Re: Split-horizon dns

2021-03-27 Thread Gregory Edigarov
just run a second nsd on separate (ip)/port, then use unbound as a router

On 3/25/21 12:52 PM, Родин Максим wrote:
> Hello,
> Is there a way to do split horizon dns using NSD?
> I did not find anything similar in man nsd.conf



audio stops frequently with current

2021-02-26 Thread Gregory Edigarov
Hello,

symptoms like this:
chromium plays video with audio (youtube)
mostly after pause, it loses audio.
while this happen it could show spinner,
but sometimes it can play video no problem, but no audio.

 dmesg:
OpenBSD 6.9-beta (GENERIC.MP) #346: Fri Feb 19 23:56:21 MST 2021
    dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17091600384 (16299MB)
avail mem = 16558268416 (15791MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.2 @ 0xe6cc0 (32 entries)
bios0: vendor American Megatrends Inc. version "P4.20" date 06/18/2020
bios0: ASRock B450 Pro4
acpi0 at bios0: ACPI 6.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT FIDT SSDT SSDT SSDT MCFG AAFT HPET
UEFI PCCT SSDT CRAT CDIT SSDT SSDT WSMT SSDT
acpi0: wakeup devices GPP0(S4) GPP1(S4) GPP3(S4) GPP4(S4) GPP5(S4)
GPP6(S4) GPP7(S4) GPP8(S4) GPP9(S4) GPPA(S4) GPPB(S4) GPPC(S4) GPPD(S4)
GPPE(S4) GPPF(S4) GP10(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Ryzen 5 3600 6-Core Processor, 3593.70 MHz, 17-71-00
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu0: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
64b/line 8-way L2 cache
cpu0: ITLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: AMD Ryzen 5 3600 6-Core Processor, 3593.26 MHz, 17-71-00
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu1: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
64b/line 8-way L2 cache
cpu1: ITLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: AMD Ryzen 5 3600 6-Core Processor, 3593.25 MHz, 17-71-00
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu2: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
64b/line 8-way L2 cache
cpu2: ITLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu2: DTLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 8 (application processor)
cpu3: AMD Ryzen 5 3600 6-Core Processor, 3593.26 MHz, 17-71-00
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu3: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
64b/line 8-way L2 cache
cpu3: ITLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu3: DTLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu3: smt 0, core 4, package 0
cpu4 at mainbus0: apid 10 (application processor)
cpu4: AMD Ryzen 5 3600 6-Core Processor, 3593.25 MHz, 17-71-00
cpu4:

Re: baresip-gtk

2021-02-24 Thread Gregory Edigarov



On 2/24/21 2:59 PM, Mihai Popescu wrote:
>> How do you use baresip-gtk?
> If I recall correctly, all you get is an icon in the system tray bar if you
> have one. You can click there and get a not very rich GUI.
Hmm, I understood. I am not using a DE, prefer  spectrwm.



baresip-gtk

2021-02-20 Thread Gregory Edigarov
Hello,

How do you use baresip-gtk?

I have

module_app    gtk.so

uncommented, but nothing happens.

Thanks.
--
With best regards,
    Gregory Edigarov



Re: firefox+web.skype.com+microphone (on OpenBSD)?

2021-01-22 Thread Gregory Edigarov



On 1/22/21 6:53 PM, Ashton Fagg wrote:
> Based on my reading, the problem is not with OpenBSD but with Skype.
> They don't support it. I played around a little bit (even trying a
> user-agent switcher thingy) - no dice. Admittedly I didn't put too
> much time into it because I use Skype probably once a year at best.
yeah, text messaging works nicely in both firefox (if you use user-agent
changer) and chromium.
that's what I use skype for 99.9% of time.
So it is just a matter of curiosity. What skype is missing on OpenBSD?
 
> On Fri, 22 Jan 2021 at 10:52, Gregory Edigarov  wrote:
>> hello,
>>
>> Just wondering if somebody made it work somehow?
>> Sigh, I know it is not a secure solution but I am bounded to what people
>> are using.
>> Currently I have a linux notebook which I use nearly only for skype, but
>> would prefer to be able to have a voice conversations from OpenBSD, too.
>>
>> any pointers are welcome.
>> --
>>



firefox+web.skype.com+microphone (on OpenBSD)?

2021-01-22 Thread Gregory Edigarov
hello,

Just wondering if somebody made it work somehow?
Sigh, I know it is not a secure solution but I am bounded to what people
are using.
Currently I have a linux notebook which I use nearly only for skype, but
would prefer to be able to have a voice conversations from OpenBSD, too.

any pointers are welcome.
--



iked && outgoing auth

2021-01-13 Thread Gregory Edigarov
Hello, everybody

sorry for possible misunderstanding,  but is iked capable of doing
outgoing eap mschap-v2 auth?
because in my situation I need to connect to server which requires this.

thanks.

--
With best regards,
    Gregory Edigarov
 



Re: misc panics

2020-12-28 Thread Gregory Edigarov



On 12/28/20 12:18 PM, rgc wrote:
> On Mon, Dec 28, 2020 at 10:39:56AM +0100, Otto Moerbeek wrote:
>> On Mon, Dec 28, 2020 at 10:25:08AM +0100, Bastien Durel wrote:
>>
>>> Le lundi 28 d?cembre 2020 ? 09:17 +, Stuart Henderson a ?crit?:
> So hardware failure confirmed :/ Do you think I can change the RAM
> or
> it's more likely a CPU/Chipset failure ?
>
> Thanks,
>
 If you have multiple sticks of RAM, try removing some.
>>> I have only one
>> trying to reaset it is worth a try.
>>
>>  -Otto
>>
> or doing the eraser magick
>
> you clean the contacts (remove oxidation) of the RAM module (the side that
> sticks in the motherboard) by rubbing a pencil eraser on the contacts of the
> RAM module.
>
in my experience, all the RAM modules nowadays comes gold plated, so no
need to use eraser on them.
just a piece of paper, to make sure there is no grease on the contacts



Re: mongodb port

2020-12-08 Thread Gregory Edigarov



On 12/8/20 4:05 PM, Stuart Henderson wrote:
> On 2020-12-08, Gregory Edigarov  wrote:
>> Hello,
>>
>> Just found that mongodb port/package doesn't not install
>> mongodump/mongorestore binaries.
>> Are there any problems with them?
>>
>> --
>> With best regards,
>>  Gregory Edigarov
>>
>>
> Tempted to just reply with "if it needs backing up it shouldn't be
> in mongodb", but... they aren't included in the main distfile and will
> require modifying to work with OpenBSD.
;-) sure thing, it is rather about copying the data from one server to
another, not a real backup.
> https://github.com/mongodb/mongo-tools#building-tools
>
> $ ./make build
> START  | build
> FAIL   | build in 11.252428ms
>| failed to detect local platform from kernel name "OpenBSD"
> task(s) [build] failed
> exit status 2
Will look into this, thanks for pointing, Stuart.
--
With  best regards,
    Gregory  Edigarov



mongodb port

2020-12-08 Thread Gregory Edigarov
Hello,

Just found that mongodb port/package doesn't not install
mongodump/mongorestore binaries.
Are there any problems with them?

--
With best regards,
 Gregory Edigarov



dkim && ed25519

2020-12-04 Thread Gregory Edigarov
Hello misc@,

Just wanna check status of ed25519/x25519 support in OpenBSD.
I want to use ed25519 keypair for dkim, because of the smaller
size of the resulting keys, to completely eliminate the line breaking
issues.
Found nothing in man openssl, how am I supposed to generate keypair?
Will ssh-keygen or signify do the trick?

Thank you.
--
With best regards,
        Gregory Edigarov





Re: Reinstall to upgrade

2020-11-28 Thread Gregory Edigarov



On 11/25/20 3:26 PM, Manuel Giraud wrote:
> Hi,
>
> I'd like to upgrade (on -current) and, in the process, remove some cruft
> accumulated over the years. I usually do sysupgrade and sysclean for
> system.
>
> But for packages, I think I would be better to reinstall everything
> since "pkg_check -F" does not seems to complain and I can see I have,
> for example, some firefox-57 files left.
>
> I think I could do the following but I don't know if it is safe:
> - sysupgrade (+ sysclean)
> - pkg_info -mz > mypkg
> - umount /usr/local
> - newfs partition_of_usr_local
> - mount /usr/local
> - pkg_add -l mypkg
>
> Or maybe, I should dump, do a complete reinstall, pkg_add -l mypkg,
> restore /home and, tediously, restore some /etc files.
> How would you do this?
Here's what I found easy to do periodically on my home computers, when I
feel it is a time to de-clutter:

#!/bin/sh
rm -rf /usr/local/*  /var/db/pkg/* /var/db/pkg/.* /etc/rc.d/*_daemon
/etc/rc.d/avahi* 
for i in \
adobe-source-code-pro \
ansible \
borgbackup \
chromium \
emacs--gtk3 \
gnupg-- \
dmenu \
firefox \
thunderbird \
rsync-- \
git \
gpicview \
go \
rust \
inconsolata-font \
ipcalc \
mplayer \
mtr-- \
nmap \
ntfs_3g \
openvpn \
pidgin-- \
pv \
spectrwm \
splint \
tcptraceroute \
telegram-purple \
terminus-font \
transmission \
vim--gtk2 \
xpdf \
zsh ; do pkg_add  -v $i; done

so when I am running it I am easily getting the system which I have most
essential software installed.



Re: chromium has troubles showing videos from youtube

2020-11-11 Thread Gregory Edigarov




On 11/11/20 4:45 AM, Aaron Mason wrote:

On Wed, Nov 11, 2020 at 7:42 AM Gregory Edigarov  wrote:

Hello,

chromium-86.0.4240.185, installed from packages
is showing spinner and goes no further  after the first ad before video,
and not.
at first I thought  it is some extension, but with clean chromium the
behavior is
still the same.

does anybody else observing this? or is it just me?

--
With best regards,
Gregory Edigarov


Hi

If you open up the developer console and start a video, do you see any
requests that end in an error in the Network tab?

Well, yes. I've got only three of them blocked intentionally.
(ad.doubleclick.net  and googlesyndication)
these are blocked at dns level.

but my android phone for example uses the same (my) dns and is still 
able to play video.


--
With best regards,
       Gregory Edigarov



chromium has troubles showing videos from youtube

2020-11-10 Thread Gregory Edigarov

Hello,

chromium-86.0.4240.185, installed from packages
is showing spinner and goes no further  after the first ad before video, 
and not.
at first I thought  it is some extension, but with clean chromium the 
behavior is

still the same.

does anybody else observing this? or is it just me?

--
With best regards,
  Gregory Edigarov



Re: procedure for making an msdos usb stick

2020-11-05 Thread Gregory Edigarov

what do you mean "shrinks"?

On 11/5/20 1:24 PM, Peter J. Philipp wrote:

Is there any documentation for this?  I'm having a hard time with this.

Particularily when I newfs_msdos a partition it shrinks every time.  I'm on
6.8.

Best Regards,
-peter





Re: system slow down strangeness

2020-09-08 Thread Gregory Edigarov




On 2020-09-08 19:38, Nick Holland wrote:

On 2020-09-08 04:16, Gregory Edigarov wrote:

Hello,

from around two weeks ago I am observing the overall system slow down.
Everything work stable,
but nearly every X application takes forever to open a window.
also I am using tiling wm, and when workspace is switched,
it takes a long time for the system to redraw a screen.
I also noticed that some console scripts like ansible-doc
are also starting slower then usual.

this system only has 8 Gb RAM temporarily,
but top says:

Memory: Real: 1764M/5673M act/tot Free: 2183M Cache: 3284M Swap: 0K/32G

so I do not think it is a memory issue.

was just fine before,  so wondering what has happen.
OpenBSD 6.8-beta (GENERIC.MP) #59: Fri Sep  4 22:46:14 MDT 2020
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

well...that's less than two weeks old.  So I'm guessing either you had
the problem and figured, "let's upgrade, see if that fixes it" (not a
bad plan), or you are a regular upgrader (also good).  Can you say if
the problem started with an upgrade?  Or did it occur between upgrades?

Hm, well, yes, I am upgrading regularly. It's my home system,
so nothing mission critical. And therefore why not upgrade it and see 
what new you guys

are cooking ;-)
Usually upgrading on weekly basis.



...

sd0 at scsibus1 targ 0 lun 0: 

Any possibility you have a bad disk?

No, it seems more like it is software problem.
I did some tests, and came to a conclusion that it is chromium, some how 
while it is not in top for cpu it slows down

things significantly. for now switched to firefox and problem disappeared.
But, just for the record, firefox had issues with sigbus/segfault around 
a week ago. Now it is rock solid and fast again.






Re: system slow down strangeness

2020-09-08 Thread Gregory Edigarov




On 2020-09-08 21:18, Stuart Henderson wrote:

On 2020-09-08, Gregory Edigarov  wrote:

Hello,

from around two weeks ago I am observing the overall system slow down.
Everything work stable,
but nearly every X application takes forever to open a window.
also I am using tiling wm, and when workspace is switched,
it takes a long time for the system to redraw a screen.
I also noticed that some console scripts like ansible-doc
are also starting slower then usual.

this system only has 8 Gb RAM temporarily,
but top says:

Memory: Real: 1764M/5673M act/tot Free: 2183M Cache: 3284M Swap: 0K/32G

so I do not think it is a memory issue.

was just fine before,  so wondering what has happen.

OpenBSD 6.8-beta (GENERIC.MP) #59: Fri Sep  4 22:46:14 MDT 2020
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

What was the previous kernel version? "zgrep OpenBSD /var/log/messages*"
may well find it.

Mesa was updated recently, and a number of changes were made to DRM drivers.

the previous was:
/var/log/messages.2.gz:Sep  5 00:41:28 lbld12 /bsd: OpenBSD 6.7-current 
(GENERIC.MP) #48: Fri Aug 28 23:21:33 MDT 2020




system slow down strangeness

2020-09-08 Thread Gregory Edigarov

Hello,

from around two weeks ago I am observing the overall system slow down. 
Everything work stable,

but nearly every X application takes forever to open a window.
also I am using tiling wm, and when workspace is switched,
it takes a long time for the system to redraw a screen.
I also noticed that some console scripts like ansible-doc
are also starting slower then usual.

this system only has 8 Gb RAM temporarily,
but top says:

Memory: Real: 1764M/5673M act/tot Free: 2183M Cache: 3284M Swap: 0K/32G

so I do not think it is a memory issue.

was just fine before,  so wondering what has happen.

OpenBSD 6.8-beta (GENERIC.MP) #59: Fri Sep  4 22:46:14 MDT 2020
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8501665792 (8107MB)
avail mem = 8228966400 (7847MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.2 @ 0xe6cc0 (31 entries)
bios0: vendor American Megatrends Inc. version "P4.20" date 06/18/2020
bios0: ASRock B450 Pro4
acpi0 at bios0: ACPI 6.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT FIDT SSDT SSDT SSDT MCFG AAFT HPET 
UEFI PCCT SSDT CRAT CDIT SSDT SSDT WSMT SSDT
acpi0: wakeup devices GPP0(S4) GPP1(S4) GPP3(S4) GPP4(S4) GPP5(S4) 
GPP6(S4) GPP7(S4) GPP8(S4) GPP9(S4) GPPA(S4) GPPB(S4) GPPC(S4) GPPD(S4) 
GPPE(S4) GPPF(S4) GP10(S4) [...]

acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Ryzen 5 3600 6-Core Processor, 3593.71 MHz, 17-71-00
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu0: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 
64b/line 8-way L2 cache, 32MB 64b/line disabled L3 cache
cpu0: ITLB 64 4KB entries fully associative, 64 4MB entries fully 
associative
cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully 
associative

cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: AMD Ryzen 5 3600 6-Core Processor, 3593.25 MHz, 17-71-00
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu1: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 
64b/line 8-way L2 cache, 32MB 64b/line disabled L3 cache
cpu1: ITLB 64 4KB entries fully associative, 64 4MB entries fully 
associative
cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully 
associative

cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: AMD Ryzen 5 3600 6-Core Processor, 3593.25 MHz, 17-71-00
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu2: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 
64b/line 8-way L2 cache, 32MB 64b/line disabled L3 cache
cpu2: ITLB 64 4KB entries fully associative, 64 4MB entries fully 
associative
cpu2: DTLB 64 4KB entries fully associative, 64 4MB entries fully 
associative

cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 8 (application processor)
cpu3: AMD Ryzen 5 3600 6-Core Processor, 3593.26 MHz, 17-71-00
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu3: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 
64b/line 8-way L2 cache, 32MB 64b/line disabled L3 

an interesting case for BGP

2020-08-25 Thread Gregory Edigarov

Hello Everybody,

I was helping my friend to switch to new ip block and asn recently and 
run into situation, when I need to announce a new network over the same 
session

here's how i implemented this with quagga:

network xxx.xxx.xxx.0/24 route-map NEW

route-map NEW permit 30
set as-path prepend NEWAS NEWAS

ip prefix-list out-to-uplink seq 10 permit xxx.xxx.xxx.0/24


However, with OpenBGPD, it seems like I could not implement the trick 
because it only allows to prepend self or neighbor, not an arbitrary ASn.


Am I missing something?






ansible hostname.if role

2020-07-09 Thread Gregory Edigarov

Hello everybody,

introducing this little ansible role to configure hostname.if(5) files.

comments are welcome

 https://github.com/gred7/ansible-openbsd-interfaces-role.git



Re: ssh X forwarding and google-chrome

2020-07-03 Thread Gregory Edigarov




On 2020-07-02 17:33, Gregory Edigarov wrote:

Hello, everybody

does anybody know if there is any tricks?

In my office pc (currently linux) I have google-chrome installed, and 
I absolutely need to access it from home.


"ssh -Y  google-chrome" just shows an empty and blank window, 
no menu, no address bar.

May be there is some command line flags I am not aware of?

Thank you.

Well, after some rethinking I've decided to use ssh port forwarding, 
because I just need an access to one internal server.


--
With best regards,
      Gregory Edigarov



ssh X forwarding and google-chrome

2020-07-02 Thread Gregory Edigarov

Hello, everybody

does anybody know if there is any tricks?

In my office pc (currently linux) I have google-chrome installed, and I 
absolutely need to access it from home.


"ssh -Y  google-chrome" just shows an empty and blank window, 
no menu, no address bar.

May be there is some command line flags I am not aware of?

Thank you.



AMD Ryzen

2020-06-23 Thread Gregory Edigarov

Hello,

Can somebody tell me overall impressions/success stories of those systems?
I am thinking of buying this system as my next desktop for OpenBSD of 
course, so please share.

Most interesting would be dmesgs of some working configurations.
Thanks a lot in advance
--
With best regards,
  Gregory Edigarov



Re: weird ansible + doas behaviour

2020-06-21 Thread Gregory Edigarov




On 2020-06-21 23:55, Stuart Henderson wrote:

On 2020-06-21, Gregory Edigarov  wrote:

Trying to run ansible-playbook with localhost.
Playbook:

---
- hosts: localhost
    become: true
    become_method: doas

    roles:
    - wrkstpkgs


Expected behaviour - Ansible asks for the become pass only once, then
execution of tasks require no intervention.
Observed behaviour:

run ansible-playbook:

   ansible-playbook  -K site.yml
BECOME password:
[WARNING]: provided hosts list is empty, only localhost is available.
Note that the implicit localhost does not match 'all'

PLAY [localhost]
**

TASK [Gathering Facts]

doas (g...@lbld12.duckdns.org) password:
ok: [localhost]

TASK [wrkstpkgs : ensure vital packages are present]
**
doas (g...@lbld12.duckdns.org) password:
ok: [localhost]

TASK [wrkstpkgs : ensure versioned packages are present]
**
doas (g...@lbld12.duckdns.org) password:

doas.conf only contains this line:
permit persist greg

Am I missing anything? Thanks a lot in advance.

I think it's like the problem with using doas in ports.

"persist" uses the TIOCSETVERAUTH/TIOCCHKVERAUTH tty(4) ioctls which
were added specifically for doas, the authentication can't be passed
around very far:

TIOCCHKVERAUTH void
Check the verified auth status of this session.  The calling
process must have the same real user ID and parent process as
the process which called TIOCSETVERAUTH.  A zero return
indicates success.

Chances are the second doas call does not have the same parent process.

Hello Stuart.

Yes, it's definitely  the case. But are there any workarounds? of course 
I can install sudo from packages, but I'm always willing to stick with 
the base as much as possible.  And completely preventing the  prompting 
for password using permit nopass doesn't seem to me like a good solution 
either.


--
With best regards,
     Gregory Edigarov



weird ansible + doas behaviour

2020-06-21 Thread Gregory Edigarov

Trying to run ansible-playbook with localhost.
Playbook:

---
- hosts: localhost
  become: true
  become_method: doas

  roles:
  - wrkstpkgs


Expected behaviour - Ansible asks for the become pass only once, then 
execution of tasks require no intervention.

Observed behaviour:

run ansible-playbook:

 ansible-playbook  -K site.yml
BECOME password:
[WARNING]: provided hosts list is empty, only localhost is available. 
Note that the implicit localhost does not match 'all'


PLAY [localhost] 
**


TASK [Gathering Facts] 


doas (g...@lbld12.duckdns.org) password:
ok: [localhost]

TASK [wrkstpkgs : ensure vital packages are present] 
**

doas (g...@lbld12.duckdns.org) password:
ok: [localhost]

TASK [wrkstpkgs : ensure versioned packages are present] 
**

doas (g...@lbld12.duckdns.org) password:

doas.conf only contains this line:
permit persist greg

Am I missing anything? Thanks a lot in advance.
--
With best regards,
 Gregory Edigarov




Re: Article OpenBSD: Not Free Not Fuctional and Definetly Not Secure and BSD, the truth blog

2020-05-28 Thread Gregory Edigarov

On 2020-05-28 07:16, Quantum Robin wrote:

Hi,

While surfing on the Google to learn more about OpenBSD, I encountered this
one: "OpenBSD: Not Free Not Fuctional and Definetly Not Secure (
https://aboutthebsds.wordpress.com/2013/01/25/20/)

Is the author telling the truth? Or just yet another anti-BSD thing?


Those haters are always somehow associating to me with the MTV song by 
Ian Gillan :-))






clang analyzer

2020-05-24 Thread Gregory Edigarov

Hello,

clang --analyze main.c
error: action RunAnalysis not compiled in

I find it strange.  Is there any particular reason for not including it?

Is there any procedure I can use to get a "full" clang?

Thank you.

--

With best regards,

    Gregory Edigarov




Re: BGP and carp slaves

2020-04-02 Thread Gregory Edigarov



On 02.04.20 12:34, Luca Bodini wrote:

Hi folks,

I’m just having a strange issue using OpenBSD 6.6 and BGP .
I have two OpenBSD firewalls with a carp configuration, let’s suppose the 
shared IP is 10.10.10.100, and I am able to announce 10.10.10.100/32 via BGP.
Now, here is my /etc/bgpd.conf configuration:

prefix-set mynetworks { \
 10.10.10.100/32\
}

I’ve asked provider to change BGP configuration and everything now is stetted 
up correctly, now, the question is:
Is the carp slave accepting and forwarding connections by design or is it un 
“unintended" feature?


Just out of curiosity, was that a real config or you've replaced ASn and 
prefix? if it is real where have you found a provider, agreed to setup 
session with private ASn anouncing a single private ip?

Is that a lab of some kind?



Re: 10Gbit network work only 1Gbit

2019-11-15 Thread Gregory Edigarov



On 13.11.19 21:18, Hrvoje Popovski wrote:

On 13.11.2019. 16:37, Gregory Edigarov wrote:

could you please do one more test:
"forwarding over ix0 and ix1, pf enabled, 5 tcp states"

with this generator i can't use tcp. generally pps with 5 or 50
states are more or less same ... problem with tcp testing is that i
can't get precise pps numbers ...

and only for you :)
with iperf3 (8 tcp streams) on client boxes i'm getting this results ...

forwarding over ix0 and ix1, pf and ipsec disabled
9.40Gbps

forwarding over ix0 and ix1, pf enabled, 8 tcp streams
7.40Gbps

forwarding over ix0 and ix1, ipsec established over em0, pf disabled
8.10Gbps

forwarding over ix0 and ix1, ipsec established over em0, pf enabled, 8
TCP streams
5.25Gbps

thanks, Hrvoje



On 13.11.19 12:52, Hrvoje Popovski wrote:

On 13.11.2019. 10:59, Hrvoje Popovski wrote:

On 12.11.2019. 10:54, Szél Gábor wrote:

Dear Hrvoje, Theo,

Thank you for your answers!

answers to the questions:
-  who is parent interface for carp?  -> vlan  ( carp10 interface
parent
vlan10 -> vlan10 interface  parent -> trunk0 )
- why vlan interfaces don't have ip address ? -> it wasn't needed! i
think vlan interface need only tag packages. Carp (over vlan) interface
have IP address.

it's little strange to me to not have ip address on parent carp
interface, but if it works for you ... ok..


- vether implies that you have bridge? -> yes whe have only one bridge
for bridget openvpn clients, but  we will eliminate it.


we will do the following:
- refresh our backup firewall to oBSD 6.6
- replace trunk interface with aggr
- remove bridge interface

this is nice start to make you setup faster. big performance killer in
your setup is ipsec and old hardware. maybe oce(4) but i never tested
it, so i'm not sure ... if you can, change oce with ix, intel x520 is
not that expensive ..

bridge is slow, but only for traffic that goes through it. with ipsec,
the same second when tunnel is established, forwarding performance will
drop significantly on whole firewall ...

i forgot numbers, so i did quick tests ..


forwarding over ix0 and ix1, pf and ipsec disabled
1.35Mpps

forwarding over ix0 and ix1, pf enabled, 500 UDP states
800Kpps

forwarding over ix0 and ix1, ipsec established over em0, pf disabled
800Kpps

forwarding over ix0 and ix1, ipsec established over em0, pf enabled, 500
UDP states
550Kpps



OpenBSD 6.6-current (GENERIC.MP) #453: Mon Nov 11 21:40:31 MST 2019
  dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17115840512 (16322MB)
avail mem = 16584790016 (15816MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xcf42c000 (99 entries)
bios0: vendor Dell Inc. version "2.8.0" date 06/26/2019
bios0: Dell Inc. PowerEdge R620
acpi0 at bios0: ACPI 3.0
acpi0: sleep states S0 S4 S5
acpi0: tables DSDT FACP APIC SPCR HPET DMAR MCFG WD__ SLIC ERST HEST
BERT EINJ TCPA PC__ SRAT SSDT
acpi0: wakeup devices PCI0(S5)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 4 (boot processor)
cpu0: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.53 MHz, 06-3e-04
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN

cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 2, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 100MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
cpu1 at mainbus0: apid 6 (application processor)
cpu1: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.01 MHz, 06-3e-04
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN

cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 3, package 0
cpu2 at mainbus0: apid 8 (application processor)
cpu2: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.01 MHz, 06-3e-04
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN

cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 4, package 0
cpu

Re: 10Gbit network work only 1Gbit

2019-11-13 Thread Gregory Edigarov

could you please do one more test:
"forwarding over ix0 and ix1, pf enabled, 5 tcp states"

On 13.11.19 12:52, Hrvoje Popovski wrote:

On 13.11.2019. 10:59, Hrvoje Popovski wrote:

On 12.11.2019. 10:54, Szél Gábor wrote:

Dear Hrvoje, Theo,

Thank you for your answers!

answers to the questions:
-  who is parent interface for carp?  -> vlan  ( carp10 interface parent
vlan10 -> vlan10 interface  parent -> trunk0 )
- why vlan interfaces don't have ip address ? -> it wasn't needed! i
think vlan interface need only tag packages. Carp (over vlan) interface
have IP address.

it's little strange to me to not have ip address on parent carp
interface, but if it works for you ... ok..


- vether implies that you have bridge? -> yes whe have only one bridge
for bridget openvpn clients, but  we will eliminate it.


we will do the following:
- refresh our backup firewall to oBSD 6.6
- replace trunk interface with aggr
- remove bridge interface

this is nice start to make you setup faster. big performance killer in
your setup is ipsec and old hardware. maybe oce(4) but i never tested
it, so i'm not sure ... if you can, change oce with ix, intel x520 is
not that expensive ..

bridge is slow, but only for traffic that goes through it. with ipsec,
the same second when tunnel is established, forwarding performance will
drop significantly on whole firewall ...


i forgot numbers, so i did quick tests ..


forwarding over ix0 and ix1, pf and ipsec disabled
1.35Mpps

forwarding over ix0 and ix1, pf enabled, 500 UDP states
800Kpps

forwarding over ix0 and ix1, ipsec established over em0, pf disabled
800Kpps

forwarding over ix0 and ix1, ipsec established over em0, pf enabled, 500
UDP states
550Kpps



OpenBSD 6.6-current (GENERIC.MP) #453: Mon Nov 11 21:40:31 MST 2019
 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17115840512 (16322MB)
avail mem = 16584790016 (15816MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xcf42c000 (99 entries)
bios0: vendor Dell Inc. version "2.8.0" date 06/26/2019
bios0: Dell Inc. PowerEdge R620
acpi0 at bios0: ACPI 3.0
acpi0: sleep states S0 S4 S5
acpi0: tables DSDT FACP APIC SPCR HPET DMAR MCFG WD__ SLIC ERST HEST
BERT EINJ TCPA PC__ SRAT SSDT
acpi0: wakeup devices PCI0(S5)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 4 (boot processor)
cpu0: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.53 MHz, 06-3e-04
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 2, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 100MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
cpu1 at mainbus0: apid 6 (application processor)
cpu1: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.01 MHz, 06-3e-04
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 3, package 0
cpu2 at mainbus0: apid 8 (application processor)
cpu2: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.01 MHz, 06-3e-04
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 4, package 0
cpu3 at mainbus0: apid 16 (application processor)
cpu3: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.01 MHz, 06-3e-04
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 8, package 0
cpu4 at mainbus0: apid 18 (application processor)
cpu4: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.01 MHz, 06-3e-04
cpu4:

Re: obsd web server

2019-09-03 Thread Gregory Edigarov



On 02.09.19 02:49, Gustavo Rios wrote:

Hi folks,

i would like to confgiure my obsd server as a web server.

I would like to configure my web server to handle multiple domains
without having to set each domain one by one.

I mean:
   Every request for www.x.com is mapped into the root directory
/var/web/www.x.com

Got the idea ? If a new server is required,  All i needed to do would
create a directory inside /var/web with the full access string :

mkdir /var/web/www.newdomain.com

And i should not need to manipulate config files


Hi,

you may want to look at lighttpd.
https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModSimpleVhost

should be what you need



Re: su - root => segmentation fault

2019-07-31 Thread Gregory Edigarov

On 31.07.19 17:00, Solene Rapenne wrote:

On Wed, Jul 31, 2019 at 04:49:54PM +0500, dmitry.sensei wrote:

Hi!
why did it happen?

OpenBSD 6.5 current
$su - root
root's password:
Segmentation fault
$ doas su - root
#

--
Dmitry Orlov

what current? What arch?

works for me©
OpenBSD 6.5-current (GENERIC.MP) #153: Sun Jul 28 20:33:09 MDT 2019

usually it means that your kernel does not match the userspace



Re: Postscript printer recommendations

2019-07-18 Thread Gregory Edigarov



On 18.07.19 10:57, Gregory Edigarov wrote:
Just for myself  until the better solution arive I for a while have 
put such lines into rc.shutdown


also, how about having kernel.conf file, that will be used by rc script 
after kernel relinking.


i.e something like this in the end of /etc/rc

if [ -f /etc/kernel.conf ]; then

config -ef /bsd < /etc/kernel.conf

fi


On 18.07.19 10:07, Stuart Henderson wrote:

On 2019-07-16, Robert Klein  wrote:

How about:

config -ef /bsd <It still works, but it prevents "kernel reordering" from taking 
place, which is
both a security mitigation and (for release users) the mechanism used 
for applying
syspatches to the kernel. And of course for snapshot users it needs 
to be

re-applied every update. We don't have a good solution for this yet.








Re: Postscript printer recommendations

2019-07-18 Thread Gregory Edigarov
Just for myself  until the better solution arive I for a while have put 
such lines into rc.shutdown


On 18.07.19 10:07, Stuart Henderson wrote:

On 2019-07-16, Robert Klein  wrote:

How about:

config -ef /bsd <
It still works, but it prevents "kernel reordering" from taking place, which is
both a security mitigation and (for release users) the mechanism used for 
applying
syspatches to the kernel. And of course for snapshot users it needs to be
re-applied every update. We don't have a good solution for this yet.






Re: Ansible install Re: Reboot and re-link

2019-06-24 Thread Gregory Edigarov



On 21.06.19 21:02, Frank Beuth wrote:

On Wed, Jun 19, 2019 at 11:29:32PM +0200, Maxim Bourmistrov wrote:
Installing via NOT RECOMMENDED WAY(following upgrade65.html) - 
scripting on

steroides (ansible).


I don't want to re-open the hostilities, but installing OpenBSD via 
Ansible is very relevant to my interests. Previously discussed on this 
list was a very roundabout approach using Qemu -- is there a better 
way now?


it's all easy given it is some IaaS provider, just use terraform to 
create the ground, (terraform could also be used to upload keys, and do 
some preconfiguration) then call ansible.


my worst timing on AWS is ~20 minutes.

baremetal servers are more interesting beasts here but if your 
colocation/infrastructure provider allows for boot image uploads that's 
also quite doable with existing tools.





Re: Random system freeze.

2019-05-24 Thread Gregory Edigarov

Hi Paco,

could you please check if you can login over  network when the system 
freeze?

if so - please do a backtrace of the X server.
i.e.:

su -
gdb /usr/X11R6/bin/X `pgrep  X`
bt

just curious, if you'll my condition also.
that may help developers in problem identification.

thanks.

On 23.05.19 18:35, Paco Esteban wrote:

Hi misc@,

I've been having some system freezes lately, as others using intel
graphics.

Sometimes it does not hit in days but sometimes the system hangs 2 or 3
times a day.

I was wondering if there's any iformation I can supply to devs that
could be useful (besides dmesg ...).

Cheers,
Paco.

OpenBSD 6.5-current (GENERIC.MP) #37: Tue May 21 19:41:49 MDT 2019
 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 16567697408 (15800MB)
avail mem = 16055463936 (15311MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0x67493000 (88 entries)
bios0: vendor American Megatrends Inc. version "F4" date 09/04/2015
bios0: Gigabyte Technology Co., Ltd. Z170N-WIFI-CF
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT FIDT MCFG HPET SSDT SSDT UEFI LPIT SSDT SSDT 
SSDT DBGP DBG2 SSDT SSDT BGRT DMAR ASF!
acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) PEG2(S4) 
PS2K(S3) PS2M(S3) PXSX(S4) RP09(S4) PXSX(S4) RP10(S4) PXSX(S4) RP11(S4) 
PXSX(S4) RP12(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz, 3601.34 MHz, 06-5e-03
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 23MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz, 3500.01 MHz, 06-5e-03
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz, 3400.00 MHz, 06-5e-03
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz, 3300.00 MHz, 06-5e-03
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins
acpimcfg0 at acpi0
acpimcfg0: addr 0xe000, bus 0-255
acpihpet0 at acpi0: 2399 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG0)
acpiprt2 at acpi0: bus -1 (PEG1)
acpiprt3 at acpi0: bus -1 (PEG2)
acpiprt4 at acpi0: bus 5 (RP09)
acpiprt5 at acpi0: bus -1 (RP10)
acpiprt6 at acpi0: bus -1 (RP11)
acpiprt7 at acpi0: bus -1 (RP12)
acpiprt8 at acpi0: bus 6 (RP13)
acpiprt9 at acpi0: bus 2 (RP01)
acpiprt10 at acpi0: bus -1 (RP02)
acpiprt11 at acpi0: bus -1 (RP03)
acpiprt12 at acpi0: bus 

Re: X hangs again while on integrated

2019-05-08 Thread Gregory Edigarov



On 07.05.19 11:39, Gregory Edigarov wrote:

I've got some more info on this.

tried to run X with tiling wms: spectrwm (my main wm), dwm, i3 - all 
hang absolutely the same way. (see my last mail with X backtraced)


then I've tried fvwm - works

cwm - works

kde & gnome - both work flawlessly.

i.e. there is some trouble in the newest versions of Xenocara, making 
it impossible to run with tiling window manager at least on i915.

sorry,

yesterday fvwm and cwm were both hanging the  same way spectrwm does.

if somebody want to look into the issue - what else information beside 
dmesg and backtrace do you need?


didn't test with kde & gnome ( and anyway I removed them as I don't use 
them)


Thanks.




On 23.04.19 11:43, Gregory Edigarov wrote:

Hello misc@

it happens with no traces in logs.

most of the time while in chromium, but in firefox too. (with firefox 
it just needs more time)


thought it is memory, but memtest reveal nothing. the same is the 
video memory tests. it happens only on


intel i915. no hangs on radeon(non integrated).

when this happen i am always able to login via ssh too the box and 
kill X.


killing chrome or firefox doesn't help.

also noticed that with recent build as of Apr 21, kernel is loosing 
the changes made by config, but still works when i make changes 
during the boot in UKC.





dmesg:

OpenBSD 6.5-current (GENERIC.MP) #0: Sun Apr 21 14:26:55 EEST 2018
g...@lbld12.duckdns.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xb320 (90 entries)
bios0: vendor American Megatrends Inc. version "3805" date 05/10/2018
bios0: ASUSTeK COMPUTER INC. Q170M-C
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT ASF! MCFG SSDT FIDT SSDT SSDT HPET
SSDT SSDT UEFI SSDT LPIT WSMT SSDT SSDT DBGP DBG2 TPM2
acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4)
PEG2(S4) SIO1(S3) UAR1(S4) UAR2(S4) PXSX(S4) RP09(S4) PXSX(S4) RP10(S4)
PXSX(S4) RP11(S4) PXSX(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2694.73 MHz, 06-5e-03
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI 
\
,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB 
\
G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1 
\
6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME 
\
P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN 


    cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 24MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.78 MHz, 06-5e-03
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI 
\
,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB 
\
G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1 
\
6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME 
\
P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN 


    cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.78 MHz, 06-5e-03
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI 
\
,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB 
\
G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1 
\
6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME 
\
P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN 


    cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.78 MHz, 06-5e-03
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI 
\
,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB 
\
G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1 
\
6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME 
\
P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SE

Re: X hangs again while on integrated

2019-05-07 Thread Gregory Edigarov

I've got some more info on this.

tried to run X with tiling wms: spectrwm (my main wm), dwm, i3 - all 
hang absolutely the same way. (see my last mail with X backtraced)


then I've tried fvwm - works

cwm - works

kde & gnome - both work flawlessly.

i.e. there is some trouble in the newest versions of Xenocara, making it 
impossible to run with tiling window manager at least on i915.



On 23.04.19 11:43, Gregory Edigarov wrote:

Hello misc@

it happens with no traces in logs.

most of the time while in chromium, but in firefox too. (with firefox 
it just needs more time)


thought it is memory, but memtest reveal nothing. the same is the 
video memory tests. it happens only on


intel i915. no hangs on radeon(non integrated).

when this happen i am always able to login via ssh too the box and 
kill X.


killing chrome or firefox doesn't help.

also noticed that with recent build as of Apr 21, kernel is loosing 
the changes made by config, but still works when i make changes during 
the boot in UKC.





dmesg:

OpenBSD 6.5-current (GENERIC.MP) #0: Sun Apr 21 14:26:55 EEST 2018
g...@lbld12.duckdns.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xb320 (90 entries)
bios0: vendor American Megatrends Inc. version "3805" date 05/10/2018
bios0: ASUSTeK COMPUTER INC. Q170M-C
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT ASF! MCFG SSDT FIDT SSDT SSDT HPET
SSDT SSDT UEFI SSDT LPIT WSMT SSDT SSDT DBGP DBG2 TPM2
acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4)
PEG2(S4) SIO1(S3) UAR1(S4) UAR2(S4) PXSX(S4) RP09(S4) PXSX(S4) RP10(S4)
PXSX(S4) RP11(S4) PXSX(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2694.73 MHz, 06-5e-03
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI 
\
,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB 
\
G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1 
\
6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME 
\
P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN 


    cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 24MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.78 MHz, 06-5e-03
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI 
\
,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB 
\
G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1 
\
6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME 
\
P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN 


    cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.78 MHz, 06-5e-03
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI 
\
,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB 
\
G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1 
\
6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME 
\
P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN 


    cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.78 MHz, 06-5e-03
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI 
\
,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB 
\
G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1 
\
6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME 
\
P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN 


    cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins
acpimcfg0 at acpi0
acpimcfg0: addr 0xf800, bus 0-63
acpihpet0 at acpi0: 2399 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acp

Re: Xorg blanks until I switch to a TTY and back on 6.5

2019-05-01 Thread Gregory Edigarov



On 29.04.19 10:05, Jonathan Gray wrote:

On Sun, Apr 28, 2019 at 07:26:54PM -0400, Charles wrote:

Hello list,

Ever since the new inteldrm driver got merged into -current, shortly
before the 6.5 release, I'm seeing an odd new behavior on my Thinkpad
T430 -- when an external display is connected, Xorg blanks all screens
(but the mouse can still be seen) until I switch to a TTY and back with
(i.e. C-A-F4 then C-A-F5) after which point it goes back to normal.

I'm glad the new inteldrm driver got merged, since it fixes several
other video issues I was having. This problem is very minor since the
workaround is just a few extra keystrokes when I dock or undock, but it
is nevertheless annoying.

Is anyone else experiencing this issue on third gen core-I series Intel
chips with integrated graphics? Or on any other chips for that matter?

I checked Xorg.0.log and didn't see anything suspicious. I also tried
disabling monitor hotplugging via Xorg.conf, but I either did it wrong
or it had no effect.

I would attach xorg logs and dmesg, but AFAIK misc@ does not allow
attachments, and I don't want to annoy people with that much inline
info.

Does this help?

Index: sys/dev/pci/drm/drm_fb_helper.c
===
RCS file: /cvs/src/sys/dev/pci/drm/drm_fb_helper.c,v
retrieving revision 1.13
diff -u -p -r1.13 drm_fb_helper.c
--- sys/dev/pci/drm/drm_fb_helper.c 14 Apr 2019 10:14:51 -  1.13
+++ sys/dev/pci/drm/drm_fb_helper.c 29 Apr 2019 06:58:25 -
@@ -575,6 +575,9 @@ static bool drm_fb_helper_is_bound(struc
  #ifdef notyet
if (READ_ONCE(dev->master))
return false;
+#else
+   if (!SPLAY_EMPTY(>files))
+   return false;
  #endif
  
  	drm_for_each_crtc(crtc, dev) {

could this one be also related to my troubles?



Re: some more info about ?? hangs

2019-04-28 Thread Gregory Edigarov
Updated and rebuilt. Still hangs The same way and place.

On Sun, Apr 28, 2019, 07:02 Jonathan Gray  wrote:

> On Sat, Apr 27, 2019 at 04:55:50PM +0300, Gregory Edigarov wrote:
> > attached please find  dmesg and backtrace of X when that happen again
> > hope this bug report will be more useful than previous one.
> >
> > thank you.
> > --
> > With best regards,
> >   Gregory Edigarov
>
> Likely fixed by
>
> xenocara/xserver/hw/xfree86/common/xf86VGAarbiterPriv.h
>
> 
> revision 1.9
> date: 2019/04/28 03:12:53;  author: jsg;  state: Exp;  lines: +13 -7;
> commitid: gMqza1DBk6OCnvP4;
> Backport cf7517675d988c2d1ff967d6d162a17acbdad46 from xserver 1.20
> xfree86: Hold input_lock across SPRITE functions in VGA arbiter
>
> Fixes stack overflow crash with VGA arbiter used with multi GPU systems.
> Report and fix identified by 'Joe M' on misc@. ok matthieu@
> 
>


some more info about Х hangs

2019-04-27 Thread Gregory Edigarov
attached please find  dmesg and backtrace of X when that happen again
hope this bug report will be more useful than previous one.

thank you.
--
With best regards,
  Gregory Edigarov


dmesg
Description: Binary data


x.backtrace
Description: Binary data


X hangs again while on integrated

2019-04-23 Thread Gregory Edigarov

Hello misc@

it happens with no traces in logs.

most of the time while in chromium, but in firefox too. (with firefox it 
just needs more time)


thought it is memory, but memtest reveal nothing. the same is the video 
memory tests. it happens only on


intel i915. no hangs on radeon(non integrated).

when this happen i am always able to login via ssh too the box and kill X.

killing chrome or firefox doesn't help.

also noticed that with recent build as of Apr 21, kernel is loosing the 
changes made by config, but still works when i make changes during the 
boot in UKC.





dmesg:

OpenBSD 6.5-current (GENERIC.MP) #0: Sun Apr 21 14:26:55 EEST 2018
g...@lbld12.duckdns.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xb320 (90 entries)
bios0: vendor American Megatrends Inc. version "3805" date 05/10/2018
bios0: ASUSTeK COMPUTER INC. Q170M-C
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT ASF! MCFG SSDT FIDT SSDT SSDT HPET
SSDT SSDT UEFI SSDT LPIT WSMT SSDT SSDT DBGP DBG2 TPM2
acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4)
PEG2(S4) SIO1(S3) UAR1(S4) UAR2(S4) PXSX(S4) RP09(S4) PXSX(S4) RP10(S4)
PXSX(S4) RP11(S4) PXSX(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2694.73 MHz, 06-5e-03
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI
 \
,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB
 \
G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1
 \
6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME
 \
P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN

cpu0: 256KB 64b/line 8-way L2 cache

cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 24MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.78 MHz, 06-5e-03
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI
 \
,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB
 \
G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1
 \
6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME
 \
P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN

cpu1: 256KB 64b/line 8-way L2 cache

cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.78 MHz, 06-5e-03
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI
 \
,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB
 \
G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1
 \
6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME
 \
P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN

cpu2: 256KB 64b/line 8-way L2 cache

cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.78 MHz, 06-5e-03
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI
 \
,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB
 \
G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1
 \
6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME
 \
P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN

cpu3: 256KB 64b/line 8-way L2 cache

cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins
acpimcfg0 at acpi0
acpimcfg0: addr 0xf800, bus 0-63
acpihpet0 at acpi0: 2399 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG0)
acpiprt2 at acpi0: bus -1 (PEG1)
acpiprt3 at acpi0: bus -1 (PEG2)
acpiprt4 at acpi0: bus 4 (RP09)
acpiprt5 at acpi0: bus -1 (RP10)
acpiprt6 at acpi0: bus 5 (RP11)
acpiprt7 at acpi0: bus -1 (RP12)
acpiprt8 at acpi0: bus -1 (RP13)
acpiprt9 at acpi0: bus 2 (RP01)
acpiprt10 at acpi0: bus -1 (RP02)
acpiprt11 at acpi0: bus -1 (RP03)
acpiprt12 at acpi0: bus -1 (RP04)
acpiprt13 at acpi0: bus 3 (RP05)
acpiprt14 at acpi0: bus -1 (RP06)

Re: procmail and new grammar in smtpd.conf

2018-12-05 Thread Gregory Edigarov



On 05.12.18 13:22, Eda Sky wrote:

Hi
I'm preparing an update from 6.3 to 6.4 and fix the required 
configuration files
For many years I've been using fetchmail/procmail and I do not know 
how to overwrite smtpd.conf to a new grammar

the original rule is

accept from any for domain "example.com" alias  deliver to 
mda "/usr/local/bin/procmail -f -" \


that seems to become:

action "procmail" mda "/usr/local/bin/procmail -f -"

match for domain "example.com" action "procmail"



I do not know how to write new rules.
Everything I'm trying to do ends with syntax error.

Will anyone advise me?
Thank you





ssh -w in macosx (sorry I know it's a deep offtopic)

2018-11-02 Thread Gregory Edigarov

Hello,

need to get ssh tunnel quickly.
the other side is linux.

running this:

ssh -i /home/MAC_A_120614/.ssh/id_rsa -vvv -o PermitLocalCommand=yes -o 
LocalCommand="ifconfig tun1 192.168.100.4 pointtopoint 192.168.100.3 
netmask 255.255.255.255" -o ServerAliveInterval=60 -w 1:1 somehost.com 
"ifconfig tun1 192.168.100.3 pointopoint 192.168.100.4 netmask 
255.255.255.255"


got this:

debug1: sys_tun_open: /dev/tun1 open failed: No such file or directory
Tunnel device open failed.

no man pages, no /dev/MAKEDEV,  not that i  could find something on the net.

we've really got very spoiled with OpenBSD :-)



Re: Redistributing between bgpd and ospfd

2018-10-15 Thread Gregory Edigarov

On 15.10.18 12:58, Sebastian Benoit wrote:

open...@kene.nu(open...@kene.nu) on 2018.10.15 11:05:41 +0200:

Hello,

I am trying to get bgpd and ospfd play nicely with route redistribution.

So far the only way I have found that suits my need is to use
bgpd.conf network statements and rtlabels.

So, to make ospfd learn route from bgpd I use rtlabels. So in bgpd.conf:
match from  set rtlabel from_bgpd

And in ospfd.conf:
redistribute rtlabel from_bgpd


So far so good. But the other way around, to bake bgpd learn from
ospfd it becomes a bit more tedious. The only way I have found to make
bgpd announce ospf originated routes (to its bgp peers) is via network
statements in bgpd.conf. These network statements are not conditional
on the availability of such a route in ospf though so they are not
very dynamic anymore.

I understand that it according to standard
(https://tools.ietf.org/html/rfc1364) should be something that is
explicit for type 1 and 2 LSAs.

What is the recommended way to achieve dynamic explicit route
redistribution in both directions?

Network statements are the correct way.

You can use

  network (inet|inet6) priority ...
  network (inet|inet6) rtlabel ...

So with

   network inet priority  32

you should be able to redistribute all ospf routes into bgp.

If this does not help, please explain your problem further (and include your
config).

(Note that you should run OpenBSD 6.4 (just use the latest snapshot) for
this as there was at least a bugfix for route-labels.)
wouldn't it be nice to have rtlabels in ospf(6)d? I would even prefer 
setting them per area, or per interface where a route was learned.
just wondering why is it not implemented yet. is that too complex 
change? or just not necessary?


thank you.



Re: Certificate authority software

2018-09-21 Thread Gregory Edigarov




On 21.09.18 15:28, Tim Jones wrote:

‐‐‐ Original Message ‐‐‐
On Friday, September 21, 2018 1:21 PM, Gregory Edigarov  
wrote:


Hello, list.

I need to setup a CA for intranet. I have some (rather not very
positive) experience with ejbca.
before I will set it up, I want to take a look at alternatives, and so i
need an advice on the choice of software.

what would you guys use? something with less dependencies is preferred
(but with web interface).

thank you.




Depends what you want to do and the scale of your infrastructure ?

If its your home lab or a small(ish) business then buy some Yubikeys (for the 
"secure your keys in an HSM" element) and fire up a copy of OpenSSL, and Robert 
is your uncle.

If your talking thousands of users or tens of thousands of servers, then I'm 
sure you've got the budget for to pay for advice. ;-)

Thank you.

we're talking about hundreds of users,  almost all of them are 
roadwarriors with ipsec/openvpn (depending on their preference), and 
tens of servers.

and no, I do not have any budget ;-)



Re: Certificate authority software

2018-09-21 Thread Gregory Edigarov

Forgot to say:

something with dual (command line/web) interface would be even more 
preferred.



On 21.09.18 15:21, Gregory Edigarov wrote:

Hello, list.

I need to setup a CA for intranet. I have some (rather not very 
positive) experience with ejbca.
before I will set it up, I want to take a look at alternatives, and so 
i need an advice on the choice of software.


what would you guys use? something with less dependencies is preferred 
(but with web interface).


thank you.

--

With best regards,

  Gregory Edgarov





Certificate authority software

2018-09-21 Thread Gregory Edigarov

Hello, list.

I need to setup a CA for intranet. I have some (rather not very 
positive) experience with ejbca.
before I will set it up, I want to take a look at alternatives, and so i 
need an advice on the choice of software.


what would you guys use? something with less dependencies is preferred 
(but with web interface).



thank you.

--

With best regards,

  Gregory Edgarov



Re: OpenBSD and letsencrypt in Amazon AWS

2018-09-11 Thread Gregory Edigarov

On 10.09.18 09:08, Jordan Geoghegan wrote:



On 09/09/18 07:05, Monah Baki wrote:

Hi All,

I have a OpenBSD 6.3 server in Amazon AWS, and I am trying to install 
from

ports letsencrypt. Install was running fine till I got a Fatal message
after it was done with the patching process

...


Thanks
Monah
acme-client(1) is in base and is used to get letsencrypt certificates. 
I believe it does the same job as certbot/letsencrypt.


in a way. certbot on the other hand is capable of manual confirmation 
setup, which is necessary for dns-01, to get wildcard certificates.




Re: Configuration of a umb device

2018-07-11 Thread Gregory Edigarov




On 11.07.18 07:13, salan...@ouvaton.org wrote:

9 juillet 2018 08:12 "Gregory Edigarov"  a écrit:

perhaps a simple
route add -net default 100.144.58.18
will do the trick

I have done that, but this result does not change.

# ifconfig umb0
umb0: flags=8851 mtu 1500
 index 13 priority 0 llprio 3
 roaming disabled registration home network
 state up cell-class EDGE rssi -81dBm speed 60.4Kps up 242Kps down
 SIM initialized PIN valid (3 attempts left)
 subscriber-id 310260855911295 ICC-id 8901260851159112954 provider US 
Mobile
 device KRD 131 30/123 - R1A/1 IMEI 004401701565398 firmware R3C11 
(Pro), R4A10 (App)
 APN pwg
 dns 10.177.0.34 10.177.0.210
 status: active
 inet 100.146.18.133 --> 100.146.18.131 netmask 0xfff8
# route add -net default 100.146.18.131
# ping -c1 100.146.18.131
PING 100.146.18.131 (100.146.18.131): 56 data bytes

--- 100.146.18.131 ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss


but at least, now there is no error.
may be it's a provider that blocks traffic.
also can you confirm pf is disabled on your side?



Re: Configuration of a umb device

2018-07-09 Thread Gregory Edigarov

perhaps a simple
route add -net default 100.144.58.18
will do the trick


On 09.07.18 03:37, salan...@ouvaton.org wrote:

Could someone direct me as to how to set up my computer such that I can
get internet access through? I installed a this model of US Mobile SIM card.
https://www.usmobile.com/shop/product/Triple-Cut-GSM-SIM-Card

Then I ran the commands below. What do I need to do next?

$ dmesg|grep umb
umb0 at uhub0 port 4 configuration 1 interface 6 "Lenovo N5321 gw" rev 
2.00/0.00 addr 2
$ ifconfig apn pwg pin 1234 class 2G roaming up
$ ifconfig
umb0: flags=8851 mtu 1500
index 5 priority 0 llprio 3
roaming enabled registration home network
state up cell-class EDGE rssi -77dBm speed 60.4Kps up 242Kps down
SIM initialized PIN valid (3 attempts left)
subscriber-id 310260855911295 ICC-id 8901260851159112954 provider US Mobile
device KRD 131 30/123 - R1A/1 IMEI 004401701565398 firmware R3C11 (Pro), R4A10 
(App)
APN pwg
dns 10.177.0.34 10.177.0.210
status: active
inet 100.144.58.19 --> 100.144.58.18 netmask 0xfff8
$ ping -c1 9.9.9.9
PING 9.9.9.9 (9.9.9.9): 56 data bytes
ping: sendmsg: No route to host
ping: wrote 9.9.9.9 64 chars, ret=-1

--- 9.9.9.9 ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss





Re: Pf syntax, need help understanding an example

2018-06-06 Thread Gregory Edigarov

hi,
$ext_if -     expands to the name of the interface
($ext_if) - expands to the ip address assigned to the interface

On 06.06.18 12:21, Johan Mellberg wrote:

Hi,

I am working my way through "The Book of Pf" and got hung up on the
example on page 31 of edition 3 (I am reading edition 2 but the
example seems to be identical in edition 3):

ext_if = "re0" # macro for external interface - use tun0 or pppoe0 for PPPoE
int_if = "re1" # macro for internal interface
localnet = $int_if:network
# ext_if IPv4 address could be dynamic, hence ($ext_if)
match out on $ext_if inet from $localnet nat-to ($ext_if) # NAT, match IPv4 only
block all
pass from { self, $localnet

So, what it does is not a problem, I understand that, but that set of
parentheses around $ext_if confuses me. The explanation states that
the IPv4 address could be dynamic (which is clear...) but I look at
that example and as far as I understand, $ext_if should expand to
"re0", not an IP address - right?

Just to test I tried a simple line in my own pf.conf (on OpenBSD 6.3):

ext_if = "em0"
set skip on $ext_if

and tested with pfctl -nvf /etc/pf.conf

That worked so then I put parentheses around $ext_if:

set skip on ($ext_if)

and tested again. This time I got a syntax error!

So could someone please explain this to me? I don't think this is an
error in the book because there is a small paragraph apart from the
comment in the example specifically pointing out the value of these
parentheses - but I can't wrap my head around it. Any help
appreciated!

Sincerely, Johan





re0: watchdog timeout on recent current

2018-05-01 Thread Gregory Edigarov

Hello everybody,

ok, so here is the symptoms. the thing happens usually during the high 
traffic, like when I am trying to watch video on a tv, which is 
connected to my home server/router on re0 (it is the local interface).


the video freezes immediately. something like ifconfig re0 down && pfctl 
-Fst && ifconfig re0 up, hepls a bit but not every time, sometimes I 
need to reboot.


during the March and until the middle of April it was working fine, do I 
think it was broklen quite recently.

please let me know if you need more info.

the system is a recent -CURRENT.

dmesg follows:

OpenBSD 6.3-current (GENERIC.MP) #0: Sat Apr 28 10:30:01 EEST 2018
g...@lbld12.duckdns.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17011752960 (16223MB)
avail mem = 16488316928 (15724MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xb3202000 (90 entries)
bios0: vendor American Megatrends Inc. version "3601" date 12/12/2017
bios0: ASUSTeK COMPUTER INC. Q170M-C
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT ASF! MCFG SSDT FIDT SSDT SSDT HPET 
SSDT SSDT UEFI SSDT LPIT WSMT SSDT SSDT DBGP DBG2 TPM2
acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) 
PEG2(S4) SIO1(S3) UAR1(S4) UAR2(S4) PXSX(S4) RP09(S4) PXSX(S4) RP10(S4) 
PXSX(S4) RP11(S4) PXSX(S4) [...]

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2694.73 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN

cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 23MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.72 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN

cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.72 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN

cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.72 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN

cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpihpet0 at acpi0: 2399 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG0)
acpiprt2 at acpi0: bus -1 (PEG1)
acpiprt3 at acpi0: bus -1 (PEG2)
acpiprt4 at acpi0: bus 4 (RP09)
acpiprt5 at acpi0: bus -1 (RP10)
acpiprt6 at acpi0: bus 5 (RP11)
acpiprt7 at acpi0: bus -1 (RP12)
acpiprt8 at acpi0: bus -1 (RP13)
acpiprt9 at acpi0: bus 2 (RP01)
acpiprt10 at acpi0: bus -1 (RP02)
acpiprt11 at acpi0: bus -1 (RP03)
acpiprt12 at acpi0: bus -1 (RP04)
acpiprt13 at acpi0: bus 3 (RP05)
acpiprt14 at acpi0: bus -1 (RP06)
acpiprt15 at acpi0: bus -1 (RP07)
acpiprt16 at acpi0: bus -1 (RP08)
acpiprt17 at acpi0: bus 1 (RP17)
acpiprt18 at acpi0: bus -1 (RP18)
acpiprt19 at acpi0: bus -1 (RP19)
acpiprt20 at acpi0: bus -1 (RP20)
acpiprt21 at acpi0: bus -1 (RP21)
acpiprt22 at acpi0: bus -1 (RP22)

Re: Cold / warm spare for OpenBSD server

2018-04-11 Thread Gregory Edigarov

I would solve the problem of config sync vice versa.
instead of syncing the files from one host to another you could just 
create the same files using any software configuration management system 
like ansible.


of course, you will still need to sync the data, and rsync is your best 
friend here.



On 11.04.18 16:08, Jeff Zimmerman wrote:

Hello!


I administer multiple OpenBSD machines which have been backing up via tar and sftp. I do 
have one server that is mission critical that I'd like to move to a more "warm" 
backup, perhaps using rsync. I already have a second server with the same hardware and 
OpenBSD version that is in a cold state but currently it would take some time to rebuild 
from the backup tars if something happened to the main server.


I see this project as having two different stages. Because I've installed a lot 
of ports and packages outside of the base install, stage one would involve 
installing the same rev of OpenBSD on the redundant machine and having rsync 
sync everything (binaries, config, etc.) from production to the redundant 
machine. Then stage two would pare down the rsync config to only sync the 
dynamic data, like /var/mail, /etc configuration files and that kind of thing.


My questions:

Stage 1: sync the two machines so are initially identical.


When syncing everything from existing to redundant machine in stage 1, what 
directories wouldn't need to be / shouldn't be synced?


I suspect that /dev and /mnt probably shouldn't be synced and probably don't 
need to be synced if the server hardware and OS version is the same between 
machines. Likewise kernel files like /boot and /bsd probably don't need to be 
synced either unless upgrading the kernel for security patches. Are there other 
directories that shouldn't be or don't need to be synced?


Stage 2: sync mail, /etc/passwd, etc. on a regular basis between the machines


I need to mirror /etc, /var/mail, and any other directories with dynamically 
changing data. I'm not so concerned about logs so I probably won't sync all of 
/var. Similar to my question above, are there other directories that would have 
commonly changed data that I should be backing up on a semi-regular basis?


Is rsync the best way to keep two OpenBSD servers in close sync with each other? Is rsync a 
reasonable way to initially mirror the installed ports and packages and configuration data from one 
machine to another? And is there a better way to go about having 2 servers in sync, one 
"hot" and one "warm"?


Thanks!


Jeff




Re: httpd - serving index.html & index.php at the same time

2018-04-11 Thread Gregory Edigarov



On 11.04.18 11:40, Mischa wrote

Ok, good to know. It doesn't work as written. The only thing I see in the 
error.log is the fact that the PHP script is not found.

Access to the script '/htdocs/s/' has been denied (see 
security.limit_extensions)

Which tells me index.php is not requested.

Browser tells me: File not found

Running in debug mode it shows the following

default 46.xx.xx.xx - - [11/Apr/2018:10:24:26 +0200] "GET /s/ HTTP/1.1" 404 0 "" 
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:58.0) Gecko/20100101 Firefox/58.0"
default 46.xx.xx.xx - - [11/Apr/2018:10:24:27 +0200] " " 408 0 "" ""
server default, client 1 (1 active), 46.xx.xx.xx:4824 -> xx.xx.xx.xx, timeout 
(408 Request Timeout)
Primary script unknown
default 46.xx.xx.xx - - [11/Apr/2018:10:24:27 +0200] "GET /s/ HTTP/1.1" 404 0 "" 
"Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:58.0) Gecko/20100101 Firefox/58.0"

Not sure what else to look at. :((

Did some tests.
here's how it works:

    location "/test" {
    block return 301 "/test/"
    }
    location "/test/" {
    root strip 1
    root "/htdocs/phpapp"
    directory index "test.php"
    }

note "root strip 1" directive.



Re: httpd - serving index.html & index.php at the same time

2018-04-11 Thread Gregory Edigarov

On 10.04.18 22:24, Mischa wrote:

Hi All,

Is there a way to serve both static and dynamic content, eg. index.html and 
index.php within the same server { } definition?
I am looking for something like:

server "default" {
 listen on $ext_addr port 80
 root "/htdocs"
 directory index "index.html" # not needed as it's the default
 location "/files/*" {
 root "/htdocs/files"
 directory auto index
 }
 location "^/phpapp/*" {
 root "/htdocs/phpapp"
 directory index "index.php"
 fastcgi socket "/run/php-fpm.sock"
 }
}

Is it possible at all or do I need split static and dynamic content based on 
server { }?


Seems like it should work exactly as you have written.
if not you should show more then you've shown.



Re: Flow Tools

2018-03-14 Thread Gregory Edigarov
Sorry, if I hijack the thread, but what do you guys use for netflow 
analysis?

Only know nfsen in ports, but sometimes I need more versatile tool.

On 13.03.18 20:35, Diana Eichert wrote:

I've been using samplicator to fanout UDP flow data for years.

https://github.com/sleinen/samplicator

diana


On Tue, 13 Mar 2018, Paul Ammann wrote:


Hi

I've got a problem and I'm hoping OBSD may be able to solve my problem.

We bought new firewalls in 2017, but they can only send flow traffic 
to a single destination. We need to send flow traffic to 3 destinations.


I have a copy of Michael Lucas' book Network Flow Analysis, and I've 
been reading about flow-tools and flowd. Unfortunately there doesn't 
seem to have been a lot of development on these tools since 2010.


Are there any other tools that I may have missed that would help me 
solve my problem?


Thank you in advanced.

Paul









deadfs, fifofs

2018-01-17 Thread Gregory Edigarov

Hello,

Curiosity killed the cat.

What are those for? I cannot find any reference in docs.

Thank you.

--

With best  regards,

    Gregory Edigarov




Re: state of Netdata on OpenBSD

2018-01-11 Thread Gregory Edigarov

On 10.01.18 18:58, Alceu R. de Freitas Jr. wrote:

Hello folks,
I'm considering installing Netdata on OpenBSD 6.2, but I found this issue on 
Github:
https://github.com/firehol/netdata/issues/1083
Unfortunately, it doesn't tell if Netdata works out of the box on OpenBSD, if 
requires the Collectd (supposedly integrated with it) or if it doesn't work at 
all.
Did you guys have any success in using it?
It did gave a shot to Collected, the problem was to get a decent web app to 
visualize the charts...


Collectd is capable of writting the data it collects to several time 
series databases like influx or prometheus.
You can use Grafana then, to visualize the data. The problem here is 
that you're still on your own to make the

nice looking dashboard.



Re: reboot loop on -current, one machine of several

2017-11-13 Thread Gregory Edigarov



On 12.11.17 21:59, Nick Holland wrote:

On 11/12/17 14:13, Otto Moerbeek wrote:

On Sun, Nov 12, 2017 at 01:28:39PM -0500, Nick Holland wrote:


Help.

I was upgrading a few very similar machines to -current today.
ONE of the three decided to be unpleasant.  The thing has a
serial console, and but it is about 370km from me. :-/

Upgrade from Sep 9 current to today's current via bsd.rd, just
like the other two.

Upon reboot, it does this (from /boot) :

booting hd0a:/bsd: 8484712+2429968+244048+0+667648 [636809heap full 
(0x9d304+65536)

And then reboots the system, as if from power-down/power-up.
(already something I haven't seen before)

Reboot from "bsd.rd" and "bsd.sp", same results.  reboot from "obsd"
(Sept 9), same results.  Not a kernel problem, it seems.  About this
point, I'm starting to think how the serial console has let me down.

I remember how to bring up a DRAC remote CD image via ssh tunnels
to the drac and how to run java in a windows browser, and
reboot off the remote CD image, do another upgrade, all goes fine
(again), but upon reboot, same results...  "heap full" and reboot.

Boot from remote CD, at the boot> prompt, enter "boot hd0a:/bsd",
and it boots Just Fine from the local hard disk (only boot pulled
from the remote CD).  Boot loader!  Reinstalled boot:

# installboot -v sd0
Using / as root
installing bootstrap on /dev/rsd0c
using first-stage /usr/mdec/biosboot, second-stage /usr/mdec/boot
copying /usr/mdec/boot to /boot
/boot is 3 blocks x 32768 bytes
fs block shift 3; part offset 64; inode block 24, offset 2088
master boot record (MBR) at sector 0
 partition 3: type 0xA6 offset 64 size 2000397671
/usr/mdec/biosboot will be written at sector 64

good, right?

Reboot off local hard disk, boom.  problem is still there.  maybe
not the boot loader. :-/

Verified /boot on trouble system and good system are the same.

I'm not going to cry "bug", since there are two nearly identical
systems working just fine.  But I can't think of what I did wrong
or what to do to fix it.

Suggestions?

You are hitting -DHEAP_LIMIT=0xA in /boot. The code is in libsa/alloa.c

No idea why. But something in that system is different.

You do have one weird line in your disklabel output: a filesystem
mounted on swap?

that's an mfs.  This application has one directory which has a HUGE
benefit to an MFS for tmp files.  Though the reboot happens long before
the mfs is created.


  scsibus1 at ahci0: 32 targets
-sd0 at scsibus1 targ 2 lun 0:  SCSI3 0/direct 
fixed naa.50025388400562d4
+sd0 at scsibus1 targ 0 lun 0:  SCSI3 0/direct 
fixed naa.50025388400563fe
  sd0: 976762MB, 512 bytes/sector, 2000409264 sectors, thin
-sd1 at scsibus1 targ 3 lun 0:  SCSI3 0/direct 
fixed naa.5002538c70007b02
-sd1: 1953514MB, 512 bytes/sector, 4000797360 sectors, thin
+cd0 at scsibus1 targ 1 lun 0:  ATAPI 5/cdrom 
removable
  ichiic0 at pci0 dev 31 function 3 "Intel 6 Series SMBus" rev 0x04: apic 0 int 
19
  iic0 at ichiic0

My suspicion goes to SSDs. one of them have somehow become bad.


Nick.





Re: Is there an option switch to lower minimum DH strength in SSH client?

2017-11-03 Thread Gregory Edigarov

On 03.11.17 14:37, Janne Johansson wrote:

2017-11-03 5:06 GMT+01:00 Jacob Leifman :


I was finally able to bring our OpenBSD based Network Management System up
to the current OS release (it was a couple of years out of date) but this
process broke access to a large number of older HP switches on our network.




But this breaks the use of SSH client leaving little recourse other
than perhaps telnet with NO encryption instead of somewhat weak encryption,
as the "server" is outside of our control. (I already checked that we have
the latest firmware, less than one year old.)

Is this an oversight or is there a particular logic to intentionally
breaking compatibility with a not-insignificant base of installed
equipment?



If your vendor, even with a <1y firmware still only can handle old and
deprecated
keysizes, you should not ask for everyone elses sshs to become worse, but
rather
push the vendor to get up to speed, and since that will not work, you will
have to
resort to building older ssh and use that instead of the safer one that
comes with
the modern OS you upgraded to.

Same goes for browsers and https, the bad parts of SSL/TLS gets weeded out
in browsers
so that the majority of users are safe, not kept to cater to the lowest
common denominator
of the laziest vendor still alive.

You should be asking HP how come they can't keep the free sshd code updated,
if security is your prime concern, not ask openbsd to lower everyone elses
security.

I think for most vendors, it is a rather administrative, than technical 
question.
Yes, their technical people can update code, yes they can do it quick, 
but their management is slow...




Re: Fail2ban alternative for OpenBSD

2017-11-03 Thread Gregory Edigarov

On 02.11.17 20:19, Stuart Henderson wrote:

On 2017-10-30, Gregory Edigarov <ediga...@qarea.com> wrote:

On 29.10.17 03:20, x9p wrote:

Coming from the Linux world, I wonder if there is a better alternative
to fail2ban, already being used in OpenBSD servers by the majority.


I suggest you NEVER use such "solutions". It's security by obscurity
model, and therefore a bad very very bad thing.
You'd be much safer completely turning off password authentication,
using keys instead.

If someone is pushing a lot of auth attempts, they can be consuming meaningful
amounts of cpu. (They're usually too quick to show up in top). So restricting it
can be useful from that point of view.

Myself, I normally restrict ssh to connecting from a predefined list of IPs 
though ...

And it is a right behavior when you can define such a list.
myself, I just turn off password auth, and have my keys on a pen drive.



Re: Fail2ban alternative for OpenBSD

2017-10-30 Thread Gregory Edigarov

On 29.10.17 03:20, x9p wrote:


Coming from the Linux world, I wonder if there is a better alternative 
to fail2ban, already being used in OpenBSD servers by the majority.


I suggest you NEVER use such "solutions". It's security by obscurity 
model, and therefore a bad very very bad thing.
You'd be much safer completely turning off password authentication, 
using keys instead.




Re: Flask app as UWSGI returning 500 when accessed through OpenBSD HTTPD

2017-10-18 Thread Gregory Edigarov

On 18.10.17 10:36, Ajitabh Pandey wrote:

$ uwsgi --http : --wsgi-file myproject.py --master --callable app

$ curl http://127.0.0.1:/

returns the contents, but when I access the page as

http://192.168.1.111/hello/

I get 500.

Any pointers will be helpful.


hi, what's in your error.log?



Re: migrate .htaccess conent to httpd.conf

2017-10-03 Thread Gregory Edigarov

On 03.10.17 15:10, rosjat wrote:

Hi there,

I was wondering if there is some guidence out there for this sort of 
thing? I know it's possible to simply block directories or put basic 
auth in front of it but what's about some more fine grained stuff for 
a file in a directory? Like this



    order deny,allow
    
    deny from all
    


    
    Require all denied
    


Is there a way to rewrite this for the httpd.conf ?


try this:
location template.* {
    block;
}
untested, but should work.

And 2nd question would be how to give the user a way to implement 
something like it on there own? I was thinking of a simply standard 
include in the server definition but this might mess things up



there is no such thing as .htaccess in httpd.

regards





Re: Need help securing SMTP (thunderbird says it's not encrypted)

2017-07-28 Thread Gregory Edigarov



On 27.07.17 15:56, Paul Covello wrote:

I have an OpenBSD 6.1 box set up with OpenSMTPD and Dovecot on Vultr (a 
VPS provider).

This machine is intended for use as my primary mail server.  I have a Let’s 
Encrypt certificate installed and declared in the smtpd.conf file like so:

I can send and receive mail ok using Apple Mail on my mac.  Thunderbird is 
another story…  I am warned when I set up the account that SMTP is NOT 
encrypted.

This has driven me batty all week.  My Google-Foo fails me and reading through 
my Dovecot book and smtpd man pages have not enlightened me as to why this is 
not using TLS.

When I telnet to the machine on port 587 and issue the EHLO command, STARTTLS 
does appear in the response.  Also, OpenSMTPD shows when I type the help 
command.

issuing a Mail command comes back with the response that STARTTLS must be done 
first.

Can someone clue me in on what I might be missing?

in thunderbird set Connection security to STARTTLS



Thanks in advance for your help!

— Paul.





Re: Skylake experience with -current

2017-07-12 Thread Gregory Edigarov

Well, I notice some artifacts on my system.

Using spectrwm and spacemacs, the status bar in spacemacs shows 
artifacts often. it looks like something screws that and only that video 
page area while I am being switched away from emacs.


Found this line on my dmesg:

error: [drm:pid25275:intel_pipe_update_start] *ERROR* Potential atomic 
update failure on pipe A


could be related.

switch back and forward usually help.
my kernel is basically the GENERIC.MP with pcppi and spkr disabled, that 
hang my system at boot


$ cat /usr/src/sys/arch/amd64/conf/MY

include "arch/amd64/conf/GENERIC"

option  MULTIPROCESSOR
#option MP_LOCKDEBUG

cpu*at mainbus?

pcppi0 at isa? disable
spkr0  at pcppi? disable

dmesg:

OpenBSD 6.1-current (MY) #3: Sat Jul  8 14:09:57 EEST 2017
g...@lbld12.duckdns.org:/usr/obj/sys/arch/amd64/compile/MY
real mem = 15332810752 (14622MB)
avail mem = 14862327808 (14173MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x971d6000 (91 entries)
bios0: vendor American Megatrends Inc. version "2003" date 09/21/2016
bios0: ASUSTeK COMPUTER INC. Q170M-C
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT FIDT MCFG HPET SSDT LPIT SSDT SSDT 
SSDT SSDT DBGP DBG2 SSDT SSDT UEFI SSDT ASF!
acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) 
PEG2(S4) UAR1(S4) UAR2(S4) PS2K(S3) PS2M(S3) PXSX(S4) RP09(S4) PXSX(S4) 
RP10(S4) PXSX(S4) RP11(S4) [...]

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2712.00 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT

cpu0: 256KB 64b/line 8-way L2 cache
cpu0: TSC frequency 271200 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 23MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2712.00 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT

cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2712.00 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT

cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2712.00 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT

cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpihpet0 at acpi0: 2399 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG0)
acpiprt2 at acpi0: bus -1 (PEG1)
acpiprt3 at acpi0: bus -1 (PEG2)
acpiprt4 at acpi0: bus 4 (RP09)
acpiprt5 at acpi0: bus -1 (RP10)
acpiprt6 at acpi0: bus 5 (RP11)
acpiprt7 at acpi0: bus -1 (RP12)
acpiprt8 at acpi0: bus -1 (RP13)
acpiprt9 at acpi0: bus 2 (RP01)
acpiprt10 at acpi0: bus -1 (RP02)
acpiprt11 at acpi0: bus -1 (RP03)
acpiprt12 at acpi0: bus -1 (RP04)
acpiprt13 at acpi0: bus 3 (RP05)
acpiprt14 at acpi0: bus -1 (RP06)
acpiprt15 at acpi0: bus -1 (RP07)
acpiprt16 at acpi0: bus -1 (RP08)
acpiprt17 at acpi0: bus 1 (RP17)
acpiprt18 at acpi0: bus -1 (RP18)
acpiprt19 at acpi0: bus -1 (RP19)
acpiprt20 at acpi0: bus -1 (RP20)
acpiprt21 at 

Re: shouldn't ping -I bypass all normal routing?

2017-05-22 Thread Gregory Edigarov



On 21.05.17 17:16, Stuart Henderson wrote:

On 2017-05-19, Gregory Edigarov <ediga...@qarea.com> wrote:

Hi, everybody

I've run into a strange problem while trying to implement cisco's 'ip
sla' replacement for a customer.

at an openbsd router i have

em0: 192.168.0.1/24 - local network

em1: 111.111.111.2/30 - uplink 1

em2: 222.222.222.2/30 - uplink 2

ip forwarding is on, routes received via bgp, everything work as expected.

the only problem is when something happens deep inside uplink's network:

sessions stay up, routes still present, but no traffic can pass though
uplink.

BFD would help, may be, but I stick to what i have right now.

I am trying to
ping -I 111.111.111.2 8.8.8.8

but get no answer, because route to 8.8.8.8 set through uplink2, furthermore

i see my pings on em2 with tcpdump which seems rather strange to me, as
I am enforcing the interface.

if i ping 8.8.8.8 the normal way "it works" (tm).

pinging with -I 222.222.222.2 works too.

so ?

perhaps I am overlooking something very-very basic, so help me to get
off the brake.

ping -I doesn't enforce the interface, all it does is set the source
address.  You could enforce with a PF route-to rule if you like.
well, it's ok, but then I will need to switch rules every time like:  
ping uplink1, switch pf rule, ping, switch. which is not good.
but may be i will be able to implement something with multiple routing 
tables

anyway thanks, Stuart.



Re: shouldn't ping -I bypass all normal routing?

2017-05-19 Thread Gregory Edigarov



On 19.05.17 18:47, Gregory Edigarov wrote:

Hi, everybody

I've run into a strange problem while trying to implement cisco's 'ip 
sla' replacement for a customer.


at an openbsd router i have

em0: 192.168.0.1/24 - local network

em1: 111.111.111.2/30 - uplink 1

em2: 222.222.222.2/30 - uplink 2

ip forwarding is on, routes received via bgp, everything work as 
expected.


the only problem is when something happens deep inside uplink's network:

sessions stay up, routes still present, but no traffic can pass though 
uplink.


BFD would help, may be, but I stick to what i have right now.

I am trying to
ping -I 111.111.111.2 8.8.8.8

but get no answer, because route to 8.8.8.8 set through uplink2, 
furthermore


i see my pings on em2 with tcpdump which seems rather strange to me, 
as I am enforcing the interface.


if i ping 8.8.8.8 the normal way "it works" (tm).

pinging with -I 222.222.222.2 works too.

so ?

perhaps I am overlooking something very-very basic, so help me to get 
off the brake.



and yes, it is the 6.1 amd64

--

With best regards,

     Gregory Edigarov







shouldn't ping -I bypass all normal routing?

2017-05-19 Thread Gregory Edigarov

Hi, everybody

I've run into a strange problem while trying to implement cisco's 'ip 
sla' replacement for a customer.


at an openbsd router i have

em0: 192.168.0.1/24 - local network

em1: 111.111.111.2/30 - uplink 1

em2: 222.222.222.2/30 - uplink 2

ip forwarding is on, routes received via bgp, everything work as expected.

the only problem is when something happens deep inside uplink's network:

sessions stay up, routes still present, but no traffic can pass though 
uplink.


BFD would help, may be, but I stick to what i have right now.

I am trying to
ping -I 111.111.111.2 8.8.8.8

but get no answer, because route to 8.8.8.8 set through uplink2, furthermore

i see my pings on em2 with tcpdump which seems rather strange to me, as 
I am enforcing the interface.


if i ping 8.8.8.8 the normal way "it works" (tm).

pinging with -I 222.222.222.2 works too.

so ?

perhaps I am overlooking something very-very basic, so help me to get 
off the brake.


--

With best regards,

     Gregory Edigarov





Re: why does unbound listen as root

2017-05-12 Thread Gregory Edigarov

s don't tell that to my unbound )

➜  ~ ps aux |grep unb
_unbound 65312  0.0  0.2 30960 26056 ??  IsThu06AM0:00.41 
unbound -c /var/unbound/etc/unbound.conf



On 12.05.17 11:12, Luke Small wrote:

pf rule execution says it listens as root, but it connects as the _unbound
user, when configured to run as _unbound. Why doesn't it listen, bind, etc.
as root, drop privileges and pledge away privilege escalation? Is it to
avoid more #ifdef hell? Or can you not listen to a privileged port if you
drop privileges?




Re: With Multiple PPPoE interfaces on one will work

2017-05-10 Thread Gregory Edigarov

Hi,
before anything it is necessary to provide a defintion of "not working" 
and some evidence, like ifconfig, netstat -rn, ping, etc. then somebody 
will be able to help you.
the more information you will provide, the quicker response with a 
solution you will get.



On 10.05.17 07:53, Steve wrote:

  Hello,
In 5.7 it was possible to have multiple pppoe interfaces active and 
working.This used to work fine with ifstated monitoring for outage and changing 
routing appropriatelyIn either 5.8 or 5.9 this seems to have stopped 
working.With both interfaces configured only one interface will ever become 
active.
I am unable to test with 6.0 or 6.1 at the moment.
Is anyone familiar with this issue ?
Can anyone confirm if this is resolved in 6.0 or 6.1.
Thank you.




Re: Using "Pretty" permalinks with httpd in wordpress

2017-01-09 Thread Gregory Edigarov

On 06.01.17 15:42, Atanas Vladimirov wrote:

On 06.01.2017 13:35, Jiri B wrote:

On Fri, Jan 06, 2017 at 01:32:10PM +0200, Atanas Vladimirov wrote:

Hi,

I can't figure it out.
Is it possible to use Wordpress with OpenBSD httpd and configure both
for "Pretty" permalinks.
Does anyone have a working setup?
Thanks for your time,
Atanas


Help testing this diff 
http://marc.info/?l=openbsd-tech=148370177214134=2


j.

I know about the diff and I'm testing it right now.
The problem is that I really don't know what to put in
httpd.conf.
I try to "translate" Wordpress .htaccess with no luck:

# BEGIN WordPress

RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
^^^ this rule doesn't rewrite index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
^^^ this rule rewrites any single character to /index.php
if %{REQUEST_FILENAME} is not a real file or directory

# END WordPress

Do I read/understand the .htaccess file correctly?
In my httpd.conf:
.
# art-katerina.com
server "art-katerina.com" {
listen on * tls port 443
alias www.art-katerina.com
directory index index.php
root "/domains/art-katerina.com/"
hsts
log {
access "art-katerina-access.log",
error "art-katerina-error.log",
style combined
}
location "/.well-known/acme-challenge/*" {
root "/acme"
root strip 2
}
tls {
certificate 
"/etc/ssl/acme/art-katerina.com/fullchain.pem"

key "/etc/ssl/acme/private/art-katerina.com/privkey.pem"
}
location "*.php" {
fastcgi socket "/run/php-fpm.sock"
}
location match "(.)" {
pass rewrite "/index.php"
fastcgi socket "/run/php-fpm.sock"
}
you seem to be wrong here.  location match "(.)"   mean exactly 
_ONE_ single character.  may be you mean location match "(.+)"

.




Re: rsyslog does not produce log on OpenBSD 6.0

2016-12-22 Thread Gregory Edigarov

On 20.12.16 13:47, Stuart Henderson wrote:

On 2016-12-17, Remi Locherer  wrote:

On December 17, 2016 12:07:18 PM GMT+01:00, Federico Donati 
 wrote:

Hi all,

I've a problem with an OpenBSD 6.0 box with rsyslog.

I need to send every local logs to a remote server and I can't use
syslogd, because it does not send the hostname of the server (the one
indicated in /etc/myname), but on the remote server messages come with
the PTR record of my public ip.

have you tried -h for syslogd from base?

Yep this is the easy way.


I've installed rsyslogd, but it doesn't send anything to the remote
server. And more than that, it doesn't write anything local.

Since 5.6, OpenBSD uses a special sendsyslog(2) system call for
logging. This avoids the need for a device node and available file
descriptor, which helps with chrooted programs, or if someone is
able to cause too many FDs to be opened in an attempt to prevent
logging from working.

It needs a syslogd that is able to receive these messages. It's a
fairly simple change (see src/usr.sbin/syslogd/syslogd.c r1.111)
but afaik none of the third-party log daemons support it yet.
It's quite likely that diffs to add support for this to other
daemons would be accepted for ports, maybe upstreams would accept
them too.

Workaround for this without modifying the syslog daemon:
- run normal OpenBSD syslogd in addition to the other daemon
- have the other syslog daemon bind to a specific IP address
- have OpenBSD syslogd feed the other daemon using a network socket

Or, do not run anything else then syslogd. Seriously, I can't thought 
off any case where

that wouldn't be enough.



Re: Browser is getting slower?

2016-11-21 Thread Gregory Edigarov

On 21.11.16 15:56, George Pediaditis wrote:

Ok you are right im sorry.
Im definitively sure that iridium(its like chromium) is getting slower
after a couple of weeks. Its so slow that im waiting 7+ sec to start.
Also cpu is high and everything on the browser is really slow.  The
problem is solved when i clean my history etc. Now it takes about 1-2
sec to start it.
I have tried Firefox before but its even worse.It crashes is slow and
cpu is high.

which extensions are installed in iridium?
is iridium always running, or you load it every time?


This is my dmesg.
OpenBSD 6.0-stable (GENERIC.MP) #0: Tue Nov  8 19:51:42 EET 2016
 g...@openbox.my.domain:/usr/src/sys/arch/amd64/compile/GENERIC.MP
RTC BIOS diagnostic error 80
real mem = 8474267648 (8081MB)
avail mem = 8212963328 (7832MB)
mpath0 at root
scsibus0 at mpath0: 256 targets

OpenBSD 6.0-stable (GENERIC.MP) #0: Tue Nov  8 19:51:42 EET 2016
 g...@openbox.my.domain:/usr/src/sys/arch/amd64/compile/GENERIC.MP
RTC BIOS diagnostic error 80
real mem = 8474267648 (8081MB)
avail mem = 8212963328 (7832MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xe6dc0 (71 entries)
bios0: vendor LENOVO version "0XCN23WW" date 03/21/2016
bios0: LENOVO 80SR
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP TCPA UEFI UEFI SSDT SSDT TPM2 MSDM SSDT DBGP
DBG2 ASF! ASPT BOOT DBGP HPET LPIT APIC MCFG SSDT SSDT SSDT SSDT DMAR
FPDT
acpi0: wakeup devices GLAN(S3) XHC_(S3) XDCI(S4) HDAS(S3) PXSX(S3)
RP01(S3) PXSX(S3) RP02(S3) PXSX(S3) RP03(S3) PXSX(S3) RP04(S3)
PXSX(S3) RP05(S3) PXSX(S3) RP06(S3) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 2399 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2395.19 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA
DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS
GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT
,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 23MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2394.41 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA
DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS
GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT
,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 1 (application processor)
cpu2: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2394.41 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA
DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS
GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT
,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 1, core 0, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2394.41 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA
DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS
GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT
,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (RP01)
acpiprt2 at acpi0: bus -1 (RP02)
acpiprt3 at acpi0: bus -1 (RP03)
acpiprt4 at acpi0: bus -1 (RP04)
acpiprt5 at acpi0: bus 1 (RP05)
acpiprt6 at acpi0: bus 2 (RP06)
acpiprt7 at acpi0: bus -1 (RP07)
acpiprt8 at acpi0: bus -1 (RP08)
acpiprt9 at acpi0: bus -1 (RP09)
acpiprt10 at acpi0: bus -1 (RP10)
acpiprt11 at acpi0: bus -1 (RP11)
acpiprt12 at acpi0: bus -1 (RP12)
acpiprt13 at acpi0: bus -1 (RP13)
acpiprt14 at acpi0: bus -1 (RP14)
acpiprt15 at acpi0: bus -1 (RP15)
acpiprt16 at acpi0: bus -1 (RP16)
acpiprt17 at acpi0: bus -1 (RP17)
acpiprt18 at acpi0: bus -1 (RP18)

Re: What are the security features in OpenBSD 6.0 that are by default disabled?

2016-10-17 Thread Gregory Edigarov

On 14.10.16 22:48, Raul Miller wrote:

On Fri, Oct 14, 2016 at 2:50 PM, thrph.i...@gmail.com
 wrote:

" The only truly secure system is one that is powered off, cast in a block of 
concrete and sealed in a lead-lined room with armed guards - and even then I have my 
doubts."

Powered off works surprisingly well for some other operating systems.


well, not any more, in the presence of Intel AMT...



Re: unbound and truly multihomed setup

2016-09-30 Thread Gregory Edigarov
after all, it revealed to be just fiber connection fucked up, and 
causing the enormous packet drops.  sorry for the noise



On 29.09.16 10:48, Gregory Edigarov wrote:

Hi,

Need an advice.

I have a bgp router with 3 interfaces:

em0 (xxx.yyy,zzz.1/24),
em1, em2 - looking at uplinks

bgp is up and running, packets are forwarded just fine. also there is 
nsd, listening on both em1,em2 serving my reverse zone.


so far everything works.

now I want this host also be a resolver for lan, that sits  on 
xxx.yyy,zzz.1


here is what I have in unbound.conf


server:
verbosity: 1
outgoing-interface: 0.0.0.0
interface: 127.0.0.1
interface:
access-control: 127.0.0.0/8 allow
access-control: xxx.yyy.zzz.0/24 allow
access-control: ::1 allow
access-control: :::127.0.0.1 allow
root-hints: /etc/unbound/root.hints

some hosts are resolving correctly, for example google.com, but many 
have SERVFAIL.


if I have
outgoing-interface: xxx.yyy.zzz.1

nothing works.


so the question is: how to make unbound work in such setup?

thank you.

--

With best regards,

Gregory Edigarov




Re: unbound and truly multihomed setup

2016-09-29 Thread Gregory Edigarov

Hi Craig,

On 29.09.16 13:28, Craig Skinner wrote:

Hi Gregory,

On Thu, 29 Sep 2016 10:48:37 +0300 Gregory Edigarov wrote:

em0 (xxx.yyy,zzz.1/24),
em1, em2 - looking at uplinks
...

  outgoing-interface: 0.0.0.0

Removing the outgoing-interface line would probably resolve it.


Adding this private-addres line might help too:

private-address: xxx.yyy.zzz.0/24


Multiple outgoing-interface lines can be put in,
for each of your em1 & em2 interfaces,

I cannot use interfaces em1 and em2, it's where nsd is listening.
I removed the outgoing interface line. still no effect.
the description of private-address: directive has nothing relevant to my 
situation, but I've tried it, and still got nothing.



and separate lines for IPv4 & IPv6 too, for each interface.

The default is 'all', so its a bit pointless to manually list all your
external interfaces.


See /usr/src/usr.sbin/unbound/doc/example.conf.in
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/unbound/doc/example.conf.in

Cheers,




Re: unbound and truly multihomed setup

2016-09-29 Thread Gregory Edigarov

corrected unbound.conf snippet, just to be sure I am properly understood


On 29.09.16 10:48, Gregory Edigarov wrote:

Hi,

Need an advice.

I have a bgp router with 3 interfaces:

em0 (xxx.yyy,zzz.1/24),
em1, em2 - looking at uplinks

bgp is up and running, packets are forwarded just fine. also there is 
nsd, listening on both em1,em2 serving my reverse zone.


so far everything works.

now I want this host also be a resolver for lan, that sits  on 
xxx.yyy,zzz.1


here is what I have in unbound.conf


server:
verbosity: 1
outgoing-interface: 0.0.0.0
interface: 127.0.0.1
interface: xxx.yyy.zzz.1
access-control: 127.0.0.0/8 allow
access-control: xxx.yyy.zzz.0/24 allow
access-control: ::1 allow
access-control: :::127.0.0.1 allow
root-hints: /etc/unbound/root.hints

some hosts are resolving correctly, for example google.com, but many 
have SERVFAIL.


if I have
outgoing-interface: xxx.yyy.zzz.1

nothing works.


so the question is: how to make unbound work in such setup?

thank you.

--

With best regards,

Gregory Edigarov




unbound and truly multihomed setup

2016-09-29 Thread Gregory Edigarov

Hi,

Need an advice.

I have a bgp router with 3 interfaces:

em0 (xxx.yyy,zzz.1/24),
em1, em2 - looking at uplinks

bgp is up and running, packets are forwarded just fine. also there is 
nsd, listening on both em1,em2 serving my reverse zone.


so far everything works.

now I want this host also be a resolver for lan, that sits  on xxx.yyy,zzz.1

here is what I have in unbound.conf


server:
verbosity: 1
outgoing-interface: 0.0.0.0
interface: 127.0.0.1
interface:
access-control: 127.0.0.0/8 allow
access-control: xxx.yyy.zzz.0/24 allow
access-control: ::1 allow
access-control: :::127.0.0.1 allow
root-hints: /etc/unbound/root.hints

some hosts are resolving correctly, for example google.com, but many 
have SERVFAIL.


if I have
outgoing-interface: xxx.yyy.zzz.1

nothing works.


so the question is: how to make unbound work in such setup?

thank you.

--

With best regards,

Gregory Edigarov



Re: traceroute and pf

2016-09-28 Thread Gregory Edigarov

because it drops privs once initialization done.

On 28.09.16 14:24, johnw wrote:

On 09/28/2016 07:05 PM, Janne Johansson wrote:

Apart from PF failing the syntax, what would one expect to achieve with

=0 ?

That would always cover all users, since its never a negative number.
/usr/include/sys/types.h:typedef__uid_t uid_t;
  /* user id */
/usr/include/sys/_types.h:typedef   __uint32_t  __uid_t;
  /* user id */



No, PF do not failing the syntax, pfctl -f pf.conf without any error and
pfctl can load the rule (pfctl -sr can see it)

I mean is why, below rule do not let traceroute work?

pass out quick on $ext_if inet proto udp from ($ext_if) to any user 0

then run traceroute as root:   traceroute google.com

traceroute to google.com (216.58.221.238), 64 hops max, 40 byte packets
traceroute: sendto: No route to host
1 traceroute: wrote google.com 40 chars, ret=-1

Thanks.




Re: It is too late for that all the developers to do the right thing?

2016-09-21 Thread Gregory Edigarov

Yeah, everybody is too old here, so pass away, do not stay here, troll


On 20.09.16 20:06, velocidade da luz wrote:

Theo de Raadt wrote:

"The Race is there to be run, for ourselves, not for others. We do what we
do to run our own race, and finish it the best we can. We don't rush off at
every distraction, or worry how this will affect our image. We are here to
have fun doing right."

It is too late for that all the developers to do the right thing?

I want to have fun doing right.




Re: Long life on SSD in a firewall environment

2016-06-21 Thread Gregory Edigarov

On 21.06.16 16:55, Kenneth Gober wrote:

On Sun, Jun 19, 2016 at 5:56 AM, Sjöholm Per-Olov  wrote:

Does anyone know if there exist any list of recommendations about how to

make

an SSD disk to live as long as possible when using it for firewall purpose

on

OpenBSD?

I don't know of a list, aside from what you find in this thread and similar
threads on this list from the past.

My own first recommendation is not to worry about it.

My second recommendation is: if you must worry about it, change as little
as possible.  you don't want to make updates difficult due to excessive
customization.

I am running OpenBSD 5.9 on an Internet-facing router, on Soekris hardware
with
4GB mSATA SSD storage.  My only concern about SSD durability relates to
/var/log and the potential for Internet traffic to cause constant writes
there.
So I have made minimal changes to guard against that:

DO NOT MAKE THESE CHANGES ON YOUR OWN SYSTEM UNLESS
YOU UNDERSTAND WHAT THEY DO.

1. when installing OpenBSD, put /var/log on its own 128MB partition.

2. after your first boot, convert /var/log to use MFS:
 mkdir -p /mfs/log
 cd /etc
 mv fstab fstab~
 sed -e's|/var/log|/mfs/log|' fstab
 cat >>fstab
 swap /var/log mfs rw,nodev,nosuid,-s=128M,-P=/mfs/log 0 0
 ^D

3. reboot so that the above /etc/fstab changes take effect.

4. configure rsync to periodically checkpoint /var/log to /mfs/log:
 pkg_add rsync
 crontab -e
 (add the following lines)
 #
 # checkpoint log files
 10*/4***/usr/local/bin/rsync -ayH
--delete-after /var/log/ /mfs/log

5. also save /var/log to /mfs/log on shutdown:
 cat >>/etc/rc.shutdown
 /usr/local/bin/rsync -ayH --delete-after /var/log/ /mfs/log
 ^D

I sync /var/log to /mfs/log only every 4 hours because I have reliable power.
If you have unreliable power (or unreliable hardware) or your firewall
crashes
or reboots for unknown reasons you may want to sync more often.  Actually
in that case you probably shouldn't use an MFS /var/log at all.

When I first did this it was more than 2 years ago.  Today SSD storage has
improved enough that this shouldn't be needed (see my first recommendation
above not to worry about it).

-ken


well, but why not just settup syslogd to fan logs out to some other server?



wx violations (a question)

2016-05-31 Thread Gregory Edigarov

Hi,

I have a question about the implementation of W^X protection.
We now have a per filesystem knob wxallowed. but wouldn't it be better
to implement with per-exec granularity?

i.e. chflags wxallowed 

--
With best regards,
Gregory Edigarov



Re: Alternate Puffy Logo Design

2016-05-19 Thread Gregory Edigarov

seemingly, the spring was near its end...

On 19.05.16 17:58, Joe Schillinger wrote:

Not sure if the new site design going to go anywhere, but it seems like
an alright time to share a little logo I did based on a hackathon
t-shirt graphic. Here's a modified and colorized version of Puffy from
the l2k15 shirt (original design by Markus Hall):
https://u.teknik.io/OEyHA.png

The vector file needs some cleaning up in order to be "perfect", but I
think it looks nice enough when converted to pixels. If anyone likes it
enough I can provide them with all of the files.

I'm not sure how licensing on the artwork works, but considering it's
for the t-shirts, I would assume the OpenBSD project owns the design.
I'll cautiously say "feel free to use it for whatever you want within
the project". If someone else has more info (whether it's okay to use
outside the project as well) let me know.

Thanks,
Joe




Re: Happy Birthday Theo!

2016-05-19 Thread Gregory Edigarov

Many many happiest returns of the day!

On 19.05.16 09:26, Craig Skinner wrote:

May you triumphly hike
whatever hills you like!

Cheers!




non-wintel hardware choices

2016-05-05 Thread Gregory Edigarov

Hi  everybody,

if I want to build a non-wintel system with commodity running OpenBSD 
without problems, what are my options?
preferably something non-apple also, which i will be able to connect 
display, mouse, and keyboard, and hopefully run X, etc.


--
With best regards,
  Gregory Edigarov



Re: providing users with equal bandwidth

2016-02-04 Thread Gregory Edigarov

On 04.02.16 01:09, Tarkan Açan wrote:

hello misc,

i am using openbsd 5.8 amd64 on my apu 1d4 with success but i have one big
problem. the queue mechanism in pf allows some traffic shaping but what i
really need is to give users their share of the bandwidth. for this i need
some connection based algorithm like sfq (linux) or cbq (mikrotik - routeros).
i have read and searched around a lot but it seems not possible to do such a
thing with pf. is it possible to arrange this kind of bandwith sharing with a
proxy like relayd? does anybody have suggestions? all feedback is sincerely
appreciated.

that's what queues are there for...



Re: [OpenBGPD] Problem with many (fast connecting) Peers

2016-01-26 Thread Gregory Edigarov

On 26.01.16 16:41, Daniel Seidenstücker wrote:

Dear OpenBGPD Community,



in order of measuring the performance of OpenBGPD I need to connect it with
a huge amount of peers (realized by ExaBGP). OpenBGPD 5.8 works well with
100 Peers but if I increase that number to 250 I got every try the same
error (debug mode):



handle_pollfd: imsg_read error: Resource temporarily unavailable

SE: Lost connection to RDE

handle_pollfd: poll fd: Undefined error: 0

RDE: Lost connection to SE

handle_pollfd: poll fd: Undefined error: 0

RDE: Lost connection to SE control

handle_pollfd: poll fd: No such file or directory

main: Lost connection to SE

route decision engine exiting

Segmentation fault (core dumped)



I guess it’s caused by the big number of peers or the short time interval
they connect. I also checked 5.7 but same behavior with slightly other error
msgs:



fatal in SE: session_dispatch_imsg: imsg_read error: Resource temporarily
unavailable

Lost child: session engine exited

fatal in RDE: rde_dispatch_imsg_session: pipe closed

Lost child: route decision engine exited

Terminating



If I split the Peers to 100, 50, 100 with 10 Seconds pause between arrival,
OpenBGPD breaks with same error when the 50 Peers are changing to
established.



Would be nice if you can help me.

Try bump up login.conf's max open file limit.
it seem like that's the case.



Re: OpenSMTPD problem with filter-dnsbl

2015-11-18 Thread Gregory Edigarov

On 11/17/2015 09:03 PM, Gianluca D.Muscelli wrote:

Hi, I'v problem with filters in OpenSMTPD.
I would try to implement the filter-dnsbl,
I also installed the extras opensmtpd but I can't find it!
Any suggestions??
Thank you!

The filters are not available in stock version of smtpd, you should 
install recent version from git for this.

But be aware of some trade offs here.



Re: Virtualization: vmm with Linux guests - when?

2015-11-17 Thread Gregory Edigarov

On 11/17/2015 05:46 PM, Luis P. Mendes wrote:

   Hi,

   I know that development time is not a determinisc thing, but
   nonetheless I'd like to know if it's closer to one, six, twelve (or
   more) months until we get the possibility to run Linux guests
   through vmm.

   I'd be happy even without a graphical interface, if the clients can
   run in xvfb mode and have graphical connections via VNC.

   What about hardware pass-through?  I don't recall to have read about
   this.  Is it something that is already possible?

   Thanks in advance for any info on this.


you must know developers don't like questions like this



Re: quick question about unbound

2015-11-06 Thread Gregory Edigarov

On 11/06/2015 02:33 AM, Stuart Henderson wrote:

On 2015-11-05, Stuart Henderson <s...@spacehopper.org> wrote:

On 2015-11-04, Toyam Cox <aviator45...@gmail.com> wrote:

The default setting for "do-not-query-localhost" is "yes".
You may want to add "do-not-query-localhost: no" to your config in the
"server" section.

Right.


On Wed, Nov 4, 2015 at 11:25 AM, Gregory Edigarov <ediga...@qarea.com> wrote:

Hello,

Trying to make unbound and nsd co-exist on one server, the goal is to have
unbound listen for all requests redirecting requests for local zones to nsd:
nsd.conf

Just to make sure, this is just a local-only zone? (this approach won't work
correctly for zones that receive queries from other resolvers).

Expanding on this:

For people who do need this, set unbound to listen on an internal IP
address (or an alias), and nsd to listen on the external address.

Incoming queries from many resolvers will have the RD ("recursion desired")
bit cleared so Unbound (or another resolver) won't answer them. See for
yourself with 'dig +norecurse' (this is what Microsoft got wrong when
they tried to filter no-ip domains and broke them).


thanks for your explanations.



quick question about unbound

2015-11-04 Thread Gregory Edigarov

Hello,

Trying to make unbound and nsd co-exist on one server, the goal is to 
have unbound listen for all requests redirecting requests for local 
zones to nsd:

nsd.conf

server:
server-count: 1
database: "/var/lib/nsd3/nsd.db"
username: nsd
ip-address:  127.0.0.1@9053
logfile: "/var/log/nsd.log"
pidfile: "/var/run/nsd.pid"
xfrdfile: "/var/lib/nsd3/xfrd.state"

zone:
name:   somezone.org
zonefile: /etc/nsd/zones/somezone.org

dig -p9053 somezone.org soa @127.0.0.1 works as expected.

now unbound's turn:

server:
auto-trust-anchor-file: "/var/lib/unbound/root.key"
interface: 0.0.0.0
logfile: /var/log/unbound.log

stub-zone:
name:  somezone.org. # also tried without point with the same 
result...

stub-addr: 127.0.0.1@9053

dig somezone.org soa @127.0.0.1 yields SERVFAIL.
also tried with forward-zone: - with the same result.

is that at all possible? Where am I wrong?



Re: routing q

2015-10-19 Thread Gregory Edigarov

On 10/19/2015 02:14 PM, Martin Pieuchot wrote:

On 19/10/15(Mon) 13:37, Gregory Edigarov wrote:

On 10/19/2015 01:24 PM, Stuart Henderson wrote:

On 2015-10-19, Gregory Edigarov <ediga...@qarea.com> wrote:

In order to conserve address space I am trying to confugure 'ip
unnumbred' in cisco terminology, that is have an interface borrow the ip
of a different interface, I am experimenting with vether0 and vlans the
thing is to have one 'main' address on some 'real' interface and then
just add routes pointing to the right interfaces.

# ifconfig vether0 192.168.100.1/24 up
# ifconfig vlan2 vlandev vether0 up
# ifconfig vlan3 vlandev vether0 up
# route add 192.168.100.2/32 192.168.100.1 -cloning -ifp vlan2
route: writing to routing socket: Network is unreachable
add host 192.168.100.2/32: gateway 192.168.100.1: Network is unreachable

the same result I have if I am trying to configure this on a real
interface connected  to my network:

# ifconfig vlan2 vlandev re0
# ifconfig vlan3 vlandev re0
# ifconfig re0 alias 192.168.100.1
# route add 192.168.100.2/32 192.168.100.1 -cloning -ifp vlan2
route: writing to routing socket: Network is unreachable
add host 192.168.100.2/32: gateway 192.168.100.1: Network is unreachable

# uname -a
OpenBSD lbld12.duckdns.org 5.8 GENERIC.MP#1507 amd64

I thoght OpenBSD supports such thing.

am I missing something?

I don't *think* this is expected to work at the moment unless possibly
you specify a destination MAC address with -link.

It does work with point-to-point interfaces, e.g. you can have
192.0.2.1/28 on em0 and 192.0.2.1/32 on pppoe0 and things will work
as expected, but in that case you don't have a problem of picking a
particular link-layer address, just "the pppoe0 interface" is enough
information for the system to know where to send the packet.

The best I've done so far for address conservation on ethernet-like
interfaces is to use /31's (which works well).


Yes, I know /31 would work correctly, but I wanted further space
conservation.

Does it?


Is that a correct explanation that this does not work because  our routing
table still wants a link layer address, errrmmm,  arp table is  included in
routing table?

I believe it's simpler than that.  You cannot attach a route to an
interface without address, so I'm quite sure it will work if you add
an address to vlan2.
yes, adding a route works now.  thanks, Martin. will test some further 
later.




routing q

2015-10-19 Thread Gregory Edigarov

Hello,

In order to conserve address space I am trying to confugure 'ip 
unnumbred' in cisco terminology, that is have an interface borrow the ip 
of a different interface, I am experimenting with vether0 and vlans the 
thing is to have one 'main' address on some 'real' interface and then 
just add routes pointing to the right interfaces.


# ifconfig vether0 192.168.100.1/24 up
# ifconfig vlan2 vlandev vether0 up
# ifconfig vlan3 vlandev vether0 up
# route add 192.168.100.2/32 192.168.100.1 -cloning -ifp vlan2
route: writing to routing socket: Network is unreachable
add host 192.168.100.2/32: gateway 192.168.100.1: Network is unreachable

the same result I have if I am trying to configure this on a real 
interface connected  to my network:


# ifconfig vlan2 vlandev re0
# ifconfig vlan3 vlandev re0
# ifconfig re0 alias 192.168.100.1
# route add 192.168.100.2/32 192.168.100.1 -cloning -ifp vlan2
route: writing to routing socket: Network is unreachable
add host 192.168.100.2/32: gateway 192.168.100.1: Network is unreachable

# uname -a
OpenBSD lbld12.duckdns.org 5.8 GENERIC.MP#1507 amd64

I thoght OpenBSD supports such thing.

am I missing something?

--
With best regards,
Gregory Edigarov



Re: routing q

2015-10-19 Thread Gregory Edigarov

On 10/19/2015 01:24 PM, Stuart Henderson wrote:

On 2015-10-19, Gregory Edigarov <ediga...@qarea.com> wrote:

In order to conserve address space I am trying to confugure 'ip
unnumbred' in cisco terminology, that is have an interface borrow the ip
of a different interface, I am experimenting with vether0 and vlans the
thing is to have one 'main' address on some 'real' interface and then
just add routes pointing to the right interfaces.

# ifconfig vether0 192.168.100.1/24 up
# ifconfig vlan2 vlandev vether0 up
# ifconfig vlan3 vlandev vether0 up
# route add 192.168.100.2/32 192.168.100.1 -cloning -ifp vlan2
route: writing to routing socket: Network is unreachable
add host 192.168.100.2/32: gateway 192.168.100.1: Network is unreachable

the same result I have if I am trying to configure this on a real
interface connected  to my network:

# ifconfig vlan2 vlandev re0
# ifconfig vlan3 vlandev re0
# ifconfig re0 alias 192.168.100.1
# route add 192.168.100.2/32 192.168.100.1 -cloning -ifp vlan2
route: writing to routing socket: Network is unreachable
add host 192.168.100.2/32: gateway 192.168.100.1: Network is unreachable

# uname -a
OpenBSD lbld12.duckdns.org 5.8 GENERIC.MP#1507 amd64

I thoght OpenBSD supports such thing.

am I missing something?

I don't *think* this is expected to work at the moment unless possibly
you specify a destination MAC address with -link.

It does work with point-to-point interfaces, e.g. you can have
192.0.2.1/28 on em0 and 192.0.2.1/32 on pppoe0 and things will work
as expected, but in that case you don't have a problem of picking a
particular link-layer address, just "the pppoe0 interface" is enough
information for the system to know where to send the packet.

The best I've done so far for address conservation on ethernet-like
interfaces is to use /31's (which works well).

Yes, I know /31 would work correctly, but I wanted further space 
conservation.
Is that a correct explanation that this does not work because  our 
routing table still wants a link layer address, errrmmm,  arp table is  
included in routing table?




Re: Ospf multiple areas not redistributing

2015-09-02 Thread Gregory Edigarov

On 09/02/2015 10:31 AM, Roger Skjetlein wrote:

Hi,


have an issue with ospfd when using multiple areas and networks from area
10.0.30.0 not distributed to 0.0.0.0.

eg

excerpt from config

area 0.0.0.0 {
  interface gre0
  interface gre1
}
area 10.0.30.0 {
  interface em0
}

the network for em0 is 10.0.30.0/24 and is never seen in ospf routing
table. Moving interface em0 to area 0.0.0.0 solves the distribution of the
network, but not having multiple areas.
please show more info, specifically ospfctl sh database, ospfctl sh rib 
from at least two routers in your network.




Re: Docker on OpenBSD?

2015-08-04 Thread Gregory Edigarov

On 08/04/2015 07:44 PM, Giancarlo Razzolini wrote:

Em 04-08-2015 12:59, openda...@hushmail.com escreveu:

Are there any efforts being made to port the FreeBSD Docker port to OpenBSD?

Not that I know of, but I'm not a dev and might be wrong. I do follow
@tech, and didn't saw anything docker related, ever since I'm on the
list. My personal opinion is that OpenBSD shouldn't even get near
docker. But hey, it's my opinion.


  but it's the only way I can install Discourse

 From what I read on their site, they use off the shelf software that
might have a package/port on OpenBSD. You could succeed in installing it
outside a docker. Unless their software is stupid and try to verify if
you're inside a docker and refuses to run if not.

They just use RoR, and it definitely run on OpenBSD.



Re: Collect logs with syslog +hostname

2015-07-28 Thread Gregory Edigarov

On 07/28/2015 03:20 PM, Gregory Edigarov wrote:

On 07/28/2015 02:41 PM, Atanas Vladimirov wrote:

Hi,
I tried the new feature of syslogd to collect log messages from other 
syslog capable devices (in this case an OpenWRT router).

I red syslog.conf many times, but I can't figure it why it doesn't work.

[ns]~$ cat /etc/syslog.conf
#   $OpenBSD: syslog.conf,v 1.17 2005/05/25 07:35:38 david Exp $
#

+wdr4900.bsdbg.net
*.* /var/log/w4900

move the above 2 lines to the end of your file.
remove next line:

+*


next,  add

192.168.1.18 wdr4900
to /etc/hosts


also, change the syslog rule as:
+ wdr4900
*.* /var/log/w4900


and things will work




Re: Collect logs with syslog +hostname

2015-07-28 Thread Gregory Edigarov

On 07/28/2015 02:41 PM, Atanas Vladimirov wrote:

Hi,
I tried the new feature of syslogd to collect log messages from other 
syslog capable devices (in this case an OpenWRT router).

I red syslog.conf many times, but I can't figure it why it doesn't work.

[ns]~$ cat /etc/syslog.conf
#   $OpenBSD: syslog.conf,v 1.17 2005/05/25 07:35:38 david Exp $
#

+wdr4900.bsdbg.net
*.* /var/log/w4900

move the above 2 lines to the end of your file.
remove next line:

+*


next,  add

192.168.1.18 wdr4900
to /etc/hosts

and things will work



  1   2   3   4   >