Re: httpd - bypass tls misconfig different ciphers, ecdhe
On Sun, August 16, 2020 3:20 pm, hisacro wrote: > On Sun, Aug 16, 2020 at 02:34:27PM -0400, trondd wrote: > >> Oh, I see what you're doing. BOTH listen lines are active in the second >> server block. When you connect to port 443 with that config, which TLS >> settings does it use? I want to guess that because you're lisening on >> port 8000 without tls first, the listen with tls is skipped along with >> the >> tls block below it. > > No, listen TLS isn't skipped for sub.domain.tld > That's not what I see. With the additional listen line, allowing httpd to start, my sub domain server is using the tls setup from the main server tls block except for the cert and key to support SNI. Change the additional listen line to tls and you'll see that one will pick up the tls block as it's on a different port. I think my initial assessment stands. You can't have different tls blocks on the same ip/port except certificates and keys for SNI It explicitly does a check to make sure that the other parameters match. The bug here is in how additional listen lines interact with the remaining configuration. The first listen line in a server block gets the tls block and it doesn't get applied to the second listen line. Except for certs and keys which are handled differently for SNI.
Re: aggr(4) not working with Intel XXV710 SFP28 on a Supermicro X11DPi-N(T)
On Wed, Aug 19, 2020 at 12:00 AM Winfred Harrelson wrote: > > On Tue, Aug 18, 2020 at 04:53:42PM +1000, Jonathan Matthew wrote: > > > > This sounds like multicast filters aren't working properly with your nic. > > trunk(4) puts trunk ports in promisc mode, so multicast filters don't > > matter, > > but aggr(4) doesn't. Could you try running 'tcpdump -ni ixl0' for a while > > and > > see if that side of the aggr starts working? > > I left the tcpdump running for a little over 5 minutes but that changed > nothing: > Did anything come up on the tcpdump while it was running? Maybe there's a clue there. -- Aaron Mason - Programmer, open source addict I've taken my software vows - for beta or for worse
anyone running a Thinkpad T15 Gen1 with 4k display
anyone running a Thinkpad T15 Gen1 with 4k display Im looking for a new laptop and I would like to Run OpenBSD on it also ... I was looking for the T series, and Im wondering is anyone running the T15 Ggen 1 with Nvidia NVIDIA GeForce MX330 GDDR5 2GB 64bits Intel Wi-Fi 6 AX201 2x2ax does anyone have experience with this Laptop... thanks Tom Smyth -- Kindest regards, Tom Smyth.
Re: Anyone tried NanoPi R2S or a 2 LAN SBC?
On Tue, Aug 18, 2020 at 09:59:29PM +0200, Dani Deni wrote: > Hello, > > trying to find a low powered single board computer with two gigabit LAN for > router purposes. > > already checked the https://www.openbsd.org/arm64.html page, but google > doesn't brings up any arm64 based SBC with 2 gigabit network ports that > OpenBSD supports. > > or the NanoPi R2S can run OpenBSD? Anyone tried? > > https://www.friendlyarm.com/index.php?route=product/product_id=282 > > 22$ ! cheap, low power usage and two gbit ethernet! It would be great if > they wouldn't officially advert it with some custom OS :( I have one, and I actually ordered a few more. First thing you need is U-Boot. There is a patchset on the u-boot mailing lists. The DTB part of that u-boot is good enough to boot, but I don't see the USB show up. I think for that we'd need to find another DTB. Also, if you look through the lists, there's someone who already made it work before. The price itself isn't as nice anymore once you order it with a few things, like case and... shipping costs.
Re: Anyone tried NanoPi R2S or a 2 LAN SBC?
On 8/18/20 1:59 PM, Dani Deni wrote: Hello, trying to find a low powered single board computer with two gigabit LAN for router purposes. already checked the https://www.openbsd.org/arm64.html page, but google doesn't brings up any arm64 based SBC with 2 gigabit network ports that OpenBSD supports. or the NanoPi R2S can run OpenBSD? Anyone tried? https://www.friendlyarm.com/index.php?route=product/product_id=282 22$ ! cheap, low power usage and two gbit ethernet! It would be great if they wouldn't officially advert it with some custom OS :( With metal case to keep it from overheating (+$6.00), USB power supply and shipping to USA/Montana (DHL 10-17 days/$27, SF-Express 5-14 days/$42) for a total of $59.99/$74.99 this no longer falls into the category of "let's get one just to see!" Just saying.
USA kernel hackers looking for a $120k+ job?
I’m applying for federal grant which will hopefully start about March or April and I’m looking for somebody who can work on OpenBSD and in C (perhaps with a touch of python) to do the server side of an extraordinary dating app which will be able to prove STD uninfectiousness! -- -Luke
Anyone tried NanoPi R2S or a 2 LAN SBC?
Hello, trying to find a low powered single board computer with two gigabit LAN for router purposes. already checked the https://www.openbsd.org/arm64.html page, but google doesn't brings up any arm64 based SBC with 2 gigabit network ports that OpenBSD supports. or the NanoPi R2S can run OpenBSD? Anyone tried? https://www.friendlyarm.com/index.php?route=product/product_id=282 22$ ! cheap, low power usage and two gbit ethernet! It would be great if they wouldn't officially advert it with some custom OS :(
Re: aggr(4) not working with Intel XXV710 SFP28 on a Supermicro X11DPi-N(T)
On Tue, Aug 18, 2020 at 04:53:42PM +1000, Jonathan Matthew wrote: > On Mon, Aug 17, 2020 at 03:32:35PM -0400, Winfred Harrelson wrote: > > On Mon, Aug 17, 2020 at 03:40:47PM +0200, Hrvoje Popovski wrote: > > > On 17.8.2020. 11:46, Stuart Henderson wrote: > > > > On 2020-08-15, Hrvoje Popovski wrote: > > > >> On 15.8.2020. 0:48, Hrvoje Popovski wrote: > > > >>> On 12.8.2020. 15:18, Winfred Harrelson wrote: > > > On Tue, Aug 11, 2020 at 07:52:10PM +0100, Tom Smyth wrote: > > > > Hi Winfred, > > > > the intel 710 is a complex card, I would suggest that you try > > > > updating the > > > > firmware on the card, available from intel.com or your card vendor, > > > > you may have to boot to a live linux cd to apply the firmware > > > > update, > > > > > > > > but I had some issues with the Intel XL710 cards and I had to > > > > update the > > > > firmware to get it working stable, > > > > > > > > I hope this helps > > > > Tom Smyth > > > > > > Adding misc@openbsd.org back to the CC for the record. > > > > > > Thanks for the quick reply. I didn't reply back yesterday because I > > > was having trouble getting the firmware updated from a Linux boot > > > disk. > > > I ended up having to try from a Windows boot disk. Unfortunately, I > > > am getting the same thing again: > > > > > > > > > wharrels@styx2:/home/wharrels# dmesg | grep ^ixl > > > ixl0 at pci5 dev 0 function 0 "Intel XXV710 SFP28" rev 0x02: port 0, > > > FW 8.0.61820 API 1.11, msix, 8 queues, address 3c:fd:fe:ed:b7:28 > > > ixl1 at pci5 dev 0 function 1 "Intel XXV710 SFP28" rev 0x02: port 1, > > > FW 8.0.61820 API 1.11, msix, 8 queues, address 3c:fd:fe:ed:b7:29 > > > ixl2 at pci8 dev 0 function 0 "Intel XXV710 SFP28" rev 0x02: port 0, > > > FW 8.0.61820 API 1.11, msix, 8 queues, address 3c:fd:fe:eb:19:b0 > > > ixl3 at pci8 dev 0 function 1 "Intel XXV710 SFP28" rev 0x02: port 1, > > > FW 8.0.61820 API 1.11, msix, 8 queues, address 3c:fd:fe:eb:19:b1 > > > ixl4 at pci12 dev 0 function 0 "Intel X722 10GBASE-T" rev 0x09: port > > > 0, FW 3.1.57069 API 1.5, msix, 8 queues, address 3c:ec:ef:1a:df:f2 > > > ixl5 at pci12 dev 0 function 1 "Intel X722 10GBASE-T" rev 0x09: port > > > 1, FW 3.1.57069 API 1.5, msix, 8 queues, address 3c:ec:ef:1a:df:f3 > > > > > > Yup, all the XXV710 cards have been updated to newest firmware. > > > > > > Now for the (failed) attempt: > > > > > > wharrels@styx2:/etc# ifconfig ixl0 > > > ixl0: flags=8843 mtu 1500 > > > lladdr 3c:fd:fe:ed:b7:28 > > > index 1 priority 0 llprio 3 > > > media: Ethernet autoselect (25GbaseSR full-duplex) > > > status: active > > > wharrels@styx2:/etc# ifconfig ixl2 > > > ixl2: flags=8843 mtu 1500 > > > lladdr 3c:fd:fe:eb:19:b0 > > > index 3 priority 0 llprio 3 > > > media: Ethernet autoselect (25GbaseSR full-duplex) > > > status: active > > > wharrels@styx2:/etc# ifconfig aggr1 create > > > wharrels@styx2:/etc# ifconfig aggr1 trunkport ixl0 > > > wharrels@styx2:/etc# ifconfig aggr1 trunkport ixl2 > > > wharrels@styx2:/etc# ifconfig aggr1 up > > > wharrels@styx2:/etc# ifconfig aggr1 > > > aggr1: flags=8843 mtu 1500 > > > lladdr fe:e1:ba:d0:7c:e9 > > > index 11 priority 0 llprio 7 > > > trunk: trunkproto lacp > > > trunk id: [(8000,fe:e1:ba:d0:7c:e9,000B,,), > > > (,00:00:00:00:00:00,,,)] > > > ixl0 lacp actor system pri 0x8000 mac > > > fe:e1:ba:d0:7c:e9, key 0xb, port pri 0x8000 number 0x1 > > > ixl0 lacp actor state activity,aggregation,defaulted > > > ixl0 lacp partner system pri 0x0 mac > > > 00:00:00:00:00:00, key 0x0, port pri 0x0 number 0x0 > > > ixl0 lacp partner state activity,aggregation,sync > > > ixl0 port > > > ixl2 lacp actor system pri 0x8000 mac > > > fe:e1:ba:d0:7c:e9, key 0xb, port pri 0x8000 number 0x3 > > > ixl2 lacp actor state activity,aggregation,defaulted > > > ixl2 lacp partner system pri 0x0 mac > > > 00:00:00:00:00:00, key 0x0, port pri 0x0 number 0x0 > > > ixl2 lacp partner state activity,aggregation,sync > > > ixl2 port > > > groups: aggr > > > media: Ethernet autoselect > > > status: no carrier > > > > > > > > > > > > I tried doing another sysupgrade this morning just in case something > > > had changed overnight but no luck. Any other ideas? > > > > > > Winfred > > > > > > >>> > > > >>> Hi, > > > >>> > > > >>>
Re: aggr(4) not working with Intel XXV710 SFP28 on a Supermicro X11DPi-N(T)
On Mon, Aug 17, 2020 at 03:32:35PM -0400, Winfred Harrelson wrote: > On Mon, Aug 17, 2020 at 03:40:47PM +0200, Hrvoje Popovski wrote: > > On 17.8.2020. 11:46, Stuart Henderson wrote: > > > On 2020-08-15, Hrvoje Popovski wrote: > > >> On 15.8.2020. 0:48, Hrvoje Popovski wrote: > > >>> On 12.8.2020. 15:18, Winfred Harrelson wrote: > > On Tue, Aug 11, 2020 at 07:52:10PM +0100, Tom Smyth wrote: > > > Hi Winfred, > > > the intel 710 is a complex card, I would suggest that you try > > > updating the > > > firmware on the card, available from intel.com or your card vendor, > > > you may have to boot to a live linux cd to apply the firmware update, > > > > > > but I had some issues with the Intel XL710 cards and I had to update > > > the > > > firmware to get it working stable, > > > > > > I hope this helps > > > Tom Smyth > > > > Adding misc@openbsd.org back to the CC for the record. > > > > Thanks for the quick reply. I didn't reply back yesterday because I > > was having trouble getting the firmware updated from a Linux boot disk. > > I ended up having to try from a Windows boot disk. Unfortunately, I > > am getting the same thing again: > > > > > > wharrels@styx2:/home/wharrels# dmesg | grep ^ixl > > ixl0 at pci5 dev 0 function 0 "Intel XXV710 SFP28" rev 0x02: port 0, > > FW 8.0.61820 API 1.11, msix, 8 queues, address 3c:fd:fe:ed:b7:28 > > ixl1 at pci5 dev 0 function 1 "Intel XXV710 SFP28" rev 0x02: port 1, > > FW 8.0.61820 API 1.11, msix, 8 queues, address 3c:fd:fe:ed:b7:29 > > ixl2 at pci8 dev 0 function 0 "Intel XXV710 SFP28" rev 0x02: port 0, > > FW 8.0.61820 API 1.11, msix, 8 queues, address 3c:fd:fe:eb:19:b0 > > ixl3 at pci8 dev 0 function 1 "Intel XXV710 SFP28" rev 0x02: port 1, > > FW 8.0.61820 API 1.11, msix, 8 queues, address 3c:fd:fe:eb:19:b1 > > ixl4 at pci12 dev 0 function 0 "Intel X722 10GBASE-T" rev 0x09: port > > 0, FW 3.1.57069 API 1.5, msix, 8 queues, address 3c:ec:ef:1a:df:f2 > > ixl5 at pci12 dev 0 function 1 "Intel X722 10GBASE-T" rev 0x09: port > > 1, FW 3.1.57069 API 1.5, msix, 8 queues, address 3c:ec:ef:1a:df:f3 > > > > Yup, all the XXV710 cards have been updated to newest firmware. > > > > Now for the (failed) attempt: > > > > wharrels@styx2:/etc# ifconfig ixl0 > > ixl0: flags=8843 mtu 1500 > > lladdr 3c:fd:fe:ed:b7:28 > > index 1 priority 0 llprio 3 > > media: Ethernet autoselect (25GbaseSR full-duplex) > > status: active > > wharrels@styx2:/etc# ifconfig ixl2 > > ixl2: flags=8843 mtu 1500 > > lladdr 3c:fd:fe:eb:19:b0 > > index 3 priority 0 llprio 3 > > media: Ethernet autoselect (25GbaseSR full-duplex) > > status: active > > wharrels@styx2:/etc# ifconfig aggr1 create > > wharrels@styx2:/etc# ifconfig aggr1 trunkport ixl0 > > wharrels@styx2:/etc# ifconfig aggr1 trunkport ixl2 > > wharrels@styx2:/etc# ifconfig aggr1 up > > wharrels@styx2:/etc# ifconfig aggr1 > > aggr1: flags=8843 mtu 1500 > > lladdr fe:e1:ba:d0:7c:e9 > > index 11 priority 0 llprio 7 > > trunk: trunkproto lacp > > trunk id: [(8000,fe:e1:ba:d0:7c:e9,000B,,), > > (,00:00:00:00:00:00,,,)] > > ixl0 lacp actor system pri 0x8000 mac > > fe:e1:ba:d0:7c:e9, key 0xb, port pri 0x8000 number 0x1 > > ixl0 lacp actor state activity,aggregation,defaulted > > ixl0 lacp partner system pri 0x0 mac > > 00:00:00:00:00:00, key 0x0, port pri 0x0 number 0x0 > > ixl0 lacp partner state activity,aggregation,sync > > ixl0 port > > ixl2 lacp actor system pri 0x8000 mac > > fe:e1:ba:d0:7c:e9, key 0xb, port pri 0x8000 number 0x3 > > ixl2 lacp actor state activity,aggregation,defaulted > > ixl2 lacp partner system pri 0x0 mac > > 00:00:00:00:00:00, key 0x0, port pri 0x0 number 0x0 > > ixl2 lacp partner state activity,aggregation,sync > > ixl2 port > > groups: aggr > > media: Ethernet autoselect > > status: no carrier > > > > > > > > I tried doing another sysupgrade this morning just in case something > > had changed overnight but no luck. Any other ideas? > > > > Winfred > > > > >>> > > >>> Hi, > > >>> > > >>> could you try install snapshot from http://ftp.hostserver.de/archive/ > > >>> that is older than Thu Jun 25 06:41:38 2020 UTC ... > > >>> > > >>> maybe this commit broke xxv710 > > >>> http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/if_ixl.c?rev=1.56=text/x-cvsweb-markup > > >>>
