Re: OpenBSD projects
Nice list. Also: file(1), rcs(1), sdiff(1), bgplg(8) On Thu, Jul 23, 2015 at 09:56:14PM -0700, jungle Boogie wrote: On 28 December 2014 at 15:14, Ingo Schwarze schwa...@usta.de wrote: Hi, as this request met quite a bit of interest, i have drafted a list at this *temporary* URI: http://mdocml.bsd.lv/openbsd_projects.html If developers want it, moving it to the OpenBSD web site would be fine with me. Looks like doas, tame and resflash need to be added! What about rcctl? Nice work, devs! -- --- inum: 883510009027723 sip: jungleboo...@sip2sip.info xmpp: jungle-boo...@jit.si
Re: vpn performance - C2750 vs C2758
Axton axton.grams at gmail.com writes: On Tue, Jan 27, 2015 at 2:24 PM, Stuart Henderson stu at spacehopper.org wrote: On 2015-01-27, Adam Thompson athompso at athompso.net wrote: On 2015-01-27 02:58 AM, Stuart Henderson wrote: On 2015-01-26, Christian Weisgerber naddy at mips.inka.de wrote: I don't think we support Quick Assist, whatever that is. correct. [...] It doesn't look like something we can use easily. FWIW, I just read that Netgate (i.e. pfSense) committed QuickAssist crypto accel support into FreeBSD 10.2 [possibly a private branch??] for some ciphers. Apologies, but I'm completely failing to find the message that mentioned it on the pfSense mailing list, right now. I don't know enough about FreeBSD's cryptodev engine to know if any of that work can be used here. One problem with that codebase is that it's US crypto. This pdf from Intel makes reference to OCF-Linux, a Linux port of the OpenBSD/FreeBSD Cryptographic Framework (OCF) as it relates to QuickAssist. http://www.intel.com/content/dam/www/public/us/en/documents/white- papers/communications-quick-assist-paper.pdf From what I am seeing, there is a Kernel module and userland pieces available for Linux and FreeBSD to support this capability. In addition to Stuart's point on the US crypto code base as it relates to export restrictions, it is also hardware designed by a US company for strong crypto. Axton Intel QuickAssist could also only be used for the compression stuff without crypto things, so it is not touched by the US export regulations and will not bringing you in trouble as I see it right, and yes for sure there must be something that can be used by OpenBSD to gain more compression likes for; - Apache webservers - speeding up Snort - Point to Point links over the Internet - Tape compression - Backup compression - benefit Load balancers (ARPbalance over CARP) - Storage file compression/decompression And no adapters are needed if you are using Intel CPUs or SoCs with support for QuickAssist technology. Would be great to speed up also things such - VPN connections - OpenVPN connections - S/FTP up- and downloads The linux guys at todays go an easy way by shooting a used Comtech AHA636PCIe adapter and gaining up to 5 GBit/s either to speed up Apache webservers or OpenVPN connections, easy to shoot a eBay for $30 bucks. So this can be a benefit to support QuickAssist because no extra hardware to buy is needed!
Re: elementary opensmtpd setting on rental server
hi all . i write up at http://aoiyuma.mydns.jp/mydns-MS.html for comvinience . perhaps it has some errors. please point out them . in english translation , https://translate.google.co.jp/translate?sl=jatl=enjs=yprev=_thl=jaie=UTF-8u=http%3A%2F%2Faoiyuma.mydns.jp%2Fmydns-MS.htmledit-text= without openbsd fellow's , i remain postfix and struggle . opensmtpd is simple ant talentful and beautiful . -- regards tuyosi
Re: Alleged OpenSSH bug
On Thu, 23 Jul 2015 18:12:28 -0400 Garance A Drosehn wrote: to write software defensively if you want PAM to not fuck you over. It happens that I'm setting up some new (to me) RHEL 7 systems right now, and way too much time has been spent fighting with PAM (and I'm not done yet). So I'll energetically agree with everything Marc says here. Just a few days ago I was talking with one of other systems-programmers here at RPI saying how all of PAM should be ripped out and done over. We happened to be talking about a different failure scenario, but it (PAM) has always been a headache for me, almost every time I've dealt with it. Actually it is perfectly well engineered to bring in support revenues to RedHat. Forgive my cynicism but I wouldn't be surprised, I also wouldn't be surprised if banks probably changed the contactless cards design in the UK *after* the security audit and refused to fix it for over two years before apple paid news agencies to make a fuss upon release of apple pay because banks want large fraud numbers to give them somewhere to hide their own financial engineering and may have to invent some new fraud causing systems if forced to fix the blatant idiocy. p.s. The guidance is to use pubkey or long passwords in which case you should either have no problem or notice the cpu cycles if your an admin worth any salt.
Sluggish/laggy browser behaviour
Hi, I'm running the 19 July snapshot and am experiencing laggy tab behaviour in both Chromium and Firefox. Specifically, when opening and closing tabs I regularly experience noticeable and irritating pauses. The system is a thinkpad X220T with an i7 and 8 GB of memory, and under different operating systems tabbing performance is acceptable. Has anyone experienced similar? dmesg follows: OpenBSD 5.8-beta (GENERIC.MP) #1171: Sun Jul 19 19:03:27 MDT 2015 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8451125248 (8059MB) avail mem = 819168 (7811MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xdae9c000 (66 entries) bios0: vendor LENOVO version 8DET69WW (1.39 ) date 07/18/2013 bios0: LENOVO 4298W2E acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SLIC SSDT SSDT SSDT HPET APIC MCFG ECDT ASF! TCPA SSDT SSDT UEFI UEFI UEFI acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP4(S4) EXP7(S4) EHC1(S3) EHC2(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz, 2691.61 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz, 2691.26 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz, 2691.26 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 1, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i7-2620M CPU @ 2.70GHz, 2691.26 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpiec0 at acpi0 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG_) acpiprt2 at acpi0: bus 2 (EXP1) acpiprt3 at acpi0: bus 3 (EXP2) acpiprt4 at acpi0: bus 5 (EXP4) acpiprt5 at acpi0: bus 13 (EXP5) acpiprt6 at acpi0: bus -1 (EXP7) acpicpu0 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS acpicpu1 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS acpicpu2 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS acpicpu3 at acpi0: C3(350@104 io@0x415), C1(1000@1 halt), PSS acpipwrres0 at acpi0: PUBS, resource for EHC1, EHC2 acpitz0 at acpi0: critical temperature is 99 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpibat0 at acpi0: BAT0 model 42T4879 serial 14468 type LION oem SANYO acpibat1 at acpi0: BAT1 not present acpiac0 at acpi0: AC unit online acpithinkpad0 at acpi0 acpidock0 at acpi0: GDCK not docked (0) cpu0: Enhanced SpeedStep 2691 MHz: speeds: 2701, 2700, 2400, 2200, 2000, 1800, 1600, 1400, 1200, 1000, 800 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 Intel Core 2G Host rev 0x09 vga1 at pci0 dev 2 function 0 Intel HD Graphics 3000 rev 0x09 intagp at vga1 not configured inteldrm0 at vga1 drm0 at inteldrm0 inteldrm0: 1366x768 wsdisplay0 at vga1 mux 1: console (std, vt100 emulation) wsdisplay0: screen 1-5 added (std, vt100 emulation) Intel 6 Series MEI rev 0x04 at pci0 dev 22 function 0 not configured puc0 at pci0 dev 22 function 3 Intel 6 Series KT rev 0x04: ports: 1 com com4 at puc0 port 0 apic 2 int 19: ns16550a, 16 byte fifo com4: probed fifo depth: 0 bytes em0 at pci0 dev 25 function 0 Intel 82579LM rev 0x04: msiem0: Hardware Initialization Failedem0: Unable to initialize the hardware ehci0 at pci0 dev 26 function 0 Intel 6 Series USB rev 0x04:
bgpd and friends
Hello list, Just curious if the message passing framework developed by claudio@ and henning@ is documented somehow. may be there is some skeleton so I would fill it with my code? I am going to start a project, and in my vision it will lay on the technology very well. in other words I'm looking for some hints on how to write daemons following the same architecture as bgpd and other openbsd network daemons. Thanks. -- With best regards, Gregory Edigarov
Re: Alleged OpenSSH bug
Em 24-07-2015 14:27, Kevin Chadwick escreveu: The guidance is to use pubkey or long passwords in which case you should either have no problem or notice the cpu cycles if your an admin worth any salt. There are tons of info regarding OpenSSH best practices. The link bellow [1] is one of them. I personally let my servers with only the state of the art, which currently is ed25519 for both PubKeys and HostKeys, chacha for cipher, curve25519 for kex and hmac-etm for mac. [1] https://wiki.mozilla.org/Security/Guidelines/OpenSSH
Re: Building Tor with libevent 2.x (from ports)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 https://trac.torproject.org/projects/tor/ticket/16651 -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJVski/AAoJEFv7XvVCELh0BkkQALoK6yMEqEAqF8VKpESTxDop joWwFTaylYakHGF3HqILE4/P7T6uqZIz+8xCnNwM0p1LRPMpL/AVvh4/tRa4L/z2 pmFTBRzdILrlSE0VngVbJhnsDGnNjCTUXCJhTHh2wKAPDCewOUhEXOey53Tc82ZF 2GJH+Uj+J/mmnIJo4mKERcMcHqAMNID25nFmv4Xid7eYhq3XRS/SMT6wuYJPm59N 7pGFk2kfNQeBb4YcIHvYsKB5We/VBSOrwF97/cd/bdD8I6345snsNyOaQZKs4tXp wUeSHtLrCp4twlmA1HZmUqbjxGvG26nXebwvxvOlANhzcwHH8WbIv63YCusiAy3f SZd4G8xU9pzp6aEIEMfiVtViLxMxkXesdjYiCI0lQIiLmx9GzPDJCnlrnat3Y2L8 1LhB/O1Gf8/B5wnkTAvATlC5jlp3gJfk9AnTZY7onrc1x4mHMJKXsKVnM8Fozaa7 kM21EcK37FDqNUgXu4tzAF9bVZVcojAdUE8zXtE3OqMXwsA1wHS4yOHy4CvR5q0W MC0ntzURPiOAXlmXBVjYpfHXOeJmDp5u0FjL3XAd1eOU580eF2gf6iZ2j7Ou/Top L3l0mb+TOjlE23hiqbLRY4+VuL/0uo++pO/KFdW+ochWjBFL6DZjyzy+jzwMDXOI MQ9Q+6ARHl6avxksDI1E =SBxX -END PGP SIGNATURE-
Re: Alleged OpenSSH bug
Em 23-07-2015 18:10, Ted Unangst escreveu: Come on. Calling it an oversight is not condescending. I think it's perfectly reasonable to say it was an oversight. He did't say it was the hole of the century. There's no need to be so defensive. Yep. Others also told me this off list. I already sorted things out with the OP. But, truth is, that this bug is being sold by others, including news sites, as The BUG. It's hard to stay over the fence when things like this happen. Perhaps I need to drink less coffee and see what that thing called meditation is all about. Cheers, Giancarlo Razzolini
Re: bgpd and friends
On 2015-07-24, Gregory Edigarov ediga...@qarea.com wrote: Just curious if the message passing framework developed by claudio@ and henning@ is documented somehow. imsg_init(3) -- Christian naddy Weisgerber na...@mips.inka.de
Re: Typo in Upgrade Guide: 5.6 to 5.7
On 07/24/15 21:10, Артур Истомин wrote: There is typo in Upgrade Guide: 5.6 to 5.7. In section Upgrade without the Install Kernel If using a single processor kernel cp bsd.rd bsd.mp / must be: [wrong crap I'm deleting so it isn't seen again] well, since you phrase it as must be and some poor sucker might believe you since you claim infallibility, let me put it in similarly blatant terms: What you claim must be is very wrong in more than one way. What is in the page currently is right (at least, that part is. Considering my typo rate, I'm sure there's something wrong in there someplace). cp - the copy command, copies one *or more* files to a given destination. bsd.rd - The ramdisk kernel, used to install and fix systems. The first file to be copied. bsd.mp - The multi-processor kernel, not used as this is a single processor system at this point in the docs. The SECOND file to be copied. / - the root of the file system; the destination of this command, where the TWO files will end up. So, my command copies both the ramdisk and multiprocessor kernels to the root of the file system, where they will probably be used rarely, but are there if needed. Your command copies the ramdisk kernel to the root file system and renames it to the name the multiprocessor kernel normally has, which will guarantee much confusion when you need the ramdisk kernel and can't figure out where it is. Or much downtime when you decide to try the MP kernel, rename it and remotely reboot it. Nick.
Re: Typo in Upgrade Guide: 5.6 to 5.7
On Sat, Jul 25, 2015 at 12:18:34AM -0400, Nick Holland wrote: On 07/24/15 21:10, Артур Истомин wrote: There is typo in Upgrade Guide: 5.6 to 5.7. In section Upgrade without the Install Kernel If using a single processor kernel cp bsd.rd bsd.mp / must be: [wrong crap I'm deleting so it isn't seen again] well, since you phrase it as must be and some poor sucker might believe you since you claim infallibility, let me put it in similarly blatant terms: What you claim must be is very wrong in more than one way. What is in the page currently is right (at least, that part is. Considering my typo rate, I'm sure there's something wrong in there someplace). cp - the copy command, copies one *or more* files to a given destination. bsd.rd - The ramdisk kernel, used to install and fix systems. The first file to be copied. bsd.mp - The multi-processor kernel, not used as this is a single processor system at this point in the docs. The SECOND file to be copied. / - the root of the file system; the destination of this command, where the TWO files will end up. So, my command copies both the ramdisk and multiprocessor kernels to the root of the file system, where they will probably be used rarely, but are there if needed. Thanks for so many words for my banal stupid fault :) What is interesting, there really has issued some error. It was my typo, i think. I needed to sleep, and then later upgrade and write bug report :) Your command copies the ramdisk kernel to the root file system and renames it to the name the multiprocessor kernel normally has, which will guarantee much confusion when you need the ramdisk kernel and can't figure out where it is. Or much downtime when you decide to try the MP kernel, rename it and remotely reboot it. There is another explanation: note: you will get a harmless error message if your platform doesn't have a bsd.mp
Typo in Upgrade Guide: 5.6 to 5.7
There is typo in Upgrade Guide: 5.6 to 5.7. In section Upgrade without the Install Kernel If using a single processor kernel cp bsd.rd bsd.mp / must be: cp bsd.rd /bsd.mp
Re: elementary opensmtpd setting on rental server
thanks koko . for me , nsd is too hard . so i make a tryal to build intranet mail server with unbound , opensmtpd and dovecot without nsd or bind . see http://aoiyuma.mydns.jp/unbound+opensmtpd.html by using proper translation URL . - see you .
Re: Typo in Upgrade Guide: 5.6 to 5.7
On Sat, Jul 25, 2015 at 06:10:30AM +0500, ?? ?? wrote: There is typo in Upgrade Guide: 5.6 to 5.7. In section Upgrade without the Install Kernel If using a single processor kernel cp bsd.rd bsd.mp / must be: cp bsd.rd /bsd.mp No, that isn't a typo.. cp [-fip] [-R [-H | -L | -P]] source ... directory
Re: Typo in Upgrade Guide: 5.6 to 5.7
On 07/24/15 20:10, Артур Истомин wrote: There is typo in Upgrade Guide: 5.6 to 5.7. In section Upgrade without the Install Kernel If using a single processor kernel cp bsd.rd bsd.mp / must be: cp bsd.rd /bsd.mp cp [-fip] [-R [-H | -L | -P]] source ... directory Or is it multiple sources to one directory...
Re: rdomain with BGP dynamic route
Let me describe it in another way. Can I create a new rdomain as a VRF and use the rdomain to import/export customer's prefix through BGP? I will greatly appreciate it if you can provide any information. I have seen some information online, but prefix is either from static configuration or connected network. In my case, I need to support dynamic routes from BGP in VRF. Thanks, -Yang From: owner-m...@openbsd.org [owner-m...@openbsd.org] On Behalf Of XU, YANG (YANG) Sent: 23 July 2015 08:06 To: misc@openbsd.org Subject: rdomain with BGP dynamic route Hi all, I am configuring OpenBSD bgpd so that it can relay the routes learned from customer BGP servers to a route reflector (RR). Customer BGP servers only speak IPv4 BGP, so my OpenBSD bgpd needs to add different route-distinguisher and route-target to the dynamic routes learned from each customer BGP neighbor before forwarding to RR. As I understand, I should be able to use rdomain to implement this. What I really need conceptually is to attach a BGP neighbor to a rdomain, so that dynamic routes learned from that BGP neighbor are added to the specified rdomain. But I failed to find a way to do this in OpenBSD. Does anyone know if this is possible and give me an BGP configure example? Many thanks in advance, -Yang
Re: elementary opensmtpd setting on rental server
On Fri, 24 Jul 2015 20:17:47 +0900 tuyosi nakajin.fu...@gmail.com wrote: hi all . i write up at http://aoiyuma.mydns.jp/mydns-MS.html for comvinience . perhaps it has some errors. please point out them . in english translation , https://translate.google.co.jp/translate?sl=jatl=enjs=yprev=_thl=jaie=UTF-8u=http%3A%2F%2Faoiyuma.mydns.jp%2Fmydns-MS.htmledit-text= without openbsd fellow's , i remain postfix and struggle . opensmtpd is simple ant talentful and beautiful . good tutorial, hope will useful for the others..