Re: HELP! My HTTPD website keeps breaking because the custom directory/user permissions are being reverting for some reason!

[Martijn van Duren]

On 05/29/17 01:57, tec...@protonmail.com wrote:
> Hi there,
> 
> I have been using httpd for quite a while now, but after a new 
> project/website having to have read/write/execute permissions (unsafe, I do 
> realise..) I decided to:
> 
> 1. add root to the www group,
> 2. chown -R www:www /var/www/htdocs
> 3. chmod -R 775 /var/www/htdocs
> 
> Everything was running smoothly, until I was testing out the functionality 
> and realised I couldn't use php to write new directories or files, so I 
> checked the permissions and for some reason they have all switched back to: 
> root:daemon with permissions of 755.
> 
> Now, I'm guessing this is a security feature in some way, but for my purposes 
> and he type of service I'm creating it is breaking everything. Can someone 
> tell me what to man page to look up for this or something? Time is of the 
> essence because I need this website runing properly by tomorrow at latest.
> 
> Many many thanks!!
> 

My suggestion would be to look into mtree(8) and security(8)

Re: HELP! My HTTPD website keeps breaking because the custom directory/user permissions are being reverting for some reason!

[Edgar Pettijohn]

I was thinking that may be an issue but I thought it only reported issues and 
didn't make changes.

⁣Sent from BlueMail ​

On May 28, 2017, 10:47 PM, at 10:47 PM, tec...@protonmail.com wrote:
>I have set the root to be /var/www/htdocs
>Whilst others may think that is a bit pointless, it's fine for me. The
>issue here is not the chroot, or the location I like to put my web
>content, it's permissions and I can't see the relevance in the points
>you made - sorry. I have figured out the issue, and for anyone else who
>might be interested, then check out the man page for 'security'.
>
>Thanks for your input though.
>
> Original Message 
>Subject: Re: HELP! My HTTPD website keeps breaking because the custom
>directory/user permissions are being reverting for some reason!
>Local Time: May 29, 2017 2:49 AM
>UTC Time: May 29, 2017 12:49 AM
>From: erling.westen...@gmail.com
>To: tec...@protonmail.com
>misc@openbsd.org 
>
>On Sun, May 28, 2017 at 08:13:13PM -0400, tec...@protonmail.com wrote:
>> I need to use the regular /var/www/htdocs for my site
>>
>> Such a strange issue
>
>I think that "need" of yours is the strangest issue here. It is
>/var/www
>that becomes the root directory when httpd/nginx/apache is chroot'ed,
>not htdocs. The latter is just an arbitrary location.
>
>You should be able to:
>
># cp -Rp /var/www/htdocs /var/www/mysite
>
>Then replace all [relevant] occurences of "htdocs" to "mysite" in
>/etc/httpd.conf and in your files. It your site doesn't survive this,
>you're probably having other problems than file permissions.
>
>Show us your /etc/httpd.conf as a minimium.
>
>> Probably (not sure because you didn't care to say which version
>you're
>> running) because you upgraded to a newer snapshots. Use another
>> directory (one that doesn't come in the sets) if you want to do that.
>
>--
>Erling Westenvik

Re: HELP! My HTTPD website keeps breaking because the custom directory/user permissions are being reverting for some reason!

[techay]

I have set the root to be /var/www/htdocs
Whilst others may think that is a bit pointless, it's fine for me. The issue 
here is not the chroot, or the location I like to put my web content, it's 
permissions and I can't see the relevance in the points you made - sorry. I 
have figured out the issue, and for anyone else who might be interested, then 
check out the man page for 'security'.

Thanks for your input though.

 Original Message 
Subject: Re: HELP! My HTTPD website keeps breaking because the custom 
directory/user permissions are being reverting for some reason!
Local Time: May 29, 2017 2:49 AM
UTC Time: May 29, 2017 12:49 AM
From: erling.westen...@gmail.com
To: tec...@protonmail.com
misc@openbsd.org 

On Sun, May 28, 2017 at 08:13:13PM -0400, tec...@protonmail.com wrote:
> I need to use the regular /var/www/htdocs for my site
>
> Such a strange issue

I think that "need" of yours is the strangest issue here. It is /var/www
that becomes the root directory when httpd/nginx/apache is chroot'ed,
not htdocs. The latter is just an arbitrary location.

You should be able to:

# cp -Rp /var/www/htdocs /var/www/mysite

Then replace all [relevant] occurences of "htdocs" to "mysite" in
/etc/httpd.conf and in your files. It your site doesn't survive this,
you're probably having other problems than file permissions.

Show us your /etc/httpd.conf as a minimium.

> Probably (not sure because you didn't care to say which version you're
> running) because you upgraded to a newer snapshots. Use another
> directory (one that doesn't come in the sets) if you want to do that.

--
Erling Westenvik

Can I bind USB/other interface/device number (e.g. cdceX) to particular MAC, USB serial number or the like?

[Tinker]

Hi misc@,

For pluggable devices such as USB NIC:s, is there any way to make 
OpenBSD bind a particular device based on its MAC or USB serial number 
or the like variable, to a particular interface or device filename?


E.g. MAC X is prebooked as cdce0, and MAC Y as cdce1 , and external USB 
harddrive with serial number Z as /dev/sd0 and the one with serial 
number A as /dev/sd1 (and plugging in other devices would 
automatically).


(For storage devices there's the DUID-based mounting already though, so 
I guess those are a non-issue.)


Some things in the OS are specified per interface/device name, e.g. PF 
rules (e.g. "pass in proto tcp from any to cdce0 port 123 rdr-to cdce1 
..", "match out on cdce0 from 192.168.0.0/16 to any nat-to cdce0"), so 
having the interface numbers garbled on replug may be an unnecessary 
reason to reboot?


Would be happy to learn any best practice here, thanks,
Tinker

Re: print from openbsd to archlinux's USB printer

[Tuyosi T]

continued

i try and error and try 

i replace command line "lpr" to " lp
-h192.168.1.64:631/printers/EPSON_PX-404A/version=1.1 "
then print www page directly to arch's USB printer  .

but
when i restart  seamonley  , this " lp
-h192.168.1.64:631/printers/EPSON_PX-404A/version=1.1 " disapear .

it is regrettable .
are there any trick to this ?

---
regards

Re: print from openbsd to archlinux's USB printer

[Tuyosi T]

continued



at openbsd

use seamonkey , and print page to file (mozilla.pdf)

lp -h192.168.1.64:631/printers/EPSON_PX-404A/version=1.1  mozilla.pdf

then print it to USB printer which is attached to archlinux
---

there must be much  more convinient mmethod ,
it is what ?

-
regards

print from openbsd to archlinux's USB printer

[Tuyosi T]

Hi all.

my situation is
openbsd--wired-->archlinux(192.168.1.64)--usb cable->USB printer

1) in archlinux
cat /etc/cups/cupsd.conf
---
MaxLogSize 0
LogLevel warn
port 631   #<-
Browsing On
BrowseLocalProtocols dnssd
DefaultAuthType Basic
WebInterface Yes

  Order allow,deny
  Allow localhost  #<-
  Allow 192.168.1.0/24 #<-


  Order allow,deny
  Allow localhost  #<-
  Allow 192.168.1.0/24 #<-


  AuthType Default
  Require user @SYSTEM
  Order allow,deny


  AuthType Default
  Require user @SYSTEM
  Order allow,deny


  JobPrivateAccess default
  JobPrivateValues default
  SubscriptionPrivateAccess default
  SubscriptionPrivateValues default
  
Order deny,allow
  
  
Require user @OWNER @SYSTEM
Order deny,allow
  
  
AuthType Default
Require user @SYSTEM
Order deny,allow
  
  
AuthType Default
Require user @SYSTEM
Order deny,allow
  
  
Require user @OWNER @SYSTEM
Order deny,allow
  
  
Order deny,allow
  


  JobPrivateAccess default
  JobPrivateValues default
  SubscriptionPrivateAccess default
  SubscriptionPrivateValues default
  
AuthType Default
Order deny,allow
  
  
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
  
  
AuthType Default
Require user @SYSTEM
Order deny,allow
  
  
AuthType Default
Require user @SYSTEM
Order deny,allow
  
  
AuthType Default
Require user @OWNER @SYSTEM
Order deny,allow
  
  
Order deny,allow
  


  JobPrivateAccess default
  JobPrivateValues default
  SubscriptionPrivateAccess default
  SubscriptionPrivateValues default
  
AuthType Negotiate
Order deny,allow
  
  
AuthType Negotiate
Require user @OWNER @SYSTEM
Order deny,allow
  
  
AuthType Default
Require user @SYSTEM
Order deny,allow
  
  
AuthType Default
Require user @SYSTEM
Order deny,allow
  
  
AuthType Negotiate
Require user @OWNER @SYSTEM
Order deny,allow
  
  
Order deny,allow
  




cat /etc/cups/mime.types
application/octet-stream


cat /etc/cups/mime.convs
application/octet-stream   application/vnd.cups-raw0




2)openbsd
at httpa://192.178.1.64:631
i can print out testpage

but
i cannot print google's home page .

what is lack ?
/etc/printcap and more

--
regards

Re: HELP! My HTTPD website keeps breaking because the custom directory/user permissions are being reverting for some reason!

[Erling Westenvik]

On Sun, May 28, 2017 at 08:13:13PM -0400, tec...@protonmail.com wrote:
> I need to use the regular /var/www/htdocs for my site
>
> Such a strange issue

I think that "need" of yours is the strangest issue here. It is /var/www
that becomes the root directory when httpd/nginx/apache is chroot'ed,
not htdocs. The latter is just an arbitrary location.

You should be able to:

# cp -Rp /var/www/htdocs /var/www/mysite

Then replace all [relevant] occurences of "htdocs" to "mysite" in
/etc/httpd.conf and in your files. It your site doesn't survive this,
you're probably having other problems than file permissions.

Show us your /etc/httpd.conf as a minimium.

> Probably (not sure because you didn't care to say which version you're
> running) because you upgraded to a newer snapshots. Use another
> directory (one that doesn't come in the sets) if you want to do that.

--
Erling Westenvik

Re: Blank screen after boot with Radeon HD 5450

[Allan Streib]

"Jens A. Griepentrog"  writes:

> Is there a way to choose lower resolutions for radeondrm console using
> some suitable configuration file?

I asked basically this question some weeks ago, and lack of any answer
and not finding anything about this in man pages or FAQ has me to belive
that for now the answer is no, it's not configurable.

http://marc.info/?l=openbsd-misc=149185776506814=2

Allan

Re: HELP! My HTTPD website keeps breaking because the custom directory/user permissions are being reverting for some reason!

[techay]

Oops, forgot to say that it is 6.1 - Release with all patches applied with 
syspatch.

I need to use the regular /var/www/htdocs for my site

Such a strange issue

Probably (not sure because you didn't care to say which version you're
running) because you upgraded to a newer snapshots. Use another
directory (one that doesn't come in the sets) if you want to do that.

Re: HELP! My HTTPD website keeps breaking because the custom directory/user permissions are being reverting for some reason!

[Daniel Jakots]

On Sun, 28 May 2017 19:57:41 -0400, tec...@protonmail.com wrote:

> Hi there,
> 
> I have been using httpd for quite a while now, but after a new
> project/website having to have read/write/execute permissions
> (unsafe, I do realise..) I decided to:
> 
> 1. add root to the www group,
> 2. chown -R www:www /var/www/htdocs
> 3. chmod -R 775 /var/www/htdocs
> 
> Everything was running smoothly, until I was testing out the
> functionality and realised I couldn't use php to write new
> directories or files, so I checked the permissions and for some
> reason they have all switched back to: root:daemon with permissions
> of 755.
> 
> Now, I'm guessing this is a security feature in some way, but for my
> purposes and he type of service I'm creating it is breaking
> everything. Can someone tell me what to man page to look up for this
> or something? Time is of the essence because I need this website
> runing properly by tomorrow at latest.
> 
> Many many thanks!!

Probably (not sure because you didn't care to say which version you're
running) because you upgraded to a newer snapshots. Use another
directory (one that doesn't come in the sets) if you want to do that.

Re: Blank screen after boot with Radeon HD 5450

[Maximilian Pichler]

I tried your suggestion of logging in with the keyboard while the
screen is blank and then typing "startx". Then logged in via ssh:
$ DISPLAY=:0 xrandr
Screen 0: minimum 320 x 200, current 1024 x 768, maximum 8192 x 8192
DisplayPort-0 disconnected primary (normal left inverted right x axis y axis)
DVI-0 disconnected (normal left inverted right x axis y axis)
VGA-0 disconnected (normal left inverted right x axis y axis)

The DisplayPort cable is connected.

Still it seems that the problem is not with X, as it occurs even with
it is disabled.

HELP! My HTTPD website keeps breaking because the custom directory/user permissions are being reverting for some reason!

[techay]

Hi there,

I have been using httpd for quite a while now, but after a new project/website 
having to have read/write/execute permissions (unsafe, I do realise..) I 
decided to:

1. add root to the www group,
2. chown -R www:www /var/www/htdocs
3. chmod -R 775 /var/www/htdocs

Everything was running smoothly, until I was testing out the functionality and 
realised I couldn't use php to write new directories or files, so I checked the 
permissions and for some reason they have all switched back to: root:daemon 
with permissions of 755.

Now, I'm guessing this is a security feature in some way, but for my purposes 
and he type of service I'm creating it is breaking everything. Can someone tell 
me what to man page to look up for this or something? Time is of the essence 
because I need this website runing properly by tomorrow at latest.

Many many thanks!!

Re: Blank screen after boot with Radeon HD 5450

[Maximilian Pichler]

On Sun, May 28, 2017 at 4:50 PM, Steven McDonald
 wrote:
> Have you tried booting more than once?

Yes, many times, both warm and cold.

Re: Blank screen after boot with Radeon HD 5450

[Jens A. Griepentrog]

On 05/28/17 22:50, Steven McDonald wrote:

On Sun, 28 May 2017 15:37:08 -0400
Maximilian Pichler  wrote:


After the installation of a VisionTek Radeon 5450 graphics card my
machine gives a blank screen after booting. It still shows the normal
system messages (full dmesg below), with the last visible one being
"scsibus4 at softraid0: 256 targets". Then the monitor (connected via
DisplayPort) goes into power save mode. This is on OpenBSD 6.1 and
amd64.


Have you tried booting more than once? I've had this problem on a
Radeon HD 6850 after a fresh install in the past, and after a reboot > it 
worked. I suspect the cause was that fw_update ran too late for the
firmware to load correctly (and I no longer have access to that
hardware to test).



I see this every time after a fresh install on a Radeon HD 6450, too.
Login and reboot (as with eyes shut) has always been successful.

By the way, recently, I had a nice effect: I forgot to attach the
monitor cable before boot, hence the usual 1600x1200 resolution was not
detected, and the standard 1024x768 mode was chosen. After connecting
the monitor cable, as a result I got the neat SunOS console font based
on the lower resolution (getting back the full resolution in the
consecutive startx session). I like it very much, since it was better
readable and not that tiny. Is there a way to choose lower resolutions 
for radeondrm console using some suitable configuration file?


With best regards,
Jens

Re: Blank screen after boot with Radeon HD 5450

[Steven McDonald]

On Sun, 28 May 2017 22:54:22 +0200
Steven McDonald  wrote:

> Re-reading your mail, it sounds like you installed the card into an
> existing system. In that case, my question becomes "have you run
> fw_update?"

Just noticed the part of your mail where you showed you had the
firmware installed. Sorry for the noise, brain must be in slow motion
tonight.

Re: Blank screen after boot with Radeon HD 5450

[Steven McDonald]

Re-reading your mail, it sounds like you installed the card into an
existing system. In that case, my question becomes "have you run
fw_update?"

Re: Blank screen after boot with Radeon HD 5450

[Steven McDonald]

On Sun, 28 May 2017 15:37:08 -0400
Maximilian Pichler  wrote:

> After the installation of a VisionTek Radeon 5450 graphics card my
> machine gives a blank screen after booting. It still shows the normal
> system messages (full dmesg below), with the last visible one being
> "scsibus4 at softraid0: 256 targets". Then the monitor (connected via
> DisplayPort) goes into power save mode. This is on OpenBSD 6.1 and
> amd64.

Have you tried booting more than once? I've had this problem on a
Radeon HD 6850 after a fresh install in the past, and after a reboot it
worked. I suspect the cause was that fw_update ran too late for the
firmware to load correctly (and I no longer have access to that
hardware to test).

Blank screen after boot with Radeon HD 5450

[Maximilian Pichler]

Hi,

After the installation of a VisionTek Radeon 5450 graphics card my
machine gives a blank screen after booting. It still shows the normal
system messages (full dmesg below), with the last visible one being
"scsibus4 at softraid0: 256 targets". Then the monitor (connected via
DisplayPort) goes into power save mode. This is on OpenBSD 6.1 and
amd64.

The machine is up and I can ssh into it. When booting with 'boot -c'
and 'disable radeondrm' the problem doesn't occur, but of course then
graphics acceleration is lost. Also, when booting another OS from a
USB stick the display is functioning at 2560x1440@60Hz.

xenodm is disabled. Just in case this provides useful information
below is also an Xorg.0.log when it is enabled (the display remains
blank).

Thanks for any insights or hints.

Max

$ fw_update -i
Installed: vmm-firmware-1.10.2p2 radeondrm-firmware-20150927
iwm-firmware-0.20161101
Installed, extra: malo-firmware-1.4p4 rsu-firmware-1.2p0
acx-firmware-1.4p5 rtwn-firmware-1.0 athn-firmware-1.1p1
upgt-firmware-1.1p4 wpi-firmware-3.2p1 uvideo-firmware-1.2p2
iwn-firmware-5.11p1 urtwn-firmware-1.2 bwi-firmware-1.4p4
uath-firmware-2.0p1 pgt-firmware-1.2p4 iwi-firmware-3.1p2
otus-firmware-1.0p1 ipw-firmware-1.3p2

$ dmesg
OpenBSD 6.1 (GENERIC.MP) #20: Sat Apr  1 13:45:56 MDT 2017
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17126002688 (16332MB)
avail mem = 16602288128 (15833MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x8fb1 (30 entries)
bios0: vendor American Megatrends Inc. version "P1.20" date 12/16/2016
bios0: ASRock Z270 Gaming-ITX/ac
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT MCFG SSDT FIDT SSDT SSDT HPET SSDT
UEFI SSDT AAFT LPIT WSMT DBGP DBG2 DMAR ASF!
acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4)
PEG2(S4) PXSX(S4) RP09(S4) PXSX(S4) RP10(S4) PXSX(S4) RP11(S4)
PXSX(S4) RP12(S4) PXSX(S4) RP13(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz, 4200.00 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: TSC frequency 42 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 23MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz, 4200.00 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz, 4200.00 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz, 4200.00 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 3, package 0
cpu4 at mainbus0: apid 1 (application processor)
cpu4: Intel(R) Core(TM) i7-7700K CPU @ 4.20GHz, 4200.00 MHz
cpu4: 

Re: "athn0: could not load firmware" for AR9271

[Maximilian Pichler]

Thanks a lot for sharing the details!

By the way, there seems to be an issue with the test results I sent
because dd sometimes copied fewer bytes than intended. I'll try to pin
it down and either update this thread or open a new one.

PSA: autodisklabel '\' must be configured

[Scott Bonds]

You might get the error "'\' must be configured" when trying to 
autoinstall, if your autodisklabel layout is only minimums, and the 
minimums add up to more than the total available disk size. So, you 
know, don't do that.


Putting this out there to save someone some troubleshooting time when 
they go searching for that message.

isakmpd dies quietly with over 100 tunnels

[Michał Koc]

Hi all,

I'm running 6.0/amd64 inside KVM/Quemu with over 100 ipsec tunnels.

Everything was running just fine when the number of tunnels was lower. 
But as we have been setting up more and more tunnels we suddenly run on 
problems.
The isakmpd deaemon keeps dying quietly. Probably I'm running out of 
something, but I need some help to find out what it is and how to 
monitor it and tweak.


Thank You in advance.

Best Regards
M.K.

root@vgate0:/root# netstat -m
215 mbufs in use:
163 mbufs allocated to data
46 mbufs allocated to packet headers
6 mbufs allocated to socket names and addresses
160/920/6144 mbuf 2048 byte clusters in use (current/peak/max)
0/8/6144 mbuf 4096 byte clusters in use (current/peak/max)
0/8/6144 mbuf 8192 byte clusters in use (current/peak/max)
0/14/6146 mbuf 9216 byte clusters in use (current/peak/max)
0/10/6150 mbuf 12288 byte clusters in use (current/peak/max)
0/8/6144 mbuf 16384 byte clusters in use (current/peak/max)
0/8/6144 mbuf 65536 byte clusters in use (current/peak/max)
2760 Kbytes allocated to network (13% in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines

Sample tail of the log:
When I run "isakmpd -K -d -DA=10":
142043.246192 Sdep 10 pf_key_v2_set_spi: satype 2 dst xxx.xxx.xxx.xxx 
SPI 0x42f03e5d
142043.246209 Timr 10 timer_add_event: event 
sa_soft_expire(0x1fb9d0bdf400) added before 
sa_soft_expire(0x1fb9c8f05400), expiration in 25056s
142043.246223 Timr 10 timer_add_event: event 
sa_hard_expire(0x1fb9d0bdf400) added before 
sa_soft_expire(0x1fb9dd458200), expiration in 28800s
142043.246326 Sdep 10 pf_key_v2_set_spi: satype 2 dst xxx.xxx.xxx.xxx 
SPI 0x3ffa5955
142043.268229 Default responder_recv_HASH_SA_NONCE: KEY_EXCH payload 
without a group desc. attribute
142043.268250 Default dropped message from xxx.xxx.xxx.xxx port 500 due 
to notification type NO_PROPOSAL_CHOSEN
142043.268281 Timr 10 timer_add_event: event 
exchange_free_aux(0x1fb9a5336400) added before 
sa_soft_expire(0x1fba0d6a2a00), expiration in 120s
142043.268289 Exch 10 exchange_establish_p2: 0x1fb9a5336400  
 policy initiator phase 2 doi 1 exchange 5 step 0
142043.268295 Exch 10 exchange_establish_p2: icookie 8c58f4e7f8269ed3 
rcookie 0fe2d7657125a339

142043.268301 Exch 10 exchange_establish_p2: msgid de2c5cc3 sa_list
142043.269079 Timr 10 timer_add_event: event 
message_send_expire(0x1fb994136900) added before 
connection_checker(0x1fb9b2646280), expiration in 7s
142043.269614 Exch 10 exchange_finalize: 0x1fb9a5336400  policy> policy initiator phase 2 doi 1 exchange 5 step 1
142043.269630 Exch 10 exchange_finalize: icookie 8c58f4e7f8269ed3 
rcookie 0fe2d7657125a339

142043.269637 Exch 10 exchange_finalize: msgid de2c5cc3 sa_list
142043.269653 Timr 10 timer_remove_event: removing event 
exchange_free_aux(0x1fb9a5336400)
142043.289465 Timr 10 timer_remove_event: removing event 
message_send_expire(0x1fb994136900)
142043.289513 Exch 10 exchange_finalize: 0x1fb972b59400 
from-xxx.xxx.xxx.xxx/24-to-xxx.xxx.xxx.xxx/24  policy 
responder phase 2 doi 1 exchange 32 step 2
142043.289521 Exch 10 exchange_finalize: icookie 8c58f4e7f8269ed3 
rcookie 0fe2d7657125a339
142043.289528 Exch 10 exchange_finalize: msgid de079ef6 sa_list 
0x1fb9dd458800 0x1fb985d09e00
142043.289578 Sdep 10 pf_key_v2_set_spi: satype 2 dst xxx.xxx.xxx.xxx 
SPI 0xe5d04953
142043.289594 Timr 10 timer_add_event: event 
sa_soft_expire(0x1fb9dd458800) added before 
sa_soft_expire(0x1fba1d81de00), expiration in 3279s
142043.289608 Timr 10 timer_add_event: event 
sa_hard_expire(0x1fb9dd458800) added before 
sa_soft_expire(0x1fba2c980800), expiration in 3600s
142043.289710 Sdep 10 pf_key_v2_set_spi: satype 2 dst xxx.xxx.xxx.xxx 
SPI 0x4d895568

root@vgate0:/root#

OpenBSD 6.0-stable (GENERIC.MP) #0: Sat Feb  4 21:55:17 CET 2017
root@amd64.vcomp:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 1056956416 (1007MB)
avail mem = 1020506112 (973MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xf1dc0 (11 entries)
bios0: vendor Bochs version "Bochs" date 01/01/2011
bios0: Bochs Bochs
acpi0 at bios0: rev 0
acpi0: sleep states S3 S4 S5
acpi0: tables DSDT FACP SSDT APIC HPET
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: QEMU Virtual CPU version 2.1.2, 3492.32 MHz
cpu0: 
FPU,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,CX16,POPCNT,HV,NXE,LONG,LAHF,ABM
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 
64b/line 16-way L2 cache

cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 1000MHz
cpu1 at mainbus0: apid 1 (application 

Re: "athn0: could not load firmware" for AR9271

[Stefan Sperling]

On Sat, May 27, 2017 at 08:31:23PM -0400, Maximilian Pichler wrote:
> I've tried a PPD-AR5BHB92-H (AR9280 miniPCIe) in AP mode and connected
> clients get ~12 Mbit/s downstream and ~35 Mbit/s upstream (i.e. the
> card appears to receive data much faster than it sends). Selecting a
> less crowded 5GHz channel helped quite a bit. Is this performance more
> or less what is currently to be expected?

There is an issue where the card won't transmit at rates beyond 18M / MCS 12.
Whenever rate scaling selects a higher transmit rate it drops back down
right away, even on a clean channel. I haven't figured out why.
I expect fixing this will involve a dive into the dark magic of the
chip's low-level configuration since it looks as if OFDM modulations
at the higher end don't work (and never ever worked) with our driver.

Also, we do not support Tx aggregation in 11n mode yet.
This is why other 11n implementations manage to send more data
per second at a given data rate than we do.
 
> The measurements were conducted by running the following commands on a
> Macbook connected to the AP's wireless network:
> 
> $ for i in {1..10}; do nc 192.168.0.1 1234 | dd of=/dev/null
> count=10240 bs=1000; sleep 1; done 2>&1 | grep trans
> 6899272 bytes transferred in 4.307439 secs (1601711 bytes/sec)
> 6864520 bytes transferred in 4.275299 secs (1605623 bytes/sec)
> 6837456 bytes transferred in 4.256377 secs (1606403 bytes/sec)
> 6734200 bytes transferred in 4.194057 secs (1605653 bytes/sec)
> 6952848 bytes transferred in 4.311542 secs (1612613 bytes/sec)
> 6898272 bytes transferred in 4.294667 secs (1606241 bytes/sec)
> 6867864 bytes transferred in 4.256106 secs (1613650 bytes/sec)
> 6906512 bytes transferred in 4.291027 secs (1609524 bytes/sec)
> 6757816 bytes transferred in 4.182866 secs (1615595 bytes/sec)
> 6871760 bytes transferred in 5.059761 secs (1358119 bytes/sec)
> 
> $ for i in {1..10}; do dd if=/dev/urandom count=10240 bs=1000 | nc
> 192.168.0.1 1234; sleep 1; done 2>&1 | grep trans
> 1024 bytes transferred in 2.290328 secs (4470975 bytes/sec)
> 1024 bytes transferred in 2.251763 secs (4547548 bytes/sec)
> 1024 bytes transferred in 2.160710 secs (4739183 bytes/sec)
> 1024 bytes transferred in 2.031869 secs (5039695 bytes/sec)
> 1024 bytes transferred in 2.215611 secs (4621750 bytes/sec)
> 1024 bytes transferred in 3.615391 secs (2832335 bytes/sec)
> 1024 bytes transferred in 2.340003 secs (4376063 bytes/sec)
> 1024 bytes transferred in 2.185185 secs (4686102 bytes/sec)
> 1024 bytes transferred in 2.509382 secs (4080686 bytes/sec)
> 1024 bytes transferred in 2.333018 secs (4389164 bytes/sec)
> 
> On the AP box:
> $ nc -kl 1234 < /dev/urandom
> $ nc -kl 1234 > /dev/null

Thanks for sharing this.