Re: cmp(1) '-s' flag ignoring byte offset argument?

[Otto Moerbeek]

On Fri, Jan 08, 2021 at 07:09:01PM -0800, Jordan Geoghegan wrote:

> Hey folks,
> 
> I've noticed some surprising behaviour from cmp(1) when using the '-s' flag.
> 
> It appears that cmp -s is ignoring the byte offset arguments I'm giving it.
> 
> I don't want to waste time babbling, so here's an example snippet to show 
> what I'm talking about:
> 
> #!/bin/sh
> 
> echo 'my line' > /tmp/1.txt
> echo 'my other line' >> /tmp/1.txt
> echo 'same same' >> /tmp/1.txt
> 
> echo 'my differnt line' > /tmp/2.txt
> echo 'my other different line' >> /tmp/2.txt
> echo 'same same' >> /tmp/2.txt
> 
> # Determine byte offsets (we only want to compare lines >= 3)
> offset1="$(head -2 /tmp/1.txt | wc -c)"
> offset2="$(head -2 /tmp/2.txt | wc -c)"
> 
> # Compare files and show exit code
> cmp /tmp/1.txt /tmp/2.txt "$offset1" "$offset2"
> printf '\nReturn code = %s\n' "$?"
> 
> cmp -s /tmp/1.txt /tmp/2.txt "$offset1" "$offset2"
> printf '\nReturn code with "-s" = %s\n' "$?"
> 
> As you can see, 'cmp -s' returns an exit code of '1', unlike cmp without the 
> '-s' which returns '0'.
> 
> Not sure what to make of this, I noticed this same behaviour on DragonflyBSD 
> and FreeBSD, so maybe I'm just missing something obvious. This certainly 
> caused some frustration before I figured out what was going on.
> 
> Regards,
> 
> Jordan
> 

This is a bug. It has been there since the beginning, according to
http://cvsweb.openbsd.org/src/usr.bin/cmp/regular.c

FreeBSD has it fixed, NetBSD not.

-Otto

Index: regular.c
===
RCS file: /cvs/src/usr.bin/cmp/regular.c,v
retrieving revision 1.12
diff -u -p -r1.12 regular.c
--- regular.c   6 Feb 2015 23:21:59 -   1.12
+++ regular.c   9 Jan 2021 06:53:20 -
@@ -51,15 +51,15 @@ c_regular(int fd1, char *file1, off_t sk
off_t byte, length, line;
int dfound;
 
-   if (sflag && len1 != len2)
-   exit(1);
-
if (skip1 > len1)
eofmsg(file1);
len1 -= skip1;
if (skip2 > len2)
eofmsg(file2);
len2 -= skip2;
+
+   if (sflag && len1 != len2)
+   exit(1);
 
length = MINIMUM(len1, len2);
if (length > SIZE_MAX) {

Clang sanitizer support

[Joe Nelson]

Hi all, I'd like to use Clang's AddressSanitizer and ThreadSanitizer on
my OpenBSD development machine. However, the Clang 10 documentation
lists OpenBSD support for only the UndefinedBehaviorSanitizer.

Does anyone know how hard it would be to port them? Are they absent
because nobody really cares about them, or is it because of a
significant technical challenge to get them on OpenBSD?

Also, are there alternatives to these sanitizers? Valgrind? Running
clang on another OS in vmm(4)? I tried the valgrind package but it
segfaulted immediately when I ran it early last year.


OS support for sanitizers, as reported by the docs:

AddressSanitizer
 * Android ARM
 * FreeBSD i386/x86_64 (tested on FreeBSD 11-current)
 * Linux i386/x86_64 (tested on Ubuntu 12.04)
 * NetBSD i386/x86_64
 * Windows 8.1+ (i386/x86_64)
 * iOS Simulator
 * macOS 10.7 - 10.11 (i386/x86_64)

ThreadSanitizer
 * Android aarch64, x86_64
 * Darwin arm64, x86_64
 * FreeBSD
 * Linux aarch64, x86_64, powerpc64, powerpc64le
 * NetBSD

MemorySanitizer
 * FreeBSD
 * Linux
 * NetBSD

UndefinedBehaviorSanitizer
 * Android
 * FreeBSD
 * Linux
 * NetBSD
 * OpenBSD
 * Windows
 * macOS

cmp(1) '-s' flag ignoring byte offset argument?

[Jordan Geoghegan]

Hey folks,

I've noticed some surprising behaviour from cmp(1) when using the '-s' flag.

It appears that cmp -s is ignoring the byte offset arguments I'm giving it.

I don't want to waste time babbling, so here's an example snippet to show what 
I'm talking about:

#!/bin/sh

echo 'my line' > /tmp/1.txt
echo 'my other line' >> /tmp/1.txt
echo 'same same' >> /tmp/1.txt

echo 'my differnt line' > /tmp/2.txt
echo 'my other different line' >> /tmp/2.txt
echo 'same same' >> /tmp/2.txt

# Determine byte offsets (we only want to compare lines >= 3)
offset1="$(head -2 /tmp/1.txt | wc -c)"
offset2="$(head -2 /tmp/2.txt | wc -c)"

# Compare files and show exit code
cmp /tmp/1.txt /tmp/2.txt "$offset1" "$offset2"
printf '\nReturn code = %s\n' "$?"

cmp -s /tmp/1.txt /tmp/2.txt "$offset1" "$offset2"
printf '\nReturn code with "-s" = %s\n' "$?"

As you can see, 'cmp -s' returns an exit code of '1', unlike cmp without the 
'-s' which returns '0'.

Not sure what to make of this, I noticed this same behaviour on DragonflyBSD 
and FreeBSD, so maybe I'm just missing something obvious. This certainly caused 
some frustration before I figured out what was going on.

Regards,

Jordan

Fw: ospf question

[Mark]

I'll try this message one more time.

I have a question regarding the use of ospf with OpenBSD 6.8.

> I have a network that consists of 23 OpenBSD 6.8 based routers (created, 
> within a virtualbox environment on a GNU/Linux server, to match the physical 
> network I manage - the only different being that the physical network 
> consists of FreeBSD based routers rather than OpenBSD ones). I set this up 
> after have replaced a FreeBSD based router with an OpenBSD based one in the 
> real network and immediately experiencing an issue accessing parts of the 
> network.
>
> Within my setup there is one router (router22) that is six hops away from the 
> designated default gateway (which I'll call the firewall) and there are two 
> paths (going different ways around the network) to get to it. I am able to 
> run a traceroute to router22, but am not able to ping it or ssh onto it. If I 
> ssh to the router connected to the firewall then I can ping and ssh to 
> router22 (at that point it's only 5 hops away). If I reboot any router that 
> lies within the path to router22 then I am subsequently able to ping and ssh 
> router22 from the firewall.
>
> I have also subsequently duplicated the entire network again using FreeBSD 
> 12.2 and the problem does not occur, so as far as I can see it's just an 
> OpenBSD ospf issue.
>
> I first set this up after replacing a FreeBSD based router with an OpenBSD 
> based one and experiencing another strange issue. In this instance the 
> shortest path from my server network (accessible from router01) to router08, 
> router11 and router12 was router01 <-> router13 <-> router21 <-> router08 <-> 
> router11 <-> router12, when I put the OpenBSD router in as router13 I could 
> no longer ping router08, router11 or router12 (though I could still ping 
> router21). If I connected to a router in a different part of the network I 
> was able to ping each of the inaccessible ones, so it was only when the 
> OpenBSD based router was along the shortest path the issue manifested itself.
>
> Is anyone aware of incompatibilities between the OSPF implementation within 
> OpenBSD and that provided by quagga on FreeBSD? Or of any limitations of OSPF 
> on OpenBSD?
>
> In each setup I have the same hello and dead interval and have md5 crypt 
> authentication in place on each link between routers. Each router is in area 
> 0.0.0.0.
>
> regards,
> Mark

Re: phonetics on OpenBSD: IPA transcription

[Weaver]

Hullo Jan,

It might be worth your while to involve yourself with LaTeX.
The TexMaker package is available in OpenBSD and it's almost trivial via
that.
There are plenty of resources around, including a very comprehensive
work on Wikibooks - downloadable as a .pdf.
Just load the package `tipa' into your preamble (document definition:
depending on whether you went to Oxford or Cambridge), and you're good
to go.
Cheers!

Harry.
-- 
`We'll know our disinformation program is complete when
 everything the American public believes is false'.
 -- William Casey, CIA Director (first staff meeting, 1981)

Re: Fw: ospf question

[Tom Smyth]

Hello Mark
you need to give more detail on the IP address types are you using  b
roadcast networks or point to point / tunnel type addresses
are you seeing anything in
also can you be certain your hypervisor switches (real switches in the
datacentre
allow for vm -vm communication and dont filter  certain types of traffic (OSPF)

/var/log/messages when you run the daemons,
 are you allowing ip protocol 89 (OSPF) on your PF rules on boxes running pf ?
have you configured loopback ips on each router  (on a separate
loopback interface)
 on each open BSD Router  (so as not to have  127.0.0.0/8 routes advertised
have you confirmed you dont have a network conflict 2 routers with the
same ip range
 on interfaces that are not connected ..

you can start ospfd with -df  switches to see if there are any
warnings / messages
that might hint what is up and running

only other high level things I can thing of
is check your neighbour adjacencies are they forming, and focus where
they are not forming
and usual things for OSPF adjacencies not forming
MTU of interfaces not matching between neighbours
Authentication key
authentication type
authentication key id  usually = 1
switch between routers with a smaller MTU / L2MTU than what the
neighbour routers
have configured on their interfaces

if ospf neighbours are forming are you learning any routes..  avoid
static default
routes they are the spawn of satan and you can run into issues
learning and propagating
default routes otherwise ...

Peace out and Happy new year




On Fri, 8 Jan 2021 at 23:08, Mark  wrote:
>
> I'll try this message one more time.
>
> I have a question regarding the use of ospf with OpenBSD 6.8.
>
> > I have a network that consists of 23 OpenBSD 6.8 based routers (created, 
> > within a virtualbox environment on a GNU/Linux server, to match the 
> > physical network I manage - the only different being that the physical 
> > network consists of FreeBSD based routers rather than OpenBSD ones). I set 
> > this up after have replaced a FreeBSD based router with an OpenBSD based 
> > one in the real network and immediately experiencing an issue accessing 
> > parts of the network.
> >
> > Within my setup there is one router (router22) that is six hops away from 
> > the designated default gateway (which I'll call the firewall) and there are 
> > two paths (going different ways around the network) to get to it. I am able 
> > to run a traceroute to router22, but am not able to ping it or ssh onto it. 
> > If I ssh to the router connected to the firewall then I can ping and ssh to 
> > router22 (at that point it's only 5 hops away). If I reboot any router that 
> > lies within the path to router22 then I am subsequently able to ping and 
> > ssh router22 from the firewall.
> >
> > I have also subsequently duplicated the entire network again using FreeBSD 
> > 12.2 and the problem does not occur, so as far as I can see it's just an 
> > OpenBSD ospf issue.
> >
> > I first set this up after replacing a FreeBSD based router with an OpenBSD 
> > based one and experiencing another strange issue. In this instance the 
> > shortest path from my server network (accessible from router01) to 
> > router08, router11 and router12 was router01 <-> router13 <-> router21 <-> 
> > router08 <-> router11 <-> router12, when I put the OpenBSD router in as 
> > router13 I could no longer ping router08, router11 or router12 (though I 
> > could still ping router21). If I connected to a router in a different part 
> > of the network I was able to ping each of the inaccessible ones, so it was 
> > only when the OpenBSD based router was along the shortest path the issue 
> > manifested itself.
> >
> > Is anyone aware of incompatibilities between the OSPF implementation within 
> > OpenBSD and that provided by quagga on FreeBSD? Or of any limitations of 
> > OSPF on OpenBSD?
> >
> > In each setup I have the same hello and dead interval and have md5 crypt 
> > authentication in place on each link between routers. Each router is in 
> > area 0.0.0.0.
> >
> > regards,
> > Mark



-- 
Kindest regards,
Tom Smyth.

Re: phonetics on OpenBSD: IPA transcription

[Sebastian Benoit]

Mihai Popescu(mih...@gmail.com) on 2021.01.08 23:00:44 +0200:
> > I mostly use macOS for that now [...]
> 
> I think it's better to stay on that system only, and avoid spamming misc
> with your cross-breeding experiments. Seriously now.

He asked a perfectly valid question. If you don't know the answer, don't
answer.

Re: phonetics on OpenBSD: IPA transcription

[Christian Weisgerber]

On 2021-01-08, Jan Stary  wrote:

> How do I install a font that has glyphs for those symbols?
> Is there anything for that in ports?

The Dejavu font that is included by default covers IPA.  It's
unlikely that you need to install anything else.  And if you do,
just install the Noto fonts and be done with it.

Even the "fixed" font that xterm uses by default covers IPA for all
practical purposes.

-- 
Christian "naddy" Weisgerber  na...@mips.inka.de

Re: phonetics on OpenBSD: IPA transcription

[Bryan Linton]

On 2021-01-08 20:42:20, Jan Stary  wrote:
> Is there anyone doing phonetics on OpenBSD?
> 
> [...]
> 
> If there are actualy phoneticians running on OpenBSD,
> how do you do it?
> 
>   Thank you
> 
>   Jan
>

Hello,

I wrote about my setup in an email to misc@ about a year ago.

https://marc.info/?l=openbsd-misc=153960218915258=2

(You may need to manually set your browser to UTF-8 to see
the line of IPA symbols in it.)

In brief, I installed ports/inputmethods/uim and use it to switch
into IPA layout.  I can write IPA symbols in both GUI and terminal
applications, though getting the symbols to show up correctly in
terminals requires a little more work.

Base vi doesn't support them, but nvi from ports works fine.
Trying to type commands into (n)vi while in IPA mode obviously
doesn't do what one expects though, so be sure to switch out of
it first.  I don't use emacs or mg, so can't comment on whether or
not they support them, but I suspect emacs most likely does.

I switch between layouts with either CTRL-shift or ALT-shift, and
then type according to the X-SAMPA rules which are documented in
/usr/local/share/uim/ipa-x-sampa.scm
which is installed by the uim port mentioned above.

Hopefully the above should get you a good working setup.  At the
very least, I'd recommend that you get your system set up to allow
X-SAMPA input since that seems to be the universal standard for
reducing the IPA into ASCII.  That way, no matter what system you
type IPA on, you'll have a consistent layout and won't need to
relearn anything.

Hope this helps!

-- 
Bryan

Re: phonetics on OpenBSD: IPA transcription

[Mihai Popescu]

> I mostly use macOS for that now [...]

I think it's better to stay on that system only, and avoid spamming misc
with your cross-breeding experiments. Seriously now.

Re: phonetics on OpenBSD: IPA transcription

[Chris Bennett]

On Fri, Jan 08, 2021 at 08:42:20PM +0100, Jan Stary wrote:
> Is there anyone doing phonetics on OpenBSD?
> 
> I suppose the first thing to figure out is transcription.
> I mostly use macOS for that now, having installed an IPA keyboard
> and the Charis and Doulos fonts (as recommended on the Praat page).
> Now I'm looking to do that on OpenBSD.
> 
> As far as I understand, I need a XKB keymap that describes a layout
> of the IPA symbols, and a font that has the glyphs for those symbols.
> Please bare with my ignorance of XKB internals.
> 

I am also interested in this. Fell in love with IPA once I saw it.
Nope, I don't have the skills. But I'd be happy to help.
Feel free to contact me off-list. I didn't know there were IPA
keyboards. My interests are personal and not professional.

Chris Bennett

Re: phonetics on OpenBSD: IPA transcription

[Anthony J. Bentley]

Hi Jan,

Jan Stary writes:
> Assigning the keysymbols for IPA symbols to the keycodes
> (in some way I choose, preferably compatible to the existing
> IPA keyboards out there) would amount to writing a layout
> such as those in /usr/X11R6/share/X11/xkb/symbols/, right?
>
> A quick search for 'xkb layout ipa' shows that a few of those exist.
> Is any of them prevalent, or at least used by phoneticians?
> Are any such layouts in the Xorg distribution already?

As I'm not a phoneticist I use Compose(5) instead of a full layout.
I have no special insights as to designing or loading such layouts.

SIL, which authored the Doulos and Charis fonts you mentioned and is
a big player in the open source linguistics space, recommends their
keyboard layout:

https://keyman.com/keyboards/sil_ipa

This is used by Keyman, which seems to be some sort of frontend to
load keyboard layouts into ibus. We don't have Keyman in ports, but if
it's useful software it would be good to add it.

If you'd rather write an X keyboard layout directly (to avoid extra
software like ibus), and no other layout exists, it would probably be
a good idea to use their key arrangement as a base for writing your
own.

> How do I install a font that has glyphs for those symbols?
> Is there anything for that in ports?

There are lots of Unicode fonts in ports. XTerm's default font supports
the IPA ranges. Several fixed-width fonts in ports, like Go Mono, are
also usable in the terminal and cover those characters. The Doulos and
Charis fonts you mentioned are also in ports.

-- 
Anthony J. Bentley

Re: adding user to a group

[Rudolf Sykora]

Todd C. Miller  writes:

> You need to login in again.  Logging in via ssh, a virtual console,
> X11 or running su will set the groups list.  Setting groups is a
> privileged operation so simply starting a new shell or opening a
> new xterm is not sufficient.

Thanks, su helped.
(Although I do not understand the reasoning behind the need to log
out/in, i.e., why isn't the group membership just updated after the
usemod command...)

Ruda

phonetics on OpenBSD: IPA transcription

[Jan Stary]

Is there anyone doing phonetics on OpenBSD?

I suppose the first thing to figure out is transcription.
I mostly use macOS for that now, having installed an IPA keyboard
and the Charis and Doulos fonts (as recommended on the Praat page).
Now I'm looking to do that on OpenBSD.

As far as I understand, I need a XKB keymap that describes a layout
of the IPA symbols, and a font that has the glyphs for those symbols.
Please bare with my ignorance of XKB internals.

As a first step, I did

xmodmap -e 'keycode 30 = u U00028a'

and now I can write `put' as /pʊt/.
(U00028a is the unicode of ʊ)

Assigning the keysymbols for IPA symbols to the keycodes
(in some way I choose, preferably compatible to the existing
IPA keyboards out there) would amount to writing a layout
such as those in /usr/X11R6/share/X11/xkb/symbols/, right?
A quick search for 'xkb layout ipa' shows that a few of those exist.
Is any of them prevalent, or at least used by phoneticians?
Are any such layouts in the Xorg distribution already?

As for the font, the reason I can see the ʊ above
(as do you, right?) is that the font I use in this here xterm
-misc-fixed-medium-r-normal--15-140-75-75-c-90-iso10646-1
covers the glyphs for Unicode, or at least parts of it,
in particular the IPA range of 0250-02af (see below).
So do some other fonts, including some in /usr/X11R6/lib/X11/fonts/,
so I can type ʊ in a libreoffice document too using those fonts.

Please note that I use the words keycode and keysym and glyph
and layout without any actual knowledge of XKB or fonts.
I guess I am asking:

How do I install a XKB layout that covers the IPA symbols?
How do I install a font that has glyphs for those symbols?
Is there anything for that in ports?

If there are actualy phoneticians running on OpenBSD,
how do you do it?

Thank you

Jan



$ unitool 250-2af | unitool 
c990  U+000250  ɐ   LATIN SMALL LETTER TURNED A
c991  U+000251  ɑ   LATIN SMALL LETTER SCRIPT A
c992  U+000252  ɒ   LATIN SMALL LETTER TURNED SCRIPT A
c993  U+000253  ɓ   LATIN SMALL LETTER B HOOK
c994  U+000254  ɔ   LATIN SMALL LETTER OPEN O
c995  U+000255  ɕ   LATIN SMALL LETTER C CURL
c996  U+000256  ɖ   LATIN SMALL LETTER D RETROFLEX HOOK
c997  U+000257  ɗ   LATIN SMALL LETTER D HOOK
c998  U+000258  ɘ   LATIN SMALL LETTER REVERSED E
c999  U+000259  ə   LATIN SMALL LETTER SCHWA
c99a  U+00025a  ɚ   LATIN SMALL LETTER SCHWA HOOK
c99b  U+00025b  ɛ   LATIN SMALL LETTER EPSILON
c99c  U+00025c  ɜ   LATIN SMALL LETTER REVERSED EPSILON
c99d  U+00025d  ɝ   LATIN SMALL LETTER REVERSED EPSILON HOOK
c99e  U+00025e  ɞ   LATIN SMALL LETTER CLOSED REVERSED EPSILON
c99f  U+00025f  ɟ   LATIN SMALL LETTER DOTLESS J BAR
c9a0  U+000260  ɠ   LATIN SMALL LETTER G HOOK
c9a1  U+000261  ɡ   LATIN SMALL LETTER SCRIPT G
c9a2  U+000262  ɢ   LATIN LETTER SMALL CAPITAL G
c9a3  U+000263  ɣ   LATIN SMALL LETTER GAMMA
c9a4  U+000264  ɤ   LATIN SMALL LETTER BABY GAMMA
c9a5  U+000265  ɥ   LATIN SMALL LETTER TURNED H
c9a6  U+000266  ɦ   LATIN SMALL LETTER H HOOK
c9a7  U+000267  ɧ   LATIN SMALL LETTER HENG HOOK
c9a8  U+000268  ɨ   LATIN SMALL LETTER BARRED I
c9a9  U+000269  ɩ   LATIN SMALL LETTER IOTA
c9aa  U+00026a  ɪ   LATIN LETTER SMALL CAPITAL I
c9ab  U+00026b  ɫ   LATIN SMALL LETTER L WITH MIDDLE TILDE
c9ac  U+00026c  ɬ   LATIN SMALL LETTER L BELT
c9ad  U+00026d  ɭ   LATIN SMALL LETTER L RETROFLEX HOOK
c9ae  U+00026e  ɮ   LATIN SMALL LETTER L YOGH
c9af  U+00026f  ɯ   LATIN SMALL LETTER TURNED M
c9b0  U+000270  ɰ   LATIN SMALL LETTER TURNED M WITH LONG LEG
c9b1  U+000271  ɱ   LATIN SMALL LETTER M HOOK
c9b2  U+000272  ɲ   LATIN SMALL LETTER N HOOK
c9b3  U+000273  ɳ   LATIN SMALL LETTER N RETROFLEX HOOK
c9b4  U+000274  ɴ   LATIN LETTER SMALL CAPITAL N
c9b5  U+000275  ɵ   LATIN SMALL LETTER BARRED O
c9b6  U+000276  ɶ   LATIN LETTER SMALL CAPITAL O E
c9b7  U+000277  ɷ   LATIN SMALL LETTER CLOSED OMEGA
c9b8  U+000278  ɸ   LATIN SMALL LETTER PHI
c9b9  U+000279  ɹ   LATIN SMALL LETTER TURNED R
c9ba  U+00027a  ɺ   LATIN SMALL LETTER TURNED R WITH LONG LEG
c9bb  U+00027b  ɻ   LATIN SMALL LETTER TURNED R HOOK
c9bc  U+00027c  ɼ   LATIN SMALL LETTER R WITH LONG LEG
c9bd  U+00027d  ɽ   LATIN SMALL LETTER R HOOK
c9be  U+00027e  ɾ   LATIN SMALL LETTER FISHHOOK R
c9bf  U+00027f  ɿ   LATIN SMALL LETTER REVERSED FISHHOOK R
ca80  U+000280  ʀ   LATIN LETTER SMALL CAPITAL R
ca81  U+000281  ʁ   LATIN LETTER SMALL CAPITAL INVERTED R
ca82  U+000282  ʂ   LATIN SMALL LETTER S HOOK
ca83  U+000283  ʃ   LATIN SMALL LETTER ESH
ca84  U+000284  ʄ   LATIN SMALL LETTER DOTLESS J BAR HOOK
ca85  U+000285  ʅ   LATIN SMALL LETTER SQUAT REVERSED ESH
ca86  U+000286  ʆ   LATIN SMALL LETTER ESH CURL
ca87  U+000287  ʇ   LATIN SMALL LETTER TURNED T
ca88  U+000288  ʈ   LATIN SMALL LETTER T RETROFLEX HOOK
ca89  

Re: npppd - problem with simultaneous sessions

[Radek]

Hi,

> When the problem is happening, is the counter "dropped due to missing 
> IPsec protection" incremented?
Yes, it is.

No VPN session:
$ netstat -sp udp
udp:
360413 datagrams received
0 with incomplete header
0 with bad data length field
0 with bad checksum
39898 with no checksum
108780 input packets software-checksummed
135430 output packets software-checksummed
187992 dropped due to no socket
50819 broadcast/multicast datagrams dropped due to no socket
970 dropped due to missing IPsec protection
0 dropped due to full socket buffers
121602 delivered
222326 datagrams output
285255 missed PCB cache

First VPN session:
$ netstat -sp udp
udp:
360863 datagrams received
0 with incomplete header
0 with bad data length field
0 with bad checksum
40104 with no checksum
108780 input packets software-checksummed
135518 output packets software-checksummed
188056 dropped due to no socket
50885 broadcast/multicast datagrams dropped due to no socket
970 dropped due to missing IPsec protection
0 dropped due to full socket buffers
121922 delivered
222532 datagrams output
285534 missed PCB cache

Second VPN session (the first ses. was disconencted)
[root@@fw-u/home/rdk:]netstat -sp udp
udp:
361306 datagrams received
0 with incomplete header
0 with bad data length field
0 with bad checksum
40446 with no checksum
108780 input packets software-checksummed
135660 output packets software-checksummed
188109 dropped due to no socket
50888 broadcast/multicast datagrams dropped due to no socket
977 dropped due to missing IPsec protection
0 dropped due to full socket buffers
122309 delivered
222708 datagrams output
285800 missed PCB cache

and after ~2 minutes:
[root@@fw-u/home/rdk:]netstat -sp udp
udp:
361814 datagrams received
0 with incomplete header
0 with bad data length field
0 with bad checksum
40862 with no checksum
108780 input packets software-checksummed
135837 output packets software-checksummed
188150 dropped due to no socket
50900 broadcast/multicast datagrams dropped due to no socket
1005 dropped due to missing IPsec protection
0 dropped due to full socket buffers
122764 delivered
222912 datagrams output
286078 missed PCB cache

On Fri, 08 Jan 2021 18:15:37 +0900 (JST)
YASUOKA Masahiko  wrote:

> Hi,
> 
> >> It seems that only last person can use the tunnel.  This reminds me
> >> problems through NAT.
> > True. Can it be caused by wrong PF rules?
> 
> No, I don't think so.
> 
> I suppose I could repeat the problem.
> 
> When the problem is happening, is the counter "dropped due to missing 
> IPsec protection" incremented?
> 
>% netstat -sp udp
>udp:
>655 datagrams received
>0 with incomplete header
>0 with bad data length field
>0 with bad checksum
>297 with no checksum
>356 input packets software-checksummed
>236 output packets software-checksummed
>46 dropped due to no socket
>0 broadcast/multicast datagrams dropped due to no socket
>3 dropped due to missing IPsec protection
>0 dropped due to full socket buffers
>609 delivered
>236 datagrams output
>354 missed PCB cache
> 
> I started looking into this problem.
> 
> On Thu, 7 Jan 2021 09:45:07 +0100
> radek  wrote:
> > Hi,
> >
> >> It seems that only last person can use the tunnel.  This reminds me
> >> problems through NAT.
> > True. Can it be caused by wrong PF rules?
> >
> >> Both sessions seem to be connected from A.B.C.D.  Are the clients
> >> behind a NAT?
> > Yes, both client are behind the same router/NAT.
> > I have a 66/i386 box running npppd on producion and my two clients 
> > can be connected the same time flawlessly.
> >
> >> How about the npppd side?  Does the client directly connect to
> >>
> >> > tunnel L2TP protocol l2tp {
> >> > listen on X.Y.Z.13
> >> > }
> >>
> >> X.Y.Z.13 ?  Or a NAT is there?
> > It is directly connected do X.Y.Z.13, no NAT.
> >
> > On Thu, 07 Jan 2021 16:27:57 +0900 (JST)
> > YASUOKA Masahiko  wrote:
> >
> >> Hi,
> >>
> >> On Wed, 6 Jan 2021 21:33:49 +0100
> >> Radek  wrote:
> >> > I have a box with relatively fresh install of 68/amd64, fully
> >> > syspatched. There is a npppd server running on it. The problem is
> >> > that I can have only one nppp session at one time. If the second
> >> > vpn user connects the box, the first nppp session hangs/drops. I
> >> > probably have missed something obvious in my setup but I really
> >> > can't find what it is.
> >>
> >> It seems that only last person can 

adding user to a group

[Rudolf Sykora]

Dear list,


I tried to add myself to the "dialer" group:

#usermod -G dialer ruda

But when I write

$groups

in a terminal I still do not see the new group. Not even if I open a new login
shell (by writing "ksh -l"). However, when I log in in a text console
(ctrl-alt-1), I see the new group there.

What is it that I have to do to have the membership updated, i.e., how
can I open e.g. a terminal in the running environment that would see my
new groups?


Thanks for comments
Ruda

Re: adding user to a group

[Bodie]

On 8.1.2021 16:21, Rudolf Sykora wrote:

Dear list,


I tried to add myself to the "dialer" group:

#usermod -G dialer ruda

But when I write

$groups

in a terminal I still do not see the new group. Not even if I open a 
new login

shell (by writing "ksh -l"). However, when I log in in a text console
(ctrl-alt-1), I see the new group there.

What is it that I have to do to have the membership updated, i.e., how
can I open e.g. a terminal in the running environment that would see my
new groups?


Thanks for comments
Ruda


There seems to be some change in behavior in OpenBSD and to be honest do 
not

know when it happened.

This is your start https://man.openbsd.org/user

which will get you to https://man.openbsd.org/usermod.8

BUT using -G resets your membership and you will be in only group you 
specified.

If you want to add additional group you need to use -S instead

Re: adding user to a group

[Ian Darwin]

On Fri, Jan 08, 2021 at 05:20:36PM +0100, Rudolf Sykora wrote:
> 
> Todd C. Miller  writes:
> 
> > You need to login in again.  Logging in via ssh, a virtual console,
> > X11 or running su will set the groups list.  Setting groups is a
> > privileged operation so simply starting a new shell or opening a
> > new xterm is not sufficient.
> 
> Thanks, su helped.
> (Although I do not understand the reasoning behind the need to log
> out/in, i.e., why isn't the group membership just updated after the
> usermod command...)

Todd's message contains the explanation. If you did not understand it,
please do some homework, like, read up on and understand how processes work on 
Unix.

Re: 4G mini PCI-e modem support?

[Stefan Sperling]

On Fri, Jan 08, 2021 at 05:13:52PM +0100, Patrick Wildt wrote:
> Am Fri, Jan 08, 2021 at 02:29:02PM + schrieb Peter Kay:
> > There appear to be no 4G modem support at the moment, specifically a
> > mini PCI-e one so I can stick it in a PC engines apu4d4 and have a
> > backup connection.
> > 
> > Presuming a driver would need to be written, but just checking if I've
> > missed anything?
> 
> There's umb(4).  It supports USB's MBIM standard.  There are some MBIM
> compatible chips around, one for instance is this one:
> 
> https://www.varia-store.com/de/produkt/87272-simcom-sim7600e-h-mpcie-eu-lte-cat-4-modul.html
> 
> You'll probably need to switch it into MBIM mode once via a specific
> AT-command over the serial, but otherwise it should do.
> 
> I'm sure there are plenty of other MBIM-compatible devices, this is just
> the one from the top of my head.

I have umb(4) working on an APU1 board. It's a Sierra Wireless EM7345, the one
shipped with x250 Thinkpads. Installation in an APU requires a compatible M.2
to miniPCIe adapter. Make sure to get an adapter with the correct M.2 keying.
If the vendor advertises GSM/UMTS/LTE modem support the adapter should work.
If they don't, better ask before buying.

This combo works fine in the middle miniPCIe slot of the APU. You'll need a
full size SIM card for the SIM card slot. Again, an adapter will help to fit
a micro or nano SIM.

You will also want LTE antennas and compatible pigtails. Using wifi antennas
will result in about 50% packet loss.

Re: 4G mini PCI-e modem support?

[Patrick Wildt]

Am Fri, Jan 08, 2021 at 02:29:02PM + schrieb Peter Kay:
> There appear to be no 4G modem support at the moment, specifically a
> mini PCI-e one so I can stick it in a PC engines apu4d4 and have a
> backup connection.
> 
> Presuming a driver would need to be written, but just checking if I've
> missed anything?

There's umb(4).  It supports USB's MBIM standard.  There are some MBIM
compatible chips around, one for instance is this one:

https://www.varia-store.com/de/produkt/87272-simcom-sim7600e-h-mpcie-eu-lte-cat-4-modul.html

You'll probably need to switch it into MBIM mode once via a specific
AT-command over the serial, but otherwise it should do.

I'm sure there are plenty of other MBIM-compatible devices, this is just
the one from the top of my head.

Re: M2 SSD in a PCI-E adapter

[Patrick Wildt]

Am Fri, Jan 08, 2021 at 08:46:20AM -0700 schrieb Todd C. Miller:
> On Fri, 08 Jan 2021 16:19:02 +0100, Jan Stary wrote:
> 
> > I know the disk itself works: this is the disk plugged into
> > an M.2 slot in a Dell Latitude E5570 (full dmesg below):
> > sd0 at scsibus1 targ 0 lun 0:  
> > naa.5001b448b85325
> > 30
> > sd0: 238475MB, 512 bytes/sector, 488397168 sectors, thin
> 
> That is not an NVME SSD, it is an M.2 SATA SSD.  You need a different
> adaptor.
> 
>  - todd
> 

Yes, todd is right.  It's a M2 SATA SSD, but the Adapter will only
work with M2 NVMe SSDs.  So you might need a different adapter.  Some-
thing like these two could maybe work:

https://www.delock.de/produkte/1140_M-2/89388/merkmale.html
https://www.delock.de/produkte/1140_M-2/89379/merkmale.html

Both say "supports Key B+M on SATA basis" and both have active chipsets
which should be PCIe AHCI-compatible controller.

Re: adding user to a group

[Martijn van Duren]

User and group information is set during login. When running a new shell
with -l it only reads the shell profile:
 -l  Login shell.  If the basename the shell is called with
 (i.e. argv[0]) starts with ‘-’ or if this option is used,
 the shell is assumed to be a login shell and the shell
 reads and executes the contents of /etc/profile and
 $HOME/.profile if they exist and are readable.
So you need to log out and log in again (either from your terminal
session or X11 session).

If you want to make sure your user is added to the group dialer you can
verify via:
$ getent group dialer
dialer:*:117:ruda

martijn@

On Fri, 2021-01-08 at 16:21 +0100, Rudolf Sykora wrote:
> Dear list,
> 
> 
> I tried to add myself to the "dialer" group:
> 
> #usermod -G dialer ruda
> 
> But when I write
> 
> $groups
> 
> in a terminal I still do not see the new group. Not even if I open a new login
> shell (by writing "ksh -l"). However, when I log in in a text console
> (ctrl-alt-1), I see the new group there.
> 
> What is it that I have to do to have the membership updated, i.e., how
> can I open e.g. a terminal in the running environment that would see my
> new groups?
> 
> 
> Thanks for comments
> Ruda
> 

Re: M2 SSD in a PCI-E adapter

[Todd C . Miller]

On Fri, 08 Jan 2021 16:19:02 +0100, Jan Stary wrote:

> I know the disk itself works: this is the disk plugged into
> an M.2 slot in a Dell Latitude E5570 (full dmesg below):
> sd0 at scsibus1 targ 0 lun 0:  naa.5001b448b85325
> 30
> sd0: 238475MB, 512 bytes/sector, 488397168 sectors, thin

That is not an NVME SSD, it is an M.2 SATA SSD.  You need a different
adaptor.

 - todd

Re: adding user to a group

[Todd C . Miller]

On Fri, 08 Jan 2021 16:21:08 +0100, Rudolf Sykora wrote:

> I tried to add myself to the "dialer" group:
>
> #usermod -G dialer ruda
>
> But when I write
>
> $groups
>
> in a terminal I still do not see the new group. Not even if I open a new logi
> n
> shell (by writing "ksh -l"). However, when I log in in a text console
> (ctrl-alt-1), I see the new group there.

Yes, group membership it set at login time.  Running ksh as a login
shell is not the same as actually logging in with a new session.

> What is it that I have to do to have the membership updated, i.e., how
> can I open e.g. a terminal in the running environment that would see my
> new groups?

You need to login in again.  Logging in via ssh, a virtual console,
X11 or running su will set the groups list.  Setting groups is a
privileged operation so simply starting a new shell or opening a
new xterm is not sufficient.

 - todd

Re: [new] sysutils/obsdpkgup - tools for creating and using a package index

[Jeremy O'Brien]

> On 2021/01/06 12:03, Stuart Henderson wrote:
> Looking at this it's better than I thought it would be, there are some
> problems though -
> 

Hey thanks!

> - The version number comparison using mcuadros/go-version is wrong,
> it doesn't match packages-specs(5).
> 

I took the time to learn some perl yesterday, and holy moly my version
comparison code was *very* wrong. Thanks for taking the time to point that out.
As a result, I went through and mirrored the perl code as closely as I could to
ensure that it matches what OpenBSD does.

> - There doesn't seem to be a way to validate that index.pkgup.gz is done
> against the current available package build. For this I would suggest
> recording the timestamp of the @digital-signature on the quirks package
> in the index, and verifying when the update is run. (grep out of
> "PKG_DBDIR=/var/empty PKG_PATH=$whatever pkg_info -f quirks" will do
> the trick).
> 

Added. I'm parsing the signify block in pure Go (instead of shelling out to
pkg_info) because I want to be able to use the index generation code on any
Go-supported platform. My own mirror (and from what I understand, some of
OpenBSD's own mirrors) aren't necessarily running OpenBSD.

> Between those two it could cause problems because the user may try to
> update a too-small subset of packages. The first problem is obvious.
> The second problem, if a library is bumped after the index is generated,
> the required updates won't show up. For both if people use it and then
> run into problems it's likely the bug reports will end up with openbsd
> rather than pkgup. This makes me not want to add it to packages yet
> (adding it could easily be seen as an endorsement of using it).
> This would be less of a problem if it at least tries to detect outdated
> caches and prints a clear warning.
> 

I hope that my above two fixes rectify this situation in your mind.

> Less important but I'd be happier if it used the signature from pkg_info
> -qS rather than its own version using grep on +CONTENTS, to guard
> against possible future changes to things that pkg_add considers when
> deciding whether to update (also I think it would make sense to include
> the whole string rather than a hash of the signature, there's no need to
> hide that), as long as the full url/filename is used pkg_add will fetch
> the file directly without grabbing the index first. i.e.
> PKG_DBDIR=/var/empty pkg_info -qS 
> http://mirror/pub/OpenBSD/snapshots/packages/amd64/moo-1.5p0.tgz
> 

I would like this as well. The problem is that pkg_info -qS is slow. It takes
orders of magnitude more time to run than my current signature generation code.
I can currently build a complete index from a remote mirror in less than ten
minutes. If I switched to using pkg_info, it would take several hours by my
math. In addition, I would like to keep genpkgup able to be run on any OS that
Go supports instead of only OpenBSD machines. I went ahead and
sorta-implemented your suggestion though by matching OpenBSD's current
signature format. No more hashes. I was torn on this before, but I actually
like your approach better because A: it's easier to debug when things go wrong
and B: it's much less CPU-intensive not having to do sha256 stuff. So again,
thank you for the recommendation. If the signature format changes in the
future, I will gladly update my code to match, or revisit the problem if
necessary.

Again, thank you for taking the time to look at my tool!

4G mini PCI-e modem support?

[Peter Kay]

There appear to be no 4G modem support at the moment, specifically a
mini PCI-e one so I can stick it in a PC engines apu4d4 and have a
backup connection.

Presuming a driver would need to be written, but just checking if I've
missed anything?

Re: -current amd64 packages not updated? Impatient or broken?

[Jacqueline Jolicoeur]

On Jan 07 21:30, Christian Weisgerber wrote:

> A new build is running now and will take another 24h to complete
> if all goes well.

Thanks for the ETA. You build ports faster than I can. I appreciate
your service.

Re: msdos partition is too small in arm64/miniroot68.img

[Stuart Henderson]

On 2021-01-07, tech-lists  wrote:
> What I wanted to do was to write latest firmwares from 
> https://github.com/pftf/RPi4 as described in OpenBSD/6.8/arm64/INSTALL.arm64
> into the (mdconfig-mounted) msdos partition of miniroot68.img prior to writing
> it to the sdcard as I didn't have an additional USB storage device.

That is not as described in the install notes, they specifically say to
use a second storage device exactly to avoid this complication. (They
don't need to describe every possible method, only a simple one that
works).

Re: -current amd64 packages not updated? Impatient or broken?

[Jan Stary]

On Jan 07 16:40:37, ch...@nmedia.net wrote:
> For those trying to use the latest snap and the latest ports, try link
> libc++.so.4.0 to libc++.so.5.0 and libc++abi.so.2.1 to libc++abi.so.3.0
> for now. Frankenstein, indeed. You'll feel dirty just doing it.

While at it, link /bin/ls to /bin/rm

Re: -current amd64 packages not updated? Impatient or broken?

[Paul de Weerd]

On Thu, Jan 07, 2021 at 09:30:13PM +0100, Christian Weisgerber wrote:
| Steve Williams:
| 
| > I hesitate to send this because perhaps I'm just too impatient, but then
| > again, perhaps not.  This is not critical/time sensitive.
| > 
| > I just thought I'd check if there a problem with the current packages folder
| > from the mirrors?
| 
| No, the amd64 package builds have been slightly delayed.

A good reminder that you are building these package snaps very often,
thanks to you (and all the other pkg builders and Theo and other base
snap builders) for providing us with with these very regular updates.

Cheers,

Paul

-- 
>[<++>-]<+++.>+++[<-->-]<.>+++[<+
+++>-]<.>++[<>-]<+.--.[-]
 http://www.weirdnet.nl/ 

Re: -current amd64 packages not updated? Impatient or broken?

[Stuart Henderson]

On 2021-01-07, Patrick Wildt  wrote:
> Maybe I should have asked ports to run with the build first, so that
> base and packages would be aligned.

We (package builders) don't really do that - and in the majority of
cases it's not much of a problem anyway, it normally only affects people
that have freshly installed from snapshot and usually clears itself in a
few days.

Re: npppd - problem with simultaneous sessions

[YASUOKA Masahiko]

Hi,


It seems that only last person can use the tunnel.  This reminds me
problems through NAT.

True. Can it be caused by wrong PF rules?


No, I don't think so.

I suppose I could repeat the problem.

When the problem is happening, is the counter "dropped due to missing 
IPsec protection" incremented?


  % netstat -sp udp
  udp:
  655 datagrams received
  0 with incomplete header
  0 with bad data length field
  0 with bad checksum
  297 with no checksum
  356 input packets software-checksummed
  236 output packets software-checksummed
  46 dropped due to no socket
  0 broadcast/multicast datagrams dropped due to no socket
  3 dropped due to missing IPsec protection
  0 dropped due to full socket buffers
  609 delivered
  236 datagrams output
  354 missed PCB cache

I started looking into this problem.

On Thu, 7 Jan 2021 09:45:07 +0100
radek  wrote:

Hi,


It seems that only last person can use the tunnel.  This reminds me
problems through NAT.

True. Can it be caused by wrong PF rules?


Both sessions seem to be connected from A.B.C.D.  Are the clients
behind a NAT?

Yes, both client are behind the same router/NAT.
I have a 66/i386 box running npppd on producion and my two clients 
can be connected the same time flawlessly.



How about the npppd side?  Does the client directly connect to

> tunnel L2TP protocol l2tp {
> listen on X.Y.Z.13
> }

X.Y.Z.13 ?  Or a NAT is there?

It is directly connected do X.Y.Z.13, no NAT.

On Thu, 07 Jan 2021 16:27:57 +0900 (JST)
YASUOKA Masahiko  wrote:


Hi,

On Wed, 6 Jan 2021 21:33:49 +0100
Radek  wrote:
> I have a box with relatively fresh install of 68/amd64, fully
> syspatched. There is a npppd server running on it. The problem is
> that I can have only one nppp session at one time. If the second
> vpn user connects the box, the first nppp session hangs/drops. I
> probably have missed something obvious in my setup but I really
> can't find what it is.

It seems that only last person can use the tunnel.  This reminds me
problems through NAT.

> Jan  6 20:53:16 fw-u npppd[82720]: ppp id=0 layer=base
> logtype=TUNNELSTART user="rdk" duration=1sec layer2=L2TP
> layer2from=A.B.C.D:1701 auth=MS-CHAP-V2  ip=10.109.4.1 
iface=pppx0


> Jan  6 20:53:44 fw-u npppd[82720]: ppp id=1 layer=base
> logtype=TUNNELSTART user="rdk-test" duration=1sec layer2=L2TP
> layer2from=A.B.C.D:1701 auth=MS-CHAP-V2  ip=10.109.4.11 
iface=pppx0


Both sessions seem to be connected from A.B.C.D.  Are the clients
behind a NAT?

How about the npppd side?  Does the client directly connect to

> tunnel L2TP protocol l2tp {
> listen on X.Y.Z.13
> }

X.Y.Z.13 ?  Or a NAT is there?

On Wed, 6 Jan 2021 21:33:49 +0100
Radek  wrote:
> Hi @misc,
>
> I have a box with relatively fresh install of 68/amd64, fully
> syspatched. There is a npppd server running on it. The problem is
> that I can have only one nppp session at one time. If the second
> vpn user connects the box, the first nppp session hangs/drops. I
> probably have missed something obvious in my setup but I really
> can't find what it is.
>
> Please help me to solve the problem.
> Thank you.
>
> $cat /etc/npppd/npppd.conf
> authentication LOCAL type local {
> users-file "/etc/npppd/npppd-users"
> }
> tunnel L2TP protocol l2tp {
> listen on X.Y.Z.13
> }
> ipcp IPCP {
> pool-address 10.109.4.1-10.109.4.32
> dns-servers 1.1.1.1
> }
> # use pppx(4) interface.  use an interface per a ppp session.
> interface pppx0 address 10.109.4.254 ipcp IPCP
> bind tunnel from L2TP authenticated by LOCAL to pppx0
>
> $cat /etc/hostname.enc0
> up
>
>
> $cat /etc/sysctl.conf
> net.inet.ip.forwarding=1
> net.inet.ipcomp.enable=1
> net.inet.esp.enable=1
> net.inet.gre.allow=1
> net.pipex.enable=1
>
> $cat /etc/rc.conf.local
> ipsec=YES
> ipsec_rules=/etc/ipsec.conf
> isakmpd_flags="-K"
> npppd_flags=""
>
> $cat /etc/ipsec.conf
> wan_ipv4 = X.Y.Z.13
> ike passive esp transport \
>  proto udp from $wan_ipv4 to any port 1701 \
>  main auth "hmac-sha1" enc "3des" group modp1024 \
>  quick auth "hmac-sha1" enc "aes" group modp1024 \
>  psk "pskpskpsk"
>
> $cat /etc/pf.conf
> [...]
> vpn_if = "pppx"
> vpn_local  = "10.109.4.0/24"
>
> pass in on $ext_if proto udp from any to (egress:0) port
> {isakmp,ipsec-nat-t,l2tp}
> pass in on $ext_if proto {ah,esp}
> pass log proto { gre } from any to any keep state
>
> # filter all IPSec traffic on the enc interface
> pass on enc0 keep state (if-bound)
>
> # allow all trafic in on and out to the VPN network
> pass on $vpn_if from $vpn_local
> pass on $vpn_if to $vpn_local
>
> # NAT VPN traffic going out on the public interface with the 
public

> IP
> match out log on $ext_if inet proto { tcp, udp, icmp } from
> $vpn_local nat-to ($ext_if) set prio (3,7)
>
> some logs...
>
> Jan  6 20:53:14 fw-u last message repeated 4 times
> Jan  6 20:53:16 fw-u isakmpd[11638]: