Re: kqueue
On Tue, Apr 18, 2017 at 9:40 AM, Friedrich Lockewrote: > just started to play winth kqueue and i wonder what happens if i request to > add n events to the queue there is memory only for a subset of the events. > Will the subset be added or the whole operation will fail ? The former. Changes in the changelist are applied in order and are not 'unwound' if a later change can't be made. Indeed, if nevents > 0 then failure to perform a particular change will be reported via the eventlist and it'll continue to apply later changes in the list until it either reaches the end of the changelist or has no space in the eventlist to report an error. In the last case (no space to report a change error) it'll stop processing changelist entries and report the error by returning -1 with the error in errno. Philip Guenther
Re: Is randomizing UID/GUID would make sense?
On Tue, Apr 18, 2017 at 10:12 PM,wrote: ... > Yes, it may be "standards mandated" in some cases (r1.39, bin/ksh/var.c) or > used by 60 pieces of software, but why would software require a PRNG to be > deterministic? > > That is my question, not "what apps and standards need it?" but "what usage > cases require it, and can this be replaced with a deterministic PRNG?" The classic case is code that wants to offer the ability to reproduce the sequence, so that the state *before* some interesting state can be examined. For example, fuzzers often report the seed that generated a crash, so you can reenter it and walk the target program into the crash step by step. If a program offers a "set the seed" option then that's a huge hint. If you think that option doesn't make sense for some program then that's a concern to take to the developer *of that program*... For a broader answer to the "why?", take a look at the patches under /usr/ports/ which add uses of the *_deterministic() calls. Some OpenBSD dev in the past judged that that port wanted it and may have recorded why they thought so in the patch or the commit message of the patch. Lacking that, go look at the ports' sources and see what might indicate that. Philip Guenther
Re: Is randomizing UID/GUID would make sense?
An idiot whose question lacks clarity. My apologies. Of course software uses it. What I was trying to ask was *why* would software actually nee a deterministic PRNG, rather than "what software uses it." In other words, what will break if the PRNG was non-deterministic? Yes, it may be "standards mandated" in some cases (r1.39, bin/ksh/var.c) or used by 60 pieces of software, but why would software require a PRNG to be deterministic? That is my question, not "what apps and standards need it?" but "what usage cases require it, and can this be replaced with a deterministic PRNG?" On Mon, 17 Apr 2017 23:30:04 -0600 "Theo de Raadt"wrote: > It's really unfortunate that we aren't running an open source project > and making available all the source for the tool called grep. > > So that it can be studied, rather than questioned by an idiot > uninterested in the exercise of selflearning. > > Maybe those source files even have commit logs - even better PUBLIC > COMMIT LOGS - which might explain the rationale! No, that's unlikely. > > So let's just yak about it, right? > > Rest of your email deleted because what's the point
Re: flaky network connection after 6.1 upgrade
> Can you show me a dmesg please, specifically the lines which are > related to your wifi card? athn0 at pci6 dev 0 function 0 "Atheros AR9281" rev 0x01: apic 8 int 17 athn0: AR9280 rev 2 (1T2R), ROM rev 11, address 00:15:af:cd:f2:4f
kqueue
I suspect that you will sooner run out of file descriptors. but I assume that if it runs into a problem, kevent() will return -1 and it may be unrecoverable. I suspect that it would first occur because the kernel is being overutilized. The information that is being created, I suspect, is being stored in the kernel. I may look into the source code and try to find out. You'd probably have to edit /etc/login.conf as root to allow enough file descriptors to be spawned in the first place. But maybe you could do it with EVFILT_TIMER calls, as they don't require a file descriptor as an 'ident'. I suspect that the whole kqueue is flushed if you exceed a specific level.
Re: GUI desktop autologin options
Also, check the man page for the new XenoDM in base. It appears to offer autologin via Xresources. I haven't gotten myself familiarized with it yet, but I'd recommend looking at that before installing a third party display manager if you want to be dropped straight into a user session on boot. On Tue, Apr 18, 2017 at 11:12 PM, Ax0nwrote: > I'm using slim as the Display Manager on 6.1-RELEASE on my main laptop, > with Lumina for the time being as my DE. I just added the following to the > end of /etc/slim.conf and it does auto-login for me. Frustratingly, "log > out" immediately logs me back in instead of prompting. If you're okay with > that, then give it a go. > > auto_login yes > default_useraxon > > Slim obeys the .xsession script for whatever Desktop Environment or Window > Manager you've chosen, or you can adjust the default sessions in slim.conf > as well. Both my .xsession and .xinitrc contain this line that starts up > Lumina. > > exec start-lumina-desktop > > Cheers > > On Tue, Apr 18, 2017 at 10:44 PM, Sha'ul wrote: > >> I'm trying to figure how setup an auto login from boot to some kind of GUI >> desktop interface. What are my options? I'm not interested in Gnome 3, but >> I will use anything else like Lumina, KDE, XFCE, etc. as long as it can >> load straight into desktop environment when I turn on computer. Which >> ones, besides Gnome 3, support autologin? >> >> >
Re: GUI desktop autologin options
I'm using slim as the Display Manager on 6.1-RELEASE on my main laptop, with Lumina for the time being as my DE. I just added the following to the end of /etc/slim.conf and it does auto-login for me. Frustratingly, "log out" immediately logs me back in instead of prompting. If you're okay with that, then give it a go. auto_login yes default_useraxon Slim obeys the .xsession script for whatever Desktop Environment or Window Manager you've chosen, or you can adjust the default sessions in slim.conf as well. Both my .xsession and .xinitrc contain this line that starts up Lumina. exec start-lumina-desktop Cheers On Tue, Apr 18, 2017 at 10:44 PM, Sha'ulwrote: > I'm trying to figure how setup an auto login from boot to some kind of GUI > desktop interface. What are my options? I'm not interested in Gnome 3, but > I will use anything else like Lumina, KDE, XFCE, etc. as long as it can > load straight into desktop environment when I turn on computer. Which > ones, besides Gnome 3, support autologin? > >
GUI desktop autologin options
I'm trying to figure how setup an auto login from boot to some kind of GUI desktop interface. What are my options? I'm not interested in Gnome 3, but I will use anything else like Lumina, KDE, XFCE, etc. as long as it can load straight into desktop environment when I turn on computer. Which ones, besides Gnome 3, support autologin?
Sites in firefox stop loading with "out of memory" in console
Ultimately some sites opened with Firefox 52 stop loading with "out of memory" in console. Two ofenders are https://app.wire.com and https://www.protonmail.com/login, and both seem related to asm.js. Note that Firefox doesn't crash, but the sites beeing loaded just stop being loaded, and the F12 console notifies the error (console messages below). This occurred also with the previous 51 version but not with firefox-esr 45. Chrome works OK. I already tweaked /etc/login.conf and the relevant part is: staff:\ :datasize-cur=4096M:\ :datasize-max=infinity:\ :stacksize-cur=32M:\ :maxproc-max=512:\ :maxproc-cur=256:\ :ignorenologin:\ :requirehome@:\ :tc=default: I tried to ktrace the process opening the ProtonMail login site. Two "out of memory" messages in console corresponding to two "mmap -1 errno 12 Cannot allocate memory". $ kdump -f ktrace.out | fgrep -C25 memory 24760 firefox CALL __thrsleep(0x1670c8e82e38,CLOCK_REALTIME,0,0x1670f79ede80,0x1670c8e82f04) 24760 firefox RET __thrsleep 0 24760 firefox CALL clock_gettime(CLOCK_MONOTONIC,0x7f7e44d8) 24760 firefox STRU struct timespec { 44565.727442111 } 24760 firefox RET clock_gettime 0 24760 firefox CALL mprotect(0x298015817000,0x1000,0x3) 24760 firefox RET mprotect 0 24760 firefox CALL mprotect(0x298015817000,0x1000,0x5 ) 24760 firefox RET mprotect 0 24760 firefox CALL mmap(0,0x8000,0x3 ,0x1002 ,-1,0) 24760 firefox RET mmap 24673942310912/0x1670d9911000 24760 firefox CALL mmap(0,0x8000,0x3 ,0x1002 ,-1,0) 24760 firefox RET mmap 24673866743808/0x1670d510 24760 firefox CALL mmap(0,0x8000,0x3 ,0x1002 ,-1,0) 24760 firefox RET mmap 24676063653888/0x167158023000 24760 firefox CALL mmap(0,0x8000,0x3 ,0x1002 ,-1,0) 24760 firefox RET mmap 24674684030976/0x167105c6d000 24760 firefox CALL mmap(0,0x8000,0x3 ,0x1002 ,-1,0) 24760 firefox RET mmap 24674885947392/0x167111cfd000 24760 firefox CALL mmap(0,0x8000,0x3 ,0x1002 ,-1,0) 24760 firefox RET mmap 24676806189056/0x167184446000 24760 firefox CALL __thrwakeup(0x16716c7eba38,1) 24760 firefox RET __thrwakeup 0 24760 firefox RET __thrsleep 0 24760 firefox CALL mmap(0,0x180011000,0,0x1002 ,-1,0) 24760 firefox RET mmap -1 errno 12 Cannot allocate memory 24760 firefox CALL gettimeofday(0x7f7e4568,0) 24760 firefox STRU struct timeval { 1492564136<"Apr 18 22:08:56 2017">.731298 } 24760 firefox RET gettimeofday 0 24760 firefox CALL mmap(0,0x8000,0x3 ,0x1002 ,-1,0) 24760 firefox RET mmap 24675854073856/0x16714b844000 24760 firefox CALL clock_gettime(CLOCK_MONOTONIC,0x7f7ea918) 24760 firefox STRU struct timespec { 44565.728584189 } 24760 firefox RET clock_gettime 0 24760 firefox CALL gettimeofday(0x7f7ea910,0) 24760 firefox STRU struct timeval { 1492564136<"Apr 18 22:08:56 2017">.731404 } 24760 firefox RET gettimeofday 0 24760 firefox CALL gettimeofday(0x7f7ea6b8,0) 24760 firefox STRU struct timeval { 1492564136<"Apr 18 22:08:56 2017">.731623 } 24760 firefox RET gettimeofday 0 24760 firefox CALL gettimeofday(0x7f7eabd0,0) 24760 firefox STRU struct timeval { 1492564136<"Apr 18 22:08:56 2017">.731640 } 24760 firefox RET gettimeofday 0 24760 firefox CALL clock_gettime(CLOCK_MONOTONIC,0x7f7eac68) 24760 firefox STRU struct timespec { 44565.728985299 } 24760 firefox RET clock_gettime 0 24760 firefox CALL gettimeofday(0x7f7eac60,0) 24760 firefox STRU struct timeval { 1492564136<"Apr 18 22:08:56 2017">.731808 } 24760 firefox CALL mmap(0,0x8000,0x3 ,0x1002 ,-1,0) 24760 firefox RET gettimeofday 0 24760 firefox RET mmap 24673649692672/0x1670c8201000 -- 24760 firefox CALL mprotect(0x2980158a,0x1000,0x5 ) 24760 firefox RET mprotect 0 24760 firefox CALL mmap(0,0x11000,0x3 ,0x1002 ,-1,0) 24760 firefox RET mmap 24673836089344/0x1670d33c4000 24760 firefox CALL mprotect(0x2980158a,0x1000,0x3 ) 24760 firefox RET mprotect 0 24760 firefox CALL mprotect(0x2980158a,0x1000,0x5 ) 24760 firefox RET mprotect 0 24760 firefox CALL mprotect(0x2980158a,0x1000,0x3 ) 24760 firefox RET mprotect 0 24760 firefox CALL mprotect(0x2980158a,0x1000,0x5 ) 24760 firefox RET mprotect 0 24760 firefox CALL mprotect(0x2980158a,0x1000,0x3 ) 24760 firefox RET mprotect 0 24760 firefox CALL
Re: [vmm] SSL read error: read failed: error:06FFF064:digital envelope routines:CRYPTO_internal:bad decrypt
On 2017-04-18 21:16, Stuart Henderson wrote: On 2017-04-18, Jan Lambertzwrote: I had similar issues, mostly with crypto things in vmd. Can this happen because we get out of entropy? Run "ftp -o- https://www.gov.uk/ > /dev/random" from time to time, you won't run out of entropy ever :) (OpenBSD doesn't do the "run out of entropy" thing anyway). I have no evidence yet, but i will test things tomorrow. Mike knows about the problem and has an idea where to look. I think, at this point, if he needs more information he'll let us know. Is there even any indication that this is not just either due to broken CPU/RAM, or the TCP networking stack letting through broken packets due to collissions in its 16-bit checksums (i.e. a packet breaks but still matches the checksum and hence is received by httpd+libssl)?
Re: [vmm] SSL read error: read failed: error:06FFF064:digital envelope routines:CRYPTO_internal:bad decrypt
>On 2017-04-17, David Coppawrote: >> On Sun, Apr 16, 2017 at 11:17 AM, Paul Chakravarti wrote: >>> Hello, >>> >>> I am trying out vmm on 6.1 and can setup/boot vm etc. however when I try to >>> download a large file using SSL I consistenetly get the following error: >>> SSL read error: read failed: error:06FFF064:digital envelope >>> routines:CRYPTO_internal:bad decrypt >>> >>> This occasionally (but not always) correlates with the following message in >>> the vmd log: >>> vionet queue notify - no space, dropping packet >>> >>> Strangely non-SSL and smaller SSL downloads seem to work ok (see below). >>> >>> Originally spotted this using installer but can recreate from shell. >>> >>> Any ideas? >> >> See http://marc.info/?l=openbsd-misc=148858752003261 >> >> It's a known problem. > >I've seen corruption with non-SSL network transfers too. It's just more >obvious with SSL because in that case the session gets killed, whereas >otherwise the corrupt input is silently accepsilently accepted. > It does seem more prevalent with SSL transfers - the SHA256s of the files transferred vis http are correct (over several transfers) while there is always an always an error on the https transfers from the same site. Interestingly the problem only seems to come up on 'fast' connections - possibly something CPU related (cpu load exacerbated by SSL?). I'm still not sure why the TCP layer doesn't sort out the dropped packets though. # ftp -Vo- https://ftp.openbsd.org/pub/OpenBSD/6.1/amd64/bsd | sha256 440311305f27f0efcfcc88116299a21cb3f890fb91ee611c2a79cc9163e8fceb # # # ftp -Vo- https://mirrorservice.org/pub/OpenBSD/6.1/amd64/bsd | sha256 ftp: SSL read error: read failed: error:06FFF064:digital envelope routines:CRYPTO_internal:bad decrypt
Re: [vmm] SSL read error: read failed: error:06FFF064:digital envelope routines:CRYPTO_internal:bad decrypt
On 2017-04-18, Jan Lambertzwrote: > I had similar issues, mostly with crypto things in vmd. Can this happen > because we get out of entropy? Run "ftp -o- https://www.gov.uk/ > /dev/random" from time to time, you won't run out of entropy ever :) (OpenBSD doesn't do the "run out of entropy" thing anyway). > I have no evidence yet, but i will test things tomorrow. Mike knows about the problem and has an idea where to look. I think, at this point, if he needs more information he'll let us know.
[vmm] SSL read error: read failed: error:06FFF064:digital envelope routines:CRYPTO_internal:bad decrypt
I had similar issues, mostly with crypto things in vmd. Can this happen because we get out of entropy? I have no evidence yet, but i will test things tomorrow.
Running Debian in vmd - succes
That sounds great. Hopefully the grub Problem can be fixed too. My vms did not work with grub over serial even with a working grub.cfg for serial use.
Re: Running Debian in vmd - succes
On Tue, Apr 18, 2017 at 05:45:16PM +0200, Jan Lambertz wrote: > My process is this: > > Install Debian with qemu to a raw disk file > Boot Debian > apt install extlinux > Install extlinux to /Boot > Create extlinux cfg > Write extlinux mbr > Shutdown qemu vm > Put raw disk into vmd vm > Boot vmd vm > Habe fun > > All extlinux steps can be found via Google,manpages etc. I can post a > working config tomorrow when i am back in office We are working on adding sgabios as an additional payload, so that you can interact directly with OS install media without having to use qemu to bootstrap the install process. This, however, missed 6.1. Then you just boot the install media with the VM disk as a second disk, and install. This should arrive in the fairly near-term, hopefully. -ml
Modulate state now fails with OpenBSD 6.1
Hi I have had this rule for some time without issues. But since the upgrade from OpenBSD 6.0 to 6.1 yesterday I have had issues. Today when I sniffed incoming traffic on port 80 on my FW internet interface, the firewall did no longer send it out on my dmz1 to the web server. After removing “modulate state” that I have had for a while without issues it started to work again. So… After changing... pass in log quick on $INTERNET_INT inet proto tcp from any to $DMZ1_DAEDALUS port { 80 443 } label "webstats:$dstport" flags S/SAFR modulate state (max-src-nodes 90, max-src-states 150, max-src-conn 150, max-src-conn-rate 250/30, overload flush global) to pass in log quick on $INTERNET_INT inet proto tcp from any to $DMZ1_DAEDALUS port { 80 443 } label "webstats:$dstport" flags S/SAFR keep state (max-src-nodes 90, max-src-states 150, max-src-conn 150, max-src-conn-rate 250/30, overload flush global) it now works again If someone can answer, Please enlighten me why this happens now and not before the upgrade. Regards Peo
Re: softraid mirror & large drives (3T)
On Tue, Apr 18, 2017 at 7:02 PM, Ian Wattswrote: > Thanks for the feedback, Karel, Allan, and Kamil. The motivation is > long-term data storage reliability. For example, my wife creates > graphical books, which involves large files, plus other work and > personal files. > so kind of SOHO NAS? > Having a mirror is not terribly important, so doing a nightly sync to > another machine is possible. IMHO mirror is a nice to have and if you combine this with rsync to backup in case of any changes, then even better. > Since it's been mentioned, what SATA RAID controller cards are > recommended for OpenBSD on i386? I wonder if they would fit my budget. Not in SATA RAID business, rather prefer simple HBA + softraid/ZFS (not on OpenBSD) and since I'm using only SR-RAID1, then board's number of SATA connectors is usually good enough. But using i386/openbsd on AMD E2-3200 is IMHO pure waste of precious CPU resources you do have at your disposal. I'd recommend to go with amd64/openbsd on this. > Has the "supported hardware" page been removed from the openbsd.org I would start with man mpi/mpii/ami or so... Karel
Re: softraid mirror & large drives (3T)
Thanks for the feedback, Karel, Allan, and Kamil. The motivation is long-term data storage reliability. For example, my wife creates graphical books, which involves large files, plus other work and personal files. Having a mirror is not terribly important, so doing a nightly sync to another machine is possible. Since it's been mentioned, what SATA RAID controller cards are recommended for OpenBSD on i386? I wonder if they would fit my budget. Has the "supported hardware" page been removed from the openbsd.org website? I only found such a page here: http://openbsd.das.ufsc.br/i386.html#hardware Thanks, -- Ian P.S., Karel, many Americans confuse loose/lose. :) On Tue, 18 Apr 2017, Karel Gardas wrote: > loose -> lose. Sorry not native English speaker here. > > On Tue, Apr 18, 2017 at 6:09 PM, Karel Gardaswrote: > > How much data can you loose on this mirror? The rebuild time is long > > and the chance of another drive dying is higher during rebuild so I > > would consider either increasing redundancy to 3-way mirror or > > decreasing time between backups. All depending on how much data you > > can loose when something goes wrong. > >
kqueue
Hi folks, just started to play winth kqueue and i wonder what happens if i request to add n events to the queue there is memory only for a subset of the events. Will the subset be added or the whole operation will fail ? Thanks in advance.
Re: softraid mirror & large drives (3T)
loose -> lose. Sorry not native English speaker here. On Tue, Apr 18, 2017 at 6:09 PM, Karel Gardaswrote: > How much data can you loose on this mirror? The rebuild time is long > and the chance of another drive dying is higher during rebuild so I > would consider either increasing redundancy to 3-way mirror or > decreasing time between backups. All depending on how much data you > can loose when something goes wrong.
Re: softraid mirror & large drives (3T)
On Tue, Apr 18, 2017 at 1:56 AM, Ian Wattswrote: > After 17 hours it is 24% complete, so it'll be about three > days to complete. The system is: How much data can you loose on this mirror? The rebuild time is long and the chance of another drive dying is higher during rebuild so I would consider either increasing redundancy to 3-way mirror or decreasing time between backups. All depending on how much data you can loose when something goes wrong.
Running Debian in vmd - succes
My process is this: Install Debian with qemu to a raw disk file Boot Debian apt install extlinux Install extlinux to /Boot Create extlinux cfg Write extlinux mbr Shutdown qemu vm Put raw disk into vmd vm Boot vmd vm Habe fun All extlinux steps can be found via Google,manpages etc. I can post a working config tomorrow when i am back in office
Re: Running Debian in vmd - succes
Hi, Could you explain more the process? or, an url to understand? Le 04/18/17 à 17:09, Jan Lambertz a écrit : > For those who did not already know, vmd can run Linux guests with its > seabios Firmware. However this does not work out of the box for Linux > guests with grub bootloader even with grub serial settings. > > Replacing grub with syslinux/extlinux made my Debian 8.7.1 amd64 run. No > problems so far. This should work for other distros too. > -- ~ " Fully Basic System Distinguish Life! " ~ " Libre as a BSD " +=<<< Stephane HUC as PengouinPdt or CIOTBSD b...@stephane-huc.net signature.asc Description: OpenPGP digital signature
Re: Minor error in strftime man page
Looks like I do. On Tue, Apr 18, 2017 at 8:25 PM, Claus Assmannwrote: > On Tue, Apr 18, 2017, Hrishikesh Muruk wrote: > > > http://man.openbsd.org/man3/strftime.3 > > > The there are two definitions for the %I option > > Nope. Use an editor and search for > %I > and you'll find only one. The other is 'l' (0x6c) > > Maybe you need a better font? >
Re: softraid mirror & large drives (3T)
On 2017-04-18, Allan Streibwrote: > Ian Watts writes: > >> With this much disk space, should I be looking at another way of >> achieving data redundancy? > > Buy a hardware RAID controller. I'd sooner have decent software RAID with disks spread across multiple controllers..
Running Debian in vmd - succes
For those who did not already know, vmd can run Linux guests with its seabios Firmware. However this does not work out of the box for Linux guests with grub bootloader even with grub serial settings. Replacing grub with syslinux/extlinux made my Debian 8.7.1 amd64 run. No problems so far. This should work for other distros too.
Re: Adding default IPv6 route fails on 6.1
On 2017-04-13, Harald Dunkelwrote: > > Hi Sterling, > > On 04/12/17 01:20, Sterling Archer wrote: >> Hello everyone. >> >> After upgrading to 6.1 about an hour ago, I noticed that I didn't have an >> IPv6 connection anymore. >> >> I use dhcpcd over a pppoe session, which worked fine in 6.0-stable. > > > I'd love to see your dhcpcd.conf. Mine is in the pkg-readme.
Re: Minor error in strftime man page
On Tue, Apr 18, 2017, Hrishikesh Muruk wrote: > http://man.openbsd.org/man3/strftime.3 > The there are two definitions for the %I option Nope. Use an editor and search for %I and you'll find only one. The other is 'l' (0x6c) Maybe you need a better font?
Re: Minor error in strftime man page
Hrishikesh Murukwrites: > Minor error in the strftime man page online > > http://man.openbsd.org/man3/strftime.3 > > The there are two definitions for the %I option > > %I is replaced by the hour (12-hour clock) as a decimal number (01-12). > > %l is replaced by the hour (12-hour clock) as a decimal number (1-12); > single digits are preceded by a blank. Look again, those are two different letters. I and l. Try a different font if you can't tell the difference. Allan
Minor error in strftime man page
Minor error in the strftime man page online http://man.openbsd.org/man3/strftime.3 The there are two definitions for the %I option %I is replaced by the hour (12-hour clock) as a decimal number (01-12). %l is replaced by the hour (12-hour clock) as a decimal number (1-12); single digits are preceded by a blank. Hrishi
Re: 6.1 dhcpd
On Tue, Apr 18, 2017 at 11:01:47AM +0200, Bastien Durel wrote: > Since I upgraded to 6.1, my printer does not get its IP from dhcpd > anymore. > > Printer is a xerox phaser 6022. > > dhcpd gets dhcp requests and reponds to it (I've show packets with > tcpdump, and here are the logs) I am seeing this same thing on my core router cluster. It's the DHCPDISCOVER followed up with DHCPOFFER that never gets a DHCPACK. I have a single customer with a router made by Hon Hai Precision (I think it's a Vonage something or other) that will now not get an IP address after upgrading to 6.1 on Sunday. Everything was working fine with 6.0 up until now. Bryan
Re: Broken ipsecctl validation in 6.1 ("-n -f " flags) - illegal transform aes-256-gcm
> This is not supported. Look at ipsec.conf(5): Marc, That's not quite the point I was making. The point I was making is that '-n -f" should tell me its not supported (or a config error or whatever). I shouldn't have to wait for the nasty surprise awaiting me when I go "-f" after "-n -f" declares no errors !
Re: softraid mirror & large drives (3T)
On Tue, April 18, 2017 8:48 am, Kamil CholewiÅ*ski wrote: > On Tue, 18 Apr 2017, Jiri Bwrote: >> On Tue, Apr 18, 2017 at 08:23:56AM -0400, Allan Streib wrote: >>> Buy a hardware RAID controller. >> >> I suppose you wanted to write - 'buy two equal hardware RAID >> controllers', >> or how would you be solving problem in broken hw raid controller in >> cca 10 yrs from now? :-) >> >> j. > > Redundant machines in isolated failure zones. > > <3,K. > Woah. Hold on. There is a difference between backup and availability. Copying your data to remote locations is part of backup. RAID is for availability (with integritry possibly included) but is not backup. I initially read the original post as availability but maybe I am wrong. What is the desired goal? What is the usage? Personal or business?
Re: Broken ipsecctl validation in 6.1 ("-n -f " flags) - illegal transform aes-256-gcm
Am 04/18/17 um 14:08 schrieb Bob Jones: > Hi, > > I have the below in my ipsec.conf : > ike esp from 198.51.100.0/24 to 10.20.30.0/24 \ > local 198.51.100.15 \ > peer 203.0.113.114 \ > main auth hmac-sha2-512 enc aes-256-gcm group modp8192 lifetime 14400 > \ ^^^ This is not supported. Look at ipsec.conf(5): aes-256-gcm 288 bits [phase 2 only, IKE only] in main, you can only use aes-256. To use aes-256-gcm, you need an additional line like quick auth hmac-sha2-512 enc aes-256-gcm group modp8192 lifetime 14400 hth, Marc > srcid 198.51.100.15 dstid 203.0.113.114 \ > psk “MY_SECRET” \ > tag MY_TAG > > Running "doas ipsecctl -nf /etc/ipsec.conf " (to validate the config) > yields no errors. > > But running "doas ipsecctl -f /etc/ipsec.conf " (to load the config) yields: > > ipsecctl: illegal transform aes-256-gcm > ipsecctl: failed to add ike rule 0 >
Re: softraid mirror & large drives (3T)
On Tue, 18 Apr 2017, Jiri Bwrote: > On Tue, Apr 18, 2017 at 08:23:56AM -0400, Allan Streib wrote: >> Buy a hardware RAID controller. > > I suppose you wanted to write - 'buy two equal hardware RAID controllers', > or how would you be solving problem in broken hw raid controller in > cca 10 yrs from now? :-) > > j. Redundant machines in isolated failure zones. <3,K.
Re: softraid mirror & large drives (3T)
On Tue, Apr 18, 2017 at 08:23:56AM -0400, Allan Streib wrote: > Ian Wattswrites: > > > With this much disk space, should I be looking at another way of > > achieving data redundancy? > > Buy a hardware RAID controller. I suppose you wanted to write - 'buy two equal hardware RAID controllers', or how would you be solving problem in broken hw raid controller in cca 10 yrs from now? :-) j.
Re: softraid mirror & large drives (3T)
Ian Wattswrites: > With this much disk space, should I be looking at another way of > achieving data redundancy? Buy a hardware RAID controller. Allan
Re: softraid mirror & large drives (3T)
On 04/17/17 19:56, Ian Watts wrote: > Hello, > > I'm planning on replacing an old fileserver that has a single 1T drive > with something a little newer having 3T of space. I have two 3T drives > and have installed OpenBSD 6.0 to both as a softraid mirror. Works well > and I simulated a drive failure by shutting it down, removing a drive, > and rebooting. The drive has been re-installed and it is now rebuilding > the mirror. After 17 hours it is 24% complete, so it'll be about three > days to complete. The system is: > > AMD E2-3200 2.40 GHz > 4G RAM > 2 x 3T Seagate Barracuda 7200rpm SATA > > With this much disk space, should I be looking at another way of > achieving data redundancy? The goal is to increase redundancy of the > data and the mirror would be periodically backed up to another server in > a different building. My only concern here is the suitability of the > softraid mirror for a large filesystem. I've thought of using the > second drive as a backup and rsync'ing it nightly, but then failure of > the primary drive would mean more downtime before it's operational > again. A long rebuild time isn't a major problem; just want to make > sure I'm not overlooking a more sensible option. > > FWIW, I used the following info to get set up: > > https://www.openbsd.org/faq/faq14.html#softraidDI > http://openbsd-archive.7691.n7.nabble.com/Large-3TB-HDD-support-td95308.html > > Thanks, > > -- Ian Keep in mind, it's easy to say and now trivial to buy "3TB disks", and therefore, it's easy to forget that it is a SNOOTLOAD of data. Three days to mirror 3TB isn't out of line for some HW mirroring systems I've worked with, and much faster than many. Still...verify that you are running with an ahci(4) controller (sd(4) disks), not a pciide(4) controller (wd(4) disks) (though at one point, I don't think it was possible to have wd(4) disks that big, not sure if that's still true. And I suspect if you were running wd(4), it might be weeks, not days). And yes, when you have a three TB of data and a three day rebuild period, the possibility of a second disk failure during rebuild is definitely not zero, so yes, I'd suggest *considering* some alternative ways to achieve data security. * Three disk RAID1? (a REALLY good idea) * Checksumming "static" files? * rsync'ing data between stand-alone disks? (IF you can restrict the amount of data you have to have rsync look at, you can sync a LOT of data very quickly) * "Chunk" (or partition) your data as best you can, so you can mount blocks of storage Read Only, as "full and unchanging" (note lack of questionmark -- you want to do this if at all possible) (chunk your data, but NOT your RAID partitions -- last thing you want to get stuck doing is remirroring multiple RAID partitions on one disk at the same time!) * Something else relevant to your situation? Nick.
Broken ipsecctl validation in 6.1 ("-n -f " flags) - illegal transform aes-256-gcm
Hi, I have the below in my ipsec.conf : ike esp from 198.51.100.0/24 to 10.20.30.0/24 \ local 198.51.100.15 \ peer 203.0.113.114 \ main auth hmac-sha2-512 enc aes-256-gcm group modp8192 lifetime 14400 \ srcid 198.51.100.15 dstid 203.0.113.114 \ psk “MY_SECRET” \ tag MY_TAG Running "doas ipsecctl -nf /etc/ipsec.conf " (to validate the config) yields no errors. But running "doas ipsecctl -f /etc/ipsec.conf " (to load the config) yields: ipsecctl: illegal transform aes-256-gcm ipsecctl: failed to add ike rule 0
vmd memory bigger 2G
yes. daemon should be the one. daemon:\ :ignorenologin:\ :datasize=infinity:\ :maxproc=infinity:\ :openfiles-max=1024:\ :openfiles-cur=128:\ :stacksize-cur=8M:\ :localcipher=blowfish,a:\ :tc=default:
ipsec ... again
Hi there, since my attempt with ikev2 failed I thought I go back to ikev1 but it seems since the last time I used it something has changed with that too. I simply try to set up a site to site tunnel with a PSK here is the ipsec.conf on the openbsd machine ike from {10.10.10.0/24} to 10.10.15.0/24 \ main auth hmac-sha1 enc blowfish group modp1024\ quick auth hmac-sha1 enc blowfish group modp1024\ psk "my_psk" and here is the pf.conf ### define networks ## tun_in="10.10.15.0/24" tun_end="{10.10.10.0/24}" # simple ipsec pass in proto { esp ah } to ($ext_if) pass in on $ext_if proto udp from any to port {500 4500} keep state pass in on enc0 proto ipencap pass in on enc0 from {$tun_in} to $tun_end pass out proto {esp ah} pass out on enc0 from $tun_end to {$tun_in} this works at least for a openbsd 5.6 and a srewsoft client (this is basically my other endpoint). with this setup Im not able to connect to a openBSD 6.1 and the logs don't show anything helpfull so the question is where do I need to do the rewriting and is there some example beside the ipsec.conf in /etc/examples ? Regards -- Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227 Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
Attempting to carpdev lo interface causes panic
HI, Ok, yes, I know, I'm probably stupid for even trying to do it (I was curious, sorry !) but surely CARP should be able to handle this more gracefully ! The following commands : ifconfig lo1 192.168.2.2/24 ifconfig carp1 192.168.2.1/24 carpdev lo1 vhid 2 On OpenBSD 6.1 causes the below pretty much immediately after you hit the enter key : carp1: state transition: BACKUP -> MASTER panic: attempt to execute user address 0x0 in supervisor mode Starting stack trace... panic() at panic+0x10b trap() at trap+0x7dd --- trap (number 6) --- acpi_s3_vector_real() at 0 ifq_serialize() at ifq_serialize+0xdf if_enqueue() at if_enqueue+0x82 carp_start() at carp_start+0x88 if_qstart_compat() at if_qstart_compat+0x2f ifq_serialize() at ifq_serialize+0xdf if_enqueue() at if_enqueue+0x82 ether_output() at ether_output+0x1c6 carp_output() at carp_output+0x82 ip_output() at ip_output+0x7e3 carp_send_ad() at carp_send_ad+0x32b carp_master_down() at carp_master_down+0x7b carp_timer_down() at carp_timer_down+0x27 timeout_run() at timeout_run+0x48 softclock_thread() at softclock_thread+0xcb end trace frame: 0x0, count: 240 End of stack trace.
vmd memory bigger 2G
right now i can succesfully run vms with memory of 2G. Anything above will bring following error: vmd_configure: not creating vm vm1.virt.net (disabled) vmd_configure: not creating vm vm2.virt.net (disabled) vmd_configure: not creating vm vm3.virt.net (disabled) vmd_configure: not creating vm vm4.virt.net (disabled) vmd_configure: not creating vm vm5.virt.net (disabled) vm_opentty: vm vm4.virt.net tty /dev/ttypf uid 0 gid 4 mode 620 vm4.virt.net: create vmm ioctl failed - exiting: Invalid argument vm4.virt.net: failed to start vm: No such file or directory vm.conf is vm "vm4.virt.net" { disable memory 6G disk "/home/jan/virt/4/img0.raw" interface { switch "inner" lladdr "fe:e1:ba:d6:bf:ef" } } openbsd 6.1 should be able to run guests with more than 2G ?! Did i miss something ? $ dmesg | head OpenBSD 6.1-current (GENERIC.MP) #67: Mon Apr 17 15:22:46 MDT 2017 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8243118080 (7861MB) avail mem = 7988613120 (7618MB)
Re: flaky network connection after 6.1 upgrade
On Tue, Apr 18, 2017 at 01:15:38AM -0500, Colton Lewis wrote: > I tried channels 2, 5, and 10 with no better luck. > > Could you explain what made you think interference? > My computer and AP have been in their current spots for months with no > issue, and no new sources of come around > to the best of my knowledge. I had no networking trouble with 6.0 and > booting Linux from a CD is likewise without issue. > > My BSD system will fail to ping my AP with "sendmsg: Host is down", > yet I can bring a laptop to that same chair > and have no problem. Can you show me a dmesg please, specifically the lines which are related to your wifi card?
6.1 dhcpd
Hello, Since I upgraded to 6.1, my printer does not get its IP from dhcpd anymore. Printer is a xerox phaser 6022. dhcpd gets dhcp requests and reponds to it (I've show packets with tcpdump, and here are the logs) Apr 16 10:26:52 fremen.geekwu.org dhcpd[77052]: DHCPOFFER on 10.42.0.49 to 9c:93:4e:4e:c2:b1 via em0 Apr 16 10:26:52 fremen.geekwu.org dhcpd[77052]: DHCPDISCOVER from 9c:93:4e:4e:c2:b1 via em0 Apr 16 10:26:52 fremen.geekwu.org dhcpd[77052]: DHCPOFFER on 10.42.0.49 to 9c:93:4e:4e:c2:b1 via em0 Apr 16 10:26:58 fremen.geekwu.org dhcpd[77052]: DHCPDISCOVER from 9c:93:4e:4e:c2:b1 via em0 Apr 16 10:26:58 fremen.geekwu.org dhcpd[77052]: DHCPOFFER on 10.42.0.49 to 9c:93:4e:4e:c2:b1 via em0 Apr 16 10:26:58 fremen.geekwu.org dhcpd[77052]: DHCPDISCOVER from 9c:93:4e:4e:c2:b1 via em0 Apr 16 10:26:58 fremen.geekwu.org dhcpd[77052]: DHCPOFFER on 10.42.0.49 to 9c:93:4e:4e:c2:b1 via em0 I've connected the printer to a linux laptop with dhcpd, and it got the address it recieved from it. Here is the openbsd tcpdump trace : https://corrin.geekwu.org/owncloud/index.php/s/WTctL2t2muP7FFR And here is the Linux tcpdump trace : https://corrin.geekwu.org/owncloud/index.php/s/5d5ohkKDPzHLA83 Do you know what change may have introduce this ? Thanks, OpenBSD 6.1 (GENERIC.MP) #20: Sat Apr 1 13:45:56 MDT 2017 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 519962624 (495MB) avail mem = 499585024 (476MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0 acpi at bios0 not configured mpbios0 at bios0: Intel MP Specification 1.4 cpu0 at mainbus0: apid 0 (boot processor) cpu0: Genuine Intel(R) CPU @ 600MHz, 600.08 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF,PERF,SENSOR cpu0: 512KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 100MHz cpu0: mwait min=64, max=64, C-substates=0.2.2.0.2.0.3, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Genuine Intel(R) CPU @ 600MHz, 600.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF,PERF,SENSOR cpu1: 512KB 64b/line 8-way L2 cache cpu1: smt 1, core 0, package 0 mpbios0: bus 0 is type PCI mpbios0: bus 64 is type ISA ioapic0 at mainbus0: apid 0 pa 0xfec0, version 20, 24 pins pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 vendor "Intel", unknown product 0x4115 rev 0x05 pchb1 at pci0 dev 1 function 0 "Intel E600 Config" rev 0x00 ppb0 at pci0 dev 23 function 0 "Intel E600 PCIE" rev 0x00 pci1 at ppb0 bus 1 ppb1 at pci1 dev 0 function 0 "Intel EG20T PCIE" rev 0x01 pci2 at ppb1 bus 2 "Intel EG20T Packet Hub" rev 0x01 at pci2 dev 0 function 0 not configured "Intel EG20T Ethernet" rev 0x02 at pci2 dev 0 function 1 not configured "Intel EG20T GPIO" rev 0x01 at pci2 dev 0 function 2 not configured ohci0 at pci2 dev 2 function 0 "Intel EG20T USB" rev 0x02: apic 0 int 19, version 1.0 ohci1 at pci2 dev 2 function 1 "Intel EG20T USB" rev 0x02: apic 0 int 19, version 1.0 ohci2 at pci2 dev 2 function 2 "Intel EG20T USB" rev 0x02: apic 0 int 19, version 1.0 ehci0 at pci2 dev 2 function 3 "Intel EG20T USB" rev 0x02: apic 0 int 19 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 "Intel EG20T USB Client" rev 0x02 at pci2 dev 2 function 4 not configured sdhc0 at pci2 dev 4 function 0 "Intel EG20T SDIO" rev 0x01: apic 0 int 18 sdhc0: SDHC 1.0, 50 MHz base clock sdmmc0 at sdhc0: 4-bit, sd high-speed, mmc high-speed sdhc1 at pci2 dev 4 function 1 "Intel EG20T SDIO" rev 0x01: apic 0 int 18 sdhc1: SDHC 1.0, 50 MHz base clock sdmmc1 at sdhc1: 4-bit, sd high-speed, mmc high-speed ahci0 at pci2 dev 6 function 0 "Intel EG20T AHCI" rev 0x02: msi, AHCI 1.1 ahci0: port 0: 3.0Gb/s scsibus1 at ahci0: 32 targets sd0 at scsibus1 targ 0 lun 0:SCSI3 0/direct fixed naa.50026b7253081a83 sd0: 28626MB, 512 bytes/sector, 58626288 sectors, thin ohci3 at pci2 dev 8 function 0 "Intel EG20T USB" rev 0x02: apic 0 int 16, version 1.0 ohci4 at pci2 dev 8 function 1 "Intel EG20T USB" rev 0x02: apic 0 int 16, version 1.0 ohci5 at pci2 dev 8 function 2 "Intel EG20T USB" rev 0x02: apic 0 int 16, version 1.0 ehci1 at pci2 dev 8 function 3 "Intel EG20T USB" rev 0x02: apic 0 int 16 usb1 at ehci1: USB revision 2.0 uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 "Intel EG20T DMA" rev 0x00 at pci2 dev 10 function 0 not configured puc0 at pci2 dev 10 function 1 "Intel EG20T Serial" rev 0x01: ports: 1 com com4 at puc0 port 0 apic 0 int 19: ti16750, 64 byte fifo puc1 at pci2 dev 10 function 2 "Intel
Re: Does CARP need Layer 2 ?
> off the top of my head, you have two paths you could take. > > firstly, you could advertise the vpn service as the same ip addresses bound > to loopback (lo(4)) interfaces on each of the hosts. ie, a cheap and cheerful > anycast setup. bgp as your routing protocol should work well for this if > you're interested in an active/passive setup. > > the second option could be to set up a l2 medium between your hosts, > specifically, you can set up etherip tunnels between them and land your carp > interface on that. > > just some ideas. Interesting ideas, thanks ! Especially the first one, I had no idea VPNs would work over anycast, I thought anycast could only be used for stateless stuff like DNS.
Re: OpenBSD on HPE DL20 G9
Hello, Unfortunately, I don't have this server any more : as it didn't worked I sent it back to HP. But thanks for the info, the trick may be useful for other servers. -- Cordialement, Pierre BARDOU -Message d'origine- De : Naoki Fukaumi [mailto:fuka...@soum.co.jp] Envoyé : lundi 17 avril 2017 09:13 À : BARDOU PierreCc : misc@openbsd.org Objet : Re: OpenBSD on HPE DL20 G9 hi, From: BARDOU Pierre Subject: OpenBSD on HPE DL20 G9 Date: Mon, 10 Oct 2016 15:12:04 + > I have a brand new HPE DL20 G9, on which I am trying to boot OpenBSD > (version 6.0). > > 1s try : UEFI. The boot loader does its work, and then the screen > remains blank. > I can't see any line with blue background. > I tried to see what happend via console, but there is no serial port > on these little beasts :( Can you try to disable "UEFI Optimized Boot"? http://h20565.www2.hpe.com/hpsc/doc/public/display?sp4ts.oid=7481826=mmr_kc-0123842=en_US It works for me. # I have no idea why it works... Best Regards, -- FUKAUMI Naoki
httpd and my misunderstanding of user/group permissions
I am running httpd(8) to serve some sites, and I have setup groups like so: www: only has www in it webdevels: has www and users who have access to at least one domain under /var/www/sites, there is a per-domain directory that holds that domain's website: /var/www/sites/domain1 /var/www/sites/domain2 /var/www/sites/domain3 For each such directory there's a separate group, and select users belong to that group, but the user www belongs to all of them. The idea is that each webdevel should have read/write access to their own domain, but no access whatsoever to the other domains, while the user www should be able to access all of them. /var/www/sites is mod 750, owner: root, group: webdevels When I run httpd I see that it's run as www but: The webserver cannot access any files under /var/www/sites. If I chmod the directory to 755, it does. If I chgrp the directory to www, it does. How can a process (httpd in this case) that runs as certain user (www in this case) lose/gain access just by chgrp'ing a directory to a different group, given that its user belongs to both? (I thought that this was not possible; hence the subject.) Following a discussion on #openbsd, it seems that httpd forces itself to "drop" priveledges to a process that runs as user www but belonging only to the www group, ignoring any other groups that the user www belongs to. Why is this so? Nginx seems to be doing the same thing, so I guess there is something to gain. Can someone shed some light? Thanks! P.S. In case someone's wondering, it's not a question of "changes taking effect after the next login", I've even rebooted various times ever since I've modified my users and groups the way I described above. -- Thanos http://www.tsouanas.org/
Re: flaky network connection after 6.1 upgrade
I tried channels 2, 5, and 10 with no better luck. Could you explain what made you think interference? My computer and AP have been in their current spots for months with no issue, and no new sources of come around to the best of my knowledge. I had no networking trouble with 6.0 and booting Linux from a CD is likewise without issue. My BSD system will fail to ping my AP with "sendmsg: Host is down", yet I can bring a laptop to that same chair and have no problem. On Mon, Apr 17, 2017 at 2:35 AM, Stefan Sperlingwrote: > On Sun, Apr 16, 2017 at 05:31:58PM -0500, Colton Lewis wrote: >> Stephan, >> >> > I would guess you are running into some issue with 802.11n support which >> > was added to this driver in 6.1. You should be able to restore the previous >> > behaviour with: ifconfig athn0 mode 11g >> >> Your hunch was almost right. 11g had the same problem, but 11b worked >> as expected. > > Looks like too much interference from other networks (try a different channel) > or too large distance from the AP. > >> Attached is the info you asked for. >> 17:05:52.707822 802.11 flags=0<>: beacon, >> caps=12021 , ssid (Stormlord), >> rates 1M* 2M* 5M 11M 18M 24M 36M 54M, ds (chan 9), tim 0x0102, erp 0x04, >> xrates 6M 9M 12M 48M, rsn 0x010fac04010fac04010fac020c00, 6 >> stations, 4% utilization, admission capacity 0us/s, 70:5 0x320801, >> htcaps=<20MHz,LDPC,SGI@20MHz,TXSTBC,RXSTBC 1 stream,A-MSDU 7935,A-MPDU max >> 65535,A-MPDU spacing 4.00us,RxMCS 0xff00>, htop=<20MHz chan >> 9,STA chanw 20MHz,RIFS,htprot none,non-greenfield STA,basic MCS set >> 0x>, 74:14 0x14000a002c01c800140005001900, 127:8 >> 0x05000840, vendor 0x00146c00, vendor >> 0x0050f204104a0001101044000102104700102a1ecc3b122c82e30b19d406361deb33103c0001031049000600372a000120, >> vendor 0x00904c0408bf0cb259820feaffeaffc005000900c3020002, >> vendor 0x0010180206001c, vendor >> 0x0050f2020101880003a427a44243bc0062326600, > chan 9, 11n, sig 13dBm, antenna 1> >> athn0: flags=8843 mtu 1500 >> lladdr 00:15:af:cd:f2:4f >> index 2 priority 4 llprio 3 >> groups: wlan egress >> media: IEEE802.11 autoselect (HT-MCS1 mode 11n) >> status: active >> ieee80211: nwid Stormlord chan 9 bssid 10:da:43:96:15:6d -13dBm wpakey >> wpaprotos wpa2 wpaakms psk wpaciphers ccmp wpagroupcipher >> ccmp >> inet 192.168.1.17 netmask 0xff00 broadcast 192.168.1.255 >> nwid Stormlord chan 9 bssid 10:da:43:96:15:6d -13dBm HT-MCS23 >> privacy,short_slottime,radio_measurement,wpa2 >> inet 192.168.1.17 netmask 0xff00 broadcast 192.168.1.255 >>