Re: My PC is crashing

[Anders Andersson]

On Fri, May 10, 2024 at 8:14 AM Peter N. M. Hansteen  wrote:
>
> Hi Daniel,
>
> On Fri, May 10, 2024 at 07:57:31AM +0200, Daniel Hejduk wrote:
> > Hello,
> > I installed OBSD on my IdeaPad.
> > Install went fine I installed offline using .iso file.
> > But after rebooting it works for ~30 seconds and after that it shutdowns,
> > without any errors kernel panics nothing.
> >
> > How can I debug it? I will send you more info if I found something.
>
> The FAQ has a reasonable description of how to debug and report observed
> problems at https://www.openbsd.org/report.html
>

Missing from the FAQ is IMO step 0: Run memtest over night to rule out
hard to debug hardware problems. It won't catch everything of course,
but it usually finds RAM issues which is its main job.

Re: Does anyone know whether this hardware runs OpenBSD?

[Anders Andersson]

On Tue, Mar 26, 2024 at 1:07 AM Jose Maldonado  wrote:
>
> El Mon, 25 Mar 2024 04:39:15 -0400
> Steve Litt  escribió:
> > Does anyone know whether this hardware runs OpenBSD?
> >
> > https://www.walmart.com/ip/MeLE-Quieter3Q-Fanless-Mini-PC-N5105-Windows-11-8GB-256GB-4K-UHD-Wifi-6-Mini-Desktop-Computer-New/2177929669
> >
> > Thanks,
> >
> > SteveT
> >
> > Steve Litt
> >
> > Autumn 2023 featured book: Rapid Learning for the 21st Century
> > http://www.troubleshooters.com/rl21
> >
>
> Hi! Why not this?
>
> https://www.pcliquidations.com/p150914-hp-elitedesk-705-g4
>
> Better hardware and OpenBSD support

Why not a full desktop PC? How are these even comparable? Your
suggestion is more than 5 times as large and heavy, and it even has a
fan.

Re: cwm on wayland

[Anders Andersson]

On Sat, Dec 16, 2023 at 2:05 AM Justin Yates Fletcher
 wrote:
>
> On Sat, 2023-12-16 at 00:22 +0100, Anders Andersson wrote:
> > On Fri, Dec 15, 2023 at 7:01 PM David Coppa  wrote:
> > >
> > > On Fri, Dec 15, 2023 at 6:29 PM  wrote:
> > > >
> > > > So they're putting a Wayland in our BSD.
> > > >
> > > > I've never used that before.
> > > >
> > > > Is a port of cwm planned?
> > >
> > > I really don't think so.
> > >
> > > But there's hikari, a stacking Wayland compositor heavily inspired
> > > by
> > > cwm: https://hikari.acmelabs.space/
> > >
> > > We might probably have a port of it in our ports tree in the
> > > future.
> > >
> > > Ciao,
> > > David
> > >
> >
> > I'm not sure their "Geekfeminism Code of Conduct"
> > (https://hikari.acmelabs.space/coc.html) works well with OpenBSD.
> >
>
>
> You put "Geekfeminism" in the same quotes as "Code of Conduct".. I
> suspect you did so for a reason.  "Geekfeminism" does not exist on the
> Hikari page at all.

Then we're not looking at the same page. I went to the link posted in
the email: https://hikari.acmelabs.space/

"Community
The hikari community aims to be inclusive and welcoming to everyone,
this is why we chose to adhere to the Geekfeminism Code of Conduct."

After reading the linked code of conduct I found that statement to be
such a contradiction and doublespeak that I just had to mention it.

Re: cwm on wayland

[Anders Andersson]

On Sat, Dec 16, 2023 at 12:47 AM tux2bsd  wrote:
>
> > I'm not sure their "Geekfeminism Code of Conduct"
> > (https://hikari.acmelabs.space/coc.html) works well with OpenBSD.
>
> Any idiot that adheres gender and race ideologies can get fucked,  they are 
> all societal fire starters.
>
> tux2bsd

Oh no, you are now banned from participating in hikari development!

"Offensive comments related to gender, gender identity and expression,
[...], race, or religion"

combined with:

"The abuse team reserves the right to exclude people from the hikari
community based on their past behavior, including behavior outside
hikari spaces and behavior towards people who are not in the hikari
community."

Re: cwm on wayland

[Anders Andersson]

On Fri, Dec 15, 2023 at 7:01 PM David Coppa  wrote:
>
> On Fri, Dec 15, 2023 at 6:29 PM  wrote:
> >
> > So they're putting a Wayland in our BSD.
> >
> > I've never used that before.
> >
> > Is a port of cwm planned?
>
> I really don't think so.
>
> But there's hikari, a stacking Wayland compositor heavily inspired by
> cwm: https://hikari.acmelabs.space/
>
> We might probably have a port of it in our ports tree in the future.
>
> Ciao,
> David
>

I'm not sure their "Geekfeminism Code of Conduct"
(https://hikari.acmelabs.space/coc.html) works well with OpenBSD.

Re: FAT names exceeding spec length

[Anders Andersson]

On Tue, Dec 5, 2023 at 2:01 PM Nowarez Market  wrote:
>
> Thanks for the reply.
>
> Absolutely perceived, I haven't counted them. But I counted the 8.3 format 
> for true:
> all the info contained in my ebook title was lost (but experimenting it is no 
> problem).
>
> Now I checked better. Indeed it is Opera web browser that is able to save on 
> Android 11 exceeding
> the name limits:
> Tcl_Tk 8.5 Programming Cookbook -- Bert Wheeler -- 2011 -- Packt -- 
> 9781849512992 -- 9ed273d2c640e4ae4761242a2c28d31c -- Capitan Cloud Ebook 
> Repo.pdf

$ echo "Tcl_Tk 8.5 Programming Cookbook -- Bert Wheeler -- 2011 --
Packt -- 9781849512992 -- 9ed273d2c640e4ae4761242a2c28d31c -- Capitan
Cloud Ebook Repo.pdf" | wc -c -m
150 150

150 << 255


>
> Android as per your guessing is enforcing the name limits here and there, 
> "enough" well.
>
> However, this the situation. Cutting to 8.3 format or being more conservative?
> That could be the question for you. But indeed I leave the subect to you now.
>
>
> == Nowarez Market
>
> Dec 5, 2023 12:29:30 Anders Andersson :
>
> > Wonder if OP is  actually seeing more than 255 unique "User-perceived
> > characters" or just more than 255 bytes?
>

Re: FAT names exceeding spec length

[Anders Andersson]

On Mon, Dec 4, 2023 at 12:03 PM Michael Hekeler  wrote:
>
> > > To be honest I don't understand the problem you described.
> >
> > It is simple, when you come from Android (tested Android 11 tablet) with 
> > file names exceeding the FAT spec
> > these are cut to 8.3 format in OpenBSD.
>
>
> You mean android allows to create filenames >255 on FAT32?
> Then you should report this non-compliance on android
> (https://learn.microsoft.com/en-us/windows/win32/fileio/filesystem-functionality-comparison#limits)
>

That table is pretty vague, maybe there's a byte-vs-character bug
somewhere in the chain. If "255 Unicode characters" is taken to be 255
codepoints, how are they encoded? Digging around a little more shows
that they probably mean "255 UCS-2 words".

Wonder if OP is  actually seeing more than 255 unique "User-perceived
characters" or just more than 255 bytes?

Pimp my APU

[Anders Andersson]

I'm running OpenBSD on my (recently EOL) APU4 and I'm wondering how
much of the "extra" hardware is expected to work on OpenBSD.

1) On the back of the board is a button "S1" and three status LEDs,
The documentation says they are handled by the AMD FCH south bridge.
Is there a way to control these in software from OpenBSD?

2) There are 16 additional GPIO on a header, via the Nuvoton NCT5104D
chip on the LPC bus. I've seen a few patches circulating that mentions
gpio and the wbsio(4) driver but I could not figure out if anything
has been committed or not.

3) There is a simple watchdog timer in the NCT5104D that can be
connected to the reset line. Would this be implemented? I'm not sure
it's really useful, I assume there's an integrated watchdog in the
CPU.

Would be interested in hearing from any OpenBSD APUx user who put
these to good use!

// Anders

Re: Default Revival of a ten years old computer : how would you do it?

[Anders Andersson]

On Mon, Nov 6, 2023 at 1:14 PM  wrote:

>
> since few months im discovering openbsd ; as linux has been often
> recommended for windows's users with a very slow system, i guess that it's
> not that unadvised to use openbsd with a GUI for web browsing and little
> software (eg LO, gimp..)
>

OpenBSD is not linux though. It may look somewhat alike on the surface, but
almost every component is very different these days.

>
> i have tested "recent" openbsd releases, since 2022, and almost all of
> them are a bit slow with xfce/firefox etc.
>
> i was wondering, for laptops range of 2013/16 years old, what would you
> recommmend them for a common web browsing using openbsd?
>

First of all, nothing except the last two releases would get any type of
support other than "please upgrade to the latest stable", and security
patches are not backported more than one release before the latest, so I
doubt anyone would recommend running an old version.

I love OpenBSD for a lot of things. It's reliable, predictable, stable,
*well documented*, intuitive, but honestly, it's probably the slowest among
the free software OS.

Are you looking for ways to squeeze the last performance out of OpenBSD in
particular, or is it more of an X-Y problem that you're looking for a good
Windows alternative for older computers?

Re: apu4 real com0 boot - not working to install 7.4

[Anders Andersson]

On Thu, Oct 26, 2023 at 10:06 AM Stuart Henderson
 wrote:
>
> On 2023-10-26, harold felton  wrote:
> > i have a pcengines apu4 which has been running 7.1-stable with all updates
> > just fine...  i had been avoiding doing an upgrade - so was thinking to
> > reinstall based on 7.4-release this week...  i was unable to do an install
> > from the bsd.rd (for 7.4) - and have bisected the issue to somewhere around
> > the 9th or 10th of september...
>
> Can you try updating to 7.3 first? (or at least updating the boot loader
> to the version that was included in 7.3).
>

I'm not really sue what you mean by a "reinstall", but I did a clean
install of 7.4 on my apu4 just a few days ago, and everything just
worked out of the box - including the serial console which was
correctly autodetected.

At a glance it appears we have the same bios version.

Re: volatility or something like that in the future ?

[Anders Andersson]

On Fri, Aug 18, 2023 at 2:22 AM Scott Cheloha  wrote:
>
> > On Aug 17, 2023, at 10:28, whistlez  wrote:
> >
> > [...] I believe we need to realize that, while the kernel is very
> > secure, zero-day vulnerabilities are always a lurking threat.
> >
> > For those that don't know what is volatility, this is github page
> > https://github.com/volatilityfoundation/volatility3
>
> What is the utility of this software?  How
> would supporting it benefit the project?
>
> I read the summary on Github.  I am still
> more or less completely in the dark on
> why I or anyone would want to use it.

Agreed. After reading their FAQ I still don't understand - it's most
definitely a made-up FAQ of questions no one asked, but things they
want to tell.

One thing that sticks out to me is that they felt the need to make up
their own custom license, the Volatility Software License. Doing
something like that in 2019 seems a bit weird.

Re: Recognition Of My Wireless Network Device

[Anders Andersson]

On Wed, Aug 9, 2023 at 4:26 PM Jan Stary  wrote:
>
> On Aug 09 07:36:00, stu.li...@spacehopper.org wrote:
> > On 2023-08-08, Jan Stary  wrote:
> > > On Aug 07 15:32:05, mill...@openbsd.org wrote:
> > >> Your best bet may be to replace the onboard wireless with a card
> > >> that is supported by OpenBSD.
> > >
> > > On Aug 08 09:55:58, stu.li...@spacehopper.org wrote:
> > >> Swapping to a different card is likely to give better results (generally
> > >> faster, more stable, and able to use the proper antennas in the laptop,
> > >> usually around the display, rather than a tiny pcb trace antenna)
> > >
> > > Exactly. Replace the BCM with Intel or something.
> > > Takes about ten minutes and costs peanuts.
> >
> > Maybe. But these were popular on some HP stuff where changing it often
> > requires some dodgy hacked BIOS download which may or may not be safe
> > to use. That's why I added the other bit.
>
> Ah, right: some Thinkpads for example have a whitelist
> of allowed wifi chips they will let you booth with ...

I just installed libreboot on one of my Thinkpads, that will take care
of that problem while speeding up the boot a lot. But it turns the
"Where's my driver?" into a process of physically reflashing an IC
with external probes etc, depending on your laptop.

https://libreboot.org/docs/bsd/

Re: Inclusion in the list of providers OpenBSD

[Anders Andersson]

On Wed, Jul 5, 2023 at 7:39 AM Gerd Theobald  wrote:
>
> [...]
>
> Dr. Gerd Theobald
> Marketing Consultant
>
> [...]
>
> Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte 
> Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail 
> irrtümlich erhalten haben,
> informieren Sie bitte sofort den Absender und vernichten Sie diese Mail. Das 
> unerlaubte Kopieren, sowie die unbefugte Weitergabe dieser Mail sind nicht 
> gestattet.
>
> This e-mail may contain confidential and/or privileged information. If you 
> are not the intended recipient (or have received this e-mail in error) please 
> notify
> the sender immediately and destroy this e-mail. Any unauthorized copying, 
> disclosure or distribution of the material in this e-mail is strictly 
> forbidden.
>

Here's some free marketing advice for Dr. Marketing Consultant:
Sending legal threats in two languages is not a good way to start a
conversation with potential customers.

Re: APCI on old Thinkpad

[Anders Andersson]

On Fri, Jun 30, 2023 at 11:44 PM Michael Hekeler  wrote:
>
> I have an old thinkpad - really old

Old enough not to have a model number?

Re: Installing OpenBSD on MacbookPro 8,1 (Late/Early 2011)

[Anders Andersson]

On Thu, May 18, 2023 at 10:05 AM Daniele B.  wrote:
>
> Don't think your platform is supported:
> https://www.openbsd.org/plat.html
> https://www.openbsd.org/macppc.html
>
> otherwise let us know, I will install it on mine too ;d)

Top-posting is messy but I'll try it this way!

OPs states that his macbook is Intel i5, so macppc is irrelevant. This is amd64.



> May 18, 2023 08:39:07 yellowcutterpillow :
>
> > I wanted to install OpenBSD on my Macbook Pro 8,1 (Early/Late 2011)
> > but seem to fail. When I boot up install73.img or miniroot73.img, they
> > boot up, but when I actually boot up the ramdisk, bsd or bsd.rd, they
> > stuck up at a message about aicp0 being remapped or something. I would
> > try to diagnose it but I can't since when I boot with -c flag, the
> > cursor glitches, or the keyboard stops working, because I can't type
> > anything.
> >
> > I've set up a QEMU emulation of OpenBSD on my Linux box and it works
> > fine. The reason I did so is because I've sort read that I can configure
> > the kernel using it though I lost the reference, so now I don't have any
> > idea on how I can even turn on the ``verbose`` flag in the kernel. I
> > can't also access ``dmesg,`` so if anyone has any idea, I'd be more than
> > happy for your help. Some info, MBP 8,1 is Intel i5, QUAD CORE, and
> > UEFI. No BIOS options, not sure if it supports CMS.

Re: OpenBSD Hackathons

[Anders Andersson]

On Fri, May 12, 2023 at 9:39 PM Katherine Mcmillan  wrote:
>
> Hi Stuart,
>
> Thank you for your response.  The upcoming OpenBSD Hackathons aren't 
> published anywhere?  How do new people know where/when they are?
>
> Thank you,
> Katie

>From the website you linked: "Hackathon attendees come by invitation
only. Some new people in the community who show promise are sometimes
invited to see if they have what it takes. However, hackathons are not
developer training events."

So presumably new people should not know where/when they are, by design.

Re: PC Engines APU platform EOL

[Anders Andersson]

On Thu, May 4, 2023 at 8:24 AM Damian McGuckin  wrote:
>
> On Thu, 4 May 2023, Maksim Rodin wrote:
>
> > Is there any problem with fanless x86_64 mini PCs with several NICs,
> > sold on aliexpress?
>
> Maybe, or give up on the rackmount and buy the R86S, as in
>
> https://www.aliexpress.com/i/1005004765507664.html
>
> An alternative is to buy 3 APU4s now 3 to cover failures and spares over
> the next few years. Hopefully, they still have some left.
>
> Thanks - Damian

The R86S looks cute, but on closer inspection it has a fan. They even
crammed *two* fans in there for the taller version. That doesn't
necessarily mean it makes a lot of noise, but if fanless is a strict
requirement for other reasons it's out.

Re: Learning pure OpenBSD

[Anders Andersson]

On Fri, Feb 24, 2023 at 9:33 PM  wrote:

> > On Thu, Feb 23, 2023 at 11:38 PM  wrote:
> >
> >> Hello Misc
> >>
> >> I have used OpenBSD, Slackware and Debian for almost 23 years, just as a
> >> User! But i think that Linux is a Linus Kernel with many app; and
> >> OpenBSD
> >> is a complete OS, then the Administration in Linux could be Test and
> >> Error, but in OpenBSD must be on the base of know what you are doing! It
> >> means one have to learn properly!
> >>
> >> I am curios about this Learning Pure OpenBSD project at ircnow.org!
> >>
> >> The basic idea is to pay for a qualified Server to host certain number
> >> of
> >> VMs for exclusive porpose to learn pure OpenBSD.
> >>
> >
> > I don't understand the purpose of this, it is trivial for anyone today to
> > fire up a VM on their own computer and test different aspects of any
> > operating system. Why would anyone need external paid hosting?
> >
>
> The purpose is Freedom, independence! and OpenBSD could be the
> appropriated OS, please look; users offering services to users:
>
> https://oddprotocol.org/
> https://bsdforall.org/
>

But a cloud provider can't possibly be more free and independent than your
own computer. I still don't think I understand the purpose, are you going
to offer some kind of OpenBSD teaching and need to share the screen with
the user? I mean, what part of learning OpenBSD is better done using a
third-party host?

Re: Learning pure OpenBSD

[Anders Andersson]

On Thu, Feb 23, 2023 at 11:38 PM  wrote:

> Hello Misc
>
> I have used OpenBSD, Slackware and Debian for almost 23 years, just as a
> User! But i think that Linux is a Linus Kernel with many app; and OpenBSD
> is a complete OS, then the Administration in Linux could be Test and
> Error, but in OpenBSD must be on the base of know what you are doing! It
> means one have to learn properly!
>
> I am curios about this Learning Pure OpenBSD project at ircnow.org!
>
> The basic idea is to pay for a qualified Server to host certain number of
> VMs for exclusive porpose to learn pure OpenBSD.
>

I don't understand the purpose of this, it is trivial for anyone today to
fire up a VM on their own computer and test different aspects of any
operating system. Why would anyone need external paid hosting?

Re: Problem with TCP congestion control behaviour of OpenBSD

[Anders Andersson]

On Sun, Oct 30, 2022 at 6:36 AM William Goodspeed  wrote:

> Hello! I rented a VPS in USA and I'm currently in China. I'm having
> trouble to download files from it and I believe it's caused by the TCP
> congestion control.
>
> When I tried to download files via scp, the download speed started with
> 500K/s and downgrade over time. Approximately 1 min later, the
> download was stalled. What's worst was that I wouldn't able to connect
> to obsd host after stalled (unless wating sometime to make it `forget'
> my connection). I tried on a VPS with GNU/Linux and BBR. That didn't
> happen.
>
> My question is:
>
>1. Is there a way to apply modern congestion control (like BBR) to
>   OpenBSD? (From stackoverflow, that's not supported)
>2. If there isn't, how to implement that on OpenBSD? Please point
>   out some resources like OpenBSD source code or whatever.
>
> I'm not quite a programming expert but I'm interested in making it
> work. I had a few linux kernel module developing experenice. Maybe I
> can try to implement that on OpenBSD.
>
> I'm looking forward to your reply.
>
> --
>
> William Goodspeed (龚志乐)
> Langfang, Hebei, PRC


Have you tried this with another system? In my experience, the Great
Firewall of China does this type of rate-limiting to any traffic they don't
recognize, and is not necessarily a problem on the OpenBSD side.

Re: Mention _XOPEN_SOURCE_EXTENDED in curs_addwstr.3

[Anders Andersson]

On Wed, Sep 7, 2022 at 9:02 PM Grigory Kirillov  wrote:
>
> Recently one OpenBSD user of little project of mine got caught up in
> a problem - they couldn't compile it from source because wide character
> functions of the ncurses library weren't declared. After a long
> investigation I finally found out that these functions require
> _XOPEN_SOURCE_EXTENDED macro being defined. On my machine that wasn't
> a problem because on my Linux system ncurses header also checks for
> _XOPEN_SOURCE macro which value has to be greater than or equal to 500
> and I was already compiling it with this macro with a value of 700.
>
> My request here is to put up a `#define _XOPEN_SOURCE_EXTENDED` line to
> the OpenBSD man page for curs_addwstr.3 I think this will make it
> easier for other people to compile ncurses with wide character functions
> especially for someone who's trying to resolve issues for someone else
> while being on a different system...
>
> Also it would be cool if ncurses header provided in OpenBSD were
> checking value of the _XOPEN_SOURCE macro (because
> _XOPEN_SOURCE_EXTENDED is equal to _XOPEN_SOURCE with the value of 500
> or greater (according to my feature_test_macros(7) man page) and I also
> hope that this is a standard behavior).

>From what I can see, this macro is obsolete, so it should probably not
be recommended in the man page:

"Use of _XOPEN_SOURCE_EXTENDED in new source code should be avoided.
Since defining _XOPEN_SOURCE with a value of 500 or more has the same
effect as defining _XOPEN_SOURCE_EXTENDED, the latter (obsolete)
feature test macro is generally not described in the SYNOPSIS in man
pages."

Re: PC Engines apu4 network performance

[Anders Andersson]

On Wed, Sep 8, 2021 at 6:54 PM Paulo Manoel Mafra  wrote:
>
> Hello guys,
> I've configured a pc engines apu4 with openbsd 6.9 and I verified the
> network performance is around 550 mbit/s with pf and 700 mbit/s without.
>
> Is there any known issue for that poor performance ?
> Running another OS on the same hardware I can reach some like 920 mbit/s.
>
> I've googled for this problem and it appears some messages from 2018.

I did some performance investigations and posted my results to the
list a few months ago:
https://marc.info/?l=openbsd-misc=162400670127742

Basically the speed depends on the mood of the scheduler, but I got
zero replies so that's still just a guess. It seems like it can use
all the cores, just prefers not to, and then the performance tanks.

APU4 pf performance fluctuations

[Anders Andersson]

It is well known that the APU2/4 underperforms when used as a router
with OpenBSD, but I found that the throughput fluctuates quite a bit,
and I think it has to do with CPU allocation and interrupts. My
trivial setup simulating a home router/gateway:

hostname.em0:  dhcp
hostname.em1:  inet 10.3.2.1 255.255.255.0
pf.conf:
  pass
  match out on em0 inet from !(em0:network) to any nat-to (em0)

Nothing else is running on the router, and throughput is tested with a
simple iperf3 TCP benchmark between linux hosts on each side of the
router, capped att 600 Mbit/s to get a stable baseline: iperf3 -b600M
(that's just under the maximum throughput I saw, around 620 Mbit/s)

I noticed that the speed always starts at a clean 600 Mbit/s, then
eventually backs down to 4-500 Mbit/s, then back up again. The
interval is on the order of a minute, but varies greatly.

Looking at "systat cpu" during the transfer I noticed that during the
fast speed, CPU 1 and 2 were busy at 45% each, while CPU 0 was
handling interrupts at 25%.

CPUUser Nice  SystemSpin   InterruptIdle
0  0.0% 0.0%0.0%0.4%   25.0%   74.7%
1  0.0% 0.0%   45.3%1.0%0.0%   53.7%
2  0.0% 0.0%   44.7%0.8%0.0%   54.5%
3  0.0% 0.0%0.0%0.0%0.0%100%

This could go on for seconds up to minutes.

Eventually whatever was running on CPU 1 and 2 migrated up to CPU 0,
causing the bandwidth to drop down to 4-500 Mbit/s:

CPUUser Nice  SystemSpin   InterruptIdle
0  0.0% 0.0%   76.8%1.0%   22.2%0.0%
1  0.0% 0.0%0.0%0.0%0.0%100%
2  0.0% 0.0%0.0%0.0%0.0%100%
3  0.0% 0.0%0.0%0.0%0.0%100%


Now, waiting even further, I saw that the "System" load could
sometimes move back to an idle core, and then the speed would get back
to 600 Mbit/s again:

CPUUser Nice  SystemSpin   InterruptIdle
0  0.0% 0.0%0.2%0.2%   23.0%   76.6%
1  0.0% 0.0%   99.0%1.0%0.0%0.0%
2  0.0% 0.0%0.0%0.0%0.0%100%
3  0.0% 0.0%0.0%0.0%0.0%100%


I'm guessing that the interrupts are all tied to CPU 0 in hardware,
and that whatever process that handles the networking initially
selects one or more random idle core. Then, the system thinks "Aha, we
should run these on the same core that handles the interrupts", moves
them over, which then starves that core.

This tells me that the rumour that OpenBSD can't use more than one
core on this little device is not completely true. It works well for a
long time initially with the load shared between two cores, while a
third handles interrupts.

Does this make sense? Is there a way to enforce the "shared cores" behaviour?

// Anders

Re: Counting traffic of one host through an OpenBSD computer

[Anders Andersson]

On Thu, Jun 17, 2021 at 10:53 PM Ibsen S Ripsbusker
 wrote:
>
> My great and good friends,
>
> I want to know how much network traffic a Windows computer is
> responsible for. The Windows computer is connected to a switch,
> the switch is connected to a router running OpenBSD, and the router is
> connected eventually to the internet service provider.
>
>   Windows -- Switch  OpenBSD  ISP
>   Other computers --/
>
> How can I find out how many bytes this Windows computer sent or received
> through the router within some time period?
>
> I'm concerned only about communication with the internet, not
> communication between Windows and "other computers", so it suffices
> to count all bytes passing through the OpenBSD computer that originate
> from or are destined for the Windows computer.

I think this simple match rule in /etc/pf.conf does exactly what you need:

match out on egress from $windows_host label windows

Replace $windows_host with the local IP number of that host or set it
in a pf macro. This labels all the traffic matching the pattern. You
can look at the statistics using pfctl:

# pfctl -s labels
windows 11 212902 261910228 174124 259893752 38778 2016476 0

Obviously some scripting and cronjob required if you want this
automated in a nice format. man pfctl and pf.conf for more information

Re: OpenBSD and Shells.com

[Anders Andersson]

On Thu, Feb 11, 2021 at 11:13 PM Abel Abraham Camarillo Ojeda
 wrote:
>
> On Thu, Feb 11, 20210.00 at 4:00 PM Alex Lee  wrote:
>
> > Just wanted to check in on this one and see if there was a chance to chat.
> > Thanks!
> >
> > On Sun, Jan 24, 2021 at 3:07 PM Alex Lee  wrote:
> >
> > > Hi!  My name is Alex Lee, and I am hoping that we can partner with
> > > OpenBSD.  We offer virtual cloud computers that can be accessed from any
> > > web enabled device.  As we offer multiple OS options such as different
> > > Linux distros and Windows, it gives the user the opportunity to use the
> > OS
> > > they want on the device they want (I use Ubuntu Desktop on an iPad
> > Pro).  I
> > > was hoping that we could chat about a potential collaboration as our
> > > product can give folks an opportunity to test out OpenBSD without
> > > installing it on their hardware.  I know there are a lot of folks who are
> > > afraid to make the jump and this would be an easy way for them to get
> > > involved with OpenBSD.  Let me know if we could chat more!   Thanks.
> > >
> > > alex
> > >
> >
>
> As far as I know you don't need to ask permission to do that kind of
> service,
> or I don't understand what you're requesting

"I was hoping that we could chat about a potential collaboration"
usually means "How much are you willing to pay to have your name on
our front page". Not even sure that OP knows what OpenBSD is, it looks
like a template email and the website is shady.

They are trying to trademark the word "Shells" from what I can see
from the google preview, but the website doesn't show anything at all
without javascript.

Re: Integrating OpenBSD into Xen/Qubes

[Anders Andersson]

On Wed, Oct 14, 2020 at 8:24 PM  wrote:
>
> A number of people are working on integrating OpenBSD into Qubes.
>
> In particular, OpenBSD's hardening and mitigations are potentially very
> useful in talking to the NIC: Xen vulnerabilities have been repeatedly
> found that would allow a guest with PCI access to compromise the entire
> system, and on most machines the network card is a PCI device.

How could any hardening in OpenBSD protect from someone owning the
hardware? Or do you mean that an OpenBSD guest would run with
exclusive access to the NIC and then every other guest is routed
through that guest?

Re: [patch] calendar.music: Neil Peart 1952-2020

[Anders Andersson]

On Mon, Jun 22, 2020 at 3:44 PM Jason McIntyre  wrote:
>
> On Mon, Jun 22, 2020 at 08:31:34AM -0500, Carson Chittom wrote:
> >
> > Matthew J. C. Clarke  writes:
> >
> > >  01/08  Elvis Presley born in East Tupelo, Mississippi,
> > >  1935
> >
> > This caught my eye, being from Mississippi myself.
> >
> > As far as I know or can tell from searching online, there's no
> > such place as "East Tupelo".  This should be just "Tupelo" (my
> > preference) or "east Tupelo" (the Elvis Presley Birthplace Museum
> > does appear to be on the eastern side of Tupelo).
> >
>
> hi. i changed it to just "Tupelo".
> thanks,
>
> jmc

On a more serious note, why even bother with these files anymore? I'm
sure having your computer know the birth date of Elvis was useful and
novel 30 years ago, but today such a trivia list is just a bitrotting
museum piece that will get more and more out of date. IMO.

Instead of adding every musician, let's just nuke all the files except
calendar.openbsd and calendar.computer. They still seem relevant to an
operating system and to make sure there's always some examples to play
with.

...again, IM (not so humble) O.

Re: www unreachable

[Anders Andersson]

On Mon, Jun 15, 2020 at 11:45 AM Chris Bennett
 wrote:
>
> On Mon, Jun 15, 2020 at 09:43:03AM +0200, Thomas de Grivel wrote:
> > Hello,
> >
> > http://www.openbsd.org is unreachable.
> >
> > I wanted to know what's new in the current snapshots ?
> >
>
> I'm not sure about the website. You might have local DNS problems.
> Use dig to get the IP address (from a big nameserver like 8.8.8.8)
> and skip that problem.
>
> If you mean the current -release, yes the website is simplest in
> general terms only.
>
> If you mean -current, then the mailing lists and CVS are the right
> places to look. misc@ isn't very helpful, but tech@, etc. are excellent.
>
>
> DNS has problems in some places in the world. Usually just for hours.
> Annoying, but sites like OpenBSD have stable IP's and knowing that
> solves the problem quickly.
> If the site has a problem, someone else can clarify that.
>
> Chris Bennett

Are you saying it's working for you? Maybe you have a different route
to the website because it seems to be down on the Canadian side. I
presume you're in the US based on your domain name. :)

Re: unexpected behavior

[Anders Andersson]

On Tue, Jun 2, 2020 at 4:30 PM Sonic  wrote:
>
> Recently discovered (snapshot form May 30) having any hostname.if
> configured for dhcp, even if unplugged and inactive, prevents the
> default gateway defined in /etc/mygate from being set. Is this normal?

"/etc/mygate is processed after all interfaces have been configured.
If any hostname.if(5) files contain "dhcp" directives, IPv4 entries in
/etc/mygate will be ignored.  If they contain "autoconf" directives,
IPv6 entries will be ignored."

Exactly as documented.

Re: Article OpenBSD: Not Free Not Fuctional and Definetly Not Secure and BSD, the truth blog

[Anders Andersson]

On Thu, May 28, 2020 at 7:41 PM  wrote:
>
> On May 28, 2020 11:42 AM, Marc Espie  wrote:
>
>   On Thu, May 28, 2020 at 01:16:59AM -0300, Quantum Robin wrote:
>   > Hi,
>   >
>   > While surfing on the Google to learn more about OpenBSD, I
>   encountered this
>   > one: "OpenBSD: Not Free Not Fuctional and Definetly Not Secure (
>   > https://aboutthebsds.wordpress.com/2013/01/25/20/)
>   >
>   > Is the author telling the truth? Or just yet another anti-BSD
>   thing?
>   >
>
>   "At meetings, people are often physically attacked for having even a
>   minor disagreement with de Raadt"
>
>   Hyperbole much ?
>
>   Theo has been known to be fairly opiniated, but "physically
>   attacked"?
>
>   How can you take this guy seriously ?
>
>
> I found it pretty comical.

Agreed, thanks for the link, OP!

"Finally like all BSDs, third party applications are not audited for
vulnerabilities and research has show that nearly 3 out of 5 of the
applications are actually trojans." :D

Re: rc.conf.local sorted?

[Anders Andersson]

On Wed, May 27, 2020 at 1:16 AM Antoine Jacoutot  wrote:
>
> On Tue, May 26, 2020 at 05:16:44PM +0200, Why 42? The lists account. wrote:
> >
> > On Mon, May 25, 2020 at 04:51:51PM +0200, Antoine Jacoutot wrote:
> > > > ...
> > > > It looks as if the file has been sorted e.g.
> > > Did you use rcctl(8) ?
> >
> > Hi Antoine,
> >
> > You are correct, that does it. I checked the history and after the
> > upgrade I had run rcctl to enable sensorsd. Just tested it again and
> > running an rcctl enable or disable command causes all the lines of
> > /etc/rc.conf.local to be alphabetically sorted.
> >
> > That seems like a defect to me, what do you think?
>
> That's what you get when mixing helper tools and manuals edits.
> They can work together but only up to a certain point... and in this case,
> comments don't fly.
> As long as everything works functionnaly, then I'd say we're good and can live
> with it.

I think it warrants a short note in the manpage of rcctl or rc.conf
though. Although I have personally not had this happen to me, I did
not expect the behaviour and would have been equally surprised.

Re: Restore pf tables metadata after a reboot

[Anders Andersson]

On Tue, May 26, 2020 at 2:14 PM Walter Alejandro Iglesias
 wrote:
>
> I understand that this command:
>
>   # pfctl -t spam -T expire 
>
> Takes in care the "Cleared" date:
>
>   # pfctl -t spam -vT show
>  ___.___.22.65
>   Cleared: Mon May 25 16:10:22 2020
>  ___.___.167.62
>   Cleared: Mon May 25 16:10:22 2020
>   [...]
>
> Is there a way to save and restore tables metadata after a reboot
> preserving those dates?

Isn't this what pfctl -S and -L does?

Re: Why does OpenBSD still include Perl in its base installation?

[Anders Andersson]

On Thu, May 21, 2020 at 11:19 AM Dawid Czeluśniak
 wrote:
>
> Hi OpenBSD community,
>
> First of all, thank you for 6.7 release.
>
> I am a huge fan of minimal and custom installations
> as I mostly use OpenBSD to host simple HTTP servers.
...
> I would like to get your opinion on that.

>From what I've seen, those goals are not compatible with OpenBSD, as
in: You're just making it harder for you and anyone trying to help
debugging something if you change the default installation. I've seen
some wishes about even getting rid of the whole "sets" thing and just
install everything.

I tend to agree and would welcome such a move, because these days
we're talking about such a tiny amount of space in comparison. Even if
you're in a situation where you want to host thousands of virtual
OpenBSD machines and then maybe get some sort of gain from removing
those 50 MB, well, just use a CoW filesystem and clone the same base
install.

What I love with OpenBSD is that everything is just there  to be used,
there aren't 20 different filesystems, 20 different scripting
languages, 20 different web servers. I don't have to fiddle with
everything, it just works. There's the file system, perl, httpd, etc,
and they are well designed. Why would I want multiple different perls
when it is already so mature?

Re: Copyright upper or lower case (c)?

[Anders Andersson]

On Tue, May 19, 2020 at 9:10 AM Peter J. Philipp  wrote:
>
> Hi,
>
> Before I wrote this email I searched under marc.info and did a google search,
> but I didn't get a definitive answer.  I found this under openbsd.org:
>
> https://www.openbsd.org/policy.html
>
> Whoever put that together I thank thee.
>
> In code, I see the (c) and the (C) used interchangibly, I'm wondering if it's
> correct.  Here is an example of the ftp program in main.c:
>
> beta$ grep Copyright main.c
>  * Copyright (C) 1997 and 1998 WIDE Project.
>  * Copyright (c) 1985, 1989, 1993, 1994
>
> Let me know if either is correct.  I want to use it for guidance on my own
> project too.  Where I use a lower case (c).

You might as well write "(<)" or "[C]". Neither is a copyright mark an
any sense of the law, and using it does not do anything else than
informing the reader that you claim the rights - you already have the
rights even if you don't write anything. If you can only use ASCII,
the "most proper" way would be to spell out "Copyright", but that is
also just for information. As you can see, your example is using both
forms.

Re: Intel CPU (in)security

[Anders Andersson]

On Thu, May 14, 2020 at 1:54 PM  wrote:
>
> Please suggest what has been cleaned by moderators on the website:
>
> https://web.archive.org/web/20200514115002/https://www.reddit.com/r/openbsd/comments/gf7wip/how_secure_are_intel_cpus/fpshspb/

No.

But this link may be informative: https://libreboot.org/faq.html#intel

Inside every modern Intel CPU is a secondary CPU running an embedded
OS with direct access to nice things like all the RAM, AES
acceleration hardware, TMP etc. No one but intel (and by extension,
NSA) has access to the code running on that CPU, and it would be
trivial for it to check incoming packets for patterns that activates
for example storing crypto keys into a small embedded EEPROM that can
be read out after the police has raided your home. A firewall can't
stop this.

Fortunately, the people who could possibly order intel to do something
like this doesn't care about your pirated movies, and it would be a PR
nightmare if Intel actually used the power they have for anything less
than national security, since the risk of something leaking would be
too large.

Re: OpenBSD insecurity rumors from isopenbsdsecu.re

[Anders Andersson]

On Tue, May 12, 2020 at 7:19 AM  wrote:
>
> I would prefer to begin from grsecurity, but it is not available up to date 
> for my budget.
>
> I would also try HardenedBSD, but it is only amd64 now? And how many active 
> developers there are? one or two?
>
> OpenBSD looks as the only viable option for me right now, may be one another 
> is a systemd free distro like Devuan with a hardened kernel like by @anthrax, 
> but I am too unskilled even to understand what are improvements of @anthrax 
> kernel for me without a good doc for it in the existence, and on the other 
> hand OpenBSD is famous with its very good documentation.
>
> I guess it is a huge work to harden Linux installation to a level compared to 
> OpenBSD, there is some interesting work which is by Whonix but unfortunately 
> with systemd, and it seems someone from that community is referring to 
> isopenbsdsecu.re site, so it looks to me like a OpenBSD vs Whonix dispute, 
> excuse me if I am wrong.

You keep swallowing up buzzwords from completely random places without
taking the time to understand what everything means or how it affects
you.

There's no silver bullet. Figure out and enumerate *your* threat
model, then find a solution that you understand.

Re: RCS file ownership?

[Anders Andersson]

On Wed, Apr 29, 2020 at 7:46 PM Adam Thompson  wrote:
>
> When I use co(1) with "-l" to check out a file (and/or "ci -l") is there
> any way to preserve file ownership and *not* have it reset to the user
> running co(1) or ci(1)?
> I don't see anything in rcs(1), co(1) or ci(1) that even mentions the
> fact that the file will wind up owned by the user running the command.
> Ideas?  Pointers to documentation?

How could it possibly do anything else unless you always run co as root?

Re: _types.h: increase size of size_t

[Anders Andersson]

On Fri, Apr 24, 2020 at 4:47 AM Ian Sutton  wrote:
>
> Following the revalations made by a misc@ poster, I am happy to present
> the following patch which increases the width of size_t from "long" to
> "long long", which is twice the width as before, on all platforms. This
> has the effect of doubling the amount of available memory regardless of
> the physical capacity installed memory hardware. Additionally, it
> enables PAE on all 32 bit platforms without incurring performance costs.

This may go against a direct recommendation in the C standard for some
or all of these platforms.

"The types used for size_t and ptrdiff_t should not have an integer
conversion rank greater than that of signed long int unless the
implementation supports objects large enough to make this necessary."

Presumably the unnamed misc@ poster was unsafely mixing pointers and
integer types.

Re: news from my hacked box

[Anders Andersson]

On Wed, Apr 1, 2020 at 10:29 PM Cord  wrote:
>
> Hi,
> I found something that in my opinion are nearly evidences.
> For those who doesn't know my story please read past messages:
> https://marc.info/?a=15535526152=1=2
> Well, as I said previously my laptop was been hacked then I bought a new 
> laptop because my suspicious are that the uefi or other firmware was been 
> hacked (I reinstalled openbsd various times)
> The old laptop had a wifi usb dongle to connect to the wifi router.
> Now the new laptop has a wifi chip that works properly on opnebsd.
> The inner IF is iwm0.
> And I discovered differences on wifi performance between the on board IF and 
> the old usb dongle.
> Of course the tests were been made from exactly the same physical place.
> The following are the results (I used speedtest-cli):
> iwm0 with vpn download: 0,46 mbit/s upload: 0,55 mbit/s
> iwm0 without vpn download: 0,50 mbit/s upload: 2,53 mbit/s
> urtwn0 with vpn download: 20,88 mbit/s upload: 8,49 mbit/s
> urtwn0: without vpn download: 24,83 mbit/s upload 9,27 mbit/s
>
> The following are the results pinging 8.8.8.8 with -c 500:
> 500 packets transmitted, 500 packets received, 0.0% packet loss
> iwm0: round-trip min/avg/max/std-dev = 18.761/6372.615/72372.495/14987.007 ms
> urtwn0: round-trip min/avg/max/std-dev = 24.068/36.489/878.218/48.120 ms
>
> As I know the traffic shaping is configured by pf with pf.conf, the following 
> is my pf.conf (I'm sorry I'm not a genius of pf):
> ---/etc/pf.conf
> if="urtwn0"
> #if="iwm0"
> dns="{8.8.8.8}"
> myvpn="{x.x.x.x, x.x.x.x, x.x.x.x, x.x.x.x, x.x.x.x}"
> weird="{239.255.255.250, 224.0.0.1}"
> pany="{udp, tcp}"
> set skip on tun0
> set skip on lo
> set block-policy drop
> set loginterface $if
> block quick inet6
> block quick on $if from any to $weird
> pass quick proto icmp
> pass out quick on $if proto $pany from $if to $dns
> pass out quick on $if proto udp from $if to $myvpn
> pass out quick on $if proto tcp from $if to my01-other-vpn.com
> pass out quick on $if proto tcp from $if to my02-other-vpn.com
> pass out quick on $if proto tcp from $if to my03-other-vpn.com
> block drop in on ! lo0 proto tcp to port 6000:6010
> block drop out log proto {tcp udp} user _pbuild
> block log quick on $if
> --
>
> Other strange things that happens on my laptop are the following:
> 1) sometimes my openvpn (2 times on 5) fail authentication even I use a saved 
> file authentication data and pass it the data with --auth-user-pass 
> /my/path/pass
> Then in my opinion it's impossible fails the authentication.
> 2) sometimes KeePassXC fails authentication on random site. If I copy the 
> password and paste it by hand it works.
> 3) and of course there are people that can spy me and modify suggested videos 
> on youtube. Please do not comment this because I know it's very subjective.
>
> As I said previously in my opinion there is 0day on how is implemented the 
> tcp/ip stack in the kernel.
> And the vulnerability can be exploited by a mitm attack from the home router.
> Thank you Cord.

Hello Cord, and thank you for the interesting messages.

Just a thought: Do you have any wall paintings, and have you noticed
something different about them since you got hacked?

You see, I once talked to a man at the local library who was looking
for literature about computer viruses and he mentioned that the virus
had somehow spread out from the USB ports in his computer onto his
paintings, which had now become dull and grey. His family told him
that he was imagining things and refused to help him, that's why he
was at the library to search for information.

If your computer has been hacked, maybe it is by the same virus.

Kind regards,
Anders

Re: pf-badhost-0.3 released

[Anders Andersson]

On Tue, Mar 10, 2020 at 10:53 PM Jordan Geoghegan  wrote:
>
> pf-badhost and unbound-adblock are both now at version 0.3, released
> earlier today.
>
> Links to the scripts can be found here:
>
> www.geoghegan.ca/pfbadhost.html
> www.geoghegan.ca/unbound-adblock.html

Thanks, this looks very interesting! But maybe you can help answering
a question that popped up when I read your page about pf-badhost.

You mention that "Subnet aggregation is used to take the address list
and "aggregate" the addresses into the smallest possible
representation using CIDR blocks.", but I was under the assumption
that pf already did this for its tables to speed up lookups.

Is there anything preventing the aggregation code to run on every pf
table modification? Assuming an already sorted list, it shouldn't take
long to merge a new entry. Perhaps I've missed some use of pf tables
that makes this impossible or not applicable in the general case.

Re: size of size_t (diff angle)

[Anders Andersson]

On Tue, Feb 25, 2020 at 12:14 PM  wrote:
>
> Haai,
>
> The definition of size_t keeps biting me.
>
> Some background: in nnx, me's been using the equiv of caddr_t for
> counts. This works well; yet, while writing against existing code that
> uses size_t, an issue has surfaced.
>
> First of all, let us reflect upon the definition of size_t in C99.
>
> > size_t
> > which is the unsigned integer type of the result of the sizeof
> > operator;
>
> That's not very specific. It kind-of implies that SIZE_MAX (defined
> later in the standard) is the largest possible offset, but not
> necessarily the largest possible address. This reeks of i86 real mode
> semantics, obsolete (for general-purpose machines) already when the
> PDP-11 was new.

I think it's pretty clear, size_t is for the size of objects, not for
offsets or pointers. The C standard frowns upon mixing up pointers and
integers, to much grief from low-level developers.



> Is SIZE_MAX guaranteed to *not* be greater than the highest address?

I'm almost certain that C99 offers no such guarantees, since a pointer
to a float does not have to be the same size as a pointer to int, for
example. Maybe if you're being a little more specific. There are some
exceptions for void * and char *.

In fact, the standard only *recommends* that implementations keep
SIZE_MAX as small as possible but not smaller. Since it is only a
recommendation, it can be inferred that the standard acknowledges that
an implementation with SIZE_MAX > highest address is valid.

"The types used for size_t and ptrdiff_t should not have an integer
conversion rank greater than that of signed long int unless the
implementation supports objects large enough to make this necessary."

Or my interpretation: "Just because there is now a new and fancy
64-bit long long in C99 doesn't mean that you should make size_t a
long long just because you can, because it's pointless if your
compiler/target only has a 32-bit address space."

OpenBSD FAQ - Using S/Key - hash algorithm selection

[Anders Andersson]

While perusing the OpenBSD FAQ I came across the S/Key login system
and noticed that there are three possible hashing algorithms to choose
from: MD5, SHA1, and RIPEMD-160.

Instinctively I wouldn't want to use any of these. RIPEMD-160 seems
like the only one that hasn't been broken, but that's probably because
no one really cares as much as they do with MD5 and SHA1.

But of course, it depends on how they are used. Is this a case of when
it's fine to use them, or is it simply that nobody uses S/Key anymore
so there's no real incentive to change them?

Just being curious, I didn't even know S/Key existed until a few minutes ago.

Re: But there is Fossil...

[Anders Andersson]

On Mon, Jan 6, 2020 at 8:03 PM Stefan Sperling  wrote:
>
> On Mon, Jan 06, 2020 at 06:28:48PM +, go...@disroot.org wrote:
> > done reading that entire document, however, this is a topic about
> > OpenBSD choosing Git over Fossil, but the actual problem is
> > reimplementing Git (Game of Trees is a Git implementation just
> > like OpenGit) and that's ridiculous, however, having read
> > that PDF document I question: which of those problems are
> > present in Fossil, not Git? in presence of those problems,
> > why not wait for fix in Fossil instead of rushing to
> > reimplement Git? I always see the point in two things:
> > 1. using something existing
> > 2. innovating something new
> >
> > Game of Trees and OpenGit are not innovations, they are
> > implementations of existing innovation, if you've seen my
> > first message, I suggested option 1
>
> Look, if you don't like something why don't you just ignore it?
> Instead of wasting time by writing pointless messages which the
> many people on this list now have to delete from their inbox?
>
> The gameoftrees FAQ says:
> ""
> We don't need to hear your opinion that our project is pointless because
> Git is superior. Thank you!
> ""
> The same applies to Fossil or whatever else anyone thinks is superior.
>
> Why should I care about your opinion on what I should be working
> on in my spare time? It looks like you're just trying to annoy me.

One good thing with this trainwreck of a discussion is that it pointed
me to GoT. I've been looking for an alternative to CVS on my Amiga,
but git is too convoluted to even start trying to build on a
mostly-C89-semi-POSIX system. GoT seems like a much nicer starting
point.

dhcpd and unbound on a small LAN

[Anders Andersson]

I'm in the process of replacing an aging OpenWRT device on my home LAN
with an apu4d4 running OpenBSD as my personal router.

I would like to use unbound as a caching DNS server for my local
hosts, but I'm trying to figure out how to handle local hostnames. It
seems like a common scenario but I can't find a solution that feels
like the "right" way. I have two problems, one is trivial compared to
the other.


My first and very minor issue is that I would like to register my
static hosts in a more convenient way than what's currently offered by
unbound. From what I understand you would configure your local hosts
something like this:

local-zone: "home.lan." static
local-data: "laptop.home.lan.IN A 10.0.0.2"
local-data-ptr: "10.0.0.2  laptop.home.lan"

Every time information has to be entered twice there is room for error
and inconsistencies, so preferably this list should be automatically
generated from a simpler file, maybe /etc/hosts. I can of course
easily write such a script, but I'm wondering if there might be a
standard, go-to way of doing this.



My second and more difficult issue is that I can't seem to find a way
to feed information from the DHCP server into unbound, so that locally
assigned hosts can be queried by their hostnames. To clarify with an
example:

1. I install a new system and in the installation procedure I name it "alice".
2. "alice" asks for and receives an IP number from my DHCP server.
3. Every other machine can now connect to "alice" by name, assuming
that "alice" informed the DHCP server of its name when asking for an
address.

Currently this works because OpenWRT is using dnsmasq which is both a
caching DNS server and a DHCP server, so the left hand knows what the
right hand is doing. How can I solve this in OpenBSD base without
jumping through hoops?

Right now I'm considering something that monitors dhcpd.leases for
changes and updates a running unbound using unbound-control(8) but I
don't feel confident enough writing such a tool that does not miss a
lot of corner cases and handle startup/shutdown gracefully. I'm also
thinking that it can't be such an unusual use case, so someone surely
must have written such a tool already. I just haven't found any in my
search.

Or am I doing this the wrong way? I've now read about things like mDNS
and Zeroconf and Avahi and I'm just getting more and more confused.
Ideas are welcome!

Re: sysupgrade fails

[Anders Andersson]

On Sun, Jan 5, 2020 at 1:05 PM Christer Solskogen
 wrote:
>
> Sorry, I forgot to telll you that I run current. I was upgrading a snapshot
> from 1st of january to the latest one. But this has happened before (It
> looks like the last time sysupgrade did successfully work was 4th of
> December)
>
> On Sun, Jan 5, 2020 at 12:58 PM Christer Solskogen <
> christer.solsko...@gmail.com> wrote:
>
> > Hi!
> >
> > On one(out of two!) of my APUs sysupgrade fails, and I'm having trouble
> > understanding why.
> > This is what happens:
> >
> > Available disks are: sd0.
> > Which disk is the root disk? ('?' for details) [sd0] sd0
> > Checking root filesystem (fsck -fp /dev/sd0a)... OK.
> > Mounting root filesystem (mount -o ro /dev/sd0a /mnt)... OK.
> > Force checking of clean non-root filesystems? [no] no
> > umount: /mnt: Device busy
> > Can't umount sd0a!
> >
> > This does not happen if I run the upgrade manually by downloading a newer
> > bsd.rd and boot that.
> > This is a APU2c4 - My APU1 does not have this problem.
> >


Not sure if it's in any way related when it comes to doing a
sysupgrade compared to a clean install, but did you see this thread
and the corresponding BIOS upgrade?
http://openbsd-archive.7691.n7.nabble.com/APU2-fails-to-boot-on-OpenBSD-6-6-current-521-td379219.html

https://github.com/pcengines/coreboot/issues/356

Re: APU2 fails to boot on OpenBSD 6.6-current #521

[Anders Andersson]

On Sat, Jan 4, 2020 at 1:34 PM Mischa  wrote:
>
> On 20 Dec at 06:16, William Ahern  wrote:
> > On Fri, Dec 13, 2019 at 10:52:03PM +0100, Alexander Pluhar wrote:
> > >
> > > > Just upgraded my APU2 to the latest -current and it seems to hang on 
> > > > the disk.
> > > > It was fine running on -current #512.
> > >
> > > I encountered this problem on 6.6 stable with the latest syspatches 
> > > installed after
> > > updating the APU firmware[1] to 4.11.0.1.
> > >
> > > It worked again after downgrading to 4.10.0.3.
> > >
> > > [1] https://pcengines.github.io
> >
> > Here's the github ticket: https://github.com/pcengines/coreboot/issues/356
> > Looks like the culprit has been found and a fix submitted upstream.
> >
>
> 4.11.0.2 is released: https://pcengines.github.io/#mr-30

I can confirm that this solves the problem. Talk about bleeding edge.
I received my apu4c4 yesterday, tried to install OpenBSD on it today.
First time using an APU, and *of course* I was hit by this bug.
Fortunately I found the solution thanks to this email. After the
upgrade to 4.11.0.2 I could continue installing OpenBSD 6.6.

My apu4c4 was shipped from the store the same day as this patch came
out. Had I waited one more day I would have been blissfully unaware.
:)

Re: Suggestion: Replace Perl with Lua in the OpenBSD Base System

[Anders Andersson]

On Wed, Jan 1, 2020 at 4:51 AM Stuart Longland
 wrote:

> Perl 6 will be a major change though, more disruptive than the Python2→3
> mess was.  So we may be in for some "fun" in the near future.

Gotta stop this before it derails: perl 6 is not the next version of
perl 5. It's not compatible, it's not an upgrade, it's a completely
new language and does no longer even share the same name (renamed to
raku). There is no "perl 6" that will replace perl 5.

Re: perl popularity inside openbsd community? (Re: Suggestion: Replace Perl ...)

[Anders Andersson]

On Tue, Dec 31, 2019 at 4:30 PM Marc Chantreux
 wrote:
>
> On Tue, Dec 31, 2019 at 06:57:02AM -0600, Daniel Boyd wrote:
> > As one of the few remaining people out there who considers perl to be
> > their favorite language—starting to wonder if it’s just me and Larry
> > Wall at this point—I’d like to say that perl should stay in base on
> > its merits, all the perl-based system tools notwithstanding.
>
> one of the few remaining people ? is it so ? i really wonder ...
>
> Perl bashing is around the IT crowd for 20 decades and yet, when i
> compare with other dynamic langages:
>
> * perl is the only one who gives me the conciseness and spirit of unix
>   tools combined to the power of a dynamic langage (the only close one
>   is ruby, the next level is raku, the others look like jokes to me).
>   so as openbsd people seems to be confortable with this unix culture,
>   i'm inclined to think that perl is popular here.
> * CPAN is the best ecosystem to share code (metacpan is just awesome
>   compared to the other package sites, tooling is very good as well)
> * the popularity of perl around me don't reflect the "perl is dead" moto
>   we heard since so many years (yes: there is a decline but it's in
>   flavor of compiled langages. the only one who switched to python
>   made this choice for money reason)
>
> both perl and openbsd popularities are underestimated just because
> they still prefer mailing lists over stackoverflow (or other web
> services who try to buzz with some charts) and don't care that much
> about marketing. but still: i will be curious to know the perl
> popularity in the openbsd community.

Don't know if anyone cares because I'm not an OpenBSD dev (maybe some
day I'll find something useful to hack on), but perl is definitely my
go-to language. I agree with the "conciseness and spirit of unix
tools", it is something that I have thought about but have never been
able to formulate.

Of course its age is showing in some areas but in my experience, those
things are actually still worked on, and have been fixed without major
incompatibilities (python3 anyone?).

I remember a few years ago when I was briefly researching a
replacement for perl for my personal projects and I tried out python3
and ruby in parallel and ruby was definitely the winner there. I have
absolutely no idea why python even gained the popularity it has, it
felt like a random hack, especially compared to ruby. The only thing I
really miss from python is "yield".

Re: I want to use I2Pd on OpenBSD.

[Anders Andersson]

On Thu, May 16, 2019 at 1:36 AM  wrote:
>
> I2P (Invisible Internet Protocol) is a universal anonymous network layer.
> Ofcouse I2P(Java) is already exist on packages.
>
> but, I2P is Java application and so big.
>
> While Java I2P and i2pd are both clients for the I2P network.
>
> i2pd has some big differences and advantages:
> i2pd is just a router which you can use with other software through I2CP
> interface.
> i2pd does not require Java. It's written in C++.
> i2pd consumes less memory and CPU.
> i2pd can be compiled everywhere gcc or clang presented (including
> Raspberry and routers).
> i2pd has some major optimizations for faster cryptography which leads to
> less consumption of processor time and energy.

Ok, so why don't you use it if it already works everywhere? I don't
think I understand your problem, or is this mostly an ad for I2Pd?

Re: Code of Conduct location

[Anders Andersson]

On Sun, Apr 28, 2019 at 10:04 AM Martijn van Duren
 wrote:
>
> You mean something like this the following?
> https://www.openbsd.org/mail.html
>
> martijn@

This one sadly seems to be lacking from every code of conduct:
"Respect differences in opinion and philosophy".

Re: hacked for the second time

[Anders Andersson]

On Wed, Apr 3, 2019 at 8:58 PM Cord  wrote:
>
> Hi,
> I have some heavy suspect that my openbsd box was been hacked for the second 
> time in few weeks. The first time was been some weeks ago, I have got some 
> suspects and after few checks I have found that someone was been connected to 
> my vps via ssh on a non-standard port using my ssh key. The connection came 
> from a tor exit node. There were been 2 connections and up since 5 days. Now 
> I have some other new suspects because some private email seems knew from 
> others. Also I have found other open sessions on the web gui of my email 
> provider, but I am abolutely sure I have done the logout always.
> I am using just chrome+unveil and I haven't used any other script or opened 
> pdf (maybe I have opened 1 or 2 pdf from inside of chrome). I have used 
> epiphany *only* to open the webmail because chrome crash. My email provider 
> support html (obviously) but generally photo are not loaded. Ofcourse I have 
> pf enable and few service.
> I also use a vpn and I visit very few web site with chrome.. maybe 20 or 25 
> website just to read news. Sometimes I search things about openbsd.
> Anyone could help me ?
> Cord.


Sounds to me like you're letting someone else mess with your hardware
since you mention a VPS. I don't see how you could trust that in the
first place. They have complete access to every machine.

Re: Virtual interfaces with own MACs

[Anders Andersson]

On Wed, Sep 26, 2018 at 1:54 PM, Per-Olov Sjöholm  wrote:
> Hi
>
> I want to receive 2 IPs that are mine from the ISP (I have to supply 2 MACs) 
> over DHCP. They have a problem letting me add them permanent without dhcp as 
> their snooping blocks my connection if not using dhcp.
>
> I want to use just one physical interface as I do not have more 10Gbit 
> interfaces to spare. Also I want to use fake virtual MAC so I can switch 
> hardware without contacting the ISP.
>
> Is it possible in OpenBSD to create sub interfaces with different MACs on 
> them and use dhcp for both? How?
>
> In linux I think it can be done as:
> ip link add link eth0 address 00:11:11:11:11:11 eth0.1 type macvlan
> ifconfig eth0.1 up
> dhclient -v eth0.1
> ip link add link eth0 address 00:11:11:11:11:12 eth0.2 type macvlan
> ifconfig eth0.2 up
> dhclient -v eth0.2
>
>
>
> Is it possible to something similar to
>
> /etc/hostname.ix3
> up
>
> /etc/hostname.ix3:1
> !ifconfig SUBINT VIRTUAL_NEW_MAC SUBDEV $if Public IP  1”
> !dhclient ix3:1
>
>
> /etc/hostname.ix3:2
> !ifconfig SUBINT VIRTUAL_NEW_MAC SUBDEV $if Public IP  2”
> !dhclient ix3:2
>
>
> If so… What should they look like. Note that I want to provide the ISP the 
> virtual MACs and not the cards physical MAC…

Here is an old post of mine explaining what sounds like your exact
setup for the same reason:
http://openbsd-archive.7691.n7.nabble.com/Bridged-vether-interfaces-can-t-talk-to-each-other-multiple-routing-tables-td316937.html

I did get most of it working, but it was a long time ago and I never
used the router in "real life". I had issues communicating between the
domains. I'm not sure if those examples are good or bad but it could
be a starting point.

Re: Hellos from the Lands of Norway.

[Anders Andersson]

On Sat, Dec 9, 2017 at 5:21 AM, gwes  wrote:
> On 12/07/17 07:31, Ywe Cærlyn wrote:
>>
>> I saw AMDs "semi-custom" CPU email form and told them that I wanted a CPU,
>> that is clockspeed oriented, not cores (might aswell be singlecore with high
>> HZ), that could be using several instruction macros (combining two or
>> three), for max virtual clockspeed, and an optimizing compiler for this. And
>> wondered if an additional poweroff mode could be added to the binary stream
>> of 1 0, so that bitwise i/o and cpu scheduling could be done.
>>
>> If one could get the virtual clockspeed up to 12ghz, I think no regular
>> user would ever use more than a single core. And it´d be a megahit.
>> [...]
>>
> CPU clock speed != performance.
> [...]
>

You must be new to this thread and/or user. Ywe/Üwe is the biggest
troll this year. Either that, a bot, a mental patient with internet
connection, or an art project. Trying to decode his ramblings will
surely make you insane.

Re: openbsd code coverage

[Anders Andersson]

On Sat, Dec 9, 2017 at 12:46 PM, Rupert Gallagher  wrote:
> Code Coverage?

Type that into google instead, maybe you will get a better answer.

Re: OpenBSD and you

[Anders Andersson]

On Tue, May 9, 2017 at 10:22 PM, Peter N. M. Hansteen  wrote:
> And I was just reminded off-list that the remark markdown variant
> (https://github.com/gnab/remark) used for this presentation requires
> javascript enabled in your browser.
>
> Sorry about that.
>
> I'll be looking into workarounds, hopefully some can be found.

Thank you for caring!

Re: DHCP in vmm guest

[Anders Andersson]

On Thu, May 4, 2017 at 4:13 PM, Jiri B  wrote:
> On Thu, May 04, 2017 at 03:49:27PM +0200, Reyk Floeter wrote:
>> So you have the VM interface and the host interface on a bridge:
>> dhclient on the host "steals" all DHCP packets via BPF.
>>
>> Try to pkill dhclient on the host and the VM should be able to get DHCP.
>>
>> There is currently no solution for that, it is the way our dhclient works,
>> you can try to run the VM on a NAT'ed bridge or use "-L" local interfaces.
>
> What about using vether with bridge and having host's dhclient using
> vether?

That is my solution to the same problem. Essentially I've had to make
my "primary" interface into a vether. Without this bug, I could have
used em2 (in this case) directly. Now I use vether and em2 in a
bridge.

Re: Etnernal & infernal browser woes

[Anders Andersson]

On Fri, Apr 28, 2017 at 4:09 PM, Jyri Hovila [iki.fi]
 wrote:
>
>> Have you properly configured your user?
>
> As far as I know, raising the ulimit and being in the staff class can
> not possibly be the solution. Ulimit has to be raised unless one wants
> the browser(s) to constantly crash due to memory exhaustion, and that
> I havedone. But really: adding a normal user to staff class just to be
> able to run a browser properly is not in line with the secure by default
> approach, and should not (in my opinion) affect the performance in any
> way.

>From what I read, it seems as if the problems are mostly from when you
try websites which are heavy on javascript. Let me butt in as a grumpy
not-so-old man and point out that there's nothing even remotely
"secure by default" by even allowing javascript, considering its
horrible track record.

Perhaps this is one of the reasons for the disinterest with browser performance?

Re: Bridged vether interfaces can't talk to each other (multiple routing tables)

[Anders Andersson]

In case someone finds this thread in the future, I would like to add
that I have now received a possible solution to the problem
out-of-band. The solution is to use pair(4):

The following setup works for me, although it is a bit too convoluted:

# cat /etc/hostname.pair0
up

# cat /etc/hostname.pair1
rdomain 1 up patch pair0

# cat /etc/hostname.bridge0
add em2 add vether0 add pair0
!dhclient vether0
!dhclient pair1


In this setup, both vether0 and pair1 gets a separate IP address on
the same network but in different routing domains, but they can still
talk to each other over the patched pair+bridge.

This leads to the following mess, only possible to decipher with a
monospace font:

..-.  10.0.0.1  .-,(  ),-.
| bridge0|   em2   |dhcp server  .-(  )-.
|| (no ip) |--->  gateway   --->(internet)
|'-' __  '-(  ).-'
.---. .---.|[_...__...°] '-.( ).-'
|  vether0  | |   pair0   ||
| rdomain 0 | | rdomain 0 ||
|   dhcp| |  (no ip)  ||
| 10.0.0.2  | '---'|.---.
'---'---^--'|   pair1   |
|   | rdomain 1 |
'---patch---|   dhcp|
| 10.0.0.3  |
'---'

Still not sure if this is a good idea, but it is the solution to my
literal problem so I consider that one solved.







On Sat, Apr 22, 2017 at 3:49 AM, Anders Andersson <pipat...@gmail.com> wrote:
> === BACKGROUND ===
>
> I'm trying to set up an OpenBSD 6.1 server having two externally visible
> IP numbers through one physical network port, each IP mapping to a
> unique MAC address[1]. I have it mostly working, but my interfaces can't
> talk to each other.
>
> All traffic should use the primary IP, and most services should listen
> on that. The secondary IP should only be used on-demand for one or two
> services.
>
> Thinking that separate routing tables can solve this, I have configured
> my network like this[2][3]:
>
> # cat hostname.em2
> up
>
> # cat hostname.vether0
> lladdr 00:00:00:00:00:02
>
> # cat hostname.vether1
> lladdr 00:00:00:00:00:03 rdomain 1
>
> # cat hostname.bridge0
> add em2 add vether0 add vether1 up
> !dhclient vether0
> !dhclient vether1
>
> # cat sysctl.conf
> net.inet.ip.forwarding=1
>
> Leading to something like this[4]:
> (full post in monospace: http://paste.debian.net/928811 )
>
> ..-.  10.0.0.1  .-,(  ),-.
> | bridge0|   em2   |dhcp server  .-(  )-.
> || (no ip) |--->  gateway   --->(internet)
> |'-' __  '-(  ).-'
> |  |[_...__...°] '-.( ).-'
> .---.  .---.
> |  vether0  |  |  vether1  |
> | rdomain 0 |  | rdomain 1 |
> |   dhcp|  |   dhcp|
> | 10.0.0.2  |  | 10.0.0.3  |
> '---'--'---'
>
> Everything else should be the default, this is on a clean 6.1 install.
>
> This configuration works great, vether0 and vether1 both gets an IP
> number from my DHCP server, all traffic goes out on vether0 by default,
> but I can select vether1 manually:
>
> # traceroute -nvq1 10.0.0.1
> traceroute to 10.0.0.1 (10.0.0.1), 64 hops max, 40 byte packets
>  1  10.0.0.1 48 bytes to 10.0.0.2  0.994 ms
>
> # route -T1 exec traceroute -nvq1 10.0.0.1
> traceroute to 10.0.0.1 (10.0.0.1), 64 hops max, 40 byte packets
>  1  10.0.0.1 48 bytes to 10.0.0.3  0.984 ms
>
> I can also reach each IP from outside the box. They are going in on em2,
> through the bridge, and in to vether0 or vether1 respectively.
>
>
>
>
> === PROBLEM ===
>
> Now to my problem: I have no connection between vether0<->vether1.
>
> # traceroute -nvq1 10.0.0.3
> traceroute to 10.0.0.3 (10.0.0.3), 64 hops max, 40 byte...
>  1  *
>  2  *
> ^C
>
> If I listen with tcpdump on the bridge, I see lots of unanswered arp
> who-has:
>
> # tcpdump -nti bridge0
> tcpdump: listening on bridge0, link-type EN10MB
> arp who-has 10.0.0.3 tell 10.0.0.2
> arp who-has 10.0.0.3 tell 10.0.0.2
> ^C
>
> These packets even go out on em2 to my LAN, but no one ever answers. The
> same thing happens in reverse.
>
> I have experimented with these bridge settings:
> 'blocknonip' - adding or removing on members makes no difference
> 'discover' - should be the default, adding makes no difference
> 'learn' - should be the default, adding makes no difference
>
>
>
> 

Re: Bridged vether interfaces can't talk to each other (multiple routing tables)

[Anders Andersson]

On 22 April 2017 at 04:22, Edgar Pettijohn <ed...@pettijohn-web.com> wrote:
> On 04/21/17 20:49, Anders Andersson wrote:
>>
>> Now to my problem: I have no connection between vether0<->vether1.
>>
>>  # traceroute -nvq1 10.0.0.3
>>  traceroute to 10.0.0.3 (10.0.0.3), 64 hops max, 40 byte...
>>   1  *
>>   2  *
>>  ^C
>>
>> If I listen with tcpdump on the bridge, I see lots of unanswered arp
>> who-has:
>>
>>  # tcpdump -nti bridge0
>>  tcpdump: listening on bridge0, link-type EN10MB
>>  arp who-has 10.0.0.3 tell 10.0.0.2
>>  arp who-has 10.0.0.3 tell 10.0.0.2
>>  ^C
>
>
> Never done this, but maybe you need an arp proxy.  Not sure which $iface to
> put it on, but something like:
> # arp -s 10.0.0.2 00:00:00:00:00:02 pub
>
> may or may not help depending on if my understanding of what I read in the
> manual actually does what I think it will.

Thank you for the reply! I tried this, and it *does* help with the ARP
problem. However, it only moves the problem to the next stage.

# ping 10.0.0.3
PING 10.0.0.3 (10.0.0.3): 56 data bytes
^C

# tcpdump -nti vether1
tcpdump: listening on vether1, link-type EN10MB
10.0.0.2 > 10.0.0.3: icmp: echo request
10.0.0.2 > 10.0.0.3: icmp: echo request
10.0.0.2 > 10.0.0.3: icmp: echo request
^C

Now the pings are transmitted, and according to tcpdump, they are
received on the virtual interface, it's just that there's no reply.
Pinging the same interface from outside the box works great, the
packets are transported through the physical interface, through the
bridge, and ending up at the virtual interface which replies. Running
httpd on the interface in routing domain 1 also works from the
outside.

I probably have to trim this down to an even smaller example in order
to get any help, I realize that the initial mail was a bit much to
digest. I don't really *have* to connect between the interfaces, but I
expect that I will find a lot of problems with this setup in the
future unless I understand all the issues involved.

// Anders

Bridged vether interfaces can't talk to each other (multiple routing tables)

[Anders Andersson]

=== BACKGROUND ===

I'm trying to set up an OpenBSD 6.1 server having two externally visible
IP numbers through one physical network port, each IP mapping to a
unique MAC address[1]. I have it mostly working, but my interfaces can't
talk to each other.

All traffic should use the primary IP, and most services should listen
on that. The secondary IP should only be used on-demand for one or two
services.

Thinking that separate routing tables can solve this, I have configured
my network like this[2][3]:

# cat hostname.em2
up

# cat hostname.vether0
lladdr 00:00:00:00:00:02

# cat hostname.vether1
lladdr 00:00:00:00:00:03 rdomain 1

# cat hostname.bridge0
add em2 add vether0 add vether1 up
!dhclient vether0
!dhclient vether1

# cat sysctl.conf
net.inet.ip.forwarding=1

Leading to something like this[4]:
(full post in monospace: http://paste.debian.net/928811 )

..-.  10.0.0.1  .-,(  ),-.
| bridge0|   em2   |dhcp server  .-(  )-.
|| (no ip) |--->  gateway   --->(internet)
|'-' __  '-(  ).-'
|  |[_...__...°] '-.( ).-'
.---.  .---.
|  vether0  |  |  vether1  |
| rdomain 0 |  | rdomain 1 |
|   dhcp|  |   dhcp|
| 10.0.0.2  |  | 10.0.0.3  |
'---'--'---'

Everything else should be the default, this is on a clean 6.1 install.

This configuration works great, vether0 and vether1 both gets an IP
number from my DHCP server, all traffic goes out on vether0 by default,
but I can select vether1 manually:

# traceroute -nvq1 10.0.0.1
traceroute to 10.0.0.1 (10.0.0.1), 64 hops max, 40 byte packets
 1  10.0.0.1 48 bytes to 10.0.0.2  0.994 ms

# route -T1 exec traceroute -nvq1 10.0.0.1
traceroute to 10.0.0.1 (10.0.0.1), 64 hops max, 40 byte packets
 1  10.0.0.1 48 bytes to 10.0.0.3  0.984 ms

I can also reach each IP from outside the box. They are going in on em2,
through the bridge, and in to vether0 or vether1 respectively.




=== PROBLEM ===

Now to my problem: I have no connection between vether0<->vether1.

# traceroute -nvq1 10.0.0.3
traceroute to 10.0.0.3 (10.0.0.3), 64 hops max, 40 byte...
 1  *
 2  *
^C

If I listen with tcpdump on the bridge, I see lots of unanswered arp
who-has:

# tcpdump -nti bridge0
tcpdump: listening on bridge0, link-type EN10MB
arp who-has 10.0.0.3 tell 10.0.0.2
arp who-has 10.0.0.3 tell 10.0.0.2
^C

These packets even go out on em2 to my LAN, but no one ever answers. The
same thing happens in reverse.

I have experimented with these bridge settings:
'blocknonip' - adding or removing on members makes no difference
'discover' - should be the default, adding makes no difference
'learn' - should be the default, adding makes no difference



=== EXPECTATIONS ===

I expected that someone should answer those arp who-is requests, either
vether1 directly, or the bridge0 who should know which interfaces it
has. Is there something I must configure to make this work, or is my
plan flawed from the start?





=== INFORMATION ===

Various information that could help answer my question (trimmed
whitespace and boilerplate):

# route -n show -inet
Destination   Gateway   Flags Refs Use   Mtu Prio Iface
default   10.0.0.1  UGS  0   0 -8 vether0
224/4 127.0.0.1 URS  0   0 327688 lo0
10.0.0/24 10.0.0.2  UCn  1   0 -4 vether0
10.0.0.1  link#6UHLch1   1 -3 vether0
10.0.0.2  00:00:00:00:00:02 UHLl 0   0 -1 vether0
10.0.0.25510.0.0.2  UHb  0   0 -1 vether0
127/8 127.0.0.1 UGRS 0   0 327688 lo0
127.0.0.1 127.0.0.1 UHhl 1   2 327681 lo0

# route -T1 -n show -inet
Destination   Gateway   Flags Refs Use   Mtu Prio Iface
default   10.0.0.1  UGS  0  32 -8 vether1
10.0.0/24 10.0.0.3  UCn  1   4 -4 vether1
10.0.0.1  00:00:00:00:00:01 UHLch1   3 -3 vether1
10.0.0.3  00:00:00:00:00:03 UHLl 0   0 -1 vether1
10.0.0.25510.0.0.3  UHb  0   0 -1 vether1

# for if in bridge0 em2 vether{0,1}; do ifconfig $if; done
bridge0: flags=41
   description: Bridge for external virtual NICs
   index 9 llprio 3
   groups: bridge
   priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp
   designated: id 00:00:00:00:00:00 priority 0
   em2 flags=3
   port 3 ifpriority 0 ifcost 0
   vether0 flags=3
   port 6 ifpriority 0 ifcost 0
   vether1 flags=3
   port 7 ifpriority 0 ifcost 0
   Addresses (max cache: 100, timeout: 240):
   00:00:00:00:00:01 em2 1 flags=0<>
em2: