Re: thank you for 6.6 and bsd.rd
Jonathan Thornburg wrote: > I recently reinstalled my main laptop (which was at 6.5-stable/amd64) > with 6.6/amd64. Almost everything "just worked", and the things that > didn't were 3rd-party stuff not from OpenBSD. A big thank-you to everyone! > > And... a specific itch-you-scratched-very-nicely I'd like to praise: > > For the past few years I've usually (re)installed OpenBSD by burning a > boot DVD and then booting that. But this time I found myself with the > combination of a broken built-in cd/dvd drive, and a computer which didn't > seem to want to boot from USB even after fiddling with bios settings. > Being able to copy the new (6.6) bsd.rd to an existing filesystem on the > (running) old OpenBSD system, then boot that bsd.rd to install, was > really really nice. Thank you! well you missed out for 6.5 onwards, all you had to was type sysmerge sysupgrade for 6.6 onwards you'll only need sysupgrade
thank you for 6.6 and bsd.rd
I recently reinstalled my main laptop (which was at 6.5-stable/amd64) with 6.6/amd64. Almost everything "just worked", and the things that didn't were 3rd-party stuff not from OpenBSD. A big thank-you to everyone! And... a specific itch-you-scratched-very-nicely I'd like to praise: For the past few years I've usually (re)installed OpenBSD by burning a boot DVD and then booting that. But this time I found myself with the combination of a broken built-in cd/dvd drive, and a computer which didn't seem to want to boot from USB even after fiddling with bios settings. Being able to copy the new (6.6) bsd.rd to an existing filesystem on the (running) old OpenBSD system, then boot that bsd.rd to install, was really really nice. Thank you! -- -- "Jonathan Thornburg [remove color- to reply]" "He wakes me up every morning meowing to death because he wants to go out, and then when I open the door he stays put, undecided, and then glares at me when I put him out" -- Nathalie Loiseau (French minister for European Affairs, explaining why she named her cat "Brexit")
Re: APU2 fails to boot on OpenBSD 6.6-current #521
On Fri, Dec 13, 2019 at 10:52:03PM +0100, Alexander Pluhar wrote: > > > Just upgraded my APU2 to the latest -current and it seems to hang on the > > disk. > > It was fine running on -current #512. > > I encountered this problem on 6.6 stable with the latest syspatches installed > after > updating the APU firmware[1] to 4.11.0.1. > > It worked again after downgrading to 4.10.0.3. > > [1] https://pcengines.github.io Here's the github ticket: https://github.com/pcengines/coreboot/issues/356 Looks like the culprit has been found and a fix submitted upstream.
Re: doas(1) adjustable timeout length
On Thu, Dec 19, 2019 at 02:03:19PM -0700, andrej wrote: > Hi Ted, > > On the note of accurate documentation; how about adding the actually defined > timeout for persist rather than the "some time"? > > > Cheers, > Andrej > > > > -- > Sent from: http://openbsd-archive.7691.n7.nabble.com/openbsd-user-misc-f3.html > Hi Andrej, Sometimes there is a reason implementation details are not specificly documented, but I don't know if thats the case here. Patch: diff --git usr.bin/doas/doas.conf.5 usr.bin/doas/doas.conf.5 index b5cacde22cd..b541aef966c 100644 --- usr.bin/doas/doas.conf.5 +++ usr.bin/doas/doas.conf.5 @@ -47,7 +47,7 @@ Options are: The user is not required to enter a password. .It Ic persist After the user successfully authenticates, do not ask for a password -again for some time. +again for 5 minutes for the session. .It Ic keepenv Environment variables other than those listed in .Xr doas 1 -- Kind regards, Hiltjo
Re: umass device disklabel not detected properly in macppc
thanks for the reply and clarifications. much appreciated. after reading the reply i went back and checked the disk. on amd64 Linux and OpenBSD fdisk shows the GPT properly. (output of Linux fdisk) Disk /dev/sdc: 235.58 GiB, 252933308416 bytes, 494010368 sectors Disk model: SSD-PEU3 Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: gpt Disk identifier: 15420EC6-BC4C-4DAB-BA8E-D4BAAD59640A Device Start End Sectors Size Type /dev/sdc1 2048 494008319 494006272 235.6G Linux filesystem (output of amd64 OpenBSD fdisk) sd2: 1> Disk: sd2 Usable LBA: 34 to 494010334 [494010368 Sectors] GUID: 15420ec6-bc4c-4dab-ba8e-d4baad59640a #: type [ start: size ] guid name 0: Linux files* [2048:494006272 ] 1c5211a4-927b-4836-b2cf-92660b3d7988 2 on macppc OpenBSD fdisk replies "Not Found" ... BUT "fdisk -e" shows: (output of macppc OpenBSD fdisk) Enter 'help' for information sd0: 1> Disk: sd0 geometry: 30750/255/63 [494010368 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: id C H S - C H S [ start:size ] --- 0: EE 0 0 2 - 30750 184 26 [ 1: 494010367 ] EFI GPT 1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 3: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused i have very limited knowledge of GPT/MBR/disklabels but that start seems odd. maybe it was created by the original SW used when the device was manufactured? 3 tested MBR on a separate USB drive, and the device got properly detected by macppc > MBR or GPT label? Yes. based on the simple test with the MBR on USB drive and that in mind i nuked the problem disk's GPT. created an MBR partition matching the size of the original partition. fsck on a Linux machine didn't return any errors. so ~ (output of Linux fdisk) Disk /dev/sdc: 235.58 GiB, 252933308416 bytes, 494010368 sectors Disk model: SSD-PEU3 Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0x Device Boot Start End Sectors Size Id Type /dev/sdc4 * 2048 494008319 494006272 235.6G 83 Linux (output of macppc OpenBSD fdisk) Disk: sd0 geometry: 30750/255/63 [494010368 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: id C H S - C H S [ start:size ] --- 0: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused *3: 83 0 32 33 - 30750 151 57 [2048: 494006272 ] Linux files* checking on macppc, disklabel has been kept intact !! now were rolling ~ # /dev/rsd0c: type: SCSI disk: SCSI disk label: SSD-PEU3 duid: flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 30750 total sectors: 494010368 boundstart: 0 boundend: 494010368 drivedata: 0 16 partitions: #size offset fstype [fsize bsize cpg] c:4940103680 unused i:494006272 2048 ext2fs checking on macppc, mount was OK: /dev/sd0i on /mnt/sd0 type ext2fs (local) mounted without problems on amd64 Linux and OpenBSD too maybe i just got lucky lesson for the day ... stay old skool MBR yorosiku ~ December 19, 2019 9:17 AM, "Theo de Raadt" wrote: > The disklabel sector is a not a machine-independent format, and it > moves between different sectors on some machines. > > You'll find we make no promises about this type of disk-portability. > MBR or GPT label? Yes. > > Our own disklabels, unfortunately not. > > rgci...@disroot.org wrote: > >> dear all, >> >> to transfer files between an amd64 Linux, amd64 OpenBSD-current, and macppc >> OpenBSD-current i have a USB drive. last night was the first time i tried to >> use the drive on the macpcc. >> >> Dec 19 06:09:06 apbg4 /bsd: umass0 at uhub0 port 2 configuration 1 interface >> 0 "BUFFALO SSD-PEU3" >> rev 2.10/1.10 addr 2 >> Dec 19 06:09:06 apbg4 /bsd: umass0: using SCSI over Bulk-Only >> Dec 19 06:09:06 apbg4 /bsd: scsibus4 at umass0: 2 targets, initiator 0 >> Dec 19 06:09:06 apbg4 /bsd: sd0 at scsibus4 targ 1 lun 0: > SSD
Re: umass device disklabel not detected properly in macppc
No, it has to do with disklabel placement. It will work if the ext2fs filesystem is listed as a MBR partition, but not if it is only listed as a disklabel entry. But after that, you potentially have other issues... we do not make promises about filesystem compatibility between architectures. Wolfgang Pfeiffer wrote: > > > Short version: > Looks like something's wrong either with your hardware or > software: I have the same computer, with OBSD 6.5 installed, and no > problems mounting thumbs - maybe try another thumb, or recreate the > ext2 partition, or use a stable OBSD, instead of current ... > > Here on macppc: > hw.product=PowerBook5,8 > > with a regular 6.5 it seems: > - > kern.version=OpenBSD 6.5 (GENERIC) #496: Sat Apr 13 11:54:02 MDT 2019 >dera...@macppc.openbsd.org:/usr/src/sys/arch/macppc/compile/GENERIC > > > and I can easily move sticks/data on it around between a Fedora amd64 > machine and the macppc Powerbook > > For the sake of a demo here: > > + + + + On Linux + + + > > Zero-ing a whole usb thumb on Fedora Linux > ("dcfldd if=/dev/zero of=/dev ... etc.) > > Via "gnome-disks" formatted the thumb ("compatible with all systems > and devices (MBR / DOS"), created a partition choosing "No > filesystem", because ext2 wasn't offered as an option, IIRC ... > then from the command line someth. like: > mkfs.ext2 /dev/sdf1 > > + + + + On OBSD macppc + + + > > then plugged the drive into the Powerbook: > > after > doas disklabel sd0 I get this: > > # /dev/rsd0c: > type: SCSI > disk: SCSI disk > label: Transcend 32GB > duid: > flags: > bytes/sector: 512 > sectors/track: 63 > tracks/cylinder: 255 > sectors/cylinder: 16065 > cylinders: 3805 > total sectors: 61132800 > boundstart: 0 > boundend: 61132800 > drivedata: 0 > > 16 partitions: > #size offset fstype [fsize bsize cpg] > c: 611328000 unused > i: 61130752 2048 ext2fs > > --- > > then someth. like: > mount_ext2fs /dev/sd0i /mnt/ntfs > > Then on macppc copied parts of this email text over to the thumb on > /mnt/ntfs, unmounted it and took the thumb back to > > Fedora Linux > > and mounted the thumb on the Linux machine, copying parts of it into > this email, that I write and send from this Fedora system > > Because of the very first paragraphs on this page: > https://www.openbsd.org/faq/current.html > try stable 6.5, maybe? > > Wolfgang > > > On Wed, Dec 18, 2019 at 10:40:36PM +, rgci...@disroot.org wrote: > >dear all, > > > >to transfer files between an amd64 Linux, amd64 OpenBSD-current, and macppc > >OpenBSD-current i have a USB drive. last night was the first time i tried to > >use the drive on the macpcc. > > > >Dec 19 06:09:06 apbg4 /bsd: umass0 at uhub0 port 2 configuration 1 interface > >0 "BUFFALO SSD-PEU3" rev 2.10/1.10 addr 2 > >Dec 19 06:09:06 apbg4 /bsd: umass0: using SCSI over Bulk-Only > >Dec 19 06:09:06 apbg4 /bsd: scsibus4 at umass0: 2 targets, initiator 0 > >Dec 19 06:09:06 apbg4 /bsd: sd0 at scsibus4 targ 1 lun 0: >SSD-PEU3, PMAP> serial.04110210357B1BD7B099 > >Dec 19 06:09:06 apbg4 /bsd: sd0: 241216MB, 512 bytes/sector, 494010368 > >sectors > > > >the disklabel was not detected properly. this is the disklabel on macppc > >OpenBSD-current (#638: Mon Dec 16): > > > ># /dev/rsd0c: > >type: SCSI > >disk: SCSI disk > >label: SSD-PEU3 > >duid: > >flags: > >bytes/sector: 512 > >sectors/track: 63 > >tracks/cylinder: 255 > >sectors/cylinder: 16065 > >cylinders: 30750 > >total sectors: 494010368 > >boundstart: 0 > >boundend: 494010368 > >drivedata: 0 > > > >16 partitions: > >#size offset fstype [fsize bsize cpg] > > c:4940103680 unused > > > >i tried both USB ports of the Powerbook5,8. same results. > > > >this is the **correct** disklabel on amd64 OpenBSD-current (#637: Sun Dec > >15): > > > ># /dev/rsd1c: > >type: SCSI > >disk: SCSI disk > >label: SSD-PEU3 > >duid: > >flags: > >bytes/sector: 512 > >sectors/track: 63 > >tracks/cylinder: 255 > >sectors/cylinder: 16065 > >cylinders: 30750 > >total sectors: 494010368 > >boundstart: 0 > >boundend: 494010368 > >drivedata: 0 > > > >16 partitions: > >#size offset fstype [fsize bsize cpg] > > c:4940103680 unused > > i:494006272 2048 ext2fs > > > > > >partition can be mounted properly on amd64 Linux and OpenBSD. > > > > > >IIRC the drive was initialized / created on Linux. > > > > > >i have other USB drives (whole disk, msdos format) that work properly across > >all > >3 machines. > > > > > >what am i missing here? looking forward to some pointers. > > > > > >yorosiku ~ > > -- > "Altars are burnin' with flames far and wide > The foe has crossed over from the other side > They tip their caps from the top of the hill > You can feel them com
Re: umass device disklabel not detected properly in macppc
Short version: Looks like something's wrong either with your hardware or software: I have the same computer, with OBSD 6.5 installed, and no problems mounting thumbs - maybe try another thumb, or recreate the ext2 partition, or use a stable OBSD, instead of current ... Here on macppc: hw.product=PowerBook5,8 with a regular 6.5 it seems: - kern.version=OpenBSD 6.5 (GENERIC) #496: Sat Apr 13 11:54:02 MDT 2019 dera...@macppc.openbsd.org:/usr/src/sys/arch/macppc/compile/GENERIC and I can easily move sticks/data on it around between a Fedora amd64 machine and the macppc Powerbook For the sake of a demo here: + + + + On Linux + + + Zero-ing a whole usb thumb on Fedora Linux ("dcfldd if=/dev/zero of=/dev ... etc.) Via "gnome-disks" formatted the thumb ("compatible with all systems and devices (MBR / DOS"), created a partition choosing "No filesystem", because ext2 wasn't offered as an option, IIRC ... then from the command line someth. like: mkfs.ext2 /dev/sdf1 + + + + On OBSD macppc + + + then plugged the drive into the Powerbook: after doas disklabel sd0 I get this: # /dev/rsd0c: type: SCSI disk: SCSI disk label: Transcend 32GB duid: flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 3805 total sectors: 61132800 boundstart: 0 boundend: 61132800 drivedata: 0 16 partitions: #size offset fstype [fsize bsize cpg] c: 611328000 unused i: 61130752 2048 ext2fs --- then someth. like: mount_ext2fs /dev/sd0i /mnt/ntfs Then on macppc copied parts of this email text over to the thumb on /mnt/ntfs, unmounted it and took the thumb back to Fedora Linux and mounted the thumb on the Linux machine, copying parts of it into this email, that I write and send from this Fedora system Because of the very first paragraphs on this page: https://www.openbsd.org/faq/current.html try stable 6.5, maybe? Wolfgang On Wed, Dec 18, 2019 at 10:40:36PM +, rgci...@disroot.org wrote: dear all, to transfer files between an amd64 Linux, amd64 OpenBSD-current, and macppc OpenBSD-current i have a USB drive. last night was the first time i tried to use the drive on the macpcc. Dec 19 06:09:06 apbg4 /bsd: umass0 at uhub0 port 2 configuration 1 interface 0 "BUFFALO SSD-PEU3" rev 2.10/1.10 addr 2 Dec 19 06:09:06 apbg4 /bsd: umass0: using SCSI over Bulk-Only Dec 19 06:09:06 apbg4 /bsd: scsibus4 at umass0: 2 targets, initiator 0 Dec 19 06:09:06 apbg4 /bsd: sd0 at scsibus4 targ 1 lun 0: serial.04110210357B1BD7B099 Dec 19 06:09:06 apbg4 /bsd: sd0: 241216MB, 512 bytes/sector, 494010368 sectors the disklabel was not detected properly. this is the disklabel on macppc OpenBSD-current (#638: Mon Dec 16): # /dev/rsd0c: type: SCSI disk: SCSI disk label: SSD-PEU3 duid: flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 30750 total sectors: 494010368 boundstart: 0 boundend: 494010368 drivedata: 0 16 partitions: #size offset fstype [fsize bsize cpg] c:4940103680 unused i tried both USB ports of the Powerbook5,8. same results. this is the **correct** disklabel on amd64 OpenBSD-current (#637: Sun Dec 15): # /dev/rsd1c: type: SCSI disk: SCSI disk label: SSD-PEU3 duid: flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 30750 total sectors: 494010368 boundstart: 0 boundend: 494010368 drivedata: 0 16 partitions: #size offset fstype [fsize bsize cpg] c:4940103680 unused i:494006272 2048 ext2fs partition can be mounted properly on amd64 Linux and OpenBSD. IIRC the drive was initialized / created on Linux. i have other USB drives (whole disk, msdos format) that work properly across all 3 machines. what am i missing here? looking forward to some pointers. yorosiku ~ -- "Altars are burnin' with flames far and wide The foe has crossed over from the other side They tip their caps from the top of the hill You can feel them come, more brave blood to spill" Bob Dylan: "'Cross The Green Mountain"
Re: doas(1) adjustable timeout length
Hi Ted, On the note of accurate documentation; how about adding the actually defined timeout for persist rather than the "some time"? Cheers, Andrej -- Sent from: http://openbsd-archive.7691.n7.nabble.com/openbsd-user-misc-f3.html
Re: OpenBSD pf - redirect all DNS queries to local DNS server
Long time reader, first time writing in... > The big question: Is there any DOC for OpenBSD about this? What pf rules > needed to redirect any DNS server (ex.: 8.8.8.8 or 1.1.1.1) requests to the > DNS server running on the ROUTER, coming from the CLIENTS? You can use rdr-to[0] with pf to redirect all DNS queries to the DNS resolver running on the router. A rule in pf.conf would look something like: pass in on $int_if proto { udp , tcp } from any to any port domain \ rdr-to $dns_server port domain Ted Unangst has short write-up about turning your network inside out to do just this[1]. [0]: https://man.openbsd.org/pf.conf.5#rdr-to [1]: https://flak.tedunangst.com/post/turn-your-network-inside-out-with-one-pfconf-trick
Re: Why isn't ChallengeResponseAuthentication NO in sshd_config?
> Sent: Wednesday, December 18, 2019 at 9:49 PM > From: "Bodie" > To: misc@openbsd.org, owner-m...@openbsd.org > Subject: Re: Why isn't ChallengeResponseAuthentication NO in sshd_config? > > > > On 18.12.2019 18:48, lu hu wrote: > > Hello, > > > > > > # what am I talking about? > > > > https://man.openbsd.org/sshd_config#ChallengeResponseAuthentication > > > > ChallengeResponseAuthentication > > Specifies whether challenge-response authentication is allowed. All > > authentication styles from login.conf(5) are supported. The default is > > yes. > > > > > > # what does linux distros use: > > > > If I ex.: read: > > > > https://access.redhat.com/solutions/336773 > > > > then I can see ChallengeResponseAuthentication is NO for security > > reasons. Ubuntu too. > > > > > > # what else says ChallengeResponseAuthentication should be NO? > > > > https://www.openwall.com/lists/oss-security/2019/12/04/5 > > -> > > These issues were quickly fixed in OpenBSD as you can see in Security > This isn't related to the subject. > > > 1. CVE-2019-19521: Authentication bypass > > > > this attack should be more mitigated if > > ChallengeResponseAuthentication would be by default set to NO. > > > > > > # FIX: > > > > from this: > > cat /etc/ssh/sshd_config > > ... > > # Change to no to disable s/key passwords > > #ChallengeResponseAuthentication yes > > ... > > > > to this: > > vi /etc/ssh/sshd_config > > cat /etc/ssh/sshd_config > > ... > > # Change to no to disable s/key passwords > > ChallengeResponseAuthentication no > > ... > > > > But of course by default, without fixing sshd_config it should be NO. > > > > Who the hell uses s/key with sshd nowadays? > > > > And you are aware that this option is not there just for S/Key, right? > It's for example PAM Google authenticator too on Linux and others > > I think you missed couple of points. Eg.: > > https://www.openbsd.org/faq/faq10.html#SKey > > and the fact that login.conf(5) on OpenBSD by default enables S/Key. > I checked the https://www.openbsd.org/faq/faq10.html#SKey first step is to have a /etc/skey dir. So checked it: 66# ls /etc/skey ls: /etc/skey: No such file or directory 66# There is no /etc/skey by default. So you have to do the "skeyinit -E" as root, etc. Same for Google authenticator, etc. So ChallengeResponseAuthentication should be only enabled then.. when you set up extra auth methods. So afaik skey isn't enabled by default on OpenBSD, but for still some unkown reason (for me) ChallengeResponseAuthentication is set to yes by default on OpenBSD. Why? > > > > > > So please, can we make the default sshd_config more secure and set the > > "ChallengeResponseAuthentication to NO"? > > > > Some practical examples at hand of the current vulnerability which will > make this change reasonable? It is about proactive security, to avoid future possible security issues. > > > Many thanks and whishing a peaceful xmas! > >
Re: How to open new window/pane in the current working directory in tmux?
* openbsd-misc-nos...@riseup.net [2019-12-13 18:47:52 +0500]: I have next options in tmux.conf: bind '"' split-window -c "#{pane_current_path}" bind % split-window -h -c "#{pane_current_path}" bind c new-window -c "#{pane_current_path}" But it doesn't work anymore. And I can't find working options in Google. I tried all suggestions from stackexchange and it doesn't work either. What working options for OpenBSD 6.6? Thanks! Please see this thread: https://marc.info/?l=openbsd-misc&m=157478284909079&w=2 Best regards, Anders
Re: OpenBSD pf - redirect all DNS queries to local DNS server
Use DNSmasque. Use OpenDNS for forwarding to take care of lot of crapware. Sent with ProtonMail Secure Email. ‐‐‐ Original Message ‐‐‐ On Tuesday, December 17, 2019 9:55 PM, lu hu wrote: > Our little home network: > > ISP -> ROUTER -> SWITCH -> WIFI APs -> CLIENTS > > ROUTER: OpenBSD 6.5, giving DHCP+fwing internet to the WIFI APs. Based > onhttps://www.openbsd.org/faq/pf/example1.html#pf and > https://www.openbsd.org/faq/pf/example1.html#dhcp > > CLIENTS: laptops, smartphones. > > So everything is going through the ROUTER. > > We can see a https://www.openbsd.org/faq/pf/example1.html#dns DOC for how to > setup a DNS server, ~ok. > > AD filtering. We would like to have one, but not a fancy one, just a working > one. > > Based on "bad hosts", ex.: if a client queries iamAD.foo, then answer it back > as 127.0.0.1, so the clients will try to connect to themselfes, which will > end up not showing the AD. > > The big question: Is there any DOC for OpenBSD about this? What pf rules > needed to redirect any DNS server (ex.: 8.8.8.8 or 1.1.1.1) requests to the > DNS server running on the ROUTER, coming from the CLIENTS? > > So ex.: if a smartphone CLIENT wants to query iamAD.foo domain to get ADs, it > will only get back 127.0.0.1
[SOLVED] Re: dig(1) and nslookup(1) broken in -current
Hi Stuart, mea culpa. My bad. Two errors in one mail. Of course logfile ist /var/log/messages. Second error: I forgot to -f Makefile.bsd-wrapper one time. This installed the tools under /usr/bin not /usr/sbin. And /usr/bin is before /usr/sbin in the $PATH, so always the wrong file was executed. This even happened after upgrade to a new snapshot. I encountered my error with a `which dig`. Deleting the files under /usr/bin brought back normal operation. I am happy with the new version of these tools, because they understand the CAA record type needed by Let's encrypt. Thanks Stuart for helping me. Kind regards -Dieter On Thu, Dec 19, 2019 at 02:52:33PM -, Stuart Henderson wrote: > On 2019-12-18, Dieter Rauschenberger wrote: > > Hi misc, > > > > $ dig openbsd.org > > Abort trap (core dumped) > > > > $ tail -f /var/www/messages > > Dec 18 17:57:07 ws /bsd: dig[96895]: pledge "dns", syscall 28 > > > > $ nslookup openbsd.org > > Abort trap (core dumped) > > > > $ tail -f /var/www/messages > > Dec 18 17:57:22 ws /bsd: nslookup[10037]: pledge "dns", syscall 28 > > > > host(1) ist working fine. This happens on todays snapshot and via cvs > > checkout and compile. > > > > Regards > > -Dieter > > > > > > Update again. There has been a bit of churn in dig/host/nslookup recently > as OpenBSD has (finally!) updated to the last ISC-licensed version, they > should work now. > > That is quite an unusual location for your log files, I'm not sure they > are something I would like to have inside the chroot jail used for web > service! >
Re: dig(1) and nslookup(1) broken in -current
On 2019-12-18, Dieter Rauschenberger wrote: > Hi misc, > > $ dig openbsd.org > Abort trap (core dumped) > > $ tail -f /var/www/messages > Dec 18 17:57:07 ws /bsd: dig[96895]: pledge "dns", syscall 28 > > $ nslookup openbsd.org > Abort trap (core dumped) > > $ tail -f /var/www/messages > Dec 18 17:57:22 ws /bsd: nslookup[10037]: pledge "dns", syscall 28 > > host(1) ist working fine. This happens on todays snapshot and via cvs > checkout and compile. > > Regards > -Dieter > > Update again. There has been a bit of churn in dig/host/nslookup recently as OpenBSD has (finally!) updated to the last ISC-licensed version, they should work now. That is quite an unusual location for your log files, I'm not sure they are something I would like to have inside the chroot jail used for web service!
pf reply-to and dest mac address
Hello, I am trying out the reply-to option in pf to force icmp echo replies back on the same interface (vlan10) where they came in. The problem I am seeing is that the destination mac address of the replies are set to ethernet next-hop of the default route (vlan11). Am I using this correctly? My ruleset: include '/etc/pf.d/tables.pf' set ruleset-optimization none set limit states 200 set state-policy floating set block-policy return set state-defaults pflow pass in quick on vlan10 proto icmp reply-to vlan10 block log (all, to pflog0) # Default block pass quick proto carp keep state (no-sync) block out quick on vlan10 from any to pass out on vlan10 label vlan10 # egress ISP1 match out on vlan10 from to any nat-to carp10 block out quick on vlan11 from any to pass out on vlan11 label vlan11 match out on vlan11 from to any nat-to carp11 # NAT via carp11 pass out quick on vlan10 proto icmp from vlan11 route-to (vlan11 ) pass out quick on vlan11 proto icmp from vlan10 route-to (vlan10 ) pass quick proto icmp Uname -a: # uname -a OpenBSD fw2 6.6 GENERIC.MP#3 amd64 tcpdump: # tcpdump -eni vlan10 icmp tcpdump: listening on vlan10, link-type EN10MB 13:15:14.962096 00:24:c4:c0:b6:c0 3c:ec:ef:40:33:fc 0800 98: 1.1.1.1 > 4.3.2.2: icmp: echo request 13:15:14.962113 3c:ec:ef:40:33:fc 38:90:a5:73:c2:3f 0800 98: 4.3.2.2 > 1.1.1.1: icmp: echo reply arp: # arp -an | grep 00:24:c4:c0:b6:c0 4.3.2.1 00:24:c4:c0:b6:c0 vlan10 19m25s # arp -an | grep 38:90:a5:73:c2:3f 1.2.3.438:90:a5:73:c2:3f vlan11 20m0s
Re: small aggr problem ( on current )
On 15.12.2019. 23:01, Hrvoje Popovski wrote: > On 15.12.2019. 12:45, Holger Glaess wrote: >> hi >> >> >> runing version >> >> >> /etc 16>dmesg | more >> Copyright (c) 1982, 1986, 1989, 1991, 1993 >> The Regents of the University of California. All rights reserved. >> Copyright (c) 1995-2019 OpenBSD. All rights reserved. >> https://www.OpenBSD.org >> >> OpenBSD 6.6-current (GENERIC.MP) #48: Tue Dec 10 16:30:01 MST 2019 >> dera...@octeon.openbsd.org:/usr/src/sys/arch/octeon/compile/GENERIC.MP >> >> >> >> after a reboot the aggr interface do not aggregate the connection with >> the switch, >> >> just after an physical disaconnection from the ethernet cable , wait for >> some sec, >> >> and replugin . >> >> >> the the iterface are up and active, before ifconfig says "no carrier" >> but the interfaces have >> >> carrier. >> >> i dont have the problem with the trunk interface on the same hardware. >> >> >> you are on bellab as root >> /etc 20>cat /etc/hostname.cnmac1 >> mtu 1518 >> up >> >> 12:43:59 Sun Dec 15 >> you are on bellab as root >> /etc 21>cat /etc/hostname.cnmac2 >> mtu 1518 >> up >> >> 12:44:01 Sun Dec 15 >> you are on bellab as root >> /etc 22>cat /etc/hostname.aggr0 >> trunkport cnmac1 >> trunkport cnmac2 >> mtu 1518 >> up >> >> >> holger >> >> >> > Hi, > > maybe logs below would help for further troubleshooting because i'm > seeing same behavior. > > when i add debug statement in hostname.agg0 and boot box i'm getting > this log > > starting network > aggr0 ix0 rxm: LACP_DISABLED (LACP_Enabled) -> PORT_DISABLED > aggr0 ix0: selection logic: unselected (rxm !CURRENT) > aggr0 ix1 rxm: LACP_DISABLED (LACP_Enabled) -> PORT_DISABLED > aggr0 ix1: selection logic: unselected (rxm !CURRENT) > aggr0 ix2 rxm: LACP_DISABLED (LACP_Enabled) -> PORT_DISABLED > aggr0 ix2: selection logic: unselected (rxm !CURRENT) > aggr0 ix3 rxm: LACP_DISABLED (LACP_Enabled) -> PORT_DISABLED > aggr0 ix3: selection logic: unselected (rxm !CURRENT) > reordering libraries: done. > > after boot aggr status is "no carrier" > sh /etc/netstart isn't helping > > but with ifconfig ix0-ix4 down/up aggr interface start to work normally > > log when doing ifconfig ix0-ix4 down/up just a little follow up: i've tested aggr on two boxes. first box is dell r620 and second one is supermicro SYS-5018D-FN8T. both boxes are connected to dell s4810 switch. Same cables, same ports, same port-channles on switch, timeout fast or slow, both with ix 82599 interfaces ... (x552 ix interfaces are disabled on supermicro box) ... r620 is working without any problems and supermicro box is having same problem as described above... trunk interface are working on both boxes without any problem .. this is fun :)
Re: How to open new window/pane in the current working directory in tmux?
On Fri, Dec 13, 2019 at 03:31:51PM +0100, Bodie wrote: > > > On 13.12.2019 14:47, openbsd-misc-nos...@riseup.net wrote: > > I have next options in tmux.conf: > > > > bind '"' split-window -c "#{pane_current_path}" > > bind % split-window -h -c "#{pane_current_path}" > > bind c new-window -c "#{pane_current_path}" > > > > But it doesn't work anymore. And I can't find working options in Google. > > I tried > > all suggestions from stackexchange and it doesn't work either. What > > working options > > for OpenBSD 6.6? > > Did not know that Google and StackExchange is integrated in OpenBSD > documentation > > In current (after 6.6) there is: > > https://man.openbsd.org/tmux > > pane_path #T Path of pane (can be set by application) > > https://cvsweb.openbsd.org/src/usr.bin/tmux/screen.c (revision 1.56) Could you also explain why using #T or #{pane_path} in place of #{pane_current_path} does not make the keybinding listed above work? Regards, > > Can't see nothing about removal of pane_current_path even in CHANGES on git > so > if something was forgotten or is not BSD specific? > > > > > > > Thanks! -- Andreas (Kusalananda) Kähäri SciLifeLab, NBIS, ICM Uppsala University, Sweden