Re: does anybody else seeing this? (NUT)
On Mon, 13 Nov 2023 16:20:47 +0200 Gregory Edigarov wrote: > Hello, > > After upgrading to the latest snapshot, my system seems ups lost. > addr 02: 0665:5161 Mustek Systems, PowerMust 800 >low speed, power 100 mA, config 1, rev 0.03 >driver: ugen0 > > /etc/nut/ups.conf: > > [njoy] > driver = "nutdrv_qx" > vendorid = "0665" > productid = "5161" > bus = "000" > pollinterval = "10" > port = "auto" > > # ls -l /dev/ugen0* > crw-rw 1 root _ups 63, 0 Nov 12 12:45 /dev/ugen0.00 > crw-rw 1 root _ups 63, 1 Nov 12 12:45 /dev/ugen0.01 > crw-rw 1 root _ups 63, 2 Nov 12 12:45 /dev/ugen0.02 > crw-rw 1 root _ups 63, 3 Nov 12 12:45 /dev/ugen0.03 > crw-rw 1 root _ups 63, 4 Nov 12 12:45 /dev/ugen0.04 > crw-rw 1 root _ups 63, 5 Nov 12 12:45 /dev/ugen0.05 > crw-rw 1 root _ups 63, 6 Nov 12 12:45 /dev/ugen0.06 > crw-rw 1 root _ups 63, 7 Nov 12 12:45 /dev/ugen0.07 > crw-rw 1 root _ups 63, 8 Nov 12 12:45 /dev/ugen0.08 > crw-rw 1 root _ups 63, 9 Nov 12 12:45 /dev/ugen0.09 > crw-rw 1 root _ups 63, 10 Nov 12 12:45 /dev/ugen0.10 > crw-rw 1 root _ups 63, 11 Nov 12 12:45 /dev/ugen0.11 > crw-rw 1 root _ups 63, 12 Nov 12 12:45 /dev/ugen0.12 > crw-rw 1 root _ups 63, 13 Nov 12 12:45 /dev/ugen0.13 > crw-rw 1 root _ups 63, 14 Nov 12 12:45 /dev/ugen0.14 > crw-rw 1 root _ups 63, 15 Nov 12 12:45 /dev/ugen0.15 > > it was working correctly before upgrade, but now it doesn't > > what's my mistake? > oh, it is no need to set bus parameter now...
does anybody else seeing this? (NUT)
Hello, After upgrading to the latest snapshot, my system seems ups lost. addr 02: 0665:5161 Mustek Systems, PowerMust 800 low speed, power 100 mA, config 1, rev 0.03 driver: ugen0 /etc/nut/ups.conf: [njoy] driver = "nutdrv_qx" vendorid = "0665" productid = "5161" bus = "000" pollinterval = "10" port = "auto" # ls -l /dev/ugen0* crw-rw 1 root _ups 63, 0 Nov 12 12:45 /dev/ugen0.00 crw-rw 1 root _ups 63, 1 Nov 12 12:45 /dev/ugen0.01 crw-rw 1 root _ups 63, 2 Nov 12 12:45 /dev/ugen0.02 crw-rw 1 root _ups 63, 3 Nov 12 12:45 /dev/ugen0.03 crw-rw 1 root _ups 63, 4 Nov 12 12:45 /dev/ugen0.04 crw-rw 1 root _ups 63, 5 Nov 12 12:45 /dev/ugen0.05 crw-rw 1 root _ups 63, 6 Nov 12 12:45 /dev/ugen0.06 crw-rw 1 root _ups 63, 7 Nov 12 12:45 /dev/ugen0.07 crw-rw 1 root _ups 63, 8 Nov 12 12:45 /dev/ugen0.08 crw-rw 1 root _ups 63, 9 Nov 12 12:45 /dev/ugen0.09 crw-rw 1 root _ups 63, 10 Nov 12 12:45 /dev/ugen0.10 crw-rw 1 root _ups 63, 11 Nov 12 12:45 /dev/ugen0.11 crw-rw 1 root _ups 63, 12 Nov 12 12:45 /dev/ugen0.12 crw-rw 1 root _ups 63, 13 Nov 12 12:45 /dev/ugen0.13 crw-rw 1 root _ups 63, 14 Nov 12 12:45 /dev/ugen0.14 crw-rw 1 root _ups 63, 15 Nov 12 12:45 /dev/ugen0.15 it was working correctly before upgrade, but now it doesn't what's my mistake?
Re: openFPGAloader successfully built, but can't flash with ftdi error
On Fri, 6 Oct 2023 10:06:15 - (UTC) Stuart Henderson wrote: > On 2023-10-06, S V wrote: > >> The software that you're using may need the USB device to be > >> attached to ugen rather than uftdi. The simplest way to do this is > >> probably to type "boot -c" at the boot loader, "disable uftdi", > >> "quit". > > > > > > Thanks!!! It works!!! > > good, thanks for confirming. > > > Last "barrier" in front of openhardware > > > > more or less falls! :D :D :D > > btw, see bsd.re-config(5) if you want this regularly (but then, you > won't be able to connect to a uftdi device as a normal serial port > with cu). > Just a small bit of side note, perhaps somebody with knowledge of usb stack will find it interesting enough to implement. I think we need a way to detach a specific usb driver from device on the fly, leaving it attached as ugen. That "disable [whatever]" way is a problem itself because it is possible that there also is a real device that needs to be attached. -- With best regards, Gregory Edigarov
Re: desire for journaled filesystem
On Wed, 6 Sep 2023 22:52:59 -0400 Nick Holland wrote: > On 9/6/23 08:23, John Holland wrote: > > Janne- > > > > Thanks for all that useful information. > > > > others- this is a thinkpad, that's not on all the time, so a cron > > backup is not that good. I actually back up manually, currently > > using "borg" for that. I mostly just do email and web on it so > > there's probably nothing serious lost. In a few days I will have > > the external disk with the backup back here and I may see what I > > can find on it. My /home partition has a lot of data on it because > > I built an AWS Openbsd machine image on it. But it would be good to > > see whether my system is working correctly. > > Cats are fuzzy > Fire is hot > Journaling file systems are complicated > Backups are important. well, speaking about backups,what I (well, somewhat) miss on openbsd, is the ability to make a snapshot of filesystem, (in the style of freebsd mksnap). but I can live without it definitely. my sources are in git, my data backups live in borg, the system is subject to reinstall in case of disaster.
Re: bgp conditional advertisement
On Thu, 1 Dec 2022 08:55:02 +0100 Claudio Jeker wrote: > On Thu, Dec 01, 2022 at 01:01:16AM +0200, Gregory Edigarov wrote: > > Hello, > > > > Having two sites in different physical locations, siteA is connected > > via uplink1 and uplink2, siteB is connected via uplink3 and uplink4. > > I want to announce prefixes from siteB if ASn not found originating > > from siteA, and vice versa. I.e. a feature that will work alike > > 'enforce localas yes' but start announces when ASn is gone. I could > > done it with some scripting, but would prefer to have it in bgpd. > > Is this possible solely with OpenBGPD? > > Run an ibgp session between siteA and siteB. Announce only your > prefixes on those sessions. Tag them with a community. Make sure that > these prefixes are more preferred than the one you put in as backup. > Filter out prefixes with the tag. More or less like this: > > # backup route using low localpref to be less preferred > network 192.0.2.0/24 set { localpref 1 } > > # send my networks to siteA tagged with community > deny to siteA > allow to siteA prefix-set mynetworks set community local-as:42 > # filter out announcement originated from siteA > deny to any community local-as:42 > Many thanks for the idea, Claudio. The solution is working like a charm.
Re: harfbuzz issue upgrading packages
On Wed, 3 May 2023 10:37:07 - (UTC) Stuart Henderson wrote: > On 2023-05-03, Gregory Edigarov wrote: > > Hello Everybody, > > > > $ curl > > https://cdn.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/|grep > > '^harfbuzz' > > [No output] > > > > and as we all know it is a dependency for nearly everything > > running on a typical workstation. > > What gives? > > Use a normal mirror. (That is generally best advice for snapshots > anyway due to the way CDN caching works, but also there seems to be > some particular problem with updating the server which the CDN > front-ends at the moment). > > Yes, this indeed worked. Thanks, Stuart.
harfbuzz issue upgrading packages
Hello Everybody, $ curl https://cdn.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/|grep '^harfbuzz' [No output] and as we all know it is a dependency for nearly everything running on a typical workstation. What gives? -- With best regards, Gregory Edigarov
ipsec via strongswan (traffic present but no response)
Hello, lbld12# uname -a OpenBSD lbld12.duckdns.org 7.3 GENERIC.MP#1130 amd64 Our current vpn uses user/password authentication, mschapv2. so I am trying to use strongswan to connect to my workplace. # ipsec statusall Security Associations (1 up, 0 connecting): qarea[1]: ESTABLISHED 62 minutes ago, 178.151.162.44[edigarov]...185.78.xxx.1[vpn.xxx.org] qarea[1]: IKEv2 SPIs: 62417f797a2ca675_i* 6db16adc7d9f5355_r, EAP reauthentication in 101 minutes qarea[1]: IKE proposal: AES_CBC_256/HMAC_SHA2_256_128/PRF_HMAC_SHA2_256/MODP_2048 qarea{2}: INSTALLED, TUNNEL, reqid 1, ESP in UDP SPIs: f07d99fb_i 0ef2e82a_o qarea{2}: AES_CBC_256/HMAC_SHA2_512_256, 0 bytes_i, 67604 bytes_o (806 pkts, 18s ago), rekeying in 32 minutes qarea{2}: 192.168.112.215/32 === 192.168.12.0/22 # pfctl -s st |grep 185.78 all udp 178.151.162.44:4500 -> 185.78.235.1:4500 MULTIPLE:MULTIPLE tcpdump on external physical interface: 12:06:56.040573 185.78.xxx.1.4500 > 178.151.162.44.4500: udpencap: esp spi 0xf07d99fb seq 812 len 152 [tos 0x8] 12:06:57.037764 178.151.162.44.4500 > 185.78.235.1.4500: udpencap: esp spi 0x0ef2e82a seq 812 len 152 12:06:57.044270 185.78.235.1.4500 > 178.151.162.44.4500: udpencap: esp spi 0xf07d99fb seq 813 len 152 [tos 0x8] 12:06:58.037795 178.151.162.44.4500 > 185.78.235.1.4500: udpencap: esp spi 0x0ef2e82a seq 813 len 152 12:06:58.044250 185.78.235.1.4500 > 178.151.162.44.4500: udpencap: esp spi 0xf07d99fb seq 814 len 152 [tos 0x8] 12:06:58.239755 185.78.235.1.4500 > 178.151.162.44.4500: udpencap: isakmp v2.0 exchange INFORMATIONAL cookie: 62417f797a2ca675->6db16adc7d9f5355 msgid: 0020 len: 160 (DF) [tos 0x8] 12:06:58.240035 178.151.162.44.4500 > 185.78.235.1.4500: udpencap: isakmp v2.0 exchange INFORMATIONAL cookie: 62417f797a2ca675->6db16adc7d9f5355 msgid: 0020 len: 80 12:06:59.037758 178.151.162.44.4500 > 185.78.235.1.4500: udpencap: esp spi 0x0ef2e82a seq 814 len 152 12:06:59.044223 185.78.235.1.4500 > 178.151.162.44.4500: udpencap: esp spi 0xf07d99fb seq 815 len 152 [tos 0x8] 12:07:00.037804 178.151.162.44.4500 > 185.78.235.1.4500: udpencap: esp spi 0x0ef2e82a seq 815 len 152 12:07:00.044319 185.78.235.1.4500 > 178.151.162.44.4500: udpencap: esp spi 0xf07d99fb seq 816 len 152 [tos 0x8] 12:07:01.037803 178.151.162.44.4500 > 185.78.235.1.4500: udpencap: esp spi 0x0ef2e82a seq 816 len 152 12:07:01.044248 185.78.235.1.4500 > 178.151.162.44.4500: udpencap: esp spi 0xf07d99fb seq 817 len 152 [tos 0x8] however, on tunnel interface, that is tun1 there are no responses: tcpdump: listening on tun1, link-type LOOP 12:08:53.037668 192.168.112.215 > 192.168.12.49: icmp: echo request 12:08:54.037698 192.168.112.215 > 192.168.12.49: icmp: echo request 12:08:55.037682 192.168.112.215 > 192.168.12.49: icmp: echo request 12:08:56.037679 192.168.112.215 > 192.168.12.49: icmp: echo request 12:08:57.037671 192.168.112.215 > 192.168.12.49: icmp: echo request 12:08:58.037683 192.168.112.215 > 192.168.12.49: icmp: echo request 12:08:59.037677 192.168.112.215 > 192.168.12.49: icmp: echo request 12:09:00.037671 192.168.112.215 > 192.168.12.49: icmp: echo request 12:09:01.037690 192.168.112.215 > 192.168.12.49: icmp: echo request 12:09:02.037678 192.168.112.215 > 192.168.12.49: icmp: echo request 12:09:03.037680 192.168.112.215 > 192.168.12.49: icmp: echo request if I disable pf the picture stays the same. in pf.conf i have: pass out on tun1 from self to any #nat-to (tun1) pass out from self to any pass in on egress proto udp from 185.78.235.1 to (egress) port 4500 # netstat -rn | grep tun1 192.168.12/22 192.168.112.215US 0 18 - 8 tun1 192.168.112.215192.168.112.215UHl01 - 1 tun1 What gives?
Re: NUT can't read my ups (perhaps something is wrong with usb stack)
On Mon, 20 Mar 2023 18:15:52 +0200 Gregory Edigarov wrote: > On Sun, 19 Mar 2023 14:57:01 - (UTC) > Stuart Henderson wrote: > > > On 2023-03-19, Gregory Edigarov wrote: > > >0.015775 libusb1: Could not open any HID devices: no USB > > > buses found 0.015784 No supported devices found. Please > > > check your device availability with 'lsusb' > > > > > lbld12# ls -l /dev/ugen0* > > > > and /dev/usb*? (the pkg-readme has some hints) > > > > > > ahah, sure, after I have read that readme for five or six times, I've > noticed the remark about /dev/usb*. > then it started to work. > plus libusb error message is somewhat misleading...
Re: BSD and kubernetes
On Sat, 4 Mar 2023 02:33:25 +0800 Ken Young wrote: > Hello, > > I am a BSD user and also a user of kubernetes. > It seems the BSD community has no much interest in docker/k8s > integration. Is it true? and why? > > Thanks. Just because porting anything, that was written with only linux in mind would require porting all linux technologies first. We already have one linux. And personally I do not feel like we need another. One is just more than enough.
Re: NUT can't read my ups (perhaps something is wrong with usb stack)
On Sun, 19 Mar 2023 14:57:01 - (UTC) Stuart Henderson wrote: > On 2023-03-19, Gregory Edigarov wrote: > >0.015775 libusb1: Could not open any HID devices: no USB > > buses found 0.015784No supported devices found. Please check > > your device availability with 'lsusb' > > > lbld12# ls -l /dev/ugen0* > > and /dev/usb*? (the pkg-readme has some hints) > > ahah, sure, after I have read that readme for five or six times, I've noticed the remark about /dev/usb*. then it started to work.
NUT can't read my ups (perhaps something is wrong with usb stack)
Hello, misc@ run into problem connecting my new ups. it seems like problems with libusb on OpenBSD-current . UPS model is: Njoy Aten Pro 1000 USB it works fine when I attach it to linux. but on OpenBSD NUT fails to read it. the device attaches as: # usbdevs - addr 02: 0665:5161 Mustek Systems, PowerMust 800 low speed, power 100 mA, config 1, rev 0.03 driver: ugen0 lsusb Bus 000 Device 002: ID 0665:5161 Cypress Semiconductor USB to Serial # lsusb -v -d 0665:5161 Bus 000 Device 002: ID 0665:5161 Cypress Semiconductor USB to Serial Device Descriptor: bLength18 bDescriptorType 1 bcdUSB 2.00 bDeviceClass0 (Defined at Interface level) bDeviceSubClass 0 bDeviceProtocol 0 bMaxPacketSize0 8 idVendor 0x0665 Cypress Semiconductor idProduct 0x5161 USB to Serial bcdDevice0.03 iManufacturer 0 iProduct0 iSerial 0 bNumConfigurations 1 Configuration Descriptor: bLength 9 bDescriptorType 2 wTotalLength 34 bNumInterfaces 1 bConfigurationValue 1 iConfiguration 0 bmAttributes 0xa0 (Bus Powered) Remote Wakeup MaxPower 100mA Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber0 bAlternateSetting 0 bNumEndpoints 1 bInterfaceClass 3 Human Interface Device bInterfaceSubClass 0 No Subclass bInterfaceProtocol 0 None iInterface 0 HID Device Descriptor: bLength 9 bDescriptorType33 bcdHID 1.11 bCountryCode0 Not supported bNumDescriptors 1 bDescriptorType34 Report wDescriptorLength 27 Report Descriptor: (length is 27) Item(Global): Usage Page, data= [ 0x00 0xff ] 65280 (null) Item(Local ): Usage, data= [ 0x01 ] 1 (null) Item(Main ): Collection, data= [ 0x01 ] 1 Application Item(Local ): Usage, data= [ 0x02 ] 2 (null) Item(Global): Logical Minimum, data= [ 0x00 ] 0 Item(Global): Logical Maximum, data= [ 0xff 0x00 ] 255 Item(Global): Report Size, data= [ 0x08 ] 8 Item(Global): Report Count, data= [ 0x08 ] 8 Item(Main ): Input, data= [ 0x82 ] 130 Data Variable Absolute No_Wrap Linear Preferred_State No_Null_Position Volatile Bitfield Item(Local ): Usage, data= [ 0x02 ] 2 (null) Item(Global): Report Count, data= [ 0x08 ] 8 Item(Main ): Output, data= [ 0x82 ] 130 Data Variable Absolute No_Wrap Linear Preferred_State No_Null_Position Volatile Bitfield Item(Main ): End Collection, data=none Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x81 EP 1 IN bmAttributes3 Transfer TypeInterrupt Synch Type None Usage Type Data wMaxPacketSize 0x0008 1x 8 bytes bInterval 8 Device Status: 0x (Bus Powered) /etc/nut/ups.conf reads: [nutdev1] driver = "nutdrv_qx" vendorid = "0665" productid = "5161" bus = "000" pollinterval = "10" port = "auto" # nutdrv_qx -D -a nutdev1 also tried with all subdriver options available for nutdrv_qx. the result is the same: Network UPS Tools - Generic Q* USB/Serial driver 0.32 (2.8.0) USB communication driver (libusb 1.0) 0.43 0.00 [D3] do_global_args: var='W' val='' 0.68 [D3] do_global_args: var='maxretry' val='3' 0.000160 [D3] main_arg: var='driver' val='nutdrv_qx' 0.000175 [D3] main_arg: var='vendorid' val='0665' 0.000204 [D5] send_to_all: SETINFO driver.parameter.vendorid "0665" 0.000210 [D3] main_arg: var='productid' val='5161' 0.000216 [D5] send_to_all: SETINFO driver.parameter.productid "5161" 0.000220 [D3] main_arg: var='bus' val='000' 0.000225 [D5] send_to_all: SETINFO driver.parameter.bus "000" 0.000229 [D3] main_arg: var='pollinterval' val='10' 0.000246 [D3] main_arg: var='port' val='auto' 0.000250 [D5] send_to_all: SETINFO driver.parameter.port "auto" 0.000269 [D1] debug level is '21' 0.015216 [D5] send_to_all: SETINFO device.type "ups" 0.015233 [D1] upsdrv_initups... 0.015758 [D2] libusb1: No appropriate HID device
bgp conditional advertisement
Hello, Having two sites in different physical locations, siteA is connected via uplink1 and uplink2, siteB is connected via uplink3 and uplink4. I want to announce prefixes from siteB if ASn not found originating from siteA, and vice versa. I.e. a feature that will work alike 'enforce localas yes' but start announces when ASn is gone. I could done it with some scripting, but would prefer to have it in bgpd. Is this possible solely with OpenBGPD? Thank you. -- With best regards, Gregory Edigarov
Re: any BFD user ?
On Mon, 6 Dec 2021 12:15:40 +0100 Denis Fondras wrote: > The subject says it all. > > Is there any active BFD (Bidirectionnal Forwarding Detection) user ? > > Denis I think it will get more use if will be enabled in GENERIC kernels. Tested, and found it working.
Re: rpki-client vs cpu
On Wed, 13 Oct 2021 15:20:33 +0300 Gregory Edigarov wrote: > On Wed, 13 Oct 2021 11:08:01 - (UTC) > Stuart Henderson wrote: > > > On 2021-10-12, Gregory Edigarov wrote: > > > Hello, > > > > > > I am trying to run rpki-client (just for curiosity and testing > > > purposes) with this crontab entry: > > > > > > 1 * * * * -ns nice -n 20 rpki-client -v > > > i.e. with the lowest priority possible. > > > > > > this machine is also my workstation, and as such it also runs > > > browser, emacs, and e-mail client. > > > so when rpki-client is running I can sense it organoleptically. > > > even keyboard respose is within 2 seconds. > > > > > > what gives? > > > > How does top look? I find the openbsd kernel spins a lot on > > filesystem io. > > > > > sd0 at scsibus1 targ 0 lun 0: > > > naa.50014ee2b78c572b sd0: 953869MB, 512 bytes/sector, 1953525168 > > > sectors > > > > an actual hard drive - that certainly won't help. > > > > > well, i'll try to put that to ramdrive, for now, and see what happens. > Yes, with mfs for /var/cache/rpki-client it is running smoothly. I believe it deserves a mention in the manual page, don't it?
Re: rpki-client vs cpu
On Wed, 13 Oct 2021 11:08:01 - (UTC) Stuart Henderson wrote: > On 2021-10-12, Gregory Edigarov wrote: > > Hello, > > > > I am trying to run rpki-client (just for curiosity and testing > > purposes) with this crontab entry: > > > > 1 * * * * -ns nice -n 20 rpki-client -v > > i.e. with the lowest priority possible. > > > > this machine is also my workstation, and as such it also runs > > browser, emacs, and e-mail client. > > so when rpki-client is running I can sense it organoleptically. > > even keyboard respose is within 2 seconds. > > > > what gives? > > How does top look? I find the openbsd kernel spins a lot on > filesystem io. > > > sd0 at scsibus1 targ 0 lun 0: > > naa.50014ee2b78c572b sd0: 953869MB, 512 bytes/sector, 1953525168 > > sectors > > an actual hard drive - that certainly won't help. > > well, i'll try to put that to ramdrive, for now, and see what happens.
rpki-client vs cpu
Hello, I am trying to run rpki-client (just for curiosity and testing purposes) with this crontab entry: 1 * * * * -ns nice -n 20 rpki-client -v i.e. with the lowest priority possible. this machine is also my workstation, and as such it also runs browser, emacs, and e-mail client. so when rpki-client is running I can sense it organoleptically. even keyboard respose is within 2 seconds. what gives? dmesg: OpenBSD 7.0-current (GENERIC.MP) #24: Fri Oct 8 20:11:37 MDT 2021 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 17091600384 (16299MB) avail mem = 16557576192 (15790MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.2 @ 0xe6cc0 (32 entries) bios0: vendor American Megatrends Inc. version "P4.20" date 06/18/2020 bios0: ASRock B450 Pro4 acpi0 at bios0: ACPI 6.0 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT FIDT SSDT SSDT SSDT MCFG AAFT HPET UEFI PCCT SSDT CRAT CDIT SSDT SSDT WSMT SSDT acpi0: wakeup devices GPP0(S4) GPP1(S4) GPP3(S4) GPP4(S4) GPP5(S4) GPP6(S4) GPP7(S4) GPP8(S4) GPP9(S4) GPPA(S4) GPPB(S4) GPPC(S4) GPPD(S4) GPPE(S4) GPPF(S4) GP10(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Ryzen 5 3600 6-Core Processor, 3593.70 MHz, 17-71-00 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu0: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 8-way L2 cache cpu0: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=1.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: AMD Ryzen 5 3600 6-Core Processor, 3593.24 MHz, 17-71-00 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu1: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 8-way L2 cache cpu1: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: AMD Ryzen 5 3600 6-Core Processor, 3593.24 MHz, 17-71-00 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu2: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 8-way L2 cache cpu2: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu2: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 8 (application processor) cpu3: AMD Ryzen 5 3600 6-Core Processor, 3593.24 MHz, 17-71-00 cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu3: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 8-way L2 cache cpu3: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu3: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu3: smt 0, core 4, package 0 cpu4 at mainbus0: apid 10 (application processor) cpu4: AMD Ryzen 5 3600 6-Core Processor, 3593.24 MHz, 17-71-00 cpu4:
Re: send ctrl-alt-f1 to user app
On 7/2/21 5:26 PM, Reuben ua Bríġ wrote: >> Date: Fri, 2 Jul 2021 13:55:26 +0300 >> >> xmodmap(1) is really only for a user at an X terminal >> yeah, I know my case is rather rare. I have a linux vm, running in vmware on windows. I connect via rdesktop from my openbsd to windows, and then open console on vm. in linux vm, I need to switch to terminal. Alt+left arrow made the trick for me, for now. I would rather prefer more straight way to turn CTRL+ALT+Fn to be sent to terminal.
send ctrl-alt-f1 to user app
Hello, please remind how to do that? in my case it changes to the vterm0, that is ok, but now I my app to react, not change terminal thank you. -- With best regards, Gregory Edigarov
terraform aws, got a problem I did not expect
Hello, I remember that for earlier versions of terraform all providers were available as OpenBSD packages/ports, that is now changed. $ terraform init Initializing the backend... Initializing provider plugins... - Finding latest version of hashicorp/aws... Error: Incompatible provider version Provider registry.terraform.io/hashicorp/aws v3.47.0 does not have a package available for your current platform, openbsd_amd64. Provider releases are separate from Terraform CLI releases, so not all providers are available for all platforms. Other versions of this provider may have different platforms supported. $ uname -a OpenBSD lbld12.duckdns.org 6.9 GENERIC.MP#92 amd64 How am I supposed to get providers ? May be a community have one that works under OpenBSD? Any advice? -- With best regards, Gregory Edigarov
Re: Split-horizon dns
just run a second nsd on separate (ip)/port, then use unbound as a router On 3/25/21 12:52 PM, Родин Максим wrote: > Hello, > Is there a way to do split horizon dns using NSD? > I did not find anything similar in man nsd.conf
audio stops frequently with current
Hello, symptoms like this: chromium plays video with audio (youtube) mostly after pause, it loses audio. while this happen it could show spinner, but sometimes it can play video no problem, but no audio. dmesg: OpenBSD 6.9-beta (GENERIC.MP) #346: Fri Feb 19 23:56:21 MST 2021 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 17091600384 (16299MB) avail mem = 16558268416 (15791MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.2 @ 0xe6cc0 (32 entries) bios0: vendor American Megatrends Inc. version "P4.20" date 06/18/2020 bios0: ASRock B450 Pro4 acpi0 at bios0: ACPI 6.0 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT FIDT SSDT SSDT SSDT MCFG AAFT HPET UEFI PCCT SSDT CRAT CDIT SSDT SSDT WSMT SSDT acpi0: wakeup devices GPP0(S4) GPP1(S4) GPP3(S4) GPP4(S4) GPP5(S4) GPP6(S4) GPP7(S4) GPP8(S4) GPP9(S4) GPPA(S4) GPPB(S4) GPPC(S4) GPPD(S4) GPPE(S4) GPPF(S4) GP10(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Ryzen 5 3600 6-Core Processor, 3593.70 MHz, 17-71-00 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu0: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 8-way L2 cache cpu0: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=1.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: AMD Ryzen 5 3600 6-Core Processor, 3593.26 MHz, 17-71-00 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu1: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 8-way L2 cache cpu1: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: AMD Ryzen 5 3600 6-Core Processor, 3593.25 MHz, 17-71-00 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu2: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 8-way L2 cache cpu2: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu2: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 8 (application processor) cpu3: AMD Ryzen 5 3600 6-Core Processor, 3593.26 MHz, 17-71-00 cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu3: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 8-way L2 cache cpu3: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu3: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu3: smt 0, core 4, package 0 cpu4 at mainbus0: apid 10 (application processor) cpu4: AMD Ryzen 5 3600 6-Core Processor, 3593.25 MHz, 17-71-00 cpu4:
Re: baresip-gtk
On 2/24/21 2:59 PM, Mihai Popescu wrote: >> How do you use baresip-gtk? > If I recall correctly, all you get is an icon in the system tray bar if you > have one. You can click there and get a not very rich GUI. Hmm, I understood. I am not using a DE, prefer spectrwm.
baresip-gtk
Hello, How do you use baresip-gtk? I have module_app gtk.so uncommented, but nothing happens. Thanks. -- With best regards, Gregory Edigarov
Re: firefox+web.skype.com+microphone (on OpenBSD)?
On 1/22/21 6:53 PM, Ashton Fagg wrote: > Based on my reading, the problem is not with OpenBSD but with Skype. > They don't support it. I played around a little bit (even trying a > user-agent switcher thingy) - no dice. Admittedly I didn't put too > much time into it because I use Skype probably once a year at best. yeah, text messaging works nicely in both firefox (if you use user-agent changer) and chromium. that's what I use skype for 99.9% of time. So it is just a matter of curiosity. What skype is missing on OpenBSD? > On Fri, 22 Jan 2021 at 10:52, Gregory Edigarov wrote: >> hello, >> >> Just wondering if somebody made it work somehow? >> Sigh, I know it is not a secure solution but I am bounded to what people >> are using. >> Currently I have a linux notebook which I use nearly only for skype, but >> would prefer to be able to have a voice conversations from OpenBSD, too. >> >> any pointers are welcome. >> -- >>
firefox+web.skype.com+microphone (on OpenBSD)?
hello, Just wondering if somebody made it work somehow? Sigh, I know it is not a secure solution but I am bounded to what people are using. Currently I have a linux notebook which I use nearly only for skype, but would prefer to be able to have a voice conversations from OpenBSD, too. any pointers are welcome. --
iked && outgoing auth
Hello, everybody sorry for possible misunderstanding, but is iked capable of doing outgoing eap mschap-v2 auth? because in my situation I need to connect to server which requires this. thanks. -- With best regards, Gregory Edigarov
Re: misc panics
On 12/28/20 12:18 PM, rgc wrote: > On Mon, Dec 28, 2020 at 10:39:56AM +0100, Otto Moerbeek wrote: >> On Mon, Dec 28, 2020 at 10:25:08AM +0100, Bastien Durel wrote: >> >>> Le lundi 28 d?cembre 2020 ? 09:17 +, Stuart Henderson a ?crit?: > So hardware failure confirmed :/ Do you think I can change the RAM > or > it's more likely a CPU/Chipset failure ? > > Thanks, > If you have multiple sticks of RAM, try removing some. >>> I have only one >> trying to reaset it is worth a try. >> >> -Otto >> > or doing the eraser magick > > you clean the contacts (remove oxidation) of the RAM module (the side that > sticks in the motherboard) by rubbing a pencil eraser on the contacts of the > RAM module. > in my experience, all the RAM modules nowadays comes gold plated, so no need to use eraser on them. just a piece of paper, to make sure there is no grease on the contacts
Re: mongodb port
On 12/8/20 4:05 PM, Stuart Henderson wrote: > On 2020-12-08, Gregory Edigarov wrote: >> Hello, >> >> Just found that mongodb port/package doesn't not install >> mongodump/mongorestore binaries. >> Are there any problems with them? >> >> -- >> With best regards, >> Gregory Edigarov >> >> > Tempted to just reply with "if it needs backing up it shouldn't be > in mongodb", but... they aren't included in the main distfile and will > require modifying to work with OpenBSD. ;-) sure thing, it is rather about copying the data from one server to another, not a real backup. > https://github.com/mongodb/mongo-tools#building-tools > > $ ./make build > START | build > FAIL | build in 11.252428ms >| failed to detect local platform from kernel name "OpenBSD" > task(s) [build] failed > exit status 2 Will look into this, thanks for pointing, Stuart. -- With best regards, Gregory Edigarov
mongodb port
Hello, Just found that mongodb port/package doesn't not install mongodump/mongorestore binaries. Are there any problems with them? -- With best regards, Gregory Edigarov
dkim && ed25519
Hello misc@, Just wanna check status of ed25519/x25519 support in OpenBSD. I want to use ed25519 keypair for dkim, because of the smaller size of the resulting keys, to completely eliminate the line breaking issues. Found nothing in man openssl, how am I supposed to generate keypair? Will ssh-keygen or signify do the trick? Thank you. -- With best regards, Gregory Edigarov
Re: Reinstall to upgrade
On 11/25/20 3:26 PM, Manuel Giraud wrote: > Hi, > > I'd like to upgrade (on -current) and, in the process, remove some cruft > accumulated over the years. I usually do sysupgrade and sysclean for > system. > > But for packages, I think I would be better to reinstall everything > since "pkg_check -F" does not seems to complain and I can see I have, > for example, some firefox-57 files left. > > I think I could do the following but I don't know if it is safe: > - sysupgrade (+ sysclean) > - pkg_info -mz > mypkg > - umount /usr/local > - newfs partition_of_usr_local > - mount /usr/local > - pkg_add -l mypkg > > Or maybe, I should dump, do a complete reinstall, pkg_add -l mypkg, > restore /home and, tediously, restore some /etc files. > How would you do this? Here's what I found easy to do periodically on my home computers, when I feel it is a time to de-clutter: #!/bin/sh rm -rf /usr/local/* /var/db/pkg/* /var/db/pkg/.* /etc/rc.d/*_daemon /etc/rc.d/avahi* for i in \ adobe-source-code-pro \ ansible \ borgbackup \ chromium \ emacs--gtk3 \ gnupg-- \ dmenu \ firefox \ thunderbird \ rsync-- \ git \ gpicview \ go \ rust \ inconsolata-font \ ipcalc \ mplayer \ mtr-- \ nmap \ ntfs_3g \ openvpn \ pidgin-- \ pv \ spectrwm \ splint \ tcptraceroute \ telegram-purple \ terminus-font \ transmission \ vim--gtk2 \ xpdf \ zsh ; do pkg_add -v $i; done so when I am running it I am easily getting the system which I have most essential software installed.
Re: chromium has troubles showing videos from youtube
On 11/11/20 4:45 AM, Aaron Mason wrote: On Wed, Nov 11, 2020 at 7:42 AM Gregory Edigarov wrote: Hello, chromium-86.0.4240.185, installed from packages is showing spinner and goes no further after the first ad before video, and not. at first I thought it is some extension, but with clean chromium the behavior is still the same. does anybody else observing this? or is it just me? -- With best regards, Gregory Edigarov Hi If you open up the developer console and start a video, do you see any requests that end in an error in the Network tab? Well, yes. I've got only three of them blocked intentionally. (ad.doubleclick.net and googlesyndication) these are blocked at dns level. but my android phone for example uses the same (my) dns and is still able to play video. -- With best regards, Gregory Edigarov
chromium has troubles showing videos from youtube
Hello, chromium-86.0.4240.185, installed from packages is showing spinner and goes no further after the first ad before video, and not. at first I thought it is some extension, but with clean chromium the behavior is still the same. does anybody else observing this? or is it just me? -- With best regards, Gregory Edigarov
Re: procedure for making an msdos usb stick
what do you mean "shrinks"? On 11/5/20 1:24 PM, Peter J. Philipp wrote: Is there any documentation for this? I'm having a hard time with this. Particularily when I newfs_msdos a partition it shrinks every time. I'm on 6.8. Best Regards, -peter
Re: system slow down strangeness
On 2020-09-08 19:38, Nick Holland wrote: On 2020-09-08 04:16, Gregory Edigarov wrote: Hello, from around two weeks ago I am observing the overall system slow down. Everything work stable, but nearly every X application takes forever to open a window. also I am using tiling wm, and when workspace is switched, it takes a long time for the system to redraw a screen. I also noticed that some console scripts like ansible-doc are also starting slower then usual. this system only has 8 Gb RAM temporarily, but top says: Memory: Real: 1764M/5673M act/tot Free: 2183M Cache: 3284M Swap: 0K/32G so I do not think it is a memory issue. was just fine before, so wondering what has happen. OpenBSD 6.8-beta (GENERIC.MP) #59: Fri Sep 4 22:46:14 MDT 2020 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP well...that's less than two weeks old. So I'm guessing either you had the problem and figured, "let's upgrade, see if that fixes it" (not a bad plan), or you are a regular upgrader (also good). Can you say if the problem started with an upgrade? Or did it occur between upgrades? Hm, well, yes, I am upgrading regularly. It's my home system, so nothing mission critical. And therefore why not upgrade it and see what new you guys are cooking ;-) Usually upgrading on weekly basis. ... sd0 at scsibus1 targ 0 lun 0: Any possibility you have a bad disk? No, it seems more like it is software problem. I did some tests, and came to a conclusion that it is chromium, some how while it is not in top for cpu it slows down things significantly. for now switched to firefox and problem disappeared. But, just for the record, firefox had issues with sigbus/segfault around a week ago. Now it is rock solid and fast again.
Re: system slow down strangeness
On 2020-09-08 21:18, Stuart Henderson wrote: On 2020-09-08, Gregory Edigarov wrote: Hello, from around two weeks ago I am observing the overall system slow down. Everything work stable, but nearly every X application takes forever to open a window. also I am using tiling wm, and when workspace is switched, it takes a long time for the system to redraw a screen. I also noticed that some console scripts like ansible-doc are also starting slower then usual. this system only has 8 Gb RAM temporarily, but top says: Memory: Real: 1764M/5673M act/tot Free: 2183M Cache: 3284M Swap: 0K/32G so I do not think it is a memory issue. was just fine before, so wondering what has happen. OpenBSD 6.8-beta (GENERIC.MP) #59: Fri Sep 4 22:46:14 MDT 2020 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP What was the previous kernel version? "zgrep OpenBSD /var/log/messages*" may well find it. Mesa was updated recently, and a number of changes were made to DRM drivers. the previous was: /var/log/messages.2.gz:Sep 5 00:41:28 lbld12 /bsd: OpenBSD 6.7-current (GENERIC.MP) #48: Fri Aug 28 23:21:33 MDT 2020
system slow down strangeness
Hello, from around two weeks ago I am observing the overall system slow down. Everything work stable, but nearly every X application takes forever to open a window. also I am using tiling wm, and when workspace is switched, it takes a long time for the system to redraw a screen. I also noticed that some console scripts like ansible-doc are also starting slower then usual. this system only has 8 Gb RAM temporarily, but top says: Memory: Real: 1764M/5673M act/tot Free: 2183M Cache: 3284M Swap: 0K/32G so I do not think it is a memory issue. was just fine before, so wondering what has happen. OpenBSD 6.8-beta (GENERIC.MP) #59: Fri Sep 4 22:46:14 MDT 2020 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8501665792 (8107MB) avail mem = 8228966400 (7847MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.2 @ 0xe6cc0 (31 entries) bios0: vendor American Megatrends Inc. version "P4.20" date 06/18/2020 bios0: ASRock B450 Pro4 acpi0 at bios0: ACPI 6.0 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT FIDT SSDT SSDT SSDT MCFG AAFT HPET UEFI PCCT SSDT CRAT CDIT SSDT SSDT WSMT SSDT acpi0: wakeup devices GPP0(S4) GPP1(S4) GPP3(S4) GPP4(S4) GPP5(S4) GPP6(S4) GPP7(S4) GPP8(S4) GPP9(S4) GPPA(S4) GPPB(S4) GPPC(S4) GPPD(S4) GPPE(S4) GPPF(S4) GP10(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Ryzen 5 3600 6-Core Processor, 3593.71 MHz, 17-71-00 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu0: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 8-way L2 cache, 32MB 64b/line disabled L3 cache cpu0: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=1.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: AMD Ryzen 5 3600 6-Core Processor, 3593.25 MHz, 17-71-00 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu1: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 8-way L2 cache, 32MB 64b/line disabled L3 cache cpu1: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: AMD Ryzen 5 3600 6-Core Processor, 3593.25 MHz, 17-71-00 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu2: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 8-way L2 cache, 32MB 64b/line disabled L3 cache cpu2: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu2: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 8 (application processor) cpu3: AMD Ryzen 5 3600 6-Core Processor, 3593.26 MHz, 17-71-00 cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu3: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 8-way L2 cache, 32MB 64b/line disabled L3
an interesting case for BGP
Hello Everybody, I was helping my friend to switch to new ip block and asn recently and run into situation, when I need to announce a new network over the same session here's how i implemented this with quagga: network xxx.xxx.xxx.0/24 route-map NEW route-map NEW permit 30 set as-path prepend NEWAS NEWAS ip prefix-list out-to-uplink seq 10 permit xxx.xxx.xxx.0/24 However, with OpenBGPD, it seems like I could not implement the trick because it only allows to prepend self or neighbor, not an arbitrary ASn. Am I missing something?
ansible hostname.if role
Hello everybody, introducing this little ansible role to configure hostname.if(5) files. comments are welcome https://github.com/gred7/ansible-openbsd-interfaces-role.git
Re: ssh X forwarding and google-chrome
On 2020-07-02 17:33, Gregory Edigarov wrote: Hello, everybody does anybody know if there is any tricks? In my office pc (currently linux) I have google-chrome installed, and I absolutely need to access it from home. "ssh -Y google-chrome" just shows an empty and blank window, no menu, no address bar. May be there is some command line flags I am not aware of? Thank you. Well, after some rethinking I've decided to use ssh port forwarding, because I just need an access to one internal server. -- With best regards, Gregory Edigarov
ssh X forwarding and google-chrome
Hello, everybody does anybody know if there is any tricks? In my office pc (currently linux) I have google-chrome installed, and I absolutely need to access it from home. "ssh -Y google-chrome" just shows an empty and blank window, no menu, no address bar. May be there is some command line flags I am not aware of? Thank you.
AMD Ryzen
Hello, Can somebody tell me overall impressions/success stories of those systems? I am thinking of buying this system as my next desktop for OpenBSD of course, so please share. Most interesting would be dmesgs of some working configurations. Thanks a lot in advance -- With best regards, Gregory Edigarov
Re: weird ansible + doas behaviour
On 2020-06-21 23:55, Stuart Henderson wrote: On 2020-06-21, Gregory Edigarov wrote: Trying to run ansible-playbook with localhost. Playbook: --- - hosts: localhost become: true become_method: doas roles: - wrkstpkgs Expected behaviour - Ansible asks for the become pass only once, then execution of tasks require no intervention. Observed behaviour: run ansible-playbook: ansible-playbook -K site.yml BECOME password: [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all' PLAY [localhost] ** TASK [Gathering Facts] doas (g...@lbld12.duckdns.org) password: ok: [localhost] TASK [wrkstpkgs : ensure vital packages are present] ** doas (g...@lbld12.duckdns.org) password: ok: [localhost] TASK [wrkstpkgs : ensure versioned packages are present] ** doas (g...@lbld12.duckdns.org) password: doas.conf only contains this line: permit persist greg Am I missing anything? Thanks a lot in advance. I think it's like the problem with using doas in ports. "persist" uses the TIOCSETVERAUTH/TIOCCHKVERAUTH tty(4) ioctls which were added specifically for doas, the authentication can't be passed around very far: TIOCCHKVERAUTH void Check the verified auth status of this session. The calling process must have the same real user ID and parent process as the process which called TIOCSETVERAUTH. A zero return indicates success. Chances are the second doas call does not have the same parent process. Hello Stuart. Yes, it's definitely the case. But are there any workarounds? of course I can install sudo from packages, but I'm always willing to stick with the base as much as possible. And completely preventing the prompting for password using permit nopass doesn't seem to me like a good solution either. -- With best regards, Gregory Edigarov
weird ansible + doas behaviour
Trying to run ansible-playbook with localhost. Playbook: --- - hosts: localhost become: true become_method: doas roles: - wrkstpkgs Expected behaviour - Ansible asks for the become pass only once, then execution of tasks require no intervention. Observed behaviour: run ansible-playbook: ansible-playbook -K site.yml BECOME password: [WARNING]: provided hosts list is empty, only localhost is available. Note that the implicit localhost does not match 'all' PLAY [localhost] ** TASK [Gathering Facts] doas (g...@lbld12.duckdns.org) password: ok: [localhost] TASK [wrkstpkgs : ensure vital packages are present] ** doas (g...@lbld12.duckdns.org) password: ok: [localhost] TASK [wrkstpkgs : ensure versioned packages are present] ** doas (g...@lbld12.duckdns.org) password: doas.conf only contains this line: permit persist greg Am I missing anything? Thanks a lot in advance. -- With best regards, Gregory Edigarov
Re: Article OpenBSD: Not Free Not Fuctional and Definetly Not Secure and BSD, the truth blog
On 2020-05-28 07:16, Quantum Robin wrote: Hi, While surfing on the Google to learn more about OpenBSD, I encountered this one: "OpenBSD: Not Free Not Fuctional and Definetly Not Secure ( https://aboutthebsds.wordpress.com/2013/01/25/20/) Is the author telling the truth? Or just yet another anti-BSD thing? Those haters are always somehow associating to me with the MTV song by Ian Gillan :-))
clang analyzer
Hello, clang --analyze main.c error: action RunAnalysis not compiled in I find it strange. Is there any particular reason for not including it? Is there any procedure I can use to get a "full" clang? Thank you. -- With best regards, Gregory Edigarov
Re: BGP and carp slaves
On 02.04.20 12:34, Luca Bodini wrote: Hi folks, I’m just having a strange issue using OpenBSD 6.6 and BGP . I have two OpenBSD firewalls with a carp configuration, let’s suppose the shared IP is 10.10.10.100, and I am able to announce 10.10.10.100/32 via BGP. Now, here is my /etc/bgpd.conf configuration: prefix-set mynetworks { \ 10.10.10.100/32\ } I’ve asked provider to change BGP configuration and everything now is stetted up correctly, now, the question is: Is the carp slave accepting and forwarding connections by design or is it un “unintended" feature? Just out of curiosity, was that a real config or you've replaced ASn and prefix? if it is real where have you found a provider, agreed to setup session with private ASn anouncing a single private ip? Is that a lab of some kind?
Re: 10Gbit network work only 1Gbit
On 13.11.19 21:18, Hrvoje Popovski wrote: On 13.11.2019. 16:37, Gregory Edigarov wrote: could you please do one more test: "forwarding over ix0 and ix1, pf enabled, 5 tcp states" with this generator i can't use tcp. generally pps with 5 or 50 states are more or less same ... problem with tcp testing is that i can't get precise pps numbers ... and only for you :) with iperf3 (8 tcp streams) on client boxes i'm getting this results ... forwarding over ix0 and ix1, pf and ipsec disabled 9.40Gbps forwarding over ix0 and ix1, pf enabled, 8 tcp streams 7.40Gbps forwarding over ix0 and ix1, ipsec established over em0, pf disabled 8.10Gbps forwarding over ix0 and ix1, ipsec established over em0, pf enabled, 8 TCP streams 5.25Gbps thanks, Hrvoje On 13.11.19 12:52, Hrvoje Popovski wrote: On 13.11.2019. 10:59, Hrvoje Popovski wrote: On 12.11.2019. 10:54, Szél Gábor wrote: Dear Hrvoje, Theo, Thank you for your answers! answers to the questions: - who is parent interface for carp? -> vlan ( carp10 interface parent vlan10 -> vlan10 interface parent -> trunk0 ) - why vlan interfaces don't have ip address ? -> it wasn't needed! i think vlan interface need only tag packages. Carp (over vlan) interface have IP address. it's little strange to me to not have ip address on parent carp interface, but if it works for you ... ok.. - vether implies that you have bridge? -> yes whe have only one bridge for bridget openvpn clients, but we will eliminate it. we will do the following: - refresh our backup firewall to oBSD 6.6 - replace trunk interface with aggr - remove bridge interface this is nice start to make you setup faster. big performance killer in your setup is ipsec and old hardware. maybe oce(4) but i never tested it, so i'm not sure ... if you can, change oce with ix, intel x520 is not that expensive .. bridge is slow, but only for traffic that goes through it. with ipsec, the same second when tunnel is established, forwarding performance will drop significantly on whole firewall ... i forgot numbers, so i did quick tests .. forwarding over ix0 and ix1, pf and ipsec disabled 1.35Mpps forwarding over ix0 and ix1, pf enabled, 500 UDP states 800Kpps forwarding over ix0 and ix1, ipsec established over em0, pf disabled 800Kpps forwarding over ix0 and ix1, ipsec established over em0, pf enabled, 500 UDP states 550Kpps OpenBSD 6.6-current (GENERIC.MP) #453: Mon Nov 11 21:40:31 MST 2019 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 17115840512 (16322MB) avail mem = 16584790016 (15816MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xcf42c000 (99 entries) bios0: vendor Dell Inc. version "2.8.0" date 06/26/2019 bios0: Dell Inc. PowerEdge R620 acpi0 at bios0: ACPI 3.0 acpi0: sleep states S0 S4 S5 acpi0: tables DSDT FACP APIC SPCR HPET DMAR MCFG WD__ SLIC ERST HEST BERT EINJ TCPA PC__ SRAT SSDT acpi0: wakeup devices PCI0(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 4 (boot processor) cpu0: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.53 MHz, 06-3e-04 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 2, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 100MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE cpu1 at mainbus0: apid 6 (application processor) cpu1: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.01 MHz, 06-3e-04 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 3, package 0 cpu2 at mainbus0: apid 8 (application processor) cpu2: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.01 MHz, 06-3e-04 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 4, package 0 cpu
Re: 10Gbit network work only 1Gbit
could you please do one more test: "forwarding over ix0 and ix1, pf enabled, 5 tcp states" On 13.11.19 12:52, Hrvoje Popovski wrote: On 13.11.2019. 10:59, Hrvoje Popovski wrote: On 12.11.2019. 10:54, Szél Gábor wrote: Dear Hrvoje, Theo, Thank you for your answers! answers to the questions: - who is parent interface for carp? -> vlan ( carp10 interface parent vlan10 -> vlan10 interface parent -> trunk0 ) - why vlan interfaces don't have ip address ? -> it wasn't needed! i think vlan interface need only tag packages. Carp (over vlan) interface have IP address. it's little strange to me to not have ip address on parent carp interface, but if it works for you ... ok.. - vether implies that you have bridge? -> yes whe have only one bridge for bridget openvpn clients, but we will eliminate it. we will do the following: - refresh our backup firewall to oBSD 6.6 - replace trunk interface with aggr - remove bridge interface this is nice start to make you setup faster. big performance killer in your setup is ipsec and old hardware. maybe oce(4) but i never tested it, so i'm not sure ... if you can, change oce with ix, intel x520 is not that expensive .. bridge is slow, but only for traffic that goes through it. with ipsec, the same second when tunnel is established, forwarding performance will drop significantly on whole firewall ... i forgot numbers, so i did quick tests .. forwarding over ix0 and ix1, pf and ipsec disabled 1.35Mpps forwarding over ix0 and ix1, pf enabled, 500 UDP states 800Kpps forwarding over ix0 and ix1, ipsec established over em0, pf disabled 800Kpps forwarding over ix0 and ix1, ipsec established over em0, pf enabled, 500 UDP states 550Kpps OpenBSD 6.6-current (GENERIC.MP) #453: Mon Nov 11 21:40:31 MST 2019 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 17115840512 (16322MB) avail mem = 16584790016 (15816MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xcf42c000 (99 entries) bios0: vendor Dell Inc. version "2.8.0" date 06/26/2019 bios0: Dell Inc. PowerEdge R620 acpi0 at bios0: ACPI 3.0 acpi0: sleep states S0 S4 S5 acpi0: tables DSDT FACP APIC SPCR HPET DMAR MCFG WD__ SLIC ERST HEST BERT EINJ TCPA PC__ SRAT SSDT acpi0: wakeup devices PCI0(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 4 (boot processor) cpu0: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.53 MHz, 06-3e-04 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 2, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 100MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE cpu1 at mainbus0: apid 6 (application processor) cpu1: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.01 MHz, 06-3e-04 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 3, package 0 cpu2 at mainbus0: apid 8 (application processor) cpu2: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.01 MHz, 06-3e-04 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 4, package 0 cpu3 at mainbus0: apid 16 (application processor) cpu3: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.01 MHz, 06-3e-04 cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 0, core 8, package 0 cpu4 at mainbus0: apid 18 (application processor) cpu4: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.01 MHz, 06-3e-04 cpu4:
Re: obsd web server
On 02.09.19 02:49, Gustavo Rios wrote: Hi folks, i would like to confgiure my obsd server as a web server. I would like to configure my web server to handle multiple domains without having to set each domain one by one. I mean: Every request for www.x.com is mapped into the root directory /var/web/www.x.com Got the idea ? If a new server is required, All i needed to do would create a directory inside /var/web with the full access string : mkdir /var/web/www.newdomain.com And i should not need to manipulate config files Hi, you may want to look at lighttpd. https://redmine.lighttpd.net/projects/lighttpd/wiki/Docs_ModSimpleVhost should be what you need
Re: su - root => segmentation fault
On 31.07.19 17:00, Solene Rapenne wrote: On Wed, Jul 31, 2019 at 04:49:54PM +0500, dmitry.sensei wrote: Hi! why did it happen? OpenBSD 6.5 current $su - root root's password: Segmentation fault $ doas su - root # -- Dmitry Orlov what current? What arch? works for me© OpenBSD 6.5-current (GENERIC.MP) #153: Sun Jul 28 20:33:09 MDT 2019 usually it means that your kernel does not match the userspace
Re: Postscript printer recommendations
On 18.07.19 10:57, Gregory Edigarov wrote: Just for myself until the better solution arive I for a while have put such lines into rc.shutdown also, how about having kernel.conf file, that will be used by rc script after kernel relinking. i.e something like this in the end of /etc/rc if [ -f /etc/kernel.conf ]; then config -ef /bsd < /etc/kernel.conf fi On 18.07.19 10:07, Stuart Henderson wrote: On 2019-07-16, Robert Klein wrote: How about: config -ef /bsd <It still works, but it prevents "kernel reordering" from taking place, which is both a security mitigation and (for release users) the mechanism used for applying syspatches to the kernel. And of course for snapshot users it needs to be re-applied every update. We don't have a good solution for this yet.
Re: Postscript printer recommendations
Just for myself until the better solution arive I for a while have put such lines into rc.shutdown On 18.07.19 10:07, Stuart Henderson wrote: On 2019-07-16, Robert Klein wrote: How about: config -ef /bsd < It still works, but it prevents "kernel reordering" from taking place, which is both a security mitigation and (for release users) the mechanism used for applying syspatches to the kernel. And of course for snapshot users it needs to be re-applied every update. We don't have a good solution for this yet.
Re: Ansible install Re: Reboot and re-link
On 21.06.19 21:02, Frank Beuth wrote: On Wed, Jun 19, 2019 at 11:29:32PM +0200, Maxim Bourmistrov wrote: Installing via NOT RECOMMENDED WAY(following upgrade65.html) - scripting on steroides (ansible). I don't want to re-open the hostilities, but installing OpenBSD via Ansible is very relevant to my interests. Previously discussed on this list was a very roundabout approach using Qemu -- is there a better way now? it's all easy given it is some IaaS provider, just use terraform to create the ground, (terraform could also be used to upload keys, and do some preconfiguration) then call ansible. my worst timing on AWS is ~20 minutes. baremetal servers are more interesting beasts here but if your colocation/infrastructure provider allows for boot image uploads that's also quite doable with existing tools.
Re: Random system freeze.
Hi Paco, could you please check if you can login over network when the system freeze? if so - please do a backtrace of the X server. i.e.: su - gdb /usr/X11R6/bin/X `pgrep X` bt just curious, if you'll my condition also. that may help developers in problem identification. thanks. On 23.05.19 18:35, Paco Esteban wrote: Hi misc@, I've been having some system freezes lately, as others using intel graphics. Sometimes it does not hit in days but sometimes the system hangs 2 or 3 times a day. I was wondering if there's any iformation I can supply to devs that could be useful (besides dmesg ...). Cheers, Paco. OpenBSD 6.5-current (GENERIC.MP) #37: Tue May 21 19:41:49 MDT 2019 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 16567697408 (15800MB) avail mem = 16055463936 (15311MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0x67493000 (88 entries) bios0: vendor American Megatrends Inc. version "F4" date 09/04/2015 bios0: Gigabyte Technology Co., Ltd. Z170N-WIFI-CF acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT FIDT MCFG HPET SSDT SSDT UEFI LPIT SSDT SSDT SSDT DBGP DBG2 SSDT SSDT BGRT DMAR ASF! acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) PEG2(S4) PS2K(S3) PS2M(S3) PXSX(S4) RP09(S4) PXSX(S4) RP10(S4) PXSX(S4) RP11(S4) PXSX(S4) RP12(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz, 3601.34 MHz, 06-5e-03 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 23MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz, 3500.01 MHz, 06-5e-03 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz, 3400.00 MHz, 06-5e-03 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Core(TM) i5-6500 CPU @ 3.20GHz, 3300.00 MHz, 06-5e-03 cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,MD_CLEAR,TSXFA,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 0, core 3, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins acpimcfg0 at acpi0 acpimcfg0: addr 0xe000, bus 0-255 acpihpet0 at acpi0: 2399 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG0) acpiprt2 at acpi0: bus -1 (PEG1) acpiprt3 at acpi0: bus -1 (PEG2) acpiprt4 at acpi0: bus 5 (RP09) acpiprt5 at acpi0: bus -1 (RP10) acpiprt6 at acpi0: bus -1 (RP11) acpiprt7 at acpi0: bus -1 (RP12) acpiprt8 at acpi0: bus 6 (RP13) acpiprt9 at acpi0: bus 2 (RP01) acpiprt10 at acpi0: bus -1 (RP02) acpiprt11 at acpi0: bus -1 (RP03) acpiprt12 at acpi0: bus
Re: X hangs again while on integrated
On 07.05.19 11:39, Gregory Edigarov wrote: I've got some more info on this. tried to run X with tiling wms: spectrwm (my main wm), dwm, i3 - all hang absolutely the same way. (see my last mail with X backtraced) then I've tried fvwm - works cwm - works kde & gnome - both work flawlessly. i.e. there is some trouble in the newest versions of Xenocara, making it impossible to run with tiling window manager at least on i915. sorry, yesterday fvwm and cwm were both hanging the same way spectrwm does. if somebody want to look into the issue - what else information beside dmesg and backtrace do you need? didn't test with kde & gnome ( and anyway I removed them as I don't use them) Thanks. On 23.04.19 11:43, Gregory Edigarov wrote: Hello misc@ it happens with no traces in logs. most of the time while in chromium, but in firefox too. (with firefox it just needs more time) thought it is memory, but memtest reveal nothing. the same is the video memory tests. it happens only on intel i915. no hangs on radeon(non integrated). when this happen i am always able to login via ssh too the box and kill X. killing chrome or firefox doesn't help. also noticed that with recent build as of Apr 21, kernel is loosing the changes made by config, but still works when i make changes during the boot in UKC. dmesg: OpenBSD 6.5-current (GENERIC.MP) #0: Sun Apr 21 14:26:55 EEST 2018 g...@lbld12.duckdns.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xb320 (90 entries) bios0: vendor American Megatrends Inc. version "3805" date 05/10/2018 bios0: ASUSTeK COMPUTER INC. Q170M-C acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT ASF! MCFG SSDT FIDT SSDT SSDT HPET SSDT SSDT UEFI SSDT LPIT WSMT SSDT SSDT DBGP DBG2 TPM2 acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) PEG2(S4) SIO1(S3) UAR1(S4) UAR2(S4) PXSX(S4) RP09(S4) PXSX(S4) RP10(S4) PXSX(S4) RP11(S4) PXSX(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2694.73 MHz, 06-5e-03 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI \ ,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB \ G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1 \ 6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME \ P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 24MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.78 MHz, 06-5e-03 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI \ ,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB \ G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1 \ 6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME \ P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.78 MHz, 06-5e-03 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI \ ,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB \ G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1 \ 6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME \ P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.78 MHz, 06-5e-03 cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI \ ,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB \ G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1 \ 6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME \ P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SE
Re: X hangs again while on integrated
I've got some more info on this. tried to run X with tiling wms: spectrwm (my main wm), dwm, i3 - all hang absolutely the same way. (see my last mail with X backtraced) then I've tried fvwm - works cwm - works kde & gnome - both work flawlessly. i.e. there is some trouble in the newest versions of Xenocara, making it impossible to run with tiling window manager at least on i915. On 23.04.19 11:43, Gregory Edigarov wrote: Hello misc@ it happens with no traces in logs. most of the time while in chromium, but in firefox too. (with firefox it just needs more time) thought it is memory, but memtest reveal nothing. the same is the video memory tests. it happens only on intel i915. no hangs on radeon(non integrated). when this happen i am always able to login via ssh too the box and kill X. killing chrome or firefox doesn't help. also noticed that with recent build as of Apr 21, kernel is loosing the changes made by config, but still works when i make changes during the boot in UKC. dmesg: OpenBSD 6.5-current (GENERIC.MP) #0: Sun Apr 21 14:26:55 EEST 2018 g...@lbld12.duckdns.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xb320 (90 entries) bios0: vendor American Megatrends Inc. version "3805" date 05/10/2018 bios0: ASUSTeK COMPUTER INC. Q170M-C acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT ASF! MCFG SSDT FIDT SSDT SSDT HPET SSDT SSDT UEFI SSDT LPIT WSMT SSDT SSDT DBGP DBG2 TPM2 acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) PEG2(S4) SIO1(S3) UAR1(S4) UAR2(S4) PXSX(S4) RP09(S4) PXSX(S4) RP10(S4) PXSX(S4) RP11(S4) PXSX(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2694.73 MHz, 06-5e-03 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI \ ,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB \ G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1 \ 6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME \ P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 24MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.78 MHz, 06-5e-03 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI \ ,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB \ G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1 \ 6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME \ P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.78 MHz, 06-5e-03 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI \ ,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB \ G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1 \ 6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME \ P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.78 MHz, 06-5e-03 cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI \ ,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB \ G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1 \ 6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME \ P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 0, core 3, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins acpimcfg0 at acpi0 acpimcfg0: addr 0xf800, bus 0-63 acpihpet0 at acpi0: 2399 Hz acpiprt0 at acpi0: bus 0 (PCI0) acp
Re: Xorg blanks until I switch to a TTY and back on 6.5
On 29.04.19 10:05, Jonathan Gray wrote: On Sun, Apr 28, 2019 at 07:26:54PM -0400, Charles wrote: Hello list, Ever since the new inteldrm driver got merged into -current, shortly before the 6.5 release, I'm seeing an odd new behavior on my Thinkpad T430 -- when an external display is connected, Xorg blanks all screens (but the mouse can still be seen) until I switch to a TTY and back with (i.e. C-A-F4 then C-A-F5) after which point it goes back to normal. I'm glad the new inteldrm driver got merged, since it fixes several other video issues I was having. This problem is very minor since the workaround is just a few extra keystrokes when I dock or undock, but it is nevertheless annoying. Is anyone else experiencing this issue on third gen core-I series Intel chips with integrated graphics? Or on any other chips for that matter? I checked Xorg.0.log and didn't see anything suspicious. I also tried disabling monitor hotplugging via Xorg.conf, but I either did it wrong or it had no effect. I would attach xorg logs and dmesg, but AFAIK misc@ does not allow attachments, and I don't want to annoy people with that much inline info. Does this help? Index: sys/dev/pci/drm/drm_fb_helper.c === RCS file: /cvs/src/sys/dev/pci/drm/drm_fb_helper.c,v retrieving revision 1.13 diff -u -p -r1.13 drm_fb_helper.c --- sys/dev/pci/drm/drm_fb_helper.c 14 Apr 2019 10:14:51 - 1.13 +++ sys/dev/pci/drm/drm_fb_helper.c 29 Apr 2019 06:58:25 - @@ -575,6 +575,9 @@ static bool drm_fb_helper_is_bound(struc #ifdef notyet if (READ_ONCE(dev->master)) return false; +#else + if (!SPLAY_EMPTY(>files)) + return false; #endif drm_for_each_crtc(crtc, dev) { could this one be also related to my troubles?
Re: some more info about ?? hangs
Updated and rebuilt. Still hangs The same way and place. On Sun, Apr 28, 2019, 07:02 Jonathan Gray wrote: > On Sat, Apr 27, 2019 at 04:55:50PM +0300, Gregory Edigarov wrote: > > attached please find dmesg and backtrace of X when that happen again > > hope this bug report will be more useful than previous one. > > > > thank you. > > -- > > With best regards, > > Gregory Edigarov > > Likely fixed by > > xenocara/xserver/hw/xfree86/common/xf86VGAarbiterPriv.h > > > revision 1.9 > date: 2019/04/28 03:12:53; author: jsg; state: Exp; lines: +13 -7; > commitid: gMqza1DBk6OCnvP4; > Backport cf7517675d988c2d1ff967d6d162a17acbdad46 from xserver 1.20 > xfree86: Hold input_lock across SPRITE functions in VGA arbiter > > Fixes stack overflow crash with VGA arbiter used with multi GPU systems. > Report and fix identified by 'Joe M' on misc@. ok matthieu@ > >
some more info about Х hangs
attached please find dmesg and backtrace of X when that happen again hope this bug report will be more useful than previous one. thank you. -- With best regards, Gregory Edigarov dmesg Description: Binary data x.backtrace Description: Binary data
X hangs again while on integrated
Hello misc@ it happens with no traces in logs. most of the time while in chromium, but in firefox too. (with firefox it just needs more time) thought it is memory, but memtest reveal nothing. the same is the video memory tests. it happens only on intel i915. no hangs on radeon(non integrated). when this happen i am always able to login via ssh too the box and kill X. killing chrome or firefox doesn't help. also noticed that with recent build as of Apr 21, kernel is loosing the changes made by config, but still works when i make changes during the boot in UKC. dmesg: OpenBSD 6.5-current (GENERIC.MP) #0: Sun Apr 21 14:26:55 EEST 2018 g...@lbld12.duckdns.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xb320 (90 entries) bios0: vendor American Megatrends Inc. version "3805" date 05/10/2018 bios0: ASUSTeK COMPUTER INC. Q170M-C acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT ASF! MCFG SSDT FIDT SSDT SSDT HPET SSDT SSDT UEFI SSDT LPIT WSMT SSDT SSDT DBGP DBG2 TPM2 acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) PEG2(S4) SIO1(S3) UAR1(S4) UAR2(S4) PXSX(S4) RP09(S4) PXSX(S4) RP10(S4) PXSX(S4) RP11(S4) PXSX(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2694.73 MHz, 06-5e-03 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI \ ,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB \ G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1 \ 6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME \ P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 24MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.78 MHz, 06-5e-03 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI \ ,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB \ G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1 \ 6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME \ P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.78 MHz, 06-5e-03 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI \ ,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB \ G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1 \ 6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME \ P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.78 MHz, 06-5e-03 cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI \ ,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDB \ G,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F1 \ 6C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SME \ P,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 0, core 3, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins acpimcfg0 at acpi0 acpimcfg0: addr 0xf800, bus 0-63 acpihpet0 at acpi0: 2399 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG0) acpiprt2 at acpi0: bus -1 (PEG1) acpiprt3 at acpi0: bus -1 (PEG2) acpiprt4 at acpi0: bus 4 (RP09) acpiprt5 at acpi0: bus -1 (RP10) acpiprt6 at acpi0: bus 5 (RP11) acpiprt7 at acpi0: bus -1 (RP12) acpiprt8 at acpi0: bus -1 (RP13) acpiprt9 at acpi0: bus 2 (RP01) acpiprt10 at acpi0: bus -1 (RP02) acpiprt11 at acpi0: bus -1 (RP03) acpiprt12 at acpi0: bus -1 (RP04) acpiprt13 at acpi0: bus 3 (RP05) acpiprt14 at acpi0: bus -1 (RP06)
Re: procmail and new grammar in smtpd.conf
On 05.12.18 13:22, Eda Sky wrote: Hi I'm preparing an update from 6.3 to 6.4 and fix the required configuration files For many years I've been using fetchmail/procmail and I do not know how to overwrite smtpd.conf to a new grammar the original rule is accept from any for domain "example.com" alias deliver to mda "/usr/local/bin/procmail -f -" \ that seems to become: action "procmail" mda "/usr/local/bin/procmail -f -" match for domain "example.com" action "procmail" I do not know how to write new rules. Everything I'm trying to do ends with syntax error. Will anyone advise me? Thank you
ssh -w in macosx (sorry I know it's a deep offtopic)
Hello, need to get ssh tunnel quickly. the other side is linux. running this: ssh -i /home/MAC_A_120614/.ssh/id_rsa -vvv -o PermitLocalCommand=yes -o LocalCommand="ifconfig tun1 192.168.100.4 pointtopoint 192.168.100.3 netmask 255.255.255.255" -o ServerAliveInterval=60 -w 1:1 somehost.com "ifconfig tun1 192.168.100.3 pointopoint 192.168.100.4 netmask 255.255.255.255" got this: debug1: sys_tun_open: /dev/tun1 open failed: No such file or directory Tunnel device open failed. no man pages, no /dev/MAKEDEV, not that i could find something on the net. we've really got very spoiled with OpenBSD :-)
Re: Redistributing between bgpd and ospfd
On 15.10.18 12:58, Sebastian Benoit wrote: open...@kene.nu(open...@kene.nu) on 2018.10.15 11:05:41 +0200: Hello, I am trying to get bgpd and ospfd play nicely with route redistribution. So far the only way I have found that suits my need is to use bgpd.conf network statements and rtlabels. So, to make ospfd learn route from bgpd I use rtlabels. So in bgpd.conf: match from set rtlabel from_bgpd And in ospfd.conf: redistribute rtlabel from_bgpd So far so good. But the other way around, to bake bgpd learn from ospfd it becomes a bit more tedious. The only way I have found to make bgpd announce ospf originated routes (to its bgp peers) is via network statements in bgpd.conf. These network statements are not conditional on the availability of such a route in ospf though so they are not very dynamic anymore. I understand that it according to standard (https://tools.ietf.org/html/rfc1364) should be something that is explicit for type 1 and 2 LSAs. What is the recommended way to achieve dynamic explicit route redistribution in both directions? Network statements are the correct way. You can use network (inet|inet6) priority ... network (inet|inet6) rtlabel ... So with network inet priority 32 you should be able to redistribute all ospf routes into bgp. If this does not help, please explain your problem further (and include your config). (Note that you should run OpenBSD 6.4 (just use the latest snapshot) for this as there was at least a bugfix for route-labels.) wouldn't it be nice to have rtlabels in ospf(6)d? I would even prefer setting them per area, or per interface where a route was learned. just wondering why is it not implemented yet. is that too complex change? or just not necessary? thank you.
Re: Certificate authority software
On 21.09.18 15:28, Tim Jones wrote: ‐‐‐ Original Message ‐‐‐ On Friday, September 21, 2018 1:21 PM, Gregory Edigarov wrote: Hello, list. I need to setup a CA for intranet. I have some (rather not very positive) experience with ejbca. before I will set it up, I want to take a look at alternatives, and so i need an advice on the choice of software. what would you guys use? something with less dependencies is preferred (but with web interface). thank you. Depends what you want to do and the scale of your infrastructure ? If its your home lab or a small(ish) business then buy some Yubikeys (for the "secure your keys in an HSM" element) and fire up a copy of OpenSSL, and Robert is your uncle. If your talking thousands of users or tens of thousands of servers, then I'm sure you've got the budget for to pay for advice. ;-) Thank you. we're talking about hundreds of users, almost all of them are roadwarriors with ipsec/openvpn (depending on their preference), and tens of servers. and no, I do not have any budget ;-)
Re: Certificate authority software
Forgot to say: something with dual (command line/web) interface would be even more preferred. On 21.09.18 15:21, Gregory Edigarov wrote: Hello, list. I need to setup a CA for intranet. I have some (rather not very positive) experience with ejbca. before I will set it up, I want to take a look at alternatives, and so i need an advice on the choice of software. what would you guys use? something with less dependencies is preferred (but with web interface). thank you. -- With best regards, Gregory Edgarov
Certificate authority software
Hello, list. I need to setup a CA for intranet. I have some (rather not very positive) experience with ejbca. before I will set it up, I want to take a look at alternatives, and so i need an advice on the choice of software. what would you guys use? something with less dependencies is preferred (but with web interface). thank you. -- With best regards, Gregory Edgarov
Re: OpenBSD and letsencrypt in Amazon AWS
On 10.09.18 09:08, Jordan Geoghegan wrote: On 09/09/18 07:05, Monah Baki wrote: Hi All, I have a OpenBSD 6.3 server in Amazon AWS, and I am trying to install from ports letsencrypt. Install was running fine till I got a Fatal message after it was done with the patching process ... Thanks Monah acme-client(1) is in base and is used to get letsencrypt certificates. I believe it does the same job as certbot/letsencrypt. in a way. certbot on the other hand is capable of manual confirmation setup, which is necessary for dns-01, to get wildcard certificates.
Re: Configuration of a umb device
On 11.07.18 07:13, salan...@ouvaton.org wrote: 9 juillet 2018 08:12 "Gregory Edigarov" a écrit: perhaps a simple route add -net default 100.144.58.18 will do the trick I have done that, but this result does not change. # ifconfig umb0 umb0: flags=8851 mtu 1500 index 13 priority 0 llprio 3 roaming disabled registration home network state up cell-class EDGE rssi -81dBm speed 60.4Kps up 242Kps down SIM initialized PIN valid (3 attempts left) subscriber-id 310260855911295 ICC-id 8901260851159112954 provider US Mobile device KRD 131 30/123 - R1A/1 IMEI 004401701565398 firmware R3C11 (Pro), R4A10 (App) APN pwg dns 10.177.0.34 10.177.0.210 status: active inet 100.146.18.133 --> 100.146.18.131 netmask 0xfff8 # route add -net default 100.146.18.131 # ping -c1 100.146.18.131 PING 100.146.18.131 (100.146.18.131): 56 data bytes --- 100.146.18.131 ping statistics --- 1 packets transmitted, 0 packets received, 100.0% packet loss but at least, now there is no error. may be it's a provider that blocks traffic. also can you confirm pf is disabled on your side?
Re: Configuration of a umb device
perhaps a simple route add -net default 100.144.58.18 will do the trick On 09.07.18 03:37, salan...@ouvaton.org wrote: Could someone direct me as to how to set up my computer such that I can get internet access through? I installed a this model of US Mobile SIM card. https://www.usmobile.com/shop/product/Triple-Cut-GSM-SIM-Card Then I ran the commands below. What do I need to do next? $ dmesg|grep umb umb0 at uhub0 port 4 configuration 1 interface 6 "Lenovo N5321 gw" rev 2.00/0.00 addr 2 $ ifconfig apn pwg pin 1234 class 2G roaming up $ ifconfig umb0: flags=8851 mtu 1500 index 5 priority 0 llprio 3 roaming enabled registration home network state up cell-class EDGE rssi -77dBm speed 60.4Kps up 242Kps down SIM initialized PIN valid (3 attempts left) subscriber-id 310260855911295 ICC-id 8901260851159112954 provider US Mobile device KRD 131 30/123 - R1A/1 IMEI 004401701565398 firmware R3C11 (Pro), R4A10 (App) APN pwg dns 10.177.0.34 10.177.0.210 status: active inet 100.144.58.19 --> 100.144.58.18 netmask 0xfff8 $ ping -c1 9.9.9.9 PING 9.9.9.9 (9.9.9.9): 56 data bytes ping: sendmsg: No route to host ping: wrote 9.9.9.9 64 chars, ret=-1 --- 9.9.9.9 ping statistics --- 1 packets transmitted, 0 packets received, 100.0% packet loss
Re: Pf syntax, need help understanding an example
hi, $ext_if - expands to the name of the interface ($ext_if) - expands to the ip address assigned to the interface On 06.06.18 12:21, Johan Mellberg wrote: Hi, I am working my way through "The Book of Pf" and got hung up on the example on page 31 of edition 3 (I am reading edition 2 but the example seems to be identical in edition 3): ext_if = "re0" # macro for external interface - use tun0 or pppoe0 for PPPoE int_if = "re1" # macro for internal interface localnet = $int_if:network # ext_if IPv4 address could be dynamic, hence ($ext_if) match out on $ext_if inet from $localnet nat-to ($ext_if) # NAT, match IPv4 only block all pass from { self, $localnet So, what it does is not a problem, I understand that, but that set of parentheses around $ext_if confuses me. The explanation states that the IPv4 address could be dynamic (which is clear...) but I look at that example and as far as I understand, $ext_if should expand to "re0", not an IP address - right? Just to test I tried a simple line in my own pf.conf (on OpenBSD 6.3): ext_if = "em0" set skip on $ext_if and tested with pfctl -nvf /etc/pf.conf That worked so then I put parentheses around $ext_if: set skip on ($ext_if) and tested again. This time I got a syntax error! So could someone please explain this to me? I don't think this is an error in the book because there is a small paragraph apart from the comment in the example specifically pointing out the value of these parentheses - but I can't wrap my head around it. Any help appreciated! Sincerely, Johan
re0: watchdog timeout on recent current
Hello everybody, ok, so here is the symptoms. the thing happens usually during the high traffic, like when I am trying to watch video on a tv, which is connected to my home server/router on re0 (it is the local interface). the video freezes immediately. something like ifconfig re0 down && pfctl -Fst && ifconfig re0 up, hepls a bit but not every time, sometimes I need to reboot. during the March and until the middle of April it was working fine, do I think it was broklen quite recently. please let me know if you need more info. the system is a recent -CURRENT. dmesg follows: OpenBSD 6.3-current (GENERIC.MP) #0: Sat Apr 28 10:30:01 EEST 2018 g...@lbld12.duckdns.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 17011752960 (16223MB) avail mem = 16488316928 (15724MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xb3202000 (90 entries) bios0: vendor American Megatrends Inc. version "3601" date 12/12/2017 bios0: ASUSTeK COMPUTER INC. Q170M-C acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT ASF! MCFG SSDT FIDT SSDT SSDT HPET SSDT SSDT UEFI SSDT LPIT WSMT SSDT SSDT DBGP DBG2 TPM2 acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) PEG2(S4) SIO1(S3) UAR1(S4) UAR2(S4) PXSX(S4) RP09(S4) PXSX(S4) RP10(S4) PXSX(S4) RP11(S4) PXSX(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2694.73 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 23MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.72 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.72 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2693.72 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 0, core 3, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpihpet0 at acpi0: 2399 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG0) acpiprt2 at acpi0: bus -1 (PEG1) acpiprt3 at acpi0: bus -1 (PEG2) acpiprt4 at acpi0: bus 4 (RP09) acpiprt5 at acpi0: bus -1 (RP10) acpiprt6 at acpi0: bus 5 (RP11) acpiprt7 at acpi0: bus -1 (RP12) acpiprt8 at acpi0: bus -1 (RP13) acpiprt9 at acpi0: bus 2 (RP01) acpiprt10 at acpi0: bus -1 (RP02) acpiprt11 at acpi0: bus -1 (RP03) acpiprt12 at acpi0: bus -1 (RP04) acpiprt13 at acpi0: bus 3 (RP05) acpiprt14 at acpi0: bus -1 (RP06) acpiprt15 at acpi0: bus -1 (RP07) acpiprt16 at acpi0: bus -1 (RP08) acpiprt17 at acpi0: bus 1 (RP17) acpiprt18 at acpi0: bus -1 (RP18) acpiprt19 at acpi0: bus -1 (RP19) acpiprt20 at acpi0: bus -1 (RP20) acpiprt21 at acpi0: bus -1 (RP21) acpiprt22 at acpi0: bus -1 (RP22)
Re: Cold / warm spare for OpenBSD server
I would solve the problem of config sync vice versa. instead of syncing the files from one host to another you could just create the same files using any software configuration management system like ansible. of course, you will still need to sync the data, and rsync is your best friend here. On 11.04.18 16:08, Jeff Zimmerman wrote: Hello! I administer multiple OpenBSD machines which have been backing up via tar and sftp. I do have one server that is mission critical that I'd like to move to a more "warm" backup, perhaps using rsync. I already have a second server with the same hardware and OpenBSD version that is in a cold state but currently it would take some time to rebuild from the backup tars if something happened to the main server. I see this project as having two different stages. Because I've installed a lot of ports and packages outside of the base install, stage one would involve installing the same rev of OpenBSD on the redundant machine and having rsync sync everything (binaries, config, etc.) from production to the redundant machine. Then stage two would pare down the rsync config to only sync the dynamic data, like /var/mail, /etc configuration files and that kind of thing. My questions: Stage 1: sync the two machines so are initially identical. When syncing everything from existing to redundant machine in stage 1, what directories wouldn't need to be / shouldn't be synced? I suspect that /dev and /mnt probably shouldn't be synced and probably don't need to be synced if the server hardware and OS version is the same between machines. Likewise kernel files like /boot and /bsd probably don't need to be synced either unless upgrading the kernel for security patches. Are there other directories that shouldn't be or don't need to be synced? Stage 2: sync mail, /etc/passwd, etc. on a regular basis between the machines I need to mirror /etc, /var/mail, and any other directories with dynamically changing data. I'm not so concerned about logs so I probably won't sync all of /var. Similar to my question above, are there other directories that would have commonly changed data that I should be backing up on a semi-regular basis? Is rsync the best way to keep two OpenBSD servers in close sync with each other? Is rsync a reasonable way to initially mirror the installed ports and packages and configuration data from one machine to another? And is there a better way to go about having 2 servers in sync, one "hot" and one "warm"? Thanks! Jeff
Re: httpd - serving index.html & index.php at the same time
On 11.04.18 11:40, Mischa wrote Ok, good to know. It doesn't work as written. The only thing I see in the error.log is the fact that the PHP script is not found. Access to the script '/htdocs/s/' has been denied (see security.limit_extensions) Which tells me index.php is not requested. Browser tells me: File not found Running in debug mode it shows the following default 46.xx.xx.xx - - [11/Apr/2018:10:24:26 +0200] "GET /s/ HTTP/1.1" 404 0 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:58.0) Gecko/20100101 Firefox/58.0" default 46.xx.xx.xx - - [11/Apr/2018:10:24:27 +0200] " " 408 0 "" "" server default, client 1 (1 active), 46.xx.xx.xx:4824 -> xx.xx.xx.xx, timeout (408 Request Timeout) Primary script unknown default 46.xx.xx.xx - - [11/Apr/2018:10:24:27 +0200] "GET /s/ HTTP/1.1" 404 0 "" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:58.0) Gecko/20100101 Firefox/58.0" Not sure what else to look at. :(( Did some tests. here's how it works: location "/test" { block return 301 "/test/" } location "/test/" { root strip 1 root "/htdocs/phpapp" directory index "test.php" } note "root strip 1" directive.
Re: httpd - serving index.html & index.php at the same time
On 10.04.18 22:24, Mischa wrote: Hi All, Is there a way to serve both static and dynamic content, eg. index.html and index.php within the same server { } definition? I am looking for something like: server "default" { listen on $ext_addr port 80 root "/htdocs" directory index "index.html" # not needed as it's the default location "/files/*" { root "/htdocs/files" directory auto index } location "^/phpapp/*" { root "/htdocs/phpapp" directory index "index.php" fastcgi socket "/run/php-fpm.sock" } } Is it possible at all or do I need split static and dynamic content based on server { }? Seems like it should work exactly as you have written. if not you should show more then you've shown.
Re: Flow Tools
Sorry, if I hijack the thread, but what do you guys use for netflow analysis? Only know nfsen in ports, but sometimes I need more versatile tool. On 13.03.18 20:35, Diana Eichert wrote: I've been using samplicator to fanout UDP flow data for years. https://github.com/sleinen/samplicator diana On Tue, 13 Mar 2018, Paul Ammann wrote: Hi I've got a problem and I'm hoping OBSD may be able to solve my problem. We bought new firewalls in 2017, but they can only send flow traffic to a single destination. We need to send flow traffic to 3 destinations. I have a copy of Michael Lucas' book Network Flow Analysis, and I've been reading about flow-tools and flowd. Unfortunately there doesn't seem to have been a lot of development on these tools since 2010. Are there any other tools that I may have missed that would help me solve my problem? Thank you in advanced. Paul
deadfs, fifofs
Hello, Curiosity killed the cat. What are those for? I cannot find any reference in docs. Thank you. -- With best regards, Gregory Edigarov
Re: state of Netdata on OpenBSD
On 10.01.18 18:58, Alceu R. de Freitas Jr. wrote: Hello folks, I'm considering installing Netdata on OpenBSD 6.2, but I found this issue on Github: https://github.com/firehol/netdata/issues/1083 Unfortunately, it doesn't tell if Netdata works out of the box on OpenBSD, if requires the Collectd (supposedly integrated with it) or if it doesn't work at all. Did you guys have any success in using it? It did gave a shot to Collected, the problem was to get a decent web app to visualize the charts... Collectd is capable of writting the data it collects to several time series databases like influx or prometheus. You can use Grafana then, to visualize the data. The problem here is that you're still on your own to make the nice looking dashboard.
Re: reboot loop on -current, one machine of several
On 12.11.17 21:59, Nick Holland wrote: On 11/12/17 14:13, Otto Moerbeek wrote: On Sun, Nov 12, 2017 at 01:28:39PM -0500, Nick Holland wrote: Help. I was upgrading a few very similar machines to -current today. ONE of the three decided to be unpleasant. The thing has a serial console, and but it is about 370km from me. :-/ Upgrade from Sep 9 current to today's current via bsd.rd, just like the other two. Upon reboot, it does this (from /boot) : booting hd0a:/bsd: 8484712+2429968+244048+0+667648 [636809heap full (0x9d304+65536) And then reboots the system, as if from power-down/power-up. (already something I haven't seen before) Reboot from "bsd.rd" and "bsd.sp", same results. reboot from "obsd" (Sept 9), same results. Not a kernel problem, it seems. About this point, I'm starting to think how the serial console has let me down. I remember how to bring up a DRAC remote CD image via ssh tunnels to the drac and how to run java in a windows browser, and reboot off the remote CD image, do another upgrade, all goes fine (again), but upon reboot, same results... "heap full" and reboot. Boot from remote CD, at the boot> prompt, enter "boot hd0a:/bsd", and it boots Just Fine from the local hard disk (only boot pulled from the remote CD). Boot loader! Reinstalled boot: # installboot -v sd0 Using / as root installing bootstrap on /dev/rsd0c using first-stage /usr/mdec/biosboot, second-stage /usr/mdec/boot copying /usr/mdec/boot to /boot /boot is 3 blocks x 32768 bytes fs block shift 3; part offset 64; inode block 24, offset 2088 master boot record (MBR) at sector 0 partition 3: type 0xA6 offset 64 size 2000397671 /usr/mdec/biosboot will be written at sector 64 good, right? Reboot off local hard disk, boom. problem is still there. maybe not the boot loader. :-/ Verified /boot on trouble system and good system are the same. I'm not going to cry "bug", since there are two nearly identical systems working just fine. But I can't think of what I did wrong or what to do to fix it. Suggestions? You are hitting -DHEAP_LIMIT=0xA in /boot. The code is in libsa/alloa.c No idea why. But something in that system is different. You do have one weird line in your disklabel output: a filesystem mounted on swap? that's an mfs. This application has one directory which has a HUGE benefit to an MFS for tmp files. Though the reboot happens long before the mfs is created. scsibus1 at ahci0: 32 targets -sd0 at scsibus1 targ 2 lun 0:SCSI3 0/direct fixed naa.50025388400562d4 +sd0 at scsibus1 targ 0 lun 0: SCSI3 0/direct fixed naa.50025388400563fe sd0: 976762MB, 512 bytes/sector, 2000409264 sectors, thin -sd1 at scsibus1 targ 3 lun 0: SCSI3 0/direct fixed naa.5002538c70007b02 -sd1: 1953514MB, 512 bytes/sector, 4000797360 sectors, thin +cd0 at scsibus1 targ 1 lun 0: ATAPI 5/cdrom removable ichiic0 at pci0 dev 31 function 3 "Intel 6 Series SMBus" rev 0x04: apic 0 int 19 iic0 at ichiic0 My suspicion goes to SSDs. one of them have somehow become bad. Nick.
Re: Is there an option switch to lower minimum DH strength in SSH client?
On 03.11.17 14:37, Janne Johansson wrote: 2017-11-03 5:06 GMT+01:00 Jacob Leifman: I was finally able to bring our OpenBSD based Network Management System up to the current OS release (it was a couple of years out of date) but this process broke access to a large number of older HP switches on our network. But this breaks the use of SSH client leaving little recourse other than perhaps telnet with NO encryption instead of somewhat weak encryption, as the "server" is outside of our control. (I already checked that we have the latest firmware, less than one year old.) Is this an oversight or is there a particular logic to intentionally breaking compatibility with a not-insignificant base of installed equipment? If your vendor, even with a <1y firmware still only can handle old and deprecated keysizes, you should not ask for everyone elses sshs to become worse, but rather push the vendor to get up to speed, and since that will not work, you will have to resort to building older ssh and use that instead of the safer one that comes with the modern OS you upgraded to. Same goes for browsers and https, the bad parts of SSL/TLS gets weeded out in browsers so that the majority of users are safe, not kept to cater to the lowest common denominator of the laziest vendor still alive. You should be asking HP how come they can't keep the free sshd code updated, if security is your prime concern, not ask openbsd to lower everyone elses security. I think for most vendors, it is a rather administrative, than technical question. Yes, their technical people can update code, yes they can do it quick, but their management is slow...
Re: Fail2ban alternative for OpenBSD
On 02.11.17 20:19, Stuart Henderson wrote: On 2017-10-30, Gregory Edigarov <ediga...@qarea.com> wrote: On 29.10.17 03:20, x9p wrote: Coming from the Linux world, I wonder if there is a better alternative to fail2ban, already being used in OpenBSD servers by the majority. I suggest you NEVER use such "solutions". It's security by obscurity model, and therefore a bad very very bad thing. You'd be much safer completely turning off password authentication, using keys instead. If someone is pushing a lot of auth attempts, they can be consuming meaningful amounts of cpu. (They're usually too quick to show up in top). So restricting it can be useful from that point of view. Myself, I normally restrict ssh to connecting from a predefined list of IPs though ... And it is a right behavior when you can define such a list. myself, I just turn off password auth, and have my keys on a pen drive.
Re: Fail2ban alternative for OpenBSD
On 29.10.17 03:20, x9p wrote: Coming from the Linux world, I wonder if there is a better alternative to fail2ban, already being used in OpenBSD servers by the majority. I suggest you NEVER use such "solutions". It's security by obscurity model, and therefore a bad very very bad thing. You'd be much safer completely turning off password authentication, using keys instead.
Re: Flask app as UWSGI returning 500 when accessed through OpenBSD HTTPD
On 18.10.17 10:36, Ajitabh Pandey wrote: $ uwsgi --http : --wsgi-file myproject.py --master --callable app $ curl http://127.0.0.1:/ returns the contents, but when I access the page as http://192.168.1.111/hello/ I get 500. Any pointers will be helpful. hi, what's in your error.log?
Re: migrate .htaccess conent to httpd.conf
On 03.10.17 15:10, rosjat wrote: Hi there, I was wondering if there is some guidence out there for this sort of thing? I know it's possible to simply block directories or put basic auth in front of it but what's about some more fine grained stuff for a file in a directory? Like this order deny,allow deny from all Require all denied Is there a way to rewrite this for the httpd.conf ? try this: location template.* { block; } untested, but should work. And 2nd question would be how to give the user a way to implement something like it on there own? I was thinking of a simply standard include in the server definition but this might mess things up there is no such thing as .htaccess in httpd. regards
Re: Need help securing SMTP (thunderbird says it's not encrypted)
On 27.07.17 15:56, Paul Covello wrote: I have an OpenBSD 6.1 box set up with OpenSMTPD and Dovecot on Vultr (a VPS provider). This machine is intended for use as my primary mail server. I have a Let’s Encrypt certificate installed and declared in the smtpd.conf file like so: I can send and receive mail ok using Apple Mail on my mac. Thunderbird is another story… I am warned when I set up the account that SMTP is NOT encrypted. This has driven me batty all week. My Google-Foo fails me and reading through my Dovecot book and smtpd man pages have not enlightened me as to why this is not using TLS. When I telnet to the machine on port 587 and issue the EHLO command, STARTTLS does appear in the response. Also, OpenSMTPD shows when I type the help command. issuing a Mail command comes back with the response that STARTTLS must be done first. Can someone clue me in on what I might be missing? in thunderbird set Connection security to STARTTLS Thanks in advance for your help! — Paul.
Re: Skylake experience with -current
Well, I notice some artifacts on my system. Using spectrwm and spacemacs, the status bar in spacemacs shows artifacts often. it looks like something screws that and only that video page area while I am being switched away from emacs. Found this line on my dmesg: error: [drm:pid25275:intel_pipe_update_start] *ERROR* Potential atomic update failure on pipe A could be related. switch back and forward usually help. my kernel is basically the GENERIC.MP with pcppi and spkr disabled, that hang my system at boot $ cat /usr/src/sys/arch/amd64/conf/MY include "arch/amd64/conf/GENERIC" option MULTIPROCESSOR #option MP_LOCKDEBUG cpu*at mainbus? pcppi0 at isa? disable spkr0 at pcppi? disable dmesg: OpenBSD 6.1-current (MY) #3: Sat Jul 8 14:09:57 EEST 2017 g...@lbld12.duckdns.org:/usr/obj/sys/arch/amd64/compile/MY real mem = 15332810752 (14622MB) avail mem = 14862327808 (14173MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x971d6000 (91 entries) bios0: vendor American Megatrends Inc. version "2003" date 09/21/2016 bios0: ASUSTeK COMPUTER INC. Q170M-C acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT FIDT MCFG HPET SSDT LPIT SSDT SSDT SSDT SSDT DBGP DBG2 SSDT SSDT UEFI SSDT ASF! acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) PEG2(S4) UAR1(S4) UAR2(S4) PS2K(S3) PS2M(S3) PXSX(S4) RP09(S4) PXSX(S4) RP10(S4) PXSX(S4) RP11(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2712.00 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: TSC frequency 271200 Hz cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 23MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2712.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2712.00 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Core(TM) i5-6400 CPU @ 2.70GHz, 2712.00 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 0, core 3, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpihpet0 at acpi0: 2399 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG0) acpiprt2 at acpi0: bus -1 (PEG1) acpiprt3 at acpi0: bus -1 (PEG2) acpiprt4 at acpi0: bus 4 (RP09) acpiprt5 at acpi0: bus -1 (RP10) acpiprt6 at acpi0: bus 5 (RP11) acpiprt7 at acpi0: bus -1 (RP12) acpiprt8 at acpi0: bus -1 (RP13) acpiprt9 at acpi0: bus 2 (RP01) acpiprt10 at acpi0: bus -1 (RP02) acpiprt11 at acpi0: bus -1 (RP03) acpiprt12 at acpi0: bus -1 (RP04) acpiprt13 at acpi0: bus 3 (RP05) acpiprt14 at acpi0: bus -1 (RP06) acpiprt15 at acpi0: bus -1 (RP07) acpiprt16 at acpi0: bus -1 (RP08) acpiprt17 at acpi0: bus 1 (RP17) acpiprt18 at acpi0: bus -1 (RP18) acpiprt19 at acpi0: bus -1 (RP19) acpiprt20 at acpi0: bus -1 (RP20) acpiprt21 at
Re: shouldn't ping -I bypass all normal routing?
On 21.05.17 17:16, Stuart Henderson wrote: On 2017-05-19, Gregory Edigarov <ediga...@qarea.com> wrote: Hi, everybody I've run into a strange problem while trying to implement cisco's 'ip sla' replacement for a customer. at an openbsd router i have em0: 192.168.0.1/24 - local network em1: 111.111.111.2/30 - uplink 1 em2: 222.222.222.2/30 - uplink 2 ip forwarding is on, routes received via bgp, everything work as expected. the only problem is when something happens deep inside uplink's network: sessions stay up, routes still present, but no traffic can pass though uplink. BFD would help, may be, but I stick to what i have right now. I am trying to ping -I 111.111.111.2 8.8.8.8 but get no answer, because route to 8.8.8.8 set through uplink2, furthermore i see my pings on em2 with tcpdump which seems rather strange to me, as I am enforcing the interface. if i ping 8.8.8.8 the normal way "it works" (tm). pinging with -I 222.222.222.2 works too. so ? perhaps I am overlooking something very-very basic, so help me to get off the brake. ping -I doesn't enforce the interface, all it does is set the source address. You could enforce with a PF route-to rule if you like. well, it's ok, but then I will need to switch rules every time like: ping uplink1, switch pf rule, ping, switch. which is not good. but may be i will be able to implement something with multiple routing tables anyway thanks, Stuart.
Re: shouldn't ping -I bypass all normal routing?
On 19.05.17 18:47, Gregory Edigarov wrote: Hi, everybody I've run into a strange problem while trying to implement cisco's 'ip sla' replacement for a customer. at an openbsd router i have em0: 192.168.0.1/24 - local network em1: 111.111.111.2/30 - uplink 1 em2: 222.222.222.2/30 - uplink 2 ip forwarding is on, routes received via bgp, everything work as expected. the only problem is when something happens deep inside uplink's network: sessions stay up, routes still present, but no traffic can pass though uplink. BFD would help, may be, but I stick to what i have right now. I am trying to ping -I 111.111.111.2 8.8.8.8 but get no answer, because route to 8.8.8.8 set through uplink2, furthermore i see my pings on em2 with tcpdump which seems rather strange to me, as I am enforcing the interface. if i ping 8.8.8.8 the normal way "it works" (tm). pinging with -I 222.222.222.2 works too. so ? perhaps I am overlooking something very-very basic, so help me to get off the brake. and yes, it is the 6.1 amd64 -- With best regards, Gregory Edigarov
shouldn't ping -I bypass all normal routing?
Hi, everybody I've run into a strange problem while trying to implement cisco's 'ip sla' replacement for a customer. at an openbsd router i have em0: 192.168.0.1/24 - local network em1: 111.111.111.2/30 - uplink 1 em2: 222.222.222.2/30 - uplink 2 ip forwarding is on, routes received via bgp, everything work as expected. the only problem is when something happens deep inside uplink's network: sessions stay up, routes still present, but no traffic can pass though uplink. BFD would help, may be, but I stick to what i have right now. I am trying to ping -I 111.111.111.2 8.8.8.8 but get no answer, because route to 8.8.8.8 set through uplink2, furthermore i see my pings on em2 with tcpdump which seems rather strange to me, as I am enforcing the interface. if i ping 8.8.8.8 the normal way "it works" (tm). pinging with -I 222.222.222.2 works too. so ? perhaps I am overlooking something very-very basic, so help me to get off the brake. -- With best regards, Gregory Edigarov
Re: why does unbound listen as root
s don't tell that to my unbound ) ➜ ~ ps aux |grep unb _unbound 65312 0.0 0.2 30960 26056 ?? IsThu06AM0:00.41 unbound -c /var/unbound/etc/unbound.conf On 12.05.17 11:12, Luke Small wrote: pf rule execution says it listens as root, but it connects as the _unbound user, when configured to run as _unbound. Why doesn't it listen, bind, etc. as root, drop privileges and pledge away privilege escalation? Is it to avoid more #ifdef hell? Or can you not listen to a privileged port if you drop privileges?
Re: With Multiple PPPoE interfaces on one will work
Hi, before anything it is necessary to provide a defintion of "not working" and some evidence, like ifconfig, netstat -rn, ping, etc. then somebody will be able to help you. the more information you will provide, the quicker response with a solution you will get. On 10.05.17 07:53, Steve wrote: Hello, In 5.7 it was possible to have multiple pppoe interfaces active and working.This used to work fine with ifstated monitoring for outage and changing routing appropriatelyIn either 5.8 or 5.9 this seems to have stopped working.With both interfaces configured only one interface will ever become active. I am unable to test with 6.0 or 6.1 at the moment. Is anyone familiar with this issue ? Can anyone confirm if this is resolved in 6.0 or 6.1. Thank you.
Re: Using "Pretty" permalinks with httpd in wordpress
On 06.01.17 15:42, Atanas Vladimirov wrote: On 06.01.2017 13:35, Jiri B wrote: On Fri, Jan 06, 2017 at 01:32:10PM +0200, Atanas Vladimirov wrote: Hi, I can't figure it out. Is it possible to use Wordpress with OpenBSD httpd and configure both for "Pretty" permalinks. Does anyone have a working setup? Thanks for your time, Atanas Help testing this diff http://marc.info/?l=openbsd-tech=148370177214134=2 j. I know about the diff and I'm testing it right now. The problem is that I really don't know what to put in httpd.conf. I try to "translate" Wordpress .htaccess with no luck: # BEGIN WordPress RewriteEngine On RewriteBase / RewriteRule ^index\.php$ - [L] ^^^ this rule doesn't rewrite index.php RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule . /index.php [L] ^^^ this rule rewrites any single character to /index.php if %{REQUEST_FILENAME} is not a real file or directory # END WordPress Do I read/understand the .htaccess file correctly? In my httpd.conf: . # art-katerina.com server "art-katerina.com" { listen on * tls port 443 alias www.art-katerina.com directory index index.php root "/domains/art-katerina.com/" hsts log { access "art-katerina-access.log", error "art-katerina-error.log", style combined } location "/.well-known/acme-challenge/*" { root "/acme" root strip 2 } tls { certificate "/etc/ssl/acme/art-katerina.com/fullchain.pem" key "/etc/ssl/acme/private/art-katerina.com/privkey.pem" } location "*.php" { fastcgi socket "/run/php-fpm.sock" } location match "(.)" { pass rewrite "/index.php" fastcgi socket "/run/php-fpm.sock" } you seem to be wrong here. location match "(.)" mean exactly _ONE_ single character. may be you mean location match "(.+)" .
Re: rsyslog does not produce log on OpenBSD 6.0
On 20.12.16 13:47, Stuart Henderson wrote: On 2016-12-17, Remi Lochererwrote: On December 17, 2016 12:07:18 PM GMT+01:00, Federico Donati wrote: Hi all, I've a problem with an OpenBSD 6.0 box with rsyslog. I need to send every local logs to a remote server and I can't use syslogd, because it does not send the hostname of the server (the one indicated in /etc/myname), but on the remote server messages come with the PTR record of my public ip. have you tried -h for syslogd from base? Yep this is the easy way. I've installed rsyslogd, but it doesn't send anything to the remote server. And more than that, it doesn't write anything local. Since 5.6, OpenBSD uses a special sendsyslog(2) system call for logging. This avoids the need for a device node and available file descriptor, which helps with chrooted programs, or if someone is able to cause too many FDs to be opened in an attempt to prevent logging from working. It needs a syslogd that is able to receive these messages. It's a fairly simple change (see src/usr.sbin/syslogd/syslogd.c r1.111) but afaik none of the third-party log daemons support it yet. It's quite likely that diffs to add support for this to other daemons would be accepted for ports, maybe upstreams would accept them too. Workaround for this without modifying the syslog daemon: - run normal OpenBSD syslogd in addition to the other daemon - have the other syslog daemon bind to a specific IP address - have OpenBSD syslogd feed the other daemon using a network socket Or, do not run anything else then syslogd. Seriously, I can't thought off any case where that wouldn't be enough.
Re: Browser is getting slower?
On 21.11.16 15:56, George Pediaditis wrote: Ok you are right im sorry. Im definitively sure that iridium(its like chromium) is getting slower after a couple of weeks. Its so slow that im waiting 7+ sec to start. Also cpu is high and everything on the browser is really slow. The problem is solved when i clean my history etc. Now it takes about 1-2 sec to start it. I have tried Firefox before but its even worse.It crashes is slow and cpu is high. which extensions are installed in iridium? is iridium always running, or you load it every time? This is my dmesg. OpenBSD 6.0-stable (GENERIC.MP) #0: Tue Nov 8 19:51:42 EET 2016 g...@openbox.my.domain:/usr/src/sys/arch/amd64/compile/GENERIC.MP RTC BIOS diagnostic error 80 real mem = 8474267648 (8081MB) avail mem = 8212963328 (7832MB) mpath0 at root scsibus0 at mpath0: 256 targets OpenBSD 6.0-stable (GENERIC.MP) #0: Tue Nov 8 19:51:42 EET 2016 g...@openbox.my.domain:/usr/src/sys/arch/amd64/compile/GENERIC.MP RTC BIOS diagnostic error 80 real mem = 8474267648 (8081MB) avail mem = 8212963328 (7832MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xe6dc0 (71 entries) bios0: vendor LENOVO version "0XCN23WW" date 03/21/2016 bios0: LENOVO 80SR acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP TCPA UEFI UEFI SSDT SSDT TPM2 MSDM SSDT DBGP DBG2 ASF! ASPT BOOT DBGP HPET LPIT APIC MCFG SSDT SSDT SSDT SSDT DMAR FPDT acpi0: wakeup devices GLAN(S3) XHC_(S3) XDCI(S4) HDAS(S3) PXSX(S3) RP01(S3) PXSX(S3) RP02(S3) PXSX(S3) RP03(S3) PXSX(S3) RP04(S3) PXSX(S3) RP05(S3) PXSX(S3) RP06(S3) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 2399 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2395.19 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT ,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 23MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2394.41 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT ,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 1 (application processor) cpu2: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2394.41 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT ,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 1, core 0, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i7-6500U CPU @ 2.50GHz, 2394.41 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX ,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS GSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT ,SENSOR,ARAT cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (RP01) acpiprt2 at acpi0: bus -1 (RP02) acpiprt3 at acpi0: bus -1 (RP03) acpiprt4 at acpi0: bus -1 (RP04) acpiprt5 at acpi0: bus 1 (RP05) acpiprt6 at acpi0: bus 2 (RP06) acpiprt7 at acpi0: bus -1 (RP07) acpiprt8 at acpi0: bus -1 (RP08) acpiprt9 at acpi0: bus -1 (RP09) acpiprt10 at acpi0: bus -1 (RP10) acpiprt11 at acpi0: bus -1 (RP11) acpiprt12 at acpi0: bus -1 (RP12) acpiprt13 at acpi0: bus -1 (RP13) acpiprt14 at acpi0: bus -1 (RP14) acpiprt15 at acpi0: bus -1 (RP15) acpiprt16 at acpi0: bus -1 (RP16) acpiprt17 at acpi0: bus -1 (RP17) acpiprt18 at acpi0: bus -1 (RP18)
Re: What are the security features in OpenBSD 6.0 that are by default disabled?
On 14.10.16 22:48, Raul Miller wrote: On Fri, Oct 14, 2016 at 2:50 PM, thrph.i...@gmail.comwrote: " The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts." Powered off works surprisingly well for some other operating systems. well, not any more, in the presence of Intel AMT...
Re: unbound and truly multihomed setup
after all, it revealed to be just fiber connection fucked up, and causing the enormous packet drops. sorry for the noise On 29.09.16 10:48, Gregory Edigarov wrote: Hi, Need an advice. I have a bgp router with 3 interfaces: em0 (xxx.yyy,zzz.1/24), em1, em2 - looking at uplinks bgp is up and running, packets are forwarded just fine. also there is nsd, listening on both em1,em2 serving my reverse zone. so far everything works. now I want this host also be a resolver for lan, that sits on xxx.yyy,zzz.1 here is what I have in unbound.conf server: verbosity: 1 outgoing-interface: 0.0.0.0 interface: 127.0.0.1 interface: access-control: 127.0.0.0/8 allow access-control: xxx.yyy.zzz.0/24 allow access-control: ::1 allow access-control: :::127.0.0.1 allow root-hints: /etc/unbound/root.hints some hosts are resolving correctly, for example google.com, but many have SERVFAIL. if I have outgoing-interface: xxx.yyy.zzz.1 nothing works. so the question is: how to make unbound work in such setup? thank you. -- With best regards, Gregory Edigarov
Re: unbound and truly multihomed setup
Hi Craig, On 29.09.16 13:28, Craig Skinner wrote: Hi Gregory, On Thu, 29 Sep 2016 10:48:37 +0300 Gregory Edigarov wrote: em0 (xxx.yyy,zzz.1/24), em1, em2 - looking at uplinks ... outgoing-interface: 0.0.0.0 Removing the outgoing-interface line would probably resolve it. Adding this private-addres line might help too: private-address: xxx.yyy.zzz.0/24 Multiple outgoing-interface lines can be put in, for each of your em1 & em2 interfaces, I cannot use interfaces em1 and em2, it's where nsd is listening. I removed the outgoing interface line. still no effect. the description of private-address: directive has nothing relevant to my situation, but I've tried it, and still got nothing. and separate lines for IPv4 & IPv6 too, for each interface. The default is 'all', so its a bit pointless to manually list all your external interfaces. See /usr/src/usr.sbin/unbound/doc/example.conf.in http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin/unbound/doc/example.conf.in Cheers,
Re: unbound and truly multihomed setup
corrected unbound.conf snippet, just to be sure I am properly understood On 29.09.16 10:48, Gregory Edigarov wrote: Hi, Need an advice. I have a bgp router with 3 interfaces: em0 (xxx.yyy,zzz.1/24), em1, em2 - looking at uplinks bgp is up and running, packets are forwarded just fine. also there is nsd, listening on both em1,em2 serving my reverse zone. so far everything works. now I want this host also be a resolver for lan, that sits on xxx.yyy,zzz.1 here is what I have in unbound.conf server: verbosity: 1 outgoing-interface: 0.0.0.0 interface: 127.0.0.1 interface: xxx.yyy.zzz.1 access-control: 127.0.0.0/8 allow access-control: xxx.yyy.zzz.0/24 allow access-control: ::1 allow access-control: :::127.0.0.1 allow root-hints: /etc/unbound/root.hints some hosts are resolving correctly, for example google.com, but many have SERVFAIL. if I have outgoing-interface: xxx.yyy.zzz.1 nothing works. so the question is: how to make unbound work in such setup? thank you. -- With best regards, Gregory Edigarov
unbound and truly multihomed setup
Hi, Need an advice. I have a bgp router with 3 interfaces: em0 (xxx.yyy,zzz.1/24), em1, em2 - looking at uplinks bgp is up and running, packets are forwarded just fine. also there is nsd, listening on both em1,em2 serving my reverse zone. so far everything works. now I want this host also be a resolver for lan, that sits on xxx.yyy,zzz.1 here is what I have in unbound.conf server: verbosity: 1 outgoing-interface: 0.0.0.0 interface: 127.0.0.1 interface: access-control: 127.0.0.0/8 allow access-control: xxx.yyy.zzz.0/24 allow access-control: ::1 allow access-control: :::127.0.0.1 allow root-hints: /etc/unbound/root.hints some hosts are resolving correctly, for example google.com, but many have SERVFAIL. if I have outgoing-interface: xxx.yyy.zzz.1 nothing works. so the question is: how to make unbound work in such setup? thank you. -- With best regards, Gregory Edigarov