Re: Lenovo T450s status
On 05/28/2015 01:48 AM, Shaun Reiger wrote: Hello Misc I'm looking at purchasing a Lenovo T450s as my main laptop, but I wanted to find out if anyone has hit any major roadblocks using obsd 5.7 with this model. I know this is a fairly new machine and support is always hit and miss, but any guidance on this machine would help. Biggest concerns are battery life and fan noise. Thanks. Hi Shaun, I've just got a Lenovo T450s and tried to install OpenBSD 5.7. Early during the installation (while typing the hostname) I had a strange keyboard behaviour: pressing once f lead me to a second of freeze and then as if I've inputed f about ten times. I've continued the installation and later - during the network configuration questions - I pressed once Enter which led to the same behaviour as previously. What happened is that the superflous Enter did answer the default for the next questions, in particular the disk setup which use the whole disk for OpenBSD. This led to the whole hard drive being formatted. I had only a fresh debian installed so no harm here, but if you try to install OpenBSD on T450s I would highly recommend you to backup your disk. FYI I've used /OpenBSD/5.7/amd64/install57.fs on an USB key. I should have let the install finish and send a dmesg before reinstalling the debian back but I've thought about it too late. If someone need a dmesg or other infos I might try again with the hard drive unplugged this time, let me know. Maybe the installer should have a confirmation question before the disk partitionning / formatting with a default answer of no ? Regards, Alex.
custom login.conf settings for multiple daemons with _one_ config line?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, I'm running multiple instances of a daemon (tor). I'd like to adjust the openfiles-max limit for all of these tor instance s. 1) I changed the _tor user's login class to tordaemon # userinfo _tor login _tor passwd * uid 566 groups _tor change NEVER class tordaemon 2) added the following line to login.conf: tordaemon::openfiles-max=13500::tc=daemon: That does not do what I was aiming for. Having a login.conf line per tor instance matching the rc.d script name works, but is there also a way to achieve that with a single line as well? thanks, nusenu -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJVgDERAAoJEFv7XvVCELh0YvsP/ifDSkiGTXPvYXrTYhqaZEvG wIN2NlVVDr3TrXonPHp+3QoxFRi0CYZniD4Lg1Guw7iyUiNAK0dh4TRH0k40m6+/ HAQ4EPVDLtPjNwu8kC7I+dpW2m2Q2nUA3Wl1fSPdRhFqYIELNAj0jzW2Imtrn3UN CQnGhzBfBe6XAJzA70Bd9RkcYWHrJ8FvO3zipO/FpN2p9ipr+LsmA5R2jktS9mC5 MJjc1dGwIXT7EcT/2V21QupvRjTEVM4G9zAQ9rN/mtfi5MkPQc4XklPrhj9mxubX y8A2v0mav67chTVhN1r7pWtJU4Pw4wDqYpq7M8VF9kYqQnKyZUh+IniFfK7UDMRB +0EUXEzjjRlNfkW0RSGD3mRnvjloN7VIwVi4Q+vQz4wJFep9ZC+sWdjdJsUDTYaK YmlM0/hYhckuqGRYsJhQrMdbIcnJCSSBEabGkrJ3nE3PEZvuwCNm3IcqH7EfdLib b8OhRswzwNDO5LzuJc7LpyTnEZAPQ/iEZ0L6OmvtO9pwiq3GPj6XKHXV3G5kr6zq UnIjOeS+YvHMFCTpCv4T9ZdwCueO9Lti+oE4nJEA9DSRILFkIi7lMDUG//5pUxKm AgNe5Fe/FIUYpQH+1/TT/F8koov2zNd1g2Gm3NU0Lt9xfH5eozLAm429+wTvxKnP PG3c3nWeugn0pETCbvxw =He7O -END PGP SIGNATURE-
Re: custom login.conf settings for multiple daemons with _one_ config line?
On Tue, Jun 16, 2015 at 02:22:09PM +, nusenu wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, I'm running multiple instances of a daemon (tor). I'd like to adjust the openfiles-max limit for all of these tor instance s. 1) I changed the _tor user's login class to tordaemon # userinfo _tor login _tor passwd * uid 566 groups _tor change NEVER class tordaemon 2) added the following line to login.conf: tordaemon::openfiles-max=13500::tc=daemon: That does not do what I was aiming for. Having a login.conf line per tor instance matching the rc.d script name works, but is there also a way to achieve that with a single line as well? Well... yes and no. The rc.d(8) system will use exact daemon script name and will apply the matching login class if it exists -- if not, daemon will be used. *But* that is only true in the sense that you cannot override the login class using rc.conf.local. If you already use homemade rc.d scripts, you can set the daemon class by adding: daemon_class=tordaemon in the rc.d scripts. -- Antoine
Re: Backup of OpenBSD to Linux box
Hi Bernd,
On Mon, Jun 15, 2015 at 07:46:31AM +0100, Bernd Schoeller wrote:
| Hi -
|
| I have got an OpenBSD box, and I would like to create regular full backups
| of that box to a Linux server at a different location.
|
| The main purpose of this backup is to be able to restore the OpenBSD box on
| a severe hardware failure (HD corruption, fire, etc.). If possible, the
| backup should be incremental as I am somewhat bandwidth constrained between
| the two sites.
|
| There are a number of remote backup systems floating around (rdiff-backup,
| rsnapshot, etc.) and of course there are in-house solutions (dump/restore),
| though I don't know if these are interoperable.
|
| Is there somebody on the list who has a similar setup and could point me at
| a solution that works for him/her?
I wrote my own script that uses rsync with --link-dest, which I dubbed
'lnbackup'. First some other scripts copy data to the backup disk
(locally or remotely), just rsyncing the changes into a machines/
directory. Then lnbackup rsyncs all of machines/ to a new directory
per day, with --link-dest set to the previous day's tree.
It keeps a configurable number of daily backups, 12 monthly backups
and infinite yearly backups (delete those when the need arrives).
Included here for your convenience.
Cheers,
Paul 'WEiRD' de Weerd
--- /etc/lnbackup.conf ---
DATESTRING=%Y%m%d
STOREPREFIX=/backup/HISTORY/daily
BACKUPPREFIX=/backup/machines
KEEPCOPIES=190
KEEPCOPIES=120
#!/bin/sh
# lnbackup: create historic backups of the backup directories
##
PATH=/bin:/usr/bin:/usr/local/bin
CONFIG=/etc/lnbackup.conf
if [ -f ${CONFIG} ]
then
. ${CONFIG}
else
echo Configuration file \(${CONFIG}\) not found 2
exit 1
fi
NOW=$(date +${DATESTRING})
COUNT=0
if [ ! -r ${USERSFILE} ]
then
echo Users file not found \(${USERSFILE}\) 2
exit 2
fi
if [ -f ${STOREPREFIX}/.RUNNING ]
then
PID=$(cat ${STOREPREFIX}/.RUNNING)
echo Previous instance still running \(${PID}\) 2
exit 3
fi
echo ${$} ${STOREPREFIX}/.RUNNING
if [ -f ${STOREPREFIX}/PREVIOUS ]
then
PREVIOUS=$(cat ${STOREPREFIX}/PREVIOUS)
else
PREVIOUS='0'
fi
if [ ${NOW} = ${PREVIOUS} ]
then
echo Backup runs too soon \(${PREVIOUS}\) 2
exit 4
fi
for USER in $(cat ${USERSFILE})
do
SRC=${BACKUPPREFIX}/${USER}/
if [ ! -d ${SRC} ]
then
echo Source not found \(${SRC}\) 2
exit 5
fi
DST=${STOREPREFIX}/${NOW}/${USER}
mkdir -p ${DST}
PREVDIR=${STOREPREFIX}/${PREVIOUS}/${USER}
if [ -d ${PREVDIR} ]
then
rsync -aHx --link-dest=${PREVDIR} ${SRC} ${DST}
else
rsync -aHx ${SRC} ${DST}
fi
done
echo ${NOW} ${STOREPREFIX}/PREVIOUS
rm ${STOREPREFIX}/.RUNNING
for BACKUP in $(ls ${STOREPREFIX} | grep -v PREVIOUS | tail -r)
do
SB=${STOREPREFIX}/${BACKUP}
YRLY=${STOREPREFIX}/../yearly
MNLY=${STOREPREFIX}/../monthly
COUNT=$((COUNT + 1))
if [ ${KEEPCOPIES} -lt ${COUNT} ]
then
if [ ${BACKUP##} = '0101' ]
then
mv ${SB} ${YRLY}
continue
fi
if [ ${BACKUP##??} = '01' ]
then
mv ${SB} ${MNLY}
rm -rf ${MNLY}/$((BACKUP-1))
continue
fi
rm -rf ${SB}
fi
done
--
--
[++-]+++.+++[---].+++[+
+++-].++[-]+.--.[-]
http://www.weirdnet.nl/
redhat - openbsd tcpdump
Hi, is it possible to convert a pcap done with tcpdump under redhat to a format I can read with tcpdump(8). At least I think the following error: tcpdump: unknown data link type 0x71 is due to a format incompatibility. Frank. -- Frank Brodbeck Techn. Consultant TOsupport Tel.: +49 711 88770-172 E-Mail: frank.brodb...@to.com Thinking Objects GmbH Lilienthalstraße 2/1 70825 Korntal/Stuttgart http://www.to.com Geschäftsführer: Markus Klingspor, Rudolf Zimmermann, Michael Föck Sitz und Amtsgericht Stuttgart, HRB 19769
Re: Package for taking a picture
Hi Steve, On Mon, Jun 15, 2015 at 06:34:19AM -0400, STeve Andre' wrote: | I'm looking in the ports tree for something to test a camera that shows up | as uvideo0. It looks like | | uvideo0 at uhub0 port 12 configuration 1 interface 0 | 8SSC20F26960L1GZ52304E9 Integrated Camera rev 2.00/10.04 addr 4 | video0 at uvideo0. | | I'm sure I used something several years ago. It's great that the ports tree | has | gotten so big that you can't remember it all. ;-) | | Something to take a pic and put it in a file would be OK. You've gotten some useful feedback already, but specifically to 'take a pic and put in file', I'd recommend the fswebcam port. I had a setup with video(1) running in full screen mode and then using xwd(1) to take a screenshot, but found that not ideal (although all in base, which was a plus, it kept me from locking my screen). fswebcam can just grab an image and stick it in a JPG like you want. Hope that is a useful addition ;) Cheers, Paul 'WEiRD' de Weerd -- [++-]+++.+++[---].+++[+ +++-].++[-]+.--.[-] http://www.weirdnet.nl/
Re: Lenovo T450s status
On 16 June 2015 at 14:53, Alex a...@kaworu.ch wrote: On 05/28/2015 01:48 AM, Shaun Reiger wrote: Hello Misc I'm looking at purchasing a Lenovo T450s as my main laptop, but I wanted to find out if anyone has hit any major roadblocks using obsd 5.7 with this model. I know this is a fairly new machine and support is always hit and miss, but any guidance on this machine would help. Biggest concerns are battery life and fan noise. Thanks. Hi Shaun, I've just got a Lenovo T450s and tried to install OpenBSD 5.7. Early during the installation (while typing the hostname) I had a strange keyboard behaviour: pressing once f lead me to a second of freeze and then as if I've inputed f about ten times. This should have been fixed : http://marc.info/?l=openbsd-techm=142608672523246w=2 I've continued the installation and later - during the network configuration questions - I pressed once Enter which led to the same behaviour as previously. What happened is that the superflous Enter did answer the default for the next questions, in particular the disk setup which use the whole disk for OpenBSD. This led to the whole hard drive being formatted. I had only a fresh debian installed so no harm here, but if you try to install OpenBSD on T450s I would highly recommend you to backup your disk. FYI I've used /OpenBSD/5.7/amd64/install57.fs on an USB key. I should have let the install finish and send a dmesg before reinstalling the debian back but I've thought about it too late. If someone need a dmesg or other infos I might try again with the hard drive unplugged this time, let me know. Maybe the installer should have a confirmation question before the disk partitionning / formatting with a default answer of no ? Regards, Alex.
Re: rc.subr: $pexp does not always contain daemon flags?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Rebooting (without changing the config) solves the issue but is not really an option. I cannot reproduce here. I can reproduce it every (first) time on multiple fresh OpenBSD 5.7 machines. I'm using ansible to automate the entire setup. I assume timing plays a role here (that is probably why automation matters). If you want to try to reproduce it (on a test machine) with ansible. You can find the ansible role here: https://github.com/nusenu/ansible-relayor (dependency: /usr/ports has to be in place already) running the openbsd tag is enough: ansible-playbook tor.yml --tags openbsd but I'll also try to provide a reproducer without ansible. -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJVgCVbAAoJEFv7XvVCELh0jewP/Rfsallexgu4DaiC6tajSecp Of7f/XkcO9Ag9O2MO6bZrkZy/tr1SsMXUPly1Ewb2KdlyjUsYLy5/CLy+BcTLS11 gel7xMPkhO21i7udbXQFX9IS2tSlwJ/pHZLvgEgXZSQE6xnbprPJV9LzMPoSG2e3 +Z4hR/iNv78L0MwPnTe4AfNg0mNYmWclPJc7PDI29tm1dDQhgNQZculqFp9zdTvJ ofsxqvd5j+0mYnfeFGwCbnh58j0zST4oB5mcijuVLVICl9rjwcZOrDG1cGfjbnhX ke4gZCJxPxqOvR3lcG4xemGILi2AaIu7raxBBEyuXAZDx8Ty4j68haiEp4Oo1DoD s6adSKQJrSDBKst171al/CRmbd9HI+KVY5/PMp3tYTfxrgVn4RI3Ax0LPLKA/qa0 HZLoKC7FKrlOVVAvdvUx1uaVlYdoZB2vfYDYzLh+9J4DuUQuUyTbXa0TqtsLR3oR jWGOOwP2SvBGxztigbDBEBEg7QKAW9C7y3on/0TFYEvQ8FvycuvomRpq+/9zVW8H c2XIYMzMX/Tji5nkpHhR6hVjbL46rkSCgLvsLyTMES4OS1GozXAH2m+tAza8yBaq iSxSsJNDQKn+sJYWEh4Cgw1VnOKAf47JQ3tAKUpjKQrUSe+NCAM0yS475ZnCE+W1 yS62+HxyxC1YXqhMb1oL =lZr/ -END PGP SIGNATURE-
Re: can't install 5.7 xhci problem
On 15/06/15(Mon) 20:58, pstern wrote: hello: I've have been unable to install 5.7 on a Dell Optiplex 3020 SFF bios A07. The install disk hangs trying to load the xHCI uhub0 driver. The Dell bios only provides a way to disable specific ports, no way to disable USB 3.0 support. I tried a snapshot from 06jun15 but ran into the same hang problem. This computer handles OpenBSD 5.6 with no problem because it loads EHCI rev 2.00/1.00 addr 1. See dmesg for 5.6 below. Can't capture the 5.7 boot. The 5.7 line where it hangs is uhub0 at usb0 Intel xHCI root hub rev 3.00/1.00 addr 1 I found a thread talking about problems with the xhci driver with the suggestion to remove all devices from the usb ports. When nothing is plugged into usb ports, 5.7 will boot successfully. If a usb data drive is plugged in, the boot hangs. A usb label printer gets power from the bus until the xhci driver tries to load then power disappears amd the system hangs I've let the system sit for 15 minutes to see if there would be a timeout but it remains hung. Is this issue being researched for current? It has been researched by mikeb@ so far without any success. I don't have access to a machine with Intel 8 Series USB xHCI controller so I can't help. As a workaround you might try disabling xhci.
Re: rc.subr: $pexp does not always contain daemon flags?
On Tue, Jun 16, 2015 at 01:32:11PM +, nusenu wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Rebooting (without changing the config) solves the issue but is not really an option. I cannot reproduce here. I can reproduce it every (first) time on multiple fresh OpenBSD 5.7 machines. I'm using ansible to automate the entire setup. I assume timing plays a role here (that is probably why automation matters). If you want to try to reproduce it (on a test machine) with ansible. You can find the ansible role here: Thanks. I will have a look then. But do note that I am using current -- so that may explain why I did not see this issue. https://github.com/nusenu/ansible-relayor (dependency: /usr/ports has to be in place already) running the openbsd tag is enough: ansible-playbook tor.yml --tags openbsd but I'll also try to provide a reproducer without ansible. -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJVgCVbAAoJEFv7XvVCELh0jewP/Rfsallexgu4DaiC6tajSecp Of7f/XkcO9Ag9O2MO6bZrkZy/tr1SsMXUPly1Ewb2KdlyjUsYLy5/CLy+BcTLS11 gel7xMPkhO21i7udbXQFX9IS2tSlwJ/pHZLvgEgXZSQE6xnbprPJV9LzMPoSG2e3 +Z4hR/iNv78L0MwPnTe4AfNg0mNYmWclPJc7PDI29tm1dDQhgNQZculqFp9zdTvJ ofsxqvd5j+0mYnfeFGwCbnh58j0zST4oB5mcijuVLVICl9rjwcZOrDG1cGfjbnhX ke4gZCJxPxqOvR3lcG4xemGILi2AaIu7raxBBEyuXAZDx8Ty4j68haiEp4Oo1DoD s6adSKQJrSDBKst171al/CRmbd9HI+KVY5/PMp3tYTfxrgVn4RI3Ax0LPLKA/qa0 HZLoKC7FKrlOVVAvdvUx1uaVlYdoZB2vfYDYzLh+9J4DuUQuUyTbXa0TqtsLR3oR jWGOOwP2SvBGxztigbDBEBEg7QKAW9C7y3on/0TFYEvQ8FvycuvomRpq+/9zVW8H c2XIYMzMX/Tji5nkpHhR6hVjbL46rkSCgLvsLyTMES4OS1GozXAH2m+tAza8yBaq iSxSsJNDQKn+sJYWEh4Cgw1VnOKAf47JQ3tAKUpjKQrUSe+NCAM0yS475ZnCE+W1 yS62+HxyxC1YXqhMb1oL =lZr/ -END PGP SIGNATURE- -- Antoine
Re: Backup of OpenBSD to Linux box
On Tue, Jun 16, 2015 at 02:29:55PM +0200, Paul de Weerd wrote:
| --- /etc/lnbackup.conf ---
| DATESTRING=%Y%m%d
| STOREPREFIX=/backup/HISTORY/daily
| BACKUPPREFIX=/backup/machines
| KEEPCOPIES=190
| KEEPCOPIES=120
| #!/bin/sh
| # lnbackup: create historic backups of the backup directories
| ##
---SNIP---
Something went wrong here. I included two files, the script and its
configuration file. Looks like the mailinglist mangled my mail
somehow (the mail is correct in my sent-folder, and hopefully also
arrived correctly for Bernd).
Cheers,
Paul 'WEiRD' de Weerd
The configuration file:
--- /etc/lnbackup.conf ---
DATESTRING=%Y%m%d
STOREPREFIX=/backup/HISTORY/daily
BACKUPPREFIX=/backup/machines
KEEPCOPIES=190
KEEPCOPIES=120
--
The script:
--- /usr/local/libexec/cronjobs/lnbackup -
#!/bin/sh
# lnbackup: backup users' homedirs with rsync
##
PATH=/bin:/usr/bin:/usr/local/bin
CONFIG=/etc/lnbackup.conf
if [ -f ${CONFIG} ]
then
. ${CONFIG}
else
echo Configuration file \(${CONFIG}\) not found 2
exit 1
fi
NOW=$(date +${DATESTRING})
COUNT=0
if [ ! -r ${USERSFILE} ]
then
echo Users file not found \(${USERSFILE}\) 2
exit 2
fi
if [ -f ${STOREPREFIX}/.RUNNING ]
then
PID=$(cat ${STOREPREFIX}/.RUNNING)
echo Previous instance still running \(${PID}\) 2
exit 3
fi
echo ${$} ${STOREPREFIX}/.RUNNING
if [ -f ${STOREPREFIX}/PREVIOUS ]
then
PREVIOUS=$(cat ${STOREPREFIX}/PREVIOUS)
else
PREVIOUS='0'
fi
if [ ${NOW} = ${PREVIOUS} ]
then
echo Backup runs too soon \(${PREVIOUS}\) 2
exit 4
fi
for USER in $(cat ${USERSFILE})
do
SRC=${BACKUPPREFIX}/${USER}/
if [ ! -d ${SRC} ]
then
echo Source not found \(${SRC}\) 2
exit 5
fi
DST=${STOREPREFIX}/${NOW}/${USER}
mkdir -p ${DST}
PREVDIR=${STOREPREFIX}/${PREVIOUS}/${USER}
if [ -d ${PREVDIR} ]
then
rsync -aHx --link-dest=${PREVDIR} ${SRC} ${DST}
else
rsync -aHx ${SRC} ${DST}
fi
done
echo ${NOW} ${STOREPREFIX}/PREVIOUS
rm ${STOREPREFIX}/.RUNNING
for BACKUP in $(ls ${STOREPREFIX} | grep -v PREVIOUS | tail -r)
do
SB=${STOREPREFIX}/${BACKUP}
YRLY=${STOREPREFIX}/../yearly
MNLY=${STOREPREFIX}/../monthly
COUNT=$((COUNT + 1))
if [ ${KEEPCOPIES} -lt ${COUNT} ]
then
if [ ${BACKUP##} = '0101' ]
then
mv ${SB} ${YRLY}
continue
fi
if [ ${BACKUP##??} = '01' ]
then
mv ${SB} ${MNLY}
rm -rf ${MNLY}/$((BACKUP-1))
continue
fi
rm -rf ${SB}
fi
done
--
--
[++-]+++.+++[---].+++[+
+++-].++[-]+.--.[-]
http://www.weirdnet.nl/
Re: custom login.conf settings for multiple daemons with _one_ config line?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 tordaemon::openfiles-max=13500::tc=daemon: That does not do what I was aiming for. Having a login.conf line per tor instance matching the rc.d script name works, but is there also a way to achieve that with a single line as well? Well... yes and no. The rc.d(8) system will use exact daemon script name and will apply the matching login class if it exists -- if not, daemon will be used. *But* that is only true in the sense that you cannot override the login class using rc.conf.local. If you already use homemade rc.d scripts, you can set the daemon class by adding: daemon_class=tordaemon in the rc.d scripts. Thanks for your fast answers. Actually I don't have homemade rc.d scripts, they are just symbolic links to the one from the package. So I'll go with the 'one login.conf line per daemon' solution then (not to bad either). -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJVgDR2AAoJEFv7XvVCELh0otsQAIl9yTkUdLPV7csn+EHQ3xF7 tQQZUKQ8HRGxdRWfd6DQIDdEecNh4FI0WrFmdZNVBW5bOQVha8t18AGj4hXTnqgJ IXwGojSwR33SxWQoOz5ipAVre5v0NFwbYIfbIIdIbf9c4d5FX5WQuf6zOS7TDCc/ F8ae7NDKTQC7CYQyaf5lFTmMwCVwyiaqRzd8BVKG7xlS0qFGeaTvW277ti2RPvMj mG40CYqeXCvdQ5fQ8gBXN2Fb4NHm21vWAWD+qUMtw5TI5JqheVfzZeVD9M2GOsV9 1DfPaKvSdgWm0Mb50kuzgWvTIfnebtUkMbOlJtbALID4OSPzVvsI6CwCES7HaB9V v/VnFvZylU5k17O1Bi2ui13dgPdGZ5UcDySAVqvVsA5pW5j2fsv4UpViwaHs0vAI MjdEXwRN5JfLtbqLaXaDIUr4XPjmy1bIidn/Re3joct4V/N0Bq0lvJviVn6QwYCA y4Dvuq8f5D4p1eMEkBekkUOxWSiKxPMefyUcamdD9X3OtzTfCDvzPjKhj2G2NRsa clDsb8VP+lssQe8fayH9VWujvZiDuLTFfIZBlxNXPNzNntlQyOPaGfa6ZT04Go32 6AiFCU1gG4ajZfuVdMGsnVp92XX+GgzipaAwWsu5TGXjykGJ1xamTpL4h2C5RKVa S+A2kq7j4/cGOQpDeiHG =VUvh -END PGP SIGNATURE-
Re: redhat - openbsd tcpdump
What's file say when you run it against it? On Tue, Jun 16, 2015 at 4:25 AM, Frank Brodbeck frank.brodb...@to.com wrote: Hi, is it possible to convert a pcap done with tcpdump under redhat to a format I can read with tcpdump(8). At least I think the following error: tcpdump: unknown data link type 0x71 is due to a format incompatibility. Frank. -- Frank Brodbeck Techn. Consultant TOsupport Tel.: +49 711 88770-172 E-Mail: frank.brodb...@to.com Thinking Objects GmbH LilienthalstraÃe 2/1 70825 Korntal/Stuttgart http://www.to.com Geschäftsführer: Markus Klingspor, Rudolf Zimmermann, Michael Föck Sitz und Amtsgericht Stuttgart, HRB 19769
Re: custom login.conf settings for multiple daemons with _one_ config line?
Thanks for your fast answers. Actually I don't have homemade rc.d scripts, they are just symbolic links to the one from the package. So I'll go with the 'one login.conf line per daemon' solution then (not to bad either). That is definitely the preferred and supported way :-) -- Antoine
Re: hp laptop with nvidia - slow X11
On Mon, Jun 15, 2015 at 11:19:13PM +0200, Riccardo Mottola wrote: Hi, for the same laptop for which I just posted a full dmesg about the battery problem, which reports this video card: vga1 at pci1 dev 0 function 0 NVIDIA GeForce 8400M GS rev 0xa1 I get a super-slow X11. Dragging an xterm may take half a second, up to the point where X11 looses track of the mouse move events. Scrolling XTerm is unusably slwo too. Using a larger editor like Emacs or Firefox... even worse. It looks totally unacelercated. Should the 8400 work? IN the Xorg log I see this: [ 5902.005] (II) VESA: driver for VESA chipsets: vesa [ 5902.005] (--) NV: Found NVIDIA GeForce 8400M GS at 01@00:00:0 [ 5902.005] (WW) Falling back to old probe method for vesa [ 5902.006] (II) Loading sub module int10 [ 5902.006] (II) LoadModule: int10 [ 5902.007] (II) Loading /usr/X11R6/lib/modules/libint10.so [ 5902.017] (II) Module int10: vendor=X.Org Foundation [ 5902.017]compiled for 1.16.4, module version = 1.0.0 [ 5902.017]ABI class: X.Org Video Driver, version 18.0 [ 5902.017] (II) NV(0): Initializing int10 [ 5902.017] (II) NV(0): Primary V_BIOS segment is: 0xc000 [ 5902.018] (--) NV(0): Console is VGA mode 0x3 [ 5902.018] (II) NV(0): Creating default Display subsection in Screen section Default Screen Section for depth/fbbpp 24/32 [ 5902.018] (==) NV(0): Depth 24, (--) framebuffer bpp 32 so the nv driver loaded.. but then further below: [ 5902.185] (**) NV(0): Driver mode 1280x800: 71.0 MHz (scaled from 0.0 MHz), 49.3 kHz, 59.9 Hz [ 5902.185] (II) NV(0): Modeline 1280x800x59.9 71.00 1280 1328 1360 1440 800 803 809 823 -hsync -vsync (49.3 kHz eP) [ 5902.185] (==) NV(0): DPI set to (96, 96) [ 5902.185] (II) Loading sub module fb [ 5902.185] (II) LoadModule: fb [ 5902.185] (II) Loading /usr/X11R6/lib/modules/libfb.so [ 5902.200] (II) Module fb: vendor=X.Org Foundation [ 5902.200]compiled for 1.16.4, module version = 1.0.0 [ 5902.200]ABI class: X.Org ANSI C Emulation, version 0.4 [ 5902.200] (II) Loading sub module xaa [ 5902.200] (II) LoadModule: xaa [ 5902.208] (WW) Warning, couldn't open module xaa [ 5902.208] (II) UnloadModule: xaa [ 5902.208] (II) Unloading xaa [ 5902.208] (EE) NV: Failed to load module xaa (module does not exist, 0) [ 5902.208] (II) Loading sub module ramdac [ 5902.208] (II) LoadModule: ramdac [ 5902.208] (II) Module ramdac already built-in [ 5902.208] (II) UnloadModule: vesa [ 5902.208] (II) Unloading vesa [ 5902.208] (--) Depth 24 pixmap format is 32 bpp [ 5902.224] (--) NV(0): 120.69 MB available for offscreen pixmaps [ 5902.228] (==) NV(0): Backing store enabled [ 5902.228] (==) NV(0): Silken mouse disabled [ 5902.230] (II) NV(0): RandR 1.2 enabled, ignore the following RandR disabled message. [ 5902.237] (==) NV(0): DPMS enabled [ 5905.804] (--) RandR disabled [ 5905.856] (II) AIGLX: Screen 0 is not DRI2 capable [ 5905.856] (EE) AIGLX: reverting to software rendering [ 5906.010] (II) AIGLX: Loaded and initialized swrast [ 5906.010] (II) GLX: Initialized DRISWRAST GL provider for screen 0 [ 5906.011] (II) NV(0): Setting screen physical size to 338 x 211 I suppose the reverting to software rendering is the final error and clue to the problem: no kind of acceleration at all. Acceleration is not needed on modern machines to get fast 2D display. The CPU speed and memory bandwidth are largely sufficient to make desktop very responsive and watch full-screen movies. Probably what you observe is that the video memory is setup in a very restricted mode, making it extreamly slow. For instance on my system, I measured 70MB/s with BIOS settings (i.e. memory was slower than a hard disk, ridiculous), and 7500MB/s when properly initialized. This is for intel chipset, but I remember similar stories about nvidia chips. If you manage to get the address of the video frame buffer, you could try to use the memconfig(8) utility to see if write-combining is enabled for the frame buffer, and possibly enable it. This might make things less worse. I'm not sure if setting mtrrs with memconfig is still enough nowadays, maybe someone would have a better insight.
Re: hp laptop with nvidia - slow X11
On Mon, Jun 15, 2015 at 11:19:13PM +0200, Riccardo Mottola wrote: Hi, for the same laptop for which I just posted a full dmesg about the battery problem, which reports this video card: vga1 at pci1 dev 0 function 0 NVIDIA GeForce 8400M GS rev 0xa1 I get a super-slow X11. Dragging an xterm may take half a second, up to the point where X11 looses track of the mouse move events. Scrolling XTerm is unusably slwo too. Using a larger editor like Emacs or Firefox... even worse. It looks totally unacelercated. Should the 8400 work? IN the Xorg log I see this: [ 5902.005] (II) VESA: driver for VESA chipsets: vesa [ 5902.005] (--) NV: Found NVIDIA GeForce 8400M GS at 01@00:00:0 [ 5902.005] (WW) Falling back to old probe method for vesa [ 5902.006] (II) Loading sub module int10 [ 5902.006] (II) LoadModule: int10 [ 5902.007] (II) Loading /usr/X11R6/lib/modules/libint10.so [ 5902.017] (II) Module int10: vendor=X.Org Foundation [ 5902.017]compiled for 1.16.4, module version = 1.0.0 [ 5902.017]ABI class: X.Org Video Driver, version 18.0 [ 5902.017] (II) NV(0): Initializing int10 [ 5902.017] (II) NV(0): Primary V_BIOS segment is: 0xc000 [ 5902.018] (--) NV(0): Console is VGA mode 0x3 [ 5902.018] (II) NV(0): Creating default Display subsection in Screen section Default Screen Section for depth/fbbpp 24/32 [ 5902.018] (==) NV(0): Depth 24, (--) framebuffer bpp 32 so the nv driver loaded.. but then further below: [ 5902.185] (**) NV(0): Driver mode 1280x800: 71.0 MHz (scaled from 0.0 MHz), 49.3 kHz, 59.9 Hz [ 5902.185] (II) NV(0): Modeline 1280x800x59.9 71.00 1280 1328 1360 1440 800 803 809 823 -hsync -vsync (49.3 kHz eP) [ 5902.185] (==) NV(0): DPI set to (96, 96) [ 5902.185] (II) Loading sub module fb [ 5902.185] (II) LoadModule: fb [ 5902.185] (II) Loading /usr/X11R6/lib/modules/libfb.so [ 5902.200] (II) Module fb: vendor=X.Org Foundation [ 5902.200]compiled for 1.16.4, module version = 1.0.0 [ 5902.200]ABI class: X.Org ANSI C Emulation, version 0.4 [ 5902.200] (II) Loading sub module xaa [ 5902.200] (II) LoadModule: xaa [ 5902.208] (WW) Warning, couldn't open module xaa [ 5902.208] (II) UnloadModule: xaa [ 5902.208] (II) Unloading xaa [ 5902.208] (EE) NV: Failed to load module xaa (module does not exist, 0) Read Matthieu's comment in this thread: http://comments.gmane.org/gmane.os.openbsd.misc/205381 [ 5902.208] (II) Loading sub module ramdac [ 5902.208] (II) LoadModule: ramdac [ 5902.208] (II) Module ramdac already built-in [ 5902.208] (II) UnloadModule: vesa [ 5902.208] (II) Unloading vesa [ 5902.208] (--) Depth 24 pixmap format is 32 bpp [ 5902.224] (--) NV(0): 120.69 MB available for offscreen pixmaps [ 5902.228] (==) NV(0): Backing store enabled [ 5902.228] (==) NV(0): Silken mouse disabled [ 5902.230] (II) NV(0): RandR 1.2 enabled, ignore the following RandR disabled message. [ 5902.237] (==) NV(0): DPMS enabled [ 5905.804] (--) RandR disabled [ 5905.856] (II) AIGLX: Screen 0 is not DRI2 capable [ 5905.856] (EE) AIGLX: reverting to software rendering [ 5906.010] (II) AIGLX: Loaded and initialized swrast [ 5906.010] (II) GLX: Initialized DRISWRAST GL provider for screen 0 [ 5906.011] (II) NV(0): Setting screen physical size to 338 x 211 I suppose the reverting to software rendering is the final error and clue to the problem: no kind of acceleration at all. Riccardo -- Juan Francisco Cantero Hurtado http://juanfra.info
bug in rc.subr: kills more than it should (patch)
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
imagine you have N services named:
service
service1
service2
...
or
a
ab
abc
...
Now you want to stop 'service' and you run:
'rcctl stop service'
all (not just one) of them are gone?
rc.subr invokes pkill and does a startswith match but does not require
a perfect/complete match.
What do you think about this patch to require a perfect match when
sending invoking pkill/pgrep?
@@ -150,15 +150,15 @@
}
rc_check() {
- - pgrep -q -f ^${pexp}
+ pgrep -q -f ^${pexp}$
}
rc_reload() {
- - pkill -HUP -f ^${pexp}
+ pkill -HUP -f ^${pexp}$
}
rc_stop() {
- - pkill -f ^${pexp}
+ pkill -f ^${pexp}$
}
rc_cmd() {
-BEGIN PGP SIGNATURE-
iQIcBAEBCgAGBQJVgHs0AAoJEFv7XvVCELh0APwQAIGVUfu+g4gh/WJkvZHbBRgg
u5qT1AlSDCDkDjBtfAuat+9M6mMHhDsvoQ0qaN3a7us4Ib/I3agIeJlXWZrci4BG
2i/AsKmdy/0pmUP4XgsodGP+GyaGLgEa3QsMSCnUZvyZeWrU59F+phVXTv8qyq0a
JkrI5PtdxdleSfVXzlZYo6prooKHMdq7Dkt1pO5oLCLLJZsGP1TffbTBlZhekrzt
u8TG+aWEMtdVllPIdyqNmPelhLuA24jShAPKI6ptowE5oKdD+iBof+4VZGI/2pU3
H/8gJqJqvUETaVo+8SUB2XMyWMfQf7LphaCm9u7PpbqBXsUKYrqxVY01E/FzPWZC
QPDo3P8mA+bJYHZ+PZq7o8akRYvIQYWSWZPJ/ik90E0hs05W/Zy2YVWM8EOBeOJM
/bz+Nl6GBsTnzOMbUmVlpHyE+7MXRorJXigOkz09Z/dIiI0oAiGqSkt87OABS7+T
ZtsKug55j3LV5RmGTqHyVlHJ0GwFi7O/UzHqUey4PMA4iVi7h3ybm4fxynFvpB7y
OQ31gFRPVloZyDodalnFdIp+Nhuv2PZz9P4hvvnyQU617gCLPpTNzJ0o5d1OyViS
iVSwFtyYrtmrmEhRKAmd9qY8R8NumPHEimNjgENDrZwsCnFJ3QSWLCGPTqqMlV76
WUPxt1Yg1NKH0gVEJih6
=kbJl
-END PGP SIGNATURE-
Re: bug in rc.subr: kills more than it should (patch)
On Tue, Jun 16, 2015 at 07:38:28PM +, nusenu wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
imagine you have N services named:
service
service1
service2
...
or
a
ab
abc
...
Now you want to stop 'service' and you run:
'rcctl stop service'
all (not just one) of them are gone?
rc.subr invokes pkill and does a startswith match but does not require
a perfect/complete match.
What do you think about this patch to require a perfect match when
sending invoking pkill/pgrep?
Won't work.
Carefully read pgrep(1) again.
@@ -150,15 +150,15 @@
}
rc_check() {
- - pgrep -q -f ^${pexp}
+ pgrep -q -f ^${pexp}$
}
rc_reload() {
- - pkill -HUP -f ^${pexp}
+ pkill -HUP -f ^${pexp}$
}
rc_stop() {
- - pkill -f ^${pexp}
+ pkill -f ^${pexp}$
}
rc_cmd() {
-BEGIN PGP SIGNATURE-
iQIcBAEBCgAGBQJVgHs0AAoJEFv7XvVCELh0APwQAIGVUfu+g4gh/WJkvZHbBRgg
u5qT1AlSDCDkDjBtfAuat+9M6mMHhDsvoQ0qaN3a7us4Ib/I3agIeJlXWZrci4BG
2i/AsKmdy/0pmUP4XgsodGP+GyaGLgEa3QsMSCnUZvyZeWrU59F+phVXTv8qyq0a
JkrI5PtdxdleSfVXzlZYo6prooKHMdq7Dkt1pO5oLCLLJZsGP1TffbTBlZhekrzt
u8TG+aWEMtdVllPIdyqNmPelhLuA24jShAPKI6ptowE5oKdD+iBof+4VZGI/2pU3
H/8gJqJqvUETaVo+8SUB2XMyWMfQf7LphaCm9u7PpbqBXsUKYrqxVY01E/FzPWZC
QPDo3P8mA+bJYHZ+PZq7o8akRYvIQYWSWZPJ/ik90E0hs05W/Zy2YVWM8EOBeOJM
/bz+Nl6GBsTnzOMbUmVlpHyE+7MXRorJXigOkz09Z/dIiI0oAiGqSkt87OABS7+T
ZtsKug55j3LV5RmGTqHyVlHJ0GwFi7O/UzHqUey4PMA4iVi7h3ybm4fxynFvpB7y
OQ31gFRPVloZyDodalnFdIp+Nhuv2PZz9P4hvvnyQU617gCLPpTNzJ0o5d1OyViS
iVSwFtyYrtmrmEhRKAmd9qY8R8NumPHEimNjgENDrZwsCnFJ3QSWLCGPTqqMlV76
WUPxt1Yg1NKH0gVEJih6
=kbJl
-END PGP SIGNATURE-
--
Antoine
Re: Backup of OpenBSD to Linux box
Hi Paul, Thanks for the scripts. I have already started to write my own, but they have some good ideas and I appreciate the input. Cheers, Bernd On 16/06/15 13:29, Paul de Weerd wrote: I wrote my own script that uses rsync with --link-dest, which I dubbed 'lnbackup'. First some other scripts copy data to the backup disk (locally or remotely), just rsyncing the changes into a machines/ directory. Then lnbackup rsyncs all of machines/ to a new directory per day, with --link-dest set to the previous day's tree.
Re: can't install 5.7 xhci problem
Martin Pieuchot, 16 Jun 2015 14:58: It has been researched by mikeb@ so far without any success. I don't have access to a machine with Intel 8 Series USB xHCI controller so I can't help. As a workaround you might try disabling xhci. sometimes the bios has an option for legacy usb, or xhci boot mode downgrade. when i disabled xhci on notebooks with no such option, the whole usb controller disappeared. i also had xhci problems on two recent machines. i'll be sending sendbug reports with xhci debug enabled when i get the time. -f -- marriage isn't a word, it's a sentence.
Re: bug in rc.subr: kills more than it should (patch)
On Tue, Jun 16, 2015 at 10:30:40PM +0200, Antoine Jacoutot wrote:
On Tue, Jun 16, 2015 at 07:38:28PM +, nusenu wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Hi,
imagine you have N services named:
service
service1
service2
...
or
a
ab
abc
...
Now you want to stop 'service' and you run:
'rcctl stop service'
all (not just one) of them are gone?
rc.subr invokes pkill and does a startswith match but does not require
a perfect/complete match.
What do you think about this patch to require a perfect match when
sending invoking pkill/pgrep?
Won't work.
Carefully read pgrep(1) again.
Oh and I forgot to mention: what you are showing is the exact reason why pexp
is settable in the rc.d script. To prevent such things.
@@ -150,15 +150,15 @@
}
rc_check() {
- - pgrep -q -f ^${pexp}
+ pgrep -q -f ^${pexp}$
}
rc_reload() {
- - pkill -HUP -f ^${pexp}
+ pkill -HUP -f ^${pexp}$
}
rc_stop() {
- - pkill -f ^${pexp}
+ pkill -f ^${pexp}$
}
rc_cmd() {
-BEGIN PGP SIGNATURE-
iQIcBAEBCgAGBQJVgHs0AAoJEFv7XvVCELh0APwQAIGVUfu+g4gh/WJkvZHbBRgg
u5qT1AlSDCDkDjBtfAuat+9M6mMHhDsvoQ0qaN3a7us4Ib/I3agIeJlXWZrci4BG
2i/AsKmdy/0pmUP4XgsodGP+GyaGLgEa3QsMSCnUZvyZeWrU59F+phVXTv8qyq0a
JkrI5PtdxdleSfVXzlZYo6prooKHMdq7Dkt1pO5oLCLLJZsGP1TffbTBlZhekrzt
u8TG+aWEMtdVllPIdyqNmPelhLuA24jShAPKI6ptowE5oKdD+iBof+4VZGI/2pU3
H/8gJqJqvUETaVo+8SUB2XMyWMfQf7LphaCm9u7PpbqBXsUKYrqxVY01E/FzPWZC
QPDo3P8mA+bJYHZ+PZq7o8akRYvIQYWSWZPJ/ik90E0hs05W/Zy2YVWM8EOBeOJM
/bz+Nl6GBsTnzOMbUmVlpHyE+7MXRorJXigOkz09Z/dIiI0oAiGqSkt87OABS7+T
ZtsKug55j3LV5RmGTqHyVlHJ0GwFi7O/UzHqUey4PMA4iVi7h3ybm4fxynFvpB7y
OQ31gFRPVloZyDodalnFdIp+Nhuv2PZz9P4hvvnyQU617gCLPpTNzJ0o5d1OyViS
iVSwFtyYrtmrmEhRKAmd9qY8R8NumPHEimNjgENDrZwsCnFJ3QSWLCGPTqqMlV76
WUPxt1Yg1NKH0gVEJih6
=kbJl
-END PGP SIGNATURE-
--
Antoine
--
Antoine
Re: redhat - openbsd tcpdump
On Tue, Jun 16, 2015 at 11:25:46AM +0200, Frank Brodbeck wrote: Hi, is it possible to convert a pcap done with tcpdump under redhat to a format I can read with tcpdump(8). At least I think the following error: tcpdump: unknown data link type 0x71 is due to a format incompatibility. Frank. -- OpenBSD's tcpdump(8) does not support DLT_LINUX_SLL or Linux cooked capture encapsulation format. The tcpdump.org documentation about it is here: http://www.tcpdump.org/linktypes.html http://www.tcpdump.org/linktypes/LINKTYPE_LINUX_SLL.html If possible, try using -y EN10MB on Linux instead. There is also support for this format in Wireshark, which is in the ports tree, if recapturing isn't possible. https://wiki.wireshark.org/SLL -Bryan.
Re: obspamd - greyreader failed - spamd not honoring whitelist
On Jun/16 10:06PM, Edgar Pettijohn wrote: *spamd* regularly scans the//var/db/spamd/ database and configures all whitelist addresses as the pf(4) spamd-white table, allowing connec- tions to pass to the real MTA. Any addresses not found in spamd-white are redirected to*spamd*. The following pf.conf(5) example is suggested: table spamd-white persist rdr pass inet proto tcp from !spamd-white to any \ port smtp - 127.0.0.1 port spamd You are replacing the spamd-white table with your own that probably can't be read by spamd. Try something like the following, but translated to freebsd pf.conf lingo: table spamd-white persist table nospamd persist file /var/db/override.txt pass in on egress proto tcp from any to any port smtp \ divert-to 127.0.0.1 port spamd pass in on egress proto tcp from nospamd to any port smtp pass in log on egress proto tcp from spamd-white to any port smtp pass out log on egress proto tcp to any port smtp Hope this helps. It does, thanks very much! -- Joshua [demime 1.01d removed an attachment of type application/pgp-signature]
Re: obspamd - greyreader failed - spamd not honoring whitelist
On 06/16/15 18:53, Joshua Lokken wrote: On Jun/13 08:51PM, Craig Skinner wrote: On 2015-06-12 Fri 15:24 PM |, Joshua Lokken wrote: I also see, in /var/log/spamd, whenever obspamd is started: Jun 12 13:35:14 fusor spamd[21599]: greyreader failed (No such file or directory) % ll /var/db/override.txt -rw-r--r-- 1 _spamd _spamd 382 Jun 12 12:39 /var/db/override.txt Maybe try these: $ ls -ld /var/db $ sudo su -l -s /bin/sh _spamd -c 'ls -l /var/db/override.txt; $ sudo su -l -s /bin/sh _spamd -c 'head /var/db/override.txt' Ok, but let's look at those commands... $ ls -ld /var/db drwxr-xr-x 17 root wheel 1024 Jun 9 23:32 /var/db $ ls -ld /usr/local/etc drwxr-xr-x 51 root wheel 2560 Jun 14 20:47 /usr/local/etc $ sudo su -l -s /bin/sh _spamd -c 'ls -l /var/db/override.txt; Error, looks like there may be a ' missing $ sudo su -l -s /bin/sh _spamd -c 'ls -l /var/db/override.txt' su: unknown login: /bin/sh $ sudo su -l -s /bin/sh _spamd -c 'head /var/db/override.txt' su: unknown login: /bin/sh $ man su -l Simulate a full login... However, the _spamd user does not have a login shell, so I would expect this to fail. I appreciate the list of commands. Can someone advise what the responder is trying to get at? If someone provides a hint at what the root cause of the issue is, I can likely find a solution. Thanks again. -- Joshua [demime 1.01d removed an attachment of type application/pgp-signature] *spamd* regularly scans the//var/db/spamd/ database and configures all whitelist addresses as thepf(4) http://www.freebsd.org/cgi/man.cgi?query=pfsektion=4apropos=0manpath=FreeBSD+10.1-RELEASE+and+Ports spamd-white table, allowing connec- tions to pass to the real MTA. Any addresses not found in spamd-white are redirected to*spamd*. The followingpf.conf(5) http://www.freebsd.org/cgi/man.cgi?query=pf.confsektion=5apropos=0manpath=FreeBSD+10.1-RELEASE+and+Ports example is suggested: table spamd-white persist rdr pass inet proto tcp from !spamd-white to any \ port smtp - 127.0.0.1 port spamd You are replacing the spamd-white table with your own that probably can't be read by spamd. Try something like the following, but translated to freebsd pf.conf lingo: table spamd-white persist table nospamd persist file /var/db/override.txt pass in on egress proto tcp from any to any port smtp \ divert-to 127.0.0.1 port spamd pass in on egress proto tcp from nospamd to any port smtp pass in log on egress proto tcp from spamd-white to any port smtp pass out log on egress proto tcp to any port smtp Hope this helps.
Re: obspamd - greyreader failed - spamd not honoring whitelist
On Jun/13 08:51PM, Craig Skinner wrote: On 2015-06-12 Fri 15:24 PM |, Joshua Lokken wrote: I also see, in /var/log/spamd, whenever obspamd is started: Jun 12 13:35:14 fusor spamd[21599]: greyreader failed (No such file or directory) % ll /var/db/override.txt -rw-r--r-- 1 _spamd _spamd 382 Jun 12 12:39 /var/db/override.txt Maybe try these: $ ls -ld /var/db $ sudo su -l -s /bin/sh _spamd -c 'ls -l /var/db/override.txt; $ sudo su -l -s /bin/sh _spamd -c 'head /var/db/override.txt' Ok, but let's look at those commands... $ ls -ld /var/db drwxr-xr-x 17 root wheel 1024 Jun 9 23:32 /var/db $ ls -ld /usr/local/etc drwxr-xr-x 51 root wheel 2560 Jun 14 20:47 /usr/local/etc $ sudo su -l -s /bin/sh _spamd -c 'ls -l /var/db/override.txt; Error, looks like there may be a ' missing $ sudo su -l -s /bin/sh _spamd -c 'ls -l /var/db/override.txt' su: unknown login: /bin/sh $ sudo su -l -s /bin/sh _spamd -c 'head /var/db/override.txt' su: unknown login: /bin/sh $ man su -l Simulate a full login... However, the _spamd user does not have a login shell, so I would expect this to fail. I appreciate the list of commands. Can someone advise what the responder is trying to get at? If someone provides a hint at what the root cause of the issue is, I can likely find a solution. Thanks again. -- Joshua [demime 1.01d removed an attachment of type application/pgp-signature]
Re: Backup of OpenBSD to Linux box
On Mon, 15 Jun 2015, Nick Holland wrote: On 06/15/15 12:54, Liviu Daia wrote: The other downside, if you use the --link-dest option, is that there's always only one copy of each file. A few days ago there was a post on SO by somebody who used that system, and found out that his backup disk had bad sectors in the middle of some large files. He wasn't amused. This has nothing to do with --link-dest, really. If your disk has bad spots, you will hope it was only one large file...usually, it's the whole disk you can't read. For any disk-to-disk system -- rsync, dump/restore, etc, you need some kind of more than one copy, more than one place solution, too. Disk-to-Disk doesn't change the rules of backups: multiple copies, off-site, etc. I kinda hoped that was understood, but that was probably my error. Moreover, that risk isn't related to --link-dest, it's a downside of any incremental backup system. Except when the backup medium itself is already redundant. An incremental backup solution was what the OP asked for. Regards, David
Re: relayd bypass SSL interception for URL
Does anyone have a working Squid peek-n-splice (with optional splicing with
SNI lookup, preferably) config I can test with?
I'm having trouble finding clear examples, and stage2 bumping is prompting
certificate errors.
Thanks in advance,
fbscarel
On Tue, Mar 10, 2015 at 5:00 PM, Felipe Scarel fbsca...@gmail.com wrote:
On Mon, Mar 9, 2015 at 12:03 PM, Stuart Henderson s...@spacehopper.org
wrote:
On 2015-03-06, Felipe Scarel fbsca...@gmail.com wrote:
Hello all,
I'm currently using relayd as a forward proxy, selectively blocking
HTTP and HTTPS requests while doing MitM inspection (as per
http://www.reykfloeter.com/post/41814177050/relayd-ssl-interception).
To allow certain domains to go through the SSL proxy, a simple 'pass
quick url file' is sufficient, and works. However, this option does
not prevent the MitM operation from relayd; the request is simply
allowed through, and the original certificate is still 'patched' by
the local CA. The configuration is shown below:
http protocol httpsfilter {
tcp { nodelay, sack, socket buffer 65536, backlog 1024 }
return error
match header set Keep-Alive value $TIMEOUT
match header set Connecton value close
pass quick url file /etc/relayd.d/custom_whitelist
block url file /etc/relayd.d/custom_blacklist
include /etc/relayd.d/auto_blacklist
ssl ca key /etc/ssl/private/ca.key password password
ssl ca cert /etc/ssl/ca.crt
}
relay httpsproxy {
listen on 127.0.0.1 port 8443 ssl
protocol httpsfilter
forward with ssl to destination
}
This is a problem for a few sites (especially banking websites) that
absolutely demand that the original certificate is not tampered in any
way. I'm currently solving the problem with pf passthrough rules
(allowing traffic directly to destination on a per-IP basis), which is
far from an ideal solution as covered previously in
http://openbsd.7691.n7.nabble.com/DNS-lookups-for-hostnames-in-PF-tables-td69546.html
(scenarios like round robin DNS, CDNs providing content for multiple
organizations, etc.)
So, my question is: Is there a way to completely bypass SSL
interception for a given URL file?
Thanks in advance,
fbscarel
relayd doesn't have much information available at the point where it
decides whether to pick up the request. Specifically it just has IP
addresses. It can't tell the URL or even the domain name of the request
to be able to identify the destination.
The domain name *is* available before a full SSL negotiation, at least
for connections from non-ancient browsers, but it requires opening at
least the client-side of the connection, and reading the name from the
ClientHello (this is the first packet sent by the client; server name is
provided unencrypted by SNI).
It is technically possible to use this information as part of a decision
process, but it's much more complicated - you first need to identify
whether interception is wanted, and then either replay the ClientHello
(and afterwards forward packets directly to the server), or do the
cert generation/MITM as usual.
relayd doesn't support this yet.
Recent versions of Squid (3.5.x) do; feature is called peek and
splice, but I haven't tested it with OpenBSD yet. (Squid's normal
SSL interception does work, at least in OpenBSD -current). Even then,
the most you will be able to do is look at the domain name; the URL
is not available until *after* the SSL handshake, at which point it
is too late to make the decision whether to spoof the cert or not.
The domain name would do, I'll try testing with Squid.
Thanks for the input, Stuart.
Re: rc.subr: $pexp does not always contain daemon flags?
Rebooting (without changing the config) solves the issue but is not really an option. I cannot reproduce here. # /etc/rc.d/tor1921682553680 -d check doing _rc_parse_conf doing _rc_quirks tor1921682553680_flags -f /etc/tor/enabled/192.168.255.36_80.torrc doing _rc_read_runfile tor1921682553680 doing rc_check DEBUG: rc_check: pexp: /usr/local/bin/tor -f /etc/tor/enabled/192.168.255.36_80.torrc (ok) # /etc/rc.d/tor19216825536443 -d check doing _rc_parse_conf doing _rc_quirks tor19216825536443_flags -f /etc/tor/enabled/192.168.255.36_443.torrc doing _rc_read_runfile tor19216825536443 doing rc_check DEBUG: rc_check: pexp: /usr/local/bin/tor -f /etc/tor/enabled/192.168.255.36_443.torrc (ok) Check the content of /var/run/rc.d/tor*, it lists the pexp. -- Antoine
