Re: SSH Controlmaster holding devices
Thus said Courtney on Mon, 05 Feb 2024 12:55:20 -0800: > I wasn't aware that it would still be impacted when leaving the cwd. Your shell "left the cwd" but the SSH process did not. In other words, don't start processes from a mount point that you expect to be able to unmount later (or kill them first). Andy
Re: Proper way to set PATH environment with SSH non-interactive command
Thus said "Andy Bradford" on 04 Feb 2024 08:39:27 -0700: > But is there a file that I can modify that will cause the shell proper > to load some kind of environment setup also for non-interactive shells > started with -c? [For the archives] As it turns out, given that the shell does not itself read any profile configuration files for non-interactive shells, I can just update /etc/login.conf using ~/bin in the path: default:\ :path=~/bin /usr/bin /bin /usr/sbin /sbin /usr/X11R6/bin /usr/local/bin /usr/local/sbin:\ Before: $ ssh localhost env | grep PATH amb@localhost's password: PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin After: $ ssh localhost env | grep PATH amb@localhost's password: PATH=/home/amb/bin:/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin Arguably, this could be done for a class that is assigned to different users for which this should apply so not everyone has this. Also, this does not impact interactive shells because, well, interactive shells read ~/.profile and consequently ENV applies. Andy
Re: Proper way to set PATH environment with SSH non-interactive command
Thus said "Allan Streib" on Sun, 04 Feb 2024 20:54:26 -0500: > Just send the full path to your script in the ssh command, and set up > the rest of the environment within the script. Yes, this too is an option. It may actually be the best option in my opinion. If the user knows that their binary is found in a non-standard path, then the simplest thing is to specify the full path to the binary and leave the environment alone. Thanks, Andy
Re: Proper way to set PATH environment with SSH non-interactive command
Thus said Kastus Shchuka on Sun, 04 Feb 2024 13:40:58 -0800: > SetEnv Directly specify one or more environment variables and their > contents to be sent to the server. Thank you this option looks like it could also work, except it's not one of which a user with no permissions can take advantage as the AcceptEnv option is disabled by default on most servers I imagine. So, while a normal user can set the environment for interactive shells, it seems that for non-interactive shells, the only viable solution is to prepend each command with the environment to be set (I see nothing in ksh(1) that suggests that the environment of non-interactive shells are under the control of the user). Also, I don't seem to be succesful in making SetEnv (or SendEnv) work. I've reconfigured (and restarted) sshd_config to have: AcceptEnv PATH Then I configured ~/.ssh/config with: Host localhost SetEnv PATH=/home/amb/bin:/bin:/usr/bin:/usr/local/bin When I run "ssh -v localhost env" I can see that the client sends the path: debug1: channel 1: setting env PATH = "/home/amb/bin:/bin:/usr/bin:/usr/local/bin" debug1: Sending command: env But env reports the following PATH: PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/X11R6/bin:/usr/local/bin:/usr/local/sbin I also tried using SendEnv but while the client sends the environment, the server seems to ignore it, even if I set the AcceptEnv pattern to *. # sshd -T -C user=amb,host=localhost | grep acceptenv acceptenv PATH When I run "sshd -d -d" I see the following in the output: debug2: Setting env 0: PATH=/home/amb/bin:/bin:/usr/bin:/usr/local/bin So it certainly looks like the server is accepting the path, however, env still reports a different path. Is this perhaps a bug? Maybe step 5 in LOGIN PROCESS is overwriting the PATH that was sent and received by the server? This is on OpenBSD 7.4. Thanks, Andy
Proper way to set PATH environment with SSH non-interactive command
Hello, When using SSH to invoke a remote command via the syntax: ssh remotehost remotecommand The $HOME/.profile is not used and there appears to be a very minimal environment setup. The PATH does not include any components that have been added in .profile. This is probably what step 5 in the LOGIN PROCESS is all about: http://man.openbsd.org/sshd#LOGIN_PROCESS According to the man page for sshd(8): After this, the client either requests an interactive shell or execution of a non-interactive command, which sshd will execute via the user's shell using its -c option. So in the case where an interactive shell is chosen, the PATH will be set according to .profile, but in the case where a non-interactive command is chosen, a shell is invoked with -c. So I have a script in $HOME/bin (which is defined in PATH normally in .profile) which I can run when logged in interactively: $ helloworld HELLO WORLD But when I try to run it as a non-interactive command, it fails: $ ssh localhost helloworld amb@localhost's password: ksh: helloworld: not found Obviously, one way to do this is by calling the command like: $ ssh localhost PATH=\$HOME/bin:\$PATH helloworld amb@localhost's password: HELLO WORLD This works and can be seen in ssh -v output as: debug1: Sending command: PATH=$HOME/bin:$PATH helloworld But is there a file that I can modify that will cause the shell proper to load some kind of environment setup also for non-interactive shells started with -c? sshd does have PermitUserEnvironment and that works, however, it's not enabled by default and it's not a function of the SHELL proper. From a user perspective, it seems that the user only has control of the environment when using interactive shells and there is no way to control the environment for non-interactive shells (from the remote side). Are these the only 2 options (PermitUserEnvironment or prepend the command with the environment) or is there something I'm missing from ksh(1)? Thanks, Andy
Re: qcad does not segfault when qtscript is compiled with -O0.
Thus said Stuart Henderson on Tue, 26 Dec 2023 23:25:42 +: > This was already diagnosed and fixed in -current, see > https://marc.info/?l=openbsd-ports=170160684730438=2 Indeed it was. While I do follow ports@ I must not have noticed because I only recently discovered the association with qtscript and -O0 today. Thanks for the response. Andy
qcad does not segfault when qtscript is compiled with -O0.
Hello, A little over a year ago I reported[1] that qcad started having segfaults in 7.0 (or 7.1). I thought I would try to debug it today in 7.4 and so enabled DEBUG_PACKAGES and DEBUG variables in the cad/qcad Makefile and also the x11/qt5/qtscript Makefile hoping to debug the segfault. In the Makefile for both I set: DEBUG_PACKAGES= ${BUILD_PACKAGES} DEBUG= -O0 -g Then I built the packages, installed them and their debug packages and hoped to capture a segfault, but it doesn't crash. Apparently enabling -O0 in qtscript's Makefile makes it not crash. To test that hypothesis, I commented out the DEBUG line completely and rebuilt qtscript with just the defaults that DEBUG_PACKAGES inherits and sure enough, after installing that qtscript package built with -O2 qcad again crashes. (gdb) bt #0 0x03eae2f9a990 in QScriptEnginePrivate::mark (this=0x3eb4af54a80, markStack=...) at /usr/ports/pobj/qtscript-5.15.10/qtscript-everywhere-src-5.15.10/src/script/api/qscriptengine.cpp:1320 #1 0x03eae2f14d6c in QTJSC::Heap::markRoots (this=0x3ea8c2129e8) at /usr/ports/pobj/qtscript-5.15.10/qtscript-everywhere-src-5.15.10/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Collector.cpp:1167 #2 0x03eae2f13ac5 in QTJSC::Heap::reset (this=0x3ea8c2129e8) at /usr/ports/pobj/qtscript-5.15.10/qtscript-everywhere-src-5.15.10/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Collector.cpp:1269 #3 QTJSC::Heap::allocate (this=0x3ea8c2129e8, s=) at /usr/ports/pobj/qtscript-5.15.10/qtscript-everywhere-src-5.15.10/src/3rdparty/javascriptcore/JavaScriptCore/runtime/Collector.cpp:405 #4 0x03eae2fa3ac2 in QTJSC::JSCell::operator new (size=56, exec=) at /usr/ports/pobj/qtscript-5.15.10/qtscript-everywhere-src-5.15.10/src/3rdparty/javascriptcore/JavaScriptCore/runtime/JSCell.h:167 #5 QScriptEnginePrivate::newVariant (this=0x3eb4af54a80, value=...) at /usr/ports/pobj/qtscript-5.15.10/qtscript-everywhere-src-5.15.10/src/script/api/qscriptengine.cpp:1797 #6 0x03eae2fa51b5 in QScriptEngine::newVariant (this=, value=...) at /usr/ports/pobj/qtscript-5.15.10/qtscript-everywhere-src-5.15.10/src/script/api/qscriptengine.cpp:2233 #7 0x03eade54f63f in qtscript_create_Qt_Axis_class (engine=0x3eaf5f91770, clazz=...) at ../../generated_cpp/com_trolltech_qt_core/qtscript_Qt.cpp:4157 #8 0x03eade5445ee in qtscript_create_Qt_class (engine=0x3eaf5f91770) at ../../generated_cpp/com_trolltech_qt_core/qtscript_Qt.cpp:8386 #9 0x03eade62a327 in qtscript_initialize_com_trolltech_qt_core_bindings (extensionObject=...) at ../../generated_cpp/com_trolltech_qt_core/com_trolltech_qt_core_init.cpp:312 #10 0x03eade3a1d9e in com_trolltech_qt_core_ScriptPlugin::initialize (this=0x3eabb1f6100, key=..., engine=0x3eaf5f91770) at plugin.cpp:21 #11 0x03eae2fabdf9 in QScriptEngine::importExtension (this=0x3eaf5f91770, extension=...) at /usr/ports/pobj/qtscript-5.15.10/qtscript-everywhere-src-5.15.10/src/script/api/qscriptengine.cpp:3769 #12 0x03ea8abc35ab in RScriptHandlerEcma::RScriptHandlerEcma (this=0x3eabb1e94e0) at RScriptHandlerEcma.cpp:434 #13 0x03ea8abd4919 in RScriptHandlerEcma::factory () at RScriptHandlerEcma.cpp:1074 #14 0x03ead8eb2c3e in RScriptHandlerRegistry::createScriptHandler (extension=...) at RScriptHandlerRegistry.cpp:67 #15 0x03ead8eb2caf in RScriptHandlerRegistry::getGlobalScriptHandler (extension=...) at RScriptHandlerRegistry.cpp:76 #16 0x03e87ec05021 in main (argc=1, argv=0x7b524ae78618) at main.cpp:389 (gdb) list 1315} 1316 1317if (q) { 1318QScriptContext *context = q->currentContext(); 1319 1320while (context) { 1321JSC::ScopeChainNode *node = frameForContext(context)->scopeChain(); 1322JSC::ScopeChainIterator it(node); 1323for (it = node->begin(); it != node->end(); ++it) { 1324JSC::JSObject *object = *it; Stepping through with -O2, it seems to go through one or two iterations of a while loop and then crashes: (gdb) print context $8 = (QScriptContext *) 0xf0800cd3288 (gdb) print *context $9 = {d_ptr = 0x1} (gdb) next 1323for (it = node->begin(); it != node->end(); ++it) { (gdb) 1324JSC::JSObject *object = *it; (gdb) 1325if (object) (gdb) 1326markStack.append(object); (gdb) 1323for (it = node->begin(); it != node->end(); ++it) { (gdb) 1329context = context->parentContext(); (gdb) 1320while (context) { (gdb) print context $10 = (QScriptContext *) 0x1 (gdb) next Thread 1 received signal SIGSEGV, Segmentation fault. 0x0f07f754b990 in QScriptEnginePrivate::mark (this=0xf079205c480, markStack=...) at /usr/ports/pobj/qtscript-5.15.10/qtscript-everywhere-src-5.15.10/src/script/api/qscriptengine.cpp:1320 1320while
Re: Delay in starting xterm via ssh after upgrade from 7.3 to 7.4
Thus said Roger Marsh on Thu, 19 Oct 2023 17:23:47 -: > fixes the delay problem, but was the delay a predictable consequence > of some change? Or perhaps the entry should never have been expressed > in the way that led to the delay? Most likely the cause is an unexpected side effect of some other change. There have been some interesting changes to SSH with this release, perhaps try disabling: http://man.openbsd.org/OpenBSD-7.4/ssh_config#ObscureKeystrokeTiming I would be surprised if this is actually the cause, but it is a change that was introduced and something that is easily tested. You could also look through: http://www.openbsd.org/plus74.html See if any of the changes stand out as relevant and try to test them. Andy
Re: SCRIPT_FILENAME not set to index file.
Thus said "Andy Bradford" on 19 Aug 2023 08:44:23 -0600: > location "/books/*" { > fastcgi socket "/run/tcl.sock" > directory { index "index.tcl" } > } Responding to self for the archives in case someone runs into a similar challenge. I think I've figured out the problem. I was combining too many options into a single "location" rule. This works as expected: location "/books/index.tcl" { fastcgi socket "/run/tcl.sock" } location "/books/" { directory { index "index.tcl" } } location "/books/*.tcl" { block } Sorry for the noise. Andy
SCRIPT_FILENAME not set to index file.
Hello, I have the following configuration in httpd.conf: location "/books/*" { fastcgi socket "/run/tcl.sock" directory { index "index.tcl" } } When I put the URL into my browser https://localhost/books/ I get a 500 Internal Server Error. Looking at the slowcgi logs, I see the following being set: 2023-08-19 08:35:18.157737500 slowcgi: env[2], SCRIPT_FILENAME=/vhosts/ssl/books/ ... 2023-08-19 08:35:18.157950500 slowcgi: fork: /vhosts/ssl/books/ 2023-08-19 08:35:18.158928500 slowcgi: wait: /vhosts/ssl/books/ And in the httpd log I find: slowcgi: execve /vhosts/ssl/books/: Permission denied I notice that if I put the full URL in my browser as https://localhost/books/index.html it works fine as can be seen from this log entry: 2023-08-19 08:38:58.806406500 slowcgi: env[2], SCRIPT_FILENAME=/vhosts/ssl/books/index.tcl Is there some confirmation I'm missing to make httpd construct the SCRIPT_FILENAME properly when using a directory index? Also, I notice that if I put the URL https://localhost/books/bogus.html I don't get a 404 or 403 but instead get a 500 and the SCRIPT_FILENAME is again set to /vhosts/ssl/books. I suspect there's something missing in my reading of the man page. Thanks, Andy
Re: IPsec "road warrior" VPN not getting set up properly.
Thus said Anthony Coulter on Thu, 06 Jul 2023 21:52:54 -0400: > I would also suggest comparing the "hackiness" of NDP proxying to the > hackiness of NAT, which is how we solve this same problem in IPv4. I realize I'm coming in late to this discussion, and may not actually have anything of value to add, but... I'm not sure how NDP proxying and NAT are related at all. I seems to me that NDP proxying is more akin to proxy ARP than NAT: http://man.openbsd.org/arp#s Andy
qcad segfault on 7.1 amd64
Hello, I was running qcad without problems on 6.9 and decided to upgrade to 7.1. After upgrading from 6.9->7.0->7.1 qcad now segfaults. $ qcad QCAD version 3.24.3 Warning: RPropertyTypeId::generateId: property already initialized: 7RObject : "" : "Invisible" Segmentation fault Unfortunately it does not leave a core file (ulimit -c is "unlimited"): I installed gdb to see if that would provide any info (of course without symbols it may not be as helpful): (gdb) run Starting program: /usr/local/bin/qcad QCAD version 3.24.3 Warning: RPropertyTypeId::generateId: property already initialized: 7RObject : "" : "Invisible" [New thread 291749] [New thread 341567] Thread 1 received signal SIGSEGV, Segmentation fault. 0x00e806e924e0 in QScriptEnginePrivate::mark(QTJSC::MarkStack&) () from /usr/local/lib/qt5/libQt5Script.so.3.0 (gdb) bt #0 0x00e806e924e0 in QScriptEnginePrivate::mark(QTJSC::MarkStack&) () from /usr/local/lib/qt5/libQt5Script.so.3.0 #1 0x00e806e0db6c in QTJSC::Heap::markRoots() () from /usr/local/lib/qt5/libQt5Script.so.3.0 #2 0x00e806e0c905 in QTJSC::Heap::allocate(unsigned long) () from /usr/local/lib/qt5/libQt5Script.so.3.0 #3 0x00e806e9b4ee in QScriptEnginePrivate::newVariant(QVariant const&) () from /usr/local/lib/qt5/libQt5Script.so.3.0 #4 0x00e806e9cb71 in QScriptEngine::newVariant(QVariant const&) () from /usr/local/lib/qt5/libQt5Script.so.3.0 #5 0x00e7e648c3b1 in qtscript_create_Qt_class(QScriptEngine*) () from /usr/local/share/qcad/plugins/script/libqtscript_core.so.1.0 #6 0x00e7e65315f9 in qtscript_initialize_com_trolltech_qt_core_bindings(QScriptValue&) () from /usr/local/share/qcad/plugins/script/libqtscript_core.so.1.0 #7 0x00e7e6390b43 in non-virtual thunk to com_trolltech_qt_core_ScriptPlugin::initialize(QString const&, QScriptEngine*) () from /usr/local/share/qcad/plugins/script/libqtscript_core.so.1.0 #8 0x00e806ea3719 in QScriptEngine::importExtension(QString const&) () from /usr/local/lib/qt5/libQt5Script.so.3.0 #9 0x00e7881d2eb0 in RScriptHandlerEcma::RScriptHandlerEcma() () from /usr/local/lib/libqcadecmaapi.so.1.0 #10 0x00e7881dee8b in RScriptHandlerEcma::factory() () from /usr/local/lib/libqcadecmaapi.so.1.0 #11 0x00e7defcb0cd in RScriptHandlerRegistry::createScriptHandler(QString const&) () from /usr/local/lib/libqcadcore.so.1.0 #12 0x00e7defcb1fe in RScriptHandlerRegistry::getGlobalScriptHandler(QString const&) () from /usr/local/lib/libqcadcore.so.1.0 #13 0x00e57ffd0393 in ?? () #14 0x00e57ffcf6a2 in ?? () #15 0x in ?? () (gdb) (gdb) quit A debugging session is active. Inferior 1 [process 56629] will be killed. Quit anyway? (y or n) n Not confirmed. (gdb) next Single stepping until exit from function _ZN20QScriptEnginePrivate4markERN5QTJSC9MarkStackE, which has no line number information. Program terminated with signal SIGSEGV, Segmentation fault. The program no longer exists. (gdb) quit I tried to build the port by altering the Makefile by adding: DEBUG_PACKAGES =${BUILD_PACKAGES} But it failed to build the package: > Extracting debug info from > /usr/ports/pobj/qcad-3.24.3.0/fake-amd64/usr/local/share/qcad/plugins/imageformats/libqgif.so Warning: no debug-info in /usr/ports/pobj/qcad-3.24.3.0/fake-amd64/usr/local/share/qcad/plugins/imageformats/libqgif.so dwz: /usr/ports/pobj/qcad-3.24.3.0/fake-amd64/usr/local/share/qcad/plugins/imageformats/.debug/libqgif.so.dbg: .debug_info section not present objcopy: /usr/ports/pobj/qcad-3.24.3.0/fake-amd64/usr/local/share/qcad/plugins/imageformats/.debug/libqgif.so.dbg: Invalid operation *** Error 1 in /usr/ports/pobj/qcad-3.24.3.0/fake-amd64 (debug-pkg/Makefile:74 '/usr/ports/pobj/qcad-3.24.3.0/fake-amd64/usr/local/share/qcad/plugins/imageformats/.debug/libqgif.so.dbg') *** Error 2 in . (/usr/ports/infrastructure/mk/bsd.port.mk:3070 '_copy-debug-info': @cd /usr/ports/pobj/qcad-3.24.3.0/fake-amd64 && exec /u...) *** Error 2 in . (/usr/ports/infrastructure/mk/bsd.port.mk:2142 '/usr/ports/packages/amd64/all/qcad-3.24.3.0p2.tgz': @cd /usr/ports/cad/qcad...) *** Error 2 in . (/usr/ports/infrastructure/mk/bsd.port.mk:2628 '_internal-package': @case X${_DEPENDS_CACHE} in X) _DEPENDS_CACHE=$( mktem...) *** Error 2 in /usr/ports/cad/qcad (/usr/ports/infrastructure/mk/bsd.port.mk:2607 'package': @lock=qcad-3.24.3.0p2; export _LOCKS_HELD=" qc...) So I'm not sure how to get debug info. There is also a warning emitted that matches one mentioned in bsd.port.mk(5). I also ran with ktrace and last few lines from kdump are: 1224 qcad NAMI "/usr/local/share/qcad/plugins/script" 1224 qcad STRU struct stat { dev=1030, ino=2074515, mode=drwxr-xr-x , nlink=2, uid=0<"root">, gid=0<"wheel">, rdev=8307245, atime=1660173220<"Aug 10 17:13:40 2022">.010414261, mtime=1659727243<"Aug 5 13:20:43 2022">.312048317, ctime=1659727243<"Aug 5 13:20:43 2022">.312048317, size=512,
Re: No xenocara for ATI Radeon HD 2400 XT
Thus said Jonathan Gray on Mon, 10 Aug 2020 23:54:54 +1000: > For now we could just skip reading a disabled bios on RV610. Thanks, that tweak seems to have gotten past the problem and now X will start: initializing kernel modesetting (RV610 0x1002:0x94C1 0x1028:0x0D02 0x00). radeondrm0: 1680x1050, 32bpp wsdisplay0 at radeondrm0 mux 1: console (std, vt100 emulation), using wskbd0 wskbd1: connecting to wsdisplay0 wsdisplay0: screen 1-5 added (std, vt100 emulation) I wonder what the difference is between i386 and amd64... Thanks, Andy
Re: No xenocara for ATI Radeon HD 2400 XT
Thus said Jonathan Gray on Sun, 09 Aug 2020 12:39:36 +1000: > When this came up previously running i386 resulted in being able to > read the atombios. Can you confirm that is the case here? Yes, this is the case. I installed OpenBSD 6.7 i386 to the same hardware and there is no error in dmesg and X starts up without requiring machdep.allowaperture to be set. > The drm code in -current/snapshots has been replaced by a new port of > the linux 5.7 code so behaviour there may change. I tried the amd64 current/snapshot from August 8 and it has the same problem. I guess for now I can reinstall with i386 unless there is something else that I should try for debugging. I can provide whatever is needed. Thanks, Andy
No xenocara for ATI Radeon HD 2400 XT
Hello, I put OpenBSD 6.7 on an older PC that used to run OpenBSD 6.3 and X just fine. xenodm refuses to start. Is there something I can do to make this work (edit sources in xenocara or kernel and recompile), or should I just email bugs@? The following is found in dmesg: initializing kernel modesetting (RV610 0x1002:0x94C1 0x1028:0x0D02 0x00). drm:pid0:r600_init *ERROR* Expecting atombios for R600 GPU drm:pid0:radeondrm_attachhook *ERROR* Fatal error during GPU init [TTM] Memory type 2 has not been initialized drm0 detached radeondrm0 detached vga1 at pci1 dev 0 function 0 "ATI Radeon HD 2400 XT" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation), using wskbd0 wskbd1: connecting to wsdisplay0 wsdisplay0: screen 1-5 added (80x25, vt100 emulation) # fw_update -i Installed: radeondrm-firmware-20181218 intel-firmware-20200508v0 What follows are full dmesg, xenodm.log and Xorg.0.log: OpenBSD 6.7 (GENERIC.MP) #5: Tue Jul 21 13:50:07 MDT 2020 r...@syspatch-67-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 3739795456 (3566MB) avail mem = 3613900800 (3446MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf0450 (65 entries) bios0: vendor Dell Inc. version "A04" date 04/19/2006 bios0: Dell Inc. Dell DXP051 acpi0 at bios0: ACPI 3.0 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP SSDT APIC BOOT ASF! MCFG HPET acpi0: wakeup devices VBTN(S4) PCI0(S5) PCI4(S5) PCI2(S5) PCI3(S5) PCI1(S5) PCI5(S5) PCI6(S5) USB0(S3) USB1(S3) USB2(S3) USB3(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Pentium(R) D CPU 3.00GHz, 2993.07 MHz, 0f-06-04 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,CNXT-ID,CX16,xTPR,PDCM,NXE,LONG,LAHF,MELTDOWN cpu0: 2MB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 199MHz cpu0: mwait min=64, max=64 cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Pentium(R) D CPU 3.00GHz, 2992.61 MHz, 0f-06-04 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,CNXT-ID,CX16,xTPR,PDCM,NXE,LONG,LAHF,MELTDOWN cpu1: 2MB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins, remapped acpimcfg0 at acpi0 acpimcfg0: addr 0xf000, bus 0-63 acpimcfg0: addr 0x0, bus 0-0 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 5 (PCI4) acpiprt2 at acpi0: bus 2 (PCI2) acpiprt3 at acpi0: bus -1 (PCI3) acpiprt4 at acpi0: bus 1 (PCI1) acpiprt5 at acpi0: bus 3 (PCI5) acpiprt6 at acpi0: bus 4 (PCI6) acpicpu0 at acpi0: C1(@1 halt!) acpicpu1 at acpi0: C1(@1 halt!) acpibtn0 at acpi0: VBTN acpipci0 at acpi0 PCI0: _OSC failed acpicmos0 at acpi0 pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel 82945G Host" rev 0x00 ppb0 at pci0 dev 1 function 0 "Intel 82945G PCIE" rev 0x00: msi pci1 at ppb0 bus 1 radeondrm0 at pci1 dev 0 function 0 "ATI Radeon HD 2400 XT" rev 0x00 drm0 at radeondrm0 radeondrm0: msi azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x01: msi azalia0: codecs: Sigmatel STAC9220/1 audio0 at azalia0 ppb1 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x01: msi pci2 at ppb1 bus 2 ppb2 at pci0 dev 28 function 4 "Intel 82801G PCIE" rev 0x01: msi pci3 at ppb2 bus 3 ppb3 at pci0 dev 28 function 5 "Intel 82801G PCIE" rev 0x01: msi pci4 at ppb3 bus 4 em0 at pci4 dev 0 function 0 "Intel 82573L" rev 0x01: msi, address 00:13:72:1a:ed:5c uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x01: apic 8 int 21 uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x01: apic 8 int 22 uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x01: apic 8 int 18 uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x01: apic 8 int 23 ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x01: apic 8 int 21 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 ppb4 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xe1 pci5 at ppb4 bus 5 "AT/Lucent FW322 1394" rev 0x61 at pci5 dev 5 function 0 not configured pcib0 at pci0 dev 31 function 0 "Intel 82801GH LPC" rev 0x01 pciide0 at pci0 dev 31 function 1 "Intel 82801GB IDE" rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: removable atapiscsi1 at pciide0 channel 0 drive 1 scsibus2 at atapiscsi1: 2 targets cd1 at scsibus2 targ 0 lun 0: removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
Re: radeondrm failure on amd64 but not on i386?
Thus said Daniel Dickman on Fri, 14 Dec 2018 20:45:11 -0500: > Try previous releases of OpenBSD/amd64 to check if radeondrm ever > worked for you on amd64. That was a fruitful suggestion. I tried 6.3 amd64 and it works. So somewhere after 6.3 a change was introduced that made this particular Radeon card not work. I'll see if I can discover which. What's the best way to bisect with CVS; update sources by date/time? > If you diff the dmesgs is there any other difference besides what's > already been reported? I don't believe there were any other significant diffences. At any rate, below is the diff (hopefully unified strategy is fine) between 6.3 and 6.4 dmesg for amd64, followed by the full dmesg output: --- dmesg-63.txtWed Dec 19 08:16:41 2018 +++ dmesg-64.txtWed Dec 19 08:16:41 2018 @@ -1,7 +1,7 @@ -OpenBSD 6.3 (GENERIC.MP) #107: Sat Mar 24 14:21:59 MDT 2018 -dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP +OpenBSD 6.4 (GENERIC.MP) #2: Tue Dec 18 13:17:16 CET 2018 + r...@syspatch-64-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 3739795456 (3566MB) -avail mem = 3619459072 (3451MB) +avail mem = 3617239040 (3449MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root @@ -15,7 +15,7 @@ acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) -cpu0: Intel(R) Pentium(R) D CPU 3.00GHz, 2992.98 MHz +cpu0: Intel(R) Pentium(R) D CPU 3.00GHz, 2993.02 MHz, 0f-06-04 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,CNXT-ID,CX16,xTPR,PDCM,NXE,LONG,LAHF,MELTDOWN cpu0: 2MB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 @@ -23,13 +23,14 @@ cpu0: apic clock running at 199MHz cpu0: mwait min=64, max=64 cpu1 at mainbus0: apid 1 (application processor) -cpu1: Intel(R) Pentium(R) D CPU 3.00GHz, 2992.59 MHz +cpu1: Intel(R) Pentium(R) D CPU 3.00GHz, 2992.58 MHz, 0f-06-04 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,CNXT-ID,CX16,xTPR,PDCM,NXE,LONG,LAHF,MELTDOWN cpu1: 2MB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 -ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins -, remapped to apid 8 -acpimcfg0 at acpi0 addr 0xf000, bus 0-63 +ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins, remapped +acpimcfg0 at acpi0 +acpimcfg0: addr 0xf000, bus 0-63 +acpimcfg0: addr 0x0, bus 0-0 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 5 (PCI4) acpiprt1 at acpi0: bus 2 (PCI2) @@ -41,6 +42,7 @@ acpicpu0 at acpi0: C1(@1 halt!) acpicpu1 at acpi0: C1(@1 halt!) acpibtn0 at acpi0: VBTN +acpicmos0 at acpi0 pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel 82945G Host" rev 0x00 ppb0 at pci0 dev 1 function 0 "Intel 82945G PCIE" rev 0x00: msi @@ -137,8 +139,17 @@ scsibus6 at vscsi0: 256 targets softraid0 at root scsibus7 at softraid0: 256 targets -root on sd0a (0c2217a59fb32e85.a) swap on sd0b dump on sd0b -radeondrm0: 1680x1050, 32bpp -wsdisplay0 at radeondrm0 mux 1: console (std, vt100 emulation), using wskbd0 +root on sd5a (f2d5da28e9d59e44.a) swap on sd5b dump on sd5b +initializing kernel modesetting (RV610 0x1002:0x94C1 0x1028:0x0D02). +drm:pid0:r600_init *ERROR* Expecting atombios for R600 GPU +drm:pid0:radeondrm_attachhook *ERROR* Fatal error during GPU init +[TTM] Memory type 2 has not been initialized +drm0 detached +radeondrm0 detached +vga1 at pci1 dev 0 function 0 "ATI Radeon HD 2400 XT" rev 0x00 +wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation), using wskbd0 wskbd1: connecting to wsdisplay0 -wsdisplay0: screen 1-5 added (std, vt100 emulation) +wsdisplay0: screen 1-5 added (80x25, vt100 emulation) +wsmouse0 detached +ums0 detached +uhidev2 detached OpenBSD 6.3 (GENERIC.MP) #107: Sat Mar 24 14:21:59 MDT 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 3739795456 (3566MB) avail mem = 3619459072 (3451MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf0450 (65 entries) bios0: vendor Dell Inc. version "A04" date 04/19/2006 bios0: Dell Inc. Dell DXP051 acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP SSDT APIC BOOT ASF! MCFG HPET acpi0: wakeup devices VBTN(S4) PCI0(S5) PCI4(S5) PCI2(S5) PCI3(S5) PCI1(S5) PCI5(S5) PCI6(S5) USB0(S3) USB1(S3) USB2(S3) USB3(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Pentium(R) D CPU 3.00GHz, 2992.98 MHz cpu0:
Re: radeondrm failure on amd64 but not on i386?
Thus said Allan Streib on Wed, 12 Dec 2018 14:09:06 -0500: > Stillhavingthis issueon-currentas ofDec10. > machdep.allowaperture=2 does get me past this, but am seeing > weird behavior, some regions of screens/terminals not painting or > refreshing. As far as I'm aware no progress has been made. It seems to be having a problem reading the ATOM BIOS and I haven't yet figured out a way to dump out what it is reading to disk so it can be analyzed. Maybe some of the commands from the other thread on bugs@ will lead to additional information. Another alternative, if you can, is to use i386 instead of amd64. I found that on i386 it does correctly detect the ATOM BIOS. Andy -- TAI64 timestamp: 40005c1431b9
Re: radeondrm failure on amd64 but not on i386?
Thus said Allan Streib on Tue, 27 Nov 2018 15:51:57 -0500: > The issue was also reported here, with no follups but more debug info: > > https://marc.info/?l=openbsd-bugs=153398230416756=2 That seems to be an identical problem, but definitely with more debug info. In my system, the card is also in a PCIe slot. By the way, it is possible to workaround the problem to some extent by just adding to sysctl.conf: machdep.allowaperture=2 X will then start up, but it won't be using the firmware. Andy -- TAI64 timestamp: 40005bfeb246
Re: radeondrm failure on amd64 but not on i386?
Thus said Allan Streib on Sun, 25 Nov 2018 21:54:45 -0500: > Same issue, also on a Dell machine with ATI Radeon HD 2400 XT. After Jonathan suggested adding some printf debug statements, I continued to do so and was able to see that the rdev->bios variable that is being inspected at lines 834--840 in radeon_bios.c has neither ATOM nor MOTA in the string at that address for amd64, but has ATOM for i386: tmp = rdev->bios_header_start + 4; if (!memcmp(rdev->bios + tmp, "ATOM", 4) || !memcmp(rdev->bios + tmp, "MOTA", 4)) { rdev->is_atom_bios = true; } else { rdev->is_atom_bios = false; } I suppose additional debug might involve writing the entire contents of rdev->bios to a file and then hexdump it? Andy -- TAI64 timestamp: 40005bfb8e86
Re: radeondrm failure on amd64 but not on i386?
Thus said Jonathan Gray on Mon, 19 Nov 2018 20:42:46 +1100: > > Thanks for the suggestion. Here's the additional output provided by your > > patch: > > > > radeon_atrm_get_bios false > > radeon_acpi_vfct_bios false > > igp_read_bios_from_vram false > > radeon_read_bios false > > radeon_read_disabled_bios true > > drm:pid0:r600_init *ERROR* Expecting atombios for R600 GPU > > drm:pid0:radeondrm_attachhook *ERROR* Fatal error during GPU init > > [TTM] Memory type 2 has not been initialized > > drm0 detached > > radeondrm0 detached > > Thanks, could you also show the i386 output with the patch? The output on i386 looks pretty much the same except for the failure: initializing kernel modesetting (RV610 0x1002:0x94C1 0x1028:0x0D02). radeon_atrm_get_bios false radeon_acpi_vfct_bios false igp_read_bios_from_vram false radeon_read_bios false radeon_read_disabled_bios true radeondrm0: 1680x1050, 32bpp wsdisplay0 at radeondrm0 mux 1: console (std, vt100 emulation), using wskbd0 Thanks, Andy -- TAI64 timestamp: 40005bf2d8c2
Re: radeondrm failure on amd64 but not on i386?
Thus said Jonathan Gray on Sat, 17 Nov 2018 14:08:53 +1100: > There are many ways of getting an atom bios it would be helpfull to > know which method is having trouble. Thanks for the suggestion. Here's the additional output provided by your patch: radeon_atrm_get_bios false radeon_acpi_vfct_bios false igp_read_bios_from_vram false radeon_read_bios false radeon_read_disabled_bios true drm:pid0:r600_init *ERROR* Expecting atombios for R600 GPU drm:pid0:radeondrm_attachhook *ERROR* Fatal error during GPU init [TTM] Memory type 2 has not been initialized drm0 detached radeondrm0 detached Thanks, Andy -- TAI64 timestamp: 40005bf24e83
radeondrm failure on amd64 but not on i386?
Hello, I recently installed OpenBSD 6.4 amd64 and radeondrm fails to load properly. I then installed OpenBSD 6.4 i386 on the same hardware (to a USB pendrive) and it works fine. Any ideas? dmesg for both follow: OpenBSD 6.4 (GENERIC.MP) #364: Thu Oct 11 13:30:23 MDT 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 3739795456 (3566MB) avail mem = 3617247232 (3449MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf0450 (65 entries) bios0: vendor Dell Inc. version "A04" date 04/19/2006 bios0: Dell Inc. Dell DXP051 acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP SSDT APIC BOOT ASF! MCFG HPET acpi0: wakeup devices VBTN(S4) PCI0(S5) PCI4(S5) PCI2(S5) PCI3(S5) PCI1(S5) PCI5(S5) PCI6(S5) USB0(S3) USB1(S3) USB2(S3) USB3(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Pentium(R) D CPU 3.00GHz, 2992.96 MHz, 0f-06-04 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,CNXT-ID,CX16,xTPR,PDCM,NXE,LONG,LAHF,MELTDOWN cpu0: 2MB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 199MHz cpu0: mwait min=64, max=64 cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Pentium(R) D CPU 3.00GHz, 2992.58 MHz, 0f-06-04 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,CNXT-ID,CX16,xTPR,PDCM,NXE,LONG,LAHF,MELTDOWN cpu1: 2MB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins, remapped acpimcfg0 at acpi0 acpimcfg0: addr 0xf000, bus 0-63 acpimcfg0: addr 0x0, bus 0-0 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 5 (PCI4) acpiprt1 at acpi0: bus 2 (PCI2) acpiprt2 at acpi0: bus -1 (PCI3) acpiprt3 at acpi0: bus 1 (PCI1) acpiprt4 at acpi0: bus 3 (PCI5) acpiprt5 at acpi0: bus 4 (PCI6) acpiprt6 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0: C1(@1 halt!) acpicpu1 at acpi0: C1(@1 halt!) acpibtn0 at acpi0: VBTN acpicmos0 at acpi0 pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel 82945G Host" rev 0x00 ppb0 at pci0 dev 1 function 0 "Intel 82945G PCIE" rev 0x00: msi pci1 at ppb0 bus 1 radeondrm0 at pci1 dev 0 function 0 "ATI Radeon HD 2400 XT" rev 0x00 drm0 at radeondrm0 radeondrm0: msi azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x01: msi azalia0: codecs: Sigmatel STAC9220/1 audio0 at azalia0 ppb1 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x01: msi pci2 at ppb1 bus 2 ppb2 at pci0 dev 28 function 4 "Intel 82801G PCIE" rev 0x01: msi pci3 at ppb2 bus 3 ppb3 at pci0 dev 28 function 5 "Intel 82801G PCIE" rev 0x01: msi pci4 at ppb3 bus 4 em0 at pci4 dev 0 function 0 "Intel 82573L" rev 0x01: msi, address 00:13:72:1a:ed:5c uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x01: apic 8 int 21 uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x01: apic 8 int 22 uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x01: apic 8 int 18 uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x01: apic 8 int 23 ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x01: apic 8 int 21 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 ppb4 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xe1 pci5 at ppb4 bus 5 "AT/Lucent FW322 1394" rev 0x61 at pci5 dev 5 function 0 not configured pcib0 at pci0 dev 31 function 0 "Intel 82801GH LPC" rev 0x01 pciide0 at pci0 dev 31 function 1 "Intel 82801GB IDE" rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility atapiscsi0 at pciide0 channel 0 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: ATAPI 5/cdrom removable atapiscsi1 at pciide0 channel 0 drive 1 scsibus2 at atapiscsi1: 2 targets cd1 at scsibus2 targ 0 lun 0: ATAPI 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 cd1(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 ignored (disabled) ahci0 at pci0 dev 31 function 2 "Intel 82801GR AHCI" rev 0x01: msi, AHCI 1.1 ahci0: port 0: 3.0Gb/s ahci0: PHY offline on port 1 ahci0: PHY offline on port 2 ahci0: PHY offline on port 3 scsibus3 at ahci0: 32 targets sd0 at scsibus3 targ 0 lun 0: SCSI3 0/direct fixed t10.ATA_ST3250824AS_5ND4HD0K sd0: 238418MB, 512 bytes/sector, 488281250 sectors ichiic0 at pci0 dev 31 function 3 "Intel 82801GB SMBus" rev 0x01: apic 8 int 17 iic0 at ichiic0 spdmem0 at iic0 addr 0x50: 1GB DDR2 SDRAM non-parity PC2-5300CL5 spdmem1 at iic0 addr 0x51: 1GB DDR2 SDRAM non-parity PC2-5300CL5 spdmem2 at iic0 addr 0x52: 1GB DDR2 SDRAM non-parity
Watch out for bad options in /var/run/rc.d/$daemon
Hello, Since I couldn't find any reference to this anywhere, I thought I would put out a description of the problem in the event that someone else runs into it with other daemons. At one point in time, identd -l had a different meaning than it does now. After upgrading, I noticed that identd was not running, thanks to the following section in the daily output email: Services that should be running but aren't: identd So I began investigating why it wasn't running and found the following in /var/log/messages: Jan 3 22:46:56 obsd identd[80696]: h/auth: no address associated with name Jan 3 22:46:56 obsd identd[84721]: child has gone Looking at the output, it seemed clear that something had changed, so I looked at the man page for identd, and sure enough, -l is now different. Previously, in /etc/rc.conf.local, I had: identd_flags="-elh" Which coincided with the error message. Clearly -lh meant that it was trying to look up a host named h, which doesn't exist, whereas before, -l meant to log to syslog. So, I removed the -l from identd_flags, and tried to restart the daemon. Much to my dismay, it failed to restart, even though I had corrected the problem in rc.conf.local. As it turns out, after further investigation, I discovered that the flags get cached in /var/run/rc.d/identd: $ cat /var/run/rc.d/identd daemon_class=daemon daemon_flags=-elh daemon_rtable=0 daemon_timeout=30 daemon_user=root pexp=identd: (listen|resolver) There's the offending -l that I thought I had removed! I can see why now: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc/rc.d/rc.subr?annotate=1.116 On line 109, the options that are cached in the _RC_RUNFILE override any that were provided before rc_cmd() was called. Not sure if this is a bug. How often does a command line option get repurposed for something else? At any rate, I wanted to give a heads up to anyone else who might end up with a daemon which refuses to restart, even after the options have been corrected. Andy -- TAI64 timestamp: 4000586c8fd2
Re: Making sense of ktrace
Thus said Jeff Ross on Wed, 23 Nov 2016 15:42:08 -0700: > The stack may indeed be too damaged--I get the following but it > doesn't look very helpful: More likely the symbols were stripped. Assuming this was installed from sources, edit conf-cc and add -g, then edit conf-ld and remove the -s: $ head -1 conf-cc cc -O2 -g $ head -1 conf-ld cc $ Then recompile and try again (e.g. get a new core file and run gdb again). Andy -- TAI64 timestamp: 4000583654c6
Re: How to handle different sections with new man.conf?
Thus said Ingo Schwarze on Fri, 01 Jul 2016 22:59:16 +0200: > >>> manpath /usr/local/lib/tcl/tcl8.5/man > >>> manpath /usr/local/lib/tcl/tcl8.6/man > > That's not necessarily a good idea; it adds both directories to the > default search path, so you may end up seeing Tcl documentation when > looking for something completely different. I see. I was just blindly copying the old directories that I had defined in man.conf prior to the upgrade without realizing that they wouldn't have the same effect. The goal was to have both sets of man pages available but allow me to choose which version of the man pages to read from. > Then again, nothing wrong with that if you do indeed want to have both > Tcl dirs searched by default... If I understand it, however, I don't really think it will have the intended effect, and while they would both be searched by default, matches would always come from tcl8.5 and the only time tcl8.6 would match is when there is a difference that exists in tcl8.6 only but not in tcl8.5. > But i also said: > > "So far, there is no noticeable demand -> KISS." True enough. My attempts at retaining prior behavior are certainly not ``noticeable demand.' :-) I'll toy around with shell aliases and see where that goes. Thanks for looking at it. Andy -- TAI64 timestamp: 4000577dd304
How to handle different sections with new man.conf?
Hello, Using OpenBSD 5.8-stable. I used to have the following in /etc/man.conf: tcl85 /usr/local/lib/tcl/tcl8.5/man/ tcl86 /usr/local/lib/tcl/tcl8.6/man/ Which made it easy to view one or the other by using the section argument: man tcl85 Tcl man tcl86 Tcl man(1) still appears to be documented to have this functionality: man [-acfhklw] [-C file] [-I os=name] [-K encoding] [-M path] [-m path] [-O option=value] [-S subsection] [-s section] [-T output] [-W level] [section] name ... ^ But I see no way of expressing it in the new man.conf or addressing it in the command line. Here is what I have added according to the new man.conf(5): manpath /usr/local/lib/tcl/tcl8.5/man manpath /usr/local/lib/tcl/tcl8.6/man But I don't see how to use [section] anymore. man(1) does mention using [-s section] with n as the section, but that only seems to display the first match of tcl8.5 and does not allow further granularity (as far as I can tell). Have I missed something in the man pages, or what am I doing wrong? Thanks, Andy -- TAI64 timestamp: 4000576f0095
Re: OT: Looking for email host with qmail like minus-addressing for custom domain
Thus said Gilles Chehade on Thu, 03 Mar 2016 22:48:57 +0100: > > I don't see this as necessarily an argument for or against - vs + > > > > too bad, it means my friend jean-pierre will not be able to be hosted > by you if you already host my other friend jean ;-) This is true, obviously. If one user has jean and jean-* then clearly jean-pierre@ is already taken. That doesn't mean I cannt host your friend jean-pierre, it just means he cannot have jean-pierre@, maybe he will settle for jean_pierre@ or jean+pierre@, or any other combination that suits him and allowed by the hosting software/MTA. Given the predominence of @gmail.com email addresses, clearly this is not a problem for the majority of people in the email world. There can only ever be one jean-pie...@gmail.com, right? Which means if your friend jean-pierre has jean-pie...@gmail.com, then necessarily my friend jean-pierre cannot also have jean-pie...@gmail.com. Bummer. Andy -- TAI64 timestamp: 400056d916f3
Re: OT: Looking for email host with qmail like minus-addressing for custom domain
Thus said "Constantine A. Murenin" on Thu, 03 Mar 2016 15:09:46 -0600: > > The MTA will decide who will get foo-bar@. > > How? A /dev/mind RPC? :-) Because the MTA is configured to handle it? :-) > And what happens if a "conflicting" user gets created after a mail was > sent, but before it was delivered? "This behaviour is undefined"? I'm not exactly sure what you mean by conflicting... The MTA, again, will already be configured to deal with addresses and mapping them to users. And the behavior is not undefined. If an email address exists and the MTA knows about the email address it will get delivered if the username configured to receive it exists. If the MTA knows about it, but the OS doesn't know about it, the MTA will queue it up until the local user who is supposed to receive it is created. If the username exists and the MTA doesn't have an email address for it, the email will bounce. My MTA can handle both + and - for email addresses and can map email addresses to local users in any fashion that the OS supports. For example, let's assume I have a local user named foo and I have assigned an email address foo@ and I have configured that email address to accept wildcard extensions (e.g. foo-*@ gets delivered to username test). Then, I create a local user named foo-bar. Clearly now, I cannot give the local username foo-bar an email address of foo-bar@ because, well, that is already superceded by test's wildcard claim on the address. Assuming that I had to give the user that username, what email address could I give him? Anything I want, as long as it is not part of foo-*@ I have the following mapping which permits username foo to receive email for foo@, foo-*@, and foo+*@, and another mapping which permits username foo-bar to receive email for foo_bar@ and foo_bar-*@: =foo:foo:1004:1004:/home/foo:-:: +foo-:foo:1004:1004:/home/foo:-:: +foo+:foo:1004:1004:/home/foo:-:: =foo_bar:foo-bar:1003:1003:/home/foo-bar:-:: +foo_bar:foo-bar:1003:1003:/home/foo-bar:-:: Is this sensible to do? Who knows, but the point is, just because - exists in usernames doesn't necessarily mean that it shouldn't be used in email extensions. Must there be a one-to-one mapping between email addresses and local usernames? In many systems it is typical for the email address to not even remotely resemble a local username. Thanks, Andy -- TAI64 timestamp: 400056d912b2
Re: OT: Looking for email host with qmail like minus-addressing for custom domain
Thus said Gilles Chehade on Thu, 03 Mar 2016 10:14:48 +0100: > Who should get mail for foo-bar@ ? The MTA will decide who will get foo-bar@. > This just doesn't happen with + because: It also doesn't happen with an MTA that can figure these things out. I don't see this as necessarily an argument for or against - vs + Andy -- TAI64 timestamp: 400056d8a13e
Re: Industrial use of line printers, does/would your company/organization use them with our lpd?
Thus said Chris Cappuccio on Thu, 18 Feb 2016 17:09:38 -0800: > aren't there plenty of simple pre-processor scripts that people are > using with lp to turn whatever into some output for simple dumb > printers? CUPS is so annoying and stupid, it's not even funny Perhaps apsfilter? Andy -- TAI64 timestamp: 400056c676d2
Re: Industrial use of line printers, does/would your company/organization use them with our lpd?
Thus said Tobias Ulmer on Wed, 17 Feb 2016 19:51:28 +0100: > No really, it is outdated beyond rescue. But it does work (at least in some configurations). To enable my PostScript printers, all I have to do is add a single line to /etc/printcap... well, maybe 2 lines. printer:\ :lp=:rm=printer:rp=lp:sd=/var/spool/output/printer:\ :lf=/var/log/lpd-errs:sh: That's it. Can it be more simple? CUPs is a nightmare, however it too works if one wants to spend the time with it. For non-PostScript printers, it would be nice to be able to just use :if: in the printcap (which I do use successfully with another non-PostScript printer): :if=/var/spool/output/printer/filter Of course, this would require the ability to figure out what kinds of things need to go into the filter. I suppose this is one of the things that CUPs tries to solve but without the simplicity of :if: Anyway, just some musings. Is there anyone else out there using lpr/lpd/lprm from base? Maybe I'm the only one? Thanks, Andy -- TAI64 timestamp: 400056c556b3
Re: letsencrypt && https && openbsd.org = https://www.openbsd.org/
Thus said Tati Chevron on Fri, 11 Dec 2015 13:16:23 +: > On the other hand, if somebody actually received a fake OpenBSD CD in > the mail, and it was discovered, it would be a huge news story within > the IT industry. A bad download, much less so. My OpenBSD 5.7 CD arrived with a green label affixed to the shipping packaging that claimed it had been inspected by some U.S.A. customs department. It had actually been opened and resealed and the green label placed on it to inform me of said tampering. Did anything change? Is this a fake CD? Who knows. I do know that there was an extra CD in the shipment by The OpenBSD Store, apparently because there were problems with first stamping of the CD. Hopefully signify will protect in this case. Andy -- TAI64 timestamp: 4000566c62a4
Re: letsencrypt && https && openbsd.org = https://www.openbsd.org/
Thus said Jason Barbier on Tue, 08 Dec 2015 10:14:37 -0800: > It is a read only site, the privacy you seek is breached as soon as > you make a DNS call to openbsd.org Not to mention the Subject on the SSL certificate will most likely be www.openbsd.org, and perhaps there's also SNI, all of which is transmitted in the plain. If one wants privacy on a website then more is required than just HTTPS. Andy -- TAI64 timestamp: 4000566a5669
Re: random.seed question
Thus said Paul de Weerd on Thu, 26 Nov 2015 15:54:11 +0100: > I'd recommend trying to keep such changes to a minimum: this will be > overwritten when you upgrade and it becomes a maintenance burden. Do files in /etc no longer undergo a round of sysmerge before being written? Thanks, Andy -- TAI64 timestamp: 400056575beb
Re: LPR/LPD does not run filters
Thus said Jona Joachim on Sun, 25 Oct 2015 15:11:01 +0100: > I was tired of CUPS so I decided keep it simple and stupid and use > lpd/lpr. Strangely, things don't work out as expected. It seems that > lpd never executes input filters. I have a system running standard lpd on OpenBSD 5.3 which works with a filter. I have: lp|parallel:\ :lp=/dev/lpa0:\ :br#57600:\ :rm=:\ :rp=:\ :mx#0:\ :sd=/var/spool/output/parallel:\ :lf=/var/log/lpd-errs:\ :sh:\ :if=/var/spool/output/parallel/filter So at least as of OpenBSD 5.3 filters worked just find with the standard lpd. I cannot say for newer versions as I have not yet upgraded, but I don't know why it should cease to work. Andy -- TAI64 timestamp: 4000562d5f56
Re: Maybe OT: OpenSSH connection failure unless verbose
Thus said Quartz on Sat, 01 Aug 2015 19:00:56 -0400: good day: ssh user@server = works just like it should What about ssh -v user@server on a good day? And more specifically, if you run ssh -v on both a good day and a bad day, what does diff between the two outputs show? Andy -- TAI64 timestamp: 400055bd5813
Re: Audio Boost for Sndio
Thus said tekk on Sat, 11 Jul 2015 08:30:00 -0700: So e.g. mixerctl -v inputs.dac-0:1=255 sets it to 174,174? Exactly. inputs.dac-{0:1,2:3}=$value_above_174 simply sets it to 174. It would be more helpful if instead of describing the problem that you would just copy/paste the result of running the command and report that in an email. For example: $ mixerctl -v record.adc-0:1=255 record.adc-0:1: 120,120 - 248,248 Thanks, Andy -- TAI64 timestamp: 400055a14376
Re: bypass xlock/slock
Thus said Alex Greif on Mon, 09 Mar 2015 10:25:28 +0100: - run X session with startx Run: exec startx Instead. Andy -- TAI64 timestamp: 400054fdc9c3
Re: What's wrong with script(1)?
Thus said openda...@hushmail.com on Tue, 27 Jan 2015 23:03:35 +: 1. Why does it use CRLF line endings? 2. What's with all the startup noise? man script: ``script makes a typescript of everything printed on your terminal.'' more can handle the output. less -r can also handle it. Andy -- TAI64 timestamp: 400054c81db4
Re: CRYPT rounds vs. performance
Thus said whoami toask on Sat, 03 Jan 2015 17:18:04 -0500: *- Does the rounds affect the disk performance, ex.: 1000 vs. 10 000 000**? OR it just ONLY affects the time until the password unlocks the CRYPT device? Yes, unless I'm mistaken, it really only affects how long it takes to generate the key from the passphrase. Once the key is in memory, the number of rounds is no longer really relevant. Also, one of the primary reasons for having salts/rounds is to protect against offline attacks against the password database (e.g. someone obtains /etc/master.passwd and begins to hash passwords until a match is found) using rainbow tables. With random salts and large rounds it will be extremely prohibitive to crack all the passwords in the database. In the case of an encrypted volume, however, we aren't talking about a password database with all kinds of usernames/passwords. We're talking about a single key derived from a passphrase which means salts/rounds don't have the same implications as they do for an offline attack against a database. In this case, it would seem that the best protection is a larger number of rounds (bioctl defaults to 8192 according to the man page). Andy -- TAI64 timestamp: 400054a881c2
Re: DNS: how to verify glue NS records?
Thus said Alexei Malinin on Fri, 05 Dec 2014 15:49:59 +0300: - the question is - how and with what tools (dig, host, nslookup, or maybe C or Perl libs) can I verify the NS glue records in the parent zone of my ISP (zone transfers are denied)? The entries in the ADDITIONAL SECTION below are ``glue records'' for the NS records in the ANSWER SECTION. The problem you have, however, DNS resolvers are going to have to make a lot of additional DNS requests to be able to determine if the glue can be used. For the glue to be immediately trusted, it would have to be in-bailiwick (e.g. ns1.0-15.66.233.212.in-addr.arpa and ns2.0-15.66.233.212.in-addr.arpa). But, At any rate, there you have it, glue is found in the ADDITIONAL SECTION: $ dig ptr 1.0-15.66.233.212.in-addr.arpa @ns1.agtel.net ; DiG 9.4.2-P2 ptr 1.0-15.66.233.212.in-addr.arpa @ns1.agtel.net ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 37069 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 6, ADDITIONAL: 7 ;; QUESTION SECTION: ;1.0-15.66.233.212.in-addr.arpa.IN PTR ;; ANSWER SECTION: 1.0-15.66.233.212.in-addr.arpa. 43200 IN PTRdynamic-212-233-66-1.amt.ru. ;; AUTHORITY SECTION: 0-15.66.233.212.in-addr.arpa. 43200 IN NS ns58-cloud.nic.ru. 0-15.66.233.212.in-addr.arpa. 43200 IN NS ns1.agtel.net. 0-15.66.233.212.in-addr.arpa. 43200 IN NS ns2.agtel.net. 0-15.66.233.212.in-addr.arpa. 43200 IN NS ns4-l5.nic.ru. 0-15.66.233.212.in-addr.arpa. 43200 IN NS ns8-l5.nic.ru. 0-15.66.233.212.in-addr.arpa. 43200 IN NS ns54-cloud.nic.ru. ;; ADDITIONAL SECTION: ns1.agtel.net. 600 IN A 212.111.64.132 ns2.agtel.net. 600 IN A 212.233.88.2 ns4-l5.nic.ru. 25082 IN A 91.217.20.13 ns8-l5.nic.ru. 36736 IN A 91.217.21.13 ns54-cloud.nic.ru. 19033 IN A 195.253.64.16 ns54-cloud.nic.ru. 19033 IN 2a01:5b0:4::10 ns58-cloud.nic.ru. 12582 IN A 195.253.65.16 ;; Query time: 273 msec ;; SERVER: 212.111.64.132#53(212.111.64.132) ;; WHEN: Sun Dec 7 23:03:49 2014 ;; MSG SIZE rcvd: 354 Andy -- TAI64 timestamp: 400054854018
Re: How to log in automatically to GUI?
Thus said Clint Pachl on Mon, 01 Sep 2014 05:24:02 -0700: FYI: $@ equals -p -- USER where USER is the username entered at the login prompt. I never would have guessed that the -p option was included. Yes, it does allow any USER to login without a password by just typing the username at the prompt followed by Enter---this does not exclude root, however, I don't think it would be hard to modify the script to exclude root (or any other user), or force the username, etc... I just wanted to point out that this still requires someone to enter a valid username to get a login session. Is it possible to bypass even this step and just get a user login session (i.e., auto-login)? I never did figure out how to bypass this step. Andy -- TAI64 timestamp: 40005404ad11
Re: How to log in automatically to GUI?
Thus said Clint Pachl on Mon, 25 Aug 2014 16:36:26 -0700: If someone knows how to do this properly via getty(8), I would be very interested. I've used this successfully (not sure how proper it is): /etc/ttys: ttyC0 /usr/libexec/getty console.nopw vt220 on secure /etc/gettytab: console.nopw:\ :sp#9600:lo=/usr/bin/autologin: /usr/bin/autologin: #!/bin/sh exec /usr/bin/login -f $@ Andy -- TAI64 timestamp: 400053fdfaea
Re: ksh (vi mode): discard line after editing with fc?
Thus said Alessandro DE LAURENZIS on Tue, 22 Apr 2014 21:46:57 +0200: I'm wondering how I could discard (not execute) a line after having loaded it into vi (fc -e vi, or v for brevity in vi-mode). Delete the command like you would any other line in vi that you don't want saved anymore: dd :wq For multiline: dG :wq Or you could comment it out. Andy -- TAI64 timestamp: 400053576832
Re: resolver question
Thus said Peter J. Philipp on Tue, 24 Dec 2013 17:33:10 +: I was browsing http://chealth.canoe.ca when I saw the above log. I'm supposing the resolver looks up chealth.canoe.ca, and then eventually does a lookup for chealth.canoe.ca.centroid.eu. centroid.eu is the domain I configured in resolv.conf by means of DHCP. You have a some options: 1) Change your habits to use a fully qualified domain name; e.g., a domain name that ends with a final/trailing dot. chealth.cano.ca is ambiguous (perhaps not in your brain, but to a computer, it doesn't know that you really mean chealth.canoe.ca. which is absolute). So use http://chealth.canoe.ca./ (note the trailing dot). 2) Don't configure a search option in /etc/resolv.conf as each domain listed in the search is appended to the query in order. E.g., if you have centroid.eu and google.com in your search, then your DNS resolver will take chealth.canoe.ca and append centroid.eu., attempt to resolve it but fail. Then it will take chealth.canoe.ca and append google.com., attempt to resolve it but fail, and then finally it will try chealth.canoe.ca., attempt to resolve it and receive a successful response. Andy -- TAI64 timestamp: 400052b9ecb0
Re: Are there any default password managers in OpenBSD?
Thus said Christian Weisgerber on Sat, 07 Dec 2013 18:52:25 +: Also, your editor may scatter additional cleartext copies around, for instance vi's recovery files. Assuming /home is on an encrypted disk, that can be partially remedied by using something like the following in ~/.exrc: set recdir=/home/username/tmp/vi.recover Of course that won't help other editors---I leave it to the users of those editors to do their homework. Andy -- TAI64 timestamp: 400052a377ad
Re: DNS problem
Thus said Chris Smith on Fri, 06 Dec 2013 11:31:23 -0500: Basically, four of my networks are not getting an answer for a specific mx query from dyn.com's DNS server. Yet every other DNS cache I've queried works just fine (Google, Level3, Hurricane Electric, Comcast, etc.) and dyn's support claims there is no problem on their end and all of their tests return the proper answer just as one of my networks does. Seems dyn might be doing a transparent load balancing proxy for their DNS; what else could account for the strange TTL jumping around below? Perhaps they have a bad server in the pool that you just happen to hit consistently due to some hashing. Notice the first query is 3600 (normal given that is the TTL). The second query shows it took me 3 seconds to issue the query again. But the third shows a sudden jump in time of almost 5 minutes. $ env DNSCACHEIP=216.146.35.35 dnsqr mx lwtitle.com 15 lwtitle.com: 133 bytes, 1+1+2+0 records, response, noerror query: 15 lwtitle.com answer: lwtitle.com 3600 MX 0 lwtitle-com.mail.protection.outlook.com authority: lwtitle.com 3600 NS ns22.domaincontrol.com authority: lwtitle.com 3600 NS ns21.domaincontrol.com $ env DNSCACHEIP=216.146.35.35 dnsqr mx lwtitle.com 15 lwtitle.com: 133 bytes, 1+1+2+0 records, response, noerror query: 15 lwtitle.com answer: lwtitle.com 3597 MX 0 lwtitle-com.mail.protection.outlook.com authority: lwtitle.com 3597 NS ns22.domaincontrol.com authority: lwtitle.com 3597 NS ns21.domaincontrol.com $ env DNSCACHEIP=216.146.35.35 dnsqr mx lwtitle.com 15 lwtitle.com: 133 bytes, 1+1+2+0 records, response, noerror query: 15 lwtitle.com answer: lwtitle.com 3350 MX 0 lwtitle-com.mail.protection.outlook.com authority: lwtitle.com 3350 NS ns22.domaincontrol.com authority: lwtitle.com 3350 NS ns21.domaincontrol.com Then a few more seconds passed and I see: $ env DNSCACHEIP=216.146.35.35 dnsqr mx lwtitle.com 15 lwtitle.com: 133 bytes, 1+1+2+0 records, response, noerror query: 15 lwtitle.com answer: lwtitle.com 3095 MX 0 lwtitle-com.mail.protection.outlook.com authority: lwtitle.com 3095 NS ns22.domaincontrol.com authority: lwtitle.com 3095 NS ns21.domaincontrol.com $ env DNSCACHEIP=216.146.35.35 dnsqr mx lwtitle.com 15 lwtitle.com: 133 bytes, 1+1+2+0 records, response, noerror query: 15 lwtitle.com answer: lwtitle.com 3331 MX 0 lwtitle-com.mail.protection.outlook.com authority: lwtitle.com 3331 NS ns22.domaincontrol.com authority: lwtitle.com 3331 NS ns21.domaincontrol.com Has anything changed recently with the NS records for lwtitle.com? Do you get the same results if you query one of the other well known public DNS resolvers like 8.8.8.8? Andy -- TAI64 timestamp: 400052a25f91
Re: sudo configuration !ttytickets?
Thus said Michael W. Lucas on Wed, 11 Sep 2013 20:59:08 -0400: This, well, kind of surprised me. I'm sure you folks have thought this through in much more detail than I have, but I can't find anything on the rationale behind it. Is sudo enabled for any non-root users by default? Andy -- TAI64 timestamp: 40005231482b
Re: pf and apache
Thus said Matt Morrow on Thu, 28 Feb 2013 23:07:30 -0600: Apache is running on a slackware box. I can access apache just fine internally by using the ip address of that server (192.168.1.70), but if I access the ip of the openbsd box (192.168.1.60) I just get an error that the server is not available. It should be forwarding port 80 to the slackware box. I'm going to guess from your description that you are trying to rdr-to on the same interface. The documentation says: Redirections cannot reflect packets back through the interface they arrive on, they can only be redirected to hosts connected to different interfaces or to the firewall itself. The next section discusses using NAT... might be what you're after. Andy -- TAI64 timestamp: 4000513040c3
Re: softraid RAID1 + CRYPTO error writing metadata
Thus said Joel Sing on Sat, 09 Feb 2013 16:44:11 +1100: umount via DUID does not work currently - this will be fixed shortly after the next release freeze has ended. Will that also include shutdown of softraid via DUID? e.g., bioctl -d DUID Or is this not even possible? Thanks, Andy -- TAI64 timestamp: 40005116045e
Re: Syslog to remote server and local file
Thus said Joakim Aronius on Thu, 01 Nov 2012 17:54:28 BST: !!spamd daemon.err;daemon.warn;daemon.info /var/log/spamd daemon.err;daemon.warn;daemon.info @logserver A careful reading of man syslog.conf would seem to indicate that you can do something like: !spamd daemon.err;daemon.warn;daemon.info /var/log/spamd !!spamd daemon.err;daemon.warn;daemon.info @logserver Andy
Re: avoiding icmp redirect storm
Thus said Jose Fragoso on Thu, 18 Oct 2012 15:01:39 EDT: Some are. But I think that the firewall is generating redirects only when it sees other icmp redirects from other sources. We need to identify the source of the packets that are causing the ICMP redirects and then identify the source of the actual ICMP redirect packets themselves. The fact that you have two logical subnets on the same interface might be a contributing factor (I've seen this before but I don't recall under what conditions). If you look at /usr/src/sys/netinet/ip_input.c, 'round about line 1480, it will give you all the conditions underwhich OpenBSD will send ICMP redirects. Any chance that you could send some tcpdump output showing both the source of the packets and then the ICMP redirect packets being sent in response? Anyway, I would like to stop that. But how? I tried to block using PF and also tried sysctl. Before you can stop anything you have to understand what is going on. At this point it's too early to say how to stop it because there isn't enough information to determine the cause. In general, ICMP redirects only get sent by gateway systems. Do you have other gateways involved here? Perhaps your OpenBSD firewall is forwarding packets to another gateway and it the next hop is on the same interface that the packet arrived on, so it sends your OpenBSD an ICMP redirect. Perhaps a host on sk0 is sending to another subnet routed through sk0, and your OpenBSD firewall is sending ICMP redirect s. Too much guess work at this point to know what you can do to stop it. So, let's see if we can identify the source IP, the destination IP, and which IP is sending the redirects in a few situations. Andy
Re: avoiding icmp redirect storm
Thus said Jose Fragoso on Wed, 17 Oct 2012 07:39:31 EDT: I see a lot of icmp redirect packets in the network using tcpdump. What's the source of these? Are you sure they aren't being generated by your firewall? Do you have multiple aliases representing logically different subnets on the same interface? How about the output of netstat -nr -finet and also ifconfig -a? Andy
Re: IPSEC VPN performance
Thus said Jim Miller on Mon, 01 Oct 2012 11:20:06 EDT: # dd if=/dev/zero bs=1000 count=100 | nc -v 172.16.2.2 12345 What if you try a different bs? $ dd if=/dev/zero bs=1000 count=100 /dev/null 100+0 records in 100+0 records out 10 bytes transferred in 1.102 secs (907004798 bytes/sec) vs $ dd if=/dev/zero bs=1 count=10 /dev/null 10+0 records in 10+0 records out 10 bytes transferred in 0.163 secs (6112058480 bytes/sec) That looks like an order of magnitude to me... not sure what you'll get with client/server over the network, but can't hurt to try. Andy
Re: filtering hostnames on syslog
Thus said Friedrich Locke on Mon, 14 May 2012 21:06:57 -0300: Every log from ip address a.b.c.d will be written to /var/log/host-x Every log from ip address x.y.z.k will be written to /var/log/host-y http://smarden.org/socklog/ This will allow you to do what you ask. Andy
Re: pid file for ldapd(8)
Thus said Joel Carnat on Fri, 27 May 2011 14:55:23 +0200: Is there a way to tell ldapd(8) to write it's PID in /var/run ? One way of dealing with this is using supervise[1] and do away grep/pid files altogether. Here's a run script that would do: #!/bin/sh exec 21 exec /usr/sbin/ldapd -d [1] http://cr.yp.to/daemontools.html Andy
Re: Problems attaching tty to display driver other than vga(4)
Thus said T on Fri, 13 May 2011 12:52:38 +0200: udl0 at uhub1 port 1 DisplayLink LILLIPUT USB Monitor rev 2.00/1.24 addr 2 max_dotclock according to supported modes: 29000 wsdisplay1 at udl0 mux 1 wsdisplay1: screen 0 addded (std, vt100 emulation) I'm just guessing here, but it would seem that it didn't add any screens for wdisplay to use. Here is what a VGA monitors says: wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) wskbd0 at pckbd0: console keyboard, using wsdisplay0 wskbd1: connecting to wsdisplay0 Andy
Radeon HD 4850 and drmRadeonCmdBuffer: -22.
Misc, After patching pcidevs (included below) I was able to get the kernel to recognize a Radeon HD 4850, however, attempts to run something that uses GL result in the following errors: $ xlock -nolock -mode random -modelist allgl drmRadeonCmdBuffer: -22. Kernel failed to parse or rejected command stream. See dmesg for more info. From dmesg: error: [drm:pid20952:r300_emit_carefully_checked_packet0] *ERROR* Register 4e4c failed check as flag=00 error: [drm:pid20952:r300_do_cp_cmdbuf] *ERROR* r300_emit_packet0 failed I found a question about a similar card here: http://marc.info/?l=openbsd-miscm=129338059513546w=2 The links seemed to indicate that there were some changes made to both Linux and FreeBSD, and it would appear that those changes have already been made to OpenBSD as well. Is there something else that I might be missing? The card works fine, just no acceleration. Also, I tried without RADEON_IS_MOBILITY (this isn't a laptop, but maybe it actually uses the same code), but without it, the system locks up hard and is completely unresponsive with dead video signal. Is it going to be possible to get acceleration working with this? If so, any pointers? Here is a complete dmesg: OpenBSD 4.8-stable (GENERIC.MP) #5: Wed Feb 23 23:42:51 MST 2011 r...@angmar.bradfordfamily.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Core(TM)2 Duo CPU E6850 @ 3.00GHz (GenuineIntel 686-class) 3.01 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM real mem = 3756552192 (3582MB) avail mem = 3685130240 (3514MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 11/18/09, BIOS32 rev. 0 @ 0xfb990, SMBIOS rev. 2.4 @ 0xf (72 entries) bios0: vendor Phoenix Technologies, LTD version ASUS P5N-E SLI ACPI BIOS Revision 1406 date 11/18/2009 bios0: ASUSTeK Computer INC. P5N-E SLI acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP MCFG APIC SSDT acpi0: wakeup devices HUB0(S5) XVRA(S5) XVRB(S5) XVRC(S5) XVRD(S5) UAR1(S5) PS2M(S4) PS2K(S4) USB0(S4) USB2(S4) AZAD(S5) MMAC(S5) MMCI(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 333MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 Duo CPU E6850 @ 3.00GHz (GenuineIntel 686-class) 3.01 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM ioapic0 at mainbus0: apid 4 pa 0xfec0, version 11, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 4 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 3 (HUB0) acpicpu0 at acpi0 acpicpu1 at acpi0 acpitz0 at acpi0: critical temperature 75 degC acpibtn0 at acpi0: PWRB aibs0 at acpi0 aibs0: FSIF: misformed package: 3/5, assume 5 bios0: ROM list: 0xc/0xfa00 0xd/0x8000! 0xd8000/0x2000! pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 NVIDIA C55 Host rev 0xa2 NVIDIA C55 Memory rev 0xa1 at pci0 dev 0 function 1 not configured NVIDIA C55 Memory rev 0xa1 at pci0 dev 0 function 2 not configured NVIDIA C55 Memory rev 0xa1 at pci0 dev 0 function 3 not configured NVIDIA C55 Memory rev 0xa1 at pci0 dev 0 function 4 not configured NVIDIA C55 Memory rev 0xa2 at pci0 dev 0 function 5 not configured NVIDIA C55 Memory rev 0xa1 at pci0 dev 0 function 6 not configured NVIDIA C55 Memory rev 0xa1 at pci0 dev 0 function 7 not configured NVIDIA C55 Memory rev 0xa1 at pci0 dev 1 function 0 not configured NVIDIA C55 Memory rev 0xa1 at pci0 dev 1 function 1 not configured NVIDIA C55 Memory rev 0xa1 at pci0 dev 1 function 2 not configured NVIDIA C55 Memory rev 0xa1 at pci0 dev 1 function 3 not configured NVIDIA C55 Memory rev 0xa1 at pci0 dev 1 function 4 not configured NVIDIA C55 Memory rev 0xa1 at pci0 dev 1 function 5 not configured NVIDIA C55 Memory rev 0xa1 at pci0 dev 1 function 6 not configured NVIDIA C55 Memory rev 0xa1 at pci0 dev 2 function 0 not configured NVIDIA C55 Memory rev 0xa1 at pci0 dev 2 function 1 not configured NVIDIA C55 Memory rev 0xa1 at pci0 dev 2 function 2 not configured ppb0 at pci0 dev 3 function 0 NVIDIA C55 PCIE rev 0xa1 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 ATI Mobility Radeon HD 4850 rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) radeondrm0 at vga1: apic 4 int 16 (irq 11) drm0 at radeondrm0 azalia0 at pci1 dev 0 function 1 ATI Radeon HD 48xx HD Audio rev 0x00: apic 4 int 16 (irq 11) azalia0: no supported codecs azalia0: initialization failure, detaching ppb1 at pci0 dev 7 function 0 NVIDIA C55 PCIE rev 0xa1 pci2 at ppb1 bus 2 jmb0 at pci2 dev 0 function 0 JMicron JMB360 SATA rev 0x02 ahci0 at jmb0: apic 4 int 16 (irq 11),
Re: Radeon HD 4850 and drmRadeonCmdBuffer: -22.
Thus said Joe Snikeris on Thu, 24 Feb 2011 10:03:06 EST: On Thu, Feb 24, 2011 at 3:09 AM, Andy Bradford amb-open...@bradfords.org wrote: Also, I tried without RADEON_IS_MOBILITY (this isn't a laptop, but maybe it actually uses the same code), but without it, the system locks up hard and is completely unresponsive with dead video signal. Without this set, does it lock up every time or just sometimes? I'm experiencing intermittent lockups with my HD4870. It seems to happen more often when I've been in X, leave X, and then go back to X; although this is just a half-assed theory. That's a good question. The first time it locked up it was enough for me and I put the option back in. It wasn't just the video card that locked up, the system was entirely locked up and unresponsive and required fsck after. You're more than welcome to add RADEON_IS_MOBILITY and see if your lock ups go away. I'm not sure which cards this is *supposed* to be set with. Andy
Re: Shutdown option in gnome-session
Thus said dave shar on Mon, 10 Jan 2011 10:49:26 +0800: I have installed kde3 and gnome2 on my box. I use kdm to load desktop sessions. There is no shutdown option available in gnome-session. How do I get shutdown reboot options working in gnome-session. If you're running 4.8 and you have a decent motherboard with ACPI, just press the power button. This should run a clean shutdown. Andy
Re: pf and DNS
Thus said Girish Venkatachalam on Fri, 07 Jan 2011 16:26:01 +0530: Due to this , whatever IP address pf(4) knows at the time of ruleset loading alone works. Use pfctl and a cronjob to periodically update a table. Kludgey, sure... Andy
Re: [OT] Mail Archive Management
Thus said Josh Smith on Sun, 19 Dec 2010 08:07:45 EST: Weather or not I keep it in mbox format or convert it to something else - what sort of tools are out there to break it up into multiple archives by year or perhaps sender? There's mbox2maildir out there. You might also look at mail/mairix in ports. Andy
Re: Erased Files Recovery
Thus said Predrag Punosevac on Fri, 26 Nov 2010 10:32:16 EST: Sorry for this hasty e-mail. I have a Thanksgiving emergency here. Namely, my wife has accidentally erased all the pictures from her Sony camera (FAT 16 file system). Can anybody point me to any forensic tools in ports which can be used to recover the files. sysutils/sleuthkit in ports might be able to handle this. First thing you want to do is use dd to make an image of the disk and work from that. Hopefully this will work with the media that your camera uses. Andy
Re: bgplgsh via telnet
Thus said Max Clark on Sat, 13 Nov 2010 07:54:00 PST: I've experimented with tcpserver from the ucspi package without success. How do I give access to the bgplgsh application only via telnet? Probably because you are missing a tty. If you also install ptyget[1] you might be able to accomplish it with something like: tcpserver -v 0 1234 ptyrun /usr/bin/login -f -u bgplg bgplg or maybe: tcpserver -u `id -u bgplg` -g `id -g bgplg` -v 0 1234 ptyrun /usr/bin/bgplgsh Andy [1] http://cr.yp.to/software/ptyget-0.50.tar.gz
Re: expect and spawn
Thus said Aaron Martinez on Tue, 09 Nov 2010 09:48:15 CST: # sh -x 227254.test Why are you telling sh to interpret an expect script? Why not try: $ expect 227254.text 227254.test[3]: spawn: not found + interact { 227254.test[4]: interact: not found + 034 exit 227254.test[5]: 034: not found 227254.test[6]: syntax error: `}' unexpected These errors are all produced by sh. sh is trying to execute the commands in 227254.test and is it any wonder that it doesn't recognize the words spawn, interact, 034, and says there is a syntax error? Is the format of his expect script all wrong or?? No, you are using the wrong interpreter. Andy
Re: 回覆: how to viewing packet data?
Thus said jo...@wonghome.net on Wed, 22 Sep 2010 08:43:16 +0800: I want to get is something like that Data: Post /from.php?q=123 abc.com Can tcpdump -X do that? if yes, can you give me one example? You probably want tcptrace or ssldump. Lately, however, ssldump doesn't work and returns: ERROR: Couldn't create network handler So you might need to fiddle with the source code if you use ssldump. Andy
Re: OpenBSD Dell Latitude E6500 built in wireless
Thus said Bryan on Tue, 14 Sep 2010 07:30:19 CDT: I have the e6500, but I bought a Hawking HWUG1 (attaches as rum(4) ). Does WPA/WPA2 quite well, and has an external removable antenna. What authenticationmethods have you beenable to use? username/password? Certificate? Or only pre-shared key? I too have been looking to connect to WPA2 networks, however, on occasion they require username/password. Thanks, Andy
Re: OpenSSHd
Thus said Pete Vickers on Mon, 13 Sep 2010 10:59:56 +0200: Any clues what I'm doing wrong ? Google seems to hint that the chroot directory might have to be owned by root, but that seems strange, since users couldn't then write files in their own home ? Maybe start by reading the man page sshd_config(5) instead of relying on google? :-) It seems to suggest, as you indicate, that the chroot directory must be root owned. But what I believe is more important is that you missed the following: ChrootDirectory Specifies a path to chroot(2) to after authentication. This path, and all its components, must be root-owned directories that are not writable by any other user or group. After the chroot, sshd(8) changes the working directory to the user's home directory. This would seem to indicate to me that you need a structure like: /chroot/home/pete And then you would set: ChrootDirectory /chroot You might want to read the rest of the section for ChrootDirectory. It's also possible that I have misinterpreted the man page. Andy
Re: OpenSSHd
Thus said Pete Vickers on Mon, 13 Sep 2010 16:32:08 +0200: r...@container ~ tail /etc/ssh/sshd_config # all non-wheel users should be chrooted to home and sftp only # Match Group !wheel ForceCommand internal-sftp ChrootDirectory /home AllowTcpForwarding no X11Forwarding no The first problem is your Match command. The documentation seems to indicate that the negation character `!' is only to be used in a pattern-list which is defined as ``a comma-separated list of patterns.'' I suspect that your Match pattern is not working correctly. Try Match User pete and see if it succeeds as you expect. Probably what you should do is create a special chroot group and add all the users that you want to impose this upon to that group. The second problem is that your ChrootDirectory is not structured properly. When authentication happens, it will chroot there and then it will attempt to change directory to the users home directory, however, you haven't indicated whether or not you created one: /home/home/pete Without this structure, when the chroot happens, the user will be chroot'ed to /home and then will have to do his own cd to pete and all user directories will be found in /. Andy
Re: OpenSSHd
Thus said Pete Vickers on Mon, 13 Sep 2010 16:32:08 +0200: Match Group !wheel Forget my last suggestion. :-) Just make a pattern-list and use: Match Group *,!wheel Andy
Re: OpenBSD 4.6 + carp + pf + pfsync lockup
Thus said Claudio Jeker on Sat, 11 Sep 2010 11:28:31 +0200: Wrong UDP is normaly not a fully defined 4 touple. Especially the listening sockets (on port 53) can be slammed with packets. On the other hand, if the recvbuffer overflows then packets just get dropped. Thank you for the clarification. So basically, when a socket is in the LISTEN state, if 80 1k UDP packets are sent concurrently to the server from 80 different source IPs, then roughly 50% of them will be dropped (assuming defaults), because the recvspace is dedicated only to this one socket. The recvspace for a response of DNS, on the other hand, isn't likely to be consumed because the only packets coming to it will be response datagrams from a single server answering the query, and even with DNSSEC, and an answer as large as the one returned for an ANY query of bugs.debian.org, the recvspace isn't likely to be flooded. TCP is the same except a socket is more distinct because of the connection tuple so the recvspace is more dedicated. The sendto() ENOBUFS errors that got mentioned have a different cause (in most cases the interface send queue is overflowed). Yes, I suspected that this reported error was unrelated to send/recv space, because once the recvspace is full. Thanks, Andy
Re: OpenBSD 4.6 + carp + pf + pfsync lockup
Thus said =?UTF-8?Q?Martin_Pelik=C3=A1n?= on Thu, 09 Sep 2010 12:21:17 +0200: It depends on what do you need. The defaults suffice for most cases, but on our most loaded router we use tcp both 256k and udp send space 65k (lots of dns). Just test it somewhere. Why would you need 65k UDP for DNS? Almost all UDP based DNS responses are under 512 bytes, those that are larger are required to set the truncated bit and the client restart the query using TCP. Andy
Re: OpenBSD 4.6 + carp + pf + pfsync lockup
Thus said Claudio Jeker on Fri, 10 Sep 2010 21:36:16 +0200: Because on busy servers you need to queue quite a few packets to handle bursts. I was under the impression that UDP is connectionless and therefore does not behave the same as a TCP connection. I would guess that send/recvspace for UDP relates somehow to the size of a UDP datagram, and that even if these UDP datagrams came in bursts, they would not be part of the same send/recvspace. Please correct me if I'm wrong as this is something I've been confused about. Is there possibly some kind of abstraction that treats UDP as connection oriented with respect to send/recvspace? After digging around a bit more I found the following in /usr/src/sys/netinet/udp_usrreq.c which suggests that at least sendspace is merely the datagram size: u_int udp_sendspace = 9216; /* really max datagram size */ u_int udp_recvspace = 40 * (1024 + sizeof(struct sockaddr_in)); /* 40 1K datagrams */ Even if in general all UDP datagrams from the same IP:PORT-IP:PORT combo go into the same recvspace, DNS does not normally use more than one packet for a response, and other responses will not match due to port randomization. Even with DNSSEC and EDNS0, should the default of 40 1K datagrams be sufficient to handle DNS packets? It's entirely possible that I have completely misunderstood how recvspace relates to connections (I haven't yet found a good exposition of this anywhere). Is recvspace per UDP/TCP connection or more of a generic space for TCP/UDP packets, regardless of connection? Thanks, Andy p.s. your Mail-followup-to wanted to send to both the list address and your own. I wasn't certain if this is what you intended, so I removed your address. :-)
Re: authpf-like functionality via a web interface?
Thus said Barry, Christopher on Tue, 02 Aug 2005 18:43:56 EDT: Authpf seems to do this via ssh, but I'll need to service non-ssh equipped sales folk, etc. Is there a project around that provides this functionality, or will I need to create it? What about redirecting to a webpage that offers a number of SSH clients for download? Andy -- GnuPG ID 0xA63888C9 (D2DA 68C9 BB2B 26B4 8204 2219 A43E F450 A638 88C9) [---[system uptime]] 9:58pm up 43 days, 6:36, 3 users, load average: 1.12, 1.23, 1.20