OpenSMTPD on OpenBSD 5.9

[Rod Whitworth]

I'm trying to replace Postfix with OpenSMTPD and I'm having a battle.

I don't seem to be able to get the clues to match the hardware and the
configure recipes that I need.

The most up to date I can find breaks at the second stanza and I can
guess that the instructions for configuring for PF are for OpenBSD 5.6
means that I should find a up to date have clue set.

Does anyone have pointer to a rescue?

Rod/
(who doesn't want to revert to Postfix..)

*** NOTE *** Please DO NOT CC me. I  subscribed to the list.
Mail to the sender address that does not originate at the list server is 
tarpitted. The reply-to: address is provided for those who feel compelled to 
reply off list. Thankyou.

Rod/
---
This life is not the real thing.
It is not even in Beta.
If it was, then OpenBSD would already have a man page for it.

Fw: new (again) support entries for BackWatcher, Inc.

[Kyle Amon]

Hi,

I sent in the following request to be re-added to the "OpenBSD Support and
Consulting" page a little over a week ago.  What's the ETA on this sort of
thing these days?  Also, please apply s/Dragonfly/DragonFly/g to it. :)

Thanks,

--Kyle

Begin forwarded message:

Date: Thu, 31 Mar 2016 01:41:44 -0700
From: Kyle Amon 
To: misc@openbsd.org
Subject: new (again) support entries for BackWatcher, Inc.


Hello,

After many years "in the wilderness," I'm hanging "the shingle" back up, as
it were.  Therefore, please re-add my "OpenBSD Support and Consulting"
listing
to both the USA and Canada sections as follows...

USA...

0
C USA
P Florida
T Bradenton
Z 34203-7305
O BackWatcher, Inc.
I Kyle Amon
A 3819 Garden Lakes Terrace
M i...@backwatcher.com
U http://www.backwatcher.com/
B +1-425-584-UNIX
N While specialising in security, BackWatcher handles installation and
configuration, systems integration, performance tuning, disaster recovery,
network architecture, programming and general systems administration of
OpenBSD, NetBSD, FreeBSD, Dragonfly BSD, Linux and many commercial UNIX
flavors.

Canada...

0
C Canada
P British Columbia
T Campbell River
Z V9W 5T5
O BackWatcher, Inc.
I Kyle Amon
A 413-1434 Ironwood Street
M i...@backwatcher.ca
U http://www.backwatcher.ca/
B +1-778-819-UNIX
N While specialising in security, BackWatcher handles installation and
configuration, systems integration, performance tuning, disaster recovery,
network architecture, programming and general systems administration of
OpenBSD, NetBSD, FreeBSD, Dragonfly BSD, Linux and many commercial UNIX
flavors.

Thanks and Best Regards,

Kyle

--

  CA +1-778-819-UNIX  BackWatcher, Inc.
  US +1-425-584-UNIX  Information Security
SIPS am...@backwatcher.comwww.backwatcher.ca

 INUM +883-5100-0990-1657  |  ISN UNIX*1917  |  C*NET 1-731-UNIX

GPG ed25519/F57091DBD60FBBB8 [ed25519/D60FBBB8]
985C 5B61 4ACE C89A 0DEE  ECCD F570 91DB D60F BBB8

OTR E1A46361 9FD0D801 0132D21A FE2E96BE 39E3F069 : xmpp am...@backwatcher.com
5AB3E0B8 31F6ADB4 9A7D2FC2 A8235281 5776701E : silc silcnet

[demime 1.01d removed an attachment of type application/pgp-signature]

Re: Recording computer sound.

[Steve Litt]

Whoops.

I didn't look at the mailing list name, and thought I was reading at a
Linux mailing list. Perhaps that's why the OpenBSD form of the command
didn't work on Void Linux :-)

SteveT

Steve Litt 
April 2016 featured book: Rapid Learning for the 21st Century
http://www.troubleshooters.com/rl21


On Fri, 8 Apr 2016 21:02:49 -0400
Steve Litt  wrote:

> Yes. Inquiring minds want to know. When I perform the following
> command:
> 
> aucat -v 127 -f rsnd/0  -h wav -o junk.wav
> 
> junk.wav is a WAV file with no sound. Changing the device to default
> changes nothing, nor does leaving out the -f parameter entirely, and
> if I change it to rsnd/1, snd/0, snd/1, midi/0, rmidi/0, aucat aborts
> saying "couldn't open audio device".
> 
> If anyone knows the secret sauce, please let me know. I was playing a
> Youtube song, easily listenable on my speakers, while I did the aucat
> commands.
> 
> Thanks,
> 
> SteveT
> 
> Steve Litt 
> April 2016 featured book: Rapid Learning for the 21st Century
> http://www.troubleshooters.com/rl21
> 
> 
> 
> On Fri, 8 Apr 2016 20:01:16 -0300
> "Henrique N. Lengler"  wrote:
> 
> > But what device should I specify?
> > 
> > Please give full answers.
> > 
> > On Sat, Apr 09, 2016 at 12:46:53AM +0200, ropers wrote:  
> > > You mean with aucat(1)?
> > > 
> > > On 9 April 2016 at 00:09, Henrique N. Lengler
> > >  wrote:
> > > 
> > > > Hi,
> > > >
> > > > Is there a way to record the sound playing on my speakers?
> > > > Like duplicating it and saving on my computer everything that
> > > > goes out to the
> > > > speaker.
> > > >
> > > > I would like to to this to record some screencast.
> > > >
> > > > Any way of doing this?
> > > >
> > > > Thanks;
> > > >
> > > > --
> > > > Regards
> > > >
> > > > Henrique N. Lengler

Re: pureftpd virtual users TLS

[Edgar Pettijohn]

On 04/07/16 16:06, Teno Deuter wrote:

Hi,

installed the chrooted version of pureftpd on a 5.9 AMD64 setting and face
following issues:

1.
TLS with system users works fine but not for the virtual ones! Only plain
ftp!

2.
seems that the service doesn't always refer to the 'pure-ftpd.conf'! To be
more specific.I did define the path of 'pureftpd.pdb' in the configuration
file but if I don't use the '-lpuredb' switch in the daemon flags doesn't
find it. Also, uncommenting :

AltLog w3c:/var/log/pureftpd.log

doesn't have any effect either. That file never gets created!

Thank you for your support.


sorry didn't answer all questions with the patch.

for logging look in /var/log/xferlog and /var/log/messages

Re: Recording computer sound.

[Steve Litt]

Yes. Inquiring minds want to know. When I perform the following command:

aucat -v 127 -f rsnd/0  -h wav -o junk.wav

junk.wav is a WAV file with no sound. Changing the device to default
changes nothing, nor does leaving out the -f parameter entirely, and if
I change it to rsnd/1, snd/0, snd/1, midi/0, rmidi/0, aucat aborts
saying "couldn't open audio device".

If anyone knows the secret sauce, please let me know. I was playing a
Youtube song, easily listenable on my speakers, while I did the aucat
commands.

Thanks,

SteveT

Steve Litt 
April 2016 featured book: Rapid Learning for the 21st Century
http://www.troubleshooters.com/rl21



On Fri, 8 Apr 2016 20:01:16 -0300
"Henrique N. Lengler"  wrote:

> But what device should I specify?
> 
> Please give full answers.
> 
> On Sat, Apr 09, 2016 at 12:46:53AM +0200, ropers wrote:
> > You mean with aucat(1)?
> > 
> > On 9 April 2016 at 00:09, Henrique N. Lengler
> >  wrote:
> >   
> > > Hi,
> > >
> > > Is there a way to record the sound playing on my speakers?
> > > Like duplicating it and saving on my computer everything that
> > > goes out to the
> > > speaker.
> > >
> > > I would like to to this to record some screencast.
> > >
> > > Any way of doing this?
> > >
> > > Thanks;
> > >
> > > --
> > > Regards
> > >
> > > Henrique N. Lengler  

Re: Recording computer sound.

[ropers]

Is this helpful?
http://man.openbsd.org/OpenBSD-current/man7/sndio.7#DEVICE_NAMES

On 9 April 2016 at 01:01, Henrique N. Lengler 
wrote:

> But what device should I specify?
>
> Please give full answers.
>
> On Sat, Apr 09, 2016 at 12:46:53AM +0200, ropers wrote:
> > You mean with aucat(1)?
> >
> > On 9 April 2016 at 00:09, Henrique N. Lengler <
> henriquel...@openmailbox.org>
> > wrote:
> >
> > > Hi,
> > >
> > > Is there a way to record the sound playing on my speakers?
> > > Like duplicating it and saving on my computer everything that goes out
> to
> > > the
> > > speaker.
> > >
> > > I would like to to this to record some screencast.
> > >
> > > Any way of doing this?
> > >
> > > Thanks;
> > >
> > > --
> > > Regards
> > >
> > > Henrique N. Lengler

Re: Recording computer sound.

[ropers]

Oh, scratch that. I was getting confused myself. I think it's actually just
/dev/audio but I better shut up and don't say it because I'm not on an
OpenBSD box now. Sorry for the noise.

On 9 April 2016 at 02:19, ropers  wrote:

> Is this helpful?
> http://man.openbsd.org/OpenBSD-current/man7/sndio.7#DEVICE_NAMES
>
> On 9 April 2016 at 01:01, Henrique N. Lengler <
> henriquel...@openmailbox.org> wrote:
>
>> But what device should I specify?
>>
>> Please give full answers.
>>
>> On Sat, Apr 09, 2016 at 12:46:53AM +0200, ropers wrote:
>> > You mean with aucat(1)?
>> >
>> > On 9 April 2016 at 00:09, Henrique N. Lengler <
>> henriquel...@openmailbox.org>
>> > wrote:
>> >
>> > > Hi,
>> > >
>> > > Is there a way to record the sound playing on my speakers?
>> > > Like duplicating it and saving on my computer everything that goes
>> out to
>> > > the
>> > > speaker.
>> > >
>> > > I would like to to this to record some screencast.
>> > >
>> > > Any way of doing this?
>> > >
>> > > Thanks;
>> > >
>> > > --
>> > > Regards
>> > >
>> > > Henrique N. Lengler

Re: pureftpd virtual users TLS

[Edgar Pettijohn]

On 04/07/16 16:06, Teno Deuter wrote:

Hi,

installed the chrooted version of pureftpd on a 5.9 AMD64 setting and face
following issues:

1.
TLS with system users works fine but not for the virtual ones! Only plain
ftp!

2.
seems that the service doesn't always refer to the 'pure-ftpd.conf'! To be
more specific.I did define the path of 'pureftpd.pdb' in the configuration
file but if I don't use the '-lpuredb' switch in the daemon flags doesn't
find it. Also, uncommenting :

AltLog w3c:/var/log/pureftpd.log

doesn't have any effect either. That file never gets created!

Thank you for your support.

I think its because support for virtual users isn't built in the port.  
This patch should do what you need.


Index: Makefile
===
RCS file: /cvs/ports/net/pure-ftpd/Makefile,v
retrieving revision 1.71
diff -u -p -u -r1.71 Makefile
--- Makefile14 Oct 2015 10:01:55 -1.71
+++ Makefile9 Apr 2016 00:17:16 -
@@ -28,7 +28,8 @@ CONFIGURE_ARGS+= --disable-pie \
  --with-everything \
  --with-paranoidmsg \
  --with-rfc2640 \
- --with-tls
+ --with-tls \
+ --with-puredb

 MODULES=converters/libiconv

Re: Recording computer sound.

[Henrique N. Lengler]

But what device should I specify?

Please give full answers.

On Sat, Apr 09, 2016 at 12:46:53AM +0200, ropers wrote:
> You mean with aucat(1)?
> 
> On 9 April 2016 at 00:09, Henrique N. Lengler 
> wrote:
> 
> > Hi,
> >
> > Is there a way to record the sound playing on my speakers?
> > Like duplicating it and saving on my computer everything that goes out to
> > the
> > speaker.
> >
> > I would like to to this to record some screencast.
> >
> > Any way of doing this?
> >
> > Thanks;
> >
> > --
> > Regards
> >
> > Henrique N. Lengler

Re: Recording computer sound.

[ropers]

You mean with aucat(1)?

On 9 April 2016 at 00:09, Henrique N. Lengler 
wrote:

> Hi,
>
> Is there a way to record the sound playing on my speakers?
> Like duplicating it and saving on my computer everything that goes out to
> the
> speaker.
>
> I would like to to this to record some screencast.
>
> Any way of doing this?
>
> Thanks;
>
> --
> Regards
>
> Henrique N. Lengler

MAC addresses on vmd guests

[Vijay Sankar]

  Hi,

I was trying to test patches for vmm and uvm by Stefan Kempf. Everything
works great and copies between the host and guest are faster with the
patches but I noticed the following.

Whenever I reboot the VMM host (running OpenBSD 5.9 -current from yesterday
with custom kernel enabled with vmm0 at mainbus0) the guest OS (OpenBSD 5.9
-release) has a different MAC address for the same vio0 interface.

Is this expected behavior? Reason for asking this is that if it is not
expected behavior then probably I may be doing all this incorrectly and any
feedback from my tests would just be a time waste for developers. So wanted
to avoid that if possible.

I am running dhcpd on the host and the lease file looks as follows. I only
have one VM guest on this test system.

builder.lab.foretell.ca$ cat /var/db/dhcpd.leases
                              
lease 192.168.1.33 {
        starts 5 2016/04/08 21:09:17 UTC;
        ends 6 2016/04/09 09:09:17 UTC;
        hardware ethernet fe:e1:ba:d0:a6:73;
        uid 01:fe:e1:ba:d0:a6:73;
}
lease 192.168.1.32 {
        starts 5 2016/04/08 21:00:45 UTC;
        ends 6 2016/04/09 09:00:45 UTC;
        hardware ethernet fe:e1:ba:d0:40:32;
        uid 01:fe:e1:ba:d0:40:32;
}
lease 192.168.1.34 {
        starts 5 2016/04/08 21:11:55 UTC;
        ends 6 2016/04/09 09:11:55 UTC;
        hardware ethernet fe:e1:ba:d0:ee:a5;
        uid 01:fe:e1:ba:d0:ee:a5;
}

lease 192.168.1.35 {
        starts 5 2016/04/08 21:49:46 UTC;
        ends 6 2016/04/09 09:49:46 UTC;
        hardware ethernet fe:e1:ba:d0:98:23;
        uid 01:fe:e1:ba:d0:98:23;
}

DMESG from VMM HOST

OpenBSD 5.9-current (GENERIC.MP) #0: Fri Apr  8 13:59:37 CDT 2016
   
r...@builder.lab.foretell.ca:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 16806883328 (16028MB)
avail mem = 16293249024 (15538MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xeb410 (106 entries)
bios0: vendor American Megatrends Inc. version "0509" date 05/09/2012
bios0: ASUSTeK COMPUTER INC. P8H77-V LE
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP APIC MCFG HPET SSDT SSDT SSDT
acpi0: wakeup devices UAR1(S4) PS2K(S4) PS2M(S4) P0P1(S4) PXSX(S4) RP01(S4)
PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) BR10(S4)
RP06(S4) PXSX(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz, 3502.50 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 102MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz, 3502.00 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz, 3502.00 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz, 3502.00 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 3, package 0
cpu4 at mainbus0: apid 1 (application processor)
cpu4: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz, 3502.00 MHz
cpu4:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
cpu4: 256KB 64b/line 8-way L2 cache
cpu4: smt 1, core 0, package 0
cpu5 at mainbus0: apid 3 (

Recording computer sound.

[Henrique N. Lengler]

Hi,

Is there a way to record the sound playing on my speakers?
Like duplicating it and saving on my computer everything that goes out to the
speaker.

I would like to to this to record some screencast.

Any way of doing this?

Thanks;

--
Regards

Henrique N. Lengler

Re: recommendations for 10GBase Ethernet on OpenBSD

[Kapetanakis Giannis]

On 08/04/16 19:35, Joe Crivello wrote:

Intel X520 cards seem to work nicely in our shop.



x520 work fine for us too.

G

Re: PKG_PATH - SOLVED

[Teno Deuter]

Thank you for that tip.

On Fri, Apr 8, 2016 at 2:57 PM, Antoine Jacoutot  wrote:
> On Fri, Apr 08, 2016 at 09:16:13AM +0200, Peter Hessler wrote:
>> On 2016 Apr 07 (Thu) at 22:56:42 +0200 (+0200), Teno Deuter wrote:
>> :Hi,
>> :
>> :just installed a 5.9 AMD64 version and get issues with adding packages as a
>> :regular system user. 'env' shows me the correct setting for PKG_PATH but
>> :seems that the user environment isn't able to contact the source.
>> :
>> :As long as I change to 'root', everything works fine!
>> :
>> :Thank you for your support
>> :
>>
>> You should put it into /etc/pkg.conf instead:
>>
>> """
>> installpath = http://ftp.hostserver.de/pub/OpenBSD/%c/packages/%a/
>> """
>>
>> %c expands out into the version, and %a into the arch.
>
> I think nowadays you can do something like:
> installpath = ftp.hostserver.de
>
>
> --
> Antoine

Re: ifconfig down but routing still tries to use the interface's routes

[Doran Mori]

I see what you're saying, but this is a router not a server. It's my job to
stop the routing loop. That shorter prefix might actually work. This isn't
how it works on other routers I've used.

Why remove the UP flag from the route then? Older versions of OpenBSD would
still announce the connected route via BGP even though the interface was
down. I haven't tested this lately.

On Fri, Apr 8, 2016 at 11:15 AM, Stuart Henderson 
wrote:

> On 2016/04/08 10:05, Doran Mori wrote:
> > Could you give an example of how that it could cause a routing loop?
>
> Say you have a directly connected /27 on an interface, and a covering
> /22, or a default route or something.
>
> If the interface holding that /27 goes down (for example the switch
> fails, or somebody unplugs the cable, etc), in most setups you won't
> be able to reach it. Host unreachable / net unreachable.
>
> If you "fall back" to a shorter prefix or especially to a default
> route, in many setups, the router that you send it to will send it
> right back to you, causing a loop. Consider the case where you
> take a local interface down. Normally you want the traffic to be
> dropped, not sent to a transit provider.
>
> Considering phessler's suggestion, which I haven't tested but makes
> sense, if you would usually have another route to the *same prefix*
> i.e. the /27 from somewhere else (bgp, ospf, static route) then
> that should be used.
>
> > I'm used to the world of actual routers where the related routes from
> > an interface get removed from the FIB when it goes down. The kernel
> > already removes the UP flag. I don't understand why that's still a
> > valid route?
> >
> > On Fri, Apr 8, 2016 at 1:53 AM, Stuart Henderson 
> > wrote:
> >
> > On 2016-04-07, Doran Mori  wrote:
> > > Running 5.9.
> > >
> > > I have x.x.141.0/25 that's directly connected. With x.x.141.0/24
> > reachable
> > > via bgp.
> > >
> > > # route -n get x.x.141.13
> > >route to: x.x.141.13
> > > destination: x.x.141.0
> > >mask: 255.255.255.128
> > >   interface: em3
> > >  if address: x.x.141.112
> > >priority: 4 (connected)
> > >   flags: 
> > >
> > > # ifconfig em3 down
> > > jawaka# route -n get x.x.141.13
> > >route to: x.x.141.13
> > > destination: 66.117.141.0
> > >mask: 255.255.255.128
> > >   interface: em3
> > >  if address: x.x.141.112
> > >priority: 4 (connected)
> > >   flags: 
> > >
> > > I see the UP flag is removed but it has no effect.
> > >
> > > # ping x.x.141.13
> > > PING x.x.141.13 (x.x.141.13): 56 data bytes
> > > ping: sendto: Network is down
> > >
> > > I would expect this route to be used instead:
> > > # route -n get x.x.141.0/24
> > >route to: x.x.141.0
> > > destination: x.x.141.0
> > >mask: 255.255.255.0
> > > gateway: x.x.144.154
> > >   interface: em2
> > >  if address: x.x.144.153
> > >priority: 48 (bgp)
> > >   flags: 
> > >
> > > I searched the archives but didn't see this specific case
> > mentioned. Can
> > > someone enlighten me?
> >
> > That is how things normally work.
> >
> > Sometimes the behaviour you want would be useful (especially for
> > machines that move between wired and wireless connectivity) but in
> > other
> > cases (e.g. the usual case with a bgp router) it would be
> > undesirable as
> > it would cause a routing loop, so there's no one-size-fits-all
> > answer.
> >
> > I'm not sure if there is any way to manipulate the route entry to
> > do
> > what you want. If there is, it's non-obvious at least!

Re: ifconfig down but routing still tries to use the interface's routes

[Stuart Henderson]

On 2016/04/08 10:05, Doran Mori wrote:
> Could you give an example of how that it could cause a routing loop?

Say you have a directly connected /27 on an interface, and a covering
/22, or a default route or something.

If the interface holding that /27 goes down (for example the switch
fails, or somebody unplugs the cable, etc), in most setups you won't
be able to reach it. Host unreachable / net unreachable.

If you "fall back" to a shorter prefix or especially to a default
route, in many setups, the router that you send it to will send it
right back to you, causing a loop. Consider the case where you
take a local interface down. Normally you want the traffic to be
dropped, not sent to a transit provider.

Considering phessler's suggestion, which I haven't tested but makes
sense, if you would usually have another route to the *same prefix*
i.e. the /27 from somewhere else (bgp, ospf, static route) then
that should be used.

> I'm used to the world of actual routers where the related routes from
> an interface get removed from the FIB when it goes down. The kernel
> already removes the UP flag. I don't understand why that's still a
> valid route?
>
> On Fri, Apr 8, 2016 at 1:53 AM, Stuart Henderson 
> wrote:
>
> On 2016-04-07, Doran Mori  wrote:
> > Running 5.9.
> >
> > I have x.x.141.0/25 that's directly connected. With x.x.141.0/24
> reachable
> > via bgp.
> >
> > # route -n get x.x.141.13
> >    route to: x.x.141.13
> > destination: x.x.141.0
> >        mask: 255.255.255.128
> >   interface: em3
> >  if address: x.x.141.112
> >    priority: 4 (connected)
> >       flags: 
> >
> > # ifconfig em3 down
> > jawaka# route -n get x.x.141.13
> >    route to: x.x.141.13
> > destination: 66.117.141.0
> >        mask: 255.255.255.128
> >   interface: em3
> >  if address: x.x.141.112
> >    priority: 4 (connected)
> >       flags: 
> >
> > I see the UP flag is removed but it has no effect.
> >
> > # ping x.x.141.13
> > PING x.x.141.13 (x.x.141.13): 56 data bytes
> > ping: sendto: Network is down
> >
> > I would expect this route to be used instead:
> > # route -n get x.x.141.0/24
> >    route to: x.x.141.0
> > destination: x.x.141.0
> >        mask: 255.255.255.0
> >     gateway: x.x.144.154
> >   interface: em2
> >  if address: x.x.144.153
> >    priority: 48 (bgp)
> >       flags: 
> >
> > I searched the archives but didn't see this specific case
> mentioned. Can
> > someone enlighten me?
>
> That is how things normally work.
>
> Sometimes the behaviour you want would be useful (especially for
> machines that move between wired and wireless connectivity) but in
> other
> cases (e.g. the usual case with a bgp router) it would be
> undesirable as
> it would cause a routing loop, so there's no one-size-fits-all
> answer.
>
> I'm not sure if there is any way to manipulate the route entry to
> do
> what you want. If there is, it's non-obvious at least!

Re: pf from self user _rebound to port 53 and rebound in front of unbound

[Jeremie Courreges-Anglas]

Kevin Chadwick  writes:

> I know rebound is not meant for this and see it's benefits for clients
> and even maybe in front of unbound.
>
> However after noticing rebound and the undeadly thread I played with PF
> to see if I could enforce all DNS requests to have come from rebound.
>
> The best I have managed so far without syntax errors is along the
> lines of:
>
> block log quick proto udp from user !=_rebound
>
> which is sometimes not usable or doesn't quite achieve the goal?
>
> So is it possible to use something like: 
>
> pass out on $ext_if from self user _rebound to $dns_srv port 53?

Something like

  pass out ... proto udp from any to any port 53 user = _rebound

same for tcp.

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Re: recommendations for 10GBase Ethernet on OpenBSD

[Hrvoje Popovski]

On 8.4.2016. 16:22, Steiner Peter wrote:
> hello,
> 
> i'm looking for recommendations for 10GBase SFP+ network adapters,
> anyone has experience with 10G Ethernet on OpenBSD?
> 
> i found dual SFP+ PCIe devices with the following drivers:
> ix - Intel 82598/82599/X540 PCI Express 10Gb Ethernet device
> ixgb - Intel PRO/10GbE 10Gb Ethernet device
> myx - Myricom Myri-10G PCI Express 10Gb Ethernet device
> oce - Emulex OneConnect 10Gb Ethernet device

i would go with ix 82955 or x520

http://undeadly.org/cgi?action=article&sid=20160302155046

Re: recommendations for 10GBase Ethernet on OpenBSD

[Joe Crivello]

Intel X520 cards seem to work nicely in our shop.

recommendations for 10GBase Ethernet on OpenBSD

[Steiner Peter]

hello,

i'm looking for recommendations for 10GBase SFP+ network adapters,
anyone has experience with 10G Ethernet on OpenBSD?

i found dual SFP+ PCIe devices with the following drivers:
ix - Intel 82598/82599/X540 PCI Express 10Gb Ethernet device
ixgb - Intel PRO/10GbE 10Gb Ethernet device
myx - Myricom Myri-10G PCI Express 10Gb Ethernet device
oce - Emulex OneConnect 10Gb Ethernet device

cards found at my retailers:
Intel X520-DA2 E10G42BTDA
Intel X710-DA2 X710DA2
IBM X710 for IBM System x 81Y3520
Lenovo 49Y7960
Lenovo 90Y6456
HP 560SFP+  665249-B21


btw. I'll use IBM (Lenovo) X3550M5 (and maybe HP ProLiant DL360p) Pizza-Boxes
and Extreme Networks 670 (and also HP 5900AF) switches
so the Extreme Network SFP+ modules should be compatible to the NIC


thanx in advance for any field reports

greetings from Austria
-Peter

Re: PKG_PATH

[Antoine Jacoutot]

On Fri, Apr 08, 2016 at 09:16:13AM +0200, Peter Hessler wrote:
> On 2016 Apr 07 (Thu) at 22:56:42 +0200 (+0200), Teno Deuter wrote:
> :Hi,
> :
> :just installed a 5.9 AMD64 version and get issues with adding packages as a
> :regular system user. 'env' shows me the correct setting for PKG_PATH but
> :seems that the user environment isn't able to contact the source.
> :
> :As long as I change to 'root', everything works fine!
> :
> :Thank you for your support
> :
> 
> You should put it into /etc/pkg.conf instead:
> 
> """
> installpath = http://ftp.hostserver.de/pub/OpenBSD/%c/packages/%a/
> """
> 
> %c expands out into the version, and %a into the arch.

I think nowadays you can do something like:
installpath = ftp.hostserver.de


-- 
Antoine

Re: Roundrobin Trunking on 5.8

[Kevin Chadwick]

> > Obvious question, but: did you go 5.6 -> 5.8 or 5.6 -> 5.7 -> 5.8?  
> 
> 5.6 -> 5.8 but followed the upgrade guides for both and ran sysmerge
> once?
> 
> for the emailed bug report for the separate issue I said upgraded but
> it was a new install.

So either this is fixed in 5.9 \O/ or I didn't notice the lack of UP on
the trunk port. As it was coming UP on bootup before the upgrade to
5.8 then I *guess* I can be forgiven if that was? the only issue, I
forget if I had tried marking it UP or not <_<

So Thanks or Sorry for the noise, whichever it should be, haha

-- 

KISSIS - Keep It Simple So It's Securable

pf from self user _rebound to port 53 and rebound in front of unbound

[Kevin Chadwick]

I know rebound is not meant for this and see it's benefits for clients
and even maybe in front of unbound.

However after noticing rebound and the undeadly thread I played with PF
to see if I could enforce all DNS requests to have come from rebound.

The best I have managed so far without syntax errors is along the
lines of:

block log quick proto udp from user !=_rebound

which is sometimes not usable or doesn't quite achieve the goal?

So is it possible to use something like: 

pass out on $ext_if from self user _rebound to $dns_srv port 53?

Thanks

-- 

KISSIS - Keep It Simple So It's Securable

Re: ifconfig down but routing still tries to use the interface's routes

[Peter Hessler]

On 2016 Apr 08 (Fri) at 08:53:45 + (+), Stuart Henderson wrote:
:On 2016-04-07, Doran Mori  wrote:
:> Running 5.9.
:>
:> I have x.x.141.0/25 that's directly connected. With x.x.141.0/24 reachable
:> via bgp.
:>
:> # route -n get x.x.141.13
:>route to: x.x.141.13
:> destination: x.x.141.0
:>mask: 255.255.255.128
:>   interface: em3
:>  if address: x.x.141.112
:>priority: 4 (connected)
:>   flags: 
:>
:> # ifconfig em3 down
:> jawaka# route -n get x.x.141.13
:>route to: x.x.141.13
:> destination: 66.117.141.0
:>mask: 255.255.255.128
:>   interface: em3
:>  if address: x.x.141.112
:>priority: 4 (connected)
:>   flags: 
:>
:> I see the UP flag is removed but it has no effect.
:>
:> # ping x.x.141.13
:> PING x.x.141.13 (x.x.141.13): 56 data bytes
:> ping: sendto: Network is down
:>
:> I would expect this route to be used instead:
:> # route -n get x.x.141.0/24
:>route to: x.x.141.0
:> destination: x.x.141.0
:>mask: 255.255.255.0
:> gateway: x.x.144.154
:>   interface: em2
:>  if address: x.x.144.153
:>priority: 48 (bgp)
:>   flags: 
:>
:> I searched the archives but didn't see this specific case mentioned. Can
:> someone enlighten me?
:
:That is how things normally work.
:
:Sometimes the behaviour you want would be useful (especially for
:machines that move between wired and wireless connectivity) but in other
:cases (e.g. the usual case with a bgp router) it would be undesirable as
:it would cause a routing loop, so there's no one-size-fits-all answer.
:
:I'm not sure if there is any way to manipulate the route entry to do
:what you want. If there is, it's non-obvious at least!
:

You can add a "backup" route of an equal prefix length.  In such a case,
the backup route will take over.

-- 
Pushing 40 is exercise enough.

Re: ifconfig down but routing still tries to use the interface's routes

[Stuart Henderson]

On 2016-04-07, Doran Mori  wrote:
> Running 5.9.
>
> I have x.x.141.0/25 that's directly connected. With x.x.141.0/24 reachable
> via bgp.
>
> # route -n get x.x.141.13
>route to: x.x.141.13
> destination: x.x.141.0
>mask: 255.255.255.128
>   interface: em3
>  if address: x.x.141.112
>priority: 4 (connected)
>   flags: 
>
> # ifconfig em3 down
> jawaka# route -n get x.x.141.13
>route to: x.x.141.13
> destination: 66.117.141.0
>mask: 255.255.255.128
>   interface: em3
>  if address: x.x.141.112
>priority: 4 (connected)
>   flags: 
>
> I see the UP flag is removed but it has no effect.
>
> # ping x.x.141.13
> PING x.x.141.13 (x.x.141.13): 56 data bytes
> ping: sendto: Network is down
>
> I would expect this route to be used instead:
> # route -n get x.x.141.0/24
>route to: x.x.141.0
> destination: x.x.141.0
>mask: 255.255.255.0
> gateway: x.x.144.154
>   interface: em2
>  if address: x.x.144.153
>priority: 48 (bgp)
>   flags: 
>
> I searched the archives but didn't see this specific case mentioned. Can
> someone enlighten me?

That is how things normally work.

Sometimes the behaviour you want would be useful (especially for
machines that move between wired and wireless connectivity) but in other
cases (e.g. the usual case with a bgp router) it would be undesirable as
it would cause a routing loop, so there's no one-size-fits-all answer.

I'm not sure if there is any way to manipulate the route entry to do
what you want. If there is, it's non-obvious at least!

Re: bsd.rd fails to boot up on libreboot x200: how to find out why?

[Stuart Henderson]

On 2016-04-07, silent_wande...@openmailbox.org 
 wrote:
> I have a Thinkpad X200 laptop with libreboot 20150518 (latest stable 
> release).
>
> Libreboot is basically coreboot + grub2 without bios services and with 
> no text console.

and without CPU microcode updates that may fix important, maybe security-
related, bugs.

> But if I try to load /bsd (is it a kernel at all? seems to be gzip 
> archive with some elf) or /5.9/amd64/bsd.rd kernels, they do not boot 
> up. After several seconds the machine reboots without any messages on 
> the screen at all and grub menu reappears.

It's just a gzipped kernel, the normal boot loader supports these directly.
You could try gunzipping it and see if you get further but the lack of
text console probably won't help you.

> Is it possible at all to use USB serial port as console?

No.

> Do I have any feasible options to get serial console to this laptop?

Unlikely.

> I think that if I unpack bsd.rd and edit /etc/ttys it might help, but I 
> did not find any information about bsd.rd structure, such as supposed 
> offset of embedded image, its format and so on.
>
> elfrdsetroot(8) is mentioned in man rd, but http://man.openbsd.org does 
> not have a manpage for it.

It doesn't mention it with a manpage section number, just as "the
elfrdsetroot tool" - it can be built like this:

cd /usr/src/distrib/common && \
cc -o rdsetroot elf32.c elf64.c elfrdsetroot.c 

rdsetroot -x /path/to/bsd.rd /tmp/ramdisk.image
vnconfig vnd0 /tmp/ramdisk.image
mount /dev/vnd0a /mnt
...
umount /mnt
vnconfig -u vnd0
rdsetroot /path/to/bsd.rd /tmp/ramdisk.image

/etc/ttys only helps when multi-user, it doesn't affect kernel
console or single-user mode. But in the "..." stage you can create
/mnt/auto_install.conf to run the installer (or auto_upgrade.conf for
the updater), see autoinstall(8), which may get you somewhere.

Re: NAT66 with temporary address

[Stuart Henderson]

On 2016-04-03, Steven Mestdagh  wrote:
> I was trying to use NAT66, from some internal subnets to my IPv6
> internet address, using the following line with 5.9 release.
>
> match out on $intout inet6 from !(egress:network) to any nat-to ($intout:0)
>
> The last part expands to the link local address of the interface, which
> is the first address but not really useful for NAT.
> I would like it to use the relevant temporary address set by autoconf.
> Is there a way to specify this? Maybe we would need additional modifiers for 
> it?

There isn't a way to specify this, but I think it's a bug that :0 expands
to a link-local address at all..

Re: PKG_PATH

[Peter Hessler]

On 2016 Apr 07 (Thu) at 22:56:42 +0200 (+0200), Teno Deuter wrote:
:Hi,
:
:just installed a 5.9 AMD64 version and get issues with adding packages as a
:regular system user. 'env' shows me the correct setting for PKG_PATH but
:seems that the user environment isn't able to contact the source.
:
:As long as I change to 'root', everything works fine!
:
:Thank you for your support
:

You should put it into /etc/pkg.conf instead:

"""
installpath = http://ftp.hostserver.de/pub/OpenBSD/%c/packages/%a/
"""

%c expands out into the version, and %a into the arch.


-- 
Any sufficiently advanced technology is indistinguishable from a rigged
demo.