detaching xnf(4) not recognized

[Sebastian Reitenbach]

Hi,

I'm toying with OpenBSD 6.3 image on AWS, trying to add/remove Elastic Network 
Interfaces (ENI).
OpenBSD 6.3 (GENERIC.MP) #107: Sat Mar 24 14:21:59 MDT 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

So when I attach an ENI to a running instance, then the system recognizes it:
xnf1 at xen0 backend 0 channel 7: address 02:2f:d6:3e:88:50

and I can use the interface, i.e. dhcp just works.

When I later detach the ENI, there is nothing in dmesg, that it recognized it, 
no detach line, or the like.
However, even with the detached interface, I get ifconfig output:
xnf1: flags=8843 mtu 1500
lladdr 02:2f:d6:3e:88:50
index 5 priority 0 llprio 3
media: Ethernet manual
status: active
inet 10.2.2.105 netmask 0xff00 broadcast 10.2.2.255

For the OS, the Interface is still available and active, but i.e. dhclient 
obviously
doesn't get a lease.

Later on, when I reattach the ENI to the instance, similarily to the detach, no 
new line
in dmesg, but I can use the Interface again. It's as if it hasn't been away at 
all.

Is this all intended, just wondering if I miss something?

cheers,
Sebastian

Re: Issue with OpenSMTPD, procmail and comsat

[d . rauschenb]

Hi Gilles,

On Sun, Sep 02, 2018 at 01:25:46PM +0200, Gilles Chehade wrote:
> Can you provide me with the corrupt line procmail includes so I can
> check if it is invalid indeed ?

The corrput line:

>From d...@ws.lan  Mon Sep  3 12:12:34 2018

The differenc I encountered is with .forward to procmail there are
TWO spaces between the email address and the date, without .forward to
procmail there is only ONE space.

If I edit such a two spaced mail with vi(1) and concat it to
/var/mail/$USER comsat(8) is silenced. No error message but ksh
reports "you have mail in /var/mail/dra" as it should.

-dra

cc: dereference NULL pointer inside switch brackets and no exception

[Denis Buga]

int main()
{
char * ptr = NULL;
switch( *ptr )
{
default:
fprintf(stderr,

"where is exception ? default label exist for"
"exclusive value, not for non-existent ! "

"it can be security issue, when dereferencing NULL "
"in switch formally pass and we go to default label\n");
} }

No ?

6.3 GENERIC.MP#8 amd64

Re: Issue with OpenSMTPD, procmail and comsat

[Gilles Chehade]

On Mon, Sep 03, 2018 at 12:25:55PM +0200, d.rausch...@gmail.com wrote:
> Hi Gilles,
> 
> On Sun, Sep 02, 2018 at 01:25:46PM +0200, Gilles Chehade wrote:
> > Can you provide me with the corrupt line procmail includes so I can
> > check if it is invalid indeed ?
> 
> The corrput line:
> 
> From d...@ws.lan  Mon Sep  3 12:12:34 2018
> 
> The differenc I encountered is with .forward to procmail there are
> TWO spaces between the email address and the date, without .forward to
> procmail there is only ONE space.
> 
> If I edit such a two spaced mail with vi(1) and concat it to
> /var/mail/$USER comsat(8) is silenced. No error message but ksh
> reports "you have mail in /var/mail/dra" as it should.
> 

interesting, it's not clear to me how this can happen but at least this
means the fix will not be a special case.

can you try:

procmail -f %{mbox.from} --

i'll try to reproduce the bug at home but I'm unable before tonight.



-- 
Gilles Chehade

https://www.poolp.org  @poolpOrg

Re: Issue with OpenSMTPD, procmail and comsat

[d . rauschenb]

Hi Gilles,

On Mon, Sep 03, 2018 at 02:27:26PM +0200, Gilles Chehade wrote:
> On Mon, Sep 03, 2018 at 12:25:55PM +0200, d.rausch...@gmail.com wrote:
> > On Sun, Sep 02, 2018 at 01:25:46PM +0200, Gilles Chehade wrote:
> > 
> > From d...@ws.lan  Mon Sep  3 12:12:34 2018
> > 
> can you try:
> 
> procmail -f %{mbox.from} --

Not working. The two spaces betweem the mail address and the date do
not only occur in /var/mail/$USER they also appear in the filtered
mails.  Of course comsat(8) is not looking at them and my mail
user-agent (mutt) is accepting the two spaces.

-dra

connecting to adsl

[Frank White]

Hi,
I am trying to connect to adsl, but I have the following problems:

Sep  3 12:06:34 myhost /bsd: pppoe0: received unexpected PADO
Sep  3 12:07:31 myhost /bsd: pppoe0: received unexpected PADO
Sep  3 12:08:28 myhost /bsd: pppoe0: host unique tag found, but it
belongs to a connection in state 3
Sep  3 12:08:28 myhost /bsd: pppoe: received PADO but could not find
request for it
Sep  3 12:09:25 myhost /bsd: pppoe0: host unique tag found, but it
belongs to a connection in state 3
Sep  3 12:09:25 myhost /bsd: pppoe: received PADO but could not find
request for it

those are my configuratin files:
# cat /mnt/hostname.em0
up
# cat /mnt/hostname.pppoe0
inet 0.0.0.0 255.255.255.255 NONE \
pppoedev em0 authproto pap \
authname 'myusername' authkey 'mypassword' up
dest 0.0.0.1
!/sbin/route add default -ifp pppoe0 0.0.0.1

and my ifconfig output:

lo0: flags=8049 mtu 32768
index 3 priority 0 llprio 3
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet 127.0.0.1 netmask 0xff00
em0: flags=8843 mtu 1500
lladdr 00:23:24:0b:0c:27
index 1 priority 0 llprio 3
media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
status: active
enc0: flags=0<>
index 2 priority 0 llprio 3
groups: enc
status: active
pppoe0: flags=8851 mtu 1492
index 4 priority 0 llprio 3
dev: em0 state: session
sid: 0xf6da PADI retries: 3 PADR retries: 0 time: 00:00:33
sppp: phase terminate authproto pap authname "myusername"
groups: pppoe egress
status: no carrier
inet 0.0.0.0 --> 0.0.0.1 netmask 0x

Thanks for help!

Re: make(1) and multiple outputs

[Marc Espie]

On Fri, Aug 31, 2018 at 09:23:33AM +0200, Kristaps Dzonsons wrote:
> Short: is there a way to manage multiple outputs from a single command
> with OpenBSD's make(1)?
> 
> Longer story.  I have a site that generates a few hundred articles using
> sblg(1).  Each output article is indexNNN.html, which depends upon every
> input indexNNN.xml.  So a change to any indexNNN.xml must result in
> rebuilding all indexNNN.html using a single command.
> 
> In GNU make, I can use the pattern substring match to effect this:
> 
> all: index001.html index002.html
> 
> index001%html index002%html: index001.xml index002.xml
>   sblg -L index001.xml index002.xml
> 

Our make is perfectly happy generating several targets with one rule.

The only thing we're actually missing wrt % is suffixes rules with multiple
results.

See any Makefile that generates .h and .c file from .y, for instance
lib/libkeynote/Makefile

a line like:

k.tab.c k.tab.h: keynote.y keynote.h signature.h
$(YACC.y) $(YACCFLAGS) ${.CURDIR}/keynote.y

looks exactly like what you want.

If you need to generate a fairly long list, .for loops and variables ought
to help you...

Re: how to install perl modules w/ dependencies that mix packages & CPAN

[Marc Espie]

On Fri, Aug 31, 2018 at 05:52:57PM -0700, Jonathan Thornburg wrote:
> What's the "OpenBSD way" to install Perl modules which don't exist
> as packages?
> 
> The usual Perl idiom for "install module foo & all of its (recursive)
> dependencies" is "cpan install foo", but this fetches all dependencies
> from CPAN, ignoring any OpenBSD packages which may exist.  What I'd like
> is something like "cpan install foo", but with the semantics that for
> each dependency, if there's OpenBSD package in /etc/installurl which
> is the same module version as the latest CPAN version, then install
> the OpenBSD package instead.  Is there a utility already around which
> does this?

Nope, we don't have this kind of thing so far.

One small problem being that the cpan semantics for dependencies are less
stringent than OpenBSD's, so you can't really distinguish between BUILD
and RUN depends.

The only automated tool dealing with cpan we have is the GSoC work from
Giannis Tsaraias, portgen

Re: how to install perl modules w/ dependencies that mix packages & CPAN

[Solene Rapenne]

Jonathan Thornburg  wrote:
> What's the "OpenBSD way" to install Perl modules which don't exist
> as packages?
> 
> The usual Perl idiom for "install module foo & all of its (recursive)
> dependencies" is "cpan install foo", but this fetches all dependencies
> from CPAN, ignoring any OpenBSD packages which may exist.  What I'd like
> is something like "cpan install foo", but with the semantics that for
> each dependency, if there's OpenBSD package in /etc/installurl which
> is the same module version as the latest CPAN version, then install
> the OpenBSD package instead.  Is there a utility already around which
> does this?

You can use perlbrew if you need some perl CPAN modules and don't mix
them with the base system. It will recompile a perl version with your
regular user, and so you will be able to use cpan as your regular user,
the local perl won't mix with the system wide one.

Re: Issue with OpenSMTPD, procmail and comsat

[d . rauschenb]

Hi Gilles,

the following diff turns off the noise in /var/log/{messages,daemon}
but this is a hack and not a solution.

-dra

Index: comsat.c
===
RCS file: /cvs/src/libexec/comsat/comsat.c,v
retrieving revision 1.48
diff -u -p -r1.48 comsat.c
--- comsat.c3 Apr 2017 17:23:39 -   1.48
+++ comsat.c3 Sep 2018 15:23:23 -
@@ -221,7 +221,6 @@ mailfor(char *name)
cp[strcspn(cp, " \t\n")] = '\0';
offset = strtonum(cp, 0, LLONG_MAX, &errstr);
if (errstr) {
-   syslog(LOG_ERR, "'%s' is %s", cp + 1, errstr);
return;
}
while (--utp >= utmp) {

Re: cc: dereference NULL pointer inside switch brackets and no exception

[Daniel Dickman]

On Mon, Sep 3, 2018 at 7:53 AM, Denis Buga  wrote:
> int main()
> {
> char * ptr = NULL;
> switch( *ptr )
> {
> default:
> fprintf(stderr,
>
> "where is exception ? default label exist for"
> "exclusive value, not for non-existent ! "
>
> "it can be security issue, when dereferencing NULL "
> "in switch formally pass and we go to default label\n");
> } }
>
> No ?
>
> 6.3 GENERIC.MP#8 amd64


Your code has no case statement, so it's equivalent to just removing
the switch block and only keeping the code in the default case.

Add any case statement you like and you should get the segfault you're
looking for...

ipsec-related panic?

[Joao Pedras]

Greetings all.

I have been playing around with GRE tunnel over IPSec. A couple of times
I have seen either of the endpoints panic about 5GB into a large
transfer using ssh between 2 nodes which live within the networks
connected by this tunnel. These transfers aside, there isn't much going
on in this tunnel but with a lot of activity this event is recurring.

Both endpoints are running OpenBSD 6.3 with all current patches applied
by syspatch and the hardware used is PCEngines APU2
(http://pcengines.ch/apu2c4.htm). I also tried with plain 6.3 (ie. no
patches) which was the original state of these endpoints.

Here is the info which I have been able to gather. I can't show you
'ipsecctl -sa' at the moment since the node which just panic'ed needs
somebody on the other end to power cycle it.

I can pursue getting more info if needed.

Any thoughts?

Thanks a lot!

Joao

#  ifconfig


lo0: flags=8049 mtu 32768
index 5 priority 0 llprio 3
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
inet 127.0.0.1 netmask 0xff00
em0: flags=8843 mtu 1500
lladdr 00:0d:b9:48:b8:f4
index 1 priority 0 llprio 3
groups: egress
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 77.xx.yy.214 netmask 0xffc0 broadcast 77.
em1: flags=8843 mtu 1500
lladdr 00:0d:b9:48:b8:f5
index 2 priority 0 llprio 3
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 10.22.0.32 netmask 0xfffe
em2: flags=8802 mtu 1500
lladdr 00:0d:b9:48:b8:f6
index 3 priority 0 llprio 3
media: Ethernet autoselect (none)
status: no carrier
enc0: flags=41
index 4 priority 0 llprio 3
groups: enc
status: active
gre0: flags=9051 mtu 1476
index 6 priority 0 llprio 3
encap: vnetid none
groups: gre
tunnel: inet 77.xx.yy.214 -> 77.xx.yy.216 ttl 64 nodf
inet 172.17.0.1 --> 172.17.0.2 netmask 0x
lo1: flags=8049 mtu 32768
index 7 priority 0 llprio 3
groups: lo
inet 172.22.0.9 netmask 0x
pflog0: flags=141 mtu 33136
index 8 priority 0 llprio 3
groups: pflog

# dmesg
OpenBSD 6.3 (GENERIC.MP) #10: Wed Aug 22 16:42:31 CEST 2018

r...@syspatch-63-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4261076992 (4063MB)
avail mem = 4124860416 (3933MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdffb7020 (7 entries)
bios0: vendor coreboot version "4.0.7" date 02/28/2017
bios0: PC Engines APU2
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S2 S3 S4 S5
acpi0: tables DSDT FACP SSDT APIC HEST SSDT SSDT HPET
acpi0: wakeup devices PWRB(S4) PBR4(S4) PBR5(S4) PBR6(S4) PBR7(S4)
PBR8(S4) UOH1(S3) UOH3(S3) UOH5(S3) XHC0(S4)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD GX-412TC SOC, 998.28 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,ITSC,BMI1,XSAVEOPT
cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB
64b/line 16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
acpitimer0: recalibrated TSC frequency 998131167 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD GX-412TC SOC, 998.13 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,ITSC,BMI1,XSAVEOPT
cpu1: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB
64b/line 16-way L2 cache
cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu1: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: AMD GX-412TC SOC, 998.13 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,ITSC,BMI1,XSAVEOPT
cpu2: 32KB 64

Re: cc: dereference NULL pointer inside switch brackets and no exception

[Andreas Kusalananda Kähäri]

On Mon, Sep 03, 2018 at 01:53:41PM +0200, Denis Buga wrote:
> int main()
> {
> char * ptr = NULL;
> switch( *ptr )
> {
> default:
> fprintf(stderr,
>
> "where is exception ? default label exist for"
> "exclusive value, not for non-existent ! "
>
> "it can be security issue, when dereferencing NULL "
> "in switch formally pass and we go to default label\n");
> } }
>
> No ?
>
> 6.3 GENERIC.MP#8 amd64

As far as I know, since there is no explicit cases in the switch
statement, the value is not used at all, and the compiler never
generates code to dereference the pointer.

Had your code looked like

#include 
#include 

int main() {
char *ptr = NULL;

switch (*ptr) {
case 'a':
default:
fprintf(stderr,
"where is exception ? default label exist for"
"exclusive value, not for non-existent ! "
"it can be security issue, when dereferencing NULL "
"in switch formally pass and we go to default label\n");
}

return 0;
}

... then the compiler would be forced to generate code to dereference
the pointer (to compare it to 'a'), and you will get your segmentation
fault.

--
Andreas Kusalananda Kähäri,
National Bioinformatics Infrastructure Sweden (NBIS),
Uppsala University, Sweden.








När du har kontakt med oss på Uppsala universitet med e-post så innebär det att 
vi behandlar dina personuppgifter. För att läsa mer om hur vi gör det kan du 
läsa här: http://www.uu.se/om-uu/dataskydd-personuppgifter/

E-mailing Uppsala University means that we will process your personal data. For 
more information on how this is performed, please read here: 
http://www.uu.se/om-uu/dataskydd-personuppgifter/

Re: cc: dereference NULL pointer inside switch brackets and no exception

[Jacqueline Jolicoeur]

> No ?

"Contrary to popular belief, dereferencing a null pointer in C is
undefined. It is not defined to trap, and if you mmap a page at 0,
it is not defined to access that page."

http://blog.llvm.org/2011/05/what-every-c-programmer-should-know.html

Change Windows10 disk to OpenBSD, but not sure what disklabel and fdisk mean

[Chris Bennett]

Hi,
I've gotten tired and paranoid about having Windows 10 on my hard drive
in a laptop, but I'm not sure what partitions to keep or ditch.
I am running off of USB flash drives, which are pesky to keep in and
slow.
Thanks,
Chris Bennett


Here are some outputs:

disklabel


# /dev/rsd0c:
type: SCSI
disk: SCSI disk
label: WDC WD10SPCX-24H
duid: 
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 121601
total sectors: 1953525168
boundstart: 0
boundend: 1953525168
drivedata: 0 

16 partitions:
#size   offset  fstype [fsize bsize   cpg]
  c:   19535251680  unused
  i:   532480 2048   MSDOS
  j:32768   534528 unknown
  k:   1898479616   567296   MSDOS
  l: 52428800   1899046912   MSDOS
  m:  2048000   1951475712 unknown


fdisk


Disk: sd0   Usable LBA: 34 to 1953525134 [1953525168 Sectors]
   #: type [   start: size ]

   0: EFI Sys  [2048:   532480 ]
   1: e3c9e316-0b5c-4db8-817d-f92df00215ae [  534528:32768 ]
   2: FAT12[  567296:   1898479616 ]
   3: FAT12[  1899046912: 52428800 ]
   4: Win Recovery [  1951475712:  2048000 ]


dmesg


OpenBSD 6.4-beta (GENERIC.MP) #285: Sat Sep  1 12:51:52 MDT 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3774021632 (3599MB)
avail mem = 3650387968 (3481MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xea8c0 (45 entries)
bios0: vendor LENOVO version "5PCN20WW" date 01/15/2018
bios0: LENOVO 80XV
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP UEFI HPET APIC MCFG SBST MSDM BATB SSDT IVRS CRAT TPM2 
SSDT SSDT SSDT SSDT FPDT SSDT BGRT UEFI
acpi0: wakeup devices GPP0(S4) GPP1(S4) GPP2(S4) GPP3(S4) GPP4(S4) GFX0(S4) 
GFX1(S4) GFX2(S4) GFX3(S4) GFX4(S4) XHC0(S3) EHC1(S3) SBAZ(S4)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpihpet0 at acpi0: 14318180 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 16 (boot processor)
cpu0: AMD A9-9420 RADEON R5, 5 COMPUTE CORES 2C+3G, 2994.74 MHz, 15-70-00
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,XSAVEOPT
cpu0: 96KB 64b/line 3-way I-cache, 32KB 64b/line 8-way D-cache, 1MB 64b/line 
16-way L2 cache
cpu0: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, IBE
cpu1 at mainbus0: apid 17 (application processor)
cpu1: AMD A9-9420 RADEON R5, 5 COMPUTE CORES 2C+3G, 2994.38 MHz, 15-70-00
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,XSAVEOPT
cpu1: 96KB 64b/line 3-way I-cache, 32KB 64b/line 8-way D-cache, 1MB 64b/line 
16-way L2 cache
cpu1: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu1: smt 1, core 0, package 0
ioapic0 at mainbus0: apid 4 pa 0xfec0, version 21, 24 pins, remapped
ioapic1 at mainbus0: apid 5 pa 0xfec01000, version 21, 32 pins, remapped
acpimcfg0 at acpi0
acpimcfg0: addr 0xf800, bus 0-63
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (GPP0)
acpiprt2 at acpi0: bus -1 (GPP1)
acpiprt3 at acpi0: bus 1 (GPP2)
acpiprt4 at acpi0: bus 2 (GPP3)
acpiprt5 at acpi0: bus -1 (GPP4)
acpiprt6 at acpi0: bus -1 (GFX0)
acpiprt7 at acpi0: bus -1 (GFX1)
acpiprt8 at acpi0: bus -1 (GFX2)
acpiprt9 at acpi0: bus -1 (GFX3)
acpiprt10 at acpi0: bus -1 (GFX4)
acpiec0 at acpi0
acpicpu0 at acpi0: C2(0@400 io@0x814), C1(@1 halt!), PSS
acpicpu1 at acpi0: C2(0@400 io@0x814), C1(@1 halt!), PSS
acpipwrres0 at acpi0: P0U3, resource for XHC0
acpipwrres1 at acpi0: P3U3, resource for XHC0
acpipwrres2 at acpi0: P0U2, re

Re: Change Windows10 disk to OpenBSD, but not sure what disklabel and fdisk mean

[noah pugsley]

You don't care about windows, and all your data is on usb drives, yes? Why not 
just do a fresh full disk install and copy your data?

Sent from mobile.
  Original Message  
From: Chris Bennett
Sent: Monday, September 3, 2018 10:19
To: misc@openbsd.org
Subject: Change Windows10 disk to OpenBSD, but not sure what disklabel and 
fdisk mean

Hi,
I've gotten tired and paranoid about having Windows 10 on my hard drive
in a laptop, but I'm not sure what partitions to keep or ditch.
I am running off of USB flash drives, which are pesky to keep in and
slow.
Thanks,
Chris Bennett


Here are some outputs:

disklabel


# /dev/rsd0c:
type: SCSI
disk: SCSI disk
label: WDC WD10SPCX-24H
duid: 
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 121601
total sectors: 1953525168
boundstart: 0
boundend: 1953525168
drivedata: 0 

16 partitions:
# size offset fstype [fsize bsize cpg]
c: 1953525168 0 unused 
i: 532480 2048 MSDOS 
j: 32768 534528 unknown 
k: 1898479616 567296 MSDOS 
l: 52428800 1899046912 MSDOS 
m: 2048000 1951475712 unknown 


fdisk


Disk: sd0 Usable LBA: 34 to 1953525134 [1953525168 Sectors]
#: type [ start: size ]

0: EFI Sys [ 2048: 532480 ]
1: e3c9e316-0b5c-4db8-817d-f92df00215ae [ 534528: 32768 ]
2: FAT12 [ 567296: 1898479616 ]
3: FAT12 [ 1899046912: 52428800 ]
4: Win Recovery [ 1951475712: 2048000 ]


dmesg


OpenBSD 6.4-beta (GENERIC.MP) #285: Sat Sep 1 12:51:52 MDT 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3774021632 (3599MB)
avail mem = 3650387968 (3481MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xea8c0 (45 entries)
bios0: vendor LENOVO version "5PCN20WW" date 01/15/2018
bios0: LENOVO 80XV
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP UEFI HPET APIC MCFG SBST MSDM BATB SSDT IVRS CRAT TPM2 
SSDT SSDT SSDT SSDT FPDT SSDT BGRT UEFI
acpi0: wakeup devices GPP0(S4) GPP1(S4) GPP2(S4) GPP3(S4) GPP4(S4) GFX0(S4) 
GFX1(S4) GFX2(S4) GFX3(S4) GFX4(S4) XHC0(S3) EHC1(S3) SBAZ(S4)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpihpet0 at acpi0: 14318180 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 16 (boot processor)
cpu0: AMD A9-9420 RADEON R5, 5 COMPUTE CORES 2C+3G, 2994.74 MHz, 15-70-00
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,XSAVEOPT
cpu0: 96KB 64b/line 3-way I-cache, 32KB 64b/line 8-way D-cache, 1MB 64b/line 
16-way L2 cache
cpu0: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, IBE
cpu1 at mainbus0: apid 17 (application processor)
cpu1: AMD A9-9420 RADEON R5, 5 COMPUTE CORES 2C+3G, 2994.38 MHz, 15-70-00
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,XSAVEOPT
cpu1: 96KB 64b/line 3-way I-cache, 32KB 64b/line 8-way D-cache, 1MB 64b/line 
16-way L2 cache
cpu1: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu1: smt 1, core 0, package 0
ioapic0 at mainbus0: apid 4 pa 0xfec0, version 21, 24 pins, remapped
ioapic1 at mainbus0: apid 5 pa 0xfec01000, version 21, 32 pins, remapped
acpimcfg0 at acpi0
acpimcfg0: addr 0xf800, bus 0-63
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (GPP0)
acpiprt2 at acpi0: bus -1 (GPP1)
acpiprt3 at acpi0: bus 1 (GPP2)
acpiprt4 at acpi0: bus 2 (GPP3)
acpiprt5 at acpi0: bus -1 (GPP4)
acpiprt6 at acpi0: bus -1 (GFX0)
acpiprt7 at acpi0: bus -1 (GFX1)
acpiprt8 at acpi0: bus -1 (GFX2)
acpiprt9 at acpi0: bus -1 (GFX3)
acpiprt10 at acpi0: bus -1 (GFX4)
acpiec0 at acpi0
acpicpu0 at acpi0: C2(0@400 io@0x814), C1(@1 halt!), PSS
acpicpu1 at acpi0: C2(0@400 io@0x814), C1(@1 halt!), PSS
acpipwrres0 at acpi0: P0U3, resource for XHC0
acpipwrres1 at acpi0: P3U3, resource for XHC0
acpipwrres2 at acpi0: P0U2, resource for EHC1
acpipwrres3 at acpi0: P3U2, resource for EHC1
acpipwrres4 at acpi0: P0SD
acpipwrres5 at acpi0: P3SD
acpipwrres6 at acpi0: P0ST, resource for SATA

network connectivity problem (ifconfig, arp, ...)

[vincent delft]

Hello,

I'm running -current and enjoy the new "join" feature of hostname.if.

Nevertheless, I have sometime issues to have an  internet connection.

The context:
I have wifi and cable possibilities to connect the same network. Normaly I
prefer the network connection, so at my desk I plug the cable and use it.
But in some cases, I disconnect my laptop and use the wifi connection.

Problem:
The wifi is well connected to my nwid, but the connectivity is not working
(cannot ping my main firewall to connect internet).
I think the problem is linked to wrong arp table (cfr here under)

Why the arp entry for my firewall remains "expired" so long (could be more
than 10 minuntes) ?
Why a "doas arp -ad" does not remove this bad fw entry from the table ?
What could I do to solve the issue without rebooting the laptop ? (If I
reboot the laptop, this solve the problem).



e5450:~$ arp -a
Host Ethernet AddressNetif Expire
Flags
fw   (incomplete)  em0 expired
192.168.3.15 10:02:b5:83:40:41iwm0 permanent l
192.168.3.16 f8:ca:b8:50:84:15 em0 permanent l

Can OpenBSD connect to MS L2TP VPN?

[Sacha El Masry]

Hi,

I've searched the internet every way I could think of, but cannot find
an easy answer to whether it's possible for OpenBSD as a client to
connect to a Microsoft (Windows Server-provided) L2TP VPN?

Obviously, there are countless guides to setting up OpenBSD as a
server, to which Windows, macOS, iOS and Linux/Android clients can
connect. While I should be able to work out how to do the reverse, I
haven't succeeded.

The first question is: can OpenBSD, using base packages or xl2tpd,
actually connect to this type of Windows VPN?

If it can, and one of you has done so, could you please provide a
pointer? I have read up on base tools, but as far as I get it, they can
be used to set up a server, or as a gateway with another IPSEC
gateway. From what little I understand, xl2tpd can be used as a client,
but I have not managed to create a connection - or to establish 'flows'
- as per the instructions that package provides
  at: /usr/local/.../xl2tpd-1.3.11.

Thanks,

Sacha

Re: Change Windows10 disk to OpenBSD, but not sure what disklabel and fdisk mean

[Jordan Geoghegan]

If you don't care what's on the Windoze 10 drive, just do a fresh 
install and allow the OpenBSD installer to use/partition the whole disk.



On 09/03/18 10:17, Chris Bennett wrote:

Hi,
I've gotten tired and paranoid about having Windows 10 on my hard drive
in a laptop, but I'm not sure what partitions to keep or ditch.
I am running off of USB flash drives, which are pesky to keep in and
slow.
Thanks,
Chris Bennett


Here are some outputs:

disklabel


# /dev/rsd0c:
type: SCSI
disk: SCSI disk
label: WDC WD10SPCX-24H
duid: 
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 121601
total sectors: 1953525168
boundstart: 0
boundend: 1953525168
drivedata: 0

16 partitions:
#size   offset  fstype [fsize bsize   cpg]
   c:   19535251680  unused
   i:   532480 2048   MSDOS
   j:32768   534528 unknown
   k:   1898479616   567296   MSDOS
   l: 52428800   1899046912   MSDOS
   m:  2048000   1951475712 unknown


fdisk


Disk: sd0   Usable LBA: 34 to 1953525134 [1953525168 Sectors]
#: type [   start: size ]

0: EFI Sys  [2048:   532480 ]
1: e3c9e316-0b5c-4db8-817d-f92df00215ae [  534528:32768 ]
2: FAT12[  567296:   1898479616 ]
3: FAT12[  1899046912: 52428800 ]
4: Win Recovery [  1951475712:  2048000 ]


dmesg


OpenBSD 6.4-beta (GENERIC.MP) #285: Sat Sep  1 12:51:52 MDT 2018
 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3774021632 (3599MB)
avail mem = 3650387968 (3481MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xea8c0 (45 entries)
bios0: vendor LENOVO version "5PCN20WW" date 01/15/2018
bios0: LENOVO 80XV
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP UEFI HPET APIC MCFG SBST MSDM BATB SSDT IVRS CRAT TPM2 
SSDT SSDT SSDT SSDT FPDT SSDT BGRT UEFI
acpi0: wakeup devices GPP0(S4) GPP1(S4) GPP2(S4) GPP3(S4) GPP4(S4) GFX0(S4) 
GFX1(S4) GFX2(S4) GFX3(S4) GFX4(S4) XHC0(S3) EHC1(S3) SBAZ(S4)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpihpet0 at acpi0: 14318180 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 16 (boot processor)
cpu0: AMD A9-9420 RADEON R5, 5 COMPUTE CORES 2C+3G, 2994.74 MHz, 15-70-00
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,XSAVEOPT
cpu0: 96KB 64b/line 3-way I-cache, 32KB 64b/line 8-way D-cache, 1MB 64b/line 
16-way L2 cache
cpu0: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, IBE
cpu1 at mainbus0: apid 17 (application processor)
cpu1: AMD A9-9420 RADEON R5, 5 COMPUTE CORES 2C+3G, 2994.38 MHz, 15-70-00
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,DBKP,PERFTSC,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,XSAVEOPT
cpu1: 96KB 64b/line 3-way I-cache, 32KB 64b/line 8-way D-cache, 1MB 64b/line 
16-way L2 cache
cpu1: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu1: smt 1, core 0, package 0
ioapic0 at mainbus0: apid 4 pa 0xfec0, version 21, 24 pins, remapped
ioapic1 at mainbus0: apid 5 pa 0xfec01000, version 21, 32 pins, remapped
acpimcfg0 at acpi0
acpimcfg0: addr 0xf800, bus 0-63
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (GPP0)
acpiprt2 at acpi0: bus -1 (GPP1)
acpiprt3 at acpi0: bus 1 (GPP2)
acpiprt4 at acpi0: bus 2 (GPP3)
acpiprt5 at acpi0: bus -1 (GPP4)
acpiprt6 at acpi0: bus -1 (GFX0)
acpiprt7 at acpi0: bus -1 (GFX1)
acpiprt8 at acpi0: bus -1 (GFX2)
acpiprt9 at acpi0: bus -1 (GFX3)
acpiprt10 at acpi0: bus -1 (GFX4)
acpiec0 at acpi0
acpicpu0 at acpi0: C2(0@400 io@0x814), C1(@1 halt!), PSS
acpicpu1 at acpi0: C2(0@400 io@0x814), C1(@1 halt!), PSS
acpipwrres0 at acpi0: P0U3, resource for XHC0

Re: network connectivity problem (ifconfig, arp, ...)

[Stefan Sperling]

On Mon, Sep 03, 2018 at 07:46:09PM +0200, vincent delft wrote:
> Hello,
> 
> I'm running -current and enjoy the new "join" feature of hostname.if.
> 
> Nevertheless, I have sometime issues to have an  internet connection.
> 
> The context:
> I have wifi and cable possibilities to connect the same network. Normaly I
> prefer the network connection, so at my desk I plug the cable and use it.
> But in some cases, I disconnect my laptop and use the wifi connection.
> 
> Problem:
> The wifi is well connected to my nwid, but the connectivity is not working
> (cannot ping my main firewall to connect internet).
> I think the problem is linked to wrong arp table (cfr here under)
> 
> Why the arp entry for my firewall remains "expired" so long (could be more
> than 10 minuntes) ?
> Why a "doas arp -ad" does not remove this bad fw entry from the table ?
> What could I do to solve the issue without rebooting the laptop ? (If I
> reboot the laptop, this solve the problem).
> 
> 
> 
> e5450:~$ arp -a
> Host Ethernet AddressNetif Expire
> Flags
> fw   (incomplete)  em0 expired
> 192.168.3.15 10:02:b5:83:40:41iwm0 permanent l
> 192.168.3.16 f8:ca:b8:50:84:15 em0 permanent l

Didn't we already discuss the same question back in July?
https://marc.info/?l=openbsd-misc&m=153220020618146&w=2

Again, try trunk(4).

Lesser evil

[- -]

Hello all,


I am running OpenBSD on my desktop, which is suitable for 99% of my
needs. However I have to run certain proprietary software, which is
available on Linux, Mac OSX and Windows.

I cannot decide which of the three would be a "lesser evil" to run in
respect with security and privacy. The software (video and photo editing)
runs best on Windows, almost as good on OSX  and it runs on Linux with
some compromises.
Does it make sense to accept such compromises and run Linux for security
and privacy OR is the better security and privacy of Linux more or less a
myth and running Windows would be almost the same in that respect?

I understand that any response is to be just an opinion.

Thank you

Jan

Re: Lesser evil

[Fabio Almeida]

If you really need it, go with what's best for it.

Today, to be honest, in your situation I'd run Windows, Linux will have
probably half the performance, and the "compromises" you cited.
Besides, you can also run Linux on Windows almost natively nowadays, so,
the choice is clear.

Install a good antivirus, try to be smart and you'll be fine (almost).
That's my 2 cents.

Regards,

On Mon, Sep 3, 2018 at 4:09 PM - -  wrote:

> Hello all,
>
>
> I am running OpenBSD on my desktop, which is suitable for 99% of my
> needs. However I have to run certain proprietary software, which is
> available on Linux, Mac OSX and Windows.
>
> I cannot decide which of the three would be a "lesser evil" to run in
> respect with security and privacy. The software (video and photo editing)
> runs best on Windows, almost as good on OSX  and it runs on Linux with
> some compromises.
> Does it make sense to accept such compromises and run Linux for security
> and privacy OR is the better security and privacy of Linux more or less a
> myth and running Windows would be almost the same in that respect?
>
> I understand that any response is to be just an opinion.
>
> Thank you
>
> Jan
>

Re: Lesser evil

[Sal A Nimi]

On September 3, 2018 3:20:11 PM EDT, Fabio Almeida  wrote:
>If you really need it, go with what's best for it.
>
>Today, to be honest, in your situation I'd run Windows, Linux will have
>probably half the performance, and the "compromises" you cited.
>Besides, you can also run Linux on Windows almost natively nowadays,
>so,
>the choice is clear.
>
>Install a good antivirus, try to be smart and you'll be fine (almost).
>That's my 2 cents.
>
>Regards,
>
>On Mon, Sep 3, 2018 at 4:09 PM - -  wrote:
>
>> Hello all,
>>
>>
>> I am running OpenBSD on my desktop, which is suitable for 99% of my
>> needs. However I have to run certain proprietary software, which is
>> available on Linux, Mac OSX and Windows.
>>
>> I cannot decide which of the three would be a "lesser evil" to run in
>> respect with security and privacy. The software (video and photo
>editing)
>> runs best on Windows, almost as good on OSX  and it runs on Linux
>with
>> some compromises.
>> Does it make sense to accept such compromises and run Linux for
>security
>> and privacy OR is the better security and privacy of Linux more or
>less a
>> myth and running Windows would be almost the same in that respect?
>>
>> I understand that any response is to be just an opinion.
>>
>> Thank you
>>
>> Jan
>>

In my experience it has been easiest just to learn new software. Fewer 
softwares are ported to OpenBSD, but I generally prefer those that happen to 
have been ported to OpenBSD.

For the uses you describe, I recommend ffmpeg, ImageMagick, and a build tool 
(for example, make).

DRM without X

[Thomas de Grivel]

Hello misc,

Is there any way to use the DRM drivers without X11 ?

-- 
 Thomas de Grivel

Re: network connectivity problem (ifconfig, arp, ...)

[Vincent]

Hello stefan,

Hum... it could be similar situations. 

I've found an article combining the "join" and the trunk: 
https://dataswamp.org/~solene/2018-08-30-openbsd-trunk.html

I'll do same setup and will see

Thanks. 

V.







On 3 September 2018 20:26:27 CEST, Stefan Sperling  wrote:
>On Mon, Sep 03, 2018 at 07:46:09PM +0200, vincent delft wrote:
>> Hello,
>> 
>> I'm running -current and enjoy the new "join" feature of hostname.if.
>> 
>> Nevertheless, I have sometime issues to have an  internet connection.
>> 
>> The context:
>> I have wifi and cable possibilities to connect the same network.
>Normaly I
>> prefer the network connection, so at my desk I plug the cable and use
>it.
>> But in some cases, I disconnect my laptop and use the wifi
>connection.
>> 
>> Problem:
>> The wifi is well connected to my nwid, but the connectivity is not
>working
>> (cannot ping my main firewall to connect internet).
>> I think the problem is linked to wrong arp table (cfr here under)
>> 
>> Why the arp entry for my firewall remains "expired" so long (could be
>more
>> than 10 minuntes) ?
>> Why a "doas arp -ad" does not remove this bad fw entry from the table
>?
>> What could I do to solve the issue without rebooting the laptop ? (If
>I
>> reboot the laptop, this solve the problem).
>> 
>> 
>> 
>> e5450:~$ arp -a
>> Host Ethernet AddressNetif Expire
>> Flags
>> fw   (incomplete)  em0
>expired
>> 192.168.3.15 10:02:b5:83:40:41iwm0
>permanent l
>> 192.168.3.16 f8:ca:b8:50:84:15 em0
>permanent l
>
>Didn't we already discuss the same question back in July?
>https://marc.info/?l=openbsd-misc&m=153220020618146&w=2
>
>Again, try trunk(4).

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

clone of openbsd by dd

[Tuyosi T]

hi all .

i do backup hard disk by booting archlinux's install USB memory and dd .

because one liner  '  while true ; do ; sleep 10 ; killall -USR1 dd  ;
done  '
is effective on another screen ( alt + F2 ) .
so i know the progressive state of dd  on original screen ( alt + F1) .

reversely i do archlinux's hard disk by booting openbsd's install USB
memory and dd ( espetially it is made by btrfs ) .

---
regards

Re: make(1) and multiple outputs

[Philip Guenther]

On Mon, Sep 3, 2018 at 5:23 AM Marc Espie  wrote:

> Our make is perfectly happy generating several targets with one rule.
>
> The only thing we're actually missing wrt % is suffixes rules with
> multiple results.
>
> See any Makefile that generates .h and .c file from .y, for instance
> lib/libkeynote/Makefile
>
> a line like:
>
> k.tab.c k.tab.h: keynote.y keynote.h signature.h
> $(YACC.y) $(YACCFLAGS) ${.CURDIR}/keynote.y
>
> looks exactly like what you want.
>

Classically, a rule like that doesn't mean one invocation will generate
both targets, but rather that the same recipe can be invoked for each
target (with different values for $@, etc).  In default single-job mode (no
-jN) this works out fine as after the first invocation 'make' will notice
the second file is already up-to-date, but with -jN some makes could decide
to build both of the targets at the same time and invoke yacc twice,
possibly resulting in truncated/corrupted output files.

Does our make have some logic in the -jN handling to detect and prevent
that, Marc?

Otherwise, the workaround has been as Geoff noted: have all the target
files depend on a timestamp file which has the real recipe and
prerequisites.  That's still recommended for GNU make users when there's no
reasonable set of patterns that can match the generated files.  People
occasionally pine for the SunOS 4.x 'make' feature of "targ1 + targ2 [+
targN...]" functionality, but it's not a great syntax and no one has done
the work.


Philip Guenther

Re: network connectivity problem (ifconfig, arp, ...)

[Alexander Hall]

On Mon, Sep 03, 2018 at 10:58:49PM +0200, Vincent wrote:
> Hello stefan,
> 
> Hum... it could be similar situations. 
> 
> I've found an article combining the "join" and the trunk: 
> https://dataswamp.org/~solene/2018-08-30-openbsd-trunk.html

For me, it's as simple as this:

==> /etc/hostname.em0 <==
up

==> /etc/hostname.iwn0 <==
join wirelessnet wpakey foo
join anothernet wpakey bar
up

==> /etc/hostname.trunk0 <==
trunkproto failover
trunkport em0
trunkport iwn0
# You could hardcode a mac address here at will
#lladdr aa:bb:cc:dd:ee:ff
dhcp

/Alexander

> 
> I'll do same setup and will see
> 
> Thanks. 
> 
> V.
> 
> 
> 
> 
> 
> 
> 
> On 3 September 2018 20:26:27 CEST, Stefan Sperling  wrote:
> >On Mon, Sep 03, 2018 at 07:46:09PM +0200, vincent delft wrote:
> >> Hello,
> >> 
> >> I'm running -current and enjoy the new "join" feature of hostname.if.
> >> 
> >> Nevertheless, I have sometime issues to have an  internet connection.
> >> 
> >> The context:
> >> I have wifi and cable possibilities to connect the same network.
> >Normaly I
> >> prefer the network connection, so at my desk I plug the cable and use
> >it.
> >> But in some cases, I disconnect my laptop and use the wifi
> >connection.
> >> 
> >> Problem:
> >> The wifi is well connected to my nwid, but the connectivity is not
> >working
> >> (cannot ping my main firewall to connect internet).
> >> I think the problem is linked to wrong arp table (cfr here under)
> >> 
> >> Why the arp entry for my firewall remains "expired" so long (could be
> >more
> >> than 10 minuntes) ?
> >> Why a "doas arp -ad" does not remove this bad fw entry from the table
> >?
> >> What could I do to solve the issue without rebooting the laptop ? (If
> >I
> >> reboot the laptop, this solve the problem).
> >> 
> >> 
> >> 
> >> e5450:~$ arp -a
> >> Host Ethernet AddressNetif Expire
> >> Flags
> >> fw   (incomplete)  em0
> >expired
> >> 192.168.3.15 10:02:b5:83:40:41iwm0
> >permanent l
> >> 192.168.3.16 f8:ca:b8:50:84:15 em0
> >permanent l
> >
> >Didn't we already discuss the same question back in July?
> >https://marc.info/?l=openbsd-misc&m=153220020618146&w=2
> >
> >Again, try trunk(4).
> 
> -- 
> Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: resize /usr

[Ken M]

On Mon, Sep 03, 2018 at 03:59:07AM +0200, Ingo Schwarze wrote:
> Hi Ken,
> 
> How exactly to distribute space among partitions really depends on what
> you want to use the machine for.  The disk you are showing above can be
> called terribly small nowadays (though i admit that i used disks in
> production with OpenBSD 2.7 17 years ago that were more than 1000 
> times smaller), so small that you are likely to run out of space
> sooner or later even if you don't let waste data lying around.
> 
> Yes, you always want /usr/local/, except maybe on a pure firewall router
> where you are not planning to install any ports whatsoever except rsync.
> 
> I see you do not have /usr/src/, /usr/obj/, /usr/xenocara/,
> and /usr/xobj/, so you are obviously not planning to work on patches
> to the base system or to X11.  Nothing is wrong with that.  If you ever
> start doing such work on that machine, you will have to bite off the
> required partitions from home, though.  It would have been smarter if
> you had left at least 10G at the end of the disk unallocated; if you
> ever needed some partition like that, you could create it without a fuss;
> if /home/ ever got full, you could move some stuff there.
> 
> I see you do have /usr/ports/, so obviously, you are planning to do
> some work on ports.  I only work on ports *occasionally*, i'm not a
> real porter, yet i currently have the following amounts of space *in
> use* for work on ports:
> 
>  - /usr/local/--   9 GB (separate partition)
>  - /usr/ports/pobj/   --  18 GB (separate partition)
>  - /usr/ports/distfiles/  --   9 GB (partition /usr/ports/)
>  - /usr/ports/packages/   --   8 GB 
>  - /usr/ports/--  650 MB (rest of the partition)
> 
> In addition to that, i have about 115 checkouts of source trees
> of various software that i occasionally work on or look at on
> another partition, which takes up another 21 GB (but that's more
> for base that for ports work).
> 
> Yours,
>   Ingo

Other than using OpenBSD as general secure laptop env and doing some development
I have planned to work on some ports, have done a little bit to try to help with
lmms for example.

At the time I installed this system (the 128 GB SSD is what came with it) I
probably didn't know enough about wxallowed to properly make decisions.

Probably the smartest thing to do is maybe reinstall or at least redo the
partitions a good bit.  I think what I need to do is make /usr smaller make
/usr/local a good 15gb partition and the rest leave for /usr/ports. I think I
need to backup what I got and then drop those partitions/disklabels and remake
them. That is probably the cleanest, I am guessing it will be best to do that
from single user mode.

Ken

Re: Lesser evil

[Christopher Turkel]

It always depends on your needs. I use LibreOffice for my work so I'm ste.

On Mon, Sep 3, 2018 at 3:39 PM Sal A Nimi  wrote:

> On September 3, 2018 3:20:11 PM EDT, Fabio Almeida 
> wrote:
> >If you really need it, go with what's best for it.
> >
> >Today, to be honest, in your situation I'd run Windows, Linux will have
> >probably half the performance, and the "compromises" you cited.
> >Besides, you can also run Linux on Windows almost natively nowadays,
> >so,
> >the choice is clear.
> >
> >Install a good antivirus, try to be smart and you'll be fine (almost).
> >That's my 2 cents.
> >
> >Regards,
> >
> >On Mon, Sep 3, 2018 at 4:09 PM - -  wrote:
> >
> >> Hello all,
> >>
> >>
> >> I am running OpenBSD on my desktop, which is suitable for 99% of my
> >> needs. However I have to run certain proprietary software, which is
> >> available on Linux, Mac OSX and Windows.
> >>
> >> I cannot decide which of the three would be a "lesser evil" to run in
> >> respect with security and privacy. The software (video and photo
> >editing)
> >> runs best on Windows, almost as good on OSX  and it runs on Linux
> >with
> >> some compromises.
> >> Does it make sense to accept such compromises and run Linux for
> >security
> >> and privacy OR is the better security and privacy of Linux more or
> >less a
> >> myth and running Windows would be almost the same in that respect?
> >>
> >> I understand that any response is to be just an opinion.
> >>
> >> Thank you
> >>
> >> Jan
> >>
>
> In my experience it has been easiest just to learn new software. Fewer
> softwares are ported to OpenBSD, but I generally prefer those that happen
> to have been ported to OpenBSD.
>
> For the uses you describe, I recommend ffmpeg, ImageMagick, and a build
> tool (for example, make).
>

Re: Lesser evil

[Roderick]

On Mon, 3 Sep 2018, Christopher Turkel wrote:


It always depends on your needs. I use LibreOffice for my work so I'm ste.


I am happy that TeX is enough for my needs and do not need strange OS.

And in extreme cases he will have to use Windows / MacOS / Linux.

It is a reality: there is not a free software alternative for everything.
Windows is unfortunately wide spread in industry. Emulators (Wine) do
not work well. Perhaps a virtual machine?

Rodrigo

Re: Change Windows10 disk to OpenBSD, but not sure what disklabel and fdisk mean

[Chris Bennett]

OK
I see that i needed to use fdisk -v

Any need to preserve any existing stuff? (and how if so?)


Primary GPT:
Disk: sd0   Usable LBA: 34 to 1953525134 [1953525168 Sectors]
GUID: 0b27fac9-4c45-460c-b321-f6ba7ccacfb9
   #: type [   start: size ]
  guid name

   0: EFI Sys  [2048:   532480 ]
  ea1f79db-2bee-4ade-9b7c-017de2787211 EFI system partition
   1: e3c9e316-0b5c-4db8-817d-f92df00215ae [  534528:32768 ]
  4aeb925c-5204-441c-b69a-1c834c45f14a Microsoft reserved partition
   2: FAT12[  567296:   1898479616 ]
  71338e9f-73de-47e5-af24-f4dd9ffe124a Basic data partition
   3: FAT12[  1899046912: 52428800 ]
  2ed3bbc7-5870-4fc0-be04-ba6cfaf9284c Basic data partition
   4: Win Recovery [  1951475712:  2048000 ]
  11ab734a-6c45-4b61-b15b-3fad264c92d2 Basic data partition

Secondary GPT:
Disk: sd0   Usable LBA: 34 to 1953525134 [1953525168 Sectors]
GUID: 0b27fac9-4c45-460c-b321-f6ba7ccacfb9
   #: type [   start: size ]
  guid name

   0: EFI Sys  [2048:   532480 ]
  ea1f79db-2bee-4ade-9b7c-017de2787211 EFI system partition
   1: e3c9e316-0b5c-4db8-817d-f92df00215ae [  534528:32768 ]
  4aeb925c-5204-441c-b69a-1c834c45f14a Microsoft reserved partition
   2: FAT12[  567296:   1898479616 ]
  71338e9f-73de-47e5-af24-f4dd9ffe124a Basic data partition
   3: FAT12[  1899046912: 52428800 ]
  2ed3bbc7-5870-4fc0-be04-ba6cfaf9284c Basic data partition
   4: Win Recovery [  1951475712:  2048000 ]
  11ab734a-6c45-4b61-b15b-3fad264c92d2 Basic data partition

MBR:
Disk: sd0   geometry: 121601/255/63 [1953525168 Sectors]
Offset: 0   Signature: 0xAA55
Starting Ending LBA Info:
 #: id  C   H   S -  C   H   S [   start:size ]
---
 0: EE  0   0   2 - 267349  89   4 [   1:  4294967295 ] EFI GPT 
 1: 00  0   0   0 -  0   0   0 [   0:   0 ] unused  
 2: 00  0   0   0 -  0   0   0 [   0:   0 ] unused  
 3: 00  0   0   0 -  0   0   0 [   0:   0 ] unused  

Microsoft reserved partition would be what?
I just don't want to end up with a non-bootable drive.
Windows 10 sticks it's fingers into changing BIOS settings, especially
after a big update.

And now I go searching for lot's of stuff on Gurgle.com.
Which really get's me pretty worthless crap for about 2 years now.

Thanks,
Chris Bennett

Re: resize /usr

[edgar]

On Sep 3, 2018 4:33 PM, Ken M  wrote:
>
> On Mon, Sep 03, 2018 at 03:59:07AM +0200, Ingo Schwarze wrote:
> > Hi Ken,
> > 
> > How exactly to distribute space among partitions really depends on what
> > you want to use the machine for.  The disk you are showing above can be
> > called terribly small nowadays (though i admit that i used disks in
> > production with OpenBSD 2.7 17 years ago that were more than 1000 
> > times smaller), so small that you are likely to run out of space
> > sooner or later even if you don't let waste data lying around.
> > 
> > Yes, you always want /usr/local/, except maybe on a pure firewall router
> > where you are not planning to install any ports whatsoever except rsync.
> > 
> > I see you do not have /usr/src/, /usr/obj/, /usr/xenocara/,
> > and /usr/xobj/, so you are obviously not planning to work on patches
> > to the base system or to X11.  Nothing is wrong with that.  If you ever
> > start doing such work on that machine, you will have to bite off the
> > required partitions from home, though.  It would have been smarter if
> > you had left at least 10G at the end of the disk unallocated; if you
> > ever needed some partition like that, you could create it without a fuss;
> > if /home/ ever got full, you could move some stuff there.
> > 
> > I see you do have /usr/ports/, so obviously, you are planning to do
> > some work on ports.  I only work on ports *occasionally*, i'm not a
> > real porter, yet i currently have the following amounts of space *in
> > use* for work on ports:
> > 
> >  - /usr/local/    --   9 GB (separate partition)
> >  - /usr/ports/pobj/   --  18 GB (separate partition)
> >  - /usr/ports/distfiles/  --   9 GB (partition /usr/ports/)
> >  - /usr/ports/packages/   --   8 GB 
> >  - /usr/ports/    --  650 MB (rest of the partition)
> > 
> > In addition to that, i have about 115 checkouts of source trees
> > of various software that i occasionally work on or look at on
> > another partition, which takes up another 21 GB (but that's more
> > for base that for ports work).
> > 
> > Yours,
> >   Ingo
>
> Other than using OpenBSD as general secure laptop env and doing some 
> development
> I have planned to work on some ports, have done a little bit to try to help 
> with
> lmms for example.
>
> At the time I installed this system (the 128 GB SSD is what came with it) I
> probably didn't know enough about wxallowed to properly make decisions.
>
> Probably the smartest thing to do is maybe reinstall or at least redo the
> partitions a good bit.  I think what I need to do is make /usr smaller make
> /usr/local a good 15gb partition and the rest leave for /usr/ports. I think I
> need to backup what I got and then drop those partitions/disklabels and remake
> them. That is probably the cleanest, I am guessing it will be best to do that
> from single user mode.
>
> Ken
>
This obviously isn't the officially recommended way to do it, but it works here.

I put everything in my $HOME and use symlinks to trick the build system into 
thinking it's in /usr/ports, etc. Thus, no need to fool with partitions.

Edgar

Re: resize /usr

[Ken M]

On Mon, Sep 03, 2018 at 06:11:24PM -0500, ed...@pettijohn-web.com wrote:
> 
> This obviously isn't the officially recommended way to do it, but it works 
> here.
> 
> I put everything in my $HOME and use symlinks to trick the build system into 
> thinking it's in /usr/ports, etc. Thus, no need to fool with partitions.
> 
> Edgar

Considering the generally smaller size of the built in HD on this laptop, that
is not a bad solution to not having to deal with changing priorities in the
system.

Ken

Equipment for OBSD based firewall

[Bogdan Kulbida]

Ladies and gentlemen,

I need to build a pf OBSD firewall for a small office. What minimally
feasible equipment would you recommend in order to achieve this goal?

Thank you!
-- 
---
Best regards,
Bogdan Kulbida
Founder and CEO, Konstankino LLC 
+1.802.793.8295

Re: Lesser evil

[STeve Andre']

On 09/03/18 14:42, - - wrote:

Hello all,


I am running OpenBSD on my desktop, which is suitable for 99% of my
needs. However I have to run certain proprietary software, which is
available on Linux, Mac OSX and Windows.

I cannot decide which of the three would be a "lesser evil" to run in
respect with security and privacy. The software (video and photo editing)
runs best on Windows, almost as good on OSX  and it runs on Linux with
some compromises.
Does it make sense to accept such compromises and run Linux for security
and privacy OR is the better security and privacy of Linux more or less a
myth and running Windows would be almost the same in that respect?

I understand that any response is to be just an opinion.

Thank you

Jan


I would not try to dual boot Windows and OpenBSD.  There are too
many disgusting viri out that smash parts of partitions.   OpenBSD
or anything else on the disk is a sitting duck once not active. Don't
do it.  The AV situation on Windows is out of control--a conservative
estimate is that there are 4M pieces of malware out for Windows.
If your AV software knows how to deal with 98%, that means 80K
things aren't dealt with.  Ugh!  I know of a dual booting Win/Obsd
laptop that was damaged by a viri and afterwards the owner could
not find the OpenBSD partition at all.  Pity I was never able to see it
to do analysis.

Here in the US, you can get used thinkpads for an astonishing small
amount of money.  My wife just got a T430 with 8G ram, 500G disk,
2.6GHz I5, 1366x768 display, 2 USB 3 ports, for $167.  The battery is
even decent.  This is at Newegg.   Used macs look like $400.

For that money I would advocate that a separate machine is best,
AND you have an emergency OpenBSD backup system.

--STeve

Re: network connectivity problem (ifconfig, arp, ...)

[Daniel Jakots]

On Mon, 03 Sep 2018 22:58:49 +0200, Vincent 
wrote:

> I've found an article

It's always better to rely on the FAQ rather than on a third party
article who may have not kept the information up to date. It's not
always possible because not everything is in the FAQ but in this case,
it is:

https://www.openbsd.org/faq/faq6.html#Wireless

(scroll down a bit until "Trunking your wireless adapter")

Cheers,
Daniel

Re: Equipment for OBSD based firewall

[Jordan Geoghegan]

On 09/03/18 16:17, Bogdan Kulbida wrote:

Ladies and gentlemen,

I need to build a pf OBSD firewall for a small office. What minimally
feasible equipment would you recommend in order to achieve this goal?

Thank you!
I've ran multiple office networks on octeon devices. I've found the 
Edgerouter and Edgerouter Pro to be quite performant. The Edgerouter Pro 
can easily handle a 100/100 connection or even a 250/250 connection. I 
like them because they're free of any spectre / fpu bugs as they use an 
in-order CPU. OpenBSD also supports hw accelerated IPsec on them. I've 
used them to run DHCP and DNS servers, used them heavily as jump 
hosts/proxies and also ran my unbound-adblock and pf-badhost scripts; 
with over 100,000 domains and IP/CIDR blocks being filtered while 
pushing dozens of terrabytes in network traffic through them each month, 
they've proven to be rock solid. If you have modest needs, then an 
Edgerouter lite should suffice.


Keep in mind, these are just my personal opinions, and I am biased. I 
can't stand the thought of having an x86 machine exposed on the open 
internet, much less trusting it to secure and segment my network. With 
spooky management engine shenanigans and hardware bugs abound, I'm just 
not interested in putting my faith in x86 again. Too much emotion, too 
much garbage.


Cheers,
Jordan

Re: Equipment for OBSD based firewall

[Shawn Webb]

On Mon, Sep 03, 2018 at 04:17:51PM -0700, Bogdan Kulbida wrote:
> Ladies and gentlemen,
> 
> I need to build a pf OBSD firewall for a small office. What minimally
> feasible equipment would you recommend in order to achieve this goal?

Hey Bogdan,

The PC-Engines APU devices are wildly popular among the BSD networking
folk, and for good reason. I have a number of APU2 and APU3 systems
deployed. I have one APU4 device deployed. I'll likely deploy another
APU4 device within the next month or two.

https://pcengines.ch/

Thanks,

-- 
Shawn Webb
Cofounder and Security Engineer
HardenedBSD

Tor-ified Signal:+1 443-546-8752
Tor+XMPP+OTR:latt...@is.a.hacker.sx
GPG Key ID:  0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE


signature.asc
Description: PGP signature

Re: Equipment for OBSD based firewall

[Bogdan Kulbida]

Thank you. Much appreciated.

On Mon, Sep 3, 2018 at 17:03 Tracey Emery  wrote:

> https://pcengines.ch
>
>
>
>
> On September 3, 2018 5:17:51 PM MDT, Bogdan Kulbida 
> wrote:
>>
>> Ladies and gentlemen,
>>
>> I need to build a pf OBSD firewall for a small office. What minimally
>> feasible equipment would you recommend in order to achieve this goal?
>>
>> Thank you!
>>
>>
> --
> Tracey
>
-- 
---
Best regards,
Bogdan Kulbida
Founder and CEO, Konstankino LLC 
+1.802.793.8295

Re: Equipment for OBSD based firewall

[Tracey Emery]

https://pcengines.ch



On September 3, 2018 5:17:51 PM MDT, Bogdan Kulbida  
wrote:
>Ladies and gentlemen,
>
>I need to build a pf OBSD firewall for a small office. What minimally
>feasible equipment would you recommend in order to achieve this goal?
>
>Thank you!
>-- 
>---
>Best regards,
>Bogdan Kulbida
>Founder and CEO, Konstankino LLC 
>+1.802.793.8295

-- 
Tracey

Re: Equipment for OBSD based firewall

[Ingo Schwarze]

Hi Bogdan,

Bogdan Kulbida wrote on Mon, Sep 03, 2018 at 04:17:51PM -0700:

> I need to build a pf OBSD firewall for a small office. What minimally
> feasible equipment would you recommend in order to achieve this goal?

I seriously doubt that you can find anything in the trash that isn't
seriously oversized.

In 2001, i ran an OpenBSD 2.7 firewall with ipf(4) on an
Intel 486-SX25 (25 MHz) with 24 MB (not GB!) RAM, a system
disk of 100 MB (not GB!) and a /var/ disk of another 100 MB.
The about ten concurrent users were happy with it for years.

OK, that would no longer work because the SX25 had no numerical
coprocessor which is now required to run OpenBSD, and it required
some fiddling to fit the system installation into 100 MB.  But it
always routed the traffic fast enough.

Currently, one of my office firewalls runs on:

 - CPU: AMD-K6 234 MHz (yes, a quarter of a GHz)
 - RAM: 128 MB (yes, an eigth of a GB)
 - HD: ATA (not SATA!) UDMA-2, 3 GB (not 300 GB!)

The only reason the machine is *THAT* large is that at the time it
was selected, we no longer had any smaller dismantled desktop
machines in the trash.  I don't have the slightest doubt that a
much smaller machine would also be fine - certainly with half of
everything, like 100 MHz, 64 MB RAM, 1 GB disk.

And since then, i'm too lazy to pull something newer from the trash
to replace it - because it just works.

As a matter of fact, i'm sending this email over it...

Yours,
  Ingo

Re: Equipment for OBSD based firewall

[Bogdan Kulbida]

Ingo,
I so much enjoyed reading your answer. Thanks a lot for sharing.

-Bogdan

On Mon, Sep 3, 2018 at 20:04 Ingo Schwarze  wrote:

> Hi Bogdan,
>
> Bogdan Kulbida wrote on Mon, Sep 03, 2018 at 04:17:51PM -0700:
>
> > I need to build a pf OBSD firewall for a small office. What minimally
> > feasible equipment would you recommend in order to achieve this goal?
>
> I seriously doubt that you can find anything in the trash that isn't
> seriously oversized.
>
> In 2001, i ran an OpenBSD 2.7 firewall with ipf(4) on an
> Intel 486-SX25 (25 MHz) with 24 MB (not GB!) RAM, a system
> disk of 100 MB (not GB!) and a /var/ disk of another 100 MB.
> The about ten concurrent users were happy with it for years.
>
> OK, that would no longer work because the SX25 had no numerical
> coprocessor which is now required to run OpenBSD, and it required
> some fiddling to fit the system installation into 100 MB.  But it
> always routed the traffic fast enough.
>
> Currently, one of my office firewalls runs on:
>
>  - CPU: AMD-K6 234 MHz (yes, a quarter of a GHz)
>  - RAM: 128 MB (yes, an eigth of a GB)
>  - HD: ATA (not SATA!) UDMA-2, 3 GB (not 300 GB!)
>
> The only reason the machine is *THAT* large is that at the time it
> was selected, we no longer had any smaller dismantled desktop
> machines in the trash.  I don't have the slightest doubt that a
> much smaller machine would also be fine - certainly with half of
> everything, like 100 MHz, 64 MB RAM, 1 GB disk.
>
> And since then, i'm too lazy to pull something newer from the trash
> to replace it - because it just works.
>
> As a matter of fact, i'm sending this email over it...
>
> Yours,
>   Ingo
>
-- 
---
Best regards,
Bogdan Kulbida
Founder and CEO, Konstankino LLC 
+1.802.793.8295

Re: Equipment for OBSD based firewall

[Joel Wirāmu Pauling]

But - The thing that isn't mentioned here is basically Power Cost and
Consumption vs PPS(Packet Processing Speed).

IMNSHO running on anything that doesn't ;

A) Have passive Cooling
B) Is older than a couple of years (in intel/amd terms anything with a
TDPW above 65W)

 - is probably not a great idea. Mainly because the on-going cost of
supplying power to old junkers isn't worth what you can do with a
'newish' junker.

If you have free electricity, feel free to do what you like I guess.


-Joel



On 4 September 2018 at 15:10, Bogdan Kulbida  wrote:
> Ingo,
> I so much enjoyed reading your answer. Thanks a lot for sharing.
>
> -Bogdan
>
> On Mon, Sep 3, 2018 at 20:04 Ingo Schwarze  wrote:
>
>> Hi Bogdan,
>>
>> Bogdan Kulbida wrote on Mon, Sep 03, 2018 at 04:17:51PM -0700:
>>
>> > I need to build a pf OBSD firewall for a small office. What minimally
>> > feasible equipment would you recommend in order to achieve this goal?
>>
>> I seriously doubt that you can find anything in the trash that isn't
>> seriously oversized.
>>
>> In 2001, i ran an OpenBSD 2.7 firewall with ipf(4) on an
>> Intel 486-SX25 (25 MHz) with 24 MB (not GB!) RAM, a system
>> disk of 100 MB (not GB!) and a /var/ disk of another 100 MB.
>> The about ten concurrent users were happy with it for years.
>>
>> OK, that would no longer work because the SX25 had no numerical
>> coprocessor which is now required to run OpenBSD, and it required
>> some fiddling to fit the system installation into 100 MB.  But it
>> always routed the traffic fast enough.
>>
>> Currently, one of my office firewalls runs on:
>>
>>  - CPU: AMD-K6 234 MHz (yes, a quarter of a GHz)
>>  - RAM: 128 MB (yes, an eigth of a GB)
>>  - HD: ATA (not SATA!) UDMA-2, 3 GB (not 300 GB!)
>>
>> The only reason the machine is *THAT* large is that at the time it
>> was selected, we no longer had any smaller dismantled desktop
>> machines in the trash.  I don't have the slightest doubt that a
>> much smaller machine would also be fine - certainly with half of
>> everything, like 100 MHz, 64 MB RAM, 1 GB disk.
>>
>> And since then, i'm too lazy to pull something newer from the trash
>> to replace it - because it just works.
>>
>> As a matter of fact, i'm sending this email over it...
>>
>> Yours,
>>   Ingo
>>
> --
> ---
> Best regards,
> Bogdan Kulbida
> Founder and CEO, Konstankino LLC 
> +1.802.793.8295

Re: Lesser evil

[Peter N. M. Hansteen]

On 09/03/18 20:42, - - wrote:

> I am running OpenBSD on my desktop, which is suitable for 99% of my
> needs. However I have to run certain proprietary software, which is
> available on Linux, Mac OSX and Windows.
> 
> I cannot decide which of the three would be a "lesser evil" to run in
> respect with security and privacy. The software (video and photo editing)
> runs best on Windows, almost as good on OSX  and it runs on Linux with
> some compromises.

This really boils down to your degree of familiarity (or lack of
disgust) with each of the alternatives. I recently found myself in a
similar situation.

I run OpenBSD as my primary OS and set that up whenever there is not a
spesific reason to go for something else, including of course on my
primary laptop (blogged about not too long ago, you'll find it if you're
interested).

There is a specific piece of software that turned out to be available
only on Windows and MacOS, Linux was not an option, neither (of course)
was OpenBSD. Macs are more expensive than similar-specced hardware from
other sources, but I'm reasonably happy with going for a Mac (MacBook
Air) in that context. The system lacks most of the oddities that I have
found irritating in Windows over the years, and it comes well tuned to
Apple's hardware.

But that's me and I'm well aware that I'm weird. If you find Windows
tolerable and that's where the specific software runs best, that sounds
like the obvious choice.

- Peter

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: Equipment for OBSD based firewall

[Peter N. M. Hansteen]

On 09/04/18 01:17, Bogdan Kulbida wrote:
> Ladies and gentlemen,
> 
> I need to build a pf OBSD firewall for a small office. What minimally
> feasible equipment would you recommend in order to achieve this goal?

'minimally feasible' hardware for a small office firewall includes most
(i386 or amd64) hardware made this century, mod a few devices that were
just to weird and hard to come by to keep supported.

But then as others have mentioned, older hardware tends to draw more
power and run hotter than newer units, and you might find yourself in a
situation that the source of spare parts just ran dry.

There are several highly intergrated and even fanless systems on the
market that would be suitable (do go for the ones with at least two
physical network interfaces though).

One of the more traditional designs I was resonably happy with for my
home network for a few years was a HP Microserver G8, which with a few
PCI slots, dual bge(4)s built in and IIRC 4GB memory. Ran like a charm,
and was dirt cheap for a new system at the time.

- Peter

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: Can OpenBSD connect to MS L2TP VPN?

[Максим]

Hello.
I recently managed to make a connection to MIkrotik L2TP server
using xl2tp package. I'm not sure it would be the same as for Windows
but you could try. The problem may be how to set the domain part of the login:
DCDOMAIN\user (DCDOMAIN\\user, user@dsdomain.local?..)

The only problem was that I did not pay much attention to several details in 
pkg-readme
for xl2tp package.


--
Best regards
Maksim Rodin


03.09.2018, 20:50, "Sacha El Masry" :
> Hi,
>
> I've searched the internet every way I could think of, but cannot find
> an easy answer to whether it's possible for OpenBSD as a client to
> connect to a Microsoft (Windows Server-provided) L2TP VPN?
>
> Obviously, there are countless guides to setting up OpenBSD as a
> server, to which Windows, macOS, iOS and Linux/Android clients can
> connect. While I should be able to work out how to do the reverse, I
> haven't succeeded.
>
> The first question is: can OpenBSD, using base packages or xl2tpd,
> actually connect to this type of Windows VPN?
>
> If it can, and one of you has done so, could you please provide a
> pointer? I have read up on base tools, but as far as I get it, they can
> be used to set up a server, or as a gateway with another IPSEC
> gateway. From what little I understand, xl2tpd can be used as a client,
> but I have not managed to create a connection - or to establish 'flows'
> - as per the instructions that package provides
>   at: /usr/local/.../xl2tpd-1.3.11.
>
> Thanks,
>
> Sacha