support update

2018-07-23 Thread Kihaguru Gathura
0
C Kenya
P Nairobi
T Nairobi
Z P.O. Box 30164-00100
O Weenode
I
A Bishops Road
M e...@weenode.com
U
B +254 706970697
X
N Ultra-secure Enterprise Internet of Things (EIoT). Speciality in web
applications
development with OpenBSD-httpd web server, PostgreSQL DBMS, FastCGI protocol
and C programming language on OpenBSD/ARM platforms.


Can't open /dev/bio on arm

2018-08-03 Thread Kihaguru Gathura
Hi,

I am getting message:  bioctl: Can't open /dev/bio: Device not configured

No clue whatsoever on how to go about this. Please assist.

Instructions
--
almandine# fdisk -iy sd0
Writing MBR at offset 0.
almandine# fdisk -iy sd1
Writing MBR at offset 0.
almandine# disklabel -E sd0
Label editor (enter '?' for help at any prompt)
> a
partition: [a]
offset: [64]
size: [15727571] *
FS type: [4.2BSD] RAID
> w
> q
No label changes.
almandine# disklabel sd0 > layout
almandine# disklabel -R sd1 layout
almandine# rm layout
almandine# bioctl -c 1 -l sd0a,sd1a softraid0
bioctl: Can't open /dev/bio: Device not configured
--


dmesg
---
almandine# dmesg
OpenBSD 6.3-current (RAMDISK) #377: Wed Aug  1 23:25:45 MDT 2018
dera...@arm64.openbsd.org:/usr/src/sys/arch/arm64/compile/RAMDISK
real mem  = 958873600 (914MB)
avail mem = 895877120 (854MB)
mainbus0 at root: Raspberry Pi 3 Model B Rev 1.2
cpu0 at mainbus0 mpidr 0: ARM Cortex-A53 r0p4
efi0 at mainbus0: UEFI 2.7
efi0: Das U-Boot rev 0x0
simplefb0 at mainbus0: 656x416, 32bpp
wsdisplay0 at simplefb0
wsdisplay0: screen 0 added (std, vt100 emulation)
simplebus0 at mainbus0: "soc"
bcmintc0 at simplebus0
bcmdog0 at simplebus0
bcmrng0 at simplebus0
pluart0 at simplebus0
bcmaux0 at simplebus0
com0 at simplebus0: ns16550, no working fifo
com0: console
dwctwo0 at simplebus0
simplebus1 at mainbus0: "clocks"
agtimer0 at mainbus0: tick rate 19200 KHz
usb0 at dwctwo0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "Broadcom DWC2 root hub" rev
2.00/1.00 addr 1
uhub1 at uhub0 port 1 configuration 1 interface 0 "Standard Microsystems
product 0x9514" rev 2.00/2.00 addr 2
smsc0 at uhub1 port 1 configuration 1 interface 0 "Standard Microsystems
SMSC9512/14" rev 2.00/2.00 addr 3
smsc0: address b8:27:eb:fd:e2:73
ukphy0 at smsc0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI
0x0001f0, model 0x000c
umass0 at uhub1 port 2 configuration 1 interface 0 "HP v222w" rev
2.00/11.00 addr 4
umass0: using SCSI over Bulk-Only
scsibus0 at umass0: 2 targets, initiator 0
sd0 at scsibus0 targ 1 lun 0:  SCSI2 0/direct removable
serial.03f03f40AA000444
sd0: 7680MB, 512 bytes/sector, 15728640 sectors
umass1 at uhub1 port 3 configuration 1 interface 0 "HP v222w" rev
2.00/11.00 addr 5
umass1: using SCSI over Bulk-Only
scsibus1 at umass1: 2 targets, initiator 0
sd1 at scsibus1 targ 1 lun 0:  SCSI2 0/direct removable
serial.03f03f40AA000708
sd1: 7680MB, 512 bytes/sector, 15728640 sectors
bootfile: sd0a:/bsd
boot device: sd0
root on rd0a swap on rd0b dump on rd0b
WARNING: CHECK AND RESET THE DATE!
---

Regards,

Kihaguru


support update

2018-08-21 Thread Kihaguru Gathura
0
C Kenya
P Nairobi
T Nairobi
Z P.O. Box 30164-00100
O Weenode
I
A Bishops Road
M e...@weenode.com
U
B +254 706970697
X
N Ultra-secure Enterprise Internet of Things (EIoT). Speciality in web
applications
development with OpenBSD-httpd web server, PostgreSQL DBMS, FastCGI
protocol
and C programming language on OpenBSD/ARM platforms.


3g/4g modem access from within chroot

2018-09-11 Thread Kihaguru Gathura
Hi,

I am able to send SMS using AT commands and C outside chroot using
code spinet below

---
#include 
#include 
#include 

#define MODEM_PATH "cu -l /dev/cuaU0 -s 115200"

int main()
{
 FILE *out;
 char s[40];

printf("Content-type: text/html\n\n");

snprintf(s, sizeof(s), "%s", MODEM_PATH);
~
~
~
~
~
~
return(0);
}


however, running the program from within chroot, I get the message

/dev/cuaU0 - No such file or directory

All files needed by cu are properly copied to chroot and cu works fine.

Question:

1: How do i get /dev/cuaU0 device accessible under chroot?

2: Is there a better i.e more secure approach to access modem from
within chroot?



httpd and cgi

2018-10-04 Thread Kihaguru Gathura
Hi,

For the following httpd setup, cgi scripts give a 403 Page not found
on browser. However after removing the line:

location "/*" {
authenticate "Staff Only" with "/htpasswds"
}

cgi scripts run fine but no authentication for document root of course.

Please explain the situation.



...
   # $OpenBSD: httpd.conf,v 1.18 2018/03/23 11:36:41 florian Exp $

server "xyz.co.ke" {
listen on * port 80
listen on :: port 80
location "/.well-known/acme-challenge/*" {
root "/acme"
root strip 2
}
location * {
block return 302 "https://$HTTP_HOST$REQUEST_URI";
}
}

server "xyz.co.ke" {
listen on * tls port 443
listen on :: tls port 443
hsts
tls {
certificate "/etc/ssl/xyz.co.ke.fullchain.pem"
key "/etc/ssl/private/xyz.co.ke.key"
}
location "/.well-known/acme-challenge/*" {
root "/acme"
root strip 2
}
root "/xyz.co.ke"
location "/*" {
authenticate "Staff Only" with "/htpasswds"
}

location "/public/*" {
directory auto index
}
location "/xyz/*" {
root "/"
fastcgi
authenticate "Staff Only" with "/htpasswds"
}
}
..

Thank you,

Regards

Kihaguru.



Re: httpd and cgi

2018-10-05 Thread Kihaguru Gathura
Thank you for that.

The code below authenticates for all folders and cgi scripts work well
as desired

Any comments on correctness?

..

# $OpenBSD: httpd.conf,v 1.18 2018/03/23 11:36:41 florian Exp $

server "xyz.co.ke" {
listen on * port 80
listen on :: port 80
location "/.well-known/acme-challenge/*" {
root "/acme"
root strip 2
}
location * {
block return 302 "https://$HTTP_HOST$REQUEST_URI";
}
}

server "xyz.co.ke" {
listen on * tls port 443
listen on :: tls port 443
hsts
tls {
certificate "/etc/ssl/xyz.co.ke.fullchain.pem"
key "/etc/ssl/private/xyz.co.ke.key"
}
location "/.well-known/acme-challenge/*" {
root "/acme"
root strip 2
}
authenticate "Staff Only" with "/htpasswds"
root "/xyz.co.ke"
location "/public/*" {
directory auto index
}
location "/xyz/*" {
root "/"
fastcgi
}
}
........

> On 10/5/18, trondd  wrote:
>> On Thu, October 4, 2018 12:54 pm, Kihaguru Gathura wrote:
>>> Hi,
>>>
>>> For the following httpd setup, cgi scripts give a 403 Page not found
>>> on browser. However after removing the line:
>>>
>>> location "/*" {
>>> authenticate "Staff Only" with "/htpasswds"
>>> }
>>>
>>> cgi scripts run fine but no authentication for document root of course.
>>>
>>> Please explain the situation.
>>>
>>>
>>>
>>> ...
>>># $OpenBSD: httpd.conf,v 1.18 2018/03/23 11:36:41 florian Exp $
>>>
>>> server "xyz.co.ke" {
>>> listen on * port 80
>>> listen on :: port 80
>>> location "/.well-known/acme-challenge/*" {
>>> root "/acme"
>>> root strip 2
>>> }
>>> location * {
>>> block return 302
>>> "https://$HTTP_HOST$REQUEST_URI";
>>> }
>>> }
>>>
>>> server "xyz.co.ke" {
>>> listen on * tls port 443
>>> listen on :: tls port 443
>>> hsts
>>> tls {
>>> certificate "/etc/ssl/xyz.co.ke.fullchain.pem"
>>> key "/etc/ssl/private/xyz.co.ke.key"
>>> }
>>> location "/.well-known/acme-challenge/*" {
>>> root "/acme"
>>> root strip 2
>>> }
>>> root "/xyz.co.ke"
>>> location "/*" {
>>> authenticate "Staff Only" with "/htpasswds"
>>> }
>>>
>>> location "/public/*" {
>>> directory auto index
>>> }
>>> location "/xyz/*" {
>>> root "/"
>>> fastcgi
>>> authenticate "Staff Only" with "/htpasswds"
>>> }
>>> }
>>> ..
>>>
>>> Thank you,
>>>
>>> Regards
>>>
>>> Kihaguru.
>>>
>>
>> Move the location "/*" block to the bottom of the server block after the
>> specific paths.
>>
>>
>> location path {...}
>> Specify server configuration rules for a specific location. The path
>> argument will be matched against the request path with shell globbing
>> rules. In case of multiple location statements in the same context,
>> the first matching location statement will be put into effect, while
>> all later ones will be ignored. Therefore it is advisable to match for
>> more specific paths first and for generic ones later on.
>>
>>
>



Libreoffice package missing in i386 tree

2018-10-21 Thread Kihaguru Gathura
Hi,

Is the LibreOffice package in the i386 tree expected for OpenBSD 6.4?
not listed the mirrors so far.

Kihaguru



performance of intel multithreading

2018-11-05 Thread Kihaguru Gathura
Hi,

>From a security standpoint, which platform will offer better performance
solution in web and database now that OpenBSD multithreading is switched
off for Intel?


(Fujitsu PRIMEPOWER 250 - Version F - 2 X SPARC64 V 1.98 GHz) or (Fujitsu
PRIMERGY RX300 S6 - 2 X Xeon 6 core 12 thread E5620 2.4 GHz)


Thanks,

Kihaguru


Re: performance of intel multithreading

2018-11-05 Thread Kihaguru Gathura
The PRIMERGY registers more cpu's a total of 24 when OpenBSD is installed

On Tuesday, November 6, 2018, Kihaguru Gathura  wrote:
> Hi,
>
> From a security standpoint, which platform will offer better performance
solution in web and database now that OpenBSD multithreading is switched
off for Intel?
>
>
> (Fujitsu PRIMEPOWER 250 - Version F - 2 X SPARC64 V 1.98 GHz) or (Fujitsu
PRIMERGY RX300 S6 - 2 X Xeon 6 core 12 thread E5620 2.4 GHz)
>
>
> Thanks,
>
> Kihaguru


Re: performance of intel multithreading

2018-11-07 Thread Kihaguru Gathura
Hi,


On Wednesday, November 7, 2018, Nick Holland 
wrote:
> On 11/05/18 23:51, Kihaguru Gathura wrote:
>> Hi,
>>
>> From a security standpoint,
>> which platform will offer better performance
>
> huh?  What's your priority, security or performance?
>

Security is the Priority.

> If you have one and no budget to buy something ...um... modern, use it.

I have the PrimePower 250

> UltraSPARC will probably give them a bigger surprise.

Please explain further if possible.

But if you are
> running web services, you are probably running apps written by someone
> without any idea what they are doing in an interpreted language like
> PHP, and the exact same exploits will take out either platform, because
> the exploits will be at a much higher level than the processor.

Self written services in C language.


Thanks,

Kihaguru.


CPU usage of httpd+slowcgi

2020-07-24 Thread Kihaguru Gathura
Hi,

Which of the following legacy CPU types is best suited for very busy web
server httpd+slowcgi

Niagara CPU Such as T2 - More parallel Threads and Low power per single
thread
Sparc64 CPU such as VI, VII - Fewer threads but more computing power per
thread.

How is multithreading utilization of httpd+slowcgi like?

Kind regards,

Kihaguru.


Re: CPU usage of httpd+slowcgi

2020-08-16 Thread Kihaguru Gathura
Hi,

It depends on the workload. I'd have thought for most things the max
> really usable at the moment is probably somewhere in the region of 4-8
> cpu cores before kernel locking gets in the way too much.
>
> FWIW sparc64 ports builds are now done on T4 and they're really fast.
> I think (but am not 100% sure) that this is carved into ldoms so the
> number of cores visible to each OpenBSD instance is limited (so
> contention between cores in the kernel is also limited).
>
>
Up to how many cores will it be guaranteed that kernel locking 'will not
get too much in the way' for hardware running a single instance of OpenBSD
under heavy workload?

Kind Regards,

Kihaguru.


Re: CPU usage of httpd+slowcgi

2020-08-17 Thread Kihaguru Gathura
Hi Alceu,

The Web applications in C, httpd+slowcgi+libpq are quite fast for very
heavy database querying.

Older dual core machines have limited memory up to 16 or 32 GB and moving
to newer machines like a T2000 or T4-1 is advantageous in the respect of
better memory capacity.

On the flip side, these newer machines have eight cores or more. The fewer
the better in this respect due to kernel locking considerations as advised.

What are reliable SPARC hardware alternatives to T4-1 that offer higher
memory capacity with fewer cores and low power consumption.

Kind regards.

Kihaguru



On Wednesday, July 29, 2020, Alceu Rodrigues de Freitas Junior <
glasswal...@yahoo.com.br> wrote:
> Hi Kihaguru,
>
> Oh, well, didn't see anybody asking, so... why are you guys still using
> a CGI if so much processing power is required?
>
> Basically anything will perform better nowadays, so unless the code is
> really complicated, you're looking for a solution at the wrong place.
>
> Em 27/07/2020 14:52, Jordan Geoghegan escreveu:
>>
>>
>> On 2020-07-24 03:16, Kihaguru Gathura wrote:
>>> Hi,
>>>
>>> Which of the following legacy CPU types is best suited for very busy web
>>> server httpd+slowcgi
>>>
>>> Niagara CPU Such as T2 - More parallel Threads and Low power per single
>>> thread
>>> Sparc64 CPU such as VI, VII - Fewer threads but more computing power per
>>> thread.
>>>
>>> How is multithreading utilization of httpd+slowcgi like?
>>>
>>> Kind regards,
>>>
>>> Kihaguru.
>>
>> Hi  Kihaguru,
>>
>> As with any computer, newer tends to be better with Moore's Law and all
>> that. On sparc64 most of the logical cores that are shown are really
>> just SMT pretending to be a bunch of cores. I have one machine that
>> claims 128 cores, but in reality, its just 16 cores with 8-way SMT.
>> sparc64 isn't renowned for its single core execution speed, so the
>> faster the better in that regard.
>>
>> In my experience with running OpenBSD on sparc64, the kernel biglock or
>> crypto became a bottleneck before other things did. (I've used T3 and T4
>> machines fairly extensively with OpenBSD). I've found that disk
>> activity, networking and/or TLS would bottleneck before httpd became a
>> bottleneck when I was running sparc64 web servers in production. If you
>> are running very heavy scripts/programs with slowcgi, then you're
>> results may be different.
>>
>> Things have likely improved dramatically in the past year or two with
>> all the work done on removing the biglock, but the moral of the story
>> remains, fewer, faster cores are likely to produce superior performance
>> to numerous low power cores.
>>
>> Regards,
>>
>> Jordan
>>
>
>


FireFox Browser 'Open File' error

2020-08-21 Thread Kihaguru Gathura
Hi,

Firefox fails to list files at 'File Open' with error message:

(firefox:89328): dconf-WARNING **: 09:12:15.835: failed to commit changes
to dconf: The given address is empty

Please advise

Regards,

Kihaguru.


#
OpenBSD 6.7 (GENERIC.MP) #169: Thu May  7 11:37:15 MDT 2020
dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
real mem  = 2137341952 (2038MB)
avail mem = 2082598912 (1986MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: date 04/30/07, BIOS32 rev. 0 @ 0xfd6b0, SMBIOS rev. 2.4
@ 0xe0010 (68 entries)
bios0: vendor LENOVO version "79ETD3WW (2.13 )" date 04/30/2007
bios0: LENOVO 195143U
acpi0 at bios0: ACPI 3.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET SLIC BOOT SSDT SSDT
SSDT SSDT
acpi0: wakeup devices LID_(S3) SLPB(S3) EXP0(S4) EXP1(S4) EXP2(S4) EXP3(S4)
PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB7(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiec0 at acpi0
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Genuine Intel(R) CPU T2400 @ 1.83GHz ("GenuineIntel" 686-class) 1.83
GHz, 06-0e-08
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,MWAIT,VMX,EST,TM2,xTPR,PDCM,NXE,PERF,SENSOR,MELTDOWN
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 166MHz
cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Genuine Intel(R) CPU T2400 @ 1.83GHz ("GenuineIntel" 686-class) 1.83
GHz, 06-0e-08
cpu1:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,MWAIT,VMX,EST,TM2,xTPR,PDCM,NXE,PERF,SENSOR,MELTDOWN
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins, remapped
acpimcfg0 at acpi0
acpimcfg0: addr 0xf000, bus 0-63
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (AGP_)
acpiprt2 at acpi0: bus 2 (EXP0)
acpiprt3 at acpi0: bus 3 (EXP1)
acpiprt4 at acpi0: bus 4 (EXP2)
acpiprt5 at acpi0: bus 12 (EXP3)
acpiprt6 at acpi0: bus 21 (PCI1)
acpicpu0 at acpi0: !C3(250@17 io@0x1015), !C2(500@1 io@0x1014), C1(1000@1
halt), PSS
acpicpu1 at acpi0: !C3(250@17 io@0x1015), !C2(500@1 io@0x1014), C1(1000@1
halt), PSS
acpipwrres0 at acpi0: PUBS, resource for USB0, USB2, USB7
acpitz0 at acpi0: critical temperature is 127 degC
acpitz1 at acpi0: critical temperature is 99 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
"PNP0A08" at acpi0 not configured
acpicmos0 at acpi0
"IBM0071" at acpi0 not configured
"ATM1200" at acpi0 not configured
acpibat0 at acpi0: BAT0 model "COMPATIBLE" serial44 type LION oem
"SANYO"
acpiac0 at acpi0: AC unit online
acpithinkpad0 at acpi0: version 1.0
acpidock0 at acpi0: GDCK not docked (0)
acpivideo0 at acpi0: VID_
acpivout0 at acpivideo0: LCD0
acpivideo1 at acpi0: VID_
bios0: ROM list: 0xc/0xea00! 0xcf000/0x1000 0xd/0x1000
0xdc000/0x4000! 0xe/0x1!
cpu0: Enhanced SpeedStep 1829 MHz: speeds: 1833, 1333, 1000 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 "Intel 82945GM Host" rev 0x03
inteldrm0 at pci0 dev 2 function 0 "Intel 82945GM Video" rev 0x03
drm0 at inteldrm0
intagp0 at inteldrm0
agp0 at intagp0: aperture at 0xd000, size 0x1000
inteldrm0: apic 1 int 16, I945GM, gen 3
"Intel 82945GM Video" rev 0x03 at pci0 dev 2 function 1 not configured
azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: msi
azalia0: codecs: Analog Devices AD1981HD, Conexant/0x2bfa, using Analog
Devices AD1981HD
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02: apic 1 int 20
pci1 at ppb0 bus 2
em0 at pci1 dev 0 function 0 "Intel 82573L" rev 0x00: msi, address
00:15:58:c4:f6:49
ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02: apic 1 int 21
pci2 at ppb1 bus 3
wpi0 at pci2 dev 0 function 0 "Intel PRO/Wireless 3945ABG" rev 0x02: msi,
MoW1, address 00:1b:77:4f:64:5f
ppb2 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x02: apic 1 int 22
pci3 at ppb2 bus 4
ppb3 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x02: apic 1 int 23
pci4 at ppb3 bus 12
uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x02: apic 1 int 16
uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x02: apic 1 int 17
uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x02: apic 1 int 18
uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x02: apic 1 int 19
ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x02: apic 1 int 19
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev
2.00/1.00 addr 1
ppb4 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xe2
pci5 at ppb4 bus 21
cbb0 at pci5 dev 0 function 0 "TI PCI1510 CardBus" rev 0x00: apic 1 int 16
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 22 device 0 cachel

Fwd: No WAF detected - Solved

2020-08-23 Thread Kihaguru Gathura
Hi,

The following template has previously worked as far as WAF detection is
concerned. However accessors keep updating their tools, this configuration
is no longer effective.

Anyone using relayd as WAF? What sort of configuration options do you have?

Kind regards,

Kihaguru.



---
# $OpenBSD: relayd.conf,v 1.5 2018/05/06 20:56:55 benno Exp $
#
# Relay and protocol
#
http protocol httpp {
pass request quick method "GET"
block
}

relay httpr {
# Listen on localhost, accept diverted connections from pf(4)
listen on 127.0.0.1 port 8080
protocol httpp

# Forward to the original target host
forward to destination
}

http protocol httpsp {
match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
match request header append "X-Forwarded-By" \
value "$SERVER_ADDR:$SERVER_PORT"
match response header remove "Server"

pass request quick url file "/etc/mydomain-url.txt"
pass request quick path file "/etc/mydomain-path.txt"
pass request quick method "GET"
block

tls keypair mydomain.com
}

relay httpsr {
# Listen on localhost, accept diverted connections from pf(4)
listen on 127.0.0.1 port 8443 tls
protocol httpsp

# Forward to the original target host
forward with tls to destination
}
----
-- Forwarded message -
From: Kihaguru Gathura 
Date: Fri, Dec 27, 2019 at 10:40 PM
Subject: Re: No WAF detected - Solved
To: Kihaguru Gathura , misc 


Hi,

WAF is detected when certain methods are filtered in relayd.

Thanks,

Kihaguru.




On Monday, December 9, 2019, Kihaguru Gathura  wrote:
>
>
> Hi,
> A message form assessors and further tests below.
>
>

>
>
> I have configured relayd to serve a single url that accepts no
parameters. This url is blocked by relayd with error 403 Forbidden if
anything is appended to its end.
> I would expect WAF detection in such a test case but this has not
happened.
> what other means are malicious payloads being delivered in this case?
>
> Thanks and regards,
> Kihaguru
>
>
>

>
> # $OpenBSD: relayd.conf,v 1.5 2018/05/06 20:56:55 benno Exp $
> #
> # Relay and protocol
> #
> http protocol httpp {
> return error
> match response header remove "Server"
>
> pass
> block quick path "/cgi-bin/index.cgi" value "*command=*"
> pass quick path "/net/index.html" value ""
> block
> }
>
> relay httpr {
> # Listen on localhost, accept diverted connections from
pf(4)
> listen on 127.0.0.1 port 8080
> protocol httpp
>
> # Forward to the original target host
> forward to destination
> }
>
> http protocol httpsp {
> return error
> match response header remove "Server"
>
> pass
> block quick path "/cgi-bin/index.cgi" value "*command=*"
> pass quick path "/net/index.html" value ""
> block
>
> tls keypair example.net
>  }
>
> relay httpsr {
> # Listen on localhost, accept diverted connections from
pf(4)
> listen on 127.0.0.1 port 8443 tls
>     protocol httpsp
>
> # Forward to the original target host
> forward with tls to destination
> }
>
---
>
> On Thu, Dec 5, 2019 at 2:11 PM Stuart Henderson 
wrote:
>>
>> On 2019/12/05 00:17, Kihaguru Gathura wrote:
>> >
>> >
>> >
>> > On Wed, Dec 4, 2019 at 11:58 PM Kihaguru Gathura 
wrote:
>> >
>> >
>> >
>> > >> Which is a better way to implement a WAF on OpenBSD using
the base utilities?
>> > >
>> > > relayd configured in certain ways might be considered as a
WAF.
>> >
>> >
>> > All methods and all other security headers and path filters are
coded in the web
>> > application which had always been detected as a custom WAF until
two weeks ago.
>> >
>> > I have now included relayd and a re-test passes all other
requirements but does not detect
>> > a WAF (please find sample configurations and test report below).
>> >
>> > Any hint highly appreciated
>>
>> I think you will need to talk to your assessors and ask what they're
looking for.
>>
>


Re: FireFox Browser 'Open File' error

2020-08-25 Thread Kihaguru Gathura
Hi,

I have tested on a 64 bit version of the same ThinkPad T60 and error is
consistent..

However Firefox opens files from any folder as root on these same machines
running OpenBSD 6.5.

Kind regards,

Kihaguru.




On Sat, Aug 22, 2020 at 9:34 AM Kihaguru Gathura  wrote:

> Hi,
>
> Firefox fails to list files at 'File Open' with error message:
>
> (firefox:89328): dconf-WARNING **: 09:12:15.835: failed to commit changes
> to dconf: The given address is empty
>
> Please advise
>
> Regards,
>
> Kihaguru.
>
>
> #
> OpenBSD 6.7 (GENERIC.MP) #169: Thu May  7 11:37:15 MDT 2020
> dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
> real mem  = 2137341952 (2038MB)
> avail mem = 2082598912 (1986MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: date 04/30/07, BIOS32 rev. 0 @ 0xfd6b0, SMBIOS rev. 2.4
> @ 0xe0010 (68 entries)
> bios0: vendor LENOVO version "79ETD3WW (2.13 )" date 04/30/2007
> bios0: LENOVO 195143U
> acpi0 at bios0: ACPI 3.0
> acpi0: sleep states S0 S3 S4 S5
> acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET SLIC BOOT SSDT SSDT
> SSDT SSDT
> acpi0: wakeup devices LID_(S3) SLPB(S3) EXP0(S4) EXP1(S4) EXP2(S4)
> EXP3(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB7(S3) HDEF(S4)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpiec0 at acpi0
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Genuine Intel(R) CPU T2400 @ 1.83GHz ("GenuineIntel" 686-class) 1.83
> GHz, 06-0e-08
> cpu0:
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,MWAIT,VMX,EST,TM2,xTPR,PDCM,NXE,PERF,SENSOR,MELTDOWN
> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
> cpu0: apic clock running at 166MHz
> cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2, IBE
> cpu1 at mainbus0: apid 1 (application processor)
> cpu1: Genuine Intel(R) CPU T2400 @ 1.83GHz ("GenuineIntel" 686-class) 1.83
> GHz, 06-0e-08
> cpu1:
> FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,MWAIT,VMX,EST,TM2,xTPR,PDCM,NXE,PERF,SENSOR,MELTDOWN
> ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins, remapped
> acpimcfg0 at acpi0
> acpimcfg0: addr 0xf000, bus 0-63
> acpihpet0 at acpi0: 14318179 Hz
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus -1 (AGP_)
> acpiprt2 at acpi0: bus 2 (EXP0)
> acpiprt3 at acpi0: bus 3 (EXP1)
> acpiprt4 at acpi0: bus 4 (EXP2)
> acpiprt5 at acpi0: bus 12 (EXP3)
> acpiprt6 at acpi0: bus 21 (PCI1)
> acpicpu0 at acpi0: !C3(250@17 io@0x1015), !C2(500@1 io@0x1014), C1(1000@1
> halt), PSS
> acpicpu1 at acpi0: !C3(250@17 io@0x1015), !C2(500@1 io@0x1014), C1(1000@1
> halt), PSS
> acpipwrres0 at acpi0: PUBS, resource for USB0, USB2, USB7
> acpitz0 at acpi0: critical temperature is 127 degC
> acpitz1 at acpi0: critical temperature is 99 degC
> acpibtn0 at acpi0: LID_
> acpibtn1 at acpi0: SLPB
> "PNP0A08" at acpi0 not configured
> acpicmos0 at acpi0
> "IBM0071" at acpi0 not configured
> "ATM1200" at acpi0 not configured
> acpibat0 at acpi0: BAT0 model "COMPATIBLE" serial44 type LION oem
> "SANYO"
> acpiac0 at acpi0: AC unit online
> acpithinkpad0 at acpi0: version 1.0
> acpidock0 at acpi0: GDCK not docked (0)
> acpivideo0 at acpi0: VID_
> acpivout0 at acpivideo0: LCD0
> acpivideo1 at acpi0: VID_
> bios0: ROM list: 0xc/0xea00! 0xcf000/0x1000 0xd/0x1000
> 0xdc000/0x4000! 0xe/0x1!
> cpu0: Enhanced SpeedStep 1829 MHz: speeds: 1833, 1333, 1000 MHz
> pci0 at mainbus0 bus 0: configuration mode 1 (bios)
> pchb0 at pci0 dev 0 function 0 "Intel 82945GM Host" rev 0x03
> inteldrm0 at pci0 dev 2 function 0 "Intel 82945GM Video" rev 0x03
> drm0 at inteldrm0
> intagp0 at inteldrm0
> agp0 at intagp0: aperture at 0xd000, size 0x1000
> inteldrm0: apic 1 int 16, I945GM, gen 3
> "Intel 82945GM Video" rev 0x03 at pci0 dev 2 function 1 not configured
> azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: msi
> azalia0: codecs: Analog Devices AD1981HD, Conexant/0x2bfa, using Analog
> Devices AD1981HD
> audio0 at azalia0
> ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02: apic 1 int 20
> pci1 at ppb0 bus 2
> em0 at pci1 dev 0 function 0 "Intel 82573L" rev 0x00: msi, address
> 00:15:58:c4:f6:49
> ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02: apic 1 int 21
> pci2 at ppb1 bus 3
> wpi0 at pci2 dev 0 function 0 "Intel PRO/Wireless 3945ABG" rev 0x02: msi,
> MoW1,

Re: FireFox Browser 'Open File' error

2020-08-25 Thread Kihaguru Gathura
Thank you for suggestions on unveil. Very helpful.

Caution on running browser as root well received.

Thanks and regards,

Kihaguru.

On Tue, Aug 25, 2020 at 9:37 PM Stuart Henderson 
wrote:

> On 2020-08-25, Kihaguru Gathura  wrote:
> > Hi,
> >
> > I have tested on a 64 bit version of the same ThinkPad T60 and error is
> > consistent..
>
> See /usr/local/share/doc/pkg-readmes/firefox about unveil
>
> > However Firefox opens files from any folder as root on these same
> machines
> > running OpenBSD 6.5.
>
> Running any browser as root is not really a smart move
>
>


WAF using OpenBSD relayd

2020-08-28 Thread Kihaguru Gathura
Hi,

The subject to the previous email below read 'solved'. this was by error.
this has not been solved.

Any assistance is highly appreciated.

Kind regards,

Kihaguru.




-- Forwarded message ------
From: Kihaguru Gathura 
Date: Sunday, August 23, 2020
Subject: Re: No WAF detected - Solved
To: misc 


Hi,
The following template has previously worked as far as WAF detection is
concerned. However accessors keep updating their tools, this configuration
is no longer effective.
Anyone using relayd as WAF? What sort of configuration options do you have?
Kind regards,
Kihaguru.

---
# $OpenBSD: relayd.conf,v 1.5 2018/05/06 20:56:55 benno Exp $
#
# Relay and protocol
#
http protocol httpp {
pass request quick method "GET"
block
}

relay httpr {
# Listen on localhost, accept diverted connections from pf(4)
listen on 127.0.0.1 port 8080
protocol httpp

# Forward to the original target host
forward to destination
}

http protocol httpsp {
match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
match request header append "X-Forwarded-By" \
value "$SERVER_ADDR:$SERVER_PORT"
match response header remove "Server"
pass request quick url file "/etc/mydomain-url.txt"
pass request quick path file "/etc/mydomain-path.txt"
pass request quick method "GET"
block

tls keypair mydomain.com
}

relay httpsr {
# Listen on localhost, accept diverted connections from pf(4)
listen on 127.0.0.1 port 8443 tls
protocol httpsp

# Forward to the original target host
forward with tls to destination
}
--------
-- Forwarded message -
From: Kihaguru Gathura 
Date: Fri, Dec 27, 2019 at 10:40 PM
Subject: Re: No WAF detected - Solved
To: Kihaguru Gathura , misc 


Hi,

WAF is detected when certain methods are filtered in relayd.

Thanks,

Kihaguru.




On Monday, December 9, 2019, Kihaguru Gathura  wrote:
>
>
> Hi,
> A message form assessors and further tests below.
>
>

>
>
> I have configured relayd to serve a single url that accepts no
parameters. This url is blocked by relayd with error 403 Forbidden if
anything is appended to its end.
> I would expect WAF detection in such a test case but this has not
happened.
> what other means are malicious payloads being delivered in this case?
>
> Thanks and regards,
> Kihaguru
>
>
>

>
> # $OpenBSD: relayd.conf,v 1.5 2018/05/06 20:56:55 benno Exp $
> #
> # Relay and protocol
> #
> http protocol httpp {
> return error
> match response header remove "Server"
>
> pass
> block quick path "/cgi-bin/index.cgi" value "*command=*"
> pass quick path "/net/index.html" value ""
> block
> }
>
> relay httpr {
> # Listen on localhost, accept diverted connections from
pf(4)
> listen on 127.0.0.1 port 8080
> protocol httpp
>
> # Forward to the original target host
> forward to destination
> }
>
> http protocol httpsp {
> return error
> match response header remove "Server"
>
> pass
> block quick path "/cgi-bin/index.cgi" value "*command=*"
> pass quick path "/net/index.html" value ""
> block
>
> tls keypair example.net
>  }
>
> relay httpsr {
> # Listen on localhost, accept diverted connections from
pf(4)
> listen on 127.0.0.1 port 8443 tls
>         protocol httpsp
>
> # Forward to the original target host
> forward with tls to destination
> }
>
---
>
> On Thu, Dec 5, 2019 at 2:11 PM Stuart Henderson 
wrote:
>>
>> On 2019/12/05 00:17, Kihaguru Gathura wrote:
>> >
>> >
>> >
>> > On Wed, Dec 4, 2019 at 11:58 PM Kihaguru Gathura 
wrote:
>> >
>> >
>> >
>> > >>

Primepower 250 vs Sunfire v215

2020-09-19 Thread Kihaguru Gathura
Hi,

For those who have experience with older Sparc machines, Which hardware
offers better reliability/stability?

Fujitsu Primepower 250 or Sun fire V215.

Kind regards

Kihaguru.


Re: Primepower 250 vs Sunfire v215

2020-09-20 Thread Kihaguru Gathura
> The Primepower is bigger and needs more power but if you find a box with
> good CPUs and memory it should run faster than a V215

How did the performance of the PrimePower 250 SCSI drives compare to Sun
Fire V215 SAS drives?

Thanks and regards,

Kihaguru


Re: Primepower 250 vs Sunfire v215

2020-09-24 Thread Kihaguru Gathura
Hi Claudio,

Based on your experience, which is the go to make for NVME Drive?

Do you have experience with the Oracle 3.2TB NVMe PCIE 3.0 Solid State
Drive with the V215?

Kind regards,

Kihaguru.


On Sunday, September 20, 2020, Claudio Jeker 
wrote:
> On Sun, Sep 20, 2020 at 08:00:45PM +0300, Kihaguru Gathura wrote:
>> > The Primepower is bigger and needs more power but if you find a box
with
>> > good CPUs and memory it should run faster than a V215
>>
>> How did the performance of the PrimePower 250 SCSI drives compare to Sun
>> Fire V215 SAS drives?
>
> Any spinning rust is slow compared to SSD disks. I run my Fire V215 with a
> NVME disk for the busy partitions (but boot from the SAS drives). This is
> not really possible with the primepower 250 (hard to find any kind of SSD
> for that system).
>
> --
> :wq Claudio
>


Primepower 250 vs Sunfire v215

2020-09-25 Thread Kihaguru Gathura
Hi Theo,

Thanks,

This would have gotten me broke.

Just looked at the price tags. unbelievable!

Regards,

Kihaguru.

On Thursday, September 24, 2020, Theo de Raadt  wrote:
> Kihaguru Gathura  wrote:
>
>> Do you have experience with the Oracle 3.2TB NVMe PCIE 3.0 Solid State
>> Drive with the V215?
>
> Wow, you have a thick wallet.  Use a regular laptop NVME + adapter card
> for PCIE and find somewhere else to spend the money.
>


Re: WAF using OpenBSD relayd

2020-10-12 Thread Kihaguru Gathura
Hi all,

Any links to a basic WAF rule set that may be implemented with relayd is
highly appreciated.

The assessor will not give any details. Their suggestion on moving over to
modsecurity is a rather generic approach to solving a problem, and a
pathway to dependency...not interesting.


[image: image.png]
Kind regards,

Kihaguru.

On Sat, Aug 29, 2020 at 3:07 PM Stuart Henderson 
wrote:

> On 2020-08-28, Kihaguru Gathura  wrote:
> > Hi,
> >
> > The subject to the previous email below read 'solved'. this was by error.
> > this has not been solved.
> >
> > Any assistance is highly appreciated.
>
> I think you will need to talk to your assessors and ask what they're
>
> looking for.
>
>
>


Support Update

2019-07-19 Thread Kihaguru Gathura
0
C Kenya
P
T Nairobi
Z P.O. Box 30164-00100
O Data Store Kenya
I   Kihaguru Njenga Gathura
A Bishops Road
M i...@pqscript.com
U
B +254 7 0697 0697
X
N OpenBSD consulting. Speciality in web applications
development with OpenBSD-httpd web server, PostgreSQL DBMS, FastCGI
protocol and C programming language.



Unable to boot sparc from raid drive installation:Open ..... Invalid argument

2019-09-02 Thread Kihaguru Gathura
Hi,

Unable to boot with the following message

open /pci@83,4000/FJSV,ulsa@2,1/disk@0,0:a/etc/random.seed: Invalid argument
open /pci@83,4000/FJSV,ulsa@2,1/disk@0,0:a/bsd: Invalid argument

 Not sure the issue with softraid setup detailed below. Any assistance
highly appreciated.

Thanks and regards,

Kihaguru.


{0} ok boot cdrom
Resetting ...

Sep 02 08:57:03 GMT 2019 XSCF:I::[02030100] Start reset sequence
Sep 02 08:57:04 GMT 2019 XSCF:I::[02030200] Reset released...

Sep 02 08:57:07 GMT 2019 PowerOn SelfTest start
POST:Testing Flash/SRAM
POST:Testing SC
POST:Testing XSCF
POST:Banner
POST:FATAL check
POST:Testing Timer1
POST:Testing Tick
POST:Testing MMU
POST:Testing CPU Type
POST:Testing DTAG
POST:Memory Probe
POST:Testing Memory
POST:Testing Softint
POST:Testing U2P
POST:Testing Slave Device
POST:Testing Master Device
POST:System Configure
POST:OBP Start
screen not found.
keyboard not found.
Keyboard not present.  Using ttya for input and output.

Fujitsu Siemens PRIMEPOWER250 2x SPARC64 V, No Keyboard
OpenBoot 3.18.1-1, 16384 MB memory installed
Ethernet address 0:b:5d:f3:a7:5c, Host ID: 80f2a75c.
XSCF Version: 4.12.1



Executing last command: boot cdrom
Boot device: /pci@83,4000/ide@d/cdrom@0,0:f  File and args:
OpenBSD IEEE 1275 Bootblock 1.4
..>> OpenBSD BOOT 1.12
Trying bsd...
open /pci@83,4000/ide@d/cdrom@0,0:f/etc/random.seed: No such file or
directory
Booting /pci@83,4000/ide@d/cdrom@0,0:f/bsd
4145224@0x100+8120@0x13f4048+3255632@0x1c0+938672@0x1f1ad50
symbols @ 0xfeae4340 139 start=0x100
console is /pci@83,4000/isa@7/su@0,3f8
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2019 OpenBSD. All rights reserved.
https://www.OpenBSD.org

OpenBSD 6.5 (RAMDISK) #156: Sun Apr 14 05:14:17 MDT 2019
dera...@sparc64.openbsd.org:/usr/src/sys/arch/sparc64/compile/RAMDISK
real mem = 17179869184 (16384MB)
avail mem = 16869081088 (16087MB)
mainbus0 at root: Fujitsu Siemens PRIMEPOWER250 2x SPARC64 V
cpu0 at mainbus0: FJSV,SPARC64-V (rev 5.1) @ 1979 MHz
cpu0: physical 128K instruction (64 b/l), 128K data (64 b/l), 3072K
external (64 b/l)
"FJSV,SPARC64-V" at mainbus0 not configured
psycho0 at mainbus0 addr 0xfffb2000: SUNW,psycho, impl 0, version 4, ign c0
psycho0: bus range 0-0, PCI bus 0
psycho0: dvma map fe00-, STC0 enabled
pci0 at psycho0
ebus0 at pci0 dev 1 function 0 "Sun PCIO EBus2" rev 0x01
"FJSV,scfc" at ebus0 addr 21-210085, 22-220031, 26-260001,
27-28 ivec 0x23 not configured
"FJSV,flashprom" at ebus0 addr 0-3f not configured
clock1 at ebus0 addr 25-251fff: mk48t59
"FJSV,panel" at ebus0 addr 210011-210011 ivec 0x25 not configured
ebus1 at pci0 dev 7 function 0 "Acer Labs M1533 ISA" rev 0x00
com0 at ebus1 addr 3f8-3ff ivec 0x2b: ns16550a, 16 byte fifo
com0: console
com1 at ebus1 addr 2e8-2ef ivec 0x2b: ns16550a, 16 byte fifo
hme0 at pci0 dev 1 function 1 "Sun HME" rev 0x01: ivec 0xe1, address
00:0b:5d:f3:a7:5c
nsphyter0 at hme0 phy 1: DP83843 10/100 PHY, rev. 0
mpi0 at pci0 dev 2 function 1 "Symbios Logic 53c1030" rev 0x07: ivec 0xe0
mpi0: 0, firmware 1.0.12.0
scsibus0 at mpi0: 16 targets, initiator 7
sd0 at scsibus0 targ 0 lun 0:  SCSI2
0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00RAR_AAN0P5200RAR
sd0: 70007MB, 512 bytes/sector, 143374738 sectors
sd1 at scsibus0 targ 1 lun 0:  SCSI2
0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00SSL_AAN0P5200SSL
sd1: 70007MB, 512 bytes/sector, 143374738 sectors
mpi0: target 0 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1
mpi0: target 1 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1
pciide0 at pci0 dev 13 function 0 "Acer Labs M5229 UDMA IDE" rev 0xc4: DMA,
channel 0 configured to native-PCI, channel 1 configured to native-PCI
pciide0: using ivec 0xe4 for native-PCI interrupt
atapiscsi0 at pciide0 channel 0 drive 0
scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0:  ATAPI
5/cdrom removable
cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 disabled (no drives)
ohci0 at pci0 dev 10 function 0 "Acer Labs M5237 USB" rev 0x03: ivec 0xe9,
version 1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0 configuration 1 interface 0 "Acer Labs OHCI root hub" rev
1.00/1.00 addr 1
psycho1 at mainbus0 addr 0xfff9e000: SUNW,psycho, impl 0, version 4, ign c0
psycho1: bus range 128-128, PCI bus 128
psycho1: dvma map fe00-, STC0 enabled, STC1 enabled
pci1 at psycho1
bge0 at pci1 dev 1 function 0 "Fujitsu PRIMEPOWER250/450 LAN" rev 0x02,
BCM5702/5703 A2 (0x1002): ivec 0xc0, address 00:0b:5d:f4:27:5c
brgphy0 at bge0 phy 1: BCM5703 10/100/1000baseT PHY, rev. 2
timer0 at mainbus0 addr 0xfff8bc00 ivec 0xec, 0xed
softraid0 at root
scsibus2 at softraid0: 256 targets
bootpath: /pci@83,4000/ide@d,0/cdrom@0,0:f
root on rd0a swap on rd0b dump on rd0b
erase ^?, werase ^W, kill ^U, intr ^C, status ^T

Welcome to the OpenBSD/sparc64 6.5 installation program.
(I)nstal

Re: Unable to boot sparc from raid drive installation:Open ..... Invalid argument

2019-09-02 Thread Kihaguru Gathura
Thank you,

Works well

Regards,

Kihaguru

On Mon, Sep 2, 2019 at 6:07 PM Otto Moerbeek  wrote:

> On Mon, Sep 02, 2019 at 05:32:53PM +0300, Kihaguru Gathura wrote:
>
> > Hi,
> >
> > Unable to boot with the following message
> >
> > open /pci@83,4000/FJSV,ulsa@2,1/disk@0,0:a/etc/random.seed: Invalid
> argument
> > open /pci@83,4000/FJSV,ulsa@2,1/disk@0,0:a/bsd: Invalid argument
> >
> >  Not sure the issue with softraid setup detailed below. Any assistance
> > highly appreciated.
> >
> > Thanks and regards,
>
> Did you setup boot-file?
>
> Try
>
> boot sr0a:/bsd
>
> On the OpenBSD boot loader prompt.
>
> If that works you should setup boot-file as described in
>
> See http://man.openbsd.org/man8/sparc64/boot_sparc64.8
>
> -Otto
>
> >
> > Kihaguru.
> >
> >
> > {0} ok boot cdrom
> > Resetting ...
> >
> > Sep 02 08:57:03 GMT 2019 XSCF:I::[02030100] Start reset sequence
> > Sep 02 08:57:04 GMT 2019 XSCF:I::[02030200] Reset released...
> >
> > Sep 02 08:57:07 GMT 2019 PowerOn SelfTest start
> > POST:Testing Flash/SRAM
> > POST:Testing SC
> > POST:Testing XSCF
> > POST:Banner
> > POST:FATAL check
> > POST:Testing Timer1
> > POST:Testing Tick
> > POST:Testing MMU
> > POST:Testing CPU Type
> > POST:Testing DTAG
> > POST:Memory Probe
> > POST:Testing Memory
> > POST:Testing Softint
> > POST:Testing U2P
> > POST:Testing Slave Device
> > POST:Testing Master Device
> > POST:System Configure
> > POST:OBP Start
> > screen not found.
> > keyboard not found.
> > Keyboard not present.  Using ttya for input and output.
> >
> > Fujitsu Siemens PRIMEPOWER250 2x SPARC64 V, No Keyboard
> > OpenBoot 3.18.1-1, 16384 MB memory installed
> > Ethernet address 0:b:5d:f3:a7:5c, Host ID: 80f2a75c.
> > XSCF Version: 4.12.1
> >
> >
> >
> > Executing last command: boot cdrom
> > Boot device: /pci@83,4000/ide@d/cdrom@0,0:f  File and args:
> > OpenBSD IEEE 1275 Bootblock 1.4
> > ..>> OpenBSD BOOT 1.12
> > Trying bsd...
> > open /pci@83,4000/ide@d/cdrom@0,0:f/etc/random.seed: No such file or
> > directory
> > Booting /pci@83,4000/ide@d/cdrom@0,0:f/bsd
> > 4145224@0x100+8120@0x13f4048+3255632@0x1c0+938672@0x1f1ad50
> > symbols @ 0xfeae4340 139 start=0x100
> > console is /pci@83,4000/isa@7/su@0,3f8
> > Copyright (c) 1982, 1986, 1989, 1991, 1993
> > The Regents of the University of California.  All rights
> reserved.
> > Copyright (c) 1995-2019 OpenBSD. All rights reserved.
> > https://www.OpenBSD.org
> >
> > OpenBSD 6.5 (RAMDISK) #156: Sun Apr 14 05:14:17 MDT 2019
> > dera...@sparc64.openbsd.org:
> /usr/src/sys/arch/sparc64/compile/RAMDISK
> > real mem = 17179869184 (16384MB)
> > avail mem = 16869081088 (16087MB)
> > mainbus0 at root: Fujitsu Siemens PRIMEPOWER250 2x SPARC64 V
> > cpu0 at mainbus0: FJSV,SPARC64-V (rev 5.1) @ 1979 MHz
> > cpu0: physical 128K instruction (64 b/l), 128K data (64 b/l), 3072K
> > external (64 b/l)
> > "FJSV,SPARC64-V" at mainbus0 not configured
> > psycho0 at mainbus0 addr 0xfffb2000: SUNW,psycho, impl 0, version 4, ign
> c0
> > psycho0: bus range 0-0, PCI bus 0
> > psycho0: dvma map fe00-, STC0 enabled
> > pci0 at psycho0
> > ebus0 at pci0 dev 1 function 0 "Sun PCIO EBus2" rev 0x01
> > "FJSV,scfc" at ebus0 addr 21-210085, 22-220031, 26-260001,
> > 27-28 ivec 0x23 not configured
> > "FJSV,flashprom" at ebus0 addr 0-3f not configured
> > clock1 at ebus0 addr 25-251fff: mk48t59
> > "FJSV,panel" at ebus0 addr 210011-210011 ivec 0x25 not configured
> > ebus1 at pci0 dev 7 function 0 "Acer Labs M1533 ISA" rev 0x00
> > com0 at ebus1 addr 3f8-3ff ivec 0x2b: ns16550a, 16 byte fifo
> > com0: console
> > com1 at ebus1 addr 2e8-2ef ivec 0x2b: ns16550a, 16 byte fifo
> > hme0 at pci0 dev 1 function 1 "Sun HME" rev 0x01: ivec 0xe1, address
> > 00:0b:5d:f3:a7:5c
> > nsphyter0 at hme0 phy 1: DP83843 10/100 PHY, rev. 0
> > mpi0 at pci0 dev 2 function 1 "Symbios Logic 53c1030" rev 0x07: ivec 0xe0
> > mpi0: 0, firmware 1.0.12.0
> > scsibus0 at mpi0: 16 targets, initiator 7
> > sd0 at scsibus0 targ 0 lun 0:  SCSI2
> > 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00RAR_AAN0P5200RAR
> > sd0: 70007MB, 512 bytes/sector, 143374738 sectors
> > sd1 at scsibus0 targ 1 lun 0:  SCSI2
> > 0/direct fixed serial.FUJI

Re: Unable to boot sparc from raid drive installation:Open ..... Invalid argument

2019-09-02 Thread Kihaguru Gathura
Thanks for the detailed explanation.

Really appreciated.

All the best

Regards,

Kihaguru.

On Mon, Sep 2, 2019 at 6:17 PM Stefan Sperling  wrote:

> On Mon, Sep 02, 2019 at 05:32:53PM +0300, Kihaguru Gathura wrote:
> > Hi,
> >
> > Unable to boot with the following message
> >
> > open /pci@83,4000/FJSV,ulsa@2,1/disk@0,0:a/etc/random.seed: Invalid
> argument
> > open /pci@83,4000/FJSV,ulsa@2,1/disk@0,0:a/bsd: Invalid argument
>
> > Boot device: /pci@83,4000/FJSV,ulsa@2,1/disk@0,0  File and args:
>
> > Trying bsd...
> > open /pci@83,4000/FJSV,ulsa@2,1/disk@0,0:a/etc/random.seed: Invalid
> argument
> > open /pci@83,4000/FJSV,ulsa@2,1/disk@0,0:a/bsd: Invalid argument
>
> BOOT_SPARC64(8)System Manager's Manual (sparc64)
>  BOOT_SPARC64(8)
>
> [...]
>
>  To boot from a softraid(4) volume by default, boot-device must be set
> to
>  a disk device hosting a chunk of the softraid volume:
>
>ok setenv boot-device disk0
>
>  and boot-file must contain the (sr) device name of the softraid volume
>  and optionally a partition letter and/or kernel:
>
>ok setenv boot-file sr0a:/bsd
>


PostgreSQL-Libpq linking warnings

2019-09-27 Thread Kihaguru Gathura
Hi,

The warnings below always appear while linking c files with
postgresql-libpq on SPARC64 platform. Arm64 and i386 platforms don't
display these errors.

/usr/local/lib/libpq.a(fe-auth.o): In function `PQencryptPasswordConn':
fe-auth.c:(.text+0x284): warning: strcpy() is almost always misused, please
use strlcpy()
/usr/local/lib/libpq.a(fe-connect.o): In function `internal_cancel':
fe-connect.c:(.text+0x30f0): warning: strcat() is almost always misused,
please use strlcat()
/usr/local/lib/libpq.a(fe-connect.o): In function `PQsetClientEncoding':
fe-connect.c:(.text+0xad4): warning: sprintf() is often misused, please use
snprintf()

Can the changes be effected at packages or does it have to be solved by
postgresql team?

Thanks and Regards,

Kihaguru


groups new

2019-09-29 Thread Kihaguru Gathura
0
C Kenya
P
T Nairobi
F irregular
O OpenBSD Kenya
I Kihaguru Njenga Gathura
M kihaguru.gath...@engineer.com
U
N OpenBSD


No WAF detected

2019-11-22 Thread Kihaguru Gathura
Hi,

htbridge (https://www.immuniweb.com/websec/) no longer detects WAF on one of my
web servers configured with OpenBSD-httpd and PF on same machine;
sample of pf.conf configuration as follows.





# $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
#
# See pf.conf(5) and /etc/examples/pf.conf

# don't filter on the loopback interface
set skip on lo

# scrub incoming packets
match in all scrub (no-df)

# set up a default deny policy
block all

# activate spoofing protection for all interfaces
block in quick from urpf-failed

pass in on bge0 from 192.168.0.0/24 to 192.168.0.254
pass out on bge0 from 192.168.0.254 to 192.168.0.0/24


pass in on egress proto tcp from any to egress port 22 modulate state
pass in on egress proto tcp from any to egress port 80 modulate state
pass in on egress proto tcp from any to egress port 443 modulate state
pass out on egress proto tcp from any to any port smtp modulate state
~
~
~
~
~
~
~
~
~
~
~
/etc/pf.conf: 24 lines, 733 characters.
www# pfctl -nf /etc/pf.conf
www# pfctl -vf /etc/pf.conf
---

Not sure what new criteria they are using to detect WAF.

Which is a better way to implement a WAF on OpenBSD using the base utilities?

Thank you,

Kihaguru.


Deleting softraid Devices Fujitsu Sparc

2019-11-27 Thread Kihaguru Gathura
Hi,

An error while deleting softraid device follows

--
Available disks are: sd0 sd1 sd2.
Which disk is the root disk? ('?' for details) [sd0] ?
sd0: FUJITSU, MAT3073N SUN72G, 0602
serial.FUJITSU_MAT3073N_SUN72G_000506B00RAR_AAN0P5200RAR (68.4G)
sd1: FUJITSU, MAT3073N SUN72G, 0602
serial.FUJITSU_MAT3073N_SUN72G_000506B00SSL_AAN0P5200SSL (68.4G)
sd2: OPENBSD, SR RAID 1, 006  (68.4G)
Available disks are: sd0 sd1 sd2.
Which disk is the root disk? ('?' for details) [sd0] !
Type 'exit' to return to install.
www# bioctl -d sd2
bioctl: Can't locate sd2 device via /dev/bio


The aim is to remove the device from the system and then:

# dd if=/dev/zero of=/dev/rsd0c bs=1m count=1
# dd if=/dev/zero of=/dev/rsd1c bs=1m count=1

to reuse the disks.

Thanks,

Kihaguru


Re: Deleting softraid Devices Fujitsu Sparc

2019-11-28 Thread Kihaguru Gathura
On Thursday, November 28, 2019, Nick Holland 
wrote:
> On 2019-11-27 11:23, Kihaguru Gathura wrote:
>> Hi,
>>
>> An error while deleting softraid device follows
>>
>>
--
>> Available disks are: sd0 sd1 sd2.
>> Which disk is the root disk? ('?' for details) [sd0] ?
>> sd0: FUJITSU, MAT3073N SUN72G, 0602
>> serial.FUJITSU_MAT3073N_SUN72G_000506B00RAR_AAN0P5200RAR (68.4G)
>> sd1: FUJITSU, MAT3073N SUN72G, 0602
>> serial.FUJITSU_MAT3073N_SUN72G_000506B00SSL_AAN0P5200SSL (68.4G)
>> sd2: OPENBSD, SR RAID 1, 006  (68.4G)
>> Available disks are: sd0 sd1 sd2.
>> Which disk is the root disk? ('?' for details) [sd0] !
>> Type 'exit' to return to install.
>> www# bioctl -d sd2
>> bioctl: Can't locate sd2 device via /dev/bio
>>

>>
>> The aim is to remove the device from the system and then:
>>
>> # dd if=/dev/zero of=/dev/rsd0c bs=1m count=1
>> # dd if=/dev/zero of=/dev/rsd1c bs=1m count=1
>>
>> to reuse the disks.
>>
>> Thanks,
>>
>> Kihaguru
>>
>
> The install kernels have very minimal disk support.  In the case of
> amd64/i386, it's one wd device -- wd0, not sure about sparc64, but
> I'd bet a cheap lunch that sd2 is not there. :)
>

sd2 exists and www# bioctl sd2 displays the mirror.

Thanks,

Kihaguru


Re: Deleting softraid Devices Fujitsu Sparc

2019-11-28 Thread Kihaguru Gathura
www# bioctl sd2 displays the raid but www# bioctl -d sd2 does not delete
the raid.



On Thursday, November 28, 2019, Kihaguru Gathura  wrote:
>
>
> On Thursday, November 28, 2019, Nick Holland 
wrote:
>> On 2019-11-27 11:23, Kihaguru Gathura wrote:
>>> Hi,
>>>
>>> An error while deleting softraid device follows
>>>
>>>
--
>>> Available disks are: sd0 sd1 sd2.
>>> Which disk is the root disk? ('?' for details) [sd0] ?
>>> sd0: FUJITSU, MAT3073N SUN72G, 0602
>>> serial.FUJITSU_MAT3073N_SUN72G_000506B00RAR_AAN0P5200RAR (68.4G)
>>> sd1: FUJITSU, MAT3073N SUN72G, 0602
>>> serial.FUJITSU_MAT3073N_SUN72G_000506B00SSL_AAN0P5200SSL (68.4G)
>>> sd2: OPENBSD, SR RAID 1, 006  (68.4G)
>>> Available disks are: sd0 sd1 sd2.
>>> Which disk is the root disk? ('?' for details) [sd0] !
>>> Type 'exit' to return to install.
>>> www# bioctl -d sd2
>>> bioctl: Can't locate sd2 device via /dev/bio
>>>

>>>
>>> The aim is to remove the device from the system and then:
>>>
>>> # dd if=/dev/zero of=/dev/rsd0c bs=1m count=1
>>> # dd if=/dev/zero of=/dev/rsd1c bs=1m count=1
>>>
>>> to reuse the disks.
>>>
>>> Thanks,
>>>
>>> Kihaguru
>>>
>>
>> The install kernels have very minimal disk support.  In the case of
>> amd64/i386, it's one wd device -- wd0, not sure about sparc64, but
>> I'd bet a cheap lunch that sd2 is not there. :)
>>
>
> sd2 exists and www# bioctl sd2 displays the mirror.
>
>
www# bioctl sd2 displays the raid but www# bioctl -d sd2 does not delete
the raid.


Re: Deleting softraid Devices Fujitsu Sparc

2019-11-28 Thread Kihaguru Gathura
On Thursday, November 28, 2019, Kihaguru Gathura  wrote:
>
>
>
> www# bioctl sd2 displays the raid but www# bioctl -d sd2 does not delete
the raid.
>
>
>
> On Thursday, November 28, 2019, Kihaguru Gathura 
wrote:
>>
>>
>> On Thursday, November 28, 2019, Nick Holland 
wrote:
>>> On 2019-11-27 11:23, Kihaguru Gathura wrote:
>>>> Hi,
>>>>
>>>> An error while deleting softraid device follows
>>>>
>>>>
--
>>>> Available disks are: sd0 sd1 sd2.
>>>> Which disk is the root disk? ('?' for details) [sd0] ?
>>>> sd0: FUJITSU, MAT3073N SUN72G, 0602
>>>> serial.FUJITSU_MAT3073N_SUN72G_000506B00RAR_AAN0P5200RAR (68.4G)
>>>> sd1: FUJITSU, MAT3073N SUN72G, 0602
>>>> serial.FUJITSU_MAT3073N_SUN72G_000506B00SSL_AAN0P5200SSL (68.4G)
>>>> sd2: OPENBSD, SR RAID 1, 006  (68.4G)
>>>> Available disks are: sd0 sd1 sd2.
>>>> Which disk is the root disk? ('?' for details) [sd0] !
>>>> Type 'exit' to return to install.
>>>> www# bioctl -d sd2
>>>> bioctl: Can't locate sd2 device via /dev/bio
>>>>

>>>>
>>>> The aim is to remove the device from the system and then:
>>>>
>>>> # dd if=/dev/zero of=/dev/rsd0c bs=1m count=1
>>>> # dd if=/dev/zero of=/dev/rsd1c bs=1m count=1
>>>>
>>>> to reuse the disks.
>>>>
>>>> Thanks,
>>>>
>>>> Kihaguru
>>>>
>>>
>>> The install kernels have very minimal disk support.  In the case of
>>> amd64/i386, it's one wd device -- wd0, not sure about sparc64, but
>>> I'd bet a cheap lunch that sd2 is not there. :)
>>>
>>
>> sd2 exists and www# bioctl sd2 displays the mirror.
>>
>>
> www# bioctl sd2 displays the raid but www# bioctl -d sd2 does not delete
the raid.
>
Meanwhile done # dd if=/dev/zero of=/dev/rsd2c bs=1m count=1 and reused the
raid device.

Kihaguru.


Re: Deleting softraid Devices Fujitsu Sparc

2019-12-01 Thread Kihaguru Gathura
On Saturday, November 30, 2019, Karel Gardas  wrote:
> On 2019-11-28 20:09, Kihaguru Gathura wrote:
>>
>> www# bioctl sd2 displays the raid but www# bioctl -d sd2 does not delete
>> the raid.
>
> Not sure what exactly do you expect from "delete", but -d option for
softraid is more like detach than delete. Although man page is a bit
confusing since first -d is described as delete and then in examples as
detach. So well, what do you expect from it exactly?
>

To install OpenBSD on drive sd0 or sd1 currently part of the softraid drive
sd2, requires first delete/detach the softraid.


Re: No WAF detected

2019-12-09 Thread Kihaguru Gathura
Hi,

A message form assessors and further tests below.

[image: image.png]


I have configured relayd to serve a single url that accepts no parameters.
This url is blocked by relayd with error 403 Forbidden if anything is
appended to its end.

I would expect WAF detection in such a test case but this has not happened.

what other means are malicious payloads being delivered in this case?

Thanks and regards,

Kihaguru




# $OpenBSD: relayd.conf,v 1.5 2018/05/06 20:56:55 benno Exp $
#
# Relay and protocol
#
http protocol httpp {
return error
match response header remove "Server"

pass
block quick path "/cgi-bin/index.cgi" value "*command=*"
pass quick path "/net/index.html" value ""
block
}

relay httpr {
# Listen on localhost, accept diverted connections from
pf(4)
listen on 127.0.0.1 port 8080
protocol httpp

# Forward to the original target host
forward to destination
}

http protocol httpsp {
return error
match response header remove "Server"

pass
block quick path "/cgi-bin/index.cgi" value "*command=*"
pass quick path "/net/index.html" value ""
block

tls keypair example.net
 }

relay httpsr {
# Listen on localhost, accept diverted connections from
pf(4)
listen on 127.0.0.1 port 8443 tls
protocol httpsp

# Forward to the original target host
forward with tls to destination
}
-------


On Thu, Dec 5, 2019 at 2:11 PM Stuart Henderson  wrote:

> On 2019/12/05 00:17, Kihaguru Gathura wrote:
> >
> >
> >
> > On Wed, Dec 4, 2019 at 11:58 PM Kihaguru Gathura 
> wrote:
> >
> >
> >
> > >> Which is a better way to implement a WAF on OpenBSD using the
> base utilities?
> > >
> > > relayd configured in certain ways might be considered as a WAF.
> >
> >
> > All methods and all other security headers and path filters are
> coded in the web
> > application which had always been detected as a custom WAF until two
> weeks ago.
> >
> > I have now included relayd and a re-test passes all other
> requirements but does not detect
> > a WAF (please find sample configurations and test report below).
> >
> > Any hint highly appreciated
>
> I think you will need to talk to your assessors and ask what they're
> looking for.
>
>


Re: No WAF detected - Solved

2019-12-27 Thread Kihaguru Gathura
Hi,

WAF is detected when certain methods are filtered in relayd.

Thanks,

Kihaguru.




On Monday, December 9, 2019, Kihaguru Gathura  wrote:
>
>
> Hi,
> A message form assessors and further tests below.
>
>

>
>
> I have configured relayd to serve a single url that accepts no
parameters. This url is blocked by relayd with error 403 Forbidden if
anything is appended to its end.
> I would expect WAF detection in such a test case but this has not
happened.
> what other means are malicious payloads being delivered in this case?
>
> Thanks and regards,
> Kihaguru
>
>
>

>
> # $OpenBSD: relayd.conf,v 1.5 2018/05/06 20:56:55 benno Exp $
> #
> # Relay and protocol
> #
> http protocol httpp {
> return error
> match response header remove "Server"
>
> pass
> block quick path "/cgi-bin/index.cgi" value "*command=*"
> pass quick path "/net/index.html" value ""
> block
> }
>
> relay httpr {
> # Listen on localhost, accept diverted connections from
pf(4)
> listen on 127.0.0.1 port 8080
> protocol httpp
>
> # Forward to the original target host
> forward to destination
> }
>
> http protocol httpsp {
> return error
> match response header remove "Server"
>
> pass
> block quick path "/cgi-bin/index.cgi" value "*command=*"
> pass quick path "/net/index.html" value ""
> block
>
> tls keypair example.net
>  }
>
> relay httpsr {
> # Listen on localhost, accept diverted connections from
pf(4)
> listen on 127.0.0.1 port 8443 tls
> protocol httpsp
>
> # Forward to the original target host
>         forward with tls to destination
> }
>
-------
>
> On Thu, Dec 5, 2019 at 2:11 PM Stuart Henderson 
wrote:
>>
>> On 2019/12/05 00:17, Kihaguru Gathura wrote:
>> >
>> >
>> >
>> > On Wed, Dec 4, 2019 at 11:58 PM Kihaguru Gathura 
wrote:
>> >
>> >
>> >
>> > >> Which is a better way to implement a WAF on OpenBSD using
the base utilities?
>> > >
>> > > relayd configured in certain ways might be considered as a
WAF.
>> >
>> >
>> > All methods and all other security headers and path filters are
coded in the web
>> > application which had always been detected as a custom WAF until
two weeks ago.
>> >
>> > I have now included relayd and a re-test passes all other
requirements but does not detect
>> > a WAF (please find sample configurations and test report below).
>> >
>> > Any hint highly appreciated
>>
>> I think you will need to talk to your assessors and ask what they're
looking for.
>>
>


support update

2017-12-18 Thread Kihaguru Gathura
0
C Kenya
P Nairobi
T Nairobi
Z P.O. Box 30164-00100
O PQscript
I
A Bishops Road
M pqscr...@gmail.com 
U
B +254 706970697
X
N OpenBSD-httpd web server consulting. Specialize in web applications
development with PostgreSQL-libpq and FastCGI in C.


support update

2017-12-19 Thread Kihaguru Gathura
0
C Kenya
P Nairobi
T Nairobi
Z P.O. Box 30164-00100
O PQscript
I
A Bishops Road
M pqscr...@gmail.com
U
B +254 706970697
X
N OpenBSD consulting. Speciality in web applications
development with OpenBSD-httpd web server, PostgreSQL DBMS, FastCGI
protocol and C programming language.


Re: no registration exists matching provided key

2017-12-19 Thread Kihaguru Gathura
OpenBSD 6.2.

precisely as summarised by Scott, however to overcome some pitfalls, full
details to get TLS working for your domain www.example.com as follows.

1. Configure httpd.conf to work with your domain example.com as follows:

 # vi /etc/httpd.conf
# $OpenBSD: httpd.conf,v 1.17 2017/04/16 08:50:49
ajacoutot Exp $

#
# Macros
#
ext_addr="*"

#
# Global Options
#
# prefork 3

#
# Servers
#
# A minimal default server
server "default" {
listen on $ext_addr port 80
}

# A minimal www.example.com  server
server "www.example.com" {
alias "example.com"
listen on $ext_addr port 80
root "/htdocs/www.example.com"
location "/.well-known/acme-challenge/*" {
root "/acme"
root strip 2
directory no auto index
}
}

# Include MIME types instead of the built-in ones
types {
include "/usr/share/misc/mime.types"
}

 2. Create root folder for the domain and start httpd server to effect
changes:

# mkdir /var/www/htdocs/www.example.com
# vi /etc/rc.conf.local
  httpd_flags=
# rcctl enable httpd
# rcctl start httpd
httpd(ok)

3. Configure acme-client for your domain www.example.com domain:

# vi /etc/acme-client.conf
#
# $OpenBSD: acme-client.conf,v 1.4 2017/03/22
11:14:14 benno Exp $
#
authority letsencrypt {
agreement url "
https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf";
api url "
https://acme-v01.api.letsencrypt.org/directory";
account key
"/etc/acme/letsencrypt-privkey.pem"
}

authority letsencrypt-staging {
agreement url "
https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf";
api url "
https://acme-staging.api.letsencrypt.org/directory";
account key
"/etc/acme/letsencrypt-staging-privkey.pem"
}

domain www.example.com {
   alternative names { example.com }
   domain key "/etc/ssl/private/example.com.key"
   domain certificate "/etc/ssl/example.com.crt"
   domain full chain certificate
"/etc/ssl/example.com.fullchain.pem"
   sign with letsencrypt
}

4. Attempt to get the certificates:

#acme-client -vvAD www.example.com
..
acme-client: https://acme-v01.api.letsencrypt.org/acme/new-reg: bad HTTP:
400
acme-client: transfer buffer: [{ "type": "urn:acme:error:malformed",
"detail": "Provided agreement URL [https://lecuments/LE-SA
-v1.2-November-15-2017.pdf]", "status": 400 }] (267 bytes)
acme-client: bad exit: netproc(71944): 1

5. The agreement URL needs to be updated(replaced) with the one provided in
the error message above:

# vi /etc/acme-client.conf
#
#
# $OpenBSD: acme-client.conf,v 1.4 2017/03/22
11:14:14 benno Exp $
#
authority letsencrypt {
# agreement url "
https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf";
agreement url "
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf";
api url "
https://acme-v01.api.letsencrypt.org/directory";
account key
"/etc/acme/letsencrypt-privkey.pem"
}

authority letsencrypt-staging {
# agreement url "
https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf";
agreement url "
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf";
  

Re: support update

2017-12-20 Thread Kihaguru Gathura
Please use the latter submission also copied below to update my profile.
Kindly note email has changed.

On Tuesday, December 19, 2017, Kihaguru Gathura  wrote:
> 0
> C Kenya
> P Nairobi
> T Nairobi
> Z P.O. Box 30164-00100
> O PQscript
> I
> A Bishops Road
> M pqscr...@gmail.com
> U
> B +254 706970697
> X
> N OpenBSD consulting. Speciality in web applications
> development with OpenBSD-httpd web server, PostgreSQL DBMS, FastCGI
protocol and C programming language.
>


HP microsever gen 10 AMD x3216

2021-03-20 Thread Kihaguru Gathura
Hello,

OpenBSD 6.8 amd64 iso installation hangs @

_
_
_
isa0 at mainbus0
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
_


Any lead on this?

Thanks,

Kihaguru


Re: HP microsever gen 10 AMD x3216

2021-03-21 Thread Kihaguru Gathura
With pckbc disabled, boot stops at

_
_
_
isa0 at mainbus0
>>> probing for com0
>>> probing for com0 failed
>>> probing for com1
>>> probing for com1 failed
>>> probing for com2
>>> probing for com2 failed
>>> probing for vga0
>>> probing for vga0 failed
_

Thanks Kihaguru

On Sunday, March 21, 2021, Stuart Henderson  wrote:
> On 2021-03-20, Kihaguru Gathura  wrote:
>> Hello,
>>
>> OpenBSD 6.8 amd64 iso installation hangs @
>>
>> _
>> _
>> _
>> isa0 at mainbus0
>> pckbc0 at isa0 port 0x60/5 irq 1 irq 12
>> _
>>
>>
>> Any lead on this?
>>
>> Thanks,
>>
>> Kihaguru
>>
>
> Does it help to "boot -c" and "disable pckbc"?
>
>
>


Re: Primepower 250 vs Sunfire v215

2021-04-01 Thread Kihaguru Gathura
> not really possible with the primepower 250 (hard to find any kind of SSD

There is industrial grade 80-pin SCA-2 SSD, Ultra320 by Hagiwara. Can be
limited to 73GB or 147GB usable on a Primepower 250.

They say and I quote: "Hagiwara specializes in industrial grade flash
storage and our customers pay a premium for extra endurance and
reliability."

On Sunday, September 20, 2020, Claudio Jeker 
wrote:
> On Sun, Sep 20, 2020 at 08:00:45PM +0300, Kihaguru Gathura wrote:
>> > The Primepower is bigger and needs more power but if you find a box
with
>> > good CPUs and memory it should run faster than a V215
>>
>> How did the performance of the PrimePower 250 SCSI drives compare to Sun
>> Fire V215 SAS drives?
>
> Any spinning rust is slow compared to SSD disks. I run my Fire V215 with a
> NVME disk for the busy partitions (but boot from the SAS drives). This is
> not really possible with the primepower 250 (hard to find any kind of SSD
> for that system).
>
> --
> :wq Claudio
>


argv from bogus argc

2021-05-24 Thread Kihaguru Gathura
While testing to determine command line arguments passed to a cgi file
using the *function 1*, I receive the  message *output 1.*
one argument is passed and that is the name of the file.

However, testing with a bogus number 30 for argc in *function 2*, discloses
multiple arguments beyond the last null argument argv[1] see *output 2.*
There is also a null value at bogus argc number 29.

Why are these additional argv values generated?




*Function 1:*



/**/

void TestCommandLineArguments(int argc, char *argv[])
{
  unsigned short int i = 0;

  if (argc == 1)  /* if one command line argument is passed */
  {
  PrintPageUpper();

  while(i < argc)
  {
  printf("\t\t(i = %2$d) argc: %1$d, \
   argv[%2$d]: \"%3$s\"\n", argc, \
   i, argv[i]);
  i++;
  }

  PrintPageLower();
  exit(EXIT_SUCCESS);

   }

if (argc != 1)
{
PrintPageUpper();
puts("\t\t(Multiple Arguments)");
PrintPageLower();
exit(EXIT_SUCCESS);
}
}


/**/


*Output 1:   *

(i = 0) argc: 1, argv[0]: "//xyz/xyz.html"






*Function 2:*


/**/

void TestCommandLineArguments(int argc, char *argv[])
{
  unsigned short int i = 0;
  #define BOGUS_ARGC 30

  if (argc == 1)
  {
  PrintPageUpper();

  while(i < BOGUS_ARGC)
  {
  printf("\t\t(i = %2$d) argc: %1$d, \
   argv[%2$d]: \"%3$s\"\n", BOGUS_ARGC, \
   i, argv[i]);
  i++;
  }

  PrintPageLower();
  exit(EXIT_SUCCESS);

   }

if (argc == 1)
{
PrintPageUpper();
puts("\t\t(Single Argument)");
PrintPageLower();
exit(EXIT_SUCCESS);
}
}


/**/

*Output 2:*

(i = 0) argc: 30,argv[0]:
"//xyz/xyz.html"
(i = 1) argc: 30,argv[1]: 
"(null)"
(i = 2) argc: 30,argv[2]:
"SERVER_SOFTWARE=OpenBSD httpd"
(i = 3) argc: 30,argv[3]:
"SERVER_PROTOCOL=HTTP/1.1"
(i = 4) argc: 30,argv[4]:
"SERVER_NAME=xyz.com"
(i = 5) argc: 30,argv[5]:
"SERVER_PORT=443"
(i = 6) argc: 30,argv[6]:
"SERVER_ADDR=xyz.xyz.xy.xyz"
(i = 7) argc: 30,argv[7]:
"REQUEST_URI=/xyz/xyz.html"
(i = 8) argc: 30,argv[8]:
"REQUEST_METHOD=GET"
(i = 9) argc: 30,argv[9]:
"REMOTE_PORT=36818"
(i = 10) argc: 30,argv[10]:
"REMOTE_ADDR=xyz.xyz.xy.xyz"
(i = 11) argc: 30,argv[11]: 
"HTTPS=on"
(i = 12) argc: 30,argv[12]:
"HTTP_X_FORWARDED_FOR=xyz.xyz.xy.xyz"
(i = 13) argc: 30,argv[13]:
"HTTP_X_FORWARDED_BY=xyz.xyz.xy.xyz:8443"
(i = 14) argc: 30,argv[14]:
"HTTP_USER_AGENT=Mozilla/5.0 (X11; OpenBSD amd64; rv:62.0)
Gecko/20100101 Firefox/62.0"
(i = 15) argc: 30,argv[15]:
"HTTP_UPGRADE_INSECURE_REQUESTS=1"
(i = 16) argc: 30,argv[16]:
"HTTP_HOST=xyz.com"
(i = 17) argc: 30,argv[17]:
"HTTP_CONNECTION=keep-alive"
(i = 18) argc: 30,argv[18]:
"HTTP_CACHE_CONTROL=max-age=0"
(i = 19) argc: 30,argv[19]:
"HTTP_ACCEPT_LANGUAGE=en-US,en;q=0.5"
(i = 20) argc: 30,argv[20]:
"HTTP_ACCEPT_ENCODING=gzip, deflate, br"
(i = 21) argc: 30,argv[21]:
"HTTP_ACCEPT=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8"
(i = 22) argc: 30,argv[22]:
"GATEWAY_INTERFACE=CGI/1.1"
(i = 23) argc: 30

Re: argv from bogus argc

2021-05-24 Thread Kihaguru Gathura
Yes, I did !

Thank you.

On Mon, May 24, 2021 at 4:51 PM Omar Polo  wrote:

>
> Kihaguru Gathura  writes:
>
> > While testing to determine command line arguments passed to a cgi file
> > using the *function 1*, I receive the  message *output 1.*
> > one argument is passed and that is the name of the file.
> >
> > However, testing with a bogus number 30 for argc in *function 2*,
> discloses
> > multiple arguments beyond the last null argument argv[1] see *output 2.*
> > There is also a null value at bogus argc number 29.
> >
> > Why are these additional argv values generated?
>
> haven't you gone out-of-bound and started printing the envp?
>
> >
> >
> >
> > *Function 1:*
> >
> >
> >
> > /**/
> >
> > void TestCommandLineArguments(int argc, char *argv[])
> > {
> >   unsigned short int i = 0;
> >
> >   if (argc == 1)  /* if one command line argument is passed
> */
> >   {
> >   PrintPageUpper();
> >
> >   while(i < argc)
> >   {
> >   printf("\t\t(i = %2$d) argc: %1$d, \
> >argv[%2$d]: \"%3$s\"\n", argc, \
> >i, argv[i]);
> >   i++;
> >   }
> >
> >   PrintPageLower();
> >   exit(EXIT_SUCCESS);
> >
> >}
> >
> > if (argc != 1)
> > {
> > PrintPageUpper();
> > puts("\t\t(Multiple Arguments)");
> > PrintPageLower();
> > exit(EXIT_SUCCESS);
> > }
> > }
> >
> >
> > /**/
> >
> >
> > *Output 1:   *
> >
> > (i = 0) argc: 1, argv[0]: "//xyz/xyz.html"
> >
> >
> >
> >
> >
> >
> > *Function 2:*
> >
> >
> > /**/
> >
> > void TestCommandLineArguments(int argc, char *argv[])
> > {
> >   unsigned short int i = 0;
> >   #define BOGUS_ARGC 30
> >
> >   if (argc == 1)
> >   {
> >   PrintPageUpper();
> >
> >   while(i < BOGUS_ARGC)
> >   {
> >   printf("\t\t(i = %2$d) argc: %1$d, \
> >argv[%2$d]: \"%3$s\"\n", BOGUS_ARGC, \
> >i, argv[i]);
> >   i++;
> >   }
> >
> >   PrintPageLower();
> >   exit(EXIT_SUCCESS);
> >
> >}
> >
> > if (argc == 1)
> > {
> > PrintPageUpper();
> > puts("\t\t(Single Argument)");
> > PrintPageLower();
> > exit(EXIT_SUCCESS);
> > }
> > }
> >
> >
> > /**/
> >
> > *Output 2:*
> >
> >   (i = 0) argc: 30,
> argv[0]:
> > "//xyz/xyz.html"
> >   (i = 1) argc: 30,
> argv[1]: "(null)"
> >   (i = 2) argc: 30,
> argv[2]:
> > "SERVER_SOFTWARE=OpenBSD httpd"
> >   (i = 3) argc: 30,
> argv[3]:
> > "SERVER_PROTOCOL=HTTP/1.1"
> >   (i = 4) argc: 30,
> argv[4]:
> > "SERVER_NAME=xyz.com"
> >   (i = 5) argc: 30,
> argv[5]:
> > "SERVER_PORT=443"
> >   (i = 6) argc: 30,
> argv[6]:
> > "SERVER_ADDR=xyz.xyz.xy.xyz"
> >   (i = 7) argc: 30,
> argv[7]:
> > "REQUEST_URI=/xyz/xyz.html"
> >   (i = 8) argc: 30,
> argv[8]:
> > "REQUEST_METHOD=GET"
> >   (i = 9) argc: 30,
> argv[9]:
> > "REMOTE_PORT=36818"
> >   (i = 10) argc: 30,
> argv[10]:
> > "REMOTE_ADDR=xyz.xyz.xy.xyz"
> >   (i = 11) argc: 30,
> argv[11]: "HTTPS=on"
> >   (i = 12) argc: 30,
> argv[12]:
> > &quo

Support Update

2024-01-02 Thread Kihaguru Gathura
0
C Kenya
P
T Nairobi
Z P.O. Box 30164-00100
O IFINAX Ltd
 I  Kihaguru Njenga Gathura
A Bishops Road
M info@ifinax. net
U
B +254 7 0697 0697
X
N OpenBSD consulting. Speciality in web applications
development with OpenBSD-httpd web server, PostgreSQL DBMS, FastCGI
protocol and C programming language.


Re: Support Update

2024-01-25 Thread Kihaguru Gathura
Hi Ingo,

Thank you for your understanding.
The domain situation is lingering a bit too long due to reliability issues
with my current provider.
To preserve listing, Please update as follows.

Regards,
Kihaguru

0
C Kenya
P
T Nairobi
Z P.O. Box 30164-00100
O Consultant
I Kihaguru Njenga Gathura
A
M kihaguru.gath...@gmail.com
U
B +254 7 0697 0697
X
N OpenBSD consulting. Speciality in web applications development with
OpenBSD-httpd web server, PostgreSQL DBMS, FastCGI protocol and C
programming language.


On Sat, Jan 6, 2024 at 5:44 PM Ingo Schwarze  wrote:

> Hello once more,
>
> Ingo Schwarze wrote on Sat, Jan 06, 2024 at 03:16:49PM +0100:
> > Kihaguru Gathura  wrote
> > on Tue, Jan 02, 2024 at 03:53:21PM +0300:
>
> >> 0
> >> C Kenya
> >> P
> >> T Nairobi
> >> Z P.O. Box 30164-00100
> >> O IFINAX Ltd
> >> I Kihaguru Njenga Gathura
> >> A Bishops Road
> >> M info@ifinax. net
>
> > As far as i can see, this is the only line you want to change,
> > but the new version of the line is malformed: it must not contain
> > angle brackets.
> >
> > It is not clear to me whether you want
> >
> >   M i...@ifinax.net
> >
> > or
> >
> >   M i...@pqscript.com
> >
> > or even something else?
>
> Apart from the HTTP issues reported earlier, i see issues with your SMTP
> configuration as well:
>
>$ date
>   Sat Jan  6 15:21:00 CET 2024
>$ host -t any pqscript.com
>   Host pqscript.com not found: 3(NXDOMAIN)
>
> This is not good because a domain must have at least SOA and MX records
> to be usable for SMTP.
>
>$ host -t soa ifinax.net
>   ifinax.net has SOA record ns1.safaricombusiness.co.ke. \
>   EnterpriseISPSystems.Safaricom.co.ke. 2023121202 3600 1800 1209600 86400
>$ host -t mx ifinax.net ns1.safaricombusiness.co.ke
>   Using domain server:
>   Name: ns1.safaricombusiness.co.ke
>   Address: 41.203.208.129#53
>   Aliases:
>
>   ifinax.net mail is handled by 0 rat-03.safaricombusiness.co.ke.
>   ifinax.net mail is handled by 0 rat-04.safaricombusiness.co.ke.
>   ifinax.net mail is handled by 0 rat-01.safaricombusiness.co.ke.
>   ifinax.net mail is handled by 0 rat-02.safaricombusiness.co.ke.
>
>$ telnet rat-03.safaricombusiness.co.ke smtp
>   Trying 41.203.208.141...
>   Connected to rat-03.safaricombusiness.co.ke.
>   Escape character is '^]'.
>   220 thk-tes-rat05.safaricombusiness.co.ke ESMTP
>   MAIL From:
>   250 sender  ok
>   RCPT To:
>   550 #5.1.0 Address rejected.
>   QUIT
>   221 thk-tes-rat05.safaricombusiness.co.ke
>   Connection closed by foreign host.
>
> The identical problem occurs when i relay the mail via the official
> outgoing mailserver of the Karlsruhe Institute of Technology:
>
>   Reporting-MTA: dns; smarthost.kit.edu
>   Action: failed
>   Final-Recipient: rfc822;i...@ifinax.net
>   Status: 5.0.0
>   Remote-MTA: dns; rat-02.safaricombusiness.co.ke
>   Diagnostic-Code: smtp; 550 #5.1.0 Address rejected.
>
> So please fix your mail server first, and then tell me which email
> address you want listed after that.
>
> Yours,
>   Ingo
>
> >> U
> >
> > While we are sorting this out, can we please also add a working
> > WWW URI?  I mean, a "Ltd" company almost certainly has a website
> > nowadays, and listing that would be very helpful for users.
> >
> > However, this does not look good:
> >
> >$ date
> >   Sat Jan  6 15:01:57 CET 2024
> >$ printf "GET / HTTP/1.0\r\n\r\n" | nc ifinax.net http
> >   HTTP/1.0 302 Found
> >   Connection: close
> >   Content-Length: 486
> >   Content-Type: text/html
> >   Date: Sat, 06 Jan 2024 14:02:15 GMT
> >   Location: https://ifinax.com/
> >   Server: OpenBSD httpd
> >
> >   
> >   [ ... snip ... ]
> >
> >$ printf "GET / HTTP/1.0\r\n\r\n" | nc -cvD ifinax.com https
> >   Connection to ifinax.com (41.90.23.242) 443 port [tcp/https]
> succeeded!
> >   TLS handshake negotiated TLSv1.3/TLS_AES_256_GCM_SHA384 with host
> ifinax.com
> >   Peer name: ifinax.com
> >   Subject: /CN=ifinax.com
> >   Issuer: /C=US/O=Let's Encrypt/CN=R3
> >   Valid From: Fri Nov  3 08:43:56 2023
> >   Valid Until: Thu Feb  1 08:43:55 2024
> >   Cert Hash:
> SHA256:aa6ea558a0d1e76067225762f3dbd8982cf5cbc73f1c66b9cc47111db05f65b0
> >   OCSP URL: http://r3.o.lencr.org
> >$ echo $?
> >   0
> >
> > It appears the TLS TCP connection to the https port works, but then
> > the web server immediately closes the connection instead of waiting
> > for HTTP requests.
> >
> > Can you fix the server such that we can add
> >
> >   U https://ifinax.com/
> >
> > or should a different URI be listed?
> >
> > Until these issues are worked out, i refrain from touching the existing
> > entry for Kihaguru Njenga Gathura, for now.
> >
> >> B +254 7 0697 0697
> >> X
> >> N OpenBSD consulting. Speciality in web applications
> >> development with OpenBSD-httpd web server, PostgreSQL DBMS, FastCGI
> >> protocol and C programming language.
>


Fwd: Support Update

2024-04-01 Thread Kihaguru Gathura
Hi,

This is a polite reminder to restore listing as follows.

0
C Kenya
P
T Nairobi
Z P.O. Box 30164-00100
O Consultant
I Kihaguru Njenga Gathura
A
M kihaguru.gath...@gmail.com
U
B +254 7 0697 0697
X
N OpenBSD consulting. Speciality in web applications development with
OpenBSD-httpd web server, PostgreSQL DBMS, FastCGI protocol and C
programming language.

Regards
Kihaguru.


-- Forwarded message -
From: Kihaguru Gathura 
Date: Thu, 25 Jan 2024, 21:43
Subject: Re: Support Update
To: Ingo Schwarze 
Cc: , 


Hi Ingo,

Thank you for your understanding.
The domain situation is lingering a bit too long due to reliability issues
with my current provider.
To preserve listing, Please update as follows.

Regards,
Kihaguru

0
C Kenya
P
T Nairobi
Z P.O. Box 30164-00100
O Consultant
I Kihaguru Njenga Gathura
A
M kihaguru.gath...@gmail.com
U
B +254 7 0697 0697
X
N OpenBSD consulting. Speciality in web applications development with
OpenBSD-httpd web server, PostgreSQL DBMS, FastCGI protocol and C
programming language.


On Sat, Jan 6, 2024 at 5:44 PM Ingo Schwarze  wrote:

> Hello once more,
>
> Ingo Schwarze wrote on Sat, Jan 06, 2024 at 03:16:49PM +0100:
> > Kihaguru Gathura  wrote
> > on Tue, Jan 02, 2024 at 03:53:21PM +0300:
>
> >> 0
> >> C Kenya
> >> P
> >> T Nairobi
> >> Z P.O. Box 30164-00100
> >> O IFINAX Ltd
> >> I Kihaguru Njenga Gathura
> >> A Bishops Road
> >> M info@ifinax. net
>
> > As far as i can see, this is the only line you want to change,
> > but the new version of the line is malformed: it must not contain
> > angle brackets.
> >
> > It is not clear to me whether you want
> >
> >   M i...@ifinax.net
> >
> > or
> >
> >   M i...@pqscript.com
> >
> > or even something else?
>
> Apart from the HTTP issues reported earlier, i see issues with your SMTP
> configuration as well:
>
>$ date
>   Sat Jan  6 15:21:00 CET 2024
>$ host -t any pqscript.com
>   Host pqscript.com not found: 3(NXDOMAIN)
>
> This is not good because a domain must have at least SOA and MX records
> to be usable for SMTP.
>
>$ host -t soa ifinax.net
>   ifinax.net has SOA record ns1.safaricombusiness.co.ke. \
>   EnterpriseISPSystems.Safaricom.co.ke. 2023121202 3600 1800 1209600 86400
>$ host -t mx ifinax.net ns1.safaricombusiness.co.ke
>   Using domain server:
>   Name: ns1.safaricombusiness.co.ke
>   Address: 41.203.208.129#53
>   Aliases:
>
>   ifinax.net mail is handled by 0 rat-03.safaricombusiness.co.ke.
>   ifinax.net mail is handled by 0 rat-04.safaricombusiness.co.ke.
>   ifinax.net mail is handled by 0 rat-01.safaricombusiness.co.ke.
>   ifinax.net mail is handled by 0 rat-02.safaricombusiness.co.ke.
>
>$ telnet rat-03.safaricombusiness.co.ke smtp
>   Trying 41.203.208.141...
>   Connected to rat-03.safaricombusiness.co.ke.
>   Escape character is '^]'.
>   220 thk-tes-rat05.safaricombusiness.co.ke ESMTP
>   MAIL From:
>   250 sender  ok
>   RCPT To:
>   550 #5.1.0 Address rejected.
>   QUIT
>   221 thk-tes-rat05.safaricombusiness.co.ke
>   Connection closed by foreign host.
>
> The identical problem occurs when i relay the mail via the official
> outgoing mailserver of the Karlsruhe Institute of Technology:
>
>   Reporting-MTA: dns; smarthost.kit.edu
>   Action: failed
>   Final-Recipient: rfc822;i...@ifinax.net
>   Status: 5.0.0
>   Remote-MTA: dns; rat-02.safaricombusiness.co.ke
>   Diagnostic-Code: smtp; 550 #5.1.0 Address rejected.
>
> So please fix your mail server first, and then tell me which email
> address you want listed after that.
>
> Yours,
>   Ingo
>
> >> U
> >
> > While we are sorting this out, can we please also add a working
> > WWW URI?  I mean, a "Ltd" company almost certainly has a website
> > nowadays, and listing that would be very helpful for users.
> >
> > However, this does not look good:
> >
> >$ date
> >   Sat Jan  6 15:01:57 CET 2024
> >$ printf "GET / HTTP/1.0\r\n\r\n" | nc ifinax.net http
> >   HTTP/1.0 302 Found
> >   Connection: close
> >   Content-Length: 486
> >   Content-Type: text/html
> >   Date: Sat, 06 Jan 2024 14:02:15 GMT
> >   Location: https://ifinax.com/
> >   Server: OpenBSD httpd
> >
> >   
> >   [ ... snip ... ]
> >
> >$ printf "GET / HTTP/1.0\r\n\r\n" | nc -cvD ifinax.com https
> >   Connection to ifinax.com (41.90.23.242) 443 port [tcp/https]
> succeeded!
> >   TLS handshake negotiated TLSv1.3/TLS_AES_256_GCM_SHA384 with host
> ifinax.com
> >   Peer name: ifinax.com
> > 

HP Proliant ML350 Generation9 (Gen9) E5-2620v4 on OpenBSD

2022-12-20 Thread Kihaguru Gathura
Hello,

Is HP Proliant ML350 Generation9 (Gen9) E5-2620v4 suited for OpenBSD?

If so, does it run stably?


Regards

Kihaguru.


Hardware RAID on Poweredge Servers

2023-03-30 Thread Kihaguru Gathura
Hello,

Is hardware RAID on Poweredge servers (T340, PERC H330 in particular)
generally stable enough for production or is it safer to stick with OpenBSD
softraid?


Regards,

Kihaguru.


Re: Hardware RAID on Poweredge Servers

2023-03-30 Thread Kihaguru Gathura
Thanks for the info.

Regards,

Kihaguru.

On Fri, Mar 31, 2023 at 7:36 AM Kenneth Gober  wrote:

> On Thu, Mar 30, 2023 at 12:37 PM Kihaguru Gathura <
> kihagurugath...@gmail.com> wrote:
>
>> Is hardware RAID on Poweredge servers (T340, PERC H330 in particular)
>> generally stable enough for production or is it safer to stick with
>> OpenBSD
>> softraid?
>>
>
> I haven't used the H330, but the PERC 5/i and the PERC H700 have worked
> fine for
> me.  In terms of 'safety' I advise having a spare controller on hand
> because if your
> controller fails recovery will be simplest if you have the same controller
> (with the same
> firmware version) on hand.
>
> Note that mounting a RAID volume on a newer controller (or the same
> controller with
> newer firmware) may prevent that volume from being attached to an older
> controller later.
> So don't try doing fancy things like moving the drives to a newer system
> to take a backup,
> then trying to move them back to their original system later unless you
> have the same
> controller in both systems.
>
> In general I prefer hardware RAID because it's more likely you'll be able
> to easily boot your
> system if the array is running in a degraded state due to a drive failure
> (perhaps you might
> need to press F1 or something to continue).  With softraid, you might need
> to type special
> commands at the console to force booting or mounting a volume with a
> failed drive in it.
> This may be a problem if you are in a rush to bring the system back up and
> don't have a
> convenient way to look up the necessary commands.
>
> -ken
>


[no subject]

2023-05-17 Thread Kihaguru Gathura
Greetings,

The following message occurs when linking C files in OpenBSD 7.3 AMD64
Platform.

<- fe-exec.c(fe-exec.o:(PQmakeEmptyPGresult) in archive
/usr/local/lib/libpq.a): warning: strcpy() is almost always misused, please
use strlcpy() ->

Regards,

Kihaguru


Re: 3g/4g modem access from within chroot

2019-02-08 Thread Kihaguru Gathura
m1
umsm2 at uhub1 port 2 configuration 1 interface 2 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 5
ucom2 at umsm2
umass1 at uhub1 port 2 configuration 1 interface 3 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 5
umass1: using SCSI over Bulk-Only
scsibus3 at umass1: 2 targets, initiator 0
cd0 at scsibus3 targ 1 lun 0:  SCSI2
5/cdrom removable
umass2 at uhub1 port 2 configuration 1 interface 4 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 5
umass2: using SCSI over Bulk-Only
scsibus4 at umass2: 2 targets, initiator 0
sd1 at scsibus4 targ 1 lun 0:  SCSI2
0/direct removable
ucom0 detached
umsm0 detached
ucom1 detached
umsm1 detached
ucom2 detached
umsm2 detached
cd0 detached
scsibus3 detached
umass1 detached
sd1 detached
scsibus4 detached
umass2 detached
umsm0 at uhub1 port 2 configuration 1 interface 0 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 5
umsm1 at uhub1 port 2 configuration 1 interface 1 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 5
umsm0 detached
umsm1 detached
umsm0 at uhub1 port 2 configuration 1 interface 0 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 5
ucom0 at umsm0
umsm1 at uhub1 port 2 configuration 1 interface 1 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 5
ucom1 at umsm1
umsm2 at uhub1 port 2 configuration 1 interface 2 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 5
ucom2 at umsm2
umass1 at uhub1 port 2 configuration 1 interface 3 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 5
umass1: using SCSI over Bulk-Only
scsibus3 at umass1: 2 targets, initiator 0
cd0 at scsibus3 targ 1 lun 0:  SCSI2
5/cdrom removable
umass2 at uhub1 port 2 configuration 1 interface 4 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 5scsibus4 at umass2: 2 targets, initiator 0
sd1 at scsibus4 targ 1 lun 0:  SCSI2
0/direct removable
ucom0 detached
umsm0 detached
ucom1 detached
umsm1 detached
ucom2 detached
umsm2 detached
cd0 detached
scsibus3 detached
umass1 detached
sd1 detached
scsibus4 detached
umass2 detached
umsm0 at uhub1 port 2 configuration 1 interface 0 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 5
umsm1 at uhub1 port 2 configuration 1 interface 1 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 5
umsm0 detached
umsm1 detached
umsm0 at uhub1 port 2 configuration 1 interface 0 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 5
ucom0 at umsm0
umsm1 at uhub1 port 2 configuration 1 interface 1 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 5
ucom1 at umsm1
umsm2 at uhub1 port 2 configuration 1 interface 2 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 5
ucom2 at umsm2
umass1 at uhub1 port 2 configuration 1 interface 3 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 5
umass1: using SCSI over Bulk-Only
scsibus3 at umass1: 2 targets, initiator 0
cd0 at scsibus3 targ 1 lun 0:  SCSI2
5/cdrom removable
umass2 at uhub1 port 2 configuration 1 interface 4 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 5
umass2: using SCSI over Bulk-Only
scsibus4 at umass2: 2 targets, initiator 0
sd1 at scsibus4 targ 1 lun 0:  SCSI2
0/direct removable

Thanks,

Kihaguru.

On 9/11/18, Kihaguru Gathura  wrote:
> Hi,
>
> I am able to send SMS using AT commands and C outside chroot using
> code spinet below
>
> ---
> #include 
> #include 
> #include 
>
> #define MODEM_PATH "cu -l /dev/cuaU0 -s 115200"
>
> int main()
> {
>  FILE *out;
>  char s[40];
>
> printf("Content-type: text/html\n\n");
>
> snprintf(s, sizeof(s), "%s", MODEM_PATH);
> ~
> ~
> ~
> ~
> ~
> ~
> return(0);
> }
> 
>
> however, running the program from within chroot, I get the message
>
> /dev/cuaU0 - No such file or directory
>
> All files needed by cu are properly copied to chroot and cu works fine.
>
> Question:
>
> 1: How do i get /dev/cuaU0 device accessible under chroot?
>
> 2: Is there a better i.e more secure approach to access modem from
> within chroot?
>



Re: 3g/4g modem access from within chroot

2019-02-08 Thread Kihaguru Gathura
>
> Is there a /var/www/dev/cuaU2

Indeed this is present. created it before as follows:

www# mkdir /var/www/dev
www# cd /var/www/dev
www# sh /dev/MAKEDEV ttyU2
www# ls
cuaU2 ttyU2
www#

>

On 2/8/19, Edgar Pettijohn  wrote:
>
> On Feb 8, 2019 9:01 AM, Kihaguru Gathura  wrote:
>>
>> Hi,
>>
>> What effective way can be used to apply permission to /dev/cuaU2 to
>> avoid the error below.
>>
>>
>> www# chroot -u www /var/www cgi-bin/modem
>
> Is there a /var/www/dev/cuaU2
>
>> Status: 200 OK
>> Content-type: text/html
>>
>> cu: open("/dev/cuaU2"): Permission denied
>>
>> Note: chown www:daemon /dev/cuaU2 has not worked. chroot is in the
>> root folder which allows devices.
>>
>> /dev/sd0a (87d0b25f285b037a.a) on /mnt type ffs (rw,
>> asynchronous, local)
>> /dev/sd0e (87d0b25f285b037a.e) on /mnt/home type ffs (rw,
>> asynchronous, local, nodev, nosuid)
>> /dev/sd0d (87d0b25f285b037a.d) on /mnt/usr type ffs (rw,
>> asynchronous, local, nodev)
>>
>>
>>
>> # dmesg
>> OpenBSD 6.4-current (GENERIC.MP) #253: Sun Nov  4 23:26:31 MST 2018
>> dera...@arm64.openbsd.org:/usr/src/sys/arch/arm64/compile/GENERIC.MP
>> real mem  = 961421312 (916MB)
>> avail mem = 902914048 (861MB)
>> mainbus0 at root: Raspberry Pi 3 Model B Rev 1.2
>> cpu0 at mainbus0 mpidr 0: ARM Cortex-A53 r0p4
>> cpu0: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache
>> cpu0: 512KB 64b/line 16-way L2 cache
>> efi0 at mainbus0: UEFI 2.7
>> efi0: Das U-Boot rev 0x20180900
>> simplefb0 at mainbus0: 656x416, 32bpp
>> wsdisplay0 at simplefb0 mux 1
>> wsdisplay0: screen 0-5 added (std, vt100 emulation)
>> simplebus0 at mainbus0: "soc"
>> bcmintc0 at simplebus0
>> bcmdog0 at simplebus0
>> bcmrng0 at simplebus0
>> pluart0 at simplebus0
>> bcmtemp0 at simplebus0
>> bcmaux0 at simplebus0
>> com0 at simplebus0: ns16550, no working fifo
>> com0: console
>> dwctwo0 at simplebus0
>> simplebus1 at mainbus0: "clocks"
>> agtimer0 at mainbus0: tick rate 19200 KHz
>> cpu1 at mainbus0 mpidr 1: ARM Cortex-A53 r0p4
>> cpu1: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache
>> cpu1: 512KB 64b/line 16-way L2 cache
>> cpu2 at mainbus0 mpidr 2: ARM Cortex-A53 r0p4
>> cpu2: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache
>> cpu2: 512KB 64b/line 16-way L2 cache
>> cpu3 at mainbus0 mpidr 3: ARM Cortex-A53 r0p4
>> cpu3: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache
>> cpu3: 512KB 64b/line 16-way L2 cache
>> usb0 at dwctwo0: USB revision 2.0
>> uhub0 at usb0 configuration 1 interface 0 "Broadcom DWC2 root hub" rev
>> 2.00/1.00 addr 1
>> uhub1 at uhub0 port 1 configuration 1 interface 0 "Standard
>> Microsystems product 0x9514" rev 2.00/2.00 addr 2
>> smsc0 at uhub1 port 1 configuration 1 interface 0 "Standard
>> Microsystems SMSC9512/14" rev 2.00/2.00 addr 3
>> smsc0: address b8:27:eb:fd:e2:73
>> ukphy0 at smsc0 phy 1: Generic IEEE 802.3u media interface, rev. 3:
>> OUI 0x0001f0, model 0x000c
>> umass0 at uhub1 port 3 configuration 1 interface 0 "HP v222w" rev
>> 2.00/11.00 addr 4
>> umass0: using SCSI over Bulk-Only
>> scsibus0 at umass0: 2 targets, initiator 0
>> sd0 at scsibus0 targ 1 lun 0:  SCSI2 0/direct
>> removable serial.03f03f40AA000444
>> sd0: 7680MB, 512 bytes/sector, 15728640 sectors
>> vscsi0 at root
>> scsibus1 at vscsi0: 256 targets
>> softraid0 at root
>> scsibus2 at softraid0: 256 targets
>> bootfile: sd0a:/bsd
>> boot device: sd0
>> root on sd0a (87d0b25f285b037a.a) swap on sd0b dump on sd0b
>> WARNING: CHECK AND RESET THE DATE!
>> umsm0 at uhub1 port 5 configuration 1 interface 0 "HUAWEI HUAWEI
>> Mobile" rev 2.00/1.02 addr 5
>> umsm1 at uhub1 port 5 configuration 1 interface 1 "HUAWEI HUAWEI
>> Mobile" rev 2.00/1.02 addr 5
>> umsm0 detached
>> umsm1 detached
>> umsm0 at uhub1 port 5 configuration 1 interface 0 "HUAWEI HUAWEI
>> Mobile" rev 2.00/1.02 addr 5
>> ucom0 at umsm0
>> umsm1 at uhub1 port 5 configuration 1 interface 1 "HUAWEI HUAWEI
>> Mobile" rev 2.00/1.02 addr 5
>> ucom1 at umsm1
>> umsm2 at uhub1 port 5 configuration 1 interface 2 "HUAWEI HUAWEI
>> Mobile" rev 2.00/1.02 addr 5
>> ucom2 at umsm2
>> umass1 at uhub1 port 5 configuration 1 interface 3 "HUAWEI HUAWEI
>> Mobile" rev 2.00/1.02 addr 

Re: 3g/4g modem access from within chroot

2019-02-08 Thread Kihaguru Gathura
Finally this works but wish to know any security implications if any.

www# usermod -G dialer www
www# chroot -u www /var/www /cgi-bin/modem
Status: 200 OK
Content-type: text/html

Connected to /dev/cuaU2 (speed 115200)
AT+CMGF=1
OK

[EOT]
www#

Thanks

Kihaguru.

On 2/8/19, Kihaguru Gathura  wrote:
>>
>> Is there a /var/www/dev/cuaU2
>
> Indeed this is present. created it before as follows:
>
> www# mkdir /var/www/dev
> www# cd /var/www/dev
> www# sh /dev/MAKEDEV ttyU2
> www# ls
> cuaU2 ttyU2
> www#
>
>>
>
> On 2/8/19, Edgar Pettijohn  wrote:
>>
>> On Feb 8, 2019 9:01 AM, Kihaguru Gathura  wrote:
>>>
>>> Hi,
>>>
>>> What effective way can be used to apply permission to /dev/cuaU2 to
>>> avoid the error below.
>>>
>>>
>>> www# chroot -u www /var/www cgi-bin/modem
>>
>> Is there a /var/www/dev/cuaU2
>>
>>> Status: 200 OK
>>> Content-type: text/html
>>>
>>> cu: open("/dev/cuaU2"): Permission denied
>>>
>>> Note: chown www:daemon /dev/cuaU2 has not worked. chroot is in the
>>> root folder which allows devices.
>>>
>>> /dev/sd0a (87d0b25f285b037a.a) on /mnt type ffs (rw,
>>> asynchronous, local)
>>> /dev/sd0e (87d0b25f285b037a.e) on /mnt/home type ffs (rw,
>>> asynchronous, local, nodev, nosuid)
>>> /dev/sd0d (87d0b25f285b037a.d) on /mnt/usr type ffs (rw,
>>> asynchronous, local, nodev)
>>>
>>>
>>>
>>> # dmesg
>>> OpenBSD 6.4-current (GENERIC.MP) #253: Sun Nov  4 23:26:31 MST 2018
>>> dera...@arm64.openbsd.org:/usr/src/sys/arch/arm64/compile/GENERIC.MP
>>> real mem  = 961421312 (916MB)
>>> avail mem = 902914048 (861MB)
>>> mainbus0 at root: Raspberry Pi 3 Model B Rev 1.2
>>> cpu0 at mainbus0 mpidr 0: ARM Cortex-A53 r0p4
>>> cpu0: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1
>>> D-cache
>>> cpu0: 512KB 64b/line 16-way L2 cache
>>> efi0 at mainbus0: UEFI 2.7
>>> efi0: Das U-Boot rev 0x20180900
>>> simplefb0 at mainbus0: 656x416, 32bpp
>>> wsdisplay0 at simplefb0 mux 1
>>> wsdisplay0: screen 0-5 added (std, vt100 emulation)
>>> simplebus0 at mainbus0: "soc"
>>> bcmintc0 at simplebus0
>>> bcmdog0 at simplebus0
>>> bcmrng0 at simplebus0
>>> pluart0 at simplebus0
>>> bcmtemp0 at simplebus0
>>> bcmaux0 at simplebus0
>>> com0 at simplebus0: ns16550, no working fifo
>>> com0: console
>>> dwctwo0 at simplebus0
>>> simplebus1 at mainbus0: "clocks"
>>> agtimer0 at mainbus0: tick rate 19200 KHz
>>> cpu1 at mainbus0 mpidr 1: ARM Cortex-A53 r0p4
>>> cpu1: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1
>>> D-cache
>>> cpu1: 512KB 64b/line 16-way L2 cache
>>> cpu2 at mainbus0 mpidr 2: ARM Cortex-A53 r0p4
>>> cpu2: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1
>>> D-cache
>>> cpu2: 512KB 64b/line 16-way L2 cache
>>> cpu3 at mainbus0 mpidr 3: ARM Cortex-A53 r0p4
>>> cpu3: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1
>>> D-cache
>>> cpu3: 512KB 64b/line 16-way L2 cache
>>> usb0 at dwctwo0: USB revision 2.0
>>> uhub0 at usb0 configuration 1 interface 0 "Broadcom DWC2 root hub" rev
>>> 2.00/1.00 addr 1
>>> uhub1 at uhub0 port 1 configuration 1 interface 0 "Standard
>>> Microsystems product 0x9514" rev 2.00/2.00 addr 2
>>> smsc0 at uhub1 port 1 configuration 1 interface 0 "Standard
>>> Microsystems SMSC9512/14" rev 2.00/2.00 addr 3
>>> smsc0: address b8:27:eb:fd:e2:73
>>> ukphy0 at smsc0 phy 1: Generic IEEE 802.3u media interface, rev. 3:
>>> OUI 0x0001f0, model 0x000c
>>> umass0 at uhub1 port 3 configuration 1 interface 0 "HP v222w" rev
>>> 2.00/11.00 addr 4
>>> umass0: using SCSI over Bulk-Only
>>> scsibus0 at umass0: 2 targets, initiator 0
>>> sd0 at scsibus0 targ 1 lun 0:  SCSI2 0/direct
>>> removable serial.03f03f40AA000444
>>> sd0: 7680MB, 512 bytes/sector, 15728640 sectors
>>> vscsi0 at root
>>> scsibus1 at vscsi0: 256 targets
>>> softraid0 at root
>>> scsibus2 at softraid0: 256 targets
>>> bootfile: sd0a:/bsd
>>> boot device: sd0
>>> root on sd0a (87d0b25f285b037a.a) swap on sd0b dump on sd0b
>>> WARNING: CHECK AND RESET THE DATE!
>>> umsm0 at uhub1 port 5 configuration 1 interface 0 "H

Re: 3g/4g modem access from within chroot

2019-02-08 Thread Kihaguru Gathura
Have removed the group assginment and instead did chown as follows:

www# chown www:daemon /var/www/dev/cuaU2
www# chroot -u www /var/www /gathura/modem
Status: 200 OK
Content-type: text/html

Connected to /dev/cuaU2 (speed 115200)
AT+CMGF=1
OK

[EOT]
www#

Thanks Edgar

Kihaguru.

On 2/8/19, Edgar Pettijohn  wrote:
>
> On Feb 8, 2019 2:21 PM, Kihaguru Gathura  wrote:
>>
>> >
>> > Is there a /var/www/dev/cuaU2
>>
>> Indeed this is present. created it before as follows:
>>
>> www# mkdir /var/www/dev
>> www# cd /var/www/dev
>> www# sh /dev/MAKEDEV ttyU2
>> www# ls
>> cuaU2 ttyU2
>> www#
>>
>> >
>>
>> On 2/8/19, Edgar Pettijohn  wrote:
>> >
>> > On Feb 8, 2019 9:01 AM, Kihaguru Gathura  wrote:
>> >>
>> >> Hi,
>> >>
>> >> What effective way can be used to apply permission to /dev/cuaU2 to
>> >> avoid the error below.
>> >>
>> >>
>> >> www# chroot -u www /var/www cgi-bin/modem
>> >
>> > Is there a /var/www/dev/cuaU2
>> >
>> >> Status: 200 OK
>> >> Content-type: text/html
>> >>
>> >> cu: open("/dev/cuaU2"): Permission denied
>> >>
>> >> Note: chown www:daemon /dev/cuaU2 has not worked. chroot is in the
>> >> root folder which allows devices.
>
> What about chown www:daemon /var/www/dev/cuaU0

This is a better option than assigning www to group dialer.

>
>> >>
>> >> /dev/sd0a (87d0b25f285b037a.a) on /mnt type ffs (rw,
>> >> asynchronous, local)
>> >> /dev/sd0e (87d0b25f285b037a.e) on /mnt/home type ffs (rw,
>> >> asynchronous, local, nodev, nosuid)
>> >> /dev/sd0d (87d0b25f285b037a.d) on /mnt/usr type ffs (rw,
>> >> asynchronous, local, nodev)
>> >>
>
> Where is /var/www mounted?

Mounted on /dev/sd0a
>
>> >>
>> >>
>> >> # dmesg
>> >> OpenBSD 6.4-current (GENERIC.MP) #253: Sun Nov  4 23:26:31 MST 2018
>> >>
>> >> dera...@arm64.openbsd.org:/usr/src/sys/arch/arm64/compile/GENERIC.MP
>> >> real mem  = 961421312 (916MB)
>> >> avail mem = 902914048 (861MB)
>> >> mainbus0 at root: Raspberry Pi 3 Model B Rev 1.2
>> >> cpu0 at mainbus0 mpidr 0: ARM Cortex-A53 r0p4
>> >> cpu0: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1
>> >> D-cache
>> >> cpu0: 512KB 64b/line 16-way L2 cache
>> >> efi0 at mainbus0: UEFI 2.7
>> >> efi0: Das U-Boot rev 0x20180900
>> >> simplefb0 at mainbus0: 656x416, 32bpp
>> >> wsdisplay0 at simplefb0 mux 1
>> >> wsdisplay0: screen 0-5 added (std, vt100 emulation)
>> >> simplebus0 at mainbus0: "soc"
>> >> bcmintc0 at simplebus0
>> >> bcmdog0 at simplebus0
>> >> bcmrng0 at simplebus0
>> >> pluart0 at simplebus0
>> >> bcmtemp0 at simplebus0
>> >> bcmaux0 at simplebus0
>> >> com0 at simplebus0: ns16550, no working fifo
>> >> com0: console
>> >> dwctwo0 at simplebus0
>> >> simplebus1 at mainbus0: "clocks"
>> >> agtimer0 at mainbus0: tick rate 19200 KHz
>> >> cpu1 at mainbus0 mpidr 1: ARM Cortex-A53 r0p4
>> >> cpu1: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1
>> >> D-cache
>> >> cpu1: 512KB 64b/line 16-way L2 cache
>> >> cpu2 at mainbus0 mpidr 2: ARM Cortex-A53 r0p4
>> >> cpu2: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1
>> >> D-cache
>> >> cpu2: 512KB 64b/line 16-way L2 cache
>> >> cpu3 at mainbus0 mpidr 3: ARM Cortex-A53 r0p4
>> >> cpu3: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1
>> >> D-cache
>> >> cpu3: 512KB 64b/line 16-way L2 cache
>> >> usb0 at dwctwo0: USB revision 2.0
>> >> uhub0 at usb0 configuration 1 interface 0 "Broadcom DWC2 root hub" rev
>> >> 2.00/1.00 addr 1
>> >> uhub1 at uhub0 port 1 configuration 1 interface 0 "Standard
>> >> Microsystems product 0x9514" rev 2.00/2.00 addr 2
>> >> smsc0 at uhub1 port 1 configuration 1 interface 0 "Standard
>> >> Microsystems SMSC9512/14" rev 2.00/2.00 addr 3
>> >> smsc0: address b8:27:eb:fd:e2:73
>> >> ukphy0 at smsc0 phy 1: Generic IEEE 802.3u media interface, rev. 3:
>> >> OUI 0x000

Missing libraries.

2019-02-10 Thread Kihaguru Gathura
Hi,

Any ideas on how to fix the missing libraries,

www# pkg_add -v mini_sendmail-chroot
Update candidates: quirks-3.91 -> quirks-3.91
quirks-3.91 signed on 2019-02-10T22:07:56Z
Can't install mini_sendmail-chroot-1.3.9 because of libraries
|library c.95.0 not found
| /usr/lib/libc.so.92.6 (system): bad major
Couldn't install mini_sendmail-chroot-1.3.9
www#

www# dmesg
OpenBSD 6.4-current (GENERIC.MP) #253: Sun Nov  4 23:26:31 MST 2018
dera...@arm64.openbsd.org:/usr/src/sys/arch/arm64/compile/GENERIC.MP
real mem  = 961421312 (916MB)
avail mem = 902914048 (861MB)
mainbus0 at root: Raspberry Pi 3 Model B Rev 1.2
cpu0 at mainbus0 mpidr 0: ARM Cortex-A53 r0p4
cpu0: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache
cpu0: 512KB 64b/line 16-way L2 cache
efi0 at mainbus0: UEFI 2.7
efi0: Das U-Boot rev 0x20180900
simplefb0 at mainbus0: 656x416, 32bpp
wsdisplay0 at simplefb0 mux 1
wsdisplay0: screen 0-5 added (std, vt100 emulation)
simplebus0 at mainbus0: "soc"
bcmintc0 at simplebus0
bcmdog0 at simplebus0
bcmrng0 at simplebus0
pluart0 at simplebus0
bcmtemp0 at simplebus0
bcmaux0 at simplebus0
com0 at simplebus0: ns16550, no working fifo
com0: console
dwctwo0 at simplebus0
simplebus1 at mainbus0: "clocks"
agtimer0 at mainbus0: tick rate 19200 KHz
cpu1 at mainbus0 mpidr 1: ARM Cortex-A53 r0p4
cpu1: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache
cpu1: 512KB 64b/line 16-way L2 cache
cpu2 at mainbus0 mpidr 2: ARM Cortex-A53 r0p4
cpu2: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache
cpu2: 512KB 64b/line 16-way L2 cache
cpu3 at mainbus0 mpidr 3: ARM Cortex-A53 r0p4
cpu3: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache
cpu3: 512KB 64b/line 16-way L2 cache
usb0 at dwctwo0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "Broadcom DWC2 root hub" rev
2.00/1.00 addr 1
uhub1 at uhub0 port 1 configuration 1 interface 0 "Standard
Microsystems product 0x9514" rev 2.00/2.00 addr 2
smsc0 at uhub1 port 1 configuration 1 interface 0 "Standard
Microsystems SMSC9512/14" rev 2.00/2.00 addr 3
smsc0: address b8:27:eb:fd:e2:73
ukphy0 at smsc0 phy 1: Generic IEEE 802.3u media interface, rev. 3:
OUI 0x0001f0, model 0x000c
umass0 at uhub1 port 3 configuration 1 interface 0 "HP v222w" rev
2.00/11.00 addr 4
umass0: using SCSI over Bulk-Only
scsibus0 at umass0: 2 targets, initiator 0
sd0 at scsibus0 targ 1 lun 0:  SCSI2 0/direct
removable serial.03f03f40AA000444
sd0: 7680MB, 512 bytes/sector, 15728640 sectors
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
scsibus2 at softraid0: 256 targets
bootfile: sd0a:/bsd
boot device: sd0
root on sd0a (87d0b25f285b037a.a) swap on sd0b dump on sd0b
WARNING: CHECK AND RESET THE DATE!
umsm0 at uhub1 port 2 configuration 1 interface 0 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 5
umsm1 at uhub1 port 2 configuration 1 interface 1 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 5
umsm0 detached
umsm1 detached
umsm0 at uhub1 port 2 configuration 1 interface 0 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 5
ucom0 at umsm0
umsm1 at uhub1 port 2 configuration 1 interface 1 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 5
ucom1 at umsm1
umsm2 at uhub1 port 2 configuration 1 interface 2 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 5
ucom2 at umsm2
umass1 at uhub1 port 2 configuration 1 interface 3 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 5
umass1: using SCSI over Bulk-Only
scsibus3 at umass1: 2 targets, initiator 0
cd0 at scsibus3 targ 1 lun 0:  SCSI2
5/cdrom removable
umass2 at uhub1 port 2 configuration 1 interface 4 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 5
umass2: using SCSI over Bulk-Only
scsibus4 at umass2: 2 targets, initiator 0
sd1 at scsibus4 targ 1 lun 0:  SCSI2
0/direct removable
LogOut[20584]: pledge "proc", syscall 66
LogOut[90880]: pledge "proc", syscall 66
LogOut[61523]: pledge "proc", syscall 66
LogOut[86166]: pledge "proc", syscall 66
LogOut[41775]: pledge "proc", syscall 66
www#

Regards,

Kihaguru.



Web Server Internal IP Address/Internal Network Name Disclosure Vulnerability

2019-03-01 Thread Kihaguru Gathura
Hi,

Following a scan of web server with Qualys Community Edition, a
vulnerability has been declared as below.


Web Server Internal IP Address/Internal Network Name Disclosure
Vulnerability   port 80/tcp


QID:
86247
Category:
Web server
CVE ID:
CVE-2000-0649
Vendor Reference
-
Bugtraq ID:
1499
Service Modified:
10/01/2018
User Modified:
-
Edited:
No
PCI Vuln:
Yes

RESULTS:
GET / HTTP/1.0



HTTP/1.0 302 Found
Date: Fri, 01 Mar 2019 15:08:31 GMT
Server: OpenBSD httpd
Connection: close
Content-Type: text/html
Content-Length: 419
Location: https://192.168.1.101/


THREAT:
Some Web servers contain a vulnerability giving remote attackers
the ability to attain your internal IP address or internal network
name.

An attacker connected to a host on your network using HTTPS
(typically on port 443) could craft a specially formed GET request
from the Web server resulting in a 3XX Object Moved error message
containing the internal IP address or internal network name of the Web
server.

A target host using HTTP may also be vulnerable to this issue.

QID Detection Logic:
The remote check for the web server internal IP address sends a
HTTP GET request to the target web server. The QID is flagged if a
"Content-location:" header or a 3xx redirect address in an HTTP
response contains an RFC1918 IP address.

PCI DSS 3.2 requirement 1.3.7 "do not disclose private IP
addresses and routing information to unauthorized parties".
This is a PCI Fail since confidential information about your
network is leaked.

IMPACT:
Successful exploitation of this vulnerability results in the
disclosure of your internal IP address or internal network name, which
could then be used in further attacks against the target host.
SOLUTION:
There are no patches available at this time. Please contact your
vendor for updates.

Workaround:

For IIS Web Server 6.x and prior:
Check the Microsoft article on how to set the Hostname instead of
internal IP address for IIS.

For IIS 7.0
The release version of IIS7 by default includes the functionality
of masking the IP address. Refer to Removing an IIS server's IP
address from HTTP responses.

For Apache Web Server:
Modify the Apache configuration file as follows:
- Set "ServerName" to a proper FQDN.
or
- Use module mod_rewrite to modify the 3xx error message returned
by the server.

No workaround information is available for other Web servers at
this time. Refer to your vendor for an appropriate workaround.
COMPLIANCE:
Not Applicable
EXPLOITABILITY:

The Exploit-DB

Reference:
CVE-2000-0649
Description:
Microsoft IIS 2.0/3.0/4.0/5.0/5.1 - Internal IP Address
Disclosure - The Exploit-DB Ref : 20096
Link:
http://www.exploit-db.com/exploits/20096

ASSOCIATED MALWARE:
There is no malware information for this vulnerability.

RESULTS:
GET / HTTP/1.0



HTTP/1.0 302 Found
Date: Fri, 01 Mar 2019 15:08:31 GMT
Server: OpenBSD httpd
Connection: close
Content-Type: text/html
Content-Length: 419
Location: https://192.168.1.101/

Web server configuration as follows:

# $OpenBSD: httpd.conf,v 1.20 2018/06/13 15:08:24 reyk Exp $

server "xyz.com" {
listen on * port 80
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
}
location * {
block return 302 "https://$HTTP_HOST$REQUEST_URI";
}
}

server "xyz.com" {
listen on * tls port 443
hsts
tls {
certificate "/etc/ssl/xyz.com.fullchain.pem"
key "/etc/ssl/private/xyz.com.key"
}
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
}
location "/xyz.com/*" {
root "/"
fastcgi
}
}

Any indications on how to prevent the disclosure?

Regards,

Kihaguru.



HTTP SITE DOES NOT REDIRECT

2019-03-05 Thread Kihaguru Gathura
Hi,


https://www.htbridge.com SSL test reports as follows:


HTTP SITE DOES NOT REDIRECT
The HTTP version of the website does not redirect to the HTTPS
version. We advise to enable redirection.
Misconfiguration or weakness


Web server configuration as follows:


# $OpenBSD: httpd.conf,v 1.20 2018/06/13 15:08:24 reyk Exp $

server "xyz.com" {
listen on * port 80
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
}
location * {
block return 302 "https://xyz.com$REQUEST_URI";
}
}

server "xyz.com" {
listen on * tls port 443
hsts
tls {
certificate "/etc/ssl/xyz.com.fullchain.pem"
key "/etc/ssl/private/xyz.com.key"
}
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
}
location "/xyz.com/*" {
root "/"
fastcgi
}
}


is this error justifiable considering the above configuration?

Thanks,

Kihaguru.



OpenBSD httpd: PCI - DSS Compliance

2019-04-10 Thread Kihaguru Gathura
Hi,

The message below refers. Has httpd met the particular requirement
6.5.1 - 6.5.10 as shown? or is it a matter of further configuration.

"Requirement 6.5
Fingerprinted versions of web software used on the website may contain
publicly known vulnerabilities (cf. PCI DSS 6.5.1-6.5.10). Investigate
as soon as possible.
Misconfiguration or weakness"

actual report here:

https://www.htbridge.com/websec/?id=cGZfIatq

Thanks,

Kihaguru.



Re: OpenBSD httpd: PCI - DSS Compliance

2019-04-11 Thread Kihaguru Gathura
The issue is now resolved. The alert message no longer appears.

Thank you.

Kihaguru.

On 4/10/19, Kihaguru Gathura  wrote:
> Hi,
>
> The message below refers. Has httpd met the particular requirement
> 6.5.1 - 6.5.10 as shown? or is it a matter of further configuration.
>
> "Requirement 6.5
> Fingerprinted versions of web software used on the website may contain
> publicly known vulnerabilities (cf. PCI DSS 6.5.1-6.5.10). Investigate
> as soon as possible.
> Misconfiguration or weakness"
>
> actual report here:
>
> https://www.htbridge.com/websec/?id=cGZfIatq
>
> Thanks,
>
> Kihaguru.
>



CGI scripts 500 internal server error during concurrent post operation.

2019-05-22 Thread Kihaguru Gathura
Hi,

While testing, concurrent posting to a cgi script from two separate
browsers causes an 500 internal server error on one browser but
successful submission on the other.

That indicates that the more users one has, the higher the chance that
more people would be accessing the script at the same time and hence
complaints about 500 internal server error.

**
# $OpenBSD: httpd.conf,v 1.20 2018/06/13 15:08:24 reyk Exp $

server "xyz.com" {
listen on * port 80
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
}
location * {
block return 302 "https://xyz.com$REQUEST_URI";
}
}

server "xyz.com" {
listen on * tls port 443
hsts preload
hsts subdomains
tls {
certificate "/etc/ssl/xyz.com.fullchain.pem"
key "/etc/ssl/private/xyz.com.key"
}
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
}
location "/xyz/*" {
root "/"
fastcgi
}
}
***
www# dmesg
OpenBSD 6.5 (GENERIC.MP) #84: Wed Apr 17 05:53:43 MDT 2019
dera...@arm64.openbsd.org:/usr/src/sys/arch/arm64/compile/GENERIC.MP
real mem  = 961462272 (916MB)
avail mem = 903159808 (861MB)
mainbus0 at root: Raspberry Pi 3 Model B Rev 1.2
cpu0 at mainbus0 mpidr 0: ARM Cortex-A53 r0p4
cpu0: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache
cpu0: 512KB 64b/line 16-way L2 cache
efi0 at mainbus0: UEFI 2.7
efi0: Das U-Boot rev 0x20190100
apm0 at mainbus0
simplefb0 at mainbus0: 656x416, 32bpp
wsdisplay0 at simplefb0 mux 1
wsdisplay0: screen 0-5 added (std, vt100 emulation)
simplebus0 at mainbus0: "soc"
"dma" at simplebus0 not configured
bcmintc0 at simplebus0
bcmdog0 at simplebus0
"cprman" at simplebus0 not configured
bcmrng0 at simplebus0
"mailbox" at simplebus0 not configured
"gpio" at simplebus0 not configured
pluart0 at simplebus0
"mmc" at simplebus0 not configured
"dsi" at simplebus0 not configured
bcmtemp0 at simplebus0
bcmaux0 at simplebus0
com0 at simplebus0: ns16550, no working fifo
com0: console
dwctwo0 at simplebus0
"local_intc" at simplebus0 not configured
"mmc" at simplebus0 not configured
"gpiomem" at simplebus0 not configured
"firmware" at simplebus0 not configured
"power" at simplebus0 not configured
"fb" at simplebus0 not configured
"vchiq" at simplebus0 not configured
"vcsm" at simplebus0 not configured
"arm-pmu" at simplebus0 not configured
"virtgpio" at simplebus0 not configured
"expgpio" at simplebus0 not configured
simplebus1 at mainbus0: "clocks"
"clock" at simplebus1 not configured
"clock" at simplebus1 not configured
agtimer0 at mainbus0: tick rate 19200 KHz
cpu1 at mainbus0 mpidr 1: ARM Cortex-A53 r0p4
cpu1: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache
cpu1: 512KB 64b/line 16-way L2 cache
cpu2 at mainbus0 mpidr 2: ARM Cortex-A53 r0p4
cpu2: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache
cpu2: 512KB 64b/line 16-way L2 cache
cpu3 at mainbus0 mpidr 3: ARM Cortex-A53 r0p4
cpu3: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache
cpu3: 512KB 64b/line 16-way L2 cache
usb0 at dwctwo0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "Broadcom DWC2 root hub" rev
2.00/1.00 addr 1
uhub1 at uhub0 port 1 configuration 1 interface 0 "Standard
Microsystems product 0x9514" rev 2.00/2.00 addr 2
smsc0 at uhub1 port 1 configuration 1 interface 0 "Standard
Microsystems SMSC9512/14" rev 2.00/2.00 addr 3
smsc0: address b8:27:eb:fd:e2:73
ukphy0 at smsc0 phy 1: Generic IEEE 802.3u media interface, rev. 3:
OUI 0x0001f0, model 0x000c
umass0 at uhub1 port 3 configuration 1 interface 0 "HP v222w" rev
2.00/11.00 addr 4
umass0: using SCSI over Bulk-Only
scsibus0 at umass0: 2 targets, initiator 0
sd0 at scsibus0 targ 1 lun 0:  SCSI2 0/direct
removable serial.03f03f40AA000444
sd0: 7680MB, 512 bytes/sector, 15728640 sectors
vscsi0 at root
scsibus1 at vscsi0: 256 targets
softraid0 at root
scsibus2 at softraid0: 256 targets
bootfile: sdboot device: sd0
root on sd0a (fb256b8cc93eac04.a) swap on sd0b dump on sd0b
WARNING: CHECK AND RESET THE DATE!
umsm0 at uhub1 port 4 configuration 1 interface 0 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 5
umsm1 at uhub1 port 4 configuration 1 interface 1 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 5
umsm0 detached
umsm1 detached
umsm0 at uhub1 port 4 configuration 1 interface 0 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 5
ucom0 at umsm0
umsm1 at uhub1 port 4 configuration 1 interface 1 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 5
ucom1 at umsm1
umsm2 at uhub1 port 4 configuration 1 interface 2 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 5
ucom2 at umsm2
umass1 at uhub1 port 4 configuration 1 interface 3 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 5
umass1

HIPPA supported ciphers

2019-06-20 Thread Kihaguru Gathura
OpenBSD 6.5 (GENERIC.MP) #84: Wed Apr 17 05:53:43 MDT 2019

Hi,

SSL compliance tests below refers. (htbridge)


2:SUPPORTED CIPHERS
TLSv1.2
TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Non-compliant with HIPAA guidance
TLS_RSA_WITH_CAMELL TLS_RSA_WITH_CAMELLIA_128_CBC_SHA Non-compliant
with HIPAA guidance
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA Non-compliant with HIPAA guidance

Under what circumstances could these ciphers be not considered for
HIPPA compliance?

Regards,

Kihaguru.



umsm0: this device is not using CDC notify message in intr pipe. HP Compaq dc5750

2019-06-28 Thread Kihaguru Gathura
Hello,

Huawei E303 modem now detaches in OpenBSD 6.5 This works fine on
OpenBSD 6.2 same machine.

Regards

Kihaguru.

www# dmesg
OpenBSD 6.5 (GENERIC.MP) #3: Sat Apr 13 14:48:43 MDT 2019
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4142624768 (3950MB)
avail mem = 4007448576 (3821MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xed7e0 (66 entries)
bios0: vendor Hewlett-Packard version "786E3 v02.10" date 01/25/2007
bios0: Hewlett-Packard HP Compaq dc5750 Microtower
acpi0 at bios0: rev 0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC ASF! MCFG TCPA SLIC HPET
acpi0: wakeup devices COM1(S4) PCI0(S4) PEG1(S4) IGFX(S4) PCX1(S4)
PCX2(S4) HUB_(S4) USB1(S3) USB2(S3) USB3(S3) USB4(S3) USB5(S3)
EUS1(S3) PBTN(S4)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+, 2095.06 MHz, 0f-6b-01
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,RDTSCP,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,3DNOWP
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB
64b/line 16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+, 2094.75 MHz, 0f-6b-01
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,RDTSCP,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,3DNOWP
cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB
64b/line 16-way L2 cache
cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 21, 24 pins
acpimcfg0 at acpi0
acpimcfg0: addr 0xe000, bus 0-64
acpihpet0 at acpi0: 14318180 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG1)
acpiprt2 at acpi0: bus 1 (IGFX)
acpiprt3 at acpi0: bus -1 (PCX1)
acpiprt4 at acpi0: bus 63 (PCX2)
acpiprt5 at acpi0: bus 7 (HUB_)
acpicpu0 at acpi0: C1(@1 halt!), PSS
acpicpu1 at acpi0: C1(@1 halt!), PSS
acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001
acpicmos0 at acpi0
"PNP0003" at acpi0 not configured
acpibtn0 at acpi0: PBTN
"PNP0C14" at acpi0 not configured
cpu0: PowerNow! K8 2095 MHz: speeds: 2100 2000 1800 1000 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "ATI RS480 Host" rev 0x10
ppb0 at pci0 dev 1 function 0 "ATI RS480 PCIE" rev 0x00
pci1 at ppb0 bus 1
radeondrm0 at pci1 dev 5 function 0 "ATI Radeon XPRESS 200" rev 0x00
drm0 at radeondrm0
radeondrm0: apic 2 int 17
vendor "ATI", unknown product 0x5874 (class display subclass
miscellaneous, rev 0x00) at pci1 dev 5 function 1 not configured
ppb1 at pci0 dev 7 function 0 "ATI RX480 PCIE" rev 0x00: msi
pci2 at ppb1 bus 63
bge0 at pci2 dev 0 function 0 "Broadcom BCM5755" rev 0x02, BCM5755 A2
(0xa002): msi, address 00:1f:29:dc:de:9b
brgphy0 at bge0 phy 1: BCM5755 10/100/1000baseT PHY, rev. 0
ahci0 at pci0 dev 18 function 0 "ATI SB600 SATA" rev 0x00: apic 2 int
22, AHCI 1.1
ahci0: port 0: 3.0Gb/s
ahci0: port 1: 3.0Gb/s
ahci0: port 2: 1.5Gb/s
scsibus1 at ahci0: 32 targets
sd0 at scsibus1 targ 0 lun 0:  SCSI3 0/direct
fixed t10.ATA_ST380815AS_9RW7BGSY_
sd0: 76319MB, 512 bytes/sector, 156301488 sectors
sd1 at scsibus1 targ 1 lun 0:  SCSI3 0/direct
fixed t10.ATA_ST380815AS_9RW6J93H_
sd1: 76319MB, 512 bytes/sector, 156301488 sectors
cd0 at scsibus1 targ 2 lun 0:  ATAPI
5/cdrom removable
ohci0 at pci0 dev 19 function 0 "ATI SB600 USB" rev 0x00: apic 2 int
16, version 1.0, legacy support
ohci1 at pci0 dev 19 function 1 "ATI SB600 USB" rev 0x00: apic 2 int
17, version 1.0, legacy support
ohci2 at pci0 dev 19 function 2 "ATI SB600 USB" rev 0x00: apic 2 int
18, version 1.0, legacy support
ohci3 at pci0 dev 19 function 3 "ATI SB60spdmem0 at iic0 addr 0x50:
1GB DDR2 SDRAM non-parity PC2-5300CL5
spdmem1 at iic0 addr 0x51: 1GB DDR2 SDRAM non-parity PC2-5300CL5
spdmem2 at iic0 addr 0x52: 1GB DDR2 SDRAM non-parity PC2-5300CL5
spdmem3 at iic0 addr 0x53: 1GB DDR2 SDRAM non-parity PC2-5300CL5
pciide0 at pci0 dev 20 function 1 "ATI SB600 IDE" rev 0x00: DMA,
channel 0 configured to native-PCI, channel 1 configured to native-PCI
pciide0: using apic 2 int 16 for native-PCI interrupt
azalia0 at pci0 dev 20 function 2 "ATI SBx00 HD Audio" rev 0x00: apic 2 int 16
azalia0: codecs: Realtek ALC260
audio0 at azalia0
pcib0 at pci0 dev 20 function 3 "ATI SB600 ISA" rev 0x00
ppb2 at pci0 dev 20 function 4 "ATI SB600 PCI" rev 0x00
pci3 at ppb2 bus 7
pchb1 at

umsm: sparc64

2019-06-29 Thread Kihaguru Gathura
Hello,

umsm is not being detected on this machine for Huawei E303 modem. Only
interface 0 and 1 which are both umass are detected. interface 2 is
umsm but not active please see boot message.

Any guidance here is highly appreciated.

Kihaguru.

Jun 29 13:14:37 GMT 2019 PowerOn SelfTest start
POST:Testing Flash/SRAM
POST:Testing SC
POST:Testing XSCF
POST:Banner
POST:FATAL check
POST:Testing Timer1
POST:Testing Tick
POST:Testing MMU
POST:Testing CPU Type
POST:Testing DTAG
POST:Memory Probe
POST:Testing Memory
POST:Testing Softint
POST:Testing U2P
POST:Testing Slave Device
POST:Testing Master Device
POST:System Configure
POST:OBP Start
screen not found.
keyboard not found.
Keyboard not present.  Using ttya for input and output.

Fujitsu Siemens PRIMEPOWER250 2x SPARC64 V, No Keyboard
OpenBoot 3.18.1-1, 16384 MB memory installed
Ethernet address 0:b:5d:f3:a7:5c, Host ID: 80f2a75c.
XSCF Version: 4.12.1



{0} ok boot
Boot device: /pci@83,4000/FJSV,ulsa@2,1/disk@0,0  File and args:
OpenBSD IEEE 1275 Bootblock 1.4
..>> OpenBSD BOOT 1.11
Can't read disk label.
Can't open disk label package
Trying bsd...
Booting /pci@83,4000/FJSV,ulsa@2,1/disk@0,0:a/bsd
9453456@0x100+112@0x1903f90+202800@0x1c0+3991504@0x1c31830
symbols @ 0xfe9e2400 165+610944+416267 start=0x100
[ using 1028408 bytes of bsd ELF symbol table ]
console is /pci@83,4000/isa@7/su@0,3f8
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2018 OpenBSD. All rights reserved.  https://www.OpenBSD.org

OpenBSD 6.4 (GENERIC.MP) #6: Fri Oct 12 09:57:36 MDT 2018
dera...@sparc64.openbsd.org:/usr/src/sys/arch/sparc64/compile/GENERIC.MP
real mem = 17179869184 (16384MB)
avail mem = 16862707712 (16081MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root: Fujitsu Siemens PRIMEPOWER250 2x SPARC64 V
cpu0 at mainbus0: FJSV,SPARC64-V (rev 5.1) @ 1979 MHz
cpu0: physical 128K instruction (64 b/l), 128K data (64 b/l), 3072K
external (64 b/l)
cpu1 at mainbus0: FJSV,SPARC64-V (rev 5.1) @ 1979 MHz
cpu1: physical 128K instruction (64 b/l), 128K data (64 b/l), 3072K
external (64 b/l)
psycho0 at mainbus0 addr 0xfffb2000: SUNW,psycho, impl 0, version 4, ign c0
psycho0: bus range 0-0, PCI bus 0
psycho0: dvma map fe00-, STC0 enabled
pci0 at psycho0
ebus0 at pci0 dev 1 function 0 "Sun PCIO EBus2" rev 0x01
"FJSV,scfc" at ebus0 addr 21-210085, 22-220031, 26-260001,
27-28 ivec 0x23 not configured
"FJSV,flashprom" at ebus0 addr 0-3f not configured
clock1 at ebus0 addr 25-251fff: mk48t59
"FJSV,panel" at ebus0 addr 210011-210011 ivec 0x25 not configured
ebus1 at pci0 dev 7 function 0 "Acer Labs M1533 ISA" rev 0x00
com0 at ebus1 addr 3f8-3ff ivec 0x2b: ns16550a, 16 byte fifo
com0: console
com1 at ebus1 addr 2e8-2ef ivec 0x2b: ns16550a, 16 byte fifo
hme0 at pci0 dev 1 function 1 "Sun HME" rev 0x01: ivec 0xe1, address
00:0b:5d:f3:a7:5c
nsphyter0 at hme0 phy 1: DP83843 10/100 PHY, rev. 0
mpi0 at pci0 dev 2 function 1 "Symbios Logic 53c1030" rev 0x07: ivec 0xe0
mpi0: 0, firmware 1.0.12.0
scsibus1 at mpi0: 16 targets, initiator 7
sym0 at scsibus1 targ 0 lun 0:  SCSI2
0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00RAR_AAN0P5200RAR
sd0 at scsibus0 targ 0 lun 0:  SCSI2
0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00RAR_AAN0P5200RAR
sd0: 70007MB, 512 bytes/sector, 143374738 sectors
sym1 at scsibus1 targ 1 lun 0:  SCSI2
0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00SSL_AAN0P5200SSL
sd1 at scsibus0 targ 1 lun 0:  SCSI2
0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00SSL_AAN0P5200SSL
sd1: 70007MB, 512 bytes/sector, 143374738 sectors
mpi0: target 0 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1
mpi0: target 1 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1
pciide0 at pci0 dev 13 function 0 "Acer Labs M5229 UDMA IDE" rev 0xc4:
DMA, channel 0 configured to native-PCI, channel 1 configured to
native-PCI
pciide0: using ivec 0xe4 for native-PCI interrupt
atapiscsi0 at pciide0 channel 0 drive 0
scsibus2 at atapiscsi0: 2 targets
cd0 at scsibus2 targ 0 lun 0:  ATAPI
5/cdrom removable
cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 disabled (no drives)
ohci0 at pci0 dev 10 function 0 "Acer Labs M5237 USB" rev 0x03: ivec
0xe9, version 1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0 configuration 1 interface 0 "Acer Labs OHCI root hub"
rev 1.00/1.00 addr 1
psycho1 at mainbus0 addr 0xfff9e000: SUNW,psycho, impl 0, version 4, ign c0
psycho1: bus range 128-128, PCI bus 128
psycho1: dvma map fe00-, STC0 enabled, STC1 enabled
pci1 at psycho1
bge0 at pci1 dev 1 function 0 "Fujitsu PRIMEPOWER250/450 LAN" rev
0x02, BCM5702/5703 A2 (0x1002): ivec 0xc0, address 00:0b:5d:f4:27:5c
brgphy0 at bge0 phy 1: BCM5703 10/100/1000baseT PHY, rev. 2
"counter-timer" at mainbus0 addr 0xfff8bc00 not configured
umass0 at uhub0 port 2 configuration 1 interface 0 "HUAWEI HUAWEI
Mobile" rev 2.0

Re: umsm: sparc64

2019-07-03 Thread Kihaguru Gathura
> Try adding umsm to /sys/arch/sparc64/conf/GENERIC and build a new kernel.
> If it works ok, report back, maybe we can add it to the standard kernel.

Have added umsm to GENERIC and built a new kernel => modem works as
desired at cuaU0 -s 115200.

Next will build a multiprocessor kernel using GENERIC.MP and continue
testing and using the modem.

However error messages noted at dmesg (umsm0: this device is not using
CDC notify message in intr pipe.)

Thank you,

Kihaguru.

+
console is /pci@83,4000/isa@7/su@0,3f8
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2019 OpenBSD. All rights reserved.  https://www.OpenBSD.org

OpenBSD 6.5 (WWW) #0: Wed Jul  3 13:36:10 EAT 2019
r...@www.datastore.ke:/usr/src/sys/arch/sparc64/compile/WWW
real mem = 17179869184 (16384MB)
avail mem = 16862699520 (16081MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root: Fujitsu Siemens PRIMEPOWER250 2x SPARC64 V
cpu0 at mainbus0: FJSV,SPARC64-V (rev 5.1) @ 1979 MHz
cpu0: physical 128K instruction (64 b/l), 128K data (64 b/l), 3072K
external (64 b/l)
"FJSV,SPARC64-V" at mainbus0 not configured
psycho0 at mainbus0 addr 0xfffb2000: SUNW,psycho, impl 0, version 4, ign c0
psycho0: bus range 0-0, PCI bus 0
psycho0: dvma map fe00-, STC0 enabled
pci0 at psycho0
ebus0 at pci0 dev 1 function 0 "Sun PCIO EBus2" rev 0x01
"FJSV,scfc" at ebus0 addr 21-210085, 22-220031, 26-260001,
27-28 ivec 0x23 not configured
"FJSV,flashprom" at ebus0 addr 0-3f not configured
clock1 at ebus0 addr 25-251fff: mk48t59
"FJSV,panel" at ebus0 addr 210011-210011 ivec 0x25 not configured
ebus1 at pci0 dev 7 function 0 "Acer Labs M1533 ISA" rev 0x00
com0 at ebus1 addr 3f8-3ff ivec 0x2b: ns16550a, 16 byte fifo
com0: console
com1 at ebus1 addr 2e8-2ef ivec 0x2b: ns16550a, 16 byte fifo
hme0 at pci0 dev 1 function 1 "Sun HME" rev 0x01: ivec 0xe1, address
00:0b:5d:f3:a7:5c
nsphyter0 at hme0 phy 1: DP83843 10/100 PHY, rev. 0
mpi0 at pci0 dev 2 function 1 "Symbios Logic 53c1030" rev 0x07: ivec 0xe0
mpi0: 0, firmware 1.0.12.0
scsibus1 at mpi0: 16 targets, initiator 7
sym0 at scsibus1 targ 0 lun 0:  SCSI2
0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00RAR_AAN0P5200RAR
sd0 at scsibus0 targ 0 lun 0:  SCSI2
0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00RAR_AAN0P5200RAR
sd0: 70007MB, 512 bytes/sector, 143374738 sectors
sym1 at scsibus1 targ 1 lun 0:  SCSI2
0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00SSL_AAN0P5200SSL
sd1 at scsibus0 targ 1 lun 0:  SCSI2
0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00SSL_AAN0P5200SSL
sd1: 70007MB, 512 bytes/sector, 143374738 sectors
mpi0: target 0 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1
mpi0: target 1 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1
pciide0 at pci0 dev 13 function 0 "Acer Labs M5229 UDMA IDE" rev 0xc4:
DMA, channel 0 configured to native-PCI, channel 1 configured to
native-PCI
pciide0: using ivec 0xe4 for native-PCI interrupt
atapiscsi0 at pciide0 channel 0 drive 0
scsibus2 at atapiscsi0: 2 targets
cd0 at scsibus2 targ 0 lun 0:  ATAPI
5/cdrom removable
cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 disabled (no drives)
ohci0 at pci0 dev 10 function 0 "Acer Labs M5237 USB" rev 0x03: ivec
0xe9, version 1.0, legacy support
usb0 at ohci0: USB revision 1.0
uhub0 at usb0 configuration 1 interface 0 "Acer Labs OHCI root hub"
rev 1.00/1.00 addr 1
psycbrgphy0 at bge0 phy 1: BCM5703 10/100/1000baseT PHY, rev. 2
timer0 at mainbus0 addr 0xfff8bc00 ivec 0xec, 0xed
umsm0 at uhub0 port 1 configuration 1 interface 0 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 2
ucom0 at umsm0
umsm1 at uhub0 port 1 configuration 1 interface 1 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 2
ucom1 at umsm1
umsm2 at uhub0 port 1 configuration 1 interface 2 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 2
ucom2 at umsm2
umass0 at uhub0 port 1 configuration 1 interface 3 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 2
umass0: using SCSI over Bulk-Only
scsibus3 at umass0: 2 targets, initiator 0
cd1 at scsibus3 targ 1 lun 0:  SCSI2
5/cdrom removable
umass1 at uhub0 port 1 configuration 1 interface 4 "HUAWEI HUAWEI
Mobile" rev 2.00/1.02 addr 2
umass1: using SCSI over Bulk-Only
scsibus4 at umass1: 2 targets, initiator 0
sd2 at scsibus4 targ 1 lun 0:  SCSI2
0/direct removable
vscsi0 at root
scsibus5 at vscsi0: 256 targets
softraid0 at root
scsibus6 at softraid0: 256 targets
bootpath: /pci@83,4000/FJSV,ulsa@2,1/disk@0,0
root on sd0a (e489192361503865.a) swap on sd0b dump on sd0b
umsm0: this device is not using CDC notify message in intr pipe.
Please send your dmesg to , thanks.
umsm0: intr buffer 0xc1 0x1 0x3 0x0 0x0 0x0 0x0
umsm0: this device is not using CDC notify message in intr pipe.
Please send your dmesg to , thanks.
umsm0: intr buffer 0xc1 0x1 0x3 0x0 0x0 0x0 0x0
umsm0: this device is not using CDC notify message i

Re: umsm: sparc64

2019-07-04 Thread Kihaguru Gathura
V,ulsa@2,1/disk@0,0
root on sd0a (e489192361503865.a) swap on sd0b dump on sd0b
umsm0: this device is not using CDC notify message in intr pipe.
Please send your dmesg to , thanks.
umsm0: intr buffer 0xc1 0x1 0x3 0x0 0x0 0x0 0x0
www#




On 7/3/19, Kihaguru Gathura  wrote:
>> Try adding umsm to /sys/arch/sparc64/conf/GENERIC and build a new kernel.
>> If it works ok, report back, maybe we can add it to the standard kernel.
>
> Have added umsm to GENERIC and built a new kernel => modem works as
> desired at cuaU0 -s 115200.
>
> Next will build a multiprocessor kernel using GENERIC.MP and continue
> testing and using the modem.
>
> However error messages noted at dmesg (umsm0: this device is not using
> CDC notify message in intr pipe.)
>
> Thank you,
>
> Kihaguru.
>
> +
> console is /pci@83,4000/isa@7/su@0,3f8
> Copyright (c) 1982, 1986, 1989, 1991, 1993
> The Regents of the University of California.  All rights reserved.
> Copyright (c) 1995-2019 OpenBSD. All rights reserved.
> https://www.OpenBSD.org
>
> OpenBSD 6.5 (WWW) #0: Wed Jul  3 13:36:10 EAT 2019
> r...@www.datastore.ke:/usr/src/sys/arch/sparc64/compile/WWW
> real mem = 17179869184 (16384MB)
> avail mem = 16862699520 (16081MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root: Fujitsu Siemens PRIMEPOWER250 2x SPARC64 V
> cpu0 at mainbus0: FJSV,SPARC64-V (rev 5.1) @ 1979 MHz
> cpu0: physical 128K instruction (64 b/l), 128K data (64 b/l), 3072K
> external (64 b/l)
> "FJSV,SPARC64-V" at mainbus0 not configured
> psycho0 at mainbus0 addr 0xfffb2000: SUNW,psycho, impl 0, version 4, ign c0
> psycho0: bus range 0-0, PCI bus 0
> psycho0: dvma map fe00-, STC0 enabled
> pci0 at psycho0
> ebus0 at pci0 dev 1 function 0 "Sun PCIO EBus2" rev 0x01
> "FJSV,scfc" at ebus0 addr 21-210085, 22-220031, 26-260001,
> 27-28 ivec 0x23 not configured
> "FJSV,flashprom" at ebus0 addr 0-3f not configured
> clock1 at ebus0 addr 25-251fff: mk48t59
> "FJSV,panel" at ebus0 addr 210011-210011 ivec 0x25 not configured
> ebus1 at pci0 dev 7 function 0 "Acer Labs M1533 ISA" rev 0x00
> com0 at ebus1 addr 3f8-3ff ivec 0x2b: ns16550a, 16 byte fifo
> com0: console
> com1 at ebus1 addr 2e8-2ef ivec 0x2b: ns16550a, 16 byte fifo
> hme0 at pci0 dev 1 function 1 "Sun HME" rev 0x01: ivec 0xe1, address
> 00:0b:5d:f3:a7:5c
> nsphyter0 at hme0 phy 1: DP83843 10/100 PHY, rev. 0
> mpi0 at pci0 dev 2 function 1 "Symbios Logic 53c1030" rev 0x07: ivec 0xe0
> mpi0: 0, firmware 1.0.12.0
> scsibus1 at mpi0: 16 targets, initiator 7
> sym0 at scsibus1 targ 0 lun 0:  SCSI2
> 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00RAR_AAN0P5200RAR
> sd0 at scsibus0 targ 0 lun 0:  SCSI2
> 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00RAR_AAN0P5200RAR
> sd0: 70007MB, 512 bytes/sector, 143374738 sectors
> sym1 at scsibus1 targ 1 lun 0:  SCSI2
> 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00SSL_AAN0P5200SSL
> sd1 at scsibus0 targ 1 lun 0:  SCSI2
> 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00SSL_AAN0P5200SSL
> sd1: 70007MB, 512 bytes/sector, 143374738 sectors
> mpi0: target 0 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1
> mpi0: target 1 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1
> pciide0 at pci0 dev 13 function 0 "Acer Labs M5229 UDMA IDE" rev 0xc4:
> DMA, channel 0 configured to native-PCI, channel 1 configured to
> native-PCI
> pciide0: using ivec 0xe4 for native-PCI interrupt
> atapiscsi0 at pciide0 channel 0 drive 0
> scsibus2 at atapiscsi0: 2 targets
> cd0 at scsibus2 targ 0 lun 0:  ATAPI
> 5/cdrom removable
> cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
> pciide0: channel 1 disabled (no drives)
> ohci0 at pci0 dev 10 function 0 "Acer Labs M5237 USB" rev 0x03: ivec
> 0xe9, version 1.0, legacy support
> usb0 at ohci0: USB revision 1.0
> uhub0 at usb0 configuration 1 interface 0 "Acer Labs OHCI root hub"
> rev 1.00/1.00 addr 1
> psycbrgphy0 at bge0 phy 1: BCM5703 10/100/1000baseT PHY, rev. 2
> timer0 at mainbus0 addr 0xfff8bc00 ivec 0xec, 0xed
> umsm0 at uhub0 port 1 configuration 1 interface 0 "HUAWEI HUAWEI
> Mobile" rev 2.00/1.02 addr 2
> ucom0 at umsm0
> umsm1 at uhub0 port 1 configuration 1 interface 1 "HUAWEI HUAWEI
> Mobile" rev 2.00/1.02 addr 2
> ucom1 at umsm1
> umsm2 at uhub0 port 1 configuration 1 interface 2 "HUAWEI HUAWEI
> Mobile" rev 2.00/1.02 addr 2
> ucom2 at umsm2
> umass0 at uhub0 port 1 configuration 1 interface 3 "HUAWEI HUAWEI
> Mobile" rev 2.00/1.02 addr 2
> umass0: using SCSI 

Re: umsm: sparc64

2019-07-04 Thread Kihaguru Gathura
On 7/4/19, Claudio Jeker  wrote:
> On Thu, Jul 04, 2019 at 12:52:15PM +0300, Kihaguru Gathura wrote:
>> Hereby attached the new multiprocessor kernel with umsm working ok.
>>
>> The error message appears for each connection made to cuaU. This might
>> potentially populate dmesg logs over time.
>>
>> Error message:
>> umsm0: this device is not using CDC notify message in intr pipe.
>> Please send your dmesg to , thanks.
>> umsm0: intr buffer 0xc1 0x1 0x3 0x0 0x0 0x0 0x0:
>
> Can you try this USB device on a different OpenBSD machine (e.g. an amd64
> one). I wonder if this is the device just sending a bad message along the
> way. The first byte should be 0xa1 (UCDC_NOTIFICATION) and not 0xc1.

The device works well without errors on OpenBSD 6.4 amd64 (IBM
Thinkpad T60) and OpenBSD 6.5 arm64 ( Raspberry Pi 3 Model B V1.2)

The device detaches and has error (umsm2: this device is not using CDC
notify message in intr pipe.) on OpenBSD 6.5 amd64 (HP dc5750 MT) of
which i already sent email to b...@openbsd.org.

Thanks.


>> Kihaguru.
>>
>> www# dmesg
>> console is /pci@83,4000/isa@7/su@0,3f8
>> Copyright (c) 1982, 1986, 1989, 1991, 1993
>> The Regents of the University of California.  All rights
>> reserved.
>> Copyright (c) 1995-2019 OpenBSD. All rights reserved.
>> https://www.OpenBSD.org
>>
>> OpenBSD 6.5 (WWW.MP) #0: Thu Jul  4 08:43:43 EAT 2019
>> kihag...@www.datastore.ke:/usr/src/sys/arch/sparc64/compile/WWW.MP
>> real mem = 17179869184 (16384MB)
>> avail mem = 16862576640 (16081MB)
>> mpath0 at root
>> scsibus0 at mpath0: 256 targets
>> mainbus0 at root: Fujitsu Siemens PRIMEPOWER250 2x SPARC64 V
>> cpu0 at mainbus0: FJSV,SPARC64-V (rev 5.1) @ 1979 MHz
>> cpu0: physical 128K instruction (64 b/l), 128K data (64 b/l), 3072K
>> external (64 b/l)
>> cpu1 at mainbus0: FJSV,SPARC64-V (rev 5.1) @ 1979 MHz
>> cpu1: physical 128K instruction (64 b/l), 128K data (64 b/l), 3072K
>> external (64 b/l)
>> psycho0 at mainbus0 addr 0xfffb2000: SUNW,psycho, impl 0, version 4, ign
>> c0
>> psycho0: bus range 0-0, PCI bus 0
>> psycho0: dvma map fe00-, STC0 enabled
>> pci0 at psycho0
>> ebus0 at pci0 dev 1 function 0 "Sun PCIO EBus2" rev 0x01
>> "FJSV,scfc" at ebus0 addr 21-210085, 22-220031, 26-260001,
>> 27-28 ivec 0x23 not configured
>> "FJSV,flashprom" at ebus0 addr 0-3f not configured
>> clock1 at ebus0 addr 25-251fff: mk48t59
>> "FJSV,panel" at ebus0 addr 210011-210011 ivec 0x25 not configured
>> ebus1 at pci0 dev 7 function 0 "Acer Labs M1533 ISA" rev 0x00
>> com0 at ebus1 addr 3f8-3ff ivec 0x2b: ns16550a, 16 byte fifo
>> com0: console
>> com1 at ebus1 addr 2e8-2ef ivec 0x2b: ns16550a, 16 byte fifo
>> hme0 at pci0 dev 1 function 1 "Sun HME" rev 0x01: ivec 0xe1, address
>> 00:0b:5d:f3:a7:5c
>> nsphyter0 at hme0 phy 1: DP83843 10/100 PHY, rev. 0
>> mpi0 at pci0 dev 2 function 1 "Symbios Logic 53c1030" rev 0x07: ivec 0xe0
>> mpi0: 0, firmware 1.0.12.0
>> scsibus1 at mpi0: 16 targets, initiator 7
>> sym0 at scsibus1 targ 0 lun 0:  SCSI2
>> 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00RAR_AAN0P5200RAR
>> sd0 at scsibus0 targ 0 lun 0:  SCSI2
>> 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00RAR_AAN0P5200RAR
>> sd0: 70007MB, 512 bytes/sector, 143374738 sectors
>> sym1 at scsibus1 targ 1 lun 0:  SCSI2
>> 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00SSL_AAN0P5200SSL
>> sd1 at scsibus0 targ 1 lun 0:  SCSI2
>> 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00SSL_AAN0P5200SSL
>> sd1: 70007MB, 512 bytes/sector, 143374738 sectors
>> mpi0: target 0 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1
>> mpi0: target 1 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1
>> pciide0 at pci0 dev 13 function 0 "Acer Labs M5229 UDMA IDE" rev 0xc4:
>> DMA, channel 0 configured to native-PCI, channel 1 configured to
>> native-PCI
>> pciide0: using ivec 0xe4 for native-PCI interrupt
>> atapiscsi0 at pciide0 channel 0 drive 0
>> scsibus2 at atapiscsi0: 2 targets
>> cd0 at scsibus2 targ 0 lun 0:  ATAPI
>> 5/cdrom removable
>> cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
>> pciide0: channel 1 disabled (no drives)
>> ohci0 at pci0 dev 10 function 0 "Acer Labs M5237 USB" rev 0x03: ivec
>> 0xe9, version 1.0, legacy support
>> usb0 at ohci0: USB revision 1.0
>> uhub0 at usb0 configuration 1 interface 0 "Acer Labs OHCI root hub"
>> rev 1.00/1.00 addr 1
>> ps

Re: umsm0: this device is not using CDC notify message in intr pipe. HP Compaq dc5750

2019-07-04 Thread Kihaguru Gathura
On 6/29/19, Chris Cappuccio  wrote:
> Kihaguru Gathura [pqscr...@gmail.com] wrote:
>> Hello,
>>
>> Huawei E303 modem now detaches in OpenBSD 6.5 This works fine on
>> OpenBSD 6.2 same machine.
>>
>
> There's a remote chance that this is fixed in 6.5-current. Some USB work
> has been going on. But if that doesn't work, you'll have to try more
> kernels
> to figure out when this stopped working. Try 6.5-current first, then 6.4,
> and then 6.3 to see which are broken.
>

This was working up and until OpenBSD 6.4 amd64.



Displaying System Uptime via CGI script: not displayed when script is run under chroot.

2016-09-25 Thread Kihaguru Gathura
Hi All,

I have a small problem here. I am unable to display uptime online.


THE PROBLEM:

A: Section 6 below: Why is the system uptime string not displayed when the
cgi script is run under chroot?

B: Section 4 below: Why does running uptime program under chroot yield time
that is not accurate? 6:54PM while the actual time was 9:54PM produced by
running uptime as root immediately after.



1: OpenBSD 5.9 (GENERIC.MP) #1888: Fri Feb 26 01:20:19 MST 2016




2: DIRECTORY PERMISSIONS THE DEFAULT

*
# cd /var/www
# ls -l
total 40
drwxr-xr-x  2 root  daemon  512 Feb 26  2016 bin
drwx-T  2 www   daemon  512 Feb 26  2016 cache
drwxr-xr-x  3 root  daemon  512 Sep 25 21:08 cgi-bin
drwxr-xr-x  2 root  daemon  512 Aug 16 13:45 conf
drwxr-xr-x  4 root  daemon  512 Aug 31 10:48 htdocs
-rw---  1 www   daemon   69 Aug 27 08:15 htpasswd
drwxr-xr-x  2 root  daemon  512 Sep 25 00:00 logs
drwxr-xr-x  2 root  daemon  512 Sep 24 09:44 run
drwxr-xr-x  5 root  daemon  512 Sep 21 16:38 usr
drwxr-xr-x  3 root  daemon  512 Sep 24 00:28 var
#
**



3: A CGI PROGRAM NAMED MYUPTIMER THAT SHOULD DISPLAY SYSTEM UPTIME.

**
# vi /var/www/cgi-bin/myuptimer.c
#include 

int main(void)
{
printf("Content-Type: text/plain;charset=us-ascii\n\n");
fflush(stdout);
system("/usr/bin/uptime");
fflush(stdout);

  return 0;
}

**



4: INSTALLING AND TESTING UPTIME PROGRAM UNDER CHROOT


# cp /usr/bin/uptime  /var/www/usr/bin
# cp /usr/lib/libkvm.so.16.1  /var/www/usr/lib
# cp /usr/lib/libc.so.84.2  /var/www/usr/lib
# cp /usr/libexec/ld.so  /var/www/usr/libexec
# cp /var/run/utmp  /var/www/var/run
#
# chroot -u www /var/www uptime
 6:54PM   up  1  day,  12:09, 2 users, load averages: 0.11, 0.13, 0.18
#
# uptime
 9:54PM   up  1  day,  12:09, 1 user, load average: 0.11, 0.12, 0.13
*



5: RUNNING MYUPTIMER CGI PROGRAM  AS ROOT YIELDS GOOD RESULT

**
# /var/www/cgi-bin/myuptimer.cgi
Content-Type: text/plain;charset=us-ascii

 9:54PM   up  1  day, 12:10, 1 user, load averages: 0.10, 0.12, 0.17
***



6: HOWEVER RUNNING MYUPTIMER CGI PROGRAM UNDER CHROOT NOT SO:
DISPLAYS OTHER TEXT BUT THE UPTIME STRING IS NOT OUTPUT.

**
# chroot -u www /var/www /cgi-bin/myuptimer.cgi
Content-Type: text/plain;charset=us-ascii


***





Regards,

Kihaguru.
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
~
/var/www/cgi-bin/uptimer.c: unmodified: line 1



Re: Displaying System Uptime via CGI script: not displayed when script is run under chroot.

2016-09-25 Thread Kihaguru Gathura
Thank you for ongoing suggestions, The web server in use is OpenBSD httpd
and on a private network environment in perspective of security concerns.

Kind regards,

Kihaguru.

On Sun, Sep 25, 2016 at 11:57 PM, Alceu Rodrigues de Freitas Junior <
glasswal...@yahoo.com.br> wrote:

> Em 25-09-2016 17:49, Alceu Rodrigues de Freitas Junior escreveu:
>
>>
>> Last, but not least... not sure why C is your language of choice for CGI.
>>
>>
> And looks like you're reinventing the wheel:
> https://httpd.apache.org/docs/2.4/mod/mod_status.html



Re: Displaying System Uptime via CGI script: not displayed when script is run under chroot.

2016-09-27 Thread Kihaguru Gathura
And finally,

Conclusion.

(A: Section 6 below: Why is the system uptime string not displayed when the
cgi script is run under chroot?)

/bin/sh is needed at chroot for command interpretation.


(B: Section 4 below: Why does running uptime program under chroot yield
time
that is not accurate? 6:54PM while the actual time was 9:54PM produced by
running uptime as root immediately after.)

/etc/localtime is needed at chroot for correct local time. (by Alexander)

//
# chroot -u www /var/www /cgi-bin/myuptimer.cgi
Content-Type: text/plain;charset=us-ascii

 1:31PM   up   3:24, 1 user, load averages: 0.06, 0.08, 0.08
//

However, the cron script workaround (by Raul) should be adopted for
security reasons as suggested unanimously.

Thanks to all.

Kihaguru


On Mon, Sep 26, 2016 at 7:19 PM, Stuart Henderson 
wrote:

> On 2016-09-25, Kihaguru Gathura  wrote:
> > Thank you for ongoing suggestions, The web server in use is OpenBSD httpd
> > and on a private network environment in perspective of security concerns.
>
> Raul's suggestion, "A simple workaround might be to create a cron script
> which writes uptime to a file once a minute", seems far saner from a
> security point of view than letting anyone who can hit port 80 execute
> a program.



support new

2016-03-04 Thread Kihaguru Gathura
0
C Kenya
P Nairobi
T Nairobi
Z P.O Box 51348-00200
O Consultant
I Kihaguru Njenga
A
M kihaguru.nje...@gmail.com
U
B +254 706970697
X
N OpenBSD installations and maintenance. Web applications development
with OpenBSD-httpd web server and cgi in c.



Fwd: support new

2016-03-31 Thread Kihaguru Gathura
-- Forwarded message --
From: Kihaguru Gathura 
Date: Fri, Mar 4, 2016 at 9:07 PM
Subject: support new
To: misc@openbsd.org


0
C Kenya
P Nairobi
T Nairobi
Z P.O Box 51348-00200
O Consultant
I Kihaguru Njenga
A
M kihaguru.nje...@gmail.com
U
B +254 706970697
X
N OpenBSD installations and maintenance. Web applications development
with OpenBSD-httpd web server and cgi in c.



Re: support new

2016-03-31 Thread Kihaguru Gathura
Please add me to the support list or advice accordingly. I had made the
same request on March 4th and this is a resend.

Thank you for the early release of 5.9 !

Forever grateful for the treasure that OpenBSD is.

regards,

Kihaguru



Re: umsm: sparc64

2021-09-17 Thread Kihaguru Gathura
Hi,

sparc64 dmesg buffer is populated by the message below and grows on a daily
basis; I am writing for general guidance on how to solve this problem.

umsm0: this device is not using CDC notify message in intr pipe.
Please send your dmesg to , thanks.

Please see the dmesg below.

Thank you,

Kihaguru

On Wed, Jul 3, 2019 at 6:44 PM Kihaguru Gathura  wrote:

> > Try adding umsm to /sys/arch/sparc64/conf/GENERIC and build a new kernel.
> > If it works ok, report back, maybe we can add it to the standard kernel.
>
> Have added umsm to GENERIC and built a new kernel => modem works as
> desired at cuaU0 -s 115200.
>
> Next will build a multiprocessor kernel using GENERIC.MP and continue
> testing and using the modem.
>
> However error messages noted at dmesg (umsm0: this device is not using
> CDC notify message in intr pipe.)
>
> Thank you,
>
> Kihaguru.
>
> +
> console is /pci@83,4000/isa@7/su@0,3f8
> Copyright (c) 1982, 1986, 1989, 1991, 1993
> The Regents of the University of California.  All rights reserved.
> Copyright (c) 1995-2019 OpenBSD. All rights reserved.
> https://www.OpenBSD.org
>
> OpenBSD 6.5 (WWW) #0: Wed Jul  3 13:36:10 EAT 2019
> r...@www.datastore.ke:/usr/src/sys/arch/sparc64/compile/WWW
> real mem = 17179869184 (16384MB)
> avail mem = 16862699520 (16081MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root: Fujitsu Siemens PRIMEPOWER250 2x SPARC64 V
> cpu0 at mainbus0: FJSV,SPARC64-V (rev 5.1) @ 1979 MHz
> cpu0: physical 128K instruction (64 b/l), 128K data (64 b/l), 3072K
> external (64 b/l)
> "FJSV,SPARC64-V" at mainbus0 not configured
> psycho0 at mainbus0 addr 0xfffb2000: SUNW,psycho, impl 0, version 4, ign c0
> psycho0: bus range 0-0, PCI bus 0
> psycho0: dvma map fe00-, STC0 enabled
> pci0 at psycho0
> ebus0 at pci0 dev 1 function 0 "Sun PCIO EBus2" rev 0x01
> "FJSV,scfc" at ebus0 addr 21-210085, 22-220031, 26-260001,
> 27-28 ivec 0x23 not configured
> "FJSV,flashprom" at ebus0 addr 0-3f not configured
> clock1 at ebus0 addr 25-251fff: mk48t59
> "FJSV,panel" at ebus0 addr 210011-210011 ivec 0x25 not configured
> ebus1 at pci0 dev 7 function 0 "Acer Labs M1533 ISA" rev 0x00
> com0 at ebus1 addr 3f8-3ff ivec 0x2b: ns16550a, 16 byte fifo
> com0: console
> com1 at ebus1 addr 2e8-2ef ivec 0x2b: ns16550a, 16 byte fifo
> hme0 at pci0 dev 1 function 1 "Sun HME" rev 0x01: ivec 0xe1, address
> 00:0b:5d:f3:a7:5c
> nsphyter0 at hme0 phy 1: DP83843 10/100 PHY, rev. 0
> mpi0 at pci0 dev 2 function 1 "Symbios Logic 53c1030" rev 0x07: ivec 0xe0
> mpi0: 0, firmware 1.0.12.0
> scsibus1 at mpi0: 16 targets, initiator 7
> sym0 at scsibus1 targ 0 lun 0:  SCSI2
> 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00RAR_AAN0P5200RAR
> sd0 at scsibus0 targ 0 lun 0:  SCSI2
> 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00RAR_AAN0P5200RAR
> sd0: 70007MB, 512 bytes/sector, 143374738 sectors
> sym1 at scsibus1 targ 1 lun 0:  SCSI2
> 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00SSL_AAN0P5200SSL
> sd1 at scsibus0 targ 1 lun 0:  SCSI2
> 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00SSL_AAN0P5200SSL
> sd1: 70007MB, 512 bytes/sector, 143374738 sectors
> mpi0: target 0 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1
> mpi0: target 1 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1
> pciide0 at pci0 dev 13 function 0 "Acer Labs M5229 UDMA IDE" rev 0xc4:
> DMA, channel 0 configured to native-PCI, channel 1 configured to
> native-PCI
> pciide0: using ivec 0xe4 for native-PCI interrupt
> atapiscsi0 at pciide0 channel 0 drive 0
> scsibus2 at atapiscsi0: 2 targets
> cd0 at scsibus2 targ 0 lun 0:  ATAPI
> 5/cdrom removable
> cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
> pciide0: channel 1 disabled (no drives)
> ohci0 at pci0 dev 10 function 0 "Acer Labs M5237 USB" rev 0x03: ivec
> 0xe9, version 1.0, legacy support
> usb0 at ohci0: USB revision 1.0
> uhub0 at usb0 configuration 1 interface 0 "Acer Labs OHCI root hub"
> rev 1.00/1.00 addr 1
> psycbrgphy0 at bge0 phy 1: BCM5703 10/100/1000baseT PHY, rev. 2
> timer0 at mainbus0 addr 0xfff8bc00 ivec 0xec, 0xed
> umsm0 at uhub0 port 1 configuration 1 interface 0 "HUAWEI HUAWEI
> Mobile" rev 2.00/1.02 addr 2
> ucom0 at umsm0
> umsm1 at uhub0 port 1 configuration 1 interface 1 "HUAWEI HUAWEI
> Mobile" rev 2.00/1.02 addr 2
> ucom1 at umsm1
> umsm2 at uhub0 port 1 configuration 1 interface 2 "HUAWEI HUAWEI
> Mobile" rev 2.00/1.02 addr 2
> ucom2 at umsm2
> umass0 at uhub0 port 1 configuration 1

MAKEDEV not creating ttyU devices that have unit numbers beyond 9

2022-01-17 Thread Kihaguru Gathura
Hi

Connecting a couple of modems but unable to make devices beyond cuaU9

root# sh /dev/MAKEDEV ttyU10
ttyU10: unknown device
root# sh /dev/MAKEDEV ttyU11
ttyU11: unknown device
root# sh /dev/MAKEDEV ttyU12
ttyU12: unknown device

The devices show up as UMSM 10 UCOM 10  etcetera up to 27 at console

What is the way to create devices with unit numbers beyond 9?

Regards,

Kihaguru.


Re: MAKEDEV not creating ttyU devices that have unit numbers beyond 9

2022-01-17 Thread Kihaguru Gathura
Got it, thanks!

On Tue, 18 Jan 2022, 10:49 Otto Moerbeek,  wrote:

> On Tue, Jan 18, 2022 at 10:42:15AM +0300, Kihaguru Gathura wrote:
>
> > Hi
> >
> > Connecting a couple of modems but unable to make devices beyond cuaU9
> >
> > root# sh /dev/MAKEDEV ttyU10
> > ttyU10: unknown device
> > root# sh /dev/MAKEDEV ttyU11
> > ttyU11: unknown device
> > root# sh /dev/MAKEDEV ttyU12
> > ttyU12: unknown device
> >
> > The devices show up as UMSM 10 UCOM 10  etcetera up to 27 at console
> >
> > What is the way to create devices with unit numbers beyond 9?
> >
> > Regards,
> >
> > Kihaguru.
>
>
> See the MAKEDEV script: ttyU[0-9a-zA-Z]
>
> So after 9 comes a
>
> -Otto
>


Optimization Advice for High Resource Utilization PostgreSQL Query on OpenBSD

2024-07-30 Thread Kihaguru Gathura
Hi,

I am seeking advice on optimizing a PostgreSQL query that is consuming a
significant amount of CPU resources on my Dell PowerEdge T340 server. The
server has an Intel Xeon E-2124 CPU @ 3.30GHz (4 cores, no Hyper-Threading)
and 16GB RAM, running OpenBSD 7.3 (GENERIC.MP) #1125.

The query in question occasionally utilizes around 40% of the CPU, with
CPU1 and CPU2 being more utilized compared to CPU0 and CPU3. This suggests
that the workload might not be well-balanced across all cores.

I am monitoring the system to ensure that CPU usage by PostgreSQL does not
lead to performance issues, especially if more queries are executed
simultaneously. Other processes (such as httpd, relayd, etc.) are consuming
minimal CPU time, indicating they are not contributing significantly to the
overall load.

The *top output* and *dmesg output* are included below. Given this setup,
could someone please provide guidance on the best practices for optimizing
PostgreSQL performance under OpenBSD? Are there specific kernel or
PostgreSQL configurations that might help distribute the load more evenly
across all CPU cores, or is this a case that requires a more powerful CPU?

Thank you in advance for your assistance.

Best regards,

Kihaguru

*top Output:*

load averages:  0.27,  0.07,  0.02

if.my.domain 14:11:3563 processes: 61 idle, 2 on processor

   up 63 days 06:11:29CPU0
states:  3.0% user,  0.0% nice,  1.6% sys,  0.0% spin,  0.0% intr,
95.4% idleCPU1 states: 47.9% user,  0.0% nice,  6.2% sys,  0.6% spin,
0.0% intr, 45.3% idleCPU2 states: 33.0% user,  0.0% nice,  4.0% sys,
0.0% spin,  0.0% intr, 63.0% idleCPU3 states:  5.8% user,  0.0% nice,
0.6% sys,  0.0% spin,  0.0% intr, 93.6% idleMemory: Real: 199M/3048M
act/tot Free: 12G Cache: 1672M Swap: 0K/16G

  PID USERNAME PRI NICE  SIZE   RES STATE WAIT  TIMECPU
COMMAND77669 _postgre  580  169M   80M onproc/2  - 0:10
35.60% postgres1 _relayd20 5112K 8456K sleep/0   kqread
17:38  0.05% relayd16136 www20 8272K   12M sleep/1
kqread   40:05  0.00% httpd15178 www20 8140K   11M sleep/3
  kqread   39:43  0.00% httpd41797 www20 7892K   11M
sleep/3   kqread   39:40  0.00% httpd30439 _relayd20 1572K
4176K sleep/2   kqread   36:41  0.00% relayd48133 _relayd20
1564K 4148K sleep/1   kqread   35:55  0.00% relayd84898 _relayd2
 0 1572K 4164K sleep/1   kqread   35:34  0.00% relayd88687 _relayd
20 5076K 8440K sleep/2   kqread   17:29  0.00% relayd
 1500 _relayd20 5276K 8600K sleep/0   kqread   16:52  0.00%
relayd58290 www20 1612K 2556K sleep/1   kqread6:24
0.00% slowcgi86189 _pflogd40  764K 1588K sleep/2   bpf
3:40  0.00% pflogd
 5982 root   20 1120K 1584K idle  kqread2:58  0.00%
sshd45035 www20 2388K 4532K sleep/2   kqread1:21
0.00% httpd82363 _syslogd   20 1228K 1648K sleep/2   kqread
1:10  0.00% syslogd38604 _relayd20 1624K 4040K sleep/2
kqread1:08  0.00% relayd59324 _postgre   20  146M 7596K
sleep/1   kqread1:02  0.00% postgres58070 _postgre   20  146M
 15M sleep/3   kqread1:01  0.00% postgres11204 _relayd20
1468K 3816K sleep/1   kqread0:29  0.00% relayd
1 root  100  644K  632K idle  wait  0:22  0.00%
init68961 _postgre   20  146M 8984K sleep/2   kqread0:13
0.00% postgres28371 _postgre   20  146M   61M idle  kqread
0:10  0.00% postgres12040 _postgre   20  146M 5604K idle
kqread0:07  0.00% postgres45123 _ntp   20 1060K 2748K idle
 kqread0:07  0.00% ntpd67766 root   20  888K 1516K
idle  kqread0:06  0.00% cron11185 root   2  -20  992K
1296K idle  kqread0:05  0.00% ntpd48084 kihaguru  280
2792K 4904K onproc/0  - 0:02  0.00% top33981 _postgre   20
 146M 4908K idle  kqread0:01  0.00% postgres
 9380 _ntp   2  -20 1132K 2876K idle  kqread0:01  0.00% ntpd
 3091 kihaguru   20 1412K 3576K sleep/2   kqread0:00  0.00%
sshd61657 root   20 3024K 5120K idle  kqread0:00
0.00% relayd44011 kihaguru   30 1764K 6332K idle  ttyin
0:00  0.00% psql88332 www20 2616K 2720K sleep/1   kqread
 0:00  0.00% ShelveAssortItem57595 kihaguru  180  880K  904K idle
sigsusp   0:00  0.00% ksh64781 kihaguru   20 1412K 3572K idle
kqread0:00  0.00% sshd
 1477 root   20 1220K 4348K idle  kqread0:00  0.00%
sshd52393 _smtpq 20 1676K 3548K idle  kqread0:00
0.00% smtpd43301 _dhcp  20  868K 1760K idle  kqread
0:00  0.00% dhcpleased
 6184 _dhcp  20  856K 1780K idle  kqread0:00  0.00%
dhcpleased31249 root   20  728K 1480K idle  netio 0:00
 0.00% pflogd20367 root   20  752K 2492K idle  netio
0:00   0.00% syslogd85654 _smtpd 20 2128K 4916K idle
kqread0:00  0.00% smtpd30336 root   20 1728K 2296K i

Re: Optimization Advice for High Resource Utilization PostgreSQL Query on OpenBSD

2024-07-30 Thread Kihaguru Gathura
Hi Claudio,

Yes, I did run 'Explain Analyze' on the query to diagnose the performance
issues. Based on the analysis, I created indexes on the relevant columns
and ran a VACUUM on the tables. This resulted in an improvement, reducing
CPU utilization from 40% to 30%.

I haven't yet delved into explicit Common Table Expressions (CTEs) or
extensive query refactoring as this query is currently running in a
production environment. While these optimizations are on my radar,
implementing them requires careful consideration to avoid disrupting
ongoing operations. I also considered creating indexes affecting views, but
this requires creating materialized views first, which in turn necessitates
extensive query refactoring. Given the production environment constraints,
I opted to defer this step for now to avoid any disruptions.

However, I am not sure if these additional steps would bring the
utilization significantly down to a point where more queries can be
executed simultaneously.

Thank you for your input and assistance.

Best regards,

Kihaguru


On Tue, Jul 30, 2024 at 3:42 PM Claudio Jeker 
wrote:

> On Tue, Jul 30, 2024 at 03:04:54PM +0300, Kihaguru Gathura wrote:
> > Hi,
> >
> > I am seeking advice on optimizing a PostgreSQL query that is consuming a
> > significant amount of CPU resources on my Dell PowerEdge T340 server. The
> > server has an Intel Xeon E-2124 CPU @ 3.30GHz (4 cores, no
> Hyper-Threading)
> > and 16GB RAM, running OpenBSD 7.3 (GENERIC.MP) #1125.
> >
> > The query in question occasionally utilizes around 40% of the CPU, with
> > CPU1 and CPU2 being more utilized compared to CPU0 and CPU3. This
> suggests
> > that the workload might not be well-balanced across all cores.
> >
> > I am monitoring the system to ensure that CPU usage by PostgreSQL does
> not
> > lead to performance issues, especially if more queries are executed
> > simultaneously. Other processes (such as httpd, relayd, etc.) are
> consuming
> > minimal CPU time, indicating they are not contributing significantly to
> the
> > overall load.
> >
> > The *top output* and *dmesg output* are included below. Given this setup,
> > could someone please provide guidance on the best practices for
> optimizing
> > PostgreSQL performance under OpenBSD? Are there specific kernel or
> > PostgreSQL configurations that might help distribute the load more evenly
> > across all CPU cores, or is this a case that requires a more powerful
> CPU?
>
> Did you EXPLAIN ANALYZE your query to see why it performs so bad?
> In other words: Are you using the right indexes?
>
> --
> :wq Claudio
>


Re: Optimization Advice for High Resource Utilization PostgreSQL Query on OpenBSD

2024-08-08 Thread Kihaguru Gathura
Hi Christian,

Thank you for your interest and suggestion.

To give you an idea, here are the approximate row counts for the main
tables involved in the query:

   - operations.requisitions: ~50,000 rows
   - operations.requisition_items: ~150,000 rows
   - operations.products: ~20,000 rows
   - operations.price_lists: ~ 60,000 rows
   - operations.price_lists_view_assort: ~20,000 rows
   - operations.vendors: ~200 rows

While these numbers aren't in the billions, the complexity of the joins and
the operations being performed, such as window functions and aggregations,
contribute significantly to the CPU utilization.

Partitioning is definitely something worth considering as the data grows.
For now, I have created indexes and run VACUUM, which reduced CPU
utilization from 40% to 30%. However, I'm aware that further optimization
might be necessary.

Thank you for your suggestion, and I will keep partitioning in mind as a
potential next step if data volumes continue to grow.

Best regards,

Kihaguru

On Sat, Aug 3, 2024 at 3:14 PM Christian Schulte 
wrote:

> On 30.07.24 19:29, Kihaguru Gathura wrote:
> > Hi Claudio,
> >
> > Yes, I did run 'Explain Analyze' on the query to diagnose the
> > performance issues. Based on the analysis, I created indexes on the
> > relevant columns and ran a VACUUM on the tables. This resulted in an
> > improvement, reducing CPU utilization from 40% to 30%.
>
> Out of curiosity. How many records (table rows) are you talking about?
> Maybe partitioning is the way to go, if you are dealing with huge
> amounts of data. Indexing a couple of billions of records still makes
> selecting expensive and you maybe want to partition things?
>
> --
> Christian
>
>


Re: Optimization Advice for High Resource Utilization PostgreSQL Query on OpenBSD

2024-08-08 Thread Kihaguru Gathura
Hi J,

Thank you for your detailed response and the practical advice.

To address your points:

*> CPU Utilization*: I understand that CPU consumption is not inherently
bad and can be indicative of the system doing its job. The query
performance from an end-user perspective is acceptable at the moment, but
I'm preparing for increased load and want to ensure scalability.

*> Performance Context*: The query in question is more frequent than a
monthly summary but isn't run concurrently by a large number of users.
Nevertheless, I am cautious about future growth and potential concurrent
usage spikes.

*> System Configuration*: I have not yet adjusted the sysctl.conf
parameters, but I will look into tuning these based on your recommendations
and PostgreSQL documentation. Specifically:

kern.seminfo.semmni=60; kern.seminfo.semmns=1024; kern.shminfo.shmall=32768

*> PostgreSQL Settings*: Currently, max_connections and shared_buffers
settings are at their default values. I will look into increasing
shared_buffers to a quarter of RAM, considering our 16GB of memory.
Adjusting temp_buffers and random_page_cost based on SSD usage will also be
on my list.

*> Further Tuning*: I will explore more detailed PostgreSQL tuning
resources and forums for advice tailored to our setup and usage patterns.

Your insights have been incredibly helpful. I will implement the suggested
configurations and monitor the system's performance to ensure it meets our
current and future needs.

Thank you once again for your guidance.

Best regards,

Kihaguru

On Sun, Aug 4, 2024 at 8:19 PM  wrote:

> On 30.07.24 14:04, Kihaguru Gathura wrote:
> >
> > Hi,
> >
> > I am seeking advice on optimizing a PostgreSQL query that is consuming
> > a significant amount of CPU resources on my Dell PowerEdge T340
> > server. The server has an Intel Xeon E-2124 CPU @ 3.30GHz (4 cores, no
> > Hyper-Threading) and 16GB RAM, running OpenBSD 7.3 (GENERIC.MP
> > <http://GENERIC.MP>) #1125.
>
> This is a reasonably fast CPU and there is lots of RAM. No issues there.
>
> >
> > The query in question occasionally utilizes around 40% of the CPU,
> > with CPU1 and CPU2 being more utilized compared to CPU0 and CPU3. This
> > suggests that the workload might not be well-balanced across all cores.
> >
>
> As long as the CPU work is getting done, you don't care (or shouldn't
> care) which CPU is doing the work.
>
> "top" is not a great tool for measuring CPU consumption of a process.
> It
> filters the measurements, resulting in a slow change approaching the
> actual.  The overall cpu consumption (top row or rows) is good.
>
> > I am monitoring the system to ensure that CPU usage by PostgreSQL does
> > not lead to performance issues, especially if more queries are
> > executed simultaneously. Other processes (such as httpd, relayd, etc.)
> > are consuming minimal CPU time, indicating they are not contributing
> > significantly to the overall load.
> >
>
> The critical assumption you have made is that CPU consumption is bad.
> This
> is not necessarily true, it all depends on your circumstances.  If
> it is a "monthly summary", no big deal, you run it once a month.
>
> But if it is a "customer summary" and you have hundreds of customers all
> running it concurrently that might be something to adjust or adapt to.
>
> Consider the point of view of the end-user.  Is the query performance
> OK?
> If it actually OK then you have nothing to do.  CPU measurements are
> not visible to the end user and they don't care about them.
>
> If query performance is not "OK" then memory is the first thing to
> adjust, followed by indexing (as you've started already).
>
> Configuring and tuning Postgresql is a lifelong ambition.  There are
> dozens if not hundreds of advice pages available.  The first things
> to do (you don't say if these are done, or not):
>
> - setup sysctl.conf to larger numbers,  for example
>kern.seminfo.semmni=60
>kern.seminfo.semmns=1024
>kern.shminfo.shmall=32768
>
>Consult postgres documents for advice according to number of users
>and database size.
>
> - setup postgres for suitable max_connections (leaving lots of margin)
>
> - setup postgres for lots of memory in use, shared_buffers=3GB for
> example
> Do not use more than about a quarter of RAM.  Be sure that login.conf
> entries for _postgresql user are suitable for this number.
>
> - setup postgres for temp_buffers larger; but seek tuning advice on
> this.
>
> - setup postgres for random_page_cost = 1.0 provided that you have SSD
> not
>rotating disks.
>
> This is probably the wrong forum for detailed postgresql advice.  You
> might have to search elsewhere.
>
> good luck
>
> J
>