newsyslog refused to work

2017-07-14 Thread Harald Dunkel 
Hi folks,

Apparently newsyslog refuses to rotate any file, if there 
is a single bad line in newsyslog.conf, e.g.

newsyslog: /etc/newsyslog.conf:7: unknown user: uucp

I would suggest to ignore the bad line, but rotate the 
other log files as usual.


Regards
Harri

Re: WireGuard will make OpenIKED obsolete?

2017-07-14 Thread Kapetanakis Giannis 
On 14/07/17 02:50, if...@airmail.cc wrote:
> Hi,
> I have recently read about WireGuard Protocol and it seems really
> interesting. Here's a description (from wireguard.io):

It's interesting indeed.
In advance in their roadmap they say:

"Eventually we'll work with OpenBSD to produce a component for their kernel ..."

https://www.wireguard.io/roadmap/

G

Brightness-keys on Thinkpad T460

2017-07-14 Thread Niels Kobschätzki 

Hi,

I installed now OpenBSD on my Thinkpad T460 and some of the media-keys
don't work. The only keys that work are XF86AudioMute,
XF86AudioRaiseVolume and XF86AudioLowerVolume. The other keys do not
even register, when I use xev.
Any ideas where I could look further?

Especially annoying are the brightness-keys. Thus I thought I write a
script that will set the brightness for me. Since xbacklight tells me
"No outputs have backlight property", I am using wsconsctl

#!/bin/sh
level=`wsconsctl -n display.brightness | sed s/\%// | awk -F . '{print $1}'`
echo $level
echo $1
nlevel=`echo $level+$1 | bc`
echo $nlevel
wsconsctl display.brightness=$nlevel

I added in the doas.conf:
permit nopass user cmd sh args /home/user/bin/backlight.sh *

And it works fine when I use it in a terminal. But when I use it in the
xfce-keyboard-shortcuts like:
/usr/bin/doas /bin/sh /home/nik/bin/backlight.sh -10 with shift+super+j

nothing happens. Why could that be?


Niels

Restoring /altroot

2017-07-14 Thread Raimo Niskanen 
Hi misc@.

I wonder how to restore from an /altroot backup?

(I missed that pax -r happily writes absolute paths and wrote over
 /etc from a backup file of another machine)


Is it to dd(1) back all but the first 16 blocks - the reverse of what
daily(8) does?  Is that all that is needed?

(I missed to skip the first 16 blocks, and I used the block devices instead
 of the character devices.  The result was a vegetable, and would like to
 understand which of my mistakes that were fatal.)


Best regards
-- 

/ Raimo Niskanen, Erlang/OTP, Ericsson AB

rdomain and loopback ifs

2017-07-14 Thread Maxim Bourmistrov 

Hey,
Not sure if this already known, but
while creating rdomain
shell# ifconfig vmx5 rdomain 1
OS assumes that for this particular domain number 1, lo1 will be used as a 
”glue” between domains.
However, it is not checked if this loopback is already within any rdomain.

I my case, it is yet another loopback, configured in rdomain 0.

lo1: flags=8049 mtu 32768
description: DNS_ANYCAST
index 32 priority 0 llprio 3
groups: lo
inet 10.30.30.10 netmask 0x

The command ' ifconfig vmx5 rdomain 1’ will fail with
ifconfig: SIOCSIFRDOMAIN: File exists

Is this a minor ”leftover” ?


Also, ifconfig does not contain ’-rdomain’ flag. Is it intentionally?

Br

Re: BGP vpnv4 prefixes in RIB, not in FIB

2017-07-14 Thread ironbee 
Here some additional commands to my previous output
# bgpctl sho fib table 1
flags: * = valid, B = BGP, C = Connected, S = Static, D = Dynamic
   N = BGP Nexthop reachable via this route R = redistributed
   r = reject route, b = blackhole route

flags prio destination  gateway
*1 10.10.10.10/32   10.10.10.10
*C   0 127.0.0.0/8  link#0
*C R 4 192.168.35.0/24  link#3
*C   0 ::1/128  link#0
# bgpctl show rib VPNv4
flags: * = Valid, > = Selected, I = via IBGP, A = Announced, S = Stale
origin: i = IGP, e = EGP, ? = Incomplete

flags destination  gateway  lpref   med aspath origin
AI*>  rd 100:1 192.168.35.0/24 rd 0:0 0.0.0.0 100 0 i
I*>   rd 100:1 192.168.41.0/24 1.1.1.1100 0 ?




--
View this message in context: 
http://openbsd-archive.7691.n7.nabble.com/BGP-vpnv4-prefixes-in-RIB-not-in-FIB-tp321665p322707.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.

Re: BGP vpnv4 prefixes in RIB, not in FIB

2017-07-14 Thread ironbee 
I have exactly same problem. Here is my simply setup:
R1(PE,Cisco, lo 1.1.1.1)---R2(P, Cisco, lo 2.2.2.2)--R3(PE, OpenBSD6.1, lo0
3.3.3.3)
Everything works good, VPNv4 prefixes learned from other PE-router, but
OpenBSD don't install this routes to appropriate routing table.
Here is config files:
# cat /etc/ospfd.conf
router-id 3.3.3.3
area 0.0.0.0 {
interface vio1
interface lo0
}
# cat /etc/ldpd.conf
address-family ipv4 {
interface vio1
}
# cat /etc/bgpd.conf
router-id 3.3.3.3
AS 100
rdomain 1 {
descr "CUSTOMER1"
rd 100:1
import-target rt 100:1
export-target rt 100:1
depend on mpe0
network inet connected
}
group ibgp {
announce IPv4 unicast
announce IPv4 vpn
remote-as 100
local-address 3.3.3.3
neighbor 1.1.1.1 {
descr R1
}
}
Here is my output:
# ospfctl show neighbor
ID  Pri StateDeadTime Address Iface Uptime
2.2.2.2 1   FULL/DR  00:00:31 10.10.23.2  vio1  00:17:44

# ldpctl show neighbor
AF   ID  State   Remote AddressUptime
ipv4 2.2.2.2 OPERATIONAL 2.2.2.2 00:18:39

# ldpctl show lib
AF   Destination  Nexthop Local Label Remote Label  In Use
ipv4 1.1.1.1/32   2.2.2.2 16  16   yes
ipv4 2.2.2.2/32   2.2.2.2 17  imp-null yes
ipv4 3.3.3.3/32   2.2.2.2 imp-null17no
ipv4 10.10.12.0/242.2.2.2 18  imp-null yes
ipv4 10.10.23.0/242.2.2.2 imp-nullimp-null  no
ipv4 192.168.1.0/24   0.0.0.0 imp-null- no
ipv6 2002::/240.0.0.0 19  - no
ipv6 2002:7f00::/24   0.0.0.0 20  - no
ipv6 2002:e000::/20   0.0.0.0 21  - no
ipv6 2002:ff00::/24   0.0.0.0 22  - no

# ldpctl show fib
Flags: C = Connected, S = Static
 Prio Destination  Nexthop   Local Label   Remote Label
S   8 0.0.0.0/0192.168.1.1   - -
   32 1.1.1.1/32   10.10.23.21616
   32 2.2.2.2/32   10.10.23.217imp-null
C   1 3.3.3.3/32   3.3.3.3   imp-null  -
   32 10.10.12.0/2410.10.23.218imp-null
C   4 10.10.23.0/2410.10.23.3imp-null  -
C   4 192.168.1.0/24   192.168.1.13  imp-null  -
S   8 ::/96::1   - -
S   8 ::/104   ::1   - -
C   1 ::1/128  ::1   - -
S   8 ::127.0.0.0/104  ::1   - -
S   8 ::224.0.0.0/100  ::1   - -
S   8 ::255.0.0.0/104  ::1   - -
S   8 :::0.0.0.0/96::1   - -
S   8 2002::/24::1   19-
S   8 2002:7f00::/24   ::1   20-
S   8 2002:e000::/20   ::1   21-
S   8 2002:ff00::/24   ::1   22-
S   8 fe80::/10::1   - -
1 fe80::1%lo0/128  fe80::1%lo0   - -
S   8 fec0::/10::1   - -
S   8 ff01::/16::1   - -
4 ff01::%lo0/32::1   - -
S   8 ff02::/16::1   - -
4 ff02::%lo0/32::1   - -


# bgpctl show summary
Neighbor   ASMsgRcvdMsgSent  OutQ Up/Down 
State/PrfRcvd
R1100 38 42 0 00:19:56  1

# bgpctl show tables
Table Description  State
0 Loc-RIB  coupled
1 CUSTOMER1coupled

# bgpctl show rib
flags: * = Valid, > = Selected, I = via IBGP, A = Announced, S = Stale
origin: i = IGP, e = EGP, ? = Incomplete

flags destination  gateway  lpref   med aspath origin
AI*>  rd 100:1 192.168.35.0/24 rd 0:0 0.0.0.0 100 0 i
I*>   rd 100:1 192.168.41.0/24 1.1.1.1100 0 ?

# bgpctl show rib detail

BGP routing table entry for rd 100:1 192.168.35.0/24
Nexthop rd 0:0 0.0.0.0 (via rd 0:0 0.0.0.0) from LOCAL (3.3.3.3)
Origin IGP, metric 0, localpref 100, weight 0, internal, valid, best,
announced
Last update: 00:22:18 ago
Ext. communities: rt 100:1

BGP routing table entry for rd 100:1 192.168.41.0/24
Nexthop 1.1.1.1 (via 10.10.23.2) from R1 (1.1.1.1)
Origin incomplete, metric 0, localpref 100, weight 0, internal, valid,
best
Last update: 00:22:18 ago
Ext. communities: rt 100:1

# bgpctl show rib community 100:1
flags: * = Valid, > = Selected, I =

IPv6 with wide-dhcpv6

2017-07-14 Thread David Higgs 
Comcast provides me with IPv6 via DHCPv6, which I've finally tried to
configure on my OpenBSD 6.1 router.  I am having difficulty maintaining my
IPv6 public IP address when using the wide-dhcpv6 package when in client
mode.

Specifically, when the pltime/vltime goes to zero, the address is removed
from the interface but dhcp6c doesn't seem interested in renewing either
before or after this happens until I manually send it a HUP.

When running tcpdump, I see the following RA packet(s) but do not see the
prefixes in my routing table.
13:27:09.986879 fe80::201:5cff:fe86:7046 > ff02::1: icmp6: router
advertisement(chlim=0, MO, pref=medium, router_ltime=1800,
reachable_time=360, retrans_time=1000)(prefix info: valid_ltime=604800,
preferred_ltime=302400, prefix=2001:558:4083:17::/64)(prefix info:
valid_ltime=604800, preferred_ltime=302400,
prefix=2001:558:5018:69::/64)(prefix info: valid_ltime=604800,
preferred_ltime=302400, prefix=2001:558:6020:117::/64)(prefix info:
valid_ltime=604800, preferred_ltime=302400, prefix=2001:558:8026:22::/64)
[icmp6 cksum ok] (len 144, hlim 255)

Several questions:
- Have I configured something wrong?
- Should the RA prefixes appear in my routing table?  Is this related at
all to my issues?
- I plan to get prefix delegation going eventually, are there any other
surprises to worry about?
- Is there a security/quality preference between wide-dhcpv6 and dhcpcd?  I
notice that dhcp6c doesn't appear to support a dedicated chroot/user...
- Does the project have any near-term plans to write a DHCPv6 daemon to
live in base?

Happy to provide further info; thanks in advance for any feedback.

--david

Re: Restoring /altroot

2017-07-14 Thread Nick Holland 
On 07/14/17 09:00, Raimo Niskanen wrote:
> Hi misc@.
> 
> I wonder how to restore from an /altroot backup?
> 
> (I missed that pax -r happily writes absolute paths and wrote over
>  /etc from a backup file of another machine)
> 
> 
> Is it to dd(1) back all but the first 16 blocks - the reverse of what
> daily(8) does?  Is that all that is needed?

don't...

> (I missed to skip the first 16 blocks, and I used the block devices instead
>  of the character devices.  The result was a vegetable, and would like to
>  understand which of my mistakes that were fatal.)

yeah, that's why.  It CAN work, but ... it is the hard way and it's
error prone.

better way: let's say sd1k is your /altroot...

# mount /dev/sd1k /altroot

now...it's just a normal file system on a normal place.  Copy out
whatever you want.  umount it when done, please.

Nick.

Re: newsyslog refused to work

2017-07-14 Thread Jeremie Courreges-Anglas 
Harald Dunkel  writes:

> Hi folks,
>
> Apparently newsyslog refuses to rotate any file, if there 
> is a single bad line in newsyslog.conf, e.g.
>
> newsyslog: /etc/newsyslog.conf:7: unknown user: uucp
>
> I would suggest to ignore the bad line, but rotate the 
> other log files as usual.

Thanks for mentioning this, we're discussing the topic on tech@:

  https://marc.info/?l=openbsd-tech=150006341015931=2

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE