Re: Relayd Help Needed

2020-11-08 Thread Lari Huttunen 
On Sat, Nov 07, 2020 at 09:56:29PM +0100, Sebastian Benoit wrote:
> Lari Huttunen(open...@huttu.net) on 2020.11.07 15:01:04 +:
> > On Sat, Nov 07, 2020 at 08:29:12AM +, Lari Huttunen wrote:
> > > Cheers!
> > 
> > The only downside is that for unknown request types I still get a
> > 500 from relayd. For example:
> > 
> > $ curl -i -X WHATNOT https://www.huttu.net
> > HTTP/1.0 500 Internal Server Error
> > Date: Sat, 07 Nov 2020 14:55:32 GMT
> > Server: OpenBSD relayd
> > Connection: close
> > Content-Type: text/html
> > Content-Length: 442
> > 
> > Is that the intended behavior?
> 
> Yes,
> 
> see relay_read_http() in relay_http.c.
> 
> Unknown http methods reult in a 500 error.

OK, the way I read the HTTP specification, the more suitable responses might be
either:

400 BAD Request: https://tools.ietf.org/html/rfc7231#section-6.5.1 

   The 400 (Bad Request) status code indicates that the server cannot or
   will not process the request due to something that is perceived to be
   a client error (e.g., malformed request syntax, invalid request
   message framing, or deceptive request routing).

501 Not Implemented: https://tools.ietf.org/html/rfc7231#section-6.6.2

   The 501 (Not Implemented) status code indicates that the server does
   not support the functionality required to fulfill the request.  This
   is the appropriate response when the server does not recognize the
   request method and is not capable of supporting it for any resource.

   A 501 response is cacheable by default; i.e., unless otherwise
   indicated by the method definition or explicit cache controls (see
   Section 4.2.2 of [RFC7234]).

> > >  * ability to control the behavior of relayd based on the response
> > >code from the backend IPFS web server, e.g. upon a 404, redirecting to 
> > >generic 404 page on the httpd.
> > 
> > So what remains missing is the ability to control the responses
> > back to the client in a controlled manner.
> > 
> > Does anyone have a recipe for this, please?
> 
> You should be able to set a Location header on a response:
> 
> match response header set "Location" value "https://something; tagged "FOO"

Unfortunately this does not work, or at least I was unable to make it work,
as the matching above is tied to the response header, not the response code,
which not a header, but a status-line.

I did try a different approach in the relay section, but it failed in a
different way as it does not seem to be intended for my use case:

table  { $private }
table  disable { $private }

# Check for 200 and then use a fallback that is routed to
# httpd.
forward to  port 8080 check http "/" code 200 
forward to  port 8081

It works as long as the front-end code results in 200 vs. 404. In reality,
modern (static) web page response codes are more dynamic. I observed the
following valid response codes in addition to 200, which broke my 
test setup above:

304 Not modified: https://tools.ietf.org/html/rfc7232#section-4.1
307 Temporary redirect: https://tools.ietf.org/html/rfc7231#section-6.4.7
204 No Content: https://tools.ietf.org/html/rfc7231#section-6.3.5

Is there a way to just catch the 404 responses from the backend instead 
of trying whitelist the valid responses?

The way I understand it is that relayd is capable of altering the behavior
based on the response headers, but not the response status-line, which
precedes it.

https://tools.ietf.org/html/rfc7230#section-3.1.2

Have I misunderstood something?

Best regards,

Lari Huttunen
-- 
"See the unseen."

Re: Snapshot crash on boot, "entry point at: 0x1001000" (Intel Gemini Lake)

2020-11-08 Thread Patrick Wildt 
On Sun, Nov 08, 2020 at 06:30:25PM +0400, Michel von Behr wrote:
> Upgrading to snapshot did the trick - thanks for the great work!
> 
> FWIW, I still see a quick message "entry point at: ..." just blinking, but
> the system boots normally. There are a few devices not identified, most
> importantly the Touchpad (i.e., HTIX5288). Below is dmesg:

That message is *not* an error message.  It simply tells you where to
which address the bootloader will now jump.  I'd be concerned if it
didn't show up. ;)

> OpenBSD 6.8-current (GENERIC.MP ) #164: Thu Nov  5
> 15:11:03 MST 2020
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> 
> real mem = 8388608000 (8000MB)
> avail mem = 8119074816 (7742MB)
> random: good seed from bootblocks
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.8 @ 0x7a01f000 (78 entries)
> bios0: vendor American Megatrends Inc. version "E.G140J.D8.E1.016.bin" date
> 11/29/2019
> bios0: Default string LapBook Pro
> acpi0 at bios0: ACPI 6.1
> acpi0: sleep states S0 S3 S4 S5
> acpi0: tables DSDT FACP FPDT FIDT MSDM MCFG HPET LPIT APIC NPKT SSDT SSDT
> SSDT SSDT SSDT SSDT SSDT SSDT SSDT UEFI TPM2 DBGP DBG2 WDAT WSMT
> acpi0: wakeup devices LID0(S3) HDAS(S3) XHC_(S3) XDCI(S4) RP01(S4) PXSX(S4)
> RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) PXSX(S4)
> RP06(S4) PXSX(S4)
> acpitimer0 at acpi0: 3579545 Hz, 32 bits
> acpimcfg0 at acpi0
> acpimcfg0: addr 0xe000, bus 0-255
> acpihpet0 at acpi0: 1920 Hz
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Celeron(R) N4100 CPU @ 1.10GHz, 1097.34 MHz, 06-7a-01
> cpu0:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,UMIP,MD_CLEAR,IBRS,IBPB,STIBP,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
> cpu0: 4MB 64b/line 16-way L2 cache
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
> cpu0: apic clock running at 19MHz
> cpu1 at mainbus0: apid 2 (application processor)
> cpu1: Intel(R) Celeron(R) N4100 CPU @ 1.10GHz, 1096.97 MHz, 06-7a-01
> cpu1:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,UMIP,MD_CLEAR,IBRS,IBPB,STIBP,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
> cpu1: 4MB 64b/line 16-way L2 cache
> cpu1: smt 0, core 1, package 0
> cpu2 at mainbus0: apid 4 (application processor)
> cpu2: Intel(R) Celeron(R) N4100 CPU @ 1.10GHz, 1096.97 MHz, 06-7a-01
> cpu2:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,UMIP,MD_CLEAR,IBRS,IBPB,STIBP,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
> cpu2: 4MB 64b/line 16-way L2 cache
> cpu2: smt 0, core 2, package 0
> cpu3 at mainbus0: apid 6 (application processor)
> cpu3: Intel(R) Celeron(R) N4100 CPU @ 1.10GHz, 1096.97 MHz, 06-7a-01
> cpu3:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,UMIP,MD_CLEAR,IBRS,IBPB,STIBP,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
> cpu3: 4MB 64b/line 16-way L2 cache
> cpu3: smt 0, core 3, package 0
> ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 120 pins
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus -1 (RP01)
> acpiprt2 at acpi0: bus -1 (RP02)
> acpiprt3 at acpi0: bus 1 (RP03)
> acpiprt4 at acpi0: bus -1 (RP04)
> acpiprt5 at acpi0: bus -1 (RP05)
> acpiprt6 at acpi0: bus -1 (RP06)
> acpiec0 at acpi0
> acpi0: GPE 0x26 already enabled
> glkgpio0 at acpi0 GPO3 uid 4 addr 0xd0c8/0x82f irq 14, 35 pins
> acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001
> acpiac0 at acpi0: AC unit offline
> acpibat0 at acpi0: BAT0 model "Li-ion Battery" serial 00 type Lion oem "GLK
> MRD"
> acpibtn0 at acpi0: LID0
> "HTIX5288" at acpi0 not configured
> "ID9001" at acpi0

Re: Snapshot crash on boot, "entry point at: 0x1001000" (Intel Gemini Lake)

2020-11-08 Thread Michel von Behr 
Upgrading to snapshot did the trick - thanks for the great work!

FWIW, I still see a quick message "entry point at: ..." just blinking, but
the system boots normally. There are a few devices not identified, most
importantly the Touchpad (i.e., HTIX5288). Below is dmesg:

OpenBSD 6.8-current (GENERIC.MP ) #164: Thu Nov  5
15:11:03 MST 2020
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

real mem = 8388608000 (8000MB)
avail mem = 8119074816 (7742MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0x7a01f000 (78 entries)
bios0: vendor American Megatrends Inc. version "E.G140J.D8.E1.016.bin" date
11/29/2019
bios0: Default string LapBook Pro
acpi0 at bios0: ACPI 6.1
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP FPDT FIDT MSDM MCFG HPET LPIT APIC NPKT SSDT SSDT
SSDT SSDT SSDT SSDT SSDT SSDT SSDT UEFI TPM2 DBGP DBG2 WDAT WSMT
acpi0: wakeup devices LID0(S3) HDAS(S3) XHC_(S3) XDCI(S4) RP01(S4) PXSX(S4)
RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) PXSX(S4)
RP06(S4) PXSX(S4)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimcfg0 at acpi0
acpimcfg0: addr 0xe000, bus 0-255
acpihpet0 at acpi0: 1920 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Celeron(R) N4100 CPU @ 1.10GHz, 1097.34 MHz, 06-7a-01
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,UMIP,MD_CLEAR,IBRS,IBPB,STIBP,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu0: 4MB 64b/line 16-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 19MHz
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Celeron(R) N4100 CPU @ 1.10GHz, 1096.97 MHz, 06-7a-01
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,UMIP,MD_CLEAR,IBRS,IBPB,STIBP,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu1: 4MB 64b/line 16-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Celeron(R) N4100 CPU @ 1.10GHz, 1096.97 MHz, 06-7a-01
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,UMIP,MD_CLEAR,IBRS,IBPB,STIBP,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu2: 4MB 64b/line 16-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Celeron(R) N4100 CPU @ 1.10GHz, 1096.97 MHz, 06-7a-01
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,UMIP,MD_CLEAR,IBRS,IBPB,STIBP,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu3: 4MB 64b/line 16-way L2 cache
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 120 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (RP01)
acpiprt2 at acpi0: bus -1 (RP02)
acpiprt3 at acpi0: bus 1 (RP03)
acpiprt4 at acpi0: bus -1 (RP04)
acpiprt5 at acpi0: bus -1 (RP05)
acpiprt6 at acpi0: bus -1 (RP06)
acpiec0 at acpi0
acpi0: GPE 0x26 already enabled
glkgpio0 at acpi0 GPO3 uid 4 addr 0xd0c8/0x82f irq 14, 35 pins
acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001
acpiac0 at acpi0: AC unit offline
acpibat0 at acpi0: BAT0 model "Li-ion Battery" serial 00 type Lion oem "GLK
MRD"
acpibtn0 at acpi0: LID0
"HTIX5288" at acpi0 not configured
"ID9001" at acpi0 not configured
acpicmos0 at acpi0
glkgpio1 at acpi0 GPO1 uid 1 addr 0xd0c4/0xcef irq 14, 80 pins
glkgpio2 at acpi0 GPO0 uid 2 addr 0xd0c5/0xaff irq 14, 80 pins
glkgpio3 at acpi0 GPO2 uid 3 addr 0xd0c9/0x7bf irq 15, 20 pins
"INT33A1" at acpi0 not configured
"MSFT0101" at acpi0 not configured
acpibtn1 at acpi0: PWRB
acpihid0 at acpi0: HIDD, 5 button array

iked vs IPsec failover (carp & sasyncd)

2020-11-08 Thread Harald Dunkel 

Hi folks,

wrt IPsec failover via sasyncd and carp: sasyncd(8) and iked(8) don't
seem to tell, but I would guess that all hosts on the carp interface
have to share the private key to support renegotiation.

How can I tell iked which private key to use, instead of local.key?
Is there a similar naming scheme as for the foreign public keys?

Every insightful comment is highly appreciated
Harri