Re: need help to access my machine after upgrade -- system immediately logs me out
Cool. That worked. Also my system is back up and running. Turns out the i3
libraries installed had become incompatible with the rest of the system.
Simply deleted those and glib2 packages and reinstalled everything. Works
well now. Thanks for all the help :).
Cheers
Sandeep
On Wed, Apr 3, 2024 at 12:51 AM Otto Moerbeek wrote:
> On Wed, Apr 03, 2024 at 12:45:33AM +0530, Sandeep Gupta wrote:
>
> > Thank you for all the inputs. This is so useful. I am able to at least
> > access the file system and rescue the data.
> > However, I'm not able to restore the system yet. The command "pkg_add
> -u"
> > runs into "out of memory error".
> > ulimit -a shows decent memory:
> > memory(kbytes) 11872836.
>
> you want to increase the data limit, ulimit -d
>
> -Otto
>
> >
> > On Tue, Apr 2, 2024 at 5:04 PM Stuart Henderson <
> stu.li...@spacehopper.org>
> > wrote:
> >
> > > On 2024-04-01, Sandeep Gupta wrote:
> > > >
> > > > However when i tried to log from the console -- the login message
> shows
> > > but
> > > > the system logs me out immediately.
> > > > On the desktop gui too, with only root I was able to login. But
> running
> > > > xterm from the fvwm menu fails.
> > > > I am a bit clueless as to how to gain access to the system.
> > >
> > > Try this:
> > >
> > > Boot into single-user mode ("boot -s" at the boot loader prompt)
> > > fsck -p
> > > mount -a -t nonfs
> > >
> > > Hopefully that will get you access to the system. You can try looking
> at
> > > system logs to see if that gives any clues about the problem. TERM
> won't
> > > be set so you may want to use e.g. "TERM=xterm less /var/log/messages"
> > > etc. $HOME/.xsession-errors might give some clues too.
> > >
> > > If you think that updating packages might help then 'sh /etc/netstart'
> > > to get working net and proceed with pkg_add -u as usual.
> > >
> > >
> > >
>
Re: need help to access my machine after upgrade -- system immediately logs me out
On Wed, Apr 03, 2024 at 12:45:33AM +0530, Sandeep Gupta wrote:
> Thank you for all the inputs. This is so useful. I am able to at least
> access the file system and rescue the data.
> However, I'm not able to restore the system yet. The command "pkg_add -u"
> runs into "out of memory error".
> ulimit -a shows decent memory:
> memory(kbytes) 11872836.
you want to increase the data limit, ulimit -d
-Otto
>
> On Tue, Apr 2, 2024 at 5:04 PM Stuart Henderson
> wrote:
>
> > On 2024-04-01, Sandeep Gupta wrote:
> > >
> > > However when i tried to log from the console -- the login message shows
> > but
> > > the system logs me out immediately.
> > > On the desktop gui too, with only root I was able to login. But running
> > > xterm from the fvwm menu fails.
> > > I am a bit clueless as to how to gain access to the system.
> >
> > Try this:
> >
> > Boot into single-user mode ("boot -s" at the boot loader prompt)
> > fsck -p
> > mount -a -t nonfs
> >
> > Hopefully that will get you access to the system. You can try looking at
> > system logs to see if that gives any clues about the problem. TERM won't
> > be set so you may want to use e.g. "TERM=xterm less /var/log/messages"
> > etc. $HOME/.xsession-errors might give some clues too.
> >
> > If you think that updating packages might help then 'sh /etc/netstart'
> > to get working net and proceed with pkg_add -u as usual.
> >
> >
> >
Re: need help to access my machine after upgrade -- system immediately logs me out
For disclousre, I was able to access the shell/file system via Boot into
single-user mode ("boot -s" at the boot loader prompt) -- followed by
fsck -p
mount -a -t bonds as mentioned in earlier replies.
Thank you.
On Wed, Apr 3, 2024 at 12:45 AM Sandeep Gupta
wrote:
> Thank you for all the inputs. This is so useful. I am able to at least
> access the file system and rescue the data.
> However, I'm not able to restore the system yet. The command "pkg_add -u"
> runs into "out of memory error".
> ulimit -a shows decent memory:
> memory(kbytes) 11872836.
>
> On Tue, Apr 2, 2024 at 5:04 PM Stuart Henderson
> wrote:
>
>> On 2024-04-01, Sandeep Gupta wrote:
>> >
>> > However when i tried to log from the console -- the login message shows
>> but
>> > the system logs me out immediately.
>> > On the desktop gui too, with only root I was able to login. But running
>> > xterm from the fvwm menu fails.
>> > I am a bit clueless as to how to gain access to the system.
>>
>> Try this:
>>
>> Boot into single-user mode ("boot -s" at the boot loader prompt)
>> fsck -p
>> mount -a -t nonfs
>>
>> Hopefully that will get you access to the system. You can try looking at
>> system logs to see if that gives any clues about the problem. TERM won't
>> be set so you may want to use e.g. "TERM=xterm less /var/log/messages"
>> etc. $HOME/.xsession-errors might give some clues too.
>>
>> If you think that updating packages might help then 'sh /etc/netstart'
>> to get working net and proceed with pkg_add -u as usual.
>>
>>
>>
Re: need help to access my machine after upgrade -- system immediately logs me out
Thank you for all the inputs. This is so useful. I am able to at least
access the file system and rescue the data.
However, I'm not able to restore the system yet. The command "pkg_add -u"
runs into "out of memory error".
ulimit -a shows decent memory:
memory(kbytes) 11872836.
On Tue, Apr 2, 2024 at 5:04 PM Stuart Henderson
wrote:
> On 2024-04-01, Sandeep Gupta wrote:
> >
> > However when i tried to log from the console -- the login message shows
> but
> > the system logs me out immediately.
> > On the desktop gui too, with only root I was able to login. But running
> > xterm from the fvwm menu fails.
> > I am a bit clueless as to how to gain access to the system.
>
> Try this:
>
> Boot into single-user mode ("boot -s" at the boot loader prompt)
> fsck -p
> mount -a -t nonfs
>
> Hopefully that will get you access to the system. You can try looking at
> system logs to see if that gives any clues about the problem. TERM won't
> be set so you may want to use e.g. "TERM=xterm less /var/log/messages"
> etc. $HOME/.xsession-errors might give some clues too.
>
> If you think that updating packages might help then 'sh /etc/netstart'
> to get working net and proceed with pkg_add -u as usual.
>
>
>
Re: need help to access my machine after upgrade -- system immediately logs me out
Stuart Henderson : > > Running out of space (especially in /usr) during sysupgrade might > do it too. When in single mode I reccomend to check also the root for /dev content, 90% of times I run out of space happens there to me, anyway I'm not sure about the connection with xterm and sysupgrade. -Dan
Re: need help to access my machine after upgrade -- system immediately logs me out
On 2024-04-01, Peter N. M. Hansteen wrote: > > This sounds very much like a situation where the base system and packages > are out seriously of sync AND your user is et up with a default shell from > packages (I am guessing bash). Running out of space (especially in /usr) during sysupgrade might do it too. Or a bad sysmerge run for something like /etc/login.conf. Plenty of possibilities :-)
Re: need help to access my machine after upgrade -- system immediately logs me out
On 2024-04-01, Sandeep Gupta wrote:
>
> However when i tried to log from the console -- the login message shows but
> the system logs me out immediately.
> On the desktop gui too, with only root I was able to login. But running
> xterm from the fvwm menu fails.
> I am a bit clueless as to how to gain access to the system.
Try this:
Boot into single-user mode ("boot -s" at the boot loader prompt)
fsck -p
mount -a -t nonfs
Hopefully that will get you access to the system. You can try looking at
system logs to see if that gives any clues about the problem. TERM won't
be set so you may want to use e.g. "TERM=xterm less /var/log/messages"
etc. $HOME/.xsession-errors might give some clues too.
If you think that updating packages might help then 'sh /etc/netstart'
to get working net and proceed with pkg_add -u as usual.
Re: need help to access my machine after upgrade -- system immediately logs me out
If you have Xenocara installed, then I assume you can use xedit to modify files on the system. I don't know twm, but it is probably possible to create a new entry in its menu, through which you could run "xterm -e /bin/sh" to override the default shell. If this is not possible using twm, then switch to cwm, which definetely lets do this. Regards, --ext Sandeep Gupta írta 2024. ápr.. 2, K-n 11:29 órakor: > Very likely that would be issue. The problem is that I am not able to > access a shell for root or the regular user. > On the console, I get logged out immediately. On GUI, fvwm, the root is > able to login. I can launch top and other utilities. > But I am not able to launch xterm. I guess I would have to boot using > external usb, mount the disk and repair it. > > On Tue, Apr 2, 2024 at 1:57 AM Peter N. M. Hansteen wrote: >> On Tue, Apr 02, 2024 at 12:44:01AM +0530, Sandeep Gupta wrote: >> > Hello, >> > >> > I need to access my desktop local machine after I did a sysupgrade -s (I >> > had reasons to do so because some rust libraries were too old for some >> > applications). >> > Sysupgrade seems to have gone fine. Disk is healthy no issues reported. >> > >> > However when i tried to log from the console -- the login message shows but >> > the system logs me out immediately. >> > On the desktop gui too, with only root I was able to login. But running >> > xterm from the fvwm menu fails. >> >> This sounds very much like a situation where the base system and packages >> are out seriously of sync AND your user is et up with a default shell from >> packages (I am guessing bash). >> >> The solution would likely be to log in as root, run pkg_add -D snap -u >> to get the latest snapshot packages, then try to log in as your regular user. >> >> >> -- >> Peter N. M. Hansteen, member of the first RFC 1149 implementation team >> https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ >> "Remember to set the evil bit on all malicious network traffic" >> delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. >> -- --Z--
Re: need help to access my machine after upgrade -- system immediately logs me out
Very likely that would be issue. The problem is that I am not able to access a shell for root or the regular user. On the console, I get logged out immediately. On GUI, fvwm, the root is able to login. I can launch top and other utilities. But I am not able to launch xterm. I guess I would have to boot using external usb, mount the disk and repair it. On Tue, Apr 2, 2024 at 1:57 AM Peter N. M. Hansteen wrote: > On Tue, Apr 02, 2024 at 12:44:01AM +0530, Sandeep Gupta wrote: > > Hello, > > > > I need to access my desktop local machine after I did a sysupgrade -s (I > > had reasons to do so because some rust libraries were too old for some > > applications). > > Sysupgrade seems to have gone fine. Disk is healthy no issues reported. > > > > However when i tried to log from the console -- the login message shows > but > > the system logs me out immediately. > > On the desktop gui too, with only root I was able to login. But running > > xterm from the fvwm menu fails. > > This sounds very much like a situation where the base system and packages > are out seriously of sync AND your user is et up with a default shell from > packages (I am guessing bash). > > The solution would likely be to log in as root, run pkg_add -D snap -u > to get the latest snapshot packages, then try to log in as your regular > user. > > > -- > Peter N. M. Hansteen, member of the first RFC 1149 implementation team > https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ > "Remember to set the evil bit on all malicious network traffic" > delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. > >
Re: need help to access my machine after upgrade -- system immediately logs me out
2024-04-01T19:17:31Z Sandeep Gupta : > Hello, > > I need to access my desktop local machine after I did a sysupgrade -s (I had > reasons to do so because some rust libraries were too old for some > applications). > Sysupgrade seems to have gone fine. Disk is healthy no issues reported. > > However when i tried to log from the console -- the login message shows but > the system logs me out immediately. > On the desktop gui too, with only root I was able to login. But running xterm > from the fvwm menu fails. > I am a bit clueless as to how to gain access to the system. > Some help would be great. > -S (didn't reply to list so here it goes again) Could it be that something on your .xsession is failing and thereby terminating the X session early (before being able to start fvwm)?
Re: need help to access my machine after upgrade -- system immediately logs me out
On Tue, Apr 02, 2024 at 12:44:01AM +0530, Sandeep Gupta wrote: > Hello, > > I need to access my desktop local machine after I did a sysupgrade -s (I > had reasons to do so because some rust libraries were too old for some > applications). > Sysupgrade seems to have gone fine. Disk is healthy no issues reported. > > However when i tried to log from the console -- the login message shows but > the system logs me out immediately. > On the desktop gui too, with only root I was able to login. But running > xterm from the fvwm menu fails. This sounds very much like a situation where the base system and packages are out seriously of sync AND your user is et up with a default shell from packages (I am guessing bash). The solution would likely be to log in as root, run pkg_add -D snap -u to get the latest snapshot packages, then try to log in as your regular user. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
need help to access my machine after upgrade -- system immediately logs me out
Hello, I need to access my desktop local machine after I did a sysupgrade -s (I had reasons to do so because some rust libraries were too old for some applications). Sysupgrade seems to have gone fine. Disk is healthy no issues reported. However when i tried to log from the console -- the login message shows but the system logs me out immediately. On the desktop gui too, with only root I was able to login. But running xterm from the fvwm menu fails. I am a bit clueless as to how to gain access to the system. Some help would be great. -S
Re: I can't get contributors for my C project. Can you help?
Dear Jan: I'll do as I wish; and if you want to stop me you'll have to
physically kill me.
Do you understand, woman?
And if you want to be in a fight or contest with me, of some kind; either legal
or otherwise.:
that can be arranged I suppose.
Do you understand, woman?
I'll make sure I post this to misc@openbsd.org
And I will remember that you did not assist my opensource project in realizing
Unreal map format loading;
and that you wish for my project to not even be-able to ask for fellow C
programmers help.
Do you understand, woman.
This is a direct warning aimed at your person.
Woman.
I will be glad when your civilization is erased.
Along with it's millions of police and white men that enforce your rights
(derived from the New Testament, and
the newer parts of the old testament; in contrivance to the original parts of
the law of the God: which you,
a woman, the first mentioned parts support, and the latter mentioned law;
revile)
---
If there is anyone that wishes to reject the New Testament pro-women's rights
belief system that Jan epitomizes,
("castrate yourself for heaven" --matthew 19 greek, "no male nor female",
"don't stone women", "better a millstone" (drown anyone that likes young
girls), "turn the other cheek", "obey all earthly rulers")
and further reject the newer-parts-of-the-old-testament writings (some of which
were "discovered" in the 1500s; including
one where a woman "saves" various people from Iran, for some reason)
And instead do the much disliked work of C programming, while, perhaps, being
infavor of the original laws of the Old Testament
(marrying little girls is fine (padia, na'ar*, puella) (including in cases of
rape (tahphas**)) Devarim 22, verse 28, (hebrew, greek, latin).
(*"moses was a crying na'ar" (exodus) when pharo's darughter pulled him from
the river: yes white people: na'ar means child)
(**to take: as to take a city)
(kill adulterous women) (Devarim)
(man is the ba'al (master, ruler) of the woman) (Devarim)
(if anyone entices you to follow another Power: kill them) (Devarim)
(no euniches in the assembly of the ruler) (Devarim)
[Above are the laws and beliefs that white people, chirstians, and good people
reject.]
[Just as they have come to reject programming in C.]
[Beliefs that Jan, as a woman, opposes aswell]
[Just as the pre-hellenistic world in greece held men in slavery; ruled over by
women;]
[Today men are held in bondage; mental and otherwise; by the 2 million police
women can call at a moments notice.]
[Men have lost all the rights they gained in the past; they have subsumed
themselves to a trans-demi-god (New Testament)]
[And have reread all earlier works in light of that.]
Then please explore this link which has the source code and all supporting
source code that has been discovered, regarding Unreal map loading:
sf.net/p/chaosesqueanthology/tickets/2/
TLDR: I'm glad the taliban won; because they marry little girls; just as YHWH's
law allows.
Please help opensource game with UNREAL map loading.
And if you don't because you oppose child brides: then I will remember you as
an enemy.
I hope western civilization falls and all your daughers are married before
menarche (first blood) as true virgins (rabbinical)
On Saturday, December 16, 2023 at 02:20:48 PM EST, Jan Stary
wrote:
Don't post this crap to misc@openbsd.org
On Dec 16 18:00:35, chaosesquet...@yahoo.com wrote:
> I wish I could accept your offer.
> I don't have any money though, at all.
> If I had any I would be glad for your offer and accept.
> But I never got into the bitcoin stuff, even when it just started and was
> being advertised on slashdot.
>
> If I had money I would definitely accept however.
> I just don't.
>
> I dream to get this opensource engine working with the unreal map format.
>
>
>
> On Saturday, December 16, 2023 at 10:40:30 AM EST,
> wrote:
>
>
>
>
>
> Hello. I'm intersted in your task. I'm quite comfortable with C in
> general and currently working on graphics related things. I could
> give you a hand for a fair fee. Would you be interested in that?
>
>
Re: I can't get contributors for my C project. Can you help?
I wish I could accept your offer. I don't have any money though, at all. If I had any I would be glad for your offer and accept. But I never got into the bitcoin stuff, even when it just started and was being advertised on slashdot. If I had money I would definitely accept however. I just don't. I dream to get this opensource engine working with the unreal map format. On Saturday, December 16, 2023 at 10:40:30 AM EST, wrote: Hello. I'm intersted in your task. I'm quite comfortable with C in general and currently working on graphics related things. I could give you a hand for a fair fee. Would you be interested in that?
Re: I can't get contributors for my C project. Can you help?
Thanks. I don't know either. The engine is a pure C project (nothing else, engine wise). So I need to talk to (fellow) C programmers. Its main area of interest is old 3d file formats from the golden age of 3d shooters. That limits where one can discuss since no one seems to like C anymore. On Saturday, December 16, 2023 at 11:40:52 AM EST, Peter N. M. Hansteen wrote: On Sat, Dec 16, 2023 at 02:18:48PM +, chaosesquet...@yahoo.com wrote: > Why won't anyone help my free software project? > I simply want help with the unreal map format. > https://sourceforge.net/p/chaosesqueanthology/tickets/2/ If you are not getting any response, you are most likely not addressing the right forums or individuals. Then again, I have no idea what would be the proper forum(s) for this. All the best, Peter (who you reached via openbsd-misc) -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: I can't get contributors for my C project. Can you help?
Why won't anyone help my free software project? I simply want help with the unreal map format. https://sourceforge.net/p/chaosesqueanthology/tickets/2/
Re: I can't get contributors for my C project. Can you help?
Bruce Perens; Thank's for responding. I mean that. No one else ever does :( *Message Main Body: Where am I supposed to send it? Every opensource forum I go to is basically shut down now: even slashdot (they don't even allow new registrations). No one seems to use C anymore: even though it's not /that/ much harder than any of the new programming languages: you just got to say where you want to store your data. Everyone is afraid of that now for some reason. I've found C to be very similar to PERL, and QuakeC, it's just easy to use as one or the other. And C is alot faster. I don't know why people trash it. So I send it to the few C programs I know still are kicking. I really don't have any other solution for communication: everywhere else is a complete ghost town. Things changed alot in these last 10 years. I remeber when all one had to do was post in any random article on slashdot, in the comments section, and one would have like 12 people the next day interested in the opensource project. Now everything's shuttered, silo'd, and dead :( And I don't want to attempt to communicate on ... X? a walled garden and a firehose put together. *Message Addendum: --- *Long story short; *We want the unreal map file types. *sf.net/p/chaosesqueanthology /tickets/2/ *.t3d and .unr file formats t3d format is nice; but requires more math grinding. .unr format is ... less nice... but requires less math (ie format more complex; but less processing is required) On Sunday, October 8, 2023 at 08:25:38 PM EDT, Bruce Perens wrote: Mikey, This is why nobody wants to help you. On Sat, Oct 7, 2023 at 7:29 AM chaosesquet...@yahoo.com wrote: > Bagas; > There is no other place that C projects are talked about. In the past I could > get help and contributors just asking; now you are all silo'd in your own > little worlds and seethe with extreme anger or some castrated-drug-stupor in > "irony" and smugness against anyone that asks for some contributors. Every > single place bans anyone that asks for contributors to free-software projects. > > You feel you are superior because you "did code" 10 years ago and "support > trans rights". > When asked to even allow a message to be seen that asks for contributors, in > this case a file format, to a fellow C project: you seethe or pretend you are > superior. > As if I didn't know where I was sending the message? > I sent it to: RMS, ESR, Bruce Perens, redhat, OpenBSD, NetBSD, and Line-Unix. > All C projects. Just like this engine. > I'm just asking for contributors. Not promoting "outrecehery" (some feminist > BS), Not "master vs main", not "noo can't call things whitelist/blacklist", > and not Codes Of Conducts for free contributors. I'm just asking for C > programming help for 3d file formats I'd like to add to this free-software > project. > > sourceforge.net/p/chaosesqueanthology/tickets/2/ > > > > > > > > On Saturday, October 7, 2023 at 04:56:51 AM EDT, Bagas Sanjaya > wrote: > > > > > > On Fri, Oct 06, 2023 at 07:18:20PM +, chaosesquet...@yahoo.com wrote: >> Dear RMS; >> >> I've read that you are both a lisp and C developer. I cannot get any >> contributors for the longstanding C 3d engine I work on as part of my >> fully-free-software (including media) 3d game/architecture project. I've >> been working on it alone for 10 years but now have branched into supporting >> more 3d file types and can't do that alone. >> >> I've gone to "opensource" forums and gotten banned every single time for >> asking for help. Every single time. The message gets deleted. This is >> extremely difficult: it's not like 20 years ago when communication was free. >> Obvs the "opensource" community is no longer interested in any collaboration >> or development. >> >> The reason I wanted to find more contributors, is that I recently (last 2 >> years) programmed more file format support myself >> (wolfenstine:enemyterritory bsp support) and extended and fixed support for >> existing formats (obj file support for use as maps, and support for minetest >> and minecraft object exports as maps directly into the game, and BZFlag >> exported obj as maps (these didn't work at all before: now they do (bzflag >> and the engine previously had different opinions on what an obj file was >> mathmatically))). That opened up 600 3d maps with the bsp work, and then >> 1000s of obj files with the obj_to_mc work. So I felt I was on a roll. >> Sketchfab was "opened up" and lots of free-software-licensed terrain and >> such were easily used from there. It was nice. I wanted to keep going. >> &g
Can you help our opensource project (file formats)?
We want the unreal map file types. http://sf.net/p/chaosesqueanthology /tickets/2/ .t3d and .unr file formats
I can't get contributors for my C project. Can you help?
Dear RMS; I've read that you are both a lisp and C developer. I cannot get any contributors for the longstanding C 3d engine I work on as part of my fully-free-software (including media) 3d game/architecture project. I've been working on it alone for 10 years but now have branched into supporting more 3d file types and can't do that alone. I've gone to "opensource" forums and gotten banned every single time for asking for help. Every single time. The message gets deleted. This is extremely difficult: it's not like 20 years ago when communication was free. Obvs the "opensource" community is no longer interested in any collaboration or development. The reason I wanted to find more contributors, is that I recently (last 2 years) programmed more file format support myself (wolfenstine:enemyterritory bsp support) and extended and fixed support for existing formats (obj file support for use as maps, and support for minetest and minecraft object exports as maps directly into the game, and BZFlag exported obj as maps (these didn't work at all before: now they do (bzflag and the engine previously had different opinions on what an obj file was mathmatically))). That opened up 600 3d maps with the bsp work, and then 1000s of obj files with the obj_to_mc work. So I felt I was on a roll. Sketchfab was "opened up" and lots of free-software-licensed terrain and such were easily used from there. It was nice. I wanted to keep going. I thought it might be possible to get unreal 97 and unreal tournament 99 3d map formats working: as there are tons of maps there and I used to make little 3d worlds using that format. The two main formats here are .t3d ; an ascii format (like obj) but which requires CSG math, and .unr : a binary format which pre-compiles the csg math down to vertex and face info; but is more complex a format. I found free software projects in C++ that tackle each (my project is in C): that could be used to learn the math. The t3d one even does the csg work. I just need to plead to you: please: I need contributors now. I did everything I could in these last 10 years under free-software licenses: made lots of maps, made tons of 3d models, made textures, game code (QuakeC), engine code (C). I extended the engine to beable to address up to 4 million entities, I programmed procedural map generation routines that allow creating cities out of nothing. I modeled tons of buildings, with both interiors, and level-of-detail models; so you can explore cities and not just go on the ourside of buildings. I modeled vehicles, added vehicles, programmed vehicles. I added 200 wps, and building code so players can do whatever they want in this 3d platform: from architecture, city building, town building, to fighting eachother, or racing cars, helicopters, to putting out fires. I've made music for it. All free software licensed. I just cannot get contributors. Every single place I post a plea for help the thing is banned and deleted.The only thing I've gotten is people trying to take down the project because they're mad I dared asked for file format help or for another programmer to join.Can you and the free software people help? I've asked "opensource" they sad "banned" and "scram"So I turn to you. It's in C. Your language.Please.I beg of you. I can't do these file formats alone. --Here's a ticket of the issue: sourceforge.net/p/chaosesqueanthology/tickets/2/ ( #2 Please help with .t3d and .unr loading (3d world file types) )Here's a git of the source code: sourceforge.net/p/chaosesqueanthology/code-t3d_attempt_engine/ci/master/tree/And here is a tarball of the source code: sourceforge.net/p/chaosesqueanthology/discussion/general/thread/72c4ff80c1/f23d/attachment/darkplaces_workingon_sep_06_2023_aug19cde_SOURCEONLY.tar.gz I started in model_brush.c , added in a new file handler: voidT3d_Attempt_Which_will_Mod_OBJ_Load(dp_model_t mod, void buffer,void *bufferend)and got it printing the vertex info of the t3d stuff. I found 2 free software projects that handle (in C++) the two file formats, and I asked them for help but no response: (.t3d) T3d2Map(C++): github.com/mildred/t3d2map (.unr) UShock(C++): sourceforge.net/projects/ushock/ So I just need help here.I cannot do this part of the engine coding alone.I know I did other formats: but it was alot of hacking and they weren't too different.But here: it would take me years since I'm a hacker (at best) and not a professional file programmer. Please help. Is there anywhere I can ask? Everywhere seems shutdown, filterd, and blocked, and very very unfriendly to any C dev requests.Hope you get well soon.
I can't get contributors for my C project. Can you help?
Dear RMS; I've read that you are both a lisp and C developer. I cannot get any contributors for the longstanding C 3d engine I work on as part of my fully-free-software (including media) 3d game/architecture project. I've been working on it alone for 10 years but now have branched into supporting more 3d file types and can't do that alone. I've gone to "opensource" forums and gotten banned every single time for asking for help. Every single time. The message gets deleted. This is extremely difficult: it's not like 20 years ago when communication was free. Obvs the "opensource" community is no longer interested in any collaboration or development. The reason I wanted to find more contributors, is that I recently (last 2 years) programmed more file format support myself (wolfenstine:enemyterritory bsp support) and extended and fixed support for existing formats (obj file support for use as maps, and support for minetest and minecraft object exports as maps directly into the game, and BZFlag exported obj as maps (these didn't work at all before: now they do (bzflag and the engine previously had different opinions on what an obj file was mathmatically))). That opened up 600 3d maps with the bsp work, and then 1000s of obj files with the obj_to_mc work. So I felt I was on a roll. Sketchfab was "opened up" and lots of free-software-licensed terrain and such were easily used from there. It was nice. I wanted to keep going. I thought it might be possible to get unreal 97 and unreal tournament 99 3d map formats working: as there are tons of maps there and I used to make little 3d worlds using that format. The two main formats here are .t3d ; an ascii format (like obj) but which requires CSG math, and .unr : a binary format which pre-compiles the csg math down to vertex and face info; but is more complex a format. I found free software projects in C++ that tackle each (my project is in C): that could be used to learn the math. The t3d one even does the csg work. I just need to plead to you: please: I need contributors now. I did everything I could in these last 10 years under free-software licenses: made lots of maps, made tons of 3d models, made textures, game code (QuakeC), engine code (C). I extended the engine to beable to address up to 4 million entities, I programmed procedural map generation routines that allow creating cities out of nothing. I modeled tons of buildings, with both interiors, and level-of-detail models; so you can explore cities and not just go on the ourside of buildings. I modeled vehicles, added vehicles, programmed vehicles. I added 200 wps, and building code so players can do whatever they want in this 3d platform: from architecture, city building, town building, to fighting eachother, or racing cars, helicopters, to putting out fires. I've made music for it. All free software licensed. I just cannot get contributors. Every single place I post a plea for help the thing is banned and deleted. The only thing I've gotten is people trying to take down the project because they're mad I dared asked for file format help or for another programmer to join. Can you and the free software people help? I've asked "opensource" they sad "banned" and "scram" So I turn to you. It's in C. Your language. Please. I beg of you. I can't do these file formats alone. -- Here's a ticket of the issue: sourceforge.net/p/chaosesqueanthology/tickets/2/ ( #2 Please help with .t3d and .unr loading (3d world file types) ) Here's a git of the source code: sourceforge.net/p/chaosesqueanthology/code-t3d_attempt_engine/ci/master/tree/ And here is a tarball of the source code: sourceforge.net/p/chaosesqueanthology/discussion/general/thread/72c4ff80c1/f23d/attachment/darkplaces_workingon_sep_06_2023_aug19cde_SOURCEONLY.tar.gz I started in model_brush.c , added in a new file handler: void T3d_Attempt_Which_will_Mod_OBJ_Load(dp_model_t mod, void buffer, void *bufferend) and got it printing the vertex info of the t3d stuff. I found 2 free software projects that handle (in C++) the two file formats, and I asked them for help but no response: (.t3d) T3d2Map(C++): github.com/mildred/t3d2map (.unr) UShock(C++): sourceforge.net/projects/ushock/ So I just need help here. I cannot do this part of the engine coding alone. I know I did other formats: but it was alot of hacking and they weren't too different. But here: it would take me years since I'm a hacker (at best) and not a professional file programmer. Please help. Is there anywhere I can ask? Everywhere seems shutdown, filterd, and blocked, and very very unfriendly to any C dev requests. Hope you get well soon.
the figure -- Re: Please help: ssh_exchange_identification: read: Connection reset by peer
I am sorry.
A somewhat different but at least visible version of the Test setup is
available here:
https://datatracker.ietf.org/doc/html/draft-ietf-bmwg-benchmarking-stateful#test_setup_sfnat64_multi
Gábor
9/3/2023 8:45 PM keltezéssel, Gabor LENCSE írta:
Dear List Members,
I have a weird problem, when I try to ssh to an OpenBSD server. (I use
OpenBSD 7.3 with GENERIC.MP #1125 kernel.)
I perform benchmarking tests to measure the performance of OpenBSD
PF. I use the below test setup:
2001:2::[-]:2/64 198.19.0.0/15 - 198.19.255.254/15
\ +--+ /
IPv6 \ |Initiator Responder| /
+-| Tester |<+
| addresses | [state table]| public IPv4 |
| +--+ |
| |
| +--+ |
| 2001:2::1/64| DUT: | public IPv4 |
+>| Stateful NAT64 gateway |-+
IPv6 address | [connection tracking table] | \
+--+ \
198.18.0.1/15
(As for the actual tests, I use only sub-ranges from the potential IP
address ranges shown above.)
The Tester is executed on a Linux server. During my tests, a bash
shell script (running on the Linux server) executes various commands
on the DUT (Device Under Test), which is the OpenBSD server. To that
end, I use ssh with key based authentication. Usually everything goes
well, but after a while, things "go wrong", and I cannot ssh from the
Linux server to the OpenBSD server any more. I get the following error
message:
root@tester:~/siitperf# ssh 172.16.17.102
ssh_exchange_identification: read: Connection reset by peer
root@tester:~/siitperf#
Then I even cannot ssh from the OpenBSD server to itself:
dut# ssh localhost
getsockname failed: Connection reset by peer
banner exchange: Connection to 127.0.0.1 port -1: Broken pipe
dut# ssh 172.16.17.102
getsockname failed: Connection reset by peer
banner exchange: Connection to UNKNOWN port -1: Broken pipe
dut#
To be able to perform the tests, I set various things by my scripts,
and perhaps one of them could be the culprit, but I cannot find it. I
execute the scripts in the /root/DUT-settings directory of the OpenBSD
server from the bash shell script running on the tester using ssh. The
relevant scripts are:
dut# pwd
/root/DUT-settings
dut# cat set-nat64-varip # this one sets static NDP and ARP entries
/root/DUT-settings/set-ndm-left 0 3999
/root/DUT-settings/set-arpm-right 2 1001
dut# cat set-ndm-left
for i in $(seq $1 $2)
do
h=$(printf "%x" $i)
ndp -s 2001:2::$h:2 24:6e:96:3c:3f:40 permanent
done
dut# cat set-ndm-right
for i in $(seq $1 $2)
do
h=$(printf "%x" $i)
ndp -s 2001:2:0:8000::$h:2 24:6e:96:3c:3f:42 permanent
done
dut# cat set-pf
pfctl -f /etc/pf-set-nat64
dut# cat /etc/pf-set-nat64
# $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
#
# See pf.conf(5) and /etc/examples/pf.conf
set skip on lo
block return # block stateless traffic
pass # establish keep-state
# By default, do not permit remote connections to X11
block return in on ! lo0 proto tcp to port 6000:6010
# Port build user does not need network
block return out log proto {tcp udp} user _pbuild
set skip on em1 # to protect ssh
set limit states 10 # 1000M
set timeout interval 3600 # 1 hour
pass in on ix0 inet6 from any to 64:ff9b::/96 af-to inet from 198.19.0.1
dut#
When everything is set, then the test follows. I have two kinds of tests.
1) Maximum connection establishment rate test. It sends 4M test frames
with all different source IP address and destination IP address
combinations to establish 4M connections. The test uses a binary
search to find the highest rate at which all connections are
established. (In fact it is not checked. What is checked, is that all
test frames arrive back the the Tester.)
2) Throughput test. First, the 4M connections are loaded into the
connection tracking table of PF. Then comes the throughput test with
bidirectional traffic. One elementary test last for 60s. A binary
search is used to find the highest rate at which all frames are
forwarded.
In the case of both tests, I reboot the DUT after each elementary step
of the binary search. Its aim is to completely clear the connection
tracking table of PF. And, IMHO, it should put the OpenBSD server into
a well defined, clear state. After which, it should behave the in the
same way, every time.
And now come the weird things. The maximum connection establishment
rate test was successful. The binary search was executed 10 times
without any problem. As for the throughput test, the binary search was
done ones fully. (It means 9 steps.)
Here is the first result:
No, Size, Dir, n, m, Duration, Initial Rate, N, M, R, T, D, Error,
Date, Iterations needed, rate
1, 84, b, 2, 2,
Re: Please help: ssh_exchange_identification: read: Connection reset by peer
I send the figure again. Now I surely used only spaces and not tabs:
*2001:2::[-]:2/64198.19.0.0/15 - 198.19.255.254/15*
*\+--+/*
*IPv6\ |InitiatorResponder| /*
*+-|Tester|<+*
*| addresses|[state table]| public IPv4 |*
*|+--+|*
*||*
*|+--+|*
*| 2001:2::1/64|DUT:| public IPv4 |*
*+>|Stateful NAT64 gateway|-+*
*IPv6 address |[connection tracking table]| \*
*+--+\*
*198.18.0.1/15*
Gábor
9/3/2023 8:45 PM keltezéssel, Gabor LENCSE írta:
Dear List Members,
I have a weird problem, when I try to ssh to an OpenBSD server. (I use
OpenBSD 7.3 with GENERIC.MP #1125 kernel.)
I perform benchmarking tests to measure the performance of OpenBSD
PF. I use the below test setup:
2001:2::[-]:2/64 198.19.0.0/15 - 198.19.255.254/15
\ +--+ /
IPv6 \ |Initiator Responder| /
+-| Tester |<+
| addresses | [state table]| public IPv4 |
| +--+ |
| |
| +--+ |
| 2001:2::1/64| DUT: | public IPv4 |
+>| Stateful NAT64 gateway |-+
IPv6 address | [connection tracking table] | \
+--+ \
198.18.0.1/15
(As for the actual tests, I use only sub-ranges from the potential IP
address ranges shown above.)
The Tester is executed on a Linux server. During my tests, a bash
shell script (running on the Linux server) executes various commands
on the DUT (Device Under Test), which is the OpenBSD server. To that
end, I use ssh with key based authentication. Usually everything goes
well, but after a while, things "go wrong", and I cannot ssh from the
Linux server to the OpenBSD server any more. I get the following error
message:
root@tester:~/siitperf# ssh 172.16.17.102
ssh_exchange_identification: read: Connection reset by peer
root@tester:~/siitperf#
Then I even cannot ssh from the OpenBSD server to itself:
dut# ssh localhost
getsockname failed: Connection reset by peer
banner exchange: Connection to 127.0.0.1 port -1: Broken pipe
dut# ssh 172.16.17.102
getsockname failed: Connection reset by peer
banner exchange: Connection to UNKNOWN port -1: Broken pipe
dut#
To be able to perform the tests, I set various things by my scripts,
and perhaps one of them could be the culprit, but I cannot find it. I
execute the scripts in the /root/DUT-settings directory of the OpenBSD
server from the bash shell script running on the tester using ssh. The
relevant scripts are:
dut# pwd
/root/DUT-settings
dut# cat set-nat64-varip # this one sets static NDP and ARP entries
/root/DUT-settings/set-ndm-left 0 3999
/root/DUT-settings/set-arpm-right 2 1001
dut# cat set-ndm-left
for i in $(seq $1 $2)
do
h=$(printf "%x" $i)
ndp -s 2001:2::$h:2 24:6e:96:3c:3f:40 permanent
done
dut# cat set-ndm-right
for i in $(seq $1 $2)
do
h=$(printf "%x" $i)
ndp -s 2001:2:0:8000::$h:2 24:6e:96:3c:3f:42 permanent
done
dut# cat set-pf
pfctl -f /etc/pf-set-nat64
dut# cat /etc/pf-set-nat64
# $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
#
# See pf.conf(5) and /etc/examples/pf.conf
set skip on lo
block return # block stateless traffic
pass # establish keep-state
# By default, do not permit remote connections to X11
block return in on ! lo0 proto tcp to port 6000:6010
# Port build user does not need network
block return out log proto {tcp udp} user _pbuild
set skip on em1 # to protect ssh
set limit states 10 # 1000M
set timeout interval 3600 # 1 hour
pass in on ix0 inet6 from any to 64:ff9b::/96 af-to inet from 198.19.0.1
dut#
When everything is set, then the test follows. I have two kinds of tests.
1) Maximum connection establishment rate test. It sends 4M test frames
with all different source IP address and destination IP address
combinations to establish 4M connections. The test uses a binary
search to find the highest rate at which all connections are
established. (In fact it is not checked. What is checked, is that all
test frames arrive back the the Tester.)
2) Throughput test. First, the 4M connections are loaded into the
connection tracking table of PF. Then comes the throughput test with
bidirectional traffic. One elementary test last for 60s. A binary
search is used to find the highest rate at which all frames are
forwarded.
In the case of both tests, I reboot the DUT after each elementary step
of the binary search. Its aim is to completely clear the connection
tracking table of PF. And, IMHO, it should put the OpenBSD server into
a well defined, clear state. After which, it should behave the in the
same way, every time.
Please help: ssh_exchange_identification: read: Connection reset by peer
Dear List Members,
I have a weird problem, when I try to ssh to an OpenBSD server. (I use
OpenBSD 7.3 with GENERIC.MP #1125 kernel.)
I perform benchmarking tests to measure the performance of OpenBSD PF.
I use the below test setup:
2001:2::[-]:2/64 198.19.0.0/15 - 198.19.255.254/15
\ +--+ /
IPv6 \ |Initiator Responder| /
+-| Tester |<+
| addresses | [state table]| public IPv4 |
| +--+ |
| |
| +--+ |
| 2001:2::1/64| DUT: | public IPv4 |
+>| Stateful NAT64 gateway |-+
IPv6 address | [connection tracking table] | \
+--+ \
198.18.0.1/15
(As for the actual tests, I use only sub-ranges from the potential IP
address ranges shown above.)
The Tester is executed on a Linux server. During my tests, a bash shell
script (running on the Linux server) executes various commands on the
DUT (Device Under Test), which is the OpenBSD server. To that end, I use
ssh with key based authentication. Usually everything goes well, but
after a while, things "go wrong", and I cannot ssh from the Linux server
to the OpenBSD server any more. I get the following error message:
root@tester:~/siitperf# ssh 172.16.17.102
ssh_exchange_identification: read: Connection reset by peer
root@tester:~/siitperf#
Then I even cannot ssh from the OpenBSD server to itself:
dut# ssh localhost
getsockname failed: Connection reset by peer
banner exchange: Connection to 127.0.0.1 port -1: Broken pipe
dut# ssh 172.16.17.102
getsockname failed: Connection reset by peer
banner exchange: Connection to UNKNOWN port -1: Broken pipe
dut#
To be able to perform the tests, I set various things by my scripts, and
perhaps one of them could be the culprit, but I cannot find it. I
execute the scripts in the /root/DUT-settings directory of the OpenBSD
server from the bash shell script running on the tester using ssh. The
relevant scripts are:
dut# pwd
/root/DUT-settings
dut# cat set-nat64-varip # this one sets static NDP and ARP entries
/root/DUT-settings/set-ndm-left 0 3999
/root/DUT-settings/set-arpm-right 2 1001
dut# cat set-ndm-left
for i in $(seq $1 $2)
do
h=$(printf "%x" $i)
ndp -s 2001:2::$h:2 24:6e:96:3c:3f:40 permanent
done
dut# cat set-ndm-right
for i in $(seq $1 $2)
do
h=$(printf "%x" $i)
ndp -s 2001:2:0:8000::$h:2 24:6e:96:3c:3f:42 permanent
done
dut# cat set-pf
pfctl -f /etc/pf-set-nat64
dut# cat /etc/pf-set-nat64
# $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
#
# See pf.conf(5) and /etc/examples/pf.conf
set skip on lo
block return # block stateless traffic
pass # establish keep-state
# By default, do not permit remote connections to X11
block return in on ! lo0 proto tcp to port 6000:6010
# Port build user does not need network
block return out log proto {tcp udp} user _pbuild
set skip on em1 # to protect ssh
set limit states 10 # 1000M
set timeout interval 3600 # 1 hour
pass in on ix0 inet6 from any to 64:ff9b::/96 af-to inet from 198.19.0.1
dut#
When everything is set, then the test follows. I have two kinds of tests.
1) Maximum connection establishment rate test. It sends 4M test frames
with all different source IP address and destination IP address
combinations to establish 4M connections. The test uses a binary search
to find the highest rate at which all connections are established. (In
fact it is not checked. What is checked, is that all test frames arrive
back the the Tester.)
2) Throughput test. First, the 4M connections are loaded into the
connection tracking table of PF. Then comes the throughput test with
bidirectional traffic. One elementary test last for 60s. A binary search
is used to find the highest rate at which all frames are forwarded.
In the case of both tests, I reboot the DUT after each elementary step
of the binary search. Its aim is to completely clear the connection
tracking table of PF. And, IMHO, it should put the OpenBSD server into a
well defined, clear state. After which, it should behave the in the same
way, every time.
And now come the weird things. The maximum connection establishment rate
test was successful. The binary search was executed 10 times without any
problem. As for the throughput test, the binary search was done ones
fully. (It means 9 steps.)
Here is the first result:
No, Size, Dir, n, m, Duration, Initial Rate, N, M, R, T, D, Error, Date,
Iterations needed, rate
1, 84, b, 2, 2, 60, 20, 400, 400, 8, 500, 51000, 1000,
2023-09-03 18:23:27, 9, 361718
root@tester:~/siitperf#
And when the binary search was executed the second time, it stopped
working after
Re: I would like help matching my outgoing domains to the right IP for smtpd
On Wed, Aug 16, 2023 at 10:21:34AM +0200, Bruno Flückiger wrote: > How about something like this? > > match from mail-from regex "@example.net" action send_example_net > match from mail-from regex "@example.com" action send_example_com > > Cheers, > Bruno > Thank you very much. I just had to add for any and it works perfectly. My dad and I ate some bad food at a restaurant, so this is a happy moment. -- Chris Bennett
Re: I would like help matching my outgoing domains to the right IP for smtpd
On 11.08., Chris Bennett wrote: > On Sat, Aug 12, 2023 at 03:49:12AM +, Philipp Buehler wrote: > > Am 12.08.2023 03:13 schrieb Chris Bennett: > > > I can't figure out how to match the outgoing mails to the correct IP/mx > > > they are coming from. Just one server, different A records for the mx > > > versus domain name. > > > > Difficult to understand what you're trying there... > > I kinda understand that you have multiple IP-addresses on that smtpd > > machine and need to send from a "correct" one? > > If so, check back that 'action' with a relay delivery has a 'src' option. > > > > HTH, > > -- > > pb > > > action "benn_to_outbound" relay src 108.181.26.184 helo > mx.bennettconstruction.us > > If this is correct, it works fine. > However, right now, I am forcing a match with > > match from local for anyaction "benn_to_outbound" > > I haven't been able to think of a way to match each individual one. > > -- > Chris Bennett > How about something like this? match from mail-from regex "@example.net" action send_example_net match from mail-from regex "@example.com" action send_example_com Cheers, Bruno
Re: [cpb_m...@bennettconstruction.us: I would like help matching my outgoing domains to the right IP for smtpd]
It's the weekend. I will see if anyone has any advice later. I will spend my time looking at perhaps solving the problem with a filter and using tcpdump and the debug features of smtpd to follow what I come up with. -- Chris Bennett
Re: I would like help matching my outgoing domains to the right IP for smtpd
On Sat, Aug 12, 2023 at 03:49:12AM +, Philipp Buehler wrote: > Am 12.08.2023 03:13 schrieb Chris Bennett: > > I can't figure out how to match the outgoing mails to the correct IP/mx > > they are coming from. Just one server, different A records for the mx > > versus domain name. > > Difficult to understand what you're trying there... > I kinda understand that you have multiple IP-addresses on that smtpd > machine and need to send from a "correct" one? > If so, check back that 'action' with a relay delivery has a 'src' option. > > HTH, > -- > pb > action "benn_to_outbound" relay src 108.181.26.184 helo mx.bennettconstruction.us If this is correct, it works fine. However, right now, I am forcing a match with match from local for anyaction "benn_to_outbound" I haven't been able to think of a way to match each individual one. -- Chris Bennett
Re: I would like help matching my outgoing domains to the right IP for smtpd
On Sat, Aug 12, 2023 at 03:49:12AM +, Philipp Buehler wrote: > Am 12.08.2023 03:13 schrieb Chris Bennett: > > I can't figure out how to match the outgoing mails to the correct IP/mx > > they are coming from. Just one server, different A records for the mx > > versus domain name. > > Difficult to understand what you're trying there... > I kinda understand that you have multiple IP-addresses on that smtpd > machine and need to send from a "correct" one? > If so, check back that 'action' with a relay delivery has a 'src' option. > > HTH, > -- > pb > I have one server with multiple IP addresses. For example, bennettconstruction.us at one IP, with A record mx.bennettconstruction.us at the same machine, different IP with it's own A record. Plus, several other website and mail domains on the same server. In each case, each has it's own A record and IP, one for a domain name, the other for it's mail domain. bennettconstruction.us 1.2.3.4 mx.bennettconstruction.us 1.2.3.5 moron.org 1.2.3.6 mail.moron.org 1.2.3.7 wisecracker.com 1.2.3.8 mx.wisecracker.com 1.2.3.9 I'm trying to get the proper mail server to match the sent From: domain. Also, with this switch changing the hostname, root now comes through bennettconstruction.us instead of the other one that was the hostname before. The change in hostname was planned. In case it's relevant, I always use ssh and neomutt to the server for reading and sending. I only use K9 on my phone to read or click a link. Thank you for putting up with my hard to understand posts. It's not deliberate, but a lifelong problem. -- Chris Bennett
Re: I would like help matching my outgoing domains to the right IP for smtpd
Am 12.08.2023 03:13 schrieb Chris Bennett: I can't figure out how to match the outgoing mails to the correct IP/mx they are coming from. Just one server, different A records for the mx versus domain name. Difficult to understand what you're trying there... I kinda understand that you have multiple IP-addresses on that smtpd machine and need to send from a "correct" one? If so, check back that 'action' with a relay delivery has a 'src' option. HTH, -- pb
I would like help matching my outgoing domains to the right IP for smtpd
Hello, as I was updating to the new IP ranges, I changed ~all to -all (My old IP's were crap filled with spam, so I just didn't send mails to the big guys.) I tried sending to gmail.com and got smacked that the spf was referring to an unexpected address on the server. I found that I was getting "random" choices from the tables I had setup. Reading the manpage carefully, I saw that this was the correct behaviour. If the headers in this email are correct, then I have the right action. I can't figure out how to match the outgoing mails to the correct IP/mx they are coming from. Just one server, different A records for the mx versus domain name. Right now, I'm just forcing all local to this action. After several hours trying different options and testing sending to my other server, I'm coming up blank. Except that I now understand much more from the manpages that confused me previously. I've been reading a lot of other manpages lately, too. Time well spent. Any advice would be nice. -- Chris Bennett
[cpb_m...@bennettconstruction.us: I would like help matching my outgoing domains to the right IP for smtpd]
- Forwarded message from Chris Bennett - To: misc@openbsd.org From: Chris Bennett Subject: I would like help matching my outgoing domains to the right IP for smtpd Date: Fri, 11 Aug 2023 18:13:59 -0700 Hello, as I was updating to the new IP ranges, I changed ~all to -all (My old IP's were crap filled with spam, so I just didn't send mails to the big guys.) I tried sending to gmail.com and got smacked that the spf was referring to an unexpected address on the server. I found that I was getting "random" choices from the tables I had setup. Reading the manpage carefully, I saw that this was the correct behaviour. If the headers in this email are correct, then I have the right action. I can't figure out how to match the outgoing mails to the correct IP/mx they are coming from. Just one server, different A records for the mx versus domain name. Right now, I'm just forcing all local to this action. After several hours trying different options and testing sending to my other server, I'm coming up blank. Except that I now understand much more from the manpages that confused me previously. I've been reading a lot of other manpages lately, too. Time well spent. Any advice would be nice. -- Chris Bennett - End forwarded message - --
Re: I need help to see if I can reboot new network OK. Wild misadventures with non-OpenBSD support and bad IPMI
On Sat, Jul 29, 2023 at 07:41:18PM +, Philipp Buehler wrote: > Am 29.07.2023 21:29 schrieb Chris Bennett: > > The other IP's are randomly missing or give this: > > > > link#2 UHLc 0 450 - 3 em1 > > Hi, I'm happy. I practiced on the other server until I was sure, then I changed the first server over to the new way. I got one link#2 on the last IP, so I aliased that one in too and rebooted. Everything is great. What does link#2 mean in a more literal sense? Tomorrow all I have to do is new DNS records and swap the IP addresses for the other server. Tell them to switch me over to the new IP's and I'm done. I have no idea what the network problem was, but I leave my desktop on 24/7. It crashed for the first time ever. Most likely it was the problem. Thank you for the education. I fully approve of getting little pieces at a time. Change this. Doesn't work. Study it carefully. Post again. More problems. Then more help. I have always liked OpenBSD's policy of not giving information to just copy/paste. Now I need to go make a donation. Have a great day. -- Chris
Re: I need help to see if I can reboot new network OK. Wild misadventures with non-OpenBSD support and bad IPMI
On Sat, Jul 29, 2023 at 07:41:18PM +, Philipp Buehler wrote: > Oh, you need an alias for each IP that should be bound on em1 > so, like: > # cat /etc/hostname.em1 > inet 103.103.103.170/29 > inet alias 103.103.103.171/32 > inet alias 103.103.103.172/32 > inet alias 103.103.103.173/32 > inet alias 103.103.103.174/32 > This seemed to work. The network is very strange for me. Not sure if my hotspot is bad or if they are having network problems at the company. New network, new problems? I will get back later if this is a real problem or not. I was reading route manpage. Next is netstart script and manpage. Thanks. I really appreciate it. Chris Bennett > > mygate and netstart has a manpage, as there is 'hostname.if' to read :) > > PS: pointless to use '-x'; just a lot of debug noise > > -- > pb > --
Re: I need help to see if I can reboot new network OK. Wild misadventures with non-OpenBSD support and bad IPMI
Am 29.07.2023 21:29 schrieb Chris Bennett: The other IP's are randomly missing or give this: link#2 UHLc 0 450 - 3 em1 Each route flush;sh -x /etc/nestart or a reboot changes the result. Oh, you need an alias for each IP that should be bound on em1 so, like: # cat /etc/hostname.em1 inet 103.103.103.170/29 inet alias 103.103.103.171/32 inet alias 103.103.103.172/32 inet alias 103.103.103.173/32 inet alias 103.103.103.174/32 # cat /etc/mygate 103.103.103.169 mygate and netstart has a manpage, as there is 'hostname.if' to read :) PS: pointless to use '-x'; just a lot of debug noise -- pb
Re: I need help to see if I can reboot new network OK. Wild misadventures with non-OpenBSD support and bad IPMI
On Sat, Jul 29, 2023 at 06:18:40PM +, Philipp Buehler wrote: > Am 29.07.2023 20:04 schrieb Chris Bennett: > > inet 103.103.103.168/29 > > That's wrong, you put the "first" IP-address you want to > use/have on em1. So that would be 170/29 > Well, that half-worked. Always get ...170, works. ssh works. autossh with -M no longer works except with autossh -M 0 ...169 is the gateway. ...175 is broadcast. The other IP's are randomly missing or give this: link#2 UHLc 0 450 - 3 em1 Each route flush;sh -x /etc/nestart or a reboot changes the result. I just tried mygate at ...174. No good. > (168 is this network's BSD-broadcast or "net address") > > > > /etc/mygate is > > 103.103.103.169 > Cannot forsee what your ISP provides as the gateway, but > likely that's correct. > Feel free to offer me a good man page to start with. Coffee is working. -- Chris Bennett
Re: I need help to see if I can reboot new network OK. Wild misadventures with non-OpenBSD support and bad IPMI
Am 29.07.2023 20:04 schrieb Chris Bennett: inet 103.103.103.168/29 That's wrong, you put the "first" IP-address you want to use/have on em1. So that would be 170/29 (168 is this network's BSD-broadcast or "net address") /etc/mygate is 103.103.103.169 Cannot forsee what your ISP provides as the gateway, but likely that's correct. All names (hosts,myname) is not directly relevant to IP networking. Do not put names in mygate (just a sidenote). ifconfig gave 103.103.103.168 as the IP address route -n show gave 103.103.103.168 as the gateway. Likely a config from the errornous hostname.if entry, see above. I did not change or remove what's in /etc/hostname which is at 103.103.103.170. Does that matter? hosts I assume? That might be relevant to apache, but not the networking (reachability) itself. -- pb
Re: I need help to see if I can reboot new network OK. Wild misadventures with non-OpenBSD support and bad IPMI
On Sat, Jul 29, 2023 at 04:34:17AM +, Philipp Buehler wrote: > > To save mindboggling counting of 'f' or similar, just write this to > /etc/hostname.em1 > inet 108.181.26.178/28 > The ifconfig called from netstart will figure it out ;-) That's a headups > for everybody, so cc misc@. > Hmm, I also have a newer server with the same company that does have a usable IPMI. I also have to change IP's with it too. It is running -current from a few weeks ago, so this is a fictional address except for the last three digits (168) 103.103.103.168/29 Right now, I have my first IP I'm using at 103.103.103.170 I put into /etc/hostname.em1: inet 103.103.103.168/29 /etc/mygate is 103.103.103.169 /etc/myname is network-moron.com I did not change /etc/hosts which just has the addresses from 103.103.103.170 to 103.103.103.175 added. I rebooted, but couldn't ping the server at any address. In IPMI, there were no network problems on the boot screen, but apache2 failed to start. ifconfig gave 103.103.103.168 as the IP address route -n show gave 103.103.103.168 as the gateway. For the heck of it, I changed /etc/mygate to 103.103.103.168, just to see if that provided any useful information. Same failed outcome, as I expected. .later I tried every obvious variation I could think of. Nothing works except what I used on the other server. A couple of years ago I tried to do what you suggested with a script to swap back in the old hostname and reboot. I couldn't ever get it to work Since what I had worked (not what I really wanted to use with the aliases), I just blew it off. I took a good while with my brain in sludge mode last night to change some essential passwords and shut off imap, etc. I still lacking enough sleep. Having coffee, going to eat and probably go back to bed. I just wanted to try this out while I could. I wanted to post about this and then RTFM's later with a clear head. I did not change or remove what's in /etc/hostname which is at 103.103.103.170. Does that matter? -- Chris Bennett
Re: I need help to see if I can reboot new network OK. Wild misadventures with non-OpenBSD support and bad IPMI 11 Perhaps they just don't have a proper setup or are not using it.
On Sat, Jul 29, 2023 at 04:34:17AM +, Philipp Buehler wrote: > Moin Chris, > > Am 29.07.2023 04:17 schrieb Chris Bennett: > > The network is 108.181.26.176/28. > > > > Right now,the first IP is 108.181.26.178 and the last regular address is > > 108.181.26.190, which might be wrong. I'm too tired to read any more > > man pages or web pages. I needed more than 2hrs of sleep. > > I'm super worn out, so forgive my mistakes. > > > > Any help appreciated. I don't want the next syspatch reboot to fail. > > To save mindboggling counting of 'f' or similar, just write this to > /etc/hostname.em1 > inet 108.181.26.178/28 > The ifconfig called from netstart will figure it out ;-) That's a headups > for everybody, so cc misc@. > Yes, there was a big delay when he put in one f too few. Besides changing IP ranges, they also just started pushing a single IP address that serves as everything, but also a different checkbox for the same thing for Linux only. I know essentially nothing about Linux besides the fact that I quickly tried several, but I didn't like them. I then ran into something mentioning OpenBSD. After reading the website, I saw that OpenBSD was and has been an excellent choice. No regrets. I already know from experience that if I asked them for any details about that networking change, I would NOT get a useful answer. After I got to multiple days, my goal had to be getting able to ssh in and start fixing things. Security through obscurity does not work. So I think it is well worth it to show and get help. I am so tired right now, that my Dad had a problem with sound using YouTube on a Firestick. I couldn't tell him even the simplest step, so I just had him reboot it. I'm going to kill everything that has outside access, get a good night's sleep and then change every password for inside stuff and all emails. Then I'm going to carefully read every man page, etc. until I understand everything fully. Now is the right time for this. Until recently, I only had a laptop stuck at 6.6 and a lousy phone hotspot or an even crappier access to almost useless wifi in places like libraries. Two used computers and a really great phone hotspot make everything good now. Thank you very much. > The current ifconfig em1 shows a bit wild setup for 108.181.26.179; but that > > is likely unintended and the wrong mask/bc will be gone with the above > setting. > > The route output shows several hosts in 108.136/108.137 ranges where there > is no corresponding setup given. > > But to reach the system via 108.181.26.178 again, this looks sound. > > HTH, > -- > pb > > PS: > tyo# cat /etc/hostname.vlan1 > vlandev vio0 > inet 108.181.26.178/28 > tyo# sh /etc/netstart vlan1 > tyo# ifconfig vlan1 > vlan1: flags=8843 mtu 1500 > lladdr fe:e1:bb:6e:63:36 > index 7 priority 0 llprio 3 > encap: vnetid none parent vio0 txprio packet rxprio outer > groups: vlan > media: Ethernet autoselect > status: active > inet 108.181.26.178 netmask 0xfff0 broadcast 108.181.26.191 > PPS: to check quickly on reachability of a gateway directly: > ping -I 108.181.26.178 -t 1 108.181.26.177 > and check arp table accordingly I will try this right now and save this email in the mailbox for important things to keep long term. -- Chris Bennett
Re: I need help to see if I can reboot new network OK. Wild misadventures with non-OpenBSD support and bad IPMI
On Sat, Jul 29, 2023 at 03:45:36AM +, All wrote: > Your network has first usable IP address 108.181.26.177, not > 108.181.26.178. Also, your broadcast address is 108.181.26.191 and not > 108.181.26.190 > Yes, I had things setup with 108.181.26.177 as the first IP, but they changed it. It was extremely frustrating to watch someone making changes that I did not request. They also don't seem to have the capability to read the support messages I sent them while actually making incorrect changes. Perhaps they just don't have a proper setup or are not using it. I could see what they were doing by refreshing the IPMI preview screen. But that really is just a poor set of images. It did let me see the contents of files if I refreshed the image at just the right moment. Getting them to type sh -x /etc/netstart or reboot despite giving them detailed instructions beforehand. It took about 1 1/2hrs to get someone to finally type sh /etc/netstart after doing all of the above. But I have never worked in that field, so I really don't know what goes on in their server farms. There was another issue that I did not know how to deal with. I will mention that in replying to another in this thread. -- Chris Bennett
Re: I need help to see if I can reboot new network OK. Wild misadventures with non-OpenBSD support and bad IPMI
Moin Chris, Am 29.07.2023 04:17 schrieb Chris Bennett: The network is 108.181.26.176/28. Right now,the first IP is 108.181.26.178 and the last regular address is 108.181.26.190, which might be wrong. I'm too tired to read any more man pages or web pages. I needed more than 2hrs of sleep. I'm super worn out, so forgive my mistakes. Any help appreciated. I don't want the next syspatch reboot to fail. To save mindboggling counting of 'f' or similar, just write this to /etc/hostname.em1 inet 108.181.26.178/28 The ifconfig called from netstart will figure it out ;-) That's a headups for everybody, so cc misc@. The current ifconfig em1 shows a bit wild setup for 108.181.26.179; but that is likely unintended and the wrong mask/bc will be gone with the above setting. The route output shows several hosts in 108.136/108.137 ranges where there is no corresponding setup given. But to reach the system via 108.181.26.178 again, this looks sound. HTH, -- pb PS: tyo# cat /etc/hostname.vlan1 vlandev vio0 inet 108.181.26.178/28 tyo# sh /etc/netstart vlan1 tyo# ifconfig vlan1 vlan1: flags=8843 mtu 1500 lladdr fe:e1:bb:6e:63:36 index 7 priority 0 llprio 3 encap: vnetid none parent vio0 txprio packet rxprio outer groups: vlan media: Ethernet autoselect status: active inet 108.181.26.178 netmask 0xfff0 broadcast 108.181.26.191 PPS: to check quickly on reachability of a gateway directly: ping -I 108.181.26.178 -t 1 108.181.26.177 and check arp table accordingly
Re: I need help to see if I can reboot new network OK. Wild misadventures with non-OpenBSD support and bad IPMI
Your network has first usable IP address 108.181.26.177, not 108.181.26.178. Also, your broadcast address is 108.181.26.191 and not 108.181.26.190 On Saturday, July 29, 2023 at 12:17:47 p.m. GMT+9, Chris Bennett wrote: Hi. My server company either was bought by another company or just hooked up new IP ranges. I have a super cheap server with 13 IP addresses. This only has ancient Java KVM which I can't hook up to, but I can use the console preview only as single refreshable images. So I had to coach them along. I had to really rush due to the cutoff date. I made a few mistakes, inet isn't spelled ine, etc. A power screwup, my fault. Watching someone trying to use ed was amusing. I had to get /home commented out since it needed manual fsck. It was a long day and all night and morning today. Everything is apparently working fine, but a little different than my previous setup. I would like some help to know if this setup will work after a reboot. I really don't want to ask for more help from support. The network is 108.181.26.176/28. Right now,the first IP is 108.181.26.178 and the last regular address is 108.181.26.190, which might be wrong. I'm too tired to read any more man pages or web pages. I needed more than 2hrs of sleep. I'm super worn out, so forgive my mistakes. Any help appreciated. I don't want the next syspatch reboot to fail. Chris Bennett cat /etc/hostname.em1 inet 108.181.26.178 0xfff0 108.181.26.190 inet alias 108.181.26.179 255.255.255.255 inet alias 108.181.26.180 255.255.255.255 inet alias 108.181.26.181 255.255.255.255 inet alias 108.181.26.182 255.255.255.255 inet alias 108.181.26.183 255.255.255.255 inet alias 108.181.26.184 255.255.255.255 inet alias 108.181.26.185 255.255.255.255 inet alias 108.181.26.186 255.255.255.255 inet alias 108.181.26.187 255.255.255.255 inet alias 108.181.26.188 255.255.255.255 inet alias 108.181.26.189 255.255.255.255 #inet alias 108.181.26.190 255.255.255.255 cat /etc/hosts 127.0.0.1 localhost ::1 localhost #108.181.26.177 gateway 108.181.26.178 bennettconstruction.us 108.181.26.179 strengthcouragewisdom.rocks 108.181.26.180 mail.strengthcouragewisdom.rocks 108.181.26.181 freedomforlife.rocks 108.181.26.182 mx.freedomforlife.rocks 108.181.26.183 bsd-sec.dev 108.181.26.184 mx.bennettconstruction.us 108.181.26.185 bsd-sec.com 108.181.26.186 mail.bsd-sec.com 108.181.26.187 cowboyup.xyz 108.181.26.188 mail.cowboyup.xyz 108.181.26.189 capuchado.com 108.181.26.190 # Using for development, unassigned cat /etc/myname bennettconstruction.us cat /etc/mygate 108.181.26.177 route -n show Routing tables Internet: Destination Gateway Flags Refs Use Mtu Prio Iface default 108.181.26.177 UGS 11 25504 - 8 em1 108/8 108.181.26.179 UCn 11 0 - 4 em1 108.136.59.3 00:1f:6d:eb:60:00 UHLc 0 4 - 3 em1 108.136.125.137 00:1f:6d:eb:60:00 UHLc 0 2 - 3 em1 108.136.179.191 00:1f:6d:eb:60:00 UHLc 0 9 - 3 em1 108.136.182.161 00:1f:6d:eb:60:00 UHLc 0 9 - 3 em1 108.136.235.206 00:1f:6d:eb:60:00 UHLc 0 8 - 3 em1 108.136.238.232 00:1f:6d:eb:60:00 UHLc 0 10 - 3 em1 108.136.248.92 00:1f:6d:eb:60:00 UHLc 0 9 - 3 em1 108.137.2.3 00:1f:6d:eb:60:00 UHLc 0 3 - 3 em1 108.137.73.28 00:1f:6d:eb:60:00 UHLc 0 15 - 3 em1 108.137.74.160 00:1f:6d:eb:60:00 UHLc 0 4 - 3 em1 108.137.155.209 00:1f:6d:eb:60:00 UHLc 0 3 - 3 em1 108.181.26.176/28 108.181.26.178 UCn 1 2 - 4 em1 108.181.26.177 00:1f:6d:eb:60:00 UHLch 1 44 - 3 em1 108.181.26.178 00:25:90:6c:43:43 UHLl 0 4741 - 1 em1 108.181.26.179 00:25:90:6c:43:43 UHLl 0 3443 - 1 em1 108.181.26.180 00:25:90:6c:43:43 UHLl 0 4510 - 1 em1 108.181.26.180/32 108.181.26.180 UCn 0 0 - 4 em1 108.181.26.181 00:25:90:6c:43:43 UHLl 0 3004 - 1 em1 108.181.26.181/32 108.181.26.181 UCn 0 0 - 4 em1 108.181.26.182 00:25:90:6c:43:43 UHLl 0 4192 - 1 em1 108.181.26.182/32 108.181.26.182 UCn 0 0 - 4 em1 108.181.26.183 00:25:90:6c:43:43 UHLl 0 4767 - 1 em1 108.181.26.183/32 108.181.26.183 UCn 0 0 - 4 em1 108.181.26.184 00:25:90:6c:43:43 UHLl 0 8119 - 1 em1 108.181.26.184/32 108.181.26.184 UCn 0 0 - 4 em1 108.181.26.185 00:25:90:6c:43:43 UHLl 0 4902 - 1 em1 108.181.26.185/32 108.181.26.185 UCn 0 0 - 4 em1 108.181.26.186 00:25:90:6c:43:43 UHLl 0 3049 - 1 em1 108.181.26.186
I need help to see if I can reboot new network OK. Wild misadventures with non-OpenBSD support and bad IPMI
Hi. My server company either was bought by another company or just hooked up new IP ranges. I have a super cheap server with 13 IP addresses. This only has ancient Java KVM which I can't hook up to, but I can use the console preview only as single refreshable images. So I had to coach them along. I had to really rush due to the cutoff date. I made a few mistakes, inet isn't spelled ine, etc. A power screwup, my fault. Watching someone trying to use ed was amusing. I had to get /home commented out since it needed manual fsck. It was a long day and all night and morning today. Everything is apparently working fine, but a little different than my previous setup. I would like some help to know if this setup will work after a reboot. I really don't want to ask for more help from support. The network is 108.181.26.176/28. Right now,the first IP is 108.181.26.178 and the last regular address is 108.181.26.190, which might be wrong. I'm too tired to read any more man pages or web pages. I needed more than 2hrs of sleep. I'm super worn out, so forgive my mistakes. Any help appreciated. I don't want the next syspatch reboot to fail. Chris Bennett cat /etc/hostname.em1 inet 108.181.26.178 0xfff0 108.181.26.190 inet alias 108.181.26.179 255.255.255.255 inet alias 108.181.26.180 255.255.255.255 inet alias 108.181.26.181 255.255.255.255 inet alias 108.181.26.182 255.255.255.255 inet alias 108.181.26.183 255.255.255.255 inet alias 108.181.26.184 255.255.255.255 inet alias 108.181.26.185 255.255.255.255 inet alias 108.181.26.186 255.255.255.255 inet alias 108.181.26.187 255.255.255.255 inet alias 108.181.26.188 255.255.255.255 inet alias 108.181.26.189 255.255.255.255 #inet alias 108.181.26.190 255.255.255.255 cat /etc/hosts 127.0.0.1 localhost ::1 localhost #108.181.26.177 gateway 108.181.26.178bennettconstruction.us 108.181.26.179strengthcouragewisdom.rocks 108.181.26.180mail.strengthcouragewisdom.rocks 108.181.26.181freedomforlife.rocks 108.181.26.182mx.freedomforlife.rocks 108.181.26.183bsd-sec.dev 108.181.26.184mx.bennettconstruction.us 108.181.26.185bsd-sec.com 108.181.26.186mail.bsd-sec.com 108.181.26.187cowboyup.xyz 108.181.26.188mail.cowboyup.xyz 108.181.26.189capuchado.com 108.181.26.190# Using for development, unassigned cat /etc/myname bennettconstruction.us cat /etc/mygate 108.181.26.177 route -n show Routing tables Internet: DestinationGatewayFlags Refs Use Mtu Prio Iface default108.181.26.177 UGS 1125504 - 8 em1 108/8 108.181.26.179 UCn 110 - 4 em1 108.136.59.3 00:1f:6d:eb:60:00 UHLc 04 - 3 em1 108.136.125.13700:1f:6d:eb:60:00 UHLc 02 - 3 em1 108.136.179.19100:1f:6d:eb:60:00 UHLc 09 - 3 em1 108.136.182.16100:1f:6d:eb:60:00 UHLc 09 - 3 em1 108.136.235.20600:1f:6d:eb:60:00 UHLc 08 - 3 em1 108.136.238.23200:1f:6d:eb:60:00 UHLc 0 10 - 3 em1 108.136.248.92 00:1f:6d:eb:60:00 UHLc 09 - 3 em1 108.137.2.300:1f:6d:eb:60:00 UHLc 03 - 3 em1 108.137.73.28 00:1f:6d:eb:60:00 UHLc 0 15 - 3 em1 108.137.74.160 00:1f:6d:eb:60:00 UHLc 04 - 3 em1 108.137.155.20900:1f:6d:eb:60:00 UHLc 03 - 3 em1 108.181.26.176/28 108.181.26.178 UCn12 - 4 em1 108.181.26.177 00:1f:6d:eb:60:00 UHLch 1 44 - 3 em1 108.181.26.178 00:25:90:6c:43:43 UHLl 0 4741 - 1 em1 108.181.26.179 00:25:90:6c:43:43 UHLl 0 3443 - 1 em1 108.181.26.180 00:25:90:6c:43:43 UHLl 0 4510 - 1 em1 108.181.26.180/32 108.181.26.180 UCn00 - 4 em1 108.181.26.181 00:25:90:6c:43:43 UHLl 0 3004 - 1 em1 108.181.26.181/32 108.181.26.181 UCn00 - 4 em1 108.181.26.182 00:25:90:6c:43:43 UHLl 0 4192 - 1 em1 108.181.26.182/32 108.181.26.182 UCn00 - 4 em1 108.181.26.183 00:25:90:6c:43:43 UHLl 0 4767 - 1 em1 108.181.26.183/32 108.181.26.183 UCn00 - 4 em1 108.181.26.184 00:25:90:6c:43:43 UHLl 0 8119 - 1 em1 108.181.26.184/32 108.181.26.184 UCn00 - 4 em1 108.181.26.185 00:25:90:6c:43:43 UHLl 0 4902 - 1 em1 108.181.26.185/32 108.181.26.185 UCn00 - 4 em1 108.181.26.186 00:25:90:6c:43:43 UHLl 0 3049 - 1 em1 108.181.26.186/32 108.181.26.186 UCn00 - 4 em1 108.181.26.187 00:25:90:6c:43:43 UHLl
Re: Help for another wiped out disklabel
Ok, now that 7.3 is up and running fine on sd0 I can re do my sd1 USB SSD. This SSD was set up as a 2nd disk back when I originally installed 6.8 on it so it's hard for me to remember how I would have had it start at 0 rather than 64 as mentioned in the FAQ. Thanks for reading and reminding me Nick. On Thu, Apr 13, 2023 at 4:32 PM Nick Holland wrote: > On 4/13/23 16:08, Greg Thomas wrote: > > Thank you! I gave it one more shot before attempting the script and I'm > > back in. I figured I'd try 0 for the beginning of the partition. > > > > grits# disklabel sd1 > > # /dev/rsd1c: > > type: SCSI > > disk: SCSI disk > > label: Ext SSD > > duid: 2eeb6058175bf1f7 > > flags: > > bytes/sector: 512 > > sectors/track: 20 > > tracks/cylinder: 22 > > sectors/cylinder: 440 > > cylinders: 2131143 > > total sectors: 937703088 > > boundstart: 0 > > boundend: 937703088 > > > > 16 partitions: > > #size offset fstype [fsize bsize cpg] > >a:9377030400 4.2BSD 4096 32768 1 > >c:9377030880 unused > > OUCH. Don't do this! > > I'm not sure why your disklabel got overwritten *in your case*, but there > is stuff that's supposed to be at sector zero, and a disklabel is NOT IT. > Something someday will clobber it. And it did. > > Please, back your data up, put either a UEFI or MBR partition table on it, > and then use the rest of the disk for your backup. With modern disk > sizes, the amount of space you "save" isn't worth the first time this > happens to you. > > Nick. > (who went back to look at your dmesg to make sure it wasn't a sparc64 :) > >
Re: Help for another wiped out disklabel
On 4/13/23 16:08, Greg Thomas wrote: Thank you! I gave it one more shot before attempting the script and I'm back in. I figured I'd try 0 for the beginning of the partition. grits# disklabel sd1 # /dev/rsd1c: type: SCSI disk: SCSI disk label: Ext SSD duid: 2eeb6058175bf1f7 flags: bytes/sector: 512 sectors/track: 20 tracks/cylinder: 22 sectors/cylinder: 440 cylinders: 2131143 total sectors: 937703088 boundstart: 0 boundend: 937703088 16 partitions: #size offset fstype [fsize bsize cpg] a:9377030400 4.2BSD 4096 32768 1 c:9377030880 unused OUCH. Don't do this! I'm not sure why your disklabel got overwritten *in your case*, but there is stuff that's supposed to be at sector zero, and a disklabel is NOT IT. Something someday will clobber it. And it did. Please, back your data up, put either a UEFI or MBR partition table on it, and then use the rest of the disk for your backup. With modern disk sizes, the amount of space you "save" isn't worth the first time this happens to you. Nick. (who went back to look at your dmesg to make sure it wasn't a sparc64 :)
Re: Help for another wiped out disklabel
Thank you! I gave it one more shot before attempting the script and I'm back in. I figured I'd try 0 for the beginning of the partition. grits# disklabel sd1 # /dev/rsd1c: type: SCSI disk: SCSI disk label: Ext SSD duid: 2eeb6058175bf1f7 flags: bytes/sector: 512 sectors/track: 20 tracks/cylinder: 22 sectors/cylinder: 440 cylinders: 2131143 total sectors: 937703088 boundstart: 0 boundend: 937703088 16 partitions: #size offset fstype [fsize bsize cpg] a:9377030400 4.2BSD 4096 32768 1 c:9377030880 unused On Thu, Apr 13, 2023 at 2:51 AM wrote: > Greg Thomas writes: > > I just ran through a fresh 7.3 install onto sd0 on an old 6.8 laptop and > I > > have no idea what happened to the disklabel on sd1 (during the install I > > only did an automatic disklabel on sd0). This is just a backup of my > > current laptop so not the end of the world (unless my current laptop dies > > before I have a chance to back it up again). > > Part of the solution I used previously to recover my trashed disklabel > was a script to create a partition on the disklabel with every > starting value (a simple brute force approach). This proved to be > far too slow so I resorted to hacking scan_ffs but that's because > I had other partitions and swap of unknown size to skip over first > to find the /var/backup partition that I needed. > > Since your lost partition is at the beginning of the disc somewhere > this shouldn't be much of a problem. The end sector doesn't really > matter if you'll mount the partition read-only provided it's large > enough; just don't run fsck on it. > > Something along the lines of: > > for k in `jot 2048`; do echo | disklabel -e sd0; mount -r > /dev/sd1a /mnt && echo $k; umount /mnt; done > > Where is multi-line input to disklabel to delete and create > partition a. Alternatively investigate disklabel's -R option. > > Then locate your disklabel backup, investigate -R if you didn't > already, and restore it exactly. > > Matthew > >
Re: Help for another wiped out disklabel
Greg Thomas writes: > I just ran through a fresh 7.3 install onto sd0 on an old 6.8 laptop and I > have no idea what happened to the disklabel on sd1 (during the install I > only did an automatic disklabel on sd0). This is just a backup of my > current laptop so not the end of the world (unless my current laptop dies > before I have a chance to back it up again). Part of the solution I used previously to recover my trashed disklabel was a script to create a partition on the disklabel with every starting value (a simple brute force approach). This proved to be far too slow so I resorted to hacking scan_ffs but that's because I had other partitions and swap of unknown size to skip over first to find the /var/backup partition that I needed. Since your lost partition is at the beginning of the disc somewhere this shouldn't be much of a problem. The end sector doesn't really matter if you'll mount the partition read-only provided it's large enough; just don't run fsck on it. Something along the lines of: for k in `jot 2048`; do echo | disklabel -e sd0; mount -r /dev/sd1a /mnt && echo $k; umount /mnt; done Where is multi-line input to disklabel to delete and create partition a. Alternatively investigate disklabel's -R option. Then locate your disklabel backup, investigate -R if you didn't already, and restore it exactly. Matthew
Help for another wiped out disklabel
I just ran through a fresh 7.3 install onto sd0 on an old 6.8 laptop and I have no idea what happened to the disklabel on sd1 (during the install I only did an automatic disklabel on sd0). This is just a backup of my current laptop so not the end of the world (unless my current laptop dies before I have a chance to back it up again). I was using the whole sd1 disk attached by USB for the backup and from what I recall I had one big /dev/sd1a mounted on /backup. Here's the current disklabel. The only thing I've tried is changing the boundstart from 2048 to 64, and then creating an a partition with offset of 2048 and 64. No luck there. I'm foggy from getting through the end of a case of COVID so let me know if there are some obvious parameters I should be using, or if its futile. And next time I'll disconnect the USB disk before doing a fresh install. Thanks for reading. grits# disklabel /dev/sd1c # /dev/sd1c: type: SCSI disk: SCSI disk label: Ext SSD duid: 2eeb6058175bf1f7 flags: bytes/sector: 512 sectors/track: 20 tracks/cylinder: 22 sectors/cylinder: 440 cylinders: 2131143 total sectors: 937703088 boundstart: 2048 boundend: 937699328 16 partitions: #size offset fstype [fsize bsize cpg] c:9377030880 unused dmesg: OpenBSD 7.3 (GENERIC.MP) #1125: Sat Mar 25 10:36:29 MDT 2023 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8451125248 (8059MB) avail mem = 8175603712 (7796MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xdae9c000 (66 entries) bios0: vendor LENOVO version "8DET69WW (1.39 )" date 07/18/2013 bios0: LENOVO 428767U acpi0 at bios0: ACPI 4.0 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SLIC SSDT SSDT SSDT HPET APIC MCFG ECDT ASF! TCPA SSDT SSDT UEFI UEFI UEFI acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP4(S4) EXP7(S4) EHC1(S3) EHC2(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz, 2790.98 MHz, 06-2a-07 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 8-way L2 cache, 4MB 64b/line 16-way L3 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz, 2790.97 MHz, 06-2a-07 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu1: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 8-way L2 cache, 4MB 64b/line 16-way L3 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz, 2790.98 MHz, 06-2a-07 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu2: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 8-way L2 cache, 4MB 64b/line 16-way L3 cache cpu2: smt 0, core 1, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz, 2791.04 MHz, 06-2a-07 cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu3: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 8-way L2 cache, 4MB 64b/line 16-way L3 cache cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 acpimcfg0: addr 0xf800, bus 0-63 acpiec0 at acpi0 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG_) acpiprt2 at acpi0: bus 2 (EXP1) acpiprt3 at acpi0: bus 3
Re: what tools exist to help a beginner debug a hung syscall?
Thank you very much for your reply, this is extremely high signal.
On Mon, Apr 03, 2023 at 10:15:00AM -, Stuart Henderson wrote:
> On 2023-04-01, Paul Tagliamonte wrote:
> > I've been trying to take a library[1] I use on my Linux boxen, and coax
> > it into working on OpenBSD[2], and have been able to get a compiled .so
> > that looks good, with the exception of the USB transport. Given the
>
> This is probably the most informative reply from the previous times the
> subject came up:
>
> https://marc.info/?l=openbsd-tech=159420462501384=2
>
> (I don't think anything changed in this area since then).
Exactly the same, in fact! Disapointing reply, but after having spent a
bit over a week tracing this down, it's a relief to my ego that it's not
something obvious. It's doubly frustrating since what I do see in
kernelspace looks to be initialized sensibly, it just sits in progress
and never completes until EINTR.
I'll have to track down that GSOC work, but I'm not super inclined to
put a -current kernel into use outside the lab bench. I fear I may be
the next breadcrumb when someone tries this again within the next 4
years.
> OpenBSD's USB stack, especially regarding direct device access from
> userland, definitely has some issues that don't exist on other systems.
> FWIW I'm tending to run such devices on single-purpose Linux boxes now.
Totally. I was trying to get to 100% feature parity between OpenBSD and
Linux for some code I spend my free time on. Given the better idea I now
have of the landscape, I'm now trying to balance how much I want 100%
feature parity against the three practical options in front of me;
namely:
1) writing enough of a shim in libusb or libuhd to make this work as-is
today (the only reason I think this is possible is because
unmodified upstream rtl-sdr and hackrf are making libusb async calls
and getting data on my OpenBSD system)
2) make the most minimal kernel change to get the userland code working
3) giving up entirely on libuhd on OpenBSD
I'll likely give #2 an ernest try this week, and then fall back on #3. I
don't think I'm going to be the one to crack this multi-decade TODO in
spare cycles between work on a spare cycles project.
> I don't have a kernel core handy to test but you can load a kernel into
> gdb (watch out for reorder_kernel; you will need to save the actual
> kernel that produced the core) and may be able to load the core (saved
> in /var/crash after booting following "boot crash") into gdb with
> 'target kvm $file'. Not sure if you will get better results from base
> or ports gdb ("egdb" binary) in this case; try the other if one doesn't
> work. Though I don't think it's very widely used so may have rotted.
> Generally I think either ddb or adding debug code seem more common,
> also dt(4) helps figure out some things.
This is very pointer rich, thank you very much. I'll give this a try to
see if I can refine the workflow a bit. It sounds like I'm not far off
from best practice, which is -- again -- a bit of a relief.
> Here or maybe tech@. Though this (libusb/direct device access from
> userland) is not an area in which anyone is particularly active.
full ack
Thanks sth@ for your reply, I very much appreciate it.
paultag
--
:wq
Re: what tools exist to help a beginner debug a hung syscall?
On 2023-04-01, Paul Tagliamonte wrote:
> I've emailed a few lists, but so far everyone either looked the other
> way quickly[0], didn't know, or didn't have time to help me out (fair
> enough!)
I think it's mostly a mix of "don't know anything about it" and "know
some things but not enough to give a useful reply".
> I've been trying to take a library[1] I use on my Linux boxen, and coax
> it into working on OpenBSD[2], and have been able to get a compiled .so
> that looks good, with the exception of the USB transport. Given the
This is probably the most informative reply from the previous times the
subject came up:
https://marc.info/?l=openbsd-tech=159420462501384=2
(I don't think anything changed in this area since then).
> Either that or this is a common libusb 'gotcha' that everyone eventually
> finds and patches that presents itself on OpenBSD by always locking up.
OpenBSD's USB stack, especially regarding direct device access from
userland, definitely has some issues that don't exist on other systems.
FWIW I'm tending to run such devices on single-purpose Linux boxes now.
> Everything is using USB3/xhci. That's the only bus on the system, and
> this device communicates using USB3 in this case.
> I've been able to set up the serial console, and get 'ddb' working well,
> but I am having a hard time using it without poking myself on the sharp
> bits. Is there a good way to explore the wedged system that isn't using
> ddb off a serial line? Looks like 'ddb' can 'boot crash'; is there a
> good workflow documented there?
I don't have a kernel core handy to test but you can load a kernel into
gdb (watch out for reorder_kernel; you will need to save the actual
kernel that produced the core) and may be able to load the core (saved
in /var/crash after booting following "boot crash") into gdb with
'target kvm $file'. Not sure if you will get better results from base
or ports gdb ("egdb" binary) in this case; try the other if one doesn't
work. Though I don't think it's very widely used so may have rotted.
Generally I think either ddb or adding debug code seem more common,
also dt(4) helps figure out some things.
> 0) Is there a good place to have this conversation? I don't see
> topical "usb subsystem interest group" mailing list(s) where this
> may be less tedious to most of the readers. I tried ports@[7], but
> I don't think that list was right either. I feel like a nunsense
> posting on all these lists right now.
Here or maybe tech@. Though this (libusb/direct device access from
userland) is not an area in which anyone is particularly active.
what tools exist to help a beginner debug a hung syscall?
Heyya, misc@,
I'm very new to using OpenBSD for anything more than what's 'on the tin'
(DNS RR, Router, etc), and have got myself stuck and have tried during
nights and weekends for about a week to try and unwedge myself here,
unsuccessfully. I'm hoping someone can help point me to a OpenBSD kernel
for newbies guide/help of some sort.
I've emailed a few lists, but so far everyone either looked the other
way quickly[0], didn't know, or didn't have time to help me out (fair
enough!)
I've been trying to take a library[1] I use on my Linux boxen, and coax
it into working on OpenBSD[2], and have been able to get a compiled .so
that looks good, with the exception of the USB transport. Given the
history of related libraries having similar-sounding[3] issues[4] with
libusb1, I suspect the issue isn't in the library I'm trying to port,
rather, in libusb1's OpenBSD support, or in (*shudder*) the kernel.
Either that or this is a common libusb 'gotcha' that everyone eventually
finds and patches that presents itself on OpenBSD by always locking up.
To get my library working on OpenBSD, I've had to use -snapshot (it
requires waitid(2)), and to debug the system (which is now entirely
just for testing this singular problem), I've built a -current kernel.
Specifically, it's mostly based on the source tree that the Git mirror
knows as e3f6ba90cc00f3d7457f857a0fd00f2b435bc0ec (Wed, Mar 29th,
2023).[5]
Everything below is the state as I understand it while the program is
locked up:
[Split-cut to: userland]
When reading from the device, my 3-line test program (3-line is
disengenious here since it's calling into a library that calls into a
library that eventually talks to the OS) eventually hangs while invoking
'libusb_submit_transfer', which is, specifically, hung on a read(2)
against a ugen device (specifically, the read in '_sync_gen_transfer' in
the libusb OpenBSD implementation). A pthread in the background is
continuing to exercise the 'libusb_handle_events' endpoint, to no avail.
I asked the upstream list about this[6], no reply yet.
[Fade to: kernelspace]
[Scene one: read(2) syscall]
The kernelspace end of the read(2) has wound up in `usbd_transfer`,
roundabout line 406 of usbdi.c, waiting for the xfer on the other end of
the endpoint's pipe to be complete. This intrepid syscall earnestly
stands by, waiting for the day when it'll be called back.
[Scene two: ugen driver state]
Everything is using USB3/xhci. That's the only bus on the system, and
this device communicates using USB3 in this case.
The ugen device (other USB devices are not a factor as far as I can
tell, and will continue to operate, even in the locked state,
interestingly) looks something like:
ugen device unit 1:
- endpoint 2: dir=0 (OUT) -- NULL pipe
- endpoint 4: dir=0 (OUT) -- NULL pipe
- endpoint 6: dir=1 (IN) -- NULL pipe
- endpoint 8: dir=1 (IN) -- pipe alloc'd
The one related endpoint, which is endpoint 8 here, has a refcount of 1.
It's running (not aborting).
Here's the output of some USB_DEBUG knobs:
usbd_dump_device: dev=0x81291500
bus=0x80132000 default_pipe=0x801bd000
address=3 config=1 depth=1 speed=4 self_powered=0 power=2 langid=1033
pipe=0x808b6000
usbd_dump_endpoint: endp=0x812d6ee0
edesc=0x801b785d refcnt=1
bEndpointAddress=0x88
(usbd_dump_pipe:)
running=1 aborting=0
intrxfer=0x0, repeat=0, interval=-1
Since this doesn't give me a lot of insight into the xfer state, I wrote
a small stub and threw it into a dark corner where I could let it be,
and have the following from it:
pipe=0x808b6000
xfer=0xfd827f59daf0 status=1 done=0 length=1024 flags=0x16 timeout=0
My understanding is that this means that endpoint 8 has an active pipe
that is running (not aborting), with an in-flight xfer which is
IN_PROGRESS, with the (USBD_SYNCHRONOUS | USBD_SHORT_XFER_OK |
USBD_CATCH) flags set [0x02 | 0x04 | 0x10 - as seen in usbdi.h].
Even while waiting a signficant (in human-time) length of time, the xfer
remains in this state, and is never marked as done until I C-c the
process, and everything cleans up on close(2)/EINTR
[Cut to: author]
Right, thank you for sticking around. I'm looking for some help for what
steps to take next on trying to isolate what may be blocking the xfer
from being processed -- and trying to figure out what userland knobs are
invoking kernelspace in a way that's causing it. Since other libraries
are working OK, I have to assume this isn't actually a kernelspace bug,
but I'd feel a lot better root causing it.
During the wedged state, xhci messages don't come through after the
transfer was submitted (I have xhcidebug, as well as other
{usb,ugen,*}debug set high), and I've very quickly got myself lost past
this point. This makes me suspect some sort of inturupt is maybe
being suspended while a call is in progress; I just have no idea where
to start with that theory, much
Re: [Need help about bsd_auth.h/ question with Rust]
On Mon Aug 01, 2022 at 05:20:30PM +0200, Bilal Emohmadian wrote: > Hello ! OBSD Teams ! How are you ? > > I'm a new user of OpenBSD, trying to port KDE5 > (Plasma/Workspace/KWin/KScreenLocker) with wayland v1.19.0 in /usr/ports/ > on OpenBSD 7.2-beta. How did you resolve the missing dependencies on Libinput and UDev? https://github.com/sizeofvoid/wip-ports/blob/kde-plasma-wip/x11/kde-plasma/kwin/Makefile#L54
Re: [Need help about bsd_auth.h/ question with Rust]
On Mon, 01 Aug 2022 17:20:30 +0200, Bilal Emohmadian wrote: > I'm a new user of OpenBSD, trying to port KDE5 > (Plasma/Workspace/KWin/KScreenLocker) with wayland v1.19.0 in /usr/ports/ > on OpenBSD 7.2-beta. > > . Can you explain how work the typedef struct authsession_t ? (Because i > can't find him on github repo T-T) > . That is because auth_session_t is an opaque type, you are not meant to modify it. Usually, all you need is something like a call to one of the simplified auth APIs like auth_userokay(). Take a look out how BSD auth is used in lock(1) and xlock(1). - todd
[Need help about bsd_auth.h/ question with Rust]
Hello ! OBSD Teams ! How are you ? I'm a new user of OpenBSD, trying to port KDE5 (Plasma/Workspace/KWin/KScreenLocker) with wayland v1.19.0 in /usr/ports/ on OpenBSD 7.2-beta. . Can you explain how work the typedef struct authsession_t ? (Because i can't find him on github repo T-T) . _ Also, Thx to add Rust stuff on OpenBSD ! Can we write driver on Rust with Kernel Library ?
Re: Help with basic pf rule to open port 25
On Thu, Jan 06, 2022 at 03:39:00PM -0500, Sean McBride wrote: > I don't actually want to use OpenSMTPD, I was just using it as a way to test > my experimental pf rules. I'l try to find some other way to test them. netcat # man nc
Re: Help with basic pf rule to open port 25
On 5 Jan 2022, at 11:40, Crystal Kolipe wrote: > Have you actually changed the default /etc/mail/smtpd.conf to listen for > external connections? No. > By default it only listens on the loopback interface, (and local socket). Ah. That probably explains that then. I don't actually want to use OpenSMTPD, I was just using it as a way to test my experimental pf rules. I'l try to find some other way to test them. Thanks both for your replies and links to reading materials. Cheers, Sean
Re: Help with basic pf rule to open port 25
On Wed, Jan 05, 2022 at 11:03:02AM -0500, Sean McBride wrote: > pass in log quick on egress proto tcp to any port smtp > If on the OpenBSD system itself I do `telnet > localhost 25` I see the built-in OpenSTMPD. But if I telnet from another > machine on my LAN, I fail to connect. Shouldn't that rule have opened port > 25? Assuming that you only have a single network card and that it is configured with the default routes, then yes, that rule will open port 25 to the other machines on your LAN. Have you actually changed the default /etc/mail/smtpd.conf to listen for external connections? By default it only listens on the loopback interface, (and local socket).
Re: Help with basic pf rule to open port 25
Hi Sean, Happy new year to you, do a netstat and make sure that your software is listening on an address other than loopback or all addresses (0.0.0.0) run the following command netstat -an If you want to check active rules in pf run the following command pfctl -sr if you ever want to check your rules (in a recently edited pf.conf file run pfctl -nvvvf /etc/pf.conf if the rules returned match what you wish ..then you can commit / load them by running pfctl -vvvf /etc/pf.conf (each v increases verbosity ) Peter Hansteen and Max Stucchi have an amazing tutorial on PF https://home.nuug.no/~peter/pftutorial/#1 but they explain the concepts really well recommend the class that they do in person .. for the latest features about PF in the version of Openbsd you are running ... man pfctl or man pf.conf will help you ... I hope this helps and enjoy the Journey in OpenBSD ... It is awesome ... Tom Smyth On Wed, 5 Jan 2022 at 16:09, Sean McBride wrote: > Hi all, > > (Newbie and first time poster, please be gentle :)) > > I'm trying to set up spamd, and I think I'm having trouble with pf. So > I tried to add a very basic test rule. I added to the beginning of > /etc/pf.conf the following: > > pass in log quick on egress proto tcp to any port smtp > > then rebooted (for luck). If on the OpenBSD system itself I do `telnet > localhost 25` I see the built-in OpenSTMPD. But if I telnet from > another machine on my LAN, I fail to connect. Shouldn't that rule have > opened port 25? > > Thanks, > > Sean > -- Kindest regards, Tom Smyth.
Help with basic pf rule to open port 25
Hi all, (Newbie and first time poster, please be gentle :)) I'm trying to set up spamd, and I think I'm having trouble with pf. So I tried to add a very basic test rule. I added to the beginning of /etc/pf.conf the following: pass in log quick on egress proto tcp to any port smtp then rebooted (for luck). If on the OpenBSD system itself I do `telnet localhost 25` I see the built-in OpenSTMPD. But if I telnet from another machine on my LAN, I fail to connect. Shouldn't that rule have opened port 25? Thanks, Sean
Need help for fixing ruby gem for diaspora
hello misc! I'm now trying to deploy diaspora on openbsd.
I was almost sucessfull, the only problem is:
i can't build 'eye' gem, what requires 'kostya-sigar' gem, and
'kostya-sigar' is failing to build.
At first i created an issue on github
https://github.com/kostya/sigar/issues/12 but owner of repo could not
help me.
Maybe some of openbsd devs can.
Without any edits, gem does not build because lack of "sys/dkstat.h":
compiling darwin_sigar.c
darwin_sigar.c:55:10: fatal error: 'sys/dkstat.h' file not found
#include
^~
I've tried to replace sys/dkstat.h with sys/sched.h
and now build fails with this errors:
compiling darwin_sigar.c
darwin_sigar.c:1080:21: error: no member named 'kp_eproc' in 'struct
kinfo_proc'
if (proc[i].KI_FLAG & P_SYSTEM) {
~~~ ^
darwin_sigar.c:227:17: note: expanded from macro 'KI_FLAG'
#define KI_FLAG kp_eproc.e_flag
^
darwin_sigar.c:1080:31: error: use of undeclared identifier 'P_SYSTEM'
if (proc[i].KI_FLAG & P_SYSTEM) {
^
darwin_sigar.c:1083:21: error: no member named 'kp_proc' in 'struct
kinfo_proc'
if (proc[i].KI_PID == 0) {
~~~ ^
darwin_sigar.c:212:17: note: expanded from macro 'KI_PID'
#define KI_PID kp_proc.p_pid
^
darwin_sigar.c:1087:54: error: no member named 'kp_proc' in 'struct
kinfo_proc'
proclist->data[proclist->number++] = proc[i].KI_PID;
~~~ ^
darwin_sigar.c:212:17: note: expanded from macro 'KI_PID'
#define KI_PID kp_proc.p_pid
^
darwin_sigar.c:1118:29: error: use of undeclared identifier 'KERN_PROC2'
int mib[] = { CTL_KERN, KERN_PROC2, KERN_PROC_PID, 0,
sizeof(*sigar->pinfo), 1 };
^
darwin_sigar.c:1118:65: error: invalid application of 'sizeof' to an
incomplete type 'bsd_pinfo_t' (aka 'struct kinfo_proc2')
int mib[] = { CTL_KERN, KERN_PROC2, KERN_PROC_PID, 0,
sizeof(*sigar->pinfo), 1 };
^~~
../../src/os/darwin/sigar_os.h:49:16: note: forward declaration of
'struct kinfo_proc2'
typedef struct kinfo_proc2 bsd_pinfo_t;
^
darwin_sigar.c:1122:24: error: invalid application of 'sizeof' to an
incomplete type 'bsd_pinfo_t' (aka 'struct kinfo_proc2')
size_t len = sizeof(*sigar->pinfo);
^~~
../../src/os/darwin/sigar_os.h:49:16: note: forward declaration of
'struct kinfo_proc2'
typedef struct kinfo_proc2 bsd_pinfo_t;
^
darwin_sigar.c:1139:21: error: invalid application of 'sizeof' to an
incomplete type 'int []'
if (sysctl(mib, NMIB(mib), sigar->pinfo, , NULL, 0) < 0) {
^
darwin_sigar.c:115:26: note: expanded from macro 'NMIB'
#define NMIB(mib) (sizeof(mib)/sizeof(mib[0]))
^
darwin_sigar.c:1299:15: error: incomplete definition of type 'struct
kinfo_proc2'
(pinfo->p_vm_tsize + pinfo->p_vm_dsize + pinfo->p_vm_ssize) *
sigar->pagesize;
~^
../../src/os/darwin/sigar_os.h:49:16: note: forward declaration of
'struct kinfo_proc2'
typedef struct kinfo_proc2 bsd_pinfo_t;
^
darwin_sigar.c:1299:35: error: incomplete definition of type 'struct
kinfo_proc2'
(pinfo->p_vm_tsize + pinfo->p_vm_dsize + pinfo->p_vm_ssize) *
sigar->pagesize;
~^
../../src/os/darwin/sigar_os.h:49:16: note: forward declaration of
'struct kinfo_proc2'
typedef struct kinfo_proc2 bsd_pinfo_t;
^
darwin_sigar.c:1299:55: error: incomplete definition of type 'struct
kinfo_proc2'
(pinfo->p_vm_tsize + pinfo->p_vm_dsize + pinfo->p_vm_ssize) *
sigar->pagesize;
~^
../../src/os/darwin/sigar_os.h:49:16: note: forward declaration of
'struct kinfo_proc2'
typedef struct kinfo_proc2 bsd_pinfo_t;
^
darwin_sigar.c:1301:30: error: incomplete definition of type 'struct
kinfo_proc2'
procmem->resident = pinfo->p_vm_rssize * sigar->pagesize;
~^
../../src/os/darwin/sigar_os.h:49:16: note: forward declaration of
'struct kinfo_proc2'
typedef struct kinfo_proc2 bsd_pinfo_t;
^
darwin_sigar.c:1305:34: error: incomplete definition of type 'struct
kinfo_proc2'
procmem->minor_faults = pinfo->p_uru_minflt;
~^
../../src/os/darwin/sigar_os.h:49:16: note: forward declaration of
'struct kinfo_proc2'
typedef struct kinfo_proc2 bsd_pinfo_t;
^
darwin_sigar.c:1306:34: error: incomplete definition of type 'struct
kinfo_proc2'
procmem->major_faults = pinfo->p_uru_majflt;
~^
../../src/os/darwin/sigar_os.h:49:16: note: forward declaration of
'struct kinfo_proc2'
typedef struct kinfo_proc2 bsd_pinfo_t;
^
darwi
Re: send help ( chroot php fpm refuse to exec/popen/procopen... on 7.0 )
On Tue, Oct 26, 2021 at 11:13 AM Stuart Henderson
wrote:
> On 2021-10-26, Sven F. wrote:
> > exec ('/usr/sbin/ksh -c "echo a"', $output, $retval);
> > echo '';
> > echo "Returned with status $retval and output:\n";
> ..
> > Returned with status 127 and output:
> ..
>
> You need /bin/sh in the chroot for this to work.
>
> "The exit status of the shell is 127 if the command file specified on
> the command line could not be opened"
>
> I've just added some more text to php's pkg-readme files about this
>
>
Thanks all,
Am i supposed to put femail here ?
; For Unix only. You may supply arguments as well (default: "sendmail -t
-i").
; http://php.net/sendmail-path
sendmail_path = /bin/femail -t -i
# cat /usr/local/share/doc/pkg-readmes/femail-chroot
$OpenBSD: README-chroot,v 1.3 2018/09/04 12:46:15 espie Exp $
Yes, now i see it :-/
+---
| Running femail-chroot on OpenBSD
+---
[..]
If you're using femail with PHP inside a chroot jail, be aware that
PHP's built-in "mail" function uses popen(), which requires /bin/sh
Y'all great.
--
--
-
Knowing is not enough; we must apply. Willing is not enough; we must do
Re: send help ( chroot php fpm refuse to exec/popen/procopen... on 7.0 )
Am 26.10.21 09:18 schrieb Sven F.:
> }{ello,
>
> I updated a device and use php fpm on openbsd 7.0
> everything works fine after putting a resolv file in the chroot
> but i can't send email from the chroot
>
> I hope I didn't see something obvious.
>
> to troubleshoot i drop the ksh inside the chroot
>
> /var/www/usr/sbin/ksh:
> (...)
I am not entirely sure what to answer here because I don't know what
your question is, but maybe it helps to copy /bin/sh to ${CHROOT}/bin/sh
Re: send help ( chroot php fpm refuse to exec/popen/procopen... on 7.0 )
On 2021-10-26, Sven F. wrote:
> exec ('/usr/sbin/ksh -c "echo a"', $output, $retval);
> echo '';
> echo "Returned with status $retval and output:\n";
..
> Returned with status 127 and output:
..
You need /bin/sh in the chroot for this to work.
"The exit status of the shell is 127 if the command file specified on
the command line could not be opened"
I've just added some more text to php's pkg-readme files about this
Re: send help ( chroot php fpm refuse to exec/popen/procopen... on 7.0 )
> On Oct 26, 2021, at 9:22 AM, Sven F. wrote:
>
> }{ello,
>
> I updated a device and use php fpm on openbsd 7.0
> everything works fine after putting a resolv file in the chroot
> but i can't send email from the chroot
>
> I hope I didn't see something obvious.
>
> to troubleshoot i drop the ksh inside the chroot
>
> /var/www/usr/sbin/ksh:
>StartEnd Type Open Ref GrpRef Name
>0e4fc4d74000 0e4fc4e1a000 dlib 10 0
> /var/www/usr/sbin/ksh
>
> and wrote a stupid php
>
> $output=null;
> $retval=null;
> # exec('/usr/sbin/sendmail -h 2>&1', $output, $retval);
> exec ('/usr/sbin/ksh -c "echo a"', $output, $retval);
> echo '';
> echo "Returned with status $retval and output:\n";
> echo '';
> $rc = sprintf('%o', fileperms('/usr/sbin/sendmail'));
> echo $rc;
> echo '';
> $rc = sprintf('ffoo: %o', fileperms('/usr/sbin/ffoo'));
> echo $rc;
> echo '';
> print_r(array('o' => $output,'perm' => $rc, 'r' => $retval));
>
> which output :
>
> Returned with status 127 and output:
> 100555
> ffoo: 100644
> Array ( [o] => Array ( ) [perm] => ffoo: 100644 [r] => 127 )
>
Does /bin/sh exist in the chroot? It’s needed by exec.
send help ( chroot php fpm refuse to exec/popen/procopen... on 7.0 )
}{ello,
I updated a device and use php fpm on openbsd 7.0
everything works fine after putting a resolv file in the chroot
but i can't send email from the chroot
I hope I didn't see something obvious.
to troubleshoot i drop the ksh inside the chroot
/var/www/usr/sbin/ksh:
StartEnd Type Open Ref GrpRef Name
0e4fc4d74000 0e4fc4e1a000 dlib 10 0
/var/www/usr/sbin/ksh
and wrote a stupid php
&1', $output, $retval);
exec ('/usr/sbin/ksh -c "echo a"', $output, $retval);
echo '';
echo "Returned with status $retval and output:\n";
echo '';
$rc = sprintf('%o', fileperms('/usr/sbin/sendmail'));
echo $rc;
echo '';
$rc = sprintf('ffoo: %o', fileperms('/usr/sbin/ffoo'));
echo $rc;
echo '';
print_r(array('o' => $output,'perm' => $rc, 'r' => $retval));
which output :
Returned with status 127 and output:
100555
ffoo: 100644
Array ( [o] => Array ( ) [perm] => ffoo: 100644 [r] => 127 )
which constantly returns 127 and no output ( also tried popen and
other methods , just use exec as a 'simpler' version.
Also used the ksh to double check ENV
chroot -u user /var/www /usr/sbin/ksh -c 'echo $USER'
and tested sendmail inside chroot with the chroot command.
After pondering the existence of the universe, i ktrace the php - fpm
process
ktrace -d -t cpxX -p 32152
and it's not really clear, i cannot see a vfork in there,
usr/local got the wxallowed
- -- -
(( I 80% sur the chrooted sendmail was delivered with
a pkg_add ))
# uname -a
OpenBSD portals2.citypassenger.com 7.0 GENERIC.MP#232 amd64
# pkg_info
argon2-20190702 C implementation of Argon2 - password hashing function
bzip2-1.0.8p0 block-sorting file compressor, unencumbered
curl-7.79.0 transfer files with FTP, HTTP, HTTPS, etc.
femail-1.0p1simple SMTP client
femail-chroot-1.0p3 simple SMTP client for chrooted web servers
gd-2.3.2library for dynamic creation of images
gettext-runtime-0.21p1 GNU gettext runtime libraries and programs
giflib-5.1.6tools and library routines for working with GIF images
intel-firmware-20210608v0 microcode update binaries for Intel CPUs
jpeg-2.1.1v0SIMD-accelerated JPEG codec replacement of libjpeg
libiconv-1.16p0 character set conversion library
libsodium-1.0.18p1 library for network communications and cryptography
libwebp-1.2.1 Google WebP image format conversion tool
libxml-2.9.12 XML parsing library
lz4-1.9.3p0 fast BSD-licensed data compression
lzo2-2.10p2 portable speedy lossless data compression library
mariadb-client-10.6.4v1 multithreaded SQL database (client)
mariadb-server-10.6.4p2v1 multithreaded SQL database (server)
nghttp2-1.44.0 library for HTTP/2
nginx-1.20.1p0 robust and small HTTP server and mail proxy server
oniguruma-6.9.7.1 regular expressions library
p5-Clone-0.45 recursively copy Perl datatypes
p5-DBD-MariaDB-1.21p3 MariaDB and MySQL driver for the Perl5 Database Interface
p5-DBI-1.643the standard database interface module for Perl
p5-FreezeThaw-0.5001p0 module for converting structures to strings and back
p5-MLDBM-2.05p0 store multi-level hash structure in single-level tied hash
p5-Math-Base-Convert-0.11p0 very fast base to base conversion
p5-Module-Runtime-0.016p0 runtime module handling
p5-Net-Daemon-0.48p1 extension for portable daemons
p5-Params-Util-1.07p2 utility to make parameter checking easier
p5-PlRPC-0.2020p0 module for writing rpc servers and clients
p5-SQL-Statement-1.414 SQL parsing and processing engine
pcre-8.44 perl-compatible regular expression library
pcre2-10.36 perl-compatible regular expression library, version 2
php-7.4.24 server-side HTML-embedded scripting language
php-bz2-7.4.24 bzip2 compression extensions for php
php-curl-7.4.24 curl URL library extensions for php
php-gd-7.4.24 image manipulation extensions for php
php-mysqli-7.4.24 mysql database access extensions for php
png-1.6.37 library for manipulating PNG images
quirks-4.53 exceptions to pkg_add rules
snappy-1.1.8fast compression/decompression library
sshguard-2.4.2 protect against brute force attacks on sshd and others
tiff-4.3.0 tools and library routines for working with TIFF images
vmm-firmware-1.14.0 firmware binary images for vmm(4) driver
xz-5.2.5LZMA compression and decompression tools
zstd-1.5.0 zstandard fast real-time compression algorithm
# mount
/dev/sd0a on / type ffs (local)
/dev/sd0g on /home type ffs (local, nodev, nosuid)
/dev/sd0d on /tmp type ffs (local, nodev, nosuid)
/dev/sd0e on /usr type ffs (local, nodev)
/dev/sd0f on /usr/local type ffs (local, nodev, wxallowed)
/dev/sd0h on /var type ffs (local, nodev, nosuid)
# ls -l /var/www/usr/sbin
total 1920
-rw-r--r-- 1 root daemon 0 Oct 26 14:37 ffoo
-r-xr-xr-x 1 root daemon 613080 Oct 25 20:42 ksh
-r-xr-xr-x 1 root daemon 313176 Oct 23 00:31 sendmail
# kdump
20747
Re: help debug NFS
Hi, James Thank you for the link. Since the problem really exists, the only option is to use a periodical querying the mount point like you recommend or like I did using while-loop. 11.04.2021 21:11, James Stark пишет: Hi Maxim, I ran into the problem with the nfs mounts on linux hanging a few months ago, when the Linux distro that I'm running (Void) on the NFS client dropped UDP NFS mounts. At the time I found this post that explains the situation: http://openbsd-archive.7691.n7.nabble.com/nfsd-hangs-Linux-tcp-clients-after-5-minutes-idle-td402844.html As a work around, I've set up a cron script that stat's the mount point every four minutes. That stops the mount from hanging. I hope that helps. James On Sun, Apr 11, 2021 at 2:04 AM Родин Максим wrote: Hello I have an NFS server on OpenBSD 6.8 stable which exports a folder with default settings. I have a linux mint client which mounts a share from this NFS server with these settings: sudo mount -o wsize=8192,rsize=8192 192.168.1.65:/big /home/user/store which gives a decent speed at about 50-60MB/s both sides which seem ok for me. The problem is: when the mount point is not used for a while (5 minutes and more) the share becomes unresponsive and the only way to unmount the share is to do sudo umount -lf /home/user/store After that I can mount the share once again. When I imitate using the share on client using while :; do ls /home/user/store/ && echo "OK" && sleep 3 ; done; the share remains responsive all the time and shows no problems. What tweaks(settings) on the client(server) am I missing in my setup to keep the mount point responsive? -- Best regards Maksim Rodin -- С уважением, Родин Максим
Re: help debug NFS
Hi Maxim, I ran into the problem with the nfs mounts on linux hanging a few months ago, when the Linux distro that I'm running (Void) on the NFS client dropped UDP NFS mounts. At the time I found this post that explains the situation: http://openbsd-archive.7691.n7.nabble.com/nfsd-hangs-Linux-tcp-clients-after-5-minutes-idle-td402844.html As a work around, I've set up a cron script that stat's the mount point every four minutes. That stops the mount from hanging. I hope that helps. James On Sun, Apr 11, 2021 at 2:04 AM Родин Максим wrote: > > Hello > I have an NFS server on OpenBSD 6.8 stable > which exports a folder with default settings. > I have a linux mint client which mounts a share from this NFS server > with these settings: > sudo mount -o wsize=8192,rsize=8192 192.168.1.65:/big > /home/user/store > which gives a decent speed at about 50-60MB/s both sides which seem ok > for me. > The problem is: when the mount point is not used for a while (5 minutes > and more) the share becomes unresponsive and the only way to unmount the > share is to do > sudo umount -lf /home/user/store > After that I can mount the share once again. > When I imitate using the share on client using > while :; do ls /home/user/store/ && echo "OK" && sleep 3 ; done; > the share remains responsive all the time and shows no problems. > > What tweaks(settings) on the client(server) am I missing in my setup > to keep the mount point responsive? > -- > Best regards > Maksim Rodin >
Re: help debug NFS
Hi Maxim, I cannot help you fix this as I don't have a similar set-up but I can tell you this isn't normal behaviour for NFS. You should not need to tweak anything to get a stable mount at least in my experience. It sounds like a bug somewhere to me. You could try using the gnu watch command or similar while loop to run an ls of the share from the client to confirm if it hangs after non use or after five minutes regardless of use or non-use. You could also try testing the network connection between the two machines to make sure there is no connectivity or cable problem. You could use the same while loop to run rpcinfo or showmount commands from the client and server to see if it stops working after the same delay. Someone with more knowledge of NFS might suggest some better debugging steps... Regards Ed Gray On Sun, 11 Apr 2021, 10:07 am Родин Максим, wrote: > Hello > I have an NFS server on OpenBSD 6.8 stable > which exports a folder with default settings. > I have a linux mint client which mounts a share from this NFS server > with these settings: > sudo mount -o wsize=8192,rsize=8192 192.168.1.65:/big > /home/user/store > which gives a decent speed at about 50-60MB/s both sides which seem ok > for me. > The problem is: when the mount point is not used for a while (5 minutes > and more) the share becomes unresponsive and the only way to unmount the > share is to do > sudo umount -lf /home/user/store > After that I can mount the share once again. > When I imitate using the share on client using > while :; do ls /home/user/store/ && echo "OK" && sleep 3 ; done; > the share remains responsive all the time and shows no problems. > > What tweaks(settings) on the client(server) am I missing in my setup > to keep the mount point responsive? > -- > Best regards > Maksim Rodin > >
help debug NFS
Hello I have an NFS server on OpenBSD 6.8 stable which exports a folder with default settings. I have a linux mint client which mounts a share from this NFS server with these settings: sudo mount -o wsize=8192,rsize=8192 192.168.1.65:/big /home/user/store which gives a decent speed at about 50-60MB/s both sides which seem ok for me. The problem is: when the mount point is not used for a while (5 minutes and more) the share becomes unresponsive and the only way to unmount the share is to do sudo umount -lf /home/user/store After that I can mount the share once again. When I imitate using the share on client using while :; do ls /home/user/store/ && echo "OK" && sleep 3 ; done; the share remains responsive all the time and shows no problems. What tweaks(settings) on the client(server) am I missing in my setup to keep the mount point responsive? -- Best regards Maksim Rodin
Re: [Ver3.6/3.9] Old version need help
Try ftp.nluug.nl, they seem to have everything starting with 2.0. Regards, Erik On 30-03-2021 08:28, cclai wrote: Hello, I'm Hachi, Our company’s server uses the 3.6 and 3.9 version of the system, Used for more than ten years, and there is a need to reinstall at present. I have tried the file installation on FTP and failed. Russia (Moscow) ftp://mirror.yandex.ru/pub/OpenBSD/ cd39.iso So I hope that your organization can provide an installation package "3.6 and 3.9 version" to solve the problem. It would be of great help to us. Thank you very much. Hachi
Re: [Ver3.6/3.9] Old version need help
On 2021-03-30, cclai wrote: > Hello, > > I'm Hachi, > Our company’s server uses the 3.6 and 3.9 version of the system, > Used for more than ten years, > and there is a need to reinstall at present. > > I have tried the file installation on FTP and failed. >> Russia (Moscow) ftp://mirror.yandex.ru/pub/OpenBSD/ >> cd39.iso > > So I hope that your organization can provide > an installation package "3.6 and 3.9 version" to solve the problem. > > It would be of great help to us. > Thank you very much. > > Hachi > These releases are about 15 years past end-of-life and include security vulnerabilities. See these errata pages, also many of the problems fixed in subsequent releases will also apply to the versions you mention https://www.openbsd.org/errata36.html https://www.openbsd.org/errata39.html These systems really ought to be rebuilt using something newer (additionally, such old releases are unlikely to run correctly on current hardware/VMs).
Re: [Ver3.6/3.9] Old version need help
On Tue, Mar 30, 2021 at 4:06 AM cclai wrote: > So I hope that your organization can provide > an installation package "3.6 and 3.9 version" to solve the problem. > CD copies of 3.6 and 3.9 are still available for purchase from Computer Shop of Calgary but there is an issue with their web site so you'll need to email cshop (at) computershop.ca to place an order. If you want to see a list of what's for sale, archive.org has that page: https://web.archive.org/web/20190222064326/http://computershop.ca/cgi-bin/eStore I ordered a couple of old versions myself in December to fill some gaps in my collection, so I can confirm that purchases are still possible. There is some shipping delay due to the pandemic of course, so in the short term get a copy from one of the archives that still has it. In the long term, if your organization is depending on those versions then you should have physical copies that you can keep yourself. You cannot rely on archives having old releases forever. This is especially true for packages -- even ftp.nluug.nl no longer has a complete package archive for releases 3.0, 3.1, 3.2 and 3.3. I haven't found a complete package archive for 3.0 anywhere. -ken
Re: [Ver3.6/3.9] Old version need help
You really should move to a more recent version of the OS; OpenBSD 3.6 was released in 2004, almost 17 years ago. However, the public mirror at ftp.eu.openbsd.org has older versions available for download: http://ftp.eu.openbsd.org/pub/OpenBSD/ And, once you've downloaded a release that you plan to run for all eternity, you should probably make (several) copies of the installation media that you used. Alternatively, I could sell you original versions of the 3.6 and 3.9 media (at least 3.9 is still in shrink-wrap) for a collectors edition price (proceeds to be donated to the OpenBSD foundation). Cheers, Paul 'WEiRD' de Weerd On Tue, Mar 30, 2021 at 02:28:59PM +0800, cclai wrote: | Hello, | | I'm Hachi, | Our company’s server uses the 3.6 and 3.9 version of the system, | Used for more than ten years, | and there is a need to reinstall at present. | | I have tried the file installation on FTP and failed. | > Russia (Moscow) ftp://mirror.yandex.ru/pub/OpenBSD/ | > cd39.iso | | So I hope that your organization can provide | an installation package "3.6 and 3.9 version" to solve the problem. | | It would be of great help to us. | Thank you very much. | | Hachi -- >[<++>-]<+++.>+++[<-->-]<.>+++[<+ +++>-]<.>++[<>-]<+.--.[-] http://www.weirdnet.nl/
Re: [Ver3.6/3.9] Old version need help
You shouldn't really be using 16/17-year-old operating systems that are unmaintained and potentially insecure. You really should consider migrating over to 6.8. ~miko On Tue, Mar 30, 2021 at 10:08 AM cclai wrote: > > Hello, > > I'm Hachi, > Our company’s server uses the 3.6 and 3.9 version of the system, > Used for more than ten years, > and there is a need to reinstall at present. > > I have tried the file installation on FTP and failed. > > Russia (Moscow) ftp://mirror.yandex.ru/pub/OpenBSD/ > > cd39.iso > > So I hope that your organization can provide > an installation package "3.6 and 3.9 version" to solve the problem. > > It would be of great help to us. > Thank you very much. > > Hachi
Re: [Ver3.6/3.9] Old version need help
At 14:28, cclai wrote: > So I hope that your organization can provide > an installation package "3.6 and 3.9 version" to solve the problem. Try this mirror: • https://ftp.nluug.nl/OpenBSD/3.6/ • https://ftp.nluug.nl/OpenBSD/3.9/
[Ver3.6/3.9] Old version need help
Hello, I'm Hachi, Our company’s server uses the 3.6 and 3.9 version of the system, Used for more than ten years, and there is a need to reinstall at present. I have tried the file installation on FTP and failed. > Russia (Moscow) ftp://mirror.yandex.ru/pub/OpenBSD/ > cd39.iso So I hope that your organization can provide an installation package "3.6 and 3.9 version" to solve the problem. It would be of great help to us. Thank you very much. Hachi
Re: Is there any way I can help with ath10k?
On Tue, Mar 23, 2021 at 03:13:38PM -0400, Brennan Vincent wrote: > I do not know how to write wifi drivers, but I am willing to donate hardware > or other resources if that would be helpful to someone. Please contact me if > so. I have a WIP driver which loads firmware but it can neither scan nor pass packets yet: https://git.stsp.in-berlin.de/gitweb/?p=openbsd-src.git;a=shortlog;h=refs/heads/athx There are more than enough cards in my stash which were supplied by the community. I would not mind sharing this hardware with other developers. I can collaborate if someone shows up who wants to work on this without needing a lot of my time for mentoring. Otherwise, I will pick this back up when I find time. At the moment there are other projects that are higher on my list. Cheers, Stefan
Is there any way I can help with ath10k?
I do not know how to write wifi drivers, but I am willing to donate hardware or other resources if that would be helpful to someone. Please contact me if so.
Re: Help with ssh(1) between OpenBSD and iSH/Alpine on iOS
Erling Westenvik wrote: > On Sun, Feb 07, 2021 at 11:18:31AM +0100, Stefan Hagen wrote: >> Christian Weisgerber wrote: >>> Erling Westenvik: I can ssh FROM any OpenBSD box INTO iSH on my iPhone, and once authenticated I can ssh back from there to the OpenBSD box or to any other OpenBSD or Linux box, but! -- From iSH itself (ie. "directly" from my iPhone) I can only successfully ssh to Linux boxes; if I ssh from the phone itself to any OpenBSD box I'm getting authenticated and receive a full shell prompt >>> >>> I don't think it's anything obvious. Smells like an interop problem >>> at a level above SSH to me. >> >> I tried iSH and I can successfully ssh to my OpenBSD-current box and >> do stuff there without a disconnect. > > Thank you Stefan. I tried your suggestion but to no avail. However, I > started elaborating on your assumption that it may be shell related > and when trying: > > --- > iPhone:~# ssh erling@12.34.56.78 ksh -i > ksh: No controlling tty (open /dev/tty: Device not configured) > ksh: Can't find tty file descriptor > ksh: Warning: won't have full job control > OpenBSD$ ls >... > OpenBSD$ █ > --- This is normal. SSH doesn't allocate a terminal when a command is given directly. Try `ssh -t erling@12.34.56.78 ksh -i`. Best Regards, Stefan
Re: Help with ssh(1) between OpenBSD and iSH/Alpine on iOS
On Sun, Feb 07, 2021 at 11:18:31AM +0100, Stefan Hagen wrote: > Christian Weisgerber wrote: > > Erling Westenvik: > >> I can ssh FROM any OpenBSD box INTO iSH on my iPhone, and once > >> authenticated I can ssh back from there to the OpenBSD box or to any > >> other OpenBSD or Linux box, but! -- From iSH itself (ie. "directly" from > >> my iPhone) I can only successfully ssh to Linux boxes; if I ssh from the > >> phone itself to any OpenBSD box I'm getting authenticated and receive a > >> full shell prompt > > > > Right here, I'd start ktrace(1)-ing the login shell on the OpenBSD > > box to see... > > > >> but the moment I hit Enter the client drops the connection. > > > >... what this looks like at the OpenBSD end. > > > >> I guess there must be something obvious I'm missing but for the life > >> of me I cannot figure out what. Any help is appreciated. > > > > I don't think it's anything obvious. Smells like an interop problem > > at a level above SSH to me. > > I tried iSH and I can successfully ssh to my OpenBSD-current box and do > stuff there without a disconnect. > > Instead of going through ktracing the shell, you could set your login > shell to /bin/sh for a test and try again. If this works, you know that > your shell is causing the trouble. Thank you Stefan. I tried your suggestion but to no avail. However, I started elaborating on your assumption that it may be shell related and when trying: --- iPhone:~# ssh erling@12.34.56.78 ksh -i ksh: No controlling tty (open /dev/tty: Device not configured) ksh: Can't find tty file descriptor ksh: Warning: won't have full job control OpenBSD$ ls ... OpenBSD$ █ --- the client didn't disconnect as soon as I entered my first command. Not very useful though, since the missing controlling tty won't let me do anything useful except running ls(1) and cat(1) and such. This is still an OpenBSD spesific issue as far as it only happens when trying to initiate a ssh from iSH into OpenBSD boxes (five different, ranging from current to newest release to older releases) while I can successfully initiate a ssh from iSH to any Linux box (three different so far). However: Since I can successfully initiate a ssh session from OpenBSD to the iPhone, and then successfully BACK to any OpenBSD machine, I suspect there may be some ENV-issues? Something that is set correctly when initiating the ssh session from OpenBSD, but not when initiating from iSH (but which still gets accepted by Linux)? Erling > Best Regards, > Stefan
Re: Help with ssh(1) between OpenBSD and iSH/Alpine on iOS
Christian Weisgerber wrote: > Erling Westenvik: >> I can ssh FROM any OpenBSD box INTO iSH on my iPhone, and once >> authenticated I can ssh back from there to the OpenBSD box or to any >> other OpenBSD or Linux box, but! -- From iSH itself (ie. "directly" from >> my iPhone) I can only successfully ssh to Linux boxes; if I ssh from the >> phone itself to any OpenBSD box I'm getting authenticated and receive a >> full shell prompt > > Right here, I'd start ktrace(1)-ing the login shell on the OpenBSD > box to see... > >> but the moment I hit Enter the client drops the connection. > >... what this looks like at the OpenBSD end. > >> I guess there must be something obvious I'm missing but for the life >> of me I cannot figure out what. Any help is appreciated. > > I don't think it's anything obvious. Smells like an interop problem > at a level above SSH to me. I tried iSH and I can successfully ssh to my OpenBSD-current box and do stuff there without a disconnect. Instead of going through ktracing the shell, you could set your login shell to /bin/sh for a test and try again. If this works, you know that your shell is causing the trouble. Best Regards, Stefan
Re: Help with ssh(1) between OpenBSD and iSH/Alpine on iOS
Erling Westenvik wrote: > Hi, > Last year I discovered the iSH app, "The Linux shell for iOS" > (https:/ish.app), "a project to get a Linux shell environment running > locally on your iOS device, using a usermode x86 emulator". It's an > Alpine Linux distribution with the Almquist shell (ash) as default. Hi Erling, I have been using extensively Alpine Linux as a Xen Domain 0 since BSDCan2016 due to Henning Brauer influence. There are no problems in ssh communication among OpenBSD and Alpine Linux boxes. xen1:~# more /etc/alpine-release 3.13.1 xen1:~# uname -a Linux xen1.int.autonlab.org 5.10.11-1-lts #2-Alpine SMP Fri, 29 Jan 2021 16:43:14 + x86_64 Linux xen1:~# echo $SHELL /bin/ash xen1:~# ssh au...@lnms.int.autonlab.org Host key fingerprint is SHA256:FGVw4gkiFuoDdbDg4+U/ZzyZh/pXaI//4jai+eBHzSE +---[ECDSA 256]---+ |. *oo . +o+ | |.= + . o * | |oo..+| |+ +. E . | | + .S = .| | . . . ++ + | | o Xo.+ | | * == = | | ..==.=o+. | +[SHA256]-+ au...@lnms.int.autonlab.org's password: Last login: Sat Feb 6 23:31:44 2021 from 192.168.6.4 OpenBSD 6.8 (GENERIC.MP) #4: Mon Jan 11 10:35:56 MST 2021 Welcome to OpenBSD: The proactively secure Unix-like operating system. Please use the sendbug(1) utility to report bugs in the system. Before reporting a bug, please try to reproduce it with the latest version of the code. With bug reports, please try to ensure that enough information to reproduce the problem is enclosed, and if a known fix for it exists, include that as well. lnms$ lnms$ ssh au...@xen1.int.autonlab.org au...@xen1.int.autonlab.org's password: Welcome to Alpine! The Alpine Wiki contains a large amount of how-to guides and general information about administrating Alpine systems. See <http://wiki.alpinelinux.org/>. You can setup the system with the command: setup-alpine You may change this message by editing /etc/motd. Cheers, Predrag > Nice, fun -- and useful! -- but one thing puzzles me and prevents me > from utilizing the full potential of the app: > > I can ssh FROM any OpenBSD box INTO iSH on my iPhone, and once > authenticated I can ssh back from there to the OpenBSD box or to any > other OpenBSD or Linux box, but! -- From iSH itself (ie. "directly" > from my iPhone) I can only successfully ssh to Linux boxes; if I ssh > from the phone itself to any OpenBSD box I'm getting authenticated and > receive a full shell prompt but the moment I hit Enter the client > drops the connection. > > Summarized: > > ssh FAILS from iSH > to OpenBSD > ssh WORKS from iSH > to Linux > ssh WORKS from OpenBSD > to iSH (and from iSH (back) to Linux/OpenBSD) > > I guess there must be something obvious I'm missing but for the life > of me I cannot figure out what. Any help is appreciated. > > Not sure what logs, if any, I should supply. Running ssh -v[vv] > (verbose) doesnt yield any difference between working and non-working > connections, and it's the same with /var/log/auth.log as far as I can > see. > > Cheers, > Erling
Re: Help with ssh(1) between OpenBSD and iSH/Alpine on iOS
Erling Westenvik: > I can ssh FROM any OpenBSD box INTO iSH on my iPhone, and once > authenticated I can ssh back from there to the OpenBSD box or to any > other OpenBSD or Linux box, but! -- From iSH itself (ie. "directly" from > my iPhone) I can only successfully ssh to Linux boxes; if I ssh from the > phone itself to any OpenBSD box I'm getting authenticated and receive a > full shell prompt Right here, I'd start ktrace(1)-ing the login shell on the OpenBSD box to see... > but the moment I hit Enter the client drops the connection. ... what this looks like at the OpenBSD end. > ssh FAILS from iSH > to OpenBSD > ssh WORKS from iSH > to Linux > ssh WORKS from OpenBSD > to iSH (and from iSH (back) to Linux/OpenBSD) > > I guess there must be something obvious I'm missing but for the life of > me I cannot figure out what. Any help is appreciated. I don't think it's anything obvious. Smells like an interop problem at a level above SSH to me. -- Christian "naddy" Weisgerber na...@mips.inka.de
Help with ssh(1) between OpenBSD and iSH/Alpine on iOS
Hi, Last year I discovered the iSH app, "The Linux shell for iOS" (https:/ish.app), "a project to get a Linux shell environment running locally on your iOS device, using a usermode x86 emulator". It's an Alpine Linux distribution with the Almquist shell (ash) as default. Nice, fun -- and useful! -- but one thing puzzles me and prevents me from utilizing the full potential of the app: I can ssh FROM any OpenBSD box INTO iSH on my iPhone, and once authenticated I can ssh back from there to the OpenBSD box or to any other OpenBSD or Linux box, but! -- From iSH itself (ie. "directly" from my iPhone) I can only successfully ssh to Linux boxes; if I ssh from the phone itself to any OpenBSD box I'm getting authenticated and receive a full shell prompt but the moment I hit Enter the client drops the connection. Summarized: ssh FAILS from iSH > to OpenBSD ssh WORKS from iSH > to Linux ssh WORKS from OpenBSD > to iSH (and from iSH (back) to Linux/OpenBSD) I guess there must be something obvious I'm missing but for the life of me I cannot figure out what. Any help is appreciated. Not sure what logs, if any, I should supply. Running ssh -v[vv] (verbose) doesnt yield any difference between working and non-working connections, and it's the same with /var/log/auth.log as far as I can see. Cheers, Erling
Re: help needed with httpd.conf and rewrite directive
Yeah, or that... I realized that after but didn't want to double post.
I emailed Kevin off-list to mention that the "/" character isn't special so
it doesn't need to be escaped so Edgar's example can be modified to:
location match "^/sendy/l/([%w/]+)$" {
request rewrite "/sendy/l.php?i=$1"
I didn't hear back if it worked or not though.
John
On Thu, Jan 7, 2021 at 2:44 PM Christian Weisgerber
wrote:
> On 2021-01-07, John McGuigan wrote:
>
> > httpd's regex is based on Lua's, the following site will help you figure
> it out:
>
> Or, you know, the patterns(7) man page.
>
> --
> Christian "naddy" Weisgerber na...@mips.inka.de
>
>
Re: help needed with httpd.conf and rewrite directive
On 2021-01-07, John McGuigan wrote: > httpd's regex is based on Lua's, the following site will help you figure it > out: Or, you know, the patterns(7) man page. -- Christian "naddy" Weisgerber na...@mips.inka.de
Re: help needed with httpd.conf and rewrite directive
httpd's regex is based on Lua's, the following site will help you figure it out:
https://riptutorial.com/lua/example/20315/lua-pattern-matching
Keep in mind that this list isn't really tolerant of those who just
want pre-packaged solutions, you'll have to put in some elbow work.
On Wed, Jan 6, 2021 at 6:20 PM Kevin wrote:
>
> Thanks Edgar,
>
> Unfortunately, still no dice.
>
> Maybe there's a bona fide expert who can chime in and pull my ass from the
> fire here. :-)
>
> Kevin
>
> On Wed, Jan 6, 2021 at 3:46 PM Edgar Pettijohn
> wrote:
>
> > On Wed, Jan 06, 2021 at 02:12:40PM -0800, Kevin wrote:
> > > Hey gang,
> > >
> > > I'm trying to setup some rewrites in httpd that are needed to make some
> > > software we just purchased work.
> > >
> > > The vendor's official docs only support nginx and apache, and I'm having
> > a
> > > helluva time understanding how to make them work in our beloved OpenBSD.
> > >
> > > Below is the nginx sample they provide.
> > >
> > > Anyone with some httpd rewrite foo mind whacking me with a clue stick on
> > > how to accomplish this purty please?
> > >
> > > Thanks,
> > > Kevin
> > >
> > >location /sendy/l/ {
> > > rewrite ^/sendy/l/([a-zA-Z0-9/]+)$ /sendy/l.php?i=$1 last;
> > > }
> >
> > I'm not an expert, but I would try:
> >
> > location match "^/sendy/l/([%w\/]+)$" {
> > request rewrite "/sendy/l.php?i=$1"
> > }
> >
> > good luck
> >
> > Edgar
> >
> >
Re: help needed with httpd.conf and rewrite directive
Thanks Edgar,
Unfortunately, still no dice.
Maybe there's a bona fide expert who can chime in and pull my ass from the
fire here. :-)
Kevin
On Wed, Jan 6, 2021 at 3:46 PM Edgar Pettijohn
wrote:
> On Wed, Jan 06, 2021 at 02:12:40PM -0800, Kevin wrote:
> > Hey gang,
> >
> > I'm trying to setup some rewrites in httpd that are needed to make some
> > software we just purchased work.
> >
> > The vendor's official docs only support nginx and apache, and I'm having
> a
> > helluva time understanding how to make them work in our beloved OpenBSD.
> >
> > Below is the nginx sample they provide.
> >
> > Anyone with some httpd rewrite foo mind whacking me with a clue stick on
> > how to accomplish this purty please?
> >
> > Thanks,
> > Kevin
> >
> >location /sendy/l/ {
> > rewrite ^/sendy/l/([a-zA-Z0-9/]+)$ /sendy/l.php?i=$1 last;
> > }
>
> I'm not an expert, but I would try:
>
> location match "^/sendy/l/([%w\/]+)$" {
> request rewrite "/sendy/l.php?i=$1"
> }
>
> good luck
>
> Edgar
>
>
Re: help needed with httpd.conf and rewrite directive
On Wed, Jan 06, 2021 at 02:12:40PM -0800, Kevin wrote:
> Hey gang,
>
> I'm trying to setup some rewrites in httpd that are needed to make some
> software we just purchased work.
>
> The vendor's official docs only support nginx and apache, and I'm having a
> helluva time understanding how to make them work in our beloved OpenBSD.
>
> Below is the nginx sample they provide.
>
> Anyone with some httpd rewrite foo mind whacking me with a clue stick on
> how to accomplish this purty please?
>
> Thanks,
> Kevin
>
>location /sendy/l/ {
> rewrite ^/sendy/l/([a-zA-Z0-9/]+)$ /sendy/l.php?i=$1 last;
> }
I'm not an expert, but I would try:
location match "^/sendy/l/([%w\/]+)$" {
request rewrite "/sendy/l.php?i=$1"
}
good luck
Edgar
help needed with httpd.conf and rewrite directive
Hey gang,
I'm trying to setup some rewrites in httpd that are needed to make some
software we just purchased work.
The vendor's official docs only support nginx and apache, and I'm having a
helluva time understanding how to make them work in our beloved OpenBSD.
Below is the nginx sample they provide.
Anyone with some httpd rewrite foo mind whacking me with a clue stick on
how to accomplish this purty please?
Thanks,
Kevin
location /sendy/l/ {
rewrite ^/sendy/l/([a-zA-Z0-9/]+)$ /sendy/l.php?i=$1 last;
}
Re: Seeking help creating an OpenBSD/OpenIKED alternative to the Algo VPN
On Sun, Dec 06, 2020 at 05:31:13PM +, Kyle Jensen said unto me: > I am not an OpenBSD/OpenIKED pro and I'd very much appreciate collaborating > with willing souls who, like me, could use an OpenBSD-based road warrior > VPN. OpenBSD and OpenIKED are really quite easy to understand if you take some time to read the really quite well maintained man pages. OpenIKED is in the base system so there is literally nothing you need to do beyond install the system and configure it for your application. I've written a little bit about how I achieve a road warrior configuration with OpenIKED for my macOS and iOS devices. https://www.going-flying.com/blog/protecting-my-macos-and-ios-devices-with-an-openbsd-vpn.html That being said, iked.conf(5) and iked(8) have most of what you need. --Matt -- Matthew Ernisse m...@going-flying.com https://www.going-flying.com/
Seeking help creating an OpenBSD/OpenIKED alternative to the Algo VPN
Hi, I'm working on an Ansible role to help me provision road-warrior style IKEv2 VPNs using OpenIKED and OpenBSD. I'd like this to be similar to Algo https://github.com/trailofbits/algo. You can see what I started here: https://github.com/kljensen/hetun-vpn My progress thus far is as follows. I can use that Ansible role to provision a fresh 6.8 machine (usually on Vultr). The provisioning process creates .mobileconfig files for importing on iOS and Mac OS so that I can connect to OpenIKED, routing all my network traffic through the vpn. The role also includes optional ad-blocking using unbound (though, perhaps it shouldn't). I am not an OpenBSD/OpenIKED pro and I'd very much appreciate collaborating with willing souls who, like me, could use an OpenBSD-based road warrior VPN. Sincerely, Kyle
Re: Relayd Help Needed
On Sat, Nov 07, 2020 at 09:56:29PM +0100, Sebastian Benoit wrote:
> Lari Huttunen(open...@huttu.net) on 2020.11.07 15:01:04 +:
> > On Sat, Nov 07, 2020 at 08:29:12AM +, Lari Huttunen wrote:
> > > Cheers!
> >
> > The only downside is that for unknown request types I still get a
> > 500 from relayd. For example:
> >
> > $ curl -i -X WHATNOT https://www.huttu.net
> > HTTP/1.0 500 Internal Server Error
> > Date: Sat, 07 Nov 2020 14:55:32 GMT
> > Server: OpenBSD relayd
> > Connection: close
> > Content-Type: text/html
> > Content-Length: 442
> >
> > Is that the intended behavior?
>
> Yes,
>
> see relay_read_http() in relay_http.c.
>
> Unknown http methods reult in a 500 error.
OK, the way I read the HTTP specification, the more suitable responses might be
either:
400 BAD Request: https://tools.ietf.org/html/rfc7231#section-6.5.1
The 400 (Bad Request) status code indicates that the server cannot or
will not process the request due to something that is perceived to be
a client error (e.g., malformed request syntax, invalid request
message framing, or deceptive request routing).
501 Not Implemented: https://tools.ietf.org/html/rfc7231#section-6.6.2
The 501 (Not Implemented) status code indicates that the server does
not support the functionality required to fulfill the request. This
is the appropriate response when the server does not recognize the
request method and is not capable of supporting it for any resource.
A 501 response is cacheable by default; i.e., unless otherwise
indicated by the method definition or explicit cache controls (see
Section 4.2.2 of [RFC7234]).
> > > * ability to control the behavior of relayd based on the response
> > >code from the backend IPFS web server, e.g. upon a 404, redirecting to
> > >generic 404 page on the httpd.
> >
> > So what remains missing is the ability to control the responses
> > back to the client in a controlled manner.
> >
> > Does anyone have a recipe for this, please?
>
> You should be able to set a Location header on a response:
>
> match response header set "Location" value "https://something; tagged "FOO"
Unfortunately this does not work, or at least I was unable to make it work,
as the matching above is tied to the response header, not the response code,
which not a header, but a status-line.
I did try a different approach in the relay section, but it failed in a
different way as it does not seem to be intended for my use case:
table { $private }
table disable { $private }
# Check for 200 and then use a fallback that is routed to
# httpd.
forward to port 8080 check http "/" code 200
forward to port 8081
It works as long as the front-end code results in 200 vs. 404. In reality,
modern (static) web page response codes are more dynamic. I observed the
following valid response codes in addition to 200, which broke my
test setup above:
304 Not modified: https://tools.ietf.org/html/rfc7232#section-4.1
307 Temporary redirect: https://tools.ietf.org/html/rfc7231#section-6.4.7
204 No Content: https://tools.ietf.org/html/rfc7231#section-6.3.5
Is there a way to just catch the 404 responses from the backend instead
of trying whitelist the valid responses?
The way I understand it is that relayd is capable of altering the behavior
based on the response headers, but not the response status-line, which
precedes it.
https://tools.ietf.org/html/rfc7230#section-3.1.2
Have I misunderstood something?
Best regards,
Lari Huttunen
--
"See the unseen."
Re: Relayd Help Needed
Lari Huttunen(open...@huttu.net) on 2020.11.07 15:01:04 +: > On Sat, Nov 07, 2020 at 08:29:12AM +, Lari Huttunen wrote: > > Cheers! > > > In practice, what I'm struggling with is the: > > > > * ability to control the requests or responses by HTTP method, i.e. > >only allowing GET by default and access controlling POST and PUT > > It turned out that filtering the requests per method was possible > at least as follows: > > match request method "GET" tag "REQ_OK" > block request > pass tagged "REQ_OK" > > $ curl -i -X GET https://www.huttu.net > HTTP/1.1 200 OK > > $ curl -i -X POST https://www.huttu.net > HTTP/1.0 403 Forbidden > Date: Sat, 07 Nov 2020 14:53:20 GMT > Server: OpenBSD relayd > Connection: close > Content-Type: text/html > Content-Length: 427 > > The only downside is that for unknown request types I still get a > 500 from relayd. For example: > > $ curl -i -X WHATNOT https://www.huttu.net > HTTP/1.0 500 Internal Server Error > Date: Sat, 07 Nov 2020 14:55:32 GMT > Server: OpenBSD relayd > Connection: close > Content-Type: text/html > Content-Length: 442 > > Is that the intended behavior? Yes, see relay_read_http() in relay_http.c. Unknown http methods reult in a 500 error. > > > * ability to control the behavior of relayd based on the response > >code from the backend IPFS web server, e.g. upon a 404, redirecting to > >generic 404 page on the httpd. > > So what remains missing is the ability to control the responses > back to the client in a controlled manner. > > Does anyone have a recipe for this, please? You should be able to set a Location header on a response: match response header set "Location" value "https://something; tagged "FOO" > Best regards, > > Lari Huttunen > -- > "See the unseen." > --
Re: Relayd Help Needed
On Sat, Nov 07, 2020 at 08:29:12AM +, Lari Huttunen wrote: > Cheers! > In practice, what I'm struggling with is the: > > * ability to control the requests or responses by HTTP method, i.e. >only allowing GET by default and access controlling POST and PUT It turned out that filtering the requests per method was possible at least as follows: match request method "GET" tag "REQ_OK" block request pass tagged "REQ_OK" $ curl -i -X GET https://www.huttu.net HTTP/1.1 200 OK $ curl -i -X POST https://www.huttu.net HTTP/1.0 403 Forbidden Date: Sat, 07 Nov 2020 14:53:20 GMT Server: OpenBSD relayd Connection: close Content-Type: text/html Content-Length: 427 The only downside is that for unknown request types I still get a 500 from relayd. For example: $ curl -i -X WHATNOT https://www.huttu.net HTTP/1.0 500 Internal Server Error Date: Sat, 07 Nov 2020 14:55:32 GMT Server: OpenBSD relayd Connection: close Content-Type: text/html Content-Length: 442 Is that the intended behavior? > * ability to control the behavior of relayd based on the response >code from the backend IPFS web server, e.g. upon a 404, redirecting to >generic 404 page on the httpd. So what remains missing is the ability to control the responses back to the client in a controlled manner. Does anyone have a recipe for this, please? Best regards, Lari Huttunen -- "See the unseen."
Relayd Help Needed
Cheers! I wanted to try to learn more about relayd and use it as a reverse proxy in front httpd and a GO implementation called go_ipfs. The setup is as follows: * httpd is used for acme + http -> https redirects * go_ipfs is used to serve the static websites. I have the setup working quite ok for the most part and those curious can read my write-up here: https://www.huttu.net/posts/web/ All feedback, comments will be appreciated, since I'm not yet very well versed in the art of relayd. (A special shout-out to Aaron D. Parks, who had written a good how-to which helped me a lot in this task. https://parksdigital.com/httpd-and-relayd-on-openbsd.html) In practice, what I'm struggling with is the: * ability to control the requests or responses by HTTP method, i.e. only allowing GET by default and access controlling POST and PUT * ability to control the behavior of relayd based on the response code from the backend IPFS web server, e.g. upon a 404, redirecting to generic 404 page on the httpd. I'm running OpenBSD 6.8 and am wondering if what I'm attempting to do is possible with the current version of relayd? Thanks in advance! Lari Huttunen -- "See the unseen."
Re: help me to create hostname.wg
On Fri, Oct 30, 2020 at 12:07 PM kasak wrote: > $ wg showconf wg0 > [Interface] > ListenPort = 9022 > > why the keys is not configured? You're not root.
Re: help me to create hostname.wg
30.10.2020 19:18, Josh Grosse пишет: On Fri, Oct 30, 2020 at 07:05:51PM +0300, kasak wrote: hello misc. I'm trying to create wg interface, but have no luck. Here is my /etc/hostname.wg0: $ cat /etc/hostname.wg0 inet 10.0.0.1/24 wgkey wgpeer wgaip 10.0.0.2 after running doas sh /etc/netstart wg0 i have: $ ifconfig wg0 wg0: flags=80c3 mtu 1420 ?? index 6 priority 0 llprio 3 ?? wgport 9022 ?? groups: wg ?? inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255 and: $ wg showconf wg0 [Interface] ListenPort = 9022 why the keys is not configured? The keys only show in ifconfig(8) output when you run it as the superuser. Brilliant! It works! Thank you :)
help me to create hostname.wg
hello misc. I'm trying to create wg interface, but have no luck. Here is my /etc/hostname.wg0: $ cat /etc/hostname.wg0 inet 10.0.0.1/24 wgkey wgpeer wgaip 10.0.0.2 after running doas sh /etc/netstart wg0 i have: $ ifconfig wg0 wg0: flags=80c3 mtu 1420 index 6 priority 0 llprio 3 wgport 9022 groups: wg inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255 and: $ wg showconf wg0 [Interface] ListenPort = 9022 why the keys is not configured?
Re: VMM Debian guest serial setup help needed
On Sat, 2020-07-18 at 10:46 +0200, Benjamin Baier wrote:
> On Fri, 17 Jul 2020 23:50:06 -0700
> Aaron Miller <
> aa...@iforgotmy.name
> > wrote:
>
> > On Fri, 2020-06-12 at 17:46 -0400, George wrote:
> > > On 2020-06-12 11:17 a.m., George wrote:
> > > > [...]
> >
> > Hey George,
> >
> > I don't know if you resolved this, but I was able to get
> > further
> > than this loosely following Benjamin's instructions. I skipped
> > the part about the virtio-modules which doesn't seem to be
> > necessary now (and the link is 404 now anyway).
> >
> > I was able to go through the menu (starting with Install, and
> > skipping the modprobe commands) but DHCP didn't work, and I'm
> > not sure what's broken.
> >
> > To answer your question, you need to press Esc _after_
> > selecting Install. Maybe that's why you saw the "boot>"
> > prompt.
> >
> > It worked for me and I just ran lsmod since I didn't have any
> > modules to insert:
> >
> > ~ # lsmod
> > Module Size Used by
> > virtio_blk 20480 0
> > virtio_net 32768 0
> > virtio_pci 24576 0
> > virtio_ring24576 3
> > virtio_blk,virtio_net,virtio_pci
> > virtio 16384 3
> > virtio_blk,virtio_net,virtio_pci
> >
> > I hope this helps, and please let me know if you or anyone
> > else
> > has an idea of why DHCP isn't working in the guest VM.
>
> With the virtio modules now included in the installer you can
> skip my
> tutorial. You only need to change bootparameters in GRUB to pass
> vga=off console=ttyS0,115200n8 to the linux kernel.
OK good to know, thanks. I was unaware that the boot parameters
could be specified there rather than by editing TXT.CFG in the
boot image.
> As for DHCP, it depends on your config: is pf blocking DHCP
> traffic?
No.
> is the bridge/switch interface set up correctly?
Perhaps not. I tried a variety of things with bridge0, like
attempting to add my host's egress interface (iwm0) to it,
resulting in a "Device busy" error. I also tried creating a vether
device and attaching that, as described in the Virtualization FAQ.
Using tcpdump on tap0, I was able to see bootp and arp packets
coming from the guest. I did not see any replies from the host
though. Running tcpdump on bridge0 did not show any packets no
matter what I tried.
> is sysctl net.inet.ip.{m,}forwarding set to 1?
Yes.
> do you use vmctl -L (local interface)?
>
I tried -L but vmctl didn't seem to like that in combination with
a VM specified in vm.conf. I also tried replacing 'interface {
switch "uplink" }' with 'local interface' but that didn't seem to
make a difference.
Thanks for the help so far!
--Aaron
Re: VMM Debian guest serial setup help needed
On Fri, 17 Jul 2020 23:50:06 -0700
Aaron Miller wrote:
> On Fri, 2020-06-12 at 17:46 -0400, George wrote:
> > On 2020-06-12 11:17 a.m., George wrote:
> > > On 2020-06-10 4:15 p.m., Benjamin Baier wrote:
> > > > On Wed, 10 Jun 2020 14:36:46 -0400
> > > > George <
> > > > g.lis...@nodeunit.com
> > > > > wrote:
> > > >
> > > > > Hi guys,
> > > > >
> > > > > I apologize if this maybe out of topic even though it is
> > > > > truly related
> > > > > to VMM than Debian.
> > > > >
> > > > > I am trying to setup a VMM Debian based guest but I'm not
> > > > > able to
> > > > > get it
> > > > > to work. I found some description on the web about which
> > > > > settings to
> > > > > edit in grub.cfg to enable the serial console and created
> > > > > a VM with
> > > > > 10.3
> > > > > in qcow2 disk format in KVM. Now I am trying to start the
> > > > > same on
> > > > > OpenBSD 6.7 but keep getting the connected message and
> > > > > then just
> > > > > "Rebooting " after I hit some keyboard keys seems like
> > > > > baud rate issue
> > > > > but not sure.
> > > >
> > > > Don't need the KVM/qemu step.
> > >
> > > Didn't know that was possible, much better thanks :)
> > > > > After messing with it for a while now I am getting a new
> > > > > error:
> > > > >
> > > > > vmctl: could not open disk image(s)
> > > >
> > > > Better start over.
> > >
> > > And so I did ...
> > > > > even thought the disk is there and readable to the user I
> > > > > have setup in
> > > > > vm.conf in fact I have another VM with the same
> > > > > configuration and disk
> > > > > with the same permissions and in the same location that
> > > > > works (it is
> > > > > OpenBSD based).
> > > > >
> > > > > I would greatly appreciate it if someone has gone this
> > > > > path and can
> > > > > share some config info with me.
> > > >
> > > > Here is how I got debian 9 (stretch) installed.
> > > > http://www.netzbasis.de/openbsd/vmd-debian/index.html
> > > >
> > > > I think the virtio-modules are now included in the debian 10
> > > > (buster)
> > > > installer, but not tested.
> I believe I can confirm this. See below.
>
> > > >
> > >
> > > I am trying your preped boot.img so far going through install
> > > options
> > > most of which lead to:
> > >
> > > Loading linux... ok
> > > Loading initrd.gz...ok
> > > Probing EDD (edd=off to disable)... ok
> > > Undefined video mode number: 314
> > > Press to see video modes available, to
> > > continue, or
> > > wait 30 sec
> > > Mode: Resolution: Type:
> > > 0 F00 80x25 CGA/MDA/HGC
> > > Enter a video mode or "scan" to scan for additional modes:
> > >
> > > trying Install which I thought would be best (2-nd one after
> > > Graphical
> > > Install) hangs with:
> > >
> > > [0.00] ACPI BIOS Error (bug): A valid RSDP was not
> > > found
> > > (20160831/tbxfroot-244)
> > > [0.806052] Initramfs unpacking failed: write error
> > > [0.814403] [Firmware Bug]: cpu 0, invalid IBS interrupt
> > > offset 0
> > > (MSRC001103A=0x)
> > > [1.852264] mce: Unable to init device /dev/mcelog (rc: -5)
> > >
> > > Thanks for your help and the page!
> >
> >
> > I tried a few more times still no luck. What is the key
> > combination I
> > need to use to get into a shell to load the modules. Hitting Esc
> > puts me
> > into boot> program which does not understand module handling
> > etc.. and
> > the menu does not let me to run a shell. I am missing something
> > ...?
> >
> > Thanks!
> >
>
> Hey George,
>
> I don't know if you resolved this, but I was able to get further
> than this loosely following Benjamin's instructions. I skipped the part about
> the virtio-modules which doesn't seem to be necessary now (and the link is
> 404 now anyway).
>
> I was able to go through the menu (starting with Install, and skipping the
> modprobe commands) but DHCP didn't work, and I'm not sure what's broken.
>
> To answer your question, you need to press Esc _after_ selecting Install.
> Maybe that's why you saw the "boot>" prompt.
>
> It worked for me and I just ran lsmod since I didn't have any modules to
> insert:
>
> ~ # lsmod
> Module Size Used by
> virtio_blk 20480 0
> virtio_net 32768 0
> virtio_pci 24576 0
> virtio_ring24576 3 virtio_blk,virtio_net,virtio_pci
> virtio 16384 3 virtio_blk,virtio_net,virtio_pci
>
> I hope this helps, and please let me know if you or anyone else
> has an idea of why DHCP isn't working in the guest VM.
With the virtio modules now included in the installer you can skip my
tutorial. You only need to change bootparameters in GRUB to pass
vga=off console=ttyS0,115200n8 to the linux kernel.
As for DHCP, it depends on your config: is pf blocking DHCP traffic?
is the bridge/switch interface set up correctly?
is sysctl net.inet.ip.{m,}forwarding set to 1?
do you use vmctl -L (local interface)?
