Re: L2TP/IPSec via npppd won't work with Android 5.x
Hi, On Mon, 22 Feb 2016 00:26:11 +0800 Jiahao Daiwrote: > I am a new openBSD user and I found it's extramly difficult to setup a > L2TP/IPSec(IKEv1) Road Warrior server to getting work with Android devices. > > I followed the tutorial here Configuring L2TP Over IPSec on OpenBSD for Mac > OS X > Clients [1], deployed on fresh openBSD 5.8 and found out that iOS9.x ipad > works like a > charm. > > But the android devices I had won't work by all means. I found out that > Android 5.x > L2TP/IPSec VPN client works in: > hash algorithm: hmac-sha2-256 > encrypt method: aes_cbc > life time: 28800 > > The ipsec.conf with: > `` > ike passive esp tunnel \ > from "IP_ADDRESS" to any \ > main auth "hmac-sha2-256" enc "aes" group "modp1024" lifetime 2880\ > quick group "modp1024" \ > psk "SECRET_KEY" > '' didn't make a chage.(after `ipsecctl -f /etc/ipsec.conf`) > > The /var/log/messages didn't report anything as the VPN connection failed > on > Android device. > > When debugging at the foreground with `isakmpd -v -K -d` In this case, you should do "ipsecctl -f /etc/ipsec.conf" again after start the isakmpd. > It still reported that: > `` > 002212.657833 Default isakmpd: starting [priv] > 002219.561051 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got > AES_CBC, expected 3DES_CBC > 002219.561236 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got > AES_CBC, expected 3DES_CBC > 002219.561386 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got > AES_CBC, expected 3DES_CBC > 002219.561546 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got > AES_CBC, expected 3DES_CBC > 002219.561664 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got > AES_CBC, expected 3DES_CBC > 002219.561746 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got > AES_CBC, expected 3DES_CBC > 002219.561832 Default attribute_unacceptable: AUTHENTICATION_METHOD: got > PRE_SHARED, expected RSA_SIG > 002219.561916 Default attribute_unacceptable: AUTHENTICATION_METHOD: got > PRE_SHARED, expected RSA_SIG > 002219.562003 Default attribute_unacceptable: AUTHENTICATION_METHOD: got > PRE_SHARED, expected RSA_SIG > 002219.562085 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got > DES_CBC, expected 3DES_CBC > 002219.562189 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got > DES_CBC, expected 3DES_CBC > 002219.562308 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got > DES_CBC, expected 3DES_CBC > 002219.562385 Default message_negotiate_sa: no compatible proposal found > 002219.562459 Default dropped message from 139.227.237.86 port 500 due to > notification type NO_PROPOSAL_CHOSEN > ^C002221.748476 Default isakmpd: shutting down... > 002221.748562 Default isakmpd: exit > > "" > > I am trying to use aes and encryption algorithm but it seems that it keep > using 3des, what can I do? This seems that the "ike" line in ipsec.conf wasn't appied to the received packets. I think you should: - make sure to do "ipsectl" after iksampd starts (ipsec=YES in rc.conf.local does this) - check the "ike" line (especially the IP address of "from") > Please help. I have spent all my weekends on it, still no idea. Other idea > on VPN > type with setup (except OpenVPN which needs additional software implement) > are > welcome. > Jiahao Dai
L2TP/IPSec via npppd won't work with Android 5.x
Hi, everyone: I am a new openBSD user and I found it's extramly difficult to setup a L2TP/IPSec(IKEv1) Road Warrior server to getting work with Android devices. I followed the tutorial here Configuring L2TP Over IPSec on OpenBSD for Mac OS X Clients [1], deployed on fresh openBSD 5.8 and found out that iOS9.x ipad works like a charm. But the android devices I had won't work by all means. I found out that Android 5.x L2TP/IPSec VPN client works in: hash algorithm: hmac-sha2-256 encrypt method: aes_cbc life time: 28800 The ipsec.conf with: `` ike passive esp tunnel \ from "IP_ADDRESS" to any \ main auth "hmac-sha2-256" enc "aes" group "modp1024" lifetime 2880\ quick group "modp1024" \ psk "SECRET_KEY" '' didn't make a chage.(after `ipsecctl -f /etc/ipsec.conf`) The /var/log/messages didn't report anything as the VPN connection failed on Android device. When debugging at the foreground with `isakmpd -v -K -d` It still reported that: `` 002212.657833 Default isakmpd: starting [priv] 002219.561051 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC 002219.561236 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC 002219.561386 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC 002219.561546 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC 002219.561664 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC 002219.561746 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got AES_CBC, expected 3DES_CBC 002219.561832 Default attribute_unacceptable: AUTHENTICATION_METHOD: got PRE_SHARED, expected RSA_SIG 002219.561916 Default attribute_unacceptable: AUTHENTICATION_METHOD: got PRE_SHARED, expected RSA_SIG 002219.562003 Default attribute_unacceptable: AUTHENTICATION_METHOD: got PRE_SHARED, expected RSA_SIG 002219.562085 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got DES_CBC, expected 3DES_CBC 002219.562189 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got DES_CBC, expected 3DES_CBC 002219.562308 Default attribute_unacceptable: ENCRYPTION_ALGORITHM: got DES_CBC, expected 3DES_CBC 002219.562385 Default message_negotiate_sa: no compatible proposal found 002219.562459 Default dropped message from 139.227.237.86 port 500 due to notification type NO_PROPOSAL_CHOSEN ^C002221.748476 Default isakmpd: shutting down... 002221.748562 Default isakmpd: exit "" I am trying to use aes and encryption algorithm but it seems that it keep using 3des, what can I do? Please help. I have spent all my weekends on it, still no idea. Other idea on VPN type with setup (except OpenVPN which needs additional software implement) are welcome. Jiahao Dai
Re: Trouble applying patch 003 to OpenBSD 5.8-stable
On Sun, Feb 21, 2016 at 12:15:04PM -0800, Andrew Lester wrote: > Hi all, > > I'm setting up OpenBSD 5.8-stable and installing the patches for the known > errata. I'm buying the CD set but installed with the install58.iso from a > mirror. As such I don't think the bad src.tar.gz on the CD will affect me; > I've used src.tar.gz from the mirror. Try using cd-src.tar.gz from the mirrors, not src.tar.gz. cd-src.tar.gz is the replacement file. See errata 006.
Trouble applying patch 003 to OpenBSD 5.8-stable
Hi all, I'm setting up OpenBSD 5.8-stable and installing the patches for the known errata. I'm buying the CD set but installed with the install58.iso from a mirror. As such I don't think the bad src.tar.gz on the CD will affect me; I've used src.tar.gz from the mirror. I'm having problems installing the patch for errata #003. This the uvm patch. It appears that the file attempted to be patch is /usr/src/sys/uvm/uvm_km.c. When attempting to patch, it stalls and asked me to provide the path to the file to patch, because the previously mentioned file actually seems to not exist. Is this an optional patch or am I missing something? This is an amd64 platform and I installed all the sets. Patch 001 and 002 had no problem. Warm regards, Andrew Lester
Re: OpenBSD softraid can do scrub, hotspare, hotswap? How do rebuild + those 3 really done? (Absence of docs and howtos - ultimate Q!)
Another feature to look for is spin down of the dedicated hot spare. Go Vikings :) Patrick > On Feb 21, 2016, at 7:23 AM, Marcus MERIGHIwrote: > > ti...@openmailbox.org (Tinker), 2016.02.20 (Sat) 21:05 (CET): >> So glad to understand better what's in the box. >> >> Also please note that I'm not trying to suggest to implement lots of >> crap, am perfectly clear that high security is correlated with low >> complexity. >> >> On 2016-02-21 00:29, Marcus MERIGHI wrote: >>> ti...@openmailbox.org (Tinker), 2016.02.20 (Sat) 16:43 (CET): >> .. >>> You appear to mean bioctl(8). Thats the only place I could find the word >>> 'patrol'. bioctl(8) can control more than softraid(4) devices. >>> >>> bio(4): >>>The following device drivers register with bio for volume >>> management: >>> >>> ami(4) American Megatrends Inc. MegaRAID >>> PATA/SATA/SCSI RAID controller >>> arc(4) Areca Technology Corporation SAS/SATA RAID >>> controller >>> cac(4) Compaq Smart Array 2/3/4 SCSI RAID controller >>> ciss(4)Compaq Smart Array SAS/SATA/SCSI RAID >>> controller >>> ips(4) IBM SATA/SCSI ServeRAID controller >>> mfi(4) LSI Logic & Dell MegaRAID SAS RAID controller >>> mpi(4) LSI Logic Fusion-MPT Message Passing Interface >>> mpii(4)LSI Logic Fusion-MPT Message Passing Interface >>> II >>> softraid(4)Software RAID >>> >>> It is talking about controlling a HW raid controller, in that 'patrol' >>> paragraph, isn't it? >> >> So by this you mean that patrolling is really implemented for >> softraid?? > > No, I said the opposite. > > I'm sure my english language capabilities are not perfect. But what you > make of it is really surprising! (And even funny in the cabaret way.) > > I'll keep trying. But sooner or later we'll have to take this off list. > Or to newbies. There you get help from the same people but without > having your misinterpretations in the 'official' archives for other poor > souls to find ;-) > > http://mailman.theapt.org/listinfo/openbsd-newbies > >> (Karel and Constantine don't agree??) >> >> So I just do.. "bioctl -t start sdX" wher sdX is the name of my softraid >> device, and it'll do the "scrub" as in reading through all underlying > > bioctl(8) is clear, I think: > -t patrol-function > Control the RAID card's patrol functionality, if > supported. patrol-function may be one of: > > Why do you think it will work for softraid(4) when it says it does for > hardware-RAID? > > I have a theory: you have some experience with other Operating Systems > and their built in help system that have led you to not fully read but > just search/skim for keywords. Do yourself (and me) a favour and read > them fully. Top to bottom. Take every word as put there thoughtfully, > not in a hurry. You can find manpage content discussions all over the > archives. manpages are taken seriously. > > Please repeat: bio(4)/bioctl(8) controls RAID devices. These can be in > hardware or software. Some functions (-a, -b, -H, -t, -u) are only > useable/usefull when controlling a hardware RAID. The manpage even gives > direct clues on whether hardware- or software RAID is the topic. First > synopsis, second synopsis. 'The options for RAID controllers are as > follows:' (=hardware) 'In addition to the relevant options listed above, > the options for softraid(4) devices are as follows:' (=software). > Did you note the 'relevant' part? That word is there on purpose, I > suppose. It is there to tell you that not all, but the relevant parts of > the hardware RAID parameters also apply to software RAID (that comes > below). I would consider '-v' relevant, '-a' ('Control the RAID card's > alarm functionality, if supported') not. > > (Example: what '-a' does for hardware RAID can be done with sensorsd(8) > for software RAID (=softraid(4)). Once a softraid volume is configured, > you get 'hw.sensors.softraid0.drive0=online (sd1), OK'. > Try 'sysctl hw.sensors.softraid0'.) > >> physical media to check its internal integrity so for RAID1C that will be >> data readability and that checksums are correct, and "doas bioctl > softraid0" >> will show me the % status, and if I don't get any errors before it goes > back >> to normal it means the patrol was successful right? > > No idea, never had a hardware RAID controller. > >> (And as usual patrol is implemented to have the lowest priority, so it >> should not interfere extreemely much with ordinary SSD softraid operation.) > > I think the patrolling is done by the hardware RAID controller. > bioctl(8) just commands it to do so. > * Rebuild - I think I saw some console dump of the status of a rebuild process on the net, so MAYBE or NO..? >>> >>> That's what it looks like: >>> >>> $
Re: Industrial use of line printers, does/would your company/organization use them with our lpd?
--On Wednesday, February 17, 2016 11:49:30 AM -0600 Chris Bennettwrote: > I do see that lpc, lpq, lprm are dinosaurs and have to be made extinct > and replaced with something more functional with more information output > and better capabilities. Whatever changes may happen under the hood, I would like to see at least the basic operations of lpr, lpq, and lprm remain available under those names, using the existing syntax. I'm no fan of CUPS, but I get by with it on linux because of the lpr compatibility shim. Devin
turning off the touchscreen
i have installed openbsd -current on an older generation of dell xps 17. this model has a touchscreen, but a faulty one. no amount of calibration helps and needs to be disabled also in windows and linux. i am having difficulties disabling it in openbsd. please find the dmesg, and Xorg.log attached. $ doas wsconsctl | grep mouse wsconsctl: Use explicit arg to view keyboard.map. wsconsctl: Use explicit arg to view keyboard1.map. wsconsctl: Use explicit arg to view keyboard2.map. mouse.type=synaptics mouse.rawmode=0 mouse.scale=1472,5398,1408,4728,0,42,70 mouse1.type=touch-panel mouse1.rawmode=1 mouse1.scale=0,9600,0,7200,0,0,0 mouse2.type=touch-panel mouse2.rawmode=1 mouse2.scale=0,9600,0,7200,0,0,0 mouse3.type=touch-panel mouse3.rawmode=1 mouse3.scale=0,9600,0,7200,0,0,0 $ xinput â¡ Virtual core pointerid=2[master pointer (3)] â â³ Virtual core XTEST pointerid=4[slave pointer (2)] â â³ /dev/wsmouse id=11 [slave pointer (2)] â â³ /dev/wsmouse0 id=7[slave pointer (2)] â â³ /dev/wsmouse3 id=10 [slave pointer (2)] â â³ /dev/wsmouse2 id=9[slave pointer (2)] â â³ /dev/wsmouse1 id=8[slave pointer (2)] ⣠Virtual core keyboard id=3[master keyboard (2)] â³ Virtual core XTEST keyboard id=5[slave keyboard (3)] â³ /dev/wskbd id=6[slave keyboard (3)] i have tried: $ xinput --disable 8 $ xinput --disable 9 $ xinput --disable 10 $ xinput --disable 11 id=11 obviously disables the touchscreen but also the touchpad and the external usb mouse... i can use the touchpad with this: $ xinput --disable 11 $ xinput --enable 7 but it would be nice to have the usb mouse. -f -- OpenBSD 5.9 (GENERIC.MP) #1880: Sat Feb 20 16:48:33 MST 2016 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8462589952 (8070MB) avail mem = 8201916416 (7821MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xf9360 (70 entries) bios0: vendor Dell Inc. version "A19" date 09/07/2012 bios0: Dell Inc. Dell System XPS L702X acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SLIC SSDT ASF! HPET APIC MCFG SSDT SSDT SSDT UEFI UEFI UEFI acpi0: wakeup devices P0P1(S4) EHC1(S3) EHC2(S3) HDEF(S3) PXSX(S4) RP01(S3) PXSX(S4) RP02(S3) PXSX(S4) RP04(S1) PXSX(S4) RP05(S3) PXSX(S4) RP06(S4) PEG0(S4) PEGP(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz, 2494.70 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz, 2494.34 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz, 2494.34 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 1, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz, 2494.34 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (P0P1) acpiprt2 at acpi0: bus
Re: how to Bridging with a wireless NIC
On Sun, Feb 21, 2016 at 11:50:05PM +0900, Tuyosi Takesima wrote: > then debiandog get address 192.168.100.104 (not 192.168.0.X) > > this is very simple method. > so , there is posiibility of ethenet converter on OpenBSD > > my bed room has no lan cable . > and the video recorder has no wifi , > so i want ethenet converter On Linux, can you run: iw wlan0 info | grep type and show me the output? And the full output of: iw phy0 info as well.
Re: how to Bridging with a wireless NIC
Hi all . my final goal is openbsd . the prementary step is on Linux. tool is only dynmasq and bridge schima is next - wifi router 192.168.100.254 . wifi . wlan0:192.168.100.103 raspberry pi (minibian , a kind of debian ) eth0;192.168.0.1 | | eth0 Debiandog 1)no firewall then iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination 2) /etc/network/interfaces is simple auto lo iface lo inet loopback auto eth0 iface eth0 inet static address 192.168.0.1 netmask 255.255.255.0 3) /etc/dnsmasq.conf interface=eth0 dhcp-range=192.168.0.21,192.168.0.22,72h dhcp-option=option:router,192.168.0.1 domain-needed bogus-priv no-resolv no-poll server=8.8.8.8 no-hosts expand-hosts 4)run shell script ifconfig eth0 192.168.0.1# perhaps neddless echo 1 > /proc/sys/net/ipv4/ip_forward /etc/init.d/dnsmasq restart brctl addbr br0 brctl addif br0 eth0 brctl addif br0 wlan0 dhclient br0 then debiandog get address 192.168.100.104 (not 192.168.0.X) this is very simple method. so , there is posiibility of ethenet converter on OpenBSD my bed room has no lan cable . and the video recorder has no wifi , so i want ethenet converter regards , tuyosi
Re: OpenBSD softraid can do scrub, hotspare, hotswap? How do rebuild + those 3 really done? (Absence of docs and howtos - ultimate Q!)
ti...@openmailbox.org (Tinker), 2016.02.20 (Sat) 21:05 (CET): > So glad to understand better what's in the box. > > Also please note that I'm not trying to suggest to implement lots of > crap, am perfectly clear that high security is correlated with low > complexity. > > On 2016-02-21 00:29, Marcus MERIGHI wrote: > >ti...@openmailbox.org (Tinker), 2016.02.20 (Sat) 16:43 (CET): > .. > >You appear to mean bioctl(8). Thats the only place I could find the word > >'patrol'. bioctl(8) can control more than softraid(4) devices. > > > >bio(4): > > The following device drivers register with bio for volume > >management: > > > > ami(4) American Megatrends Inc. MegaRAID > > PATA/SATA/SCSI RAID controller > > arc(4) Areca Technology Corporation SAS/SATA RAID > > controller > > cac(4) Compaq Smart Array 2/3/4 SCSI RAID controller > > ciss(4)Compaq Smart Array SAS/SATA/SCSI RAID > >controller > > ips(4) IBM SATA/SCSI ServeRAID controller > > mfi(4) LSI Logic & Dell MegaRAID SAS RAID controller > > mpi(4) LSI Logic Fusion-MPT Message Passing Interface > > mpii(4)LSI Logic Fusion-MPT Message Passing Interface > >II > > softraid(4)Software RAID > > > >It is talking about controlling a HW raid controller, in that 'patrol' > >paragraph, isn't it? > > So by this you mean that patrolling is really implemented for > softraid?? No, I said the opposite. I'm sure my english language capabilities are not perfect. But what you make of it is really surprising! (And even funny in the cabaret way.) I'll keep trying. But sooner or later we'll have to take this off list. Or to newbies. There you get help from the same people but without having your misinterpretations in the 'official' archives for other poor souls to find ;-) http://mailman.theapt.org/listinfo/openbsd-newbies > (Karel and Constantine don't agree??) > > So I just do.. "bioctl -t start sdX" wher sdX is the name of my softraid > device, and it'll do the "scrub" as in reading through all underlying bioctl(8) is clear, I think: -t patrol-function Control the RAID card's patrol functionality, if supported. patrol-function may be one of: Why do you think it will work for softraid(4) when it says it does for hardware-RAID? I have a theory: you have some experience with other Operating Systems and their built in help system that have led you to not fully read but just search/skim for keywords. Do yourself (and me) a favour and read them fully. Top to bottom. Take every word as put there thoughtfully, not in a hurry. You can find manpage content discussions all over the archives. manpages are taken seriously. Please repeat: bio(4)/bioctl(8) controls RAID devices. These can be in hardware or software. Some functions (-a, -b, -H, -t, -u) are only useable/usefull when controlling a hardware RAID. The manpage even gives direct clues on whether hardware- or software RAID is the topic. First synopsis, second synopsis. 'The options for RAID controllers are as follows:' (=hardware) 'In addition to the relevant options listed above, the options for softraid(4) devices are as follows:' (=software). Did you note the 'relevant' part? That word is there on purpose, I suppose. It is there to tell you that not all, but the relevant parts of the hardware RAID parameters also apply to software RAID (that comes below). I would consider '-v' relevant, '-a' ('Control the RAID card's alarm functionality, if supported') not. (Example: what '-a' does for hardware RAID can be done with sensorsd(8) for software RAID (=softraid(4)). Once a softraid volume is configured, you get 'hw.sensors.softraid0.drive0=online (sd1), OK'. Try 'sysctl hw.sensors.softraid0'.) > physical media to check its internal integrity so for RAID1C that will be > data readability and that checksums are correct, and "doas bioctl softraid0" > will show me the % status, and if I don't get any errors before it goes back > to normal it means the patrol was successful right? No idea, never had a hardware RAID controller. > (And as usual patrol is implemented to have the lowest priority, so it > should not interfere extreemely much with ordinary SSD softraid operation.) I think the patrolling is done by the hardware RAID controller. bioctl(8) just commands it to do so. > >> * Rebuild - I think I saw some console dump of the status of a rebuild > >>process on the net, so MAYBE or NO..? > > > >That's what it looks like: > > > >$ doas bioctl softraid0 > >Volume Status Size Device > >softraid0 0 Rebuild12002360033280 sd6 RAID5 35% done > > 0 Rebuild 4000786726912 0:0.0 noencl > > 1 Online 4000786726912 0:1.0 noencl > > 2 Online
Re: Industrial use of line printers, does/would your company/organization use them with our lpd?
| Funnily enough I didn't see either of those until they were quoted here ;) | I recommend slrn pointed at gmane's news server for reading misc with liberal | use of the 'k' key, some of the features for making newsgroups readable are | equally applicable to busy mailing lists. Is it possible to filter messages using some unwanted email addresses?
Re: Reached some limit with sockets?
On 02/21/16 01:05, li...@wrant.com wrote: Sat, 20 Feb 2016 20:06:57 +0100 Federico GianniciIn a server (OpenBSD amd64 5.7) with many concurrent perl programs that have to open a lot of SSH connections, I get many errors like this: Have you tried connection sharing with ssh(1) yet? Does the Net:SSH give you this? connect() on closed socket GEN136 at /usr/local/libdata/perl5/site_perl/Net/SSH/Perl.pm line 216. Maybe at some point no more sockets can be opened because of some limit is reached? I already tried to set these in sysctl.conf: kern.maxfiles=2 kern.somaxconn=1024 And set this in login.conf: openfiles-cur=1024 But it didn't solved. Any suggestion of what a can look at? You could start simple and then advance to the complete programmatic solution. Possibly, but not necessarily limited to these: ssh(1) connection sharing Connections are to (a lot of) different devices, so cannot do connection sharing. ksh(1) ulimit login.conf(5) I already increased "openfiles-cur". Are there other limits that can give problems to socket opening ("connect() on closed socket" or "Bad file descriptor")? The program works, the problems arise when there are too many concurrent connections. Thanks. Maybe just then work on the eventual Perl related issues after you confirm you can achieve the desired results with plain shell commands, one liner (scripts) and direct ssh client connect using connection sharing. -- ___ __ |- giann...@neomedia.it |ederico Giannici http://www.neomedia.it Presidente del CDA - Neomedia S.r.l. ___
asking for help compiling dns stats collector (dsc)
Hi! I am in the middle of implementing https://www.dns-oarc.net/tools/dsc/ while on OpenBSD is running nameserver process i.e. there needs to be also collector part of DSC and I am not succeeding compiling it. Platform is OpenBSD v 5.8 amd64 and source is dsc-201502251630.tar.gz. After unpacking i get imre-obsd-58-rec:~/dsc/l/dsc-201502251630/collector# make ... cc -g -Wall -DUSE_IPV6=1 -g -O2 -g -Wall -DUSE_IPV6=1 -g -O2-c base64.c cc -g -Wall -DUSE_IPV6=1 -g -O2 -g -Wall -DUSE_IPV6=1 -g -O2-c generic_counter.c cc -g -Wall -DUSE_IPV6=1 -g -O2 -g -Wall -DUSE_IPV6=1 -g -O2-c pcap.c cc -g -Wall -DUSE_IPV6=1 -g -O2 -g -Wall -DUSE_IPV6=1 -g -O2-c ncap.c cc -g -Wall -DUSE_IPV6=1 -g -O2 -g -Wall -DUSE_IPV6=1 -g -O2-c dns_protocol.c dns_protocol.c:9:33: error: arpa/nameser_compat.h: No such file or directory *** Error 1 in dsc (:87 'dns_protocol.o') *** Error 1 in /root/dsc/l/dsc-201502251630/collector (Makefile:2 'all') So i found that probably i need libbind package and continuing in collector/dsc directory like this imre-obsd-58-rec:~/dsc/l/dsc-201502251630/collector/dsc# ./configure CFLAGS="-I/usr/local/include/bind" LDFLAGS="-L/usr/local/lib/libbind" i get further (it think almost to the end on compilation) imre-obsd-58-rec:~/dsc/l/dsc-201502251630/collector/dsc# make ... cc -g -Wall -DUSE_IPV6=1 -I/usr/local/include/bind -g -Wall -DUSE_IPV6=1 -I/usr/local/include/bind -c config_hooks.c cc -g -Wall -DUSE_IPV6=1 -I/usr/local/include/bind -g -Wall -DUSE_IPV6=1 -I/usr/local/include/bind -c hashtbl.c cc -g -Wall -DUSE_IPV6=1 -I/usr/local/include/bind -g -Wall -DUSE_IPV6=1 -I/usr/local/include/bind -c lookup3.c cc -g -Wall -DUSE_IPV6=1 -I/usr/local/include/bind -g -Wall -DUSE_IPV6=1 -I/usr/local/include/bind -c xmalloc.c cc -g -Wall -DUSE_IPV6=1 -I/usr/local/include/bind -g -Wall -DUSE_IPV6=1 -I/usr/local/include/bind -c inX_addr.c c++ -o dsc base64.o generic_counter.o pcap.o ncap.o dns_protocol.o dns_message.o ip_message.o daemon.o md_array.o null_index.o qtype_index.o qclass_index.o tld_index.o country_index.o rcode_index.o qnamelen_index.o qname_index.o msglen_index.o client_ipv4_addr_index.o client_ipv4_net_index.o md_array_xml_printer.o ip_direction_index.o ip_proto_index.o ip_version_index.o certain_qnames_index.o query_classification_index.o idn_qname_index.o edns_version_index.o edns_bufsiz_index.o do_bit_index.o rd_bit_index.o tc_bit_index.o qr_aa_bits_index.o opcode_index.o transport_index.o dns_ip_version_index.o dns_source_port_index.o ParseConfig.o config_hooks.o hashtbl.o lookup3.o xmalloc.o inX_addr.o -L/usr/local/lib/libbind-lpcap ../TmfBase/Hapy/src/.libs/libHapy.a dns_protocol.o: In function `grok_question': /root/dsc/l/dsc-201502251630/collector/dsc/dns_protocol.c:93: warning: warning: strcpy() is almost always misused, please use strlcpy() pcap.o: In function `handle_tcp': /root/dsc/l/dsc-201502251630/collector/dsc/pcap.c:552: warning: warning: sprintf() is often misused, please use snprintf() query_classification_index.o: In function `a_for_a': /root/dsc/l/dsc-201502251630/collector/dsc/query_classification_index.c:71: undefined reference to `__inet_aton' inX_addr.o: In function `inXaddr_ntop': /root/dsc/l/dsc-201502251630/collector/dsc/inX_addr.c:28: undefined reference to `__inet_ntop' /root/dsc/l/dsc-201502251630/collector/dsc/inX_addr.c:31: undefined reference to `__inet_ntop' inX_addr.o: In function `inXaddr_pton': /root/dsc/l/dsc-201502251630/collector/dsc/inX_addr.c:41: undefined reference to `__inet_pton' /root/dsc/l/dsc-201502251630/collector/dsc/inX_addr.c:45: undefined reference to `__inet_pton' collect2: ld returned 1 exit status *** Error 1 in /root/dsc/l/dsc-201502251630/collector/dsc (Makefile:65 'dsc') For example text around query_classification_index.c:71 reads like this static int a_for_a(const dns_message * m) { struct in_addr a; if (m->qtype != T_A) return 0; if (inet_aton(m->qname, )) return CLASS_A_FOR_A; return 0; } I would be very thankful if you could point to me how to solve it and progress from here to ./dsc binary. Imre PS I searched ports collection for similarities and actually found file /usr/ports/pobj/dnstop-20140915/dnstop-20140915/inX_addr.c which is very similar to /root/dsc/l/dsc-201502251630/collector/dsc/inX_addr.c and has some inet_* funtsions in it. dnstop from ports compiles and runs fine. So i think i must be missing something obvious here. Needless to say i cant compile and read source but still i try to be attentive to your answer! :)
Re: Building AMI for AWS EC2
On Sun, Feb 21, 2016 at 01:37:21AM -0500, Predrag Punosevac wrote: > Hi Guys, > > Any updates on this? I am toying with AWS in the case one of my lab's > projects has to be moved to thier infrastructure. I just played creating > network gateway/firewall using Colin Percival's FreeBSD. Works OK but > having OpenBSD latest PF, relayd, httpd, and other goodies sure would be > nice. I am on us-west-2a and I have not seeing any OpenBSD AMIs. I share some on eu-west and us-east. I can put one on us-west as well if you want. You can build your own you know... as was mentioned in this thread already. -- Antoine