Re: OpenBSD on Macbook 12" 2017?
Interesting - I thought SPI was as old as the hills, but I see Intel has an "enhanced" SPI now. https://en.wikipedia.org/wiki/Serial_Peripheral_Interface On Fri, Mar 15, 2019 at 10:31 AM joshua stein wrote: > On Fri, 15 Mar 2019 at 09:18:02 +0100, Harald Dunkel wrote: > > Hi folks, > > > > does it work, OpenBSD on a 12" Macbook 2017? I tried Linux once, > > but keyboard and trackpad were not working, so I kept MacOS. > > The keyboard and touchpad are connected over SPI now, so they > require a new Intel SPI controller driver and then two custom > drivers for the keyboard and touchpad. > > So no, the device does not work on OpenBSD unless you use a USB > keyboard/mouse. > > -- andrew fabbro and...@fabbro.org
Re: TLS suddenly not working over IKED site-to-site - SOLVED?
On Thu, Dec 20, 2018 at 6:54 PM Theodore Wynnychenko wrote: > Then, I took the advice above, and disable ipcomp on the tunnel, and, BAHM, > https (and imaps) were working without an issue from openbsd, Windows 7, and > Macs! > > Just to be sure, I updated this am to the 12/19 amd64 snapshot. > > When I turn on ipcomp, https/imaps hangs for most connections; when I turn > ipcomp off, https/imaps works. I can confirm this behavior. I've set up a simple RSA key VPN as described at http://www.openbsd.org/faq/faq17.html#site2site, which does not include ipcomp by default, and everything works fine, including https. After reading this I decided to test enabling ipcomp, and sure enough, loading an https page across the VPN fails. With ipcomp I also see some "unprotected" packets when running tcpdump on enc0, e.g.: 13:32:19.600062 (authentic,confidential): SPI 0xee345270: 10.95.10.236.57254 > 10.95.0.233.443: P 273:518(245) ack 5604 win 455 (DF) (encap) 13:32:19.614996 (unprotected): SPI 0x5a04: 10.95.0.233.443 > 10.95.10.236.57254: . 5604:7052(1448) ack 518 win 252 (DF) (encap) I don't know why that is happening, but as everything seems to work well and perform decently without ipcomp, I'll be leaving it disabled. > I noticed that the last change to sys/netinet/ip_ipcomp.c (I am guessing this > is the code that is involved) in the log (I think) was about 3 months ago, > and at this point, I can't recall if my last updated (prior to the one where > the instability began) was before or after that change. > > I was going to try to recompile it with the change undone, but am not sure > how to do that, or even if it can be done for just that one part of sys. Yes, just use git or cvs (whatever you checked out the code with) to fetch an earlier revision of that file (not the whole repo) and then build a new kernel. Sometimes you'd need to also revert other related changes, but that does not appear to be the case here, assuming you're referring to [1]. Note that some previous commits did touch multiple files. > And, after removing ipcomp from iked.conf, my subjective observation is that > things load a lot faster than they seemed to in the past with ipcomp on; so, > I am happy with where I am. > > I was just posting my observations in case anyone else has a similar issue. Thank you for sharing. I had (I think) been using ipcomp in my old ikev1 (ipsec.conf/isakmpd) setup but had not yet gotten around to enabling it in the ikev2 setup. Based on this, I won't bother. -Andrew [1] https://github.com/openbsd/src/commit/4b5fa55
Re: Automated remote install
On Tue, Dec 18, 2018 at 1:03 AM Frank Beuth wrote: > On Mon, Dec 17, 2018 at 02:35:41PM -0200, Daniel Bolgheroni wrote: > >If you're going to run on some public cloud, they usually offer the > >possibility of keeping a custom image you provide, and use this image to > >deploy new VMs based on it. > > "usually" being the key word here :) > Virtually all of the better KVM hosts offer an OpenBSD ISO, and in my experience, 100% will add it to their library if you request it. Note that I'm referring to KVM providers (traditional VPS providers), not "public cloud". The big boys - AWS, Azure, Google, etc. are not interested in OpenBSD. The mid-tier players - DigitalOcean, Vultr, Linode - are semi-interested. Vultr offers it natively. You can shim on Linode or DO but why bother then the main field of KVM players (there are thousands) offer it. If you search for a VPS provider that offers KVM (not OpenVZ, VIrtuozzo, or Xen) you will find many. -- andrew fabbro and...@fabbro.org
Re: openbsd 6.4 as guest VM on Xen cannot detect disk
I have no idea what is causing your backend timeout, but your VM config would be useful information, and take a look at xend.log etc. on the host for any related errors (if you have access to it). I'm running OpenBSD 6.4 just fine under Xen; however my Dom0 is only 4.4.4 (dmesg attached). Note that in your 6.0 dmesg, you have "wd0 at pciide0" vs. my "sd0 at scsibus1" via "scsibus1 at xbf0"; the man page for xbf(4) indicates it was added in 6.1, and that it takes over all virtual disks. As a workaround, you might try boot -c and disable xbf, which would presumably present your disk via the emulated IDE controller. -Andrew OpenBSD 6.4 (GENERIC.MP) #364: Thu Oct 11 13:30:23 MDT 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 1056964608 (1008MB) avail mem = 1015713792 (968MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xeb01f (12 entries) bios0: vendor Xen version "4.4.4_34-61.32.1" date 08/17/2018 bios0: Xen HVM domU acpi0 at bios0: rev 2 acpi0: sleep states S5 acpi0: tables DSDT FACP APIC WAET SSDT SSDT acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat ioapic0 at mainbus0: apid 1 pa 0xfec0, version 11, 48 pins, remapped cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU E5450 @ 3.00GHz, 2993.06 MHz, 06-17-06 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,SSSE3,CX16,SSE4.1,x2APIC,DEADLINE,HV,NXE,LONG,LAHF,MELTDOWN cpu0: 6MB 64b/line 16-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 100MHz cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Xeon(R) CPU E5450 @ 3.00GHz, 2992.68 MHz, 06-17-06 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,SSSE3,CX16,SSE4.1,x2APIC,DEADLINE,HV,NXE,LONG,LAHF,MELTDOWN cpu1: 6MB 64b/line 16-way L2 cache cpu1: smt 0, core 2, package 0 acpiprt0 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0: C1(@1 halt!) acpicpu1 at acpi0: C1(@1 halt!) acpicmos0 at acpi0 "ACPI0007" at acpi0 not configured "ACPI0007" at acpi0 not configured pvbus0 at mainbus0: Xen 4.4 xen0 at pvbus0: features 0x705, 32 grant table frames, event channel 4 "vfb" at xen0: device/vfb/0 not configured xbf0 at xen0 backend 0 channel 6: disk scsibus1 at xbf0: 2 targets sd0 at scsibus1 targ 0 lun 0: SCSI3 0/direct fixed sd0: 4096MB, 512 bytes/sector, 8388608 sectors xnf0 at xen0 backend 0 channel 7: address 00:16:3e:79:85:28 xnf1 at xen0 backend 0 channel 8: address 00:16:3e:46:21:98 "console" at xen0: device/console/0 not configured pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02 pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00 pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility pciide0: channel 0 disabled (no drives) pciide0: channel 1 disabled (no drives) piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x01: SMBus disabled vga1 at pci0 dev 2 function 0 "Cirrus Logic CL-GD5446" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) xspd0 at pci0 dev 3 function 0 "XenSource Platform Device" rev 0x01 isa0 at pcib0 isadma0 at isa0 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: console pckbc0 at isa0 port 0x60/5 irq 1 irq 12 pckbd0 at pckbc0 (kbd slot) wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 vscsi0 at root scsibus2 at vscsi0: 256 targets softraid0 at root scsibus3 at softraid0: 256 targets root on sd0a (70bae60fe9b7d0df.a) swap on sd0b dump on sd0b fd0 at fdc0 drive 0: density unknown fd1 at fdc0 drive 1: density unknown
Re: Intel Celeron SoC support
Hi Chris, I decided to sell the board and get a different one.. But for others wanting to use this board in the future. I tried both USB and PS2 Native (no adapter) keyboards. Neither work after the installer starts. Bearing in mind none of the SATA ports are detected either.. Cheers, Andy. On Wed, Nov 21, 2018 at 3:42 AM Chris Cappuccio wrote: > Andrew Lemin [andrew.le...@gmail.com] wrote: > > Hi, > > > > I am running an ASRock J4105B-ITX board and wanting to run OpenBSD on > this. > > https://www.asrock.com/MB/Intel/J4105B-ITX/index.asp#BIOS > > > > It boots up, and at the 'boot>' prompt I can use the keyboard find. > > > > However after it boots up, the keyboard stops working, and no disks are > > found by the installer (used auto_install to send test commands). > > It appears that there is no chipset support, for the Intel Celeron J4105 > > CPU from what I can work out. > > > > To test that it was working fine and is just OpebBSD which is not > working, > > I installed Linux and have included the dmesg below (from Linux). > > I cannot run a dmesg from the OpenBSD installer as I cannot use the > > keyboard etc. > > > > The ASRock J4205-ITX (Apollo Lake) works fine, so does the J3710-ITX > (Braswell). > > I use them both headless, but they work fine when I plug in a USB keyboard. > > The J4105-ITX (Gemini Lake) is newer than either. > > What kind of keyboard are you using? If it's not USB, plug in a USB > keyboard. > Although it may not work at the boot> prompt, it will work once you are > booted > up. > > For fun, here are dmesg for the older versions of your board. They both > work > with USB input devices. > > Braswell > > > OpenBSD 6.3-current (GENERIC.MP) #21: Fri Jun 29 17:32:47 PDT 2018 > ch...@r8.nmedia.net:/usr/src/sys/arch/amd64/compile/GENERIC.MP > real mem = 8023584768 (7651MB) > avail mem = 7771283456 (7411MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xecec0 (18 entries) > bios0: vendor American Megatrends Inc. version "P1.30" date 03/30/2016 > bios0: ASRock J3710-ITX > acpi0 at bios0: rev 2 > acpi0: sleep states S0 S3 S4 S5 > acpi0: tables DSDT FACP APIC FPDT FIDT AAFT MCFG HPET SSDT SSDT SSDT UEFI > LPIT CSRT > acpi0: wakeup devices UAR1(S4) XHC1(S4) HDEF(S4) PXSX(S4) RP01(S4) > PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) BRCM(S0) PWRB(S4) > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: Intel(R) Pentium(R) CPU J3710 @ 1.60GHz, 1600.37 MHz > cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT,MELTDOWN > cpu0: 1MB 64b/line 16-way L2 cache > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges > cpu0: apic clock running at 79MHz > cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3.3, IBE > cpu1 at mainbus0: apid 2 (application processor) > cpu1: Intel(R) Pentium(R) CPU J3710 @ 1.60GHz, 1600.00 MHz > cpu1: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT,MELTDOWN > cpu1: 1MB 64b/line 16-way L2 cache > cpu1: smt 0, core 1, package 0 > cpu2 at mainbus0: apid 4 (application processor) > cpu2: Intel(R) Pentium(R) CPU J3710 @ 1.60GHz, 1600.00 MHz > cpu2: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT,MELTDOWN > cpu2: 1MB 64b/line 16-way L2 cache > cpu2: smt 0, core 2, package 0 > cpu3 at mainbus0: apid 6 (application processor) > cpu3: Intel(R) Pentium(R) CPU J3710 @ 1.60GHz, 1600.00 MHz > cpu3: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT,MELTDOWN > cpu3: 1MB 64b/line 16-way L2 cache > cpu3: smt 0, core 3, package 0 > ioapic0 at mainbus0: apid 1 pa 0xfec0, version
Re: PF Outbound traffic Load Balancing over multiple tun/openvpn interfaces/tunnels
y nat-to (tun1) rtable 1 match out on tun2 from any to any nat-to (tun2) rtable 2 #Allow outbound traffic on egress for vpn tunnel setup etc pass out quick on { $if_ext } from self to any set prio (3,6) #Load balance outbound traffic from internal network across tun1 and tun2 - THIS IS NOT WORKING - IT ONLY USES FIRST TUNNEL pass in quick on { $if_int } to any route-to { (tun1 10.8.8.1), (tun2 10.8.8.1) } round-robin set prio (3,6) #Allow outbound traffic over vpn tunnels pass out quick on tun1 to any set prio (3,6) pass out quick on tun2 to any set prio (3,6) # Verify which tunnels are being used systat ifstat *This command shows that all the traffic is only flowing over the first tun1 interface, and the second tun2 is never ever used.* # NB; I have tried with and without 'set state-policy if-bound'. I have tried all the load balancing policies; round-robin, random, least-states and source-hash If I change the 'route-to' pool to "{ (tun2 10.8.8.1), (tun1 10.8.8.1) }", then only tun2 is used instead.. :( So 'route-to' seems to only use the first tunnel in the pool. Any advice on what is going wrong here. I am wondering if I am falling victim to some processing-order issue with PF, or if this is a real bug? Thanks, Andy. On Wed, Sep 12, 2018 at 5:58 PM Stuart Henderson wrote: > On 2018-09-11, Andrew Lemin wrote: > > Hi list, > > > > I use an OpenVPN based internet access service (like NordVPN, AirVPN > etc). > > > > The issue with these public VPN services, is the VPN servers are always > congested. The most I’ll get is maybe 10Mbits through one server. > > > > Local connection is a few hundred mbps.. > > > > So I had the idea of running multiple openvpn tunnels to different > servers, and load balancing outbound traffic across the tunnels. > > > > Sounds simple enough.. > > > > However every vpn tunnel uses the same subnet and nexthop gw. This of > course won’t work with normal routing. > > rtable/rdomain with openvpn might be a bit complex, I think it may need > persist-tun and create the tun device in advance with the wanted rdomain. > (you need the VPN to be in one, but the UDP/TCP connection in another). > > Assuming you are using tun (and so point-to-point connections) rather > than tap, try one or other of these: > > - PF route-to and 'probability', IIRC it works to just use a junk > address as long as the interface is correct ("route-to 10.10.10.10@tun0", > "route-to 10.10.10.10@tun1"). > > - ECMP (net.inet.ip.multipath=1) and multiple route entries with > the same priority. Use -ifp to set the interface ("route add > default -priority 8 -ifp $interface $dest"). > > The "destination address" isn't really very relevant for routing > on point-to-point interfaces (though current versions of OpenBSD > do require that it matches the destination address on the interface, > otherwise they won't allow the route to be added). > > >
Re: why thread is not usable in perl5 of OpenBSD6.4?
On Sun, Nov 25, 2018 at 09:32:33PM -0800, Philip Guenther wrote: > On Sun, Nov 25, 2018 at 1:57 AM 岡本健二 wrote: > > > I have to use thread on the perl5 of OpenBSD 6.4. > > However, it was disabled on the distribution. > > > > Hmm, is this something that worked in previous releases, or is something > that you've only tried in OpenBSD 6.4? > > Off-hand, it's still disabled by default in the Configure script that perl > people ship, and I don't see anything in the OpenBSD bits to override their > choice. One of the main reasons is that the "use of interpreter-based threads in perl is officially discouraged" and has been unofficially discouraged for a lot longer. http://perldoc.perl.org/threads.html#WARNING My understanding of the reason it is discouraged is that the threading mechanism in perl does not lend itself to correct code and you're probably better off doing something simpler and getting nearly as good results using another mechanism. > > I tried to make the thread active to recompile the perl5 with -Dusethreads, > > which led me to many test fails. > > > > Were there tests that failed with -Dusethreads that passed when that wasn't > used? If so, which, and what was their output? The perl test suite does not like to run in the OpenBSD source tree, I don't recall why off the top of my head, just that it doesn't. If you had failures that are different than you get without enabling threads, that might be interesting to diagnose. > To put it another way: if you're suggesting that we build the base perl > with -Dusethreads, what are the consequences of that? Test failures? > Bigger binary? pkg_add is slower? It does make perl anecdotally 10% slower overall (as I recall) for non threaded operations. Obviously that depends on the workload, but since we don't use them, making pkg_add and other things that use perl faster seems more useful. http://perldoc.perl.org/perlthrtut.html#Performance-considerations > Why the thread function was disabled in this release? > > Is it security reason? > > > > Upstream has it off by default, nothing so far has needed it, and it makes > things slower (or at least that's why upstream says). Why would we enable > it? See above for more reasoning and you might look at p5-Coro if you really need threads, I haven't had a need for them but have heard they work better than the core implementation. https://metacpan.org/pod/Coro l8rZ, -- andrew - http://afresh1.com People who invent random theories which only defend the vendor must have been beaten as children. Beaten with sticks. At least, that's my theory. -- Theo De Raadt
Intel Celeron SoC support
Hi, I am running an ASRock J4105B-ITX board and wanting to run OpenBSD on this. https://www.asrock.com/MB/Intel/J4105B-ITX/index.asp#BIOS It boots up, and at the 'boot>' prompt I can use the keyboard find. However after it boots up, the keyboard stops working, and no disks are found by the installer (used auto_install to send test commands). It appears that there is no chipset support, for the Intel Celeron J4105 CPU from what I can work out. To test that it was working fine and is just OpebBSD which is not working, I installed Linux and have included the dmesg below (from Linux). I cannot run a dmesg from the OpenBSD installer as I cannot use the keyboard etc. Will support come for this SoC architecture? Or am I better of selling this board? Think its a Gemini Lake SoC Chipset; [0.00] Linux version 4.9.0-8-amd64 (debian-ker...@lists.debian.org) (gcc version 6.3.0 20170516 (Debian 6.3.0-18+deb9u1) ) #1 SMP Debian 4.9.130-2 (2018-10-27) [0.00] Command line: BOOT_IMAGE=/vmlinuz-4.9.0-8-amd64 root=/dev/mapper/virt1--vg-root ro quiet intel_iommu=on [0.00] x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers' [0.00] x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers' [0.00] x86/fpu: Supporting XSAVE feature 0x008: 'MPX bounds registers' [0.00] x86/fpu: Supporting XSAVE feature 0x010: 'MPX CSR' [0.00] x86/fpu: xstate_offset[3]: 576, xstate_sizes[3]: 64 [0.00] x86/fpu: xstate_offset[4]: 640, xstate_sizes[4]: 64 [0.00] x86/fpu: Enabled xstate features 0x1b, context size is 704 bytes, using 'compacted' format. [0.00] e820: BIOS-provided physical RAM map: [0.00] BIOS-e820: [mem 0x-0x0003dfff] usable [0.00] BIOS-e820: [mem 0x0003e000-0x0003] reserved [0.00] BIOS-e820: [mem 0x0004-0x0009dfff] usable [0.00] BIOS-e820: [mem 0x0009e000-0x000f] reserved [0.00] BIOS-e820: [mem 0x0010-0x0fff] usable [0.00] BIOS-e820: [mem 0x1000-0x12150fff] reserved [0.00] BIOS-e820: [mem 0x12151000-0x76d93fff] usable [0.00] BIOS-e820: [mem 0x76d94000-0x7963dfff] reserved [0.00] BIOS-e820: [mem 0x7963e000-0x7968efff] usable [0.00] BIOS-e820: [mem 0x7968f000-0x796b6fff] ACPI NVS [0.00] BIOS-e820: [mem 0x796b7000-0x799eafff] reserved [0.00] BIOS-e820: [mem 0x799eb000-0x79a9bfff] type 20 [0.00] BIOS-e820: [mem 0x79a9c000-0x7a4c1fff] usable [0.00] BIOS-e820: [mem 0x7a4c2000-0x7a56dfff] reserved [0.00] BIOS-e820: [mem 0x7a56e000-0x7abf] usable [0.00] BIOS-e820: [mem 0x7ac0-0x7fff] reserved [0.00] BIOS-e820: [mem 0xd000-0xd0ff] reserved [0.00] BIOS-e820: [mem 0xd3709000-0xd3709fff] reserved [0.00] BIOS-e820: [mem 0xe000-0xefff] reserved [0.00] BIOS-e820: [mem 0xfe042000-0xfe044fff] reserved [0.00] BIOS-e820: [mem 0xfe90-0xfe902fff] reserved [0.00] BIOS-e820: [mem 0xfec0-0xfec00fff] reserved [0.00] BIOS-e820: [mem 0xfed01000-0xfed01fff] reserved [0.00] BIOS-e820: [mem 0xfee0-0xfee00fff] reserved [0.00] BIOS-e820: [mem 0xff00-0x] reserved [0.00] BIOS-e820: [mem 0x0001-0x00017fff] usable [0.00] NX (Execute Disable) protection: active [0.00] efi: EFI v2.60 by American Megatrends [0.00] efi: ACPI 2.0=0x7968f000 ACPI=0x7968f000 SMBIOS=0x79948000 SMBIOS 3.0=0x79947000 ESRT=0x75cce798 MEMATTR=0x73b5e098 [0.00] SMBIOS 3.1.1 present. [0.00] e820: update [mem 0x-0x0fff] usable ==> reserved [0.00] e820: remove [mem 0x000a-0x000f] usable [0.00] e820: last_pfn = 0x18 max_arch_pfn = 0x4 [0.00] MTRR default type: uncachable [0.00] MTRR fixed ranges enabled: [0.00] 0-9 write-back [0.00] A-B uncachable [0.00] C-F write-protect [0.00] MTRR variable ranges enabled: [0.00] 0 base 00FF00 mask 7FFF00 write-combining [0.00] 1 base 00 mask 7F8000 write-back [0.00] 2 base 007B00 mask 7FFF00 uncachable [0.00] 3 base 007C00 mask 7FFC00 uncachable [0.00] 4 base 01 mask 7F8000 write-back [0.00] 5 base 009000 mask 7FF000 write-combining [0.00] 6 disabled [0.00] 7 disabled [0.00] 8 disabled [0.00] 9 disabled [0.00] x86/PAT: Configuration
Re: pfctl: cidr typo bug
On 11/13/18 16:28, Stuart Henderson wrote: On 2018/11/13 10:15, Andrew wrote: On 11/13/18 11:08, Stuart Henderson wrote: > On 2018-11-11, Andrew wrote: > > ~: doas pfctl -t cidr_typo -T add 1.2.3.4*5 > > 1 table created. > > 1/1 addresses added. > > This would normally fail right here. > > > ~: doas pfctl -t cidr_typo -T show > >127.0.0.1 > > I think your name resolver may be giving out 127.0.0.1 as an address > in response to a query for "1.2.3.4*5". Test with dig(1) / host(1) / > "getent hosts 1.2.3.4*5". Great insight Stuart !!! unbound on my patched 6.3 gateway is returning: > getent hosts 1.2.3.4*5 127.0.0.1 1.2.3.4*5 ::1 1.2.3.4*5 Both laptops use the gateway as a name resolver. Hope that helps !!! It doesn't happen with a standard unbound setup, so this is either something non-standard in your unbound config, or you are forwarding and it's something non-standard in your upstream resolver. OK I just tested for that. I'll start a new thread about unbound resolving 1.2.3.4*5 to 127.0.0.1. Thanks again for a great insight.
Re: pfctl: cidr typo bug
On 11/13/18 11:08, Stuart Henderson wrote: On 2018-11-11, Andrew wrote: ~: doas pfctl -t cidr_typo -T add 1.2.3.4*5 1 table created. 1/1 addresses added. This would normally fail right here. ~: doas pfctl -t cidr_typo -T show 127.0.0.1 I think your name resolver may be giving out 127.0.0.1 as an address in response to a query for "1.2.3.4*5". Test with dig(1) / host(1) / "getent hosts 1.2.3.4*5". Great insight Stuart !!! unbound on my patched 6.3 gateway is returning: getent hosts 1.2.3.4*5 127.0.0.1 1.2.3.4*5 ::1 1.2.3.4*5 Both laptops use the gateway as a name resolver. Hope that helps !!!
Re: pfctl: cidr typo bug
On 11/11/18 19:23, Klemens Nanni wrote: On Sun, Nov 11, 2018 at 12:01:33PM -0600, Andrew wrote: ~: doas pfctl -t cidr_typo -T add 1.2.3.4*5 1 table created. 1/1 addresses added. I fail to reproduce this with recent snapshots on both amd64 and sparc64: # pfctl -t cidr_typo -T add 1.2.3.4*5 no IP address found for 1.2.3.4*5 ~: doas pfctl -t cidr_typo -T show127.0.0.1 # pfctl -t cidr_typo -T show pfctl: Table does not exist. --- Last one for you. I'm leaving this to your expertise. I just followed the same process on a Lenovo T440s. same bsd.rd as the T420 same install.fs same upgrade process scp bsd.rd to t440s mv bsd.rd to / mv sd from t420 to the t440s reboot boot hd0a://bsd.rd "upgrade" "disk" skipped games upgraded sets rebooted -- login #> pfctl -t cidr_typo -T add 1.2.3.4*5 1 table created 2/2 addresses added #> pfctl -t cidt_typo -T show 127.0.0.1 ::1 --- OpenBSD 6.4-current (GENERIC.MP) #432: Sun Nov 11 03:46:12 MST 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8246050816 (7864MB) avail mem = 7986860032 (7616MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdcd3d000 (61 entries) bios0: vendor LENOVO version "GJET77WW (2.27 )" date 05/20/2014 bios0: LENOVO 20ARS0LF02 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SLIC DBGP ECDT HPET APIC MCFG SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT PCCT SSDT UEFI MSDM ASF! BATB FPDT UEFI SSDT acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) XHCI(S3) EHC1(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiec0 at acpi0 acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz, 1796.13 MHz, 06-45-01 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz, 1795.85 MHz, 06-45-01 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz, 1795.85 MHz, 06-45-01 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 1, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz, 1795.85 MHz, 06-45-01 cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins acpimcfg0 at acpi0 acpimcfg0: addr 0xf800, bus 0-63 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG_) acpiprt2 at acpi0: bus 2 (EXP1) acpiprt3 at acpi0: bus 3 (EXP2) acpiprt4 at acpi0: bus -1 (EXP3) acpicpu0 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu1 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu2 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu3 at acpi0: C3(200@506 mwait.1@0x60),
Cannot mount install.fs disk image to create custom auto_install.conf based USB flash drive
Hi list, I really need some help mounting an install.fs disk image, and hope someone can help :) I have been trying and failing to create an auto-installing USB flash drive for OpenBSD. All of the below steps are being performed using an existing OpenBSD VM 1) Create /auto_install.conf file https://man.openbsd.org/autoinstall http://eradman.com/posts/autoinstall-openbsd.html - Done 2) Install 'upobsd' package pkg_add -i upobsd - Done 3) Inject newly created 'auto_install.conf' into a local 'bsd.rd' RAM disk upobsd -u /auto_install.conf -o /tmp/bsd.rd - Done 4) Add updated 'bsd.rd' file into 'install.fs' 4a) Associate image with a vnd device so disk image can be mounted as a filesystem image vnconfig vnd1 /home/sysadmin/install64.fs - Done 4b) Mount new vnd1c device (this is where I'm stuck) ** Here is where I get lost. All the guides refer only to using install.iso (whos 'a:' and 'c:' partitions are ISO9660 filetypes - for CD based installs), but I need to use the install.fs (for USB based installs) ** fw1# mount /dev/vnd1c /mnt mount_ffs: /dev/vnd1c on /mnt: Invalid argument fw1# mount -t cd9660 /dev/vnd1c /mnt mount_cd9660: /dev/vnd1c on /mnt: Invalid argument fw1# mount -t msdos /dev/vnd1c /mnt mount_msdos: /dev/vnd1c on /mnt: not an MSDOS filesystem fw1# mount -t ext2fs /dev/vnd1c /mnt mount_ext2fs: /dev/vnd1c on /mnt: Input/output error As you can see, none of the the types I know about are working? bsd1# disklabel vnd1 # /dev/rvnd1c: type: vnd disk: vnd device label: fictitious duid: e5445c1e269855f0 flags: bytes/sector: 512 sectors/track: 100 tracks/cylinder: 1 sectors/cylinder: 100 cylinders: 7382 total sectors: 738240 boundstart: 1024 boundend: 737280 drivedata: 0 16 partitions: #size offset fstype [fsize bsize cpg] a: 736256 1024 4.2BSD 2048 16384 16142 c: 7382400 unused i: 960 64 MSDOS I cannot work out what the filesystem should be? It shows as 'unused' here. NB; If I try with the 'install.iso' disk image the vnd mount works fine (with '-t cd9660'). But I need this to work for a flash drive? Assuming I could get past this, I think I would then need to do the following; 4c) Copy in bsd.rd cp /tmp/bsd.rd /mnt/ 4d) Unmount /mnt umount /mnt 4e) Disassociate vnd1 vnconfig -u /dev/vnd1 6) copy modified install.fs image to USB flash.. dd if=install*.fs of=/dev/rsd6c bs=1m Thanks in advance for your time and help. Andy.
Re: pfctl: cidr typo bug
On 11/11/18 19:23, Klemens Nanni wrote: On Sun, Nov 11, 2018 at 12:01:33PM -0600, Andrew wrote: ~: doas pfctl -t cidr_typo -T add 1.2.3.4*5 1 table created. 1/1 addresses added. I fail to reproduce this with recent snapshots on both amd64 and sparc64: # pfctl -t cidr_typo -T add 1.2.3.4*5 no IP address found for 1.2.3.4*5 ~: doas pfctl -t cidr_typo -T show127.0.0.1 # pfctl -t cidr_typo -T show pfctl: Table does not exist. OK ... This test was performed earlier today on a Lenovo T420. --- OpenBSD 6.4-current (GENERIC) #412: Sun Nov 11 03:40:49 MST 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 8451125248 (8059MB) avail mem = 8185843712 (7806MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xdae9b000 (65 entries) bios0: vendor LENOVO version "83ET80WW (1.50 )" date 03/06/2018 bios0: LENOVO 41786UU acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SLIC SSDT SSDT SSDT HPET APIC MCFG ECDT ASF! TCPA SSDT SSDT SSDT DMAR UEFI UEFI UEFI acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP4(S4) EHC1(S3) EHC2(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 797.54 MHz, 06-2a-07 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 acpimcfg0: addr 0xf800, bus 0-63 acpiec0 at acpi0 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG_) acpiprt2 at acpi0: bus 2 (EXP1) acpiprt3 at acpi0: bus 3 (EXP2) acpiprt4 at acpi0: bus 5 (EXP4) acpiprt5 at acpi0: bus 13 (EXP5) acpicpu0 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS acpipwrres0 at acpi0: PUBS, resource for EHC1, EHC2 acpitz0 at acpi0: critical temperature is 98 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001 acpicmos0 at acpi0 tpm0 at acpi0: TPM_ addr 0xfed4/0x5000: device 0x104a rev 0x4e acpibat0 at acpi0: BAT0 model "45N1001" serial 7058 type LION oem "SANYO" acpiac0 at acpi0: AC unit online acpithinkpad0 at acpi0 "PNP0C14" at acpi0 not configured "PNP0C14" at acpi0 not configured acpivideo0 at acpi0: VID_ acpivout at acpivideo0 not configured acpivideo1 at acpi0: VID_ cpu0: Enhanced SpeedStep 797 MHz: speeds: 2501, 2500, 2200, 2000, 1800, 1600, 1400, 1200, 1000, 800 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel Core 2G Host" rev 0x09 inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics 3000" rev 0x09 drm0 at inteldrm0 inteldrm0: msi inteldrm0: 1366x768, 32bpp wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation) wsdisplay0: screen 1-5 added (std, vt100 emulation) "Intel 6 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured puc0 at pci0 dev 22 function 3 "Intel 6 Series KT" rev 0x04: ports: 16 com com4 at puc0 port 0 apic 2 int 19: ns16550a, 16 byte fifo com4: probed fifo depth: 0 bytes em0 at pci0 dev 25 function 0 "Intel 82579LM" rev 0x04: msi, address 00:21:cc:6e:6b:14 ehci0 at pci0 dev 26 function 0 "Intel 6 Series USB" rev 0x04: apic 2 int 16 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 azalia0 at pci0 dev 27 function 0 "Intel 6 Series HD Audio" rev 0x04: msi azalia0: codecs: Conexant CX20590, Intel/0x2805, using Conexant CX20590 audio0 at azalia0 ppb0 at pci0 dev 28 function 0 "Intel 6 Series PCIE" rev 0xb4: msi pci1 at ppb0 bus 2 ppb1 at pci0 dev 28 function 1 "Intel 6 Series PCIE" rev 0xb4: msi pci2 at ppb1 bus 3 iwn0 at pci2 dev 0 function 0 "Intel Centrino Advanced-N 6205" rev 0x34: msi, MIMO 2T2R, MoW, address 08:11:96:c1:b1:5c ppb2 at pci0 dev 28 function 3 "Intel 6 Series PCIE" rev 0xb4: msi pci3 at ppb2 bus 5 ppb3 at pci0 dev 28 function 4 "Intel 6 Series PCIE" rev 0xb4: msi pci4 at ppb3 bus 13 sdhc0 at pci4 dev 0 function 0 "Ricoh 5U823 SD/MMC" rev 0x05: apic 2 int 16 sdhc0: SDHC 3.0, 50 MHz base clock sdmmc0 at sdhc0: 4-bit, sd high-speed, mmc high-speed, dma "Ricoh 5U832 Firewire" rev 0x04 at pci4 dev 0 function 3 not confi
pfctl: cidr typo bug
I stumbled upon this because the "/" and the "*" keys are adjacent to each other on a numeric keypad. Note: This is a (GENERIC) kernel and I have hyper-threading disabled on this laptop, if that matters ??? Just your basic upgrade to -current ... - download today's SHA256.sig, bsd.rd, install.fs - signify - cp bsd.rd to / - dd install.fs to sd1 - reboot - boot sr0a://bsd.rd - Choose "upgrade" - Choose "disk" sd1 - (I unchecked [ ] games ...) - upgrade the sets ... reboot installed firmware login --- ~: doas pfctl -t cidr_typo -T add 1.2.3.4*5 1 table created. 1/1 addresses added. ~: doas pfctl -t cidr_typo -T show 127.0.0.1 ~: sysctl kern.version kern.version=OpenBSD 6.4-current (GENERIC) #412: Sun Nov 11 03:40:49 MST 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC --- Truly a minor bug when compared to the greater problems at hand. Thanks to all the devs -- have a great week ahead !!!
Re: X won't start with latest snapshot as user (Solution provided)
On 11/10/18 19:29, Chris Bennett wrote: On Sat, Nov 10, 2018 at 11:36:17PM +0100, Solene wrote: This is normal. Look at 26th October https://www.openbsd.org/faq/current.html The suid was removed to prevent bad things to happen. Use xenodm instead of startx. I have switched to using xenodm. I am also think I screwed up something during installation. It happens. Shrug. I have found that I am stuck using fvwm, but I would like to use another wm. Not very important which one. But I really have no idea how to accomplish that. The reason I think I screwed up something else is that the performance across the board is terribly slow. Happy to reinstall from scratch. I'm happy to find the answers reading man pages, but man fvwm wasn't helpful for me. Which ones should I read? Running 6.4 stable amd64 Thank you, Chris Bennett Chris, After 20+ years of typing startx, I switched to xenodm about three days ago. The FAQ, "Following -current" and the xenodm manpage are very helpful. Thanks to all the authors !!! Personally I use spectrwm, so I can't speak for other the wm's. In my case, all I had to do was: $> cp .xinitrc .xsession $> chmod +x .xsession ... and it "just worked" as expected :-) N.B. If you have a custom .Xresources file, like I do for xterm, then make sure a line like the following is in your ~/.xsession. [[ -f ~/.Xresources ]] && xrdb -load ~/.Xresources or simply xrdb -load ~/.Xresources Regarding fvwm ... Read the last 20 lines or so of /etc/X11/xenodm/Xsession and you will understand why you are "stuck using fvwm." It helped me a lot. The xenodm manpage is solid gold. It's very well written. You should be able to configure your X deskop the way you want it between those docs.
Printer Epson WF-4630 with CUPS
Hello, I am testing OpenBSD and am looking for documentation on how to add support for my printer. 1. My printer is an Epson WF-4630. 2. I installed CUPS with pkg_add. 3. I configured CUPS for this printer with "$ lynx localhost:631". Unsurprisingly there was no driver for this printer. 4. When using the driver "Epson 9-Pin Series (grayscale)" to print the default CUPS test page, the printer outputs a white page and the motor moving the paper sounds like the motor from a needle printer. My point is that CUPS can send something to the printer. "$ lpstat" did *not* show any jobs, although the printer reacted. 5. I got the "Epson-WF-4630_Series-epson-escpr-en.ppd" from the "epson-inkjet-printer-escpr-1.6.32-1lsb3.2.tar.gz" from the Epson Website after clicking on the link which semantically means "download drivers for Linux". As far as I know a .ppd file is a post script printer description file. I have the impression that the file depends solely on the printer and not on the operating system. (Please inform me in case you know this assumption is incorrect.) 6. CUPS now shows the driver "Model: [Current Driver - EPSON WF-4630 Series , Epson Inkjet Printer Driver (ESC/P-R) for Linux:]" (no line breaks) in the "Modify $printer" page but still shows the "Driver: Epson 9-Pin Series (grayscale)" on the EPSON_WF-4630_Series page. Note: This driver is still selected in the fifth step above although I selected a custom .ppd file. 7. I set the printer as the default printer with "$lpadmin -d $printer_machine_readable_name" and confirmed the change with "$lpoptions -l". 8. Printing the CUPS test page from the web interface leaves the printer idle. The job now shows up in "$ lpstat" and can also be cancelled with "$ cancel $job_id". Please, if anyone knows which documentation I should look at to get at the root of this problem or if anyone here has experience with setting up a driver for their own printer on OpenBSD, contact me. Greetings Andrew Easton
Re: pledge & unveil
Also worth searching YouTube for "openbsd pledge" and/or "openbsd unveil". There's at least four talks by Theo on pledge and a recent presentation by Bob Beck on pledge/unveil, as well as many others. On Sun, Oct 21, 2018 at 3:02 PM Heinz Kampmann wrote: > Hello, > > is there a paper on the web that explains work and relationship > from pledge and unveil for dummies? > > Best wishes, > Heinz > > -- andrew fabbro and...@fabbro.org
Re: pfctl tables: adding a CIDR typo to a new table
On 10/06/18 00:28, Klemens Nanni wrote: On Fri, Oct 05, 2018 at 04:02:12PM -0600, Andrew wrote: recent snapshot: $> uname -vrsm OpenBSD 6.4 GENERIC#329 amd64 What's the timestamp? Please provide more detailed information next time. $> doas pfctl -t sample -T add 74.125.0.0*16 1 table created. 1/1 addresses added. It's not recent enough: $ sysctl -n kern.version | head -n1 OpenBSD 6.4 (GENERIC.MP) #0: Thu Oct 4 00:29:55 CEST 2018 # for s in 1\*8 74.125.0.0\*16 ::1-64 ; do > pfctl -t sample -T add $s > done no IP address found for 1*8 no IP address found for 74.125.0.0*16 no IP address found for ::1-64 I'll use a different command next time. Thanks for the head's up !!! you: OpenBSD 6.4 (GENERIC.MP) #0: Thu Oct 4 00:29:55 CEST 2018 me: OpenBSD 6.4 (GENERIC) #329: Thu Oct 4 09:53:31 MDT 2018 ** Please note that you are using a different kernel from the same day ** $> doas pfctl -t 2ndtry -T add 74.125.0.0*24 1 table created. 1/1 addresses added. $> doas pfctl -t 2ndtry -T show 127.0.0.1 Thanks for the quick reply. Moving forward -- it seems to be fixed. I'll try a newer snapshot later this weekend. Have a great weekend ahead !!
pfctl tables: adding a CIDR typo to a new table
I just came upon this while stumbling across my numeric keypad. (If case you are wondering, the "*" key is next to the "/" key ...) --- recent snapshot: $> uname -vrsm OpenBSD 6.4 GENERIC#329 amd64 $> doas pfctl -t sample -T add 74.125.0.0*16 1 table created. 1/1 addresses added. $> doas pfctl -t sample -T show 127.0.0.1 --- and on patched 6.3: $> uname -vrsm OpenBSD 6.3 GENERIC.MP#11 amd64 $> doas pfctl -t sample -T add 74.125.0.0*16 1 table created. 2/2 addresses added. $> doas pfctl -t sample -T show 127.0.0.1 ::0 --- OK - my keyboarding skills need some improvement ;-) As usual, big thanks to Theo and to all the past and present devs !!!
pfctl tables and a mangled ip address
I just discovered something unexpected using pfctl and tables. I'm far from a networking guy and apparantly I can't type either. Try this on a patched 6.3 amd64. $> uname -mrsv OpenBSD 6.3 GENERIC.MP#10 amd64 The following are a couple CIDRs for amazon. $> pfctl -t sample -T add 176.0.0.0/8 1 table created. 1/1 addresses added. $> pfctl -t sample -T add 205.251.192.0/18 1/1 addresses added. $> pfctl -t sample -T show 176.0.0.0/8 205.251.192.0/18 -- Now enter a mangled ip for ebay ... $> pfctl -t sample -T add 66.135.216.190.216 2/2 addresses added. $> pfctl -t sample -T show 127.0.0.1 176.0.0.0/8 205.251.192.0/18 ::1 I expected this to fail with something like: $> pfctl -t sample -T add 66.135.216.190.216 0/1 addresses added. -- I just want to bring this to your attention. As always, big thanks to Theo for his great leadership and to all the past and present devs for the gift of OpenBSD !!! Have a great weekend ahead !!!
Re: Downloadable CIDR network calculator
On 09/11/18 12:32, Steve Litt wrote: On Tue, 11 Sep 2018 15:28:09 + (UTC) Stuart Henderson wrote: On 2018-09-11, Steve Litt wrote: > I've created a downloadable CIDR (Classless Inter-Domain Routing) > network calculator, whose sole dependency is Python3. It runs in any > terminal or terminal emulator on any Linux or presumably BSD > machine. > > http://troubleshooters.com/linux/cidr_calc.htm Doesn't seem to work with the current version of IP .. $ python3 cidr_calc.py.txt 2a02:8011:7003:1:fab1:56ff:feac:3276/64 IP address (2a02:8011:7003:1:fab1:56ff:feac:3276) not numeric. USAGE: subnet_calc ipaddr/maskbits EXAMPLE: subnet_calc 192.168.100.128/28 Yes, it's IPV4 only. If lots of people want it, I might make it work for IPV6 too. Thanks, SteveT Steve Litt September 2018 featured book: Quit Joblessness: Start Your Own Business http://www.troubleshooters.com/startbiz FWIW: a small network calculator without a python dependency is already in packages. $> pkg_info ipcalc Information for inst:ipcalc-1.4p0 Comment: small network calculator Description: ipcalc is a small tool that operates on IPv4 networks. It can operate in one of four modes: network describing, netmask describing, finding or splitting. Maintainer: The OpenBSD ports mailing-list WWW: https://github.com/pyr/ipcalc
PF Outbound traffic Load Balancing over multiple tun/openvpn interfaces/tunnels
Hi list, I use an OpenVPN based internet access service (like NordVPN, AirVPN etc). The issue with these public VPN services, is the VPN servers are always congested. The most I’ll get is maybe 10Mbits through one server. Local connection is a few hundred mbps.. So I had the idea of running multiple openvpn tunnels to different servers, and load balancing outbound traffic across the tunnels. Sounds simple enough.. However every vpn tunnel uses the same subnet and nexthop gw. This of course won’t work with normal routing. So my question: How can I use rdomains or rtables with openvpn clients, so that each VPN is started in its own logical VRF? And is it then a case of just using PF to push the outbound packets into the various rdomains/rtables randomly (of course maintaining state)? LAN interface would be in the default rdomain/rtable.. My confusion is that an interface needs to be bound to the logical VRF, but the tunX interfaces are created dynamically by openvpn. So I am not sure how to configure this within hostname.tunX etc, or if I’m even approaching this correctly? Thanks, Andy.
Re: how to install perl modules w/ dependencies that mix packages & CPAN
On Fri, Aug 31, 2018 at 10:08:48PM -0300, Alceu Rodrigues de Freitas Junior wrote: > Em 31/08/2018 21:52, Jonathan Thornburg escreveu: > > What's the "OpenBSD way" to install Perl modules which don't exist > > as packages? > I'm afraid that is no such thing. My best would to search something on ports > to do exactly that. I don't know of anything in ports to automatically merge CPAN dependencies and the ports tree, but I do know of portgen. http://man.openbsd.org/portgen > If there is no repository, you might want to take a look in ways to convert > Perl modules from CPAN into OpenBSD packages. I know there is an effort to > build those packages automatically for Linux (Ubuntu and CentOS). portgen is pretty good at it, I usually start there. It gets you most of the way to submitting something to be included in the ports tree. I don't know that it will ever reach the point where it just pulls stuff directly off the CPAN, but I do hope that someday what's required to exist in the ports tree is fairly minimal. For now though, portgen will create ports for the module and any dependencies that you can then adjust for anything that was not detected automatically. > Another possibility is to use perlbrew instead. I do use plenv for testing things on multiple perl versions and with different perl modules, but generally if I want to run something for real, rather than just from my homedir, I'll make ports for the required modules. https://github.com/tokuhirom/plenv l8rZ, -- andrew - http://afresh1.com Unix is very simple, but it takes a genius to understand the simplicity. -- Dennis Ritchie
Re: "Missing operating system" after i386 dual boot install
On Sat, Aug 4, 2018 at 7:00 PM Sijmen J. Mulder wrote: > After booting the PC pauses for a few seconds before displaying "Missing > operating system". > > What I've tried: > - "boot hd0a:/bsd" from the installation CD: works > - mark partition 0 active: works, brings up NT's bootloader > - "installboot -v wd0": no change > > Any ideas? Boot the install CD, and run 'machine boot hd0c'. This will boot the OpenBSD partition directly, without involving the MBR. (With 'machine boot', hd0a..hd0d are the fdisk partitions, not BSD disklabel entries, so e.g. 'machine boot hd0a' should boot NT.) If that works: the OpenBSD boot loader in its partition is fine, but the MBR is not loading it correctly. Installing new MBR code, e.g. 'fdisk -u wd0', may help. If it doesn't (unlikely, since NTLDR works with the PBR): there is a problem with the PBR, or with the BIOS's ability to boot from it. Using the NT loader menu may end up being a better solution for you, but this should sort out the direct-boot case. -Andrew
Re: xconsole keeps dieing
On 07/17/18 17:53, Edgar Pettijohn III wrote: For some reason xconsole has decided to start seg faulting regularly. I can't remember how to build X with debugging symbols. Could anyone give me a quick rundown so I can provide more information. Thanks, Edgar OpenBSD 6.3 (GENERIC.MP) #4: Sun Jun 17 11:22:20 CEST 2018 FWIW: puffy|puffy|~: xconsole -v Warning: Unable to load any usable ISO8859 font Segmentation fault (core dumped) puffy|puffy|~: uname -vm GENERIC.MP#128 amd64
Re: user directory and wheel group
On Fri, Jun 15, 2018 at 2:42 PM, Stuart Henderson wrote: > One thing to be aware of is the not-very-well-known restriction that one > user can be in a maximum of 16 groups. If memory serves, this limitation derives from an nfs limitation. -- andrew fabbro and...@fabbro.org
Re: How to search for "hostap" in man pages.
On Sat, Jun 16, 2018 at 10:39:51PM +0200, Karel Gardas wrote: > > Hello, > > was looking for "hostap" or "Host AP" using man -k and apropos, but this > somehow does not return expected results: An apropos(1) term lets you specify searching different "Macro Keys", including the "any" key that can be used to match any available. Quoting the manpage: By default, apropos searches [...] case-insensitive substring matching (the = operator) over manual names and descriptions (the Nm and Nd macro keys). You can search any of the macro keys that makewhatis indexes however: https://man.openbsd.org/apropos#Macro_Keys Such as the special "any" key. $ apropos any=Hostap hostapd(8) - Host Access Point daemon hostapd.conf(5) - configuration file for the Host Access Point daemon acx(4) - TI ACX100/ACX111 IEEE 802.11a/b/g wireless network device ath(4) - Atheros IEEE 802.11a/b/g wireless network device with GPIO ifmedia(4) - network interface media settings pgt(4) - Conexant/Intersil Prism GT Full-MAC IEEE 802.11a/b/g wireless network device ral(4) - Ralink Technology/MediaTek IEEE 802.11a/b/g/n wireless network device rtw(4) - Realtek RTL8180L IEEE 802.11b wireless network device rum(4) - Ralink Technology/MediaTek USB IEEE 802.11a/b/g wireless network device ural(4) - Ralink Technology/MediaTek USB IEEE 802.11b/g wireless network device ifconfig(8) - configure network interface parameters -- andrew - http://afresh1.com Instructions are just another man's opinion of how to do something. -- Weldboy #DPWisdom
Re: CVE-2018-8897
"A statement...was mishandled in the development of some or all operating-system kernels..." I think it's really "some" and the reason it's "some" and not "all" is OpenBSD. On Thu, May 10, 2018 at 9:51 PM, John Long <codeb...@inbox.lv> wrote: > On Thu, 2018-05-10 at 18:54 -0600, Theo de Raadt wrote: > > > Dare I ask what lead to OpenBSD not being affected. > > > > > > Sorry if it is a dumb question but since this hit FreeBSD as well I > > > am > > > wondering > > > what OpenBSD did differently. > > > > > > Was this caught in an audit? > > > > > > I am just curious about causality that kept OpenBSD in the clear of > > > this one > > > that made such headlines yesterday. > > > > > > We didn't chase the fad of using every Intel cpu feature. > > This goes into the achive! Thank you for the slice of sanity in an > insane word. > > /jl > > -- andrew fabbro and...@fabbro.org
Re: Unpriviliged wkhtmltopdf binary invocation fails with core dump
On 04/23/18 15:50, Bogdan Kulbida wrote: Hi Everyone, I'm trying to use wkhtmltopdf to generate PDF from my HTML files. I was googling like crazy but did no find any valuable information so far. When I run (as root) # /usr/local/bin/wkhtmltopdf http://google.com /tmp/out.pdf It does generate pdf just fine. But when I run the same command as unprivileged user I got Trace/BPT trap (core dumped) ] 10% Bogdan, See if this helps. As an unprivileged user, try the -n switch to disable javascript -- e.g. wkhtmltopdf -n [args]. -A PS: A related package is htmldoc -- but I haven't tried it out yet.
notes from before and after a BIOS upgrade
First, and as always, I want to express my appreciation to Theo and to all the past and present devs. The world is not full of bunny rabbits and wildflowers ... --- I have a refurb Lenovo T420 off ebay with a very old BIOS from 2011. Nice refurb, eh ?? Here are some before and after notes based on the previous "meltdown" thread. Thanks also to Chris for sharing that github link. I present this for the benefit of others. Good luck out there ;-) --- $> uname -vprs OpenBSD 6.3 GENERIC.MP#48 amd64 $> dmesg | grep -i bios0 | sort -u acpi0 at bios0: rev 2 bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xdae9c000 (67 entries) bios0: LENOVO 41786UU bios0: vendor LENOVO version "83ET63WW (1.33 )" date 07/29/2011 $> doas ./meltdown -v CPU has RDTSCP CPU has no TSX support! Access time: memory 300, cache 107 -> threshold 203 Using addr 0x81864f90 for symbol '_version'. ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 0010?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 0020?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 0030?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 0040?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 0050?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 0060?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 0070?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 0080?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? matched 0% (0 of 138 bytes) System is not vulnerable to meltdown 53 70 65 63 69 61 6c 20 45 78 65 63 75 74 69 76 Special Executiv 001065 20 66 6f 72 20 43 6f 75 6e 74 65 72 69 6e 74 e for Counterint 002065 6c 6c 69 67 65 6e 63 65 2c 20 54 65 72 72 6f elligence, Terro 003072 69 73 6d 2c 20 52 65 76 65 6e 67 65 20 61 6e rism, Revenge an 004064 20 45 78 74 6f 72 74 69 6f 6e 2e d Extortion. matched 100% (76 of 76 bytes) System is vulnerable to spectre $> cpuid 0x0 eax = 0x000d13"" ebx = 0x756e65471970169159"Genu" ecx = 0x6c65746e1818588270"ntel" edx = 0x49656e691231384169"ineI" $> cpuid 0x7 eax = 0x 0"" ebx = 0x 0"" ecx = 0x 0"" edx = 0x 0"" $> dmesg | grep -i ^cpu[0-3] | sort -u cpu0 at mainbus0: apid 0 (boot processor) cpu0: 256KB 64b/line 8-way L2 cache cpu0: Enhanced SpeedStep 2492 MHz: speeds: 2501, 2500, 2200, 2000, 1800, 1600, 1400, 1200, 1000, 800 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT,MELTDOWN cpu0: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2492.23 MHz cpu0: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2492.26 MHz cpu0: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2492.30 MHz cpu0: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2492.31 MHz cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE cpu0: smt 0, core 0, package 0 cpu1 at mainbus0: apid 1 (application processor) cpu1: 256KB 64b/line 8-way L2 cache cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT,MELTDOWN cpu1: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.90 MHz cpu1: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.91 MHz cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: 256KB 64b/line 8-way L2 cache cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT,MELTDOWN cpu2: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.90 MHz cpu2: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.91 MHz cpu2: smt 0, core 1, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: 256KB 64b/line 8-way L2 cache cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT,MELTDOWN cpu3: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.90 MHz cpu3: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.91 MHz cpu3: smt 1, core 1, package 0 # NEW
signify [file ... ]
Hi Ted !!! Today I downloaded a fresh SHA256.sig and bsd.rd and successfully verified them both with signify(1). -- signify -C [-q] -p pubkey -x sigfile [file ...] Just wondering if signify(1) is intended to exit 0 ONLY if the [file ...] is within the shell's pwd ?? By chance, I noticed that /path/to/file will fail on the same bsd.rd controlling for the working directory. You can see the same results by (for example): a) mkdir /home/bench/snaps b) cd /home/bench/snaps c) /home/bench/snaps $> (download SHA256.sig and bsd.rd) d) /home/bench/snaps $> signify -Cp /etc/signify/openbsd-63-base.pub -x SHA256.sig bsd.rd Signature Verified bsd.rd: OK e) /home/bench/snaps $> mv SHA256.sig .. f) /home/bench/snaps $> signify -Cp /etc/signify/openbsd-63-base.pub -x ../SHA256.sig bsd.rd Signature Verified bsd.rd: OK g) cd .. h) /home/bench $> signify -Cp /etc/signify/openbsd-63-base.pub -x SHA256.sig snaps/bsd.rd Signature Verified snaps/bsd.rd: FAIL --- I just wanted to bring this to your attention. Big thanks to you and to Marc for such a great utilty !!! Thanks also to Ingo for a man page full of really useful examples, especially the one about "verifing a gzip pipeline." That example really shows off your great work within the context of what makes un*x so amazing. Have a great weekend !!! -A
Re: Black screen when starting Xorg with new laptop.
On 02/22/18 09:27, George Ramirez wrote: with intel 620 UHD graphics. At first, the console shows with underscan, then the resolution changes to the native one, and finally it goes black. It's a frustrating problem because there are no errors and it seemingly doesn't work. I bet X is actually running properly but xbacklight somehow ended up = 0. Tap the "brightness" key on your keyboard a couple times and see if it illuminates the display properly. On my ThinkPad it's [Fn]+[Home]. Also check out man xbacklight(1). Good luck !!!
OpenBGPD dropping neighbor on VPNv4 NLRI withdraw
Hi, I am testing OpenBGPD as a route-reflector, with a view to replacing our existing route reflectors. I have a test environment where I have multiple vendors equipment peered with OpenBGPD to ensure it can handle our use-cases. I noticed that our Cisco IOS-XE devices have unstable BGP sessions and are dropping with the OpenBGPD log message: "sending notification: error in UPDATE message, optional attribute error" Upon further inspection, when the Cisco router issues an NLRI update and withdraw's a VPNv4 prefix OpenBGPD drops the session. I found a report of a similar issue, but with a Juniper MX router from Hendrik Meyburgh back in 2012, where the problem was with the vrf-table-label command on JunOS. I checked our configuration and IOS-XE is configured with: "mpls label mode all-vrfs protocol bgp-vpnv4 per-vrf" which assigns a single label per VRF table, rather than a label per prefix. I suspect that this is causing the NLRI updates to be formatted in a way that OpenBGPD does not like. I took a packet capture of the UPDATE causing the session to be terminated, there are two instances of it being dropped in the pcap available at https://mergesync.btg.co.nz/index.php/s/rvc8mc9RCpTR1Lg Is there anything we can do to stop OpenBGPD from dropping the session? Running per-VRF label's is default on all Juniper platforms, and is common on Cisco as well. Regards, Andrew
Re: Unexpected security(8) output
On Fri, Jan 26, 2018 at 10:43:47AM -0700, Clint Pachl wrote: > I received the following output from security(8): > > Running security(8): > Can't > opendir(/home/pachl/.cache/mozilla/seamonkey/e8cxa4g0.default/safebrowsing-backup): > No such file or directory at /usr/libexec/security line 594. That likely comes from the File::Find inside of find_special_files where security(8) looks for changed setuid files and devices. Most likely that cache directory was cleaned up between reading the directory listing of the parent and actually trying to recurse into that directory. You could add your home directory to the SUIDSKIP environment variable in /etc/daily.local to avoid searching there if this message keeps annoying you and you don't care about devices and suid changes there. http://man.openbsd.org/security#SUIDSKIP l8rZ, -- andrew - http://afresh1.com Instructions are just another man's opinion of how to do something. -- Weldboy #DPWisdom
Re: OpenBGPD not parsing cluster-id
Thanks Tom and Tony, That is the solution. It is so obvious now :D On Fri, Jan 26, 2018 at 7:10 PM, Tom Smyth <tom.sm...@wirelessconnect.eu> wrote: > Hi Andrew > > Try replacing > > route-reflector > cluster-id 202.49.106.0 > > With > route-reflector 202.49.106.0 > > > On 26 Jan 2018 3:56 AM, "Andrew Thrift" <and...@networklabs.co.nz> wrote: > > Hi, > > I am using OpenBGPD and trying to specify a cluster-id in a route > reflector setup. > > > Configuration is: > > neighbor 43.231.192.241 { > remote-as 132255 > passive > route-reflector > cluster-id 202.49.106.0 > announce all > descr "ibgp1" > } > > On startup bgpd spits a syntax error on the cluster-id line. I have > also tried "clusterid" with no success. > > On reading through parse.c it does not have cluster-id or clusterid > specified as keywords. > > Is cluster-id supported by OpenBGPD or am I configuring it incorrectly ? > > > Regards, > > > > Andrew > >
OpenBGPD not parsing cluster-id
Hi, I am using OpenBGPD and trying to specify a cluster-id in a route reflector setup. Configuration is: neighbor 43.231.192.241 { remote-as 132255 passive route-reflector cluster-id 202.49.106.0 announce all descr "ibgp1" } On startup bgpd spits a syntax error on the cluster-id line. I have also tried "clusterid" with no success. On reading through parse.c it does not have cluster-id or clusterid specified as keywords. Is cluster-id supported by OpenBGPD or am I configuring it incorrectly ? Regards, Andrew
cpu_ucode
I want to take a moment to thank Theo -- for, uhhh, being Theo ;-) I've seen some good projects fail from a lack of strong leadership. In contrast, OpenBSD pushes forward because of his good judgement, combined with the hard work of all the past and present devs. Even a regular fella like me has some greater peace of mind by benefiting from all the great work you have done. I bring this up in light of recent news regarding the terrible judgement others have made in their design choices ... for example CPUs. I read somewhere that Intel is recommending an operating system fix for one of their bad decisions. So the Mighty Devs of OpenBSD get to clean up after them ... Much thanks -- and respect -- to all of you !!! --- ... and in related news, I recently bumped a Lenovo T420 up to -current. Here are some excerpts from /var/run/dmesg.boot after a few sequential reboots. Note that each excerpt is subtly different. OpenBSD 6.2-current (GENERIC.MP) #337: Tue Jan 9 03:24:09 MST 2018 cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2492.27 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.91 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.91 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 1, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.91 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 acpicpu0 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS acpicpu1 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS acpicpu2 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS acpicpu3 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS cpu0: Enhanced SpeedStep 2492 MHz: speeds: 2501, 2500, 2200, 2000, 1800, 1600, 1400, 1200, 1000, 800 MHz OpenBSD 6.2-current (RAMDISK_CD) #344: Fri Jan 12 14:00:42 MST 2018 cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2492.24 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured acpicpu at acpi0 not configured OpenBSD 6.2-current (GENERIC.MP) #351: Fri Jan 12 13:56:18 MST 2018 cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2492.26 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i5-2520M CPU @ 2.50GHz, 2491.91 MHz cpu1:
Re: Writing "ones" instead of "zeroes" when wiping disk
On 01/11/18 14:45, Andreas Thulin wrote: Hi! Again, an ignorant question (as usual): How might I do something similar to # dd if=/dev/one of=/dev/sd0 bs=1M as a complement to the usual and well-described # dd if=/dev/zero of=/dev/sd0 bs=1M followed by Personally, given your premise of "paran0id disk-wiping", then I would take the next step of checking if a non-random sequence of "0"s are still on the device. Are you ready for that rabbit h0le ?? hehehe ;-) # dd if=/dev/urandom of=/dev/sd0 bs=1M in order to achieve paranoid disk-wiping? BR Andreas
Re: OpenBSD and virtual machines
Virtual machines are pretty much necessary, because no matter what distribution of what OS you run, there are always those one or two apps you can't get from the package manager and can't compile, so you need to use a VM. The first six months I used Void Linux I ran LyX on a Ubuntu VM to compile my books. LyX is in packages. No need for a penguin, a vm, or both unless you want a penguin, a vm or both. But why would you want a penguin, a vm or both when all you have to do is: pkg_add lyx ;-)
Re: Community-driven OpenBSD tutorials wiki?
On Thu, Jan 4, 2018 at 3:21 PM, Chris Bennett < webmas...@bennettconstruction.us> wrote: > But before you get your hopes up, go check out the various worldwide > community groups websites with similar attempts. > > Mexico, Russia, etc. > You will find the same thing. Instructions for something to do with 5.7, > all > of which is no longer applicable do to the constant change in OpenBSD. > We should wait until OpenBSD is completely done before tutorials are written :-) Kidding... The OpenBSD community has historically taken a different approach than That Other Open Source OS Family, frowning on tutorials, wikis, blog howtos, etc. in favor of saying "read the man pages, read the FAQ, read the source code". I suspect some of this comes from the incredible craftsmanship put into those resources. OpenBSD man pages are the best in the world, and I'd defend them even against commercial Unixes. They're the Sistine Chapel ceiling of man pages. So then to turn around and see howtos written by non-devs...it's kind of like a chess book by a GM versus one by a 1100 player. No one objects to Michael Lucas's book because he's a fine writer. Writing articles is not too difficult. Updating them, just doesn't happen. > Seriously, will I really want to spend the time updating an article about > something I now thoroughly understand and which has changed? Or would I > really just prefer to watch the latest movie that looks good? It's just > human > nature. > The situation is rather different for OpenBSD vs. other FOSS. Plenty of people are still running Debian 7 or CentOS 5. Those tutorials have enduring value. Relatively few people run OpenBSD from three or four versions back (or at least, they shouldn't). Debian 7 or Scientific Linux 6 or whatever is a branch with ongoing support and intended to be a lasting product, whereas OpenBSD is always a moving target. There are no "OpenBSD LTS" versions. So while I might legitimately consume a 5-year-old Linux tutorial and find it's still very applicable if you're still on Debian 7, deploying, reading and trying to use a 5-year-old OpenBSD tutorial would not be helpful. Trying to form a community project outside just doesn't seem to work, sadly. > > But if you've got the desire to do something, then have at it. Just don't > do > a ton of hard work only to be disappointed. > I do think there's a gap between man pages/source code and practical instructions on how to fix a problem or deploy a solution. But the problem you highlight is very real - things get out of date very fast. Ultimately, this is like the thread recently on using something other than CVS. The onus is on the proposer to demonstrate value. -- andrew fabbro and...@fabbro.org
Re: spontaneous reboot during upgrade using bsd.rd on VIA C3.
I recently installed a 6.2-beta snapshot from mid-September on a VIA Epia M, and then upgraded to 6.2-RELEASE without any issue during the installation. There is a dmesg of this system included in [1]; it looks like you may have the same motherboard, or at least the BIOS identifies itself the same? However my BIOS is slightly newer (I think the last update VIA released was in 2009, despite the 2004 BIOS date!), so you may try updating yours; also, I have a C3 Ezra vs. your Nehemiah (this might be the important part). Yours: cpu0: VIA Nehemiah ("CentaurHauls" 686-class) 1.01 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,SEP,MTRR,PGE,CMOV,PAT,MMX,FXSR,SSE bios0 at mainbus0: date 03/11/04, BIOS32 rev. 0 @ 0xface0, SMBIOS rev. 2.2 @ 0xf0800 (26 entries) bios0: vendor Award Software International, Inc. version "6.00 PG" date 03/11/2004 bios0: VIA Technologies, Inc. VT8623-8235 Mine: cpu0: VIA C3 Ezra ("CentaurHauls" 686-class) 1 GHz cpu0: FPU,DE,TSC,MSR,MTRR,PGE,MMX,3DNOW bios0 at mainbus0: date 05/19/04, BIOS32 rev. 0 @ 0xfb210, SMBIOS rev. 2.2 @ 0xf0800 (26 entries) bios0: vendor Award Software International, Inc. version "6.00 PG" date 05/19/2004 bios0: VIA Technologies, Inc. VT8623-8235 If you build ramdisks to bisect the problem, adding "option DDB" to the kernel config (it's in GENERIC, but not RAMDISK{,_CD}) would probably be useful, so you can get a backtrace instead of an immediate halt/reboot. While installation went fine, there are a few outstanding issues with my system, in decreasing order of importance: * X immediately crashes on startup (this likely affects all CLE266 users... all 10 of them?). I submitted a fix at [1] but am still waiting for someone to look at it. * It reboots rather than powering off. * Suspend and hibernate do not work. * Reported temperatures via hw.sensors are about 10-15C lower than reality. I'll submit a proper bug report for the reboot & suspend stuff once I do more testing (e.g. acpi disabled, BIOS settings for S1 vs. S3 suspend, etc.). -Andrew [1] https://marc.info/?l=openbsd-tech=150719094005071=2 On Tue, Oct 17, 2017 at 1:56 PM, Mike Larkin <mlar...@azathoth.net> wrote: > On Tue, Oct 17, 2017 at 06:24:42PM +0200, Remco wrote: >> I am not able to upgrade using bsd.rd on my VIA C3 system. >> >> Booting the i386 6.2 bsd.rd progresses to the "npx0 ..." line. >> After a short moment the system reboots and that's the end of the story. >> >> I did check the bsd.rd using signify and it checked out all right: >> $ signify -C -p /etc/signify/openbsd-62-base.pub -x SHA256.sig bsd.rd >> Signature Verified >> bsd.rd: OK >> >> >> I also have a USB stick with OpenBSD for i386 on it. >> I upgraded that to 6.2 on another machine and tried to boot it on my VIA >> system ... this works ! (both for bsd and bsd.sp) >> >> I'm not sure what to look at and what's so different between the ramdisk >> kernel and an ordinary kernel, so if this is of interest hopefully someone >> can give me a pointer. >> >> >> Here are the dmesg.boot for 6.1, and a diff against one of a GENERIC 6.2 >> kernel: >> > > It is unlikely any developer has a 13+ year old VIA C3 to test this on. > > My advice would be to find when bsd.rd stopped working, and then help us by > bisecting commits. The man pages explain how to build bsd.rd images. > > Once you find the commit that broke things (or a reasonably small timeframe > that > covers the problem commit), let us know and perhaps we can see what went > wrong. > > -ml > >> >> OpenBSD 6.1 (GENERIC) #291: Sat Apr 1 13:49:08 MDT 2017 >> dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC >> cpu0: VIA Nehemiah ("CentaurHauls" 686-class) 1.01 GHz >> cpu0: FPU,V86,DE,PSE,TSC,MSR,SEP,MTRR,PGE,CMOV,PAT,MMX,FXSR,SSE >> real mem = 251088896 (239MB) >> avail mem = 233578496 (222MB) >> mpath0 at root >> scsibus0 at mpath0: 256 targets >> mainbus0 at root >> bios0 at mainbus0: date 03/11/04, BIOS32 rev. 0 @ 0xface0, SMBIOS rev. 2.2 @ >> 0xf0800 (26 entries) >> bios0: vendor Award Software International, Inc. version "6.00 PG" date >> 03/11/2004 >> bios0: VIA Technologies, Inc. VT8623-8235 >> acpi0 at bios0: rev 0 >> acpi0: sleep states S0 S1 S4 S5 >> acpi0: tables DSDT FACP >> acpi0: wakeup devices PCI0(S5) USB0(S5) USB1(S5) USB2(S5) USB3(S3) USB4(S3) >> USB5(S3) USB6(S3) LAN0(S5) AC97(S5) UAR1(S5) >> acpitimer0 at acpi0: 3579545 Hz, 24 bits >> acpiprt0 at acpi0: bus 0 (PCI0) >> acpiprt1 at acpi0: bus 1 (AGPB) >> acpicpu0 at acpi0: !C3(@900 io@0x415), !C2(@90 io@0x414), C1(@1 halt!) >> acpibtn0 at acpi0: PWRB >> "PNP0501" at
Re: vmm issues - vioblk_notifyq: unsupported command 0x8
On Thu, Oct 12, 2017 at 6:42 PM, Mike Larkin <mlar...@azathoth.net> wrote: >> oh. I didn't know that is how it was finding things. >> > > When booting it this way in qemu, qemu just reports the ID as "". > > So are you sure this is the way it is supposed to work? Yes... with some caveats. The Linux device manager (udev, I think? They've gone through several.) creates symlinks under /dev/disk/by-{id,label,path,uuid}/, so that you can use more permanent names in case the disk order (sda, sdb, etc.) changes; there are also library calls to open a device/partition by ID, UUID, etc., (via libblkid I believe, which lets you use things like LABEL=foo or UUID=abcd... as the block device passed to mount(8) or listed in fstab). The SUSE installer is "helpfully" attempting to use these IDs; e.g. with a SATA disk under VirtualBox, it uses a repo URL of 'hd:///?device=/dev/disk/by-id/ata-VBOX_HARDDISK_VB40007e3d-cdaea0a1-part2'. However, you are correct that qemu virtio disks do not report IDs (or report blank ones) -- at least by default (apparently with recent qemu, there is an option to set a drive's serial number, but it doesn't seem to be commonly used). I did a test installation of openSUSE under Proxmox VE (qemu/KVM) using virtio disks, and the only thing under /dev/disk/by-id is the emaulated IDE CD-ROM. -- nothing for /dev/vda or vdb. Notably, the installer configured its repo as 'hd:///?device=/dev/vda2' without me having to tell it that, as I had to under vmm. By comparison, the opensuse VM I installed under OpenBSD vmm *does* show some 'by-id' devices: /dev/disk/by-id: total 0 lrwxrwxrwx 1 root root 9 Oct 13 13:21 virtio-__LI_U_ -> ../../vdb lrwxrwxrwx 1 root root 10 Oct 13 13:21 virtio-__LI_U_-part1 -> ../../vdb1 lrwxrwxrwx 1 root root 10 Oct 13 13:21 virtio-__LI_U_-part2 -> ../../vdb2 (Currently /dev/vda is the VM's hard disk and vdb is the ISO... strange that there are only links for vdb, but not vda. Of course accessing via these symlinks works, since they point at the real device, but doing whatever library call to open 'virtio-__LI_U_-part2' would most likely fail, and obviously the correct symlinks did not exist during installation.) My best guess is that when udev gets a blank ID, it skips the by-id stuff, and thus the installer uses the real disk device, but since vmm doesn't implement that call, instead of marking the disk as not having an ID, invalid disk IDs somehow get used. -Andrew
Re: vmm issues - vioblk_notifyq: unsupported command 0x8
On Tue, Oct 3, 2017 at 3:49 AM, Jiri B <ji...@devio.us> wrote: >> > I was able to boot opensuse from that dvd, although later on I got an >> > error in the installer :/ >> >> This was because the installer couldn't locate the "dvd", correct? > > Unable to create repository > from URL 'hd:/?device=/dev/disk/by-id/virtio-_U_2_-part2'. > > > It would be nice to have IDE cdrom emulation. Sure, but that isn't actually needed to install openSUSE, and wasn't the problem here. The SUSE ISO images have a fake MBR added with isohybrid, so that you can dd them to a USB key and boot that unmodified. This is in fact why you got as far as you did, as the ISO "disk" looks like a disk with MBR partitions, which seabios happily boots. The reason the installation failed later is because it's attempting to use the disk ID to locate the installation repo, but that is unimplemented in vmm, as Mike Larkin has explained. If you manually set the installation source to the real disk device, it works. After a bit of trial and error, I successfully installed openSUSE Leap 42.3 under vmm with a VM configuration similar to yours. At the isolinux boot prompt, I entered: linux console=ttyS0,115200n8 install=hd:/?device=vda The install parameter is specific to SUSE and is documented at [1]. With the disk order you have, Linux sees /dev/vda as the ISO and /dev/vdb as the target disk. After installation finishes, you of course have to switch the disk order to boot from the virtual hard drive; fortunately grub2 still finds the disk. I may be missing something, but it appears there's currently no way to have vmm tell seabios to boot the second (or third, etc.) disk rather than the first? At some points the installation appeared to hang, but it always recovers after a bit and you can proceed. Sometimes the display gets screwed up, but a Ctrl+L always clears it up (pretty sure that one is a bug in the YaST ncurses interface rather than vmm, as I've also seen it installing openSUSE in text mode under Xen). This was my first time trying out vmm and it was very straightforward, once I figured out what were dumb mistakes on my part. vmm is already very capable and it is steadily improving! -Andrew [1] https://doc.opensuse.org/documentation/leap/startup/single-html/book.opensuse.startup/index.html#id2504
Re: amd64 OpenBSD 6.2 doesn't see hard disks when controller in RAID mode
On Wed, Oct 11, 2017 at 11:01 AM, Stuart Hendersonwrote: > What is not good is when you do have a RAID array, the controller is > in RAID mode, but OpenBSD doesn't understand the metadata, so it corrupts > data on the disk. > > This is a difficult area. We don't want to corrupt data, but then some > BIOS don't allow this option to be changed at all, and on others BIOS > only offer a choice between IDE and (unsupported) RAID, even though > it's an AHCI controller. Would a config flag for ahci(4) that when enabled, forces it to attach to the Intel RAID PCI IDs, work here, or would that have to be handled at a lower level? If so, users who have a broken BIOS or are willing to accept the risk of destroying their RAID metadata could enable the flag with UKC, but the defaults would remain safe.
regarding the default path for pkg_add in -current
Hello Folks !! Regarding GENERIC.MP #115 I have a feeling you are about to roll into 6.2, however I just want to bring the following to your attention in case it matters. I just did a clean install of -current using the bsd.rd dated 2017-09-27. Within the install sequence of questions, the default download path has been hardcoded to ../6.2/... as opposed to ../snapshots/.. I manually changed it to ../snapshots/ and it installed as expected. Also, after login, pkg_add is very determined to use to the same ../6.2/.. directory path. For the benefit of others who might find themselves in the same spot, the workaround is to use the full path while using pkg_add. In my case, it is: $ doas pkg_add \ https://ftp3.usa.openbsd.org/pub/OpenBSD/snapshots/amd64/pkgname --- It looks like another great release is around the corner and as always I want to take the opportunity to thank Theo for his dedicated leadership and to all the past and present devs who make OpenBSD so special. Cheers !!!
Re: 6.1 fails to boot on a 486
On Fri, Sep 1, 2017 at 1:57 AM, Mike Larkin <mlar...@azathoth.net> wrote: > On Fri, Sep 01, 2017 at 01:04:40AM -0500, Andrew Daugherity wrote: > > > > boot> hd0a:/bsd.61 > > cannot open hd0a:/etc/random.seed: No such file or directory > > booting hd0a:/bsd.61: 7678420+2057220+174556+0+1097728 > > [72+501520+501951]=0xb761b4 > > entry point at 0x2000d4 > > > > [ using 1003956 bytes of bsd ELF symbol table ] > > Copyright (c) 1982, 1986, 1989, 1991, 1993 > > The Regents of the University of California. All rights > reserved. > > Copyright (c) 1995-2017 OpenBSD. All rights reserved. > https://www.OpenBSD.org > > > > OpenBSD 6.1 (GENERIC) #291: Sat Apr 1 13:49:08 MDT 2017 > > dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC > > kernel: privileged instruction fault trap, code=0 > > Stopped at cpuid+0x12: cpuid > > ddb> trace > > cpuid(8000,d0d78ef0,d0d78ed8,0,7d) at cpuid+0x12 > > identifycpu(d0c7d8a0,d09fbb83,10,0,) at identifycpu+0x80d > > cpu_startup(d09cefed,d09d1680,16c,8,0) at cpu_startup+0xb9 > > main(d02004c6,d02004ce,0,0,0) at main+0x6a > > ddb> ps > >PID TID PPIDUID S FLAGS WAIT COMMAND > > ddb> > > > > > > Looks like it's trying to run the CPUID instruction, which this > > processor probably doesn't support. Maybe this was an accidental > > breakage, rather than intentionally dropping 486es? Time to examine > > the CVS logs, I guess. (A -current snapshot also fails in the same > > manner, so something happened between 6.0 & 6.1.) > > > > Looks like I broke this about a year ago: > > 1.592(mlarkin 14-Oct-16): > 1.592(mlarkin 14-Oct-16): cpuid(0x8000, regs); > 1.592(mlarkin 14-Oct-16): if (regs[0] >= 0x8006) > 1.592(mlarkin 14-Oct-16): cpuid(0x8006, > ci->ci_extcacheinfo); > > I did test this on 486, but apparently qemu's emulated 486 isn't really a > proper 486. I'll see what I can do to solve it for you. > > Thanks for reporting it. > > -ml > I was looking at that commit last night, and thinking it might be the one at issue here. My next step was going to be adding a '&& class == CPUCLASS_686' to that block [if (vendor == CPUVENDOR_INTEL)] to match the AMD block above it -- not sure if 686 is the correct restriction there, or 586, or something else like 'cpuid_level >= N' -- but any of those would probably resolve my issue. qemu isn't necessarily wrong if it was emulating a later 486 like the DX4 -- apparently those (and the Am5x86, and maybe even the DX2?) did support CPUID, just not the older 486DX/SX. And yes, I know 16MB RAM will be an issue. I just built a stripped-down 4.1 kernel (on a faster box, of course) which gained me about 6MB additional RAM and the ability to actually start X plus a couple xterms (on GENERIC it was still swapping madly an hour after startx and took about 45 seconds to recover after Ctrl+Alt+Backspace). I doubt that will be possible on 6.1, even with a small kernel -- besides, I'd have to build XF86_AGX myself if I wanted anything better than VGA. It's only for nostalgia reasons and the somewhat unique hardware (and its small size, meaning it's easily packed into a box o'stuff) that I've hung onto it anyway. Thanks for the forthcoming fix! -Andrew
6.1 fails to boot on a 486
I recently dug out of the closet my old IBM PS/2E, which had served as my firewall box from 2000ish-06, and was in fact the very first machine I ever installed OpenBSD on, to see if it still worked properly. It did (after changing the CMOS battery), but booted into OpenBSD 4.1... yeah, just a *bit* out of date there. The machine may not be of great use nowadays (I'd retired it when it couldn't keep up with my internet connection), but even as a retro-computing playground, running a 10-year-old/20-releases-ago version of OpenBSD is of no benefit. Let's rectify that! >> OpenBSD/i386 BOOT 3.31 boot> hd0a:/bsd61.rd cannot open hd0a:/etc/random.seed: No such file or directory booting hd0a:/bsd61.rd: 3208120+1332224+3342348+0+446464 [72+288736+277711]=0x87e694 entry point at 0x2000d4 Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2017 OpenBSD. All rights reserved. https://www.OpenBSD.org OpenBSD 6.1 (RAMDISK_CD) #289: Sat Apr 1 13:58:25 MDT 2017 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/RAMDISK_CD fatal privileged instruction fault (0) in supervisor mode trap type 0 code 0 eip d03b1f7c cs d09f0008 eflags 10046 cr2 0 cpl 0 panic: trap type 0, code=0, pc=d03b1f7c The operating system has halted. Please press any key to reboot. Well, that's not good -- I didn't expect 6.1 to run particularly well on this, but I figured it would at least boot... how about 6.0? booting hd0a:/bsd60.rd: 3211188+1318224+2061312+0+442368 [72+298576+282894]=0x744144 entry point at 0x2000d4 Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2016 OpenBSD. All rights reserved. http://www.OpenBSD.org OpenBSD 6.0 (RAMDISK_CD) #1864: Tue Jul 26 12:57:09 MDT 2016 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/RAMDISK_CD cpu0: Intel 486DX (486-class) real mem = 16183296 (15MB) avail mem = 8122368 (7MB) mainbus0 at root bios0 at mainbus0: date 03/31/93 pcibios at bios0 function 0x1a not configured bios0: ROM list: 0xc8000/0x1000 0xc9000/0x1000 0xca000/0x2000 cpu0 at mainbus0: (uniprocessor) isa0 at mainbus0 isadma0 at isa0 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec com0 at isa0 port 0x3f8/8 irq 4: ns16450, no fifo com0: console pckbc0 at isa0 port 0x60/5 irq 1 irq 12 pckbd0 at pckbc0 (kbd slot) wskbd0 at pckbd0: console keyboard vga0 at isa0 port 0x3b0/48 iomem 0xa/131072 wsdisplay0 at vga0 mux 1: console (80x25, vt100 emulation), using wskbd0 wdc0 at isa0 port 0x1f0/8 irq 14 wd0 at wdc0 channel 0 drive 0: wd0: 16-sector PIO, LBA, 5729MB, 11733120 sectors wd0(wdc0:0:0): using BIOS timings npx0 at isa0 port 0xf0/16 irq 13 pcic0 at isa0 port 0x3e0/2 iomem 0xd/16384 pcic0 controller 0: has sockets A and B pcic0 controller 1: has sockets A and B pcmcia0 at pcic0 controller 0 socket 0 pcmcia1 at pcic0 controller 0 socket 1 pcmcia2 at pcic0 controller 1 socket 0 ep1 at pcmcia2 function 0 "3Com, 3C574-TX Fast EtherLink PC Card, A" port 0x340/32, irq 3: address 00:10:4b:5f:20:c0 tqphy0 at ep1 phy 0: 78Q2120 10/100 PHY, rev. 3 pcmcia3 at pcic0 controller 1 socket 1 ep2 at pcmcia3 function 0 "3Com, 3C574-TX Fast EtherLink PC Card, A" port 0x300/32, irq 9: address 00:60:08:93:80:48 tqphy1 at ep2 phy 0: 78Q2120 10/100 PHY, rev. 3 pcic0: irq 5, polling enabled softraid0 at root scsibus0 at softraid0: 256 targets root on rd0a swap on rd0b dump on rd0b erase ^?, werase ^W, kill ^U, intr ^C, status ^T Welcome to the OpenBSD/i386 6.0 installation program. (I)nstall, (U)pgrade, (A)utoinstall or (S)hell? Seems fairly normal. Did I miss something about 6.1 dropping 486 support? [/me checks i386.html... still says 486 or better!] Turns out that GENERIC can give us a little more useful information than RAMDISK_CD, as it drops into ddb: boot> hd0a:/bsd.61 cannot open hd0a:/etc/random.seed: No such file or directory booting hd0a:/bsd.61: 7678420+2057220+174556+0+1097728 [72+501520+501951]=0xb761b4 entry point at 0x2000d4 [ using 1003956 bytes of bsd ELF symbol table ] Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2017 OpenBSD. All rights reserved. https://www.OpenBSD.org OpenBSD 6.1 (GENERIC) #291: Sat Apr 1 13:49:08 MDT 2017 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC kernel: privileged instruction fault trap, code=0 Stopped at cpuid+0x12: cpuid ddb> trace cpuid(8000,d0d78ef0,d0d78ed8,0,7d) at cpuid+0x12 identifycpu(d0c7d8a0,d09fbb83,10,0,) at identifycpu+0x80d cpu_startup(d09cefed,d09d1680,16c,8,0) at cpu_startup+0xb9 main(d02004c6,d02004ce,0,0,0) at main+0x6a ddb> ps PID TID PPIDUID S FLAGS WAIT COMMAND ddb> Looks like it's trying to run the CPUID instruction, which this processor
Lenovo T440s
First of all, big thanks to Theo for his strong leadership and to all the past and present devs !!! Have a great week ahead !!! --- Just a little FWIW from a Lenovo T440s ... --- dmesg | sort | uniq -c 1 3834:intel_uncore_check_errors] *ERROR* Unclaimed register before interrupt 30 error: [drm:pid31067:intel_uncore_check_errors] *ERROR* Unclaimed register before interrupt 124 error: [drm:pid45200:intel_uncore_check_errors] *ERROR* Unclaimed register before interrupt 474 error: [drm:pid53834:intel_uncore_check_errors] *ERROR* Unclaimed register before interrupt 48 error: [drm:pid76233:intel_uncore_check_errors] *ERROR* Unclaimed register before interrupt 9 error: [drm:pid77807:intel_uncore_check_errors] *ERROR* Unclaimed register before interrupt 26 error: [drm:pid85895:intel_uncore_check_errors] *ERROR* Unclaimed register before interrupt --- cat /var/run/dmesg.boot OpenBSD 6.1-current (GENERIC.MP) #26: Mon Jul 31 08:42:35 MDT 2017 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8246050816 (7864MB) avail mem = 7989780480 (7619MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdcd3d000 (62 entries) bios0: vendor LENOVO version "GJET77WW (2.27 )" date 05/20/2014 bios0: LENOVO 20ARS0LF02 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SLIC DBGP ECDT HPET APIC MCFG SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT PCCT SSDT TCPA UEFI MSDM ASF! BATB FPDT UEFI SSDT acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) XHCI(S3) EHC1(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiec0 at acpi0 acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz, 2494.68 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: TSC frequency 2494682120 Hz cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz, 2494.23 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz, 2494.23 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 1, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz, 2494.23 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,SENSOR,ARAT cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG_) acpiprt2 at acpi0: bus 2 (EXP1) acpiprt3 at acpi0: bus 3 (EXP2) acpiprt4 at acpi0: bus -1 (EXP3) acpicpu0 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu1 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu2 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu3 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpipwrres0 at acpi0: PUBS, resource for XHCI, EHC1 acpipwrres1 at acpi0: NVP3, resource for PEG_ acpipwrres2 at acpi0: NVP2, resource for PEG_ acpitz0 at acpi0: critical temperature is
Re: Getting Dell RAID status via SNMP
On Mon, Jul 24, 2017 at 12:10 AM, FUKAUMI Naoki <fuka...@soum.co.jp> wrote: > Hi, > > From: Jibby Jeremiah <jibby.jerem...@gmail.com> > Subject: Re: Getting Dell RAID status via SNMP > Date: Wed, 19 Jul 2017 15:03:21 -0400 > > > Darn. Well if you need more testers let me know. > > It seems your RAID card doesn't have cache, > > > mfii0 at pci3 dev 0 function 0 "Symbios Logic MegaRAID SAS3008" rev 0x02: > > msi > > mfii0: "PERC H330 Adapter", firmware 25.5.0.0019 > > then, I guess the "issue" will not happen. > > Here is new/WIP patch to support bio(4) for mfii(4). it doesn't fix the > "issue" yet, but it includes hot swap support from my patch for mfi(4) > http://marc.info/?l=openbsd-tech=149872410222552=2 > > Could you try attached patch? > Hi, Thanks for the patch, but it fails to build (also, I had to use 'patch -l' to get it to apply at all, due to ^M line endings, etc.): /usr/src/sys/dev/pci/mfii.c: In function 'mfii_makegood': /usr/src/sys/dev/pci/mfii.c:3068: error: 'MR_DCMD_CFG_FOREIGN_SCAN' undeclared (first use in this function) /usr/src/sys/dev/pci/mfii.c:3068: error: (Each undeclared identifier is reported only once /usr/src/sys/dev/pci/mfii.c:3068: error: for each function it appears in.) /usr/src/sys/dev/pci/mfii.c:3073: error: 'MR_DCMD_CFG_FOREIGN_CLEAR' undeclared (first use in this function) /usr/src/sys/dev/pci/mfii.c: In function 'mfii_makespare': /usr/src/sys/dev/pci/mfii.c:3125: error: 'MR_DCMD_CFG_MAKE_SPARE' undeclared (first use in this function) *** Error 1 in /usr/src/sys/arch/amd64/compile/GENERIC.MP (Makefile:947 'mfii.o') I got around that by copying those definitions from the FreeBSD mfi driver (patch is also attached, in case gmail decides to munge inline tabs): Add MR_DCMD_CFG definitions for *_SPARE and FOREIGN_* (taken from FreeBSD sys/dev/mfi/mfireg.h). --- sys/dev/ic/mfireg.h.bak Fri Jul 28 12:43:41 2017 +++ sys/dev/ic/mfireg.h Fri Jul 28 12:47:19 2017 @@ -139,6 +139,13 @@ #define MR_DCMD_CONF_GET 0x0401 #define MR_DCMD_CFG_ADD 0x0402 #define MR_DCMD_CFG_CLEAR 0x0403 +#define MR_DCMD_CFG_MAKE_SPARE 0x0404 +#define MR_DCMD_CFG_REMOVE_SPARE 0x0405 +#define MR_DCMD_CFG_FOREIGN_SCAN 0x04060100 +#define MR_DCMD_CFG_FOREIGN_DISPLAY 0x04060200 +#define MR_DCMD_CFG_FOREIGN_PREVIEW 0x04060300 +#define MR_DCMD_CFG_FOREIGN_IMPORT 0x04060400 +#define MR_DCMD_CFG_FOREIGN_CLEAR 0x04060500 #define MR_DCMD_BBU_GET_STATUS 0x0501 #define MR_DCMD_BBU_GET_CAPACITY_INFO 0x0502 #define MR_DCMD_BBU_GET_DESIGN_INFO 0x0503 I'll leave it to the experts to determine whether the numbers for MR_DCMD_CFG_MAKE_SPARE, etc. are in fact correct. I have the same PERC H330 HBA, and temporarily have a rather unique disk configuration in this server -- it has two disks, initially set up as RAID-1. For testing UEFI support, I broke the mirror, and configured the second disk as a passthrough disk, so as to have one disk with MBR and one with GPT. (Unfortunately, OpenBSD still doesn't boot in EFI mode on this server, only BIOS mode [1]. FreeBSD and Linux do work fine with EFI.) Right now it shows a degraded RAID-1 volume plus the passthrough disk. Obviously I plan to make a normal healthy RAID-1 before going live with it. After building a new kernel with the patch, I now have a new 'mfii0' entry in hw.sensors: hw.sensors.cpu0.temp0=26.00 degC hw.sensors.mfii0.drive0=degraded (sd0), WARNING hw.sensors.pchtemp0.temp0=26.50 degC hw.sensors.sdtemp0.temp0=25.62 degC hw.sensors.sdtemp1.temp0=26.25 degC (sdtemp was already working previously) Also bioctl works too, at least for reading status (haven't tried modifying the array): === bioctl sd0 output BEFORE sd0: <DELL, PERC H330 Adp, 4.27>, serial 007bbdf6cecf3d461e5c56708741 AFTER (bioctl -v) Volume Status Size Device mfii0 0 Degraded 499558383616 sd0 RAID1 WT 0 Failed 0 0:0.0 noencl <> 'unknown serial' 1 Online 500107862016 0:1.0 noencl 'unknown serial' Not sure about the 'unknown serial', but otherwise looks correct. Nice work! Sorry I don't have a card with cache (e.g. H730) to test on, but I haven't hit any problems with my H330 yet. -Andrew [1] https://marc.info/?l=openbsd-misc=146343624320665=2 With more recent kernels, the numbers on the "entry point" line are different, but the UEFI boot problem otherwise remains the same -- video corruption, followed by a reboot 10-15 seconds later. I just discovered that serial console support has recently been added to the UEFI bootloader, so I hopefully I'll be able to see boot messages from after the video goes wonky, and submit a more useful bug report. dmesg: OpenBSD 6.1 (GENERIC
Re: Libressl issue verifying self-signed certs with tls-auth and Openvpn
Hi, Sadly in my testing it seems that CVE-2017-8301 ( http://seclists.org/oss-sec/2017/q2/145) is still broken with the latest LibreSSL (2.5.4) and OpenVPN 2.4.2. Here is someone else reporting the same issue; https://discourse.trueos.org/t/libre-openssl-tls-error-when-using-openvpn/1358/4 Of course I may have gotten this wrong somewhere, but for now it seems not possible to use OpenVPN as a client with TLS static certificate based server on OpenBSD. Hope this helps clarify for anyone else finding the same issue until some clever person does a fix. Error same with latest; Tue Jun 20 22:51:15 2017 OpenVPN 2.4.2 x86_64-unknown-openbsd6.1 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] built on Jun 20 2017 Tue Jun 20 22:51:15 2017 library versions: LibreSSL 2.5.4, LZO 2.10 . . Tue Jun 20 22:52:08 2017 VERIFY ERROR: depth=0, error=self signed certificate: < Cert Info > Tue Jun 20 22:52:08 2017 OpenSSL: error:14007086:SSL routines:CONNECT_CR_CERT:certificate verify failed Tue Jun 20 22:52:08 2017 TLS_ERROR: BIO read tls_read_plaintext error Tue Jun 20 22:52:08 2017 TLS Error: TLS object -> incoming plaintext read error Tue Jun 20 22:52:08 2017 TLS Error: TLS handshake failed Tue Jun 20 22:52:08 2017 SIGUSR1[soft,tls-error] received, process restarting On Tue, Jun 20, 2017 at 8:49 PM, Andy Lemin <andrew.le...@gmail.com> wrote: > I've just found this hint on GitHub for the Openvpn compile options for > Libressl; > https://gist.github.com/gsora/2b3e9eb31c15a356c7662b0f960e2995 > > So will try a build later tonight and share back here if that CVE is fixed. > > Would prefer to rebuild with the same options as the packaged binary, and > it occurred to me that I don't know how to find that on OpenBSD? > > Thanks again :) > > > Sent from a teeny tiny keyboard, so please excuse typos > > On 20 Jun 2017, at 20:23, Andrew Lemin <andrew.le...@gmail.com> wrote: > > Hi Misc, > > Has anyone else come across any issues recently with Openvpn, Libressl and > TLS on OpenBSD 6.1? > > I am using an .ovpn file with TLS auth static key and cert inline within > the file, to connect to VPN service. Running openvpn binary from command > line without any special params, just .ovpn file. > > I have tested this is working fine on a Linux server with same config > (using Openssl), so the server side, CA and cert are fine etc. > > I noticed on the Linux server the line; "Control Channel Authentication: > tls-auth using INLINE static key file", but I do not see this debug on the > OpenBSD version. Wondered if Libressl is not negotiating tls properly. > > > I have since found CVE-2017-8301 which I believe is related. And confirmed > that OpenBSD 6.1 seems to be running LibreSSL version 2.5.2 > > The CVE shows issue known between 2.5.1 and 2.5.3, and looking at the > OpenBSD trees I can see 2.5.4 was cut around 1st of May.. > > I used MTier to grab all major patches etc, but LibreSSL not in patch list > yet. openvpn did have a minor. > > So downloaded Libressl 2.5.4 source, compiled and installed as per INSTALL > etc.. However notice that openvpn is still linking to 2.5.2. > > It would be great if someone would be kind enough to confirm if this CVE > is indeed the same issue, and if 2.5.4 includes the relevant fixes for it? > > And if yes, a gentle nudge as to how to get openvpn to link to the 2.5.4 > install? > > Thanks for your time. > Kind regards, Andy Lemin > > > > Sent from a teeny tiny keyboard, so please excuse typos > >
Libressl issue verifying self-signed certs with tls-auth and Openvpn
Hi Misc, Has anyone else come across any issues recently with Openvpn, Libressl and TLS on OpenBSD 6.1? I am using an .ovpn file with TLS auth static key and cert inline within the file, to connect to VPN service. Running openvpn binary from command line without any special params, just .ovpn file. I have tested this is working fine on a Linux server with same config (using Openssl), so the server side, CA and cert are fine etc. I noticed on the Linux server the line; "Control Channel Authentication: tls-auth using INLINE static key file", but I do not see this debug on the OpenBSD version. Wondered if Libressl is not negotiating tls properly. I have since found CVE-2017-8301 which I believe is related. And confirmed that OpenBSD 6.1 seems to be running LibreSSL version 2.5.2 The CVE shows issue known between 2.5.1 and 2.5.3, and looking at the OpenBSD trees I can see 2.5.4 was cut around 1st of May.. I used MTier to grab all major patches etc, but LibreSSL not in patch list yet. openvpn did have a minor. So downloaded Libressl 2.5.4 source, compiled and installed as per INSTALL etc.. However notice that openvpn is still linking to 2.5.2. It would be great if someone would be kind enough to confirm if this CVE is indeed the same issue, and if 2.5.4 includes the relevant fixes for it? And if yes, a gentle nudge as to how to get openvpn to link to the 2.5.4 install? Thanks for your time. Kind regards, Andy Lemin Sent from a teeny tiny keyboard, so please excuse typos
Re: Blank screen after boot with Radeon HD 5450
On Tue, May 30, 2017 at 12:22:09PM -0400, Maximilian Pichler wrote: As mentioned, I booted another OS from a USB stick and it runs at 2560x1440@60MHz. Doesn't this make it unlikely that the issue is with the monitor or cable? Also, the connection is via DisplayPort, even the most basic version of which shouldn't struggle with this resolution. Is there not a more systematic way of debugging this? I find it puzzling that none of the logs contains any error message. Just a thought -- maybe it's because there is no error ??? man xbacklight(1)
Re: Domain redirections to Openbsd.org?
On Thu, May 18, 2017 at 8:13 AM, Wylie Bayes <m...@wyliebayes.com> wrote: > Just curious if is a normal thing for folks to be redirecting their domain > to Openbsd.org, in turn keeping their domain name in their browsers but > ultimately getting Openbsd.org's content? > > Such as: http://nathanalexander.uk/ ? > I don't think that's a redirect. It looks like the owner of that site simply ripped the OpenBSD main page and placed it on his site. At least he was thorough - images are served from his site and not via hotlink. As to normal thing...I'd say not. -- andrew fabbro and...@fabbro.org
Re: Pinebook (if anyones up for it)
My understanding is that there is some support for the Pine64 platform, though it requires access to the pins to get a serial console. I haven't opened mine up yet, but I assume it's a Pine64, on a different footprint PCB. Though... I have no idea about any other IO pins... > On May 13, 2017, at 13:27, Christer Solskogen> wrote: > > Hi! > > I've gotten myself a Pinebook (https://www.pine64.org/?page_id=3707) - and > as far as I understand it's not supported by OpenBSD. If somebody is up for > the job, order one and I'll pay for it.
Re: list all system users, eg. _x11
Listing all users is trivial - I don't think that's what he's asking. He's asking is "how do I list all *system* users", presumably in a way that differentiates them from user accounts in some kind of authoritative way. I don't think there is a way. You could: - Assume all users < uid 1000 are system users, but that is not hard enforced to my knowledge. IIRC the OS will start with 1001 but an admin could override that at user creation time. - Use your preferred programming language or utility to parse out entries that begin with _ in /etc/passwd. That won't get non-service-account entries like root, bin, etc. Also, I don't think there's a technical prohibition to creating a new user account that starts with an underscore. - Differentiate by groups. i.e., if all your users are in one group, then you know who isn't. I think if your admins don't do stupid things (create user accounts under 1000, create accounts starting with _, etc.) then just parsing /etc/passwd would likely be the simplest way. As practical experience, that's what I've done when migrating systems, etc. I assume that people play by the rules, so if I need to identify all the user accounts (to recreate them on a new system or something), I exclude uids under 1000 as a starting point. On Mon, May 8, 2017 at 4:51 AM, Marcus MERIGHI <mcmer-open...@tor.at> wrote: > and...@msu.edu (STeve Andre'), 2017.05.06 (Sat) 20:37 (CEST): > > On 05/06/17 14:27, Luke Small wrote: > > > Is there a way to determine all users on a system that the users > command > > > doesn't seem to show? like _x11 and _ntpd > > users(1) - list current users > > I'd try ps(1) and get all active users from there. > > If you are after *all* users (inactive ones as well) you could use > "getent(1) passwd" and parse from there. > > Marcus > > > What's a user? > > > > Maybe you want to look at /etc/passwd. The first four lines are > > > > root:*:0:0:Charlie &:/root:/bin/ksh > > daemon:*:1:1:The devil himself:/root:/sbin/nologin > > operator:*:2:5:System &:/operator:/sbin/nologin > > bin:*:3:7:Binaries Commands and Source:/:/sbin/nologin > > > > You can parse that with awk and do stuff. Read about passwd(5) to > > understand the format. A login shell of /sbin/nologin means > > it isn't interactive. That might get you started? > > > > --STeve Andre' > > > > > > !DSPAM:590e28ea17913841584367! > > > > -- andrew fabbro and...@fabbro.org
Re: Problems installing on Dell R830
I think the bootloader is seeing more RAM than is actually there. Regions 0-15 are contiguous, except for a 256kB hole at 640kB, and total 2.25GB (2304MB) memory. Not sure about regions 16 & 17, but they're tiny (~13MB). Region 18 is exactly 510GB, so we have 2.25 + 510 = 512.25 GB, or 256MB more memory than is actually installed in the system. And in relation to Mike's comment, that 510GB region starts at 4GB, so it does indeed go past 512GB. For comparison, here's my output from what should be very similar hardware -- a Dell R230 with 8GB: >> OpenBSD/amd64 BOOT 3.33 boot> machine memory Region 0: type 1 at 0x0 for 624KB Region 1: type 2 at 0x9c000 for 16KB Region 2: type 2 at 0xe for 128KB Region 3: type 1 at 0x10 for 2036884KB Region 4: type 2 at 0x7c625000 for 131104KB Region 5: type 1 at 0x8462d000 for 145860KB Region 6: type 4 at 0x8d49e000 for 4KB Region 7: type 1 at 0x8d49f000 for 2304KB Region 8: type 2 at 0x8d6df000 for 25132KB Region 9: type 4 at 0x8ef6a000 for 192KB Region 10: type 3 at 0x8ef9a000 for 312KB Region 11: type 1 at 0x8efe8000 for 96KB Region 12: type 2 at 0x8f00 for 16384KB Region 13: type 2 at 0xe000 for 262144KB Region 14: type 2 at 0xe00fd000 for 4KB Region 15: type 2 at 0xfd00 for 24576KB Region 16: type 2 at 0xfe00 for 68KB Region 17: type 2 at 0xfec0 for 4KB Region 18: type 2 at 0xfed0 for 4KB Region 19: type 2 at 0xfed1 for 32KB Region 20: type 2 at 0xfed18000 for 4KB Region 21: type 2 at 0xfed19000 for 4KB Region 22: type 2 at 0xfed84000 for 4KB Region 23: type 2 at 0xfee0 for 4KB Region 24: type 2 at 0xff40 for 12288KB Region 25: type 1 at 0x1 for 6029312KB Low ram: 624KB High ram: 2036884KB Total free memory: 8215080KB (pasted from a serial console, so no typos) I likewise have 2.25GB (2304MB) at the start, then 256MB in region 13 (the 4kB in region 14 overlaps this), and then 5.75GB (5888MB) in region 25 (regions 15-24 total ~36MB). Wait a minute, that also adds up to 256MB (+36MB) more RAM than I have installed (8.25 vs 8 GB), but my system boots fine. Now I'm more confused... I don't know what to make of the extra 256MB, but it's possible your system's crossing the 512GB boundary may be the issue. -Andrew
getty doesn't work on serial ports which aren't the boot console
I was setting up a new server where I wasn't sure whether com0 or com1 was the port I wanted, so I turned on both tty00 and tty01 in /etc/ttys to see which one to use in boot.conf. Edited the file, did the 'kill -HUP 1', and... nothing. getty processes are listening on tty00 and tty01, but both ports are stone dead. Tried cua00/cua01 in /etc/ttys on a lark, and it worked! Well, kinda... echo control isn't right, as passwords get echoed at the login prompt. Now that I knew which port was which, I configured boot.conf and rebooted. Bootloader & kernel messages work correctly on both com0 or com1, whichever is configured and connected to. Furthermore, using tty00/tty01 in /etc/ttys now works properly (including echo control), but ONLY on the port that was the boot console. To clarify: bootloader set tty com0: getty works on tty00, does not work on tty01 bootloader set tty com1: getty does not work on tty00, works on tty01 getty on cua00/cua01 works (but with echo issues) in all cases. This seems like possible serial line issues (carrier detect/DTR/DSR, etc.), but I don't know why. I've never had any problems with this null-modem cable before, and furthermore, one of the serial ports has no cable, but is connected internally to the IPMI/DRAC module and viewed via IPMI SoL [serial over LAN], so I couldn't change the cable pinout if I wanted. I also tried various combinations of flags mentioned in ttys(5) (local, softcar, etc.) to no effect. Does the kernel do something special regarding CD/DTR/DSR if the port is the boot console? I searched the list archives and found this thread from 2009, where others had the same problem, without any apparent resolution: https://marc.info/ ?l=openbsd-misc=123335745920052=2 Any ideas? Hardware details: Dell R230, with the cheapest DRAC option (or rather, I selected the "basic" DRAC which came standard). Fortunately with the iDRAC 8 on 13th-gen servers (Rn30 etc.), even the iDRAC8 Basic has a dedicated NIC (previously you had to get an "enterprise" option for that). The serial port ordering is configurable in the BIOS; I have it set so that com0 is the physical port and com1 is IPMI (I think the default was the opposite). Besides configuring IPMI SoL and boot serial console redirection (port, baud rate, turn off "redirection after boot") in the BIOS, I also had to turn off "RAC Serial" in the iDRAC settings, so that the port went to the host via IPMI rather than the RAC itself. Connecting from a client with 'ipmitool -I lanplus -H -U sol activate' works great. dmesg: OpenBSD 6.1 (GENERIC.MP) #20: Sat Apr 1 13:45:56 MDT 2017 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP RTC BIOS diagnostic error 80 real mem = 8395776000 (8006MB) avail mem = 8136646656 <(813)%20664-6656> (7759MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0x8ef68000 (43 entries) bios0: vendor Dell Inc. version "1.4.5" date 08/09/2016 bios0: Dell Inc. PowerEdge R230 acpi0 at bios0: rev 2 acpi0: sleep states S0 S5 acpi0: tables DSDT FACP BOOT SSDT SLIC HPET LPIT APIC MCFG WDAT SSDT DBGP DBG2 SSDT SSDT SSDT SSDT SSDT SSDT PRAD HEST BERT ERST EINJ DMAR FPDT SPCR acpi0: wakeup devices PEGP(S0) PEG0(S0) PEGP(S0) PEG1(S0) PEGP(S0) PEG2(S0) XHC_(S0) XDCI(S0) PXSX(S0) RP01(S0) PXSX(S0) RP02(S0) PXSX(S0) RP03(S0) PXSX(S0) RP04(S0) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 2399 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz, 3696.00 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA, CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM, PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG, FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT, DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP, LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2, SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: TSC frequency 369600 Hz cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 24MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz, 3696.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA, CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM, PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG, FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT, DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP, LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2, SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 1 (application processor) cpu2: Intel(R) Core(TM) i3-6100 CPU @ 3.70GHz, 3696.00 MHz
Re: Libperl 18?
On Mon, Feb 13, 2017 at 02:29:01AM +, Bryan C. Everly wrote: > I have been trying to nuke and pave my daily driver's OpenBSD partition > since Feb 5. Trying to install libproxy failed on a bad major (I have 17.1 > and it wants 18.0) for libperl. > > I figured this was the normal behavior I have seen from time to time > running snapshots and I would just wait for the next refresh of the > snapshot. I did and I reinstalled the bad and userland tools from it but > I'm still seeing the problem. > > Are we having problems with perl in the userland build? Should be libperl.so.18.0 from perl 5.24.1 http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib/sets/lists/base/mi.diff?r1=1.818=1.819=h What's the date of the snapshot you installed? $ ftp -o- ftp://ftp3.usa.openbsd.org/pub/OpenBSD/snapshots/amd64/base60.tgz | tar tzvf - | grep libperl ... -r--r--r-- 1 root bin5722739 Feb 12 12:44 ./usr/lib/libperl.so.18.0
Re: Is randomizing UID/GUID would make sense?
On Mon, Jan 23, 2017 at 11:00 AM, Martin Schröder <mar...@oneiros.de> wrote: > And what if my UID/GUIDs are random on every host and server? Would > nfs handle that? > Sure. Why not? But then, I'm only talking about UID/GID selection. I'm assuming that jsmith is UID 2000 on every system, regardless of how he got the number. Now if someone meant using *different* UID/GID on every system and they're not synchronized...right, that'd be a nightmare. The OP was just talking about changing from "last +1" to arc4random. Synchronizing UID/GID across servers (if you're not using a directory of some sort) is the same headache regardless of how you pick them. If the OP meant every server has different, unique randomized UID/GIDs then that's a separate craziness. -- andrew fabbro and...@fabbro.org
Re: Is randomizing UID/GUID would make sense?
On Fri, Jan 20, 2017 at 3:44 AM, Martin Schröder <mar...@oneiros.de> wrote: > 2017-01-20 8:43 GMT+01:00 minek van <minek...@mail.com>: > > Could it bring more security if the UIDs/GUIDs would be random? > > Why? What's the attack you want to defend against? > I suppose there's some information leakage in the sense that any given OpenBSD server is much more likely to have a UID of 1005 than a UID of 10005. And the first dozen or two lines in /etc/passwd are the same for every OpenBSD installation. But is there an arena where an attacker could make effective use of this information? If you wanted a different UID/GID for all the service accounts (everything >0) you're going to have a significantly more complicated installer...indeed, the whole tarball distro method would need to be examined. Random UID/GIDs for user accounts are something an admin could already do without needing to change anything - just pick random numbers for the adduser flags. > Or something would be broken with random UIDs/GUIDs, ex.: NFS? Would it > only do pain? > > Yes. Not sure about that...it would certainly be a headache to change UIDs/GIDs if you already have them in place, but for setting up a new server/new accounts, nfs doesn't care what number you are (well, 0 excepted). Whether the algorithm is "last used +1" or arc4random, you have the same sync/directory problems regardless. That's for user accounts...service accounts might need a bit more thought. So in summary, if you want random UID/GID for user accounts, that's a one-liner shell script - go for it! But if you want random UID/GID for service accounts, I think there would need to be a lot more justification for what would be a lot more work. -- andrew fabbro and...@fabbro.org
computer users.
Thanks for all your work. There is a learning curve involved in this, and I'm glad to be with OpenBSD operating system. Its a far cry from stumbling into phrack, 2600, and cdc, and all the other horrible shit on the internet on a pentium 100 and win95(highschool). I'm glad for OpenBSD and people who know how to engineer computer things. Really very wonderfull, I didn't buy this release, but i'm glad for some of my dollars to go to you guys in the future, heh, we will see. looking forward to mounting the steep learning curve.
Re: Forget mod_perl. I'm going to try to move to FastCGI and base http
On Tue, Oct 04, 2016 at 12:20:33PM -0400, Raul Miller wrote: > On Tue, Oct 4, 2016 at 8:48 AM, Marc Espie <es...@nerim.net> wrote: > > There's also a whole fucking manpage bundled with PerlDancer explaining in > > some details all the possible deployment options. > > Related, though, is that a lot (but not all) of this documentation > assumes the reader understands how to use mod_perl -- and incorporates > its documentation by reference, or by implication. This is getting off-topic for misc@, but the Plack and mod_perl are fairly low-level so I don't think it's unfair to expect a reader who is converting from one to the other to be familiar with them. Then again, the PSGI spec is not incredibly dense. https://metacpan.org/pod/PSGI And the FAQ seems to answer questions expecting, what seemed to me, a reasonable knowledge level. https://metacpan.org/pod/distribution/PSGI/PSGI/FAQ.pod > People who don't understand that are probably expected to either > figure it out for themselves, or migrate to some other environment > (which might account for some of the popularity of node.js, rails and > python). While the page at http://plackperl.org/ could possibly be a bit friendlier, it does have links to explain what it is and how it works, plus links to something like 18 higher-level frameworks that support PSGI, likely via Plack, I think the hope is more that you might find the Task::Kensho link off of the metacpan.org main page and from there follow the links to some of the many perl web development frameworks that exist. https://metacpan.org/pod/Task::Kensho#Task::Kensho::WebDev:-Web-Development (I am in the middle of doing this at work, so may not have a good handle on how someone new sees things) l8rZ, -- andrew - http://afresh1.com At the source of every error which is blamed on the computer, you will find at least two human errors, including the error of blaming it on the computer.
Re: Forget mod_perl. I'm going to try to move to FastCGI and base http
I gave a talk about moving from mod_perl to Plack and FastCGI at the local perlmonger group. It was fairly straight forward and there are a fair number of options on the CPAN, although I'm unsure which have ports. http://cvs.afresh1.com/~andrew/talks/cgi_to_psgi_pdx_pm/ There is also some potentially useful information in this article https://github.com/reyk/httpd/wiki/Migrating-a-perl-CGI-application-such-as-B ugzilla On September 29, 2016 12:19:50 PM PDT, Chris Bennett <chrisbenn...@bennettconstruction.us> wrote: >Thanks to stu@, he's informed me that mod_perl is a big problem for >OpenBSD modernising its Perl forward. >So I'm going to try and move to FastCGI. > >I can't find any info online about transition from mod_perl to FastCGI, >so I'll have to work that out myself. Any useful links would be >appreciated. > >Since I have been using Apache, I haven't paid any attention to base >http. > >I have written modules to allow people to setup to make a purchase for >online content, be transferred over to PayPal, pay. >PayPal then sends me payment details which I have to send back to >verify >status of purchase. After that I create a username and password and >email those plus a link to the customer. > >Privately, I have several databases that I use to form project assembly >pieces that can then be combined in different ways to produce final, >different complete project. Project labor is also worked out similarly. > >I also run two forums on outside software. > >I use PostgreSQL. I use Apache's httpd.conf and other confs to match >Locations to the appropriate modules. > >Are there any problems getting something like this to work with base >httpd? I run several different sites. >The manual pages seem a little terse and unrevealing to me. > >I'm going to go study FastCGI myself now. > >Could anyone share some httpd.confs with me that do what I'm trying to >accomplish? > >Any help appreciated, >Chris Bennett -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Re: dmesg for Lenovo Thinkpad x200 w/Libreboot
Yes. Yes it is, and he's trying to get OpenBSD running on top of Libreboot, which makes it very much relevant. PAY ATTENTION! On Tue, Sep 27, 2016 at 11:03 AM, Mihai Popescuwrote: > Dude, this is OpenBSD's mailing list not libreboot's. Pay attention, please! > -- http://apgwoz.com
Re: DigitalOcean and OpenBSD
Maybe this should be a FAQ. You can run OpenBSD on nearly any KVM VPS provider. I have some favorites, but it isn't right for me to shill here. You could visit LowEndTalk for discussion of cheap VPSes, or WebHostingTalk for more structured discussion of expensive ones. Or email me and I'll share my opinions and bread crumbs. I pay $3-5 per month to run OpenBSD on 512MB VPSes, and I also have some $15/year 128MB VPSes that run just fine for DNS, mail, etc. You can pay more to get much bigger specs of course. You need to read the vio(4) man page if you're going to run with virtio drivers (which you will if you use KVM). As for the "cloud" providers: - EC2, Azure: forget it. - Vultr: works well, officially supported - DigitalOcean: it's an "install through FreeBSD" hack. That said, once setup, I've had no issues. Note that snapshots may not work (per the tutorial link above). And of course there are cheap dedicated offers: OVH, SoYouStart, Kimsufi, online.net, hertzner, etc. If you can get the ISO presented to the hardware, of course OpenBSD works there. It's worth pointing out that: - if you just need a virtualized crash place to test OpenBSD, you can use virtualbox, etc. to do this on your PC/laptop for free - there are specialized OpenBSD hosters, so maybe giving them some love is appropriate - there are specialized OpenBSD shell account providers (devi.os) if that's all you need - some day in the bright shining future when vmm is done, you may be able to buy an OpenBSD guest VM on an OpenBSD host...and then these piddling Amazon and Microsoft Azure empires will fall as Puffy storms the net. To the cloud! -- andrew fabbro and...@fabbro.org
Re: Carp and VLANs
Thank you, This (having unique VHID) was the solution. I had considered originally that since each carp device is on its own VLAN, that would represent a unique broadcast domain and it wouldn't be violating anything - but without your suggestion I'm not sure I would have gone back to review that decision. I'm still a bit curious how it came to that. I did snoop if carp announcements were leaking from a tagged vlan onto the default network, but didn't see any sign of that. So maybe it was because the VLANs were riding on top of the same physical interface... but a lot less important now. Regards, Andrew On Tue, Aug 23, 2016 at 8:34 PM, John Jasen <jja...@realityfailure.org> wrote: > All your carp devices have the same VHID. As two share the same network, > that could cause problems. > > > > > On 08/23/2016 01:40 PM, Andrew Seguin wrote: > > Hi, > > > > I'm building up an OpenBSD router/firewall (migrating away from FreeBSD) > > but have been blocked by a behavior of carp in combination with VLANs > that > > I didn't expect or experience before. I'm hoping somebody could enlighten > > me a little bit about why carp floating IPs stop working when the carp > > status is master for the physical interface. > > > > > > Originally, there was a pair of FreeBSD systems (FW1 and FW2) where I had > > no issues with carp managed IPs. > > > > At the moment, one system is reinstalled with OpenBSD 5.9 (FW1), the > other > > remains with FreeBSD (FW2). > > > > The network is setup in such a way that the default vlan (1) is untagged, > > and this network is for all the network management. All other traffic > goes > > over tagged networks. The network switches we have simply work in this > way > > and so I can't make vlan 1 also a tagged interface to test the impact of > > such a configuration. > > > > As long as the OpenBSD system is not the master for the default / > untagged > > network associated to the physical network interface, the system will > > accept packets for its CARP IPs. > > > > When OpenBSD becomes master for the untagged network, it won't forward or > > respond (ping) to packets addressed to its floating IP. > > > > Configuration files for the physical interface (sk0) and a couple VLANs > (I > > run a dozen, but trimmed back to two for the purpose of this mail). > > > > # cat /etc/sysctl.conf > > net.inet.carp.allow=1 > > net.inet.carp.preempt=1 > > net.inet.ip.forwarding=1 > > > > # cat /etc/hostname.sk0 > > inet > > 10.1.0.2 255.255.255.0 NONE description "main link" > > inet 10.0.0.2 255.255.255.0 > > > > # cat /etc/hostname.carp1 > > vhid 1 pass password carpdev sk0 advskew 150 > > inet 10.1.0.1 255.255.255.0 > > inet alias 10.0.0.1 255.255.255.0 > > > > # cat /etc/hostname.vlan10 > > inet 10.10.0.2 255.255.255.0 NONE vlan 10 vlandev sk0 description > "Printer > > network" > > > > # cat /etc/hostname.carp10 > > vhid 1 > pass > > password carpdev vlan10 advskew 150 > > inet 10.10.0.1 255.255.255.0 > > > > # cat /etc/hostname.vlan50 > > inet 10.50.0.2 255.255.255.0 NONE vlan 50 vlandev sk0 description > "Wireless > > backbone" > > > > # cat /etc/hostname.carp50 > > vhid 1 pass password carpdev vlan50 advskew 150 > > inet 10.50.0.1 255.255.255.0 > > > > > > The other system has a similar configuration with the exception that IPs > > ending in .2 are .3 on FW2 and FW2 has advskew 100. > > > > > > If I make FW1 (OpenBSD) the master for vlan10 and vlan50 (ifconfig carp10 > > advskew 1; ifconfig carp50 advskew) but not for sk0, then it will forward > > packets between those two networks without problem and ping 10.10.0.1 > works > > fine. > > > > The moment I make it the master for sk0 (ifconfig carp1 advskew 1), it no > > longer forwards packets (between vlan10 and vlan50, vlan10 and the > untagged > > vlan) and it no longer responds to ping for any of the IPs associated to > > the carp interfaces from external systems (ping 10.10.0.2 works, ping > > 10.10.0.1 doesn't work) although from the local box it works (ping > > 10.10.0.1 from FW1 works). Output from ifconfig shows FW1 is the master > for > > all interfaces. > > > > Throughout, I am able to keep working with the box remotely as long as I > > logged in via the local subnet IP (ie: from a workstation with IP > &g
Carp and VLANs
Hi, I'm building up an OpenBSD router/firewall (migrating away from FreeBSD) but have been blocked by a behavior of carp in combination with VLANs that I didn't expect or experience before. I'm hoping somebody could enlighten me a little bit about why carp floating IPs stop working when the carp status is master for the physical interface. Originally, there was a pair of FreeBSD systems (FW1 and FW2) where I had no issues with carp managed IPs. At the moment, one system is reinstalled with OpenBSD 5.9 (FW1), the other remains with FreeBSD (FW2). The network is setup in such a way that the default vlan (1) is untagged, and this network is for all the network management. All other traffic goes over tagged networks. The network switches we have simply work in this way and so I can't make vlan 1 also a tagged interface to test the impact of such a configuration. As long as the OpenBSD system is not the master for the default / untagged network associated to the physical network interface, the system will accept packets for its CARP IPs. When OpenBSD becomes master for the untagged network, it won't forward or respond (ping) to packets addressed to its floating IP. Configuration files for the physical interface (sk0) and a couple VLANs (I run a dozen, but trimmed back to two for the purpose of this mail). # cat /etc/sysctl.conf net.inet.carp.allow=1 net.inet.carp.preempt=1 net.inet.ip.forwarding=1 # cat /etc/hostname.sk0 inet 10.1.0.2 255.255.255.0 NONE description "main link" inet 10.0.0.2 255.255.255.0 # cat /etc/hostname.carp1 vhid 1 pass password carpdev sk0 advskew 150 inet 10.1.0.1 255.255.255.0 inet alias 10.0.0.1 255.255.255.0 # cat /etc/hostname.vlan10 inet 10.10.0.2 255.255.255.0 NONE vlan 10 vlandev sk0 description "Printer network" # cat /etc/hostname.carp10 vhid 1 pass password carpdev vlan10 advskew 150 inet 10.10.0.1 255.255.255.0 # cat /etc/hostname.vlan50 inet 10.50.0.2 255.255.255.0 NONE vlan 50 vlandev sk0 description "Wireless backbone" # cat /etc/hostname.carp50 vhid 1 pass password carpdev vlan50 advskew 150 inet 10.50.0.1 255.255.255.0 The other system has a similar configuration with the exception that IPs ending in .2 are .3 on FW2 and FW2 has advskew 100. If I make FW1 (OpenBSD) the master for vlan10 and vlan50 (ifconfig carp10 advskew 1; ifconfig carp50 advskew) but not for sk0, then it will forward packets between those two networks without problem and ping 10.10.0.1 works fine. The moment I make it the master for sk0 (ifconfig carp1 advskew 1), it no longer forwards packets (between vlan10 and vlan50, vlan10 and the untagged vlan) and it no longer responds to ping for any of the IPs associated to the carp interfaces from external systems (ping 10.10.0.2 works, ping 10.10.0.1 doesn't work) although from the local box it works (ping 10.10.0.1 from FW1 works). Output from ifconfig shows FW1 is the master for all interfaces. Throughout, I am able to keep working with the box remotely as long as I logged in via the local subnet IP (ie: from a workstation with IP 10.10.0.50, I can ssh to 10.10.0.2). For testing ... while the FW1 (OpenBSD) is master for all interfaces, I used tcpdump and could see the packets arriving at the system only if I took the dump on sk0 or carp1. No packets show up on vlan10 or carp10 for the box. On vlan10 - I can see all traffic addressed to 10.10.0.2 without problem. On carp10 - I only see the "CARPv2-advertise" and arp request/response packets. To rule things out, I've kept the PF configuration as simple as possible for testing (simply 1 line: "pass"). I always made sure that the corresponding CARP interfaces were in a backup state on FW2 (freebsd) and via tcpdump that packets weren't ending up there by some accident of the switches. I've tried setting the subnet masks for the floating (carp) IP addresses to be 255.255.255.255 - didn't change the behavior. I set net.inet.carp.log=7 - nothing is noted in /var/log/messages beyond the transitions (carp1: state transition: BACKUP -> MASTER; MASTER -> BACKUP). Since then, I'm out of ideas what to try and am turning to the mailing list for help. I'm rather new to OpenBSD, but I reviewed the FAQ and searched on google, read man pages for carp, ifconfig, hostname.if, etc but didn't get any new ideas. Any ideas or suggestions what else I might look at? Is this expected behavior or have I overlooked some configuration option? Thanks in advance, Andrew
Re: Freezing VMs on Bytemark Hosting
You're running on KVM, which probably means you're using virtio. Have you set the 0x2 flag on the vio driver? I experienced hangs on my KVM-hosted OpenBSD VMs until I read the vio(4) man page: http://man.openbsd.org/vio.4 "The *vio* driver provides support for the virtio(4) <http://man.openbsd.org/virtio.4> network interface provided by bhyve, KVM, QEMU, and VirtualBox. Setting the bit 0x2 in the flags disables the RingEventIndex feature. This can be tried as a workaround for possible bugs in host implementations of *vio* at the cost of slightly reduced performance." An example of how to do this: http://blather.michaelwlucas.com/archives/2083 On Tue, Jul 26, 2016 at 2:02 AM, Edd Barrett <e...@theunixzoo.co.uk> wrote: > Hi, > > This is very much off-topic, and a long shot. > > I have a VM hosted at Bytemark, which seems to have started freezing > about once a week. It stops responding to the network, and if I bring up > the console, I see the login prompt with a flashing cursor, but it is > not responsive to key-presses. > > I have a support ticket open, but we are not sure if it's an OpenBSD > problem, or something on their end. The VM is running 5.9-stable with > all patches applied. FWIW, Bytemark uses KVM + Qemu, so this question may > extend to ARP networks VMs too(?). > > Wondering if anyone else here is hosting on Bytemark (or ARP) and had a > similar issue, or even a workaround. > > Like I said, long shot. > > Cheers > > -- > Best Regards > Edd Barrett > > http://www.theunixzoo.co.uk > > -- andrew fabbro and...@fabbro.org
Re: Clean OpenBSD's httpd logs
Create a favicon.ico file, or ignore the error. httpd is just reporting that the user's browser is trying to fetch /favicon.ico and apparently it doesn't exist. Logging that as a 404 is standard behavior. You don't have one so httpd reports a 404. There are ways of telling the browser to not expect a favicon.ico or telling it that it exists somewhere else (that perhaps doesn't exist), but httpd in this case is really doing nothing wrong. The wisdom of favicons is a different story but they are standard. http://stackoverflow.com/questions/1321878/how-to-prevent-favicon-ico-requests One could argue that perhaps the web server shouldn't log favicon-related 404s...but then there will be someone trying to figure out why his/her favicons aren't showing up and will be looking at logs. On Thu, Jun 30, 2016 at 8:50 AM, C. L. Martinez <carlopm...@gmail.com> wrote: > Hi all, > > Sorry if this question sounds stupid, but how can I avoid this type of > entry in OpenBSD's httpd access.log: > > 172.22.55.1:44710 -> 172.22.55.10, /favicon.ico (404 Not Found), [/] > [/favicon.ico] > > ?? > > Thanks. > -- > Greetings, > C. L. Martinez > > -- andrew fabbro and...@fabbro.org
Re: Fifteen questions
> Does OpenBSD come up with any in-house software to encrypt a file? Or do > I have to use gnupg? Yes -- libressl may do what you want. Read man openssl(1) and skim down to the section entitled "ENC" and the subsequent sections including examples. It's well written.
Re: I am thankful for OpenBSD quality docs
On Tue, May 17, 2016 at 10:30 AM, Ingo Schwarze <schwa...@usta.de> wrote: > In general, BSD documentation tends to be better > than Linux documentation A while back, feeling somewhat bitter after struggling with Linux docs after growing accustomed to OpenBSD docs, I made this image which summarizes my feelings: http://i.imgur.com/EKsD7aG.png OpenBSD's documentation, in my experience, exceeds the docs provided by some commercial operating systems, and those companies can afford to have full-time doc writers on staff. OpenBSD documentation is the gold standard. -- andrew fabbro and...@fabbro.org
EFI video corruption, reboot on Dell R230
Trying out the shiny new UEFI support without much luck on this hardware (Dell PowerEdge R230 1U server, BIOS 1.2.5, which is currently the latest). Using a snapshot install59.fs (May 6 was the most recent I've tried), the bootloader works fine, but after the kernel loads, it correct prints a single line: entry point at 0xf001000 [7205c766, 3404, 24448b12, 3680a304] and then all subsequent text is squished into a space about 4 pixels tall in the center of the screen, stretched horizontally, and colored purple, so it is completely unreadable. At a distance it looks like a purple line. Furthermore, about 10 seconds later the machine reboots. Since there doesn't appear to be any serial console support in the EFI bootloader I can't capture the unreadable kernel messages. 'machine video' reports only mode 0 (80x25). The bootloader screen is actually windowboxed (the monitor is running at 1024x768 at this point) but works fine. Video hardware is not Intel or Radeon but rather Matrox G200eR2 (apparently a 1998 GPU is back in embedded form?). FreeBSD & Linux do boot fine in UEFI mode, but I don't imagine that's much help, aside from ruling out defective hardware. I don't know if the card model even comes into play since it's probably something much earlier in the boot process at fault, but in case it helps, here is its PCI information (via FreeBSD): vgapci0@pci0:7:0:0: class=0x03 card=0x06a51028 chip=0x0534102b rev=0x01 hdr=0x00 vendor = 'Matrox Electronics Systems Ltd.' device = 'G200eR2' class = display subclass = VGA bar [10] = type Prefetchable Memory, range 32, base 0x9100, size 16777216, enabled bar [14] = type Memory, range 32, base 0x9280, size 16384, enabled bar [18] = type Memory, range 32, base 0x9200, size 8388608, enabled Any suggestions? -Andrew
generic.mp #2018 amd64 install and packages.
Hi misc@, Just a user experience for your consideration. I picked up a new bsd.rd from snapshots in toronto. Checked the sha256 and signify to make sure it's good. Moved it to / and rebooted with: boot> hd0a:/bsd.rd selected Install with standard options. clean download from the mirror followed by reboot. -- logged in as root -- # pkg_info quirks-2.232 rtwn-formware-1.0 # -- # pkg_add nano Can't installl libiconv-1.14p3 because of libraries |library.c.86.0 not found | /usr/lib/libc.so.87.0 (system) bad major Can't install gettext-0.19.7: can't resolve libiconv-1.14p3 Can't install nano-25.3: can't resolve gettext-0.19.7 -- Just looked at the toronto mirror ../snapshots/packages/amd64 and libiconv-1.14p3 is in the directory from May 8. -- Switched /etc/pkg.conf from "%c" to "snapshots" -- Same error as above As always I want to express my gratitude to Theo and all the past and present devs --- have a great week ahead !!
Re: Openbsd broke my hard drive twice! Getting frustrated
Hi Gabe, I found it possible to boot and install 5.9 on an XPS 13" (9333)[0], but had problems getting the all important suspend to RAM (or anything which allowed me to close the lid and reopen to resume work) to work. Were you successful in getting this necessary laptop functionality working correctly? If so, would you mind sharing your configs? I'd love to reinstall OpenBSD on this machine, but can't sacrifice that. Cheers, Andrew [0]: To be fair, I suffered the same problems you did, where I thought the drive was dead. But, in reality, I just had to repartition it with EFI in mind from a thumb drive booted Linux installer, and try again. On Tue, May 3, 2016 at 8:30 PM, Gabriel Guzman <g...@guzman-nunez.com> wrote: > On 12/29, Gabriel Guzman wrote: > > I've been seeing a similar issue on a DELL XPS 13" Developer edition I > got > > back in June -- ran fine with ubuntu as shipped with Dell, and then I > > wiped and installed OpenBSD and now can't even access the BIOS. > > I figured out the issue. On my machine (DEL XPS 13) it was the "Intel > Rapid Boot" option in BIOS. Disabling that resolved all my boot issues. > I can now boot with MBR or GPT off the internal SSD. And, I can also > access the BIOS with the internal SSD installed in the system (this was > not possible before) > > gabe. > > -- http://apgwoz.com
Re: Reading /etc/shells - Check /etc/master.passwd - Password file busy
On Sat, Apr 23, 2016 at 06:42:06PM -0400, Nick wrote: > Check /etc/master.passwd > Password file busy > # > > I have checked both /etc/passwd, /etc/master.passwd and I cannot see any > issues with it. This means that you're not able to open /etc/ptmp for some reason, likely because the file already exists (because adduser tries to open the file O_CREAT|O_EXCL). l8rZ, -- andrew - http://afresh1.com Unix is very simple, but it takes a genius to understand the simplicity. -- Dennis Ritchie
Re: Standard way to create a generic queue in ksh
On Sat, Apr 16, 2016 at 4:32 AM, Craig Skinner <skin...@britvault.co.uk> wrote: > A bloated way to do that is with an SQLite database, with a table's > unique primary key being some (job number) attribute. Another column > could auto timestamp on row insertion, so you could query on job number > or time added. Unless you've other data to retain, it is rather bloated. > Not sure I agree - sqlite is pretty lightweight. I have a job system that runs hundreds of jobs on many systems, each dumping results into local daily sqlite files which are then scp'd back and consolidated for reporting. This gives us the ease of standardized job results and reporting without the need to have an HA DB every system can report to, load DB clients all over the place, DB security with remote access, etc. (We need to gather results somehow, so rather than write some custom format or something like XML, sqlite is an easy format to use). You can access sqlite on the command line in shell scripts if need be. DB sizes are in MB. You might be saying bloated because it's writing SQL, etc. and for a sysadmin who's focused on systems and is not a code-writer, that's totally fair - SQLite is much more pleasant when you have perl or python and can properly bind variables, etc. I'd say the OP is crossing into programming rather than scripting. I'm making an artificial distinction (since shell scripts are certainly programs) but in my experience, once you start needing more complex data structures, you've outgrown the shell and should look at something like perl, python, etc. Not saying there aren't ways to do queues in bash/ksh/etc., just...why would you? -- andrew fabbro and...@fabbro.org
Re: Question about logo
On Wed, Mar 2, 2016 at 11:37 PM, Janne Johansson <icepic...@gmail.com> wrote: > http://www.openbsd.org/art1.html says: > > Most images provided here are copyright by OpenBSD, by Theo de Raadt, or by > other members or developers of the OpenBSD group. However, it is our intent > that anyone be able to use these images to represent OpenBSD in a positive > light -- but do not make profit from them. [...] So enjoy them and let the > world see them, if that is your wish. There are people selling shirts on Zazzle, CafePress, etc. which have the OpenBSD logo - easy to find via google. I'm assuming those people are not authorized by OpenBSD nor do they pass on profits, alas. -- andrew fabbro and...@fabbro.org
isakmpd peculiarities, ipsec.conf manpage inaccuracy
Hi all, I'm running OpenBSD 5.8-stable. The ipsec.conf manpage indicates that if no srcid is present in an automatic keying IKE statement, then the value in the identification should be the host IP address, and be an IP address type. I've found this to be incorrect; if no srcid is specified, my system makes the type in the identification payload an FQDN, and sets the value to the machine's hostname. In order to pass just the IP address (and be an IP address type), I had to explicity set srcid to the IP address in the ike statement. Moving on, I am troubleshooting an issue where I'm able to connect a Macbook running OS X to a remote access VPN service (L2TP + IPsec) I pay for, but my seemingly identically-configured OpenBSD 5.8-stable workstation cannot connect. Specifically the IPsec negotiation fails. The failure occurs in the very beginning of the phase 2 negotiation, when the OpenBSD system sends the first Quick Mode message with its ID payloads. The remote peer always responds to this message with an "INVALID ID RECEIVED" notification, despite the ID payloads being identical to what my OS X system sends. After decrypting the IKE exchange from both my OpenBSD system and my OS X system, while I find the identification payload in the first quick mode message to be the same, I actually discovered a difference in the final segment of the main mode Identity Protection phase: In 3rd and final exchange in IKE phase 1 (Identity protection, main mode): *isakmpd appends an "INITIAL-CONTACT" Notification payload to the end of its message *The Identification payload contains zero-values for the port and protocol ID This is in contrast to my Mac OS X system which does not include the notification payload, and in the ID payload, it indicates a protocol of UDP and port 500. To be fair, the IETF IPSec DoI for ISAKMP actually does indicate that both the behavior of my Mac and of OpenBSD are acceptable. That being the case, these are the only meaningful differences I've been able to identify between OS X and OpenBSD, and ultimately I'd really like to be able to connect to the VPN. Does anybody know if there are any settings I can use to modify the behavior of isakmpd to be in line with what OS X does? I would greatly value any input. I have to say, decrypting the IKE exchange from OS X was a fairly annoying and tedius process. I love how with isakmpd I can just pass it the -L parameter and it will automatically dump a capture of the decrypted exchange. Warm regards, Andrew
IKE phase 2 failing, but don't see any obvious problem
Hi all, I'm working on bringing up a remote-access L2TP + IPSec VPN on an OpenBSD 5.8 workstation. Note that this system is the client side L2TP LAC, not a server-side L2TP LNS. Therefore I am using xl2tpd instead of npppd, which will only handle server-side configurations. My issue actually seems unrelated to the underlying tunneling protocol. I'm running into an IKE phase 2 failure, specifically when first moving into quick mode. My OpenBSD system sends the first quick mode message that contains its advertised remote and local network information. In this case, it's very simple as it's simply the traffic between what will become the L2TP endpoints, so: proto usb from 1.1.1.1 to 2.2.2.2 port 1701 1.1.1.1 is my local IP and 2.2.2.2 is the remote endpoint. When my system sends this as the ID information in the quick mode message however, the remote endpoint responds with: INVALID ID INFORMATION. I've tried a variety of things, but I can't determine what's wrong here. Phase 1 completes without issue. Below is the isakmpd.pcap output showing the failure: 08:32:37.154146 1.1.1.1.4500 > 2.2.2.2.4500: [bad udp cksum e7bc! -> 3d4d] udpencap: isakmp v1.0 exchange QUICK_MODE cookie: -> msgid: d8e18d0e len: 148 payload: HASH len: 24 payload: SA len: 52 DOI: 1(IPSEC) situation: IDENTITY_ONLY payload: PROPOSAL len: 40 proposal: 1 proto: IPSEC_ESP spisz: 4 xforms: 1 SPI: 0xdad40d72 payload: TRANSFORM len: 28 transform: 1 ID: AES attribute LIFE_TYPE = SECONDS attribute LIFE_DURATION = 3600 attribute ENCAPSULATION_MODE = TUNNEL attribute AUTHENTICATION_ALGORITHM = HMAC_SHA attribute KEY_LENGTH = 128 payload: NONCE len: 20 payload: ID len: 12 proto: 17 port: 0 type: IPV4_ADDR = 1.1.1.1 payload: ID len: 12 proto: 17 port: 1701 type: IPV4_ADDR = 2.2.2.2 [ttl 0] (id 1, len 180) 08:32:37.167755 2.2.2.2.4500 > 1.1.1.1.500: [bad udp cksum a74b! -> a767] udpencap: isakmp v1.0 exchange INFO cookie: -> msgid: 16fb376e len: 76 payload: HASH len: 24 payload: NOTIFICATION len: 16 notification: INVALID ID INFORMATION [ttl 0] (id 1, len 108) Perhaps another set of eyes might catch what I have not. Any input would be greatly appreciated. :) Warm regards, Andrew
Remote access VPN on OpenBSD workstation...
Hi all, Allow me to apologize in advance if I've overlooked something here. I am using an OpenBSD workstation and have a need to establish a remote access VPN by authenticating to an IPsec-protected L2TP LNS endpoint. The desired operation is for the workstation to use the far-end ppp interface as its default gateway. My question is whether npppd can be configured in this manner. Reading through the npppd and npppd.conf manpages, the configurations mainly appear to pertain to configuring an L2TP server that remote users can then connect to, and in fact I've only been able to find guides for such configurations online as well. I'm trying to achieve the opposite of this. Am I simply overlooking something? For simplicity sake I'm not yet concerned about getting the IPSec layer operational, which seems slightly more straightforward. Is there a way to configure npppd as a LAC client or does it only function as an LNS? If the latter, is there other software available that can act as a native LAC client on OpenBSD? This is in reference to OpenBSD 5.8 stable. Thank you, Andrew Lester
Re: Reached some limit with sockets?
On Sat, Feb 20, 2016 at 08:06:57PM +0100, Federico Giannici wrote: > In a server (OpenBSD amd64 5.7) with many concurrent perl programs that have > to open a lot of SSH connections, I get many errors like this: > > connect() on closed socket GEN136 at > /usr/local/libdata/perl5/site_perl/Net/SSH/Perl.pm line 216. > > Maybe at some point no more sockets can be opened because of some limit is > reached? > > I already tried to set these in sysctl.conf: > > kern.maxfiles=2 > kern.somaxconn=1024 Since you don't provide much information about how many simultaneous connections you are making or how many you are making per-second, it's really hard to guess what might be going on. However, the maxfiles limit here may give some indication to the amount so my guess is that you are hitting the pf state limit. The default state purging interval is 10 seconds, and the default state limit is 10,000 states. I'd suggest looking at the output of pfctl -si when you're having the issue. $ doas pfctl -sa | grep -e ^states -e interval interval 10s stateshard limit1 (note that I don't actually have an OpenBSD 5.7 machine, so these numbers may not have been the same back then)
Re: GUI Designer
On Mon, Feb 22, 2016 at 02:21:01PM +, Daniel Boyd wrote: > But here's??my question: every now and > then I like to makea quick and dirty GUI app. ??In Windows, I was??using > Netbeans/Java/Swing. ??What do youguys use for a simple GUI with a > visualdesigner? In perl, I for one usually end up just writing a quick web app using Mojolicious::Lite* or some other framework. Doesn't exactly answer your question, but I haven't had a desire to write a GUI app in quite a few years. * The p5-Mojo package from http://mojolicious.org/perldoc/Mojolicious/Lite l8rZ, -- andrew - http://afresh1.com Life's unfair - but root password helps!
Trouble applying patch 003 to OpenBSD 5.8-stable
Hi all, I'm setting up OpenBSD 5.8-stable and installing the patches for the known errata. I'm buying the CD set but installed with the install58.iso from a mirror. As such I don't think the bad src.tar.gz on the CD will affect me; I've used src.tar.gz from the mirror. I'm having problems installing the patch for errata #003. This the uvm patch. It appears that the file attempted to be patch is /usr/src/sys/uvm/uvm_km.c. When attempting to patch, it stalls and asked me to provide the path to the file to patch, because the previously mentioned file actually seems to not exist. Is this an optional patch or am I missing something? This is an amd64 platform and I installed all the sets. Patch 001 and 002 had no problem. Warm regards, Andrew Lester
pkg.conf edit on -current #1870
GENERIC.MP #1870 amd64 FWIW: Last night did a clean (re) installl using the toronto.edu mirror. boot> boot hd0a:/bsd.rd Puffy loaded up fine -- but no packages. I edited my /etc/pkg.conf from: ... toronto.edu/pub/OpenBSD/%c/packages/%a/ to: toronto.edu/pub/OpenBSD/snapshots/packages/%a/ --- Thanks as always to Theo and to all the past and current devs -- have a great week ahead !!
how to mount a *dmg in -current
sh> file tws-stable-standalone-macosx-x64.dmg tws-stable-standalone-macosx-x64.dmg: Macintosh HFS Extended version 4 data last mounted by: '10.0', created: Tue Feb 2 16:12:22 2016, last modified: Tue Feb 2 22:12:22 20to 16, last backup: Tue Feb 2 22:12:22 2016, last checked: Tue Feb 2 22:12:22 2016, block size: 4096, number of blocks: 23105, free blocks: 0 -- FWIW: The old version of this software was simply a couple *jar files that will work flawlessly on 5.7 doing nothing more than adding jdk* from packages. This company repackaged the *jar files using install4j into a *dmg image. I think they also customized java somehow and included it in the *dmg. Now I'm supposed to "click on the icon" to unpack everything. Can I mount this *dmg using just -current -- or mount it by adding something else from packages ?? Have I overlooked the obvious solution ?? hfsplus does not work An old marc thread mentioned dmg2img but it is not in packages, My current test setup is a GENERIC.MP #1847 amd64. Thank you in advance for any suggestions.
Re: how to mount a *dmg in -current
Thank you Jiri !! This works: sh> pkg_add p7zip sh> 7z e *dmg On 2/12/16, Jiri B <ji...@devio.us> wrote: > On Fri, Feb 12, 2016 at 12:43:18PM -0600, Andrew wrote: >> sh> file tws-stable-standalone-macosx-x64.dmg >> >> tws-stable-standalone-macosx-x64.dmg: Macintosh HFS Extended version 4 >> data last mounted by: '10.0', created: Tue Feb 2 16:12:22 2016, last >> modified: Tue Feb 2 22:12:22 20to 16, last backup: Tue Feb 2 >> 22:12:22 2016, last checked: Tue Feb 2 22:12:22 2016, block size: >> 4096, number of blocks: 23105, free blocks: 0 >> >> -- >> >> FWIW: The old version of this software was simply a couple *jar files >> that will work flawlessly on 5.7 doing nothing more than adding jdk* >> from packages. This company repackaged the *jar files using install4j >> into a *dmg image. I think they also customized java somehow and >> included it in the *dmg. Now I'm supposed to "click on the icon" to >> unpack everything. >> >> Can I mount this *dmg using just -current -- or mount it by adding >> something else from packages ?? Have I overlooked the obvious >> solution ?? hfsplus does not work An old marc thread mentioned >> dmg2img but it is not in packages, >> >> My current test setup is a GENERIC.MP #1847 amd64. >> >> Thank you in advance for any suggestions. > > Have you tried p7zip? > > j.
Re: Can I accelerate my magnet HDD using a SSD in any way?? E.g. softraid patch/ARC, dedicated hardware e.g. Intel RCS25ZB040LX="Nytro MegaRAID", anything
On Mon, Feb 1, 2016 at 8:16 AM, patric conant <mirage.comput...@gmail.com> wrote: > Why can't the solution be all flash? $400 for 1 TB flash, * 7 sata ports on > a decent $100 Motherboard, gets you 7TB of flash for under $3000 > Well, yes, and for a few hundred thousand you can get persistent DRAM fusion-io. OTOH, you can get 4TB SATA drives for $250. The OP was just pointing out that SSD-acceleted (aka SSD-cached) SATA/SAS is very common in Win/Lin/OSX and was wondering what the status is on OpenBSD. -- andrew fabbro and...@fabbro.org
Re: current snap fails on gigabyte brix at uhub0
> I had the same problem with a Gigabyte GA-970A-UD3 based computer, but the > latest snapshot (#1846: Sun Jan 17 02:34:54 MST 2016) fixed it for me. > > Kind regards, > > > Martijn Rijkeboer Just downloaded GENERIC.MP #1847 amd and it boots seamlessly to a login prompt. As always, thanks to Theo and to all the past and present devs -- have a great week ahead !!
current snap fails on gigabyte brix at uhub0
FYI -- the current snapshot fails on a Gigabyte Brix. The boot process blows up at:uhub0 -- uhub0: device problem, disabling port 1 uhub0: device problem, disabling port 2 ehci_sync_hc: tsleep() = 35 ehci_sync_hc: tsleep() = 35 ehci_sync_hc: tsleep() = 35 ehci_sync_hc: tsleep() = 35 ehci_sync_hc: tsleep() = 35 ehci_sync_hc: tsleep() = 35 ehci_sync_hc: tsleep() = 35 ehci_sync_hc: tsleep() = 35 uhub1: device problem, disabling port 1 ehci_sync_hc: tsleep() = 35 ehci_sync_hc: tsleep() = 35 ehci_sync_hc: tsleep() = 35 ehci_sync_hc: tsleep() = 35 ehci_sync_hc: tsleep() = 35 ehci_sync_hc: tsleep() = 35 ehci_sync_hc: tsleep() = 35 ehci_sync_hc: tsleep() = 35 uhub2: device problem, disabling port 1 wsci0 at root scsibus2at vsci0: 256 targets softraid0 at root scsibus3 at softraid0: 256 targets root on sd0a: (foo.a)swap on sd0b dump on sd0b ... and it locks up. --- Re: FAQ 4.16 -- the machine has no floppy and no serial port so i'm not sure how to get the dump to someone. However, here is an OLD dmesg from back in Sept. http://marc.info/?l=openbsd-misc=144122200709123=2 Hope this is useful to someone and thank you for the gift of OpenBSD !!!
Re: problem mounting ext4 filesystem
On Tue, Jan 5, 2016 at 5:05 PM, Remi Locherer <remi.loche...@relo.ch> wrote: > Hi, > > I tried to mount an ext4 filesystem on OpenBSD which was created on > CentOS7. I get this: > > remi@mistral:~% doas mount -t ext2fs /dev/sd0m /mnt > mount_ext2fs: /dev/sd0m on /mnt: specified device does not match mounted > device > remi@mistral:~% dmesg | grep incomp > ext2fs: unsupported incompat features 0x2c2 > remi@mistral:~% > > Which feature is 0x2c2? Maybe I can disable this or re-create the filesystem > on Linux without this feature? It's a bitmask combination of features, see https://ext4.wiki.kernel.org/index.php/Ext4_Disk_Layout#The_Super_Block (entry 0x60, s_feature_incompat). Features supported in OpenBSD are described in src/sys/ufs/ext2fs/ext2fs.h, specifically the #define EXT2F_INCOMPAT_SUPP bit. It appears that there is some read-only ext4 support in OpenBSD, but not for your particular FS -- yours contains the bit 0x80 (INCOMPAT_64BIT, not even listed in OpenBSD, let alone in EXT4F_RO_INCOMPAT_SUPP). If you want to share the FS read/write between OpenBSD and Linux, it's probably easier to create it as ext2 rather than tracking down which ext4 features to disable. -Andrew
Re: startx fail on Lenovo G50-80 amd64
On 11/28/15, Doug Hoganwrote: > On Fri, Nov 27, 2015 at 09:47:23AM +, freeu...@ruggedinbox.com wrote: >> I installed OpenBSD 5.8 on USB flash memory. It's fine:) >> Then Lenovo G50-80 could booting. but, startx fail and xdm was fail. > > I would focus on startx. > >> 1.background is blank(black) screen, mouse icon(X and arrow) couldn't >> move. > > Was there an error message in the console about the mouse? > >> 3.X will draw window manager's background, but behave was strange. > > What WM are you using? > >> 5.couldn't get X.0.log > > If you startx, let it load and then either kill it or switch back to the > console, does it show any errors? Are there any /var/log/Xorg.*.log > files? > >> dmesg|grep drm: > > Could you post the full dmesg? In our dmesg archive, I see someone > report that their Lenovo G50-80 works more than your report indicates. > However, theirs didn't load inteldrm properly and yours did. I can't > compare the two dmesgs since you snipped it. > >> xorg.conf: > > Can you try it without a xorg.conf file? It's usually not necessary. > In general, try to make things simpler to debug by using startx, no > xorg.conf file, a simple WM like cwm and try to find a way to get us a > log file or error message. > > If possible, could you try installing an amd64 snapshot from tomorrow to > see if it was fixed between 5.8 and -current? I have a Lenovo G50-70 running the 5.7 stable.amd GENERIC.MP I am humble enough to admit that I was also baffled by a blank screen, seemingly no keyboard, no mouse, no error messages ... and I had to ask for help too. The solution may be as simple as tappng the "brightness" button a few times on the keyboard. It's the F12 button on my laptop. See also: localhost> man xbacklight
Re: Unix::Pledge perl module
On Thu, Nov 19, 2015 at 04:19:19PM -0500, Richard Farr wrote: > I've put together a simple CPAN module that allows you to use pledge(2) > in your Perl programs. Of course it will only work on -current. Way cool! I too have been working on this a bit. Sorry that I got distracted from actually putting it someplace public. https://github.com/afresh1/OpenBSD-Pledge One benefit of mine is that OpenBSD-Pledge.t is a bit further fleshed out. I do need to do a fair amount of work on the docs still, but I will be looking for OKs to import it into base before long. I think there is definitely room in the ecosystem for more than one tool, especially if other operating systems adopt pledge. l8rZ, -- andrew - http://afresh1.com I wish life had an UNDO function.
Re: installation of Perl on OpenBSD 5.8 with perlbrew fails due crypt.h
On Tue, Nov 03, 2015 at 02:03:34PM -0200, Alceu Rodrigues de Freitas Junior wrote: > Hello Andrew, > > Em 02-11-2015 23:52, Andrew Fresh escreveu: > >Yes, we don't support many of the algorithms that the tests attempt to > >use. I should probably push this patch upstream (with improvements) but > >have not yet had time. > > > >https://github.com/afresh1/OpenBSD-perl/blob/master/patches/GOOD/fix_crypt_t ests.patch > > > > I took a look at your patch but didn't understand the objective of it. > > There are some comments as "# Use Blowfish", do you mean using > Crypt::Blowfish crypt function instead? No, from `man 3 crypt` Blowfish crypt The Blowfish version of crypt has 128 bits of salt in order to make building dictionaries of common passwords space consuming. ... The version number, the logarithm of the number of rounds and the concatenation of salt and hashed password are separated by the ‘$’ character. An encoded ‘8’ would specify 256 rounds. A valid Blowfish password looks like this: “$2b$12$FPWWO2RJ3CK4FINTw0Hi8OiPKJcX653gzSS.jqltHFMxyDmmQ0Hqq”. > Maybe a conditional block from Test::More help with that (including skipping > the test at all) would help, based on the osname from Config module. Perhaps, although with that patch the tests pass. I am sure I'll come up with something. > >That would be helpful, along with specific versions of perl you are > >trying to install. > > Here it goes: > Use of uninitialized value in substr at op/crypt.t line 43. > substr outside of string at op/crypt.t line 43. > I tried to install the latest perl available (5.22.0). This looks like the errors the patch addresses, so yes, something changed in 5.8. The other crypt's got tedu'd http://marc.info/?l=openbsd-cvs=142835341405554=2 l8rZ, -- andrew - http://afresh1.com If your computer says, "Printer out of Paper," this problem cannot be resolved by continuously clicking the "OK" button.
Re: installation of Perl on OpenBSD 5.8 with perlbrew fails due crypt.h
On Mon, Nov 02, 2015 at 10:06:18PM -0200, Alceu Rodrigues de Freitas Junior wrote: > My name is Alceu and I'm a newbie with OpenBSD. I hope I reached the right > mailing list to ask about compiling Perl with perlbrew on OpenBSD. Seems a reasonable place. I've successfully installed quite a few versions of perl using plenv, not perlbrew, but I think that plenv does not run the test suite. > Is there any change to crypt.h on version 5.8? It seems the errors are due > differences on the interface. Yes, we don't support many of the algorithms that the tests attempt to use. I should probably push this patch upstream (with improvements) but have not yet had time. https://github.com/afresh1/OpenBSD-perl/blob/master/patches/GOOD/fix_crypt_tests.patch > Unfortunately I don't have the exact error messages, but I can try to > reproduce the errors again if needed. That would be helpful, along with specific versions of perl you are trying to install. l8rZ, -- andrew - http://afresh1.com Full-time system administration is a delicate balance between proactiveness and laziness. -- jhorwitz from use.perl.org
Re: Advices for a new laptop
The X220 is older, so you can probably find it via ebay or other sources for way less than your budget. On Thu, Oct 29, 2015 at 8:33 AM, Domovoywrote: > Thinkpads are over my budget (i find them starting with the E550 at 758⬠> on my usual reseller). > > What about the B50-80 (80LT003C): i3, Intel HD 4400, wifi B/G/N/AC, > Gigabit Ethernet, 2x USB3. > Unfortunately i can't find for sure which wireless cards is used (probably > Intel Dual Band Wireless-AC 3160). > If it can allow me to do the little 3D editing i need, it would be a good > fit. > > Any information about OpenBSD support for this thing? > (From what i gathered the Intel HD 4400 should work, right?) > > > Le 2015-10-29 15:00, Bryan Everly a écrit : > >> The X series and the T series Thinkpads work really well. >> >> My x220 is outstanding. The only device that isn't supported is the >> fingerprint reader. Also the mSATA slot is great for a second SSD. I >> dual boot OpenBSD and Arch (for when I need a Virtual Machine) and >> just use the F12 key at boot to select the drive I boot off of. Really >> simplifies the set up. Also you can put 16gb of ram in this model >> (even with an i5 processor) even though the specs say max of 8gb. >> >> Thanks, >> Bryan >> > > -- http://apgwoz.com
current snapshot works on a Gigabyte Brix
Last time I tried (many months ago) ended in a kernel panic. Big thanks to Puffy/ Theo/ devs for liberating this box from it's old kernel !! Much happiness :-) --- OpenBSD 5.8-current (RAMDISK_CD) #1211: Wed Sep 2 08:50:46 MDT 2015 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD real mem = 8443551744 (8052MB)Thanks to the devs avail mem = 8185937920 (7806MB) mainbus0 at root bios0 at mainbus0 acpi0 at bios0: rev 2 acpi0: tables DSDT FACP APIC FPDT MCFG HPET SSDT SSDT SSDT DMAR ASF! acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-3337U CPU @ 1.80GHz, 1696.43 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (P0P1) acpiprt2 at acpi0: bus 1 (RP01) acpiprt3 at acpi0: bus 2 (RP02) acpiprt4 at acpi0: bus 3 (RP03) acpiprt5 at acpi0: bus -1 (RP04) acpiprt6 at acpi0: bus -1 (RP05) acpiprt7 at acpi0: bus -1 (RP06) acpiprt8 at acpi0: bus -1 (RP07) acpiprt9 at acpi0: bus -1 (RP08) acpiprt10 at acpi0: bus -1 (PEG0) acpiprt11 at acpi0: bus -1 (PEG1) acpiprt12 at acpi0: bus -1 (PEG2) acpiprt13 at acpi0: bus -1 (PEG3) acpiec0 at acpi0: not present pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel Core 3G Host" rev 0x09 vga1 at pci0 dev 2 function 0 "Intel HD Graphics 4000" rev 0x09 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) xhci0 at pci0 dev 20 function 0 "Intel 7 Series xHCI" rev 0x04: msi usb0 at xhci0: USB revision 3.0 uhub0 at usb0 "Intel xHCI root hub" rev 3.00/1.00 addr 1 "Intel 7 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured ehci0 at pci0 dev 26 function 0 "Intel 7 Series USB" rev 0x04: apic 2 int 16 usb1 at ehci0: USB revision 2.0 uhub1 at usb1 "Intel EHCI root hub" rev 2.00/1.00 addr 1 "Intel 7 Series HD Audio" rev 0x04 at pci0 dev 27 function 0 not configured ppb0 at pci0 dev 28 function 0 "Intel 7 Series PCIE" rev 0xc4: msi pci1 at ppb0 bus 1 ppb1 at pci0 dev 28 function 1 "Intel 7 Series PCIE" rev 0xc4: msi pci2 at ppb1 bus 2 re0 at pci2 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E-VL (0x2c80), msi, address 94:de:80:80:16:d2 rgephy0 at re0 phy 7: RTL8169S/8110S/8211 PHY, rev. 5 ppb2 at pci0 dev 28 function 2 "Intel 7 Series PCIE" rev 0xc4: msi pci3 at ppb2 bus 3 rtwn0 at pci3 dev 0 function 0 "Realtek 8188CE" rev 0x01: msi rtwn0: MAC/BB RTL8188CE, RF 6052 1T1R, address 24:0a:64:07:0a:90 ehci1 at pci0 dev 29 function 0 "Intel 7 Series USB" rev 0x04: apic 2 int 23 usb2 at ehci1: USB revision 2.0 uhub2 at usb2 "Intel EHCI root hub" rev 2.00/1.00 addr 1 "Intel HM77 LPC" rev 0x04 at pci0 dev 31 function 0 not configured ahci0 at pci0 dev 31 function 2 "Intel 7 Series AHCI" rev 0x04: msi, AHCI 1.3 ahci0: port 0: 6.0Gb/s scsibus0 at ahci0: 32 targets sd0 at scsibus0 targ 0 lun 0:SCSI3 0/direct fixed naa.5000 sd0: 61057MB, 512 bytes/sector, 125045424 sectors, thin "Intel 7 Series SMBus" rev 0x04 at pci0 dev 31 function 3 not configured isa0 at mainbus0 pckbc0 at isa0 port 0x60/5 irq 1 irq 12 uhub0: device problem, disabling port 1 uhub3 at uhub0 port 2 "vendor 0x1a40 USB 2.0 Hub" rev 2.00/1.11 addr 2 uhidev0 at uhub3 port 1 configuration 1 interface 0 "Logitech Logitech Illuminated Keyboard" rev 2.00/55.01 addr 3 uhidev0: iclass 3/1 ukbd0 at uhidev0 wskbd0 at ukbd0: console keyboard, using wsdisplay0 uhidev1 at uhub3 port 1 configuration 1 interface 1 "Logitech Logitech Illuminated Keyboard" rev 2.00/55.01 addr 3 uhidev1: iclass 3/0, 16 report ids uhid at uhidev1 reportid 3 not configured uhid at uhidev1 reportid 16 not configured uhidev2 at uhub3 port 3 configuration 1 interface 0 "vendor 0x040b " rev 1.10/2.00 addr 4 uhidev2: iclass 3/1, 178 report ids uhid at uhidev2 reportid 1 not configured uhid at uhidev2 reportid 178 not configured uhub4 at uhub1 port 1 "vendor 0x8087 product 0x0024" rev 2.00/0.00 addr 2 uhub5 at uhub2 port 1 "vendor 0x8087 product 0x0024" rev 2.00/0.00 addr 2 softraid0 at root scsibus1 at softraid0: 256 targets root on rd0a swap on rd0b dump on rd0b syncing disks... OpenBSD 5.8-current (GENERIC.MP) #1311: Wed Sep 2 01:45:07 MDT 2015 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8443547648 (8052MB) avail mem = 8183746560 (7804MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5
Re: securing web browser
On 8/14/15, Frank White mediome...@gmail.com wrote: Hi, anyone has some advices to make more secure a browser like firefox ? chroot + systrace ? This previoius thread is one solution. Plus read a subsequent thread on pdf viewers. http://marc.info/?l=openbsd-miscm=142676615612510w=2
Re: Default OpenBSD browser
On 7/28/15, Craig Skinner skin...@britvault.co.uk wrote: On 2015-07-28 Tue 15:30 PM |, Mohammad BadieZadegan wrote: What is the best and lightest browser that usefull with fvwm? Dillo is generally good, with Firefox for heavy sites. Depends on where _you_ surf. I'm just an obsd end-user, but it would be wrong for me to not say something nice to/ or about the devs behind the xombrero browser. I think xombrero is a diamond in the rough and I hope they keep polishing it until it becomes a common recommendation on this list. The authors are listed at the bottom of man xombrero
Re: nsd configuration problem
On Wed, Jun 24, 2015 at 1:06 PM, Graham Stephens gra...@thestephensdomain.com wrote: --- On 24/06/2015 18:43, mxb wrote: Hey, this is a bit different from bind/named. nsd is a authoritative server ONLY. unbound is a caching server ONLY. I use those together on the same machine. nsd is handling all zones, unbound answers queries. nsd.conf: [port 5353, snip rest of cfg] unbound.conf: server: ## this one important to be able to query nsd do-not-query-localhost: no private-domain: homelan.com ## this one important to be able to query nsd local-zone: 78.168.192.in-addr.arpa. transparent ## forward to nsd forward-zone: name: homelan.com forward-addr: 127.0.0.1@5353 ## forward to nsd forward-zone: name: 78.168.192.in-addr.arpa forward-addr: 127.0.0.1@5353 ## forward to google forward-zone: name: . forward-addr: 8.8.8.8 This is similar to my setup, although I used stub-zone/stub-addr instead of forward-zone for my internal forward and reverse zones, as that seems to make more sense based on my reading of unbound.conf(5). (It says stub-zone is for authoritative servers, which nsd is, and forward-zone is for recursive servers. I'm not 100% sure I am correct here, however.) I also did not define a global forward-zone -- why not just use the system DNS servers? The important bits to actually make this work are the 'do-not-query-localhost: no' and 'local-zone: C.B.A.in-addr.arpa. transparent' options, needed to override unbound's default behavior of ignoring localhost and RFC1918 addresses. It took me a while to find this, until I discovered the proper keywords to Google for. I think this would be a good addition to the OpenBSD FAQ. While less common than a simple caching resolver, it's probably not too uncommon to have used BIND to serve a local zone and also act as a caching resolver, and having some guidance on how to convert your BIND setup to unbound+nsd would be nice. (Good guidance, not misleading and/or incorrect advice from ca***el.org!) nsd on a localhost high port, serving my old BIND zone files, and unbound forwarding to it for my zones was easy enough, but the two magic options letting unbound actually talk to nsd were somewhat less obvious. -Andrew
Re: Any books about OpenBSD ARM programming?
On Wed, Jun 24, 2015 at 6:57 PM, Geoff Steckel g...@oat.com wrote: The McKusick books are a reasonable introduction to the kernel as it was some decades ago. There was a 2nd edition of The Design and Implementation of the FreeBSD Operating System released September 2014. I haven't looked at it - was it updated to reflect current design? -- andrew fabbro and...@fabbro.org blog: https://raindog308.com