paket tag, veb0, virtual machine and relayd
I have a bridge veb0 to which is connected tap1, the interface of a virtual machine. On the bridge I have a rule for tap1: pass in on tap1 src 11:22:33:44:55:66 tag VM1 In the bridge I also have an interface vport0 with the IP address 1921.168.0.1 This virtual machine has the IP 192.168.0.2 When a packet comes out of the VM (i.e: curl) it gets tagged by the rule that I have on the veb bridge. I know the tag is working because I can drop packets with pf (pf.conf) if I add that rule: block in on tap1 tagged VM1 I have relayd listening on vport0 and in my relayd.conf I have this filter: pass path "/something.html" tagged VM1 It doesn't work. If I try to match only the path it works, only the IP it works, etc... but the tag doesn't match. Is it supposed to work ? Does the veb strips the tag ? thank you, Nick
Re: program compiled with clang from base runs 4 times slower than compiled with gcc-11.2.0p6 from ports
Stuart Henderson [stu.li...@spacehopper.org] wrote: > On 2023-06-05, Kastus Shchuka wrote: > > Next I tried -fno-fixup-gadgets, and that made a radical difference: > > Not entirely a surprise, we have seen this a few times now. > Usually it is fine, but has quite bad effects on some programs, > however it is quite a nice mitigation (big reduction in the > number of available ROP gadgets in compiled code). > There are potentially more fixups that can be improved. A while back, the fixup was adding more work than necessary. Todd Mortimer fixed an obvious case where the DstReg form of the MOV instruction was being used, instead of the SrcReg instruction, so a swap was required to move the data between registers. There may be others, from Todd Mortimer: "If you are interested, try objdump -d /usr/lib/libc.so and categorize the instructions that have the xchg dance around them. Sort by most common instruction, and then check the Intel SDM to see if the most common instructions that get this treatment have SrcReg / DestReg forms that we can swap around instead of doing the xchg dance. :-)" Chris
Re: relayd filter
On Tue, Jun 6, 2023 at 11:08 AM Paul Pace wrote: > On 6/5/23 3:15 PM, Nick Bouliane wrote: > > Hi, > > > > in relayd.conf I'm trying to do : > > > > pass from 192.168.1.1 path "/something.html" > > > > If I individually specify the "from" or the "path", it works > > but when I combine both, it doesn't work. > > Nowadays, when I come upon this I just use tags and move on. > > Something like this might work: > > match path "/something.html" tag something > pass from 192.168.1.1 tagged something > oh, it works well, thank you ! > > > > > Am I missing something or if it's just not possible ? > > Or is there another way to express this another way ? > > > > thank you, > > Nick > >
Re: relayd filter
On 6/5/23 3:15 PM, Nick Bouliane wrote: Hi, in relayd.conf I'm trying to do : pass from 192.168.1.1 path "/something.html" If I individually specify the "from" or the "path", it works but when I combine both, it doesn't work. Nowadays, when I come upon this I just use tags and move on. Something like this might work: match path "/something.html" tag something pass from 192.168.1.1 tagged something Am I missing something or if it's just not possible ? Or is there another way to express this another way ? thank you, Nick
Re: build go projects with current: bad system call (core dumped)
On 2023/06/06 15:39, Thomas Huber wrote: > This issue seems to be related to hardware limits eg. not enough RAM. > I came across these errors on a 1gig openbsd.amsterdam VM (thanks mischa for > your great > service!!) > But all the mentioned go projects build fine on larger OpenBSD-VMs (eg. 4gig > exoscale VM) and > this builds run fine on the smaller VM. > > Thanks Stuart for helping out again and verifying the build step. Good that you've got it to build, but that doesn't make a lot of sense as a reason, and I still think it's very likely that you're running into a problem from some old binary or cached build somewhere. There are probably some clues in kdump output from a failed run ("ktrace -i go install [...]", then "kdump | gzip > kdump.txt.gz") This is how it looks if I make a clean build of nats-server, restricted to 1G datasize: $ ulimit -d $((1024*1024)) $ chmod -R +rwX go; rm -rf go; rm -rf .cache/go-build $ go install -v github.com/nats-io/nats-server/v2@latest go: downloading github.com/nats-io/nats-server/v2 v2.9.17 go: downloading github.com/nats-io/nats-server v1.4.1 go: downloading go.uber.org/automaxprocs v1.5.1 go: downloading github.com/klauspost/compress v1.16.5 go: downloading github.com/minio/highwayhash v1.0.2 go: downloading github.com/nats-io/jwt/v2 v2.4.1 go: downloading github.com/nats-io/nkeys v0.4.4 go: downloading github.com/nats-io/nuid v1.0.1 go: downloading golang.org/x/crypto v0.8.0 go: downloading golang.org/x/time v0.3.0 go: downloading golang.org/x/sys v0.7.0 encoding internal/goarch internal/unsafeheader internal/coverage/rtcov internal/goexperiment internal/cpu internal/goos runtime/internal/atomic internal/abi runtime/internal/math internal/itoa runtime/internal/sys math/bits unicode/utf8 internal/race sync/atomic unicode container/list crypto/internal/alias crypto/subtle crypto/internal/boring/sig unicode/utf16 vendor/golang.org/x/crypto/cryptobyte/asn1 internal/nettrace vendor/golang.org/x/crypto/internal/alias golang.org/x/crypto/internal/alias golang.org/x/crypto/salsa20/salsa hash/maphash go.uber.org/automaxprocs/internal/runtime internal/bytealg math runtime internal/reflectlite sync internal/testlog internal/godebug internal/singleflight runtime/cgo internal/intern math/rand errors sort io internal/safefilepath internal/oserror strconv path syscall strings reflect bytes hash hash/crc32 bufio crypto container/heap crypto/internal/randutil crypto/internal/nistec/fiat crypto/rc4 vendor/golang.org/x/net/dns/dnsmessage net/netip encoding/base32 regexp/syntax golang.org/x/crypto/blowfish hash/fnv internal/syscall/unix internal/syscall/execenv time github.com/nats-io/nats-server/v2/server/sysmem vendor/golang.org/x/text/transform net/http/internal/ascii html text/tabwriter regexp context io/fs internal/poll encoding/binary internal/fmtsort embed encoding/base64 crypto/md5 crypto/internal/edwards25519/field crypto/cipher encoding/pem vendor/golang.org/x/crypto/internal/poly1305 os crypto/internal/nistec golang.org/x/crypto/internal/poly1305 crypto/internal/edwards25519 crypto/internal/boring crypto/aes crypto/hmac crypto/sha1 fmt path/filepath crypto/sha256 crypto/des crypto/sha512 vendor/golang.org/x/net/route vendor/golang.org/x/crypto/chacha20 crypto/ecdh vendor/golang.org/x/sys/cpu vendor/golang.org/x/crypto/hkdf io/ioutil golang.org/x/sys/cpu net golang.org/x/crypto/nacl/secretbox os/exec vendor/golang.org/x/crypto/chacha20poly1305 golang.org/x/crypto/curve25519 flag os/user compress/flate math/big encoding/hex net/url encoding/json compress/gzip github.com/klauspost/compress/flate github.com/minio/highwayhash golang.org/x/crypto/blake2b github.com/nats-io/nats-server/v2/conf log github.com/nats-io/nats-server/v2/server/pse crypto/rand crypto/elliptic crypto/internal/bigmod crypto/internal/boring/bbig encoding/asn1 crypto/ed25519 crypto/rsa crypto/dsa github.com/klauspost/compress/s2 archive/tar golang.org/x/crypto/ed25519 golang.org/x/crypto/nacl/box github.com/nats-io/nuid vendor/golang.org/x/crypto/cryptobyte crypto/x509/pkix github.com/nats-io/nkeys github.com/nats-io/nats-server/v2/internal/ldap golang.org/x/crypto/bcrypt golang.org/x/crypto/chacha20 crypto/ecdsa golang.org/x/crypto/chacha20poly1305 golang.org/x/time/rate vendor/golang.org/x/text/unicode/bidi vendor/golang.org/x/text/unicode/norm vendor/golang.org/x/net/http2/hpack crypto/x509 github.com/nats-io/jwt/v2 log/syslog vendor/golang.org/x/text/secure/bidirule github.com/nats-io/nats-server/v2/logger net/textproto mime mime/quotedprintable net/http/internal internal/profile runtime/pprof mime/multipart vendor/golang.org/x/net/idna crypto/tls golang.org/x/crypto/ocsp runtime/trace vendor/golang.org/x/net/http/httpguts vendor/golang.org/x/net/http/httpproxy go.uber.org/automaxprocs/maxprocs os/signal net/http/httptrace net/http net/http/pprof github.com/nats-io/nats-server/v2/server github.com/nats-io/nats-server/v2 ... Whereas, restricted to 512M, I get a specifc "out of memory" error
Re: build go projects with current: bad system call (core dumped)
This issue seems to be related to hardware limits eg. not enough RAM. I came across these errors on a 1gig openbsd.amsterdam VM (thanks mischa for your great service!!) But all the mentioned go projects build fine on larger OpenBSD-VMs (eg. 4gig exoscale VM) and this builds run fine on the smaller VM. Thanks Stuart for helping out again and verifying the build step. On Thu, 1 Jun 2023 at 16:34, Thomas Huber wrote: > On Thu, 1 Jun 2023 at 16:28, Stuart Henderson > wrote: > >> On 2023-06-01, Thomas Huber wrote: >> > Hi @misc, >> > >> > I face a problem with -current when building golang projects. >> > This worked fine on 7.2 and I think it stopped working with 7.3 release. >> > Now I try it on -current. >> > >> > I get the following error: >> > "go: error obtaining buildID for go tool compile: signal: bad system >> call >> > (core dumped)" >> > >> > The Projects I´m trying to build are the nats-server[1] and natscli[2]. >> > go version go1.20.4 openbsd/amd64 >> > >> > Maybe someone on this list has a clue... >> > Thanks Thomas (the u2k20 host) >> > >> > -- >> > [1] https://github.com/nats-io/nats-server >> > [2] https://github.com/nats-io/natscli >> > >> >> If you have any old cached compiles lying around (.cache/go-build?) then >> clear >> them out and try again. >> >> > thanks so far. > but didn´t work with updated project dependencies nor a clean > .cache/go-build. > >
ARM64 X11 display resolution
Hello, I'm installing an OpenBSD VM on Apple Silicon laptop on top of VMware Fusion and Parralels but have hard time setting X11 resolution higher than default 1024x768 resolution. Has anyone had experience with this and can help me setting resolution higher? Ideally I would want it to be 2560x1440 as I'm normally running OpenBSD VM on separate external display in full screen. Prior to switching to Apple Silicon I was running OpenBSD VM on Apple Intel notebook with VMware Fusion without any issues. $ dmesg | grep -e fb -e display -e OpenBSD OpenBSD 7.3-current (GENERIC.MP) #2148: Tue Jun 6 00:14:53 MDT 2023 vendor "VMware", unknown product 0x0406 (class display subclass VGA, rev 0x00) at pci0 dev 15 function 0 not configured simplefb0 at mainbus0: 1024x768, 32bpp wsdisplay0 at simplefb0 mux 1: console (std, vt100 emulation) wsdisplay0: screen 1-5 added (std, vt100 emulation) wskbd0 at ukbd0: console keyboard, using wsdisplay0 $ cat /var/log/Xorg.0.log | grep wsfb [ 164.049] (II) LoadModule: "wsfb" [ 164.051] (II) Loading /usr/X11R6/lib/modules/drivers/wsfb_drv.so [ 164.052] (II) Module wsfb: vendor="X.Org Foundation" [ 164.053] (II) wsfb: driver for wsdisplay framebuffer: wsfb [ 164.053] (WW) Falling back to old probe method for wsfb [ 164.053] (II) wsfb(0): using default device [ 164.054] (**) wsfb(0): Depth 24, (--) framebuffer bpp 32 [ 164.054] (==) wsfb(0): RGB weight 888 [ 164.054] (==) wsfb(0): Default visual is TrueColor [ 164.054] (==) wsfb(0): Using gamma correction (1.0, 1.0, 1.0) [ 164.054] (II) wsfb(0): Vidmem: 3072k [ 164.054] (**) wsfb(0): Display dimensions: (596, 335) mm [ 164.054] (**) wsfb(0): DPI set to (43, 58) [ 164.054] (**) wsfb(0): Using "Shadow Framebuffer" [ 164.063] (==) wsfb(0): Backing store enabled I've tried forcing X11 to use vmware display driver, but it didn't work, and it appears that this display driver is not available for arm64: $ ls /usr/X11R6/lib/modules/drivers/ amdgpu_drv.la amdgpu_drv.so ati_drv.la ati_drv.so modesetting_drv.la modesetting_drv.so radeon_drv.la radeon_drv.so wsfb_drv.la wsfb_drv.so wsudl_drv.la wsudl_drv.so Thanks, Karlis