Re: Privoxy crashes on one OpenBSD machine but not another
Hi, TJ writes: > > I tried launching the daemon from gdb to diagnose the problem, but the > package of course has no debug symbols. When gdb ran it from the > /var/privoxy chroot, the process crashed with a SIGPIPE. When I tested > it running outside the chroot, it crashed with a SIGABRT due to a > use-after-free. Privoxy also develops problems resolving its own IP > address, but this might be a separate issue/misconfiguration. I had it crashing on me all the time as well two years ago with similiar symptoms like you describe. I see that Privoxy 3.0.28 has had substantial improvements but you need to go to current or wait for 6.7 to get that. I include my, by now, archaeological back traces that seems to indicate problems with async resolving: (gdb) info registers rax0x322802 rbx0xbc1f59ba36a12927677211498 rcx0xbc284e5c30012930081211136 rdx0xbc234bb12e012928736236256 rsi0xdfdfdfdf 3755991007 rdi0xbc1f59b87e012927677204448 rbp0xbc1f59ba6200xbc1f59ba620 rsp0xbc1f59ba2d00xbc1f59ba2d0 r8 0x10101010101010172340172838076673 r9 0x8080808080808080 -9187201950435737472 r100x96a09c9d9693a0ff -7592896771096600321 r110x0 0 r120xbc234bb162012928736237088 r130xbbfcfa3cddb12918450277851 r140xbc27819b80812929866512392 r150x1bb443 rip0xbbfcf91c7f90xbbfcf91c7f9 eflags 0x10206 66054 cs 0x2b 43 ss 0x23 35 ds 0x23 35 es 0x23 35 fs 0x23 35 gs 0x23 35 (gdb) bt #0 0x0bc293f1e8e5 in getaddrinfo_async_run (as=0xbc296c3d100, ar=0xbc1f59ba138) at /usr/src/lib/libc/asr/getaddrinfo_async.c:515 #1 0x0bc293eec63c in _libc_asr_run_sync (as=0xbc296c3d100, ar=0xbc1f59ba138) at /usr/src/lib/libc/asr/asr.c:148 #2 0x0bc293f64f46 in _libc_getaddrinfo (hostname=0xbc234bb1620 "scontent.xx.fbcdn.net", servname=0xbc1f59ba36a "443", hints=0xbc1f59ba330, res=0xbc1f59ba328) at /usr/src/lib/libc/asr/getaddrinfo.c:47 #3 0x0bbfcf91c7f9 in load_action_files () from /usr/local/sbin/privoxy #4 0x0bbfcf91bd67 in load_action_files () from /usr/local/sbin/privoxy #5 0x0bbfcf92040c in load_action_files () from /usr/local/sbin/privoxy #6 0x0bbfcf91edf5 in load_action_files () from /usr/local/sbin/privoxy #7 0x0bc26629e39e in _rthread_start (v=Variable "v" is not available. ) at /usr/src/lib/librthread/rthread.c:96 #8 0x0bc293ee9ebb in __tfork_thread () at /usr/src/lib/libc/arch/amd64/sys/tfork_thread.S:75 #9 0x in ?? () (gdb) Second crash> Program received signal SIGSEGV, Segmentation fault. [Switching to thread 490396] _libc_freeaddrinfo (ai=0x0) at /usr/src/lib/libc/net/freeaddrinfo.c:46 46 free(p->ai_canonname); (gdb) bt #0 _libc_freeaddrinfo (ai=0x0) at /usr/src/lib/libc/net/freeaddrinfo.c:46 #1 0x06925e91cb8d in load_action_files () from /usr/local/sbin/privoxy #2 0x06925e91bd67 in load_action_files () from /usr/local/sbin/privoxy #3 0x06925e92040c in load_action_files () from /usr/local/sbin/privoxy #4 0x06925e91edf5 in load_action_files () from /usr/local/sbin/privoxy #5 0x0694ba53c39e in _rthread_start (v=Variable "v" is not available. ) at /usr/src/lib/librthread/rthread.c:96 #6 0x0694a9946ebb in __tfork_thread () at /usr/src/lib/libc/arch/amd64/sys/tfork_thread.S:75 #7 0x in ?? () (gdb) info reg rax0x694be27b0007235915198464 rbx0x0 0 rcx0x694a9c0b0807235572904064 rdx0x694ac6d64407235617776704 rsi0x694a9aeddff7235571736063 rdi0x0 0 rbp0x695056a5e800x695056a5e80 rsp0x695056a5e700x695056a5e70 r8 0x694ac6d64407235617776704 r9 0x0 0 r100x2 2 r110x0 0 r120x694a2d8a0207235457032224 r130x695056a5f307237110751024 r140x0 0 r150x50 80 rip0x694a9966bb00x694a9966bb0 <_libc_freeaddrinfo+16> eflags 0x10246 66118 cs 0x2b 43 ss 0x23 35 ds 0x23 35 es 0x23 35 fs 0x23 35 gs 0x23 35 (gdb) Program received signal SIGSEGV, Segmentation fault. [Switching to thread 260559] 0x083d7f02d8e5 in getaddrinfo_async_run (as=0x83e17b97600, ar=0x83e04037548) at /usr/src/lib/libc/asr/getaddrinfo_async.c:515 515 return AS_FAMILY(as); Current language: auto; currently minimal (gdb) bt #0 0x083d7f02d8e5 in getaddrinfo_async_run (as=0x83e17b97600, ar=0x83e04037548) at /usr/src/lib/libc/asr/getaddrinfo_async.c:515 #1 0x083d7effb63c in
Re: Uptime in seconds
On 2020-03-19 20:33, Thomas Bohl wrote: > Hello, > > for a shell script I needed the uptime in seconds. I came up with the > following. I'm just wondering, is there an one-liner that does the > same thing? $ echo $(( $(date +%s) - $(sysctl -n kern.boottime) )) 221493 > # Inspired by https://unix.stackexchange.com/a/270454 > uptime=`ps -o etime= -p 1` > uptd=`echo $uptime | grep '-' | awk -F "-" '{print $1}'` > > if [ "$uptd" == "" ] > then > upth=`echo $uptime | awk -F ":" '{print $1}'` > uptm=`echo $uptime | awk -F ":" '{print $2}'` > upts=`echo $uptime | awk -F ":" '{print $3}'` > > if [ "$upts" == "" ] > then > upts=$uptm > uptm=$upth > upth=0 > fi > > uptimeseconds=$((10#$upts + 10#$uptm * 60 + 10#$upth * 3600)) > else > upth=`echo $uptime | awk -F "-" '{print $2}' | awk -F ":" '{print > $1}'` > uptm=`echo $uptime | awk -F "-" '{print $2}' | awk -F ":" '{print > $2}'` > upts=`echo $uptime | awk -F "-" '{print $2}' | awk -F ":" '{print > $3}'` > uptimeseconds=$((10#$upts + 10#$uptm * 60 + 10#$upth * 3600 + > $uptd * 86400)) > fi > > echo $uptimeseconds
Re: Disabling laptop display & turning off suspend on lid close
Unicorn writes: > > Still would like to know how to turn the display off, have not figured > that out yet ;) If you are not starting X, this is enough: $ cat /etc/wsconsctl.conf display.screen_off=10 display.vblank=on display.kbdact=on display.msact=on display.outact=off See the FAQ (Blanking an Inactive Console): https://www.openbsd.org/faq/faq7.html Excerpt for your convenience: " display.screen_off determines the blanking time in milliseconds. display.kbdact if set to on, keyboard activity will unblank the screen. display.msact if set to on, console mouse activity will unblank the screen. display.outact if set to on, screen output will unblank the screen. display.vblank if set to on will disable the vertical sync pulse. This will cause many monitors to go into an energy saver mode. " /gabriel
Re: USB Firewall
Charlie Eddy writes: > > Is there a method to detect and halt additional USB devices being added > after initializing connections? Concerned about widespread vulnerability of > keystroke injection. I do not remember who posted it (should be in the archives), but this diff adds a knob for allowing usb bus probing or not. When I tried it, it did stop new usb devices from attaching on my laptop. Index: sys/dev/usb/uhub.c === RCS file: /cvs/src/sys/dev/usb/uhub.c,v retrieving revision 1.89 diff -u -p -u -r1.89 uhub.c --- sys/dev/usb/uhub.c 2 Sep 2016 09:14:59 - 1.89 +++ sys/dev/usb/uhub.c 1 Jan 2017 22:52:53 - @@ -55,6 +55,9 @@ #define DEVNAME(sc)((sc)->sc_dev.dv_xname) +/* controls enabling/disabling of USB bus probing */ +int busprobe = 1; + struct uhub_softc { struct device sc_dev; /* base device */ struct usbd_device *sc_hub;/* USB device */ @@ -439,6 +442,9 @@ uhub_explore(struct usbd_device *dev) usbd_clear_port_feature(sc->sc_hub, port, UHF_C_PORT_LINK_STATE); } + + if (!busprobe) + return (0); /* Recursive explore. */ if (up->device != NULL && up->device->hub != NULL) Index: sys/dev/usb/usb.c === RCS file: /cvs/src/sys/dev/usb/usb.c,v retrieving revision 1.111 diff -u -p -u -r1.111 usb.c --- sys/dev/usb/usb.c 18 May 2016 18:28:58 - 1.111 +++ sys/dev/usb/usb.c 1 Jan 2017 22:52:53 - @@ -87,6 +87,8 @@ int usb_noexplore = 0; #define DPRINTFN(n,x) #endif +extern int busprobe; + struct usb_softc { struct devicesc_dev;/* base device */ struct usbd_bus *sc_bus; /* USB controller */ @@ -607,6 +609,14 @@ usbioctl(dev_t devt, u_long cmd, caddr_t #endif break; #endif /* USB_DEBUG */ + case USB_GET_BUS_PROBE: + *(unsigned int *)data = busprobe; + break; + case USB_SET_BUS_PROBE: + if ((error = suser(curproc, 0)) != 0) + return (error); + busprobe = !!*(unsigned int *)data; + break; case USB_REQUEST: { struct usb_ctl_request *ur = (void *)data; Index: sys/dev/usb/usb.h === RCS file: /cvs/src/sys/dev/usb/usb.h,v retrieving revision 1.57 diff -u -p -u -r1.57 usb.h --- sys/dev/usb/usb.h 19 Jun 2016 22:13:07 - 1.57 +++ sys/dev/usb/usb.h 1 Jan 2017 22:52:53 - @@ -760,6 +760,8 @@ struct usb_device_stats { #define USB_DEVICE_GET_CDESC _IOWR('U', 6, struct usb_device_cdesc) #define USB_DEVICE_GET_FDESC _IOWR('U', 7, struct usb_device_fdesc) #define USB_DEVICE_GET_DDESC _IOWR('U', 8, struct usb_device_ddesc) +#define USB_GET_BUS_PROBE _IOR ('U', 9, unsigned int) +#define USB_SET_BUS_PROBE _IOW ('U', 10, unsigned int) /* Generic HID device */ #define USB_GET_REPORT_DESC_IOR ('U', 21, struct usb_ctl_report_desc) Index: usr.sbin/usbdevs/usbdevs.8 === RCS file: /cvs/src/usr.sbin/usbdevs/usbdevs.8,v retrieving revision 1.9 diff -u -p -u -r1.9 usbdevs.8 --- usr.sbin/usbdevs/usbdevs.8 26 Jun 2008 05:42:21 - 1.9 +++ usr.sbin/usbdevs/usbdevs.8 1 Jan 2017 22:52:53 - @@ -39,6 +39,7 @@ .Op Fl dv .Op Fl a Ar addr .Op Fl f Ar dev +.Op Fl p Ns Op Ar on | off .Sh DESCRIPTION .Nm prints a listing of all USB devices connected to the system @@ -53,6 +54,10 @@ Only print information about the device Show the device drivers associated with each device. .It Fl f Ar dev Only print information for the given USB controller. +.It Fl p Ns Op Ar on | off +Enable or disable USB bus probing. The default +is +.Ar on . .It Fl v Be verbose. .El Index: usr.sbin/usbdevs/usbdevs.c === RCS file: /cvs/src/usr.sbin/usbdevs/usbdevs.c,v retrieving revision 1.25 diff -u -p -u -r1.25 usbdevs.c --- usr.sbin/usbdevs/usbdevs.c 22 Dec 2015 08:36:40 - 1.25 +++ usr.sbin/usbdevs/usbdevs.c 1 Jan 2017 22:52:53 - @@ -30,14 +30,15 @@ * POSSIBILITY OF SUCH DAMAGE. */ +#include +#include +#include +#include +#include #include #include #include -#include -#include #include -#include -#include #include #ifndef nitems @@ -46,21 +47,23 @@ #define USBDEV "/dev/usb" -int verbose = 0; -int showdevs = 0; +int verbose; +int showdevs; +int getprobe; +int setprobe; void usage(void); void usbdev(int f, int a, int rec); void usbdump(int f); void dumpone(char *name, int f, int addr); -int main(int, char **); +void busprobe(int f, unsigned int probe); extern char *__progname; void usage(void) { - fprintf(stderr,
Re: OpenSMTPd error "io-error: No SSL error"
Atanas Vladimirov writes: > > First, sorry that I'm reporting this issue so late, but I spotted it > before a few days. > It seems that my surveillance webcam stopped to notify me via email > with the following messages in maillog: > > > Nov 5 15:59:34 hodor smtpd[59494]: 2847e02c4337309e smtp > event=connected address=172.16.1.8 host=attic.bsdbg.net > Nov 5 15:59:35 hodor smtpd[59494]: 2847e02c4337309e smtp event=closed > address=172.16.1.8 host=attic.bsdbg.net reason="io-error: No SSL > error" > I am also seeing this after upgrading to 6.2. # grep -c "io-error: No SSL error" maillog 82 # zgrep -c "io-error: No SSL error" maillog.0.gz 999 # zgrep -c "io-error: No SSL error" maillog.1.gz 1152 ..so pretty bad but I have not had the time or energy to debug it yet. I am guessing the other side want to use old deprecated crypto in setting up TLS since one of the mailservers that could not send mail to us is a Solaris 10 machine probably using OpenSSL 0.9.8 or something. Here is just the last half hour: # grep "io-error: No SSL error" maillog Nov 6 19:02:40 hekla smtpd[66969]: 59bb4c76df17549d smtp event=closed address=217.172.164.56 host=hera82.plusserver.de reason="io-error: No SSL error" Nov 6 19:03:12 hekla smtpd[66969]: 59bb4c828b9c0d65 smtp event=closed address=195.149.155.133 host=mail3.distribution.cision.com reason="io-error: No SSL error" Nov 6 19:08:47 hekla smtpd[66969]: 59bb4cf114121102 smtp event=closed address=195.149.155.133 host=mail3.distribution.cision.com reason="io-error: No SSL error" Nov 6 19:10:38 hekla smtpd[66969]: 59bb4d17dc395021 smtp event=closed address=103.244.8.106 host=triton.nodens.net reason="io-error: No SSL error" Nov 6 19:11:29 hekla smtpd[66969]: 59bb4d2239862abf smtp event=closed address=216.117.173.8 host=webbwise.com reason="io-error: No SSL error" Nov 6 19:12:26 hekla smtpd[66969]: 59bb4d357a1c394a smtp event=closed address=125.206.111.91 host=lookup-net.co.jp reason="io-error: No SSL error" Nov 6 19:13:19 hekla smtpd[66969]: 59bb4d526d94c7c2 smtp event=closed address=1.234.2.196 host=1.234.2.196 reason="io-error: No SSL error" Nov 6 19:14:23 hekla smtpd[66969]: 59bb4d71d2816466 smtp event=closed address=195.149.155.133 host=mail3.distribution.cision.com reason="io-error: No SSL error" Nov 6 19:14:53 hekla smtpd[66969]: 59bb4d8017cd6bf5 smtp event=closed address=113.105.139.87 host=113.105.139.87 reason="io-error: No SSL error" Nov 6 19:17:09 hekla smtpd[66969]: 59bb4daa09d3216b smtp event=closed address=125.206.111.91 host=lookup-net.co.jp reason="io-error: No SSL error" Nov 6 19:19:58 hekla smtpd[66969]: 59bb4df2ab8b156c smtp event=closed address=195.149.155.133 host=mail3.distribution.cision.com reason="io-error: No SSL error" Nov 6 19:22:00 hekla smtpd[66969]: 59bb4e1757d1c409 smtp event=closed address=125.206.111.91 host=lookup-net.co.jp reason="io-error: No SSL error" Nov 6 19:23:44 hekla smtpd[66969]: 59bb4e38a3d45d0d smtp event=closed address=46.59.120.29 host=smtp.partman.se reason="io-error: No SSL error" Nov 6 19:25:34 hekla smtpd[66969]: 59bb4e4dcb29ab27 smtp event=closed address=195.149.155.133 host=mail3.distribution.cision.com reason="io-error: No SSL error" Nov 6 19:28:15 hekla smtpd[66969]: 59bb4e8cc8bf02a2 smtp event=closed address=212.116.89.101 host=delta.webzoo.se reason="io-error: No SSL error" Nov 6 19:28:15 hekla smtpd[66969]: 59bb4e8d20c633db smtp event=closed address=212.116.89.101 host=delta.webzoo.se reason="io-error: No SSL error" Nov 6 19:29:51 hekla smtpd[66969]: 59bb4ea9c1fb4f50 smtp event=closed address=125.206.111.91 host=lookup-net.co.jp reason="io-error: No SSL error" Nov 6 19:30:32 hekla smtpd[66969]: 59bb4eb47f60fa15 smtp event=closed address=216.117.173.8 host=webbwise.com reason="io-error: No SSL error" /gabriel
Re: Diffie-Helman issue?
> How is the prime set up for DH in > OpenSSH and is that something a user can change? Here is good place to start looking: == From: Damien Miller Subject: CVS: cvs.openbsd.org: src To: source-chan...@openbsd.org Date: Fri, 16 Oct 2015 16:32:22 -0600 (MDT) CVSROOT:/cvs Module name:src Changes by: d...@cvs.openbsd.org2015/10/16 16:32:22 Modified files: usr.bin/ssh: dh.h Log message: increase the minimum modulus that we will send or accept in diffie-hellman-group-exchange to 2048 bits; ok markus@ == /gabriel
Re: NSD vs BIND
Chris Cappuccio writes: > I don't think the in-tree bind supports dnssec. Just for the archives; it does, I am using it. /gabriel
Re: ACPI so close I can almost taste it...
Pau writes: > I have a thinkpad x200s and with a recent snapshot I can confirm here > that the laptop suspends in a fraction of a second and resumes again > almost immediately > > Unfortunately, after some few seconds, even if if looks as if > everything had gone just perfect (em0, usb etc are resumed), I get > > ahci_get_err_ccb but SACT 03ff != 0? > panic: kernel diagnostic assertion "ahci_pread(ap, AHCI_PREG_CI) == 0" > failed: file "../../../../dev/pci/ahci.c", line 2037 > Stopped at Debugger+0x4: leave > RUEN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC! > IF RUNNING SMP, USE 'mach ddbcpu <#>' AND 'trace' ON OTHER PROCESSORS, TOO. > (...) > ddb{0}> Like sthen@ already said.. The ahci controller does not support suspend/resume yet so.. try changing SATA mode in the bios to compability mode so that your harddrive attaches through pciide instead of through ahci. This has the consequence that you have to edit fstab during boot when the kernel cannot find sd0a but then you just do: # mount /dev/wd0a / # cd /etc # ed fstab ,s/sd0/wd0/g w q # exit [ boot continues.. ] I tried that on my thinkpad t400 and it made suspend/resume work for me. /gabriel
Re: dnssec-keygen question
LEVAI Daniel writes: > Hi! > > Why can't I generate an RSASHA1 key for a host with this command? > > $ dnssec-keygen -a RSASHA1 -b 1024 -n HOST > dnssec-keygen: invalid DNSKEY nametype HOST > > According to dnssec-keygen(8), the HOST and ENTITY nametypes are valid and > equivalent. HOST and ENTITY options are only valid if you are generating KEY records (-k). Like: $ dnssec-keygen -a RSASHA1 -b 1024 -k -n HOST somehost Ksomehost.+005+30076 /gabriel
Re: nfsv4 - nfs ipv6
Thomas Prochaska <[EMAIL PROTECTED]> writes: > > i couldn't find an answer on the web or somewhere. > therefore i hope someone on this list is able to tell me if > openbsds nfs server supports nfsv4. No, but here is a NFSv4 implementation for OpenBSD: http://snowhite.cis.uoguelph.ca/nfsv4/ -- Gabriel Kihlman
Re: OpenBSD Berlin?
"Dirk Fohrenkamm" <[EMAIL PROTECTED]> writes: > > ok, to write something not that "OT": time? date? location? (as you know I > have quite a lot bars and restaurants around) I think we already (in a private discussion) agreed on the following: 16th of august, 18.00, in Tuffstein: http://maps.google.de/maps?f=q&hl=ca&geocode=&q=leberstrasse+2,+berlin&sll=52.485276,13.358967&sspn=0.008363,0.018797&ie=UTF8&ll=52.485838,13.361499&spn=0.008363,0.018797&t=h&z=16&iwloc=addr&om=1 So, see you there /gabriel (living in kreuzberg)
Re: mail stats from procmail
"atstake atstake" <[EMAIL PROTECTED]> writes: > I use fetchmail and then procmail to filter mails and I read them with mutt. > I'm trying to get my mail stats; eg, how many mails I have on each > directory, size etc. Use http://search.cpan.org/dist/Log-Procmail/ > and when I use mailstats(8) (mailstats -C ~/.procmaillog) it says > "mailstats: no statistics file > located" I also tried the "mailstat" command and it worked fine the > first time but from the second time onward it says "No mail arrived > since Dec 30 20:37" which is wrong because I received mails after that > time. There is also no manpage for "mailstat". What program installed that? I do not have it.
Re: Bind popa3d to local interface only
Michael Lechtermann <[EMAIL PROTECTED]> writes: > Hi, > > I am currently setting up a POP3 server and everything is working fine. > Also added stunnel to handle SSL connections for popa3d. > > Now I would like to permit the usage of unencrypted connections to > popa3d to enforce connections over SSL. > > popa3d runs in standalone mode and it should stay that way since I am > not using inetd right now. When connected to port 995 stunnel forwards > the connection to localhost port 110. > > Because of that I just need popa3d to listen on 127.0.0.1. Index: standalone.c === RCS file: /cvs/src/usr.sbin/popa3d/standalone.c,v retrieving revision 1.10 diff -u -r1.10 standalone.c --- standalone.c13 Mar 2005 19:29:44 - 1.10 +++ standalone.c8 Jun 2006 08:15:33 - @@ -127,7 +127,7 @@ hints.ai_socktype = SOCK_STREAM; hints.ai_family = af; hints.ai_flags = AI_PASSIVE; - error = getaddrinfo(NULL, sbuf, &hints, &res0); + error = getaddrinfo("127.0.0.1", sbuf, &hints, &res0); if (error) return log_error("getaddrinfo");
Re: perl script fails.
Hi, First of, you missed to include certain details about your system, like the version of OpenBSD you are running :-P Hans Almqvist <[EMAIL PROTECTED]> writes: > Hi all! > > When trying to install use cpan to install Time::HiRes > I get the fallowing : Hmm, Time::HiRes is in base.. http://www.openbsd.org/cgi-bin/cvsweb/src/gnu/usr.bin/perl/ext/Time/HiRes/ > > cpan> o conf prerequisites_policy ask > prerequisites_policy ask > > cpan> install Time::HiRes > CPAN: Storable loaded ok > Going to read /root/.cpan/Metadata > Going to read /root/.cpan/sources/authors/01mailrc.txt.gz > CPAN: Compress::Zlib loaded ok > Going to read /root/.cpan/sources/modules/02packages.details.txt.gz > Database was generated on Sun, 11 Sep 2005 08:01:26 GMT > HTTP::Date not available > > Then it freezes. Worked here (with a -current system) [ ... ] cpan> install HTTP::Date CPAN: Storable loaded ok Going to read /home/gk/.cpan/sources/authors/01mailrc.txt.gz Going to read /home/gk/.cpan/sources/modules/02packages.details.txt.gz Database was generated on Sun, 11 Sep 2005 15:59:48 GMT HTTP::Date not available LWP not available CPAN: Net::FTP loaded ok Fetching with Net::FTP: [ .. and so on .. ] > > Any ideas ? Remove your .cpan-dir and try again? tcpdump? ktrace it? -- Gabriel Kihlman