Re: Go language and pledge exec promises

[Aaron Miller]

On Thu, 2021-01-21 at 17:02 +0100, Omar Polo wrote:
> 
> Kevin Chadwick  writes:
> 
> > On 1/21/21 2:58 PM, Kevin Chadwick wrote:
> > > > >    840 beep CALL  pledge(0xcf4000,0xcae384)
> > > > >    840 beep STRU  promise="stdio rpath wpath cpath
> > > > > dpath tmppath inet mcast fattr chown flock unix d\
> > > > > ns getpw sendfd recvfd tape tty proc exec
> > > > > prot_exec settime ps vminfo id pf route wroute audio v\
> > > > > ideo bpf unveil error"
> > > > >    840 beep STRU  execpromise=""
> > > > >    840 beep RET   pledge 0
> > > > > 
> > > > Whatever you are trying to do is ridiculous.
> > > Absolutely. In fact the program itself is pointless to
> > > pledge, playing a beep to
> > > the speaker. However, I had pledge disabled in my binaries
> > > due to the syscall 74
> > > Go bug that was fixed. This is just testing with the most
> > > permissable settings.
> > > Perhaps that in itself could cause an issue.
> > 
> > Is execpromise="" equivalent to passing null in c as a nil
> > string in Go is
> > initialised to "" (function sig = string)
> > 
> > Perhaps I should ktrace the whacky full promise passsed as
> > execpromise too?
> 
> Sorry if I chime in, but execpromise="" is a whole different
> story from
> execpromise=NULL.
> 
> > A promises value of "" restricts the process to the _exit(2)
> > system
> > call.
> 
> "" is a pointer to a string whose first character is NUL (\0),
> NULL is
> the null pointer.
> 
> I don't know how to convince the go type system to discern
> between nil
> and "", maybe you need something like sql.NullString
> 
> HTH
> 
> Omar Polo
> 

In Go, if you have a function that takes an argument of type
`string`, then it can't accept nil. In cases where "no string at
all" needs to be distinguished from "empty string", then I would
use `*string` as an argument type.

This makes me think this pledge function needs to take a `*string`
instead of just `string`.

--Aaron

Re: boot_config(8) man page issue; and possibly openbsd.org/report.html

[Nick Holland]

On 1/24/21 4:02 PM, Andrew Easton wrote:
  ...> The boot_config(8) man page reads:


The Ethernet card is not detected at boot because the
kernel configuration does not match the physical
hardware configuration, e.g.  wrong IRQ in
OpenBSD/i386.  [...]
UKC> find ne
[...]
25 ne1 at isa0 port 0x300 size 0 iomem -1 iosiz 0 irq 10 drq -1 drq2 -1 flags 
0x0
[...]
ne1 seems to match the configuration except it uses
IRQ 5 instead of IRQ 10.
[...]
UKC> change ne1
[...]
irq [10] ? 5

   ...

The sentence "ne1 seems to match the configuration
except it uses IRQ 5 instead of IRQ 10" has two
ways of being interpreted: (1) the kernel
configuration is using IRQ 5 and (2) the hardware
configuration is using IRQ 5.



...ISA devices and drivers are complicated and stunningly inconsistent.

IF the developers want to improve this, I would suggest something maybe
more along the lines of:
"The ne(4) driver recognizes a card at port 300 as ne1, but expects
an IRQ of 10.  If your card is actually at port 300, IRQ 5, you can
adjust the driver as follows:"
   [...example...]

Realistically, however, you aren't likely to be very successful with
OpenBSD on an ISA machine; the people who know how to deal with ISA
cards try not to, and the hw that /requires/ them is very slow for modern
OpenBSD.  (I recently gave up on an old, faithful P90 I've used for many
years because it just took too long to just boot, and even it has PCI
slots where NICs "just work").  Also, you are generally better off moving
the HW to match OpenBSD's expectations rather than moving OpenBSD to the
HW, as that will make your next upgrade discouraging.  I'm almost more of
the opinion that this section should be removed rather than tuned up -- I
don't think ISA cards should be encouraged, I don't know that hw that can
use ISA cards should be encouraged, I certainly wouldn't recommend changing
the OS to match the card (though yes, sometimes it is required if you
really insist on using hardware that requires it).

A lot can be written about how to use an ne(4) ISA card with OpenBSD,
a lot can be written about ep(4), ec(4), we(4), but they can all be
summed up as, "here's a nickel kid, get yourself a less old computer".

Nick.

Re: OpenSMTPD is not sending e-mail.

[latincom]

Hello misc@

From smtpd.conf Man Page:
"EXAMPLES

The default smtpd.conf file which ships with OpenBSD listens on the 
loopback network interface (lo0) and allows for mail from users and 
daemons on the local machine, as well as permitting email to remote 
servers. Some more complex configurations are given below."


It had worked for many years; but this time OpenBSD 6.8; server and 
Laptop, are not working as the man page says.


I did an empiric test, because i am not qualified for a real test.

Both are not able to send messages (e-mails), to other machines.
The message at maillog is the same:

result="TempFail" stat="Network error on destination MXs"

I did 2 clean installations; one server, and one laptop; then i sended 
one message from server to Laptop, and viceverse. The message in both is 
the same. It was after this change in smtpd.conf:


match from any for domain "agroena.org" action "local_mail"

If i send an e-mail from other machine, it is received correctly. Is it 
possible that something is wrong in my installations?


Thanks for your attention.

On 2021-01-21 10:16 a.m., latincom wrote:

Thanks for your answer, it is my DNS:

Type Name Value TTL Actions
a @ 45.77.204.237 1/2 Hour Edit
a mail 45.77.204.237 1 Hour Edit
cname www @ 1 Hour Edit
cname _domainconnect _domainconnect.gd.domaincontrol.com 1 
Hour Edit

mx @ mail.agroena.org (Priority: 0) 1 Hour Edit
ns @ ns61.domaincontrol.com 1 Hour
ns @ ns62.domaincontrol.com 1 Hour
soa @ Primary nameserver: ns61.domaincontrol.com. 1 Hour

Full reference to 1 e-mail sended:

Jan 21 17:13:47 sophie smtpd[41216]: smtp-out: Disabling route [] <-> 
199.185.178.25 (mail.openbsd.org) for 15s
Jan 21 17:13:47 sophie smtpd[41216]: smtp-out: No valid route for 
[connector:[]->[relay:openbsd.org,smtp],0x0]
Jan 21 17:13:48 sophie smtpd[41216]: smtp-out: Enabling route [] <-> 
209.85.232.27 (qt-in-f27.1e100.net)
Jan 21 17:13:53 sophie smtpd[41216]:  mta delivery 
evpid=7465b44496df9b1a from= 
to= rcpt=<-> source="-" relay="openbsd.org" 
delay=1d4h28m1s result="TempFail" stat="Network error on destination MXs"



On 2021-01-20 11:49 p.m., Martijn van Duren wrote:

You haven't given much log output, but "Network error on destination
MXs" usually indicates something like DNS or network issues.

Considering it states relay="openbsd.org", where it should be
"mail.openbsd.org" my best guess is DNS issues.

martijn@

On Wed, 2021-01-20 at 17:04 -0800, latincom wrote:

I read the archives of OpenSMTPD, and found 2 messages related to ssl,
nothing more. Can someone give me an advise where to look, please?

did something stupid, maybe:
I forgot, that the installer, ask for a name; then i wrote a name, which
later change to a fqdn; according to man page; declared it in hosts and
myname!

  From Log:
mta delivery evpid=7465b44496df9b1a from=
to= rcpt=<-> source="-" relay="openbsd.org"
delay=11h8m1s result="TempFail" stat="Network error on destination MXs"

smtp.conf:
#   $OpenBSD: smtpd.conf,v 1.14 2019/11/26 20:14:38 gilles Exp $

# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information.

table aliases file:/etc/mail/aliases

listen on socket

# To accept external mail, replace with: listen on all
#
listen on all

action "local_mail" mbox alias 
action "outbound" relay

# Uncomment the following to accept external mail for domain 
"example.org"

#
match from any for domain "agroena.org" action "local_mail"
match from local for local action "local_mail"
match from local for any action "outbound"

ssl:
m# ls -l /etc/ssl/
total 764
-r--r--r--  1 root  bin    350172 Oct  4 23:47 cert.pem
-r--r--r--  1 root  wheel    3791 Jan 10 23:57 fullchain.pem
-rw-r--r--  1 root  wheel    2703 Oct  4 23:47 ikeca.cnf
-r--r--r--  1 root  bin   745 Oct  4 23:47 openssl.cnf
drwx--  2 root  wheel 512 Jan 10 23:57 private
-r--r--r--  1 root  bin  1006 Oct  4 23:47 x509v3.cnfatch from local

Re: NIC Port L2 Switching capability

[Kaya Saman]

Thanks a lot Tom for your response.


Perhaps I wasn't quite clear in what I am trying to achieve?


When I say trunk, I meant from a switch perspective as in a 802.1Q trunk 
port on a switch.



I think I got mixed up with the OpenBSD terminology since it is slightly 
different:



TRUNK(4) Device Drivers Manual    
TRUNK(4)


NAME
 trunk - link aggregation and link failover interface


Of course different vendors call this differently and would be more like 
EtherChannel in Cisco terminology.



So now I just need to find out how the switch interface works in OpenBSD 
and see if I can get it working with 802.1q tagging and the rest of the 
L2 networking protocols.



Regards,


Kaya


On 1/25/21 10:51 PM, Tom Smyth wrote:

Hi Kaya

you need to create   a bridge interface and add the interfaces you 
want to switch packets between into the bridge,


man bridge
man switch
man ifconfig
will give you the information you need,


trunk is a bonding / team  / fail over interface and not for switching

because you are using a virtualisation platform you need to be wary of 
hypervisor / virtualisation network stack  Security features / hacks / 
shortcuts
some hypervisors filter traffic comming from a vm which has a 
different source mac to the mac assigned to the vm network card  by 
the hyper-visor  and somehypervispors will only switch traffic to a vm 
if the destination mac is the same as the mac of the virtual machine 
network card


all the best



On Mon, 25 Jan 2021 at 22:06, Kaya Saman > wrote:


Hi,


I'm wondering if it's possible to get OpenBSD to make the NIC
ports act
like a layer 2 switch?


I made a quick test in VirtualBox (unfortunately I don't have any
bare
bones systems free to test with) and tried the following:


create two systems, one called router , the other called client


create vlans: vlan1, vlan2, vlan3


create trunk interfaces on 3x virtual NIC's: trunk0 (em0), trunk1
(em1),
trunk2 (em2)


I then added the vlans to trunk0 by setting the vlandev to trunk0
in the
hostname.if files.


Of course a basic router-on-a-stick method like the above works
fine but
if I wanted the 3 vlans to also be on the trunk1 interface in a
similar
way to provisioning an L2 switch how would I go about it?


I attempted to bridge trunk0 and trunk1. The result I got was that
dhcp
worked and the client was able to get an IPv4 address, I also had
multicast traffic working when dynamically sending the client routes
through OpenOSPF, as in I could see OSPFv2-hello and OSPFv2-dd
packets
being sent to 224.0.0.5 .

What didn't work was ICMP packets were not being seen on the router
systems NIC when I tried to use the ping command and in addition the
OSPF routes would not propagate either.

If I changed the virtual configuration back to trunk0 then everything
worked as expected. It may just be a limitation of Vbox?


In the meantime I have been looking at the docs:

https://www.openbsd.org/papers/bsdcan2016-switchd.pdf


https://man.openbsd.org/switch 


for the switch interface but is this really what I need here?


Has anyone tried and succeeded with this kind of config?


My main reason for wanting to use something like this is that I
want to
add a 10GbE NIC and switch into my production router platform while
still keeping the same setup going to the 1GbE switch which is
running
in a 4-port LACP trunk.



Of course an alternate would be to link the 1GbE switch to the 10GbE
switch and do things that way, but the above would be more practical
from a cabling sense.



Has anyone got any ideas?


Thanks a lot!


Kaya





--
Kindest regards,
Tom Smyth.

Re: NIC Port L2 Switching capability

[Tom Smyth]

Hi Kaya

you need to create   a bridge interface and add the  interfaces you want to
switch packets between into the bridge,

man bridge
man switch
man ifconfig
will give you the information you need,


trunk is a bonding / team  / fail over interface and not for switching

because you are using a virtualisation platform you need to be wary of
hypervisor / virtualisation network stack  Security features / hacks /
shortcuts
some hypervisors filter traffic comming from a vm which has a different
source mac to the mac assigned to the vm network card  by the hyper-visor
and somehypervispors will only switch traffic to a vm if the destination
mac is the same as the mac of the virtual machine network card

all the best



On Mon, 25 Jan 2021 at 22:06, Kaya Saman  wrote:

> Hi,
>
>
> I'm wondering if it's possible to get OpenBSD to make the NIC ports act
> like a layer 2 switch?
>
>
> I made a quick test in VirtualBox (unfortunately I don't have any bare
> bones systems free to test with) and tried the following:
>
>
> create two systems, one called router , the other called client
>
>
> create vlans: vlan1, vlan2, vlan3
>
>
> create trunk interfaces on 3x virtual NIC's: trunk0 (em0), trunk1 (em1),
> trunk2 (em2)
>
>
> I then added the vlans to trunk0 by setting the vlandev to trunk0 in the
> hostname.if files.
>
>
> Of course a basic router-on-a-stick method like the above works fine but
> if I wanted the 3 vlans to also be on the trunk1 interface in a similar
> way to provisioning an L2 switch how would I go about it?
>
>
> I attempted to bridge trunk0 and trunk1. The result I got was that dhcp
> worked and the client was able to get an IPv4 address, I also had
> multicast traffic working when dynamically sending the client routes
> through OpenOSPF, as in I could see OSPFv2-hello and OSPFv2-dd packets
> being sent to 224.0.0.5 .
>
> What didn't work was ICMP packets were not being seen on the router
> systems NIC when I tried to use the ping command and in addition the
> OSPF routes would not propagate either.
>
> If I changed the virtual configuration back to trunk0 then everything
> worked as expected. It may just be a limitation of Vbox?
>
>
> In the meantime I have been looking at the docs:
>
> https://www.openbsd.org/papers/bsdcan2016-switchd.pdf
>
> https://man.openbsd.org/switch
>
>
> for the switch interface but is this really what I need here?
>
>
> Has anyone tried and succeeded with this kind of config?
>
>
> My main reason for wanting to use something like this is that I want to
> add a 10GbE NIC and switch into my production router platform while
> still keeping the same setup going to the 1GbE switch which is running
> in a 4-port LACP trunk.
>
>
>
> Of course an alternate would be to link the 1GbE switch to the 10GbE
> switch and do things that way, but the above would be more practical
> from a cabling sense.
>
>
>
> Has anyone got any ideas?
>
>
> Thanks a lot!
>
>
> Kaya
>
>
>
>

-- 
Kindest regards,
Tom Smyth.

NIC Port L2 Switching capability

[Kaya Saman]

Hi,


I'm wondering if it's possible to get OpenBSD to make the NIC ports act 
like a layer 2 switch?



I made a quick test in VirtualBox (unfortunately I don't have any bare 
bones systems free to test with) and tried the following:



create two systems, one called router , the other called client


create vlans: vlan1, vlan2, vlan3


create trunk interfaces on 3x virtual NIC's: trunk0 (em0), trunk1 (em1), 
trunk2 (em2)



I then added the vlans to trunk0 by setting the vlandev to trunk0 in the 
hostname.if files.



Of course a basic router-on-a-stick method like the above works fine but 
if I wanted the 3 vlans to also be on the trunk1 interface in a similar 
way to provisioning an L2 switch how would I go about it?



I attempted to bridge trunk0 and trunk1. The result I got was that dhcp 
worked and the client was able to get an IPv4 address, I also had 
multicast traffic working when dynamically sending the client routes 
through OpenOSPF, as in I could see OSPFv2-hello and OSPFv2-dd packets 
being sent to 224.0.0.5 .


What didn't work was ICMP packets were not being seen on the router 
systems NIC when I tried to use the ping command and in addition the 
OSPF routes would not propagate either.


If I changed the virtual configuration back to trunk0 then everything 
worked as expected. It may just be a limitation of Vbox?



In the meantime I have been looking at the docs:

https://www.openbsd.org/papers/bsdcan2016-switchd.pdf

https://man.openbsd.org/switch


for the switch interface but is this really what I need here?


Has anyone tried and succeeded with this kind of config?


My main reason for wanting to use something like this is that I want to 
add a 10GbE NIC and switch into my production router platform while 
still keeping the same setup going to the 1GbE switch which is running 
in a 4-port LACP trunk.




Of course an alternate would be to link the 1GbE switch to the 10GbE 
switch and do things that way, but the above would be more practical 
from a cabling sense.




Has anyone got any ideas?


Thanks a lot!


Kaya

divert-packet performance

[Goksel Ozgurman]

Hello OpenBSD devs and users,



As a FreeBSD user for 11 years, I have switched to OpenBSD. Thank you to the 
entire OpenBSD team for providing such a simple planned secure architecture.

In particular, the default networking features are comparable to commercial 
products.

I am absolutely aware that this is a great blessing. For software developers 
like me, all that's left is to code.

I can't tell you how much I enjoyed reading the amazing cvs logs of OpenBSD's 
valuable developers on MP topics such as 'Big Lock', 'Kernel Lock', 'Net Lock', 
'PF Lock' and seeing improvements in 'multiqueue nic'.

I guess soon the OpenBSD team will give us a big revolution in performance. 
While these are mentioned in the Tech list, I think the divert-packet feature 
also needs a code revision.

Because I can simply say:

I have a simple url filter software written in Rust. This software is 
unfortunately more successful under FreeBSD.

You will say that you contribute by sending code instead of talking. However, 
it is not possible for me to write code at kernel level.

But when I get my salary premium, I will definitely donate through the OpenBSD 
Foundation ...


Thank you for reading.

Goksel Ozgurman

Re: Bootloader on USB stick fails with "root device not found"

[Jan Stary]

On Jan 23 23:04:54, tetrahe...@danwin1210.me wrote:
> If I boot from the standard bootloader on the FDE encrypted disk itself,
> everything boots fine.

Great.

> I am trying to set up the bootloader on an external
> USB stick to boot my FDE-encrypted disk:

Why? You say you can boot from the disk itself.

Re: auto-boot

[Mihai Popescu]

That short with a metallic wire was just for quick check. It is not
recommended for prolonged usage! It will block any communication on the
RS232 cable. For future usage you still need a resistor.

Re: auto-boot

[Bastien Durel]

Le vendredi 22 janvier 2021 à 23:49 +1000, Stuart Longland a écrit :
> On 21/1/21 7:48 am, Diana Eichert wrote:
> > This is not as hard as you think.  Get a couple (it is good to have
> > extras and they are pretty cheap) RJ45-DB9 adapter, the pins
> > will not be inserted in DB9 connector, therefore you can perform
> > some
> > wire surgery.  Break open the RJ45 side, cut the cables from RJ45
> > connector.
> 
> Another option is to get a DE9 serial cable and chop it in half.
> 
> The big challenge is getting hold of such a beast.  These days if you
> walk into a computer shop and mutter things about serial ports, they
> think you're talking about a place that sailors go for breakfast.
> 
Hello,

Short-circuit pins 3-5 using my DB9 cable as Mihai Popescu said[1]
worked.
Alas, this setup prevent to plug-in the cable on the other side ^^

But this confirm there is an hardware problem.

So if I understand well, I have to buy 2 of these[2], add a short-
circuit between pins in one side, and connet them with an ethernet
cable ?

Thanks,


[1] https://corrin.geekwu.org/owncloud/index.php/s/fwPmq2CbyTy5mEX

[2] 
https://www.amazon.fr/StarTech-com-Adaptateur-modulaire-RS232-RS422/dp/B6IRQA/

-- 
Bastien

Re: amdgpu unstable atm

[rgc]

On Sun, Jan 24, 2021 at 07:19:36AM +0900, rgc wrote:
> On Sat, Jan 23, 2021 at 08:49:13PM +0900, rgc wrote:
> > On Fri, Jan 22, 2021 at 08:33:37PM +0900, rgc wrote:
> > > misc@
> > > 
> > > sharing some information for the devs
> > > 
> > > just did a sysupgrade of a -current amd64 machine
> > > X (only, sent me back to login screen of xenodm) crashed 2x already
> > > running only dwm and firefox-esr
> > > 
> > > machine is:
> > > hw.vendor=ASUSTeK COMPUTER INC.
> > > hw.product=Zephyrus G GU502DU_GA502DU
> > > 
> > > iGPU is:
> > > amdgpu0: PICASSO 10 CU rev 0x01
> > > 
> > > dmesg error:
> > > [drm] *ERROR* ring sdma0 timeout, signaled seq=402, emitted seq=402
> > > [drm] *ERROR* Process information: process  pid 0 thread Xorg pid 50457
> > > [drm] *ERROR* ring gfx timeout, but soft recovered
> > > [drm] *ERROR* Error in DP aux read transaction, not writing source 
> > > specific data
> > > [drm] *ERROR* ring sdma0 timeout, signaled seq=1197, emitted seq=1197
> > > [drm] *ERROR* Process information: process  pid 0 thread  pid 0
> > > [drm] *ERROR* Error in DP aux read transaction, not writing source 
> > > specific data
> > > 
> > > others:
> > > amdgpu-firmware-20201218 firmware binary images for amdgpu(4) driver
> > > 
> > > kern.version=OpenBSD 6.8-current (GENERIC.MP) #286: Thu Jan 21 09:31:59 
> > > MST 2021
> > > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> > > 
> > > ~ rgc
> > > 
> > 
> > no crashes yet with:
> > 
> > kern.version=OpenBSD 6.8-current (GENERIC.MP) #288: Fri Jan 22 13:36:58 MST 
> > 2021
> > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> > 
> > ~ rgc
> > 
> 
> misc@
> 
> kept the machine running overnight
> stterm and firefox-esr (static websites) running. looked good.
> 
> this morning i went to github to cleanup some personal projects
> after a few minutes, firefox-esr stopped responding.
> can not switch to stterm on another pane (ALT-1)
> 
> network connectivity was still OK.
> last messages on dmesg:
> 
> wsdisplay0: screen 1-5 added (std, vt100 emulation)
> [drm] *ERROR* Error in DP aux read transaction, not writing source specific 
> data
> [drm] *ERROR* Error in DP aux read transaction, not writing source specific 
> data
> 
> remotely, i tried killing process one by one. firefox-esr, xenodm, lastly X 
> itself.
> got a blank screen on the Asus, but i could get the console. started xenodm 
> and
> now working again.
> 
> ~ rgc
> 

misc@

pkg_add -u; sysupgrade -ks this morning
i see firefox-esr pull a new gtk (iirc) build ... quirks-3.517
on firefox is visualsource.net playing commit videos
seems to be working good now ... and it seems firefox is more snappier

i still see these on xconsole
> [drm] *ERROR* Error in DP aux read transaction, not writing source specific 
> data
> [drm] *ERROR* Error in DP aux read transaction, not writing source specific 
> data
but no hangs or crashes at the moment.

~ rgc