Re: OpenBSDI 6.1 some Warnings when using OpenLDAP Tools
On Wed, Aug 09, 2017 at 09:06:19AM +0200, Markus Rosjat wrote: > this is more an info then a problem though since it seems to work. > When I use the slap tool like slapcat I get a size mismatch warning like > this Heh, we were just talking about that: https://marc.info/?l=openbsd-misc&m=150199443929908&w=2
Re: How to find out which files were changed in -CURRENT and -STABLE between two releases?
On Thu, Aug 10, 2017 at 06:57:40PM -, pipfsta...@openmailbox.org wrote: > Hello, > > CVS is delivering me my daily dose of PITA (and I'm delivering a daily > dose of whining to the list). I feel like I'm trying to use a wooden bicycle > driven by jolts from the ground to make a tour from Washington, DC to > Sacramento, California. > > I've found cvs2cl.pl that turns pretty useless output of `cvs log` into > something meaningful. > But I didn't made my way through branches and tags. > I know that when release is done, sources are tagged with a > 'OPENBSD_x_y_BASE' tag. But cvs doesn't provide a way (well, at least > I didn't find it) to find a commit id when a certain tag was created. > Well, I tried to grep (1) the raw output of cvs log to see how tags > refer to files in per-file basis. But some files don't have any symbolic > names at all! > E.g.: > > "RCS file: /cvs/src/sys/arch/armv7/sunxi/Attic/sximmc.c,v > Working file: sys/arch/armv7/sunxi/sximmc.c > head: 1.12 > branch: > locks: strict > access list: > symbolic names: > keyword substitution: kv > total revisions: 12; > selected revisions: 12" > > And it is not a new file, first revision is dated 2016/08/15. It might > be some development branch, but then how do I differ which commits are > made into a release, and which are not? > > Is there any way to make cvs show a bunch of changes that are made > between two releases in the -CURRENT and -STABLE branches? If you know when the cvs tag was created, then you can use git to show the changes since that date until HEAD. Unfortunately, we don't have a git repo with the tags. -- Juan Francisco Cantero Hurtado http://juanfra.info
Re: how to know the state of the dd's progression
sorry , correct it ./comment-out.bat dd-progress.bat x=`ps ax| grep rsd | cut -d ' ' -f 1 | awk 'NR == 1' ` while true do date kill -INFO $x sleep 3 echo echo done
Re: How to find out which files were changed in -CURRENT and -STABLE between two releases?
On 2017-08-10, pipfsta...@openmailbox.org wrote: > Hello, > > CVS is delivering me my daily dose of PITA (and I'm delivering a daily > dose of whining to the list). I feel like I'm trying to use a wooden bicycle > driven by jolts from the ground to make a tour from Washington, DC to > Sacramento, California. > > I've found cvs2cl.pl that turns pretty useless output of `cvs log` into > something meaningful. > But I didn't made my way through branches and tags. The output from cvsps might be better for this. It's not perfect and can get confused in some cases (the fact that the rcs files in repo aren't squeaky clean plays some part in this). It generally works better when done in smaller parts of the tree. > I know that when release is done, sources are tagged with a > 'OPENBSD_x_y_BASE' tag. But cvs doesn't provide a way (well, at least > I didn't find it) to find a commit id when a certain tag was created. Commit ids were hacked into CVS fairly late in its history and there's not much tooling for them. For the main part you'll just need to look at per-file revisions. A CVS tree is just a collection of separate RCS files. > And it is not a new file, first revision is dated 2016/08/15. It might > be some development branch, but then how do I differ which commits are > made into a release, and which are not? If there's no release tag in "cvs log", that file didn't make it into a release. For your example file it was renamed/moved and the moved version did make it to a release (but cvs doesn't track moves). > Is there any way to make cvs show a bunch of changes that are made > between two releases in the -CURRENT and -STABLE branches? You can do a diff or log between revision markers, but again as it's per file it's not going to be directly very useful. The other thing you could do is look at the git conversion. You'll need to figure out the *dates* the tree was tagged (sys/conf/newvers.sh is a good way to get close to these) because none of the conversion tools that we've tried are able to successfully convert branch information from the OpenBSD repo.
Re: How to find out which files were changed in -CURRENT and -STABLE between two releases?
Hi, pipfsta...@openmailbox.org wrote on Thu, Aug 10, 2017 at 08:07:44PM -: > I want to fill https://openbsd.org/plus61.html Wow, that would be useful, but it's a lot of work. Multiple days of full-time work, probably. In the past, people who did that have usually started from a mailing list archive like http://marc.info/?l=openbsd-cvs, and then looked at CVS as required. Starting from cvs2cl would be fine, too, and mostly equivalent. Maybe even a bit easier because you see the revision numbers right away. You only need to look at changes involving two-component revision numbers (x.y), those are on the MAIN branch, where all of -current and all releases happen. Four-component revision number (x.y.z.t) are on branches, hence irrelevant. To see whether an individual revision of a file was before or after release, just look at the log for that file, and where the tag is. Note that in rare cases, a release version of one file can be *newer* than a post-release version of another file - but at most by a few days, and only in those cases where Theo manually retagged a file to put a last-minute bugfix into the release. In extremely rare cases, one person may have changed several files with one "cvs commit" command (and hence all with the same date and commit message), and some of the resulting file revisions may be part of the release, while others may not. To get a rough first impression about the time range in which the cutoff happened, look at: https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/conf/newvers.sh Stuff *newer* than the "unlock" change is *usually* post-release (except when Theo retagged something), stuff *older* than the "unlock" change is *usually* in the release - but a few changes may have gone in before the unlock change. So be careful with changes in the timerange of about two days before to about seven days after. Some of them may be in the release, some post-release, independent of their chronological ordering, even though they are all on the same branch! > Thus I need to obtain all commit messages for commits done between > 6.0 release and 6.1 release. > But cvs2cl just spits out all commits done in every branch without > marking them with tags they are assigned to. Again, ignore everthing with four-component numbers, use all the rest. > So I can't see if a commit was done before or after 6.0 release, Not from cvs2cl, no. That is a limitation of that particular (quick and dirty) script, not a limitation of CVS itself. > or if it is a part of the -STABLE branch for the 6.0 release, You *can* see that from cvs2cl output. Those would have four-component revision numbers. > or whatever else there is going on in the source tree. Nothing else is going on in the tree. In OpenBSD, side branches for development are strongly frowned upon and are used extremely rarely, and none have been active for some years now as far as i remember. > Even just getting info on the points (commit IDs) where the code > was frozen for the release would be very useful. But I failed > to find it in mail archives. Your biggest problem is that you are trying to figure out how a tiger looks like by asking specific questions about its roots, its stem, and its leaves. In git, everything revolves around commits and files are of very little importance. In CVS, the basic concept is completely different. Everything revolves around files and their revisions. The revisions of one file are independent of the revisions of any other file, and the notion of a "commit" is practically meaningless. Most definitely, commits do not have parents and children, ordering them chronologically is completely useless, and in particular tells you nothing about which revisions of which files are or are not part of a release. Yours, Ingo
Re: how to know the state of the dd's progression
thanks for advices . dd if=/dev/rsd0c of=/dev/rsd2c bs=64k and another terminal dd-progress.bat --- x=`ps ax| grep rsd | cut -d ' ' -f 1` while true do date kill -INFO $x sleep 3 echo echo done then on origina; terminal --l 3891396608 bytes transferred in 69.591 secs (55917407 bytes/sec) 61949+0 records in 61949+0 records out 4059889664 bytes transferred in 72.601 secs (55919964 bytes/sec) 64521+0 records in 64521+0 records out appear -- best regards
Re: protonmail on misc@openbsd.org
> From r...@protonmail.com Wed Aug 9 12:56:08 2017 > Date: Wed, 09 Aug 2017 06:11:56 -0400 > To: "misc@openbsd.org" > From: Rupert Gallagher > Reply-To: Rupert Gallagher > Subject: protonmail on misc@openbsd.org > > QSBub3RlIHRvIHBvc3RtYXN0ZXIgb24gdGhlIHByb2JsZW0gb2YgZm9sZGVk > IHF1b3RlZCB0ZXh0IGFuZCBjb2RlIGluIG1pbWUtYXR0YWNobWVudC4gSXQg > dHVybnMgb3V0IHRoYXQgb3RoZXIgbWFpbGluZyBsaXN0cyBkbyBub3QgZm9s > ZC4gVGhlIHByb2JsZW0gc2VtcyBsb2NhbCB0byB5b3VyIGxpc3QgbWFuYWdl > bWVudCBzb2Z0d2FyZS4KClNlbnQgZnJvbSBQcm90b25NYWlsIE1vYmlsZQ== > > > A note to sender on the problem of crazy encodings. It turns out that other user agents do not send crazy encodings. The problem seems to be your mail user agent. Sent from mail(1).
Re: How to find out which files were changed in -CURRENT and -STABLE between two releases?
> it's not clear what you're really trying to do. if you want the files for a > release, cvs co -r that release. I want to fill https://openbsd.org/plus61.html Thus I need to obtain all commit messages for commits done between 6.0 release and 6.1 release. But cvs2cl just spits out all commits done in every branch without marking them with tags they are assigned to. So I can't see if a commit was done before or after 6.0 release, or if it is a part of the -STABLE branch for the 6.0 release, or whatever else there is going on in the source tree. Even just getting info on the points (commit IDs) where the code was frozen for the release would be very useful. But I failed to find it in mail archives.
Re: How to find out which files were changed in -CURRENT and -STABLE between two releases?
pipfsta...@openmailbox.org wrote: > Hello, > > CVS is delivering me my daily dose of PITA (and I'm delivering a daily > dose of whining to the list). I feel like I'm trying to use a wooden bicycle > driven by jolts from the ground to make a tour from Washington, DC to > Sacramento, California. > > I've found cvs2cl.pl that turns pretty useless output of `cvs log` into > something meaningful. > But I didn't made my way through branches and tags. > I know that when release is done, sources are tagged with a > 'OPENBSD_x_y_BASE' tag. But cvs doesn't provide a way (well, at least > I didn't find it) to find a commit id when a certain tag was created. > Well, I tried to grep (1) the raw output of cvs log to see how tags > refer to files in per-file basis. But some files don't have any symbolic > names at all! > E.g.: > > "RCS file: /cvs/src/sys/arch/armv7/sunxi/Attic/sximmc.c,v > Working file: sys/arch/armv7/sunxi/sximmc.c > head: 1.12 > branch: > locks: strict > access list: > symbolic names: > keyword substitution: kv > total revisions: 12; > selected revisions: 12" > > And it is not a new file, first revision is dated 2016/08/15. It might > be some development branch, but then how do I differ which commits are > made into a release, and which are not? well, you're looking at a file that was deleted before it made it into any releases. it's not going to have tags. > Is there any way to make cvs show a bunch of changes that are made > between two releases in the -CURRENT and -STABLE branches? cvs diff -rOPENBSD_6_1 -rHEAD ? it's not clear what you're really trying to do. if you want the files for a release, cvs co -r that release.
How to find out which files were changed in -CURRENT and -STABLE between two releases?
Hello, CVS is delivering me my daily dose of PITA (and I'm delivering a daily dose of whining to the list). I feel like I'm trying to use a wooden bicycle driven by jolts from the ground to make a tour from Washington, DC to Sacramento, California. I've found cvs2cl.pl that turns pretty useless output of `cvs log` into something meaningful. But I didn't made my way through branches and tags. I know that when release is done, sources are tagged with a 'OPENBSD_x_y_BASE' tag. But cvs doesn't provide a way (well, at least I didn't find it) to find a commit id when a certain tag was created. Well, I tried to grep (1) the raw output of cvs log to see how tags refer to files in per-file basis. But some files don't have any symbolic names at all! E.g.: "RCS file: /cvs/src/sys/arch/armv7/sunxi/Attic/sximmc.c,v Working file: sys/arch/armv7/sunxi/sximmc.c head: 1.12 branch: locks: strict access list: symbolic names: keyword substitution: kv total revisions: 12; selected revisions: 12" And it is not a new file, first revision is dated 2016/08/15. It might be some development branch, but then how do I differ which commits are made into a release, and which are not? Is there any way to make cvs show a bunch of changes that are made between two releases in the -CURRENT and -STABLE branches?
Re: New question, do I really need a AAAA record?
On Thu, Aug 10, 2017 at 07:26:16PM +0100, Stuart Henderson wrote: > Rephrasing: if you make an outgoing SMTP connection, a reverse DNS PTR > record should exist for the source address you're connecting from (whether > that's v4 or v6), and an A (for v4) or (for v6) lookup for the name > in that PTR should give back the same address. > > For your example: > > 185.37.212.61 -> server.roquesor.com > server.roquesor.com -> 185.37.212.61 > > That looks good. > > If you are making outgoing SMTP connections from a v6 address, then you > should have matching PTR+ as well. OK. Huff!, it's just I got dizzy. After all the advises I got in this thread I started to doubt even about my existence. :-) Thank you Stuart!
Re: New question, do I really need a AAAA record?
On 2017/08/10 20:18, Walter Alejandro Iglesias wrote: > In article you wrote: > > Hi Stuart, > > > > In article you wrote: > > > On 2017-08-10, Rui Ribeiro wrote: > > > > An email server in a residential setting will fail PTR unless you are > > > > working with a medium sized/an ISP that cares about their customers. > > > > > > > > see answer here > > > > https://unix.stackexchange.com/questions/371329/bind-proper-reverse-config > > > > > > You can't expect to reliably deliver email unless you have a PTR record > > > and > > > an A/ record (at least within the same domain, though in some cases > > > the full hostname needs to match). > > > > > > > At this point things got a bit confusing. First of all I don't run my > > own DNS server, I use the free dns service from the registrar company > > where I bought my domain names. There I configured the records I need > > for the web and mail servers I run at home. Then, asking my ISP to add > > a PTR record on *their* DNS was the first thing I did when I contracted > > the service, and was the first thing I checked again last weekend after > > the problem I explain in this thread happened. Despite the negative > > results the website someone recommended me shows (dnsinspect.com) I > > think my PTR is working well, you can use host(1), dig(1) or nslookup(1) > > to check my IP (185.37.212.61) against yours or any public DNS to > > corroborate it. Or simply put the IP in your browser URL bar, press > > ENTER and see if it resolves to my web site. :-) > > > > Stated the above, now the new question. By A/ records I understand > > you mean the records on *my* side (not my ISP's), don't you? Well, > > since I'm not using ipv6 I didn't added any record. Do you > > recommend me to add it, anyways? > > > > > > Sorry, I think I didn't formulate the question well. What I meant was, > do I need also a static ipv6 to be considered by big smtp servers as a > legal sender? > Rephrasing: if you make an outgoing SMTP connection, a reverse DNS PTR record should exist for the source address you're connecting from (whether that's v4 or v6), and an A (for v4) or (for v6) lookup for the name in that PTR should give back the same address. For your example: 185.37.212.61 -> server.roquesor.com server.roquesor.com -> 185.37.212.61 That looks good. If you are making outgoing SMTP connections from a v6 address, then you should have matching PTR+ as well.
Re: New question, do I really need a AAAA record?
In article you wrote: > Hi Stuart, > > In article you wrote: > > On 2017-08-10, Rui Ribeiro wrote: > > > An email server in a residential setting will fail PTR unless you are > > > working with a medium sized/an ISP that cares about their customers. > > > > > > see answer here > > > https://unix.stackexchange.com/questions/371329/bind-proper-reverse-config > > > > You can't expect to reliably deliver email unless you have a PTR record and > > an A/ record (at least within the same domain, though in some cases > > the full hostname needs to match). > > > > At this point things got a bit confusing. First of all I don't run my > own DNS server, I use the free dns service from the registrar company > where I bought my domain names. There I configured the records I need > for the web and mail servers I run at home. Then, asking my ISP to add > a PTR record on *their* DNS was the first thing I did when I contracted > the service, and was the first thing I checked again last weekend after > the problem I explain in this thread happened. Despite the negative > results the website someone recommended me shows (dnsinspect.com) I > think my PTR is working well, you can use host(1), dig(1) or nslookup(1) > to check my IP (185.37.212.61) against yours or any public DNS to > corroborate it. Or simply put the IP in your browser URL bar, press > ENTER and see if it resolves to my web site. :-) > > Stated the above, now the new question. By A/ records I understand > you mean the records on *my* side (not my ISP's), don't you? Well, > since I'm not using ipv6 I didn't added any record. Do you > recommend me to add it, anyways? > > Sorry, I think I didn't formulate the question well. What I meant was, do I need also a static ipv6 to be considered by big smtp servers as a legal sender?
Re: New question, do I really need a AAAA record?
On Thu, Aug 10, 2017 at 08:18:31PM +0200, Walter Alejandro Iglesias wrote: > > Sorry, I think I didn't formulate the question well. What I meant was, > do I need also a static ipv6 to be considered by big smtp servers as a > legal sender? > No. khm
New question, do I really need a AAAA record?
Hi Stuart, In article you wrote: > On 2017-08-10, Rui Ribeiro wrote: > > An email server in a residential setting will fail PTR unless you are > > working with a medium sized/an ISP that cares about their customers. > > > > see answer here > > https://unix.stackexchange.com/questions/371329/bind-proper-reverse-config > > You can't expect to reliably deliver email unless you have a PTR record and > an A/ record (at least within the same domain, though in some cases > the full hostname needs to match). > At this point things got a bit confusing. First of all I don't run my own DNS server, I use the free dns service from the registrar company where I bought my domain names. There I configured the records I need for the web and mail servers I run at home. Then, asking my ISP to add a PTR record on *their* DNS was the first thing I did when I contracted the service, and was the first thing I checked again last weekend after the problem I explain in this thread happened. Despite the negative results the website someone recommended me shows (dnsinspect.com) I think my PTR is working well, you can use host(1), dig(1) or nslookup(1) to check my IP (185.37.212.61) against yours or any public DNS to corroborate it. Or simply put the IP in your browser URL bar, press ENTER and see if it resolves to my web site. :-) Stated the above, now the new question. By A/ records I understand you mean the records on *my* side (not my ISP's), don't you? Well, since I'm not using ipv6 I didn't added any record. Do you recommend me to add it, anyways?
console inactive on wakeup from apm stand-by (i386, current)
Blank console screen with no response from input devices following wakeup from an `apm -S` (i.e., stand-by mode) - a problem with current from at least 3rd Aug. build, i386 Compaq Presario laptop. This curiously is also the same problem with Windows 8.1/10, the laptop though is not supported by these OSs.
Re: gmail and hotmail blocking mail sent from my IP
On 2017-08-10, Rui Ribeiro wrote: > An email server in a residential setting will fail PTR unless you are > working with a medium sized/an ISP that cares about their customers. > > see answer here > https://unix.stackexchange.com/questions/371329/bind-proper-reverse-config You can't expect to reliably deliver email unless you have a PTR record and an A/ record (at least within the same domain, though in some cases the full hostname needs to match).
Re: maildrop-postfix question
Hi Markus, did you also check the master.cf? It's described in the postfix documentation http://www.postfix.org/MAILDROP_README.html Cheers Am 10.08.2017 5:07 nachm. schrieb "Markus Rosjat" : > Hi there, > > > I try to get maildrop to work with postfix so I installed the > maildrop-postfix package and did the config in the main.cf > > strange part is that maildrop still try to use authdeamon ... > > well I thought okay install courier-utils because it seems both things are > related and I get all the authtools but they dont work because authdeamon > isn't there still. > > so the basic question here is, what to enable with rcctl to get authdeamon > up and running > > or > > if this isnt the way to go with maildrop and postfix, what is it to get > rid of logs like > > Command output: ERR: authdaemon: s_connect() failed: No such file or > directory /usr/local/bin/maildrop: Temporary authentication failure. > > regards > -- > Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de > > G+H Webservice GbR Gorzolla, Herrmann > Königsbrücker Str. 70, 01099 Dresden > > http://www.ghweb.de > fon: +49 351 8107220 fax: +49 351 8107227 > > Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before > you print it, think about your responsibility and commitment to the > ENVIRONMENT > >
maildrop-postfix question
Hi there, I try to get maildrop to work with postfix so I installed the maildrop-postfix package and did the config in the main.cf strange part is that maildrop still try to use authdeamon ... well I thought okay install courier-utils because it seems both things are related and I get all the authtools but they dont work because authdeamon isn't there still. so the basic question here is, what to enable with rcctl to get authdeamon up and running or if this isnt the way to go with maildrop and postfix, what is it to get rid of logs like Command output: ERR: authdaemon: s_connect() failed: No such file or directory /usr/local/bin/maildrop: Temporary authentication failure. regards -- Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de G+H Webservice GbR Gorzolla, Herrmann Königsbrücker Str. 70, 01099 Dresden http://www.ghweb.de fon: +49 351 8107220 fax: +49 351 8107227 Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you print it, think about your responsibility and commitment to the ENVIRONMENT
Re: radeondrm(?) change causes console to recognize only 1024x768
On Sat, 2017-08-05 at 18:31 +0200, Robert wrote: > During the last couple of weeks some change (radeondrm update?) > caused the console to be locked to 1024x768, instead of whatever EDID > the TFT supports, when using a Radeon card. Same issue here for the past couple of weeks when using DisplayPort. X only recognizes resolutions up to 1024x768. Note that this problem doesn't occur for me when using DVI which I have been using for the past few weeks. dmesg and Xorg.0.log after booting with DisplayPort connected below. $ dmesg OpenBSD 6.1-current (GENERIC.MP) #52: Tue Aug 8 23:36:00 MDT 2017 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.M P real mem = 852632 (8128MB) avail mem = 8258650112 (7876MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xed300 (24 entries) bios0: vendor American Megatrends Inc. version "P2.60" date 06/12/2017 bios0: ASRock A320M acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT SSDT FIDT SSDT CRAT CDIT SSDT MCFG AAFT HPET SSDT UEFI IVRS SSDT SSDT acpi0: wakeup devices GPP0(S4) GPP1(S4) GPP2(S4) PTXH(S4) GPP3(S4) GPP4(S4) GPP5(S4) GPP6(S4) GPP7(S4) GPP8(S4) GPP9(S4) GPPA(S4) GPPB(S4) GPPC(S4) GPPD(S4) GPPE(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Ryzen 5 1400 Quad-Core Processor, 3194.61 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36 ,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1, SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RD TSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKI NIT,TOPEXT,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT ,SHA cpu0: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 8-way L2 cache, 8MB 64b/line 16-way L3 cache cpu0: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu0: TSC frequency 3194608960 Hz cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD Ryzen 5 1400 Quad-Core Processor, 3194.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36 ,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1, SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RD TSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKI NIT,TOPEXT,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT ,SHA cpu1: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 8-way L2 cache, 8MB 64b/line 16-way L3 cache cpu1: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: AMD Ryzen 5 1400 Quad-Core Processor, 3194.00 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36 ,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1, SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RD TSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKI NIT,TOPEXT,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT ,SHA cpu2: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 8-way L2 cache, 8MB 64b/line 16-way L3 cache cpu2: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu2: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: AMD Ryzen 5 1400 Quad-Core Processor, 3194.00 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36 ,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1, SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RD TSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKI NIT,TOPEXT,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT ,SHA cpu3: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 8-way L2 cache, 8MB 64b/line 16-way L3 cache cpu3: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu3: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu3: smt 0, core 3, package 0 cpu4 at mainbus0: apid 8 (application processor) cpu4: AMD Ryzen 5 1400 Quad-Core Processor, 3194.00 MHz cpu4: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36 ,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1, SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,
Re: gmail and hotmail blocking mail sent from my IP
An email server in a residential setting will fail PTR unless you are working with a medium sized/an ISP that cares about their customers. see answer here https://unix.stackexchange.com/questions/371329/bind-proper-reverse-config On 9 August 2017 at 23:34, Rupert Gallagher wrote: > The dns still fails RFC1912 (ptr). > > Sent from ProtonMail Mobile > > On Wed, Aug 9, 2017 at 6:39 PM, Walter Alejandro Iglesias < > w...@roquesor.com> wrote: > > > Hello Rupert, In article you wrote: > https://www.dnsinspect.com/ > roquesor.com/10171765 Try the link again. The reason it showed false > results was because dnsinspect.com IP was blocked in my pf firewall. I > have a script to detect hacking attempts in my port 25 and block those IPs > automatically. Thanks for your help anyways. And sorry if I didn't answer > you before. lhvy93s=@protonmail.com> -- Regards, -- Rui Ribeiro Senior Linux Architect and Network Administrator ISCTE-IUL https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
Re: nginx chroot with a proxy_pass unix socket
Hi Stuart,
> On 9 Aug 2017, at 14:08, Stuart Henderson wrote:
>
> On 2017-08-09, Maurizio De Magnis wrote:
>>server {
>> server_name myapp.com;
>> access_log /var/www/apps/my_app/logs/access.log;
>> error_log /var/www/apps/my_app/logs/error.log;
>> root /var/www/apps/my_app/current;
>> location / {
>>proxy_pass http://unix:/var/www/apps/my_app/application.socket;
>
> That seems wrong, why would you have http://unix:/…?
That’s per the documentation of proxy_pass:
https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass
I get a syntax error `doas nginx -t` when I use `proxy_pass unix:/mypath`.
I need to either set the “https://"; or “https://"; prefix.
>> Do you have any suggestions on how to implement a unix socket connection
>> with NGINX chroot enabled?
>
> You may need to use the path inside the chroot (/apps/... rather than
> /var/www/apps/…),
And that nails it in the head! :-)
The path is actually related to the inner chroot environment (`/var/www` in my
case). #duh
I reset the flags, updated the socket path and now it works.
Thanks a lot <3
> especially if you reload rather than restart nginx to reconfigure.
I don’t understand this piece, could you expand it a bit further?
> But it might be simpler to just add symlinks so that
> the path /var/www/whatever works whether you're inside or outside the
> chroot:
>
> cd /var/www
> mkdir var
> ln -s .. var/www
Thanks for this advice as well but I think I’ll opt for the simpler chroot-only
use case :-)
Re: Having trouble with IPSEC negotiating BlackBerry 10 OS smartphone with OBSD 6.1 amd64
On 2017/08/10 11:13, Denis wrote: > Or what phone model (Brand) I can use to have IPSEC working on the road? IKEv1 (either on its own with just isakmpd, or combined with L2TP from npppd) works widely. IKEv2/iked works with iPhones in some setups (though Theodore Wynnychenko ran into a problem that was introduced with a commit in March so it doesn't work in all setups there). Tim Stewart has been looking at getting it working with recent strongswan on Android (see various diffs "Add Diffie-Hellman group negotiation" on tech@).
Re: Having trouble with IPSEC negotiating BlackBerry 10 OS smartphone with OBSD 6.1 amd64
latest #iked -dvv log is below:
ikev2_pld_payloads: decrypted payload CERTREQ nextpayload CP critical
0x00 length 5
ikev2_pld_certreq: type X509_CERT signatures length 0
ikev2_pld_payloads: decrypted payload CP nextpayload NOTIFY critical
0x00 length 36
ikev2_pld_cp: type REQUEST length 28
ikev2_pld_cp: INTERNAL_IP4_ADDRESS 0x0001 length 0
ikev2_pld_cp: INTERNAL_IP4_NETMASK 0x0002 length 0
ikev2_pld_cp: INTERNAL_IP4_DNS 0x0003 length 0
ikev2_pld_cp: INTERNAL_IP4_DNS 0x0003 length 0
ikev2_pld_cp: INTERNAL_IP4_NBNS 0x0004 length 0
ikev2_pld_cp: INTERNAL_IP4_NBNS 0x0004 length 0
ikev2_pld_cp: APPLICATION_VERSION 0x0007 length 0
ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical
0x00 length 8
ikev2_pld_notify: protoid IKE spisize 0 type INITIAL_CONTACT
ikev2_pld_payloads: decrypted payload NOTIFY nextpayload NOTIFY critical
0x00 length 8
ikev2_pld_notify: protoid IKE spisize 0 type ESP_TFC_PADDING_NOT_SUPPORTED
ikev2_pld_payloads: decrypted payload NOTIFY nextpayload SA critical
0x00 length 8
ikev2_pld_notify: protoid IKE spisize 0 type NON_FIRST_FRAGMENTS_ALSO
ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00
length 92
ikev2_pld_sa: more 0 reserved 0 length 88 proposal #1 protoid ESP
spisize 4 xforms 8 spi 0xf3268010
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 192 total 4
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 128 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id 3DES
ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id DES
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_MD5_96
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96
ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00
length 24
ikev2_pld_ts: count 1 length 16
ikev2_pld_ts: type IPV4_ADDR_RANGE protoid 0 length 16 startport 0
endport 65535
ikev2_pld_ts: start 0.0.0.0 end 255.255.255.255
ikev2_pld_payloads: decrypted payload TSr nextpayload NONE critical 0x00
length 24
ikev2_pld_ts: count 1 length 16
ikev2_pld_ts: type IPV4_ADDR_RANGE protoid 0 length 16 startport 0
endport 65535
ikev2_pld_ts: start 0.0.0.0 end 255.255.255.255
sa_stateok: SA_INIT flags 0x00, require 0x00
ikev2_msg_auth: responder auth data length 357
ca_setauth: auth length 357
ikev2_sa_negotiate: score 7
config_free_proposals: free 0x203519780
sa_stateflags: 0x0c -> 0x0c auth,sa (required 0x0d cert,auth,sa)
sa_stateok: EAP flags 0x0c, require 0x0d cert,auth,sa
config_free_proposals: free 0x203519b80
ca_setauth: auth length 256
ikev2_getimsgdata: imsg 21 rspi 0xe58066731820 ispi
0x417f3816fccfc162 initiator 0 sa valid type 1 data length 256
ikev2_dispatch_cert: AUTH type 1 len 256
sa_stateflags: 0x0c -> 0x0c auth,sa (required 0x0d cert,auth,sa)
sa_stateok: EAP flags 0x0c, require 0x0d cert,auth,sa
On 10.08.2017 11:13, Denis wrote:
> Hi,
>
> Have fully working setup OpenIKEd + Win7x64 using IKEv2 and MSCHAP-v2 but
> BlackBerry device stop negotiating and fail while connecting.
> Exact BlackBerry SW version is: 10.3.2.2836.
>
> Cert and 2048bit key in *.P12 form transferred to BlackBerry device.
>
> 10.0.20.0/24 is local network
> 10.0.10.0/24 is IPsec network
> DNS server is 10.0.20.1
>
> /etc/iked.conf is:
>
> ikev2 "winauth" passive esp \
> from 10.0.20.0/24 to 10.0.10.0/24 \
> local IP_of_server peer any \
> srcid myserver.domain \
> eap "mschap-v2" \
> config address 10.0.10.10 \
> config netmask 255.255.255.0 \
> config name-server 10.0.20.1 \
> # ikesa auth hmac-sha1 enc 3des group modp2048 \
> # childsa auth hmac-sha1 enc aes-256 group modp2048 \
> tag "$name-$id"
>
> OBSD has working PF setup to allow IPSEC traffic {isakmp, ipsec-nat-t} and
> both protos {ah, esp}.
>
> Trying to make the same setup with BlackBerry 10.3.2.2836 OS using the same
> /etc/iked.conf.
>
> In BlackBerry phone tried various profiles (general profile is listed below):
> ---
> Server address: IP_of_server
> Gateway type: Generic IKEv2 VPN Server (tried Microsoft IKEv2 VPN
> Server, but unsuccessful too)
> Auth Type: EAP-MSCHAPv2
> Authentication ID Type: FQDN
> Auth ID: myserver.domain
> MSCHAPv2 EAP Identity: username
> MSCHAPv2 EAP Identity: username
> MSCHAPv2 Password: userpass
> Gateway Auth Type: PKI
> Gateway Auth ID Type: FQDN
> Gateway Auth ID: myserver.domain
> Allow Untrusted Cert: Prompt
> Gateway CA Cert: CAmyserver.domain.name
> Perfect Forward Secrecy: set_to_YES
> Auto IP: set_to_YES
> Auto DNS: set_to_YES
> Auto Determine Algorithm: set_to_YES
>
> IKE lifetime in Sec.: 86400
> IPSec Lifetime: 10800
> NAT Keep Aliv
Having trouble with IPSEC negotiating BlackBerry 10 OS smartphone with OBSD 6.1 amd64
Hi,
Have fully working setup OpenIKEd + Win7x64 using IKEv2 and MSCHAP-v2 but
BlackBerry device stop negotiating and fail while connecting.
Exact BlackBerry SW version is: 10.3.2.2836.
Cert and 2048bit key in *.P12 form transferred to BlackBerry device.
10.0.20.0/24 is local network
10.0.10.0/24 is IPsec network
DNS server is 10.0.20.1
/etc/iked.conf is:
ikev2 "winauth" passive esp \
from 10.0.20.0/24 to 10.0.10.0/24 \
local IP_of_server peer any \
srcid myserver.domain \
eap "mschap-v2" \
config address 10.0.10.10 \
config netmask 255.255.255.0 \
config name-server 10.0.20.1 \
# ikesa auth hmac-sha1 enc 3des group modp2048 \
# childsa auth hmac-sha1 enc aes-256 group modp2048 \
tag "$name-$id"
OBSD has working PF setup to allow IPSEC traffic {isakmp, ipsec-nat-t} and both
protos {ah, esp}.
Trying to make the same setup with BlackBerry 10.3.2.2836 OS using the same
/etc/iked.conf.
In BlackBerry phone tried various profiles (general profile is listed below):
---
Server address: IP_of_server
Gateway type: Generic IKEv2 VPN Server (tried Microsoft IKEv2 VPN
Server, but unsuccessful too)
Auth Type: EAP-MSCHAPv2
Authentication ID Type: FQDN
Auth ID: myserver.domain
MSCHAPv2 EAP Identity: username
MSCHAPv2 EAP Identity: username
MSCHAPv2 Password: userpass
Gateway Auth Type: PKI
Gateway Auth ID Type: FQDN
Gateway Auth ID: myserver.domain
Allow Untrusted Cert: Prompt
Gateway CA Cert: CAmyserver.domain.name
Perfect Forward Secrecy: set_to_YES
Auto IP: set_to_YES
Auto DNS: set_to_YES
Auto Determine Algorithm: set_to_YES
IKE lifetime in Sec.: 86400
IPSec Lifetime: 10800
NAT Keep Alive: 30
DPD Frequency: 240
Use Proxy: set_to_NO
-
#iked -dvv negotiating with BlackBerry phone:
...
ikev2_pld_payloads: payload SK nextpayload IDi critical 0x00 length 272
ikev2_msg_decrypt: IV length 16
ikev2_msg_decrypt: encrypted payload length 240
ikev2_msg_decrypt: integrity checksum length 12
ikev2_msg_decrypt: integrity check succeeded
ikev2_msg_decrypt: decrypted payload length 240/240 padding 15
ikev2_pld_payloads: decrypted payload IDi nextpayload CERTREQ critical
0x00 length 19
ikev2_pld_id: id FQDN/myserver.domain length 15
ikev2_pld_payloads: decrypted payload CERTREQ nextpayload CP critical
0x00 length 5
ikev2_pld_certreq: type X509_CERT signatures length 0
ikev2_pld_certreq: invalid certificate request
ikev2_resp_recv: failed to parse message
The same connection works fine between Win7 and iked. Log of iked is below:
...
ikev2_msg_decrypt: encrypted payload length 160
ikev2_msg_decrypt: integrity checksum length 12
ikev2_msg_decrypt: integrity check succeeded
ikev2_msg_decrypt: decrypted payload length 160/160 padding 7
ikev2_pld_payloads: decrypted payload AUTH nextpayload CP critical 0x00
length 28
ikev2_pld_auth: method SHARED_KEY_MIC length 20
ikev2_pld_payloads: decrypted payload CP nextpayload SA critical 0x00
length 32
ikev2_pld_cp: type REPLY length 24
ikev2_pld_cp: INTERNAL_IP4_ADDRESS 0x0001 length 4
ikev2_pld_cp: INTERNAL_IP4_NETMASK 0x0002 length 4
ikev2_pld_cp: INTERNAL_IP4_DNS 0x0003 length 4
ikev2_pld_payloads: decrypted payload SA nextpayload TSi critical 0x00
length 44
ikev2_pld_sa: more 0 reserved 0 length 40 proposal #1 protoid ESP
spisize 4 xforms 3 spi 0x84ea51d8
ikev2_pld_xform: more 3 reserved 0 length 12 type ENCR id AES_CBC
ikev2_pld_attr: attribute type KEY_LENGTH length 256 total 4
ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96
ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE
ikev2_pld_payloads: decrypted payload TSi nextpayload TSr critical 0x00
length 24
ikev2_pld_ts: count 1 length 16
ikev2_pld_ts: type IPV4_ADDR_RANGE protoid 0 length 16 startport 0
endport 65535
ikev2_pld_ts: start 10.0.10.0 end 10.0.10.255
ikev2_pld_payloads: decrypted payload TSr nextpayload NONE critical 0x00
length 24
ikev2_pld_ts: count 1 length 16
ikev2_pld_ts: type IPV4_ADDR_RANGE protoid 0 length 16 startport 0
endport 65535
ikev2_pld_ts: start 10.0.20.0 end 10.0.20.255
ikev2_msg_send: IKE_AUTH from IP_of_server:4500 to IP_of_client:4500,
212 bytes, NAT-T
pfkey_sa_add: update spi 0x84ea51d8
pfkey_sa: udpencap port 4500
ikev2_childsa_enable: loaded CHILD SA spi 0x84ea51d8
pfkey_sa_add: add spi 0xcfea0559
pfkey_sa: udpencap port 4500
ikev2_childsa_enable: loaded CHILD SA spi 0xcfea0559
ikev2_childsa_enable: loaded flow 0x20527e400
ikev2_childsa_enable: loaded flow 0x204a56800
sa_state: EAP_VALID -> ESTABLISHED from IP_of_client:4500 to
IP_of_server:4500 policy 'winauth'
Or what phone model (Brand) I can use to have IPSEC working on the road?
Thanks.
