Re: wifi

[Otto Moerbeek]

On Thu, May 23, 2024 at 01:44:57AM -0300, Gustavo Rios wrote:

> Hi folks!
> 
> I would like to setup my openbsd wifi but up to now, no success.
> Here is my lspci output. May some one help me ?
> 
> Thanks a lot.
> 
> 02:00.0 Network controller: Realtek Semiconductor Co., Ltd. RTL8821CE
> 802.11ac PCIe Wireless Network Adapter
> 
> -- 
> The lion and the tiger may be more powerful, but the wolves do not perform
> in the circus

It helps more to send a dmesg, to see what the kernel thinks about the device,

-Otto

wifi

[Gustavo Rios]

Hi folks!

I would like to setup my openbsd wifi but up to now, no success.
Here is my lspci output. May some one help me ?

Thanks a lot.

02:00.0 Network controller: Realtek Semiconductor Co., Ltd. RTL8821CE
802.11ac PCIe Wireless Network Adapter

-- 
The lion and the tiger may be more powerful, but the wolves do not perform
in the circus

advice debugging lockups with swap-thrashing symptoms?

[James Cook]

Hi,

One of my OpenBSD boxes sometimes gets in a weird locked-up or
almost-locked-up state. I'm wondering what I can do to debug it
further next time it happens.

It feels like swap thrashing, but top reports plenty of memory free.


Symptoms:


1. top reports lots of free memory, small act/tot and cache amounts,
   and some swap space used.

See example output of "top -ud1" below. Note I ran pkill -9 firefox
before running that command, so apparently it's taking a while even
for kill -9 to have an effect.

It's weird the act/tot amounts are so small when free is so high.

I would also expect the cache number to be much higher. E.g. on
this occasion, I was running "git annex fsck", which reads plenty
of data from disk. With my vague understanding of the vm system I
would expect this to result in lots being cached.


3. Hard disk light is constantly active. (Swapping?)


2. System is completely or almost completely unresponsive.

Usually when this happens the X11 display appears completely frozen
and I can't ssh to the machine, switch to another virtual terminal,
or otherwise interact. (I think pinging the box still works in
this case.) I will sometimes notice the system slowing down for
a minute or so, and hard disk activity increasing, before it
completely grinds to a halt.

The most recent time I got lucky, and I could still use ssh and run
simple commands like top and dmesg. After several minutes, I even
saw the X11 display update. My tmux-in-xterm windows were still
trying to redraw themselves for several minutes after being resized:
a few lines were displayed but many were still missing.

Just now, about 40 minutes after the lock-up, my system started
responding quickly again, as if nothing was ever wrong. Maybe it
hepled that I killed some processes including firefox, but I did
that probably more than 10 minutes ago.


below dmesg is from when it was in the almost-locked-up state. I
think the filesystem full messages at the end can be ignored; that
was an issue I resolved earlier. I'm pretty sure I've observed this
on 7.4 and/or 7.5 before I switched to current.

-- 
James


angel ~ $ top -ud1
load averages:  8.17, 10.86, 10.03angel.falsifian.org 18:44:22
200 processes: 1 starting, 6 running, 171 idle, 1 stopped, 18 dead, 3 on 
processor  up 0 days 04:10:10
CPU0 states:  7.6% user,  0.0% nice,  8.4% sys,  6.6% spin,  2.6% intr, 74.8% 
idle
CPU1 states: 10.1% user,  0.0% nice, 10.6% sys,  4.8% spin,  0.0% intr, 74.5% 
idle
CPU2 states:  9.8% user,  0.0% nice, 10.3% sys,  4.9% spin,  0.0% intr, 75.0% 
idle
Memory: Real: 88K/1197M act/tot Free: 14G Cache: 165M Swap: 1046M/32G

  PIDUID   PRI NICE  SIZE   RES STATE WAIT  TIMECPU COMMAND
77712   1000620   39M   20K run/1 - 3:21 30.52% tmux
79301   1000600 1752K   20K run/1 - 0:42 29.59% sshd-session
96911 48620   10M   20K run/2 - 1:30 26.56% unwind
 9794 35610  133M 3156K onproc/2  - 8:12 25.20% Xorg
59778   1000100  610M   20M run/1 thrdeat  19:05 10.84% firefox
27864   1000180 1308K4K sleep/0   sigsusp   0:31  4.98% sh
48161   1000-60 1308K4K sleep/2   piperd0:31  4.59% sh


dmesg:


OpenBSD 7.5-current (GENERIC.MP) #77: Sun May 19 16:08:08 MDT 2024
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17160474624 (16365MB)
avail mem = 16619134976 (15849MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xf0100 (59 entries)
bios0: vendor Award Software International, Inc. version "F7" date 11/20/2009
bios0: Gigabyte Technology Co., Ltd. GA-MA790XT-UD4P
acpi0 at bios0: ACPI 1.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SSDT HPET MCFG TAMG APIC
acpi0: wakeup devices PCI0(S5) USB0(S3) USB1(S3) USB2(S3) USB3(S3) USB4(S3) 
USB5(S3) USB6(S3) SBAZ(S4) P2P_(S5) PCE2(S4) PCE3(S4) PCE4(S4) PCE5(S4) 
PCE6(S4) PCE7(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpihpet0 at acpi0: 14318180 Hz
acpimcfg0 at acpi0
acpimcfg0: addr 0xe000, bus 0-255
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Phenom(tm) II X3 710 Processor, 2611.93 MHz, 10-04-02, patch 01db
cpu0: cpuid 1 
edx=178bfbff
 ecx=802009
cpu0: cpuid 8001 
edx=efd3fbff 
ecx=37ff
cpu0: cpuid 8007 edx=1f9
cpu0: 64KB 64b/line 2-way D-cache, 64KB 64b/line 2-way I-cache
cpu0: 512KB 64b/line 16-way L2 cache
cpu0: smt 0, core 0, package 0
cpu0: AMD erratum 721 detected and fixed
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 200MHz
cpu0: mwait min=64, max=64, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD Phenom(tm) II X3 710 Processor, 2611.94 MHz, 10-04-02, patch 01db
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: AMD Phenom(tm) II X3 710 Processor, 2612.02 MHz, 

Re: how to fsck automatically at boot

[Stuart Henderson]

On 2024-05-22, Kirill A  Korinsky  wrote:
> On Wed, 22 May 2024 12:53:11 +0100,
> Nick Holland  wrote:
>> 
> Do you need atime on that FS? Disable it dramatically reduces chances of
> manual interraction with fsck.

btw: you probably _do_ want atime on /tmp (see /etc/daily).
But that's a fairly good candidate for MFS anyway.

Re: httpd & nextcloud

[Souji Thenria]

On Wed May 22, 2024 at 4:46 PM BST, Am Jam wrote:

Your tip led me in the right direction and I now have what I need. Thank
you!



Glad I could help.


One thing to note. I had to add the following line to get everything to
work:
-   location "/" { block return 301 "$https://$SERVER_NAME/index.php; }

I added this line because, for some reason, without this line, navigating
to "www.domain.com" would fail.
But I noticed that navigating specifically to "www.domain.com/index.php"
worked.


You might be able to resolve this, by putting the directory index
configuration

directory index "index.php"


in this location context:

location "/*.php*" {
root "/nextcloud"
fastcgi socket "/run/php-fpm.sock"
pass
}


I'm not sure if you can specify the directory index for an entire server
context or if you need to define it inside a location context.

Re: httpd & nextcloud

[Am Jam]

Hi Souji,

Your tip led me in the right direction and I now have what I need. Thank
you!

One thing to note. I had to add the following line to get everything to
work:
-   location "/" { block return 301 "$https://$SERVER_NAME/index.php; }

I added this line because, for some reason, without this line, navigating
to "www.domain.com" would fail.
But I noticed that navigating specifically to "www.domain.com/index.php"
worked.

For posterity's sake, here is my "working" /etc/httpd.conf:

server "www.domain.com" {
listen on * tls port 443

# acme-challenge TLS location
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
}

# enable HTTP Strict Transport Security
hsts {
preload
subdomains
max-age 15768000
}

tls {
certificate "/etc/ssl/domain.io.fullchain.pem"
key "/etc/ssl/private/domain.io.key"
}

# set max upload size to 1G (in bytes)
connection max request body 1048576000
connection max requests 1000
connection request timeout 3600
connection timeout 3600

# set root directory
root "/nextcloud"
directory index "index.php"

block drop

# ensure that no "*.php*" files can be fetched from these directories
location "/config/*" { block drop }
location "/data/*" { block drop }
location "/*.php*" {
root "/nextcloud"
fastcgi socket "/run/php-fpm.sock"
pass
}

location "/dist/*" {
root "/nextcloud"
pass
}

location "/apps/*" {
root "/nextcloud"
pass
}

location "/core/*" {
root "/nextcloud"
pass
}

location "/updater/*" {
root "/nextcloud"
pass
}

location "/" { block return 301 "https://$SERVER_NAME/index.php; }
location "/nextcloud" { block return 301 "$DOCUMENT_URI/index.php" }
location "/nextcloud/" { block return 301 "$DOCUMENT_URI/index.php" }
location "/.well-known/carddav" { block return 301
"https://$SERVER_NAME/remote.php/dav; }
location "/.well-known/caldav" { block return 301
"https://$SERVER_NAME/remote.php/dav; }
location "/.well-known/webfinger" { block return 301
"/index.php/.well-known/webfinger" }
location "/.well-known/nodeinfo" { block return 301
"/index.php/.well-known/nodeinfo" }

location "/ocs-provider/*" {
block return 301 "$DOCUMENT_URI/index.php"
}

location "/ocm-provider/*" {
block return 301 "$DOCUMENT_URI/index.php"
}
}



On Wed, May 22, 2024 at 9:58 AM Souji Thenria 
wrote:

> On Wed May 22, 2024 at 2:38 PM BST, Am Jam wrote:
> > Hi Everyone,
>
> Hi Am,
>
> > Before anyone asks, removing "/nextcloud" from each of the location
> strings
> > does not work.
> > When I do that I get an "ERR_EMPTY_RESPONSE" error in my browser
> (Chrome).
> > My httpd.conf below was inspired by the one outlined in the nextcloud
> > pkg-readme.
>
> Did you also remove the line: 'request strip 1'?
>
> So that instead of
> > location "/nextcloud/*.php*" {
> > root "/nextcloud"
> > request strip 1
> > fastcgi socket "/run/php-fpm.sock"
> > pass
> > }
>
> you should have:
> location "/*.php*" {
> root "/nextcloud"
> fastcgi socket "/run/php-fpm.sock"
> pass
> }
>
>
> Regards,
> Souji
>

Re: httpd & nextcloud

[Souji Thenria]

On Wed May 22, 2024 at 2:38 PM BST, Am Jam wrote:

Hi Everyone,


Hi Am,


Before anyone asks, removing "/nextcloud" from each of the location strings
does not work.
When I do that I get an "ERR_EMPTY_RESPONSE" error in my browser (Chrome).
My httpd.conf below was inspired by the one outlined in the nextcloud
pkg-readme.


Did you also remove the line: 'request strip 1'?

So that instead of

location "/nextcloud/*.php*" {
root "/nextcloud"
request strip 1
fastcgi socket "/run/php-fpm.sock"
pass
}


you should have:
location "/*.php*" {
   root "/nextcloud"
   fastcgi socket "/run/php-fpm.sock"
   pass
}


Regards,
Souji

httpd & nextcloud

[Am Jam]

Hi Everyone,

I am trying to run a small nextcloud website and I'm having a problem with
the URLs.
I installed nextcloud via pkg_add, and all of its files were installed
under /var/www/nextcloud.
The pkg-readmes were helpful in getting nextcloud working with httpd.

However, though everything "works", my URLs look like this:
-   www.domain.com/nextcloud/index.php/foo/bar/...

And I can't for the life of me seem to edit /etc/httpd.conf to make it so
my URLs look like this:
-   www.domain.com/index.php/foo/bar/...

Furthermore, I can only access nextcloud if I navigate to
-   www.domain.com/nextcloud

I would prefer to access nextcloud by navigating to
-   www.domain.com


Even if I add the following line to /etc/httpd.conf, it works only in the
web browser and nextcloud-specific iOS apps don't fully work properly:
-   location "/" { block return 301 "nextcloud/index.php" }


My /etc/httpd.conf is below.
Am I missing something obvious?

Before anyone asks, removing "/nextcloud" from each of the location strings
does not work.
When I do that I get an "ERR_EMPTY_RESPONSE" error in my browser (Chrome).
My httpd.conf below was inspired by the one outlined in the nextcloud
pkg-readme.

Thanks in advance.

server "www.domain.com" {
listen on * tls port 443

# acme-challenge TLS location
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
}

# enable HTTP Strict Transport Security
hsts {
preload
subdomains
max-age 15768000
}

tls {
certificate "/etc/ssl/domain.com.fullchain.pem"
key "/etc/ssl/private/domain.com.key"
}

# set root directory
root "/nextcloud"
directory index "index.php"

# set max upload size to 1G (in bytes)
connection max request body 1048576000
connection max requests 1000
connection request timeout 3600
connection timeout 3600

block drop

# ensure that no "*.php*" files can be fetched from these directories
location "/nextcloud/config/*" { block drop }
location "/nextcloud/data/*" { block drop }
location "/nextcloud/*.php*" {
root "/nextcloud"
request strip 1
fastcgi socket "/run/php-fpm.sock"
pass
}

location "/nextcloud/dist/*" {
root "/nextcloud"
request strip 1
pass
}

location "/nextcloud/apps/*" {
root "/nextcloud"
request strip 1
pass
}

location "/nextcloud/core/*" {
root "/nextcloud"
request strip 1
pass
}

location "/nextcloud/updater/*" {
root "/nextcloud"
request strip 1
pass
}

location "/nextcloud" { block return 301 "$DOCUMENT_URI/index.php" }
location "/nexctloud/" { block return 301 "$DOCUMENT_URI/index.php" }
location "/.well-known/carddav" { block return 301
"https://$SERVER_NAME/nextcloud/remote.php/dav; }
location "/.well-known/caldav" { block return 301
"https://$SERVER_NAME/nextcloud/remote.php/dav; }
location "/.well-known/webfinger" { block return 301
"/nextcloud/index.php/.well-known/webfinger" }
location "/.well-known/nodeinfo" { block return 301
"/nextcloud/index.php/.well-known/nodeinfo" }

location "/nextcloud/ocs-provider/*" {
block return 301 "$DOCUMENT_URI/index.php"
}

location "/nextcloud/ocm-provider/*" {
block return 301 "$DOCUMENT_URI/index.php"
}
}

Re: how to fsck automatically at boot

[Kirill A . Korinsky]

On Wed, 22 May 2024 12:53:11 +0100,
Nick Holland  wrote:
> 
> For reasons of multi-hour fsck's on a few systems, I'm looking at
> remounting the problem file systems as "rw" when writing is actually
> needed and "ro" after the writing is complete (IN THIS APPLICATION, this
> is known) to reduce my "at risk of power outage" window a lot, but I
> suspect this will fall deeply within the category of "when I break
> things, I get to keep all the pieces". :)
> 

Do you need atime on that FS? Disable it dramatically reduces chances of
manual interraction with fsck. If you move forward and add sync which slow
down write but allows to get almost zero porbability of fsck interraction.

-- 
wbr, Kirill

Re: Bgpd multipath conf

[Marco Agostani]

In the end I found out a way to  manage mutipath.
Outside the bgpd daemon.
Basically I evaluate the bgp peer status from ifstated rules and I 
install/remove static multipath route on variation.
The first test seem promising.
In the end I can even manage carp based on peer availabilty with this approach.

If someone is interested in conf I can post as well as soon as I finish my test 
base.


Cheers
M.



Caterpillar: Confidential Green
-Original Message-
From: Benjamin Raskin 
Sent: Thursday, May 16, 2024 3:47 PM
To: Stuart Henderson ; Marco Agostani 

Cc: misc@openbsd.org
Subject: Re: Bgpd multipath conf

CAUTION: EXTERNAL EMAIL  This is a message from raskinbenjam...@gmail.com.  Use 
caution when opening unexpected emails and do not click on links or attachments 
from unknown senders. For more resources, visit security.cat.com/phishing.

__
I'm working on something similar right now for bgpd, where any connected /128 
ipv6 address will be announced over bgp.

For example if the router is connected to an adjacent host that has assigned 
itself an address through slaac such that the router has an entry for that 
particular host in the routing table, then the router will announce the host's 
/128 address.

On Thu, May 16, 2024 at 6:24 AM Stuart Henderson  
wrote:
>
> On 2024-05-16, Marco Agostani  wrote:
> > Ok so in the end is there a way to install more then one route in the 
> > kernel table through bgpd or not ?
>
> No. That is what "bgpd ... does not handle adding multiple paths for
> the same prefix to the FIB" means. (FIB = "forwarding information
> base" = kernel route table)
>
> > And if it's something that could be done in the future ?
>
> could? sure, if someone were to write the code to support it.
>
> I don't think it will be a particularly easy thing to do though.
>
>
> --
> Please keep replies on the mailing list.
>

Re: how to fsck automatically at boot

[Nick Holland]

On 5/21/24 08:28, Stuart Henderson wrote:

On 2024-05-21, Nick Holland  wrote:

...


When I remove that disk the boot sequence stops and asks for a fsck
I would like that this disk is mounted when it's present, but when it's not 
installed I don't want the boot sequence to stop


Make it also "noauto" in fstab and mount it in rc.local.


Last I tried this, it didn't do what I wanted -- "noauto" still expects
to have the disk there and will fsck it on boot.  Failure to be able to
do this stops the boot.  It's been a while since I last tried this, so
perhaps something has changed (including my recollection?)


See fstab(5) about fs_passno.


ah, so "0" or blank. cool. learned something.
That will simplify a few things!


And this might be a solution for the OP's problem:
make /usr and /usr/* "ro" during normal operation


reorder_kernel is run in the background from /etc/rc; for RO /usr
you need to wait for that to finish.


And I forgot that. d'oh.
So yes, file my tidbit under "REALLY BAD ADVICE" and ignore it.

For reasons of multi-hour fsck's on a few systems, I'm looking at
remounting the problem file systems as "rw" when writing is actually
needed and "ro" after the writing is complete (IN THIS APPLICATION, this
is known) to reduce my "at risk of power outage" window a lot, but I
suspect this will fall deeply within the category of "when I break
things, I get to keep all the pieces". :)

Nick.

 

Re: how to fsck automatically at boot

[Mik J]

Hello Nick, Stuart, Kirill, Jan,
Thank you for all your answers.






Le mardi 21 mai 2024 à 14:31:13 UTC+2, Stuart Henderson 
 a écrit : 





On 2024-05-21, Nick Holland  wrote:
> On 5/20/24 09:37, Jan Stary wrote:
>> On May 20 13:22:26, mikyde...@yahoo.fr wrote:
>>> Hello,
>>> 
>>> I have two use cases and problems with fsck.
>>> 
>>> 1) When my openbsd boots after an outage, the system asks me to fsck /, 
>>> /usr, /var or /home manually.
>>> So I do
>>> fsck /dev/sd0a
>>> And then I'm asked questions and I usually answer F
>>> 
>>> So my question is that I want this process to be done automatically at boot 
>>> time for each partition that has a problem.
>> 
>> The /etc/rc boot script calls fsck -p;
>> if that fails, it means fsck -p was unable to fix a major problem.
>> It is the point that it requires an admin's intervention.
>> 
>> You would have to change the fsck call to fsck -y;
>> but don't do that.

AIUI the rationale for not using -y by default is that fsck may do
further damage to a badly damaged disk. But in practice many people
wouldn't do anything other than hit 'y' lots or 'F' when fsck
complains, in which case patching /etc/rc to run -y by default
isn't going to be any worse... And there are certainly some classes
of system where you don't really care about losing data (i.e. you
can recreate from config management or backups) but you do want to
maximise the chances of being able to connect in remotely, and in
that case -y can definitely help.

> I'd look at why your file systems are always needing these manual
> interventions after a hard shutdown.  I routinely power down my
> personal systems with yanking the power cord if it would take me
> longer "properly" connect a console and properly shut down.

That really depends on what the system is doing.

>>> When I remove that disk the boot sequence stops and asks for a fsck
>>> I would like that this disk is mounted when it's present, but when it's not 
>>> installed I don't want the boot sequence to stop
>> 
>> Make it also "noauto" in fstab and mount it in rc.local.
>
> Last I tried this, it didn't do what I wanted -- "noauto" still expects
> to have the disk there and will fsck it on boot.  Failure to be able to
> do this stops the boot.  It's been a while since I last tried this, so
> perhaps something has changed (including my recollection?)

See fstab(5) about fs_passno.

> And this might be a solution for the OP's problem:
> make /usr and /usr/* "ro" during normal operation

reorder_kernel is run in the background from /etc/rc; for RO /usr
you need to wait for that to finish.

-- 
Please keep replies on the mailing list.

Re: IPv6 routing problems with vether and vmm

[Stuart Henderson]

On 2024/05/21 20:30, jrmu wrote:
> Greetings,
> 
> > > I also don't control the entire /48.
> > >
> > > Here is the information I was given:
> > >
> > > My IPv6 Address Subnet: 2602:fccf:400:41::/64
> > > Hypervisor' IPv6 Gateway: 2602:fccf:400::1
> > >
> > > I was only given a /64.
> > 
> > So you should use a /64 prefix length not the /48 which you have.
> > 
> > See EXAMPLES in route(8) for how to set the gateway.
> 
> Please excuse my ignorance here, as I am unfamiliar with networking. Can
> you explain why /64 is the correct prefix length?

Because that is the information they gave you:

"Here is the information I was given:
My IPv6 Address Subnet: 2602:fccf:400:41::/64"

> I am confused because it seems not analogous to IPv4.

Your provider has decided to use a different config method for v6
compared to v4.

They probably have a route for the whole /64 to your MAC address to
avoid having to do neighbour discovery (NDP) for addresses in your
subnet.

If they did NDP, they have to try to find the MAC address to send
packets for that individual address. So if that address isn't in
the (limited size) NDP cache their router would need to buffer the
packet, try to resolve the address, if that address is not configured
anywhere they'd need to wait for a timeout before possibly generating a
host-unreachable icmp6 message and discarding the packet. These are all
slow operations using cpu resources on a router where those resources
are usually quite limited.

Now consider the number of addresses in the subnet and that someone
on the internet can send packets to any address. There are similar
issues for v4 (using ARP rather than NDP to find MAC addresses) but the
scale is vastly different - and most addresses will be in use anyway
so most of the time a randomly addressed packet will already have the
MAC address in the ARP cache.

There are other ways to handle this (e.g. add a small 'link net' between
the router and your host) but config for that is a bit more hassle
to do on the provider's side - typically with that setup you'd have
a separate vlan per customer too, as well as the route table entry
across the provider's network for the link net, using more resources on
routers/switches.

> In the IPv4 example, my address is 104.167.241.211, the gateway is
> 104.167.241.193, and the subnet mask 255.255.255.192. The network length
> then is /26. I don't control the entire /26 subnet, only one single IPv4
> address within it, but my network would have a prefix length of /26.

All of the /26 is probably directly reachable (using ARP to lookup
the MAC address). And vice-versa, other addresses in the /26 will
be expecting to be able to send packets to you directly rather than
going via the gateway.

> Isn't using a prefix length of /48 the same in the case of IPv6? I don't
> control the entire /48, but the gateway 2602:fccf:400::1 shares the
> first 48 network bits with my IPv6 address 2602:fccf:400:41::

You almost certainly can't reach the rest of the /48 without going
via the gateway.

> If I were to set the routing prefix length to 64, then I could manually
> add an extra route to the IPv6 gateway. But then, wouldn't I want to set
> my IPv4 address with a subnet mask of 255.255.255.255, so that the
> network length would be 32 rather than 26, and also add a manual route
> there?

Some providers do do that for v4, but if they had they'd be telling you
to use the /32. There's a lot less reason to do it for v4 though.