openbsd 63-eta and dhcpclient problem

[Holger Glaess]

hi


i have here an fresh installed openbsd 6.3-beta on an samsung ultrabook 
series 5


problem is the he don't get an ip address on his ethernet interface.


i see on my dhcp server the request coming and he send an offer but the 
samsung diden't get it.


if i boot an simple stupid ubuntu 16.04.02 install cd , the interface 
works and got an ip.


dmesg below.

there is no config for the dhclient .

bug ?


holger



OpenBSD 6.3-beta (GENERIC.MP) #44: Thu Mar  8 09:56:19 MST 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8344485888 (7957MB)
avail mem = 8084537344 (7710MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe0840 (64 entries)
bios0: vendor Phoenix Technologies Ltd. version "P15AAJ" date 07/23/2015
bios0: SAMSUNG ELECTRONICS CO., LTD. 530U3C/530U4C
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP SLIC SSDT ASF! HPET APIC MCFG FPDT SSDT SSDT 
UEFI UEFI POAT UEFI
acpi0: wakeup devices P0P1(S4) GLAN(S4) XHC_(S4) HDEF(S4) PXSX(S4) 
RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) 
RP05(S4) PXSX(S4) RP06(S4) [...]

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz, 1596.64 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT,MELTDOWN

cpu0: 256KB 64b/line 8-way L2 cache
acpihpet0: recalibrated TSC frequency 1696151660 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz, 1596.38 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT,MELTDOWN

cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz, 1596.38 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT,MELTDOWN

cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz, 1596.38 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT,MELTDOWN

cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (P0P1)
acpiprt2 at acpi0: bus 1 (RP01)
acpiprt3 at acpi0: bus -1 (RP02)
acpiprt4 at acpi0: bus -1 (RP03)
acpiprt5 at acpi0: bus 2 (RP04)
acpiprt6 at acpi0: bus -1 (RP05)
acpiprt7 at acpi0: bus -1 (RP06)
acpiprt8 at acpi0: bus -1 (RP07)
acpiprt9 at acpi0: bus -1 (RP08)
acpiprt10 at acpi0: bus -1 (PEG0)
acpiprt11 at acpi0: bus -1 (PEG1)
acpiprt12 at acpi0: bus -1 (PEG2)
acpiprt13 at acpi0: bus -1 (PEG3)
acpiec0 at acpi0
acpicpu0 at acpi0: C3(200@87 mwait.1@0x30), C2(500@59 mwait.1@0x10), 
C1(1000@1 mwait.1), PSS
acpicpu1 at acpi0: C3(200@87 mwait.1@0x30), C2(500@59 mwait.1@0x10), 
C1(1000@1 mwait.1), PSS
acpicpu2 at acpi0: C3(200@87 mwait.1@0x30), C2(500@59 mwait.1@0x10), 
C1(1000@1 mwait.1), PSS
acpicpu3 at acpi0: C3(200@87 mwait.1@0x30), C2(500@59 mwait.1@0x10), 
C1(1000@1 mwait.1), PSS

acpipwrres0 at acpi0: FN00, resource for FAN0
acpipwrres1 at acpi0: FN01, resource for FAN1
acpipwrres2 at acpi0: FN02, resource for FAN2
acpipwrres3 at acpi0: FN03, resource for FAN3
acpipwrres4 at acpi0: FN04, resource for FAN4
acpitz0 at acpi0: critical temperature is 106 degC
acpitz1 at acpi0: critical temperature is 106 degC
acpibat0 at acpi0: BAT1 type LION oem "SAMSUNG Electronics"
"INT3F0D" at acpi0 not configured
"ETD0B00" at acpi0 not configured
"PNP0C14" at acpi0 not configured
acpi

Re: openbsd 63-eta and dhcpclient problem

[Peter Hessler]

please include the output of "dhclient -vv re0"


On 2018 Mar 09 (Fri) at 09:14:08 +0100 (+0100), Holger Glaess wrote:
:hi
:
:
:i have here an fresh installed openbsd 6.3-beta on an samsung ultrabook
:series 5
:
:problem is the he don't get an ip address on his ethernet interface.
:
:
:i see on my dhcp server the request coming and he send an offer but the
:samsung diden't get it.
:
:if i boot an simple stupid ubuntu 16.04.02 install cd , the interface works
:and got an ip.
:
:dmesg below.
:
:there is no config for the dhclient .
:
:bug ?
:
:
:holger
:

-- 
The Arkansas legislature passed a law that states that the Arkansas
River can rise no higher than to the Main Street bridge in Little
Rock.

Re: openbsd 63-eta and dhcpclient problem

[Holger Glaess]

hi


~ 1>dhclient -vv re0
re0: DHCPDISCOVER - interval 1
re0: DHCPDISCOVER - interval 1
re0: DHCPDISCOVER - interval 1
re0: DHCPDISCOVER - interval 1
re0: DHCPDISCOVER - interval 1
re0: DHCPDISCOVER - interval 1
re0: DHCPDISCOVER - interval 1
re0: DHCPDISCOVER - interval 1
re0: DHCPDISCOVER - interval 1
re0: DHCPDISCOVER - interval 1
re0: no lease ... sleeping


and part of my log from the dhcp server


Mar  9 10:05:34 furt dhcpd[72447]: DHCPDISCOVER from e8:03:9a:b4:f6:48 
via vlan100
Mar  9 10:05:34 furt dhcpd[72447]: DHCPOFFER on 192.168.131.101 to 
e8:03:9a:b4:f6:48 via vlan100
Mar  9 10:05:35 furt dhcpd[72447]: DHCPDISCOVER from e8:03:9a:b4:f6:48 
via vlan100
Mar  9 10:05:35 furt dhcpd[72447]: DHCPOFFER on 192.168.131.101 to 
e8:03:9a:b4:f6:48 via vlan100
Mar  9 10:05:36 furt dhcpd[72447]: DHCPDISCOVER from e8:03:9a:b4:f6:48 
via vlan100
Mar  9 10:05:36 furt dhcpd[72447]: DHCPOFFER on 192.168.131.101 to 
e8:03:9a:b4:f6:48 via vlan100
Mar  9 10:05:37 furt dhcpd[72447]: DHCPDISCOVER from e8:03:9a:b4:f6:48 
via vlan100
Mar  9 10:05:37 furt dhcpd[72447]: DHCPOFFER on 192.168.131.101 to 
e8:03:9a:b4:f6:48 via vlan100
Mar  9 10:05:38 furt dhcpd[72447]: DHCPDISCOVER from e8:03:9a:b4:f6:48 
via vlan100
Mar  9 10:05:38 furt dhcpd[72447]: DHCPOFFER on 192.168.131.101 to 
e8:03:9a:b4:f6:48 via vlan100



holger



Am 09.03.2018 um 09:37 schrieb Peter Hessler:

please include the output of "dhclient -vv re0"


On 2018 Mar 09 (Fri) at 09:14:08 +0100 (+0100), Holger Glaess wrote:
:hi
:
:
:i have here an fresh installed openbsd 6.3-beta on an samsung ultrabook
:series 5
:
:problem is the he don't get an ip address on his ethernet interface.
:
:
:i see on my dhcp server the request coming and he send an offer but the
:samsung diden't get it.
:
:if i boot an simple stupid ubuntu 16.04.02 install cd , the interface works
:and got an ip.
:
:dmesg below.
:
:there is no config for the dhclient .
:
:bug ?
:
:
:holger
:

Re: openbsd 63-eta and dhcpclient problem

[Peter Hessler]

Can you run "tcpdump -c100 -ni re0 port 67 or port 68", while running
dhclient?  The dhclient process doesn't see the responses from the
server, and I want to make sure they are being delivered to the network
card.


On 2018 Mar 09 (Fri) at 10:08:13 +0100 (+0100), Holger Glaess wrote:
:hi
:
:
:~ 1>dhclient -vv re0
:re0: DHCPDISCOVER - interval 1
:re0: DHCPDISCOVER - interval 1
:re0: DHCPDISCOVER - interval 1
:re0: DHCPDISCOVER - interval 1
:re0: DHCPDISCOVER - interval 1
:re0: DHCPDISCOVER - interval 1
:re0: DHCPDISCOVER - interval 1
:re0: DHCPDISCOVER - interval 1
:re0: DHCPDISCOVER - interval 1
:re0: DHCPDISCOVER - interval 1
:re0: no lease ... sleeping
:
:
:and part of my log from the dhcp server
:
:
:Mar  9 10:05:34 furt dhcpd[72447]: DHCPDISCOVER from e8:03:9a:b4:f6:48 via
:vlan100
:Mar  9 10:05:34 furt dhcpd[72447]: DHCPOFFER on 192.168.131.101 to
:e8:03:9a:b4:f6:48 via vlan100
:Mar  9 10:05:35 furt dhcpd[72447]: DHCPDISCOVER from e8:03:9a:b4:f6:48 via
:vlan100
:Mar  9 10:05:35 furt dhcpd[72447]: DHCPOFFER on 192.168.131.101 to
:e8:03:9a:b4:f6:48 via vlan100
:Mar  9 10:05:36 furt dhcpd[72447]: DHCPDISCOVER from e8:03:9a:b4:f6:48 via
:vlan100
:Mar  9 10:05:36 furt dhcpd[72447]: DHCPOFFER on 192.168.131.101 to
:e8:03:9a:b4:f6:48 via vlan100
:Mar  9 10:05:37 furt dhcpd[72447]: DHCPDISCOVER from e8:03:9a:b4:f6:48 via
:vlan100
:Mar  9 10:05:37 furt dhcpd[72447]: DHCPOFFER on 192.168.131.101 to
:e8:03:9a:b4:f6:48 via vlan100
:Mar  9 10:05:38 furt dhcpd[72447]: DHCPDISCOVER from e8:03:9a:b4:f6:48 via
:vlan100
:Mar  9 10:05:38 furt dhcpd[72447]: DHCPOFFER on 192.168.131.101 to
:e8:03:9a:b4:f6:48 via vlan100
:
:
:holger
:
:
:
:Am 09.03.2018 um 09:37 schrieb Peter Hessler:
:> please include the output of "dhclient -vv re0"
:> 
:> 
:> On 2018 Mar 09 (Fri) at 09:14:08 +0100 (+0100), Holger Glaess wrote:
:> :hi
:> :
:> :
:> :i have here an fresh installed openbsd 6.3-beta on an samsung ultrabook
:> :series 5
:> :
:> :problem is the he don't get an ip address on his ethernet interface.
:> :
:> :
:> :i see on my dhcp server the request coming and he send an offer but the
:> :samsung diden't get it.
:> :
:> :if i boot an simple stupid ubuntu 16.04.02 install cd , the interface works
:> :and got an ip.
:> :
:> :dmesg below.
:> :
:> :there is no config for the dhclient .
:> :
:> :bug ?
:> :
:> :
:> :holger
:> :
:> 
:

-- 
So far as I can remember, there is not one word in the Gospels in
praise of intelligence.
-- Bertrand Russell

Re: openbsd 63-eta and dhcpclient problem

[Holger Glaess]

hi


strange

i did the test again with booting the ubuntu cd , then i reboot to 
openbsd 6.3


since this time dhcp on re works . i did also an complete poweroff and

reboot direkt to openbsd is works now . i dont  know why .

i start to have this problem with an current version 6.2 from feb .2018 but
i dident care about it , i think the interface is broken .

today i try the linux , first and wonder why is ethernet working.

did you need the tcpdump farther ?

holger



Am 09.03.2018 um 10:22 schrieb Peter Hessler:

tcpdump -c100 -ni re0 port 67 or port 6

Re: openbsd 63-eta and dhcpclient problem

[Peter Hessler]

No need for the tcdump any more.  I wanted to see if you were receiving
the packets or not. If you're getting a lease, then clearly you're now
receiving the packets.


On 2018 Mar 09 (Fri) at 11:06:43 +0100 (+0100), Holger Glaess wrote:
:hi
:
:
:strange
:
:i did the test again with booting the ubuntu cd , then i reboot to openbsd
:6.3
:
:since this time dhcp on re works . i did also an complete poweroff and
:
:reboot direkt to openbsd is works now . i dont  know why .
:
:i start to have this problem with an current version 6.2 from feb .2018 but
:i dident care about it , i think the interface is broken .
:
:today i try the linux , first and wonder why is ethernet working.
:
:did you need the tcpdump farther ?
:
:holger
:
:
:
:Am 09.03.2018 um 10:22 schrieb Peter Hessler:
:> tcpdump -c100 -ni re0 port 67 or port 6
:

-- 
Miksch's Law:
If a string has one end, then it has another end.

Re: The vim display issue on OpenBSD

[Stuart Henderson]

On 2018-03-09, Nan Xiao  wrote:
> Hi all,
>
> Greetings from me!
>
> I meet a weird issue: there is a file which contains only "1":
>
> # cat a
> 1
>
> While use vim to open it, it displays "0". I find the number behind
> cursor will decrease 1.
>
> Does anyone bump into this issue? Thanks very much in advance!
>
> P.S., my OpenBSD is 6.2 release, and vim is 8.0.1476.
>
> Best Regards
> Nan Xiao
>
>

I don't see it here. Are you sure there's nothing strange in the file?

hexdump -C a

Do you have a .vimrc? If so, does it still happen if you move it out the way?

Re: bridging vmm network

[niya]

On 09/03/2018 01:56, Mike Larkin wrote:

On Thu, Mar 08, 2018 at 05:48:05PM +, niya wrote:

hi

i working out my ideas for modelling my home network,

the network will have four vether interfaces to cover the needs of my
firewall,

which will have  a lan, demilitarised zone, carp redundancy and connection
to the wan,

should i bridge all four vether interfaces to one bridge or a separate
bridge for each ?


Can you explain a bit more? Specifically, what role is vmm playing
here?

-ml

Hi Mike
sorry i think i'm refering to the wrong thing ,
i think it should be vmd in the title.
i have a test vm with a configuration of the following

cat /etc/vm.conf
switch "local" {
    add vether0
    interface bridge0
}

# Test VM
vm "test.vm" {
    disable
    owner alarm
    memory 256M
    disk "/home/alarm/vmm/test.img"
    interface tap0 { switch "local"
    lladdr fe:e1:bb:d1:23:51 }
    }



if i create multiple vm's do i attach the tap interface for each vm to 
switch "local"

or do i add a virtual switch declaration in vm.conf for each ?

shadrock

OpenBSD and IPMI

[Denis]

By reading this article
blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/ my hair
raised. 

How to OpenBSD security withstands against IPMI holed solution from top
hardware vendors?

Best ways to prevent potential risks for OpenBSD over IPMI?

Thanks

Re: The vim display issue on OpenBSD

[Nan Xiao]

Hi Stuart,

hexdump doesn't show anything exceptionally:
# hexdump -C a
  31 0a |1.|
0002

I don't have .vimrc, just a .viminfo and .vim directory:

# ls -alth .vim*
-rw---  1 root  wheel   725B Mar  9 21:27 .viminfo

.vim:
total 24
drwx--  7 root  wheel   1.0K Mar  9 21:28 ..
drwxr-xr-x  2 root  wheel   512B Aug 29  2017 .
-rw-r--r--  1 root  wheel93B Aug 29  2017 .netrwhist

Thanks!
Best Regards
Nan Xiao


On Fri, Mar 9, 2018 at 6:43 PM, Stuart Henderson  wrote:
> On 2018-03-09, Nan Xiao  wrote:
>> Hi all,
>>
>> Greetings from me!
>>
>> I meet a weird issue: there is a file which contains only "1":
>>
>> # cat a
>> 1
>>
>> While use vim to open it, it displays "0". I find the number behind
>> cursor will decrease 1.
>>
>> Does anyone bump into this issue? Thanks very much in advance!
>>
>> P.S., my OpenBSD is 6.2 release, and vim is 8.0.1476.
>>
>> Best Regards
>> Nan Xiao
>>
>>
>
> I don't see it here. Are you sure there's nothing strange in the file?
>
> hexdump -C a
>
> Do you have a .vimrc? If so, does it still happen if you move it out the way?
>
>

Re: The vim display issue on OpenBSD

[Stuart Henderson]

No ideas then, sorry.

Maybe try it from ports/packages instead in case there's anything
funny with your build? (I know that's not a standard ports one
because we didn't have 8.0.1476).


On 2018/03/09 21:32, Nan Xiao wrote:
> Hi Stuart,
> 
> hexdump doesn't show anything exceptionally:
> # hexdump -C a
>   31 0a |1.|
> 0002
> 
> I don't have .vimrc, just a .viminfo and .vim directory:
> 
> # ls -alth .vim*
> -rw---  1 root  wheel   725B Mar  9 21:27 .viminfo
> 
> .vim:
> total 24
> drwx--  7 root  wheel   1.0K Mar  9 21:28 ..
> drwxr-xr-x  2 root  wheel   512B Aug 29  2017 .
> -rw-r--r--  1 root  wheel93B Aug 29  2017 .netrwhist
> 
> Thanks!
> Best Regards
> Nan Xiao
> 
> 
> On Fri, Mar 9, 2018 at 6:43 PM, Stuart Henderson  wrote:
> > On 2018-03-09, Nan Xiao  wrote:
> >> Hi all,
> >>
> >> Greetings from me!
> >>
> >> I meet a weird issue: there is a file which contains only "1":
> >>
> >> # cat a
> >> 1
> >>
> >> While use vim to open it, it displays "0". I find the number behind
> >> cursor will decrease 1.
> >>
> >> Does anyone bump into this issue? Thanks very much in advance!
> >>
> >> P.S., my OpenBSD is 6.2 release, and vim is 8.0.1476.
> >>
> >> Best Regards
> >> Nan Xiao
> >>
> >>
> >
> > I don't see it here. Are you sure there's nothing strange in the file?
> >
> > hexdump -C a
> >
> > Do you have a .vimrc? If so, does it still happen if you move it out the 
> > way?
> >
> >

Re: The vim display issue on OpenBSD

[Nan Xiao]

Hi Stuart,

I am very sorry, and the VIM's version is 8.0.987. I reported wrong
version from other machine.

I should installed it from ports.

Thanks!
Best Regards
Nan Xiao


On Fri, Mar 9, 2018 at 9:37 PM, Stuart Henderson  wrote:
> No ideas then, sorry.
>
> Maybe try it from ports/packages instead in case there's anything
> funny with your build? (I know that's not a standard ports one
> because we didn't have 8.0.1476).
>
>
> On 2018/03/09 21:32, Nan Xiao wrote:
>> Hi Stuart,
>>
>> hexdump doesn't show anything exceptionally:
>> # hexdump -C a
>>   31 0a |1.|
>> 0002
>>
>> I don't have .vimrc, just a .viminfo and .vim directory:
>>
>> # ls -alth .vim*
>> -rw---  1 root  wheel   725B Mar  9 21:27 .viminfo
>>
>> .vim:
>> total 24
>> drwx--  7 root  wheel   1.0K Mar  9 21:28 ..
>> drwxr-xr-x  2 root  wheel   512B Aug 29  2017 .
>> -rw-r--r--  1 root  wheel93B Aug 29  2017 .netrwhist
>>
>> Thanks!
>> Best Regards
>> Nan Xiao
>>
>>
>> On Fri, Mar 9, 2018 at 6:43 PM, Stuart Henderson  
>> wrote:
>> > On 2018-03-09, Nan Xiao  wrote:
>> >> Hi all,
>> >>
>> >> Greetings from me!
>> >>
>> >> I meet a weird issue: there is a file which contains only "1":
>> >>
>> >> # cat a
>> >> 1
>> >>
>> >> While use vim to open it, it displays "0". I find the number behind
>> >> cursor will decrease 1.
>> >>
>> >> Does anyone bump into this issue? Thanks very much in advance!
>> >>
>> >> P.S., my OpenBSD is 6.2 release, and vim is 8.0.1476.
>> >>
>> >> Best Regards
>> >> Nan Xiao
>> >>
>> >>
>> >
>> > I don't see it here. Are you sure there's nothing strange in the file?
>> >
>> > hexdump -C a
>> >
>> > Do you have a .vimrc? If so, does it still happen if you move it out the 
>> > way?
>> >
>> >

Re: OpenBSD and IPMI

[Janne Johansson]

2018-03-09 14:11 GMT+01:00 Denis :

> By reading this article
> blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/ my hair
> raised. 
>
> How to OpenBSD security withstands against IPMI holed solution from top
> hardware vendors?
>

TOP hardware vendors name it LOM or ILO or Drac instead, then you are safe
from IPMI holes. ;)

-- 
May the most significant bit of your life be positive.

Re: OpenBSD and IPMI

[Kapetanakis Giannis]

On 09/03/18 15:11, Denis wrote:
> By reading this article
> blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/ my hair
> raised. 
> 
> How to OpenBSD security withstands against IPMI holed solution from top
> hardware vendors?
> 
> Best ways to prevent potential risks for OpenBSD over IPMI?
> 
> Thanks

The OS has nothing to do with a onboard-device running it's own firmware and 
having direct access to network.

Look for how you can secure/disable lom/drac/bmc whatever itself or the network 
that is given access to.

G

Re: bridging vmm network

[Carlos Cardenas]

On Fri, Mar 09, 2018 at 12:08:42PM +, niya wrote:
> 
> 
> On 09/03/2018 01:56, Mike Larkin wrote:
> > On Thu, Mar 08, 2018 at 05:48:05PM +, niya wrote:
> > > hi
> > > 
> > > i working out my ideas for modelling my home network,
> > > 
> > > the network will have four vether interfaces to cover the needs of my
> > > firewall,
> > > 
> > > which will have?? a lan, demilitarised zone, carp redundancy and 
> > > connection
> > > to the wan,
> > > 
> > > should i bridge all four vether interfaces to one bridge or a separate
> > > bridge for each ?
> > > 
> > Can you explain a bit more? Specifically, what role is vmm playing
> > here?
> > 
> > -ml
> Hi Mike
> sorry i think i'm refering to the wrong thing ,
> i think it should be vmd in the title.
> i have a test vm with a configuration of the following
> 
> cat /etc/vm.conf
> switch "local" {
> ?? add vether0
> ?? interface bridge0
> }
> 
> # Test VM
> vm "test.vm" {
> ?? disable
> ?? owner alarm
> ?? memory 256M
> ?? disk "/home/alarm/vmm/test.img"
> ?? interface tap0 { switch "local"
> ?? lladdr fe:e1:bb:d1:23:51 }
> ?? }
> 
> 
> 
> if i create multiple vm's do i attach the tap interface for each vm to
> switch "local"
> or do i add a virtual switch declaration in vm.conf for each ?
> 
> shadrock
> 

Howdy.

What version of OpenBSD are you running?  My guess based on the vm.conf
is 6.2, is that correct?

Some comments about networking, independent of version:
* Remove "tap0" from the "test.vm" config section.  If you copied that
  verbatim to another "vm", only one would be running since you
  specified a particular tap interface to use.  Instead leave the "tap0"
  off to tell vmd to use the next available tap interface.
* If you plan on running more than 4 vms at a time (defined in vm.conf
  or via vmctl directly), create more tap interfaces now with MAKEDEV
  (example to create two more taps...cd /dev; doas ./MAKEDEV tap4 tap5).

I would recommend running --current as it has all the bug fixes for
vmm/vmd along with cdrom support, if you need it.  If you are going to
run --current, you'll need to change your switch definition in vm.conf.
Take a look at https://www.openbsd.org/faq/current.html and look for:
2017/10/29 - vmd(8): switch configuration  for more details.

+--+
Carlos

Re: The vim display issue on OpenBSD

[Solène Rapenne]

Le 2018-03-09 08:19, Nan Xiao a écrit :

Hi all,

Greetings from me!

I meet a weird issue: there is a file which contains only "1":

# cat a
1

While use vim to open it, it displays "0". I find the number behind
cursor will decrease 1.

Does anyone bump into this issue? Thanks very much in advance!

P.S., my OpenBSD is 6.2 release, and vim is 8.0.1476.

Best Regards
Nan Xiao


hello,

Do you have this error only with this file ? If you do

echo 2 > file

and then you use vim on this file, does it display 1 ?
Could you try with another terminal emulator or from a tty ?

I have no idea about this problem but it may gives some clues.

Re: OpenBSD and IPMI

[Consus]

On 16:11 Fri 09 Mar, Denis wrote:
> By reading this article
> blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/ my hair
> raised. 
> 
> How to OpenBSD security withstands against IPMI holed solution from top
> hardware vendors?
> 
> Best ways to prevent potential risks for OpenBSD over IPMI?

Make your IPMI network private.

Re: go get abort trap?

[Theo de Raadt]

> On 2018-03-07, jungle Boogie  wrote:
> > Hi All,
> >
> > With the latest openbsd snapshot:
> > OpenBSD 6.3-beta (GENERIC.MP) #40: Wed Mar  7 12:51:00 MST 201
> >
> > It seems I cannot build or update go projects:
> >
> > $ go get -u github.com/justwatchcom/gopass
> > Abort trap (core dumped)
> >
> > dmesg shows:
> > trap pid 74737 tid 99500 type 6: sp c420024750 not inside
> > 7f7fffbef000-7f7ee000
> >
> > A week or two ago, I was able to update this project without any issues.
> > I can't run 'go' without the abort trap.
> >
> > Anyone else running openbsd snapshots experiencing this?
> 
> There's a stack safety diff which is in snapshots (for detailed
> information see https://marc.info/?l=openbsd-tech&m=152035796722258&w=2:
> in a nutshell "You may no longer point your stack register at non-stack
> memory.  You'll be killed.")
> 
> SBCL needs a change to work with this; see joshe's update on ports@.
> 
> Go also needs a change.
> 
> Apart from those two: ports bulk builds haven't quite finished yet,
> but it's looking likely that there won't be other significant impact.
> A few bootstraps need rebuilding, that's all we've run into so far.

Fairly good results.

A total of 4 problems have been found so far.  go, SBCL, and two cases
in src/regress which failed the new page-alignement requirement.  The SBCL
and go ones were found at buildtime, since they use themselves to complete
build.

But more page-alignment violations may be found in ports at runtime.

This is something I worry about a bit.  So please everyone out there
can help: Use snapshots which contain the stack-check diff, update to
new packages, and test all possible packages.  Really need a lot of
testing for this, so please help out.

Re: openbsd 63-eta and dhcpclient problem

[Holger Glaess]

hi


the problem is not gone.


i left the computer for a couple of hours ,then i try to work with hin 
but he lost the


connection .


i saw tine re interface with an ip and the outgoing dhcp request by 
tcpdump .


but he is not able to cumunicatate through ethernet.

i reboot the system , nothing work but he set the ip from the lease db 
of the dhclient


i delete thies and reboot again , nothing.


next i reboot the linux , ethernet work

then i reboot back to openbsd ethernet work !

i can do an connect , for example , ssh to an other system


there is something wrong .

holger




Am 09.03.2018 um 11:39 schrieb Peter Hessler:

No need for the tcdump any more.  I wanted to see if you were receiving
the packets or not. If you're getting a lease, then clearly you're now
receiving the packets.


On 2018 Mar 09 (Fri) at 11:06:43 +0100 (+0100), Holger Glaess wrote:
:hi
:
:
:strange
:
:i did the test again with booting the ubuntu cd , then i reboot to openbsd
:6.3
:
:since this time dhcp on re works . i did also an complete poweroff and
:
:reboot direkt to openbsd is works now . i dont  know why .
:
:i start to have this problem with an current version 6.2 from feb .2018 but
:i dident care about it , i think the interface is broken .
:
:today i try the linux , first and wonder why is ethernet working.
:
:did you need the tcpdump farther ?
:
:holger
:
:
:
:Am 09.03.2018 um 10:22 schrieb Peter Hessler:
:> tcpdump -c100 -ni re0 port 67 or port 6
:

Re: OSPF over gif on top of IPsec transport -current

[Remi Locherer]

On Sun, Mar 04, 2018 at 01:08:21PM +0200, Atanas Vladimirov wrote:
> Hi,
> 
> I can't make OSPF to work on gif over IPsec.
> With tcpdump on gif I see the OSPFv2-hello only from localhost:
> 
> # R1
> [ns]~$ tcpdump -nei gif0
> tcpdump: listening on gif0, link-type LOOP
> 23:19:29.181685 10.255.255.2 > 224.0.0.5: OSPFv2-hello  44: rtrid
> 192.168.1.1 area 0.0.0.1 [tos 0xc0] [ttl 1]
> 23:19:39.192025 10.255.255.2 > 224.0.0.5: OSPFv2-hello  44: rtrid
> 192.168.1.1 area 0.0.0.1 [tos 0xc0] [ttl 1]
> 23:19:49.202372 10.255.255.2 > 224.0.0.5: OSPFv2-hello  44: rtrid
> 192.168.1.1 area 0.0.0.1 [tos 0xc0] [ttl 1]
> 23:19:59.212730 10.255.255.2 > 224.0.0.5: OSPFv2-hello  44: rtrid
> 192.168.1.1 area 0.0.0.1 [tos 0xc0] [ttl 1]
> 23:20:09.223064 10.255.255.2 > 224.0.0.5: OSPFv2-hello  44: rtrid
> 192.168.1.1 area 0.0.0.1 [tos 0xc0] [ttl 1]
> 23:20:19.233393 10.255.255.2 > 224.0.0.5: OSPFv2-hello  44: rtrid
> 192.168.1.1 area 0.0.0.1 [tos 0xc0] [ttl 1]
> 
> # R2
> [hodor]~$ tcpdump -nei gif0
> tcpdump: listening on gif0, link-type LOOP
> 12:51:59.316704 10.255.255.1 > 224.0.0.5: OSPFv2-hello  44: rtrid 172.16.1.1
> backbone [tos 0xc0] [ttl 1]
> 12:52:09.327002 10.255.255.1 > 224.0.0.5: OSPFv2-hello  44: rtrid 172.16.1.1
> backbone [tos 0xc0] [ttl 1]
> 12:52:19.337314 10.255.255.1 > 224.0.0.5: OSPFv2-hello  44: rtrid 172.16.1.1
> backbone [tos 0xc0] [ttl 1]
> 
> While on enc0 both hello's appears (not sure if `bad ip cksum` is the reason
> for my issues):
> 
> # R1
> [ns]~$ tcpdump -nvi enc0
> tcpdump: listening on enc0, link-type ENC
> 12:24:37.625873 (authentic,confidential): SPI 0x11af4dae: 93.123.39.67 >
> 95.87.227.232: 10.255.255.1 > 224.0.0.5: OSPFv2-hello  44: rtrid 172.16.1.1
> backbone E mask 255.255.255.255 int 10 pri 1 dead 40 nbrs [tos 0xc0] [ttl 1]
> (id 25841, len 64) (ttl 60, id 37752, len 84)
> 12:24:41.882173 (authentic,confidential): SPI 0x1a3fbc6d: 95.87.227.232 >
> 93.123.39.67: 10.255.255.2 > 224.0.0.5: OSPFv2-hello  44: rtrid 192.168.1.1
> backbone E mask 255.255.255.255 int 10 pri 1 dead 40 nbrs [tos 0xc0] [ttl 1]
> (id 27818, len 64) (ttl 64, id 60563, len 84, bad ip cksum 32d7! -> c614)
> 12:24:47.636188 (authentic,confidential): SPI 0x11af4dae: 93.123.39.67 >
> 95.87.227.232: 10.255.255.1 > 224.0.0.5: OSPFv2-hello  44: rtrid 172.16.1.1
> backbone E mask 255.255.255.255 int 10 pri 1 dead 40 nbrs [tos 0xc0] [ttl 1]
> (id 36067, len 64) (ttl 60, id 65348, len 84)
> 12:24:51.892467 (authentic,confidential): SPI 0x1a3fbc6d: 95.87.227.232 >
> 93.123.39.67: 10.255.255.2 > 224.0.0.5: OSPFv2-hello  44: rtrid 192.168.1.1
> backbone E mask 255.255.255.255 int 10 pri 1 dead 40 nbrs [tos 0xc0] [ttl 1]
> (id 5127, len 64) (ttl 64, id 12476, len 84, bad ip cksum 201! -> 81ec)
> 12:24:57.646535 (authentic,confidential): SPI 0x11af4dae: 93.123.39.67 >
> 95.87.227.232: 10.255.255.1 > 224.0.0.5: OSPFv2-hello  44: rtrid 172.16.1.1
> backbone E mask 255.255.255.255 int 10 pri 1 dead 40 nbrs [tos 0xc0] [ttl 1]
> (id 39220, len 64) (ttl 60, id 1938, len 84)
> 
> # R2
> [hodor]~$ tcpdump -nvi enc0 | grep OSPF
> tcpdump: listening on enc0, link-type ENC
> 12:28:57.894007 (authentic,confidential): SPI 0x11af4dae: 93.123.39.67 >
> 95.87.227.232: 10.255.255.1 > 224.0.0.5: OSPFv2-hello  44: rtrid 172.16.1.1
> backbone E mask 255.255.255.255 int 10 pri 1 dead 40 nbrs [tos 0xc0] [ttl 1]
> (id 3667, len 64) (ttl 64, id 14037, len 84, bad ip cksum 2b6d! -> 7bd3)
> 12:29:02.151763 (authentic,confidential): SPI 0x1a3fbc6d: 95.87.227.232 >
> 93.123.39.67: 10.255.255.2 > 224.0.0.5: OSPFv2-hello  44: rtrid 192.168.1.1
> backbone E mask 25
> 5.255.255.255 int 10 pri 1 dead 40 nbrs [tos 0xc0] [ttl 1] (id 16974, len
> 64) (ttl 60, id 21648, len 84)
> 12:29:07.904315 (authentic,confidential): SPI 0x11af4dae: 93.123.39.67 >
> 95.87.227.232: 10.255.255.1 > 224.0.0.5: OSPFv2-hello  44: rtrid 172.16.1.1
> backbone E mask 255
> .255.255.255 int 10 pri 1 dead 40 nbrs [tos 0xc0] [ttl 1] (id 45590, len 64)
> (ttl 64, id 35262, len 84, bad ip cksum 2743! -> 28ea)
> 12:29:12.162049 (authentic,confidential): SPI 0x1a3fbc6d: 95.87.227.232 >
> 93.123.39.67: 10.255.255.2 > 224.0.0.5: OSPFv2-hello  44: rtrid 192.168.1.1
> backbone E mask 25
> 5.255.255.255 int 10 pri 1 dead 40 nbrs [tos 0xc0] [ttl 1] (id 19966, len
> 64) (ttl 60, id 3134, len 84)
> 12:29:17.914621 (authentic,confidential): SPI 0x11af4dae: 93.123.39.67 >
> 95.87.227.232: 10.255.255.1 > 224.0.0.5: OSPFv2-hello  44: rtrid 172.16.1.1
> backbone E mask 255
> .255.255.255 int 10 pri 1 dead 40 nbrs [tos 0xc0] [ttl 1] (id 36161, len 64)
> (ttl 64, id 53105, len 84, bad ip cksum fcb8! -> e336)
> 12:29:22.172468 (authentic,confidential): SPI 0x1a3fbc6d: 95.87.227.232 >
> 93.123.39.67: 10.255.255.2 > 224.0.0.5: OSPFv2-hello  44: rtrid 192.168.1.1
> backbone E mask 25
> 5.255.255.255 int 10 pri 1 dead 40 nbrs [tos 0xc0] [ttl 1] (id 36221, len
> 64) (ttl 60, id 29514, len 84)
> 
> If I set a static routes the regular traffic flows as it should.
> 
> The configs are the same on both routers:
> 

Re: The vim display issue on OpenBSD

[Andreas Kusalananda Kähäri]

On Fri, Mar 09, 2018 at 03:19:32PM +0800, Nan Xiao wrote:
> Hi all,
> 
> Greetings from me!
> 
> I meet a weird issue: there is a file which contains only "1":
> 
> # cat a
> 1
> 
> While use vim to open it, it displays "0". I find the number behind
> cursor will decrease 1.
> 
> Does anyone bump into this issue? Thanks very much in advance!
> 
> P.S., my OpenBSD is 6.2 release, and vim is 8.0.1476.
> 
> Best Regards
> Nan Xiao
> 

Vim will decrement the value under the cursor if you press Ctrl+X (and
increment it with Ctrl+A).

Are you pressing Ctrl+X, or is something sending this to your Vim
session upon starting Vim?  Is there something in your .vimrc file that
causes the equivalent of pressing Ctrl+X to be applied on startup?



-- 
Andreas Kusalananda Kähäri,
National Bioinformatics Infrastructure Sweden (NBIS),
Uppsala University, Sweden.

Re: go get abort trap?

[Kevin Chadwick]

On Fri, 09 Mar 2018 07:53:16 -0700


> But more page-alignment violations may be found in ports at runtime.
> 
> This is something I worry about a bit.  So please everyone out there
> can help: Use snapshots which contain the stack-check diff, update to
> new packages, and test all possible packages.  Really need a lot of
> testing for this, so please help out.

I tried all the desktop programs I use with no issues. Then I tried a
few random others, kmail died with:

mmap W^X violation

Is that the message you get for this stack-check?

OpenBSD 6.3-beta (GENERIC.MP) #45: Fri Mar  9 02:12:31 MST 2018

Re: OpenBSD and IPMI

[Stuart Henderson]

On 2018-03-09, Consus  wrote:
> On 16:11 Fri 09 Mar, Denis wrote:
>> By reading this article
>> blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/ my hair
>> raised. 
>> 
>> How to OpenBSD security withstands against IPMI holed solution from top
>> hardware vendors?
>> 
>> Best ways to prevent potential risks for OpenBSD over IPMI?
>
> Make your IPMI network private.
>
>

And beware, some machines failover to sharing with a main nic if nothing's
connected to the management nic, and have a common default password.

Re: booting hd0a:/bsd: open hd0a:/bsd: Invalid argument

[Stefan Wollny]

Am 09.03.2018 um 00:55 schrieb Stefan Wollny:
> Am 09.03.2018 um 00:09 schrieb Stefan Wollny:
>> Am 08.03.2018 um 23:25 schrieb Stefan Wollny:
>>> Am 08.03.2018 um 22:11 schrieb Stefan Wollny:
>>>
 Am 08.03.2018 um 17:44 schrieb Stefan Wollny:
> Gesendet von meinem BlackBerry 10-Smartphone.
>   Originalnachricht  
> Von: Kevin Chadwick
> Gesendet: Donnerstag, 8. März 2018 17:28
> An: misc@openbsd.org
> Betreff: Re: booting hd0a:/bsd: open hd0a:/bsd: Invalid argument
>
> On Thu, 8 Mar 2018 14:47:43 +0100
>
>
>> Has anyone a clue what might have happend and how to solve the issue?
>> I searched the net but didn't find any substantial infos on this. As
>> the error happends with all three USB-keys I have this is unlikely to
>> be cause of the trouble.
> The bootloader normally lists the disks that the bios sees beforehand
> e.g.
>
> disk: hd0+ hd1+ sr0*
>>> OpenBSD/amd64 BOOT 3.34
> Perhaps they have been moved around?
>
>
> I tried
>
> boot hd1a:/bsd
>
> but got the same message.
>
> I can enter # fsck -fy hd0a but ‎this just gets me a prompt without any 
> action. BTW: This is a SSD.
>
 OK - back at home I downloaded install63.iso and burned a CD which does
 start. Choosing "(U)pgrade" I am presented with "Available disks are:
 sd0 sd1" - but both are "not a valid root disk". Back to the shell I
 tried fdisk but I get "fdisk: sd0: No such file or directory"

 Could this be an issue with the bootloader or is it the encryption of
 softraid0 that hinders the upgrade?

>> tb@ provided another valuable hint:
>> I can start the boot-process with 'boot sr0a:/bsd' but this ends with a
>> panic:
>>
>> ...
>> softraid0 at root
>> scsibus4 at softraid0:256 targets
>> panic: root device (...) not found
>> Stopped at db_enter+0x5:    popq    %rbp
>>     TID    PID    UID    PRFLAGS    PFLAGS    CPU COMMAND
>> *    0        0        0    0X1        0X200    OK    swapper
>> ...
>>
> OK . final remarks for tonight:
>
> I can start 'boot sr0a:/bsd.rd' but trying to upgrade is the same
> dead-end road - "sd0 is not a valid root device".
>
> 'fdisk sd0' shows the expected '*' before the partition number.
>
> 'disklabel sd0' shows the expected fstype "RAID" 'for sd0a.
>
> Doing 'bioctl -c C -l /dev/sd0a' says "KDF hint has invalid size".
>
> 'installboot -nv sd0a' misses '/usr/mdec/biosboot' - there is only
> '/usr/mdec/mbr'.
>
> While the 'upgrade' started from 'boot sr0a:/bsd.rd' does not see 'sd0'
> the 'install' process started from the CD actually does.
Someone an idea how to proceed?  I'd hate to reinstall everything...

TIA.

STEFAN

Re: booting hd0a:/bsd: open hd0a:/bsd: Invalid argument

[Mihai Popescu]

> Someone an idea how to proceed?

Maybe stop talking to yourself on the email and debug more?

Re: OSPF over gif on top of IPsec transport -current

[Remi Locherer]

On Fri, Mar 09, 2018 at 06:13:10PM +0100, Remi Locherer wrote:
> On Sun, Mar 04, 2018 at 01:08:21PM +0200, Atanas Vladimirov wrote:
> > Hi,
> > 
> > I can't make OSPF to work on gif over IPsec.
> > With tcpdump on gif I see the OSPFv2-hello only from localhost:
> > 
> > # R1
> > [ns]~$ tcpdump -nei gif0
> > tcpdump: listening on gif0, link-type LOOP
> > 23:19:29.181685 10.255.255.2 > 224.0.0.5: OSPFv2-hello  44: rtrid
> > 192.168.1.1 area 0.0.0.1 [tos 0xc0] [ttl 1]
> > 23:19:39.192025 10.255.255.2 > 224.0.0.5: OSPFv2-hello  44: rtrid
> > 192.168.1.1 area 0.0.0.1 [tos 0xc0] [ttl 1]
> > 23:19:49.202372 10.255.255.2 > 224.0.0.5: OSPFv2-hello  44: rtrid
> > 192.168.1.1 area 0.0.0.1 [tos 0xc0] [ttl 1]
> > 23:19:59.212730 10.255.255.2 > 224.0.0.5: OSPFv2-hello  44: rtrid
> > 192.168.1.1 area 0.0.0.1 [tos 0xc0] [ttl 1]
> > 23:20:09.223064 10.255.255.2 > 224.0.0.5: OSPFv2-hello  44: rtrid
> > 192.168.1.1 area 0.0.0.1 [tos 0xc0] [ttl 1]
> > 23:20:19.233393 10.255.255.2 > 224.0.0.5: OSPFv2-hello  44: rtrid
> > 192.168.1.1 area 0.0.0.1 [tos 0xc0] [ttl 1]
> > 
> > # R2
> > [hodor]~$ tcpdump -nei gif0
> > tcpdump: listening on gif0, link-type LOOP
> > 12:51:59.316704 10.255.255.1 > 224.0.0.5: OSPFv2-hello  44: rtrid 172.16.1.1
> > backbone [tos 0xc0] [ttl 1]
> > 12:52:09.327002 10.255.255.1 > 224.0.0.5: OSPFv2-hello  44: rtrid 172.16.1.1
> > backbone [tos 0xc0] [ttl 1]
> > 12:52:19.337314 10.255.255.1 > 224.0.0.5: OSPFv2-hello  44: rtrid 172.16.1.1
> > backbone [tos 0xc0] [ttl 1]
> > 
> > While on enc0 both hello's appears (not sure if `bad ip cksum` is the reason
> > for my issues):
> > 
> > # R1
> > [ns]~$ tcpdump -nvi enc0
> > tcpdump: listening on enc0, link-type ENC
> > 12:24:37.625873 (authentic,confidential): SPI 0x11af4dae: 93.123.39.67 >
> > 95.87.227.232: 10.255.255.1 > 224.0.0.5: OSPFv2-hello  44: rtrid 172.16.1.1
> > backbone E mask 255.255.255.255 int 10 pri 1 dead 40 nbrs [tos 0xc0] [ttl 1]
> > (id 25841, len 64) (ttl 60, id 37752, len 84)
> > 12:24:41.882173 (authentic,confidential): SPI 0x1a3fbc6d: 95.87.227.232 >
> > 93.123.39.67: 10.255.255.2 > 224.0.0.5: OSPFv2-hello  44: rtrid 192.168.1.1
> > backbone E mask 255.255.255.255 int 10 pri 1 dead 40 nbrs [tos 0xc0] [ttl 1]
> > (id 27818, len 64) (ttl 64, id 60563, len 84, bad ip cksum 32d7! -> c614)
> > 12:24:47.636188 (authentic,confidential): SPI 0x11af4dae: 93.123.39.67 >
> > 95.87.227.232: 10.255.255.1 > 224.0.0.5: OSPFv2-hello  44: rtrid 172.16.1.1
> > backbone E mask 255.255.255.255 int 10 pri 1 dead 40 nbrs [tos 0xc0] [ttl 1]
> > (id 36067, len 64) (ttl 60, id 65348, len 84)
> > 12:24:51.892467 (authentic,confidential): SPI 0x1a3fbc6d: 95.87.227.232 >
> > 93.123.39.67: 10.255.255.2 > 224.0.0.5: OSPFv2-hello  44: rtrid 192.168.1.1
> > backbone E mask 255.255.255.255 int 10 pri 1 dead 40 nbrs [tos 0xc0] [ttl 1]
> > (id 5127, len 64) (ttl 64, id 12476, len 84, bad ip cksum 201! -> 81ec)
> > 12:24:57.646535 (authentic,confidential): SPI 0x11af4dae: 93.123.39.67 >
> > 95.87.227.232: 10.255.255.1 > 224.0.0.5: OSPFv2-hello  44: rtrid 172.16.1.1
> > backbone E mask 255.255.255.255 int 10 pri 1 dead 40 nbrs [tos 0xc0] [ttl 1]
> > (id 39220, len 64) (ttl 60, id 1938, len 84)
> > 
> > # R2
> > [hodor]~$ tcpdump -nvi enc0 | grep OSPF
> > tcpdump: listening on enc0, link-type ENC
> > 12:28:57.894007 (authentic,confidential): SPI 0x11af4dae: 93.123.39.67 >
> > 95.87.227.232: 10.255.255.1 > 224.0.0.5: OSPFv2-hello  44: rtrid 172.16.1.1
> > backbone E mask 255.255.255.255 int 10 pri 1 dead 40 nbrs [tos 0xc0] [ttl 1]
> > (id 3667, len 64) (ttl 64, id 14037, len 84, bad ip cksum 2b6d! -> 7bd3)
> > 12:29:02.151763 (authentic,confidential): SPI 0x1a3fbc6d: 95.87.227.232 >
> > 93.123.39.67: 10.255.255.2 > 224.0.0.5: OSPFv2-hello  44: rtrid 192.168.1.1
> > backbone E mask 25
> > 5.255.255.255 int 10 pri 1 dead 40 nbrs [tos 0xc0] [ttl 1] (id 16974, len
> > 64) (ttl 60, id 21648, len 84)
> > 12:29:07.904315 (authentic,confidential): SPI 0x11af4dae: 93.123.39.67 >
> > 95.87.227.232: 10.255.255.1 > 224.0.0.5: OSPFv2-hello  44: rtrid 172.16.1.1
> > backbone E mask 255
> > .255.255.255 int 10 pri 1 dead 40 nbrs [tos 0xc0] [ttl 1] (id 45590, len 64)
> > (ttl 64, id 35262, len 84, bad ip cksum 2743! -> 28ea)
> > 12:29:12.162049 (authentic,confidential): SPI 0x1a3fbc6d: 95.87.227.232 >
> > 93.123.39.67: 10.255.255.2 > 224.0.0.5: OSPFv2-hello  44: rtrid 192.168.1.1
> > backbone E mask 25
> > 5.255.255.255 int 10 pri 1 dead 40 nbrs [tos 0xc0] [ttl 1] (id 19966, len
> > 64) (ttl 60, id 3134, len 84)
> > 12:29:17.914621 (authentic,confidential): SPI 0x11af4dae: 93.123.39.67 >
> > 95.87.227.232: 10.255.255.1 > 224.0.0.5: OSPFv2-hello  44: rtrid 172.16.1.1
> > backbone E mask 255
> > .255.255.255 int 10 pri 1 dead 40 nbrs [tos 0xc0] [ttl 1] (id 36161, len 64)
> > (ttl 64, id 53105, len 84, bad ip cksum fcb8! -> e336)
> > 12:29:22.172468 (authentic,confidential): SPI 0x1a3fbc6d: 95.87.227.232 >
> > 93.123.39.67: 10.255.255.2 > 224.0.0.5: OSPFv2-hello  44: rtrid 192.168.1.1
> > backbon

Re: openbsd 63-eta and dhcpclient problem

[Stuart Henderson]

On 2018-03-09, Holger Glaess  wrote:
> hi
>
>
> the problem is not gone.
>
>
> i left the computer for a couple of hours ,then i try to work with hin 
> but he lost the
>
> connection .
>
>
> i saw tine re interface with an ip and the outgoing dhcp request by 
> tcpdump .
>
> but he is not able to cumunicatate through ethernet.
>
> i reboot the system , nothing work but he set the ip from the lease db 
> of the dhclient
>
> i delete thies and reboot again , nothing.
>
>
> next i reboot the linux , ethernet work
>
> then i reboot back to openbsd ethernet work !
>
> i can do an connect , for example , ssh to an other system
>
>
> there is something wrong .

I would suggest:

- Save pcidump -vvxx to a file when it's broken

- Check tcpdump on the OpenBSD system with the problem and see if it
is RECEIVING anything from the network

- If you can run tcpdump on the DHCP server, do that as well (while you
run dhclient), see if it can hear anything the OpenBSD system is SENDING
on the network

- Boot to Linux and back again to hopefully fix it

- Save pcidump -vvxx to a different file when it's working

- Run "sendbug -P > somefile" as root on the machine where you're having
problems to get a report template which will include pcidump, b64-encoded
acpi files and dmesg. Edit and fill in a description of the problem, as
clear as you can. Include a diff of the two pcidump output files. Read
through again and check that it makes sense on its own then send to bugs@.

Re: OpenBSD and IPMI

[Rupert Gallagher]

I extend the question to Intel ME (similar to IPMI), cloud hosting (direct 
access to hardware by sysadmins) and virtual machines. I think the answer is 
default encryption of both disk and ram.

On Fri, Mar 9, 2018 at 14:11, Denis  wrote:

> By reading this article 
> blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/ my hair 
> raised.  How to OpenBSD security withstands against IPMI holed solution from 
> top hardware vendors? Best ways to prevent potential risks for OpenBSD over 
> IPMI? Thanks

Correct way to report broken link at openiked.org ?

[Christoph R. Murauer]

Hello !

I just saw at the startpage of openiked.org, that the link to Posters
is broken (links to http://www.openbsd.org/older.html#posters which is
a 404 Not Found). The startpages of OpenBGPD, OpenNTPD and OpenSMTPD
use only one link and the destination is https://www.openbsdstore.com

Thanks for answers.