paket tag, veb0, virtual machine and relayd
I have a bridge veb0 to which is connected tap1, the interface of a virtual machine. On the bridge I have a rule for tap1: pass in on tap1 src 11:22:33:44:55:66 tag VM1 In the bridge I also have an interface vport0 with the IP address 1921.168.0.1 This virtual machine has the IP 192.168.0.2 When a packet comes out of the VM (i.e: curl) it gets tagged by the rule that I have on the veb bridge. I know the tag is working because I can drop packets with pf (pf.conf) if I add that rule: block in on tap1 tagged VM1 I have relayd listening on vport0 and in my relayd.conf I have this filter: pass path "/something.html" tagged VM1 It doesn't work. If I try to match only the path it works, only the IP it works, etc... but the tag doesn't match. Is it supposed to work ? Does the veb strips the tag ? thank you, Nick
Re: program compiled with clang from base runs 4 times slower than compiled with gcc-11.2.0p6 from ports
Stuart Henderson [stu.li...@spacehopper.org] wrote: > On 2023-06-05, Kastus Shchuka wrote: > > Next I tried -fno-fixup-gadgets, and that made a radical difference: > > Not entirely a surprise, we have seen this a few times now. > Usually it is fine, but has quite bad effects on some programs, > however it is quite a nice mitigation (big reduction in the > number of available ROP gadgets in compiled code). > There are potentially more fixups that can be improved. A while back, the fixup was adding more work than necessary. Todd Mortimer fixed an obvious case where the DstReg form of the MOV instruction was being used, instead of the SrcReg instruction, so a swap was required to move the data between registers. There may be others, from Todd Mortimer: "If you are interested, try objdump -d /usr/lib/libc.so and categorize the instructions that have the xchg dance around them. Sort by most common instruction, and then check the Intel SDM to see if the most common instructions that get this treatment have SrcReg / DestReg forms that we can swap around instead of doing the xchg dance. :-)" Chris
Re: relayd filter
On Tue, Jun 6, 2023 at 11:08 AM Paul Pace wrote: > On 6/5/23 3:15 PM, Nick Bouliane wrote: > > Hi, > > > > in relayd.conf I'm trying to do : > > > > pass from 192.168.1.1 path "/something.html" > > > > If I individually specify the "from" or the "path", it works > > but when I combine both, it doesn't work. > > Nowadays, when I come upon this I just use tags and move on. > > Something like this might work: > > match path "/something.html" tag something > pass from 192.168.1.1 tagged something > oh, it works well, thank you ! > > > > > Am I missing something or if it's just not possible ? > > Or is there another way to express this another way ? > > > > thank you, > > Nick > >
Re: relayd filter
On 6/5/23 3:15 PM, Nick Bouliane wrote: Hi, in relayd.conf I'm trying to do : pass from 192.168.1.1 path "/something.html" If I individually specify the "from" or the "path", it works but when I combine both, it doesn't work. Nowadays, when I come upon this I just use tags and move on. Something like this might work: match path "/something.html" tag something pass from 192.168.1.1 tagged something Am I missing something or if it's just not possible ? Or is there another way to express this another way ? thank you, Nick
Re: build go projects with current: bad system call (core dumped)
On 2023/06/06 15:39, Thomas Huber wrote:
> This issue seems to be related to hardware limits eg. not enough RAM.
> I came across these errors on a 1gig openbsd.amsterdam VM (thanks mischa for
> your great
> service!!)
> But all the mentioned go projects build fine on larger OpenBSD-VMs (eg. 4gig
> exoscale VM) and
> this builds run fine on the smaller VM.
>
> Thanks Stuart for helping out again and verifying the build step.
Good that you've got it to build, but that doesn't make a lot of
sense as a reason, and I still think it's very likely that you're
running into a problem from some old binary or cached build somewhere.
There are probably some clues in kdump output from a failed run
("ktrace -i go install [...]", then "kdump | gzip > kdump.txt.gz")
This is how it looks if I make a clean build of nats-server,
restricted to 1G datasize:
$ ulimit -d $((1024*1024))
$ chmod -R +rwX go; rm -rf go; rm -rf .cache/go-build
$ go install -v github.com/nats-io/nats-server/v2@latest
go: downloading github.com/nats-io/nats-server/v2 v2.9.17
go: downloading github.com/nats-io/nats-server v1.4.1
go: downloading go.uber.org/automaxprocs v1.5.1
go: downloading github.com/klauspost/compress v1.16.5
go: downloading github.com/minio/highwayhash v1.0.2
go: downloading github.com/nats-io/jwt/v2 v2.4.1
go: downloading github.com/nats-io/nkeys v0.4.4
go: downloading github.com/nats-io/nuid v1.0.1
go: downloading golang.org/x/crypto v0.8.0
go: downloading golang.org/x/time v0.3.0
go: downloading golang.org/x/sys v0.7.0
encoding
internal/goarch
internal/unsafeheader
internal/coverage/rtcov
internal/goexperiment
internal/cpu
internal/goos
runtime/internal/atomic
internal/abi
runtime/internal/math
internal/itoa
runtime/internal/sys
math/bits
unicode/utf8
internal/race
sync/atomic
unicode
container/list
crypto/internal/alias
crypto/subtle
crypto/internal/boring/sig
unicode/utf16
vendor/golang.org/x/crypto/cryptobyte/asn1
internal/nettrace
vendor/golang.org/x/crypto/internal/alias
golang.org/x/crypto/internal/alias
golang.org/x/crypto/salsa20/salsa
hash/maphash
go.uber.org/automaxprocs/internal/runtime
internal/bytealg
math
runtime
internal/reflectlite
sync
internal/testlog
internal/godebug
internal/singleflight
runtime/cgo
internal/intern
math/rand
errors
sort
io
internal/safefilepath
internal/oserror
strconv
path
syscall
strings
reflect
bytes
hash
hash/crc32
bufio
crypto
container/heap
crypto/internal/randutil
crypto/internal/nistec/fiat
crypto/rc4
vendor/golang.org/x/net/dns/dnsmessage
net/netip
encoding/base32
regexp/syntax
golang.org/x/crypto/blowfish
hash/fnv
internal/syscall/unix
internal/syscall/execenv
time
github.com/nats-io/nats-server/v2/server/sysmem
vendor/golang.org/x/text/transform
net/http/internal/ascii
html
text/tabwriter
regexp
context
io/fs
internal/poll
encoding/binary
internal/fmtsort
embed
encoding/base64
crypto/md5
crypto/internal/edwards25519/field
crypto/cipher
encoding/pem
vendor/golang.org/x/crypto/internal/poly1305
os
crypto/internal/nistec
golang.org/x/crypto/internal/poly1305
crypto/internal/edwards25519
crypto/internal/boring
crypto/aes
crypto/hmac
crypto/sha1
fmt
path/filepath
crypto/sha256
crypto/des
crypto/sha512
vendor/golang.org/x/net/route
vendor/golang.org/x/crypto/chacha20
crypto/ecdh
vendor/golang.org/x/sys/cpu
vendor/golang.org/x/crypto/hkdf
io/ioutil
golang.org/x/sys/cpu
net
golang.org/x/crypto/nacl/secretbox
os/exec
vendor/golang.org/x/crypto/chacha20poly1305
golang.org/x/crypto/curve25519
flag
os/user
compress/flate
math/big
encoding/hex
net/url
encoding/json
compress/gzip
github.com/klauspost/compress/flate
github.com/minio/highwayhash
golang.org/x/crypto/blake2b
github.com/nats-io/nats-server/v2/conf
log
github.com/nats-io/nats-server/v2/server/pse
crypto/rand
crypto/elliptic
crypto/internal/bigmod
crypto/internal/boring/bbig
encoding/asn1
crypto/ed25519
crypto/rsa
crypto/dsa
github.com/klauspost/compress/s2
archive/tar
golang.org/x/crypto/ed25519
golang.org/x/crypto/nacl/box
github.com/nats-io/nuid
vendor/golang.org/x/crypto/cryptobyte
crypto/x509/pkix
github.com/nats-io/nkeys
github.com/nats-io/nats-server/v2/internal/ldap
golang.org/x/crypto/bcrypt
golang.org/x/crypto/chacha20
crypto/ecdsa
golang.org/x/crypto/chacha20poly1305
golang.org/x/time/rate
vendor/golang.org/x/text/unicode/bidi
vendor/golang.org/x/text/unicode/norm
vendor/golang.org/x/net/http2/hpack
crypto/x509
github.com/nats-io/jwt/v2
log/syslog
vendor/golang.org/x/text/secure/bidirule
github.com/nats-io/nats-server/v2/logger
net/textproto
mime
mime/quotedprintable
net/http/internal
internal/profile
runtime/pprof
mime/multipart
vendor/golang.org/x/net/idna
crypto/tls
golang.org/x/crypto/ocsp
runtime/trace
vendor/golang.org/x/net/http/httpguts
vendor/golang.org/x/net/http/httpproxy
go.uber.org/automaxprocs/maxprocs
os/signal
net/http/httptrace
net/http
net/http/pprof
github.com/nats-io/nats-server/v2/server
github.com/nats-io/nats-server/v2
... Whereas, restricted to 512M, I get a specifc "out of memory"
error
Re: build go projects with current: bad system call (core dumped)
This issue seems to be related to hardware limits eg. not enough RAM. I came across these errors on a 1gig openbsd.amsterdam VM (thanks mischa for your great service!!) But all the mentioned go projects build fine on larger OpenBSD-VMs (eg. 4gig exoscale VM) and this builds run fine on the smaller VM. Thanks Stuart for helping out again and verifying the build step. On Thu, 1 Jun 2023 at 16:34, Thomas Huber wrote: > On Thu, 1 Jun 2023 at 16:28, Stuart Henderson > wrote: > >> On 2023-06-01, Thomas Huber wrote: >> > Hi @misc, >> > >> > I face a problem with -current when building golang projects. >> > This worked fine on 7.2 and I think it stopped working with 7.3 release. >> > Now I try it on -current. >> > >> > I get the following error: >> > "go: error obtaining buildID for go tool compile: signal: bad system >> call >> > (core dumped)" >> > >> > The Projects I´m trying to build are the nats-server[1] and natscli[2]. >> > go version go1.20.4 openbsd/amd64 >> > >> > Maybe someone on this list has a clue... >> > Thanks Thomas (the u2k20 host) >> > >> > -- >> > [1] https://github.com/nats-io/nats-server >> > [2] https://github.com/nats-io/natscli >> > >> >> If you have any old cached compiles lying around (.cache/go-build?) then >> clear >> them out and try again. >> >> > thanks so far. > but didn´t work with updated project dependencies nor a clean > .cache/go-build. > >
ARM64 X11 display resolution
Hello, I'm installing an OpenBSD VM on Apple Silicon laptop on top of VMware Fusion and Parralels but have hard time setting X11 resolution higher than default 1024x768 resolution. Has anyone had experience with this and can help me setting resolution higher? Ideally I would want it to be 2560x1440 as I'm normally running OpenBSD VM on separate external display in full screen. Prior to switching to Apple Silicon I was running OpenBSD VM on Apple Intel notebook with VMware Fusion without any issues. $ dmesg | grep -e fb -e display -e OpenBSD OpenBSD 7.3-current (GENERIC.MP) #2148: Tue Jun 6 00:14:53 MDT 2023 vendor "VMware", unknown product 0x0406 (class display subclass VGA, rev 0x00) at pci0 dev 15 function 0 not configured simplefb0 at mainbus0: 1024x768, 32bpp wsdisplay0 at simplefb0 mux 1: console (std, vt100 emulation) wsdisplay0: screen 1-5 added (std, vt100 emulation) wskbd0 at ukbd0: console keyboard, using wsdisplay0 $ cat /var/log/Xorg.0.log | grep wsfb [ 164.049] (II) LoadModule: "wsfb" [ 164.051] (II) Loading /usr/X11R6/lib/modules/drivers/wsfb_drv.so [ 164.052] (II) Module wsfb: vendor="X.Org Foundation" [ 164.053] (II) wsfb: driver for wsdisplay framebuffer: wsfb [ 164.053] (WW) Falling back to old probe method for wsfb [ 164.053] (II) wsfb(0): using default device [ 164.054] (**) wsfb(0): Depth 24, (--) framebuffer bpp 32 [ 164.054] (==) wsfb(0): RGB weight 888 [ 164.054] (==) wsfb(0): Default visual is TrueColor [ 164.054] (==) wsfb(0): Using gamma correction (1.0, 1.0, 1.0) [ 164.054] (II) wsfb(0): Vidmem: 3072k [ 164.054] (**) wsfb(0): Display dimensions: (596, 335) mm [ 164.054] (**) wsfb(0): DPI set to (43, 58) [ 164.054] (**) wsfb(0): Using "Shadow Framebuffer" [ 164.063] (==) wsfb(0): Backing store enabled I've tried forcing X11 to use vmware display driver, but it didn't work, and it appears that this display driver is not available for arm64: $ ls /usr/X11R6/lib/modules/drivers/ amdgpu_drv.la amdgpu_drv.so ati_drv.la ati_drv.so modesetting_drv.la modesetting_drv.so radeon_drv.la radeon_drv.so wsfb_drv.la wsfb_drv.so wsudl_drv.la wsudl_drv.so Thanks, Karlis
