Re: Excited for 6.2 - C'mon and release this bad boy!

[Stuart Henderson]

On 2017-10-06, Rui Ribeiro  wrote:
> Sorry, have not been able to use the installation image in the last few
> days.

While the snapshot kernels report a "6.2" version number, they will
default to fetching from pub/OpenBSD/6.2. When they switch to "6.2-current"
they will go back to using the snapshots directory by default.

You can override this in the installer by typing the full path to the
snapshots/$ARCH directory, and in pkg_add by either setting PKG_PATH to
the full path (snapshots/packages/$ARCH), or by using -Dsnap.

Re: Openbsd 6.1 and Current Console Freezes and lockup Proxmox PVE5.0

[Mike Larkin]

On Fri, Oct 06, 2017 at 05:58:18PM +0200, Oliver Marugg wrote:
> I’ve got the same freezes/hangs in all of my instances running OpenBSD
> 6.1-stable and/or 6.1-release syspatched on KVM-based Proxmox 5 as mentioned
> by others.
> 
> I also tried the change of the serial port as mentioned in this thread with
> no positive result.
> 
> Badly these freezes/hangs gives us not much chances for a bug reports. Only
> once I had a shown reported panic: vioscsi_scsi_cmd:183 vr_state is 2 should
> be 1. I was able only once to do some screenshots and traces until it hanged
> again. Attached to this mail I added my screenshots (7 screenshots of ddb).
> Or should I send these to bugs@ in relation to this misc@ thread, also if
> its not a full bug report?
> 
> Due to the fact I use a proxmox cluster for my students I asked Proxmox
> about that freezes/hangs of OpenBSD in their own support forum. After some
> checks/testrun they answered it could be a possible bug in KVM in their
> patches about RTC and apic, but Proxmox doesnt know OpenBSD in depth.
> Proxmox also sent with a KVM commit range to this thread.
> 
> Unfortunately I am a user and not a dev, from a indepth OpenBSD tech
> perspective I am not really able to give advice for a proper operation of
> OpenBSD to proxmox/kvm and/or to verify what possible changes/adjustments
> are needed in kvm hypervisor for a smooth operation of OpenBSD in there. Any
> ideas?
> 
> In general: Many thanks for all devs for OpenBSD.
> 
> -oliver

Every one of these images shows a panic on halt/reboot.

Does this only happen to you on halt and reboot scenarios?

-ml

Re: How to allow __set_tcb in pledge

[Theo de Raadt]

> I'm trying to use pledge to protect a go program.
> 
> The exec aborts with abort trap: core dump
> 
> Ktrace and /var/log/messages say that the __set_tcb
> syscall is denied.
> 
> Can I configure pledge to allow such syscall ?

In post-6.2, this is now allowed.  It wasn't allowed earlier
due to an oversight.

> (Same question for mlock and mlockall)

Uhm, those are not going to be allowed.  They are precisely the
type of operations you should do before pledge. 

Re: How make X rotation work via xrandr or xorg.conf? Did not get it to work on wsfb at least

[Josh Grosse]

On Fri, Oct 06, 2017 at 05:11:05PM -, ti...@openmailbox.org wrote:
> [...]
> Any ideas how I get screen rotation in X going?

$ xrandr -o right
$ xrandr -o left
$ xrandr -o normal

How to allow __set_tcb in pledge

[Stephane Martin]

Hi,

I’m trying to use pledge to protect a go program.

The exec aborts with « abort trap: core dump ».

Ktrace and /var/log/messages say that the « __set_tcb » syscall is denied.

Can I configure pledge to allow such syscall ?
(Same question for mlock and mlockall…)

Thank you,
Stephane

How make X rotation work via xrandr or xorg.conf? Did not get it to work on wsfb at least

[tinkr]

Hi!

Following up on the previous thread on rotating the screen, I tried to rotate 
the screen in X.

The first thing i must mention is my /etc/X11/xorg.conf , which was needed as X 
not worked out of the box on this Atom AMD64 machine:

Section "Device"
Identifier "Card0"
Driver "wsfb"
EndSection

With this, startx works, however the display i rotated 90 degrees 
counterclockwise to the keyboard. I now did the following out of xterm:

"xrandr" tells me I have an output by the name "default".

So i tried "xrandr --output default --rotation left", which told me:

"xrandr: output default cannot use rotation "left" reflection "none""

So I tried throwing in "--reflection x", and it gives me the same error message 
except it prints out the reflection as "X axis".

I also tried "--orientation left" and it does not fail but also has no effect.

And I also tried to add the same as above into xorg.conf via an "Option 
"Rotate" "right"" setting however it had no effect, maybe I did not understand 
how to properly apply the setting though.

Any ideas how I get screen rotation in X going?

Thanks!
Tinker

Re: l2tp and openbsd 6.1

[Sterling Archer]

On Fri, Oct 6, 2017 at 5:25 PM, Charles Amstutz
 wrote:
> Should've also mentioned this oddity:
>
> So, if the firewall rules are uncommented (where I get the below error)
>
> no IP address found for pppx:network
> /etc/pf.conf:102: could not parse host specification no IP address found for 
> pppx:network
> /etc/pf.conf:103: could not parse host specification no IP address found for 
> pppx:network
> /etc/pf.conf:106: could not parse host specification
>
>
> And reboot, I can't connect. However, if I comment out those lines and then 
> save/reload then uncomment,  I can connect just fine.
>
>
>
>
> -Original Message-
> From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of 
> Charles Amstutz
> Sent: Friday, October 6, 2017 10:04 AM
> To: 'misc@openbsd.org' 
> Subject: Re: l2tp and openbsd 6.1
>
> Hello Noth,
>
>
> "Try pppx instead of pppx0, it'll work in pf.conf, including as a macro."
>
> I did!! I found another article that talked about the group.  After reading 
> this: 
> http://frankgroeneveld.nl/2015/08/16/configuring-l2tp-over-ipsec-on-openbsd-for-mac-os-x-clients/
>
> However,  I still get this error if I try to reload the firewall and no vpn 
> client is established (thus the pppx group or pppx0 interface doesn't exist 
> yet)... this is the same if I use pppx or pppx0
>
>
> no IP address found for pppx:network
> /etc/pf.conf:102: could not parse host specification no IP address found for 
> pppx:network
> /etc/pf.conf:103: could not parse host specification no IP address found for 
> pppx:network
> /etc/pf.conf:106: could not parse host specification
>
> If I remove :network,  the same errors:
>
> no IP address found for pppx
> /etc/pf.conf:102: could not parse host specification no IP address found for 
> pppx
> /etc/pf.conf:103: could not parse host specification no IP address found for 
> pppx
> /etc/pf.conf:106: could not parse host specification
>
>
> However,  if I comment out those lines, connect, then uncomment out the 
> lines, things work as they should (it appears)
>
> It also seems as if I can't connect if I have those lines uncommented after a 
> reboot.
>
> Many strange things.
>
> Thanks for the help everyone, I'm going to continue to research.


You can't use :network for interface groups like pppx.
If you want to filter on IP or subnet, why don't you just type the actual IP
or subnet in pf.conf?


-- 
:wq!

Re: ld.so: openvpn: can't load library 'liblzo2.so.1.0'

[Atanas Vladimirov]

Hi,
This is the output after upgrading to the newest snapshot (03.10.2017)

rtld loading: 'openvpn'
exe load offset:  0x1023ea70
 flags /usr/local/sbin/openvpn = 0x0
head /usr/local/sbin/openvpn
obj /usr/local/sbin/openvpn has /usr/local/sbin/openvpn as head
examining: '/usr/local/sbin/openvpn'
loading: libc.so.90.0 required by /usr/local/sbin/openvpn
 flags /usr/lib/libc.so.90.0 = 0x0
obj /usr/lib/libc.so.90.0 has /usr/local/sbin/openvpn as head
loading: libcrypto.so.42.0 required by /usr/local/sbin/openvpn
 flags /usr/lib/libcrypto.so.42.0 = 0x0
obj /usr/lib/libcrypto.so.42.0 has /usr/local/sbin/openvpn as head
loading: libssl.so.44.1 required by /usr/local/sbin/openvpn
 flags /usr/lib/libssl.so.44.1 = 0x0
obj /usr/lib/libssl.so.44.1 has /usr/local/sbin/openvpn as head
loading: liblzo2.so.1.0 required by /usr/local/sbin/openvpn
ld.so: openvpn: can't load library 'liblzo2.so.1.0'
Killed


And on next reboot everything is fine:

rtld loading: 'openvpn'
exe load offset:  0xce50950
 flags /usr/local/sbin/openvpn = 0x0
head /usr/local/sbin/openvpn
obj /usr/local/sbin/openvpn has /usr/local/sbin/openvpn as head
examining: '/usr/local/sbin/openvpn'
loading: libcrypto.so.42.0 required by /usr/local/sbin/openvpn
 flags /usr/lib/libcrypto.so.42.0 = 0x0
obj /usr/lib/libcrypto.so.42.0 has /usr/local/sbin/openvpn as head
loading: liblzo2.so.1.0 required by /usr/local/sbin/openvpn
 flags /usr/local/lib/liblzo2.so.1.0 = 0x0
obj /usr/local/lib/liblzo2.so.1.0 has /usr/local/sbin/openvpn as head
loading: libc.so.90.0 required by /usr/local/sbin/openvpn
 flags /usr/lib/libc.so.90.0 = 0x0
obj /usr/lib/libc.so.90.0 has /usr/local/sbin/openvpn as head
loading: liblz4.so.2.0 required by /usr/local/sbin/openvpn
 flags /usr/local/lib/liblz4.so.2.0 = 0x0
obj /usr/local/lib/liblz4.so.2.0 has /usr/local/sbin/openvpn as head
loading: libssl.so.44.1 required by /usr/local/sbin/openvpn
 flags /usr/lib/libssl.so.44.1 = 0x0
obj /usr/lib/libssl.so.44.1 has /usr/local/sbin/openvpn as head
linking dep /usr/local/lib/liblzo2.so.1.0 as child of 
/usr/local/sbin/openvpn
linking dep /usr/local/lib/liblz4.so.2.0 as child of 
/usr/local/sbin/openvpn

linking dep /usr/lib/libssl.so.44.1 as child of /usr/local/sbin/openvpn
linking dep /usr/lib/libcrypto.so.42.0 as child of 
/usr/local/sbin/openvpn

linking dep /usr/lib/libc.so.90.0 as child of /usr/local/sbin/openvpn
examining: '/usr/local/lib/liblzo2.so.1.0'
examining: '/usr/local/lib/liblz4.so.2.0'
examining: '/usr/lib/libssl.so.44.1'
loading: libcrypto.so.42.0 required by /usr/lib/libssl.so.44.1
linking dep /usr/lib/libcrypto.so.42.0 as child of 
/usr/lib/libssl.so.44.1

examining: '/usr/lib/libcrypto.so.42.0'
examining: '/usr/lib/libc.so.90.0'
 flags /usr/libexec/ld.so = 0x0
obj /usr/libexec/ld.so has /usr/local/sbin/openvpn as head
protect start RELRO = 0xce741923f78 in /usr/lib/libc.so.90.0
protect end RELRO = 0xce741926000 in /usr/lib/libc.so.90.0
protect start RELRO = 0xce7c455fbb8 in /usr/lib/libcrypto.so.42.0
protect end RELRO = 0xce7c457b000 in /usr/lib/libcrypto.so.42.0
protect start RELRO = 0xce7e7530048 in /usr/lib/libssl.so.44.1
protect end RELRO = 0xce7e7533000 in /usr/lib/libssl.so.44.1
protect start RELRO = 0xce7af2e8cb0 in /usr/local/lib/liblz4.so.2.0
protect end RELRO = 0xce7af2e9000 in /usr/local/lib/liblz4.so.2.0
protect start RELRO = 0xce7b6059c78 in /usr/local/lib/liblzo2.so.1.0
protect end RELRO = 0xce7b605a000 in /usr/local/lib/liblzo2.so.1.0
protect start RELRO = 0xce5097b0348 in /usr/local/sbin/openvpn
protect end RELRO = 0xce5097b1ff0 in /usr/local/sbin/openvpn
StartEnd  Type Open Ref GrpRef Name
0ce50950 0ce5097b3000 exe  10   0  
/usr/local/sbin/openvpn
0ce7b5e2c000 0ce7b605b000 rlib 01   0  
/usr/local/lib/liblzo2.so.1.0
0ce7af0d2000 0ce7af2ea000 rlib 01   0  
/usr/local/lib/liblz4.so.2.0
0ce7e72e2000 0ce7e7537000 rlib 01   0  
/usr/lib/libssl.so.44.1
0ce7c41af000 0ce7c4583000 rlib 02   0  
/usr/lib/libcrypto.so.42.0
0ce74165a000 0ce741939000 rlib 01   0  
/usr/lib/libc.so.90.0
0ce78300 0ce78300 rtld 01   0  
/usr/libexec/ld.so

symcache lookups 342 hits 0 ratio 0% hits
dynamic loading done, success.
tib new=0xce7c954cd00
setting environ 0xce783212000@/usr/libexec/ld.so[0xce771dfc800] from 
0xce783212000
setting __progname 0xce783212008@/usr/libexec/ld.so[0xce771dfc800] from 
0xce783212008
doing ctors obj 0xce7622e4c00 @0xce7b5e2c2e0: 
[/usr/local/lib/liblzo2.so.1.0]
doing ctors obj 0xce7951d1c00 @0xce7af0d22e0: 
[/usr/local/lib/liblz4.so.2.0]
doing ctors obj 0xce7622e4400 @0xce7c41af2e0: 
[/usr/lib/libcrypto.so.42.0]

doing ctors obj 0xce7622e4800 @0xce7e72e22e0: [/usr/lib/libssl.so.44.1]
entry point: 0xce509501870

# dmesg
OpenBSD 6.2 (GENERIC.MP) #134: Tue Oct  3 21:22:29 MDT 2017

Re: Excited for 6.2 - C'mon and release this bad boy!

[Todd C. Miller]

On Fri, 06 Oct 2017 16:34:24 +0100, Rui Ribeiro wrote:

> Sorry, have not been able to use the installation image in the last few
> days. The 6.2 directory started popping last week without it existing, and
> even 2-3 days ago the installation was not working yet even trying to point
> to the new directory.

The 6.2 directory will only contain packages for now.  Packages are
the largest part of the release and they get distributed first so
the mirrors have extra time to fetch them.

 - todd

Re: Excited for 6.2 - C'mon and release this bad boy!

[G]

6.2 havent been released yet. I guess you can install current if you
wish from snapshots. But if you wish to run stable just wait.

On 10/06/2017 06:34 PM, Rui Ribeiro wrote:
> Sorry, have not been able to use the installation image in the last few
> days. The 6.2 directory started popping last week without it existing,
> and even 2-3 days ago the installation was not working yet even trying
> to point to the new directory.
> 
> On 6 October 2017 at 16:33, Rui Ribeiro  > wrote:
> 
> Hi, I have not been able to use the installation image in USB to
> install it "6.2", is it working again?
> 
> On 6 October 2017 at 16:25, tec...@protonmail.com
>   > wrote:
> 
> Thanks for the link, looks like my suspicions were right.  Good
> stuff.
> 
> >  Original Message 
> > Subject: Re: Excited for 6.2 - C'mon and release this bad boy!
> > Local Time: 6 October 2017 3:22 PM
> > UTC Time: 6 October 2017 15:22
> > From: gp...@mailbox.org 
> > To: tec...@protonmail.com 
> >,
> misc@openbsd.org   >
> >
> > I think you should wait at least a couple of days.
> >
> > https://www.openbsd.org/62.html 
> >
> > On 10/06/2017 06:12 PM, tec...@protonmail.com
>  wrote:
> >> This month marks 6 months since 6.1 released, and I have a
> sneaky feeling 6.2 could be coming out any day now.. well, I
> hope so.
> >>
> >> Looking forward to this!
> >>
> 
> 
> 
> 
> -- 
> Regards,
> 
> --
> Rui Ribeiro
> Senior Linux Architect and Network Administrator
> ISCTE-IUL
> https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
> 
> 
> 
> 
> 
> -- 
> Regards,
> 
> --
> Rui Ribeiro
> Senior Linux Architect and Network Administrator
> ISCTE-IUL
> https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434

Re: Excited for 6.2 - C'mon and release this bad boy!

[Rui Ribeiro]

Sorry, have not been able to use the installation image in the last few
days. The 6.2 directory started popping last week without it existing, and
even 2-3 days ago the installation was not working yet even trying to point
to the new directory.

On 6 October 2017 at 16:33, Rui Ribeiro  wrote:

> Hi, I have not been able to use the installation image in USB to install
> it "6.2", is it working again?
>
> On 6 October 2017 at 16:25, tec...@protonmail.com 
> wrote:
>
>> Thanks for the link, looks like my suspicions were right.  Good stuff.
>>
>> >  Original Message 
>> > Subject: Re: Excited for 6.2 - C'mon and release this bad boy!
>> > Local Time: 6 October 2017 3:22 PM
>> > UTC Time: 6 October 2017 15:22
>> > From: gp...@mailbox.org
>> > To: tec...@protonmail.com , misc@openbsd.org <
>> misc@openbsd.org>
>> >
>> > I think you should wait at least a couple of days.
>> >
>> > https://www.openbsd.org/62.html
>> >
>> > On 10/06/2017 06:12 PM, tec...@protonmail.com wrote:
>> >> This month marks 6 months since 6.1 released, and I have a sneaky
>> feeling 6.2 could be coming out any day now.. well, I hope so.
>> >>
>> >> Looking forward to this!
>> >>
>>
>
>
>
> --
> Regards,
>
> --
> Rui Ribeiro
> Senior Linux Architect and Network Administrator
> ISCTE-IUL
> https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
>



-- 
Regards,

--
Rui Ribeiro
Senior Linux Architect and Network Administrator
ISCTE-IUL
https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434

Re: Excited for 6.2 - C'mon and release this bad boy!

[Rui Ribeiro]

Hi, I have not been able to use the installation image in USB to install it
"6.2", is it working again?

On 6 October 2017 at 16:25, tec...@protonmail.com 
wrote:

> Thanks for the link, looks like my suspicions were right.  Good stuff.
>
> >  Original Message 
> > Subject: Re: Excited for 6.2 - C'mon and release this bad boy!
> > Local Time: 6 October 2017 3:22 PM
> > UTC Time: 6 October 2017 15:22
> > From: gp...@mailbox.org
> > To: tec...@protonmail.com , misc@openbsd.org <
> misc@openbsd.org>
> >
> > I think you should wait at least a couple of days.
> >
> > https://www.openbsd.org/62.html
> >
> > On 10/06/2017 06:12 PM, tec...@protonmail.com wrote:
> >> This month marks 6 months since 6.1 released, and I have a sneaky
> feeling 6.2 could be coming out any day now.. well, I hope so.
> >>
> >> Looking forward to this!
> >>
>



-- 
Regards,

--
Rui Ribeiro
Senior Linux Architect and Network Administrator
ISCTE-IUL
https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434

Re: l2tp and openbsd 6.1

[Charles Amstutz]

Should've also mentioned this oddity:

So, if the firewall rules are uncommented (where I get the below error)

no IP address found for pppx:network
/etc/pf.conf:102: could not parse host specification no IP address found for 
pppx:network
/etc/pf.conf:103: could not parse host specification no IP address found for 
pppx:network
/etc/pf.conf:106: could not parse host specification


And reboot, I can't connect. However, if I comment out those lines and then 
save/reload then uncomment,  I can connect just fine.




-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of 
Charles Amstutz
Sent: Friday, October 6, 2017 10:04 AM
To: 'misc@openbsd.org' 
Subject: Re: l2tp and openbsd 6.1

Hello Noth,


"Try pppx instead of pppx0, it'll work in pf.conf, including as a macro."

I did!! I found another article that talked about the group.  After reading 
this: 
http://frankgroeneveld.nl/2015/08/16/configuring-l2tp-over-ipsec-on-openbsd-for-mac-os-x-clients/

However,  I still get this error if I try to reload the firewall and no vpn 
client is established (thus the pppx group or pppx0 interface doesn't exist 
yet)... this is the same if I use pppx or pppx0


no IP address found for pppx:network
/etc/pf.conf:102: could not parse host specification no IP address found for 
pppx:network
/etc/pf.conf:103: could not parse host specification no IP address found for 
pppx:network
/etc/pf.conf:106: could not parse host specification

If I remove :network,  the same errors:

no IP address found for pppx
/etc/pf.conf:102: could not parse host specification no IP address found for 
pppx
/etc/pf.conf:103: could not parse host specification no IP address found for 
pppx
/etc/pf.conf:106: could not parse host specification


However,  if I comment out those lines, connect, then uncomment out the lines, 
things work as they should (it appears)

It also seems as if I can't connect if I have those lines uncommented after a 
reboot.

Many strange things.  

Thanks for the help everyone, I'm going to continue to research. 

Re: Excited for 6.2 - C'mon and release this bad boy!

[tec...@protonmail.com]

Thanks for the link, looks like my suspicions were right.  Good stuff.

>  Original Message 
> Subject: Re: Excited for 6.2 - C'mon and release this bad boy!
> Local Time: 6 October 2017 3:22 PM
> UTC Time: 6 October 2017 15:22
> From: gp...@mailbox.org
> To: tec...@protonmail.com , misc@openbsd.org 
> 
>
> I think you should wait at least a couple of days.
>
> https://www.openbsd.org/62.html
>
> On 10/06/2017 06:12 PM, tec...@protonmail.com wrote:
>> This month marks 6 months since 6.1 released, and I have a sneaky feeling 
>> 6.2 could be coming out any day now.. well, I hope so.
>>
>> Looking forward to this!
>>

Re: Excited for 6.2 - C'mon and release this bad boy!

[G]

I think you should wait at least a couple of days.

https://www.openbsd.org/62.html

On 10/06/2017 06:12 PM, tec...@protonmail.com wrote:
> This month marks 6 months since 6.1 released, and I have a sneaky feeling 6.2 
> could be coming out any day now.. well, I hope so.
> 
> Looking forward to this!
> 

Excited for 6.2 - C'mon and release this bad boy!

[tec...@protonmail.com]

This month marks 6 months since 6.1 released, and I have a sneaky feeling 6.2 
could be coming out any day now.. well, I hope so.

Looking forward to this!

Re: l2tp and openbsd 6.1

[Charles Amstutz]

Hello Noth,


"Try pppx instead of pppx0, it'll work in pf.conf, including as a macro."

I did!! I found another article that talked about the group.  After reading 
this: 
http://frankgroeneveld.nl/2015/08/16/configuring-l2tp-over-ipsec-on-openbsd-for-mac-os-x-clients/

However,  I still get this error if I try to reload the firewall and no vpn 
client is established (thus the pppx group or pppx0 interface doesn't exist 
yet)... this is the same if I use pppx or pppx0


no IP address found for pppx:network
/etc/pf.conf:102: could not parse host specification
no IP address found for pppx:network
/etc/pf.conf:103: could not parse host specification
no IP address found for pppx:network
/etc/pf.conf:106: could not parse host specification

If I remove :network,  the same errors:

no IP address found for pppx
/etc/pf.conf:102: could not parse host specification
no IP address found for pppx
/etc/pf.conf:103: could not parse host specification
no IP address found for pppx
/etc/pf.conf:106: could not parse host specification


However,  if I comment out those lines, connect, then uncomment out the lines, 
things work as they should (it appears)

It also seems as if I can't connect if I have those lines uncommented after a 
reboot.

Many strange things.  

Thanks for the help everyone, I'm going to continue to research. 

Re: Blocking users who change their IP address

[Comète]

6 octobre 2017 05:40 "Eric Johnson"  a écrit:

> On Fri, 6 Oct 2017, Mihai Popescu wrote:
> 
>> I'm at a small Wireless ISP in a small town and have only a Class C block
>> of addresses.
>> 
>> [...]
>> 
>> [...]
>> 
>> Very romantic, indeed, but it has nothing to do with OpenBSD.
>> Are you serious?
> 
> Since the primary firewall and the DHCP server (and pretty much everything
> else on my end) run on OpenBSD, if there is a way to do it with OpenBSD,
> for example with pf, then I think that it should be a very good place to
> ask the question.
> 
> Of course, if there is no way to address the problem on computers running
> OpenBSD, then I did ask in the wrong place.
> 
> Based on your response, I assume that OpenBSD must be useless for trying
> to solve that problem and I shall have to look elsewhere.
> 
> Eric

Hi,

you just have to read the "dhcpd" man page I think. If I understand correctly 
your request "-C" is what you're looking for.
I used this to build a captive portal in Python/Django on Matthieu Herrb's idea 
and work (https://hal-univ-tlse3.archives-ouvertes.fr/hal-01135123). I've not 
yet released the source code of the management interface but what you want to 
do can be done without code. Only with OpenBSD tools like PF and DHCPD.

Morgan

Re: Blocking users who change their IP address

[Jim Rowan]

> On Oct 5, 2017, at 4:39 PM, Eric Johnson  wrote:
> 
> On Fri, 6 Oct 2017, Mihai Popescu wrote:
>> 
>> Very romantic, indeed, but it has nothing to do with OpenBSD.
> 
…

> Based on your response, I assume that OpenBSD must be useless for trying
> to solve that problem and I shall have to look elsewhere.
> 
> Eric
> 

I would suggest that you shouldn't believe everything you read on the 
internet^h^h^h^h^h^h^h^hm...@openbsd.org list.
:)

Re: Blocking users who change their IP address

[Joe Holden]

On 05/10/2017 22:39, Eric Johnson wrote:



On Fri, 6 Oct 2017, Mihai Popescu wrote:


I'm at a small Wireless ISP in a small town and have only a Class C block
of addresses.



  [...]



[...]


Very romantic, indeed, but it has nothing to do with OpenBSD.
Are you serious?


Since the primary firewall and the DHCP server (and pretty much everything
else on my end) run on OpenBSD, if there is a way to do it with OpenBSD,
for example with pf, then I think that it should be a very good place to
ask the question.

Of course, if there is no way to address the problem on computers running
OpenBSD, then I did ask in the wrong place.

Based on your response, I assume that OpenBSD must be useless for trying
to solve that problem and I shall have to look elsewhere.

Eric


This is a network infrastructure/design problem you need to either 
isolate customers or filter further down stream, if they're on a 
relatively dumb shared layer2 network you aren't going to be able to fix 
it by the time it gets to the firewall...

Re: Blocking users who change their IP address

[Raul Miller]

On Thu, Oct 5, 2017 at 5:39 PM, Eric Johnson  wrote:
> Since the primary firewall and the DHCP server (and pretty much everything
> else on my end) run on OpenBSD, if there is a way to do it with OpenBSD,
> for example with pf, then I think that it should be a very good place to
> ask the question.
>
> Of course, if there is no way to address the problem on computers running
> OpenBSD, then I did ask in the wrong place.
>
> Based on your response, I assume that OpenBSD must be useless for trying
> to solve that problem and I shall have to look elsewhere.

Another plausible conclusion might be that you had not mentioned how
OpenBSD could be relevant in this setup, and so someone pushed back on
the relevance of your question.

On the other hand... if you actually subscribe to the idea that people
should just know things you did not tell them... it's entirely
possible that there is other critically important information which
you have not yet revealed?

Thanks though,

-- 
Raul

Re: spamd randomly and silently dying on OpenBSD 6.1

[Boudewijn Dijkstra]

Op Fri, 06 Oct 2017 10:49:39 +0200 schreef rosjat :

[...]
Is there some way to get a more verbose autput when the process is  
daemonized? the -v switch only seems to aplay to the foreground mode.


Depends on your syslog.conf; I have:
!!spamd
daemon.err;daemon.warn;daemon.info;daemon.debug /var/log/spamd
!*

Have you checked whether interaction with spamd-setup is causing any  
problems?




--
Gemaakt met Opera's e-mailprogramma: http://www.opera.com/mail/

PDF produced by mandoc

[Jan Stary]

This is current/amd64. I just produced a pdf of bc(1) with
"man -Tpdf bc > bc.pdf".

Trying to view that pdf with mupdf(1) complains thusly:
(I can view and print the PDF fine though)

warning: expected 'endobj' or 'stream' keyword (27 0 R)
warning: expected 'endobj' or 'stream' keyword (9 0 R)
warning: expected 'endobj' or 'stream' keyword (4 0 R)
warning: expected 'endobj' or 'stream' keyword (3 0 R)
warning: expected 'endobj' or 'stream' keyword (5 0 R)

Trying to view that pdf with gv(1) says

Error: /typecheck in --setfileposition--
Operand stack:
   64771   27   0   --dict:2/2(L)--   xref   0   28   0   65535   f   9   0   n 
  64651   0   n   30   0   n   105   0   n   179   0   n   255   0   n   335   
0   n   13629   0   n   13650   0   n   13738   0   n   13819   0   n   27932   
0   n   27954   0   n   28043   0   n   28126   0   n   40526   0   n   40548   
0   n   40637   0   n   40720   0   n   53119   0   n   53141   0   n   53230   
0   n   53313   0   n   64457   0   n   64479   0   n   64568   0   n   64762   
0   n   trailer   --dict:3/3(L)--   64805   --nostringval--   startxref
Execution stack:
   %interp_exit   .runexec2   --nostringval--   --nostringval--   
--nostringval--   2   %stopped_push   --nostringval--   --nostringval--   
--nostringval--   false   1   %stopped_push   1884   1   3   %oparray_pop   
1883   1   3   %oparray_pop   1867   1   3   %oparray_pop   1755   1   3   
%oparray_pop   --nostringval--   %errorexec_pop   .runexec2   --nostringval--   
--nostringval--   --nostringval--   2   %stopped_push   --nostringval--   
--nostringval--   --nostringval--   --nostringval--
Dictionary stack:
   --dict:1165/1684(ro)(G)--   --dict:1/20(G)--   --dict:82/200(L)--   
--dict:109/127(ro)(G)--   --dict:292/300(ro)(G)--   --dict:22/32(L)--
Current allocation mode is local
Last OS error: 2
Current file position is 2058

and errors out.

Is seems to happen with any other manpage as well.
Is anyone seeing the same?

Jan

spamd randomly and silently dying on OpenBSD 6.1

[rosjat]

Hi there,


it seems spamd daemon is siliently and randomly dying on a OpenBSd 6.1 
machine. The logs show nothing  that would give some hint and If my 
script for bgp-spamd wouldn tell me it cant connect to spamd I would 
even notice it till the next daily job that tells me that spamlogd 
should run but isnt.


Is there some way to get a more verbose autput when the process is 
daemonized? the -v switch only seems to aplay to the foreground mode.


here is my spamd setting

spamd_class=daemon
spamd_flags=-v -G10:12:864 -B 50 -c 100 -s 10
spamd_rtable=0
spamd_timeout=30
spamd_user=root

and spamlogd

spamlogd_class=daemon
spamlogd_flags=-l pflog3
spamlogd_rtable=0
spamlogd_timeout=30
spamlogd_user=root

If someone had the same issue and could resolve it Iwould be nice to 
here. In the end I can always make a cron job that checks if spamd is 
running and if not just restart it but this isnt really a solution ...



regards

--
Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you 
print it, think about your responsibility and commitment to the ENVIRONMENT