Re: Q: Problems forwarding traffic using pf ...
On Thu, May 23, 2024 at 11:14:20AM +0200, Why 42? The lists account. wrote: > pfctl reports: > # pfctl -vvs rules | grep @ > @0 block return log all > @1 pass in log on em0 inet proto udp from 192.168.178.166 to any tag UDP > @2 pass out log on ure0 all flags S/SA tagged UDP > > I see that rule 1 is matched, but never rule 2. E.g. > ... > May 23 10:32:06.602759 rule 0/(match) block in on em0: 192.168.178.179.5353 > > 224.0.0.251.5353: 46[|domain] (DF) > May 23 10:32:06.603963 rule 0/(match) block in on em0: > fe80::4434:8bff:fecd:b116.5353 > ff02::fb.5353: 46[|domain] [flowlabel > 0xbaff9] > May 23 10:32:09.700212 rule 0/(match) block in on em0: 192.168.178.254 > > 224.0.0.1: igmp query [len 12] (DF) [tos 0xc0] [ttl 1] > May 23 10:32:13.267374 rule 1/(match) pass in on em0: 192.168.178.166.56334 > > 192.168.178.11.54321: udp 7 So this last one never leaves, right? what does the gateway's routing table say about how to reach the destination network? also relevant, what is the configuration of the interfaces involved? I'm thinking this could be down to using RFC1918 addresses and not being extra careful about netmasks and routes, but we need more info on the actual configuration to be sure. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
unknown USB vendor
Hi, I got a "are you a human?" on google so I switched to qwant.com for searching but the search is not as good. I'm looking for the USB vendor of this USB vendor id. 0x02d0, and the device id is 0xa9a6. Afaict this is a ure(4) device with a builtin usb hub. But there is no other markings on the outside, related to manufacturer. It does not get detected by default on an April kernel code. It does have a micro-USB cable for the raspberry pi zero 2 that I wanted to use this with. Anyone have any details on these vendor and device id's? Best Regards, -pjp -- ** all info about me: lynx https://callpeter.tel, dig loc delphinusdns.org **
Re: Q: Problems forwarding traffic using pf ...
On Thu, May 23, 2024 at 11:14:20AM +0200, Why 42? The lists account. wrote: > I need to quickly create a solution for forwarding multicast traffic > between two systems, so I though perhaps I could use pf to do just that > by writing some rules along the lines of: > > 1. pass in on iface A proto UDP ... tag mcast > 2. pass out on iface B tagged mcast > > And another pair of rules for the reverse direction B -> A. > > (Obviously I'd add more options to filter specific addresses, etc.) Possibly stupid question, but did you set the sysctl(s) to enable forwarding? $ sysctl net.inet.ip.forwarding and $ sysctl net.inet6.ip6.forwarding will provide the answer (as in, if those values are not 1, forwarding between interfaces is not enabled) -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Localnet Hacking
On Tue, May 14, 2024 at 01:54:52AM +0200, Peter J. Philipp wrote: > Hi, > > A few more people responded, I'm falling behind on priorities though because Hi again, https://mainrechner.de/Buecher2024/batch1.png Here is the first batch that will be mailed out on Friday at the latest. I still have to find cartons for these. We have Sweden, Israel, Turkeye, Germany, USA, Canada, Spain, Australia, with some of them double or triple. Thanks to all. If you waould like to be on the second batch which goes out Friday the 24th please start writing me in private starting Saturday the 18th. I have my hands full with this and life in general. Thanks to all that participated. -pjp -- ** all info about me: lynx https://callpeter.tel, dig loc delphinusdns.org **
Re: viomb0 unable to allocate256 physmem pages, error 12
On Tue, May 14, 2024 at 01:58:18PM -0400, F Bax wrote: > Recently installed 7.5 amd64 in qemu VM (8G RAM) under proxmox. See this > message many times on console and dmesg. > > viomb0 unable to allocate 256 physmem pages, error 12 > > What does this mean? How to resolve this issue? Hi, When you see "error " it's good to look up the manpage on errno. Under number 12 it says: ENOMEM "Cannot Allocate Memory". But look for yourself for a deeper explanation. Also if you want to hunt for this errno in the code you would most likely grep for ENOMEM. Best Regards, -pjp -- ** all info about me: lynx https://callpeter.tel, dig loc delphinusdns.org **
Re: Localnet Hacking
On Tue, May 14, 2024 at 01:54:52AM +0200, Peter J. Philipp wrote: > Hi, > > A few more people responded, I'm falling behind on priorities though because > I am very close to cracking AES-128 I have reduced it to a complexity of > 2 ^ 64. However I have some old code to get the first 32 bits identified but > I want to find a cleaner way. I'll upload my code to the https://centroid.eu > misc repo tomorrow. Once I have the crib for the first 32 bits in a sureshot > everything falls into place and the complexity falls to 2 * (2 ^ 32). I guess > that's the same a 2 ^ 33. Well my sugar high is over. It was good for a week or two. I spotted the error in my logic. I'll still be working on this tough. I passed rk into gosh() and used it.. I totally oversaw that. Best Regards, -pjp
Re: Localnet Hacking
On Sat, May 11, 2024 at 10:35:38AM +0200, Peter J. Philipp wrote: > On Sat, May 11, 2024 at 08:45:45AM +0200, Peter J. Philipp wrote: > > Contact me privately if you would like a batch with what you like. I'll > > make note on that webpage of what's given away. Offer ends July 1st of this > > year. > > Three books have already been given away. They went to Finland. Look for > a marking of a flag beside the name of the title of the book. > > Also if I may interest some people: The Java book is autographed by Ian F. > Darwin who is also on this list. Also the 4.4BSD book which is quite beaten > up was autographed by 3 of the 4 authors at BSDCon 2000. They were everyone > other than John Quarterman. Maybe I'll run into him one day but then I'll > be missing 3 signatures hehe. > > -pjp Hi, A few more people responded, I'm falling behind on priorities though because I am very close to cracking AES-128 I have reduced it to a complexity of 2 ^ 64. However I have some old code to get the first 32 bits identified but I want to find a cleaner way. I'll upload my code to the https://centroid.eu misc repo tomorrow. Once I have the crib for the first 32 bits in a sureshot everything falls into place and the complexity falls to 2 * (2 ^ 32). I guess that's the same a 2 ^ 33. It's kept me up most of the day and night today as it's exciting work. I promise to send your books by friday as wednesday and thursday are booked for me too. Also there has been close to 10 people now, for any new request I plea you to wait until next week. This is an exciting May. (Are you ready for the non-quantum cryptography apocalypse?, I'm starting to believe we're in a game like tron or something.. let's work together) -pjp -- ** all info about me: lynx https://callpeter.tel, dig loc delphinusdns.org **
Re: Localnet Hacking
On Sat, May 11, 2024 at 05:55:11PM +, Lucretia wrote: > I would love some used books but don't have 1000???. I will have $750 around > beginning of June if you want to send me a Paypal invoice to my Apple email: > openbsd.g...@icloud.com I was going to buy my second laptop but books are > probably better for me at this point in time. > > Your other message was crammed full of info, I don't know most of what you > said but I'll try to spend time in the mentioned manpages this week. Hi Lucretia, Sorry there is a communication failure. I meant you should pick three books for 20 EUR shipping or whatever it was for your country. I'll have to look it up. I'm distributing it to anyone interested, first come first serve. With a limit of up to 3 (sometimes an exception for a 4th book is made) per person. Best Regards, -pjp
Re: Localnet Hacking
On Sat, May 11, 2024 at 08:45:45AM +0200, Peter J. Philipp wrote: > If you want some used books, I'm moving across the Atlantic soon and I can't > take my books along. In total the new value of them was 8000 odd EUR. If > I send three books to kyrgystan and it's under 2 kg, I checked with DHL > it will cost under 20 EUR. If I send all these books out in batches of three > it will cost 1000 odd EUR, which I don't have. So I ask you pay shipping if > you want any of these. They are all dear to me, however I tried donating them > to local clubs, libraries and noone wants them, and I can't take them along. > > Even if you don't like what you're getting (or you don't like used books.. I > know I don't) you can pass them on to someone who doesn't mind. However you > can also just request three books, in order to look into them and if you like > them you can repurchase them. I know in some locations it's very hard to get > a peek into a book. > > So willing to end out 53-54 batches of 3 books to people who want some of > these. Very little of these I got used but they are all mostly 5 years+ > old. Some were purchased in Canada and most were purchased in Germany while > I had work. > > Here is the booklist: https://mainrechner.de/Buecher2024/ > > Contact me privately if you would like a batch with what you like. I'll > make note on that webpage of what's given away. Offer ends July 1st of this > year. Wow, thanks for the 4 people who got some books already! They come from all over the world, Australia, Germany, Finland, and United States. Just to clarify, anyone can get around 3 books. Look at the book chart of mine if you see a country flag beside the title it's taken. I thank you all for taking this off my hands (like said I can't take them along on the plane, they don't fit in a suitcase). I'm happy to be mailing out a batch of 10 parcels per week give or take a few. More I can probably not handle before July 1st. Lux, get a book or three, sorry to be hijacking your thread here, I mean well. -pjp -- ** all info about me: lynx https://callpeter.tel, dig loc delphinusdns.org **
Re: Localnet Hacking
On Sat, May 11, 2024 at 08:45:45AM +0200, Peter J. Philipp wrote: > Contact me privately if you would like a batch with what you like. I'll > make note on that webpage of what's given away. Offer ends July 1st of this > year. Three books have already been given away. They went to Finland. Look for a marking of a flag beside the name of the title of the book. Also if I may interest some people: The Java book is autographed by Ian F. Darwin who is also on this list. Also the 4.4BSD book which is quite beaten up was autographed by 3 of the 4 authors at BSDCon 2000. They were everyone other than John Quarterman. Maybe I'll run into him one day but then I'll be missing 3 signatures hehe. -pjp -- ** all info about me: lynx https://callpeter.tel, dig loc delphinusdns.org **
Re: Localnet Hacking
On Sat, May 11, 2024 at 02:52:32AM +, Lucretia wrote: > Book recommendations are most welcome! > > Lux of the Agony > 720077 Bishkek > Altyn Kazyk 31A > KYRGYZSTAN > l...@openbsdgirl.com If you want some used books, I'm moving across the Atlantic soon and I can't take my books along. In total the new value of them was 8000 odd EUR. If I send three books to kyrgystan and it's under 2 kg, I checked with DHL it will cost under 20 EUR. If I send all these books out in batches of three it will cost 1000 odd EUR, which I don't have. So I ask you pay shipping if you want any of these. They are all dear to me, however I tried donating them to local clubs, libraries and noone wants them, and I can't take them along. Even if you don't like what you're getting (or you don't like used books.. I know I don't) you can pass them on to someone who doesn't mind. However you can also just request three books, in order to look into them and if you like them you can repurchase them. I know in some locations it's very hard to get a peek into a book. So willing to end out 53-54 batches of 3 books to people who want some of these. Very little of these I got used but they are all mostly 5 years+ old. Some were purchased in Canada and most were purchased in Germany while I had work. Here is the booklist: https://mainrechner.de/Buecher2024/ Contact me privately if you would like a batch with what you like. I'll make note on that webpage of what's given away. Offer ends July 1st of this year. Best Regards, -pjp -- ** all info about me: lynx https://callpeter.tel, dig loc delphinusdns.org **
Re: Localnet Hacking
Hi Lux, In my opinion if you want to study networking load up on every distfile in /usr/ports/net as these tools will help you. ipcalc is valuable even pros use it because doing CIDR and netmasks in your head is possible but not practical in all scenarios. That said you should look into bridging (start with bridge(8)) with OpenBSD along with the vether(4) manpage. Along with vmd and vmm's you can set up a deep network based on vether's and tap(4)'s. Don't be afraid to use tcpdump(4) especially with the icmp filter along with ping/ping6 which are run continuous you can/could find problems. I don't know how much RAM you have on your machines but pretend you have 16GB that's enough for roughly 12-14 vmm's if each takes 1 GB RAM. Each with one or two tap(4)'s to become a router. You may want to look into autoinstall(8) scripts to configure these "routers" quickly. For that you'll need some knowledge perhaps of the vnconfig(8), rdsetroot(8), and how to compile RAMDISK kernels. What else do we need... you may want to look at a networking scenario using PPPoE. So perhaps look into npppd(8) for the server side and pppoe(4) for the client side. Then another scenario uses DHCP so look into dhcpd(8). Another one will use IPv6 perhaps, here, rad(8) and co will help. For DNS on the authoritative side look into nsd(8), and unbound(8) for the recursive. Look into DNSSEC, nsd is fully capable of this. And unwind(8) will validate the answers or it should SERVFAIL (a specific DNS error). For a start that is good enough, bridging, routing, dhcp, pppoe, dns. You can also make your network 4x4 matrix like or even 16 hosts deep. This will help you learning how to traceroute and icmp timex messaging. With so many virtual hosts in different configurations you may find that configuration is a pain in the *** (PITA). Perhaps use some cluster management like puppet or ansible, or write your own scripts. You'll also need ssh key management, perhaps even coupled with the autoinstall file. All configurations should be in a got(1) tree which is like git. gotwebd will help you see differences in setups. Usually it's said that "communication is key" but in this scenario you are establishing communication so perhaps "organization is key". I personally found my own hardships last week on revisions, until I got confused and didn't have a real history so I'm trying to pick up where the going was good. BTW, manpage(8) would mean you type "man 8 manpage", or "man -s 8 -k manpage". Hope that helps, -pjp On Sat, May 11, 2024 at 02:52:32AM +, Lucretia wrote: > I have a laptop and am looking to purchase a second computer. Neither of them > will be connected to The Internet, but will be networked together. > > My goal is to study networking, starting with some of the most basic commands > and routines. This will be purely for educational purposes. I may build upon > the network later, perhaps with unconventional devices, but for now I want to > focus just on having two Amd64 machines communicating with one another. > > What are some basic networking commands from the base installation or from > ports that would be good for a novice to learn more in-depth? > > I have no plans to connect this system to The Internet now or in the future, > so keep that in mind when suggesting. > > Book recommendations are most welcome! > > Lux of the Agony > 720077 Bishkek > Altyn Kazyk 31A > KYRGYZSTAN > l...@openbsdgirl.com > -- my associated domains: callpeter.tel|centroid.eu|dtschland.eu|mainrechner.de
Re: My PC is crashing
On Fri, May 10, 2024 at 08:48:56AM +0200, Anders Andersson wrote: > Missing from the FAQ is IMO step 0: Run memtest over night to rule out > hard to debug hardware problems. It won't catch everything of course, > but it usually finds RAM issues which is its main job. That is a very valid point. Bad RAM could very well be the cause of the problems described. And on a side note, given that the memory allocation in OpenBSD is different than what some other systems do, it is not unlikely that other systems never or only rarely would hit the failing memory location while OpenBSD would, more often. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: My PC is crashing
Hi Daniel, On Fri, May 10, 2024 at 07:57:31AM +0200, Daniel Hejduk wrote: > Hello, > I installed OBSD on my IdeaPad. > Install went fine I installed offline using .iso file. > But after rebooting it works for ~30 seconds and after that it shutdowns, > without any errors kernel panics nothing. > > How can I debug it? I will send you more info if I found something. The FAQ has a reasonable description of how to debug and report observed problems at https://www.openbsd.org/report.html That said, I would start with looking at the output of dmesg and any traces of what happened immediately before the incidents in the log files such as /var/log/messages (and any other possibly relevant log files). -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: AES-256 ist sicher wie AES-128 im brute force
On Mon, May 06, 2024 at 10:51:05PM +0200, Peter J. Philipp wrote: > The title says "AES-256 is as safe as AES-128" for a translation. Just an update: with this method the key can be recovered with a complexity of 2^96, working on a complexity of 2^64 now. Please help if you have fast equipment, fork my misc directory and do your own, maybe you can be at the final outcome paper/report. https://en.wikipedia.org/wiki/Talk:Advanced_Encryption_Standard#AES-128_broken_to_a_complexity_of_2%5E96 https://github.com/pbug44/misc/tree/main/cg4 Best Regards, and happy holidays (if you're bavarian).. -pjp
AES-256 ist sicher wie AES-128 im brute force
The title says "AES-256 is as safe as AES-128" for a translation. Hi, Dear everyone who I contacted and haven't contacted so far. I have run a test program against a practiced attack against AES-256. While trying to restore the key with just 1 guessed t0 value (I have almost given up) But in spirit of international cooperation I'm going to pass the torch to someone else to continue on this work as priorities shift me to my main project which was supposed to start today. Earlier today I sent a mail to b...@openbsd.org commemorating their good efforts in bringing us security. Earlier this week I wondered on the tech@ mailing list if chacha20 or whatever it's called could be made functional. I personally have switched to 3des as to me AES is insecure now. When I get chacha20 working on OpenBSD I will switch to that and continue on. Details of the attack are simple. In the modules of AES there is an AddRoundKey functionality. This key is generated before encryption and used as keying boxes. It is possible to reverse this given any point below the main key. Just, one needs to inverse the order of all variables and the main key is recovered. This works for 10 rounds as well as 100 million rounds given you have a large enough memory. This function has 4 "T" variables which are temporary. They are discarded at the end but not wiped. In the another bug report (which I will post the URL) I recommended wiping these values to NULL (zeroize) before exiting the function. One t0 value is 32 bit. This means 4.2 billion operations are needed to recover it's value... just what value is it. Taking into consideration that the main key flies past in row 0 over and over, there is still no solid sure shot method of finding it. But I will work on it when I see fit, believe me. The fact is. Given that there is four "t" values of 32 bits this adds up to 128 bits. The operation of brute forcing this 128 bits is just shorter than a full decrypt() as many parts have been able to be cut out. This makes AES-192 and AES-256 just as strong as AES-128. However there is a catch. You must know the plaintext and the ciphertext of the first block (16 or 32 bytes). In many cases on TLS this may be "GET / HTTP/1.1\n" or an additional Host: www.example.org which fills out the full 32 bytes for AES-256. This part is theory and I don't have code right now to prove this. I'm a single unemployed ex-sysadmin and my resources are limited. But I believe the sending side of a TLS transaction may be breakable, which may include all the sensitive data. Here is my work so far that demonstrates study and run with a practice key: https://github.com/pbug44/misc/tree/main/cg4 Here is my original post to b...@openbsd.org (first responders): https://marc.info/?l=openbsd-bugs=171500211927736=2 Here is a small explanation of AddRoundKey: https://en.wikipedia.org/wiki/Advanced_Encryption_Standard I'm sending this mail to BSI, CERT, Theo de Raadt and the misc@openbsd.org mailing list. Just so that it doesn't get lost. Please when you mention a credit give credit to OpenBSD as this would not have been possible without that project. Best Regards, -pjp -- my associated domains: callpeter.tel|centroid.eu|dtschland.eu|mainrechner.de
Re: bgpd(8) not announcing IPv6 addresses from local network
On 2024 May 06 (Mon) at 10:14:21 -0400 (-0400), Benjamin Raskin wrote:
:Hello, all;
:
:I've been having some issues getting bgpd to announce IPv6 routes,
...
:
:bgpd(8) is configued to advertise all connected and static routes,
:however bgpd(8) only advertises routes that are connected to the wg0
:interface and none that are connected on the vport0 interface. Below is
:the output of `bgpctl show fib connected inet6` for reference.
:
:
:flags prio destination gateway
:C1 ::1/128 link#8
:C4 fd80::/64link#11
:C1 fd80::fce1:baff:fe6e:d685/128link#11
:C3 fd80::fce1:baff:fea6:bf3a/128link#11
:C3 fd80::fce1:baff:fed1:1740/128link#11
:C4 fe80::%vport0/64 link#10
:C4 fe80::%mgre0/64 link#12
:C1 fe80::1%lo0/128 link#8
:CN 1 fe80::1efd:8ff:fe7e:6b38%mgre0/128 link#12
:C8 fe80::9ab7:85ff:fe00:3726%mgre0/128 link#12
:C8 fe80::9ab7:85ff:fe00:3727%mgre0/128 link#12
:C4 ff01::%lo0/32link#8
:C4 ff01::%vport0/32 link#10
:C4 ff01::%wg0/32link#11
:C4 ff01::%mgre0/32 link#12
:C4 ff02::%lo0/32link#8
:C4 ff02::%vport0/32 link#10
:C4 ff02::%wg0/32link#11
:C4 ff02::%mgre0/32 link#12
:
:
:As far as I can tell bgpd(8) is configured correctly, and there are no
:anomalies when it comes to routes. Below is a sample of my bgpd(8)
:configuration for reference.
:
fe80:: addresses are "link-local" addressess. Which means they are only
local to the link, and cannot be announced to other links.
You'll need to assign ULA or Global addresses to the links in order for
them to be announced.
:
:AS 10261
:
:neighbor fe80::9ab7:85ff:fe00:3726%mgre0 {
:remote-as 10261
:}
:neighbor fe80::9ab7:85ff:fe00:3727%mgre0 {
:remote-as 10261
:}
:
:network inet6 priority 4
:network inet6 connected
:network inet6 static
:
:allow from ibgp
:allow to ibgp set { nexthop fe80::1efd:8ff:fe7e:6b38%mgre0 prepend-self 1 }
:
:
:Am I missing something? Am I making some assumption when it comes to how
:bgpd(8) works with IPv6 addresses? Thank you in advance.
:
:
:Ben Raskin
:
--
With a rubber duck, one's never alone.
-- "The Hitchhiker's Guide to the Galaxy"
Re: obsd wifi
On Sat, May 04, 2024 at 03:01:54PM -0300, Gustavo Rios wrote: > I have just installed OpenBSD in my brand new notebook. It is a dell > notebook that came with just a wifi NIC. How do i discover the name o my > wifi nic ? ifconfig with no arguments should list all network interfaces the kernel has recognized. There is a catch, though. For wifi interfaces it is likely that the interface can not be configured until the device's firmware is installed. If that is the situation, a common workaround is to use some device that *is* configurable (most USB Ethernet dongles I have encountered Just Work), configure that, then run fw_update. Once the firmware is in place, the rest should be straightforward. Good luck! - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Desktop performance
On Sat, May 04, 2024 at 03:41:28PM +0200, Manfred Koch wrote: > These specifications origin from a website > > I could need your judgments to these settings, so that I can use it. It would be interesting to hear which website recommended those settings, just for reference. It's hard to come up with actually generally valid answers to this kind of question. It really depends on what you want to do with your system. I remember some packages (chrome comes to mind) that have instructions in the package readme file to tweak some of the login.conf parameters. If the software you want to use comes with instructions of that kind, it may be a good idea to follow those suggestions. Otherwise I would as a general rule leave things at the defaults unless you find a specific reason not to. Hm. Back in the day I did some conference tutorials on "transition to the most recent OpenBSD release", with some desktop/laptop oriented tweaks I had found useful myself. Some of those tweaks may still apply, but some are likely to be outdated or just plain wrong to start with. But perhaps an updated version would be useful to somebody? -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: ubnt edgerouter 8
On Mon, Apr 29, 2024 at 05:35:49PM +0200, Janne Johansson wrote: > > Any help is much appreciated. The ER-8 right now idles a lot anyhow and > > I plan on using it for the 8 RJ45 ports. > > I run some Pro 8s in a small rack where I have ripped out the internal > fan of the edgerouters, and then I put one single large fan behind the > rack of Pro8s which cools several of them at reasonable speed. > > -- > May the most significant bit of your life be positive. > Thanks! This is inspiring. -pjp -- my associated domains: callpeter.tel|centroid.eu|dtschland.eu|mainrechner.de
ubnt edgerouter 8
Hi, What sort of things can I do to keep an edgerouter 8 cool that doesn't have fans? I'm ready to pull the fans out of it because they have a certain harmonic that makes me physically ill. But I like the octeon! So short of throwing it out I'm thinking of pulling the plug (on the fans). Would running it with 1 core instead of multicpu keep it cooler? Would it be enough? Should I glue some rasperry pi heatsinks to the CPU? I have a few extra. These are the 2nd fans on this thing they were supposed to be quieter but they still annoy me. I understand I'm a very sensitive person to noise and vibration (ever since I was a baby). Other than running off one core only to keep thermals low, is there any other stuff one can do like step the processor cycles down? Any help is much appreciated. The ER-8 right now idles a lot anyhow and I plan on using it for the 8 RJ45 ports. Best Regards, -pjp -- my associated domains: callpeter.tel|centroid.eu|dtschland.eu|mainrechner.de
hyperv(4) on arm64?
Has anyone tried this? I read that Microsoft has Hyper-V for ARM. I've been running OpenBSD on amd64 hardware in Hyper-V for a while. I suspect there wouldn't be endian issues since arm64 and amd64 are both LE, is there any other concerns? I'm inquiring because mainly I know I have my sights on a non-amd64 laptop. And I'm doing the edwin project which would make it logical that I virtualize OpenBSD on the laptop for the first year while edwin is in the works. https://blog.delphinusdns.org/c?article=1692598798 <-- for explanation In terms of OpenBSD I have been announcing that I'm interested in porting the imsg framework to the windows operating system and open source it. I've contacted Henning, Claudio and Brent (of LibreSSL) letting them in on it. There was some expressed interest in having an open source Windows imsg. An imsg functionality is within the core of my dns server software, so I'm faced with porting it either way. I'd be interested if anyone has a windows 11 pro on arm and compile the hyperv(4) code into the kernels if OpenBSD would boot. Send me a dmesg :-). Best Regards, -pjp -- my associated domains: callpeter.tel|centroid.eu|dtschland.eu|mainrechner.de
Re: >10W idle power usage on framework laptop 12th gen 13inch
On Sun, Apr 28, 2024 at 08:01:58PM +0200, Jan Stary wrote: > > hw.sensors.acpibat0.volt0=15.40 VDC (voltage) > > hw.sensors.acpibat0.volt1=14.29 VDC (current voltage) > > hw.sensors.acpibat0.current0=0.69 A (rate) I think he got it from here (from dc): 14.29 0.69 * p 9.86 This is explained in wikipedia's article on "Watt": https://en.wikipedia.org/wiki/Watt#Overview Where 1 Watt == 1 Volt * 1 Ampere I don't know if you can apply this, but I'm a 1st semester computer engineering college drop-out from 1996, so it's been a while. I have remembered Ohm's law so far and was recently working on Kirchhoff's Law, Watt's law was covered but it took the "VA" in advertisings of UPS's that made me learn that these are Watts, whether that 100% correct I don't know, a physicist may mention that there is temperature offsets as well. Hope you're well Jan! -pjp -- my associated domains: callpeter.tel|centroid.eu|dtschland.eu|mainrechner.de
Re: Is there access to dm...@openbsd.org? / arm64 laptops
I found a dmesg! Thank you! https://marc.info/?l=openbsd-bugs=171430467412856=2 No other needed! -pjp
Re: Is there access to dm...@openbsd.org? / arm64 laptops
On Sat, Apr 27, 2024 at 12:29:43PM +0330, Jadi Mirmirani wrote: > Try: > https://dmesgd.nycbug.org/index.cgi?do=index=OpenBSD > Its an awesome list of people submitting their `dmesg`s whils using OpenBSD. > Have not checked if the ones you mentioned are there or not. But its > frequently updated. > > Yours, > Jadi Hi, Yes I like that webpage too, and I did check it. There is an Intel based x13s running OpenBSD but nothing of the snapdragon kind. Thanks! -pjp
Is there access to dm...@openbsd.org? / arm64 laptops
Hi, I'm looking for a dmesg of an arm64 laptop, the time I think has come to mothball the apple macbook pro from early 2015 (my old laptop called spica), I could put a new battery in it but the 80 EUR is not worth it anymore. I'm also gearing up for job interviews overseas in the summer where I need a nice laptop. Anyone have dmesgs of "Lenovo Thinkpad X13s Gen 1" or the Apple M1/M2? I'd also like to know if you've used these and would like to discourage their purchase. I'm looking at the snapdragon 16 GB lenovo, the price is not quite right but I think I can scrounge up the money begging someone in my family to help me finance it. Best Regards, -pjp
has dump(8) changed or something? recently?
Hi! I've had some problems with dump(8) lately. A 800 GB SSD partition on a raspberry pi 4b (via USB) that is 50% filled had trouble with dump. I don't know why this could be, but it used to work. Here is my backup script that I used to run in my "nodump" chflagged /home/pjp/Backup directory. Notice the old behaviour, which is hashed out. For some odd reason the not so large dump's have seemed to make it. -> #!/bin/sh umask 027 dump -0ua -h 0 -f - / | gzip -c > vega-root-backup.dump.gz dump -0ua -h 0 -f - /var | gzip -c > vega-var-backup.dump.gz #dump -0ua -h 0 -f - /home | gzip -c > vega-home-backup.dump.gz find /home -type f -print > filelist.txt find /home -type f -size +80 -print > excludelist.txt fgrep -v -f excludelist.txt filelist.txt | cpio -oz -H pax > vega-home.cpio.pax.gz echo These files were excluded from packing with cpio format pax: cat excludelist.txt exit 0 < I actually haven't run this script yet since I did all of these commands manually on the command line but they are 100% compatible. Best Regards, -pjp -- my associated domains: callpeter.tel|centroid.eu|dtschland.eu|mainrechner.de
USB keyboard quirks may not be properly catered to in bsd.rd kernels (was: Re: bad first impression of OpenBSD at install time)
On Fri, Apr 26, 2024 at 06:52:38AM +0200, Lourens wrote: > I too experienced this issue during installation. > I simply plugged in an old Logitech keyboard to complete the installation > and after rebooting the previously 'problematic' keyboard was detected and > fully usable. Summing up, this sounds like the kernel configuration that was shoehorned into amd64 installer images (and possibly other platforms?) lacks some of the code that caters to the quirks that show up in certain (newer) USB keyboards. What is not clear to me is how common those keyboards are, as in is there significant risk that new users would encounter this in the wild, with a probability large enough that it would be useful to add a note about this to say https://www.openbsd.org/faq/faq4.html#bsd.rd somewhere? -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: bad first impression of OpenBSD at install time
On Thu, Apr 25, 2024 at 05:46:04PM +0200, Harald Dunkel wrote: > > I posted this before, without any response from the community: > > At the boot> prompt of the installer image my USB keyboard still works, > but at the install prompt the keyboard is ignored. I cannot press "i" > to actually install OpenBSD. I remember vaguely something that matches the description, and I think the feedback then too was that more information about the hardware involved would be needed in order to help. Preferably full sendbug output, but a dmesg (preferably from OpenBSD but even from some other unixlike like Linux will do). -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: maximum file system size
On Thu, Apr 25, 2024 at 12:45:29AM -0300, Gustavo Rios wrote: > Hi folks! > > What is the maximum file size in OpenBSD ? > > Thanks a lot. > > -- > The lion and the tiger may be more powerful, but the wolves do not perform > in the circus There is this comment in /usr/include/ufs/ffs/fs.h: /* Maximum file size the kernel allows. * Even though ffs can handle files up to 16TB, we do limit the max file * to 2^31 pages to prevent overflow of a 32-bit unsigned int. The buffer * cache has its own checks but a little added paranoia never hurts. */ #define FS_KERNMAXFILESIZE(pgsiz, fs) ((u_int64_t)0x8000 * \ MIN((pgsiz), (fs)->fs_bsize) - 1) Now page sizes differ within OpenBSD, so then it depends between 8 TB (4096 bytes page size) and higher perhaps? Best Regards, -pjp -- my associated domains: callpeter.tel|centroid.eu|dtschland.eu|mainrechner.de
openvpn with ed25519 ca cert
Hi, Does libressl 3.9.0 on 7.5 lacks support for ed25519 certs using tls 1.3? Creating PKI with easy-rsa only works with ec secp521r1. with ed25519 certs openvpn says: xxx us=881571 OpenVPN 2.6.9 x86_64-unknown-openbsd7.5 [SSL (OpenSSL)] [LZO] [LZ4] [MH/RECVDA] [AEAD] xxx us=881757 library versions: LibreSSL 3.9.0, LZO 2.10 xxx us=890289 OpenSSL: error:14FFF18E:SSL routines:(UNKNOWN)SSL_internal:ca md too weak::/usr/src/lib/libssl/ssl_rsa.c:394: It works fine on FreeBSD (14) and linux (OpenSSL 3.x) Best regards, Peter
Re: syntax error in httpd.conf file
On Sat, Apr 20, 2024 at 08:47:23AM -0600, deich...@placebonol.com wrote: > continuing with man page recommendations, when you read entirely to the end > of a man page you will see reference to related man pages. At the end of > httpd man there are several references, including httpd.conf this can not ever be over emphasised or over amplified. On OpenBSD, you can expect man pages to be complete and informative and to contain references to other useful resources. Anyone learning OpenBSD or with OpenBSD should be using 'apropos' and 'man' quite intensively. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: syntax error in httpd.conf file
On Sat, Apr 20, 2024 at 12:58:34PM +1000, Alexis wrote: > > and a bit surprinsigly - at least to me - chatgpt didn't get the syntax > > right either, no matter how detailed my prompt was. > > Not at all surprising to me, given that ChatGPT and other LLM-based 'AI' > systems - essentially Markov chains / glorified autocorrect - are > increasingly known for 'hallucinations' and confidently making false claims. Here's the story of my asking it to write a PF.conf - https://nxdomain.no/~peter/chatgpt_writes_pf.conf.html or with nicer formatting and trackers https://bsdly.blogspot.com/2023/06/i-asked-chatgpt-to-write-pfconf-to-spec.html so in this context, near totally useless, likely due to insufficient volume of actually useful configurations in the data it was trained on. This other piece has it come up with some only tangentially related gibberish, but the thing partially redeems itself by offering up that poem at the end - https://nxdomain.no/~peter/chatgpt_on_ipv6_and_openbsd_poetry.html (or again with nicer formatting but G's trackers https://bsdly.blogspot.com/2023/03/chatgpt-opines-on-ipv6-procastination.html) - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: [Raspberry Pi 4] Installing OpenBSD 7.5 with difficulty
On Tue, Apr 16, 2024 at 06:08:13PM +0200, Peter J. Philipp wrote: > On Tue, Apr 16, 2024 at 04:35:23PM +0100, Polarian wrote: > > > Does anyone have any suggestions on what I could try? > OpenBSD 7.5-current (GENERIC.MP) #11: Thu Apr 11 17:03:03 MDT 2024 > dera...@arm64.openbsd.org:/usr/src/sys/arch/arm64/compile/GENERIC.MP Oops that was the wrong dmesg: -pjp OpenBSD 7.5-current (GENERIC.MP) #11: Thu Apr 11 17:03:03 MDT 2024 dera...@arm64.openbsd.org:/usr/src/sys/arch/arm64/compile/GENERIC.MP real mem = 8432803840 (8042MB) avail mem = 8131481600 (7754MB) random: good seed from bootblocks mainbus0 at root: ACPI psci0 at mainbus0: PSCI 1.1, SMCCC 1.2 efi0 at mainbus0: UEFI 2.7 efi0: https://github.com/pftf/RPi4 rev 0x1 smbios0 at efi0: SMBIOS 3.3.0 smbios0: vendor https://github.com/pftf/RPi4 version "UEFI Firmware v1.21" date 11/13/2020 smbios0: Raspberry Pi Foundation Raspberry Pi 4 Model B cpu0 at mainbus0 mpidr 0: ARM Cortex-A72 r0p3 cpu0: 48KB 64b/line 3-way L1 PIPT I-cache, 32KB 64b/line 2-way L1 D-cache cpu0: 1024KB 64b/line 16-way L2 cache cpu0: CRC32,ASID16 cpu1 at mainbus0 mpidr 1: ARM Cortex-A72 r0p3 cpu1: 48KB 64b/line 3-way L1 PIPT I-cache, 32KB 64b/line 2-way L1 D-cache cpu1: 1024KB 64b/line 16-way L2 cache cpu2 at mainbus0 mpidr 2: ARM Cortex-A72 r0p3 cpu2: 48KB 64b/line 3-way L1 PIPT I-cache, 32KB 64b/line 2-way L1 D-cache cpu2: 1024KB 64b/line 16-way L2 cache cpu3 at mainbus0 mpidr 3: ARM Cortex-A72 r0p3 cpu3: 48KB 64b/line 3-way L1 PIPT I-cache, 32KB 64b/line 2-way L1 D-cache cpu3: 1024KB 64b/line 16-way L2 cache apm0 at mainbus0 ampintc0 at mainbus0 nirq 256, ncpu 4 ipi: 0, 1, 2: "interrupt-controller" agtimer0 at mainbus0: 54000 kHz acpi0 at mainbus0: ACPI 6.3 acpi0: sleep states acpi0: tables DSDT FACP CSRT DBG2 GTDT IORT APIC PPTT SSDT BGRT acpi0: wakeup devices acpiiort0 at acpi0 "BCM2849" at acpi0 not configured "BCM2835" at acpi0 not configured "BCM2854" at acpi0 not configured "ACPI0004" at acpi0 not configured xhci0 at acpi0 XHC0 addr 0x6/0x1000 irq 175, xHCI 1.0 usb0 at xhci0: USB revision 3.0 uhub0 at usb0 configuration 1 interface 0 "Generic xHCI root hub" rev 3.00/1.00 addr 1 "ACPI0007" at acpi0 not configured "ACPI0007" at acpi0 not configured "ACPI0007" at acpi0 not configured "ACPI0007" at acpi0 not configured "ACPI0004" at acpi0 not configured "BCM2848" at acpi0 not configured "BCM2850" at acpi0 not configured "BCM2856" at acpi0 not configured "BCM2845" at acpi0 not configured "BCM2841" at acpi0 not configured "BCM2841" at acpi0 not configured "BCM2838" at acpi0 not configured "BCM2839" at acpi0 not configured "BCM2844" at acpi0 not configured pluart0 at acpi0 URT0 addr 0xfe201000/0x1000 irq 153 "BCM2836" at acpi0 not configured "BCM2EA6" at acpi0 not configured "MSFT8000" at acpi0 not configured sdhc0 at acpi0 SDC1 addr 0xfe30/0x100 irq 158 sdhc0: base clock frequency unknown "BCM2855" at acpi0 not configured bse0 at acpi0 ETH0 addr 0xfd58/0x1 irq 189: address dc:a6:32:cc:db:a7 brgphy0 at bse0 phy 1: BCM54210E 10/100/1000baseT PHY, rev. 2 "PNP0C06" at acpi0 not configured "PNP0C0B" at acpi0 not configured acpitz0 at acpi0: critical temperature is 90 degC acpipwrres0 at acpi0: PFAN, resource for FAN0 uhub1 at uhub0 port 1 configuration 1 interface 0 "VIA Labs USB2.0 Hub" rev 2.10/4.21 addr 2 uhidev0 at uhub1 port 3 configuration 1 interface 0 "American Power Conversion Back-UPS CS 650 FW:817.v9.I USB FW:v9" rev 1.10/0.06 addr 3 uhidev0: iclass 3/0, 98 report ids upd0 at uhidev0 uhid0 at uhidev0 reportid 1: input=0, output=0, feature=1 uhid1 at uhidev0 reportid 2: input=0, output=0, feature=1 uhid2 at uhidev0 reportid 3: input=0, output=0, feature=1 uhid3 at uhidev0 reportid 4: input=0, output=0, feature=1 uhid4 at uhidev0 reportid 5: input=0, output=0, feature=1 uhid5 at uhidev0 reportid 6: input=0, output=0, feature=2 uhid6 at uhidev0 reportid 8: input=0, output=0, feature=2 uhid7 at uhidev0 reportid 9: input=0, output=0, feature=2 uhid8 at uhidev0 reportid 10: input=0, output=0, feature=2 uhid9 at uhidev0 reportid 11: input=0, output=0, feature=2 uhid10 at uhidev0 reportid 12: input=1, output=0, feature=1 uhid11 at uhidev0 reportid 13: input=2, output=0, feature=2 uhid12 at uhidev0 reportid 14: input=0, output=0, feature=2 uhid13 at uhidev0 reportid 15: input=0, output=0, feature=1 uhid14 at uhidev0 reportid 16: input=0, output=0, feature=2 uhid15 at uhidev0 reportid 17: input=0, output=0, feature=1 uhid16 at uhidev0 reportid 18: input=0, output=0, feature=2 uhid17 at uhidev0 reportid 19: input=0, output=0, feature=3 uhid18 at uhidev0 reportid 20: input=0, output=0, feature=1 uhid19 at uhidev0 reportid 21: input=0, output=0, f
Re: [Raspberry Pi 4] Installing OpenBSD 7.5 with difficulty
On Tue, Apr 16, 2024 at 04:35:23PM +0100, Polarian wrote: > Does anyone have any suggestions on what I could try? Hi, I too have a RPI 4b that is currently my workstation. Near the time of release I was building my own base and packages, which was right near the times of the ld.so changes, things stopped working. For a while I was X11 forwarding browsers to this because everything else failed. I finally gave up, and installed a snapshot and packages from cdn. Right now everything seems to work great. My status report for you, -pjp PS: I'll share a dmesg (from /var/run/dmesg.boot) below my signature: -- my associated domains: callpeter.tel|centroid.eu|dtschland.eu|mainrechner.de OpenBSD 7.5-current (GENERIC.MP) #11: Thu Apr 11 17:03:03 MDT 2024 dera...@arm64.openbsd.org:/usr/src/sys/arch/arm64/compile/GENERIC.MP real mem = 4185792512 (3991MB) avail mem = 3971813376 (3787MB) random: good seed from bootblocks mainbus0 at root: ACPI psci0 at mainbus0: PSCI 1.0, SMCCC 1.1 efi0 at mainbus0: UEFI 2.7 efi0: EDK II rev 0x1 smbios0 at efi0: SMBIOS 3.0.0 smbios0: vendor Hetzner version "2017" date 11/11/2017 smbios0: Hetzner vServer cpu0 at mainbus0 mpidr 0: ARM Neoverse N1 r3p1 cpu0: 64KB 64b/line 4-way L1 PIPT I-cache, 64KB 64b/line 4-way L1 D-cache cpu0: 1024KB 64b/line 8-way L2 cache cpu0: DP,RDM,Atomic,CRC32,SHA2,SHA1,AES+PMULL,LRCPC,DPB,ASID16,PAN+ATS1E1,LO,HPDS,VH,HAFDBS,CSV3,CSV2,SSBS+MSR cpu1 at mainbus0 mpidr 1: ARM Neoverse N1 r3p1 cpu1: 64KB 64b/line 4-way L1 PIPT I-cache, 64KB 64b/line 4-way L1 D-cache cpu1: 1024KB 64b/line 8-way L2 cache apm0 at mainbus0 agintc0 at mainbus0 shift 4:4 nirq 288 nredist 2 ipi: 0, 1, 2: "interrupt-controller" agintcmsi0 at agintc0 agtimer0 at mainbus0: 25000 kHz acpi0 at mainbus0: ACPI 5.1 acpi0: sleep states acpi0: tables DSDT FACP APIC GTDT MCFG SPCR DBG2 IORT BGRT acpi0: wakeup devices acpimcfg0 at acpi0 acpimcfg0: addr 0x401000, bus 0-255 acpiiort0 at acpi0 "ACPI0007" at acpi0 not configured "ACPI0007" at acpi0 not configured pluart0 at acpi0 COM0 addr 0x900/0x1000 irq 33 pluart0: console "LNRO0015" at acpi0 not configured "LNRO0015" at acpi0 not configured "QEMU0002" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured "LNRO0005" at acpi0 not configured acpipci0 at acpi0 PCI0 pci0 at acpipci0 "Red Hat Host" rev 0x00 at pci0 dev 0 function 0 not configured virtio0 at pci0 dev 1 function 0 "Qumranet Virtio 1.x GPU" rev 0x01 viogpu0 at virtio0: 1024x768, 32bpp wsdisplay0 at viogpu0 mux 1: console (std, vt100 emulation) wsdisplay0: screen 1-5 added (std, vt100 emulation) virtio0: msix per-VQ ppb0 at pci0 dev 2 function 0 "Red Hat PCIE" rev 0x00: irq 37 pci1 at ppb0 bus 1 virtio1 at pci1 dev 0 function 0 "Qumranet Virtio 1.x Network" rev 0x01 vio0 at virtio1: address 96:00:02:1f:61:38 virtio1: msix shared ppb1 at pci0 dev 2 function 1 "Red Hat PCIE" rev 0x00: irq 37 pci2 at ppb1 bus 2 xhci0 at pci2 dev 0 function 0 "Red Hat xHCI" rev 0x01: msix, xHCI 0.0 usb0 at xhci0: USB revision 3.0 uhub0 at usb0 configuration 1 interface 0 "Red Hat xHCI root hub" rev 3.00/1.00 addr 1 ppb2 at pci0 dev 2 function 2 "Red Hat PCIE" rev 0x00: irq 37 pci3 at ppb2 bus 3 virtio2 at pci3 dev 0 function 0 "Qumranet Virtio 1.x Console" rev 0x01 virtio2: no matching child driver; not configured ppb3 at pci0 dev 2 function 3 "Red Hat PCIE" rev 0x00: irq 37 pci4 at ppb3 bus 4 virtio3 at pci4 dev 0 function 0 "Qumranet Virtio 1.x Memory Balloon" rev 0x01 viomb0 at virtio3 virtio3: irq 37 ppb4 at pci0 dev 2 function 4 "Red Hat PCIE" rev 0x00: irq 37 pci5 at ppb4 bus 5 virtio4 at pci5 dev 0 function 0 "Qumranet Virtio 1.x RNG" rev 0x01 viornd0 at virtio4 virtio4: irq 37 ppb5 at pci0 dev 2 function 5 "Red Hat PCIE" rev 0x00: irq 37 pci6 at ppb5 bus 6 virtio5 at pci6 dev 0 function 0 "Qumranet Virtio 1.x SCSI" rev 0x01 vioscsi0 at virtio5: qsize 128 scsibus0 at vioscsi0: 255 targets cd0 at scsibus0 targ 0 lun 0: removable sd0 at
Re: Firewall setup
I give up. The obviously incomplete, hand edited ifconfig output shows three interfaces that are (or appear to be, judging from the excerpts that we are given) not configured with IP addresses, two of which have a link, while the last does not. For reasons unknown these three are joined in a three-way bridge. >From the tiny crumbs of information you have deigned to reveal to us, it is not at all clear what it is you are trying to achieve. That this configuration does not do anything useful is however no surprise at all. Once you can describe what it is your Rube Goldberg contraption is supposed to do, competent people here might offer some advice on how to make things work properly. Until that happens, I for one will simply ignore anything from that source. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Firewall setup
On Mon, Apr 15, 2024 at 10:09:31PM +0200, Karel Lucas wrote: > This gives the following error messages when booting: > no IP address found for igc1:network > /etc/pf.conf:41: could not parse host specification > no IP address found for igc2:network > /etc/pf.conf:42: could not parse host specification This sounds to me like those interfaces either do not exist or have not been correctly configured. Are those interfaces configured, as in do they have IP addresses? the output of ifconfig igc1 and ifconfig igc2 will show you. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Firewall setup
On Mon, Apr 15, 2024 at 10:01:59PM +0200, Karel Lucas wrote: > They both give a syntax error by booting. > > Op 14-04-2024 om 17:45 schreef Zé Loff: > > pass in on $int_if proto udp to port 53 > > pass in on $int_if proto udp to $nameservers port 53 You're not giving us a lot to work with here. Off the top of my head, seeing that your int_if macro is a list of two interfaces, that may well be your problem (or one of them). The rule syntax is not really intended to deal with a list of interfaces following 'on'. It is likely more useful to treat the two interfaces separately. The other option - if your network layout is such that it makes sense to treat them to the same rule criteria - would be to make an interface group with both interfaces as members, then use the interface group name in your rules. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: OpenBSD Installation Doesn't Detect NVMe SSD, but Detects My USB Drives
On Mon, Apr 15, 2024 at 08:29:21AM +0200, aliyu...@tutanota.com wrote: > > I'm currently trying to install OpenBSD on my laptop, and I'm coming > across a problem. The installation only detects my installation drive > and my other USB flash drive that I use for data storage, but not my > NVMe SSD I want to do an installation on. > > This same problem also occurs in NetBSD, but not FreeBSD. The UEFI > setup acknowledges my drive as a Non-RAID disk, and Linux also shows > it as nvme0n1, so there isn't any problems with the drive itself. As Brian mentioned, it would generally be useful to have dmesg output from a system where the drive works as well as from the OpenBSD config where the drive is not recognized. That said, I would recommend looking into the BIOS options to see whether there is a setting for the storage controller mode. In an ASUS laptop I bought a little while back, the options were somewhat non-intuitive: "The option turned out to live in the BIOS' Advanced menu, labeled VMD setup menu, where you set the Enable VMD controller option to Disabled." which made the drive visible to OpenBSD. (the fuller story is at https://nxdomain.no/~peter/blog_wild_wild_world_of_windows.html or with nicer formatting and trackers https://bsdly.blogspot.com/2021/07/the-impending-doom-of-your-operating.html) In your case, the relevant option (if it exists) may be labeled something completely different. But it's likely worth checking for. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
sip proxy (I'm starting one)
Hi, In this mail: https://marc.info/?l=openbsd-misc=170759396512738=2 I asked people what sip proxy they use. And got feedback, thank you! However after a short code-reading of the software mentioned I became distraught and want to do my own. I have worked on this saturday and sunday and it's taking shape, based on another transparent proxy of mine called sipdiv.c: The code is here: https://github.com/pbug44/misc/tree/main/proximasip Right now the skeleton is finished, it pledges, chroot, privseps and unveils and sets up sockets, as well as creating a rudamentary state. This week I'm going to develop on this a little more along side of the risc-v project that I'm also working on. My systems caused me a bit of sysadmin last week, so I couldn't get started on either too much. So for proximasip.c here are my immediate goals: 1. allow incoming sip calls, proxied to the fritz!box that I use for my phones 2. UDP only at first TLS (sips) later 3. this proxy will be stateful, so the state machine will have to be programmed To reach these goals I'm hoping to get this working (possibly without tls) by end of month, at which an old project is calling me back to do work. So in May I'm reprioritizing. I invite you to help. If you're interested in SIP on a VPS tunneled to home, then this may be for you. As I'm developing this with github, you're invited to fork and cause pull requests. Though commits may happen quicker initially than later when there is a debug to make it all work. I haven't given RTP much thought yet, I may use a pf rule to make it work. Here is my setup: [superpod.delphinusdns.org] < this is where the proximasip proxy is on | | | < this is a wireguard tunnel inside IPSEC to tunnel things home | | [stern (router)] <-- this is riscv64 gateway at my ISP it is vlan'ing | everything and has the transparent sipdiv.c | proxy to shorten SIP UDP packets for talking | with my parents fritz!box on another network | [AVM fritzbox] <-- This is an old AVM 7390 that is my Wifi and SIP | gateway. The DSL modem in it is not connected. | It will eventually register to proximasip proxy | [2 telephones] <-- older SIP telephones (Aastra and Grandstream) Since the fritzbox has a default profile registered to my parents fritzbox via superpod, I'm going to make a new profile on it for registering to proximasip. It will only accept inbound calls eventually and outbound calls will go through parents and eventually the PSTN. I could have installed a kamailio in proximasip's place but I lack the config skills and I don't want it to waste my time. Better write something anew and know it's safetied. Once it's ready to receive I'm going to install a sip.callpeter.tel record with SRV to a non-standard port (in order to evade automated voicemail sip bots). Right now I've picked 12345/udp but I seem to recall that's some P2P botnet, I may change it in time. Best Regards, -pjp -- my associated domains: callpeter.tel|centroid.eu|dtschland.eu|mainrechner.de
Re: Firewall setup
On Sun, Apr 14, 2024 at 05:09:01PM +0200, Karel Lucas wrote:
> Hi all,
>
> Everything about PF is all very confusing to me at the moment, so any help
> is appreciated. So let's start simple and then proceed step by step. I want
> to continue with ping so that I can test the connection to the internet.
> This works: ping -c 10 195.121.1.34. But this doesn't work: ping -c 10
> www.apple.com. As others have stated, I have a problem with using DNS
> servers on the internet. The PF ruleset needs to be adjusted for this, but
> it is still not clear to me how to do that. What else do I need to get ping
> to work correctly? To get started simply, I created a new pf.conf file, see
> below.
I'd put this somewhere after your block rules:
pass inet proto { tcp, udp } from igc1:network to port $client_out
pass inet proto { tcp, udp } from igc2:network to port $client_out
- that way you will actually use the macro. But the macro sitll references
the invalid service nportntp (you probably want ntp instead), and I would
think that the services "446, cvspserver, 2628, 5999, 8000, 8080" are unlikely
to be useful unless you *know* you need to pass traffic for those.
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Ping blocked by firewall
On Sat, Apr 13, 2024 at 09:32:48PM +0200, Karel Lucas wrote:
> What should I add then, considering my PF ruleset? To be honest, all of this
> is very unclear to me at the moment, so any help is appreciated.
How about:
pass out inet proto { tcp, udp } from any to any port { 53, 853 } keep state
pass out inet6 proto { tcp, udp } from any to any port { 53, 853 } keep state
see if that will do it for you. You have a service called "domain" in your
rules but it's only a macro/alias and not active
Also if I remember it right (without looking) traceroute defaults to UDP mode
by default, with ports (32768 + 666) + (every "*" in every hop counting as 1)
so depending on how many hops outbound you want to traceroute you'll have to
open those udp ports outbound.
Of course you can be like windows and do traceroute -P1 to traceroute with
ICMP.
Remember, from your basic networking texts that each hop decrements (-1) the
time to live, or the hop count. When a router encounters an IP[46] packet
that would decrement to 0 it will not get forwarded and will reply an ICMP
time exceeded message aka timex reply.
Please familiarize yourself with tcpdump and for learning purposes wireshark
and really analyze the packet headers with RFC's 791, 792, 8200 found at
https://rfc-editor.org.
Best of Luck!
-pjp
> Op 13-04-2024 om 02:39 schreef Alexis:
> >
> > Karel Lucas writes:
> >
> > > Ping only works partially. For example, this works: ping -c 10
> > > 195.121.1.34. But this doesn't work: ping -c 10 www.apple.com. I
> > > suspect this has to do with DNS servers, but I don't know where to
> > > start troubleshooting.
> >
> > Indeed, you appear to have no rules allowing outgoing requests to DNS
> > servers for name resolution.
> >
> >
> > Alexis.
> >
>
--
my associated domains: callpeter.tel|centroid.eu|dtschland.eu|mainrechner.de
Re: Ping blocked by firewall
On Sat, Apr 13, 2024 at 06:18:46AM +0200, Janne Johansson wrote: > Den fre 12 apr. 2024 kl 19:41 skrev Karel Lucas : > > > > Hi all, > > > > Ping only works partially. For example, this works: ping -c 10 > > 195.121.1.34. But this doesn't work: ping -c 10 www.apple.com. I suspect > > this has to do with DNS servers, but I don't know where to start > > troubleshooting. Can someone help me? > > If the below pf.conf it your total firewall config, then you are only > letting icmp through, and not DNS queries. > Perhaps you meant to use the "client_out" macro for a pass rule and forgot it? As Janne hints at here, your pass criteria are too narrow to be practical for the needs you appear to have. Not an uncommon problem while learning to write rulesets. And of course I have written about that too - https://home.nuug.no/~peter/pf/en/basicgw.html#GWPITFALLS (That is in the piece that evolved into The Book of PF, and likely something similar appears somewhere in the book too) -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: No internet connection (firewall block)
On Thu, Apr 11, 2024 at 09:34:15AM +0100, Zé Loff wrote:
> > pass log out on egress inet proto udp to port 33433:33626 # for IPv4
> > pass log out on egress inet6 proto udp to port 33433:33626 # for IPv6
> >
> > pass log quick on $ext_if inet proto {tcp, udp} from $localnet \
> > to port $udp_services
> > pass log on $ext_if inet proto icmp all icmp-type $icmp_types
> > pass log on $ext_if inet proto tcp from $localnet to port $client_out
> > pass log out proto tcp to port $tcp_services # establish keep-stat
> > pass log log proto udp to port $udp_services # Establish keep-state
>
> If I read this correctly, you are not allowing any "in" traffic, except
> for the two "Letting ping through lines", which are just for ICMP, and
> on the first two rules on the last part ("...$icmp_types" and
> "...$client_out"). I am assuming "log log" on the last rule is a typo,
> and it is actually "log out".
Those are as far as I can tell correct observations. There appears to be
no rule allowing traffic other than the selected icmp types to pass from
anywhere but the local host.
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: 7.5 /var/log/messages - vfprintf %s NULL in "%.*s"
On Thu, Apr 11, 2024 at 09:41:47AM +0200, Eivind Eide wrote: > > HOME="/home/eivind" > > That's the environmental variable that triggers the message if an > empty ~/.terminfo/ directory is present in my home. It is possible that I have missed important context here, but with a bare environment with only essentials like $HOME defined and no ~/.terminfo directory (as opposed to an empty one), do the odd messages still appear? -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: No internet connection (firewall block)
On Wed, Apr 10, 2024 at 11:53:47PM +0200, Karel Lucas wrote: > > With the new firewall I am setting up I cannot connect to the internet. That > starts with traceroute, so let's start there. Ping works fine. Below I have > listed my pf.conf file. This sounds like you have a link to somewhere, at least. The first question would be, when you say "I cannot connect to the internet", where is this in relation to the host with the ruleset you quote? Start with the basics - is the gateway set up to forward packets? The output of $ sysctl net.inet | grep forward will reveal the truth there. And looking at the quoted ruleset, I find it rather unlikely that it will actually load -- you will get a "macro 'martians' not defined" and "unknown port nportntp" and likely a few "syntax error" messages as well. I would advise to take a few steps back, start from the basics and add only the things you know you need. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Ping blocked by firewall
On Wed, Apr 10, 2024 at 11:01:18PM +0200, Peter N. M. Hansteen wrote: > Another gentle introduction can be found in the latest PF tutorial, > the slides for the AsiaBSDCon 2024 version can be found as > https://nxdomain.no/~peter/pf_asiabsdcon2024.pdf which in turn has > references to various useful resources. and I should add that the labs referenced there are almost certainly not available at the moment. They tend to be turned on specifically for the sessions and are generally only left running for a few days. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Ping blocked by firewall
On Wed, Apr 10, 2024 at 04:41:58PM -0400, Steve Litt wrote: > I found out where to buy your book, and will buy it once I have the > "for dummies" level of knowledge. In the meantime, what other PF > references do you recommend? I know just enough PF to be dangerous, but > want to make my own BSD/PF firewall/router. The Book of PF was meant to be accessible to people with only basic networking knowledge, but anyway - I'd start with the official PF user guide at https://www.openbsd.org/faq/pf/index.html and look up the relevant man pages. Another gentle introduction can be found in the latest PF tutorial, the slides for the AsiaBSDCon 2024 version can be found as https://nxdomain.no/~peter/pf_asiabsdcon2024.pdf which in turn has references to various useful resources. And of course, this mailing list tends to be receptive to reasonably formulated questions. All the best, Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
MANGOPI - anyone else have reboot problems?
Hi, I have found that my Mango Pi is very jittery, also when I reboot it there is probably garble on the UART link causing it to fall into u-boot prompt. I have tried: env set bootdelay 0 env set bootdelay -1 saveenv and reset but it doesn't seem to work. Any garble will still cause a break to u-boot console. There is a firmware image on the flash and in DTB under config but how do I access that from OpenBSD? Is there any drivers I can look at for making this work? I believe it goes on the "binman" device that is not configured. deneb# dmesg|grep binman "binman" at mainbus0 not configured Granted that there isn't an easy answer, I'll look at this perhaps in autumn. Here is my dmesg: OpenBSD 7.5-current (GENERIC) #5: Mon Apr 8 08:27:57 MDT 2024 dera...@riscv64.openbsd.org:/usr/src/sys/arch/riscv64/compile/GENERIC real mem = 1073741824 (1024MB) avail mem = 1008369664 (961MB) SBI: OpenSBI v1.3, SBI Specification Version 1.0 random: good seed from bootblocks mainbus0 at root: MangoPi MQ Pro cpu0 at mainbus0: T-Head arch 0 imp 0 rv64imafdc intc0 at cpu0 cpu0: 32KB 64b/line 128-way L1 I-cache, 32KB 64b/line 256-way L1 D-cache "fit-images" at mainbus0 not configured "dcxo-clk" at mainbus0 not configured simplebus0 at mainbus0: "soc" sxipio0 at simplebus0: 88 pins sxiccmu0 at simplebus0 plic0 at simplebus0 sxitimer0 at simplebus0: 24000 kHz sxidog0 at simplebus0 com0 at simplebus0: dw16550 com0: console com1 at simplebus0: dw16550 "syscon" at simplebus0 not configured "dma-controller" at simplebus0 not configured "efuse" at simplebus0 not configured "crypto" at simplebus0 not configured "dram-controller" at simplebus0 not configured sximmc0 at simplebus0 sdmmc0 at sximmc0: 4-bit, sd high-speed, mmc high-speed, dma sximmc1 at simplebus0 sdmmc1 at sximmc1: 4-bit, sd high-speed, mmc high-speed, dma "usb" at simplebus0 not configured "phy" at simplebus0 not configured ehci0 at simplebus0 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 configuration 1 interface 0 "Generic EHCI root hub" rev 2.00/1.00 addr 1 ohci0 at simplebus0: version 1.0 "clock-controller" at simplebus0 not configured "mixer" at simplebus0 not configured "mixer" at simplebus0 not configured "phy" at simplebus0 not configured "tcon-top" at simplebus0 not configured "lcd-controller" at simplebus0 not configured "lcd-controller" at simplebus0 not configured "power-controller" at simplebus0 not configured "clock-controller" at simplebus0 not configured sxirtc0 at simplebus0 sxidog1 at simplebus0 sxidog2 at simplebus0 gpio0 at sxipio0: 32 pins gpio1 at sxipio0: 32 pins gpio2 at sxipio0: 32 pins gpio3 at sxipio0: 32 pins gpio4 at sxipio0: 32 pins gpio5 at sxipio0: 32 pins gpio6 at sxipio0: 32 pins usb1 at ohci0: USB revision 1.0 uhub1 at usb1 configuration 1 interface 0 "Generic OHCI root hub" rev 1.00/1.00 addr 1 "opp-table-cpu" at mainbus0 not configured "pmu" at mainbus0 not configured "vcc" at mainbus0 not configured "vcc-3v3" at mainbus0 not configured "leds" at mainbus0 not configured "avdd2v8" at mainbus0 not configured "dvdd" at mainbus0 not configured "vdd-cpu" at mainbus0 not configured "wifi-pwrseq" at mainbus0 not configured "binman" at mainbus0 not configured scsibus0 at sdmmc0: 2 targets, initiator 0 sd0 at scsibus0 targ 1 lun 0: removable sd0: 121942MB, 512 bytes/sector, 249737216 sectors manufacturer 0x024c, product 0xd723 at sdmmc1 function 1 not configured uhub2 at uhub0 port 1 configuration 1 interface 0 "vendor 0x1a40 USB 2.0 Hub" rev 2.00/1.11 addr 2 ure0 at uhub2 port 4 configuration 1 interface 0 "Realtek USB 10/100 LAN" rev 2.10/20.00 addr 3 ure0: RTL8152 (0x4c10), address 00:e0:4c:36:00:e9 rlphy0 at ure0 phy 0: RTL8201E 10/100 PHY, rev. 2 vscsi0 at root scsibus1 at vscsi0: 256 targets softraid0 at root scsibus2 at softraid0: 256 targets root on sd0a (ff09abc802626de6.a) swap on sd0b dump on sd0b sxiccmu_d1_set_frequency: 0x0084 cpu0: clock not implemented Best Regards, -pjp -- my associated domains: callpeter.tel|centroid.eu|dtschland.eu|mainrechner.de
Re: Ping blocked by firewall
On Tue, Apr 09, 2024 at 10:52:45AM +0200, Karel Lucas wrote: > I defined the table as stated in your book (3rd edition, page 42). However, > that gives an error message. In the lines with that table: macro 'martians' > not defined. Moreover, I now also have a Syntax error in lines 38, 39 and > 46, causing the pf lines not to be loaded. The martians example only appears on page 91, and if you had read that book or other PF references, you would have known full well that the syntax for defining and referencing macros differs from how you define and reference tables. Please actually read the advice offered by contributors to this thread. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Ping blocked by firewall
On Tue, Apr 09, 2024 at 10:52:45AM +0200, Karel Lucas wrote:
> I defined the table as stated in your book (3rd edition, page 42). However,
> that gives an error message. In the lines with that table: macro 'martians'
> not defined. Moreover, I now also have a Syntax error in lines 38, 39 and
> 46, causing the pf lines not to be loaded.
macro names are case sensitive, to wit
peter@kapet:~$ cat martians
Martians = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \
10.0.0.0/8, 169.254, 0.0/16, 192.0.2.0/24, \
0.0.0.0/8, 240.0.0.0/4 }"
block from $martians
peter@skapet:~$ doas pfctl -vnf martians
Martians = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12,
10.0.0.0/8, 169.254, 0.0/16, 192.0.2.0/24, 0.0.0.0/8, 240.0.0.0/4
}"
martians:5: macro 'martians' not defined
martians:5: syntax error
for conversion to tables, keep in mind that references need the
surrounding '<' and '>'.
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Ping blocked by firewall
On Tue, Apr 09, 2024 at 08:39:08AM +0200, Karel Lucas wrote:
> Hi all,
>
> For the first time I tested my new firewall with ping, and it is blocked. I
> don't know what the reason is, you can find the information below. I have a
> network with only regular clients, so no servers. I'm still using OpenBSD
> V7.4, and will upgrade once the firewall is up and running so I can test the
> upgrade process.
>
> /etc/pf.conf:
> ext_if = igc0 # Extern interface
> int_if = "{ igc1, igc2 }" # Intern interfaces
> localnet = "192.168.2.0/24"
> tcp_services = "{ smtp, domain, www, auth, http, https, pop3, pop3s }"
> udp_services = "{ domain, ntp }"
> email = "{ smtp, imap, imaps, imap3, pop3, pop3s }"
> icmp_types = "{ echoreq, unreach }"
> icmp6_types = "{ echoreq, unreach }"
> nameservers = "{ 195.121.1.34, 195.121.1.66 }"
> client_out = "{ ssh, domain, pop3, auth, nportntp, http, https, \
> ?? ?? ?? ?? 446, cvspserver, 2628, 5999, 8000, 8080 }"
> Martians = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \
> ?? ?? ?? 10.0.0.0/8, 169.254, 0.0/16, 192.0.2.0/24, \
> ?? ?? ?? 0.0.0.0/8, 240.0.0.0/4 }"
> set skip on lo
> # By default, do not permit remote connections to X11
> block return in on ! lo0 proto tcp to port 6000:6010
> block log all?? ?? ?? ?? # block stateless traffic
> # Letting ping through:
> pass log on inet proto icmp icmp-type $icmp_types
> pass log on inet6 proto icmp6 icmp6-type $icmp6_types
> # Allow out the default range for traceroute(*):
> # "base+nhops*nqueries-1" (3434+64*3-1)
> pass log out on ext_if inet proto udp to port 33433:33626 # for IPv4
> pass log out on ext_if inet6 proto udp to port 33433:33626 # for IPv6
> pass log quick on $ext_if inet proto {tcp, udp} from $localnet \
> ?? ?? to port $udp_services
> pass log on $ext_if inet proto icmp all icmp-type $icmp_types
> pass log on $ext_if inet proto tcp from $localnet to port $client_out
> block log in quick on $ext_if from $martians to any
> block log out quick on $ext_if from any to $martians
> pass log out proto tcp to port $tcp_services # establish keep-stat
> pass log log proto udp to port $udp_services # Establish keep-state
>
> /var/log/pflog:
> tcpdump: WARNING: snaplen raised from 116 to 160
> Apr 09 08:16:45.009497 :: > ff02::16: HBH multicast listener report v2, 2
> group record(S) [hlim 1]
> apr 09 08:16:45.009500 :: > ff02::16: HBH multicast listener report v2, 2
> group record(S) [hlim 1]
Hi Karel,
Hope you're well! Here is what you should add to your IPv6 icmp_types:
pass log on $ext_if inet6 proto ipv6-icmp all icmp6-type neighbrsol
pass log on $ext_if inet6 proto ipv6-icmp all icmp6-type neighbradv
This allows the NDP protocol to converse (it's similar to the IPv4 ARP).
I didn't see you had the problem with only IPv6, but the way I tested it, the
IPv4 worked fine. It was IPv6 that had the missing neighbour solicititation
and advertising.
Best Regards,
-pjp
--
my associated domains: callpeter.tel|centroid.eu|dtschland.eu|mainrechner.de
Re: Ping blocked by firewall
On Tue, Apr 09, 2024 at 08:39:08AM +0200, Karel Lucas wrote: > Hi all, > > For the first time I tested my new firewall with ping, and it is blocked. I > don't know what the reason is, you can find the information below. I have a > network with only regular clients, so no servers. I'm still using OpenBSD > V7.4, and will upgrade once the firewall is up and running so I can test the > upgrade process. Upgrading to 7.5 will not affect this particular problem I think. Still low on caffeine I spot two likely factors - your $localnet range overlaps with one of the ranges in $martians (which I anyway would recommend converting into a table), and your block referencing $martians comes after the pass rules that would have let icmp through. With no previous matching quick, last match applies. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Minimum viable HW for OpenBSD
Hi, I lost the thread in my mutt, so I'm hoping marc.info will adjust it in there, the thread is here: https://marc.info/?l=openbsd-misc=171059471410619=2 Thank you Gabor Nagy! Here is my RPI zero 2W(H) with working wifi in hostap mode, and hopefully working GPIO's I'm going to be studying those closer in the future when I have some time. https://mainrechner.de/P4080036.JPG <-- on my tarot table Best Regards, -pjp -- my associated domains: callpeter.tel|centroid.eu|dtschland.eu|mainrechner.de
Re: 7.5 NO hard drive?
On Sun, Apr 07, 2024 at 05:17:25PM +0200, Wolfgang Pfeiffer wrote: > > > > The problem was with the BIOS, it needs IHCH or something like that to be > > recognized! > > But it is working now as a xfce Desktop! > > Seems to be (not only) a DELL thing: Some time ago I tried an Openbsd > installer on an Alienware computer, ~10 years old, which was sold by > DELL: In UEFI, IIRC, I had to change sata mode from "raid" to "ahci" > to let openbsd detect hard disks on that computer. > > Seems to an older issue: > https://daemonforums.org/showthread.php?t=10228 > https://www.mail-archive.com/misc@openbsd.org/msg153583.html Adding to that list, my experience with an ASUS laptop where it would be physically impossible to fit more than one storage device, but the storage controller anyway was set to "Raid" mode by default. Fortunately it was possible to choose the other options and have the device turn up as a regular NMVe device: https://nxdomain.no/~peter/blog_wild_wild_world_of_windows.html (or with incrementally nicer formatting at the cost of G's trackers, https://bsdly.blogspot.com/2021/07/the-impending-doom-of-your-operating.html) -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Migrate to different FS layout of OpenBSD
RAID0 is called that because zero is what you'll recover if you lose a disk. This is amazingly dangerous, and you're going to have a bad time. Do a backup, then restore from backup. On 2024 Apr 06 (Sat) at 22:43:05 +0200 (+0200), Kirill A. Korinsky wrote: :Folks, : :I'm looking for a way to migrate to different layout some OpenBSD systems. : :All of them has RAID0 and as far as I think I may something like this: : :1. Remove second disk from RAID. :2. Build a new RAID0 on the second disk. :3. Make desires layout on the second RAID. :4. dump | restore :5. Boot from the second RAID. :6. Add the first disk to the second RAID. : :I have re-read https://www.openbsd.org/faq/faq14.html a few times and I :feel that this is quite risky. : :So, questions: :1. Has anyone done something like this before? :2. Do you have any instruction or that to expect? : :Thanks in advance. : :-- :wbr, Kirill : -- Celebrate Hannibal Day this year. Take an elephant to lunch.
Re: ipv6 assistance
OpenBSD natively supports IPv6 addressing via static configuration and SLAAC. We do not have a DHCPv6 client in base, so currently you have to use a package for that. On 2024 Apr 06 (Sat) at 13:01:31 -0400 (-0400), Sonic wrote: :That works - I didn't realize I needed to install a package to have ipv6 :work with OpenBSD. : :Thank you. -- 186,282 miles per second: It isn't just a good idea, it's the law!
Re: wifi hotspot workaround
On Thu, Apr 04, 2024 at 07:22:01PM +0500, ofthecentury wrote: > Okkk, device hangups still occur. But there's some > statistics at least in FreeBSD, by running > `sysctl dev.ath`...anything like that in OpenBSD? netstat -I $devicename with your choice of options will reveal at least some information. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: wifi hotspot workaround
On Tue, Apr 02, 2024 at 11:20:52PM +0500, ofthecentury wrote: > I'll take a look at those locations, thanks. It might just be arp > that's the authenticated client data store from the point of view of > the wireless interface. If you really want to debug what's going on I suggest you put another machine like a laptop into monitor mode and use the -Y flag with tcpdump to capture what's going on at a frequency. Beware of beacons, they clutter up the frequencies. > I do know German, I'll see if I can get the book, or if I even need it > after I poke around. Here is the ISBN along with all my techie books that I was going to donate away. Thankfully noone wanted them because I was going to go to college but didn't have the highschool marks to get accepted at the course I wanted to take. http://mainrechner.de/Buecher2024/ > My OpenWrt router got fried by a remote electric directional beam of a > digital weapon from an apartment across the wall a few years ago. Even > a simple digital thermometer near the router was getting broken and > showing weird stuff on display. How can this be legal? We must mandate > RF detectors in all homes for everyone's electronic device safety and > personal safety. Yes radio can get really nasty especially when it's directed with a parabolic dish or phased array antenna. I have images in my head, that the military has on trucks with huge parabolic dishes. Those were intended to "zap" civil unresters and make them disperse. Whether they are torture or not is not in my scope, but I understand that when a human can get zapped at 60 feet that a electronic device can get zapped as well. I don't know what your laws are where you live, but I tend to agree with that statement. Eventually there may be sensors on your cellphone/smartphone, is what I suspect because I've seen google talks about measuring radioactivity with geiger counters built into android phones, so it definitely is going around the heads of implementors. > I'm 100% cabled at home for a while now too, but trying to see if I > can make this hostap work in OpenBSD, since it's the golden standard > for security? > > Thanks again for your help. No problem, and my pleasure. I once had this idea to make 3 types of accesses in my home once. One would be an open access point (like freifunk maybe), 2nd would be password protected with a QR code displaying the password inside the apartment on a digital photo picture frame, changing the password daily or semi-daily. And finally one for private communications. They could potentially all be on the same hardware but vlan'ed and firewalled to sh*ts, including IPSEC. Strangers at the door can use the open access point, friends inside the apartment can use the encrypted 2nd access point and close friends such as spouse or girlfriend would be allowed on the highest layer of private Wifi. The only problem is getting friends these days is hard for loners like myself, so there is really no point for me. But if I had frequent guests and such I'd want such a system. I remember years ago OpenBSD devs were suggesting to "just buy a consumer AP". But times can change. Maybe in the future some time :P, it's still unwritten. Since I had wifi gear there was a guy named Bergamini who was very skilled in writing drivers. He left though, and since then the wifi stack afaik has been nurtured mostly by Stefan Sperling and anyone else who has the skill to help him. I'm obviously missing some names but these are the people who impressed me. Since last week I've been wanting to port OpenBSD to Pine64 Ox64. The idea is that we'd let the SoC run two OS's in parallel asynchronously since I think the 64-bit C906 core doesn't have access to the Wifi. Some people are lightly helping and I asked them to get familiar with Apache NuttX which could run on the 32-bit cores and we'd communicate somehow between the OS's (perhaps a mailbox driver or shared memory). Anyhow I was sorta side-tracked by easter weekend, and hope to pick up where I left off by friday. Anyhow long typing, I'm gonna call it a day and go to sleep. Later! -pjp
Re: wifi hotspot workaround
On Tue, Apr 02, 2024 at 10:31:59PM +0500, ofthecentury wrote: > Where does OpenBSD keep a list of all wireless clients that have > been authenticated? Not the dhcpd leases list. Actual wireless stations > that have authenticated to an interface running in hostap mode. Not arp > cache, is it? > > This way I can cycle the wireless interface in hostap mode, which > resolves the hardware issue. But that resets authenticated clients so > then I need to add the authenticated clients manually, and the end user > won't be sent through a deauth/reauth sequence and will see an > almost seamless experience. Should be doable on OpenBSD? > clients manually Hi, I'd check in /usr/src/sys/net80211/* that should be everything having to do with wifi, other than the drivers themselves which are in /usr/src/sys/dev/* and /usr/src/sys/arch/*. If you want a guide to help you with these get a book. If you know german I'd get the wireless lans book by joerg rech (heise verlag) it actually is quite good. I personally use access points of other OS's (probably most openwrt based). However I'm mostly cabled at home and seldomly switch an AP on these days, due to the density of living quarters in here. I also have access points that are openwrt that is modded to report association requests per mac address via radiotap to a daemon that is running on OpenBSD. If you're interested in that send me a private mail. I used to want to use these for triangulation problems but the clock counter on openwrt devices is not finely grained enough for results. AFAIK it's safe to assume that a radio signal through vacuum is less than the speed of light. Take 1/3 or 1/2. Either way it's a waste of time to try to triangulate unless consumer hardware becomes a lot faster and solid. Personally if someone is on my access point and authenticated and using the Internet there is going to be an arp entry like you hinted on. Or an ndp entry for IPv6. Without these... they only have access to the link itself. Best Regards, -pjp
Re: need help to access my machine after upgrade -- system immediately logs me out
On Tue, Apr 02, 2024 at 12:44:01AM +0530, Sandeep Gupta wrote: > Hello, > > I need to access my desktop local machine after I did a sysupgrade -s (I > had reasons to do so because some rust libraries were too old for some > applications). > Sysupgrade seems to have gone fine. Disk is healthy no issues reported. > > However when i tried to log from the console -- the login message shows but > the system logs me out immediately. > On the desktop gui too, with only root I was able to login. But running > xterm from the fvwm menu fails. This sounds very much like a situation where the base system and packages are out seriously of sync AND your user is et up with a default shell from packages (I am guessing bash). The solution would likely be to log in as root, run pkg_add -D snap -u to get the latest snapshot packages, then try to log in as your regular user. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
I DEMAND TO KNOW (re recent activity)
Friends, Some recent activity here (you will remember the threads) had me want to post this earlier, but I was bowled over by a stomach bug and only found the reference again now - https://mastodon.social/deck/@danielbowen/112173051434619556 which reads: Daniel Bowen @danielbowen@mastodon.social >From a tweet of mine from 2011, but evergreen: I DEMAND TO KNOW WHY YOUR GROUP OF OVERWORKED VOLUNTEERS, WHICH I AM NOT A MEMBER OF, IS NOT PURSUING MY PERSONAL GRIEVANCE. Mar 28, 2024, 12:22 PM -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Minimum viable HW for OpenBSD
On 3/30/24 14:18, Peter J. Philipp wrote: PS: I'll probably do this next week I have a need for different hardware in my 9U rackmount cabinet. And one particular one needs powercycles (and possibly console) as well. It's the mango pi, which is currently in panic mode most likely or it's hung up, I was building ports on it and the 100 Mbit connection went down. Hi, I rebooted the mango pi, btw and I've enabled the watchdogd, hoping it will work. It's awesome that sxidog(4) configures on these! Best, -pjp
Re: wifi hotspot workaround
On Sat, Mar 30, 2024 at 08:59:49PM +0500, ofthecentury wrote: > And now something else happened, which seems like a big > bug. > athn0 sent a reason 6 deauthentication to my wifi client > after I cycled the athn0 wifi interface! > Reason 6 death is class 2 frame received from a nonauthenticated > station. Correct me if I'm wrong, but this sounds like a major > bug in the driver. Or shitty hardware with a helping of possibly not-too-great firmware. With a bit of luck, any errors from the card itself should be possible to glean from dmesg output. (on a side note, I am on the list, the Cc:s are not necessary and in fact a bit annoying) -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: wifi hotspot workaround
On Sat, Mar 30, 2024 at 05:44:32PM +0500, ofthecentury wrote: > On Sat, Mar 30, 2024 at 5:29 PM Peter N. M. Hansteen wrote: > > > > why? > > I got "disassoc"s events in the log. disassociations can happen for a number of different reasons. The event should log a reason code, which you can look up with a simple web search. In order to debug properly it would likely help to have ifconfig debug output from both sides (access point and client both). I would suspect banal radio interference by such things as improperly shielded equipment somewhere close by, but with no actual data it's only guesswork from here. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Minimum viable HW for OpenBSD
On 3/16/24 14:32, Peter J. Philipp wrote: On 3/16/24 14:10, Gabor Nagy wrote: hello, maybe? Running OpenBSD on Raspberry Pi Zero 2 W https://www.tumfatig.net/2023/running-openbsd-on-raspberry-pi-zero-2-w/ This is incredible! I have a zero 2W somewhere, though I put it into a GPI case. The drawback with the GPI case is it will not boot with batteries, because it's really made for the zero 1W, so it's bonded to the USB power cable. I'm gonna try putting this on! Thank you in advance. The GPI case uses a LCD display (It's the gameboy) do you know any BSD drivers for this? Best Regards, -pjp I have another use for this RPI Zero 2W, I want to make it a remote power switch for 5x USB and 3x 220V AC. I once purchased this (for another project and I think I'll reuse this): https://www.waveshare.com/catalog/product/view/id/3616/s/rpi-relay-board-b/category/37/ My question then is... would I have any problems with the GPIO controls with OpenBSD on RPI zero 2W? Otherwise I'll have to make it another OS. Best Regards, -pjp PS: I'll probably do this next week I have a need for different hardware in my 9U rackmount cabinet. And one particular one needs powercycles (and possibly console) as well. It's the mango pi, which is currently in panic mode most likely or it's hung up, I was building ports on it and the 100 Mbit connection went down. Olaf Schreck ezt írta (időpont: 2024. márc. 15., P, 23:43): > Could you point out a hardware for this kind of use-case? I would liek to have something smaller than a regular-Pi SBC. I'm still playing with this kind of stuff. Good luck on your journey, but it will be a rough ride. You already mentioned some issues. I have/had a pair of Raspberry 3B and also a pair of Pine64 SBCs, running OpenBSD 7.x and CARP failover for experimental things. Working, but not as reliable as I would like. You seem to aim at even smaller boards like that, and newer ones should match the specs of Raspi3B or Pine64. However: - there is no fine "sysupgrade" for these platforms, so you need to reinstall every time - which means fiddling with non-OpenBSD "uboot" and EFI definition files - consider creating a network boot infrastructure - these devices are very sensitive to power voltage instabilities, triggering spontaneous reboots. You may want to run them from stable USB power source - I doubt this can be reasonably battery-powered, over longer time periods - storage like SD-card or eMMS draw extra power during operation, writes may be unreliable during voltage drops - storage like SD-card or eMMS will wear out and die hard, sooner or later - Wifi hardware may not be supported - RS232 serial usually provided (and working) by bus pinout, but you need to add a FTDI232 or CH340 adapter That said, I'd like to hear about it if you find interesting hardware :) Olaf -- Over thirty years experience on UNIX-like Operating Systems starting with QNX. -- Over thirty years experience on UNIX-like Operating Systems starting with QNX.
Re: wifi hotspot workaround
On Sat, Mar 30, 2024 at 04:19:31PM +0500, ofthecentury wrote: > I have an athn0 wifi hotspot going. > I think I get wifi dissassoc attacks. why? > I actually don't understand why cycling > the interface gets my wifi device back > online. Maybe it's actually a problem with > the athn0? The logs sometimes say > "athn0 device timeout" or mention > something about going into IBSS mode > WHILE ifconfig still shows it's in hostap > mode. Is there a way to interrogate the > interface's function to make sure it's > in hostap mode and test it's performing > that function? I'm just trying to > troubleshoot. The option to make the driver output more information is debug Add that to whatever options the configuration for the interface already contains, then restart the interface. That will produce significantly more information in your system logs. That said, it would have been a lot easier to help you out if you had provided your actual configuration (with any secrets shrouded as appropriate) and at least a dmesg. Keep in mind that wireless connections are in fact quite brittle in nature and subject to all sorts of radio interference that's essentially background noise -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: qwx0 / QCNFA765 Does 802.11g Only
Dan, You are being inappropriate and obnoxious. Stop it. This is unaccepable behaviour.
lcamtuf on the recent xz debacle
While this issue does not in fact affect OpenBSD, I think it will still be of interest to OpenBSD users -- a lot of us deal with Linux in our dayjobs, after all. This is one of the best explanations of the matter I have seen so far: https://lcamtuf.substack.com/p/technologist-vs-spy-the-xz-backdoor and it leads in with a quote to remember - "This dependency existed not because of a deliberate design decision by the developers of OpenSSH, but because of a kludge added by some Linux distributions to integrate the tool with the operating system’s newfangled orchestration service, systemd." Enjoy! -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Security questions: Login spoofing, X11 keylogging, and sandboxed apps
On Thu, Mar 28, 2024 at 09:16:45PM +, Dan wrote: > You didn't "Reply All", so I didn't get your reply in my inbox. (The person > you're replying to should be in the To field, and the mailing list in the > Cc field.) OH PUH-LEEZE. No. You send to a mailing list, people are supposed to reply to the mailing list. A select few may have their mail clients configured so the author of the message will receive a courtesy copy (aka Cc:). If I seem unresponsive to any followups to this thread, a likely reason will be that I will not see messages with your From: without putting in some extra effort. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
rm: #08057459: Operation not permitted
The reason why ls -l faulted has been found and is being worked on. The next step is trying to delete the files. Running as root rm fails with Operation not permitted so does chmod and chown end chattr Any ideas on how to get rid of the files
Re: some ports give "Error while reading header" while fetching
There was a mistake while signing these packages, you want the set signed 2024-03-22 or later. ftp.hostserver.de and the other 2nd level mirrors most certainly has those, and the other mirrors should get them over time. On 2024 Mar 26 (Tue) at 11:22:08 + (+), void wrote: :Hello, : :Posting in misc@ because it's an issue not limited to any particular port. : :context is 7.5 GENERIC.MP#138 arm64 aarch64 : :error: :$ doas pkg_add -D snap mupdf quirks-7.14 signed on 2024-03-18T13:07:59Z :Ambiguous: choose package for mupdf :a 0: : 1: mupdf-1.23.11 : 2: mupdf-1.23.11-js :Your choice: 1 :mupdf-1.23.11:gumbo-0.12.1: ok :mupdf-1.23.11:jbig2dec-0.19: ok :mupdf-1.23.11:lcms2-2.15: ok :mupdf-1.23.11:openjp2-2.5.2: ok :pkg_add: Ustar [http://www.mirrorservice.org/pub/OpenBSD/snapshots/packages/aarch64/xdg-utils-1.2.1.tgz][?]: Error while reading header : :I've also seen it happen with xz. It doesn't seem to matter what server the :installurl (currently set to mirrorservice) is. Is it a problem with the :port(s) or my connection (dual-stack)? thanks, :-- : -- Arithmetic is being able to count up to twenty without taking off your shoes. -- Mickey Mouse
Re: porting OpenBSD to Ox64
[CC'ed to Kettenis in case he doesn't read misc@]
On 3/24/24 20:43, Peter J. Philipp wrote:
On 3/24/24 14:09, Slava Voronzoff wrote:
On Fri, 22 Mar 2024 04:28:15 +0100
"Peter J. Philipp" wrote:
No I didn't try a newer OBSD, I will soon though. :-) And no I didn't
change anything in the DTB.
While this is an EXTREMELY dirty attempt to add it can you try somehow this
patch for OpenBS-current kernel?
OR try to decompile dtb, edit dts file to change "bflb,bl808-uart" to something
supported generic like ns16550a, recompile it back to dtb and load from OpenBSD's boot
loader
Index: sys/dev/fdt/com_fdt.c
===
RCS file: /cvs/src/sys/dev/fdt/com_fdt.c,v
retrieving revision 1.9
diff -u -p -r1.9 com_fdt.c
--- sys/dev/fdt/com_fdt.c 31 Jan 2024 01:01:10 - 1.9
+++ sys/dev/fdt/com_fdt.c 24 Mar 2024 13:04:37 -
@@ -59,7 +59,8 @@ com_fdt_init_cons(void)
(node = fdt_find_cons("ns16550a")) == NULL &&
(node = fdt_find_cons("snps,dw-apb-uart")) == NULL &&
(node = fdt_find_cons("ti,omap3-uart")) == NULL &&
- (node = fdt_find_cons("ti,omap4-uart")) == NULL)
+ (node = fdt_find_cons("ti,omap4-uart")) == NULL &&
+ (node = fdt_find_cons("bflb,bl808-uart")) == NULL)
return;
if (fdt_get_reg(node, 0, ))
return;
@@ -101,7 +102,8 @@ com_fdt_match(struct device *parent, voi
OF_is_compatible(faa->fa_node, "ns16550a") ||
OF_is_compatible(faa->fa_node, "snps,dw-apb-uart") ||
OF_is_compatible(faa->fa_node, "ti,omap3-uart") ||
- OF_is_compatible(faa->fa_node, "ti,omap4-uart"));
+ OF_is_compatible(faa->fa_node, "ti,omap4-uart") ||
+ OF_is_compatible(faa->fa_node, "bflb,bl808-uart"));
}
void
Hi,
I don't know if it's so simple... but I just finished a bflbuart.c
driver. It is based on the sfuart.c driver and I used the
linux sources, and the bl808 reference manual to guide me.
https://github.com/pbug44/openbsd-src/commit/996f961786d17399d68ef8aef547a10ef22ca82b
However I noticed that there is no PLIC/INTR activity. Does
anyone know if this is due to no clock driver? If so that's
my next thing to do unless someone beats me to it. I have
another question. I added the bflbuart to the files.riscv64
and the Makefile doesn't update in
/sys/arch/riscv64/compile/RAMDISK/obj/Makefile.. I don't know what I
have to do it..for
now I manually updated this file.
Please excuse for the weird formatting. I'm still on thunderbird on
OpenBSD and I'm not fully comfy with it.
Best Regards,
-pjp
Just a small update, this morning I wrote another driver bflbtimer.c
based on sxitimer.c. However there is no interrupts. But I'm glad to
say that I possibly found the problem. It's another T-HEAD problem and
this time it's got to do with Strong-Ordering on mapping data, and the
Ox64, which seems to be a little bit more strict than the Mango Pi. To
do this though the SBI needs to be recompiled and reflashed, I was going
to do this anyhow but now I'm forced to. Here is some developer from
NUTTX documenting his work, which I gladly will learn from.
https://lupyuen.github.io/articles/plic3#enable-strong-order
I'm CC'ing this to Mark Kettenis in case he wanted to be informed on
this. Eventually I may even boot into an Ox64 by end of April! I have
my hopes up. :-)
Best Regards,
-pjp
--
*** I used to sign with -peter, but noticed it's not unique, -pjp may come up
in the future, so please adjust for that ***
Re: CLI program to download OpenBSD ISO images
On Sun, Mar 24, 2024 at 05:32:20PM -0300, Alceu Rodrigues de Freitas Junior wrote: > > Is there any CLI program for OpenBSD that implements the steps described at > https://www.openbsd.org/faq/faq4.html#Download to download and check the ISO > images? > > I wasn't able to find anything relevant after a quick check on DuckDuckGo. > > I implemented a simple Perl script that implements those steps, but is > basically forking wget and signify to really get the job done. ftp(1) is in base and can do the fetching for you. sha256(1) and signify(1), both in base, will do the integrity checking. If you *want* to have a script that wraps both actions into one, that's fine. But I would have wanted to make life easier by sticking to the tools that are available in a default install. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: porting OpenBSD to Ox64
On 3/24/24 14:09, Slava Voronzoff wrote:
On Fri, 22 Mar 2024 04:28:15 +0100
"Peter J. Philipp" wrote:
No I didn't try a newer OBSD, I will soon though. :-) And no I didn't
change anything in the DTB.
While this is an EXTREMELY dirty attempt to add it can you try somehow this
patch for OpenBS-current kernel?
OR try to decompile dtb, edit dts file to change "bflb,bl808-uart" to something
supported generic like ns16550a, recompile it back to dtb and load from OpenBSD's boot
loader
Index: sys/dev/fdt/com_fdt.c
===
RCS file: /cvs/src/sys/dev/fdt/com_fdt.c,v
retrieving revision 1.9
diff -u -p -r1.9 com_fdt.c
--- sys/dev/fdt/com_fdt.c 31 Jan 2024 01:01:10 - 1.9
+++ sys/dev/fdt/com_fdt.c 24 Mar 2024 13:04:37 -
@@ -59,7 +59,8 @@ com_fdt_init_cons(void)
(node = fdt_find_cons("ns16550a")) == NULL &&
(node = fdt_find_cons("snps,dw-apb-uart")) == NULL &&
(node = fdt_find_cons("ti,omap3-uart")) == NULL &&
- (node = fdt_find_cons("ti,omap4-uart")) == NULL)
+ (node = fdt_find_cons("ti,omap4-uart")) == NULL &&
+ (node = fdt_find_cons("bflb,bl808-uart")) == NULL)
return;
if (fdt_get_reg(node, 0, ))
return;
@@ -101,7 +102,8 @@ com_fdt_match(struct device *parent, voi
OF_is_compatible(faa->fa_node, "ns16550a") ||
OF_is_compatible(faa->fa_node, "snps,dw-apb-uart") ||
OF_is_compatible(faa->fa_node, "ti,omap3-uart") ||
- OF_is_compatible(faa->fa_node, "ti,omap4-uart"));
+ OF_is_compatible(faa->fa_node, "ti,omap4-uart") ||
+ OF_is_compatible(faa->fa_node, "bflb,bl808-uart"));
}
void
Hi,
I don't know if it's so simple... but I just finished a bflbuart.c
driver. It is based on the sfuart.c driver and I used the
linux sources, and the bl808 reference manual to guide me.
https://github.com/pbug44/openbsd-src/commit/996f961786d17399d68ef8aef547a10ef22ca82b
However I noticed that there is no PLIC/INTR activity. Does
anyone know if this is due to no clock driver? If so that's
my next thing to do unless someone beats me to it. I have
another question. I added the bflbuart to the files.riscv64
and the Makefile doesn't update in
/sys/arch/riscv64/compile/RAMDISK/obj/Makefile.. I don't know what I
have to do it..for
now I manually updated this file.
Please excuse for the weird formatting. I'm still on thunderbird on
OpenBSD and I'm not fully comfy with it.
Best Regards,
-pjp
--
Over thirty years experience on UNIX-like Operating Systems starting with QNX.
Re: tcpdump for 'disassoc' not supported
pflog does not monitor the RADIO. They are not Layer 3 packets, and are not seen by pf. On 2024 Mar 22 (Fri) at 16:25:08 +0500 (+0500), ofthecentury wrote: :Thanks. This does work on an interface, but not on -r /var/log/pflog? : :On Fri, Mar 22, 2024 at 3:54 PM Stefan Sperling wrote: :> :> On Fri, Mar 22, 2024 at 03:39:57PM +0500, ofthecentury wrote: :> > I am getting wireless disassociation attacks. :> > I wanted to look at the packets via: :> > `tcpdump -nettt -I -i athn0 -s 256 :> > type mgt subtype disassoc` :> > but I get an error: :> > "tcpdump: type not supported on linktype 0x1" :> > Should work according to man tcpdump. :> > :> > :> :> Works only with tcpdump -y IEEE802_11_RADIO : -- To err is human, to moo bovine.
Re: porting OpenBSD to Ox64
On 3/21/24 17:43, Mizsei Zoltán wrote: Hi, have you tried to boot a vanilla-current OBSD? Do you know if that "old 7.4-current" version you have mentioned contains any not-yet-upstreamed patches? Have you made any changes to the DTB or U-Boot? Regards, --ext Already replied privately, but for the public record: https://mainrechner.de/dot.config.txt This is the .config I used with the u-boot. No I didn't try a newer OBSD, I will soon though. :-) And no I didn't change anything in the DTB. Best Regards, -pjp Peter J. Philipp írta 2024. márc.. 21, Cs-n 08:50 órakor: Hi, If anyone is interested in helping or just plain interested, here is my prep work documented. I've been on it sparingly since beginning of March. I don't know how much time I want to invest in this but we'll see... https://github.com/pbug44/openbsd-src/tree/Ox64 The Ox64 is a 8 dollar SoC utilizing a RISCV64 CPU (among other cores). I intend to use this for a Freifunk-like project which I call GardenNet. https://sky.delphinusdns.org/eap-tls-idea.txt (following link in german use chromium to translate or something): https://wiki.freifunk-franken.de/w/Benutzer:PeterPhilipp#Ein_Garten_Netz_Knoten Best Regards, -pjp -- *** I used to sign with -peter, but noticed it's not unique, -pjp may come up in the future, so please adjust for that ***
Re: porting OpenBSD to Ox64
On 3/21/24 12:27, Benjamin Stürz wrote: Hi, I'm also interested. I might be able to provide testing. OK great! I'm going to help you all a little by providing what I have so far. These flash images were built on a devuan Linux (like debian), on a vmm running on OpenBSD. They seem to work for me rudamentally, thus far. https://mainrechner.de/images/ (it's still uploading as I write this mail) There is a SHA256 file and a SHA256.sig file along with a oceans11-openbsd.pub signify key. So that you can quickly confirm the checksum. Ultimately it would be cool to build this all on native OpenBSD, if someone wants to attempt that, you're more than welcome to! https://wiki.pine64.org/wiki/Ox64 that link is the instructions on how to do this, including flashing (which is also mentioned on my README.md on the first mentioned URL at github). And as mentioned before here is some datasheets and other documents that I collected over the last year or so: https://mainrechner.de/riscv.html Best Regards, -pjp On 21.03.24 08:50, Peter J. Philipp wrote: Hi, If anyone is interested in helping or just plain interested, here is my prep work documented. I've been on it sparingly since beginning of March. I don't know how much time I want to invest in this but we'll see... https://github.com/pbug44/openbsd-src/tree/Ox64 The Ox64 is a 8 dollar SoC utilizing a RISCV64 CPU (among other cores). I intend to use this for a Freifunk-like project which I call GardenNet. https://sky.delphinusdns.org/eap-tls-idea.txt (following link in german use chromium to translate or something): https://wiki.freifunk-franken.de/w/Benutzer:PeterPhilipp#Ein_Garten_Netz_Knoten Best Regards, -pjp -- *** I used to sign with -peter, but noticed it's not unique, -pjp may come up in the future, so please adjust for that ***
Re: porting OpenBSD to Ox64
On 3/21/24 09:10, Mizsei Zoltán wrote: Hi. I am interested in this topic, as i have one in my drawer. My programming skills probably not up to the task, but I would be more than happy to help you with testing, etc. Regards, --ext Excellent! Yes I could use this sort of help. In particular if you want to fiddle with Apache NUTTX and see if you can utilize the wifi. It seems to me that I can use a little bit of RAM for this. My idea is this: If it is at all possible, boot on cpu 0 (OpenBSD) and then alloc some contiguous RAM (10 MB perhaps?) from the PSRAM. Once that is done we need to fork a thread or process from the kernel and start the bootprocess with it for the c905(?) 32-bit core which has direct access to the wifi device. Then we need some interprocess communication between the 802.11 stack on OpenBSD and the NUTTX wifi driver. Both CPU's will run in a hybrid/asynchronous fashion (as far as I understand it if either doesn't touch the RAM of the other it will be ok locking wise). If anyone wants to chime in here, if this is an insane idea let me know. I understand that a async mode is possible afaik. So we need the NUTTX as a firmware (perhaps 2 MB in size or so), it needs programming to communicate with the c906 64-bit core, we can work that out somehow. If you want to build a toolbox for this entire thing where we can just convert it to a firmware. What do you think does this make sense, are you up for it? It really needs little programming, perhaps a make file or a script to build NUTTX, I have linux devuan here (on native hardware and vmm) and this is what I could use. https://nuttx.apache.org/ and here is the Reference manual for the BL808: https://mainrechner.de/BL808_RM_en_1.3.pdf So as a first step we need to figure out if NUTTX actually has drivers for this SoC and that they work. If not, we'll have to consider another approach. Best Regards, -pjp -- *** I used to sign with -peter, but noticed it's not unique, -pjp may come up in the future, so please adjust for that ***
porting OpenBSD to Ox64
Hi, If anyone is interested in helping or just plain interested, here is my prep work documented. I've been on it sparingly since beginning of March. I don't know how much time I want to invest in this but we'll see... https://github.com/pbug44/openbsd-src/tree/Ox64 The Ox64 is a 8 dollar SoC utilizing a RISCV64 CPU (among other cores). I intend to use this for a Freifunk-like project which I call GardenNet. https://sky.delphinusdns.org/eap-tls-idea.txt (following link in german use chromium to translate or something): https://wiki.freifunk-franken.de/w/Benutzer:PeterPhilipp#Ein_Garten_Netz_Knoten Best Regards, -pjp
Re: Personal Information Notice - Bright Data
I assume those with the proper means to LART these jokers properly will do so. The rest of us are better off ingoring the whole thing. On a somewhat offtopic side note, total number of Mastodon accounts has just broken 15 million, which must be some kind of indicator of going mainstream since I was just notified that two different obvious pr0n spam sources followed my account. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: VPS power consumption
b0.raw1=0 (current) hw.sensors.softraid0.drive0=online (sd1), OK hw.cpuspeed=2600 hw.vendor=Red Hat hw.product=KVM hw.version=RHEL 7.6.0 PC (i440FX + PIIX, 1996) hw.uuid=d0ce8c03-1393-0b4b-99bf-ce5fb8fd6c0e hw.physmem=1056813056 hw.usermem=1056796672 hw.ncpufound=1 hw.allowpowerdown=1 hw.smt=0 hw.ncpuonline=1 hw.power=1 hw.ucomnames= -- *** I used to sign with -peter, but noticed it's not unique, -pjp may come up in the future, so please adjust for that ***
Re: Minimum viable HW for OpenBSD
On 3/16/24 14:10, Gabor Nagy wrote: hello, maybe? Running OpenBSD on Raspberry Pi Zero 2 W https://www.tumfatig.net/2023/running-openbsd-on-raspberry-pi-zero-2-w/ This is incredible! I have a zero 2W somewhere, though I put it into a GPI case. The drawback with the GPI case is it will not boot with batteries, because it's really made for the zero 1W, so it's bonded to the USB power cable. I'm gonna try putting this on! Thank you in advance. The GPI case uses a LCD display (It's the gameboy) do you know any BSD drivers for this? Best Regards, -pjp Olaf Schreck ezt írta (időpont: 2024. márc. 15., P, 23:43): > Could you point out a hardware for this kind of use-case? I would liek to have something smaller than a regular-Pi SBC. I'm still playing with this kind of stuff. Good luck on your journey, but it will be a rough ride. You already mentioned some issues. I have/had a pair of Raspberry 3B and also a pair of Pine64 SBCs, running OpenBSD 7.x and CARP failover for experimental things. Working, but not as reliable as I would like. You seem to aim at even smaller boards like that, and newer ones should match the specs of Raspi3B or Pine64. However: - there is no fine "sysupgrade" for these platforms, so you need to reinstall every time - which means fiddling with non-OpenBSD "uboot" and EFI definition files - consider creating a network boot infrastructure - these devices are very sensitive to power voltage instabilities, triggering spontaneous reboots. You may want to run them from stable USB power source - I doubt this can be reasonably battery-powered, over longer time periods - storage like SD-card or eMMS draw extra power during operation, writes may be unreliable during voltage drops - storage like SD-card or eMMS will wear out and die hard, sooner or later - Wifi hardware may not be supported - RS232 serial usually provided (and working) by bus pinout, but you need to add a FTDI232 or CH340 adapter That said, I'd like to hear about it if you find interesting hardware :) Olaf -- Over thirty years experience on UNIX-like Operating Systems starting with QNX.
Re: Unable to get ip6 address
On Fri, Mar 15, 2024 at 06:38:14PM +0100, Peter N. M. Hansteen wrote: > least the content of your configuration files -- /etc/hostmhame.* and the > output that should of course have been /etc/hostname.* but would be obvious? -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Unable to get ip6 address
Please keep this on the list unless you want me to start writing invoices. On Fri, Mar 15, 2024 at 05:02:27PM +, Pencilgon wrote: > Sorry for earlier email, I left you some details. > > First of all I don't think ip6 work at all, well in theory inet6 autoconf > should > work and grant me internet access but it doesn't, I don't get a ip6 address at > all. > > Second I am unable to get ip4 address even on wifi. This sounds like your wifi interface is not in fact properly configured. For this to produce anything even resembling useful results, we need to see at least the content of your configuration files -- /etc/hostmhame.* and the output of ifconfig for the relevant interfaces (if need be with stuff like IP addresses and passwords masked). -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Unable to get ip6 address
On Fri, Mar 15, 2024 at 03:32:48PM +, Pencilgon wrote: > I recently installed openbsd got everything working wifi etc. The problem > arises > when I tried to connect ip6 network to it using wifi. I connected sucessfully > but was unable to get ip6 address. My wifi worked fine with ip4 address. If your network offers IPv6 connectivity and you have IPv4 working, simply adding inet6 autoconf to the hostname.$if file for the interface and running /etc/netstart $if *should* take care of things. There are any number of other possible variations, but you do need some 'inet6' settings in there. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: USB peripherals hang, nothing in messages
Messages like this are worse than useless for actually diagnosing the issue. Basically, we have no idea what hardware you are running on, or for that matter what software you are trying out. If there is a real issue, please learn how to use sendbug (https://man.openbsd.org/sendbug) or at least provide some actually relevant information besides log messages that you fail to interpret. On Wed, Mar 13, 2024 at 05:12:29PM +0500, ofthecentury wrote: > My USB mouse and keyboard hang intermittently. > > Very weird things happen, i.e. my mouse's red LED > light begins to flicker in a very weird fashion, or my > keyboard stops responding and my sound output > is suddenly muted by itself (I don't even touch sound). > > This was in the /var/log/messages regarding sound: > wrapper-2.0: vfprintf %s NULL in "[xfce-mixer-plugin. > c:374 xfce_mixer_plugin_set_property]: could not > set sound-card to '%s', trying the default card instead" > wrapper-2.0: vfprintf %s NULL in "%s: muted" > > Nothing else to show up in /var/log/messages. Is there > a more detailed log? > > How do I gather info about this from the system? > -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Is this a security issue?
On Wed, Mar 13, 2024 at 05:01:57PM +0500, ofthecentury wrote: > Just saw this in my /var/log/messages: > > '/bsd: drm:pid1338:intel_pipe_update_start *ERROR* > [drm] *ERROR* Potential atomic update failure on pipe B' > > Intel_pipe_update??? > A fairly simple web search would have provided potetially useful information such as https://marc.info/?l=openbsd-bugs=2=1=Potential+atomic+update+failure=b Try fw_update (possibly after reading its man page) and see if it makes a difference. Also, *complete* dmesg output would have told anyone trying to help diagnose the issue a lot more. As somebody (sorry, I forget who) posted earlier, https://idownvotedbecau.se/ is actually worth reading. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: files are going missing
On Mon, Mar 11, 2024 at 05:24:43PM -, beecdadd...@danwin1210.de wrote: > what system log files? my first port of call would be /var/log/messages including any rotated older ones (as in /var/log/messages.?.gz) but grep and zgrep for any device name related to your storage in /var/log/ would be my next step. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: files are going missing
On Mon, Mar 11, 2024 at 12:43:58PM -, beecdadd...@danwin1210.de wrote: > I have a problem where files recently downloaded go missing and it > happened over 3 times and on patition/s with enough available space > I want to verify it 1 more time before knowing hdd is failing for sure Did you perhaps download these files to somewhere under /tmp or /var/tmp or somewwhere else volatile like a memory file system and then reboot before trying to access those downloads? In general, files do not go missing unless someone explicitly delete them, but there is a possibility that you stumbled into one of the scenarios where either a cleanup script or the volatile nature of the location you were playing with did away with the data. > so what gives? > is hdd failing? but how do entire files go missing? > maybe hdd metadata/header corruption of some kind? If a drive is failing, more likely than not you would be seeing messages in system log files or possibly even in dmesg output. Totally silent failures are not very common. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: dmesg hangs 7.4
On 3/9/24 17:07, Laura Smith wrote: Hi I've got a fresh install of 7.4 on a new box and am seeing a very weird problem. If I enter "dmesg" I get a few lines of output and then it hangs and my ssh connection gets dropped. I ran syspatch, rebooted and the problem persists. Example: # dmesg MX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,PT,SHA,UMIP,PKU,WAITPKG,PKS,MD_CLEAR,IBT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,IBRS_ALL,SKIP_L1DFL,MDS_NO,IF_PSCHANGE,TAA_NO,MISC_PKG_CT,ENERGY_FILT,DOITM,SBDR_SSDP_N,FBSDP_NO,PSDP_NO,RRSBA,OVERCLOCK,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu19: 32KB 64b/line 8-way D-cache, 64KB 64b/line 8-way I-cache, 2MB 64b/line 16-way L2 cache, 30MB 64b/line 12-way L3 cache cpu19: smt 0, core 35, package 0 cpu20 at mainbus0: apid 72 (application processor) cpu20: 12th Gen Intel(R) Core(TM) i9-12900TE, 3392.18 MHz, 06-97-02, patch 0025 Timeout, server 10.1.2.3 not responding. Hi, I don't know if it's relevant but I have a VPS at openbsd.amsterdam that seems to have similar behaviour. I can type top, or any command like ps and it will hang a bit before continuing. There is a mode in SSH to enable keepalives, perhaps play with that? As per my vps, I have mentioned it to the admin of the vps (Mischa) and he made me some vps's to compare, however I'm leaving that service next month so there is really no need. I had suspected perhaps a drive failure on the RAID but Mischa had replaced the drive on that server (I think it has 12 cores or something) and it shouldn't be that, but I dunno (shrug). Do you perhaps use vmm on your 2x cpu machine? Best Regards, -pjp -- Over thirty years experience on UNIX-like Operating Systems starting with QNX.
Re: No packages found for 7.5 snapshot on arm64
Yes, we are at a stage of development where snapshots look similar to a -release. (Note, these snapshots are not actually the release) For now, you want to run pkg_add with -Dsnap, so "pkg_add -Dsnap -u" or "pkg_add -Dsnap colorls". On 2024 Mar 09 (Sat) at 12:11:51 +0300 (+0300), Dmitry Matveyev wrote: :Hi, : :I was running an OpenBSD with this description of the iso: OpenBSD :7.4-current 2023-11-03 (arm64). A week ago I started getting an error :trying to install any package: : :# pkg_add -Uvi colorls :Update candidates: quirks-7.12 -> quirks-7.12 :Update candidates: updatedb-0p0 -> updatedb-0p0 :quirks-7.12 signed on 2024-03-05T14:52:30Z :Can't install colorls-7.4 because of libraries :|library c.99.0 not found :| /usr/lib/libc.so.98.0 (system): bad major :Couldn't install colorls-7.4 : :Here I have an older version whereas the package requires a newer :version. : :I've read that it might be due to using -current and that I need to :upgrade my system to the latest snapshot. I have run sysupgrade and now :uname says that I'm on OpenBSD 7.5 GENERIC.MP#128 arm64. And now I can't :install anything at all because pkg_add complains that it can't find a :directory https://ftp.hostserver.de/pub/OpenBSD/7.5/packages/aarch64/. I :have checked several mirrors at https://www.openbsd.org/ftp.html and :they indeed don't have any packages under 7.5. : :How do I fix this? : -- "Contrary to popular belief, penguins are not the salvation of modern technology. Neither do they throw parties for the urban proletariat."
Re: USB ethernet ure0 not working
On Wed, Mar 06, 2024 at 12:43:28PM +0500, ofthecentury wrote: > I'm stumped. Pls help. > I plug a TPLink USB ethernet dongle in, it > is identified by OpenBSD, and I get a ure0 > interface. It says ure0 is up and running. I > give it the ip address, default route, but > nothing happens, I don't get connectivity. > I do everything the same for the USB dongle > as for the inbuilt ethernet (which works fine). > Dmesg says some additional interface rlphy0 > is added or something, but the only interface > I see in ifconfig is ure0. `route show` gives > nothing. ENOACTUALINFO The actual output of those commands (censored of any not-to-be-revealed information if need be) would be crucial in helping diagnose the problem. dmesg showing rlphy0 and possibly rgephy0 is to be expected, see man ure Hopefully the actual problem is a trivial one, easy to spot for a separate set of eyes. - P -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
EuroBSDCon 2024 Call for Talk and Presentation proposals for EuroBSDCon 2024 is now open.
EuroBSDCon 2024, Dublin, September 2024 The Call for Talk and Presentation proposals for EuroBSDCon 2024 is now open. EuroBSDCon is the European technical conference for users and developers of BSD-based systems. The conference is scheduled to take place September 19-22 2024 in Dublin, Ireland or as an all-online event if COVID-19 developments dictate. The tutorials will be held on Thursday and Friday to registered participants and the talks are presented to conference attendees on Saturday and Sunday. The Call for Talk and Presentation proposals period will close on May 15th, 2024. Prospective speakers will be notified of acceptance or otherwise by May 22nd, 2024. This document is available at https://2024.eurobsdcon.org/cfp/. Call for Talk and Presentation Proposals (CfP) The EuroBSDCon program committee is inviting BSD developers and users to submit innovative and original talk proposals not previously presented at other European conferences. Topics of interest to the conference include, but are not limited to applications, architecture, implementation, performance and security of BSD-based operating systems, as well as topics concerning the economic or organizational aspects of BSD use. Presentations are expected to be 45 minutes and are to be delivered in English. Call for Tutorial Proposals The EuroBSDCon program committee is also inviting qualified practitioners in their field to submit proposals for half or full day tutorials on topics relevant to development, implementation and use of BSD-based systems. Half-day tutorials are expected to be 2.5 to 3 hours and full-day tutorials 5 to 6 hours. The tutorials and talks are to be held in English. Submissions Proposals should be sent through the registration system at https://events.eurobsdcon.org. Proposals should contain a short and concise text description in about 100 words as well as a short speaker bio. Accepted papers and presentations will be published on the conference web site as soon as feasible during or after the conference. We encourage the submitter to consider writing up a formal paper for this purpose in addition to making a presentation. While we urge prospective speakers to seek funding from employers or other benevolent sources, the conference does have a budget for covering reasonable travel and accommodation expenses for speakers, with accommodation to the extent possible provided at the primary speaker hotel (see the Travel page on the conference website). Speakers who will be applying for travel funding should also submit an estimate of expected travel expenses. Please see the Speaker Reimbursement Policy for details. Please also note that due to visa issues in the past, we would like to know as early as possible of any visa requirements for speakers. Please check the Ireland visa application requirements site at https://www.dfa.ie/travel/visas/visas-for-ireland/ for guidance. NOTE: If conditions dictate that the conference move to an all-online format, further instructions on how to access the conference for both speakers and attendees will be forwarded by email and posted on the conference website. As such we are especially interested in proposals that would work well in a virtual format, such as panel discussions. Please also include your timezone and expected available times with your proposals. Due to known and unknown unknowns, the format of the conference has not yet been decided at this writing. If the format of the conference, on-site versus online has consequences for your ability to present, please let us know in the notes on your submission. Contact If you have any questions, please feel free to contact us by sending an email to p...@eurobscon.org
mirror.bytemark.co.uk appears to have removed all OpenBSD content?
Just been to upgrade a rather old system I keep OpenBSD on for fun all the way up from 6.9, and found bytemark no longer seem to be hosting any OpenBSD content. Fortunately there's a couple of archives with pretty much every OpenBSD release ever, so sysupgrade is currently rather busy PK
Re: SoGo for OpenBSD?
On Fri, Feb 16, 2024 at 04:05:21PM +0300, Mark wrote: > > Is there any hero here, to explain/forward me a working tutorial (never > found one) for installation of SoGo (for its webmail) on an OpenBSD mail > server? I must admit I had never heard of the thing before reading your message, but there appears to be a www/sogo port, so "doas pkg_add sogo" and proceed to any configuration steps the docs specify should be a possible way forward. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: KeyTrap DNS vulnerability
On 2/14/24 04:55, b...@fea.st wrote: “A single packet can exhaust the processing capacity of a vulnerable DNS server, effectively disabling the machine, by exploiting a 20-plus-year-old design flaw in the DNSSEC specification. https://www.theregister.com/2024/02/13/dnssec_vulnerability_internet/ Thank you for sharing this, it's good to talk about this, as it affects any cryptographic keying system. I was aware of this for a few years without giving it more thought because sending random garble instead of DNSSEC keys was mentioned on chat channels such as #dns before. In my opinion, the defenses are not to turn off DNSSEC, but rather, to do some sanitizing of the cryptographic data with a lesser cost algorithm. Such as length checks, heuristic collection identifying an algorithm before using the main decryption algorithm on it *. To be honest I looked at the patches but wasn't any wiser that this was really done. Another approach is to flag abusers of DNSSEC keys and block them for some time penalty, and if repeated abuse happens then to block the entire site. * I'm not a cryptographer, mathematician nor do I program DNS on the recursive end. I program on the authoritative server end, where you can't do anything about something like a MITM anyhow. Donald Knuth and other books using algorithmic approaches may be good reading for this. Best Regards, -peter
Re: Log files, OpenBSD and Zero click exploits
On Tue, Feb 13, 2024 at 08:29:59AM +, jonathon575 wrote: > Kindly find below log entries generated from tcpdump of the pflog. The is a > fresh install & updated openbsd 7.4, with bare-minimum installation > configured for a firewall. There are no x* programs installed. > > Feb 11 18:09:41.682345 rule 14/(match) block in on re0: 69.166.225.73.51820 > > wan-ip.60360: [wg] initiation from 0xdd6a56bc > Feb 11 18:09:46.754493 rule 14/(match) block in on re0: 69.166.225.73.51820 > > wan-ip.60360: [wg] initiation from 0x963acc89 > Feb 11 18:09:51.778525 rule 14/(match) block in on re0: 69.166.225.73.51820 > > wan-ip.60360: [wg] initiation from 0x93d9508d > Feb 11 18:09:56.835383 rule 14/(match) block in on re0: 69.166.225.73.51820 > > wan-ip.60360: [wg] initiation from 0x112cf65b > Feb 11 18:29:33.657009 rule 14/(match) block in on re0: 69.166.225.73.51820 > > wan-ip.60360: [wg] initiation from 0x639ed21a > Feb 11 18:29:33.657454 rule 14/(match) block in on re0: 69.166.225.73.51820 > > wan-ip.60360: [wg] initiation from 0xb2fcd9b8 > Feb 11 18:29:33.658140 rule 14/(match) block in on re0: 69.166.225.73.51820 > > wan-ip.60360: [wg] initiation from 0x8ae84cca > Feb 11 18:29:33.658808 rule 14/(match) block in on re0: 69.166.225.73.51820 > > wan-ip.60360: [wg] initiation from 0xcbb881b7 > Feb 11 18:29:33.659165 rule 14/(match) block in on re0: 69.166.225.73.51820 > > wan-ip.60360: [wg] initiation from 0x612a28f8 > Feb 11 18:29:33.659416 rule 14/(match) block in on re0: 69.166.225.73.51820 > > wan-ip.60360: [wg] initiation from 0x49f595ec > > wan-ip is my wan static ip address. > > What does [wg] means? What does "initiation from 0xdd6a56bc"...etc. means? These log entries mean that your system blocked attempts from 69.166.225.73 access to whatever wan-ip is. Your system recognized the traffic as attempts to initiate a WireGuard (a sort of vpn, see https://man.openbsd.org/wg and links therein). The attempts were blocked. The rest of your questions can be answered relatively easily by familiarizing yourself with the tools at hand, such as the tcpdump you have already encountered. Do read up on how syslog classfies messages and how to report which levels and so forth. Some of the things you mention may require specialized tools, but please invest some time in learning to properly interpret the output of the basic tools first. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
what do people use for a sip proxy?
Hi, I'm back from my hiatus. what I'm looking for is something like a kamailio but much much easier and straight forward and perhaps a BSD license instead of GPL. I have about 4 weeks after next week of free time (god willing) and I'm thinking of expanding on a software of mine for a sip proxy. But if it'll save time to have a straight forward software that's already written plus the config writing and understanding, then I need not code it. The software should be able to answer a VOIP call for sip:callpeter.tel or whatever I put on https://callpeter.tel. It should also be able to do sips:// or tls'ed sip. It should register or be registerable to an already existing AVM sip server. And it should be security conscious. Thanks for feedback, -peter -- Over thirty years experience on UNIX-like Operating Systems starting with QNX.
Re: Astertisk missing library
Although not understanding the output of LD_DEBUG, I made a guess, that the problem was with load order. After a bit of experimentation, I added load = res_audiosocket.so load = res_speech.so load = res_stasis.so load = res_pjproject.so load = res_rtp_asterisk.so load = res_pjsip.so load = res_xmpp.so load = res_pjsip_session.so load = res_rtp_multicast.so load = res_ael_share.so load = res_pjsip_pubsub.so load = res_stasis_recording.so load = res_pjsip_outbound_publish.so To the beginning of modules.conf asterisk loaded without missing symbols. -Original Message- From: Peter Fraser Sent: Tuesday, February 6, 2024 2:22 PM To: misc@openbsd.org Subject: RE: Astertisk missing library setting LD_DEBUG does generate a lot of output 8384 lines. first is the extracted code where app_audiosocket.so is loaded, the error is reported. It was a line 607 in the debug ouptut the second is the section is where res_audiosocket.so is loaded. It was at line 4622 in the output. I find it very strange that asterisk reports an error after app_audiosocket.so is loaded, but later seems properly load res_audiosocket.so which contains the missing symbols. I am hoping that someone can extract something from this. I do have all 8000 plus line of output if someone is interested. dlopen: loading: /usr/local/lib/asterisk/modules/app_audiosocket.so objname [/usr/local/lib/asterisk/modules/app_audiosocket.so], dynp 0x5bda75834a0, objtype 4 lbase 5bda757f000, obase 5bda757f000 flags /usr/local/lib/asterisk/modules/app_audiosocket.so = 0x0 head /usr/local/lib/asterisk/modules/app_audiosocket.so obj /usr/local/lib/asterisk/modules/app_audiosocket.so has /usr/local/lib/asterisk/modules/app_audiosocket.so as head linking /usr/local/lib/asterisk/modules/app_audiosocket.so as dlopen()ed head [/usr/local/lib/asterisk/modules/app_audiosocket.so] examining: '/usr/local/lib/asterisk/modules/app_audiosocket.so' loading: libBlocksRuntime.so.0.0 required by /usr/local/lib/asterisk/modules/app_audiosocket.so loading: libpthread.so.27.1 required by /usr/local/lib/asterisk/modules/app_audiosocket.so linking dep /usr/local/lib/libBlocksRuntime.so.0.0 as child of /usr/local/lib/asterisk/modules/app_audiosocket.so linking dep /usr/lib/libpthread.so.27.1 as child of /usr/local/lib/asterisk/modules/app_audiosocket.so tail /usr/local/lib/asterisk/modules/app_audiosocket.so asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined symbol 'ast_audiosocket_connect' asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined symbol 'ast_audiosocket_init' asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined symbol 'ast_audiosocket_send_frame' asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined symbol 'ast_audiosocket_receive_frame' unload_shlib called on /usr/local/lib/asterisk/modules/app_audiosocket.so unload_shlib called on /usr/local/lib/libBlocksRuntime.so.0.0 unload_shlib called on /usr/lib/libpthread.so.27.1 unload_shlib unloading on /usr/local/lib/asterisk/modules/app_audiosocket.so dlopen: /usr/local/lib/asterisk/modules/app_audiosocket.so: done (failed).dlopen: loading: /usr/local/lib/asterisk/modules/app_audiosocket.so objname [/usr/local/lib/asterisk/modules/app_audiosocket.so], dynp 0x5bda75834a0, objtype 4 lbase 5bda757f000, obase 5bda757f000 flags /usr/local/lib/asterisk/modules/app_audiosocket.so = 0x0 head /usr/local/lib/asterisk/modules/app_audiosocket.so obj /usr/local/lib/asterisk/modules/app_audiosocket.so has /usr/local/lib/asterisk/modules/app_audiosocket.so as head linking /usr/local/lib/asterisk/modules/app_audiosocket.so as dlopen()ed head [/usr/local/lib/asterisk/modules/app_audiosocket.so] examining: '/usr/local/lib/asterisk/modules/app_audiosocket.so' loading: libBlocksRuntime.so.0.0 required by /usr/local/lib/asterisk/modules/app_audiosocket.so loading: libpthread.so.27.1 required by /usr/local/lib/asterisk/modules/app_audiosocket.so linking dep /usr/local/lib/libBlocksRuntime.so.0.0 as child of /usr/local/lib/asterisk/modules/app_audiosocket.so linking dep /usr/lib/libpthread.so.27.1 as child of /usr/local/lib/asterisk/modules/app_audiosocket.so tail /usr/local/lib/asterisk/modules/app_audiosocket.so asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined symbol 'ast_audiosocket_connect' asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined symbol 'ast_audiosocket_init' asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined symbol 'ast_audiosocket_send_frame' asterisk:/usr/local/lib/asterisk/modules/app_audiosocket.so: undefined symbol 'ast_audiosocket_receive_frame' unload_shlib called on /usr/local/lib/asterisk/modules/app_audiosocket.so unload_shlib called on /usr/local/lib/libBlocksRuntime.so.0.0 unload_shlib called on /usr/lib/libpthread.so.27.1 unload_shlib unloading on /usr/local/lib/asterisk/modules/app_audiosocket.so dlopen: /usr/local/lib/asterisk/modules
