Re: Addblock + Badhost blocking via unbound(8) and pf anchors
> Hi everyone,
Hello,
[ snip ]
> cat hosts | grep '^0\.0\.0\.0' | awk '{print "local-zone: \""$2"\"
> redirect\nlocal-data: \""$2" A 0.0.0.0\""}' > ads.conf
awk 'NF == 2 && $1 == "0.0.0.0" && $2 ~ /^[a-z0-9]/ { print "local-zone: \"" $2
"\" redirect\nlocal-data: \"" $2 " A " $1 "\"" }' host > ads.conf
Regards,
Re: Kindly support this initiative for a public git repository of OpenBSD source code located at Germany!
On 23:35 Thu 28 Dec, Dinesh Thirumurthy wrote: > Dear Everyone, > > On Thu, Dec 28, 2017 at 3:05 PM, Mikko Laine wrote: > > > You could try https://notabug.org/, which is Dutch-owned and hosted in > > Germany. Note larger repositories (>100 Mb) are accepted per-case. > > > I have requested notabug.org to provide 1GB space for openbsd src git repo. > It would be good to demonstrate that that you also want this idea > implemented. > > So, kindly help by voting Yes to my online poll. > > The poll is at https://doodle.com/poll/rbg53x3dyd7i4y5d > > Thanks very much. There is a github mirror already, nah?
Re: New default setup for touchpads in X
On Fri, Dec 29, 2017 at 10:05:12PM -0700, bit shifter wrote:
> I have a Thinkpad X240 with the buttonless clickpad. On snapshot
> 6.2-current #311, the only soft buttons that function are the buttons
> at the top of the clickpad. The soft buttons at the bottom of the
> clickpad all act as a left-click. Further, in wsconsctl, the
> mouse.type is "unknown_19". If I edit the
> /usr/X11R6/share/X11/xorg.conf.d/70-synaptics.conf file, and uncomment
> the InputClass section at the top (that was recently commented out by
> default) again, so these are my effective xorg settings:
>
> Section "InputClass"
> Identifier "touchpad catchall"
> Driver "synaptics"
> MatchIsTouchpad "on"
> EndSection
>
> Section "InputClass"
> Identifier "Default clickpad buttons"
> MatchDriver "synaptics"
> Option "SoftButtonAreas" "50% 0 82% 0 0 0 0 0"
> Option "SecondarySoftButtonAreas" "58% 0 0 15% 42% 58% 0 15%"
> EndSection
>
>
> The soft buttons at the bottom work again, but the mouse.type in
> wsconsctl is still unknown_19. I've included the output of wsconsctl
> and dmesg below.
>
>
> $ doas wsconsctl | grep mouse
>
> wsconsctl: Use explicit arg to view keyboard.map.
> mouse.type=unknown_19
Please try the diff for wsconsctl below.
Also looking for OKs, maybe WSMOUSE_TYPE_SYNAP_SBTN should just be
called synaptics just like WSMOUSE_TYPE_SYNAPTICS in the wsconsctl
output?
Index: util.c
===
RCS file: /cvs/src/sbin/wsconsctl/util.c,v
retrieving revision 1.65
diff -u -p -r1.65 util.c
--- util.c 2 Sep 2017 22:09:32 - 1.65
+++ util.c 30 Dec 2017 11:04:37 -
@@ -94,6 +94,7 @@ static const struct nameint mstype_tab[]
{ WSMOUSE_TYPE_ALPS,"alps" },
{ WSMOUSE_TYPE_SGI, "sgi" },
{ WSMOUSE_TYPE_ELANTECH, "elantech" },
+ { WSMOUSE_TYPE_SYNAP_SBTN, "synaptics-soft-buttons" },
};
static const struct nameint dpytype_tab[] = {
JRE, Java and JavaFX
Hello, I would like to know whether is possible to execute GUI app based on JavaFX using OpenBSD's package for JRE. I had tried to compile and run but Maven says it can't find JavaFX classes. I also tried to compile on Windows and then copy target directory to OpenBSD, but again I see something similar: /usr/local/jre-1.8.0/bin/java -cp target/app-0.1-SNAPSHOT.jar com.company.app.Main Exception in thread "main" java.lang.NoClassDefFoundError: javafx/application/Application at java.lang.ClassLoader.defineClass1(Native Method) at java.lang.ClassLoader.defineClass(ClassLoader.java:763) at java.security.SecureClassLoader.defineClass(SecureClassLoader.java:142) at java.net.URLClassLoader.defineClass(URLClassLoader.java:467) at java.net.URLClassLoader.access$100(URLClassLoader.java:73) at java.net.URLClassLoader$1.run(URLClassLoader.java:368) at java.net.URLClassLoader$1.run(URLClassLoader.java:362) at java.security.AccessController.doPrivileged(Native Method) at java.net.URLClassLoader.findClass(URLClassLoader.java:361) at java.lang.ClassLoader.loadClass(ClassLoader.java:424) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:335) at java.lang.ClassLoader.loadClass(ClassLoader.java:357) at com.company1.app.Main.main(Main.java:7) Caused by: java.lang.ClassNotFoundException: javafx.application.Application at java.net.URLClassLoader.findClass(URLClassLoader.java:381) at java.lang.ClassLoader.loadClass(ClassLoader.java:424) at sun.misc.Launcher$AppClassLoader.loadClass(Launcher.java:335) at java.lang.ClassLoader.loadClass(ClassLoader.java:357) ... 13 more Have a nice day.
trunk0 link aggregation interface and PF rules not working
Trying to make aggregation using two wireless interfaces on OpenBSD 6.1 amd64 but unsuccessful. Both wireless interfaces successfully connects to its networks and have DHCP assigned IP addresses. Both configs are listed below: $ cat /etc/hostname.iwn0 dhcp bssid BSSID_MAC nwid NWID wpa wpakey WPAKEY wpaprotos wpa2 $ cat /etc/hostname.athn0 dhcp bssid BSSID_MAC1 nwid NWID1 wpa wpakey WPAKEY1 wpaprotos wpa2 For trunk0 intefrace I have assigned different modes available while testing: failover, lacp, and loadbalance $cat /etc/hostname.trunk0 trunkproto failover trunkport iwn0 trunkport athn0 192.168.20.1 netmask 255.255.255.0 #trunkproto lacp trunkport iwn0 trunkport athn0 192.168.20.1 netmask 255.255.255.0 #trunkproto loadbalance trunkport iwn0 trunkport athn0 192.168.20.1 netmask 255.255.255.0 By PF I set trunk0 as an egress interface in PF instead of previously used athn0 and iwn0 for outgoing traffic. #cat /etc/pf.conf ext_iftrunk0 #ext_ifathn0 #ext_ifiwn0 . $cat /etc/sysctl.conf net.inet.ip.forwarding=1 #net.inet.ip.mforwarding=1 #net.inet.ip.multipath=1 No traffic goes over trunk0, but all perfectly works if I reverse my PF config to iwn0 or athn0 interfaces as egress ones. Please give an advice what I'm doing wrong. Thank you!
Fwd: Re: trunk0 link aggregation interface and PF rules not working
--- Treść przekazanej wiadomości --- Temat: Re: trunk0 link aggregation interface and PF rules not working Data: Sat, 30 Dec 2017 14:09:16 +0100 Nadawca:Krzysztof Strzeszewski Adresat:Denis link aggregation uses at the same time two interface, link failover backup ones interface W dniu 30.12.2017 o 13:15, Denis pisze: > Trying to make aggregation using two wireless interfaces on OpenBSD 6.1 > amd64 but unsuccessful. > > Both wireless interfaces successfully connects to its networks and have > DHCP assigned IP addresses. > Both configs are listed below: > > $ cat /etc/hostname.iwn0 > dhcp bssid BSSID_MAC nwid NWID wpa wpakey WPAKEY wpaprotos wpa2 > > $ cat /etc/hostname.athn0 > dhcp bssid BSSID_MAC1 nwid NWID1 wpa wpakey WPAKEY1 wpaprotos wpa2 > > For trunk0 intefrace I have assigned different modes available while > testing: failover, lacp, and loadbalance > > $cat /etc/hostname.trunk0 > trunkproto failover trunkport iwn0 trunkport athn0 192.168.20.1 netmask > 255.255.255.0 > #trunkproto lacp trunkport iwn0 trunkport athn0 192.168.20.1 netmask > 255.255.255.0 > #trunkproto loadbalance trunkport iwn0 trunkport athn0 192.168.20.1 > netmask 255.255.255.0 > > By PF I set trunk0 as an egress interface in PF instead of previously > used athn0 and iwn0 for outgoing traffic. > > #cat /etc/pf.conf > > ext_iftrunk0 > #ext_ifathn0 > #ext_ifiwn0 > . > > $cat /etc/sysctl.conf > > net.inet.ip.forwarding=1 > #net.inet.ip.mforwarding=1 > #net.inet.ip.multipath=1 > > > No traffic goes over trunk0, but all perfectly works if I reverse my PF > config to iwn0 or athn0 interfaces as egress ones. > > Please give an advice what I'm doing wrong. > > Thank you! > > > > > >
Broadcast/Multicast & NTP - CAPWAP
At this point it appears that openbsd security configurations may result in a los of UDP ICMP traffic to all hosts on a segment. If possible please clarify if any of the following are required foe the proper operation of NTP/CAPWAP on a broadcast/multicast segment. [patrick@bully ~]$sysctl | grep multi net.inet.ip.multipath=0 net.inet6.ip6.multipath=0 net.inet6.ip6.multicast_mtudisc=0 [patrick@bully ~]$sysctl | grep 'net.inet' | grep '=0' net.inet.ip.forwarding=0 net.inet.ip.sourceroute=0 net.inet.ip.directed-broadcast=0 net.inet.ip.encdebug=0 net.inet.ip.ipsec-soft-allocs=0 net.inet.ip.ipsec-allocs=0 net.inet.ip.ipsec-soft-bytes=0 net.inet.ip.ipsec-bytes=0 net.inet.ip.ifq.len=0 net.inet.ip.ifq.drops=0 net.inet.ip.mforwarding=0 net.inet.ip.multipath=0 net.inet.ip.arpqueued=0 net.inet.icmp.maskrepl=0 net.inet.icmp.bmcastecho=0 net.inet.icmp.rediraccept=0 net.inet.ipip.allow=0 net.inet.tcp.ackonpush=0 net.inet.tcp.ecn=0 net.inet.tcp.always_keepalive=0 net.inet.gre.allow=0 net.inet.gre.wccp=0 net.inet.mobileip.allow=0 net.inet.etherip.allow=0 net.inet.ipcomp.enable=0 net.inet.carp.preempt=0 Regards Patrick
Re: Config-/Dotfiles in CVS
Am Fri, 29 Dec 2017 22:56:59 -0500 schrieb Nick Holland : > On 12/29/17 12:00, Michael Hekeler wrote: > ... > > I want to keep track of my changings in configfiles > > like "/etc/ssh/sshd_config" or "~/.tmux.conf" and so > > > > Normally I create "/root/RCS" and "~/RCS". > > Then in every directory with configfiles that I want to change I > > create a symlink ./RCS -> /root/RCS (in the example of sshd_config I > > will create /etc/ssh/RCS as symlink to /root/RCS. So when I check in > > sshd_config the revision file goes to /root/RCS > > When I setup a new machine I can look in the older host's /root/RCS > > and it shows me which files I have to edit (or better: which files > > I edited on that host). > > > > I am sure that every admin has its own way to do that. But I know > > that it is always a good idea to listen carefully to more > > experienced people. > > That´s why I am asking. > > One thing I have done for years, since hard disks became too stupidly > big to even dream of using all of in many cases, is carve out a > partition that I store dated tar files of the /etc/ directory in. > > So -- /bu/etc20171220.tgz /bu/etc20171221.tgz, > and so on. With compression, you can get YEARS of backup files in a > 40g partition. > > No check in/check out. Diffing is non-trivial, but ... how often do > you do it? If you knew it worked yesterday(/last week) and is broke > today, restore yesterday(/last week)'s files and figure out why it > broke after you are back up and running. > > For files like DNS zone files and pf.conf files, I wrote a script that > you run on either machine, it shows you the diff to the other machine, > has you comment/explain your change, then pushes your change over to > the other file. Works great for things where you have two different > machines that should normally be running the same data, but you need > to change and test that data from time to time. Done properly, you > get everything good from "change control" and revision control, and > almost zero effort on the part of the administrators. (yes, in the > case of DNS, it means you handle the replication manually rather than > through zone transfers -- and handling it manually is much better > than the idiotic DNS master/slave concept. Win all around). > > Nick. > Interesting :-) - thank you. -- Viele Grüße Michael
Re: Addblock + Badhost blocking via unbound(8) and pf anchors
I have tried using all awk for the script before, but I find piping the
grep output into awk to be 2-3x faster on the Edgerouter Lite. I just
ran some timed tests for your script against mine on the ErLite, and I
got similar results, with my script completing in ~6 seconds against the
StevenBlack hosts file, and yours at ~14 seconds. This may not be the
case on more conventional architectures. I am considering rewriting the
script in Perl to see if that runs any faster.
On 12/30/17 00:21, Freddy DISSAUX wrote:
Hi everyone,
Hello,
[ snip ]
cat hosts | grep '^0\.0\.0\.0' | awk '{print "local-zone: \""$2"\" redirect\nlocal-data:
\""$2" A 0.0.0.0\""}' > ads.conf
awk 'NF == 2 && $1 == "0.0.0.0" && $2 ~ /^[a-z0-9]/ { print "local-zone: \"" $2 "\" redirect\nlocal-data:
\"" $2 " A " $1 "\"" }' host > ads.conf
Regards,
Re: Openbsd 6.1 and Current Console Freezes and lockup Proxmox PVE5.0
Hello I have repeated OpenBSD 6.2 Testng on Proxmox PVE 5.1 3r Relasee CD The console does not hang like in previous releases of Proxmox PVE 5.x However the issue of delays between pings (slow sleep time) stil is there since the 5.1 Release 2 and is present in 5.1 release 3 iso (the Proxmox 5.1 CD that was released 22 December 2017 if I do date;sleep 1;date I will get the first time and date, and the second time about 9-11 seconds after the first... and the interval between pings is sporadic... I will raise a case with Proxmox again about this Ill do some further digging... Thanks On 27 October 2017 at 07:18, Tom Smyth wrote: > Hello Theo, Mike, All, > > @Theo Understood it is important to protect developers and the project goals > ... @Mike Thanks for your Generosity in the time you took on this thread, > Yes I want Mike to make VMM more awesome :) @Mike keep up the good work > > I cant disagree with any point that Theo made in his email on this tread > that said, > unfortunately I cant always choose my hypervisor and I dearly want to run > OpenBSD on it proxmox... > > I do think (based on the fact that OpenBSD 6.0-6.2 works on PVE 4.4 it is > probably a (virtual Hardware issue ) .. not necessarily an OpenBSD issue > I will raise this with the PVE Support guys (as I have already done since mid > July ) > > Any further posts on this thread from me will be (hopefully for other OpenBSD > users benefit (if I make progress) > and certainly not intended as a request or a distraction for Core > OpenBSD Developers > > All the Best, > > Tom Smyth > > On 27 October 2017 at 06:37, Theo de Raadt wrote: >> Tom, >> >> A virtual machine setup is an operating system running on an operating >> system on top of an operating system. >> >> OK, not quite. The middle one, the VM itself, is as a bit less >> complex than a full operating system as machine-independent code goes, >> but nevertheless the machine-dependent bat-shit-crazy stuff is far >> more complex with gobs of extremely messy nuances face it on both >> sides because x86 is a fucking minefield >> >> Everyone needs to adjust their expectation that all 3 layers are >> perfect, AND not assume that it is our layer doing the wrong thing >> >> Really the layers should simplify but the current marketplace is still >> gaining more value out of product differentiation than >> simplification+convergence, both sw and hw >> >> Even if our subsystem isn't doing something 'right', it is NOT the >> stated goal of OpenBSD to run well on every garbage VM, because it has >> become impossible for the little guy to be perfect. >> >> Concerted efforts to diagnose and improve these low-level issues uses >> the same crowd of people who are trying to improve other edges which >> may be more important. do you want our vmm to work well? or do you >> want us to work better on someone else's vmm? Sorry, limited >> skillset, pick what you want mlarkin to focus on! But that is unfair, >> and even if he listened to your wishlist, UNPRODUCTIVE. >> >> Where does this go? Get ready for monopolies in everything, or >> oligopolies at best... or fight their establishment. >> >>> Just to say the gaps in ping response seems get worse as the uptime >>> increases >>> ie >>> with the uptime around 5 minutes the gaps between ping results are around 1 >>> sec >>> (what I consider normal) >>> with the uptime around 2 hrs 45 minutes the gaps between ping results are >>> 13 sec >>> with the uptime 8 hrs 30 minutes the gaps between ping results are 35 >>> seconds >>> >>> Output of sysctl kern.timecounter below >>> >>> kern.timecounter.tick=1 >>> kern.timecounter.timestepwarnings=0 >>> kern.timecounter.hardware=acpihpet0 >>> kern.timecounter.choice=i8254(0) acpihpet0(1000) acpitimer0(1000) >>> dummy(-100) >>> >>> I will change the ACPI now to i8254 and report back later on >>> Thanks >>> >>> >>> On 26 October 2017 at 20:25, Mike Belopuhov wrote: >>> > On Thu, Oct 26, 2017 at 19:05 +0100, Tom Smyth wrote: >>> >> Lads, >>> >> >>> >> Im pleased to say that my testing of OpenBSD 6.1 and OpenBSD 6.2 >>> >> Release >>> >> amd64 , >>> >> appear to work a little better in Proxmox PVE5.1 as released this week, >>> >> >>> >> I used iso version 5.1-722cc488-1 from Proxmox >>> >> Updated on 24 October 2017 >>> >> >>> >> The Console no longer freezes but after a few hours >>> >> the console (vga console accessed via Proxmox webinterface seems >>> >> to lag a little >>> >> the interval between pings for instance takes up to 13 seconds, which >>> >> is a bit strange... ie it takes 13 seconds for each line of Ping result >>> >> which is u >>> >> Ill report more feedback later, but at least OpenBSD is not freezing >>> >> as bad in this >>> >> version of Proxmox PVE 5.1 >>> >> >>> > >>> > Hi, >>> > >>> > Can you please show us the output of "sysctl kern.timecounter". >>> > If you're currently using an acpihpet0, can you please try >>> > switching to the acpitimer0 (and if that doesn't help, i8254)
Re: adsuck
Am 12/28/17 um 23:34 schrieb ed...@pettijohn-web.com: > You need dhcpcd from ports. I don't think the base client supports scripts. Ah - I see. So it should be safe to delete that very line in dhclient.conf - if base's dhclient doesn't support scripts and yet everything is running fine this should not do any harm. Thank you for pointing this out. Beside Jordan Geoghegan's suggestion I received a similar solution in PM. I vaguely remember Stuart Henderson having suggested this kind of setup as it only uses what comes with base. Will do my homework of reading the man pages (in particular a.th. related to 'unbound') first. Thank you all! All the best for 2018! STEFAN
Re: Broadcast/Multicast & NTP - CAPWAP
On Sat, 30 Dec 2017, Patrick Dohman wrote: > At this point it appears that openbsd security configurations may result > in a los of UDP ICMP traffic to all hosts on a segment. If possible > please clarify if any of the following are required foe the proper > operation of NTP/CAPWAP on a broadcast/multicast segment. Do you just want to hope that someone on this list has already deployed "CAPWAP" with OpenBSD and wait for them to answer, or are you interested in trying to debug it? If the latter, then you should take it down a level and describe what you tried to do, what you expected to see "on the wire/in the air", and what you _actually_ saw there? (Reading at least one 120+ page standard written by Cisco just to understand the background to someone else's problem is a high barrier to assistance by others who are familiar with networking but not with CAPWAP and/or LWAPP.) Philip Guenther
Re: Broadcast/Multicast & NTP - CAPWAP
Thanks for the reply. I’m looking to determine if the cause of intermittent subnet “collisions” that necessitate power cycle of numerous networks hosts is the result of OpenBSD security configurations Please note the openbsd host is reachable via SSH however ICMP form the host and from other hosts on the subnet fail and DNS lookups on the Puffy machine fail following the network failure. In addition wifi appears related as 802.11 is constantly active and may be requesting configuration change during channel/frequency update. Essentially If security configurations that disable for example broadcast echo & address mask query can lead to unexpected results. For example MTU size & TCP window scaling options requiring the results of a broadcast ICMP echo. Or if unintended result of the stateless UDP traffic never reaching it’s destination due to security config can result in ICMP UDP MTU errors. Regards Patrick > On Dec 30, 2017, at 5:55 PM, Philip Guenther wrote: > > On Sat, 30 Dec 2017, Patrick Dohman wrote: >> At this point it appears that openbsd security configurations may result >> in a los of UDP ICMP traffic to all hosts on a segment. If possible >> please clarify if any of the following are required foe the proper >> operation of NTP/CAPWAP on a broadcast/multicast segment. > > Do you just want to hope that someone on this list has already deployed > "CAPWAP" with OpenBSD and wait for them to answer, or are you interested > in trying to debug it? > > If the latter, then you should take it down a level and describe what you > tried to do, what you expected to see "on the wire/in the air", and what > you _actually_ saw there? > > > (Reading at least one 120+ page standard written by Cisco just to > understand the background to someone else's problem is a high barrier to > assistance by others who are familiar with networking but not with CAPWAP > and/or LWAPP.) > > > Philip Guenther
Re: Broadcast/Multicast & NTP - CAPWAP
On Sat, 30 Dec 2017, Patrick Dohman wrote: > I’m looking to determine if the cause of intermittent subnet > “collisions” that necessitate power cycle of numerous networks hosts is > the result of OpenBSD security configurations You haven't described your setup or what you're actually running on your OpenBSD box, so I don't know how OpenBSD is even *involved* in what you're asking about. ... > Essentially If security configurations that disable for example > broadcast echo & address mask query can lead to unexpected results. For > example MTU size & TCP window scaling options requiring the results of a > broadcast ICMP echo. Path MTU detection is dependent on ICMP "fragmentation required" responses, but OpenBSD generates, processes, and passes those by default. TCP window scaling is not dependent on any sort of ICMP. > Or if unintended result of the stateless UDP traffic never reaching it’s > destination due to security config can result in ICMP UDP MTU errors. Uh, no. Frankly, this sounds like grasping at straws; you need to pause and actually write down *testable* details before trying to come up with (more) hypotheses. As I wrote before: >> If the latter, then you should take it down a level and describe what you >> tried to do, what you expected to see "on the wire/in the air", and what >> you _actually_ saw there? Philip Guenther
