edgerouter 6 / rdomain at boot

[Holger Glaess]

hi


normaly work this on intel ,

farin# cat /etc/hostname.lo2

rdomain 2
inet 127.0.0.1/8
!/sbin/route -n -T 2 exec /usr/sbin/ftp-proxy -D 7
!/sbin/route -n -T 2 add default 127.0.0.1


farin# cat /etc/hostname.cnmac3

rdomain 2
inet 192.168.132.252/24
up


but if i boot the Edgerouter , i got 3 times the message

ifconfig: SIOCSIFRDOMAIN: File exists


and cnmac3 ist not in rdomain 2


if do an manual

sh /etc/netstart cnmac3

everything is fine.


i use 6.3 current see dmesg bellow


any clue for me ?

holger



Copyright (c) 1982, 1986, 1989, 1991, 1993
    The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2018 OpenBSD. All rights reserved. 
https://www.OpenBSD.org


OpenBSD 6.3-current (GENERIC.MP) #0: Sun Jun 24 03:55:02 UTC 2018
    visa@octeon:/usr/src/sys/arch/octeon/compile/GENERIC.MP
real mem = 1073741824 (1024MB)
avail mem = 1038057472 (989MB)
mainbus0 at root: board 20300 rev 1.20
cpu0 at mainbus0: CN70xx/CN71xx CPU rev 0.2 1000 MHz, CN70xx/CN71xx FPU 
rev 0.0

cpu0: cache L1-I 78KB 39 way D 32KB 32 way, L2 1024KB 8 way
cpu1 at mainbus0: CN70xx/CN71xx CPU rev 0.2 1000 MHz, CN70xx/CN71xx FPU 
rev 0.0

cpu1: cache L1-I 78KB 39 way D 32KB 32 way, L2 1024KB 8 way
cpu2 at mainbus0: CN70xx/CN71xx CPU rev 0.2 1000 MHz, CN70xx/CN71xx FPU 
rev 0.0

cpu2: cache L1-I 78KB 39 way D 32KB 32 way, L2 1024KB 8 way
cpu3 at mainbus0: CN70xx/CN71xx CPU rev 0.2 1000 MHz, CN70xx/CN71xx FPU 
rev 0.0

cpu3: cache L1-I 78KB 39 way D 32KB 32 way, L2 1024KB 8 way
clock0 at mainbus0: int 5
octcrypto0 at mainbus0
iobus0 at mainbus0
simplebus0 at iobus0: "soc"
octciu0 at simplebus0
octcib0 at simplebus0: max-bits 23
octcib1 at simplebus0: max-bits 12
octcib2 at simplebus0: max-bits 6
octcib3 at simplebus0: max-bits 15
octcib4 at simplebus0: max-bits 4
octcib5 at simplebus0: max-bits 11
octcib6 at simplebus0: max-bits 11
cn30xxsmi0 at simplebus0
octxctl0 at simplebus0: DWC3 rev 0x250a
xhci0 at octxctl0, xHCI 1.0
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 configuration 1 interface 0 "Generic xHCI root hub" rev 
3.00/1.00 addr 1

octxctl1 at simplebus0: DWC3 rev 0x250a
xhci1 at octxctl1, xHCI 1.0
usb1 at xhci1: USB revision 3.0
uhub1 at usb1 configuration 1 interface 0 "Generic xHCI root hub" rev 
3.00/1.00 addr 1

com0 at simplebus0: ns16550a, 64 byte fifo
com0: console
com1 at simplebus0: ns16550a, 64 byte fifo
com1: probed fifo depth: 0 bytes
octmmc0 at simplebus0
sdmmc0 at octmmc0: 8-bit, mmc high-speed
sdmmc1 at octmmc0: 8-bit, mmc high-speed
octrng0 at iobus0 base 0x14000 irq 0
cn30xxgmx0 at iobus0 base 0x118000800
cnmac0 at cn30xxgmx0: SGMII, address fc:ec:da:40:fa:42
ukphy0 at cnmac0 phy 4: Generic IEEE 802.3u media interface, rev. 2: OUI 
0x0001c1, model 0x000c

cnmac1 at cn30xxgmx0: SGMII, address fc:ec:da:40:fa:43
ukphy1 at cnmac1 phy 5: Generic IEEE 802.3u media interface, rev. 2: OUI 
0x0001c1, model 0x000c

cnmac2 at cn30xxgmx0: SGMII, address fc:ec:da:40:fa:44
ukphy2 at cnmac2 phy 6: Generic IEEE 802.3u media interface, rev. 2: OUI 
0x0001c1, model 0x000c

cnmac3 at cn30xxgmx0: SGMII, address fc:ec:da:40:fa:45
ukphy3 at cnmac3 phy 7: Generic IEEE 802.3u media interface, rev. 2: OUI 
0x0001c1, model 0x000c

cn30xxgmx1 at iobus0 base 0x118001000
cnmac4 at cn30xxgmx1: SGMII, address fc:ec:da:40:fa:46
ukphy4 at cnmac4 phy 8: Generic IEEE 802.3u media interface, rev. 0: OUI 
0x0001c1, model 0x0027

cnmac5 at cn30xxgmx1: SGMII, address fc:ec:da:40:fa:47
ukphy5 at cnmac5 phy 9: Generic IEEE 802.3u media interface, rev. 0: OUI 
0x0001c1, model 0x0027

/dev/ksyms: Symbol table not valid.
umass0 at uhub0 port 2 configuration 1 interface 0 "Generic USB3.0 Card 
Reader" rev 3.00/15.32 addr 2

umass0: using SCSI over Bulk-Only
scsibus0 at umass0: 2 targets, initiator 0
sd0 at scsibus0 targ 1 lun 0:  SCSI4 
0/direct removable serial.05e307491532

sd0: 61056MB, 512 bytes/sector, 125042688 sectors
sdmmc1: can't enable card
scsibus1 at sdmmc0: 2 targets, initiator 0
sd1 at scsibus1 targ 1 lun 0:  SCSI2 0/direct 
removable

sd1: 3776MB, 512 bytes/sector, 7733248 sectors
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
boot device: sd0
root on sd0a (1e8c6ddb499f7a0a.a) swap on sd0b dump on sd0b
WARNING: No TOD clock, believing file system.
WARNING: CHECK AND RESET THE DATE!

Automatic boot in progress: starting file system checks.
/dev/sd0a (1e8c6ddb499f7a0a.a): file system is clean; not checking
/dev/sd0l (1e8c6ddb499f7a0a.l): file system is clean; not checking
/dev/sd0d (1e8c6ddb499f7a0a.d): file system is clean; not checking
/dev/sd0f (1e8c6ddb499f7a0a.f): file system is clean; not checking
/dev/sd0g (1e8c6ddb499f7a0a.g): file system is clean; not checking
/dev/sd0h (1e8c6ddb499f7a0a.h): file system is clean; not checking
/dev/sd0k (1e8c6ddb499f7a0a.k): file system is clean; not checking
/dev/sd0j (1e8c6ddb499f7a0a.j): file system is clean; not checking
/dev/sd0e (1e8c6ddb499f7a0a.e): file system is clean; n

Rewards of Up to $500,000 Offered for OpenBSD Zero-Days (and other dist.)

[Szekeres Dani]

Just read: 

https://www.bleepingcomputer.com/news/security/rewards-of-up-to-500-000-offered-for-freebsd-openbsd-netbsd-linux-zero-days/




Rewards of Up to $500,000 Offered for FreeBSD, OpenBSD, NetBSD, Linux Zero-Days

Exploit broker Zerodium is offering rewards of up to $500,000 for zero-days in 
UNIX-based operating systems like OpenBSD, FreeBSD, NetBSD, but also for Linux 
distros such as Ubuntu, CentOS, Debian, and Tails.

The offer, first advertised via Twitter earlier this week, is available as part 
of the company's latest zero-day acquisition drive. Zerodium is known for 
buying zero-days and selling them to government agencies and law enforcement.



https://twitter.com/Zerodium/status/1012007051466162177

Re: hostname.cdce0 not modifying MAC

[Paul de Weerd]

OpenBSD doesn't auto-connect on insert like that.  You must configure
this yourself.  Look at hotplugd(8) manpage.

This is a good thing, btw.  Look up poisontap for details.

Paul 'WEiRD' de Weerd

On Sat, Jun 30, 2018 at 05:23:17PM +0200, Kollar Arpad wrote:
| Hello, 
| 
| I have the latest snapshot and 
| 
| cat /etc/hostname.cdce0
| up lladdr xx:xx:xx:xx:xx:xx
| 
| 
| xx -> MAC, but censored. 
| 
| How come I have to do a "sh /etc/netstart cdce0" to make OpenBSD modify the 
MAC address in the ifconfig output when I plug out/in the USB Gbit ethernet 
device? 
| 
| Because of this (when plug out/in) the MAC address isn't updated for the 
cdce0 device, and thus the pppoe0 doesn't connects, because my ISP has MAC 
filtering and only allowed the one in the hostname.cdce0 file. 
| 
| If the USB Gbit ethernet device is plugged out/in, shouldn't it have the MAC 
configured in its hostname.cdce0 file, without me have to manually run the 
netstart? Or what am I missing? 
| 
| Thanks!
| 

-- 
>[<++>-]<+++.>+++[<-->-]<.>+++[<+
+++>-]<.>++[<>-]<+.--.[-]
 http://www.weirdnet.nl/ 

Re: httpd rewrite and REQUEST_URI value

[Scott Vanderbilt]

On 6/24/2018 10:25 PM, Ve Telko wrote:


If you or your framework uses REQUEST_URI you don't need
request rewrite feature. Using REQUEST_URI and request
rewrite feature are two oposite solutions for the same problem.
To mimic nginx's try_files do something like this:

location match "/hello/.*" {
 
 root "/index.php"
 
}

It is not obvious from man page but file can act as document
root :) Then in that file, index.php in this case, you can route
requests by parsing $_SERVER['REQUEST_URI'] what your
framework probably does.


Thank you for your reply. I finally got an opportunity to test your 
suggested workaround, but it does not appear to work.


Request as logged in error log:

	server nomina2.onomasticon.org, client 1 (1 active), 
162.229.162.103:53790 -> 162.229.162.102:443, /hello/fred (404 Not Found)



Request as logged in access log:

	nomina2.onomasticon.org 162.229.162.103 - scott [30/Jun/2018:10:20:47 
-0700] "GET /hello/fred HTTP/1.1" 404 0


The index.php file is in the location specified:

$ ls -al /var/www/htdocs/lpn/src/public/
total 24
drwxr-xr-x  4 root  daemon   512 Jun 21 13:13 .
drwxr-xr-x  5 root  daemon   512 Jun 20 17:43 ..
-rw-r--r--  1 root  daemon  1081 Jun 23 07:00 index.php



From httpd.conf:

server "nomina2.onomasticon.org" {
listen  on $ext_addr tls port 443
directory index index.php
root"/htdocs/lpn/src/public"

log access onom_access.log
log error onom_error.log

authenticate finklejinkleheimer with "/conf/ok_users"

tls certificate 
"/etc/ssl/acme/nomina2.onomasticon.org/fullchain.pem"
tls key 
"/etc/ssl/acme/private/nomina2.onomasticon.org/privkey.pem"


location "*.php" {
fastcgi socket "/run/php-fpm.sock"
}

location "/.well-known/acme-challenge/*" {
no authenticate
root "/htdocs/lpn/src/acme"
request strip 2
}

# Block user access to these files
location "/composer\.(json|lock)" {
block   return 404
}

location match "/hello/.*" {
root"/htdocs/lpn/src/public/index.php"
}

location match "/old/(.*)" {
request rewrite "/new/%1"
}
}

server "nomina2.onomasticon.org" {
listen on $ext_addr port 80
block return 301 "https://$HTTP_HOST$REQUEST_URI";
}

hostname.cdce0 not modifying MAC

[Kollar Arpad]

Hello, 

I have the latest snapshot and 

cat /etc/hostname.cdce0
up lladdr xx:xx:xx:xx:xx:xx


xx -> MAC, but censored. 

How come I have to do a "sh /etc/netstart cdce0" to make OpenBSD modify the MAC 
address in the ifconfig output when I plug out/in the USB Gbit ethernet device? 

Because of this (when plug out/in) the MAC address isn't updated for the cdce0 
device, and thus the pppoe0 doesn't connects, because my ISP has MAC filtering 
and only allowed the one in the hostname.cdce0 file. 

If the USB Gbit ethernet device is plugged out/in, shouldn't it have the MAC 
configured in its hostname.cdce0 file, without me have to manually run the 
netstart? Or what am I missing? 

Thanks!

Re: Have a 1 Gbit connection but I not all devices are getting 1 Gbit speed from my ISP

[Kollar Arpad]

UPDATE: I dd'ed an install63.fs to a flashdrive: sd2c, but only could
boot the T400 with it (other Lenovo T61 and T560 just couldn't boot from
it, strange). But the T400 booted the install63.fs, but.. it didn't
recognized the cdce USB Gbit ethernet when I exited the Installer to
Shell and plugged it in. any advice why didn't the .fs image didn't
booted on the T560 and a T61? And how can I liveCD test with OpenBSD?
Sent: Wednesday, June 20, 2018 at 3:14 PM
From: "IL Ka" 
To: flipchan 
Cc: "OpenBSD General Misc" , "Kollar Arpad"

Subject: Re: Have a 1 Gbit connection but I not all devices are getting 1
Gbit speed from my ISP


  >  Lenovo G500 with USB 3.0 Ethernet and OpenBSD 6.2 - 100mbit
  >  Lenovo T400 with motherboard Ethernet Ubuntu 14.04 - 100mbit
  >  Lenovo T560 with motherboard Ethernet Windows 10 - 1 Gbit
  >

Boot all 3 laptops with OpenBSD flashdrive to see if it is OS/driver
issue of hardware issue.Try to set speen explicitly and see if it works

Re: Have a 1 Gbit connection but I not all devices are getting 1 Gbit speed from my ISP

[Kollar Arpad]

no, just cat5e afaik Sent: Wednesday, June 20, 2018 at 12:28 PM
From: flipchan 
To: misc@openbsd.org, "Kollar Arpad" 
Subject: Re: Have a 1 Gbit connection but I not all devices are getting 1
Gbit speed from my ISPDo u run cat 6 cables ?
On June 20, 2018 9:25:56 AM UTC, Kollar Arpad 
wrote:

  Hello: 
  
  Original question:   
https://superuser.com/questions/1332664/have-a-1-gbit-connection-but-i-not-all-devices-are-getting-1-gbit-speed-from-my
  
  
  
  I have 3 laptops and a 1 Gbit network connection to my ISP. But when I 
connect my ISPs cable to the laptops ethtool link/speedtest precisely says:
  
  Lenovo G500 with USB 3.0 Ethernet and OpenBSD 6.2 - 100mbit
  Lenovo T400 with motherboard Ethernet Ubuntu 14.04 - 100mbit
  Lenovo T560 with motherboard Ethernet Windows 10 - 1 Gbit
  
  All the HWs support 1 Gbit connection.
  
  The big question: Why cannot the Lenovo G500 and Lenovo T400 auto-negotiate 
to 1 Gbit? It is a 1 Gbit connection to my ISP, but I can only auto-negotiate 
with 1 Gbit with the Windows 10/T560 laptop.
  
  Maybe I need cross-cable? The ISP I think has a switch at the other end.
  
  This is the cable that I have from my ISP:   
https://i.stack.imgur.com/1rH37.jpg  
  
  
  the USB 3.0 Gbit ethernet to USB is cdce.
  
  Anybody seen similar? What could cause the 100mbit connection instead of the 
Gbit? 
  
  Thanks for any hint..



--
Take Care Sincerely flipchan layerprox dev

Re: Backup of OpenBSD under VMware

[Tom Smyth]

> Hi Paolo
>  if you dont have vmtools installed on the guest you cant  do filesystem
> quiescing
>
> Create a separate veembackup job for your openbsd vms and disable
> filesystem quiescing on that backup job
>
> If you run  workloads such as dbs run a db backup (dump using your db
> tools) so
> That it completes before the veem backup commences
>
> You can test the backup and restore with this method
>
>
> Ps in openBSD
> you may want do adjust ffs settings
> And add noatime (reduce writes) and softep mount options also to reduce
> risk of a bad backup) capturing the filesystem while writing a file
>
> Think of a restored vm and disk using this backup method
>  as a vm and disk that was not properly shutdown last time round...
>
>
> Hope this helps
>
> Tom smyth
>
>
>
>
> On Sat 30 Jun 2018, 13:30 Paolo Aglialoro,  wrote:
>
>> Hello,
>>
>> the scenario is a cluster of ESXi nodes on which OpenBSD should run as a
>> VM.
>>
>> Currently the cluster is being backed up by Veeam, I tried to insert th
>> obsd VM inside the backup job but no success, with following "Error: An
>> error occurred while saving the snapshot: Failed to  the virtual
>> machine.". This looks strange to me because the open-vm-tools implemented
>> inside the kernel are usually functional to ESXi hosts.
>>
>> Questions:
>> 1. has anybody found a way to use Veeam to backup OpenBSD VMs?
>> 2. are there any other suggested softwares to perform a similar task?
>>
>> Thanks
>>
>

Re: Backup of OpenBSD under VMware

[Bryan Harris]

Last resort shut down VM then backup.

I like the tool called tarsnap. It backs up to a remote service and you keep a 
private key. Everything is encrypted before it “exits” your VM for the remote 
side. Also very cheap. 

I only backup a few files and spent barely a penny.

> Your current account balance is
> $4.990771969348983750.

V/r,
Bryan

Sent from my iPhone

> On Jun 30, 2018, at 8:23 AM, Paolo Aglialoro  wrote:
> 
> Hello,
> 
> the scenario is a cluster of ESXi nodes on which OpenBSD should run as a VM.
> 
> Currently the cluster is being backed up by Veeam, I tried to insert th
> obsd VM inside the backup job but no success, with following "Error: An
> error occurred while saving the snapshot: Failed to quiesce the virtual
> machine.". This looks strange to me because the open-vm-tools implemented
> inside the kernel are usually functional to ESXi hosts.
> 
> Questions:
> 1. has anybody found a way to use Veeam to backup OpenBSD VMs?
> 2. are there any other suggested softwares to perform a similar task?
> 
> Thanks

Backup of OpenBSD under VMware

[Paolo Aglialoro]

Hello,

the scenario is a cluster of ESXi nodes on which OpenBSD should run as a VM.

Currently the cluster is being backed up by Veeam, I tried to insert th
obsd VM inside the backup job but no success, with following "Error: An
error occurred while saving the snapshot: Failed to quiesce the virtual
machine.". This looks strange to me because the open-vm-tools implemented
inside the kernel are usually functional to ESXi hosts.

Questions:
1. has anybody found a way to use Veeam to backup OpenBSD VMs?
2. are there any other suggested softwares to perform a similar task?

Thanks

A little video of me, and summary of research, computing part: What should be the way forward for OS's

[Ywe Cærlyn]

A complete and coherent philosophy is needed, that is compatible with 
the level of intelligence needed in the computing space, that will 
ofcourse affect society in general.


Chaos theory, dictates that the wings of a butterfly may cause a storm 
elsewhere.


Zén buddhism will add, did the ego of the butterfly indeed cause so much 
distress?


We choose a transcendental angle on life, for high accuracy of 
philosophical impact, without associations to vain gods, for ego.


Our website is: http://www.nyt.cloud

Peace (Go With Théé)
Ywe Cærlyn
Léad
0‐ṅīt Ž - 'A Transcendental Angle On Life'

Video Of Me: https://youtu.be/M-wT5xy5qoA

Re: State of Yubikey/U2F support on OpenBSD

[Eric Augé]

Hello Rickard,

A) CCID worked out of the box with a yubikey 4, with pcscd and gpg
works fine with it for me, IIRC you can even make it work with GPG
without pcscd, but I'd need to verify again.
B) same, chromium crashes, I started investigating but lack the
knowledge in chromium and I am a bit lost, there are several tickets
open on chromium side as you mentioned.
C) I have not tried.

HTH,
Eric.

On Fri, Jun 29, 2018 at 11:41 AM, Rickard von Essen
 wrote:
>
> I've been experimenting with switching over one of my laptops to OpenBSD, but
> there is one main problem stopping me from switching. The support for Yubikeys
> and U2F.
>
> I'm try to gather a list of things that currently doesn't work. And maybe find
> some collaborators to investigate and maybe fix the issues. So if you are
> interested to work on any of these or have further information please post on
> this thread.
>
> A) Yubikey-manager (ykman) is the new Yubikey CLI. I got it to install but 
> only
> one out of three transport (protocols) works. OTP works. CCID fails connecting
> to the Yubikey via pcscd, further investigation needed (this is hopefully not 
> to
> hard to fix). FIDO doesn't work since the pyu2f library doesn't support 
> OpenBSD,
> this is probably not to hard to fix. I'm tracking these in [1].
>
> B) Chromium (v 65.0.3325.181) crashes when U2F auth is requested and a key is
> inserted, see [2]. I haven't yet debugged this, but fixing this probably
> requires a fair amount of knowledge about Chromiums internals.
>
> C) Firefox (v 59.0.2) doesn't officially support U2F but have a config option 
> to
> enable this [3][4]. Unfortunately this doesn't work on OpenBSD (but macOS for
> example).  (Firefox 60 is supposed to support the new FIDO2 standard this 
> might
> improve on U2F support too.)
>
> [1] https://github.com/Yubico/yubikey-manager/issues/124
> [2] https://bugs.chromium.org/p/chromium/issues/detail?id=451248
> [3] https://discourse.mozilla.org/t/u2f-standard-to-firefox/23301/2
> [4] 
> https://www.yubico.com/2017/11/how-to-navigate-fido-u2f-in-firefox-quantum/
>

Looking for logitech webcams testers/device info

[Landry Breuil]

Hi,

sending this to a wider audience on misc@, to fix the microphone (cf
https://marc.info/?t=15298427072&r=1&w=2) on a
variety of logitech webcams (mostly the Cxxx{,HD}?) i'd need the lsusb
-v output for the corresponding devices.

If you have a logitech webcam where the mic doesnt work (looking for
'uaudio0: audio descriptors make no sense, error=4' in dmesg) this is
your chance to help fix it.
Of course if you have a logitech webcam where the mic works out of the
box, this information is also valuable !

Install usbutils package, run lsusb to find the device ids
corresponding to the logitech device (starts with 046d:, per
https://usb-ids.gowdy.us/read/UD/046d) and send me privately the output
of:

lsusb -v -d 046d:

where  matches your webcam.

if you receive directly this e-mail in bcc, it's because i've found
occurences of 'audio descriptors make no sense' corresponding to a
logitech webcam in our dmesg archive sent by you, this information is
definitely valuable so please keep sending dmesg per
https://www.openbsd.org/faq/faq4.html#SendDmesg :)

Landry