Fibre card recomendation

[Huncar, Peter]

Hello

Could someone possible recommend me a good stable (not too expensive) gigabit
multimod optical card?
I'm planning to switch newtwok backbone cablig from metalic to optic. Router
is managing traffic in a student capus local traffic including and is
connected to a gigabit Allied Telesyn switch with GBIC modules free.
Is Allied Telesyn AT-2971SX really a bad choice as I read in the archives?

Thank you

Peter Huncar

Re: Replace sendmail with qmail?

[Peter Hessler]

qmail has a seperate set of problems beyond its license.

That being said, its really easy to install qmail yourself and have it 
replace the in-tree sendmail (see mailer.conf).


On 2007 Nov 30 (Fri) at 00:27:32 -0800 (-0800), Matthew Dempsky wrote:
:Dan Bernstein has placed qmail 1.03 into the public domain (see
:http://cr.yp.to/qmail/dist.html).  Is there any interest in replacing
:sendmail with it to remove another component from the src/gnu/
:hierarchy?
:

-- 
You must realize that the computer has it in for you.  The irrefutable
proof of this is that the computer always does what you tell it to do.

Re: ASUS m2a-vm and 4.2

[Peter Strömberg]

On 28 Dec 2007 at 21:29, Pawel Veselov wrote:

> Hi,
> 
> Just had some experience installing 4.2 on ASUS m2a-vm... Wasn't pleasant.

Try -current, it will work better, with some gotchas thou.

> 3Gbs drive shows max of 0.2MBs tranfer rate (according to iostat). My
> old drive shows appx 30MB on IDE bus. Tested using dd if=/dev/zero
> of=file. Any disk access takes forever.

The drive is in pio-mode

> Selecting SATA interface as AHCI doesn't work (doesn't show up, or
> reboots the system when discovery attepmted).

In -current you can install to ahci/sata, but then generic doesn't boot.
You need to boot -c and disable ahci, change fstab to wd and then compile
a kernel with a KASSERT removed (in dev/pci/ahci.c, line 1757)
Change fstab again, and reboot. You'll get some ahci warnings, but it will work

> Installing 64bit version reboots the installer at the time disks were 
> accessed.
> 
> There seem to be some problems with built-in card, as in it won't send
> any packets, at least with 10MB media (re driver).

Still doesn't work in -current

Other quirks, the radeonhd driver doesn't work if you (only) use a dvi cable.
With an vga and a dvi cable you can run X

OpenBSD 4.2-current (MICRO.MP) #8: Sat Dec 29 13:01:47 CET 2007
[EMAIL PROTECTED]:/sys/arch/amd64/compile/MICRO.MP
real mem = 2011688960 (1918MB)
avail mem = 1941458944 (1851MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xf (58 entries)
bios0: vendor Phoenix Technologies, LTD version "ASUS M2A-VM ACPI BIOS Revision 
1603" date 11/30/2007
bios0: ASUSTeK Computer INC. M2A-VM
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SSDT HPET MCFG APIC
acpi0: wakeup devices USB0(S5) USB1(S5) USB2(S5) USB3(S5) USB4(S5) USB5(S5) 
AZAL(S3) P2P_(S5) PCE2(S4) PCE3(S4) PCE4(S4) PCE5(S4) PCE6(S4) PCE7(S4) 
PCE8(S4) UAR1(S5) UAR2(S5) PS2M(S5) PS2K(S5) PCI0(S5)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpihpet0 at acpi0: 14318180 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Athlon(tm) X2 Dual Core Processor BE-2350, 2100.22 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 
16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD Athlon(tm) X2 Dual Core Processor BE-2350, 2099.92 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,LONG,3DNOW2,3DNOW
cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 
16-way L2 cache
cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
ioapic0 at mainbus0 apid 4 pa 0xfec0, version 21, 24 pins
ioapic0: misconfigured as apic 0, remapped to apid 4
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 3 (P2P_)
acpiprt2 at acpi0: bus -1 (PCE2)
acpiprt3 at acpi0: bus -1 (PCE3)
acpiprt4 at acpi0: bus -1 (PCE4)
acpiprt5 at acpi0: bus -1 (PCE5)
acpiprt6 at acpi0: bus -1 (PCE6)
acpiprt7 at acpi0: bus 2 (PCE7)
acpiprt8 at acpi0: bus -1 (PCE8)
acpiprt9 at acpi0: bus 1 (AGP_)
acpicpu0 at acpi0: PSS
acpicpu1 at acpi0: PSS
acpitz0 at acpi0: critical temperature 75 degC
acpibtn0 at acpi0: PWRB
cpu0: PowerNow! K8 2099 MHz: speeds: 2100 2000 1800 1000 MHz
pci0 at mainbus0 bus 0: configuration mode 1
pchb0 at pci0 dev 0 function 0 "ATI RS690 Host" rev 0x00
ppb0 at pci0 dev 1 function 0 "ATI RS690 PCIE" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 5 function 0 "ATI Radeon X1250" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ppb1 at pci0 dev 7 function 0 "ATI RS690 PCIE" rev 0x00
pci2 at ppb1 bus 2
re0 at pci2 dev 0 function 0 "Realtek 8168" rev 0x01: RTL8168 2 (0x3800), apic 
4 int 19 (irq 5), address 00:1b:fc:8b:7c:9c
rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 2
ahci0 at pci0 dev 18 function 0 "ATI IXP600 SATA" rev 0x00: apic 4 int 22 (irq 
11), AHCI 1.1
scsibus0 at ahci0: 32 targets
sd0 at scsibus0 targ 0 lun 0:  SCSI3 0/direct fixed
sd0: 305245MB, 38913 cyl, 255 head, 63 sec, 512 bytes/sec, 625142448 sec total
ahci0: stopping the port, softreset slot 5 was still active.
atascsi_atapi_cmd_done, timeout
ahci0: stopping the port, softreset slot 7 was still active.
atascsi_atapi_cmd_done, timeout
ahci0: stopping the port, softreset slot 9 was still active.
atascsi_atapi_cmd_done, timeout
ahci0: stopping the port, softreset slot 11 was still active.
atascsi_atapi_cmd_done, timeout
ahci0: stopping the port, softreset slot 13 was still active.
atascsi_atapi_cmd_done, timeout
ahci0: stopping the port, softreset

Re: What is the relationship between fdisk and disklabel?

[Peter Kay]

Your disk layout is strange, an EFI partition is typically initialised by a GPT 
disk, not MBR.


GPT has a number of advantages including no differentiation between primary and 
extended partitions, and beating the 2TB limit of MBR.


When created, GPT also creates a 'protective MBR' covering the whole disk, so 
that older tools that only understand MBR don't break things. You can, if you 
know what you're doing, manipulate this protective MBR but you shouldn't - it 
will have odd effects and different operating systems will interpret it in 
different ways (Linux will be a bit upset).


In short : either use all GPT partitioning tools to edit your disk, or wipe it 
clean and restart with MBR.


Matthew is absolutely right about MBR otherwise. Generally MBR partitions and a 
disklabel have a direct mapping, but you can for instance, ignore the partition 
scheme. Imagine you have an old system that only boots partitions below 128GB 
or less but you want to use over that amount for OpenBSD? A solution is to 
create two partitions, one up to 128GB and the second over. Then adjust the 
disklabel to cover the two partitions, but make sure that the root section of 
the disklabel is entirely contained in the first MBR partition.


MBR is also a pain, because not everything understands extended 
partitions/logical drives, notably FreeBSD.


If you are doing multiboot (I set up an epic two Windows, three BSD, and Linux 
multiboot config last night for bare metal testing on a virtualised system) I'd 
recommend the following :


Generally partition using Windows. It works well, most of the tools are 
graphical, and it can install in GPT, and both primary and extended MBR 
partitions.
Modify partition IDs using OpenBSD, it's really good for that.
FreeBSD does not like extended partitions.


What I need to look up is why disklabels stop at 'p', as it's an issue on disks 
with lots of non OpenBSD partitions.


PK

Re: Rawtherapee 5.7 crashes in 6.6 amd64

[Peter Varga]

Yesa

On Sat, Nov 16, 2019, at 19:12, Merritt Draney wrote:
> I have tried to get Rawtherapee running unsuccessfully on my system. Is 
> anyone else having trouble? If I run it out of a terminal from a folder with 
> no pictures in it, it will start up fine. Then if I select a folder with 
> pictures in it (with the file browser) sometimes it will start loading them 
> once I have cleaned my cache files out but will not finish and will crash. 
> 
> Here are a couple logs I took running it through gdb like rawtherapee's site 
> states. I even rebuilt it from ports with the debug flag. They are a bit 
> above my head. I am not sure if it is Rawtherapee or an OpenBSD problem.
> 
> dbg log #1
>  9 thread 178416 futex () at -:3
>  8 thread 314953 0x097ac8386e6f in rtengine::ChunkyRGBData char>::computeHistogramAutoWB ()
>  from /usr/local/bin/rawtherapee
>  7 thread 216546 futex () at -:3
>  6 thread 608117 futex () at -:3
>  5 thread 157151 futex () at -:3
>  4 thread 262627 futex () at -:3
>  3 thread 574678 _thread_sys_poll () at -:3
> * 2 thread 354616 thrkill () at -:3
>  1 thread 137995 futex () at -:3
> 
> Thread 9 (thread 178416):
> #0 futex () at -:3
> No locals.
> #1 0x097cf91411b7 in _rthread_mutex_timedlock (mutexp=Variable "mutexp" 
> is not available.
> ) at include/machine/atomic.h:94
>  error = 83
>  self = 0x97cf9e36240
>  mutex = 0x97cf9189760
>  i = Variable "i" is not available.
> 3 in -
> 
> 
> dbg log #2
> 
>  4 thread 140590 access () at -:3
>  3 thread 193774 _thread_sys_poll () at -:3
> * 2 thread 318691 strlen () at 
> /usr/src/lib/libc/arch/amd64/string/strlen.S:154
>  1 thread 441315 0x050ace324d97 in ?? () from 
> /usr/local/lib/libiconv.so.7.0
> 
> Thread 4 (thread 140590):
> #0 access () at -:3
> No locals.
> #1 0x050a2e05a89d in g_file_test (filename=0x50a0172b580 
> "/home/merritt/.cache/RawTherapee/profiles/I
> MG_20191005_191245.jpg.6438ee363fdef4f66963858fd7362246.pp3", 
> test=G_FILE_TEST_EXISTS) at ../glib-2.60.7/g
> lib/gfileutils.c:439
> No locals.
> #2 0x0509f9324326 in Glib::file_test () from 
> /usr/local/lib/libglibmm-2.4.so.15.2
> No symbol table info available.
> #3 0x0507ea2d47d5 in rtengine::procparams::ProcParams::load () from 
> /usr/local/bin/rawtherapee
> No symbol table info available.
> #4 0x0507ea0aa386 in Thumbnail::loadProcParams () from 
> /usr/local/bin/rawtherapee
> No symbol table info available.
> #5 0x0507ea0a9fe4 in Thumbnail::Thumbnail () from 
> /usr/local/bin/rawtherapee
> No symbol table info available.
> #6 0x0507e9dcff03 in CacheManager::getEntry () from 
> /usr/local/bin/rawtherapee
> No symbol table info available.
> #7 0x0507ea01fb1c in PreviewLoader::Impl::processNextJob () from 
> /usr/local/bin/rawtherapee
> No symbol table info available.
> #8 0x0509f9349242 in (anonymous namespace)::call_thread_entry_slot () 
> from /usr/local/lib/libglibmm-2
> .4.so.15.2
> No symbol table info available.
> #9 0x050a2e0a48f8 in g_thread_pool_thread_proxy (data=0x509fcc79b80) at 
> ../glib-2.60.7/glib/gthreadpo
> ol.c:308
>  task = 0x50ac2c68050
>  pool = (GRealThreadPool *) 0x509fcc79b80
> #10 0x050a2e0a3775 in g_thread_proxy (data=0x50a6d6bf5e0) at 
> ../glib-2.60.7/glib/gthread.c:805
>  thread = (GRealThread *) 0x50a6d6bf5e0
> #11 0x050aa9a05df1 in _rthread_start (v=Variable "v" is not available.
> ) at /usr/src/lib/librthread/rthread.c:96
>  thread = Variable "thread" is not available.
> 154 movq (%rax),%rdx /* first data in high bytes */
> 
> 
> OpenBSD 6.6 (GENERIC.MP) #0: Sat Oct 26 08:08:07 MDT 2019
>  r...@syspatch-66-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 17099640832 (16307MB)
> avail mem = 16568705024 (15801MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xec150 (67 entries)
> bios0: vendor American Megatrends Inc. version "0211" date 03/07/2016
> bios0: ASUSTeK COMPUTER INC. A88X-PLUS/USB 3.1
> acpi0 at bios0: ACPI 5.0
> acpi0: sleep states S0 S3 S4 S5
> acpi0: tables DSDT FACP APIC FPDT MCFG HPET CRAT UEFI BGRT SSDT SSDT
> acpi0: wakeup devices PB21(S4) PB22(S4) PB31(S4) PB32(S4) PB33(S4) PB34(S4) 
> SBAZ(S4) PS2K(S4) UAR1(S4) OHC1(S4) EHC1(S4) OHC2(S4) EHC2(S4) OHC3(S4) 
> EHC3(S4) OHC4(S4) [...]
> acpitimer0 at acpi0: 3579545 Hz, 32 bits
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 16 (boot processor)
> cpu0: AMD Athlon(tm) X4 860K Quad Core Processor, 3691.18 MHz, 15-30-01
> cpu0: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,TOPEXT,CPCTR,DBKP,PERFTSC,ITSC,FSGSBASE,BMI1,XSAVEOPT
> cpu0: 96KB 64b/line 3-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 
> 16-way L2 cache
> cpu0: ITLB 48 4KB

Re: displayport - hdmi audio

[Peter Hessler]

OpenBSD does not support HDMI audio at this time.


On 2020 Jan 15 (Wed) at 16:16:24 + (+), sysmerge wrote:
:Hello thee, im trying to connect my TV to Thinkpad x220 via displayport - 
hdmi, but sound is only working on notebook not on TV.
:I tried some tricks from audio faq from site but no result. Problem is i have  
kinda low knowledge in audio related stuff in OpenBSD, cuz audio just works 
fine from the box on my laptop itself.

-- 
I do not fear computers.  I fear the lack of them.
-- Isaac Asimov

Re: OpenBSD PPPOE

[Peter Wong]

Yes, my ISP operate pppoe with vlan. How to configure my fxp0 using vlan id
500?


Regards,
--
Peter Wong
016-396 3326


On Wed, Jan 22, 2020 at 6:10 AM Joe Cook  wrote:

> Hi,
>
> In my experience, PPPoE operates on a VLAN and not directly on an
> interface like fxp0.
>
> For my setup I had the ONT connect to interface em2. I ran the following:
>
> *doas tcpdump -i em2*
>
> In the output I found the following:
>
> *11:05:43.878079 802.1Q vid 10 pri 0 PPPoE-Session*
>
> This tells me that PPPoE is tagged with VLAN ID 10 (802.1Q vid 10). I had
> to create vlan10 and attach it to em2 then I could create pppoe0 and attach
> it to vlan10.
>
>
> I hope this helps.
>
>
> Joe
> On 21/01/2020 6:42 pm, peterwkc wrote:
>
> Dear All,
>
> I would like to setup my openbsd as router.
> /etc/hostname.fxp0
> up
>
> /etc/hostname.pppoe0
> pppoedev fxp0 authproto pap authname "" authkey "" up
> dest 0.0.0.1
> !/sbin/route add default -ifp pppoe0 0.0.0.1
>
>
> Not able to get a connection. What wrong with it?
>
>
>
> --
> Sent from: http://openbsd-archive.7691.n7.nabble.com/openbsd-user-misc-f3.html
>
>

Re: OpenBSD PPPOE

[Peter Wong]

The hostname.filename should follow vlan or vnetid?

Regards,
--
Peter Wong
016-396 3326


On Wed, Jan 22, 2020 at 2:35 PM Peter J. Philipp  wrote:

> On Wed, Jan 22, 2020 at 09:49:18AM +0800, Peter Wong wrote:
> > Yes, my ISP operate pppoe with vlan. How to configure my fxp0 using vlan
> id
> > 500?
> >
> >
> > Regards,
> > --
> > Peter Wong
> > 016-396 3326
>
> Hi Peter Wong,
>
> My PPPoE router uses VLAN id #7 (IEEE 802.1q protocol), this is how I set
> up
> the vlan:
>
> eta$ more /etc/hostname.vlan7
> description "T-Online Internet"
> vnetid 7 parent cnmac0
> up mtu 1508
> eta$ ifconfig vlan7
> vlan7: flags=8843 mtu 1508
> lladdr fc:ec:da:04:8d:68
> description: T-Online Internet
> index 9 priority 0 llprio 3
> encap: vnetid 7 parent cnmac0 txprio packet rxprio outer
> groups: vlan
> media: Ethernet autoselect (1000baseT full-duplex)
> status: active
>
> You may make your vlan similarly by setting vnetid to 500.  And then
> instead of
> your fxp interface you'd use vlan.  In my case it's vlan7.
>
> Hope that helps,
> -peter
>

OpenBSD 6.0: PPPOE with vlan configure problem

[Peter Wong]

Dear All,
I'm trying to setup openbsd as router but could not get any internet
connection.
I need to set my external interface to vnetid 500. Below is my
configuration:

/etc/hostname.vlan500
-inet vnetid 500 parent fxp0 up

/etc/hostname.pppoe0
inet 0.0.0.0.0 255.255.255.255 NONE pppoedev *vlan500 *authproto chap \
authname "username" authkey "pass" up
dest 0.0.0.1
!/sbin/route add default -ifp pppoe0 0.0.0.1

Questions:
1. How to diagnose pppoe connection, any log file?
2. Should the vlan interface name follow vlan or vnetid?
3. Does it need to change the pppoedev interface to fxp0 or vlan500 or
something else?

Please advise. Thank you.

Regards,
------
Peter Wong
016-396 3326

Re: OpenBSD 6.0: PPPOE with vlan configure problem

[Peter Varga]

On Fri, Jan 24, 2020, at 18:03, Peter Wong wrote:
> Dear All,
> I'm trying to setup openbsd as router but could not get any internet
> connection.
> I need to set my external interface to vnetid 500. Below is my
> configuration:
> 
> /etc/hostname.vlan500
> -inet vnetid 500 parent fxp0 up
> 
> /etc/hostname.pppoe0
> inet 0.0.0.0.0 255.255.255.255 NONE pppoedev *vlan500 *authproto chap \
> authname "username" authkey "pass" up
> dest 0.0.0.1
> !/sbin/route add default -ifp pppoe0 0.0.0.1
> 
> Questions:
> 1. How to diagnose pppoe connection, any log file?
> 2. Should the vlan interface name follow vlan or vnetid?
> 3. Does it need to change the pppoedev interface to fxp0 or vlan500 or
> something else?
> 
> Please advise. Thank you.
> 
> Regards,
> --
> Peter Wong
> 016-396 3326
>

Re: OpenBSD 6.0: PPPOE with vlan configure problem

[Peter Wong]

Dear Tom,
I had tried with different authentication protocol like pap and chap but
not successful. On top of that, should i set mtu to bigger size like 1510
bytes.


Regards,
--
Peter Wong
016-396 3326


On Sat, Jan 25, 2020 at 10:26 AM Tom Smyth 
wrote:

> Peter
>
> I would check the authentication protocol and cycle
> through various authentication protocols to see if the isp
> has only one type of authentication protocol enabled
> im not certain the "\" is required, I havent had to use
> that on hostname.if files (in my experience)
> I see it in the manual page example but that may be
> try without that ...
> also keep an eye on the MTU of the PPPoE ..
>
> if the parent interface has an MTU of 1500 Bytes...
> unencrypted pppoe would have an MTU of 1492
> PPPoE with encryption would need an MTU of 1488
> Hope this helps
>
>
>
>
>
> On Sat, 25 Jan 2020 at 02:16, Peter Wong  wrote:
>
>> Dear All,
>> I'm trying to setup openbsd as router but could not get any internet
>> connection.
>> I need to set my external interface to vnetid 500. Below is my
>> configuration:
>>
>> /etc/hostname.vlan500
>> -inet vnetid 500 parent fxp0 up
>>
>> /etc/hostname.pppoe0
>> inet 0.0.0.0.0 255.255.255.255 NONE pppoedev *vlan500 *authproto chap \
>> authname "username" authkey "pass" up
>> dest 0.0.0.1
>> !/sbin/route add default -ifp pppoe0 0.0.0.1
>>
>> Questions:
>> 1. How to diagnose pppoe connection, any log file?
>> 2. Should the vlan interface name follow vlan or vnetid?
>> 3. Does it need to change the pppoedev interface to fxp0 or vlan500 or
>> something else?
>>
>> Please advise. Thank you.
>>
>> Regards,
>> --
>> Peter Wong
>> 016-396 3326
>>
>
>
> --
> Kindest regards,
> Tom Smyth.
>

Re: Restart single iked connections

[Peter Müller]

Hello openbsd-misc,

I am strongly interested in this, too.

Since the iked manpage does not mention this, I suppose it is not possible.
In combination with ifstated, however, this might result in a DoS scenario
if one peer becomes unreachable - on purpose or by chance - and any other
IPsec connections break down due to an iked restart, as Stephan already pointed
out.

So any advice on this is appreciated a lot. :-)

Thanks, and best regards,
Peter Müller


> Hi *,
> 
> I am in a situation where I've got hosts that handle IPsec connection
> with multiple endpoints.
> 
> So I've wondered if it was possible to restart single connections
> without rebuilding the rest of the connections.
> For example Machine A has a tunnel to machine B and machine C.
> The Tunnel to C is up and running as intended  but the tunnel to B is
> broken (icmp echos don't return -> for example). How do I rebuilt the tunnel 
> to B
> without restarting iked for all connections and interrupting my tunnel to
> C?
> 
> Thank you for your time.
> 
> g Stephan
> 

Re: IPsec and MTU / fragmentation

[Peter Müller]

Hello Lucas,

as far as I understood, setting MTU on encN interfaces is not supported
since it is not mentioned by enc(4) and setting it manually fails:

> machine# ifconfig enc0 mtu 1500
> ifconfig: SIOCSIFMTU: Inappropriate ioctl for device

If you do not want to use GRE tunnels or gif interfaces, I suppose truncating
MSS via pf might be an acceptable but not elegant solution:

> match on enc0 scrub (max-mss 1394)

1394 bytes is intentional as the remote end has an interface MTU of 1488 bytes
configured (behind a DSL connection using VLANs).

That being said, I bumped into some reproducible but not deterministic crashes
which are most likely related to IPsec connections as the same system runs
stable using OpenVPN. Please refer to 
https://marc.info/?l=openbsd-bugs&m=158048415032524&w=2
for further information - unfortunately, there is no solution for this yet.

Thanks, and best regards,
Peter Müller

> Hi misc@,
> 
> I've set up an IPsec tunnel to for serving my website from my home. The
> tunnel works quite well most of the time, but if I try to deliver big
> files over it, the HTTP client never gets a response. After some
> testing, if I ran in the HTTP server end
> 
>   perl -e 'print "a" x 1386;' | doas nc -l 10.200.0.80 80
> 
> client receives 1386 "a"s, but with any bigger size the client sees no
> response at all.
> 
> This smells of MTU / fragmentation issues, but I don't know enough about
> networks to configure it properly. Is this the case? Any recommendations
> on how to configure a sensible value? Any clue sticks? I can bang
> different MTUs until it works, but that solution doesn't seem to scale.
> You can find my iked and pf configs below.
> 
> Also would like to understand why it happens, so pointers to docs are
> more than welcome.
> 
> Thanks in advance,
> -Lucas
> 
> Initiator /etc/iked.conf:
> 
>   initiator_www = 10.200.0.80
>   initiator_peer =192.0.2.1
>   responder = 198.51.100.1
> 
>   ikev2 "www" active proto tcp \
>   from $initiator_www port 80 to $responder \
>   peer $responder \
>   srcid initiator dstid responder \
>   tag IPSECWWW
> 
> Initiator /etc/pf.conf:
> 
>   set block-policy drop
>   set loginterface egress
>   set skip on lo0
> 
>   block all
> 
>   pass out quick on { egress enc0 }
> 
>   pass in quick on enc0 tagged IPSECWWW
>   pass in on egress proto tcp to port ssh
>   pass in on egress inet proto icmp all
>   pass in on egress inet6 proto ipv6-icmp all
> 
> Responder /etc/iked.conf:
> 
>   initiator_www = 10.200.0.80
>   initiator_peer =192.0.2.1
>   responder = 198.51.100.1
> 
>   ikev2 "www" passive proto tcp \
>   from $responder to $initiator_www port 80 \
>   peer $initiator_peer \
>   srcid responder dstid initiator \
>   tag IPSECWWW
> 
> Responder /etc/pf.conf:
> 
>   set block-policy drop
>   set loginterface egress
>   set skip on lo0
> 
>   block log all
> 
>   pass out quick on egress
> 
>   pass in log on egress proto udp from any to (egress) \
>   port { isakmp ipsec-nat-t }
>   pass in log on egress proto esp from any to (egress)
>   pass in log on enc0 tagged IPSECWWW
>   pass out log on enc0
> 
>   pass in on egress proto tcp to port { ssh http https }
>   pass in on egress inet proto icmp all
>   pass in on egress inet6 proto icmp6 all
> 

strongSwan cannot install IPsec policies on OpenBSD

[Peter Müller]

Hello openbsd-misc,

during some flaws in OpenIKED, I am forced to use strongSwan as an IPsec client 
on an
OpenBSD 6.6 machine. While establishing an IKE_SA works fine, installing 
policies for CHILD_SA
fails (as expected):

> unable to install IPsec policies (SPD) in kernel
> failed to establish CHILD_SA, keeping IKE_SA

To those who are running strongSwan as an IPsec client on OpenBSD: Which is the 
best
procedure in this case? Are there other methods of installing IPsec policies 
into the
kernel available?

Thanks for any help in advance.

Best regards,
Peter Müller

P.S.: In case anybody wonders about the "OpenIKED flaws", these are as follows:
(a) Restarting single connections is not possible
(b) Dead Peer Detection is missing (I am aware of ifstated as a "replacement", 
but since
there seems to be no way of restarting a single IPsec connection, 
restarting the whole
iked daemon causes operational tunnels to crash)
(c) IKE is missing AES-GCM support (while ESP does - not sure why this is)
(d) Does not seem to support more than one private key

Apart from that, I really appreciate OpenIKED especially for its configuration 
file
syntax, but unfortunately cannot use it primarily due to (a) and (d).

Re: strongSwan cannot install IPsec policies on OpenBSD

[Peter Müller]

Hello Stuart,

thanks for your quick reply.


> On 2020-02-14, Peter Müller  wrote:
>> Hello openbsd-misc,
>>
>> during some flaws in OpenIKED, I am forced to use strongSwan as an IPsec 
>> client on an
>> OpenBSD 6.6 machine. While establishing an IKE_SA works fine, installing 
>> policies for CHILD_SA
>> fails (as expected):
>>
>>> unable to install IPsec policies (SPD) in kernel
>>> failed to establish CHILD_SA, keeping IKE_SA
>>
>> To those who are running strongSwan as an IPsec client on OpenBSD: Which is 
>> the best
>> procedure in this case? Are there other methods of installing IPsec policies 
>> into the
>> kernel available?
> 
> strongSwan's module to install policies to the kernel (kernel-pfkey) does
> not support OpenBSD without making code changes. Not impossible but hasn't
> been done. Only their userland setup that works with tun(4) devices
> (slightly confusingly called kernel-ipsec) is available.

Hm, after fiddling around for a while, I am a bit helpless on this. Do you 
happen to have
some example configuration? If yes, I would be very grateful to see it. :-)

Thanks, and best regards,
Peter Müller

> 
> 
>> P.S.: In case anybody wonders about the "OpenIKED flaws", these are as 
>> follows:
>> (a) Restarting single connections is not possible
>> (b) Dead Peer Detection is missing (I am aware of ifstated as a 
>> "replacement", but since
>> there seems to be no way of restarting a single IPsec connection, 
>> restarting the whole
>> iked daemon causes operational tunnels to crash)
>> (c) IKE is missing AES-GCM support (while ESP does - not sure why this is)
>> (d) Does not seem to support more than one private key
> 
> (e) no client side address-config
> (f) doesn't work with intermediate certs

Glad you mention it. I was bumping into something similar already and wondered 
why thinks
won't work...

> (plus some other missing things that would make life a lot easier, especially
> punting EAP off to a radius server ;)
> 
>> Apart from that, I really appreciate OpenIKED especially for its 
>> configuration file
>> syntax, but unfortunately cannot use it primarily due to (a) and (d).
> 

Re: strongSwan cannot install IPsec policies on OpenBSD

[Peter Müller]

Hello Stuart,

>>>
>>> strongSwan's module to install policies to the kernel (kernel-pfkey) does
>>> not support OpenBSD without making code changes. Not impossible but hasn't
>>> been done. Only their userland setup that works with tun(4) devices
>>> (slightly confusingly called kernel-ipsec) is available.
>>
>> Hm, after fiddling around for a while, I am a bit helpless on this. Do you 
>> happen to have
>> some example configuration? If yes, I would be very grateful to see it. :-)
> 
> I put a sanitized version of my config in the pkg-readme file in the
> strongswan package - but I only used it for a very basic EAP-MSCHAP
> client (and I don't know strongswan very well; I normally only use it
> on Android with the gui configuration tool) so there is nothing fancy
> in there.
> 

Thank you - unfortunately, it does not seem to work here. An IKE_SA is 
successfully
established, CHILD_SA fails with the same error message. If "installpolicy=no" 
is
appended to the appropriate connection in /etc/strongswan/ipsec.conf, both 
IKE_SA
and CHILD_SA can be established but no traffic will be routed through the 
tunnel:

> Status of IKE charon daemon (strongSwan 5.8.1, OpenBSD 6.6, amd64):
>   uptime: 2 minutes, since Feb 17 15:44:04 2020
>   worker threads: 6 of 16 idle, 6/0/4/0 working, job queue: 0/0/0/0, 
> scheduled: 6
>   loaded plugins: charon pkcs11 aes des rc2 sha2 sha1 md4 md5 mgf1 random 
> nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey 
> sshkey pem botan fips-prf gmp curve25519 chapoly xcbc cmac hmac gcm attr 
> kernel-libipsec kernel-pfroute resolve socket-default stroke vici updown 
> eap-identity eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-peap 
> xauth-generic xauth-eap counters
> Listening IP addresses:
>   94.xxx.xxx.xxx
>   2a03:::::::
> Connections:
>N2NTESTCONN:  xxx...yyy  IKEv2, dpddelay=10s
>N2NTESTCONN:   local:  [xxx] uses public key authentication
>N2NTESTCONN:cert:  "C=EU, O=xxx, CN=xxx"
>N2NTESTCONN:   remote: [yyy] uses public key authentication
>N2NTESTCONN:cert:  "C=EU, O=yyy, CN=yyy"
>N2NTESTCONN:   child:  10.xxx.xxx.2/32 === 10.yyy.yyy.0/24 TUNNEL, 
> dpdaction=restart
> Security Associations (1 up, 0 connecting):
>N2NTESTCONN[1]: ESTABLISHED 2 minutes ago, 
> 94.xxx.xxx.xxx[xxx]...87.yyy.yyy.yyy[yyy]
>N2NTESTCONN[1]: IKEv2 SPIs: a14ff33decbcc124_i* 2a6d95dc56127468_r, 
> public key reauthentication in 2 hours
>N2NTESTCONN[1]: IKE proposal: 
> AES_GCM_16_256/PRF_HMAC_SHA2_512/CURVE_25519
>N2NTESTCONN{1}:  INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: 
> f44fa42e_i cf5467e8_o
>N2NTESTCONN{1}:  AES_GCM_16_256, 5040 bytes_i (60 pkts, 0s ago), 0 
> bytes_o, rekeying in 42 minutes
>N2NTESTCONN{1}:   10.xxx.xxx.2/32 === 10.yyy.yyy.0/24

Traffic from the remote IPsec peer (which is a Linux machine) successfully 
reaches the
OpenBSD system ("5040 bytes_i"), but responses do not make it back ("0 
bytes_o"). Actually,
this is where I need help - manually installing SAs does not make sense to me.

Thank you in advance for any hints.

Best regards,
Peter Müller

P.S.: Sorry, I thought I had sent this to  already, but put 
in some
crappy To-Header. Sleep is no adequate substitution for caffeine... :-/

Re: Detecting DoH using PF

[Peter Müller]

Hello *,

for detecting DNS over HTTPS traffic without interfering with the connection, 
perhaps
these articles might be helpful:
- 
https://dshield.org/forums/diary/Is+it+Possible+to+Identify+DNS+over+HTTPs+Without+Decrypting+TLS/25616
- 
https://dshield.org/forums/diary/More+DNS+over+HTTPS+Become+One+With+the+Packet+Be+the+Query+See+the+Query/25628

Thanks, and best regards,
Peter Müller


> Hi Erik,
> 
> On Mon, Feb 17, 2020 at 06:07:59PM +, Erik Lauritsen wrote:
> | Hi,
> | 
> | Is a DNS over HTTPS recognizable somehow so that it can be fingerprinted
> | and redirected or blocked using pf?
> 
> I haven't studied this in close detail, but since it's just a "normal"
> (albeit generally small) HTTPS request, I doubt they can be easily
> fingerprinted.  But I wonder: what is your interest?
> 
> My concern is not users using safe (encrypted) transports for their
> DNS lookups, but users unwittingly sending their data to certain large
> companies.  To that end I've populated a table in pf with IP addresses
> from https://en.wikipedia.org/wiki/Public_recursive_name_server and
> simply have
> 
>   block out log from any to 
> 
> to prevent anyone on the local network from accessing them.  Some of
> them are more popular than others but it works well enough:
> 
> # pfctl -vvt openrecursor -T show | awk '/\[/ {p+=$4; b+=$6} END {print p, b}'
> 14672 1100046
> 
> so 14672 packets / 1100046 bytes blocked to these open recursors.
> Note that the rule blocks both DoH as well as 'normal' DNS or DoT
> requests.
> 
> | I am thinking about the ability of PF to detect when requests are coming 
> from
> | a windows machine for example.
> 
> OS fingerprinting looks at TCP characteristics; DoH requests are
> inside an encrypted transport and (probably) hard to discern from
> 'normal' HTTPS traffic.
> 
> Cheers,
> 
> Paul 'WEiRD' de Weerd
> 

Re: strongSwan cannot install IPsec policies on OpenBSD

[Peter Müller]

Hello openbsd-misc,

is anybody out there running strongSwan as an IPsec client for a net-to-net 
connection
on an OpenBSD machine?

If so, I would be very grateful to know which steps are necessary in order to 
successfully
route traffic through this n2n connection and what your ipsec.conf file (and 
other ones,
if necessary) looks like.

Sorry for bringing this up again, but I am out of ideas now and packaging 
strongSwan
for OpenBSD would not make sense if it could not be used properly. :-)

Thanks again for any advice on this.

Best regards,
Peter Müller

Re: BGP spamd AS working addresses to have realtime list updates

[Peter Hessler]

Hi Martin

The eu.bgp-spamd.net server is no longer available.  I have not had any
time for maintanence of these systems for several years, so do not
expect many future updates.

-peter


On 2020 Apr 19 (Sun) at 14:39:08 + (+), Martin wrote:
:I'm going to have spamdb updates from AS using BGP as configured.
:But both AS rs.bgp-spamd.net eu.bgp-spamd.net points to the same IP address 
according to ping:
:
:ping eu.bgp-spamd.net
:217.31.80.170
:ping rs.bgp-spamd.net
:217.31.80.170
:
:Which system can be used for redundancy? Any other spamd-AS online?
:
:$ cat /etc/bgpd.conf
:AS 65xxx
:fib-update no
:
:group "spam" {
:   remote-as 65066
:   multihop 64
:   export none
:  neighbor 64.142.121.62 {
:  descr "rs.bgp-spamd.net"
:  }
:  neighbor 217.31.80.170 {
:  descr "eu.bgp-spamd.net"
:  }
:}
:...
:
:Martin

-- 
Did you know ...

That no-one ever reads these things?

HDD fail signal

[Peter Kay]

On various SATA/SAS backplanes, notably the Icy Box/Raidsonic IB555SK, there is 
a 'HDD fail signal IN' connector and a note that this can be provided by the 
controller, to make the failure LED flash.

I can't find any controller that supports this, and presume it's directly 
supported by the controller (or does it need OS support?).

Can anyone offer advice? I'm thinking about buying another backplane with the 
same signal, because it's nice to do things correctly,  but there's no point if 
nothing supports it... (unless something is manually hacked together) 

iked: how to request a virtual IP when running as a road warrior

[Peter Müller]

Hello *,

I am trying to set up an IPsec connection between OpenBSD 6.2
and an IPFire firewall, while the OpenBSD is a road warrior.
There, I use "iked", while the firewall is running "strongswan".

After struggling with some cryptography issues (curve25519 and
brainpool512 did not work, neither did aes-gcm), the IKE
connection is now established, but the firewall requires a
request for a virtual IP:

[log snippet from "iked" @ OpenBSD:]
ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical 0x00 
length 12
ikev2_pld_notify: protoid NONE spisize 0 type AUTH_LIFETIME
ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NONE critical 0x00 
length 8
ikev2_pld_notify: protoid NONE spisize 0 type FAILED_CP_REQUIRED

[log snippet from "strongswan" @ IPFire:]
21:45:26 charon:  07[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH 
N(AUTH_LFT) N(FAIL_CP_REQ) ] 
21:45:26 charon:  07[IKE] failed to establish CHILD_SA, keeping IKE_SA 
21:45:26 charon:  07[IKE] configuration payload negotiation failed, no CHILD_SA 
built 
21:45:26 charon:  07[IKE] expected a virtual IP request, sending 
FAILED_CP_REQUIRED

Until now, I tried inserting the following directives to my
/etc/iked.conf - without luck, they didn't seem to change anything:

(1) config address 10.XXX.XXX.XXX

(2) config address 10.XXX.XXX.XXX/24

(3) config address 10.XXX.XXX.XXX\
config address 10.XXX.XXX.XXX/24

How do I configure "iked" to request a virtual IP?

Any help is highly appreciated, since I am flying blind here.

Thanks and best regards,
Peter Müller

Re: iked: how to request a virtual IP when running as a road warrior

[Peter Müller]

Hello,

thanks for the reply.

> Hello
> 
> On 01/30/18 22:00, Peter Müller wrote:
> > Hello *,
> > 
> > I am trying to set up an IPsec connection between OpenBSD 6.2
> > and an IPFire firewall, while the OpenBSD is a road warrior.
> > There, I use "iked", while the firewall is running "strongswan".
> > 
> > After struggling with some cryptography issues (curve25519 and
> > brainpool512 did not work, neither did aes-gcm), the IKE
> > connection is now established, but the firewall requires a
> > request for a virtual IP:
> > 
> > [log snippet from "iked" @ OpenBSD:]
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical 
> > 0x00 length 12
> > ikev2_pld_notify: protoid NONE spisize 0 type AUTH_LIFETIME
> > ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NONE critical 0x00 
> > length 8
> > ikev2_pld_notify: protoid NONE spisize 0 type FAILED_CP_REQUIRED
> > 
> > [log snippet from "strongswan" @ IPFire:]
> > 21:45:26 charon:  07[ENC] generating IKE_AUTH response 1 [ IDr CERT AUTH 
> > N(AUTH_LFT) N(FAIL_CP_REQ) ]
> > 21:45:26 charon:  07[IKE] failed to establish CHILD_SA, keeping IKE_SA
> > 21:45:26 charon:  07[IKE] configuration payload negotiation failed, no 
> > CHILD_SA built
> > 21:45:26 charon:  07[IKE] expected a virtual IP request, sending 
> > FAILED_CP_REQUIRED
> > 
> > Until now, I tried inserting the following directives to my
> > /etc/iked.conf - without luck, they didn't seem to change anything:
> > 
> > (1) config address 10.XXX.XXX.XXX
> > 
> > (2) config address 10.XXX.XXX.XXX/24
> > 
> > (3) config address 10.XXX.XXX.XXX\
> >  config address 10.XXX.XXX.XXX/24
> > 
> > How do I configure "iked" to request a virtual IP?
> > 
> > Any help is highly appreciated, since I am flying blind here.
> > 
> > Thanks and best regards,
> > Peter Müller
> >   
> 
> Last time I looked, OpenIKED was not yet able to request a config 
> payload, only reply to one. Looking at the source code of iked confirms 
> this.
I see. Since IPFire requires an a request for a virtual IP address when
using a road warrior IPsec connection, OpenBSD seems to be incompatible then.

A workaround might be a net-to-net IPsec connection, with a /32 announcement
at the side of the OpenBSD machine. Will try that and report.

Best regards,
Peter Müller
> 
> /src/sbin/iked/ikev2.c
> 
> ssize_t
> ikev2_add_cp(struct iked *env, struct iked_sa *sa, struct ibuf *buf)
> {
> ...
>   switch (sa->sa_cp) {
>   case IKEV2_CP_REQUEST:
>   cp->cp_type = IKEV2_CP_REPLY;
>   break;
>   case IKEV2_CP_REPLY:
>   case IKEV2_CP_SET:
>   case IKEV2_CP_ACK:
>   /* Not yet supported */ <===!!!
>   return (-1);
>   }
> ...
> 
> Cheers Kim
> 

Re: openbsd 63-eta and dhcpclient problem

[Peter Hessler]

please include the output of "dhclient -vv re0"


On 2018 Mar 09 (Fri) at 09:14:08 +0100 (+0100), Holger Glaess wrote:
:hi
:
:
:i have here an fresh installed openbsd 6.3-beta on an samsung ultrabook
:series 5
:
:problem is the he don't get an ip address on his ethernet interface.
:
:
:i see on my dhcp server the request coming and he send an offer but the
:samsung diden't get it.
:
:if i boot an simple stupid ubuntu 16.04.02 install cd , the interface works
:and got an ip.
:
:dmesg below.
:
:there is no config for the dhclient .
:
:bug ?
:
:
:holger
:

-- 
The Arkansas legislature passed a law that states that the Arkansas
River can rise no higher than to the Main Street bridge in Little
Rock.

Re: openbsd 63-eta and dhcpclient problem

[Peter Hessler]

Can you run "tcpdump -c100 -ni re0 port 67 or port 68", while running
dhclient?  The dhclient process doesn't see the responses from the
server, and I want to make sure they are being delivered to the network
card.


On 2018 Mar 09 (Fri) at 10:08:13 +0100 (+0100), Holger Glaess wrote:
:hi
:
:
:~ 1>dhclient -vv re0
:re0: DHCPDISCOVER - interval 1
:re0: DHCPDISCOVER - interval 1
:re0: DHCPDISCOVER - interval 1
:re0: DHCPDISCOVER - interval 1
:re0: DHCPDISCOVER - interval 1
:re0: DHCPDISCOVER - interval 1
:re0: DHCPDISCOVER - interval 1
:re0: DHCPDISCOVER - interval 1
:re0: DHCPDISCOVER - interval 1
:re0: DHCPDISCOVER - interval 1
:re0: no lease ... sleeping
:
:
:and part of my log from the dhcp server
:
:
:Mar  9 10:05:34 furt dhcpd[72447]: DHCPDISCOVER from e8:03:9a:b4:f6:48 via
:vlan100
:Mar  9 10:05:34 furt dhcpd[72447]: DHCPOFFER on 192.168.131.101 to
:e8:03:9a:b4:f6:48 via vlan100
:Mar  9 10:05:35 furt dhcpd[72447]: DHCPDISCOVER from e8:03:9a:b4:f6:48 via
:vlan100
:Mar  9 10:05:35 furt dhcpd[72447]: DHCPOFFER on 192.168.131.101 to
:e8:03:9a:b4:f6:48 via vlan100
:Mar  9 10:05:36 furt dhcpd[72447]: DHCPDISCOVER from e8:03:9a:b4:f6:48 via
:vlan100
:Mar  9 10:05:36 furt dhcpd[72447]: DHCPOFFER on 192.168.131.101 to
:e8:03:9a:b4:f6:48 via vlan100
:Mar  9 10:05:37 furt dhcpd[72447]: DHCPDISCOVER from e8:03:9a:b4:f6:48 via
:vlan100
:Mar  9 10:05:37 furt dhcpd[72447]: DHCPOFFER on 192.168.131.101 to
:e8:03:9a:b4:f6:48 via vlan100
:Mar  9 10:05:38 furt dhcpd[72447]: DHCPDISCOVER from e8:03:9a:b4:f6:48 via
:vlan100
:Mar  9 10:05:38 furt dhcpd[72447]: DHCPOFFER on 192.168.131.101 to
:e8:03:9a:b4:f6:48 via vlan100
:
:
:holger
:
:
:
:Am 09.03.2018 um 09:37 schrieb Peter Hessler:
:> please include the output of "dhclient -vv re0"
:> 
:> 
:> On 2018 Mar 09 (Fri) at 09:14:08 +0100 (+0100), Holger Glaess wrote:
:> :hi
:> :
:> :
:> :i have here an fresh installed openbsd 6.3-beta on an samsung ultrabook
:> :series 5
:> :
:> :problem is the he don't get an ip address on his ethernet interface.
:> :
:> :
:> :i see on my dhcp server the request coming and he send an offer but the
:> :samsung diden't get it.
:> :
:> :if i boot an simple stupid ubuntu 16.04.02 install cd , the interface works
:> :and got an ip.
:> :
:> :dmesg below.
:> :
:> :there is no config for the dhclient .
:> :
:> :bug ?
:> :
:> :
:> :holger
:> :
:> 
:

-- 
So far as I can remember, there is not one word in the Gospels in
praise of intelligence.
-- Bertrand Russell

Re: openbsd 63-eta and dhcpclient problem

[Peter Hessler]

No need for the tcdump any more.  I wanted to see if you were receiving
the packets or not. If you're getting a lease, then clearly you're now
receiving the packets.


On 2018 Mar 09 (Fri) at 11:06:43 +0100 (+0100), Holger Glaess wrote:
:hi
:
:
:strange
:
:i did the test again with booting the ubuntu cd , then i reboot to openbsd
:6.3
:
:since this time dhcp on re works . i did also an complete poweroff and
:
:reboot direkt to openbsd is works now . i dont  know why .
:
:i start to have this problem with an current version 6.2 from feb .2018 but
:i dident care about it , i think the interface is broken .
:
:today i try the linux , first and wonder why is ethernet working.
:
:did you need the tcpdump farther ?
:
:holger
:
:
:
:Am 09.03.2018 um 10:22 schrieb Peter Hessler:
:> tcpdump -c100 -ni re0 port 67 or port 6
:

-- 
Miksch's Law:
If a string has one end, then it has another end.

Re: bug tracking system for OpenBSD

[Peter Hessler]

On 2018 Mar 30 (Fri) at 23:01:16 +0300 (+0300), Sergey Bronnikov wrote:
:On 17:54 Tue 19 Dec , Ted Unangst wrote:
:> Kai Wetlesen wrote:
:> > > > you don't have to announce your bug database the first day you set it 
up. in
:> > > > fact, it's better not to. but in a few months time, when somebody 
inevitably
:> > > > asks misc how do i contribute, where's the todo list, you'll have this 
handy
:> > > > list of unresolved bugs to point them at.
:> 
:> > There are many decisions that would need to be made that will piss somebody
:> > off. Decisions like what software/platform to use, where to host the 
thing, and
:> > how much the tool should integrate into existing bug reporting mechanisms
:> > (right now just fancy emailing).
:> > 
:> > To answer your tactful question Theo, I personally haven’t done anything 
because
:> > I do not have your blessing nor of someone who can say “yes just effing do 
it". But,
:> > if you would be willing to give me free reign it will be done.
:> 
:> Imagine if you'd followed my suggestion and spent the last six months 
curating
:> a bug database. Then today you could have sent us a link to it and everybody
:> would see how useful it is. Now we have to wait another six months.
:
:I have made a first step forward in direction to OpenBSD bugtracker
:and imported bugs@ archive to a Fossil SCM -
:https://bronevichok.ru/cgi-bin/b.cgi/rptview?rn=1
:Let's discuss a next step.
:

I believe the next step would be to delete the database.
_Please re-read the entire thread_.  Or even just the parts you quoted.

An example that shouldn't be displayed in the database:
 - Arrival-Date:   Tue Jul  7 17:50:01 MDT 1998

-- 
In Lexington, Kentucky, it's illegal to carry an ice cream cone in your
pocket.

Re: CPU Affinity

[Peter Hessler]

On 2018 Apr 29 (Sun) at 22:07:18 -0300 (-0300), Elias M. Mariani wrote:
:Hi,
:I was trying to port mprime to OpenBSD.
:The main issue is not finding any way to set affinity on cores.
:Searching for how to do this on OpenBSD bring this result in undeadly:
:http://undeadly.org/cgi?action=article&sid=20090324210236
:
:Is CPU Affinity dropped out of OpenBSD for some reason?
:
:Elias.
:

CPU Affinity is available inside the kernel only, and is not exposed to
userland.

There are no plans to make it available to userland.


-- 
Pardon this fortune.  Database under reconstruction.

Re: Open source RISC-V 64bit w ECC RAM & PCIe this summer

[Peter Kay]

>4-core (5-core?) 1.5Ghz, 8GB DDR4 ECC RAM, two >PCIe slots (one one-lane
>and one two-lane PCIe 2.0?), SATA, gigabit ethernet, >microSD, HDMI,
>UART

Neat, but horribly slow and expensive. Raptor CS, on the other hand, are 
releasing the POWER9 based Talos II Lite soon, and also (apparently) the bare 
motherboard without chassis. Info at raptorcs.com

It'll probably still be a bit slow and expensive compared to a Xeon, and it 
won't work run OpenBSD out of the box, but it is open.

Re: Building OpenBSD and ports VS installing from packages

[Peter Hessler]

i386 and amd64 are different platforms, so of course you get different packages.

Within the same platform, all binaries that are built should run on all
possible members of that platform.

So, code will be compiled WITHOUT AVX support, unless it can be detected
at runtime (e.g. mplayer/ffmpeg).  I believe that firefox does not to
runtime detection, so firefox should not directly call AVX.


On 2018 May 21 (Mon) at 18:37:43 -0300 (-0300), Elias M. Mariani wrote:
:Hi,
:I understand that about the builds and packages.
:I will re write my question in another form:
:If I build, say, firefox on a i386 machine I get a package, and
:another if I build firefox on amd64, they differ.
:If I build firefox on an amd64 machine WITHOUT AVX support I get a
:package, if now I build firefox in an amd64 machine WITH AVX support,
:do I still get the same package ?
:(firefox is a random pick)
:
:Cheers.
:Elias.
:
:2018-05-21 18:24 GMT-03:00 IL Ka :
:> Hello.
:>
:> OpenBSD team does not recommend to build anything that exists in packages.
:>
:>>>If so, building from ports would produce a different code?
:> In most cases ports are not aware of your microarchitecture.
:> See my question and Theo's answer.
:>
:> https://www.mail-archive.com/misc@openbsd.org/msg160878.html
:>
:>
:>
:

-- 
The Computer made me do it.

Re: Firefox and stuttering USB audio

[Peter Fröhlich]

 at uhidev5 reportid 2: input=7, output=0, feature=0
> uhid4 at uhidev5 reportid 3: input=1, output=0, feature=0
> uhid5 at uhidev5 reportid 4: input=1, output=0, feature=0
> ucc3 at uhidev5 reportid 5: 573 usages, 18 keys, array
> wskbd5 at ucc3 mux 1
> uhid6 at uhidev5 reportid 6: input=0, output=0, feature=7
> uhidev6 at uhub0 port 10 configuration 1 interface 0 "ZSA Technology
> Labs Inc ErgoDox EZ" rev 1.10/0.01 addr 7
> uhidev6: iclass 3/1
> ukbd1 at uhidev6: 8 variable keys, 6 key codes
> wskbd6 at ukbd1 mux 1
> uhidev7 at uhub0 port 10 configuration 1 interface 1 "ZSA Technology
> Labs Inc ErgoDox EZ" rev 1.10/0.01 addr 7
> uhidev7: iclass 3/0, 5 report ids
> uhid7 at uhidev7 reportid 3: input=2, output=0, feature=0
> ucc4 at uhidev7 reportid 4: 672 usages, 18 keys, array
> wskbd7 at ucc4 mux 1
> ukbd2 at uhidev7 reportid 5: 128 variable keys, 0 key codes
> wskbd8 at ukbd2 mux 1
> uhub1 at uhub0 port 11 configuration 1 interface 0 "Genesys Logic USB2.0
> Hub" rev 2.00/60.70 addr 8
> uhidev8 at uhub0 port 12 configuration 1 interface 0 "MSI MYSTIC LIGHT"
> rev 1.10/0.01 addr 9
> uhidev8: iclass 3/0, 252 report ids
> uhid8 at uhidev8 reportid 1: input=63, output=63, feature=0
> uhid9 at uhidev8 reportid 2: input=63, output=63, feature=0
> uhid10 at uhidev8 reportid 82: input=0, output=0, feature=184
> uhid11 at uhidev8 reportid 83: input=0, output=0, feature=255
> uhid12 at uhidev8 reportid 208: input=63, output=63, feature=0
> uhid13 at uhidev8 reportid 250: input=63, output=63, feature=0
> uhid14 at uhidev8 reportid 252: input=63, output=63, feature=0
> vscsi0 at root
> scsibus3 at vscsi0: 256 targets
> softraid0 at root
> scsibus4 at softraid0: 256 targets
> root on sd2a (4ecdd5c9b68fa0c9.a) swap on sd2b dump on sd2b
> drm:pid0:smu_v11_0_check_fw_version *WARNING* SMU driver if version not
> matched
> [drm] REG_WAIT timeout 1us * 10 tries - mpc2_assert_idle_mpcc line:481
> amdgpu0: NAVY_FLOUNDER 40 CU rev 0x00
> [drm] REG_WAIT timeout 1us * 10 tries - mpc2_assert_idle_mpcc line:481
> amdgpu0: 2560x1440, 32bpp
> wsdisplay0 at amdgpu0 mux 1: console (std, vt100 emulation), using wskbd0
> wskbd1: connecting to wsdisplay0
> wskbd2: connecting to wsdisplay0
> wskbd3: connecting to wsdisplay0
> wskbd4: connecting to wsdisplay0
> wskbd5: connecting to wsdisplay0
> wskbd6: connecting to wsdisplay0
> wskbd7: connecting to wsdisplay0
> wskbd8: connecting to wsdisplay0
> wsdisplay0: screen 1-5 added (std, vt100 emulation)
> uaudio0: play xfer, err = 6
> uhid8 detached
> uhid9 detached
> uhid10 detached
> uhid11 detached
> uhid12 detached
> uhid13 detached
> uhid14 detached
> uhidev8 detached
> uhidev8 at uhub0 port 12 configuration 1 interface 0 "MSI MYSTIC LIGHT"
> rev 1.10/0.01 addr 9
> uhidev8: iclass 3/0, 252 report ids
> uhid8 at uhidev8 reportid 1: input=63, output=63, feature=0
> uhid9 at uhidev8 reportid 2: input=63, output=63, feature=0
> uhid10 at uhidev8 reportid 82: input=0, output=0, feature=184
> uhid11 at uhidev8 reportid 83: input=0, output=0, feature=255
> uhid12 at uhidev8 reportid 208: input=63, output=63, feature=0
> uhid13 at uhidev8 reportid 250: input=63, output=63, feature=0
> uhid14 at uhidev8 reportid 252: input=63, output=63, feature=0
>
> uaudio0: play xfer, err = 6
>
>
> Thank you
>
> Courtney
>
>


-- 
Peter H. Fröhlich | Senior Code Monkey | https://phf.github.io/

sysupdate and space check

[Peter Fraser]

I make a stupid mistake; I didn't check partition sizes before doing a 
sysupgrade.
sysupgrade ran out of space or /usr in the middle of the upgrade.
I know I should have checked first but it would be nice if sysupgrade did warn 
me.
The site was a 20-minute drive away, and their down time was a lot longer then 
I expected.

Re: Multihop BFD support on OpenBSD

[Peter Hessler]

Hi,

You may have noticed that our BFD implementation is not enabled, and
that is because it is not yet finished.

Multi-hop support is one of the things that is on a TODO list, but there
is no intention on working on that feature in the near future.
Additionally, there is no intention of making a portable version of this.
It is primarily a kernel implementation, so a portable version wouldn't
make sense.

-peter


On 2022 Nov 02 (Wed) at 19:49:09 + (+), Nallan Chakravarthy, Sudarshan 
wrote:
:Hello OpenBSD Team,
:I’m Sudarshan, a software developer at NetApp. cc’d are my colleagues at 
NetApp.
:I have been going through OpenBSD’s BFD 
implementation<https://github.com/openbsd/src/blob/7853af7355314b198e29153656858f98a017f6c9/sys/net/bfd.c>
 with an intention of using
:it for one of our use cases. While doing so, I realized that OpenBSD currently 
doesn’t
:support multi-hop BFD(RFC 5883).
:https://github.com/openbsd/src/blob/7853af7355314b198e29153656858f98a017f6c9/sys/net/bfd.c#L797-L798
:
:
:  1.  Is there a plan to add BFD multihop support to OpenBSD in near future?
:  2.  Also, is there a plan to add a portable version of BFD to other 
platforms like FreeBSD and linux
:  similar to OpenBGPD?
:
:Thanks,
:Sudarshan

-- 
Earth is a beta site.

CyberPower cp1500PPFCLCD

[Peter Fraser]

My old UPS dies, it was very old I had been changing batteries on it for years. 
It was so old that it used a serial  port for communications.

I replace it with a new CyberPower cp1500PPFCLCD.

I connected the USB cable and OpenBSD found

Nov 13 12:29:45 fw /bsd: uhidev0 at uhub0 port 4 configuration 1 interface 0 
"CPS CP1500PFCLCDa" rev 2.00/2.00 addr 2
Nov 13 12:29:45 fw /bsd: uhidev0: iclass 3/0, 45 report ids
Nov 13 12:29:45 fw /bsd: upd0 at uhidev0
Nov 13 13:00:58 fw /bsd: uhid4 at uhidev4 reportid 1: input=0, output=0, 
feature=1
Nov 13 13:00:58 fw /bsd: uhid5 at uhidev4 reportid 2: input=0, output=0, 
feature=1
Nov 13 13:00:58 fw /bsd: uhid6 at uhidev4 reportid 3: input=0, output=0, 
feature=1
Nov 13 13:00:58 fw /bsd: uhid7 at uhidev4 reportid 4: input=0, output=0, 
feature=1
Nov 13 13:00:58 fw /bsd: uhid8 at uhidev4 reportid 5: input=0, output=0, 
feature=1
Nov 13 13:00:58 fw /bsd: uhid9 at uhidev4 reportid 6: input=0, output=0, 
feature=1
Nov 13 13:00:58 fw /bsd: uhid10 at uhidev4 reportid 7: input=0, output=0, 
feature=6
Nov 13 13:00:58 fw /bsd: uhid11 at uhidev4 reportid 8: input=5, output=0, 
feature=5
Nov 13 13:00:58 fw /bsd: uhid12 at uhidev4 reportid 9: input=0, output=0, 
feature=2
Nov 13 13:00:58 fw /bsd: uhid13 at uhidev4 reportid 10: input=0, output=0, 
feature=2
Nov 13 13:00:58 fw /bsd: uhid14 at uhidev4 reportid 12: input=1, output=0, 
feature=1
Nov 13 13:00:58 fw /bsd: uhid15 at uhidev4 reportid 13: input=0, output=0, 
feature=1
Nov 13 13:00:58 fw /bsd: uhid16 at uhidev4 reportid 14: input=0, output=0, 
feature=1
Nov 13 13:00:58 fw /bsd: uhid17 at uhidev4 reportid 15: input=0, output=0, 
feature=2
Nov 13 13:00:58 fw /bsd: uhid18 at uhidev4 reportid 16: input=4, output=0, 
feature=4
Nov 13 13:00:58 fw /bsd: uhid19 at uhidev4 reportid 18: input=0, output=0, 
feature=2
Nov 13 13:00:58 fw /bsd: uhid20 at uhidev4 reportid 19: input=0, output=0, 
feature=1
Nov 13 13:00:58 fw /bsd: uhid21 at uhidev4 reportid 20: input=1, output=0, 
feature=1
Nov 13 13:00:58 fw /bsd: uhid22 at uhidev4 reportid 21: input=0, output=0, 
feature=2
Nov 13 13:00:58 fw /bsd: uhid23 at uhidev4 reportid 22: input=0, output=0, 
feature=2
Nov 13 13:00:58 fw /bsd: uhid24 at uhidev4 reportid 24: input=0, output=0, 
feature=4
Nov 13 13:00:58 fw /bsd: uhid25 at uhidev4 reportid 25: input=2, output=0, 
feature=2
Nov 13 13:00:58 fw /bsd: uhid26 at uhidev4 reportid 26: input=1, output=0, 
feature=1
Nov 13 13:00:58 fw /bsd: uhid27 at uhidev4 reportid 27: input=0, output=0, 
feature=1
Nov 13 13:00:58 fw /bsd: uhid28 at uhidev4 reportid 28: input=0, output=0, 
feature=5
Nov 13 13:00:58 fw /bsd: uhid29 at uhidev4 reportid 29: input=2, output=0, 
feature=2
Nov 13 13:00:58 fw /bsd: uhid30 at uhidev4 reportid 37: input=0, output=0, 
feature=1
Nov 13 13:00:58 fw /bsd: uhid31 at uhidev4 reportid 38: input=0, output=0, 
feature=1
Nov 13 13:00:58 fw /bsd: uhid32 at uhidev4 reportid 39: input=0, output=0, 
feature=1
Nov 13 13:00:58 fw /bsd: uhid33 at uhidev4 reportid 40: input=63, output=0, 
feature=63
Nov 13 13:00:58 fw /bsd: uhid34 at uhidev4 reportid 41: input=0, output=63, 
feature=63
Nov 13 13:00:58 fw /bsd: uhid35 at uhidev4 reportid 42: input=0, output=0, 
feature=1
Nov 13 13:00:58 fw /bsd: uhid36 at uhidev4 reportid 43: input=0, output=0, 
feature=1
Nov 13 13:00:58 fw /bsd: uhid37 at uhidev4 reportid 44: input=1, output=0, 
feature=1
Nov 13 13:00:58 fw /bsd: uhid38 at uhidev4 reportid 45: input=1, output=0, 
feature=1
Nov 13 13:21:58 fw sensorsd[42763]: upd0.indicator0: Off, UNKNOWN
Nov 13 13:21:58 fw sensorsd[42763]: upd0.indicator1: Off, UNKNOWN
Nov 13 13:21:58 fw sensorsd[42763]: upd0.indicator2: On, UNKNOWN
Nov 13 13:21:58 fw sensorsd[42763]: upd0.indicator3: Off, UNKNOWN
Nov 13 13:21:58 fw sensorsd[42763]: upd0.percent0: 100.00%, UNKNOWN
Nov 13 13:21:58 fw sensorsd[42763]: upd0.percent0: marked invalid
Nov 13 13:21:58 fw sensorsd[42763]: upd0.percent1: 100.00%, UNKNOWN
Nov 13 13:21:58 fw sensorsd[42763]: upd0.timedelta0: 11425.00 secs, UNKNOWN
Nov 13 13:23:38 fw sensorsd[20386]: upd0.indicator0: Off, UNKNOWN
Nov 13 13:23:38 fw sensorsd[20386]: upd0.indicator1: Off, UNKNOWN
Nov 13 13:23:38 fw sensorsd[20386]: upd0.indicator2: On, UNKNOWN
Nov 13 13:23:38 fw sensorsd[20386]: upd0.indicator3: Off, UNKNOWN
Nov 13 13:23:38 fw sensorsd[20386]: upd0.percent0: 100.00%, UNKNOWN
Nov 13 13:23:38 fw sensorsd[20386]: upd0.percent0: marked invalid
Nov 13 13:23:38 fw sensorsd[20386]: upd0.percent1: 100.00%, UNKNOWN
Nov 13 13:23:38 fw sensorsd[20386]: upd0.timedelta0: 11425.00 secs, UNKNOWN
Nov 13 13:27:03 fw /bsd: usbd_start_next: error=5
Nov 13 13:27:04 fw /bsd: usbd_free_xfer: xfer=0xfd821f61b690 not free
Nov 13 13:29:52 fw syslogd[98754]: exiting on signal 15

My sensorsd.conf contains

hw.sensors.upd0.percent0:low=99.00%:command=/etc/ups-shutdown %2

The 99.00% was to allow me to test it easily

As far as I could tell there is no way to ask sensorsd to only run a program 
when the UPS is not charging and the % left is less 

Re: Making MS teams work on openbsd

[Peter Hessler]

On 2023 Jan 20 (Fri) at 19:20:10 +1100 (+1100), curmudg...@telaman.net.au wrote:
:Perhaps doing up a package of Jami for BSDs would be a cleaner/better option?

People don't _want_ to run MS Teams.  People _need_ to run MS Teams so
they can communicate with co-workers or partner companies.

Offering some random other service, won't actually help solve that
problem.


-- 
Keep emotionally active.  Cater to your favorite neurosis.

Re: Authentication in OpenIKED

[Peter Hessler]

On 2023 Mar 01 (Wed) at 14:50:08 +0100 (+0100), Tobias Heider wrote:
:On Wed, Mar 01, 2023 at 01:38:24PM +, Stuart Henderson wrote:
:> On 2023/03/01 14:21, Tobias Heider wrote:
:> > On Wed, Mar 01, 2023 at 09:24:50AM -, Stuart Henderson wrote:
:> > > On 2023-03-01, J Doe  wrote:
:> > > > Hello,
:> > > >
:> > > > I have a question regarding authentication options in OpenIKED on 
:> > > > OpenBSD 7.2
:> > > >
:> > > > On my test lab I have one OpenBSD 7.2 machine with OpenIKED configured 
:> > > > to use PSK and a macOS 13.2.1 client that can connect to it.
:> > > >
:> > > > I read in: man iked.conf that PSK should not be used, so I am now 
:> > > 
:> > > I don't see that in the iked.conf manual. There is some reference to not
:> > > using psk in /etc/examples/iked.conf but it's not clear whether that's
:> > > because of the need to share a single psk with all endpoints connecting
:> > > via the same iked.conf configuration line (certainly a problem when
:> > > you have multiple users from unknown IPs but perhaps not if used for
:> > > separately-configured lan-to-lan tunnels with strong randomly generated
:> > > psks) or whether it's something else.
:> > 
:> > We should probably remove that comment.
:> 
:> Wondering if we should actually remove the whole examples/iked.conf
:> file, it doesn't seem hugely useful..
:> 
:
:I don't think I have ever used it.  ok with me if no one objects.
:

I have used examples/iked.conf to get started on my own iked.conf
before.  There are a lot of options and it gets confusing very quickly,
especially if you aren't used to building IPSec gateways.

as long as either the man page for iked.conf or /etc/examples/iked.conf
exist with usable example configs, I'm happy.


-- 
The human race has one really effective weapon, and that is laughter.
-- Mark Twain

Re: Upgrading from 7.2 stable to 7.3 current dig crashes (core-dumped) breaking smokeping

[Peter Hessler]

On 2023 Mar 07 (Tue) at 12:42:33 + (+), Tom Smyth wrote:
:Folks upgrading from 7.2 to 7.3 current snapshot
:dig seems to  crash ...
:
:
:/usr/sbin/dig localhost
:Bad system call (core dumped)
:

dig (et al) moved from /usr/sbin/ to /usr/bin/ in 6.7, you should update
your config to use the currently supported binary.

https://www.openbsd.org/faq/upgrade67.html#RmFiles


-- 
We will have solar energy as soon as the utility companies solve one
technical problem -- how to run a sunbeam through a meter.

Re: Upgrade 6.0 -> 6.1: ix mmba is not mem space

[Peter Hessler]

Assuming 1.140 is the "problem", 1.151 should fix it.

AKA: upgrade to 6.3.


On 2018 May 30 (Wed) at 09:21:58 +0200 (+0200), mxb wrote:
:Reverting if_ix.c to rev 1.139 brought ix back to live.
:
:Sent from my iDevice
:
:> 29 мая 2018 г., в 21:36, Maxim Bourmistrov  
написал(а):
:> 
:> Diff, discussed in the thread, seems to follow all the way to 6.3.
:> Sure I probably can try out 6.3, but I have a feeling that this will not 
help.
:> 
:> dmesg can be arranged.
:> 
:> Br 
:> 
:>> 29 maj 2018 kl. 20:56 skrev Chris Cappuccio :
:>> 
:>> No magic expected here, but why not try 6.3? 6.1 is not supported anymore, 
and in any event, you need to include full dmesg so that others without DL360 
Gen9 have a chance at helping you.
:>> 
:>> Maxim Bourmistrov [m...@alumni.chalmers.se] wrote:
:>>> Hey,
:>>> While moving one of machines from 6.0 to 6.1, I found 6.1 not able to 
attach ix-device.
:>>> Machine is HP DL360 Gen9.
:>>> 
:>>> ix0 at pci5 dev 0 function 0 "Intel 82599" rev 0x01: mmba is not mem space
:>>> ix1 at pci5 dev 0 function 1 "Intel 82599" rev 0x01: mmba is not mem space
:>>> 
:>>> Found this thread
:>>> 
http://openbsd-archive.7691.n7.nabble.com/OpenBSD-6-1-ix-Intel-82598EB-issue-td317072.html
 

:>>> 
:>>> and as far as I can see, this diff is in tree, but not helping here :(
:>>> 
:>>> Any clues? 
:>>> 
:>>> 4:0:1: Intel 82599
:>>>  0x: Vendor ID: 8086 Product ID: 10fb
:>>>  0x0004: Command: 0147 Status: 0010
:>>>  0x0008: Class: 02 Subclass: 00 Interface: 00 Revision: 01
:>>>  0x000c: BIST: 00 Header Type: 80 Latency Timer: 00 Cache Line Size: 10
:>>>  0x0010: BAR mem 32bit addr: 0x92c0/0x0010
:>>>  0x0014: BAR empty ()
:>>>  0x0018: BAR io addr: 0x2000/0x0020
:>>>  0x001c: BAR mem 32bit addr: 0x92e0/0x4000
:>>>  0x0020: BAR empty ()
:>>>  0x0024: BAR empty ()
:>>>  0x0028: Cardbus CIS: 
:>>>  0x002c: Subsystem Vendor ID: 103c Product ID: 17d0
:>>>  0x0030: Expansion ROM Base Address: 
:>>>  0x0038: 
:>>>  0x003c: Interrupt Pin: 01 Line: ff Min Gnt: 00 Max Lat: 00
:>>>  0x0040: Capability 0x01: Power Management
:>>>  State: D0 PME# enabled
:>>>  0x0050: Capability 0x05: Message Signalled Interrupts (MSI)
:>>>  0x0070: Capability 0x11: Extended Message Signalled Interrupts (MSI-X)
:>>>  0x00a0: Capability 0x10: PCI Express
:>>>  Link Speed: 5.0 / 5.0 GT/s Link Width: x8 / x8
:>>>  0x0100: Enhanced Capability 0x01: Advanced Error Reporting
:>>>  0x0140: Enhanced Capability 0x03: Device Serial Number
:>>>  0x0150: Enhanced Capability 0x0e: Alternate Routing ID
:>>>  0x0160: Enhanced Capability 0x10: Single Root I/O Virtualization
:>>>  0x00e0: Capability 0x03: Vital Product Data (VPD)
:>>> 
:>>> Br
:>>> 
:>>> 
:> 
:

-- 
Democracy can learn some things from Communism: for example, when a
Communist politician is through, he is through.

Re: amd64 boot(8) and ucom(4)

[Peter Hessler]

No, it is not.  boot(8) has no knowledge of usb.


On 2018 Jun 15 (Fri) at 15:18:29 -0400 (-0400), Filippo Valsorda wrote:
:Is boot(8) on amd64 capable of using a ucom(4) device as a console for status 
and single user mode? I'd like to control the bootloader on a board without 
native serial ports.
:
:I tried "set tty ucom0" per FAQ 7 but it did not work.
:
:I suspect the answer is no, but looking for confirmation, or maybe workarounds 
I should know about.
:
:Thanks,
:Filippo
:
:(Please keep me in Cc.)
:

-- 
A fanatic is one who can't change his mind and won't change the
subject.
-- Winston Churchill

Re: Stockholm anoncvs rsync mirror not updating

[Peter Hessler]

The fanout mirror for cvsync/rsync is currently having problems, so
almost all of the mirrors are not receiving updates.


On 2018 Jul 15 (Sun) at 20:10:40 +0200 (+0200), Andreas Kusalananda Kähäri 
wrote:
:The anoncvs rsync mirror at
:
:rsync://anoncvs.eu.openbsd.org/OpenBSD-cvs/
:
:seems to have stopped updating.  This has happened before when the
:cvsync (?) on the mirror fails or gets stuck.
:
:I sent a message to the maintainer this morning, but I thought I'd just
:mention it here too.
:
:Andreas
:
:
:--
:Andreas Kusalananda Kähäri,
:National Bioinformatics Infrastructure Sweden (NBIS),
:Uppsala University, Sweden.
:
:
:
:
:
:
:
:
:När du har kontakt med oss på Uppsala universitet med e-post så innebär det 
att vi behandlar dina personuppgifter. För att läsa mer om hur vi gör det kan 
du läsa här: http://www.uu.se/om-uu/dataskydd-personuppgifter/
:
:E-mailing Uppsala University means that we will process your personal data. 
For more information on how this is performed, please read here: 
http://www.uu.se/om-uu/dataskydd-personuppgifter/
:

-- 
It is said that the lonely eagle flies to the mountain peaks while the
lowly ant crawls the ground, but cannot the soul of the ant soar as
high as the eagle?

Q: Systems with Skylake based XEON silver CPUs supported by OpenBSD 6.3 amd64

[Steiner Peter]

Hello folks,

we are currently looking for new server hardware compatible with OpenBSD 6.3 
amd64.
I couldn't find a compatibility list for current systems.

We'd like to use Skylake based XEONs (e.g. Xeon Silver 4108) in current dual 
(or single) socket systems 
like "Dell PowerR640", "Fujitsu RX2530M4" (maybe "ProLiant DL360 Gen10" or 
"Lenovo ThinkSystem SR550")


Does anybody have hints for me where to look for information about hardware 
compatibility?

If someone actually runs OpenBSD 6.3 on a current XEON (or even an AMD EPIC) 
please let me know ;-)


Thanks in advance!


greetings from Austria
-Peter


PS: btw. our current OpenBSD systems have Broadwell-EP Xeon CPUs (for example 
E5-2620v4 in "Lenovo x3550M5" and "Fujitsu PRIMERGY RX2530 M2") with several 
Intel 82599 10Gbit NICs, running perfectly with OpenBSD 6.3

PPS: I already got the information that 6.3 boots into kernel panic on a 
"Fujitsu RX2530M4" with Xeon Silver 4110

autri(4) disabled by default

[Peter Kay]

I see autri(4) is disabled by default in an amd64 kernel, probably
others too, and has been for a very long time.

I can't see any notice of why this is so, anyone know?

My secondary system has a Trident 4DWave in it (yes, it's an old
soundcard. I grabbed it off ebay to work with Arca Noae, as it's not
so keen on a Soundblaster Live, and the motherboard is a server one
without any audio built in)

PK

Re: autri(4) disabled by default

[Peter Kay]

On 31 July 2018 at 14:22, Christian Weisgerber  wrote:
> On 2018-07-31, Janne Johansson  wrote:
>
>>> I see autri(4) is disabled by default in an amd64 kernel, probably
>>> others too, and has been for a very long time.
>>
>> Seems like it came over with the initial amd64 port from i386, and noone
>> tested it on amd64, so it never got enabled but remained commented out.
>
> It worked on sparc64, where it is enabled by default, back when I
> still had a Blade 100.

I can confirm it does work fine! Checked some Chrome and mplayer, no
worries with audio. Not sure about MIDI, nothing comes out of the
sound card but not too fussed about that.

autri0 at pci4 dev 0 function 0 "Trident 4DWAVE NX" rev 0x02: apic 5 int 16
audio0 at autri0
midi0 at autri0: <4DWAVE MIDI UART>

Re: SuperMicro A2SDi-4C-HLN4F

[Peter Hessler]

On 2018 Aug 20 (Mon) at 05:29:50 +0300 (+0300), li...@wrant.com wrote:
:You get what you ask for.  Says much about your original intent, to spread
:negative abusive words.  You fail to disrupt anything, no one has the time
:to read your boot up complaints with offensive language.  Get out of here.

wrant, Shut up.  You are routinely abusive and not helpful.  Don't
lecture people on tone, or how useful someone is.  You have always
failed in that comparision.

Don't respond, just shut up.

Re: BFD Status ?

[Peter Hessler]

On 2018 Aug 29 (Wed) at 18:05:50 +0200 (+0200), Arnaud BRAND wrote:
:Hello,
:
:I read Peter's presentation from BSDCan 2016 about BFD on OpenBSD.
:I could not find anything by googling.
:I looked at the codeand it seems to be there, albeit subjected to the BFD
:kernel option.
:
:Does it mean that the feature is not production ready yet ?
:
:How can I try it or help improve it ?
:
:Thanks for your help !
:Arnaud
:

Hi Arnaud

Yes, the BFD feature is not yet production ready.  There is still some
cleanup that needs to happen, and I plan to look at this at the upcoming
hackathon.

-peter


-- 
If you can lead it to water and force it to drink, it isn't a horse.

Re: WiFi: Join + wpa_supplicant

[Peter Hessler]

On 2018 Sep 05 (Wed) at 12:12:05 +0200 (+0200), Stefan Wollny wrote:
:Hi there,
:
:I am a little bit confused: Do I read the docs correct assuming that
:defining a join-list in /etc/hostname. and wpa_supplicant are
:mutually exclusive?
:
:I have set up a join-list and now I need to attach to a network where I
:can only login with credetials "user" and "user-password"...
:
:TIA.
:
:Kind regards,
:STEFAN
:

Hi Stefan

While they are not mutually exclusive, more work will need to be done in
wpa_supplicant to make this a transparent exercise.  While I'm not a
regular user of wpa_supplicant, if you restart wpa_supplicant once you
are connected to an 802.1X network it should work.


-- 
Brain fried -- Core dumped

Re: SGI O2 on 6.3 - Keyboard/Mouse issues

[Peter Kay]

The keyboard issue on an O2 is supposedly because it uses the PS/2 command set 
3 rather than the more widely used 2. Even in Irix the keyboard handling isn't 
perfect.

NetBSD is just as bad. I took the pragmatic approach of putting a keyboard 
faker on the PS/2 port and installing a USB PCI card, with a PS/2 to USB 
converter.

Xorg is pretty slow on the O2 as it's unaccelerated. NetBSD is a lot faster in 
X but their port is 32 bit.

Graphical debugger for C/C++ ?

[Peter Kay]

Just looking at writing a small enhancement to dhcpd, and starting to use
gdb properly for the first time. OK, it is functional, but it's a bit
awkward compared to graphical alternatives. 
What does everyone use? I can see ddd and eclipse exist at least.
Typically I've used windbg on Windows (and historically various others
such as Watcom).
I don't have an issue typing in commands, but a constant display of
source and local/global variables would be terribly useful. Ideally plus
an arbitrary memory display, and some understanding of C/C++ structures. 
PK

Hyperthreading not disabled on E5-2690 v1?

[Peter Kay]

I can't see any recent source code changes about hyperthreading, and
presume it's still supposed to be disabled by default?

It is not disabled on an EP2C602 with two E5-2690 CPUs (Sandy Bridge
EP), I can see 32 'CPUs' in both top and systat.

Bug I presume..? Can provide dmesg, debugging info, and remote access
if necessary.

hw.smt is set to zero

PK

Re: Hyperthreading not disabled on E5-2690 v1?

[Peter Kay]

Yep, I looked at the Top source after that and saw that the inactive
CPU hiding code was backed out seven days ago.

Running a make -j32 on a port shows that only CPUs 0-15 are active. Cheers!

PK
On Fri, 12 Oct 2018 at 21:41, Stuart Henderson  wrote:
>
> On 2018-10-12, Peter Kay  wrote:
> > I can't see any recent source code changes about hyperthreading, and
> > presume it's still supposed to be disabled by default?
> >
> > It is not disabled on an EP2C602 with two E5-2690 CPUs (Sandy Bridge
> > EP), I can see 32 'CPUs' in both top and systat.
> >
> > Bug I presume..? Can provide dmesg, debugging info, and remote access
> > if necessary.
> >
> > hw.smt is set to zero
> >
> > PK
> >
> >
>
> Currently I would expect them to show up but not have processes
> scheduled to them.
>
>

Re: Libreoffice package missing in i386 tree

[Peter Hessler]

Packages for i386 are finalized and are uploaded to the mirrors.  What
you see, is what was built.


On 2018 Oct 22 (Mon) at 08:15:18 +0300 (+0300), Kihaguru Gathura wrote:
:Hi,
:
:Is the LibreOffice package in the i386 tree expected for OpenBSD 6.4?
:not listed the mirrors so far.
:
:Kihaguru
:

-- 
"His great aim was to escape from civilization, and, as soon as he had
money, he went to Southern California."

Re: bgpctl not showing rib entries, pftables empty

[Peter Hessler]

Hi Ashe

Sorry about that, I forgot a part of the config file.

You'll need to add "nexthop qualify via default" to the global part of
the configuration.  Since the routers sending you the information are
not on your local link, there isn't a valid nexthop so the routes are
not selected.  Once the nexthops are accepted, the prefixes will be
processed and will be used.

-peter


On 2018 Oct 29 (Mon) at 03:37:23 + (+), Ashe Connor wrote:
:Hi all,
:
:I’ve set up bgpd for use with bgp-spamd.net’s servers.  As far as I can tell, 
the BGP connection and transfer is working fine:
:
:--8<--
:elisheva:~$ cat /etc/bgpd.conf
:spam_rs1="64.142.121.62"
:spam_rs2="217.31.80.170"
:spam_asn="65066"
:
:AS 65500
:fib-update no
:
:group "spam-bgp" {
:remote-as $spam_asn
:multihop 64
:export none
:neighbor $spam_rs1
:neighbor $spam_rs2
:}
:
:match from group "spam-bgp" community $spam_asn:42 set pftable 
"bgp_spamd_bypass"
:match from group "spam-bgp" community $spam_asn:666 set pftable "bgp_spamd"
:elisheva:~$ bgpctl show
:Neighbor   ASMsgRcvdMsgSent  OutQ Up/Down  
State/PrfRcvd
:217.31.80.170   65066410322 0 02:39:41  37096
:64.142.121.62   65066460318 0 01:25:30  37096
:elisheva:~$ bgpctl show rib memory
:RDE memory statistics
: 37096 IPv4 unicast network entries using 1.4M of memory
: 37096 rib entries using 2.3M of memory
: 74192 prefix entries using 6.8M of memory
:10 BGP path attribute entries using 1.1K of memory
: 2 BGP AS-PATH attribute entries using 82B of memory,
:   and holding 10 references
: 7 BGP attributes entries using 280B of memory
:   and holding 10 references
: 7 BGP attributes using 48B of memory
:RIB using 10.5M of memory
:
:RDE hash statistics
:path hash: size 131072, 10 entires
:min 0 max 2 avg/std-dev = 0.000/0.000
:aspath hash: size 131072, 2 entires
:min 0 max 1 avg/std-dev = 0.000/0.000
:attr hash: size 16384, 7 entires
:min 0 max 1 avg/std-dev = 0.000/0.000
:--8<--
:
:However, despite the entry counts being shown by `bgpctl show rib memory`, no 
other command lists entries as one might expect, and the pf tables are empty:
:
:--8<--
:elisheva:~$ bgpctl show rib
:flags: * = Valid, > = Selected, I = via IBGP, A = Announced,
:   S = Stale, E = Error
:origin validation state: N = not-found, V = valid, ! = invalid
:origin: i = IGP, e = EGP, ? = Incomplete
:
:flags ovs destination  gateway  lpref   med aspath origin
:elisheva:~$ bgpctl show rib community 65066:42
:flags: * = Valid, > = Selected, I = via IBGP, A = Announced,
:   S = Stale, E = Error
:origin validation state: N = not-found, V = valid, ! = invalid
:origin: i = IGP, e = EGP, ? = Incomplete
:
:flags ovs destination  gateway  lpref   med aspath origin
:elisheva:~$ doas pfctl -Ts -t bgp_spamd
:elisheva:~$ doas pfctl -Ts -t bgp_spamd_bypass
:elisheva:~$
:--8<--
:
:Any hints as to how to further diagnose?  I’ve tried most conceivable 
additional arguments to `bgpctl show rib` and I haven’t found a way to list 
entries yet.  Log entries are benign ((re)configuration success messages).
:
:Thanks,
:
:Ashe
:

-- 
For those who like this sort of thing, this is the sort of thing they like.
-- Abraham Lincoln

Re: Unexpected connection with `ifconfig join`

[Peter Hessler]

On 2018 Nov 02 (Fri) at 12:03:55 -0400 (-0400), AB wrote:
:I see in ifconfig(8) that setting nwid to an empty string will
:connect to any available AP.  When using join, and absent any nwid
:statement at all, is nwid set to an empty string?  Or is it null?
:

At boot, nwid is set to empty string "".  When you use join, nwid is
left as an empty string.  When join connects to a network, then nwid is
set to that network, and no longer has the empty string behaviour.



-- 
Any philosophy that can be put "in a nutshell" belongs there.
-- Sydney J. Harris

Re: apmd: howto resume with screen locked

[Peter Hessler]

On 2018 Nov 26 (Mon) at 01:18:59 + (+), shadrock uhuru wrote:
:
:also how do i resume from hibernate or suspend with the screen locked
:
:i use i3 and lock the screen with xautolock and i3lock in .i3/config
:
:i put i3lock in /etc/apm/resume
:
:when i  resume from ZZZ no lock screen appears, i am brought straight
:to  my desktop
:
:shadrock
:

/etc/apm/resume is ran as root, so you'll need that script to run i3lock
as your user, or to trigger i3's screenlock mechanism

I have a similar thing enabled on my laptop, but it's in /etc/apm/suspend:
pkill -USR1 -x xidle


-- 
Jacquin's Postulate on Democratic Government:
No man's life, liberty, or property are safe while the
legislature is in session.

Re: Instructions to build OpenBSD for RISC-V?

[Peter Hessler]

On 2018 Nov 28 (Wed) at 16:30:56 +0530 (+0530), Dinesh Thirumurthy wrote:
:Hi,
:
:Searched the list to find messages about riscv. I would
:appreciate instructions on getting it to boot on spike.
:
:Thanks.
:Dinesh

Step one: write a bunch of code.

OpenBSD has not been ported to RISC-V yet, so you (or someone) would
have to do that work.

Porting OpenBSD to any new architecture would be welcome, but so far
nobody has done it.

Good luck!


-- 
Money is the root of all wealth.

Re: current port build under 6.2

[Peter Hessler]

On 2018 Dec 11 (Tue) at 17:30:56 +0100 (+0100), Bambero wrote:
:Hi,
:I'm trying to compile clamav from current snapshots under OBSD 6.2 but it
:returns error when building package:
:

That's not supported.  ports and src need to be in lock-step.

If you want to install ports for 6.2, you'll need to use 6.2 ports or packages.

However, it may be best to upgrade to 6.4, or even -current.


-- 
I am so optimistic about beef prices that I've just leased a pot roast
with an option to buy.

Re: Cheaper alternatives for APC UPS

[Peter Kay]

This isn't what you want to hear, but all the alternatives to APC I'd be happy 
to use are more expensive. I've used cheaper alternatives in the past and they 
don't put out a decent sine wave or cope with dirty power from a generator.

Minimum of SmartUPS, and nothing less. There's a load of second hand ones on 
ebay for a more reasonable price.

PK

Re: Blocking "shodan.io" - What are my options?

[Peter Müller]

Hello Nino,

well, there is a list of known Shodan scanners available:
https://wiki.ipfire.org/configuration/firewall/blockshodan

However, it seems to be outdated - I observed "dojo.census.shodan.io"
(IPv4: 80.82.77.139), too.

Since scanners usually try to bypass blocking attempts or
rate limits, I doubt maintaining an IP list makes sense.
Querying RBLs or lists of known networks hosting malware
(i.e. Spamhaus DROP) probably requires less manual effort.

Thanks, and best regards,
Peter Müller


> Hi,
> 
> I wish to block all attempts by “shodan.io”. Basically I run an OpenBSD (6.4) 
> mail server using OpenSMTPD and notice quite bit of traffic all stemming from 
> “shodan.io". I have PF configured so I was wondering how to block such a 
> domain from making any attempts to connect to my server. There is little 
> information about Public IP addresses being used by "shodan.io" scanner, so 
> making an IP list for PF may be futile.
> 
> Could someone suggest a possible option? I was thinking along the lines of 
> “relayd” or "squid proxy”. My server is hosted at Vultr and has a single WAN 
> interface with Public IP. There is no internal LAN interface.
> 
> For those who do not know about “shodan.io”, please do a search and you will 
> discover what it does.
> 
> Regards
> 
> Nino
> 


-- 
Microsoft DNS service terminates abnormally when it recieves a response
to a DNS query that was never made.  Fix Information: Run your DNS
service on a different platform.
-- bugtraq

Re: mirror download speed variation

[Peter Hessler]

I'm one of the admins of ftp.hostserver.de, can you (privately) email me
your source IP and a traceroute to us?


On 2019 Jan 08 (Tue) at 15:24:38 +0200 (+0200), Mihai Popescu wrote:
:Hi,
:
:I use to retrieve my install sets from a mirror, after I start the
:install procedure with minirootxx.fs
:
:Since the mirrors in my country are updating late and they have some
:problems in doing it right, I used ftp.hostserver.de. The download was
:working fine, something around 3MBps. This mirror started few days ago
:to provide me only with 64KBps constantly, no matter if i do http or
:https.
:
:I tried cdn.openbsd.org too, the download is super fast for me, like
:30MBps. Still, sometimes it drops to 64KBps too, and stays there. I've
:read some articles about CDN networks, but I am not able to see the
:big picture.
:
:So, I still have two questions about mirrors:
:Can a mirror limit your download speed ?
:Do a CDN url point to an existing mirror, or is it a diffeent server?
:
:Thank you.
:

-- 
Eggheads unite!  You have nothing to lose but your yolks.
-- Adlai Stevenson

Re: w o w

[Peter Hessler]

On 2021 Apr 24 (Sat) at 13:54:19 -0400 (-0400), ben wrote:
[ remove offensive drivel]

No.  Do not insult people on this mailing list.  That is not appropriate
for anyone.

As a developer, I am offended by your mail and want you to never send
such a thing again.

AUTOCONF4 flag

[Peter Wens]

Hi,

In OpenSBD 6.9 the AUTOCONF4 flag is not set
with 'dhcp' set in hostname.if (from fresh install)

If 'autoconf' instead of 'dhcp' is used with dhcpleased
the flag is set.

Is this intentional in 6.9?

Best regards,

Peter

Re: AUTOCONF4 flag

[Peter Wens]

Thanks for clearing this up.

Peter

On 5/1/21 5:08 PM, Theo de Raadt wrote:

Peter Wens  wrote:


Hi,

In OpenSBD 6.9 the AUTOCONF4 flag is not set
with 'dhcp' set in hostname.if (from fresh install)


You have described this incorrectly.  In 6.8, choosing "dhcp" would run
dhclient(8) in that interfaces, and dhclient would set the AUTOCONF4 flag.
That was incorrect.  AUTOCONF4 is supposed to work like AUTOCONF6.

These are per-interface flags which indicate a request: "Someone please
go get us a dynamic address".  dhclient incorrectly believed the flag
meant "I have gotten a dynamic address"


If 'autoconf' instead of 'dhcp' is used with dhcpleased
the flag is set.

Is this intentional in 6.9?


Yes, it is intentional.

In 6.9:

1) 'autoconf' is to instruct dhcpleased(8), to do dhcp lease-learning, then
dhcpleased(8) will communicate learned DNS configuration via
route-socket to resolvd(8), which will make changes to /etc/resolv.conf

2) 'dhcp' runs a per-interface dhclient(8) which will manage /etc/resolv.conf

The two dhcp modes of operation are incompatible.

By 7.0 we hope to switch to the model described in (1), because this
allows resolvd(8) to blend DNS configuration from multiple sources into
/etc/resolv.conf, rather than havine one per-interface daemon smashing
the file.

Re: USB-C monitors

[Peter Hessler]

Yes, I've used that with a couple different monitors, and a handful
of usb-c to hdmi adapters.  All worked fine, and behaved just like
normal hdmi/dvi/vga monitors.

Power delivery and usb also worked as expected.


On 2021 Sep 19 (Sun) at 14:29:27 +0200 (+0200), Jan Betlach wrote:
:Hi guys,
:
:I am on -current and considering to purchase a USB-C monitor (power
:delivery to my Thinkpad over one cable).
:Do USB-C dislplays work on OpenBSD?
:
:Thanks in advance
:
:Jan
:

-- 
Ray's Rule of Precision:
Measure with a micrometer.  Mark with chalk.  Cut with an axe.

dhcpleased: interface "stalls" during Renewing

[Peter Gorsuch]

Hi All,

As [Renewing] begins and during the renewing cycle (as I view 
configuration with dhcpleasectl -l fxp0) about halfway through the 
ISP'one hour dhcp lease, the external interface seems to become "stalled".


"Stalled" is a term that describes the experience of using a host on the 
lan, as one's video is fine, then stops, then starts up again after some 
period of time.


This on a dual homed i386 GENERIC installation planned to be a router 
and run unbound and dhcp for the lan.
Subject to my understanding, I'm informed by 
https://www.mail-archive.com/misc@openbsd.org/msg180064.html and I 
imagine there is some interplay with the dhcp rebinding/renewing 
timer(s) and name resolution.


hostname.fxp0 has:
lladdr [fxp0 mac address]
inet autoconf
up

during the "stall":
from a local host I can ping the "stalled" interface
from the stalled interface I can ping the adjacent fxp1 interface (and 
vice versa)

from the stalled interface I can ping a local lan host
from the stalled interface I cannot ping the dhcp server
ping -I 64.203.147.252 64.4.147.142 (dhcp server) and ping says "No 
route to host"


Another dhcp server: 64.4.117.66 has provided an address and all is good 
until the next Renewing cycle.


For completeness I'll mention that during the "stall" or Renewing time, 
when the client does the unicast request, ISP dhcp server is the fourth 
hop out from fxp0.


Please find below logs of tcpdump on port 67 and 68  along with a record 
of dhcpleased's actions.


Again, all is subject to my understanding of things, and if further 
direction is needed, I'm willing.


Thank you very much,
Pete

tcpdump on ports 67 and 67 (overnight):

21:37:37.794212 00:01:29:17:24:01 ff:ff:ff:ff:ff:ff 0800 342: 0.0.0.0.68 
> 255.255.255.255.67:  xid:0xbf9abf5 [|bootp] [tos 0x10]
21:37:37.820800 a4:7b:2c:3d:03:74 00:01:29:17:24:01 0800 590: 
64.203.147.2.67 > 64.203.147.251.68:  xid:0xbf9abf5 Y:64.203.147.251 
G:10.245.0.3 [|bootp] [tos 0xc0]
22:07:37.921663 00:01:29:17:24:01 00:00:5e:00:01:09 0800 342: 
64.203.147.251.68 > 64.4.117.142.67:  xid:0xe8045d16 [|bootp]
22:18:53.031792 00:01:29:17:24:01 00:00:5e:00:01:09 0800 342: 
64.203.147.251.68 > 64.4.117.142.67:  xid:0x7565c229 [|bootp]
22:30:42.560940 00:01:29:17:24:01 ff:ff:ff:ff:ff:ff 0800 342: 0.0.0.0.68 
> 255.255.255.255.67:  xid:0xb5045322 [|bootp] [tos 0x10]
22:30:42.585848 a4:7b:2c:3d:03:74 00:01:29:17:24:01 0800 590: 
64.203.147.2.67 > 64.203.147.251.68:  xid:0xb5045322 Y:64.203.147.251 
G:10.245.0.3 [|bootp] [tos 0xc0]
22:30:42.588890 00:01:29:17:24:01 00:00:5e:00:01:09 0800 342: 
64.203.147.251.68 > 64.4.117.142.67:  xid:0x94f64521 [|bootp]
23:20:23.003559 00:01:29:17:24:01 ff:ff:ff:ff:ff:ff 0800 342: 0.0.0.0.68 
> 255.255.255.255.67:  xid:0xd82511a3 [|bootp] [tos 0x10]
23:20:23.028535 a4:7b:2c:3d:03:74 00:01:29:17:24:01 0800 590: 
64.203.147.2.67 > 64.203.147.251.68:  xid:0xd82511a3 Y:64.203.147.251 
G:10.245.0.3 [|bootp] [tos 0xc0]
23:50:23.130648 00:01:29:17:24:01 00:00:5e:00:01:09 0800 342: 
64.203.147.251.68 > 64.4.117.142.67:  xid:0xb72f620e [|bootp]
00:13:27.769937 00:01:29:17:24:01 ff:ff:ff:ff:ff:ff 0800 342: 0.0.0.0.68 
> 255.255.255.255.67:  xid:0xaf233fee [|bootp] [tos 0x10]
00:13:27.794085 a4:7b:2c:3d:03:74 00:01:29:17:24:01 0800 590: 
64.203.147.2.67 > 64.203.147.251.68:  xid:0xaf233fee Y:64.203.147.251 
G:10.245.0.3 [|bootp] [tos 0xc0]
00:43:27.898039 00:01:29:17:24:01 00:00:5e:00:01:09 0800 342: 
64.203.147.251.68 > 64.4.117.66.67:  xid:0x5218fa3b [|bootp]
01:06:32.537328 00:01:29:17:24:01 ff:ff:ff:ff:ff:ff 0800 342: 0.0.0.0.68 
> 255.255.255.255.67:  xid:0x4eb78fc9 [|bootp] [tos 0x10]
01:06:32.562361 a4:7b:2c:3d:03:74 00:01:29:17:24:01 0800 590: 
64.203.147.2.67 > 64.203.147.251.68:  xid:0x4eb78fc9 Y:64.203.147.251 
G:10.245.0.3 [|bootp] [tos 0xc0]
01:36:32.664554 00:01:29:17:24:01 00:00:5e:00:01:09 0800 342: 
64.203.147.251.68 > 64.4.117.66.67:  xid:0xbd0c7e36 [|bootp]
01:59:37.303896 00:01:29:17:24:01 ff:ff:ff:ff:ff:ff 0800 342: 0.0.0.0.68 
> 255.255.255.255.67:  xid:0x5ad6e610 [|bootp] [tos 0x10]
01:59:37.328723 a4:7b:2c:3d:03:74 00:01:29:17:24:01 0800 590: 
64.203.147.2.67 > 64.203.147.251.68:  xid:0x5ad6e610 Y:64.203.147.251 
G:10.245.0.3 [|bootp] [tos 0xc0]
02:29:37.431019 00:01:29:17:24:01 00:00:5e:00:01:09 0800 342: 
64.203.147.251.68 > 64.4.117.142.67:  xid:0x880c6233 [|bootp]
02:51:41.962153 00:01:29:17:24:01 ff:ff:ff:ff:ff:ff 0800 342: 0.0.0.0.68 
> 255.255.255.255.67:  xid:0xe92a28b6 [|bootp] [tos 0x10]
02:51:41.986640 a4:7b:2c:3d:03:74 00:01:29:17:24:01 0800 590: 
64.203.147.2.67 > 64.203.147.251.68:  xid:0xe92a28b6 Y:64.203.147.251 
G:10.245.0.3 [|bootp] [tos 0xc0]
03:21:42.089271 00:01:29:17:24:01 00:00:5e:00:01:09 0800 342: 
64.203.147.251.68 > 64.4.117.66.67:  xid:0xa0ed2e00 [|bootp]
03:44:46.728577 00:01:29:17:24:01 ff:ff:ff:ff:ff:ff 0800 342: 0.0.0.0.68 
> 255.255.255.255.67:  xid:0xba32aa0b [|bootp] [tos 0x10]
03:44:46.753055 a4:7b:2c:3d:03:74 00:01:29:17:24:01 0800 590: 
64.203.147.2.67 > 64.203.147.251.68:  xid:0x

Re: dhcpleased: interface "stalls" during Renewing

[Peter Gorsuch]

Thanks Sebastian, and this situation seems different from the thread 
that informed me, as my "stall" starts immediately at the Renewing 
transition and lasts nearly 30 minutes until the client broadcasts.  I 
believe Florian's fix was for a 20 second or so dropout at the end, 
where my situation starts right at the Renewing process.


Also, I don't know how to apply a diff, heh.  Looks like I would use 
sysupgrade(8) to apply the snapshot and that is worth a try.


Best,

Pete

On 11/14/2021 4:23 PM, Sebastian Benoit wrote:

Peter Gorsuch(gorsu...@cfw.com) on 2021.11.13 08:25:00 -0500:

Hi All,

As [Renewing] begins and during the renewing cycle (as I view
configuration with dhcpleasectl -l fxp0) about halfway through the
ISP'one hour dhcp lease, the external interface seems to become "stalled".

"Stalled" is a term that describes the experience of using a host on the
lan, as one's video is fine, then stops, then starts up again after some
period of time.

This on a dual homed i386 GENERIC installation planned to be a router
and run unbound and dhcp for the lan.
Subject to my understanding, I'm informed by
https://www.mail-archive.com/misc@openbsd.org/msg180064.html and I
imagine there is some interplay with the dhcp rebinding/renewing
timer(s) and name resolution.

Have you tried the fix suggested by florian@ in that thread?

If not you can upgrade to the latest snapshot, that change was commited
yesterday.

Re: What password manager do you recommend?

[Mario Peter]

Hi! I use 'Pain Free Passwords', a browser extension from Wladimir
Palant. It can regenerate your password from user, website and your
password - or store your own ones, locally. I've been using it for years
and never thougt about passwords again.

https://pfp.works/

Mario



On Jan 07 2022, 13:23, Sean Kamath  wrote:

>> On Jan 7, 2022, at 11:53, fo...@dnmx.org wrote:
>> 
>> Hello. I hope this these types of questions are okay for an mailing list..
>> I completely understand if they are not..
>> 
>> There's password-store, but it does need some shitty dependencies..
>> Then there's opm, but since it doesn't seem to be popular fuck-knows-who
>> if it's secure(ish)..
>> 
>> If I were to use password-store, I'd have dmenu pipe in the query, then
>> just pipe the password to `xclip -i -selection clipboard` which is a
>> decent setup I guess..
>
> gpg < file.gpg
>
> Sean
>
> PS OK, it’s more complicated than that, but that’s what it boils down to.

surface laptop 3, keyboard doesn't work

[Peter Miller]

uot; rev 2.10/90.11 addr 2
uhidev0 at uhub4 port 1 configuration 1 interface 0 "VIA Labs, Inc.
USB Keyboard" rev 2.00/3.01 addr 3
uhidev0: iclass 3/1, 2 report ids
uhid0 at uhidev0 reportid 1: input=63, output=9, feature=0
uhid1 at uhidev0 reportid 2: input=0, output=63, feature=0
uhub5 at uhub4 port 2 configuration 1 interface 0 "Generic 4-Port USB
2.0 Hub" rev 2.10/1.21 addr 4
uhidev1 at uhub5 port 2 configuration 1 interface 0 "Cypress USB
Keyboard" rev 2.00/0.01 addr 5
uhidev1: iclass 3/1
ukbd0 at uhidev1: 8 variable keys, 6 key codes
wskbd0 at ukbd0: console keyboard
uhidev2 at uhub5 port 2 configuration 1 interface 1 "Cypress USB
Keyboard" rev 2.00/0.01 addr 5
uhidev2: iclass 3/0, 10 report ids
ucc0 at uhidev2 reportid 3: 1024 usages, 18 keys, array
wskbd1 at ucc0 mux 1
ukbd1 at uhidev2 reportid 5: 0 variable keys, 6 key codes
wskbd2 at ukbd1 mux 1
uhid2 at uhidev2 reportid 7: input=0, output=0, feature=1
uhid3 at uhidev2 reportid 8: input=4, output=0, feature=0
uhid4 at uhidev2 reportid 9: input=0, output=0, feature=3
uhid5 at uhidev2 reportid 10: input=1, output=0, feature=0
uhidev3 at uhub5 port 3 configuration 1 interface 0 "CHERRY Wireless
Mouse" rev 1.10/1.01 addr 6
uhidev3: iclass 3/1, 5 report ids
ums0 at uhidev3 reportid 3: 5 buttons, Z and W dir
wsmouse0 at ums0 mux 0
uhid6 at uhidev3 reportid 5: input=5, output=6, feature=0
uhidev4 at uhub5 port 4 configuration 1 interface 0 "vendor 0x1a7c
Evoluent VerticalMouse 4" rev 2.00/0.01 addr 7
uhidev4: iclass 3/1
ums1 at uhidev4: 6 buttons, Z dir
wsmouse1 at ums1 mux 0
uvideo0 at uhub1 port 6 configuration 1 interface 0 "Surface Surface
Camera Front" rev 2.01/10.37 addr 8
video0 at uvideo0
uvideo1 at uhub1 port 6 configuration 1 interface 2 "Surface Surface
Camera Front" rev 2.01/10.37 addr 8
video1 at uvideo1
ugen0 at uhub1 port 10 "Intel Bluetooth" rev 2.01/0.02 addr 9
umass2 at uhub1 port 14 configuration 1 interface 0 "KINGWIN
KM-U3NGFF" rev 3.00/1.00 addr 10
umass2: using SCSI over Bulk-Only
scsibus4 at umass2: 2 targets, initiator 0
sd4 at scsibus4 targ 1 lun 0: 
serial.174c55aa1234567890C8
sd4: 244198MB, 512 bytes/sector, 500118192 sectors
vscsi0 at root
scsibus5 at vscsi0: 256 targets
softraid0 at root
scsibus6 at softraid0: 256 targets
root on sd4a (8cbf172f575aade4.a) swap on sd4b dump on sd4b
inteldrm0: 1920x1080, 32bpp
wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation), using wskbd0
wskbd1: connecting to wsdisplay0
wskbd2: connecting to wsdisplay0
wsdisplay0: screen 1-5 added (std, vt100 emulation)
iwx0: hw rev 0x330, fw ver 63.c04f3485.0, address c8:34:8e:08:44:23
hw.sensors.cpu0.temp0=42.00 degC
hw.sensors.acpibtn0.indicator0=On (lid open)
hw.sensors.acpitz0.temp0=26.80 degC (zone temperature)
hw.sensors.acpitz1.temp0=26.80 degC (zone temperature)
hw.sensors.acpitz2.temp0=26.80 degC (zone temperature)
hw.sensors.acpitz3.temp0=26.80 degC (zone temperature)
hw.sensors.acpitz4.temp0=26.80 degC (zone temperature)
hw.sensors.acpitz5.temp0=26.80 degC (zone temperature)
hw.sensors.acpitz6.temp0=26.80 degC (zone temperature)

-- 
Thanks
Peter

Re: static IPv6 setup is not working stable

[Peter Fröhlich]

Just to chime in uselessly, I am having no end of trouble with IPv6 on
various machines. I cannot get IPv6 to work either on my PC-ENGINES
APU connected to a FRITZ!box or my VPS at tinykvm.com; but for
whatever reason things work better (although not completely) at
vultr.com. As far as I know the setups are identical, but of course
the "upstream" network is different in each case. Luckily I don't
really need IPv6 so I just decided to ignore the issues. But that
doesn't feel very satisfying. (And my Google-fu must be terrible
because I cannot seem to find a single OpenBSD IPv6 tutorial that
actually works when I try to go with it.)

Wireguard

[Peter Fraser]

This is my first attempt to set up wireguard, and of course I can't get it to 
work.

The wg man page shows "ifconfig wgN debug" as an option to help debugging.
The man page for ifconfig does document the option.
Nor does the man page tell how to turn the option off.

I hoped it might show me my problem, I don't now where the messages are going,

Wireguard config and confusions

[Peter Fraser]

I did get it work, but it took a lot of tries caused by my confusion.
I hope this message speed up other who try to configure wireguard.
I was trying to connect a windows 10 computer to an OpenBsd computer.
The problem was the OpenBSD computer was a 20 minute drive away, 
And I didn't want to lock myself and others out if I made a mistake.
Which I did once and had to make the drive.

1) Ifconfig wg0 debug   is not useful
2) Ifconfig wg0 -debug  is not documented, admittedly it is easy guess 
it existence, but the other - options are documented
3) If IP address give to wg0 on the server has to be available to the outside 
world to allow establishing connections
This can be done by giving it an external IP address or using a rdr-to in 
PF.
4) the IP address of client interface is what will appear as the source address 
of client, independent of whatever NATing goes on.
5) You can't use the same wgpeer for multiple clients, each one has to be 
unique.
6) The wgpeer and wgaip have be set together, you cannot set the separately.
7) When the packets come in through wg0, the return packet will want to go out 
through to default interface
 To stop that you will need a route command to direct the packets back to 
the wg0 interface, for that you will need the IP addresses involved.
8) To keep your sanity, you want to have a private subnetwork, to be used by 
all the clients just for this purpose.
 Which allows you to construct the route command and set wgaip values.
9) If you are connecting subnetworks you probably want a separate wg interface 
for each subnetwork.

4G mini PCI-e modem support?

[Peter Kay]

There appear to be no 4G modem support at the moment, specifically a
mini PCI-e one so I can stick it in a PC engines apu4d4 and have a
backup connection.

Presuming a driver would need to be written, but just checking if I've
missed anything?

Re: How to request a specific IP address from DHCP server

[Peter Kay]

On Tue, 19 Jan 2021 at 20:57, Radek  wrote:
>
> Hi,
> I can't manage to request a specific IP address from DHCP server.  It is just 
> a testing lab, the requiested IP address (.104) isn't used by any other 
> client. What I'm doing wrong?
You're using the wrong tool for the job, use an address reservation
bound to the client MAC on the DHCP server instead.

Whether or not requesting an address client side works, at any time it
could fail due to a change in leases allocated to other clients, or
configuration changes at the server end. If a specific IP is needed,
use reservations instead.

PK

Re: 4G mini PCI-e modem support?

[Peter Kay]

On Fri, 8 Jan 2021 at 16:47, Stefan Sperling  wrote:
>
> On Fri, Jan 08, 2021 at 05:13:52PM +0100, Patrick Wildt wrote:

> > There's umb(4).  It supports USB's MBIM standard.  There are some MBIM
> > compatible chips around, one for instance is this one:
[..]
> I have umb(4) working on an APU1 board. It's a Sierra Wireless EM7345, the one
> shipped with x250 Thinkpads. Installation in an APU requires a compatible M.2
> to miniPCIe adapter. Make sure to get an adapter with the correct M.2 keying.
> If the vendor advertises GSM/UMTS/LTE modem support the adapter should work.
> If they don't, better ask before buying.
>
> This combo works fine in the middle miniPCIe slot of the APU. You'll need a
> full size SIM card for the SIM card slot. Again, an adapter will help to fit
> a micro or nano SIM.
>
> You will also want LTE antennas and compatible pigtails. Using wifi antennas
> will result in about 50% packet loss.

Much obliged, I see some of those cards are quite cheap on ebay, and I
don't need to have the absolute latest.

Now to find antennas and pigtails to link to the card

PK

Re: old nslookup binary found?

[Peter Hessler]

On 2023 Apr 15 (Sat) at 09:33:51 +0300 (+0300), Maksim Rodin wrote:
:Hello,
:I accidentally found a possibly old nslookup binary from 2019
:in /usr/sbin when I ran nslookup as root:
:root ~ # echo $PATH
:/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin:/usr/local/sbin:/usr/local/bin
:root ~ # which nslookup
:/usr/sbin/nslookup
:root ~ # nslookup openbsd.org
:Bad system call (core dumped)
:root ~ # ls -lA /usr/sbin/nslookup
:-r-xr-xr-x  1 root  bin  1499352 Oct 12  2019 /usr/sbin/nslookup
:
:But a working nslookup binary is there:
:root ~ # ls -lA /usr/bin/nslookup
:-r-xr-xr-x  3 root  bin  403056 Mar 25 19:15 /usr/bin/nslookup
:
:Is it really just the old official binary which could remain after an
:upgrade?
:This is the 7 year old OpenBSD installation which is regularly
:upgraded.
:
:-- 
:Maksim Rodin
:

The upgrade from 6.6->6.7 guide did tell you to delete these files.

https://www.openbsd.org/faq/upgrade67.html#RmFiles


-- 
Living on Earth may be expensive, but it includes an annual free trip
around the Sun.

Re: dhcpleased losing route

[Peter Hessler]

On 2023 May 12 (Fri) at 00:10:33 +1000 (+1000), David Diggles wrote:
:Here's a longer tcpdump that should have a couple of rounds.
:The ISP does offer ipv6 but I'm not ready to give up on dhcp yet.
:

You can run both in parallel, no problems with that.


-- 
Expect the worst.  It's the least you can do.

Re: OpenBSD Hackathons

[Peter Hessler]

Hi Katherine,

Upcoming hackathons are shared privately among committers, and on a
case-by-case basis when it is decided to invite someone.

-peter


On 2023 May 12 (Fri) at 19:37:18 + (+), Katherine Mcmillan wrote:
:Hi Stuart,
:
:Thank you for your response.  The upcoming OpenBSD Hackathons aren't published 
anywhere?  How do new people know where/when they are?
:
:Thank you,
:Katie
:
:
:From: owner-m...@openbsd.org  on behalf of Stuart 
Henderson 
:Sent: 12 May 2023 13:54
:To: misc@openbsd.org 
:Subject: Re: OpenBSD Hackathons
:
:Attention : courriel externe | external email
:
:On 2023-05-12, Katherine Mcmillan  wrote:
:> Hello all,
:>
:> I've looked over the OpenBSD hackathons listed here: 
https://www.openbsd.org/hackathons.html
:> but I'm only seeing previous hackathons.  Where can I find upcoming 
Hackathons?
:
:You can't, they are invite only and details aren't publically available
:in advance.
:
:> Also, I'm wondering about the minimum size for an official hackathon. Does 
anyone happen to know? I'm seeing 4 as the lowest number of attendees for the 
official ones.
:
:hackathons.html gives an idea of the sprwad of hackathon sizes.
:

-- 
Pick another fortune cookie.

Re: Github has openbsd_hammer2fs

[Peter Hessler]

There are lots of projects on Github.  Sometimes, they have the word
"openbsd" in the title or README.  Those are added by the author.

Any discussion about inclusion in OpenBSD will happen on the OpenBSD
mailing lists, and most certainly not in any github project, pr, issue,
or whatever else they have. Until it has been committed to the OpenBSD
src tree, it won't be included in the default system.


On 2023 Aug 22 (Tue) at 16:28:08 + (+), dues_openbsd wrote:
:hi, dears.
:recently, I get the email by friends
:it says Github has openbsd_hammer2fs and makefs.
:
:Is that means. It will be "The OpenBSD can use The Modern journaling file 
system".
:
:The OpenBSD could be include "openbsd_hammer2fs" in default system?
:
:(I know "google summer code 2011" says "hammer2fs will be in OpenBSD ". but, 
rejected, is that correct?)
:
:https://github.com/kusumi/openbsd_hammer2
:
:https://github.com/kusumi/makefs

Re: Correct donation page

[Peter Hessler]

if you have questions about the OpenBSD Foundation, I recommend that you
ask them directly.

And while I am not part of the Foundation, I do not appreciate your
insuation.



On 2023 Sep 11 (Mon) at 21:45:27 + (+), Katherine Mcmillan wrote:
:Oh thank goodness that you specified directorS Stuart; I thought it was just 
Ken Westerback there directing (although, without a board, dictating may be the 
term).
:
:Thank you for confirming that Nayden Markatchev is still actively directing 
the Foundation!  It is good to know that there is still an active Board of 
DirectorS for the OpenBSD Foundation.
:
:I feel relieved,
:Katie
:
:From: owner-m...@openbsd.org  on behalf of Stuart 
Henderson 
:Sent: 11 September 2023 17:31
:To: misc@openbsd.org 
:Subject: Re: Correct donation page
:
:Attention : courriel externe | external email
:
:On 2023-09-11, m...@x9p.org  wrote:
:>
:> On 9/11/23 07:40, Stuart Henderson wrote:
:>> That page probably just needs updating. Used to be done via
:>> bitpay, but not any more.
:
:(by "that page" I mean the one on www.openbsd.org)
:
:> I see coingate being used by a few companies, and some sites say it is
:> good for companies/organizations outside the USA. Transaction fee is 1%
:> and supports 70+ coins. Meanwhile, ppl from
:> https://www.openbsdfoundation.org/donations.html can simply open a
:> wallet and post the address in the donations.html page (binance,
:> blockchain.com/wallet, others..)
:
:I would assume the Foundation directors are quite capable of finding
:an alternative if they want to do so.
:
:The simplest method to donate to the foundation is to convert whatever
:into actual money and send it to them.
:
:

-- 
Last week a cop stopped me in my car.  He asked me if I had a police
record.  I said, no, but I have the new DEVO album.  Cops have no sense
of humor.

Re: No /etc/rpki/arin.tal?

[Peter Hessler]

Because ARIN insists on a completely ridiculous agreement for a public
key to verify their data.

we cannot make the agreement for you.

from the rpki-client(8) man page:
 All the top-level TAL are included, except the ARIN TAL which is not made
 available with terms compatible with open source.  That public key is
 treated as a proprietary object in a lengthy legal agreement regarding
 ARIN service restrictions.



On 2023 Sep 13 (Wed) at 11:05:50 -0700 (-0700), Lyndon Nerenberg 
(VE7TFX/VE6BBM) wrote:
:After some head bashing wondering why rpki-client wasn't
:finding our ROAs I discovered the system doesn't ship with
:ARINs tal file.  So great swaths of RPKI data aren't getting
:downloaded.
:
:Why are those things?
:
:--lyndon
:

Re: No /etc/rpki/arin.tal?

[Peter Hessler]

On 2023 Sep 13 (Wed) at 14:45:37 -0700 (-0700), Lyndon Nerenberg 
(VE7TFX/VE6BBM) wrote:
:This might be worth a note in the rpki-client manpage

Please re-read my entire email.

Re: Webcam support on Lenovo Thinkpad T14 Gen3 (Intel)

[Peter Hessler]

A lot of the Thinkpad laptops have a physical switch that will
cover/uncover the camera.  Can you switch it to the other and try again?

-peter



On 2023 Oct 07 (Sat) at 12:53:12 + (+), Comète wrote:
:Hi,
:
:$ video -f /dev/video0
:video: ioctl VIDIOC_DQBUF: Invalid argument
:
:the LED lights up near the camera and a black window is displayed...
:
:
:I've strictly followed https://www.openbsd.org/faq/faq13.html#webcam
:
:
:then to answer Crystal:
:
:$ ffplay -f v4l2 -input_format yuyv422 -video_size 960x540 -i /dev/video0 
:ffplay version 4.4.3 Copyright (c) 2003-2022 the FFmpeg developers 
:built with OpenBSD clang version 13.0.0 
:configuration: --enable-shared --arch=amd64 --cc=cc --enable-debug 
--disable-stripping
:--disable-indev=jack --disable-outdev=sdl2 --enable-fontconfig --enable-frei0r 
--ena
:ble-gpl --enable-ladspa --enable-libaom --enable-libass --enable-libdav1d 
--enable-libfreetype
:--enable-libfribidi --enable-libgsm --enable-libmp3lame --enable-libopus --ena
:ble-libspeex --enable-libtheora --enable-libv4l2 --enable-libvorbis 
--enable-libvpx
:--enable-libx264 --enable-libx265 --enable-libxml2 --enable-libxvid 
--enable-libzimg --en
:able-nonfree --enable-openssl --enable-libvidstab 
--extra-cflags='-I/usr/local/include
:-I/usr/X11R6/include' --extra-libs='-L/usr/local/lib -L/usr/X11R6/lib' 
--extra-ldsofla
:gs= --mandir=/usr/local/man --objcc=/usr/bin/false --optflags='-O2 -pipe -g 
-Wno-redundant-decls' 
:libavutil 56. 70.100 / 56. 70.100 
:libavcodec 58.134.100 / 58.134.100 
:libavformat 58. 76.100 / 58. 76.100 
:libavdevice 58. 13.100 / 58. 13.100 
:libavfilter 7.110.100 / 7.110.100 
:libswscale 5. 9.100 / 5. 9.100 
:libswresample 3. 9.100 / 3. 9.100 
:libpostproc 55. 9.100 / 55. 9.100 
:[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument 
:Input #0, video4linux2,v4l2, from '/dev/video0': 
:Duration: N/A, bitrate: 124416 kb/s 
:Stream #0:0: Video: rawvideo (YUY2 / 0x32595559), yuyv422, 960x540, 124416 
kb/s, 15 fps, 15 tbr,
:1000k tbn, 1000k tbc 
:[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument 
:[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument 
:[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument
:
:
:and yes, to answer Jan:
:
:$ sysctl kern.video
:kern.video.record=1
:
:
:
:Thanks a lot for your help.
:
:Morgan
:
:
:7 octobre 2023 14:36 "Thomas Frohwein"  a écrit:
:
:> On Sat, Oct 07, 2023 at 07:08:21AM -0300, Crystal Kolipe wrote:
:> 
:>> On Sat, Oct 07, 2023 at 08:51:36AM +, Comte wrote:
:>> The webcam seems well detected but no image is displayed...
:>> 
:>> What happens if you run /usr/X11R6/bin/video instead of using ffmpeg?
:>> 
:>> # dmesg | grep "uvideo"
:>> ^
:>> 
:>> Please post a full dmesg next time.
:>> 
:>> uvideo0 at uhub1 port 4 configuration 1 interface 0 "Chicony Electronics 
Co.,Ltd. Integrated
:>> Camera" rev 2.01/54.20 addr 3
:>> video0 at uvideo0
:>> uvideo1 at uhub1 port 4 configuration 1 interface 2 "Chicony Electronics 
Co.,Ltd. Integrated
:>> Camera" rev 2.01/54.20 addr 3
:>> video1 at uvideo1
:>> 
:>> However, this camera should almost certainly just work anyway.
:>> 
:>> $ ffplay -f v4l2 -input_format mjpeg -video_size 1280x720 -i /dev/video0
:>> ^^^
:>> 
:>> Why?
:> 
:> Looks like Comte followed the console instructions at [1] to the letter.
:> It seems to me that jumping right to ffplay recording isn't the best
:> way for you to check the camera is working. Simplest way to test seems
:> to me:
:> 
:> $ video -f /dev/video0
:> 
:> And then you should see a window with the video stream...
:> 
:> [1] https://www.openbsd.org/faq/faq13.html#webcam
:

-- 
Do you realize how many holes there could be if people would just take
the time to take the dirt out of them?

Re: 7.4 and hostname.pfsync7

[Peter Hessler]

On 2023 Oct 16 (Mon) at 07:53:37 +0200 (+0200), Harald Dunkel wrote:
:/etc/hostname.vlan111:
:vnetid 111
:parent re0 

You need to add "up" here.


:
:/etc/hostname.pfsync0:
:syncdev vlan111 up
:
:vlan111: flags=8002 mtu 1500
 ^^^
no UP flag, so the parent interface is not passing traffic.


:   lladdr 00:01:2e:55:c7:10
:   index 6 priority 0 llprio 3
:   encap: vnetid 111 parent re0 txprio packet rxprio outer
:   groups: vlan
:   media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
:   status: active
:
:pfsync0: flags=41 mtu 1500
:   index 5 priority 0 llprio 3
:   encap: parent vlan111
:   pfsync: syncdev: vlan111 maxupd: 128 defer: off
:   groups: carp pfsync

-- 
What color is a chameleon on a mirror?

Re: Connecting a wireless keyboard via Bluetooth

[Peter Hessler]

On 2023 Oct 25 (Wed) at 15:24:27 +0200 (+0200), Karel Lucas wrote:
:Hi all,
:
:I have a computer with openBSD V7.4 without X11, to which I want to connect a
:wireless keyboard via Bluetooth. The keyboard is connected via a separate USB
:Bluetooth receiver. What software do I need for this, and how do I configure
:it? I hope someone responds to this.
:

OpenBSD does not support Bluetooth.


-- 
THE GOLDEN RULE OF ARTS AND SCIENCES
The one who has the gold makes the rules.

ignore dns dhcpleased

[Peter Wens]

Hi,

I noticed that ignoring nameservers from leases only works
on IPv4 addresses.

in /etc/dhcpleased.conf

interface vio0 {
ignore dns
}

resolvd still adds a IPv6 nameserver

nameserver 2001:19f0:300:1704::6 # resolvd: vio0

Is this intentional?


Best regards,

Peter

Re: ignore dns dhcpleased

[Peter Wens]

Hi Otto,

I checked it, and yes it's slaacd

...
rdns_proposal_state_transition[vio0] PROPOSAL_NOT_CONFIGURED -> 
PROPOSAL_CONFIGURED, timo: 3588

gen_rdns_proposal: iface 1: fe80::f...
...

Don't know how to disable this (e.g. vultr), so for now i disable resolvd.

On 1/3/24 13:20, Otto Moerbeek wrote:

On Wed, Jan 03, 2024 at 12:15:04PM +0100, Peter Wens wrote:


Hi,

I noticed that ignoring nameservers from leases only works
on IPv4 addresses.

in /etc/dhcpleased.conf

interface vio0 {
ignore dns
}

resolvd still adds a IPv6 nameserver

nameserver 2001:19f0:300:1704::6 # resolvd: vio0

Is this intentional?


Best regards,

Peter



This very likely happens via slaacd, as v6 route proposals can
contais DNS resolver info. AFAIK, there is no way to tell slaacd to
not send DNS entries to resolvd, so you should try to tell the device
sending the v6 route advertisements to stop include DNS info.

-Otto

Re: ignore dns dhcpleased

[Peter Wens]

I was using unwind, but i changed over to use unbound instead and so i 
noticed the changes made in resolv.conf by resolvd.


On 1/3/24 13:37, Stuart Henderson wrote:

On 2024-01-03, Peter Wens  wrote:

Hi Otto,

I checked it, and yes it's slaacd

...
rdns_proposal_state_transition[vio0] PROPOSAL_NOT_CONFIGURED ->
PROPOSAL_CONFIGURED, timo: 3588
gen_rdns_proposal: iface 1: fe80::f...
...

Don't know how to disable this (e.g. vultr), so for now i disable resolvd.


If you want to force a specific server, that's often the right answer anyway.

An alternative is to use unwind with its config file.

Astertisk missing library

[Peter Fraser]

I am putting up Asterisk on a new OpenBSD system.

It is for a charity, I have not put together a new system for a long time, but 
I have upgraded several.

The asterisk on a new system is missing a large number of symbols of the form:

ast_sip_* ast_stir_* statis_app*

I can't find what is missing, I assume some what a library dependency was 
missed, so my other Asterisk on other OpendBSD system are using the old version

Any help or suggestions you can offer would be appreciated.

Re: Astertisk missing library

[Peter Fraser]

Yes

>From pkg_info

asterisk-20.5.2 open source multi-protocol PBX and telephony toolkit
asterisk-core-sounds-en-gsm-1.6.1p0 core English sound files for Asterisk (gsm)
asterisk-core-sounds-en-ulaw-1.6.1p0 core English sound files for Asterisk 
(ulaw)
asterisk-extra-sounds-en-gsm-1.5.2p0 additional English sound files for 
Asterisk (gsm)
asterisk-extra-sounds-en-ulaw-1.5.2p0 additional English sound files for 
Asterisk (ulaw)
asterisk-moh-opsound-gsm-2.03p3 opsound music-on-hold for Asterisk (gsm)
asterisk-moh-opsound-wav-2.03p3 opsound music-on-hold for Asterisk (wav)
gsm-1.0.22  GSM audio codec library and convertera



-Original Message-
From: owner-m...@openbsd.org  On Behalf Of 
deich...@placebonol.com
Sent: Saturday, February 3, 2024 4:30 PM
To: misc@openbsd.org
Subject: Re: Astertisk missing library

Did you install from pkg_add,?

On February 3, 2024 1:05:26 PM MST, Peter Fraser  wrote:
>I am putting up Asterisk on a new OpenBSD system.
>
>It is for a charity, I have not put together a new system for a long time, but 
>I have upgraded several.
>
>The asterisk on a new system is missing a large number of symbols of the form:
>
>ast_sip_* ast_stir_* statis_app*
>
>I can't find what is missing, I assume some what a library dependency was 
>missed, so my other Asterisk on other OpendBSD system are using the old version
>
>Any help or suggestions you can offer would be appreciated.
>
>
-Original Message-
From: owner-m...@openbsd.org  On Behalf Of 
deich...@placebonol.com
Sent: Saturday, February 3, 2024 4:30 PM
To: misc@openbsd.org
Subject: Re: Astertisk missing library

Did you install from pkg_add,?

On February 3, 2024 1:05:26 PM MST, Peter Fraser  wrote:
>I am putting up Asterisk on a new OpenBSD system.
>
>It is for a charity, I have not put together a new system for a long time, but 
>I have upgraded several.
>
>The asterisk on a new system is missing a large number of symbols of the form:
>
>ast_sip_* ast_stir_* statis_app*
>
>I can't find what is missing, I assume some what a library dependency was 
>missed, so my other Asterisk on other OpendBSD system are using the old version
>
>Any help or suggestions you can offer would be appreciated.
>
>

Re: GNUstep back and base in OpenBSD 7.4 ARM

[Peter Hessler]

On 2024 Feb 04 (Sun) at 20:17:44 +0800 (+0800), Tito Mari Francis Escaño wrote:
:Hi misc,
:I was hoping to install GNUstep packages in ARM but it seems gnustep-back
:and gnustep-base are not yet available in ARM.
:I was under the impression that these are needed to start basic GNUstep
:development.
:Please advise what options are available to move forward.
:Also addressed to Sebastian Reitenbach.
:Thank you.

Stuart already discussed armv7.  On arm64 gnustep-base simply failed to
build for 7.4-release packages, but it and the rest of gnustep are
building just fine in -current.


-- 
Right now I'm having amnesia and deja vu at the same time.
-- Steven Wright

Re: Astertisk missing library

[Peter Fraser]

sign requested 
address
[Feb  4 10:33:12] ERROR[107524]: res_sorcery_config.c:422 
sorcery_config_internal_load: Could not create an object of type 'transport' 
with id 'udp' from configuration file 'pjsip.conf'
[Feb  4 10:33:12] ERROR[107524]: res_pjsip/config_transport.c:917 
transport_apply: Transport 'tcp' could not be started: Can't assign requested 
address
[Feb  4 10:33:12] ERROR[107524]: res_sorcery_config.c:422 
sorcery_config_internal_load: Could not create an object of type 'transport' 
with id 'tcp' from configuration file 'pjsip.conf'
[Feb  4 10:33:14] ERROR[107524]: res_sorcery_config.c:328 
sorcery_config_internal_load: Unable to load config file 'stir_shaken.conf'
[Feb  4 10:33:14] ERROR[107524]: res_sorcery_config.c:328 
sorcery_config_internal_load: Unable to load config file 'stir_shaken.conf'
[Feb  4 10:33:14] ERROR[107524]: res_sorcery_config.c:328 
sorcery_config_internal_load: Unable to load config file 'stir_shaken.conf'
[Feb  4 10:33:14] ERROR[107524]: res_sorcery_config.c:328 
sorcery_config_internal_load: Unable to load config file 'stir_shaken.conf'
[Feb  4 10:33:14] ERROR[107524]: res_sorcery_config.c:328 
sorcery_config_internal_load: Unable to load config file 'aeap.conf'
[Feb  4 10:33:14] WARNING[107524]: res_musiconhold.c:1180 moh_parse_options: 
Music on hold 'random' setting is deprecated in 14.  Please use 'sort=random' 
instead.
[Feb  4 10:33:14] ERROR[107524]: config_options.c:710 aco_process_config: 
Unable to load config file 'confbridge.conf'
[Feb  4 10:33:14] ERROR[107524]: app_confbridge.c:4625 load_module: Unable to 
load config. Not loading module.
[Feb  4 10:33:14] WARNING[107524]: app_minivm.c:2777 load_config: Failed to 
load configuration file. Module activated with default settings.
[Feb  4 10:33:14] ERROR[107524]: config_options.c:710 aco_process_config: 
Unable to load config file 'res_http_media_cache.conf'
[Feb  4 10:33:14] NOTICE[107524]: res_http_media_cache.c:780 load_module: Could 
not load res_http_media_cache config; using defaults
[Feb  4 10:33:14] WARNING[107524]: loader.c:2409 load_modules: Some 
non-required modules failed to load.
[Feb  4 10:33:15] ERROR[107524]: loader.c:2524 load_modules: app_confbridge 
declined to load.
[Feb  4 10:33:15] ERROR[107524]: loader.c:2524 load_modules: Declined modules 
which depend on app_confbridge: app_page
Asterisk Ready.
*CLI> [Feb  4 10:33:17] ERROR[520765]: res_pjsip.c:903 
ast_sip_set_tpselector_from_transport_name: Unable to retrieve PJSIP transport 
'udp'

-Original Message-
From: owner-m...@openbsd.org  On Behalf Of Stuart 
Henderson
Sent: Sunday, February 4, 2024 4:43 AM
To: misc@openbsd.org
Subject: Re: Astertisk missing library

On 2024-02-03, Peter Fraser  wrote:
> Yes
>
> From pkg_info
>
> asterisk-20.5.2 open source multi-protocol PBX and telephony toolkit
...
>>The asterisk on a new system is missing a large number of symbols of the form:
>>
>>ast_sip_* ast_stir_* statis_app*
>>
>>I can't find what is missing, I assume some what a library dependency 
>>was missed, so my other Asterisk on other OpendBSD system are using 
>>the old version

Please show some actual error messages/logs. modules.conf might be interesting 
too. Which machine arch are you using? Release or snapshots?

20.5.2 works for me on a 7.4 amd64 system.

--
Please keep replies on the mailing list.

Re: Astertisk missing library

[Peter Fraser]

I did track down the missing modules to the same list of libraries.

I did use a copy  /usr/local/share/examples/asterisk/default/modules.conf in 
/etc/asterisk/modules.conf
And got the same error.
I also tried deleting all the noload from modules.conf
Still the same error.


-Original Message-
From: owner-m...@openbsd.org  On Behalf Of Stuart 
Henderson
Sent: Monday, February 5, 2024 7:15 AM
To: misc@openbsd.org
Subject: Re: Astertisk missing library

On 2024-02-04, Peter Fraser  wrote:
> Asterisk 20.5.2 works for me two different amd64 computers that I upgraded 
> from 7.3  amd64  to 7.4.
...
> [Feb  4 10:33:11] NOTICE[107524]: loader.c:2405 load_modules: 280 modules 
> will be loaded.
> asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined symbol 
> 'ast_audiosocket_connect'
> asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined symbol 
> 'ast_audiosocket_init'
> asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined symbol 
> 'ast_audiosocket_send_frame'
> asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined symbol 
> 'ast_audiosocket_receive_frame'

those are in res_audiosocket.so

> asterisk:/usr/local/lib/asterisk/modules/app_speech_utils.so: undefined 
> symbol 'ast_speech_new'
> asterisk:/usr/local/lib/asterisk/modules/app_speech_utils.so: undefined 
> symbol 'ast_speech_destroy'
> asterisk:/usr/local/lib/asterisk/modules/app_speech_utils.so: undefined 
> symbol 'ast_speech_grammar_load'
> asterisk:/usr/local/lib/asterisk/modules/app_speech_utils.so: undefined 
> symbol 'ast_speech_grammar_unload'
> asterisk:/usr/local/lib/asterisk/modules/app_speech_utils.so: undefined 
> symbol 'ast_speech_grammar_activate'

and those in res_speech.so

> asterisk:/usr/local/lib/asterisk/modules/app_stasis.so: undefined symbol 
> 'stasis_app_exec'

res_statis

> asterisk:/usr/local/lib/asterisk/modules/chan_pjsip.so: undefined symbol 
> 'ast_sip_cli_traverse_objects'
> asterisk:/usr/local/lib/asterisk/modules/chan_pjsip.so: undefined symbol 
> 'ast_sip_cli_traverse_objects'
> asterisk:/usr/local/lib/asterisk/modules/chan_pjsip.so: undefined symbol 
> 'ast_sip_cli_traverse_objects'
> asterisk:/usr/local/lib/asterisk/modules/chan_pjsip.so: undefined symbol 
> 'ast_sip_cli_traverse_objects'
> asterisk:/usr/local/lib/asterisk/modules/chan_pjsip.so: undefined symbol 
> 'ast_sip_push_task_wait_servant'

res_pjsip

etc. I think you may be missing something in modules.conf. I'd probably start 
with a copy of /usr/local/share/examples/asterisk/default/modules.conf
and see if that works, then tweak from there.

--
Please keep replies on the mailing list.

Re: Astertisk missing library

[Peter Fraser]

I should also add the libraries re on my system, and nm says they contain the 
simples
I don't know why they are not loading.

-Original Message-
From: owner-m...@openbsd.org  On Behalf Of Stuart 
Henderson
Sent: Monday, February 5, 2024 7:15 AM
To: misc@openbsd.org
Subject: Re: Astertisk missing library

On 2024-02-04, Peter Fraser  wrote:
> Asterisk 20.5.2 works for me two different amd64 computers that I upgraded 
> from 7.3  amd64  to 7.4.
...
> [Feb  4 10:33:11] NOTICE[107524]: loader.c:2405 load_modules: 280 modules 
> will be loaded.
> asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined symbol 
> 'ast_audiosocket_connect'
> asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined symbol 
> 'ast_audiosocket_init'
> asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined symbol 
> 'ast_audiosocket_send_frame'
> asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined symbol 
> 'ast_audiosocket_receive_frame'

those are in res_audiosocket.so

> asterisk:/usr/local/lib/asterisk/modules/app_speech_utils.so: undefined 
> symbol 'ast_speech_new'
> asterisk:/usr/local/lib/asterisk/modules/app_speech_utils.so: undefined 
> symbol 'ast_speech_destroy'
> asterisk:/usr/local/lib/asterisk/modules/app_speech_utils.so: undefined 
> symbol 'ast_speech_grammar_load'
> asterisk:/usr/local/lib/asterisk/modules/app_speech_utils.so: undefined 
> symbol 'ast_speech_grammar_unload'
> asterisk:/usr/local/lib/asterisk/modules/app_speech_utils.so: undefined 
> symbol 'ast_speech_grammar_activate'

and those in res_speech.so

> asterisk:/usr/local/lib/asterisk/modules/app_stasis.so: undefined symbol 
> 'stasis_app_exec'

res_statis

> asterisk:/usr/local/lib/asterisk/modules/chan_pjsip.so: undefined symbol 
> 'ast_sip_cli_traverse_objects'
> asterisk:/usr/local/lib/asterisk/modules/chan_pjsip.so: undefined symbol 
> 'ast_sip_cli_traverse_objects'
> asterisk:/usr/local/lib/asterisk/modules/chan_pjsip.so: undefined symbol 
> 'ast_sip_cli_traverse_objects'
> asterisk:/usr/local/lib/asterisk/modules/chan_pjsip.so: undefined symbol 
> 'ast_sip_cli_traverse_objects'
> asterisk:/usr/local/lib/asterisk/modules/chan_pjsip.so: undefined symbol 
> 'ast_sip_push_task_wait_servant'

res_pjsip

etc. I think you may be missing something in modules.conf. I'd probably start 
with a copy of /usr/local/share/examples/asterisk/default/modules.conf
and see if that works, then tweak from there.

--
Please keep replies on the mailing list.

Re: No audio playback with azalia0 Intel Braswell HD Audio

[Peter Hessler]

It seems that your audio is connected in an.interesting way:

 "808622A8" at acpi0 not configured

I guess we'll need a driver to support that.

Please use sendbug(1) to make a report, and make sure it includes the
acpidump from the system.

-peter

On 2024 Feb 05 (Mon) at 20:28:16 -0800 (-0800), jrmu wrote:
:Greetings,
:
:I am attempting to play audio on an HP Chromebook 11 G5 Setzer,
:but OpenBSD appears to be missing the necessary codecs. Are there any
:workarounds? I'm guessing that switching from the built-in speakers to
:headphones won't make any difference. Any suggestions appreciated.
:
:Here's the output I see when using ogg123:
:
:bsd$ ogg123 -d sndio Mozart_-_Eine_kleine_Nachtmusik_-_1._Allegro.ogg
:
:Audio Device:   sndio audio output
:
:Playing: Mozart_-_Eine_kleine_Nachtmusik_-_1._Allegro.ogg
:Ogg Vorbis stream: 2 channel, 44100 Hz
:Title: ADVENT CHAMBER ORCHESTRA Artist=Roxanna Pavel Goldstein, Musical 
Director
:ERROR: Cannot open device sndio.
:
:
:I tried running sndiod in debug mode:
:
:bsd$ doas sndiod -
:snd0 pst=cfg.default: rec=0:1 play=0:1 vol=8388608 dup
:snd0 pst=cfg.0: rec=0:1 play=0:1 vol=8388608 dup
:snd1 pst=cfg.1: rec=0:1 play=0:1 vol=8388608 dup
:snd2 pst=cfg.2: rec=0:1 play=0:1 vol=8388608 dup
:snd3 pst=cfg.3: rec=0:1 play=0:1 vol=8388608 dup
:helper(helper|ini): created
:poll: helper: 1
:worker(worker|ini): created
:listen(/tmp/sndio/sock0|ini): created
:default/server.device=0:1 at 1 -> opt_dev:default/0: added
:default/server.device=1:0 at 2 -> opt_dev:default/1: added
:default/server.device=2:0 at 3 -> opt_dev:default/2: added
:default/server.device=3:0 at 4 -> opt_dev:default/3: added
:poll: listen: 1 worker: 1
:sock(sock|ini): created
:listen(/tmp/sndio/sock0|ini): processed in 226us
:worker(worker|ini): processed in 1us
:sock,rmsg,widl: no messages to build anymore, idling...
:poll: sock: 1 listen: 1 worker: 1
:helper: recv: cmd = 0, num = 0, mode = 3, fd = -1
:helper: send: cmd = 3, num = 0, mode = 0, fd = -1
:helper(helper|ini): processed in 339us
:poll: helper: 1
:helper: recv: cmd = 0, num = 0, mode = 1, fd = -1
:helper: send: cmd = 3, num = 0, mode = 0, fd = -1
:helper(helper|ini): processed in 105us
:poll: helper: 1
:sock,rmsg,widl: reading 40 todo
:sock,rmsg,widl: read full message
:sock,rmsg,widl: AUTH message
:sock,rmsg,widl: reading 40 todo
:sock,rmsg,widl: read full message
:sock,rmsg,widl: HELLO message
:sock,rmsg,widl: hello from , mode = 1, ver 7
:app/ogg0.level=127 at 5 -> slot_level:ogg0: added
:snd0 pst=cfg: device requested
:worker: send: cmd = 0, num = 0, mode = 3, fd = -1
:worker: recv: cmd = 3, num = 0, mode = 0, fd = -1
:worker: send: cmd = 0, num = 0, mode = 1, fd = -1
:worker: recv: cmd = 3, num = 0, mode = 0, fd = -1
:worker: send: cmd = 0, num = 0, mode = 2, fd = -1
:worker: recv: cmd = 3, num = 0, mode = 0, fd = -1
:snd0 pst=cfg: failed to open audio device
:sock,rmsg,widl: closing
:sock(sock|zom): destroyed
:sock(sock|zom): processed in 8478us
:listen(/tmp/sndio/sock0|ini): processed in 1us
:worker(worker|ini): processed in 0us
:poll: listen: 1 worker: 1
:helper: recv: cmd = 0, num = 0, mode = 2, fd = -1
:helper: send: cmd = 3, num = 0, mode = 0, fd = -1
:helper(helper|ini): processed in 206us
:poll: helper: 1
:^Cpoll: helper: 1
:helper: hup
:helper(helper|zom): destroyed
:helper(helper|zom): processed in 54us
:nothing to do...
:worker(worker|zom): destroyed
:listen(/tmp/sndio/sock0|zom): destroyed
:default/server.device=0:1 at 1 -> opt_dev:default/0: removed
:default/server.device=1:0 at 2 -> opt_dev:default/1: removed
:default/server.device=2:0 at 3 -> opt_dev:default/2: removed
:default/server.device=3:0 at 4 -> opt_dev:default/3: removed
:snd0 pst=cfg: draining
:snd1 pst=cfg: draining
:snd2 pst=cfg: draining
:snd3 pst=cfg: draining
:nothing to do...
:snd0 pst=cfg: deleting
:snd1 pst=cfg: deleting
:snd2 pst=cfg: deleting
:snd3 pst=cfg: deleting
:
:Below is my dmesg output:
:
:OpenBSD 7.4 (GENERIC.MP) #1382: Wed Sep 27 10:51:31 MDT 2023
:dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
:real mem = 2068180992 (1972MB)
:avail mem = 1985822720 (1893MB)
:random: good seed from bootblocks
:mpath0 at root
:scsibus0 at mpath0: 256 targets
:mainbus0 at root
:bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x1fee8000 (17 entries)
:bios0: vendor coreboot version "MrChromebox-4.20.1" date 07/21/2023
:bios0: GOOGLE Setzer
:efi0 at bios0: UEFI 2.7
:efi0: EDK II rev 0x1
:acpi0 at bios0: ACPI 6.0
:acpi0: sleep states S0 S1 S3 S4 S5
:acpi0: tables DSDT FACP SSDT MCFG TCPA APIC HPET TCPA BGRT
:acpi0: wakeup devices XHCI(S3)
:acpitimer0 at acpi0: 3579545 Hz, 24 bits
:acpimcfg0 at acpi0
:acpimcfg0: addr 0xe000, bus 0-255
:acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
:cpu0 at mainbus0: apid 0 (boot processor)
:cpu0: Intel(R) Celeron(R) CPU N3060 @ 1.60GHz, 2480.32 MHz, 06-4c-04, patch 
0411
:cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA

Re: Astertisk missing library

[Peter Fraser]

cket.so]
examining: '/usr/local/lib/asterisk/modules/res_audiosocket.so'
loading: libpthread.so.27.1 required by 
/usr/local/lib/asterisk/modules/res_audiosocket.so
loading: libBlocksRuntime.so.0.0 required by 
/usr/local/lib/asterisk/modules/res_audiosocket.so
linking dep /usr/local/lib/libBlocksRuntime.so.0.0 as child of 
/usr/local/lib/asterisk/modules/res_audiosocket.so
linking dep /usr/lib/libpthread.so.27.1 as child of 
/usr/local/lib/asterisk/modules/res_audiosocket.so
tail /usr/local/lib/asterisk/modules/res_audiosocket.so
protect RELRO [0x5bdacbf6dc0,0x5bdacbf8000) in 
/usr/local/lib/asterisk/modules/res_audiosocket.so
doing ctors obj 0x5bd85ea4800 @0x5bdacbf5640: 
[/usr/local/lib/asterisk/modules/res_audiosocket.so]
doing initarray obj 0x5bd85ea4800 @0x5bdacbf6e58: 
[/usr/local/lib/asterisk/modules/res_audiosocket.so]
dlopen: /usr/local/lib/asterisk/modules/res_audiosocket.so: done (success).
doing finiarray obj 0x5bd85ea4800 @0x5bdacbf6e60: 
[/usr/local/lib/asterisk/modules/res_audiosocket.so]
doing dtors obj 0x5bd85ea4800 @0x5bdacbf5660: 
[/usr/local/lib/asterisk/modules/res_audiosocket.so]
unload_shlib called on /usr/local/lib/asterisk/modules/res_audiosocket.so
unload_shlib called on /usr/local/lib/libBlocksRuntime.so.0.0
unload_shlib called on /usr/lib/libpthread.so.27.1
unload_shlib unloading on /usr/local/lib/asterisk/modules/res_audiosocket.so
dlopen: loading: /usr/local/lib/asterisk/modules/res_audiosocket.so
objname [/usr/local/lib/asterisk/modules/res_audiosocket.so], dynp 
0x5bd62362e68, objtype 4 lbase 5bd6235e000, obase 5bd6235e000
 flags /usr/local/lib/asterisk/modules/res_audiosocket.so = 0x0
head /usr/local/lib/asterisk/modules/res_audiosocket.so
obj /usr/local/lib/asterisk/modules/res_audiosocket.so has 
/usr/local/lib/asterisk/modules/res_audiosocket.so as head
linking /usr/local/lib/asterisk/modules/res_audiosocket.so as dlopen()ed
head [/usr/local/lib/asterisk/modules/res_audiosocket.so]
examining: '/usr/local/lib/asterisk/modules/res_audiosocket.so'

-Original Message-
From: owner-m...@openbsd.org  On Behalf Of Stuart 
Henderson
Sent: Tuesday, February 6, 2024 4:17 AM
To: misc@openbsd.org
Subject: Re: Astertisk missing library

On 2024-02-06, deich...@placebonol.com  wrote:
> are the libraries in the search path?

they're not normal library deps for the main binary, all dlopen()'d from the 
relevant path.

> On February 5, 2024 10:54:38 AM MST, Peter Fraser  wrote:
>>I should also add the libraries re on my system, and nm says they 
>>contain the simples I don't know why they are not loading.

maybe you'll get some clues by running with LD_DEBUG set in the environment - 
there will be a *lot* of output so run under script(1).

or, try comparing /etc/asterisk with one of your working machines and see 
what's different.

>>From: owner-m...@openbsd.org  On Behalf Of 
>>Stuart Henderson
>>Sent: Monday, February 5, 2024 7:15 AM
>>To: misc@openbsd.org
>>Subject: Re: Astertisk missing library
>>
>>On 2024-02-04, Peter Fraser  wrote:
>>> Asterisk 20.5.2 works for me two different amd64 computers that I upgraded 
>>> from 7.3  amd64  to 7.4.
>>...
>>> [Feb  4 10:33:11] NOTICE[107524]: loader.c:2405 load_modules: 280 modules 
>>> will be loaded.
>>> asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined 
>>> symbol 'ast_audiosocket_connect'
>>> asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined 
>>> symbol 'ast_audiosocket_init'
>>> asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined 
>>> symbol 'ast_audiosocket_send_frame'
>>> asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined 
>>> symbol 'ast_audiosocket_receive_frame'
>>
>>those are in res_audiosocket.so
>>
>>> asterisk:/usr/local/lib/asterisk/modules/app_speech_utils.so: undefined 
>>> symbol 'ast_speech_new'
>>> asterisk:/usr/local/lib/asterisk/modules/app_speech_utils.so: undefined 
>>> symbol 'ast_speech_destroy'
>>> asterisk:/usr/local/lib/asterisk/modules/app_speech_utils.so: undefined 
>>> symbol 'ast_speech_grammar_load'
>>> asterisk:/usr/local/lib/asterisk/modules/app_speech_utils.so: undefined 
>>> symbol 'ast_speech_grammar_unload'
>>> asterisk:/usr/local/lib/asterisk/modules/app_speech_utils.so: undefined 
>>> symbol 'ast_speech_grammar_activate'
>>
>>and those in res_speech.so
>>
>>> asterisk:/usr/local/lib/asterisk/modules/app_stasis.so: undefined symbol 
>>> 'stasis_app_exec'
>>
>>res_statis
>>
>>> asterisk:/usr/local/lib/asterisk/modules/chan_pjsip.so:

Re: Astertisk missing library

[Peter Fraser]

Although not understanding the output of LD_DEBUG, I made a guess, that the 
problem was with load order.

After a bit of experimentation, I added

load = res_audiosocket.so
load = res_speech.so
load = res_stasis.so
load = res_pjproject.so
load = res_rtp_asterisk.so
load = res_pjsip.so
load = res_xmpp.so
load = res_pjsip_session.so
load = res_rtp_multicast.so
load = res_ael_share.so
load = res_pjsip_pubsub.so
load = res_stasis_recording.so
load = res_pjsip_outbound_publish.so

To the beginning of modules.conf asterisk loaded without missing symbols. 

-Original Message-
From: Peter Fraser 
Sent: Tuesday, February 6, 2024 2:22 PM
To: misc@openbsd.org
Subject: RE: Astertisk missing library

setting LD_DEBUG does generate a lot of output 8384 lines.

first is the extracted code where app_audiosocket.so is loaded, the error is 
reported. It was a line 607 in the debug ouptut the second is the section is 
where res_audiosocket.so is loaded. It was at line 4622 in the output.

I find it very strange that asterisk reports an error after  app_audiosocket.so 
is loaded, but later seems properly load res_audiosocket.so which contains the 
missing symbols.

I am hoping that someone can extract something from this.
I do have all 8000 plus line of output if someone is interested.

dlopen: loading: /usr/local/lib/asterisk/modules/app_audiosocket.so
objname [/usr/local/lib/asterisk/modules/app_audiosocket.so], dynp 
0x5bda75834a0, objtype 4 lbase 5bda757f000, obase 5bda757f000  flags 
/usr/local/lib/asterisk/modules/app_audiosocket.so = 0x0 head 
/usr/local/lib/asterisk/modules/app_audiosocket.so
obj /usr/local/lib/asterisk/modules/app_audiosocket.so has 
/usr/local/lib/asterisk/modules/app_audiosocket.so as head linking 
/usr/local/lib/asterisk/modules/app_audiosocket.so as dlopen()ed head 
[/usr/local/lib/asterisk/modules/app_audiosocket.so]
examining: '/usr/local/lib/asterisk/modules/app_audiosocket.so'
loading: libBlocksRuntime.so.0.0 required by 
/usr/local/lib/asterisk/modules/app_audiosocket.so
loading: libpthread.so.27.1 required by 
/usr/local/lib/asterisk/modules/app_audiosocket.so
linking dep /usr/local/lib/libBlocksRuntime.so.0.0 as child of 
/usr/local/lib/asterisk/modules/app_audiosocket.so
linking dep /usr/lib/libpthread.so.27.1 as child of 
/usr/local/lib/asterisk/modules/app_audiosocket.so
tail /usr/local/lib/asterisk/modules/app_audiosocket.so
asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined symbol 
'ast_audiosocket_connect'
asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined symbol 
'ast_audiosocket_init'
asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined symbol 
'ast_audiosocket_send_frame'
asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined symbol 
'ast_audiosocket_receive_frame'
unload_shlib called on /usr/local/lib/asterisk/modules/app_audiosocket.so
unload_shlib called on /usr/local/lib/libBlocksRuntime.so.0.0
unload_shlib called on /usr/lib/libpthread.so.27.1 unload_shlib unloading on 
/usr/local/lib/asterisk/modules/app_audiosocket.so
dlopen: /usr/local/lib/asterisk/modules/app_audiosocket.so: done 
(failed).dlopen: loading: /usr/local/lib/asterisk/modules/app_audiosocket.so
objname [/usr/local/lib/asterisk/modules/app_audiosocket.so], dynp 
0x5bda75834a0, objtype 4 lbase 5bda757f000, obase 5bda757f000  flags 
/usr/local/lib/asterisk/modules/app_audiosocket.so = 0x0 head 
/usr/local/lib/asterisk/modules/app_audiosocket.so
obj /usr/local/lib/asterisk/modules/app_audiosocket.so has 
/usr/local/lib/asterisk/modules/app_audiosocket.so as head linking 
/usr/local/lib/asterisk/modules/app_audiosocket.so as dlopen()ed head 
[/usr/local/lib/asterisk/modules/app_audiosocket.so]
examining: '/usr/local/lib/asterisk/modules/app_audiosocket.so'
loading: libBlocksRuntime.so.0.0 required by 
/usr/local/lib/asterisk/modules/app_audiosocket.so
loading: libpthread.so.27.1 required by 
/usr/local/lib/asterisk/modules/app_audiosocket.so
linking dep /usr/local/lib/libBlocksRuntime.so.0.0 as child of 
/usr/local/lib/asterisk/modules/app_audiosocket.so
linking dep /usr/lib/libpthread.so.27.1 as child of 
/usr/local/lib/asterisk/modules/app_audiosocket.so
tail /usr/local/lib/asterisk/modules/app_audiosocket.so
asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined symbol 
'ast_audiosocket_connect'
asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined symbol 
'ast_audiosocket_init'
asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined symbol 
'ast_audiosocket_send_frame'
asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined symbol 
'ast_audiosocket_receive_frame'
unload_shlib called on /usr/local/lib/asterisk/modules/app_audiosocket.so
unload_shlib called on /usr/local/lib/libBlocksRuntime.so.0.0
unload_shlib called on /usr/lib/libpthread.so.27.1 unload_shlib unlo

mirror.bytemark.co.uk appears to have removed all OpenBSD content?

[Peter Kay]

Just been to upgrade a rather old system I keep OpenBSD on for fun all
the way up from 6.9, and found bytemark no longer seem to be hosting
any OpenBSD content.

Fortunately there's a couple of archives with pretty much every
OpenBSD release ever, so sysupgrade is currently rather busy

PK

Re: No packages found for 7.5 snapshot on arm64

[Peter Hessler]

Yes, we are at a stage of development where snapshots look similar to a
-release.  (Note, these snapshots are not actually the release)

For now, you want to run pkg_add with -Dsnap, so "pkg_add -Dsnap -u" or
"pkg_add -Dsnap colorls".



On 2024 Mar 09 (Sat) at 12:11:51 +0300 (+0300), Dmitry Matveyev wrote:
:Hi,
:
:I was running an OpenBSD with this description of the iso: OpenBSD
:7.4-current 2023-11-03 (arm64). A week ago I started getting an error
:trying to install any package:
:
:# pkg_add -Uvi colorls
:Update candidates: quirks-7.12 -> quirks-7.12
:Update candidates: updatedb-0p0 -> updatedb-0p0
:quirks-7.12 signed on 2024-03-05T14:52:30Z
:Can't install colorls-7.4 because of libraries
:|library c.99.0 not found
:| /usr/lib/libc.so.98.0 (system): bad major
:Couldn't install colorls-7.4
:
:Here I have an older version whereas the package requires a newer
:version.
:
:I've read that it might be due to using -current and that I need to
:upgrade my system to the latest snapshot. I have run sysupgrade and now
:uname says that I'm on OpenBSD 7.5 GENERIC.MP#128 arm64. And now I can't
:install anything at all because pkg_add complains that it can't find a
:directory https://ftp.hostserver.de/pub/OpenBSD/7.5/packages/aarch64/. I
:have checked several mirrors at https://www.openbsd.org/ftp.html and
:they indeed don't have any packages under 7.5.
:
:How do I fix this?
:

-- 
"Contrary to popular belief, penguins are not the salvation of modern
technology.  Neither do they throw parties for the urban proletariat."

Re: tcpdump for 'disassoc' not supported

[Peter Hessler]

pflog does not monitor the RADIO.  They are not Layer 3 packets, and are
not seen by pf.


On 2024 Mar 22 (Fri) at 16:25:08 +0500 (+0500), ofthecentury wrote:
:Thanks. This does work on an interface, but not on -r /var/log/pflog?
:
:On Fri, Mar 22, 2024 at 3:54 PM Stefan Sperling  wrote:
:>
:> On Fri, Mar 22, 2024 at 03:39:57PM +0500, ofthecentury wrote:
:> > I am getting wireless disassociation attacks.
:> > I wanted to look at the packets via:
:> > `tcpdump -nettt -I -i athn0 -s 256
:> > type mgt subtype disassoc`
:> > but I get an error:
:> > "tcpdump: type not supported on linktype 0x1"
:> > Should work according to man tcpdump.
:> >
:> >
:>
:> Works only with tcpdump -y IEEE802_11_RADIO
:

-- 
To err is human, to moo bovine.

Re: some ports give "Error while reading header" while fetching

[Peter Hessler]

There was a mistake while signing these packages, you want the set
signed 2024-03-22 or later.

ftp.hostserver.de and the other 2nd level mirrors most certainly has
those, and the other mirrors should get them over time.


On 2024 Mar 26 (Tue) at 11:22:08 + (+), void wrote:
:Hello,
:
:Posting in misc@ because it's an issue not limited to any particular port.
:
:context is 7.5 GENERIC.MP#138 arm64 aarch64
:
:error:
:$ doas pkg_add -D snap mupdf  quirks-7.14 signed on 2024-03-18T13:07:59Z
:Ambiguous: choose package for mupdf
:a 0: 
:  1: mupdf-1.23.11
:  2: mupdf-1.23.11-js
:Your choice: 1
:mupdf-1.23.11:gumbo-0.12.1: ok
:mupdf-1.23.11:jbig2dec-0.19: ok
:mupdf-1.23.11:lcms2-2.15: ok
:mupdf-1.23.11:openjp2-2.5.2: ok
:pkg_add: Ustar 
[http://www.mirrorservice.org/pub/OpenBSD/snapshots/packages/aarch64/xdg-utils-1.2.1.tgz][?]:
 Error while reading header
:
:I've also seen it happen with xz. It doesn't seem to matter what server the
:installurl (currently set to mirrorservice) is. Is it a problem with the
:port(s) or my connection (dual-stack)? thanks,
:-- 
:

-- 
Arithmetic is being able to count up to twenty without taking off your
shoes.
-- Mickey Mouse

rm: #08057459: Operation not permitted

[Peter Fraser]

The reason why ls -l faulted has been found and is being worked on.

The next step is trying to delete the files.
Running as root
rm fails with Operation not permitted
so does chmod and chown end chattr

Any ideas on how to get rid of the files

hardware support for HPE Smart Array E208i-p SR Gen10 (ciss ?) and HPE 561FLR-T (ix)

[Steiner Peter]

Hello,

we have to retire some older "HP ProLiant DL360 Gen9" and want to buy the 
current model "HPE ProLiant DL360 Gen10"

I'm unsure if the newer "HPE Smart Array E208i-p" is supported by the ciss 
driver
(the old "HPE Smart Array H240ar" in our DL360 Gen9 worked for years like a 
charm)


btw. I'm also checking the support of 10Gb Ethernet Adapters (to replace the 
old "HP Ethernet 10Gb 2-port 561T"):
I think the current "HP Ethernet 10Gb 2-port 562FLR-T" and "HPE 562T" should 
work 
because they're also based on the "Intel Ethernet-Controller X540" listed in 
the ix driver man page

anyone using these already?


thanks in advance for any field reports


greetings from Austria
-Peter

__
Peter Steiner
networking and system administration

feratel media technologies AG
Laubichl 60
A - 5452 Pfarrwerfen
FN 72841w, LG Innsbruck 
Telefon: +43 6468 8901-0, Fax: +43 6468 8901-2675
Internet: www.feratel.at, www.feratel.com