Re: Good Quality Microphone for Podcasts compatible with OpenBSD

[Thomas Frohwein]

I've been doing screencasts to Twitch from OpenBSD that improved significantly 
with the Samson Meteor Mic, a USB Mic. No compatibility issues there, and I'm 
very pleased with the quality. 

Re: Best 1Gbe NIC

[b2s2d]

On 2019-08-02 08:26, Claudio Jeker wrote:

On Fri, Aug 02, 2019 at 12:28:58PM +0100, Andy Lemin wrote:

Ahhh, thank you!

I didn’t realise this had changed and now the drivers are written with
full knowledge of the interface.


That is an overstatement but we know for sure a lot more about these 
cards

then many other less open ones.

So that would make Intel Server NICs (i350 for example) some of the 
best

1Gbe cards nowadays then?


They are well supported by OpenBSD as are many other server nics like 
bge

and bnx. I would not call them best, when it comes to network cards it
seems to be a race to the bottom. All chips have stuff in them that is
just not great. em(4) for example needs a major workaround because the
buffersize is specified by a bitfield.

My view is more pessimistic, all network cards are shit there are just
some that are less shitty. Also I prefer to use em(4) over most other
gigabit cards.

--
:wq Claudio


Amen to that!! Especially Intel EIG44ET2 4-port GbE Nic.

Zann





Sent from a teeny tiny keyboard, so please excuse typos

> On 2 Aug 2019, at 09:52, Jonathan Gray  wrote:
>
>> On Fri, Aug 02, 2019 at 09:19:09AM +0100, Andy Lemin wrote:
>> Hi list,
>>
>> I know this is a rather classic question, but I have searched a lot on this 
again recently, and I just cannot find any conclusive up to date information?
>>
>> I am looking to buy the best 1Gbe NIC possible for OpenBSD and the only 
official comments I can find relate to 3COM for ISA, or community consensus towards 
Chelsio for 10Gbe.
>>
>> I know Intel works ok and I???ve used the i350???s before, but my 
understanding is that Intel still doesn???t provide the documentation for their NICs 
and so the emX driver is reverse engineered.
>
> This is incorrect.  Intel provides datasheets for Ethernet parts.
> em(4) is derived from Intel authored code for FreeBSD supplied under a
> permissive license.
>
>>
>> And if I remember correctly some offload features were also disabled in the 
emX driver a while back as some functions where found to be insecure on die and so it 
was deemed safer to bring the logic back on CPU.
>>
>> So I???m looking for the best 1Gbe NIC that supports the most 
offloading/best driver support/performance etc.
>>
>> Thanks, Andy.
>>
>> PS; could we update the official supported hardware lists? ;)
>> All the best.
>>
>>
>> Sent from a teeny tiny keyboard, so please excuse typos
>>

Re: openrsync and rrsync - strange error on symlinks

[Theo de Raadt]

I believe the unveil() code in rsync is completely wrong and should
be deleted.

Jiri B  wrote:

> Hi,
> 
> I use rrsync[1] wrapper in SSH key via `command=` option to restrict
> mode and path of called rsync program.
> 
> I discovered some strange difference related to symlinks between rsync
> and openrsync when called via rrsync wrapper.
> openrsync errors with:
> 
> /usr/src/usr.bin/rsync/symlinks.c:48: error:
> ./pub/www/xx.info/themes/minimal/archetypes/test.md:
> readlink: No such file or directory
> 
> even symlink is OK, see below.
> 
> Any idea what's going on?
> 
> Jiri
> 
> [1] https://www.samba.org/ftp/unpacked/rsync/support/rrsync
> 
> # sysctl kern.version
> kern.version=OpenBSD 6.5-beta (GENERIC.MP) #192: Fri Aug  9 23:41:57 MDT 2019
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> 
> GOAL
> 
> 
> I'm trying to synchronize following test tree from remote OpenBSD
> machine to a Linux client.
> 
> # uname -s ; find /data/share/testovic/ -ls
> OpenBSD
> 153538568 drwxr-xr-x3 root wheel 512 Aug 15 23:26
> /data/share/testovic/
> 153538570 -rw-r--r--1 root wheel   0 Aug 15 23:10
> /data/share/testovic/test1
> 153538580 lrwxr-xr-x1 root wheel  12 Aug 15 23:10
> /data/share/testovic/test2 -> /nonexistent
> 153538590 lrwxr-xr-x1 root wheel   5 Aug 15 23:20
> /data/share/testovic/test3 -> test1
> 153538608 drwxr-xr-x3 root wheel 512 Aug 15 23:25
> /data/share/testovic/pub
> 153538618 drwxr-xr-x3 root wheel 512 Aug 15 23:25
> /data/share/testovic/pub/www
> 153538628 drwxr-xr-x3 root wheel 512 Aug 15 23:25
> /data/share/testovic/pub/www/xx.info
> 153538638 drwxr-xr-x3 root wheel 512 Aug 15 23:25
> /data/share/testovic/pub/www/xx.info/themes
> 153538648 drwxr-xr-x3 root wheel 512 Aug 15 23:25
> /data/share/testovic/pub/www/xx.info/themes/minimal
> 153538658 drwxr-xr-x2 root wheel 512 Aug 15 23:26
> /data/share/testovic/pub/www/xx.info/themes/minimal/archetypes
> 153538668 -rw-r--r--1 root wheel 865 Aug 15 23:26
> /data/share/testovic/pub/www/xx.info/themes/minimal/archetypes/post.md
> 153538670 lrwxr-xr-x1 root wheel   7 Aug 15 23:26
> /data/share/testovic/pub/www/xx.info/themes/minimal/archetypes/test.md
> -> post.md
> 
> 1 - /usr/local/bin/rsync via rrsync wrapper
> =
> 
> rrsync should restrict to reads only and only from /data/share/testovic path
> 
> from="192.168.1.7",command="${HOME}/bin/rrsync -ro
> /data/share/testovic/",restrict ssh-ed25519
> C3NzaC1lZDI1NTE5IHd0j7FwSIF+b4QylSQHRoUyPR+9YQJrqj5jPngUmReC
> 
> from client, reading from remote machine:
> 
> # rsync -vva gw-share: ./
> opening connection using: ssh gw-share rsync --server --sender
> -vvlogDtpre.iLsfxC . .  (8 args)
> receiving incremental file list
> delta-transmission enabled
> ./
> test1
> test2 -> /nonexistent
> test3 -> test1
> pub/
> pub/www/
> pub/www/xx.info/
> pub/www/xx.info/themes/
> pub/www/xx.info/themes/minimal/
> pub/www/xx.info/themes/minimal/archetypes/
> pub/www/xx.info/themes/minimal/archetypes/post.md
> pub/www/xx.info/themes/minimal/archetypes/test.md -> post.md
> total: matches=0  hash_hits=0  false_alarms=0 data=865
> 
> sent 106 bytes  received 1,402 bytes  3,016.00 bytes/sec
> total size is 889  speedup is 0.59
> 
> 2 - openrsync via rrsync wrapper
> 
> 
> # grep openrsync ${HOME}/bin/rrsync
> use constant RSYNC => '/usr/bin/openrsync';
> 
> from="192.168.1.7",command="${HOME}/bin/rrsync -ro
> /data/share/testovic/",restrict ssh-ed25519
> C3NzaC1lZDI1NTE5IHd0j7FwSIF+b4QylSQHRoUyPR+9YQJrqj5jPngUmReC
> 
> # rsync -vva gw-share: ./
> opening connection using: ssh gw-share rsync --server --sender
> -vvlogDtpre.iLsfxC . .  (8 args)
> receiving file list ... /usr/src/usr.bin/rsync/server.c:99: server
> detected client version 31, server version 27, seed 334847798
> /usr/src/usr.bin/rsync/server.c:102: server starting sender
> /usr/src/usr.bin/rsync/symlinks.c:48: error:
> ./pub/www/xx.info/themes/minimal/archetypes/test.md:
> readlink: No such file or directory
> /usr/src/usr.bin/rsync/flist.c:985: error: symlink_read
> /usr/src/usr.bin/rsync/flist.c:1032: error: flist_gen_dirent
> /usr/src/usr.bin/rsync/sender.c:391: error: flist_gen
> /usr/src/usr.bin/rsync/server.c:124: error: rsync_sender
> 
> rsync: connection unexpectedly closed (0 bytes received so far) [Receiver]
> rsync error: error in rsync protocol data stream (code 12) at
> io.c(226) [Receiver=3.1.3]
> 

openrsync and rrsync - strange error on symlinks

[Jiri B]

Hi,

I use rrsync[1] wrapper in SSH key via `command=` option to restrict
mode and path of called rsync program.

I discovered some strange difference related to symlinks between rsync
and openrsync when called via rrsync wrapper.
openrsync errors with:

/usr/src/usr.bin/rsync/symlinks.c:48: error:
./pub/www/xx.info/themes/minimal/archetypes/test.md:
readlink: No such file or directory

even symlink is OK, see below.

Any idea what's going on?

Jiri

[1] https://www.samba.org/ftp/unpacked/rsync/support/rrsync

# sysctl kern.version
kern.version=OpenBSD 6.5-beta (GENERIC.MP) #192: Fri Aug  9 23:41:57 MDT 2019
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

GOAL


I'm trying to synchronize following test tree from remote OpenBSD
machine to a Linux client.

# uname -s ; find /data/share/testovic/ -ls
OpenBSD
153538568 drwxr-xr-x3 root wheel 512 Aug 15 23:26
/data/share/testovic/
153538570 -rw-r--r--1 root wheel   0 Aug 15 23:10
/data/share/testovic/test1
153538580 lrwxr-xr-x1 root wheel  12 Aug 15 23:10
/data/share/testovic/test2 -> /nonexistent
153538590 lrwxr-xr-x1 root wheel   5 Aug 15 23:20
/data/share/testovic/test3 -> test1
153538608 drwxr-xr-x3 root wheel 512 Aug 15 23:25
/data/share/testovic/pub
153538618 drwxr-xr-x3 root wheel 512 Aug 15 23:25
/data/share/testovic/pub/www
153538628 drwxr-xr-x3 root wheel 512 Aug 15 23:25
/data/share/testovic/pub/www/xx.info
153538638 drwxr-xr-x3 root wheel 512 Aug 15 23:25
/data/share/testovic/pub/www/xx.info/themes
153538648 drwxr-xr-x3 root wheel 512 Aug 15 23:25
/data/share/testovic/pub/www/xx.info/themes/minimal
153538658 drwxr-xr-x2 root wheel 512 Aug 15 23:26
/data/share/testovic/pub/www/xx.info/themes/minimal/archetypes
153538668 -rw-r--r--1 root wheel 865 Aug 15 23:26
/data/share/testovic/pub/www/xx.info/themes/minimal/archetypes/post.md
153538670 lrwxr-xr-x1 root wheel   7 Aug 15 23:26
/data/share/testovic/pub/www/xx.info/themes/minimal/archetypes/test.md
-> post.md

1 - /usr/local/bin/rsync via rrsync wrapper
=

rrsync should restrict to reads only and only from /data/share/testovic path

from="192.168.1.7",command="${HOME}/bin/rrsync -ro
/data/share/testovic/",restrict ssh-ed25519
C3NzaC1lZDI1NTE5IHd0j7FwSIF+b4QylSQHRoUyPR+9YQJrqj5jPngUmReC

from client, reading from remote machine:

# rsync -vva gw-share: ./
opening connection using: ssh gw-share rsync --server --sender
-vvlogDtpre.iLsfxC . .  (8 args)
receiving incremental file list
delta-transmission enabled
./
test1
test2 -> /nonexistent
test3 -> test1
pub/
pub/www/
pub/www/xx.info/
pub/www/xx.info/themes/
pub/www/xx.info/themes/minimal/
pub/www/xx.info/themes/minimal/archetypes/
pub/www/xx.info/themes/minimal/archetypes/post.md
pub/www/xx.info/themes/minimal/archetypes/test.md -> post.md
total: matches=0  hash_hits=0  false_alarms=0 data=865

sent 106 bytes  received 1,402 bytes  3,016.00 bytes/sec
total size is 889  speedup is 0.59

2 - openrsync via rrsync wrapper


# grep openrsync ${HOME}/bin/rrsync
use constant RSYNC => '/usr/bin/openrsync';

from="192.168.1.7",command="${HOME}/bin/rrsync -ro
/data/share/testovic/",restrict ssh-ed25519
C3NzaC1lZDI1NTE5IHd0j7FwSIF+b4QylSQHRoUyPR+9YQJrqj5jPngUmReC

# rsync -vva gw-share: ./
opening connection using: ssh gw-share rsync --server --sender
-vvlogDtpre.iLsfxC . .  (8 args)
receiving file list ... /usr/src/usr.bin/rsync/server.c:99: server
detected client version 31, server version 27, seed 334847798
/usr/src/usr.bin/rsync/server.c:102: server starting sender
/usr/src/usr.bin/rsync/symlinks.c:48: error:
./pub/www/xx.info/themes/minimal/archetypes/test.md:
readlink: No such file or directory
/usr/src/usr.bin/rsync/flist.c:985: error: symlink_read
/usr/src/usr.bin/rsync/flist.c:1032: error: flist_gen_dirent
/usr/src/usr.bin/rsync/sender.c:391: error: flist_gen
/usr/src/usr.bin/rsync/server.c:124: error: rsync_sender

rsync: connection unexpectedly closed (0 bytes received so far) [Receiver]
rsync error: error in rsync protocol data stream (code 12) at
io.c(226) [Receiver=3.1.3]

Re: IPv6 problems

[Thomas Bohl]

I have taken a look at the website of my hosting provider.

My IPv6 gateway would be fe80::1.

When trying to add the route manually i get "network unreachable".


https://marc.info/?l=openbsd-misc=156572276103920=2

SCNR

Re: IPv6 problems

[Denis Fondras]

On Thu, Aug 15, 2019 at 06:50:09PM +0200, list wrote:
> Hi,
> 
> EDIT:
> 
> I have taken a look at the website of my hosting provider.
> 
> My IPv6 gateway would be fe80::1.
> 
> When trying to add the route manually i get "network unreachable".
> 

Did you specify the output interface ? With LL addresses, you need to specify 
it.

route add -inet6 default fe80::1%vio0

Re: IPv6 problems

[list]

Hi,

EDIT:

I have taken a look at the website of my hosting provider.

My IPv6 gateway would be fe80::1.

When trying to add the route manually i get "network unreachable".

Which leaves me puzzeled. 

Stephan

On 8/14/19 11:08 PM, gwes wrote:
> On 8/14/19 4:45 PM, freda_bundc...@nym.hush.com wrote:
>> Hi, I just thought since the interface was vio that you're running in
>> a virtual
>> environment. Providers like Vultr say "Important Note: If you add an
>> IPv6
>> subnet to an existing machine, you must restart the server via the Vultr
>> control panel before IPv6 will work. Restarting via SSH or similar is
>> not
>> sufficient. IPv6 would not work at all until the server has been
>> restarted."
>>
> If the provider says anything like this and the VM hasn't been hard reset
> via the VM host all bets are off
>
>

PF: divert-to with bridge

[Olivier Cherrier]

Hi,

I'm experiencing similar issue than
https://marc.info/?l=openbsd-misc=136934201423696=2
with -current on an i386 APU2.

The problem is the divert-to rule is not working on interfaces that are
part of a bridge(4).

Is it a know issue?

Thank you,
Best

-- 
Olivier Cherrier
Phone: +352691754777
mailto:o...@symacx.com

Re: IPv6 problems

[list]

Hey,

thanks for the answers,

so ..

I firstly got rid of the alias and the manual routes.

1.) "Can you ping your own IPv6 address ?"

Yes i can. Works as expected.

2.) "tcpdump -ni vio0 -s 1500 icmp6"

results in alot of "neigbor sol".

3.) "Who are you trying to ping?"

I have a /64 for myself so I tried to ping google.com for example.

4.) "You must see them for your gateway"

This i do not. When trying to ping google I see the echo requests for
the IPv6 of google but not for my gateway. I haven't configured a
gateway for IPv6 at all. That could be the problem ? Do I have to do that ?

5.) "ndp -a"

I am missing the entry for my gateway completely.

6.) "netstat -s"

Looks fine. No zeros.

So I guess it has to do with my gateway that I haven't configured
anywhere to act as one.

When trying to add the gateway (which i learnt from looking at the
tcpdump output) manually i get "network is unreachable".

Hmm... 

Can you pull anything from that ?


Regards,

Stephan

On 8/14/19 11:05 PM, gwes wrote:
>
>
> On 8/14/19 2:36 PM, list wrote:
>> My hostname.vio0 now looks like this:
>>
>>      inet6 alias /64
>>      !route add -inet6 default fe80::2de:361a:24aa:d7a6%vio
>> When doing a "ifconfig vio0" I get:
>>
>>  vio0: flags=8843 mtu 1500
>>
>> [...]
>>  inet6 fe80::2de:361a:24aa:d7a6%vio0 prefixlen 64 scopeid 0x1
>>  inet6  prefixlen 64
> Take the "alias" out of your inet6 line in your hostname.vio0
>
> Since your interface is vio0 I am assuming you are running a
> guest VM on a server. I am also assuming that ip4 traffic is passing.
>
> Your VM server should be sending you Route Advertisement messages.
> You shouldn't have to set any route yourself. Doing so will confuse
> things mightily.
>
> Can you ping your own ipv6 address? If not something is really strange.
>
> If you say
> # tcpdump -ni -s 1500 icmp6
>
> You should eventually see (lines wrapped)
>
> 13:17:46.508540 fe80::669e:f3ff:feec:fc7f > ff02::1:
>   icmp6: router advertisement [class 0xe0]
> Along with
>
> 13:17:19.309191 your_gateway_ip6 > 2xxx0::1:
>   icmp6: neighbor sol: who has 2xxx0::1
> 13:17:19.311828 2xxx0::1 > 2xxx0::2:
>       icmp6: neighbor adv: tgt is 2xxx0::1 [class 0xe0]
>
>  It may take up to 20 minutes to see these messages.
>
> If you never see any route advertisements your server isn't configured
> to give you inet6 service.
>
> Who are you trying to ping? Someone on your /64 or someone outside?
> You must see neighbor solicitation msgs if you try to ping someone
> on your /64. You must see them for your gateway if you try to ping
> someone outside. Keep the tcpdump running and do the pings from
> another virtual terminal.
>
> If you say
> # ndp -a
>
> You should see
>
> Neighbor Linklayer Address   Netif
> Expire    S Flags
> your_gateway             64:9e:f3:ec:fc:7f    vio0
> 4s    D R
> your_hostname    52:54:00:27:22:43    vio0
> permanent R l
> fe80::669e:f3ff:feec:fc7f%vio0   64:9e:f3:ec:fc:7f    vio0
> 23h58m18s S R
> fe80::bd8b:afb3:be72:bd06%vio0   52:54:00:27:22:43    vio0
> permanent R l
>
> If you say
> # netstat -s
> Among a ***lot*** of other statistics you should see something like
> ip6:
>     1312572 total packets received <<<
>     907754 packets for this host <<<
>     1107139 packets sent from this host <<<
> .
> icmp6:
>     640 calls to icmp6_error
>     Output packet histogram:
>     unreach: 640
>     echo reply: 1328
>     multicast listener report: 6
>     neighbor solicitation: 137965
>     neighbor advertisement: 137761
> 
>     Input packet histogram:
>     echo: 1328
>     router advertisement: 56998 
>     neighbor solicitation: 137770 
>     neighbor advertisement: 137956 
>
> .
>
> The netstat -s output should show nonzero in the marked lines.
>
> If you CAN ping hosts on your /64 and you CAN'T ping anyone else
> if you CAN ping your gateway as a last resort set your default
> ipv6 route via that host.
>
> If things still don't work, excerpts of netstat -s
> and the output from ndp -an and tcpdump -ni icmp6 should be informative.
>
> geoff steckel
>
>
>

Re: Recommended web and database server specification

[Nick Holland]

On 8/14/19 9:20 PM, Aaron Mason wrote:
> Hi Tito
> 
> Can you tell us more about the database?  How often will its data be
> changed, added to, etc? How much data do you have?  How complex are
> your DB queries?  These answers will help determine the RAM and
> processor requirements for the database.
> 
> As for the web server daemon itself, I think Reyk Floeter would be the
> best placed to answer that question - also paging Nick Holland for
> more hardware expertise.
> 
> On Thu, Aug 15, 2019 at 12:57 PM Tito Mari Francis Escano
>  wrote:
>>
>> Hi to everyone at misc,
>>
>> I'm recently working on an OpenBSD-based PHP7 web application with
>> PostgreSQL-backend for a local government agency and was wondering what
>> would you recommend as the acceptable server specification. This web
>> application won't reach the Google or Facebook level of visits per day,
>> but I was hoping to prepare this be deployed and run for quite a long
>> time and ready for about 60,000 visits per day at most.
>>
>> Your advise and recommendation would be greatly appreciated. Thanks so much.

Dang, somehow, I've got a bad habit of hitting CTRL-ENTER at the end of 
lines, and that's "SEND" on some mail clients.  Did that twice in the
24 hours on two different mail clients.  sigh.

ANYWAY...

60,000 hits per day isn't the question.  Rarely does load come in evenly
spread out, usual things are spikey -- after school, after work, before
work, whatever.  So the scaling question is "how many hits per second
can you expect peak?" and "how much delay will your users tolerate at
that peak moment?"

And really, you need to test your own app in your own environment with
your expected peak load.

IF your bosses are insisting on "buy once for five years", you are going
to horribly overspend.  They are damn fools.  But, they are also "The
Boss", so you live by 'em.  You will save a lot of money by buying
something that will PROBABLY work for a year or so, and replace it *IF*
it turns out to be undersized.

If you want to do it right, take an old pc with a standard SATA disk,
build it out as a web server, and load test it with your peak expected
load with your application being used in a realistic way.  If it works,
get a faster server with more memory and use SSDs, and you will be in
great shape. 

Nick.

Re: Recommended web and database server specification

[Nick Holland]

On 8/14/19 9:20 PM, Aaron Mason wrote:
> Hi Tito
> 
> Can you tell us more about the database?  How often will its data be
> changed, added to, etc? How much data do you have?  How complex are
> your DB queries?  These answers will help determine the RAM and
> processor requirements for the database.
> 
> As for the web server daemon itself, I think Reyk Floeter would be the
> best placed to answer that question - also paging Nick Holland for
> more hardware expertise.
> 
> On Thu, Aug 15, 2019 at 12:57 PM Tito Mari Francis Escano
>  wrote:
>>
>> Hi to everyone at misc,
>>
>> I'm recently working on an OpenBSD-based PHP7 web application with
>> PostgreSQL-backend for a local government agency and was wondering what
>> would you recommend as the acceptable server specification. This web
>> application won't reach the Google or Facebook level of visits per day,
>> but I was hoping to prepare this be deployed and run for quite a long
>> time and ready for about 60,000 visits per day at most.
>>
>> Your advise and recommendation would be greatly appreciated. Thanks so much.

heh.  got called out, doesn't take much to make me start talking. :)

Re: Recommended web and database server specification

[Roderick]

On Thu, 15 Aug 2019, Roderick wrote:


It [sqlite] is good integrated with tcl, hence I would use as server:

https://de.wikipedia.org/wiki/NaviServer


I mean, I would not use php. :)

Re: Recommended web and database server specification

[Roderick]

On Thu, 15 Aug 2019, Tito Mari Francis Escano wrote:

to prepare this be deployed and run for quite a long time and ready for about 
60,000 visits per day at most.


Perhaps sqlite:

https://www.sqlite.org/whentouse.html

It is good integrated with tcl, hence I would use as server:

https://de.wikipedia.org/wiki/NaviServer

Rodrigo