Re: ifconfig autoconf stopped working - how to debug?

[deich...@placebonol.com]

What did the packet capture look like during the DHCP request/response?

On May 27, 2024 10:56:19 AM MDT, Chris Narkiewicz  wrote:
>On Mon, May 27, 2024 at 03:06:04PM +0100, Zé Loff wrote:
>> On Mon, May 27, 2024 at 01:51:25PM +0100, Chris Narkiewicz wrote:
>> dhcpleased now handles this.  You can run it with -d and with one or
>> more "-v"s.  You can also use dhcpleasectl to request a new lease.
>
>I run dhcpleased -d -vvv and here is the output:
>
>state_transition[vio0] Down -> Rebooting, timo: 1
>DHCPREQUEST on vio0
>iface_timeout[1]: Rebooting
>state_transition[vio0] Rebooting -> Rebooting, timo: 2
>DHCPREQUEST on vio0
>iface_timeout[1]: Rebooting
>deleting AAA.BBB.CCC.DDD from vio0 (lease from 0.0.0.0)
>state_transition[vio0] Rebooting -> Init, timo: 1
>DHCPDISCOVER on vio0
>deconfigure_interface vio0
>iface_timeout[1]: Init
>state_transition[vio0] Init -> Init, timo: 2
>DHCPDISCOVER on vio0
>iface_timeout[1]: Init
>state_transition[vio0] Init -> Init, timo: 4
>
>and so on, so on, so on, timo: 8, 16, 32, 64...
>
>The weird thing is that AAA.BBB.CCC.DDD is the IP address
>I'm expecting to receive, but it's not listed in ifconfig vio0 output.
>
>Best regards,
>Chris Narkiewicz
>

Re: ifconfig autoconf stopped working - how to debug?

[deich...@placebonol.com]

Besides the other comments I'd use tcpdump to see if there was any response 
from the DHCP server.

In addition configuring the interface using the IP address assigned by DHCP is 
a really bad idea.  Someday that address could get assigned to a different 
system, this will most occur when you least expect it.

Fixing a problem is always better than a bandaid solution.  

diana

On May 27, 2024 8:38:42 AM MDT, Souji Thenria  wrote:
>On Mon May 27, 2024 at 1:51 PM BST, Chris Narkiewicz wrote:
>> I have a netcup VPS and it crashed recently. After service restoration
>> and fsck, the system cannot obtain IPv4 using autoconf.
>> 
>> I'm wondering how I can debug DHCP autoconfiguration.  dhclient -v -d
>> doesn't show anything, as the functionality has been mmoved to
>> ifconfig.
>> 
>> ifconfig vio0 debug doesn't print anything.
>> 
>> Best regards,
>> Chris Narkiewicz
>
>Hi Chris,
>
>I had the same issue with one of my VPSs hosted at netcup after I
>rebooted it some weeks ago. It looked like the DHCP server did not
>respond.
>
>In the end, I assigned my IP address statically and removed the DHCP
>configuration.
>
>Regards,
>Souji
>

Re: How to use the tun0 interface (VPN)?

[deich...@placebonol.com]

Can you explain what you are trying to accomplish with a VPN?

On May 9, 2024 7:16:38 AM MDT, Sadeep Madurange  wrote:
>Hello,
>
>I am trying to use the openvpn client. I have a .ovpn file I got from my
>vpn provider. I installed the openvpn package and ran the openvpn client
>using the following command:
>
>$ doas openvpn --config client.ovpn --auth-user-pass auth.txt 
>
>Above command appears to succeed. ifconfig shows:
>
>lo0: flags=2008049 mtu 32768
>index 4 priority 0 llprio 3
>groups: lo
>inet6 ::1 prefixlen 128
>inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
>inet 127.0.0.1 netmask 0xff00
>iwx0: flags=808843 mtu 1500
>lladdr d8:3b:bf:b5:ea:b9
>index 1 priority 4 llprio 3
>groups: wlan egress
>media: IEEE802.11 autoselect (VHT-MCS1 mode 11ac)
>status: active
>ieee80211: join gcat chan 44 bssid 9c:53:22:fc:16:22 98% wpakey 
> wpaprotos wpa2 wpaakms psk wpaciphers ccmp wpagroupcipher ccmp
>inet 192.168.0.14 netmask 0xff00 broadcast 192.168.0.255
>em0: flags=808843 mtu 1500
>lladdr 00:2b:67:60:ff:6d
>index 2 priority 0 llprio 3
>media: Ethernet autoselect (none)
>status: no carrier
>enc0: flags=0<>
>index 3 priority 0 llprio 3
>groups: enc
>status: active
>pflog0: flags=141 mtu 33136
>index 5 priority 0 llprio 3
>groups: pflog
>tun0: flags=8051 mtu 1500
>index 9 priority 0 llprio 3
>groups: tun
>status: active
>inet 10.73.0.30 --> 10.73.0.29 netmask 0x
>
>However, it doesn't look like my internet traffic is going through the
>vpn. Following is the output of 'netstat -nr -f inet':
>
>Routing tables
>
>Internet:
>DestinationGatewayFlags   Refs  Use   Mtu  Prio  Iface
>default192.168.0.1UGS5 1075 -12  iwx0 
>224/4  127.0.0.1  URS0 1175 32768 8  lo0  
>127/8  127.0.0.1  UGRS   00 32768 8  lo0  
>127.0.0.1  127.0.0.1  UHhl   12 32768 1  lo0  
>192.168.0/24   192.168.0.14   UCn1  536 - 8  iwx0 
>192.168.0.19c:53:22:fc:16:20  UHLch  2  771 - 7  iwx0 
>192.168.0.14   d8:3b:bf:b5:ea:b9  UHLl   019244 - 1  iwx0 
>192.168.0.255  192.168.0.14   UHb0   32 - 1  iwx0 
>
>-- 
>Sadeep Madurange
>PGP: 103BF9E3E750BF7E
>

Re: obsd wifi

[deich...@placebonol.com]

ummm, did you try ifconfig?

On May 4, 2024 12:01:54 PM MDT, Gustavo Rios  wrote:
>Hi folks!
>
>I have just installed OpenBSD in my brand new notebook. It is a dell
>notebook that came with just a wifi NIC. How do i discover the name o my
>wifi nic ?
>
>Thanks a lot.
>
>-- 
>The lion and the tiger may be more powerful, but the wolves do not perform
>in the circus

Re: syntax error in httpd.conf file

[deich...@placebonol.com]

continuing with man page recommendations, when you read entirely to the end of 
a man page you will see reference to related man pages.  At the end of httpd 
man there are several references, including httpd.conf

On April 19, 2024 8:58:34 PM MDT, Alexis  wrote:
>"Luca Leone"  writes:
>
>> I could not find much online on how to write these two guys: httpd.conf and 
>> relayd.conf
>
>On OpenBSD, the first places to check for documentation are:
>
>* the man(ual) pages, which can be accessed from the command line,  e.g.
>
> $ man httpd.conf
> $ man relayd.conf
>
>but which can also be accessed online:
>
> https://man.openbsd.org/httpd.conf.5
> https://man.openbsd.org/relayd.conf.5
>

Re: Firewall setup

[deich...@placebonol.com]

I'm a long time network engineer/firewall admin/make things work on our network 
when it is broken.

First, ICMP Echo Request ( "ping" ) works, you proved that when you sent an 
Echo Request to a host using it's IP address.  The fact that DNS host 
resolution fails has nothing to do with ICMP Echo Request.  You WILL want to 
get DNS name resolution working in order to use hostnames, unless you want to 
keep everything in a static host file.

In order to create a functioning firewall you need a good understanding of ip 
tcp/ip ports and protocols.  To see what I'm talking about do an Internet 
search for 5 tuple firewall.

You will need this knowledge for any system using statefull firewall, not just 
PF.

Others are trying to help you write a functioning PF conf, however I think you 
need to learn how to fish before embarking on a deep sea fishing excursion.

73
diana 



On April 14, 2024 9:09:01 AM MDT, Karel Lucas  wrote:
>Hi all,
>
>Everything about PF is all very confusing to me at the moment, so any help is 
>appreciated. So let's start simple and then proceed step by step. I want to 
>continue with ping so that I can test the connection to the internet. This 
>works: ping -c 10 195.121.1.34. But this doesn't work: ping -c 10 
>www.apple.com. As others have stated, I have a problem with using DNS servers 
>on the internet. The PF ruleset needs to be adjusted for this, but it is still 
>not clear to me how to do that. What else do I need to get ping to work 
>correctly? To get started simply, I created a new pf.conf file, see below.
>
>
>/etc/pf.conf:
>
>ext_if = igc0                              # The interface to the outside world
>int_if = "{ igc1, igc2 }"                # The interfaces to the private hosts
>localnet = "192.168.2.0/24"      # Hosts on the screened LAN
>
>tcp_services = "{ smtp, domain, www, auth, http, https, pop3, pop3s }"
>udp_services = "{ domain, ntp }"
>email = "{ smtp, imap, imaps, imap3, pop3, pop3s }"
>icmp_types = "{ echoreq, unreach }"
>icmp6_types = "{ echoreq, unreach }"
>nameservers = "{ 195.121.1.34, 195.121.1.66 }"
>client_out = "{ ssh, domain, pop3, auth, nportntp, http, https, \
>                      446, cvspserver, 2628, 5999, 8000, 8080 }"
>martians = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \
>                    10.0.0.0/8, 169.254, 0.0/16, 192.0.2.0/24, \
>                    0.0.0.0/8, 240.0.0.0/4 }"
>
># Options:
>set block-policy return
>
>set skip on lo
>
>block log all                # block stateless traffic
>
># Normalize packets:
>match in all scrub ( no-df max-mss 1440 )
>
>block in quick on $ext_if from $martians to any
>block out quick on $ext_if from any to $martians
>
># Letting ping through:
>pass log on inet proto icmp icmp-type $icmp_types
>pass log on inet6 proto icmp6 icmp6-type $icmp6_types
>
>pass out all
>
>

Re: sysupgrade on pcEngines apu2 boards hangs

[deich...@placebonol.com]

Do you have enough available space on partition?  You didn't mention how many 
OS upgrades you've done on these systems.

diana

On April 7, 2024 3:04:53 PM MDT, Glen Gunsalus  
wrote:
>I have been running OpenBSD on three apu2 boards (as firewalls) for several 
>years and doing remote (ssh to boards) with no problems.
>
>Doing the 7.4 to 7.5 upgrades I had an initial success then two failures. Not 
>confidence building since these firewalls are at remote sites.
>
>Not sure where the problem lies, here is what I've experienced:
>
>pcEngines apu2 boards, running sysupgrade - have been running OpenBSD
>since about 6.2 and doing remote (ssh to board) for several releases
>w/o any problems
>
>Did successful sysupgrade on one board the evening before 7.5 release
>notification using: url  https://cdn.openbsd.org/pub/OpenBSD/ (other
>mirrors not yet showing items in 7.5 directory)
>
>Went fine, as per norm.
>
>Next day did on a second board using my default url (as per all previous
>remote upgrades)  https://mirrors.sonic.net/pub/OpenBSD/
>
>after syspugrade pings ok but cannot ssh:
>ssh: connect to host 10.42.xx.xx port 22: Connection refused
>
>used minicom to hook up to serial port and was able to see (didn't
>require login??):
>
># ls -al
>total 166
>drwxr-xr-x  11 root  wheel512 Apr  7 18:34 .
>drwxr-xr-x  11 root  wheel512 Apr  7 18:34 ..
>-rw-r--r--   1 root  wheel   1770 Mar 20 21:53 .profile
>-rw-r--r--   1 root  wheel194 Apr  7 18:34 auto_upgrade.conf
>lrwxr-xr-x   1 root  wheel 11 Mar 20 21:53 autoinstall -> install.sub
>drwxr-xr-x   2 root  wheel512 Mar 20 21:53 bin
>drwxr-xr-x   2 root  wheel   2560 Apr  7 18:34 dev
>drwxr-xr-x   5 root  wheel512 Apr  7 18:34 etc
>lrwxr-xr-x   1 root  wheel 11 Mar 20 21:53 install -> install.sub
>-rw-r--r--   1 root  wheel   2903 Mar 20 21:53 install.md
>-rwxr-xr-x   1 root  wheel  64483 Mar 20 21:53 install.sub
>drwxr-xr-x  15 root  wheel512 Apr  7 18:36 mnt
>drwxr-xr-x   2 root  wheel512 Mar 20 21:53 mnt2
>drwxr-xr-x   2 root  wheel   1024 Mar 20 21:53 sbin
>drwxrwxrwt   4 root  wheel512 Apr  7 18:36 tmp
>lrwxr-xr-x   1 root  wheel 11 Mar 20 21:53 upgrade -> install.sub
>drwxr-xr-x   6 root  wheel512 Mar 20 21:53 usr
>drwxr-xr-x   6 root  wheel512 Mar 20 21:53 var
>
>reboot from serial console with minicom
>
>Comes back up (can ssh now) but with only one cpu (normally running mp - 
>cpu[0-3] )
>
>reboot
>
>Watching on serial port
>
>reorder_kernel: failed -- see /usr/share/relink/kernel/GENERIC/relink.log
>
>as per log: run 'sha256 -h /var/db/kernel.SHA256 /bsd'
>
>reboot, no error, but still in single cpu mode.
>
>reboot bsd.mp
>
>hang, ssh connection refused
>
>Power cycle to get fresh reboot but still hangs
>
>still on serial port: boot usb with miniroot75.img
>
>reboot - needed to reset - 'stty com0 115200; set tty com0', otherwise hangs
>
>Choose upgrade
>
>Success!
>
>This happened on a third apu2 board; thus, two unsucessful and one successful 
>sysupgrades on apu2 boards
>
>Any ideas/pointers?  I'd like this not to reoccur.
>
>
>
>

Re: How to exit cu?

[deich...@placebonol.com]

FWIW I've seen the same behavior, glad you figured it out.

73
diana 

On March 28, 2024 10:35:18 PM MDT, Sadeep Madurange  wrote:
>On 2024-03-29 14:56:08, jslee wrote:
>> On Fri, 29 Mar 2024, at 14:18, Sadeep Madurange wrote:
>> > I opened a serial terminal using 'cu -l cuaU0 -s 115200', but can't
>> > exit
>> 
>> Enter
>> ~
>> .
>> 
>> Try that
>> 
>> (It also works for OpenSSH interactive sessions)
>
>I managed to get it working. I needed to press Enter, press ~ (and
>release), then press Ctrl and D keys at the same time. Thank you.
>
>-- 
>Sadeep Madurange
>PGP: 103BF9E3E750BF7E
>

Re: Security questions: Login spoofing, X11 keylogging, and sandboxed apps

[deich...@placebonol.com]

not in the mailing list world I've been using for close to 30 years 

if you post to the mailing list I reply to the mailing list 

On March 28, 2024 3:16:45 PM MDT, Dan  wrote:
>You didn't "Reply All", so I didn't get your reply in my inbox. (The person
>you're replying to should be in the To field, and the mailing list in the
>Cc field.)
>

Re: rm: #08057459: Operation not permitted

[deich...@placebonol.com]

can you share what caused ls to coredump 

On March 26, 2024 2:30:14 PM MDT, Peter Fraser  wrote:
>The reason why ls -l faulted has been found and is being worked on.
>
>The next step is trying to delete the files.
>Running as root
>rm fails with Operation not permitted
>so does chmod and chown end chattr
>
>Any ideas on how to get rid of the files
>
>

Re: can't find PID

[deich...@placebonol.com]

not wanting to speak for someone else, but I'm pretty sure it was sarcasm.

On March 5, 2024 8:21:40 AM MST, ofthecentury  wrote:
>Well, that's not very noice. Where is security?
>
>On Tue, Mar 5, 2024 at 7:45 PM Theo de Raadt  wrote:
>
>> PID 6504 was my shell.  I've logged off now.
>>
>> What are you expecting here??
>>
>>
>> ofthecentury  wrote:
>>
>> > Yes, I'm tcdupming pflog and ALL my dropped packets
>> > reference some PID 6504 that is not found among
>> > the processes that are running. I was actually not fishing
>> > for PIDs, I just saw the PID referenced in the standard
>> > tcpdump output. For forensics I just want to find the link
>> > between PID referenced in tcpdump to the process,
>> > and I cannot, and I believe I should be able to for security.
>> >
>> >
>> >
>> > On Tue, Mar 5, 2024 at 7:12 PM Janne Johansson 
>> wrote:
>> >
>> > > Den tis 5 mars 2024 kl 14:35 skrev ofthecentury <
>> ofthecent...@gmail.com>:
>> > > >
>> > > > Hi, I'm on a fresh install of OpenBSD 7.4.
>> > > > I am watching output of tcpdump and
>> > > > seeing some drops that all reference
>> > > > UID 0, pid 6504. I cannot find that PID
>> > > > among running processes. Does anyone
>> > > > know what is that process and why it's
>> > > > not running but tcpdump references it?
>> > >
>> > > OpenBSD has random pids, so unless you ask about pid 0 or 1, noone can
>> > > divine what process had pid 6504 on your system at that time.
>> > >
>> > > As for this report, it looks like you are tcpdumping pflog in order to
>> > > see "drops" with pids, but since you didn't mention what you ran, it's
>> > > hard to tell. Nor did you state how you looked for pids, perhaps not
>> > > using all the possible options?
>> > >
>> > >
>> > > --
>> > > May the most significant bit of your life be positive.
>> > >
>>

Re: Ignore some USB devices

[deich...@placebonol.com]

OpenBSD is a monolithic kernel, unlike Linux module design.

You can enter the kernel on boot and disable device drivers, boot-config(8) .

On February 19, 2024 9:30:22 AM MST, "Kirill A. Korinsky"  
wrote:
>On Mon, 19 Feb 2024 17:10:27 +0100,
>Nowarez Market wrote:
>> 
>> You should be able to do it by the /etc/bsd.re-config file, you can start 
>> from here:
>> 
>> http://man.openbsd.org/bsd.re-config
>> 
>> Please be very careful.
>> 
>> (It needs two reboots to apply any change)
>> 
>
>I feel consfused: isn't it a way to exclude some module?
>
>If yes, it isn't that I'm looking.
>
>For example, I'm using USB audio, but I'd like to ban USB audio which is
>included into my display, but not ban the module because if I do so, I
>won't able to use USB audio dingle which I use to connect to wireless
>headphones.
>
>Right now I have:
>
>  ~ $ usbdevs  
>  Controller /dev/usb0:
>  addr 01: 8086: Intel, xHCI root hub
>  addr 02: 1050:0404 Yubico, YubiKey CCID
>  addr 03: 13d3:56f2 Azurewave, USB camera
>  addr 04: 8087:0026 Intel, Bluetooth
>  addr 05: 043e:9a61 LG Electronics Inc., USB2.1 Hub
>  addr 06: 043e:9a73 LG USA, product 0x9a73
>  addr 07: 043e:9a66 LG Electronics Inc., LG UltraFine Display Audio
>  addr 08: 043e:9a68 LG Electronlcs Inc., LG UltraFine Display Camera
>  addr 09: 05ac:0265 Apple Inc., Magic Trackpad
>  addr 10: 05ac:026c Apple Inc., Magic Keyboard with Numeric Keypad
>  addr 11: 043e:9a70 LG Electronics Inc., LG UltraFine Display Controls
>  addr 12: 0a12:4010 Cambridge Silicon Radio, product 0x4010
>  addr 13: 041e:3130 Creative, Creative BT-W5
>  ~ $
>
>and I would like somehow to disable
>
>  addr 07: 043e:9a66 LG Electronics Inc., LG UltraFine Display Audio
>  addr 08: 043e:9a68 LG Electronlcs Inc., LG UltraFine Display Camera
>
>but keeping
>
>  addr 03: 13d3:56f2 Azurewave, USB camera
>  addr 13: 041e:3130 Creative, Creative BT-W5
>
>I've tried to play with config -e /bsd but the best that I can figure
>out is how to disable uaudio, and not only one, specific, device.
>
>-- 
>wbr, Kirill
>

Re: Installing shellinabox on OpenBSD

[deich...@placebonol.com]

Not answering your question because I am interested why you want to use a 3rd 
party software package when you can easily remotely manage a system using ssh?

73
diana

On February 12, 2024 7:21:54 AM MST, Odhiambo Washington  
wrote:
>Hello world,
>
>I am an OBSD newbie. Please bear with me.
>I have installed OBSD7.4 VM and would like to be able to access it remotely
>using a browser.
>Now, I do know how to configure things, but installing them is the
>challenge.
>
>Has anyone managed to install shellinabox (
>https://github.com/shellinabox/shellinabox/tree/master/shellinabox) on
>OpenBSD and is willing to share how it's done?
>
>Thank you.
>
>-- 
>Best regards,
>Odhiambo WASHINGTON,
>Nairobi,KE
>+254 7 3200 0004/+254 7 2274 3223
> In an Internet failure case, the #1 suspect is a constant: DNS.
>"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
>[How to ask smart questions:
>http://www.catb.org/~esr/faqs/smart-questions.html]

Re: many serial ports

[deich...@placebonol.com]

Years ago, maybe 10 or so years, a similar question was posted on misc@.  
Someone posted a USB 24 serial port 1U rackmount device.  I bought one of these 
for the lab at work and it was used until the lab was remodeled.  You might be 
able to find it if you search misc@ archives

On February 8, 2024 2:00:14 AM MST, Jan Stary  wrote:
>What HW do people use to read data from many serial ports
>simultaneously? My use case is reading the output of
>https://en.wikipedia.org/wiki/Electropalatography
>The device has eight serial port outputs;
>I need to read those at the computer side.
>
>Do I just stuff my box with 8 cereals,
>or is there something more elegant?
>Some multiplexing USB dongle?
>
>   Jan
>

Re: Astertisk missing library

[deich...@placebonol.com]

isk/modules/app_audiosocket.so: undefined symbol 
>'ast_audiosocket_send_frame'
>asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined symbol 
>'ast_audiosocket_receive_frame'
>unload_shlib called on /usr/local/lib/asterisk/modules/app_audiosocket.so
>unload_shlib called on /usr/local/lib/libBlocksRuntime.so.0.0
>unload_shlib called on /usr/lib/libpthread.so.27.1 unload_shlib unloading on 
>/usr/local/lib/asterisk/modules/app_audiosocket.so
>dlopen: /usr/local/lib/asterisk/modules/app_audiosocket.so: done (failed).
>
>and much further down
>
>dlopen: loading: /usr/local/lib/asterisk/modules/res_audiosocket.so
>objname [/usr/local/lib/asterisk/modules/res_audiosocket.so], dynp 
>0x5bdacbf6e68, objtype 4 lbase 5bdacbf2000, obase 5bdacbf2000  flags 
>/usr/local/lib/asterisk/modules/res_audiosocket.so = 0x0 head 
>/usr/local/lib/asterisk/modules/res_audiosocket.so
>obj /usr/local/lib/asterisk/modules/res_audiosocket.so has 
>/usr/local/lib/asterisk/modules/res_audiosocket.so as head linking 
>/usr/local/lib/asterisk/modules/res_audiosocket.so as dlopen()ed head 
>[/usr/local/lib/asterisk/modules/res_audiosocket.so]
>examining: '/usr/local/lib/asterisk/modules/res_audiosocket.so'
>loading: libpthread.so.27.1 required by 
>/usr/local/lib/asterisk/modules/res_audiosocket.so
>loading: libBlocksRuntime.so.0.0 required by 
>/usr/local/lib/asterisk/modules/res_audiosocket.so
>linking dep /usr/local/lib/libBlocksRuntime.so.0.0 as child of 
>/usr/local/lib/asterisk/modules/res_audiosocket.so
>linking dep /usr/lib/libpthread.so.27.1 as child of 
>/usr/local/lib/asterisk/modules/res_audiosocket.so
>tail /usr/local/lib/asterisk/modules/res_audiosocket.so
>protect RELRO [0x5bdacbf6dc0,0x5bdacbf8000) in 
>/usr/local/lib/asterisk/modules/res_audiosocket.so
>doing ctors obj 0x5bd85ea4800 @0x5bdacbf5640: 
>[/usr/local/lib/asterisk/modules/res_audiosocket.so]
>doing initarray obj 0x5bd85ea4800 @0x5bdacbf6e58: 
>[/usr/local/lib/asterisk/modules/res_audiosocket.so]
>dlopen: /usr/local/lib/asterisk/modules/res_audiosocket.so: done (success).
>doing finiarray obj 0x5bd85ea4800 @0x5bdacbf6e60: 
>[/usr/local/lib/asterisk/modules/res_audiosocket.so]
>doing dtors obj 0x5bd85ea4800 @0x5bdacbf5660: 
>[/usr/local/lib/asterisk/modules/res_audiosocket.so]
>unload_shlib called on /usr/local/lib/asterisk/modules/res_audiosocket.so
>unload_shlib called on /usr/local/lib/libBlocksRuntime.so.0.0
>unload_shlib called on /usr/lib/libpthread.so.27.1 unload_shlib unloading on 
>/usr/local/lib/asterisk/modules/res_audiosocket.so
>dlopen: loading: /usr/local/lib/asterisk/modules/res_audiosocket.so
>objname [/usr/local/lib/asterisk/modules/res_audiosocket.so], dynp 
>0x5bd62362e68, objtype 4 lbase 5bd6235e000, obase 5bd6235e000  flags 
>/usr/local/lib/asterisk/modules/res_audiosocket.so = 0x0 head 
>/usr/local/lib/asterisk/modules/res_audiosocket.so
>obj /usr/local/lib/asterisk/modules/res_audiosocket.so has 
>/usr/local/lib/asterisk/modules/res_audiosocket.so as head linking 
>/usr/local/lib/asterisk/modules/res_audiosocket.so as dlopen()ed head 
>[/usr/local/lib/asterisk/modules/res_audiosocket.so]
>examining: '/usr/local/lib/asterisk/modules/res_audiosocket.so'
>
>-Original Message-
>From: owner-m...@openbsd.org  On Behalf Of Stuart 
>Henderson
>Sent: Tuesday, February 6, 2024 4:17 AM
>To: misc@openbsd.org
>Subject: Re: Astertisk missing library
>
>On 2024-02-06, deich...@placebonol.com  wrote:
>> are the libraries in the search path?
>
>they're not normal library deps for the main binary, all dlopen()'d from the 
>relevant path.
>
>> On February 5, 2024 10:54:38 AM MST, Peter Fraser  wrote:
>>>I should also add the libraries re on my system, and nm says they 
>>>contain the simples I don't know why they are not loading.
>
>maybe you'll get some clues by running with LD_DEBUG set in the environment - 
>there will be a *lot* of output so run under script(1).
>
>or, try comparing /etc/asterisk with one of your working machines and see 
>what's different.
>
>>>From: owner-m...@openbsd.org  On Behalf Of 
>>>Stuart Henderson
>>>Sent: Monday, February 5, 2024 7:15 AM
>>>To: misc@openbsd.org
>>>Subject: Re: Astertisk missing library
>>>
>>>On 2024-02-04, Peter Fraser  wrote:
>>>> Asterisk 20.5.2 works for me two different amd64 computers that I upgraded 
>>>> from 7.3  amd64  to 7.4.
>>>...
>>>> [Feb  4 10:33:11] NOTICE[107524]: loader.c:2405 load_modules: 280 modules 
>>>> will be loaded.
>>>> asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined 
>>>> symbol 'ast_audiosocket_connect'
>>>> asterisk:/usr/local/li

Re: cwm crash when destroying window during move (patch included)

[deich...@placebonol.com]

you should definitely submit a bug report with your code 

On February 7, 2024 1:27:07 PM MST, ZenitDS  wrote:
>
>In my patch there were some issues with unhandled events. I upload
>here a hopefully better patch. Not pretty but fixes the issues.
>
>New patch:
>
>Index: calmwm.h
>===
>RCS file: /cvs/xenocara/app/cwm/calmwm.h,v
>retrieving revision 1.379
>diff -u -p -r1.379 calmwm.h
>--- calmwm.h   20 Jul 2023 14:39:34 -  1.379
>+++ calmwm.h   7 Feb 2024 20:25:12 -
>@@ -481,7 +481,7 @@ struct geom screen_area(struct screen_
> struct screen_ctx *screen_find(Window);
> void   screen_init(int);
> void   screen_prop_win_create(struct screen_ctx *, Window);
>-void   screen_prop_win_destroy(struct screen_ctx *);
>+void   screen_prop_win_destroy(struct screen_ctx *, int);
> void   screen_prop_win_draw(struct screen_ctx *,
>const char *, ...)
>   __attribute__((__format__ (printf, 2, 3)))
>@@ -558,6 +558,7 @@ voidconf_screen(struct screen_ctx 
>*)
> void   conf_group(struct screen_ctx *);
> 
> void   xev_process(void);
>+void   xev_process_ev(XEvent *);
> 
> intxu_get_prop(Window, Atom, Atom, long, unsigned char 
> **);
> intxu_get_strprop(Window, Atom, char **);
>Index: kbfunc.c
>===
>RCS file: /cvs/xenocara/app/cwm/kbfunc.c,v
>retrieving revision 1.174
>diff -u -p -r1.174 kbfunc.c
>--- kbfunc.c   20 Jul 2023 14:39:34 -  1.174
>+++ kbfunc.c   7 Feb 2024 20:25:12 -
>@@ -169,8 +169,8 @@ kbfunc_client_move_mb(void *ctx, struct 
> 
>   screen_prop_win_create(sc, cc->win);
>   screen_prop_win_draw(sc, "%+5d%+5d", cc->geom.x, cc->geom.y);
>-  while (move) {
>-  XMaskEvent(X_Dpy, MOUSEMASK, );
>+  while (move > 0) {
>+  XMaskEvent(X_Dpy, MOUSEMASK | SubstructureNotifyMask, );
>   switch (ev.type) {
>   case MotionNotify:
>   /* not more than 60 times / second */
>@@ -197,11 +197,28 @@ kbfunc_client_move_mb(void *ctx, struct 
>   case ButtonRelease:
>   move = 0;
>   break;
>+  /* check for destroy events, in case the client window
>+   * gets destroyed, which forcefully closes the prop window.
>+   */
>+  case DestroyNotify:
>+  /* set move to -1 to specify abrupt exit */
>+  if (ev.xdestroywindow.window == cc->win) {
>+  screen_prop_win_destroy(sc, 1);
>+  move = -1; 
>+  } else if (ev.xdestroywindow.window == sc->prop.win) {
>+  screen_prop_win_destroy(sc, 0);
>+  move = -1; 
>+  }
>+  xev_process_ev();
>+  default: /* process event anyway */
>+  xev_process_ev();
>   }
>   }
>-  if (ltime)
>-  client_move(cc);
>-  screen_prop_win_destroy(sc);
>+  if (move != -1) {
>+  if (ltime)
>+  client_move(cc);
>+  screen_prop_win_destroy(sc, 1);
>+  }
>   XUngrabPointer(X_Dpy, CurrentTime);
> }
> 
>@@ -258,7 +275,7 @@ kbfunc_client_resize_mb(void *ctx, struc
> 
>   screen_prop_win_create(sc, cc->win);
>   screen_prop_win_draw(sc, "%4d x %-4d", cc->dim.w, cc->dim.h);
>-  while (resize) {
>+  while (resize > 0) {
>   XMaskEvent(X_Dpy, MOUSEMASK, );
>   switch (ev.type) {
>   case MotionNotify:
>@@ -277,11 +294,27 @@ kbfunc_client_resize_mb(void *ctx, struc
>   case ButtonRelease:
>   resize = 0;
>   break;
>+  /* check for destroy events, in case the client window
>+   * gets destroyed, which forcefully closes the prop window.
>+   */
>+  case DestroyNotify:
>+  if (ev.xdestroywindow.window == cc->win) {
>+  screen_prop_win_destroy(sc, 1);
>+  resize = -1; 
>+  } else if (ev.xdestroywindow.window == sc->prop.win) {
>+  screen_prop_win_destroy(sc, 0);
>+  resize = -1; 
>+  }
>+  default: /* process event anyway */
>+  xev_process_ev();
>+  break;
>   }
>   }
>-  if (ltime)
>-  client_resize(cc, 1);
>-  screen_prop_win_destroy(sc);
>+  if (resize != -1) {
>+  if (ltime)
>+  

Re: Astertisk missing library

[deich...@placebonol.com]

are the libraries in the search path?

On February 5, 2024 10:54:38 AM MST, Peter Fraser  wrote:
>I should also add the libraries re on my system, and nm says they contain the 
>simples
>I don't know why they are not loading.
>
>-Original Message-
>From: owner-m...@openbsd.org  On Behalf Of Stuart 
>Henderson
>Sent: Monday, February 5, 2024 7:15 AM
>To: misc@openbsd.org
>Subject: Re: Astertisk missing library
>
>On 2024-02-04, Peter Fraser  wrote:
>> Asterisk 20.5.2 works for me two different amd64 computers that I upgraded 
>> from 7.3  amd64  to 7.4.
>...
>> [Feb  4 10:33:11] NOTICE[107524]: loader.c:2405 load_modules: 280 modules 
>> will be loaded.
>> asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined 
>> symbol 'ast_audiosocket_connect'
>> asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined 
>> symbol 'ast_audiosocket_init'
>> asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined 
>> symbol 'ast_audiosocket_send_frame'
>> asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined 
>> symbol 'ast_audiosocket_receive_frame'
>
>those are in res_audiosocket.so
>
>> asterisk:/usr/local/lib/asterisk/modules/app_speech_utils.so: undefined 
>> symbol 'ast_speech_new'
>> asterisk:/usr/local/lib/asterisk/modules/app_speech_utils.so: undefined 
>> symbol 'ast_speech_destroy'
>> asterisk:/usr/local/lib/asterisk/modules/app_speech_utils.so: undefined 
>> symbol 'ast_speech_grammar_load'
>> asterisk:/usr/local/lib/asterisk/modules/app_speech_utils.so: undefined 
>> symbol 'ast_speech_grammar_unload'
>> asterisk:/usr/local/lib/asterisk/modules/app_speech_utils.so: undefined 
>> symbol 'ast_speech_grammar_activate'
>
>and those in res_speech.so
>
>> asterisk:/usr/local/lib/asterisk/modules/app_stasis.so: undefined symbol 
>> 'stasis_app_exec'
>
>res_statis
>
>> asterisk:/usr/local/lib/asterisk/modules/chan_pjsip.so: undefined symbol 
>> 'ast_sip_cli_traverse_objects'
>> asterisk:/usr/local/lib/asterisk/modules/chan_pjsip.so: undefined symbol 
>> 'ast_sip_cli_traverse_objects'
>> asterisk:/usr/local/lib/asterisk/modules/chan_pjsip.so: undefined symbol 
>> 'ast_sip_cli_traverse_objects'
>> asterisk:/usr/local/lib/asterisk/modules/chan_pjsip.so: undefined symbol 
>> 'ast_sip_cli_traverse_objects'
>> asterisk:/usr/local/lib/asterisk/modules/chan_pjsip.so: undefined symbol 
>> 'ast_sip_push_task_wait_servant'
>
>res_pjsip
>
>etc. I think you may be missing something in modules.conf. I'd probably start 
>with a copy of /usr/local/share/examples/asterisk/default/modules.conf
>and see if that works, then tweak from there.
>
>--
>Please keep replies on the mailing list.
>

Re: Astertisk missing library

[deich...@placebonol.com]

Did you install from pkg_add,?

On February 3, 2024 1:05:26 PM MST, Peter Fraser  wrote:
>I am putting up Asterisk on a new OpenBSD system.
>
>It is for a charity, I have not put together a new system for a long time, but 
>I have upgraded several.
>
>The asterisk on a new system is missing a large number of symbols of the form:
>
>ast_sip_* ast_stir_* statis_app*
>
>I can't find what is missing, I assume some what a library dependency was 
>missed, so my other Asterisk on other OpendBSD system are using the old version
>
>Any help or suggestions you can offer would be appreciated.
>
>

Re: certbot with cloudflare dns-01 challenge

[deich...@placebonol.com]

Hmmm, I don't believe "inconvenience" for an OpenBSD user motivates folks who 
create OpenBSD packages.

Look at this another way, you could create 
py3-certbot-dns-cloudflare package, and submit it to OpenBSD ports list for 
inclusion as a supported package, with you as the developer.  Then you would be 
contributing to OpenBSD.

73
diana



On December 27, 2023 3:49:59 AM MST, hammer2_zfs  wrote:
>hi, dears;-)
>
>I'm using the OpenBSD 7.4 and snapshots.
>recently, I was trying the pkg_add certbot certbot-dns-cloudflare.
>pkg_add certbot was ok. but, pkg_add certbot-dns-cloudflare was fail.
>(it was need a pip. it must be pkg_add py3-certbot-dns-cloudflare. but same 
>things. )
>
>I was more trying. pkg_add py3-pip py3-cryptography_vectors rust.
>And run:
>pip freeze > requirements.txt_orig
>cat requirements.txt_orig|grep certbot|sed 
>"s/==/-dns-cloudflare==/g">>requirements.txt
>python3 -m venv _any_ && . ./_any_/bin/activate;
>pip3 install --upgrade pip && pip install -r requirements.txt
>it was getting done. I could run certbot certonly -dns-cloudflare ...any.
>but, so terrible job.
>(ofcouse any programer will get a success, but many users could not get a 
>success.)
>
>Why "OpenBSD packages" did not have a py3-certbot-dns-cloudflare.
>It's a very inconvenient.

Re: cwm on wayland

[deich...@placebonol.com]

C'mon folks, this is OpenBSD misc@, you can disagree all you want about other 
projects code of conduct, just don't do it here.

In other words STFU and contribute something to OpenBSD.

73
diana

Re: OpenBSD alternative setup to ZFS on Linux or FreeBSD

[deich...@placebonol.com]

On November 24, 2023 2:48:06 PM MST, Crystal Kolipe 
 wrote:
>On Fri, Nov 24, 2023 at 04:01:11PM -0500, Stephen Wiley wrote:
>> I was messing with blueray a couple years ago for archiving. Last I checked
>> it's pretty marginal in terms of cost when compared with SSDs.
>
>Archiving to SSD?  You can't be serious.  I've seen more spurious unreported
>bit flips from SSDs than just about any other storage medium.  SSD would be
>beyond my last choice for long term storage of anything I cared about.


Another interesting thread.

I would never consider anything that uses semiconductor technology for long 
term, archival storage.  Over 40 years ago I worked on an Intel research 
project looking at the effects of Alpha particles on memory cells.  Forty years 
later Alpha particles are much bigger relative to current architectures.  We 
used to measure in microns, now we are at or close to sub nanometer structures.

Re: iPhone Charging

[deich...@placebonol.com]

I don't know if y'all noticed but this is an OpenBSD mail list.

Just saying, the more you post about things unrelated to OpenBSD, the more 
likely people are to just delete your posts without reading them.

Re: Donations

[deich...@placebonol.com]

also, consider https://www.openbsd.org/want.html as another form of donation

73
diana

Re: Bridging em and vlan

[deich...@placebonol.com]

couple ideas

log all traffic destined to/from IOT device IP address, see if there is 
additional udp/tcp connections for the device during the remote control session

I was also going to suggest capturing packet flow with tcpdump, but the first 
step is a good place to start.

diana
KI5PGJ 



On October 2, 2023 7:26:30 AM MDT, David Higgs  wrote:
>
>
>I'm still trying to determine ground truth with manufacturer support.  Port
>forwarding doesn't seem sufficient.  The device can reach out just fine but
>is not remotely controllable as advertised.
>

Re: Update from 6.5 to 7.3

[deich...@placebonol.com]

Once upon a time I provided an official OpenBSD mirror with every release that 
had a CD release, going back to 2.3, but then the drive failed and I didn't 
have time to rebuild it.

73
diana

On September 8, 2023 2:12:57 AM MDT, "Herbert J. Skuhra"  
wrote:
>On Fri, 08 Sep 2023 10:01:45 +0200, Alessandro Baggi wrote:
>> 
>> Hi list,
>> I've a problem. I need to upgrade OpenBSD from 6.5 to 7.3 on an
>> APU2D. This is a firewall.
>> The problem is that I cannot find older ISO of OpenBSD. Can someone
>> point me in the right direction?
>> 
>> Thank you in advance.
>
>Mirror in Australia:
>
>https://mirror.aarnet.edu.au/pub/OpenBSD/
>
>--
>Herbert
>

Re: desire for journaled filesystem

[deich...@placebonol.com]

A couple questions, did you look OpenBSD installer create the filesystems or 
did you define a custom layout? 

FWIW, you should have a pretty good idea what is in/home.  I reckon you could 
ignore lost+found contents as they would be related to some application running 
when the fault occurred.

73
diana 

On September 5, 2023 11:31:26 AM MDT, John Holland  
wrote:
>I have a backup that is at least 2 days old offsite at a friend’s house. It 
>would be a bit of a pain to go retrieve it, but I could do that. 
>
> Short of that, I have 4000+ files in lost+found with names like #1094827. 
> What can I do with those? I tried running “file” on the first 50 via xargs 
> and they mostly at least purport to be some sort of intact file. How can I 
> determine what they are? Please don’t suggest that I manually use “file” and 
> then an appropriate program to examine each one in turn
>
>> On Sep 5, 2023, at 1:17 PM, Andreas Kähäri  wrote:
>> 
>> On Tue, Sep 05, 2023 at 08:54:58AM -0400, John Holland wrote:
>>> I just had a kernel panic when reloading a firefox tab pointed at facebook.
>>> After restarting, all the filesystems had errors but /home was particularly
>>> bad and caused the boot to stop and prompt if I wanted to enter a root
>>> shell.
>>> 
>>> 
>>> I eventually got fsck to mark the /home filesystem clean but it found >4000
>>> lost files that it moved to lost I am not so experienced with this,
>>> running "file" on a few of them shows that they may be intact files but they
>>> have numeric names now.
>> [cut]
>> 
>> 
>> A regular external backup would have saved your data no matter what
>> filesystem you might have been using.  There are a few different backup
>> solutions available in the ports tree.  I use restic, both on OpenBSD
>> and macOS.
>> 
>> 
>> -- 
>> Andreas (Kusalananda) Kähäri
>> SciLifeLab, NBIS, ICM
>> Uppsala University, Sweden
>> 
>> .
>> 
>

Re: volatility or something like that in the future ?

[deich...@placebonol.com]

I saw no hatred in the post you replied to.

OpenBSD developers are Makers, not Takers.  They code for OpenBSD for 
themselves, not for the user community.  

The point is you should spend some time trying to contribute before you start 
asking for some "feature".  

I've been a user for 25 years and really appreciate all the work the developers 
have done during that time.  In that time I've also contributed a very 
microscopic bit of bug fixes.

diana

On August 19, 2023 4:05:41 AM MDT, whistlez  wrote:
>Il 2023-08-18 19:42 Mike Larkin ha scritto:

>I honestly don't understand this hatred. I call it that because I refuse
>to accept that you didn't understand the question. Volatility has no
>plugin to interpret a ram dump on openbsd and so having only the dump is
>totally useless. If you really don't understand I'll paste the
>volatility help to show you that there are no plugins for openbsd but
>only for linux, windows and mac.
>
>$ vol --help 
>Volatility 3 Framework 1.0.0-beta.1
>usage: volatility [-h] [-c CONFIG] [--parallelism
>[{processes,threads,off}]] [-e EXTEND] [-p PLUGIN_DIRS] [-s SYMBOL_DIRS]
>[-v] [-l LOG] [-o OUTPUT_DIR] [-q]
>  [-r RENDERER] [-f FILE] [--write-config]
>[--clear-cache] [--single-location SINGLE_LOCATION]
>[--single-swap-locations SINGLE_SWAP_LOCATIONS]
>  plugin ...
>
>An open-source memory forensics framework
>
>optional arguments:
>  -h, --helpshow this help message and exit
>  -c CONFIG, --config CONFIG
>Load the configuration from a json file
>  --parallelism [{processes,threads,off}]
>Enables parallelism (defaults to processes if no
>argument given)
>  -e EXTEND, --extend EXTEND
>Extend the configuration with a new (or changed)
>setting
>  -p PLUGIN_DIRS, --plugin-dirs PLUGIN_DIRS
>Semi-colon separated list of paths to find
>plugins
>  -s SYMBOL_DIRS, --symbol-dirs SYMBOL_DIRS
>Semi-colon separated list of paths to find
>symbols
>  -v, --verbosity   Increase output verbosity
>  -l LOG, --log LOG Log output to a file as well as the console
>  -o OUTPUT_DIR, --output-dir OUTPUT_DIR
>Directory in which to output any generated files
>  -q, --quiet   Remove progress feedback
>  -r RENDERER, --renderer RENDERER
>Determines how to render the output (quick, csv,
>pretty, json, jsonl)
>  -f FILE, --file FILE  Shorthand for --single-location=file:// if
>single-location is not defined
>  --write-configWrite configuration JSON file out to config.json
>  --clear-cache Clears out all short-term cached items
>  --single-location SINGLE_LOCATION
>Specifies a base location on which to stack
>  --single-swap-locations SINGLE_SWAP_LOCATIONS
>Specifies a list of swap layer URIs for use with
>single-location
>
>Plugins:
>  plugin
>configwriter.ConfigWriter
>Runs the automagics and both prints and outputs
>configuration in the output directory.
>frameworkinfo.FrameworkInfo
>Plugin to list the various modular components of
>Volatility
>layerwriter.LayerWriter
>Runs the automagics and writes out the primary
>layer produced by the stacker.
>linux.bash.Bash Recovers bash command history from memory.
>linux.check_afinfo.Check_afinfo
>Verifies the operation function pointers of
>network protocols.
>linux.check_syscall.Check_syscall
>Check system call table for hooks.
>linux.elfs.Elfs Lists all memory mapped ELF files for all
>processes.
>linux.lsmod.Lsmod   Lists loaded kernel modules.
>linux.lsof.Lsof Lists all memory maps for all processes.
>linux.malfind.Malfind
>Lists process memory ranges that potentially
>contain injected code.
>linux.proc.Maps Lists all memory maps for all processes.
>linux.pslist.PsList
>Lists the processes present in a particular
>linux memory image.
>linux.pstree.PsTree
>Plugin for listing processes in a tree based on
>their parent process ID.
>mac.bash.Bash   Recovers bash command history from memory.
>mac.check_syscall.Check_syscall
>Check system call table for hooks.
>mac.check_sysctl.Check_sysctl
>Check sysctl handlers for hooks.
>mac.check_trap_table.Check_trap_table
>Check mach trap table for hooks.
>mac.ifconfig.Ifconfig
>Lists loaded kernel modules
>mac.lsmod.Lsmod Lists loaded kernel modules.
>mac.lsof.lsof   Lists all open file descriptors for all
>processes.
>mac.malfind.Malfind
>Lists process memory ranges that potentially
>contain injected code.
>

Re: ip6-only ipsec tunnel over ip4

[deich...@placebonol.com]

I have an L2 tunnel ( eoip ) going across IPsec tunnel, I'm routing ip4 across 
it.

You could try the same with ipv6.

diana
KI5PGJ 

On July 25, 2023 8:07:16 PM MDT, "Lyndon Nerenberg (VE7TFX/VE6BBM)" 
 wrote:
>I need to set up an ipsec tunnel between a couple of ip6 networks,
>but I only have an ip4 path between the two gateways.  I don't want
>any ip4 traffic inside the ipsec tunnel, so I'm a bit puzzled about
>how to set this up.  Once I have the end-points up, can I just point
>the ip6 traffic and routes at enc0?  All the example I can find
>assume you're tunneling ip4 traffic through an ip4 tunnel. (Sorry,
>but after three decades of trying, I still can't make heads nor
>tails of ipsec :-P)
>
>--lyndon
>

Re: Allwinner D1 riscv64 mango pi SBC

[deich...@placebonol.com]

I'm going to reach out to a few folks who I see are doing riscv64 specific 
development.  I realize they might not want to take on yet another h/w design.

g.day


On July 18, 2023 3:14:18 PM MDT, Mike Larkin  wrote:
>On Tue, Jul 18, 2023 at 02:02:45PM -0600, deich...@placebonol.com wrote:
>> Hi Mike
>>
>> I've volunteered to coordinate a purchase of Mango Pi to get them into 
>> OpenBSD developers working on riscv64 platform.
>>
>> It has been awhile but I used to facilitate getting h/w into OpenBSD 
>> developers hands on a semi-regular basis.
>>
>> diana
>>
>>
>
>Great. I don't know who would be interested, so I'd wait to let them speak
>up before ordering anything.
>
>-ml
>
>>
>> On July 16, 2023 1:13:02 PM MDT, "Peter J. Philipp"  
>> wrote:
>> >On Sun, Jul 16, 2023 at 06:25:50PM +, Mike Larkin wrote:
>> >> On Sun, Jul 16, 2023 at 11:56:51AM +0200, Peter J. Philipp wrote:
>> >> > Hi *,
>> >> >
>> >> > I'm back for the moment.  I was wondering who has a Allwinner D1 
>> >> > riscv64 SBC?
>> >> > This is the Mango Pi SBC.
>> >> >
>> >> > I have one which has linux on it currently but I'm trying to boot 
>> >> > OpenBSD on
>> >> > it.  But I'm fairly lazy and haven't done much with this lately.  I can 
>> >> > get
>> >> > to the riscv64 loader but when it loads the kernel, it goes blind.  So 
>> >> > there
>> >> > is more than just getting the GPIO pins configured which I think I have 
>> >> > been
>> >> > able to adjust.
>> >> >
>> >> > I use a QEMU-based riscv64 emulation to compile kernels which is slow 
>> >> > but this
>> >> > SBC isn't much faster either (1000 Mhz it claims).
>> >> >
>> >> > I use this u-boot directive to get into the boot loader:
>> >> >
>> >> > setenv bootobsd 'load mmc 0:1 0x4FA0 
>> >> > /boot/dtbs/5.19.0-1009-allwinner/allwinner/sun20i-d1-nezha-memory.dtb ; 
>> >> >  load mmc 0:f 0x4008  /EFI/OpenBSD/BOOTRISCV64.EFI ; bootefi 
>> >> > 0x4008 0x4FA0'
>> >> >
>> >> > followed by a:
>> >> >
>> >> > run bootobsd
>> >> >
>> >> > I am unsure how to save this though in the u-boot itself.  Any hints 
>> >> > would be
>> >> > appreciated.
>> >> >
>> >> > I think we need a specific riscv mailing list for this sort of stuff 
>> >> > perhaps
>> >> > it's too technical for misc.  Regarding to the nostradamus stuff of 
>> >> > someone
>> >> > from chicago (Re: A couple of Questions) , check out "1st wave" and
>> >> > "cade foster" on youtube (reruns), this will feed you more ideas.  my 
>> >> > personal
>> >> > opinion is that time travel of information is possible, contributing to 
>> >> > major
>> >> > headaches when events get changed (for the prometheus seers).
>> >> >
>> >> > Back to "reality" I'm looking for a group of people to help getting the 
>> >> > mango
>> >> > pi working.  I'm hampered by pride to ask knowledged people and these 
>> >> > people
>> >> > have their own directions and I don't want to bother their efforts.  
>> >> > The more
>> >> > we are the more we could possibly get something done.
>> >> >
>> >>
>> >> The best way to get that done is to get hardware in the hands of 
>> >> developer(s).
>> >> Wishing on misc@ is likely not going to get anyone interested. Check the 
>> >> commit
>> >> logs for people working in this area, reach out to them, and see if they 
>> >> are
>> >> interested in helping.
>> >>
>> >> -ml
>> >
>> >Hi Mike,
>> >
>> >Thanks.  This will take a bit, I'm in talks to get a new job soon, which 
>> >will
>> >put extra money in my pocket.  Then I may be able to get a handful of these
>> >perhaps.  Do you still keep tabs on Shivam, Mars, Brian, and Wenyan?  Are 
>> >they
>> >still interested in riscv64 after the initial port with yours and Dales
>> >guidance?  I think I paid something like 30 EUR for a Mango Pi from 
>> >AliExpress
>> >buying 4 would work but I can only do this when I have secured the job.
>> >
>> >Best Regards,
>> >-peter
>> >
>> >--
>> >Over thirty years experience on Unix-like Operating Systems starting with 
>> >QNX.
>> >

Re: Allwinner D1 riscv64 mango pi SBC

[deich...@placebonol.com]

Hi Mike

I've volunteered to coordinate a purchase of Mango Pi to get them into OpenBSD 
developers working on riscv64 platform.

It has been awhile but I used to facilitate getting h/w into OpenBSD developers 
hands on a semi-regular basis.

diana 



On July 16, 2023 1:13:02 PM MDT, "Peter J. Philipp"  
wrote:
>On Sun, Jul 16, 2023 at 06:25:50PM +, Mike Larkin wrote:
>> On Sun, Jul 16, 2023 at 11:56:51AM +0200, Peter J. Philipp wrote:
>> > Hi *,
>> >
>> > I'm back for the moment.  I was wondering who has a Allwinner D1 riscv64 
>> > SBC?
>> > This is the Mango Pi SBC.
>> >
>> > I have one which has linux on it currently but I'm trying to boot OpenBSD 
>> > on
>> > it.  But I'm fairly lazy and haven't done much with this lately.  I can get
>> > to the riscv64 loader but when it loads the kernel, it goes blind.  So 
>> > there
>> > is more than just getting the GPIO pins configured which I think I have 
>> > been
>> > able to adjust.
>> >
>> > I use a QEMU-based riscv64 emulation to compile kernels which is slow but 
>> > this
>> > SBC isn't much faster either (1000 Mhz it claims).
>> >
>> > I use this u-boot directive to get into the boot loader:
>> >
>> > setenv bootobsd 'load mmc 0:1 0x4FA0 
>> > /boot/dtbs/5.19.0-1009-allwinner/allwinner/sun20i-d1-nezha-memory.dtb ;  
>> > load mmc 0:f 0x4008  /EFI/OpenBSD/BOOTRISCV64.EFI ; bootefi 0x4008 
>> > 0x4FA0'
>> >
>> > followed by a:
>> >
>> > run bootobsd
>> >
>> > I am unsure how to save this though in the u-boot itself.  Any hints would 
>> > be
>> > appreciated.
>> >
>> > I think we need a specific riscv mailing list for this sort of stuff 
>> > perhaps
>> > it's too technical for misc.  Regarding to the nostradamus stuff of someone
>> > from chicago (Re: A couple of Questions) , check out "1st wave" and
>> > "cade foster" on youtube (reruns), this will feed you more ideas.  my 
>> > personal
>> > opinion is that time travel of information is possible, contributing to 
>> > major
>> > headaches when events get changed (for the prometheus seers).
>> >
>> > Back to "reality" I'm looking for a group of people to help getting the 
>> > mango
>> > pi working.  I'm hampered by pride to ask knowledged people and these 
>> > people
>> > have their own directions and I don't want to bother their efforts.  The 
>> > more
>> > we are the more we could possibly get something done.
>> >
>> 
>> The best way to get that done is to get hardware in the hands of 
>> developer(s).
>> Wishing on misc@ is likely not going to get anyone interested. Check the 
>> commit
>> logs for people working in this area, reach out to them, and see if they are
>> interested in helping.
>> 
>> -ml
>
>Hi Mike,
>
>Thanks.  This will take a bit, I'm in talks to get a new job soon, which will 
>put extra money in my pocket.  Then I may be able to get a handful of these
>perhaps.  Do you still keep tabs on Shivam, Mars, Brian, and Wenyan?  Are they
>still interested in riscv64 after the initial port with yours and Dales
>guidance?  I think I paid something like 30 EUR for a Mango Pi from AliExpress
>buying 4 would work but I can only do this when I have secured the job.
>
>Best Regards,
>-peter
>
>-- 
>Over thirty years experience on Unix-like Operating Systems starting with QNX.
>

Re: Allwinner D1 riscv64 mango pi SBC

[deich...@placebonol.com]

Hi Peter

I don't have a lot of spare money lately, last week extensive car repair and 
the home air conditioner failed last week, however I can contribute funds for 
quantity 1 and maybe 2 Mango Pi.  Perhaps some one else can help too.

diana

On July 16, 2023 1:13:02 PM MDT, "Peter J. Philipp"  
wrote:
>On Sun, Jul 16, 2023 at 06:25:50PM +, Mike Larkin wrote:
>> On Sun, Jul 16, 2023 at 11:56:51AM +0200, Peter J. Philipp wrote:
>> > Hi *,
>> >
>> > I'm back for the moment.  I was wondering who has a Allwinner D1 riscv64 
>> > SBC?
>> > This is the Mango Pi SBC.
>> >
>> > I have one which has linux on it currently but I'm trying to boot OpenBSD 
>> > on
>> > it.  But I'm fairly lazy and haven't done much with this lately.  I can get
>> > to the riscv64 loader but when it loads the kernel, it goes blind.  So 
>> > there
>> > is more than just getting the GPIO pins configured which I think I have 
>> > been
>> > able to adjust.
>> >
>> > I use a QEMU-based riscv64 emulation to compile kernels which is slow but 
>> > this
>> > SBC isn't much faster either (1000 Mhz it claims).
>> >
>> > I use this u-boot directive to get into the boot loader:
>> >
>> > setenv bootobsd 'load mmc 0:1 0x4FA0 
>> > /boot/dtbs/5.19.0-1009-allwinner/allwinner/sun20i-d1-nezha-memory.dtb ;  
>> > load mmc 0:f 0x4008  /EFI/OpenBSD/BOOTRISCV64.EFI ; bootefi 0x4008 
>> > 0x4FA0'
>> >
>> > followed by a:
>> >
>> > run bootobsd
>> >
>> > I am unsure how to save this though in the u-boot itself.  Any hints would 
>> > be
>> > appreciated.
>> >
>> > I think we need a specific riscv mailing list for this sort of stuff 
>> > perhaps
>> > it's too technical for misc.  Regarding to the nostradamus stuff of someone
>> > from chicago (Re: A couple of Questions) , check out "1st wave" and
>> > "cade foster" on youtube (reruns), this will feed you more ideas.  my 
>> > personal
>> > opinion is that time travel of information is possible, contributing to 
>> > major
>> > headaches when events get changed (for the prometheus seers).
>> >
>> > Back to "reality" I'm looking for a group of people to help getting the 
>> > mango
>> > pi working.  I'm hampered by pride to ask knowledged people and these 
>> > people
>> > have their own directions and I don't want to bother their efforts.  The 
>> > more
>> > we are the more we could possibly get something done.
>> >
>> 
>> The best way to get that done is to get hardware in the hands of 
>> developer(s).
>> Wishing on misc@ is likely not going to get anyone interested. Check the 
>> commit
>> logs for people working in this area, reach out to them, and see if they are
>> interested in helping.
>> 
>> -ml
>
>Hi Mike,
>
>Thanks.  This will take a bit, I'm in talks to get a new job soon, which will 
>put extra money in my pocket.  Then I may be able to get a handful of these
>perhaps.  Do you still keep tabs on Shivam, Mars, Brian, and Wenyan?  Are they
>still interested in riscv64 after the initial port with yours and Dales
>guidance?  I think I paid something like 30 EUR for a Mango Pi from AliExpress
>buying 4 would work but I can only do this when I have secured the job.
>
>Best Regards,
>-peter
>
>-- 
>Over thirty years experience on Unix-like Operating Systems starting with QNX.
>

Re: Syspatch https://cdn.openbsd.org/pub/OpenBSD

[deich...@placebonol.com]

accessible via my T-Mobile phone



On July 12, 2023 5:04:21 PM MDT, Chris Narkiewicz  wrote:
>On Wed, Jul 12, 2023 at 03:19:17PM -0700, latin...@vcn.bc.ca wrote:
>> Is it working?
>> https://cdn.openbsd.org/pub/OpenBSD
>
>Works for me.
>
>Best regards,
>Chris Narkiewicz
>

Re: [7.3/i386] pf-badhost - Illegal instruction (core dumped)

[deich...@placebonol.com]

I realize he shared it here, but this an OpenBSD mailing list.  I strongly 
suggest you contact the author, don't just "hope" he regularly monitors this 
list.

I've contacted him before at his email address and he was very prompt in reply.

73
diana 
KI5PGJ 

On May 30, 2023 8:05:04 AM MDT, Radek  wrote:
>Hello and sorry for the late reply,
>
>> Did you contact the individual who provides pf-bafhost script?  He has 
>> always responded to me when I contacted him.
>No, I didn't. Jordan shared his scripts here, I hope he reads misc@. 
>

Re: [7.3/i386] pf-badhost - Illegal instruction (core dumped)

[deich...@placebonol.com]

Did you contact the individual who provides pf-bafhost script?  He has always 
responded to me when I contacted him.

diana 

On May 25, 2023 8:26:31 AM MDT, Radek  wrote:
>Hello,
>I am getting the following error message when I try to run pf-badhost script 
>[1] at fresh install 7.3/i386. Have I missed something?
>
>1. https://www.geoghegan.ca/pub/pf-badhost/latest/install/openbsd.txt
>
>test73# doas -u _pfbadhost pf-badhost -O openbsd
>doas (r...@test73.my.domain) password:
>Illegal instruction
>Illegal instruction
>Illegal instruction
>Illegal instruction
>Illegal instruction
>Illegal instruction
>Illegal instruction (core dumped)
>Illegal instruction (core dumped)
>Illegal instruction (core dumped)
>Illegal instruction (core dumped)
>
>No blocklist changes...
>Illegal instruction (core dumped)
>
>pf-badhost:
>IPv4 addresses in table:  0
>
>
>Radek
>

Re: OpenBSD Hackathons

[deich...@placebonol.com]

I was invited to one many years ago, for one reason or another I declined.

So if you ever get invited I suggest you jump at the opportunity.

73
diana 

On May 12, 2023 2:07:57 PM MDT, Anders Andersson  wrote:
>On Fri, May 12, 2023 at 9:39 PM Katherine Mcmillan  wrote:
>>
>> Hi Stuart,
>>
>> Thank you for your response.  The upcoming OpenBSD Hackathons aren't 
>> published anywhere?  How do new people know where/when they are?
>>
>> Thank you,
>> Katie
>
>From the website you linked: "Hackathon attendees come by invitation
>only. Some new people in the community who show promise are sometimes
>invited to see if they have what it takes. However, hackathons are not
>developer training events."
>
>So presumably new people should not know where/when they are, by design.
>

Re: veb Interface Max Cache Size Restrict

[deich...@placebonol.com]

As already suggested by another response, from a networker perspective, you 
have a huge, flat network.  Can you provide some detail for your use case?

On April 20, 2023 4:02:03 AM MDT, Samuel Jayden  
wrote:
>Yeah. Thanks. It worked.
>
>deich...@placebonol.com , 19 Nis 2023 Çar, 17:17
>tarihinde şunu yazdı:
>
>> OpenBSD tries to limit the amount of knob tuning, people tend to shoot
>> themselves in the foot when they start playing with knobs.
>>
>> However you can always compile your own kernel with the information
>> provided.
>>
>> On April 19, 2023 2:12:00 AM MDT, Samuel Jayden <
>> samueljaydan1...@gmail.com> wrote:
>> >Sincerely thank you David for your answer,
>> >I hope you may consider committing it to src and I kindly say that it
>> would
>> >be perfect if this max cache size limit value was tied to a sysctl
>> >parameter.
>> >
>> >David Gwynne , 19 Nis 2023 Çar, 02:30 tarihinde şunu
>> >yazdı:
>> >
>> >> On Tue, Apr 18, 2023 at 07:51:08PM +, Samuel Jayden wrote:
>> >> > Hello,
>> >> > I have one veb interface in OpenBSD 7.2 and 5 ethernet ports are
>> paired
>> >> > with this veb. As I understand from the ifconfig output, 4096 mac
>> address
>> >> > cache values can be kept in this veb interface .
>> >> >
>> >> > ifconfig veb10
>> >> > veb10: flags=8843
>> >> > index 12 llprio 3
>> >> > groups: veb
>> >> > em3 flags=3
>> >> > port 4 ifpriority 0 ifcost 0
>> >> > em0 flags=3
>> >> > port 1 ifpriority 0 ifcost 0
>> >> > em1 flags=3
>> >> > port 2 ifpriority 0 ifcost 0
>> >> > ix3 flags=3
>> >> > port 8 ifpriority 0 ifcost 0
>> >> > ix2 flags=3
>> >> > port 7 ifpriority 0 ifcost 0
>> >> > Addresses (max cache: 4096, timeout: 240):
>> >> > 2c:f0:5d:73:f8:c4 em1 0 flags=0<>
>> >> > 
>> >> >
>> >> > When I tried to extend this limit value with the command "ifconfig
>> veb10
>> >> > maxaddr 4097", I got the following error message:
>> >> > "ifconfig: veb10: Invalid argument"
>> >> > The maximum value I can give without this error message is 4096. Isn't
>> >> this
>> >> > value a bit narrow?
>> >>
>> >> maybe. it seemed pretty high when i made it up.
>> >>
>> >> > I have tested that the mac addresses of the connected devices are not
>> >> > recorded in the veb interface after exceeding the limit.
>> >> >
>> >> > I want to switch from Cisco device to OpenBSD in a place where there
>> are
>> >> > more than 8 thousand MAC addresses, but I need to exceed this max
>> cache
>> >> > size value.
>> >> > How can I increase this max cache size value 8192 or higher value?
>> >>
>> >> you change 4096 to a bigger number in the code.
>> >>
>> >> Index: if_etherbridge.c
>> >> ===
>> >> RCS file: /cvs/src/sys/net/if_etherbridge.c,v
>> >> retrieving revision 1.7
>> >> diff -u -p -r1.7 if_etherbridge.c
>> >> --- if_etherbridge.c5 Jul 2021 04:17:41 -   1.7
>> >> +++ if_etherbridge.c19 Apr 2023 02:25:54 -
>> >> @@ -675,7 +676,7 @@ int
>> >>  etherbridge_set_max(struct etherbridge *eb, struct ifbrparam *bparam)
>> >>  {
>> >> if (bparam->ifbrp_csize < 1 ||
>> >> -   bparam->ifbrp_csize > 4096) /* XXX */
>> >> +   bparam->ifbrp_csize > 16384) /* XXX */
>> >> return (EINVAL);
>> >>
>> >> /* commit */
>> >>
>>

Re: veb Interface Max Cache Size Restrict

[deich...@placebonol.com]

OpenBSD tries to limit the amount of knob tuning, people tend to shoot 
themselves in the foot when they start playing with knobs.

However you can always compile your own kernel with the information provided.

On April 19, 2023 2:12:00 AM MDT, Samuel Jayden  
wrote:
>Sincerely thank you David for your answer,
>I hope you may consider committing it to src and I kindly say that it would
>be perfect if this max cache size limit value was tied to a sysctl
>parameter.
>
>David Gwynne , 19 Nis 2023 Çar, 02:30 tarihinde şunu
>yazdı:
>
>> On Tue, Apr 18, 2023 at 07:51:08PM +, Samuel Jayden wrote:
>> > Hello,
>> > I have one veb interface in OpenBSD 7.2 and 5 ethernet ports are paired
>> > with this veb. As I understand from the ifconfig output, 4096 mac address
>> > cache values can be kept in this veb interface .
>> >
>> > ifconfig veb10
>> > veb10: flags=8843
>> > index 12 llprio 3
>> > groups: veb
>> > em3 flags=3
>> > port 4 ifpriority 0 ifcost 0
>> > em0 flags=3
>> > port 1 ifpriority 0 ifcost 0
>> > em1 flags=3
>> > port 2 ifpriority 0 ifcost 0
>> > ix3 flags=3
>> > port 8 ifpriority 0 ifcost 0
>> > ix2 flags=3
>> > port 7 ifpriority 0 ifcost 0
>> > Addresses (max cache: 4096, timeout: 240):
>> > 2c:f0:5d:73:f8:c4 em1 0 flags=0<>
>> > 
>> >
>> > When I tried to extend this limit value with the command "ifconfig veb10
>> > maxaddr 4097", I got the following error message:
>> > "ifconfig: veb10: Invalid argument"
>> > The maximum value I can give without this error message is 4096. Isn't
>> this
>> > value a bit narrow?
>>
>> maybe. it seemed pretty high when i made it up.
>>
>> > I have tested that the mac addresses of the connected devices are not
>> > recorded in the veb interface after exceeding the limit.
>> >
>> > I want to switch from Cisco device to OpenBSD in a place where there are
>> > more than 8 thousand MAC addresses, but I need to exceed this max cache
>> > size value.
>> > How can I increase this max cache size value 8192 or higher value?
>>
>> you change 4096 to a bigger number in the code.
>>
>> Index: if_etherbridge.c
>> ===
>> RCS file: /cvs/src/sys/net/if_etherbridge.c,v
>> retrieving revision 1.7
>> diff -u -p -r1.7 if_etherbridge.c
>> --- if_etherbridge.c5 Jul 2021 04:17:41 -   1.7
>> +++ if_etherbridge.c19 Apr 2023 02:25:54 -
>> @@ -675,7 +676,7 @@ int
>>  etherbridge_set_max(struct etherbridge *eb, struct ifbrparam *bparam)
>>  {
>> if (bparam->ifbrp_csize < 1 ||
>> -   bparam->ifbrp_csize > 4096) /* XXX */
>> +   bparam->ifbrp_csize > 16384) /* XXX */
>> return (EINVAL);
>>
>> /* commit */
>>

Re: hardware

[deich...@placebonol.com]

and lest we forget, all the gray/grey ones 

On April 19, 2023 2:19:48 AM MDT, Jan Stary  wrote:
>Once we leveraged the synergy of the red and purple solution frameworks.
>
>On Apr 18 07:47:56, deich...@placebonol.com wrote:
>> I was always partial to the blue or purple ones.
>> 
>> On April 18, 2023 3:42:58 AM MDT, Joel Carnat  wrote:
>> >
>> >> Le 18 avr. 2023 à 11:30, Stuart Henderson  a 
>> >> écrit :
>> >> 
>> >> On 2023-04-18, Mischa  wrote:
>> >>>> On 2023-04-17 23:37, Mike Larkin wrote:
>> >>>> On Mon, Apr 17, 2023 at 02:21:14PM -0600, Theo de Raadt wrote:
>> >>>>> Gustavo Rios  wrote:
>> >>>>> 
>> >>>>>> What is the best supported servers by OpenBSD ?
>> >>>>> 
>> >>>>> The silver ones work a little bit better than the black ones.
>> >>>>> 
>> >>>> 
>> >>>> disagree. All my long running servers are the black ones.
>> >>> 
>> >>> I concur. The black ones are the best!
>> >>> They also need to have blue blinkenlights.
>> >> 
>> >> No love for the blue ones?
>> >
>> >If SunFire v100 count as blue, I do.
>> >
>> >
>> 
>

Re: hardware

[deich...@placebonol.com]

I was always partial to the blue or purple ones.

On April 18, 2023 3:42:58 AM MDT, Joel Carnat  wrote:
>
>> Le 18 avr. 2023 à 11:30, Stuart Henderson  a 
>> écrit :
>> 
>> On 2023-04-18, Mischa  wrote:
 On 2023-04-17 23:37, Mike Larkin wrote:
 On Mon, Apr 17, 2023 at 02:21:14PM -0600, Theo de Raadt wrote:
> Gustavo Rios  wrote:
> 
>> What is the best supported servers by OpenBSD ?
> 
> The silver ones work a little bit better than the black ones.
> 
 
 disagree. All my long running servers are the black ones.
>>> 
>>> I concur. The black ones are the best!
>>> They also need to have blue blinkenlights.
>> 
>> No love for the blue ones?
>
>If SunFire v100 count as blue, I do.
>
>

Re: ixl not seeing SFP+ modules ?

[deich...@placebonol.com]

The Intel 710 only works with Intel brand optics.  It is possible you can find 
optics which will report as Intel, though I've never tried.

I do use FlexOptix programmable optics in various network devices.  When I get 
to the office I'll plug in the programmer and see if it can code Intel optic 
info.

73
diana

On April 14, 2023 11:39:06 AM MDT, Theo de Raadt  wrote:
>Welcome to the world of vendor optic locking.
>
>Laura Smith  wrote:
>
>> I have an ixl card (ixl0 at pci1 dev 0 function 0 "Intel X710 SFP+" rev 
>> 0x02: port 3, FW 6.0.48442 API 1.7, msix, 4 queues) on OpenBSD that doesn't 
>> seem to be seeing any of my SFP+ modules.
>> 
>> 
>> The modules are all MSA coded and from different manufacturers.
>> 
>> 
>> ifconfig ixl shows "status: no carrier" (but light is confirmed as existing 
>> both ways and all patching has been triple checked).
>> 
>> Additionally "ifconfig ixl transciever" reports "ifconfig: transciever: bad 
>> value" whilst I believe this should be showing transceiver stats ?
>> 
>> 
>> Am I missing something here ?
>> 
>

Re: Hardware RAID on Poweredge Servers

[deich...@placebonol.com]

On March 30, 2023 10:36:01 PM MDT, Kenneth Gober  wrote:
>On Thu, Mar 30, 2023 at 12:37 PM Kihaguru Gathura 
>wrote:
>
SNIP 
>
>In general I prefer hardware RAID because it's more likely you'll be able
>to easily boot your
>system if the array is running in a degraded state due to a drive failure
>(perhaps you might
>need to press F1 or something to continue).  With softraid, you might need
>to type special
>commands at the console to force booting or mounting a volume with a failed
>drive in it.
>This may be a problem if you are in a rush to bring the system back up and
>don't have a
>convenient way to look up the necessary commands.
>
>-ken

Hardware RAID is fine, but you need to make sure the system is configured to 
send notification when a RAID drive goes to a degraded state.  I can't tell you 
how many times I've been asked to assist with a system to find more than one 
drive failed.  What would seem to be common sense is often not done.

73
diana
KI5PGJ 

Re: Mail from the command line

[deich...@placebonol.com]

Also take a look at s-nail, it is not an email application, but a very useful 
utility.

73
diana 

On February 17, 2023 9:13:15 AM MST, Andrew Mitchell  wrote:
>Thanks, I'll check it out.
>Andrew
>
>Le ven. 17 févr. 2023 à 15:14, Rodrigo Readi  a écrit :
>
>> 2023-02-16 13:42 GMT, Andrew :
>> > Thanks Crystal for your reply and encouragement,
>> > I'll explore all your suggestions and references when I have enough time.
>>
>> If you do not have tine, better install and use alpine.
>>
>> You can read mail from a provider with imap without having to download
>> the attachements.
>> Mutt is not able to do that.
>>
>> And alpine is easier to configure, it works with gmail's xoauth2,
>> displays html-mail.
>>
>> I like BSD mail program, but unfortunately it is not always (easily)
>> usable due to the
>> modern requirements (html-mail, attachements).
>>
>> Rod.
>>

Re: Is nVidia ION 2 compatible with Openbsd 7.2?

[deich...@placebonol.com]

dmesg?

On January 27, 2023 10:27:33 AM MST, Nandor Vatai  wrote:
>Hi Guys
>
>Recently installed Openbsd the first time
>Have trouble to make my Xorg work with a decent speed.
>The machine has nVidia ION 2 graphics card which has a GT218 GPU.
>According to the Openbsd website it should work.
>Could someone point to me to the right direction please what steps need to be 
>done to make it work?
>All information regards to intel amd and ati cards.

Re: Stretch/L2VPN between two datacenters

[deich...@placebonol.com]

I've run L2 over an IPsec tunnel using egre (gre(4)) and bridge (bridge (4)) to 
connect systems in different locations together.

This was done before David Gwynne created tpmr(4).  I've been to lazy to 
reimplement my current configuration.

73
diana

Re: Questions about the code commit review process

[deich...@placebonol.com]

You should read tech@ mailing list archive to see many code reviews 

On October 29, 2022 4:28:08 PM MDT, i...@tutanota.com wrote:
>Hi,
>
>What is the code commit review process in OpenBSD? A developer with commit 
>access, does his code get reviewed by other developers before a release, and 
>if so, is that an internal requirement?
>
>Thanks.
>
>Kind regards.
>

Re: Getting archived mailing list mail with majordomo

[deich...@placebonol.com]

FWIW, I'm pretty sure MARC info has archives because I requested them years ago 
from my old email, deich...@wrench.com.

73
diana 

On June 24, 2022 10:43:56 AM MDT, Isaac Meerwarth  
wrote:
>On 6/24/22 12:31, Todd C. Miller wrote:
>> On Fri, 24 Jun 2022 12:18:46 -0400, Isaac Meerwarth wrote:
>> 
>>> I've been trying to retrieve archived mailing list mail.  I tried
>>> sending "archive-get misc 101001" to majord...@openbsd.org but my
>>> request is denied.
>>> 
>>> I haven't found any remedies google-dorking marc.info.  Ideally, I'd
>>> like to download a full archive of misc and ports.  Any ideas or solutions?
>> This is disabled in majordomo because it doesn't act the way people
>> expect.  What that would do is to cause majordomo to re-send all
>> the archived messages to you, one by one.  That can quickly overwhelm
>> the destination and get the mail server banned as a spam source.
>Is there an official repository for browsing mailing list archives? marc.info 
>seems reputable but unofficial.
>> Unfortunately, there isn't currently a way to download the
>> archives in mailbox format, which is probably what you want.
>Luckily, I am young and can build a nice repository myself!
>
>I'll be sitting pretty in 5 years :)
>
>
>Thank you for your timely response,
>
>Isaac
>

Re: deep packet inspection over no TLS/SSL traffic

[deich...@placebonol.com]

On May 9, 2022 2:16:51 AM MDT, Stuart Henderson  
wrote:
>
SNIP
> (anyway, by the time you have used DPI
>to detect the protocol, it is too late to make a decision on packet
>routing).
SNIP

Well, not necessarily true, imagine GCHQ ...
Just saying

Hope you are doing well,
diana

Re: Auto layout for disk partitions - a new user's perspective

[deich...@placebonol.com]

As a long time OpenBSD user I install from packages but also build from ports.  
There is a usage case for both, but realize building packages is not a 
"standard" system.  

Twenty years ago building packages from ports was the norm, but not today.  

73

diana 

On April 18, 2022 9:35:27 AM MDT, Thomas Frohwein  
wrote:
>
>
>I think it might be worth repeating that packages are the recommended
>way to use third-party software. And that's also a great justification
>why there is no /usr/ports partition on a default install.
>
>Unless you are doing ports development work, you shouldn't need the
>ports tree. 

Re: no serial access anymore after upgrade

[deich...@placebonol.com]

Do you have dmesg output prior to upgrade?  I see 2 serial ports in the 7.0 
dmesg.



On February 22, 2022 6:21:00 AM MST, Thomas  wrote:
>Hello,
>
>I have a bunch of firewall and router devices with serial ports only. No vga 
>ports at all. After upgrading two of the devices to 7.0 I lose access to the 
>console after the boot process has finished. Last thing that is printed on the 
>screen is the date. Normally the log-in prompt is showing up after that. After 
>boot I'm now not able to access the server via serial console at all anymore.
>
>Has anyone made the same experience after upgrading?
>
>Thanks and have a nice day,
>Thomas
>
>
>/etc/boot.conf
>stty com0
>set tty com0
>
>
>dmesg:
>
>OpenBSD 7.0 (GENERIC.MP) #5: Mon Jan 31 09:09:02 MST 2022
>
>r...@syspatch-70-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>real mem = 17083424768 (16292MB)
>avail mem = 16549654528 (15782MB)
>random: good seed from bootblocks
>mpath0 at root
>scsibus0 at mpath0: 256 targets
>mainbus0 at root
>bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xec150 (77 entries)
>bios0: vendor American Megatrends Inc. version "4.6.5" date 01/23/2017
>bios0: INTEL Corporation DENLOW_WS
>acpi0 at bios0: ACPI 5.0
>acpi0: sleep states S0 S1 S5
>acpi0: tables DSDT FACP APIC FPDT SSDT MCFG HPET SSDT SSDT DMAR
>acpi0: wakeup devices RP01(S1) PXSX(S1) RP02(S1) PXSX(S1) RP03(S1) PXSX(S1) 
>RP04(S1) PXSX(S1) RP05(S1) PXSX(S1) RP06(S1) PXSX(S1) RP07(S1) PXSX(S1) 
>RP08(S1) PXSX(S1) [...]
>acpitimer0 at acpi0: 3579545 Hz, 24 bits
>acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
>cpu0 at mainbus0: apid 0 (boot processor)
>cpu0: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz, 3400.44 MHz, 06-3c-03
>cpu0: 
>FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
>cpu0: 256KB 64b/line 8-way L2 cache
>cpu0: smt 0, core 0, package 0
>mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
>cpu0: apic clock running at 99MHz
>cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4, IBE
>cpu1 at mainbus0: apid 2 (application processor)
>cpu1: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz, 3400.00 MHz, 06-3c-03
>cpu1: 
>FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
>cpu1: 256KB 64b/line 8-way L2 cache
>cpu1: smt 0, core 1, package 0
>cpu2 at mainbus0: apid 4 (application processor)
>cpu2: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz, 3400.00 MHz, 06-3c-03
>cpu2: 
>FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
>cpu2: 256KB 64b/line 8-way L2 cache
>cpu2: smt 0, core 2, package 0
>cpu3 at mainbus0: apid 6 (application processor)
>cpu3: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz, 3400.01 MHz, 06-3c-03
>cpu3: 
>FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
>cpu3: 256KB 64b/line 8-way L2 cache
>cpu3: smt 0, core 3, package 0
>cpu4 at mainbus0: apid 1 (application processor)
>cpu4: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz, 3400.00 MHz, 06-3c-03
>cpu4: 
>FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
>cpu4: 256KB 64b/line 8-way L2 cache
>cpu4: smt 1, core 0, package 0
>cpu5 at mainbus0: apid 3 (application processor)
>cpu5: Intel(R) 

Re: Passage about licensing from OpenBSD documentation

[deich...@placebonol.com]

Paul

Yep, that is definitely the authorative source.

I've been using archive.org for a couple decades that I forget openbsd.org 
website uses CVS.

73

On February 8, 2022 9:11:56 AM MST, Paul de Weerd  wrote:
>On Tue, Feb 08, 2022 at 08:54:08AM -0700, deich...@placebonol.com wrote:
>| Try archive.org for older versions of openbsd.org.
>
>Or just the CVS repository.  The openbsd.org website is under revision
>control, there's 26 years of history available over at 
>
>   http://cvsweb.openbsd.org/www/
>
>You may specifically be interested in the history of the goals and
>policy pages that were mentioned in this thread:
>
>   http://cvsweb.openbsd.org/www/goals.html
>   http://cvsweb.openbsd.org/www/policy.html
>
>Cheers,
>
>Paul
>
>-- 
>>[<++>-]<+++.>+++[<-->-]<.>+++[<+
>+++>-]<.>++[<>-]<+.--.[-]
> http://www.weirdnet.nl/ 
>

Re: Passage about licensing from OpenBSD documentation

[deich...@placebonol.com]

Try archive.org for older versions of openbsd.org.

On February 8, 2022 8:39:46 AM MST, Ibsen S Ripsbusker 
 wrote:
>On Tue, Feb 8, 2022, at 15:25, Nick Holland wrote:
>> Probably be one of these two pages, I think:
>>
>> https://www.openbsd.org/goals.html
>> https://www.openbsd.org/policy.html
>>
>> I call it the "Microsoft Question": which do you fear more?
>> 1) That MS uses your code and profits from your work
>> --> you might want to consider the GPL license
>>
>> 2) That MS DOESN'T use your code and reinvents it badly
>> --> You might want to use an ISC/BSD license.
>>
>> The OpenBSD project would greatly prefer that their code be
>> reused, rather than re-invented poorly.
>
>Dear Nick,
>
>It is precisely this topic, but I think the passage that I read before
>was even better. I appreciated the passage of interest for its
>arrogance, similar to your phrasing of the Microsoft Question
>but more blunt.
>
>The passage was maybe a paragraph long, and I think it was
>an interjection to some other topic rather than its own webpage.
>
>It could be that the recent goals and policy documents were
>adapted from the earlier phrasing, perhaps to cater to people
>who don't share my appreciation of arrogance.
>
>With appreciation,
>Ibsen
>

Re: What password manager do you recommend?

[deich...@placebonol.com]

FWIW https://openports.pl/ is a better ports site, run by Solene ( 
https://openbsd.amsterdam/runs.html )

On January 8, 2022 8:35:55 AM MST, Willy Gonnason  wrote:
>I’ve used keepassxc, or earlier variants of it, for over a decade and a half 
>and Ive been happy with it.  Keepassxc is gui based software.  There’s more 
>info available on the project page: (https://keepassxc.org/project/ 
>).  You might find a command line version more 
>to your liking.  Various implementations for different platforms are 
>documented at (https://pwsafe.org/relatedprojects.html 
>)
>
>Keepassxc is open source and cross platform.  Variants that can read the 
>encrypted database exist for all the platforms I still have to deal with: 
>Linux, MacOS, phones, and Windows.  It's based on the password safe code 
>originally written by Bruce Schneier. 
>
>It’s available from ports (openports.se )
>
>Regards,
>Willy Gonnason
>
>> 
>> Date: Fri, 7 Jan 2022 14:53:33 -0500
>> From: fo...@dnmx.org
>> To: misc@openbsd.org
>> Subject: What password manager do you recommend?
>> Message-ID: 
>> 
>> 
>> Hello. I hope this these types of questions are okay for an mailing list..
>> I completely understand if they are not..
>> 
>> There's password-store, but it does need some shitty dependencies..
>> Then there's opm, but since it doesn't seem to be popular fuck-knows-who
>> if it's secure(ish)..
>> 
>> If I were to use password-store, I'd have dmenu pipe in the query, then
>> just pipe the password to `xclip -i -selection clipboard` which is a
>> decent setup I guess..
>

Re: IPv6 autoconf with static IID?

[deich...@placebonol.com]

I'm still interested in why you are concerned about "leaking" the MAC address?  
Changing the MAC with laddr will still leak the MAC but now it will be the one 
you created.

If you do decide to change the MAC to a long defunct NIC manufacturer.  That is 
what I do for fun.  Some of my 10G interfaces use Western Digital OUI, from 
10base-2 era.

G.day
diana
KI5PGJ

On December 28, 2021 6:05:54 AM MST, Mike Fischer  
wrote:
>
>> Am 28.12.2021 um 13:09 schrieb Paul de Weerd :
>> 
>> On Tue, Dec 28, 2021 at 12:35:07PM +0100, Mike Fischer wrote:
>> | So I guess the only way to get a stable IID with dynamic prefixes is
>> | to use the eui64 method? (Which is based on the MAC-address and
>> | leaks information.)
>> 
>> What information leak are you afraid of?  Someone else knowing the
>> MAC-address of your system?  You can fix that by changing the MAC
>> address of your interface (see the lladdr option in the ifconfig(8)
>> manpage at http://man.openbsd.org/ifconfig#lladdr for details)
>
>Interesting! I hadn’t thought of that.
>
SNIP
>
>My thoughts exactly.
>
>
>Thanks for your input!
>
>Mike
>

Re: Installation partitioning: core dump and /var size

[deich...@placebonol.com]

Twice the size of physical memory is norm for swap partition

On November 5, 2021 3:15:13 AM MDT, u...@mailo.com wrote:
>Also asked on:
>https://unix.stackexchange.com/questions/676245/openbsd-core-dump-and-var-size
>
>I'm trying to figure out my partitioning which leads to
>https://man.openbsd.org/disklabel#AUTOMATIC_DISK_ALLOCATION
>which says:
>
>"/var13% of disk.   80M – 2x size of crash dump"
>
>But how do I know the size of crash dump?
>I can't find it neither in OpenBSD's installation guide, nor in
>https://man.openbsd.org/savecore.8
>nor in the internet at large.
>
>The only clue I've found is in
>http://man.openbsd.org/man8/crash.8
>"the system dumps the contents of physical memory
>onto a mass storage peripheral device"
>
>"physical memory".
>So do rules of estimating swap partition size apply here as well?
>
>May I ask for some actual numbers/functions/tables?
>Perhaps similar to the table in
>https://askubuntu.com/a/49138
>answer on swap size:
>
>Amount of RAMSwap space  Swap space 
>in the systemif allowing for hibernation
>--   --  ---
>≤ 2 GB   2x RAM  3x RAM
>> 2 GB – 8 GB= RAM   2x RAM
>> 8 GB – 64 GB   ≥ 4 GB  1.5x RAM
>> 64 GB  ≥ 4 GB  Hibernation not recommended
>
>I am an ordinary user who is not going to test OpenBSD for crashiness
>but to just run it the more stable the better
>but for the possibility of a crash be able to report it.
>
>

Re: rdr-to across wg tunnel

[deich...@placebonol.com]

Did you enable forwarding?

On July 25, 2021 10:22:58 PM MDT, Vincent Lee  wrote:
>Hi all, I'm running into some trouble trying to configure a
>network. I'll try to keep it concise:
>
>Background:
>
>1. I have an OpenBSD Vultr VPS. It serves various odds and ends on
>external IP address $foo, and runs 6.9 + syspatches.
>
>2. I have a second Linux machine located on a residential network with
>unstable external IP. I'd like to avoid dynamic DNS services, having to
>configure port-forwarding, etc.
>
>3. The two machines are linked by a confirmed-working Wireguard
>tunnel. The VPS has address 10.0.0.1 and the Linux machine has address
>10.0.0.2 in the tunnel.
>
>Objective:
>
>1. I want to expose a stable, routable IP address for the Linux machine,
>regardless of the state of the residential network, by proxying through
>my VPS.
>
>2. This address should be logically distinct from the existing address
>for the VPS, as there is an overlap in the services each will
>serve. (e.g. I could plausibly serve one website from the VPS and a
>separate one from the Linux machine.)
>
>What I've tried:
>
>1. I've requested a second IP address $bar for my VPS and added it as an
>inet alias address in hostname.if. With only this configuration, pinging
>address $bar (which routes to the VPS) works.
>
>2. Next, I tried adding a pf redirect on the VPS: pass in from any to
>$bar rdr-to 10.0.0.2
>
>3. I tried pinging and ssh-ing to address $bar after adding this rule
>and reloading pf rules, but traffic don't seem to be getting to the
>Linux box.
>
>4. I tried also a binat rule: pass on egress from 10.0.0.2 to any
>binat-to $bar with the same result.
>
>Any obvious problems, and is there an easier way to achieve my
>objective?
>