sVLAN and IPv6 duplicates

2016-01-08 Thread Denis Fondras 
Hello,

I am using svlan(4) and when I add a new svlan(4) interface after the system has
booted I always get a duplicated IPv6 and the new interface is not usable. If I
add a /etc/hostname.svlan file and I reboot, everything is fine.
Any idea why ?

Thanks,
Denis

Example (after boot) :
# ifconfig
[...]
svlan1001: flags=8843 mtu 1500
lladdr 00:15:17:c1:71:fc
priority: 0
vlan: 1001 parent interface: em0
groups: svlan
status: active
inet 100.67.233.1 netmask 0xfffc broadcast 100.67.233.3
inet6 fe80::215:17ff:fec1:71fc%svlan1001 prefixlen 64 scopeid 0x9
inet6 2001:db8:::1001:ff01 prefixlen 126
svlan1002: flags=8843 mtu 1500
lladdr 00:15:17:c1:71:fc
priority: 0
vlan: 1002 parent interface: em0
groups: svlan
status: active
inet 100.67.234.1 netmask 0xfffc broadcast 100.67.234.3
inet6 fe80::215:17ff:fec1:71fc%svlan1002 prefixlen 64 scopeid 0xa
inet6 2001:db8:::1002:ff01 prefixlen 126
svlan1003: flags=8843 mtu 1500
lladdr 00:15:17:c1:71:fc
priority: 0
vlan: 1003 parent interface: em0
groups: svlan
status: active
inet 100.67.235.1 netmask 0xfffc broadcast 100.67.235.3
inet6 fe80::215:17ff:fec1:71fc%svlan1003 prefixlen 64 scopeid 0xb
inet6 2001:db8:::1003:ff01 prefixlen 126
[...]
# ifconfig svlan1000 vlandev em0
# ifconfig svlan1000 inet6 2001:db8:::1000:ff01/126 
# ifconfig
[...]
svlan1000: flags=8843 mtu 1500
lladdr 00:15:17:c1:71:fc
priority: 0
vlan: 1000 parent interface: em0
groups: svlan
status: active
inet 100.67.230.1 netmask 0xfffc broadcast 100.67.230.3
inet6 fe80::215:17ff:fec1:71fc%svlan1000 prefixlen 64 duplicated scopeid
0xf
inet6 2001:db8:::1000:ff01 prefixlen 126 duplicated
[...]

# uname -a 
OpenBSD rt-net 5.9 GENERIC.MP#1783 amd64

OpenBSD 5.9-beta (GENERIC.MP) #1783: Sun Dec 27 17:08:42 MST 2015
 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
 RTC BIOS diagnostic error 9
 real mem = 8565923840 (8169MB)
 avail mem = 8302190592 (7917MB)
 mpath0 at root
 scsibus0 at mpath0: 256 targets
 mainbus0 at root
 bios0 at mainbus0: SMBIOS rev. 2.5 @ 0x9fa32000 (67 entries)
 bios0: vendor Intel Corporation version "S5000.86B.15.00.0101.110920101604"
date 11/09/2010
 bios0: Rackable Systems Inc. S5000PSL
 acpi0 at bios0: rev 2
 acpi0: sleep states S0 S1 S4 S5
 acpi0: tables DSDT FACP APIC SPCR HPET MCFG SSDT SSDT SSDT HEST BERT ERST EINJ
 acpi0: wakeup devices SLPB(S5) PEX0(S5) PS2M(S1) PS2K(S1) UAR1(S5) UAR2(S5)
UHC1(S1) UHC2(S1) UHC3(S1) UHC4(S1) EHCI(S1) PCIX(S5) PCIO(S5) PCIP(S5) PCIQ(S5)
PCIF(S5) [...]
 acpitimer0 at acpi0: 3579545 Hz, 24 bits
 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
 cpu0 at mainbus0: apid 0 (boot processor)
 cpu0: Intel(R) Xeon(R) CPU L5420 @ 2.50GHz, 2494.11 MHz
 cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF,SENSOR
 cpu0: 6MB 64b/line 16-way L2 cache
 cpu0: smt 0, core 0, package 0
 mtrr: Pentium Pro MTRR support, 7 var ranges, 88 fixed ranges
 cpu0: apic clock running at 332MHz
 cpu0: mwait min=64, max=64, C-substates=0.2.2.2, IBE
 cpu1 at mainbus0: apid 2 (application processor)
 cpu1: Intel(R) Xeon(R) CPU L5420 @ 2.50GHz, 2493.76 MHz
 cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF,SENSOR
 cpu1: 6MB 64b/line 16-way L2 cache
 cpu1: smt 0, core 2, package 0
 cpu2 at mainbus0: apid 1 (application processor)
 cpu2: Intel(R) Xeon(R) CPU L5420 @ 2.50GHz, 2493.76 MHz
 cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF,SENSOR
 cpu2: 6MB 64b/line 16-way L2 cache
 cpu2: smt 0, core 1, package 0
 cpu3 at mainbus0: apid 3 (application processor)
 cpu3: Intel(R) Xeon(R) CPU L5420 @ 2.50GHz, 2493.76 MHz
 cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF,SENSOR
 cpu3: 6MB 64b/line 16-way L2 cache
 cpu3: smt 0, core 3, package 0
 ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins
 ioapic1 at mainbus0: apid 9 pa 0xfec8, version 20, 24 pins
 acpihpet0 at acpi0: 14318179 Hz
 acpimcfg0 at acpi0 addr 0xa000, bus 0-255
 acpiprt0 at acpi0:

Re: problem mounting ext4 filesystem

2016-01-08 Thread Andrew Daugherity 
On Tue, Jan 5, 2016 at 5:05 PM, Remi Locherer  wrote:
> Hi,
>
> I tried to mount an ext4 filesystem on OpenBSD which was created on
> CentOS7. I get this:
>
> remi@mistral:~% doas mount -t ext2fs /dev/sd0m /mnt
> mount_ext2fs: /dev/sd0m on /mnt: specified device does not match mounted 
> device
> remi@mistral:~%  dmesg | grep incomp
> ext2fs: unsupported incompat features 0x2c2
> remi@mistral:~%
>
> Which feature is 0x2c2? Maybe I can disable this or re-create the filesystem
> on Linux without this feature?

It's a bitmask combination of features, see
https://ext4.wiki.kernel.org/index.php/Ext4_Disk_Layout#The_Super_Block
(entry 0x60, s_feature_incompat).  Features supported in OpenBSD are
described in src/sys/ufs/ext2fs/ext2fs.h, specifically the #define
EXT2F_INCOMPAT_SUPP bit.  It appears that there is some read-only ext4
support in OpenBSD, but not for your particular FS -- yours contains
the bit 0x80 (INCOMPAT_64BIT, not even listed in OpenBSD, let alone in
EXT4F_RO_INCOMPAT_SUPP).

If you want to share the FS read/write between OpenBSD and Linux, it's
probably easier to create it as ext2 rather than tracking down which
ext4 features to disable.

-Andrew

Re: sVLAN and IPv6 duplicates

2016-01-08 Thread Denis Fondras 
I tried to duplicate the configuration on a machine with rl(4) interface and I
cannot reproduce... em(4) issue perhaps ?

On Fri, Jan 08, 2016 at 07:08:26PM +0100, Denis Fondras wrote:
> Hello,
> 
> I am using svlan(4) and when I add a new svlan(4) interface after the system 
> has
> booted I always get a duplicated IPv6 and the new interface is not usable. If 
> I
> add a /etc/hostname.svlan file and I reboot, everything is fine.
> Any idea why ?
> 
> Thanks,
> Denis
> 
> Example (after boot) :
> # ifconfig
> [...]
> svlan1001: flags=8843 mtu 1500
> lladdr 00:15:17:c1:71:fc
> priority: 0
> vlan: 1001 parent interface: em0
> groups: svlan
> status: active
> inet 100.67.233.1 netmask 0xfffc broadcast 100.67.233.3
> inet6 fe80::215:17ff:fec1:71fc%svlan1001 prefixlen 64 scopeid 0x9
> inet6 2001:db8:::1001:ff01 prefixlen 126
> svlan1002: flags=8843 mtu 1500
> lladdr 00:15:17:c1:71:fc
> priority: 0
> vlan: 1002 parent interface: em0
> groups: svlan
> status: active
> inet 100.67.234.1 netmask 0xfffc broadcast 100.67.234.3
> inet6 fe80::215:17ff:fec1:71fc%svlan1002 prefixlen 64 scopeid 0xa
> inet6 2001:db8:::1002:ff01 prefixlen 126
> svlan1003: flags=8843 mtu 1500
> lladdr 00:15:17:c1:71:fc
> priority: 0
> vlan: 1003 parent interface: em0
> groups: svlan
> status: active
> inet 100.67.235.1 netmask 0xfffc broadcast 100.67.235.3
> inet6 fe80::215:17ff:fec1:71fc%svlan1003 prefixlen 64 scopeid 0xb
> inet6 2001:db8:::1003:ff01 prefixlen 126
> [...]
> # ifconfig svlan1000 vlandev em0
> # ifconfig svlan1000 inet6 2001:db8:::1000:ff01/126 
> # ifconfig
> [...]
> svlan1000: flags=8843 mtu 1500
> lladdr 00:15:17:c1:71:fc
> priority: 0
> vlan: 1000 parent interface: em0
> groups: svlan
> status: active
> inet 100.67.230.1 netmask 0xfffc broadcast 100.67.230.3
> inet6 fe80::215:17ff:fec1:71fc%svlan1000 prefixlen 64 duplicated 
> scopeid
> 0xf
> inet6 2001:db8:::1000:ff01 prefixlen 126 duplicated
> [...]
> 
> # uname -a 
> OpenBSD rt-net 5.9 GENERIC.MP#1783 amd64
> 
> OpenBSD 5.9-beta (GENERIC.MP) #1783: Sun Dec 27 17:08:42 MST 2015
>  dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>  RTC BIOS diagnostic error 9
>  real mem = 8565923840 (8169MB)
>  avail mem = 8302190592 (7917MB)
>  mpath0 at root
>  scsibus0 at mpath0: 256 targets
>  mainbus0 at root
>  bios0 at mainbus0: SMBIOS rev. 2.5 @ 0x9fa32000 (67 entries)
>  bios0: vendor Intel Corporation version "S5000.86B.15.00.0101.110920101604"
> date 11/09/2010
>  bios0: Rackable Systems Inc. S5000PSL
>  acpi0 at bios0: rev 2
>  acpi0: sleep states S0 S1 S4 S5
>  acpi0: tables DSDT FACP APIC SPCR HPET MCFG SSDT SSDT SSDT HEST BERT ERST 
> EINJ
>  acpi0: wakeup devices SLPB(S5) PEX0(S5) PS2M(S1) PS2K(S1) UAR1(S5) UAR2(S5)
> UHC1(S1) UHC2(S1) UHC3(S1) UHC4(S1) EHCI(S1) PCIX(S5) PCIO(S5) PCIP(S5) 
> PCIQ(S5)
> PCIF(S5) [...]
>  acpitimer0 at acpi0: 3579545 Hz, 24 bits
>  acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
>  cpu0 at mainbus0: apid 0 (boot processor)
>  cpu0: Intel(R) Xeon(R) CPU L5420 @ 2.50GHz, 2494.11 MHz
>  cpu0:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF,SENSOR
>  cpu0: 6MB 64b/line 16-way L2 cache
>  cpu0: smt 0, core 0, package 0
>  mtrr: Pentium Pro MTRR support, 7 var ranges, 88 fixed ranges
>  cpu0: apic clock running at 332MHz
>  cpu0: mwait min=64, max=64, C-substates=0.2.2.2, IBE
>  cpu1 at mainbus0: apid 2 (application processor)
>  cpu1: Intel(R) Xeon(R) CPU L5420 @ 2.50GHz, 2493.76 MHz
>  cpu1:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF,SENSOR
>  cpu1: 6MB 64b/line 16-way L2 cache
>  cpu1: smt 0, core 2, package 0
>  cpu2 at mainbus0: apid 1 (application processor)
>  cpu2: Intel(R) Xeon(R) CPU L5420 @ 2.50GHz, 2493.76 MHz
>  cpu2:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,XSAVE,NXE,LONG,LAHF,PERF,SENSOR
>  cpu2: 6MB 64b/line 16-way L2 cache
>  cpu2: smt 0, core 1, package 0
>  cpu3 at mainbus0: apid 3 (application processor)
>  cpu3: Intel(R) Xeon(R) CPU L5420 @ 2.50GHz, 2493.76 MHz
>  cpu3:
>

Re: PF: can't make queueing and priority work as expected

2016-01-08 Thread Atanas Vladimirov 

On 8 януари 2016 г. 17:51:21 Marko Cupać  wrote:


I am completely confused. It seems that everything I've known about
queueing in PF does not apply any more, while at the same time there are
no reliable sources to learn new stuff.

Let's follow this paragraph from 'Book of PF':

---quote---
Shaping by Setting Traffic Priorities
If you’re mainly interested in pushing certain kinds of traffic ahead
of others, you may be able to achieve what you want by simply setting
priorities: assigning a higher priority to some items so that they
receive attention before others.
---quote---

This is _exactly_ what I'm mainly interested in. As I want to throttle
just p2p traffic, I should be able to accomplish my goal with the
following relevant lines:

p2p = "{ 1:65535 }"
match proto { tcp udp } to port $p2p set prio 0
pass in  on $if_int inet proto { tcp udp }  from $if_int:network \
 to any port $p2p
pass out on $if_ext inet proto { tcp udp }  from $if_int:network \
 to any port $p2p

But, at least on my hardware, this does nothing. Torrents are still
being downloaded at max speed (~8Mbit/s), while simultaneous
download of install59.fs from ftp.obenbsd.org goes at at ~6Kbit/s.

Any comment? Suggestion? Instruction how to troubleshoot?

Thank you in advance.


http://marc.info/?l=openbsd-misc=141085207225887=2

Please read the whole thread. You have to set both min and max bw for every 
queue.

I think that this is a bug in amd64 - i386 works as it should.


Sent with AquaMail for Android
http://www.aqua-mail.com

Re: sudo and globbing

2016-01-08 Thread Jiri B 
On Fri, Jan 08, 2016 at 12:04:15PM +0200, Alexey Kurinnij wrote:
> And what about difference? Explain please.
> 
> > > I discovered an article about sudo and globbing[1] and
> > > there's difference how it does work on Linux and OpenBSD.
> >
> > http://zurlinux.com/?p=2244
> >
> > > - openbsd
> > >
> > > # su -s /usr/local/bin/bash - nobody
> > > No home directory /nonexistent!
> > > Logging in with home = "/".
> > > -bash-4.3$ sudo bash -c "ls -l /var/tor/cache*"
> > > -rw---  1 _tor  _tor20442 Dec 10 11:32 /var/tor/cached-certs
> > > -rw---  1 _tor  _tor  1409287 Jan  7 15:56
> > /var/tor/cached-microdesc-consensus
> > > -rw---  1 _tor  _tor  5107307 Jan  7 17:23 /var/tor/cached-microdescs
> > > -rw---  1 _tor  _tor0 Jan  7 17:23
> > /var/tor/cached-microdescs.new
> > > -bash-4.3$ sudo -s bash -c "ls -l /var/tor/cache*"
> > > .cshrc   .profile altroot  bin  bsd  bsd.rd   bsd.sp   dev
> > etc  home mnt  root sbin sys  tftpboot tmp
> > usr  var

^^^ here '*' gets expanded inside original user's shell.

> > > - linux
> > >
> > > [root@slot-1 ~]# su -s /bin/bash nobody
> > > bash-4.2$ sudo bash -c "ls -l /var/cache/ldconfig/aux*"
> > > -rw---. 1 root root 26470 Dec 22 17:52 /var/cache/ldconfig/aux-cache
> > > bash-4.2$ sudo -s bash -c "ls -l /var/cache/ldconfig/aux*"
> > > -rw---. 1 root root 26470 Dec 22 17:52 /var/cache/ldconfig/aux-cache

^^^ here '*' gets expanded probably later, as original user does
not have access to /var/cache/ldconfig at all.

In both cases original user does not have access to /var/tor, respecively
to /var/cache/ldconfig.

So the question is: why does same command on equally "restricted" dir
path gets different output - why on openbsd does '*' get expanded
immediatelly but on linux is it taken into account somehow by sudo (?)...

j.

Re: Missing files in etc

2016-01-08 Thread Andreas Kusalananda Kähäri 
On Thu, Jan 07, 2016 at 11:42:32PM +, Roderich wrote:
> On Thu, 7 Jan 2016, Philip Guenther wrote:
> 
> >>Unpacking base58.tgz with "tar xvzpf" is not enough to serve a diskless
> >>machine, the missing files are necessary.
> >>
> >>What can I do?
> >
> >You could USE THE INSTALLER, instead of creating problems for yourself
> >and wasting other people's time.
> 
> I thank Ingo very much for his time writing one line. The diskless machine
> is now running.
> 
> Please, Guenther, tell me, how to use the installer to populate
> a directory to serve a diskless machine. Please!
> 
> Perhaps you help a lot of people, that like me, want to ocassionally
> set up quickly a diskless machine only to make a test without risk
> for a working machine. Or do you think, one must read the installer
> script to do that?
> 
> BTW, it seems, now is /etc/fstab necessary.
> 
> And something like telnetd or sshd in the installers shell
> can be very helpfull for making the kernel panic and save
> the result of trace and ps.
> 
> Regards
> Rodrigo.
> 

What I've done in the past is to follow the FAQ for "Building a Release"
(http://www.openbsd.org/faq/faq5.html#Release).  It will leave DESTDIR
with a base system that you can move to the correct location and modify
for your diskless host.  It's an alternative at least, if you are ok
with building it yourself from sources.

Cheers,

-- 
Andreas Kusalananda Kähäri, Bioinformatics Developer, Uppsala, Sweden
OpenPGP: url=https://db.tt/2zaB1E7y; id=46082BDF

Re: sudo and globbing

2016-01-08 Thread Peter Hessler 
On 2016 Jan 08 (Fri) at 05:52:32 -0500 (-0500), Jiri B wrote:
:On Fri, Jan 08, 2016 at 12:04:15PM +0200, Alexey Kurinnij wrote:
:> And what about difference? Explain please.
:> 
:> > > I discovered an article about sudo and globbing[1] and
:> > > there's difference how it does work on Linux and OpenBSD.
:> >
:> > http://zurlinux.com/?p=2244
:> >
:> > > - openbsd
:> > >
:> > > # su -s /usr/local/bin/bash - nobody
:> > > No home directory /nonexistent!
:> > > Logging in with home = "/".
:> > > -bash-4.3$ sudo bash -c "ls -l /var/tor/cache*"
:> > > -rw---  1 _tor  _tor20442 Dec 10 11:32 /var/tor/cached-certs
:> > > -rw---  1 _tor  _tor  1409287 Jan  7 15:56
:> > /var/tor/cached-microdesc-consensus
:> > > -rw---  1 _tor  _tor  5107307 Jan  7 17:23 /var/tor/cached-microdescs
:> > > -rw---  1 _tor  _tor0 Jan  7 17:23
:> > /var/tor/cached-microdescs.new
:> > > -bash-4.3$ sudo -s bash -c "ls -l /var/tor/cache*"
:> > > .cshrc   .profile altroot  bin  bsd  bsd.rd   bsd.sp   dev
:> > etc  home mnt  root sbin sys  tftpboot tmp
:> > usr  var
:
:^^^ here '*' gets expanded inside original user's shell.
:
:> > > - linux
:> > >
:> > > [root@slot-1 ~]# su -s /bin/bash nobody
:> > > bash-4.2$ sudo bash -c "ls -l /var/cache/ldconfig/aux*"
:> > > -rw---. 1 root root 26470 Dec 22 17:52 /var/cache/ldconfig/aux-cache
:> > > bash-4.2$ sudo -s bash -c "ls -l /var/cache/ldconfig/aux*"
:> > > -rw---. 1 root root 26470 Dec 22 17:52 /var/cache/ldconfig/aux-cache
:
:^^^ here '*' gets expanded probably later, as original user does
:not have access to /var/cache/ldconfig at all.
:
:In both cases original user does not have access to /var/tor, respecively
:to /var/cache/ldconfig.
:
:So the question is: why does same command on equally "restricted" dir
:path gets different output - why on openbsd does '*' get expanded
:immediatelly but on linux is it taken into account somehow by sudo (?)...
:
:j.
:

$ ls -l /var/spool/smtpd/* | head 
ls: /var/spool/smtpd/*: No such file or directory
$ ls -l /var/spool/smtpd  
ls: smtpd: Permission denied
$ doas bash -c "ls -l /var/spool/smtpd/*" | head 
/var/spool/smtpd/corrupt:

/var/spool/smtpd/incoming:

/var/spool/smtpd/offline:

/var/spool/smtpd/purge:
total 352
drwx--  2 _smtpq  wheel  512 Jan 14  2015 1040272804
drwx--  2 _smtpq  wheel  512 Jan 14  2015 1056615683
$ sudo bash -c "ls -l /var/spool/smtpd/*" | head 
/var/spool/smtpd/corrupt:

/var/spool/smtpd/incoming:

/var/spool/smtpd/offline:

/var/spool/smtpd/purge:
total 352
drwx--  2 _smtpq  wheel  512 Jan 14  2015 1040272804
drwx--  2 _smtpq  wheel  512 Jan 14  2015 1056615683
$ uname -a
OpenBSD dante.berlin.hsgate.de 5.9 GENERIC.MP#2 amd64


I can't reproduce your failure on -current.  I'm assuming there was some
spaces or quotation failures when you generated your example.


-- 
"A radioactive cat has eighteen half-lives."

Re: PF: can't make queueing and priority work as expected

2016-01-08 Thread Marko Cupać 
On Fri, 8 Jan 2016 11:13:08 -0500
sven falempin  wrote:

> You will need to forward the all rule set i think, maybe the set prio
> 0 is erased by a further rules, try to pass in quick those p2p
> traffic before maybe ?

I had the luxury of ditching the complete ruleset for very simple one:

---pf.conf-start---
# RUNTIME OPTIONS
set skip on lo0

# INTERFACES
if_int  = "re2"
if_ext  = "pppoe0"

# HOSTS & NETWORKS
localnet   = "{ 192.168.33.0/24 }"

# PORTS
both_p2p = "{ 1000:65535 }"

# NAT
match in  all scrub ( no-df random-id max-mss 1440 )
match out on $if_ext inet from $localnet to any nat-to ($if_ext:0)

# RULES
block drop log all
pass inet from ($if_ext:0)   to any
pass inet from $localnet to any
pass inet proto tcp from ($if_ext:0) to any port $both_p2p \
 set ( prio 0 )
pass inet proto tcp from $localnet   to any port $both_p2p \
 set ( prio 0 )
pass inet proto udp from ($if_ext:0) to any port $both_p2p \
 set ( prio 0 )
pass inet proto udp from $localnet   to any port $both_p2p \
 set ( prio 0 )
---pf.conf-end---

Actual ruleset (as seen by pfctl -sr output) is as follows:

---pfctl-sr-start---
match in all scrub (no-df random-id max-mss 1440)
match out on pppoe0 inet from 192.168.33.0/24 to any nat-to (pppoe0:0)
block drop log all
pass inet from (pppoe0:0) to any flags S/SA
pass inet from 192.168.33.0/24 to any flags S/SA
pass inet proto tcp from (pppoe0:0) to any port 1000:65535 \
 flags S/SA set ( prio 0 )
pass inet proto tcp from 192.168.33.0/24 to any port 1000:65535 \
 flags S/SA set ( prio 0 )
pass inet proto udp from (pppoe0:0) to any port 1000:65535 \
 set ( prio 0 )
pass inet proto udp from 192.168.33.0/24 to any port 1000:65535 \
 set ( prio 0 )
---pfctl-sr-end---

Situation is still the same: torrents being downloaded at full speed
(~8Mbit/s), simultaneous download of install59.fs from ftp.openbsd.org
averages at ~6Kbit/s.

Can anyone reproduce this?
--
Before enlightenment - chop wood, draw water.
After  enlightenment - chop wood, draw water.

Marko Cupać
https://www.mimar.rs/

Re: sudo and globbing

2016-01-08 Thread Eric Furman 
There are so many differences between Linux and every other flavour of
UNIX;
like OpenBSD, AIX, Solaris, etc, that WTF is your point??
Really?
What about Gnu's Not UNIX don't you get?
This crap is just trolling, IMHO.

On Fri, Jan 8, 2016, at 09:27 AM, Alexander Hall wrote:
> On January 8, 2016 11:52:32 AM GMT+01:00, Jiri B  wrote:
> >On Fri, Jan 08, 2016 at 12:04:15PM +0200, Alexey Kurinnij wrote:
> >> And what about difference? Explain please.
> >> 
> >> > > I discovered an article about sudo and globbing[1] and
> >> > > there's difference how it does work on Linux and OpenBSD.
> >> >
> >> > http://zurlinux.com/?p=2244
> >> >
> >> > > - openbsd
> >> > >
> >> > > # su -s /usr/local/bin/bash - nobody
> >> > > No home directory /nonexistent!
> >> > > Logging in with home = "/".
> >> > > -bash-4.3$ sudo bash -c "ls -l /var/tor/cache*"
> >> > > -rw---  1 _tor  _tor20442 Dec 10 11:32
> >/var/tor/cached-certs
> >> > > -rw---  1 _tor  _tor  1409287 Jan  7 15:56
> >> > /var/tor/cached-microdesc-consensus
> >> > > -rw---  1 _tor  _tor  5107307 Jan  7 17:23
> >/var/tor/cached-microdescs
> >> > > -rw---  1 _tor  _tor0 Jan  7 17:23
> >> > /var/tor/cached-microdescs.new
> >> > > -bash-4.3$ sudo -s bash -c "ls -l /var/tor/cache*"
> >> > > .cshrc   .profile altroot  bin  bsd  bsd.rd   bsd.sp  
> >dev
> >> > etc  home mnt  root sbin sys  tftpboot tmp
> >> > usr  var
> >
> >^^^ here '*' gets expanded inside original user's shell.
> 
> I see no way that glob would result in the contents of the root
> directory. 
> 
> Here's my guess: everything after -s is concatenated and whitespace
> separated, effectively turning the example into 
> 
> bash -c ls -l /var/tor/cache*
> 
> Thus, start bash and ask it to run "ls". Also pass "-l" and
> /var/tor/cache* as $0, $1... The latter of which is pretty pointless. 
> 
> Thus could be a matter of different default configurations between $LINUX
> and openbsd. 
> 
> /Alexander 
> 
> >
> >> > > - linux
> >> > >
> >> > > [root@slot-1 ~]# su -s /bin/bash nobody
> >> > > bash-4.2$ sudo bash -c "ls -l /var/cache/ldconfig/aux*"
> >> > > -rw---. 1 root root 26470 Dec 22 17:52
> >/var/cache/ldconfig/aux-cache
> >> > > bash-4.2$ sudo -s bash -c "ls -l /var/cache/ldconfig/aux*"
> >> > > -rw---. 1 root root 26470 Dec 22 17:52
> >/var/cache/ldconfig/aux-cache
> >
> >^^^ here '*' gets expanded probably later, as original user does
> >not have access to /var/cache/ldconfig at all.
> >
> >In both cases original user does not have access to /var/tor,
> >respecively
> >to /var/cache/ldconfig.
> >
> >So the question is: why does same command on equally "restricted" dir
> >path gets different output - why on openbsd does '*' get expanded
> >immediatelly but on linux is it taken into account somehow by sudo
> >(?)...
> >
> >j.

Alt key doesn't work

2016-01-08 Thread Teng Zhang 
hi,
the Alt key doesn't work on my machine in most cases except for
changing console(Crtl+Alt+F_number). So, what key i can use to replace Alt.

Re: Alt key doesn't work

2016-01-08 Thread sikerbela 

If it changes console with Alt then it is getting the keypress.
You might try out getting its keycode with xev and mapping it to proper
Alt with xmodmap.

On 2016-01-09 03:54, Teng Zhang wrote:

hi,
the Alt key doesn't work on my machine in most cases except for
changing console(Crtl+Alt+F_number). So, what key i can use to replace 
Alt.

Re: sudo and globbing

2016-01-08 Thread Alexey Kurinnij 
And what about difference? Explain please.

On Thu, Jan 7, 2016 at 7:03 PM, Jiri B  wrote:

> On Thu, Jan 07, 2016 at 11:43:14AM -0500, Jiri B wrote:
> > I discovered an article about sudo and globbing[1] and
> > there's difference how it does work on Linux and OpenBSD.
>
> I forgot to put the url
>
> http://zurlinux.com/?p=2244
>
> > - openbsd
> >
> > # su -s /usr/local/bin/bash - nobody
> > No home directory /nonexistent!
> > Logging in with home = "/".
> > -bash-4.3$ sudo bash -c "ls -l /var/tor/cache*"
> > -rw---  1 _tor  _tor20442 Dec 10 11:32 /var/tor/cached-certs
> > -rw---  1 _tor  _tor  1409287 Jan  7 15:56
> /var/tor/cached-microdesc-consensus
> > -rw---  1 _tor  _tor  5107307 Jan  7 17:23 /var/tor/cached-microdescs
> > -rw---  1 _tor  _tor0 Jan  7 17:23
> /var/tor/cached-microdescs.new
> > -bash-4.3$ sudo -s bash -c "ls -l /var/tor/cache*"
> > .cshrc   .profile altroot  bin  bsd  bsd.rd   bsd.sp   dev
> etc  home mnt  root sbin sys  tftpboot tmp
> usr  var
> >
> > - linux
> >
> > [root@slot-1 ~]# su -s /bin/bash nobody
> > bash-4.2$ exit
> > [root@slot-1 ~]# visudo
> > [root@slot-1 ~]# su -s /bin/bash nobody
> > bash-4.2$ sudo bash -c "ls -l /var/cache/ldconfig/aux*"
> > -rw---. 1 root root 26470 Dec 22 17:52 /var/cache/ldconfig/aux-cache
> > bash-4.2$ sudo -s bash -c "ls -l /var/cache/ldconfig/aux*"
> > -rw---. 1 root root 26470 Dec 22 17:52 /var/cache/ldconfig/aux-cache

Re: sudo and globbing

2016-01-08 Thread Raf Czlonka 
On Thu, Jan 07, 2016 at 04:43:14PM GMT, Jiri B wrote:
> I discovered an article about sudo and globbing[1] and
> there's difference how it does work on Linux and OpenBSD.

AFAIK, globbing is done by shell and sudo doesn't take part in it.

> # su -s /usr/local/bin/bash - nobody
  ^
> [root@slot-1 ~]# su -s /bin/bash nobody
> [...]
> Could anybody explain the difference?

One thing I can see is that on OpenBSD, you run bash as a login shell
but not on Linux.

My guess is that your bash login shell options, or globbing options
between the systems in general, are the cause of the above.

Regards,

Raf

Re: PF: can't make queueing and priority work as expected

2016-01-08 Thread Marko Cupać 
On Thu, 7 Jan 2016 22:41:47 + (UTC)
Stuart Henderson  wrote:

> On 2016-01-07, Marko Cupać  wrote:
> > # QUEUES
> > queue upload  on $if_ext bandwidth  860K
> >queue ack  parent upload   qlimit 50  bandwidth   10K
> >queue fast parent upload   qlimit 50  bandwidth   20K
> >queue bulk parent upload   qlimit 50  bandwidth  800K default
> >queue slow parent upload   qlimit 50  bandwidth   30K
> > queue download on $if_intbandwidth 8800K
> >queue ack  parent download qlimit 50  bandwidth  100K
> >queue fast parent download qlimit 50  bandwidth  200K
> >queue bulk parent download qlimit 50  bandwidth 8000K default
> >queue slow parent download qlimit 50  bandwidth  500K
>
> While the manual suggests it works like this, I've only got it working
> close to how I expect when I set "max" on the queues. I don't know
> whether that's a bug or simply lack of fully understanding it on my
> part, though.
>

I changed my configuration, it has 5 queues now. I also don't put ACKs
into separate queue, and I don't give them higher priority. I've set
"max" value on each queue. But http(s) traffic still doesn't get
priority over p2p.

Here's relevant part of pf.conf:

# QUEUES
queue upload  on $if_ext   bandwidth  860K max  860K
 queue fast parent upload   qlimit 50  bandwidth   40K max   40K
 queue web  parent upload   qlimit 50  bandwidth  600K max  600K default
 queue bulk parent upload   qlimit 50  bandwidth   20K max   20K
 queue slow parent upload   qlimit 50  bandwidth  100K max  600K
 queue p2p  parent upload   qlimit 50  bandwidth  100K max  600K
qeue download on $if_int   bandwidth 8600K max 8600K
 queue fast parent download qlimit 50  bandwidth  400K max  400K
 queue web  parent download qlimit 50  bandwidth 6000K max 6000K default
 queue bulk parent download qlimit 50  bandwidth  200K max  200K
 queue slow parent download qlimit 50  bandwidth 1000K max 6000K
 queue p2p  parent download qlimit 50  bandwidth 1000K max 6000K

# SHAPING
match proto icmp   set ( queue fast prio 6 )
match proto tcp  to port 22set ( queue fast prio 5 )
match proto tcp  to port 53set ( queue fast prio 5 )
match proto udp  to port 53set ( queue fast prio 5 )
match proto tcp  to port $xmpp set ( queue fast prio 5 )
match proto tcp  to port $web  set ( queue web  prio 4 )
match proto tcp  to port $mail set ( queue slow prio 2 )
match proto tcp  to port $p2p  set ( queue p2p  prio 0 )
match proto udp  to port $p2p  set ( queue p2p  prio 0 )

Should I conclude my goal of throttling smaller priority traffic to
minimum when higher priority traffic arrives can't be achieved with
current PF? If I haven't gone senile, I did this successfully on dozens
of firewalls back in altq/HFSC age.

Any good soul out there to point me in the right direction to achieve
my goal? Or at least confirm it is not possible? Could the problem be
related to hardware and not software? This is 5.8 with all errata
patches on pcengines' apu1d.

dmesg:
OpenBSD 5.8 (GENERIC.MP) #2: Thu Nov 26 10:23:47 CET 2015
pacija@kerber.mimar.local:/usr/src/sys/arch/amd64/compile/GENERIC.MP
RTC BIOS diagnostic error
ff
real mem = 2098511872 (2001MB)
avail mem = 2031079424 (1936MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0x7e16d820 (7 entries)
bios0: vendor coreboot version "4.0" date 09/08/2014
bios0: PC Engines APU
acpi0 at bios0: rev 0
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP SPCR HPET APIC HEST SSDT SSDT SSDT
acpi0: wakeup devices AGPB(S4) HDMI(S4) PBR4(S4) PBR5(S4) PBR6(S4)
PBR7(S4) PE20(S4) PE21(S4) PE22(S4) PE23(S4) PIBR(S4) UOH1(S3) UOH2(S3)
UOH3(S3) UOH4(S3) UOH5(S3) [...]
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpihpet0 at acpi0: 14318180 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD G-T40E Processor, 1000.15 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,SSSE3,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,L
ONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,IBS,SKINIT,ITSC
cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
64b/line 16-way L2 cache
cpu0: 8 4MB entries fully associative
cpu0: DTLB 40 4KB entries fully associative, 8 4MB entries fully
associative
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 199MHz
cpu0: mwait min=64, max=64, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD G-T40E Processor, 1000.00 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,SSSE3,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,L

Re: PF: can't make queueing and priority work as expected

2016-01-08 Thread David Coppa 
On Fri, Jan 8, 2016 at 12:44 PM, Marko Cupać  wrote:

> Should I conclude my goal of throttling smaller priority traffic to
> minimum when higher priority traffic arrives can't be achieved with
> current PF? If I haven't gone senile, I did this successfully on dozens
> of firewalls back in altq/HFSC age.
>
> Any good soul out there to point me in the right direction to achieve
> my goal? Or at least confirm it is not possible? Could the problem be
> related to hardware and not software? This is 5.8 with all errata
> patches on pcengines' apu1d.

Maybe is the "old" problem of queues with the default HZ value of 100?

See: http://marc.info/?l=openbsd-misc=140863695214420

Ciao!
David

> dmesg:
> OpenBSD 5.8 (GENERIC.MP) #2: Thu Nov 26 10:23:47 CET 2015
> pacija@kerber.mimar.local:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> RTC BIOS diagnostic error
> ff
> real mem = 2098511872 (2001MB)
> avail mem = 2031079424 (1936MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.7 @ 0x7e16d820 (7 entries)
> bios0: vendor coreboot version "4.0" date 09/08/2014
> bios0: PC Engines APU
> acpi0 at bios0: rev 0
> acpi0: sleep states S0 S1 S3 S4 S5
> acpi0: tables DSDT FACP SPCR HPET APIC HEST SSDT SSDT SSDT
> acpi0: wakeup devices AGPB(S4) HDMI(S4) PBR4(S4) PBR5(S4) PBR6(S4)
> PBR7(S4) PE20(S4) PE21(S4) PE22(S4) PE23(S4) PIBR(S4) UOH1(S3) UOH2(S3)
> UOH3(S3) UOH4(S3) UOH5(S3) [...]
> acpitimer0 at acpi0: 3579545 Hz, 32 bits
> acpihpet0 at acpi0: 14318180 Hz
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: AMD G-T40E Processor, 1000.15 MHz
> cpu0:
>
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
>
H,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,SSSE3,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,L
> ONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,IBS,SKINIT,ITSC
> cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
> 64b/line 16-way L2 cache
> cpu0: 8 4MB entries fully associative
> cpu0: DTLB 40 4KB entries fully associative, 8 4MB entries fully
> associative
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
> cpu0: apic clock running at 199MHz
> cpu0: mwait min=64, max=64, IBE
> cpu1 at mainbus0: apid 1 (application processor)
> cpu1: AMD G-T40E Processor, 1000.00 MHz
> cpu1:
>
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
>
H,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,SSSE3,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,L
> ONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,IBS,SKINIT,ITSC
> cpu1: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
> 64b/line 16-way L2 cache
> cpu1: 8 4MB entries fully associative
> cpu1: DTLB 40 4KB entries fully associative, 8 4MB entries fully
> associative
> cpu1: smt 0, core 1, package 0
> ioapic0 at mainbus0: apid 2 pa 0xfec0, version 21, 24 pins
> acpiprt0 at acpi0: bus -1 (AGPB)
> acpiprt1 at acpi0: bus -1 (HDMI)
> acpiprt2 at acpi0: bus 1 (PBR4)
> acpiprt3 at acpi0: bus 2 (PBR5)
> acpiprt4 at acpi0: bus 3 (PBR6)
> acpiprt5 at acpi0: bus -1 (PBR7)
> acpiprt6 at acpi0: bus 5 (PE20)
> acpiprt7 at acpi0: bus -1 (PE21)
> acpiprt8 at acpi0: bus -1 (PE22)
> acpiprt9 at acpi0: bus -1 (PE23)
> acpiprt10 at acpi0: bus 0 (PCI0)
> acpiprt11 at acpi0: bus 4 (PIBR)
> acpicpu0 at acpi0: !C2(0@100 io@0x841), C1(@1 halt!), PSS
> acpicpu1 at acpi0: !C2(0@100 io@0x841), C1(@1 halt!), PSS
> acpibtn0 at acpi0: PWRB
> cpu0: 1000 MHz: speeds: 1000 800 MHz
> pci0 at mainbus0 bus 0
> pchb0 at pci0 dev 0 function 0 "AMD AMD64 14h Host" rev 0x00
> ppb0 at pci0 dev 4 function 0 "AMD AMD64 14h PCIE" rev 0x00: msi
> pci1 at ppb0 bus 1
> re0 at pci1 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E
> (0x2c00), msi, address 00:0d:b9:3e:84:9c
> rgephy0 at re0 phy 7: RTL8169S/8110S/8211 PHY, rev. 4
> ppb1 at pci0 dev 5 function 0 "AMD AMD64 14h PCIE" rev 0x00: msi
> pci2 at ppb1 bus 2
> re1 at pci2 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E
> (0x2c00), msi, address 00:0d:b9:3e:84:9d
> rgephy1 at re1 phy 7: RTL8169S/8110S/8211 PHY, rev. 4
> ppb2 at pci0 dev 6 function 0 "AMD AMD64 14h PCIE" rev 0x00: msi
> pci3 at ppb2 bus 3
> re2 at pci3 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E
> (0x2c00), msi, address 00:0d:b9:3e:84:9e
> rgephy2 at re2 phy 7: RTL8169S/8110S/8211 PHY, rev. 4
> ahci0 at pci0 dev 17 function 0 "ATI SBx00 SATA" rev 0x40: apic 2 int
> 19, AHCI 1.2
> scsibus1 at ahci0: 32 targets
> ohci0 at pci0 dev 18 function 0 "ATI SB700 USB" rev 0x00: apic 2 int
> 18, version 1.0, legacy support
> ehci0 at pci0 dev 18 function 2 "ATI SB700 USB2" rev 0x00: apic 2 int 17
> usb0 at ehci0: USB revision 2.0
> uhub0 at usb0 "ATI EHCI root hub" rev 2.00/1.00 addr 1
> ohci1 at pci0 dev 19 function 0 "ATI SB700 USB" rev 0x00: apic 2 int
> 18, version 1.0, legacy support

Re: sudo and globbing

2016-01-08 Thread ludovic coues 
2016-01-08 11:52 GMT+01:00 Jiri B :
>
> So the question is: why does same command on equally "restricted" dir
> path gets different output - why on openbsd does '*' get expanded
> immediatelly but on linux is it taken into account somehow by sudo (?)...
>
> j.
>

you put a dash between the shell and the user in the command on
openbsd. You didn't put that dash on linux.

Re: sudo and globbing

2016-01-08 Thread Alexander Hall 
On January 8, 2016 11:52:32 AM GMT+01:00, Jiri B  wrote:
>On Fri, Jan 08, 2016 at 12:04:15PM +0200, Alexey Kurinnij wrote:
>> And what about difference? Explain please.
>> 
>> > > I discovered an article about sudo and globbing[1] and
>> > > there's difference how it does work on Linux and OpenBSD.
>> >
>> > http://zurlinux.com/?p=2244
>> >
>> > > - openbsd
>> > >
>> > > # su -s /usr/local/bin/bash - nobody
>> > > No home directory /nonexistent!
>> > > Logging in with home = "/".
>> > > -bash-4.3$ sudo bash -c "ls -l /var/tor/cache*"
>> > > -rw---  1 _tor  _tor20442 Dec 10 11:32
>/var/tor/cached-certs
>> > > -rw---  1 _tor  _tor  1409287 Jan  7 15:56
>> > /var/tor/cached-microdesc-consensus
>> > > -rw---  1 _tor  _tor  5107307 Jan  7 17:23
>/var/tor/cached-microdescs
>> > > -rw---  1 _tor  _tor0 Jan  7 17:23
>> > /var/tor/cached-microdescs.new
>> > > -bash-4.3$ sudo -s bash -c "ls -l /var/tor/cache*"
>> > > .cshrc   .profile altroot  bin  bsd  bsd.rd   bsd.sp  
>dev
>> > etc  home mnt  root sbin sys  tftpboot tmp
>> > usr  var
>
>^^^ here '*' gets expanded inside original user's shell.

I see no way that glob would result in the contents of the root directory. 

Here's my guess: everything after -s is concatenated and whitespace separated, 
effectively turning the example into 

bash -c ls -l /var/tor/cache*

Thus, start bash and ask it to run "ls". Also pass "-l" and /var/tor/cache* as 
$0, $1... The latter of which is pretty pointless. 

Thus could be a matter of different default configurations between $LINUX and 
openbsd. 

/Alexander 

>
>> > > - linux
>> > >
>> > > [root@slot-1 ~]# su -s /bin/bash nobody
>> > > bash-4.2$ sudo bash -c "ls -l /var/cache/ldconfig/aux*"
>> > > -rw---. 1 root root 26470 Dec 22 17:52
>/var/cache/ldconfig/aux-cache
>> > > bash-4.2$ sudo -s bash -c "ls -l /var/cache/ldconfig/aux*"
>> > > -rw---. 1 root root 26470 Dec 22 17:52
>/var/cache/ldconfig/aux-cache
>
>^^^ here '*' gets expanded probably later, as original user does
>not have access to /var/cache/ldconfig at all.
>
>In both cases original user does not have access to /var/tor,
>respecively
>to /var/cache/ldconfig.
>
>So the question is: why does same command on equally "restricted" dir
>path gets different output - why on openbsd does '*' get expanded
>immediatelly but on linux is it taken into account somehow by sudo
>(?)...
>
>j.

Re: PF: can't make queueing and priority work as expected

2016-01-08 Thread Marko Cupać 
I am completely confused. It seems that everything I've known about
queueing in PF does not apply any more, while at the same time there are
no reliable sources to learn new stuff.

Let's follow this paragraph from 'Book of PF':

---quote---
Shaping by Setting Traffic Priorities
If you’re mainly interested in pushing certain kinds of traffic ahead
of others, you may be able to achieve what you want by simply setting
priorities: assigning a higher priority to some items so that they
receive attention before others.
---quote---

This is _exactly_ what I'm mainly interested in. As I want to throttle
just p2p traffic, I should be able to accomplish my goal with the
following relevant lines:

p2p = "{ 1:65535 }"
match proto { tcp udp } to port $p2p set prio 0
pass in  on $if_int inet proto { tcp udp }  from $if_int:network \
 to any port $p2p
pass out on $if_ext inet proto { tcp udp }  from $if_int:network \
 to any port $p2p

But, at least on my hardware, this does nothing. Torrents are still
being downloaded at max speed (~8Mbit/s), while simultaneous
download of install59.fs from ftp.obenbsd.org goes at at ~6Kbit/s.

Any comment? Suggestion? Instruction how to troubleshoot?

Thank you in advance.
--
Before enlightenment - chop wood, draw water.
After  enlightenment - chop wood, draw water.

Marko Cupać
https://www.mimar.rs/

Re: sudo and globbing

2016-01-08 Thread Todd C. Miller 
You are comparing two very different versions of sudo.  The sudo
that used to ship with OpenBSD is version 1.7.2p8 which is rather
ancient.  On Linux you probably have some variant of sudo 1.8.x.
Newer versions of sudo escape spaces in the command run via "sudo
-s" whereas the ancient 1.7.2p8 does not.  That probably explains
the difference.

If you install sudo from ports you will get the same behavior you
see on linux.

 - todd