Re: L2TP/IPSec via npppd won't work with Android 5.x

2016-02-21 Thread YASUOKA Masahiko 
Hi,

On Mon, 22 Feb 2016 00:26:11 +0800
Jiahao Dai  wrote:
> I am a new openBSD user and I found it's extramly difficult to setup a
> L2TP/IPSec(IKEv1) Road Warrior server to getting work with Android devices.
> 
> I followed the tutorial here Configuring L2TP Over IPSec on OpenBSD for Mac
> OS X
> Clients [1], deployed on fresh openBSD 5.8 and found out that iOS9.x ipad
> works like a
> charm.
> 
> But the android devices I had won't work by all means. I found out that
> Android 5.x
> L2TP/IPSec VPN client works in:
> hash algorithm: hmac-sha2-256
> encrypt method: aes_cbc
> life time: 28800
> 
> The ipsec.conf with:
> ``
> ike passive esp tunnel \
>  from "IP_ADDRESS" to any \
>  main auth "hmac-sha2-256" enc "aes" group "modp1024" lifetime 2880\
>  quick group "modp1024" \
>  psk "SECRET_KEY"
> '' didn't make a chage.(after `ipsecctl -f /etc/ipsec.conf`)
> 
> The /var/log/messages didn't report anything as the VPN connection failed
> on
> Android device.
> 
> When debugging at the foreground with `isakmpd -v -K -d`

In this case, you should do "ipsecctl -f /etc/ipsec.conf" again after
start the isakmpd.

> It still reported that:
> ``
> 002212.657833 Default isakmpd: starting [priv]
> 002219.561051 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got
> AES_CBC, expected 3DES_CBC
> 002219.561236 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got
> AES_CBC, expected 3DES_CBC
> 002219.561386 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got
> AES_CBC, expected 3DES_CBC
> 002219.561546 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got
> AES_CBC, expected 3DES_CBC
> 002219.561664 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got
> AES_CBC, expected 3DES_CBC
> 002219.561746 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got
> AES_CBC, expected 3DES_CBC
> 002219.561832 Default attribute_unacceptable: AUTHENTICATION_METHOD: got
> PRE_SHARED, expected RSA_SIG
> 002219.561916 Default attribute_unacceptable: AUTHENTICATION_METHOD: got
> PRE_SHARED, expected RSA_SIG
> 002219.562003 Default attribute_unacceptable: AUTHENTICATION_METHOD: got
> PRE_SHARED, expected RSA_SIG
> 002219.562085 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got
> DES_CBC, expected 3DES_CBC
> 002219.562189 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got
> DES_CBC, expected 3DES_CBC
> 002219.562308 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got
> DES_CBC, expected 3DES_CBC
> 002219.562385 Default message_negotiate_sa: no compatible proposal found
> 002219.562459 Default dropped message from 139.227.237.86 port 500 due to
> notification type NO_PROPOSAL_CHOSEN
> ^C002221.748476 Default isakmpd: shutting down...
> 002221.748562 Default isakmpd: exit
> 
> ""
> 
> I am trying to use aes and encryption algorithm but it seems that it keep
> using 3des, what can I do?

This seems that the "ike" line in ipsec.conf wasn't appied to the
received packets.

I think you should:

  - make sure to do "ipsectl" after iksampd starts
(ipsec=YES in rc.conf.local does this)
  - check the "ike" line (especially the IP address of "from")

> Please help. I have spent all my weekends on it, still no idea. Other idea
> on VPN
> type with setup (except OpenVPN which needs additional software implement)
> are
> welcome.
> Jiahao Dai

L2TP/IPSec via npppd won't work with Android 5.x

2016-02-21 Thread Jiahao Dai 
Hi, everyone:

I am a new openBSD user and I found it's extramly difficult to setup a
L2TP/IPSec(IKEv1) Road Warrior server to getting work with Android devices.

I followed the tutorial here Configuring L2TP Over IPSec on OpenBSD for Mac
OS X
Clients [1], deployed on fresh openBSD 5.8 and found out that iOS9.x ipad
works like a
charm.

But the android devices I had won't work by all means. I found out that
Android 5.x
L2TP/IPSec VPN client works in:
hash algorithm: hmac-sha2-256
encrypt method: aes_cbc
life time: 28800

The ipsec.conf with:
``
ike passive esp tunnel \
 from "IP_ADDRESS" to any \
 main auth "hmac-sha2-256" enc "aes" group "modp1024" lifetime 2880\
 quick group "modp1024" \
 psk "SECRET_KEY"
'' didn't make a chage.(after `ipsecctl -f /etc/ipsec.conf`)

The /var/log/messages didn't report anything as the VPN connection failed
on
Android device.

When debugging at the foreground with `isakmpd -v -K -d`
It still reported that:
``
002212.657833 Default isakmpd: starting [priv]
002219.561051 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got
AES_CBC, expected 3DES_CBC
002219.561236 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got
AES_CBC, expected 3DES_CBC
002219.561386 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got
AES_CBC, expected 3DES_CBC
002219.561546 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got
AES_CBC, expected 3DES_CBC
002219.561664 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got
AES_CBC, expected 3DES_CBC
002219.561746 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got
AES_CBC, expected 3DES_CBC
002219.561832 Default attribute_unacceptable: AUTHENTICATION_METHOD: got
PRE_SHARED, expected RSA_SIG
002219.561916 Default attribute_unacceptable: AUTHENTICATION_METHOD: got
PRE_SHARED, expected RSA_SIG
002219.562003 Default attribute_unacceptable: AUTHENTICATION_METHOD: got
PRE_SHARED, expected RSA_SIG
002219.562085 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got
DES_CBC, expected 3DES_CBC
002219.562189 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got
DES_CBC, expected 3DES_CBC
002219.562308 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got
DES_CBC, expected 3DES_CBC
002219.562385 Default message_negotiate_sa: no compatible proposal found
002219.562459 Default dropped message from 139.227.237.86 port 500 due to
notification type NO_PROPOSAL_CHOSEN
^C002221.748476 Default isakmpd: shutting down...
002221.748562 Default isakmpd: exit

""

I am trying to use aes and encryption algorithm but it seems that it keep
using 3des, what can I do?


Please help. I have spent all my weekends on it, still no idea. Other idea
on VPN
type with setup (except OpenVPN which needs additional software implement)
are
welcome.
Jiahao Dai

Re: Trouble applying patch 003 to OpenBSD 5.8-stable

2016-02-21 Thread Stefan Sperling 
On Sun, Feb 21, 2016 at 12:15:04PM -0800, Andrew Lester wrote:
> Hi all,
> 
> I'm setting up OpenBSD 5.8-stable and installing the patches for the known
> errata. I'm buying the CD set but installed with the install58.iso from a
> mirror. As such I don't think the bad src.tar.gz on the CD will affect me;
> I've used src.tar.gz from the mirror.

Try using cd-src.tar.gz from the mirrors, not src.tar.gz.
cd-src.tar.gz is the replacement file. See errata 006.

Trouble applying patch 003 to OpenBSD 5.8-stable

2016-02-21 Thread Andrew Lester 
Hi all,

I'm setting up OpenBSD 5.8-stable and installing the patches for the known
errata. I'm buying the CD set but installed with the install58.iso from a
mirror. As such I don't think the bad src.tar.gz on the CD will affect me;
I've used src.tar.gz from the mirror.

I'm having problems installing the patch for errata #003. This the uvm patch.
It appears that the file attempted to be patch is /usr/src/sys/uvm/uvm_km.c.
When attempting to patch, it stalls and asked me to provide the path to the
file to patch, because the previously mentioned file actually seems to not
exist.

Is this an optional patch or am I missing something? This is an amd64 platform
and I installed all the sets. Patch 001 and 002 had no problem.


Warm regards,
Andrew Lester

Re: OpenBSD softraid can do scrub, hotspare, hotswap? How do rebuild + those 3 really done? (Absence of docs and howtos - ultimate Q!)

2016-02-21 Thread Patrick Dohman 
Another feature to look for is spin down of the dedicated hot spare.

Go Vikings :)
Patrick

> On Feb 21, 2016, at 7:23 AM, Marcus MERIGHI  wrote:
>
> ti...@openmailbox.org (Tinker), 2016.02.20 (Sat) 21:05 (CET):
>> So glad to understand better what's in the box.
>>
>> Also please note that I'm not trying to suggest to implement lots of
>> crap, am perfectly clear that high security is correlated with low
>> complexity.
>>
>> On 2016-02-21 00:29, Marcus MERIGHI wrote:
>>> ti...@openmailbox.org (Tinker), 2016.02.20 (Sat) 16:43 (CET):
>> ..
>>> You appear to mean bioctl(8). Thats the only place I could find the word
>>> 'patrol'. bioctl(8) can control more than softraid(4) devices.
>>>
>>> bio(4):
>>>The following device drivers register with bio for volume
>>>   management:
>>>
>>>  ami(4) American Megatrends Inc. MegaRAID
>>> PATA/SATA/SCSI RAID controller
>>>  arc(4) Areca Technology Corporation SAS/SATA RAID
>>> controller
>>>  cac(4) Compaq Smart Array 2/3/4 SCSI RAID controller
>>>  ciss(4)Compaq Smart Array SAS/SATA/SCSI RAID
>>>   controller
>>>  ips(4) IBM SATA/SCSI ServeRAID controller
>>>  mfi(4) LSI Logic & Dell MegaRAID SAS RAID controller
>>>  mpi(4) LSI Logic Fusion-MPT Message Passing Interface
>>>  mpii(4)LSI Logic Fusion-MPT Message Passing Interface
>>>   II
>>>  softraid(4)Software RAID
>>>
>>> It is talking about controlling a HW raid controller, in that 'patrol'
>>> paragraph, isn't it?
>>
>> So by this you mean that patrolling is really implemented for
>> softraid??
>
> No, I said the opposite.
>
> I'm sure my english language capabilities are not perfect. But what you
> make of it is really surprising! (And even funny in the cabaret way.)
>
> I'll keep trying. But sooner or later we'll have to take this off list.
> Or to newbies. There you get help from the same people but without
> having your misinterpretations in the 'official' archives for other poor
> souls to find ;-)
>
> http://mailman.theapt.org/listinfo/openbsd-newbies
>
>> (Karel and Constantine don't agree??)
>>
>> So I just do.. "bioctl -t start sdX" wher sdX is the name of my softraid
>> device, and it'll do the "scrub" as in reading through all underlying
>
> bioctl(8) is clear, I think:
> -t patrol-function
>  Control the RAID card's patrol functionality, if
>  supported. patrol-function may be one of:
>
> Why do you think it will work for softraid(4) when it says it does for
> hardware-RAID?
>
> I have a theory: you have some experience with other Operating Systems
> and their built in help system that have led you to not fully read but
> just search/skim for keywords. Do yourself (and me) a favour and read
> them fully. Top to bottom. Take every word as put there thoughtfully,
> not in a hurry. You can find manpage content discussions all over the
> archives. manpages are taken seriously.
>
> Please repeat: bio(4)/bioctl(8) controls RAID devices. These can be in
> hardware or software. Some functions (-a, -b, -H, -t, -u) are only
> useable/usefull when controlling a hardware RAID. The manpage even gives
> direct clues on whether hardware- or software RAID is the topic. First
> synopsis, second synopsis. 'The options for RAID controllers are as
> follows:' (=hardware) 'In addition to the relevant options listed above,
> the options for softraid(4) devices are as follows:' (=software).
> Did you note the 'relevant' part? That word is there on purpose, I
> suppose. It is there to tell you that not all, but the relevant parts of
> the hardware RAID parameters also apply to software RAID (that comes
> below). I would consider '-v' relevant, '-a' ('Control the RAID card's
> alarm functionality, if supported') not.
>
> (Example: what '-a' does for hardware RAID can be done with sensorsd(8)
> for software RAID (=softraid(4)). Once a softraid volume is configured,
> you get 'hw.sensors.softraid0.drive0=online (sd1), OK'.
> Try 'sysctl hw.sensors.softraid0'.)
>
>> physical media to check its internal integrity so for RAID1C that will be
>> data readability and that checksums are correct, and "doas bioctl
> softraid0"
>> will show me the % status, and if I don't get any errors before it goes
> back
>> to normal it means the patrol was successful right?
>
> No idea, never had a hardware RAID controller.
>
>> (And as usual patrol is implemented to have the lowest priority, so it
>> should not interfere extreemely much with ordinary SSD softraid
operation.)
>
> I think the patrolling is done by the hardware RAID controller.
> bioctl(8) just commands it to do so.
>
 * Rebuild - I think I saw some console dump of the status of a rebuild
 process on the net, so MAYBE or NO..?
>>>
>>> That's what it looks like:
>>>
>>> $

Re: Industrial use of line printers, does/would your company/organization use them with our lpd?

2016-02-21 Thread Devin Reade 
--On Wednesday, February 17, 2016 11:49:30 AM -0600 Chris Bennett
 wrote:

> I do see that lpc, lpq, lprm are dinosaurs and have to be made extinct
> and replaced with something more functional with more information output
> and better capabilities.

Whatever changes may happen under the hood, I would like to see
at least the basic operations of lpr, lpq, and lprm remain available
under those names, using the existing syntax.  I'm no fan of CUPS, but I 
get by with it on linux because of the lpr compatibility shim.

Devin

turning off the touchscreen

2016-02-21 Thread frantisek holop 
i have installed openbsd -current on an older
generation of dell xps 17.  this model has a
touchscreen, but a faulty one. no amount of
calibration helps and needs to be disabled
also in windows and linux.

i am having difficulties disabling it in openbsd.

please find the dmesg, and Xorg.log attached.

$ doas wsconsctl | grep mouse
wsconsctl: Use explicit arg to view keyboard.map.
wsconsctl: Use explicit arg to view keyboard1.map.
wsconsctl: Use explicit arg to view keyboard2.map.
mouse.type=synaptics
mouse.rawmode=0
mouse.scale=1472,5398,1408,4728,0,42,70
mouse1.type=touch-panel
mouse1.rawmode=1
mouse1.scale=0,9600,0,7200,0,0,0
mouse2.type=touch-panel
mouse2.rawmode=1
mouse2.scale=0,9600,0,7200,0,0,0
mouse3.type=touch-panel
mouse3.rawmode=1
mouse3.scale=0,9600,0,7200,0,0,0

$ xinput
⎡ Virtual core pointerid=2[master pointer  (3)]
⎜   ↳ Virtual core XTEST pointerid=4[slave  pointer 
 (2)]
⎜   ↳ /dev/wsmouse  id=11   [slave  pointer 
 (2)]
⎜   ↳ /dev/wsmouse0 id=7[slave  pointer 
 (2)]
⎜   ↳ /dev/wsmouse3 id=10   [slave  pointer 
 (2)]
⎜   ↳ /dev/wsmouse2 id=9[slave  pointer 
 (2)]
⎜   ↳ /dev/wsmouse1 id=8[slave  pointer 
 (2)]
⎣ Virtual core keyboard   id=3[master keyboard (2)]
↳ Virtual core XTEST keyboard id=5[slave  
keyboard (3)]
↳ /dev/wskbd  id=6[slave  
keyboard (3)]

i have tried:

$ xinput --disable 8
$ xinput --disable 9
$ xinput --disable 10
$ xinput --disable 11

id=11 obviously disables the touchscreen but also the
touchpad and the external usb mouse...

i can use the touchpad with this:

$ xinput --disable 11
$ xinput --enable 7

but it would be nice to have the usb mouse.

-f
-- 
OpenBSD 5.9 (GENERIC.MP) #1880: Sat Feb 20 16:48:33 MST 2016
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8462589952 (8070MB)
avail mem = 8201916416 (7821MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xf9360 (70 entries)
bios0: vendor Dell Inc. version "A19" date 09/07/2012
bios0: Dell Inc. Dell System XPS L702X
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SLIC SSDT ASF! HPET APIC MCFG SSDT SSDT SSDT UEFI UEFI 
UEFI
acpi0: wakeup devices P0P1(S4) EHC1(S3) EHC2(S3) HDEF(S3) PXSX(S4) RP01(S3) 
PXSX(S4) RP02(S3) PXSX(S4) RP04(S1) PXSX(S4) RP05(S3) PXSX(S4) RP06(S4) 
PEG0(S4) PEGP(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz, 2494.70 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz, 2494.34 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz, 2494.34 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz, 2494.34 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (P0P1)
acpiprt2 at acpi0: bus

Re: how to Bridging with a wireless NIC

2016-02-21 Thread Stefan Sperling 
On Sun, Feb 21, 2016 at 11:50:05PM +0900, Tuyosi Takesima wrote:
> then debiandog  get address 192.168.100.104 (not 192.168.0.X)
> 
> this is very simple method.
> so , there is posiibility  of ethenet converter on OpenBSD
> 
> my bed room has no lan cable .
> and the video recorder has no wifi ,
> so i want ethenet converter

On Linux, can you run:

  iw wlan0 info | grep type

and show me the output?

And the full output of:

  iw phy0 info

as well.

Re: how to Bridging with a wireless NIC

2016-02-21 Thread Tuyosi Takesima 
Hi all .

my final goal is openbsd .

the prementary step is on Linux.
tool is only dynmasq and bridge


schima is next
-

wifi router
192.168.100.254
.
wifi
.
wlan0:192.168.100.103
raspberry pi (minibian  , a kind of debian )
eth0;192.168.0.1
|
|
eth0
Debiandog



1)no firewall

then
iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


2) /etc/network/interfaces is simple
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 192.168.0.1
netmask 255.255.255.0


3) /etc/dnsmasq.conf
interface=eth0
dhcp-range=192.168.0.21,192.168.0.22,72h
dhcp-option=option:router,192.168.0.1
domain-needed
bogus-priv
no-resolv
no-poll
server=8.8.8.8
no-hosts
expand-hosts


4)run shell script

ifconfig eth0 192.168.0.1# perhaps neddless
echo 1 > /proc/sys/net/ipv4/ip_forward
/etc/init.d/dnsmasq restart
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 wlan0
dhclient br0


then debiandog  get address 192.168.100.104 (not 192.168.0.X)

this is very simple method.
so , there is posiibility  of ethenet converter on OpenBSD

my bed room has no lan cable .
and the video recorder has no wifi ,
so i want ethenet converter


regards , tuyosi

Re: OpenBSD softraid can do scrub, hotspare, hotswap? How do rebuild + those 3 really done? (Absence of docs and howtos - ultimate Q!)

2016-02-21 Thread Marcus MERIGHI 
ti...@openmailbox.org (Tinker), 2016.02.20 (Sat) 21:05 (CET):
> So glad to understand better what's in the box.
>
> Also please note that I'm not trying to suggest to implement lots of
> crap, am perfectly clear that high security is correlated with low
> complexity.
>
> On 2016-02-21 00:29, Marcus MERIGHI wrote:
> >ti...@openmailbox.org (Tinker), 2016.02.20 (Sat) 16:43 (CET):
> ..
> >You appear to mean bioctl(8). Thats the only place I could find the word
> >'patrol'. bioctl(8) can control more than softraid(4) devices.
> >
> >bio(4):
> > The following device drivers register with bio for volume
> >management:
> >
> >   ami(4) American Megatrends Inc. MegaRAID
> >  PATA/SATA/SCSI RAID controller
> >   arc(4) Areca Technology Corporation SAS/SATA RAID
> >  controller
> >   cac(4) Compaq Smart Array 2/3/4 SCSI RAID controller
> >   ciss(4)Compaq Smart Array SAS/SATA/SCSI RAID
> >controller
> >   ips(4) IBM SATA/SCSI ServeRAID controller
> >   mfi(4) LSI Logic & Dell MegaRAID SAS RAID controller
> >   mpi(4) LSI Logic Fusion-MPT Message Passing Interface
> >   mpii(4)LSI Logic Fusion-MPT Message Passing Interface
> >II
> >   softraid(4)Software RAID
> >
> >It is talking about controlling a HW raid controller, in that 'patrol'
> >paragraph, isn't it?
>
> So by this you mean that patrolling is really implemented for
> softraid??

No, I said the opposite.

I'm sure my english language capabilities are not perfect. But what you
make of it is really surprising! (And even funny in the cabaret way.)

I'll keep trying. But sooner or later we'll have to take this off list.
Or to newbies. There you get help from the same people but without
having your misinterpretations in the 'official' archives for other poor
souls to find ;-)

http://mailman.theapt.org/listinfo/openbsd-newbies

> (Karel and Constantine don't agree??)
>
> So I just do.. "bioctl -t start sdX" wher sdX is the name of my softraid
> device, and it'll do the "scrub" as in reading through all underlying

bioctl(8) is clear, I think:
 -t patrol-function
  Control the RAID card's patrol functionality, if
  supported. patrol-function may be one of:

Why do you think it will work for softraid(4) when it says it does for
hardware-RAID?

I have a theory: you have some experience with other Operating Systems
and their built in help system that have led you to not fully read but
just search/skim for keywords. Do yourself (and me) a favour and read
them fully. Top to bottom. Take every word as put there thoughtfully,
not in a hurry. You can find manpage content discussions all over the
archives. manpages are taken seriously.

Please repeat: bio(4)/bioctl(8) controls RAID devices. These can be in
hardware or software. Some functions (-a, -b, -H, -t, -u) are only
useable/usefull when controlling a hardware RAID. The manpage even gives
direct clues on whether hardware- or software RAID is the topic. First
synopsis, second synopsis. 'The options for RAID controllers are as
follows:' (=hardware) 'In addition to the relevant options listed above,
the options for softraid(4) devices are as follows:' (=software).
Did you note the 'relevant' part? That word is there on purpose, I
suppose. It is there to tell you that not all, but the relevant parts of
the hardware RAID parameters also apply to software RAID (that comes
below). I would consider '-v' relevant, '-a' ('Control the RAID card's
alarm functionality, if supported') not.

(Example: what '-a' does for hardware RAID can be done with sensorsd(8)
for software RAID (=softraid(4)). Once a softraid volume is configured,
you get 'hw.sensors.softraid0.drive0=online (sd1), OK'.
Try 'sysctl hw.sensors.softraid0'.)

> physical media to check its internal integrity so for RAID1C that will be
> data readability and that checksums are correct, and "doas bioctl
softraid0"
> will show me the % status, and if I don't get any errors before it goes
back
> to normal it means the patrol was successful right?

No idea, never had a hardware RAID controller.

> (And as usual patrol is implemented to have the lowest priority, so it
> should not interfere extreemely much with ordinary SSD softraid operation.)

I think the patrolling is done by the hardware RAID controller.
bioctl(8) just commands it to do so.

> >> * Rebuild - I think I saw some console dump of the status of a rebuild
> >>process on the net, so MAYBE or NO..?
> >
> >That's what it looks like:
> >
> >$ doas bioctl softraid0
> >Volume  Status   Size Device
> >softraid0 0 Rebuild12002360033280 sd6 RAID5 35% done
> >  0 Rebuild 4000786726912 0:0.0   noencl 
> >  1 Online  4000786726912 0:1.0   noencl 
> >  2 Online

Re: Industrial use of line printers, does/would your company/organization use them with our lpd?

2016-02-21 Thread Mihai Popescu 
| Funnily enough I didn't see either of those until they were quoted here ;)

| I recommend slrn pointed at gmane's news server for reading misc with liberal
| use of the 'k' key, some of the features for making newsgroups readable are
| equally applicable to busy mailing lists.

Is it possible to filter messages using some unwanted email addresses?

Re: Reached some limit with sockets?

2016-02-21 Thread Federico Giannici 

On 02/21/16 01:05, li...@wrant.com wrote:

Sat, 20 Feb 2016 20:06:57 +0100 Federico Giannici 

In a server (OpenBSD amd64 5.7) with many concurrent perl programs that
have to open a lot of SSH connections, I get many errors like this:


Have you tried connection sharing with ssh(1) yet?  Does the Net:SSH
give you this?


  connect() on closed socket GEN136 at
/usr/local/libdata/perl5/site_perl/Net/SSH/Perl.pm line 216.

Maybe at some point no more sockets can be opened because of some limit
is reached?

I already tried to set these in sysctl.conf:

  kern.maxfiles=2
  kern.somaxconn=1024

And set this in login.conf:

  openfiles-cur=1024

But it didn't solved.

Any suggestion of what a can look at?


You could start simple and then advance to the complete programmatic
solution.  Possibly, but not necessarily limited to these:

ssh(1) connection sharing


Connections are to (a lot of) different devices, so cannot do connection 
sharing.



ksh(1) ulimit
login.conf(5)


I already increased "openfiles-cur".
Are there other limits that can give problems to socket opening 
("connect() on closed socket" or "Bad file descriptor")?
The program works, the problems arise when there are too many concurrent 
connections.


Thanks.




Maybe just then work on the eventual Perl related issues after you
confirm you can achieve the desired results with plain shell commands,
one liner (scripts) and direct ssh client connect using connection
sharing.




--
___
__
   |-  giann...@neomedia.it
   |ederico Giannici  http://www.neomedia.it

   Presidente del CDA - Neomedia S.r.l.
___

asking for help compiling dns stats collector (dsc)

2016-02-21 Thread Imre Oolberg 

Hi!

I am in the middle of implementing https://www.dns-oarc.net/tools/dsc/ 
while on OpenBSD is running nameserver process i.e. there needs to be 
also collector part of DSC and I am not succeeding compiling it. 
Platform is OpenBSD v 5.8 amd64 and source is dsc-201502251630.tar.gz. 
After unpacking i get


imre-obsd-58-rec:~/dsc/l/dsc-201502251630/collector# make
...
cc -g -Wall -DUSE_IPV6=1 -g -O2  -g -Wall -DUSE_IPV6=1 -g -O2-c 
base64.c
cc -g -Wall -DUSE_IPV6=1 -g -O2  -g -Wall -DUSE_IPV6=1 -g -O2-c 
generic_counter.c
cc -g -Wall -DUSE_IPV6=1 -g -O2  -g -Wall -DUSE_IPV6=1 -g -O2-c 
pcap.c
cc -g -Wall -DUSE_IPV6=1 -g -O2  -g -Wall -DUSE_IPV6=1 -g -O2-c 
ncap.c
cc -g -Wall -DUSE_IPV6=1 -g -O2  -g -Wall -DUSE_IPV6=1 -g -O2-c 
dns_protocol.c
dns_protocol.c:9:33: error: arpa/nameser_compat.h: No such file or 
directory

*** Error 1 in dsc (:87 'dns_protocol.o')
*** Error 1 in /root/dsc/l/dsc-201502251630/collector (Makefile:2 
'all')


So i found that probably i need libbind package and continuing in 
collector/dsc directory like this


imre-obsd-58-rec:~/dsc/l/dsc-201502251630/collector/dsc# ./configure 
CFLAGS="-I/usr/local/include/bind" LDFLAGS="-L/usr/local/lib/libbind"


i get further (it think almost to the end on compilation)

imre-obsd-58-rec:~/dsc/l/dsc-201502251630/collector/dsc# make
...
cc -g -Wall -DUSE_IPV6=1 -I/usr/local/include/bind   -g -Wall 
-DUSE_IPV6=1 -I/usr/local/include/bind -c config_hooks.c
cc -g -Wall -DUSE_IPV6=1 -I/usr/local/include/bind   -g -Wall 
-DUSE_IPV6=1 -I/usr/local/include/bind -c hashtbl.c
cc -g -Wall -DUSE_IPV6=1 -I/usr/local/include/bind   -g -Wall 
-DUSE_IPV6=1 -I/usr/local/include/bind -c lookup3.c
cc -g -Wall -DUSE_IPV6=1 -I/usr/local/include/bind   -g -Wall 
-DUSE_IPV6=1 -I/usr/local/include/bind -c xmalloc.c
cc -g -Wall -DUSE_IPV6=1 -I/usr/local/include/bind   -g -Wall 
-DUSE_IPV6=1 -I/usr/local/include/bind -c inX_addr.c
c++ -o dsc base64.o  generic_counter.o  pcap.o  ncap.o  dns_protocol.o  
dns_message.o  ip_message.o  daemon.o  md_array.o  null_index.o  
qtype_index.o  qclass_index.o  tld_index.o  country_index.o  
rcode_index.o  qnamelen_index.o  qname_index.o  msglen_index.o  
client_ipv4_addr_index.o  client_ipv4_net_index.o  
md_array_xml_printer.o  ip_direction_index.o  ip_proto_index.o  
ip_version_index.o  certain_qnames_index.o  query_classification_index.o 
idn_qname_index.o  edns_version_index.o  edns_bufsiz_index.o  
do_bit_index.o  rd_bit_index.o  tc_bit_index.o  qr_aa_bits_index.o  
opcode_index.o  transport_index.o  dns_ip_version_index.o  
dns_source_port_index.o  ParseConfig.o  config_hooks.o  hashtbl.o  
lookup3.o  xmalloc.o  inX_addr.o  -L/usr/local/lib/libbind-lpcap 
../TmfBase/Hapy/src/.libs/libHapy.a

dns_protocol.o: In function `grok_question':
/root/dsc/l/dsc-201502251630/collector/dsc/dns_protocol.c:93: warning: 
warning: strcpy() is almost always misused, please use strlcpy()

pcap.o: In function `handle_tcp':
/root/dsc/l/dsc-201502251630/collector/dsc/pcap.c:552: warning: 
warning: sprintf() is often misused, please use snprintf()

query_classification_index.o: In function `a_for_a':
/root/dsc/l/dsc-201502251630/collector/dsc/query_classification_index.c:71: 
undefined reference to `__inet_aton'

inX_addr.o: In function `inXaddr_ntop':
/root/dsc/l/dsc-201502251630/collector/dsc/inX_addr.c:28: undefined 
reference to `__inet_ntop'
/root/dsc/l/dsc-201502251630/collector/dsc/inX_addr.c:31: undefined 
reference to `__inet_ntop'

inX_addr.o: In function `inXaddr_pton':
/root/dsc/l/dsc-201502251630/collector/dsc/inX_addr.c:41: undefined 
reference to `__inet_pton'
/root/dsc/l/dsc-201502251630/collector/dsc/inX_addr.c:45: undefined 
reference to `__inet_pton'

collect2: ld returned 1 exit status
*** Error 1 in /root/dsc/l/dsc-201502251630/collector/dsc (Makefile:65 
'dsc')


For example text around query_classification_index.c:71 reads like this

static int
a_for_a(const dns_message * m)
{
struct in_addr a;
if (m->qtype != T_A)
return 0;
if (inet_aton(m->qname, ))
return CLASS_A_FOR_A;
return 0;
}

I would be very thankful if you could point to me how to solve it and 
progress from here to ./dsc binary.



Imre

PS I searched ports collection for similarities and actually found file

/usr/ports/pobj/dnstop-20140915/dnstop-20140915/inX_addr.c

which is very similar to

/root/dsc/l/dsc-201502251630/collector/dsc/inX_addr.c

and has some inet_* funtsions in it. dnstop from ports compiles and 
runs fine. So i think i must be missing something obvious here. Needless 
to say i cant compile and read source but still i try to be attentive to 
your answer! :)

Re: Building AMI for AWS EC2

2016-02-21 Thread Antoine Jacoutot 
On Sun, Feb 21, 2016 at 01:37:21AM -0500, Predrag Punosevac wrote:
> Hi Guys,
> 
> Any updates on this? I am toying with AWS in the case one of my lab's
> projects has to be moved to thier infrastructure. I just played creating
> network gateway/firewall using Colin Percival's FreeBSD. Works OK but
> having OpenBSD latest PF, relayd, httpd, and other goodies sure would be
> nice. I am on us-west-2a and I have not seeing any OpenBSD AMIs.

I share some on eu-west and us-east.
I can put one on us-west as well if you want. You can build your own you 
know... as was mentioned in this thread already.

-- 
Antoine