dhclient vio0 -> Segmentation fault

2019-04-03 Thread Greg Steuck 
April 2 snapshot misbehaves badly on Google Compute Engine.

# dmesg | head
OpenBSD 6.5 (GENERIC.MP) #839: Tue Apr  2 20:38:19 MDT 2019
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
# dhclient -v -d vio0
vio0: DHCPDISCOVER - interval 1
vio0: DHCPOFFER from 169.254.169.254 (42:01:0a:80:00:01)
Segmentation fault
# ls -l /sbin/dhclient

-r-xr-xr-x  1 root  bin  387640 Apr  2 19:24 /sbin/dhclient
# sha256 /sbin/dhclient

SHA256 (/sbin/dhclient) =
a3133d7c26d6bb77fab9b82738c68280863a67a6ef2141758725f502c3187cca

I don't know what source tree this corresponds to, but dhclient from this
revision works just fine:

commit 0459b7d7c4b6caf0847b615ddd2dc05e7ed59687 (HEAD, origin/master)
Author: benno 
Date:   Wed Apr 3 19:58:04 2019 +

YUL - Montreal Dorval International has been renamed Montreal-Pierre
Elliott Trudeau International on January 1, 2004.

Thanks
Greg

Sierra Wireless MC8805 and umb(4)

2019-04-03 Thread Michał Markowski 
Hi

Has anyone managed to configure the Sierra Wireless MC8805 (Dell branded)
modem using the umb(4) driver since last discussion (
https://marc.info/?t=15114083022)?


dmesg:

OpenBSD 6.4 (GENERIC.MP) #9: Tue Mar 26 19:21:43 CET 2019
r...@syspatch-64-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/
GENERIC.MP
real mem = 4259930112 (4062MB)
avail mem = 4121559040 (3930MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xcfe97020 (9 entries)
bios0: vendor coreboot version "v4.9.0.3" date 03/08/2019
bios0: PC Engines apu2
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT FACP SSDT TPM2 APIC HEST IVRS SSDT SSDT HPET
acpi0: wakeup devices PWRB(S4) PBR4(S4) PBR5(S4) PBR6(S4) PBR7(S4) PBR8(S4)
UOH1(S3) UOH2(S3) UOH3(S3) UOH4(S3) UOH5(S3) UOH6(S3) XHC0(S4)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD GX-412TC SOC, 998.27 MHz, 16-30-01
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,ITSC,BMI1,XSAVEOPT
cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB
64b/line 16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD GX-412TC SOC, 998.13 MHz, 16-30-01
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,ITSC,BMI1,XSAVEOPT
cpu1: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB
64b/line 16-way L2 cache
cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu1: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: AMD GX-412TC SOC, 998.16 MHz, 16-30-01
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,ITSC,BMI1,XSAVEOPT
cpu2: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB
64b/line 16-way L2 cache
cpu2: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu2: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: AMD GX-412TC SOC, 998.13 MHz, 16-30-01
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,DBKP,PERFTSC,PCTRL3,ITSC,BMI1,XSAVEOPT
cpu3: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB
64b/line 16-way L2 cache
cpu3: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu3: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 4 pa 0xfec0, version 21, 24 pins
ioapic1 at mainbus0: apid 5 pa 0xfec2, version 21, 32 pins, remapped
acpihpet0 at acpi0: 14318180 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PBR4)
acpiprt2 at acpi0: bus 1 (PBR5)
acpiprt3 at acpi0: bus 2 (PBR6)
acpiprt4 at acpi0: bus 3 (PBR7)
acpiprt5 at acpi0: bus -1 (PBR8)
acpicpu0 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
acpicpu1 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
acpicpu2 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
acpicpu3 at acpi0: C2(0@400 io@0x1771), C1(@1 halt!), PSS
acpibtn0 at acpi0: PWRB
acpicmos0 at acpi0
"BOOT" at acpi0 not configured
cpu0: 998 MHz: speeds: 1000 800 600 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "AMD AMD64 16h Root Complex" rev 0x00
vendor "AMD", unknown product 0x1567 (class system subclass IOMMU, rev
0x00) at pci0 dev 0 function 2 not configured
pchb1 at pci0 dev 2 function 0 "AMD AMD64 16h Host" rev 0x00
ppb0 at pci0 dev 2 function 2 "AMD AMD64 16h PCIE" rev 0x00: msi
pci1 at ppb0 bus 1
em0 at pci1 dev 0 function 0 "Intel I210" rev 0x03: msi,

Re: hacked for the second time

2019-04-03 Thread Mark Leonard 
This seems relevant:
https://blog.netspi.com/stealing-unencrypted-ssh-agent-keys-from-memory/



On Wed, Apr 3, 2019 at 2:33 PM R0me0 ***  wrote:

> you can block connections from tor, the ssh keys must be replaced and of
> course, are you using a passphrase for them?
>
> Regards,
>
>
> Em qua, 3 de abr de 2019 às 16:12, Zeb Packard 
> escreveu:
>
> > If you've got money go here:  https://www.openbsd.org/support.html
> >
> > If you don't have money go ask here: http://daemonforums.org/
> >
> > Generally, msp, isp, it requests don't go on this list. You've posted no
> > evidence - a big no no. You need a high level of forensic verification
> > before you bring this problem to the list.
> >
> > Good luck,
> >
> > Zeb
> >
> > On Wed, Apr 3, 2019 at 11:59 AM Cord  wrote:
> >
> > > Hi,
> > > I have some heavy suspect that my openbsd box was been hacked for the
> > > second time in few weeks. The first time was been some weeks ago, I
> have
> > > got some suspects and after few checks I have found that someone was
> been
> > > connected to my vps via ssh on a non-standard port using my ssh key.
> The
> > > connection came from a tor exit node. There were been 2 connections and
> > up
> > > since 5 days. Now I have some other new suspects because some private
> > email
> > > seems knew from others. Also I have found other open sessions on the
> web
> > > gui of my email provider, but I am abolutely sure I have done the
> logout
> > > always.
> > > I am using just chrome+unveil and I haven't used any other script or
> > > opened pdf (maybe I have opened 1 or 2 pdf from inside of chrome). I
> have
> > > used epiphany *only* to open the webmail because chrome crash. My email
> > > provider support html (obviously) but generally photo are not loaded.
> > > Ofcourse I have pf enable and few service.
> > > I also use a vpn and I visit very few web site with chrome.. maybe 20
> or
> > > 25 website just to read news. Sometimes I search things about openbsd.
> > > Anyone could help me ?
> > > Cord.
> > >
> > >
> > >
> > >
> >
>

Re: bgpd between two 6.4 boxes. IPv6 flapping, IPv4 rock solid

2019-04-03 Thread Sebastian Benoit 
Stuart Henderson(s...@spacehopper.org) on 2019.04.03 16:22:26 -:
> On 2019-04-02, Rachel Roch  wrote:
> >
> >
> >
> > Mar 30, 2019, 11:10 AM by s...@spacehopper.org:
> >
> >> On 2019-03-29, Rachel Roch <> rr...@tutanota.de 
> >> > > wrote:
> >>
> >>> Hi,
> >>>
> >>> Has anyone encountered this before ?
> >>>
> >>> Neighbor?? AS?? MsgRcvd?? MsgSent?? OutQ 
> >>> Up/Down?? State/PrfRcvd
> >>> EXT-V6-R2 65515 50 
> >>> 40 0 00:02:55 Active
> >>> EXT-V4-R2 65515 38 
> >>> 37 0 00:27:42?? 1
> >>> After approx just over 2 minutes, the V6 flaps, bu the V4 remains rock 
> >>> solid.
> >>>
> >>> The boxes are sitting right next to each other, connected over an OpenBSD 
> >>> LACP trunk.
> >>>
> >>> I have made the pf rules as simple as possible:
> >>>
> >>> table  counters {self}
> >>> table  counters {192.0.2.1,2001:DB8::1}
> >>> pass in quick proto {tcp,udp,icmp} from  to 
> >>>  modulate state
> >>> pass out quick proto {tcp,udp,icmp} from  to 
> >>>  modulate state
> >>>
> >>
> >> A few tips:
> >>
> >> Start with an explicit "block any" rule so you don't have any traffic
> >> caught by the implicit "pass flags any no state" default. (If you want
> >> some "stateless" traffic as may often be the case on a BGP router, make
> >> it explicit in the ruleset). Otherwise you risk state being created 
> >> on something other than a SYN, so PF doesn't know the TCP window scaling
> >> value (which is *only* sent on SYN packets), which can result in the
> >> connection being killed after some traffic passes (state tracking gets
> >> out of sync).
> >>
> >> You don't have a rule for icmp6. IPv6's equivalent to ARP runs over icmp6
> >> and you do need a rule for that. It will currently be passed by the 
> >> implicit
> >> default rule but that will stop when you add "block any"..
> >>
> >> "modulate state" really isn't as simple as possible ;)
> >>
> >
> > A belated thanks for this !
> >
> > Re: icmp6:
> > pass quick inet6 proto ipv6-icmp all icmp6-type neighbrsol
> > pass quick inet6 proto ipv6-icmp all icmp6-type neighbradv
> > pass quick inet6 proto ipv6-icmp all icmp6-type echoreq
> > pass quick inet6 proto ipv6-icmp all icmp6-type echorep
> >
> > Re: "modulate state" I thought that was meant to be a good option these 
> > days instead of one of the more traditional state techniques ?
> >
> >
> 
> "modulate state" can be useful for protecting machines with poor
> sequence number generation, but OpenBSD already has good randomness
> for this. At best (assuming no bugs in 'modulate state'), this
> adds complexity and burns cpu cycles for no benefit,

If it were better, it would be the default. It is useful, but can also cause
problems. Dont use it if you are not sure you need it _and_ know you will
get reports if there are problems.

My advise:

Regarding your config: As sthen said, start your policy with block any.

Then add rules to pass traffic for the networks you route. With "no state",
because if you have asymetric routing, stateful does not work.

Then add rules to pass traffic of the router itself, i.e. from/to ip
addresses on the router. Those can be stateful.

As for inet6, start with "pass inet6 proto icmp6 no state".
Then when everything is working, restrict it to what is actually needed.

Re: hacked for the second time

2019-04-03 Thread R0me0 *** 
you can block connections from tor, the ssh keys must be replaced and of
course, are you using a passphrase for them?

Regards,


Em qua, 3 de abr de 2019 às 16:12, Zeb Packard 
escreveu:

> If you've got money go here:  https://www.openbsd.org/support.html
>
> If you don't have money go ask here: http://daemonforums.org/
>
> Generally, msp, isp, it requests don't go on this list. You've posted no
> evidence - a big no no. You need a high level of forensic verification
> before you bring this problem to the list.
>
> Good luck,
>
> Zeb
>
> On Wed, Apr 3, 2019 at 11:59 AM Cord  wrote:
>
> > Hi,
> > I have some heavy suspect that my openbsd box was been hacked for the
> > second time in few weeks. The first time was been some weeks ago, I have
> > got some suspects and after few checks I have found that someone was been
> > connected to my vps via ssh on a non-standard port using my ssh key. The
> > connection came from a tor exit node. There were been 2 connections and
> up
> > since 5 days. Now I have some other new suspects because some private
> email
> > seems knew from others. Also I have found other open sessions on the web
> > gui of my email provider, but I am abolutely sure I have done the logout
> > always.
> > I am using just chrome+unveil and I haven't used any other script or
> > opened pdf (maybe I have opened 1 or 2 pdf from inside of chrome). I have
> > used epiphany *only* to open the webmail because chrome crash. My email
> > provider support html (obviously) but generally photo are not loaded.
> > Ofcourse I have pf enable and few service.
> > I also use a vpn and I visit very few web site with chrome.. maybe 20 or
> > 25 website just to read news. Sometimes I search things about openbsd.
> > Anyone could help me ?
> > Cord.
> >
> >
> >
> >
>

Re: hacked for the second time

2019-04-03 Thread Zeb Packard 
If you've got money go here:  https://www.openbsd.org/support.html

If you don't have money go ask here: http://daemonforums.org/

Generally, msp, isp, it requests don't go on this list. You've posted no
evidence - a big no no. You need a high level of forensic verification
before you bring this problem to the list.

Good luck,

Zeb

On Wed, Apr 3, 2019 at 11:59 AM Cord  wrote:

> Hi,
> I have some heavy suspect that my openbsd box was been hacked for the
> second time in few weeks. The first time was been some weeks ago, I have
> got some suspects and after few checks I have found that someone was been
> connected to my vps via ssh on a non-standard port using my ssh key. The
> connection came from a tor exit node. There were been 2 connections and up
> since 5 days. Now I have some other new suspects because some private email
> seems knew from others. Also I have found other open sessions on the web
> gui of my email provider, but I am abolutely sure I have done the logout
> always.
> I am using just chrome+unveil and I haven't used any other script or
> opened pdf (maybe I have opened 1 or 2 pdf from inside of chrome). I have
> used epiphany *only* to open the webmail because chrome crash. My email
> provider support html (obviously) but generally photo are not loaded.
> Ofcourse I have pf enable and few service.
> I also use a vpn and I visit very few web site with chrome.. maybe 20 or
> 25 website just to read news. Sometimes I search things about openbsd.
> Anyone could help me ?
> Cord.
>
>
>
>

Re: hacked for the second time

2019-04-03 Thread Anders Andersson 
On Wed, Apr 3, 2019 at 8:58 PM Cord  wrote:
>
> Hi,
> I have some heavy suspect that my openbsd box was been hacked for the second 
> time in few weeks. The first time was been some weeks ago, I have got some 
> suspects and after few checks I have found that someone was been connected to 
> my vps via ssh on a non-standard port using my ssh key. The connection came 
> from a tor exit node. There were been 2 connections and up since 5 days. Now 
> I have some other new suspects because some private email seems knew from 
> others. Also I have found other open sessions on the web gui of my email 
> provider, but I am abolutely sure I have done the logout always.
> I am using just chrome+unveil and I haven't used any other script or opened 
> pdf (maybe I have opened 1 or 2 pdf from inside of chrome). I have used 
> epiphany *only* to open the webmail because chrome crash. My email provider 
> support html (obviously) but generally photo are not loaded. Ofcourse I have 
> pf enable and few service.
> I also use a vpn and I visit very few web site with chrome.. maybe 20 or 25 
> website just to read news. Sometimes I search things about openbsd.
> Anyone could help me ?
> Cord.


Sounds to me like you're letting someone else mess with your hardware
since you mention a VPS. I don't see how you could trust that in the
first place. They have complete access to every machine.

Re: hacked for the second time

2019-04-03 Thread Raul Miller 
If someone is using your ssh key and you do not want that to happen,
please replace your keys.

Thanks,

-- 
Raul

On Wed, Apr 3, 2019 at 2:58 PM Cord  wrote:
>
> Hi,
> I have some heavy suspect that my openbsd box was been hacked for the second 
> time in few weeks. The first time was been some weeks ago, I have got some 
> suspects and after few checks I have found that someone was been connected to 
> my vps via ssh on a non-standard port using my ssh key. The connection came 
> from a tor exit node. There were been 2 connections and up since 5 days. Now 
> I have some other new suspects because some private email seems knew from 
> others. Also I have found other open sessions on the web gui of my email 
> provider, but I am abolutely sure I have done the logout always.
> I am using just chrome+unveil and I haven't used any other script or opened 
> pdf (maybe I have opened 1 or 2 pdf from inside of chrome). I have used 
> epiphany *only* to open the webmail because chrome crash. My email provider 
> support html (obviously) but generally photo are not loaded. Ofcourse I have 
> pf enable and few service.
> I also use a vpn and I visit very few web site with chrome.. maybe 20 or 25 
> website just to read news. Sometimes I search things about openbsd.
> Anyone could help me ?
> Cord.
>
>
>

hacked for the second time

2019-04-03 Thread Cord 
Hi,
I have some heavy suspect that my openbsd box was been hacked for the second 
time in few weeks. The first time was been some weeks ago, I have got some 
suspects and after few checks I have found that someone was been connected to 
my vps via ssh on a non-standard port using my ssh key. The connection came 
from a tor exit node. There were been 2 connections and up since 5 days. Now I 
have some other new suspects because some private email seems knew from others. 
Also I have found other open sessions on the web gui of my email provider, but 
I am abolutely sure I have done the logout always.
I am using just chrome+unveil and I haven't used any other script or opened pdf 
(maybe I have opened 1 or 2 pdf from inside of chrome). I have used epiphany 
*only* to open the webmail because chrome crash. My email provider support html 
(obviously) but generally photo are not loaded. Ofcourse I have pf enable and 
few service.
I also use a vpn and I visit very few web site with chrome.. maybe 20 or 25 
website just to read news. Sometimes I search things about openbsd.
Anyone could help me ?
Cord.

Re: something like script(1) but for clipboard

2019-04-03 Thread Allan Streib 
Mihai Popescu  writes:

> I am looking for a command or port application to copy large text from
> terminal into the clipboard for immediate paste operation in another
> window. I use to do that with left mouse click select then middle
> click. It should be something like script(1), but for clipboard inside
> an X session.

Look at the xclip package.

Allan

Re: How to restrict ip to access a directory in OpenBSD's httpd

2019-04-03 Thread Stuart Henderson 
On 2019-04-03, =?utf-8?B?RnVuZw==?=  wrote:
> apache support somthing like
>
> Order Allow,Deny
> Allow from all
> Deny from 1.2.3.4
>
>
> How to achieve in OpenBSD's httpd?
> We are using OpenBSD 6.4.
>
>

There is no built-in simple way.

It can be done by having httpd listen on two different ports,
one allowing access to this directory, the other denying access,
and using a PF rdr-to rule to send traffic to the "allow access"
port if it has the correct source IP address. But this is a bit
of a mess.

Re: something like script(1) but for clipboard

2019-04-03 Thread Stuart Henderson 
On 2019-04-03, Mihai Popescu  wrote:
> Hello,
>
> I am looking for a command or port application to copy large text from
> terminal into the clipboard for immediate paste operation in another
> window. I use to do that with left mouse click select then middle
> click. It should be something like script(1), but for clipboard inside
> an X session.
>
> If there is no such thing, can you tell what you use for large text
> blocks who need scrolling? One reason for this will be the dmesg copy
> from terminal - I need to do multiple scrolling and keep track of
> lines.
>
> Thank you.
>
>

I normally pipe output through xclip (in packages). If you want to combine
that with script(1) you could always xclip < typescript ..

Re: bgpd between two 6.4 boxes. IPv6 flapping, IPv4 rock solid

2019-04-03 Thread Stuart Henderson 
On 2019-04-02, Rachel Roch  wrote:
>
>
>
> Mar 30, 2019, 11:10 AM by s...@spacehopper.org:
>
>> On 2019-03-29, Rachel Roch <> rr...@tutanota.de > 
>> > wrote:
>>
>>> Hi,
>>>
>>> Has anyone encountered this before ?
>>>
>>> Neighbor    AS    MsgRcvd    MsgSent  OutQ Up/Down  State/PrfRcvd
>>> EXT-V6-R2   65515 50 40 0 00:02:55 Active
>>> EXT-V4-R2   65515 38 37 0 00:27:42  1
>>> After approx just over 2 minutes, the V6 flaps, bu the V4 remains rock 
>>> solid.
>>>
>>> The boxes are sitting right next to each other, connected over an OpenBSD 
>>> LACP trunk.
>>>
>>> I have made the pf rules as simple as possible:
>>>
>>> table  counters {self}
>>> table  counters {192.0.2.1,2001:DB8::1}
>>> pass in quick proto {tcp,udp,icmp} from  to 
>>>  modulate state
>>> pass out quick proto {tcp,udp,icmp} from  to 
>>>  modulate state
>>>
>>
>> A few tips:
>>
>> Start with an explicit "block any" rule so you don't have any traffic
>> caught by the implicit "pass flags any no state" default. (If you want
>> some "stateless" traffic as may often be the case on a BGP router, make
>> it explicit in the ruleset). Otherwise you risk state being created 
>> on something other than a SYN, so PF doesn't know the TCP window scaling
>> value (which is *only* sent on SYN packets), which can result in the
>> connection being killed after some traffic passes (state tracking gets
>> out of sync).
>>
>> You don't have a rule for icmp6. IPv6's equivalent to ARP runs over icmp6
>> and you do need a rule for that. It will currently be passed by the implicit
>> default rule but that will stop when you add "block any"..
>>
>> "modulate state" really isn't as simple as possible ;)
>>
>
> A belated thanks for this !
>
> Re: icmp6:
> pass quick inet6 proto ipv6-icmp all icmp6-type neighbrsol
> pass quick inet6 proto ipv6-icmp all icmp6-type neighbradv
> pass quick inet6 proto ipv6-icmp all icmp6-type echoreq
> pass quick inet6 proto ipv6-icmp all icmp6-type echorep
>
> Re: "modulate state" I thought that was meant to be a good option these days 
> instead of one of the more traditional state techniques ?
>
>

"modulate state" can be useful for protecting machines with poor
sequence number generation, but OpenBSD already has good randomness
for this. At best (assuming no bugs in 'modulate state'), this
adds complexity and burns cpu cycles for no benefit,

something like script(1) but for clipboard

2019-04-03 Thread Mihai Popescu 
Hello,

I am looking for a command or port application to copy large text from
terminal into the clipboard for immediate paste operation in another
window. I use to do that with left mouse click select then middle
click. It should be something like script(1), but for clipboard inside
an X session.

If there is no such thing, can you tell what you use for large text
blocks who need scrolling? One reason for this will be the dmesg copy
from terminal - I need to do multiple scrolling and keep track of
lines.

Thank you.