Re: IPv6 on AWS fails after 30 seconds
I just realized I forgot to include my dhcpcd log info. Please see below. Any insight or advice would be much appreciated. Jordan Mar 13 18:46:18 ip-172-31-6-187 dhcpcd[96180]: main: pidfile_lock: Permission denied Mar 13 18:46:23 ip-172-31-6-187 dhcpcd[83900]: DUID 00:04:2a:fe:2b:ec:35:48:74:74:11:0b:1a:22:a4:5d:90:db Mar 13 18:46:23 ip-172-31-6-187 dhcpcd[83900]: xnf0: IAID 63:26:e3:9c Mar 13 18:46:23 ip-172-31-6-187 dhcpcd[83900]: xnf0: soliciting an IPv6 router Mar 13 18:46:35 ip-172-31-6-187 dhcpcd[83900]: xnf0: no IPv6 Routers available Mar 13 18:46:45 ip-172-31-6-187 dhcpcd[83900]: received SIGINT, stopping Mar 13 18:46:45 ip-172-31-6-187 dhcpcd[83900]: xnf0: removing interface Mar 13 18:46:45 ip-172-31-6-187 dhcpcd[83900]: dhcpcd exited Mar 13 20:56:03 ip-172-31-6-187 dhcpcd[22976]: DUID 00:04:2a:fe:2b:ec:35:48:74:74:11:0b:1a:22:a4:5d:90:db Mar 13 20:56:03 ip-172-31-6-187 dhcpcd[22976]: xnf0: IAID 63:26:e3:9c Mar 13 20:56:04 ip-172-31-6-187 dhcpcd[22976]: xnf0: soliciting an IPv6 router Mar 13 20:56:05 ip-172-31-6-187 dhcpcd[22976]: xnf0: Router Advertisement from fe80::478:22ff:fe9e:1c56 Mar 13 20:56:05 ip-172-31-6-187 dhcpcd[22976]: xnf0: adding route to 2600:1f11:2f7:c100::/64 Mar 13 20:56:05 ip-172-31-6-187 dhcpcd[22976]: xnf0: adding default route via fe80::478:22ff:fe9e:1c56 Mar 13 20:56:05 ip-172-31-6-187 dhcpcd[22976]: xnf0: soliciting a DHCPv6 lease Mar 13 20:56:05 ip-172-31-6-187 dhcpcd[22976]: xnf0: ADV 2600:1f11:2f7:c100:89b:330e:88b3:603/128 from fe80::478:22ff:fe9e:1c56 Mar 13 20:56:05 ip-172-31-6-187 dhcpcd[22976]: xnf0: REPLY6 received from fe80::478:22ff:fe9e:1c56 Mar 13 20:56:05 ip-172-31-6-187 dhcpcd[22976]: xnf0: adding address 2600:1f11:2f7:c100:89b:330e:88b3:603/128 Mar 13 20:56:05 ip-172-31-6-187 dhcpcd[22976]: xnf0: renew in 75, rebind in 120, expire in 450 seconds Mar 13 20:56:06 ip-172-31-6-187 dhcpcd[22976]: forked to background, child pid 31031 Mar 13 21:05:59 ip-172-31-6-187 dhcpcd[57086]: DUID 00:04:2a:fe:2b:ec:35:48:74:74:11:0b:1a:22:a4:5d:90:db Mar 13 21:05:59 ip-172-31-6-187 dhcpcd[57086]: xnf0: IAID 63:26:e3:9c Mar 13 21:05:59 ip-172-31-6-187 dhcpcd[57086]: xnf0: soliciting an IPv6 router Mar 13 21:06:06 ip-172-31-6-187 dhcpcd[57086]: xnf0: Router Advertisement from fe80::478:22ff:fe9e:1c56 Mar 13 21:06:06 ip-172-31-6-187 dhcpcd[57086]: xnf0: adding route to 2600:1f11:2f7:c100::/64 Mar 13 21:06:06 ip-172-31-6-187 dhcpcd[57086]: xnf0: adding default route via fe80::478:22ff:fe9e:1c56 Mar 13 21:06:06 ip-172-31-6-187 dhcpcd[57086]: xnf0: confirming prior DHCPv6 lease Mar 13 21:06:06 ip-172-31-6-187 dhcpcd[57086]: xnf0: REPLY6 received from fe80::478:22ff:fe9e:1c56 Mar 13 21:06:06 ip-172-31-6-187 dhcpcd[57086]: xnf0: adding address 2600:1f11:2f7:c100:89b:330e:88b3:603/128 Mar 13 21:06:06 ip-172-31-6-187 dhcpcd[57086]: xnf0: renew in 75, rebind in 120, expire in 450 seconds Mar 13 21:06:07 ip-172-31-6-187 dhcpcd[57086]: forked to background, child pid 30274 Mar 13 21:19:52 ip-172-31-6-187 dhcpcd[2325]: sending commands to master dhcpcd process Mar 13 21:19:52 ip-172-31-6-187 dhcpcd[30274]: control command: dhcpcd -6 Mar 13 21:20:08 ip-172-31-6-187 dhcpcd[30274]: received SIGTERM, stopping Mar 13 21:20:08 ip-172-31-6-187 dhcpcd[30274]: xnf0: removing interface Mar 13 21:20:09 ip-172-31-6-187 dhcpcd[48104]: DUID 00:04:2a:fe:2b:ec:35:48:74:74:11:0b:1a:22:a4:5d:90:db Mar 13 21:20:09 ip-172-31-6-187 dhcpcd[48104]: xnf0: IAID 63:26:e3:9c Mar 13 21:20:09 ip-172-31-6-187 dhcpcd[48104]: xnf0: soliciting a DHCP lease Mar 13 21:20:09 ip-172-31-6-187 dhcpcd[48104]: xnf0: offered 172.31.6.187 from 172.31.0.1 Mar 13 21:20:09 ip-172-31-6-187 dhcpcd[48104]: xnf0: leased 172.31.6.187 for 3600 seconds Mar 13 21:20:09 ip-172-31-6-187 dhcpcd[48104]: xnf0: adding route to 172.31.0.0/20 Mar 13 21:20:09 ip-172-31-6-187 dhcpcd[48104]: xnf0: adding default route via 172.31.0.1 Mar 13 21:20:09 ip-172-31-6-187 dhcpcd[48104]: forked to background, child pid 7891 Mar 13 21:20:09 ip-172-31-6-187 dhcpcd[7891]: xnf0: soliciting an IPv6 router Mar 13 21:20:16 ip-172-31-6-187 dhcpcd[7891]: xnf0: Router Advertisement from fe80::478:22ff:fe9e:1c56 Mar 13 21:20:16 ip-172-31-6-187 dhcpcd[7891]: xnf0: adding route to 2600:1f11:2f7:c100::/64 Mar 13 21:20:16 ip-172-31-6-187 dhcpcd[7891]: xnf0: adding default route via fe80::478:22ff:fe9e:1c56 Mar 13 21:20:16 ip-172-31-6-187 dhcpcd[7891]: xnf0: confirming prior DHCPv6 lease Mar 13 21:20:17 ip-172-31-6-187 dhcpcd[7891]: xnf0: REPLY6 received from fe80::478:22ff:fe9e:1c56 Mar 13 21:20:17 ip-172-31-6-187 dhcpcd[7891]: xnf0: adding address 2600:1f11:2f7:c100:89b:330e:88b3:603/128 Mar 13 21:20:17 ip-172-31-6-187 dhcpcd[7891]: xnf0: renew in 75, rebind in 120, expire in 450 seconds Mar 13 21:21:55 ip-172-31-6-187 dhcpcd[7891]: received SIGTERM, stopping Mar 13 21:21:55 ip-172-31-6-187 dhcpcd[7891]: xnf0: removing interface Mar 13 21:21:55 ip-172-31-6-187 dhcpcd[7891]: dhcpcd exited Mar 13 21:23:18 ip-172-31-6-187 dhcpcd[47479]:
Re: How to monitor class usage/limits?
On Fri 15/03 15:47, Stuart Henderson wrote: > On 2019-03-14, Joel Carnat wrote: > > Hi, > > > > The Internet is full of "OpenBSD desktop works better when rising > > datasize/maxproc/openfiles/stacksize in login.conf". One thing I can't > > manage to find is how you can monitor those values? > > > > I'm Ok to set arbitrary recommended values depending on system > > configuration and general usecases (like using Firefox/Chrome etc). But > > I would like to check for my current used values. Like looking at top > > or vmstat to know how much resources I'm actually using. And how often > > the system raises the 75% threshold. > > > > Is there a way to monitor these usage numbers to set adequate limits? > > > > TIA, > > Jo > > > > > > It doesn't show you everything, but you can check memory in 'maximum > resident set size': > > $ \time -l chrome > Thanks Stuart. This is needed for each command I run and want to be monitored, right? Reading the manpage for ps(1) once again, I ended wondering if that wasn't the answer to my initial question... # ps -ax -o pid,lim,rsz,dsiz,ssiz,tsiz,vsz,command | sed '2,/firefox/d' PID LIMRSZ DSIZ SSIZ TSIZVSZ COMMAND 69866 5875588 7072 3352 16 32 3400 /usr/local/libexec/gvfsd 74573 5875588 104524 188200 80 196 188476 /usr/local/lib/firefox/firefox (...) 67248 5875588 199444 263132 140 196 263468 /usr/local/lib/firefox/firefox (...) 5430 5875588 215532 291920 164 196 292280 /usr/local/lib/firefox/firefox (...) 59826 5875588 116908 190948 128 196 191272 /usr/local/lib/firefox/firefox (...) Does this indicates the values I'm looking for? Thanks.
Re: How to monitor class usage/limits?
On 2019-03-14, Joel Carnat wrote: > Hi, > > The Internet is full of "OpenBSD desktop works better when rising > datasize/maxproc/openfiles/stacksize in login.conf". One thing I can't > manage to find is how you can monitor those values? > > I'm Ok to set arbitrary recommended values depending on system > configuration and general usecases (like using Firefox/Chrome etc). But > I would like to check for my current used values. Like looking at top > or vmstat to know how much resources I'm actually using. And how often > the system raises the 75% threshold. > > Is there a way to monitor these usage numbers to set adequate limits? > > TIA, > Jo > > It doesn't show you everything, but you can check memory in 'maximum resident set size': $ \time -l chrome
Re: OpenBSD on Macbook 12" 2017?
On Fri, 15 Mar 2019 at 09:18:02 +0100, Harald Dunkel wrote: > Hi folks, > > does it work, OpenBSD on a 12" Macbook 2017? I tried Linux once, > but keyboard and trackpad were not working, so I kept MacOS. The keyboard and touchpad are connected over SPI now, so they require a new Intel SPI controller driver and then two custom drivers for the keyboard and touchpad. So no, the device does not work on OpenBSD unless you use a USB keyboard/mouse.
Re: OpenBSD on Macbook 12" 2017?
> does it work, OpenBSD on a 12" Macbook 2017? I tried Linux once, > but keyboard and trackpad were not working, so I kept MacOS. I'm running a snapshot of OpenBSD on an 8th gen Intel laptop (not a mac) without issue. I would suggest using dmesg to examine your hardware requirements and read over the FAQ, especially the networking section. https://www.openbsd.org/faq/index.html
Re: XSS vuln in cvsweb
On Fri, Mar 15, 2019 at 12:16:06PM -, Stuart Henderson wrote: > On 2019-03-15, Peter J. Philipp wrote: > > Hi all, > > > > I have been notified by a wonderful security researcher that my site was > > vulnerable to XSS attacks. The first one was on software I wrote, and the > > second one was on software I got from OpenBSD ports. Not sure if I should > > be writing this to the ports mailing list though. > > > > I have written Marc Espie with a patch that I produced for cvsweb, but > > haven't heard from him in 11 hours so I want to get this out to everyone. > > Yes, it should go to the ports mailing list. Check the "maintainer" line > in "pkg_info cvsweb". I don't know why you would send it to espie@. > Last person to have touched the Makefile. You know, last time I did an infrastructure sweep...
Re: XSS vuln in cvsweb
On 2019-03-15, Peter J. Philipp wrote: > Hi all, > > I have been notified by a wonderful security researcher that my site was > vulnerable to XSS attacks. The first one was on software I wrote, and the > second one was on software I got from OpenBSD ports. Not sure if I should > be writing this to the ports mailing list though. > > I have written Marc Espie with a patch that I produced for cvsweb, but > haven't heard from him in 11 hours so I want to get this out to everyone. Yes, it should go to the ports mailing list. Check the "maintainer" line in "pkg_info cvsweb". I don't know why you would send it to espie@.
OpenBSD on Macbook 12" 2017?
Hi folks, does it work, OpenBSD on a 12" Macbook 2017? I tried Linux once, but keyboard and trackpad were not working, so I kept MacOS. Looking on Google I found just Macbook Airs and Pros. Hopefully I wasn't too blind to see. Every helpful comment is highly appreciated Harri
Re: TLS suddenly not working over IKED site-to-site - SOLVED?
Den tors 14 mars 2019 kl 21:51 skrev Zhi-Qiang Lei : > Mine is resolved by applying a smaller max-mss in pf and disabling ipcomp. > Only disabling ipcomp didn’t work. > > > On Thu, Dec 20, 2018 at 6:54 PM Theodore Wynnychenko > wrote: > >> Then, I took the advice above, and disable ipcomp on the tunnel, and, > BAHM, https (and imaps) were working without an issue from openbsd, Windows > 7, and Macs! > I ran into something similar a while ago, and even if "fixing" https/imaps works with mss clamping, it will still cause issues with fragmented UDP and large icmp, since those will not care about mss, only TCP does. The problem is still there, its just a tcp-only workaround to lower mss in-flight for a problem that is mostly visible when doing *s services since they ship long lists of preferred algorithms which causes large packets to be sent, whereas simple ldap lookups or ntp/dns/http get by with less info sent and hence send smaller packets. Still, large non-tcp ip will see unexpected drops in such scenarios where you only lower mss and not the MTU on some in-between L3 interface so it correctly fragments when needed. -- May the most significant bit of your life be positive.
Call for Talk and Presentation Proposals for EuroBSDCon 2019 is open
EuroBSDcon 2019: Lillehammer, Norway The Call for Talk and presentation proposals for EuroBSDCon 2019 is now open. EuroBSDcon is the European technical conference for users and developers of BSD-based systems. The conference will take place September 19-22 2019 in Lillehammer, Norway. The tutorials will be held on Thursday and Friday to registered participants and the talks are presented to conference attendees on Saturday and Sunday. The Call for Talk and Presentation proposals period will close on May 26th, 2019. Prospective speakers will be notified of accepteance or otherwise by June 3rd, 2019. Call for Talk and Presentation Proposals (CFP) The EuroBSDcon program committee is inviting BSD developers and users to submit innovative and original talk proposals not previously presented at other European conferences. Topics of interest to the conference include, but are not limited to applications, architecture, implementation, performance and security of BSD-based operating systems, as well as topics concerning the economic or organizational aspects of BSD use. Presentations are expected to be 45 minutes and are to be delivered in English. Call for Tutorial Proposals The EuroBSDcon program committee is also inviting qualified practitioners in their field to submit proposals for half or full day tutorials on topics relevant to development, implementation and use of BSD-based systems. Half-day tutorials are expected to be 2.5 to 3 hours and full-day tutorials 5 to 6 hours. The tutorials and talks are to be held in English. Submissions Proposals should be sent through the registration system at https://registration.eurobsdcon.org. They should contain a short and concise text description in about 100 words as well as a short speaker bio. Speakers who will be applying for travel funding should also submit an estimate of expected travel expenses. Please also note that due to visa issues in the past, we would like to know as early as possible of any visa requirements for speakers. Please check the Norwegian Directorate of Immigration (UDI) web site https://www.udi.no/en/want-to-apply/visit-and-holiday/ for guidance. While Osem offers the option of adding a commercial and/or avatar to your proposal this is not expected (or supported at the moment). — Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. signature.asc Description: Message signed with OpenPGP
Re: cannot install iozone
On Fri, Mar 15, 2019 at 09:17:32AM +0300, Максим wrote: > Hello. > I cannot install iozone though it is shown using command pkglocate > $ pkglocate iozone > iozone-3.465:benchmarks/iozone:/usr/local/bin/iozone > iozone-3.465:benchmarks/iozone:/usr/local/man/man1/iozone.1 > > $ pkg_info -Q iozone > shows nothing > > $ doas pkg_add -i iozone > quirks-3.107 signed on 2019-03-14T12:02:09Z > Can't find iozone > > I don't understand what wrong with that package is. > OpenBSD 6.5 GENERIC.MP#758 amd64 $ cd /usr/ports/benchmarks/iozone/ && make show=PERMIT_PACKAGE_FTP incomplete/bad license -- Antoine
cannot install iozone
Hello. I cannot install iozone though it is shown using command pkglocate $ pkglocate iozone iozone-3.465:benchmarks/iozone:/usr/local/bin/iozone iozone-3.465:benchmarks/iozone:/usr/local/man/man1/iozone.1 $ pkg_info -Q iozone shows nothing $ doas pkg_add -i iozone quirks-3.107 signed on 2019-03-14T12:02:09Z Can't find iozone I don't understand what wrong with that package is. OpenBSD 6.5 GENERIC.MP#758 amd64 -- Best Regards Maksim Rodin
XSS vuln in cvsweb
Hi all, I have been notified by a wonderful security researcher that my site was vulnerable to XSS attacks. The first one was on software I wrote, and the second one was on software I got from OpenBSD ports. Not sure if I should be writing this to the ports mailing list though. I have written Marc Espie with a patch that I produced for cvsweb, but haven't heard from him in 11 hours so I want to get this out to everyone. The vuln was noticeable with this http string (but it's patched now): https://centroid.eu/cgi-bin/cvsweb/aim64/pci/vgafb.c?f=%22%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E Similarily I have picked an arbitrary location on OpenBSD's source tree and put the same string on it, you'll get an XSS vuln block in chrome for this: https://cvsweb.openbsd.org/src/sbin/clri/clri.c?f=%22%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E Now for the patch I have written, it took me about 2 hours yesterday to get any decent results, as I don't usually use perl and have written little in it. But here it is. I have applied this directly on the cvsweb cgi, but really it should be in the port's patches section. I'm hoping someone can help me with that when there is concensus that this patch is right. -> --- cvsweb.orig Thu Mar 14 18:30:06 2019 +++ cvsweb Thu Mar 14 20:15:56 2019 @@ -2612,7 +2612,7 @@ sprintf( '%s/%s?annotate=%s%s', $scriptname, urlencode($where), $_, - $barequery + htmlquote($barequery) ) ); } @@ -2625,7 +2625,7 @@ '[select for diffs]', sprintf( '%s?r1=%s%s', $scriptwhere, - $_, $barequery + $_, htmlquote($barequery) ) ); } else { @@ -2828,7 +2828,7 @@ foreach (@stickyvars) { printf('', $_, - $input{$_}) + htmlquote($input{$_})) if (defined($input{$_}) && ((!defined($DEFAULTVALUE{$_}) || $input{$_} ne $DEFAULTVALUE{$_}) && $input{$_} ne "")); @@ -3267,7 +3267,7 @@ join ('', $scriptname, urlencode($wherepath), (!$last || $lastslash ? '/' : ''), - $query, + htmlquote($query), (!$last || $lastslash ? "#dirlist" : "") )); } else {# do not make a link to the current dir @@ -3508,6 +3508,7 @@ # Special Characters; RFC 1866 s/&//g; s/\"//g; + s/%22//g; s///g; <- Best Regards, -peter