Re: does anybody else seeing this? (NUT)

[Gregory Edigarov]

On Mon, 13 Nov 2023 16:20:47 +0200
Gregory Edigarov  wrote:

> Hello,
> 
> After upgrading to the latest snapshot, my system seems ups lost.
> addr 02: 0665:5161 Mustek Systems, PowerMust 800
>low speed, power 100 mA, config 1, rev 0.03
>driver: ugen0
> 
> /etc/nut/ups.conf:
> 
> [njoy]
>   driver = "nutdrv_qx"
>   vendorid = "0665"
>   productid = "5161"
>   bus = "000"
>   pollinterval = "10"
>   port = "auto"
> 
> # ls -l /dev/ugen0* 
> crw-rw  1 root  _ups  63,  0 Nov 12 12:45 /dev/ugen0.00
> crw-rw  1 root  _ups  63,  1 Nov 12 12:45 /dev/ugen0.01
> crw-rw  1 root  _ups  63,  2 Nov 12 12:45 /dev/ugen0.02
> crw-rw  1 root  _ups  63,  3 Nov 12 12:45 /dev/ugen0.03
> crw-rw  1 root  _ups  63,  4 Nov 12 12:45 /dev/ugen0.04
> crw-rw  1 root  _ups  63,  5 Nov 12 12:45 /dev/ugen0.05
> crw-rw  1 root  _ups  63,  6 Nov 12 12:45 /dev/ugen0.06
> crw-rw  1 root  _ups  63,  7 Nov 12 12:45 /dev/ugen0.07
> crw-rw  1 root  _ups  63,  8 Nov 12 12:45 /dev/ugen0.08
> crw-rw  1 root  _ups  63,  9 Nov 12 12:45 /dev/ugen0.09
> crw-rw  1 root  _ups  63, 10 Nov 12 12:45 /dev/ugen0.10
> crw-rw  1 root  _ups  63, 11 Nov 12 12:45 /dev/ugen0.11
> crw-rw  1 root  _ups  63, 12 Nov 12 12:45 /dev/ugen0.12
> crw-rw  1 root  _ups  63, 13 Nov 12 12:45 /dev/ugen0.13
> crw-rw  1 root  _ups  63, 14 Nov 12 12:45 /dev/ugen0.14
> crw-rw  1 root  _ups  63, 15 Nov 12 12:45 /dev/ugen0.15
> 
> it was working correctly before upgrade, but now it doesn't
> 
> what's my mistake?
> 

oh, it is no need to set bus parameter now... 

does anybody else seeing this? (NUT)

[Gregory Edigarov]

Hello,

After upgrading to the latest snapshot, my system seems ups lost.
addr 02: 0665:5161 Mustek Systems, PowerMust 800
 low speed, power 100 mA, config 1, rev 0.03
 driver: ugen0

/etc/nut/ups.conf:

[njoy]
driver = "nutdrv_qx"
vendorid = "0665"
productid = "5161"
bus = "000"
pollinterval = "10"
port = "auto"

# ls -l /dev/ugen0* 
crw-rw  1 root  _ups  63,  0 Nov 12 12:45 /dev/ugen0.00
crw-rw  1 root  _ups  63,  1 Nov 12 12:45 /dev/ugen0.01
crw-rw  1 root  _ups  63,  2 Nov 12 12:45 /dev/ugen0.02
crw-rw  1 root  _ups  63,  3 Nov 12 12:45 /dev/ugen0.03
crw-rw  1 root  _ups  63,  4 Nov 12 12:45 /dev/ugen0.04
crw-rw  1 root  _ups  63,  5 Nov 12 12:45 /dev/ugen0.05
crw-rw  1 root  _ups  63,  6 Nov 12 12:45 /dev/ugen0.06
crw-rw  1 root  _ups  63,  7 Nov 12 12:45 /dev/ugen0.07
crw-rw  1 root  _ups  63,  8 Nov 12 12:45 /dev/ugen0.08
crw-rw  1 root  _ups  63,  9 Nov 12 12:45 /dev/ugen0.09
crw-rw  1 root  _ups  63, 10 Nov 12 12:45 /dev/ugen0.10
crw-rw  1 root  _ups  63, 11 Nov 12 12:45 /dev/ugen0.11
crw-rw  1 root  _ups  63, 12 Nov 12 12:45 /dev/ugen0.12
crw-rw  1 root  _ups  63, 13 Nov 12 12:45 /dev/ugen0.13
crw-rw  1 root  _ups  63, 14 Nov 12 12:45 /dev/ugen0.14
crw-rw  1 root  _ups  63, 15 Nov 12 12:45 /dev/ugen0.15

it was working correctly before upgrade, but now it doesn't

what's my mistake?

Re: openFPGAloader successfully built, but can't flash with ftdi error

[Gregory Edigarov]

On Fri, 6 Oct 2023 10:06:15 - (UTC)
Stuart Henderson  wrote:

> On 2023-10-06, S V  wrote:
> >> The software that you're using may need the USB device to be
> >> attached to ugen rather than uftdi. The simplest way to do this is
> >> probably to type "boot -c" at the boot loader, "disable uftdi",
> >> "quit".  
> >
> >
> > Thanks!!! It works!!!  
> 
> good, thanks for confirming.
> 
> > Last "barrier" in front of openhardware
> >
> > more or less falls! :D :D :D  
> 
> btw, see bsd.re-config(5) if you want this regularly (but then, you
> won't be able to connect to a uftdi device as a normal serial port
> with cu).
> 

Just a small bit of side note, perhaps somebody with knowledge of usb
stack will find it interesting enough to implement.
I think we need a way to detach a specific usb driver from device on the
fly, leaving it attached as ugen.
That "disable [whatever]" way is a problem itself because it is
possible that there also is a real device that needs to be attached. 
--
With best regards,
 Gregory Edigarov

Re: desire for journaled filesystem

[Gregory Edigarov]

On Wed, 6 Sep 2023 22:52:59 -0400
Nick Holland  wrote:

> On 9/6/23 08:23, John Holland wrote:
> > Janne-
> > 
> > Thanks for all that useful information.
> > 
> > others- this is a thinkpad, that's not on all the time, so a cron
> > backup is not that good. I actually back up manually, currently
> > using "borg" for that. I mostly just do email and web on it so
> > there's probably nothing serious lost. In a few days I will have
> > the external disk with the backup back here and I may see what I
> > can find on it. My /home partition has a lot of data on it because
> > I built an AWS Openbsd machine image on it. But it would be good to
> > see whether my system is working correctly.
> 
> Cats are fuzzy
> Fire is hot
> Journaling file systems are complicated
> Backups are important.

well, speaking about backups,what I (well, somewhat) miss on openbsd,
is the ability to make a snapshot of filesystem, (in the style of
freebsd mksnap). but I can live without it definitely.
my sources are in git, my data backups live in borg, the system is
subject to reinstall in case of disaster.

 
 

Re: bgp conditional advertisement

[Gregory Edigarov]

On Thu, 1 Dec 2022 08:55:02 +0100
Claudio Jeker  wrote:

> On Thu, Dec 01, 2022 at 01:01:16AM +0200, Gregory Edigarov wrote:
> > Hello, 
> > 
> > Having two sites in different physical locations, siteA is connected
> > via uplink1 and uplink2, siteB is connected via uplink3 and uplink4.
> > I want to announce prefixes from siteB if ASn not found originating
> > from siteA, and vice versa. I.e. a feature that will work alike
> > 'enforce localas yes' but start announces when ASn is gone. I could
> > done it with some scripting, but would prefer to have it in bgpd. 
> > Is this possible solely with OpenBGPD?  
> 
> Run an ibgp session between siteA and siteB. Announce only your
> prefixes on those sessions. Tag them with a community. Make sure that
> these prefixes are more preferred than the one you put in as backup.
> Filter out prefixes with the tag. More or less like this:
> 
> # backup route using low localpref to be less preferred
> network 192.0.2.0/24 set { localpref 1 }
> 
> # send my networks to siteA tagged with community
> deny to siteA
> allow to siteA prefix-set mynetworks set community local-as:42
> # filter out announcement originated from siteA
> deny to any community local-as:42
> 

Many thanks for the idea, Claudio. 
The solution is working like a charm.

Re: harfbuzz issue upgrading packages

[Gregory Edigarov]

On Wed, 3 May 2023 10:37:07 - (UTC)
Stuart Henderson  wrote:

> On 2023-05-03, Gregory Edigarov  wrote:
> > Hello Everybody,
> >
> > $ curl
> > https://cdn.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/|grep
> > '^harfbuzz'
> > [No output]
> >
> > and as we all know it is a dependency for nearly everything 
> > running on a typical workstation.
> > What gives?  
> 
> Use a normal mirror. (That is generally best advice for snapshots
> anyway due to the way CDN caching works, but also there seems to be
> some particular problem with updating the server which the CDN
> front-ends at the moment).
> 
> 

Yes, this indeed worked. Thanks, Stuart.

harfbuzz issue upgrading packages

[Gregory Edigarov]

Hello Everybody,

$ curl
https://cdn.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/|grep
'^harfbuzz'
[No output]

and as we all know it is a dependency for nearly everything 
running on a typical workstation.
What gives?

--
With best regards,
 Gregory Edigarov

ipsec via strongswan (traffic present but no response)

[Gregory Edigarov]

Hello,

lbld12# uname -a
OpenBSD lbld12.duckdns.org 7.3 GENERIC.MP#1130 amd64

Our current vpn uses user/password authentication, mschapv2. so I am
trying to use strongswan to connect to my workplace.

# ipsec statusall 

Security Associations (1 up, 0 connecting):
   qarea[1]: ESTABLISHED 62 minutes ago, 
178.151.162.44[edigarov]...185.78.xxx.1[vpn.xxx.org]
   qarea[1]: IKEv2 SPIs: 62417f797a2ca675_i* 6db16adc7d9f5355_r, EAP 
reauthentication in 101 minutes
   qarea[1]: IKE proposal: 
AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048
   qarea{2}:  INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: f07d99fb_i 
0ef2e82a_o
   qarea{2}:  AES_CBC_256/HMAC_SHA2_512_256, 0 bytes_i, 67604 bytes_o (806 
pkts, 18s ago), rekeying in 32 minutes
   qarea{2}:   192.168.112.215/32 === 192.168.12.0/22

# pfctl -s st  |grep 185.78 
all udp 178.151.162.44:4500 -> 185.78.235.1:4500   MULTIPLE:MULTIPLE

tcpdump on external physical interface:

12:06:56.040573 185.78.xxx.1.4500 > 178.151.162.44.4500: udpencap: esp spi 
0xf07d99fb seq 812 len 152 [tos 0x8]
12:06:57.037764 178.151.162.44.4500 > 185.78.235.1.4500: udpencap: esp spi 
0x0ef2e82a seq 812 len 152
12:06:57.044270 185.78.235.1.4500 > 178.151.162.44.4500: udpencap: esp spi 
0xf07d99fb seq 813 len 152 [tos 0x8]
12:06:58.037795 178.151.162.44.4500 > 185.78.235.1.4500: udpencap: esp spi 
0x0ef2e82a seq 813 len 152
12:06:58.044250 185.78.235.1.4500 > 178.151.162.44.4500: udpencap: esp spi 
0xf07d99fb seq 814 len 152 [tos 0x8]
12:06:58.239755 185.78.235.1.4500 > 178.151.162.44.4500: udpencap: isakmp v2.0 
exchange INFORMATIONAL
cookie: 62417f797a2ca675->6db16adc7d9f5355 msgid: 0020 len: 160 
(DF) [tos 0x8]
12:06:58.240035 178.151.162.44.4500 > 185.78.235.1.4500: udpencap: isakmp v2.0 
exchange INFORMATIONAL
cookie: 62417f797a2ca675->6db16adc7d9f5355 msgid: 0020 len: 80
12:06:59.037758 178.151.162.44.4500 > 185.78.235.1.4500: udpencap: esp spi 
0x0ef2e82a seq 814 len 152
12:06:59.044223 185.78.235.1.4500 > 178.151.162.44.4500: udpencap: esp spi 
0xf07d99fb seq 815 len 152 [tos 0x8]
12:07:00.037804 178.151.162.44.4500 > 185.78.235.1.4500: udpencap: esp spi 
0x0ef2e82a seq 815 len 152
12:07:00.044319 185.78.235.1.4500 > 178.151.162.44.4500: udpencap: esp spi 
0xf07d99fb seq 816 len 152 [tos 0x8]
12:07:01.037803 178.151.162.44.4500 > 185.78.235.1.4500: udpencap: esp spi 
0x0ef2e82a seq 816 len 152
12:07:01.044248 185.78.235.1.4500 > 178.151.162.44.4500: udpencap: esp spi 
0xf07d99fb seq 817 len 152 [tos 0x8]

however, on tunnel interface, that is tun1 there are no responses:

tcpdump: listening on tun1, link-type LOOP
12:08:53.037668 192.168.112.215 > 192.168.12.49: icmp: echo request
12:08:54.037698 192.168.112.215 > 192.168.12.49: icmp: echo request
12:08:55.037682 192.168.112.215 > 192.168.12.49: icmp: echo request
12:08:56.037679 192.168.112.215 > 192.168.12.49: icmp: echo request
12:08:57.037671 192.168.112.215 > 192.168.12.49: icmp: echo request
12:08:58.037683 192.168.112.215 > 192.168.12.49: icmp: echo request
12:08:59.037677 192.168.112.215 > 192.168.12.49: icmp: echo request
12:09:00.037671 192.168.112.215 > 192.168.12.49: icmp: echo request
12:09:01.037690 192.168.112.215 > 192.168.12.49: icmp: echo request
12:09:02.037678 192.168.112.215 > 192.168.12.49: icmp: echo request
12:09:03.037680 192.168.112.215 > 192.168.12.49: icmp: echo request

if I disable pf the picture stays the same. in pf.conf i have:
pass out on tun1 from self to any #nat-to (tun1)
pass out from self to any
pass in on egress proto udp from 185.78.235.1 to (egress) port 4500

# netstat -rn | grep tun1
192.168.12/22  192.168.112.215US 0   18 - 8 tun1 
192.168.112.215192.168.112.215UHl01 - 1 tun1 

What gives?

Re: NUT can't read my ups (perhaps something is wrong with usb stack)

[Gregory Edigarov]

On Mon, 20 Mar 2023 18:15:52 +0200
Gregory Edigarov  wrote:

> On Sun, 19 Mar 2023 14:57:01 - (UTC)
> Stuart Henderson  wrote:
> 
> > On 2023-03-19, Gregory Edigarov  wrote:  
> > >0.015775   libusb1: Could not open any HID devices: no USB
> > > buses found 0.015784  No supported devices found. Please
> > > check your device availability with 'lsusb'
> >   
> > > lbld12# ls -l /dev/ugen0*
> > 
> > and /dev/usb*? (the pkg-readme has some hints)
> > 
> >   
> 
> ahah, sure, after I have read that readme for five or six times,  I've
> noticed the remark about /dev/usb*.  
> then it started to work. 
> 

plus libusb error message is somewhat misleading...

Re: BSD and kubernetes

[Gregory Edigarov]

On Sat, 4 Mar 2023 02:33:25 +0800
Ken Young  wrote:

> Hello,
> 
> I am a BSD user and also a user of kubernetes.
> It seems the BSD community has no much interest in docker/k8s
> integration. Is it true? and why?
> 
> Thanks.

Just because porting anything, that was written with only linux in mind
would require porting all linux technologies first.
We already have one linux. And personally  I do not feel like we need
another. One is just more than enough. 

Re: NUT can't read my ups (perhaps something is wrong with usb stack)

[Gregory Edigarov]

On Sun, 19 Mar 2023 14:57:01 - (UTC)
Stuart Henderson  wrote:

> On 2023-03-19, Gregory Edigarov  wrote:
> >0.015775 libusb1: Could not open any HID devices: no USB
> > buses found 0.015784No supported devices found. Please check
> > your device availability with 'lsusb'  
> 
> > lbld12# ls -l /dev/ugen0*  
> 
> and /dev/usb*? (the pkg-readme has some hints)
> 
> 

ahah, sure, after I have read that readme for five or six times,  I've
noticed the remark about /dev/usb*.  
then it started to work. 

NUT can't read my ups (perhaps something is wrong with usb stack)

[Gregory Edigarov]

Hello, misc@

run into problem connecting my new ups. it seems like problems with
libusb on OpenBSD-current .

UPS model is: Njoy Aten Pro 1000 USB

it works fine when I attach it to linux. but on OpenBSD NUT fails to
read it.

the device attaches as:
# usbdevs - 
addr 02: 0665:5161 Mustek Systems, PowerMust 800
 low speed, power 100 mA, config 1, rev 0.03
 driver: ugen0

lsusb 
Bus 000 Device 002: ID 0665:5161 Cypress Semiconductor USB to Serial

# lsusb -v -d 0665:5161

Bus 000 Device 002: ID 0665:5161 Cypress Semiconductor USB to Serial
Device Descriptor:
  bLength18
  bDescriptorType 1
  bcdUSB   2.00
  bDeviceClass0 (Defined at Interface level)
  bDeviceSubClass 0 
  bDeviceProtocol 0 
  bMaxPacketSize0 8
  idVendor   0x0665 Cypress Semiconductor
  idProduct  0x5161 USB to Serial
  bcdDevice0.03
  iManufacturer   0 
  iProduct0 
  iSerial 0 
  bNumConfigurations  1
  Configuration Descriptor:
bLength 9
bDescriptorType 2
wTotalLength   34
bNumInterfaces  1
bConfigurationValue 1
iConfiguration  0 
bmAttributes 0xa0
  (Bus Powered)
  Remote Wakeup
MaxPower  100mA
Interface Descriptor:
  bLength 9
  bDescriptorType 4
  bInterfaceNumber0
  bAlternateSetting   0
  bNumEndpoints   1
  bInterfaceClass 3 Human Interface Device
  bInterfaceSubClass  0 No Subclass
  bInterfaceProtocol  0 None
  iInterface  0 
HID Device Descriptor:
  bLength 9
  bDescriptorType33
  bcdHID   1.11
  bCountryCode0 Not supported
  bNumDescriptors 1
  bDescriptorType34 Report
  wDescriptorLength  27
  Report Descriptor: (length is 27)
Item(Global): Usage Page, data= [ 0x00 0xff ] 65280
(null)
Item(Local ): Usage, data= [ 0x01 ] 1
(null)
Item(Main  ): Collection, data= [ 0x01 ] 1
Application
Item(Local ): Usage, data= [ 0x02 ] 2
(null)
Item(Global): Logical Minimum, data= [ 0x00 ] 0
Item(Global): Logical Maximum, data= [ 0xff 0x00 ] 255
Item(Global): Report Size, data= [ 0x08 ] 8
Item(Global): Report Count, data= [ 0x08 ] 8
Item(Main  ): Input, data= [ 0x82 ] 130
Data Variable Absolute No_Wrap Linear
Preferred_State No_Null_Position Volatile
Bitfield Item(Local ): Usage, data= [ 0x02 ] 2
(null)
Item(Global): Report Count, data= [ 0x08 ] 8
Item(Main  ): Output, data= [ 0x82 ] 130
Data Variable Absolute No_Wrap Linear
Preferred_State No_Null_Position Volatile
Bitfield Item(Main  ): End Collection, data=none
  Endpoint Descriptor:
bLength 7
bDescriptorType 5
bEndpointAddress 0x81  EP 1 IN
bmAttributes3
  Transfer TypeInterrupt
  Synch Type   None
  Usage Type   Data
wMaxPacketSize 0x0008  1x 8 bytes
bInterval   8
Device Status: 0x
  (Bus Powered)

/etc/nut/ups.conf reads:
[nutdev1]
driver = "nutdrv_qx"
vendorid = "0665"
productid = "5161"
bus = "000"
pollinterval = "10"
port = "auto"

# nutdrv_qx -D -a nutdev1

also tried with all subdriver options available for nutdrv_qx.
the result is the same:

Network UPS Tools - Generic Q* USB/Serial driver 0.32 (2.8.0)
USB communication driver (libusb 1.0) 0.43
   0.00 [D3] do_global_args: var='W' val=''
   0.68 [D3] do_global_args: var='maxretry' val='3'
   0.000160 [D3] main_arg: var='driver' val='nutdrv_qx'
   0.000175 [D3] main_arg: var='vendorid' val='0665'
   0.000204 [D5] send_to_all: SETINFO driver.parameter.vendorid
"0665" 0.000210 [D3] main_arg: var='productid' val='5161'
   0.000216 [D5] send_to_all: SETINFO driver.parameter.productid
"5161" 0.000220 [D3] main_arg: var='bus' val='000'
   0.000225 [D5] send_to_all: SETINFO driver.parameter.bus "000"
   0.000229 [D3] main_arg: var='pollinterval' val='10'
   0.000246 [D3] main_arg: var='port' val='auto'
   0.000250 [D5] send_to_all: SETINFO driver.parameter.port
"auto" 0.000269 [D1] debug level is '21'
   0.015216 [D5] send_to_all: SETINFO device.type "ups"
   0.015233 [D1] upsdrv_initups...
   0.015758 [D2] libusb1: No appropriate HID device 

bgp conditional advertisement

[Gregory Edigarov]

Hello, 

Having two sites in different physical locations, siteA is connected
via uplink1 and uplink2, siteB is connected via uplink3 and uplink4.
I want to announce prefixes from siteB if ASn not found originating
from siteA, and vice versa. I.e. a feature that will work alike 'enforce
localas yes' but start announces when ASn is gone. I could done it with
some scripting, but would prefer to have it in bgpd. 
Is this possible solely with OpenBGPD?
Thank you.

--
With best regards,
   Gregory Edigarov

Re: any BFD user ?

[Gregory Edigarov]

On Mon, 6 Dec 2021 12:15:40 +0100
Denis Fondras  wrote:

> The subject says it all.
> 
> Is there any active BFD (Bidirectionnal Forwarding Detection) user ?
> 
> Denis

I think it will get more use if will be enabled in GENERIC kernels.
Tested, and found it working.

Re: rpki-client vs cpu

[Gregory Edigarov]

On Wed, 13 Oct 2021 15:20:33 +0300
Gregory Edigarov  wrote:

> On Wed, 13 Oct 2021 11:08:01 - (UTC)
> Stuart Henderson  wrote:
> 
> > On 2021-10-12, Gregory Edigarov  wrote:  
> > > Hello,  
> > >
> > > I am trying to run rpki-client (just for curiosity and testing
> > > purposes) with this crontab entry:
> > >
> > >  1 * * * * -ns nice -n 20 rpki-client -v
> > > i.e. with the lowest priority possible.
> > >
> > > this machine is also my  workstation, and as such it also runs
> > > browser, emacs, and e-mail client.
> > > so when rpki-client is running I can sense it organoleptically.
> > > even keyboard respose is within 2 seconds.
> > >
> > > what gives?
> > 
> > How does top look? I find the openbsd kernel spins a lot on
> > filesystem io.
> >   
> > > sd0 at scsibus1 targ 0 lun 0: 
> > > naa.50014ee2b78c572b sd0: 953869MB, 512 bytes/sector, 1953525168
> > > sectors
> > 
> > an actual hard drive - that certainly won't help.
> > 
> >   
> well, i'll try to put that to ramdrive, for now, and see what happens.
> 

Yes, with mfs for /var/cache/rpki-client it is running  smoothly.
I believe it deserves a mention in the manual page, don't it?

Re: rpki-client vs cpu

[Gregory Edigarov]

On Wed, 13 Oct 2021 11:08:01 - (UTC)
Stuart Henderson  wrote:

> On 2021-10-12, Gregory Edigarov  wrote:
> > Hello,  
> >
> > I am trying to run rpki-client (just for curiosity and testing
> > purposes) with this crontab entry:
> >
> >  1 * * * * -ns nice -n 20 rpki-client -v
> > i.e. with the lowest priority possible.
> >
> > this machine is also my  workstation, and as such it also runs
> > browser, emacs, and e-mail client.
> > so when rpki-client is running I can sense it organoleptically.
> > even keyboard respose is within 2 seconds.
> >
> > what gives?  
> 
> How does top look? I find the openbsd kernel spins a lot on
> filesystem io.
> 
> > sd0 at scsibus1 targ 0 lun 0: 
> > naa.50014ee2b78c572b sd0: 953869MB, 512 bytes/sector, 1953525168
> > sectors  
> 
> an actual hard drive - that certainly won't help.
> 
> 
well, i'll try to put that to ramdrive, for now, and see what happens.

rpki-client vs cpu

[Gregory Edigarov]

Hello,  

I am trying to run rpki-client (just for curiosity and testing
purposes) with this crontab entry:

 1 * * * * -ns nice -n 20 rpki-client -v
i.e. with the lowest priority possible.

this machine is also my  workstation, and as such it also runs browser,
emacs, and e-mail client.
so when rpki-client is running I can sense it organoleptically.
even keyboard respose is within 2 seconds.

what gives?
dmesg:
  
 OpenBSD 7.0-current (GENERIC.MP) #24: Fri Oct  8 20:11:37
MDT 2021
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17091600384 (16299MB) avail mem = 16557576192 (15790MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.2 @ 0xe6cc0 (32 entries)
bios0: vendor American Megatrends Inc. version "P4.20" date 06/18/2020
bios0: ASRock B450 Pro4
acpi0 at bios0: ACPI 6.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT FIDT SSDT SSDT SSDT MCFG AAFT HPET
UEFI PCCT SSDT CRAT CDIT SSDT SSDT WSMT SSDT acpi0: wakeup devices
GPP0(S4) GPP1(S4) GPP3(S4) GPP4(S4) GPP5(S4) GPP6(S4) GPP7(S4) GPP8(S4)
GPP9(S4) GPPA(S4) GPPB(S4) GPPC(S4) GPPD(S4) GPPE(S4) GPPF(S4) GP10(S4)
[...] acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr
0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Ryzen 5 3600 6-Core Processor, 3593.70 MHz, 17-71-00 cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu0: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
64b/line 8-way L2 cache cpu0: ITLB 64 4KB entries fully associative, 64
4MB entries fully associative cpu0: DTLB 64 4KB entries fully
associative, 64 4MB entries fully associative cpu0: smt 0, core 0,
package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64,
C-substates=1.1, IBE cpu1 at mainbus0: apid 2 (application processor)
cpu1: AMD Ryzen 5 3600 6-Core Processor, 3593.24 MHz, 17-71-00
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu1: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
64b/line 8-way L2 cache cpu1: ITLB 64 4KB entries fully associative, 64
4MB entries fully associative cpu1: DTLB 64 4KB entries fully
associative, 64 4MB entries fully associative cpu1: smt 0, core 1,
package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: AMD
Ryzen 5 3600 6-Core Processor, 3593.24 MHz, 17-71-00 cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu2: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
64b/line 8-way L2 cache cpu2: ITLB 64 4KB entries fully associative, 64
4MB entries fully associative cpu2: DTLB 64 4KB entries fully
associative, 64 4MB entries fully associative cpu2: smt 0, core 2,
package 0 cpu3 at mainbus0: apid 8 (application processor) cpu3: AMD
Ryzen 5 3600 6-Core Processor, 3593.24 MHz, 17-71-00 cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu3: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
64b/line 8-way L2 cache cpu3: ITLB 64 4KB entries fully associative, 64
4MB entries fully associative cpu3: DTLB 64 4KB entries fully
associative, 64 4MB entries fully associative cpu3: smt 0, core 4,
package 0 cpu4 at mainbus0: apid 10 (application processor) cpu4: AMD
Ryzen 5 3600 6-Core Processor, 3593.24 MHz, 17-71-00 cpu4:

Re: send ctrl-alt-f1 to user app

[Gregory Edigarov]

On 7/2/21 5:26 PM, Reuben ua Bríġ wrote:
>> Date: Fri,  2 Jul 2021 13:55:26 +0300
>>
>> xmodmap(1) is really only for a user at an X terminal
>>
yeah, I know my case is rather rare. I have a linux vm, running in
vmware on windows.  I connect via rdesktop from my openbsd to windows,
and then open console on vm.
in linux vm, I need to switch to terminal.

Alt+left arrow made the trick for me, for now.

 I  would rather prefer more straight way to turn CTRL+ALT+Fn to be sent
to terminal.

send ctrl-alt-f1 to user app

[Gregory Edigarov]

Hello,

please remind how to do that?

in my case it changes to the vterm0, that is ok,  but now I my app to
react, not change terminal
thank you.

--
With best regards,
 Gregory Edigarov

terraform aws, got a problem I did not expect

[Gregory Edigarov]

Hello,

I remember that for earlier versions of terraform all providers were
available as  OpenBSD packages/ports, that is now changed.

$ terraform init  
Initializing the backend...

Initializing provider plugins...
- Finding latest version of hashicorp/aws...
  Error: Incompatible provider version
  Provider registry.terraform.io/hashicorp/aws v3.47.0 does not have a
package available for your current platform, openbsd_amd64.
  Provider releases are separate from Terraform CLI releases, so not all
providers are available for all platforms. Other versions of this
provider may have   different platforms supported.

$ uname -a    
OpenBSD lbld12.duckdns.org 6.9 GENERIC.MP#92 amd64

How am I supposed to get providers ? May be a community have  one that
works under OpenBSD?
Any advice?

--
With best regards,
    Gregory Edigarov

Re: Split-horizon dns

[Gregory Edigarov]

just run a second nsd on separate (ip)/port, then use unbound as a router

On 3/25/21 12:52 PM, Родин Максим wrote:
> Hello,
> Is there a way to do split horizon dns using NSD?
> I did not find anything similar in man nsd.conf

audio stops frequently with current

[Gregory Edigarov]

Hello,

symptoms like this:
chromium plays video with audio (youtube)
mostly after pause, it loses audio.
while this happen it could show spinner,
but sometimes it can play video no problem, but no audio.

 dmesg:
OpenBSD 6.9-beta (GENERIC.MP) #346: Fri Feb 19 23:56:21 MST 2021
    dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17091600384 (16299MB)
avail mem = 16558268416 (15791MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.2 @ 0xe6cc0 (32 entries)
bios0: vendor American Megatrends Inc. version "P4.20" date 06/18/2020
bios0: ASRock B450 Pro4
acpi0 at bios0: ACPI 6.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT FIDT SSDT SSDT SSDT MCFG AAFT HPET
UEFI PCCT SSDT CRAT CDIT SSDT SSDT WSMT SSDT
acpi0: wakeup devices GPP0(S4) GPP1(S4) GPP3(S4) GPP4(S4) GPP5(S4)
GPP6(S4) GPP7(S4) GPP8(S4) GPP9(S4) GPPA(S4) GPPB(S4) GPPC(S4) GPPD(S4)
GPPE(S4) GPPF(S4) GP10(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Ryzen 5 3600 6-Core Processor, 3593.70 MHz, 17-71-00
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu0: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
64b/line 8-way L2 cache
cpu0: ITLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: AMD Ryzen 5 3600 6-Core Processor, 3593.26 MHz, 17-71-00
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu1: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
64b/line 8-way L2 cache
cpu1: ITLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: AMD Ryzen 5 3600 6-Core Processor, 3593.25 MHz, 17-71-00
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu2: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
64b/line 8-way L2 cache
cpu2: ITLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu2: DTLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 8 (application processor)
cpu3: AMD Ryzen 5 3600 6-Core Processor, 3593.26 MHz, 17-71-00
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu3: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
64b/line 8-way L2 cache
cpu3: ITLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu3: DTLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu3: smt 0, core 4, package 0
cpu4 at mainbus0: apid 10 (application processor)
cpu4: AMD Ryzen 5 3600 6-Core Processor, 3593.25 MHz, 17-71-00
cpu4:

Re: baresip-gtk

[Gregory Edigarov]

On 2/24/21 2:59 PM, Mihai Popescu wrote:
>> How do you use baresip-gtk?
> If I recall correctly, all you get is an icon in the system tray bar if you
> have one. You can click there and get a not very rich GUI.
Hmm, I understood. I am not using a DE, prefer  spectrwm.

baresip-gtk

[Gregory Edigarov]

Hello,

How do you use baresip-gtk?

I have

module_app    gtk.so

uncommented, but nothing happens.

Thanks.
--
With best regards,
    Gregory Edigarov

Re: firefox+web.skype.com+microphone (on OpenBSD)?

[Gregory Edigarov]

On 1/22/21 6:53 PM, Ashton Fagg wrote:
> Based on my reading, the problem is not with OpenBSD but with Skype.
> They don't support it. I played around a little bit (even trying a
> user-agent switcher thingy) - no dice. Admittedly I didn't put too
> much time into it because I use Skype probably once a year at best.
yeah, text messaging works nicely in both firefox (if you use user-agent
changer) and chromium.
that's what I use skype for 99.9% of time.
So it is just a matter of curiosity. What skype is missing on OpenBSD?
 
> On Fri, 22 Jan 2021 at 10:52, Gregory Edigarov  wrote:
>> hello,
>>
>> Just wondering if somebody made it work somehow?
>> Sigh, I know it is not a secure solution but I am bounded to what people
>> are using.
>> Currently I have a linux notebook which I use nearly only for skype, but
>> would prefer to be able to have a voice conversations from OpenBSD, too.
>>
>> any pointers are welcome.
>> --
>>

firefox+web.skype.com+microphone (on OpenBSD)?

[Gregory Edigarov]

hello,

Just wondering if somebody made it work somehow?
Sigh, I know it is not a secure solution but I am bounded to what people
are using.
Currently I have a linux notebook which I use nearly only for skype, but
would prefer to be able to have a voice conversations from OpenBSD, too.

any pointers are welcome.
--

iked && outgoing auth

[Gregory Edigarov]

Hello, everybody

sorry for possible misunderstanding,  but is iked capable of doing
outgoing eap mschap-v2 auth?
because in my situation I need to connect to server which requires this.

thanks.

--
With best regards,
    Gregory Edigarov
 

Re: misc panics

[Gregory Edigarov]

On 12/28/20 12:18 PM, rgc wrote:
> On Mon, Dec 28, 2020 at 10:39:56AM +0100, Otto Moerbeek wrote:
>> On Mon, Dec 28, 2020 at 10:25:08AM +0100, Bastien Durel wrote:
>>
>>> Le lundi 28 d?cembre 2020 ? 09:17 +, Stuart Henderson a ?crit?:
> So hardware failure confirmed :/ Do you think I can change the RAM
> or
> it's more likely a CPU/Chipset failure ?
>
> Thanks,
>
 If you have multiple sticks of RAM, try removing some.
>>> I have only one
>> trying to reaset it is worth a try.
>>
>>  -Otto
>>
> or doing the eraser magick
>
> you clean the contacts (remove oxidation) of the RAM module (the side that
> sticks in the motherboard) by rubbing a pencil eraser on the contacts of the
> RAM module.
>
in my experience, all the RAM modules nowadays comes gold plated, so no
need to use eraser on them.
just a piece of paper, to make sure there is no grease on the contacts

Re: mongodb port

[Gregory Edigarov]

On 12/8/20 4:05 PM, Stuart Henderson wrote:
> On 2020-12-08, Gregory Edigarov  wrote:
>> Hello,
>>
>> Just found that mongodb port/package doesn't not install
>> mongodump/mongorestore binaries.
>> Are there any problems with them?
>>
>> --
>> With best regards,
>>  Gregory Edigarov
>>
>>
> Tempted to just reply with "if it needs backing up it shouldn't be
> in mongodb", but... they aren't included in the main distfile and will
> require modifying to work with OpenBSD.
;-) sure thing, it is rather about copying the data from one server to
another, not a real backup.
> https://github.com/mongodb/mongo-tools#building-tools
>
> $ ./make build
> START  | build
> FAIL   | build in 11.252428ms
>| failed to detect local platform from kernel name "OpenBSD"
> task(s) [build] failed
> exit status 2
Will look into this, thanks for pointing, Stuart.
--
With  best regards,
    Gregory  Edigarov

mongodb port

[Gregory Edigarov]

Hello,

Just found that mongodb port/package doesn't not install
mongodump/mongorestore binaries.
Are there any problems with them?

--
With best regards,
 Gregory Edigarov

dkim && ed25519

[Gregory Edigarov]

Hello misc@,

Just wanna check status of ed25519/x25519 support in OpenBSD.
I want to use ed25519 keypair for dkim, because of the smaller
size of the resulting keys, to completely eliminate the line breaking
issues.
Found nothing in man openssl, how am I supposed to generate keypair?
Will ssh-keygen or signify do the trick?

Thank you.
--
With best regards,
        Gregory Edigarov

Re: Reinstall to upgrade

[Gregory Edigarov]

On 11/25/20 3:26 PM, Manuel Giraud wrote:
> Hi,
>
> I'd like to upgrade (on -current) and, in the process, remove some cruft
> accumulated over the years. I usually do sysupgrade and sysclean for
> system.
>
> But for packages, I think I would be better to reinstall everything
> since "pkg_check -F" does not seems to complain and I can see I have,
> for example, some firefox-57 files left.
>
> I think I could do the following but I don't know if it is safe:
> - sysupgrade (+ sysclean)
> - pkg_info -mz > mypkg
> - umount /usr/local
> - newfs partition_of_usr_local
> - mount /usr/local
> - pkg_add -l mypkg
>
> Or maybe, I should dump, do a complete reinstall, pkg_add -l mypkg,
> restore /home and, tediously, restore some /etc files.
> How would you do this?
Here's what I found easy to do periodically on my home computers, when I
feel it is a time to de-clutter:

#!/bin/sh
rm -rf /usr/local/*  /var/db/pkg/* /var/db/pkg/.* /etc/rc.d/*_daemon
/etc/rc.d/avahi* 
for i in \
adobe-source-code-pro \
ansible \
borgbackup \
chromium \
emacs--gtk3 \
gnupg-- \
dmenu \
firefox \
thunderbird \
rsync-- \
git \
gpicview \
go \
rust \
inconsolata-font \
ipcalc \
mplayer \
mtr-- \
nmap \
ntfs_3g \
openvpn \
pidgin-- \
pv \
spectrwm \
splint \
tcptraceroute \
telegram-purple \
terminus-font \
transmission \
vim--gtk2 \
xpdf \
zsh ; do pkg_add  -v $i; done

so when I am running it I am easily getting the system which I have most
essential software installed.

Re: chromium has troubles showing videos from youtube

[Gregory Edigarov]

On 11/11/20 4:45 AM, Aaron Mason wrote:

On Wed, Nov 11, 2020 at 7:42 AM Gregory Edigarov  wrote:

Hello,

chromium-86.0.4240.185, installed from packages
is showing spinner and goes no further  after the first ad before video,
and not.
at first I thought  it is some extension, but with clean chromium the
behavior is
still the same.

does anybody else observing this? or is it just me?

--
With best regards,
Gregory Edigarov


Hi

If you open up the developer console and start a video, do you see any
requests that end in an error in the Network tab?

Well, yes. I've got only three of them blocked intentionally.
(ad.doubleclick.net  and googlesyndication)
these are blocked at dns level.

but my android phone for example uses the same (my) dns and is still 
able to play video.


--
With best regards,
       Gregory Edigarov

chromium has troubles showing videos from youtube

[Gregory Edigarov]

Hello,

chromium-86.0.4240.185, installed from packages
is showing spinner and goes no further  after the first ad before video, 
and not.
at first I thought  it is some extension, but with clean chromium the 
behavior is

still the same.

does anybody else observing this? or is it just me?

--
With best regards,
  Gregory Edigarov

Re: procedure for making an msdos usb stick

[Gregory Edigarov]

what do you mean "shrinks"?

On 11/5/20 1:24 PM, Peter J. Philipp wrote:

Is there any documentation for this?  I'm having a hard time with this.

Particularily when I newfs_msdos a partition it shrinks every time.  I'm on
6.8.

Best Regards,
-peter

Re: system slow down strangeness

[Gregory Edigarov]

On 2020-09-08 19:38, Nick Holland wrote:

On 2020-09-08 04:16, Gregory Edigarov wrote:

Hello,

from around two weeks ago I am observing the overall system slow down.
Everything work stable,
but nearly every X application takes forever to open a window.
also I am using tiling wm, and when workspace is switched,
it takes a long time for the system to redraw a screen.
I also noticed that some console scripts like ansible-doc
are also starting slower then usual.

this system only has 8 Gb RAM temporarily,
but top says:

Memory: Real: 1764M/5673M act/tot Free: 2183M Cache: 3284M Swap: 0K/32G

so I do not think it is a memory issue.

was just fine before,  so wondering what has happen.
OpenBSD 6.8-beta (GENERIC.MP) #59: Fri Sep  4 22:46:14 MDT 2020
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

well...that's less than two weeks old.  So I'm guessing either you had
the problem and figured, "let's upgrade, see if that fixes it" (not a
bad plan), or you are a regular upgrader (also good).  Can you say if
the problem started with an upgrade?  Or did it occur between upgrades?

Hm, well, yes, I am upgrading regularly. It's my home system,
so nothing mission critical. And therefore why not upgrade it and see 
what new you guys

are cooking ;-)
Usually upgrading on weekly basis.



...

sd0 at scsibus1 targ 0 lun 0: 

Any possibility you have a bad disk?

No, it seems more like it is software problem.
I did some tests, and came to a conclusion that it is chromium, some how 
while it is not in top for cpu it slows down

things significantly. for now switched to firefox and problem disappeared.
But, just for the record, firefox had issues with sigbus/segfault around 
a week ago. Now it is rock solid and fast again.

Re: system slow down strangeness

[Gregory Edigarov]

On 2020-09-08 21:18, Stuart Henderson wrote:

On 2020-09-08, Gregory Edigarov  wrote:

Hello,

from around two weeks ago I am observing the overall system slow down.
Everything work stable,
but nearly every X application takes forever to open a window.
also I am using tiling wm, and when workspace is switched,
it takes a long time for the system to redraw a screen.
I also noticed that some console scripts like ansible-doc
are also starting slower then usual.

this system only has 8 Gb RAM temporarily,
but top says:

Memory: Real: 1764M/5673M act/tot Free: 2183M Cache: 3284M Swap: 0K/32G

so I do not think it is a memory issue.

was just fine before,  so wondering what has happen.

OpenBSD 6.8-beta (GENERIC.MP) #59: Fri Sep  4 22:46:14 MDT 2020
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

What was the previous kernel version? "zgrep OpenBSD /var/log/messages*"
may well find it.

Mesa was updated recently, and a number of changes were made to DRM drivers.

the previous was:
/var/log/messages.2.gz:Sep  5 00:41:28 lbld12 /bsd: OpenBSD 6.7-current 
(GENERIC.MP) #48: Fri Aug 28 23:21:33 MDT 2020

system slow down strangeness

[Gregory Edigarov]

Hello,

from around two weeks ago I am observing the overall system slow down. 
Everything work stable,

but nearly every X application takes forever to open a window.
also I am using tiling wm, and when workspace is switched,
it takes a long time for the system to redraw a screen.
I also noticed that some console scripts like ansible-doc
are also starting slower then usual.

this system only has 8 Gb RAM temporarily,
but top says:

Memory: Real: 1764M/5673M act/tot Free: 2183M Cache: 3284M Swap: 0K/32G

so I do not think it is a memory issue.

was just fine before,  so wondering what has happen.

OpenBSD 6.8-beta (GENERIC.MP) #59: Fri Sep  4 22:46:14 MDT 2020
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8501665792 (8107MB)
avail mem = 8228966400 (7847MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.2 @ 0xe6cc0 (31 entries)
bios0: vendor American Megatrends Inc. version "P4.20" date 06/18/2020
bios0: ASRock B450 Pro4
acpi0 at bios0: ACPI 6.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT FIDT SSDT SSDT SSDT MCFG AAFT HPET 
UEFI PCCT SSDT CRAT CDIT SSDT SSDT WSMT SSDT
acpi0: wakeup devices GPP0(S4) GPP1(S4) GPP3(S4) GPP4(S4) GPP5(S4) 
GPP6(S4) GPP7(S4) GPP8(S4) GPP9(S4) GPPA(S4) GPPB(S4) GPPC(S4) GPPD(S4) 
GPPE(S4) GPPF(S4) GP10(S4) [...]

acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Ryzen 5 3600 6-Core Processor, 3593.71 MHz, 17-71-00
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu0: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 
64b/line 8-way L2 cache, 32MB 64b/line disabled L3 cache
cpu0: ITLB 64 4KB entries fully associative, 64 4MB entries fully 
associative
cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully 
associative

cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: AMD Ryzen 5 3600 6-Core Processor, 3593.25 MHz, 17-71-00
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu1: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 
64b/line 8-way L2 cache, 32MB 64b/line disabled L3 cache
cpu1: ITLB 64 4KB entries fully associative, 64 4MB entries fully 
associative
cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully 
associative

cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: AMD Ryzen 5 3600 6-Core Processor, 3593.25 MHz, 17-71-00
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu2: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 
64b/line 8-way L2 cache, 32MB 64b/line disabled L3 cache
cpu2: ITLB 64 4KB entries fully associative, 64 4MB entries fully 
associative
cpu2: DTLB 64 4KB entries fully associative, 64 4MB entries fully 
associative

cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 8 (application processor)
cpu3: AMD Ryzen 5 3600 6-Core Processor, 3593.26 MHz, 17-71-00
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu3: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 
64b/line 8-way L2 cache, 32MB 64b/line disabled L3 

an interesting case for BGP

[Gregory Edigarov]

Hello Everybody,

I was helping my friend to switch to new ip block and asn recently and 
run into situation, when I need to announce a new network over the same 
session

here's how i implemented this with quagga:

network xxx.xxx.xxx.0/24 route-map NEW

route-map NEW permit 30
set as-path prepend NEWAS NEWAS

ip prefix-list out-to-uplink seq 10 permit xxx.xxx.xxx.0/24


However, with OpenBGPD, it seems like I could not implement the trick 
because it only allows to prepend self or neighbor, not an arbitrary ASn.


Am I missing something?

ansible hostname.if role

[Gregory Edigarov]

Hello everybody,

introducing this little ansible role to configure hostname.if(5) files.

comments are welcome

 https://github.com/gred7/ansible-openbsd-interfaces-role.git

Re: ssh X forwarding and google-chrome

[Gregory Edigarov]

On 2020-07-02 17:33, Gregory Edigarov wrote:

Hello, everybody

does anybody know if there is any tricks?

In my office pc (currently linux) I have google-chrome installed, and 
I absolutely need to access it from home.


"ssh -Y  google-chrome" just shows an empty and blank window, 
no menu, no address bar.

May be there is some command line flags I am not aware of?

Thank you.

Well, after some rethinking I've decided to use ssh port forwarding, 
because I just need an access to one internal server.


--
With best regards,
      Gregory Edigarov

ssh X forwarding and google-chrome

[Gregory Edigarov]

Hello, everybody

does anybody know if there is any tricks?

In my office pc (currently linux) I have google-chrome installed, and I 
absolutely need to access it from home.


"ssh -Y  google-chrome" just shows an empty and blank window, 
no menu, no address bar.

May be there is some command line flags I am not aware of?

Thank you.

AMD Ryzen

[Gregory Edigarov]

Hello,

Can somebody tell me overall impressions/success stories of those systems?
I am thinking of buying this system as my next desktop for OpenBSD of 
course, so please share.

Most interesting would be dmesgs of some working configurations.
Thanks a lot in advance
--
With best regards,
  Gregory Edigarov

Re: weird ansible + doas behaviour

[Gregory Edigarov]

On 2020-06-21 23:55, Stuart Henderson wrote:

On 2020-06-21, Gregory Edigarov  wrote:

Trying to run ansible-playbook with localhost.
Playbook:

---
- hosts: localhost
    become: true
    become_method: doas

    roles:
    - wrkstpkgs


Expected behaviour - Ansible asks for the become pass only once, then
execution of tasks require no intervention.
Observed behaviour:

run ansible-playbook:

   ansible-playbook  -K site.yml
BECOME password:
[WARNING]: provided hosts list is empty, only localhost is available.
Note that the implicit localhost does not match 'all'

PLAY [localhost]
**

TASK [Gathering Facts]

doas (g...@lbld12.duckdns.org) password:
ok: [localhost]

TASK [wrkstpkgs : ensure vital packages are present]
**
doas (g...@lbld12.duckdns.org) password:
ok: [localhost]

TASK [wrkstpkgs : ensure versioned packages are present]
**
doas (g...@lbld12.duckdns.org) password:

doas.conf only contains this line:
permit persist greg

Am I missing anything? Thanks a lot in advance.

I think it's like the problem with using doas in ports.

"persist" uses the TIOCSETVERAUTH/TIOCCHKVERAUTH tty(4) ioctls which
were added specifically for doas, the authentication can't be passed
around very far:

TIOCCHKVERAUTH void
Check the verified auth status of this session.  The calling
process must have the same real user ID and parent process as
the process which called TIOCSETVERAUTH.  A zero return
indicates success.

Chances are the second doas call does not have the same parent process.

Hello Stuart.

Yes, it's definitely  the case. But are there any workarounds? of course 
I can install sudo from packages, but I'm always willing to stick with 
the base as much as possible.  And completely preventing the  prompting 
for password using permit nopass doesn't seem to me like a good solution 
either.


--
With best regards,
     Gregory Edigarov

weird ansible + doas behaviour

[Gregory Edigarov]

Trying to run ansible-playbook with localhost.
Playbook:

---
- hosts: localhost
  become: true
  become_method: doas

  roles:
  - wrkstpkgs


Expected behaviour - Ansible asks for the become pass only once, then 
execution of tasks require no intervention.

Observed behaviour:

run ansible-playbook:

 ansible-playbook  -K site.yml
BECOME password:
[WARNING]: provided hosts list is empty, only localhost is available. 
Note that the implicit localhost does not match 'all'


PLAY [localhost] 
**


TASK [Gathering Facts] 


doas (g...@lbld12.duckdns.org) password:
ok: [localhost]

TASK [wrkstpkgs : ensure vital packages are present] 
**

doas (g...@lbld12.duckdns.org) password:
ok: [localhost]

TASK [wrkstpkgs : ensure versioned packages are present] 
**

doas (g...@lbld12.duckdns.org) password:

doas.conf only contains this line:
permit persist greg

Am I missing anything? Thanks a lot in advance.
--
With best regards,
 Gregory Edigarov

Re: Article OpenBSD: Not Free Not Fuctional and Definetly Not Secure and BSD, the truth blog

[Gregory Edigarov]

On 2020-05-28 07:16, Quantum Robin wrote:

Hi,

While surfing on the Google to learn more about OpenBSD, I encountered this
one: "OpenBSD: Not Free Not Fuctional and Definetly Not Secure (
https://aboutthebsds.wordpress.com/2013/01/25/20/)

Is the author telling the truth? Or just yet another anti-BSD thing?


Those haters are always somehow associating to me with the MTV song by 
Ian Gillan :-))

clang analyzer

[Gregory Edigarov]

Hello,

clang --analyze main.c
error: action RunAnalysis not compiled in

I find it strange.  Is there any particular reason for not including it?

Is there any procedure I can use to get a "full" clang?

Thank you.

--

With best regards,

    Gregory Edigarov

Re: BGP and carp slaves

[Gregory Edigarov]

On 02.04.20 12:34, Luca Bodini wrote:

Hi folks,

I’m just having a strange issue using OpenBSD 6.6 and BGP .
I have two OpenBSD firewalls with a carp configuration, let’s suppose the 
shared IP is 10.10.10.100, and I am able to announce 10.10.10.100/32 via BGP.
Now, here is my /etc/bgpd.conf configuration:

prefix-set mynetworks { \
 10.10.10.100/32\
}

I’ve asked provider to change BGP configuration and everything now is stetted 
up correctly, now, the question is:
Is the carp slave accepting and forwarding connections by design or is it un 
“unintended" feature?


Just out of curiosity, was that a real config or you've replaced ASn and 
prefix? if it is real where have you found a provider, agreed to setup 
session with private ASn anouncing a single private ip?

Is that a lab of some kind?

Re: 10Gbit network work only 1Gbit

[Gregory Edigarov]

On 13.11.19 21:18, Hrvoje Popovski wrote:

On 13.11.2019. 16:37, Gregory Edigarov wrote:

could you please do one more test:
"forwarding over ix0 and ix1, pf enabled, 5 tcp states"

with this generator i can't use tcp. generally pps with 5 or 50
states are more or less same ... problem with tcp testing is that i
can't get precise pps numbers ...

and only for you :)
with iperf3 (8 tcp streams) on client boxes i'm getting this results ...

forwarding over ix0 and ix1, pf and ipsec disabled
9.40Gbps

forwarding over ix0 and ix1, pf enabled, 8 tcp streams
7.40Gbps

forwarding over ix0 and ix1, ipsec established over em0, pf disabled
8.10Gbps

forwarding over ix0 and ix1, ipsec established over em0, pf enabled, 8
TCP streams
5.25Gbps

thanks, Hrvoje



On 13.11.19 12:52, Hrvoje Popovski wrote:

On 13.11.2019. 10:59, Hrvoje Popovski wrote:

On 12.11.2019. 10:54, Szél Gábor wrote:

Dear Hrvoje, Theo,

Thank you for your answers!

answers to the questions:
-  who is parent interface for carp?  -> vlan  ( carp10 interface
parent
vlan10 -> vlan10 interface  parent -> trunk0 )
- why vlan interfaces don't have ip address ? -> it wasn't needed! i
think vlan interface need only tag packages. Carp (over vlan) interface
have IP address.

it's little strange to me to not have ip address on parent carp
interface, but if it works for you ... ok..


- vether implies that you have bridge? -> yes whe have only one bridge
for bridget openvpn clients, but  we will eliminate it.


we will do the following:
- refresh our backup firewall to oBSD 6.6
- replace trunk interface with aggr
- remove bridge interface

this is nice start to make you setup faster. big performance killer in
your setup is ipsec and old hardware. maybe oce(4) but i never tested
it, so i'm not sure ... if you can, change oce with ix, intel x520 is
not that expensive ..

bridge is slow, but only for traffic that goes through it. with ipsec,
the same second when tunnel is established, forwarding performance will
drop significantly on whole firewall ...

i forgot numbers, so i did quick tests ..


forwarding over ix0 and ix1, pf and ipsec disabled
1.35Mpps

forwarding over ix0 and ix1, pf enabled, 500 UDP states
800Kpps

forwarding over ix0 and ix1, ipsec established over em0, pf disabled
800Kpps

forwarding over ix0 and ix1, ipsec established over em0, pf enabled, 500
UDP states
550Kpps



OpenBSD 6.6-current (GENERIC.MP) #453: Mon Nov 11 21:40:31 MST 2019
  dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17115840512 (16322MB)
avail mem = 16584790016 (15816MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xcf42c000 (99 entries)
bios0: vendor Dell Inc. version "2.8.0" date 06/26/2019
bios0: Dell Inc. PowerEdge R620
acpi0 at bios0: ACPI 3.0
acpi0: sleep states S0 S4 S5
acpi0: tables DSDT FACP APIC SPCR HPET DMAR MCFG WD__ SLIC ERST HEST
BERT EINJ TCPA PC__ SRAT SSDT
acpi0: wakeup devices PCI0(S5)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 4 (boot processor)
cpu0: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.53 MHz, 06-3e-04
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN

cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 2, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 100MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
cpu1 at mainbus0: apid 6 (application processor)
cpu1: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.01 MHz, 06-3e-04
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN

cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 3, package 0
cpu2 at mainbus0: apid 8 (application processor)
cpu2: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.01 MHz, 06-3e-04
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN

cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 4, package 0
cpu

Re: 10Gbit network work only 1Gbit

[Gregory Edigarov]

could you please do one more test:
"forwarding over ix0 and ix1, pf enabled, 5 tcp states"

On 13.11.19 12:52, Hrvoje Popovski wrote:

On 13.11.2019. 10:59, Hrvoje Popovski wrote:

On 12.11.2019. 10:54, Szél Gábor wrote:

Dear Hrvoje, Theo,

Thank you for your answers!

answers to the questions:
-  who is parent interface for carp?  -> vlan  ( carp10 interface parent
vlan10 -> vlan10 interface  parent -> trunk0 )
- why vlan interfaces don't have ip address ? -> it wasn't needed! i
think vlan interface need only tag packages. Carp (over vlan) interface
have IP address.

it's little strange to me to not have ip address on parent carp
interface, but if it works for you ... ok..


- vether implies that you have bridge? -> yes whe have only one bridge
for bridget openvpn clients, but  we will eliminate it.


we will do the following:
- refresh our backup firewall to oBSD 6.6
- replace trunk interface with aggr
- remove bridge interface

this is nice start to make you setup faster. big performance killer in
your setup is ipsec and old hardware. maybe oce(4) but i never tested
it, so i'm not sure ... if you can, change oce with ix, intel x520 is
not that expensive ..

bridge is slow, but only for traffic that goes through it. with ipsec,
the same second when tunnel is established, forwarding performance will
drop significantly on whole firewall ...


i forgot numbers, so i did quick tests ..


forwarding over ix0 and ix1, pf and ipsec disabled
1.35Mpps

forwarding over ix0 and ix1, pf enabled, 500 UDP states
800Kpps

forwarding over ix0 and ix1, ipsec established over em0, pf disabled
800Kpps

forwarding over ix0 and ix1, ipsec established over em0, pf enabled, 500
UDP states
550Kpps



OpenBSD 6.6-current (GENERIC.MP) #453: Mon Nov 11 21:40:31 MST 2019
 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17115840512 (16322MB)
avail mem = 16584790016 (15816MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xcf42c000 (99 entries)
bios0: vendor Dell Inc. version "2.8.0" date 06/26/2019
bios0: Dell Inc. PowerEdge R620
acpi0 at bios0: ACPI 3.0
acpi0: sleep states S0 S4 S5
acpi0: tables DSDT FACP APIC SPCR HPET DMAR MCFG WD__ SLIC ERST HEST
BERT EINJ TCPA PC__ SRAT SSDT
acpi0: wakeup devices PCI0(S5)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 4 (boot processor)
cpu0: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.53 MHz, 06-3e-04
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 2, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 100MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
cpu1 at mainbus0: apid 6 (application processor)
cpu1: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.01 MHz, 06-3e-04
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 3, package 0
cpu2 at mainbus0: apid 8 (application processor)
cpu2: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.01 MHz, 06-3e-04
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 4, package 0
cpu3 at mainbus0: apid 16 (application processor)
cpu3: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.01 MHz, 06-3e-04
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 8, package 0
cpu4 at mainbus0: apid 18 (application processor)
cpu4: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.01 MHz, 06-3e-04
cpu4:

Re: obsd web server

[Gregory Edigarov]

On 02.09.19 02:49, Gustavo Rios wrote:

Hi folks,

i would like to confgiure my obsd server as a web server.

I would like to configure my web server to handle multiple domains
without having to set each domain one by one.

I mean:
   Every request for www.x.com is mapped into the root directory
/var/web/www.x.com

Got the idea ? If a new server is required,  All i needed to do would
create a directory inside /var/web with the full access string :

mkdir /var/web/www.newdomain.com

And i should not need to manipulate config files


Hi,

you may want to look at lighttpd.
https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModSimpleVhost

should be what you need

Re: su - root => segmentation fault

[Gregory Edigarov]

On 31.07.19 17:00, Solene Rapenne wrote:

On Wed, Jul 31, 2019 at 04:49:54PM +0500, dmitry.sensei wrote:

Hi!
why did it happen?

OpenBSD 6.5 current
$su - root
root's password:
Segmentation fault
$ doas su - root
#

--
Dmitry Orlov

what current? What arch?

works for me©
OpenBSD 6.5-current (GENERIC.MP) #153: Sun Jul 28 20:33:09 MDT 2019

usually it means that your kernel does not match the userspace

Re: Postscript printer recommendations

[Gregory Edigarov]

On 18.07.19 10:57, Gregory Edigarov wrote:
Just for myself  until the better solution arive I for a while have 
put such lines into rc.shutdown


also, how about having kernel.conf file, that will be used by rc script 
after kernel relinking.


i.e something like this in the end of /etc/rc

if [ -f /etc/kernel.conf ]; then

config -ef /bsd < /etc/kernel.conf

fi


On 18.07.19 10:07, Stuart Henderson wrote:

On 2019-07-16, Robert Klein  wrote:

How about:

config -ef /bsd <It still works, but it prevents "kernel reordering" from taking 
place, which is
both a security mitigation and (for release users) the mechanism used 
for applying
syspatches to the kernel. And of course for snapshot users it needs 
to be

re-applied every update. We don't have a good solution for this yet.

Re: Postscript printer recommendations

[Gregory Edigarov]

Just for myself  until the better solution arive I for a while have put 
such lines into rc.shutdown


On 18.07.19 10:07, Stuart Henderson wrote:

On 2019-07-16, Robert Klein  wrote:

How about:

config -ef /bsd <
It still works, but it prevents "kernel reordering" from taking place, which is
both a security mitigation and (for release users) the mechanism used for 
applying
syspatches to the kernel. And of course for snapshot users it needs to be
re-applied every update. We don't have a good solution for this yet.

Re: Ansible install Re: Reboot and re-link

[Gregory Edigarov]

On 21.06.19 21:02, Frank Beuth wrote:

On Wed, Jun 19, 2019 at 11:29:32PM +0200, Maxim Bourmistrov wrote:
Installing via NOT RECOMMENDED WAY(following upgrade65.html) - 
scripting on

steroides (ansible).


I don't want to re-open the hostilities, but installing OpenBSD via 
Ansible is very relevant to my interests. Previously discussed on this 
list was a very roundabout approach using Qemu -- is there a better 
way now?


it's all easy given it is some IaaS provider, just use terraform to 
create the ground, (terraform could also be used to upload keys, and do 
some preconfiguration) then call ansible.


my worst timing on AWS is ~20 minutes.

baremetal servers are more interesting beasts here but if your 
colocation/infrastructure provider allows for boot image uploads that's 
also quite doable with existing tools.

Re: Random system freeze.

[Gregory Edigarov]

Hi Paco,

could you please check if you can login over  network when the system 
freeze?

if so - please do a backtrace of the X server.
i.e.:

su -
gdb /usr/X11R6/bin/X `pgrep  X`
bt

just curious, if you'll my condition also.
that may help developers in problem identification.

thanks.

On 23.05.19 18:35, Paco Esteban wrote:

Hi misc@,

I've been having some system freezes lately, as others using intel
graphics.

Sometimes it does not hit in days but sometimes the system hangs 2 or 3
times a day.

I was wondering if there's any iformation I can supply to devs that
could be useful (besides dmesg ...).

Cheers,
Paco.

OpenBSD 6.5-current (GENERIC.MP) #37: Tue May 21 19:41:49 MDT 2019
 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 16567697408 (15800MB)
avail mem = 16055463936 (15311MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0x67493000 (88 entries)
bios0: vendor American Megatrends Inc. version "F4" date 09/04/2015
bios0: Gigabyte Technology Co., Ltd. Z170N-WIFI-CF
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT FIDT MCFG HPET SSDT SSDT UEFI LPIT SSDT SSDT 
SSDT DBGP DBG2 SSDT SSDT BGRT DMAR ASF!
acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) PEG2(S4) 
PS2K(S3) PS2M(S3) PXSX(S4) RP09(S4) PXSX(S4) RP10(S4) PXSX(S4) RP11(S4) 
PXSX(S4) RP12(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz, 3601.34 MHz, 06-5e-03
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 23MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz, 3500.01 MHz, 06-5e-03
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz, 3400.00 MHz, 06-5e-03
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz, 3300.00 MHz, 06-5e-03
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins
acpimcfg0 at acpi0
acpimcfg0: addr 0xe000, bus 0-255
acpihpet0 at acpi0: 2399 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG0)
acpiprt2 at acpi0: bus -1 (PEG1)
acpiprt3 at acpi0: bus -1 (PEG2)
acpiprt4 at acpi0: bus 5 (RP09)
acpiprt5 at acpi0: bus -1 (RP10)
acpiprt6 at acpi0: bus -1 (RP11)
acpiprt7 at acpi0: bus -1 (RP12)
acpiprt8 at acpi0: bus 6 (RP13)
acpiprt9 at acpi0: bus 2 (RP01)
acpiprt10 at acpi0: bus -1 (RP02)
acpiprt11 at acpi0: bus -1 (RP03)
acpiprt12 at acpi0: bus 

Re: X hangs again while on integrated

[Gregory Edigarov]

On 07.05.19 11:39, Gregory Edigarov wrote:

I've got some more info on this.

tried to run X with tiling wms: spectrwm (my main wm), dwm, i3 - all 
hang absolutely the same way. (see my last mail with X backtraced)


then I've tried fvwm - works

cwm - works

kde & gnome - both work flawlessly.

i.e. there is some trouble in the newest versions of Xenocara, making 
it impossible to run with tiling window manager at least on i915.

sorry,

yesterday fvwm and cwm were both hanging the  same way spectrwm does.

if somebody want to look into the issue - what else information beside 
dmesg and backtrace do you need?


didn't test with kde & gnome ( and anyway I removed them as I don't use 
them)


Thanks.




On 23.04.19 11:43, Gregory Edigarov wrote:

Hello misc@

it happens with no traces in logs.

most of the time while in chromium, but in firefox too. (with firefox 
it just needs more time)


thought it is memory, but memtest reveal nothing. the same is the 
video memory tests. it happens only on


intel i915. no hangs on radeon(non integrated).

when this happen i am always able to login via ssh too the box and 
kill X.


killing chrome or firefox doesn't help.

also noticed that with recent build as of Apr 21, kernel is loosing 
the changes made by config, but still works when i make changes 
during the boot in UKC.





dmesg:

OpenBSD 6.5-current (GENERIC.MP) #0: Sun Apr 21 14:26:55 EEST 2018
g...@lbld12.duckdns.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xb320 (90 entries)
bios0: vendor American Megatrends Inc. version "3805" date 05/10/2018
bios0: ASUSTeK COMPUTER INC. Q170M-C
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT ASF! MCFG SSDT FIDT SSDT SSDT HPET
SSDT SSDT UEFI SSDT LPIT WSMT SSDT SSDT DBGP DBG2 TPM2
acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4)
PEG2(S4) SIO1(S3) UAR1(S4) UAR2(S4) PXSX(S4) RP09(S4) PXSX(S4) RP10(S4)
PXSX(S4) RP11(S4) PXSX(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2694.73 MHz, 06-5e-03
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI 
\
,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB 
\
G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1 
\
6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME 
\
P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN 


    cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 24MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.78 MHz, 06-5e-03
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI 
\
,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB 
\
G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1 
\
6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME 
\
P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN 


    cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.78 MHz, 06-5e-03
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI 
\
,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB 
\
G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1 
\
6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME 
\
P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN 


    cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.78 MHz, 06-5e-03
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI 
\
,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB 
\
G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1 
\
6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME 
\
P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SE

Re: X hangs again while on integrated

[Gregory Edigarov]

I've got some more info on this.

tried to run X with tiling wms: spectrwm (my main wm), dwm, i3 - all 
hang absolutely the same way. (see my last mail with X backtraced)


then I've tried fvwm - works

cwm - works

kde & gnome - both work flawlessly.

i.e. there is some trouble in the newest versions of Xenocara, making it 
impossible to run with tiling window manager at least on i915.



On 23.04.19 11:43, Gregory Edigarov wrote:

Hello misc@

it happens with no traces in logs.

most of the time while in chromium, but in firefox too. (with firefox 
it just needs more time)


thought it is memory, but memtest reveal nothing. the same is the 
video memory tests. it happens only on


intel i915. no hangs on radeon(non integrated).

when this happen i am always able to login via ssh too the box and 
kill X.


killing chrome or firefox doesn't help.

also noticed that with recent build as of Apr 21, kernel is loosing 
the changes made by config, but still works when i make changes during 
the boot in UKC.





dmesg:

OpenBSD 6.5-current (GENERIC.MP) #0: Sun Apr 21 14:26:55 EEST 2018
g...@lbld12.duckdns.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xb320 (90 entries)
bios0: vendor American Megatrends Inc. version "3805" date 05/10/2018
bios0: ASUSTeK COMPUTER INC. Q170M-C
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT ASF! MCFG SSDT FIDT SSDT SSDT HPET
SSDT SSDT UEFI SSDT LPIT WSMT SSDT SSDT DBGP DBG2 TPM2
acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4)
PEG2(S4) SIO1(S3) UAR1(S4) UAR2(S4) PXSX(S4) RP09(S4) PXSX(S4) RP10(S4)
PXSX(S4) RP11(S4) PXSX(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2694.73 MHz, 06-5e-03
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI 
\
,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB 
\
G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1 
\
6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME 
\
P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN 


    cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 24MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.78 MHz, 06-5e-03
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI 
\
,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB 
\
G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1 
\
6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME 
\
P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN 


    cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.78 MHz, 06-5e-03
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI 
\
,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB 
\
G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1 
\
6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME 
\
P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN 


    cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.78 MHz, 06-5e-03
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI 
\
,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB 
\
G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1 
\
6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME 
\
P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN 


    cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins
acpimcfg0 at acpi0
acpimcfg0: addr 0xf800, bus 0-63
acpihpet0 at acpi0: 2399 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acp

Re: Xorg blanks until I switch to a TTY and back on 6.5

[Gregory Edigarov]

On 29.04.19 10:05, Jonathan Gray wrote:

On Sun, Apr 28, 2019 at 07:26:54PM -0400, Charles wrote:

Hello list,

Ever since the new inteldrm driver got merged into -current, shortly
before the 6.5 release, I'm seeing an odd new behavior on my Thinkpad
T430 -- when an external display is connected, Xorg blanks all screens
(but the mouse can still be seen) until I switch to a TTY and back with
(i.e. C-A-F4 then C-A-F5) after which point it goes back to normal.

I'm glad the new inteldrm driver got merged, since it fixes several
other video issues I was having. This problem is very minor since the
workaround is just a few extra keystrokes when I dock or undock, but it
is nevertheless annoying.

Is anyone else experiencing this issue on third gen core-I series Intel
chips with integrated graphics? Or on any other chips for that matter?

I checked Xorg.0.log and didn't see anything suspicious. I also tried
disabling monitor hotplugging via Xorg.conf, but I either did it wrong
or it had no effect.

I would attach xorg logs and dmesg, but AFAIK misc@ does not allow
attachments, and I don't want to annoy people with that much inline
info.

Does this help?

Index: sys/dev/pci/drm/drm_fb_helper.c
===
RCS file: /cvs/src/sys/dev/pci/drm/drm_fb_helper.c,v
retrieving revision 1.13
diff -u -p -r1.13 drm_fb_helper.c
--- sys/dev/pci/drm/drm_fb_helper.c 14 Apr 2019 10:14:51 -  1.13
+++ sys/dev/pci/drm/drm_fb_helper.c 29 Apr 2019 06:58:25 -
@@ -575,6 +575,9 @@ static bool drm_fb_helper_is_bound(struc
  #ifdef notyet
if (READ_ONCE(dev->master))
return false;
+#else
+   if (!SPLAY_EMPTY(>files))
+   return false;
  #endif
  
  	drm_for_each_crtc(crtc, dev) {

could this one be also related to my troubles?

Re: some more info about ?? hangs

[Gregory Edigarov]

Updated and rebuilt. Still hangs The same way and place.

On Sun, Apr 28, 2019, 07:02 Jonathan Gray  wrote:

> On Sat, Apr 27, 2019 at 04:55:50PM +0300, Gregory Edigarov wrote:
> > attached please find  dmesg and backtrace of X when that happen again
> > hope this bug report will be more useful than previous one.
> >
> > thank you.
> > --
> > With best regards,
> >   Gregory Edigarov
>
> Likely fixed by
>
> xenocara/xserver/hw/xfree86/common/xf86VGAarbiterPriv.h
>
> 
> revision 1.9
> date: 2019/04/28 03:12:53;  author: jsg;  state: Exp;  lines: +13 -7;
> commitid: gMqza1DBk6OCnvP4;
> Backport cf7517675d988c2d1ff967d6d162a17acbdad46 from xserver 1.20
> xfree86: Hold input_lock across SPRITE functions in VGA arbiter
>
> Fixes stack overflow crash with VGA arbiter used with multi GPU systems.
> Report and fix identified by 'Joe M' on misc@. ok matthieu@
> 
>

some more info about Х hangs

[Gregory Edigarov]

attached please find  dmesg and backtrace of X when that happen again
hope this bug report will be more useful than previous one.

thank you.
--
With best regards,
  Gregory Edigarov


dmesg
Description: Binary data


x.backtrace
Description: Binary data

X hangs again while on integrated

[Gregory Edigarov]

Hello misc@

it happens with no traces in logs.

most of the time while in chromium, but in firefox too. (with firefox it 
just needs more time)


thought it is memory, but memtest reveal nothing. the same is the video 
memory tests. it happens only on


intel i915. no hangs on radeon(non integrated).

when this happen i am always able to login via ssh too the box and kill X.

killing chrome or firefox doesn't help.

also noticed that with recent build as of Apr 21, kernel is loosing the 
changes made by config, but still works when i make changes during the 
boot in UKC.





dmesg:

OpenBSD 6.5-current (GENERIC.MP) #0: Sun Apr 21 14:26:55 EEST 2018
g...@lbld12.duckdns.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xb320 (90 entries)
bios0: vendor American Megatrends Inc. version "3805" date 05/10/2018
bios0: ASUSTeK COMPUTER INC. Q170M-C
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT ASF! MCFG SSDT FIDT SSDT SSDT HPET
SSDT SSDT UEFI SSDT LPIT WSMT SSDT SSDT DBGP DBG2 TPM2
acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4)
PEG2(S4) SIO1(S3) UAR1(S4) UAR2(S4) PXSX(S4) RP09(S4) PXSX(S4) RP10(S4)
PXSX(S4) RP11(S4) PXSX(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2694.73 MHz, 06-5e-03
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI
 \
,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB
 \
G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1
 \
6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME
 \
P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN

cpu0: 256KB 64b/line 8-way L2 cache

cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 24MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.78 MHz, 06-5e-03
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI
 \
,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB
 \
G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1
 \
6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME
 \
P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN

cpu1: 256KB 64b/line 8-way L2 cache

cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.78 MHz, 06-5e-03
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI
 \
,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB
 \
G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1
 \
6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME
 \
P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN

cpu2: 256KB 64b/line 8-way L2 cache

cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.78 MHz, 06-5e-03
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI
 \
,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB
 \
G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1
 \
6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME
 \
P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN

cpu3: 256KB 64b/line 8-way L2 cache

cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins
acpimcfg0 at acpi0
acpimcfg0: addr 0xf800, bus 0-63
acpihpet0 at acpi0: 2399 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG0)
acpiprt2 at acpi0: bus -1 (PEG1)
acpiprt3 at acpi0: bus -1 (PEG2)
acpiprt4 at acpi0: bus 4 (RP09)
acpiprt5 at acpi0: bus -1 (RP10)
acpiprt6 at acpi0: bus 5 (RP11)
acpiprt7 at acpi0: bus -1 (RP12)
acpiprt8 at acpi0: bus -1 (RP13)
acpiprt9 at acpi0: bus 2 (RP01)
acpiprt10 at acpi0: bus -1 (RP02)
acpiprt11 at acpi0: bus -1 (RP03)
acpiprt12 at acpi0: bus -1 (RP04)
acpiprt13 at acpi0: bus 3 (RP05)
acpiprt14 at acpi0: bus -1 (RP06)

Re: procmail and new grammar in smtpd.conf

[Gregory Edigarov]

On 05.12.18 13:22, Eda Sky wrote:

Hi
I'm preparing an update from 6.3 to 6.4 and fix the required 
configuration files
For many years I've been using fetchmail/procmail and I do not know 
how to overwrite smtpd.conf to a new grammar

the original rule is

accept from any for domain "example.com" alias  deliver to 
mda "/usr/local/bin/procmail -f -" \


that seems to become:

action "procmail" mda "/usr/local/bin/procmail -f -"

match for domain "example.com" action "procmail"



I do not know how to write new rules.
Everything I'm trying to do ends with syntax error.

Will anyone advise me?
Thank you

ssh -w in macosx (sorry I know it's a deep offtopic)

[Gregory Edigarov]

Hello,

need to get ssh tunnel quickly.
the other side is linux.

running this:

ssh -i /home/MAC_A_120614/.ssh/id_rsa -vvv -o PermitLocalCommand=yes -o 
LocalCommand="ifconfig tun1 192.168.100.4 pointtopoint 192.168.100.3 
netmask 255.255.255.255" -o ServerAliveInterval=60 -w 1:1 somehost.com 
"ifconfig tun1 192.168.100.3 pointopoint 192.168.100.4 netmask 
255.255.255.255"


got this:

debug1: sys_tun_open: /dev/tun1 open failed: No such file or directory
Tunnel device open failed.

no man pages, no /dev/MAKEDEV,  not that i  could find something on the net.

we've really got very spoiled with OpenBSD :-)

Re: Redistributing between bgpd and ospfd

[Gregory Edigarov]

On 15.10.18 12:58, Sebastian Benoit wrote:

open...@kene.nu(open...@kene.nu) on 2018.10.15 11:05:41 +0200:

Hello,

I am trying to get bgpd and ospfd play nicely with route redistribution.

So far the only way I have found that suits my need is to use
bgpd.conf network statements and rtlabels.

So, to make ospfd learn route from bgpd I use rtlabels. So in bgpd.conf:
match from  set rtlabel from_bgpd

And in ospfd.conf:
redistribute rtlabel from_bgpd


So far so good. But the other way around, to bake bgpd learn from
ospfd it becomes a bit more tedious. The only way I have found to make
bgpd announce ospf originated routes (to its bgp peers) is via network
statements in bgpd.conf. These network statements are not conditional
on the availability of such a route in ospf though so they are not
very dynamic anymore.

I understand that it according to standard
(https://tools.ietf.org/html/rfc1364) should be something that is
explicit for type 1 and 2 LSAs.

What is the recommended way to achieve dynamic explicit route
redistribution in both directions?

Network statements are the correct way.

You can use

  network (inet|inet6) priority ...
  network (inet|inet6) rtlabel ...

So with

   network inet priority  32

you should be able to redistribute all ospf routes into bgp.

If this does not help, please explain your problem further (and include your
config).

(Note that you should run OpenBSD 6.4 (just use the latest snapshot) for
this as there was at least a bugfix for route-labels.)
wouldn't it be nice to have rtlabels in ospf(6)d? I would even prefer 
setting them per area, or per interface where a route was learned.
just wondering why is it not implemented yet. is that too complex 
change? or just not necessary?


thank you.

Re: Certificate authority software

[Gregory Edigarov]

On 21.09.18 15:28, Tim Jones wrote:

‐‐‐ Original Message ‐‐‐
On Friday, September 21, 2018 1:21 PM, Gregory Edigarov  
wrote:


Hello, list.

I need to setup a CA for intranet. I have some (rather not very
positive) experience with ejbca.
before I will set it up, I want to take a look at alternatives, and so i
need an advice on the choice of software.

what would you guys use? something with less dependencies is preferred
(but with web interface).

thank you.




Depends what you want to do and the scale of your infrastructure ?

If its your home lab or a small(ish) business then buy some Yubikeys (for the 
"secure your keys in an HSM" element) and fire up a copy of OpenSSL, and Robert 
is your uncle.

If your talking thousands of users or tens of thousands of servers, then I'm 
sure you've got the budget for to pay for advice. ;-)

Thank you.

we're talking about hundreds of users,  almost all of them are 
roadwarriors with ipsec/openvpn (depending on their preference), and 
tens of servers.

and no, I do not have any budget ;-)

Re: Certificate authority software

[Gregory Edigarov]

Forgot to say:

something with dual (command line/web) interface would be even more 
preferred.



On 21.09.18 15:21, Gregory Edigarov wrote:

Hello, list.

I need to setup a CA for intranet. I have some (rather not very 
positive) experience with ejbca.
before I will set it up, I want to take a look at alternatives, and so 
i need an advice on the choice of software.


what would you guys use? something with less dependencies is preferred 
(but with web interface).


thank you.

--

With best regards,

  Gregory Edgarov

Certificate authority software

[Gregory Edigarov]

Hello, list.

I need to setup a CA for intranet. I have some (rather not very 
positive) experience with ejbca.
before I will set it up, I want to take a look at alternatives, and so i 
need an advice on the choice of software.


what would you guys use? something with less dependencies is preferred 
(but with web interface).



thank you.

--

With best regards,

  Gregory Edgarov

Re: OpenBSD and letsencrypt in Amazon AWS

[Gregory Edigarov]

On 10.09.18 09:08, Jordan Geoghegan wrote:



On 09/09/18 07:05, Monah Baki wrote:

Hi All,

I have a OpenBSD 6.3 server in Amazon AWS, and I am trying to install 
from

ports letsencrypt. Install was running fine till I got a Fatal message
after it was done with the patching process

...


Thanks
Monah
acme-client(1) is in base and is used to get letsencrypt certificates. 
I believe it does the same job as certbot/letsencrypt.


in a way. certbot on the other hand is capable of manual confirmation 
setup, which is necessary for dns-01, to get wildcard certificates.

Re: Configuration of a umb device

[Gregory Edigarov]

On 11.07.18 07:13, salan...@ouvaton.org wrote:

9 juillet 2018 08:12 "Gregory Edigarov"  a écrit:

perhaps a simple
route add -net default 100.144.58.18
will do the trick

I have done that, but this result does not change.

# ifconfig umb0
umb0: flags=8851 mtu 1500
 index 13 priority 0 llprio 3
 roaming disabled registration home network
 state up cell-class EDGE rssi -81dBm speed 60.4Kps up 242Kps down
 SIM initialized PIN valid (3 attempts left)
 subscriber-id 310260855911295 ICC-id 8901260851159112954 provider US 
Mobile
 device KRD 131 30/123 - R1A/1 IMEI 004401701565398 firmware R3C11 
(Pro), R4A10 (App)
 APN pwg
 dns 10.177.0.34 10.177.0.210
 status: active
 inet 100.146.18.133 --> 100.146.18.131 netmask 0xfff8
# route add -net default 100.146.18.131
# ping -c1 100.146.18.131
PING 100.146.18.131 (100.146.18.131): 56 data bytes

--- 100.146.18.131 ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss


but at least, now there is no error.
may be it's a provider that blocks traffic.
also can you confirm pf is disabled on your side?

Re: Configuration of a umb device

[Gregory Edigarov]

perhaps a simple
route add -net default 100.144.58.18
will do the trick


On 09.07.18 03:37, salan...@ouvaton.org wrote:

Could someone direct me as to how to set up my computer such that I can
get internet access through? I installed a this model of US Mobile SIM card.
https://www.usmobile.com/shop/product/Triple-Cut-GSM-SIM-Card

Then I ran the commands below. What do I need to do next?

$ dmesg|grep umb
umb0 at uhub0 port 4 configuration 1 interface 6 "Lenovo N5321 gw" rev 
2.00/0.00 addr 2
$ ifconfig apn pwg pin 1234 class 2G roaming up
$ ifconfig
umb0: flags=8851 mtu 1500
index 5 priority 0 llprio 3
roaming enabled registration home network
state up cell-class EDGE rssi -77dBm speed 60.4Kps up 242Kps down
SIM initialized PIN valid (3 attempts left)
subscriber-id 310260855911295 ICC-id 8901260851159112954 provider US Mobile
device KRD 131 30/123 - R1A/1 IMEI 004401701565398 firmware R3C11 (Pro), R4A10 
(App)
APN pwg
dns 10.177.0.34 10.177.0.210
status: active
inet 100.144.58.19 --> 100.144.58.18 netmask 0xfff8
$ ping -c1 9.9.9.9
PING 9.9.9.9 (9.9.9.9): 56 data bytes
ping: sendmsg: No route to host
ping: wrote 9.9.9.9 64 chars, ret=-1

--- 9.9.9.9 ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss

Re: Pf syntax, need help understanding an example

[Gregory Edigarov]

hi,
$ext_if -     expands to the name of the interface
($ext_if) - expands to the ip address assigned to the interface

On 06.06.18 12:21, Johan Mellberg wrote:

Hi,

I am working my way through "The Book of Pf" and got hung up on the
example on page 31 of edition 3 (I am reading edition 2 but the
example seems to be identical in edition 3):

ext_if = "re0" # macro for external interface - use tun0 or pppoe0 for PPPoE
int_if = "re1" # macro for internal interface
localnet = $int_if:network
# ext_if IPv4 address could be dynamic, hence ($ext_if)
match out on $ext_if inet from $localnet nat-to ($ext_if) # NAT, match IPv4 only
block all
pass from { self, $localnet

So, what it does is not a problem, I understand that, but that set of
parentheses around $ext_if confuses me. The explanation states that
the IPv4 address could be dynamic (which is clear...) but I look at
that example and as far as I understand, $ext_if should expand to
"re0", not an IP address - right?

Just to test I tried a simple line in my own pf.conf (on OpenBSD 6.3):

ext_if = "em0"
set skip on $ext_if

and tested with pfctl -nvf /etc/pf.conf

That worked so then I put parentheses around $ext_if:

set skip on ($ext_if)

and tested again. This time I got a syntax error!

So could someone please explain this to me? I don't think this is an
error in the book because there is a small paragraph apart from the
comment in the example specifically pointing out the value of these
parentheses - but I can't wrap my head around it. Any help
appreciated!

Sincerely, Johan

re0: watchdog timeout on recent current

[Gregory Edigarov]

Hello everybody,

ok, so here is the symptoms. the thing happens usually during the high 
traffic, like when I am trying to watch video on a tv, which is 
connected to my home server/router on re0 (it is the local interface).


the video freezes immediately. something like ifconfig re0 down && pfctl 
-Fst && ifconfig re0 up, hepls a bit but not every time, sometimes I 
need to reboot.


during the March and until the middle of April it was working fine, do I 
think it was broklen quite recently.

please let me know if you need more info.

the system is a recent -CURRENT.

dmesg follows:

OpenBSD 6.3-current (GENERIC.MP) #0: Sat Apr 28 10:30:01 EEST 2018
g...@lbld12.duckdns.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17011752960 (16223MB)
avail mem = 16488316928 (15724MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xb3202000 (90 entries)
bios0: vendor American Megatrends Inc. version "3601" date 12/12/2017
bios0: ASUSTeK COMPUTER INC. Q170M-C
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT ASF! MCFG SSDT FIDT SSDT SSDT HPET 
SSDT SSDT UEFI SSDT LPIT WSMT SSDT SSDT DBGP DBG2 TPM2
acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) 
PEG2(S4) SIO1(S3) UAR1(S4) UAR2(S4) PXSX(S4) RP09(S4) PXSX(S4) RP10(S4) 
PXSX(S4) RP11(S4) PXSX(S4) [...]

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2694.73 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN

cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 23MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.72 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN

cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.72 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN

cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.72 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN

cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpihpet0 at acpi0: 2399 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG0)
acpiprt2 at acpi0: bus -1 (PEG1)
acpiprt3 at acpi0: bus -1 (PEG2)
acpiprt4 at acpi0: bus 4 (RP09)
acpiprt5 at acpi0: bus -1 (RP10)
acpiprt6 at acpi0: bus 5 (RP11)
acpiprt7 at acpi0: bus -1 (RP12)
acpiprt8 at acpi0: bus -1 (RP13)
acpiprt9 at acpi0: bus 2 (RP01)
acpiprt10 at acpi0: bus -1 (RP02)
acpiprt11 at acpi0: bus -1 (RP03)
acpiprt12 at acpi0: bus -1 (RP04)
acpiprt13 at acpi0: bus 3 (RP05)
acpiprt14 at acpi0: bus -1 (RP06)
acpiprt15 at acpi0: bus -1 (RP07)
acpiprt16 at acpi0: bus -1 (RP08)
acpiprt17 at acpi0: bus 1 (RP17)
acpiprt18 at acpi0: bus -1 (RP18)
acpiprt19 at acpi0: bus -1 (RP19)
acpiprt20 at acpi0: bus -1 (RP20)
acpiprt21 at acpi0: bus -1 (RP21)
acpiprt22 at acpi0: bus -1 (RP22)

Re: Cold / warm spare for OpenBSD server

[Gregory Edigarov]

I would solve the problem of config sync vice versa.
instead of syncing the files from one host to another you could just 
create the same files using any software configuration management system 
like ansible.


of course, you will still need to sync the data, and rsync is your best 
friend here.



On 11.04.18 16:08, Jeff Zimmerman wrote:

Hello!


I administer multiple OpenBSD machines which have been backing up via tar and sftp. I do 
have one server that is mission critical that I'd like to move to a more "warm" 
backup, perhaps using rsync. I already have a second server with the same hardware and 
OpenBSD version that is in a cold state but currently it would take some time to rebuild 
from the backup tars if something happened to the main server.


I see this project as having two different stages. Because I've installed a lot 
of ports and packages outside of the base install, stage one would involve 
installing the same rev of OpenBSD on the redundant machine and having rsync 
sync everything (binaries, config, etc.) from production to the redundant 
machine. Then stage two would pare down the rsync config to only sync the 
dynamic data, like /var/mail, /etc configuration files and that kind of thing.


My questions:

Stage 1: sync the two machines so are initially identical.


When syncing everything from existing to redundant machine in stage 1, what 
directories wouldn't need to be / shouldn't be synced?


I suspect that /dev and /mnt probably shouldn't be synced and probably don't 
need to be synced if the server hardware and OS version is the same between 
machines. Likewise kernel files like /boot and /bsd probably don't need to be 
synced either unless upgrading the kernel for security patches. Are there other 
directories that shouldn't be or don't need to be synced?


Stage 2: sync mail, /etc/passwd, etc. on a regular basis between the machines


I need to mirror /etc, /var/mail, and any other directories with dynamically 
changing data. I'm not so concerned about logs so I probably won't sync all of 
/var. Similar to my question above, are there other directories that would have 
commonly changed data that I should be backing up on a semi-regular basis?


Is rsync the best way to keep two OpenBSD servers in close sync with each other? Is rsync a 
reasonable way to initially mirror the installed ports and packages and configuration data from one 
machine to another? And is there a better way to go about having 2 servers in sync, one 
"hot" and one "warm"?


Thanks!


Jeff

Re: httpd - serving index.html & index.php at the same time

[Gregory Edigarov]

On 11.04.18 11:40, Mischa wrote

Ok, good to know. It doesn't work as written. The only thing I see in the 
error.log is the fact that the PHP script is not found.

Access to the script '/htdocs/s/' has been denied (see 
security.limit_extensions)

Which tells me index.php is not requested.

Browser tells me: File not found

Running in debug mode it shows the following

default 46.xx.xx.xx - - [11/Apr/2018:10:24:26 +0200] "GET /s/ HTTP/1.1" 404 0 "" 
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:58.0) Gecko/20100101 Firefox/58.0"
default 46.xx.xx.xx - - [11/Apr/2018:10:24:27 +0200] " " 408 0 "" ""
server default, client 1 (1 active), 46.xx.xx.xx:4824 -> xx.xx.xx.xx, timeout 
(408 Request Timeout)
Primary script unknown
default 46.xx.xx.xx - - [11/Apr/2018:10:24:27 +0200] "GET /s/ HTTP/1.1" 404 0 "" 
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:58.0) Gecko/20100101 Firefox/58.0"

Not sure what else to look at. :((

Did some tests.
here's how it works:

    location "/test" {
    block return 301 "/test/"
    }
    location "/test/" {
    root strip 1
    root "/htdocs/phpapp"
    directory index "test.php"
    }

note "root strip 1" directive.

Re: httpd - serving index.html & index.php at the same time

[Gregory Edigarov]

On 10.04.18 22:24, Mischa wrote:

Hi All,

Is there a way to serve both static and dynamic content, eg. index.html and 
index.php within the same server { } definition?
I am looking for something like:

server "default" {
 listen on $ext_addr port 80
 root "/htdocs"
 directory index "index.html" # not needed as it's the default
 location "/files/*" {
 root "/htdocs/files"
 directory auto index
 }
 location "^/phpapp/*" {
 root "/htdocs/phpapp"
 directory index "index.php"
 fastcgi socket "/run/php-fpm.sock"
 }
}

Is it possible at all or do I need split static and dynamic content based on 
server { }?


Seems like it should work exactly as you have written.
if not you should show more then you've shown.

Re: Flow Tools

[Gregory Edigarov]

Sorry, if I hijack the thread, but what do you guys use for netflow 
analysis?

Only know nfsen in ports, but sometimes I need more versatile tool.

On 13.03.18 20:35, Diana Eichert wrote:

I've been using samplicator to fanout UDP flow data for years.

https://github.com/sleinen/samplicator

diana


On Tue, 13 Mar 2018, Paul Ammann wrote:


Hi

I've got a problem and I'm hoping OBSD may be able to solve my problem.

We bought new firewalls in 2017, but they can only send flow traffic 
to a single destination. We need to send flow traffic to 3 destinations.


I have a copy of Michael Lucas' book Network Flow Analysis, and I've 
been reading about flow-tools and flowd. Unfortunately there doesn't 
seem to have been a lot of development on these tools since 2010.


Are there any other tools that I may have missed that would help me 
solve my problem?


Thank you in advanced.

Paul

deadfs, fifofs

[Gregory Edigarov]

Hello,

Curiosity killed the cat.

What are those for? I cannot find any reference in docs.

Thank you.

--

With best  regards,

    Gregory Edigarov

Re: state of Netdata on OpenBSD

[Gregory Edigarov]

On 10.01.18 18:58, Alceu R. de Freitas Jr. wrote:

Hello folks,
I'm considering installing Netdata on OpenBSD 6.2, but I found this issue on 
Github:
https://github.com/firehol/netdata/issues/1083
Unfortunately, it doesn't tell if Netdata works out of the box on OpenBSD, if 
requires the Collectd (supposedly integrated with it) or if it doesn't work at 
all.
Did you guys have any success in using it?
It did gave a shot to Collected, the problem was to get a decent web app to 
visualize the charts...


Collectd is capable of writting the data it collects to several time 
series databases like influx or prometheus.
You can use Grafana then, to visualize the data. The problem here is 
that you're still on your own to make the

nice looking dashboard.

Re: reboot loop on -current, one machine of several

[Gregory Edigarov]

On 12.11.17 21:59, Nick Holland wrote:

On 11/12/17 14:13, Otto Moerbeek wrote:

On Sun, Nov 12, 2017 at 01:28:39PM -0500, Nick Holland wrote:


Help.

I was upgrading a few very similar machines to -current today.
ONE of the three decided to be unpleasant.  The thing has a
serial console, and but it is about 370km from me. :-/

Upgrade from Sep 9 current to today's current via bsd.rd, just
like the other two.

Upon reboot, it does this (from /boot) :

booting hd0a:/bsd: 8484712+2429968+244048+0+667648 [636809heap full 
(0x9d304+65536)

And then reboots the system, as if from power-down/power-up.
(already something I haven't seen before)

Reboot from "bsd.rd" and "bsd.sp", same results.  reboot from "obsd"
(Sept 9), same results.  Not a kernel problem, it seems.  About this
point, I'm starting to think how the serial console has let me down.

I remember how to bring up a DRAC remote CD image via ssh tunnels
to the drac and how to run java in a windows browser, and
reboot off the remote CD image, do another upgrade, all goes fine
(again), but upon reboot, same results...  "heap full" and reboot.

Boot from remote CD, at the boot> prompt, enter "boot hd0a:/bsd",
and it boots Just Fine from the local hard disk (only boot pulled
from the remote CD).  Boot loader!  Reinstalled boot:

# installboot -v sd0
Using / as root
installing bootstrap on /dev/rsd0c
using first-stage /usr/mdec/biosboot, second-stage /usr/mdec/boot
copying /usr/mdec/boot to /boot
/boot is 3 blocks x 32768 bytes
fs block shift 3; part offset 64; inode block 24, offset 2088
master boot record (MBR) at sector 0
 partition 3: type 0xA6 offset 64 size 2000397671
/usr/mdec/biosboot will be written at sector 64

good, right?

Reboot off local hard disk, boom.  problem is still there.  maybe
not the boot loader. :-/

Verified /boot on trouble system and good system are the same.

I'm not going to cry "bug", since there are two nearly identical
systems working just fine.  But I can't think of what I did wrong
or what to do to fix it.

Suggestions?

You are hitting -DHEAP_LIMIT=0xA in /boot. The code is in libsa/alloa.c

No idea why. But something in that system is different.

You do have one weird line in your disklabel output: a filesystem
mounted on swap?

that's an mfs.  This application has one directory which has a HUGE
benefit to an MFS for tmp files.  Though the reboot happens long before
the mfs is created.


  scsibus1 at ahci0: 32 targets
-sd0 at scsibus1 targ 2 lun 0:  SCSI3 0/direct 
fixed naa.50025388400562d4
+sd0 at scsibus1 targ 0 lun 0:  SCSI3 0/direct 
fixed naa.50025388400563fe
  sd0: 976762MB, 512 bytes/sector, 2000409264 sectors, thin
-sd1 at scsibus1 targ 3 lun 0:  SCSI3 0/direct 
fixed naa.5002538c70007b02
-sd1: 1953514MB, 512 bytes/sector, 4000797360 sectors, thin
+cd0 at scsibus1 targ 1 lun 0:  ATAPI 5/cdrom 
removable
  ichiic0 at pci0 dev 31 function 3 "Intel 6 Series SMBus" rev 0x04: apic 0 int 
19
  iic0 at ichiic0

My suspicion goes to SSDs. one of them have somehow become bad.


Nick.

Re: Is there an option switch to lower minimum DH strength in SSH client?

[Gregory Edigarov]

On 03.11.17 14:37, Janne Johansson wrote:

2017-11-03 5:06 GMT+01:00 Jacob Leifman :


I was finally able to bring our OpenBSD based Network Management System up
to the current OS release (it was a couple of years out of date) but this
process broke access to a large number of older HP switches on our network.




But this breaks the use of SSH client leaving little recourse other
than perhaps telnet with NO encryption instead of somewhat weak encryption,
as the "server" is outside of our control. (I already checked that we have
the latest firmware, less than one year old.)

Is this an oversight or is there a particular logic to intentionally
breaking compatibility with a not-insignificant base of installed
equipment?



If your vendor, even with a <1y firmware still only can handle old and
deprecated
keysizes, you should not ask for everyone elses sshs to become worse, but
rather
push the vendor to get up to speed, and since that will not work, you will
have to
resort to building older ssh and use that instead of the safer one that
comes with
the modern OS you upgraded to.

Same goes for browsers and https, the bad parts of SSL/TLS gets weeded out
in browsers
so that the majority of users are safe, not kept to cater to the lowest
common denominator
of the laziest vendor still alive.

You should be asking HP how come they can't keep the free sshd code updated,
if security is your prime concern, not ask openbsd to lower everyone elses
security.

I think for most vendors, it is a rather administrative, than technical 
question.
Yes, their technical people can update code, yes they can do it quick, 
but their management is slow...

Re: Fail2ban alternative for OpenBSD

[Gregory Edigarov]

On 02.11.17 20:19, Stuart Henderson wrote:

On 2017-10-30, Gregory Edigarov <ediga...@qarea.com> wrote:

On 29.10.17 03:20, x9p wrote:

Coming from the Linux world, I wonder if there is a better alternative
to fail2ban, already being used in OpenBSD servers by the majority.


I suggest you NEVER use such "solutions". It's security by obscurity
model, and therefore a bad very very bad thing.
You'd be much safer completely turning off password authentication,
using keys instead.

If someone is pushing a lot of auth attempts, they can be consuming meaningful
amounts of cpu. (They're usually too quick to show up in top). So restricting it
can be useful from that point of view.

Myself, I normally restrict ssh to connecting from a predefined list of IPs 
though ...

And it is a right behavior when you can define such a list.
myself, I just turn off password auth, and have my keys on a pen drive.

Re: Fail2ban alternative for OpenBSD

[Gregory Edigarov]

On 29.10.17 03:20, x9p wrote:


Coming from the Linux world, I wonder if there is a better alternative 
to fail2ban, already being used in OpenBSD servers by the majority.


I suggest you NEVER use such "solutions". It's security by obscurity 
model, and therefore a bad very very bad thing.
You'd be much safer completely turning off password authentication, 
using keys instead.

Re: Flask app as UWSGI returning 500 when accessed through OpenBSD HTTPD

[Gregory Edigarov]

On 18.10.17 10:36, Ajitabh Pandey wrote:

$ uwsgi --http : --wsgi-file myproject.py --master --callable app

$ curl http://127.0.0.1:/

returns the contents, but when I access the page as

http://192.168.1.111/hello/

I get 500.

Any pointers will be helpful.


hi, what's in your error.log?

Re: migrate .htaccess conent to httpd.conf

[Gregory Edigarov]

On 03.10.17 15:10, rosjat wrote:

Hi there,

I was wondering if there is some guidence out there for this sort of 
thing? I know it's possible to simply block directories or put basic 
auth in front of it but what's about some more fine grained stuff for 
a file in a directory? Like this



    order deny,allow
    
    deny from all
    


    
    Require all denied
    


Is there a way to rewrite this for the httpd.conf ?


try this:
location template.* {
    block;
}
untested, but should work.

And 2nd question would be how to give the user a way to implement 
something like it on there own? I was thinking of a simply standard 
include in the server definition but this might mess things up



there is no such thing as .htaccess in httpd.

regards

Re: Need help securing SMTP (thunderbird says it's not encrypted)

[Gregory Edigarov]

On 27.07.17 15:56, Paul Covello wrote:

I have an OpenBSD 6.1 box set up with OpenSMTPD and Dovecot on Vultr (a 
VPS provider).

This machine is intended for use as my primary mail server.  I have a Let’s 
Encrypt certificate installed and declared in the smtpd.conf file like so:

I can send and receive mail ok using Apple Mail on my mac.  Thunderbird is 
another story…  I am warned when I set up the account that SMTP is NOT 
encrypted.

This has driven me batty all week.  My Google-Foo fails me and reading through 
my Dovecot book and smtpd man pages have not enlightened me as to why this is 
not using TLS.

When I telnet to the machine on port 587 and issue the EHLO command, STARTTLS 
does appear in the response.  Also, OpenSMTPD shows when I type the help 
command.

issuing a Mail command comes back with the response that STARTTLS must be done 
first.

Can someone clue me in on what I might be missing?

in thunderbird set Connection security to STARTTLS



Thanks in advance for your help!

— Paul.

Re: Skylake experience with -current

[Gregory Edigarov]

Well, I notice some artifacts on my system.

Using spectrwm and spacemacs, the status bar in spacemacs shows 
artifacts often. it looks like something screws that and only that video 
page area while I am being switched away from emacs.


Found this line on my dmesg:

error: [drm:pid25275:intel_pipe_update_start] *ERROR* Potential atomic 
update failure on pipe A


could be related.

switch back and forward usually help.
my kernel is basically the GENERIC.MP with pcppi and spkr disabled, that 
hang my system at boot


$ cat /usr/src/sys/arch/amd64/conf/MY

include "arch/amd64/conf/GENERIC"

option  MULTIPROCESSOR
#option MP_LOCKDEBUG

cpu*at mainbus?

pcppi0 at isa? disable
spkr0  at pcppi? disable

dmesg:

OpenBSD 6.1-current (MY) #3: Sat Jul  8 14:09:57 EEST 2017
g...@lbld12.duckdns.org:/usr/obj/sys/arch/amd64/compile/MY
real mem = 15332810752 (14622MB)
avail mem = 14862327808 (14173MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x971d6000 (91 entries)
bios0: vendor American Megatrends Inc. version "2003" date 09/21/2016
bios0: ASUSTeK COMPUTER INC. Q170M-C
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT FIDT MCFG HPET SSDT LPIT SSDT SSDT 
SSDT SSDT DBGP DBG2 SSDT SSDT UEFI SSDT ASF!
acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) 
PEG2(S4) UAR1(S4) UAR2(S4) PS2K(S3) PS2M(S3) PXSX(S4) RP09(S4) PXSX(S4) 
RP10(S4) PXSX(S4) RP11(S4) [...]

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2712.00 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT

cpu0: 256KB 64b/line 8-way L2 cache
cpu0: TSC frequency 271200 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 23MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2712.00 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT

cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2712.00 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT

cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2712.00 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT

cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpihpet0 at acpi0: 2399 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG0)
acpiprt2 at acpi0: bus -1 (PEG1)
acpiprt3 at acpi0: bus -1 (PEG2)
acpiprt4 at acpi0: bus 4 (RP09)
acpiprt5 at acpi0: bus -1 (RP10)
acpiprt6 at acpi0: bus 5 (RP11)
acpiprt7 at acpi0: bus -1 (RP12)
acpiprt8 at acpi0: bus -1 (RP13)
acpiprt9 at acpi0: bus 2 (RP01)
acpiprt10 at acpi0: bus -1 (RP02)
acpiprt11 at acpi0: bus -1 (RP03)
acpiprt12 at acpi0: bus -1 (RP04)
acpiprt13 at acpi0: bus 3 (RP05)
acpiprt14 at acpi0: bus -1 (RP06)
acpiprt15 at acpi0: bus -1 (RP07)
acpiprt16 at acpi0: bus -1 (RP08)
acpiprt17 at acpi0: bus 1 (RP17)
acpiprt18 at acpi0: bus -1 (RP18)
acpiprt19 at acpi0: bus -1 (RP19)
acpiprt20 at acpi0: bus -1 (RP20)
acpiprt21 at 

Re: shouldn't ping -I bypass all normal routing?

[Gregory Edigarov]

On 21.05.17 17:16, Stuart Henderson wrote:

On 2017-05-19, Gregory Edigarov <ediga...@qarea.com> wrote:

Hi, everybody

I've run into a strange problem while trying to implement cisco's 'ip
sla' replacement for a customer.

at an openbsd router i have

em0: 192.168.0.1/24 - local network

em1: 111.111.111.2/30 - uplink 1

em2: 222.222.222.2/30 - uplink 2

ip forwarding is on, routes received via bgp, everything work as expected.

the only problem is when something happens deep inside uplink's network:

sessions stay up, routes still present, but no traffic can pass though
uplink.

BFD would help, may be, but I stick to what i have right now.

I am trying to
ping -I 111.111.111.2 8.8.8.8

but get no answer, because route to 8.8.8.8 set through uplink2, furthermore

i see my pings on em2 with tcpdump which seems rather strange to me, as
I am enforcing the interface.

if i ping 8.8.8.8 the normal way "it works" (tm).

pinging with -I 222.222.222.2 works too.

so ?

perhaps I am overlooking something very-very basic, so help me to get
off the brake.

ping -I doesn't enforce the interface, all it does is set the source
address.  You could enforce with a PF route-to rule if you like.
well, it's ok, but then I will need to switch rules every time like:  
ping uplink1, switch pf rule, ping, switch. which is not good.
but may be i will be able to implement something with multiple routing 
tables

anyway thanks, Stuart.

Re: shouldn't ping -I bypass all normal routing?

[Gregory Edigarov]

On 19.05.17 18:47, Gregory Edigarov wrote:

Hi, everybody

I've run into a strange problem while trying to implement cisco's 'ip 
sla' replacement for a customer.


at an openbsd router i have

em0: 192.168.0.1/24 - local network

em1: 111.111.111.2/30 - uplink 1

em2: 222.222.222.2/30 - uplink 2

ip forwarding is on, routes received via bgp, everything work as 
expected.


the only problem is when something happens deep inside uplink's network:

sessions stay up, routes still present, but no traffic can pass though 
uplink.


BFD would help, may be, but I stick to what i have right now.

I am trying to
ping -I 111.111.111.2 8.8.8.8

but get no answer, because route to 8.8.8.8 set through uplink2, 
furthermore


i see my pings on em2 with tcpdump which seems rather strange to me, 
as I am enforcing the interface.


if i ping 8.8.8.8 the normal way "it works" (tm).

pinging with -I 222.222.222.2 works too.

so ?

perhaps I am overlooking something very-very basic, so help me to get 
off the brake.



and yes, it is the 6.1 amd64

--

With best regards,

     Gregory Edigarov

shouldn't ping -I bypass all normal routing?

[Gregory Edigarov]

Hi, everybody

I've run into a strange problem while trying to implement cisco's 'ip 
sla' replacement for a customer.


at an openbsd router i have

em0: 192.168.0.1/24 - local network

em1: 111.111.111.2/30 - uplink 1

em2: 222.222.222.2/30 - uplink 2

ip forwarding is on, routes received via bgp, everything work as expected.

the only problem is when something happens deep inside uplink's network:

sessions stay up, routes still present, but no traffic can pass though 
uplink.


BFD would help, may be, but I stick to what i have right now.

I am trying to
ping -I 111.111.111.2 8.8.8.8

but get no answer, because route to 8.8.8.8 set through uplink2, furthermore

i see my pings on em2 with tcpdump which seems rather strange to me, as 
I am enforcing the interface.


if i ping 8.8.8.8 the normal way "it works" (tm).

pinging with -I 222.222.222.2 works too.

so ?

perhaps I am overlooking something very-very basic, so help me to get 
off the brake.


--

With best regards,

     Gregory Edigarov

Re: why does unbound listen as root

[Gregory Edigarov]

s don't tell that to my unbound )

➜  ~ ps aux |grep unb
_unbound 65312  0.0  0.2 30960 26056 ??  IsThu06AM0:00.41 
unbound -c /var/unbound/etc/unbound.conf



On 12.05.17 11:12, Luke Small wrote:

pf rule execution says it listens as root, but it connects as the _unbound
user, when configured to run as _unbound. Why doesn't it listen, bind, etc.
as root, drop privileges and pledge away privilege escalation? Is it to
avoid more #ifdef hell? Or can you not listen to a privileged port if you
drop privileges?

Re: With Multiple PPPoE interfaces on one will work

[Gregory Edigarov]

Hi,
before anything it is necessary to provide a defintion of "not working" 
and some evidence, like ifconfig, netstat -rn, ping, etc. then somebody 
will be able to help you.
the more information you will provide, the quicker response with a 
solution you will get.



On 10.05.17 07:53, Steve wrote:

  Hello,
In 5.7 it was possible to have multiple pppoe interfaces active and 
working.This used to work fine with ifstated monitoring for outage and changing 
routing appropriatelyIn either 5.8 or 5.9 this seems to have stopped 
working.With both interfaces configured only one interface will ever become 
active.
I am unable to test with 6.0 or 6.1 at the moment.
Is anyone familiar with this issue ?
Can anyone confirm if this is resolved in 6.0 or 6.1.
Thank you.

Re: Using "Pretty" permalinks with httpd in wordpress

[Gregory Edigarov]

On 06.01.17 15:42, Atanas Vladimirov wrote:

On 06.01.2017 13:35, Jiri B wrote:

On Fri, Jan 06, 2017 at 01:32:10PM +0200, Atanas Vladimirov wrote:

Hi,

I can't figure it out.
Is it possible to use Wordpress with OpenBSD httpd and configure both
for "Pretty" permalinks.
Does anyone have a working setup?
Thanks for your time,
Atanas


Help testing this diff 
http://marc.info/?l=openbsd-tech=148370177214134=2


j.

I know about the diff and I'm testing it right now.
The problem is that I really don't know what to put in
httpd.conf.
I try to "translate" Wordpress .htaccess with no luck:

# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
^^^ this rule doesn't rewrite index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
^^^ this rule rewrites any single character to /index.php
if %{REQUEST_FILENAME} is not a real file or directory

# END WordPress

Do I read/understand the .htaccess file correctly?
In my httpd.conf:
.
# art-katerina.com
server "art-katerina.com" {
listen on * tls port 443
alias www.art-katerina.com
directory index index.php
root "/domains/art-katerina.com/"
hsts
log {
access "art-katerina-access.log",
error "art-katerina-error.log",
style combined
}
location "/.well-known/acme-challenge/*" {
root "/acme"
root strip 2
}
tls {
certificate 
"/etc/ssl/acme/art-katerina.com/fullchain.pem"

key "/etc/ssl/acme/private/art-katerina.com/privkey.pem"
}
location "*.php" {
fastcgi socket "/run/php-fpm.sock"
}
location match "(.)" {
pass rewrite "/index.php"
fastcgi socket "/run/php-fpm.sock"
}
you seem to be wrong here.  location match "(.)"   mean exactly 
_ONE_ single character.  may be you mean location match "(.+)"

.

Re: rsyslog does not produce log on OpenBSD 6.0

[Gregory Edigarov]

On 20.12.16 13:47, Stuart Henderson wrote:

On 2016-12-17, Remi Locherer  wrote:

On December 17, 2016 12:07:18 PM GMT+01:00, Federico Donati 
 wrote:

Hi all,

I've a problem with an OpenBSD 6.0 box with rsyslog.

I need to send every local logs to a remote server and I can't use
syslogd, because it does not send the hostname of the server (the one
indicated in /etc/myname), but on the remote server messages come with
the PTR record of my public ip.

have you tried -h for syslogd from base?

Yep this is the easy way.


I've installed rsyslogd, but it doesn't send anything to the remote
server. And more than that, it doesn't write anything local.

Since 5.6, OpenBSD uses a special sendsyslog(2) system call for
logging. This avoids the need for a device node and available file
descriptor, which helps with chrooted programs, or if someone is
able to cause too many FDs to be opened in an attempt to prevent
logging from working.

It needs a syslogd that is able to receive these messages. It's a
fairly simple change (see src/usr.sbin/syslogd/syslogd.c r1.111)
but afaik none of the third-party log daemons support it yet.
It's quite likely that diffs to add support for this to other
daemons would be accepted for ports, maybe upstreams would accept
them too.

Workaround for this without modifying the syslog daemon:
- run normal OpenBSD syslogd in addition to the other daemon
- have the other syslog daemon bind to a specific IP address
- have OpenBSD syslogd feed the other daemon using a network socket

Or, do not run anything else then syslogd. Seriously, I can't thought 
off any case where

that wouldn't be enough.

Re: Browser is getting slower?

[Gregory Edigarov]

On 21.11.16 15:56, George Pediaditis wrote:

Ok you are right im sorry.
Im definitively sure that iridium(its like chromium) is getting slower
after a couple of weeks. Its so slow that im waiting 7+ sec to start.
Also cpu is high and everything on the browser is really slow.  The
problem is solved when i clean my history etc. Now it takes about 1-2
sec to start it.
I have tried Firefox before but its even worse.It crashes is slow and
cpu is high.

which extensions are installed in iridium?
is iridium always running, or you load it every time?


This is my dmesg.
OpenBSD 6.0-stable (GENERIC.MP) #0: Tue Nov  8 19:51:42 EET 2016
 g...@openbox.my.domain:/usr/src/sys/arch/amd64/compile/GENERIC.MP
RTC BIOS diagnostic error 80
real mem = 8474267648 (8081MB)
avail mem = 8212963328 (7832MB)
mpath0 at root
scsibus0 at mpath0: 256 targets

OpenBSD 6.0-stable (GENERIC.MP) #0: Tue Nov  8 19:51:42 EET 2016
 g...@openbox.my.domain:/usr/src/sys/arch/amd64/compile/GENERIC.MP
RTC BIOS diagnostic error 80
real mem = 8474267648 (8081MB)
avail mem = 8212963328 (7832MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xe6dc0 (71 entries)
bios0: vendor LENOVO version "0XCN23WW" date 03/21/2016
bios0: LENOVO 80SR
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP TCPA UEFI UEFI SSDT SSDT TPM2 MSDM SSDT DBGP
DBG2 ASF! ASPT BOOT DBGP HPET LPIT APIC MCFG SSDT SSDT SSDT SSDT DMAR
FPDT
acpi0: wakeup devices GLAN(S3) XHC_(S3) XDCI(S4) HDAS(S3) PXSX(S3)
RP01(S3) PXSX(S3) RP02(S3) PXSX(S3) RP03(S3) PXSX(S3) RP04(S3)
PXSX(S3) RP05(S3) PXSX(S3) RP06(S3) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 2399 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2395.19 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA
DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS
GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT
,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 23MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2394.41 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA
DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS
GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT
,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 1 (application processor)
cpu2: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2394.41 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA
DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS
GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT
,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 1, core 0, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2394.41 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA
DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS
GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT
,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (RP01)
acpiprt2 at acpi0: bus -1 (RP02)
acpiprt3 at acpi0: bus -1 (RP03)
acpiprt4 at acpi0: bus -1 (RP04)
acpiprt5 at acpi0: bus 1 (RP05)
acpiprt6 at acpi0: bus 2 (RP06)
acpiprt7 at acpi0: bus -1 (RP07)
acpiprt8 at acpi0: bus -1 (RP08)
acpiprt9 at acpi0: bus -1 (RP09)
acpiprt10 at acpi0: bus -1 (RP10)
acpiprt11 at acpi0: bus -1 (RP11)
acpiprt12 at acpi0: bus -1 (RP12)
acpiprt13 at acpi0: bus -1 (RP13)
acpiprt14 at acpi0: bus -1 (RP14)
acpiprt15 at acpi0: bus -1 (RP15)
acpiprt16 at acpi0: bus -1 (RP16)
acpiprt17 at acpi0: bus -1 (RP17)
acpiprt18 at acpi0: bus -1 (RP18)

Re: What are the security features in OpenBSD 6.0 that are by default disabled?

[Gregory Edigarov]

On 14.10.16 22:48, Raul Miller wrote:

On Fri, Oct 14, 2016 at 2:50 PM, thrph.i...@gmail.com
 wrote:

" The only truly secure system is one that is powered off, cast in a block of 
concrete and sealed in a lead-lined room with armed guards - and even then I have my 
doubts."

Powered off works surprisingly well for some other operating systems.


well, not any more, in the presence of Intel AMT...

Re: unbound and truly multihomed setup

[Gregory Edigarov]

after all, it revealed to be just fiber connection fucked up, and 
causing the enormous packet drops.  sorry for the noise



On 29.09.16 10:48, Gregory Edigarov wrote:

Hi,

Need an advice.

I have a bgp router with 3 interfaces:

em0 (xxx.yyy,zzz.1/24),
em1, em2 - looking at uplinks

bgp is up and running, packets are forwarded just fine. also there is 
nsd, listening on both em1,em2 serving my reverse zone.


so far everything works.

now I want this host also be a resolver for lan, that sits  on 
xxx.yyy,zzz.1


here is what I have in unbound.conf


server:
verbosity: 1
outgoing-interface: 0.0.0.0
interface: 127.0.0.1
interface:
access-control: 127.0.0.0/8 allow
access-control: xxx.yyy.zzz.0/24 allow
access-control: ::1 allow
access-control: :::127.0.0.1 allow
root-hints: /etc/unbound/root.hints

some hosts are resolving correctly, for example google.com, but many 
have SERVFAIL.


if I have
outgoing-interface: xxx.yyy.zzz.1

nothing works.


so the question is: how to make unbound work in such setup?

thank you.

--

With best regards,

Gregory Edigarov

Re: unbound and truly multihomed setup

[Gregory Edigarov]

Hi Craig,

On 29.09.16 13:28, Craig Skinner wrote:

Hi Gregory,

On Thu, 29 Sep 2016 10:48:37 +0300 Gregory Edigarov wrote:

em0 (xxx.yyy,zzz.1/24),
em1, em2 - looking at uplinks
...

  outgoing-interface: 0.0.0.0

Removing the outgoing-interface line would probably resolve it.


Adding this private-addres line might help too:

private-address: xxx.yyy.zzz.0/24


Multiple outgoing-interface lines can be put in,
for each of your em1 & em2 interfaces,

I cannot use interfaces em1 and em2, it's where nsd is listening.
I removed the outgoing interface line. still no effect.
the description of private-address: directive has nothing relevant to my 
situation, but I've tried it, and still got nothing.



and separate lines for IPv4 & IPv6 too, for each interface.

The default is 'all', so its a bit pointless to manually list all your
external interfaces.


See /usr/src/usr.sbin/unbound/doc/example.conf.in
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/unbound/doc/example.conf.in

Cheers,

Re: unbound and truly multihomed setup

[Gregory Edigarov]

corrected unbound.conf snippet, just to be sure I am properly understood


On 29.09.16 10:48, Gregory Edigarov wrote:

Hi,

Need an advice.

I have a bgp router with 3 interfaces:

em0 (xxx.yyy,zzz.1/24),
em1, em2 - looking at uplinks

bgp is up and running, packets are forwarded just fine. also there is 
nsd, listening on both em1,em2 serving my reverse zone.


so far everything works.

now I want this host also be a resolver for lan, that sits  on 
xxx.yyy,zzz.1


here is what I have in unbound.conf


server:
verbosity: 1
outgoing-interface: 0.0.0.0
interface: 127.0.0.1
interface: xxx.yyy.zzz.1
access-control: 127.0.0.0/8 allow
access-control: xxx.yyy.zzz.0/24 allow
access-control: ::1 allow
access-control: :::127.0.0.1 allow
root-hints: /etc/unbound/root.hints

some hosts are resolving correctly, for example google.com, but many 
have SERVFAIL.


if I have
outgoing-interface: xxx.yyy.zzz.1

nothing works.


so the question is: how to make unbound work in such setup?

thank you.

--

With best regards,

Gregory Edigarov

unbound and truly multihomed setup

[Gregory Edigarov]

Hi,

Need an advice.

I have a bgp router with 3 interfaces:

em0 (xxx.yyy,zzz.1/24),
em1, em2 - looking at uplinks

bgp is up and running, packets are forwarded just fine. also there is 
nsd, listening on both em1,em2 serving my reverse zone.


so far everything works.

now I want this host also be a resolver for lan, that sits  on xxx.yyy,zzz.1

here is what I have in unbound.conf


server:
verbosity: 1
outgoing-interface: 0.0.0.0
interface: 127.0.0.1
interface:
access-control: 127.0.0.0/8 allow
access-control: xxx.yyy.zzz.0/24 allow
access-control: ::1 allow
access-control: :::127.0.0.1 allow
root-hints: /etc/unbound/root.hints

some hosts are resolving correctly, for example google.com, but many 
have SERVFAIL.


if I have
outgoing-interface: xxx.yyy.zzz.1

nothing works.


so the question is: how to make unbound work in such setup?

thank you.

--

With best regards,

Gregory Edigarov