Re: No internet connection (firewall block)

[George]

On 2024-04-12 13:04, Karel Lucas wrote:

Hi all,

Traceroute still won't work. I'm playing around with the rules and 
wondering what's right and what's wrong with the traceroute rules. Can 
anyone give me some starting points here?



Start with: tcpdump -nettti pflog0. Adjust to suit your needs etc..





/etc/pf.conf:

ext_if = igc0 # Extern interface
int_if = "{ igc1, igc2 }" # Intern interfaces
localnet = "192.168.2.0/24"
tcp_services = "{ smtp, domain, www, auth, http, https, pop3, pop3s }"
udp_services = "{ domain, ntp }"
email = "{ smtp, imap, imaps, imap3, pop3, pop3s }"
icmp_types = "{ echoreq, unreach }"
icmp6_types = "{ echoreq, unreach }"
nameservers = "{ 195.121.1.34, 195.121.1.66 }"
client_out = "{ ssh, domain, pop3, auth, nportntp, http, https, \
                      446, cvspserver, 2628, 5999, 8000, 8080 }"
Martians = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \
                    10.0.0.0/8, 169.254, 0.0/16, 192.0.2.0/24, \
                    0.0.0.0/8, 240.0.0.0/4 }"

set skip on lo
# By default, do not permit remote connections to X11
block return in on ! lo0 proto tcp to port 6000:6010

block log all                # block stateless traffic

block in quick on $ext_if from $martians to any
block out quick on $ext_if from any to $martians

# Letting ping through:
pass log on inet proto icmp icmp-type $icmp_types
pass log on inet6 proto icmp6 icmp6-type $icmp6_types

# Allow out the default range for traceroute(*):
# "base+nhops*nqueries-1" (3434+64*3-1)
pass in  on $ext_if inet proto udp to port 33433:33626   # for IPv4
pass log out on $ext_if inet proto udp to port 33433:33626   # for IPv4
pass in on $ext_if inet6 proto udp to port 33433:33626   # for IPv6
pass log out on $ext_if inet6 proto udp to port 33433:33626  # for IPv6

Re: Not bootable after successfull fresh install

[George]

On 2023-03-06 07:55, Francois Pussault wrote:

using installboot  manually gave answer files are not given so ISO are faulted

Using / as rootinstalling bootstrap on /dev/rsd2cusing first-stage 
/usr/mdec/biosboot, second-stage /usr/mdec/bootinstallboot: /usr/mdec/biosboot: 
No such file or directory

Le 6 mars 2023 à 12:56, Francois Pussault  a écrit :
hello,

used all from https://www.openbsd.org/faq/faq4.html#Download
but no image iso/img/netimage/etc... (7.2) failed install  all are working 
perfectly   therefore reboot cannot be done  after the install process

it looks like it wrote the MBR nowhere or in ram or something similar  or 
install media itself  maybe.
how to force install of it properly on MBR on SDx choosen by me

get the standard "no OS found" error from bios


Hello Francois,

Please, make sure you pick the right disk at the prompt, not you can 
enter ? to get the list and judge by the size whether it is the right 
one usually sd0. You need to write the MBR to it.


Usually following the prompts exactly (i.e. no customizations) will 
result in a full install which works right of the bat. I use the 
install72.img installer normally.


Please post all commands and output errors and make sure your BIOS does 
not pose any restrictions (UEFI you'll need UEFI partition, etc..).


Good luck.

George




Cordialement

Francois Pussault
10 chemin de négo saoumos
apt 202 - bat 2
31300 Toulouse
+33 6 17 230 820
fpussa...@contactoffice.fr

Cordialement
Francois Pussault
10 chemin de négo saoumos
apt 202 - bat 2
31300 Toulouse
+33 6 17 230 820
fpussa...@contactoffice.fr

Re: httpd multiple site same address and port TLS issue

[George]

On 2022-08-29 05:50, Stuart Henderson wrote:

On 2022-08-29, George  wrote:

I am wish to run multiple site from the same IP and use different TLS
certs for each.

..

Problem is I get the certificate for the first declared
server each time unless I change the IP or port.

How are you testing? If you're using openssl s_client you need the
-servername option (though nc -vc is probably more convenient).


I am using a web browser and can view the cert and the corresponding 
error message.


netcat would be a good option too so thanks for the hint.

httpd multiple site same address and port TLS issue

[George]

Hi guys,

I am wish to run multiple site from the same IP and use different TLS 
certs for each.


Example:

server "example01.com" {

  listen on 1.2.3.4 port 80

  listen on 1.2.3.4 tls port 443

  tls {

    certificate "example01.com.fullchain.pem"

    key "example01.com.key"

  }

}

server "example02.com" {

  listen on 1.2.3.4 port 80

  listen on 1.2.3.4 tls port 443

  tls {

    certificate "example02.com.fullchain.pem"

    key "example02.com.key"

  }

}

Problem is I get the certificate for the first declared

server each time unless I change the IP or port.

Is it possible to have a configuration to serve different

servers on the same address and port with different

TLS certs?


Thanks in advance,

George

vlan autoconf fails to conf at boot

[George Morgan]

I created a hostname.vlan10 file which has a single line:

inet autoconf parent vge0 vnetid 10 lladdr ...

At boot the interface fails to configure but after boot I can login to the 
console and run "doas sh /etc/netstart" and the interface will configure.

What am I doing wrong?  Do I need to add something to rc.conf.local to force 
the parent to configure first?  The parent (vge0) has a static IPv4 address.

-- 
  George Morgan
  gmor...@fastmail.fm

Re: apu2 and Atheros WLE600VX not working

[George]

On 2021-06-30 8:01 a.m., Stefan Sperling wrote:

On Wed, Jun 30, 2021 at 07:45:13AM -0400, George wrote:

Hi thanks for the reply! How is the performance on the 200nx are you using
it as an access point i.e. router? How many antennas?

There is currently no way to run an AP on OpenBSD if you require performance
levels comparable to commercially available access points.

Regarding athn(4) in particular, there is no support for Tx aggregation and
there are unresolved bugs which prevent Tx rates at the upper end from working.
You can expect about 20 Mbit/s top, most likely less than that.
But it is fairly stable. If performance isn't your main concern it can be fine.

athn(4) only supports 2 antenna cards. Cards with 3 anntennas don't work yet.
If you can only connect one antenna you need to run this command to prevent
packet loss: ifconfig athn0 nwflag nomimo


Thanks for the informative and complete answer. I think I will resort to

using a cheap off the shelf router for the moment as 20Mb/s top means

a lot less average throughput making it kind of pointless as an AP.

Cheers,

George

Re: apu2 and Atheros WLE600VX not working

[George]

On 2021-06-30 3:29 a.m., Marcus MERIGHI wrote:

Hello!

g.lis...@nodeunit.com (George), 2021.06.30 (Wed) 01:41 (CEST):

I am running OpenBSD 6.9 the machine recognizes an earlier version of
the same wireless PCIe card, namely the WLE200NX but for some,
unknown to me reason, the WLE600VX is not recognized. I checked the
athn driver support for the chip set which should be AR9280 and it list it.
When I boot I get in dmesg:
"Atheros QCA986x/988x" rev 0x00 at pci1 dev 0 function 0 not configured

You have:
 https://www.pcengines.ch/wle600vx.htm
 Chipset Qualcomm Atheros QCA9882
 "Expect some pain, ath10k drivers required. Currently not
 supported by pfSense / OPNsense !"
 => GCA9882 is not in athn(4).

You want:
 https://www.pcengines.ch/wle200nx.htm
 Chipset Qualcomm Atheros AR9280.
 => AR9280 is in athn(4).

I have the latter and it works, in an apu2.
Hi thanks for the reply! How is the performance on the 200nx are you 
using it as an access point i.e. router? How many antennas?


Marcus

apu2 and Atheros WLE600VX not working

[George]

Hi guys,

I am running OpenBSD 6.9 the machine recognizes an earlier version of

the same wireless PCIe card, namely the WLE200NX but for some,

unknown to me reason, the WLE600VX is not recognized. I checked the

athn driver support for the chip set which should be AR9280 and it list it.

When I boot I get in dmesg:

"Atheros QCA986x/988x" rev 0x00 at pci1 dev 0 function 0 not configured

pcidump -v:

1:0:0: Atheros QCA986x/988x
  0x: Vendor ID: 168c, Product ID: 003c
  0x0004: Command: 0002, Status: 0010
  0x0008: Class: 02 Network, Subclass: 80 Miscellaneous,
    Interface: 00, Revision: 00
  0x000c: BIST: 00, Header Type: 00, Latency Timer: 00,
    Cache Line Size: 10
  0x0010: BAR mem 64bit addr: 0xfe20/0x0020
  0x0018: BAR empty ()
  0x001c: BAR empty ()
  0x0020: BAR empty ()
  0x0024: BAR empty ()
  0x0028: Cardbus CIS: 
  0x002c: Subsystem Vendor ID:  Product ID: 
  0x0030: Expansion ROM Base Address: fe40
  0x0038: 
  0x003c: Interrupt Pin: 01 Line: 00 Min Gnt: 00 Max Lat: 00
  0x0040: Capability 0x01: Power Management
    State: D0

  0x0050: Capability 0x05: Message Signalled Interrupts (MSI)
    Enabled: no
  0x0070: Capability 0x10: PCI Express
    Max Payload Size: 256 / 256 bytes
    Max Read Request Size: 512 bytes
    Link Speed: 2.5 / 2.5 GT/s
    Link Width: x1 / x1

fw_update:

Path to firmware: http://firmware.openbsd.org/firmware/6.9/
Installed: vmm-firmware-1.11.0p3
Installed, extra: athn-firmware-1.1p4

Does anyone have this WLE600VX card working on OpenBSD?

Thanks in advance,

Cheers,

George

Re: Usage of .note.openbsd.ident

[George Brown]

Thank you for the reply, I was just curious.

On Thu, 27 May 2021 at 04:21, Philip Guenther  wrote:
>
> On Fri, May 21, 2021 at 5:28 AM George Brown <321.geo...@gmail.com> wrote:
>>
>> It seems this ELF note was used for the now dead compat_linux feature.
>> Aside from compat systems in other operating systems that may wish to
>> identify OpenBSD binaries does this note have any other active uses?
>
>
> The point of the note (and/or the OS/ABI field in the ELF header) is to 
> permit portable ELF tools to identify how to interpret OS-specific values, 
> those in the OS-ranges for types, for example.  Not inserting _some_ 
> identifying factor is basically doing an embrace-and-extend on ELF and 
> actively hostile to portability of tooling.
>
> If you find that ELF note obnoxious, just fix the linkers to instead set the 
> ELF ABI field correctly.  As I understand it, the 'go' tool chain has done 
> that for years.  It's really the better choice for this, would take less 
> space and be faster to process.
>
>
> Philip Guenther
>

Usage of .note.openbsd.ident

[George Brown]

It seems this ELF note was used for the now dead compat_linux feature.
Aside from compat systems in other operating systems that may wish to
identify OpenBSD binaries does this note have any other active uses?

Re: Split-horizon dns

[George]

Hi,

Yes use PF to separate your clients on the routing machine and then use 
the server with the proper DB.


HTH

On 2021-03-25 6:52 a.m., Родин Максим wrote:

Hello,
Is there a way to do split horizon dns using NSD?
I did not find anything similar in man nsd.conf

Re: Alpine-virt vmd guest tsc directive

[George]

On Mon, 29 Jun 2020 14:53:52 -0700
Mike Larkin  wrote:

> On Mon, Jun 29, 2020 at 08:25:19PM +, Martin wrote:
> > Setting up Debian as vmm guest is not a trivial procedure and
> > require Debian Linux host with KVM installed first to install your
> > guest with screen connected. 
> 
> Why do you believe this? Setting up debian in vmm is not any harder
> than setting up any other distribution. You just need to make sure to
> use their install iso that includes virtio. I think I used the
> minimal install iso (can't recall the name, might have even been the
> netinst one).

I did try netinstall and netboot for Ubuntu all with the same result,
namely the installer starts and I can see the first curses screen and
then I can pick one of the options but no matter which one I do it all
ends up the same freezes or errors out:

https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-10.4.0-amd64-netinst.iso

This one led to the same issue:


  ++
  |  Debian GNU/Linux installer menu (BIOS mode)  |
  ||
  | Graphical install  |
  | Install|
  | Advanced options > |
  | Accessible dark contrast installer menu  > | 
  | Help   |
  | Install with speech synthesis  |
  ||
  ||
  ||
  ||
  ||
  ||
  ++

   Press ENTER to boot or TAB to edit a menu entry

Undefined video mode number: 314 
Press  to see video modes available,  to continue, or
wait 30 sec Mode: Resolution:  Type: 
0 F00   80x25  CGA/MDA/HGC
Enter a video mode or "scan" to scan for additional modes:  

and then I cannot type or do anything at all..

I was doing all the setup on OpenBSD 6.7 stable.
Cheers,
George

> 
> > Once you have your host ready with KVM run a command to set iso up:
> >
> > qemu-img create -f qcow2 linux.qcow2 128G
> >
> > kvm -enable-kvm -vnc 127.0.0.1:0 -k en-us -monitor pty -m 2048 -net
> > nic -net user -soundhw all -cdrom debian-linux.iso -boot -d -name
> > linux -hda linux.qcow2
> >
> > Install it and run the machine with VNC connection
> >
> > kvm -enable-kvm -vnc 127.0.0.1:0 -k en-us -nographic -monitor pty
> > -m 2048 -net nic -net user -soundhw all -boot -d -name linux -hda
> > linux.qcow 
> 
> You don't need to do any of this.
> 
> -ml
> 
> > Onece you do it please mail me back, I'll share next steps
> > somewhere.
> >
> > Martin
> >
> > ‐‐‐ Original Message ‐‐‐
> > On Monday, June 29, 2020 7:53 PM, George 
> > wrote: 
> > > On 2020-06-29 12:54 p.m., Martin wrote:
> > >  
> > > > George, thanks for your feedback!
> > > > I'd prefer OpenBSD in 99% of situations, but now I need to roll
> > > > out Docker. Docker = linux. So I have to solve all the major
> > > > issues, especially with clock, and run it for a project using
> > > > OpenBSD host of course.  
> > >
> > > Work is an imposed 'choice' ;) and yes that is where
> > > virtualization shines a little light in the tunnel.
> > >  
> > > > I set vmd Debian desktop guest a year ago with 5.2.x kernel
> > > > which boots headless on vmd. Virtual framebuffer used for VNC
> > > > connection from the same OpenBSD host by vnc viewer. Works
> > > > perfectly, except clock...  
> > >
> > > I would be interested in any instructions you might have on
> > > setting that up. 
> > > > Currently, rebuilt kernel and vmd from -current. Going to make
> > > > 5.4.x related vmm_clock module for minimalist Alpine-virt Linux
> > > > guest. I'll report about results once done.  
> > >
> > > That would be great.
> > >
> > > Thanks.
> > >  
> > > > Martin
> > > > ‐‐‐ Original Message ‐‐‐
> > > > On Monday, June 29, 2020 4:21 PM, George g.lis...@nodeunit.com
> > > > wrote: 
> > > > > On 2020-06-29 8:51 a.m., Martin Sukany wrote:
> > > > >  
> > > 

Re: Alpine-virt vmd guest tsc directive

[George]

On 2020-06-29 12:54 p.m., Martin wrote:

George, thanks for your feedback!

I'd prefer OpenBSD in 99% of situations, but now I need to roll out Docker. 
Docker = linux. So I have to solve all the major issues, especially with clock, 
and run it for a project using OpenBSD host of course.



Work is an imposed 'choice' ;) and yes that is where virtualization 
shines a little light in the tunnel.





I set vmd Debian desktop guest a year ago with 5.2.x kernel which boots 
headless on vmd. Virtual framebuffer used for VNC connection from the same 
OpenBSD host by vnc viewer. Works perfectly, except clock...



I would be interested in any instructions you might have on setting that up.





Currently, rebuilt kernel and vmd from -current. Going to make 5.4.x related 
vmm_clock module for minimalist Alpine-virt Linux guest. I'll report about 
results once done.



That would be great.

Thanks.




Martin

‐‐‐ Original Message ‐‐‐
On Monday, June 29, 2020 4:21 PM, George  wrote:


On 2020-06-29 8:51 a.m., Martin Sukany wrote:


Hi George,
did you solved the issue? I remember that I faces similar thing when I 
installed headless ubuntu as a guest … My issue was related to the fact that I 
used ‚boot cdrom‘ directive inside my configuration (seems that there is a bit 
inconsistency between the man page and the real configuration).
This is is a relevant piece of my config:
vm "ubuntu" {
memory 2G
cdrom /data/vms/_iso/mini-serial.iso
disk /data/vms/ubuntu.raw
interface tap { switch "uplink" }
disable
}
I had bad experience with usage of qcow2 disk format for Linux based guests — 
especially when you’re trying to do dozens of I/O operations — several disk 
containers crashed before I migrated them to raw format.
if you have more than 4 vms, don’t forget to create another /dev/tap device, 
otherwise you could expect the unexpectable behaviour :)
M>

Hello Martin,

Thanks for the pointers. I abandoned my Linux efforts, too many issue
and things to learn no time now. My goals could be satisfied by an
OpenBSD VM and it is much better than most Linuxes ;). I have been
swimming against the current (read using things/software/apis/os/tools
etc. when people said it is not what is supposed to be done) but as of
late I find it more relaxing going with it ;).

Virtualization is such a ... mess which like everything else in our
lives nowadays is designed to cover another mess ... I want to run Linux
software on OpenBSD because I don't want to dedicate a machine to Linux
and want to upgrade or run the version I want until I want ... I should
be free to make that choice because of "I", sarcastic here, problem is
CPU vendors and OS developers have to jump some hoops and add some
features to make it happen ... and then things happen that the I does
not like.

Thanks for adding this info albeit to the wrong thread, I read it
because I like Alpine and was thinking of it myself, but they don't have
a ready console install version do they?

Cheers,

George


Hi guys,
I apologize if this maybe out of topic even though it is truly related
to VMM than Debian.
I am trying to setup a VMM Debian based guest but I'm not able to get it
to work. I found some description on the web about which settings to
edit in grub.cfg to enable the serial console and created a VM with 10.3
in qcow2 disk format in KVM. Now I am trying to start the same on
OpenBSD 6.7 but keep getting the connected message and then just
"Rebooting " after I hit some keyboard keys seems like baud rate issue
but not sure.
After messing with it for a while now I am getting a new error:
vmctl: could not open disk image(s)
even thought the disk is there and readable to the user I have setup in
vm.conf in fact I have another VM with the same configuration and disk
with the same permissions and in the same location that works (it is
OpenBSD based).
I would greatly appreciate it if someone has gone this path and can
share some config info with me.
Cheers and thanks in advance,
George

Re: Alpine-virt vmd guest tsc directive

[George]

On 2020-06-29 8:51 a.m., Martin Sukany wrote:

Hi George,

did you solved the issue? I remember that I faces similar thing when I 
installed headless ubuntu as a guest … My issue was related to the fact that I 
used ‚boot cdrom‘ directive inside my configuration (seems that there is a bit 
inconsistency between the man page and the real configuration).

This is is a relevant piece of my config:
vm "ubuntu" {
 memory 2G
 cdrom /data/vms/_iso/mini-serial.iso
 disk /data/vms/ubuntu.raw
 interface tap { switch "uplink" }
 disable
}


I had bad experience with usage of qcow2 disk format for Linux based guests — 
especially when you’re trying to do dozens of I/O operations — several disk 
containers crashed before I migrated them to raw format.

if you have more than 4 vms, don’t forget to create another /dev/tap device, 
otherwise you could expect the unexpectable behaviour :)

M>


Hello Martin,

Thanks for the pointers. I abandoned my Linux efforts, too many issue 
and things to learn no time now. My goals could be satisfied by an 
OpenBSD VM and it is much better than most Linuxes ;). I have been 
swimming against the current (read using things/software/apis/os/tools 
etc. when people said it is not what is supposed to be done) but as of 
late I find it more relaxing going with it ;).


Virtualization is such a ... mess which like everything else in our 
lives nowadays is designed to cover another mess ... I want to run Linux 
software on OpenBSD because I don't want to dedicate a machine to Linux 
and want to upgrade or run the version I want until I want ... I should 
be free to make that choice because of "I", sarcastic here, problem is 
CPU vendors and OS developers have to jump some hoops and add some 
features to make it happen ... and then things happen that the I does 
not like.


Thanks for adding this info albeit to the wrong thread, I read it 
because I like Alpine and was thinking of it myself, but they don't have 
a ready console install version do they?


Cheers,

George





Hi guys,

I apologize if this maybe out of topic even though it is truly related
to VMM than Debian.

I am trying to setup a VMM Debian based guest but I'm not able to get it
to work. I found some description on the web about which settings to
edit in grub.cfg to enable the serial console and created a VM with 10.3
in qcow2 disk format in KVM. Now I am trying to start the same on
OpenBSD 6.7 but keep getting the connected message and then just
"Rebooting " after I hit some keyboard keys seems like baud rate issue
but not sure.

After messing with it for a while now I am getting a new error:

vmctl: could not open disk image(s)

even thought the disk is there and readable to the user I have setup in
vm.conf in fact I have another VM with the same configuration and disk
with the same permissions and in the same location that works (it is
OpenBSD based).

I would greatly appreciate it if someone has gone this path and can
share some config info with me.

Cheers and thanks in advance,

George

Re: OpenBSD alternatives to Pi-Hole

[George]

On 2020-06-15 11:52 a.m., Jon Tabor wrote:

On Fri, Jun 12, 2020 at 04:33:08PM -0700, Jordan Geoghegan wrote:


On 2020-06-12 14:01, George wrote:

On 2020-06-12 3:41 p.m., Maurice McCarthy wrote:

You could have a look at
https://www.geoghegan.ca/unbound-adblock.html and
https://www.geoghegan.ca/pfbadhost.html

Simply great! Will definitely try these out.

Merci!

George


Hey there,

I'm the author of those scripts. In response to concerns about
heavyness/memory use of DNS blocklists:  unbound-adblock is pretty light on
memory (~30MB of RAM usage) as we serve NXDOMAIN responses instead of
redirecting to 0.0.0.0 etc. By doing this we save a massive amount of memory
that would otherwise be spent mapping each domain to a black hole address. I
run unbound-adblock on many Edgerouter Lites and havent had any issues.

Regards,

Jordan Geoghegan

I'm using these scripts (or a version of them; I've had them in for a
while), and it's using NXDOMAIN which loads way faster and uses a lot
less memory.  I also slightly tweaked the script I have to include a
whitelist file, as my wife keeps finding sites that simply won't work
properly. It simply calls sed to remove lines from the
unbound-adhosts.conf file

Works great.  I also set up pf to redirect all DNS queries to my local
instance of unbound, so you can't easily bypass it (unless you use DNS
over HTTPS).

Jon Tabor
tab...@obsolete.site


Thanks for sharing, this is good to know!

Re: VMM Debian guest serial setup help needed

[George]

On 2020-06-12 11:17 a.m., George wrote:


On 2020-06-10 4:15 p.m., Benjamin Baier wrote:

On Wed, 10 Jun 2020 14:36:46 -0400
George  wrote:


Hi guys,

I apologize if this maybe out of topic even though it is truly related
to VMM than Debian.

I am trying to setup a VMM Debian based guest but I'm not able to 
get it

to work. I found some description on the web about which settings to
edit in grub.cfg to enable the serial console and created a VM with 
10.3

in qcow2 disk format in KVM. Now I am trying to start the same on
OpenBSD 6.7 but keep getting the connected message and then just
"Rebooting " after I hit some keyboard keys seems like baud rate issue
but not sure.

Don't need the KVM/qemu step.

Didn't know that was possible, much better thanks :)



After messing with it for a while now I am getting a new error:

vmctl: could not open disk image(s)

Better start over.

And so I did ...



even thought the disk is there and readable to the user I have setup in
vm.conf in fact I have another VM with the same configuration and disk
with the same permissions and in the same location that works (it is
OpenBSD based).

I would greatly appreciate it if someone has gone this path and can
share some config info with me.

Here is how I got debian 9 (stretch) installed.
http://www.netzbasis.de/openbsd/vmd-debian/index.html
I think the virtio-modules are now included in the debian 10 (buster)
installer, but not tested.

I am trying your preped boot.img so far going through install options 
most of which lead to:


Loading linux... ok
Loading initrd.gz...ok
Probing EDD (edd=off to disable)... ok
Undefined video mode number: 314
Press  to see video modes available,  to continue, or 
wait 30 sec

Mode: Resolution:  Type:
0 F00   80x25  CGA/MDA/HGC
Enter a video mode or "scan" to scan for additional modes:

trying Install which I thought would be best (2-nd one after Graphical 
Install) hangs with:


[    0.00] ACPI BIOS Error (bug): A valid RSDP was not found 
(20160831/tbxfroot-244)

[    0.806052] Initramfs unpacking failed: write error
[    0.814403] [Firmware Bug]: cpu 0, invalid IBS interrupt offset 0 
(MSRC001103A=0x)

[    1.852264] mce: Unable to init device /dev/mcelog (rc: -5)

Thanks for your help and the page!



I tried a few more times still no luck. What is the key combination I 
need to use to get into a shell to load the modules. Hitting Esc puts me 
into boot> program which does not understand module handling etc.. and 
the menu does not let me to run a shell. I am missing something ...?


Thanks!




Cheers,

George

Re: OpenBSD alternatives to Pi-Hole

[George]

On 2020-06-12 3:41 p.m., Maurice McCarthy wrote:

You could have a look at https://www.geoghegan.ca/unbound-adblock.html and
https://www.geoghegan.ca/pfbadhost.html


Simply great! Will definitely try these out.

Merci!

George

Re: OpenBSD alternatives to Pi-Hole

[George]

On 2020-06-12 3:57 p.m., Daniel Jakots wrote:

On Fri, 12 Jun 2020 21:51:50 +0200, fRANz
 wrote:


On Fri, Jun 12, 2020 at 9:35 PM Daniel Jakots  wrote:


I have a script that fetches the block list and put it in a unbound
format. It's in a special unbound config file that I include in my
unbound.conf. This has way fewer features than pihole though so it
depends on what you want/need.

May I ask the average file size of your unbound zones?
I do the same on my APU4 (4GB version, OpenBSD v6.7) but for huge file
zones I got unbound timeout during zone loading.

I have only one file and it's 4.6M/111246 lines. It takes a while to
start: I just timed it and it took 12s. It runs on a APU2C2 (iirc, but
it has for sure 2G of ram).


Wow that seems kind of hungry... :)

I was planning on running this as a service in VM so I can move it when 
I am upgrading etc.. anyway will give this a shot. @Daniel: Would you 
care sharing a link to your script or is it not BSD licensed?


Thanks guys!

OpenBSD alternatives to Pi-Hole

[George]

Hi guys,

I am trying to setup a Pi-Hole service, i.e. add blocking based on empty 
DNS records zones files, for my local LAN and would like to ask what 
people are using on OpenBSD in this role?


Thanks in advance,

George

Re: VMM Debian guest serial setup help needed

[George]

On 2020-06-10 4:29 p.m., Tom Smyth wrote:

Hi George,
a reboot on a serial console is probably due to the serial console speeds
miss matching, between your
console client and the console on the guest.

make sure you are setting the console speed / parity, etc also

this issue happens frequently also when booting the  PC Engines board where
the bios runs at 115200 baud , N 8 1
and then the OpenBSD Console changes to 9600 N 8 1 during boot (defaults on
installxx.fs / installxx.img

hope this helps
Tom Smyth


Thanks Tom! I agree I have seen this reboot behavior on apu's and a 
soekris device(s), but I am setting the rate properly or so I believe 
anyway. The trick with the install on APU's is to set the baud rate at 
install time along with the console port:


stty com0 19200
set tty com0

Here though I have preinstalled and pre-build the OS and updated the 
GRUB config to use the console to send boot and other messages 
unfortunately apparently not really ...





On Wed, 10 Jun 2020 at 21:01, George  wrote:


Hi guys,

I apologize if this maybe out of topic even though it is truly related
to VMM than Debian.

I am trying to setup a VMM Debian based guest but I'm not able to get it
to work. I found some description on the web about which settings to
edit in grub.cfg to enable the serial console and created a VM with 10.3
in qcow2 disk format in KVM. Now I am trying to start the same on
OpenBSD 6.7 but keep getting the connected message and then just
"Rebooting " after I hit some keyboard keys seems like baud rate issue
but not sure.

After messing with it for a while now I am getting a new error:

vmctl: could not open disk image(s)

even thought the disk is there and readable to the user I have setup in
vm.conf in fact I have another VM with the same configuration and disk
with the same permissions and in the same location that works (it is
OpenBSD based).

I would greatly appreciate it if someone has gone this path and can
share some config info with me.

Cheers and thanks in advance,

George

Re: VMM Debian guest serial setup help needed

[George]

On 2020-06-10 4:18 p.m., Dave Voutila wrote:

George writes:


Hi guys,

I apologize if this maybe out of topic even though it is truly related
to VMM than Debian.

I am trying to setup a VMM Debian based guest but I'm not able to get
it to work. I found some description on the web about which settings
to edit in grub.cfg to enable the serial console and created a VM with
10.3 in qcow2 disk format in KVM. Now I am trying to start the same on
OpenBSD 6.7 but keep getting the connected message and then just
"Rebooting " after I hit some keyboard keys seems like baud rate issue
but not sure.

Not baudrate related, but there are some known issues in OpenBSD 6.7
related to the emulated uart device in vmd(8). (I have a patch if you
follow -current[1] that fixes stability issues.)

Oh-oh didn't know of those :). No I am not following current, unfortunately.


My advice is to install using vmm(4)/vmd(8) and not migrate an image
from KVM. I believe Debian started including the virtio cdrom drivers
finally...but, if not, google for some guides on adding those to the
iso.

This sounds good, will try it next.


Make sure you install OpenSSH and rely on ssh(1) connections to the guest.

As soon as you can, modify the grub defaults in /etc/default/grub and
set the GRUB_CMDLINE_LINUX_DEFAULT to include:

   tsc=reliable tsc=noirqtime console=ttyS0,115200

Make sure to run update-grub afterwards.

You mean grub-mkconfig?


You'll probably have a bad time with your clock, though Debian use a 4.x
kernel, so it won't be too bad and may manage using tsc as a
clocksource. Otherwise expect refined-jiffies as the clocksource and it
may run at a rate of 50% of host time.
I wish I could get to that point... hehe. Does this mean that the CPU 
will tick at a rate half the main processor? That means performance /2 
...???


I recommend you also build and install my Linux clone of vmmci(4)[2]
within the Debian guest if you want safe guest shutdowns.

Will do once I get there.



After messing with it for a while now I am getting a new error:

vmctl: could not open disk image(s)

even thought the disk is there and readable to the user I have setup
in vm.conf in fact I have another VM with the same configuration and
disk with the same permissions and in the same location that works (it
is OpenBSD based).

Use top(1) showing threads and command line args: top -C -g vmd

Chances are you have a lingering vmd(8) process for the Debian guest
using the disk. Kill -9 the one with the vm name.

That is an excellent point never checked...



I would greatly appreciate it if someone has gone this path and can
share some config info with me.

Cheers and thanks in advance,

George

[1] https://sisu.io/patches/vmd-thread-safety-07062020-v1.patch
[2] https://github.com/voutilad/virtio_vmmci


Thanks Dave, this is really appreciated. You have given me more 
information to go on.


Cheers,

George



-Dave

Re: VMM Debian guest serial setup help needed

[George]

On 2020-06-10 4:15 p.m., Benjamin Baier wrote:

On Wed, 10 Jun 2020 14:36:46 -0400
George  wrote:


Hi guys,

I apologize if this maybe out of topic even though it is truly related
to VMM than Debian.

I am trying to setup a VMM Debian based guest but I'm not able to get it
to work. I found some description on the web about which settings to
edit in grub.cfg to enable the serial console and created a VM with 10.3
in qcow2 disk format in KVM. Now I am trying to start the same on
OpenBSD 6.7 but keep getting the connected message and then just
"Rebooting " after I hit some keyboard keys seems like baud rate issue
but not sure.

Don't need the KVM/qemu step.

Didn't know that was possible, much better thanks :)



After messing with it for a while now I am getting a new error:

vmctl: could not open disk image(s)

Better start over.

And so I did ...



even thought the disk is there and readable to the user I have setup in
vm.conf in fact I have another VM with the same configuration and disk
with the same permissions and in the same location that works (it is
OpenBSD based).

I would greatly appreciate it if someone has gone this path and can
share some config info with me.

Here is how I got debian 9 (stretch) installed.
http://www.netzbasis.de/openbsd/vmd-debian/index.html
I think the virtio-modules are now included in the debian 10 (buster)
installer, but not tested.

I am trying your preped boot.img so far going through install options 
most of which lead to:


Loading linux... ok
Loading initrd.gz...ok
Probing EDD (edd=off to disable)... ok
Undefined video mode number: 314
Press  to see video modes available,  to continue, or wait 
30 sec

Mode: Resolution:  Type:
0 F00   80x25  CGA/MDA/HGC
Enter a video mode or "scan" to scan for additional modes:

trying Install which I thought would be best (2-nd one after Graphical 
Install) hangs with:


[    0.00] ACPI BIOS Error (bug): A valid RSDP was not found 
(20160831/tbxfroot-244)

[    0.806052] Initramfs unpacking failed: write error
[    0.814403] [Firmware Bug]: cpu 0, invalid IBS interrupt offset 0 
(MSRC001103A=0x)

[    1.852264] mce: Unable to init device /dev/mcelog (rc: -5)

Thanks for your help and the page!

Cheers,

George

VMM Debian guest serial setup help needed

[George]

Hi guys,

I apologize if this maybe out of topic even though it is truly related 
to VMM than Debian.


I am trying to setup a VMM Debian based guest but I'm not able to get it 
to work. I found some description on the web about which settings to 
edit in grub.cfg to enable the serial console and created a VM with 10.3 
in qcow2 disk format in KVM. Now I am trying to start the same on 
OpenBSD 6.7 but keep getting the connected message and then just 
"Rebooting " after I hit some keyboard keys seems like baud rate issue 
but not sure.


After messing with it for a while now I am getting a new error:

vmctl: could not open disk image(s)

even thought the disk is there and readable to the user I have setup in 
vm.conf in fact I have another VM with the same configuration and disk 
with the same permissions and in the same location that works (it is 
OpenBSD based).


I would greatly appreciate it if someone has gone this path and can 
share some config info with me.


Cheers and thanks in advance,

George

Continuation of stopped process in tmux

[George Brown]

It appears in handling SIGCHLD if the child is stopped due to SIGTSTP
or SIGSTOP then it is continued. Indeed screen appears to do the same.
Could someone kindly explain to me why this is done?

I ask as dvtm (another terminal multiplexer) hits an issue on MacOS
where what would be called "panes" in tmux parlance hang on the shell
exit due to being stopped. As to why the shells end up stopped on MacOS
is something I've yet to fiugre out.

Many thanks,
George

Re: routing traffic to transparent squid cluster

[George]

On Thu, 9 Aug 2018 15:59:32 +0200
Joerg Streckfuss  wrote:

> Dear list,
> 
> i'm playing around with a squid setup, where the http traffic from a
> client is transparently routed from the gateway (openbsd 6.3) to two
> squid caches (squid 3.5.28). This means the caches are _not_ placed
> on the gateway.
> 
> With PF this is very easy to achieve:
> 
> pass in quick on $INT_IF inet proto tcp from $CLIENT to any port 80 \
>  route-to { ( $DMZ_IF $SQUID_1), (trunk2 SQUID_2) } least-states
> 
> So far, so good. My next goal is redundancy. In other words the
> gateway should stop routing traffic to an unreachable cache. Imho I
> thought this is very easy to achieve with the help of relayd.
> 
> To map the upper PF rule to a fully redundant setup, I tried
> something like this:
> 
> PF:
> pass in quick on $INT_IF inet proto tcp from $CLIENT to any port http
> \ divert-to 127.0.0.1 port 3130
> 
> Relayd:
> relay webproxy_3130 {
>  listen on 127.0.0.1 port 3130
>  transparent forward to  port 80 check tcp mode
> loadbalance }
> 
> But of course this doesn't work because the relay translates the
> destination address which it should not. I didn't found any options
> like a pf route-to for relays and think it wouldn't make much sense
> in the context of relays. Relayd supports a route-to option for
> redirects but I dind't found a working configuration.

Hi there,

I believe you may be looking for a redirect not a relay. It all really
depends on your network topology and what you are trying to do but in
general something like this is what you are looking at:

browser --- > gateway (relayd) > proxy (squid etc.)

proxy ---> gateway (pf/nat) ---> internet (whatever the world has to
offer...)

internet ---> gateway (pf/nat) ---> proxy

proxy ---> gateway (relayd) ---> browser

I have not played or experimented with the setup you are working on but
I did buy the excellent Michael W Lucas book "Relayd and Httpd"
Mastery(https://mwl.io/nonfiction/tools) which I am reading at the
moment and can tell you that there are 2 ways of doing things with
relayd one is redirect (i.e. send request somewhere else while checking
availability and state of redundant set/table and let the communication
happen between the 2 parties after that) or relay play a MIT role and be
able to alter things in both directions of the communication where in
you are the one who can control certain aspects read packet content. I
see your setup is the latter which is more powerful and interesting but
maybe by design more difficult to get right, why don't you start with
the first redirect and see how far that gets you.

Cheers,
George

Re: Employers, Jobs and OpenBSD

[Siju George]

On Mon, Jul 16, 2018 at 12:58 PM Steve Litt 
wrote:

> On Fri, 13 Jul 2018 23:05:09 -0300
> >
> > If there is not reason for to learn use OpenBSD to find job, why use
> > OpenBSD?
>

I did not learn it to get a job. I used it in my job instead to get a
better network firewall than the M S Windows/Linux/FreeBSD variants. The
reasons for using OpenBSD can be gleaned from the OS website.

--Siju

Re: Wake-on-LAN from suspended state

[george]

On 25/04/18 07:55, Paul de Weerd wrote:

On Wed, Apr 25, 2018 at 02:27:44AM -0400, Jiri B wrote:
| On Tue, Apr 24, 2018 at 10:11:44PM +0200, Paul de Weerd wrote:
| > [...]
| > em0 at pci0 dev 25 function 0 "Intel I217-LM" rev 0x04: msi, address 
b8:ca:3a:93:03:e8
|
| IIUC em does not support WOL. Am I right?

Thanks Jiri, Daniel and one person who responded off-list.  I had
missed the ifconfig wol option, this does exactly what I want:

 wol Enable Wake on LAN (WoL).  When enabled, reception of a
 WoL frame will cause the network card to power up the
 system from standby or suspend mode.  WoL frames are sent
 using arp(8).


But indeed, as Jiri suggests, it seems that em(4) doesn't support WOL:

[weerd@pom] $ doas ifconfig em0 wol
ifconfig: SIOCSIFXFLAGS: Not supported

Thanks for all the replies!

Paul 'WEiRD' de Weerd


Hi Paul,

I see the same apparent lack of support but I've been using wol happily 
with em on both 6.2 and 6.3 i386 ...  I use it to wake up a box shutdown 
with "halt -p".


I don't remember doing anything clever and I can't see anything related 
in any config files.


Regards,
George.

KARL, config -e, syspatch difficulties

[george]

I have a Kettop box with J1900 cpu which is proving a bit of a pain.  I 
have very limited time (and knowledge) to spend on this but ...


It worked fine with 6.1 i386 (amd64 has been flaky at best with 6.1 and 
6.2, I haven't tried 6.3). With 6.2 although bsd.rd was fine to do a 
fresh install, booting with the installed kernel failed.


Eventually after much reading of mailing lists I realised it was the 
inteldrm driver and discovered "config -ef /bsd".  This fix didn't 
survive a reboot though and after more time and reading, I worked out 
what bsd.booted was and the effect KARL was having.


Next step was to disable KARL.  This doesn't seem to weaken my security 
to me as the only time the box is rebooted is after an upgrade to a new 
version or with syspatch and it's easy enough to relink once and then 
disable it again.  Then I spotted that syspatch doesn't actually update 
the installed kernel if KARL is disabled.  That was easy enough to work 
round with a trivial script.


Finally my question - have I understood what's going on and is this all 
intended?  I couldn't find anything documented (reading the source is 
beyond me I'm afraid) about these interactions.


I suspect the "right" way to deal with my problem would be to compile my 
own kernel but I am trying to avoid having to do this.  I couldn't find 
any other way to disable a driver on boot.


By the time I had enough idea what was going on to think about filing a 
bug 6.3 was getting close and I had read messages (can't remember if on 
misc or bugs) that said that inteldrm had been fixed.  If it would help 
I can open or add to a bug.


Regards,
George.

Re: Black screen when starting Xorg with new laptop.

[George Ramirez]

Sure. But I am not sure in which state you want me to send them. I
haven't disabled inteldrm like pstern suggested. tbh, I wouldn't know
how to do that yet. What I did do was upgrade to the latest snapshot
from February 28th and  give it another syspatch but that didn't fix
the problem. Here is my dmesg and Xorg.0.log.

On Wed, Feb 28, 2018 at 4:11 PM, Noth <nothingn...@citycable.ch> wrote:
> Can you boot without X running, copy /var/log/Xorg.0.log and dmesg to a usb
> stick or another machine and then upload those to this thread? This is an
> ongoing acpi issue with inteldrm I believe, it stopped working in 6.2 for
> Skylake and newer intel GPUs. No change in sight...
>
>
> Noth
>
>
> On 26/02/18 23:11, George Ramirez wrote:
>>
>> Sadly this didn't work. I tried the keys for the screen brightness but
>> nothing changed.
>>
>> On Thu, Feb 22, 2018 at 3:29 PM, Andrew <and...@quickstick.net> wrote:
>>
>>> On 02/22/18 09:27, George Ramirez wrote:
>>>
>>>> with intel 620 UHD graphics. At first, the console shows with underscan,
>>>> then the resolution changes to the native one, and finally it goes
>>>> black.
>>>>
>>> It's a frustrating problem because there are no errors and it seemingly
>>> doesn't work. I bet X is actually running properly but xbacklight
>>> somehow ended up = 0. Tap the "brightness" key on your keyboard a couple
>>> times and see if it illuminates the display properly. On my ThinkPad
>>> it's [Fn]+[Home]. Also check out man xbacklight(1). Good luck !!!
>>>
>


dmesg
Description: Binary data
# cat /var/log/Xorg.0.log
[23.819] (--) checkDevMem: using aperture driver /dev/xf86
[23.842] (--) Using wscons driver on /dev/ttyC4
[23.860] 
X.Org X Server 1.19.6
Release Date: 2017-12-20
[23.861] X Protocol Version 11, Revision 0
[23.861] Build Operating System: OpenBSD 6.2 amd64 
[23.861] Current Operating System: OpenBSD novao.home 6.2 GENERIC.MP#15 amd64
[23.861] Build Date: 27 February 2018  10:32:31PM
[23.861]  
[23.861] Current version of pixman: 0.34.0
[23.861]Before reporting problems, check http://wiki.x.org
to make sure that you have the latest version.
[23.861] Markers: (--) probed, (**) from config file, (==) default setting,
(++) from command line, (!!) notice, (II) informational,
(WW) warning, (EE) error, (NI) not implemented, (??) unknown.
[23.861] (==) Log file: "/var/log/Xorg.0.log", Time: Thu Mar  1 02:40:44 2018
[23.862] (==) Using system config directory "/usr/X11R6/share/X11/xorg.conf.d"
[23.863] (==) No Layout section.  Using the first Screen section.
[23.863] (==) No screen section available. Using defaults.
[23.863] (**) |-->Screen "Default Screen Section" (0)
[23.863] (**) |   |-->Monitor ""
[23.863] (==) No monitor specified for screen "Default Screen Section".
Using a default monitor configuration.
[23.864] (==) Automatically adding devices
[23.864] (==) Automatically enabling devices
[23.864] (==) Not automatically adding GPU devices
[23.864] (==) Max clients allowed: 256, resource mask: 0x1f
[23.868] (==) FontPath set to:
/usr/X11R6/lib/X11/fonts/misc/,
/usr/X11R6/lib/X11/fonts/TTF/,
/usr/X11R6/lib/X11/fonts/OTF/,
/usr/X11R6/lib/X11/fonts/Type1/,
/usr/X11R6/lib/X11/fonts/100dpi/,
/usr/X11R6/lib/X11/fonts/75dpi/
[23.868] (==) ModulePath set to "/usr/X11R6/lib/modules"
[23.868] (II) The server relies on wscons to provide the list of input devices.
If no devices become available, reconfigure wscons or disable AutoAddDevices.
[23.868] (II) Loader magic: 0x351bf42000
[23.868] (II) Module ABI versions:
[23.868]X.Org ANSI C Emulation: 0.4
[23.868]X.Org Video Driver: 23.0
[23.868]X.Org XInput driver : 24.1
[23.868]X.Org Server Extension : 10.0
[23.868] (--) PCI:*(0:0:2:0) 8086:5917:1558:1313 rev 7, Mem @ 0xdb00/16777216, 0x9000/268435456, I/O @ 0xf000/64
[23.868] (II) LoadModule: "glx"
[23.870] (II) Loading /usr/X11R6/lib/modules/extensions/libglx.so
[23.877] (II) Module glx: vendor="X.Org Foundation"
[23.877]compiled for 1.19.6, module version = 1.0.0
[23.877]ABI class: X.Org Server Extension, version 10.0
[23.877] (==) Matched modesetting as autoconfigured driver 0
[23.877] (==) Assigned the driver to the xf86ConfigLayout
[23.877] (II) LoadModule: "modesetting"
[23.878] (II) Loading /usr/X11R6/lib/modules/drivers/modesetting_drv.so
[23.878] (II) Module m

Re: Black screen when starting Xorg with new laptop.

[George Ramirez]

Sadly this didn't work. I tried the keys for the screen brightness but
nothing changed.

On Thu, Feb 22, 2018 at 3:29 PM, Andrew <and...@quickstick.net> wrote:

> On 02/22/18 09:27, George Ramirez wrote:
>
>> with intel 620 UHD graphics. At first, the console shows with underscan,
>> then the resolution changes to the native one, and finally it goes black.
>>
>
> It's a frustrating problem because there are no errors and it seemingly
> doesn't work. I bet X is actually running properly but xbacklight
> somehow ended up = 0. Tap the "brightness" key on your keyboard a couple
> times and see if it illuminates the display properly. On my ThinkPad
> it's [Fn]+[Home]. Also check out man xbacklight(1). Good luck !!!
>

Black screen when starting Xorg with new laptop.

[George Ramirez]

So far I have been unable to start X with a new OpenBSD install on my
laptop. I am a complete beginner to OpenBSD. I did manage to get to the
desktop environment in a virtualbox vm. I tried both the default fvwm and
gnome, with both xenodm and gdm. This all worked fine, albeit very slow on
non accelerated vm graphics. However, on my N130WU laptop the screen goes
black right after the boot up messages. This is a kaby lake refresh laptop
with intel 620 UHD graphics. At first, the console shows with underscan,
then the resolution changes to the native one, and finally it goes black. I
was still able to connect through SSH while the laptop was in this state
and get the Xorg.0.log. The log told me to add machdep.allowaperture=1 to
/etc/sysctl.conf which I did, but the screen went black again after I
rebooted. From the new Xorg.0.log I can not understand what went wrong this
time. Here are the new Xorg.0.log and dmesg output.
https://pastebin.com/F9Gf26mb  https://pastebin.com/SQRgxBdz

George

Re: PCEngines APU2 Wifi router issues

[George]

On Sat, 23 Dec 2017 12:36:03 -0700
Steve Williams <st...@williamsitconsulting.com> wrote:

> On 22/12/2017 7:00 PM, Carlos Cardenas wrote:
> > George <g.lis...@nodeunit.com> wrote:
> >
> >> On Thu, 21 Dec 2017 21:25:44 -0800
> >> Carlos Cardenas <cardena...@gmail.com> wrote:
> >>
> >>> George <g.lis...@nodeunit.com> wrote:
> >>>
> >>>> Hi guys,
> >>>>
> >>>> I got the apu2b4 to build a wifi router with an Intel Dual Band
> >>>> Wireless AC 7260 wifi module. The module firmware was loaded by
> >>>> fw_update at first boot and connecting to my existing AP works
> >>>> but when
> >>>>
> >>>> I try to set it up as an access point with:
> >>>>
> >>>> ifconfig iwm0 up media autoselect mediaopt hostap mode 11g nwid
> >>>> MySSID wpakey MyKey
> >>>>
> >>>> I get in ifconfig iwm0
> >>>> ...
> >>>> status: no network
> >>>> ...
> >>>>
> >>>> and associating/connecting from my Linux laptop does not work...
> >>>> I am not even seeing the AP with this "MySSID" in the scan
> >>>> listing. Any suggestions or ideas as to what might be wrong are
> >>>> welcome.
> >>>>
> >>>> TIA
> >>>> George
> >>>>
> >>> George,
> >>>
> >>> iwm(4) is not capable for access point usage.
> >>>
> >>> Check out https://www.openbsd.org/faq/faq6.html#Wireless for a
> >>> list.
> >>>
> >>> +--+
> >>> Carlos
> >> Sorry but now I have another question I live in Canada and the
> >> PCEngines website points to one reseller here and they seem to not
> >> have the right card:
> >>
> >> https://corpshadow.biz/bizstore/system-components/wireless-components/radio-cards/
> >>
> >> any idea where I can get one preferably in Canada.
> >>
> >> Thanks in advance.
> >> George
> > They had the WLE200NX listed on the page:
> > https://corpshadow.biz/bizstore/compex/dualband-80211n-mimo-2x2-minipcie.html
> >
> > If you don't like that card, you can always pick something up on
> > ebay.
> >
> > +--+
> > Carlos
> 
> Hi,
> 
> I have one of those cards (WLE200NX ) in my APU.  Be aware that
> OpenBSD drivers don't give very fast performance for it.  Lots about
> it in the email list archives.
> 
> Mine shows up (OpenBSD 6.1) as:
> 
> athn0 at pci4 dev 0 function 0 "Atheros AR9281" rev 0x01: apic 5
> int 16 athn0: AR9280 rev 2 (2T2R), ROM rev 22, address
> 04:f0:21:1b:b3:68

Thanks Steve that is good to know. Do you have any numbers to share,
comparison under different OS maybe?
Regards,
George

> 
> 
> Cheers,
> Steve Williams
> 

Re: Panic: ffs_blkfree on 6.0 GENERIC.MP

[George Kourvoulis]

We tracked the problem to the underlying storage of the VM, so it is not
OpenBSD related.


On Wed, Jan 10, 2018 at 12:50 PM, George Kourvoulis <gko...@gmail.com>
wrote:

> Hello,
>
> Today I have found one of my gateways (VM on esxi 6.5) in the state that
> is shown here:
> https://imgur.com/a/SV687
>
> Unfortunately I didn't have time to gather more info because I had to
> reboot the machine in order to resume operations.
>
> Any pointers would be much appreciated.
>
> Thanks,
> George
>
> PS. Here is the output of my dmesg:
>
> OpenBSD 6.0 (GENERIC.MP) #2319: Tue Jul 26 13:00:43 MDT 2016
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 2130640896 <21%203064%200896> (2031MB)
> avail mem = 2061656064 (1966MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (239 entries)
> bios0: vendor Phoenix Technologies LTD version "6.00" date 04/05/2016
> bios0: VMware, Inc. VMware Virtual Platform
> acpi0 at bios0: rev 2
> acpi0: sleep states S0 S1 S4 S5
> acpi0: tables DSDT FACP BOOT APIC MCFG SRAT HPET WAET
> acpi0: wakeup devices PCI0(S3) USB_(S1) P2P0(S3) S1F0(S3) S2F0(S3)
> S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3) S10F(S3)
> S11F(S3) S12F(S3) S13F(S3) [...]
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Xeon(R) CPU E5-2620 v3 @ 2.40GHz, 2397.56 MHz
> cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,
> CMOV,PAT,PSE36,CFLUSH,DS,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,
> SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,
> AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,LONG,LAHF,PERF,
> ITSC,FSGSBASE,SMEP,ERMS,ARAT
> cpu0: 256KB 64b/line 8-way L2 cache
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
> cpu0: apic clock running at 65MHz
> ioapic0 at mainbus0: apid 1 pa 0xfec0, version 11, 24 pins
> acpimcfg0 at acpi0 addr 0xf000, bus 0-127
> acpihpet0 at acpi0: 14318179 Hz
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpicpu0 at acpi0: C1(@1 halt!)
> "PNP0001" at acpi0 not configured
> "PNP0303" at acpi0 not configured
> "PNP0F13" at acpi0 not configured
> "PNP0A05" at acpi0 not configured
> "PNP0400" at acpi0 not configured
> "PNP0501" at acpi0 not configured
> "PNP0501" at acpi0 not configured
> "PNP0700" at acpi0 not configured
> acpiac0 at acpi0: AC unit online
> pvbus0 at mainbus0: VMware
> vmt0 at pvbus0
> pci0 at mainbus0 bus 0
> pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x01
> ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x01
> pci1 at ppb0 bus 1
> pcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x08
> pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA,
> channel 0 configured to compatibility, channel 1 configured to compatibility
> pciide0: channel 0 disabled (no drives)
> atapiscsi0 at pciide0 channel 1 drive 0
> scsibus1 at atapiscsi0: 2 targets
> cd0 at scsibus1 targ 0 lun 0: <NECVMWar, VMware IDE CDR10, 1.00> ATAPI
> 5/cdrom removable
> cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
> piixpm0 at pci0 dev 7 function 3 "Intel 82371AB Power" rev 0x08: SMBus
> disabled
> "VMware VMCI" rev 0x10 at pci0 dev 7 function 7 not configured
> vga1 at pci0 dev 15 function 0 "VMware SVGA II" rev 0x00
> wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> mpi0 at pci0 dev 16 function 0 "Symbios Logic 53c1030" rev 0x01: apic 1
> int 17
> mpi0: 0, firmware 1.3.41.32
> scsibus2 at mpi0: 16 targets, initiator 7
> sd0 at scsibus2 targ 0 lun 0: <VMware, Virtual disk, 1.0> SCSI2 0/direct
> fixed
> sd0: 10240MB, 512 bytes/sector, 20971520 sectors
> mpi0: target 0 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1
> ppb1 at pci0 dev 17 function 0 "VMware PCI" rev 0x02
> pci2 at ppb1 bus 2
> em0 at pci2 dev 0 function 0 "Intel 82545EM" rev 0x01: apic 1 int 18,
> address 00:50:56:b8:fd:45
> em1 at pci2 dev 2 function 0 "Intel 82545EM" rev 0x01: apic 1 int 16,
> address 00:50:56:b8:f4:6a
> em2 at pci2 dev 3 function 0 "Intel 82545EM" rev 0x01: apic 1 int 17,
> address 00:50:56:b8:9f:11
> em3 at pci2 dev 4 function 0 "Intel 82545EM" rev 0x01: apic 1 int 18,
> address 00:50:56:b8:d7:85
> ppb2 at pci0 dev 21 function 0 "VMware PCIE" rev 0x01
> pci3 at ppb2 bus 3
> ppb3 at pci0 

Panic: ffs_blkfree on 6.0 GENERIC.MP

[George Kourvoulis]

Hello,

Today I have found one of my gateways (VM on esxi 6.5) in the state that is
shown here:
https://imgur.com/a/SV687

Unfortunately I didn't have time to gather more info because I had to
reboot the machine in order to resume operations.

Any pointers would be much appreciated.

Thanks,
George

PS. Here is the output of my dmesg:

OpenBSD 6.0 (GENERIC.MP) #2319: Tue Jul 26 13:00:43 MDT 2016
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 2130640896 (2031MB)
avail mem = 2061656064 (1966MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe0010 (239 entries)
bios0: vendor Phoenix Technologies LTD version "6.00" date 04/05/2016
bios0: VMware, Inc. VMware Virtual Platform
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT FACP BOOT APIC MCFG SRAT HPET WAET
acpi0: wakeup devices PCI0(S3) USB_(S1) P2P0(S3) S1F0(S3) S2F0(S3) S3F0(S3)
S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3) S10F(S3) S11F(S3)
S12F(S3) S13F(S3) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU E5-2620 v3 @ 2.40GHz, 2397.56 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 65MHz
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 11, 24 pins
acpimcfg0 at acpi0 addr 0xf000, bus 0-127
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0: C1(@1 halt!)
"PNP0001" at acpi0 not configured
"PNP0303" at acpi0 not configured
"PNP0F13" at acpi0 not configured
"PNP0A05" at acpi0 not configured
"PNP0400" at acpi0 not configured
"PNP0501" at acpi0 not configured
"PNP0501" at acpi0 not configured
"PNP0700" at acpi0 not configured
acpiac0 at acpi0: AC unit online
pvbus0 at mainbus0: VMware
vmt0 at pvbus0
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x01
ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x01
pci1 at ppb0 bus 1
pcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x08
pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel
0 configured to compatibility, channel 1 configured to compatibility
pciide0: channel 0 disabled (no drives)
atapiscsi0 at pciide0 channel 1 drive 0
scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0: <NECVMWar, VMware IDE CDR10, 1.00> ATAPI
5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
piixpm0 at pci0 dev 7 function 3 "Intel 82371AB Power" rev 0x08: SMBus
disabled
"VMware VMCI" rev 0x10 at pci0 dev 7 function 7 not configured
vga1 at pci0 dev 15 function 0 "VMware SVGA II" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
mpi0 at pci0 dev 16 function 0 "Symbios Logic 53c1030" rev 0x01: apic 1 int
17
mpi0: 0, firmware 1.3.41.32
scsibus2 at mpi0: 16 targets, initiator 7
sd0 at scsibus2 targ 0 lun 0: <VMware, Virtual disk, 1.0> SCSI2 0/direct
fixed
sd0: 10240MB, 512 bytes/sector, 20971520 sectors
mpi0: target 0 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1
ppb1 at pci0 dev 17 function 0 "VMware PCI" rev 0x02
pci2 at ppb1 bus 2
em0 at pci2 dev 0 function 0 "Intel 82545EM" rev 0x01: apic 1 int 18,
address 00:50:56:b8:fd:45
em1 at pci2 dev 2 function 0 "Intel 82545EM" rev 0x01: apic 1 int 16,
address 00:50:56:b8:f4:6a
em2 at pci2 dev 3 function 0 "Intel 82545EM" rev 0x01: apic 1 int 17,
address 00:50:56:b8:9f:11
em3 at pci2 dev 4 function 0 "Intel 82545EM" rev 0x01: apic 1 int 18,
address 00:50:56:b8:d7:85
ppb2 at pci0 dev 21 function 0 "VMware PCIE" rev 0x01
pci3 at ppb2 bus 3
ppb3 at pci0 dev 21 function 1 "VMware PCIE" rev 0x01
pci4 at ppb3 bus 4
ppb4 at pci0 dev 21 function 2 "VMware PCIE" rev 0x01
pci5 at ppb4 bus 5
ppb5 at pci0 dev 21 function 3 "VMware PCIE" rev 0x01
pci6 at ppb5 bus 6
ppb6 at pci0 dev 21 function 4 "VMware PCIE" rev 0x01
pci7 at ppb6 bus 7
ppb7 at pci0 dev 21 function 5 "VMware PCIE" rev 0x01
pci8 at ppb7 bus 8
ppb8 at pci0 dev 21 function 6 "VMware PCIE" rev 0x01
pci9 at ppb8 bus 9
ppb9 at pci0 dev 21 function 7 "VMware PCIE" rev 0x01
pci10 at ppb9 bus 10
ppb10 at pci0 dev 22 function 0 "VMware PCIE" rev 0x01
pci11 at ppb10 bus 11
ppb11 at pci0 dev 22 function 1 "VMware P

Re: PCEngines APU2 Wifi router issues

[George]

On Fri, 22 Dec 2017 18:00:37 -0800
Carlos Cardenas <cardena...@gmail.com> wrote:

> George <g.lis...@nodeunit.com> wrote:
> 
> > On Thu, 21 Dec 2017 21:25:44 -0800
> > Carlos Cardenas <cardena...@gmail.com> wrote:
> > 
> > > George <g.lis...@nodeunit.com> wrote:
> > > 
> > > > Hi guys,
> > > > 
> > > > I got the apu2b4 to build a wifi router with an Intel Dual Band
> > > > Wireless AC 7260 wifi module. The module firmware was loaded by
> > > > fw_update at first boot and connecting to my existing AP works
> > > > but when
> > > > 
> > > > I try to set it up as an access point with:
> > > > 
> > > > ifconfig iwm0 up media autoselect mediaopt hostap mode 11g nwid
> > > > MySSID wpakey MyKey
> > > > 
> > > > I get in ifconfig iwm0
> > > > ...
> > > > status: no network
> > > > ...
> > > > 
> > > > and associating/connecting from my Linux laptop does not
> > > > work... I am not even seeing the AP with this "MySSID" in the
> > > > scan listing. Any suggestions or ideas as to what might be
> > > > wrong are welcome.
> > > > 
> > > > TIA
> > > > George
> > > > 
> > > 
> > > George,
> > > 
> > > iwm(4) is not capable for access point usage.
> > > 
> > > Check out https://www.openbsd.org/faq/faq6.html#Wireless for a
> > > list.
> > > 
> > > +--+
> > > Carlos
> > 
> > Sorry but now I have another question I live in Canada and the
> > PCEngines website points to one reseller here and they seem to not
> > have the right card:
> > 
> > https://corpshadow.biz/bizstore/system-components/wireless-components/radio-cards/
> > 
> > any idea where I can get one preferably in Canada.
> > 
> > Thanks in advance.
> > George
> 
> They had the WLE200NX listed on the page:
> https://corpshadow.biz/bizstore/compex/dualband-80211n-mimo-2x2-minipcie.html
> 
> If you don't like that card, you can always pick something up on ebay.
> 
> +--+
> Carlos


Actually no that will work I was looking at the ath not the athn driver
that's why I thought it does not.

Thanks Carlos

Re: PCEngines APU2 Wifi router issues

[George]

On Thu, 21 Dec 2017 21:25:44 -0800
Carlos Cardenas <cardena...@gmail.com> wrote:

> George <g.lis...@nodeunit.com> wrote:
> 
> > Hi guys,
> > 
> > I got the apu2b4 to build a wifi router with an Intel Dual Band
> > Wireless AC 7260 wifi module. The module firmware was loaded by
> > fw_update at first boot and connecting to my existing AP works but
> > when
> > 
> > I try to set it up as an access point with:
> > 
> > ifconfig iwm0 up media autoselect mediaopt hostap mode 11g nwid
> > MySSID wpakey MyKey
> > 
> > I get in ifconfig iwm0
> > ...
> > status: no network
> > ...
> > 
> > and associating/connecting from my Linux laptop does not work... I
> > am not even seeing the AP with this "MySSID" in the scan listing.
> > Any suggestions or ideas as to what might be wrong are welcome.
> > 
> > TIA
> > George
> > 
> 
> George,
> 
> iwm(4) is not capable for access point usage.
> 
> Check out https://www.openbsd.org/faq/faq6.html#Wireless for a list.
> 
> +--+
> Carlos

Sorry but now I have another question I live in Canada and the
PCEngines website points to one reseller here and they seem to not have
the right card:

https://corpshadow.biz/bizstore/system-components/wireless-components/radio-cards/

any idea where I can get one preferably in Canada.

Thanks in advance.
George

Re: PCEngines APU2 Wifi router issues

[George]

On Thu, 21 Dec 2017 21:25:44 -0800
Carlos Cardenas <cardena...@gmail.com> wrote:

> George <g.lis...@nodeunit.com> wrote:
> 
> > Hi guys,
> > 
> > I got the apu2b4 to build a wifi router with an Intel Dual Band
> > Wireless AC 7260 wifi module. The module firmware was loaded by
> > fw_update at first boot and connecting to my existing AP works but
> > when
> > 
> > I try to set it up as an access point with:
> > 
> > ifconfig iwm0 up media autoselect mediaopt hostap mode 11g nwid
> > MySSID wpakey MyKey
> > 
> > I get in ifconfig iwm0
> > ...
> > status: no network
> > ...
> > 
> > and associating/connecting from my Linux laptop does not work... I
> > am not even seeing the AP with this "MySSID" in the scan listing.
> > Any suggestions or ideas as to what might be wrong are welcome.
> > 
> > TIA
> > George
> > 
> 
> George,
> 
> iwm(4) is not capable for access point usage.
> 
> Check out https://www.openbsd.org/faq/faq6.html#Wireless for a list.
> 
> +--+
> Carlos


Hehe doh ... should've checked before ordering it.
Thanks Carlos!

Cheers,
George

PCEngines APU2 Wifi router issues

[George]

Hi guys,

I got the apu2b4 to build a wifi router with an Intel Dual Band
Wireless AC 7260 wifi module. The module firmware was loaded by
fw_update at first boot and connecting to my existing AP works but when

I try to set it up as an access point with:

ifconfig iwm0 up media autoselect mediaopt hostap mode 11g nwid MySSID
wpakey MyKey

I get in ifconfig iwm0
...
status: no network
...

and associating/connecting from my Linux laptop does not work... I am
not even seeing the AP with this "MySSID" in the scan listing. Any
suggestions or ideas as to what might be wrong are welcome.

TIA
George

AMD Ryzen 7 1700, Gigabyte AB350-GA, Gigabyte AMD RADEON R5 230

[Siju George]

Automatically detects the right resolution.  1440x900  59.90*+
( For debian an extra manual step to install nofree drivers is required )
Sound works for youtube after executing
# mixerctl outputs.master=256,256

dmesg for those who are interested

OpenBSD 6.2 (GENERIC.MP) #134: Tue Oct  3 21:22:29 MDT 2017
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17112383488 (16319MB)
avail mem = 16586743808 (15818MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xeb3b0 (57 entries)
bios0: vendor American Megatrends Inc. version "F6" date 04/07/2017
bios0: Gigabyte Technology Co., Ltd. AB350-Gaming 3
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT SSDT FIDT SSDT SRAT CRAT CDIT SSDT MCFG
HPET SSDT UEFI IVRS SSDT SSDT
acpi0: wakeup devices GPP0(S4) GPP1(S4) GPP2(S4) PTXH(S4) GPP3(S4) GPP4(S4)
GPP5(S4) GPP6(S4) GPP7(S4) GPP8(S4) GPP9(S4) GPPA(S4) GPPB(S4) GPPC(S4)
GPPD(S4) GPPE(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Ryzen 7 1700 Eight-Core Processor, 2994.86 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TOPEXT,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA
cpu0: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
64b/line 8-way L2 cache, 16MB 64b/line 16-way L3 cache
cpu0: ITLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu0: TSC frequency 2994864300 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD Ryzen 7 1700 Eight-Core Processor, 2994.38 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TOPEXT,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA
cpu1: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
64b/line 8-way L2 cache, 16MB 64b/line 16-way L3 cache
cpu1: ITLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: AMD Ryzen 7 1700 Eight-Core Processor, 2994.37 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TOPEXT,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA
cpu2: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
64b/line 8-way L2 cache, 16MB 64b/line 16-way L3 cache
cpu2: ITLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu2: DTLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: AMD Ryzen 7 1700 Eight-Core Processor, 2994.38 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TOPEXT,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA
cpu3: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
64b/line 8-way L2 cache, 16MB 64b/line 16-way L3 cache
cpu3: ITLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu3: DTLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu3: smt 0, core 3, package 0
cpu4 at mainbus0: apid 4 (application processor)
cpu4: AMD Ryzen 7 1700 Eight-Core Processor, 2994.37 MHz
cpu4:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TOPEXT,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA
cpu4: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
64b/line 8-way L2 cache, 16MB 64b/line 16-way L3 

Re: log up or down interface end change physical address

[George Brown]

There's ifstated - http://man.openbsd.org/ifstated

On 21 September 2017 at 14:29, Krzysztof Strzeszewski  wrote:
> Hi,
>
> How to log up or down (connect or not connect cable) interface end change
> physical address on OpenBSD?
>
>
> --
> Regards,
> Krzysztof Strzeszewski
>

Re: ping -R causes panic

[George Brown]

I can reproduce this after updating to the Sept 18th snapshot, I did not
observe this on my Aug 20 snapshot install if that aids in narrowing
down when this was introduced.

I suspect reporting this to bugs rather than misc may be a better course
of action.

https://www.openbsd.org/report.html

On 20 September 2017 at 12:26, Kapetanakis Giannis
 wrote:
> I got this panic today after ping -R
> I don't run pfsync
>
> # ping -R www.google.com
> panic: kernel diagnostic assertion "m0->m_flags & M_PKTHDR" failed: file 
> "/usr/src/sys/kern/uipc_mbuf.c", line 1344splassert: pfsync_update_state: 
> want 1 have 256
>
> pStopped at  db_enter+0x5:   popq%rbp
> TIDPIDUID PRFLAGS PFLAGS  CPU  COMMAND
> *299140  12380 510x33  02  ping
>  422116  15532  0 0x14000  0x2001  softnet
> db_enter() at db_enter+0x5
> panic() at panic+0x128
> __assert(81020a74,80002692f4a0,0,1) at __assert+0x24
> m_dup_pkt(ff010c77caf8,1,ff00baab064b) at m_dup_pkt+0x225
> ip_pcbopts(1,ff00baab0600) at ip_pcbopts+0x138
> sosetopt(ff010947b018,800026798d68,80002692f5f0,ff00baab0600) 
> a
> t sosetopt+0xd0
> sys_setsockopt(80002692f680,690,800026798d68) at sys_setsockopt+0x13d
> syscall() at syscall+0x270
> --- syscall (number 105) ---
> end of kernel
> end trace frame: 0x7f7bf230, count: 7
> 0xc362b93239a:
>
>
> OpenBSD 6.2-beta (GENERIC.MP) #86: Sun Sep 10 10:07:51 MDT 2017
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 4273274880 (4075MB)
> avail mem = 4136747008 (3945MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xcfb9c000 (67 entries)
> bios0: vendor Dell Inc. version "2.7.0" date 10/30/2010
> bios0: Dell Inc. PowerEdge 1950
> acpi0 at bios0: rev 2
> acpi0: sleep states S0 S4 S5
> acpi0: tables DSDT FACP APIC SPCR HPET MCFG WD__ SLIC ERST HEST BERT EINJ TCPA
> acpi0: wakeup devices PCI0(S5)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Xeon(R) CPU E5405 @ 2.00GHz, 1995.26 MHz
> cpu0: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,NXE,LONG,LAHF,PERF,SENSOR
> cpu0: 6MB 64b/line 16-way L2 cache
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
> cpu0: apic clock running at 332MHz
> cpu0: mwait min=64, max=64, C-substates=0.2.2.2, IBE
> cpu1 at mainbus0: apid 2 (application processor)
> cpu1: Intel(R) Xeon(R) CPU E5405 @ 2.00GHz, 1995.01 MHz
> cpu1: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,NXE,LONG,LAHF,PERF,SENSOR
> cpu1: 6MB 64b/line 16-way L2 cache
> cpu1: smt 0, core 2, package 0
> cpu2 at mainbus0: apid 1 (application processor)
> cpu2: Intel(R) Xeon(R) CPU E5405 @ 2.00GHz, 1995.01 MHz
> cpu2: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,NXE,LONG,LAHF,PERF,SENSOR
> cpu2: 6MB 64b/line 16-way L2 cache
> cpu2: smt 0, core 1, package 0
> cpu3 at mainbus0: apid 3 (application processor)
> cpu3: Intel(R) Xeon(R) CPU E5405 @ 2.00GHz, 1995.01 MHz
> cpu3: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,NXE,LONG,LAHF,PERF,SENSOR
> cpu3: 6MB 64b/line 16-way L2 cache
> cpu3: smt 0, core 3, package 0
> ioapic0 at mainbus0: apid 4 pa 0xfec0, version 20, 24 pins
> , remapped to apid 4
> acpihpet0 at acpi0: 14318179 Hz
> acpimcfg0 at acpi0 addr 0xe000, bus 0-255
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus 4 (PEX2)
> acpiprt2 at acpi0: bus 5 (UPST)
> acpiprt3 at acpi0: bus 6 (DWN1)
> acpiprt4 at acpi0: bus 8 (DWN2)
> acpiprt5 at acpi0: bus 1 (PEX3)
> acpiprt6 at acpi0: bus -1 (PE2P)
> acpiprt7 at acpi0: bus 10 (PEX4)
> acpiprt8 at acpi0: bus -1 (PE2P)
> acpiprt9 at acpi0: bus 12 (PEX6)
> acpiprt10 at acpi0: bus 2 (SBEX)
> acpiprt11 at acpi0: bus 14 (COMP)
> acpicpu0 at acpi0: C1(@1 halt!)
> acpicpu1 at acpi0: C1(@1 halt!)
> acpicpu2 at acpi0: C1(@1 halt!)
> acpicpu3 at acpi0: C1(@1 halt!)
> "PNP0C33" at acpi0 not configured
> "PNP0700" at acpi0 not configured
> "IPI0001" at acpi0 not configured
> ipmi at mainbus0 not configured
> pci0 at mainbus0 bus 0
> pchb0 at pci0 dev 0 function 0 "Intel 5000X Host" rev 0x12
> ppb0 at pci0 dev 2 function 0 "Intel 5000 PCIE" rev 0x12
> pci1 at ppb0 bus 4
> ppb1 at pci1 dev 0 function 0 "Intel 6321ESB PCIE" rev 0x01
> pci2 at ppb1 bus 5
> 

Re: Query regarding exec in mandocdb.c

[George Brown]

Thank you for the replies Ingo and the diffs!

George Brown


On 26 August 2017 at 17:04, Ingo Schwarze <schwa...@usta.de> wrote:
> Hi George,
>
> George Brown wrote on Thu, Aug 24, 2017 at 02:01:05PM +0100:
>
>> In mandocdb.c it appears cmp(1) and rm(1) are executed in a child
>> process. It seems that if the logic from these programs were duplicated
>> the pledge in mandocdb.c could be further restricted and even not bother
>> with forking.
>
> Done as well, see the commit below.
>
> Thanks again for the suggestion,
>   Ingo
>
>
> Log Message:
> ---
> Do not fork and exec cmp(1); instead, simply fstat(2), mmap(2), and
> compare the files directly, allowing a much stricter pledge(2), at
> very little cost: merely 15 additional lines of very simple code.
> Suggested by George Brown <321 dot george at gmail dot com> on misc@.
>
> Modified Files:
> --
> mandoc:
> mandocdb.c
>
> Revision Data
> -
> Index: mandocdb.c
> ===
> RCS file: /home/cvs/mandoc/mandoc/mandocdb.c,v
> retrieving revision 1.254
> retrieving revision 1.255
> diff -Lmandocdb.c -Lmandocdb.c -u -p -r1.254 -r1.255
> --- mandocdb.c
> +++ mandocdb.c
> @@ -19,8 +19,8 @@
>  #include "config.h"
>
>  #include 
> +#include 
>  #include 
> -#include 
>
>  #include 
>  #include 
> @@ -319,7 +319,7 @@ mandocdb(int argc, char *argv[])
> int   ch, i;
>
>  #if HAVE_PLEDGE
> -   if (pledge("stdio rpath wpath cpath fattr flock proc exec", NULL) == 
> -1) {
> +   if (pledge("stdio rpath wpath cpath", NULL) == -1) {
> warn("pledge");
> return (int)MANDOCLEVEL_SYSERR;
> }
> @@ -440,15 +440,6 @@ mandocdb(int argc, char *argv[])
>  * The existing database is usable.  Process
>  * all files specified on the command-line.
>  */
> -#if HAVE_PLEDGE
> -   if (!nodb) {
> -   if (pledge("stdio rpath wpath cpath fattr 
> flock", NULL) == -1) {
> -   warn("pledge");
> -   exitcode = (int)MANDOCLEVEL_SYSERR;
> -   goto out;
> -   }
> -   }
> -#endif
> use_all = 1;
> for (i = 0; i < argc; i++)
> filescan(argv[i]);
> @@ -2119,9 +2110,10 @@ dbprune(struct dba *dba)
>  static void
>  dbwrite(struct dba *dba)
>  {
> -   char tfn[33];
> -   int  status;
> -   pid_tchild;
> +   struct stat  sb1, sb2;
> +   char tfn[33], *cp1, *cp2;
> +   off_ti;
> +   int  fd1, fd2;
>
> /*
>  * Do not write empty databases, and delete existing ones
> @@ -2160,39 +2152,59 @@ dbwrite(struct dba *dba)
> say("", "&%s", tfn);
> return;
> }
> -
> +   cp1 = cp2 = NULL;
> +   fd1 = fd2 = -1;
> (void)strlcat(tfn, "/" MANDOC_DB, sizeof(tfn));
> if (dba_write(tfn, dba) == -1) {
> -   exitcode = (int)MANDOCLEVEL_SYSERR;
> say(tfn, "_write");
> -   goto out;
> -   }
> -
> -   switch (child = fork()) {
> -   case -1:
> -   exitcode = (int)MANDOCLEVEL_SYSERR;
> -   say("", " cmp");
> -   return;
> -   case 0:
> -   execlp("cmp", "cmp", "-s", tfn, MANDOC_DB, (char *)NULL);
> -   say("", " cmp");
> -   exit(0);
> -   default:
> -   break;
> -   }
> -   if (waitpid(child, , 0) == -1) {
> -   exitcode = (int)MANDOCLEVEL_SYSERR;
> -   say("", " cmp");
> -   } else if (WIFSIGNALED(status)) {
> -   exitcode = (int)MANDOCLEVEL_SYSERR;
> -   say("", "cmp died from signal %d", WTERMSIG(status));
> -   } else if (WEXITSTATUS(status)) {
> -   exitcode = (int)MANDOCLEVEL_SYSERR;
> -   say(MANDOC_DB,
> -   "Data changed, but cannot replace database");
> +   goto err;
> }
> +   if ((fd1 = open(MANDOC_DB, O_RDONLY, 0)) == -1) 

Query regarding exec in mandocdb.c

[George Brown]

In mandocdb.c it appears cmp(1) and rm(1) are executed in a child
process. It seems that if the logic from these programs were duplicated
the pledge in mandocdb.c could be further restricted and even not bother
with forking.

Would such a change be pointless churn however? Both cmp(1) and rm(1)
are simple programs and are pledge'd themselves. Not to mention the
creation of the mandoc database is in itself a short lived process.

To be clear I'm not proposing a change (indeed I have no diff) but
rather I am simply curious to the opinion of others in the OpenBSD
community.

Kind regards,
George

Re: Please Advise on licencing

[Siju George]

Thank you so much Ingo. Things are very clear.  :-)

On Aug 5, 2017 8:58 AM, "Ingo Schwarze" <schwa...@usta.de> wrote:

> Hi Siju,
>
> Siju George wrote on Sat, Aug 05, 2017 at 06:50:12AM +0530:
>
> > In a code repository should the licence wording be on every file ?
>
> Best practice is:
>
>  1. To have at least one line containing "Copyright (c) ..."
> at the top of each file containing copyrightable content.
>
>  2. Each author (natural person, NOT legal entity like corporations
> or foundations) who made copyrightable contributions to the
> file of which at least parts are still contained in the
> file must be mentioned on such a line.
> If an author did transfer their economic rights (which doesn't
> really make much sense for ISC or BSD 2-clause licensed code,
> but nonetheless, it is occasionally done), you can list the
> legal entity that acquired the economic rights, but then it
> becomes important to add a line, below the Copyright notice,
> reading, for example:
>   Parts of this file were written by (name of natural person)
>   for (name of legal entity).
> The reason is that the actual authors retain some inalienable
> rights, even when working for hire or contract, and the right
> to be know of as the author is one of these rights that can
> neither be sold nor be given away.
>
>  3. Each Copyright line must contain one year number, separated
> with commas, for each year in which that author made copyrightable
> additions to the file that are still present in the file.  Ranges
> of years separated with dashes are only acceptable if that
> author also made such contributions in each of the years between
> the endpoints of the range.  Usually, only use ranges on lines
> that would otherwise become too long.
>
> Look at /usr/src/usr.bin/mandoc/mdoc_term.c for an example
> demonstrating all these rules.
>
> The full text of the license should follow this Copyright notice
> in each file.
>
>
> That said, from a legal standpoint, it is sufficient to have one
> license for each Work, so having one Copyright notice for the whole
> Work (e.g., program or package) is legally sufficient, too.  But
> that is not a particularly good idea for several reasons:
>
>  1. It is less clear and can cause doubt as to which files are
> covered by the central Copyright notice and license.
>
>  2. It is very hard to maintain correctly.  Care is already needed
> when maintaining the notices in individual files, and maintaining
> a central notice correctly is even harder because it is no
> longer even clear in which files to look for the contributions
> of the various authors.
>
>  3. In practice, you will probably sooner or later include files
> from third parties that are available under free licenses.  In
> that case, leaving the Copyright notices and licenses in place
> in those included files is usually required by the third party
> licenses, and those licenses often differs slightly from the
> one you are using for your own Work.  So you end up with some
> files with Copyright notices and licenses and some without,
> which exacerbates the problem explained in item 1.
>
>  4. People maintaining other software will occasionally pick files
> from your software and copy them to their own package.  If you
> failed to add a Copyright notice and license to a file that
> gets picked in this way, there is a higher risk that the person
> taking the file forgets to copy your Copyright notice and license
> into the file before redistributing it.  And worse, how is that
> person even supposed to figure out who, and during which years,
> contributed to that particular file?  Basically, that poor soul
> will be forced to analyze the complete VCS commit history for
> the file and reconstruct the Copyright notice from scratch.
>
> > Or just in a file named "Licence" in the root folder ?
>
> Best practice is to do that *in addition*, because with many files,
> it can be hard to figure out the full list of Copyright holders and
> applicable licenses, and also because you almost certainly want to
> state *somewhere* which the preferred license is for new contributions
> to the project.
>
> For an example of such an additional central file demonstrating
> many useful features of such a central file, refer to
>
>   http://mandoc.bsd.lv/LICENSE
>
>
> Oh, and very important:  Never add any Copyright or license goo to
> the displayed text of any manual page or the stdout or stderr output
> of any program.  Copyright notices and licenses belong into t

Re: Please Advise on licencing

[Siju George]

Thank you In for the detailed explanation. In a code repository should the
licence wording be on every file ? Or just in a file named "Licence" in the
root folder ?

On Aug 5, 2017 12:49 AM, "Ingo Schwarze" <schwa...@usta.de> wrote:

> Hi,
>
> Reyk Floeter wrote on Fri, Aug 04, 2017 at 08:41:18AM +0200:
> > Am 04.08.2017 um 05:11 schrieb Siju George <sgeorge...@gmail.com>:
>
> >> I want this information to be available to all without discrimination.
> >> Which is the best licence I can give them?
>
> > the license is your choice ;-)
>
> While that is both true and important, there is also a definitive
> and objective answer to the question, quoting from what i wrote on
>
>   http://www.openbsd.org/policy.html
>
>   The above observations regarding moral rights imply that putting
>   code under an ISC or two-clause BSD license essentially makes the
>   code as free as it can possibly get. Modifying the wording of
>   these licenses can only result in one of the three following
>   effects:
>
> 1. making the code less free by adding additional restrictions
>regarding its use, copying, modification or distribution;
> 2. or effectively not changing anything by merely changing the
>wording, but not changing anything substantial regarding the
>legal content;
> 3. or making the license illegal by attempting to deprive the
>authors of rights they cannot legally give away.
>
> Some examples:
>
>  * The GPL is an example of case 1 (not free).
>
>  * Allowing anybody to relicence is an example of case 2
>when added as an additional right to an ISC license.
>At first, it might seem that grants an additional right.
>But that right is utterly useless: The license is already
>as free as it can be, so relicensing cannot grant additional
>rights, and relicensing under more restrictive terms is
>pointless because the code is already available under ISC
>and will remain so.
>Note that relicensing permission is *only* irrelevant for ISC
>and Berkeley 2-clause.  If code is under a not fully free license
>(like GPL or Apache 2.0 or CDDL), then granting the right to
>relicense suddenly makes the code fully free, because anybody
>can then go ahead and (legally and morally legitimately)
>re-release under ISC.
>
>  * "Do whatever you like with this code" is an example of case 3.
>It is misleading in so far as the author *still* retains some
>rights under international law, specifically the Berne Convention,
>and there are things you are *still* prohibited from doing with
>the code, and it is not a good idea to mislead the unwary.
>Besides, it is dangerous because nobody knows whether some judge
>in some obscure jurisdiction might rule that "whatever you like"
>is not specific enough to include "distribute changed versions
>for profit as part of your private business" (or not specific
>enough for whatever might be considered to require *explicit*
>permission in that jurisdiction).  Or some judge might even rule
>that is outright invalid in the first place because of the obvious
>violation of the Berne Convention and consequently grants no
>rights whatsoever.  Using non-standard or fuzzy wording may
>potentially open you up to surprises in some jurisdictions.
>
> Yours,
>   Ingo
>

Re: Please Advise on licencing

[Siju George]

Thank you Reyk . I will use ISC :-)

On Aug 4, 2017 12:11 PM, "Reyk Floeter" <r...@openbsd.org> wrote:

> Hi,
>
> the license is your choice ;-)
>
> But we use ISC for new code in OpenBSD and I also use for all other open
> source code these days.
>
> See:
> http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share/misc/
> license.template?rev=1.3=text/x-cvsweb-markup
>
> http://www.openbsd.org/goals.html
>
> And:
> https://en.m.wikipedia.org/wiki/ISC_license
>
> Note that the mentioned Atheros drivers in the Linux kernel are
> ISC-licensed because they were derived from my ar5k drivers in OpenBSD.
> Long time ago.
>
> http://linuxwireless.org/en/users/Drivers/Atheros/#Licensing
>
> Reyk
>
> Am 04.08.2017 um 05:11 schrieb Siju George <sgeorge...@gmail.com>:
>
> Hi,
>
> I have a git repo
>
> https://github.com/sgeorge
>
> where I populate mainly contents about docker.
>
> I want this information to be available to all without discrimination.
>
> Which is the best licence I can give them?
>
> BSD or ISC or MIT or any other?
>
> Heard Reyk is not using BSD licence for his drivers but ISC
>
> Thus the confusion in my mind.
>
> Please advise
>
> Thank you :-)
>
> Siju Oommen George
>
>
>

Please Advise on licencing

[Siju George]

Hi,

I have a git repo

https://github.com/sgeorge

where I populate mainly contents about docker.

I want this information to be available to all without discrimination.

Which is the best licence I can give them?

BSD or ISC or MIT or any other?

Heard Reyk is not using BSD licence for his drivers but ISC

Thus the confusion in my mind.

Please advise

Thank you :-)

Siju Oommen George

Re: Sites in firefox stop loading with "out of memory" in console

[George]

On Wed, 19 Apr 2017 00:06:10 -0300
Daniel Bolgheroni <dan...@bolgh.eng.br> wrote:

> Ultimately some sites opened with Firefox 52 stop loading with "out of
> memory" in console.  Two ofenders are https://app.wire.com and
> https://www.protonmail.com/login, and both seem related to asm.js.
> 
> Note that Firefox doesn't crash, but the sites beeing loaded just stop
> being loaded, and the F12 console notifies the error (console messages
> below). This occurred also with the previous 51 version but not with
> firefox-esr 45. Chrome works OK.
> 

Hi Daniel,

This is most probably a JavaScript issue. Try disabling JavaScript,
PrefBar add-on, and checking whether you get the out-of-memory messages
if it is the case I am not sure what you or OpenBSD can do about it as
it is a program served by the site. Try blocking or not downloading the
asm.js but I'd venture a guess it will be of no use to you then then.

Web NO-point-Oh what can I say ;)

Good luck!
George

Re: OpenBSD Stable

[George]

I change the permissions.
Thanks! it works now :)

On 01/18/17 21:36, trondd wrote:
> On Wed, January 18, 2017 12:51 pm, George wrote:
>>
> 
>> # /usr/ports/infrastructure/bin/dpb -f 20 -R pkglist
>>
>> dpb fetches the packages and i get the following result
>> Elapsed time=00:28:34
>> I=0 B=0 Q=0 T=547 F=0 !=9
>> L=devel/quirks libglade-2.6.4.tar.bz2.dist
>> ...
> 
> Everything is locked now because of the previous failures.  Blow away
> everything under /usr/ports/logs/ to start clean.  Build one
> package.
> 
>>
>> I didnt change any paths on dpb since i followed the pdf josg grosse
>> send me. I run dpb as root so i guess permissions dont matter.
>>
> 
> The permissions absoletly matter.  Read the Security Model of the dpb man
> page.  Even the slides told you this. ;)  Dpb drops privileges.

Re: OpenBSD Stable

[George]

Summary.log and package logs

The summary.log is

archivers/bzip2 not built
archivers/bzip2 errored
archivers/gtar errored
archivers/gtar not built rchivers/xz
archivers/libarchive locked
archivers/libarchive not built archivers/lz4 -> devel/gmake ->
archivers/bzip2
archivers/libmspack errored
archivers/libmspack not built
archivers/libtar errored
archivers/libtar not built
archivers/lz4 errored
archivers/lz4 not built devel/gmake -> archivers/bzip2
archivers/lzo2 not built
archivers/lzo2 errored
archivers/p5-Archive-Zip not built
archivers/p5-Archive-Zip errored
archivers/p7zip not built devel/gmake -> archivers/bzip2
archivers/p7zip,-main same as archivers/p7zip
archivers/p7zip,-main errored
archivers/p7zip,-rar not built devel/gmake -> archivers/bzip2
archivers/unzip errored
archivers/unzip not built
archivers/xz errored
archivers/xz not built
archivers/zip not built
archivers/zip errored
audio/cdparanoia not built devel/autoconf/2.52
audio/cdparanoia errored
audio/celt not built audio/libogg
audio/celt errored
audio/flac errored
audio/flac not built converters/libiconv
audio/gsm not built
audio/gsm errored
audio/jack not built devel/metaauto
audio/jack errored
audio/lame not built devel/gmake -> archivers/bzip2
audio/lame errored
audio/libcanberra not built devel/gmake -> archivers/bzip2
audio/libcanberra,-main errored
audio/libcddb errored
audio/libcddb not built archivers/bzip2
audio/libid3tag errored
audio/libid3tag not built devel/gperf
audio/libogg not built
audio/libogg errored
audio/libsamplerate errored
audio/libsamplerate not built audio/libsndfile -> audio/libvorbis ->
audio/libogg
audio/libsndfile not built audio/libvorbis -> audio/libogg
audio/libsndfile errored
audio/libvorbis errored
audio/libvorbis not built audio/libogg
audio/mpg123 errored
audio/mpg123 not built archivers/bzip2
audio/openal not built archivers/bzip2
audio/openal errored
audio/opus not built devel/gmake -> archivers/bzip2
audio/opus errored
audio/pulseaudio not built textproc/intltool -> devel/gmake ->
archivers/bzip2
audio/pulseaudio errored
audio/sound-theme-freedesktop not built textproc/intltool -> devel/gmake
-> archivers/bzip2
audio/sound-theme-freedesktop errored
audio/speex errored
audio/speex not built audio/libogg
audio/taglib errored
audio/taglib not built devel/cmake -> textproc/py-sphinx ->
lang/python/2.7 -> databases/gdbm -> devel/gettext -> converters/libiconv
audio/tremor errored
audio/tremor not built devel/libtool -> devel/metaauto
audio/twolame errored
audio/twolame not built audio/libsndfile -> audio/libvorbis -> audio/libogg
audio/wavpack errored
audio/wavpack not built converters/libiconv
converters/libdvdcss not built archivers/bzip2
converters/libdvdcss errored
converters/libiconv not built
converters/libiconv errored
converters/xmltoman errored
converters/xmltoman not built textproc/p5-XML-Parser
databases/db/v4 errored
databases/db/v4 not built devel/jdk/1.7 -> converters/libiconv
databases/db/v4 errored
databases/db/v4 errored
databases/db/v4 errored
databases/db/v4 errored
databases/db/v4, same as databases/db/v4
databases/db/v4,-java not built devel/jdk/1.7 -> converters/libiconv
databases/db/v4,bootstrap,no_java,no_tcl not built
databases/db/v4,no_java,no_tcl not built
databases/freetds not built security/gnutls -> archivers/xz
databases/freetds errored
databases/gdbm errored
databases/gdbm not built devel/gettext -> converters/libiconv
databases/iodbc errored
databases/iodbc not built devel/gettext-tools -> archivers/xz
databases/iodbc,-main same as databases/iodbc
databases/mariadb not built devel/cmake -> textproc/py-sphinx ->
lang/python/2.7 -> databases/gdbm -> devel/gettext -> converters/libiconv
databases/mariadb,-server errored
databases/openldap not built textproc/icu4c -> devel/gmake ->
archivers/bzip2
databases/openldap,-main same as databases/openldap
databases/openldap,-main errored
databases/p5-DBD-mysql errored
databases/p5-DBD-mysql not built databases/p5-DBI
databases/p5-DBI not built
databases/p5-DBI errored
databases/p5-SQL-Statement not built
databases/p5-SQL-Statement errored
databases/postgresql not built textproc/groff
databases/postgresql,-contrib not built textproc/groff
databases/postgresql,-docs not built textproc/groff
databases/postgresql,-docs locked
databases/postgresql,-main same as databases/postgresql
databases/postgresql,-plpython not built textproc/groff
databases/postgresql,-server not built textproc/groff
databases/soprano not built textproc/docbook -> archivers/unzip
databases/soprano errored
databases/sqlite not built devel/metaauto
databases/sqlite errored
databases/strigi not built textproc/clucene -> devel/boost ->
archivers/bzip2
databases/strigi errored
devel/ORBit2 not built devel/glib2 -> archivers/xz
devel/ORBit2 errored
devel/apache-ant not built archivers/bzip2
devel/apache-ant errored
devel/apr errored
devel/apr not built
devel/apr-util not built devel/apr
devel/apr-util errored
devel/argp-standalone errored
devel/argp-standalone not 

Re: OpenBSD Stable

[George]

> Need more information than this.  What's dpb doing?  Logs are in
> /usr/ports/logs.  Are the permissions set correctly for the /usr/ports/*
> directories per the dpb man page?  Are you sure you have -stable source?

I deleted the whole directory and i followed the pdf
building.stable.v1.pdf that Josh Grosse  send me.
I run

# /usr/ports/infrastructure/bin/out-of-date
Collecting installed packages: ok
Collecting port versions: ok
Collecting port signatures: ok
Outdated ports:

archivers/libarchive   # 3.2.1 -> 3.2.2
archivers/p7zip,-main  # 15.14.1p1 -> 15.14.1p2
audio/mpg123   # 1.23.4 -> 1.23.8
databases/postgresql,-main # 9.5.3 -> 9.5.5
devel/eclipse/sdk,-main# @gtk+2-2.24.30 -> @gtk+2-2.24.30p0
devel/eclipse/sdk,-swt # @gtk+2-2.24.30 -> @gtk+2-2.24.30p0
devel/gconf2   # @libxml-2.9.3 -> @libxml-2.9.3p0
devel/git,-main# @curl-7.49.0,curl.25.5 ->
@curl-7.52.1p0,curl.25.8
devel/libglade2# @gtk+2-2.24.30,@libxml-2.9.3 ->
@gtk+2-2.24.30p0,@libxml-2.9.3p0
devel/libgsf   # @gdk-pixbuf-2.34.0,@libxml-2.9.3 ->
@gdk-pixbuf-2.34.0p0,@libxml-2.9.3p0
devel/libnotify# @gdk-pixbuf-2.34.0 -> @gdk-pixbuf-2.34.0p0
devel/libsoup  # @libxml-2.9.3 -> @libxml-2.9.3p0
devel/libunique# @gtk+2-2.24.30 -> @gtk+2-2.24.30p0
devel/libwnck  # @gtk+2-2.24.30 -> @gtk+2-2.24.30p0
devel/quirks   # always-update -> quirks-2.241
devel/sdl-image# @png-1.6.23,@tiff-4.0.6p1 ->
@png-1.6.27,@tiff-4.0.7
devel/subversion,-main # 1.9.4p0 -> 1.9.4p1
devel/vte,-main# @gtk+2-2.24.30 -> @gtk+2-2.24.30p0
editors/libreoffice,-main  #
@curl-7.49.0,@gtk+2-2.24.30,@postgresql-client-9.5.3,curl.25.5 ->
@curl-7.52.1p0,@gtk+2-2.24.30p0,@postgresql-client-9.5.5,curl.25.8
graphics/cairo # @png-1.6.23 -> @png-1.6.27
graphics/ffmpegthumbnailer # @png-1.6.23 -> @png-1.6.27
graphics/gdk-pixbuf2   # 2.34.0 -> 2.34.0p0
graphics/gimp/stable   #
@curl-7.49.0,@gtk+2-2.24.30,@tiff-4.0.6p1,curl.25.5 ->
@curl-7.52.1p0,@gtk+2-2.24.30p0,@tiff-4.0.7,curl.25.8
graphics/jbig2dec  # @png-1.6.23 -> @png-1.6.27
graphics/lcms  # @tiff-4.0.6p1 -> @tiff-4.0.7
graphics/lcms2 # @tiff-4.0.6p1 -> @tiff-4.0.7
graphics/libwebp   # @png-1.6.23,@tiff-4.0.6p1 ->
@png-1.6.27,@tiff-4.0.7
graphics/libwmf# @png-1.6.23 -> @png-1.6.27
graphics/openjpeg  # @png-1.6.23,@tiff-4.0.6p1 ->
@png-1.6.27,@tiff-4.0.7
graphics/png   # 1.6.23 -> 1.6.27
graphics/tiff  # 4.0.6p1 -> 4.0.7
mail/mozilla-thunderbird,-main # @gtk+2-2.24.30 -> @gtk+2-2.24.30p0
misc/shared-mime-info  # @libxml-2.9.3 -> @libxml-2.9.3p0
multimedia/gstreamer-0.10/core # @libxml-2.9.3 -> @libxml-2.9.3p0
multimedia/gstreamer-0.10/plugins-good,-main # 0.10.31p16v0 -> 0.10.31p17v0
multimedia/libbluray   # @libxml-2.9.3 -> @libxml-2.9.3p0
net/curl   # 7.49.0 -> 7.52.1p0
net/glib2-networking   # @gnutls-3.4.14 -> @gnutls-3.4.15
net/transmission,-gtk  # @curl-7.49.0,curl.25.5 ->
@curl-7.52.1p0,curl.25.8
net/transmission,-main # @curl-7.49.0,curl.25.5 ->
@curl-7.52.1p0,curl.25.8
print/cups,-libs   # @gnutls-3.4.14 -> @gnutls-3.4.15
print/ghostscript/gnu  # @png-1.6.23,@tiff-4.0.6p1 ->
@png-1.6.27,@tiff-4.0.7
print/poppler,-main# @png-1.6.23,@tiff-4.0.6p1 ->
@png-1.6.27,@tiff-4.0.7
security/gnupg2# @gnutls-3.4.14,@libgcrypt-1.7.1 ->
@gnutls-3.4.15,@libgcrypt-1.7.1p0
security/gnutls# 3.4.14 -> 3.4.15
security/keepassx  # @libgcrypt-1.7.1 -> @libgcrypt-1.7.1p0
security/libgcrypt # 1.7.1 -> 1.7.1p0
security/pinentry,-gtk2# @gtk+2-2.24.30 -> @gtk+2-2.24.30p0
telephony/baresip/baresip,-main # @mpg123-1.23.4,@png-1.6.23 ->
@mpg123-1.23.8,@png-1.6.27
telephony/spandsp  # @tiff-4.0.6p1 -> @tiff-4.0.7
textproc/libxml,-main  # 2.9.3 -> 2.9.3p0
textproc/libxslt,-main # @libgcrypt-1.7.1,@libxml-2.9.3 ->
@libgcrypt-1.7.1p0,@libxml-2.9.3p0
textproc/raptor# @curl-7.49.0,curl.25.5 ->
@curl-7.52.1p0,curl.25.8
textproc/rasqal# @libgcrypt-1.7.1,curl.25.5 ->
@libgcrypt-1.7.1p0,curl.25.8
textproc/redland,-main # curl.25.5 -> curl.25.8
www/firefox-esr# @gtk+2-2.24.30 -> @gtk+2-2.24.30p0
www/iridium# @gtk+2-2.24.30 -> @gtk+2-2.24.30p0
www/libcroco   # @libxml-2.9.3 -> @libxml-2.9.3p0
x11/gnome/gcr  # @libgcrypt-1.7.1 -> @libgcrypt-1.7.1p0
x11/gnome/gvfs,-main   # @libarchive-3.2.1 -> @libarchive-3.2.2
x11/gnome/libgnome-keyring # @libgcrypt-1.7.1 -> @libgcrypt-1.7.1p0
x11/gnome/librsvg  # @gdk-pixbuf-2.34.0,@libxml-2.9.3 ->

Re: OpenBSD Stable

[George]

Its the stable version that im trying to install. I installed the
release version but i wanted to update to stable mostly for the security
patches.
I dont want to use snapshot since its the current version.

How do you follow the stable version?
make update works for individual packages but since i installed openbsd
6.0 a couple of months after the official release alot of packages need
update.
I thought dpb was the way to go.

thank you.


On 01/18/17 12:19, Kapetanakis Giannis wrote:
> On 18/01/17 03:46, George wrote:
>> Hello.
>> Im new here.
>> I installed OpenBSD on my laptop. I used anoncvs to download the stable
>> sources for kernel, xenocara and ports. I rebuild my kernel,system and
>> xenocara and i tried to update various packages to stable.
>> I used
>> /usr/ports/infrastructure/bin/out-of-date
>> to get a list of out of date packages. I added that list to dpb with the
>> following command
>> /usr/ports/infrastructure/bin/dpb -f 20 -U -P PackageList2.txt
>> dpb fetches the source code and chooses the packages that can be
>> installed or build and then stops. It doesn't build anything or install
>> anything.
>>
>> I'm sure its something stupid that I cant understand.
>> What am i missing?
>>
>> Thanks!
>>
>> PS. I also changed /etc/mk.conf by adding
>>
>> FETCH_PACKAGES=Yes
>>
>> it doesn't seems to work. It still downloads source code and then build it.
> 
> Since you're new on OpenBSD install either the latest stable version (6.0):
> https://www.openbsd.org/faq/faq4.html
> 
> or the latest snapshot.
> 
> 
> G

OpenBSD Stable(error message)

[George]

I should also add that some times i get the following error

Error: Libraries in packing-lists in the ports tree
   and libraries from installed packages don't match

on http://man.openbsd.org/bsd.port.mk.5
it says
The ports tree and the installed packages are out-of-sync. Mixing
library information from both sources might produce packages that can't
be installed elsewhere. Cleanest fix is to update the out-of-date source
(e.g., update the ports tree, or build and install new packages).
Developers may use PKG_CREATE_NO_CHECKS instead, assuming they
understand the implications. See print-package-args (wantlib-args) for
details.

i used cvs up -rOPENBSD_6_0 -Pd to update the port but i keep getting
the same error message.

Thanks!

OpenBSD Stable

[George]

Hello.
Im new here.
I installed OpenBSD on my laptop. I used anoncvs to download the stable
sources for kernel, xenocara and ports. I rebuild my kernel,system and
xenocara and i tried to update various packages to stable.
I used
/usr/ports/infrastructure/bin/out-of-date
to get a list of out of date packages. I added that list to dpb with the
following command
/usr/ports/infrastructure/bin/dpb -f 20 -U -P PackageList2.txt
dpb fetches the source code and chooses the packages that can be
installed or build and then stops. It doesn't build anything or install
anything.

I'm sure its something stupid that I cant understand.
What am i missing?

Thanks!

PS. I also changed /etc/mk.conf by adding

FETCH_PACKAGES=Yes

it doesn't seems to work. It still downloads source code and then build it.

Re: Browser is getting slower?

[George Pediaditis]

i would prefer firefox but just playing a video cpu usage reach 100%
I use chromium/ iridium because firefox isnt usable on my laptop.
I tried deleting my profile but nothing change.
:-s


On Tue, Nov 22, 2016 at 2:55 PM, Alan Corey  wrote:
> I don't use Chromium (don't tell me I don't need a menu) but in
> Firefox the user profile gets clogged up with cruft about once a year.
> A quick test is to just make a new profile and see if it's faster.
> Then copy over your bookmarks and gradually reestablish your cookies
> which keep you logged into sites between sessions by manually logging
> into each one.
>
> You can get to Firefox's profile manager with
> firefox -ProfileManager
> at a command line.  It's probably in the GUI somewhere.  I use
> Chromium about once a year, don't know much about it.
>
> --
> Credit is the root of all evil.  - AB1JX

Re: Browser is getting slower?

[George Pediaditis]

When im saying etc i mean browsing history, download history, cookies,
cache images and files, passwords, autofill form data, and hosted app
data. I have installed debian on a usb stick and i can say that
chromium, iridium and firefox open almost instantly.

Maybe its a combination of problems.
I noticed recently is that i have lower cpu usage if i run iridium as
root. its not a big difference (15% lower). Im thinking that maybe the
problem lies on limits i have as a simple user.
Beside that i have a skylake cpu so i dont have gpu support.
I also think that maybe openbsd scheduler has some responsibility for
the  unresponsiveness.

On Tue, Nov 22, 2016 at 12:41 PM, ludovic coues <cou...@gmail.com> wrote:
> What do you means by etc ?
> Have you checked if the same issue happen with chromium or with
> iridium on a different OS ?
>
> 2016-11-21 20:35 GMT+01:00 George Pediaditis <g.pediaditis1...@gmail.com>:
>> I have installed https everywhere,  bookmarks tagging and signal
>> private messenger.
>> I have openbsd on my laptop so iridium isnt running all the time.
>>
>> On Mon, Nov 21, 2016 at 5:35 PM, Gregory Edigarov <ediga...@qarea.com> wrote:
>>> On 21.11.16 15:56, George Pediaditis wrote:
>>>>
>>>> Ok you are right im sorry.
>>>> Im definitively sure that iridium(its like chromium) is getting slower
>>>> after a couple of weeks. Its so slow that im waiting 7+ sec to start.
>>>> Also cpu is high and everything on the browser is really slow.  The
>>>> problem is solved when i clean my history etc. Now it takes about 1-2
>>>> sec to start it.
>>>> I have tried Firefox before but its even worse.It crashes is slow and
>>>> cpu is high.
>>>
>>> which extensions are installed in iridium?
>>> is iridium always running, or you load it every time?
>>>
>>>> This is my dmesg.
>>>> OpenBSD 6.0-stable (GENERIC.MP) #0: Tue Nov  8 19:51:42 EET 2016
>>>>  g...@openbox.my.domain:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>>>> RTC BIOS diagnostic error 80
>>>> real mem = 8474267648 (8081MB)
>>>> avail mem = 8212963328 (7832MB)
>>>> mpath0 at root
>>>> scsibus0 at mpath0: 256 targets
>>>>
>>>> OpenBSD 6.0-stable (GENERIC.MP) #0: Tue Nov  8 19:51:42 EET 2016
>>>>  g...@openbox.my.domain:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>>>> RTC BIOS diagnostic error 80
>>>> real mem = 8474267648 (8081MB)
>>>> avail mem = 8212963328 (7832MB)
>>>> mpath0 at root
>>>> scsibus0 at mpath0: 256 targets
>>>> mainbus0 at root
>>>> bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xe6dc0 (71 entries)
>>>> bios0: vendor LENOVO version "0XCN23WW" date 03/21/2016
>>>> bios0: LENOVO 80SR
>>>> acpi0 at bios0: rev 2
>>>> acpi0: sleep states S0 S3 S4 S5
>>>> acpi0: tables DSDT FACP TCPA UEFI UEFI SSDT SSDT TPM2 MSDM SSDT DBGP
>>>> DBG2 ASF! ASPT BOOT DBGP HPET LPIT APIC MCFG SSDT SSDT SSDT SSDT DMAR
>>>> FPDT
>>>> acpi0: wakeup devices GLAN(S3) XHC_(S3) XDCI(S4) HDAS(S3) PXSX(S3)
>>>> RP01(S3) PXSX(S3) RP02(S3) PXSX(S3) RP03(S3) PXSX(S3) RP04(S3)
>>>> PXSX(S3) RP05(S3) PXSX(S3) RP06(S3) [...]
>>>> acpitimer0 at acpi0: 3579545 Hz, 24 bits
>>>> acpihpet0 at acpi0: 2399 Hz
>>>> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
>>>> cpu0 at mainbus0: apid 0 (boot processor)
>>>> cpu0: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2395.19 MHz
>>>> cpu0:
>>>>
>>>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
>>>>
>>>> H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
>>>>
>>>> ,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA
>>>>
>>>> DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS
>>>>
>>>> GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT
>>>> ,SENSOR,ARAT
>>>> cpu0: 256KB 64b/line 8-way L2 cache
>>>> cpu0: smt 0, core 0, package 0
>>>> mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
>>>> cpu0: apic clock running at 23MHz
>>>> cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
>>>> cpu1 at mainbus0: apid 2 (application processor)
>>>> cpu1: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2394.41 MHz
>>>> cpu1:
>>>>
>>>> F

Re: Browser is getting slower?

[George Pediaditis]

I have installed https everywhere,  bookmarks tagging and signal
private messenger.
I have openbsd on my laptop so iridium isnt running all the time.

On Mon, Nov 21, 2016 at 5:35 PM, Gregory Edigarov <ediga...@qarea.com> wrote:
> On 21.11.16 15:56, George Pediaditis wrote:
>>
>> Ok you are right im sorry.
>> Im definitively sure that iridium(its like chromium) is getting slower
>> after a couple of weeks. Its so slow that im waiting 7+ sec to start.
>> Also cpu is high and everything on the browser is really slow.  The
>> problem is solved when i clean my history etc. Now it takes about 1-2
>> sec to start it.
>> I have tried Firefox before but its even worse.It crashes is slow and
>> cpu is high.
>
> which extensions are installed in iridium?
> is iridium always running, or you load it every time?
>
>> This is my dmesg.
>> OpenBSD 6.0-stable (GENERIC.MP) #0: Tue Nov  8 19:51:42 EET 2016
>>  g...@openbox.my.domain:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>> RTC BIOS diagnostic error 80
>> real mem = 8474267648 (8081MB)
>> avail mem = 8212963328 (7832MB)
>> mpath0 at root
>> scsibus0 at mpath0: 256 targets
>>
>> OpenBSD 6.0-stable (GENERIC.MP) #0: Tue Nov  8 19:51:42 EET 2016
>>  g...@openbox.my.domain:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>> RTC BIOS diagnostic error 80
>> real mem = 8474267648 (8081MB)
>> avail mem = 8212963328 (7832MB)
>> mpath0 at root
>> scsibus0 at mpath0: 256 targets
>> mainbus0 at root
>> bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xe6dc0 (71 entries)
>> bios0: vendor LENOVO version "0XCN23WW" date 03/21/2016
>> bios0: LENOVO 80SR
>> acpi0 at bios0: rev 2
>> acpi0: sleep states S0 S3 S4 S5
>> acpi0: tables DSDT FACP TCPA UEFI UEFI SSDT SSDT TPM2 MSDM SSDT DBGP
>> DBG2 ASF! ASPT BOOT DBGP HPET LPIT APIC MCFG SSDT SSDT SSDT SSDT DMAR
>> FPDT
>> acpi0: wakeup devices GLAN(S3) XHC_(S3) XDCI(S4) HDAS(S3) PXSX(S3)
>> RP01(S3) PXSX(S3) RP02(S3) PXSX(S3) RP03(S3) PXSX(S3) RP04(S3)
>> PXSX(S3) RP05(S3) PXSX(S3) RP06(S3) [...]
>> acpitimer0 at acpi0: 3579545 Hz, 24 bits
>> acpihpet0 at acpi0: 2399 Hz
>> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
>> cpu0 at mainbus0: apid 0 (boot processor)
>> cpu0: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2395.19 MHz
>> cpu0:
>>
>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
>>
>> H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
>>
>> ,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA
>>
>> DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS
>>
>> GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT
>> ,SENSOR,ARAT
>> cpu0: 256KB 64b/line 8-way L2 cache
>> cpu0: smt 0, core 0, package 0
>> mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
>> cpu0: apic clock running at 23MHz
>> cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
>> cpu1 at mainbus0: apid 2 (application processor)
>> cpu1: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2394.41 MHz
>> cpu1:
>>
>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
>>
>> H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
>>
>> ,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA
>>
>> DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS
>>
>> GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT
>> ,SENSOR,ARAT
>> cpu1: 256KB 64b/line 8-way L2 cache
>> cpu1: smt 0, core 1, package 0
>> cpu2 at mainbus0: apid 1 (application processor)
>> cpu2: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2394.41 MHz
>> cpu2:
>>
>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
>>
>> H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
>>
>> ,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA
>>
>> DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS
>>
>> GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT
>> ,SENSOR,ARAT
>> cpu2: 256KB 64b/line 8-way L2 cache
>> cpu2: smt 1, core 0, package 0
>> cpu3 at mainbus0: apid 3 (application processor)
>> cpu3: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2394.41 MHz
>> cpu3:
>>
>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
>

Re: Browser is getting slower?

[George Pediaditis]

Ok you are right im sorry.
Im definitively sure that iridium(its like chromium) is getting slower
after a couple of weeks. Its so slow that im waiting 7+ sec to start.
Also cpu is high and everything on the browser is really slow.  The
problem is solved when i clean my history etc. Now it takes about 1-2
sec to start it.
I have tried Firefox before but its even worse.It crashes is slow and
cpu is high.

This is my dmesg.
OpenBSD 6.0-stable (GENERIC.MP) #0: Tue Nov  8 19:51:42 EET 2016
g...@openbox.my.domain:/usr/src/sys/arch/amd64/compile/GENERIC.MP
RTC BIOS diagnostic error 80
real mem = 8474267648 (8081MB)
avail mem = 8212963328 (7832MB)
mpath0 at root
scsibus0 at mpath0: 256 targets

OpenBSD 6.0-stable (GENERIC.MP) #0: Tue Nov  8 19:51:42 EET 2016
g...@openbox.my.domain:/usr/src/sys/arch/amd64/compile/GENERIC.MP
RTC BIOS diagnostic error 80
real mem = 8474267648 (8081MB)
avail mem = 8212963328 (7832MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xe6dc0 (71 entries)
bios0: vendor LENOVO version "0XCN23WW" date 03/21/2016
bios0: LENOVO 80SR
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP TCPA UEFI UEFI SSDT SSDT TPM2 MSDM SSDT DBGP
DBG2 ASF! ASPT BOOT DBGP HPET LPIT APIC MCFG SSDT SSDT SSDT SSDT DMAR
FPDT
acpi0: wakeup devices GLAN(S3) XHC_(S3) XDCI(S4) HDAS(S3) PXSX(S3)
RP01(S3) PXSX(S3) RP02(S3) PXSX(S3) RP03(S3) PXSX(S3) RP04(S3)
PXSX(S3) RP05(S3) PXSX(S3) RP06(S3) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 2399 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2395.19 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA
DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS
GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT
,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 23MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2394.41 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA
DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS
GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT
,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 1 (application processor)
cpu2: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2394.41 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA
DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS
GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT
,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 1, core 0, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2394.41 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA
DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS
GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT
,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (RP01)
acpiprt2 at acpi0: bus -1 (RP02)
acpiprt3 at acpi0: bus -1 (RP03)
acpiprt4 at acpi0: bus -1 (RP04)
acpiprt5 at acpi0: bus 1 (RP05)
acpiprt6 at acpi0: bus 2 (RP06)
acpiprt7 at acpi0: bus -1 (RP07)
acpiprt8 at acpi0: bus -1 (RP08)
acpiprt9 at acpi0: bus -1 (RP09)
acpiprt10 at acpi0: bus -1 (RP10)
acpiprt11 at acpi0: bus -1 (RP11)
acpiprt12 at acpi0: bus -1 (RP12)
acpiprt13 at acpi0: bus -1 (RP13)
acpiprt14 at acpi0: bus -1 (RP14)
acpiprt15 at acpi0: bus -1 (RP15)
acpiprt16 at acpi0: bus -1 (RP16)
acpiprt17 at acpi0: bus -1 (RP17)
acpiprt18 at acpi0: bus -1 (RP18)
acpiprt19 at acpi0: bus -1 (RP19)
acpiprt20 at acpi0: bus -1 (RP20)
acpiec0 at acpi0
acpicpu0 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151

Re: Browser is getting slower?

[George Pediaditis]

OpenBSD 6.0 stable

if i clean browser history etc  is getting better but i shouldnt have
to erase my history in order to open a new tab...

On Mon, Nov 21, 2016 at 9:48 AM, Mihai Popescu  wrote:
>> Hello!
>> i have the impression that my browser is getting slower compared with
>> a fresh openbsd install.
>> Any ideas?
>
> Global climate is getting warmer, too.
>
>> ps. Im using iridium
>
> What OpenBSD flavour is that?
>
> Bye!

Browser is getting slower?

[George Pediaditis]

Hello!
i have the impression that my browser is getting slower compared with
a fresh openbsd install.
Any ideas?


ps. Im using iridium

Re: Slow wifi

[George Pediaditis]

thanks for the reply. I will try it next week when i have more time.
If that doesnt work im thinking if its possible to go from current
back to stable. If i try current and i have problems. It looks
possible but it isnt in FAQ
https://www.openbsd.org/faq/faq5.html#Flavors
im wondering if im missing something.

On Thu, Nov 10, 2016 at 10:52 PM, Stefan Sperling <s...@stsp.name> wrote:
> On Thu, Nov 10, 2016 at 10:24:50PM +0200, George Pediaditis wrote:
>> i currently use stable. I updated my system a week ago. How stable is 
>> current?
>> I use my laptop for programming (java) and im a bit skeptical about
>> running current.
>
> Generally, -current is fine. But if you don't follow our development
> process at least a bit you might upgrade at a bad moment and run into
> surprises. Most issues will fix themselves after a few days and we're
> always welcoming reports from users running -current since that really
> helps us make the next release better.
>
> I have spent many hours making many changes since 6.0 which fixed
> several issues in the iwm driver and the wireless framework.
> All these fixes will of course ship in 6.1.
> I'm sorry but this kind of problem is not something we officially
> backport fixes to -stable for because it just takes too much time
> on top of all the time already spent on development for -current.
>
> That said, I'll include one fix I made below. I don't know if it
> provides a huge improvement in isolation but if you really want
> to stick with -stable then this patch is worth a shot. I know that
> it compiles but I haven't run this on a 6.0 system myself.
>
> Index: if_iwm.c
> ===
> RCS file: /cvs/src/sys/dev/pci/if_iwm.c,v
> retrieving revision 1.132
> retrieving revision 1.133
> diff -u -p -r1.132 -r1.133
> --- if_iwm.c12 Sep 2016 10:18:26 -  1.132
> +++ if_iwm.c21 Sep 2016 12:56:43 -  1.133
> @@ -4896,6 +4896,7 @@ iwm_ack_rates(struct iwm_softc *sc, stru
>  int *ofdm_rates)
>  {
> struct ieee80211_node *ni = >in_ni;
> +   struct ieee80211_rateset *rs = >ni_rates;
> int lowest_present_ofdm = 100;
> int lowest_present_cck = 100;
> uint8_t cck = 0;
> @@ -4904,15 +4905,19 @@ iwm_ack_rates(struct iwm_softc *sc, stru
>
> if (ni->ni_chan == IEEE80211_CHAN_ANYC ||
> IEEE80211_IS_CHAN_2GHZ(ni->ni_chan)) {
> -   for (i = 0; i <= IWM_LAST_CCK_RATE; i++) {
> +   for (i = 0; i < MIN(IWM_FIRST_OFDM_RATE, rs->rs_nrates); i++) 
> {
> +   if ((rs->rs_rates[i] & IEEE80211_RATE_BASIC) == 0)
> +   continue;
> cck |= (1 << i);
> if (lowest_present_cck > i)
> lowest_present_cck = i;
> }
> }
> -   for (i = IWM_FIRST_OFDM_RATE; i <= IWM_LAST_NON_HT_RATE; i++) {
> -   int adj = i - IWM_FIRST_OFDM_RATE;
> -   ofdm |= (1 << adj);
> +   for (i = IWM_FIRST_OFDM_RATE;
> +   i <= MIN(IWM_LAST_NON_HT_RATE, rs->rs_nrates - 1); i++) {
> +   if ((rs->rs_rates[i] & IEEE80211_RATE_BASIC) == 0)
> +   continue;
> +   ofdm |= (1 << (i - IWM_FIRST_OFDM_RATE));
> if (lowest_present_ofdm > i)
> lowest_present_ofdm = i;
> }

Re: Slow wifi

[George Pediaditis]

i currently use stable. I updated my system a week ago. How stable is current?
I use my laptop for programming (java) and im a bit skeptical about
running current.

On Thu, Nov 10, 2016 at 10:09 PM, Stefan Sperling <s...@stsp.name> wrote:
> On Thu, Nov 10, 2016 at 09:17:38PM +0200, George Pediaditis wrote:
>> hello
>> Im having trouble with wifi. I cant download faster than 523.94kBit/s
>> Im using the iwm0 driver.
>
> Please try -current. This problem should be fixed there.

Slow wifi

[George Pediaditis]

hello
Im having trouble with wifi. I cant download faster than 523.94kBit/s
Im using the iwm0 driver. If i use ethernet everything works fine and
i get 11.99MBit/s
I have tried uninstall/install the drivers again and without trunk0
interface but nothing changes.

My etc files are

hostname.iwm0
nwid Home
wpakey adfsfgdfgdfsomommwqmwk
wpaakms psk
up

hostname.re0
up

hostname.trunk0
trunkproto failover trunkport re0
trunkport iwm0
dhcp


Any ideas?



My dmesg is

OpenBSD 6.0-stable (GENERIC.MP) #0: Tue Nov  8 19:51:42 EET 2016
g...@openbox.my.domain:/usr/src/sys/arch/amd64/compile/GENERIC.MP
RTC BIOS diagnostic error 80
real mem = 8474267648 (8081MB)
avail mem = 8212963328 (7832MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xe6dc0 (71 entries)
bios0: vendor LENOVO version "0XCN23WW" date 03/21/2016
bios0: LENOVO 80SR
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP TCPA UEFI UEFI SSDT SSDT TPM2 MSDM SSDT DBGP
DBG2 ASF! ASPT BOOT DBGP HPET LPIT APIC MCFG SSDT SSDT SSDT SSDT DMAR
FPDT
acpi0: wakeup devices GLAN(S3) XHC_(S3) XDCI(S4) HDAS(S3) PXSX(S3)
RP01(S3) PXSX(S3) RP02(S3) PXSX(S3) RP03(S3) PXSX(S3) RP04(S3)
PXSX(S3) RP05(S3) PXSX(S3) RP06(S3) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 2399 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2395.16 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA
DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS
GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT
,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 24MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2394.43 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA
DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS
GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT
,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 1 (application processor)
cpu2: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2394.43 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA
DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS
GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT
,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 1, core 0, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2394.43 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA
DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS
GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT
,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (RP01)
acpiprt2 at acpi0: bus -1 (RP02)
acpiprt3 at acpi0: bus -1 (RP03)
acpiprt4 at acpi0: bus -1 (RP04)
acpiprt5 at acpi0: bus 1 (RP05)
acpiprt6 at acpi0: bus 2 (RP06)
acpiprt7 at acpi0: bus -1 (RP07)
acpiprt8 at acpi0: bus -1 (RP08)
acpiprt9 at acpi0: bus -1 (RP09)
acpiprt10 at acpi0: bus -1 (RP10)
acpiprt11 at acpi0: bus -1 (RP11)
acpiprt12 at acpi0: bus -1 (RP12)
acpiprt13 at acpi0: bus -1 (RP13)
acpiprt14 at acpi0: bus -1 (RP14)
acpiprt15 at acpi0: bus -1 (RP15)
acpiprt16 at acpi0: bus -1 (RP16)
acpiprt17 at acpi0: bus -1 (RP17)
acpiprt18 at acpi0: bus -1 (RP18)
acpiprt19 at acpi0: bus -1 (RP19)
acpiprt20 at acpi0: bus -1 (RP20)
acpiec0 at acpi0
acpicpu0 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151
mwait.1@0x33), C1(1000@1 mwait.1), PSS
acpicpu1 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151
mwait.1@0x33), C1(1000@1 mwait.1), PSS
acpicpu2 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151
mwait.1@0x33), C1(1000@1 mwait.1), PSS

OpenBSD Anonymous CVS

[George Pediaditis]

Hello.
On the webpage
http://www.openbsd.org/anoncvs.html#CVS

it says

If you are following the 6.0 -stable branch:

$ cd /usr/ports
$ cvs -q up -rOPENBSD_6_0 -Pd

if you follow the default install 6.0 cvsroot isn't set up so someone
should use something like that

$ cd /usr/ports
$ cvs -qd anon...@anoncvs.ca.openbsd.org:/cvs up -rOPENBSD_6_0 -Pd

Similar problem here
http://www.openbsd.org/faq/faq5.html#Bld

unless I'm missing something

Re: Hotplugd doesnt run /etc/hotplug/attach

[George Pediaditis]

if i understand your question no it doesnt connect through usb port
$ dmesg | grep -A 3 cdrom
cd0 at scsibus1 targ 1 lun 0: <HL-DT-ST, DVDRAM GUE0N, T.02> ATAPI
5/cdrom removable
ppb0 at pci0 dev 28 function 0 "Intel 100 Series PCIE" rev 0xf1: msi
pci1 at ppb0 bus 1
re0 at pci1 dev 0 function 0 "Realtek 8168" rev 0x10: RTL8168GU/8111GU
(0x5080), msi, address 50:7b:9d:f4:e3:3c
cd0 at scsibus1 targ 1 lun 0: <HL-DT-ST, DVDRAM GUE0N, T.02> ATAPI
5/cdrom removable
ppb0 at pci0 dev 28 function 0 "Intel 100 Series PCIE" rev 0xf1: msi
pci1 at ppb0 bus 1
re0 at pci1 dev 0 function 0 "Realtek 8168" rev 0x10: RTL8168GU/8111GU
(0x5080), msi, address 50:7b:9d:f4:e3:3c

On Sun, Sep 18, 2016 at 10:26 AM, Stephane HUC "PengouinPdt"
<b...@stephane-huc.net> wrote:
> I think you are in error.
>
> The doc hotplug-diskmount say:
>
> "When you plug USB thumb drive, insert SD card into the attached card
> reader or insert CD/DVD into attached removable DVD drive filesystems
> from these devices will be automatically mounted under /vol/DRIVE_NAME.
> Hotplug-diskmount will mount as many partitions as disk contains."
>
> @George: just for be sure: your device CD-Rom is really USB? really
> removable drive?
>
>
>
> On 09/18/16 06:59, Sebastien Marie wrote:
>> On Sat, Sep 17, 2016 at 07:34:42PM +0300, George Pediaditis wrote:
>>> Hello.
>>>
>>> I am trying to mount CD automatically when i insert it.
>>> Hotplugd doesn't run /etc/hotplug/attach when i insert the CD.
>>> It works fine with USB stick any ideas?
>>>
>>
>> hotplugd(8) watchs for devices attachment or detachment, but a CD
>> insertion is a new medium in a existing device, so no event is
>> generated.
>>
>> For this specific problem, sysutils/toad (marked broken) was using a
>> polling daemon: a program that regulary try to readlabelfs(3) from cdXc,
>> and run itself the attach script.
>>
>> See https://github.com/ajacoutot/toad/blob/master/toadd.c for source
>> code of the polling daemon.
>>
>
> --
>  ~ " Fully Basic System Distinguish Life! " ~ " Libre as a BSD "
> +=<<< 
> 
> Stephane HUC as CIOTBSD
> b...@stephane-huc.net

Re: Hotplugd doesnt run /etc/hotplug/attach

[George Pediaditis]

I  checked hotplug-diskmount. It works fine from command line. It
mounts the cdrom. The problem is that i don't know where to insert
that line of code. hotplugd doesn't  called attach file.

On Sun, Sep 18, 2016 at 7:59 AM, Sebastien Marie <sema...@online.fr> wrote:
> On Sat, Sep 17, 2016 at 07:34:42PM +0300, George Pediaditis wrote:
>> Hello.
>>
>> I am trying to mount CD automatically when i insert it.
>> Hotplugd doesn't run /etc/hotplug/attach when i insert the CD.
>> It works fine with USB stick any ideas?
>>
>
> hotplugd(8) watchs for devices attachment or detachment, but a CD
> insertion is a new medium in a existing device, so no event is
> generated.
>
> For this specific problem, sysutils/toad (marked broken) was using a
> polling daemon: a program that regulary try to readlabelfs(3) from cdXc,
> and run itself the attach script.
>
> See https://github.com/ajacoutot/toad/blob/master/toadd.c for source
> code of the polling daemon.
> --
> Sebastien Marie

Re: Hotplugd doesnt run /etc/hotplug/attach

[George Pediaditis]

thanks for your reply.
I attached the 2 files you requested.
I should add/ that i can mount without any problems the cd from the
command line. My problem is hotplugd that doesnt run
/etc/hotplug/attach.
thanks

On Sun, Sep 18, 2016 at 6:26 AM, Edgar Pettijohn
<ed...@pettijohn-web.com> wrote:
> On 16-09-17 19:34:42, George Pediaditis wrote:
>> Hello.
>>
>> I am trying to mount CD automatically when i insert it.
>> Hotplugd doesn't run /etc/hotplug/attach when i insert the CD.
>> It works fine with USB stick any ideas?
>>
>> Thanks
>
> You may want to provide logs(i think it logs to /var/log/daemon)
> , dmesg, /etc/hotplug/attach script.
> --
> Edgar Pettijohn

[demime 1.01d removed an attachment of type application/octet-stream which had 
a name of daemon]

[demime 1.01d removed an attachment of type application/octet-stream which had 
a name of dmesg]

Re: Hotplugd doesnt run /etc/hotplug/attach

[George Pediaditis]

I attached the file you request. Although i dont think  the problem is
the file.
Before "case $DEVCLASS in" i put a line of code echo "test" >/tmp/test
to see if the file was executed when i entered a cd. Nothing happened
when i enter a cd.
But when i entered my usb stick the file was created.
It seems to me that hotplugd doesnt call attach when you enter a cdrom
thanks

ps.I would prefer to use attach to mount my cd although if that isnt
possible if you have any other ideas it would be nice to know.



On 9/17/16, Stephane HUC "PengouinPdt" <b...@stephane-huc.net> wrote:
> Hi, George
>
> Please send your config file /etc/hotplug/attach.
>
>
>
> On 09/17/16 18:34, George Pediaditis wrote:
>> Hello.
>>
>> I am trying to mount CD automatically when i insert it.
>> Hotplugd doesn't run /etc/hotplug/attach when i insert the CD.
>> It works fine with USB stick any ideas?
>>
>> Thanks
>>
>
> --
>  ~ " Fully Basic System Distinguish Life! " ~ " Libre as a BSD "
> +=<<< 
> 
> Stephane HUC as CIOTBSD
> b...@stephane-huc.net

[demime 1.01d removed an attachment of type application/octet-stream which had 
a name of attach]

Hotplugd doesnt run /etc/hotplug/attach

[George Pediaditis]

Hello.

I am trying to mount CD automatically when i insert it.
Hotplugd doesn't run /etc/hotplug/attach when i insert the CD.
It works fine with USB stick any ideas?

Thanks

Re: configure ethernet and wireless(solved)

[George Pediaditis]

I found the problem.
The hostname.iwm0 was
"nwid COSMOTE-C4F2EC
wpakey QqCjuQZJfHAfZCbS
wpaakms psk
up"

and i change it to
"up
nwid COSMOTE-C4F2EC
wpakey QqCjuQZJfHAfZCbS
wpaakms psk"

thanks

On Wed, Sep 14, 2016 at 10:05 PM, Raf Czlonka <rczlo...@gmail.com> wrote:
> On Wed, Sep 14, 2016 at 06:59:49PM BST, George Pediaditis wrote:
>
>> then i followed the instructions on faq to setup a trunk interface.
>>
>> I created the files
>> /etc/hostname.re0 that contains:
>> "up"
>>
>> /etc/hostname.iwm0 that contains:
>> "nwid (ssid)
>> wpakey (wpa psk)
>> wpaakms (psk)
>> up"
>>
>> and /etc/hostname.trunk0 that contains:
>>
>> "trunkproto failover trunkport bge0
>> trunkport iwn0
>> dhcp"
>
> Hi George,
>
> You have you used bge(4) and iwn(4) - interfaces which you don't
> have - instead of re(4) and iwm(4)?
>
> ;^)
>
> Regards,
>
> Raf

Re: configure ethernet and wireless(solved)

[George Pediaditis]

@Raf Czlonka
Thanks for your replay.  The hostname.trunk0 is correct. My laptop
didn't have access to internet so i used another computer and copied
that part from the webpage and i forgot to change it.



On Wed, Sep 14, 2016 at 10:05 PM, Raf Czlonka <rczlo...@gmail.com> wrote:
> On Wed, Sep 14, 2016 at 06:59:49PM BST, George Pediaditis wrote:
>
>> then i followed the instructions on faq to setup a trunk interface.
>>
>> I created the files
>> /etc/hostname.re0 that contains:
>> "up"
>>
>> /etc/hostname.iwm0 that contains:
>> "nwid (ssid)
>> wpakey (wpa psk)
>> wpaakms (psk)
>> up"
>>
>> and /etc/hostname.trunk0 that contains:
>>
>> "trunkproto failover trunkport bge0
>> trunkport iwn0
>> dhcp"
>
> Hi George,
>
> You have you used bge(4) and iwn(4) - interfaces which you don't
> have - instead of re(4) and iwm(4)?
>
> ;^)
>
> Regards,
>
> Raf

configure ethernet and wireless

[George Pediaditis]

Hello! Im new to openbsd.
I just installed it to my new laptop and i want to configure wireless
and ethernet.
my laptop has Intel dual band wireless ac 3165 for wireless and
realtek 8168 for ethernet.
Ethernet worked fine when i installed it.

I wanted to connect with ethernet (re0 interface) if its available. If
it isn't available then it should connect with my wifi. (iwm0
interface)
i follow the instructions on faq

First i created an hostname.iwm0 that contained:
"nwid (ssid)
wpakey (wpa psk)
wpaakms (psk)
dhcp"

i disconnect ethernet and used sh /etc/netstart iwm0 to restart the
network it worked fine.

then i followed the instructions on faq to setup a trunk interface.

I created the files
/etc/hostname.re0 that contains:
"up"

/etc/hostname.iwm0 that contains:
"nwid (ssid)
wpakey (wpa psk)
wpaakms (psk)
up"

and /etc/hostname.trunk0 that contains:

"trunkproto failover trunkport bge0
trunkport iwn0
dhcp"


Ethernet and wifi doesn't work i reboot my laptop and instead of the
desktop i ended up in command line. ethernet and wifi  still don't
work.

i attach the output of dmesg -s and dmesg

In dmesg i get messages like these

"arp: attempt to overwrite entry for 192.168.1.1 on re0 by
c8:3a:35:20:3c:d8 on iwm0
arp: attempt to add entry for 192.168.1.1 on re0 by 74:a7:8e:c4:f2:ec on trunk0
arp: attempt to add entry for 192.168.1.1 on re0 by 74:a7:8e:c4:f2:ec on trunk0
arp: attempt to add entry for 192.168.1.1 on re0 by 74:a7:8e:c4:f2:ec on trunk0
"
i search the man pages and i got this:
"arp: attempt to add entry for %s on %s by %s on %s
This usually indicates there is more than one interface connected to
the same hub, or that the networks have somehow been short-circuited
(e.g. IPs that should have been present on interface one are present
on interface two)."
I didn't find how to fix it.

Thank you for your help.

[demime 1.01d removed an attachment of type application/octet-stream which had 
a name of dmesg.out]

[demime 1.01d removed an attachment of type application/octet-stream which had 
a name of dmesg2.out]

[SOLVED] Re: Certificate Error "format error in certificate's notAfter field"

[George Lane]

On Mon, Sep 12, 2016 at 11:40:44AM -0700, Philip Guenther wrote:
> That value is acceptable...when encoded as required.
> [...]
> The notAfter time is before 2050, so it MUST be encoded as a UTCTIME,
> but it isn't.  You need to fix your CA software to generate
> RFC-compliant certificates when signing them.
>

 Thank you for the prompt and informative reply!

Looking through my build notes (I've learned to keep notes for things
like this), I found that I originally created the CA cert with this
command:

openssl ca -selfsign -config root-ca.conf -in CA/root-ca.csr -out CA/r\
oot-ca.crt -extensions root_ca_ext -enddate 20351231235959Z

As a test, I generated a new root cert with the same process, replacing
  -enddate 20351231235959Z
 with
  -enddate 351231235959Z


The resulting cert, and a server cert that I signed with it, both
validate properly on my OpenBSD server.

I guess I'll now need to re-create all my certs, but at least they'll
be RFC-compliant.

Thanks again,

  George Lane
  Atlanta, US

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Certificate Error "format error in certificate's notAfter field"

[George Lane]

I have my own PKI running on a Debian 8 server (that I set up using
this tutorial:
http://pki-tutorial.readthedocs.io/en/latest/index.html).

Certificate creation and signing has worked fine on all
my Linux- and Windows- based servers and clients, but when I try to
use the certs on OpenBSD 6.0 (httpd, openvpn) nothing works. I'm not
sure if it's a problem with the certs themselves, a compatibility
problem between OpenSSL and LibreSSL, or something else.


Running a verify on either a server cert (whose key and CSR were
generated on OpenBSD, and cert signed on the Debian server) produces an
error about the notAfter field:

$ openssl verify -CAfile root-ca.crt server.crt
server.crt: C = US, ST = Georgia, L = Atlanta, O = George Lane, CN = Ge
orge Lane Certificate Authority
error 14 at 1 depth lookup:format error in certificate's notAfter field

$ openssl verify -CAfile root-ca.crt root-ca.crt
root-ca.crt: C = US, ST = Georgia, L = Atlanta, O = George Lane, CN = G
eorge Lane Certificate Authority
error 14 at 0 depth lookup:format error in certificate's notAfter field

The man page informs me that error 14 indicates "The certificate notAfter
field contains an invalid time." I'm unable to reproduce this on my
other servers, though. Here are the same commands run against the same
certs on the Debian server:

$ openssl verify -CAfile root-ca.crt server.crt
server.crt: OK

$ openssl verify -CAfile root-ca.crt root-ca.crt
root-ca.crt: OK

Even opening the cert on the cert management console on Windows 7
displays no apparent errors.

The root cert has an expiration date of Dec 31 23:59:59 2035 GMT.
Is there some reasons that this would not be an acceptable value?

If it helps, feel free to download a copy of my root cert here:
http://crt.thinkingguy.com/thinkingguy.com.crt

  George Lane
  Atlanta, US

[demime 1.01d removed an attachment of type application/pgp-signature which had 
a name of signature.asc]

Re: Acer Aspire V5-571 WiFi card and Click Pad help

[Siju George]

On Sun, May 15, 2016 at 7:42 PM, Ulf Brosziewski <
ulf.brosziew...@t-online.de> wrote:

> X doesn't recognize the touchpad as clickpad automatically. Open
> an X-terminal and enter
> $ synclient ClickPad=1
> This will enable click-and-drag/select actions with two fingers. For
> emulating left-clicks with tapping, enter
> $ synclient TapButton1=1
> and for right-clicks with two-finger tapping, the command is
> $ synclient TapButton2=3
>
> Of course, you can also automate this and make it permanent, see
> $ man synaptics
> $ man xorg.conf
> etc.
>
>
> On 05/15/2016 10:57 AM, Siju George wrote:
> > I have an Acer Aspire V5-571 with OEM Windows 8. I am going to wipe
> Windows
> > and install OpenBSD on it.
> >
> > As a trial I installed OpenBSD 5.9 in one of the GPT partitions and face
> > there issues.
> >
> > 1. Atheros AR9462 Wifi card shows up in dmesg but not in ifconfig
> > fw_update does not help. How can I get wireless enabled?
> >
> > 2. Touch pad - Elantec Clickpad version4 works but selection of text
> > holding the left corner does not work. tapping to choose does not work
> > either.
> >
> > Any help to make these things work is highly appreciated.
> >
> > Thanks
> >
> > Siju
> >
> >
>
> ​Could you also teach me about copying ​and pasting with the touch pad?
THanks :)

Siju

Acer Aspire V5-571 WiFi card and Click Pad help

[Siju George]

I have an Acer Aspire V5-571 with OEM Windows 8. I am going to wipe Windows
and install OpenBSD on it.

As a trial I installed OpenBSD 5.9 in one of the GPT partitions and face
there issues.

1. Atheros AR9462 Wifi card shows up in dmesg but not in ifconfig
fw_update does not help. How can I get wireless enabled?

2. Touch pad - Elantec Clickpad version4 works but selection of text
holding the left corner does not work. tapping to choose does not work
either.

Any help to make these things work is highly appreciated.

Thanks

Siju

Re: Problem with IPSEC between OpenBSD and VMWare vcloud air platform

[George Kourvoulis]

It seems that I was provided the wrong peer IP (which was also running an
IPSEC endpoint but with different settings). So after placing the right IP
address in the ipsec.conf the flows are established although I get some
errors like:

Default responder_recv_HASH_SA_NONCE: peer proposed invalid phase 2 IDs:
initiator id 192.168.55.0/255.255.255.0, responder id
192.168.66.0/255.255.255.0
180852.346361 Default dropped message from A.B.C.D port 500 due to
notification type INVALID_ID_INFORMATION

The problem now is that I can ping from one side to another (from cloud to
our premises) but not the opposite direction.

Thanks,
George

On Tue, May 10, 2016 at 1:40 PM, George Kourvoulis <gko...@gmail.com> wrote:

> Hi,
> I am trying to create an IPSEC tunnel between an OpenBSD 5.8 and VMWare's
> vcloud air cloud platform.
>
> The options that I can set from the vmware side (they provide a GUI) are
> specific and they are the following:
>
> -Local networks
> -Remote networks
> -Peer
> -Pre shared key
> -Encryption (3DES)
>
> On the OpenBSD side I use ipsec.conf and the contents are the following:
>
> ike esp from 192.168.66.0/24 to 192.168.55.0/24 peer ABC.DEF.GHI.JKL main
> auth hmac-sha1 enc 3des group modp1024 quick auth hmac-sha2-256 enc
> blowfish psk MY-PSK-PHRASE
>
> When I start isakmpd and ipsecctl -f /etc/ipsec.conf I always get the
> following message and the SAs are never created.
>
> 133935.717470 Default attribute_unacceptable: AUTHENTICATION_METHOD: got
> PRE_SHARED, expected RSA_SIG
> 133935.717808 Default message_negotiate_sa: no compatible proposal found
> 133935.717916 Default dropped message from ABC.DEF.GHI.JKL port 500 due to
> notification type NO_PROPOSAL_CHOSEN
> 133944.988656 Default transport_send_messages: giving up on exchange
> peer-ABC.DEF.GHI.JKL , no response from peer ABC.DEF.GHI.JKL :500
> 133945.755693 Default attribute_unacceptable: AUTHENTICATION_METHOD: got
> PRE_SHARED, expected RSA_SIG
> 133945.755884 Default message_negotiate_sa: no compatible proposal found
> 133945.755930 Default dropped message from ABC.DEF.GHI.JKL port 500 due to
> notification type NO_PROPOSAL_CHOSEN
>
> It seems that although I specify that I want a psk to be used, it expects
> a pub key.
>
> Thank you,
> George

Problem with IPSEC between OpenBSD and VMWare vcloud air platform

[George Kourvoulis]

Hi,
I am trying to create an IPSEC tunnel between an OpenBSD 5.8 and VMWare's
vcloud air cloud platform.

The options that I can set from the vmware side (they provide a GUI) are
specific and they are the following:

-Local networks
-Remote networks
-Peer
-Pre shared key
-Encryption (3DES)

On the OpenBSD side I use ipsec.conf and the contents are the following:

ike esp from 192.168.66.0/24 to 192.168.55.0/24 peer ABC.DEF.GHI.JKL main
auth hmac-sha1 enc 3des group modp1024 quick auth hmac-sha2-256 enc
blowfish psk MY-PSK-PHRASE

When I start isakmpd and ipsecctl -f /etc/ipsec.conf I always get the
following message and the SAs are never created.

133935.717470 Default attribute_unacceptable: AUTHENTICATION_METHOD: got
PRE_SHARED, expected RSA_SIG
133935.717808 Default message_negotiate_sa: no compatible proposal found
133935.717916 Default dropped message from ABC.DEF.GHI.JKL port 500 due to
notification type NO_PROPOSAL_CHOSEN
133944.988656 Default transport_send_messages: giving up on exchange
peer-ABC.DEF.GHI.JKL , no response from peer ABC.DEF.GHI.JKL :500
133945.755693 Default attribute_unacceptable: AUTHENTICATION_METHOD: got
PRE_SHARED, expected RSA_SIG
133945.755884 Default message_negotiate_sa: no compatible proposal found
133945.755930 Default dropped message from ABC.DEF.GHI.JKL port 500 due to
notification type NO_PROPOSAL_CHOSEN

It seems that although I specify that I want a psk to be used, it expects a
pub key.

Thank you,
George

Re: pppoe (kernel) works but doesn't

[George Kourvoulis]

Sorry for bothering you,
I had to go tcpdump the entire network "conversation" between linux and bsd
in order to find out that I had miss type my username...

Thank you for your reply Pierre nevertheless :)

P.S. This topic can be deleted

On Sat, Mar 26, 2016 at 1:34 PM, Pierre Emeriaud <
petrus.lt+open...@gmail.com> wrote:

> Hi George,
>
> > pppoe0: flags=8855<UP,DEBUG,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu
> 1492
> > priority: 0
> > dev: em0 state: session
> > sid: 0x1d1e PADI retries: 0 PADR retries: 0 time: 00:13:01
> > sppp: phase network authproto pap authname "user"
> > groups: pppoe egress
> > status: active
> > inet 10.0.128.0 --> 83.235.1.86 netmask 0x
>
>
> > Despite the fact that everything seems to work OK, I can only ping
> > 83.235.1.86 and nothing else. I tried pinging 8.8.8.8 or my ISP's DNS
> > servers but for some reason this is not possible.
>
> Are you sure you're not hitting some kind of walled garden? Or is the
> private address from your ESX setup?
>
> If your ISP is indeed OTE, PAP seems fine as per
> http://ipv6.ote.gr/?page_id=74=en, but you could try CHAP just in
> case.
>
> -pierre

pppoe (kernel) works but doesn't

[George Kourvoulis]

Hi,

1) I have set kernel pppoe with the following options (I have only one NIC
directly connected to my dsl modem) :

# cat /etc/hostname.pppoe0
inet 0.0.0.0 255.255.255.255 NONE \
pppoedev em0 authproto pap \
authname 'user' authkey 'pass' up
dest 0.0.0.1
!/sbin/route add default -ifp pppoe0 0.0.0.1

2) authentication and remote/local IP seem to acquired fine (ifconfig
output follows)

pppoe0: flags=8855<UP,DEBUG,POINTOPOINT,RUNNING,SIMPLEX,MULTICAST> mtu 1492
priority: 0
dev: em0 state: session
sid: 0x1d1e PADI retries: 0 PADR retries: 0 time: 00:13:01
sppp: phase network authproto pap authname "user"
groups: pppoe egress
status: active
inet 10.0.128.0 --> 83.235.1.86 netmask 0x

3) default route is set correctly
Internet:
DestinationGatewayFlags   Refs  Use   Mtu  Prio
Iface
default83.235.1.86UGS0   68 - 8
pppoe0
10.0.128.0 10.0.128.0 UHl00 - 1 lo0
83.235.1.8610.0.128.0 UH 00 - 8
pppoe0
127/8  127.0.0.1  UGRS   00 32768 8 lo0
127.0.0.1  127.0.0.1  UHl10 32768 1 lo0
192.168.1/24   192.168.1.2UC 20 - 8 em0
192.168.1.200:50:56:bd:6e:be  UHLl   00 - 1 lo0
192.168.1.4d8:cb:8a:3c:25:60  UHLc   215928 - 8 em0
192.168.1.100  00:0c:29:61:90:5c  UHLc   0   10 - 8 em0
192.168.1.255  192.168.1.2UHb00 - 1 em0
224/4  127.0.0.1  URS00 32768 8 lo0

4) LCP communication seems to be OK:
pppoe0: lcp output 
pppoe0 (8864) state=3, session=0x1d1e output -> 00:90:1a:41:fa:4b, len=16
pppoe0: lcp input(opened): 

5) my pf.conf
set skip on lo
match on pppoe0 scrub (max-mss 1440)
pass all


Despite the fact that everything seems to work OK, I can only ping
83.235.1.86 and nothing else. I tried pinging 8.8.8.8 or my ISP's DNS
servers but for some reason this is not possible.

I am on OpenBSD 5.8 running under esxi 6.
Any ideas?

Thank you for your time,
George

Re: root access after failed fsck

[George Mamalakis]

On 20/02/2016 12:52 μμ, arrowscr...@mail.com wrote:

Wow, that's new to me. Thanks.
Anyway, I still think that this "password rescue" should not be allowed by 
default.
I know operating systems can do very little to prevent physical problems like 
side-channel attacks,
but this is not the case, and this does not mean that the OS should not make it 
harder the attacks even
if someone have physical access. There's systems, from what I remember (HP 
servers, I think), that
allow remote control based on firmware. One could use this escape "feature" to 
get your root,
without physical access. Same for hosts services.
Also, the page 14.21 from faq say "I forgot my passphrase! Sorry. This is real 
encryption, there's
not a back door or magic unlocking tool." why exactly the root should be 
different? If one lost his
passphrase, it's his fault. I thought the philosophy was "secure by default", 
even if this make the
"computer difficult to manage properly".

Moreover, this is also the case with most Linux distro's  you've 
probably used in your life. You may have to enter a password on some 
distro's when in single-user mode, but grub is almost always 
passwordless, which means you can edit it to set /bin/bash as init, 
which basically bypasses all such "restrictions".


Secure by default does not mean that everything is hardened, as this 
wouldn't be that practical either. One could argue that file system 
permissions on binary and library folders could be more strict, or that 
systrace should have been setup and configured by default, but I think 
that this by far exceeds what a "secure OS" would be and enforces 
probable restrictions on sysadmins that they may not want to adhere to. 
I don't think that the goal of a proactively secure OS like OpenBSD is 
to be configured to be hardened by default so as to be used by expert or 
non-expert admins to feel safer, because that would be more misleading 
than helpful, as Stuart suggested. The goal is to have a generically 
safe OS where program crashes don't result in privilege escalation that 
easily and whose code is designed and written with security in mind to 
reduce vulnerabilities. It's the sysadmins' responsibility to further 
"secure" their installations and chose which features they'd further add 
which would probably make OS maintenance more difficult.


Having said that, to my understanding, securing physical access by 
asking the pass phrase in single-user mode in an OS would be more than a 
marketing thing rather than a security feature per-se.


George.

Re: OpenBSD 5.8 ikev2 road warrior setup with various clients

[George Mamalakis]

Since, as it seems, this list is not the appropriate place for asking 
ikev2 related questions, could anybody please direct me as to where such 
a place would be (mailing list, irc, etc.)?


Thanks again!

On 17/02/2016 11:57 πμ, George Mamalakis wrote:

On 16/02/2016 11:59 πμ, George Mamalakis wrote:

Hi all!

I'm trying to configure an ikev2 VPN gateway on my OpenBSD 5.8 box to 
allow remote access to my local network from various, road-warrior 
client "types" (MS Windows, Linux's, BSD's). My example local network 
is 10.0.0.0/24 and my public IP (egress) is 1.2.3.4.


I've read various guides on the Internet regarding analogous setups, 
but all of them were discussing about MS Windows clients. I'm trying 
to test my setup with an OpenBSD 5.8 client but I fail, and next I'd 
like to test it with a FreeBSD and a Linux client to see if it works.


My /etc/iked.conf looks like this:

ikev2 passive esp \
from 10.0.0.0/24 to 10.10.10.0/24 local 1.2.3.4 peer any \
psk mypass  \
config address 10.10.10.5

My client's /etc/iked.conf looks like this:

ikev2 active esp \
from 10.10.10.0/24 to 10.0.0.0/24 peer 1.2.3.4 \
psk lala123

which is based on an old email of this list (at around 2012), and as 
I explained earlier, it doesn't work. What happens is that when I try 
to access 10.0.0.1 from my client, the specific traffic is not 
passing from enc0 but is rather passing directly from the egress 
interface to its default route. Now, as it seems, this is a 
routing/flows issue, but I am unsure as to how to address it.


ipsecctl -sa on both machines looks good (or at least I think it does):

server:
# ipsecctl -sa
FLOWS:
flow esp in from 10.10.10.0/24 to 10.0.0.0/24 peer 5.6.7.8 srcid 
FQDN/1.2.3.4 dstid FQDN/5.6.7.8 type use
flow esp out from 10.0.0.0/24 to 10.10.10.0/24 peer 5.6.7.8 srcid 
FQDN/1.2.3.4 dstid FQDN/5.6.7.8 type require

flow esp out from ::/0 to ::/0 type deny

SAD:
esp tunnel from 5.6.7.8 to 1.2.3.4 spi 0x3ebcc647 auth hmac-sha2-256 
enc aes-256
esp tunnel from 1.2.3.4 to 5.6.7.8 spi 0x736c382f auth hmac-sha2-256 
enc aes-256


client:
# ipsecctl -sa
FLOWS:
flow esp in from 10.0.0.0/24 to 10.10.10.0/24 peer 1.2.3.4 srcid 
FQDN/5.6.7.8 dstid FQDN/1.2.3.4 type use
flow esp out from 10.10.10.0/24 to 10.0.0.0/24 peer 1.2.3.4 srcid 
FQDN/5.6.7.8 dstid FQDN/1.2.3.4 type require

flow esp out from ::/0 to ::/0 type deny

SAD:
esp tunnel from 5.6.7.8 to 1.2.3.4 spi 0x3ebcc647 auth hmac-sha2-256 
enc aes-256
esp tunnel from 1.2.3.4 to 5.6.7.8 spi 0x736c382f auth hmac-sha2-256 
enc aes-256


As inferred, my client's public IP is 5.6.7.8, and on both machines 
ip forwarding is enabled (pf allows all traffic as well).


Any help would be greatly appreciated, and directions towards an 
analogous, working, client setup for FreeBSD and Linux would be 
equally appreciated.


Thanks all in advance,

George.



I've also tried a different setup (without an internal network) which 
works for about a minute or so, and then it stops.


server:
# cat /etc/iked.conf
ikev2 passive esp \
from 10.0.0.0/24 to 0.0.0.0/0 local 1.2.3.4 peer any \
psk mypass

# cat /etc/ipsec.conf
flow esp out from 10.0.0.0/24 to 10.0.0.0/24 type bypass

client:
# cat /etc/iked.conf
ikev2 active esp \
from 0.0.0.0/0 to 10.0.0.0/24 peer 1.2.3.4 \
psk mypass

With this configuration, both client and server are able to access 
10.0.0.0/24 (by adding the extra flow in server's /etc/ipsec.conf and 
loading it via ipsecctl -f /etc/ipsec.conf), but after a minute or so 
the setup stops working. Traffic is reaching the server's enc0 
interface and replies are sent to the client via enc0, but the 
client's udp port which used to accept packets becomes unreachable 
(closes for some reason):


08:00:27:ee:e7:fd 08:00:27:59:7c:d4 0800 178: 1.2.3.4.52586 > 
5.6.7.8.58353: udp 136
08:00:27:59:7c:d4 08:00:27:ee:e7:fd 0800 70: 5.6.7.8 > 1.2.3.4: icmp: 
5.6.7.8 udp port 58353 unreachable


I'm not sure that running:

# iked -vvd &

on both machines, reveals not additional information, except that the 
client checks both incoming and outgoing SA, whereas the server checks 
only the incoming:


client:
ikev2_init_ike_sa: "policy1" is already active
ikev2_ike_sa_alive: outgoing CHILD SA spi 0x243b7395 last used 54 
second(s) ago

pfkey_sa_last_used: last_used 1455636797
ikev2_ike_sa_alive: incoming CHILD SA spi 0x2ee69c30 last used 54 
second(s) ago

ikev2_init_ike_sa: "policy1" is already active
pfkey_sa_last_used: last_used 1455636860
ikev2_ike_sa_alive: outgoing CHILD SA spi 0x243b7395 last used 51 
second(s) ago

pfkey_sa_last_used: last_used 1455636860
ikev2_ike_sa_alive: incoming CHILD SA spi 0x2ee69c30 last used 51 
second(s) ago


server:
pfkey_sa_last_used: last_used 1455636795
ikev2_ike_sa_alive: incoming CHILD SA spi 0x243b7395 last used 54 
second(s) ago

pfkey_sa_last_used: last_used 1455636858
ikev2_ike_sa_alive: incoming CHILD SA spi 0x243b7395 last used 51 
second(s) ago


Thanks all for your time and he

Re: root access after failed fsck

[George Mamalakis]

As in all BSD's I know of, edit /etc/ttys (as root) and change console 
to be insecure (it defaults to "secure"). This way you'll be asked for a 
password when in single user mode.


This is no security issue, it is how single user mode "operates" and 
it's configurable.


George.

PS. Be sure you won't forget your root's password :).
PS2. Physical access to a box (which is usually implied when running in 
single user mode) can almost certainly lead to a compromised machine.


On 20/02/2016 10:59 πμ, arrowscr...@mail.com wrote:

Some minutes ago I had a energy blackout here in my city. I was running OpenBSD.
When I booted after energy came back, the system did the usual fsck.
But this time something went wrong and he just escaped to root, without asking 
for any passphrase.
The system did a question like "point the path to sh", and I just typed 
"/bin/sh" and he gained access to root.
I think this is a serious security problem folks. I have softraid_crypto, so no 
problem for me, but one could (probably) induce this failure to access root 
when no FDE configured and he have physical access (or remove, who know with 
all these Intel AMT microcodes).
The /var/log/ have none logs about it, all I can show is the dmesg (if you need 
more information, just ask):

OpenBSD 5.9-beta (GENERIC.MP) #1864: Mon Jan 25 19:11:29 MST 2016
 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 16481857536 (15718MB)
avail mem = 15978151936 (15237MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe98e0 (94 entries)
bios0: vendor American Megatrends Inc. version "1601" date 11/27/2013
bios0: ASUSTeK COMPUTER INC. P8H61-M LX2 R2.0
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT MCFG SSDT BGRT SSDT SSDT DMAR
acpi0: wakeup devices P0P1(S4) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PEGP(S4) 
PEG0(S4) PEG1(S4) PEG2(S4) PEG3(S4) PXSX(S4) RP04(S4) PXSX(S4) RP03(S4) 
PS2K(S4) PS2M(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, 3200.43 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 100MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, 3200.03 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, 3200.02 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz, 3200.02 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (P0P1)
acpiprt2 at acpi0: bus 2 (RP01)
acpiprt3 at acpi0: bus -1 (RP02)
acpiprt4 at acpi0: bus 1 (PEG0)
acpiprt5 at acpi0: bus -1 (PEG1)
acpiprt6 at acpi0: bus -1 (PEG2)
acpiprt7 at acpi0: bus -1 (PEG3)
acpiprt8 at acpi0: bus 5 (RP04)
acpiprt9 at acpi0: bus 3 (RP03)
acpiprt10 at acpi0: bus 4 (PXSX)
acpiec0 at acpi0: not present
acpicpu0 at acpi0: C1(1000@1 mwait.1), PSS
acpicpu1 at acpi0: C1(1000@1 mwait.1), PSS
acpicpu2 at acpi0: C1(1000@1 mwait.1), PSS
acpicpu3 at acpi0: C1(1000@1 mwait.1), PSS
acpipwrres0 at acpi0: FN00, resource for FAN0
acpipwr

Re: OpenBSD 5.8 ikev2 road warrior setup with various clients

[George Mamalakis]

On 16/02/2016 11:59 πμ, George Mamalakis wrote:

Hi all!

I'm trying to configure an ikev2 VPN gateway on my OpenBSD 5.8 box to 
allow remote access to my local network from various, road-warrior 
client "types" (MS Windows, Linux's, BSD's). My example local network 
is 10.0.0.0/24 and my public IP (egress) is 1.2.3.4.


I've read various guides on the Internet regarding analogous setups, 
but all of them were discussing about MS Windows clients. I'm trying 
to test my setup with an OpenBSD 5.8 client but I fail, and next I'd 
like to test it with a FreeBSD and a Linux client to see if it works.


My /etc/iked.conf looks like this:

ikev2 passive esp \
from 10.0.0.0/24 to 10.10.10.0/24 local 1.2.3.4 peer any \
psk mypass  \
config address 10.10.10.5

My client's /etc/iked.conf looks like this:

ikev2 active esp \
from 10.10.10.0/24 to 10.0.0.0/24 peer 1.2.3.4 \
psk lala123

which is based on an old email of this list (at around 2012), and as I 
explained earlier, it doesn't work. What happens is that when I try to 
access 10.0.0.1 from my client, the specific traffic is not passing 
from enc0 but is rather passing directly from the egress interface to 
its default route. Now, as it seems, this is a routing/flows issue, 
but I am unsure as to how to address it.


ipsecctl -sa on both machines looks good (or at least I think it does):

server:
# ipsecctl -sa
FLOWS:
flow esp in from 10.10.10.0/24 to 10.0.0.0/24 peer 5.6.7.8 srcid 
FQDN/1.2.3.4 dstid FQDN/5.6.7.8 type use
flow esp out from 10.0.0.0/24 to 10.10.10.0/24 peer 5.6.7.8 srcid 
FQDN/1.2.3.4 dstid FQDN/5.6.7.8 type require

flow esp out from ::/0 to ::/0 type deny

SAD:
esp tunnel from 5.6.7.8 to 1.2.3.4 spi 0x3ebcc647 auth hmac-sha2-256 
enc aes-256
esp tunnel from 1.2.3.4 to 5.6.7.8 spi 0x736c382f auth hmac-sha2-256 
enc aes-256


client:
# ipsecctl -sa
FLOWS:
flow esp in from 10.0.0.0/24 to 10.10.10.0/24 peer 1.2.3.4 srcid 
FQDN/5.6.7.8 dstid FQDN/1.2.3.4 type use
flow esp out from 10.10.10.0/24 to 10.0.0.0/24 peer 1.2.3.4 srcid 
FQDN/5.6.7.8 dstid FQDN/1.2.3.4 type require

flow esp out from ::/0 to ::/0 type deny

SAD:
esp tunnel from 5.6.7.8 to 1.2.3.4 spi 0x3ebcc647 auth hmac-sha2-256 
enc aes-256
esp tunnel from 1.2.3.4 to 5.6.7.8 spi 0x736c382f auth hmac-sha2-256 
enc aes-256


As inferred, my client's public IP is 5.6.7.8, and on both machines ip 
forwarding is enabled (pf allows all traffic as well).


Any help would be greatly appreciated, and directions towards an 
analogous, working, client setup for FreeBSD and Linux would be 
equally appreciated.


Thanks all in advance,

George.



I've also tried a different setup (without an internal network) which 
works for about a minute or so, and then it stops.


server:
# cat /etc/iked.conf
ikev2 passive esp \
from 10.0.0.0/24 to 0.0.0.0/0 local 1.2.3.4 peer any \
psk mypass

# cat /etc/ipsec.conf
flow esp out from 10.0.0.0/24 to 10.0.0.0/24 type bypass

client:
# cat /etc/iked.conf
ikev2 active esp \
from 0.0.0.0/0 to 10.0.0.0/24 peer 1.2.3.4 \
psk mypass

With this configuration, both client and server are able to access 
10.0.0.0/24 (by adding the extra flow in server's /etc/ipsec.conf and 
loading it via ipsecctl -f /etc/ipsec.conf), but after a minute or so 
the setup stops working. Traffic is reaching the server's enc0 interface 
and replies are sent to the client via enc0, but the client's udp port 
which used to accept packets becomes unreachable (closes for some reason):


08:00:27:ee:e7:fd 08:00:27:59:7c:d4 0800 178: 1.2.3.4.52586 > 
5.6.7.8.58353: udp 136
08:00:27:59:7c:d4 08:00:27:ee:e7:fd 0800 70: 5.6.7.8 > 1.2.3.4: icmp: 
5.6.7.8 udp port 58353 unreachable


I'm not sure that running:

# iked -vvd &

on both machines, reveals not additional information, except that the 
client checks both incoming and outgoing SA, whereas the server checks 
only the incoming:


client:
ikev2_init_ike_sa: "policy1" is already active
ikev2_ike_sa_alive: outgoing CHILD SA spi 0x243b7395 last used 54 
second(s) ago

pfkey_sa_last_used: last_used 1455636797
ikev2_ike_sa_alive: incoming CHILD SA spi 0x2ee69c30 last used 54 
second(s) ago

ikev2_init_ike_sa: "policy1" is already active
pfkey_sa_last_used: last_used 1455636860
ikev2_ike_sa_alive: outgoing CHILD SA spi 0x243b7395 last used 51 
second(s) ago

pfkey_sa_last_used: last_used 1455636860
ikev2_ike_sa_alive: incoming CHILD SA spi 0x2ee69c30 last used 51 
second(s) ago


server:
pfkey_sa_last_used: last_used 1455636795
ikev2_ike_sa_alive: incoming CHILD SA spi 0x243b7395 last used 54 
second(s) ago

pfkey_sa_last_used: last_used 1455636858
ikev2_ike_sa_alive: incoming CHILD SA spi 0x243b7395 last used 51 
second(s) ago


Thanks all for your time and help in advance,

George.

PS. I'm getting the same behaviour even without the additional flow of 
/etc/ipsec.conf, so I've ruled it out from a problem candidate.

OpenBSD 5.8 ikev2 road warrior setup with various clients

[George Mamalakis]

Hi all!

I'm trying to configure an ikev2 VPN gateway on my OpenBSD 5.8 box to 
allow remote access to my local network from various, road-warrior 
client "types" (MS Windows, Linux's, BSD's). My example local network is 
10.0.0.0/24 and my public IP (egress) is 1.2.3.4.


I've read various guides on the Internet regarding analogous setups, but 
all of them were discussing about MS Windows clients. I'm trying to test 
my setup with an OpenBSD 5.8 client but I fail, and next I'd like to 
test it with a FreeBSD and a Linux client to see if it works.


My /etc/iked.conf looks like this:

ikev2 passive esp \
from 10.0.0.0/24 to 10.10.10.0/24 local 1.2.3.4 peer any \
psk mypass  \
config address 10.10.10.5

My client's /etc/iked.conf looks like this:

ikev2 active esp \
from 10.10.10.0/24 to 10.0.0.0/24 peer 1.2.3.4 \
psk lala123

which is based on an old email of this list (at around 2012), and as I 
explained earlier, it doesn't work. What happens is that when I try to 
access 10.0.0.1 from my client, the specific traffic is not passing from 
enc0 but is rather passing directly from the egress interface to its 
default route. Now, as it seems, this is a routing/flows issue, but I am 
unsure as to how to address it.


ipsecctl -sa on both machines looks good (or at least I think it does):

server:
# ipsecctl -sa
FLOWS:
flow esp in from 10.10.10.0/24 to 10.0.0.0/24 peer 5.6.7.8 srcid 
FQDN/1.2.3.4 dstid FQDN/5.6.7.8 type use
flow esp out from 10.0.0.0/24 to 10.10.10.0/24 peer 5.6.7.8 srcid 
FQDN/1.2.3.4 dstid FQDN/5.6.7.8 type require

flow esp out from ::/0 to ::/0 type deny

SAD:
esp tunnel from 5.6.7.8 to 1.2.3.4 spi 0x3ebcc647 auth hmac-sha2-256 enc 
aes-256
esp tunnel from 1.2.3.4 to 5.6.7.8 spi 0x736c382f auth hmac-sha2-256 enc 
aes-256


client:
# ipsecctl -sa
FLOWS:
flow esp in from 10.0.0.0/24 to 10.10.10.0/24 peer 1.2.3.4 srcid 
FQDN/5.6.7.8 dstid FQDN/1.2.3.4 type use
flow esp out from 10.10.10.0/24 to 10.0.0.0/24 peer 1.2.3.4 srcid 
FQDN/5.6.7.8 dstid FQDN/1.2.3.4 type require

flow esp out from ::/0 to ::/0 type deny

SAD:
esp tunnel from 5.6.7.8 to 1.2.3.4 spi 0x3ebcc647 auth hmac-sha2-256 enc 
aes-256
esp tunnel from 1.2.3.4 to 5.6.7.8 spi 0x736c382f auth hmac-sha2-256 enc 
aes-256


As inferred, my client's public IP is 5.6.7.8, and on both machines ip 
forwarding is enabled (pf allows all traffic as well).


Any help would be greatly appreciated, and directions towards an 
analogous, working, client setup for FreeBSD and Linux would be equally 
appreciated.


Thanks all in advance,

George.

Re: It was twenty years ago you see...

[Siju George]

It has been 15 years or so
I had no degree, so no job
One kind soul called me to be
An apprentice without salary

Windows 2000 & Zonealarm
Was the firewall where I was
Once in 3 months required a reinstall
Because it became the cracker's ball

An apprentice not knowing too much
About networking far less securing
Began to google for a Linux firewall
But came across PF firewall

Went around asking for help
To install OpenBSD in firm
All I got from the Linux Gurus
Was discouragement, said it 's tough

Started reading the Install doc
Took a month to understand 'slice'
Partitions inside partition
Slowly things began to click

I learned things on 3.4
Had a firewall by 3.5 :-) (
http://undeadly.org/cgi?action=article=20041013190823 )
Then there was no newbies list
misc@ that time was a little tough ;-)

The book would cost my 2 salaries
So there was no hope but misc@
Seeing my misery to comprehend
Two books J C Roberts sent

Soon I had a secure desktop in hand( https://goo.gl/142mRd )
And I loved it with all of my heart
Made my firm purchase CDs
Soon our backups were too in it.( http://goo.gl/ig2cRc, http://goo.gl/jExnCY
)

Now there is no looking back
Even EU said that they too back ( http://goo.gl/pNohhq )
Twenty years is no small thing
But Theo should not be relaxing ;-)

Thank you very much Theo and all developers. I learned a lot about security
just by reading through the misc mails and googling things I didn't
understand. And got kicked out from many free software mailinglists for
advocating OpenBSD and the BSD licence ;-)







On Sun, Oct 18, 2015 at 12:06 PM, Theo de Raadt  wrote:

> OpenBSD's source tree just turned 20 years old.
>
> I recall the import taking about 3 hours on an EISA-bus 486 with two
> ESDI drives.  There was an import attempt a few days earlier, but it
> failed due to insufficient space.  It took some time to repartition
> the machine.
>
> It wasn't terribly long before David Miller, Chuck Cranor and Niklas
> Hallqvist were commiting... then more people showed up.
>
> The first developments were improvements to 32-bit sparc.
>
> Chuck and I also worked on setting up the first 'anoncvs' to make sure
> noone was ever cut out from 'the language of diffs' again.  I guess
> that was the precursor for the github concept these days :-).  People
> forget, but even FSF was a walled garden at the time -- throwing tar
> files with vague logs over the wall every couple months.
>
> I was lucky to have one of the few 64Kbit ISDN links in town,
> otherwise this would not have happened.  My desktop was a Sparcstation
> 10; the third machine I had was a very slow 386.
>
> The project is now at:
>
> ~322,000 commits
> ~44 commits/day average
> ~356 hackers through the years
>
> --
>
> On this day, is my pleasure to give you a song written for the
> release by Todd Miller.
>
> http://www.openbsd.org/lyrics.html#58a
>
> It was twenty years ago you see
> Theo opened a cvs tree
> Made commits to many a file
> Joined by others in a very short while
>
> Take a moment to view
> The source of all this code
> The openbsd cvs repo...
>
> We're the openssh repository
> We hope you will enjoy the code
> The openntpd repository
> But that's not all that's here oh no...
> The mandoc 'pository, smtpd 'tory
> The libressl repo too
>
> It's wonderful to see the code
> Re-used far and wide
> The license is so liberal
> We'd love for you to code with us
> We'd love for you to code...
>
> I don't really want to have to go
> But it's hackathon time and so
> The coder will commit the code
> That he wants all of you to load
>
> So let me introduce to you the one and only Puffy Fish
> And the openbsd cvs repo...
>
> B... S... D...
>
> --
>
> (The 5.8 release will be announced and released in a few hours.)

Re: Starting isc_named earlier

[George]

On Mon, 24 Aug 2015 16:56:37 -0600
Devin Reade g...@gno.org wrote:

 --On Monday, August 24, 2015 12:27:06 AM + Stuart Henderson 
 s...@spacehopper.org wrote:
 
  Having NFS rely on DNS is not ideal. I don't see why dhcpd would
  need DNS to run at all?
 
 If you have a 'fixed-address' definition in a 'host' block, and
 the fixed-address uses a FQDN rather than an IP, you will have
 problems booting the DHCP server if no DNS server is reachable.
 IIRC, the DHCP daemon will fail to start and as a consequence
 the server takes a lot longer to come up.
 
 This burned me in the past after cold restart of everything on the
 network, where the internal DNS servers come up slower than the
 DHCP server.
 
 A solution of course is to use an IP in the fixed-address definition.

I know the only problem is I am trying to have less moving parts for
the configuration as the steps to do become longer and longer when
introducing changes and DNS seems like a good place to put
name-to-address information ;). 

If it is not clear: with static IPs fixed-address one can register the
IP in the DNS conf have dhcpd do a lookup and provide the IP address to
the machine. Considering that most other software has rules based on IP
etc.. it can make your life easier and things clearer ...

I have had this problem since 5.7, with DNS (because I have not gotten
around to migrating to the new pair), but nothing that some editing
cannot fix. Nevertheless having a machine secure and functioning
properly requires time and effort ... and good notes... so every step
you take to deviate from the beaten path will result in a beaten head
later ... but things are never as-rosy-as-you-might-like, so be it ;)
ce la vie.

Cheers,
George

Starting isc_named earlier

[George]

Hi guys,

I was wondering if someone might have a hint on how to start isc_name
(on 5.7) earlier than network services like DHCP and NFS. This was OK
for me on 5.6 when it was in base but now I have issues as my configs
are tied to DNS services on the local machine. 

I read a bit and fiddled with the rc code, getting failures there, ... I
am maybe not looking in the right place??

Any hints appreciated.
Regards,
George

Re: Starting isc_named earlier

[George]

On Sun, 23 Aug 2015 12:49:20 -0500
Edgar Pettijohn ed...@pettijohn-web.com wrote:

 On 08/23/15 12:40, Theo de Raadt wrote:
  something like this would probably do it, but would be undone
  anytime you update
 or at least I think it will be undone, but maybe not I don't have any 
 experience with making changes to it.
 
  --- /etc/rc Sat Aug 22 03:06:56 2015
  +++ /etc/rc.new Sun Aug 23 12:27:53 2015
  @@ -371,7 +371,7 @@
 make_keys
 
 echo -n 'starting early daemons:'
  -start_daemon syslogd ldattach pflogd nsd unbound ntpd
  +start_daemon syslogd ldattach pflogd isc_named ntpd
 start_daemon iscsid isakmpd iked sasyncd ldapd npppd
 echo '.'
 
 probably have to add something to /etc/rc.conf.local like 
 isc_named_flags=YES

Thanks for taking the time. FYI the 2 changes, above, did not work it
still fails starting. I shall look into moving to the other 2 when I
get the time.

Thank you both.

 
  On 08/23/15 12:00, George wrote:
  Hi guys,
 
  I was wondering if someone might have a hint on how to start
  isc_name (on 5.7) earlier than network services like DHCP and
  NFS. This was OK for me on 5.6 when it was in base but now I have
  issues as my configs are tied to DNS services on the local
  machine.
 
  I read a bit and fiddled with the rc code, getting failures
  there, ... I am maybe not looking in the right place??
  Or don't use ISC BIND.  Start your migrationg towards unbound / nsd,
  which are the new, safer toolkit for DNS.
 
  In my opinion, ISC BIND falls soundly into this catagory:
 
   https://en.wikipedia.org/wiki/Unsafe_at_Any_Speed
 As a former corvair owner I guarantee it was perfectly safe while
 parked.
 
  general reluctance to spend money on improving safety
 
  Except in this case, it is not the manufacturers, but the drivers
  failing to spend time catching up.
 
  There is a general reluctance by many system administrators to
   (a) comprehend that two decades of research has demonstrated
  the unsoundness of resource record caching when doing
   mixed authoritative + recursive
   (b) because it can do do mixed mode, in practice BIND
  encourages doing so
   (c) in part, NSD and unbound were written to stop that practice
   (d) Some of you are sticks in the mud, and deserve to get hurt.

Re: isolating untrusted programs in ssh chroot jails

[Jeff St. George]

You said at beginning of your comments now i don't use
firefox (or any 'modern browser)
   may I ask which browser you like to use? And for what reasons?

thanks in advance

On Thu, Mar 19, 2015 at 7:56 PM, dan mclaughlin thev...@openmailbox.org
wrote:

 here are the scripts i wrote to make this easier. these really were made
 for my own use, but i hope others may find them useful. i would be
 interested to know if anyone else actually does find them useful. would
 also be glad to know of any errors/problems/things that can go wrong i
 didn't think of.


 the first one (jail_new) creates a new jail (and possibly the user).
 the second one (jail_pkgadd) adds a package and its dependencies to an
 existing jail. they are expected to be in the same directory (jail_new
 cannot add packages (-p) otherwise).

 to relate to my earlier examples:

 $ jail_new -tu _inmate:_chaingang /home/jail

 will create the jail in /home/jail and also the user _inmate and group
 _chaingang. this case it will be just be a regular shell account (just
 chrooted).

 $ jail_new -t _inmate:_chaingang /home/jail

 will create the jail, but will not create the user:group.


 a real case:

 $ jail_new -tux -k /home/null/.ssh/id_rsa.pub -p w3m,feh:/usr/release/pkg
 browse /home/browse w3m -B

 this command sets up the terminal (-t) and X (-x) in a directory (here
 /home/browse), creates a user (-u) (in this case 'browse'), uses the given
 key file (-k) for the authorized keys, installs the packages (-p) w3m and
 feh (and all of their dependencies) from directory /usr/release/pkg, and
 sets 'w3m -B' to run automatically via ForceCommand in sshd_config.

 this is the equivalent of:

 $ jail_new -tux -k /home/null/.ssh/id_rsa.pub browse /home/browse w3m -B
 $ jail_pkgadd -p /usr/release/pkg w3m /home/browse
 $ jail_pkgadd -p /usr/release/pkg feh /home/browse

 if you want bzip2 in there as well, you can always add it later:

 $ jail_pkgadd -p /usr/release/pkg bzip2 /home/browse

 or, if PKG_PATH is set (and not remote) you can omit -p

 $ jail_pkgadd bzip2 /home/browse

 if PKG_PATH is set, and is remote, you need:

 $ jail_pkgadd -r bzip2 /home/browse

 (note: will only allow a single directory for PKG_PATH)

 this can be used by running:

 $ Xephyr :1  env DISPLAY=:1 ssh -X browse@localhost

 (side note: w3m runs 'display' to display an image, so i create a symlink
 to feh to view images)


 another case:

 $ jail_new -tuxr -k /home/null/.ssh/id_rsa.pub -p 
 xpdf:scp://null@node02/usr/release/pkg
 pdf /home/pdf

 you need to specify -r (remote) directly to use remote pkg src.

 which is the equivalent of:

 $ jail_new -tux -k /home/null/.ssh/id_rsa.pub pdf /home/pdf
 $ jail_pkgadd -r -p scp://null@node02/usr/release/pkg xpdf /home/pdf

 which can be used:

 $ cp test.pdf /home/pdf/tmp
 $ Xephyr :1  env DISPLAY=:1 ssh -X browse@localhost xpdf -fullscreen
 /tmp/test.pdf

 (in this case it may be best not to use ForceCommand, since you may want to
 open multiple documents.)


 WARNING use at your own peril. if you can't read the scripts, you probably
 shouldn't use them, and then i am certain there are other glaring security
 flaws you need to know about. i include these because it is a dull pain in
 the ass to do this manually, and hopefully someone may get some use out of
 them.

 other than that, do with it what you wish.

 they are as fool-proof as i could make them, so that i don't shoot myself
 in
 the foot accidently (and i have been around long enough to have done that a
 few times, even while being careful). but you never know.

 jail_new:
 --
 #!/bin/ksh
 USAGE=${0##*/} [-jrtux] [-k authkeys] [-p pkg[,pkg2...][:pkgpath]]
 user[:group] path [cmd [args ...]]
 [[ $1 = -h ]]  { echo USAGE $USAGE; return 0; }

 #-t sets PermitTTY and copies files for term
 #-x sets X11Forwarding and copies files for X (fonts,xauth)
 #-u creates user; fails if user exists
 #-j joins group; needed to join existing group
 #-p pkg[,pkg2...][:pkgpath]
 #-r allows remote pkg access
 #uses existing PKG_PATH
 #pkgpath arg overrides PKG_PATH

 #only accepts a lone pkgpath

 PATH=/sbin:/bin:/usr/sbin:/usr/bin

 echov() {  eval echo \\$$1\;  }
 isemptyv() {  eval [ \${#$1} -eq 0 ];  }
 notemptyv() {  eval [ \${#$1} -gt 0 ];  }
 alias xt='set -o xtrace'
 alias xt-='set +o xtrace'

 if [ $(id -u) -eq 0 ];then
   echo ERR cannot run as root
   return 1
 fi

 _sshd_config=/etc/ssh/sshd_config
 _sshd_config_tmp=/tmp/sshd_config

 trap rm -f $_sshd_config_tmp 0 2

 #for convenience
 _fontdir=/usr/X11R6/lib/X11/fonts
 _terminfo=/usr/share/misc/terminfo.db
 _termcap=/usr/share/misc/termcap

 _do_x=no
 _do_tty=no
 _do_useradd=
 _do_joingrp=
 _do_remote=
 _authkeys=
 _pkg=
 _pkgpath=
 _userhome=/home/cell
 while getopts :jrtuxk:p: _opt;do
   case $_opt in
 j) _do_joingrp=yes ;;
 r) _do_remote=-r ;;
 t) _do_tty=yes ;;
 u) _do_useradd=yes ;;
 x) _do_x=yes ;;
 k) _authkeys=$OPTARG
if [ ! -f 

Re: Just a thank you.

[Jeff St. George]

Ditto!

On Sat, Mar 14, 2015 at 5:44 PM, Maurice McCarthy m...@mythic-beasts.com
wrote:

 On Fri, Mar 13, 2015 at 06:09:05PM -0700 or thereabouts, Benjamin Heath
 wrote:
  Hi,
 
  This seems non-sequitur somehow, but I would simply like thank all the
  developers of OpenBSD for continuing work on the only OS that I really
  trust. I learn plenty just by lurking on this list. I also appreciate
  having a set of developers with the fortitude to entirely reject very
  flawed systems, and I like that simply because someone has to.
 
  Just thanks.
  Ben.
 

 +1. Totally agree. I have now completely abandoned linux.

 Thanks Hugely
 Maurice

Re: lynx is gone?

[Jeff St. George]

Its not in my pay grade to offer a technical opinion on Lynx removal!
But ,,WHAT r u folks using instead, considering??

thanks OpenBSD

Re: Best way forward w.r.t. apache/nginx/httpd?

[Jeff St. George]

In more or less the same boat, without php as our virtual sites are simple
display only.

However for future business developement we have wondered the same.

I am inn agreement with your choice of (1) as that would be ours pending
feedback here from those who know.


On Mon, Dec 29, 2014 at 7:30 AM, T. Ribbrock emga...@gmx.net wrote:

 Hi all,

 I'm finally getting round to updating my home server (gets a fresh 5.6
 install).

 Of course, there were a lot of changes over the past versions, one of
 them being the whole apache - nginx - httpd migration. My webserver
 has a CMS running which requires PHP and MySQL, plus a few more
 PHP-applications. Also, I have two or three virtual sites running and
 I'm currently considering having a look at something like Owncloud
 and/or Citadel.

 Given the current state of development in OpenBSD, I'm now wondering
 what the best way forward is for me:

 a) Install apache-httpd-openbsd from ports and keep my configuration
basically as is
Advantage: Less work to get everything running - I've done OpenBSD
re-installs like that several times over the past years
Disadvantage: I guess that the new httpd will get a lot more
developer attention, so this does not seem the ideal option longterm,
but I could always migrate to httpd later, e.g. when upgrading to 5.7
or (more likely) 5.8

 b) Migrate to nginx
This seems to be the least interesting option - not only do I have to
migrate now, but once more in the future, as nginx is also on the way
out (so, the same developer attention caveat applies as with
apache)

 c) Migrate to httpd
From what I've gathered so far from this list, this would basically
require me to switch to -current, as the 5.6 version is too fresh and
too many changes have happened since - or am I being pessimistic
here? I've never run -current before, hence, I'm a bit hesitant...

 I tend to go for a) because I do not want to migrate twice - but maybe
 somebody else has some interesting points that I have not considered
 yet? I'd appreciate the input!

 Regards,

 Thomas
 --

 -
  Thomas Ribbrockhttp://www.ribbrock.org/
You have to live on the edge of reality - to make your dreams come
 true!

Re: mac mini

[George Hartzell]

Doug Hardie writes:
  
  On 20 November 2013, at 10:09, Friedrich Locke friedrich.lo...@gmail.com 
  wrote:
  
   Does anyone here run Open/FreeBSD on mac mini ?
   
   Does the OS fully supports macmini hadrwared ?
  
  I have a couple production servers using Minis running FreeBSD 9.1
  and 9.2.  Check the archives as I posted the procedures I used to
  install.  Some current Minis require a bit of horsing around to get
  networking to work.  I have never used a windowing system on them.
  I only use a dumb terminal for initial setup and then SSH in after
  that. 

I've been running FreeBSD on a 2008 Intel 8-core Mac Pro (the tower)
for years, just bumped it up to the current 10-BETA3 (now that Andriy
solved the ZFS/mmap bug I was fighting and I can trust my flac tagging
pipeline again).

Works great.  I'm running the gnome desktop using the nvidia binary
distribution to drive a 30 Dell monitor.

Root on Zfs, two disk mirror.  Swapping directly onto partitions, no
mirror or ZFS involved.

I'm still depending on the BIOS emulation to boot and it only gets
triggered if you use MBR formatted disks, not GPT.  That confused the
daylights out of me for a bit.  I'm not sure if the EFI (?) boot stuff
works or not.

One time out of 4 it hangs early in the kernel starting up.  Never
cared enough to get help tracking it down.

g.

Re: Precisions on ZFS (was: Millions of files in /var/www inode / out of space issue.)

[Siju George]

On Sat, Feb 23, 2013 at 1:59 AM, Miod Vallat m...@online.fr wrote:

  Please, please, please, can someone port ZFS, just to end this endless
  thread...?

 Please someone port HAMMER instead. We are only interested in free
 software, with no strings attached.


YAY!!!

 http://leaf.dragonflybsd.org/mailarchive/users/2012-02/msg00020.html

Microsoft is Propping Up BSD

[Siju George]

http://techrights.org/2012/07/12/microsoft-and-bsd/

Re: Microsoft is Propping Up BSD

[Siju George]

On Mon, Jul 16, 2012 at 1:30 PM, Christer Solskogen 
christer.solsko...@gmail.com wrote:

 On Mon, Jul 16, 2012 at 8:08 AM, Siju George sgeorge@gmail.com
 wrote:
  http://techrights.org/2012/07/12/microsoft-and-bsd/
 

 It might have something to do with this:

 http://blogs.technet.com/b/openness/archive/2012/05/10/freebsd-support-on-windows-server-hyper-v.aspx


I think it might have more on bashing OpenBSD because one of the links go
to

http://techrights.org/2008/02/04/civitl-wars-in-free-software/




 --
 chs,

Re: OpenBSD forked

[Siju George]

On Sun, Jun 17, 2012 at 2:45 AM, Theo de Raadt dera...@cvs.openbsd.org wrote:
 They started the fork because they got kicked out because one
 developer (Marco) hired 5 other developers for his startup company,
 and attempted to hire around 10 other developers in a sneaky and
 underhanded way.

What about

http://aeriebsd.org/about.html

?

Thanks

Siju

Re: wifi firmware for lenovo thinkpad E420

[Siju George]

On Fri, May 11, 2012 at 12:11 AM, Henning Brauer lists-open...@bsws.de wrote:
 I have one of these somewhere - basically, all that is needed is a pci
 attachment for the existing urtwn. shouldn't be too hard, but as usual
 - somebody has to do it.


Hope somebody does this for 5.2 :-)

Thanks

--Siju

IPs in the facebook.com domain accessing OpenSBD firewall

[Siju George]

Hi,

This traffic is blocked on the external interface of the firewall.

May 17 11:34:56.013614 rule 7/(match) block in on em1:
66.220.151.124.47369  xxx.yyy.ddd.zzz.53: 58106 NS? . (19)
May 17 11:34:56.763086 rule 7/(match) block in on em1:
66.220.151.124.47369  xxx.yyy.ddd.zzz.53: 58107 NS? . (19)
May 17 11:34:57.513318 rule 7/(match) block in on em1:
66.220.151.124.47369  xxx.yyy.ddd.zzz.53: 58108 NS? . (19)

May 17 11:45:37.720155 rule 7/(match) block in on em1: 69.171.243.241
 xxx.yyy.ddd.zzz: icmp: echo request
May 17 11:45:39.213492 rule 7/(match) block in on em1:
69.171.243.241.52370  xxx.yyy.ddd.zzz.53: 33246 NS? . (19)

May 17 11:49:39.746886 rule 7/(match) block in on em1: 69.171.228.232
 xxx.yyy.ddd.zzz: icmp: echo request
May 17 11:49:41.242588 rule 7/(match) block in on em1:
69.171.228.232.59470  xxx.yyy.ddd.zzz.53: 33554 NS? . (19)

xxx.yyy.ddd.zzz  is our firewall IP

66.220.151.124, 69.171.243.241, 69.171.228.232 are IPs from
facebook.com domain as ip2location reports.


Why should facebook servers access my firewall?
They ping my firewall and try to use our internal DNS server DNS
server which is not mentioned in any public NS record?
I wonder if these machines in the facebook.com domain are infected
with some malware bots?
Oris it part of their security checks or something? Any body any idea?

Thanks

Siju