What can I do to use my GPU power ?
Hi, I have a good GPU (Radeon RX7600) and I wonder how to use it. I'm not doing 3D stuffs, I want to learn how to hack OpenBSD and so on, so the GPU will not be useful I guess. I ask this because I want to know if I can use the power of my computer. Can my GPU be useful on learning a programming language ? Or other stuff ? -- kz
dmesg ASUS ProArt B760
Hi all, I've just installed a new system that should replace both my about 20 yr old server and 15 yr old workstation. Most critical services (like mail) I moved to a VPS over the last years, so if (seldomly) an X11 application crashes the thing, it's not a disaster. dmesg is below. Very quick tests show that things work, but I am worried about the many things not supported. Maybe I chose the wrong motherboard and should replace it for a slighly older model. I'm mostly worried about: - Intel Graphics (glxgears runs, but xonotic does not start in full screen) - Intel 700 Series HD Audio (but stereo output works; did not test further yet) The "Intel 700 Series Shared SRAM" and "cpu at mainbus0" I don't really understand, because the system runs and top(1) shows me all cores and memory that I inserted into the motherboard. OpenBSD 7.5 (RAMDISK_CD) #76: Wed Mar 20 15:53:54 MDT 2024 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD real mem = 68413100032 (65243MB) avail mem = 66334785536 (63261MB) random: good seed from bootblocks mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.5 @ 0x75a7 (115 entries) bios0: vendor American Megatrends Inc. version "1501" date 10/06/2023 bios0: ASUS ProArt B760-CREATOR acpi0 at bios0: ACPI 6.4 acpi0: tables DSDT FACP FIDT SSDT SSDT SSDT SSDT HPET APIC MCFG SSDT NHLT LPIT SSDT SSDT DBGP DBG2 SSDT DMAR FPDT SSDT SSDT SSDT UEFI UEFI BGRT WPBT TPM2 PHAT WSMT acpihpet0 at acpi0: 1920 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-14600T, 5089.44 MHz, 06-b7-01, patch 011d cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,PT,SHA,UMIP,PKU,WAITPKG,PKS,MD_CLEAR,IBT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,IBRS_ALL,SKIP_L1DFL,MDS_NO,IF_PSCHANGE,TAA_NO,MISC_PKG_CT,ENERGY_FILT,DOITM,SBDR_SSDP_N,FBSDP_NO,PSDP_NO,RRSBA,OVERCLOCK,GDS_NO,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu0: 48KB 64b/line 12-way D-cache, 32KB 64b/line 8-way I-cache, 2MB 64b/line 16-way L2 cache, 24MB 64b/line 12-way L3 cache cpu0: apic clock running at 38MHz cpu0: mwait min=64, max=64, C-substates=0.2.0.2.0.1.0.1, IBE cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins acpiprt0 at acpi0: bus 0 (PC00) acpiprt1 at acpi0: bus -1 (PEG1) acpiprt2 at acpi0: bus 1 (PEG0) acpiprt3 at acpi0: bus -1 (RP09) acpiprt4 at acpi0: bus -1 (RP10) acpiprt5 at acpi0: bus -1 (RP11) acpiprt6 at acpi0: bus -1 (RP12) acpiprt7 at acpi0: bus -1 (RP13) acpiprt8 at acpi0: bus -1 (RP14) acpiprt9 at acpi0: bus 4 (RP15) acpiprt10 at acpi0: bus 5 (RP16) acpiprt11 at acpi0: bus 3 (RP01) acpiprt12 at acpi0: bus -1 (RP02) acpiprt13 at acpi0: bus -1 (RP03) acpiprt14 at acpi0: bus -1 (RP04) acpiprt15 at acpi0: bus -1 (RP05) acpiprt16 at acpi0: bus -1 (RP06) acpiprt17 at acpi0: bus -1 (RP07) acpiprt18 at acpi0: bus -1 (RP08) acpiprt19 at acpi0: bus -1 (RP17) acpiprt20 at acpi0: bus -1 (RP18) acpiprt21 at acpi0: bus -1 (RP19) acpiprt22 at acpi0: bus -1 (RP20) acpiprt23 at acpi0: bus -1 (RP21) acpiprt24 at acpi0: bus -1 (RP22) acpiprt25 at acpi0: bus -1 (RP23) acpiprt26 at acpi0: bus -1 (RP24) acpiprt27 at acpi0: bus 2 (RP25) acpiprt28 at acpi0: bus -1 (RP26) acpiprt29 at acpi0: bus -1 (RP27) acpiprt30 at acpi0: bus -1 (RP28) acpiec0 at acpi0: not present acpiec1 at acpi0 acpipci0 at acpi0 PC00: 0x 0x0011 0x0001 com0 at acpi0 UAR1 addr 0x3f8/0x8 irq 4: ns16550a, 16 byte fifo "MSFT8000" at acpi0 not configured "ITE8853" at acpi0 not configured "ACPI000E" at acpi0 not configured "INTC1085" at acpi0 not configured "PNP0C0E" at acpi0 not configured "ACPI0007" at acpi0 not configured "ACPI0007" at acpi0 not configured "ACPI0007" at acpi0 not configured "ACPI0007" at acpi0 not configured "ACPI0007" at acpi0 not configured "ACPI0007" at acpi0 not configured "ACPI0007" at acpi0 not configured "ACPI0007" at acpi0 not configured "ACPI0007" at acpi0 not configured "ACPI0007" at acpi0 not configured "ACPI0007" at acpi0 not configured "ACPI0007" at acpi0 not configured "ACPI0007" at acpi0 not configured "ACPI0007" at acpi0 not configured "ACPI0007" at acpi0 not configured "ACPI0007" at acpi0 not configured "ACPI0007" at acpi0 not configured "ACPI0007" at acpi0 not
Re: booting and RAID-5
On Sun, 16 Jun 2024 11:57:13 -0400 Nick Holland wrote: > On 6/15/24 09:05, Marco van Hulten wrote: > > Hello, > > > > I got a new amd64 system with 3 NVMe disks of each 2 TB, with the > > idea to put them in RAID-5. I did not realise until now that one > > cannot boot from RAID-5. > > > > Would a good approach be to create a root device on one disk (and > > maybe altroots on one or both of the others) and use the rest of > > all disks as RAID-5 device? Or is there a good reason to boot from > > a disk separate from the envisioned RAID-5 configuration? > > I just set something up like this, myself. Four 4T disks. I wanted > redundancy but also recoverability. > > My solution: > [...] Thank you, Nick. This is a big help. Using RAID-1 for this, as also suggested by Kirill and an off-list poster, seemed like a good idea, and no need for an altroot. Before I read your message, I did an installation with a small (1.5 G) RAID-1 installation with only root. Besides the missed benefit of having a full base system on each drive, it also had problems with installboot(8) at the end of the installation. It could not find /usr/mdec/biosboot, which I guess could have been because I had /usr on a different device (the RAID-5 device). Then I redone it with a 60 GB RAID-1 device, including /, swap, /usr, /usr/X11R6, /tmp and /var. The other partitions went to the large RAID-5 device. This worked! I only have to test if removing drives works, and if I have no access to RAID-5 I can still boot the system to the point I can login and run base-system commands. Marco
Re: How to configure vlans with vmm
On Wed, Jun 12, 2024 at 09:22:10PM -0700, jrmu wrote:
> > TL,DR: add the VLAN interface to the veb device configured in /etc/vm.conf
> >
> > It depends a bit on the role you want your vmm host to play in that
> > network. Everything written below refers to the host, unless otherwise
> > specified.
>
> Thanks. I think I follow the basic idea of the setup.
>
> However, it appears to me that the virtual machine interfaces, which
> vm.conf(5) appears to constrain to be tap(4) interfaces, will not
> automatically have their vnet id set. Instead, each virtual machine will
> need to create its own vlan interface.
>
> Is there any way to avoid forcing the virtual machine to do that? To
> handle this entirely by the host?
>
> --
> jrmu
> IRCNow (https://ircnow.org)
Each switch you define in vm.conf is isolated by itself (and shows up as
a veb device on the host). So if you want to keep your VMs isolated,
you don't need to worry about VLANs at the VM level.
If you want them isolated among themselves, just define a switch for
each one on vm.conf, and then, in each VM, attach an interface to each
switch. E.g.:
switch "vm_A" { interface veb0 }
switch "vm_B" { interface veb1 }
vm "vm_A" {
...
interface { switch "vm_A" }
}
vm "vm_B" {
...
interface { switch "vm_B" }
}
So now you have two VMs, each on its own separated network. And on the
host, you can decide what you connect to each of them, on veb0 and veb1,
respectively. No need for VLANs, so far.
Host <-> VM networking:
Want to route packets between you host and each VM? Just create (and
configure) a couple of vport interfaces, and add each of them to each
veb. Assuming you configured vio0 on vm_A to 192.168.10.2/24 and vio0
on vm_B to 192.168.11.2/24 (or some other addresses other than .1 on
those /24 subnets):
# ifconfig vport0 create
# ifconfig vport0 inet 192.168.10.1 netmask 255.255.255.0
# ifconfig vport0 up
# ifconfig veb0 add vport0
# ifconfig vport1 create
# ifconfig vport1 inet 192.168.11.1 netmask 255.255.255.0
# ifconfig vport1 up
# ifconfig veb1 add vport1
As long as each VM doesn't have a route for the _other_ VMs network,
they remain isolated. No need for VLANs so far.
Upstream VLANs:
Now, if you have a VLAN that you want to "attach" each VM to, you need
two things: to make your host "extract" those VLAN's packets from the
wire (by creating a vlan interface with the physical interface as the
parent), and then add that vlan interface to the respective veb. So, if
you want vm_A to be connected to VLAN 800 you'd do something like
# ifconfig vlan800 create
# ifconfig vlan800 vnetid 800 parent em0
# ifconfig vlan800 up
# ifconfig veb0 add vlan800
As I said earlier, you don't even need to configure an IP address for
the vlan800 interface. As long as the vio0 interface on the VM is
properly configured -- i.e. with an IP address and netmask compatible
with whatever is upstream from the host, on than VLAN -- you will now
have the VM sending/receiving packets on VLAN 800.
--
Re: booting and RAID-5
On 6/15/24 09:05, Marco van Hulten wrote:
Hello,
I got a new amd64 system with 3 NVMe disks of each 2 TB, with the idea
to put them in RAID-5. I did not realise until now that one cannot
boot from RAID-5.
Would a good approach be to create a root device on one disk (and maybe
altroots on one or both of the others) and use the rest of all disks as
RAID-5 device? Or is there a good reason to boot from a disk separate
from the envisioned RAID-5 configuration?
I just set something up like this, myself. Four 4T disks. I wanted
redundancy but also recoverability.
My solution:
each drive has a 25G disklabel partition and a "almost rest of drive"
disklabel partition ("almost rest" because I'm paranoid about having
to someday replace the drive, and finding the new drive is a thousand
sectors smaller than the old drives. This hasn't been much of a problem
in my observation lately, but I'm old, I remember when Seagate shipped
two drives with the exact same model number, but the replacement drive
had one less cylinder than the original drive...not fun!).
The 25G partitions are in a four drive RAID1, and the "rest of drive"
partitions are in a RAID5 config. The base OS and all standard
partitions is in that 25G array, the "rest of drive" is all data storage.
So..if I lose a drive (or several), I should be able to boot at least
the core OS and get some idea what went wrong. If you need a larger
core OS system, go for it. I do NOT recommend putting just the root
partition on this drive. Make it stand-alone useful.
At this point, some of the kids start screaming, "you can't do a
four drive RAID1!". Yes you can. The fact that your HW RAID card
can't, doesn't mean it's an invalid concept. softraid (and at least
some other software RAID systems) handles >2 drives in a RAID1
config seemingly just fine. It's four copies of the same data.
Stunningly inefficient, not very fast for writes but very robust.
And, what else am I supposed to do with the 25G empty space on the
other drives, anyway? :) (a further benefit -- if I have to swap the
drives to another physical machine, ANY of the drives will able to be
booted, I don't have to make sure I get the right drive in the "drive 0"
position).
One big word of warning: when you have to replace a drive on a system
like this...rebuild one array than the other. You probably don't want
to have the system thrashing between the two partitions on the same disk;
that's a great way to turn a slow process into a glacial process (though
probably not so big a deal with SSDs as it is with spinning drives). So
when I test the drive replacement process, I plan to rebuild the OS
partition first (anticipated time: minutes), then the data partition
later (anticipated time: days).
And yes, I'm testing the behaviors of this thing and the drive replacement
process before I commit it to production.
Nick.
Re: How to configure vlans with vmm
You don't have the vlan tag/trunk/id inside of the VM.
On the host you have to "terminate" the vlan and map them to a veb or
veb/vport.
As was mentioned in another post, vport isn't mandatory, you can also do
with just veb.
# /etc.vm.conf
switch "uplink_vlan800" {
interface veb800
}
switch "uplink_vlan880" {
interface veb880
}
vm "vm1" {
memory 16G
disk "/var/vmm/vm1.qcow2"
interface tap {
switch "uplink_vlan880"
lladdr fe:51:bb:1e:11:03
}
}
vm "vm2" {
memory 8G
disk "/var/vmm/vm2.qcow2"
interface tap {
switch "uplink_vlan800"
lladdr fe:51:bb:1e:11:05
}
}
In the VM you have standard config for /etc/hostname.vio0 like:
# /etc/hostname.vio0
inet
inet6
Mischa
On 2024-06-14 18:09, jrmu wrote:
I attempted to follow the advice posted, but perhaps misunderstood
somewhere.
I attempted to assign the IP address to vlan0 inside the virtual
machine
(104.167.241.51). Needless to say this did not work, but I am not quite
sure
what the correct configuration is. Any help would be greatly welcome:
$ doas cat /etc/vm.conf
socket owner :vmdusers
switch "switch1" {
locked lladdr
interface veb1
}
bsdiso="/home/iso/install75.iso"
vm "jrmu" {
owner jrmu
memory 2G
cdrom $bsdiso
disk /home/jrmu/jrmu.qcow2 format qcow2
interface tap1 {
locked lladdr e8:8b:27:7b:7a:02
switch "switch0"
}
}
$ doas cat /etc/hostname.veb1
add vlan0
add vlan1
link1
$ doas cat /etc/hostname.vlan0
vnetid 100 parent em1
lladdr fe:e1:ba:d0:84:0e
up
$ doas cat /etc/hostname.vlan1
vnetid 100 parent tap1
lladdr fe:e1:ba:d0:84:0f
up
$ doas cat /etc/hostname.em1
inet 104.167.241.211 0xffc0
inet6 2602:fccf:400:41::1 64
!route add -inet6 2602:fccf:400::1 -cloning -link -iface em1
!route add -inet6 default 2602:fccf:400::1
$ ifconfig
em1:
flags=8b43 mtu
1500
lladdr 00:25:90:5a:2d:92
index 2 priority 0 llprio 3
groups: egress
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 104.167.241.211 netmask 0xffc0 broadcast 104.167.241.255
inet6 fe80::225:90ff:fe5a:2d92%em1 prefixlen 64 scopeid 0x2
inet6 2602:fccf:400:41::1 prefixlen 64
veb1: flags=a843
description: switch2-switch1
index 6 llprio 3
groups: veb
vlan0 flags=3
port 7 ifpriority 0 ifcost 0
vlan1 flags=3
port 8 ifpriority 0 ifcost 0
vlan0: flags=8943 mtu
1500
lladdr fe:e1:ba:d0:84:0e
index 7 priority 0 llprio 3
encap: vnetid 100 parent em1 txprio packet rxprio outer
groups: vlan
media: Ethernet autoselect (1000baseT full-duplex)
status: active
vlan1: flags=8102 mtu 1500
lladdr fe:e1:ba:d0:84:0f
index 8 priority 0 llprio 3
encap: vnetid 100 parent none txprio packet rxprio outer
groups: vlan
status: no carrier
vport1: flags=8843 mtu 1500
lladdr fe:e1:ba:d1:85:30
index 10 priority 0 llprio 3
groups: vport
inet 104.167.241.51 netmask 0xfff8 broadcast 104.167.241.55
inet6 fe80::fce1:baff:fed1:8530%vport1 prefixlen 64 scopeid 0xa
inet6 2602:fccf:4:51:: prefixlen 48
tap1: flags=8943 mtu
1500
lladdr fe:e1:ba:d7:82:a2
description: vm2-if0-jrmu
index 17 priority 0 llprio 3
groups: tap vms
status: active
Inside the virtual machine jrmu:
jrmu# cat /etc/hostname.vio0
up
jrmu# cat /etc/hostname.vlan0
vnetid 100 parent vio0
inet 104.167.241.51 0xff00
inet6 2602:fccf:4:51:: 64
!route add 104.167.241.211 -cloning -link -iface vlan0
!route add default 104.167.241.211
!route add -inet6 2602:fccf:4::1 -cloning -link -iface vlan0
!route add -inet6 default 2602:fccf:4::1
up
jrmu# ifconfig
lo0: flags=2008049 mtu 32768
index 3 priority 0 llprio 3
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet 127.0.0.1 netmask 0xff00
vio0:
flags=8b43 mtu
1500
lladdr e8:8b:27:7b:7a:02
index 1 priority 0 llprio 3
media: Ethernet autoselect
status: active
enc0: flags=0<>
index 2 priority 0 llprio 3
groups: enc
status: active
vether0: flags=8843 mtu 1500
lladdr fe:e1:ba:d0:8c:a9
index 4 priority 0 llprio 3
groups: vether
media: Ethernet autoselect
status: active
inet 10.0.0.2 netmask 0xff00 broadcast 10.255.255.255
inet6 fe80::fce1:baff:fed0:8ca9%vether0 prefixlen 64 scopeid
0x4
inet6 fc00::2 prefixlen 7
vlan0: flags=8843 mtu 1500
lladdr e8:8b:27:7b:7a:02
index 5 priority 0 llprio 3
encap: vnetid 100 parent vio0 txprio packet rxprio outer
groups: vlan egress
media: Ethernet autoselect
status: active
inet 104.167.241.51 netmask
Re: Updated Operations Research tools
Thank you for the note, Michel. The software packages I mentioned are not yet packaged for use with the OpenBSD package manager. Instead, they are now able to be built on OpenBSD. I hope the Google or-tools package will be posted for Python. The others will need to be added as ports. On Sat, Jun 15, 2024 at 12:57 PM Michel von Behr wrote: > Thank you Ronald! Ive been exploring Operations Research tools every now > and then, always relying on Linux; great to know we have some of those > tools in OpenBSD as packages, will definitely take a look in the future. > > I'm running -current, far from being a "guru" in OR and OpenBSD, but if > you need some help with testing in the future let me know. > > Regards > > Michel > > On Mon, 10 Jun 2024 at 10:00 PM Ronald Dahlgren > wrote: > >> I am excited to announce a number of software packages that have been >> updated to work on OpenBSD. >> >> 1. COIN-OR (coin-or.org) - The CBC solver was failing to build due to a >> casting error. Pull request 653 (https://github.com/coin-or/Cbc/pull/653) >> corrects this issue; >> 2. HiGHS solver (https://ergo-code.github.io/HiGHS/stable/) - failed to >> build due to the `strerror_r` prototype. Pull request 1783 ( >> https://github.com/ERGO-Code/HiGHS/pull/1783) corrects this. >> 3. Google or-tools (https://developers.google.com/optimization/) - >> several compilation issues prevented building the associated Python >> package. Pull requests 4257 (https://github.com/google/or-tools/pull/4257), >> 4259 (https://github.com/google/or-tools/pull/4259), and 4266 ( >> https://github.com/google/or-tools/pull/4266) correct each of these >> problems. >> >> With these changes introduced, we can now run the relevant solvers and >> python packages on an OpenBSD system! I'm so happy I was able to give back >> to the OpenBSD community in this way. >> >> Ron >> >
Re: libopensmtpd with res_query_async never calls cb
On Fri, 14 Jun 2024 13:13:17 +0100,
Kirill A. Korinsky wrote:
>
> Anyway, I'm puzzling that to do next.
>
long story short: my code contains asr_abort and when it had happened it
doesn't decrease internal counter that lead to the deadlock.
Anyway, I suggest to add DEBUG print into asr_abort because right now it is
missed, and such output may save many hours of debuging.
Something like this:
diff --git lib/libc/asr/asr.c lib/libc/asr/asr.c
index c4ee2dd103f..afdbe00 100644
--- lib/libc/asr/asr.c
+++ lib/libc/asr/asr.c
@@ -173,6 +173,8 @@ DEF_WEAK(asr_resolver_free);
void
asr_abort(struct asr_query *as)
{
+ DPRINT("asr: asr_abort(%p) %s ctx=[%p]\n", as,
+ _asr_querystr(as->as_type), as->as_ctx);
_asr_async_free(as);
}
--
wbr, Kirill
Re: Do I need to wipe encrypted dual boot NVME before installation
> Why would you complicate it like that? >Just install OpenBSD anew. I ask because I like things to be cleaned. I don't think it's complicate to wipe the LUKS header Just I don't know so much about encryption and don't want to make a mistake that could compromise the security and privcay it offers. But I had the answer to my question so I'm okay with this problem. -- kz
Re: AI-Driven Security Enhancements for OpenBSD Kernel
Alfredo Ortega writes: > Hi! Sorry if this is not the appropriate list to share openbsd-related > projects (perhaps it was misc?) > > I want to inform you about this project about using LLMs to inject > thousands of security checks into the OpenBSD kernel automatically. > > I'm sharing the first results at > https://github.com/ortegaalfredo/openbsd-hardcore , where I used the > automated tool to add thousands of additional security checks to the > netinet/netinet6 stack of kernel 7.5. My plan is to continue this > process with other subsystems, which will be largely automated, and to > improve the tool so it can be used in other projects. The tool is not > yet public but the idea is quite simple and can be implemented easily. > This is a demonstration of the capabilities of LLMs as a > code-refactoring tool. I had an idea in this space which should have a much better ROI and chances of acceptance. I'd start by grabbing a syzkaller report from https://syzkaller.appspot.com/openbsd. Ideally you want something with a reproducer. You should probably verify the repro still works. Then feed whatever data you find relevant into the magic box and ask it to give you a fix for the problem. Some relevant pieces would include the panic stack trace and the code around it. Since you know it is a real problem and have a way to verify the proposed solution, people will take you more seriously. When you have the first real fix - do let us know, I'll personally be very excited to look at the patches. Thanks Greg P.S. As much as I'd love for you to focus on OpenBSD, you'll find many more bugs to fix in other systems there.
Re: Do I need to wipe encrypted dual boot NVME before installation
> > I have a dual boot Devuan/OpenBSD, I wrote random data on my > > drive Whoy wuld you "write random data" on a drive you are about to reinstall? > > and then install the OSes, both are encrypted. > > Now, I want to remove this dual boot to have only OpenBSD > > and use it as a daily driver. Sure. > > My plan for this is to boot a GNU/Linux live usb, erase LUKS keys > > with cryptsetup command, use the wipefs command to erase LUKS > > header and reinstall OpenBSD with full disk encryption. > > Is it secure enough ? Do I need to do something with OpenBSD > > encrypted data as I have to with the LUKS keys/header on GNU/Linux ? Why would you complicate it like that? Just install OpenBSD anew.
No wake from sleep on Carbon X1 Thinkpad
Hello Misc, I occasionally have a problem in which my laptop doesn't wake from sleep. The power LED just keeps blinking indefinitely when I open the lid. Closing the lid and opening it again doesn't seem to help. The machine doesn't respond to a ping from the network. The occurrence of this is random -- I can't put my finger on what might be causing it. Openbsd is currently running v7.4 on v9 of an X1, but it has happened previously on X1 versions 4 and 5 with earlier versions of the OS. I have to hold the power button down until the machine turns off and then restart it. During boot there are a bunch of fsck corrections, but I haven't noticed anything fatal. However, this makes me nervous for obvious reasons. The machine can be either on battery or wall power as I recall. The battery is not near being depleted. Has anybody else experienced this? Any suggestions for diagnostics or fixes? Dave Raymond David J. Raymond david.raym...@nmt.edu http://kestrel.nmt.edu/~raymond
Can anyone in Alberta sign into their health records with OpenBSD?
I'm still using 7.4, but wondering if anyone from Alberta is able to use any version of OpenBSD and any browser to sign in to access their Health Records at: https://myhealth.alberta.ca/uam/pages/Dashboard.aspx
Re: Updated Operations Research tools
Thank you Ronald! Ive been exploring Operations Research tools every now and then, always relying on Linux; great to know we have some of those tools in OpenBSD as packages, will definitely take a look in the future. I'm running -current, far from being a "guru" in OR and OpenBSD, but if you need some help with testing in the future let me know. Regards Michel On Mon, 10 Jun 2024 at 10:00 PM Ronald Dahlgren wrote: > I am excited to announce a number of software packages that have been > updated to work on OpenBSD. > > 1. COIN-OR (coin-or.org) - The CBC solver was failing to build due to a > casting error. Pull request 653 (https://github.com/coin-or/Cbc/pull/653) > corrects this issue; > 2. HiGHS solver (https://ergo-code.github.io/HiGHS/stable/) - failed to > build due to the `strerror_r` prototype. Pull request 1783 ( > https://github.com/ERGO-Code/HiGHS/pull/1783) corrects this. > 3. Google or-tools (https://developers.google.com/optimization/) - > several compilation issues prevented building the associated Python > package. Pull requests 4257 (https://github.com/google/or-tools/pull/4257), > 4259 (https://github.com/google/or-tools/pull/4259), and 4266 ( > https://github.com/google/or-tools/pull/4266) correct each of these > problems. > > With these changes introduced, we can now run the relevant solvers and > python packages on an OpenBSD system! I'm so happy I was able to give back > to the OpenBSD community in this way. > > Ron >
Re: nginx optimizing
As https is default webserver of OpenBSD I think you out of luck. But you can start from here: https://blog.nginx.org/blog/performance-tuning-tips-tricks remembering that you should test settings one by one as some of them eg. "aio" are not compatible with OpenBSD. Jun 15, 2024 13:52:50 Corey Hickman : > Hello > > Is there any doc for optimizing nginx on openbsd server? for example, to get > better performance (QPS, throughput etc).
Re: booting and RAID-5
On Sat, 15 Jun 2024 14:05:07 +0100, Marco van Hulten wrote: > > Would a good approach be to create a root device on one disk (and maybe > altroots on one or both of the others) and use the rest of all disks as > RAID-5 device? Or is there a good reason to boot from a disk separate > from the envisioned RAID-5 configuration? > Why not use dedicated RAID-1 for / instead? -- wbr, Kirill
booting and RAID-5
Hello, I got a new amd64 system with 3 NVMe disks of each 2 TB, with the idea to put them in RAID-5. I did not realise until now that one cannot boot from RAID-5. Would a good approach be to create a root device on one disk (and maybe altroots on one or both of the others) and use the rest of all disks as RAID-5 device? Or is there a good reason to boot from a disk separate from the envisioned RAID-5 configuration? Thanks, Marco
nginx optimizing
Hello Is there any doc for optimizing nginx on openbsd server? for example, to get better performance (QPS, throughput etc). Thanks.
Re: Do I need to wipe encrypted dual boot NVME before installation
Everything is clear now. Even if I messed up with the dd command I understood what I needed to do : With GNU/Linux live : # cryptsetup erase /dev/nvme0n1p3 (my LUKS partition) # wipefs -a /dev/nvme0n1p3 With OpenBSD shell : # sysctl hw.disknames # cd /dev # sh MAKEDEV sd0 (my encrypted device) # dd if=/dev/urandom of=/dev/rsd0c bs=1m count=1 Like that I have a clean device ready to welcome OpenBSD. Thanks you. -- kz
Re: Do I need to wipe encrypted dual boot NVME before installation
If I understand your question correctly, you trying to ensure that the encryption key for your existing OpenBSD installation is specifically destroyed before re-using the disk, to protect against the possibility that somebody with access to the disk could use that key to decrypt the softraid crypto partition before the encrypted data has been overwritten simply due to regular usage of the disk after re-installation. There is no specific tool in the OpenBSD base system to do this. However the key material for an OpenBSD softraid cypto partition is stored along with the other softraid metadata at the beginning of the partition, so it can quickly and easily be overwritten using dd to write random data to the first megabyte or so. This is what I was looking for. You understood my question perfectly. I just have to know how to overwrite softraid metadata of my partition because it's not a the begining of the drive so I guess it's not the first megabyte. Thanks. -- kz
Re: info about cpu in dmesg
On 15.6.2024. 7:54, Rob Schmersel wrote: > On Fri, 14 Jun 2024 22:20:55 +0200 > Hrvoje Popovski wrote: > >> Hi all, >> >> I have question about cpu output in dmesg. >> I have Fujitsu RX2530m4 with 8 core Intel(R) Xeon(R) Gold 6134 and in >> dmesg I've noticed that core are 0,4,5,7,18,19,21,22 >> >> without HT >> cpu0: smt 0, core 0, package 0 >> cpu1: smt 0, core 4, package 0 >> cpu2: smt 0, core 5, package 0 >> cpu3: smt 0, core 7, package 0 >> cpu4: smt 0, core 18, package 0 >> cpu5: smt 0, core 19, package 0 >> cpu6: smt 0, core 21, package 0 >> cpu7: smt 0, core 22, package 0 >> >> with HT >> cpu0: smt 0, core 0, package 0 >> cpu1: smt 0, core 4, package 0 >> cpu2: smt 0, core 5, package 0 >> cpu3: smt 0, core 7, package 0 >> cpu4: smt 0, core 18, package 0 >> cpu5: smt 0, core 19, package 0 >> cpu6: smt 0, core 21, package 0 >> cpu7: smt 0, core 22, package 0 >> cpu8: smt 1, core 0, package 0 >> cpu9: smt 1, core 4, package 0 >> cpu10: smt 1, core 5, package 0 >> cpu11: smt 1, core 7, package 0 >> cpu12: smt 1, core 18, package 0 >> cpu13: smt 1, core 19, package 0 >> cpu14: smt 1, core 21, package 0 >> cpu15: smt 1, core 22, package 0 >> >> My understanding is that : >> package - cpu socket >> core - physical cpu cores >> smt - core thread >> cpuX - name of core ? >> >> I thought that in my case core should be from 0 to 7 ? >> > <--- snip dmesg ---> > > The Xeon gold 6000 series can have upto 22 cores. The 6134 just has > some of those cores disabled > Hi, makes sense, tnx ..
Re: Do I need to wipe encrypted dual boot NVME before installation
On Sat, Jun 15, 2024 at 09:01:51AM +, lafermedesanim...@posteo.net wrote: > I have a dual boot Devuan/OpenBSD, I wrote random data on my > drive and then install the OSes, both are encrypted. > Now, I want to remove this dual boot to have only OpenBSD > and use it as a daily driver. > My plan for this is to boot a GNU/Linux live usb, erase LUKS keys > with cryptsetup command, use the wipefs command to erase LUKS > header and reinstall OpenBSD with full disk encryption. > Is it secure enough ? Do I need to do something with OpenBSD > encrypted data as I have to with the LUKS keys/header on GNU/Linux ? If I understand your question correctly, you trying to ensure that the encryption key for your existing OpenBSD installation is specifically destroyed before re-using the disk, to protect against the possibility that somebody with access to the disk could use that key to decrypt the softraid crypto partition before the encrypted data has been overwritten simply due to regular usage of the disk after re-installation. There is no specific tool in the OpenBSD base system to do this. However the key material for an OpenBSD softraid cypto partition is stored along with the other softraid metadata at the beginning of the partition, so it can quickly and easily be overwritten using dd to write random data to the first megabyte or so.
Re: Do I need to wipe encrypted dual boot NVME before installation
On Sat, 15 Jun 2024 10:01:51 +0100, lafermedesanim...@posteo.net wrote: > > I have a dual boot Devuan/OpenBSD, I wrote random data on my > drive and then install the OSes, both are encrypted. > Now, I want to remove this dual boot to have only OpenBSD > and use it as a daily driver. > My plan for this is to boot a GNU/Linux live usb, erase LUKS keys > with cryptsetup command, use the wipefs command to erase LUKS > header and reinstall OpenBSD with full disk encryption. > Is it secure enough ? Do I need to do something with OpenBSD > encrypted data as I have to with the LUKS keys/header on GNU/Linux ? > Probably I don't understand your attack vecor, but where I stay if you reinstall with reformat whole disk, old data on the disk will be replaced or not, but it shouldn't create an issue, should it? -- wbr, Kirill
Do I need to wipe encrypted dual boot NVME before installation
Hi, I have a dual boot Devuan/OpenBSD, I wrote random data on my drive and then install the OSes, both are encrypted. Now, I want to remove this dual boot to have only OpenBSD and use it as a daily driver. My plan for this is to boot a GNU/Linux live usb, erase LUKS keys with cryptsetup command, use the wipefs command to erase LUKS header and reinstall OpenBSD with full disk encryption. Is it secure enough ? Do I need to do something with OpenBSD encrypted data as I have to with the LUKS keys/header on GNU/Linux ? Thanks, Kz
Re: info about cpu in dmesg
On Fri, 14 Jun 2024 22:20:55 +0200 Hrvoje Popovski wrote: > Hi all, > > I have question about cpu output in dmesg. > I have Fujitsu RX2530m4 with 8 core Intel(R) Xeon(R) Gold 6134 and in > dmesg I've noticed that core are 0,4,5,7,18,19,21,22 > > without HT > cpu0: smt 0, core 0, package 0 > cpu1: smt 0, core 4, package 0 > cpu2: smt 0, core 5, package 0 > cpu3: smt 0, core 7, package 0 > cpu4: smt 0, core 18, package 0 > cpu5: smt 0, core 19, package 0 > cpu6: smt 0, core 21, package 0 > cpu7: smt 0, core 22, package 0 > > with HT > cpu0: smt 0, core 0, package 0 > cpu1: smt 0, core 4, package 0 > cpu2: smt 0, core 5, package 0 > cpu3: smt 0, core 7, package 0 > cpu4: smt 0, core 18, package 0 > cpu5: smt 0, core 19, package 0 > cpu6: smt 0, core 21, package 0 > cpu7: smt 0, core 22, package 0 > cpu8: smt 1, core 0, package 0 > cpu9: smt 1, core 4, package 0 > cpu10: smt 1, core 5, package 0 > cpu11: smt 1, core 7, package 0 > cpu12: smt 1, core 18, package 0 > cpu13: smt 1, core 19, package 0 > cpu14: smt 1, core 21, package 0 > cpu15: smt 1, core 22, package 0 > > My understanding is that : > package - cpu socket > core - physical cpu cores > smt - core thread > cpuX - name of core ? > > I thought that in my case core should be from 0 to 7 ? > <--- snip dmesg ---> The Xeon gold 6000 series can have upto 22 cores. The 6134 just has some of those cores disabled
Re: How to configure vlans with vmm
I tried the previously suggested setups with veb(4) but couldn't get it
to work, so I decided to start with simpler configurations to at least
figure out how to use vlan(4).
These experiments, though, have also failed. I'm attempting to use vlan
with vmm but making a mistake somewhere. Networking without vlans
works, but as soon as I create vlans, it fails. Anyone able to provide
hints?
Here is the original working configuration:
First, the host/hypervisor:
# cat /etc/vm.conf
socket owner :vmdusers
switch "switch1" {
locked lladdr
interface bridge0
}
bsdiso="/home/iso/install75.iso"
vm "jrmu" {
owner jrmu
memory 2G
cdrom $bsdiso
disk /home/jrmu/jrmu.qcow2 format qcow2
interface tap1 {
locked lladdr e8:8b:27:7b:7a:02
switch "switch1"
}
}
# cat /etc/hostname.bridge0
add vether0
# cat /etc/hostname.vether0
inet 104.167.241.53 0xfff8
up
# cat /etc/hostname.em1
inet 104.167.241.211 0xffc0
inet6 2602:fccf:400:41::1 64
!route add -inet6 2602:fccf:400::1 -cloning -link -iface em1
!route add -inet6 default 2602:fccf:400::1
# ifconfig
lo0: flags=2008049 mtu 32768
index 4 priority 0 llprio 3
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet 127.0.0.1 netmask 0xff00
em0: flags=8802 mtu 1500
lladdr 00:25:90:5a:2d:93
index 1 priority 0 llprio 3
media: Ethernet autoselect (none)
status: no carrier
em1: flags=8843 mtu 1500
lladdr 00:25:90:5a:2d:92
index 2 priority 0 llprio 3
groups: egress
media: Ethernet autoselect (1000baseT full-duplex,master)
status: active
inet 104.167.241.211 netmask 0xffc0 broadcast 104.167.241.255
inet6 fe80::225:90ff:fe5a:2d92%em1 prefixlen 64 scopeid 0x2
inet6 2602:fccf:400:41::1 prefixlen 64
enc0: flags=0<>
index 3 priority 0 llprio 3
groups: enc
status: active
bridge0: flags=41 mtu 1500
description: switch1-switch1
index 5 llprio 3
groups: bridge
priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp
tap1 flags=3
port 8 ifpriority 0 ifcost 0
vether0 flags=3
port 6 ifpriority 0 ifcost 0
vether0: flags=8943 mtu 1500
lladdr fe:e1:ba:d0:bc:f9
index 6 priority 0 llprio 3
groups: vether
media: Ethernet autoselect
status: active
inet 104.167.241.53 netmask 0xfff8 broadcast 104.167.241.55
pflog0: flags=141 mtu 33136
index 7 priority 0 llprio 3
groups: pflog
tap1: flags=8943 mtu 1500
lladdr fe:e1:ba:d1:13:c3
description: vm1-if0-jrmu
index 8 priority 0 llprio 3
groups: tap
status: active
# route -n show -inet
Routing tables
Internet:
DestinationGatewayFlags Refs Use Mtu Prio Iface
default104.167.241.193UGS2 845 - 8 em1
224/4 127.0.0.1 URS00 32768 8 lo0
47.103.216.95 104.167.241.193UGHD 1 755 - L 8 em1
104.167.241.192/26 104.167.241.211UCn1 545 - 4 em1
104.167.241.48/29 104.167.241.53 UCn60 - 4 vether0
104.167.241.48 link#6 UHLc 0 20 - 3 vether0
104.167.241.49 link#6 UHRLc 0 59 - 3 vether0
104.167.241.50 link#6 UHRLc 0 88 - 3 vether0
104.167.241.51 e8:8b:27:7b:7a:02 UHLc 0 183 - 3 vether0
104.167.241.52 link#6 UHRLc 0 64 - 3 vether0
104.167.241.53 fe:e1:ba:d0:db:10 UHLl 0 27 - 1 vether0
104.167.241.54 link#6 UHRLc 0 68 - 3 vether0
104.167.241.55 104.167.241.53 UHb0 12 - 1 vether0
104.167.241.193ac:1f:6b:fe:ca:98 UHLch 2 277 - 3 em1
104.167.241.21100:25:90:5a:2d:92 UHLl 0 127 - 1 em1
104.167.241.255104.167.241.211UHb0 61 - 1 em1
127/8 127.0.0.1 UGRS 00 32768 8 lo0
127.0.0.1 127.0.0.1 UHhl 2 280 32768 1 lo0
Inside the virtual machine:
jrmu# cat /etc/hostname.vio0
inet 104.167.241.51 0xfff8
up
jrmu# cat /etc/mygate
104.167.241.53
Connectivity works fine:
jrmu# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=114 time=7.205 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=114 time=7.272 ms
However, here is what I see after I setup vlans:
On the host/hypervisor:
# cat /etc/hostname.bridge0
Re: crippled my laptop trying to reclaim root space
On Thu, 13 Jun 2024 02:29:02 +0100, "Brian Conway" wrote: > > A note on how you got into the original situation without addressing all > the things you've done since: /dev should only be a few dozen KB in size > (less than 50). Some time in the past, you likely wrote a significant > amount of data to a new file in /dev rather than the device you intended. just an example of such application is logfmon which has cachefile which it removes and creates, after it was read. So, if you run it under root with /dev/null as cache file, you'll lose your /dev/null, and soon it will be quite big. -- wbr, Kirill
Re: crippled my laptop trying to reclaim root space
hi everyone many thanks to brian, crystal and walter for their replies, i was able to attach the the softraid0 with the correct command, i fsck everything then mounted the root partition, I found the rogue file in /dev, it was a 26mb file called sd1, I then rebooted and was able to login. time now for a full backup, again many thanks shadrock
info about cpu in dmesg
Hi all, I have question about cpu output in dmesg. I have Fujitsu RX2530m4 with 8 core Intel(R) Xeon(R) Gold 6134 and in dmesg I've noticed that core are 0,4,5,7,18,19,21,22 without HT cpu0: smt 0, core 0, package 0 cpu1: smt 0, core 4, package 0 cpu2: smt 0, core 5, package 0 cpu3: smt 0, core 7, package 0 cpu4: smt 0, core 18, package 0 cpu5: smt 0, core 19, package 0 cpu6: smt 0, core 21, package 0 cpu7: smt 0, core 22, package 0 with HT cpu0: smt 0, core 0, package 0 cpu1: smt 0, core 4, package 0 cpu2: smt 0, core 5, package 0 cpu3: smt 0, core 7, package 0 cpu4: smt 0, core 18, package 0 cpu5: smt 0, core 19, package 0 cpu6: smt 0, core 21, package 0 cpu7: smt 0, core 22, package 0 cpu8: smt 1, core 0, package 0 cpu9: smt 1, core 4, package 0 cpu10: smt 1, core 5, package 0 cpu11: smt 1, core 7, package 0 cpu12: smt 1, core 18, package 0 cpu13: smt 1, core 19, package 0 cpu14: smt 1, core 21, package 0 cpu15: smt 1, core 22, package 0 My understanding is that : package - cpu socket core- physical cpu cores smt - core thread cpuX- name of core ? I thought that in my case core should be from 0 to 7 ? Fujitsu RX2530m4 is two socket machine and up to 28 cores https://sp.ts.fujitsu.com/dmsp/Publications/public/ds-py-rx2530-m4.pdf I don't have problems with that machine, actually machine is great, boots quite fast, lots of pcie slots and it worked in production for 5 years without any problems. I'm just puzzled why in dmesg I see "core" that are higher that 7 ? fw2# dmesg OpenBSD 7.5-current (GENERIC.MP) #0: Fri Jun 14 17:46:43 CEST 2024 hrvoje@fw2.netlab:/sys/arch/amd64/compile/GENERIC.MP real mem = 50646933504 (48300MB) avail mem = 49088184320 (46814MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x6f93e000 (85 entries) bios0: vendor FUJITSU // American Megatrends Inc. version "V5.0.0.12 R1.62.0 for D3383-A1x" date 07/24/2023 bios0: FUJITSU PRIMERGY RX2530 M4 acpi0 at bios0: ACPI 6.1 acpi0: sleep states S0 S5 acpi0: tables DSDT FACP FPDT FIDT SPMI UEFI UEFI MCEJ MCFG HPET APIC MIGT MSCT PCAT PCCT RASF SLIT SRAT SVOS WDDT OEM4 OEM1 SSDT SSDT SSDT DMAR HEST BERT ERST EINJ acpi0: wakeup devices PWRB(S0) XHCI(S0) RP17(S0) PXSX(S0) RP18(S0) PXSX(S0) RP19(S0) PXSX(S0) RP20(S0) PXSX(S0) RP01(S0) PXSX(S0) RP02(S0) PXSX(S0) RP03(S0) PXSX(S0) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimcfg0 at acpi0 acpimcfg0: addr 0x8000, bus 0-255 acpihpet0 at acpi0: 2399 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) Gold 6134 CPU @ 3.20GHz, 3192.58 MHz, 06-55-04, patch 02007006 cpu0: cpuid 1 edx=bfebfbff ecx=77fefbff cpu0: cpuid 6 eax=77 ecx=9 cpu0: cpuid 7.0 ebx=d39b ecx=8 edx=bc002400 cpu0: cpuid a vers=4, gp=4, gpwidth=48, ff=3, ffwidth=48 cpu0: cpuid d.1 eax=f cpu0: cpuid 8001 edx=2c100800 ecx=121 cpu0: cpuid 8007 edx=100 cpu0: msr 10a=2000c04 cpu0: MELTDOWN cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 1MB 64b/line 16-way L2 cache, 24MB 64b/line 11-way L3 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 24MHz cpu0: mwait min=64, max=64, C-substates=0.2.0.2, IBE cpu1 at mainbus0: apid 8 (application processor) cpu1: Intel(R) Xeon(R) Gold 6134 CPU @ 3.20GHz, 3192.70 MHz, 06-55-04, patch 02007006 cpu1: smt 0, core 4, package 0 cpu2 at mainbus0: apid 10 (application processor) cpu2: Intel(R) Xeon(R) Gold 6134 CPU @ 3.20GHz, 3192.74 MHz, 06-55-04, patch 02007006 cpu2: smt 0, core 5, package 0 cpu3 at mainbus0: apid 14 (application processor) cpu3: Intel(R) Xeon(R) Gold 6134 CPU @ 3.20GHz, 3192.79 MHz, 06-55-04, patch 02007006 cpu3: smt 0, core 7, package 0 cpu4 at mainbus0: apid 36 (application processor) cpu4: Intel(R) Xeon(R) Gold 6134 CPU @ 3.20GHz, 3193.21 MHz, 06-55-04, patch 02007006 cpu4: smt 0, core 18, package 0 cpu5 at mainbus0: apid 38 (application processor) cpu5: Intel(R) Xeon(R) Gold 6134 CPU @ 3.20GHz, 3193.32 MHz, 06-55-04, patch 02007006 cpu5: smt 0, core 19, package 0 cpu6 at mainbus0: apid 42 (application processor) cpu6: Intel(R) Xeon(R) Gold 6134 CPU @ 3.20GHz, 3192.68 MHz, 06-55-04, patch 02007006 cpu6: smt 0, core 21, package 0 cpu7 at mainbus0: apid 44 (application processor) cpu7: Intel(R) Xeon(R) Gold 6134 CPU @ 3.20GHz, 3193.07 MHz, 06-55-04, patch 02007006 cpu7: smt 0, core 22, package 0 cpu8 at mainbus0: apid 1 (application processor) cpu8: Intel(R) Xeon(R) Gold 6134 CPU @ 3.20GHz, 3194.59 MHz, 06-55-04, patch 02007006 cpu8: smt 1, core 0, package 0 cpu9 at mainbus0: apid 9 (application processor) cpu9: Intel(R) Xeon(R) Gold 6134 CPU @ 3.20GHz, 3194.57 MHz, 06-55-04, patch 02007006 cpu9: smt 1, core 4, package 0 cpu10 at mainbus0: apid 11 (application processor) cpu10: Intel(R) Xeon(R) Gold 6134 CPU @ 3.20GHz, 3194.68 MHz, 06-55-04, patch 02007006 cpu10: smt 1, core 5, package 0 cpu11 at
Re: Debian 12 Under VMM
Hi Manuel, this was tricky. First I had to clear out the screen with CTRL+L. Then I had to use the arrows up and down, and this makes a menu appear. Then you choose Help, and you enter the boot commands. I had to go through a few trials and errors. Patience is key ;) Good luck > On 14 Jun 2024, at 15:14, Manuel Giraud wrote: > > >> Thank you Dave and Bruce. >> >> This worked for me: >> >> boost install gfxpayload=text console=ttyS0,115200n8 >> >> The critical part was that I had to type it and not copy paste it. > > Hi, > > Could you explain how did you entered those instructions? I'm trying > the same vm.conf as you but when I start with "vmctl start -c 1", I'm > presented with a textual menu and I don't know what to do with it. > > Best regards, > -- > Manuel Giraud
Re: Debian 12 Under VMM
Manuel Giraud writes: > 04-psyche.tot...@icloud.com writes: > >> Thank you Dave and Bruce. >> >> This worked for me: >> >> boost install gfxpayload=text console=ttyS0,115200n8 >> >> The critical part was that I had to type it and not copy paste it. > > Hi, > > Could you explain how did you entered those instructions? I'm trying > the same vm.conf as you but when I start with "vmctl start -c 1", I'm > presented with a textual menu and I don't know what to do with it. > > Best regards, I added these boot parameters from the Debian installer after selecting the Help menu using "H", then selecting "Special boot parameters for special machines." using .
mpv issue under OpenBSD
Hi team, About the issue I mentioned here: https://marc.info/?l=openbsd-ports=171790611818576=2 I reported it to mpv github: https://github.com/mpv-player/mpv/issues/14355 This is the answer I got: "Probably caused by something in b75b56f. But none of the developers use BSD." The b75b56f issue that guy refers is this: https://github.com/mpv-player/mpv/commit/b75b56f91048f0ca8f663b93a92aa059787022ce Someone knows if this signals issue could affect OpenBSD in particular? Walter P.S.: I don't understand why developers subject themselves and users to using this github shit. For starters to create the account I had to suffer an idiotic animation that ate up my entire cpu and didn't let me type username and password. -- Walter
Re: How to configure vlans with vmm
I attempted to follow the advice posted, but perhaps misunderstood somewhere.
I attempted to assign the IP address to vlan0 inside the virtual machine
(104.167.241.51). Needless to say this did not work, but I am not quite sure
what the correct configuration is. Any help would be greatly welcome:
$ doas cat /etc/vm.conf
socket owner :vmdusers
switch "switch1" {
locked lladdr
interface veb1
}
bsdiso="/home/iso/install75.iso"
vm "jrmu" {
owner jrmu
memory 2G
cdrom $bsdiso
disk /home/jrmu/jrmu.qcow2 format qcow2
interface tap1 {
locked lladdr e8:8b:27:7b:7a:02
switch "switch0"
}
}
$ doas cat /etc/hostname.veb1
add vlan0
add vlan1
link1
$ doas cat /etc/hostname.vlan0
vnetid 100 parent em1
lladdr fe:e1:ba:d0:84:0e
up
$ doas cat /etc/hostname.vlan1
vnetid 100 parent tap1
lladdr fe:e1:ba:d0:84:0f
up
$ doas cat /etc/hostname.em1
inet 104.167.241.211 0xffc0
inet6 2602:fccf:400:41::1 64
!route add -inet6 2602:fccf:400::1 -cloning -link -iface em1
!route add -inet6 default 2602:fccf:400::1
$ ifconfig
em1: flags=8b43 mtu
1500
lladdr 00:25:90:5a:2d:92
index 2 priority 0 llprio 3
groups: egress
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 104.167.241.211 netmask 0xffc0 broadcast 104.167.241.255
inet6 fe80::225:90ff:fe5a:2d92%em1 prefixlen 64 scopeid 0x2
inet6 2602:fccf:400:41::1 prefixlen 64
veb1: flags=a843
description: switch2-switch1
index 6 llprio 3
groups: veb
vlan0 flags=3
port 7 ifpriority 0 ifcost 0
vlan1 flags=3
port 8 ifpriority 0 ifcost 0
vlan0: flags=8943 mtu 1500
lladdr fe:e1:ba:d0:84:0e
index 7 priority 0 llprio 3
encap: vnetid 100 parent em1 txprio packet rxprio outer
groups: vlan
media: Ethernet autoselect (1000baseT full-duplex)
status: active
vlan1: flags=8102 mtu 1500
lladdr fe:e1:ba:d0:84:0f
index 8 priority 0 llprio 3
encap: vnetid 100 parent none txprio packet rxprio outer
groups: vlan
status: no carrier
vport1: flags=8843 mtu 1500
lladdr fe:e1:ba:d1:85:30
index 10 priority 0 llprio 3
groups: vport
inet 104.167.241.51 netmask 0xfff8 broadcast 104.167.241.55
inet6 fe80::fce1:baff:fed1:8530%vport1 prefixlen 64 scopeid 0xa
inet6 2602:fccf:4:51:: prefixlen 48
tap1: flags=8943 mtu 1500
lladdr fe:e1:ba:d7:82:a2
description: vm2-if0-jrmu
index 17 priority 0 llprio 3
groups: tap vms
status: active
Inside the virtual machine jrmu:
jrmu# cat /etc/hostname.vio0
up
jrmu# cat /etc/hostname.vlan0
vnetid 100 parent vio0
inet 104.167.241.51 0xff00
inet6 2602:fccf:4:51:: 64
!route add 104.167.241.211 -cloning -link -iface vlan0
!route add default 104.167.241.211
!route add -inet6 2602:fccf:4::1 -cloning -link -iface vlan0
!route add -inet6 default 2602:fccf:4::1
up
jrmu# ifconfig
lo0: flags=2008049 mtu 32768
index 3 priority 0 llprio 3
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet 127.0.0.1 netmask 0xff00
vio0: flags=8b43 mtu
1500
lladdr e8:8b:27:7b:7a:02
index 1 priority 0 llprio 3
media: Ethernet autoselect
status: active
enc0: flags=0<>
index 2 priority 0 llprio 3
groups: enc
status: active
vether0: flags=8843 mtu 1500
lladdr fe:e1:ba:d0:8c:a9
index 4 priority 0 llprio 3
groups: vether
media: Ethernet autoselect
status: active
inet 10.0.0.2 netmask 0xff00 broadcast 10.255.255.255
inet6 fe80::fce1:baff:fed0:8ca9%vether0 prefixlen 64 scopeid 0x4
inet6 fc00::2 prefixlen 7
vlan0: flags=8843 mtu 1500
lladdr e8:8b:27:7b:7a:02
index 5 priority 0 llprio 3
encap: vnetid 100 parent vio0 txprio packet rxprio outer
groups: vlan egress
media: Ethernet autoselect
status: active
inet 104.167.241.51 netmask 0xff00 broadcast 104.167.241.255
inet6 fe80::ea8b:27ff:fe7b:7a02%vlan0 prefixlen 64 scopeid 0x5
inet6 2602:fccf:4:51:: prefixlen 64
pflog0: flags=141 mtu 33136
index 6 priority 0 llprio 3
groups: pflog
--
jrmu
IRCNow (https://ircnow.org)
signature.asc
Description: PGP signature
Re: Debian 12 Under VMM
04-psyche.tot...@icloud.com writes: > Thank you Dave and Bruce. > > This worked for me: > > boost install gfxpayload=text console=ttyS0,115200n8 > > The critical part was that I had to type it and not copy paste it. Hi, Could you explain how did you entered those instructions? I'm trying the same vm.conf as you but when I start with "vmctl start -c 1", I'm presented with a textual menu and I don't know what to do with it. Best regards, -- Manuel Giraud
libopensmtpd with res_query_async never calls cb
misc@,
I dig into issue when callback which is scheduled via res_query_async never
fired inside opensmtpd filter which uses libopensmtpd.
I've tried both res_query_async and getrrsetbyname_async without any
differences on OpenBSD 7.5
The code looks like:
if ((query =
getrrsetbyname_async(domain, C_IN, T_TXT, 0, NULL)) ==
NULL)
osmtpd_err(1, "res_query_async");
if ((sig->query = event_asr_run(query, ar_rr_resolve, sig)) == NULL)
osmtpd_err(1, "event_asr_run");
where ar_rr_resolve is callback which need to be fired, the whole code:
https://github.com/catap/opensmtpd-filter-auth/blob/master/main.c#L863-L881
For one event loop it may setup a few quereis and some domain migth similar.
After spending a lot of time with debug I narrow down to the issue in
event_asr_dispatch which re-schedule event_add, and it never had happened.
Nor timeout, nor inout, nothing. Not always. Sometimes.
Thus, I've rebuild libc with enabled debug to use ASR_DEBUG and here an
output which proves that behaviour.
Anyway, I'm puzzling that to do next.
tcpdump:
14:09:36.760807 127.0.0.1.44226 > 127.0.0.1.53: [bad udp cksum 50fe! -> de34]
64311+ TXT? 20240125rsa._domainkey.mx.catap.net.(53) (ttl 64, id 35656, len 81,
bad ip cksum 0! -> f151)
14:09:36.785096 127.0.0.1.53 > 127.0.0.1.44226: 64311$ q: TXT?
20240125rsa._domainkey.mx.catap.net. 2/0/0 20240125rsa._domainkey.mx.catap.net.
CNAME[|domain] (ttl 64, id 25945, len 533, bad ip cksum 0! -> 157d)
14:09:36.785283 127.0.0.1.15520 > 127.0.0.1.53: [bad udp cksum 4cfe! -> 6b81]
2100+ TXT? 20240125rsa.domainkey.catap.net.(49) (ttl 64, id 27815, len 77, bad
ip cksum 0! -> ff7)
14:09:36.785305 127.0.0.1.53 > 127.0.0.1.15520: 2100$ q: TXT?
20240125rsa.domainkey.catap.net. 1/0/0 20240125rsa.domainkey.catap.net.
TXT[|domain] (ttl 64, id 15297, len 493, bad ip cksum 0! -> 3f3d)
14:09:36.863795 127.0.0.1.18298 > 127.0.0.1.53: [bad udp cksum 50fe! -> 4fc4]
53518+ TXT? 20240125rsa._domainkey.mx.catap.net.(53) (ttl 64, id 23044, len 81,
bad ip cksum 0! -> 2296)
14:09:36.863838 127.0.0.1.53 > 127.0.0.1.18298: 53518$ q: TXT?
20240125rsa._domainkey.mx.catap.net. 2/0/0 20240125rsa._domainkey.mx.catap.net.
CNAME[|domain] (ttl 64, id 51168, len 533, bad ip cksum 0! -> b2f5)
14:09:36.863990 127.0.0.1.36692 > 127.0.0.1.53: [bad udp cksum 4dfe! -> 41fd]
14366+ TXT? 20240125rsa._domainkey.korins.ky.(50) (ttl 64, id 61731, len 78,
bad ip cksum 0! -> 8b79)
14:09:36.865962 127.0.0.1.2727 > 127.0.0.1.53: [bad udp cksum 4cfe! -> 94e4]
55043+ TXT? 20240125rsa.domainkey.catap.net.(49) (ttl 64, id 32069, len 77, bad
ip cksum 0! -> ff58)
14:09:36.865977 127.0.0.1.53 > 127.0.0.1.2727: 55043$ q: TXT?
20240125rsa.domainkey.catap.net. 1/0/0 20240125rsa.domainkey.catap.net.
TXT[|domain] (ttl 64, id 57083, len 493, bad ip cksum 0! -> 9c02)
14:09:36.866528 127.0.0.1.45954 > 127.0.0.1.53: [bad udp cksum 51fe! -> 8452]
25459+ TXT? 20240125ed25519._domainkey.korins.ky.(54) (ttl 64, id 15424, len
82, bad ip cksum 0! -> 4059)
14:09:36.896741 127.0.0.1.53 > 127.0.0.1.36692: 14366$ q: TXT?
20240125rsa._domainkey.korins.ky. 2/0/0 20240125rsa._domainkey.korins.ky.
CNAME[|domain] (ttl 64, id 1532, len 539, bad ip cksum 0! -> 74d4)
14:09:36.997396 127.0.0.1.53 > 127.0.0.1.45954: 25459$ q: TXT?
20240125ed25519._domainkey.korins.ky. 2/0/0
20240125ed25519._domainkey.korins.ky. CNAME[|domain] (ttl 64, id 37600, len
208, bad ip cksum 0! -> e93a)
asr log:
Jun 14 14:09:36 mx0 smtpd[37708]: auth: using thread-local resolver
Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: checking for update of
"/etc/resolv.conf"
Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: asr_ctx_ref(ctx=0x22f67302840)
refcount=1
Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: asr_async_new(ctx=0x22f67302840)
type=2 refcount=2
Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: asr_ctx_unref(ctx=0x22f67302840)
refcount=3
Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: asr_run(0x22f672e1460,
0x72f8081d0ea8) ASR_GETRRSETBYNAME ctx=[0x22f67302840]
Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr:
res_query_async_ctx("20240125rsa._domainkey.mx.catap.net.", 1, 16)
Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: asr_async_new(ctx=0x22f67302840)
type=0 refcount=2
Jun 14 14:09:36 mx0 smtpd[37708]: auth: - asr_setup_query -
Jun 14 14:09:36 mx0 smtpd[37708]: auth: ;; HEADER id:0x37fbop:0 RD
z:0 ADr:NOERROR qd:1 an:0 ns:0 ar:0
Jun 14 14:09:36 mx0 smtpd[37708]: auth: ;; QUERY SECTION:
Jun 14 14:09:36 mx0 smtpd[37708]: auth: 20240125rsa._domainkey.mx.catap.net.
IN TXT
Jun 14 14:09:36 mx0 smtpd[37708]: auth: --
Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: [ASR_GETRRSETBYNAME@0x22f672e1460]
ASR_STATE_INIT -> ASR_STATE_SUBQUERY
Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: asr_run(0x22f67310620,
0x72f8081d0ea8) ASR_SEND ctx=[0x22f67302840]
Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: [ASR_SEND@0x22f67310620]
ASR_STATE_INIT -> ASR_STATE_NEXT_NS
Jun 14 14:09:36
Calibre Kindle usb sync
Hello, I was trying to sync my book with Calibre on OpenBSD to my ereader that I can correctly mount. dmesg greets me with the following line sd2 at scsibus5 targ 1 lun 0: removable Starting Calibre on my terminal, I see the following $ calibre QStandardPaths: XDG_RUNTIME_DIR not set, defaulting to '/tmp/runtime-d4' Failed to load libmtp, MTP device detection disabled cannot import name 'libmtp' from 'calibre_extensions' (unknown location) Exception in thread Thread-4: Traceback (most recent call last): File "/usr/local/lib/python3.10/threading.py", line 1016, in _bootstrap_inner self.run() File "/usr/local/lib/calibre/calibre/gui2/device.py", line 446, in run self.detect_device() File "/usr/local/lib/calibre/calibre/gui2/device.py", line 304, in detect_device self.scanner.scan() File "/usr/local/lib/calibre/calibre/devices/scanner.py", line 193, in scan self.devices = self.scanner() File "/usr/local/lib/calibre/calibre/devices/scanner.py", line 61, in __call__ from calibre_extensions import libusb ImportError: cannot import name 'libusb' from 'calibre_extensions' (unknown location) I don't know if this is related, but even trying to manually point to the correct directory (Connect to folder), Calibre won't see my device. I'm on OpenBSD 7.5, I mount my device with doas mount_msdos -u 1000 -g 1000 /mnt/sd2i /mnt/kindle Note, manually adding a Mobi file works, but I would like this sync process automated as I have done before on other OSes. Thank you in advance, d4
Re: Rate limit the httpd web server for signup requests
On Tue, Jun 11, 2024 at 10:41:33PM +, Martin wrote: > But what useful methods exists that prevent spamming a HTML signup form > from stuffing the database with useless signups? > > Naturally the accounts that haven't been validated one way or another > gets deleted, but the initial signup is a problem as thousands upon > thousands of requests are stored before deletion. Out of curiosity, what exactly is the issue here? >From what you've told us it seems as if the genuine signups are being validated by some external means, (such as a confirmation email loop or sms which doesn't require manual intervention by you), and fake signups are stored for a temporary period before being deleted automatically. So the intended result is being achieved. Anything you add to detect fake signups from being submitted is almost guaranteed to have a negative effect on some or all of your genuine users. Why is it a problem to have 'thousands' of requests stored temporarily, if those are later deleted? Is this database using a lot of storage? Is parsing it using a lot of CPU? If that's the issue then presumably either your code is very inefficient or you're using underpowered hardware.
Re: Rate limit the httpd web server for signup requests
On Thu, Jun 13, 2024 at 04:30:27AM -0700, Paul Pace wrote: > On 6/12/24 10:32 PM, Chris Bennett wrote: > > It's not perfect, but I have a long list of regexes that I know are spam > > that I have my Perl code that processes the form block. Trying to block > > from a log is not very helpful. It can let through thousands of the same > > spam attempts before the log catches up to the attempts reaching the log, > > which is a pretty long time. > > I was just wondering if you've tried requiring email or SMS link to unique > signup URL? > If it's a form to make a payment, it just gets sent off to another site. If it's a general contact us form, I just try to keep the spam down to a bearable level. Every couple of months I add new regexes. Speaking of which, I really need to do that now. Form spam is now annoying again. I do use an email address for each form and nothing else. That way I can just pick a day to wade through the trash. -- Regards, Chris Bennett "Who controls the past controls the future. Who controls the present controls the past." George Orwell - 1984
Re: webcam not working on chromium
On Thu, Jun 13, 2024 at 03:45:55PM +0200, Walter Alejandro Iglesias wrote: > Hello Thomas, > > On Thu, 13 Jun 2024 09:27:30 -0400 Thomas Frohwein wrote > > On Thu, Jun 13, 2024 at 01:45:44PM +0200, Walter Alejandro Iglesias wrote: > > > Hi everyone, > > > > > > I followed the instructions in OpenBSD media FAQ but I coudn't make my > > > webcam work neither on chromium nor on ungoogled-chromium. It works > > > fine on Firefox. Does anyone know any trick to make it work? > > > > > > > I'm not sure how to help with that if you're not sharing anything about > > your hardware. > > At first I did not associate the issue with a hardware problem because I > found several users complaining about this same thing with different > machines and operating systems. Some provided a solutions, but none of > them worked for me. Besides, the webcam works with the command > video(1), ffmpeg and Firefox. And, the webcam is recognized by > chromium, it just shows a black screen. Is that chromium could have > problems with my specific video card? > > In any case, below you have the info you asked me. There are some who use their webcam with chromium frequently, including me. It's been a few weeks but I just tested it and it still works on -current. So if yours isn't working, it's either the configuration or your hardware... > uvideo0 at uhub2 port 6 configuration 1 interface 0 "Chicony Electronics Co., > Ltd. Integrated Camera" rev 2.00/23.45 addr 4 > video0 at uvideo0 While I'm not familiar with your specific device, it's clearly detected and attaches to video0. In terms of configuration, you need to have kern.video.record enabled (see FAQ) and the device /dev/video0 needs to be owned by your user (also FAQ). If you made any prior changes, you want to make sure that /dev/video is still a symlink to video0 and not something else. I think in chromium, you might need ENABLE_WASM=1 for many video conferencing web pages.
Re: webcam not working on chromium
On Thu Jun 13 15:45:55 2024 Walter wrote: > Hello Thomas, > > On Thu, 13 Jun 2024 09:27:30 -0400 Thomas Frohwein wrote > > On Thu, Jun 13, 2024 at 01:45:44PM +0200, Walter Alejandro Iglesias wrote: > > > Hi everyone, > > > > > > I followed the instructions in OpenBSD media FAQ but I coudn't make my > > > webcam work neither on chromium nor on ungoogled-chromium. It works > > > fine on Firefox. Does anyone know any trick to make it work? > > > > > > > I'm not sure how to help with that if you're not sharing anything about > > your hardware. > > At first I did not associate the issue with a hardware problem because I > found several users complaining about this same thing with different > machines and operating systems. Some provided a solutions, but none of > them worked for me. Besides, the webcam works with the command > video(1), ffmpeg and Firefox. And, the webcam is recognized by > chromium, it just shows a black screen. Is that chromium could have > problems with my specific video card? > > In any case, below you have the info you asked me. > It seems you were right. It was a hardware issue, chromium have some problem with the integrated webcam in my thinkpad. I borrowed a logitech external webcam to my wife, pluged in and this webcam works with chromium.
Re: webcam not working on chromium
Hello Thomas, On Thu, 13 Jun 2024 09:27:30 -0400 Thomas Frohwein wrote > On Thu, Jun 13, 2024 at 01:45:44PM +0200, Walter Alejandro Iglesias wrote: > > Hi everyone, > > > > I followed the instructions in OpenBSD media FAQ but I coudn't make my > > webcam work neither on chromium nor on ungoogled-chromium. It works > > fine on Firefox. Does anyone know any trick to make it work? > > > > I'm not sure how to help with that if you're not sharing anything about > your hardware. At first I did not associate the issue with a hardware problem because I found several users complaining about this same thing with different machines and operating systems. Some provided a solutions, but none of them worked for me. Besides, the webcam works with the command video(1), ffmpeg and Firefox. And, the webcam is recognized by chromium, it just shows a black screen. Is that chromium could have problems with my specific video card? In any case, below you have the info you asked me. OpenBSD 7.5-current (GENERIC.MP) #126: Wed Jun 12 09:47:19 MDT 2024 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 6210174976 (5922MB) avail mem = 5998854144 (5720MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xe0010 (78 entries) bios0: vendor LENOVO version "6IET85WW (1.45 )" date 02/14/2013 bios0: LENOVO 2537EY8 acpi0 at bios0: ACPI 4.0 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET ASF! SLIC BOOT SSDT TCPA DMAR SSDT SSDT SSDT acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP1(S4) EXP2(S4) EXP3(S4) EXP4(S4) EXP5(S4) EHC1(S3) EHC2(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiec0 at acpi0 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz, 2793.22 MHz, 06-25-02, patch 0011 cpu0: cpuid 1 edx=bfebfbff ecx=298e3ff cpu0: cpuid 6 eax=7 ecx=1 cpu0: cpuid 7.0 edx=9c00 cpu0: cpuid a vers=3, gp=4, gpwidth=48, ff=3, ffwidth=48 cpu0: cpuid 8001 edx=28100800 ecx=1 cpu0: cpuid 8007 edx=100 cpu0: MELTDOWN cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 4-way I-cache, 256KB 64b/line 8-way L2 cache, 3MB 64b/line 12-way L3 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 133MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz, 2793.25 MHz, 06-25-02, patch 0011 cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz, 2793.26 MHz, 06-25-02, patch 0011 cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 5 (application processor) cpu3: Intel(R) Core(TM) i5 CPU M 540 @ 2.53GHz, 2793.82 MHz, 06-25-02, patch 0011 cpu3: smt 1, core 2, package 0 ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins, remapped acpimcfg0 at acpi0 acpimcfg0: addr 0xe000, bus 0-255 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG_) acpiprt2 at acpi0: bus 2 (EXP1) acpiprt3 at acpi0: bus 3 (EXP2) acpiprt4 at acpi0: bus -1 (EXP3) acpiprt5 at acpi0: bus 5 (EXP4) acpiprt6 at acpi0: bus 13 (EXP5) acpibtn0 at acpi0: LID_(wakeup) acpibtn1 at acpi0: SLPB(wakeup) acpipci0 at acpi0 UNCR acpipci1 at acpi0 PCI0: 0x 0x0011 0x0001 acpicmos0 at acpi0 tpm0 at acpi0 TPM_ 1.2 (TIS) addr 0xfed4/0x5000, device 0x104a rev 0x4e acpibat0 at acpi0: BAT0 model "42T4848" serial 7058 type LION oem "SANYO" acpiac0 at acpi0: AC unit online acpithinkpad0 at acpi0: version 1.0 "*pnp0c14" at acpi0 not configured "PNP0C14" at acpi0 not configured acpicpu0 at acpi0: C3(350@245 mwait.3@0x20), C2(500@205 mwait.3@0x10), C1(1000@3 mwait.1), PSS acpicpu1 at acpi0: C3(350@245 mwait.3@0x20), C2(500@205 mwait.3@0x10), C1(1000@3 mwait.1), PSS acpicpu2 at acpi0: C3(350@245 mwait.3@0x20), C2(500@205 mwait.3@0x10), C1(1000@3 mwait.1), PSS acpicpu3 at acpi0: C3(350@245 mwait.3@0x20), C2(500@205 mwait.3@0x10), C1(1000@3 mwait.1), PSS acpipwrres0 at acpi0: PUBS, resource for EHC1, EHC2 acpitz0 at acpi0: critical temperature is 100 degC acpivideo0 at acpi0: VID_ acpivout0 at acpivideo0: LCD0 acpivideo1 at acpi0: VID_ cpu0: using IvyBridge MDS workaround cpu0: Enhanced SpeedStep 2793 MHz: speeds: 2534, 2533, 2399, 2266, 2133, 1999, 1866, 1733, 1599, 1466, 1333, 1199 MHz pci0 at mainbus0 bus 255 pchb0 at pci0 dev 0 function 0 "Intel QuickPath" rev 0x02 pchb1 at pci0 dev 0 function 1 "Intel QuickPath" rev 0x02 pchb2 at pci0 dev 2 function 0 "Intel QPI Link" rev 0x02 pchb3 at pci0 dev 2 function 1 "Intel QPI Physical" rev 0x02 pchb4 at pci0 dev 2 function 2 "Intel Reserved" rev 0x02 pchb5 at pci0 dev 2 function 3 "Intel Reserved" rev 0x02 pci1 at mainbus0 bus 0 pchb6 at pci1 dev 0 function 0 "Intel Core
Re: webcam not working on chromium
On Thu, Jun 13, 2024 at 01:45:44PM +0200, Walter Alejandro Iglesias wrote: > Hi everyone, > > I followed the instructions in OpenBSD media FAQ but I coudn't make my > webcam work neither on chromium nor on ungoogled-chromium. It works > fine on Firefox. Does anyone know any trick to make it work? > I'm not sure how to help with that if you're not sharing anything about your hardware.
Re: pf tables questions
On 13/06/2024 14:51, Willy Manga wrote: Hi, On 12/06/2024 12:50, Kapetanakis Giannis wrote: Hi, [...] 2) I've found this tool yesterday (iprange) that it's job is to optimize large sets of IPs/Networks https://github.com/firehol/iprange/wiki I think that's why you have the 'tables' [1] structure with pf 1. https://man.openbsd.org/pf.conf#TABLES Sorry for the noise, I misread your question :P -- Willy Manga
webcam not working on chromium
Hi everyone, I followed the instructions in OpenBSD media FAQ but I coudn't make my webcam work neither on chromium nor on ungoogled-chromium. It works fine on Firefox. Does anyone know any trick to make it work?
Re: Rate limit the httpd web server for signup requests
On 6/12/24 10:32 PM, Chris Bennett wrote: It's not perfect, but I have a long list of regexes that I know are spam that I have my Perl code that processes the form block. Trying to block from a log is not very helpful. It can let through thousands of the same spam attempts before the log catches up to the attempts reaching the log, which is a pretty long time. I was just wondering if you've tried requiring email or SMS link to unique signup URL? Thank you, Paul
Re: pf tables questions
Hi, On 12/06/2024 12:50, Kapetanakis Giannis wrote: Hi, [...] 2) I've found this tool yesterday (iprange) that it's job is to optimize large sets of IPs/Networks https://github.com/firehol/iprange/wiki I think that's why you have the 'tables' [1] structure with pf 1. https://man.openbsd.org/pf.conf#TABLES -- Willy Manga
Re: crippled my laptop trying to reclaim root space
On Thu, Jun 13, 2024 at 03:47:26AM +0400, shadrock uhuru wrote: > caused me great problem when i came to using sysupgrade, > most of the space was taken up by the /dev directory, > so here comes the boo boo, When I started with OpenBSD, creating install media more than once I made this mistake: # dd if=file.img of=/dev/sd0 bs=1M ^^^ Instead of copying to the raw device: "rsd0c". # dd if=file.img of=/dev/rsd0c bs=1M -- Walter
Re: crippled my laptop trying to reclaim root space
On Thu, Jun 13, 2024 at 03:47:26AM +0400, shadrock uhuru wrote: > i tried bioctl -c C -l /dev/sd0a softraid0 > which returned the following errors > > softraid0: sd2 was not shutdown properly > softraid0: sd2 was not shutdown properly > bioctl: KDF hint has invalid size You are getting this error because the RAID volume is configured to use a keydisk, but you are invoking the bioctl command in such a way as to use a passphrase. You'll need to pass the -k argument to bioctl and specify the partition that holds the keydisk. But the absolute first thing you should do is STOP trying to fix this problem without fully understanding the commands you are entering, because just about everything you have done up to now has made things more complicated. The actual original problem was probably just a spurious large file in /dev. You mentioned that you backed up your data in /home. Please take care not to accidently overwrite this backup because you are working quickly in a stressful environment.
Re: mouse cursor no longer changes over hyperlinks in Firefox on OpenBSD 7.5
Thus said Stuart Henderson on Tue, 11 Jun 2024 21:41:00 -: > > widget.gtk.legacy-cursors.enabled to true > > That is the hack they added that is supposed to undo this change. > It doesn't do anything for me though. I noticed that it worked for me on one system and not another. Both systems were running OpenBSD 7.5, however, on the system that worked I found: $ pkg_info | grep firefox firefox-126.0.1 Firefox web browser And on the system where the setting had no effect: $ pkg_info | grep firefox firefox-124.0.2 Firefox web browser After upgrading the older to firefox-127.0 (latest available for -stable), this config setting now works consistently for me with no additional configuration elsewhere in the filesystem. Andy
Re: mouse cursor no longer changes over hyperlinks in Firefox on OpenBSD 7.5
On Wed, Jun 12, 2024 at 10:27:15PM -0700, Chris Bennett wrote: > > For fixing problems with tiny pointers in just xterm under fvwm3 I did this: > in .Xresources > XTerm*pointerShape: left_ptr > XTerm*cursorThem: Adwaita Oops XTerm*cursorTheme: Adwaita > Xcursor.size: 32 > > Xcursor.size can be 64 and also a couple of smaller sizes. > There may be other variations on this. I don't know, but this really saved me > from a micro pointer. > -- > Regards, > Chris Bennett > > "Who controls the past controls the future. Who controls the present controls > the past." > George Orwell - 1984 > -- Regards, Chris Bennett "Who controls the past controls the future. Who controls the present controls the past." George Orwell - 1984
Re: Rate limit the httpd web server for signup requests
On Tue, Jun 11, 2024 at 10:41:33PM +, Martin wrote: > I already do some rate limiting with stateful tracking options for PF, > which works really great for the stuff I use it for. > > I also use block lists of known bad IP addresses etc. > > But what useful methods exists that prevent spamming a HTML signup form > from stuffing the database with useless signups? > > Naturally the accounts that haven't been validated one way or another > gets deleted, but the initial signup is a problem as thousands upon > thousands of requests are stored before deletion. > > I have tried blocking by IP, but this is difficult as the IP changes > faster than it can be blocked. > > The User Agent is spoofed with random garbage. > > Honey pot empty hidden fields gets detected and ignored. > > Randomly generated form IDs that gets submitted and validated using a > session cookie also doesn't work as the cookie is just stored and then > send along. > > A simple CAPTCHA reduces some of the irrelevant noise, but the more > sophisticated bots solves the CAPTCHA. > > Using Cloudflare's or Google's CAPTCHA is frowned upon by the real > users, which I fully understand. > > So I was wondering, if some other clever method can reduce the noise? > It's not perfect, but I have a long list of regexes that I know are spam that I have my Perl code that processes the form block. Trying to block from a log is not very helpful. It can let through thousands of the same spam attempts before the log catches up to the attempts reaching the log, which is a pretty long time. -- Regards, Chris Bennett "Who controls the past controls the future. Who controls the present controls the past." George Orwell - 1984
Re: mouse cursor no longer changes over hyperlinks in Firefox on OpenBSD 7.5
On Tue, Jun 11, 2024 at 09:41:00PM -, Stuart Henderson wrote: > > On Mon, Jun 10, 2024 at 03:07:24PM -0600, Andy Bradford wrote: > >> Hello, > >> > >> I'm not sure if this is expected behavior or not, but it seems that > >> after upgrading to OpenBSD 7.5 the mouse cursor no longer changes from > >> an arrow pointer to a hand when I hover over links in Firefox. It does > >> work for some other programs though. Also, moving the mouse over other > >> elements (like text entry) does work. It's just moving over links that > >> no longer visibly changes the mouse cursor. > >> > >> Is this a problem isolated to Firefox? Is anyone aware of a change > >> that would cause this and more to the point, how to recover the > >> functionality? > > It's isolated to firefox, afaik most likely (maybe only likely?) > to occur if you don't use a "desktop environment", it's due to > https://bugzilla.mozilla.org/show_bug.cgi?id=1871863 > (see also https://bugzilla.mozilla.org/show_bug.cgi?id=1876366#c15) > and it's a flipping nuisance. > > On 2024-06-10, Hiltjo Posthuma wrote: > > iirc it can be worked around by setting in about:config: > > > > widget.gtk.legacy-cursors.enabled to true > > That is the hack they added that is supposed to undo this change. > It doesn't do anything for me though. > > If you're not using a desktop environment, you can run xsettingsd > with this in .xsettingsd to set a cursor theme: > > Gtk/CursorThemeName "Adwaita" > > However then in some setups you'll get stupidly large pointers in > Gtk based software. > > For fixing problems with tiny pointers in just xterm under fvwm3 I did this: in .Xresources XTerm*pointerShape: left_ptr XTerm*cursorThem: Adwaita Xcursor.size: 32 Xcursor.size can be 64 and also a couple of smaller sizes. There may be other variations on this. I don't know, but this really saved me from a micro pointer. -- Regards, Chris Bennett "Who controls the past controls the future. Who controls the present controls the past." George Orwell - 1984
Re: How to configure vlans with vmm
> TL,DR: add the VLAN interface to the veb device configured in /etc/vm.conf > > It depends a bit on the role you want your vmm host to play in that > network. Everything written below refers to the host, unless otherwise > specified. Thanks. I think I follow the basic idea of the setup. However, it appears to me that the virtual machine interfaces, which vm.conf(5) appears to constrain to be tap(4) interfaces, will not automatically have their vnet id set. Instead, each virtual machine will need to create its own vlan interface. Is there any way to avoid forcing the virtual machine to do that? To handle this entirely by the host? -- jrmu IRCNow (https://ircnow.org) signature.asc Description: PGP signature
Re: How to configure vlans with vmm
One more question I forgot to ask: How do you get the virtual machines to use your vport800/vport880 interfaces? From what I see in vm.conf(5), the virtual machines are required to use tap(4) interfaces. -- jrmu IRCNow (https://ircnow.org) signature.asc Description: PGP signature
Re: How to configure vlans with vmm
Thanks for your help. I think I follow your logic. If I understand correctly, each virtual machine needs its own vlan and its own virtual switch? So the host running vmm needs to create N number of vlans for its interface (in your example mcx0) for each of the N vitrual machines, and we need to create N switches. I think this is making sense now. Seems a bit complex, but I'm guessing it's best practice for security. -- jrmu IRCNow (https://ircnow.org) signature.asc Description: PGP signature
Re: crippled my laptop trying to reclaim root space
On Wed, Jun 12, 2024, at 6:47 PM, shadrock uhuru wrote: > the story start with my root partition being totally out of space which > caused me great problem when i came to using sysupgrade, > most of the space was taken up by the /dev directory, A note on how you got into the original situation without addressing all the things you've done since: /dev should only be a few dozen KB in size (less than 50). Some time in the past, you likely wrote a significant amount of data to a new file in /dev rather than the device you intended. Next time, do: ls -lhS /dev/|head Brian
crippled my laptop trying to reclaim root space
hi everyone i've managed to cripple my laptop after trying to restore some space on my root partition using techniques based on flawed ideas, the story start with my root partition being totally out of space which caused me great problem when i came to using sysupgrade, most of the space was taken up by the /dev directory, so here comes the boo boo, i thought without thinking it through that if i create a partition from the spare space on my hard disk i could move the dev fils to the partition then i could mount it on my /dev directory which would recover some usable space in the root partition, so i backed up the /dev directory and the /home partition with dump, i destroyed the home partition with disklabel, created a partition for dev then recreated the home partition again, i mounted the new partitions in the /mnt directory then restored the home backup to the new home partition, i was the going to restore the dev backup but after some research i decided to just copied MAKEDEV from /dev and recreate the devices with sh MAKEDEV all. I edited fstab with ed reassigned the new partition to the home entry and added an entry to mount the dev partition on /dev. i rebooted the laptop, the boot sequence completed all the way to the x-window login, there was problem logging in with the normal user, the login was accepted as correct but it failed to login, it just kept returning me to the username and password prompt, i left that issue for the moment to fix later, i could login as root which shows that the problem has to do with my normal user login file, something was missing or corrupted, so i had the laptop up a running as root user, dmesg showed me that the root partition was still full, so without thinking it through i booted into single user mode and rm everything from /dev then rebooted, then the poo hit the fan and i realised that the laptop would be unable to boot and mount the partitions as the files in /dev has to be accessible to do the mounts in the first place. I ended up doing a hard shutdown as the boot sequence stopped at that point. my laptop is FDE with keydisk, after the hard shutdown i tried to reboot in single user mode but softriad0 threw errors saying softriad0: sd2 was not shutdown properly bioctl: KDF hint has invalid size the next thing i tried was to boot up from an installation disk but i don't know the commands to fix the softraid0 error and then mount it here's some information about the drives the laptop disk disklabel -h -p g sd0 type: scsi disk: scsi disk sizefstype a: 1862g raid c: 1862g unused i: 0.3g msdos the install usb stick disklabel -h -p g sd1 type: scsi disk: vnd device sizefstype a: 0.6g4.2bsd c: 14g unused i: 0.0g msdos the usb keydisk disklabel -h -p g sd2 type: scsi disk: scsi disk sizefstype a: 0.0g raid c: 1.9gunused i: 0.3g msdos fsck sd0i, sd1a, sd1i, sd2i i tried bioctl -c C -l /dev/sd0a softraid0 which returned the following errors softraid0: sd2 was not shutdown properly softraid0: sd2 was not shutdown properly bioctl: KDF hint has invalid size -- could someone show me the command to 1 fix the softraid0 sd2 error 2 mount the softraid0 device then i can remove the dev partition restore the /dev directory with MAKEDEV then hopefully boot up normally thanks shadrock
Re: Rate limit the httpd web server for signup requests
Jun 12, 2024 00:56:47 Martin : > A simple CAPTCHA reduces some of the irrelevant noise, but the more > sophisticated bots solves the CAPTCHA. > > Using Cloudflare's or Google's CAPTCHA is frowned upon by the real > users, which I fully understand. > > So I was wondering, if some other clever method can reduce the noise? Testing and knowing all the possible solutions to fight "3rd kind intelligence spammers" seems a little overwhelming to me, it appears to me like the story to search for a firewall that solve every security problem. Indeed just consider that a parameter of curl allow you to simulate any post submission. And the problem eventually could be exactly this, the why of the existance of these advanced clients tools. [ ... ] For now, I just implememted my own captcha asking to solve a simple math and that eventually can be enriched for future research.. Some simple php code, easy stuff, happy to share it. -Dan
pf tables questions
Hi, I have a couple of questions about pf tables. 1) Does it use radix tree and especially Patricia tree? Trying to read the code and searches on web pointed to that. 2) I've found this tool yesterday (iprange) that it's job is to optimize large sets of IPs/Networks https://github.com/firehol/iprange/wiki tldr; Given a large set of IPs/Networks/ranges, it aggregates prefixes to fewer and larger prefixes, in order for the kernel to do less lookups. For instance, running it on my attackers input file table which has ranges from /10 to /32 (21 different CIDR prefixes - 288 distinct CIDRs), proposes a reduction to 3 CIDR prefixes of /16, /24, /32 (3489 distinct CIDRs). Much more entries but only 3 different prefixes instead of 21. This is supposed to work for ipset and Linux which uses hash:net Could this principle of balancing the tree - but with increased number of nodes, be also beneficial for large pf tables? Thanks, G
Re: Missing vlan interfaces in OPENBSD-PF-MIB::pfIfTable
On Wed, 2024-06-12 at 08:22 +0300, Kapetanakis Giannis wrote: > On 11/06/2024 15:34, Martijn van Duren wrote: > > On Tue, 2024-06-11 at 14:56 +0300, Kapetanakis Giannis wrote: > > > On 10/06/2024 18:43, Marc Boisis wrote: > > > > Hello, > > > > > > > > I've a 7.5 openBSD router, when I'm asking OPENBSD-PF-MIB I have only > > > > 64 physicals and carp interfaces but not my 45 vlan interfaces. > > > > > > > > My /etc/snmpd.conf > > > > ROOT:amdrg2:/root > cat /etc/snmpd.conf > > > > listen on 127.0.0.1 snmpv2c > > > > read-only community public > > > > > > > > > > > > "pfctl -sI" list all interfaces (carp and vlan). > > > > > > > > Is there a setting or a limit to configure to see vlan interfaces in > > > > OPENBSD-PF-MIB and especialy in OPENBSD-PF-MIB::pfIfTable ? > > > > > > > > Ps: In openbsd 6.5, OPENBSD-PF-MIB::pfIfTable contain all interfaces > > > > > > > > Regards > > > > > > > > Marc > > > > > > > Indeed. > > > > > > snmpwalk -v2c -c xx localhost OPENBSD-PF-MIB::pfIfDescr | wc -l > > > 64 > > > > > > pfctl -sI | wc -l > > > 99 (groups included) > > > > > > ifconfig | grep flags | wc -l > > > 85 > > > > > > that is on 7.5 release. > > > > > > snmpwalk is showing only "vlan" and not the vlan interfaces. That is > > > probably the group vlan. > > > > > > There is also an empty one at the end. > > > > > > OPENBSD-PF-MIB::pfIfDescr.63 = STRING: vlan > > > OPENBSD-PF-MIB::pfIfDescr.64 = STRING: > > > > > > G > > > > > $ snmp walk -v2c -cpublic 127.0.0.1 pfIfDescr | wc -l > > 15 > > $ doas pfctl -sI | wc -l > > 15 > > > > pfIfDescr.13 = STRING: vlan > > pfIfDescr.14 = STRING: vlan6 > > > > I'm not seeing it. I'm willing to dig into this, but without giving me a > > way to reproduce saying "me too" isn't going to help. > > > > martijn@ > > How about creating more than 64 interfaces? > > G The 64 interfaces wasn't obvious to me because of the phrasing of the interface count and the extra emphasis on the vlan part by OP. I already send a patch to tech@. martijn@
Re: Rate limit the httpd web server for signup requests
No perfect solution exists, but the following may help. 1) Parse the logs of your web application and ban any IP that attempts to create multiple accounts. Not great because you may have multiple users sharing the same public IP. It only works ok if you automate it via cronjob scripts. 2) Require the user to provide an external means of identification (such as an email address or a phone number) whose existence must be verified before his account is activated. Not great because bots may use disposable addresses/numbers, it delays the activation for legitimate users, and it requires more effort to implement than 1). 3) Alternative capchas. If your site is not that big of a target, you can get away with some naive captcha (such as Captcheck) without annoying your users too much. The problem is (as you have already noticed) naive captchas are not that hard to break for persistent bots; meanwhile complex captchas are bad for users. Maybe try different capctha solutions until you find one that sticks. Martin wrote: But what useful methods exists that prevent spamming a HTML signup form from stuffing the database with useless signups?
Re: mouse cursor no longer changes over hyperlinks in Firefox on OpenBSD 7.5
On Tue, Jun 11, 2024 at 09:41:00PM -, Stuart Henderson wrote: > > On Mon, Jun 10, 2024 at 03:07:24PM -0600, Andy Bradford wrote: > >> Hello, > >> > >> I'm not sure if this is expected behavior or not, but it seems that > >> after upgrading to OpenBSD 7.5 the mouse cursor no longer changes from > >> an arrow pointer to a hand when I hover over links in Firefox. It does > >> work for some other programs though. Also, moving the mouse over other > >> elements (like text entry) does work. It's just moving over links that > >> no longer visibly changes the mouse cursor. > >> > >> Is this a problem isolated to Firefox? Is anyone aware of a change > >> that would cause this and more to the point, how to recover the > >> functionality? > > It's isolated to firefox, afaik most likely (maybe only likely?) > to occur if you don't use a "desktop environment", it's due to > https://bugzilla.mozilla.org/show_bug.cgi?id=1871863 > (see also https://bugzilla.mozilla.org/show_bug.cgi?id=1876366#c15) > and it's a flipping nuisance. > > On 2024-06-10, Hiltjo Posthuma wrote: > > iirc it can be worked around by setting in about:config: > > > > widget.gtk.legacy-cursors.enabled to true > > That is the hack they added that is supposed to undo this change. > It doesn't do anything for me though. Adding these two settings? $ grep Xcursor ~/.Xdefaults Xcursor.theme: Adwaita $ cat ~/local/share/icons/default/index.theme [Icon Theme] Inherits=Adwaita > > If you're not using a desktop environment, you can run xsettingsd > with this in .xsettingsd to set a cursor theme: > > Gtk/CursorThemeName "Adwaita" > > However then in some setups you'll get stupidly large pointers in > Gtk based software. -- Walter
Re: Missing vlan interfaces in OPENBSD-PF-MIB::pfIfTable
On 11/06/2024 15:34, Martijn van Duren wrote: > On Tue, 2024-06-11 at 14:56 +0300, Kapetanakis Giannis wrote: >> On 10/06/2024 18:43, Marc Boisis wrote: >>> Hello, >>> >>> I've a 7.5 openBSD router, when I'm asking OPENBSD-PF-MIB I have only 64 >>> physicals and carp interfaces but not my 45 vlan interfaces. >>> >>> My /etc/snmpd.conf >>> ROOT:amdrg2:/root > cat /etc/snmpd.conf >>> listen on 127.0.0.1 snmpv2c >>> read-only community public >>> >>> >>> "pfctl -sI" list all interfaces (carp and vlan). >>> >>> Is there a setting or a limit to configure to see vlan interfaces in >>> OPENBSD-PF-MIB and especialy in OPENBSD-PF-MIB::pfIfTable ? >>> >>> Ps: In openbsd 6.5, OPENBSD-PF-MIB::pfIfTable contain all interfaces >>> >>> Regards >>> >>> Marc >>> >> Indeed. >> >> snmpwalk -v2c -c xx localhost OPENBSD-PF-MIB::pfIfDescr | wc -l >> 64 >> >> pfctl -sI | wc -l >> 99 (groups included) >> >> ifconfig | grep flags | wc -l >> 85 >> >> that is on 7.5 release. >> >> snmpwalk is showing only "vlan" and not the vlan interfaces. That is >> probably the group vlan. >> >> There is also an empty one at the end. >> >> OPENBSD-PF-MIB::pfIfDescr.63 = STRING: vlan >> OPENBSD-PF-MIB::pfIfDescr.64 = STRING: >> >> G > $ snmp walk -v2c -cpublic 127.0.0.1 pfIfDescr | wc -l > 15 > $ doas pfctl -sI | wc -l > 15 > > pfIfDescr.13 = STRING: vlan > pfIfDescr.14 = STRING: vlan6 > > > I'm not seeing it. I'm willing to dig into this, but without giving me a > way to reproduce saying "me too" isn't going to help. > > martijn@ > How about creating more than 64 interfaces? G
Re: Rate limit the httpd web server for signup requests
On 2024-06-11 15:41, Martin wrote: I already do some rate limiting with stateful tracking options for PF, which works really great for the stuff I use it for. I also use block lists of known bad IP addresses etc. But what useful methods exists that prevent spamming a HTML signup form from stuffing the database with useless signups? Naturally the accounts that haven't been validated one way or another gets deleted, but the initial signup is a problem as thousands upon thousands of requests are stored before deletion. I have tried blocking by IP, but this is difficult as the IP changes faster than it can be blocked. The User Agent is spoofed with random garbage. Honey pot empty hidden fields gets detected and ignored. Randomly generated form IDs that gets submitted and validated using a session cookie also doesn't work as the cookie is just stored and then send along. A simple CAPTCHA reduces some of the irrelevant noise, but the more sophisticated bots solves the CAPTCHA. Using Cloudflare's or Google's CAPTCHA is frowned upon by the real users, which I fully understand. So I was wondering, if some other clever method can reduce the noise? I haven't tried it and I'm not sure how useful it is in your case, but mCaptcha uses proof of work. https://mcaptcha.org/ Paul
Rate limit the httpd web server for signup requests
I already do some rate limiting with stateful tracking options for PF, which works really great for the stuff I use it for. I also use block lists of known bad IP addresses etc. But what useful methods exists that prevent spamming a HTML signup form from stuffing the database with useless signups? Naturally the accounts that haven't been validated one way or another gets deleted, but the initial signup is a problem as thousands upon thousands of requests are stored before deletion. I have tried blocking by IP, but this is difficult as the IP changes faster than it can be blocked. The User Agent is spoofed with random garbage. Honey pot empty hidden fields gets detected and ignored. Randomly generated form IDs that gets submitted and validated using a session cookie also doesn't work as the cookie is just stored and then send along. A simple CAPTCHA reduces some of the irrelevant noise, but the more sophisticated bots solves the CAPTCHA. Using Cloudflare's or Google's CAPTCHA is frowned upon by the real users, which I fully understand. So I was wondering, if some other clever method can reduce the noise?
Re: mouse cursor no longer changes over hyperlinks in Firefox on OpenBSD 7.5
On 2024-06-11, Stuart Henderson wrote: >> On Mon, Jun 10, 2024 at 03:07:24PM -0600, Andy Bradford wrote: >>> Hello, >>> >>> I'm not sure if this is expected behavior or not, but it seems that >>> after upgrading to OpenBSD 7.5 the mouse cursor no longer changes from >>> an arrow pointer to a hand when I hover over links in Firefox. It does >>> work for some other programs though. Also, moving the mouse over other >>> elements (like text entry) does work. It's just moving over links that >>> no longer visibly changes the mouse cursor. >>> >>> Is this a problem isolated to Firefox? Is anyone aware of a change >>> that would cause this and more to the point, how to recover the >>> functionality? > > It's isolated to firefox, afaik most likely (maybe only likely?) > to occur if you don't use a "desktop environment", it's due to > https://bugzilla.mozilla.org/show_bug.cgi?id=1871863 > (see also https://bugzilla.mozilla.org/show_bug.cgi?id=1876366#c15) > and it's a flipping nuisance. > > On 2024-06-10, Hiltjo Posthuma wrote: >> iirc it can be worked around by setting in about:config: >> >> widget.gtk.legacy-cursors.enabled to true > > That is the hack they added that is supposed to undo this change. > It doesn't do anything for me though. Oh, huh, it didn't help after just restarting firefox, but did after a reboot? Very odd. > > If you're not using a desktop environment, you can run xsettingsd > with this in .xsettingsd to set a cursor theme: > > Gtk/CursorThemeName "Adwaita" > > However then in some setups you'll get stupidly large pointers in > Gtk based software. > > > -- Please keep replies on the mailing list.
Re: mouse cursor no longer changes over hyperlinks in Firefox on OpenBSD 7.5
> On Mon, Jun 10, 2024 at 03:07:24PM -0600, Andy Bradford wrote: >> Hello, >> >> I'm not sure if this is expected behavior or not, but it seems that >> after upgrading to OpenBSD 7.5 the mouse cursor no longer changes from >> an arrow pointer to a hand when I hover over links in Firefox. It does >> work for some other programs though. Also, moving the mouse over other >> elements (like text entry) does work. It's just moving over links that >> no longer visibly changes the mouse cursor. >> >> Is this a problem isolated to Firefox? Is anyone aware of a change >> that would cause this and more to the point, how to recover the >> functionality? It's isolated to firefox, afaik most likely (maybe only likely?) to occur if you don't use a "desktop environment", it's due to https://bugzilla.mozilla.org/show_bug.cgi?id=1871863 (see also https://bugzilla.mozilla.org/show_bug.cgi?id=1876366#c15) and it's a flipping nuisance. On 2024-06-10, Hiltjo Posthuma wrote: > iirc it can be worked around by setting in about:config: > > widget.gtk.legacy-cursors.enabled to true That is the hack they added that is supposed to undo this change. It doesn't do anything for me though. If you're not using a desktop environment, you can run xsettingsd with this in .xsettingsd to set a cursor theme: Gtk/CursorThemeName "Adwaita" However then in some setups you'll get stupidly large pointers in Gtk based software.
Re: [Solved] Edit: Installation amd64 7.5
> In this day and age, I find it more frustrating [...] Me too. But with the people trying to be real experts in what they are clearly not.
Re: Missing vlan interfaces in OPENBSD-PF-MIB::pfIfTable
Like Kapetanakis I have the 64 interface desc empty: > snmpget -v2c -c public 127.0.0.1 OPENBSD-PF-MIB::pfIfDescr.64 OPENBSD-PF-MIB::pfIfDescr.64 = STRING: So can we imagine a limit of 64 interfaces in the snmp (snmpd_metrics) code ? > On 11 Jun 2024, at 14:34, Martijn van Duren > wrote: > > On Tue, 2024-06-11 at 14:56 +0300, Kapetanakis Giannis wrote: >> On 10/06/2024 18:43, Marc Boisis wrote: >>> Hello, >>> >>> I've a 7.5 openBSD router, when I'm asking OPENBSD-PF-MIB I have only 64 >>> physicals and carp interfaces but not my 45 vlan interfaces. >>> >>> My /etc/snmpd.conf >>> ROOT:amdrg2:/root > cat /etc/snmpd.conf >>> listen on 127.0.0.1 snmpv2c >>> read-only community public >>> >>> >>> "pfctl -sI" list all interfaces (carp and vlan). >>> >>> Is there a setting or a limit to configure to see vlan interfaces in >>> OPENBSD-PF-MIB and especialy in OPENBSD-PF-MIB::pfIfTable ? >>> >>> Ps: In openbsd 6.5, OPENBSD-PF-MIB::pfIfTable contain all interfaces >>> >>> Regards >>> >>> Marc >>> >> Indeed. >> >> snmpwalk -v2c -c xx localhost OPENBSD-PF-MIB::pfIfDescr | wc -l >> 64 >> >> pfctl -sI | wc -l >> 99 (groups included) >> >> ifconfig | grep flags | wc -l >> 85 >> >> that is on 7.5 release. >> >> snmpwalk is showing only "vlan" and not the vlan interfaces. That is >> probably the group vlan. >> >> There is also an empty one at the end. >> >> OPENBSD-PF-MIB::pfIfDescr.63 = STRING: vlan >> OPENBSD-PF-MIB::pfIfDescr.64 = STRING: >> >> G > > $ snmp walk -v2c -cpublic 127.0.0.1 pfIfDescr | wc -l > 15 > $ doas pfctl -sI | wc -l > 15 > > pfIfDescr.13 = STRING: vlan > pfIfDescr.14 = STRING: vlan6 > > > I'm not seeing it. I'm willing to dig into this, but without giving me a > way to reproduce saying "me too" isn't going to help. > > martijn@ >
Re: Missing vlan interfaces in OPENBSD-PF-MIB::pfIfTable
On Tue, 2024-06-11 at 14:56 +0300, Kapetanakis Giannis wrote: > On 10/06/2024 18:43, Marc Boisis wrote: > > Hello, > > > > I've a 7.5 openBSD router, when I'm asking OPENBSD-PF-MIB I have only 64 > > physicals and carp interfaces but not my 45 vlan interfaces. > > > > My /etc/snmpd.conf > > ROOT:amdrg2:/root > cat /etc/snmpd.conf > > listen on 127.0.0.1 snmpv2c > > read-only community public > > > > > > "pfctl -sI" list all interfaces (carp and vlan). > > > > Is there a setting or a limit to configure to see vlan interfaces in > > OPENBSD-PF-MIB and especialy in OPENBSD-PF-MIB::pfIfTable ? > > > > Ps: In openbsd 6.5, OPENBSD-PF-MIB::pfIfTable contain all interfaces > > > > Regards > > > > Marc > > > Indeed. > > snmpwalk -v2c -c xx localhost OPENBSD-PF-MIB::pfIfDescr | wc -l > 64 > > pfctl -sI | wc -l > 99 (groups included) > > ifconfig | grep flags | wc -l > 85 > > that is on 7.5 release. > > snmpwalk is showing only "vlan" and not the vlan interfaces. That is probably > the group vlan. > > There is also an empty one at the end. > > OPENBSD-PF-MIB::pfIfDescr.63 = STRING: vlan > OPENBSD-PF-MIB::pfIfDescr.64 = STRING: > > G $ snmp walk -v2c -cpublic 127.0.0.1 pfIfDescr | wc -l 15 $ doas pfctl -sI | wc -l 15 pfIfDescr.13 = STRING: vlan pfIfDescr.14 = STRING: vlan6 I'm not seeing it. I'm willing to dig into this, but without giving me a way to reproduce saying "me too" isn't going to help. martijn@
Re: Missing vlan interfaces in OPENBSD-PF-MIB::pfIfTable
On 10/06/2024 18:43, Marc Boisis wrote: > Hello, > > I've a 7.5 openBSD router, when I'm asking OPENBSD-PF-MIB I have only 64 > physicals and carp interfaces but not my 45 vlan interfaces. > > My /etc/snmpd.conf > ROOT:amdrg2:/root > cat /etc/snmpd.conf > listen on 127.0.0.1 snmpv2c > read-only community public > > > "pfctl -sI" list all interfaces (carp and vlan). > > Is there a setting or a limit to configure to see vlan interfaces in > OPENBSD-PF-MIB and especialy in OPENBSD-PF-MIB::pfIfTable ? > > Ps: In openbsd 6.5, OPENBSD-PF-MIB::pfIfTable contain all interfaces > > Regards > > Marc Indeed. snmpwalk -v2c -c xx localhost OPENBSD-PF-MIB::pfIfDescr | wc -l 64 pfctl -sI | wc -l 99 (groups included) ifconfig | grep flags | wc -l 85 that is on 7.5 release. snmpwalk is showing only "vlan" and not the vlan interfaces. That is probably the group vlan. There is also an empty one at the end. OPENBSD-PF-MIB::pfIfDescr.63 = STRING: vlan OPENBSD-PF-MIB::pfIfDescr.64 = STRING: G
Re: How to configure vlans with vmm
On Tue, Jun 11, 2024 at 09:25:31AM +0100, Zé Loff wrote:
> On Mon, Jun 10, 2024 at 12:11:45PM -0700, jrmu wrote:
> > How can I configure vmm to use vlans for virtual machines? I saw
> > openbsd.amsterdam * use this, but I am not sure how to replicate it.
> >
> > As I understand it, vmm creates a tap(4) interface for each virtual machine,
> > and all tap interfaces are then placed inside the switch defined in vm.conf,
> > which in my case is veb(4). To set up the virtual machines, would I want to
> > create a vlan(4) device for each virtual machine, and have the machine use
> > that? And then to add the vlan device onto the veb bridge?
> >
> > * https://openbsd.amsterdam/setup.html
> >
> > --
> > jrmu
> > IRCNow (https://ircnow.org)
>
> TL,DR: add the VLAN interface to the veb device configured in /etc/vm.conf
>
> It depends a bit on the role you want your vmm host to play in that
> network. Everything written below refers to the host, unless otherwise
> specified.
>
>
> The simplest setup is when the host plays no part in the VMs' networks,
> and all VLAN traffic will be sent upstream as-is (the host can still
> access the VMs services, but will do so via the upstream gateway). In
> this scenario you will have a bunch of VLANs already configured
> upstream, and simply want each VMs traffic to be blindly forwarded
> between the VMs and the upstream network.
>
> You'll need (1) a vmd switch for each VLAN, each defining a veb, (2) a
> vlan device for each VLAN, and (3) to add the VLAN devices to their
> respective vebs:
>
> (1) A vmd switch for each VLAN:
>
> /etc/vm.conf:
> switch "whatever1001" { interface veb1001 }
> switch "whatever1002" { interface veb1002 }
> ...
> vm "blablaon1001" {
> ...
> interface {
> switch "whatever1001"
>
> }
> }
> vm "yaddayaddaon1002" {
> switch "whatever1002"
>
> }
>
> You can do without the fixed lladdr. I use them because I want fixed IP
> addresses and I have an upstream dhcpd managing that.
>
> (2) VLAN interfaces on the host (change em0 to whatever is relevant in
> your case):
>
> /etc/hostname.vlan1001:
> vnetid 1001 parent em0
> up
>
> /etc/hostname.vlan1002:
> vnetid 1002 parent em0
> up
>
> (3) Add the vlan interfaces to the vebs created by vmd:
>
> /etc/hostname.veb1001
> description "blablablaon1001 uplink"
> add vlan1001
> up
>
> /etc/hostname.veb1002
> description "yaddayaddaon1002 uplink"
> add vlan1002
> up
>
> And that's it.
>
> If you want the host to directly connect to the VMs, you can just create
> vport interfaces (with appropriate IP address) and add them to the vebs.
Actually, this is not entirely correct. If you are adding the vlan
interface to the veb, then there is no need for the vport, you can just
configure the vlan interface (IP address, etc). The vmd host will then
be a part of the VLAN, so you get a "direct" route to the VM, if you
want to.
You _will_ need to add a vport to a veb if you want an isolated link
between the host and the VMs, but if that is the case you don't need
VLANs: just a different vport per veb.
--
Re: Missing vlan interfaces in OPENBSD-PF-MIB::pfIfTable
Hello Marc, I don't have access to such a machine, but my vlan interfaces do show up for me. Could you try and find a reproducer? martijn@ On Mon, 2024-06-10 at 17:43 +0200, Marc Boisis wrote: > Hello, > > I've a 7.5 openBSD router, when I'm asking OPENBSD-PF-MIB I have only 64 > physicals and carp interfaces but not my 45 vlan interfaces. > > My /etc/snmpd.conf > ROOT:amdrg2:/root > cat /etc/snmpd.conf > listen on 127.0.0.1 snmpv2c > read-only community public > > > "pfctl -sI" list all interfaces (carp and vlan). > > Is there a setting or a limit to configure to see vlan interfaces in > OPENBSD-PF-MIB and especialy in OPENBSD-PF-MIB::pfIfTable ? > > Ps: In openbsd 6.5, OPENBSD-PF-MIB::pfIfTable contain all interfaces > > Regards > > Marc
Re: How to configure vlans with vmm
On Mon, Jun 10, 2024 at 12:11:45PM -0700, jrmu wrote:
> How can I configure vmm to use vlans for virtual machines? I saw
> openbsd.amsterdam * use this, but I am not sure how to replicate it.
>
> As I understand it, vmm creates a tap(4) interface for each virtual machine,
> and all tap interfaces are then placed inside the switch defined in vm.conf,
> which in my case is veb(4). To set up the virtual machines, would I want to
> create a vlan(4) device for each virtual machine, and have the machine use
> that? And then to add the vlan device onto the veb bridge?
>
> * https://openbsd.amsterdam/setup.html
>
> --
> jrmu
> IRCNow (https://ircnow.org)
TL,DR: add the VLAN interface to the veb device configured in /etc/vm.conf
It depends a bit on the role you want your vmm host to play in that
network. Everything written below refers to the host, unless otherwise
specified.
The simplest setup is when the host plays no part in the VMs' networks,
and all VLAN traffic will be sent upstream as-is (the host can still
access the VMs services, but will do so via the upstream gateway). In
this scenario you will have a bunch of VLANs already configured
upstream, and simply want each VMs traffic to be blindly forwarded
between the VMs and the upstream network.
You'll need (1) a vmd switch for each VLAN, each defining a veb, (2) a
vlan device for each VLAN, and (3) to add the VLAN devices to their
respective vebs:
(1) A vmd switch for each VLAN:
/etc/vm.conf:
switch "whatever1001" { interface veb1001 }
switch "whatever1002" { interface veb1002 }
...
vm "blablaon1001" {
...
interface {
switch "whatever1001"
}
}
vm "yaddayaddaon1002" {
switch "whatever1002"
}
You can do without the fixed lladdr. I use them because I want fixed IP
addresses and I have an upstream dhcpd managing that.
(2) VLAN interfaces on the host (change em0 to whatever is relevant in
your case):
/etc/hostname.vlan1001:
vnetid 1001 parent em0
up
/etc/hostname.vlan1002:
vnetid 1002 parent em0
up
(3) Add the vlan interfaces to the vebs created by vmd:
/etc/hostname.veb1001
description "blablablaon1001 uplink"
add vlan1001
up
/etc/hostname.veb1002
description "yaddayaddaon1002 uplink"
add vlan1002
up
And that's it.
If you want the host to directly connect to the VMs, you can just create
vport interfaces (with appropriate IP address) and add them to the vebs.
--
Re: mouse cursor no longer changes over hyperlinks in Firefox on OpenBSD 7.5
Thus said Hiltjo Posthuma on Tue, 11 Jun 2024 01:19:13 +0200: > iirc it can be worked around by setting in about:config: > > widget.gtk.legacy-cursors.enabled to true Madness! But it works. Thanks. Andy
Re: mouse cursor no longer changes over hyperlinks in Firefox on OpenBSD 7.5
Hi, iirc it can be worked around by setting in about:config: widget.gtk.legacy-cursors.enabled to true On Mon, Jun 10, 2024 at 03:07:24PM -0600, Andy Bradford wrote: > Hello, > > I'm not sure if this is expected behavior or not, but it seems that > after upgrading to OpenBSD 7.5 the mouse cursor no longer changes from > an arrow pointer to a hand when I hover over links in Firefox. It does > work for some other programs though. Also, moving the mouse over other > elements (like text entry) does work. It's just moving over links that > no longer visibly changes the mouse cursor. > > Is this a problem isolated to Firefox? Is anyone aware of a change > that would cause this and more to the point, how to recover the > functionality? > > Thanks, > > Andy > -- Kind regards, Hiltjo
mouse cursor no longer changes over hyperlinks in Firefox on OpenBSD 7.5
Hello, I'm not sure if this is expected behavior or not, but it seems that after upgrading to OpenBSD 7.5 the mouse cursor no longer changes from an arrow pointer to a hand when I hover over links in Firefox. It does work for some other programs though. Also, moving the mouse over other elements (like text entry) does work. It's just moving over links that no longer visibly changes the mouse cursor. Is this a problem isolated to Firefox? Is anyone aware of a change that would cause this and more to the point, how to recover the functionality? Thanks, Andy
Re: How to configure vlans with vmm
Hi,
You would have to do something like the following.
In /etc/vm.conf you configure multiple switches:
switch "uplink_vlan800" {
interface veb800
}
switch "uplink_vlan880" {
interface veb880
For /etc/hostname.if you have to go through the config per VLAN.
The actual interface is:
# /etc/hostname.mcx0
up
For VLAN 800:
# /etc/hostname.vlan800
vnetid 800 parent mcx0
up
# /etc/hostname.vport800
inet
inet6
up
# /etc/hostname.veb800
add vlan800
add vport800
up
And for VLAN 880:
# /etc/hostname.vlan880
vnetid 880 parent mcx0
up
# /etc/hostname.vport800
inet
inet6
up
# /etc/hostname.veb880
add vlan880
add vport880
up
Hope this helps.
Mischa
On 2024-06-10 21:11, jrmu wrote:
How can I configure vmm to use vlans for virtual machines? I saw
openbsd.amsterdam * use this, but I am not sure how to replicate it.
As I understand it, vmm creates a tap(4) interface for each virtual
machine,
and all tap interfaces are then placed inside the switch defined in
vm.conf,
which in my case is veb(4). To set up the virtual machines, would I
want to
create a vlan(4) device for each virtual machine, and have the machine
use
that? And then to add the vlan device onto the veb bridge?
* https://openbsd.amsterdam/setup.html
How to configure vlans with vmm
How can I configure vmm to use vlans for virtual machines? I saw openbsd.amsterdam * use this, but I am not sure how to replicate it. As I understand it, vmm creates a tap(4) interface for each virtual machine, and all tap interfaces are then placed inside the switch defined in vm.conf, which in my case is veb(4). To set up the virtual machines, would I want to create a vlan(4) device for each virtual machine, and have the machine use that? And then to add the vlan device onto the veb bridge? * https://openbsd.amsterdam/setup.html -- jrmu IRCNow (https://ircnow.org) signature.asc Description: PGP signature
Missing vlan interfaces in OPENBSD-PF-MIB::pfIfTable
Hello, I've a 7.5 openBSD router, when I'm asking OPENBSD-PF-MIB I have only 64 physicals and carp interfaces but not my 45 vlan interfaces. My /etc/snmpd.conf ROOT:amdrg2:/root > cat /etc/snmpd.conf listen on 127.0.0.1 snmpv2c read-only community public "pfctl -sI" list all interfaces (carp and vlan). Is there a setting or a limit to configure to see vlan interfaces in OPENBSD-PF-MIB and especialy in OPENBSD-PF-MIB::pfIfTable ? Ps: In openbsd 6.5, OPENBSD-PF-MIB::pfIfTable contain all interfaces Regards Marc
Re: cpu cores
Greetings, On Mon, 10 Jun 2024 13:15:13 +0100, Riccardo Mottola wrote: > > This is for workstation use, mixed user and developer. To each its own. > I bet it ends depending also on cache, memory and specific jobs. > Do not forget about IO, which can be a bottel neck in case of compiling. Have you tried to run compilation with the same parallerism with and without HT enabled? For example build kernel with -j10 which is bigger than number of CPU with enabled HT on that machine (4 / 8): without HT: 8m42.07s real27m31.80s user 4m55.68s system vs with HT: 8m38.82s real50m47.22s user 8m41.53s system -- wbr, Kirill
Updated Operations Research tools
I am excited to announce a number of software packages that have been updated to work on OpenBSD. 1. COIN-OR (coin-or.org) - The CBC solver was failing to build due to a casting error. Pull request 653 (https://github.com/coin-or/Cbc/pull/653) corrects this issue; 2. HiGHS solver (https://ergo-code.github.io/HiGHS/stable/) - failed to build due to the `strerror_r` prototype. Pull request 1783 ( https://github.com/ERGO-Code/HiGHS/pull/1783) corrects this. 3. Google or-tools (https://developers.google.com/optimization/) - several compilation issues prevented building the associated Python package. Pull requests 4257 (https://github.com/google/or-tools/pull/4257), 4259 ( https://github.com/google/or-tools/pull/4259), and 4266 ( https://github.com/google/or-tools/pull/4266) correct each of these problems. With these changes introduced, we can now run the relevant solvers and python packages on an OpenBSD system! I'm so happy I was able to give back to the OpenBSD community in this way. Ron
Re: cpu cores
> > You've been on these lists for over 15 years and yet didn't include a > > complete dmesg. Ok. On Jun 09 22:31:02, rios.gust...@gmail.com wrote: > here it goes! > Stuart Henderson wrote: > > dmesg | grep smt will make it obvious. cpu0: smt 0, core 0, package 0 cpu1: smt 1, core 0, package 0 cpu2: smt 0, core 4, package 0 cpu3: smt 1, core 4, package 0 cpu4: smt 0, core 8, package 0 cpu5: smt 0, core 9, package 0 cpu6: smt 0, core 10, package 0 cpu7: smt 0, core 11, package 0
Re: cpu cores
Hi, Kirill A. Korinsky wrote: Thus, here old but interesting results that enabling hyperthreading has negative effect on performance of have CPU used applications: https://web.archive.org/web/20220325090914/http://users.telenet.be/nicvroom/performanceP4.htm there are many different experiences on Threading - HT. I started checking when it was disabled on my i5 and then I re-enabled it on OpenBSD. Same fate on NetBSD. I can say that for compiling bit packages where you can run senveral make jobs - as long as you have enough memory "per core", HT gives a great benefit. It gives also benefit if you compile say "n-1" threads and want to use your system as a desktop and it gives also definitive benefit in an average desktop where you want to browse, have a couple tabs open, check mail and run a terminal. This is more subjective, while diminishing compilation times are real. This is for workstation use, mixed user and developer. To each its own. I bet it ends depending also on cache, memory and specific jobs. I also read of cases where performance is abysmal and worse with more HT. And there are all the known security issues too. Riccardo
Re: cpu cores
Hi Stuartd, Stuart Henderson wrote: Exactly. dmesg | grep smt will make it obvious. The cache information for each attached cpu will probably also show differences between the P and E cores. Spec of the CPU listed in dmesg https://ark.intel.com/content/www/us/en/ark/products/226269/intel-core-i3-1215u-processor-10m-cache-up-to-4-40-ghz-with-ipu.html?countrylabel=Latin It is given as 6 core cpu, 8 threads. Riccardo
Re: cpu cores
here it goes! Em sáb., 8 de jun. de 2024 às 04:30, Philip Guenther escreveu: > On Fri, Jun 7, 2024 at 10:58 PM Gustavo Rios > wrote: > > i have installed obsd on my dell notebook 8 cores processor. When i > execute the top utility, it is showed the cores, from 0 (cpu0) to 7 (cpu7), > but cpu1 and cpu3 is not listed. What is the problem ? > > You've been on these lists for over 15 years and yet didn't include a > complete dmesg. Ok. > > If your dmesg completely lacks lines for cpu1 and cpu3 (but not 2 or 4 > or 5) then it's a limitation of that exact model and how the BIOS has > it configured. > > But that's really bizarre. Too bad we have zero information about > your laptop and the cpus inside it. > > > Philip Guenther > -- The lion and the tiger may be more powerful, but the wolves do not perform in the circus OpenBSD 7.5 (GENERIC.MP) #82: Wed Mar 20 15:48:40 MDT 2024 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8242978816 (7861MB) avail mem = 7972089856 (7602MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.4 @ 0x5d033000 (75 entries) bios0: vendor Dell Inc. version "1.16.0" date 06/20/2023 bios0: Dell Inc. Inspiron 15 3520 efi0 at bios0: UEFI 2.7 efi0: Dell rev 0x1 acpi0 at bios0: ACPI 6.3 acpi0: sleep states S0 S4 S5 acpi0: tables DSDT FACP SSDT SSDT SSDT HPET APIC MCFG SSDT SSDT SSDT NHLT SSDT LPIT SSDT SSDT DBGP DBG2 BOOT MSDM SSDT TPM2 DMAR SSDT SSDT SSDT SSDT PHAT BGRT FPDT acpi0: wakeup devices PEG0(S4) PEGP(S4) PEGP(S4) PEG2(S4) PEGP(S4) XHCI(S0) XDCI(S4) HDAS(S4) CNVW(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 1920 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: 12th Gen Intel(R) Core(TM) i3-1215U, 4390.68 MHz, 06-9a-04, patch 042a cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,PT,SHA,UMIP,PKU,WAITPKG,PKS,MD_CLEAR,IBT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,IBRS_ALL,SKIP_L1DFL,MDS_NO,IF_PSCHANGE,TAA_NO,MISC_PKG_CT,ENERGY_FILT,DOITM,SBDR_SSDP_N,FBSDP_NO,PSDP_NO,RRSBA,OVERCLOCK,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu0: 48KB 64b/line 12-way D-cache, 32KB 64b/line 8-way I-cache, 1MB 64b/line 10-way L2 cache, 10MB 64b/line 10-way L3 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 38MHz cpu0: mwait min=64, max=64, C-substates=0.2.0.2.0.1.0.1, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: 12th Gen Intel(R) Core(TM) i3-1215U, 4390.69 MHz, 06-9a-04, patch 042a cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,PT,SHA,UMIP,PKU,WAITPKG,PKS,MD_CLEAR,IBT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,IBRS_ALL,SKIP_L1DFL,MDS_NO,IF_PSCHANGE,TAA_NO,MISC_PKG_CT,ENERGY_FILT,DOITM,SBDR_SSDP_N,FBSDP_NO,PSDP_NO,RRSBA,OVERCLOCK,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu1: 48KB 64b/line 12-way D-cache, 32KB 64b/line 8-way I-cache, 1MB 64b/line 10-way L2 cache, 10MB 64b/line 10-way L3 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 8 (application processor) cpu2: 12th Gen Intel(R) Core(TM) i3-1215U, 3991.51 MHz, 06-9a-04, patch 042a cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,PT,SHA,UMIP,PKU,WAITPKG,PKS,MD_CLEAR,IBT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,IBRS_ALL,SKIP_L1DFL,MDS_NO,IF_PSCHANGE,TAA_NO,MISC_PKG_CT,ENERGY_FILT,DOITM,SBDR_SSDP_N,FBSDP_NO,PSDP_NO,RRSBA,OVERCLOCK,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu2: 48KB 64b/line 12-way D-cache, 32KB 64b/line 8-way I-cache, 1MB 64b/line 10-way L2 cache, 10MB 64b/line 10-way L3 cache cpu2: smt 0, core 4, package 0 cpu3 at mainbus0: apid 9 (application processor) cpu3: 12th Gen Intel(R) Core(TM) i3-1215U, 3991.51 MHz, 06-9a-04, patch 042a cpu3:
Re: Issue bridging vport and tap interfaces with veb
> There is a big battle over implicit vs expicit up. Especially since the > way it is done is by hacking up every interface ioctl routine. > So depending on which side did the driver it may do the up or not. I noticed this in ifconfig(8): up Mark an interface “up”. This may be used to enable an interface after an ifconfig down. It happens automatically when setting the first address on an interface. If the interface was reset when previously marked down, the hardware will be re-initialized. Perhaps there should be a special note in the veb(4) manual page? -- jrmu IRCNow (https://ircnow.org) signature.asc Description: PGP signature
Re: [Solved] Edit: Installation amd64 7.5: How to access the distribution sets on the USB stick?
Errata: 2) to solve I copied the content of my stick to a larger usbdisk (almost 512gb by copy machine), upgraded the disk and copied back to the stick. -Dan Jun 9, 2024 17:35:56 Dan : > > Sorry if I arrive late and maybe with something that is neither pertaining. > > This prb make me remember an issue that I experienced many sysupgrades > ago for almost two subsequent times: sysupgrade suddenly stopped on the disk > selection saying no acceptable disk destination was inserted while my usb disk > of my station was clearly inserted and ready for the upgrade. The interesting > parts here possibly addressing a suggestion for you are: 1) my problem > replicated on different machines (almost 1 minipc and 1 laptop) and sticks > (altghough coming from the same original installation) 2) to solve I copied > the > content of my stick to a larger usbdisk (almost 512gb by copy machine), > upgraded the disk and > copied back to the disk. It happened to me many years ago and when I was still > with 16gb sticks, however I still own the same hardware. > A side note: 7.5 upgrade on 32gb stick gave me no problem. > > -Dan
Re: [Solved] Edit: Installation amd64 7.5: How to access the distribution sets on the USB stick?
Sorry if I arrive late and maybe with something that is neither pertaining. This prb make me remember an issue that I experienced many sysupgrades ago for almost two subsequent times: sysupgrade suddenly stopped on the disk selection saying no acceptable disk destination was inserted while my usb disk of my station was clearly inserted and ready for the upgrade. The interesting parts here possibly addressing a suggestion for you are: 1) my problem replicated on different machines (almost 1 minipc and 1 laptop) and sticks (altghough coming from the same original installation) 2) to solve I copied the content of my stick to a larger usbdisk (almost 512gb by copy machine), upgraded the disk and copied back to the disk. It happened to me many years ago and when I was still with 16gb sticks, however I still own the same hardware. A side note: 7.5 upgrade on 32gb stick gave me no problem. -Dan
EuroBSDCon 2024 Dublin, Ireland September 19-22, Call for papers open until June 15
EuroBSDCon 2024 Dublin, Ireland September 19-22, 2024 https://2024.eurobscon.org/ Call for Papers runs until June 15, 2024 https://2024.eurobsdcon.org/cfp/index.html Submit at https://events.eurobsdcon.org/ #dublin #freebsd #openbsd #netbsd #development #devops #sysadmin #networking -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: [Solved] Edit: Installation amd64 7.5: How to access the distribution sets on the USB stick?
Am 2024-06-08 23:05, schrieb Jan Stary:
The issue was the USB stick did not appear in the disk selection
dialog
when it was inserted into one of the front USB ports of the PC.
To be clear: you booted from it,
Yes.
then removed it,
Yes.
and then inserted it again into this (front) USB slot?
Yes, into this same front USB3 port. But the stick did still not appear,
neither in 'sysctl hw.disknames', nor in the disk selection dialog of
the install step "Let's install the sets!".
Inserting it into one of the back USB ports was the solution: It
appeared as 'sd3', as expected ('sd0, sd1, sd2' being the 3 internal
SSDs).
But then you removed it again, during that same install,
Yes.
and inserted it again into one of the rear USB slots,
Yes, into one of the rear USB3 ports.
and it appeared as sd3?
Yes. It appeared instantly in the disk selection dialog of the install
step "Let's install the sets!", as described by Nick Holland in his post
of yesterday.
Best regards
Rolf
support new
0 C Germany P Berlin T Berlin Z 10999 O Blunix GmbH I A Glogauer Straße 21 M i...@blunix.com U https://www.blunix.com/ B +49 30 / 629 318 76 X N Automated, security-focused, and FOSS customized hosting solutions for OpenBSD and Debian Linux. 24/7/365 emergency support with a maximum 60-minute response time. Project-based consulting for projects of all sizes. Managed hosting on your IaaS provider using our FOSS Ansible stack. OpenBSD is our preferred choice for secure hosting environments.
Re: [Solved] Edit: Installation amd64 7.5: How to access the distribution sets on the USB stick?
On 2024-06-08, Jan Stary wrote: > On Jun 08 15:33:15, rfab...@mhsmail.ch wrote: >> The issue was the USB stick did not appear in the disk selection dialog. > > That's hard to believe. If the installer booted from it, > it must have been recognized as one of the sd? disks > during the bsd.rd boot. If the installer booted from it, that means BIOS/UEFI was able to read from it. That's quite different to having a working driver for the storage device/controller. -- Please keep replies on the mailing list.
Re: [Solved] Edit: Installation amd64 7.5: How to access the distribution sets on the USB stick?
On Sat, Jun 8, 2024, at 4:01 PM, Jan Stary wrote: > On Jun 08 15:33:15, rfab...@mhsmail.ch wrote: >> The issue was the USB stick did not appear in the disk selection dialog. > > That's hard to believe. If the installer booted from it, > it must have been recognized as one of the sd? disks > during the bsd.rd boot. > > Jan Not hard to believe at all. USB 3.0/XHCI has long been very quirky across hardware, firmware, and OS stacks. For years, the popular PC Engines apu2 platform would happily boot USB 3 flash drive(s) for me and then decline to find the root filesystem on the same stick further along in the OpenBSD boot process. Using USB 2 was a viable workaround. I believe that particular case has since been resolved (BIOS or OS or both, I forget which), but it wasn't the only one I've run into. Brian
Re: [Solved] Edit: Installation amd64 7.5: How to access the distribution sets on the USB stick?
On Sat, Jun 8, 2024 at 3:09 PM Jan Stary wrote:
> On Jun 08 16:52:58, rfab...@mhsmail.ch wrote:
> > Am 2024-06-08 15:50, schrieb Otto Moerbeek:
> > >
> > > On Sat, Jun 08, 2024 at 03:33:15PM +0200, rfab...@mhsmail.ch wrote:
> > >
> > Am 2024-06-08 08:28, schrieb Jan Stary:
> > > >
> > > > > When asked where the file sets are,
> > > > > you tell the installer where on the USB stick they are.
> > > >
> > > > The issue was the USB stick did not appear in the disk selection
> > > > dialog.
> > >
> > > Why do you think that? It is likely to be one of the sd disks.
> > >
> > > -Otto
> >
> > The issue was the USB stick did not appear in the disk selection dialog
> > when it was inserted into one of the front USB ports of the PC.
>
> To be clear: you booted from it, then removed it,
> and then inserted it again into this (front) USB slot?
>
> > Inserting it into one of the back USB ports was the solution: It
> > appeared as 'sd3', as expected ('sd0, sd1, sd2' being the 3 internal
> SSDs).
>
> But then you removed it again, during that same install,
> and inserted it again into one of the rear USB slots,
> and it appeared as sd3?
>
> Jan
>
>
Maybe a dmesg from the installer would be useful...
Re: [Solved] Edit: Installation amd64 7.5: How to access the distribution sets on the USB stick?
On Jun 08 16:52:58, rfab...@mhsmail.ch wrote:
> Am 2024-06-08 15:50, schrieb Otto Moerbeek:
> >
> > On Sat, Jun 08, 2024 at 03:33:15PM +0200, rfab...@mhsmail.ch wrote:
> >
> Am 2024-06-08 08:28, schrieb Jan Stary:
> > >
> > > > When asked where the file sets are,
> > > > you tell the installer where on the USB stick they are.
> > >
> > > The issue was the USB stick did not appear in the disk selection
> > > dialog.
> >
> > Why do you think that? It is likely to be one of the sd disks.
> >
> > -Otto
>
> The issue was the USB stick did not appear in the disk selection dialog
> when it was inserted into one of the front USB ports of the PC.
To be clear: you booted from it, then removed it,
and then inserted it again into this (front) USB slot?
> Inserting it into one of the back USB ports was the solution: It
> appeared as 'sd3', as expected ('sd0, sd1, sd2' being the 3 internal SSDs).
But then you removed it again, during that same install,
and inserted it again into one of the rear USB slots,
and it appeared as sd3?
Jan
Re: [Solved] Edit: Installation amd64 7.5
On Jun 08 15:33:15, rfab...@mhsmail.ch wrote: > - The "INSTALLATION NOTES for OpenBSD/amd64 7.5" say: "It may save much > time and frustration to download the distribution sets to a local server > or disk and perform the installation from there, rather than directly > from the internet." In this day and age, I find it more frustrating and time consuming to download something to be dd'd onto a USB stick than simply run sysupgrade -sf and go for a coffee. Jan
Re: [Solved] Edit: Installation amd64 7.5: How to access the distribution sets on the USB stick?
On Jun 08 15:33:15, rfab...@mhsmail.ch wrote: > The issue was the USB stick did not appear in the disk selection dialog. That's hard to believe. If the installer booted from it, it must have been recognized as one of the sd? disks during the bsd.rd boot. Jan
Re: Share one of machines IP via WireGuard
On Sat, 08 Jun 2024 15:56:06 +0100, Stuart Henderson wrote: > > I think this should be possible with the standard route table, without > route-to. Essentially you need: > > 1. your machine to answer arp for the wg ip so other hosts will send > ethernet packets to it > > 2. your machine to not be configured with the wg ip itself > > 3. route entries such that those packets end up sent out the wg interface > (you may possibly need a route command with -ifp wg0) > Thanks, after re-reading map page for route I was able to figure it out in quite simple way, without NAT, routing domain, dedicated MAC which was added to separate things with hope to make things easy. So, here the resulted config: Client: rdomain 1 wgrtable 0 wgkey ... wgpeer ... \ wgendpoint 1.2.3.4 51820 \ wgaip 0.0.0.0/0 \ wgpka 25 \ wgpsk ... inet 1.2.4.5/28 up !route -T 1 add default 1.2.4.1 Server: wgkey ... wgpeer ... \ wgaip 1.2.4.5/32 \ wgpka 25 \ wgpsk ... wgport 51820 inet 127.255.255.255/32 up !route add -inet 1.2.4.5 -llinfo -link -static -iface \$if Without inet 127.255.255.255/32 adding a static route fails as: add host 1.2.4.5: gateway wg0: Network is unreachable -- wbr, Kirill
Re: Share one of machines IP via WireGuard
On 2024-06-08, Kirill A Korinsky wrote: > On Fri, 07 Jun 2024 16:25:48 +0100, > Stuart Henderson wrote: >> >> I think you'll need proxy ARP then. >> > > After a few attempts to make it works, I think I need help. > > My setup. > > Server: where em0 is uplink with routed 1.2.3.4/24 and 1.2.4.5/24 with > expected gateway 1.2.3.1 and 1.2.4.1, em0 is included into bridge0 and > 1.2.3.4/24 is configured as input point at route domain 0. > > To make things simpler each IP is associeted with it's own MAC address and > switch expects that 1.2.4.5 with 00:50:56:01:1d:40. So, I have: > > $ cat /etc/hostname.vether1 > > lladdr 00:50:56:01:1d:40 > rdomain 2 > up > !arp -s 1.2.4.5 00:50:56:01:1d:40 pub > > $ cat /etc/hostname.wg0 > rdomain 2 > wgkey ... > wgpeer ... \ > wgaip 1.2.4.5/32 \ > wgpka 25 > wgport 51820 > wgrtable 0 > up > $ rdomains will at least complicate things as you then need a way to "leak" routes between rdomains, plus I don't think you need them. I don't think the vether is doing anything useful either, and I think the separate MAC is working against you > when I run ping from client to 1.2.4.1 I see traffic on wg0 on the server, > but I can't figure out how to redirect it to vether1 and send to the switch. > > I feel that I miss some pice. I see route-to in pf.conf which probably the > missed pice but I can't figure out how to use it. I think this should be possible with the standard route table, without route-to. Essentially you need: 1. your machine to answer arp for the wg ip so other hosts will send ethernet packets to it 2. your machine to not be configured with the wg ip itself 3. route entries such that those packets end up sent out the wg interface (you may possibly need a route command with -ifp wg0) > -- > wbr, Kirill > > -- Please keep replies on the mailing list.
