Re: Dynamic DNS Client for EasyDNS

2017-08-02 Thread fRANz 
On Thu, Aug 3, 2017 at 2:31 AM, Predrag Punosevac  wrote:

> Short of me convincing the client to buy statis IP or porting
> ez-ipupdate to OpenBSD does anyone see any other alternatives?

also duck dns (https://www.duckdns.org/) permit you to update a DNS
record with a simple HTTPS request, without install any ddclient.
-f

Re: Does pf's Sources table ever get cleared?

2017-08-02 Thread Emille Blanc 

On 02.08.2017 19:39, Steve Williams wrote:

Hi,

I apologize!  I just got educated :)

Without reading your original email without attention to detail, I
assumed your overload was to a table called "Sources".
eg...  overload  flush global

I was not aware of the existance of the "Sources" table.  Now I am! 
lol.


I did confirm that the "pfctl -F Sources" does not empty my "Sources"
table on my stock OpenBSE 6.1.


Yeah, we spotted that on one of our 6.1 hosts too, but it's been fixed:

005: RELIABILITY FIX: May 6, 2017
Expired pf source tracking entries never got removed, leading to memory 
exhaustion.

ref:
https://www.openbsd.org/errata61.html

Re: Calculate the frequency of the tsc timecounter

2017-08-02 Thread Adam Steen 
On Tue, Aug 1, 2017 at 6:43 PM, Adam Steen  wrote:
> Hi Mike
>
> Please see the output below (I did have to update a few DPRINTF's with
> the change to clang, did you want a diff for checking in?)
> I appreciate you having a look.
>
> Cheers
> Adam
>
> root on sd0a (15cc7df693e2251e.a) swap on sd0b dump on sd0b
> vm_impl_init_vmx: created vm_map @ 0x80b99000
> vm_resetcpu: resetting vm 1 vcpu 0 to power on defaults
> guest eptp = 0x39eb8f01e
> vmm_alloc_vpid: allocated VPID/ASID 1
> vmx_handle_exit: unhandled exit 2147483681 (unknown)
> vcpu @ 0x800032ffc000
>  rax=0x rbx=0x rcx=0x
>  rdx=0x rbp=0x rdi=0x5000
>  rsi=0x  r8=0x  r9=0x
>  r10=0x r11=0x r12=0x
>  r13=0x r14=0x r15=0x
>  rip=0x0010 rsp=0x1ff8
>  cr0=0x0020 (pg cd nw am wp NE et ts em mp pe)
>  cr2=0x
>  cr3=0x (pwt pcd)
>  cr4=0x2000 (pke smap smep osxsave pcide fsgsbase smxe
> VMXE osxmmexcpt osfxsr pce pge mce pae pse de tsd pvi vme)
>  --Guest Segment Info--
>  cs=0x0008 rpl=0 base=0x limit=0x a/r=0xa099
>   granularity=1 dib=0 l(64 bit)=1 present=1 sys=1 type=code, x only, accessed
> code, r/x
>  ds=0x0010 rpl=0 base=0x limit=0x a/r=0xc093
>   granularity=1 dib=1 l(64 bit)=0 present=1 sys=1 type=data, r/w, accessed
>  es=0x0010 rpl=0 base=0x limit=0x a/r=0xc093
>   granularity=1 dib=1 l(64 bit)=0 present=1 sys=1 type=data, r/w, accessed
>  fs=0x0010 rpl=0 base=0x limit=0x a/r=0xc093
>   granularity=1 dib=1 l(64 bit)=0 present=1 sys=1 type=data, r/w, accessed
>  gs=0x0010 rpl=0 base=0x limit=0x a/r=0xc093
>   granularity=1 dib=1 l(64 bit)=0 present=1 sys=1 type=data, r/w, accessed
>  ss=0x0010 rpl=0 base=0x limit=0x a/r=0xc093
>   granularity=1 dib=1 l(64 bit)=0 present=1 sys=1 type=data, r/w, accessed
>  tr=0x base=0x limit=0x a/r=0x008b
>   granularity=0 dib=0 l(64 bit)=0 present=1 sys=0 type=tss (busy)
>  gdtr base=0x1000 limit=0x0017
>  idtr base=0x limit=0x
>  ldtr=0x base=0x limit=0x a/r=0x1
>   (unusable)
>  --Guest MSRs @ 0xff039b869000 (paddr: 0x00039b869000)--
>   MSR 0 @ 0xff039b869000 : 0xc080 (EFER),
> value=0x0500 (sce LME LMA nxe)
>   MSR 1 @ 0xff039b869010 : 0xc081 (STAR), value=0x
>   MSR 2 @ 0xff039b869020 : 0xc082 (LSTAR), value=0x
>   MSR 3 @ 0xff039b869030 : 0xc083 (CSTAR), value=0x
>   MSR 4 @ 0xff039b869040 : 0xc084 (SFMASK), value=0x
>   MSR 5 @ 0xff039b869050 : 0xc102 (KGSBASE), value=0x
> vcpu @ 0x800032ffc000
> parent vm @ 0xff0395ee7000
> mode: VMX
> pinbased ctls: 0x7f0016
> true pinbased ctls: 0x7f0016
>  EXTERNAL_INT_EXITING: Can set:Yes Can clear:Yes
>  NMI_EXITING: Can set:Yes Can clear:Yes
>  VIRTUAL_NMIS: Can set:Yes Can clear:Yes
>  ACTIVATE_VMX_PREEMPTION_TIMER: Can set:Yes Can clear:Yes
>  PROCESS_POSTED_INTERRUPTS: Can set:No Can clear:Yes
> procbased ctls: 0xfff9fffe0401e172
> true procbased ctls: 0xfff9fffe04006172
>  INTERRUPT_WINDOW_EXITING: Can set:Yes Can clear:Yes
>  USE_TSC_OFFSETTING: Can set:Yes Can clear:Yes
>  HLT_EXITING: Can set:Yes Can clear:Yes
>  INVLPG_EXITING: Can set:Yes Can clear:Yes
>  MWAIT_EXITING: Can set:Yes Can clear:Yes
>  RDPMC_EXITING: Can set:Yes Can clear:Yes
>  RDTSC_EXITING: Can set:Yes Can clear:Yes
>  CR3_LOAD_EXITING: Can set:Yes Can clear:Yes
>  CR3_STORE_EXITING: Can set:Yes Can clear:Yes
>  CR8_LOAD_EXITING: Can set:Yes Can clear:Yes
>  CR8_STORE_EXITING: Can set:Yes Can clear:Yes
>  USE_TPR_SHADOW: Can set:Yes Can clear:Yes
>  NMI_WINDOW_EXITING: Can set:Yes Can clear:Yes
>  MOV_DR_EXITING: Can set:Yes Can clear:Yes
>  UNCONDITIONAL_IO_EXITING: Can set:Yes Can clear:Yes
>  USE_IO_BITMAPS: Can set:Yes Can clear:Yes
>  MONITOR_TRAP_FLAG: Can set:Yes Can clear:Yes
>  USE_MSR_BITMAPS: Can set:Yes Can clear:Yes
>  MONITOR_EXITING: Can set:Yes Can clear:Yes
>  PAUSE_EXITING: Can set:Yes Can clear:Yes
> procbased2 ctls: 0xff
>  VIRTUALIZE_APIC: Can set:Yes Can clear:Yes
>  ENABLE_EPT: Can set:Yes Can clear:Yes
>  DESCRIPTOR_TABLE_EXITING: Can set:Yes Can clear:Yes
>  ENABLE_RDTSCP: Can set:Yes Can clear:Yes
>  VIRTUALIZE_X2APIC_MODE: Can set:Yes Can clear:Yes
>  ENABLE_VPID: Can set:Yes

Re: No Blog without Puffy in FreeBSD Forums

2017-08-02 Thread SOUL_OF_ROOT 55 
What are the operating
systems that ship without blobs?

Em quarta-feira, 2 de agosto de 2017, SOUL_OF_ROOT 55 <
soulofroo...@gmail.com> escreveu:
> Sorry
>
> No Blob without Puffy
>
> Em quarta-feira, 2 de agosto de 2017, SOUL_OF_ROOT 55 <
soulofroo...@gmail.com> escreveu:
>> Theo de Raadt said in the past:
>>
>> "3. mail from Theo, 12.03.2007 03:00:
>>
>> Did you even think about the fact that there are only two operating
>> systems that ship without blobs?
>>
>> OpenBSD
>>
>> Debian (and derived systems)"
>>
>>
>> "> > You claim you don't get any support from the other BSDs and now a
>>> > group of other BSD-users starts that campaign and you complain.
>>> > Where's the beef?
>>
>> You are not one of "the other BSDs". Your campaign will not support
>> more documentation. It puts the name of BLOB-including operating
>> systems on a poster saying that they are anti-blob. That's a bald
>> lie, and it undermines our effort.
>>
>> OpenBSD distinguishes itself on the fact that it does not include
>> blobs. Most other operating systems are completely fine with
>> incorporating blobs. The other projects you are showing on the poster
>> specifically include blobs. They do NOT help us get documentation."
>>
>> reference:
http://openbsd-archive.7691.n7.nabble.com/No-Blob-without-Puffy-td36562.html
>>
>> I wonder:
>>
>> Did you even think about the fact that there are only two operating
>> systems that ship without blobs?
>>
>> OpenBSD still distinguishes itself on the fact that it does not include
>> blobs?
>>
>> I posted this topic also in FreeBSD Forums:
>> https://forums.freebsd.org/threads/61858/
>>
>> I wonder what Theo de Raadt  would say about it.
>>
>> Thank you
>>

Re: Does pf's Sources table ever get cleared?

2017-08-02 Thread Steve Williams 

Hi,

I apologize!  I just got educated :)

Without reading your original email without attention to detail, I 
assumed your overload was to a table called "Sources".

eg...  overload  flush global

I was not aware of the existance of the "Sources" table.  Now I am! lol.

I did confirm that the "pfctl -F Sources" does not empty my "Sources" 
table on my stock OpenBSE 6.1.


Interesting...

Thanks for clarifying.  I learned something :)

Cheers,
Steve


On 02/08/2017 2:59 PM, Markus Wernig wrote:

On 02.08.2017 16:07, Steve Williams wrote:

pfctl -t Sources -T flush

Thanks for the hints. The above yields an error here:

# pfctl -t Sources -T flush
pfctl: Table does not exist.

pfctl(8) is rather clear on the topic:
...
  -F modifier
  Flush the filter parameters specified by modifier (may be
  abbreviated):
...
  -F SourcesFlush the source tracking table.

The problem appears to be not so much with dynamic tables, but with the
way src-nodes are expired (but not flushed).

best /markus

Re: Dynamic DNS Client for EasyDNS

2017-08-02 Thread Joe Gidi 
> "Joe Gidi"  wrote:
>
>> ddclient should fit the bill. It's Perl, it's in ports, and it supports
>> EasyDNS. I've used it for a few years now with no problems.
>>
>> Joe
>
> Thanks for the quick response. Although I really like Ryan Flannery
> answer I think I got this already working.
>
> Joe could you please confirm that I don't need to do anything on EasyDNS
> side if I use ddclient? It looks like after I set up the method of
> updating ip in ddclient.conf and edit the EasyDNS configuration
> paragraph with my username and password I am good to go as it looks like
> ddclient is going to edit zone files for me.
>
> Predrag

I'm using ddclient with a different DNS service, but yes, all I had to do
was set up ddclient.conf and enable ddclient with rcctl.

-- 

Joe Gidi
j...@entropicblur.com

"You cannot buy skill." -- Ross Seyfried

Re: Dynamic DNS Client for EasyDNS

2017-08-02 Thread Predrag Punosevac 
"Joe Gidi"  wrote:

> ddclient should fit the bill. It's Perl, it's in ports, and it supports
> EasyDNS. I've used it for a few years now with no problems.
> 
> Joe

Thanks for the quick response. Although I really like Ryan Flannery
answer I think I got this already working. 

Joe could you please confirm that I don't need to do anything on EasyDNS
side if I use ddclient? It looks like after I set up the method of
updating ip in ddclient.conf and edit the EasyDNS configuration
paragraph with my username and password I am good to go as it looks like
ddclient is going to edit zone files for me. 

Predrag


> 
> > One of my clients is insisting on using her current ISP with dynamic IP.
> > On the another hand we decided to use EasyDNS as our managed DNS
> > provider due to my past experiences with them. She bought  DNS pro plan
> > which does include among other things Dynamic DNS services. However I
> > see that only ez-ipupdate is listed as Dynamic DNS client. Apart of the
> > fact that it is not in OpenBSD port tree I see that it is written in C
> > (I was hoping for a simple Perl script)
> >
> > https://sourceforge.net/projects/ez-ipupdate/
> >
> > and officially untested on anything else besides Linux. I see FreeBSD
> > port
> >
> > https://www.freebsd.org/cgi/ports.cgi?query=ez-ipupdate=all=all
> >
> > Short of me convincing the client to buy statis IP or porting
> > ez-ipupdate to OpenBSD does anyone see any other alternatives?
> >
> > Best,
> > Predrag
> >
> >
> 
> 
> -- 
> 
> Joe Gidi
> j...@entropicblur.com
> 
> "You cannot buy skill." -- Ross Seyfried

Re: Dynamic DNS Client for EasyDNS

2017-08-02 Thread Ryan Flannery 
On Wed, Aug 2, 2017 at 8:31 PM, Predrag Punosevac 
wrote:
>
> One of my clients is insisting on using her current ISP with dynamic IP.
> On the another hand we decided to use EasyDNS as our managed DNS
> provider due to my past experiences with them. She bought  DNS pro plan
> which does include among other things Dynamic DNS services. However I
> see that only ez-ipupdate is listed as Dynamic DNS client. Apart of the
> fact that it is not in OpenBSD port tree I see that it is written in C
> (I was hoping for a simple Perl script)
>
> https://sourceforge.net/projects/ez-ipupdate/
>
> and officially untested on anything else besides Linux. I see FreeBSD
> port
>
>
https://www.freebsd.org/cgi/ports.cgi?query=ez-ipupdate=all=all
>
> Short of me convincing the client to buy statis IP or porting
> ez-ipupdate to OpenBSD does anyone see any other alternatives?
>
> Best,
> Predrag
>

According to EasyDNS's documentation, you can update it using a GET request
and a token you generate for your EasyDNS account.
Using that, you could write a simple script (few lines) to do the job and
run it through cron periodically.

See their documentation at the bottom of:
https://fusion.easydns.com/Knowledgebase/Article/View/102/7/dynamic-dns

Basics of the script would just be:

ip=`curl -s ipinfo.io/ip`
curl -s "
https://username:dynamicto...@api.cp.easydns.com/dyn/generic.php?hostname=example.com=${ip}
"

Cheers,
-ryan

Re: Dynamic DNS Client for EasyDNS

2017-08-02 Thread Joe Gidi 
ddclient should fit the bill. It's Perl, it's in ports, and it supports
EasyDNS. I've used it for a few years now with no problems.

Joe

> One of my clients is insisting on using her current ISP with dynamic IP.
> On the another hand we decided to use EasyDNS as our managed DNS
> provider due to my past experiences with them. She bought  DNS pro plan
> which does include among other things Dynamic DNS services. However I
> see that only ez-ipupdate is listed as Dynamic DNS client. Apart of the
> fact that it is not in OpenBSD port tree I see that it is written in C
> (I was hoping for a simple Perl script)
>
> https://sourceforge.net/projects/ez-ipupdate/
>
> and officially untested on anything else besides Linux. I see FreeBSD
> port
>
> https://www.freebsd.org/cgi/ports.cgi?query=ez-ipupdate=all=all
>
> Short of me convincing the client to buy statis IP or porting
> ez-ipupdate to OpenBSD does anyone see any other alternatives?
>
> Best,
> Predrag
>
>


-- 

Joe Gidi
j...@entropicblur.com

"You cannot buy skill." -- Ross Seyfried

WARNING: symbol(icudt58_dat) size mismatch, relink your program

2017-08-02 Thread Paul B. Henson 
I'm trying to compile openldap from ports under 6.1, and running it
fails with the error:

slapd:/usr/local/lib/libicuuc.so.12.0: /usr/local/lib/libicudata.so.12.0
: WARNING: symbol(icudt58_dat) size mismatch, relink your program

I see there was some dicussion of this back around April, but no
resolution, and I didn't see anything since then. Evidentally it impacts
anything that uses textproc/icu from what I could tell. I poked around
with it a bit but nothing jumped out as to why it's doing this. The
symbol seems to be defined in libicudata.so and accessed by libicuuc.so.
The actual object file in the distibution that contains it is
dynamically generated. I have the exact same version running ok on a
linux box so it doesn't seem to be an issue with the code itself.

Has anyone figured out what's going on with this code under openbsd
that's causing it to fail like this?

Thanks...

Dynamic DNS Client for EasyDNS

2017-08-02 Thread Predrag Punosevac 
One of my clients is insisting on using her current ISP with dynamic IP.
On the another hand we decided to use EasyDNS as our managed DNS
provider due to my past experiences with them. She bought  DNS pro plan
which does include among other things Dynamic DNS services. However I
see that only ez-ipupdate is listed as Dynamic DNS client. Apart of the
fact that it is not in OpenBSD port tree I see that it is written in C
(I was hoping for a simple Perl script)

https://sourceforge.net/projects/ez-ipupdate/

and officially untested on anything else besides Linux. I see FreeBSD
port

https://www.freebsd.org/cgi/ports.cgi?query=ez-ipupdate=all=all

Short of me convincing the client to buy statis IP or porting
ez-ipupdate to OpenBSD does anyone see any other alternatives?

Best,
Predrag

Re: Calculate the frequency of the tsc timecounter

2017-08-02 Thread Mike Larkin 
On Thu, Aug 03, 2017 at 07:56:11AM +0800, Adam Steen wrote:
> On Mon, Jul 31, 2017 at 3:58 PM, Mike Belopuhov  wrote:
> > On Mon, Jul 31, 2017 at 09:48 +0800, Adam Steen wrote:
> >> Ted Unangst  wrote:
> >> > we don't currently export this info, but we could add some sysctls. 
> >> > there's
> >> > some cpufeatures stuff there, but generally stuff isn't exported until
> >> > somebody finds a use for it... it shouldn't be too hard to add something 
> >> > to
> >> > amd64/machdep.c sysctl if you're interested.
> >>
> >> I am interested, as i need the info, i will look into it and hopefully
> >> come back with a patch.
> >
> > This is a bad idea because TSC as the time source is only usable
> > by OpenBSD on Skylake and Kaby Lake CPUs since they encode the TSC
> > frequency in the CPUID. All older CPUs have their TSCs measured
> > against the PIT. Currently the measurement done by the kernel isn't
> > very precise and if TSC is selected as a timecounter, the machine
> > would be gaining time on a pace that cannot be corrected by our NTP
> > daemon. (IIRC, about an hour a day on my Haswell running with NTP).
> >
> > To be able to use TSC as a timecounter source on OpenBSD or Solo5
> > you'd have to improve the in-kernel measurement of the TSC frequency
> > first. I've tried to perform 10 measurements and take an average and
> > it does improve accuracy, however I believe we need to poach another
> > bit from Linux and re-calibrate TSC via HPET:
> >
> >  
> > http://elixir.free-electrons.com/linux/v4.12.4/source/arch/x86/kernel/tsc.c#L409
> >
> > I think this is the most sane thing we can do. Here's a complete
> > procedure that Linux kernel undertakes:
> >
> >  
> > http://elixir.free-electrons.com/linux/v4.12.4/source/arch/x86/kernel/tsc.c#L751
> >
> > Regards,
> > Mike
> 
> Hi Mike and Ted
> 
> I understand using the tsc as a timecounter on non Skylake and
> Kabylake processors is inaccurate, but this i my first real foray into
> kernel programming, so wanted to started of slow. below is a diff to
> expose if the tsc is invariant and the tsc frequency via sysctl
> machdep. I would like to get this commited first and then move on to
> improving the in-kernel measurement of the tsc frequency as Mike
> describes above.
> 
> Sorry its taken a while to get back to you I have been working with
> Mike Larkin on vmm and my port of Solo5/ukvm.
> 
> Cheers
> Adam
> 
> comments?
> 

Everything in these sysctls can be obtained from CPUID on the processors you
want (skylake and later), and since that can be called in any CPL, why is
a kernel interface needed for this? The only thing that would be missing is
the tsc frequency on older-than-skylake cpus, but I don't think this is what
you are after, is it? (and even if you wanted this information on < skylake,
as mikeb points out, the accuracy of that value would then be very suspect and
probably not usable anyway).

-ml

> Index: sys/arch/amd64/amd64/identcpu.c
> ===
> RCS file: /cvs/src/sys/arch/amd64/amd64/identcpu.c,v
> retrieving revision 1.87
> diff -u -p -u -p -r1.87 identcpu.c
> --- sys/arch/amd64/amd64/identcpu.c 20 Jun 2017 05:34:41 - 1.87
> +++ sys/arch/amd64/amd64/identcpu.c 2 Aug 2017 23:45:54 -
> @@ -63,6 +63,8 @@ struct timecounter tsc_timecounter = {
>   tsc_get_timecount, NULL, ~0u, 0, "tsc", -1000, NULL
>  };
> 
> +u_int64_t amd64_tsc_freq = 0;
> +int amd64_has_invariant_tsc;
>  int amd64_has_xcrypt;
>  #ifdef CRYPTO
>  int amd64_has_pclmul;
> @@ -566,9 +568,12 @@ identifycpu(struct cpu_info *ci)
>   /* Check if it's an invariant TSC */
>   if (cpu_apmi_edx & CPUIDEDX_ITSC)
>   ci->ci_flags |= CPUF_INVAR_TSC;
> +
> +amd64_has_invariant_tsc = (ci->ci_flags & CPUF_INVAR_TSC) != 0;
>   }
> 
>   ci->ci_tsc_freq = cpu_tsc_freq(ci);
> +amd64_tsc_freq = ci->ci_tsc_freq;
> 
>   amd_cpu_cacheinfo(ci);
> 
> Index: sys/arch/amd64/amd64/machdep.c
> ===
> RCS file: /cvs/src/sys/arch/amd64/amd64/machdep.c,v
> retrieving revision 1.231
> diff -u -p -u -p -r1.231 machdep.c
> --- sys/arch/amd64/amd64/machdep.c 12 Jul 2017 06:26:32 - 1.231
> +++ sys/arch/amd64/amd64/machdep.c 2 Aug 2017 23:45:54 -
> @@ -425,7 +425,9 @@ int
>  cpu_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp,
>  size_t newlen, struct proc *p)
>  {
> +extern u_int64_t amd64_tsc_freq;
>   extern int amd64_has_xcrypt;
> + extern int amd64_has_invariant_tsc;
>   dev_t consdev;
>   dev_t dev;
>   int val, error;
> @@ -496,6 +498,10 @@ cpu_sysctl(int *name, u_int namelen, voi
>   pckbc_release_console();
>   return (error);
>  #endif
> +case CPU_TSCFREQ:
> +return (sysctl_rdquad(oldp, oldlenp, newp, amd64_tsc_freq));
> + case CPU_INVARIANTTSC:
> + return (sysctl_rdint(oldp, oldlenp, newp, amd64_has_invariant_tsc));
>   default:
>   return (EOPNOTSUPP);
>   }
> Index:

Re: Calculate the frequency of the tsc timecounter

2017-08-02 Thread Adam Steen 
On Mon, Jul 31, 2017 at 3:58 PM, Mike Belopuhov  wrote:
> On Mon, Jul 31, 2017 at 09:48 +0800, Adam Steen wrote:
>> Ted Unangst  wrote:
>> > we don't currently export this info, but we could add some sysctls. there's
>> > some cpufeatures stuff there, but generally stuff isn't exported until
>> > somebody finds a use for it... it shouldn't be too hard to add something to
>> > amd64/machdep.c sysctl if you're interested.
>>
>> I am interested, as i need the info, i will look into it and hopefully
>> come back with a patch.
>
> This is a bad idea because TSC as the time source is only usable
> by OpenBSD on Skylake and Kaby Lake CPUs since they encode the TSC
> frequency in the CPUID. All older CPUs have their TSCs measured
> against the PIT. Currently the measurement done by the kernel isn't
> very precise and if TSC is selected as a timecounter, the machine
> would be gaining time on a pace that cannot be corrected by our NTP
> daemon. (IIRC, about an hour a day on my Haswell running with NTP).
>
> To be able to use TSC as a timecounter source on OpenBSD or Solo5
> you'd have to improve the in-kernel measurement of the TSC frequency
> first. I've tried to perform 10 measurements and take an average and
> it does improve accuracy, however I believe we need to poach another
> bit from Linux and re-calibrate TSC via HPET:
>
>  
> http://elixir.free-electrons.com/linux/v4.12.4/source/arch/x86/kernel/tsc.c#L409
>
> I think this is the most sane thing we can do. Here's a complete
> procedure that Linux kernel undertakes:
>
>  
> http://elixir.free-electrons.com/linux/v4.12.4/source/arch/x86/kernel/tsc.c#L751
>
> Regards,
> Mike

Hi Mike and Ted

I understand using the tsc as a timecounter on non Skylake and
Kabylake processors is inaccurate, but this i my first real foray into
kernel programming, so wanted to started of slow. below is a diff to
expose if the tsc is invariant and the tsc frequency via sysctl
machdep. I would like to get this commited first and then move on to
improving the in-kernel measurement of the tsc frequency as Mike
describes above.

Sorry its taken a while to get back to you I have been working with
Mike Larkin on vmm and my port of Solo5/ukvm.

Cheers
Adam

comments?

Index: sys/arch/amd64/amd64/identcpu.c
===
RCS file: /cvs/src/sys/arch/amd64/amd64/identcpu.c,v
retrieving revision 1.87
diff -u -p -u -p -r1.87 identcpu.c
--- sys/arch/amd64/amd64/identcpu.c 20 Jun 2017 05:34:41 - 1.87
+++ sys/arch/amd64/amd64/identcpu.c 2 Aug 2017 23:45:54 -
@@ -63,6 +63,8 @@ struct timecounter tsc_timecounter = {
  tsc_get_timecount, NULL, ~0u, 0, "tsc", -1000, NULL
 };

+u_int64_t amd64_tsc_freq = 0;
+int amd64_has_invariant_tsc;
 int amd64_has_xcrypt;
 #ifdef CRYPTO
 int amd64_has_pclmul;
@@ -566,9 +568,12 @@ identifycpu(struct cpu_info *ci)
  /* Check if it's an invariant TSC */
  if (cpu_apmi_edx & CPUIDEDX_ITSC)
  ci->ci_flags |= CPUF_INVAR_TSC;
+
+amd64_has_invariant_tsc = (ci->ci_flags & CPUF_INVAR_TSC) != 0;
  }

  ci->ci_tsc_freq = cpu_tsc_freq(ci);
+amd64_tsc_freq = ci->ci_tsc_freq;

  amd_cpu_cacheinfo(ci);

Index: sys/arch/amd64/amd64/machdep.c
===
RCS file: /cvs/src/sys/arch/amd64/amd64/machdep.c,v
retrieving revision 1.231
diff -u -p -u -p -r1.231 machdep.c
--- sys/arch/amd64/amd64/machdep.c 12 Jul 2017 06:26:32 - 1.231
+++ sys/arch/amd64/amd64/machdep.c 2 Aug 2017 23:45:54 -
@@ -425,7 +425,9 @@ int
 cpu_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp,
 size_t newlen, struct proc *p)
 {
+extern u_int64_t amd64_tsc_freq;
  extern int amd64_has_xcrypt;
+ extern int amd64_has_invariant_tsc;
  dev_t consdev;
  dev_t dev;
  int val, error;
@@ -496,6 +498,10 @@ cpu_sysctl(int *name, u_int namelen, voi
  pckbc_release_console();
  return (error);
 #endif
+case CPU_TSCFREQ:
+return (sysctl_rdquad(oldp, oldlenp, newp, amd64_tsc_freq));
+ case CPU_INVARIANTTSC:
+ return (sysctl_rdint(oldp, oldlenp, newp, amd64_has_invariant_tsc));
  default:
  return (EOPNOTSUPP);
  }
Index: sys/arch/amd64/include/cpu.h
===
RCS file: /cvs/src/sys/arch/amd64/include/cpu.h,v
retrieving revision 1.113
diff -u -p -u -p -r1.113 cpu.h
--- sys/arch/amd64/include/cpu.h 12 Jul 2017 06:26:32 - 1.113
+++ sys/arch/amd64/include/cpu.h 2 Aug 2017 23:45:56 -
@@ -429,7 +429,9 @@ void mp_setperf_init(void);
 #define CPU_XCRYPT 12 /* supports VIA xcrypt in userland */
 #define CPU_LIDACTION 14 /* action caused by lid close */
 #define CPU_FORCEUKBD 15 /* Force ukbd(4) as console keyboard */
-#define CPU_MAXID 16 /* number of valid machdep ids */
+#define CPU_TSCFREQ 16 /* tsc frequency */
+#define CPU_INVARIANTTSC 17 /* has invariant tsc */
+#define CPU_MAXID 18 /* number of valid machdep ids */

 #define CTL_MACHDEP_NAMES { \
  { 0, 0 }, \
@@

Re: No Blog without Puffy in FreeBSD Forums

2017-08-02 Thread SOUL_OF_ROOT 55 
Sorry

No Blob without Puffy

Em quarta-feira, 2 de agosto de 2017, SOUL_OF_ROOT 55 <
soulofroo...@gmail.com> escreveu:
> Theo de Raadt said in the past:
>
> "3. mail from Theo, 12.03.2007 03:00:
>
> Did you even think about the fact that there are only two operating
> systems that ship without blobs?
>
> OpenBSD
>
> Debian (and derived systems)"
>
>
> "> > You claim you don't get any support from the other BSDs and now a
>> > group of other BSD-users starts that campaign and you complain.
>> > Where's the beef?
>
> You are not one of "the other BSDs". Your campaign will not support
> more documentation. It puts the name of BLOB-including operating
> systems on a poster saying that they are anti-blob. That's a bald
> lie, and it undermines our effort.
>
> OpenBSD distinguishes itself on the fact that it does not include
> blobs. Most other operating systems are completely fine with
> incorporating blobs. The other projects you are showing on the poster
> specifically include blobs. They do NOT help us get documentation."
>
> reference:
http://openbsd-archive.7691.n7.nabble.com/No-Blob-without-Puffy-td36562.html
>
> I wonder:
>
> Did you even think about the fact that there are only two operating
> systems that ship without blobs?
>
> OpenBSD still distinguishes itself on the fact that it does not include
> blobs?
>
> I posted this topic also in FreeBSD Forums:
> https://forums.freebsd.org/threads/61858/
>
> I wonder what Theo de Raadt  would say about it.
>
> Thank you
>

No Blog without Puffy in FreeBSD Forums

2017-08-02 Thread SOUL_OF_ROOT 55 
Theo de Raadt said in the past:

"3. mail from Theo, 12.03.2007 03:00:

Did you even think about the fact that there are only two operating
systems that ship without blobs?

OpenBSD

Debian (and derived systems)"


"> > You claim you don't get any support from the other BSDs and now a
> > group of other BSD-users starts that campaign and you complain.
> > Where's the beef?

You are not one of "the other BSDs". Your campaign will not support
more documentation. It puts the name of BLOB-including operating
systems on a poster saying that they are anti-blob. That's a bald
lie, and it undermines our effort.

OpenBSD distinguishes itself on the fact that it does not include
blobs. Most other operating systems are completely fine with
incorporating blobs. The other projects you are showing on the poster
specifically include blobs. They do NOT help us get documentation."

reference: 
http://openbsd-archive.7691.n7.nabble.com/No-Blob-without-Puffy-td36562.html

I wonder:

Did you even think about the fact that there are only two operating
systems that ship without blobs?

OpenBSD still distinguishes itself on the fact that it does not include
blobs?

I posted this topic also in FreeBSD Forums:
https://forums.freebsd.org/threads/61858/

I wonder what Theo de Raadt  would say about it.

Thank you

Re: Deleted everything in /

2017-08-02 Thread Alan Corey 
Hah!  I got an err M again 3 years later.  I was running multiboot
whereby you do a dd from wd0 into a file.  So I booted from an install
disk, shelled out, did fsck on the hard drive partitions then used dd
to copy back the bootsector file.  It worked.

I just did:
dd of=/dev/wd0 if=obsd.bin
and rebooted, everything came back.



On 3/6/14, Alan Corey  wrote:
> Got it.  Thanks.  I burned a 5.2 install and used the ramdisk
> /usr/mdec/installboot from that. I don't have 5.5 and it would take
> weeks by modem to get it.
>
> On 3/6/14, Chris Cappuccio  wrote:
>> Alan Corey [alan01...@gmail.com] wrote:
>>> I'm at 5.2. Booting from a 5.4 install image I mounted my / as /mnt
>>> then my /usr as /mnt2. Then I did:
>>>
>>> /mnt2/mdec/installboot -n -v /mnt/boot /mnt2/mdec/biosboot /dev/wd0c
>>> and get: Bad system call
>>>
>>> There's a /mnt/boot in place copied from /mnt2/mdec
>>>
>>
>> You need to run installboot from /usr/mdec (or /usr/sbin on 5.5)
>> on the install image ramdisk, not the 5.2 host.
>>
>> And you really need to use the installer and let it do all
>> this for you, or else you should read the install/upgrade scripts
>> and figure out the stuffs.
>>
>
>
> --
> Credit is the root of all evil.  - AB1JX
>


-- 
-
No, I won't  call it "climate change", do you have a "reality problem"? - AB1JX
Impeach  Impeach  Impeach  Impeach  Impeach  Impeach  Impeach  Impeach

Lenovo T440s

2017-08-02 Thread andrew 
First of all, big thanks to Theo for his strong leadership and to all 
the past and present devs !!! Have a great week ahead !!!



---

Just a little FWIW from a Lenovo T440s ...

---

dmesg | sort | uniq -c

  1 3834:intel_uncore_check_errors] *ERROR* Unclaimed register before interrupt
 30 error: [drm:pid31067:intel_uncore_check_errors] *ERROR* Unclaimed register 
before interrupt
124 error: [drm:pid45200:intel_uncore_check_errors] *ERROR* Unclaimed register 
before interrupt
474 error: [drm:pid53834:intel_uncore_check_errors] *ERROR* Unclaimed register 
before interrupt
 48 error: [drm:pid76233:intel_uncore_check_errors] *ERROR* Unclaimed register 
before interrupt
  9 error: [drm:pid77807:intel_uncore_check_errors] *ERROR* Unclaimed register 
before interrupt
 26 error: [drm:pid85895:intel_uncore_check_errors] *ERROR* Unclaimed register 
before interrupt

---

cat /var/run/dmesg.boot

OpenBSD 6.1-current (GENERIC.MP) #26: Mon Jul 31 08:42:35 MDT 2017
   dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8246050816 (7864MB)
avail mem = 7989780480 (7619MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdcd3d000 (62 entries)
bios0: vendor LENOVO version "GJET77WW (2.27 )" date 05/20/2014
bios0: LENOVO 20ARS0LF02
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SLIC DBGP ECDT HPET APIC MCFG SSDT SSDT SSDT SSDT SSDT 
SSDT SSDT SSDT PCCT SSDT TCPA UEFI MSDM ASF! BATB FPDT UEFI SSDT
acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) XHCI(S3) EHC1(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiec0 at acpi0
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz, 2494.68 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: TSC frequency 2494682120 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz, 2494.23 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz, 2494.23 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i5-4300U CPU @ 1.90GHz, 2494.23 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG_)
acpiprt2 at acpi0: bus 2 (EXP1)
acpiprt3 at acpi0: bus 3 (EXP2)
acpiprt4 at acpi0: bus -1 (EXP3)
acpicpu0 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), 
C1(1000@1 mwait.1), PSS
acpicpu1 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), 
C1(1000@1 mwait.1), PSS
acpicpu2 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), 
C1(1000@1 mwait.1), PSS
acpicpu3 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), 
C1(1000@1 mwait.1), PSS
acpipwrres0 at acpi0: PUBS, resource for XHCI, EHC1
acpipwrres1 at acpi0: NVP3, resource for PEG_
acpipwrres2 at acpi0: NVP2, resource for PEG_
acpitz0 at acpi0: critical temperature is

Re: Does pf's Sources table ever get cleared?

2017-08-02 Thread Markus Wernig 
On 02.08.2017 16:07, Steve Williams wrote:
> pfctl -t Sources -T flush

Thanks for the hints. The above yields an error here:

# pfctl -t Sources -T flush
pfctl: Table does not exist.

pfctl(8) is rather clear on the topic:
...
 -F modifier
 Flush the filter parameters specified by modifier (may be
 abbreviated):
...
 -F SourcesFlush the source tracking table.

The problem appears to be not so much with dynamic tables, but with the
way src-nodes are expired (but not flushed).

best /markus

Re: Changing default compiler for usr/ports buiding

2017-08-02 Thread Stuart Henderson 
What are you *actually* trying to do (end goal)?

If what you actually need is "boost and c++11", your best bet is
-current and clang. GCC is a dead end on OpenBSD for anything C++ that
uses C++ libraries from X or packages.



On 2017-08-01, Denis  wrote:
> Ok, but how to point cmake-3.5.2 to build the needed "source" which
> using Boost 1.53 or higher libraries ver.?
>
> Boost 1.59.0 itself was downloaded from boost web site and builded from
> sources using gcc 4.9 already. Some patches have been installed.
>
> I have tried to point cmake-3.5.2 to Boost-1.59.0 (builded from source
> by gcc 4.9) by using some documented hints
> cmake -DBoost_NO_SYSTEM_PATHS=ON -DBOOST_ROOT=/boost-gcc49/output
> -DBOOST_INCLUDEDIR=/boost-gcc49/output/include -
> DBOOST_LIBRARYDIR=/boost-gcc49/output/lib
> -DCMAKE_INSTALL_PREFIX=/build/src-output
>
> But Cmake wan't see the prebuilded Boost 1.59.0 libraries, but clearly
> sees the paths to Boost ROOT dir, include, and lib dirs.
>
> So I tried to build Boost 1.58 which is a part of ports of OpenBSD 6.0
> amd64 by newer compiler gcc 4.9 which is required for the sources build...
>
> What can I do to have Boost 1.58 or Boost 1.59 builded by gcc 4.9 and
> working with cmake-3.5.2 ?
>
> Thanks for answer in advance.
>
> On 31.07.2017 21:34, Marc Espie wrote:
>> On Mon, Jul 31, 2017 at 05:47:59PM +0300, Denis wrote:
>>> I'm trying to change default compiler to build some ports.
>>> Tried to do it using bsd.port.mk and by system variables CXX=eg++
>>> CPP=egcc, but nothing changes while building a port.
>>>
>>> How can I force the default gcc 4.2 to egcc (gcc 4.9)?
>>>
>>> Thanks
>> You can't.
>>
>> Things generally won't work.
>>
>> Current uses clang on i386 and amd64.
>>
>> And that's wildly incompatible with gcc 4.2 or 4.9...
>>
>
>

Re: bsd.rd problem: wd0 is not a valid root disk

2017-08-02 Thread Robert Peichaer 
On Wed, Aug 02, 2017 at 05:15:58PM +0100, Anthony Campbell wrote:
> 
> 
> In the last 10 days several attempts to upgrade -current have failed
> owing to an error with bsd.rd. I get as far as choosing the keyboard;
> then I'm asked to mount the root system and am offered wd0. But when I
> accept that it says "wd0 is not a valid root disk". I then have to
> reboot. (The boot drive is on wd0a.)
> 
> This is a recent developmet. I thought at first it was just a matter of
> waiting for a new version of bsd.rd to appear on -current, but I find
> I'm now getting the same error with bsd.rd from -release 6.1.  But 6.0
> does work correctly. This suggests to me that something is wrong on my
> setup locally but I don't know where to look.
> 
> Google shows nothing relevant. I've tried fdisk -u and installboot to
> reconfigure the boot process but they make no difference.
> 
> I thought of trying to reinstall but am reluctant to do that in case I'm
> left with a broken system. At least I have a working system at present,
> even though I can't uprade it.
> 
> Can anyone kindly suggest what may be wrong?
> 
> I attach dmesg from the last time I could upgrade.
> 

see my response to your mail on bugs@

Re: multiple relays in smtpd.conf

2017-08-02 Thread Ronan Viel 
I agree with tomr, I would try to find a workaround to this issue by sending 
the traffic to relayd, using a redirection to target host after a 'check send 
nothing expect 220* '

Ronan

> Le 2 août 2017 à 14:14, tomr  a écrit :
> ...
> Also: is this not a purpose to which relayd could usefully put using a
> 'check script'?
> 
> t

Re: run(4) D-Link DWA-130 rev F1

2017-08-02 Thread Stefan Sperling 
On Wed, Aug 02, 2017 at 10:08:51AM -0700, Jacqueline Jolicoeur wrote:
> Hi,
> 
> I have a D-Link DWA-130 rev F1 which was not being detected.
> 
> I took a guess and made this kernel patch for run(4) which seems
> to work for me thus far. The device is now detected, connects with
> nwid, wpakey and dhclient. The 0x3c25 magic is from usbdevs(8)
> 
> Tested using amd64 GENERIC.MP -current

Committed, thanks!

> 
> Index: share/man/man4/run.4
> ===
> RCS file: /cvs/src/share/man/man4/run.4,v
> retrieving revision 1.49
> diff -u -p -r1.49 run.4
> --- share/man/man4/run.4  13 Jul 2017 08:10:50 -  1.49
> +++ share/man/man4/run.4  2 Aug 2017 05:21:21 -
> @@ -120,7 +120,7 @@ The following adapters should work:
>  .It Corega CG-WLUSB300AGN
>  .It Corega CG-WLUSB300GNM
>  .It D-Link DWA-127
> -.It D-Link DWA-130 rev B1
> +.It D-Link DWA-130 rev B1, F1
>  .It D-Link DWA-140 rev B1, B2, B3, \
>  .It D-Link DWA-160 rev B2
>  .It D-Link DWA-162
> Index: sys/dev/usb/if_run.c
> ===
> RCS file: /cvs/src/sys/dev/usb/if_run.c,v
> retrieving revision 1.121
> diff -u -p -r1.121 if_run.c
> --- sys/dev/usb/if_run.c  21 Jul 2017 00:55:05 -  1.121
> +++ sys/dev/usb/if_run.c  2 Aug 2017 05:21:31 -
> @@ -153,6 +153,7 @@ static const struct usb_devno run_devs[]
>   USB_ID(COREGA,  RT3070),
>   USB_ID(CYBERTAN,RT2870),
>   USB_ID(DLINK,   DWA127),
> + USB_ID(DLINK,   DWA130F1),
>   USB_ID(DLINK,   DWA140B3),
>   USB_ID(DLINK,   DWA160B2),
>   USB_ID(DLINK,   DWA162),
> Index: sys/dev/usb/usbdevs
> ===
> RCS file: /cvs/src/sys/dev/usb/usbdevs,v
> retrieving revision 1.674
> diff -u -p -r1.674 usbdevs
> --- sys/dev/usb/usbdevs   6 Jun 2017 00:52:02 -   1.674
> +++ sys/dev/usb/usbdevs   2 Aug 2017 05:21:32 -
> @@ -1544,6 +1544,7 @@ product DLINK DWA140B3  0x3c15  DWA-140 r
>  product DLINK DWA160B2   0x3c1a  DWA-160 rev B2
>  product DLINK DWA127 0x3c1b  DWA-127
>  product DLINK DWA162 0x3c1f  DWA-162 Wireless Adapter
> +product DLINK DWA130F1   0x3c25  DWA-130 rev F1
>  product DLINK DSB650C0x4000  10Mbps Ethernet
>  product DLINK DSB650TX1  0x4001  10/100 Ethernet
>  product DLINK DSB650TX   0x4002  10/100 Ethernet
>

Re: Supporting OpenBSD

2017-08-02 Thread Ingo Schwarze 
Hi Radoslav,

Radoslav Mirza wrote on Wed, Aug 02, 2017 at 01:21:44PM +0930:

> Are there any resources that point to where I can begin to help
> with the project?

We don't maintain any global TODO lists, it's too little benefit
for too much work.

> Such as junior jobs, documentation etc.

The quality of OpenBSD documentation implies that finding bugs in
documentation is not much easier than finding bugs in code.  We do
not consider documentation a junior job, but something to be done
together with the code, by the developers who write the code.

I am aware of a number of documentation tasks, but all of them are
seriously difficult: For example, improving event(3), improving
sysctl(3), documenting undocumented functions in LibreSSL, cleaning
up LibreSSL manual pages in general, and figuring out how to fix
OpenGL documentation.

That said, there happens to be a TODO list for documentation tools,
as opposed to documentation tasks:

  http://mandoc.bsd.lv/cgi-bin/cvsweb/TODO?rev=HEAD

Most entries on that list are of high difficulty, but a few are easy.


The most important qualification round here is the ability to
find out what you are interested in, what you are capable of,
to identify tasks *yourself* that you want to spend time on
and are capable of making progress with.  Nobody can tell you
what that is.  Very many different areas could benefit from work.

And after that, the next most important qualification is being able
to learn from doing, from reading code, from listening to advice,
and from following ongoing discussions (in about that order).

> plan to head down the networking path

Fine, so watch your own networking needs (or the networking needs
that come up in the context of your research & studies), use OpenBSD
for them, identify bug or feature gaps, try to fix them, send patches
if you succeed, or ask *specific* questions for advice if you get
stuck on a problem and can't make progress.  In particular at first,
avoid spending long times (more than a few days) on a problem before
talking to somebody about the (even preliminary) results, because
spending weeks, then finding out that the basic approach was misguided,
is frustrating.

Yours,
  Ingo

run(4) D-Link DWA-130 rev F1

2017-08-02 Thread Jacqueline Jolicoeur 
Hi,

I have a D-Link DWA-130 rev F1 which was not being detected.

I took a guess and made this kernel patch for run(4) which seems
to work for me thus far. The device is now detected, connects with
nwid, wpakey and dhclient. The 0x3c25 magic is from usbdevs(8)

Tested using amd64 GENERIC.MP -current

Index: share/man/man4/run.4
===
RCS file: /cvs/src/share/man/man4/run.4,v
retrieving revision 1.49
diff -u -p -r1.49 run.4
--- share/man/man4/run.413 Jul 2017 08:10:50 -  1.49
+++ share/man/man4/run.42 Aug 2017 05:21:21 -
@@ -120,7 +120,7 @@ The following adapters should work:
 .It Corega CG-WLUSB300AGN
 .It Corega CG-WLUSB300GNM
 .It D-Link DWA-127
-.It D-Link DWA-130 rev B1
+.It D-Link DWA-130 rev B1, F1
 .It D-Link DWA-140 rev B1, B2, B3, \
 .It D-Link DWA-160 rev B2
 .It D-Link DWA-162
Index: sys/dev/usb/if_run.c
===
RCS file: /cvs/src/sys/dev/usb/if_run.c,v
retrieving revision 1.121
diff -u -p -r1.121 if_run.c
--- sys/dev/usb/if_run.c21 Jul 2017 00:55:05 -  1.121
+++ sys/dev/usb/if_run.c2 Aug 2017 05:21:31 -
@@ -153,6 +153,7 @@ static const struct usb_devno run_devs[]
USB_ID(COREGA,  RT3070),
USB_ID(CYBERTAN,RT2870),
USB_ID(DLINK,   DWA127),
+   USB_ID(DLINK,   DWA130F1),
USB_ID(DLINK,   DWA140B3),
USB_ID(DLINK,   DWA160B2),
USB_ID(DLINK,   DWA162),
Index: sys/dev/usb/usbdevs
===
RCS file: /cvs/src/sys/dev/usb/usbdevs,v
retrieving revision 1.674
diff -u -p -r1.674 usbdevs
--- sys/dev/usb/usbdevs 6 Jun 2017 00:52:02 -   1.674
+++ sys/dev/usb/usbdevs 2 Aug 2017 05:21:32 -
@@ -1544,6 +1544,7 @@ product DLINK DWA140B30x3c15  DWA-140 r
 product DLINK DWA160B2 0x3c1a  DWA-160 rev B2
 product DLINK DWA127   0x3c1b  DWA-127
 product DLINK DWA162   0x3c1f  DWA-162 Wireless Adapter
+product DLINK DWA130F1 0x3c25  DWA-130 rev F1
 product DLINK DSB650C  0x4000  10Mbps Ethernet
 product DLINK DSB650TX10x4001  10/100 Ethernet
 product DLINK DSB650TX 0x4002  10/100 Ethernet

bsd.rd problem: wd0 is not a valid root disk

2017-08-02 Thread Anthony Campbell 


In the last 10 days several attempts to upgrade -current have failed
owing to an error with bsd.rd. I get as far as choosing the keyboard;
then I'm asked to mount the root system and am offered wd0. But when I
accept that it says "wd0 is not a valid root disk". I then have to
reboot. (The boot drive is on wd0a.)

This is a recent developmet. I thought at first it was just a matter of
waiting for a new version of bsd.rd to appear on -current, but I find
I'm now getting the same error with bsd.rd from -release 6.1.  But 6.0
does work correctly. This suggests to me that something is wrong on my
setup locally but I don't know where to look.

Google shows nothing relevant. I've tried fdisk -u and installboot to
reconfigure the boot process but they make no difference.

I thought of trying to reinstall but am reluctant to do that in case I'm
left with a broken system. At least I have a working system at present,
even though I can't uprade it.

Can anyone kindly suggest what may be wrong?

I attach dmesg from the last time I could upgrade.


OpenBSD 6.1-current (GENERIC.MP) #115: Sat Jul 22 09:58:21 MDT 2017
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4268425216 (4070MB)
avail mem = 4133269504 (3941MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xfc670 (18 entries)
bios0: vendor American Megatrends Inc. version "R01-A3" date 08/28/2007
bios0: ACER Veriton M460
acpi0 at bios0: rev 0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC MCFG SLIC OEMB HPET GSCI SSDT
acpi0: wakeup devices P0P2(S4) P0P1(S4) PS2M(S4) MC97(S4) P0P4(S4) P0P5(S4) 
P0P6(S4) P0P7(S4) P0P8(S4) P0P9(S4) USB0(S3) USB1(S3) USB2(S3) USB3(S3) 
EUSB(S3) PWRB(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz, 2194.81 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,LONG,LAHF,PERF,SENSOR
cpu0: 2MB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 199MHz
cpu0: mwait min=64, max=64, C-substates=0.2.2, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 Duo CPU E4500 @ 2.20GHz, 2194.51 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,LONG,LAHF,PERF,SENSOR
cpu1: 2MB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 3 (P0P1)
acpiprt2 at acpi0: bus 1 (P0P4)
acpiprt3 at acpi0: bus 2 (P0P5)
acpiprt4 at acpi0: bus -1 (P0P6)
acpiprt5 at acpi0: bus -1 (P0P7)
acpiprt6 at acpi0: bus -1 (P0P8)
acpiprt7 at acpi0: bus -1 (P0P9)
acpicpu0 at acpi0: C1(@1 halt!), PSS
acpicpu1 at acpi0: C1(@1 halt!), PSS
acpitz0 at acpi0: critical temperature is 110 degC
"PNP0700" at acpi0 not configured
"PNP0400" at acpi0 not configured
"PNP0F03" at acpi0 not configured
acpibtn0 at acpi0: PWRB
cpu0: Enhanced SpeedStep 2194 MHz: speeds: 2200, 1600, 1200 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82G33 Host" rev 0x02
inteldrm0 at pci0 dev 2 function 0 "Intel 82G33 Video" rev 0x02
drm0 at inteldrm0
intagp0 at inteldrm0
agp0 at intagp0: aperture at 0xd000, size 0x1000
inteldrm0: msi
inteldrm0: 1280x1024, 32bpp
wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x01: msi
azalia0: codecs: Realtek ALC888
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x01: msi
pci1 at ppb0 bus 1
ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x01: msi
pci2 at ppb1 bus 2
re0 at pci2 dev 0 function 0 "Realtek 8168" rev 0x01: RTL8168 2 (0x3800), msi, 
address 00:19:21:4f:2e:c3
rgephy0 at re0 phy 7: RTL8169S/8110S/8211 PHY, rev. 2
uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x01: apic 2 int 23
uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x01: apic 2 int 19
uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x01: apic 2 int 18
uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x01: apic 2 int 16
ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x01: apic 2 int 23
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 
addr 1
ppb2 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xe1
pci3 at ppb2 bus 3
pcib0 at pci0 dev 31 function 0 "Intel 82801GH LPC" rev 0x01
pciide0 at pci0 dev 31 function 1 "Intel

Re: Does pf's Sources table ever get cleared?

2017-08-02 Thread Steve Williams 

Hi,

Sources is a table, so you need to use the Table commands to flush it.

pfctl -t Sources -T flush

To give you an idea...

I have a "blocklist" that I am keeping updated hourly from 
http://lists.blocklist.de/


I've found the maximum number of hosts on my system in a table is 
somewhere between 450,000 and 500,000 entries.   I load it up with the 
450,000 most recent "bad hosts" from the above website.


Are you really getting that many flooders to your website?

Have you increased the maximum size of your tables in the pf.conf?

I have:
# For the blocklist table
set limit table-entries 50

I also have a cron job that dumps my overloaded list hourly.
0   *   *   *   * /var/spamd/bad-hosts/dump_bad-hosts > 
/dev/null 2>&1


Then in my pf.conf, I have:

# ssh clients trying too fast
# See the pass rule below for populating this table.
table  persist file "/var/spamd/bad-hosts/bad-hosts.txt"
block quick log on egress from 


This way, when my system reboots, pf is immediately updated with the 
"bad-hosts"...


My tiny shell script hacked together @ 2:00 am:
#!/bin/sh
pfctl -t bad-hosts -T show > /tmp/bad.$$
if [ $? -eq 0 ]; then
  cp /tmp/bad.$$ /var/spamd/bad-hosts/bad-hosts.txt
  rm -f /tmp/bad.$$
  exit 0
fi
rm -f /tmp/bad.$$
exit 1

Cheers,
Steve

On 01/08/2017 9:34 AM, Markus Wernig wrote:

Hi all

I have a pair of OBSD 6.1 firewalls, on which some rules require source
tracking, i.e. have a max-src-conn or similar statement as in:

pass  log  quick on { em0 vlan1 } inet proto tcp  from any  to
 port { 80, 443 } modulate state ( max-src-conn 50,
max-src-conn-rate 25/5, overload  flush global )

This works perfectly, any hosts that surpass that limit get blocked.

But on the other hand, the Sources table (as seen with pfctl -s Sources)
keeps growing. With every allowed connection, there are two new entries.
And it seems that the Sources table expands in one direction only. I.e.
even long after the relative connection has been flushed from the state
table, there are still the entries in the Sources table.

No matter what happens, the Sources keep expanding until the src-nodes
hard limit is reached. At which point only a reboot will help.

I've tried to flush them with pfctl -F Sources, but without success:

wall0101 # pfctl -s Sources | wc -l
  512
wall0101 # pfctl -F Sources
source tracking entries cleared
wall0101 # pfctl -s Sources | wc -l
  514

Is there any reason (presumably in my ruleset, but didn't find it) that
would keep entries in the Sources table from being cleared?
Shouldn't the tracking entries be removed when the corresponding states
are flushed and shouldn't pfctl -F Sources clear the Sources table?

Thx /markus

Re: multiple relays in smtpd.conf

2017-08-02 Thread Gilles Chehade 
On Wed, Aug 02, 2017 at 02:47:27PM +0200, Christian Gut wrote:
> 
> > On 2.Aug. 2017, at 14:09, Gilles Chehade  wrote:
> > 
> > On Wed, Aug 02, 2017 at 01:47:09PM +0200, Kirill Miazine wrote:
> >> * Eric Faurot [2017-08-02 13:24]:
> >>> On Wed, Aug 02, 2017 at 11:44:47AM +0200, Christian Gut wrote:
>  Hi List,
>  
>  is it possible to have multiple relays (you might want to say smart 
>  hosts) in smtpd?
>  
>  I currently use the following line:
>  
>  accept from local for any relay via smarthost.example.org 
>  
>  
>  Now I would like to have multiple smart hosts in there for backup 
>  reasons, if one of the smart hosts is in maintainance. Is something like 
>  this possible?
>  
>  accept from local for any relay via { smarthost1.example.org 
>  , smarthost2.example.org 
>   }
>  
>  Kind Regards,
>  Christian
>  
> >>> It's not possible at the moment.  There is ongoing work to support this 
> >>> feature,
> >>> along with other improvements. But it's quite a big change, and we can't 
> >>> give an
> >>> ETA right now.
> >> 
> >> what about defining a new name in DNS containing addresses of all
> >> smarthosts as a workaround for the OP for now?
> >> 
> > 
> > This can work in some use-cases, this is exactly what a co-worker did to
> > work around the limitation.
> 
> How will smtpd operate then? Does it use the DNS records in a round robin 
> fashion or does it try them one after another if they fail?
> 

smtpd maintains states about its routes to a destination.

what will happen is that it will resolve your relay hostname into all of
its addresses and attempts to route to them. if a route is broken, it is
marked as such for a small period and reattempted later, meanwhile there
will be routes that aren't marked as broken and which smtpd will be able
to use.


-- 
Gilles Chehade

https://www.poolp.org  @poolpOrg

Re: multiple relays in smtpd.conf

2017-08-02 Thread Christian Gut 

> On 2.Aug. 2017, at 14:09, Gilles Chehade  wrote:
> 
> On Wed, Aug 02, 2017 at 01:47:09PM +0200, Kirill Miazine wrote:
>> * Eric Faurot [2017-08-02 13:24]:
>>> On Wed, Aug 02, 2017 at 11:44:47AM +0200, Christian Gut wrote:
 Hi List,
 
 is it possible to have multiple relays (you might want to say smart hosts) 
 in smtpd?
 
 I currently use the following line:
 
 accept from local for any relay via smarthost.example.org 
 
 
 Now I would like to have multiple smart hosts in there for backup reasons, 
 if one of the smart hosts is in maintainance. Is something like this 
 possible?
 
 accept from local for any relay via { smarthost1.example.org 
 , smarthost2.example.org 
  }
 
 Kind Regards,
 Christian
 
>>> It's not possible at the moment.  There is ongoing work to support this 
>>> feature,
>>> along with other improvements. But it's quite a big change, and we can't 
>>> give an
>>> ETA right now.
>> 
>> what about defining a new name in DNS containing addresses of all
>> smarthosts as a workaround for the OP for now?
>> 
> 
> This can work in some use-cases, this is exactly what a co-worker did to
> work around the limitation.

How will smtpd operate then? Does it use the DNS records in a round robin 
fashion or does it try them one after another if they fail?

Christian

Re: Helping out

2017-08-02 Thread Rupert Gallagher 
Although the list expects plain text (without motivation), the same list does 
not explicitly ban base64 encoding, both in writing and de-facto. Those who 
complain should rather accept the fact and update their clients.
If the list shall introduce an explicit ban of base64 encoding, then the list 
shall also discriminate against protonmail users, which fact we shall not take 
lightly.
Sent from ProtonMail Mobile

On Wed, Aug 2, 2017 at 3:56 AM, Bryan Vyhmeister  wrote:

> On Tue, Aug 01, 2017 at 08:19:23PM -0400, Radoslav_Mirza wrote: > Dear Group, 
> Are there any places to start helping out for a beginner? > Any junior jobs 
> or todo lists? > > I have a new Ryzen 1700 running OpenBSD so maybe I could 
> help with > some benchmark tests etc. > > Any pointers of where to go would 
> be great! There was a recent discussion about ProtonMail not sending plain 
> text email which this list expects. I would suggest sending with another 
> address and sending in plain text. Check the archives for more info about it 
> but base64 encoded emails (like from ProtonMail) will likely be ignored. 
> Hopefully ProtonMail will correct this problem but they have "started" on it 
> for more than a year. Bryan

Re: multiple relays in smtpd.conf

2017-08-02 Thread tomr 


On 08/02/17 21:47, Kirill Miazine wrote:
> * Eric Faurot [2017-08-02 13:24]:
>> On Wed, Aug 02, 2017 at 11:44:47AM +0200, Christian Gut wrote:
>>> Hi List,
>>>
>>> is it possible to have multiple relays (you might want to say smart hosts) 
>>> in smtpd?
>>>
>>> I currently use the following line:
>>>
>>> accept from local for any relay via smarthost.example.org 
>>> 
>>>
>>> Now I would like to have multiple smart hosts in there for backup reasons, 
>>> if one of the smart hosts is in maintainance. Is something like this 
>>> possible?
>>>
>>> accept from local for any relay via { smarthost1.example.org 
>>> , smarthost2.example.org 
>>>  }
>>>
>>> Kind Regards,
>>> Christian
>>>
>> It's not possible at the moment.  There is ongoing work to support this 
>> feature,
>> along with other improvements. But it's quite a big change, and we can't 
>> give an
>> ETA right now.
> 
> what about defining a new name in DNS containing addresses of all
> smarthosts as a workaround for the OP for now?

Or, if it's for planned maintenance only, a single address (changed in
advance of the maint window) should also work I'd reckon.

Also: is this not a purpose to which relayd could usefully put using a
'check script'?

t

Re: Helping out

2017-08-02 Thread Walter Alejandro Iglesias 
Hello Bryan and Radoslav,

In article <20170802015654.ga64...@c.brycv.com> you wrote:
> On Tue, Aug 01, 2017 at 08:19:23PM -0400, Radoslav_Mirza wrote:
> > Dear Group, Are there any places to start helping out for a beginner?
> > Any junior jobs or todo lists?
> > 
> > I have a new Ryzen 1700 running OpenBSD so maybe I could help with
> > some benchmark tests etc.
> > 
> > Any pointers of where to go would be great!
> 
> There was a recent discussion about ProtonMail not sending plain text
> email which this list expects. I would suggest sending with another
> address and sending in plain text. Check the archives for more info
> about it but base64 encoded emails (like from ProtonMail) will likely be
> ignored. Hopefully ProtonMail will correct this problem but they have
> "started" on it for more than a year.

The first time I looked at the base64 encoded text pasted by Mihai
Popescu's (the first noticing this issue):

https://marc.info/?l=openbsd-misc=149984510728808=2

I saw the message was written in English, what made me think protonmail
was doing something wrong, but more late I realized I'd overlooked the
first line, the quoted text reference author's name contained *one*
non-ascii character. :-)

To see it yourself:

$ cat file-containing-only-base64-part | openssl enc -base64 -d

This means what proton mail did in this case isn't incorrect.

As far as I understand, the purpose of this encoding (as the whole MIME
standard) is to send all messages through the net in plain ascii, to
assure compatibility among all servers.  For example if I typed here any
non ascii character (what could happen even by accident when you use a
non English keyboard), Mutt, the MUA I use, would send the body of this
message quoted-printable encoded (the one used for low utf8 density
languages as Spanish; base64 is used i.e. for Russian).  The same would
happen if some non-ascii character is in some sender's name in the
quoted text references; your MUA would detect that character and
automatically would send the body of your message encoded.  Despite
base64, quoted-printable would still be readable.

Where is the problem.  I guess developers here, when they don't have any
MUA from packages installed, are forced to use the one in base,
mailx(1), which doesn't support MIME.  If this is the case, they'd have
troubles reading non ascii characters sent as is anyway.  So, the best
workaround, whatever MUA you use, is to avoid using non-ascii characters
when you post to these lists (even in your name).

Said that I still find annoying top-posting and not hard wrapped lines.
But protonmail isn't the only one doing this. ;-)

(I'd add more common practices you can't blame MUAs as not using double
spaces after sentences, writing all in lowercase; the time they save
writing is charged to the reader.)



> 
> Bryan
> 
>

Re: multiple relays in smtpd.conf

2017-08-02 Thread Gilles Chehade 
On Wed, Aug 02, 2017 at 01:47:09PM +0200, Kirill Miazine wrote:
> * Eric Faurot [2017-08-02 13:24]:
> > On Wed, Aug 02, 2017 at 11:44:47AM +0200, Christian Gut wrote:
> >> Hi List,
> >>
> >> is it possible to have multiple relays (you might want to say smart hosts) 
> >> in smtpd?
> >>
> >> I currently use the following line:
> >>
> >> accept from local for any relay via smarthost.example.org 
> >> 
> >>
> >> Now I would like to have multiple smart hosts in there for backup reasons, 
> >> if one of the smart hosts is in maintainance. Is something like this 
> >> possible?
> >>
> >> accept from local for any relay via { smarthost1.example.org 
> >> , smarthost2.example.org 
> >>  }
> >>
> >> Kind Regards,
> >> Christian
> >>
> > It's not possible at the moment.  There is ongoing work to support this 
> > feature,
> > along with other improvements. But it's quite a big change, and we can't 
> > give an
> > ETA right now.
> 
> what about defining a new name in DNS containing addresses of all
> smarthosts as a workaround for the OP for now?
> 

This can work in some use-cases, this is exactly what a co-worker did to
work around the limitation.


-- 
Gilles Chehade

https://www.poolp.org  @poolpOrg

Re: multiple relays in smtpd.conf

2017-08-02 Thread Gilles Chehade 
On Wed, Aug 02, 2017 at 11:44:47AM +0200, Christian Gut wrote:
> Hi List,
> 
> is it possible to have multiple relays (you might want to say smart hosts) in 
> smtpd?
> 
> I currently use the following line:
> 
> accept from local for any relay via smarthost.example.org 
> 
> 
> Now I would like to have multiple smart hosts in there for backup reasons, if 
> one of the smart hosts is in maintainance. Is something like this possible?
> 
> accept from local for any relay via { smarthost1.example.org 
> , smarthost2.example.org 
>  }
> 

Hi,

Unfortunately it's not possible as of today.

I'm currently working on making this possible, like I was actually doing
work for that yesterday, but it's not as easy as it looks like and there
is no chance it can make it before 6.3

I have a big interest in this working so this is among my top prio work.

Gilles

-- 
Gilles Chehade

https://www.poolp.org  @poolpOrg

Re: multiple relays in smtpd.conf

2017-08-02 Thread Kirill Miazine 
* Eric Faurot [2017-08-02 13:24]:
> On Wed, Aug 02, 2017 at 11:44:47AM +0200, Christian Gut wrote:
>> Hi List,
>>
>> is it possible to have multiple relays (you might want to say smart hosts) 
>> in smtpd?
>>
>> I currently use the following line:
>>
>> accept from local for any relay via smarthost.example.org 
>> 
>>
>> Now I would like to have multiple smart hosts in there for backup reasons, 
>> if one of the smart hosts is in maintainance. Is something like this 
>> possible?
>>
>> accept from local for any relay via { smarthost1.example.org 
>> , smarthost2.example.org 
>>  }
>>
>> Kind Regards,
>> Christian
>>
> It's not possible at the moment.  There is ongoing work to support this 
> feature,
> along with other improvements. But it's quite a big change, and we can't give 
> an
> ETA right now.

what about defining a new name in DNS containing addresses of all
smarthosts as a workaround for the OP for now?

> Eric.
>

Re: touchpad input driver: testing needed

2017-08-02 Thread Todd Mortimer 
Lenovo T430 here, everything seems to be in order. I didn't have to make
any changes to the defaults, and didn't have any synaptics config
before. It seems to behave the same, so I don't see any difference.

mouse.type=synaptics
mouse.rawmode=0
mouse.scale=1472,5470,1408,4498,0,60,85
mouse.tp.tapping=0
mouse.tp.scaling=0.182
mouse.tp.swapsides=0
mouse.tp.disable=0
mouse1.type=ps2

OpenBSD 6.1-current (GENERIC.MP) #34: Tue Aug  1 18:56:18 MDT 2017
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8256528384 (7874MB)
avail mem = 738560 (7629MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdae9c000 (68 entries)
bios0: vendor LENOVO version "G1ETB1WW (2.71 )" date 08/08/2016
bios0: LENOVO 2347H76
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SLIC TCPA SSDT SSDT SSDT HPET APIC MCFG ECDT FPDT ASF! 
UEFI UEFI POAT SSDT SSDT DMAR UEFI DBG2
acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP3(S4) XHCI(S3) EHC1(S3) 
EHC2(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz, 2594.55 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,ES
T,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: TSC frequency 2594554920 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz, 2594.12 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,ES
T,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz, 2594.12 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,ES
T,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz, 2594.12 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpiec0 at acpi0
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG_)
acpiprt2 at acpi0: bus 2 (EXP1)
acpiprt3 at acpi0: bus 3 (EXP2)
acpiprt4 at acpi0: bus 4 (EXP3)
acpicpu0 at acpi0: C3(200@87 mwait.1@0x30), C2(500@59 mwait.1@0x10), C1(1000@1 
mwait.1), PSS
acpicpu1 at acpi0: C3(200@87 mwait.1@0x30), C2(500@59 mwait.1@0x10), C1(1000@1 
mwait.1), PSS
acpicpu2 at acpi0: C3(200@87 mwait.1@0x30), C2(500@59 mwait.1@0x10), C1(1000@1 
mwait.1), PSS
acpicpu3 at acpi0: C3(200@87 mwait.1@0x30), C2(500@59 mwait.1@0x10), C1(1000@1 
mwait.1), PSS
acpipwrres0 at acpi0: PUBS, resource for XHCI, EHC1, EHC2
acpitz0 at acpi0: critical temperature is 200 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
"LEN0071" at acpi0 not configured
"LEN0015" at acpi0 not configured
"SMO1200" at acpi0 not configured
acpibat0 at acpi0: BAT0 model "45N1011" serial 49124 type LION oem "LGC"
acpiac0 at acpi0: AC unit offline
"LEN0078" at acpi0 not configured
acpithinkpad0 at acpi0
"PNP0C14" at acpi0 not configured
"PNP0C14" at acpi0 not configured
"PNP0C14" at acpi0 not configured
acpivideo0 at acpi0: VID_
acpivout at acpivideo0 not configured
acpivideo1 at acpi0: VID_
cpu0: Enhanced SpeedStep 2594 MHz: speeds: 2601, 2600, 2500, 2400, 2300, 2200, 
2100, 2000, 1900, 1800, 1700, 1600, 1500, 1400, 1300, 1200 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core 3G Host" rev 0x09
inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics 4000" rev 0x09
drm0 at inteldrm0
inteldrm0: msi
inteldrm0:

Re: multiple relays in smtpd.conf

2017-08-02 Thread Eric Faurot 
On Wed, Aug 02, 2017 at 11:44:47AM +0200, Christian Gut wrote:
> Hi List,
> 
> is it possible to have multiple relays (you might want to say smart hosts) in 
> smtpd?
> 
> I currently use the following line:
> 
> accept from local for any relay via smarthost.example.org 
> 
> 
> Now I would like to have multiple smart hosts in there for backup reasons, if 
> one of the smart hosts is in maintainance. Is something like this possible?
> 
> accept from local for any relay via { smarthost1.example.org 
> , smarthost2.example.org 
>  }
>
> Kind Regards,
> Christian
> 

It's not possible at the moment.  There is ongoing work to support this feature,
along with other improvements. But it's quite a big change, and we can't give an
ETA right now.

Eric.

multiple relays in smtpd.conf

2017-08-02 Thread Christian Gut 
Hi List,

is it possible to have multiple relays (you might want to say smart hosts) in 
smtpd?

I currently use the following line:

accept from local for any relay via smarthost.example.org 


Now I would like to have multiple smart hosts in there for backup reasons, if 
one of the smart hosts is in maintainance. Is something like this possible?

accept from local for any relay via { smarthost1.example.org 
, smarthost2.example.org 
 }

Kind Regards,
Christian

Re: Does pf's Sources table ever get cleared?

2017-08-02 Thread Markus Wernig 
There does seem to be a timer that is set to expire, but it does not
seem to work:

# pfctl -s Sources -vv
...
a.b.c.d ( states 0, connections 0, rate 0.0/0s )
   age 11:41:50, expires in 00:00:00, 33 pkts, 11524 bytes, rule 582
e.f.g.h ( states 0, connections 0, rate 0.0/0s )
   age 12:24:25, expires in 00:00:00, 320 pkts, 110512 bytes, rule 582
i.j.k.l ( states 0, connections 0, rate 0.0/0s )
   age 10:03:11, expires in 00:00:00, 2 pkts, 80 bytes, rule 591
m.n.o.p ( states 0, connections 0, rate 0.0/0s )
   age 10:55:49, expires in 00:00:00, 2 pkts, 80 bytes, rule 591

Could this be a bug?

best markus


On 01.08.2017 17:34, Markus Wernig wrote:
> Hi all
> 
> I have a pair of OBSD 6.1 firewalls, on which some rules require source
> tracking, i.e. have a max-src-conn or similar statement as in:
> 
> pass  log  quick on { em0 vlan1 } inet proto tcp  from any  to
>  port { 80, 443 } modulate state ( max-src-conn 50,
> max-src-conn-rate 25/5, overload  flush global )
> 
> This works perfectly, any hosts that surpass that limit get blocked.
> 
> But on the other hand, the Sources table (as seen with pfctl -s Sources)
> keeps growing. With every allowed connection, there are two new entries.
> And it seems that the Sources table expands in one direction only. I.e.
> even long after the relative connection has been flushed from the state
> table, there are still the entries in the Sources table.
> 
> No matter what happens, the Sources keep expanding until the src-nodes
> hard limit is reached. At which point only a reboot will help.
> 
> I've tried to flush them with pfctl -F Sources, but without success:
> 
> wall0101 # pfctl -s Sources | wc -l
>  512
> wall0101 # pfctl -F Sources
> source tracking entries cleared
> wall0101 # pfctl -s Sources | wc -l
>  514
> 
> Is there any reason (presumably in my ruleset, but didn't find it) that
> would keep entries in the Sources table from being cleared?
> Shouldn't the tracking entries be removed when the corresponding states
> are flushed and shouldn't pfctl -F Sources clear the Sources table?
> 
> Thx /markus
>

Re: touchpad input driver: testing needed

2017-08-02 Thread Olivier Antoine 
I have no customization in my xorg.conf. The only lines it have are the
ones you asked to put in on your original mail.
It's a basic installation with cwm and no fancy Window Manager.

Here is the output you asked for:

$ xmodmap -pp
There are 10 pointer buttons defined.

PhysicalButton
 Button  Code
1  1
2  2
3  3
4  4
5  5
6  6
7  7
8  8
9  9
   10 10

Maybe this may be interesting:

$ grep ws /var/log/Xorg.0.log
[  3892.359] (--) Using wscons driver on /dev/ttyC4
[  3892.379] (II) The server relies on wscons to provide the list of input
devices.
If no devices become available, reconfigure wscons or disable
AutoAddDevices.
[  3893.160] (II) config/wscons: checking input device /dev/wskbd
[  3893.160] (II) wskbd: using layout fr
[  3893.164] (II) Using input driver 'kbd' for '/dev/wskbd'
[  3893.164] (**) /dev/wskbd: always reports core events
[  3893.164] (**) /dev/wskbd: always reports core events
[  3893.164] (II) XINPUT: Adding extended input device "/dev/wskbd" (type:
KEYBOARD, id 6)
[  3893.348] (II) config/wscons: checking input device /dev/wsmouse0
[  3893.348] (**) /dev/wsmouse0: Applying InputClass "touchpad catchall"
[  3893.349] (**) /dev/wsmouse0: Applying InputClass "Default clickpad
buttons"
[  3893.349] (**) /dev/wsmouse0: Applying InputClass "wsmouse touchpad"
[  3893.349] (II) LoadModule: "ws"
[  3893.351] (II) Loading /usr/X11R6/lib/modules/input/ws_drv.so
[  3893.352] (II) Module ws: vendor="X.Org Foundation"
[  3893.352] (II) Using input driver 'ws' for '/dev/wsmouse0'
[  3893.352] (**) /dev/wsmouse0: always reports core events
[  3893.352] (II) ws: /dev/wsmouse0: debuglevel 0
[  3893.352] (**) Option "Device" "/dev/wsmouse0"
[  3893.353] (**) ws: /dev/wsmouse0: ZAxisMapping: buttons 4 and 5
[  3893.353] (**) ws: /dev/wsmouse0: WAxisMapping: buttons 6 and 7
[  3893.353] (**) ws: /dev/wsmouse0: associated screen: 0
[  3893.484] (II) ws: /dev/wsmouse0: minimum x position: 0
[  3893.485] (II) ws: /dev/wsmouse0: maximum x position: 1365
[  3893.485] (II) ws: /dev/wsmouse0: minimum y position: 0
[  3893.485] (II) ws: /dev/wsmouse0: maximum y position: 767
[  3893.485] (==) ws: /dev/wsmouse0: Buttons: 7
[  3893.489] (**) ws: /dev/wsmouse0: YAxisMapping: buttons 4 and 5
[  3893.489] (II) XINPUT: Adding extended input device "/dev/wsmouse0"
(type: MOUSE, id 7)
[  3893.579] (**) /dev/wsmouse0: (accel) keeping acceleration scheme 1
[  3893.579] (**) /dev/wsmouse0: (accel) acceleration profile 0
[  3893.579] (**) /dev/wsmouse0: (accel) acceleration factor: 2.000
[  3893.579] (**) /dev/wsmouse0: (accel) acceleration threshold: 4
[  3893.579] (II) config/wscons: checking input device /dev/wsmouse
[  3893.579] (II) Using input driver 'ws' for '/dev/wsmouse'
[  3893.579] (**) /dev/wsmouse: always reports core events
[  3893.579] (II) ws: /dev/wsmouse: debuglevel 0
[  3893.579] (**) Option "Device" "/dev/wsmouse"
[  3893.579] (**) ws: /dev/wsmouse: ZAxisMapping: buttons 4 and 5
[  3893.579] (**) ws: /dev/wsmouse: WAxisMapping: buttons 6 and 7
[  3893.579] (**) ws: /dev/wsmouse: associated screen: 0
[  3893.579] (II) ws: /dev/wsmouse: minimum x position: 0
[  3893.579] (II) ws: /dev/wsmouse: maximum x position: 1365
[  3893.579] (II) ws: /dev/wsmouse: minimum y position: 0
[  3893.579] (II) ws: /dev/wsmouse: maximum y position: 767
[  3893.579] (==) ws: /dev/wsmouse: Buttons: 7
[  3893.579] (**) ws: /dev/wsmouse: YAxisMapping: buttons 4 and 5
[  3893.579] (II) XINPUT: Adding extended input device "/dev/wsmouse"
(type: MOUSE, id 8)
[  3893.580] (**) /dev/wsmouse: (accel) keeping acceleration scheme 1
[  3893.580] (**) /dev/wsmouse: (accel) acceleration profile 0
[  3893.580] (**) /dev/wsmouse: (accel) acceleration factor: 2.000
[  3893.580] (**) /dev/wsmouse: (accel) acceleration threshold: 4



On Wed, Aug 2, 2017 at 2:00 AM, Ulf Brosziewski  wrote:

> The event codes look wrong, they are for right-clicks and left-clicks,
> if I'm not mistaken.  Is there a "ButtonMapping" defined for X
> somewhere (in your xorg.conf, or by a script), or a "ZAxisMapping"?
>
> Could you have a look at the output of
>$ xmodmap -pp
> ?
>
> On 08/02/2017 12:22 AM, Olivier Antoine wrote:
> > Two-fingers scrolling doesn't work at all. Under a firefox window, it
> open
> > context menu, or act like pressing button.
> >
> > $ xinput --test /dev/wsmouse0
> > button press   3
> > button release 3
> > button press   3
> > button release 3
> > button press   3
> > button release 3
> > motion a[0]=876 a[1]=497
> > button press   3
> > button release 3
> > button press   3
> > button release 3
> > button press   3
> > button release 3
> > button press   1
> > button release 1
> > button press   1
> > button release 1
> > button press   1
> > button release 1
> > button press

Re: Supporting OpenBSD

2017-08-02 Thread Mike Burns 
On 2017-08-02 13.21.44 +0930, Radoslav Mirza wrote:
> Are there any resources that point to where I can begin to help with
> the project?

- Use OpenBSD to get your work done. When something breaks, fix it and
  send in a patch. When something is sub par, improve it and send in
  that patch.
- Join #openbsd-daily on irc.freenode.net to get a walkthrough of how
  code is written for the project.
- Follow tech@. When someone sends a patch asking for an OK, try
  applying it to make sure it works as intended.
- Follow bugs@.
- Donate hardware: https://www.openbsd.org/want.html
- Donate money: https://www.openbsd.org/donations.html

Re: Split zone DNS?

2017-08-02 Thread flipchan 
Yupp use unbound it's great

On July 28, 2017 4:47:53 PM GMT+02:00, Liviu Daia  wrote:
>On 28 July 2017, Steve Williams  wrote:
>> Hi,
>> 
>> I recently upgraded to 6.1 and am trying to (finally, after many
>OpenBSD
>> versions over 10 years) fine tune my home network.
>> 
>> I would like to run a local resolver on my internal network that will
>> resolve all my hosts on my local network to IP addresses on my local
>> network(s) rather than resolving to their public IP addresses.
>> 
>> I believe it's called a "split zone" DNS, where my domain is resolved
>> locally, but everyone else is resolved using normal resolution
>processes.
>> 
>> I set this up at one of my previous jobs using BIND, but that was 7
>years
>> ago.  I've never gone to the trouble of doing it at home, but I would
>like
>> to exercise my brain a bit as well as having my home network set up
>> "better".
>> 
>> What is the best tool to accomplish this these days?  Is NSD the
>"modern"
>> tool to be using on OpenBSD?
>> 
>> Are there any hooks for dhcpd to update records?
>> 
>> I've read the NSD(8), nsd.conf(5) man pages and that seems to be the
>way to
>> go, but I thought I'd check the wisdom here to see if there is a
>better
>> approach.
>
>unbound(8) probably does exactly what you want.  It's mainly a
>recursive resoler, but it can also answer authoritatively for "local"
>zones, or simply override addresses for given hosts (think anti-spam).
>Unless you also want to answer queries for your domain comming from the
>Internet, you don't need a separate authoritative server.
>
>Regards,
>
>Liviu Daia

-- 
Take Care Sincerely flipchan layerprox dev