Re: Thinkpad T14 AMD Gen 3

[Philippe Meunier]

Jonathan Gray wrote:
>Glad to hear amdgpu works on Rembrandt/Yellow Carp.

On a related note, I noticed I get the following kernel message when
shutting down the X server:

[drm] *ERROR* Error waiting for DMUB idle: status=3

Otherwise X seems to work fine.

>diff below for those, though it is just cosmetic
>run 'make' in /sys/dev/pci before building a kernel

New dmesg below, although as you say it's just cosmetic.

>Does sound work when using headphones?

Neither built-in speakers nor plugged-in headphones work.

Regarding networking, the following also shows up at boot, using the
default pf.conf and when there's no ethernet cable plugged in (I think: I
don't remember seeing this when the cable was plugged in):

pfctl: DIOCADDRULE: Operation not supported by device
pf enabled
starting network
pfctl: DIOCADDRULE: Operation not supported by device

Philippe



OpenBSD 7.2-current (GENERIC.MP) #1: Thu Nov 10 22:06:16 EST 2022
meun...@t14.fios-router.home:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 33014763520 (31485MB)
avail mem = 31996751872 (30514MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.3 @ 0x73888000 (70 entries)
bios0: vendor LENOVO version "R23ET47W (1.17 )" date 05/27/2022
bios0: LENOVO 21CF003XUS
efi0 at bios0: UEFI 2.7
efi0: Lenovo rev 0x1110
acpi0 at bios0: ACPI 6.3Undefined scope: \\_SB_.PCI0.GPP1
Undefined scope: \\_SB_.PCI0.GPP2
Undefined scope: \\_SB_.PCI0.GPP2.WWAN
Undefined scope: \\_SB_.PCI0.GPP0

acpi0: sleep states S0 S4 S5
acpi0: tables DSDT FACP SSDT SSDT IVRS SSDT SSDT SSDT SSDT TPM2 MSDM BATB HPET 
APIC MCFG SBST WSMT SSDT CRAT CDIT VFCT FPDT SSDT SSDT SSDT BGRT SSDT SSDT SSDT 
SSDT SSDT SSDT SSDT SSDT SSDT UEFI SSDT SSDT SSDT
acpi0: wakeup devices GPP5(S4) GPP6(S0) GPP7(S0) LID_(S4) SLPB(S3)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpihpet0 at acpi0: 14318180 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Ryzen 7 PRO 6850U with Radeon Graphics, 2700.01 MHz, 19-44-01
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,INVPCID,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,PKU,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 512KB 64b/line 
8-way L2 cache, 16MB 64b/line 16-way L3 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 24MHz
cpu0: mwait min=64, max=64, C-substates=1.1, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD Ryzen 7 PRO 6850U with Radeon Graphics, 2700.00 MHz, 19-44-01
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,INVPCID,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,PKU,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu1: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 512KB 64b/line 
8-way L2 cache, 16MB 64b/line 16-way L3 cache
cpu1: smt 1, core 0, package 0
tsc: cpu0/cpu1: sync test failed
timecounter: active counter changed: tsc -> acpihpet0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: AMD Ryzen 7 PRO 6850U with Radeon Graphics, 2700.00 MHz, 19-44-01
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,INVPCID,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,PKU,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu2: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 512KB 64b/line 
8-way L2 cache, 16MB 64b/line 16-way L3 cache
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: AMD Ryzen 7 PRO 6850U with Radeon Graphics, 2700.01 MHz, 19-44-01
cpu3: 

Re: [SPAM] Re: opensmtpd-filter-dkimsign-0.5

[Thomas Bohl]

# openssl genrsa -out /etc/mail/dkim/agroena.org.private.key 2048


and

# chown _dkimsign:_dkimsign /etc/mail/dkim/agroena.org.private.key
# chmod 440 /etc/mail/dkim/agroena.org.private.key

Re: [SPAM] Re: opensmtpd-filter-dkimsign-0.5

[latincom]

>> Now dkimsign is failing and i have not been able to repair it, could
>> somebody please help?
>>
>> # smtpd -d
>> info: OpenSMTPD 7.0.0 starting
>> dkimsign: Can't open key file (/etc/mail/dkim/agroena.org.private.key):
>> Permission denied
>> warn: lost processor: dkimsign exited abnormally
>> Exiting
>>
>> # doas -u _dkimsign openssl genrsa -out /etc/mail/dkim/private.rsa.key
>> 2048
>> /etc/mail/dkim/private.rsa.key: Permission denied
>> 5824620405456:error:02FFF00D:system library:func(4095):Permission
>> denied:/usr/src/lib/libcrypto/bio/bss_file.c:257:fopen('/etc/mail/dkim/private.rsa.key',
>> 'w')
>> 5824620405456:error:20FFF002:BIO routines:CRYPTO_internal:system
>> lib:/usr/src/lib/libcrypto/bio/bss_file.c:259:
>
> Please share
>

Thank you Thomas.
> cat /etc/mail/smtpd.conf

# cat /etc/mail/smtpd.conf
#   $OpenBSD: smtpd.conf,v 1.14 2019/11/26 20:14:38 gilles Exp $

# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.

table aliases file:/etc/mail/aliases

filter "dkimsign" proc-exec "filter-dkimsign -d agroena.org -s s1 -k
/etc/mail/dkim/agroena.org.private.key" user _dkimsign group _dkimsign

# To accept external mail, replace with: listen on all
#
listen on socket filter "dkimsign"
listen on lo0 filter "dkimsign"

action "local_mail" mbox alias 
action "outbound" relay

# Uncomment the following to accept external mail for domain "example.org"
#
# match from any for domain "example.org" action "local_mail"
match from any for domain "agroena.org" action "local_mail"
match for local action "local_mail"
match for any action "outbound"

> ls -la /etc/mail/dkim/

#  ls -la /etc/mail/dkim/
total 8
drwxrwx---  2 _dkimsign  _dkimsign  512 Nov  9 12:59 .
drwxr-x---  6 root   wheel  512 Nov  9 12:59 ..
>

7.2 and iwm/amdgpu Firmware?

[Mike Fischer]

On a newly installed Mini PC (NiPoGi AM02) I noticed the following messages in 
dmesg:
iwm0: could not read firmware iwm-7265-17 (error 2)
iwm0: failed to load init firmware

and:
drm:pid0:amdgpu_device_parse_gpu_info_fw *ERROR* Failed to load gpu_info 
firmware "amdgpu/raven2_gpu_info.bin"
drm:pid0:amdgpu_attachhook *ERROR* Fatal error during GPU init


I checked iwm(4) and it referred to fw_update(8).

# fw_update -vvv
Detect firmware ... found.
Trying 94.142.241.170...
Requesting http://firmware.openbsd.org/firmware/7.2/SHA256.sig
100% 
||
   150   00:00
150 bytes received in 0.00 seconds (856.59 KB/s)
Unable to find firmware for amdgpu
fw_update: added none; updated none; kept none
# 

Looking at http://firmware.openbsd.org/firmware/7.2/ there is no firmware 
there. (http://firmware.openbsd.org/firmware/7.1/ contains stuff, so this seems 
odd.)

This is an AMD Ryzen 3 3200U processor with onboard Radeon Vega graphics.

dmesg:
==
OpenBSD 7.2 (GENERIC.MP) #0: Wed Oct 26 12:01:47 MDT 2022

r...@syspatch-72-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 6349602816 (6055MB)
avail mem = 6139764736 (5855MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.2 @ 0xde3db000 (43 entries)
bios0: vendor American Megatrends Inc. version "V1.16_P2C10M3_AMILogo" date 
05/30/2022
bios0: Default string AM02
acpi0 at bios0: ACPI 6.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT FIDT SSDT MSDM MCFG HPET UEFI VFCT TPM2 IVRS 
SSDT CRAT CDIT SSDT SSDT SSDT WSMT SSDT
acpi0: wakeup devices GPP0(S4) GPP1(S4) GPP2(S4) GPP3(S4) GPP4(S4) GPP5(S4) 
GPP6(S4) GP17(S4) XHC0(S3) XHC1(S3) GP18(S4)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Ryzen 3 3200U with Radeon Vega Mobile Gfx, 2395.68 MHz, 17-18-01
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA,IBPB,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu0: 32KB 64b/line 8-way D-cache, 64KB 64b/line 4-way I-cache, 512KB 64b/line 
8-way L2 cache, 4MB 64b/line 16-way L3 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 24MHz
cpu0: mwait min=64, max=64, C-substates=1.1, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD Ryzen 3 3200U with Radeon Vega Mobile Gfx, 2395.51 MHz, 17-18-01
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA,IBPB,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu1: 32KB 64b/line 8-way D-cache, 64KB 64b/line 4-way I-cache, 512KB 64b/line 
8-way L2 cache, 4MB 64b/line 16-way L3 cache
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: AMD Ryzen 3 3200U with Radeon Vega Mobile Gfx, 2395.51 MHz, 17-18-01
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA,IBPB,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu2: 32KB 64b/line 8-way D-cache, 64KB 64b/line 4-way I-cache, 512KB 64b/line 
8-way L2 cache, 4MB 64b/line 16-way L3 cache
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: AMD Ryzen 3 3200U with Radeon Vega Mobile Gfx, 2395.51 MHz, 17-18-01
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA,IBPB,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu3: 32KB 64b/line 8-way D-cache, 64KB 64b/line 4-way I-cache, 512KB 64b/line 
8-way L2 cache, 4MB 64b/line 16-way L3 cache
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 5 pa 0xfec0, 

Re: opensmtpd-filter-dkimsign-0.5

[Thomas Bohl]

Now dkimsign is failing and i have not been able to repair it, could
somebody please help?

# smtpd -d
info: OpenSMTPD 7.0.0 starting
dkimsign: Can't open key file (/etc/mail/dkim/agroena.org.private.key):
Permission denied
warn: lost processor: dkimsign exited abnormally
Exiting

# doas -u _dkimsign openssl genrsa -out /etc/mail/dkim/private.rsa.key 2048
/etc/mail/dkim/private.rsa.key: Permission denied
5824620405456:error:02FFF00D:system library:func(4095):Permission
denied:/usr/src/lib/libcrypto/bio/bss_file.c:257:fopen('/etc/mail/dkim/private.rsa.key',
'w')
5824620405456:error:20FFF002:BIO routines:CRYPTO_internal:system
lib:/usr/src/lib/libcrypto/bio/bss_file.c:259:


Please share

cat /etc/mail/smtpd.conf
ls -la /etc/mail/dkim/

Re: Multicast Routing issues with OpenBSD

[Barbaros Bilek]

Hi Tarkan,

I've already tried all of them but it is not working.
Also note that PIM support was removed from OpenBSD; so it's an option. [*]

[*] https://www.mail-archive.com/tech@openbsd.org/msg43264.html


On Wed, Nov 9, 2022 at 3:37 PM Tarkan Erimer - BSD 
wrote:

>
>
> On 9.11.2022 12.39 PM, Barbaros Bilek wrote:
> > Hi again,
> >
> > I've added this route :
> > ''route add 239.0.1.2/32 172.16.1.1''
> > But nothing changed.
> > Is OpenBSD capable of multicast routing? Am I doing a wrong
> configuration?
> > Any thoughts?
> > Thanks in advance.
> >
> > On Tue, Nov 8, 2022 at 6:28 PM Barbaros Bilek 
> > wrote:
> >
> >> Hi Folks,
> >>
> >> I try to do multicast routing with OpenBSD 7.2
> >> Here is my setup:
> >>
> >> # Default GW to internet
> >> echo 'inet autoconf' > /etc/hostname.em0
> >> # Get 10.10.12.81/24 from dhcp-server with gw 10.10.12.1
> >>
> >> # Multicast Server  Interface (transmit packets)
> >> echo 'inet 172.16.1.1 255.255.255.0 NONE' > /etc/hostname.em1
> >> # Multicast Client interface (receive packets)
> >> echo 'inet 172.16.55.1 255.255.255.0 NONE' > /etc/hostname.em2
> >> # Forward ip & multicast
> >> echo 'sysctl net.inet.ip.forwarding=1' > /etc/sysctl.conf
> >> echo 'sysctl net.inet.ip.mforwarding=1' >> /etc/sysctl.conf
> >> # Enable Multicast on OpenBSD
> >> rcctl enable multicast
> >> # Disable PF
> >> rcctl disable pf
> >>
> >> # Mrouted Configuration
> >> multicast_test# cat /etc/mrouted.conf
> >> name STD 239.0.0.0/16
> >> pruning on
> >> phyint 172.16.1.1 threshold 16
> >> boundary STD
> >> altnet 172.16.0.0/16
> >> phyint 172.16.55.1 threshold 16
> >> boundary STD
> >> altnet 172.16.0.0/16
> >> phyint 10.10.12.81 disable
> >> # Enable mrouted on startUp
> >> rcctl enable mrouted
> >> # Reboot system
> >> reboot
> >>
> >> For testing purposes I use this application : Singlewire Software IC
> Test
> >> Multicast (It uses )
> >> I'm sure about my testing environment. Because when I use a Brocade ICX
> L3
> >> switch with router pim configuration everything is ok. But with OpenBSD
> >> multicast routing fails:
> >>
> >> Here some logs :
> >>
> >> multicast_test# mrinfo
> >>
> >> 127.0.0.1 (localhost) [version 3.8,prune,genid,mtrace]:
> >>
> >>10.10.12.81 -> 0.0.0.0 (local) [1/1/disabled]
> >>
> >>172.16.1.1 -> 0.0.0.0 (local) [1/16/querier/leaf]
> >>
> >>172.16.55.1 -> 0.0.0.0 (local) [1/16/querier/leaf]
> >>
> >>
> >> multicast_test# netstat -g
> >>
> >>
> >> Virtual Interface Table
> >>
> >>   Vif  Thresh  Local-AddressRemote-Address   Pkt_in  Pkt_out
> >>
> >> 1  16  172.16.1.1   4580
> >>
> >> 2  16  172.16.55.100
> >>
> >>
> >> Multicast Forwarding Cache
> >>
> >>   Hash  Origin   Mcastgroup   Traffic  In-Vif
> >> Out-Vifs/Forw-ttl
> >>
> >>  0  172.16.1.1   239.0.1.2   458B   1
> >>
> >>
> >> Total no. of entries in cache: 1
> >>
> >>
> >> IPv6 Multicast Interface Table is empty
> >>
> >> IPv6 Multicast Routing Table is empty
> >>
> >>
> >> Output when I run mrouted at debug mode :
> >>
> >>
> >> multicast_test# mrouted -d
> >>
> >>
> >>
> >>
> >> mrouted: debug level invalid
> >>
> >> debug level 2
> >>
> >> 18:06:55.405 mrouted version 3.8
> >>
> >> 18:06:55.407 Getting vifs from kernel interfaces
> >>
> >> 18:06:55.408 installing em0 (10.10.12.81 on subnet 10.10.12/24) as vif
> #0
> >> - rate=0
> >>
> >> 18:06:55.408 installing em1 (172.16.1.1 on subnet 172.16.1/24) as vif
> #1 -
> >> rate=0
> >>
> >> 18:06:55.408 installing em2 (172.16.55.1 on subnet 172.16.55/24) as vif
> #2
> >> - rate=0
> >>
> >> 18:06:55.408 Getting vifs from /etc/mrouted.conf
> >>
> >> 18:06:55.408 Installing vifs in mrouted...
> >>
> >> 18:06:55.408 vif #1, phyint 172.16.1.1
> >>
> >> 18:06:55.409 vif #2, phyint 172.16.55.1
> >>
> >> pruning on
> >>
> >> 18:06:55.410 Installing vifs in kernel...
> >>
> >> 18:06:55.410 vif #1, phyint 172.16.1.1
> >>
> >> 18:06:55.410 vif #2, phyint 172.16.55.1
> >>
> >> vifs_with_neighbors = 0
> >>
> >>
> >> Virtual Interface Table
> >>
> >> Vif  Name  Local-Address   M  Thr  Rate
> >> Flags
> >>
> >>   0em0  10.10.12.81 subnet: 10.10.12/24 1   1  0
> >> disabled
> >>
> >> 18:06:55.411 warning - SIOCGETVIFCNT fails
> >>
> >>
> >>   1em1  172.16.1.1  subnet: 172.16.1/24 1  16  0
> >> querier
> >>
> >>  alternate subnets: 172.16/16
> >>
> >> boundaries: 239.0/16
> >>
> >> 18:06:55.411 warning - SIOCGETVIFCNT fails
> >>
> >>
> >>   2em2  172.16.55.1 subnet: 172.16.55/241  16  0
> >> querier
> >>
> >>  alternate subnets: 172.16/16
> >>
> >> boundaries: 239.0/16
> >>
> >> 18:06:55.411 warning - SIOCGETVIFCNT fails
> >>
> >>
> >>
> >> Multicast Routing Table (3 entries)
> >>
> >>   Origin-Subnet  From-GatewayMetric Tmr In-Vif  Out-Vifs
> >>
> >>   172.16.55/24  

Re: opensmtpd-filter-dkimsign-0.5

[latincom]

> In addition to Stuart's comment, you could checkout pkg readme:
>
> */usr/local/share/doc/pkg-readmes/opensmtpd-filter-dkimsign*
>

Hello

Could you please show me where is the answer to my question?

"+---
| Running opensmtpd-filter-dkimsign on OpenBSD
+---

To use filter-dkimsign, you must first generate a private key:

  doas -u _dkimsign openssl genrsa -out /etc/mail/dkim/private.rsa.key 2048

To generate the public key ready for dns:

  openssl rsa -in /etc/mail/dkim/private.rsa.key -pubout | \
sed '1s/.*/v=DKIM1;p=/;:nl;${s/-.*//;q;};N;s/\n//g;b nl;'

This value needs to be placed in a DNS txt record with the following syntax:
   ._domainkey.

Edit the /etc/mail/smtpd.conf file to declare the filter:

  filter dkimsign_rsa proc-exec "filter-dkimsign -d  -s 
-k /etc/mail/dkim/private.rsa.key" user _dkimsign group _dkimsign

Then add the filter to each listener that should be signed:

  listen on all filter dkimsign_rsa

To use Ed25519 similar steps must be taken.

  Make sure the ed25519 flavor of opensmtpd-filter-dkimsign is installed.

To generate the private key:

  doas -u _dkimsign eopenssl11 genpkey -algorithm ed25519 -outform PEM
-out /etc/mail/dkim/private.ed25519.key

To generate the public key ready for dns:

  printf "v=DKIM1;k=ed25519;p=%s" "$(eopenssl11 pkey -outform DER -pubout
-in /etc/mail/dkim/private.ed25519.key | tail -c +13 | openssl base64)"

Edit the /etc/mail/smtpd.conf file to declare the filter:

  filter dkimsign_ed25519 proc-exec "filter-dkimsign -a ed25519-sha256 -d
 -s  -k /etc/mail/dkim/private.ed25519.key" user
_dkimsign group _dkimsign

To add both filters to each listener that should be signed:

  filter dkimsign chain { dkimsign_rsa, dkimsign_ed25519 }
  listen on all filter dkimsign

For a full list of options see filter-dkimsign(8).

Let me show you an error:
This command, only works with "doas"! It does not work directly as root!
I do not use doas.

"doas -u _dkimsign openssl genrsa -out /etc/mail/dkim/private.rsa.key 2048"

Thanks

Re: 7.2: unbound(timeout) on startup

[Stuart Henderson]

On 2022-11-10, Martin Schröder  wrote:
> Am Do., 10. Nov. 2022 um 11:22 Uhr schrieb Stuart Henderson
>:
>> On 2022-11-09, Martin Schröder  wrote:
>> > Am Do., 10. Nov. 2022 um 00:02 Uhr schrieb Martin Schröder 
>> > :
>> >> This happens only on bootup of the machine... :-(
>> >
>> > I've tried hard to get any log messages for this, but failed so far.
>> > Neither setting a log file for unbound nor "unbound_flags=-d -d"
>> > produced any output.
>>
>> If you use dnssec validation, it's probably the rc-script trying
>> to fetch the anchor.
>
> I do, so it's very possible. Any idea how to get logging from there
> during bootup?

The only way to do that is to modify the rc.d script.

Re: 7.2: unbound(timeout) on startup

[Martin Schröder]

Am Do., 10. Nov. 2022 um 11:22 Uhr schrieb Stuart Henderson
:
> On 2022-11-09, Martin Schröder  wrote:
> > Am Do., 10. Nov. 2022 um 00:02 Uhr schrieb Martin Schröder 
> > :
> >> This happens only on bootup of the machine... :-(
> >
> > I've tried hard to get any log messages for this, but failed so far.
> > Neither setting a log file for unbound nor "unbound_flags=-d -d"
> > produced any output.
>
> If you use dnssec validation, it's probably the rc-script trying
> to fetch the anchor.

I do, so it's very possible. Any idea how to get logging from there
during bootup?

Best
Martin

Re: 7.2: unbound(timeout) on startup

[Stuart Henderson]

On 2022-11-10, Jan Stary  wrote:
> On Nov 10 00:39:59, mar...@oneiros.de wrote:
>> Am Do., 10. Nov. 2022 um 00:25 Uhr schrieb Jan Stary :
>> > With my current ISP, putting
>> >
>> > ifconfig pppoe0 down
>> >
>> > into rc.shutdown makes the subsequent boot faster with respect to pppoe.
>> > I suspect it's waht you say: the session gets "terminated properly"
>> > somehow; without it, it takes longer before the ISP assigns me
>> > an address.
>> 
>> That helped, thanks!
>> 
>> > !while ! ifconfig pppoe0 | grep -F 185.63.96.79; do date ; sleep 10; done
>> >
>> > at the end oh hostname.pppoe makes sure services only start
>> > after I have an address; and dmesg -s shows the waiting, if any.
>> > (Of course, I know the address here - tweak as needed.)
>> 
>> What happens when your pppoe doesn't come up?
>
> It always comes up, eventually.
> But if I don't down the device, it might be minutes.

for i in `seq 30`; do
ifconfig pppoe0 | grep inet | fgrep -w 0.0.0.0 || continue
sleep 1
done


-- 
Please keep replies on the mailing list.

Re: 7.2: unbound(timeout) on startup

[Stuart Henderson]

On 2022-11-09, Martin Schröder  wrote:
> Am Do., 10. Nov. 2022 um 00:02 Uhr schrieb Martin Schröder 
> :
>> This happens only on bootup of the machine... :-(
>
> I've tried hard to get any log messages for this, but failed so far.
> Neither setting a log file for unbound nor "unbound_flags=-d -d"
> produced any output.

If you use dnssec validation, it's probably the rc-script trying
to fetch the anchor.

-- 
Please keep replies on the mailing list.

Re: 7.2: unbound(timeout) on startup

[Jan Stary]

On Nov 10 00:39:59, mar...@oneiros.de wrote:
> Am Do., 10. Nov. 2022 um 00:25 Uhr schrieb Jan Stary :
> > With my current ISP, putting
> >
> > ifconfig pppoe0 down
> >
> > into rc.shutdown makes the subsequent boot faster with respect to pppoe.
> > I suspect it's waht you say: the session gets "terminated properly"
> > somehow; without it, it takes longer before the ISP assigns me
> > an address.
> 
> That helped, thanks!
> 
> > !while ! ifconfig pppoe0 | grep -F 185.63.96.79; do date ; sleep 10; done
> >
> > at the end oh hostname.pppoe makes sure services only start
> > after I have an address; and dmesg -s shows the waiting, if any.
> > (Of course, I know the address here - tweak as needed.)
> 
> What happens when your pppoe doesn't come up?

It always comes up, eventually.
But if I don't down the device, it might be minutes.