Re: the location of openbsd.pbr

[dan mclaughlin]

On Wed, 30 Dec 2015 22:50:08 -0700 "Jack J. Woehr"  wrote:
> Brian McCafferty wrote:
> > Are you referring to the file you need to create for dual booting with the 
> > windows ntldr? Check the FAQ: 
> > http://www.openbsd.org/faq/obsd-faq.txt 
> 
> Just out of curiousity, I dd'ed that sector and it didn't end in AA55. Did I 
> get something wrong? I'm doing full-disk 
> encryption so I'm not sure how grabbing
> the "real" boot sector works in that circumstance.
> 
> -- 
> Jack J. Woehr # Science is more than a body of knowledge. It's a way of
> www.well.com/~jax # thinking, a way of skeptically interrogating the universe
> www.softwoehr.com # with a fine understanding of human fallibility. - Carl 
> Sagan
> 

even with FDE, in order to boot at all it needs "plaintext" instructions.
the bios loads the boot sector to run. the boot sector on my disk (wd0) which
contains my softraid partition ends in the proper 0xaa55. as far as i am
aware the bios will not load a boot sector that doesn't end with 0xaa55.
did you dd the 'c' partition on the underlying disk (not the softraid disk)?

Re: wle200nx WiFi card on apu2b4 - athn0: Device timeout

[Mihai Popescu]

> 'ifconfig athn0 scan' got result 'none'
> The scan with my NB shows 7 active AP's.

If those APs support n mode only, I don't think you will see them. Be
sure at least yours is /a/b/g.

Re: IPsec IKEv1 accepts non-matching phase 2 parameters

[Julian Hsiao]

I restart isakmpd on both hosts whenever I change ipsec.conf, and check 
that ipsecctl -s sa is empty afterwards.  To be sure, I just tried 
rebooting both hosts--surely the SAD doesn't persist across reboot--and 
I got the same results.


On 2015-12-31 07:34:25 +, Philipp Buehler said:


Am 31.12.2015 06:56 schrieb Julian Hsiao:


How do I configure isakmpd such that phase 2 parameters must also
match on both ends in order to establish security associations?


Just a guess, but do:
echo r > /var/run/isakmpd.fifo
and look into the /var/run/isakmpd.report
My bet is, that you had a hmac-md5 configured earlier and did not unload this
before the hmac2 was loaded.

ipsecctl simply ADDs configurations to isakmpd (unless -d), e.g. this:
$ sudo isakmpd -L
$ sudo ipsecctl -f /etc/ipsec.conf
$ sudo vi /etc/ipsec.conf #change to something "lesser"
$ sudo ipsecctl -f /etc/ipsec.conf
now you have TWO running configurations in isakmpd both matching proposals.

Re: Xorg crash

[Sébastien Morand]

I everybody,

Xorg does not crash anymore for a few weeks, but I'm back in VESA mode for
Intel 5500 HD (which is quite slow) when the intel driver was fully
functionnal in october/november in the snapshots version.

Anything I missed?

dmesg and Xorg.0.log beelow:

Dmesg:
ED,ADX,SMAP,PT,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz, 798.15 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA
DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS
GSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz, 798.15 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA
DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS
GSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i7-5500U CPU @ 2.40GHz, 798.15 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA
DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS
GSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 5 (PEG_)
acpiprt2 at acpi0: bus 2 (EXP1)
acpiprt3 at acpi0: bus 4 (EXP3)
acpiprt4 at acpi0: bus 6 (EXP6)
acpicpu0 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33),
C1(1000@1 mwait.1), PSS
acpicpu1 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33),
C1(1000@1 mwait.1), PSS
acpicpu2 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33),
C1(1000@1 mwait.1), PSS
acpicpu3 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33),
C1(1000@1 mwait.1), PSS
acpipwrres0 at acpi0: PUBS, resource for XHCI, EHC1
acpipwrres1 at acpi0: AMD3, resource for PEG_
acpipwrres2 at acpi0: AMD2, resource for PEG_
acpitz0 at acpi0: critical temperature is 127 degC
acpibtn0 at acpi0: LID_
acpibat0 at acpi0: BAT0 model "LNV-45N1" serial  2079 type LION oem "SANYO"
acpiac0 at acpi0: AC unit offline
acpithinkpad0 at acpi0
cpu0: Enhanced SpeedStep 798 MHz: speeds: 2401, 2400, 2300, 2100, 2000,
1900, 1700, 1600, 1400, 1300, 1200, 1000, 900, 800, 600, 500 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core 5G Host" rev 0x09
inteldrm0 at pci0 dev 2 function 0 "Intel HD Graphics 5500" rev 0x09
drm0 at inteldrm0
inteldrm0: msi
inteldrm0: 1920x1080
wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
azalia0 at pci0 dev 3 function 0 "Intel Core 5G HD Audio" rev 0x09: msi
xhci0 at pci0 dev 20 function 0 "Intel 9 Series xHCI" rev 0x03: msi
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 "Intel xHCI root hub" rev 3.00/1.00 addr 1
"Intel 9 Series MEI" rev 0x03 at pci0 dev 22 function 0 not configured
em0 at pci0 dev 25 function 0 "Intel I218-V" rev 0x03: msi, address
68:f7:28:a8:09:7c
azalia1 at pci0 dev 27 function 0 "Intel 9 Series HD Audio" rev 0x03: msi
azalia1: codecs: Conexant/0x510f
audio0 at azalia1
ppb0 at pci0 dev 28 function 0 "Intel 9 Series PCIE" rev 0xe3
pci1 at ppb0 bus 2
ppb1 at pci0 dev 28 function 2 "Intel 9 Series PCIE" rev 0xe3: msi
pci2 at ppb1 bus 4
iwm0 at pci2 dev 0 function 0 "Intel Dual Band Wireless AC 3160" rev 0x93,
msi
ppb2 at pci0 dev 28 function 4 "Intel 9 Series PCIE" rev 0xe3: msi
pci3 at ppb2 bus 5
5:0:0: mem address conflict 0xfffe/0x2
vendor "ATI", unknown product 0x6604 (class display subclass miscellaneous,
rev 0x00) at pci3 dev 0 function 0 not configured
ppb3 at pci0 dev 28 function 5 "Intel 9 Series PCIE" rev 0xe3: msi
pci4 at ppb3 bus 6
rtsx0 at pci4 dev 0 function 0 "Realtek RTS5227 Card Reader" rev 0x01: msi
sdmmc0 at rtsx0
ehci0 at pci0 dev 29 function 0 "Intel 9 Series USB" rev 0x03: apic 2 int 23
usb1 at ehci0: USB revision 2.0
uhub1 at usb1 "Intel 

Re: Is a gmail/text-flow dmesg better than no dmesg?

[ropers]

> On Wed, Dec 30, 2015 at 07:09:58PM +0100, ropers wrote:
>> It says here  that one
>> should not send dmesg@ mail that's text-flow reformatted (which I
>> AFAIK gmail always does, unavoidably).
>>
>> If (for whatever reasons) the choice is between gmail-dmesgs or no
>> dmesgs, would gmail dmesgs be preferable to none (however unloved
>> their text-flow shenanigans may be)?

On 31 December 2015 at 12:55, Erling Westenvik wrote:
> Wouldn't a simple one-liner like this do the trick?
>
> $ dmesg | mail -s "some subject" a...@b.cd

Q: If all I have is a green herring, would eating that be better than nothing?
A: You should eat a red herring.

(SCNR. ;-)

Re: Add Bay Trail EHCI controller to pcidevs

[Dan Jones]

>From:  tuta.io>
>Subject: Re: Add Bay Trail EHCI controller to pcidevs
>Newsgroups: gmane.os.openbsd.misc
>Date: 2015-12-17 09:58:44 GMT (2 weeks, 4 hours and 34 minutes ago)
>>> Doesn't work, but at least it makes the dmesg look better.>What doesn't
>>> work?Hi Martin,
>Can't speak for Callum but in my case USB isn't working on Bay Trail.
>ASUS X205TA - amd64 16th december snapshot (now booting fine UEFI native)
>EHCI configured returns:
>ehci0 at pci0 dev 29 function 0 vendor "Intel", unknown product 0x0f34 rev
>0x0f: couldn't map interrupt
>
>XHCI congifured retunrs:
>xhci0 at pci0 dev 20 function 0 "Intel Bay Trail xHCI" rev 0x0f: couldn't map
>interrupt
>
>can't proceed with install until internal keyboard works (USB support).

Similar issue with Lenovo Ideapad 100S-11 using the December 27 amd64
snapshot.  After UEFI the system boots bsd.rd. The dmesg is displayed followed
by the welcome and install message.   I do not have a good way to capture the
install log since the keyboard seems to stop functioning. The keyboard does
work during the initial boot prompt (e.g., I can type boot bsd.rd).

If it is helpful I can forward a photo of the boot messages.  Below are
sections of the dmesg which indicated some error.

acpi0 at bios2: rev 2, ACPI control unavailable
“Intel Bay Trail Video” rev 0x0f at pci0 dev 2 function 0 not configured
xhci0 at pci0 dev 20 function 0 “Intel Bay Train xHCI” rev 0x0f:
couldn’t map interrupt
“Intel Bay Trail TXE” rev 0x0f at pci0 dev 26 function 0 not configured
“Intel Bay Trail LPC” rev 0x0f at pci0 dev 31 function 0 not configured

Re: Is a gmail/text-flow dmesg better than no dmesg?

[Erling Westenvik]

On Wed, Dec 30, 2015 at 07:09:58PM +0100, ropers wrote:
> It says here  that one
> should not send dmesg@ mail that's text-flow reformatted (which I
> AFAIK gmail always does, unavoidably).
> 
> If (for whatever reasons) the choice is between gmail-dmesgs or no
> dmesgs, would gmail dmesgs be preferable to none (however unloved
> their text-flow shenanigans may be)?

Wouldn't a simple one-liner like this do the trick?

$ dmesg | mail -s "some subject" a...@b.cd


From technical-recruiters+bncbdzopr5x44bbbonqss2akgqehfc4...@googlegroups.com 
Thu Dec 31 03:58:41 2015
Return-path: 

Envelope-to: arch...@mail-archive.com
Delivery-date: Thu, 31 Dec 2015 03:58:41 -0800
Received: from bolt10b.mxthunder.net ([208.53.48.136])
by mail-archive.com with esmtp (Exim 4.76)
(envelope-from 
)
id 1aEbsO-0002ba-Or
for arch...@mail-archive.com; Thu, 31 Dec 2015 03:58:40 -0800
Received: by bolt10b.mxthunder.net (Postfix, from userid 12345)
id 3pWSg91B6Zz1wZbB; Thu, 31 Dec 2015 03:57:48 -0800 (PST)
Received: from mail-pf0-f192.google.com (mail-pf0-f192.google.com 
[209.85.192.192])
(using TLSv1 with cipher RC4-SHA (128/128 bits))
(No client certificate requested)
by bolt10b.mxthunder.net (Postfix) with ESMTPS id 3pWSfL3Bzdz1wP9F
for ; Thu, 31 Dec 2015 03:57:46 -0800 (PST)
Received: by mail-pf0-f192.google.com with SMTP id 65sf34306496pff.1
for ; Thu, 31 Dec 2015 03:57:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=googlegroups.com; s=20120806;
h=mime-version:date:message-id:subject:from:to:content-type
 :x-original-sender:x-original-authentication-results:reply-to
 :precedence:mailing-list:list-id:x-spam-checked-in-group:list-post
 :list-help:list-archive:sender:list-unsubscribe;
bh=vIw6IYfWXFrdQ60m1QJ5tCZdZhMVWJRQrfJ4h5L7Ri4=;
b=t/nSAogbe7YQavaGGJ5GLwbPdC1710I5Erj6MtdSEginSrI/v4RB50nlMgK1yMWyEE
 pN0H2uFcpOdTeIoiYpbG1u0GWj/sVAOzgZzMKKOOEgWePn1rwk4WieLy71uxlni5AuC3
 UPEch4fGM6v5VAqGsNE2EWK4n7TJefhO2KSMfYd7MR0i9A4uzNHB+LundiHbv/2cjv0q
 W99vM3KZROWF2IaW7WEk1gDVDoC+odMLftKSgfuzBw1U1Junh5lBw+w9DX7Iur43e1vv
 9rHTSj8sMBT7vD/9gKbv28x4ZEg5//lUl4A+jbpYj4eE/AWQOlSsJLN5kEuA6Tn14BWX
 yy+A==
X-Received: by 10.140.102.41 with SMTP id v38mr255497qge.2.1451563065803;
Thu, 31 Dec 2015 03:57:45 -0800 (PST)
X-BeenThere: technical-recruit...@googlegroups.com
Received: by 10.140.99.18 with SMTP id p18ls2366160qge.86.gmail; Thu, 31 Dec
 2015 03:57:45 -0800 (PST)
X-Received: by 10.129.147.67 with SMTP id k64mr62192545ywg.29.1451563065195;
Thu, 31 Dec 2015 03:57:45 -0800 (PST)
Received: from mail-yk0-x243.google.com (mail-yk0-x243.google.com. 
[2607:f8b0:4002:c07::243])
by gmr-mx.google.com with ESMTPS id 
y199si1789731ywd.5.2015.12.31.03.57.45
for 
(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
Thu, 31 Dec 2015 03:57:45 -0800 (PST)
Received-SPF: pass (google.com: domain of vijaymusalebrav...@gmail.com 
designates 2607:f8b0:4002:c07::243 as permitted sender) 
client-ip=2607:f8b0:4002:c07::243;
Received: by mail-yk0-x243.google.com with SMTP id a85so9363261ykb.2
for ; Thu, 31 Dec 2015 03:57:45 
-0800 (PST)
MIME-Version: 1.0
X-Received: by 10.129.48.193 with SMTP id w184mr52609788yww.238.1451563064905;
 Thu, 31 Dec 2015 03:57:44 -0800 (PST)
Received: by 10.37.94.197 with HTTP; Thu, 31 Dec 2015 03:57:44 -0800 (PST)
Date: Thu, 31 Dec 2015 05:57:44 -0600
Message-ID: 
Subject: Technical Recruiters Looking for __ Sterling Integrator__Omaha,NE__6
 months Contract
From: Vijay Musale 
To: vi...@bravensinc.com
Content-Type: multipart/alternative; boundary=001a11414e82da70d60528305cf6
X-Original-Sender: vijaymusalebrav...@gmail.com
X-Original-Authentication-Results: gmr-mx.google.com;   spf=pass
 (google.com: domain of vijaymusalebrav...@gmail.com designates
 2607:f8b0:4002:c07::243 as permitted sender) 
smtp.mailfrom=vijaymusalebrav...@gmail.com;
   dmarc=pass (p=NONE dis=NONE) header.from=gmail.com
Reply-To: technical-recruit...@googlegroups.com
Precedence: list
Mailing-list: list technical-recruit...@googlegroups.com; contact 
technical-recruiters+own...@googlegroups.com
List-ID: 
X-Spam-Checked-In-Group: technical-recruit...@googlegroups.com
X-Google-Group-Id: 953409676615
List-Post: , 

List-Help: , 

Re: the location of openbsd.pbr

[Nick Holland]

On 12/31/15 00:49, Jack J. Woehr wrote:
> Brian McCafferty wrote:
>> Are you referring to the file you need to create for dual booting with the 
>> windows ntldr? Check the FAQ: 
>> http://www.openbsd.org/faq/obsd-faq.txt 
> 
> Just out of curiousity, I dd'ed that sector and it didn't end in AA55. Did I 
> get something wrong? I'm doing full-disk 
> encryption so I'm not sure how grabbing
> the "real" boot sector works in that circumstance.

You are confusing the MASTER Boot Record (first 512 bytes of the
physical disk) with the PARTITION Boot Record (first 512 bytes of the
OpenBSD partition).

The AA55 signature is on the MBR.

See the "How OpenBSD Boots" section of FAQ 14.

Nick.

Re: Is a gmail/text-flow dmesg better than no dmesg?

[Stuart Henderson]

On 2015-12-30, ropers  wrote:
> It says here  that one
> should not send dmesg@ mail that's text-flow reformatted (which I
> AFAIK gmail always does, unavoidably).
>
> If (for whatever reasons) the choice is between gmail-dmesgs or no
> dmesgs, would gmail dmesgs be preferable to none (however unloved
> their text-flow shenanigans may be)?

The most important things are:

- not base64-encoded. dmesgs sent b64-encoded are totally useless.
- not html. hard to read in dmesglog and 'grep ^devicename' won't find your 
devices.

Other than that, try hard to avoid quoted-printable. Line-wrapped is best
avoided if possible but not quite so bad.

If you have a 'clean' MUA somewhere, using a command-line pastebin is
a fairly easy way of getting a dmesg there (e.g. sprunge.us, clbin,
pbot.rmdir.de etc), several of these work via a form post which can be
done as a pipe through curl.

Re: the location of openbsd.pbr

[Jack J. Woehr]

Nick Holland wrote:


You are confusing the MASTER Boot Record (first 512 bytes of the
physical disk) with the PARTITION Boot Record (first 512 bytes of the
OpenBSD partition).


Of course, you're right.

--
Jack J. Woehr # Science is more than a body of knowledge. It's a way of
www.well.com/~jax # thinking, a way of skeptically interrogating the universe
www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan

Re: the location of openbsd.pbr

[Jack J. Woehr]

dan mclaughlin wrote:

did you dd the 'c' partition on the underlying disk (not the softraid disk)?

Underlying disk is sd0 ... I did "dd if=/dev/rsd0a" like the fellow posted 
yesterday.

I see your point, of course it would be the c label.

--
Jack J. Woehr # Science is more than a body of knowledge. It's a way of
www.well.com/~jax # thinking, a way of skeptically interrogating the universe
www.softwoehr.com # with a fine understanding of human fallibility. - Carl Sagan

Re: Is a gmail/text-flow dmesg better than no dmesg?

[ropers]

Cheers man. All the best to you too -- and to everybody else around.

On 1 January 2016 at 01:18, Erling Westenvik 
wrote:
> On Thu, Dec 31, 2015 at 04:00:50PM +0100, ropers wrote:
>> > On Wed, Dec 30, 2015 at 07:09:58PM +0100, ropers wrote:
>> >> It says here  that one
>> >> should not send dmesg@ mail that's text-flow reformatted (which I
>> >> AFAIK gmail always does, unavoidably).
>> >>
>> >> If (for whatever reasons) the choice is between gmail-dmesgs or no
>> >> dmesgs, would gmail dmesgs be preferable to none (however unloved
>> >> their text-flow shenanigans may be)?
>>
>> On 31 December 2015 at 12:55, Erling Westenvik wrote:
>> > Wouldn't a simple one-liner like this do the trick?
>> >
>> > $ dmesg | mail -s "some subject" a...@b.cd
>>
>> Q: If all I have is a green herring, would eating that be better than
nothing?
>> A: You should eat a red herring.
>>
>> (SCNR. ;-)
>
> Guess I deserved that one. To my defence: I was simply incapable of
> imagine a scenario where Gmail would be the only option for sending a
> dmesg somewhere.
>
> But – A Happy New Year to you and everyone on the list!
>
> Regards
>
> Erling

Re: bandwidth usage limits with pf, etc.

[Lists]

pftop is what youbare looking for.

pkg_add pftop

> On Dec 31, 2015, at 2:28 PM, Mark Carroll  wrote:
> 
> I was wondering recently what the biggest bandwidth hogs were on my home
> network at a certain moment. On Linux I use iftop on the router for
> this, but I wonder in OpenBSD if, rather than install the iftop package,
> there's something different -- more OpenBSD-ish -- I should be doing
> with clients to pflow or whatever to achieve this same near-instanteous
> view of machines' Internet usage across the router (which NATs them from
> their LAN).
> 
> Lately I've been reading about CARP and discovering that the packet
> filter code has all kinds of cool stuff built in for transparent
> load-balancing and failover. And, I like the keep-state stuff that lets
> me do things like rate-limit ssh connections. So, I'm thinking that PF
> may offer me all manner of wonders. So, I got to thinking today:
> 
> I wondered about my kids' use of YouTube and suchlike, and I wondered if
> there's a good way of using PF on the router to give them a weekly
> download limit, perhaps cumulative over their devices, after which it
> gets limited to a slow crawl or even cut off. Is this (or some variant
> thereof) something that PF makes easy (any pointers?), or is tricky but
> clearly described in the latest Book of PF, or just not worth the effort
> of attempting -- any thoughts? I may have just picked the wrong web
> search terms, or maybe this just isn't yet at all easy.
> 
> (... and Happy New Year!)
> 
> -- Mark

Re: bandwidth usage limits with pf, etc.

[Michel Behr]

AFAIK systat displays info, it doesn't allow to limit bandwidth for example

On Thursday, 31 December 2015, Brian Conway  wrote:

> systat will show you most of what pftop does, no package necessary.
>
>
> http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/systat.1?query=systat=1
>
> Brian Conway
>
> On Dec 31, 2015 2:30 PM, "Mark Carroll" >
> wrote:
>
> > I was wondering recently what the biggest bandwidth hogs were on my home
> > network at a certain moment. On Linux I use iftop on the router for
> > this, but I wonder in OpenBSD if, rather than install the iftop package,
> > there's something different -- more OpenBSD-ish -- I should be doing
> > with clients to pflow or whatever to achieve this same near-instanteous
> > view of machines' Internet usage across the router (which NATs them from
> > their LAN).
> >
> > Lately I've been reading about CARP and discovering that the packet
> > filter code has all kinds of cool stuff built in for transparent
> > load-balancing and failover. And, I like the keep-state stuff that lets
> > me do things like rate-limit ssh connections. So, I'm thinking that PF
> > may offer me all manner of wonders. So, I got to thinking today:
> >
> > I wondered about my kids' use of YouTube and suchlike, and I wondered if
> > there's a good way of using PF on the router to give them a weekly
> > download limit, perhaps cumulative over their devices, after which it
> > gets limited to a slow crawl or even cut off. Is this (or some variant
> > thereof) something that PF makes easy (any pointers?), or is tricky but
> > clearly described in the latest Book of PF, or just not worth the effort
> > of attempting -- any thoughts? I may have just picked the wrong web
> > search terms, or maybe this just isn't yet at all easy.
> >
> > (... and Happy New Year!)
> >
> > -- Mark

Re: Is a gmail/text-flow dmesg better than no dmesg?

[Erling Westenvik]

On Thu, Dec 31, 2015 at 04:00:50PM +0100, ropers wrote:
> > On Wed, Dec 30, 2015 at 07:09:58PM +0100, ropers wrote:
> >> It says here  that one
> >> should not send dmesg@ mail that's text-flow reformatted (which I
> >> AFAIK gmail always does, unavoidably).
> >>
> >> If (for whatever reasons) the choice is between gmail-dmesgs or no
> >> dmesgs, would gmail dmesgs be preferable to none (however unloved
> >> their text-flow shenanigans may be)?
> 
> On 31 December 2015 at 12:55, Erling Westenvik wrote:
> > Wouldn't a simple one-liner like this do the trick?
> >
> > $ dmesg | mail -s "some subject" a...@b.cd
> 
> Q: If all I have is a green herring, would eating that be better than nothing?
> A: You should eat a red herring.
> 
> (SCNR. ;-)

Guess I deserved that one. To my defence: I was simply incapable of
imagine a scenario where Gmail would be the only option for sending a
dmesg somewhere.

But – A Happy New Year to you and everyone on the list!

Regards

Erling

bandwidth usage limits with pf, etc.

[Mark Carroll]

I was wondering recently what the biggest bandwidth hogs were on my home
network at a certain moment. On Linux I use iftop on the router for
this, but I wonder in OpenBSD if, rather than install the iftop package,
there's something different -- more OpenBSD-ish -- I should be doing
with clients to pflow or whatever to achieve this same near-instanteous
view of machines' Internet usage across the router (which NATs them from
their LAN).

Lately I've been reading about CARP and discovering that the packet
filter code has all kinds of cool stuff built in for transparent
load-balancing and failover. And, I like the keep-state stuff that lets
me do things like rate-limit ssh connections. So, I'm thinking that PF
may offer me all manner of wonders. So, I got to thinking today:

I wondered about my kids' use of YouTube and suchlike, and I wondered if
there's a good way of using PF on the router to give them a weekly
download limit, perhaps cumulative over their devices, after which it
gets limited to a slow crawl or even cut off. Is this (or some variant
thereof) something that PF makes easy (any pointers?), or is tricky but
clearly described in the latest Book of PF, or just not worth the effort
of attempting -- any thoughts? I may have just picked the wrong web
search terms, or maybe this just isn't yet at all easy.

(... and Happy New Year!)

-- Mark

Re: bandwidth usage limits with pf, etc.

[Brian Conway]

systat will show you most of what pftop does, no package necessary.

http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/systat.1?query=systat=1

Brian Conway

On Dec 31, 2015 2:30 PM, "Mark Carroll"  wrote:

> I was wondering recently what the biggest bandwidth hogs were on my home
> network at a certain moment. On Linux I use iftop on the router for
> this, but I wonder in OpenBSD if, rather than install the iftop package,
> there's something different -- more OpenBSD-ish -- I should be doing
> with clients to pflow or whatever to achieve this same near-instanteous
> view of machines' Internet usage across the router (which NATs them from
> their LAN).
>
> Lately I've been reading about CARP and discovering that the packet
> filter code has all kinds of cool stuff built in for transparent
> load-balancing and failover. And, I like the keep-state stuff that lets
> me do things like rate-limit ssh connections. So, I'm thinking that PF
> may offer me all manner of wonders. So, I got to thinking today:
>
> I wondered about my kids' use of YouTube and suchlike, and I wondered if
> there's a good way of using PF on the router to give them a weekly
> download limit, perhaps cumulative over their devices, after which it
> gets limited to a slow crawl or even cut off. Is this (or some variant
> thereof) something that PF makes easy (any pointers?), or is tricky but
> clearly described in the latest Book of PF, or just not worth the effort
> of attempting -- any thoughts? I may have just picked the wrong web
> search terms, or maybe this just isn't yet at all easy.
>
> (... and Happy New Year!)
>
> -- Mark