Re: kqueue

2017-04-18 Thread Philip Guenther
On Tue, Apr 18, 2017 at 9:40 AM, Friedrich Locke
 wrote:
> just started to play winth kqueue and i wonder what happens if i request to
> add n events to the queue there is memory only for a subset of the events.
> Will the subset be added or the whole operation will fail ?

The former.  Changes in the changelist are applied in order and are
not 'unwound' if a later change can't be made.  Indeed, if nevents > 0
then failure to perform a particular change will be reported via the
eventlist and it'll continue to apply later changes in the list until
it either reaches the end of the changelist or has no space in the
eventlist to report an error.  In the last case (no space to report a
change error) it'll stop processing changelist entries and report the
error by returning -1 with the error in errno.


Philip Guenther



Re: Is randomizing UID/GUID would make sense?

2017-04-18 Thread Philip Guenther
On Tue, Apr 18, 2017 at 10:12 PM,   wrote:
...
> Yes, it may be "standards mandated" in some cases (r1.39, bin/ksh/var.c) or
> used by 60 pieces of software, but why would software require a PRNG to be
> deterministic?
>
> That is my question, not "what apps and standards need it?" but "what usage
> cases require it, and can this be replaced with a deterministic PRNG?"

The classic case is code that wants to offer the ability to reproduce
the sequence, so that the state *before* some interesting state can be
examined.  For example, fuzzers often report the seed that generated a
crash, so you can reenter it and walk the target program into the
crash step by step.  If a program offers a "set the seed" option then
that's a huge hint.  If you think that option doesn't make sense for
some program then that's a concern to take to the developer *of that
program*...

For a broader answer to the "why?", take a look at the patches under
/usr/ports/ which add uses of the *_deterministic() calls.  Some
OpenBSD dev in the past judged that that port wanted it and may have
recorded why they thought so in the patch or the commit message of the
patch.  Lacking that, go look at the ports' sources and see what might
indicate that.


Philip Guenther



Re: Is randomizing UID/GUID would make sense?

2017-04-18 Thread bytevolcano
An idiot whose question lacks clarity. My apologies.

Of course software uses it. What I was trying to ask was *why* would software
actually nee a deterministic PRNG, rather than "what software uses it."
In other words, what will break if the PRNG was non-deterministic?

Yes, it may be "standards mandated" in some cases (r1.39, bin/ksh/var.c) or
used by 60 pieces of software, but why would software require a PRNG to be
deterministic?

That is my question, not "what apps and standards need it?" but "what usage
cases require it, and can this be replaced with a deterministic PRNG?"

On Mon, 17 Apr 2017 23:30:04 -0600
"Theo de Raadt"  wrote:

> It's really unfortunate that we aren't running an open source project
> and making available all the source for the tool called grep.
> 
> So that it can be studied, rather than questioned by an idiot
> uninterested in the exercise of selflearning.
> 
> Maybe those source files even have commit logs - even better PUBLIC
> COMMIT LOGS - which might explain the rationale!  No, that's unlikely.
> 
> So let's just yak about it, right?
> 
> Rest of your email deleted because what's the point




Re: flaky network connection after 6.1 upgrade

2017-04-18 Thread Colton Lewis
> Can you show me a dmesg please, specifically the lines which are
> related to your wifi card?
athn0 at pci6 dev 0 function 0 "Atheros AR9281" rev 0x01: apic 8 int 17
athn0: AR9280 rev 2 (1T2R), ROM rev 11, address 00:15:af:cd:f2:4f


kqueue

2017-04-18 Thread Luke Small
I suspect that you will sooner run out of file descriptors. but I assume
that if it runs into a problem, kevent() will return  -1 and it may be
unrecoverable. I suspect that it would first occur because the kernel is
being overutilized. The information that is being created, I suspect, is
being stored in the kernel. I may look into the source code and try to find
out. You'd probably have to edit /etc/login.conf as root to allow enough
file descriptors to be spawned in the first place. But maybe you could do
it with EVFILT_TIMER calls, as they don't require a file descriptor as an
'ident'. I suspect that the whole kqueue is flushed if you exceed a
specific level.


Re: GUI desktop autologin options

2017-04-18 Thread Ax0n
Also, check the man page for the new XenoDM in base. It appears to offer
autologin via Xresources. I haven't gotten myself familiarized with it yet,
but I'd recommend looking at that before installing a third party display
manager if you want to be dropped straight into a user session on boot.

On Tue, Apr 18, 2017 at 11:12 PM, Ax0n  wrote:

> I'm using slim as the Display Manager on 6.1-RELEASE on my main laptop,
> with Lumina for the time being as my DE. I just added the following to the
> end of /etc/slim.conf and it does auto-login for me. Frustratingly, "log
> out" immediately logs me back in instead of prompting. If you're okay with
> that, then give it a go.
>
> auto_login  yes
> default_useraxon
>
> Slim obeys the .xsession script for whatever Desktop Environment or Window
> Manager you've chosen, or you can adjust the default sessions in slim.conf
> as well. Both my .xsession and .xinitrc contain this line that starts up
> Lumina.
>
> exec start-lumina-desktop
>
> Cheers
>
> On Tue, Apr 18, 2017 at 10:44 PM, Sha'ul  wrote:
>
>> I'm trying to figure how setup an auto login from boot to some kind of GUI
>> desktop interface. What are my options? I'm not interested in Gnome 3, but
>> I will use anything else like Lumina, KDE, XFCE, etc. as long as it can
>> load straight into desktop environment when I turn on computer. Which
>> ones, besides Gnome 3, support autologin?
>>
>>
>


Re: GUI desktop autologin options

2017-04-18 Thread Ax0n
I'm using slim as the Display Manager on 6.1-RELEASE on my main laptop,
with Lumina for the time being as my DE. I just added the following to the
end of /etc/slim.conf and it does auto-login for me. Frustratingly, "log
out" immediately logs me back in instead of prompting. If you're okay with
that, then give it a go.

auto_login  yes
default_useraxon

Slim obeys the .xsession script for whatever Desktop Environment or Window
Manager you've chosen, or you can adjust the default sessions in slim.conf
as well. Both my .xsession and .xinitrc contain this line that starts up
Lumina.

exec start-lumina-desktop

Cheers

On Tue, Apr 18, 2017 at 10:44 PM, Sha'ul  wrote:

> I'm trying to figure how setup an auto login from boot to some kind of GUI
> desktop interface. What are my options? I'm not interested in Gnome 3, but
> I will use anything else like Lumina, KDE, XFCE, etc. as long as it can
> load straight into desktop environment when I turn on computer. Which
> ones, besides Gnome 3, support autologin?
>
>


GUI desktop autologin options

2017-04-18 Thread Sha'ul
I'm trying to figure how setup an auto login from boot to some kind of GUI
desktop interface. What are my options? I'm not interested in Gnome 3, but
I will use anything else like Lumina, KDE, XFCE, etc. as long as it can
load straight into desktop environment when I turn on computer. Which
ones, besides Gnome 3, support autologin?



Sites in firefox stop loading with "out of memory" in console

2017-04-18 Thread Daniel Bolgheroni
Ultimately some sites opened with Firefox 52 stop loading with "out of
memory" in console.  Two ofenders are https://app.wire.com and
https://www.protonmail.com/login, and both seem related to asm.js.

Note that Firefox doesn't crash, but the sites beeing loaded just stop
being loaded, and the F12 console notifies the error (console messages
below). This occurred also with the previous 51 version but not with
firefox-esr 45. Chrome works OK.

I already tweaked /etc/login.conf and the relevant part is:

staff:\
:datasize-cur=4096M:\
:datasize-max=infinity:\
:stacksize-cur=32M:\
:maxproc-max=512:\
:maxproc-cur=256:\
:ignorenologin:\
:requirehome@:\
:tc=default:

I tried to ktrace the process opening the ProtonMail login site. Two
"out of memory" messages in console corresponding to two "mmap -1 errno
12 Cannot allocate memory".

$ kdump -f ktrace.out | fgrep -C25 memory
 24760 firefox  CALL  
__thrsleep(0x1670c8e82e38,CLOCK_REALTIME,0,0x1670f79ede80,0x1670c8e82f04)
 24760 firefox  RET   __thrsleep 0
 24760 firefox  CALL  clock_gettime(CLOCK_MONOTONIC,0x7f7e44d8)
 24760 firefox  STRU  struct timespec { 44565.727442111 }
 24760 firefox  RET   clock_gettime 0
 24760 firefox  CALL  mprotect(0x298015817000,0x1000,0x3)
 24760 firefox  RET   mprotect 0
 24760 firefox  CALL  mprotect(0x298015817000,0x1000,0x5)
 24760 firefox  RET   mprotect 0
 24760 firefox  CALL  
mmap(0,0x8000,0x3,0x1002,-1,0)
 24760 firefox  RET   mmap 24673942310912/0x1670d9911000
 24760 firefox  CALL  
mmap(0,0x8000,0x3,0x1002,-1,0)
 24760 firefox  RET   mmap 24673866743808/0x1670d510
 24760 firefox  CALL  
mmap(0,0x8000,0x3,0x1002,-1,0)
 24760 firefox  RET   mmap 24676063653888/0x167158023000
 24760 firefox  CALL  
mmap(0,0x8000,0x3,0x1002,-1,0)
 24760 firefox  RET   mmap 24674684030976/0x167105c6d000
 24760 firefox  CALL  
mmap(0,0x8000,0x3,0x1002,-1,0)
 24760 firefox  RET   mmap 24674885947392/0x167111cfd000
 24760 firefox  CALL  
mmap(0,0x8000,0x3,0x1002,-1,0)
 24760 firefox  RET   mmap 24676806189056/0x167184446000
 24760 firefox  CALL  __thrwakeup(0x16716c7eba38,1)
 24760 firefox  RET   __thrwakeup 0
 24760 firefox  RET   __thrsleep 0
 24760 firefox  CALL  
mmap(0,0x180011000,0,0x1002,-1,0)
 24760 firefox  RET   mmap -1 errno 12 Cannot allocate memory
 24760 firefox  CALL  gettimeofday(0x7f7e4568,0)
 24760 firefox  STRU  struct timeval { 1492564136<"Apr 18 22:08:56 
2017">.731298 }
 24760 firefox  RET   gettimeofday 0
 24760 firefox  CALL  
mmap(0,0x8000,0x3,0x1002,-1,0)
 24760 firefox  RET   mmap 24675854073856/0x16714b844000
 24760 firefox  CALL  clock_gettime(CLOCK_MONOTONIC,0x7f7ea918)
 24760 firefox  STRU  struct timespec { 44565.728584189 }
 24760 firefox  RET   clock_gettime 0
 24760 firefox  CALL  gettimeofday(0x7f7ea910,0)
 24760 firefox  STRU  struct timeval { 1492564136<"Apr 18 22:08:56 
2017">.731404 }
 24760 firefox  RET   gettimeofday 0
 24760 firefox  CALL  gettimeofday(0x7f7ea6b8,0)
 24760 firefox  STRU  struct timeval { 1492564136<"Apr 18 22:08:56 
2017">.731623 }
 24760 firefox  RET   gettimeofday 0
 24760 firefox  CALL  gettimeofday(0x7f7eabd0,0)
 24760 firefox  STRU  struct timeval { 1492564136<"Apr 18 22:08:56 
2017">.731640 }
 24760 firefox  RET   gettimeofday 0
 24760 firefox  CALL  clock_gettime(CLOCK_MONOTONIC,0x7f7eac68)
 24760 firefox  STRU  struct timespec { 44565.728985299 }
 24760 firefox  RET   clock_gettime 0
 24760 firefox  CALL  gettimeofday(0x7f7eac60,0)
 24760 firefox  STRU  struct timeval { 1492564136<"Apr 18 22:08:56 
2017">.731808 }
 24760 firefox  CALL  
mmap(0,0x8000,0x3,0x1002,-1,0)
 24760 firefox  RET   gettimeofday 0
 24760 firefox  RET   mmap 24673649692672/0x1670c8201000
--
 24760 firefox  CALL  mprotect(0x2980158a,0x1000,0x5)
 24760 firefox  RET   mprotect 0
 24760 firefox  CALL  
mmap(0,0x11000,0x3,0x1002,-1,0)
 24760 firefox  RET   mmap 24673836089344/0x1670d33c4000
 24760 firefox  CALL  mprotect(0x2980158a,0x1000,0x3)
 24760 firefox  RET   mprotect 0
 24760 firefox  CALL  mprotect(0x2980158a,0x1000,0x5)
 24760 firefox  RET   mprotect 0
 24760 firefox  CALL  mprotect(0x2980158a,0x1000,0x3)
 24760 firefox  RET   mprotect 0
 24760 firefox  CALL  mprotect(0x2980158a,0x1000,0x5)
 24760 firefox  RET   mprotect 0
 24760 firefox  CALL  mprotect(0x2980158a,0x1000,0x3)
 24760 firefox  RET   mprotect 0
 24760 firefox  CALL  

Re: [vmm] SSL read error: read failed: error:06FFF064:digital envelope routines:CRYPTO_internal:bad decrypt

2017-04-18 Thread Tinker

On 2017-04-18 21:16, Stuart Henderson wrote:

On 2017-04-18, Jan Lambertz  wrote:
I had similar issues, mostly with crypto things in vmd. Can this 
happen

because we get out of entropy?


Run "ftp -o- https://www.gov.uk/ > /dev/random" from time to time,
you won't run out of entropy ever :)

(OpenBSD doesn't do the "run out of entropy" thing anyway).


I have no evidence yet, but i will test things tomorrow.


Mike knows about the problem and has an idea where to look. I think, at
this point, if he needs more information he'll let us know.


Is there even any indication that this is not just either due to broken 
CPU/RAM, or the TCP networking stack letting through broken packets due 
to collissions in its 16-bit checksums (i.e. a packet breaks but still 
matches the checksum and hence is received by httpd+libssl)?




Re: [vmm] SSL read error: read failed: error:06FFF064:digital envelope routines:CRYPTO_internal:bad decrypt

2017-04-18 Thread Paul Chakravarti
>On 2017-04-17, David Coppa  wrote:
>> On Sun, Apr 16, 2017 at 11:17 AM, Paul Chakravarti  wrote:
>>> Hello,
>>>
>>> I am trying out vmm on 6.1 and can setup/boot vm etc. however when I try to
>>> download a large file using SSL I consistenetly get the following error:
>>>
 SSL read error: read failed: error:06FFF064:digital envelope
>>> routines:CRYPTO_internal:bad decrypt
>>>
>>> This occasionally (but not always) correlates with the following message in
>>> the vmd log:
>>>
 vionet queue notify - no space, dropping packet
>>>
>>> Strangely non-SSL and smaller SSL downloads seem to work ok (see below).
>>>
>>> Originally spotted this using installer but can recreate from shell.
>>>
>>> Any ideas?
>>
>> See http://marc.info/?l=openbsd-misc=148858752003261
>>
>> It's a known problem.
>
>I've seen corruption with non-SSL network transfers too. It's just more
>obvious with SSL because in that case the session gets killed, whereas
>otherwise the corrupt input is silently accepsilently accepted.
>

It does seem more prevalent with SSL transfers - the SHA256s of the files 
transferred vis http are correct (over several transfers) while there is always 
an always an error on the https transfers from the same site.

Interestingly the problem only seems to come up on 'fast' connections - 
possibly something CPU related (cpu load exacerbated by SSL?). I'm still not 
sure why the TCP layer doesn't sort out the dropped packets though.

# ftp -Vo- https://ftp.openbsd.org/pub/OpenBSD/6.1/amd64/bsd | sha256  
440311305f27f0efcfcc88116299a21cb3f890fb91ee611c2a79cc9163e8fceb
# 
# 
# ftp -Vo- https://mirrorservice.org/pub/OpenBSD/6.1/amd64/bsd | sha256
ftp: SSL read error: read failed: error:06FFF064:digital envelope 
routines:CRYPTO_internal:bad decrypt



Re: [vmm] SSL read error: read failed: error:06FFF064:digital envelope routines:CRYPTO_internal:bad decrypt

2017-04-18 Thread Stuart Henderson
On 2017-04-18, Jan Lambertz  wrote:
> I had similar issues, mostly with crypto things in vmd. Can this happen
> because we get out of entropy?

Run "ftp -o- https://www.gov.uk/ > /dev/random" from time to time,
you won't run out of entropy ever :)

(OpenBSD doesn't do the "run out of entropy" thing anyway).

> I have no evidence yet, but i will test things tomorrow.

Mike knows about the problem and has an idea where to look. I think, at
this point, if he needs more information he'll let us know.




[vmm] SSL read error: read failed: error:06FFF064:digital envelope routines:CRYPTO_internal:bad decrypt

2017-04-18 Thread Jan Lambertz
I had similar issues, mostly with crypto things in vmd. Can this happen
because we get out of entropy? I have no evidence yet, but i will test
things tomorrow.


Running Debian in vmd - succes

2017-04-18 Thread Jan Lambertz
That sounds great. Hopefully the grub Problem can be fixed too. My vms did
not work with grub over serial even with a working grub.cfg for serial use.


Re: Running Debian in vmd - succes

2017-04-18 Thread Mike Larkin
On Tue, Apr 18, 2017 at 05:45:16PM +0200, Jan Lambertz wrote:
> My process is this:
> 
> Install Debian with qemu to a raw disk file
> Boot Debian
> apt install extlinux
> Install extlinux to /Boot
> Create extlinux cfg
> Write extlinux mbr
> Shutdown qemu vm
> Put raw disk into vmd vm
> Boot vmd vm
> Habe fun
> 
> All extlinux steps can be found via Google,manpages etc. I can post a
> working config tomorrow when i am back in office

We are working on adding sgabios as an additional payload, so that you can
interact directly with OS install media without having to use qemu to
bootstrap the install process. This, however, missed 6.1.

Then you just boot the install media with the VM disk as a second disk,
and install.

This should arrive in the fairly near-term, hopefully.

-ml



Modulate state now fails with OpenBSD 6.1

2017-04-18 Thread Sjöholm Per-Olov
Hi

I have had this rule for some time without issues. But since the upgrade from 
OpenBSD 6.0 to 6.1 yesterday I have had issues. Today when I sniffed incoming 
traffic on port 80 on my FW internet interface, the firewall did no longer  
send it out on my dmz1 to the web server. After removing “modulate state” that 
I have had for a while without issues it started to work again. So… After 
changing...

pass in log quick on $INTERNET_INT inet proto tcp  from any  to $DMZ1_DAEDALUS 
port  { 80 443 } label "webstats:$dstport" flags S/SAFR modulate state 
(max-src-nodes 90, max-src-states 150, max-src-conn 150, max-src-conn-rate 
250/30,  overload  flush global)

to

pass in log quick on $INTERNET_INT inet proto tcp  from any  to $DMZ1_DAEDALUS 
port  { 80 443 } label "webstats:$dstport" flags S/SAFR keep state 
(max-src-nodes 90, max-src-states 150, max-src-conn 150, max-src-conn-rate 
250/30,  overload  flush global)

it now works again


If someone can answer, Please enlighten me why this happens now and not before 
the upgrade.


Regards
Peo


Re: softraid mirror & large drives (3T)

2017-04-18 Thread Karel Gardas
On Tue, Apr 18, 2017 at 7:02 PM, Ian Watts  wrote:
> Thanks for the feedback, Karel, Allan, and Kamil.  The motivation is
> long-term data storage reliability.  For example, my wife creates
> graphical books, which involves large files, plus other work and
> personal files.
>

so kind of SOHO NAS?

> Having a mirror is not terribly important, so doing a nightly sync to
> another machine is possible.

IMHO mirror is a nice to have and if you combine this with rsync to
backup in case of any changes, then even better.

> Since it's been mentioned, what SATA RAID controller cards are
> recommended for OpenBSD on i386?  I wonder if they would fit my budget.

Not in SATA RAID business, rather prefer simple HBA + softraid/ZFS
(not on OpenBSD) and since I'm using only SR-RAID1, then board's
number of SATA connectors is usually good enough.

But using i386/openbsd on AMD E2-3200 is IMHO pure waste of precious
CPU resources you do have at your disposal. I'd recommend to go with
amd64/openbsd on this.

> Has the "supported hardware" page been removed from the openbsd.org

I would start with man mpi/mpii/ami or so...

Karel



Re: softraid mirror & large drives (3T)

2017-04-18 Thread Ian Watts
Thanks for the feedback, Karel, Allan, and Kamil.  The motivation is 
long-term data storage reliability.  For example, my wife creates 
graphical books, which involves large files, plus other work and 
personal files.  

Having a mirror is not terribly important, so doing a nightly sync to 
another machine is possible.

Since it's been mentioned, what SATA RAID controller cards are 
recommended for OpenBSD on i386?  I wonder if they would fit my budget.  
Has the "supported hardware" page been removed from the openbsd.org 
website?  I only found such a page here:
http://openbsd.das.ufsc.br/i386.html#hardware


Thanks,

-- Ian

P.S., Karel, many Americans confuse loose/lose.  :)


On Tue, 18 Apr 2017, Karel Gardas wrote:

> loose -> lose. Sorry not native English speaker here.
> 
> On Tue, Apr 18, 2017 at 6:09 PM, Karel Gardas  wrote:
> > How much data can you loose on this mirror? The rebuild time is long
> > and the chance of another drive dying is higher during rebuild so I
> > would consider either increasing redundancy to 3-way mirror or
> > decreasing time between backups. All depending on how much data you
> > can loose when something goes wrong.
> 
> 



kqueue

2017-04-18 Thread Friedrich Locke
Hi folks,

just started to play winth kqueue and i wonder what happens if i request to
add n events to the queue there is memory only for a subset of the events.
Will the subset be added or the whole operation will fail ?

Thanks in advance.


Re: softraid mirror & large drives (3T)

2017-04-18 Thread Karel Gardas
loose -> lose. Sorry not native English speaker here.

On Tue, Apr 18, 2017 at 6:09 PM, Karel Gardas  wrote:
> How much data can you loose on this mirror? The rebuild time is long
> and the chance of another drive dying is higher during rebuild so I
> would consider either increasing redundancy to 3-way mirror or
> decreasing time between backups. All depending on how much data you
> can loose when something goes wrong.



Re: softraid mirror & large drives (3T)

2017-04-18 Thread Karel Gardas
On Tue, Apr 18, 2017 at 1:56 AM, Ian Watts  wrote:
> After 17 hours it is 24% complete, so it'll be about three
> days to complete.  The system is:

How much data can you loose on this mirror? The rebuild time is long
and the chance of another drive dying is higher during rebuild so I
would consider either increasing redundancy to 3-way mirror or
decreasing time between backups. All depending on how much data you
can loose when something goes wrong.



Running Debian in vmd - succes

2017-04-18 Thread Jan Lambertz
My process is this:

Install Debian with qemu to a raw disk file
Boot Debian
apt install extlinux
Install extlinux to /Boot
Create extlinux cfg
Write extlinux mbr
Shutdown qemu vm
Put raw disk into vmd vm
Boot vmd vm
Habe fun

All extlinux steps can be found via Google,manpages etc. I can post a
working config tomorrow when i am back in office


Re: Running Debian in vmd - succes

2017-04-18 Thread Stephane HUC "CIOTBSD"
Hi, Could you explain more the process?
or, an url to understand?



Le 04/18/17 à 17:09, Jan Lambertz a écrit :
> For those who did not already know, vmd can run Linux guests with its
> seabios Firmware. However this does not work out of the box for Linux
> guests with grub bootloader even with grub serial settings.
> 
> Replacing grub with syslinux/extlinux made my Debian 8.7.1 amd64 run. No
> problems so far. This should work for other distros too.
> 

-- 
~ " Fully Basic System Distinguish Life! " ~ " Libre as a BSD " +=<<<

Stephane HUC as PengouinPdt or CIOTBSD
b...@stephane-huc.net



signature.asc
Description: OpenPGP digital signature


Re: Minor error in strftime man page

2017-04-18 Thread Hrishikesh Muruk
Looks like I do.

On Tue, Apr 18, 2017 at 8:25 PM, Claus Assmann 
wrote:

> On Tue, Apr 18, 2017, Hrishikesh Muruk wrote:
>
> > http://man.openbsd.org/man3/strftime.3
>
> > The there are two definitions for the %I option
>
> Nope. Use an editor and search for
> %I
> and you'll find only one. The other is 'l' (0x6c)
>
> Maybe you need a better font?
>


Re: softraid mirror & large drives (3T)

2017-04-18 Thread Stuart Henderson
On 2017-04-18, Allan Streib  wrote:
> Ian Watts  writes:
>
>> With this much disk space, should I be looking at another way of
>> achieving data redundancy?
>
> Buy a hardware RAID controller.

I'd sooner have decent software RAID with disks spread across multiple
controllers..




Running Debian in vmd - succes

2017-04-18 Thread Jan Lambertz
For those who did not already know, vmd can run Linux guests with its
seabios Firmware. However this does not work out of the box for Linux
guests with grub bootloader even with grub serial settings.

Replacing grub with syslinux/extlinux made my Debian 8.7.1 amd64 run. No
problems so far. This should work for other distros too.


Re: Adding default IPv6 route fails on 6.1

2017-04-18 Thread Stuart Henderson
On 2017-04-13, Harald Dunkel  wrote:
>
> Hi Sterling,
>
> On 04/12/17 01:20, Sterling Archer wrote:
>> Hello everyone.
>> 
>> After upgrading to 6.1 about an hour ago, I noticed that I didn't have an 
>> IPv6 connection anymore.
>> 
>> I use dhcpcd over a pppoe session, which worked fine in 6.0-stable.
>
>
> I'd love to see your dhcpcd.conf.

Mine is in the pkg-readme.




Re: Minor error in strftime man page

2017-04-18 Thread Claus Assmann
On Tue, Apr 18, 2017, Hrishikesh Muruk wrote:

> http://man.openbsd.org/man3/strftime.3

> The there are two definitions for the %I option

Nope. Use an editor and search for
%I
and you'll find only one. The other is 'l' (0x6c)

Maybe you need a better font?



Re: Minor error in strftime man page

2017-04-18 Thread Allan Streib
Hrishikesh Muruk  writes:

> Minor error in the strftime man page online
>
> http://man.openbsd.org/man3/strftime.3
>
> The there are two definitions for the %I option
>
> %I  is replaced by the hour (12-hour clock) as a decimal number (01-12).
>
> %l  is replaced by the hour (12-hour clock) as a decimal number (1-12);
> single digits are preceded by a blank.

Look again, those are two different letters. I and l. Try a different
font if you can't tell the difference.

Allan



Minor error in strftime man page

2017-04-18 Thread Hrishikesh Muruk
Minor error in the strftime man page online

http://man.openbsd.org/man3/strftime.3

The there are two definitions for the %I option

%I  is replaced by the hour (12-hour clock) as a decimal number (01-12).

%l  is replaced by the hour (12-hour clock) as a decimal number (1-12);
single digits are preceded by a blank.

Hrishi


Re: 6.1 dhcpd

2017-04-18 Thread Bryan Vyhmeister
On Tue, Apr 18, 2017 at 11:01:47AM +0200, Bastien Durel wrote:
> Since I upgraded to 6.1, my printer does not get its IP from dhcpd
> anymore.
> 
> Printer is a xerox phaser 6022.
> 
> dhcpd gets dhcp requests and reponds to it (I've show packets with
> tcpdump, and here are the logs)

I am seeing this same thing on my core router cluster. It's the
DHCPDISCOVER followed up with DHCPOFFER that never gets a DHCPACK. I
have a single customer with a router made by Hon Hai Precision (I think
it's a Vonage something or other) that will now not get an IP address
after upgrading to 6.1 on Sunday. Everything was working fine with 6.0
up until now.

Bryan



Re: Broken ipsecctl validation in 6.1 ("-n -f " flags) - illegal transform aes-256-gcm

2017-04-18 Thread Bob Jones
>  This is not supported. Look at ipsec.conf(5):

Marc,

That's not quite the point I was making.

The point I was making is that '-n -f" should tell me its not
supported (or a config error or whatever).

I shouldn't have to wait for the nasty surprise awaiting me when I go
"-f" after "-n -f" declares no errors !



Re: softraid mirror & large drives (3T)

2017-04-18 Thread trondd
On Tue, April 18, 2017 8:48 am, Kamil CholewiÅ*ski wrote:
> On Tue, 18 Apr 2017, Jiri B  wrote:
>> On Tue, Apr 18, 2017 at 08:23:56AM -0400, Allan Streib wrote:
>>> Buy a hardware RAID controller.
>>
>> I suppose you wanted to write - 'buy two equal hardware RAID
>> controllers',
>> or how would you be solving problem in broken hw raid controller in
>> cca 10 yrs from now? :-)
>>
>> j.
>
> Redundant machines in isolated failure zones.
>
> <3,K.
>

Woah.  Hold on.  There is a difference between backup and availability.

Copying your data to remote locations is part of backup.  RAID is for
availability (with integritry possibly included) but is not backup.

I initially read the original post as availability but maybe I am wrong. 
What is the desired goal?  What is the usage?  Personal or business?



Re: Broken ipsecctl validation in 6.1 ("-n -f " flags) - illegal transform aes-256-gcm

2017-04-18 Thread Marc Peters
Am 04/18/17 um 14:08 schrieb Bob Jones:
> Hi,
> 
> I have the below in my ipsec.conf :
> ike esp from 198.51.100.0/24 to 10.20.30.0/24 \
> local 198.51.100.15 \
> peer 203.0.113.114 \
> main auth hmac-sha2-512 enc aes-256-gcm group modp8192 lifetime 14400 
> \
^^^
This is not supported. Look at ipsec.conf(5):

   aes-256-gcm 288 bits  [phase 2 only, IKE only]

in main, you can only use aes-256. To use aes-256-gcm, you need an
additional line like

 quick auth hmac-sha2-512 enc aes-256-gcm group modp8192 lifetime 14400


hth,
Marc

> srcid 198.51.100.15 dstid 203.0.113.114 \
> psk “MY_SECRET” \
> tag MY_TAG
> 
> Running "doas ipsecctl -nf /etc/ipsec.conf "  (to validate the config)
> yields no errors.
> 
> But running "doas ipsecctl -f /etc/ipsec.conf "  (to load the config) yields:
> 
> ipsecctl: illegal transform aes-256-gcm
> ipsecctl: failed to add ike rule 0
> 



Re: softraid mirror & large drives (3T)

2017-04-18 Thread Kamil Cholewiński
On Tue, 18 Apr 2017, Jiri B  wrote:
> On Tue, Apr 18, 2017 at 08:23:56AM -0400, Allan Streib wrote:
>> Buy a hardware RAID controller.
>
> I suppose you wanted to write - 'buy two equal hardware RAID controllers',
> or how would you be solving problem in broken hw raid controller in
> cca 10 yrs from now? :-)
>
> j.

Redundant machines in isolated failure zones.

<3,K.



Re: softraid mirror & large drives (3T)

2017-04-18 Thread Jiri B
On Tue, Apr 18, 2017 at 08:23:56AM -0400, Allan Streib wrote:
> Ian Watts  writes:
> 
> > With this much disk space, should I be looking at another way of
> > achieving data redundancy?
> 
> Buy a hardware RAID controller.

I suppose you wanted to write - 'buy two equal hardware RAID controllers',
or how would you be solving problem in broken hw raid controller in
cca 10 yrs from now? :-)

j.



Re: softraid mirror & large drives (3T)

2017-04-18 Thread Allan Streib
Ian Watts  writes:

> With this much disk space, should I be looking at another way of
> achieving data redundancy?

Buy a hardware RAID controller.

Allan



Re: softraid mirror & large drives (3T)

2017-04-18 Thread Nick Holland
On 04/17/17 19:56, Ian Watts wrote:
> Hello,
> 
> I'm planning on replacing an old fileserver that has a single 1T drive 
> with something a little newer having 3T of space.  I have two 3T drives 
> and have installed OpenBSD 6.0 to both as a softraid mirror.  Works well 
> and I simulated a drive failure by shutting it down, removing a drive, 
> and rebooting.  The drive has been re-installed and it is now rebuilding 
> the mirror.  After 17 hours it is 24% complete, so it'll be about three 
> days to complete.  The system is:
> 
> AMD E2-3200 2.40 GHz
> 4G RAM
> 2 x 3T Seagate Barracuda 7200rpm SATA 
> 
> With this much disk space, should I be looking at another way of 
> achieving data redundancy?  The goal is to increase redundancy of the 
> data and the mirror would be periodically backed up to another server in 
> a different building.  My only concern here is the suitability of the 
> softraid mirror for a large filesystem.  I've thought of using the 
> second drive as a backup and rsync'ing it nightly, but then failure of 
> the primary drive would mean more downtime before it's operational 
> again.  A long rebuild time isn't a major problem; just want to make 
> sure I'm not overlooking a more sensible option.
> 
> FWIW, I used the following info to get set up:
> 
> https://www.openbsd.org/faq/faq14.html#softraidDI
> http://openbsd-archive.7691.n7.nabble.com/Large-3TB-HDD-support-td95308.html
> 
> Thanks,
> 
> -- Ian

Keep in mind, it's easy to say and now trivial to buy "3TB disks", and
therefore, it's easy to forget that it is a SNOOTLOAD of data.  Three
days to mirror 3TB isn't out of line for some HW mirroring systems I've
worked with, and much faster than many.

Still...verify that you are running with an ahci(4) controller (sd(4)
disks), not a pciide(4) controller (wd(4) disks) (though at one point, I
don't think it was possible to have wd(4) disks that big, not sure if
that's still true.  And I suspect if you were running wd(4), it might be
weeks, not days).

And yes, when you have a three TB of data and a three day rebuild
period, the possibility of a second disk failure during rebuild is
definitely not zero, so yes, I'd suggest *considering* some alternative
ways to achieve data security.
* Three disk RAID1?  (a REALLY good idea)
* Checksumming "static" files?
* rsync'ing data between stand-alone disks?  (IF you can restrict the
amount of data you have to have rsync look at, you can sync a LOT of
data very quickly)
* "Chunk" (or partition) your data as best you can, so you can mount
blocks of storage Read Only, as "full and unchanging" (note lack of
questionmark -- you want to do this if at all possible) (chunk your
data, but NOT your RAID partitions -- last thing you want to get stuck
doing is remirroring multiple RAID partitions on one disk at the same time!)
* Something else relevant to your situation?

Nick.



Broken ipsecctl validation in 6.1 ("-n -f " flags) - illegal transform aes-256-gcm

2017-04-18 Thread Bob Jones
Hi,

I have the below in my ipsec.conf :
ike esp from 198.51.100.0/24 to 10.20.30.0/24 \
local 198.51.100.15 \
peer 203.0.113.114 \
main auth hmac-sha2-512 enc aes-256-gcm group modp8192 lifetime 14400 \
srcid 198.51.100.15 dstid 203.0.113.114 \
psk “MY_SECRET” \
tag MY_TAG

Running "doas ipsecctl -nf /etc/ipsec.conf "  (to validate the config)
yields no errors.

But running "doas ipsecctl -f /etc/ipsec.conf "  (to load the config) yields:

ipsecctl: illegal transform aes-256-gcm
ipsecctl: failed to add ike rule 0



vmd memory bigger 2G

2017-04-18 Thread Jan Lambertz
yes. daemon should be the one.

daemon:\
:ignorenologin:\
:datasize=infinity:\
:maxproc=infinity:\
:openfiles-max=1024:\
:openfiles-cur=128:\
:stacksize-cur=8M:\
:localcipher=blowfish,a:\
:tc=default:



ipsec ... again

2017-04-18 Thread Markus Rosjat

Hi there,

since my attempt with ikev2 failed I thought I go back to ikev1 but it 
seems since the last time I used it something has changed with that too.


I simply try to set up a site to site tunnel with a PSK

here is the ipsec.conf on the openbsd machine

ike from {10.10.10.0/24} to 10.10.15.0/24 \
  main auth hmac-sha1 enc blowfish group modp1024\
  quick auth hmac-sha1 enc blowfish group modp1024\
  psk "my_psk"

and here is the pf.conf

### define networks ##
tun_in="10.10.15.0/24"
tun_end="{10.10.10.0/24}"

# simple ipsec
pass in proto { esp ah } to ($ext_if)
pass in on $ext_if proto udp from any to port {500 4500} keep state

pass in on enc0 proto ipencap
pass in on enc0 from {$tun_in} to $tun_end

pass out proto {esp ah}
pass out on enc0 from $tun_end to {$tun_in}

this works at least for a openbsd 5.6 and a srewsoft client (this is 
basically my other endpoint).


with this setup Im not able to connect to a openBSD 6.1 and the logs 
don't show anything helpfull


so the question is where do I need to do the rewriting and is there some 
example beside the ipsec.conf in /etc/examples ?


Regards

--
Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before 
you print it, think about your responsibility and commitment to the 
ENVIRONMENT




Attempting to carpdev lo interface causes panic

2017-04-18 Thread Bob Jones
HI,

Ok, yes, I know, I'm probably stupid for even trying to do it (I was
curious, sorry !)  but surely CARP should be able to handle this more
gracefully !

The following commands :

ifconfig lo1 192.168.2.2/24
ifconfig carp1 192.168.2.1/24 carpdev lo1 vhid 2


On OpenBSD 6.1 causes the below pretty much immediately after you hit
the enter key :

carp1: state transition: BACKUP -> MASTER
panic: attempt to execute user address 0x0 in supervisor mode
Starting stack trace...
panic() at panic+0x10b
trap() at trap+0x7dd
--- trap (number 6) ---
acpi_s3_vector_real() at 0
ifq_serialize() at ifq_serialize+0xdf
if_enqueue() at if_enqueue+0x82
carp_start() at carp_start+0x88
if_qstart_compat() at if_qstart_compat+0x2f
ifq_serialize() at ifq_serialize+0xdf
if_enqueue() at if_enqueue+0x82
ether_output() at ether_output+0x1c6
carp_output() at carp_output+0x82
ip_output() at ip_output+0x7e3
carp_send_ad() at carp_send_ad+0x32b
carp_master_down() at carp_master_down+0x7b
carp_timer_down() at carp_timer_down+0x27
timeout_run() at timeout_run+0x48
softclock_thread() at softclock_thread+0xcb
end trace frame: 0x0, count: 240
End of stack trace.



vmd memory bigger 2G

2017-04-18 Thread Jan Lambertz
right now i can succesfully run vms with memory of 2G. Anything above
will bring following error:

vmd_configure: not creating vm vm1.virt.net (disabled)
vmd_configure: not creating vm vm2.virt.net (disabled)
vmd_configure: not creating vm vm3.virt.net (disabled)
vmd_configure: not creating vm vm4.virt.net (disabled)
vmd_configure: not creating vm vm5.virt.net (disabled)
vm_opentty: vm vm4.virt.net tty /dev/ttypf uid 0 gid 4 mode 620
vm4.virt.net: create vmm ioctl failed - exiting: Invalid argument
vm4.virt.net: failed to start vm: No such file or directory

vm.conf is
vm "vm4.virt.net" {
disable
memory 6G
disk "/home/jan/virt/4/img0.raw"
interface { switch "inner"
lladdr "fe:e1:ba:d6:bf:ef" }
}


openbsd 6.1 should be able to run guests with more than 2G ?!
Did i miss something ?


$ dmesg | head
OpenBSD 6.1-current (GENERIC.MP) #67: Mon Apr 17 15:22:46 MDT 2017


dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

   real mem = 8243118080 (7861MB)
avail mem = 7988613120 (7618MB)



Re: flaky network connection after 6.1 upgrade

2017-04-18 Thread Stefan Sperling
On Tue, Apr 18, 2017 at 01:15:38AM -0500, Colton Lewis wrote:
> I tried channels 2, 5, and 10 with no better luck.
> 
> Could you explain what made you think interference?
> My computer and AP have been in their current spots for months with no
> issue, and no new sources of come around
> to the best of my knowledge. I had no networking trouble with 6.0 and
> booting Linux from a CD is likewise without issue.
> 
> My BSD system will fail to ping my AP with "sendmsg: Host is down",
> yet I can bring a laptop to that same chair
> and have no problem.

Can you show me a dmesg please, specifically the lines which are
related to your wifi card?



6.1 dhcpd

2017-04-18 Thread Bastien Durel
Hello,

Since I upgraded to 6.1, my printer does not get its IP from dhcpd
anymore.

Printer is a xerox phaser 6022.

dhcpd gets dhcp requests and reponds to it (I've show packets with
tcpdump, and here are the logs)
Apr 16 10:26:52 fremen.geekwu.org dhcpd[77052]: DHCPOFFER on 10.42.0.49 to 
9c:93:4e:4e:c2:b1 via em0
Apr 16 10:26:52 fremen.geekwu.org dhcpd[77052]: DHCPDISCOVER from 
9c:93:4e:4e:c2:b1 via em0
Apr 16 10:26:52 fremen.geekwu.org dhcpd[77052]: DHCPOFFER on 10.42.0.49 to 
9c:93:4e:4e:c2:b1 via em0
Apr 16 10:26:58 fremen.geekwu.org dhcpd[77052]: DHCPDISCOVER from 
9c:93:4e:4e:c2:b1 via em0
Apr 16 10:26:58 fremen.geekwu.org dhcpd[77052]: DHCPOFFER on 10.42.0.49 to 
9c:93:4e:4e:c2:b1 via em0
Apr 16 10:26:58 fremen.geekwu.org dhcpd[77052]: DHCPDISCOVER from 
9c:93:4e:4e:c2:b1 via em0
Apr 16 10:26:58 fremen.geekwu.org dhcpd[77052]: DHCPOFFER on 10.42.0.49 to 
9c:93:4e:4e:c2:b1 via em0

I've connected the printer to a linux laptop with dhcpd, and it got the
address it recieved from it.

Here is the openbsd tcpdump trace :
https://corrin.geekwu.org/owncloud/index.php/s/WTctL2t2muP7FFR

And here is the Linux tcpdump trace :
https://corrin.geekwu.org/owncloud/index.php/s/5d5ohkKDPzHLA83

Do you know what change may have introduce this ?

Thanks,

OpenBSD 6.1 (GENERIC.MP) #20: Sat Apr  1 13:45:56 MDT 2017
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 519962624 (495MB)
avail mem = 499585024 (476MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0
acpi at bios0 not configured
mpbios0 at bios0: Intel MP Specification 1.4
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Genuine Intel(R) CPU @ 600MHz, 600.08 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF,PERF,SENSOR
cpu0: 512KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 100MHz
cpu0: mwait min=64, max=64, C-substates=0.2.2.0.2.0.3, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Genuine Intel(R) CPU @ 600MHz, 600.00 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF,PERF,SENSOR
cpu1: 512KB 64b/line 8-way L2 cache
cpu1: smt 1, core 0, package 0
mpbios0: bus 0 is type PCI   
mpbios0: bus 64 is type ISA   
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 20, 24 pins
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 vendor "Intel", unknown product 0x4115 rev 0x05
pchb1 at pci0 dev 1 function 0 "Intel E600 Config" rev 0x00
ppb0 at pci0 dev 23 function 0 "Intel E600 PCIE" rev 0x00
pci1 at ppb0 bus 1
ppb1 at pci1 dev 0 function 0 "Intel EG20T PCIE" rev 0x01
pci2 at ppb1 bus 2
"Intel EG20T Packet Hub" rev 0x01 at pci2 dev 0 function 0 not configured
"Intel EG20T Ethernet" rev 0x02 at pci2 dev 0 function 1 not configured
"Intel EG20T GPIO" rev 0x01 at pci2 dev 0 function 2 not configured
ohci0 at pci2 dev 2 function 0 "Intel EG20T USB" rev 0x02: apic 0 int 19, 
version 1.0
ohci1 at pci2 dev 2 function 1 "Intel EG20T USB" rev 0x02: apic 0 int 19, 
version 1.0
ohci2 at pci2 dev 2 function 2 "Intel EG20T USB" rev 0x02: apic 0 int 19, 
version 1.0
ehci0 at pci2 dev 2 function 3 "Intel EG20T USB" rev 0x02: apic 0 int 19
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 
addr 1
"Intel EG20T USB Client" rev 0x02 at pci2 dev 2 function 4 not configured
sdhc0 at pci2 dev 4 function 0 "Intel EG20T SDIO" rev 0x01: apic 0 int 18
sdhc0: SDHC 1.0, 50 MHz base clock
sdmmc0 at sdhc0: 4-bit, sd high-speed, mmc high-speed
sdhc1 at pci2 dev 4 function 1 "Intel EG20T SDIO" rev 0x01: apic 0 int 18
sdhc1: SDHC 1.0, 50 MHz base clock
sdmmc1 at sdhc1: 4-bit, sd high-speed, mmc high-speed
ahci0 at pci2 dev 6 function 0 "Intel EG20T AHCI" rev 0x02: msi, AHCI 1.1
ahci0: port 0: 3.0Gb/s
scsibus1 at ahci0: 32 targets
sd0 at scsibus1 targ 0 lun 0:  SCSI3 0/direct 
fixed naa.50026b7253081a83
sd0: 28626MB, 512 bytes/sector, 58626288 sectors, thin
ohci3 at pci2 dev 8 function 0 "Intel EG20T USB" rev 0x02: apic 0 int 16, 
version 1.0
ohci4 at pci2 dev 8 function 1 "Intel EG20T USB" rev 0x02: apic 0 int 16, 
version 1.0
ohci5 at pci2 dev 8 function 2 "Intel EG20T USB" rev 0x02: apic 0 int 16, 
version 1.0
ehci1 at pci2 dev 8 function 3 "Intel EG20T USB" rev 0x02: apic 0 int 16
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 
addr 1
"Intel EG20T DMA" rev 0x00 at pci2 dev 10 function 0 not configured
puc0 at pci2 dev 10 function 1 "Intel EG20T Serial" rev 0x01: ports: 1 com
com4 at puc0 port 0 apic 0 int 19: ti16750, 64 byte fifo
puc1 at pci2 dev 10 function 2 "Intel 

Re: Does CARP need Layer 2 ?

2017-04-18 Thread Bob Jones
> off the top of my head, you have two paths you could take.
>
> firstly, you could advertise the vpn service as the same ip addresses bound 
> to loopback (lo(4)) interfaces on each of the hosts. ie, a cheap and cheerful 
> anycast setup. bgp as your routing protocol should work well for this if 
> you're interested in an active/passive setup.
>
> the second option could be to set up a l2 medium between your hosts, 
> specifically, you can set up etherip tunnels between them and land your carp 
> interface on that.
>
> just some ideas.


Interesting ideas, thanks !  Especially the first one, I had no idea
VPNs would work over anycast, I thought anycast could only be used for
stateless stuff like DNS.



Re: OpenBSD on HPE DL20 G9

2017-04-18 Thread BARDOU Pierre
Hello,

Unfortunately, I don't have this server any more : as it didn't worked I sent 
it back to HP.
But thanks for the info, the trick may be useful for other servers.

--
Cordialement,
Pierre BARDOU


-Message d'origine-
De : Naoki Fukaumi [mailto:fuka...@soum.co.jp] 
Envoyé : lundi 17 avril 2017 09:13
À : BARDOU Pierre 
Cc : misc@openbsd.org
Objet : Re: OpenBSD on HPE DL20 G9

hi,

From: BARDOU Pierre 
Subject: OpenBSD on HPE DL20 G9
Date: Mon, 10 Oct 2016 15:12:04 +

> I have a brand new HPE DL20 G9, on which I am trying to boot OpenBSD 
> (version 6.0).
> 
> 1s try : UEFI. The boot loader does its work, and then the screen 
> remains blank.
> I can't see any line with blue background.
> I tried to see what happend via console, but there is no serial port 
> on these little beasts :(

Can you try to disable "UEFI Optimized Boot"?

 
http://h20565.www2.hpe.com/hpsc/doc/public/display?sp4ts.oid=7481826=mmr_kc-0123842=en_US

It works for me.

# I have no idea why it works...

Best Regards,

--
FUKAUMI Naoki



httpd and my misunderstanding of user/group permissions

2017-04-18 Thread Thanos Tsouanas
I am running httpd(8) to serve some sites, and I have setup groups like so:

www: only has www in it
webdevels: has www and users who have access to at least one domain

under /var/www/sites, there is a per-domain directory that holds that
domain's website:

/var/www/sites/domain1
/var/www/sites/domain2
/var/www/sites/domain3

For each such directory there's a separate group, and select users
belong to that group, but the user www belongs to all of them.
The idea is that each webdevel should have read/write access to their
own domain, but no access whatsoever to the other domains, while the
user www should be able to access all of them.

/var/www/sites is mod 750, owner: root, group: webdevels

When I run httpd I see that it's run as www but:

The webserver cannot access any files under /var/www/sites.
If I chmod the directory to 755, it does.
If I chgrp the directory to www, it does.

How can a process (httpd in this case) that runs as certain user (www in
this case) lose/gain access just by chgrp'ing a directory to a different
group, given that its user belongs to both?
(I thought that this was not possible; hence the subject.)

Following a discussion on #openbsd, it seems that httpd forces itself to
"drop" priveledges to a process that runs as user www but belonging only
to the www group, ignoring any other groups that the user www belongs to.

Why is this so?  Nginx seems to be doing the same thing, so I guess
there is something to gain.  Can someone shed some light?

Thanks!


P.S. In case someone's wondering, it's not a question of "changes taking
effect after the next login", I've even rebooted various times ever
since I've modified my users and groups the way I described above.

-- 
Thanos
http://www.tsouanas.org/



Re: flaky network connection after 6.1 upgrade

2017-04-18 Thread Colton Lewis
I tried channels 2, 5, and 10 with no better luck.

Could you explain what made you think interference?
My computer and AP have been in their current spots for months with no
issue, and no new sources of come around
to the best of my knowledge. I had no networking trouble with 6.0 and
booting Linux from a CD is likewise without issue.

My BSD system will fail to ping my AP with "sendmsg: Host is down",
yet I can bring a laptop to that same chair
and have no problem.


On Mon, Apr 17, 2017 at 2:35 AM, Stefan Sperling  wrote:
> On Sun, Apr 16, 2017 at 05:31:58PM -0500, Colton Lewis wrote:
>> Stephan,
>>
>> > I would guess you are running into some issue with 802.11n support which
>> > was added to this driver in 6.1. You should be able to restore the previous
>> > behaviour with: ifconfig athn0 mode 11g
>>
>> Your hunch was almost right. 11g had the same problem, but 11b worked
>> as expected.
>
> Looks like too much interference from other networks (try a different channel)
> or too large distance from the AP.
>
>> Attached is the info you asked for.
>> 17:05:52.707822 802.11 flags=0<>: beacon, 
>> caps=12021, ssid (Stormlord), 
>> rates 1M* 2M* 5M 11M 18M 24M 36M 54M, ds (chan 9), tim 0x0102, erp 0x04, 
>> xrates 6M 9M 12M 48M, rsn 0x010fac04010fac04010fac020c00, 6 
>> stations, 4% utilization, admission capacity 0us/s, 70:5 0x320801, 
>> htcaps=<20MHz,LDPC,SGI@20MHz,TXSTBC,RXSTBC 1 stream,A-MSDU 7935,A-MPDU max 
>> 65535,A-MPDU spacing 4.00us,RxMCS 0xff00>, htop=<20MHz chan 
>> 9,STA chanw 20MHz,RIFS,htprot none,non-greenfield STA,basic MCS set 
>> 0x>, 74:14 0x14000a002c01c800140005001900, 127:8 
>> 0x05000840, vendor 0x00146c00, vendor 
>> 0x0050f204104a0001101044000102104700102a1ecc3b122c82e30b19d406361deb33103c0001031049000600372a000120,
>>  vendor 0x00904c0408bf0cb259820feaffeaffc005000900c3020002, 
>> vendor 0x0010180206001c, vendor 
>> 0x0050f2020101880003a427a44243bc0062326600, > chan 9, 11n, sig 13dBm, antenna 1>
>> athn0: flags=8843 mtu 1500
>>   lladdr 00:15:af:cd:f2:4f
>>   index 2 priority 4 llprio 3
>>   groups: wlan egress
>>   media: IEEE802.11 autoselect (HT-MCS1 mode 11n)
>>   status: active
>>   ieee80211: nwid Stormlord chan 9 bssid 10:da:43:96:15:6d -13dBm wpakey 
>>  wpaprotos wpa2 wpaakms psk wpaciphers ccmp wpagroupcipher 
>> ccmp
>>   inet 192.168.1.17 netmask 0xff00 broadcast 192.168.1.255
>>   nwid Stormlord chan 9 bssid 10:da:43:96:15:6d -13dBm HT-MCS23 
>> privacy,short_slottime,radio_measurement,wpa2
>>   inet 192.168.1.17 netmask 0xff00 broadcast 192.168.1.255
>>