Re: Questions on pf limit table-entries PFR_KENTRY_HIWAT_SMALL

[trondd]

On Sat, January 1, 2022 8:02 pm, Paul Pace wrote:
> Hello!
>
> I'm trying to understand the limits in PF, and I can't seem to figure
> this out:
>
> In pf.conf(5) I see two limits called table-entries, and one of them is
>
> table-entries PFR_KENTRY_HIWAT_SMALL  10
>
> Some searching and I found:
>
> grep PFR_KENTRY_HIWAT_SMALL /usr/include/net/pfvar.h
> #define PFR_KENTRY_HIWAT_SMALL10  /* Number of entries for tiny
> hosts */
>
> What is a tiny host?
>
> With the limit-item (table-entries) being used twice, does this somehow
> only apply to some system configuration I'm not using since pfctl -sm
> reports table-entries 20?
>
> Thank you,
>
> Paul
>
>

Answers are in the source.  In sys/net/pf_ioctl.c:

if (physmem <= atop(100*1024*1024))
pf_pool_limits[PF_LIMIT_TABLE_ENTRIES].limit =
PFR_KENTRY_HIWAT_SMALL;

回复: 转发: Apply for a new community group

[Boling Hanjingxue]

Hi,
Yifei Zhan,

Thanks for your reply, our community is still very much in its infancy. But we 
have built a documentation 
website. We will 
apply again later when the time is right.

Sincerely,
Hanjingxue Boling.

发件人: Yifei Zhan 
发送时间: 2022年1月1日 10:43
收件人: Boling Hanjingxue 
抄送: OpenBSD Misc ML 
主题: Re: 转发: Apply for a new community group

On 22/01/01 02:26AM, Boling Hanjingxue wrote:
>
> I am Hanjingxue from a newly
> established openBSD community, and we are building a Chinese openBSD
> community. We would like
> that the openBSD project will add the “openBSD 中文结社” to the list
> of OpenBSD User Groups as well.

I'm not sure how this community is supposed to work and the linked
community page is effectively empty. I would expect things like a list
of upcoming events and at least some text to explain what you are doing.
Just saying 'Chinese OpenBSD Association' is too vague to be useful to
your readers.

Maybe grow your community a bit and then apply again?

>
> 
> Detailed information:
> 0
> C China
> P Bejing
> T Chaoyang
> F Irregular
> O OpenBSD Chinese Association
> I BearChild
> M zh-open...@protonmail.com
> U https://github.com/openbsd-zh-association
> N OpenBSD|*BSD

[PATCH 1/4] script(1): actually bubble child errors

[наб]

script.1 says
> script will exit with the status of 0 unless any of its child
> processes fail, in which case, script will return 1.
This is a patent lie: it only exits with 1 if the host or writer
processes fail, not the actual child

Instead, wait for the child in the writer process and bubble its status
up verbatim (for signals ‒ as shell-style 128+sig)
---
 usr.bin/script/script.c | 18 --
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/usr.bin/script/script.c b/usr.bin/script/script.c
index da22623ff..763975d6a 100644
--- a/usr.bin/script/script.c
+++ b/usr.bin/script/script.c
@@ -251,16 +251,12 @@ dooutput(void)
 
sigemptyset();
sigaddset(, SIGALRM);
+   sigaddset(, SIGCHLD);
bzero(, sizeof sa);
sigemptyset(_mask);
sa.sa_handler = scriptflush;
(void)sigaction(SIGALRM, , NULL);
 
-   bzero(, sizeof sa);
-   sigemptyset(_mask);
-   sa.sa_handler = SIG_IGN;
-   (void)sigaction(SIGCHLD, , NULL);
-
if (pledge("stdio proc", NULL) == -1)
err(1, "pledge");
 
@@ -295,7 +291,17 @@ dooutput(void)
outcc += cc;
sigprocmask(SIG_UNBLOCK, , NULL);
}
-   done(0);
+
+   int e = 0, err;
+   while ((err = wait()) == -1 && errno == EINTR)
+   ;
+   if (err != -1) {
+   if (WIFEXITED(e))
+   e = WEXITSTATUS(e);
+   else
+   e = 128 + WTERMSIG(e);
+   }
+   done(e);
 }
 
 void
-- 
2.30.2



signature.asc
Description: PGP signature

[PATCH 2/4] script(1): simplify shell execution

[наб]

Use execl in both paths and the same warn() call
---
 usr.bin/script/script.c | 17 ++---
 1 file changed, 6 insertions(+), 11 deletions(-)

diff --git a/usr.bin/script/script.c b/usr.bin/script/script.c
index 763975d6a..fd2829033 100644
--- a/usr.bin/script/script.c
+++ b/usr.bin/script/script.c
@@ -313,10 +313,7 @@ scriptflush(int signo)
 void
 doshell(char *cmd)
 {
-   char *shell;
-   char *argp[] = {"sh", "-c", NULL, NULL};
-
-   shell = getenv("SHELL");
+   const char *shell = cmd ? NULL : getenv("SHELL");
if (shell == NULL)
shell = _PATH_BSHELL;
 
@@ -324,14 +321,12 @@ doshell(char *cmd)
(void)fclose(fscript);
login_tty(slave);
 
-   if (cmd != NULL) {
-   argp[2] = cmd;
-   execv(_PATH_BSHELL, argp);
-   warn("unable to execute %s", _PATH_BSHELL);
-   } else {
+   if (cmd != NULL)
+   execl(shell, "sh", "-c", cmd, (char *)NULL);
+   else
execl(shell, shell, "-i", (char *)NULL);
-   warn("%s", shell);
-   }
+
+   warn("unable to execute %s", shell);
fail();
 }
 
-- 
2.30.2



signature.asc
Description: PGP signature

[PATCH 3/4] script(1): fix exit status wording, use 125 for general failure

[наб]

This is a base-line attempt at separating errors from the child from the
ones from script itself ‒ 125 is the general-purpose code in POSIX
utilities that exec() (with 126 being ENOEXEC and 127 ‒ ENOENT)
---
 usr.bin/script/script.1 | 6 ++
 usr.bin/script/script.c | 6 +++---
 2 files changed, 5 insertions(+), 7 deletions(-)

diff --git a/usr.bin/script/script.1 b/usr.bin/script/script.1
index 7bc559377..28783961a 100644
--- a/usr.bin/script/script.1
+++ b/usr.bin/script/script.1
@@ -80,10 +80,8 @@ or control-D
 .Pq Ql ^D
 will exit most interactive shells).
 .Nm
-will exit with the status of 0 unless any of its child
-processes fail, in which case,
-.Nm
-will return 1.
+will exit with the status of the shell,
+or 125 if it failed to start it.
 .Pp
 Certain interactive commands, such as
 .Xr vi 1 ,
diff --git a/usr.bin/script/script.c b/usr.bin/script/script.c
index fd2829033..1c2db608d 100644
--- a/usr.bin/script/script.c
+++ b/usr.bin/script/script.c
@@ -119,7 +119,7 @@ main(int argc, char *argv[])
default:
fprintf(stderr, "usage: %s [-a] [-c command] [file]\n",
__progname);
-   exit(1);
+   exit(125);
}
argc -= optind;
argv += optind;
@@ -206,7 +206,7 @@ void
 finish(int signo)
 {
int save_errno = errno;
-   int status, e = 1;
+   int status, e = 125;
pid_t pid;
 
while ((pid = wait3(, WNOHANG, 0)) > 0) {
@@ -335,7 +335,7 @@ fail(void)
 {
 
(void)kill(0, SIGTERM);
-   done(1);
+   done(125);
 }
 
 void
-- 
2.30.2



signature.asc
Description: PGP signature

[PATCH 4/4] script(1): explicitly specify sh -c

[наб]

The original wording is weird and doesn't explicitly say that it does
sh -c, which is the fundamental point ‒ spell it out directly
---
 usr.bin/script/script.1 | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/usr.bin/script/script.1 b/usr.bin/script/script.1
index 28783961a..b9a0f0411 100644
--- a/usr.bin/script/script.1
+++ b/usr.bin/script/script.1
@@ -69,8 +69,8 @@ retaining the prior contents.
 .It Fl c Ar command
 Run
 .Ar command
+.Pq via Nm sh Fl c Ar command
 instead of an interactive shell.
-To run a command with arguments, enclose both in quotes.
 .El
 .Pp
 The script ends when the forked program exits (an
-- 
2.30.2


signature.asc
Description: PGP signature

Re: disk lights on but top showed nothing!

[Letcher Ross]

Perhaps it was your Megaraid controller doing a patrol read or
consistency check?

-Taru

On Sat, Jan 1, 2022 at 12:13 PM Luke Small  wrote:

> 6 disk raid 10 15000 rpm array (2 mirroring x 3 striping) with a raid card
> which can handle a maximum of 8 disks. It didn’t last forever.
>
> mfii0 at pci12 dev 0 function 0 "Symbios Logic MegaRAID SAS2208" rev 0x05:
> msi
> mfii0: "LSI MegaRAID SAS 9271-8i", firmware 23.28.0-0010, 1024MB cache
> scsibus2 at mfii0: 64 targets
> sd0 at scsibus2 targ 0 lun 0: 
> naa.600605b00902fb50217c572a11e3e137
> sd0: 418464MB, 512 bytes/sector, 857014272 sectors
> scsibus3 at mfii0: 256 targets
> ppb11 at pci7 dev 9 function 0 "Intel X58 PCIE" rev 0x22: msi
> pci13 at ppb11 bus 135
> "Intel X58 IOxAPIC" rev 0x22 at pci7 dev 19 function 0 not configured
> "Intel X58 Misc" rev 0x22 at pci7 dev 20 function 0 not configured
> "Intel X58 GPIO" rev 0x22 at pci7 dev 20 function 1 not configured
> "Intel X58 RAS" rev 0x22 at pci7 dev 20 function 2 not configured
> "Intel X58 Throttle" rev 0x22 at pci7 dev 20 function 3 not configured
> "Intel X58 QuickData" rev 0x22 at pci7 dev 22 function 0 not configured
> "Intel X58 QuickData" rev 0x22 at pci7 dev 22 function 1 not configured
> "Intel X58 QuickData" rev 0x22 at pci7 dev 22 function 2 not configured
> "Intel X58 QuickData" rev 0x22 at pci7 dev 22 function 3 not configured
> "Intel X58 QuickData" rev 0x22 at pci7 dev 22 function 4 not configured
> "Intel X58 QuickData" rev 0x22 at pci7 dev 22 function 5 not configured
> "Intel X58 QuickData" rev 0x22 at pci7 dev 22 function 6 not configured
> "Intel X58 QuickData" rev 0x22 at pci7 dev 22 function 7 not configured
> vmm0 at mainbus0: VMX/EPT
> dt: 445 probes
> vscsi0 at root
> scsibus4 at vscsi0: 256 targets
> softraid0 at root
> scsibus5 at softraid0: 256 targets
> sd1 at scsibus5 targ 1 lun 0: 
> sd1: 418458MB, 512 bytes/sector, 857002898 sectors
> sd2 at scsibus1 targ 5 lun 0: 
> naa.5001173100147bc4
> sd2: 95367MB, 512 bytes/sector, 195312501 sectors
> sd3 at scsibus1 targ 6 lun 0: 
> naa.5001173100146d54
> sd3: 95367MB, 512 bytes/sector, 195312501 sectors
> sd4 at scsibus1 targ 7 lun 0: 
> naa.50011731001432cc
> sd4: 95367MB, 512 bytes/sector, 195312501 sectors
> sd5 at scsibus1 targ 8 lun 0: 
> naa.500117310014346c
> sd5: 95367MB, 512 bytes/sector, 195312501 sectors
> disklabels not read:
> root on sd1a (7f4c2a49b672064f.a) swap on sd1b dump on sd1b
> radeondrm0: CAICOS
> radeondrm0: 1920x1080, 32bpp
> wsdisplay0 at radeondrm0 mux 1: console (std, vt100 emulation), using
> wskbd0
> wsdisplay0: screen 1-5 added (std, vt100 emulation)
>
> On Sat, Jan 1, 2022 at 4:22 AM Crystal Kolipe 
> wrote:
>
> > On Sat, Jan 01, 2022 at 12:01:28AM -0600, Luke Small wrote:
> > > The lights on my server which shows that the disks are busy were on and
> > not
> > > just flashing and I looked at top and usually it???s because security
> is
> > > running, but this time NOTHING! I even killed Firefox and by far the
> > > busiest thing on there was top! pftop didn???t seem especially busy
> > either!
> >
> > From the extremely limited information you've given, it's hard to
> diagnose
> > the problem.
> >
> > In future, please include the output of dmesg and the output of relevant
> > commands in problem reports.  This answers questions such as: how many
> > disks are in this server?  Are they part of an array?
> >
> > Did the output from top show a process with low or zero cpu usage, but
> > stuck in the biowait state?
> >
> > This can happen, for example, if you have a bad or failing data cable
> from
> > the disk to the motherboard.  It can also happen with some SSDs, likely
> due
> > to the firmware doing some kind of internal management of the flash
> memory.
> >
> --
> -Luke
>

Re: disk lights on but top showed nothing!

[Luke Small]

6 disk raid 10 15000 rpm array (2 mirroring x 3 striping) with a raid card
which can handle a maximum of 8 disks. It didn’t last forever.

mfii0 at pci12 dev 0 function 0 "Symbios Logic MegaRAID SAS2208" rev 0x05:
msi
mfii0: "LSI MegaRAID SAS 9271-8i", firmware 23.28.0-0010, 1024MB cache
scsibus2 at mfii0: 64 targets
sd0 at scsibus2 targ 0 lun 0: 
naa.600605b00902fb50217c572a11e3e137
sd0: 418464MB, 512 bytes/sector, 857014272 sectors
scsibus3 at mfii0: 256 targets
ppb11 at pci7 dev 9 function 0 "Intel X58 PCIE" rev 0x22: msi
pci13 at ppb11 bus 135
"Intel X58 IOxAPIC" rev 0x22 at pci7 dev 19 function 0 not configured
"Intel X58 Misc" rev 0x22 at pci7 dev 20 function 0 not configured
"Intel X58 GPIO" rev 0x22 at pci7 dev 20 function 1 not configured
"Intel X58 RAS" rev 0x22 at pci7 dev 20 function 2 not configured
"Intel X58 Throttle" rev 0x22 at pci7 dev 20 function 3 not configured
"Intel X58 QuickData" rev 0x22 at pci7 dev 22 function 0 not configured
"Intel X58 QuickData" rev 0x22 at pci7 dev 22 function 1 not configured
"Intel X58 QuickData" rev 0x22 at pci7 dev 22 function 2 not configured
"Intel X58 QuickData" rev 0x22 at pci7 dev 22 function 3 not configured
"Intel X58 QuickData" rev 0x22 at pci7 dev 22 function 4 not configured
"Intel X58 QuickData" rev 0x22 at pci7 dev 22 function 5 not configured
"Intel X58 QuickData" rev 0x22 at pci7 dev 22 function 6 not configured
"Intel X58 QuickData" rev 0x22 at pci7 dev 22 function 7 not configured
vmm0 at mainbus0: VMX/EPT
dt: 445 probes
vscsi0 at root
scsibus4 at vscsi0: 256 targets
softraid0 at root
scsibus5 at softraid0: 256 targets
sd1 at scsibus5 targ 1 lun 0: 
sd1: 418458MB, 512 bytes/sector, 857002898 sectors
sd2 at scsibus1 targ 5 lun 0: 
naa.5001173100147bc4
sd2: 95367MB, 512 bytes/sector, 195312501 sectors
sd3 at scsibus1 targ 6 lun 0: 
naa.5001173100146d54
sd3: 95367MB, 512 bytes/sector, 195312501 sectors
sd4 at scsibus1 targ 7 lun 0: 
naa.50011731001432cc
sd4: 95367MB, 512 bytes/sector, 195312501 sectors
sd5 at scsibus1 targ 8 lun 0: 
naa.500117310014346c
sd5: 95367MB, 512 bytes/sector, 195312501 sectors
disklabels not read:
root on sd1a (7f4c2a49b672064f.a) swap on sd1b dump on sd1b
radeondrm0: CAICOS
radeondrm0: 1920x1080, 32bpp
wsdisplay0 at radeondrm0 mux 1: console (std, vt100 emulation), using wskbd0
wsdisplay0: screen 1-5 added (std, vt100 emulation)

On Sat, Jan 1, 2022 at 4:22 AM Crystal Kolipe 
wrote:

> On Sat, Jan 01, 2022 at 12:01:28AM -0600, Luke Small wrote:
> > The lights on my server which shows that the disks are busy were on and
> not
> > just flashing and I looked at top and usually it???s because security is
> > running, but this time NOTHING! I even killed Firefox and by far the
> > busiest thing on there was top! pftop didn???t seem especially busy
> either!
>
> From the extremely limited information you've given, it's hard to diagnose
> the problem.
>
> In future, please include the output of dmesg and the output of relevant
> commands in problem reports.  This answers questions such as: how many
> disks are in this server?  Are they part of an array?
>
> Did the output from top show a process with low or zero cpu usage, but
> stuck in the biowait state?
>
> This can happen, for example, if you have a bad or failing data cable from
> the disk to the motherboard.  It can also happen with some SSDs, likely due
> to the firmware doing some kind of internal management of the flash memory.
>
-- 
-Luke

Re: The License of the Official Website

[Maurice McCarthy]

I think the best place to look is here:
https://www.openbsd.org/policy.html

Good Luck

The License of the Official Website

[Suote127]

Hi list,
I am a developer from China and we are considering translating the
official OpenBSD website (especially the FAQ) into Chinese.
But we have not found the license of the website.Could we do this?
If so,what license should we use?

Yours,
Suote127

Re: disk lights on but top showed nothing!

[Crystal Kolipe]

On Sat, Jan 01, 2022 at 12:01:28AM -0600, Luke Small wrote:
> The lights on my server which shows that the disks are busy were on and not
> just flashing and I looked at top and usually it???s because security is
> running, but this time NOTHING! I even killed Firefox and by far the
> busiest thing on there was top! pftop didn???t seem especially busy either!

>From the extremely limited information you've given, it's hard to diagnose the 
>problem.

In future, please include the output of dmesg and the output of relevant 
commands in problem reports.  This answers questions such as: how many disks 
are in this server?  Are they part of an array?

Did the output from top show a process with low or zero cpu usage, but stuck in 
the biowait state?

This can happen, for example, if you have a bad or failing data cable from the 
disk to the motherboard.  It can also happen with some SSDs, likely due to the 
firmware doing some kind of internal management of the flash memory.