Re: No internet connection (firewall block)
On 2024-04-12 13:04, Karel Lucas wrote: Hi all, Traceroute still won't work. I'm playing around with the rules and wondering what's right and what's wrong with the traceroute rules. Can anyone give me some starting points here? Start with: tcpdump -nettti pflog0. Adjust to suit your needs etc.. /etc/pf.conf: ext_if = igc0 # Extern interface int_if = "{ igc1, igc2 }" # Intern interfaces localnet = "192.168.2.0/24" tcp_services = "{ smtp, domain, www, auth, http, https, pop3, pop3s }" udp_services = "{ domain, ntp }" email = "{ smtp, imap, imaps, imap3, pop3, pop3s }" icmp_types = "{ echoreq, unreach }" icmp6_types = "{ echoreq, unreach }" nameservers = "{ 195.121.1.34, 195.121.1.66 }" client_out = "{ ssh, domain, pop3, auth, nportntp, http, https, \ 446, cvspserver, 2628, 5999, 8000, 8080 }" Martians = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \ 10.0.0.0/8, 169.254, 0.0/16, 192.0.2.0/24, \ 0.0.0.0/8, 240.0.0.0/4 }" set skip on lo # By default, do not permit remote connections to X11 block return in on ! lo0 proto tcp to port 6000:6010 block log all # block stateless traffic block in quick on $ext_if from $martians to any block out quick on $ext_if from any to $martians # Letting ping through: pass log on inet proto icmp icmp-type $icmp_types pass log on inet6 proto icmp6 icmp6-type $icmp6_types # Allow out the default range for traceroute(*): # "base+nhops*nqueries-1" (3434+64*3-1) pass in on $ext_if inet proto udp to port 33433:33626 # for IPv4 pass log out on $ext_if inet proto udp to port 33433:33626 # for IPv4 pass in on $ext_if inet6 proto udp to port 33433:33626 # for IPv6 pass log out on $ext_if inet6 proto udp to port 33433:33626 # for IPv6
Re: Not bootable after successfull fresh install
On 2023-03-06 07:55, Francois Pussault wrote: using installboot manually gave answer files are not given so ISO are faulted Using / as rootinstalling bootstrap on /dev/rsd2cusing first-stage /usr/mdec/biosboot, second-stage /usr/mdec/bootinstallboot: /usr/mdec/biosboot: No such file or directory Le 6 mars 2023 à 12:56, Francois Pussault a écrit : hello, used all from https://www.openbsd.org/faq/faq4.html#Download but no image iso/img/netimage/etc... (7.2) failed install all are working perfectly therefore reboot cannot be done after the install process it looks like it wrote the MBR nowhere or in ram or something similar or install media itself maybe. how to force install of it properly on MBR on SDx choosen by me get the standard "no OS found" error from bios Hello Francois, Please, make sure you pick the right disk at the prompt, not you can enter ? to get the list and judge by the size whether it is the right one usually sd0. You need to write the MBR to it. Usually following the prompts exactly (i.e. no customizations) will result in a full install which works right of the bat. I use the install72.img installer normally. Please post all commands and output errors and make sure your BIOS does not pose any restrictions (UEFI you'll need UEFI partition, etc..). Good luck. George Cordialement Francois Pussault 10 chemin de négo saoumos apt 202 - bat 2 31300 Toulouse +33 6 17 230 820 fpussa...@contactoffice.fr Cordialement Francois Pussault 10 chemin de négo saoumos apt 202 - bat 2 31300 Toulouse +33 6 17 230 820 fpussa...@contactoffice.fr
Re: httpd multiple site same address and port TLS issue
On 2022-08-29 05:50, Stuart Henderson wrote: On 2022-08-29, George wrote: I am wish to run multiple site from the same IP and use different TLS certs for each. .. Problem is I get the certificate for the first declared server each time unless I change the IP or port. How are you testing? If you're using openssl s_client you need the -servername option (though nc -vc is probably more convenient). I am using a web browser and can view the cert and the corresponding error message. netcat would be a good option too so thanks for the hint.
httpd multiple site same address and port TLS issue
Hi guys, I am wish to run multiple site from the same IP and use different TLS certs for each. Example: server "example01.com" { listen on 1.2.3.4 port 80 listen on 1.2.3.4 tls port 443 tls { certificate "example01.com.fullchain.pem" key "example01.com.key" } } server "example02.com" { listen on 1.2.3.4 port 80 listen on 1.2.3.4 tls port 443 tls { certificate "example02.com.fullchain.pem" key "example02.com.key" } } Problem is I get the certificate for the first declared server each time unless I change the IP or port. Is it possible to have a configuration to serve different servers on the same address and port with different TLS certs? Thanks in advance, George
vlan autoconf fails to conf at boot
I created a hostname.vlan10 file which has a single line: inet autoconf parent vge0 vnetid 10 lladdr ... At boot the interface fails to configure but after boot I can login to the console and run "doas sh /etc/netstart" and the interface will configure. What am I doing wrong? Do I need to add something to rc.conf.local to force the parent to configure first? The parent (vge0) has a static IPv4 address. -- George Morgan gmor...@fastmail.fm
Re: apu2 and Atheros WLE600VX not working
On 2021-06-30 8:01 a.m., Stefan Sperling wrote: On Wed, Jun 30, 2021 at 07:45:13AM -0400, George wrote: Hi thanks for the reply! How is the performance on the 200nx are you using it as an access point i.e. router? How many antennas? There is currently no way to run an AP on OpenBSD if you require performance levels comparable to commercially available access points. Regarding athn(4) in particular, there is no support for Tx aggregation and there are unresolved bugs which prevent Tx rates at the upper end from working. You can expect about 20 Mbit/s top, most likely less than that. But it is fairly stable. If performance isn't your main concern it can be fine. athn(4) only supports 2 antenna cards. Cards with 3 anntennas don't work yet. If you can only connect one antenna you need to run this command to prevent packet loss: ifconfig athn0 nwflag nomimo Thanks for the informative and complete answer. I think I will resort to using a cheap off the shelf router for the moment as 20Mb/s top means a lot less average throughput making it kind of pointless as an AP. Cheers, George
Re: apu2 and Atheros WLE600VX not working
On 2021-06-30 3:29 a.m., Marcus MERIGHI wrote: Hello! g.lis...@nodeunit.com (George), 2021.06.30 (Wed) 01:41 (CEST): I am running OpenBSD 6.9 the machine recognizes an earlier version of the same wireless PCIe card, namely the WLE200NX but for some, unknown to me reason, the WLE600VX is not recognized. I checked the athn driver support for the chip set which should be AR9280 and it list it. When I boot I get in dmesg: "Atheros QCA986x/988x" rev 0x00 at pci1 dev 0 function 0 not configured You have: https://www.pcengines.ch/wle600vx.htm Chipset Qualcomm Atheros QCA9882 "Expect some pain, ath10k drivers required. Currently not supported by pfSense / OPNsense !" => GCA9882 is not in athn(4). You want: https://www.pcengines.ch/wle200nx.htm Chipset Qualcomm Atheros AR9280. => AR9280 is in athn(4). I have the latter and it works, in an apu2. Hi thanks for the reply! How is the performance on the 200nx are you using it as an access point i.e. router? How many antennas? Marcus
apu2 and Atheros WLE600VX not working
Hi guys, I am running OpenBSD 6.9 the machine recognizes an earlier version of the same wireless PCIe card, namely the WLE200NX but for some, unknown to me reason, the WLE600VX is not recognized. I checked the athn driver support for the chip set which should be AR9280 and it list it. When I boot I get in dmesg: "Atheros QCA986x/988x" rev 0x00 at pci1 dev 0 function 0 not configured pcidump -v: 1:0:0: Atheros QCA986x/988x 0x: Vendor ID: 168c, Product ID: 003c 0x0004: Command: 0002, Status: 0010 0x0008: Class: 02 Network, Subclass: 80 Miscellaneous, Interface: 00, Revision: 00 0x000c: BIST: 00, Header Type: 00, Latency Timer: 00, Cache Line Size: 10 0x0010: BAR mem 64bit addr: 0xfe20/0x0020 0x0018: BAR empty () 0x001c: BAR empty () 0x0020: BAR empty () 0x0024: BAR empty () 0x0028: Cardbus CIS: 0x002c: Subsystem Vendor ID: Product ID: 0x0030: Expansion ROM Base Address: fe40 0x0038: 0x003c: Interrupt Pin: 01 Line: 00 Min Gnt: 00 Max Lat: 00 0x0040: Capability 0x01: Power Management State: D0 0x0050: Capability 0x05: Message Signalled Interrupts (MSI) Enabled: no 0x0070: Capability 0x10: PCI Express Max Payload Size: 256 / 256 bytes Max Read Request Size: 512 bytes Link Speed: 2.5 / 2.5 GT/s Link Width: x1 / x1 fw_update: Path to firmware: http://firmware.openbsd.org/firmware/6.9/ Installed: vmm-firmware-1.11.0p3 Installed, extra: athn-firmware-1.1p4 Does anyone have this WLE600VX card working on OpenBSD? Thanks in advance, Cheers, George
Re: Usage of .note.openbsd.ident
Thank you for the reply, I was just curious. On Thu, 27 May 2021 at 04:21, Philip Guenther wrote: > > On Fri, May 21, 2021 at 5:28 AM George Brown <321.geo...@gmail.com> wrote: >> >> It seems this ELF note was used for the now dead compat_linux feature. >> Aside from compat systems in other operating systems that may wish to >> identify OpenBSD binaries does this note have any other active uses? > > > The point of the note (and/or the OS/ABI field in the ELF header) is to > permit portable ELF tools to identify how to interpret OS-specific values, > those in the OS-ranges for types, for example. Not inserting _some_ > identifying factor is basically doing an embrace-and-extend on ELF and > actively hostile to portability of tooling. > > If you find that ELF note obnoxious, just fix the linkers to instead set the > ELF ABI field correctly. As I understand it, the 'go' tool chain has done > that for years. It's really the better choice for this, would take less > space and be faster to process. > > > Philip Guenther >
Usage of .note.openbsd.ident
It seems this ELF note was used for the now dead compat_linux feature. Aside from compat systems in other operating systems that may wish to identify OpenBSD binaries does this note have any other active uses?
Re: Split-horizon dns
Hi, Yes use PF to separate your clients on the routing machine and then use the server with the proper DB. HTH On 2021-03-25 6:52 a.m., Родин Максим wrote: Hello, Is there a way to do split horizon dns using NSD? I did not find anything similar in man nsd.conf
Re: Alpine-virt vmd guest tsc directive
On Mon, 29 Jun 2020 14:53:52 -0700 Mike Larkin wrote: > On Mon, Jun 29, 2020 at 08:25:19PM +, Martin wrote: > > Setting up Debian as vmm guest is not a trivial procedure and > > require Debian Linux host with KVM installed first to install your > > guest with screen connected. > > Why do you believe this? Setting up debian in vmm is not any harder > than setting up any other distribution. You just need to make sure to > use their install iso that includes virtio. I think I used the > minimal install iso (can't recall the name, might have even been the > netinst one). I did try netinstall and netboot for Ubuntu all with the same result, namely the installer starts and I can see the first curses screen and then I can pick one of the options but no matter which one I do it all ends up the same freezes or errors out: https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-10.4.0-amd64-netinst.iso This one led to the same issue: ++ | Debian GNU/Linux installer menu (BIOS mode) | || | Graphical install | | Install| | Advanced options > | | Accessible dark contrast installer menu > | | Help | | Install with speech synthesis | || || || || || || ++ Press ENTER to boot or TAB to edit a menu entry Undefined video mode number: 314 Press to see video modes available, to continue, or wait 30 sec Mode: Resolution: Type: 0 F00 80x25 CGA/MDA/HGC Enter a video mode or "scan" to scan for additional modes: and then I cannot type or do anything at all.. I was doing all the setup on OpenBSD 6.7 stable. Cheers, George > > > Once you have your host ready with KVM run a command to set iso up: > > > > qemu-img create -f qcow2 linux.qcow2 128G > > > > kvm -enable-kvm -vnc 127.0.0.1:0 -k en-us -monitor pty -m 2048 -net > > nic -net user -soundhw all -cdrom debian-linux.iso -boot -d -name > > linux -hda linux.qcow2 > > > > Install it and run the machine with VNC connection > > > > kvm -enable-kvm -vnc 127.0.0.1:0 -k en-us -nographic -monitor pty > > -m 2048 -net nic -net user -soundhw all -boot -d -name linux -hda > > linux.qcow > > You don't need to do any of this. > > -ml > > > Onece you do it please mail me back, I'll share next steps > > somewhere. > > > > Martin > > > > ‐‐‐ Original Message ‐‐‐ > > On Monday, June 29, 2020 7:53 PM, George > > wrote: > > > On 2020-06-29 12:54 p.m., Martin wrote: > > > > > > > George, thanks for your feedback! > > > > I'd prefer OpenBSD in 99% of situations, but now I need to roll > > > > out Docker. Docker = linux. So I have to solve all the major > > > > issues, especially with clock, and run it for a project using > > > > OpenBSD host of course. > > > > > > Work is an imposed 'choice' ;) and yes that is where > > > virtualization shines a little light in the tunnel. > > > > > > > I set vmd Debian desktop guest a year ago with 5.2.x kernel > > > > which boots headless on vmd. Virtual framebuffer used for VNC > > > > connection from the same OpenBSD host by vnc viewer. Works > > > > perfectly, except clock... > > > > > > I would be interested in any instructions you might have on > > > setting that up. > > > > Currently, rebuilt kernel and vmd from -current. Going to make > > > > 5.4.x related vmm_clock module for minimalist Alpine-virt Linux > > > > guest. I'll report about results once done. > > > > > > That would be great. > > > > > > Thanks. > > > > > > > Martin > > > > ‐‐‐ Original Message ‐‐‐ > > > > On Monday, June 29, 2020 4:21 PM, George g.lis...@nodeunit.com > > > > wrote: > > > > > On 2020-06-29 8:51 a.m., Martin Sukany wrote: > > > > > > > >
Re: Alpine-virt vmd guest tsc directive
On 2020-06-29 12:54 p.m., Martin wrote: George, thanks for your feedback! I'd prefer OpenBSD in 99% of situations, but now I need to roll out Docker. Docker = linux. So I have to solve all the major issues, especially with clock, and run it for a project using OpenBSD host of course. Work is an imposed 'choice' ;) and yes that is where virtualization shines a little light in the tunnel. I set vmd Debian desktop guest a year ago with 5.2.x kernel which boots headless on vmd. Virtual framebuffer used for VNC connection from the same OpenBSD host by vnc viewer. Works perfectly, except clock... I would be interested in any instructions you might have on setting that up. Currently, rebuilt kernel and vmd from -current. Going to make 5.4.x related vmm_clock module for minimalist Alpine-virt Linux guest. I'll report about results once done. That would be great. Thanks. Martin ‐‐‐ Original Message ‐‐‐ On Monday, June 29, 2020 4:21 PM, George wrote: On 2020-06-29 8:51 a.m., Martin Sukany wrote: Hi George, did you solved the issue? I remember that I faces similar thing when I installed headless ubuntu as a guest … My issue was related to the fact that I used ‚boot cdrom‘ directive inside my configuration (seems that there is a bit inconsistency between the man page and the real configuration). This is is a relevant piece of my config: vm "ubuntu" { memory 2G cdrom /data/vms/_iso/mini-serial.iso disk /data/vms/ubuntu.raw interface tap { switch "uplink" } disable } I had bad experience with usage of qcow2 disk format for Linux based guests — especially when you’re trying to do dozens of I/O operations — several disk containers crashed before I migrated them to raw format. if you have more than 4 vms, don’t forget to create another /dev/tap device, otherwise you could expect the unexpectable behaviour :) M> Hello Martin, Thanks for the pointers. I abandoned my Linux efforts, too many issue and things to learn no time now. My goals could be satisfied by an OpenBSD VM and it is much better than most Linuxes ;). I have been swimming against the current (read using things/software/apis/os/tools etc. when people said it is not what is supposed to be done) but as of late I find it more relaxing going with it ;). Virtualization is such a ... mess which like everything else in our lives nowadays is designed to cover another mess ... I want to run Linux software on OpenBSD because I don't want to dedicate a machine to Linux and want to upgrade or run the version I want until I want ... I should be free to make that choice because of "I", sarcastic here, problem is CPU vendors and OS developers have to jump some hoops and add some features to make it happen ... and then things happen that the I does not like. Thanks for adding this info albeit to the wrong thread, I read it because I like Alpine and was thinking of it myself, but they don't have a ready console install version do they? Cheers, George Hi guys, I apologize if this maybe out of topic even though it is truly related to VMM than Debian. I am trying to setup a VMM Debian based guest but I'm not able to get it to work. I found some description on the web about which settings to edit in grub.cfg to enable the serial console and created a VM with 10.3 in qcow2 disk format in KVM. Now I am trying to start the same on OpenBSD 6.7 but keep getting the connected message and then just "Rebooting " after I hit some keyboard keys seems like baud rate issue but not sure. After messing with it for a while now I am getting a new error: vmctl: could not open disk image(s) even thought the disk is there and readable to the user I have setup in vm.conf in fact I have another VM with the same configuration and disk with the same permissions and in the same location that works (it is OpenBSD based). I would greatly appreciate it if someone has gone this path and can share some config info with me. Cheers and thanks in advance, George
Re: Alpine-virt vmd guest tsc directive
On 2020-06-29 8:51 a.m., Martin Sukany wrote: Hi George, did you solved the issue? I remember that I faces similar thing when I installed headless ubuntu as a guest … My issue was related to the fact that I used ‚boot cdrom‘ directive inside my configuration (seems that there is a bit inconsistency between the man page and the real configuration). This is is a relevant piece of my config: vm "ubuntu" { memory 2G cdrom /data/vms/_iso/mini-serial.iso disk /data/vms/ubuntu.raw interface tap { switch "uplink" } disable } I had bad experience with usage of qcow2 disk format for Linux based guests — especially when you’re trying to do dozens of I/O operations — several disk containers crashed before I migrated them to raw format. if you have more than 4 vms, don’t forget to create another /dev/tap device, otherwise you could expect the unexpectable behaviour :) M> Hello Martin, Thanks for the pointers. I abandoned my Linux efforts, too many issue and things to learn no time now. My goals could be satisfied by an OpenBSD VM and it is much better than most Linuxes ;). I have been swimming against the current (read using things/software/apis/os/tools etc. when people said it is not what is supposed to be done) but as of late I find it more relaxing going with it ;). Virtualization is such a ... mess which like everything else in our lives nowadays is designed to cover another mess ... I want to run Linux software on OpenBSD because I don't want to dedicate a machine to Linux and want to upgrade or run the version I want until I want ... I should be free to make that choice because of "I", sarcastic here, problem is CPU vendors and OS developers have to jump some hoops and add some features to make it happen ... and then things happen that the I does not like. Thanks for adding this info albeit to the wrong thread, I read it because I like Alpine and was thinking of it myself, but they don't have a ready console install version do they? Cheers, George Hi guys, I apologize if this maybe out of topic even though it is truly related to VMM than Debian. I am trying to setup a VMM Debian based guest but I'm not able to get it to work. I found some description on the web about which settings to edit in grub.cfg to enable the serial console and created a VM with 10.3 in qcow2 disk format in KVM. Now I am trying to start the same on OpenBSD 6.7 but keep getting the connected message and then just "Rebooting " after I hit some keyboard keys seems like baud rate issue but not sure. After messing with it for a while now I am getting a new error: vmctl: could not open disk image(s) even thought the disk is there and readable to the user I have setup in vm.conf in fact I have another VM with the same configuration and disk with the same permissions and in the same location that works (it is OpenBSD based). I would greatly appreciate it if someone has gone this path and can share some config info with me. Cheers and thanks in advance, George
Re: OpenBSD alternatives to Pi-Hole
On 2020-06-15 11:52 a.m., Jon Tabor wrote: On Fri, Jun 12, 2020 at 04:33:08PM -0700, Jordan Geoghegan wrote: On 2020-06-12 14:01, George wrote: On 2020-06-12 3:41 p.m., Maurice McCarthy wrote: You could have a look at https://www.geoghegan.ca/unbound-adblock.html and https://www.geoghegan.ca/pfbadhost.html Simply great! Will definitely try these out. Merci! George Hey there, I'm the author of those scripts. In response to concerns about heavyness/memory use of DNS blocklists: unbound-adblock is pretty light on memory (~30MB of RAM usage) as we serve NXDOMAIN responses instead of redirecting to 0.0.0.0 etc. By doing this we save a massive amount of memory that would otherwise be spent mapping each domain to a black hole address. I run unbound-adblock on many Edgerouter Lites and havent had any issues. Regards, Jordan Geoghegan I'm using these scripts (or a version of them; I've had them in for a while), and it's using NXDOMAIN which loads way faster and uses a lot less memory. I also slightly tweaked the script I have to include a whitelist file, as my wife keeps finding sites that simply won't work properly. It simply calls sed to remove lines from the unbound-adhosts.conf file Works great. I also set up pf to redirect all DNS queries to my local instance of unbound, so you can't easily bypass it (unless you use DNS over HTTPS). Jon Tabor tab...@obsolete.site Thanks for sharing, this is good to know!
Re: VMM Debian guest serial setup help needed
On 2020-06-12 11:17 a.m., George wrote: On 2020-06-10 4:15 p.m., Benjamin Baier wrote: On Wed, 10 Jun 2020 14:36:46 -0400 George wrote: Hi guys, I apologize if this maybe out of topic even though it is truly related to VMM than Debian. I am trying to setup a VMM Debian based guest but I'm not able to get it to work. I found some description on the web about which settings to edit in grub.cfg to enable the serial console and created a VM with 10.3 in qcow2 disk format in KVM. Now I am trying to start the same on OpenBSD 6.7 but keep getting the connected message and then just "Rebooting " after I hit some keyboard keys seems like baud rate issue but not sure. Don't need the KVM/qemu step. Didn't know that was possible, much better thanks :) After messing with it for a while now I am getting a new error: vmctl: could not open disk image(s) Better start over. And so I did ... even thought the disk is there and readable to the user I have setup in vm.conf in fact I have another VM with the same configuration and disk with the same permissions and in the same location that works (it is OpenBSD based). I would greatly appreciate it if someone has gone this path and can share some config info with me. Here is how I got debian 9 (stretch) installed. http://www.netzbasis.de/openbsd/vmd-debian/index.html I think the virtio-modules are now included in the debian 10 (buster) installer, but not tested. I am trying your preped boot.img so far going through install options most of which lead to: Loading linux... ok Loading initrd.gz...ok Probing EDD (edd=off to disable)... ok Undefined video mode number: 314 Press to see video modes available, to continue, or wait 30 sec Mode: Resolution: Type: 0 F00 80x25 CGA/MDA/HGC Enter a video mode or "scan" to scan for additional modes: trying Install which I thought would be best (2-nd one after Graphical Install) hangs with: [ 0.00] ACPI BIOS Error (bug): A valid RSDP was not found (20160831/tbxfroot-244) [ 0.806052] Initramfs unpacking failed: write error [ 0.814403] [Firmware Bug]: cpu 0, invalid IBS interrupt offset 0 (MSRC001103A=0x) [ 1.852264] mce: Unable to init device /dev/mcelog (rc: -5) Thanks for your help and the page! I tried a few more times still no luck. What is the key combination I need to use to get into a shell to load the modules. Hitting Esc puts me into boot> program which does not understand module handling etc.. and the menu does not let me to run a shell. I am missing something ...? Thanks! Cheers, George
Re: OpenBSD alternatives to Pi-Hole
On 2020-06-12 3:41 p.m., Maurice McCarthy wrote: You could have a look at https://www.geoghegan.ca/unbound-adblock.html and https://www.geoghegan.ca/pfbadhost.html Simply great! Will definitely try these out. Merci! George
Re: OpenBSD alternatives to Pi-Hole
On 2020-06-12 3:57 p.m., Daniel Jakots wrote: On Fri, 12 Jun 2020 21:51:50 +0200, fRANz wrote: On Fri, Jun 12, 2020 at 9:35 PM Daniel Jakots wrote: I have a script that fetches the block list and put it in a unbound format. It's in a special unbound config file that I include in my unbound.conf. This has way fewer features than pihole though so it depends on what you want/need. May I ask the average file size of your unbound zones? I do the same on my APU4 (4GB version, OpenBSD v6.7) but for huge file zones I got unbound timeout during zone loading. I have only one file and it's 4.6M/111246 lines. It takes a while to start: I just timed it and it took 12s. It runs on a APU2C2 (iirc, but it has for sure 2G of ram). Wow that seems kind of hungry... :) I was planning on running this as a service in VM so I can move it when I am upgrading etc.. anyway will give this a shot. @Daniel: Would you care sharing a link to your script or is it not BSD licensed? Thanks guys!
OpenBSD alternatives to Pi-Hole
Hi guys, I am trying to setup a Pi-Hole service, i.e. add blocking based on empty DNS records zones files, for my local LAN and would like to ask what people are using on OpenBSD in this role? Thanks in advance, George
Re: VMM Debian guest serial setup help needed
On 2020-06-10 4:29 p.m., Tom Smyth wrote: Hi George, a reboot on a serial console is probably due to the serial console speeds miss matching, between your console client and the console on the guest. make sure you are setting the console speed / parity, etc also this issue happens frequently also when booting the PC Engines board where the bios runs at 115200 baud , N 8 1 and then the OpenBSD Console changes to 9600 N 8 1 during boot (defaults on installxx.fs / installxx.img hope this helps Tom Smyth Thanks Tom! I agree I have seen this reboot behavior on apu's and a soekris device(s), but I am setting the rate properly or so I believe anyway. The trick with the install on APU's is to set the baud rate at install time along with the console port: stty com0 19200 set tty com0 Here though I have preinstalled and pre-build the OS and updated the GRUB config to use the console to send boot and other messages unfortunately apparently not really ... On Wed, 10 Jun 2020 at 21:01, George wrote: Hi guys, I apologize if this maybe out of topic even though it is truly related to VMM than Debian. I am trying to setup a VMM Debian based guest but I'm not able to get it to work. I found some description on the web about which settings to edit in grub.cfg to enable the serial console and created a VM with 10.3 in qcow2 disk format in KVM. Now I am trying to start the same on OpenBSD 6.7 but keep getting the connected message and then just "Rebooting " after I hit some keyboard keys seems like baud rate issue but not sure. After messing with it for a while now I am getting a new error: vmctl: could not open disk image(s) even thought the disk is there and readable to the user I have setup in vm.conf in fact I have another VM with the same configuration and disk with the same permissions and in the same location that works (it is OpenBSD based). I would greatly appreciate it if someone has gone this path and can share some config info with me. Cheers and thanks in advance, George
Re: VMM Debian guest serial setup help needed
On 2020-06-10 4:18 p.m., Dave Voutila wrote: George writes: Hi guys, I apologize if this maybe out of topic even though it is truly related to VMM than Debian. I am trying to setup a VMM Debian based guest but I'm not able to get it to work. I found some description on the web about which settings to edit in grub.cfg to enable the serial console and created a VM with 10.3 in qcow2 disk format in KVM. Now I am trying to start the same on OpenBSD 6.7 but keep getting the connected message and then just "Rebooting " after I hit some keyboard keys seems like baud rate issue but not sure. Not baudrate related, but there are some known issues in OpenBSD 6.7 related to the emulated uart device in vmd(8). (I have a patch if you follow -current[1] that fixes stability issues.) Oh-oh didn't know of those :). No I am not following current, unfortunately. My advice is to install using vmm(4)/vmd(8) and not migrate an image from KVM. I believe Debian started including the virtio cdrom drivers finally...but, if not, google for some guides on adding those to the iso. This sounds good, will try it next. Make sure you install OpenSSH and rely on ssh(1) connections to the guest. As soon as you can, modify the grub defaults in /etc/default/grub and set the GRUB_CMDLINE_LINUX_DEFAULT to include: tsc=reliable tsc=noirqtime console=ttyS0,115200 Make sure to run update-grub afterwards. You mean grub-mkconfig? You'll probably have a bad time with your clock, though Debian use a 4.x kernel, so it won't be too bad and may manage using tsc as a clocksource. Otherwise expect refined-jiffies as the clocksource and it may run at a rate of 50% of host time. I wish I could get to that point... hehe. Does this mean that the CPU will tick at a rate half the main processor? That means performance /2 ...??? I recommend you also build and install my Linux clone of vmmci(4)[2] within the Debian guest if you want safe guest shutdowns. Will do once I get there. After messing with it for a while now I am getting a new error: vmctl: could not open disk image(s) even thought the disk is there and readable to the user I have setup in vm.conf in fact I have another VM with the same configuration and disk with the same permissions and in the same location that works (it is OpenBSD based). Use top(1) showing threads and command line args: top -C -g vmd Chances are you have a lingering vmd(8) process for the Debian guest using the disk. Kill -9 the one with the vm name. That is an excellent point never checked... I would greatly appreciate it if someone has gone this path and can share some config info with me. Cheers and thanks in advance, George [1] https://sisu.io/patches/vmd-thread-safety-07062020-v1.patch [2] https://github.com/voutilad/virtio_vmmci Thanks Dave, this is really appreciated. You have given me more information to go on. Cheers, George -Dave
Re: VMM Debian guest serial setup help needed
On 2020-06-10 4:15 p.m., Benjamin Baier wrote: On Wed, 10 Jun 2020 14:36:46 -0400 George wrote: Hi guys, I apologize if this maybe out of topic even though it is truly related to VMM than Debian. I am trying to setup a VMM Debian based guest but I'm not able to get it to work. I found some description on the web about which settings to edit in grub.cfg to enable the serial console and created a VM with 10.3 in qcow2 disk format in KVM. Now I am trying to start the same on OpenBSD 6.7 but keep getting the connected message and then just "Rebooting " after I hit some keyboard keys seems like baud rate issue but not sure. Don't need the KVM/qemu step. Didn't know that was possible, much better thanks :) After messing with it for a while now I am getting a new error: vmctl: could not open disk image(s) Better start over. And so I did ... even thought the disk is there and readable to the user I have setup in vm.conf in fact I have another VM with the same configuration and disk with the same permissions and in the same location that works (it is OpenBSD based). I would greatly appreciate it if someone has gone this path and can share some config info with me. Here is how I got debian 9 (stretch) installed. http://www.netzbasis.de/openbsd/vmd-debian/index.html I think the virtio-modules are now included in the debian 10 (buster) installer, but not tested. I am trying your preped boot.img so far going through install options most of which lead to: Loading linux... ok Loading initrd.gz...ok Probing EDD (edd=off to disable)... ok Undefined video mode number: 314 Press to see video modes available, to continue, or wait 30 sec Mode: Resolution: Type: 0 F00 80x25 CGA/MDA/HGC Enter a video mode or "scan" to scan for additional modes: trying Install which I thought would be best (2-nd one after Graphical Install) hangs with: [ 0.00] ACPI BIOS Error (bug): A valid RSDP was not found (20160831/tbxfroot-244) [ 0.806052] Initramfs unpacking failed: write error [ 0.814403] [Firmware Bug]: cpu 0, invalid IBS interrupt offset 0 (MSRC001103A=0x) [ 1.852264] mce: Unable to init device /dev/mcelog (rc: -5) Thanks for your help and the page! Cheers, George
VMM Debian guest serial setup help needed
Hi guys, I apologize if this maybe out of topic even though it is truly related to VMM than Debian. I am trying to setup a VMM Debian based guest but I'm not able to get it to work. I found some description on the web about which settings to edit in grub.cfg to enable the serial console and created a VM with 10.3 in qcow2 disk format in KVM. Now I am trying to start the same on OpenBSD 6.7 but keep getting the connected message and then just "Rebooting " after I hit some keyboard keys seems like baud rate issue but not sure. After messing with it for a while now I am getting a new error: vmctl: could not open disk image(s) even thought the disk is there and readable to the user I have setup in vm.conf in fact I have another VM with the same configuration and disk with the same permissions and in the same location that works (it is OpenBSD based). I would greatly appreciate it if someone has gone this path and can share some config info with me. Cheers and thanks in advance, George
Continuation of stopped process in tmux
It appears in handling SIGCHLD if the child is stopped due to SIGTSTP or SIGSTOP then it is continued. Indeed screen appears to do the same. Could someone kindly explain to me why this is done? I ask as dvtm (another terminal multiplexer) hits an issue on MacOS where what would be called "panes" in tmux parlance hang on the shell exit due to being stopped. As to why the shells end up stopped on MacOS is something I've yet to fiugre out. Many thanks, George
Re: routing traffic to transparent squid cluster
On Thu, 9 Aug 2018 15:59:32 +0200 Joerg Streckfuss wrote: > Dear list, > > i'm playing around with a squid setup, where the http traffic from a > client is transparently routed from the gateway (openbsd 6.3) to two > squid caches (squid 3.5.28). This means the caches are _not_ placed > on the gateway. > > With PF this is very easy to achieve: > > pass in quick on $INT_IF inet proto tcp from $CLIENT to any port 80 \ > route-to { ( $DMZ_IF $SQUID_1), (trunk2 SQUID_2) } least-states > > So far, so good. My next goal is redundancy. In other words the > gateway should stop routing traffic to an unreachable cache. Imho I > thought this is very easy to achieve with the help of relayd. > > To map the upper PF rule to a fully redundant setup, I tried > something like this: > > PF: > pass in quick on $INT_IF inet proto tcp from $CLIENT to any port http > \ divert-to 127.0.0.1 port 3130 > > Relayd: > relay webproxy_3130 { > listen on 127.0.0.1 port 3130 > transparent forward to port 80 check tcp mode > loadbalance } > > But of course this doesn't work because the relay translates the > destination address which it should not. I didn't found any options > like a pf route-to for relays and think it wouldn't make much sense > in the context of relays. Relayd supports a route-to option for > redirects but I dind't found a working configuration. Hi there, I believe you may be looking for a redirect not a relay. It all really depends on your network topology and what you are trying to do but in general something like this is what you are looking at: browser --- > gateway (relayd) > proxy (squid etc.) proxy ---> gateway (pf/nat) ---> internet (whatever the world has to offer...) internet ---> gateway (pf/nat) ---> proxy proxy ---> gateway (relayd) ---> browser I have not played or experimented with the setup you are working on but I did buy the excellent Michael W Lucas book "Relayd and Httpd" Mastery(https://mwl.io/nonfiction/tools) which I am reading at the moment and can tell you that there are 2 ways of doing things with relayd one is redirect (i.e. send request somewhere else while checking availability and state of redundant set/table and let the communication happen between the 2 parties after that) or relay play a MIT role and be able to alter things in both directions of the communication where in you are the one who can control certain aspects read packet content. I see your setup is the latter which is more powerful and interesting but maybe by design more difficult to get right, why don't you start with the first redirect and see how far that gets you. Cheers, George
Re: Employers, Jobs and OpenBSD
On Mon, Jul 16, 2018 at 12:58 PM Steve Litt wrote: > On Fri, 13 Jul 2018 23:05:09 -0300 > > > > If there is not reason for to learn use OpenBSD to find job, why use > > OpenBSD? > I did not learn it to get a job. I used it in my job instead to get a better network firewall than the M S Windows/Linux/FreeBSD variants. The reasons for using OpenBSD can be gleaned from the OS website. --Siju
Re: Wake-on-LAN from suspended state
On 25/04/18 07:55, Paul de Weerd wrote: On Wed, Apr 25, 2018 at 02:27:44AM -0400, Jiri B wrote: | On Tue, Apr 24, 2018 at 10:11:44PM +0200, Paul de Weerd wrote: | > [...] | > em0 at pci0 dev 25 function 0 "Intel I217-LM" rev 0x04: msi, address b8:ca:3a:93:03:e8 | | IIUC em does not support WOL. Am I right? Thanks Jiri, Daniel and one person who responded off-list. I had missed the ifconfig wol option, this does exactly what I want: wol Enable Wake on LAN (WoL). When enabled, reception of a WoL frame will cause the network card to power up the system from standby or suspend mode. WoL frames are sent using arp(8). But indeed, as Jiri suggests, it seems that em(4) doesn't support WOL: [weerd@pom] $ doas ifconfig em0 wol ifconfig: SIOCSIFXFLAGS: Not supported Thanks for all the replies! Paul 'WEiRD' de Weerd Hi Paul, I see the same apparent lack of support but I've been using wol happily with em on both 6.2 and 6.3 i386 ... I use it to wake up a box shutdown with "halt -p". I don't remember doing anything clever and I can't see anything related in any config files. Regards, George.
KARL, config -e, syspatch difficulties
I have a Kettop box with J1900 cpu which is proving a bit of a pain. I have very limited time (and knowledge) to spend on this but ... It worked fine with 6.1 i386 (amd64 has been flaky at best with 6.1 and 6.2, I haven't tried 6.3). With 6.2 although bsd.rd was fine to do a fresh install, booting with the installed kernel failed. Eventually after much reading of mailing lists I realised it was the inteldrm driver and discovered "config -ef /bsd". This fix didn't survive a reboot though and after more time and reading, I worked out what bsd.booted was and the effect KARL was having. Next step was to disable KARL. This doesn't seem to weaken my security to me as the only time the box is rebooted is after an upgrade to a new version or with syspatch and it's easy enough to relink once and then disable it again. Then I spotted that syspatch doesn't actually update the installed kernel if KARL is disabled. That was easy enough to work round with a trivial script. Finally my question - have I understood what's going on and is this all intended? I couldn't find anything documented (reading the source is beyond me I'm afraid) about these interactions. I suspect the "right" way to deal with my problem would be to compile my own kernel but I am trying to avoid having to do this. I couldn't find any other way to disable a driver on boot. By the time I had enough idea what was going on to think about filing a bug 6.3 was getting close and I had read messages (can't remember if on misc or bugs) that said that inteldrm had been fixed. If it would help I can open or add to a bug. Regards, George.
Re: Black screen when starting Xorg with new laptop.
Sure. But I am not sure in which state you want me to send them. I haven't disabled inteldrm like pstern suggested. tbh, I wouldn't know how to do that yet. What I did do was upgrade to the latest snapshot from February 28th and give it another syspatch but that didn't fix the problem. Here is my dmesg and Xorg.0.log. On Wed, Feb 28, 2018 at 4:11 PM, Noth <nothingn...@citycable.ch> wrote: > Can you boot without X running, copy /var/log/Xorg.0.log and dmesg to a usb > stick or another machine and then upload those to this thread? This is an > ongoing acpi issue with inteldrm I believe, it stopped working in 6.2 for > Skylake and newer intel GPUs. No change in sight... > > > Noth > > > On 26/02/18 23:11, George Ramirez wrote: >> >> Sadly this didn't work. I tried the keys for the screen brightness but >> nothing changed. >> >> On Thu, Feb 22, 2018 at 3:29 PM, Andrew <and...@quickstick.net> wrote: >> >>> On 02/22/18 09:27, George Ramirez wrote: >>> >>>> with intel 620 UHD graphics. At first, the console shows with underscan, >>>> then the resolution changes to the native one, and finally it goes >>>> black. >>>> >>> It's a frustrating problem because there are no errors and it seemingly >>> doesn't work. I bet X is actually running properly but xbacklight >>> somehow ended up = 0. Tap the "brightness" key on your keyboard a couple >>> times and see if it illuminates the display properly. On my ThinkPad >>> it's [Fn]+[Home]. Also check out man xbacklight(1). Good luck !!! >>> > dmesg Description: Binary data # cat /var/log/Xorg.0.log [23.819] (--) checkDevMem: using aperture driver /dev/xf86 [23.842] (--) Using wscons driver on /dev/ttyC4 [23.860] X.Org X Server 1.19.6 Release Date: 2017-12-20 [23.861] X Protocol Version 11, Revision 0 [23.861] Build Operating System: OpenBSD 6.2 amd64 [23.861] Current Operating System: OpenBSD novao.home 6.2 GENERIC.MP#15 amd64 [23.861] Build Date: 27 February 2018 10:32:31PM [23.861] [23.861] Current version of pixman: 0.34.0 [23.861]Before reporting problems, check http://wiki.x.org to make sure that you have the latest version. [23.861] Markers: (--) probed, (**) from config file, (==) default setting, (++) from command line, (!!) notice, (II) informational, (WW) warning, (EE) error, (NI) not implemented, (??) unknown. [23.861] (==) Log file: "/var/log/Xorg.0.log", Time: Thu Mar 1 02:40:44 2018 [23.862] (==) Using system config directory "/usr/X11R6/share/X11/xorg.conf.d" [23.863] (==) No Layout section. Using the first Screen section. [23.863] (==) No screen section available. Using defaults. [23.863] (**) |-->Screen "Default Screen Section" (0) [23.863] (**) | |-->Monitor "" [23.863] (==) No monitor specified for screen "Default Screen Section". Using a default monitor configuration. [23.864] (==) Automatically adding devices [23.864] (==) Automatically enabling devices [23.864] (==) Not automatically adding GPU devices [23.864] (==) Max clients allowed: 256, resource mask: 0x1f [23.868] (==) FontPath set to: /usr/X11R6/lib/X11/fonts/misc/, /usr/X11R6/lib/X11/fonts/TTF/, /usr/X11R6/lib/X11/fonts/OTF/, /usr/X11R6/lib/X11/fonts/Type1/, /usr/X11R6/lib/X11/fonts/100dpi/, /usr/X11R6/lib/X11/fonts/75dpi/ [23.868] (==) ModulePath set to "/usr/X11R6/lib/modules" [23.868] (II) The server relies on wscons to provide the list of input devices. If no devices become available, reconfigure wscons or disable AutoAddDevices. [23.868] (II) Loader magic: 0x351bf42000 [23.868] (II) Module ABI versions: [23.868]X.Org ANSI C Emulation: 0.4 [23.868]X.Org Video Driver: 23.0 [23.868]X.Org XInput driver : 24.1 [23.868]X.Org Server Extension : 10.0 [23.868] (--) PCI:*(0:0:2:0) 8086:5917:1558:1313 rev 7, Mem @ 0xdb00/16777216, 0x9000/268435456, I/O @ 0xf000/64 [23.868] (II) LoadModule: "glx" [23.870] (II) Loading /usr/X11R6/lib/modules/extensions/libglx.so [23.877] (II) Module glx: vendor="X.Org Foundation" [23.877]compiled for 1.19.6, module version = 1.0.0 [23.877]ABI class: X.Org Server Extension, version 10.0 [23.877] (==) Matched modesetting as autoconfigured driver 0 [23.877] (==) Assigned the driver to the xf86ConfigLayout [23.877] (II) LoadModule: "modesetting" [23.878] (II) Loading /usr/X11R6/lib/modules/drivers/modesetting_drv.so [23.878] (II) Module m
Re: Black screen when starting Xorg with new laptop.
Sadly this didn't work. I tried the keys for the screen brightness but nothing changed. On Thu, Feb 22, 2018 at 3:29 PM, Andrew <and...@quickstick.net> wrote: > On 02/22/18 09:27, George Ramirez wrote: > >> with intel 620 UHD graphics. At first, the console shows with underscan, >> then the resolution changes to the native one, and finally it goes black. >> > > It's a frustrating problem because there are no errors and it seemingly > doesn't work. I bet X is actually running properly but xbacklight > somehow ended up = 0. Tap the "brightness" key on your keyboard a couple > times and see if it illuminates the display properly. On my ThinkPad > it's [Fn]+[Home]. Also check out man xbacklight(1). Good luck !!! >
Black screen when starting Xorg with new laptop.
So far I have been unable to start X with a new OpenBSD install on my laptop. I am a complete beginner to OpenBSD. I did manage to get to the desktop environment in a virtualbox vm. I tried both the default fvwm and gnome, with both xenodm and gdm. This all worked fine, albeit very slow on non accelerated vm graphics. However, on my N130WU laptop the screen goes black right after the boot up messages. This is a kaby lake refresh laptop with intel 620 UHD graphics. At first, the console shows with underscan, then the resolution changes to the native one, and finally it goes black. I was still able to connect through SSH while the laptop was in this state and get the Xorg.0.log. The log told me to add machdep.allowaperture=1 to /etc/sysctl.conf which I did, but the screen went black again after I rebooted. From the new Xorg.0.log I can not understand what went wrong this time. Here are the new Xorg.0.log and dmesg output. https://pastebin.com/F9Gf26mb https://pastebin.com/SQRgxBdz George
Re: PCEngines APU2 Wifi router issues
On Sat, 23 Dec 2017 12:36:03 -0700 Steve Williams <st...@williamsitconsulting.com> wrote: > On 22/12/2017 7:00 PM, Carlos Cardenas wrote: > > George <g.lis...@nodeunit.com> wrote: > > > >> On Thu, 21 Dec 2017 21:25:44 -0800 > >> Carlos Cardenas <cardena...@gmail.com> wrote: > >> > >>> George <g.lis...@nodeunit.com> wrote: > >>> > >>>> Hi guys, > >>>> > >>>> I got the apu2b4 to build a wifi router with an Intel Dual Band > >>>> Wireless AC 7260 wifi module. The module firmware was loaded by > >>>> fw_update at first boot and connecting to my existing AP works > >>>> but when > >>>> > >>>> I try to set it up as an access point with: > >>>> > >>>> ifconfig iwm0 up media autoselect mediaopt hostap mode 11g nwid > >>>> MySSID wpakey MyKey > >>>> > >>>> I get in ifconfig iwm0 > >>>> ... > >>>> status: no network > >>>> ... > >>>> > >>>> and associating/connecting from my Linux laptop does not work... > >>>> I am not even seeing the AP with this "MySSID" in the scan > >>>> listing. Any suggestions or ideas as to what might be wrong are > >>>> welcome. > >>>> > >>>> TIA > >>>> George > >>>> > >>> George, > >>> > >>> iwm(4) is not capable for access point usage. > >>> > >>> Check out https://www.openbsd.org/faq/faq6.html#Wireless for a > >>> list. > >>> > >>> +--+ > >>> Carlos > >> Sorry but now I have another question I live in Canada and the > >> PCEngines website points to one reseller here and they seem to not > >> have the right card: > >> > >> https://corpshadow.biz/bizstore/system-components/wireless-components/radio-cards/ > >> > >> any idea where I can get one preferably in Canada. > >> > >> Thanks in advance. > >> George > > They had the WLE200NX listed on the page: > > https://corpshadow.biz/bizstore/compex/dualband-80211n-mimo-2x2-minipcie.html > > > > If you don't like that card, you can always pick something up on > > ebay. > > > > +--+ > > Carlos > > Hi, > > I have one of those cards (WLE200NX ) in my APU. Be aware that > OpenBSD drivers don't give very fast performance for it. Lots about > it in the email list archives. > > Mine shows up (OpenBSD 6.1) as: > > athn0 at pci4 dev 0 function 0 "Atheros AR9281" rev 0x01: apic 5 > int 16 athn0: AR9280 rev 2 (2T2R), ROM rev 22, address > 04:f0:21:1b:b3:68 Thanks Steve that is good to know. Do you have any numbers to share, comparison under different OS maybe? Regards, George > > > Cheers, > Steve Williams >
Re: Panic: ffs_blkfree on 6.0 GENERIC.MP
We tracked the problem to the underlying storage of the VM, so it is not OpenBSD related. On Wed, Jan 10, 2018 at 12:50 PM, George Kourvoulis <gko...@gmail.com> wrote: > Hello, > > Today I have found one of my gateways (VM on esxi 6.5) in the state that > is shown here: > https://imgur.com/a/SV687 > > Unfortunately I didn't have time to gather more info because I had to > reboot the machine in order to resume operations. > > Any pointers would be much appreciated. > > Thanks, > George > > PS. Here is the output of my dmesg: > > OpenBSD 6.0 (GENERIC.MP) #2319: Tue Jul 26 13:00:43 MDT 2016 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > real mem = 2130640896 <21%203064%200896> (2031MB) > avail mem = 2061656064 (1966MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (239 entries) > bios0: vendor Phoenix Technologies LTD version "6.00" date 04/05/2016 > bios0: VMware, Inc. VMware Virtual Platform > acpi0 at bios0: rev 2 > acpi0: sleep states S0 S1 S4 S5 > acpi0: tables DSDT FACP BOOT APIC MCFG SRAT HPET WAET > acpi0: wakeup devices PCI0(S3) USB_(S1) P2P0(S3) S1F0(S3) S2F0(S3) > S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3) S10F(S3) > S11F(S3) S12F(S3) S13F(S3) [...] > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: Intel(R) Xeon(R) CPU E5-2620 v3 @ 2.40GHz, 2397.56 MHz > cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA, > CMOV,PAT,PSE36,CFLUSH,DS,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL, > SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT, > AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,LONG,LAHF,PERF, > ITSC,FSGSBASE,SMEP,ERMS,ARAT > cpu0: 256KB 64b/line 8-way L2 cache > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges > cpu0: apic clock running at 65MHz > ioapic0 at mainbus0: apid 1 pa 0xfec0, version 11, 24 pins > acpimcfg0 at acpi0 addr 0xf000, bus 0-127 > acpihpet0 at acpi0: 14318179 Hz > acpiprt0 at acpi0: bus 0 (PCI0) > acpicpu0 at acpi0: C1(@1 halt!) > "PNP0001" at acpi0 not configured > "PNP0303" at acpi0 not configured > "PNP0F13" at acpi0 not configured > "PNP0A05" at acpi0 not configured > "PNP0400" at acpi0 not configured > "PNP0501" at acpi0 not configured > "PNP0501" at acpi0 not configured > "PNP0700" at acpi0 not configured > acpiac0 at acpi0: AC unit online > pvbus0 at mainbus0: VMware > vmt0 at pvbus0 > pci0 at mainbus0 bus 0 > pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x01 > ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x01 > pci1 at ppb0 bus 1 > pcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x08 > pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA, > channel 0 configured to compatibility, channel 1 configured to compatibility > pciide0: channel 0 disabled (no drives) > atapiscsi0 at pciide0 channel 1 drive 0 > scsibus1 at atapiscsi0: 2 targets > cd0 at scsibus1 targ 0 lun 0: <NECVMWar, VMware IDE CDR10, 1.00> ATAPI > 5/cdrom removable > cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 > piixpm0 at pci0 dev 7 function 3 "Intel 82371AB Power" rev 0x08: SMBus > disabled > "VMware VMCI" rev 0x10 at pci0 dev 7 function 7 not configured > vga1 at pci0 dev 15 function 0 "VMware SVGA II" rev 0x00 > wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) > wsdisplay0: screen 1-5 added (80x25, vt100 emulation) > mpi0 at pci0 dev 16 function 0 "Symbios Logic 53c1030" rev 0x01: apic 1 > int 17 > mpi0: 0, firmware 1.3.41.32 > scsibus2 at mpi0: 16 targets, initiator 7 > sd0 at scsibus2 targ 0 lun 0: <VMware, Virtual disk, 1.0> SCSI2 0/direct > fixed > sd0: 10240MB, 512 bytes/sector, 20971520 sectors > mpi0: target 0 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1 > ppb1 at pci0 dev 17 function 0 "VMware PCI" rev 0x02 > pci2 at ppb1 bus 2 > em0 at pci2 dev 0 function 0 "Intel 82545EM" rev 0x01: apic 1 int 18, > address 00:50:56:b8:fd:45 > em1 at pci2 dev 2 function 0 "Intel 82545EM" rev 0x01: apic 1 int 16, > address 00:50:56:b8:f4:6a > em2 at pci2 dev 3 function 0 "Intel 82545EM" rev 0x01: apic 1 int 17, > address 00:50:56:b8:9f:11 > em3 at pci2 dev 4 function 0 "Intel 82545EM" rev 0x01: apic 1 int 18, > address 00:50:56:b8:d7:85 > ppb2 at pci0 dev 21 function 0 "VMware PCIE" rev 0x01 > pci3 at ppb2 bus 3 > ppb3 at pci0
Panic: ffs_blkfree on 6.0 GENERIC.MP
Hello, Today I have found one of my gateways (VM on esxi 6.5) in the state that is shown here: https://imgur.com/a/SV687 Unfortunately I didn't have time to gather more info because I had to reboot the machine in order to resume operations. Any pointers would be much appreciated. Thanks, George PS. Here is the output of my dmesg: OpenBSD 6.0 (GENERIC.MP) #2319: Tue Jul 26 13:00:43 MDT 2016 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2130640896 (2031MB) avail mem = 2061656064 (1966MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (239 entries) bios0: vendor Phoenix Technologies LTD version "6.00" date 04/05/2016 bios0: VMware, Inc. VMware Virtual Platform acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP BOOT APIC MCFG SRAT HPET WAET acpi0: wakeup devices PCI0(S3) USB_(S1) P2P0(S3) S1F0(S3) S2F0(S3) S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3) S10F(S3) S11F(S3) S12F(S3) S13F(S3) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU E5-2620 v3 @ 2.40GHz, 2397.56 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 65MHz ioapic0 at mainbus0: apid 1 pa 0xfec0, version 11, 24 pins acpimcfg0 at acpi0 addr 0xf000, bus 0-127 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0: C1(@1 halt!) "PNP0001" at acpi0 not configured "PNP0303" at acpi0 not configured "PNP0F13" at acpi0 not configured "PNP0A05" at acpi0 not configured "PNP0400" at acpi0 not configured "PNP0501" at acpi0 not configured "PNP0501" at acpi0 not configured "PNP0700" at acpi0 not configured acpiac0 at acpi0: AC unit online pvbus0 at mainbus0: VMware vmt0 at pvbus0 pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x01 ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x01 pci1 at ppb0 bus 1 pcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x08 pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 disabled (no drives) atapiscsi0 at pciide0 channel 1 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: <NECVMWar, VMware IDE CDR10, 1.00> ATAPI 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 piixpm0 at pci0 dev 7 function 3 "Intel 82371AB Power" rev 0x08: SMBus disabled "VMware VMCI" rev 0x10 at pci0 dev 7 function 7 not configured vga1 at pci0 dev 15 function 0 "VMware SVGA II" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) mpi0 at pci0 dev 16 function 0 "Symbios Logic 53c1030" rev 0x01: apic 1 int 17 mpi0: 0, firmware 1.3.41.32 scsibus2 at mpi0: 16 targets, initiator 7 sd0 at scsibus2 targ 0 lun 0: <VMware, Virtual disk, 1.0> SCSI2 0/direct fixed sd0: 10240MB, 512 bytes/sector, 20971520 sectors mpi0: target 0 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1 ppb1 at pci0 dev 17 function 0 "VMware PCI" rev 0x02 pci2 at ppb1 bus 2 em0 at pci2 dev 0 function 0 "Intel 82545EM" rev 0x01: apic 1 int 18, address 00:50:56:b8:fd:45 em1 at pci2 dev 2 function 0 "Intel 82545EM" rev 0x01: apic 1 int 16, address 00:50:56:b8:f4:6a em2 at pci2 dev 3 function 0 "Intel 82545EM" rev 0x01: apic 1 int 17, address 00:50:56:b8:9f:11 em3 at pci2 dev 4 function 0 "Intel 82545EM" rev 0x01: apic 1 int 18, address 00:50:56:b8:d7:85 ppb2 at pci0 dev 21 function 0 "VMware PCIE" rev 0x01 pci3 at ppb2 bus 3 ppb3 at pci0 dev 21 function 1 "VMware PCIE" rev 0x01 pci4 at ppb3 bus 4 ppb4 at pci0 dev 21 function 2 "VMware PCIE" rev 0x01 pci5 at ppb4 bus 5 ppb5 at pci0 dev 21 function 3 "VMware PCIE" rev 0x01 pci6 at ppb5 bus 6 ppb6 at pci0 dev 21 function 4 "VMware PCIE" rev 0x01 pci7 at ppb6 bus 7 ppb7 at pci0 dev 21 function 5 "VMware PCIE" rev 0x01 pci8 at ppb7 bus 8 ppb8 at pci0 dev 21 function 6 "VMware PCIE" rev 0x01 pci9 at ppb8 bus 9 ppb9 at pci0 dev 21 function 7 "VMware PCIE" rev 0x01 pci10 at ppb9 bus 10 ppb10 at pci0 dev 22 function 0 "VMware PCIE" rev 0x01 pci11 at ppb10 bus 11 ppb11 at pci0 dev 22 function 1 "VMware P
Re: PCEngines APU2 Wifi router issues
On Fri, 22 Dec 2017 18:00:37 -0800 Carlos Cardenas <cardena...@gmail.com> wrote: > George <g.lis...@nodeunit.com> wrote: > > > On Thu, 21 Dec 2017 21:25:44 -0800 > > Carlos Cardenas <cardena...@gmail.com> wrote: > > > > > George <g.lis...@nodeunit.com> wrote: > > > > > > > Hi guys, > > > > > > > > I got the apu2b4 to build a wifi router with an Intel Dual Band > > > > Wireless AC 7260 wifi module. The module firmware was loaded by > > > > fw_update at first boot and connecting to my existing AP works > > > > but when > > > > > > > > I try to set it up as an access point with: > > > > > > > > ifconfig iwm0 up media autoselect mediaopt hostap mode 11g nwid > > > > MySSID wpakey MyKey > > > > > > > > I get in ifconfig iwm0 > > > > ... > > > > status: no network > > > > ... > > > > > > > > and associating/connecting from my Linux laptop does not > > > > work... I am not even seeing the AP with this "MySSID" in the > > > > scan listing. Any suggestions or ideas as to what might be > > > > wrong are welcome. > > > > > > > > TIA > > > > George > > > > > > > > > > George, > > > > > > iwm(4) is not capable for access point usage. > > > > > > Check out https://www.openbsd.org/faq/faq6.html#Wireless for a > > > list. > > > > > > +--+ > > > Carlos > > > > Sorry but now I have another question I live in Canada and the > > PCEngines website points to one reseller here and they seem to not > > have the right card: > > > > https://corpshadow.biz/bizstore/system-components/wireless-components/radio-cards/ > > > > any idea where I can get one preferably in Canada. > > > > Thanks in advance. > > George > > They had the WLE200NX listed on the page: > https://corpshadow.biz/bizstore/compex/dualband-80211n-mimo-2x2-minipcie.html > > If you don't like that card, you can always pick something up on ebay. > > +--+ > Carlos Actually no that will work I was looking at the ath not the athn driver that's why I thought it does not. Thanks Carlos
Re: PCEngines APU2 Wifi router issues
On Thu, 21 Dec 2017 21:25:44 -0800 Carlos Cardenas <cardena...@gmail.com> wrote: > George <g.lis...@nodeunit.com> wrote: > > > Hi guys, > > > > I got the apu2b4 to build a wifi router with an Intel Dual Band > > Wireless AC 7260 wifi module. The module firmware was loaded by > > fw_update at first boot and connecting to my existing AP works but > > when > > > > I try to set it up as an access point with: > > > > ifconfig iwm0 up media autoselect mediaopt hostap mode 11g nwid > > MySSID wpakey MyKey > > > > I get in ifconfig iwm0 > > ... > > status: no network > > ... > > > > and associating/connecting from my Linux laptop does not work... I > > am not even seeing the AP with this "MySSID" in the scan listing. > > Any suggestions or ideas as to what might be wrong are welcome. > > > > TIA > > George > > > > George, > > iwm(4) is not capable for access point usage. > > Check out https://www.openbsd.org/faq/faq6.html#Wireless for a list. > > +--+ > Carlos Sorry but now I have another question I live in Canada and the PCEngines website points to one reseller here and they seem to not have the right card: https://corpshadow.biz/bizstore/system-components/wireless-components/radio-cards/ any idea where I can get one preferably in Canada. Thanks in advance. George
Re: PCEngines APU2 Wifi router issues
On Thu, 21 Dec 2017 21:25:44 -0800 Carlos Cardenas <cardena...@gmail.com> wrote: > George <g.lis...@nodeunit.com> wrote: > > > Hi guys, > > > > I got the apu2b4 to build a wifi router with an Intel Dual Band > > Wireless AC 7260 wifi module. The module firmware was loaded by > > fw_update at first boot and connecting to my existing AP works but > > when > > > > I try to set it up as an access point with: > > > > ifconfig iwm0 up media autoselect mediaopt hostap mode 11g nwid > > MySSID wpakey MyKey > > > > I get in ifconfig iwm0 > > ... > > status: no network > > ... > > > > and associating/connecting from my Linux laptop does not work... I > > am not even seeing the AP with this "MySSID" in the scan listing. > > Any suggestions or ideas as to what might be wrong are welcome. > > > > TIA > > George > > > > George, > > iwm(4) is not capable for access point usage. > > Check out https://www.openbsd.org/faq/faq6.html#Wireless for a list. > > +--+ > Carlos Hehe doh ... should've checked before ordering it. Thanks Carlos! Cheers, George
PCEngines APU2 Wifi router issues
Hi guys, I got the apu2b4 to build a wifi router with an Intel Dual Band Wireless AC 7260 wifi module. The module firmware was loaded by fw_update at first boot and connecting to my existing AP works but when I try to set it up as an access point with: ifconfig iwm0 up media autoselect mediaopt hostap mode 11g nwid MySSID wpakey MyKey I get in ifconfig iwm0 ... status: no network ... and associating/connecting from my Linux laptop does not work... I am not even seeing the AP with this "MySSID" in the scan listing. Any suggestions or ideas as to what might be wrong are welcome. TIA George
AMD Ryzen 7 1700, Gigabyte AB350-GA, Gigabyte AMD RADEON R5 230
Automatically detects the right resolution. 1440x900 59.90*+ ( For debian an extra manual step to install nofree drivers is required ) Sound works for youtube after executing # mixerctl outputs.master=256,256 dmesg for those who are interested OpenBSD 6.2 (GENERIC.MP) #134: Tue Oct 3 21:22:29 MDT 2017 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 17112383488 (16319MB) avail mem = 16586743808 (15818MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xeb3b0 (57 entries) bios0: vendor American Megatrends Inc. version "F6" date 04/07/2017 bios0: Gigabyte Technology Co., Ltd. AB350-Gaming 3 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT SSDT FIDT SSDT SRAT CRAT CDIT SSDT MCFG HPET SSDT UEFI IVRS SSDT SSDT acpi0: wakeup devices GPP0(S4) GPP1(S4) GPP2(S4) PTXH(S4) GPP3(S4) GPP4(S4) GPP5(S4) GPP6(S4) GPP7(S4) GPP8(S4) GPP9(S4) GPPA(S4) GPPB(S4) GPPC(S4) GPPD(S4) GPPE(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Ryzen 7 1700 Eight-Core Processor, 2994.86 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TOPEXT,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA cpu0: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 8-way L2 cache, 16MB 64b/line 16-way L3 cache cpu0: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu0: TSC frequency 2994864300 Hz cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD Ryzen 7 1700 Eight-Core Processor, 2994.38 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TOPEXT,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA cpu1: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 8-way L2 cache, 16MB 64b/line 16-way L3 cache cpu1: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: AMD Ryzen 7 1700 Eight-Core Processor, 2994.37 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TOPEXT,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA cpu2: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 8-way L2 cache, 16MB 64b/line 16-way L3 cache cpu2: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu2: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: AMD Ryzen 7 1700 Eight-Core Processor, 2994.38 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TOPEXT,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA cpu3: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 8-way L2 cache, 16MB 64b/line 16-way L3 cache cpu3: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu3: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu3: smt 0, core 3, package 0 cpu4 at mainbus0: apid 4 (application processor) cpu4: AMD Ryzen 7 1700 Eight-Core Processor, 2994.37 MHz cpu4: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TOPEXT,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA cpu4: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 8-way L2 cache, 16MB 64b/line 16-way L3
Re: log up or down interface end change physical address
There's ifstated - http://man.openbsd.org/ifstated On 21 September 2017 at 14:29, Krzysztof Strzeszewskiwrote: > Hi, > > How to log up or down (connect or not connect cable) interface end change > physical address on OpenBSD? > > > -- > Regards, > Krzysztof Strzeszewski >
Re: ping -R causes panic
I can reproduce this after updating to the Sept 18th snapshot, I did not observe this on my Aug 20 snapshot install if that aids in narrowing down when this was introduced. I suspect reporting this to bugs rather than misc may be a better course of action. https://www.openbsd.org/report.html On 20 September 2017 at 12:26, Kapetanakis Gianniswrote: > I got this panic today after ping -R > I don't run pfsync > > # ping -R www.google.com > panic: kernel diagnostic assertion "m0->m_flags & M_PKTHDR" failed: file > "/usr/src/sys/kern/uipc_mbuf.c", line 1344splassert: pfsync_update_state: > want 1 have 256 > > pStopped at db_enter+0x5: popq%rbp > TIDPIDUID PRFLAGS PFLAGS CPU COMMAND > *299140 12380 510x33 02 ping > 422116 15532 0 0x14000 0x2001 softnet > db_enter() at db_enter+0x5 > panic() at panic+0x128 > __assert(81020a74,80002692f4a0,0,1) at __assert+0x24 > m_dup_pkt(ff010c77caf8,1,ff00baab064b) at m_dup_pkt+0x225 > ip_pcbopts(1,ff00baab0600) at ip_pcbopts+0x138 > sosetopt(ff010947b018,800026798d68,80002692f5f0,ff00baab0600) > a > t sosetopt+0xd0 > sys_setsockopt(80002692f680,690,800026798d68) at sys_setsockopt+0x13d > syscall() at syscall+0x270 > --- syscall (number 105) --- > end of kernel > end trace frame: 0x7f7bf230, count: 7 > 0xc362b93239a: > > > OpenBSD 6.2-beta (GENERIC.MP) #86: Sun Sep 10 10:07:51 MDT 2017 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > real mem = 4273274880 (4075MB) > avail mem = 4136747008 (3945MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xcfb9c000 (67 entries) > bios0: vendor Dell Inc. version "2.7.0" date 10/30/2010 > bios0: Dell Inc. PowerEdge 1950 > acpi0 at bios0: rev 2 > acpi0: sleep states S0 S4 S5 > acpi0: tables DSDT FACP APIC SPCR HPET MCFG WD__ SLIC ERST HEST BERT EINJ TCPA > acpi0: wakeup devices PCI0(S5) > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: Intel(R) Xeon(R) CPU E5405 @ 2.00GHz, 1995.26 MHz > cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,NXE,LONG,LAHF,PERF,SENSOR > cpu0: 6MB 64b/line 16-way L2 cache > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges > cpu0: apic clock running at 332MHz > cpu0: mwait min=64, max=64, C-substates=0.2.2.2, IBE > cpu1 at mainbus0: apid 2 (application processor) > cpu1: Intel(R) Xeon(R) CPU E5405 @ 2.00GHz, 1995.01 MHz > cpu1: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,NXE,LONG,LAHF,PERF,SENSOR > cpu1: 6MB 64b/line 16-way L2 cache > cpu1: smt 0, core 2, package 0 > cpu2 at mainbus0: apid 1 (application processor) > cpu2: Intel(R) Xeon(R) CPU E5405 @ 2.00GHz, 1995.01 MHz > cpu2: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,NXE,LONG,LAHF,PERF,SENSOR > cpu2: 6MB 64b/line 16-way L2 cache > cpu2: smt 0, core 1, package 0 > cpu3 at mainbus0: apid 3 (application processor) > cpu3: Intel(R) Xeon(R) CPU E5405 @ 2.00GHz, 1995.01 MHz > cpu3: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,NXE,LONG,LAHF,PERF,SENSOR > cpu3: 6MB 64b/line 16-way L2 cache > cpu3: smt 0, core 3, package 0 > ioapic0 at mainbus0: apid 4 pa 0xfec0, version 20, 24 pins > , remapped to apid 4 > acpihpet0 at acpi0: 14318179 Hz > acpimcfg0 at acpi0 addr 0xe000, bus 0-255 > acpiprt0 at acpi0: bus 0 (PCI0) > acpiprt1 at acpi0: bus 4 (PEX2) > acpiprt2 at acpi0: bus 5 (UPST) > acpiprt3 at acpi0: bus 6 (DWN1) > acpiprt4 at acpi0: bus 8 (DWN2) > acpiprt5 at acpi0: bus 1 (PEX3) > acpiprt6 at acpi0: bus -1 (PE2P) > acpiprt7 at acpi0: bus 10 (PEX4) > acpiprt8 at acpi0: bus -1 (PE2P) > acpiprt9 at acpi0: bus 12 (PEX6) > acpiprt10 at acpi0: bus 2 (SBEX) > acpiprt11 at acpi0: bus 14 (COMP) > acpicpu0 at acpi0: C1(@1 halt!) > acpicpu1 at acpi0: C1(@1 halt!) > acpicpu2 at acpi0: C1(@1 halt!) > acpicpu3 at acpi0: C1(@1 halt!) > "PNP0C33" at acpi0 not configured > "PNP0700" at acpi0 not configured > "IPI0001" at acpi0 not configured > ipmi at mainbus0 not configured > pci0 at mainbus0 bus 0 > pchb0 at pci0 dev 0 function 0 "Intel 5000X Host" rev 0x12 > ppb0 at pci0 dev 2 function 0 "Intel 5000 PCIE" rev 0x12 > pci1 at ppb0 bus 4 > ppb1 at pci1 dev 0 function 0 "Intel 6321ESB PCIE" rev 0x01 > pci2 at ppb1 bus 5 >
Re: Query regarding exec in mandocdb.c
Thank you for the replies Ingo and the diffs! George Brown On 26 August 2017 at 17:04, Ingo Schwarze <schwa...@usta.de> wrote: > Hi George, > > George Brown wrote on Thu, Aug 24, 2017 at 02:01:05PM +0100: > >> In mandocdb.c it appears cmp(1) and rm(1) are executed in a child >> process. It seems that if the logic from these programs were duplicated >> the pledge in mandocdb.c could be further restricted and even not bother >> with forking. > > Done as well, see the commit below. > > Thanks again for the suggestion, > Ingo > > > Log Message: > --- > Do not fork and exec cmp(1); instead, simply fstat(2), mmap(2), and > compare the files directly, allowing a much stricter pledge(2), at > very little cost: merely 15 additional lines of very simple code. > Suggested by George Brown <321 dot george at gmail dot com> on misc@. > > Modified Files: > -- > mandoc: > mandocdb.c > > Revision Data > - > Index: mandocdb.c > === > RCS file: /home/cvs/mandoc/mandoc/mandocdb.c,v > retrieving revision 1.254 > retrieving revision 1.255 > diff -Lmandocdb.c -Lmandocdb.c -u -p -r1.254 -r1.255 > --- mandocdb.c > +++ mandocdb.c > @@ -19,8 +19,8 @@ > #include "config.h" > > #include > +#include > #include > -#include > > #include > #include > @@ -319,7 +319,7 @@ mandocdb(int argc, char *argv[]) > int ch, i; > > #if HAVE_PLEDGE > - if (pledge("stdio rpath wpath cpath fattr flock proc exec", NULL) == > -1) { > + if (pledge("stdio rpath wpath cpath", NULL) == -1) { > warn("pledge"); > return (int)MANDOCLEVEL_SYSERR; > } > @@ -440,15 +440,6 @@ mandocdb(int argc, char *argv[]) > * The existing database is usable. Process > * all files specified on the command-line. > */ > -#if HAVE_PLEDGE > - if (!nodb) { > - if (pledge("stdio rpath wpath cpath fattr > flock", NULL) == -1) { > - warn("pledge"); > - exitcode = (int)MANDOCLEVEL_SYSERR; > - goto out; > - } > - } > -#endif > use_all = 1; > for (i = 0; i < argc; i++) > filescan(argv[i]); > @@ -2119,9 +2110,10 @@ dbprune(struct dba *dba) > static void > dbwrite(struct dba *dba) > { > - char tfn[33]; > - int status; > - pid_tchild; > + struct stat sb1, sb2; > + char tfn[33], *cp1, *cp2; > + off_ti; > + int fd1, fd2; > > /* > * Do not write empty databases, and delete existing ones > @@ -2160,39 +2152,59 @@ dbwrite(struct dba *dba) > say("", "&%s", tfn); > return; > } > - > + cp1 = cp2 = NULL; > + fd1 = fd2 = -1; > (void)strlcat(tfn, "/" MANDOC_DB, sizeof(tfn)); > if (dba_write(tfn, dba) == -1) { > - exitcode = (int)MANDOCLEVEL_SYSERR; > say(tfn, "_write"); > - goto out; > - } > - > - switch (child = fork()) { > - case -1: > - exitcode = (int)MANDOCLEVEL_SYSERR; > - say("", " cmp"); > - return; > - case 0: > - execlp("cmp", "cmp", "-s", tfn, MANDOC_DB, (char *)NULL); > - say("", " cmp"); > - exit(0); > - default: > - break; > - } > - if (waitpid(child, , 0) == -1) { > - exitcode = (int)MANDOCLEVEL_SYSERR; > - say("", " cmp"); > - } else if (WIFSIGNALED(status)) { > - exitcode = (int)MANDOCLEVEL_SYSERR; > - say("", "cmp died from signal %d", WTERMSIG(status)); > - } else if (WEXITSTATUS(status)) { > - exitcode = (int)MANDOCLEVEL_SYSERR; > - say(MANDOC_DB, > - "Data changed, but cannot replace database"); > + goto err; > } > + if ((fd1 = open(MANDOC_DB, O_RDONLY, 0)) == -1)
Query regarding exec in mandocdb.c
In mandocdb.c it appears cmp(1) and rm(1) are executed in a child process. It seems that if the logic from these programs were duplicated the pledge in mandocdb.c could be further restricted and even not bother with forking. Would such a change be pointless churn however? Both cmp(1) and rm(1) are simple programs and are pledge'd themselves. Not to mention the creation of the mandoc database is in itself a short lived process. To be clear I'm not proposing a change (indeed I have no diff) but rather I am simply curious to the opinion of others in the OpenBSD community. Kind regards, George
Re: Please Advise on licencing
Thank you so much Ingo. Things are very clear. :-) On Aug 5, 2017 8:58 AM, "Ingo Schwarze" <schwa...@usta.de> wrote: > Hi Siju, > > Siju George wrote on Sat, Aug 05, 2017 at 06:50:12AM +0530: > > > In a code repository should the licence wording be on every file ? > > Best practice is: > > 1. To have at least one line containing "Copyright (c) ..." > at the top of each file containing copyrightable content. > > 2. Each author (natural person, NOT legal entity like corporations > or foundations) who made copyrightable contributions to the > file of which at least parts are still contained in the > file must be mentioned on such a line. > If an author did transfer their economic rights (which doesn't > really make much sense for ISC or BSD 2-clause licensed code, > but nonetheless, it is occasionally done), you can list the > legal entity that acquired the economic rights, but then it > becomes important to add a line, below the Copyright notice, > reading, for example: > Parts of this file were written by (name of natural person) > for (name of legal entity). > The reason is that the actual authors retain some inalienable > rights, even when working for hire or contract, and the right > to be know of as the author is one of these rights that can > neither be sold nor be given away. > > 3. Each Copyright line must contain one year number, separated > with commas, for each year in which that author made copyrightable > additions to the file that are still present in the file. Ranges > of years separated with dashes are only acceptable if that > author also made such contributions in each of the years between > the endpoints of the range. Usually, only use ranges on lines > that would otherwise become too long. > > Look at /usr/src/usr.bin/mandoc/mdoc_term.c for an example > demonstrating all these rules. > > The full text of the license should follow this Copyright notice > in each file. > > > That said, from a legal standpoint, it is sufficient to have one > license for each Work, so having one Copyright notice for the whole > Work (e.g., program or package) is legally sufficient, too. But > that is not a particularly good idea for several reasons: > > 1. It is less clear and can cause doubt as to which files are > covered by the central Copyright notice and license. > > 2. It is very hard to maintain correctly. Care is already needed > when maintaining the notices in individual files, and maintaining > a central notice correctly is even harder because it is no > longer even clear in which files to look for the contributions > of the various authors. > > 3. In practice, you will probably sooner or later include files > from third parties that are available under free licenses. In > that case, leaving the Copyright notices and licenses in place > in those included files is usually required by the third party > licenses, and those licenses often differs slightly from the > one you are using for your own Work. So you end up with some > files with Copyright notices and licenses and some without, > which exacerbates the problem explained in item 1. > > 4. People maintaining other software will occasionally pick files > from your software and copy them to their own package. If you > failed to add a Copyright notice and license to a file that > gets picked in this way, there is a higher risk that the person > taking the file forgets to copy your Copyright notice and license > into the file before redistributing it. And worse, how is that > person even supposed to figure out who, and during which years, > contributed to that particular file? Basically, that poor soul > will be forced to analyze the complete VCS commit history for > the file and reconstruct the Copyright notice from scratch. > > > Or just in a file named "Licence" in the root folder ? > > Best practice is to do that *in addition*, because with many files, > it can be hard to figure out the full list of Copyright holders and > applicable licenses, and also because you almost certainly want to > state *somewhere* which the preferred license is for new contributions > to the project. > > For an example of such an additional central file demonstrating > many useful features of such a central file, refer to > > http://mandoc.bsd.lv/LICENSE > > > Oh, and very important: Never add any Copyright or license goo to > the displayed text of any manual page or the stdout or stderr output > of any program. Copyright notices and licenses belong into t
Re: Please Advise on licencing
Thank you In for the detailed explanation. In a code repository should the licence wording be on every file ? Or just in a file named "Licence" in the root folder ? On Aug 5, 2017 12:49 AM, "Ingo Schwarze" <schwa...@usta.de> wrote: > Hi, > > Reyk Floeter wrote on Fri, Aug 04, 2017 at 08:41:18AM +0200: > > Am 04.08.2017 um 05:11 schrieb Siju George <sgeorge...@gmail.com>: > > >> I want this information to be available to all without discrimination. > >> Which is the best licence I can give them? > > > the license is your choice ;-) > > While that is both true and important, there is also a definitive > and objective answer to the question, quoting from what i wrote on > > http://www.openbsd.org/policy.html > > The above observations regarding moral rights imply that putting > code under an ISC or two-clause BSD license essentially makes the > code as free as it can possibly get. Modifying the wording of > these licenses can only result in one of the three following > effects: > > 1. making the code less free by adding additional restrictions >regarding its use, copying, modification or distribution; > 2. or effectively not changing anything by merely changing the >wording, but not changing anything substantial regarding the >legal content; > 3. or making the license illegal by attempting to deprive the >authors of rights they cannot legally give away. > > Some examples: > > * The GPL is an example of case 1 (not free). > > * Allowing anybody to relicence is an example of case 2 >when added as an additional right to an ISC license. >At first, it might seem that grants an additional right. >But that right is utterly useless: The license is already >as free as it can be, so relicensing cannot grant additional >rights, and relicensing under more restrictive terms is >pointless because the code is already available under ISC >and will remain so. >Note that relicensing permission is *only* irrelevant for ISC >and Berkeley 2-clause. If code is under a not fully free license >(like GPL or Apache 2.0 or CDDL), then granting the right to >relicense suddenly makes the code fully free, because anybody >can then go ahead and (legally and morally legitimately) >re-release under ISC. > > * "Do whatever you like with this code" is an example of case 3. >It is misleading in so far as the author *still* retains some >rights under international law, specifically the Berne Convention, >and there are things you are *still* prohibited from doing with >the code, and it is not a good idea to mislead the unwary. >Besides, it is dangerous because nobody knows whether some judge >in some obscure jurisdiction might rule that "whatever you like" >is not specific enough to include "distribute changed versions >for profit as part of your private business" (or not specific >enough for whatever might be considered to require *explicit* >permission in that jurisdiction). Or some judge might even rule >that is outright invalid in the first place because of the obvious >violation of the Berne Convention and consequently grants no >rights whatsoever. Using non-standard or fuzzy wording may >potentially open you up to surprises in some jurisdictions. > > Yours, > Ingo >
Re: Please Advise on licencing
Thank you Reyk . I will use ISC :-) On Aug 4, 2017 12:11 PM, "Reyk Floeter" <r...@openbsd.org> wrote: > Hi, > > the license is your choice ;-) > > But we use ISC for new code in OpenBSD and I also use for all other open > source code these days. > > See: > http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share/misc/ > license.template?rev=1.3=text/x-cvsweb-markup > > http://www.openbsd.org/goals.html > > And: > https://en.m.wikipedia.org/wiki/ISC_license > > Note that the mentioned Atheros drivers in the Linux kernel are > ISC-licensed because they were derived from my ar5k drivers in OpenBSD. > Long time ago. > > http://linuxwireless.org/en/users/Drivers/Atheros/#Licensing > > Reyk > > Am 04.08.2017 um 05:11 schrieb Siju George <sgeorge...@gmail.com>: > > Hi, > > I have a git repo > > https://github.com/sgeorge > > where I populate mainly contents about docker. > > I want this information to be available to all without discrimination. > > Which is the best licence I can give them? > > BSD or ISC or MIT or any other? > > Heard Reyk is not using BSD licence for his drivers but ISC > > Thus the confusion in my mind. > > Please advise > > Thank you :-) > > Siju Oommen George > > >
Please Advise on licencing
Hi, I have a git repo https://github.com/sgeorge where I populate mainly contents about docker. I want this information to be available to all without discrimination. Which is the best licence I can give them? BSD or ISC or MIT or any other? Heard Reyk is not using BSD licence for his drivers but ISC Thus the confusion in my mind. Please advise Thank you :-) Siju Oommen George
Re: Sites in firefox stop loading with "out of memory" in console
On Wed, 19 Apr 2017 00:06:10 -0300 Daniel Bolgheroni <dan...@bolgh.eng.br> wrote: > Ultimately some sites opened with Firefox 52 stop loading with "out of > memory" in console. Two ofenders are https://app.wire.com and > https://www.protonmail.com/login, and both seem related to asm.js. > > Note that Firefox doesn't crash, but the sites beeing loaded just stop > being loaded, and the F12 console notifies the error (console messages > below). This occurred also with the previous 51 version but not with > firefox-esr 45. Chrome works OK. > Hi Daniel, This is most probably a JavaScript issue. Try disabling JavaScript, PrefBar add-on, and checking whether you get the out-of-memory messages if it is the case I am not sure what you or OpenBSD can do about it as it is a program served by the site. Try blocking or not downloading the asm.js but I'd venture a guess it will be of no use to you then then. Web NO-point-Oh what can I say ;) Good luck! George
Re: OpenBSD Stable
I change the permissions. Thanks! it works now :) On 01/18/17 21:36, trondd wrote: > On Wed, January 18, 2017 12:51 pm, George wrote: >> > >> # /usr/ports/infrastructure/bin/dpb -f 20 -R pkglist >> >> dpb fetches the packages and i get the following result >> Elapsed time=00:28:34 >> I=0 B=0 Q=0 T=547 F=0 !=9 >> L=devel/quirks libglade-2.6.4.tar.bz2.dist >> ... > > Everything is locked now because of the previous failures. Blow away > everything under /usr/ports/logs/ to start clean. Build one > package. > >> >> I didnt change any paths on dpb since i followed the pdf josg grosse >> send me. I run dpb as root so i guess permissions dont matter. >> > > The permissions absoletly matter. Read the Security Model of the dpb man > page. Even the slides told you this. ;) Dpb drops privileges.
Re: OpenBSD Stable
Summary.log and package logs The summary.log is archivers/bzip2 not built archivers/bzip2 errored archivers/gtar errored archivers/gtar not built rchivers/xz archivers/libarchive locked archivers/libarchive not built archivers/lz4 -> devel/gmake -> archivers/bzip2 archivers/libmspack errored archivers/libmspack not built archivers/libtar errored archivers/libtar not built archivers/lz4 errored archivers/lz4 not built devel/gmake -> archivers/bzip2 archivers/lzo2 not built archivers/lzo2 errored archivers/p5-Archive-Zip not built archivers/p5-Archive-Zip errored archivers/p7zip not built devel/gmake -> archivers/bzip2 archivers/p7zip,-main same as archivers/p7zip archivers/p7zip,-main errored archivers/p7zip,-rar not built devel/gmake -> archivers/bzip2 archivers/unzip errored archivers/unzip not built archivers/xz errored archivers/xz not built archivers/zip not built archivers/zip errored audio/cdparanoia not built devel/autoconf/2.52 audio/cdparanoia errored audio/celt not built audio/libogg audio/celt errored audio/flac errored audio/flac not built converters/libiconv audio/gsm not built audio/gsm errored audio/jack not built devel/metaauto audio/jack errored audio/lame not built devel/gmake -> archivers/bzip2 audio/lame errored audio/libcanberra not built devel/gmake -> archivers/bzip2 audio/libcanberra,-main errored audio/libcddb errored audio/libcddb not built archivers/bzip2 audio/libid3tag errored audio/libid3tag not built devel/gperf audio/libogg not built audio/libogg errored audio/libsamplerate errored audio/libsamplerate not built audio/libsndfile -> audio/libvorbis -> audio/libogg audio/libsndfile not built audio/libvorbis -> audio/libogg audio/libsndfile errored audio/libvorbis errored audio/libvorbis not built audio/libogg audio/mpg123 errored audio/mpg123 not built archivers/bzip2 audio/openal not built archivers/bzip2 audio/openal errored audio/opus not built devel/gmake -> archivers/bzip2 audio/opus errored audio/pulseaudio not built textproc/intltool -> devel/gmake -> archivers/bzip2 audio/pulseaudio errored audio/sound-theme-freedesktop not built textproc/intltool -> devel/gmake -> archivers/bzip2 audio/sound-theme-freedesktop errored audio/speex errored audio/speex not built audio/libogg audio/taglib errored audio/taglib not built devel/cmake -> textproc/py-sphinx -> lang/python/2.7 -> databases/gdbm -> devel/gettext -> converters/libiconv audio/tremor errored audio/tremor not built devel/libtool -> devel/metaauto audio/twolame errored audio/twolame not built audio/libsndfile -> audio/libvorbis -> audio/libogg audio/wavpack errored audio/wavpack not built converters/libiconv converters/libdvdcss not built archivers/bzip2 converters/libdvdcss errored converters/libiconv not built converters/libiconv errored converters/xmltoman errored converters/xmltoman not built textproc/p5-XML-Parser databases/db/v4 errored databases/db/v4 not built devel/jdk/1.7 -> converters/libiconv databases/db/v4 errored databases/db/v4 errored databases/db/v4 errored databases/db/v4 errored databases/db/v4, same as databases/db/v4 databases/db/v4,-java not built devel/jdk/1.7 -> converters/libiconv databases/db/v4,bootstrap,no_java,no_tcl not built databases/db/v4,no_java,no_tcl not built databases/freetds not built security/gnutls -> archivers/xz databases/freetds errored databases/gdbm errored databases/gdbm not built devel/gettext -> converters/libiconv databases/iodbc errored databases/iodbc not built devel/gettext-tools -> archivers/xz databases/iodbc,-main same as databases/iodbc databases/mariadb not built devel/cmake -> textproc/py-sphinx -> lang/python/2.7 -> databases/gdbm -> devel/gettext -> converters/libiconv databases/mariadb,-server errored databases/openldap not built textproc/icu4c -> devel/gmake -> archivers/bzip2 databases/openldap,-main same as databases/openldap databases/openldap,-main errored databases/p5-DBD-mysql errored databases/p5-DBD-mysql not built databases/p5-DBI databases/p5-DBI not built databases/p5-DBI errored databases/p5-SQL-Statement not built databases/p5-SQL-Statement errored databases/postgresql not built textproc/groff databases/postgresql,-contrib not built textproc/groff databases/postgresql,-docs not built textproc/groff databases/postgresql,-docs locked databases/postgresql,-main same as databases/postgresql databases/postgresql,-plpython not built textproc/groff databases/postgresql,-server not built textproc/groff databases/soprano not built textproc/docbook -> archivers/unzip databases/soprano errored databases/sqlite not built devel/metaauto databases/sqlite errored databases/strigi not built textproc/clucene -> devel/boost -> archivers/bzip2 databases/strigi errored devel/ORBit2 not built devel/glib2 -> archivers/xz devel/ORBit2 errored devel/apache-ant not built archivers/bzip2 devel/apache-ant errored devel/apr errored devel/apr not built devel/apr-util not built devel/apr devel/apr-util errored devel/argp-standalone errored devel/argp-standalone not
Re: OpenBSD Stable
> Need more information than this. What's dpb doing? Logs are in > /usr/ports/logs. Are the permissions set correctly for the /usr/ports/* > directories per the dpb man page? Are you sure you have -stable source? I deleted the whole directory and i followed the pdf building.stable.v1.pdf that Josh Grossesend me. I run # /usr/ports/infrastructure/bin/out-of-date Collecting installed packages: ok Collecting port versions: ok Collecting port signatures: ok Outdated ports: archivers/libarchive # 3.2.1 -> 3.2.2 archivers/p7zip,-main # 15.14.1p1 -> 15.14.1p2 audio/mpg123 # 1.23.4 -> 1.23.8 databases/postgresql,-main # 9.5.3 -> 9.5.5 devel/eclipse/sdk,-main# @gtk+2-2.24.30 -> @gtk+2-2.24.30p0 devel/eclipse/sdk,-swt # @gtk+2-2.24.30 -> @gtk+2-2.24.30p0 devel/gconf2 # @libxml-2.9.3 -> @libxml-2.9.3p0 devel/git,-main# @curl-7.49.0,curl.25.5 -> @curl-7.52.1p0,curl.25.8 devel/libglade2# @gtk+2-2.24.30,@libxml-2.9.3 -> @gtk+2-2.24.30p0,@libxml-2.9.3p0 devel/libgsf # @gdk-pixbuf-2.34.0,@libxml-2.9.3 -> @gdk-pixbuf-2.34.0p0,@libxml-2.9.3p0 devel/libnotify# @gdk-pixbuf-2.34.0 -> @gdk-pixbuf-2.34.0p0 devel/libsoup # @libxml-2.9.3 -> @libxml-2.9.3p0 devel/libunique# @gtk+2-2.24.30 -> @gtk+2-2.24.30p0 devel/libwnck # @gtk+2-2.24.30 -> @gtk+2-2.24.30p0 devel/quirks # always-update -> quirks-2.241 devel/sdl-image# @png-1.6.23,@tiff-4.0.6p1 -> @png-1.6.27,@tiff-4.0.7 devel/subversion,-main # 1.9.4p0 -> 1.9.4p1 devel/vte,-main# @gtk+2-2.24.30 -> @gtk+2-2.24.30p0 editors/libreoffice,-main # @curl-7.49.0,@gtk+2-2.24.30,@postgresql-client-9.5.3,curl.25.5 -> @curl-7.52.1p0,@gtk+2-2.24.30p0,@postgresql-client-9.5.5,curl.25.8 graphics/cairo # @png-1.6.23 -> @png-1.6.27 graphics/ffmpegthumbnailer # @png-1.6.23 -> @png-1.6.27 graphics/gdk-pixbuf2 # 2.34.0 -> 2.34.0p0 graphics/gimp/stable # @curl-7.49.0,@gtk+2-2.24.30,@tiff-4.0.6p1,curl.25.5 -> @curl-7.52.1p0,@gtk+2-2.24.30p0,@tiff-4.0.7,curl.25.8 graphics/jbig2dec # @png-1.6.23 -> @png-1.6.27 graphics/lcms # @tiff-4.0.6p1 -> @tiff-4.0.7 graphics/lcms2 # @tiff-4.0.6p1 -> @tiff-4.0.7 graphics/libwebp # @png-1.6.23,@tiff-4.0.6p1 -> @png-1.6.27,@tiff-4.0.7 graphics/libwmf# @png-1.6.23 -> @png-1.6.27 graphics/openjpeg # @png-1.6.23,@tiff-4.0.6p1 -> @png-1.6.27,@tiff-4.0.7 graphics/png # 1.6.23 -> 1.6.27 graphics/tiff # 4.0.6p1 -> 4.0.7 mail/mozilla-thunderbird,-main # @gtk+2-2.24.30 -> @gtk+2-2.24.30p0 misc/shared-mime-info # @libxml-2.9.3 -> @libxml-2.9.3p0 multimedia/gstreamer-0.10/core # @libxml-2.9.3 -> @libxml-2.9.3p0 multimedia/gstreamer-0.10/plugins-good,-main # 0.10.31p16v0 -> 0.10.31p17v0 multimedia/libbluray # @libxml-2.9.3 -> @libxml-2.9.3p0 net/curl # 7.49.0 -> 7.52.1p0 net/glib2-networking # @gnutls-3.4.14 -> @gnutls-3.4.15 net/transmission,-gtk # @curl-7.49.0,curl.25.5 -> @curl-7.52.1p0,curl.25.8 net/transmission,-main # @curl-7.49.0,curl.25.5 -> @curl-7.52.1p0,curl.25.8 print/cups,-libs # @gnutls-3.4.14 -> @gnutls-3.4.15 print/ghostscript/gnu # @png-1.6.23,@tiff-4.0.6p1 -> @png-1.6.27,@tiff-4.0.7 print/poppler,-main# @png-1.6.23,@tiff-4.0.6p1 -> @png-1.6.27,@tiff-4.0.7 security/gnupg2# @gnutls-3.4.14,@libgcrypt-1.7.1 -> @gnutls-3.4.15,@libgcrypt-1.7.1p0 security/gnutls# 3.4.14 -> 3.4.15 security/keepassx # @libgcrypt-1.7.1 -> @libgcrypt-1.7.1p0 security/libgcrypt # 1.7.1 -> 1.7.1p0 security/pinentry,-gtk2# @gtk+2-2.24.30 -> @gtk+2-2.24.30p0 telephony/baresip/baresip,-main # @mpg123-1.23.4,@png-1.6.23 -> @mpg123-1.23.8,@png-1.6.27 telephony/spandsp # @tiff-4.0.6p1 -> @tiff-4.0.7 textproc/libxml,-main # 2.9.3 -> 2.9.3p0 textproc/libxslt,-main # @libgcrypt-1.7.1,@libxml-2.9.3 -> @libgcrypt-1.7.1p0,@libxml-2.9.3p0 textproc/raptor# @curl-7.49.0,curl.25.5 -> @curl-7.52.1p0,curl.25.8 textproc/rasqal# @libgcrypt-1.7.1,curl.25.5 -> @libgcrypt-1.7.1p0,curl.25.8 textproc/redland,-main # curl.25.5 -> curl.25.8 www/firefox-esr# @gtk+2-2.24.30 -> @gtk+2-2.24.30p0 www/iridium# @gtk+2-2.24.30 -> @gtk+2-2.24.30p0 www/libcroco # @libxml-2.9.3 -> @libxml-2.9.3p0 x11/gnome/gcr # @libgcrypt-1.7.1 -> @libgcrypt-1.7.1p0 x11/gnome/gvfs,-main # @libarchive-3.2.1 -> @libarchive-3.2.2 x11/gnome/libgnome-keyring # @libgcrypt-1.7.1 -> @libgcrypt-1.7.1p0 x11/gnome/librsvg # @gdk-pixbuf-2.34.0,@libxml-2.9.3 ->
Re: OpenBSD Stable
Its the stable version that im trying to install. I installed the release version but i wanted to update to stable mostly for the security patches. I dont want to use snapshot since its the current version. How do you follow the stable version? make update works for individual packages but since i installed openbsd 6.0 a couple of months after the official release alot of packages need update. I thought dpb was the way to go. thank you. On 01/18/17 12:19, Kapetanakis Giannis wrote: > On 18/01/17 03:46, George wrote: >> Hello. >> Im new here. >> I installed OpenBSD on my laptop. I used anoncvs to download the stable >> sources for kernel, xenocara and ports. I rebuild my kernel,system and >> xenocara and i tried to update various packages to stable. >> I used >> /usr/ports/infrastructure/bin/out-of-date >> to get a list of out of date packages. I added that list to dpb with the >> following command >> /usr/ports/infrastructure/bin/dpb -f 20 -U -P PackageList2.txt >> dpb fetches the source code and chooses the packages that can be >> installed or build and then stops. It doesn't build anything or install >> anything. >> >> I'm sure its something stupid that I cant understand. >> What am i missing? >> >> Thanks! >> >> PS. I also changed /etc/mk.conf by adding >> >> FETCH_PACKAGES=Yes >> >> it doesn't seems to work. It still downloads source code and then build it. > > Since you're new on OpenBSD install either the latest stable version (6.0): > https://www.openbsd.org/faq/faq4.html > > or the latest snapshot. > > > G
OpenBSD Stable(error message)
I should also add that some times i get the following error Error: Libraries in packing-lists in the ports tree and libraries from installed packages don't match on http://man.openbsd.org/bsd.port.mk.5 it says The ports tree and the installed packages are out-of-sync. Mixing library information from both sources might produce packages that can't be installed elsewhere. Cleanest fix is to update the out-of-date source (e.g., update the ports tree, or build and install new packages). Developers may use PKG_CREATE_NO_CHECKS instead, assuming they understand the implications. See print-package-args (wantlib-args) for details. i used cvs up -rOPENBSD_6_0 -Pd to update the port but i keep getting the same error message. Thanks!
OpenBSD Stable
Hello. Im new here. I installed OpenBSD on my laptop. I used anoncvs to download the stable sources for kernel, xenocara and ports. I rebuild my kernel,system and xenocara and i tried to update various packages to stable. I used /usr/ports/infrastructure/bin/out-of-date to get a list of out of date packages. I added that list to dpb with the following command /usr/ports/infrastructure/bin/dpb -f 20 -U -P PackageList2.txt dpb fetches the source code and chooses the packages that can be installed or build and then stops. It doesn't build anything or install anything. I'm sure its something stupid that I cant understand. What am i missing? Thanks! PS. I also changed /etc/mk.conf by adding FETCH_PACKAGES=Yes it doesn't seems to work. It still downloads source code and then build it.
Re: Browser is getting slower?
i would prefer firefox but just playing a video cpu usage reach 100% I use chromium/ iridium because firefox isnt usable on my laptop. I tried deleting my profile but nothing change. :-s On Tue, Nov 22, 2016 at 2:55 PM, Alan Coreywrote: > I don't use Chromium (don't tell me I don't need a menu) but in > Firefox the user profile gets clogged up with cruft about once a year. > A quick test is to just make a new profile and see if it's faster. > Then copy over your bookmarks and gradually reestablish your cookies > which keep you logged into sites between sessions by manually logging > into each one. > > You can get to Firefox's profile manager with > firefox -ProfileManager > at a command line. It's probably in the GUI somewhere. I use > Chromium about once a year, don't know much about it. > > -- > Credit is the root of all evil. - AB1JX
Re: Browser is getting slower?
When im saying etc i mean browsing history, download history, cookies, cache images and files, passwords, autofill form data, and hosted app data. I have installed debian on a usb stick and i can say that chromium, iridium and firefox open almost instantly. Maybe its a combination of problems. I noticed recently is that i have lower cpu usage if i run iridium as root. its not a big difference (15% lower). Im thinking that maybe the problem lies on limits i have as a simple user. Beside that i have a skylake cpu so i dont have gpu support. I also think that maybe openbsd scheduler has some responsibility for the unresponsiveness. On Tue, Nov 22, 2016 at 12:41 PM, ludovic coues <cou...@gmail.com> wrote: > What do you means by etc ? > Have you checked if the same issue happen with chromium or with > iridium on a different OS ? > > 2016-11-21 20:35 GMT+01:00 George Pediaditis <g.pediaditis1...@gmail.com>: >> I have installed https everywhere, bookmarks tagging and signal >> private messenger. >> I have openbsd on my laptop so iridium isnt running all the time. >> >> On Mon, Nov 21, 2016 at 5:35 PM, Gregory Edigarov <ediga...@qarea.com> wrote: >>> On 21.11.16 15:56, George Pediaditis wrote: >>>> >>>> Ok you are right im sorry. >>>> Im definitively sure that iridium(its like chromium) is getting slower >>>> after a couple of weeks. Its so slow that im waiting 7+ sec to start. >>>> Also cpu is high and everything on the browser is really slow. The >>>> problem is solved when i clean my history etc. Now it takes about 1-2 >>>> sec to start it. >>>> I have tried Firefox before but its even worse.It crashes is slow and >>>> cpu is high. >>> >>> which extensions are installed in iridium? >>> is iridium always running, or you load it every time? >>> >>>> This is my dmesg. >>>> OpenBSD 6.0-stable (GENERIC.MP) #0: Tue Nov 8 19:51:42 EET 2016 >>>> g...@openbox.my.domain:/usr/src/sys/arch/amd64/compile/GENERIC.MP >>>> RTC BIOS diagnostic error 80 >>>> real mem = 8474267648 (8081MB) >>>> avail mem = 8212963328 (7832MB) >>>> mpath0 at root >>>> scsibus0 at mpath0: 256 targets >>>> >>>> OpenBSD 6.0-stable (GENERIC.MP) #0: Tue Nov 8 19:51:42 EET 2016 >>>> g...@openbox.my.domain:/usr/src/sys/arch/amd64/compile/GENERIC.MP >>>> RTC BIOS diagnostic error 80 >>>> real mem = 8474267648 (8081MB) >>>> avail mem = 8212963328 (7832MB) >>>> mpath0 at root >>>> scsibus0 at mpath0: 256 targets >>>> mainbus0 at root >>>> bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xe6dc0 (71 entries) >>>> bios0: vendor LENOVO version "0XCN23WW" date 03/21/2016 >>>> bios0: LENOVO 80SR >>>> acpi0 at bios0: rev 2 >>>> acpi0: sleep states S0 S3 S4 S5 >>>> acpi0: tables DSDT FACP TCPA UEFI UEFI SSDT SSDT TPM2 MSDM SSDT DBGP >>>> DBG2 ASF! ASPT BOOT DBGP HPET LPIT APIC MCFG SSDT SSDT SSDT SSDT DMAR >>>> FPDT >>>> acpi0: wakeup devices GLAN(S3) XHC_(S3) XDCI(S4) HDAS(S3) PXSX(S3) >>>> RP01(S3) PXSX(S3) RP02(S3) PXSX(S3) RP03(S3) PXSX(S3) RP04(S3) >>>> PXSX(S3) RP05(S3) PXSX(S3) RP06(S3) [...] >>>> acpitimer0 at acpi0: 3579545 Hz, 24 bits >>>> acpihpet0 at acpi0: 2399 Hz >>>> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat >>>> cpu0 at mainbus0: apid 0 (boot processor) >>>> cpu0: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2395.19 MHz >>>> cpu0: >>>> >>>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS >>>> >>>> H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX >>>> >>>> ,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA >>>> >>>> DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS >>>> >>>> GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT >>>> ,SENSOR,ARAT >>>> cpu0: 256KB 64b/line 8-way L2 cache >>>> cpu0: smt 0, core 0, package 0 >>>> mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges >>>> cpu0: apic clock running at 23MHz >>>> cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE >>>> cpu1 at mainbus0: apid 2 (application processor) >>>> cpu1: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2394.41 MHz >>>> cpu1: >>>> >>>> F
Re: Browser is getting slower?
I have installed https everywhere, bookmarks tagging and signal private messenger. I have openbsd on my laptop so iridium isnt running all the time. On Mon, Nov 21, 2016 at 5:35 PM, Gregory Edigarov <ediga...@qarea.com> wrote: > On 21.11.16 15:56, George Pediaditis wrote: >> >> Ok you are right im sorry. >> Im definitively sure that iridium(its like chromium) is getting slower >> after a couple of weeks. Its so slow that im waiting 7+ sec to start. >> Also cpu is high and everything on the browser is really slow. The >> problem is solved when i clean my history etc. Now it takes about 1-2 >> sec to start it. >> I have tried Firefox before but its even worse.It crashes is slow and >> cpu is high. > > which extensions are installed in iridium? > is iridium always running, or you load it every time? > >> This is my dmesg. >> OpenBSD 6.0-stable (GENERIC.MP) #0: Tue Nov 8 19:51:42 EET 2016 >> g...@openbox.my.domain:/usr/src/sys/arch/amd64/compile/GENERIC.MP >> RTC BIOS diagnostic error 80 >> real mem = 8474267648 (8081MB) >> avail mem = 8212963328 (7832MB) >> mpath0 at root >> scsibus0 at mpath0: 256 targets >> >> OpenBSD 6.0-stable (GENERIC.MP) #0: Tue Nov 8 19:51:42 EET 2016 >> g...@openbox.my.domain:/usr/src/sys/arch/amd64/compile/GENERIC.MP >> RTC BIOS diagnostic error 80 >> real mem = 8474267648 (8081MB) >> avail mem = 8212963328 (7832MB) >> mpath0 at root >> scsibus0 at mpath0: 256 targets >> mainbus0 at root >> bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xe6dc0 (71 entries) >> bios0: vendor LENOVO version "0XCN23WW" date 03/21/2016 >> bios0: LENOVO 80SR >> acpi0 at bios0: rev 2 >> acpi0: sleep states S0 S3 S4 S5 >> acpi0: tables DSDT FACP TCPA UEFI UEFI SSDT SSDT TPM2 MSDM SSDT DBGP >> DBG2 ASF! ASPT BOOT DBGP HPET LPIT APIC MCFG SSDT SSDT SSDT SSDT DMAR >> FPDT >> acpi0: wakeup devices GLAN(S3) XHC_(S3) XDCI(S4) HDAS(S3) PXSX(S3) >> RP01(S3) PXSX(S3) RP02(S3) PXSX(S3) RP03(S3) PXSX(S3) RP04(S3) >> PXSX(S3) RP05(S3) PXSX(S3) RP06(S3) [...] >> acpitimer0 at acpi0: 3579545 Hz, 24 bits >> acpihpet0 at acpi0: 2399 Hz >> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat >> cpu0 at mainbus0: apid 0 (boot processor) >> cpu0: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2395.19 MHz >> cpu0: >> >> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS >> >> H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX >> >> ,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA >> >> DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS >> >> GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT >> ,SENSOR,ARAT >> cpu0: 256KB 64b/line 8-way L2 cache >> cpu0: smt 0, core 0, package 0 >> mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges >> cpu0: apic clock running at 23MHz >> cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE >> cpu1 at mainbus0: apid 2 (application processor) >> cpu1: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2394.41 MHz >> cpu1: >> >> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS >> >> H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX >> >> ,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA >> >> DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS >> >> GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT >> ,SENSOR,ARAT >> cpu1: 256KB 64b/line 8-way L2 cache >> cpu1: smt 0, core 1, package 0 >> cpu2 at mainbus0: apid 1 (application processor) >> cpu2: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2394.41 MHz >> cpu2: >> >> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS >> >> H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX >> >> ,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA >> >> DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS >> >> GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT >> ,SENSOR,ARAT >> cpu2: 256KB 64b/line 8-way L2 cache >> cpu2: smt 1, core 0, package 0 >> cpu3 at mainbus0: apid 3 (application processor) >> cpu3: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2394.41 MHz >> cpu3: >> >> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS >
Re: Browser is getting slower?
Ok you are right im sorry. Im definitively sure that iridium(its like chromium) is getting slower after a couple of weeks. Its so slow that im waiting 7+ sec to start. Also cpu is high and everything on the browser is really slow. The problem is solved when i clean my history etc. Now it takes about 1-2 sec to start it. I have tried Firefox before but its even worse.It crashes is slow and cpu is high. This is my dmesg. OpenBSD 6.0-stable (GENERIC.MP) #0: Tue Nov 8 19:51:42 EET 2016 g...@openbox.my.domain:/usr/src/sys/arch/amd64/compile/GENERIC.MP RTC BIOS diagnostic error 80 real mem = 8474267648 (8081MB) avail mem = 8212963328 (7832MB) mpath0 at root scsibus0 at mpath0: 256 targets OpenBSD 6.0-stable (GENERIC.MP) #0: Tue Nov 8 19:51:42 EET 2016 g...@openbox.my.domain:/usr/src/sys/arch/amd64/compile/GENERIC.MP RTC BIOS diagnostic error 80 real mem = 8474267648 (8081MB) avail mem = 8212963328 (7832MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xe6dc0 (71 entries) bios0: vendor LENOVO version "0XCN23WW" date 03/21/2016 bios0: LENOVO 80SR acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP TCPA UEFI UEFI SSDT SSDT TPM2 MSDM SSDT DBGP DBG2 ASF! ASPT BOOT DBGP HPET LPIT APIC MCFG SSDT SSDT SSDT SSDT DMAR FPDT acpi0: wakeup devices GLAN(S3) XHC_(S3) XDCI(S4) HDAS(S3) PXSX(S3) RP01(S3) PXSX(S3) RP02(S3) PXSX(S3) RP03(S3) PXSX(S3) RP04(S3) PXSX(S3) RP05(S3) PXSX(S3) RP06(S3) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 2399 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2395.19 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT ,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 23MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2394.41 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT ,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 1 (application processor) cpu2: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2394.41 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT ,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 1, core 0, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2394.41 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT ,SENSOR,ARAT cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (RP01) acpiprt2 at acpi0: bus -1 (RP02) acpiprt3 at acpi0: bus -1 (RP03) acpiprt4 at acpi0: bus -1 (RP04) acpiprt5 at acpi0: bus 1 (RP05) acpiprt6 at acpi0: bus 2 (RP06) acpiprt7 at acpi0: bus -1 (RP07) acpiprt8 at acpi0: bus -1 (RP08) acpiprt9 at acpi0: bus -1 (RP09) acpiprt10 at acpi0: bus -1 (RP10) acpiprt11 at acpi0: bus -1 (RP11) acpiprt12 at acpi0: bus -1 (RP12) acpiprt13 at acpi0: bus -1 (RP13) acpiprt14 at acpi0: bus -1 (RP14) acpiprt15 at acpi0: bus -1 (RP15) acpiprt16 at acpi0: bus -1 (RP16) acpiprt17 at acpi0: bus -1 (RP17) acpiprt18 at acpi0: bus -1 (RP18) acpiprt19 at acpi0: bus -1 (RP19) acpiprt20 at acpi0: bus -1 (RP20) acpiec0 at acpi0 acpicpu0 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151
Re: Browser is getting slower?
OpenBSD 6.0 stable if i clean browser history etc is getting better but i shouldnt have to erase my history in order to open a new tab... On Mon, Nov 21, 2016 at 9:48 AM, Mihai Popescuwrote: >> Hello! >> i have the impression that my browser is getting slower compared with >> a fresh openbsd install. >> Any ideas? > > Global climate is getting warmer, too. > >> ps. Im using iridium > > What OpenBSD flavour is that? > > Bye!
Browser is getting slower?
Hello! i have the impression that my browser is getting slower compared with a fresh openbsd install. Any ideas? ps. Im using iridium
Re: Slow wifi
thanks for the reply. I will try it next week when i have more time. If that doesnt work im thinking if its possible to go from current back to stable. If i try current and i have problems. It looks possible but it isnt in FAQ https://www.openbsd.org/faq/faq5.html#Flavors im wondering if im missing something. On Thu, Nov 10, 2016 at 10:52 PM, Stefan Sperling <s...@stsp.name> wrote: > On Thu, Nov 10, 2016 at 10:24:50PM +0200, George Pediaditis wrote: >> i currently use stable. I updated my system a week ago. How stable is >> current? >> I use my laptop for programming (java) and im a bit skeptical about >> running current. > > Generally, -current is fine. But if you don't follow our development > process at least a bit you might upgrade at a bad moment and run into > surprises. Most issues will fix themselves after a few days and we're > always welcoming reports from users running -current since that really > helps us make the next release better. > > I have spent many hours making many changes since 6.0 which fixed > several issues in the iwm driver and the wireless framework. > All these fixes will of course ship in 6.1. > I'm sorry but this kind of problem is not something we officially > backport fixes to -stable for because it just takes too much time > on top of all the time already spent on development for -current. > > That said, I'll include one fix I made below. I don't know if it > provides a huge improvement in isolation but if you really want > to stick with -stable then this patch is worth a shot. I know that > it compiles but I haven't run this on a 6.0 system myself. > > Index: if_iwm.c > === > RCS file: /cvs/src/sys/dev/pci/if_iwm.c,v > retrieving revision 1.132 > retrieving revision 1.133 > diff -u -p -r1.132 -r1.133 > --- if_iwm.c12 Sep 2016 10:18:26 - 1.132 > +++ if_iwm.c21 Sep 2016 12:56:43 - 1.133 > @@ -4896,6 +4896,7 @@ iwm_ack_rates(struct iwm_softc *sc, stru > int *ofdm_rates) > { > struct ieee80211_node *ni = >in_ni; > + struct ieee80211_rateset *rs = >ni_rates; > int lowest_present_ofdm = 100; > int lowest_present_cck = 100; > uint8_t cck = 0; > @@ -4904,15 +4905,19 @@ iwm_ack_rates(struct iwm_softc *sc, stru > > if (ni->ni_chan == IEEE80211_CHAN_ANYC || > IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) { > - for (i = 0; i <= IWM_LAST_CCK_RATE; i++) { > + for (i = 0; i < MIN(IWM_FIRST_OFDM_RATE, rs->rs_nrates); i++) > { > + if ((rs->rs_rates[i] & IEEE80211_RATE_BASIC) == 0) > + continue; > cck |= (1 << i); > if (lowest_present_cck > i) > lowest_present_cck = i; > } > } > - for (i = IWM_FIRST_OFDM_RATE; i <= IWM_LAST_NON_HT_RATE; i++) { > - int adj = i - IWM_FIRST_OFDM_RATE; > - ofdm |= (1 << adj); > + for (i = IWM_FIRST_OFDM_RATE; > + i <= MIN(IWM_LAST_NON_HT_RATE, rs->rs_nrates - 1); i++) { > + if ((rs->rs_rates[i] & IEEE80211_RATE_BASIC) == 0) > + continue; > + ofdm |= (1 << (i - IWM_FIRST_OFDM_RATE)); > if (lowest_present_ofdm > i) > lowest_present_ofdm = i; > }
Re: Slow wifi
i currently use stable. I updated my system a week ago. How stable is current? I use my laptop for programming (java) and im a bit skeptical about running current. On Thu, Nov 10, 2016 at 10:09 PM, Stefan Sperling <s...@stsp.name> wrote: > On Thu, Nov 10, 2016 at 09:17:38PM +0200, George Pediaditis wrote: >> hello >> Im having trouble with wifi. I cant download faster than 523.94kBit/s >> Im using the iwm0 driver. > > Please try -current. This problem should be fixed there.
Slow wifi
hello Im having trouble with wifi. I cant download faster than 523.94kBit/s Im using the iwm0 driver. If i use ethernet everything works fine and i get 11.99MBit/s I have tried uninstall/install the drivers again and without trunk0 interface but nothing changes. My etc files are hostname.iwm0 nwid Home wpakey adfsfgdfgdfsomommwqmwk wpaakms psk up hostname.re0 up hostname.trunk0 trunkproto failover trunkport re0 trunkport iwm0 dhcp Any ideas? My dmesg is OpenBSD 6.0-stable (GENERIC.MP) #0: Tue Nov 8 19:51:42 EET 2016 g...@openbox.my.domain:/usr/src/sys/arch/amd64/compile/GENERIC.MP RTC BIOS diagnostic error 80 real mem = 8474267648 (8081MB) avail mem = 8212963328 (7832MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xe6dc0 (71 entries) bios0: vendor LENOVO version "0XCN23WW" date 03/21/2016 bios0: LENOVO 80SR acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP TCPA UEFI UEFI SSDT SSDT TPM2 MSDM SSDT DBGP DBG2 ASF! ASPT BOOT DBGP HPET LPIT APIC MCFG SSDT SSDT SSDT SSDT DMAR FPDT acpi0: wakeup devices GLAN(S3) XHC_(S3) XDCI(S4) HDAS(S3) PXSX(S3) RP01(S3) PXSX(S3) RP02(S3) PXSX(S3) RP03(S3) PXSX(S3) RP04(S3) PXSX(S3) RP05(S3) PXSX(S3) RP06(S3) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 2399 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2395.16 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT ,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 24MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2394.43 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT ,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 1 (application processor) cpu2: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2394.43 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT ,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 1, core 0, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2394.43 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT ,SENSOR,ARAT cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (RP01) acpiprt2 at acpi0: bus -1 (RP02) acpiprt3 at acpi0: bus -1 (RP03) acpiprt4 at acpi0: bus -1 (RP04) acpiprt5 at acpi0: bus 1 (RP05) acpiprt6 at acpi0: bus 2 (RP06) acpiprt7 at acpi0: bus -1 (RP07) acpiprt8 at acpi0: bus -1 (RP08) acpiprt9 at acpi0: bus -1 (RP09) acpiprt10 at acpi0: bus -1 (RP10) acpiprt11 at acpi0: bus -1 (RP11) acpiprt12 at acpi0: bus -1 (RP12) acpiprt13 at acpi0: bus -1 (RP13) acpiprt14 at acpi0: bus -1 (RP14) acpiprt15 at acpi0: bus -1 (RP15) acpiprt16 at acpi0: bus -1 (RP16) acpiprt17 at acpi0: bus -1 (RP17) acpiprt18 at acpi0: bus -1 (RP18) acpiprt19 at acpi0: bus -1 (RP19) acpiprt20 at acpi0: bus -1 (RP20) acpiec0 at acpi0 acpicpu0 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu1 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu2 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33), C1(1000@1 mwait.1), PSS
OpenBSD Anonymous CVS
Hello. On the webpage http://www.openbsd.org/anoncvs.html#CVS it says If you are following the 6.0 -stable branch: $ cd /usr/ports $ cvs -q up -rOPENBSD_6_0 -Pd if you follow the default install 6.0 cvsroot isn't set up so someone should use something like that $ cd /usr/ports $ cvs -qd anon...@anoncvs.ca.openbsd.org:/cvs up -rOPENBSD_6_0 -Pd Similar problem here http://www.openbsd.org/faq/faq5.html#Bld unless I'm missing something
Re: Hotplugd doesnt run /etc/hotplug/attach
if i understand your question no it doesnt connect through usb port $ dmesg | grep -A 3 cdrom cd0 at scsibus1 targ 1 lun 0: <HL-DT-ST, DVDRAM GUE0N, T.02> ATAPI 5/cdrom removable ppb0 at pci0 dev 28 function 0 "Intel 100 Series PCIE" rev 0xf1: msi pci1 at ppb0 bus 1 re0 at pci1 dev 0 function 0 "Realtek 8168" rev 0x10: RTL8168GU/8111GU (0x5080), msi, address 50:7b:9d:f4:e3:3c cd0 at scsibus1 targ 1 lun 0: <HL-DT-ST, DVDRAM GUE0N, T.02> ATAPI 5/cdrom removable ppb0 at pci0 dev 28 function 0 "Intel 100 Series PCIE" rev 0xf1: msi pci1 at ppb0 bus 1 re0 at pci1 dev 0 function 0 "Realtek 8168" rev 0x10: RTL8168GU/8111GU (0x5080), msi, address 50:7b:9d:f4:e3:3c On Sun, Sep 18, 2016 at 10:26 AM, Stephane HUC "PengouinPdt" <b...@stephane-huc.net> wrote: > I think you are in error. > > The doc hotplug-diskmount say: > > "When you plug USB thumb drive, insert SD card into the attached card > reader or insert CD/DVD into attached removable DVD drive filesystems > from these devices will be automatically mounted under /vol/DRIVE_NAME. > Hotplug-diskmount will mount as many partitions as disk contains." > > @George: just for be sure: your device CD-Rom is really USB? really > removable drive? > > > > On 09/18/16 06:59, Sebastien Marie wrote: >> On Sat, Sep 17, 2016 at 07:34:42PM +0300, George Pediaditis wrote: >>> Hello. >>> >>> I am trying to mount CD automatically when i insert it. >>> Hotplugd doesn't run /etc/hotplug/attach when i insert the CD. >>> It works fine with USB stick any ideas? >>> >> >> hotplugd(8) watchs for devices attachment or detachment, but a CD >> insertion is a new medium in a existing device, so no event is >> generated. >> >> For this specific problem, sysutils/toad (marked broken) was using a >> polling daemon: a program that regulary try to readlabelfs(3) from cdXc, >> and run itself the attach script. >> >> See https://github.com/ajacoutot/toad/blob/master/toadd.c for source >> code of the polling daemon. >> > > -- > ~ " Fully Basic System Distinguish Life! " ~ " Libre as a BSD " > +=<<< > > Stephane HUC as CIOTBSD > b...@stephane-huc.net
Re: Hotplugd doesnt run /etc/hotplug/attach
I checked hotplug-diskmount. It works fine from command line. It mounts the cdrom. The problem is that i don't know where to insert that line of code. hotplugd doesn't called attach file. On Sun, Sep 18, 2016 at 7:59 AM, Sebastien Marie <sema...@online.fr> wrote: > On Sat, Sep 17, 2016 at 07:34:42PM +0300, George Pediaditis wrote: >> Hello. >> >> I am trying to mount CD automatically when i insert it. >> Hotplugd doesn't run /etc/hotplug/attach when i insert the CD. >> It works fine with USB stick any ideas? >> > > hotplugd(8) watchs for devices attachment or detachment, but a CD > insertion is a new medium in a existing device, so no event is > generated. > > For this specific problem, sysutils/toad (marked broken) was using a > polling daemon: a program that regulary try to readlabelfs(3) from cdXc, > and run itself the attach script. > > See https://github.com/ajacoutot/toad/blob/master/toadd.c for source > code of the polling daemon. > -- > Sebastien Marie
Re: Hotplugd doesnt run /etc/hotplug/attach
thanks for your reply. I attached the 2 files you requested. I should add/ that i can mount without any problems the cd from the command line. My problem is hotplugd that doesnt run /etc/hotplug/attach. thanks On Sun, Sep 18, 2016 at 6:26 AM, Edgar Pettijohn <ed...@pettijohn-web.com> wrote: > On 16-09-17 19:34:42, George Pediaditis wrote: >> Hello. >> >> I am trying to mount CD automatically when i insert it. >> Hotplugd doesn't run /etc/hotplug/attach when i insert the CD. >> It works fine with USB stick any ideas? >> >> Thanks > > You may want to provide logs(i think it logs to /var/log/daemon) > , dmesg, /etc/hotplug/attach script. > -- > Edgar Pettijohn [demime 1.01d removed an attachment of type application/octet-stream which had a name of daemon] [demime 1.01d removed an attachment of type application/octet-stream which had a name of dmesg]
Re: Hotplugd doesnt run /etc/hotplug/attach
I attached the file you request. Although i dont think the problem is the file. Before "case $DEVCLASS in" i put a line of code echo "test" >/tmp/test to see if the file was executed when i entered a cd. Nothing happened when i enter a cd. But when i entered my usb stick the file was created. It seems to me that hotplugd doesnt call attach when you enter a cdrom thanks ps.I would prefer to use attach to mount my cd although if that isnt possible if you have any other ideas it would be nice to know. On 9/17/16, Stephane HUC "PengouinPdt" <b...@stephane-huc.net> wrote: > Hi, George > > Please send your config file /etc/hotplug/attach. > > > > On 09/17/16 18:34, George Pediaditis wrote: >> Hello. >> >> I am trying to mount CD automatically when i insert it. >> Hotplugd doesn't run /etc/hotplug/attach when i insert the CD. >> It works fine with USB stick any ideas? >> >> Thanks >> > > -- > ~ " Fully Basic System Distinguish Life! " ~ " Libre as a BSD " > +=<<< > > Stephane HUC as CIOTBSD > b...@stephane-huc.net [demime 1.01d removed an attachment of type application/octet-stream which had a name of attach]
Hotplugd doesnt run /etc/hotplug/attach
Hello. I am trying to mount CD automatically when i insert it. Hotplugd doesn't run /etc/hotplug/attach when i insert the CD. It works fine with USB stick any ideas? Thanks
Re: configure ethernet and wireless(solved)
I found the problem. The hostname.iwm0 was "nwid COSMOTE-C4F2EC wpakey QqCjuQZJfHAfZCbS wpaakms psk up" and i change it to "up nwid COSMOTE-C4F2EC wpakey QqCjuQZJfHAfZCbS wpaakms psk" thanks On Wed, Sep 14, 2016 at 10:05 PM, Raf Czlonka <rczlo...@gmail.com> wrote: > On Wed, Sep 14, 2016 at 06:59:49PM BST, George Pediaditis wrote: > >> then i followed the instructions on faq to setup a trunk interface. >> >> I created the files >> /etc/hostname.re0 that contains: >> "up" >> >> /etc/hostname.iwm0 that contains: >> "nwid (ssid) >> wpakey (wpa psk) >> wpaakms (psk) >> up" >> >> and /etc/hostname.trunk0 that contains: >> >> "trunkproto failover trunkport bge0 >> trunkport iwn0 >> dhcp" > > Hi George, > > You have you used bge(4) and iwn(4) - interfaces which you don't > have - instead of re(4) and iwm(4)? > > ;^) > > Regards, > > Raf
Re: configure ethernet and wireless(solved)
@Raf Czlonka Thanks for your replay. The hostname.trunk0 is correct. My laptop didn't have access to internet so i used another computer and copied that part from the webpage and i forgot to change it. On Wed, Sep 14, 2016 at 10:05 PM, Raf Czlonka <rczlo...@gmail.com> wrote: > On Wed, Sep 14, 2016 at 06:59:49PM BST, George Pediaditis wrote: > >> then i followed the instructions on faq to setup a trunk interface. >> >> I created the files >> /etc/hostname.re0 that contains: >> "up" >> >> /etc/hostname.iwm0 that contains: >> "nwid (ssid) >> wpakey (wpa psk) >> wpaakms (psk) >> up" >> >> and /etc/hostname.trunk0 that contains: >> >> "trunkproto failover trunkport bge0 >> trunkport iwn0 >> dhcp" > > Hi George, > > You have you used bge(4) and iwn(4) - interfaces which you don't > have - instead of re(4) and iwm(4)? > > ;^) > > Regards, > > Raf
configure ethernet and wireless
Hello! Im new to openbsd. I just installed it to my new laptop and i want to configure wireless and ethernet. my laptop has Intel dual band wireless ac 3165 for wireless and realtek 8168 for ethernet. Ethernet worked fine when i installed it. I wanted to connect with ethernet (re0 interface) if its available. If it isn't available then it should connect with my wifi. (iwm0 interface) i follow the instructions on faq First i created an hostname.iwm0 that contained: "nwid (ssid) wpakey (wpa psk) wpaakms (psk) dhcp" i disconnect ethernet and used sh /etc/netstart iwm0 to restart the network it worked fine. then i followed the instructions on faq to setup a trunk interface. I created the files /etc/hostname.re0 that contains: "up" /etc/hostname.iwm0 that contains: "nwid (ssid) wpakey (wpa psk) wpaakms (psk) up" and /etc/hostname.trunk0 that contains: "trunkproto failover trunkport bge0 trunkport iwn0 dhcp" Ethernet and wifi doesn't work i reboot my laptop and instead of the desktop i ended up in command line. ethernet and wifi still don't work. i attach the output of dmesg -s and dmesg In dmesg i get messages like these "arp: attempt to overwrite entry for 192.168.1.1 on re0 by c8:3a:35:20:3c:d8 on iwm0 arp: attempt to add entry for 192.168.1.1 on re0 by 74:a7:8e:c4:f2:ec on trunk0 arp: attempt to add entry for 192.168.1.1 on re0 by 74:a7:8e:c4:f2:ec on trunk0 arp: attempt to add entry for 192.168.1.1 on re0 by 74:a7:8e:c4:f2:ec on trunk0 " i search the man pages and i got this: "arp: attempt to add entry for %s on %s by %s on %s This usually indicates there is more than one interface connected to the same hub, or that the networks have somehow been short-circuited (e.g. IPs that should have been present on interface one are present on interface two)." I didn't find how to fix it. Thank you for your help. [demime 1.01d removed an attachment of type application/octet-stream which had a name of dmesg.out] [demime 1.01d removed an attachment of type application/octet-stream which had a name of dmesg2.out]
[SOLVED] Re: Certificate Error "format error in certificate's notAfter field"
On Mon, Sep 12, 2016 at 11:40:44AM -0700, Philip Guenther wrote: > That value is acceptable...when encoded as required. > [...] > The notAfter time is before 2050, so it MUST be encoded as a UTCTIME, > but it isn't. You need to fix your CA software to generate > RFC-compliant certificates when signing them. > Thank you for the prompt and informative reply! Looking through my build notes (I've learned to keep notes for things like this), I found that I originally created the CA cert with this command: openssl ca -selfsign -config root-ca.conf -in CA/root-ca.csr -out CA/r\ oot-ca.crt -extensions root_ca_ext -enddate 20351231235959Z As a test, I generated a new root cert with the same process, replacing -enddate 20351231235959Z with -enddate 351231235959Z The resulting cert, and a server cert that I signed with it, both validate properly on my OpenBSD server. I guess I'll now need to re-create all my certs, but at least they'll be RFC-compliant. Thanks again, George Lane Atlanta, US [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Certificate Error "format error in certificate's notAfter field"
I have my own PKI running on a Debian 8 server (that I set up using this tutorial: http://pki-tutorial.readthedocs.io/en/latest/index.html). Certificate creation and signing has worked fine on all my Linux- and Windows- based servers and clients, but when I try to use the certs on OpenBSD 6.0 (httpd, openvpn) nothing works. I'm not sure if it's a problem with the certs themselves, a compatibility problem between OpenSSL and LibreSSL, or something else. Running a verify on either a server cert (whose key and CSR were generated on OpenBSD, and cert signed on the Debian server) produces an error about the notAfter field: $ openssl verify -CAfile root-ca.crt server.crt server.crt: C = US, ST = Georgia, L = Atlanta, O = George Lane, CN = Ge orge Lane Certificate Authority error 14 at 1 depth lookup:format error in certificate's notAfter field $ openssl verify -CAfile root-ca.crt root-ca.crt root-ca.crt: C = US, ST = Georgia, L = Atlanta, O = George Lane, CN = G eorge Lane Certificate Authority error 14 at 0 depth lookup:format error in certificate's notAfter field The man page informs me that error 14 indicates "The certificate notAfter field contains an invalid time." I'm unable to reproduce this on my other servers, though. Here are the same commands run against the same certs on the Debian server: $ openssl verify -CAfile root-ca.crt server.crt server.crt: OK $ openssl verify -CAfile root-ca.crt root-ca.crt root-ca.crt: OK Even opening the cert on the cert management console on Windows 7 displays no apparent errors. The root cert has an expiration date of Dec 31 23:59:59 2035 GMT. Is there some reasons that this would not be an acceptable value? If it helps, feel free to download a copy of my root cert here: http://crt.thinkingguy.com/thinkingguy.com.crt George Lane Atlanta, US [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: Acer Aspire V5-571 WiFi card and Click Pad help
On Sun, May 15, 2016 at 7:42 PM, Ulf Brosziewski < ulf.brosziew...@t-online.de> wrote: > X doesn't recognize the touchpad as clickpad automatically. Open > an X-terminal and enter > $ synclient ClickPad=1 > This will enable click-and-drag/select actions with two fingers. For > emulating left-clicks with tapping, enter > $ synclient TapButton1=1 > and for right-clicks with two-finger tapping, the command is > $ synclient TapButton2=3 > > Of course, you can also automate this and make it permanent, see > $ man synaptics > $ man xorg.conf > etc. > > > On 05/15/2016 10:57 AM, Siju George wrote: > > I have an Acer Aspire V5-571 with OEM Windows 8. I am going to wipe > Windows > > and install OpenBSD on it. > > > > As a trial I installed OpenBSD 5.9 in one of the GPT partitions and face > > there issues. > > > > 1. Atheros AR9462 Wifi card shows up in dmesg but not in ifconfig > > fw_update does not help. How can I get wireless enabled? > > > > 2. Touch pad - Elantec Clickpad version4 works but selection of text > > holding the left corner does not work. tapping to choose does not work > > either. > > > > Any help to make these things work is highly appreciated. > > > > Thanks > > > > Siju > > > > > > âCould you also teach me about copying âand pasting with the touch pad? THanks :) Siju
Acer Aspire V5-571 WiFi card and Click Pad help
I have an Acer Aspire V5-571 with OEM Windows 8. I am going to wipe Windows and install OpenBSD on it. As a trial I installed OpenBSD 5.9 in one of the GPT partitions and face there issues. 1. Atheros AR9462 Wifi card shows up in dmesg but not in ifconfig fw_update does not help. How can I get wireless enabled? 2. Touch pad - Elantec Clickpad version4 works but selection of text holding the left corner does not work. tapping to choose does not work either. Any help to make these things work is highly appreciated. Thanks Siju
Re: Problem with IPSEC between OpenBSD and VMWare vcloud air platform
It seems that I was provided the wrong peer IP (which was also running an IPSEC endpoint but with different settings). So after placing the right IP address in the ipsec.conf the flows are established although I get some errors like: Default responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs: initiator id 192.168.55.0/255.255.255.0, responder id 192.168.66.0/255.255.255.0 180852.346361 Default dropped message from A.B.C.D port 500 due to notification type INVALID_ID_INFORMATION The problem now is that I can ping from one side to another (from cloud to our premises) but not the opposite direction. Thanks, George On Tue, May 10, 2016 at 1:40 PM, George Kourvoulis <gko...@gmail.com> wrote: > Hi, > I am trying to create an IPSEC tunnel between an OpenBSD 5.8 and VMWare's > vcloud air cloud platform. > > The options that I can set from the vmware side (they provide a GUI) are > specific and they are the following: > > -Local networks > -Remote networks > -Peer > -Pre shared key > -Encryption (3DES) > > On the OpenBSD side I use ipsec.conf and the contents are the following: > > ike esp from 192.168.66.0/24 to 192.168.55.0/24 peer ABC.DEF.GHI.JKL main > auth hmac-sha1 enc 3des group modp1024 quick auth hmac-sha2-256 enc > blowfish psk MY-PSK-PHRASE > > When I start isakmpd and ipsecctl -f /etc/ipsec.conf I always get the > following message and the SAs are never created. > > 133935.717470 Default attribute_unacceptable: AUTHENTICATION_METHOD: got > PRE_SHARED, expected RSA_SIG > 133935.717808 Default message_negotiate_sa: no compatible proposal found > 133935.717916 Default dropped message from ABC.DEF.GHI.JKL port 500 due to > notification type NO_PROPOSAL_CHOSEN > 133944.988656 Default transport_send_messages: giving up on exchange > peer-ABC.DEF.GHI.JKL , no response from peer ABC.DEF.GHI.JKL :500 > 133945.755693 Default attribute_unacceptable: AUTHENTICATION_METHOD: got > PRE_SHARED, expected RSA_SIG > 133945.755884 Default message_negotiate_sa: no compatible proposal found > 133945.755930 Default dropped message from ABC.DEF.GHI.JKL port 500 due to > notification type NO_PROPOSAL_CHOSEN > > It seems that although I specify that I want a psk to be used, it expects > a pub key. > > Thank you, > George
Problem with IPSEC between OpenBSD and VMWare vcloud air platform
Hi, I am trying to create an IPSEC tunnel between an OpenBSD 5.8 and VMWare's vcloud air cloud platform. The options that I can set from the vmware side (they provide a GUI) are specific and they are the following: -Local networks -Remote networks -Peer -Pre shared key -Encryption (3DES) On the OpenBSD side I use ipsec.conf and the contents are the following: ike esp from 192.168.66.0/24 to 192.168.55.0/24 peer ABC.DEF.GHI.JKL main auth hmac-sha1 enc 3des group modp1024 quick auth hmac-sha2-256 enc blowfish psk MY-PSK-PHRASE When I start isakmpd and ipsecctl -f /etc/ipsec.conf I always get the following message and the SAs are never created. 133935.717470 Default attribute_unacceptable: AUTHENTICATION_METHOD: got PRE_SHARED, expected RSA_SIG 133935.717808 Default message_negotiate_sa: no compatible proposal found 133935.717916 Default dropped message from ABC.DEF.GHI.JKL port 500 due to notification type NO_PROPOSAL_CHOSEN 133944.988656 Default transport_send_messages: giving up on exchange peer-ABC.DEF.GHI.JKL , no response from peer ABC.DEF.GHI.JKL :500 133945.755693 Default attribute_unacceptable: AUTHENTICATION_METHOD: got PRE_SHARED, expected RSA_SIG 133945.755884 Default message_negotiate_sa: no compatible proposal found 133945.755930 Default dropped message from ABC.DEF.GHI.JKL port 500 due to notification type NO_PROPOSAL_CHOSEN It seems that although I specify that I want a psk to be used, it expects a pub key. Thank you, George
Re: pppoe (kernel) works but doesn't
Sorry for bothering you, I had to go tcpdump the entire network "conversation" between linux and bsd in order to find out that I had miss type my username... Thank you for your reply Pierre nevertheless :) P.S. This topic can be deleted On Sat, Mar 26, 2016 at 1:34 PM, Pierre Emeriaud < petrus.lt+open...@gmail.com> wrote: > Hi George, > > > pppoe0: flags=8855<UP,DEBUG,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu > 1492 > > priority: 0 > > dev: em0 state: session > > sid: 0x1d1e PADI retries: 0 PADR retries: 0 time: 00:13:01 > > sppp: phase network authproto pap authname "user" > > groups: pppoe egress > > status: active > > inet 10.0.128.0 --> 83.235.1.86 netmask 0x > > > > Despite the fact that everything seems to work OK, I can only ping > > 83.235.1.86 and nothing else. I tried pinging 8.8.8.8 or my ISP's DNS > > servers but for some reason this is not possible. > > Are you sure you're not hitting some kind of walled garden? Or is the > private address from your ESX setup? > > If your ISP is indeed OTE, PAP seems fine as per > http://ipv6.ote.gr/?page_id=74=en, but you could try CHAP just in > case. > > -pierre
pppoe (kernel) works but doesn't
Hi, 1) I have set kernel pppoe with the following options (I have only one NIC directly connected to my dsl modem) : # cat /etc/hostname.pppoe0 inet 0.0.0.0 255.255.255.255 NONE \ pppoedev em0 authproto pap \ authname 'user' authkey 'pass' up dest 0.0.0.1 !/sbin/route add default -ifp pppoe0 0.0.0.1 2) authentication and remote/local IP seem to acquired fine (ifconfig output follows) pppoe0: flags=8855<UP,DEBUG,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1492 priority: 0 dev: em0 state: session sid: 0x1d1e PADI retries: 0 PADR retries: 0 time: 00:13:01 sppp: phase network authproto pap authname "user" groups: pppoe egress status: active inet 10.0.128.0 --> 83.235.1.86 netmask 0x 3) default route is set correctly Internet: DestinationGatewayFlags Refs Use Mtu Prio Iface default83.235.1.86UGS0 68 - 8 pppoe0 10.0.128.0 10.0.128.0 UHl00 - 1 lo0 83.235.1.8610.0.128.0 UH 00 - 8 pppoe0 127/8 127.0.0.1 UGRS 00 32768 8 lo0 127.0.0.1 127.0.0.1 UHl10 32768 1 lo0 192.168.1/24 192.168.1.2UC 20 - 8 em0 192.168.1.200:50:56:bd:6e:be UHLl 00 - 1 lo0 192.168.1.4d8:cb:8a:3c:25:60 UHLc 215928 - 8 em0 192.168.1.100 00:0c:29:61:90:5c UHLc 0 10 - 8 em0 192.168.1.255 192.168.1.2UHb00 - 1 em0 224/4 127.0.0.1 URS00 32768 8 lo0 4) LCP communication seems to be OK: pppoe0: lcp output pppoe0 (8864) state=3, session=0x1d1e output -> 00:90:1a:41:fa:4b, len=16 pppoe0: lcp input(opened): 5) my pf.conf set skip on lo match on pppoe0 scrub (max-mss 1440) pass all Despite the fact that everything seems to work OK, I can only ping 83.235.1.86 and nothing else. I tried pinging 8.8.8.8 or my ISP's DNS servers but for some reason this is not possible. I am on OpenBSD 5.8 running under esxi 6. Any ideas? Thank you for your time, George
Re: root access after failed fsck
On 20/02/2016 12:52 μμ, arrowscr...@mail.com wrote: Wow, that's new to me. Thanks. Anyway, I still think that this "password rescue" should not be allowed by default. I know operating systems can do very little to prevent physical problems like side-channel attacks, but this is not the case, and this does not mean that the OS should not make it harder the attacks even if someone have physical access. There's systems, from what I remember (HP servers, I think), that allow remote control based on firmware. One could use this escape "feature" to get your root, without physical access. Same for hosts services. Also, the page 14.21 from faq say "I forgot my passphrase! Sorry. This is real encryption, there's not a back door or magic unlocking tool." why exactly the root should be different? If one lost his passphrase, it's his fault. I thought the philosophy was "secure by default", even if this make the "computer difficult to manage properly". Moreover, this is also the case with most Linux distro's you've probably used in your life. You may have to enter a password on some distro's when in single-user mode, but grub is almost always passwordless, which means you can edit it to set /bin/bash as init, which basically bypasses all such "restrictions". Secure by default does not mean that everything is hardened, as this wouldn't be that practical either. One could argue that file system permissions on binary and library folders could be more strict, or that systrace should have been setup and configured by default, but I think that this by far exceeds what a "secure OS" would be and enforces probable restrictions on sysadmins that they may not want to adhere to. I don't think that the goal of a proactively secure OS like OpenBSD is to be configured to be hardened by default so as to be used by expert or non-expert admins to feel safer, because that would be more misleading than helpful, as Stuart suggested. The goal is to have a generically safe OS where program crashes don't result in privilege escalation that easily and whose code is designed and written with security in mind to reduce vulnerabilities. It's the sysadmins' responsibility to further "secure" their installations and chose which features they'd further add which would probably make OS maintenance more difficult. Having said that, to my understanding, securing physical access by asking the pass phrase in single-user mode in an OS would be more than a marketing thing rather than a security feature per-se. George.
Re: OpenBSD 5.8 ikev2 road warrior setup with various clients
Since, as it seems, this list is not the appropriate place for asking ikev2 related questions, could anybody please direct me as to where such a place would be (mailing list, irc, etc.)? Thanks again! On 17/02/2016 11:57 πμ, George Mamalakis wrote: On 16/02/2016 11:59 πμ, George Mamalakis wrote: Hi all! I'm trying to configure an ikev2 VPN gateway on my OpenBSD 5.8 box to allow remote access to my local network from various, road-warrior client "types" (MS Windows, Linux's, BSD's). My example local network is 10.0.0.0/24 and my public IP (egress) is 1.2.3.4. I've read various guides on the Internet regarding analogous setups, but all of them were discussing about MS Windows clients. I'm trying to test my setup with an OpenBSD 5.8 client but I fail, and next I'd like to test it with a FreeBSD and a Linux client to see if it works. My /etc/iked.conf looks like this: ikev2 passive esp \ from 10.0.0.0/24 to 10.10.10.0/24 local 1.2.3.4 peer any \ psk mypass \ config address 10.10.10.5 My client's /etc/iked.conf looks like this: ikev2 active esp \ from 10.10.10.0/24 to 10.0.0.0/24 peer 1.2.3.4 \ psk lala123 which is based on an old email of this list (at around 2012), and as I explained earlier, it doesn't work. What happens is that when I try to access 10.0.0.1 from my client, the specific traffic is not passing from enc0 but is rather passing directly from the egress interface to its default route. Now, as it seems, this is a routing/flows issue, but I am unsure as to how to address it. ipsecctl -sa on both machines looks good (or at least I think it does): server: # ipsecctl -sa FLOWS: flow esp in from 10.10.10.0/24 to 10.0.0.0/24 peer 5.6.7.8 srcid FQDN/1.2.3.4 dstid FQDN/5.6.7.8 type use flow esp out from 10.0.0.0/24 to 10.10.10.0/24 peer 5.6.7.8 srcid FQDN/1.2.3.4 dstid FQDN/5.6.7.8 type require flow esp out from ::/0 to ::/0 type deny SAD: esp tunnel from 5.6.7.8 to 1.2.3.4 spi 0x3ebcc647 auth hmac-sha2-256 enc aes-256 esp tunnel from 1.2.3.4 to 5.6.7.8 spi 0x736c382f auth hmac-sha2-256 enc aes-256 client: # ipsecctl -sa FLOWS: flow esp in from 10.0.0.0/24 to 10.10.10.0/24 peer 1.2.3.4 srcid FQDN/5.6.7.8 dstid FQDN/1.2.3.4 type use flow esp out from 10.10.10.0/24 to 10.0.0.0/24 peer 1.2.3.4 srcid FQDN/5.6.7.8 dstid FQDN/1.2.3.4 type require flow esp out from ::/0 to ::/0 type deny SAD: esp tunnel from 5.6.7.8 to 1.2.3.4 spi 0x3ebcc647 auth hmac-sha2-256 enc aes-256 esp tunnel from 1.2.3.4 to 5.6.7.8 spi 0x736c382f auth hmac-sha2-256 enc aes-256 As inferred, my client's public IP is 5.6.7.8, and on both machines ip forwarding is enabled (pf allows all traffic as well). Any help would be greatly appreciated, and directions towards an analogous, working, client setup for FreeBSD and Linux would be equally appreciated. Thanks all in advance, George. I've also tried a different setup (without an internal network) which works for about a minute or so, and then it stops. server: # cat /etc/iked.conf ikev2 passive esp \ from 10.0.0.0/24 to 0.0.0.0/0 local 1.2.3.4 peer any \ psk mypass # cat /etc/ipsec.conf flow esp out from 10.0.0.0/24 to 10.0.0.0/24 type bypass client: # cat /etc/iked.conf ikev2 active esp \ from 0.0.0.0/0 to 10.0.0.0/24 peer 1.2.3.4 \ psk mypass With this configuration, both client and server are able to access 10.0.0.0/24 (by adding the extra flow in server's /etc/ipsec.conf and loading it via ipsecctl -f /etc/ipsec.conf), but after a minute or so the setup stops working. Traffic is reaching the server's enc0 interface and replies are sent to the client via enc0, but the client's udp port which used to accept packets becomes unreachable (closes for some reason): 08:00:27:ee:e7:fd 08:00:27:59:7c:d4 0800 178: 1.2.3.4.52586 > 5.6.7.8.58353: udp 136 08:00:27:59:7c:d4 08:00:27:ee:e7:fd 0800 70: 5.6.7.8 > 1.2.3.4: icmp: 5.6.7.8 udp port 58353 unreachable I'm not sure that running: # iked -vvd & on both machines, reveals not additional information, except that the client checks both incoming and outgoing SA, whereas the server checks only the incoming: client: ikev2_init_ike_sa: "policy1" is already active ikev2_ike_sa_alive: outgoing CHILD SA spi 0x243b7395 last used 54 second(s) ago pfkey_sa_last_used: last_used 1455636797 ikev2_ike_sa_alive: incoming CHILD SA spi 0x2ee69c30 last used 54 second(s) ago ikev2_init_ike_sa: "policy1" is already active pfkey_sa_last_used: last_used 1455636860 ikev2_ike_sa_alive: outgoing CHILD SA spi 0x243b7395 last used 51 second(s) ago pfkey_sa_last_used: last_used 1455636860 ikev2_ike_sa_alive: incoming CHILD SA spi 0x2ee69c30 last used 51 second(s) ago server: pfkey_sa_last_used: last_used 1455636795 ikev2_ike_sa_alive: incoming CHILD SA spi 0x243b7395 last used 54 second(s) ago pfkey_sa_last_used: last_used 1455636858 ikev2_ike_sa_alive: incoming CHILD SA spi 0x243b7395 last used 51 second(s) ago Thanks all for your time and he
Re: root access after failed fsck
As in all BSD's I know of, edit /etc/ttys (as root) and change console to be insecure (it defaults to "secure"). This way you'll be asked for a password when in single user mode. This is no security issue, it is how single user mode "operates" and it's configurable. George. PS. Be sure you won't forget your root's password :). PS2. Physical access to a box (which is usually implied when running in single user mode) can almost certainly lead to a compromised machine. On 20/02/2016 10:59 πμ, arrowscr...@mail.com wrote: Some minutes ago I had a energy blackout here in my city. I was running OpenBSD. When I booted after energy came back, the system did the usual fsck. But this time something went wrong and he just escaped to root, without asking for any passphrase. The system did a question like "point the path to sh", and I just typed "/bin/sh" and he gained access to root. I think this is a serious security problem folks. I have softraid_crypto, so no problem for me, but one could (probably) induce this failure to access root when no FDE configured and he have physical access (or remove, who know with all these Intel AMT microcodes). The /var/log/ have none logs about it, all I can show is the dmesg (if you need more information, just ask): OpenBSD 5.9-beta (GENERIC.MP) #1864: Mon Jan 25 19:11:29 MST 2016 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 16481857536 (15718MB) avail mem = 15978151936 (15237MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe98e0 (94 entries) bios0: vendor American Megatrends Inc. version "1601" date 11/27/2013 bios0: ASUSTeK COMPUTER INC. P8H61-M LX2 R2.0 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT MCFG SSDT BGRT SSDT SSDT DMAR acpi0: wakeup devices P0P1(S4) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PEGP(S4) PEG0(S4) PEG1(S4) PEG2(S4) PEG3(S4) PXSX(S4) RP04(S4) PXSX(S4) RP03(S4) PS2K(S4) PS2M(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, 3200.43 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 100MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, 3200.03 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, 3200.02 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, 3200.02 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 0, core 3, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (P0P1) acpiprt2 at acpi0: bus 2 (RP01) acpiprt3 at acpi0: bus -1 (RP02) acpiprt4 at acpi0: bus 1 (PEG0) acpiprt5 at acpi0: bus -1 (PEG1) acpiprt6 at acpi0: bus -1 (PEG2) acpiprt7 at acpi0: bus -1 (PEG3) acpiprt8 at acpi0: bus 5 (RP04) acpiprt9 at acpi0: bus 3 (RP03) acpiprt10 at acpi0: bus 4 (PXSX) acpiec0 at acpi0: not present acpicpu0 at acpi0: C1(1000@1 mwait.1), PSS acpicpu1 at acpi0: C1(1000@1 mwait.1), PSS acpicpu2 at acpi0: C1(1000@1 mwait.1), PSS acpicpu3 at acpi0: C1(1000@1 mwait.1), PSS acpipwrres0 at acpi0: FN00, resource for FAN0 acpipwr
Re: OpenBSD 5.8 ikev2 road warrior setup with various clients
On 16/02/2016 11:59 πμ, George Mamalakis wrote: Hi all! I'm trying to configure an ikev2 VPN gateway on my OpenBSD 5.8 box to allow remote access to my local network from various, road-warrior client "types" (MS Windows, Linux's, BSD's). My example local network is 10.0.0.0/24 and my public IP (egress) is 1.2.3.4. I've read various guides on the Internet regarding analogous setups, but all of them were discussing about MS Windows clients. I'm trying to test my setup with an OpenBSD 5.8 client but I fail, and next I'd like to test it with a FreeBSD and a Linux client to see if it works. My /etc/iked.conf looks like this: ikev2 passive esp \ from 10.0.0.0/24 to 10.10.10.0/24 local 1.2.3.4 peer any \ psk mypass \ config address 10.10.10.5 My client's /etc/iked.conf looks like this: ikev2 active esp \ from 10.10.10.0/24 to 10.0.0.0/24 peer 1.2.3.4 \ psk lala123 which is based on an old email of this list (at around 2012), and as I explained earlier, it doesn't work. What happens is that when I try to access 10.0.0.1 from my client, the specific traffic is not passing from enc0 but is rather passing directly from the egress interface to its default route. Now, as it seems, this is a routing/flows issue, but I am unsure as to how to address it. ipsecctl -sa on both machines looks good (or at least I think it does): server: # ipsecctl -sa FLOWS: flow esp in from 10.10.10.0/24 to 10.0.0.0/24 peer 5.6.7.8 srcid FQDN/1.2.3.4 dstid FQDN/5.6.7.8 type use flow esp out from 10.0.0.0/24 to 10.10.10.0/24 peer 5.6.7.8 srcid FQDN/1.2.3.4 dstid FQDN/5.6.7.8 type require flow esp out from ::/0 to ::/0 type deny SAD: esp tunnel from 5.6.7.8 to 1.2.3.4 spi 0x3ebcc647 auth hmac-sha2-256 enc aes-256 esp tunnel from 1.2.3.4 to 5.6.7.8 spi 0x736c382f auth hmac-sha2-256 enc aes-256 client: # ipsecctl -sa FLOWS: flow esp in from 10.0.0.0/24 to 10.10.10.0/24 peer 1.2.3.4 srcid FQDN/5.6.7.8 dstid FQDN/1.2.3.4 type use flow esp out from 10.10.10.0/24 to 10.0.0.0/24 peer 1.2.3.4 srcid FQDN/5.6.7.8 dstid FQDN/1.2.3.4 type require flow esp out from ::/0 to ::/0 type deny SAD: esp tunnel from 5.6.7.8 to 1.2.3.4 spi 0x3ebcc647 auth hmac-sha2-256 enc aes-256 esp tunnel from 1.2.3.4 to 5.6.7.8 spi 0x736c382f auth hmac-sha2-256 enc aes-256 As inferred, my client's public IP is 5.6.7.8, and on both machines ip forwarding is enabled (pf allows all traffic as well). Any help would be greatly appreciated, and directions towards an analogous, working, client setup for FreeBSD and Linux would be equally appreciated. Thanks all in advance, George. I've also tried a different setup (without an internal network) which works for about a minute or so, and then it stops. server: # cat /etc/iked.conf ikev2 passive esp \ from 10.0.0.0/24 to 0.0.0.0/0 local 1.2.3.4 peer any \ psk mypass # cat /etc/ipsec.conf flow esp out from 10.0.0.0/24 to 10.0.0.0/24 type bypass client: # cat /etc/iked.conf ikev2 active esp \ from 0.0.0.0/0 to 10.0.0.0/24 peer 1.2.3.4 \ psk mypass With this configuration, both client and server are able to access 10.0.0.0/24 (by adding the extra flow in server's /etc/ipsec.conf and loading it via ipsecctl -f /etc/ipsec.conf), but after a minute or so the setup stops working. Traffic is reaching the server's enc0 interface and replies are sent to the client via enc0, but the client's udp port which used to accept packets becomes unreachable (closes for some reason): 08:00:27:ee:e7:fd 08:00:27:59:7c:d4 0800 178: 1.2.3.4.52586 > 5.6.7.8.58353: udp 136 08:00:27:59:7c:d4 08:00:27:ee:e7:fd 0800 70: 5.6.7.8 > 1.2.3.4: icmp: 5.6.7.8 udp port 58353 unreachable I'm not sure that running: # iked -vvd & on both machines, reveals not additional information, except that the client checks both incoming and outgoing SA, whereas the server checks only the incoming: client: ikev2_init_ike_sa: "policy1" is already active ikev2_ike_sa_alive: outgoing CHILD SA spi 0x243b7395 last used 54 second(s) ago pfkey_sa_last_used: last_used 1455636797 ikev2_ike_sa_alive: incoming CHILD SA spi 0x2ee69c30 last used 54 second(s) ago ikev2_init_ike_sa: "policy1" is already active pfkey_sa_last_used: last_used 1455636860 ikev2_ike_sa_alive: outgoing CHILD SA spi 0x243b7395 last used 51 second(s) ago pfkey_sa_last_used: last_used 1455636860 ikev2_ike_sa_alive: incoming CHILD SA spi 0x2ee69c30 last used 51 second(s) ago server: pfkey_sa_last_used: last_used 1455636795 ikev2_ike_sa_alive: incoming CHILD SA spi 0x243b7395 last used 54 second(s) ago pfkey_sa_last_used: last_used 1455636858 ikev2_ike_sa_alive: incoming CHILD SA spi 0x243b7395 last used 51 second(s) ago Thanks all for your time and help in advance, George. PS. I'm getting the same behaviour even without the additional flow of /etc/ipsec.conf, so I've ruled it out from a problem candidate.
OpenBSD 5.8 ikev2 road warrior setup with various clients
Hi all! I'm trying to configure an ikev2 VPN gateway on my OpenBSD 5.8 box to allow remote access to my local network from various, road-warrior client "types" (MS Windows, Linux's, BSD's). My example local network is 10.0.0.0/24 and my public IP (egress) is 1.2.3.4. I've read various guides on the Internet regarding analogous setups, but all of them were discussing about MS Windows clients. I'm trying to test my setup with an OpenBSD 5.8 client but I fail, and next I'd like to test it with a FreeBSD and a Linux client to see if it works. My /etc/iked.conf looks like this: ikev2 passive esp \ from 10.0.0.0/24 to 10.10.10.0/24 local 1.2.3.4 peer any \ psk mypass \ config address 10.10.10.5 My client's /etc/iked.conf looks like this: ikev2 active esp \ from 10.10.10.0/24 to 10.0.0.0/24 peer 1.2.3.4 \ psk lala123 which is based on an old email of this list (at around 2012), and as I explained earlier, it doesn't work. What happens is that when I try to access 10.0.0.1 from my client, the specific traffic is not passing from enc0 but is rather passing directly from the egress interface to its default route. Now, as it seems, this is a routing/flows issue, but I am unsure as to how to address it. ipsecctl -sa on both machines looks good (or at least I think it does): server: # ipsecctl -sa FLOWS: flow esp in from 10.10.10.0/24 to 10.0.0.0/24 peer 5.6.7.8 srcid FQDN/1.2.3.4 dstid FQDN/5.6.7.8 type use flow esp out from 10.0.0.0/24 to 10.10.10.0/24 peer 5.6.7.8 srcid FQDN/1.2.3.4 dstid FQDN/5.6.7.8 type require flow esp out from ::/0 to ::/0 type deny SAD: esp tunnel from 5.6.7.8 to 1.2.3.4 spi 0x3ebcc647 auth hmac-sha2-256 enc aes-256 esp tunnel from 1.2.3.4 to 5.6.7.8 spi 0x736c382f auth hmac-sha2-256 enc aes-256 client: # ipsecctl -sa FLOWS: flow esp in from 10.0.0.0/24 to 10.10.10.0/24 peer 1.2.3.4 srcid FQDN/5.6.7.8 dstid FQDN/1.2.3.4 type use flow esp out from 10.10.10.0/24 to 10.0.0.0/24 peer 1.2.3.4 srcid FQDN/5.6.7.8 dstid FQDN/1.2.3.4 type require flow esp out from ::/0 to ::/0 type deny SAD: esp tunnel from 5.6.7.8 to 1.2.3.4 spi 0x3ebcc647 auth hmac-sha2-256 enc aes-256 esp tunnel from 1.2.3.4 to 5.6.7.8 spi 0x736c382f auth hmac-sha2-256 enc aes-256 As inferred, my client's public IP is 5.6.7.8, and on both machines ip forwarding is enabled (pf allows all traffic as well). Any help would be greatly appreciated, and directions towards an analogous, working, client setup for FreeBSD and Linux would be equally appreciated. Thanks all in advance, George.
Re: It was twenty years ago you see...
It has been 15 years or so I had no degree, so no job One kind soul called me to be An apprentice without salary Windows 2000 & Zonealarm Was the firewall where I was Once in 3 months required a reinstall Because it became the cracker's ball An apprentice not knowing too much About networking far less securing Began to google for a Linux firewall But came across PF firewall Went around asking for help To install OpenBSD in firm All I got from the Linux Gurus Was discouragement, said it 's tough Started reading the Install doc Took a month to understand 'slice' Partitions inside partition Slowly things began to click I learned things on 3.4 Had a firewall by 3.5 :-) ( http://undeadly.org/cgi?action=article=20041013190823 ) Then there was no newbies list misc@ that time was a little tough ;-) The book would cost my 2 salaries So there was no hope but misc@ Seeing my misery to comprehend Two books J C Roberts sent Soon I had a secure desktop in hand( https://goo.gl/142mRd ) And I loved it with all of my heart Made my firm purchase CDs Soon our backups were too in it.( http://goo.gl/ig2cRc, http://goo.gl/jExnCY ) Now there is no looking back Even EU said that they too back ( http://goo.gl/pNohhq ) Twenty years is no small thing But Theo should not be relaxing ;-) Thank you very much Theo and all developers. I learned a lot about security just by reading through the misc mails and googling things I didn't understand. And got kicked out from many free software mailinglists for advocating OpenBSD and the BSD licence ;-) On Sun, Oct 18, 2015 at 12:06 PM, Theo de Raadtwrote: > OpenBSD's source tree just turned 20 years old. > > I recall the import taking about 3 hours on an EISA-bus 486 with two > ESDI drives. There was an import attempt a few days earlier, but it > failed due to insufficient space. It took some time to repartition > the machine. > > It wasn't terribly long before David Miller, Chuck Cranor and Niklas > Hallqvist were commiting... then more people showed up. > > The first developments were improvements to 32-bit sparc. > > Chuck and I also worked on setting up the first 'anoncvs' to make sure > noone was ever cut out from 'the language of diffs' again. I guess > that was the precursor for the github concept these days :-). People > forget, but even FSF was a walled garden at the time -- throwing tar > files with vague logs over the wall every couple months. > > I was lucky to have one of the few 64Kbit ISDN links in town, > otherwise this would not have happened. My desktop was a Sparcstation > 10; the third machine I had was a very slow 386. > > The project is now at: > > ~322,000 commits > ~44 commits/day average > ~356 hackers through the years > > -- > > On this day, is my pleasure to give you a song written for the > release by Todd Miller. > > http://www.openbsd.org/lyrics.html#58a > > It was twenty years ago you see > Theo opened a cvs tree > Made commits to many a file > Joined by others in a very short while > > Take a moment to view > The source of all this code > The openbsd cvs repo... > > We're the openssh repository > We hope you will enjoy the code > The openntpd repository > But that's not all that's here oh no... > The mandoc 'pository, smtpd 'tory > The libressl repo too > > It's wonderful to see the code > Re-used far and wide > The license is so liberal > We'd love for you to code with us > We'd love for you to code... > > I don't really want to have to go > But it's hackathon time and so > The coder will commit the code > That he wants all of you to load > > So let me introduce to you the one and only Puffy Fish > And the openbsd cvs repo... > > B... S... D... > > -- > > (The 5.8 release will be announced and released in a few hours.)
Re: Starting isc_named earlier
On Mon, 24 Aug 2015 16:56:37 -0600 Devin Reade g...@gno.org wrote: --On Monday, August 24, 2015 12:27:06 AM + Stuart Henderson s...@spacehopper.org wrote: Having NFS rely on DNS is not ideal. I don't see why dhcpd would need DNS to run at all? If you have a 'fixed-address' definition in a 'host' block, and the fixed-address uses a FQDN rather than an IP, you will have problems booting the DHCP server if no DNS server is reachable. IIRC, the DHCP daemon will fail to start and as a consequence the server takes a lot longer to come up. This burned me in the past after cold restart of everything on the network, where the internal DNS servers come up slower than the DHCP server. A solution of course is to use an IP in the fixed-address definition. I know the only problem is I am trying to have less moving parts for the configuration as the steps to do become longer and longer when introducing changes and DNS seems like a good place to put name-to-address information ;). If it is not clear: with static IPs fixed-address one can register the IP in the DNS conf have dhcpd do a lookup and provide the IP address to the machine. Considering that most other software has rules based on IP etc.. it can make your life easier and things clearer ... I have had this problem since 5.7, with DNS (because I have not gotten around to migrating to the new pair), but nothing that some editing cannot fix. Nevertheless having a machine secure and functioning properly requires time and effort ... and good notes... so every step you take to deviate from the beaten path will result in a beaten head later ... but things are never as-rosy-as-you-might-like, so be it ;) ce la vie. Cheers, George
Starting isc_named earlier
Hi guys, I was wondering if someone might have a hint on how to start isc_name (on 5.7) earlier than network services like DHCP and NFS. This was OK for me on 5.6 when it was in base but now I have issues as my configs are tied to DNS services on the local machine. I read a bit and fiddled with the rc code, getting failures there, ... I am maybe not looking in the right place?? Any hints appreciated. Regards, George
Re: Starting isc_named earlier
On Sun, 23 Aug 2015 12:49:20 -0500 Edgar Pettijohn ed...@pettijohn-web.com wrote: On 08/23/15 12:40, Theo de Raadt wrote: something like this would probably do it, but would be undone anytime you update or at least I think it will be undone, but maybe not I don't have any experience with making changes to it. --- /etc/rc Sat Aug 22 03:06:56 2015 +++ /etc/rc.new Sun Aug 23 12:27:53 2015 @@ -371,7 +371,7 @@ make_keys echo -n 'starting early daemons:' -start_daemon syslogd ldattach pflogd nsd unbound ntpd +start_daemon syslogd ldattach pflogd isc_named ntpd start_daemon iscsid isakmpd iked sasyncd ldapd npppd echo '.' probably have to add something to /etc/rc.conf.local like isc_named_flags=YES Thanks for taking the time. FYI the 2 changes, above, did not work it still fails starting. I shall look into moving to the other 2 when I get the time. Thank you both. On 08/23/15 12:00, George wrote: Hi guys, I was wondering if someone might have a hint on how to start isc_name (on 5.7) earlier than network services like DHCP and NFS. This was OK for me on 5.6 when it was in base but now I have issues as my configs are tied to DNS services on the local machine. I read a bit and fiddled with the rc code, getting failures there, ... I am maybe not looking in the right place?? Or don't use ISC BIND. Start your migrationg towards unbound / nsd, which are the new, safer toolkit for DNS. In my opinion, ISC BIND falls soundly into this catagory: https://en.wikipedia.org/wiki/Unsafe_at_Any_Speed As a former corvair owner I guarantee it was perfectly safe while parked. general reluctance to spend money on improving safety Except in this case, it is not the manufacturers, but the drivers failing to spend time catching up. There is a general reluctance by many system administrators to (a) comprehend that two decades of research has demonstrated the unsoundness of resource record caching when doing mixed authoritative + recursive (b) because it can do do mixed mode, in practice BIND encourages doing so (c) in part, NSD and unbound were written to stop that practice (d) Some of you are sticks in the mud, and deserve to get hurt.
Re: isolating untrusted programs in ssh chroot jails
You said at beginning of your comments now i don't use firefox (or any 'modern browser) may I ask which browser you like to use? And for what reasons? thanks in advance On Thu, Mar 19, 2015 at 7:56 PM, dan mclaughlin thev...@openmailbox.org wrote: here are the scripts i wrote to make this easier. these really were made for my own use, but i hope others may find them useful. i would be interested to know if anyone else actually does find them useful. would also be glad to know of any errors/problems/things that can go wrong i didn't think of. the first one (jail_new) creates a new jail (and possibly the user). the second one (jail_pkgadd) adds a package and its dependencies to an existing jail. they are expected to be in the same directory (jail_new cannot add packages (-p) otherwise). to relate to my earlier examples: $ jail_new -tu _inmate:_chaingang /home/jail will create the jail in /home/jail and also the user _inmate and group _chaingang. this case it will be just be a regular shell account (just chrooted). $ jail_new -t _inmate:_chaingang /home/jail will create the jail, but will not create the user:group. a real case: $ jail_new -tux -k /home/null/.ssh/id_rsa.pub -p w3m,feh:/usr/release/pkg browse /home/browse w3m -B this command sets up the terminal (-t) and X (-x) in a directory (here /home/browse), creates a user (-u) (in this case 'browse'), uses the given key file (-k) for the authorized keys, installs the packages (-p) w3m and feh (and all of their dependencies) from directory /usr/release/pkg, and sets 'w3m -B' to run automatically via ForceCommand in sshd_config. this is the equivalent of: $ jail_new -tux -k /home/null/.ssh/id_rsa.pub browse /home/browse w3m -B $ jail_pkgadd -p /usr/release/pkg w3m /home/browse $ jail_pkgadd -p /usr/release/pkg feh /home/browse if you want bzip2 in there as well, you can always add it later: $ jail_pkgadd -p /usr/release/pkg bzip2 /home/browse or, if PKG_PATH is set (and not remote) you can omit -p $ jail_pkgadd bzip2 /home/browse if PKG_PATH is set, and is remote, you need: $ jail_pkgadd -r bzip2 /home/browse (note: will only allow a single directory for PKG_PATH) this can be used by running: $ Xephyr :1 env DISPLAY=:1 ssh -X browse@localhost (side note: w3m runs 'display' to display an image, so i create a symlink to feh to view images) another case: $ jail_new -tuxr -k /home/null/.ssh/id_rsa.pub -p xpdf:scp://null@node02/usr/release/pkg pdf /home/pdf you need to specify -r (remote) directly to use remote pkg src. which is the equivalent of: $ jail_new -tux -k /home/null/.ssh/id_rsa.pub pdf /home/pdf $ jail_pkgadd -r -p scp://null@node02/usr/release/pkg xpdf /home/pdf which can be used: $ cp test.pdf /home/pdf/tmp $ Xephyr :1 env DISPLAY=:1 ssh -X browse@localhost xpdf -fullscreen /tmp/test.pdf (in this case it may be best not to use ForceCommand, since you may want to open multiple documents.) WARNING use at your own peril. if you can't read the scripts, you probably shouldn't use them, and then i am certain there are other glaring security flaws you need to know about. i include these because it is a dull pain in the ass to do this manually, and hopefully someone may get some use out of them. other than that, do with it what you wish. they are as fool-proof as i could make them, so that i don't shoot myself in the foot accidently (and i have been around long enough to have done that a few times, even while being careful). but you never know. jail_new: -- #!/bin/ksh USAGE=${0##*/} [-jrtux] [-k authkeys] [-p pkg[,pkg2...][:pkgpath]] user[:group] path [cmd [args ...]] [[ $1 = -h ]] { echo USAGE $USAGE; return 0; } #-t sets PermitTTY and copies files for term #-x sets X11Forwarding and copies files for X (fonts,xauth) #-u creates user; fails if user exists #-j joins group; needed to join existing group #-p pkg[,pkg2...][:pkgpath] #-r allows remote pkg access #uses existing PKG_PATH #pkgpath arg overrides PKG_PATH #only accepts a lone pkgpath PATH=/sbin:/bin:/usr/sbin:/usr/bin echov() { eval echo \\$$1\; } isemptyv() { eval [ \${#$1} -eq 0 ]; } notemptyv() { eval [ \${#$1} -gt 0 ]; } alias xt='set -o xtrace' alias xt-='set +o xtrace' if [ $(id -u) -eq 0 ];then echo ERR cannot run as root return 1 fi _sshd_config=/etc/ssh/sshd_config _sshd_config_tmp=/tmp/sshd_config trap rm -f $_sshd_config_tmp 0 2 #for convenience _fontdir=/usr/X11R6/lib/X11/fonts _terminfo=/usr/share/misc/terminfo.db _termcap=/usr/share/misc/termcap _do_x=no _do_tty=no _do_useradd= _do_joingrp= _do_remote= _authkeys= _pkg= _pkgpath= _userhome=/home/cell while getopts :jrtuxk:p: _opt;do case $_opt in j) _do_joingrp=yes ;; r) _do_remote=-r ;; t) _do_tty=yes ;; u) _do_useradd=yes ;; x) _do_x=yes ;; k) _authkeys=$OPTARG if [ ! -f
Re: Just a thank you.
Ditto! On Sat, Mar 14, 2015 at 5:44 PM, Maurice McCarthy m...@mythic-beasts.com wrote: On Fri, Mar 13, 2015 at 06:09:05PM -0700 or thereabouts, Benjamin Heath wrote: Hi, This seems non-sequitur somehow, but I would simply like thank all the developers of OpenBSD for continuing work on the only OS that I really trust. I learn plenty just by lurking on this list. I also appreciate having a set of developers with the fortitude to entirely reject very flawed systems, and I like that simply because someone has to. Just thanks. Ben. +1. Totally agree. I have now completely abandoned linux. Thanks Hugely Maurice
Re: lynx is gone?
Its not in my pay grade to offer a technical opinion on Lynx removal! But ,,WHAT r u folks using instead, considering?? thanks OpenBSD
Re: Best way forward w.r.t. apache/nginx/httpd?
In more or less the same boat, without php as our virtual sites are simple display only. However for future business developement we have wondered the same. I am inn agreement with your choice of (1) as that would be ours pending feedback here from those who know. On Mon, Dec 29, 2014 at 7:30 AM, T. Ribbrock emga...@gmx.net wrote: Hi all, I'm finally getting round to updating my home server (gets a fresh 5.6 install). Of course, there were a lot of changes over the past versions, one of them being the whole apache - nginx - httpd migration. My webserver has a CMS running which requires PHP and MySQL, plus a few more PHP-applications. Also, I have two or three virtual sites running and I'm currently considering having a look at something like Owncloud and/or Citadel. Given the current state of development in OpenBSD, I'm now wondering what the best way forward is for me: a) Install apache-httpd-openbsd from ports and keep my configuration basically as is Advantage: Less work to get everything running - I've done OpenBSD re-installs like that several times over the past years Disadvantage: I guess that the new httpd will get a lot more developer attention, so this does not seem the ideal option longterm, but I could always migrate to httpd later, e.g. when upgrading to 5.7 or (more likely) 5.8 b) Migrate to nginx This seems to be the least interesting option - not only do I have to migrate now, but once more in the future, as nginx is also on the way out (so, the same developer attention caveat applies as with apache) c) Migrate to httpd From what I've gathered so far from this list, this would basically require me to switch to -current, as the 5.6 version is too fresh and too many changes have happened since - or am I being pessimistic here? I've never run -current before, hence, I'm a bit hesitant... I tend to go for a) because I do not want to migrate twice - but maybe somebody else has some interesting points that I have not considered yet? I'd appreciate the input! Regards, Thomas -- - Thomas Ribbrockhttp://www.ribbrock.org/ You have to live on the edge of reality - to make your dreams come true!
Re: mac mini
Doug Hardie writes: On 20 November 2013, at 10:09, Friedrich Locke friedrich.lo...@gmail.com wrote: Does anyone here run Open/FreeBSD on mac mini ? Does the OS fully supports macmini hadrwared ? I have a couple production servers using Minis running FreeBSD 9.1 and 9.2. Check the archives as I posted the procedures I used to install. Some current Minis require a bit of horsing around to get networking to work. I have never used a windowing system on them. I only use a dumb terminal for initial setup and then SSH in after that. I've been running FreeBSD on a 2008 Intel 8-core Mac Pro (the tower) for years, just bumped it up to the current 10-BETA3 (now that Andriy solved the ZFS/mmap bug I was fighting and I can trust my flac tagging pipeline again). Works great. I'm running the gnome desktop using the nvidia binary distribution to drive a 30 Dell monitor. Root on Zfs, two disk mirror. Swapping directly onto partitions, no mirror or ZFS involved. I'm still depending on the BIOS emulation to boot and it only gets triggered if you use MBR formatted disks, not GPT. That confused the daylights out of me for a bit. I'm not sure if the EFI (?) boot stuff works or not. One time out of 4 it hangs early in the kernel starting up. Never cared enough to get help tracking it down. g.
Re: Precisions on ZFS (was: Millions of files in /var/www inode / out of space issue.)
On Sat, Feb 23, 2013 at 1:59 AM, Miod Vallat m...@online.fr wrote: Please, please, please, can someone port ZFS, just to end this endless thread...? Please someone port HAMMER instead. We are only interested in free software, with no strings attached. YAY!!! http://leaf.dragonflybsd.org/mailarchive/users/2012-02/msg00020.html
Microsoft is Propping Up BSD
http://techrights.org/2012/07/12/microsoft-and-bsd/
Re: Microsoft is Propping Up BSD
On Mon, Jul 16, 2012 at 1:30 PM, Christer Solskogen christer.solsko...@gmail.com wrote: On Mon, Jul 16, 2012 at 8:08 AM, Siju George sgeorge@gmail.com wrote: http://techrights.org/2012/07/12/microsoft-and-bsd/ It might have something to do with this: http://blogs.technet.com/b/openness/archive/2012/05/10/freebsd-support-on-windows-server-hyper-v.aspx I think it might have more on bashing OpenBSD because one of the links go to http://techrights.org/2008/02/04/civitl-wars-in-free-software/ -- chs,
Re: OpenBSD forked
On Sun, Jun 17, 2012 at 2:45 AM, Theo de Raadt dera...@cvs.openbsd.org wrote: They started the fork because they got kicked out because one developer (Marco) hired 5 other developers for his startup company, and attempted to hire around 10 other developers in a sneaky and underhanded way. What about http://aeriebsd.org/about.html ? Thanks Siju
Re: wifi firmware for lenovo thinkpad E420
On Fri, May 11, 2012 at 12:11 AM, Henning Brauer lists-open...@bsws.de wrote: I have one of these somewhere - basically, all that is needed is a pci attachment for the existing urtwn. shouldn't be too hard, but as usual - somebody has to do it. Hope somebody does this for 5.2 :-) Thanks --Siju
IPs in the facebook.com domain accessing OpenSBD firewall
Hi, This traffic is blocked on the external interface of the firewall. May 17 11:34:56.013614 rule 7/(match) block in on em1: 66.220.151.124.47369 xxx.yyy.ddd.zzz.53: 58106 NS? . (19) May 17 11:34:56.763086 rule 7/(match) block in on em1: 66.220.151.124.47369 xxx.yyy.ddd.zzz.53: 58107 NS? . (19) May 17 11:34:57.513318 rule 7/(match) block in on em1: 66.220.151.124.47369 xxx.yyy.ddd.zzz.53: 58108 NS? . (19) May 17 11:45:37.720155 rule 7/(match) block in on em1: 69.171.243.241 xxx.yyy.ddd.zzz: icmp: echo request May 17 11:45:39.213492 rule 7/(match) block in on em1: 69.171.243.241.52370 xxx.yyy.ddd.zzz.53: 33246 NS? . (19) May 17 11:49:39.746886 rule 7/(match) block in on em1: 69.171.228.232 xxx.yyy.ddd.zzz: icmp: echo request May 17 11:49:41.242588 rule 7/(match) block in on em1: 69.171.228.232.59470 xxx.yyy.ddd.zzz.53: 33554 NS? . (19) xxx.yyy.ddd.zzz is our firewall IP 66.220.151.124, 69.171.243.241, 69.171.228.232 are IPs from facebook.com domain as ip2location reports. Why should facebook servers access my firewall? They ping my firewall and try to use our internal DNS server DNS server which is not mentioned in any public NS record? I wonder if these machines in the facebook.com domain are infected with some malware bots? Oris it part of their security checks or something? Any body any idea? Thanks Siju