Re: NFS Server performance

[Steven Surdock]

> -Original Message-
> From: j...@bitminer.ca 
> Sent: Thursday, December 7, 2023 7:55 PM
> 
> On Tue, Dec 05, 2023 at 02:06:44PM +, Steven Surdock wrote:
> >
> > Using an OBSD 7.4 VM on VMware as an NFS server on HOST02.   It is
> > primarily used to store VMWare VM backups from HOST01, so VMWare is
> > the NFS client.  I'm seeing transfers of about 1.2 MB/s.
> 
> Sounds about right.  On a single (magnetic) disk, assume 200 ops/sec
> maximum, or about 5 kbyte per write op.
> 
> Remember that NFS is synchronous.  It is based on RPC, remote procedure
> calls.  The call has to return a result to the client before the next call
> can happen.  So your client (ESXi) is stuck at the synchronous write rate
> of your disk, which is governed by seek time and rotation rate.
> 
> To confirm, run systat and note the "sec" measurement for your disk.
> It will likely be in the 0.5 to 1.0 range.  This means your disk is 50% to
> 100% busy.  And the speed is about 1MB/s.
> 
> For improvement, use "-o noatime" on your exported partition mount.  This
> reduces inode update IO.
> 
> Or, try "-o async" if you want to live dangerously.
> 
> Or, you could even try ext2 instead of ffs.rumour has it that
> ext2 is faster.  I don't know, never having tried it.
> 
> Or use an SSD for your export partition.
> 
> Or, crank up a copy of Linux and run NFS v4 server.  That will definitely
> be faster than any NFS v3 server.  V4 streams writes, to be very
> simplistic about it.
> 
> (I think you already confirmed it's NFS v3 with TCP, not NFS v2.
> You should turn UDP off for reliability reasons, not performance.)

So I thought that disk I/O might be an issue as well, but SCP rips at 800+ Mbps 
(95+ MBps).

I did end up trying async and noatime on the filesystem.  'async' offered the 
best improvement with about 75 Mbps (or 9.3 MBps).  Still not what I was hoping 
for, or even close to SCP.

I did confirm NFS V3 (via tcpdump), plus esxi only supports V3 and V4.

I also experimented with netbsd-iscsi-target-20111006p6, but I could not get 
esxi to connect reliably.

You are correct on the disk performance during the NFS write:

Disks   sd0   sd1   
seeks  
xfers 992  
speed  110K 5915K  
  sec   0.0   1.0  

For the sake of completeness, here is the disk performance for the scp:

Disks   sd0   sd1
seeks
xfers11  1559
speed  131K   97M
  sec   0.0   1.0

This is with /home mounted with 'ffs rw,nodev,nosuid 1 2'

Thanks!

Re: NFS Server performance

[Steven Surdock]

No confusion.  The read and write buffer sizes would be above layer 3.  VMware 
offers little ability to modify read and write sizes.  It did inspire me to 
find this:  https://kb.vmware.com/s/article/1007909

NFS.ReceiveBufferSize

This is the size of the receive buffer for NFS sockets. This value is chosen 
based on internal performance testing. VMware does not recommend adjusting this 
value.
 
NFS.SendBufferSize

The size of the send buffer for NFS sockets. This value is chosen based on 
internal performance testing. VMware does not recommend adjusting this value.

...

ESXi 6.0, 6.5, 6.7:
Default Net.TcpipHeapMax is 512MB. Default send/receive socket buffer size of 
NFS is 256K each. So each socket consumes ~512K+.For 256 shares, it would be 
~128M. The default TCPIPheapMax is sufficient even for 256 mounts. Its not 
required to increase.

Also,  the man page for mount_nfs implies -w is useful for UDP mounts.  I have 
verified that this mount is using TCP. 

  -w writesize
 Set the write data size to the specified value.  Ditto the
 comments w.r.t. the -r option, but using the "fragments dropped
 after timeout" value on the server instead of the client.  Note
 that both the -r and -w options should only be used as a last
 ditch effort at improving performance when mounting servers that
 do not support TCP mounts.

-Steve S.

-Original Message-
From: owner-m...@openbsd.org  On Behalf Of Carsten Reith
Sent: Wednesday, December 6, 2023 11:41 AM
To: misc@openbsd.org
Subject: Re: NFS Server performance

[You don't often get email from carsten.re...@t-online.de. Learn why this is 
important at https://aka.ms/LearnAboutSenderIdentification ]

Steven Surdock  writes:

> The client is VMWare ESXi, so my options are limited.  I tried 
> enabling jumbo frames (used 9000) and this made very little 
> difference.
>

Is it possible that you confuse the network layers here ? Jumbo frames are 
layer 2, the read and write sizes referred to apply are layer 3. You can try to 
set them as suggested, indepently of the frame size.

Re: NFS Server performance

[Steven Surdock]

The client is VMWare ESXi, so my options are limited.  I tried enabling jumbo 
frames (used 9000) and this made very little difference.

-Original Message-
From: Zé Loff  
Sent: Tuesday, December 5, 2023 10:12 AM
To: Steven Surdock 
Cc: misc@openbsd.org
Subject: Re: NFS Server performance


On Tue, Dec 05, 2023 at 02:06:44PM +, Steven Surdock wrote:
> Using an OBSD 7.4 VM on VMware as an NFS server on HOST02.   It is primarily 
> used to store VMWare VM backups from HOST01, so VMWare is the NFS client.  
> I'm seeing transfers of about 1.2 MB/s.  
> 
> SCP from HOST01 to OBSD VM (same filesystem) copies at 110 MB/s.  
> Iperf3 from a VM on HOST01 to OBSD on HOST02 gives me 900+ mbps.  
> OBSD is a stock install running -stable.
> NFS is using v3 (according to VMWare) and using TCP During the NFS 
> transfer the RECV-Q on the OBSD interface runs either 64000+ or 0.
> I tried both em and vmx interface types.
> 
> /etc/rc.conf.local:
> mountd_flags="" # for normal use: ""
> nfsd_flags="-tun 4" # Crank the 4 for a busy NFS fileserver
> ntpd_flags=""   # enabled during install
> portmap_flags=""# for normal use: ""
> 
> Any clues on where to look to (greatly) improve NFS performance would be 
> appreciated.

Increasing write size, read size and the read-ahead count on the client has 
helped me.

E.g., on the client's fstab:

  10.17.18.10:/shared/stuff  /nfs/stuff  nfs  
rw,nodev,nosuid,intr,tcp,bg,noatime,-a=4,-r=32768,-w=32768 0 0

Cheers
Zé

-- 
 

NFS Server performance

[Steven Surdock]

Using an OBSD 7.4 VM on VMware as an NFS server on HOST02.   It is primarily 
used to store VMWare VM backups from HOST01, so VMWare is the NFS client.  I'm 
seeing transfers of about 1.2 MB/s.  

SCP from HOST01 to OBSD VM (same filesystem) copies at 110 MB/s.  
Iperf3 from a VM on HOST01 to OBSD on HOST02 gives me 900+ mbps.  
OBSD is a stock install running -stable.
NFS is using v3 (according to VMWare) and using TCP
During the NFS transfer the RECV-Q on the OBSD interface runs either 64000+ or 
0.
I tried both em and vmx interface types.

/etc/rc.conf.local:
mountd_flags="" # for normal use: ""
nfsd_flags="-tun 4" # Crank the 4 for a busy NFS fileserver
ntpd_flags=""   # enabled during install
portmap_flags=""# for normal use: ""

Any clues on where to look to (greatly) improve NFS performance would be 
appreciated.

-Steve S.

Re: relayd ssl termination advice

[Steven Shockley]

On 10/7/2023 9:00 PM, Courtney wrote:

Hello everyone,

I'm seeking an ideal way to make secure https connections to a handful of
web servers in my house. 


I'm currently doing this with haproxy by having it inspect the SNI on 
the incoming traffic and route based on that.  At the time I set it up 
relayd didn't support SNI inspection, not sure if it's been added since.


The main downsides to doing this:
- haproxy has to be in the traffic path
- haproxy has to run as root (ick)

The traffic isn't decrypted by haproxy at all.  I'm not sure how this 
will be affected by encrypted SNI/encrypted client hello.


Relayd can also decrypt the traffic, then re-encrypt it from relayd to 
the web server.  See "TLS RELAYS" in the man page.

Netstat output

[Steven Shockley]

When running netstat -I [interface], what do the "fails" and "errs" 
columns mean?  When my firewall is under network load, the output 
interface fails and total errs increases.

Installboot question

[Steven Shockley]

I have a machine with two ATA drives in a softraid mirror.  For the Zen 
patch, do I run installboot on just sd2 (the softraid volume) or also 
sd0 and sd1 (the physical disks)?  Thanks.

X11 not working after upgrade to 7.3

[Steven Shockley]

I've just upgraded a Windows 10 Hyper-V VM from 7.2 to 7.3 using 
sysupgrade, sysmerge (no changes) and pkg_add -u.  Since the upgrade 
xenodm doesn't start.


The error from Xorg.0.log is:
[  1599.318] (II) VESA(0): virtual address = 0xfe5219000,
physical address = 0xf800, size = 4194304
[  1599.666] (EE) Segmentation fault at address 0xfea707fd0
[  1599.666] (EE)
Fatal server error:
[  1599.666] (EE) Caught signal 11 (Segmentation fault). Server aborting

For fun I ran ktrace, and I believe this is where it's failing:

 55304 Xorg GIO   fd 3 wrote 45 bytes
   "(II) VESA(0): VESA VBE OEM Software Rev: 0.0
   "
 55304 Xorg RET   write 45/0x2d
 55304 Xorg CALL  kbind(0x705afca96bc8,24,0x930707b474004d54)
 55304 Xorg RET   kbind 0
 55304 Xorg CALL  kbind(0x705afca96b78,24,0x930707b474004d54)
 55304 Xorg RET   kbind 0
 55304 Xorg CALL 
mmap(0,0x40,0x3,0x1,4,0x4000f800)

 55304 Xorg RET   mmap 4033631223808/0x3ab2728
 55304 Xorg CALL  kbind(0x705afca96b18,24,0x930707b474004d54)
 55304 Xorg RET   kbind 0
 55304 Xorg CALL  ioctl(4,MEMRANGE_SET,0x705afca96c00)
 55304 Xorg RET   ioctl -1 errno 22 Invalid argument
 55304 Xorg CALL  kbind(0x705afca96b18,24,0x930707b474004d54)
 55304 Xorg RET   kbind 0
 55304 Xorg CALL  kbind(0x705afca96b18,24,0x930707b474004d54)
 55304 Xorg RET   kbind 0
 55304 Xorg CALL  kbind(0x705afca96b18,24,0x930707b474004d54)
 55304 Xorg RET   kbind 0
 55304 Xorg CALL  write(2,0x705afca96330,0x32)
 55304 Xorg GIO   fd 2 wrote 50 bytes
   "mtrr set f800 40 failed: Invalid argument
   "
 55304 Xorg RET   write 50/0x32

The only thing really of note with this system is that it has Gnome 
installed (from packages) but I'm not using it.  Is there anything new 
in 7.3 that I need to change?  Thanks.

Re: Ensuring data integrity

[Steven Shockley]

On 2/17/2023 5:30 AM, Stuart Henderson wrote:

They're often slower (especially in failure conditions) and more complex.
Reconstructing RAID5/6 after a drive failure is pretty intensive on the
other disks.


Not only that but your other (or spare) drives may have a bad sector 
that won't be detected until it's read.  One of the drives in the array 
goes bad, you rebuild it, and the rebuild fails because now two (or 
more) drives are bad.


At least if you do backups you're periodically verifying all the data 
can be read.

Re: syslogd program logging

[Steven Shockley]

On 1/24/2023 11:13 PM, Alexis wrote:


Shouldn't this actually be:

 !!dhcpd
 *.*/var/log/dhcpd
 !*

at the start of the file? At least, that's my reading of
syslog.conf(5): the two exclamation marks will cause a match on
'dhcpd' to _only_ result in the listed action (with no further
evaluation of the file, and thus no further opportunities for
logging to be done), and the '!*' means that further evaluation
will happen if there _isn't_ such a match.


Ah, I see now.  I was just going from the example in syslog.conf, but 
this points me in the right direction.  Thanks!

syslogd program logging

[Steven Shockley]

My isc_dhcpd logs are kind of chatty, and I'd like to send them to their 
own log.  I tried appending the following to syslogd.conf:


!dhcpd
*.* /var/log/dhcpd

This works, but the dhcpd messages still appear in /var/log/daemon as well.

Is there a way to do this where syslogd will send logs from a specific 
program _only_ to the specified log file?  (Other than directly 
configuring a log file in isc_dhcpd.)


Thanks.

Re: embarrassing mail problem

[Steven Shockley]

On 10/5/2022 5:04 PM, Steve Fairhead wrote:

I have several OpenBSD email servers, some elderly (Sendmail) and some
brand-spanking new (smtpd). Recently I've noticed that some (of both
kinds) are failing to deliver mail to some major UK ISPs. (Mostly
domestic; business ISPs not so much.)

For Sendmail, the error is "TLS handshake failed"; for smtpd, it's
"Network error on destination MXs".


"TLS handshake failed" usually means a TLS cipher mismatch, but maybe 
they're requiring a valid public certificate.  You can also use 
testssl.sh to see what ciphers they're actually using.


Check the logs and do a tcpdump of one of the failed connections.  One 
of those should tell you directly what's wrong.

Daily output empty

[Steven Shockley]

I noticed that for the past couple of days I haven't been getting the 
{daily, weekly, monthly} output from my 8 OpenBSD machines.  I am 
getting emails for other cron jobs.


If I run /bin/sh /etc/daily, I get no output (or email).  If I run 
/bin/sh -x /etc/daily, I get what looks like expected output (commands 
plus their output) on console and via email.  The contents of 
/var/log/*.out are zero bytes.  I have plenty of disk space on all 
partitions.


Running /usr/libexec/security seems to work as expected when there are 
changes.


If I add an echo to daily.local it emails the sysctl, uptime, and 
daily.local parts.


Am I going nuts here, or should I still be getting daily outputs?

Re: How to disable httpd's default

[Steven Shockley]

On 1/13/2022 6:46 PM, i...@protonmail.com wrote:

I would like to avoid httpd giving anything if a user types in the IP
address of the server.

At first I just made an empty page, which is fine for port 80, but if
the user then types https://xxx.xxx.xxx.xxx, then the certificate for a
domain shows, which doesn't fit the IP address.

Is there some way to do something like:

server "default" {
listen on * port 80
listen on * port 443
block drop
}

And then only serve specific domains?


I've done something like this with haproxy using SNI routing, but for 
different reasons.  Unfortunately this requires running haproxy as root, 
and haproxy has to be in the routing path.  Having it on the same 
machine is probably ok.


Note that this does not require haproxy to have the client certificates, 
since the hostname is transmitted in plaintext with SNI.


Config snippets:

frontend ft_ssl_vip
bind :443
mode tcp

tcp-request inspect-delay 5s
tcp-request content accept if { req_ssl_hello_type 1 }

default_backend bk_ssl_default

backend bk_ssl_default
mode tcp

source 0.0.0.0 usesrc clientip

acl app_one  req_ssl_sni -i one.example.com
acl app_two  req_ssl_sni -i two.example.com
acl app_threereq_ssl_sni -i three.example.com

use-server one if app_one
use-server two if app_two
use-server three if app_three
use-server default if !app_one !app_two !app_three

option ssl-hello-chk
server one   1.2.3.4:443  check
server two   4.5.6.7:443  check
server three 7.8.9.10:443 check
server default   11.12.13.14:443

So, server default can answer with whatever cert you want, and one, two, 
three can answer with their correct certs.  Scanners won't connect to 
one, two, three unless they already know the host names.


Of course, this is somewhat futile with Certificate Transparency, since 
all your host names will be listed publicly anyway.

Odd package update problem

[Steven Shockley]

For a couple of weeks I've had a 6.9-stable machine that didn't seem to 
be updating packages in packages-stable.  In cron I run:


/usr/sbin/pkg_add -us | /usr/bin/grep -v 'quirks-.* signed on '

When run via cron, I'd get this output:

php-7.4.16p0->7.4.22 forward dependencies:
| Dependency of php-zip-7.4.16p0 on php-7.4.16 doesn't match
| Dependency of php-gd-7.4.16p0 on php-7.4.16 doesn't match
| Dependency of php-curl-7.4.16p0 on php-7.4.16 doesn't match
Merging php-zip-7.4.16p0->7.4.22 (ok)
Merging php-gd-7.4.16p0->7.4.22 (ok)
Merging php-curl-7.4.16p0->7.4.22 (ok)
/dev/sd0h on /usr/local: 82269 bytes (highwater 53572394 bytes)
/dev/sd0k on /var: 1106 bytes

None of the packages would actually be updated, which I expected. 
However, if I ran the same command while logged in as root it'd scan the 
packages and show no updates.  I even tried updating from php-7.3 to 
php-7.4, and it still didn't grab the -stable versions.


I noticed that I had this environment variable set:
export PKG_PATH=https://fastly.cdn.openbsd.org/pub/OpenBSD/`uname 
-r`/packages/`uname -m`/


On a hunch I unset that, and pkg_add -u updated successfully.  However, 
fastly's CDN appears to be up-to-date.  Other than not specifying a 
PKG_PATH, any suggestions?  I mean it's fixed, I'd just like to know 
what went wrong.


/etc/installurl contains https://cdn.openbsd.org/pub/OpenBSD.

Re: Azure VMs

[Steven Shockley]

On 8/8/2021 11:07 PM, Brian Brombacher wrote:

I’ve been running in Azure since Hyper-V drivers were added years ago.  Works 
great.


Excellent, thanks!

Azure VMs

[Steven Shockley]

Does anyone know if OpenBSD still works in Azure?  I found the docs on 
uploading a VM, but they cover OpenBSD 6.1.  I also found 
https://github.com/Azure/WALinuxAgent/issues/1360, where someone was 
trying to use 6.3 and unable to get networking functional.  (The report 
was closed as wontfix/unsupported.)


I just wanted to see if anyone was using a recent version of OpenBSD in 
Azure before I drop a lot of time on it.  Thanks.

Re: poor ethernet network performance

[Steven Shockley]

On 5/16/2021 6:07 PM, Keegan Saunders wrote:

I'm noticing that my OpenBSD desktop with a Realtek 8168 ethernet controller
(re(4) driver) is experiencing slow network speeds on OpenBSD 6.9 (not
recent, has been an issue before)

For example, on OpenBSD, cloning GitHub repos has about <400kb/s download
speeds whereas on Linux it is upwards of 30mb/s (both using SSH).
The issue is the same using wget, curl, etc. on other sites.

Using scp from another machine to this machine over LAN is achieving
about max 6mb/s which is still less than desired.

How can I further debug this issue to figure out what is wrong? Is the
driver having issues/known to have issues?

Thanks,
K



I've had similar issues with OpenBSD (and MacOS) when connecting 
to/through a CentOS/RHEL machine with the tcp_tw_recycle sysctl enabled 
(on CentOS/RHEL).  Unfortunately this was enabled by default in CentOS 
6.x.  If you're going through an old Linux proxy this may impact OpenBSD 
performance.

Re: aggr not load balancing

[Steven Surdock]

> > On Apr 29, 2021, at 9:13 AM, Steven Surdock  
> > wrote:
> > 
> > I switched from trunk to aggr on a "OpenBSD 6.8 GENERIC.MP#5 amd64" and it 
> > isn't load balancing across the two configured links.  The remote side is a 
> > Cisco ASR9k with the same configuration.  Is that expected?
> > 
> > 
>
> Hi, try 6.9.  There is a bugfix to pf that I found also corrects load 
> balancing with aggr.
>
>
> Brian


Upgrading to 6.9 did resolve the outbound load balancing issue (OBSD --> 
Switch), but then broke inbound (switch --> OBSD) load balancing.  I suspect 
this is just a load balancing algorithm setting in the ASR9k as the LAG is 
build on a l2 interface and not a routed interface.  

Minor upgrade issue

[Steven Shockley]

When following https://www.openbsd.org/faq/upgrade69.html, I noticed a 
minor error when deleting the Perl files:


: rm -f /usr/bin/podselect \
>   /usr/lib/libperl.so.20.0 \
[...]
>   /usr/share/man/man3p/Pod::Select.3p
rm: /usr/libdata/perl5/amd64-openbsd/Tie: is a directory
rm: /usr/libdata/perl5/amd64-openbsd/auto/Tie: is a directory

Maybe it should be rm -rf?  Or I missed a step.  Of course I could just 
use sysclean.  Thanks.

aggr not load balancing

[Steven Surdock]

I switched from trunk to aggr on a "OpenBSD 6.8 GENERIC.MP#5 amd64" and it 
isn't load balancing across the two configured links.  The remote side is a 
Cisco ASR9k with the same configuration.  Is that expected?


$ cat /etc/hostname.aggr0
trunkport bge0 trunkport bge1 description "BE2 to ASR9k"
inet 192.168.200.12 255.255.255.240
up

$ifconfig
bge0: flags=8843 mtu 1500
lladdr fe:e1:ba:d0:54:6d
index 1 priority 0 llprio 3
trunk: trunkdev aggr0
media: Ethernet autoselect (1000baseT full-duplex)
status: active
bge1: flags=8843 mtu 1500
lladdr fe:e1:ba:d0:54:6d
index 2 priority 0 llprio 3
trunk: trunkdev aggr0
media: Ethernet autoselect (1000baseT full-duplex)
status: active
aggr0: flags=8843 mtu 1500
lladdr fe:e1:ba:d0:54:6d
description: BE2 to ASR9k
index 7 priority 0 llprio 7
trunk: trunkproto lacp
trunk id: [(8000,fe:e1:ba:d0:54:6d,0007,,),
 (8000,70:e4:22:67:2a:1e,000C,,)]
bge0 lacp actor system pri 0x8000 mac fe:e1:ba:d0:54:6d, key 
0x7, port pri 0x8000 number 0x1
bge0 lacp actor state 
activity,aggregation,sync,collecting,distributing
bge0 lacp partner system pri 0x8000 mac 70:e4:22:67:2a:1e, key 
0xc, port pri 0x8000 number 0x2
bge0 lacp partner state 
activity,aggregation,sync,collecting,distributing
bge0 port active,collecting,distributing
bge1 lacp actor system pri 0x8000 mac fe:e1:ba:d0:54:6d, key 
0x7, port pri 0x8000 number 0x2
bge1 lacp actor state 
activity,aggregation,sync,collecting,distributing
bge1 lacp partner system pri 0x8000 mac 70:e4:22:67:2a:1e, key 
0xc, port pri 0x8000 number 0x1
bge1 lacp partner state 
activity,aggregation,sync,collecting,distributing
bge1 port active,collecting,distributing
groups: aggr egress
media: Ethernet autoselect
status: active
inet 192.168.200.12 netmask 0xfff0 broadcast 192.168.200.15
inet6 fe80::fce1:baff:fed0:546d%aggr0 prefixlen 64 scopeid 0x7


$ netstat -in
NameMtu   Network Address  Ipkts IfailOpkts Ofail Colls
bge01500fe:e1:ba:d0:54:6d32188 0  368 0 0
bge11500fe:e1:ba:d0:54:6d  8266100 0  7852958 0 0
aggr0   1500fe:e1:ba:d0:54:6d  8297364 0  7852590 0 0
aggr0   1500  192.168.200. 192.168.200.128297364 0  7852590 0 0
aggr0   1500  fe80::%aggr fe80::fce1:baff:f  8297364 0  7852590 0 0

Re: Bufferbloat, FQ-CoDel, and performance

[Steven Shockley]

On 2/23/2021 4:04 PM, Stuart Henderson wrote:

Oops, on interfaces *without* hw checksum offloading, like this:

$ ifconfig em0 hwfeatures
em0: flags=8843 mtu 1500
hwfeatures=10 hardmtu 9216
..


I can try it, but I don't think it'll help in my case:

bnx0: flags=808843 mtu 
1500

hwfeatures=26 hardmtu 9008

Thanks, though.

Bufferbloat, FQ-CoDel, and performance

[Steven Shockley]

I have OpenBSD 6.8 running on a Dell R210-II acting as a 
firewall/router.  To combat bufferbloat I tried implementing FQ-CoDel 
queueing.  The WAN bandwidth is advertised as 940 Mbit/sec down and 840 
Mbit/sec up.


I've tried adding one or the other of these lines to my pf.conf:

queue outq on $ext_if flows 1024 bandwidth 1024M max 1024M qlimit 1024 
default

or
queue outq on $ext_if flows 1024 qlimit 1024 default

In both cases, upload speeds drop from ~800 Mbit/sec to < 100 Mbit/sec. 
Changing the 1024M to other values makes little or no difference.  To be 
fair, bufferbloat does improve, but that's quite a hit.  I'm measuring 
using the dslreports.com speed test via wired ethernet through a Cisco 
3750x.


One possible complexity is that the internal interface is tagged VLANs, 
but if it were an MTU issue I'd expect it to affect performance across 
the board.


Any suggestions?  I'm happy to post dmesg/pf.conf/diagrams if they'd 
help.  Thanks.

Re: dmesg memory not match spdmem and bios

[Steven Shockley]

On 6/11/2020 8:57 AM, man Chan wrote:
>  I just want to know why OpenBSD/i386 have the memory limit to 4G.

All operating systems have this limit.  The 80386 was released to the
public in 1986, when 4 GB was an absurd amount of memory.

> It is ok for me to run OpenBSD/amd64 on a i5 machine. Thanks 

Yes.  Intel bet on Itanium/IA-64 for their 64-bit architecture.
Meanwhile, AMD designed their own 64-bit architecture that extended x86.
 Intel wound up licensing AMD's 64-bit architecture, which at the time
was called Intel 64 or EM64T.  Your i5 processor uses Intel 64, which is
compatible with amd64.

Disable snmpd 'private' community

[Steven Surdock]

I see that snmpd.conf supports "read-write disabled", but this doesn't seem to 
_completely_ disable the private community.  If I set "read-write disabled" I 
can still poll values using the 'private' community.  Is this a bug or a 
feature? 

-Steve S.

Re: unbound network optimizations

[Steven Surdock]

Replying to my own thread as it was pointed out that I neglected to add some 
information.

OpenBSD 6.5 (GENERIC.MP) #7: Wed Nov 20 23:21:48 MST 2019
Native unbound (latest syspatch)
Bge interfaces running on an LACP trunk with IPv4 and IPv6 addresses.

NameMtu   Network Address  Ipkts IfailOpkts Ofail Colls
bge0150044:a8:42:37:bb:b8 114258345 0 84203414 0 0
bge1150044:a8:42:37:bb:b8 57304058 0 84467834 0 0
bge2*   150044:a8:42:37:bb:ba0 00 0 0
bge3*   150044:a8:42:37:bb:bb0 00 0 0
enc0*   00 00 0 0
trunk0  150044:a8:42:37:bb:b8 171549799 0 16865964412 0
trunk0  1500  fe80::%trunk0/64 fe80::601b:75c2:6b28:7276%trunk0 171549799 0 
16865964412 0

-Steve S.

-Original Message-
From: Steven Surdock 
Sent: Monday, December 2, 2019 1:34 PM
To: misc@openbsd.org
Subject: unbound network optimizations

I'm running a pair of unbound resolvers and am attempting to optimize 
performance on them.  This stemmed from noticing a couple of issues in the logs.

Dec  2 11:26:52 ns1 unbound: [54230:5] error: recvfrom 26 failed: Host is down 
Dec  2 11:27:11 ns1 unbound: [54230:5] notice: sendto failed: Resource 
temporarily unavailable Dec  2 11:27:11 ns1 unbound: [54230:5] notice: remote 
address is 192.168.2.42 port 5088

I believed the first message is related to a dropped UDP request or subsequent 
response.  'netstat -p -u udp' shows "dropped due to full socket buffers".  
This was significantly reduced by increasing,
   net.inet.udp.recvspace=262144
   net.inet.udp.sendspace=262144

Unfortunately, I'm still seeing a few UDP drops.  Is there a danger in setting 
this is high?

ns1$ netstat -s -p udp
udp:
698584369 datagrams received
0 with incomplete header
0 with bad data length field
2508 with bad checksum
676259 with no checksum
86709458 input packets software-checksummed
706308843 output packets software-checksummed
641800 dropped due to no socket
0 broadcast/multicast datagrams dropped due to no socket
0 dropped due to missing IPsec protection
77324 dropped due to full socket buffers
697862737 delivered
706308952 datagrams output
698578008 missed PCB cache

The second log message seems to stem from a dropped TCP request.  There seems 
to be a significant number of these and I'm assuming they stem from "452447 SYN 
packets dropped due to queue or memory full" as the number of log message is in 
the same range as the number of dropped SYN packets.

ns1$ netstat -s -p tcp
tcp:
1856161 packets sent
359575 data packets (73608768 bytes)
27022 data packets (5076843 bytes) retransmitted
0 fast retransmitted packets
928517 ack-only packets (414664 delayed)
0 URG only packets
67 window probe packets
2217 window update packets
538808 control packets
271352 packets software-checksummed
2391157 packets received
739060 acks (for 71221089 bytes)
225691 duplicate acks
506 acks for unsent data
0 acks for old data
473441 packets (101441404 bytes) received in-sequence
111074 completely duplicate packets (75769595 bytes)
21701 old duplicate packets
3 packets with some duplicate data (112 bytes duplicated)
231945 out-of-order packets (88494422 bytes)
21 packets (0 bytes) of data after window
0 window probes
34417 window update packets
6771 packets received after close
52 discarded for bad checksums
0 discarded for bad header offset fields
0 discarded because packet too short
0 discarded for missing IPsec protection
0 discarded due to memory shortage
231084 packets software-checksummed
0 bad/missing md5 checksums
0 good md5 checksums
213191 connection requests
156110 connection accepts
340472 connections established (including accepts)
369167 connections closed (including 14600 drops)
0 connections drained
14167 embryonic connections dropped
860911 segments updated rtt (of 838375 attempts)
40788 retransmit timeouts
3005 connections dropped by rexmit timeout
69 persist timeouts
6563 keepalive timeouts
0 keepalive probes sent
0 connections dropped by keepalive
12445 correct ACK header predictions
222843 correct data packet header predictions

unbound network optimizations

[Steven Surdock]

I'm running a pair of unbound resolvers and am attempting to optimize 
performance on them.  This stemmed from noticing a couple of issues in the logs.

Dec  2 11:26:52 ns1 unbound: [54230:5] error: recvfrom 26 failed: Host is down
Dec  2 11:27:11 ns1 unbound: [54230:5] notice: sendto failed: Resource 
temporarily unavailable
Dec  2 11:27:11 ns1 unbound: [54230:5] notice: remote address is 192.168.2.42 
port 5088

I believed the first message is related to a dropped UDP request or subsequent 
response.  'netstat -p -u udp' shows "dropped due to full socket buffers".  
This was significantly reduced by increasing,
   net.inet.udp.recvspace=262144
   net.inet.udp.sendspace=262144

Unfortunately, I'm still seeing a few UDP drops.  Is there a danger in setting 
this is high?

ns1$ netstat -s -p udp
udp:
698584369 datagrams received
0 with incomplete header
0 with bad data length field
2508 with bad checksum
676259 with no checksum
86709458 input packets software-checksummed
706308843 output packets software-checksummed
641800 dropped due to no socket
0 broadcast/multicast datagrams dropped due to no socket
0 dropped due to missing IPsec protection
77324 dropped due to full socket buffers
697862737 delivered
706308952 datagrams output
698578008 missed PCB cache

The second log message seems to stem from a dropped TCP request.  There seems 
to be a significant number of these and I'm assuming they stem from "452447 SYN 
packets dropped due to queue or memory full" as the number of log message is in 
the same range as the number of dropped SYN packets.

ns1$ netstat -s -p tcp
tcp:
1856161 packets sent
359575 data packets (73608768 bytes)
27022 data packets (5076843 bytes) retransmitted
0 fast retransmitted packets
928517 ack-only packets (414664 delayed)
0 URG only packets
67 window probe packets
2217 window update packets
538808 control packets
271352 packets software-checksummed
2391157 packets received
739060 acks (for 71221089 bytes)
225691 duplicate acks
506 acks for unsent data
0 acks for old data
473441 packets (101441404 bytes) received in-sequence
111074 completely duplicate packets (75769595 bytes)
21701 old duplicate packets
3 packets with some duplicate data (112 bytes duplicated)
231945 out-of-order packets (88494422 bytes)
21 packets (0 bytes) of data after window
0 window probes
34417 window update packets
6771 packets received after close
52 discarded for bad checksums
0 discarded for bad header offset fields
0 discarded because packet too short
0 discarded for missing IPsec protection
0 discarded due to memory shortage
231084 packets software-checksummed
0 bad/missing md5 checksums
0 good md5 checksums
213191 connection requests
156110 connection accepts
340472 connections established (including accepts)
369167 connections closed (including 14600 drops)
0 connections drained
14167 embryonic connections dropped
860911 segments updated rtt (of 838375 attempts)
40788 retransmit timeouts
3005 connections dropped by rexmit timeout
69 persist timeouts
6563 keepalive timeouts
0 keepalive probes sent
0 connections dropped by keepalive
12445 correct ACK header predictions
222843 correct data packet header predictions
828362 PCB cache misses
40214 dropped due to no socket
0 ECN connections accepted
0 ECE packets received
0 CWR packets received
9148 CE packets received
0 ECT packets sent
0 ECE packets sent
0 CWR packets sent
cwr by fastrecovery: 385
cwr by timeout: 40788
cwr by ecn: 0
3161 bad connection attempts
452447 SYN packets dropped due to queue or memory full
161093 SYN cache entries added
0 hash collisions
156110 completed
0 aborted (no space to build PCB)
252 timed out
0 dropped due to overflow
0 dropped due to bucket overflow
4731 dropped due to RST
0 dropped due to ICMP unreachable
2809 SYN,ACKs retransmitted
913 duplicate SYNs received for entries already in the cache
0 SYNs dropped (no route or 

Unison on 6.6 - compatibility

[Steven Surdock]

I just fired up a 6.6/amd64 host that I will use to replace an existing 
6.5/amd64 remote fileserver.  I've been using Unison to synch files between 
this remote server and a Windows fileserver.  It seems with the bump to OCAML 
4.09 Unison is throwing an error, "input_value: ill-formed message", when 
trying to sync the hosts.  From my reading, this is the result of OCAML version 
mismatches.  I've tried various combinations of Unison on both ends to no 
avail.  The latest Windows binary I have is compiled with OCAML 4.0.7.  It 
seems my options are,

+ Keep the host at 6.5 (until Unison Window's binaries catch up.)
+ Compile Unison on Windows with a compatible OCAML.
+ Build Unison on 6.6 with a lower OCAML version (4.07 seems to work.)

Any advice would be appreciated. 
 
-Steve S.

Re: Softraid data recovery

[Steven Surdock]

> -Original Message-
> From: Aaron Mason 
> Sent: Monday, October 14, 2019 7:13 PM
> To: Steven Surdock 
> Cc: misc@openbsd.org
> Subject: Re: Softraid data recovery
> 
> On Tue, Oct 15, 2019 at 7:34 AM Steven Surdock  net.com> wrote:
> >
...
> >
> > How can I recover as much data as possible off the failed RAID array.
> > If I recreate the array, "bioctl -c 1 -l /dev/wd0d,/dev/wd1d
> softraid0", will the existing data be preserved?
> >
...
Based on the information found here:  
https://marc.info/?l=openbsd-misc=136553269631163=2 I was successfully able 
to create a disk image off the failing drive.

$ dd if=/dev/wd0d of=raid.img conv=noerror,sync skip=528
$ vnconfig vnd0 raid.img
$ fsck /dev/vnd0a
$ fsck /dev/vnd0d
$ mount /dev/vnd0a /home/public
 

Re: Softraid data recovery

[Steven Surdock]

> -Original Message-
> From: Karel Gardas 
> Sent: Wednesday, October 16, 2019 11:26 AM
> To: Steven Surdock 
> Cc: misc@openbsd.org
> Subject: Re: Softraid data recovery
> 
> On 2019-10-15 13:44, Steven Surdock wrote:
> > Model Family: Western Digital Black
> > Device Model: WDC WD4001FAEX-00MJRA0
> > 196 Reallocated_Event_Count 0x0032   200   200   000Old_age
> Always   -   0
> > 197 Current_Pending_Sector  0x0032   200   200   000Old_age
> Always   -   9
> > 198 Offline_Uncorrectable   0x0030   200   200   000Old_age
> Offline  -   9
> > 199 UDMA_CRC_Error_Count0x0032   200   200   000Old_age
> Always   -   0
> > 200 Multi_Zone_Error_Rate   0x0008   200   200   000Old_age
> Offline  -   9
> 
> Looks like 9 bad sectors which can't be remapped for whatever reason.
> UDMA_CRC error count is on 0, which looks like your SATA cable is fine.
> The drive is kind of strange since it still claim Raw read error rate to
> have on 0.
> 
> > Model Family: Western Digital Black
> > Device Model: WDC WD4003FZEX-00Z4SA0
> > Serial Number:WD-WMC5D0D50MLK
> > Vendor Specific SMART Attributes with Thresholds:
> > ID# ATTRIBUTE_NAME  FLAG VALUE WORST THRESH TYPE
> UPDATED  WHEN_FAILED RAW_VALUE
> >1 Raw_Read_Error_Rate 0x002f   200   200   051Pre-fail
> Always   -   6
> > 196 Reallocated_Event_Count 0x0032   200   200   000Old_age
> Always   -   0
> > 197 Current_Pending_Sector  0x0032   200   200   000Old_age
> Always   -   0
> > 198 Offline_Uncorrectable   0x0030   200   200   000Old_age
> Offline  -   4
> > 199 UDMA_CRC_Error_Count0x0032   200   200   000Old_age
> Always   -   0
> > 200 Multi_Zone_Error_Rate   0x0008   200   200   000Old_age
> Offline  -   6
> 
> Looks like 4 uncorrectable sectors while 6 raw read error happened.
> 
> You can attempt to run -t long  to learn more about your 2 drives
> (with -a following long test), but I still consider both drives happily
> dyeing.

Considered and working to replace.  I'm still working on recovering as much 
data as possible.  As noted, one partition is backups, but I had some scripts 
on there I did not backup.  Thanks.

Re: Softraid data recovery

[Steven Surdock]

> -Original Message-
> From: Karel Gardas 
> Sent: Tuesday, October 15, 2019 5:31 AM
> To: Steven Surdock 
> Cc: misc@openbsd.org
> Subject: Re: Softraid data recovery
> 
> 
> 
> On 2019-10-15 04:26, Steven Surdock wrote:
> > I believe the disks are mostly healthy.
> 
> I seriously doubt that. What's the output from smartctl -a for both
> drives? I can't imagine why would you get failures on heave reads on one
> drive and then later failures on another one and yet it would not show
> in SMART info as some kind of error(s). Another possibility maybe your
> SATA cables just too old and fragile, but smartctl will tell that too.

root@host# smartctl -a /dev/wd0c
smartctl 7.0 2018-12-30 r4883 [i386-unknown-openbsd6.5] (local build)
Copyright (C) 2002-18, Bruce Allen, Christian Franke, www.smartmontools.org

=== START OF INFORMATION SECTION ===
Model Family: Western Digital Black
Device Model: WDC WD4001FAEX-00MJRA0
Serial Number:WD-WCC131134311
LU WWN Device Id: 5 0014ee 2090b4beb
Firmware Version: 01.01L01
User Capacity:4,000,787,030,016 bytes [4.00 TB]
Sector Size:  512 bytes logical/physical
Device is:In smartctl database [for details use: -P show]
ATA Version is:   ATA8-ACS (minor revision not indicated)
SATA Version is:  SATA 3.0, 6.0 Gb/s (current: 3.0 Gb/s)
Local Time is:Tue Oct 15 07:40:39 2019 EDT
SMART support is: Available - device has SMART capability.
SMART support is: Enabled

=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED

General SMART Values:
Offline data collection status:  (0x82) Offline data collection activity
was completed without error.
Auto Offline Data Collection: Enabled.
Self-test execution status:  (   0) The previous self-test routine completed
without error or no self-test has ever
been run.
Total time to complete Offline
data collection:(46080) seconds.
Offline data collection
capabilities:(0x7b) SMART execute Offline immediate.
Auto Offline data collection on/off 
support.
Suspend Offline collection upon new
command.
Offline surface scan supported.
Self-test supported.
Conveyance Self-test supported.
Selective Self-test supported.
SMART capabilities:(0x0003) Saves SMART data before entering
power-saving mode.
Supports SMART auto save timer.
Error logging capability:(0x01) Error logging supported.
General Purpose Logging supported.
Short self-test routine
recommended polling time:(   2) minutes.
Extended self-test routine
recommended polling time:( 497) minutes.
Conveyance self-test routine
recommended polling time:(   5) minutes.
SCT capabilities:  (0x70b5) SCT Status supported.
SCT Feature Control supported.
SCT Data Table supported.

SMART Attributes Data Structure revision number: 16
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME  FLAG VALUE WORST THRESH TYPE  UPDATED  
WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate 0x002f   200   200   051Pre-fail  Always   
-   0
  3 Spin_Up_Time0x0027   151   151   021Pre-fail  Always   
-   11425
  4 Start_Stop_Count0x0032   100   100   000Old_age   Always   
-   24
  5 Reallocated_Sector_Ct   0x0033   200   200   140Pre-fail  Always   
-   0
  7 Seek_Error_Rate 0x002e   200   200   000Old_age   Always   
-   0
  9 Power_On_Hours  0x0032   030   030   000Old_age   Always   
-   51197
 10 Spin_Retry_Count0x0032   100   253   000Old_age   Always   
-   0
 11 Calibration_Retry_Count 0x0032   100   253   000Old_age   Always   
-   0
 12 Power_Cycle_Count   0x0032   100   100   000Old_age   Always   
-   24
192 Power-Off_Retract_Count 0x0032   200   200   000Old_age   Always   
-   12
193 Load_Cycle_Count0x0032   200   200   000Old_age   Always   
-   13
194 Temperature_Celsius 0x0022   104   100   000Old_age   Always   
-   48
196 Reallocated_Event_Count 0x0032   200   200   000Old_age   Always   
-   0
197 Current_Pending_Sector  0x0032   200   200   000Old_age   Always   
-   9
198 Offline_Uncorrectable   0x0030 

Re: Softraid data recovery

[Steven Surdock]

> -Original Message-
> From: Aaron Mason 
> Sent: Monday, October 14, 2019 7:13 PM
> To: Steven Surdock 
> Cc: misc@openbsd.org
> Subject: Re: Softraid data recovery
> 
> On Tue, Oct 15, 2019 at 7:34 AM Steven Surdock  net.com> wrote:
> >
> > I have a simple RAID1 configuration on wd0, wd1.  I was in the process
> of performing a rebuild on wd1, as it failed during some heavy reads.
> During the rebuild wd0 went into a failure state.  After some
> troubleshooting I decided to reboot and now my RAID disk, sd1, is
> unavailable.  Disks wd0 and wd1 don't show any errors, but I have a
> replacement disk.  I have backups for the critical data and I'd like to
> try and recover as much recent data as possible.  My thought was to
> create a disk image of the "/home/public" data and mount it using
> vnconfig, but I seem to be having issues with the appropriate 'dd'
> command to do that.
> >
> > How can I recover as much data as possible off the failed RAID array.
> > If I recreate the array, "bioctl -c 1 -l /dev/wd0d,/dev/wd1d
> softraid0", will the existing data be preserved?
> >
> > root@host# disklabel wd0
> > # /dev/rwd0c:
> > type: ESDI
> > disk: ESDI/IDE disk
> > label: WDC WD4001FAEX-0
> > duid: acce36f25df51c8c
> > flags:
> > bytes/sector: 512
> > sectors/track: 63
> > tracks/cylinder: 255
> > sectors/cylinder: 16065
> > cylinders: 486401
> > total sectors: 7814037168
> > boundstart: 64
> > boundend: 4294961685
> > drivedata: 0
> >
> > 16 partitions:
> > #size   offset  fstype [fsize bsize   cpg]
> >   c:   78140371680  unused
> >   d:   7814037104   64RAID
> >
> > root@host# more /var/backups/disklabel.sd1.backup # /dev/rsd1c:
> > type: SCSI
> > disk: SCSI disk
> > label: SR RAID 1
> > duid: 8ec2330eabf7cd26
> > flags:
> > bytes/sector: 512
> > sectors/track: 63
> > tracks/cylinder: 255
> > sectors/cylinder: 16065
> > cylinders: 486401
> > total sectors: 7814036576
> > boundstart: 64
> > boundend: 7814036576
> > drivedata: 0
> >
> > 16 partitions:
> > #size   offset  fstype [fsize bsize   cpg]
> >   a:   2147488704   64  4.2BSD   8192 65536 1 #
> /home/public/
> >   c:   78140365760  unused
> >   d:   5666547712   2147488768  4.2BSD   8192 65536 1 #
> /home/Backups/
> >
> 
> I think at this point you're far better off restoring from backup.
> You do have a backup, right?
> 
> As for the disks, ddrescue would be a better option than dd - it'll keep
> trying if it encounters another URE whereas dd will up and quit.
> Expect it to take several days on disks that big - it's designed to be
> gentle to dying disks.

I believe the disks are mostly healthy.  In fact I've tried several attempts at 
dd'ing the data from wd0 with no read issues.  It takes about 12 hours to read 
1TB.  I suspect I'm not aligning sectors properly and the filesystem is not 
readable.  I've tried making an image of /home/public (which is _mostly_ backed 
up), but fsck doesn't see a reasonable filesystem after I vnconfig the image.  
So, if anyone has some insight on 'dd if=/dev/wd0d of=public.img bs=512 
count=5666547712 skip=xx', it would be great.

Softraid data recovery

[Steven Surdock]

I have a simple RAID1 configuration on wd0, wd1.  I was in the process of 
performing a rebuild on wd1, as it failed during some heavy reads.  During the 
rebuild wd0 went into a failure state.  After some troubleshooting I decided to 
reboot and now my RAID disk, sd1, is unavailable.  Disks wd0 and wd1 don't show 
any errors, but I have a replacement disk.  I have backups for the critical 
data and I'd like to try and recover as much recent data as possible.  My 
thought was to create a disk image of the "/home/public" data and mount it 
using vnconfig, but I seem to be having issues with the appropriate 'dd' 
command to do that.

How can I recover as much data as possible off the failed RAID array.
If I recreate the array, "bioctl -c 1 -l /dev/wd0d,/dev/wd1d softraid0", will 
the existing data be preserved?

root@host# disklabel wd0
# /dev/rwd0c:
type: ESDI
disk: ESDI/IDE disk
label: WDC WD4001FAEX-0
duid: acce36f25df51c8c
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 486401
total sectors: 7814037168
boundstart: 64
boundend: 4294961685
drivedata: 0

16 partitions:
#size   offset  fstype [fsize bsize   cpg]
  c:   78140371680  unused
  d:   7814037104   64RAID

root@host# more /var/backups/disklabel.sd1.backup
# /dev/rsd1c:
type: SCSI
disk: SCSI disk
label: SR RAID 1
duid: 8ec2330eabf7cd26
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 486401
total sectors: 7814036576
boundstart: 64
boundend: 7814036576
drivedata: 0

16 partitions:
#size   offset  fstype [fsize bsize   cpg]
  a:   2147488704   64  4.2BSD   8192 65536 1 # 
/home/public/
  c:   78140365760  unused
  d:   5666547712   2147488768  4.2BSD   8192 65536 1 # 
/home/Backups/

Package -stable updates

[Steven Shockley]

So, many thanks to everyone who put together the new -stable updates for
packages.  Is there a command I can put in the crontab that will only
output if there are updates?  Similar to what syspatch or openup does.
I tried pkg_add -unx, but that still tells me to delete old files and
prints the quirks line even if there are no updates.

Re: OpenBSD on VMware ESXi

[Steven Shockley]

On 5/22/2019 6:46 AM, Roderick wrote:
> Any recommendations in general? Current or stable?

I've had bad luck with softupdates and OpenBSD on ESXi when the ESXi
datastore is on nfs.  (Encountered on ESX 5.0, 5.1, and 5.5; I must not
learn from my mistakes.)  From what I can tell, if the nfs datastore
takes too long to respond OpenBSD thinks the disk has gone away and
panics.  It's not OpenBSD's fault; if a real disk stopped responding a
panic is probably the best result.

Probably some tuning could be done to make the ESXi nfs timeout match
the OpenBSD timeout, but it's easier to just not use softupdates and
match the backing disk to my performance requirements.

Note that softupdates are not enabled by default.

Re: 6.5 PowerPC Packages

[Steven Shockley]

On 5/9/2019 10:55 AM, Theo de Raadt wrote:
> The real reason is because we're low on current for the flux capacitor,
> after shifting time for the early 6.5 release.  Not all the machines
> were able to fit into back seat of the Delorian.

Wouldn't that be low on -release or -stable?

Re: Squid slower compared to Linux how to boost it?

[Steven Shockley]

On 1/22/2019 11:51 AM, Juan Francisco Cantero Hurtado wrote:
> On Tue, Jan 22, 2019 at 07:49:06AM +, slackwaree wrote:
>> Hello,
>>
>> I'm migrating from an old Debian Wheezy 7.11 to OpenBSD 6.3.
> 
> If you're migrating to OpenBSD, then try with -current and update to 6.5
> when we release it.

Was there a specific change that might make a difference?  Thanks.

DUID changed?

[Steven Shockley]

So, today I was installing recent patches on my firewall box (a Dell 
R210-II) using openup/syspatch.  After the reboot, it complained that it 
couldn't find [DUID].b for swap.  After some panic, reboots, 
powercycles, etc. I realized that the DUID in fstab didn't match the 
DUID that was being used for /.  I updated fstab to match, and 
everything is back to normal.  Does anyone know how I might have done 
this, or how I can prevent it?


BTW thanks for /bsd.booted.  That made it easy to figure out the patch 
wasn't to blame.


disklabel.sd0.backup:
# /dev/rsd0c:
type: SCSI
disk: SCSI disk
label: ST1000NM0011
duid: a0debfbdc4b3991a
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 121601
total sectors: 1953525168
boundstart: 64
boundend: 1953520065
drivedata: 0

16 partitions:
#size   offset  fstype [fsize bsize   cpg]
  a:  2097152   64  4.2BSD   2048 16384 1 # /
  b: 17206720  2097216swap# none
  c:   19535251680  unused
  d:  8388608 19303936  4.2BSD   2048 16384 1 # /tmp
  e: 41753472 27692544  4.2BSD   2048 16384 1 # /var
  f:  4194304 69446016  4.2BSD   2048 16384 1 # /usr
  g:  2097152 73640320  4.2BSD   2048 16384 1 # 
/usr/X11R6
  h: 20971520 75737472  4.2BSD   2048 16384 1 # 
/usr/local
  i:  4195264 96708992  4.2BSD   2048 16384 1 # 
/usr/src

  j: 41929632100904256  4.2BSD   2048 16384 1 # /home
  k: 41929664142833888  4.2BSD   2048 16384 1 # 
/usr/ports
  l:  4192960184763552  4.2BSD   2048 16384 1 # 
/usr/obj
  m:150994944188956512  4.2BSD   2048 16384 1 # 
/home/squidcache


disklabel.sd0.current:
# /dev/rsd0c:
type: SCSI
disk: SCSI disk
label: ST1000NM0011
duid: 5b645952b882641e
flags:
bytes/sector: 512
sectors/track: 63
tracks/cylinder: 255
sectors/cylinder: 16065
cylinders: 121601
total sectors: 1953525168
boundstart: 64
boundend: 1953520065
drivedata: 0

16 partitions:
#size   offset  fstype [fsize bsize   cpg]
  a:  2097152   64  4.2BSD   2048 16384 1
  b: 17206720  2097216swap
  c:   19535251680  unused
  d:  8388608 19303936  4.2BSD   2048 16384 1
  e: 41753472 27692544  4.2BSD   2048 16384 1
  f:  4194304 69446016  4.2BSD   2048 16384 1
  g:  2097152 73640320  4.2BSD   2048 16384 1
  h: 20971520 75737472  4.2BSD   2048 16384 1
  i:  4195264 96708992  4.2BSD   2048 16384 1
  j: 41929632100904256  4.2BSD   2048 16384 1
  k: 41929664142833888  4.2BSD   2048 16384 1
  l:  4192960184763552  4.2BSD   2048 16384 1
  m:150994944188956512  4.2BSD   2048 16384 1

(Where are the mount points?  Does that matter?)

dmesg:
OpenBSD 6.3 (GENERIC.MP) #8: Sat Aug  4 16:56:56 CEST 2018

r...@syspatch-63-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8541405184 (8145MB)
avail mem = 8275464192 (7892MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe6670 (57 entries)
bios0: vendor Dell Inc. version "2.8.0" date 06/24/2014
bios0: Dell Inc. PowerEdge R210 II
acpi0 at bios0: rev 2
acpi0: sleep states S0 S4 S5
acpi0: tables DSDT FACP SPMI DMAR ASF! HPET APIC MCFG WDAT BOOT SSDT 
ASPT SSDT SSDT HEST ERST BERT EINJ
acpi0: wakeup devices P0P1(S4) GLAN(S0) EHC1(S4) EHC2(S4) XHC_(S4) 
PXSX(S4) RP01(S5) PXSX(S4) RP02(S5) PXSX(S4) RP03(S5) PXSX(S4) RP04(S5) 
PXSX(S4) RP05(S5) PXSX(S4) [...]

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU E31260L @ 2.40GHz, 2394.92 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,IBRS,IBPB,STIBP,SENSOR,ARAT,XSAVEOPT,MELTDOWN

cpu0: 256KB 64b/line 8-way L2 cache
acpihpet0: recalibrated TSC frequency 2394560655 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Xeon(R) CPU E31260L @ 2.40GHz, 2394.56 MHz
cpu1: 

Re: pgrep/pkill in rc script

[Steven Shockley]

On 6/4/2018 4:57 PM, Stuart Henderson wrote:

pgrep uses regular expressions, so if you're matching the full string
you'll need to escape the +'s.

The 16-character limit doesn't apply here, that's if you're only matching
on the command name. rc.d / pgrep -f match on the full process title instead.
Run top(1) and compare before/after pressing C.


Ah, that makes sense.  Thanks!

pgrep/pkill in rc script

[Steven Shockley]

I have a 6.3 machine running four Minecraft instances (i.e. Java apps). 
I recently changed the rc script for one of them to use additional Java 
command-line arguments.  I believe I ran into something similar to 
https://marc.info/?l=openbsd-misc=138268000201733, where pgrep would 
no longer match the command arguments since it was longer than 16 
characters (although in my case it didn't match either from script or 
shell).  However, the 16-character limit doesn't seem right, because my 
old command was already longer.


Old command:
/usr/local/jre-1.8.0/bin/java -Xms1536M -Xmx1536M -jar 
/var/games/minecraft/minecraft_server.jar nogui


New command:
/usr/local/jre-1.8.0/bin/java -server -Xms1536M -Xmx1536M 
-XX:+UseConcMarkSweepGC -XX:+UseParNewGC -XX:+CMSIncrementalPacing 
-XX:ParallelGCThreads=2 -XX:+AggressiveOpts -jar 
/var/games/minecraftss/minecraft_server.jar nogui


So, with the old command, it's only comparing "-Xms1536M -Xmx" at 16 
characters (or /usr/local/jre if it's referring to the executable), so I 
would think it wouldn't have worked with the old command, either.


Fortunately, I was already running the four as different users, so I 
could work around it by using pgrep/pkill -U.  However, I'm curious 
about the 16-character limit; I looked at the source for pkill, and the 
only limit I saw was _POSIX2_LINE_MAX.  Or was the limit a red herring, 
and something else was causing my problem?


Thanks.

Re: syspatch not updating kernel

[Steven Surdock]

This was, in fact, the reason.  I had an MP kernel running on a VM with a 
single CPU.

I ended up moving to an SP kernel, but I needed to copy 
/usr/share/compile/GENERIC for a working i386 SP machine.  To make sure 
everything was updated I also reverted syspatches and then re-applied them.  
Everything looks good now.

> -Original Message-
> From: Zbyszek Żółkiewski [mailto:zbys...@onefellow.com]
> Sent: Thursday, December 14, 2017 6:24 AM
> To: misc@openbsd.org
> Cc: Steven Surdock <ssurd...@engineered-net.com>
> Subject: Re: syspatch not updating kernel
> 
> Hi,
> 
> perhaps this might be a reason, syspatch, around line number 274:
> 
> (($(sysctl -n hw.ncpufound) > 1)) && _BSDMP=true || _BSDMP=false
> 
> your kernel looks like MP on i386 ?
> 
> _
> Zbyszek Żółkiewski
> 
> > Wiadomość napisana przez Steven Surdock <ssurd...@engineered-net.com>
> w dniu 13.12.2017, o godz. 14:33:
> >
> > I just ran syspatch on a 6.2/i386 host and the kernel did not change
> as it has on my other patched machines.  It appears that
> pub/OpenBSD/syspatch/6.2 was updated on 12/10.
> >
> > root@rad03 [/root]# syspatch -l
> > 002_fktrace
> > 003_mpls
> > root@rad03 [/root]# uname -a
> > OpenBSD cts-rad03.ctstelecom.com 6.2 GENERIC.MP#166 i386
> >
> >
> > -Steve S.
> >

syspatch not updating kernel

[Steven Surdock]

I just ran syspatch on a 6.2/i386 host and the kernel did not change as it has 
on my other patched machines.  It appears that pub/OpenBSD/syspatch/6.2 was 
updated on 12/10.

root@rad03 [/root]# syspatch -l
002_fktrace
003_mpls
root@rad03 [/root]# uname -a
OpenBSD cts-rad03.ctstelecom.com 6.2 GENERIC.MP#166 i386


-Steve S.

Re: Upgrade 6.1 -> 6.2: No /mnt/etc/myname

[Steven McDonald]

This is a complete guess, but is /etc/myname a symbolic link? If it is
a symlink to an absolute path, that is unlikely to exist in the bsd.rd
filesystem and would cause this error.

If that's not it, please clarify what you mean by the "file is there".
What command did you run, and what was its output? What sort of file is
it? And is sd0 the correct disk?

Re: Blank screen after boot with Radeon HD 5450

[Steven McDonald]

On Sun, 28 May 2017 22:54:22 +0200
Steven McDonald <ste...@steven-mcdonald.id.au> wrote:

> Re-reading your mail, it sounds like you installed the card into an
> existing system. In that case, my question becomes "have you run
> fw_update?"

Just noticed the part of your mail where you showed you had the
firmware installed. Sorry for the noise, brain must be in slow motion
tonight.

Re: Blank screen after boot with Radeon HD 5450

[Steven McDonald]

Re-reading your mail, it sounds like you installed the card into an
existing system. In that case, my question becomes "have you run
fw_update?"

Re: Blank screen after boot with Radeon HD 5450

[Steven McDonald]

On Sun, 28 May 2017 15:37:08 -0400
Maximilian Pichler  wrote:

> After the installation of a VisionTek Radeon 5450 graphics card my
> machine gives a blank screen after booting. It still shows the normal
> system messages (full dmesg below), with the last visible one being
> "scsibus4 at softraid0: 256 targets". Then the monitor (connected via
> DisplayPort) goes into power save mode. This is on OpenBSD 6.1 and
> amd64.

Have you tried booting more than once? I've had this problem on a
Radeon HD 6850 after a fresh install in the past, and after a reboot it
worked. I suspect the cause was that fw_update ran too late for the
firmware to load correctly (and I no longer have access to that
hardware to test).

Re: file systems

[Steven McDonald]

On Fri, 26 May 2017 11:35:49 -0300
Friedrich Locke  wrote:

> Hi folks,
> 
> does anybody here run OBSD with a file system bigger than 10TB ?
> How much time boot takes to bring the system up (i mean fsck) ?
> Are you using ffs2 ? With softdep ?
> 
> Thanks.

This depends heavily on how you plan to use the filesystem. I have an 8
TB filesystem (FFS2 with softdep) that takes several hours to fsck,
mostly in phase 2 ("Check Pathnames") because of a very large number of
hard links.

Re: What does it mean this error when I try install a package?

[Steven McDonald]

On Mon, 17 Apr 2017 11:02:37 +
"C. L. Martinez"  wrote:

> pkg_add -v python-2.7

There is no package called python-2.7. The package you want is called
python-2.7.13p0. You have a few options:

 1. pkg_add python, then select the version you want.
 2. pkg_add python-2.7.13p0
 3. pkg_add -z python-2.7 (fuzzy matching, see pkg_add(1))

Re: It is possible to start xenodm on Radeon HD 8730M (or Intel HD Graphics 4000) ?

[Steven McDonald]

On Sat, 8 Apr 2017 15:04:18 +0500
"dmitry.sensei"  wrote:

> "ATI Radeon HD 8730M" rev 0x00 at pci1 dev 0 function 0 not configured
> inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics 4000" rev 0x09
> drm0 at inteldrm0

Your Intel card is supported via DRM, but your Radeon one is not. The
problem is that Xorg is trying to use the Radeon card.

You can try creating the file /etc/X11/xorg.conf with the contents
below to force Xorg to use the Intel card.

Section "Device"
Identifier "default device"
Driver "intel"
EndSection

Section "Screen"
Identifier "default screen"
Device "default device"
EndSection

Re: malloc.conf recommended settings

[Steven Schneider]

* Otto Moerbeek <o...@drijf.net> [170401 07:30]:

On Sat, Apr 01, 2017 at 03:11:32AM +, Steven Schneider wrote:


Thanks Theo and Otto for replying.


I have a question about the recommended settings for /etc/malloc.conf.  I'm
currently using JUC on my i386 laptop, just to see how the old beast handles
it. I hadn't noticed any significant performance issues though it did crash
Chromium because it was using memory it had just freed. On my amd64 desktop
I am just using J as I was working on some assignments and I didn't want to
try anything too risky until I had completed the assignments.


I'd use at C or S for development. The earlier you discover a problem,
the better. Note that S includes a few other flags.

This makes me wonder what's all included in S. I have a copy of the 
source tree so I guess I have some reading ahead of me. :-)


What are some recommended settings for /etc/malloc.conf in given scenarios
such as general use desktop, or an internet facing webserver?


Just use no malloc.conf, it's te default. If the performance loss is
acceptable (only you can decide that) try S. But as you have seen,
some programs have bugs that are exposed by the flags. Again, only you
can decide if that's acceptable.

I agree that my question was a bit vague, though that wasn't my 
intention, as there being numerous desktop setup one could have. The 
malloc.conf man page recommends U for security and F for debugging and 
it was that entry in the man page that inspired me to ask this question.


Anyhow, thanks for taking the time to answer my somewhat naive 
questions, Theo and Otto. I will play around with the settings a bit, 
read the source and decide what I prefer.


--
W. Steven Schneider  <w.steven.schnei...@ualberta.net>

Re: Question about bsd.rd

[Steven Schneider]

* Raf Czlonka <rczlo...@gmail.com> [170401 00:15]:

Date: Fri, 31 Mar 2017 09:13:57 +0100
From: Raf Czlonka <rczlo...@gmail.com>
To: OpenBSD Misc <misc@openbsd.org>
Subject: Re: Question about bsd.rd
Content-Type: text/plain; charset=us-ascii
User-Agent: Mutt/1.8.0 (2017-02-23)
Sender: owner-m...@openbsd.org

On Fri, Mar 31, 2017 at 02:51:47AM BST, Steven Schneider wrote:

Hi @misc,

I've noticed that bsd.rd wants to download the install base packages from
/pub/OpenBSD/6.1/i386. Is this an error or some sort of alias for the path
to the snapshots of the install base? bsd.rd seems to find the install base
packages alright. pkg_add has trouble finding the application packages
though using the entry in /etc/installurl. As a result I thought I had
screwed up my upgrade royally. XD

Anyhow, I'm just curious as to what's going on. Thanks.


In term of packages, for the time being use:

# pkg_add -D snap -u

Regards,


Thanks Raf, that worked.
--
W. Steven Schneider  <w.steven.schnei...@ualberta.net>

malloc.conf recommended settings

[Steven Schneider]

Hi,

I have a question about the recommended settings for /etc/malloc.conf.  
I'm currently using JUC on my i386 laptop, just to see how the old beast 
handles it. I hadn't noticed any significant performance issues though it 
did crash Chromium because it was using memory it had just freed. On my 
amd64 desktop I am just using J as I was working on some assignments and 
I didn't want to try anything too risky until I had completed the 
assignments.


What are some recommended settings for /etc/malloc.conf in given 
scenarios such as general use desktop, or an internet facing webserver?


Thanks.

--
W. Steven Schneider  <w.steven.schnei...@ualberta.net>

Question about bsd.rd

[Steven Schneider]

Hi @misc,

I've noticed that bsd.rd wants to download the install base packages 
from /pub/OpenBSD/6.1/i386. Is this an error or some sort of alias for 
the path to the snapshots of the install base? bsd.rd seems to find the 
install base packages alright. pkg_add has trouble finding the 
application packages though using the entry in /etc/installurl. As a 
result I thought I had screwed up my upgrade royally. XD


Anyhow, I'm just curious as to what's going on. Thanks.

--
W. Steven Schneider  <w.steven.schnei...@ualberta.net>

Re: Some shell scripts I've wrote

[Steven Dee]

Cool. Maybe a good complement for .

On Wed, Aug 3, 2016 at 11:30 AM Walter Alejandro Iglesias <
roque...@gmail.com> wrote:

> Sorry!
>
> I have an entry in vimrc for my mail that replaces '>>' for '> >'.  That
> screwed the code, it was a bad idea.  Here the corrected code:
>
> =
> #!/bin/sh
> # ~/bin/wifi.sh - occasional wireless connection in OpenBSD
>
> [ "`whoami`" != "root" ] && { echo "You must be root"; exit 1; }
>
> # PUT YOUR NORMAL USER HERE
> user=morlock
>
> # IMPORTANT: if you don't use dhcp in your home LAN save a copy of your
> # LAN version of /etc/resolv.conf and /etc/hosts to this directory.
> backdir=/home/$user/.wifi
>
> [ ! -d $backdir ] && mkdir $backdir
> rec=$backdir/stored
> [ ! -e $rec ] && {
> touch $rec
> chmod 600 $rec
> chown $user:$user $rec
> }
> tmp=/tmp/wifi-`date +%H%M%S`
>
> # FUNCTIONS
> cancel()
> {
> ifconfig $int -inet -inet6 -nwid -bssid -wpakey -nwkey
> ifconfig $int down
> [ -f $tmp ] && rm $tmp
> [ -f $stored_tmp ] && rm $stored_tmp
> exit 1
> }
>
> get_password()
> {
> if grep -i $bssid $rec; then
> echo -n "Use the above \"$nwid\" stored password? [Y/n] "
> read answer
> if [ "$answer" != "n" ]; then
> password=`grep -i $bssid $rec | awk '{ print $2 }'`
> else
> printf "$nwid $enc $message: "
> read password
> fi
> else
> printf "$nwid $enc $message: "
> read password
> fi
> }
>
> # SELECT WIRELESS INTERFACE
> interfaces="`ifconfig wlan | awk -F: '/^[^\t]/ { print $1 }' | xargs`"
> if [ ! "$interfaces" ]; then
> echo "No wireless interfaces found." 1>&2
> exit 1
> elif [ `echo "$interfaces" | wc -w | xargs` -gt 1 ]; then
> echo $interfaces
> int=none
> until echo $interfaces | grep -q $int; do
> echo -n "Interface? "
> read int
> done
> else
> int=$interfaces
> fi
>
> trap cancel INT
> ifconfig $int up
> ifconfig $int -inet -inet6 -nwid -bssid -wpakey -nwkey
>
> # SCAN AND CHOOSE AN ACCESS POINT
> echo 'Scanning on '$int'...'
> ifconfig $int scan | awk -F'\t' '/\tnwid/ { print $3 }' | nl -s') ' > $tmp
> if [ `awk 'END { print NR }' $tmp` -eq 0 ]; then
> echo "No access points found."
> cancel
> elif [ `awk 'END { print NR }' $tmp` -gt 1 ]; then
> sed 's/\(.*\) nwid \(.*\) chan .*/\1 \2/' $tmp
> ap=0
> until egrep -q "^ *$ap\) nwid" $tmp ; do
> echo -n "number? "
> read ap
> done
> else
> ap=`awk -F\) '{ print $1 }' $tmp | sed 's/ *//'`
> fi
>
> # GET AP DATA
> bssid=`egrep '^ +'$ap')' $tmp | egrep -o '(..:){5}..' | tr "[a-f]" "[A-F]"`
> nwid=`grep -i $bssid $tmp | sed 's/.* nwid \(.*\) chan .*/\1/' | sed
> 's/"//g'`
> enc=`grep -i $bssid $tmp | awk -F, '{ print $NF }'`
>
> case $enc in
> wep)
> key=nwkey
> message="key (for HEX prefix 0x)"
> get_password
> ;;
> wpa*)
> key=wpakey
> message="passphrase"
> get_password
> ;;
> *)
> key='-wpakey -nwkey'
> password=''
> ;;
> esac
>
> # SET UP INTERFACE
> ifconfig $int nwid "$nwid" $key $password || cancel
>
> # CONNECTION ATTEMPT
> /home/$user/bin/dhcp-connect.sh $int || cancel
>
> # STORE PASSWORD
> [ "$password" != "" ] && {
> sed -i "/$bssid/d" $rec
> echo -e "$bssid\t$password" >> $rec
> }
>
> # End of wifi.sh
>
>
> ===
> #!/bin/sh
> # ~/bin/dhcp-connect.sh
> # Connect using dhcp and set hostname (OpenBSD version)
>
> [ "`whoami`" != "root" ] && { echo "You must be root"; exit 1; }
>
> # PUT YOUR NORMAL USER HERE
> user=morlock
>
> # IMPORTANT: if you don't use dhcp in your home LAN save a copy of your
> # LAN version of /etc/resolv.conf and /etc/hosts to this directory.
> backdir=/home/$user/.wifi
>
> int=$1
> [ "$int" ] || {
> echo "Usage: `basename $0` "
> exit 1
> }
>
> clean_start()
> {
> for i in `ps xw | grep dhclient | grep $int | \
> awk '{ print $1 }'`
> do
> [ $i ] && kill $i
> done
> }
> cancel()
> {
> clean_start
> [ -f $backdir/hosts ] && /home/$user/bin/reset-LAN.sh
> exit 1
> }
> reset_LAN_at_shutdown()
> {
> [ ! -e /etc/rc.shutdown ] && {
> echo "# /etc/rc.shutdown" > /etc/rc.shutdown
> chmod 600 /etc/rc.shutdown
> }
> grep -q "# Reset LAN" /etc/rc.shutdown 2>/dev/null || {
> echo >>/etc/rc.shutdown
> echo '# Reset LAN' >>/etc/rc.shutdown
> echo -n "[ -x /home/$user/bin/reset-LAN.sh 

Re: NFS daemon is very slow in server-to-client direction in TCP mode

[Steven Surdock]

I seem to be experiencing this as well, but I have no access to the client
side as it is a wireless camera.  Is there anything that can be done on the
server side?

-Steve S.

NAT66 with temporary address

[Steven Mestdagh]

I was trying to use NAT66, from some internal subnets to my IPv6
internet address, using the following line with 5.9 release.

match out on $intout inet6 from !(egress:network) to any nat-to ($intout:0)

The last part expands to the link local address of the interface, which
is the first address but not really useful for NAT.
I would like it to use the relevant temporary address set by autoconf.
Is there a way to specify this? Maybe we would need additional modifiers for it?

Error on man Tmux(1) page?

[steven]

hello,

On the tmux(1) man page in the section: *WINDOWS AND PANES*
- the part where:

*Functionvi emacs
...
...
...
*Copy selection Enter *M-w*


- that *M-w* should be a *C-w*  to copy the text?

regards
Steven

OBSD 5.8-stable httpd & Owncloud

[Steven Surdock]

Followed this guide,
https://github.com/reyk/httpd/wiki/Running-ownCloud-with-httpd-on-OpenBSD, but
seeing these errors with the Android client:

server owncloud.example.com, client 1 (1 active), 192.168.0.21:38506 ->
192.168.1.8:443, buffer event error
server owncloud.example.com, client 2 (1 active), 192.168.0.21:34287 ->
192.168.1.8:443, buffer event error
server owncloud.example.com, client 3 (3 active), 192.168.0.21:34834 ->
192.168.1.8:443, buffer event error
server owncloud.example.com, client 1 (1 active), 192.168.0.21:35046 ->
192.168.1.8:443, buffer event error

Web interface and WebDAV works fine.  Any guidance would be appreciated.

-Steve S.

Re: perl fctnl woes

[Steven McDonald]

Hi Tilo,

On Tue, 11 Aug 2015 17:11:13 +0200
Tilo Stritzky lf...@gmx.de wrote:

 Am I doing something silly here?  Or is there a bug?
 I see the same result on i386 and amd64. Same for /dev/sound.
 This works on a 5.5 release, but not on later releases or current.

I've been able to reproduce this with a simple C program on amd64
-current. I've tracked it down to the recent audio(4) subsystem rewrite,
which removed support for the FIOASYNC ioctl(2) (used internally by
fcntl(2)). However, this implies it should work on 5.6 and 5.7. I don't
have any such systems with audio devices available to test; are you
sure you're seeing the same behaviour on those releases?

Below is a diff that fixes the problem for me. I'm not sure if the
EINVAL on set is needed, as other drivers which don't support FIOASYNC
(drm(4), hotplug(4), random(4) and systrace(4)) appear to just ignore
that ioctl completely. I'm sure someone more experienced than I will
know the answer to that.

 Incidentally, are there perl bindings for the native sound interface
 sio_open(3)?

I wrote some low-level Perl bindings a few weeks ago:

  https://github.com/stevenjm/perl-Audio-Sndio

They're not on CPAN yet because they're not finished, mainly because
I'm not yet sure if writing a higher-level interface in pure Perl or
extending the XS code is a better approach. The low-level bindings are
usable as is, and probably a better option than talking to /dev/audio
directly.

Index: audio.c
===
RCS file: /cvs/src/sys/dev/audio.c,v
retrieving revision 1.138
diff -u -p -r1.138 audio.c
--- audio.c 29 Jul 2015 21:13:32 -  1.138
+++ audio.c 13 Aug 2015 10:35:08 -
@@ -1542,6 +1542,11 @@ audio_ioctl(struct audio_softc *sc, unsi
case FIONBIO:
/* All handled in the upper FS layer. */
break;
+   case FIOASYNC:
+   /* No async mode, so set is an error, unset is a noop. */
+   if (*(int *)addr)
+   error = EINVAL;
+   break;
case AUDIO_PERROR:
mtx_enter(audio_lock);
*(int *)addr = sc-play.xrun / (sc-pchan * sc-bps);

Re: SNMP on 5.7/5.8

[Steven Surdock]

Thanks Stuart.  It is also my understanding that the base snmpd suffers the 
same issue.  

http://marc.info/?l=openbsd-miscm=143143933919367w=2

I will try the debug shortly.

-Steve S.

 -Original Message-
 From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
 Stuart Henderson
 Sent: Wednesday, August 5, 2015 5:58 AM
 To: misc@openbsd.org
 Subject: Re: SNMP on 5.7/5.8
 
 On 2015-08-04, Steven Surdock ssurd...@engineered-net.com wrote:
  The broken SNMP on i386/5.7 is preventing me from upgrading.  I tried
 i386/5.8 but I'm still seeing net-snmpd crash with the following error.
 
 NET-SNMP version 5.7.3
 Error expanding HCInReceives to 64bits in ipSystemStatsTable.ipv4
 Error expanding HCInDelivers to 64bits in ipSystemStatsTable.ipv4
 Error expanding HCOutRequests to 64bits in ipSystemStatsTable.ipv4
 
 Oh, I wasn't aware of this, if a port is broken on some arch please let
 the maintainer know rather than hope they notice a report on misc@...
 
 Can you get output with debugging enabled for c64? Should be something
 like snmpd -Dc64 -f -Le
 
 Do you particularly need something from Net-SNMP or could you use snmpd
 from base instead? If it does what you need, the latter is always
 preferable.
 
  Is amd64 the new i386?
 
 yes.
 
  Would my energy be best spent migrating my default install to amd64?
 Thanks.
 
 that's up to you to decide :)

SNMP on 5.7/5.8

[Steven Surdock]

The broken SNMP on i386/5.7 is preventing me from upgrading.  I tried i386/5.8 
but I'm still seeing net-snmpd crash with the following error.

   NET-SNMP version 5.7.3
   Error expanding HCInReceives to 64bits in ipSystemStatsTable.ipv4
   Error expanding HCInDelivers to 64bits in ipSystemStatsTable.ipv4
   Error expanding HCOutRequests to 64bits in ipSystemStatsTable.ipv4

Is amd64 the new i386?  Would my energy be best spent migrating my default 
install to amd64?  Thanks.


-Steve S.

Re: Dual Booting OpenBSD vs Windows7

[Steven McDonald]

On Mon, 29 Jun 2015 16:11:20 +0330
Mohammad BadieZadegan mbzade...@gmail.com wrote:

 When I choose My OpenBSD at boot state it display me:
 *Loading.*
 *ERR M*

ERR M means that the pbr successfully loaded a file into memory, but
it wasn't a valid ELF executable. Most probably, this means that the
pbr you're using refers to the wrong inode.

You said something about a second system; did you copy openbsd.pbr
from one system to another? installboot patches the pbr with the
location of /boot, so you need to create openbsd.pbr on the same system
you're using it on.

Perl bindings for libsndio

[Steven McDonald]

Hi misc@,

I've begun working on some Perl bindings for libsndio. The reason I
started was to be able to interface with sndiod's MIDI thru boxes
directly from Perl, but I've implemented XS bindings for the complete
libsndio API:

  https://github.com/stevenjm/perl-Audio-Sndio

It's still far from finished (I've put notes in the README indicating
what I'm still planning to do), but I've been able to listen to some
music with a Perl one-liner already. I've put it up in case it's
useful/interesting to anyone else. Also, this was my first time using
XS, so feedback would be welcome.

There's some minimal POD documentation inline here:

  
https://github.com/stevenjm/perl-Audio-Sndio/blob/master/ext/lib/Audio/Sndio/Bindings.pm

Thanks,
Steven.

Re: cp from 4 different home folders without overwriting files with different content

[Steven McDonald]

On Sun, 28 Jun 2015 17:39:18 -0500
Chris Bennett chrisbenn...@bennettconstruction.us wrote:

 But I don't want to overwrite any files with same name but different
 content.

You could try GNU cp (gcp in the coreutils package) with the -n option:

   -n, --no-clobber
  do not overwrite an existing file (overrides a previous -i
  option)

Re: Lock FVWM2 with nosuid mount option

[Steven McDonald]

On Sat, 23 May 2015 05:12:58 -0400
ertetlen barmok ertetlenbar...@safe-mail.net wrote:

 There is no solution for locking an OpenBSD Desktop while using FVWM2
 and nosuid mount option enabled for all mountpoints in /etc/fstab? 

xlock is setgid auth, so you could add your user to the auth group.
Whether or not this is a good idea is another matter, and it's likely
to be a worse one than allowing binaries to run setuid.

There are going to be many other things broken on a system with nosuid
used for all mounts. Why do you want / and /usr to be mounted nosuid?
You're already implicitly trusting the OpenBSD codebase by running
OpenBSD, so what's wrong with trusting OpenBSD's setuid executables?

Re: snmp HC on i386

[Steven Surdock]

Just noticed that I'm having the same issue on 5.7/i386

NET-SNMP version 5.7.3
Error expanding HCInReceives to 64bits in ipSystemStatsTable.ipv4
Error expanding HCInDelivers to 64bits in ipSystemStatsTable.ipv4
Error expanding HCOutRequests to 64bits in ipSystemStatsTable.ipv4

-Steve S.

Re: building userland failed with Unable to remove directory /./var/tmp: Directory not empty

[Steven McDonald]

On Sat, 14 Mar 2015 12:18:13 +0100
Harald Dunkel ha...@afaics.de wrote:

 pax: Unable to remove directory /./var/tmp: Directory not empty ***

/var/tmp was replaced with a symlink to /tmp between 5.6 and 5.7.
Compiling from source isn't a supported way to upgrade from one to the
other; this is well documented in the FAQ:

  http://www.openbsd.org/faq/faq5.html#BldBinary

Re: OpenBSD as base OS for Virtualization

[Steven McDonald]

On Sat, 14 Mar 2015 13:44:47 +0200
Ruslanas Gžibovskis rusla...@lpic.lt wrote:

 So question is:
 What Virtualization solutions OpenBSD support?

Anything that runs as a userspace process in non-accelerated mode and
has been ported to OpenBSD (QEMU, for example). There is no support for
Xen, nor hardware acceleration (VT-x or AMD-V).

 I know about jails 100% are available on OpenBSD.

Jails aren't available on OpenBSD. There is chroot; whether or not that
is sufficient for your needs depends on your goal.

 Maybe VirtualBox,  is it native support?
 Maybe bhyve? I know it's quite new, but it sounds cool. :)

VirtualBox might work; if by native support you mean using hardware
virtualisation, then no. bhyve is a FreeBSD (not OpenBSD) project.

 I am searching for something like Solaris Containers.

 My requirements, are to support WiFi host or forward my PCIexpress 1
 so VM. VM - be able to run Debian.

This seems to be contradictory. If you want to use OpenBSD to run a
completely different OS as a guest, you want something quite different
from Solaris Containers.

You should consider what you're trying to accomplish and then figure
out which tools serve that job best, rather than starting with the
notion of using virtualisation and trying to fit that to your goal.

 Sorry for bad English,

No problem, it wasn't all that bad. :)

Re: Broadcom NIC issues

[Steven McDonald]

On Fri, 13 Mar 2015 15:48:02 +
Miguel Barbosa Gonçalves m...@mbg.pt wrote:

 I recently installed OpenBSD 5.6 on an amd64 platform. Everything went
 smoothly. After installation, at the first boot, OpenBSD updated the
 firmware of some devices. I found this strange...

OpenBSD runs fw_update(8) on first boot. fw_update simply downloads
firmware packages and installs firmware onto the filesystem (not
directly into the devices that use it) for drivers that need to load it
at runtime. Linux has a similar firmware-loading mechanism, but it
typically ships the firmware embedded in the kernel.

 I had to reinstall this machine with CentOS and now the NIC does not
 work.

Did the machine work with CentOS previously? It seems extremely
unlikely that fw_update would be able to break Linux's use of the
hardware, since that firmware is loaded on every boot by the relevant
driver in both operating systems.

 I reinstalled OpenBSD again and it works. I tried to reflash the NIC's
 firmware and the installer does not recognize the NIC. At the moment,
 the machine only works with OpenBSD...

Some details as to specifically what you did and what failed, as well as
a dmesg, would be useful here. All I can say with the information given
is that, if your Broadcom NIC requires non-free firmware to be loaded by
the driver, the OpenBSD installer would not be able to use it because
it does not include non-free firmware.

If fw_update was able to run on first boot, though, it sounds like your
NIC is usable without firmware. Again, a dmesg would help (I'm not even
sure which of the three Broadcom NIC drivers in OpenBSD you're using).

Re: KVM Switching and CPU and Fan Speed

[W. Steven Schneider]

On Mar 11, 2015 5:58 PM, Jason Adams adams...@gmail.com wrote:

 On 03/10/2015 08:15 PM, W. Steven Schneider wrote:
 
 
  It appears that the privilege separated Xorg is demanding a high
percentage of CPU. I had Xorg
  niced to -10 buy bringing it's back to
 

 Also,
 According to ftp://www.x.org/pub/X11R6.8.2/doc/RELNOTES4.html
 there should/might be a optional setting in xorg.conf to disable ddc
(noddc) to prevent xorg from
 trying to pull video resolutions from the monitor.

Using Option NoDDC just gets me a Option NoDDC is not used message by
the radeon driver and CPU usage still goes way up.

Re: KVM Switching and CPU and Fan Speed

[W. Steven Schneider]

On Mar 13, 2015 1:02 AM, Aaron Fineman aa...@fineman.me wrote:

 This is likely the issue I ran into, and banged out with Matthieu Herrb.
 I didn't notice this in 5.6, I'm not sure what caused it in 5.7, but the
 thread is here: http://marc.info/?t=14240429644r=1w=2

Thanks.

 Switching to a text-mode console before toggling the KVM will avoid the
 issue. Flipping back and forth will return the CPU usage to normal.

I'll just keep switching to an empty desktop or text console for now until
things change.

Re: KVM Switching and CPU and Fan Speed

[W. Steven Schneider]

Meant to reply to the list. Below is the contents of my reply, spelling
mistakes and all.
On Mar 10, 2015 6:15 PM, Jason Adams adams...@gmail.com wrote:

 On 03/08/2015 09:38 PM, Steven wrote:
  I've got a set up between two towers where I use a KVM (KVMS?)
  switch between them. The one running OpenBSD (snaphots and recent as
  of this morning) seems step up it's CPU speed when I'm switched out
  to the other computer. I'm wondering if I'm the only one seeing this.

 Can you ssh into the machine and then switch the KVMS away from it and see
 what top
 says is chewing up CPU cycles?

 Also, what about plugging in another keyboard?  I had one old linux
 server, that had similar
 issues some years ago, and simply plugging in another cheap keyboard, and
 dropping it behind the
 table (never using it) allowed the switch (and the keyboard attached to
 it) to work without issue.


 --
 Those who do not understand Unix are condemned to reinvent it, poorly.

Re: KVM Switching and CPU and Fan Speed

[W. Steven Schneider]

Damn it, I hate using my phone for this!

On Mar 10, 2015 6:15 PM, Jason Adams adams...@gmail.com wrote:

 On 03/08/2015 09:38 PM, Steven wrote:
  I've got a set up between two towers where I use a KVM (KVMS?)
  switch between them. The one running OpenBSD (snaphots and recent as
  of this morning) seems step up it's CPU speed when I'm switched out
  to the other computer. I'm wondering if I'm the only one seeing this.

 Can you ssh into the machine and then switch the KVMS away from it and
see what top
 says is chewing up CPU cycles?

It appears that the privilege separated Xorg is demanding a high percentage
of CPU. I had Xorg niced to -10 buy bringing it's back to a nice of 0
didn't change the behavior.
 Also, what about plugging in another keyboard?  I had one old linux
server, that had similar
 issues some years ago, and simply plugging in another cheap keyboard, and
dropping it behind the
 table (never using it) allowed the switch (and the keyboard attached to
it) to work without issue.

I might yet try that as a workaround if no solution comes to mind or is
forthcoming. :-)

KVM Switching and CPU and Fan Speed

[Steven]

/7.04 addr 3
uhidev1: iclass 3/1, 26 report ids
uhid0 at uhidev1 reportid 18: input=0, output=0, feature=1
uhid1 at uhidev1 reportid 23: input=0, output=0, feature=1
ums0 at uhidev1 reportid 26: 5 buttons, Z dir
wsmouse0 at ums0 mux 0
uhidev2 at uhub8 port 2 configuration 1 interface 2 Microsoft Microsoft\M-. Nano 
Transceiver v1.0 rev 2.00/7.04 addr 3
uhidev2: iclass 3/0, 8 report ids
uhid2 at uhidev2 reportid 3: input=1, output=0, feature=0
uhid3 at uhidev2 reportid 4: input=1, output=0, feature=0
uhid4 at uhidev2 reportid 7: input=7, output=0, feature=0
uhid5 at uhidev2 reportid 8: input=1, output=0, feature=0
uhidev3 at uhub8 port 3 configuration 1 interface 0 Logitech USB Receiver rev 
2.00/24.00 addr 4
uhidev3: iclass 3/1
ukbd1 at uhidev3: 8 variable keys, 6 key codes
wskbd1 at ukbd1 mux 1
uhidev4 at uhub8 port 3 configuration 1 interface 1 Logitech USB Receiver rev 
2.00/24.00 addr 4
uhidev4: iclass 3/1, 8 report ids
ums1 at uhidev4 reportid 2: 16 buttons, Z dir
wsmouse1 at ums1 mux 0
uhid6 at uhidev4 reportid 3: input=4, output=0, feature=0
uhid7 at uhidev4 reportid 4: input=1, output=0, feature=0
uhid8 at uhidev4 reportid 8: input=1, output=0, feature=0
uhidev5 at uhub8 port 3 configuration 1 interface 2 Logitech USB Receiver rev 
2.00/24.00 addr 4
uhidev5: iclass 3/0, 33 report ids
uhid9 at uhidev5 reportid 16: input=6, output=6, feature=0
uhid10 at uhidev5 reportid 17: input=19, output=19, feature=0
uhid11 at uhidev5 reportid 32: input=14, output=14, feature=0
uhid12 at uhidev5 reportid 33: input=31, output=31, feature=0
uhidev6 at uhub8 port 3 configuration 1 interface 3 Logitech USB Receiver rev 
2.00/24.00 addr 4
uhidev6: iclass 3/1
ums2 at uhidev6: 5 buttons, Z dir
wsmouse2 at ums2 mux 0
vscsi0 at root
scsibus3 at vscsi0: 256 targets
softraid0 at root
scsibus4 at softraid0: 256 targets
root on sd0a (2a56822a8bdd2ee6.a) swap on sd0b dump on sd0b
radeondrm0: 1280x1024
wsdisplay0 at radeondrm0 mux 1: console (std, vt100 emulation), using wskbd0
wskbd1: connecting to wsdisplay0
wsdisplay0: screen 1-5 added (std, vt100 emulation)



--
W. Steven Schneider  w.steven.schnei...@ualberta.net

goals.html: Clarify GPL policy

[Steven McDonald]

goals.html disagrees with policy.html as to the policy regarding
inclusion of GPL code. Since that part of policy.html was updated more
recently (2014 vs. 2003), here's a diff that makes goals.html more
agreeable:

Index: goals.html
===
RCS file: /cvs/www/goals.html,v
retrieving revision 1.80
diff -u -p -r1.80 goals.html
--- goals.html  2 Nov 2014 23:56:57 -   1.80
+++ goals.html  22 Feb 2015 07:54:25 -
@@ -30,8 +30,8 @@ and priorities, but it is possible to cl
 a href=http://cvsweb.openbsd.org/cgi-bin/cvsweb;directly on the web!/a
 p
 liIntegrate good code from any source with a href=policy.htmlacceptable
-copyright (ISC or Berkeley style preferred, GPL acceptable as a last
-recourse but not in the kernel, NDA never acceptable)/a.
+copyright (ISC or Berkeley style preferred, GPL not acceptable for new
+code, NDA never acceptable)/a.
 We want to make available source code that anyone can use for ANY
 PURPOSE, with no restrictions.
 strongWe strive to make our software robust and secure, and
 encourage

pfsync(4) typo (sychronisation)

[Steven McDonald]

Spotted a missing n in pfsync(4):

Index: share/man/man4/pfsync.4
===
RCS file: /cvs/src/share/man/man4/pfsync.4,v
retrieving revision 1.31
diff -u -p -r1.31 pfsync.4
--- share/man/man4/pfsync.4 29 Apr 2010 08:45:44 -
1.31 +++ share/man/man4/pfsync.41 Feb 2015 07:07:49 -
@@ -29,7 +29,7 @@
 .Os
 .Sh NAME
 .Nm pfsync
-.Nd packet filter state table sychronisation interface
+.Nd packet filter state table synchronisation interface
 .Sh SYNOPSIS
 .Cd pseudo-device pfsync
 .Sh DESCRIPTION

usmb/FUSE on 5.6

[Steven Surdock]

Using the package usmb to mount a share from a Windows 2008R2 server does not 
seem reliable.  FUSE/usmb dismounts the share after a while (less than 24 
hours) with the following error:

Dec 30 01:30:07 fileshare /bsd: fuse: device close without umount

Usmb is not typically running afterwards.  Anyone tried using usmb or have any 
suggested next steps for troubleshooting?

-Steve S.

Re: sensorsd, upd, and state changes

[Steven Surdock]

I have two different APC units...

uhidev0 at uhub1 port 1 configuration 1 interface 0 American Power Conversion 
Smart-UPS 1500 FW:601.3.D USB FW:1.3 rev 1.10/0.06 addr 2
uhidev0: iclass 3/0, 54 report ids
upd0 at uhidev0
$ sysctl | grep upd
hw.sensors.upd0.indicator0=Off (Charging), OK
hw.sensors.upd0.indicator1=Off (Discharging), OK
hw.sensors.upd0.indicator2=On (ACPresent), OK
hw.sensors.upd0.indicator3=On (BatteryPresent), OK
hw.sensors.upd0.indicator4=Off (ShutdownImminent), OK
hw.sensors.upd0.percent0=100.00% (FullChargeCapacity), OK
hw.sensors.upd0.percent1=100.00% (RemainingCapacity), OK

uhidev0 at uhub7 port 2 configuration 1 interface 0 APC Back-UPS ES 550G 
FW:904.W1 .D USB FW:W1 rev 1.10/1.06 addr 2
uhidev0: iclass 3/0, 123 report ids
upd0 at uhidev0
$ sysctl | grep upd
hw.sensors.upd0.indicator0=Off (Charging), OK
hw.sensors.upd0.indicator1=Off (Discharging), OK
hw.sensors.upd0.indicator2=On (ACPresent), OK
hw.sensors.upd0.indicator3=On (BatteryPresent), OK
hw.sensors.upd0.indicator4=Off (ShutdownImminent), OK
hw.sensors.upd0.percent0=100.00% (RemainingCapacity), OK
hw.sensors.upd0.percent1=100.00% (FullChargeCapacity), OK


 -Original Message-
 From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of
 David Higgs
 Sent: Friday, November 28, 2014 9:43 AM
 To: misc@openbsd.org
 Subject: Re: sensorsd, upd, and state changes
 
 Do you mind saying what type of USB you have, and what these sensors map
 are for your hardware?
 
 I have:
 uhidev0 at uhub1 port 2 configuration 1 interface 0 American Power
 Conversion Back-UPS ES 750 FW:841.I3 .D USB FW:I3 rev 1.10/1.01 addr
 2
 uhidev0: iclass 3/0, 146 report ids
 upd0 at uhidev0
 
 Which only appears to provide:
 hw.sensors.upd0.indicator3=Off (ShutdownImminent), OK

upd0 detached - can I reset USB

[Steven Surdock]

It appears that my UPS has detached.  Is there a programmatic way to reset a 
USB port?  I'm confident if I unplug the UPS and plug it back in it will 
reattach, but I don't have physical access to the server.  I'd prefer not to 
reboot either.  Thanks.

  FROM DMESG
uhidev0 at uhub1 port 1 configuration 1 interface 0 American Power Conversion 
Smart-UPS 1500 FW:601.3.D USB FW:1.3 rev 1.10/0.06 addr 2
uhidev0: iclass 3/0, 54 report ids
upd0 at uhidev0
  FROM /var/log/messages
Nov 23 15:54:29 builder02 /bsd: upd0 detached
Nov 23 15:54:29 builder02 /bsd: uhidev0 detached

-Steve S.

Re: *ERROR* radeon_cp: Failed to load firmware radeon-r300_cp

[Steven McDonald]

On Fri, 21 Nov 2014 06:30:16 +0100
John Smith hufflep...@bsdmail.com wrote:

 Is there anyway I can prevent this seemingly harmless error? I don't
 use X and didn't select the X packages during the installation
 process.

You can probably do it by disabling the drm and/or radeondrm driver with
config(8):

  http://www.openbsd.org/faq/faq5.html#config

I've not had cause to use config(8) in this way myself, so YMMV.

apcupsd via USB on 5.6

[Steven Surdock]

I just upgrade from 5.5 to 5.6 on i386 and apcupsd won't recognize my UPS 
plugged into a USB port.  On 5.5 the UPS was attached to ugen0 but on 5.6 it 
say uhidev0.  Apcupsd mentions that the uhidev0 device type won't work.  I see 
that I can get some info from sensord (which is cool).  Any suggestions for 
getting the UPS working with apcupds?

Oct 22 16:16:42 builder02 /bsd: ugen0 at uhub1 port 1 American Power 
Conversion Smart-UPS 1500 FW:601.3.D USB FW:1.3 rev 1.10/0.06 addr 2

Nov 20 08:54:27 builder02 /bsd: uhidev0 at uhub1 port 1 configuration 1 
interface 0 American Power Conversion Smart-UPS 1500 FW:601.3.D USB FW:1.3 
rev 1.10/0.06 addr 2

-Steve S.

devtree: A utility for printing device trees

[Steven McDonald]

Hi misc,

I've written a small utility for pretty-printing a tree of system
devices based on dmesg(8) output. It's nothing fancy, but my apropos(1)
and web searches didn't bring up anything to do the job. I thought it
might be of interest to other newcomers to OpenBSD like myself who are
exploring how the system fits together, so I've put it up on the web:

  http://www.sjm.so/projects/openbsd_devtree.shtml

It also has the potential to provide an easy way to diff the hardware
in two different systems, or on the same system running two different
OpenBSD versions, since it sorts nodes alphabetically when printing
them.

I'm not sure if it'd be worth making a port for it, given that it's a
single Perl file + man page, but if there's enough interest I'd be
happy to try my hand at that.

Re: rrdtool troubles after 5.4-5.5 upgrade

[Steven Surdock]

Cacti magically started showing the recent data, even though 'rrdtool dump' 
shows dates that are quite wrong.  I'm wondering nfsen breaking is related...

-Steve S.

-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of 
Steven Surdock
Sent: Thursday, October 9, 2014 2:41 PM
To: misc@openbsd.org
Subject: rrdtool troubles after 5.4-5.5 upgrade

As required for the upgrade I exported all my rrd's and they appear correct, 
but when I performed a 'restore' on the upgraded 5.5 system the dates appeared 
to become advanced by 136 years.

These are for Cacti and interestingly, cacti shows graphs for the old data, but 
not for data collected after the upgrade.  The rrd's are being updated, but 
with a recent date.


--5.4 EXPORTED RRD-
!-- Round Robin Archives --   rra
cf AVERAGE /cf
pdp_per_row 1 /pdp_per_row !-- 300 seconds --

params
xff 5.00e-01 /xff
/params
cdp_prep
ds
primary_value 6.0147896722e+02 /primary_value
secondary_value NaN /secondary_value
value NaN /value
unknown_datapoints 0 /unknown_datapoints
/ds
ds
primary_value 2.1042432308e+02 /primary_value
secondary_value NaN /secondary_value
value NaN /value
unknown_datapoints 0 /unknown_datapoints
/ds
/cdp_prep
database
!-- 2014-10-07 06:50:00 EDT / 1412679000 -- rowv 
1.6942546263e+02 /vv 1.0782825095e+02 /v/row
!-- 2014-10-07 06:55:00 EDT / 1412679300 -- rowv 
1.3230701552e+02 /vv 8.5905507986e+01 /v/row
!-- 2014-10-07 07:00:00 EDT / 1412679600 -- rowv 
1.5090053841e+03 /vv 5.1040593693e+02 /v/row
!-- 2014-10-07 07:05:00 EDT / 1412679900 -- rowv 
4.3326648631e+02 /vv 1.7794450478e+02 /v/row
!-- 2014-10-07 07:10:00 EDT / 1412680200 -- rowv 
5.0533918152e+01 /vv 6.0539432673e+01 /v/row
!-- 2014-10-07 07:15:00 EDT / 1412680500 -- rowv 
6.0977588814e+01 /vv 6.1744402908e+01 /v/row
!-- 2014-10-07 07:20:00 EDT / 1412680800 -- rowv 
5.0497766741e+01 /vv 8.6521608203e+01 /v/row
!-- 2014-10-07 07:25:00 EDT / 1412681100 -- rowv 
5.586560e+01 /vv 6.660450e+01 /v/row
!-- 2014-10-07 07:30:00 EDT / 1412681400 -- rowv 
4.1272303359e+01 /vv 5.2785814360e+01 /v/row

--5.5 RESTORED then EXPORTED RRD-
!-- Round Robin Archives --
rra
cfAVERAGE/cf
pdp_per_row1/pdp_per_row !-- 300 seconds --

params
xff5.00e-01/xff
/params
cdp_prep
ds
primary_value6.0147896722e+02/primary_value
secondary_valueNaN/secondary_value
valueNaN/value
unknown_datapoints0/unknown_datapoints
/ds
ds
primary_value2.1042432308e+02/primary_value
secondary_valueNaN/secondary_value
valueNaN/value
unknown_datapoints0/unknown_datapoints
/ds
/cdp_prep
database
!-- 2150-11-13 12:18:16 EST / 5707646296 -- 
rowv1.6942546263e+02/vv1.0782825095e+02/v/row
!-- 2150-11-13 12:23:16 EST / 5707646596 -- 
rowv1.3230701552e+02/vv8.5905507986e+01/v/row
!-- 2150-11-13 12:28:16 EST / 5707646896 -- 
rowv1.5090053841e+03/vv5.1040593693e+02/v/row
!-- 2150-11-13 12:33:16 EST / 5707647196 -- 
rowv4.3326648631e+02/vv1.7794450478e+02/v/row
!-- 2150-11-13 12:38:16 EST / 5707647496 -- 
rowv5.0533918152e+01/vv6.0539432673e+01/v/row
!-- 2150-11-13 12:43:16 EST / 5707647796 -- 
rowv6.0977588814e+01/vv6.1744402908e+01/v/row
!-- 2150-11-13 12:48:16 EST / 5707648096 -- 
rowv5.0497766741e+01/vv8.6521608203e+01/v/row
!-- 2150-11-13 12:53:16 EST / 5707648396 -- 
rowv5.586560e+01/vv6.660450e+01/v/row


-Steve S.

nfsen on 5.5

[Steven Surdock]

Anybody successfully using nfsen?

It was working on 5.4 (except for the portTracker plugin) and now under 5.5
the rrd's are not being updated.  I uninstalled and re-initialized and still
no luck.

-Steve S.

Re: nfsen on 5.5

[Steven Surdock]

 -Original Message-
 From: Josh Grosse [mailto:j...@jggimi.homeip.net]
 Sent: Friday, October 10, 2014 1:16 PM
 To: Steven Surdock
 Cc: misc@openbsd.org
 Subject: Re: nfsen on 5.5
 
 On Fri, Oct 10, 2014 at 04:52:18PM +, Steven Surdock wrote:
  Anybody successfully using nfsen?
 
  It was working on 5.4 (except for the portTracker plugin) and now
  under 5.5 the rrd's are not being updated.  I uninstalled and
  re-initialized and still no luck.
 
  -Steve S.
 
 I've been using it since before 5.5, and it works fine for me.  Two
 considerations:
 
 If your webserver is chrooted, rrdtool must be included in the chroot, per
 /usr/local/share/doc/pkg-readmes/rrdtool-*. The rrdtool-chroot script
 makes this easy.
 
 Your pflow(4) device must use a version of netflow protocol compatible
 with nfcapd, which are versions 1,5,7, and 9.  The pflow driver supports
 protocol versions 5 and 10.  Use 5, which is the default.

Not chrooted.  Flow records are being updated and stored correctly. The RRD and 
associated PNGs aren't being updated.  I can still use the rrd generated images 
to look at flows.  I've never gotten PortTracker working as it says it segfault 
in the log.

Re: nfsen on 5.5

[Steven Surdock]

 -Original Message-
 From: Stan Gammons [mailto:sg063...@gmail.com]
 
 On Oct 10, 2014 12:48 PM, Steven Surdock ssurd...@engineered-net.com
 wrote:
 
   -Original Message-
   From: Josh Grosse [mailto:j...@jggimi.homeip.net]
  
   On Fri, Oct 10, 2014 at 04:52:18PM +, Steven Surdock wrote:
Anybody successfully using nfsen?
   
It was working on 5.4 (except for the portTracker plugin) and now
under 5.5 the rrd's are not being updated.  I uninstalled and
re-initialized and still no luck.
   
-Steve S.
   
   I've been using it since before 5.5, and it works fine for me.  Two
   considerations:
  
   If your webserver is chrooted, rrdtool must be included in the chroot,
 per
   /usr/local/share/doc/pkg-readmes/rrdtool-*. The rrdtool-chroot script
   makes this easy.
  
   Your pflow(4) device must use a version of netflow protocol compatible
   with nfcapd, which are versions 1,5,7, and 9.  The pflow driver
 supports
   protocol versions 5 and 10.  Use 5, which is the default.
 
  Not chrooted.  Flow records are being updated and stored correctly. The
 RRD and associated PNGs aren't being updated.  I can still use the rrd
 generated images to look at flows.  I've never gotten PortTracker working
 as it says it segfault in the log.
 
 Does syslog have a message saying unable to create graph: no such file or
 directory?  That's what is happening for me on the Oct 3 snapshot of
 OpenBSD 5.6  I figured it was operator malfunction :)

I have only one source (OBSD 5.5).  'messages' shows only information shorty 
after starting nfsen.  I can't gracefully stop nfsen as it just hangs when I 
try to do so.

/var/log/daemon:
Oct 10 15:00:12 builder02 nfcapd[27716]: Ident: 'wall' Flows: 1966, Packets: 
14157, Bytes: 8823380, Sequence Errors: 0, Bad Packets: 0
Oct 10 15:00:12 builder02 nfcapd[27716]: Total ignored packets: 0
Oct 10 15:05:11 builder02 nfcapd[27716]: Ident: 'wall' Flows: 2540, Packets: 
6518, Bytes: 1422175, Sequence Errors: 0, Bad Packets: 0
Oct 10 15:05:11 builder02 nfcapd[27716]: Total ignored packets: 0

/var/log/messages:
Oct 10 11:19:57 builder02 nfsen[20794]: Behind schedule
Oct 10 11:19:57 builder02 nfsen[20794]: expected exit of child Comm 
Server[1931]. Process died.
Oct 10 11:20:10 builder02 nfsen[8882]: Error reading channel stat information. 
Missing key 'first'

Re: [BULK] Re: nfsen on 5.5

[Steven Surdock]

 -Original Message-
 From: Josh Grosse [mailto:j...@jggimi.homeip.net]
 
 On Fri, Oct 10, 2014 at 05:46:40PM +, Steven Surdock wrote:
 
  Not chrooted.  Flow records are being updated and stored correctly.
  The RRD and associated PNGs aren't being updated.  I can still use the
  rrd generated images to look at flows.  I've never gotten PortTracker
  working as it says it segfault in the log.
 
 I've never used PortTracker, as I do not have sufficient capacity on the
 nfsen collector.  It is described as experimental, also.
 
 I am running a very simple configuration, collecting flows from two
 firewalls.  The webserver is chrooted nginx, so my database is inside
 /var/www with a symbolic link in /var/db, as directed by the nfsen pkg-
 readme.
 
 Here's my nfsen.conf, with comments removed
 
 
 $BASEDIR = /usr/local;
 $BINDIR=${BASEDIR}/bin;
 $LIBEXECDIR=${BASEDIR}/libdata/perl5/site_perl/NfSen;
 $CONFDIR=/etc;
 $HTMLDIR= /var/www/htdocs/nfsen;
 $DOCDIR=${BASEDIR}/share/doc/nfsen;
 $VARDIR=/var/db/nfsen;
 $PROFILESTATDIR=${VARDIR}/profiles-stat;
 $PROFILEDATADIR=${VARDIR}/profiles-data;
 $BACKEND_PLUGINDIR=${BASEDIR}/lib/nfsen/plugins;
 $FRONTEND_PLUGINDIR=${HTMLDIR}/plugins;
 $PREFIX  = '/usr/local/bin';
 $USER= _nfcapd;
 $WWWUSER  = www;
 $WWWGROUP = www;
 $BUFFLEN = 20;
 $SUBDIRLAYOUT = 1;
 $ZIPcollected  = 1;
 $ZIPprofiles   = 1;
 $PROFILERS = 2;
 $DISKLIMIT = 98;
 $PROFILERS = 6;
 %sources = (
 
 );
 $low_water = 90;
 $syslog_facility = 'local3';
 @plugins = (
 );
 %PluginConf = (
   demoplugin = {
   param2 = 42,
   param1 = { 'key' = 'value' },
   },
   otherplugin = [
   'mary had a little lamb'
   ],
 );
 $MAIL_FROM   = 'nf...@jggimi.homeip.net';
 $SMTP_SERVER = 'localhost';
 $MAIL_BODY = q{
 Alert '@alert@' triggered at timeslot @timeslot@ }; 1;

Mine is nearly identical...

$BASEDIR = /usr/local;
$BINDIR=${BASEDIR}/bin;
$LIBEXECDIR=${BASEDIR}/libdata/perl5/site_perl/NfSen;
$CONFDIR=/etc;
$HTMLDIR= /var/www/htdocs/nfsen;
$DOCDIR=${BASEDIR}/share/doc/nfsen;
$VARDIR=/var/db/nfsen;
$PROFILESTATDIR=${VARDIR}/profiles-stat;
$PROFILEDATADIR=${VARDIR}/profiles-data;
$BACKEND_PLUGINDIR=${BASEDIR}/lib/nfsen/plugins;
$FRONTEND_PLUGINDIR=${HTMLDIR}/plugins;
$PREFIX  = '/usr/local/bin';
$USER= _nfcapd;
$WWWUSER  = www;
$WWWGROUP = www;
$BUFFLEN = 20;
$SUBDIRLAYOUT = 1;
$ZIPcollected= 1;
$ZIPprofiles = 1;
$PROFILERS = 2;
$DISKLIMIT = 95;
$PROFILERS = 6;
%sources = (
);
$low_water = 90;
$syslog_facility = 'local3';
@plugins = (
);
%PluginConf = (
);
$MAIL_FROM   = 'ssud...@engineered-net.com';
$SMTP_SERVER = 'localhost';
$MAIL_BODY   = q{
Alert '@alert@' triggered at timeslot @timeslot@
};
1;

Re: [BULK] Re: nfsen on 5.5

[Steven Surdock]

 -Original Message-
 From: Stan Gammons [mailto:sg063...@gmail.com]
 
...
  %sources = (
  );
  $low_water = 90;
  $syslog_facility = 'local3';
  @plugins = (
  );
  %PluginConf = (
  );
  $MAIL_FROM   = 'ssud...@engineered-net.com';
  $SMTP_SERVER = 'localhost';
  $MAIL_BODY       = q{
  Alert '@alert@' triggered at timeslot @timeslot@
  };
  1;
 
 I see you don't have anything in %sources (   );   My /etc/nfsen.conf has
 the default entries.  Maybe that's part of my problem.

That was bad grepping on my part.  wall is my firewall from which I am 
exporting flows...

%sources = (
'wall'= { 'port' = '9995', 'col' = '#ff', 'type' = 'netflow' },
#'upstream1'= { 'port' = '9995', 'col' = '#ff', 'type' = 
'netflow' },
#'peer1'= { 'port' = '9996', 'IP' = '172.16.17.18' },
#'peer2'= { 'port' = '9996', 'IP' = '172.16.17.19' },
);

Re: nfsen on 5.5

[Steven Surdock]

 -Original Message-
 From: Stan Gammons [mailto:sg063...@gmail.com]
 
 On Oct 10, 2014 12:48 PM, Steven Surdock ssurd...@engineered-net.com
 wrote:
 
   -Original Message-
   From: Josh Grosse [mailto:j...@jggimi.homeip.net]
  
   On Fri, Oct 10, 2014 at 04:52:18PM +, Steven Surdock wrote:
Anybody successfully using nfsen?
   
It was working on 5.4 (except for the portTracker plugin) and now
under 5.5 the rrd's are not being updated.  I uninstalled and
re-initialized and still no luck.
   
-Steve S.
   
   I've been using it since before 5.5, and it works fine for me.  Two
   considerations:
  
   If your webserver is chrooted, rrdtool must be included in the chroot,
 per
   /usr/local/share/doc/pkg-readmes/rrdtool-*. The rrdtool-chroot script
   makes this easy.
  
   Your pflow(4) device must use a version of netflow protocol compatible
   with nfcapd, which are versions 1,5,7, and 9.  The pflow driver
 supports
   protocol versions 5 and 10.  Use 5, which is the default.
 
  Not chrooted.  Flow records are being updated and stored correctly. The
 RRD and associated PNGs aren't being updated.  I can still use the rrd
 generated images to look at flows.  I've never gotten PortTracker working
 as it says it segfault in the log.
 
 Does syslog have a message saying unable to create graph: no such file or
 directory?  That's what is happening for me on the Oct 3 snapshot of
 OpenBSD 5.6  I figured it was operator malfunction :)

I may have pooched myself.  I upgraded from a -stable build system that I use 
and it appears that that system is a little lost.  In comparing -stable ports I 
noticed it was running php-5.4.32. Since the latest php for 5.5 is 5.4.30 I 
suspect my build system got out of sync.  I re-installed 5.5 release on my 
system with 5.5 release packages and nfsen seems to be working.  Thanks for the 
insight and guidance.

Re: nfsen on 5.5

[Steven Surdock]

 -Original Message-
 From: Stan Gammons [mailto:sg063...@gmail.com]
 
... 
 Glad you got it going.
 
 I got rid of the unable to create graph messages, but I still have a
 couple of problems I haven't figured out. One being getting php to work
 with nginx?  Does one need to use php-fpm?

I am still using the native Apache/httpd.  It is my understanding that you do 
need to use php-fpm with nginx.

CVS confusion

[Steven Surdock]

I'm trying to follow -stable ports, but CVSWEB appears inconsistent.

If I look at ports/lang/php/5.4 for OPENBSD_5_5 
(http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/lang/php/5.4/?only_with_tag=OPENBSD_5_5)
 it shows the following:

Makefile   1.16.2.1   4 months   jasper   security   update to php-5.4.28 ok 
sthen@

If look at the Makefile 
(http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/lang/php/5.4/Makefile?only_with_tag=OPENBSD_5_5)
 it shows a Revision of 1.16.2.3 and the last note says security update to 
5.4.30; ok jasper@).

If I look at Rev. 1.16.2.1 (from the first page above), it shows version 5.4.28

If I grab a copy via CVS, I get 5.4.32.
$ cvs -qd anon...@anoncvs.ca.openbsd.org:/cvs get -rOPENBSD_5_5 -P 
ports/lang/php/5.4

Which is the correct php 5.4 for OpenBSD 5.5-stable?

-Steve S.

rrdtool troubles after 5.4-5.5 upgrade

[Steven Surdock]

As required for the upgrade I exported all my rrd's and they appear correct, 
but when I performed a 'restore' on the upgraded 5.5 system the dates appeared 
to become advanced by 136 years.

These are for Cacti and interestingly, cacti shows graphs for the old data, but 
not for data collected after the upgrade.  The rrd's are being updated, but 
with a recent date.


--5.4 EXPORTED RRD-
!-- Round Robin Archives --   rra
cf AVERAGE /cf
pdp_per_row 1 /pdp_per_row !-- 300 seconds --

params
xff 5.00e-01 /xff
/params
cdp_prep
ds
primary_value 6.0147896722e+02 /primary_value
secondary_value NaN /secondary_value
value NaN /value
unknown_datapoints 0 /unknown_datapoints
/ds
ds
primary_value 2.1042432308e+02 /primary_value
secondary_value NaN /secondary_value
value NaN /value
unknown_datapoints 0 /unknown_datapoints
/ds
/cdp_prep
database
!-- 2014-10-07 06:50:00 EDT / 1412679000 -- rowv 
1.6942546263e+02 /vv 1.0782825095e+02 /v/row
!-- 2014-10-07 06:55:00 EDT / 1412679300 -- rowv 
1.3230701552e+02 /vv 8.5905507986e+01 /v/row
!-- 2014-10-07 07:00:00 EDT / 1412679600 -- rowv 
1.5090053841e+03 /vv 5.1040593693e+02 /v/row
!-- 2014-10-07 07:05:00 EDT / 1412679900 -- rowv 
4.3326648631e+02 /vv 1.7794450478e+02 /v/row
!-- 2014-10-07 07:10:00 EDT / 1412680200 -- rowv 
5.0533918152e+01 /vv 6.0539432673e+01 /v/row
!-- 2014-10-07 07:15:00 EDT / 1412680500 -- rowv 
6.0977588814e+01 /vv 6.1744402908e+01 /v/row
!-- 2014-10-07 07:20:00 EDT / 1412680800 -- rowv 
5.0497766741e+01 /vv 8.6521608203e+01 /v/row
!-- 2014-10-07 07:25:00 EDT / 1412681100 -- rowv 
5.586560e+01 /vv 6.660450e+01 /v/row
!-- 2014-10-07 07:30:00 EDT / 1412681400 -- rowv 
4.1272303359e+01 /vv 5.2785814360e+01 /v/row

--5.5 RESTORED then EXPORTED RRD-
!-- Round Robin Archives --
rra
cfAVERAGE/cf
pdp_per_row1/pdp_per_row !-- 300 seconds --

params
xff5.00e-01/xff
/params
cdp_prep
ds
primary_value6.0147896722e+02/primary_value
secondary_valueNaN/secondary_value
valueNaN/value
unknown_datapoints0/unknown_datapoints
/ds
ds
primary_value2.1042432308e+02/primary_value
secondary_valueNaN/secondary_value
valueNaN/value
unknown_datapoints0/unknown_datapoints
/ds
/cdp_prep
database
!-- 2150-11-13 12:18:16 EST / 5707646296 -- 
rowv1.6942546263e+02/vv1.0782825095e+02/v/row
!-- 2150-11-13 12:23:16 EST / 5707646596 -- 
rowv1.3230701552e+02/vv8.5905507986e+01/v/row
!-- 2150-11-13 12:28:16 EST / 5707646896 -- 
rowv1.5090053841e+03/vv5.1040593693e+02/v/row
!-- 2150-11-13 12:33:16 EST / 5707647196 -- 
rowv4.3326648631e+02/vv1.7794450478e+02/v/row
!-- 2150-11-13 12:38:16 EST / 5707647496 -- 
rowv5.0533918152e+01/vv6.0539432673e+01/v/row
!-- 2150-11-13 12:43:16 EST / 5707647796 -- 
rowv6.0977588814e+01/vv6.1744402908e+01/v/row
!-- 2150-11-13 12:48:16 EST / 5707648096 -- 
rowv5.0497766741e+01/vv8.6521608203e+01/v/row
!-- 2150-11-13 12:53:16 EST / 5707648396 -- 
rowv5.586560e+01/vv6.660450e+01/v/row


-Steve S.

Re: n00b spamd/spamdb question

[Steven Roberts]

 Date: Thu, 21 Aug 2014 13:11:23 -0500
 From: Adam Thompson athom...@athompso.net
 To: OpenBSD-misc list misc@openbsd.org

 I've finally started using spamd on a new mail server, and am seeing 
 some results that I don't understand.  (I'm also using smtpd(8) now, so 
 this is all new software to me...)

That is exciting. spamd and smtpd are excellent imho.

I recommend you continue to read the man pages until you have
a better understanding of how they work.


 1 - spamdb(8) shows nothing but WHITE-listed entries
 2 - but spamd(8) (running with -v -G 2:4:864) logs almost every one of 
 those WHITE IP addresses as either being greylisted or blacklisted.

 Shouldn't those be showing up as BLACK in spamdb, not WHITE ?

spamdb(8) indicates 4 different entry types.
BLACK is not an entry type.

 My best guess so far is that I've got the -G passtime too low, and 
 everyone talking to me so far is really aggressive and actually retries 
 correctly...?  This server is still only a secondary MX for the domains 
 that get hit with lots of spam, so that's actually plausible.

I would recommend using the default spamd values.

Cheers.

Re: n00b spamd/spamdb question

[Steven Roberts]

 Oops.  I see that now.  Then how do I see what IPs are blacklisted 
 without becoming a human version of spamd-setup(8)?

If running spamd in default mode ...

1. spamdb(8), TRAPPED entries.
2. The spamd.conf(5) file is read by spamd-setup(8) to configure
blacklists for spamd(8).

I am not aware of a way to fetch the blacklist directly from
spamd. I believe 'spamd-cfg' services(5) is for sending data only.

P.S. The sender does not need to be blacklisted in order to prevent
their spam from reaching your smtpd. Check out your /var/log/daemon
to monitor connections/activity etc.

Distributed.net Client Dropped?

[Steven]

Hi;

I've noticed that dnetc is no longer in the ports repository.  In
fact I've noticed that the port hasn't run properly over much of the
past year.

I'm not complaining but I am curious if dnetc was dropped due to
lack of an interested maintainer, or if Distributed.net wasn't
properly maintaining their official client?

That said, I'm sure I could find a more practical purpose for my CPU
cycles than dnetc, seti or such.  Probably for the best, my wife
says that I spend far too much time on the computer anyhow. :-)

--
W. Steven Schneider  w.steven.schnei...@ualberta.net

Re: Messed-up package dependencies?

[Steven Roberts]

 So, it seems that upgrading from 5.5-STABLE to -current completely
 messed-up package dependencies.

http://www.openbsd.org/faq/current.html

You should ALWAYS use a snapshot as the starting point for running -current. 
Upgrading by compiling your own source code is not supported.

 I certainly make something terribly wrong... but what? And is there
 any way to recover the situation? Where should I start the debugging?

Backup your data. Install a Snapshot. Try again.

http://www.openbsd.org/faq/faq5.html#Flavors

P.S. Why do you want to run current?

Re: Request for Funding our Electricity

[Steven Chamberlain]

I've set up a small recurring donation for now.

I'd like to throw out some ideas and questions if I may:

* Anyone selling an OpenBSD-based solution to business customers might
want to imagine the OS has some sort of 'license fee', increase the
quote for their work accordingly, and pass along the sum in donations.

* Please could we get a newer picture than rack2009.jpg?  I assume much
has already changed;  I don't see a loongson build machine for example.
 Would the picture be anywhere near representative of where the CAN$20k
electricity costs arise?

* Is there any easy means on-hand to measure power consumption, maybe
reading stats from the UPSes, or using plug-in meters such as those made
by CurrentCost; would anything like that be worth putting on the
hardware wishlist?

* Could potential energy savings be roughly worked out, and maybe
mentioned in the hardware wishlist somehow?  Would a Sun Fire T1000 be
able to replace some number of older sparc boxes for example?  And as
SSDs become larger, would a pair of them be able to replace some number
of power-hungry 10k RPM disks?  Such things are all the more valuable as
donations if they have a lower operating cost than what they replaced.

Regards,
-- 
Steven Chamberlain
ste...@pyro.eu.org

Re: relayd filter rewrite?

[Steven M. Caesare]

 -Original Message-
 From: Reyk Floeter [mailto:reyk.floe...@googlemail.com] On Behalf Of
Reyk Floeter
 Sent: Saturday, January 11, 2014 10:41 AM
 To: Steven M. Caesare
 Cc: OpenBSD general usage list
 Subject: Re: relayd filter rewrite?
 
 Hi!
 
 On 10.01.2014, at 21:58, Steven M. Caesare scaes...@caesare.com
wrote:
 
  I've just rebuilt my FW as a 5.4 box, and was investigating using
  relayd (rather than squid) to transparently proxy for a couple of
web
  host servers.
 
 
 
  It appears that this would be made possible by the filter rewrite
  mentioned at asiabsdcon 2013:
 
 
 
  http://www.openbsd.org/papers/relayd-slides-asiabsdcon2013.pdf
 
 
 
  http://www.openbsd.org/papers/relayd-asiabsdcon2013.pdf
 
 
 
 
 
  It looks like this was targeted for v5.4. However, I don't see the
new
  filter syntax referenced in the 5.4 man pages, nor in current. Did
the
  filter rewrite happen yet? And relayd chokes if I try using that
syntax.
 
 
 Sorry, the filter rewrite hasn't been finished yet.
 
 I simply didn't have enough time to finish it yet. At AsiaBSDCon in
March 2013, I didn't know about another project that
 took some of my spare time in 2013, but our second kid was
successfully released in December 2013. Now I'm slowly
 having more time to work on the relayd filter rewrite again.
 

Excellent, congratulations! The biological products can indeed be time
consuming. 

 
 
  If not, am I overlooking a method to proxy (or redirect) based on
  incoming http host header request to multiple back end web servers,
or
  would I likely be better off sticking to squid for the time being?
 
 
 Unfortunately, the filter rewrite is the way to go, the current code
is not capable of doing this.
 
 Reyk
 

Thanks for the response, and the excellent work on relayd... much
appreciated.

-sc

relayd filter rewrite?

[Steven M. Caesare]

I've just rebuilt my FW as a 5.4 box, and was investigating using relayd
(rather than squid) to transparently proxy for a couple of web host
servers.



It appears that this would be made possible by the filter rewrite
mentioned at asiabsdcon 2013:



http://www.openbsd.org/papers/relayd-slides-asiabsdcon2013.pdf



http://www.openbsd.org/papers/relayd-asiabsdcon2013.pdf





It looks like this was targeted for v5.4. However, I don't see the new
filter syntax referenced in the 5.4 man pages, nor in current. Did the
filter rewrite happen yet? And relayd chokes if I try using that syntax.



If not, am I overlooking a method to proxy (or redirect) based on
incoming http host header request to multiple back end web servers, or
would I likely be better off sticking to squid for the time being?



-sc

Re: From the military propaganda department

[Steven]

We're honestly giving this guy way too much attention.

--
W. Steven Schneider  w.steven.schnei...@ualberta.net