supported by OpenBSD.
>
> Please stop trying to build your bridge with OpenBSD, it won't work.
> Maybe, one day, OpenBSD will support WDS. Then you can try again.

If you want something that works on OpenBSD now, that's NAT and normal
routing. Other methods aren't going to work, the 802.11 frame format
doesn't allow it unless you have either WDS's "4 address format" or
MAC translation ("layer2 nat" e.g. with Linux ebtables).

Re: e-commerce framework suggestion? medoc?

[Dave Anderson]

On Thu, 25 Feb 2016, li...@wrant.com wrote:


Wed, 24 Feb 2016 23:51:10 +0100 arrowscr...@mail.com

So, I'll probably use Ubercart. Thanks everyone.
The "Django" software seems good too 'Mariano', I'll read more on that.

About the laws and regulations 'Dave', I will need to see that. Here
in my country we have all these regulations too. Thanks for the
advice.


Don't fall for regulation scare talks, there should be no reason to
put something outside local premises except payment processing which
is a well developed monetary system service from banks etc.


Don't fall for "it's all a scare tactic" either.  Investigate, then make 
your own decision based on whatever laws and regulations apply to you. 
Good luck.


Dave


Run your own systems, make sure you protect your clients personal
details, separate databases and storage layers, use sound security
and encryption, and update your software regularly plus plan for
disaster.  This includes dirty play from the competing parties which
want to suck your data into their system with the "cloud" services.

Web based software is multiple reliability nightmares yet running it
internally with limited outside connectivity and reliable (static) web
front end site is an option for control of this critical aspect.

At that point you're as good as a personal self sustained service.



--
Dave Anderson

Re: how to send email via Mail

[Nick]

http://www.openbsd.org/opensmtpd/faq/example1.html


 Original Message 
Subject: how to send email via Mail
Local Time: February 25, 2016 10:02 pm
UTC Time: February 25, 2016 10:02 PM
From: j...@xs4all.nl
To: misc@openbsd.org

Hallo, I would like to use mail(1) for email client.
In man mail(1) I read nothing about configure mail to send and receive
email from outside. I would like to find how to configure mail(1).
I guess email addresses have to be listed somewhere? where? How?
ISP adresses and POP or whatever should be listed somewhere?
thanks
Jaap

Typo on main html page

[Bernd Schoeller]

Hi -

I know that I might be fussy, but Dillo complains about the following in
the main index.html of www.openbsd.org:

Index: index.html
===
RCS file: /cvs/www/index.html,v
retrieving revision 1.689
diff -u -p -u -r1.689 index.html
--- index.html  21 Feb 2016 05:19:08 -  1.689
+++ index.html  25 Feb 2016 22:21:21 -
@@ -120,7 +120,7 @@
   
   
 
-
+
   
 
   


Regards,
Bernd

how to send email via Mail

[Jaap Bosman]

Hallo, I would like to use mail(1) for email client.
In man mail(1) I read nothing about configure mail to send and receive
email from outside. I would like to find how to configure mail(1).
I guess email addresses have to be listed somewhere? where? How?
ISP adresses and POP or whatever should be listed somewhere?
thanks
Jaap

Re: how to Bridging with a wireless NIC

[Stefan Sperling]

On Fri, Feb 26, 2016 at 05:15:19AM +0900, Tuyosi Takesima wrote:
> TV get 192.168.0.10
>gateway adress 192.168.0.1
>dns8.8.8.8
> 
> how to rerite pf.conf inorder to access TV from 192.168.10.0/24 ?

You could try using rdr-to.
Something like this might work:

   pass in on egress proto tcp from any to any port 22 \
   rdr-to 192.168.0.10 port 22

Perhaps your TV needs different ports than 22.
This is just an example.

> i do not understand hostapd any .

You don't need hostapd. It implements IAAP (inter-access point
protocol). It's used when connecting multiple APs via cable.
But you only have 1 AP.

Re: Firejail in OpenBSD?

[Karel Gardas]

I'm afraid you will get a no answer on this. Firejail seems to use
Linux specific tools to do its task and IIRC I've read some not so
nice remarks about at least BPF on some of OpenBSD mailing list.
Anyway, OpenBSD is heading into the same direction (of apps limited
priviledges) by using its own pledge API/syscall. Grep for pledge in
your preferred app port and see if this is already pledged or not...
If not and if you are a programmer, then read pledge(2) and give it a
try...

On Thu, Feb 25, 2016 at 8:23 PM, hans peter  wrote:
> Hello,
> Firejail secures* the everyday apps that a user uses on an example
> Desktop machine: Firefox, transmission, etc.:
> https://firejail.wordpress.com/ Is there any alternatives on OpenBSD for
> Firejail? Or could it be ported? *The sandbox is lightweight, the
> overhead is low. There are no complicated configuration files to edit, no
> socket connections open, no daemons running in the background. Many
> thanks, http://www.openbsdfoundation.org/campaign2016.html

how to Bridging with a wireless NIC

[Tuyosi Takesima]

thanks for  Stefan's good idvice .


i add
3)too common , only dhcpd & pf (no bridge)

internet-router:192.168.1.1--FON192.168.10.1...wifi...rum0[openbsd]axe0---TV

/etc/hostname.rum0
nwid MyPlace
wpakey 70810
dhcp

/etc/hostname.axe0
inet 192.168.0.1 255.255.255.0

/etc/dhcpd.interfaces<
axe0

/etc/dhcpd.conf
option  domain-name "my.domain";
option  domain-name-servers  8.8.8.8;
subnet 192.168.0.0 netmask 255.255.255.0 {
option routers 192.168.0.1;
range 192.168.0.10;
}


/etc/pf.conf
OUT="rum0"
int_if="axe0"
table  { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 \
  172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 224.0.0.0/3 \
  192.168.0.0/16 198.18.0.0/15 198.51.100.0/24\
  203.0.113.0/24 }
set block-policy drop
set loginterface egress
set skip on lo0
match in all scrub (no-df random-id max-mss 1440)
match out on egress inet from !(egress:network) to any nat-to (egress:0)
block in quick on egress from  to any
block return out quick on egress from any to 
block all
pass out quick inet
pass in on $int_if inet


TV get 192.168.0.10
   gateway adress 192.168.0.1
   dns8.8.8.8

how to rerite pf.conf inorder to access TV from 192.168.10.0/24 ?


by the way , there is /etc/rc.d/hostapd
and
hostapd.conf is
wlan="ath0"
wired="sis0"
table  {
00:90:4b:0d:fd:c8,
00:02:6f:21:ea:8b
}
...

i do not understand hostapd any .
i noticed 'wlan phrase' only

-
regards

Firejail in OpenBSD?

[hans peter]

Hello,
Firejail secures* the everyday apps that a user uses on an example
Desktop machine: Firefox, transmission, etc.:
https://firejail.wordpress.com/ Is there any alternatives on OpenBSD for
Firejail? Or could it be ported? *The sandbox is lightweight, the
overhead is low. There are no complicated configuration files to edit, no
socket connections open, no daemons running in the background. Many
thanks, http://www.openbsdfoundation.org/campaign2016.html

OpenSSL changes coming Tuesday

[Devin Reade]

Operators:

Apparently there are high severity security patches coming for OpenSSL on
Tuesday 01 Mar 2015:



I have no idea if/how this affects LibreSSL, and we can't necessarily expect
info from those in the know until then.  So keep your calendar open.

Devin

Re: hostname | /etc/hosts

[Roderick]

On Wed, 24 Feb 2016, Janne Johansson wrote:


Since "dk." resolves to an A-record, I guess that works as an FQDN.


We tend to suppose that a FQDN is a hostname plus a domain, but this
is obviously not the case. Any string as described at the end of
hosts (5) should serve as a host name.

We continously see cases of the form "example.com" and
"abc.example.com" resolving. And was not proposed here to use
localhost as domain? Then you have "localhost" and "abc.localhost"
resolving.

Indeed "dk." resolves. And similarly I put names without dots in
/etc/hosts. Perhaps conflicts with registered TLD may be avoided
putting numbers or dashes in the name. It seems, Icann does not
accept numbers and dashes in the TLD. See 2.11 in

https://newgtlds.icann.org/en/applicants/global-support/faqs/faqs-en

Rodrigo.

Re: sensorsd, upd, and state changes

[lilit-aibolit]

Hi list, why I don't have extra line in output with sensor 
upd0.percent1(RemainingCapacity)?

Is it related to model of my UPS?

# usbdevs | grep UPS
  addr 4: Back-UPS ES 525 FW:851.t3.I USB FW:t3, American Power Conversion

# sysctl hw.sensors
hw.sensors.upd0.indicator0=Off (Charging), OK
hw.sensors.upd0.indicator1=Off (Discharging), OK
hw.sensors.upd0.indicator2=On (ACPresent), OK
hw.sensors.upd0.indicator3=On (BatteryPresent), OK
hw.sensors.upd0.indicator4=Off (ShutdownImminent), OK
hw.sensors.upd0.percent0=100.00% (FullChargeCapacity), OK

# tail /var/log/messages | grep upd
Feb 25 12:59:27 gw sensorsd[2261]: upd0.percent1: 0.00%, UNKNOWN
Feb 25 13:45:43 gw sensorsd[13167]: upd0.percent1: 0.00%, UNKNOWN

Re: Nagios/OpenBSD 5.8: success anyone?

[Jiri B]

On Thu, Feb 25, 2016 at 04:24:31PM +, Olivier Debr wrote:
> Symptoms:
> trying to access any cgi yields error 500 and lines as follows in
> /var/log/messages
> slowcgi[32405]: execve /cgi-bin/nagios/: Is a directory
>
> [...]
>

I have never used slowcgi but check below:

> lan_ip="em0"
> server "nagios.siderlog-ra.fr" {
>listen on $lan_ip port 80
>root "/nagios"
>directory index index.php
>location "*.php" {
> root "/nagios"
> fastcgi socket "/run/php-fpm.sock"
>}
>location "/cgi-bin/nagios/*.cgi" {
> root "/cgi-bin/nagios/*.cgi"
^^ seems wrong

man httpd.conf says it should be path, so i assume wildcard
is wrong.

> fastcgi socket "/run/slowcgi.sock"
>}
> }

j.

Nagios/OpenBSD 5.8: success anyone?

[Olivier Debré]

Hello.

I've been using Nagios/OpenBSD/Apache for years, but can't make it work now
on 5.8/httpd.
I think this must be related with my (very) poor understanding of
httpd/slowcgi/fastcgi.

Symptoms:
trying to access any cgi yields error 500 and lines as follows in
/var/log/messages
slowcgi[32405]: execve /cgi-bin/nagios/: Is a directory

Setup:
- OpenBSD 5.8
- packages: nagios-4.0.8p1-chroot, nagios-web-4.0.8p1-chroot, php-fpm-5.6.11p0
- /var/www/cgi-bin/nagios/ and all files inside : owner and group www, mod 555
- slowcgi daemon run without any option
- excerpt from /etc/httpd.conf :

lan_ip="em0"
server "nagios.siderlog-ra.fr" {
   listen on $lan_ip port 80
   root "/nagios"
   directory index index.php
   location "*.php" {
root "/nagios"
fastcgi socket "/run/php-fpm.sock"
   }
   location "/cgi-bin/nagios/*.cgi" {
root "/cgi-bin/nagios/*.cgi"
fastcgi socket "/run/slowcgi.sock"
   }
}

Any idea to what I did wrong?

Thanks.

Olivier Debré

Re: hostname | /etc/hosts

[Roderick]

Hello anyone and thanks for the clarifications!

On Thu, 25 Feb 2016, Craig Skinner wrote:


Here's the full public domain name root list (which changes):
http://www.iana.org/domains/root/db


There is an inflation of TLD Names. I hope that registering a
domain name become cheaper due to this abundance, but my experience
is the opposite.

My names without dots in /etc/hosts are to be considered as names
immediately under the root in the DNS tree, as also "localhost" 
(localhost.). The names inflation has a bad effect on my praxis.

Is/was it not a common praxis? Some years ago we did not expect TLDs
with more than 3 letters, every other name was to be expected to be
local.


From the reserved names in rfc2606, "test" seems to be the best, it

has four letters, the others 7 and 8. I wonder how commercial became
this, that they did not conseder that normal users want short names,
that they sold "dev." to google.

Rodrigo.

Re: no bandwidthd src pkd in /usr/ports

[Marc Espie]

On Thu, Feb 25, 2016 at 11:56:10AM +0530, Indunil Jayasooriya wrote:
> Hi Misc,
> 
> I have OpenBSD 5.5 64 bit gateway.

UPGRADE.

You're very badly out of date. That stuff is no longer supported at all. 

There are probably exploitable holes in it by now.

Re: e-commerce framework suggestion? medoc?

[lists]

Wed, 24 Feb 2016 23:51:10 +0100 arrowscr...@mail.com
> So, I'll probably use Ubercart. Thanks everyone.
> The "Django" software seems good too 'Mariano', I'll read more on that.
> 
> About the laws and regulations 'Dave', I will need to see that. Here
> in my country we have all these regulations too. Thanks for the
> advice.

Don't fall for regulation scare talks, there should be no reason to
put something outside local premises except payment processing which
is a well developed monetary system service from banks etc.

Run your own systems, make sure you protect your clients personal
details, separate databases and storage layers, use sound security
and encryption, and update your software regularly plus plan for
disaster.  This includes dirty play from the competing parties which
want to suck your data into their system with the "cloud" services.

Web based software is multiple reliability nightmares yet running it
internally with limited outside connectivity and reliable (static) web
front end site is an option for control of this critical aspect.

At that point you're as good as a personal self sustained service.

Re: how to Bridging with a wireless NIC

[Stefan Sperling]

On Tue, Feb 23, 2016 at 08:07:31PM +0900, Tuyosi Takesima wrote:
> auto wlan0
> iface wlan0 inet dhcp
> wpa-ssid URoad-9BF
> wpa-ap-scan 1
> wpa-key-mgmt WPA-PSK
> wpa-psk 4955

> # iw wlan0 info
> command failed: No such device (-19)

I don't understand how iw can fail like this if you have wlan0 configured.
Either you have a wlan0 interface or you don't.

I expected the iw command to show that WDS ("Wireless Distribution System")
is in use on wlan0. WDS is what makes bridging across wireless work, and
WDS is not supported by OpenBSD.

Please stop trying to build your bridge with OpenBSD, it won't work.
Maybe, one day, OpenBSD will support WDS. Then you can try again.

Re: rsync mirror for firmware.openbsd.org

[Jiri B]

On Thu, Feb 25, 2016 at 12:59:14PM +, Comte wrote:
> Hi,
> 
> i would like to make an internal mirror but didn't find any rsync url to
> mirror firmware.openbsd.org, is there any ?

Easy to mirror with lftp and its 'mirror' command.

j.

Re: hostname | /etc/hosts

[Kamil Cholewiński]

On Thu, 25 Feb 2016, Stuart Henderson  wrote:
> On 2016-02-24, Kamil Cholewiński  wrote:
>> This. See how Google bought '.dev'.
>>
>> https://tools.ietf.org/html/rfc2606
>
>  was cheaper to buy the TLD to prevent anyone else from grabbing
> it, rather than change it>

Definitely. At Google's scale, probably any trivial decision like that
instantly saves them money or improves some process.

rsync mirror for firmware.openbsd.org

[Comète]

Hi,

i would like to make an internal mirror but didn't find any rsync url to
mirror firmware.openbsd.org, is there any ?

Thanks.

Morgan

Re: hostname | /etc/hosts

[Stuart Henderson]

On 2016-02-24, Kamil Cholewiński  wrote:
> On Wed, 24 Feb 2016, Peter Hessler  wrote:
>> On 2016 Feb 24 (Wed) at 12:59:04 + (+), Craig Skinner wrote:
>> :Hi Rodrigo,
>> :
>> :On 2016-02-24 Wed 10:48 AM |, Roderick wrote:
>> :> 
>> :> Should the name in /etc/myname include a domain name? Even when I
>> :> do not have a static IP registered in a public DNS?
>> :> 
>> :
>> :Yes, these non-public "domains" are suitable:
>> :.localdomain
>> :.internal
>> :.private
>> :.priv
>>
>> Do not depend on any domain that you don't own.  Just because it isn't
>> allocated _now_ doesn't mean it won't be.
>>
>
> This. See how Google bought '.dev'.
>
> https://tools.ietf.org/html/rfc2606

Re: how to Bridging with a wireless NIC

[Tuyosi Takesima]

i try openbsd .

1) too common way( wired-wired  bridge)

internet--router:192.168.1.1--em0[openbsd]axe0---TV

/etc/hostname.em0
dhcp

/etc/hostname.axe0
up

/etc/hostname.bridge0
add em0
add axe0
up

TV
address 192.168.1.250
gateway 192.168.1.1
dns 192.168.1.1


2)
wifi bridging is hard

internet--router:192.168.1.1--FON192.168.10.1...wifi...rum0[openbsd]axe0---wired---TV

/etc/hostname.rum0
nwid MyPlace
wpakey 70810
dhcp

/etc/hostname.axe0
up

/etc/hostname.bridge0
add rum0
add axe0
up

rum0 get 192.168.10.220

TV get 169.254.232.148/255.255.0.0
   (no gateway adress , no dns)

-
regards

Re: Just curious, what are approx plans for kernel-multicore-ness next 1-2 years? (net/file IO) How much is it a relevant prio?

[Tinker]

On 2016-02-25 19:05, Jiri B wrote:

On Thu, Feb 25, 2016 at 06:14:40PM +0700, Tinker wrote:
Any guess about when might it actually become usable, 6.1, 6.2, this 
year,

next?


I would be very curious to see if-what limits there are on file IO 
activity
when you do it full-on completely RW on 10-20 cores and a ton of 
SSD:s.


If you have any guess about what probably would happen feel free to 
share.

:)


Read cvs commit messages and you will see they are hard working on it.
Lot of work has been done by sasha@ in PF as he's one of those 
responsible

for porting PF to Solaris as main FW in next major release.

If you by some chance think they are slow, your mails won't change much 
anyway.
Send money, so the project could use them to free some developers from 
coding

something else for living and work instead on OpenBSD.

Or... OpenBSD was first open-source OS which had anonymous access to 
sources.

So you know other way too speed up the things.

j.


Just wanted to understand where it is at. No complaining, just grateful 
for this great OS. Yes all with you that proper contributions are money, 
code and hardware. Thanks.

Re: Just curious, what are approx plans for kernel-multicore-ness next 1-2 years? (net/file IO) How much is it a relevant prio?

[Jiri B]

On Thu, Feb 25, 2016 at 06:14:40PM +0700, Tinker wrote:
> Any guess about when might it actually become usable, 6.1, 6.2, this year,
> next?
> 
> 
> I would be very curious to see if-what limits there are on file IO activity
> when you do it full-on completely RW on 10-20 cores and a ton of SSD:s.
> 
> If you have any guess about what probably would happen feel free to share.
> :)

Read cvs commit messages and you will see they are hard working on it.
Lot of work has been done by sasha@ in PF as he's one of those responsible
for porting PF to Solaris as main FW in next major release.

If you by some chance think they are slow, your mails won't change much anyway.
Send money, so the project could use them to free some developers from coding
something else for living and work instead on OpenBSD.

Or... OpenBSD was first open-source OS which had anonymous access to sources.
So you know other way too speed up the things.

j.

Re: no bandwidthd src pkd in /usr/ports

[Raf Czlonka]

On Thu, Feb 25, 2016 at 10:25:38AM GMT, Peter N. M. Hansteen wrote:
> On 02/25/16 07:26, Indunil Jayasooriya wrote:
> > I have OpenBSD 5.5 64 bit gateway.
> 
> As Raf pointed out already, you're way overdue for an upgrade.
> 
> > I want to install  bandwidthd. But I can't find a src pkg in
> > /usr/ports
> > 
> > is there a Binary pkg?
> > 
> > what about this ?
> > 
> > https://sourceforge.net/projects/bandwidthd/files/bandwidthd/bandwidthd%202.0.1/bandwidthd-2.0.1.tgz/download
> >
> >  Any comment?
> 
> It's not available as an OpenBSD port or package now, and I'm not sure
> it ever was. Then again, the code was last updated in 2005, so this
> looks like abandonware.

Hi Peter,

I hope I'm not being pedantic here - the code *has* been updated "only"
5 years ago[0] - yes, I know ;^) The fact that the software had not seen
a *release* for over 11 years is the main issue here as OpenBSD ports
maintainers don't tend to do ports which rely on vcs snapshots - a fact
which has been mentioned not so long ago[1].
 
> Try browsing the ports tree for something similar (make search or
> http://openports.se come to mind as useful methods), more likely than
> not you can find roughly equivalent functionality in other packages.

Ahh..., yes - that's the actual link I had in mind :^)

Regards,

Raf

[0] 
http://bandwidthd.cvs.sourceforge.net/viewvc/bandwidthd/bandwidthd/?sortby=date#dirlist
[1] http://marc.info/?l=openbsd-ports&m=143575822211626

Re: Just curious, what are approx plans for kernel-multicore-ness next 1-2 years? (net/file IO) How much is it a relevant prio?

[Peter Hessler]

On 2016 Feb 25 (Thu) at 18:14:40 +0700 (+0700), Tinker wrote:
:On 2016-02-25 06:04, Chris Cappuccio wrote:
:>Tinker [ti...@openmailbox.org] wrote:
:>>First, Thank you for this fantastically awesome OS.
:>>
:>>
:>>Just curious, what are approx plans for kernel-multicore-ness next 1-2
:>>years? (Network IO, file/disk IO)
:>>
:>
:>Network SMP (and other subsystems required to support it) is the heaviest
:>area right now.
:>
:>>
:>>Are there any relevant cases today where the singlecore architecture
:>>actually is limiting? Say on a 20-core machine doing random file and
:>>network
:>>IO full-on.
:>>
:>
:>Many, especially once you go past 4 or 8 cores.
:
:Regarding the network, yes I heard about the multicore-ization work too.
:(Also I talked to someone whose router had a 700Mbps limit on his crappy
:hardware because of the same constraint - not too bad though haha :) )
:
:Any guess about when might it actually become usable, 6.1, 6.2, this year,
:next?
:

The plan is "make it better".  And the timeframe is "when it is ready".

This is pretty much always the plan and timeframe we have.  Obviously we
hope "sooner" rather than "later", but hopes don't make it ready.


-- 
You know it's going to be a bad day when you want to put on the clothes
you wore home from the party and there aren't any.

Re: Just curious, what are approx plans for kernel-multicore-ness next 1-2 years? (net/file IO) How much is it a relevant prio?

[Tinker]

On 2016-02-25 06:04, Chris Cappuccio wrote:

Tinker [ti...@openmailbox.org] wrote:

First, Thank you for this fantastically awesome OS.


Just curious, what are approx plans for kernel-multicore-ness next 1-2
years? (Network IO, file/disk IO)



Network SMP (and other subsystems required to support it) is the 
heaviest

area right now.



Are there any relevant cases today where the singlecore architecture
actually is limiting? Say on a 20-core machine doing random file and 
network

IO full-on.



Many, especially once you go past 4 or 8 cores.


Regarding the network, yes I heard about the multicore-ization work too. 
(Also I talked to someone whose router had a 700Mbps limit on his crappy 
hardware because of the same constraint - not too bad though haha :) )


Any guess about when might it actually become usable, 6.1, 6.2, this 
year, next?



I would be very curious to see if-what limits there are on file IO 
activity when you do it full-on completely RW on 10-20 cores and a ton 
of SSD:s.


If you have any guess about what probably would happen feel free to 
share. :)



Thanks, have a great day.

Re: asking for help compiling dns stats collector (dsc)

[Oliver Peter]

On Thu, Feb 25, 2016 at 09:42:25AM +0200, Imre Oolberg wrote:
> Hi!
> 
> On 2016-02-22 20:08, Stuart Henderson wrote:
> >On 2016-02-21, Imre Oolberg  wrote:
> >>Hi!
> >>
> >>I am in the middle of implementing https://www.dns-oarc.net/tools/dsc/
> >>while on OpenBSD is running nameserver process i.e. there needs to be
> >>also collector part of DSC and I am not succeeding compiling it.
> >>Platform is OpenBSD v 5.8 amd64 and source is dsc-201502251630.tar.gz.
> >>After unpacking i get
> >>
> >>imre-obsd-58-rec:~/dsc/l/dsc-201502251630/collector# make
> >>...
> >>cc -g -Wall -DUSE_IPV6=1 -g -O2  -g -Wall -DUSE_IPV6=1 -g -O2-c
> >>base64.c
> >>cc -g -Wall -DUSE_IPV6=1 -g -O2  -g -Wall -DUSE_IPV6=1 -g -O2-c
> >>generic_counter.c
> >>cc -g -Wall -DUSE_IPV6=1 -g -O2  -g -Wall -DUSE_IPV6=1 -g -O2-c
> >>pcap.c
> >>cc -g -Wall -DUSE_IPV6=1 -g -O2  -g -Wall -DUSE_IPV6=1 -g -O2-c
> >>ncap.c
> >>cc -g -Wall -DUSE_IPV6=1 -g -O2  -g -Wall -DUSE_IPV6=1 -g -O2-c
> >>dns_protocol.c
> >>dns_protocol.c:9:33: error: arpa/nameser_compat.h: No such file or
> >>directory
> >>*** Error 1 in dsc (:87 'dns_protocol.o')
> >>*** Error 1 in /root/dsc/l/dsc-201502251630/collector (Makefile:2
> >>'all')
> >>
> >>So i found that probably i need libbind package and continuing in
> >>collector/dsc directory like this
> >>
> >>imre-obsd-58-rec:~/dsc/l/dsc-201502251630/collector/dsc# ./configure
> >>CFLAGS="-I/usr/local/include/bind" LDFLAGS="-L/usr/local/lib/libbind"
> >>
> >>i get further (it think almost to the end on compilation)
> >>
> >>imre-obsd-58-rec:~/dsc/l/dsc-201502251630/collector/dsc# make
> >>...
> >>cc -g -Wall -DUSE_IPV6=1 -I/usr/local/include/bind   -g -Wall
> >>-DUSE_IPV6=1 -I/usr/local/include/bind -c config_hooks.c
> >>cc -g -Wall -DUSE_IPV6=1 -I/usr/local/include/bind   -g -Wall
> >>-DUSE_IPV6=1 -I/usr/local/include/bind -c hashtbl.c
> >>cc -g -Wall -DUSE_IPV6=1 -I/usr/local/include/bind   -g -Wall
> >>-DUSE_IPV6=1 -I/usr/local/include/bind -c lookup3.c
> >>cc -g -Wall -DUSE_IPV6=1 -I/usr/local/include/bind   -g -Wall
> >>-DUSE_IPV6=1 -I/usr/local/include/bind -c xmalloc.c
> >>cc -g -Wall -DUSE_IPV6=1 -I/usr/local/include/bind   -g -Wall
> >>-DUSE_IPV6=1 -I/usr/local/include/bind -c inX_addr.c
> >>c++ -o dsc base64.o  generic_counter.o  pcap.o  ncap.o  dns_protocol.o
> >>dns_message.o  ip_message.o  daemon.o  md_array.o  null_index.o
> >>qtype_index.o  qclass_index.o  tld_index.o  country_index.o
> >>rcode_index.o  qnamelen_index.o  qname_index.o  msglen_index.o
> >>client_ipv4_addr_index.o  client_ipv4_net_index.o
> >>md_array_xml_printer.o  ip_direction_index.o  ip_proto_index.o
> >>ip_version_index.o  certain_qnames_index.o  query_classification_index.o
> >>idn_qname_index.o  edns_version_index.o  edns_bufsiz_index.o
> >>do_bit_index.o  rd_bit_index.o  tc_bit_index.o  qr_aa_bits_index.o
> >>opcode_index.o  transport_index.o  dns_ip_version_index.o
> >>dns_source_port_index.o  ParseConfig.o  config_hooks.o  hashtbl.o
> >>lookup3.o  xmalloc.o  inX_addr.o  -L/usr/local/lib/libbind-lpcap
> >> ../TmfBase/Hapy/src/.libs/libHapy.a
> >>dns_protocol.o: In function `grok_question':
> >>/root/dsc/l/dsc-201502251630/collector/dsc/dns_protocol.c:93: warning:
> >>warning: strcpy() is almost always misused, please use strlcpy()
> >>pcap.o: In function `handle_tcp':
> >>/root/dsc/l/dsc-201502251630/collector/dsc/pcap.c:552: warning:
> >>warning: sprintf() is often misused, please use snprintf()
> >>query_classification_index.o: In function `a_for_a':
> >>
> >>/root/dsc/l/dsc-201502251630/collector/dsc/query_classification_index.c:71:
> >>undefined reference to `__inet_aton'
> >>inX_addr.o: In function `inXaddr_ntop':
> >>/root/dsc/l/dsc-201502251630/collector/dsc/inX_addr.c:28: undefined
> >>reference to `__inet_ntop'
> >>/root/dsc/l/dsc-201502251630/collector/dsc/inX_addr.c:31: undefined
> >>reference to `__inet_ntop'
> >>inX_addr.o: In function `inXaddr_pton':
> >>/root/dsc/l/dsc-201502251630/collector/dsc/inX_addr.c:41: undefined
> >>reference to `__inet_pton'
> >>/root/dsc/l/dsc-201502251630/collector/dsc/inX_addr.c:45: undefined
> >>reference to `__inet_pton'
> >>collect2: ld returned 1 exit status
> >>*** Error 1 in /root/dsc/l/dsc-201502251630/collector/dsc (Makefile:65
> >>'dsc')
> >>
> >>For example text around query_classification_index.c:71 reads like this
> >>
> >>static int
> >>a_for_a(const dns_message * m)
> >>{
> >> struct in_addr a;
> >> if (m->qtype != T_A)
> >> return 0;
> >> if (inet_aton(m->qname, &a))
> >> return CLASS_A_FOR_A;
> >> return 0;
> >>}
> >>
> >>I would be very thankful if you could point to me how to solve it and
> >>progress from here to ./dsc binary.
> >>
> >>
> >>Imre
> >>
> >>PS I searched ports collection for similarities and actually found file
> >>
> >>/usr/ports/pobj/dnstop-20140915/dnstop-20140915/inX_addr.c
> >>
> >>which is very similar to
> >>
> >>/root/dsc/l/d

Re: no bandwidthd src pkd in /usr/ports

[Peter N. M. Hansteen]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

On 02/25/16 07:26, Indunil Jayasooriya wrote:
> I have OpenBSD 5.5 64 bit gateway.

As Raf pointed out already, you're way overdue for an upgrade.

> I want to install  bandwidthd. But I can't find a src pkg in
> /usr/ports
> 
> is there a Binary pkg?
> 
> what about this ?
> 
> https://sourceforge.net/projects/bandwidthd/files/bandwidthd/bandwidth
d%202.0.1/bandwidthd-2.0.1.tgz/download
>
>  Any comment?

It's not available as an OpenBSD port or package now, and I'm not sure
it ever was. Then again, the code was last updated in 2005, so this
looks like abandonware.

Try browsing the ports tree for something similar (make search or
http://openports.se come to mind as useful methods), more likely than
not you can find roughly equivalent functionality in other packages.

- From the two-sentence description at sourceforge, it's possible you'd
be well served with bandwidth monitoring via symon and friends or by
setting up pflow and using one of the several netflow packages to
generate graphs and suchlike.

- -- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
iQIcBAEBCAAGBQJWztafAAoJELJiGF9h4DyebewP/34RkPHTxmuG+xZqEXf3JSR3
FGOauScsbkqLM5liJNYFMB24QfyFsqg8mnEcJX7zskp6mUoeq7RXx4tN19wzwNWY
VYROAsl8/NCE3/BjlJ0IseI/qv7L3OfqDBXtAY4bhLWomYCWo/9rk4dzXa0bODbZ
oQ3LvBWMSpno0xtMZvS4fqOl2bYyTOellbHsylop02to4BX52p8R8928+kJcrBN2
kh1Akn8yyKCT5Tr1afAG+XIngCN8JGnEibXjsN6As4/fhrWcTSGeE2eiEKSRPu5K
YksdRtWA9A2ejQ7ftillh5Q8DVjA+8vK8mbJnn5fYsNJ0rnCBDxb1F9x0iw8CROs
kNNLflYbzdlDGxykENvMGQ7OBEO0tDv27FSOOAdPTCdX0HmKjS0p+Amv2hrxq/8p
R7K0l0bie3JudiqP6T79MtaWMffxxAGmtH3S67vuyPeFNShza8M8HdbOrI1ix+sH
kwz51pX6FusUlxbXE5YNrh88xcMe4ToOGmzHltUOQpV/i55JGfS+dEA86wab0s/+
DYijFjIRM3EZs/uTU5wIyG+tQ+oKIYapXoyh8+qi/M6/NH5/HASZPkSuGfNmClBG
HkSs8mTaWZe2D3LvtDOjOPjoJ27j5ft15U7ieZ+IEVmGOPGP1UztOAe0nil5eTCW
4fW/afZm9fA6EO3v1ABd
=oh+Z
-END PGP SIGNATURE-

Re: hostname | /etc/hosts

[Craig Skinner]

On 2016-02-24 Wed 14:13 PM |, Kamil Cholewi??ski wrote:
> 
> Any other relevant RFC's?
> 

Yes Kamil;-

RFC 6761 (2606) reserves
*) .example:   for use in examples, includes .example.{com,net,org}
*) .invalid:   for use as obviously invalid
   (@address.invalid has special meaning for MTAs,
   for remote header rewrites)
*) .localhost: to avoid conflict with the traditional
   use of localhost as a hostname
*) .test:  for use in DNS tests

RFC 6762 reserves ".local" for link-local host names which can
be resolved via Multicast DNS. Hence confict with Apple stuff.

RFC 7686 registers ".onion" for providing access to end to end
encrypted, secure, anonymised services networks. Read: Tor nets.

".exit" is also related to Tor.

There were some others, such as ".oz" in Australia. Australians call
themselves "Aussies" (pronounced "Ozzies") hence .oz, & is now ".oz.au"

See also:
http://www.iana.org/assignments/special-use-domain-names/special-use-domain-names.xhtml



Many SSL certificate issuers also (unoffically) recognise these:
.lan
.priv
.localdomain (which has been respected forever...)

Such as:
https://www.tbs-certificates.co.uk/FAQ/en/normes_tld.html
https://support.ssl.com/Knowledgebase/Article/View/34/0/acceptable-internal-domain-names
https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/722/16/

Here's the full public domain name root list (which changes):
http://www.iana.org/domains/root/db


Bernstein writes "It isn't easy to choose a safe top-level local name.
The global root operators add new top-level names every once in a while:
for example, .info was added in 2001, so people using .info as a local
name were unable to reach global .info sites."

He suggests ".internal", which is what I deploy (see the headers).

http://cr.yp.to/djbdns/dot-local.html

Cheers.
-- 
Because of the savour of thy good ointments
thy name is as ointment poured forth,
therefore do the virgins love thee.
-- Song of Solomon

Re: no bandwidthd src pkd in /usr/ports

[Raf Czlonka]

On Thu, Feb 25, 2016 at 07:01:58AM GMT, Indunil Jayasooriya wrote:

> > > I want to install bandwidthd. But I can't find a src pkg in
> > > /usr/ports
> > >
> > > is there a Binary pkg?
> >
> > There's neither a package nor a port.
>
> Thanks for this.

No worries - it is easy to check yourself[0] even if you don't have the
ports tree on your system.

> > > what about this ? > >
> >
> > https://sourceforge.net/projects/bandwidthd/files/bandwidthd/bandwidthd%202.0.1/bandwidthd-2.0.1.tgz/download
> >
> > This is just the program's source tarball.
>
> ok
>
> > > Any comment?
> >
> > Look for something with a similar functionality which is both in
> > ports and, preferably, in active development - this software hasn't
> > seen a release in over 11 years.
>
> What about darkstat ( /usr/ports/net/darkstat/ ) or something else you
> can recommend?

I haven't used either - I do have experience with MRTG, but it is
clearly not what you want.

BTW, in terms of ports and packages, ports@ is the best place to start.

Regards,

Raf

[0] http://ports.su/

Re: Alternative route table issue on 5.8

[Jean-Daniel Dupas]

> Le 25 févr. 2016 à 07:48, Martin Pieuchot  a écrit :
>
> On 25/02/16(Thu) 00:05, Martin Pieuchot wrote:
>> On 24/02/16(Wed) 21:57, Jean-Daniel Dupas wrote:
 Le 24 févr. 2016 à 19:58, Martin Pieuchot  a écrit :

 On 24/02/16(Wed) 18:56, Jean-Daniel Dupas wrote:
> Hello,
>
> On OpenBSD 5.7, I'm using alternative route table to send ping a on
>>> specific
> route.
>
> On a fresh install, I simply do
>
>> route -T 1 add default 192.168.1.1
>> ping  -V 1 8.8.8.8
>
> It works well on 5.7, but I can't managed to get it working on 5.8.
>
> On a fresh install of 5.8, doing the same commands result in a "No
route
>>> to
> host" error.

 Which command result in this error?  ping?  Is this regression also
 present in -current?  It is close to 5.9 so fixing this bug now makes
 a lot of sense.

 What does "route -T1 get 8.8.8.8" returns you?  Are the outputs of
 "route -n show" for the table 0 and 1 different between 5.7 and 5.8?
 Could you post them?
>>>
>>> Here is some details. The output of all commands are the same.
>>> The only change is that trying to access the network using the custom
table
>>> fails.
>>
>> The problem is that there's no entry for your gateway, 10.0.0.1, in the
>> table 1 and the kernel no longer link route entries across tables.
>
> Does the diff below help?
>
> Index: net/route.c
> ===
> RCS file: /cvs/src/sys/net/route.c,v
> retrieving revision 1.294
> diff -u -p -r1.294 route.c
> --- net/route.c   24 Feb 2016 22:41:53 -  1.294
> +++ net/route.c   25 Feb 2016 06:46:23 -
> @@ -389,7 +389,8 @@ _rtalloc(struct sockaddr *dst, uint32_t
>* this behavior.  But it is safe since rt_checkgate() wont
>* allow us to us this route later on.
>*/
> - nhrt = rt_match(rt->rt_gateway, NULL, flags | RT_RESOLVE, rtableid);
> + nhrt = rt_match(rt->rt_gateway, NULL, flags | RT_RESOLVE,
> + rtable_l2(rtableid));
>   if (nhrt == NULL)
>   return (rt);



Yes, it looks like it fixes my issue.

Before that, I did try to add a bunch of entries in the table to mimic the
default route table (like you suggested) but didn't managed to make it work.

Anyway, thanks for the fix.