How do you use EV_DISPATCH in kqueue(2)
Is EV_DISPATCH somehow like EV_ONESHOT or EVDISABLE ? What is a use case? If you have an open socket file descriptor with a EVEFILT_READ, does it close the socket upon getting some data? I don't run current.
Re: re0 and re1 watchdog timeouts, and system freeze
On Sat 03/06/2017 08:44, Björn Ketelaars wrote: > > Reverting back to the previous kernel fixed the issue above. Question: can > someone give a hint on how to track this issue? After a bit of experimenting I'm able to reproduce the problem. Summary is that queueing in pf and use of a current (after May 30), multi processor kernel (bsd.mp from snapshots) causes these specific watchdog timeouts followed by a system freeze. Issue is 'gone' when: 1.) using an older kernel (before May 30); 2.) removal of queueing statements from pf.conf. Included below the specific snippet; 3.) switch from MP kernel to SP kernel. New observation is that while queueing, using a MP kernel, the download bandwidth is only a fraction of what is expected. Exchanging the MP kernel with a SP kernel restores the download bandwidth to expected level. I'm guessing that this issue is related to recent work on PF? --- SNIP --- # queueing # queue up on re0 bandwidth 15M max 15M queue up_def parent up bandwidth 1M qlimit 10 default queue up_dns parent up bandwidth 2M qlimit 20 queue up_ssh parent up bandwidth 6M qlimit 50 queue up_web parent up bandwidth 6M qlimit 50 match on egress set queue up_def match out on egress proto {tcp, udp} to port 1:1024 set queue up_web match on egress proto tcp to port 22 set queue up_ssh match out on egress proto {tcp, udp} to port 53 set queue up_dns match on egress proto icmp set queue up_dns match out on egress proto tcp to port {119, 563} set queue up_def queue down on re1 bandwidth 150M max 150M queue down_def parent down bandwidth 10M qlimit 100 default queue down_dns parent down bandwidth 20M qlimit 200 queue down_ssh parent down bandwidth 60M qlimit 500 queue down_web parent down bandwidth 60M qlimit 500 match on re1 set queue down_def match in on re1 proto {tcp, udp} to port 1:1024 set queue down_web match on re1 proto tcp to port 22 set queue down_ssh match in on re1 proto {tcp, udp} to port 53 set queue down_dns match on re1 proto icmp set queue down_dns match in on re1 proto tcp to port {119, 563} set queue down_def --- SNIP --- -- Björn Ketelaars GPG key: 0x4F0E5F21
EBNH's Artwork
Hi, all. Just to share artworks of my alter-ego EsteBaN Hache: - wallpapers - firefox's themes - others? https://obsd4a.net/qa/viewtopic.php?pid=1037#p1037 -- ~ " Fully Basic System Distinguish Life! " ~ " Libre as a BSD " +=<<< Stephane HUC as PengouinBSD or CIOTBSD b...@stephane-huc.net signature.asc Description: OpenPGP digital signature
Files corrupted by one byte when downloading from my HTTPD server, any idea?
Hello, I am using 6.1 Release - all patched, including packages with mtier. I'm running a PHP56 web server, I am initiating automatic downloads using headers but whenever I download an image it cant be opened because no matter what image type it is I get: Error interpreting JPEG image file (Not a JPEG file: starts with 0x0a 0xff) I have been trying to figure this out all morning, I found a blog post which a guy has the exact same problem. https://shareithq.wordpress.com/tag/php-nginx-or-php-seems-to-be-adding-1-byte-to-image-files/ But I tested his fix on the file, and it works.. tail -c +2 avatest_local.jpg > avatest_fixed.jpg Is it possible some sort of automatic compression is in use on the system? or is that just ridiculous? Has anyone experienced this before and worked out the issue? Thanks
Re: nc in inetd - under which account?
On Tue, 6 Jun 2017 12:05:10 -0500 Ax0n wrote: > Also, this seems like something that, depending on where the > destination servers are, could be handled easily with PF by itself, > or with the help of relayd, with a lot less hassle. Perhaps I didn't explain what I use this for. I have a vlan on private subnet, which has no access to other private vlans - it can contact only Internet hosts. One of "Internet" hosts is actually IP alias on external interface of my OpenBSD firewall, which redirects (rdr-to) internal host on my LAN: pass in on $if_ext inet proto tcp from any to $pub_srv port $web \ rdr-to $priv_srv Now, as redirection happens to packets which are incoming to external interface, above rule does not hit for packets coming from internal vlan. That's why I combine pf redirection on internal interface to loopback: pass in quick on $if_int inet proto tcp from to $pub_srv \ port 80 rdr-to 127.0.0.1 port 20080 pass in quick on $if_int inet proto tcp from to $pub_srv \ port 443 rdr-to 127.0.0.1 port 20443 ... and proxy these packets with nc from inetd: 127.0.0.1:20080 stream tcp nowait _nc_proxy /usr/bin/nc \ srv-http -w 20 PRI.VAT.EAD.DR 80 127.0.0.1:20443 stream tcp nowait _nc_proxy /usr/bin/nc \ srv-https -w 20 PRI.VAT.EAD.DR 443 I know that simple rdr on internal interface doesn't work out of the box - I would probably need some kind of NAT, as LAN server wouldn't return packet to firewall from where it was redirected - it would try to contact LAN client directly, and fail (isolated VLAN). Now as for relayd, I never used it. If someone gave me working example and an explanation why it is better than my current solution, I'd be glad to switch, and pass the word around :) Thank you all for tips and hints. -- Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupać https://www.mimar.rs/
smtpd "relay as" not working as expected
Hello, If I include : accept from local for any relay as "@domain.com" in smtpd.comnf on 6.1 release the reply to address is rewritten as u...@domain.com but the from address is left as u...@host.domain.com. Do I have this syntax incorrect ? Thanks.
Re: nc in inetd - under which account?
First result on Google for "relayd example" seems to be pretty thorough. https://calomel.org/relayd.html On Wed, Jun 7, 2017 at 7:51 AM, Marko Cupać wrote: > On Tue, 6 Jun 2017 12:05:10 -0500 > Ax0n wrote: > > > Also, this seems like something that, depending on where the > > destination servers are, could be handled easily with PF by itself, > > or with the help of relayd, with a lot less hassle. > > Perhaps I didn't explain what I use this for. I have a vlan on private > subnet, which has no access to other private vlans - it can contact > only Internet hosts. One of "Internet" hosts is actually IP alias on > external interface of my OpenBSD firewall, which redirects (rdr-to) > internal host on my LAN: > > pass in on $if_ext inet proto tcp from any to $pub_srv port $web \ >rdr-to $priv_srv > > Now, as redirection happens to packets which are incoming to external > interface, above rule does not hit for packets coming from internal > vlan. > > That's why I combine pf redirection on internal interface to > loopback: > pass in quick on $if_int inet proto tcp from to $pub_srv \ >port 80 rdr-to 127.0.0.1 port 20080 > pass in quick on $if_int inet proto tcp from to $pub_srv \ >port 443 rdr-to 127.0.0.1 port 20443 > > ... and proxy these packets with nc from inetd: > 127.0.0.1:20080 stream tcp nowait _nc_proxy /usr/bin/nc \ >srv-http -w 20 PRI.VAT.EAD.DR 80 > 127.0.0.1:20443 stream tcp nowait _nc_proxy /usr/bin/nc \ >srv-https -w 20 PRI.VAT.EAD.DR 443 > > I know that simple rdr on internal interface doesn't work out of the > box - I would probably need some kind of NAT, as LAN server wouldn't > return packet to firewall from where it was redirected - it would try > to contact LAN client directly, and fail (isolated VLAN). > > Now as for relayd, I never used it. If someone gave me working example > and an explanation why it is better than my current solution, I'd be > glad to switch, and pass the word around :) > > Thank you all for tips and hints. > -- > Before enlightenment - chop wood, draw water. > After enlightenment - chop wood, draw water. > > Marko Cupać > https://www.mimar.rs/ > >
Re: Files corrupted by one byte when downloading from my HTTPD server, any idea?
On Wed, Jun 07, 2017 at 06:10:43AM -0400, tec...@protonmail.com wrote: > Hello, > > I am using 6.1 Release - all patched, including packages with mtier. > > I'm running a PHP56 web server, I am initiating automatic downloads using > headers but whenever I download an image it cant be opened because no matter > what image type it is I get: > > Error interpreting JPEG image file (Not a JPEG file: starts with 0x0a 0xff) > > I have been trying to figure this out all morning, I found a blog post which > a guy has the exact same problem. > https://shareithq.wordpress.com/tag/php-nginx-or-php-seems-to-be-adding-1-byte-to-image-files/ > > But I tested his fix on the file, and it works.. > > tail -c +2 avatest_local.jpg > avatest_fixed.jpg > > Is it possible some sort of automatic compression is in use on the system? or > is that just ridiculous? > > Has anyone experienced this before and worked out the issue? Thanks Things like this often happen when a php script has an extra space after the closing ?> or sometging similar. -Otto
Re: Files corrupted by one byte when downloading from my HTTPD server, any idea?
On Wed, Jun 07, 2017 at 06:10:43AM -0400, tec...@protonmail.com wrote: > Hello, > > I am using 6.1 Release - all patched, including packages with mtier. > > I'm running a PHP56 web server, I am initiating automatic downloads using > headers but whenever I download an image it cant be opened because no matter > what image type it is I get: > > Error interpreting JPEG image file (Not a JPEG file: starts with 0x0a 0xff) > > I have been trying to figure this out all morning, I found a blog post which > a guy has the exact same problem. > https://shareithq.wordpress.com/tag/php-nginx-or-php-seems-to-be-adding-1-byte-to-image-files/ > > But I tested his fix on the file, and it works.. > > tail -c +2 avatest_local.jpg > avatest_fixed.jpg > > Is it possible some sort of automatic compression is in use on the system? or > is that just ridiculous? > > Has anyone experienced this before and worked out the issue? Thanks It also might be remnants of chunked transfer encoding. This can happen if there is a 'smart' backend that encodes data into chunks (for some reason) and then reverse proxy encodes this into chunks again. -- Ivan Markin
Re: Unable to establish ikev2 vpn with ios using current - OpenBSD 6.1 GENERIC.MP#106 amd64 - can anyone help?
Hello I have updated to the last several snapshots as they have come out, but continue to be unable to establish a VPN between iOS and OpenBSD. As the iOS device has not been updated recently, the "problem" appears to relate to something that changed on the OpenBSD side. I don't know, and don't even have an idea of how I could find out, if this is a problem with iOS not following some standard, or if it is an issue with OpenBSD's iked. I am not trying to be demanding, and I am not suggesting that I am entitled to any help whatsoever. But, I will admit that I have come to rely on iked, and the loss of a VPN to iOS is a problem for me. I got logs off the an iphone (a snip is below), but other than seeing that the iphone tries to create a VPN, and then fails and disconnects (despite the fact that openBSD states the connection is ESTABLISHED), I have no clue what is happening. --- Jun 6 14:54:14 iPhone nesessionmanager(NetworkExtension)[124] : Not hashing value with class __NSDate Jun 6 14:54:14 iPhone nesessionmanager(NetworkExtension)[124] : NESMIKEv2VPNSession[Wynnychenko VPN:D636E9EF-3B66-4537-93E8-0E3DEC18D7AB]: Received a start command from Preferences[200] Jun 6 14:54:14 iPhone nesessionmanager(NetworkExtension)[124] : NESMIKEv2VPNSession[Wynnychenko VPN:D636E9EF-3B66-4537-93E8-0E3DEC18D7AB]: status changed to connecting Jun 6 14:54:14 iPhone nesessionmanager(NetworkExtension)[124] : Plugin com.apple.neplugin.IKEv2 does not have a bundle URL Jun 6 14:54:14 iPhone kernel(Sandbox)[0] : SandboxViolation: nesessionmanager(124) deny(1) file-issue-extension target: /System/Library/Frameworks/NetworkExtension.framework/PluginIKEv2.vpnplugin class: com.apple.vpn-plugin Jun 6 14:54:14 iPhone nesessionmanager(NetworkExtension)[124] : sendInitCommand: failed to create a com.apple.vpn-plugin sandbox extension for /System/Library/Frameworks/NetworkExtension.framework/PluginIKEv2.vpnplugin Jun 6 14:54:14 iPhone neagent(NetworkExtension)[824] : Certificate at index 0 could not be created Jun 6 14:54:14 iPhone neagent(NetworkExtension)[824] : Certificate authentication data could not be verified Jun 6 14:54:14 iPhone neagent(NetworkExtension)[824] : Failed to process IKE Auth packet Jun 6 14:54:14 iPhone nesessionmanager(NetworkExtension)[124] : NESMIKEv2VPNSession[Wynnychenko VPN:D636E9EF-3B66-4537-93E8-0E3DEC18D7AB]: status changed to disconnecting Jun 6 14:54:14 iPhone configd[32] : network changed Jun 6 14:54:14 iPhone kernel[0] : SIOCPROTODETACH_IN6: ipsec3 error=6 Jun 6 14:54:14 iPhone configd(IPConfiguration)[32] : siocprotodetach(pdp_ip0) failed, Resource busy (16) Jun 6 14:54:14 iPhone nesessionmanager(NetworkExtension)[124] : NESMIKEv2VPNSession[Wynnychenko VPN:D636E9EF-3B66-4537-93E8-0E3DEC18D7AB]: status changed to disconnected, last stop reason Plugin initiated --- If anyone can offer anything to help fix this issue, even just letting me know that this a problem that I am experiencing locally and not a problem with the current iked, I would really appreciate it. Thank you Ted -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Theodore Wynnychenko Sent: Monday, June 05, 2017 7:16 PM To: misc@openbsd.org Subject: Re: Unable to establish ikev2 vpn with ios after update to current - OpenBSD 6.1 GENERIC.MP#103 amd64 I updated to the most recent snapshot (OpenBSD 6.1 GENERIC.MP#103 amd64). Unfortunately, while an OpenBSD to OpenBSD ikev2 tunnel works as expected, attempts to establish a tunnel from ios to OpenBSD fail. However, the OpenBSD machine appears to believe that the tunnel is up and fine ("sa_state: VALID -> ESTABLISHED"), while the iOS device indicates that no VPN is up. There appears to be no change from the snapshot from a couple of days ago, and this had been working flawlessly through several snapshots over the last year. Does anyone have any advice on this, and what might have changed? I see nothing obvious that I need to change in the iked.conf based on the my reading of the current manpage. Thank you Ted -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Theodore Wynnychenko Sent: Sunday, June 04, 2017 8:14 PM To: misc@openbsd.org Subject: Unable to estable ikev2 vpn with ios after update to current Hello I have been a bit remiss, and have not updated my system in a couple of months. I have been following current for a year or two, in general, without incident. Anyway, after updating last night, I am unable to establish a ikev2 vpn with an ios 10.3.2 device. A OBSD6.1<->OBSD6.1 ikev2 vpn is working fine. I am hoping that someone could shove me in a direction. I have been using iked with iOS for about a year without a problem. However, after the update, I noticed that all iOS vpn attempts were failing. Running # iked -dvvv and trying to connect showed: ... ca_setauth: auth length 510 ikev2_ike_auth_recv: unexpected auth method RSA_SIG, was expecting SIG i
Re: Files corrupted by one byte when downloading from my HTTPD server, any idea?
I didn't have that at the top, but I did have a gap within the middle of my script and similar issues within include scripts, I took that all out at the same time as trying out other ideas regarding compression settings within php-5.6.ini and it started working as expected, I have reverted all the other things I did and restarted the server and it's still working so must have been due to the issue you raised. So glad to have it working! Cheers to the few folk who sent me ideas! Regards Does your PHP source file have a blank line at the top? e.g. [blank line] i.e. your PHP source file has the 0x0a in it? If I'm right then that will be sent as part of the output (the first byte in fact - what you are seeing). Just an idea!
Re: Files corrupted by one byte when downloading from my HTTPD server, any idea?
On 06/07/17 22:10, tec...@protonmail.com wrote: Hello, I am using 6.1 Release - all patched, including packages with mtier. I'm running a PHP56 web server, I am initiating automatic downloads using headers but whenever I download an image it cant be opened because no matter what image type it is I get: Error interpreting JPEG image file (Not a JPEG file: starts with 0x0a 0xff) I have been trying to figure this out all morning, I found a blog post which a guy has the exact same problem. https://shareithq.wordpress.com/tag/php-nginx-or-php-seems-to-be-adding-1-byte-to-image-files/ But I tested his fix on the file, and it works.. tail -c +2 avatest_local.jpg > avatest_fixed.jpg Is it possible some sort of automatic compression is in use on the system? or is that just ridiculous? Has anyone experienced this before and worked out the issue? Thanks 0x0a is a line feed (LF), and 0xFF looks like it is the start of the JPG image. Does your PHP source file have a blank line at the top? e.g. [blank line] i.e. your PHP source file has the 0x0a in it? If I'm right then that will be sent as part of the output (the first byte in fact - what you are seeing). Just an idea!
full screen in console
Hi All, I would like to have a full screen console on my rather old dell d620 laptop. The best I've been able to do is for it to occupy 1/4 of the top left of the monitor. I can disable inteldrm during boot and have it use the full screen, but as you know, that's far less quality. With this dmesg, is there any hope that I'll be able to use the full screen with inteldrm? OpenBSD 6.1-current (GENERIC.MP) #109: Wed Jun 7 19:41:42 MDT 2017 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 3194490880 (3046MB) avail mem = 3091947520 (2948MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xf6e60 (62 entries) bios0: vendor Dell Inc. version "A07" date 12/18/2006 bios0: Dell Inc. Latitude D620 acpi0 at bios0: rev 0 acpi0: TCPA checksum error acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP HPET APIC ASF! MCFG SLIC TCPA SSDT acpi0: wakeup devices LID_(S3) PBTN(S4) PCI0(S5) USB0(S0) USB1(S0) USB2(S0) USB3(S0) EHCI(S0) AZAL(S3) PCIE(S4) RP01(S3) RP02(S4) NIC_(S5) RP04(S3) RP05(S3) RP06(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz, 1997.60 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF,SENSOR cpu0: 4MB 64b/line 16-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 166MHz cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 CPU T7200 @ 2.00GHz, 1997.33 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF,SENSOR cpu1: 4MB 64b/line 16-way L2 cache cpu1: smt 0, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xf000, bus 0-63 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (AGP_) acpiprt2 at acpi0: bus 3 (PCIE) acpiprt3 at acpi0: bus 11 (RP01) acpiprt4 at acpi0: bus 12 (RP02) acpiprt5 at acpi0: bus 9 (PXP0) acpiprt6 at acpi0: bus -1 (RP04) acpiprt7 at acpi0: bus -1 (RP05) acpiprt8 at acpi0: bus -1 (RP06) acpicpu0 at acpi0: !C3(100@57 io@0x1016), !C2(500@1 io@0x1014), C1(1000@1 halt), PSS acpicpu1 at acpi0: !C3(100@57 io@0x1016), !C2(500@1 io@0x1014), C1(1000@1 halt), PSS acpitz0 at acpi0: critical temperature is 126 degC "*pnp0c14" at acpi0 not configured acpiac0 at acpi0: AC unit online acpibat0 at acpi0: BAT0 model "DELL J825J8" serial 1093 type LION oem "Panasonic" acpibat1 at acpi0: BAT1 not present acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: PBTN acpibtn2 at acpi0: SBTN "PNP0F13" at acpi0 not configured "PNP0303" at acpi0 not configured "PNP0501" at acpi0 not configured acpidock0 at acpi0: GDCK not docked (0) acpivideo0 at acpi0: VID_ acpivideo1 at acpi0: VID_ acpivideo2 at acpi0: VID2 cpu0: Enhanced SpeedStep 1997 MHz: speeds: 2000, 1667, 1333, 1000 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel 82945GM Host" rev 0x03 inteldrm0 at pci0 dev 2 function 0 "Intel 82945GM Video" rev 0x03 drm0 at inteldrm0 intagp0 at inteldrm0 agp0 at intagp0: aperture at 0xd000, size 0x1000 inteldrm0: apic 2 int 16 inteldrm0: 848x480, 32bpp wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation) wsdisplay0: screen 1-5 added (std, vt100 emulation) "Intel 82945GM Video" rev 0x03 at pci0 dev 2 function 1 not configured azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x01: msi azalia0: codecs: Sigmatel STAC9200, Conexant/0x2bfa, using Sigmatel STAC9200 audio0 at azalia0 ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x01: msi pci1 at ppb0 bus 11 ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x01: msi pci2 at ppb1 bus 12 wpi0 at pci2 dev 0 function 0 "Intel PRO/Wireless 3945ABG" rev 0x02: msi, MoW1, address 00:19:d2:c8:ce:01 ppb2 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x01: msi pci3 at ppb2 bus 9 bge0 at pci3 dev 0 function 0 "Broadcom BCM5752" rev 0x02, BCM5752 A2 (0x6002): msi, address 00:18:8b:be:b2:3d brgphy0 at bge0 phy 1: BCM5752 10/100/1000baseT PHY, rev. 0 uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x01: apic 2 int 20 uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x01: apic 2 int 21 uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x01: apic 2 int 22 uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x01: apic 2 int 23 ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x01: apic 2 int 20 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 add