from:"Jiri B"

Re: sending mail from wordpress

2020-01-02 Thread Jiri B

https://wordpress.org/plugins/post-smtp/

j.

On Thu, Jan 2, 2020 at 1:44 PM Stuart Henderson  wrote:

> On 2020-01-02, Edgar Pettijohn  wrote:
> > I'm having trouble getting mail to go through wordpress.
>
> Confogure it to send by SMTP instead. (I don't use wordpress and can't
> help tell you exactly how, but it's definitely possible - search for
> e.g. "wordpress smtp authentication").
>
> > The mail() function is not disabled. If my reading of
> > class-phpmailer.php is correct it should see that sendmail_path is
> > defined and use sendmail instead of mail().
>
> Using mail() needs a /bin/sh binary inside the chroot jail. You are
> better off avoiding mail() where possible.
>
>
>

openrsync and rrsync - strange error on symlinks

2019-08-15 Thread Jiri B

Hi,

I use rrsync[1] wrapper in SSH key via `command=` option to restrict
mode and path of called rsync program.

I discovered some strange difference related to symlinks between rsync
and openrsync when called via rrsync wrapper.
openrsync errors with:

/usr/src/usr.bin/rsync/symlinks.c:48: error:
./pub/www/xx.info/themes/minimal/archetypes/test.md:
readlink: No such file or directory

even symlink is OK, see below.

Any idea what's going on?

Jiri

[1] https://www.samba.org/ftp/unpacked/rsync/support/rrsync

# sysctl kern.version
kern.version=OpenBSD 6.5-beta (GENERIC.MP) #192: Fri Aug  9 23:41:57 MDT 2019
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

GOAL


I'm trying to synchronize following test tree from remote OpenBSD
machine to a Linux client.

# uname -s ; find /data/share/testovic/ -ls
OpenBSD
153538568 drwxr-xr-x3 root wheel 512 Aug 15 23:26
/data/share/testovic/
153538570 -rw-r--r--1 root wheel   0 Aug 15 23:10
/data/share/testovic/test1
153538580 lrwxr-xr-x1 root wheel  12 Aug 15 23:10
/data/share/testovic/test2 -> /nonexistent
153538590 lrwxr-xr-x1 root wheel   5 Aug 15 23:20
/data/share/testovic/test3 -> test1
153538608 drwxr-xr-x3 root wheel 512 Aug 15 23:25
/data/share/testovic/pub
153538618 drwxr-xr-x3 root wheel 512 Aug 15 23:25
/data/share/testovic/pub/www
153538628 drwxr-xr-x3 root wheel 512 Aug 15 23:25
/data/share/testovic/pub/www/xx.info
153538638 drwxr-xr-x3 root wheel 512 Aug 15 23:25
/data/share/testovic/pub/www/xx.info/themes
153538648 drwxr-xr-x3 root wheel 512 Aug 15 23:25
/data/share/testovic/pub/www/xx.info/themes/minimal
153538658 drwxr-xr-x2 root wheel 512 Aug 15 23:26
/data/share/testovic/pub/www/xx.info/themes/minimal/archetypes
153538668 -rw-r--r--1 root wheel 865 Aug 15 23:26
/data/share/testovic/pub/www/xx.info/themes/minimal/archetypes/post.md
153538670 lrwxr-xr-x1 root wheel   7 Aug 15 23:26
/data/share/testovic/pub/www/xx.info/themes/minimal/archetypes/test.md
-> post.md

1 - /usr/local/bin/rsync via rrsync wrapper
=

rrsync should restrict to reads only and only from /data/share/testovic path

from="192.168.1.7",command="${HOME}/bin/rrsync -ro
/data/share/testovic/",restrict ssh-ed25519
C3NzaC1lZDI1NTE5IHd0j7FwSIF+b4QylSQHRoUyPR+9YQJrqj5jPngUmReC

from client, reading from remote machine:

# rsync -vva gw-share: ./
opening connection using: ssh gw-share rsync --server --sender
-vvlogDtpre.iLsfxC . .  (8 args)
receiving incremental file list
delta-transmission enabled
./
test1
test2 -> /nonexistent
test3 -> test1
pub/
pub/www/
pub/www/xx.info/
pub/www/xx.info/themes/
pub/www/xx.info/themes/minimal/
pub/www/xx.info/themes/minimal/archetypes/
pub/www/xx.info/themes/minimal/archetypes/post.md
pub/www/xx.info/themes/minimal/archetypes/test.md -> post.md
total: matches=0  hash_hits=0  false_alarms=0 data=865

sent 106 bytes  received 1,402 bytes  3,016.00 bytes/sec
total size is 889  speedup is 0.59

2 - openrsync via rrsync wrapper


# grep openrsync ${HOME}/bin/rrsync
use constant RSYNC => '/usr/bin/openrsync';

from="192.168.1.7",command="${HOME}/bin/rrsync -ro
/data/share/testovic/",restrict ssh-ed25519
C3NzaC1lZDI1NTE5IHd0j7FwSIF+b4QylSQHRoUyPR+9YQJrqj5jPngUmReC

# rsync -vva gw-share: ./
opening connection using: ssh gw-share rsync --server --sender
-vvlogDtpre.iLsfxC . .  (8 args)
receiving file list ... /usr/src/usr.bin/rsync/server.c:99: server
detected client version 31, server version 27, seed 334847798
/usr/src/usr.bin/rsync/server.c:102: server starting sender
/usr/src/usr.bin/rsync/symlinks.c:48: error:
./pub/www/xx.info/themes/minimal/archetypes/test.md:
readlink: No such file or directory
/usr/src/usr.bin/rsync/flist.c:985: error: symlink_read
/usr/src/usr.bin/rsync/flist.c:1032: error: flist_gen_dirent
/usr/src/usr.bin/rsync/sender.c:391: error: flist_gen
/usr/src/usr.bin/rsync/server.c:124: error: rsync_sender

rsync: connection unexpectedly closed (0 bytes received so far) [Receiver]
rsync error: error in rsync protocol data stream (code 12) at
io.c(226) [Receiver=3.1.3]

sysupgrade script diff for people with small /home

2019-08-12 Thread Jiri B

Hi,

see $subj, some people have so small /home and currently sysupgrade
doesn't like symlink to bigger partition. (I know that bad symlink can
make it explode.)

--- /usr/sbin/sysupgrade.orig   Mon Aug 12 19:07:11 2019
+++ /usr/sbin/sysupgradeMon Aug 12 18:51:28 2019
@@ -119,6 +119,7 @@ else
 fi

 if [[ -e ${SETSDIR} ]]; then
+   [[ -h ${SETSDIR} ]] && SETSDIR=$(readlink -f $SETSDIR)
eval $(stat -s ${SETSDIR})
[[ $st_uid -eq 0 ]] ||
 ug_err "${SETSDIR} needs to be owned by root:wheel"

j.

httpd not logging tls handshake failed if 'tls client ca ' used

2019-08-10 Thread Jiri B

Hi,

I was playing with CloudFlare Authenticated Origin Pulls, ie. httpd
configured with
'client ca "/etc/ssl/cloudflare_origin_pull.crt"' (ie. to allow only
tls request from specific tls client) and I see httpd is not logging
anything by default into either access.log or error.log. (But the
feature itself works ok.)

But it's logging if run in debug mode 'httpd -d -':

---%>---
server_tls_handshake: tls handshake failed - handshake failed:
error:140360C7:SSL routines:ACCEPT_SR_CERT:peer did not return a
certificate
server tls_default, client 1 (1 active), 199.195.251.62:18922 ->
176.74.139.218:443, tls handshake failed
---%<---

Is this expected behavior?

# sysctl kern.version
kern.version=OpenBSD 6.5-current (GENERIC) #176: Thu Aug  8 21:28:09 MDT 2019
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC

Re: Postscript printer recommendations

2019-07-13 Thread Jiri B

> On 2019-07-13, "Jonathan Drews"  wrote:
>
> > Hi Folks:  I need some recommendations on what brand of printers will
> > work
> > with Ghostscript (Postscript). The cartridges for my 15 year old HP
> > Deskjet have gotten too expensive. I know Xerox makes some
> > Postscript printers. Are there any other manufactureres of Postscript
> > printers?

Ghostscript is a filter app which converts various inputs to a PDL
(page definition language)
which a printer supports. I would recommend reading 'Printers' chapter
in older edition
of 'UNIX and Linux system administration handbook', it describes all
things in human
language :) Anyway, to learn more about printing, just write a filter
which would `cat' input
file to a 'output' file, you will see that top of the file data
contains additional info like user
invoking the printing etc... Very interesting for curious people.

j.

Re: Qemu Agent assistance needed

2019-04-29 Thread Jiri B

QGA depends on specific device name in /dev. Ideally the best would be
kernel-based support like vmt.

Dne po 29. 4. 2019 10:03 uživatel Solene Rapenne  napsal:

> On Sun, Apr 28, 2019 at 11:10:14AM +, Strahil Nikolov wrote:
> > Hi All,
> > I am new to openBSD and I really like the idea. Sadly I do not have
> > suitable hardware to run on , thus I use KVM and I would be happy if
> > anyone hint me of a working solution for Qemu Guest Agent.
> > Anything I dig up (via google searches) show up only suggestions , but
> > nothing more.In openBSD 6.4  I successfully installed qemu (and thus
> > the agent), but I can't understand how to get the device needed for
> > communication with the host up and running.
> > As I mainly know linux - I know that we need a kernel module that to
> > be loaded and with combination of udev rules - the devices is created
> > on the necessary location and with the correct rights.According to
> > many google findings - openBSD doesn't support any more loadable
> > kernel module support.
> > I have tried to figure it out by myself, but I cannot find the
> > necessary module needed, nor how to load it in a proper manner.
> > Any hint is well appreciated.
> > Best Regards,Strahil Nikolov
> >
>
> qemu on openbsd doesn't support any hardware acceleration, and the
> available version is quite old.
>
> I'm not sure it is compatible with libvirt.
>
>

Re: dell universal d6000 dock

2019-02-12 Thread Jiri B

Maybe you just face old diplayport issue like here

https://marc.info/?t=15169561314=1=2

and it is not related to docking station at all?

I gave up and I used to use DP->HDMI->DVI and USB-c>HDMI->DVI reductions :)

j.

On Tue, Feb 12, 2019 at 12:11 AM myml...@gmx.com  wrote:
>
> anybody
>
> On 2/5/19 5:17 PM, myml...@gmx.com wrote:
> > Hi,
> >
> > I am running current from Jan 21st on a dell latitude 7490 (dmesg
> > below) and was hoping to get a usb-c dock connected so that I could
> > use 2 display ports, the hdmi, eth and extra usb ports in one easy to
> > disconnect usb-c connection.
> >
> > The hdmi seems to work ok but I get the following errors in
> > /var/log/messages when I plug/unplug a display port.
> >
> > Feb  5 16:48:56 curry /bsd: uhub1 at uhub0 port 1 configuration 1
> > interface 0 "GenesysLogic USB2.1 Hub" rev 2.10/88.16 addr 5
> > Feb  5 16:48:56 curry apmd: battery status: high. external power
> > status: connected. estimated battery life 95%
> > Feb  5 16:48:57 curry /bsd: uhub2 at uhub1 port 2 configuration 1
> > interface 0 "GenesysLogic USB2.1 Hub" rev 2.10/88.17 addr 6
> > Feb  5 16:48:58 curry /bsd: uhub3 at uhub1 port 3 configuration 1
> > interface 0 "Genesys Logic USB2.0 Hub" rev 2.00/88.32 addr 7
> > Feb  5 16:48:59 curry /bsd: uhidev2 at uhub3 port 1 configuration 1
> > interface 0 "Bizlink D6000 Controller" rev 2.00/0.18 addr 8
> > Feb  5 16:48:59 curry /bsd: uhidev2: iclass 3/0, 1 report id
> > Feb  5 16:48:59 curry /bsd: uhid4 at uhidev2 reportid 1: input=0,
> > output=0, feature=1
> > Feb  5 16:48:59 curry /bsd: uhub4 at uhub0 port 13 configuration 1
> > interface 0 "GenesysLogic USB3.1 Hub" rev 3.10/88.16 addr 9
> > Feb  5 16:49:00 curry /bsd: uaudio0 at uhub4 port 1 configuration 1
> > interface 2 "DisplayLink Dell Universal Dock D6000" rev 3.10/31.27
> > addr 10
> > Feb  5 16:49:00 curry /bsd: uaudio0: audio descriptors make no sense,
> > error=4
> > Feb  5 16:49:00 curry /bsd: ugen1 at uhub4 port 1 configuration 1
> > "DisplayLink Dell Universal Dock D6000" rev 3.10/31.27 addr 10
> > Feb  5 16:49:01 curry /bsd: uhub5 at uhub4 port 2 configuration 1
> > interface 0 "GenesysLogic USB3.1 Hub" rev 3.10/88.17 addr 11
> > Feb  5 16:49:01 curry /bsd: uhub2 detached
> > Feb  5 16:49:01 curry /bsd: uhid4 detached
> > Feb  5 16:49:01 curry /bsd: uhidev2 detached
> > Feb  5 16:49:01 curry /bsd: uhub3 detached
> > Feb  5 16:49:01 curry /bsd: uhub1 detached
> > Feb  5 16:49:02 curry /bsd: uhub1 at uhub0 port 1 configuration 1
> > interface 0 "GenesysLogic USB2.1 Hub" rev 2.10/88.16 addr 5
> > Feb  5 16:49:03 curry /bsd: uhub2 at uhub1 port 2 configuration 1
> > interface 0 "GenesysLogic USB2.1 Hub" rev 2.10/88.17 addr 6
> > Feb  5 16:49:04 curry /bsd: uhub3 at uhub1 port 3 configuration 1
> > interface 0 "Genesys Logic USB2.0 Hub" rev 2.00/88.32 addr 7
> > Feb  5 16:49:05 curry /bsd: uhidev2 at uhub3 port 1 configuration 1
> > interface 0 "Bizlink D6000 Controller" rev 2.00/0.18 addr 8
> > Feb  5 16:49:05 curry /bsd: uhidev2: iclass 3/0, 1 report id
> > Feb  5 16:49:05 curry /bsd: uhid4 at uhidev2 reportid 1: input=0,
> > output=0, feature=1
> > Feb  5 16:49:53 curry /bsd: umass0 at uhub5 port 2 configuration 1
> > interface 0 "SanDisk Ultra" rev 3.00/1.00 addr 12
> > Feb  5 16:49:53 curry /bsd: umass0: using SCSI over Bulk-Only
> > Feb  5 16:49:53 curry /bsd: scsibus4 at umass0: 2 targets, initiator 0
> > Feb  5 16:49:53 curry /bsd: sd2 at scsibus4 targ 1 lun 0:  > Ultra, 1.00> SCSI4 0/direct removable serial.07815581200212119554
> > Feb  5 16:49:53 curry /bsd: sd2: 29328MB, 512 bytes/sector, 60063744
> > sectors
> > Feb  5 16:51:59 curry /bsd: error:
> > [drm:pid69604:intel_dp_aux_wait_done] *ERROR* dp aux hw did not signal
> > timeout (has irq: 1)!
> > Feb  5 16:54:57 curry /bsd: error:
> > [drm:pid69604:intel_pipe_update_start] *ERROR* Potential atomic update
> > failure on pipe B
> > Feb  5 16:55:56 curry /bsd: WARNING !wm_changed failed at
> > /usr/src/sys/dev/pci/drm/i915/intel_pm.c:3609
> > Feb  5 16:56:39 curry /bsd: uhub2 detached
> > Feb  5 16:56:39 curry /bsd: uhid4 detached
> > Feb  5 16:56:39 curry /bsd: uhidev2 detached
> > Feb  5 16:56:39 curry /bsd: uhub3 detached
> > Feb  5 16:56:39 curry /bsd: uhub1 detached
> > Feb  5 16:56:39 curry /bsd: uaudio0 detached
> > Feb  5 16:56:39 curry /bsd: ugen1 detached
> > Feb  5 16:56:39 curry /bsd: sd2 detached
> > Feb  5 16:56:39 curry /bsd: scsibus4 detached
> > Feb  5 16:56:39 curry /bsd: umass0 detached
> > Feb  5 16:56:39 curry /bsd: uhub5 detached
> > Feb  5 16:56:39 curry /bsd: uhub4 detached
> > Feb  5 16:56:40 curry apmd: battery status: high. external power
> > status: not connected. estimated battery life 95%
> > Feb  5 17:06:45 curry /bsd: error:
> > [drm:pid69604:intel_pipe_update_start] *ERROR* Potential atomic update
> > failure on pipe A
> >
> > Any thoughts?
> >
> > I have to return the dock in a couple of days but if there is any
> > procedures or output that someone would like to see in the

ssh-keygen returns 0 if there is at least one valid key passed via stdin

2019-02-11 Thread Jiri B

Hi,

what I was trying is to validate ssh public keys passed via stdin to
ssh-keygen. It seems one has to split each line before passing to
ssh-keygen as ssh-keygen would return 0 if there is at least one valid
key in the input.

Is this behaviour correct?

Jiri

$ cat /etc/fstab .ssh/id_rsa.pub | ssh-keygen -l -f - -v
debug1: (stdin):1: not a public key
debug1: (stdin):2: not a public key
debug1: (stdin):3: not a public key
debug1: (stdin):4: not a public key
debug1: (stdin):5: not a public key
debug1: (stdin):6: not a public key
debug1: (stdin):7: not a public key
debug1: (stdin):8: not a public key
debug1: (stdin):9: not a public key
debug1: (stdin):12: not a public key
debug1: (stdin):13: not a public key
debug1: (stdin):14: not a public key
2048 SHA256:3ig2wrDgHa2iNH/89HGFRx+YuP7X6febAZR+kxu3Drg  (RSA)
+---[RSA 2048]+
| |
|. +  |
|   . * . |
|.   * . o|
|. .. .  S  o = *.|
|...+o  . o. + o *|
| =.o+ +.o..+ . +o|
|o +  =.o. o o oo=|
|.  .. .. . E .o==|
+[SHA256]-+
$ sysctl kern.version
kern.version=OpenBSD 6.4 (GENERIC) #3: Thu Dec 20 18:31:57 CET 2018
r...@syspatch-64-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC

Re: Question about ~/.ssh/rc and internal-sftp

2019-02-06 Thread Jiri B

Yes, you can but then you cannot use `internal-sftp` because it is
"internal" sshd process.
You must populate chroot in your ChrootDirectory, on Linux you also
need to have /dev/log
there.

I use this solution to rsync uploaded files to other host.

Jiri

On Wed, Feb 6, 2019 at 10:49 AM Aleksandar Lazic  wrote:
>
> Hi.
>
> I hope this list is the right one to ask openssh questions, in case I'm wrong
> here please point me to the right list/channel, thanks.
>
> We use sftp for uploads and iWatch to post process the uploaded files.
>
> We have several Match blocks in our /etc/ssh/sshd_config
>
> ```
> Match User user001
> ForceCommand internal-sftp
> AllowAgentForwarding no
> AllowTcpForwarding no
> X11Forwarding no
> ChrootDirectory /home/user001
> ```
>
> Can I replace the ForceCommand with a script which triggers a post process
> tool and use Subsystem for internal-sftp ?
>
> Version: OpenSSH_7.2p2
> OS: Ubuntu 16.04 LTS
>
> The Idea is that after a successful upload a post process script is running
> so the we can remove the iWatch.
>
> Thank you for any help.
>
> Regards
> Aleks
>

Re: Getting traffic from rdomain X to talk to a daemon in default rdomain 0

2019-02-02 Thread Jiri B

Thank you, that works fine.


Jiri


On Thu, Jan 31, 2019 at 11:26 PM Sebastian Benoit  wrote:
>
> Jiri B(jiri...@gmail.com) on 2019.01.31 22:23:34 +0100:
> > Hello,
> >
> > I'm trying to isolate an app running on OpenBSD on network level and thus I
> > have started
> > the app in a specific rdomain.
> >
> > I can successfully make traffic from the rdomain to reach Internet:
> >
> > pass out quick on rdomain 1 to any nat-to (egress) rtable 0
>
> that rule is only evaluated when the packes pass through a network
> interface.
>
> > But I cannot figure out how to make the app in this rdomain 1 to communicate
> > which daemons in default rdomain (0).
> >
> > With above rule I would see something like this on lo0 (rdomain0):
> >
> > Jan 31 16:04:22.285915 199.195.x.x.60666 > 199.195.x.x.53: 14874+ NS? .(17)
> >
> > Tested with route -T 1 exec dig @199.195.x.x  www.openbsd.org.
> > It seems it does not know how to send back replies ?
>
> yes, because rdomain 0 does not have a route to what network you have in
> rdomain 1.
>
> Btw. its hard to talk about this without you giving the actual networks and
> IPs used.
>
> > Without 'nat-to (egress)' the replies would be just send via default gw in
> > rdomain 0:
> >
> > mx1# tcpdump -i vio0 -n -e -ttt icmp
> > tcpdump: listening on vio0, link-type EN10MB
> > Jan 31 16:08:27.053592 00:16:a1:5d:50:b6 00:12:f2:f2:1a:00 0800 98:
> > 199.195.x.x > 172.16.1.2: icmp: echo reply
> >
> > (172.16.1.2 was the IP in rdomain 1)
> >
> > Any idea what would be PF rule to make this working - ie. make an app in
> > rdomain X talk to daemons in rdomain 0.
> >
> > I also tried to use pair interfaces but I failed too.
>
> Try this:
>
> # set up two connected pair interfaces:
> ifconfig pair8 inet 192.168.2.8/24 rdomain 8
> ifconfig pair1 inet 192.168.2.1/24 rdomain 0
> ifconfig pair1 patch pair8
>
> # they now can ping each other:
> ping 192.168.2.8
> route -T 8 exec ping 192.168.2.1
>
> # my em0 interface in rdomain 0 has the IP 192.168.1.52:
> em0: flags=208847 mtu 
> 1500
> lladdr 44:c6:86:5a:c2:f7
> index 1 priority 0 llprio 3
> groups: egress
> media: Ethernet autoselect
> status: active
> inet 192.168.1.52 netmask 0xff00 broadcast 192.168.1.255
>
> # add a route to 192.168.1.52 to rdomain 8:
> route -T 8 add 192.168.1.52 192.168.2.1
> route -T 8 exec ping 192.168.1.52
>
> # the traffic back from rdomain 0 to rdomain 8 works now, because packets
> # are send with source ip 192.168.2.8, and rdomain 0 has a route to that IP
> # through pair1.
>
> Now run your service on 192.168.1.52.
>
> /Benno

Getting traffic from rdomain X to talk to a daemon in default rdomain 0

2019-01-31 Thread Jiri B

Hello,

I'm trying to isolate an app running on OpenBSD on network level and thus I
have started
the app in a specific rdomain.

I can successfully make traffic from the rdomain to reach Internet:

pass out quick on rdomain 1 to any nat-to (egress) rtable 0

But I cannot figure out how to make the app in this rdomain 1 to communicate
which daemons in default rdomain (0).

With above rule I would see something like this on lo0 (rdomain0):

Jan 31 16:04:22.285915 199.195.x.x.60666 > 199.195.x.x.53: 14874+ NS? .(17)

Tested with route -T 1 exec dig @199.195.x.x  www.openbsd.org.
It seems it does not know how to send back replies ?

Without 'nat-to (egress)' the replies would be just send via default gw in
rdomain 0:

mx1# tcpdump -i vio0 -n -e -ttt icmp
tcpdump: listening on vio0, link-type EN10MB
Jan 31 16:08:27.053592 00:16:a1:5d:50:b6 00:12:f2:f2:1a:00 0800 98:
199.195.x.x > 172.16.1.2: icmp: echo reply

(172.16.1.2 was the IP in rdomain 1)

Any idea what would be PF rule to make this working - ie. make an app in
rdomain X talk to daemons in rdomain 0.

I also tried to use pair interfaces but I failed too.

Jiri

serial for softraid devices

2018-09-04 Thread Jiri B .

Hi,

I have couple of softraid devices available in a box and when I do upgrade
I always have to check and not to make mistake which softraid device
I want to use as root disk.

If OpenBSD would have serial for softraid device I would just need to remember
the serial for my root disk.

This is similar output what install.sub's diskinfo() returns in installer:

# bioctl softraid0 | awk '$NF == "RAID1" { cmd=sprintf("bioctl -q %s",$(NF-1)); 
system(cmd); }'   
sd5: , serial (unknown)
sd6: , serial (unknown)
sd7: , serial (unknown)
sd8: , serial (unknown)
sd9: , serial (unknown)

Is it because bd_serial is not implemented for softraid devices?

$ ag bd_serial /usr/src/sys/ 
/usr/src/sys/dev/ic/ami.c
2037:   strlcpy(bd->bd_serial, ser, sizeof(bd->bd_serial));
2268:   bzero(>bd_serial, sizeof(bd->bd_serial));
2287:   strlcpy(bd->bd_serial, ser,
2288:   sizeof(bd->bd_serial));

/usr/src/sys/dev/ic/ciss.c
1068:   bd->bd_serial[0] = '\0';
1090:   strlcpy(bd->bd_serial, pdid->serial,
1091:   sizeof(bd->bd_serial));

/usr/src/sys/dev/ic/mpi.c
3386:   /* bd_serial[32]; */

/usr/src/sys/dev/pci/arc.c
2256:   strlcpy(bd->bd_serial, serial, sizeof(bd->bd_serial));

/usr/src/sys/dev/pci/mpii.c
3596:   scsi_strvis(bd->bd_serial, ppg->serial, sizeof(ppg->serial));

/usr/src/sys/dev/biovar.h
111:charbd_serial[32];  /* serial number */

Jiri

Re: Wake-on-LAN from suspended state

2018-04-25 Thread Jiri B

On Tue, Apr 24, 2018 at 10:11:44PM +0200, Paul de Weerd wrote:
> [...]
> em0 at pci0 dev 25 function 0 "Intel I217-LM" rev 0x04: msi, address 
> b8:ca:3a:93:03:e8

IIUC em does not support WOL. Am I right?

Jiri

Re: OpenBSD Xenocara supports "dummy" driver for headless X? (wd support FB resizing, Xvfb does not)

2018-03-29 Thread Jiri B

See https://marc.info/?l=openbsd-misc=151877018030790=2

Is it relevant?

Jiri

kernel panicing - linux sysrq capability

2018-03-16 Thread Jiri B

Hi,

IIUC we can panic kernel via writting to 'ddb.trigger' and
if we have 'ddb.panic=0' it would reboot.

But IIUC we are not not able to control what would happen
during this kernel panic in non-interactive mode, am I right?

I am asking because I'm working on porting corosync/pacemaker[1]
- HA stuff - and they make kernel panic[2] on Linux with 'b'[3] (immediate
reboot the system without syncing or unmounting them) or 'c'
(performing a kexec reboot in order to take a crashdump) under
some conditions.

[1] http://bit.ly/2IvFD9A
[2] https://fedoraproject.org/wiki/QA/Sysrq
[3] 
https://github.com/ClusterLabs/pacemaker/blob/edd67444e967a0c58a96aab1748b378eec3b40f9/lib/common/watchdog.c#L132

Jiri

Re: ld.so: openvpn: can't load library 'liblzo2.so.1.0'

2018-03-06 Thread Jiri B

On Tue, Mar 06, 2018 at 01:51:04PM +0100, Jeremie Courreges-Anglas wrote:
> On Mon, Mar 05 2018, Stuart Henderson  wrote:
> My guess is that ld.so throws away the library cache if it finds that
> it's stale, and thus can't know where liblzo2/liblz4 are to be found.
> The easy fix would be to make ld.so search in /usr/local by default, but
> I'm not sure this would be accepted.  So I just documented the
> LD_LIBRARY_PATH hack in the README instead.

There's no ld.so.hints as we rm -rf /var/run content:

# cat -n /etc/rc | egrep "(ldconfig|netstart|/var/run)"
   439  sh /etc/netstart
   450  sh /etc/netstart pfsync0
   463  (cd /var/run && { rm -rf -- *; install -c -m 664 -g utmp /dev/null 
utmp; })
   467  dmesg >/var/run/dmesg.boot
   483  rm -f /var/run/ypbind.lock
   564  if [[ -x /sbin/ldconfig ]]; then
   568  ldconfig $shlib_dirs

Anyway, thanks for ports doc update.

Jiri

linking libqb on openbsd fails

2018-03-05 Thread Jiri B

Hi,

I try to build libqb library and it fails with following output, any idea
what could be wrong there?

Originally reported at https://github.com/ClusterLabs/libqb/issues/299

(libqb is prerequisite for corosync/pacemaker stuff)

Jiri

=2E..
libtool: compile:  cc -DHAVE_CONFIG_H -I. -I../include -I../include/qb -I..=
/include -I../include -O2 -pipe -Wall -Wextra -Wunused -Wshadow -Wmissing-p=
rototypes -Wmissing-declarations -Wstrict-prototypes -Wpointer-arith -Wwrit=
e-strings -Wcast-align -Wbad-function-cast -Wmissing-format-attribute -Wflo=
at-equal -Wformat=3D2 -Woverlength-strings -Winit-self -Wuninitialized -Wun=
known-pragmas -Wno-unused-parameter -Wno-format-nonliteral -Wno-sign-compar=
e -MT strchrnul.lo -MD -MP -MF .deps/strchrnul.Tpo -c strchrnul.c  -fPIC -D=
PIC -o .libs/strchrnul.o
libtool: compile:  cc -DHAVE_CONFIG_H -I. -I../include -I../include/qb -I..=
/include -I../include -O2 -pipe -Wall -Wextra -Wunused -Wshadow -Wmissing-p=
rototypes -Wmissing-declarations -Wstrict-prototypes -Wpointer-arith -Wwrit=
e-strings -Wcast-align -Wbad-function-cast -Wmissing-format-attribute -Wflo=
at-equal -Wformat=3D2 -Woverlength-strings -Winit-self -Wuninitialized -Wun=
known-pragmas -Wno-unused-parameter -Wno-format-nonliteral -Wno-sign-compar=
e -MT strchrnul.lo -MD -MP -MF .deps/strchrnul.Tpo -c strchrnul.c -o strchr=
nul.o >/dev/null 2>&1
cc -E -xc -I../include -D_GNU_SOURCE -C -P qblog_script.ld.in \
  | sed -n "/$(sed -n '/^[^#]/{s/[*\/]/\\&/g;p;q;}' qblog_script.ld.in)/,$ =
p" \
  > qblog_script.ld
/usr/local/bin/libtool  --tag=3DCC   --mode=3Dlink cc -pthread -O2 -pipe   =
   -Wall -Wextra -Wunused -Wshadow -Wmissing-prototypes -Wmissing-declarati=
ons -Wstrict-prototypes -Wpointer-arith -Wwrite-strings -Wcast-align -Wbad-=
function-cast -Wmissing-format-attribute -Wfloat-equal -Wformat=3D2 -Woverl=
ength-strings -Winit-self -Wuninitialized -Wunknown-pragmas -Wno-unused-par=
ameter -Wno-format-nonliteral -Wno-sign-compare  -version-info 19:0:19  -o =
libqb.la -rpath /usr/local/lib libqb_la-util.lo libqb_la-hdb.lo libqb_la-ri=
ngbuffer.lo libqb_la-ringbuffer_helper.lo libqb_la-array.lo libqb_la-loop.l=
o libqb_la-loop_poll.lo libqb_la-loop_job.lo libqb_la-loop_timerlist.lo lib=
qb_la-ipcc.lo libqb_la-ipcs.lo libqb_la-ipc_shm.lo libqb_la-ipc_setup.lo li=
bqb_la-ipc_socket.lo libqb_la-log.lo libqb_la-log_thread.lo libqb_la-log_bl=
ackbox.lo libqb_la-log_file.lo libqb_la-log_syslog.lo libqb_la-log_dcs.lo l=
ibqb_la-log_format.lo libqb_la-map.lo libqb_la-skiplist.lo libqb_la-hashtab=
le.lo libqb_la-trie.lo libqb_la-unix.lo   libqb_la-loop_poll_kqueue.lo  str=
chrnul.loqblog_script.la=20

*** Warning: This system can not link to static lib archive qblog_script.la.
*** I have the capability to make that library automatically link in when
*** you link to this library.  But I can only do this if you have a
*** shared version of the library, which you do not appear to have.
libtool: link: cc -shared  -fPIC -DPIC -o .libs/libqb.so.19.0  .libs/libqb_=
la-util.o .libs/libqb_la-hdb.o .libs/libqb_la-ringbuffer.o .libs/libqb_la-r=
ingbuffer_helper.o .libs/libqb_la-array.o .libs/libqb_la-loop.o .libs/libqb=
_la-loop_poll.o .libs/libqb_la-loop_job.o .libs/libqb_la-loop_timerlist.o .=
libs/libqb_la-ipcc.o .libs/libqb_la-ipcs.o .libs/libqb_la-ipc_shm.o .libs/l=
ibqb_la-ipc_setup.o .libs/libqb_la-ipc_socket.o .libs/libqb_la-log.o .libs/=
libqb_la-log_thread.o .libs/libqb_la-log_blackbox.o .libs/libqb_la-log_file=
=2Eo .libs/libqb_la-log_syslog.o .libs/libqb_la-log_dcs.o .libs/libqb_la-lo=
g_format.o .libs/libqb_la-map.o .libs/libqb_la-skiplist.o .libs/libqb_la-ha=
shtable.o .libs/libqb_la-trie.o .libs/libqb_la-unix.o .libs/libqb_la-loop_p=
oll_kqueue.o .libs/strchrnul.o-pthread -O2 -pthread   -pthread -Wl,/usr=
/ports/pobj/libqb-1.0.3/libqb-1.0.3/lib/qblog_script.ld
/usr/bin/ld: section __verbose [002351f8 -> 00236a7f] overl=
aps section .bss [00225060 -> 00235f87]
cc: error: linker command failed with exit code 1 (use -v to see invocation)
gmake[2]: *** [Makefile:740: libqb.la] Error 1
gmake[2]: Leaving directory '/usr/ports/pobj/libqb-1.0.3/libqb-1.0.3/lib'
gmake[1]: *** [Makefile:513: all-recursive] Error 1
gmake[1]: Leaving directory '/usr/ports/pobj/libqb-1.0.3/libqb-1.0.3'
gmake: *** [Makefile:438: all] Error 2
*** Error 2 in . (/usr/ports/infrastructure/mk/bsd.port.mk:2742 '/usr/ports=
/pobj/libqb-1.0.3/.build_done')
*** Error 1 in /usr/ports/devel/libqb (/usr/ports/infrastructure/mk/bsd.por=
t.mk:2419 'all')

$ sysctl kern.version  =
   =
  =20
kern.version=3DOpenBSD 6.3-beta (GENERIC) #25: Fri Mar  2 22:51:43 MST 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC

$ /usr/ports/pobj/libqb-1.0.3/bin/cc -v=20
OpenBSD clang version 5.0.1 (tags/RELEASE_501/final) (based on

Re: ld.so: openvpn: can't load library 'liblzo2.so.1.0'

2018-03-05 Thread Jiri B

On Mon, Mar 05, 2018 at 01:14:05PM +0200, Atanas Vladimirov wrote:
> Hi,
> 
> Bringing up an old thread to let you know that the problem is still present
> in -current snapshot.
> Shall I send a proper bug report to bugs@?
> Thanks.

No, why?

Works as expected, you start OpenVPN too early, thus you need
that workaround.

> starting network
> em0: bound to 95.87.227.232 from 95.87.227.225 (64:87:88:58:b2:b8)
> ld.so loading: 'openvpn'
> [...]
> loading: liblz4.so.2.0 required by /usr/local/sbin/openvpn
> ld.so: openvpn: can't load library 'liblz4.so.2.0'
> Killed
> reordering libraries: done.

See...:

# egrep -n '(sh /etc/netstart$|/sbin/ldconfig)' /etc/rc
439:sh /etc/netstart
564:if [[ -x /sbin/ldconfig ]]; then

Thus, /var/run/ld.so.hints does not exist in time when you
start OpenVPN.

Jiri

booting fedora 27 under vmm is somehow possible

2018-02-19 Thread Jiri B

Hi,

there are maybe some collegues at my work who maybe would be interested to try
running Fedora under vmm.

So I made following notes about how to boot Fedora 27 under VMM.
Although it does still take ages for Fedora to boot with networking enabled, 
wtf!

VMM output and Fedora 27 dmesg below.

IMO next steps - after Fedora is up - should be to disable cloud-init (as it 
would
timeout because it needs to get data via network), disable ipv6 and probably NTP
client/server as it takes ages to complete boot, probably modify grub2 with
'tsc=unstable'.

Jiri

- messages

Feb 20 23:27:20 t470s vmd[76516]: vcpu_process_com_data: guest reading com1 
when not ready
Feb 20 23:27:21 t470s last message repeated 2 times
Feb 20 23:27:22 t470s vmd[76516]: vioblk_notifyq: unsupported command 0x8
Feb 20 23:27:25 t470s last message repeated 4 times

- trying to mount_ext2fs partition from raw image via vnd0i.

Feb 20 23:26:58 t470s /bsd: ext2fs: unsupported incompat features 0x2c2

- steps

# cd /home
# ftp 
http://mirror.vutbr.cz/fedora/releases/27/CloudImages/x86_64/images/Fedora-Cloud-Base-27-1.6.x86_64.raw.xz
# xz -d -c /home/Fedora-Cloud-Base-27-1.6.x86_64.raw.xz > /home/fedora.raw

# mkdir cloud-init

# cat meta-data < user-data < /etc/sysctl.d/disableipv6.conf
* systemctl disable cloud-init 
* poweroff

# vmctl start "fedora" -d /home/fedora.raw -m 2G -c -L -i 1

- vmm boot & dmesg/systemd stuff

# vmctl start "fedora" -d /home/fedora.raw -m 2G -c -r /home/fedora-cidata.iso
vmctl: starting without network interfaces
Connected to /dev/ttyp2 (speed 115200)
Changing serial settings was 0/0 now 3/0
SeaBIOS (version 1.10.2p5-OpenBSD-vmm)
BUILD: gcc: (GCC) 4.2.1 20070719  binutils: 2.17
enabling shadow ram
Unable to unlock ram - bridge not found
RamSize: 0x8000 [cmos]
malloc preinit
malloc init
RamSizeOver4G: 0x [cmos]
init ivt
init bda
init bios32
init keyboard
init pic
math cp init
pci setup
=== PCI bus & bridge init ===
PCI: pci_bios_init_bus_rec bus = 0x0
=== PCI device probing ===
PCI probe
Found 5 PCI devices (max PCI bus is 00)
=== PCI new allocation pass #1 ===
PCI: check devices
=== PCI new allocation pass #2 ===
PCI: IO: 1000 - 4fff
PCI: 32: 8000 - fec0
PCI: map device bdf=00:01.0  bar 0, addr 1000, size 1000 [io]
PCI: map device bdf=00:02.0  bar 0, addr 2000, size 1000 [io]
PCI: map device bdf=00:03.0  bar 0, addr 3000, size 1000 [io]
PCI: map device bdf=00:04.0  bar 0, addr 4000, size 1000 [io]
PCI: init bdf=00:00.0 id=0b5d:0666
PCI: init bdf=00:01.0 id=1af4:1005
PCI: init bdf=00:02.0 id=1af4:1001
PCI: init bdf=00:03.0 id=1af4:1004
PCI: init bdf=00:04.0 id=0b5d:0777
PCI: No VGA devices found
No apic - only the main cpu is present.
init timer
Scan for VGA option rom
init virtio-blk
found virtio-blk at 00:02.0
pci dev 00:02.0 using legacy (0.9.5) virtio mode
virtio-blk 00:02.0 blksize=512 sectors=8388608
Registering bootable: Virtio disk PCI:00:02.0 (type:2 prio: data:f0a60)
init virtio-scsi
found virtio-scsi at 00:03.0
pci dev 00:03.0 using legacy (0.9.5) virtio mode
virtio-scsi vendor='OpenBSD' product='VMM CD-ROM' rev='001' type=5 removable=1
Registering bootable: DVD/CD [virtio-scsi Drive OpenBSD VMM CD-ROM 001] (type:3 
prio: data:f0a20)
init serial
Found 1 serial ports
Scan for option roms
Registering bootable: Legacy option rom (type:129 prio: data:bf03)
Searching bootorder for: HALT
Mapping hd drive 0x000f0a60 to 0
drive 0x000f0a60: PCHS=0/0/0 translation=lba LCHS=522/255/63 s=8388608
Mapping cd drive 0x000f0a20
Running option rom at bf00:0003

Google, Inc.
Serial Graphics Adapter 11/27/17
SGABIOS 20100422 (_) Mon Nov 27 22:20:55 UTC 2017
Term: 0x87
4 0
malloc finalize
Space available for UMB: c-ee800, f-f09f0
Returned 245760 bytes of ZoneHigh
e820 map has 6 items:
  0:  - 0009f800 = 1 RAM
  1: 0009f800 - 000a = 2 RESERVED
  2: 000f - 0010 = 2 RESERVED
  3: 0010 - 7fffc000 = 1 RAM
  4: 7fffc000 - 8000 = 2 RESERVED
  5: fffc - 0001 = 2 RESERVED
locking shadow ram
Unable to lock ram - bridge not found
Jump to int19
enter handle_19:
  NULL
BBttiinngg  ffrroomm  HHaarrdd  DDiisskk..

Booting from :7c00
.
Use the ^ and v keys to change the selection.
...
  Fedora (4.13.9-300.fc27.x86_64) 27 (Cloud Edition)

   The selected entry will be started automatically in 1s.
   The selected entry will be started automatically in 0s.
...
unimplemented handle_15XX:330:

   a=ec00  b=0002  c=  d= ds=9000 es=9000 ss=9000
  si= di= bp= sp=8f70 cs=9000 ip=02fc  f=0003
unimplemented handle_16XX:224:
   a=0305  b=  c=  d= ds=9000 es=9000 ss=9000
  si= di= bp= sp=8f70 cs=9000 ip=02fc  f=0003
unimplemented handle_15XX:330:
   a=e980  b=

make release-sets - question

2018-02-18 Thread Jiri B

Hello,

I try to understand why 'release-sets' does copy kernel.tgz from DESTDIR
into OS /usr? Could anybody explain the logic behind?

Thank you.

build1$ sed -n '/^release-sets:$/,/^$/p' /usr/src/etc/Makefile  
release-sets:
su ${BUILDUSER} -c 'exec ${MAKE} distribution'
su ${BUILDUSER} -c 'exec ${MAKE} kernels'
cp -p ${DESTDIR}/usr/share/relink/kernel.tgz 
/usr/share/relink/kernel.tgz
${MAKE} bootblocks
cd ${RELEASEDIR} && rm -f SHA256
cd ../distrib/sets && exec su ${BUILDUSER} -c 'exec sh maketars 
${OSrev}'

Jiri

vmctl status - output order

2018-02-17 Thread Jiri B

I can't read C but how do you sort vmctl status output?

host1# vmctl status
   ID   PID VCPUS  MAXMEM  CURMEM TTYOWNER NAME
6 99046 12.0G698M   ttyp4jirib build1
1 93692 12.0G917M   ttyp7jirib jirib1
7 - 1512M   -   -jirib archive1

Not by ID, not by PID, names order with preference of alive VMs?
Wouldn't be ID best for order?

It would be great if there would be systat vmm (?) with similar
output and refreshing data.

Jiri

Re: VMM VM - 'dummy' based driver-based X11 server inside, not possible?

2018-02-16 Thread Jiri B

On Fri, Feb 16, 2018 at 09:42:25PM +0200, Dumitru Mi?u Moldovan wrote:
> On 02/16/18 10:14, Jiri B wrote:
> 
> […]
> 
> > I'll try to clarify my use case further. I'd like to attach of a persistent
> > remote display session in screen/tmux-like manner.
> > 
> > IIUC a 'persistent' disqualifies X11 forwarding over SSH, and it
> > disqualifies usage of "remote" DISPLAY=$ip:$display too.
> > 
> > Thus, IIUC, X11 server needs to run on remote OS as well, and because the VM
> > does not have real graphical card, it does need a kind of fake X11 server.
> > 
> > Xvfb or X11 native 'dummy'-driver based solution should work, the graphics
> > itself can be later attached in screen/tmux-like manner via VNC for example.
> > 
> > Solutions I'm aware:
> > 
> > - X11 forwarding (not persistent)
> > - X11 with remote DISPLAY (not persistent)
> > - X11 'dummy' driver (not working in VMM VM)
> > - Xvfb (works but seems slower/obsoleted by X11 native 'dummy' driver)
> > 
> 
> Might want to add this to your list: https://www.xpra.org/ (have never
> tried it, but advertises itself as "screen for X11").

IIUC xpra uses 'dummy' X11 driver but I haven't checked too deeply
as there's no port for it right now.

Jiri

Re: VMM VM - 'dummy' based driver-based X11 server inside, not possible?

2018-02-16 Thread Jiri B

On Fri, Feb 16, 2018 at 12:19:44AM -0800, Mike Larkin wrote:
> Xvfb + x11vnc worked fine in the test I just did.

Yes, it does, thanks for confirmation.

I was curious why X11 'dummy' mode does not if it should be
used in environments without graphical card for headless X11
server.

Maybe it does not work as our xf86-video-dummy is old,
https://github.com/freedesktop/xorg-xf86-video-dummy/commit/87249af5faf85c8d093e910c069faa4db0aee843#diff-67e997bcfdac55191033d57a16d1408a

I'll stick to Xvfb for now and I'll give a try to build
newer xf86-video-dummy.

Jiri

Re: VMM VM - 'dummy' based driver-based X11 server inside, not possible?

2018-02-16 Thread Jiri B

On Thu, Feb 15, 2018 at 06:48:53PM -0800, Mike Larkin wrote:
> > > what are you trying to accomplish?
> > 
> > A persistent remote display session, ie. xenodm->wm or users one accessible
> > via VNC with x11vnc.
> > 
> I found a solution to do this with about 1 minute of google searching. What
> are you finding difficult?

I'm not sure I can follow.

I would be happy to listen for your proposal for my use case.

I'll try to clarify my use case further. I'd like to attach of a persistent
remote display session in screen/tmux-like manner.

IIUC a 'persistent' disqualifies X11 forwarding over SSH, and it
disqualifies usage of "remote" DISPLAY=$ip:$display too.

Thus, IIUC, X11 server needs to run on remote OS as well, and because the VM
does not have real graphical card, it does need a kind of fake X11 server.

Xvfb or X11 native 'dummy'-driver based solution should work, the graphics
itself can be later attached in screen/tmux-like manner via VNC for example.

Solutions I'm aware:

- X11 forwarding (not persistent)
- X11 with remote DISPLAY (not persistent)
- X11 'dummy' driver (not working in VMM VM)
- Xvfb (works but seems slower/obsoleted by X11 native 'dummy' driver)

Thank you for help.

Jiri

Re: VMM VM - 'dummy' based driver-based X11 server inside, not possible?

2018-02-15 Thread Jiri B

On Thu, Feb 15, 2018 at 04:18:33PM -0800, Mike Larkin wrote:
> On Thu, Feb 15, 2018 at 07:10:26PM -0500, Jiri B wrote:
> > Is it possible to run 'dummy' based X11 (should be better that Xvfb)[1] 
> > inside
> > VMM VM?
> > 
> 
> what are you trying to accomplish?

A persistent remote display session, ie. xenodm->wm or users one accessible
via VNC with x11vnc.

Jiri

VMM VM - 'dummy' based driver-based X11 server inside, not possible?

2018-02-15 Thread Jiri B

Is it possible to run 'dummy' based X11 (should be better that Xvfb)[1] inside
VMM VM?

$ Xorg -noreset +extension GLX +extension RANDR +extension RENDER -logfile 
./10.log -config ./xorg.conf :10
(EE)
Fatal server error:
(EE) xf86OpenConsole: No console driver found
Supported drivers: wscons
Check your kernel's console driver configuration and /dev entries(EE)
(EE)
Please consult the The X.Org Foundation support
 at http://wiki.x.org
 for help.
(EE) Please also check the log file at "./10.log" for additional information.
(EE)
(EE) Server terminated with error (1). Closing log file.

$ cat 10.log
[62.900] (--) checkDevMem: using aperture driver /dev/xf86
[62.969] (EE) 
Fatal server error:
[62.970] (EE) xf86OpenConsole: No console driver found
Supported drivers: wscons
Check your kernel's console driver configuration and /dev entries(EE) 
[62.973] (EE) 
Please consult the The X.Org Foundation support 
 at http://wiki.x.org
 for help. 
[62.974] (EE) Please also check the log file at "./10.log" for additional 
information.
[62.976] (EE) 
[62.992] (EE) Server terminated with error (1). Closing log file.

xorg.conf is from https://xpra.org/xorg.conf (attached in the end of the mail).

But same xorg.conf and same command work OK on headless baremetal.

[1] http://xpra.org/trac/wiki/Xdummy
[2] https://xpra.org/xorg.conf

Jiri

- from host

OpenBSD 6.2-current (GENERIC.MP) #6: Tue Feb 13 20:16:11 MST 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8564375552 (8167MB)
avail mem = 8297807872 (7913MB)
enter_shared_special_pages: entered idt page va 0x8001 pa 0x1d5a000
enter_shared_special_pages: entered kutext page va 0x81831000 pa 
0x1831000
enter_shared_special_pages: entered kutext page va 0x81832000 pa 
0x1832000
enter_shared_special_pages: entered kutext page va 0x81833000 pa 
0x1833000
enter_shared_special_pages: entered kudata page va 0x81ac9000 pa 
0x1ac9000
cpu_enter_pages: entered tss+gdt page at va 0x81abd000 pa 0x1abd000
cpu_enter_pages: entered t.stack page at va 0x81abe000 pa 0x1abe000
cpu_enter_pages: cif_tss.tss_rsp0 = 0x81abe3e0
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0x9f000 (68 entries)
bios0: vendor American Megatrends Inc. version "1.1" date 05/27/2010
bios0: Supermicro X8SIL
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT FACP APIC MCFG OEMB HPET GSCI DMAR SSDT
acpi0: wakeup devices P0P1(S4) P0P3(S4) P0P4(S4) P0P5(S4) P0P6(S4) BR1E(S4) 
USB0(S4) USB1(S4) USB2(S4) USB3(S4) USB4(S4) USB5(S4) USB6(S4) GBE_(S4) 
BR20(S4) BR21(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
lapic_map: entered lapic page va 0x81ab2000 pa 0xfee0
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU L3426 @ 1.87GHz, 1866.93 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
acpitimer0: recalibrated TSC frequency 189986 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 133MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
cpu1 at mainbus0cpu_enter_pages: entered tss+gdt page at va 0x800021fff000 
pa 0x10f7ab000
cpu_enter_pages: entered t.stack page at va 0x80002200 pa 0x10f7ac000
cpu_enter_pages: cif_tss.tss_rsp0 = 0x8000220003e0
: apid 2 (application processor)
cpu1: Intel(R) Xeon(R) CPU L3426 @ 1.87GHz, 1866.67 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,MELTDOWN
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0cpu_enter_pages: entered tss+gdt page at va 0x80002201 
pa 0x10f7b6000
cpu_enter_pages: entered t.stack page at va 0x800022011000 pa 0x10f7b7000
cpu_enter_pages: cif_tss.tss_rsp0 = 0x8000220113e0
: apid 4 (application processor)
cpu2: Intel(R) Xeon(R) CPU L3426 @ 1.87GHz, 1866.67 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,MELTDOWN
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0cpu_enter_pages: entered tss+gdt page at va 0x800022019000 
pa 0x10f7b9000
cpu_enter_pages: entered t.stack page at va 0x80002201a000 pa 0x10f7ba000

getting data from qcow2 images on OpenBSD

2018-02-15 Thread Jiri B

Hi,

qemu-nbd[1] is a way to "attach" qcow2 image to a nbd[2] device,
but we don't have nbd yet. Though Patrick made it working
for Bitrig[3]. Would it be usable in OpenBSD?

If qemu-nbd is not an option, what are other ways to get
data from various qemu-supported images (if not running qemu
itself and getting data over tcp/ip)?

I found vdfuse[4] but it would need VirtualBox libs working
on OpenBSD...

Jiri

[1] http://ask.xmodulo.com/mount-qcow2-disk-image-linux.html
[2] https://en.wikipedia.org/wiki/Network_block_device
  An example mounting OpenBSD partitions inside qcow2 on Linux:

  # qemu-nbd --connect=/dev/nbd0 /var/lib/libvirt/images/instsrv2.qcow2
  
  # fdisk -l /dev/nbd0
  Disk /dev/nbd0: 20 GiB, 21474836480 bytes, 41943040 sectors
  Units: sectors of 1 * 512 = 512 bytes
  Sector size (logical/physical): 512 bytes / 512 bytes
  I/O size (minimum/optimal): 512 bytes / 512 bytes
  Disklabel type: dos
  Disk identifier: 0x
  
  Device  Boot Start  End  Sectors Size Id Type
  /dev/nbd0p4 *   64 41929649 41929586  20G a6 OpenBSD
  
  # dmesg | grep -A1 nbd0:
  [670102.643817]  nbd0: p4
   p4: 
  
  # mount -t ufs -o ufstype=44bsd /dev/nbd0p5 /mnt

[3] https://github.com/bitrig/bitrig/wiki/Roadmap
[4] https://github.com/SophosLabs/vdfuse

feature - native softraid-crypto for VMM virtio disk

2018-02-15 Thread Jiri B


Hi,

one cannot boot vmm-bios if not having newer hw than Westmere CPU.
And booting host kernel for a VM which has FDE does not work, that's clear.

What about a feature to support somehow softraid-crypto (or similar) for
vmctl create?

A variation for native LUKS support in QEMU:

qemu ... -object secret,id=sec0,data='secretpass' \
  -drive driver=luks,key-secret=sec0,file=diskfile

The use case here is not to have plain VMM disk file on
host (I'm using softraid-crypto for underlying device now).

Jiri

cannot destroy loXX belonging to rdomain XX ?

2018-02-14 Thread Jiri B

How to "remove" loXX belong to rdomain XX ?

# ifconfig vether55 rdomain 55
# ifconfig vether55 


vether55: flags=8802 rdomain 55 mtu 1500
lladdr fe:e1:ba:d6:a0:59
index 23 priority 0 llprio 3
groups: vether
media: Ethernet autoselect
status: active
# ifconfig vether55 destroy
# ifconfig lo55 


lo55: flags=8049 rdomain 55 mtu 32768
index 24 priority 0 llprio 3
groups: lo
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff00
inet6 fe80::1%lo55 prefixlen 64 scopeid 0x18
# ifconfig lo55 destroy
ifconfig: SIOCIFDESTROY: Operation not permitted

>From lo(4):

...
 A loop interface can be created at runtime using the ifconfig loN create
 command or by setting up a hostname.if(5) configuration file for
 netstart(8).  The lo0 interface will always exist and cannot be destroyed
 using ifconfig(8).
...

So it will exists forever till next reboot?

kern.version=OpenBSD 6.2-current (GENERIC.MP) #0: Sat Feb 10 00:05:49 MST 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

Jiri

Re: tor inside vmm, horribly slow?!

2018-02-12 Thread Jiri B

On Mon, Feb 12, 2018 at 12:38:00AM -0800, Mike Larkin wrote:
> > > > it's horrible slow, just doing 'tor-resolve $dnsname' takes
> > > > sometimes ages.
> > > > [...]
> [...]
>
> What did the guest pick for timecounter? (sysctl kern.timecounter.hardware)
> 
> Your hardware is nearly a decade old. I wouldn't be surprised if vmm
> picked some ancient timecounter hardware. For the example below, my guest
> chose 'tsc' (I have a 2013-era Ivy Bridge CPU). All my hosts/VMs are
> -current. And we know if your hardware is shit, we do the best we can but
> no promises as to how precise time is going to be. With tsc timecounter,
> my VMs that have been up for weeks have drifted maybe a second or two from
> the host.
> 
> [...]
>
> In other words, I don't see anything odd here. The vm appears to actually
> be running faster than the host. I'm not concerned about the 2-3 second
> difference on the first resolve. I bet if I ran it a hundred times I'd see
> things pretty much the same.

Mike, thank you for your time. The VM picked 'tsc' as timecounter.

Putting CC Pascal, Tor port maintainer, as I am suspicious that this slowness
is related to what tor itself is doing in that time.

Pascal, any idea what could cause slowness of tor when using onion service
inside VMM? Info below (plus history 
https://marc.info/?l=openbsd-misc=151839235419514=2):

Feb 12 10:30:25 onion Tor[96278]: connection_connect_sockaddr: Connection to 
socket established (sock 4).
Feb 12 10:32:55 onion Tor[96278]: connection_edge_reached_eof: conn (fd 4) 
reached eof. Closing.
Feb 12 10:32:55 onion Tor[96278]: Your system clock just jumped 151 seconds 
forward; assuming established circuits no longer work.
^^^ 2 mins gap?

Tor tests, if this is general issue or not.

- scenario 1

* loop date + tor-resolve $dnsname + sleep 1
* torsocks curl -s -I http://www.openbsd.org

^^  this works ok

- scenario 2

make tor to have local onion service with httpd enabled

* install -d -o _tor -g _tor -m 700 /var/tor/onion

* modify /etc/tor/torrc:

Log debug syslog
HiddenServiceDir /var/tor/onion/
HiddenServicePort 80 127.0.0.1:80

* enable httpd & tor
* loop date + tor-resolve $dnsname + sleep 1
* get your .onion service address

cat /var/tor/onion/hostname

* access your .onion service from other (tor)browser

...
Feb 12 10:30:24.519 [warn] Got SOCKS5 status response '4': host is unreachable
Mon Feb 12 10:30:26 CET 2018
129.128.5.194
Mon Feb 12 10:32:58 CET 2018
129.128.5.194
Mon Feb 12 10:33:00 CET 2018
...

^^ tor-resolve $dnsnanme gets slow downed in a while, 2 mins gap

Feb 12 10:30:24 onion Tor[96278]: rend_service_rendezvous_has_opened: Done 
building circuit 2327426966 to rendezvous with cookie D92E6387 for service 

Feb 12 10:30:24 onion Tor[96278]: internal circ (length 4): 
$0FBE018DADAB416DE17A10C5D4AD3EBF0E243561(open) 
$BF50E09EED25B82861CF95E1AAA42DCFEF53E5D1(open) 
$F80FDE27EFCB3F6A7B4E2CC517133DBFFA78BA2D(open) 
$CCF0E904BAD135F6B2180BD89D19E487F83786A5(open)
Feb 12 10:30:24 onion Tor[96278]: connection_handle_listener_read: New SOCKS 
connection opened from 127.0.0.1.
Feb 12 10:30:24 onion Tor[96278]: rep_hist_note_used_port: New port prediction 
added. Will continue predictive circ building for 1967 more seconds.
Feb 12 10:30:24 onion Tor[96278]: connection_edge_process_inbuf: data from edge 
while in 'waiting for circuit' state. Leaving it on buffer.
Feb 12 10:30:24 onion Tor[96278]: exit circ (length 3): 
$0FBE018DADAB416DE17A10C5D4AD3EBF0E243561(open) 
$594252BFEE13625AC120F50F3015CB3C1DA55690(open) 
$1AF72E8906E6C49481A791A6F8F84F8DFEBBB2BA(open)
Feb 12 10:30:24 onion Tor[96278]: pathbias_count_use_attempt: Used circuit 2 is 
already in path state use succeeded. Circuit is a General-purpose client 
currently open.
Feb 12 10:30:24 onion Tor[96278]: link_apconn_to_circ: Looks like completed 
circuit to [scrubbed] does allow optimistic data for connection to [scrubbed]
Feb 12 10:30:24 onion Tor[96278]: connection_ap_handshake_send_resolve: Address 
sent for resolve, ap socket 4, n_circ_id 2260876578
Feb 12 10:30:25 onion Tor[96278]: connection_connect_sockaddr: Connection to 
socket established (sock 4).
Feb 12 10:32:55 onion Tor[96278]: connection_edge_reached_eof: conn (fd 4) 
reached eof. Closing.
Feb 12 10:32:55 onion Tor[96278]: Your system clock just jumped 151 seconds 
forward; assuming established circuits no longer work.

^^ 2 mins gap

So just slow HW issue?

Jiri

Re: tor inside vmm, horribly slow?!

2018-02-12 Thread Jiri B

On Sun, Feb 11, 2018 at 04:47:02PM -0800, Mike Larkin wrote:
> > has anybody tried to run tor inside vmm guest?
> > 
> > it's horrible slow, just doing 'tor-resolve $dnsname' takes
> > sometimes ages.
> > [...]
> > is it related to vmm ssl issue reported in the past?
> 
> no
> 
> > [...]
> This report sucks. no dmesg, no information about what the VM config is, what
> version the guest is, what version the host is, etc.

Big apologize, I thought it could be something known.
Info below. Thank you for help.

Jiri

Another try inside vmm guest:
~

# time tor-resolve www.openbsd.org
129.128.5.194
0m00.14s real 0m00.00s user 0m00.00s system
# time tor-resolve www.openbsd.org
129.128.5.194
0m52.96s real 0m00.00s user 0m00.00s system

# tail /var/log/daemon
Feb 12 08:19:59 onion Tor[21861]: Bootstrapped 100%: Done
Feb 12 08:20:04 onion ntpd[51629]: adjusting local clock by 0.384653s
Feb 12 08:23:01 onion ntpd[51629]: adjusting local clock by -0.063873s
Feb 12 08:42:58 onion Tor[21861]: Your system clock just jumped 150 seconds 
forward; assuming established circuits no longer work.
Feb 12 08:42:59 onion Tor[21861]: Tor has successfully opened a circuit. Looks 
like client functionality is working.
Feb 12 08:42:59 onion Tor[21861]: Tor has successfully opened a circuit. Looks 
like client functionality is working.
Feb 12 08:45:55 onion Tor[21861]: Your system clock just jumped 150 seconds 
forward; assuming established circuits no longer work.
Feb 12 08:45:57 onion Tor[21861]: Tor has successfully opened a circuit. Looks 
like client functionality is working.
Feb 12 08:45:57 onion Tor[21861]: Tor has successfully opened a circuit. Looks 
like client functionality is working.
Feb 12 08:47:05 onion ntpd[51629]: adjusting clock frequency by -7.934969 to 
-23.542969ppm

VMM:


(Originally I forgot 'group internal' in vm.conf, so I put tap1 into group
'internal' manually via ifconfig.)

vm "onion" {
disable
owner jirib
memory 512M
boot $kernel
local interface tap
disk $onion_osdisk
disk $onion_datadisk
}

Networking on host:
~~~

# route -nv show -inet | grep ^default
default176.74.xxx.xxx UGS538658 - 8 em0   
"internet4"

# sysctl net.inet.ip.forwarding 


net.inet.ip.forwarding=1

em0: flags=8843 mtu 1500
lladdr 90:e2:ba:xx:xx:xx
index 1 priority 0 llprio 3
groups: public egress
media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
status: active
inet 176.74.xxx netmask 0xffe0 broadcast 176.74.xxx

tap1: flags=8843 mtu 1500
lladdr fe:e1:ba:d2:f7:28
description: vm2-if0-onion
index 17 priority 0 llprio 3
groups: tap internal
status: active
inet 100.64.2.2 netmask 0xfffe

PF on host (uses 'group internal'):
~~~

# pfctl -sr | egrep '(on egress.*nat-to|on internal.*all)'
pass out quick on egress from any to route "internet4" flags S/SA nat-to 
(egress) round-robin
pass in quick on internal all flags S/SA

Storage on host:


'disk's are located on softraid RAID1 array:

1# bioctl sd8   

 
Volume  Status   Size Device  
softraid0 2 Online   536871947776 sd8 RAID1 
  0 Online   536871947776 2:0.0   noencl 
  1 Online   536871947776 2:1.0   noencl 

# dmesg | grep ^sd[23]
sd2 at scsibus1 targ 2 lun 0:  SCSI3 0/direct 
fixed naa.5000c5009387182f
sd2: 953869MB, 512 bytes/sector, 1953525168 sectors
sd3 at scsibus1 targ 3 lun 0:  SCSI3 0/direct 
fixed naa.5000c500939203ed
sd3: 953869MB, 512 bytes/sector, 1953525168 sectors

dmesg on host:
~~

with disabled lm driver because of issue with bad fan RPM.

OpenBSD 6.2-current (GENERIC.MP) #0: Sat Feb 10 00:05:49 MST 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8564375552 (8167MB)
avail mem = 8297807872 (7913MB)
enter_shared_special_pages: entered idt page va 0x8001 pa 0x1d5a000
enter_shared_special_pages: entered kutext page va 0x81831000 pa 
0x1831000
enter_shared_special_pages: entered kutext page va 0x81832000 pa 
0x1832000
enter_shared_special_pages: entered kutext page va 0x81833000 pa 
0x1833000
enter_shared_special_pages: entered kudata page va 0x81ac8000 pa 
0x1ac8000
cpu_enter_pages:

tor inside vmm, horribly slow?!

2018-02-11 Thread Jiri B

Hi,

has anybody tried to run tor inside vmm guest?

it's horrible slow, just doing 'tor-resolve $dnsname' takes
sometimes ages.

# dmesg | head -n 4
OpenBSD 6.2-current (GENERIC.MP) #0: Sat Feb 10 00:05:49 MST 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 520093696 (496MB)
avail mem = 497381376 (474MB)

is it related to vmm ssl issue reported in the past?

# vmstat ; time tor-resolve www.openbsd.org 
 procsmemory   pagediskstraps  cpu
 r   s   avm fre  flt  re  pi  po  fr  sr sd0 sd1  int   sys   cs us sy id
 1  35   42M302M  176   0   0   0   0   0  17   0  124   544   29  0 88 12
129.128.5.194
0m46.07s real 0m00.00s user 0m00.00s system

# vmstat ; time tor-resolve www.openbsd.org 
 procsmemory   pagediskstraps  cpu
 r   s   avm fre  flt  re  pi  po  fr  sr sd0 sd1  int   sys   cs us sy id
 1  35   42M302M  166   0   0   0   0   0  15   0  122   514   28  0 88 12
129.128.5.194
0m00.13s real 0m00.00s user 0m00.00s system

Jiri

Re: supermicro x8sil-f - only one fan detected after replug on the board

2018-02-10 Thread Jiri B

On Sat, Feb 10, 2018 at 04:23:41AM +0200, li...@wrant.com wrote:
> > I have supermicro x8sil-f (latest bios/ipmi fw) with 2 fans and it has 
> > started
> > to beep after a while when OS is up while it detected non-existing fans 
> > either
> > run at 0 RPM or in -2560 RPM.
> 
> Does a manual restart of the BMC card (via IPMI) make a difference, how?

Nope,

it's related to https://marc.info/?l=openbsd-misc=144473090118095=2

Jiri

Re: supermicro x8sil-f - only one fan detected after replug on the board

2018-02-10 Thread Jiri B

On Fri, Feb 09, 2018 at 05:12:11PM +0200, Atanas Vladimirov wrote:
> On 2018-02-09 14:45, Jiri B wrote:
> >Hi,
> >
> >I have supermicro x8sil-f (latest bios/ipmi fw) with 2 fans and it has
> >started
> >to beep after a while when OS is up while it detected non-existing fans
> >either
> >run at 0 RPM or in -2560 RPM.
> >
> >OpenBSD itself used to detect both fans (though lm1.fanX numbers were
> >different
> >to numbering from motherboard vendor).
> >
> >I replugged both fans on the board and OpenBSD has detected only one fan
> >now.
> >Why only one now, if it used to previously detected both?
> 
> Hi,
> This is a known issue [0] with this particular motherboard
> and you have to disable lm driver.
> 
> [0] https://marc.info/?l=openbsd-misc=144473090118095=2

Thank you. I should have to search archives, it would solve my
crazy headaches :)

Anyway, it's surprise that after fans replug to different connectors
on the board - which has caused OpenBSD not detecting one fan -
the board doesn't beep anymore. So yes, it must be related to
the issue you pointed to.

Jiri

supermicro x8sil-f - only one fan detected after replug on the board

2018-02-09 Thread Jiri B

Hi,

I have supermicro x8sil-f (latest bios/ipmi fw) with 2 fans and it has started
to beep after a while when OS is up while it detected non-existing fans either
run at 0 RPM or in -2560 RPM.

OpenBSD itself used to detect both fans (though lm1.fanX numbers were different
to numbering from motherboard vendor).

I replugged both fans on the board and OpenBSD has detected only one fan now.
Why only one now, if it used to previously detected both?

# sysctl hw.sensors.lm1 | grep fan ; ipmitool -I lanplus -H 192.168.1.250 -U 
ADMIN -P  sensor list | grep '^FAN [1-2]'
hw.sensors.lm1.fan1=1028 RPM
FAN 1| 955.000| RPM| ok| 215.000   | 400.000   | 
585.000   | 29260.000 | 29815.000 | 30370.000
FAN 2| 1325.000   | RPM| ok| 215.000   | 400.000   | 
585.000   | 29260.000 | 29815.000 | 30370.000

Could it be possible that openbsd lm driver messes something on the board
and makes the board think a non-existing fan runs -2560 RPM or 0 RPM?

After fans replug and OpenBSD detected only one fan, the board hasn't
started to beep yet. I don't get it...

OpenBSD 6.2-current (GENERIC.MP) #399: Fri Feb  2 18:28:58 MST 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8564375552 (8167MB)
avail mem = 8297881600 (7913MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0x9f000 (68 entries)
bios0: vendor American Megatrends Inc. version "1.1" date 05/27/2010
bios0: Supermicro X8SIL
...
wbsio0 at isa0 port 0x2e/2: W83627DHG rev 0x25
lm1 at wbsio0 port 0xa10/8: W83627DHG

Thank you for a tip or workaround.

Jiri

syslogd loghost only - without unix socket & /dev/klog

2018-02-08 Thread Jiri B

Hi,

I was speculating about another instance of syslogd, just as a log
host services while having base syslogd running on same box.

1. -p /dev/null deletes /dev/null and replaces it with socket file
   with same name

crw-rw-rw-  1 root  wheel2,   2 Feb  8 13:25 /dev/null

# syslogd -d -F -f /etc/syslog_test.conf -p /dev/null -T 127.0.0.1:5140 -U 
127.0.0.1:5140 -Z -n -u -r
syslogd[54737]: open /dev/klog: Device busy
CAfile /etc/ssl/cert.pem
off & running
init
syslogd[54737]: fatal in syslogd: open /dev/null: Operation not supported
syslogd[54737]: dropped 1 message during initialization
syslogd: exited

srw-rw-rw-  1 root  wheel  0 Feb  8 13:26 /dev/null

2. -p '' returns:

syslogd[50469]: bind unix "": No such file or directory
syslogd[50469]: log socket  failed
...

3. another syslogd instance tries to open still /dev/klog

syslogd[50469]: open /dev/klog: Device busy

Could we make syslogd not to open /dev/klog and disable any unix socket
listening?

Thank you for consideration.

Tested on:

kern.version=OpenBSD 6.2-current (GENERIC.MP) #399: Fri Feb  2 18:28:58 MST 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

Repro steps:

* -p /dev/null
* -p ''
* echo '*.* /tmp/messages' > /tmp/syslog.conf
  touch /tmp/messages
  syslogd -d -F -f /tmp/syslog.conf -T 127.0.0.1:5140 -U 127.0.0.1:5140 -Z -n 
-u -r
  
Jiri

Re: USB Firewall

2018-01-17 Thread Jiri B

On Tue, Jan 16, 2018 at 07:03:58PM +0100, Stephane HUC "PengouinBSD" wrote:
> Perhaps, using hotplugd and file /etc/hotplug/attach?
> 
> Le 01/16/18 à 18:39, Charlie Eddy a écrit :
> > Hello,
> > 
> > Is there a method to detect and halt additional USB devices being added
> > after initializing connections? Concerned about widespread vulnerability of
> > keystroke injection.

There's no such way. Maybe something like this https://usbguard.github.io/
but that's for Linux only.

There can be hw attacks over DisplayPort too. Some Linux people were
discussing a possibility to disallow adding new DisplayPort based
devices after boot to prevent physical attack on fully booted (physically
unprotected) computer.

Jiri

Re: Need an advice about DHCP IPv6 server software

2017-12-06 Thread Jiri B

On Wed, Dec 06, 2017 at 09:28:40PM +0900, Claus Lensbl wrote:
> If you need a DHCP server, you need rtadvd to hand off the requests to
> the DHCP server in any case. Last time, which is some time ago, the
> DHCP server distributed with OpenBSD wasn't capable of working with
> IPv6, so you'll need the ISC version or perhaps the WIDE server that I
> have not worked with.
> 
> http://wide-dhcpv6.sourceforge.net/

Or kea from ports.

j.

Re: sftp-server

2017-12-01 Thread Jiri B

On Thu, Nov 30, 2017 at 05:36:57PM -0600, Edgar Pettijohn wrote:
> I was looking into how best to secure a sftp-server.  The manual
> mentions a -Q option to query protocol features supported.  I added the
> following line to sshd_config.
> 
> Subsystem   sftp/usr/libexec/sftp-server sftp -Q requests
> 
> So far I'm not sure how to get at the information provided by this
> command line option.  Or am I doing it wrong?
> 
> Any insight is greatly appreciated.
> 
> Edgar

IMO you got confused, it is "query", it does not set anything.

Output of "-Q requests" as "requests"/actions which sftp client
can do on remote server.

An example: you want to mimic anon ftp upload server, then you
would - IIRC - open, write, lstat,... but not readdir, remote,
symlink etc...

j.

Re: Odd problem with interfaces

2017-11-29 Thread Jiri B

On Wed, Nov 29, 2017 at 09:56:38AM -0500, Rupert Gallagher wrote:
> I ran out of ideas on the following problem.
> 
> An obsd server has tree ethernet interfaces, each with its own IP address:
> > cat /etc/hostname.*
> inet 192.168.1.2 255.255.255.0 192.168.1.255 mtu 9014 description "em0: 
> MODEM/ROUTER"
> inet 192.168.1.3 255.255.255.0 192.168.1.255 mtu 9014 description "em1: CISCO 
> SG110D-08"
> inet 192.168.1.4 255.255.255.0 192.168.1.255 mtu 9014 description "em2: NAS"

^^ using same IP network on 3 ifaces? This is no-go by default.
(If you need that, check rdomains.)

> When all three interfaces are connected, the clients loose NFS
> services, and scp fails from server to any client (but ssh keeps
> working). Functionality is recovered by unplugging em0 and em2.

j.

Re: Flask app as UWSGI returning 500 when accessed through OpenBSD HTTPD

2017-10-18 Thread Jiri B

On Wed, Oct 18, 2017 at 06:55:32PM +0530, Ajitabh Pandey wrote:
> On Wed, Oct 18, 2017 at 1:43 PM, Jiri B <ji...@devio.us> wrote:
> 
> > On Wed, Oct 18, 2017 at 01:40:06PM +0530, Ajitabh Pandey wrote:
> >
> > Can httpd access the socket? What are permissions?
> >
> > j.
> >
> 
> Here are the perms -
> 
> srwxr-xr-x  1 root  daemon  0 Oct 18 13:35 hello.sock

And voila, they are wrong. How would httpd daemon be able
to write there?

See what slowcgi, a fastcgi->cgi daemon says about socket:

  slowcgi opens a socket at /var/www/run/slowcgi.sock, owned by www:www,
  with permissions 0660.  It will then chroot(8) to /var/www and drop
  privileges to user "www".

See?

j.

Re: Flask app as UWSGI returning 500 when accessed through OpenBSD HTTPD

2017-10-18 Thread Jiri B

On Wed, Oct 18, 2017 at 01:40:06PM +0530, Ajitabh Pandey wrote:
> Thanks for the quick response. I tried that, still getting 500 the same
> problem -
> 
> $ doas uwsgi --socket /var/www/run/hello.sock --wsgi-file myproject.py
> --master --callable app
> 
> In /etc/httpd.conf -
> 
>   location "/hello/*" {
> fastcgi socket "/run/hello.sock"
>   }

Can httpd access the socket? What are permissions?

j.

Re: Is there git-flow-completion for ksh?

2017-10-09 Thread Jiri B

> If you love bash and its features, then it is better to use bash than to 
> try that ksh will be like bash :-/ 

I hate when BASH completion hides files for me based on
context, eg. tar -tvf /dir/dir/file_without_good_suffix
won't work.

j.

Re: can't use external monitor after plugging to docking station

2017-10-04 Thread Jiri B

Just to clarify, I talked about X11.

Restarting X11 makes my external monitor connected to the docking
station be available.

But I'm surprised, IIRC I could use the external monitor without
restarting X11 just after plugging laptop to the docking station.

j.

On Wed, Oct 04, 2017 at 02:37:29AM -0400, Jiri B wrote:
> Hi,
> 
> I have Lenovo T440s and Lenovo docking station with an external monitor.
> 
> If I have running OpenBSD without docking station and then I plug it to
> it, I can't see the external monitor.
> 
> I see only these in dmesg after plugging laptop into it:
> 
> uhub2 at uhub0 port 12 configuration 1 interface 0 "LENOVO Lenovo ThinkPad 
> Dock" rev 3.00/50.41 addr 3
> uhub3 at uhub0 port 3 configuration 1 interface 0 "LENOVO Lenovo ThinkPad 
> Dock" rev 2.10/50.40 addr 4
> uhub4 at uhub3 port 4 configuration 1 interface 0 "Lenovo Lenovo ThinkPad 
> Dock" rev 2.00/0.01 addr 8
> 
> Any idea what's wrong? IIRC it used to work in the past.
> 
> Jiri
> 
> $ xrandr  
> Screen 0: minimum 320 x 200, current 1920 x 1080, maximum 8192 x 8192
> eDP-1 connected 1920x1080+0+0 (normal left inverted right x axis y axis) 
> 309mm x 175mm
>1920x1080 60.01*+
>1400x1050 59.98  
>1280x1024 60.02  
>1280x960  60.00  
>1024x768  60.0460.00  
>960x720   60.00  
>928x696   60.05  
>896x672   60.01  
>800x600   60.0060.3256.25  
>700x525   59.98  
>640x512   60.02  
>640x480   60.0059.94  
>512x384   60.00  
>400x300   60.3256.34  
>320x240   60.05  
> DP-1 disconnected (normal left inverted right x axis y axis)
> HDMI-1 disconnected (normal left inverted right x axis y axis)
> DP-2 disconnected (normal left inverted right x axis y axis)
> HDMI-2 disconnected (normal left inverted right x axis y axis)
> 
> OpenBSD 6.2 (GENERIC.MP) #115: Wed Sep 27 10:45:53 MDT 2017
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 12540866560 (11959MB)
> avail mem = 12153778176 (11590MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdcd3d000 (62 entries)
> bios0: vendor LENOVO version "GJET79WW (2.29 )" date 09/03/2014
> bios0: LENOVO 20ARS19C0B
> acpi0 at bios0: rev 2
> acpi0: sleep states S0 S3 S4 S5
> acpi0: tables DSDT FACP DBGP ECDT HPET APIC MCFG SSDT SSDT SSDT SSDT SSDT 
> SSDT SSDT SSDT PCCT SSDT TCPA UEFI POAT ASF! BATB FPDT UEFI DMAR
> acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) XHCI(S3) EHC1(S3)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpiec0 at acpi0
> acpihpet0 at acpi0: 14318179 Hz
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2694.15 MHz
> cpu0: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
> cpu0: 256KB 64b/line 8-way L2 cache
> cpu0: TSC frequency 2694154130 Hz
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
> cpu0: apic clock running at 99MHz
> cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
> cpu1 at mainbus0: apid 1 (application processor)
> cpu1: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2693.77 MHz
> cpu1: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
> cpu1: 256KB 64b/line 8-way L2 cache
> cpu1: smt 1, core 0, package 0
> cpu2 at mainbus0: apid 2 (application processor)
> cpu2: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2693.77 MHz
> cpu2: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
> cpu2: 256KB 64b/line 8-way L2 cache
> cpu2: smt 0, core 1, package 0
> cpu3 at mainbus0: apid 3 (application processor)
> cpu3: Intel(R) Core(TM) i7-46

can't use external monitor after plugging to docking station

2017-10-04 Thread Jiri B

Hi,

I have Lenovo T440s and Lenovo docking station with an external monitor.

If I have running OpenBSD without docking station and then I plug it to
it, I can't see the external monitor.

I see only these in dmesg after plugging laptop into it:

uhub2 at uhub0 port 12 configuration 1 interface 0 "LENOVO Lenovo ThinkPad 
Dock" rev 3.00/50.41 addr 3
uhub3 at uhub0 port 3 configuration 1 interface 0 "LENOVO Lenovo ThinkPad Dock" 
rev 2.10/50.40 addr 4
uhub4 at uhub3 port 4 configuration 1 interface 0 "Lenovo Lenovo ThinkPad Dock" 
rev 2.00/0.01 addr 8

Any idea what's wrong? IIRC it used to work in the past.

Jiri

$ xrandr  
Screen 0: minimum 320 x 200, current 1920 x 1080, maximum 8192 x 8192
eDP-1 connected 1920x1080+0+0 (normal left inverted right x axis y axis) 309mm 
x 175mm
   1920x1080 60.01*+
   1400x1050 59.98  
   1280x1024 60.02  
   1280x960  60.00  
   1024x768  60.0460.00  
   960x720   60.00  
   928x696   60.05  
   896x672   60.01  
   800x600   60.0060.3256.25  
   700x525   59.98  
   640x512   60.02  
   640x480   60.0059.94  
   512x384   60.00  
   400x300   60.3256.34  
   320x240   60.05  
DP-1 disconnected (normal left inverted right x axis y axis)
HDMI-1 disconnected (normal left inverted right x axis y axis)
DP-2 disconnected (normal left inverted right x axis y axis)
HDMI-2 disconnected (normal left inverted right x axis y axis)

OpenBSD 6.2 (GENERIC.MP) #115: Wed Sep 27 10:45:53 MDT 2017
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 12540866560 (11959MB)
avail mem = 12153778176 (11590MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdcd3d000 (62 entries)
bios0: vendor LENOVO version "GJET79WW (2.29 )" date 09/03/2014
bios0: LENOVO 20ARS19C0B
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP DBGP ECDT HPET APIC MCFG SSDT SSDT SSDT SSDT SSDT SSDT 
SSDT SSDT PCCT SSDT TCPA UEFI POAT ASF! BATB FPDT UEFI DMAR
acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) XHCI(S3) EHC1(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiec0 at acpi0
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2694.15 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: TSC frequency 2694154130 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2693.77 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2693.77 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2693.77 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG_)
acpiprt2 at acpi0: bus 2 (EXP1)
acpiprt3 at acpi0: bus 3 (EXP2)
acpiprt4 at acpi0: bus -1 (EXP3)
acpicpu0 at acpi0: C3(200@506 mwait.1@0x60),

Re: vmm issues - vioblk_notifyq: unsupported command 0x8

2017-10-03 Thread Jiri B

> > I was able to boot opensuse from that dvd, although later on I got an
> > error in the installer :/
> 
> This was because the installer couldn't locate the "dvd", correct?

It so seems so.

~~~
Unable to create repository
from URL 'hd:/?device=/dev/disk/by-id/virtio-_U_2_-part2'.

Details:
Invalid query string component 'device=/dev/disk/by-id/virtio-_U_2_-p

Try again?
~~~

It would be nice to have IDE cdrom emulation.

j.

Re: vmm issues - vioblk_notifyq: unsupported command 0x8

2017-10-02 Thread Jiri B

On Mon, Oct 02, 2017 at 02:56:18PM -0400, Josh Grosse wrote:
> Hey Jiri.
> 
> >I started this vm with:
> >
> >vmctl start suse01 -c -d $iso -d $disk -L
> >
> >where iso is openSUSE-Leap-42.3-DVD-x86_64.iso[1].
> >
> >Any idea what's going on?
> 
> I'll bet it's because you are attempting to boot a DVD image,
> which doesn't have an MBR.  Bootable DVDs use the El Torito
> standard for booting.[1]
> 
> Tho the best of my recollection, vmm(4) guests must boot from disk images
> with the seabios or from BSD kernels with -b.

 -b path   Boot the VM with the specified kernel or BIOS image.
   If not specified, the default is to boot using the BIOS
   image in /etc/firmware/vmm-bios.

IIUC you do not need to define anything, if not specified it is using
seabios.

I was able to boot opensuse from that dvd, although later on I got an
error in the installer :/

j.
   
> [1] https://en.wikipedia.org/wiki/El_Torito_(CD-ROM_standard)

vmm issues - vioblk_notifyq: unsupported command 0x8

2017-10-02 Thread Jiri B

Hello,

I'm playing with vmm and I got these in daemon log:

Oct  2 20:12:14 t440s vmd[13344]: startup
Oct  2 20:12:14 t440s vmd[53680]: SIOCBRDGADD: No such file or directory
Oct  2 20:12:24 t440s vmd[13344]: suse01: started vm 1 successfully, tty 
/dev/ttyp3
Oct  2 20:13:12 t440s vmd[98531]: vcpu_process_com_data: guest reading com1 
when not ready
Oct  2 20:13:18 t440s last message repeated 5 times
Oct  2 20:13:19 t440s vmd[98531]: vioblk_notifyq: unsupported command 0x8
Oct  2 20:13:19 t440s last message repeated 3 times

I started this vm with:

vmctl start suse01 -c -d $iso -d $disk -L

where iso is openSUSE-Leap-42.3-DVD-x86_64.iso[1].

Any idea what's going on? dmesg and suse boot log below.

[1] 
https://download.opensuse.org/distribution/leap/42.3/iso/openSUSE-Leap-42.3-DVD-x86_64.iso

Jiri

OpenBSD 6.2 (GENERIC.MP) #115: Wed Sep 27 10:45:53 MDT 2017
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 12540866560 (11959MB)
avail mem = 12153765888 (11590MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdcd3d000 (62 entries)
bios0: vendor LENOVO version "GJET79WW (2.29 )" date 09/03/2014
bios0: LENOVO 20ARS19C0B
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP DBGP ECDT HPET APIC MCFG SSDT SSDT SSDT SSDT SSDT SSDT 
SSDT SSDT PCCT SSDT TCPA UEFI POAT ASF! BATB FPDT UEFI DMAR
acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) XHCI(S3) EHC1(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiec0 at acpi0
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2694.10 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: TSC frequency 2694099150 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2693.77 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2693.77 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 2693.77 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG_)
acpiprt2 at acpi0: bus 2 (EXP1)
acpiprt3 at acpi0: bus 3 (EXP2)
acpiprt4 at acpi0: bus -1 (EXP3)
acpicpu0 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), 
C1(1000@1 mwait.1), PSS
acpicpu1 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), 
C1(1000@1 mwait.1), PSS
acpicpu2 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), 
C1(1000@1 mwait.1), PSS
acpicpu3 at acpi0: C3(200@506 mwait.1@0x60), C2(200@148 mwait.1@0x33), 
C1(1000@1 mwait.1), PSS
acpipwrres0 at acpi0: PUBS, resource for XHCI, EHC1
acpipwrres1 at acpi0: NVP3, resource for PEG_
acpipwrres2 at acpi0: NVP2, resource for PEG_
acpitz0 at acpi0: critical temperature is 200 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
"LEN0071" at acpi0 not configured
"LEN0036" at acpi0 not configured

Re: reordering libraries:/etc/rc[443]: ./test-ld.so: Permission denied

2017-09-26 Thread Jiri B

On Mon, Sep 25, 2017 at 07:31:15PM -0700, Philip Guenther wrote:
> If you're mounting /tmp with the noexec flag, then stop doing that.

What? IIUC this is long existing recommendation. If /etc/rc needs
exec /tmp that it should change it by itself for libs reordering and
then switch back to what an user has defined in /etc/fstab.

j.

Re: Filtering other network layer protocols with PF

2017-09-11 Thread Jiri B

On Mon, Sep 11, 2017 at 10:26:22AM -0500, Christopher Snell wrote:
> Hi,
> 
> I have an AT fiber connection at home that relies on a crappy,
> proprietary, and insecure [1] router that does proprietary authentication
> with upstream equipment via EAP over 802.1x.  Some folks have figured out
> how to bypass it by putting the AT router behind their actual firewalls
> and proxying the 802.1x packets to/from the AT device, thus faking out
> the upstream gateway.
> 
> Unfortunately, the common solution [2] for this is Linux-specific and
> relies on their PF_RING stuff.  I was hoping to proxy this protocol in
> OpenBSD without having to use something slow like pcap.  As far as I can
> tell from reading man pages, PF does not support this network layer
> protocol (0x888E).  Does anybody have any ideas on how I might efficiently
> capture these packets and copy them to another interface?
> 
> Chris
> 
> [1] https://www.nomotion.net/blog/sharknatto/
> [2] https://github.com/jaysoffian/eap_proxy

Wouldn't be possible to put egress port and port for this device
into bridge and use bridge filtering rules and then filter everything
in pf?

j.

Re: Feeding DHCP leases into unbound

2017-06-22 Thread Jiri B

On Thu, Jun 22, 2017 at 11:47:03AM +0200, Andreas Kusalananda Khri wrote:
> 
> I have unbound(8) and dhcpd(8) running on a router (OpenBSD 6.1-stable).
> dhcpd currently hands out fixed addresses to my clients, but I'd like
> these to be allocated dynamically from the common pool, while at the
> same time being resolvable.
> 
> Is there an existing solution for feeding the IP-addresses of the leases
> that dhcpd hands out into the unbound configuration and reload it, or
> would I have to write a script that parses the lease declarations in
> /var/db/dhcpd.leases?

OpenBSD dhcpd cannot do this by itself but ISC dhcpd from ports can
execute whatever on commiting a lease, see
  
http://jpmens.net/2011/07/06/execute-a-script-when-isc-dhcp-hands-out-a-new-lease/

Though you could parse logs of OpenBSD dhcpd log, maybe good opportunity to
play with various logs "parsers".

j.

Re: sftp chroot

2017-06-14 Thread Jiri B

On Wed, Jun 14, 2017 at 01:09:47PM +0200, Solne Rapenne wrote:
> Je 2017-06-14 13:02, Bryan Harris skribis:
> >On Linux I have mounted another fs inside the user's home folder (it is
> >mounted twice).  I don't know if OpenBSD has that feature.
> >
> 
> This is not possible on OpenBSD, mount will tell "device is busy".
> 
> On linux you should use mount --bind to bind a folder on another instead
> of mounting twice the mountpoint. FreeBSD has mount_nullfs to do exactly
> the same thing as --bind, but OpenBSD doesn't have any of this.

Do you build a shell server or you just want to give SFTP access
to users' web data?

If the latter, why don't you just chroot them directly into their
user dir inside web root? Or, just define their home to be inside
web chroot...

j.

Re: Qubes-OS is "fake" security

2017-05-13 Thread Jiri B

On Fri, May 12, 2017 at 03:41:05AM +0200, Kim Blackwood wrote:
> [...]
> Qubes-OS seems to me as a solution of "patching".

IMO this is real point in this thread - virtualization as
a security meansure against buggy software doesn't make any
change to that software. Virtualization or containers are not
any security solution, real solution is to analyze design of
existing applications and really abandon ones which are crap
in security point of view, even if they have fancy features.

This is hard work to be done, OpenBSD devs are great guys because
they devote their personal energy to this "invisible" effort.
Just look at privsep changes implemented after Heartbleed issue.

Virtualization and containers make sense but what we all need is
to support people - if we cannot send diffs - who are brave enough
to make radical cuts in existing open-source eco system, either
while publicly denouncing existing buggy applications and telling
people loudly to stop using them, or sending radical diffs to make
those apps start moving to more secure design. (If this would reveal
as being impossible, then moving to the former stand.)

Let's thank all OpenBSD devs and ports' maintainers for their great
work.

j.

Re: Why would I need a container like Docker?!

2017-05-10 Thread Jiri B

On Wed, May 10, 2017 at 05:53:07AM +0200, Martin Hanson wrote:
> [... pathetic screaming ...]

Pathetic screaming doesn't help to anything.

And... there already has been an interest in zones/containers
in OpenBSD, see https://marc.info/?l=openbsd-tech=144617514431852=2

j.

Re: DHCP in vmm guest

2017-05-04 Thread Jiri B

On Thu, May 04, 2017 at 03:49:27PM +0200, Reyk Floeter wrote:
> So you have the VM interface and the host interface on a bridge:
> dhclient on the host "steals" all DHCP packets via BPF.
> 
> Try to pkill dhclient on the host and the VM should be able to get DHCP.
> 
> There is currently no solution for that, it is the way our dhclient works,
> you can try to run the VM on a NAT'ed bridge or use "-L" local interfaces.
> 
> Reyk

What about using vether with bridge and having host's dhclient using
vether?

What about having dhcrelay and relaying VM's dhcp to upstream dhcp server?

j.

Re: DHCP in vmm guest

2017-05-04 Thread Jiri B

> I'm new to OpenBSD and I'm trying a simple setup where a VMM guest has
> access to the network via tap and bridge. The host uses a wired connection
> and gets its network address with DHCP.

where is dhcpd running? on the host? have you tried tcpdump to see if dhcp
discover traffic is visible there?

j.

Intel Corporation 82576 Virtual Function not recognized

2017-04-22 Thread Jiri B

Hi,

I'm playing a little bit with KVM and SR-IOV and OpenBSD doesn't
recognize 'Intel Corporation 82576 Virtual Function'[1], ie. VF on
my Intel 82756 dual-port network card activated on a Linux box.


...
vendor "Intel", unknown product 0x10ca (class network subclass ethernet, rev 
0x01) at pci0 dev 8 function 0 not configured
^^ sr-iov vfio
...

# pcidump - 0:8:0 
 0:8:0: Intel unknown
0x: Vendor ID: 8086 Product ID: 10ca
0x0004: Command: 0002 Status: 0010
0x0008: Class: 02 Subclass: 00 Interface: 00 Revision: 01
0x000c: BIST: 00 Header Type: 00 Latency Timer: 00 Cache Line Size: 00
0x0010: BAR mem 64bit addr: 0xfebe4000/0x4000
0x0018: BAR empty ()
0x001c: BAR mem 64bit addr: 0xfebe8000/0x4000
0x0024: BAR empty ()
0x0028: Cardbus CIS: 
0x002c: Subsystem Vendor ID: 8086 Product ID: a04c
0x0030: Expansion ROM Base Address: 
0x0038: 
0x003c: Interrupt Pin: 00 Line: 00 Min Gnt: 00 Max Lat: 00
0x0070: Capability 0x11: Extended Message Signalled Interrupts (MSI-X)
0x00a0: Capability 0x10: PCI Express
Link Speed: unknown (0) / 2.5 GT/s Link Width: x0 / x4


Steps to reproduce:

- boot a Linux box with supported HW with kernel param intel_iommu=on
- echo 1 > /sys/module/vfio_iommu_type1/parameters/allow_unsafe_interrupts
- Linux kernel module vfio_pci should be loaded
- Linux kernel module igb should be loaded
- find SR-IOV device via lspci
- enable 1 VF, eg.: echo 1 > /sys/bus/pci/devices/:02:00.1/sriov_numvfs
- check what's pci address of new VF, eg:
  virsh nodedev-dumpxml pci__02_00_1 | grep -A1 'virt_function'
- attached VF as 'hostdev' device into OpenBSD KVM VM[2]

j.

[1] http://cateee.net/lkddb/web-lkddb/IGBVF.html
[2] 
https://www.suse.com/documentation/sles-12/book_virt/data/sec_libvirt_config_io.html
 or

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Virtualization_Deployment_and_Administration_Guide/chap-Guest_virtual_machine_device_configuration.html#sect-PCI_devices-PCI_passthrough


OpenBSD 6.1-current (GENERIC) #10: Fri Apr 21 18:39:14 MDT 2017
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 519933952 (495MB)
avail mem = 499625984 (476MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf6a00 (9 entries)
bios0: vendor SeaBIOS version "rel-1.9.1-0-gb3ef39f-prebuilt.qemu-project.org" 
date 04/01/2014
bios0: QEMU Standard PC (i440FX + PIIX, 1996)
acpi0 at bios0: rev 0
acpi0: sleep states S5
acpi0: tables DSDT FACP APIC
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel Core i7 9xx (Nehalem Class Core i7), 1866.88 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,SSSE3,CX16,SSE4.1,SSE4.2,x2APIC,POPCNT,HV,NXE,LONG,LAHF
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 
16-way L2 cache
cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 999MHz
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0: C1(@1 halt!)
"ACPI0006" at acpi0 not configured
"PNP0303" at acpi0 not configured
"PNP0F13" at acpi0 not configured
"PNP0700" at acpi0 not configured
"PNP0501" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"QEMU0002" at acpi0 not configured
"PNP0A06" at acpi0 not configured
pvbus0 at mainbus0: KVM
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00
pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0 
wired to compatibility, channel 1 wired to compatibility
pciide0: channel 0 disabled (no drives)
pciide0: channel 1 disabled (no drives)
piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03: apic 0 int 9
iic0 at piixpm0
em0 at pci0 dev 2 function 0 "Intel 82574L" rev 0x00: apic 0 int 10, address 
00:25:90:3c:66:01
virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Storage" rev 0x00
vioblk0 at virtio0
scsibus1 at vioblk0: 2 targets
sd0 at scsibus1 targ 0 lun 0:  SCSI3 0/direct fixed
sd0: 5120MB, 512 bytes/sector, 10485760 sectors
virtio0: msix shared
uhci0 at pci0 dev 4 function 0 "Intel 82801I USB" rev 0x03: apic 0 int 11
uhci1 at pci0 dev 4 function 1 "Intel 82801I USB" rev 0x03: apic 0 int 10
uhci2 at pci0 dev 4 function 2 "Intel 82801I USB" rev 0x03: apic 0 int 10
ehci0 at pci0 dev 4 function

Re: softraid mirror & large drives (3T)

2017-04-18 Thread Jiri B

On Tue, Apr 18, 2017 at 08:23:56AM -0400, Allan Streib wrote:
> Ian Watts  writes:
> 
> > With this much disk space, should I be looking at another way of
> > achieving data redundancy?
> 
> Buy a hardware RAID controller.

I suppose you wanted to write - 'buy two equal hardware RAID controllers',
or how would you be solving problem in broken hw raid controller in
cca 10 yrs from now? :-)

j.

Re: What does it mean this error when I try install a package?

2017-04-17 Thread Jiri B

On Mon, Apr 17, 2017 at 09:37:56PM +1000, Steven McDonald wrote:
> On Mon, 17 Apr 2017 11:02:37 +
> "C. L. Martinez"  wrote:
> 
> > pkg_add -v python-2.7
> 
> There is no package called python-2.7. The package you want is called
> python-2.7.13p0. You have a few options:
> 
>  1. pkg_add python, then select the version you want.
>  2. pkg_add python-2.7.13p0
>  3. pkg_add -z python-2.7 (fuzzy matching, see pkg_add(1))

  ^ or use 'python%2.7'

j.

Re: upgrading on vultr.com: make sure to select the bsd.mp set

2017-04-13 Thread Jiri B

On Thu, Apr 13, 2017 at 04:32:25PM +0200, Peter N. M. Hansteen wrote:
> Upgrading a couple of virtual machines hosted at vultr.com from 6.0 to
> 6.1 just now, we were a bit suprprised that after the upgrade the system
> booted the 6.0 bsd kernel, and of course during startup pfctl gave an
> error message that I correctly assumed came from kernel/userland mismatch.
> 
> The fix was actually quite simple: the installer does not select the
> bsd.mp kernel automatically, but do select it. Then it will get
> installed and the system will boot the correct mp kernel.
> 
> I'm sure we can supply more detail if needed.
> 
> - Peter

Linux KVM host? IIRC I have seen the same and it depends how you define
CPU for a VM, ie. sockets/cores.

j.

Converting the memory content of a VM to raw physical memory file

2017-04-04 Thread Jiri B

I recently had an issue with frozen VM on qemu-kvm and we were discussing
how to get memory of that VM for investigation.

How would this be handle with VMM? This could be especially useful for
troubleshooting VMM VMs running with SeaBIOS.

We have found this https://github.com/juergh/lqs2mem.py project, it's
a python script which converts libvirt-QEMU-save (LQS) files to raw memory 
files.

So maybe it could be considered for inspiration.

j.

Re: Installer disk info improvement (was - Re: querying scsi id/wwn for scsi disk)

2017-04-03 Thread Jiri B

On Sun, Apr 02, 2017 at 06:14:50PM -0400, Ted Unangst wrote:
> Robert Peichaer wrote:
> > Parsing dmesg output always tends to be fragile, but what about this?
> > Use whatever is enclosed in <> in the dmesg output for a disk and get
> > the size from disklabel.
> 
> This looks insane. If somebody can tell us what output they want, we can
> provide it in a more useful interface (sysctl, etc.) Then it might be useful
> in other scenarios too.

Hi,

yes IMO parsing /var/run/dmesg.boot is silly. It would be better way to have
better interface to list disks, although I'm not able to provide diffs.

My use case was running OpenBSD under qemu-kvm with direct-lun iscsi disks,
all having same lun size, passed via qemu natively or via local block device
on a Linux host. And my concern was how to distinguish these equaly big luns
inside installer.

j.

Installer disk info improvement (was - Re: querying scsi id/wwn for scsi disk)

2017-03-30 Thread Jiri B

> > > diff -u -p -r1.988 install.sub
> > > --- distrib/miniroot/install.sub  13 Mar 2017 17:08:31 -  1.988
> > > +++ distrib/miniroot/install.sub  30 Mar 2017 10:44:01 -
> > > @@ -264,13 +264,7 @@ diskinfo() {
> > >   local _d
> > >  
> > >   for _d; do
> > > - make_dev $_d
> > > - echo -n "$_d: "
> > > - disklabel -dpg $_d 2>/dev/null |
> > > - sed -e '/^label: /{s,,,;s/ *$//;s/^$//;h;d;}' \
> > > - -e '/.*# total bytes: \(.*\)/{s//(\1)/;H;}' \
> > > - -e '$!d;x;s/\n/ /'
> > > - rm -f /dev/{r,}$_d?
> > > + sed -n "/^$_d/p" /var/run/dmesg.boot
> > >   done
> > >  }
> > > 
> > 
> > Your proposition is good for the installer? I doubt it.
> > 
> > j.
> 
> AFAICT the function diskinfo() is only called once in the installer: if
> you press ? a the prompt for the root disk. So my diff just changes the
> output in this case, no other functionality is affected.
> 
> What causes your doubt?

Robert,

could we use something like this? From dmesg we can get current
vendor, model, size plus serial if it does exist, 'sd0' could be grepped
before sed or we could put variable inside sed itself:

sed -e '/^sd0 at.*: <[A-Z]*, \([^,]*\).*fixed *\(.*\)/{s//\1 <\2>/;s/< *>$//;h;d;}' -e '/sd0: \([^,]*\).*/{s//(\1)/;H;}' -e '$!d;x;s/\n/ /' 
/var/run/dmesg.boot
SAMSUNG MZ7TE256  (244198MB)

If there's no serial it maybe could print this?

cat /var/run/dmesg.boot | sed 's/fixed.*/fixed/;' | sed -e '/^sd0 at.*: 
<[A-Z]*, \([^,]*\).*fixed *\(.*\)/{s//\1 <\2>/;s/< *>$//;h;d;}' -e 
'/sd0: \([^,]*\).*/{s//(\1)/;H;}' -e '$!d;x;s/\n/ /'
SAMSUNG MZ7TE256  (244198MB)

What do you think?

PS: sed is really hardcore :)

j.

Re: querying scsi id/wwn for scsi disk

2017-03-30 Thread Jiri B

On Thu, Mar 30, 2017 at 12:59:00PM +0200, Bruno Flueckiger wrote:
> I see your point with the installer. Default labels make the disks
> indistinguishable. The following diff prints the raw infos from dmesg
> rather than the current list of disks:
> 
> Index: distrib/miniroot/install.sub
> ===
> RCS file: /cvs/src/distrib/miniroot/install.sub,v
> retrieving revision 1.988
> diff -u -p -r1.988 install.sub
> --- distrib/miniroot/install.sub  13 Mar 2017 17:08:31 -  1.988
> +++ distrib/miniroot/install.sub  30 Mar 2017 10:44:01 -
> @@ -264,13 +264,7 @@ diskinfo() {
>   local _d
>  
>   for _d; do
> - make_dev $_d
> - echo -n "$_d: "
> - disklabel -dpg $_d 2>/dev/null |
> - sed -e '/^label: /{s,,,;s/ *$//;s/^$//;h;d;}' \
> - -e '/.*# total bytes: \(.*\)/{s//(\1)/;H;}' \
> - -e '$!d;x;s/\n/ /'
> - rm -f /dev/{r,}$_d?
> + sed -n "/^$_d/p" /var/run/dmesg.boot
>   done
>  }
> 

Your proposition is good for the installer? I doubt it.

j.

Re: querying scsi id/wwn for scsi disk

2017-03-30 Thread Jiri B

On Thu, Mar 30, 2017 at 10:25:18AM +0200, Bruno Flueckiger wrote:
> > how to query scsi id or wwn for a scsi disk in OpenBSD? I'd like to get this
> > info and extend installer to provide more info about disks (because 
> > currently
> > it's imposible to distinguish between scsi disks if they are same size and
> > originate from same iscsi target and passed to OpenBSD via qemu-kvm).
> > 
> > So what's OpenBSD equivalent scsi query for Linux commands?
> > 
> > # lsscsi -iws | tail -n1
> > [6:0:0:10]   disk0x6006048c8f0ff1a5c7ef85c8d1c95  /dev/sdd   
> > 36006048c8f0ff1a5c7ef85c8d1c95481  16.1GB
> > 
> > # /usr/lib/udev/scsi_id -xg /dev/sdd
> > ID_SCSI=1
> > ID_VENDOR=EMC
> > ID_VENDOR_ENC=EMC\x20\x20\x20\x20\x20
> > ID_MODEL=Celerra
> > ID_MODEL_ENC=Celerra\x20\x20\x20\x20\x20\x20\x20\x20\x20
> > ID_REVISION=0002
> > ID_TYPE=disk
> > ID_SERIAL=36006048c8f0ff1a5c7ef85c8d1c95481
> > ID_SERIAL_SHORT=6006048c8f0ff1a5c7ef85c8d1c95481
> > ID_WWN=0x6006048c8f0ff1a5
> > ID_WWN_VENDOR_EXTENSION=0xc7ef85c8d1c95481
> > ID_WWN_WITH_EXTENSION=0x6006048c8f0ff1a5c7ef85c8d1c95481
> > ID_SCSI_SERIAL=EMC-Celerra-iSCSI-VLU-fs179_T5_LUN10_CKM00120100230
> 
> $ dmesg | grep scsi
> 
> sd1 at scsibus2 targ 0 lun 0:  SCSI3
> 0/direct fixed naa.6001405635870b3d9e95d40c9d9221d1
> sd2 at scsibus2 targ 0 lun 1:  SCSI3
> 0/direct fixed naa.6001405dcc70b1dd909ed44f8db0d6d6

 disklabel sd1 | grep label

For sd1 and sd2 please. This is what is printed in installer. See diskinfo()
in src/distrib/miniroot/install.sub

If it does print just 'iSCSI Storage 3.1' then this is not very
useful info in the installer (although one can break and investigate dmesg)

So maybe disklabel should have better 'label' or we could print more info
directly in the installer.

I'm also not sure sysctl hw.disknames output is best one, it does show duid
which is OpenBSD specific (compare disklabel with and without '-d').

It seems there's no good solution fitting all cases (softraid, usb disks,
both are scsi-like devices).

j.

querying scsi id/wwn for scsi disk

2017-03-30 Thread Jiri B

Hi,

how to query scsi id or wwn for a scsi disk in OpenBSD? I'd like to get this
info and extend installer to provide more info about disks (because currently
it's imposible to distinguish between scsi disks if they are same size and
originate from same iscsi target and passed to OpenBSD via qemu-kvm).

Currently OpenBSD does show for such SCSI disk something like (taken from 
disklabel):

...
Which disk is the root disk? ('?' for details) [sd0] ?
sd0: Celerra (20.0G)
 ^^^  ^

# scsi -f /dev/rsd0c -c "12 0 0 0 64 0" -i 0x64 "s8 z8 z16 z4"
EMC Celerra 0002

So what's OpenBSD equivalent scsi query for Linux commands?

# lsscsi -iws | tail -n1
[6:0:0:10]   disk0x6006048c8f0ff1a5c7ef85c8d1c95  /dev/sdd   
36006048c8f0ff1a5c7ef85c8d1c95481  16.1GB

# /usr/lib/udev/scsi_id -xg /dev/sdd
ID_SCSI=1
ID_VENDOR=EMC
ID_VENDOR_ENC=EMC\x20\x20\x20\x20\x20
ID_MODEL=Celerra
ID_MODEL_ENC=Celerra\x20\x20\x20\x20\x20\x20\x20\x20\x20
ID_REVISION=0002
ID_TYPE=disk
ID_SERIAL=36006048c8f0ff1a5c7ef85c8d1c95481
ID_SERIAL_SHORT=6006048c8f0ff1a5c7ef85c8d1c95481
ID_WWN=0x6006048c8f0ff1a5
ID_WWN_VENDOR_EXTENSION=0xc7ef85c8d1c95481
ID_WWN_WITH_EXTENSION=0x6006048c8f0ff1a5c7ef85c8d1c95481
ID_SCSI_SERIAL=EMC-Celerra-iSCSI-VLU-fs179_T5_LUN10_CKM00120100230

Thank you for help, it would help me playing with iscsi luns on OpenBSD.

j.

specifying rom file for vio(4) in VMM

2017-03-27 Thread Jiri B

Is it possible to somehow make VMM to boot from vio with specified
ROM file (eg. ipxe)?

j.

Re: how to debug OpenBSD virtio-scsi killing qemu-kvm VM?

2017-03-18 Thread Jiri B

Hi,

in the mail I was confirming that vioscsi works now I sent only dmesg,
and thus some info got stripped.

I tried vioscsi today with directly attach iscsi lun (but passed via iscsi
initiator on EL7 via block device) and I see following lines, are they OK?

...
Use (A)uto layout, (E)dit auto layout, or create (C)ustom layout? [a] 
Rounding size to bsize (32 sectors): 1526304
Rounding size to bsize (32 sectors): 2425696
Rounding size to bsize (32 sectors): 3706272
Rounding size to bsize (32 sectors): 3205664
Rounding size to bsize (32 sectors): 1866048
Rounding size to bsize (32 sectors): 6919232
Rounding size to bsize (32 sectors): 2642112
Rounding size to bsize (32 sectors): 3752352
Rounding size to bsize (32 sectors): 13297376
newfs: reduced number of fragments per cylinder group from 95392 to 95016 to 
enlarge last cylinder group
/dev/rsd0a: 745.3MB in 1526304 sectors of 512 bytes
...

Next comments are related to the installer but anyway. It is not really
distinguishable what disk I see (what would happen if I would add multiple same 
size luns?).

...
Available disks are: sd0.
Which disk is the root disk? ('?' for details) [sd0] ?
sd0: Celerra (20.0G)
Available disks are: sd0.
...

We have visible 'Celerra' - ID_MODEL and size only here. Here is SCSI info 
about the lun
obtained from EL7 for understanding more details about the disk.

# iscsi-inq -e 1 -c 0x80 -i iqn.1994-05.com.redhat:xx 
iscsi://10.34.63.200/iqn.1992-05.com.emc:ckm00120100230-5-vnxe/5
Unit Serial Number:[EMC-Celerra-iSCSI-VLU-fs176_T5_LUN5_CKM00120100230]
[root@slot-5c ~]# /usr/lib/udev/scsi_id -x -g /dev/sde
ID_SCSI=1
ID_VENDOR=EMC
ID_VENDOR_ENC=EMC\x20\x20\x20\x20\x20
ID_MODEL=Celerra
ID_MODEL_ENC=Celerra\x20\x20\x20\x20\x20\x20\x20\x20\x20
ID_REVISION=0002
ID_TYPE=disk
ID_SERIAL=36006048c92fcbc2b82ce603f2373d2c5
ID_SERIAL_SHORT=6006048c92fcbc2b82ce603f2373d2c5
ID_WWN=0x6006048c92fcbc2b
ID_WWN_VENDOR_EXTENSION=0x82ce603f2373d2c5
ID_WWN_WITH_EXTENSION=0x6006048c92fcbc2b82ce603f2373d2c5
ID_SCSI_SERIAL=EMC-Celerra-iSCSI-VLU-fs176_T5_LUN5_CKM00120100230

Thus maybe it would be fine to have also serial there...

# sysctl hw.disknames
hw.disknames=cd0:,sd0:4af32eaf54527909,fd0:
# scsi -f /dev/rsd0c -c "12 0 0 0 64 0" -i 0x64 "s8 z8 z16 z4"
EMC Celerra 0002

sd0 at scsibus1 targ 0 lun 0:  SCSI3 0/direct fixed 
naa.6006048c92fcbc2b82ce603f2373d2c5
  revision, is this useful? 


Thank you for your help! Full dmesg and important part of the installation 
below.

j.


OpenBSD 6.1-beta (RAMDISK_CD) #32: Fri Mar 17 02:55:20 MDT 2017
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
real mem = 1056817152 (1007MB)
avail mem = 1021091840 (973MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf7040 (10 entries)
bios0: vendor SeaBIOS version "1.9.1-5.el7_3.1" date 04/01/2014
bios0: Red Hat RHEV Hypervisor
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC SRAT
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Westmere E56xx/L56xx/X56xx (Nehalem-C), 2200.35 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,PCLMUL,SSSE3,CX16,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,HV,NXE,LONG,LAHF,ARAT
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 
16-way L2 cache
cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: apic clock running at 999MHz
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu at acpi0 not configured
"ACPI0006" at acpi0 not configured
"PNP0303" at acpi0 not configured
"PNP0F13" at acpi0 not configured
"PNP0700" at acpi0 not configured
"PNP0501" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"ACPI0010" at acpi0 not configured
pvbus0 at mainbus0: KVM
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
"Intel 82371SB ISA" rev 0x00 at pci0 dev 1 function 0 not configured
pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0 
wired to compatibility, channel 1 wired to compatibility
pciide0: channel 0 disabled (no drives)
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  ATAPI 5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 0 int 11
"Intel 82371AB Power" rev 0x03 at pci0 dev 1 function 3 not configured
vga1 at pci0 dev 2 function 0 "Red Hat QXL Video" rev 0x04
vga1: aperture needed
wsdisplay1 at vga1 mux 1: console (80x25, vt100 emulation)
virtio0 at pci0 dev 3 function 0 "Qumranet

Re: how to debug OpenBSD virtio-scsi killing qemu-kvm VM?

2017-03-17 Thread Jiri B

On Thu, Mar 16, 2017 at 10:15:21PM +0100, Stefan Fritsch wrote:
> On Tuesday, 14 March 2017 20:16:17 CET Jiri B wrote:
> > Recent dmesg, and VM exits because of virtio-scsi issue when it is
> > installing 'bsd.mp'.
> 
> I think I have fixed all the bugs, at least I could not get any corruption 
> any 
> more. The changes are in -current, in r1.5 of sys/dev/pv/vioscsi.c . Please 
> try if that fixes your problems.
> 
> Cheers,
> Stefan

Hi,

it seems to pass installation and boots later on OK with

  OpenBSD 6.1-beta (RAMDISK_CD) #32: Fri Mar 17 02:55:20 MDT 2017

I suppose your diffs are in. Thank you, I'll try directly attach iSCSI
lun as vioscsi now...

j.

~~~
OpenBSD 6.1-beta (RAMDISK_CD) #32: Fri Mar 17 02:55:20 MDT 2017
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
real mem = 250470400 (238MB)
avail mem = 239251456 (228MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf7170 (10 entries)
bios0: vendor SeaBIOS version "1.9.1-5.el7_3.1" date 04/01/2014
bios0: Red Hat KVM
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: QEMU Virtual CPU version 2.5+, 2394.45 MHz
cpu0: 
FPU,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,CX16,x2APIC,HV,NXE,LONG,LAHF
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 
16-way L2 cache
cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: apic clock running at 1000MHz
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu at acpi0 not configured
"ACPI0006" at acpi0 not configured
"PNP0303" at acpi0 not configured
"PNP0F13" at acpi0 not configured
"PNP0700" at acpi0 not configured
"PNP0501" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"ACPI0010" at acpi0 not configured
pvbus0 at mainbus0: KVM
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
"Intel 82371SB ISA" rev 0x00 at pci0 dev 1 function 0 not configured
pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0 
wired to compatibility, channel 1 wired to compatibility
pciide0: channel 0 disabled (no drives)
pciide0: channel 1 disabled (no drives)
"Intel 82371AB Power" rev 0x03 at pci0 dev 1 function 3 not configured
virtio0 at pci0 dev 2 function 0 "Qumranet Virtio Network" rev 0x00
vio0 at virtio0: address 52:54:00:15:b0:a3
virtio0: msix shared
virtio1 at pci0 dev 3 function 0 "Qumranet Virtio SCSI" rev 0x00
vioscsi0 at virtio1: qsize 128
scsibus0 at vioscsi0: 255 targets
sd0 at scsibus0 targ 0 lun 0: <QEMU, QEMU HARDDISK, 2.5+> SCSI3 0/direct fixed
sd0: 20480MB, 512 bytes/sector, 41943040 sectors, thin
virtio1: msix shared
uhci0 at pci0 dev 4 function 0 "Intel 82801I USB" rev 0x03: apic 0 int 11
uhci1 at pci0 dev 4 function 1 "Intel 82801I USB" rev 0x03: apic 0 int 10
uhci2 at pci0 dev 4 function 2 "Intel 82801I USB" rev 0x03: apic 0 int 10
ehci0 at pci0 dev 4 function 7 "Intel 82801I USB" rev 0x03: apic 0 int 11
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 
addr 1
virtio2 at pci0 dev 5 function 0 "Qumranet Virtio Memory" rev 0x00
virtio2: no matching child driver; not configured
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00 
addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00 
addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00 
addr 1
isa0 at mainbus0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0 mux 1
softraid0 at root
scsibus1 at softraid0: 256 targets
PXE boot MAC address 52:54:00:15:b0:a3, interface vio0
root on rd0a swap on rd0b dump on rd0b
syncing disks... done
rebooting...
OpenBSD 6.1-beta (GENERIC.MP) #33: Fri Mar 17 02:51:54 MDT 2017
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 250470400 (238MB)
avail mem = 238321664 (227MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf7170 (10 entries)
bios0: vendor SeaBIOS version "1.9.1-5.el7_3.1" date 04/01/2014
bios0: Red Hat KVM
acpi0 at bios0: rev 0
acpi0: sleep states S5
acpi0: tables DSDT FACP APIC
ac

Re: how to debug OpenBSD virtio-scsi killing qemu-kvm VM?

2017-03-15 Thread Jiri B

On Wed, Mar 15, 2017 at 02:54:03PM +0100, Alexander Bochmann wrote:
>
>  > bios0: vendor SeaBIOS version 
> "debian/1.7.5-1-0-g506b58d-dirty-20140812_231322-gandalf" date 04/01/2014
>  > bios0: QEMU Standard PC (i440FX + PIIX, 1996)

it doesn't say anything about qemu-kvm version :/

>  [..]
>  > virtio1 at pci0 dev 4 function 0 "Qumranet Virtio SCSI" rev 0x00
>  > vioscsi0 at virtio1: qsize 128
>  > scsibus2 at vioscsi0: 255 targets
>  > probe(vioscsi0:0:0): Check Condition (error 0) on opcode 0x0
>  > sd0 at scsibus2 targ 0 lun 0:  SCSI3 0/direct 
> fixed
>  > sd0: 61440MB, 512 bytes/sector, 125829120 sectors, thin
>  > virtio1: msix shared
> 
> Maybe it is actually a Linux bug that has been fixed by everyone 
> except Red Hat in their undead backports kernel?

I could install Fedora or recent OpenSUSE and see :)

It would be maybe better to see how virtio-scsi involved in recent
qemu since virtio-scsi was imported into OpenBSD. IIRC there were
some header changes...

(I'm not a programmer but see comparisor below:)

https://github.com/qemu/qemu/blob/019adbd3715e98b5a09fab1370cc2c6904f79b6d/include/standard-headers/linux/virtio_scsi.h#L32
#define VIRTIO_SCSI_CDB_SIZE   32
#define VIRTIO_SCSI_SENSE_SIZE 96

vs

$ egrep 'VIRTIO.*(CDB|SENSE)_SIZE' cvs/openbsd-src/sys/dev/pv/vioscsireg.h
#define VIRTIO_SCSI_CONFIG_SENSE_SIZE   20 /* 32bit */
#define VIRTIO_SCSI_CONFIG_CDB_SIZE 24 /* 32bit */

And here 
https://github.com/qemu/qemu/commit/03325525c3a607825ab67bf36bffaa5cf8447df2

+/* Override CDB/sense data size: they are dynamic (guest controlled) in QEMU */
+#define VIRTIO_SCSI_CDB_SIZE 0
+#define VIRTIO_SCSI_SENSE_SIZE 0

j.

Re: how to debug OpenBSD virtio-scsi killing qemu-kvm VM?

2017-03-15 Thread Jiri B

On Tue, Mar 14, 2017 at 05:58:29PM -0700, Mike Larkin wrote:
> On Tue, Mar 14, 2017 at 08:16:17PM -0400, Jiri B wrote:
> > Recent dmesg, and VM exits because of virtio-scsi issue when it is 
> > installing
> > 'bsd.mp'.
> > 
> > j.
> > 
> 
> What are you trying to achieve here? Why not just use a device that doesn't
> cause errors. You could choose virtio-blk or even a non-PV storage device.
> 
> -ml

Originally I had to use virtio-scsi as it was default when using > 2 disks in
our OpenStack env.

virtio-scsi also became default disk type in RHV/oVirt we use.

virtio-scsi does pass SCSI commands through so I'd like to see if I could have
direct lun attached to OpenBSD VM and if I could do SCSI reservation  etc...

I'm also interested to see if I could have virtio-scsi in mpath, although
reading mpath man page, mpath is not supported over vscsi now.

j.

Re: how to debug OpenBSD virtio-scsi killing qemu-kvm VM?

2017-03-14 Thread Jiri B

Recent dmesg, and VM exits because of virtio-scsi issue when it is installing
'bsd.mp'.

j.

Copyright (c) 1982, 1986, 1989, 1991, 1993
  The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2017 OpenBSD. All rights reserved.
https://www.OpenBSD.org

OpenBSD 6.0-current (RAMDISK_CD) #163: Sat Feb 11 19:41:57 MST 2017
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
real mem = 250470400 (238MB)
avail mem = 239251456 (228MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf7170 (10 entries)
bios0: vendor SeaBIOS version "1.9.1-5.el7_3.1" date 04/01/2014
bios0: Red Hat KVM
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: QEMU Virtual CPU version 2.5+, 2394.37 MHz
cpu0:
FPU,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MM
X,FXSR,SSE,SSE2,SSE3,CX16,x2APIC,HV,NXE,LONG,LAHF
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line
16-way L2 cache
cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: apic clock running at 999MHz
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu at acpi0 not configured
"ACPI0006" at acpi0 not configured
"PNP0303" at acpi0 not configured
"PNP0F13" at acpi0 not configured
"PNP0700" at acpi0 not configured
"PNP0501" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"ACPI0010" at acpi0 not configured
pvbus0 at mainbus0: KVM
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
"Intel 82371SB ISA" rev 0x00 at pci0 dev 1 function 0 not configured
pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0
wired to compatibility, channel 1 wired to compatibility
pciide0: channel 0 disabled (no drives)
pciide0: channel 1 disabled (no drives)
"Intel 82371AB Power" rev 0x03 at pci0 dev 1 function 3 not configured
virtio0 at pci0 dev 2 function 0 "Qumranet Virtio Network" rev 0x00
vio0 at virtio0: address 52:54:00:15:b0:a3
virtio0: msix shared
virtio1 at pci0 dev 3 function 0 "Qumranet Virtio SCSI" rev 0x00
vioscsi0 at virtio1: qsize 128
scsibus0 at vioscsi0: 255 targets
sd0 at scsibus0 targ 0 lun 0:  SCSI3 0/direct
fixed
sd0: 20480MB, 512 bytes/sector, 41943040 sectors, thin
virtio1: msix shared
uhci0 at pci0 dev 4 function 0 "Intel 82801I USB" rev 0x03: apic 0 int 11
uhci1 at pci0 dev 4 function 1 "Intel 82801I USB" rev 0x03: apic 0 int 10
uhci2 at pci0 dev 4 function 2 "Intel 82801I USB" rev 0x03: apic 0 int 10
ehci0 at pci0 dev 4 function 7 "Intel 82801I USB" rev 0x03: apic 0 int 11
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00
addr 1
virtio2 at pci0 dev 5 function 0 "Qumranet Virtio Memory" rev 0x00
virtio2: no matching child driver; not configured
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00
addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00
addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00
addr 1
isa0 at mainbus0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0 mux 1
softraid0 at root
scsibus1 at softraid0: 256 targets
PXE boot MAC address 52:54:00:15:b0:a3, interface vio0
root on rd0a swap on rd0b dump on rd0b
erase ^?, werase ^W, kill ^U, intr ^C, status ^T

Welcome to the OpenBSD/amd64 6.0 installation program.
Starting non-interactive mode in 5 seconds...
(I)nstall, (U)pgrade, (A)utoinstall or (S)hell?
DHCPDISCOVER on vio0 - interval 1
DHCPDISCOVER on vio0 - interval 1
DHCPOFFER from 192.168.1.1 (00:25:90:60:8f:1e)
DHCPREQUEST on vio0 to 255.255.255.255
DHCPACK from 192.168.1.1 (00:25:90:60:8f:1e)
bound to 192.168.1.118 -- renewal in 1800 seconds.
Fetching
http://192.168.1.2/52:54:00:15:b0:a3-install.conf?path=snapshots/amd64
Performing non-interactive install...
Terminal type? [vt220] vt220
System hostname? (short form, e.g. 'foo') test1

Available network interfaces are: vio0 vlan0.
Which network interface do you wish to configure? (or 'done') [vio0] vio0
IPv4 address for vio0? (or 'dhcp' or 'none') [dhcp] dhcp
DHCPREQUEST on vio0 to 255.255.255.255
DHCPACK from 192.168.1.1 (00:25:90:60:8f:1e)
bound to 192.168.1.118 -- renewal in 1800 seconds.
IPv6 address for vio0? (or 'rtsol' or 'none') [none] none
Available network interfaces are: vio0 vlan0.
Which network interface do you wish to configure? (or 'done') [done] done
Using DNS domainname internal
Using DNS nameservers at 192.168.1.1

Re: watchdog - "Intel 6300ESB WDT" rev 0x00 at pci0 dev 4 function 0 not configured

2017-03-14 Thread Jiri B

On Tue, Mar 14, 2017 at 03:52:17PM -0700, Mike Larkin wrote:
> > [...]
> > virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Network" rev 0x00
> > vio0 at virtio0: address 52:54:00:b8:93:d9
> > virtio0: msix shared
> > "Intel 6300ESB WDT" rev 0x00 at pci0 dev 4 function 0 not configured
> > ...
> > 
> > # sysctl -a | grep watch
> > #
> > 
> > Shouldn't this be detected as ichwdt(4)?
> > 
> >   ichwdt(4) - Intel 6300ESB ICH watchdog timer device
> > 
> 
> Looks like it was only ever "built" for i386, and not extensively tested even
> then:
> 
> revision 1.411
> date: 2005/05/02 17:26:00;  author: grange;  state: Exp;  lines: +2 -1;
> Add ichwdt(4): Intel 6300ESB ICH watchdog timer driver. Disabled for
> now due to lack of testing. If you have a machine that uses this
> device please contact me.
> 
> -ml

Hi,

it seems i6300esb is only watchdog usable on qemu-kvm. There's also some
ib700 but it is ISA device and diag288 which is applicable only to IBM s/390 and
zSeries.

Should I give a try to i386 with rebuilt kernel? i6300esb is also default 
watchdog
in RHV[1]/oVirt but I doubt anybody uses OpenBSD on it except me sporadically :)

[1] 
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.0/html/virtual_machine_management_guide/sect-configuring_a_watchdog

j.

watchdog - "Intel 6300ESB WDT" rev 0x00 at pci0 dev 4 function 0 not configured

2017-03-14 Thread Jiri B

Hi,

I added watchdog device for OpenBSD VM on qemu-kvm and it seems it's not
detected
correctly:

OpenBSD 6.0-current (GENERIC.MP) #167: Sat Feb 11 19:35:52 MST 2017
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 518905856 (494MB)
avail mem = 498569216 (475MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xf7220 (11 entries)
bios0: vendor Seabios version "0.5.1" date 01/01/2011
bios0: Red Hat KVM
acpi0 at bios0: rev 0
acpi0: sleep states S5
acpi0: tables DSDT FACP APIC
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel Core i7 9xx (Nehalem Class Core i7), 1866.90 MHz
...
virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Network" rev 0x00
vio0 at virtio0: address 52:54:00:b8:93:d9
virtio0: msix shared
"Intel 6300ESB WDT" rev 0x00 at pci0 dev 4 function 0 not configured
...

# sysctl -a | grep watch
#

Shouldn't this be detected as ichwdt(4)?

  ichwdt(4) - Intel 6300ESB ICH watchdog timer device

# pcidump -v 0:4:0
 0:4:0: Intel 6300ESB WDT
0x: Vendor ID: 8086 Product ID: 25ab
0x0004: Command: 0103 Status: 
0x0008: Class: 08 Subclass: 80 Interface: 00 Revision: 00
0x000c: BIST: 00 Header Type: 00 Latency Timer: 00 Cache Line Size:
00
0x0010: BAR mem 32bit addr: 0xfebc1000/0x0010
0x0014: BAR empty ()
0x0018: BAR empty ()
0x001c: BAR empty ()
0x0020: BAR empty ()
0x0024: BAR empty ()
0x0028: Cardbus CIS: 
0x002c: Subsystem Vendor ID: 1af4 Product ID: 1100
0x0030: Expansion ROM Base Address: 
0x0038: 
0x003c: Interrupt Pin: 00 Line: 00 Min Gnt: 00 Max Lat: 00

Libvirt xml part is:


  
  


Qemu cmd line is:

qemu 11657 81.6  5.3 1075552 434084 ?  Sl   23:23  17:53
/usr/libexec/qemu-kvm -name guest=www1,debug-threads=on -S -object
secret,id=masterKey0,format=raw,file=/var/lib/libvirt/qemu/domain-6-www1/mast
er-key.aes -machine pc-i440fx-rhel7.0.0,accel=kvm,usb=off -cpu Nehalem -m 512
-realtime mlock=off -smp 2,sockets=2,cores=1,threads=1 -uuid
e26e7c0c-ea90-45bd-981d-23d471f58162 -nographic -no-user-config -nodefaults
-device sga -chardev
socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-6-www1/monitor.sock,s
erver,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc
base=utc,driftfix=slew -global kvm-pit.lost_tick_policy=discard -no-hpet
-no-shutdown -global PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1 -boot
menu=on,reboot-timeout=0,splash-time=3000,strict=on -device
ich9-usb-ehci1,id=usb,bus=pci.0,addr=0x5.0x7 -device
ich9-usb-uhci1,masterbus=usb.0,firstport=0,bus=pci.0,multifunction=on,addr=0x5
-device ich9-usb-uhci2,masterbus=usb.0,firstport=2,bus=pci.0,addr=0x5.0x1
-device ich9-usb-uhci3,masterbus=usb.0,firstport=4,bus=pci.0,addr=0x5.0x2
-drive
file=/dev/data1vg/www1,format=raw,if=none,id=drive-virtio-disk0,cache=none,ai
o=native -device
virtio-blk-pci,scsi=off,bus=pci.0,addr=0x6,drive=drive-virtio-disk0,id=virtio
-disk0,bootindex=2 -netdev tap,fd=28,id=hostnet0,vhost=on,vhostfd=30 -device
virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:b8:93:d9,bus=pci.0,addr=0
x3,bootindex=1 -chardev pty,id=charserial0 -device
isa-serial,chardev=charserial0,id=serial0 -device
i6300esb,id=watchdog0,bus=pci.0,addr=0x4 -watchdog-action reset -device
virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x7 -object
rng-random,id=objrng0,filename=/dev/random -device
virtio-rng-pci,rng=objrng0,id=rng0,bus=pci.0,addr=0x8 -msg timestamp=on

Am I doing something wrong or it is a bug?

j.

how to debug OpenBSD virtio-scsi killing qemu-kvm VM?

2017-03-13 Thread Jiri B

Hi,

it seems virtio-scsi is not working correctly in OpenBSD, I gave it
a try today and OpenBSD VM was killed with:

  2017-03-13T15:29:00.814657Z qemu-kvm: wrong size for virtio-scsi headers

on EL7 with qemu-kvm-rhev-2.6.0-28.el7_3.6.x86_64.

I found a bug stating it is OpenBSD's fault
  https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=768517

I'd like to provide more info but could you give me some hints
please? I tried to attach debugger to qemu-kvm process but I get
only this :/

  [Thread 0x7f6035207700 (LWP 10766) exited]
  [Thread 0x7f5feedff700 (LWP 10769) exited]
  [Thread 0x7f604a9a8c80 (LWP 10761) exited]
  [Inferior 1 (process 10761) exited with code 01]

j.

Re: pf group and setgid

2017-03-12 Thread Jiri B

On Sun, Mar 12, 2017 at 07:13:08PM +0100, Jrme FRGACIC wrote:
> Hi @misc,
> 
> I have a question about pf and its possibility to filter packets by process
> group: is it a reasonable practice to use setgid for add some rules that
> allow only specific programs to use some services? For example, only permit
> the ftp command and firefox to use HTTP and HTTPS services?
> 
> If I create a separate group for each program I want to allow, is there any
> additional risk induce by the use of the setgid? Also, does this practise
> can be helpful by adding a supplementary layer of protection or is it
> useless?
> 
> $ ls -l /usr/bin/ftp
> -r-xr-sr-x  1 root  ftpcmd  151168 Jul 26  2016 /usr/bin/ftp
> $ grep ftpcmd /etc/pf.conf
> pass out on if proto tcp from (if:0) to any port { 80,443 } group ftpcmd
> 
> Kind regards,
> 
> 
> Jérôme FRGACIC

Your problem is already solved - it is called 'proxy' :)

j.

mpath for vioscsi disks

2017-03-12 Thread Jiri B

Is mpath doable for vioscsi disks? At least if running OpenBSD
on Linux KVM one could use iSCSI with Ceph backend and thus assing
two iSCSI luns as vioscsi disks for OpenBSD VM.

IIUC vioblk strips SCSI commands so it cannot be used for this.

I'm not also sure if we would use iSCSI luns directly inside that
OpenBSD VM and having them in mpath.

Any thoughts about this? Or about mpath with non-enteprise SAN
boxes?

j.

Re: Please: Is there ANY chance that Linux binaries might run again???

2017-03-10 Thread Jiri B

On Fri, Mar 10, 2017 at 12:23:12AM +0100, Stefan Wollny wrote:
> For the very reason I use OpenBSD: Confidentiality.

Wouldn't running closed source Linux binaries on OpenBSD conflict
with your trust? Those binaries cannot be pledge etc...

IMO it's better if we would have a "VMM bootloader" which would support
running any OS. At least VMM has better security design than compat_linux
had.

j.

Re: Running OpenBSD on Hypervisor

2017-03-08 Thread Jiri B

On Wed, Mar 08, 2017 at 07:35:15AM -0800, Reyk Floeter wrote:
> We have PV drivers for all of them in GENERIC.
> 
> Reyk

If nothing has changed stay away from virtio-scsi disks.
See https://marc.info/?l=openbsd-misc=142652469207347=2

j.

Re: serial port expansion card

2017-03-03 Thread Jiri B

I'm little bit worried about consistent device names of
serial port cards or USB->serial converters.

Is it predictable or not?

j.

Re: Content filtering through pf?

2017-02-23 Thread Jiri B

On Thu, Feb 23, 2017 at 10:27:20AM -0500, Alan Corey wrote:
> I'm wondering if it's possible to do content filtering in a firewall.
> Maybe with something that cooperates with pf.  I'm on a very limited
> (5 GB/month) metered internet connection through a cell phone and I'm
> not the only user when I have it shared over wifi.  I'd like to block
> video because it's an incredible waste.  Problematic clients are
> Android/Kindle.  User competence in not clicking where they shouldn't
> is sometimes an issue.
> 
> I can see this happening if there's a file size available during
> transfers, if the size is under a certain threshold value it just
> passes without interference, over a certain size the first few bytes
> of the file get checked.  If it fails the check that exact URL to the
> file would get blacklisted for maybe 24 hours.  I've noticed watching
> random transfers with wget that in some cases it knows the file size
> from somewhere and sometimes not.  Presumably there's no size
> available on streaming video so just block it.
> 
> There seems to be an abundance of video in advertising in apps but
> also in news apps there's a mix of video and text stories.  Most of
> the world assumes bandwidth is free and fast.  Some videos are bigger
> than entire operating systems, and most are fairly pointless.  If the
> transfer is happening over an ssl connection maybe not much can be
> done since from the firewall's perspective it's just encrypted data,
> essentially inside a tunnel.

That sounds like work for Squid in intercepting proxy.

j.

relayd as simple forward proxy

2017-02-21 Thread Jiri B

Hi,

can I use relayd as simple forward http proxy, ie. a non-caching
variant of tinyproxy or squid? Not transparently - intercepting, but
as usual http proxy.

j.

Re: rcctl hickups on OpenBSD 6.0?

2017-02-16 Thread Jiri B

On Thu, Feb 16, 2017 at 08:46:45AM +0100, Raimo Niskanen wrote:
> Hello Misc@
> 
> I tried to activate ypbind via rcctl:
> rcctl enable ypbind
> and it did not write "ypbind_flags=" into /etc/rc.conf.local.
> 
> I had run ypbind so it should start according to the documentation since
> there is a domain file in /var/yp/binding/ but when booting the machine
> ypbind did not start and there was no printout from /etc/rc about starting
> it.  "rcdctl ls failed" did print ypbind.
> 
> I tried to debug rcctl with little success.  Looking at the script it seems
> to me that it checks /etc/rc.conf and /etc/rc.conf.local and should write a
> line "ypbind_flags=" into /etc/rc.conf.local since the default in
> /etc/rc.conf is "ypbind_flags=NO".  But ktrace:ing it indicates that it
> also checks domainname and /var/yp/binding so it is smarter than it looks.
> 
> Unfortunately /etc/rc starts ypbind like any other daemon so ypbind_flags
> has to be != NO and therefore it is not started.
> 
> So there seems to be some misunderstanding between /etc/rc and rcctl about
> exactly when ypbind is enabled or not.
> 
> The workaround is easy enough (manually editing /etc/rc.conf.local so no
> big issue.
> 
> Also, I tried to set nfsd flags:
> rcctl enable nfsd
> rcctl set nfsd flags -tun 4
> or
> rcctl set nfsd flags "-tun 4"
> but it did not work (nfsd_flags=)
> rcctl set nfsd flags -tu
> did work, though.
> 
> Known problems?

It's default value, so maybe it cleaned. It was removed from FAQ just
couple of minutes/hours ago.

j.

how to generate sha512 password hashes for Linux on OpenBSD?

2017-02-06 Thread Jiri B

Hi,

how could I generate sha512 password hashes for Linux on OpenBSD?

Using 'crypto' from Python is no go, as this is OS dependent. So I
tried following via passlib but it does not work, ie. I can't login on EL7.

~~~
#!/usr/bin/python2.7

from passlib.hash import sha512_crypt
import getpass

hash = sha512_crypt.using(salt_size=16).encrypt(getpass.getpass())
# XXX
# print(hash)
hl = hash.split("$",3)
print("$6$%s" % hl[3])
~~~

It does add 'rounds=656000$', so removing this is needed.

On EL7 with hash from above:

echo 
'userfoo:$6$1AfrAnSyjs7Xpki7$59aX53IQcu9JRZKdHT311HOurgVftM/5RlgOrz7fFlDcQEqhcoUCvuDeXyMogTQrvwtmWE8Tnr2vhV2Jf2aqq0'
 \
  | chpasswd -e

And try ssh as 'userfoo'.

What can I do wrong? What is your way to generate it on OpenBSD?

j.

Re: -current installer error

2017-02-02 Thread Jiri B

On Thu, Feb 02, 2017 at 09:28:14PM +, Pedro Caetano wrote:
> Hi misc@
> 
> Today while upgrading a few vms i noticed an error while auto_upgrade was
> running.
> Release build from today sources on amd64 arch.
> This does not impact upgrade of the system.
> 
> 
> # more /tmp/ai/ai.log
> Choose your keyboard layout ('?' or 'L' for list) [default] default
> Available disks are: sd0.
> Which disk is the root disk? ('?' for details) [sd0] sr0

'sr0' ? really?

> Checking root filesystem (fsck -fp /dev/sd0a /mnt)...OK
> Mounting root filesystem (mount -o ro /dev/sd0a /mnt)...OK.
> Force checking of clean non-root filesystems? [no] no
> dd: /mnt/var/db/host.random: No such file or directory
> /dev/sd0a (17f9850d83e601df.a) on /mnt type ffs (rw, local, wxallowed)

j.

Re: "pass all flags S/SA" from default pf.conf is logging, why?

2017-02-01 Thread Jiri B

On Mon, Jan 30, 2017 at 11:46:32AM +, Stuart Henderson wrote:
> > I'm surprised that I get logging in pflog even I have *no* 'log'
> > in my pf.conf.
> >
> > # pfctl -vvsr -R 14
> > @14 pass all flags S/SA
> >   [ Evaluations: 30082 Packets: 569255Bytes: 365488723   States: 23 
> >]
> >   [ Inserted: uid 0 pid 71493 State Creations: 29574 ]
> >
> > According to pf.conf(5) 'all' in above should be, though still
> > not having 'log':
> >
> > " all This is equivalent to `from any to any'."
> >
> > # tcpdump -r /var/log/pflog -n -e -ttt rulenum 14 | tail -n1
> > tcpdump: WARNING: snaplen raised from 116 to 160
> > Jan 30 11:52:45.295489 rule 14/(ip-option) pass in on vlan0: 
> > 192.168.254.101 > 224.0.0.22: igmp-2 [v2] [ttl 1]
> >
> > # sysctl kern.version
> > kern.version=OpenBSD 6.0-current (GENERIC.MP) #153: Tue Jan 24 19:06:50 MST 
> > 2017
> > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> >
> > Is this a bug or feature? Thx.
> 
> afaik, feature. It's a packet with ip-options which is blocked outright
> by PF unless you have an "allow-opts" rule.

OK, but there's nothing about logging ip-options packets in pf.conf
under 'allow-opts'.

j.

Re: getting data from degraded RAID 1 boot disk

2017-02-01 Thread Jiri B

On Wed, Feb 01, 2017 at 01:33:54PM +0100, Stefan Sperling wrote:
> On Wed, Feb 01, 2017 at 04:12:26AM -0500, Jiri B wrote:
> > Should have kernel automatically create 'sd4' for degraded RAID 1
> > but it does not?
> 
> I believe it will auto assemble if the disk is present at boot time.

^^ This does work, I tried to plug the disk as boot device into QEMU VM.

> But not when you hotplug the disk.

Pity. Could it be reconsidered? It would ease data recovery (ie. trying
to get a box to boot the disk or using VM.)

Thanks.

j.

Re: getting data from degraded RAID 1 boot disk

2017-02-01 Thread Jiri B

On Tue, Jan 31, 2017 at 11:55:21PM +0100, Stefan Sperling wrote:
> On Tue, Jan 31, 2017 at 05:23:10PM -0500, Jiri B wrote:
> > I have a disk which used to be boot disk of a degraded RAID 1 (softraid).
> > The second disk is totally gone.
> > 
> > I don't want to use this disk as RAID 1 disk anymore, just to get data
> > from it.
> > 
> > I'm asking because when I plugged the disk, bioctl said 'not enough disks'.
> > 
> > Do we really have to necessary require two disks when attaching already 
> > existing
> > degraded RAID 1 with only one disk available?
> 
> Can you describe in more detail what you did to "plug the disk"?
> It sounds like you ran 'bioctl' in a way that tries to create a
> new RAID1 volume. Why?
> 
> If the disk is present during system boot, is it not auto-assembled
> as a degraded RAID1 volume? I would expect a degraded softraid RAID1
> disk to show up which you can copy data from.

Thank you very much for reply. Here are the steps:

1. original disk which used to be part of degraded RAID 1 (softraid)
   boot disk attached via USB->SATA adapter:
   
umass1 at uhub0 port 10 configuration 1 interface 0 "JMicron AXAGON USB to SATA 
Adapter" rev 3.00/81.05 addr 10
umass1: using SCSI over Bulk-Only
scsibus5 at umass1: 2 targets, initiator 0
sd3 at scsibus5 targ 1 lun 0:  SCSI4 0/direct 
fixed serial.49718017
sd3: 715404MB, 512 bytes/sector, 1465149168 sectors

2. trying to put degraded RAID 1 online:

# fdisk sd3 | grep OpenBSD
*3: A6  0   1   2 -  91200 254  63 [  64:  1465144001 ] OpenBSD
# disklabel sd3 | grep RAID
  a:   1465144001   64RAID
  # bioctl -c 1 -l /dev/sd3a softraid0
  bioctl: not enough disks

man bioctl unfortunatelly states:

~~~
The RAID 0, RAID 1 and CONCAT disciplines require a minimum of
two devices to be provided via -l...
~~~

Should have kernel automatically create 'sd4' for degraded RAID 1
but it does not? As bioctl requires "a minimin of two devices" for
RAID 1...

IMO if RAID 1 could be constructed with on disk via bioctl it would
be better also for people doing migration to RAID 1.

j.

getting data from degraded RAID 1 boot disk

2017-01-31 Thread Jiri B

I have a disk which used to be boot disk of a degraded RAID 1 (softraid).
The second disk is totally gone.

I don't want to use this disk as RAID 1 disk anymore, just to get data
from it.

I'm asking because when I plugged the disk, bioctl said 'not enough disks'.

Do we really have to necessary require two disks when attaching already existing
degraded RAID 1 with only one disk available?

(I find it generally pretty sad we can't define RAID 1 with only disk. I could
imagine constructing RAID 1 with one disk as useful feature, eg. migration from
non-mirrored boot disk to RAID 1 boot disks which attaching just new additional
disk. At least we used to do this on RHEL.)

My current workaround is running a VM under qemu and accessing this disk
as raw device. Surprisingly this works fine in comparision with previous
attaching with bioctl.

kern.version=OpenBSD 6.0-current (GENERIC.MP) #117: Sat Jan  7 09:10:45 MST 2017

j.

Re: init: can't open /dev/console: Device not configured.

2017-01-31 Thread Jiri B

On Tue, Jan 31, 2017 at 02:11:37PM +0100, Christophe Jarry wrote:
> Dear OpenBSD developers an users,
> 
> I have installed OpenBSD 6.0 on my 14 years-old hp pavilion ze5418EA
> (i386). I used an USB key on which I dd'ed install60.fs.
> 
> The installation process went smoothly, I used the default answer to
> almost every question.
> I made a custom partition table with one partition of 28 GB for
> OpenBSD, 26 GB for another OS and 2 GB or so of swap.
> I answered "no" to "Change default console to com1?"

Try booting bsd.rd from boot loader, then mount your root filesystem
at /mnt and inspect /mnt/etc/boot.conf. For desktop you generally
don't need this file at all.

j.

Re: Redudant gateways

2017-01-30 Thread Jiri B

On Mon, Jan 30, 2017 at 10:30:13AM -0200, Dante F. B. Col wrote:
> Hello,
> 
> I've added a second  ISP link on a firewall , what i need is make both
> redudant  but without load balancing like equal multipath, i just need that
> the second link assume only if the other fails  , i already did this with
> some rudimentary cron scripts, is there a better way to do this ?
> 
> Regards
> 
> Dante

$ whatis ifstated
ifstated.conf(5) - Interface State daemon configuration file
ifstated(8) - Interface State daemon

j.

tftpd rewrite - prepend generated 'id' for data

2017-01-30 Thread Jiri B

Hi,

I'm playing with tftpd rewrite option and it seems there's
no timeout for data sent via rewrite socket.

Anyway, wouldn't it be good to send also some generated 'id'
in the beginning of data (eg: "XX 192.168.0.1 read /etc/boot.conf")?

This way tftpd could serve other clients even if previous rewrite
data got stucked somewhere.

j.

"pass all flags S/SA" from default pf.conf is logging, why?

2017-01-30 Thread Jiri B

Hello,

I'm surprised that I get logging in pflog even I have *no* 'log'
in my pf.conf.

# pfctl -vvsr -R 14
@14 pass all flags S/SA
  [ Evaluations: 30082 Packets: 569255Bytes: 365488723   States: 23]
  [ Inserted: uid 0 pid 71493 State Creations: 29574 ]

According to pf.conf(5) 'all' in above should be, though still
not having 'log':

" all This is equivalent to `from any to any'."

# tcpdump -r /var/log/pflog -n -e -ttt rulenum 14 | tail -n1
tcpdump: WARNING: snaplen raised from 116 to 160
Jan 30 11:52:45.295489 rule 14/(ip-option) pass in on vlan0: 192.168.254.101 > 
224.0.0.22: igmp-2 [v2] [ttl 1]

# sysctl kern.version
kern.version=OpenBSD 6.0-current (GENERIC.MP) #153: Tue Jan 24 19:06:50 MST 2017
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

Is this a bug or feature? Thx.

~~~
# pfctl -sr
block drop in quick on isolated from any to route "internet4"
block drop in quick on isolated from any to route "internet6"
pass out quick on egress from any to route "internet4" flags S/SA nat-to 
(egress) round-robin
pass out quick on tunnel from any to route "internet6" flags S/SA
pass in quick on public inet proto tcp from any to any port = 53 flags S/SA 
rdr-to 176.74.XXX.YYY port 5353
pass in quick on public inet6 proto tcp from any to any port = 53 flags S/SA 
rdr-to 2001:470:6e:XXy::X port 5353
pass in quick on public inet proto udp from any to any port = 53 rdr-to 
176.74.XXX.YYY port 5353
pass in quick on public inet6 proto udp from any to any port = 53 rdr-to 
2001:470:6e:XXy::X port 5353
pass in quick on public proto tcp from any port = 22 to any flags S/SA
pass in quick on public proto tcp from any port = 25 to any flags S/SA
pass in quick on public proto tcp from any port = 80 to any flags S/SA
pass in quick on public proto tcp from any port = 443 to any flags S/SA
pass in quick on egress inet proto ipv6 from 216.66.86.122 to (egress)
block return all
pass all flags S/SA
block return in on ! lo0 proto tcp from any to any port 6000:6010
~~~

j.

Re: netbooting OpenBSD (6.0) i386 and amd64 clients from one server

2017-01-29 Thread Jiri B

> > Isn't better to use rewrite/file remapping instead of hacking pxeboot?
> > If an i386 machine would request /etc/boot.conf via tftp you could rewrite
> > it to (based on fact you know that that machine is i386 - during 
> > provisioning)
> > /etc/i386/boot.conf. For the client I suppose it would still think it gets
> > /etc/boot.conf.

A POC...

j.

~~~
#!/usr/bin/perl -w

use IO::Socket::UNIX;

my $socket_path = '/tmp/tftpd_rewrite.sock';
unlink $socket_path if -e $socket_path;
my $socket = IO::Socket::UNIX->new(
Local  => $socket_path,
Type   => SOCK_STREAM,
Listen => SOMAXCONN,
);
die "Can't create socket: $!" unless $socket;

while (1) {
next unless my $connection = $socket->accept;
$connection->autoflush(1);
while (my $line = <$connection>) {
chomp($line);
# XXX
# conditionals here
if ($line =~ /^127.0.0.1 read \/etc\/boot.conf$/) {
print $connection "/etc/boot.conf.i386\n";
} elsif ($line =~ /^\S+ read \/etc\/boot.conf$/) {
print $connection "/etc/boot.conf\n";
}
}
}
~~~

$ ./tftpd_rewrite
$ doas chgrp _tftpd /tmp/tftpd_rewrite.sock ; doas chmod g+w 
/tmp/tftpd_rewrite.sock
$ doas tftpd -v -r /tmp/tftpd_rewrite.sock /home/vm

$ tftp 127.0.0.1 
tftp> get /etc/boot.conf
Received 38 bytes in 0.0 seconds

$ syslogc daemon | tail -n1
Jan 29 01:51:49 t440s tftpd[626]: 127.0.0.1: read request for '/etc/boot.conf'
$ cat boot.conf
set tty com0
boot tftp:/bsd.rd.i386

Re: netbooting OpenBSD (6.0) i386 and amd64 clients from one server

2017-01-28 Thread Jiri B

On Sun, Jan 29, 2017 at 01:17:48AM +0200, li...@wrant.com wrote:
> Sample excerpts from host specific DHCP server config, for i386 and amd64:
> 
>   next-server 10.0.0.32;
>   filename "auto_upgrade";
> 
>   next-server 10.0.0.64;
>   filename "auto_upgrade";
> 
> Quoting autoinstall(8) for netbooting:  http://man.openbsd.org/autoinstall 
> 
>   On architectures where the filename statement is used to provide the
>   name of the file to netboot it is necessary to create symbolic links
>   called auto_install and auto_upgrade that point to the expected boot
>   program and to change the value of the filename statement in the
>   dhcpd.conf(5) file to be auto_install or auto_upgrade.
> 
>   # ln -s /tftpboot/i386/pxeboot  /tftpboot/i386/auto_upgrade
>   # ln -s /tftpboot/amd64/pxeboot /tftpboot/amd64/auto_upgrade
> 
> Needless to say, you need to populate the /tftpboot/{i386,amd64} locations
> with the system installation packages from the local mirror / compilation.
> 
> It is also quite easy to combine both the DHCP server and two instances of
> tftpd(8), started independently listening on 2 IP address aliases, serving
> pxeboot(8) respectively for i386 and amd64 systems stand alone each other.
> 
> See rcctl(8) to run a second copy of a daemon http://man.openbsd.org/rcctl
> 
>   The recommended way to run a second copy of a given daemon for a
>   different purpose is to create a symbolic link to its rc.d(8) control
>   script: 
> 
>   # ln -s /etc/rc.d/tftpd /etc/rc.d/tftpd2
>   # rcctl set tftpd status on
>   # rcctl set tftpd2 status on
>   # rcctl set tftpd flags -4 -l 10.0.0.32 /tftpboot/i386
>   # rcctl set tftpd2 flags -4 -l 10.0.0.64 /tftpboot/amd64
>   # rcctl start tftpd
>   # rcctl start tftpd2

Nice trick to define multiple tftp servers for each x86 architecture :)

Thanks!

j.

Re: netbooting OpenBSD (6.0) i386 and amd64 clients from one server

2017-01-28 Thread Jiri B

On Sat, Jan 28, 2017 at 06:41:34PM +0100, Sven-Volker Nowarra wrote:
> > Isn't better to use rewrite/file remapping instead of hacking pxeboot?
> > If an i386 machine would request /etc/boot.conf via tftp you could rewrite
> > it to (based on fact you know that that machine is i386 - during 
> > provisioning)
> > /etc/i386/boot.conf. For the client I suppose it would still think it gets
> > /etc/boot.conf.

> If this works, I could get rid of recompiling pxeboot everytime a
> new release comes out. Well, sometimes pxeboot also supports "older"
> OpenBSDs, but that is another topic.
> 

> I understand, the tftp server has a "root dir" for the client
> specified. In the dhcpd.conf I declare per client a MAC address and
> its filename (usually "/pxeboot"). The i386 pxeboot manual says:
> "pxeboot boot program will look for an /etc/boot.conf configuration
> file on the TFTP server." I didn't find a reference to a different
> sub structure...
> 
> Anyway, I tried a structure like you proposed, but pxeboot didn't
> find the boot.conf, and didn't even show the echo lines from this
> file (so useless to play with bsd location). This was my setup:
>
> location of boot.conf:
>   /tftpboot/etc/i386/boot.conf
> 
> $ cat /tftpboot/etc/i386/boot.conf
> echo ### 
> echo ### hello from tftpd@192.168.88.12, with /etc/i386/boot.conf ###
> echo ### 
> boot bsd.rd 
> 
> $ cat /etc/dhcpd.conf | grep filename
>filename "/pxeboot";
> 
> I also tried to play with the dhcpd.conf settings, by using a different 
> subdir for pxeboot, but I didn't get the system to find "his" boot.conf in 
> the i386 directory. 

It seems you missed part about tftpd rewrite/file remapping. The client will 
still
request /etc/boot.conf but you fake it via rewrite script.

man tftpd

 -r socket
 Issue filename rewrite requests to the specified UNIX domain
 socket.  tftpd will write lines in the format "IP OP filename",
 terminated by a newline, where IP is the client's IP address, and
 OP is one of "read" or "write".  tftpd expects replies in the
 format "filename" terminated by a newline.  All rewrite requests
 from the daemon must be answered (even if it is with the original
 filename) before the TFTP request will continue.  By default
 tftpd does not use filename rewriting.

j.

tftpd rewrite example

2017-01-28 Thread Jiri B

Hi,

has anybody written some tftpd rewrite daemon/script which could
be shared as example?

j.

Re: netbooting OpenBSD (6.0) i386 and amd64 clients from one server

2017-01-28 Thread Jiri B

On Sat, Jan 28, 2017 at 12:17:40AM +0100, Sven-Volker Nowarra wrote:
> I am netbooting many systems, and last recently stepped on the issue, that I
> had an amd64 and an i386 client in the same network. I wanted to boot them
> into a "full" OpenBSD (not ramdisk kernel). That is not possible with the
> default installation, cause pxeboot can not distinguish between these
> Intel/AMD systems. DHCP server can distinguish by MAC address, but then when
> pxeboot is loaded, the kernel is per default "bsd". This must clash either
> with i386 or amd64 architecture, whatever was dropped into tftpboot direcotry.
> So I went through some older mailing list entries, adapted them, and updated
> my meanwhile extensive netboot document. I updated this into a PDF, covering
> many, many details (now ~50 pages). Wanted to give something back to the
> community. The PDF is currently located here:
> http://nowarra.ch/Volker/netboot_OpenBSD/170127_netbooting_OpenBSD60.pdf
> 

Thanks, interesting document.

Isn't better to use rewrite/file remapping instead of hacking pxeboot?
If an i386 machine would request /etc/boot.conf via tftp you could rewrite
it to (based on fact you know that that machine is i386 - during provisioning)
/etc/i386/boot.conf. For the client I suppose it would still think it gets
/etc/boot.conf.

j.

Re: installXX.fs build

2017-01-27 Thread Jiri B

On Fri, Jan 27, 2017 at 08:29:08PM +0100, Thuban wrote:
> Hi,
> 
> Just by curiosity, I was wondering how installXX.fs file is build?

https://github.com/openbsd/src/blob/master/distrib/amd64/iso/Makefile#L9

j.

Re: clang default: when?

2017-01-23 Thread Jiri B

On Mon, Jan 23, 2017 at 11:41:37PM +0800, Tinker wrote:
> Ah. So.. support for compiling all the default distro with both gcc and
> clang, for all platforms, is in the works?
> 
> Did arm64 spark this because the clang was better suited for arm64 for some
> reason, if so which?

Maybe you should follow https://marc.info/?l=openbsd-cvs=2=1=llvm=b

j.

1 2 3 4 5 6 >

1 - 100 of 515 matches

Mail list logo