Re: mouse cursor no longer changes over hyperlinks in Firefox on OpenBSD 7.5
On Tue, Jun 11, 2024 at 09:41:00PM -, Stuart Henderson wrote: > > On Mon, Jun 10, 2024 at 03:07:24PM -0600, Andy Bradford wrote: > >> Hello, > >> > >> I'm not sure if this is expected behavior or not, but it seems that > >> after upgrading to OpenBSD 7.5 the mouse cursor no longer changes from > >> an arrow pointer to a hand when I hover over links in Firefox. It does > >> work for some other programs though. Also, moving the mouse over other > >> elements (like text entry) does work. It's just moving over links that > >> no longer visibly changes the mouse cursor. > >> > >> Is this a problem isolated to Firefox? Is anyone aware of a change > >> that would cause this and more to the point, how to recover the > >> functionality? > > It's isolated to firefox, afaik most likely (maybe only likely?) > to occur if you don't use a "desktop environment", it's due to > https://bugzilla.mozilla.org/show_bug.cgi?id=1871863 > (see also https://bugzilla.mozilla.org/show_bug.cgi?id=1876366#c15) > and it's a flipping nuisance. > > On 2024-06-10, Hiltjo Posthuma wrote: > > iirc it can be worked around by setting in about:config: > > > > widget.gtk.legacy-cursors.enabled to true > > That is the hack they added that is supposed to undo this change. > It doesn't do anything for me though. Adding these two settings? $ grep Xcursor ~/.Xdefaults Xcursor.theme: Adwaita $ cat ~/local/share/icons/default/index.theme [Icon Theme] Inherits=Adwaita > > If you're not using a desktop environment, you can run xsettingsd > with this in .xsettingsd to set a cursor theme: > > Gtk/CursorThemeName "Adwaita" > > However then in some setups you'll get stupidly large pointers in > Gtk based software. -- Walter
Re: Missing vlan interfaces in OPENBSD-PF-MIB::pfIfTable
On 11/06/2024 15:34, Martijn van Duren wrote: > On Tue, 2024-06-11 at 14:56 +0300, Kapetanakis Giannis wrote: >> On 10/06/2024 18:43, Marc Boisis wrote: >>> Hello, >>> >>> I've a 7.5 openBSD router, when I'm asking OPENBSD-PF-MIB I have only 64 >>> physicals and carp interfaces but not my 45 vlan interfaces. >>> >>> My /etc/snmpd.conf >>> ROOT:amdrg2:/root > cat /etc/snmpd.conf >>> listen on 127.0.0.1 snmpv2c >>> read-only community public >>> >>> >>> "pfctl -sI" list all interfaces (carp and vlan). >>> >>> Is there a setting or a limit to configure to see vlan interfaces in >>> OPENBSD-PF-MIB and especialy in OPENBSD-PF-MIB::pfIfTable ? >>> >>> Ps: In openbsd 6.5, OPENBSD-PF-MIB::pfIfTable contain all interfaces >>> >>> Regards >>> >>> Marc >>> >> Indeed. >> >> snmpwalk -v2c -c xx localhost OPENBSD-PF-MIB::pfIfDescr | wc -l >> 64 >> >> pfctl -sI | wc -l >> 99 (groups included) >> >> ifconfig | grep flags | wc -l >> 85 >> >> that is on 7.5 release. >> >> snmpwalk is showing only "vlan" and not the vlan interfaces. That is >> probably the group vlan. >> >> There is also an empty one at the end. >> >> OPENBSD-PF-MIB::pfIfDescr.63 = STRING: vlan >> OPENBSD-PF-MIB::pfIfDescr.64 = STRING: >> >> G > $ snmp walk -v2c -cpublic 127.0.0.1 pfIfDescr | wc -l > 15 > $ doas pfctl -sI | wc -l > 15 > > pfIfDescr.13 = STRING: vlan > pfIfDescr.14 = STRING: vlan6 > > > I'm not seeing it. I'm willing to dig into this, but without giving me a > way to reproduce saying "me too" isn't going to help. > > martijn@ > How about creating more than 64 interfaces? G
Re: Rate limit the httpd web server for signup requests
On 2024-06-11 15:41, Martin wrote: I already do some rate limiting with stateful tracking options for PF, which works really great for the stuff I use it for. I also use block lists of known bad IP addresses etc. But what useful methods exists that prevent spamming a HTML signup form from stuffing the database with useless signups? Naturally the accounts that haven't been validated one way or another gets deleted, but the initial signup is a problem as thousands upon thousands of requests are stored before deletion. I have tried blocking by IP, but this is difficult as the IP changes faster than it can be blocked. The User Agent is spoofed with random garbage. Honey pot empty hidden fields gets detected and ignored. Randomly generated form IDs that gets submitted and validated using a session cookie also doesn't work as the cookie is just stored and then send along. A simple CAPTCHA reduces some of the irrelevant noise, but the more sophisticated bots solves the CAPTCHA. Using Cloudflare's or Google's CAPTCHA is frowned upon by the real users, which I fully understand. So I was wondering, if some other clever method can reduce the noise? I haven't tried it and I'm not sure how useful it is in your case, but mCaptcha uses proof of work. https://mcaptcha.org/ Paul
Rate limit the httpd web server for signup requests
I already do some rate limiting with stateful tracking options for PF, which works really great for the stuff I use it for. I also use block lists of known bad IP addresses etc. But what useful methods exists that prevent spamming a HTML signup form from stuffing the database with useless signups? Naturally the accounts that haven't been validated one way or another gets deleted, but the initial signup is a problem as thousands upon thousands of requests are stored before deletion. I have tried blocking by IP, but this is difficult as the IP changes faster than it can be blocked. The User Agent is spoofed with random garbage. Honey pot empty hidden fields gets detected and ignored. Randomly generated form IDs that gets submitted and validated using a session cookie also doesn't work as the cookie is just stored and then send along. A simple CAPTCHA reduces some of the irrelevant noise, but the more sophisticated bots solves the CAPTCHA. Using Cloudflare's or Google's CAPTCHA is frowned upon by the real users, which I fully understand. So I was wondering, if some other clever method can reduce the noise?
Re: mouse cursor no longer changes over hyperlinks in Firefox on OpenBSD 7.5
On 2024-06-11, Stuart Henderson wrote: >> On Mon, Jun 10, 2024 at 03:07:24PM -0600, Andy Bradford wrote: >>> Hello, >>> >>> I'm not sure if this is expected behavior or not, but it seems that >>> after upgrading to OpenBSD 7.5 the mouse cursor no longer changes from >>> an arrow pointer to a hand when I hover over links in Firefox. It does >>> work for some other programs though. Also, moving the mouse over other >>> elements (like text entry) does work. It's just moving over links that >>> no longer visibly changes the mouse cursor. >>> >>> Is this a problem isolated to Firefox? Is anyone aware of a change >>> that would cause this and more to the point, how to recover the >>> functionality? > > It's isolated to firefox, afaik most likely (maybe only likely?) > to occur if you don't use a "desktop environment", it's due to > https://bugzilla.mozilla.org/show_bug.cgi?id=1871863 > (see also https://bugzilla.mozilla.org/show_bug.cgi?id=1876366#c15) > and it's a flipping nuisance. > > On 2024-06-10, Hiltjo Posthuma wrote: >> iirc it can be worked around by setting in about:config: >> >> widget.gtk.legacy-cursors.enabled to true > > That is the hack they added that is supposed to undo this change. > It doesn't do anything for me though. Oh, huh, it didn't help after just restarting firefox, but did after a reboot? Very odd. > > If you're not using a desktop environment, you can run xsettingsd > with this in .xsettingsd to set a cursor theme: > > Gtk/CursorThemeName "Adwaita" > > However then in some setups you'll get stupidly large pointers in > Gtk based software. > > > -- Please keep replies on the mailing list.
Re: mouse cursor no longer changes over hyperlinks in Firefox on OpenBSD 7.5
> On Mon, Jun 10, 2024 at 03:07:24PM -0600, Andy Bradford wrote: >> Hello, >> >> I'm not sure if this is expected behavior or not, but it seems that >> after upgrading to OpenBSD 7.5 the mouse cursor no longer changes from >> an arrow pointer to a hand when I hover over links in Firefox. It does >> work for some other programs though. Also, moving the mouse over other >> elements (like text entry) does work. It's just moving over links that >> no longer visibly changes the mouse cursor. >> >> Is this a problem isolated to Firefox? Is anyone aware of a change >> that would cause this and more to the point, how to recover the >> functionality? It's isolated to firefox, afaik most likely (maybe only likely?) to occur if you don't use a "desktop environment", it's due to https://bugzilla.mozilla.org/show_bug.cgi?id=1871863 (see also https://bugzilla.mozilla.org/show_bug.cgi?id=1876366#c15) and it's a flipping nuisance. On 2024-06-10, Hiltjo Posthuma wrote: > iirc it can be worked around by setting in about:config: > > widget.gtk.legacy-cursors.enabled to true That is the hack they added that is supposed to undo this change. It doesn't do anything for me though. If you're not using a desktop environment, you can run xsettingsd with this in .xsettingsd to set a cursor theme: Gtk/CursorThemeName "Adwaita" However then in some setups you'll get stupidly large pointers in Gtk based software.
Re: [Solved] Edit: Installation amd64 7.5
> In this day and age, I find it more frustrating [...] Me too. But with the people trying to be real experts in what they are clearly not.
Re: Missing vlan interfaces in OPENBSD-PF-MIB::pfIfTable
Like Kapetanakis I have the 64 interface desc empty: > snmpget -v2c -c public 127.0.0.1 OPENBSD-PF-MIB::pfIfDescr.64 OPENBSD-PF-MIB::pfIfDescr.64 = STRING: So can we imagine a limit of 64 interfaces in the snmp (snmpd_metrics) code ? > On 11 Jun 2024, at 14:34, Martijn van Duren > wrote: > > On Tue, 2024-06-11 at 14:56 +0300, Kapetanakis Giannis wrote: >> On 10/06/2024 18:43, Marc Boisis wrote: >>> Hello, >>> >>> I've a 7.5 openBSD router, when I'm asking OPENBSD-PF-MIB I have only 64 >>> physicals and carp interfaces but not my 45 vlan interfaces. >>> >>> My /etc/snmpd.conf >>> ROOT:amdrg2:/root > cat /etc/snmpd.conf >>> listen on 127.0.0.1 snmpv2c >>> read-only community public >>> >>> >>> "pfctl -sI" list all interfaces (carp and vlan). >>> >>> Is there a setting or a limit to configure to see vlan interfaces in >>> OPENBSD-PF-MIB and especialy in OPENBSD-PF-MIB::pfIfTable ? >>> >>> Ps: In openbsd 6.5, OPENBSD-PF-MIB::pfIfTable contain all interfaces >>> >>> Regards >>> >>> Marc >>> >> Indeed. >> >> snmpwalk -v2c -c xx localhost OPENBSD-PF-MIB::pfIfDescr | wc -l >> 64 >> >> pfctl -sI | wc -l >> 99 (groups included) >> >> ifconfig | grep flags | wc -l >> 85 >> >> that is on 7.5 release. >> >> snmpwalk is showing only "vlan" and not the vlan interfaces. That is >> probably the group vlan. >> >> There is also an empty one at the end. >> >> OPENBSD-PF-MIB::pfIfDescr.63 = STRING: vlan >> OPENBSD-PF-MIB::pfIfDescr.64 = STRING: >> >> G > > $ snmp walk -v2c -cpublic 127.0.0.1 pfIfDescr | wc -l > 15 > $ doas pfctl -sI | wc -l > 15 > > pfIfDescr.13 = STRING: vlan > pfIfDescr.14 = STRING: vlan6 > > > I'm not seeing it. I'm willing to dig into this, but without giving me a > way to reproduce saying "me too" isn't going to help. > > martijn@ >
Re: Missing vlan interfaces in OPENBSD-PF-MIB::pfIfTable
On Tue, 2024-06-11 at 14:56 +0300, Kapetanakis Giannis wrote: > On 10/06/2024 18:43, Marc Boisis wrote: > > Hello, > > > > I've a 7.5 openBSD router, when I'm asking OPENBSD-PF-MIB I have only 64 > > physicals and carp interfaces but not my 45 vlan interfaces. > > > > My /etc/snmpd.conf > > ROOT:amdrg2:/root > cat /etc/snmpd.conf > > listen on 127.0.0.1 snmpv2c > > read-only community public > > > > > > "pfctl -sI" list all interfaces (carp and vlan). > > > > Is there a setting or a limit to configure to see vlan interfaces in > > OPENBSD-PF-MIB and especialy in OPENBSD-PF-MIB::pfIfTable ? > > > > Ps: In openbsd 6.5, OPENBSD-PF-MIB::pfIfTable contain all interfaces > > > > Regards > > > > Marc > > > Indeed. > > snmpwalk -v2c -c xx localhost OPENBSD-PF-MIB::pfIfDescr | wc -l > 64 > > pfctl -sI | wc -l > 99 (groups included) > > ifconfig | grep flags | wc -l > 85 > > that is on 7.5 release. > > snmpwalk is showing only "vlan" and not the vlan interfaces. That is probably > the group vlan. > > There is also an empty one at the end. > > OPENBSD-PF-MIB::pfIfDescr.63 = STRING: vlan > OPENBSD-PF-MIB::pfIfDescr.64 = STRING: > > G $ snmp walk -v2c -cpublic 127.0.0.1 pfIfDescr | wc -l 15 $ doas pfctl -sI | wc -l 15 pfIfDescr.13 = STRING: vlan pfIfDescr.14 = STRING: vlan6 I'm not seeing it. I'm willing to dig into this, but without giving me a way to reproduce saying "me too" isn't going to help. martijn@
Re: Missing vlan interfaces in OPENBSD-PF-MIB::pfIfTable
On 10/06/2024 18:43, Marc Boisis wrote: > Hello, > > I've a 7.5 openBSD router, when I'm asking OPENBSD-PF-MIB I have only 64 > physicals and carp interfaces but not my 45 vlan interfaces. > > My /etc/snmpd.conf > ROOT:amdrg2:/root > cat /etc/snmpd.conf > listen on 127.0.0.1 snmpv2c > read-only community public > > > "pfctl -sI" list all interfaces (carp and vlan). > > Is there a setting or a limit to configure to see vlan interfaces in > OPENBSD-PF-MIB and especialy in OPENBSD-PF-MIB::pfIfTable ? > > Ps: In openbsd 6.5, OPENBSD-PF-MIB::pfIfTable contain all interfaces > > Regards > > Marc Indeed. snmpwalk -v2c -c xx localhost OPENBSD-PF-MIB::pfIfDescr | wc -l 64 pfctl -sI | wc -l 99 (groups included) ifconfig | grep flags | wc -l 85 that is on 7.5 release. snmpwalk is showing only "vlan" and not the vlan interfaces. That is probably the group vlan. There is also an empty one at the end. OPENBSD-PF-MIB::pfIfDescr.63 = STRING: vlan OPENBSD-PF-MIB::pfIfDescr.64 = STRING: G
Re: How to configure vlans with vmm
On Tue, Jun 11, 2024 at 09:25:31AM +0100, Zé Loff wrote: > On Mon, Jun 10, 2024 at 12:11:45PM -0700, jrmu wrote: > > How can I configure vmm to use vlans for virtual machines? I saw > > openbsd.amsterdam * use this, but I am not sure how to replicate it. > > > > As I understand it, vmm creates a tap(4) interface for each virtual machine, > > and all tap interfaces are then placed inside the switch defined in vm.conf, > > which in my case is veb(4). To set up the virtual machines, would I want to > > create a vlan(4) device for each virtual machine, and have the machine use > > that? And then to add the vlan device onto the veb bridge? > > > > * https://openbsd.amsterdam/setup.html > > > > -- > > jrmu > > IRCNow (https://ircnow.org) > > TL,DR: add the VLAN interface to the veb device configured in /etc/vm.conf > > It depends a bit on the role you want your vmm host to play in that > network. Everything written below refers to the host, unless otherwise > specified. > > > The simplest setup is when the host plays no part in the VMs' networks, > and all VLAN traffic will be sent upstream as-is (the host can still > access the VMs services, but will do so via the upstream gateway). In > this scenario you will have a bunch of VLANs already configured > upstream, and simply want each VMs traffic to be blindly forwarded > between the VMs and the upstream network. > > You'll need (1) a vmd switch for each VLAN, each defining a veb, (2) a > vlan device for each VLAN, and (3) to add the VLAN devices to their > respective vebs: > > (1) A vmd switch for each VLAN: > > /etc/vm.conf: > switch "whatever1001" { interface veb1001 } > switch "whatever1002" { interface veb1002 } > ... > vm "blablaon1001" { > ... > interface { > switch "whatever1001" > > } > } > vm "yaddayaddaon1002" { > switch "whatever1002" > > } > > You can do without the fixed lladdr. I use them because I want fixed IP > addresses and I have an upstream dhcpd managing that. > > (2) VLAN interfaces on the host (change em0 to whatever is relevant in > your case): > > /etc/hostname.vlan1001: > vnetid 1001 parent em0 > up > > /etc/hostname.vlan1002: > vnetid 1002 parent em0 > up > > (3) Add the vlan interfaces to the vebs created by vmd: > > /etc/hostname.veb1001 > description "blablablaon1001 uplink" > add vlan1001 > up > > /etc/hostname.veb1002 > description "yaddayaddaon1002 uplink" > add vlan1002 > up > > And that's it. > > If you want the host to directly connect to the VMs, you can just create > vport interfaces (with appropriate IP address) and add them to the vebs. Actually, this is not entirely correct. If you are adding the vlan interface to the veb, then there is no need for the vport, you can just configure the vlan interface (IP address, etc). The vmd host will then be a part of the VLAN, so you get a "direct" route to the VM, if you want to. You _will_ need to add a vport to a veb if you want an isolated link between the host and the VMs, but if that is the case you don't need VLANs: just a different vport per veb. --
Re: Missing vlan interfaces in OPENBSD-PF-MIB::pfIfTable
Hello Marc, I don't have access to such a machine, but my vlan interfaces do show up for me. Could you try and find a reproducer? martijn@ On Mon, 2024-06-10 at 17:43 +0200, Marc Boisis wrote: > Hello, > > I've a 7.5 openBSD router, when I'm asking OPENBSD-PF-MIB I have only 64 > physicals and carp interfaces but not my 45 vlan interfaces. > > My /etc/snmpd.conf > ROOT:amdrg2:/root > cat /etc/snmpd.conf > listen on 127.0.0.1 snmpv2c > read-only community public > > > "pfctl -sI" list all interfaces (carp and vlan). > > Is there a setting or a limit to configure to see vlan interfaces in > OPENBSD-PF-MIB and especialy in OPENBSD-PF-MIB::pfIfTable ? > > Ps: In openbsd 6.5, OPENBSD-PF-MIB::pfIfTable contain all interfaces > > Regards > > Marc
Re: How to configure vlans with vmm
On Mon, Jun 10, 2024 at 12:11:45PM -0700, jrmu wrote: > How can I configure vmm to use vlans for virtual machines? I saw > openbsd.amsterdam * use this, but I am not sure how to replicate it. > > As I understand it, vmm creates a tap(4) interface for each virtual machine, > and all tap interfaces are then placed inside the switch defined in vm.conf, > which in my case is veb(4). To set up the virtual machines, would I want to > create a vlan(4) device for each virtual machine, and have the machine use > that? And then to add the vlan device onto the veb bridge? > > * https://openbsd.amsterdam/setup.html > > -- > jrmu > IRCNow (https://ircnow.org) TL,DR: add the VLAN interface to the veb device configured in /etc/vm.conf It depends a bit on the role you want your vmm host to play in that network. Everything written below refers to the host, unless otherwise specified. The simplest setup is when the host plays no part in the VMs' networks, and all VLAN traffic will be sent upstream as-is (the host can still access the VMs services, but will do so via the upstream gateway). In this scenario you will have a bunch of VLANs already configured upstream, and simply want each VMs traffic to be blindly forwarded between the VMs and the upstream network. You'll need (1) a vmd switch for each VLAN, each defining a veb, (2) a vlan device for each VLAN, and (3) to add the VLAN devices to their respective vebs: (1) A vmd switch for each VLAN: /etc/vm.conf: switch "whatever1001" { interface veb1001 } switch "whatever1002" { interface veb1002 } ... vm "blablaon1001" { ... interface { switch "whatever1001" } } vm "yaddayaddaon1002" { switch "whatever1002" } You can do without the fixed lladdr. I use them because I want fixed IP addresses and I have an upstream dhcpd managing that. (2) VLAN interfaces on the host (change em0 to whatever is relevant in your case): /etc/hostname.vlan1001: vnetid 1001 parent em0 up /etc/hostname.vlan1002: vnetid 1002 parent em0 up (3) Add the vlan interfaces to the vebs created by vmd: /etc/hostname.veb1001 description "blablablaon1001 uplink" add vlan1001 up /etc/hostname.veb1002 description "yaddayaddaon1002 uplink" add vlan1002 up And that's it. If you want the host to directly connect to the VMs, you can just create vport interfaces (with appropriate IP address) and add them to the vebs. --