openbsd 6.9 release and current radeondrm boot fail
I have an inconsistent issue where MOST times I cannot fully boot with radeondrm enabled. When the booting kernel switches to a driver supported display with higher resolution I lose the display. I have a Radeon HD 5770 installed, and the dmesg seems to say CYPRESS. This doesn't seem correct. When boot fails the last line I see before losing display is: radeondrm0: CYPRESS Snapshot dmesg from successful boot with radeondrm enabled: OpenBSD 6.9-current (GENERIC.MP) #29: Fri May 21 13:20:08 MDT 2021 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 4276682752 (4078MB) avail mem = 4131631104 (3940MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xf06e0 (74 entries) bios0: vendor American Megatrends Inc. version "2402" date 01/06/2010 bios0: ASUSTeK Computer INC. M4A79T Deluxe acpi0 at bios0: ACPI 3.0 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP APIC MCFG OEMB HPET SSDT acpi0: wakeup devices PCE2(S4) PCE3(S4) PCE4(S4) PCE5(S4) PCE6(S4) PCE7(S4) PCE9(S4) PCEA(S4) PCEB(S4) PCEC(S4) SBAZ(S4) UAR1(S4) P0PC(S4) UHC1(S4) UHC2(S4) UHC3(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Phenom(tm) II X4 965 Processor, 3412.06 MHz, 10-04-03 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,ITSC cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative cpu0: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative cpu0: AMD erratum 721 detected and fixed cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 200MHz cpu0: mwait min=64, max=64, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD Phenom(tm) II X4 965 Processor, 3411.64 MHz, 10-04-03 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,ITSC cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu1: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative cpu1: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative cpu1: AMD erratum 721 detected and fixed cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: AMD Phenom(tm) II X4 965 Processor, 3411.64 MHz, 10-04-03 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,ITSC cpu2: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu2: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative cpu2: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative cpu2: AMD erratum 721 detected and fixed cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: AMD Phenom(tm) II X4 965 Processor, 3411.64 MHz, 10-04-03 cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE 3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MA SSE,3DNOWP,OSVW,IBS,SKINIT,ITSC cpu3: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu3: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative cpu3: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative cpu3: AMD erratum 721 detected and fixed cpu3: smt 0, core 3, package 0 ioapic0 at mainbus0: apid 4 pa 0xfec0, version 21, 24 pins acpimcfg0 at acpi0 acpimcfg0: addr 0xe000, bus 0-255 acpihpet0 at acpi0: 14318180 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 4 (PCE2) acpiprt2 at acpi0: bus -1 (PCE3) acpiprt3 at acpi0: bus -1 (PCE4) acpiprt4 at acpi0: bus -1 (PCE5) acpiprt5 at acpi0: bus 3 (PCE6) acpiprt6 at acpi0: bus 2 (PCE7) acpiprt7 at acpi0: bus -1 (PCE9) acpiprt8 at acpi0: bus -1 (PCEA) acpiprt9 at acpi0: bus -1 (PCEB) acpiprt10 at acpi0: bus -1 (PCEC) acpiprt11 at acpi0: bus 1 (P0PC) acpipci0 at acpi0 PCI0 acpicmos0 at acpi0 aibs0 at acpi0 RTMP RVLT RFAN GGRP GITM SITM aibs0: TSIF: 0: not a nameref: 257 type aibs0: TSIF: 1: not a nameref: 257 type aibs0: FSIF: 0: not a nameref: 257 type aibs0: FSIF: 1: not a nameref: 257 type aibs0: FSIF: 2: not a nameref: 257 type aib
Re: pf: antispoof with dynamic IP address?
> 22. mai 2021 kl. 17:02 skrev Mogens Jensen : > > > Let's say I'm assigned dynamic IP address 192.0.2.5/24 from my ISP on > external interface em0. > > antispoof em0 inet > > Expands to: > > block drop in on ! em0 inet from 192.0.2.0/24 to any > block drop in inet from 192.0.2.5 to any > > At some point when the IP lease is renewed, the ISP has assigned an > address from another block e.g. 203.0.113.21/24. I would now think that > the block rules created by antispoof are obsolete as they are not > updated with the new address, but why should it still work without > interface name in parentheses? I frankly haven’t tested what you describe in real life, but I think you have understood correctly. If your ISP throws you into a different network on lease renewal, things would go sideways without the parentheses. The two expand slightly differently, btw: [Sat May 22 17:14:23] peter@zelda:~$ cat antispoof antispoof for ure0 [Sat May 22 17:14:27] peter@zelda:~$ doas pfctl -vnf antispoof block drop in on ! ure0 inet from 10.10.10.0/24 to any block drop in inet from 10.10.10.10 to any [Sat May 22 17:14:30] peter@zelda:~$ cat antispoof_paren antispoof for (ure0) [Sat May 22 17:14:39] peter@zelda:~$ doas pfctl -vnf antispoof_paren block drop in on ! ure0 from (ure0:network) to any block drop in from (ure0) to any (Just now on a -current machine) All the best, Peter N. M. Hansteen — Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds. signature.asc Description: Message signed with OpenPGP
Re: pf: antispoof with dynamic IP address?
On Friday, May 21, 2021 8:22 AM, Peter N. M. Hansteen wrote: > quoting pf.conf(5): > > " The antispoof directive expands to a set of filter rules which will block > all traffic with a source IP from the network(s) directly connected to > the specified interface(s) from entering the system through any other > interface." > > This means essentially that the sample rules would fail to be effective > only if the interface you antispoof for has switched networks. I think > that is a relatively rare event for running firewalls and not doing a ruleset > reload. I'm still struggling with understanding why it works, please bear with me. Let's say I'm assigned dynamic IP address 192.0.2.5/24 from my ISP on external interface em0. antispoof em0 inet Expands to: block drop in on ! em0 inet from 192.0.2.0/24 to any block drop in inet from 192.0.2.5 to any At some point when the IP lease is renewed, the ISP has assigned an address from another block e.g. 203.0.113.21/24. I would now think that the block rules created by antispoof are obsolete as they are not updated with the new address, but why should it still work without interface name in parentheses? Thanks. Mogens Jensen
Re: email dkim signing failing with 6.8
I'm not sure what you're doing, but you show a piece of rspamd config for your signing, while you claim to use dkimproxy_out. I haven't used dkimproxy_out in a long time (basically since I wrote filter-dkimsign) but last time I used dkimproxy_in it worked as expected for rsa. Also note that dkimproxy doesn't have had a new release since 2011, which doesn't have to mean anything, but is usually not a great sign. If you really want to continue using dkimproxy I'd suggest running dkimproxy_out on the shell: /usr/local/bin/dkimproxy.out --conf_file=/etc/dkimproxy_out.conf --user=_dkimproxy --group=_dkimproxy and see what it spews out. Personally I'd replace dkimproxy with either (filter-)respamd or filter-dkimsign depending on your needs. martijn@ On Sat, 2021-05-22 at 11:44 +0200, flipchan wrote: > Hi all, > > > I upgraded from 6.6 to 6.8 and dkim magically stopped appending the dkim > signatures to my emails. I have tried to debug it but im not really > getting anywhere. dkimproxy_out is running without complains. > > Does anyone see what im doing wrong? > > > mail# cat /etc/mail/smtpd.conf > table aliases file:/etc/mail/aliases > #table other-relays file:/etc/mail/other-relays > > pki mail.example.com cert "/etc/ssl/mail.example.com.crt" > pki mail.example.com key "/etc/ssl/private/mail.example.com.key" > > filter "rspamd" proc-exec "/usr/local/libexec/smtpd/filter-rspamd" > > listen on vio0 port 587 hostname example.com tls-require pki > mail.example.com auth filter "rspamd" > #mask-src > listen on vio0 port 25 hostname example.com tls pki mail.example.com > filter "rspamd" > # auth-optional > > #action "mbox" mbox alias > #action "relay" relay > > #match for local action "mbox" > #match for any action "relay" > #match !from src mail-from "@example.com" for any \ > # reject > > listen on lo0 port 10028 tag DKIM > > action "mbox" mbox alias > action "relay" relay > action "relay_dkim" relay host smtp://127.0.0.1:10027 > match from any for domain example.com action "mbox" > > match auth from any for any action "relay" > match for local action "mbox" > match tag DKIM for any action "relay" > #match tag dkim for any action "relay" > #match tag DKIM for any action "outbound" > #match for any action relay_dkim > match auth from any for any action "relay_dkim" > mail# > dkim_signing.conf redis.conf > mail# cat /etc/rspamd/local.d/dkim_signing.conf > domain { > example.com { > path = "/var/dkimproxy/default.private"; > selector = "default"; > } > } > mail# uname -a > OpenBSD mail.firosolutions.com 6.8 GENERIC#5 amd64 > > > > Thanks! > > Sincerely, > > Flipchan >
email dkim signing failing with 6.8
Hi all, I upgraded from 6.6 to 6.8 and dkim magically stopped appending the dkim signatures to my emails. I have tried to debug it but im not really getting anywhere. dkimproxy_out is running without complains. Does anyone see what im doing wrong? mail# cat /etc/mail/smtpd.conf table aliases file:/etc/mail/aliases #table other-relays file:/etc/mail/other-relays pki mail.example.com cert "/etc/ssl/mail.example.com.crt" pki mail.example.com key "/etc/ssl/private/mail.example.com.key" filter "rspamd" proc-exec "/usr/local/libexec/smtpd/filter-rspamd" listen on vio0 port 587 hostname example.com tls-require pki mail.example.com auth filter "rspamd" #mask-src listen on vio0 port 25 hostname example.com tls pki mail.example.com filter "rspamd" # auth-optional #action "mbox" mbox alias #action "relay" relay #match for local action "mbox" #match for any action "relay" #match !from src mail-from "@example.com" for any \ # reject listen on lo0 port 10028 tag DKIM action "mbox" mbox alias action "relay" relay action "relay_dkim" relay host smtp://127.0.0.1:10027 match from any for domain example.com action "mbox" match auth from any for any action "relay" match for local action "mbox" match tag DKIM for any action "relay" #match tag dkim for any action "relay" #match tag DKIM for any action "outbound" #match for any action relay_dkim match auth from any for any action "relay_dkim" mail# dkim_signing.conf redis.conf mail# cat /etc/rspamd/local.d/dkim_signing.conf domain { example.com { path = "/var/dkimproxy/default.private"; selector = "default"; } } mail# uname -a OpenBSD mail.firosolutions.com 6.8 GENERIC#5 amd64 Thanks! Sincerely, Flipchan