allow/deny BOOTP in dhdcpd.conf

[Alex Waite]

Hello Everyone,

I am pretty new to the networking world. But as a sysadmin, I am 
thoroughly appreciating pf and OpenBSD as a whole. I think I may have 
fallen in love.


My question is about BOOTP. I've always heard it in the context of PXE 
booting, but as I was configuring it in dhcpd.conf, I got that weird 
tickling sensation that made me think there might be more to it. And 
indeed the Wikipedia article[1] indicates that it at least /was/ used 
for more and is largely, though not entirely, superseded-by/merged-into 
DHCP.


I've read the man page for dhcpd.conf, and it seems to strongly 
imply/assume that one would only use BOOTP support for PXE, but it isn't 
entirely explicit on that point.


So my question is: will "allow/deny bootp;" in dhcpd.conf enable/disable 
anything other than PXE support?


Thank you for your time.

---Alex

[1] https://en.wikipedia.org/wiki/Bootstrap_Protocol

Re: problem with netlock and unbound

[Jan Kalkus]

Seems to have been resolved with the July 4 snapshot: 

syncing disks... done
System restart.
   ?
Looking for valid bootloader image
Jumping to start of image at address 0xbfc8


U-Boot 1.1.1 (UBNT Build ID: 4670715-gbd7e2d7) (Build time: May 27 2014 - 
11:16:22)

BIST check passed.
UBNT_E100 r1:2, r2:18, f:4/71, serial #: 44D9E79F9DE3
MPR 13-00318-18
Core clock: 500 MHz, DDR clock: 266 MHz (532 Mhz data rate)
DRAM:  512 MB
Clearing DRAM... done
Flash:  4 MB
Net:   octeth0, octeth1, octeth2

USB:   (port 0) scanning bus for devices... 1 USB Devices found
   scanning bus for storage devices...
  Device 0: Vendor: SanDisk Prod.: Cruzer Fit Rev: 1.00
Type: Removable Hard Disk
Capacity: 60576.0 MB = 59.1 GB (124059648 x 512)
 0 
(Re)start USB...
USB:   (port 0) scanning bus for devices... 1 USB Devices found
   scanning bus for storage devices...
  Device 0: Vendor: SanDisk Prod.: Cruzer Fit Rev: 1.00
Type: Removable Hard Disk
Capacity: 60576.0 MB = 59.1 GB (124059648 x 512)
reading bsd
..
..
.
.
.
..
...

5638112 bytes read
argv[2]: coremask=0x3
ELF file is 64 bit
Allocating memory for ELF segment: addr: 0x8100 (adjusted to: 
0x100), size 0x5680d0
Allocated memory for ELF segment: addr: 0x8100, size 0x5680d0
Processing PHDR 0
  Loading 4d9998 bytes at 8100
  Clearing 8e738 bytes at 814d9998
## Loading Linux kernel with entry point: 0x8100 ...
Bootloader: Done loading app on coremask: 0x3
bootmem desc 0x24108 version 3.0
avail phys mem 0x001004d0 - 0x00fffcd0
avail phys mem 0x015680d0 - 0x0810
avail phys mem 0x08100010 - 0x0fffdc00
avail phys mem 0x00041000 - 0x00041ff0
Total DRAM Size 0x2000
mem_layout[0] page 0x0041 -> 0x03FF
mem_layout[1] page 0x055B -> 0x2040
mem_layout[2] page 0x2041 -> 0x3FFF
mem_layout[3] page 0x00104000 -> 0x00107FC0
boot_desc->argv[0] = bootoctlinux
boot_dInitial setup done, switching console.
boot_desc->desc_ver:7
boot_desc->desc_size:400
boot_desc->stack_top:0
boot_desc->heap_start:0
boot_desc->heap_end:0
boot_desc->argc:3
boot_desc->flags:0x5
boot_desc->core_mask:0x3
boot_desc->dram_size:512
boot_desc->phy_mem_desc_addr:0
boot_desc->debugger_flag_addr:0xa44
boot_desc->eclock:5
boot_desc->boot_info_addr:0x100200
boot_info->ver_major:1
boot_info->ver_minor:2
boot_info->stack_top:0
boot_info->heap_start:0
boot_info->heap_end:0
boot_info->boot_desc_addr:0
boot_info->exception_base_addr:0x1000
boot_info->stack_size:0
boot_info->flags:0x5
boot_info->core_mask:0x3
boot_info->dram_size:512
boot_info->phys_mem_desc_addr:0x24108
boot_info->debugger_flags_addr:0
boot_info->eclock:5
boot_info->dclock:26600
boot_info->board_type:20002
boot_info->board_rev_major:2
boot_info->board_rev_minor:18
boot_info->mac_addr_count:3
boot_info->cf_common_addr:0
boot_info->cf_attr_addr:0
boot_info->led_display_addr:0
boot_info->dfaclock:0
boot_info->config_flags:0x8
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2017 OpenBSD. All rights reserved.  https://www.OpenBSD.org

OpenBSD 6.1-current (GENERIC.MP) #0: Tue Jul  4 19:47:30 UTC 2017
visa@octeon:/usr/src/sys/arch/octeon/compile/GENERIC.MP
real mem = 536870912 (512MB)
avail mem = 524009472 (499MB)
mainbus0 at root
cpu0 at mainbus0: CN50xx CPU rev 0.1 500 MHz, Software FP emulation
cpu0: cache L1-I 32KB 4 way D 8KB 64 way, L2 128KB 8 way
cpu1 at mainbus0: CN50xx CPU rev 0.1 500 MHz, Software FP emulation
cpu1: cache L1-I 32KB 4 way D 8KB 64 way, L2 128KB 8 way
clock0 at mainbus0: int 5
iobus0 at mainbus0
simplebus0 at iobus0: "soc"
octciu0 at simplebus0
cn30xxsmi0 at simplebus0
com0 at simplebus0: ns16550a, 64 byte fifo
com0: console
dwctwo0 at iobus0 base 0x118006800 irq 56
usb0 at dwctwo0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "Octeon DWC2 root hub" rev 2.00/1.00 
addr 1
octrng0 at iobus0 base 0x14000 irq 0
cn30xxgmx0 at iobus0 base 0x118000800
cnmac0 at cn30xxgmx0: RGMII, address 44:d9:e7:9f:9d:e3
atphy0 at cnmac0 phy 7: AR8035 10/100/1000 PHY, rev. 2
cnmac1 at cn30xxgmx0: RGMII, address 44:d9:e7:9f:9d:e4
atphy1 at cnmac1 phy 6: AR8035 10/100/1000 PHY, rev. 2
cnmac2 at cn30xxgmx0: RGMII, address 44:d9:e7:9f:9d:e5
atphy2 at cnmac2 phy 5: AR8035 10/100/1000 PHY, rev. 2
/dev/ksyms: Symbol table not valid.
umass0 at uhub0 port 1 configuration 1 interface 0 "SanDisk Cruzer Fit" rev 
2.10/1.00 addr 2
umass0: using SCSI over Bulk-Only
scsibus0 at umass0: 2 targets, initiator 0
sd0 at scsibus0 targ 1 lun 0:  SCSI4 0/direct 
removable serial.07815571310827117253
sd0: 60576MB, 512 bytes/sector, 124059648 sectors
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
scsibus2 at softraid0:

Re: problem with netlock and unbound

[Jan Kalkus]

I’m having a similar issue, but with the octeon build (on an Edgerouter Lite) 
and smtpd

See ddb output below: 

ddb> dmesg
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2017 OpenBSD. All rights reserved.  https://www.OpenBSD.org

OpenBSD 6.1-current (GENERIC) #0: Mon Jul  3 19:57:33 UTC 2017
visa@octeon:/usr/src/sys/arch/octeon/compile/GENERIC
real mem = 536870912 (512MB)
avail mem = 524107776 (499MB)
mainbus0 at root
cpu0 at mainbus0: CN50xx CPU rev 0.1 500 MHz, Software FP emulation
cpu0: cache L1-I 32KB 4 way D 8KB 64 way, L2 128KB 8 way
clock0 at mainbus0: int 5
iobus0 at mainbus0
simplebus0 at iobus0: "soc"
octciu0 at simplebus0
cn30xxsmi0 at simplebus0
com0 at simplebus0: ns16550a, 64 byte fifo
com0: console
dwctwo0 at iobus0 base 0x118006800 irq 56
usb0 at dwctwo0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "Octeon DWC2 root hub" rev 2.00/1.00 a
ddr 1
octrng0 at iobus0 base 0x14000 irq 0
cn30xxgmx0 at iobus0 base 0x118000800
cnmac0 at cn30xxgmx0: RGMII, address 44:d9:e7:9f:9d:e3
atphy0 at cnmac0 phy 7: AR8035 10/100/1000 PHY, rev. 2
cnmac1 at cn30xxgmx0: RGMII, address 44:d9:e7:9f:9d:e4
atphy1 at cnmac1 phy 6: AR8035 10/100/1000 PHY, rev. 2
cnmac2 at cn30xxgmx0: RGMII, address 44:d9:e7:9f:9d:e5
atphy2 at cnmac2 phy 5: AR8035 10/100/1000 PHY, rev. 2
/dev/ksyms: Symbol table not valid.
umass0 at uhub0 port 1 configuration 1 interface 0 "SanDisk Cruzer Fit" rev 2.1
0/1.00 addr 2
umass0: using SCSI over Bulk-Only
scsibus0 at umass0: 2 targets, initiator 0
sd0 at scsibus0 targ 1 lun 0:  SCSI4 0/direct remova
ble serial.07815571310827117253
sd0: 60576MB, 512 bytes/sector, 124059648 sectors
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
scsibus2 at softraid0: 256 targets
boot device: sd0
root on sd0a (dfe4803dad5c2926.a) swap on sd0b dump on sd0b
WARNING: No TOD clock, believing file system.
WARNING: CHECK AND RESET THE DATE!
<3>carp: carp0 demoted group carp by 1 to 129 (carpdev)
<3>carp: carp200 demoted group carp by 1 to 130 (carpdev)
<3>carp: pfsync0 demoted group carp by 32 to 162 (pfsync init)
<3>carp: pfsync0 demoted group pfsync by 32 to 32 (pfsync init)
<3>carp: pfsync0 demoted group carp by 1 to 163 (pfsync bulk start)
<3>carp: pfsync0 demoted group pfsync by 1 to 33 (pfsync bulk start)
<3>carp: carp0 demoted group carp by -1 to 162 (carpdev)
<3>carp: carp200 demoted group carp by -1 to 161 (carpdev)
<2>carp0: state transition: BACKUP -> MASTER
<2>carp200: state transition: BACKUP -> MASTER
<2>carp0: state transition: MASTER -> BACKUP
<2>carp200: state transition: MASTER -> BACKUP
<3>carp: pfsync0 demoted group carp by -1 to 160 (pfsync bulk done)
<3>carp: pfsync0 demoted group pfsync by -1 to 32 (pfsync bulk done)
<3>carp: pfsync0 demoted group carp by -32 to 128 (pfsync init)
<3>carp: pfsync0 demoted group pfsync by -32 to 0 (pfsync init)
<2>carp0: state transition: BACKUP -> MASTER
<2>carp200: state transition: BACKUP -> MASTER
panic: rw_enter: netlock locking against myself
Stopped at  0x811695d4: jr  ra
0x811695d8:  nop
TIDPIDUID PRFLAGS PFLAGS  CPU  COMMAND
* 92620  37730 950x100012  00  smtpd
0x811695d0 (49911817bfb27b93,900107000208,208,0)  ra 0x810a
7e68 sp 0x980006e7fcd0, sz 0
0x810a7d10 (49911817bfb27b93,900107000208,208,0)  ra 0x0 sp 0x98000
6e7fcd0, sz 0
User-level: pid 37730
https://www.openbsd.org/ddb.html describes the minimum info required in bug
reports.  Insufficient info makes it difficult to find and fix bugs.
ddb> 0x811695d0 (49911817bfb27b93,900107000208,208,0)  ra 0xfff
f810a7e68 sp 0x980006e7fcd0, sz 0
0x810a7d10 (49911817bfb27b93,900107000208,208,0)  ra 0x0 sp 0x98000
6e7fcd0, sz 0
User-level: pid 37730
ddb>


> On Jul 4, 2017, at 7:58 PM, Rodrigo Mosconi  wrote:
> 
> Hi,
> 
> I updated my notebook today to July 3 snapshot.  And when the unbound
> starts, the notebook has a kernel panic (hand copied):
> 
> panic: rw_enter: netlock locking agains myself.
> 
> I will upload the photos later and pass the links
> 
> Follow dmesg:
> OpenBSD 6.1-current (GENERIC) #75: Mon Jul  3 14:19:41 MDT 2017
>dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
> real mem = 8227655680 (7846MB)
> avail mem = 7972507648 (7603MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xe9b50 (51 entries)
> bios0: vendor INSYDE version "V1.16" date 05/27/2011
> bios0: Acer Aspire 4738
> acpi0 at bios0: rev 2
> acpi0: sleep states S0 S3 S4 S5
> acpi0: tables DSDT FACP ASF! HPET APIC MCFG SLIC BOOT ASPT WDAT SSDT
> acpi0: wakeup devices EHC1(S3) EHC2(S3) PXSX(S4) GLAN(S5) PXSX(S4) PXSX(S4)
> PXSX(S4) PXSX(S4) PXSX(S4) PXSX(S4)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpihpet0 at acpi0: 14318179 Hz
> acpimadt0 at acpi0 addr 0xfee00

Re: Playing (screwing up ) with partitions

[Manuel Solis]

Got it !! 

Thank you for the advice.

I will restore it via disklabel.

> El 04/07/2017, a las 23:28, Ted Unangst  escribió:
> 
> Manuel Solis wrote:
>> My question is:
>> I know that i am missing some step to fulfill the shrinking process 
>> but in the FAQ there is only a way to grow fs and i didn’t find the 
>> shrinking fs, and in the book says that i should move the partition, well it 
>> does not say it but i figured out with the information in there, 
>> is there another way to fix my mistake so i could work with the new fs 
>> size?
>> (Or there is a rule that no FFS could be shrinked, only growed)
> 
> OpenBSD does not have any tools to shrink a filesystem. Changing the disklabel
> doesn't change the filesystem.
> 
> *IF* you didn't write anything to the space that used to be your filesystem,
> you should be able to change the disklabel back to the way it was before.

Re: Playing (screwing up ) with partitions

[Ted Unangst]

Manuel Solis wrote:
> My question is:
> I know that i am missing some step to fulfill the shrinking process 
> but in the FAQ there is only a way to grow fs and i didn’t find the shrinking 
> fs, and in the book says that i should move the partition, well it does not 
> say it but i figured out with the information in there, 
> is there another way to fix my mistake so i could work with the new fs 
> size?
> (Or there is a rule that no FFS could be shrinked, only growed)

OpenBSD does not have any tools to shrink a filesystem. Changing the disklabel
doesn't change the filesystem.

*IF* you didn't write anything to the space that used to be your filesystem,
you should be able to change the disklabel back to the way it was before.

Playing (screwing up ) with partitions

[Manuel Solis]

Hello Misc Group

So i have my OBSD laptop up and running since 6.0, and now updated to 6.1 since 
the release date.

Anyways, i was installing games just for fun but the i realized that i have 
limited space, if i recall it was in the /usr/local partition.
Sorry in advance, i know that oBSD is for more serious applications, but i 
wanted a few games for my daughter to play.

Since i have a 500 GB SSD and my /home partition has almost all, i guessed i 
could do something about it ( after reading the FAQ and Mike´s AbsoluteBSD)

- I booted in single user, checked the system with fsck sd0, and the used 
disklabel -E sd0,
- in order to shrink my home directory i pressed c (to change) to partition l 
(/home) and defined the new size to 5 blocks (which i realized later 
that was 238.4G)
- after exiting i ran fsck_ffs /dev/sd0l again to make sure it was ok, but it 
took a while and it says something like: filesystem was modified.
- rebooted.

Then i discovered that i still have to run fsck after reboot, if i do it i 
could mount my directory, but if i reboot again i should repeat over and over 
again.

I have my backups, so i could just do a fresh install and continue messing 
around, that should be the easy way,  but i wonder if there is a chance to fix 
my mistakes.

My question is:
I know that i am missing some step to fulfill the shrinking process 
but in the FAQ there is only a way to grow fs and i didn’t find the shrinking 
fs, and in the book says that i should move the partition, well it does not say 
it but i figured out with the information in there, 
is there another way to fix my mistake so i could work with the new fs size?
(Or there is a rule that no FFS could be shrinked, only growed)

Question 2:
You helped me and is fixed, thank you in advance, should i make another 
partition in the unused space to mount /usr/local or there is a way that if 
grows naturally? 
(because i tried in the disklabel options and it made me imply that i could not 
grow it from there since it is between partitions in the continued space.



My new configuration is something like:

Partition   sizeoffset  retype  fsize   bsize   cpg
a   1g  10244.2bsd  204816384   12958   
/
b   6.2g2098176 swap
none
c   476.9g  0   unused  
d   4g  149963524.2bsd  
/tmp
e   15.8g   233849284.2bsd  
/var
f   2g  565212804.2bsd  
/usr
g   1g  607155844.2bsd  
/usr/X11R6
h   10g 628127364.2bsd  
/usr/local
i   0   64  MSDOS  (i dont remember 
why i made this one, i was trying to install the UEFI if i recall correctly)
j   2g  8378256 4.2bsd  
/usr/src
k   2g  879785604.2bsd  
/usr/obj
l   238.4g  921728644.2bsd  
/home

Thank you all in advance

Sorry in advance if it is a silly /very newbie question

Manuel

problem with netlock and unbound

[Rodrigo Mosconi]

Hi,

I updated my notebook today to July 3 snapshot.  And when the unbound
starts, the notebook has a kernel panic (hand copied):

panic: rw_enter: netlock locking agains myself.

I will upload the photos later and pass the links

Follow dmesg:
OpenBSD 6.1-current (GENERIC) #75: Mon Jul  3 14:19:41 MDT 2017
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 8227655680 (7846MB)
avail mem = 7972507648 (7603MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xe9b50 (51 entries)
bios0: vendor INSYDE version "V1.16" date 05/27/2011
bios0: Acer Aspire 4738
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP ASF! HPET APIC MCFG SLIC BOOT ASPT WDAT SSDT
acpi0: wakeup devices EHC1(S3) EHC2(S3) PXSX(S4) GLAN(S5) PXSX(S4) PXSX(S4)
PXSX(S4) PXSX(S4) PXSX(S4) PXSX(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz, 2660.47 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: TSC frequency 2660467900 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 132MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xf000, bus 0-127
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (P0P2)
acpiprt2 at acpi0: bus 3 (P0P1)
acpiprt3 at acpi0: bus 1 (RP01)
acpiprt4 at acpi0: bus -1 (RP02)
acpiprt5 at acpi0: bus -1 (RP03)
acpiprt6 at acpi0: bus -1 (RP04)
acpiprt7 at acpi0: bus -1 (RP05)
acpiprt8 at acpi0: bus -1 (RP07)
acpiprt9 at acpi0: bus -1 (RP08)
acpiprt10 at acpi0: bus -1 (PEG3)
acpiprt11 at acpi0: bus -1 (PEG5)
acpiec0 at acpi0
acpicpu0 at acpi0: C3(350@245 mwait.3@0x20), C1(1000@3 mwait.1), PSS
acpitz0 at acpi0: critical temperature is 105 degC
"PNP0303" at acpi0 not configured
"SYN1B20" at acpi0 not configured
"PNP0C14" at acpi0 not configured
acpibat0 at acpi0: BAT1 model "AS10D51" serial 0A79 type LION oem
"PANASONIC"
acpiac0 at acpi0: AC unit online
acpibtn0 at acpi0: PWRB
acpibtn1 at acpi0: LID0
acpibtn2 at acpi0: SLPB
acpivideo0 at acpi0: GFX0
acpivout0 at acpivideo0: DD02
acpivideo1 at acpi0: VGA_
cpu0: Enhanced SpeedStep 2660 MHz: speeds: 2667, 2666, 2533, 2399, 2266,
2133, 1999, 1866, 1733, 1599, 1466, 1333, 1199 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core Host" rev 0x18
inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics" rev 0x18
drm0 at inteldrm0
intagp0 at inteldrm0
agp0 at intagp0: aperture at 0xc000, size 0x1000
inteldrm0: msi
inteldrm0: 1366x768, 32bpp
wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
"Intel 3400 MEI" rev 0x06 at pci0 dev 22 function 0 not configured
ehci0 at pci0 dev 26 function 0 "Intel 3400 USB" rev 0x05: apic 2 int 16
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev
2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 "Intel 3400 HD Audio" rev 0x05: msi
azalia0: codecs: Realtek ALC272, Intel/0x2804, using Realtek ALC272
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 3400 PCIE" rev 0x05: msi
pci1 at ppb0 bus 1
bge0 at pci1 dev 0 function 0 "Broadcom BCM57780" rev 0x01, BCM57780 A1
(0x57780001): msi, address 60:eb:69:97:be:94
brgphy0 at bge0 phy 1: BCM57780 10/100/1000baseT PHY, rev. 1
ppb1 at pci0 dev 28 function 5 "Intel 3400 PCIE" rev 0x05: msi
pci2 at ppb1 bus 2
athn0 at pci2 dev 0 function 0 "Atheros AR9287" rev 0x01: apic 2 int 17
athn0: AR9287 rev 2 (2T2R), ROM rev 4, address 1c:65:9d:c2:b3:6b
ehci1 at pci0 dev 29 function 0 "Intel 3400 USB" rev 0x05: apic 2 int 23
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev
2.00/1.00 addr 1
ppb2 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xa5
pci3 at ppb2 bus 3
pcib0 at pci0 dev 31 function 0 "Intel HM55 LPC" rev 0x05
ahci0 at pci0 dev 31 function 2 "Intel 3400 AHCI" rev 0x05: msi, AHCI 1.3
ahci0: port 0: 3.0Gb/s
ahci0: port 1: 3.0Gb/s
scsibus1 at ahci0: 32 targets
sd0 at scsibus1 targ 0 lun 0:  SCSI3 0/direct
fixed naa.5001b444a665a76a
sd0: 114473MB, 512 bytes/sector, 234441648 sectors, thin
sd1 at scsibus1 targ 1 lun 0:  SCSI3 0/direct
fixed naa.500647300648
sd1: 114473MB, 512 bytes/sector, 234441648 sectors, thin
ichiic0 at pci0 dev 31 function 3 "Intel 3400 SMBus" rev 0x05: apic 2 int 19
iic0 at ichiic0
spdmem0 at iic0 addr 0x50: 4GB DDR3 SDRAM

Re: Can I use OpenBSD in a virtual machine, for example, VirtualBox?

[J Doe]

Hi Reyk,

> On Jul 4, 2017, at 8:21 AM, Reyk Floeter  
>> Hi,
>> 
>> Just thought I'd chime in that I've had success with OpenBSD 5.x to
>> 6.0 running under VMware Fusion (Mac OS X version of VMware).  There
>> isn't support for guest additions with the most recent version of
>> Fusion (8.x), but I haven't had any issues.
>> 
> 
> I don't know what you mean with "there isn't support for guest
> additions".  We don't support VMware's 3rd party tools but we use our
> own drivers.

My apologies, that was incorrect phrasing on my part.  By "guest additions" I 
meant the 3rd party tools that you mentioned above (ie: adding clipboard 
support between host and guest VM's, etc.).

And you're also right about OpenBSD's driver support - I note that in dmesg for 
my VM's that the kernel is aware of the hypervisor.

> VMware Fusion Pro 8.5.8 with version 12 VMs works fine, vmt(4)
> attaches, provides guest services such as shutdown/reboot, timedelta
> sensor, and access to VMware's guestinfo key/value via hostctl(8) (eg.
> hostctl guestinfo.ip).  X11-related features are provide by vmwh in
> ports, but I've never tested it.  We also have vmx(4) for vmxnet3
> networking but you manually have to edit the .vmx file and change
> ethernetX.virtualDev = "vmxnet3" (VMware has ignored all of our
> requests to add a device profile for OpenBSD).

Ah, that's very interesting - I was completely unaware of X11 related features. 
 I had just a plain vanilla install and hadn't installed any ports, but I will 
definitely take some time to experiment with this.

I know this is probably speculation, but was there any sort of dialog from 
VMware as to why they would not add the device profile ?  I am fine with 
manually editing the .vmx, but I don't understand why this would not be 
accommodated by VMware.

> The only issue that I just saw with -current is that ahci(4)
> initialization hangs on boot - I had to disable ahci and use SCSI or
> IDE.  I haven't noticed this on ESXi.

Ah, ok - good to be aware of.  I generally just use the default of SCSI for the 
VM hard disks.

> I mostly used Fusion for testing and development for ESXi/vSphere but
> I switched to OpenBSD VMM for most of the testing.

Oh cool - I have been following VMM news but I was under the mistaken 
impression that it wasn't ready for production use.  I need to make the time 
and sit down and read the man pages.

> The situation in Azure is about the same as in AWS: we don't provide
> OpenBSD images in the marketplaces or community images yet, but there
> are scripts and howtos to create your OpenBSD VMs in Azure.  This
> might change as soon as we feel confident enough with the VM "layout"
> and the (mandatory) agent.  But, for now, use the tools from
> unofficial external github projects:
> 
> For AWS:
> https://github.com/ajacoutot/aws-openbsd
> 
> For Azure (also works in AWS and under VMM):
> https://github.com/reyk/cloud-openbsd(create images with cloud-agent)
> https://github.com/reyk/cloud-agent(an alternative to waagent in ports)
> https://github.com/reyk/meta-data(test + boot cloud images under VMM)

Thank you for the AWS-related guides.

> But please note that we're currently trying to find ways to create VM
> images that still provide the benefits of OpenBSD-style things like
> KARL.  The problem with pre-provisioned VM images is that they all
> have the "same random values" in the filesystem, kernel, and libraries
> where the installer usually makes each installation unique.  A
> pre-provisioned image is always the same, at least on first boot,
> unless we create something that prepares or installs everything before
> getting a new VM instance online.  The first real* OpenBSD image on
> Azure will probably be fully pre-provisioned, but maybe we switch to a
> totally different model later.

Ok - good point.

> In summary, I think all x86 VM hypervisors are more or less supported.
> Just like real hardware platforms, some of them have problems, and
> others work better.  But we're in a pretty good shape and it was an
> interesting journey over the last years to get to this point.
> 
> *) There is currently only my company's OpenBSD-based product in
> Azure.  Some PR got it wrong and announced that OpenBSD itself is now
> available in Azure, but it is an appliance which is not plain OpenBSD.
> I'm sorry for the unintended confusion.  The reality is: OpenBSD is
> now supported in Azure, you can create your own images for it, and
> we're hoping to make real OpenBSD images available very soon.

I remember seeing news about that in my general tech newsfeed (regarding 
OpenBSD on Azure), and I was surprised (in a good way!), but it's good to know 
what this means in terms of the actual implementation.

- J

Re: installboot(8)

[Stefan Wollny]

Am 07/04/17 um 20:55 schrieb Paul de Weerd:
> On Tue, Jul 04, 2017 at 08:34:56PM +0200, Stefan Wollny wrote:
> | Hi there!
> | 
> | Sorry if this may sound like a rather stupid question:
> | (Referencing the examples section of man installboot(8))
> | 
> | Can s.o. verifiy that instead  of
> | # installboot sd0
> | 
> | it is equally safe to issue
> | # installboot 
> | (the DUID itself, of course)?
> | 
> | My system is fully encrypted with sd1 usually being the (unencrypted)
> | boot disk - but if external USB disks are attached that number seems not
> | to be quaranteed.
> 
> simply `installboot $(df -h / | grep -o -E '[ws]d[0-9]+')`
> 
> There's definitely a difference between using the device name and the
> DUID:
> 
> [weerd@pom] $ doas installboot -v `awk -F. '/ \/ / {print $1}' /etc/fstab`
> Using / as root
> installing bootstrap on /dev/rsd14c
> using first-stage /usr/mdec/biosboot, second-stage /usr/mdec/boot
> 5c0d9a38cc895a7d: softraid volume with 0 disk(s)
> 5c0d9a38cc895a7d: installing boot loader on softraid volume
> /usr/mdec/boot is 6 blocks x 16384 bytes
> 
> [weerd@pom] $ doas installboot -v  $(df -h / | grep -o -E '[ws]d[0-9]+')
> Using / as root
> installing bootstrap on /dev/rsd14c
> using first-stage /usr/mdec/biosboot, second-stage /usr/mdec/boot
> sd14: softraid volume with 1 disk(s)
> sd14: installing boot loader on softraid volume
> /usr/mdec/boot is 6 blocks x 16384 bytes
> sd0a: installing boot blocks on /dev/rsd0c, part offset 144
> master boot record (MBR) at sector 0
> partition 3: type 0xA6 offset 64 size 1953520001
> /usr/mdec/biosboot will be written at sector 64
> 
> So if I were you, I'd continue using the device for now.
> 

Thank you - excellent explanation and advice!

Best,
STEFAN

Re: installboot(8)

[Paul de Weerd]

On Tue, Jul 04, 2017 at 08:34:56PM +0200, Stefan Wollny wrote:
| Hi there!
| 
| Sorry if this may sound like a rather stupid question:
| (Referencing the examples section of man installboot(8))
| 
| Can s.o. verifiy that instead  of
| # installboot sd0
| 
| it is equally safe to issue
| # installboot 
| (the DUID itself, of course)?
| 
| My system is fully encrypted with sd1 usually being the (unencrypted)
| boot disk - but if external USB disks are attached that number seems not
| to be quaranteed.

simply `installboot $(df -h / | grep -o -E '[ws]d[0-9]+')`

There's definitely a difference between using the device name and the
DUID:

[weerd@pom] $ doas installboot -v `awk -F. '/ \/ / {print $1}' /etc/fstab`
Using / as root
installing bootstrap on /dev/rsd14c
using first-stage /usr/mdec/biosboot, second-stage /usr/mdec/boot
5c0d9a38cc895a7d: softraid volume with 0 disk(s)
5c0d9a38cc895a7d: installing boot loader on softraid volume
/usr/mdec/boot is 6 blocks x 16384 bytes

[weerd@pom] $ doas installboot -v  $(df -h / | grep -o -E '[ws]d[0-9]+')
Using / as root
installing bootstrap on /dev/rsd14c
using first-stage /usr/mdec/biosboot, second-stage /usr/mdec/boot
sd14: softraid volume with 1 disk(s)
sd14: installing boot loader on softraid volume
/usr/mdec/boot is 6 blocks x 16384 bytes
sd0a: installing boot blocks on /dev/rsd0c, part offset 144
master boot record (MBR) at sector 0
partition 3: type 0xA6 offset 64 size 1953520001
/usr/mdec/biosboot will be written at sector 64

So if I were you, I'd continue using the device for now.

Cheers,

Paul 'WEiRD' de Weerd

-- 
>[<++>-]<+++.>+++[<-->-]<.>+++[<+
+++>-]<.>++[<>-]<+.--.[-]
 http://www.weirdnet.nl/ 

installboot(8)

[Stefan Wollny]

Hi there!

Sorry if this may sound like a rather stupid question:
(Referencing the examples section of man installboot(8))

Can s.o. verifiy that instead  of
# installboot sd0

it is equally safe to issue
# installboot 
(the DUID itself, of course)?

My system is fully encrypted with sd1 usually being the (unencrypted)
boot disk - but if external USB disks are attached that number seems not
to be quaranteed.

TIA!

Best,
STEFAN

Re: Missed ifconfig [[-]txpower dBm] option for 802.11

[Ted Unangst]

Denis wrote:
> Looking for ifconfig '[[-]txpower dBm]' option which was present in
> OpenBSD 5.4 amd64. Try to find 'txpower' on 6.0 amd64 but seems it
> missed out.
> 
> Actively using it to match power for 802.11 card and it's RF recipient
> (post amp). What mechanism of output power matching is provided
> currently since 5.4 amd64?

txpower was removed because only the wi driver supported it and the relevance
of the wi driver has faded.

Re: dhcrelay broken after Apr 5

[Reyk Floeter]

Hi,

On Tue, Jul 04, 2017 at 02:41:30PM +0300, Kapetanakis Giannis wrote:
> Hi,
> 
> Just upgraded a set of my firewalls that also do dhcrelay to -current.
> 
> The program stopped working ok. Some dhcp requests where being forwarded some 
> not.
> 
> tcpdump was showing the request on internal interface but I couldn't see the 
> request being forwarded on the external interface.
> For some vlans the relay was working for some not.
> 
> I've located the problem to this commit:
> http://marc.info/?l=openbsd-cvs&m=149140326301074&w=2
> 
> Reverting back to:
> bpf.c,v 1.17
> packet.c,v 1.13
> dhcpd.h,v 1.22 2017/04/04
> 
> everything was ok again.
> 
> My setup is (trunk - on one firewall) - Vlans - carp - dhcrelay
> 28 vlans, 28 carps, 18 dhcrelay, 30 bpf devices
> 

First of all, please send a proper bug reports to bugs@, not misc.
"It used to work but now it doesn't" is not very helpful.

Could you share your actual configuration or, even better, provide a
simplified way to reproduce your problem? rzalamena, me, and some
other people have tested different setups but you seem to have an
interestingly complex configuration.

The new code has more validation, so it might be that it rightfully or
wrongfully rejects packets that have been accepted before.  

Could you try again with the attached diff?  It doesn't change
behavior but it adds some chatty logging when a packet is rejected.
Maybe it helps to find the issue.

Reyk

Index: usr.sbin/dhcrelay/bpf.c
===
RCS file: /cvs/src/usr.sbin/dhcrelay/bpf.c,v
retrieving revision 1.19
diff -u -p -u -p -r1.19 bpf.c
--- usr.sbin/dhcrelay/bpf.c 19 Apr 2017 05:36:12 -  1.19
+++ usr.sbin/dhcrelay/bpf.c 4 Jul 2017 16:01:29 -
@@ -349,11 +349,17 @@ send_packet(struct interface_info *inter
 
/* Assemble the headers... */
if ((bufp = assemble_hw_header(buf, sizeof(buf), 0, pc,
-   interface->hw_address.htype)) == -1)
+   interface->hw_address.htype)) == -1) {
+   log_warnx("%s:%d: assemble_hw_header failed, len %zu",
+   __func__, __LINE__, len); 
goto done;
+   }
if ((bufp = assemble_udp_ip_header(buf, sizeof(buf), bufp, pc,
-   (unsigned char *)raw, len)) == -1)
+   (unsigned char *)raw, len)) == -1) {
+   log_warnx("%s:%d: assemble_udp_ip_header failed,"
+   " offset %zd len %zu", __func__, __LINE__, bufp, len); 
goto done;
+   }
 
/* Fire it off */
iov[0].iov_base = (char *)buf;
@@ -447,6 +453,9 @@ receive_packet(struct interface_info *in
 * skip this packet.
 */
if (offset < 0) {
+   log_warnx("%s:%d: decode_hw_header failed,"
+   " len %zu", __func__, __LINE__,
+   interface->rbuf_len);
interface->rbuf_offset += hdr.bh_caplen;
continue;
}
@@ -457,6 +466,9 @@ receive_packet(struct interface_info *in
 
/* If the IP or UDP checksum was bad, skip the packet... */
if (offset < 0) {
+   log_warnx("%s:%d: decode_udp_ip_header failed,"
+   " offset %zd len %zu", __func__, __LINE__,
+   offset, interface->rbuf_len);
interface->rbuf_offset += hdr.bh_caplen;
continue;
}
@@ -470,6 +482,10 @@ receive_packet(struct interface_info *in
 * life, though).
 */
if (hdr.bh_caplen > len) {
+   log_warnx("%s:%d: XXX shouldn't happen in real life,"
+   " caplen %u > len %zu", __func__, __LINE__,
+   hdr.bh_caplen, len);
+
interface->rbuf_offset += hdr.bh_caplen;
continue;
}
Index: usr.sbin/dhcrelay/packet.c
===
RCS file: /cvs/src/usr.sbin/dhcrelay/packet.c,v
retrieving revision 1.14
diff -u -p -u -p -r1.14 packet.c
--- usr.sbin/dhcrelay/packet.c  5 Apr 2017 14:40:56 -   1.14
+++ usr.sbin/dhcrelay/packet.c  4 Jul 2017 16:01:29 -
@@ -104,8 +104,12 @@ assemble_hw_header(unsigned char *buf, s
 
switch (intfhtype) {
case HTYPE_ETHER:
-   if (buflen < offset + ETHER_HDR_LEN)
+   if (buflen < offset + ETHER_HDR_LEN) {
+   log_warnx("%s:%d: short ether hdr buflen %zu < %zu",
+   __func__, __LINE__,
+   buflen, offset + ETHER_HDR_LEN);
return (-1);
+   }
 
/* Use the supplied address or let the kernel fill it. */
memcpy(eh.ether_shost, pc->pc_smac, ETHER_ADDR_LEN);
@@ -117,6 +121,8 @@ assemble_

Re: Problems with IPv6 and routing domains

[Claus Lensbøl]

Hi Peter

On 04-07-2017 16:32, Peter Hessler wrote:
> On 2017 Jul 04 (Tue) at 16:24:53 +0200 (+0200), Claus Lensbøl wrote:
> :Hi Peter,
> :
> :I'm getting:
> :# route -T75 default ::1 -blackhole
> :route: botched keyword: default
> :usage: route [-dnqtv] [-T tableid] command [[modifiers] args]
> :commands: add, change, delete, exec, flush, get, monitor, show
> :
>
> Sorry, I missed the -inet6 keyword:
>
> route -n add -inet6 default ::1 -blackhole
Doing this in rtable 0 gives issues as I already have a default route to
the internet machine.
# route -T0 -n add -inet6 default ::1 -blackhole
add net default: gateway ::1: File exists

Doing this in rtable 75 unfortunately has no impact (the pings still get
out but not back) (,though it might be a good idea to have it there).
>
> :or:
> :
> :# route -T75 add default ::1 -blackhole
> :route: ::1: bad address
> :
> :Am I missing something in your message?
> :
> :(Is this btw a general recommendation or a proposed solution?)
> :
>
> Over 90% of the rdomain problems I've seen in the past, are related to
> missing routes.  Always have a default in every rdomain, even if it is a
> blackhole route.
I guess I'm the 10% then. Do you have other tricks?
>
> :
> :On 04-07-2017 16:11, Peter Hessler wrote:
> :> Always Always ALWAYS ALWAYS create a default route in each routing domain.
> :>
> :> !/sbin/route -T XXX default ::1 -blackhole
> :>
> :>
> :>
> :> On 2017 Jul 04 (Tue) at 15:16:24 +0200 (+0200), Claus Lensbøl wrote:
> :> :Hi misc,
> :> :
> :> :I'm having trouble with implementing rdomains and IPv6.
> :> :
> :> :I have followed this guide which might be a bit old but the best I could
> :> :find:
> :> 
> :https://www.packetmischief.ca/2011/09/20/virtualizing-the-openbsd-routing-table/
> :> :
> :> :I have made a set-up with two machines connected by an openBSD router.
> :> :
> :> :Machine: "internet"
> :> :
> :> :# cat /etc/hostname.em1
> :> :inet6 2a01:7e8:1:800::2fd/126
> :> :!route add 2a01:7e8:35:fab::/64 2a01:7e8:1:800::2fe
> :> :
> :> :Machine: "router"
> :> :
> :> :# cat /etc/hostname.em1
> :> :inet6 2a01:7e8:1:800::2fe/126
> :> :!route -T 0 add 2a01:7e8:35:fab::/64 ::1
> :> :# cat /etc/hostname.em2
> :> :rdomain 75
> :> :!route -T75 exec /usr/sbin/sshd
> :> :inet6 alias 2a01:7e8:35:fab::1/64
> :> :# pfctl -sr
> :> :block return all
> :> :pass all flags S/SA
> :> :block return in on ! lo0 proto tcp from any to any port 6000:6010
> :> :pass in on em2 inet6 from 2a01:7e8:35:fab::/64 to 2a01:7e8:1:800::2fd
> :> :flags S/SA rtable 0
> :> :pass out on em1 all flags S/SA
> :> :
> :> :Machine: "client"
> :> :
> :> :# sudo ip addr add 2a01:7e8:35:fab::2/64 dev vboxnet0
> :> :# sudo ip -6 route add 2a01:7e8:1:800::2fc/126 via 2a01:7e8:35:fab::1
> :> :
> :> :I am able to ping between router<->internet, router<->client, but not
> :> :between client<->internet.
> :> :
> :> :If pinging from client->internet, no replies are retuned. Doing tcpdump
> :> :on em1 on the router gives:
> :> :16:56:42.017347 2a01:7e8:35:fab::2 > 2a01:7e8:1:800::2fd: icmp6: echo
> :> :request [flowlabel 0xe1717]
> :> :16:56:42.017811 2a01:7e8:1:800::2fd > 2a01:7e8:35:fab::2: icmp6: echo 
> reply
> :> :16:56:42.018114 2a01:7e8:1:800::2fe > 2a01:7e8:1:800::2fd: icmp6: time
> :> :exceeded in-transit for 2a01:7e8:35:fab::2
> :> :
> :> :Removing the route (route -T 0 delete 2a01:7e8:35:fab::/64 ::1) gives no
> :> :replies and tcpdump gives:
> :> :16:58:59.565667 2a01:7e8:35:fab::2 > 2a01:7e8:1:800::2fd: icmp6: echo
> :> :request [flowlabel 0xe1717]
> :> :16:58:59.566298 2a01:7e8:1:800::2fd > 2a01:7e8:35:fab::2: icmp6: echo 
> reply
> :> :16:58:59.569637 2a01:7e8:1:800::2fd > 2a01:7e8:35:fab::2: icmp6: echo 
> reply
> :> :
> :> :Adding a route on em1 (rtable 0) as:
> :> :# route -T 0 add 2a01:7e8:35:fab::/64 2a01:7e8:1:800::2fe
> :> :, yields the same results as with no route.
> :> :
> :> :I tried removing all routes to 2a01:7e8:35:fab::/64 on the router, and
> :> :add to pf:
> :> :pass in on em1 inet6 to 2a01:7e8:35:fab::/64 rtable 75
> :> :
> :> :I'm pretty sure that I'm missing some understanding of rtables.
> :> :Can someone point me in the right direction?
> :> :I'm guessing that I need a way to move packets from rtable 0 to rtable 75.
> :> :
> :> :Btw, this set-up is made with virtualbox, but I have an identical
> :> :physical set-up with the same issue.
> :> :
> :> :-- 
> :> :Med venlig hilsen/Best regards
> :> :Claus Lensbøl
> :> :
> :> :Fab:IT ApS
> :> :Vesterbrogade 37, 2. th
> :> :DK-1620 København
> :> :Tlf: +45 70 202 407
> :> :Main Site: www.fab-it.dk
> :> :VPS Product: vpsforce.eu
> :> :
> :> :
> :>
> :
> :-- 
> :Med venlig hilsen/Best regards
> :Claus Lensbøl
> :
> :Fab:IT ApS
> :Vesterbrogade 37, 2. th
> :DK-1620 København
> :Tlf: +45 70 202 407
> :Main Site: www.fab-it.dk
> :VPS Product: vpsforce.eu
> :
> :
>

-- 
Med venlig hilsen/Best regards
Claus Lensbøl

Fab:IT ApS
Vesterbrogade 37, 2. th
DK-1620 København
Tlf: +45 70 202 407
Main Site: www.fab-it.d

Re: Problems with IPv6 and routing domains

[Peter Hessler]

On 2017 Jul 04 (Tue) at 16:24:53 +0200 (+0200), Claus Lensbøl wrote:
:Hi Peter,
:
:I'm getting:
:# route -T75 default ::1 -blackhole
:route: botched keyword: default
:usage: route [-dnqtv] [-T tableid] command [[modifiers] args]
:commands: add, change, delete, exec, flush, get, monitor, show
:

Sorry, I missed the -inet6 keyword:

route -n add -inet6 default ::1 -blackhole

:or:
:
:# route -T75 add default ::1 -blackhole
:route: ::1: bad address
:
:Am I missing something in your message?
:
:(Is this btw a general recommendation or a proposed solution?)
:

Over 90% of the rdomain problems I've seen in the past, are related to
missing routes.  Always have a default in every rdomain, even if it is a
blackhole route.


:
:On 04-07-2017 16:11, Peter Hessler wrote:
:> Always Always ALWAYS ALWAYS create a default route in each routing domain.
:>
:> !/sbin/route -T XXX default ::1 -blackhole
:>
:>
:>
:> On 2017 Jul 04 (Tue) at 15:16:24 +0200 (+0200), Claus Lensbøl wrote:
:> :Hi misc,
:> :
:> :I'm having trouble with implementing rdomains and IPv6.
:> :
:> :I have followed this guide which might be a bit old but the best I could
:> :find:
:> 
:https://www.packetmischief.ca/2011/09/20/virtualizing-the-openbsd-routing-table/
:> :
:> :I have made a set-up with two machines connected by an openBSD router.
:> :
:> :Machine: "internet"
:> :
:> :# cat /etc/hostname.em1
:> :inet6 2a01:7e8:1:800::2fd/126
:> :!route add 2a01:7e8:35:fab::/64 2a01:7e8:1:800::2fe
:> :
:> :Machine: "router"
:> :
:> :# cat /etc/hostname.em1
:> :inet6 2a01:7e8:1:800::2fe/126
:> :!route -T 0 add 2a01:7e8:35:fab::/64 ::1
:> :# cat /etc/hostname.em2
:> :rdomain 75
:> :!route -T75 exec /usr/sbin/sshd
:> :inet6 alias 2a01:7e8:35:fab::1/64
:> :# pfctl -sr
:> :block return all
:> :pass all flags S/SA
:> :block return in on ! lo0 proto tcp from any to any port 6000:6010
:> :pass in on em2 inet6 from 2a01:7e8:35:fab::/64 to 2a01:7e8:1:800::2fd
:> :flags S/SA rtable 0
:> :pass out on em1 all flags S/SA
:> :
:> :Machine: "client"
:> :
:> :# sudo ip addr add 2a01:7e8:35:fab::2/64 dev vboxnet0
:> :# sudo ip -6 route add 2a01:7e8:1:800::2fc/126 via 2a01:7e8:35:fab::1
:> :
:> :I am able to ping between router<->internet, router<->client, but not
:> :between client<->internet.
:> :
:> :If pinging from client->internet, no replies are retuned. Doing tcpdump
:> :on em1 on the router gives:
:> :16:56:42.017347 2a01:7e8:35:fab::2 > 2a01:7e8:1:800::2fd: icmp6: echo
:> :request [flowlabel 0xe1717]
:> :16:56:42.017811 2a01:7e8:1:800::2fd > 2a01:7e8:35:fab::2: icmp6: echo reply
:> :16:56:42.018114 2a01:7e8:1:800::2fe > 2a01:7e8:1:800::2fd: icmp6: time
:> :exceeded in-transit for 2a01:7e8:35:fab::2
:> :
:> :Removing the route (route -T 0 delete 2a01:7e8:35:fab::/64 ::1) gives no
:> :replies and tcpdump gives:
:> :16:58:59.565667 2a01:7e8:35:fab::2 > 2a01:7e8:1:800::2fd: icmp6: echo
:> :request [flowlabel 0xe1717]
:> :16:58:59.566298 2a01:7e8:1:800::2fd > 2a01:7e8:35:fab::2: icmp6: echo reply
:> :16:58:59.569637 2a01:7e8:1:800::2fd > 2a01:7e8:35:fab::2: icmp6: echo reply
:> :
:> :Adding a route on em1 (rtable 0) as:
:> :# route -T 0 add 2a01:7e8:35:fab::/64 2a01:7e8:1:800::2fe
:> :, yields the same results as with no route.
:> :
:> :I tried removing all routes to 2a01:7e8:35:fab::/64 on the router, and
:> :add to pf:
:> :pass in on em1 inet6 to 2a01:7e8:35:fab::/64 rtable 75
:> :
:> :I'm pretty sure that I'm missing some understanding of rtables.
:> :Can someone point me in the right direction?
:> :I'm guessing that I need a way to move packets from rtable 0 to rtable 75.
:> :
:> :Btw, this set-up is made with virtualbox, but I have an identical
:> :physical set-up with the same issue.
:> :
:> :-- 
:> :Med venlig hilsen/Best regards
:> :Claus Lensbøl
:> :
:> :Fab:IT ApS
:> :Vesterbrogade 37, 2. th
:> :DK-1620 København
:> :Tlf: +45 70 202 407
:> :Main Site: www.fab-it.dk
:> :VPS Product: vpsforce.eu
:> :
:> :
:>
:
:-- 
:Med venlig hilsen/Best regards
:Claus Lensbøl
:
:Fab:IT ApS
:Vesterbrogade 37, 2. th
:DK-1620 København
:Tlf: +45 70 202 407
:Main Site: www.fab-it.dk
:VPS Product: vpsforce.eu
:
:

-- 
"Gee, Toto, I don't think we are in Kansas anymore."

Re: Problems with IPv6 and routing domains

[Claus Lensbøl]

Hi Peter,

I'm getting:
# route -T75 default ::1 -blackhole
route: botched keyword: default
usage: route [-dnqtv] [-T tableid] command [[modifiers] args]
commands: add, change, delete, exec, flush, get, monitor, show

or:

# route -T75 add default ::1 -blackhole
route: ::1: bad address

Am I missing something in your message?

(Is this btw a general recommendation or a proposed solution?)


On 04-07-2017 16:11, Peter Hessler wrote:
> Always Always ALWAYS ALWAYS create a default route in each routing domain.
>
> !/sbin/route -T XXX default ::1 -blackhole
>
>
>
> On 2017 Jul 04 (Tue) at 15:16:24 +0200 (+0200), Claus Lensbøl wrote:
> :Hi misc,
> :
> :I'm having trouble with implementing rdomains and IPv6.
> :
> :I have followed this guide which might be a bit old but the best I could
> :find:
> :https://www.packetmischief.ca/2011/09/20/virtualizing-the-openbsd-routing-table/
> :
> :I have made a set-up with two machines connected by an openBSD router.
> :
> :Machine: "internet"
> :
> :# cat /etc/hostname.em1
> :inet6 2a01:7e8:1:800::2fd/126
> :!route add 2a01:7e8:35:fab::/64 2a01:7e8:1:800::2fe
> :
> :Machine: "router"
> :
> :# cat /etc/hostname.em1
> :inet6 2a01:7e8:1:800::2fe/126
> :!route -T 0 add 2a01:7e8:35:fab::/64 ::1
> :# cat /etc/hostname.em2
> :rdomain 75
> :!route -T75 exec /usr/sbin/sshd
> :inet6 alias 2a01:7e8:35:fab::1/64
> :# pfctl -sr
> :block return all
> :pass all flags S/SA
> :block return in on ! lo0 proto tcp from any to any port 6000:6010
> :pass in on em2 inet6 from 2a01:7e8:35:fab::/64 to 2a01:7e8:1:800::2fd
> :flags S/SA rtable 0
> :pass out on em1 all flags S/SA
> :
> :Machine: "client"
> :
> :# sudo ip addr add 2a01:7e8:35:fab::2/64 dev vboxnet0
> :# sudo ip -6 route add 2a01:7e8:1:800::2fc/126 via 2a01:7e8:35:fab::1
> :
> :I am able to ping between router<->internet, router<->client, but not
> :between client<->internet.
> :
> :If pinging from client->internet, no replies are retuned. Doing tcpdump
> :on em1 on the router gives:
> :16:56:42.017347 2a01:7e8:35:fab::2 > 2a01:7e8:1:800::2fd: icmp6: echo
> :request [flowlabel 0xe1717]
> :16:56:42.017811 2a01:7e8:1:800::2fd > 2a01:7e8:35:fab::2: icmp6: echo reply
> :16:56:42.018114 2a01:7e8:1:800::2fe > 2a01:7e8:1:800::2fd: icmp6: time
> :exceeded in-transit for 2a01:7e8:35:fab::2
> :
> :Removing the route (route -T 0 delete 2a01:7e8:35:fab::/64 ::1) gives no
> :replies and tcpdump gives:
> :16:58:59.565667 2a01:7e8:35:fab::2 > 2a01:7e8:1:800::2fd: icmp6: echo
> :request [flowlabel 0xe1717]
> :16:58:59.566298 2a01:7e8:1:800::2fd > 2a01:7e8:35:fab::2: icmp6: echo reply
> :16:58:59.569637 2a01:7e8:1:800::2fd > 2a01:7e8:35:fab::2: icmp6: echo reply
> :
> :Adding a route on em1 (rtable 0) as:
> :# route -T 0 add 2a01:7e8:35:fab::/64 2a01:7e8:1:800::2fe
> :, yields the same results as with no route.
> :
> :I tried removing all routes to 2a01:7e8:35:fab::/64 on the router, and
> :add to pf:
> :pass in on em1 inet6 to 2a01:7e8:35:fab::/64 rtable 75
> :
> :I'm pretty sure that I'm missing some understanding of rtables.
> :Can someone point me in the right direction?
> :I'm guessing that I need a way to move packets from rtable 0 to rtable 75.
> :
> :Btw, this set-up is made with virtualbox, but I have an identical
> :physical set-up with the same issue.
> :
> :-- 
> :Med venlig hilsen/Best regards
> :Claus Lensbøl
> :
> :Fab:IT ApS
> :Vesterbrogade 37, 2. th
> :DK-1620 København
> :Tlf: +45 70 202 407
> :Main Site: www.fab-it.dk
> :VPS Product: vpsforce.eu
> :
> :
>

-- 
Med venlig hilsen/Best regards
Claus Lensbøl

Fab:IT ApS
Vesterbrogade 37, 2. th
DK-1620 København
Tlf: +45 70 202 407
Main Site: www.fab-it.dk
VPS Product: vpsforce.eu

Re: Problems with IPv6 and routing domains

[Peter Hessler]

Always Always ALWAYS ALWAYS create a default route in each routing domain.

!/sbin/route -T XXX default ::1 -blackhole



On 2017 Jul 04 (Tue) at 15:16:24 +0200 (+0200), Claus Lensbøl wrote:
:Hi misc,
:
:I'm having trouble with implementing rdomains and IPv6.
:
:I have followed this guide which might be a bit old but the best I could
:find:
:https://www.packetmischief.ca/2011/09/20/virtualizing-the-openbsd-routing-table/
:
:I have made a set-up with two machines connected by an openBSD router.
:
:Machine: "internet"
:
:# cat /etc/hostname.em1
:inet6 2a01:7e8:1:800::2fd/126
:!route add 2a01:7e8:35:fab::/64 2a01:7e8:1:800::2fe
:
:Machine: "router"
:
:# cat /etc/hostname.em1
:inet6 2a01:7e8:1:800::2fe/126
:!route -T 0 add 2a01:7e8:35:fab::/64 ::1
:# cat /etc/hostname.em2
:rdomain 75
:!route -T75 exec /usr/sbin/sshd
:inet6 alias 2a01:7e8:35:fab::1/64
:# pfctl -sr
:block return all
:pass all flags S/SA
:block return in on ! lo0 proto tcp from any to any port 6000:6010
:pass in on em2 inet6 from 2a01:7e8:35:fab::/64 to 2a01:7e8:1:800::2fd
:flags S/SA rtable 0
:pass out on em1 all flags S/SA
:
:Machine: "client"
:
:# sudo ip addr add 2a01:7e8:35:fab::2/64 dev vboxnet0
:# sudo ip -6 route add 2a01:7e8:1:800::2fc/126 via 2a01:7e8:35:fab::1
:
:I am able to ping between router<->internet, router<->client, but not
:between client<->internet.
:
:If pinging from client->internet, no replies are retuned. Doing tcpdump
:on em1 on the router gives:
:16:56:42.017347 2a01:7e8:35:fab::2 > 2a01:7e8:1:800::2fd: icmp6: echo
:request [flowlabel 0xe1717]
:16:56:42.017811 2a01:7e8:1:800::2fd > 2a01:7e8:35:fab::2: icmp6: echo reply
:16:56:42.018114 2a01:7e8:1:800::2fe > 2a01:7e8:1:800::2fd: icmp6: time
:exceeded in-transit for 2a01:7e8:35:fab::2
:
:Removing the route (route -T 0 delete 2a01:7e8:35:fab::/64 ::1) gives no
:replies and tcpdump gives:
:16:58:59.565667 2a01:7e8:35:fab::2 > 2a01:7e8:1:800::2fd: icmp6: echo
:request [flowlabel 0xe1717]
:16:58:59.566298 2a01:7e8:1:800::2fd > 2a01:7e8:35:fab::2: icmp6: echo reply
:16:58:59.569637 2a01:7e8:1:800::2fd > 2a01:7e8:35:fab::2: icmp6: echo reply
:
:Adding a route on em1 (rtable 0) as:
:# route -T 0 add 2a01:7e8:35:fab::/64 2a01:7e8:1:800::2fe
:, yields the same results as with no route.
:
:I tried removing all routes to 2a01:7e8:35:fab::/64 on the router, and
:add to pf:
:pass in on em1 inet6 to 2a01:7e8:35:fab::/64 rtable 75
:
:I'm pretty sure that I'm missing some understanding of rtables.
:Can someone point me in the right direction?
:I'm guessing that I need a way to move packets from rtable 0 to rtable 75.
:
:Btw, this set-up is made with virtualbox, but I have an identical
:physical set-up with the same issue.
:
:-- 
:Med venlig hilsen/Best regards
:Claus Lensbøl
:
:Fab:IT ApS
:Vesterbrogade 37, 2. th
:DK-1620 København
:Tlf: +45 70 202 407
:Main Site: www.fab-it.dk
:VPS Product: vpsforce.eu
:
:

-- 
While money doesn't buy love, it puts you in a great bargaining position.

Problems with IPv6 and routing domains

[Claus Lensbøl]

Hi misc,

I'm having trouble with implementing rdomains and IPv6.

I have followed this guide which might be a bit old but the best I could
find:
https://www.packetmischief.ca/2011/09/20/virtualizing-the-openbsd-routing-table/

I have made a set-up with two machines connected by an openBSD router.

Machine: "internet"

# cat /etc/hostname.em1
inet6 2a01:7e8:1:800::2fd/126
!route add 2a01:7e8:35:fab::/64 2a01:7e8:1:800::2fe

Machine: "router"

# cat /etc/hostname.em1
inet6 2a01:7e8:1:800::2fe/126
!route -T 0 add 2a01:7e8:35:fab::/64 ::1
# cat /etc/hostname.em2
rdomain 75
!route -T75 exec /usr/sbin/sshd
inet6 alias 2a01:7e8:35:fab::1/64
# pfctl -sr
block return all
pass all flags S/SA
block return in on ! lo0 proto tcp from any to any port 6000:6010
pass in on em2 inet6 from 2a01:7e8:35:fab::/64 to 2a01:7e8:1:800::2fd
flags S/SA rtable 0
pass out on em1 all flags S/SA

Machine: "client"

# sudo ip addr add 2a01:7e8:35:fab::2/64 dev vboxnet0
# sudo ip -6 route add 2a01:7e8:1:800::2fc/126 via 2a01:7e8:35:fab::1

I am able to ping between router<->internet, router<->client, but not
between client<->internet.

If pinging from client->internet, no replies are retuned. Doing tcpdump
on em1 on the router gives:
16:56:42.017347 2a01:7e8:35:fab::2 > 2a01:7e8:1:800::2fd: icmp6: echo
request [flowlabel 0xe1717]
16:56:42.017811 2a01:7e8:1:800::2fd > 2a01:7e8:35:fab::2: icmp6: echo reply
16:56:42.018114 2a01:7e8:1:800::2fe > 2a01:7e8:1:800::2fd: icmp6: time
exceeded in-transit for 2a01:7e8:35:fab::2

Removing the route (route -T 0 delete 2a01:7e8:35:fab::/64 ::1) gives no
replies and tcpdump gives:
16:58:59.565667 2a01:7e8:35:fab::2 > 2a01:7e8:1:800::2fd: icmp6: echo
request [flowlabel 0xe1717]
16:58:59.566298 2a01:7e8:1:800::2fd > 2a01:7e8:35:fab::2: icmp6: echo reply
16:58:59.569637 2a01:7e8:1:800::2fd > 2a01:7e8:35:fab::2: icmp6: echo reply

Adding a route on em1 (rtable 0) as:
# route -T 0 add 2a01:7e8:35:fab::/64 2a01:7e8:1:800::2fe
, yields the same results as with no route.

I tried removing all routes to 2a01:7e8:35:fab::/64 on the router, and
add to pf:
pass in on em1 inet6 to 2a01:7e8:35:fab::/64 rtable 75

I'm pretty sure that I'm missing some understanding of rtables.
Can someone point me in the right direction?
I'm guessing that I need a way to move packets from rtable 0 to rtable 75.

Btw, this set-up is made with virtualbox, but I have an identical
physical set-up with the same issue.

-- 
Med venlig hilsen/Best regards
Claus Lensbøl

Fab:IT ApS
Vesterbrogade 37, 2. th
DK-1620 København
Tlf: +45 70 202 407
Main Site: www.fab-it.dk
VPS Product: vpsforce.eu

Re: Missed ifconfig [[-]txpower dBm] option for 802.11

[Martijn van Duren]

On 07/04/17 15:07, Denis wrote:
> Looking for ifconfig '[[-]txpower dBm]' option which was present in
> OpenBSD 5.4 amd64. Try to find 'txpower' on 6.0 amd64 but seems it
> missed out.
> 
> Actively using it to match power for 802.11 card and it's RF recipient
> (post amp). What mechanism of output power matching is provided
> currently since 5.4 amd64?
> 
> Thanks for answers in advance.
> 
A quick look in the ifconfig.8 cvs log shows:
revision 1.264
date: 2015/12/06 12:50:05;  author: tedu;  state: Exp;  lines: +2 -10;  
commitid: elXp5QtailrWrL5N;
remove txpower option. only relevant to the now irrelevant wi driver.
(several other drivers misleadingly claim generic 802.11 txpower, but
do not in fact do anything. the knob is not connected to the radio.)
ok benno jsg krw reyk

martijn@

Missed ifconfig [[-]txpower dBm] option for 802.11

[Denis]

Looking for ifconfig '[[-]txpower dBm]' option which was present in
OpenBSD 5.4 amd64. Try to find 'txpower' on 6.0 amd64 but seems it
missed out.

Actively using it to match power for 802.11 card and it's RF recipient
(post amp). What mechanism of output power matching is provided
currently since 5.4 amd64?

Thanks for answers in advance.

Re: Can I use OpenBSD in a virtual machine, for example, VirtualBox?

[Reyk Floeter]

On Mon, Jul 03, 2017 at 02:36:20PM -0400, J Doe wrote:
> 
> >> On 27 Jun 2017 10:45 am, "Stuart Henderson"  wrote:
> >> 
> >>> On 2017-06-26, Josh Stephens  wrote:
> >>> I could be wrong when I say this but the only gotcha that you will run
> >> into
> >>> with virtual box will be the guest additions.
> >> 
> >> Does virtualbox still do that thing where it patches the running
> >> kernel when it detects OpenBSD?
> 
> Hi,
> 
>
> Just thought I'd chime in that I've had success with OpenBSD 5.x to
> 6.0 running under VMware Fusion (Mac OS X version of VMware).  There
> isn't support for guest additions with the most recent version of
> Fusion (8.x), but I haven't had any issues.
> 

I don't know what you mean with "there isn't support for guest
additions".  We don't support VMware's 3rd party tools but we use our
own drivers.

VMware Fusion Pro 8.5.8 with version 12 VMs works fine, vmt(4)
attaches, provides guest services such as shutdown/reboot, timedelta
sensor, and access to VMware's guestinfo key/value via hostctl(8) (eg.
hostctl guestinfo.ip).  X11-related features are provide by vmwh in
ports, but I've never tested it.  We also have vmx(4) for vmxnet3
networking but you manually have to edit the .vmx file and change
ethernetX.virtualDev = "vmxnet3" (VMware has ignored all of our
requests to add a device profile for OpenBSD).

The only issue that I just saw with -current is that ahci(4)
initialization hangs on boot - I had to disable ahci and use SCSI or
IDE.  I haven't noticed this on ESXi.

I mostly used Fusion for testing and development for ESXi/vSphere but
I switched to OpenBSD VMM for most of the testing.

> I saw in the thread that someone was mentioning full screen support.
> There's no problem with that under Fusion, but you are limited to
> legacy style video output (ie: not a high res display).  The easiest
> way around that is I run OpenBSD minimized and SSH in from Terminal on
> Mac OS X, then use the full-screen mode on OS X Terminal.
> 
> If you're interested in OpenBSD in virtual machines in the cloud, I
> have nothing but praise for the people at RootBSD [1], which have
> supported OpenBSD for a while.  IIRC they run OpenBSD on top of Xen,
> so the previous comments about security not being the same as running
> it natively do apply, but it's definitely an option.
> 
> I believe Undeadly recently posted about partial support for Hyper-V
> has been committed, which also opens up the future possibly of running
> OpenBSD on Azure.  Seems like the only holdout is AWS, but there is
> now official support for FreeBSD on it, so here's hoping its' more
> secure cousin will make it's way to Amazon.

You cannot really compare FreeBSD in Azure or AWS to OpenBSD.  We have
totally different drivers for Hyper-V and Xen.  But Hyper-V is "fully"
supported on OpenBSD, the latest hvs(4) driver adds support for
StorVSC paravirtual SCSI.  mikeb@ has done some great work to
implement all the missing drivers and I helped where I could and
focussed on the part to get it from Hyper-V/Xen to the "cloud".

The situation in Azure is about the same as in AWS: we don't provide
OpenBSD images in the marketplaces or community images yet, but there
are scripts and howtos to create your OpenBSD VMs in Azure.  This
might change as soon as we feel confident enough with the VM "layout"
and the (mandatory) agent.  But, for now, use the tools from
unofficial external github projects:

For AWS:
https://github.com/ajacoutot/aws-openbsd

For Azure (also works in AWS and under VMM):
https://github.com/reyk/cloud-openbsd   (create images with cloud-agent)
https://github.com/reyk/cloud-agent (an alternative to waagent in ports)
https://github.com/reyk/meta-data   (test + boot cloud images under VMM)

We also have VirtIO drivers for OpenBSD VMM and KVM, as used by most
other clouds, and I'm planning to add support for OpenStack (JSON) and
OpenNebula (contexts) to my cloud-agent.

But please note that we're currently trying to find ways to create VM
images that still provide the benefits of OpenBSD-style things like
KARL.  The problem with pre-provisioned VM images is that they all
have the "same random values" in the filesystem, kernel, and libraries
where the installer usually makes each installation unique.  A
pre-provisioned image is always the same, at least on first boot,
unless we create something that prepares or installs everything before
getting a new VM instance online.  The first real* OpenBSD image on
Azure will probably be fully pre-provisioned, but maybe we switch to a
totally different model later.

In summary, I think all x86 VM hypervisors are more or less supported.
Just like real hardware platforms, some of them have problems, and
others work better.  But we're in a pretty good shape and it was an
interesting journey over the last years to get to this point.

*) There is currently only my company's OpenBSD-based product in
Azure.  Some PR got it wrong and announced that OpenBSD itself is now
available in 

dhcrelay broken after Apr 5

[Kapetanakis Giannis]

Hi,

Just upgraded a set of my firewalls that also do dhcrelay to -current.

The program stopped working ok. Some dhcp requests where being forwarded some 
not.

tcpdump was showing the request on internal interface but I couldn't see the 
request being forwarded on the external interface.
For some vlans the relay was working for some not.

I've located the problem to this commit:
http://marc.info/?l=openbsd-cvs&m=149140326301074&w=2

Reverting back to:
bpf.c,v 1.17
packet.c,v 1.13
dhcpd.h,v 1.22 2017/04/04

everything was ok again.

My setup is (trunk - on one firewall) - Vlans - carp - dhcrelay
28 vlans, 28 carps, 18 dhcrelay, 30 bpf devices

regards,

Giannis

Re: Can I use OpenBSD in a virtual machine, for example, VirtualBox?

[Artur Pędziwilk]

> On 3 Jul 2017, at 20:36, J Doe  wrote:
> 
> I believe Undeadly recently posted about partial support for Hyper-V has been 
> committed, which also opens up the future possibly of running OpenBSD on 
> Azure.  Seems like the only holdout is AWS, but there is now official support 
> for FreeBSD on it, so here's hoping its' more secure cousin will make it's 
> way to Amazon.

I am running OpenBSD on Amazon AWS with no issues so far.

There are my shared images and dmesg
https://wilkart.online/blog/openbsd-on-amazon-ec2.html 


Here we have quite detailed instruction how to build your own
https://github.com/ajacoutot/aws-openbsd

Trying to burn a 4.5G dvd

[STeve Andre']

Doing my usual

   growisofs -dvd-compat -Z /dev/rcd0c=image.iso

results in the error

mkisofs: Value too large to be stored in data type. File 
4P4WFA00_W10x64ROW_proDL.iso is too large for current mkisofs settings - 
ignoring


So far I do not see what needs to be changed in order to do this and a 
scan of marc.info and faq aren't helping.


Clues?  I'm pinched for time.  Thanks...

--STeve Andre'