support new
0 C United States P New York T Lansing Z 14882 O Ready-to-Run Software, Inc. I Jeff Moskow A 212 Cedar Cove M open...@rtr.com U http://www.rtr.com/Ready-to-Run_Software/OpenBSD/ B 607-533-8649 X 607-533-UNIX N We have been installing, supporting and managing OpenBSD systems for over 20 years. Deploying them for firewalls, mail servers, DNS servers, monitoring (Nagios w/custom plugins), relay/proxy servers, web servers, bastion hosts, VPN and more.
Re: Intermittent certificate error on web clients using Chrome
On 4/17/23 4:37 PM, Jeff Ross wrote: On 4/17/23 4:10 PM, Theo Buehler wrote: On Mon, Apr 17, 2023 at 12:29:31PM -0600, Jeff Ross wrote: This is only tangentially related to OpenBSD... It is related because it is a combination of how LibreSSL handles TLS extension calbacks with how apache2 chose to redirect requests to virtual hosts based on the server name indication. This now manifestes itself because chrome started rolling out an anti-fingerprinting and bug-finding feature that involves randomizing the order of TLS extensions. They started rolling out this feature on Windows and add it to more platforms over time, which likely explains why that issue now shows up on some android phones as well. One part of the problem is that LibreSSL calls callbacks directly on reading an extension so that the (undocumented) order in which callbacks are called depends on the order in which TLS extensions are sent. The other part is that apache2 depends on having information from the SNI available when the ALPN callback is called. So if the ALPN extension precedes the SNI, the request will fail, otherwise it works as expected. To my knowledge this manifests itself only with virtual hosts in apache2. jsing and I know where the problem is and we know of several approaches how to avoid it. As always, the issue is that someone needs to sit down do it. Since this only affects one specific web server software it's not especially high on the list of priorities. More details and a link is in this mail and mor can be found in the thread: https://marc.info/?l=openbsd-ports=167577915605727=2 My web server is running OpenBSD 6.8 (yes, I know) using apache2 and letsencrypt certificates. The fix will not be extremely complicated and if we land it soon, it will be easy to backport to 7.3. It will definitely not be easy to backport it to 6.8... If anyone else out there is getting this error or has gotten this error and figured out a workaround I'd love to hear from you, either on or off list. Unless you are able to switch to a config not involving virtual hosts (in which case I believe the problem should not manifest but I'm not 100% certain about this) I am not aware of a workaround that only involves some config knobs. Thank you Theo for the comprehensive explanation. I might actually be able to split that specific domain off to its own IP--my server has 2 em ports and I'm only using 1 of them. If this is apache2 only it might be time for me to explore moving to nginx or OpenBSD's stock httpd. I have a few sites using drupal/backdrop and the lack of a redirect has been the stopper there to prevent an easy transition. I'm also going to bite the bullet and get that server updated. Thanks again! Jeff For the archives, switching to nginx has completely eliminated this cert issue. Free bonus is that nginx really is a *lot* faster than apache2. Jeff
Re: Intermittent certificate error on web clients using Chrome
On 4/17/23 4:10 PM, Theo Buehler wrote: On Mon, Apr 17, 2023 at 12:29:31PM -0600, Jeff Ross wrote: This is only tangentially related to OpenBSD... It is related because it is a combination of how LibreSSL handles TLS extension calbacks with how apache2 chose to redirect requests to virtual hosts based on the server name indication. This now manifestes itself because chrome started rolling out an anti-fingerprinting and bug-finding feature that involves randomizing the order of TLS extensions. They started rolling out this feature on Windows and add it to more platforms over time, which likely explains why that issue now shows up on some android phones as well. One part of the problem is that LibreSSL calls callbacks directly on reading an extension so that the (undocumented) order in which callbacks are called depends on the order in which TLS extensions are sent. The other part is that apache2 depends on having information from the SNI available when the ALPN callback is called. So if the ALPN extension precedes the SNI, the request will fail, otherwise it works as expected. To my knowledge this manifests itself only with virtual hosts in apache2. jsing and I know where the problem is and we know of several approaches how to avoid it. As always, the issue is that someone needs to sit down do it. Since this only affects one specific web server software it's not especially high on the list of priorities. More details and a link is in this mail and mor can be found in the thread: https://marc.info/?l=openbsd-ports=167577915605727=2 My web server is running OpenBSD 6.8 (yes, I know) using apache2 and letsencrypt certificates. The fix will not be extremely complicated and if we land it soon, it will be easy to backport to 7.3. It will definitely not be easy to backport it to 6.8... If anyone else out there is getting this error or has gotten this error and figured out a workaround I'd love to hear from you, either on or off list. Unless you are able to switch to a config not involving virtual hosts (in which case I believe the problem should not manifest but I'm not 100% certain about this) I am not aware of a workaround that only involves some config knobs. Thank you Theo for the comprehensive explanation. I might actually be able to split that specific domain off to its own IP--my server has 2 em ports and I'm only using 1 of them. If this is apache2 only it might be time for me to explore moving to nginx or OpenBSD's stock httpd. I have a few sites using drupal/backdrop and the lack of a redirect has been the stopper there to prevent an easy transition. I'm also going to bite the bullet and get that server updated. Thanks again! Jeff
Intermittent certificate error on web clients using Chrome
Hi All, This is only tangentially related to OpenBSD... My web server is running OpenBSD 6.8 (yes, I know) using apache2 and letsencrypt certificates. I'm getting reports from one of my domain hosting clients (mt43news.com) of customers reporting intermittent SSL domain name mismatch errors on the initial page load. So far I've only heard that this happens with Windows using the Chrome web browser and now we have a report of the same error from someone using an Android phone also using the Chrome browser. I have not been able to duplicate this here using MacOS, Ubuntu, ChromeOS or OpenBSD and using either Firefox or Chrome. I have seen a screenshot that clearly shows that Windows/Chrome is trying to match the cert for another domain that I host. If the client refreshes the web page with the domain mismatch error displayed the error goes away and the home page for the paper is displayed as expected. Clicking the padlock on any browser shows that my letsencrypt certificates are indeed valid. apache error logs do include quite a few of errors like this: [Sun Apr 16 09:49:04.907839 2023] [ssl:error] [pid 38218] [client 167.94.138.50:48002] AH02032: Hostname mt43news.com provided via SNI and hostname 207.158.15.156 provided via HTTP have no compatible SSL setup This log line is from broadwatercountymuseum.com_ssl_error_log and broadwatercountymuseum.com is the domain that's most often tried instead of mt43news.com's. In fact, broadwatercountymuseum.com is the top name alphabetically in the directory where the config files for ssl vhosts are stored. I've seen this sort of mis-match using openssl s-client: jross@luna:/var/log/apache2 $ openssl s_client -connect mt43news.com:443 CONNECTED(0003) depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority verify return:1 depth=3 C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services verify return:1 depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority verify return:1 depth=1 C = AT, O = ZeroSSL, CN = ZeroSSL RSA Domain Secure Site CA verify return:1 depth=0 CN = broadwatercountymuseum.com verify return:1 depth=0 CN = broadwatercountymuseum.com However, if I add -servername to allow for SNI it works correctly: jross@luna:/var/log/apache2 $ openssl s_client -servername mt43news.com -connect mt43news.com:443 CONNECTED(0003) depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority verify return:1 depth=3 C = GB, ST = Greater Manchester, L = Salford, O = Comodo CA Limited, CN = AAA Certificate Services verify return:1 depth=2 C = US, ST = New Jersey, L = Jersey City, O = The USERTRUST Network, CN = USERTrust RSA Certification Authority verify return:1 depth=1 C = AT, O = ZeroSSL, CN = ZeroSSL RSA Domain Secure Site CA verify return:1 depth=0 CN = mt43news.com verify return:1 depth=0 CN = mt43news.com I want to pin all this on Chrome since the client is tasked with sending the servername at the beginning of the handshake. I wonder if Chrome is starting this handshake without specifying a servername? If that was the case though I'd expect the problem to appear way more often that it does. https://stackoverflow.com/questions/27772133/apache2-error-hostname-provided-via-sni-and-http-do-not-match This is going to be a real problem for the paper in a couple of months when subscribers start trying to log into the web site to renew their subscriptions so it's something I really need to fix (if I can). If anyone else out there is getting this error or has gotten this error and figured out a workaround I'd love to hear from you, either on or off list. If you made it this far thanks for reading! Jeff Ross
Re: After sysupgrade, computer hangs after efi0
On 4/14/23 3:08 AM, Stuart Henderson wrote: On 2023-04-13, Jeff Ross wrote: On 4/12/23 12:22 PM, Jeff Ross wrote: OpenBSD 7.3 (GENERIC.MP) #1125 Sat Mar 25 10:36:29 MDT 2023 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8469549056 (8077MB) avail mem = 8193462272 (7813MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe8ad9 (27 entries) bios0: vendor Hewlett-Packard version "L04 v02.16" date 03/24/2015 bios0: Hewlett-Packard HP EliteDesk 800 G1 DM efi0 at bios0: UEFI 2.3.1 efi0: American Megatrends rev 0x4028e I was able to "Upgrade" back to 7.2. Below is the dmesg from the installed 7.2. How can I force 7.3 to use acpi0 instead of efi0? Note that in this state you will have newer libraries on the system; this is likely to give some issues if you compile anything from source Good point. I don't have to very often but don't want to be locked out of the possibility. [..] I suggest generating a sendbug template from 7.2, run as root to include all the information, and send it to bugs@ sendbug will be on its way shortly. Thanks! Jeff
Re: After sysupgrade, computer hangs after efi0
On 4/14/23 9:14 AM, Rod Person wrote: On Wed, 12 Apr 2023 12:22:14 -0600 Jeff Ross wrote: Hi all, I did a sysupgrade from 7.2 to 7.3 on an HP EliteDesk (amd64). The upgrade went great but now the computer will not boot. I also have the same issue and I also have an HP Elite (8300)... I was able to get around this by doing: boot> boot -c UKC> disable efi Thanks! I'll give this a try. Jeff
Re: After sysupgrade, computer hangs after efi0
On 4/12/23 12:22 PM, Jeff Ross wrote: Hi all, I did a sysupgrade from 7.2 to 7.3 on an HP EliteDesk (amd64). The upgrade went great but now the computer will not boot. Here's what I get at boot: (typed from photo--disregard any typos) [ using 3644008 bytes of bsf ELF symbol table ] Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2023 OpenBSD. All rights reserved. https://www.OpenBSD.org OpenBSD 7.3 (GENERIC.MP) #1125 Sat Mar 25 10:36:29 MDT 2023 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8469549056 (8077MB) avail mem = 8193462272 (7813MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe8ad9 (27 entries) bios0: vendor Hewlett-Packard version "L04 v02.16" date 03/24/2015 bios0: Hewlett-Packard HP EliteDesk 800 G1 DM efi0 at bios0: UEFI 2.3.1 efi0: American Megatrends rev 0x4028e Any ideas greatly appreciated. Maybe I could use the 7.2 installer to "upgrade" back to 7.2 since I never have been able to boot 7.3. Thanks, Jeff Ross dmesg from the 7.2 installer: OpenBSD 7.2 (RAMDISK_CD) #725: Tue Sep 27 12:02:48 MDT 2022 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD real mem = 8469549056 (8077MB) avail mem = 8208846848 (7828MB) random: good seed from bootblocks mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe8ad9 (27 entries) bios0: vendor Hewlett-Packard version "L04 v02.16" date 03/24/2015 bios0: Hewlett-Packard HP EliteDesk 800 G1 DM acpi0 at bios0: ACPI 5.0 acpi0: tables DSDT FACP APIC FPDT SSDT SSDT SSDT MCFG HPET SSDT SSDT SSDT SLIC ASF! TCPA acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz, 1995.80 MHz, 06-3c-03 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 8-way L2 cache, 6MB 64b/line 12-way L3 cache cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4, IBE cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG0) acpiprt2 at acpi0: bus -1 (PEG1) acpiprt3 at acpi0: bus -1 (PEG2) acpiec0 at acpi0: not present acpipci0 at acpi0 PCI0: 0x0010 0x0011 0x acpicmos0 at acpi0 "IFX0102" at acpi0 not configured "PNP0C0C" at acpi0 not configured "PNP0C14" at acpi0 not configured "PNP0C0B" at acpi0 not configured "PNP0C0B" at acpi0 not configured acpicpu at acpi0 not configured acpipwrres at acpi0 not configured acpipwrres at acpi0 not configured acpitz at acpi0 not configured acpitz at acpi0 not configured cpu0: using Broadwell MDS workaround pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel Core 4G Host" rev 0x06 "Intel HD Graphics 4600" rev 0x06 at pci0 dev 2 function 0 not configured "Intel Core 4G HD Audio" rev 0x06 at pci0 dev 3 function 0 not configured xhci0 at pci0 dev 20 function 0 "Intel 8 Series xHCI" rev 0x04: msi, xHCI 1.0 usb0 at xhci0: USB revision 3.0 uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev 3.00/1.00 addr 1 "Intel 8 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured "Intel 8 Series KT" rev 0x04 at pci0 dev 22 function 3 not configured em0 at pci0 dev 25 function 0 "Intel I217-LM" rev 0x04: msi, address ec:b1:d7:38:ab:95 ehci0 at pci0 dev 26 function 0 "Intel 8 Series USB" rev 0x04: apic 8 int 16 usb1 at ehci0: USB revision 2.0 uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 "Intel 8 Series HD Audio" rev 0x04 at pci0 dev 27 function 0 not configured ehci1 at pci0 dev 29 function 0 "Intel 8 Series USB" rev 0x04: apic 8 int 23 usb2 at ehci1: USB revision 2.0 uhub2 at usb2 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 "Intel Q87 LPC" rev 0x04 at pci0 dev 31 function 0 not configured ahci0 at pci0 dev 31 function 2 "Intel 8 Series AHCI" rev 0x04: msi, AHCI 1.3 ahci0: port 0: 6.0Gb/s scsibus0 at ahci0: 32 targets sd0 at scsibus0 targ 0 lun 0: t10.ATA_KingFast_0303B0512_ sd0: 244198MB, 512 bytes/sector, 500118192 sector
After sysupgrade, computer hangs after efi0
Hi all, I did a sysupgrade from 7.2 to 7.3 on an HP EliteDesk (amd64). The upgrade went great but now the computer will not boot. Here's what I get at boot: (typed from photo--disregard any typos) [ using 3644008 bytes of bsf ELF symbol table ] Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2023 OpenBSD. All rights reserved. https://www.OpenBSD.org OpenBSD 7.3 (GENERIC.MP) #1125 Sat Mar 25 10:36:29 MDT 2023 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8469549056 (8077MB) avail mem = 8193462272 (7813MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe8ad9 (27 entries) bios0: vendor Hewlett-Packard version "L04 v02.16" date 03/24/2015 bios0: Hewlett-Packard HP EliteDesk 800 G1 DM efi0 at bios0: UEFI 2.3.1 efi0: American Megatrends rev 0x4028e Any ideas greatly appreciated. Maybe I could use the 7.2 installer to "upgrade" back to 7.2 since I never have been able to boot 7.3. Thanks, Jeff Ross dmesg from the 7.2 installer: OpenBSD 7.2 (RAMDISK_CD) #725: Tue Sep 27 12:02:48 MDT 2022 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD real mem = 8469549056 (8077MB) avail mem = 8208846848 (7828MB) random: good seed from bootblocks mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe8ad9 (27 entries) bios0: vendor Hewlett-Packard version "L04 v02.16" date 03/24/2015 bios0: Hewlett-Packard HP EliteDesk 800 G1 DM acpi0 at bios0: ACPI 5.0 acpi0: tables DSDT FACP APIC FPDT SSDT SSDT SSDT MCFG HPET SSDT SSDT SSDT SLIC ASF! TCPA acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz, 1995.80 MHz, 06-3c-03 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 8-way L2 cache, 6MB 64b/line 12-way L3 cache cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4, IBE cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG0) acpiprt2 at acpi0: bus -1 (PEG1) acpiprt3 at acpi0: bus -1 (PEG2) acpiec0 at acpi0: not present acpipci0 at acpi0 PCI0: 0x0010 0x0011 0x acpicmos0 at acpi0 "IFX0102" at acpi0 not configured "PNP0C0C" at acpi0 not configured "PNP0C14" at acpi0 not configured "PNP0C0B" at acpi0 not configured "PNP0C0B" at acpi0 not configured acpicpu at acpi0 not configured acpipwrres at acpi0 not configured acpipwrres at acpi0 not configured acpitz at acpi0 not configured acpitz at acpi0 not configured cpu0: using Broadwell MDS workaround pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel Core 4G Host" rev 0x06 "Intel HD Graphics 4600" rev 0x06 at pci0 dev 2 function 0 not configured "Intel Core 4G HD Audio" rev 0x06 at pci0 dev 3 function 0 not configured xhci0 at pci0 dev 20 function 0 "Intel 8 Series xHCI" rev 0x04: msi, xHCI 1.0 usb0 at xhci0: USB revision 3.0 uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev 3.00/1.00 addr 1 "Intel 8 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured "Intel 8 Series KT" rev 0x04 at pci0 dev 22 function 3 not configured em0 at pci0 dev 25 function 0 "Intel I217-LM" rev 0x04: msi, address ec:b1:d7:38:ab:95 ehci0 at pci0 dev 26 function 0 "Intel 8 Series USB" rev 0x04: apic 8 int 16 usb1 at ehci0: USB revision 2.0 uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 "Intel 8 Series HD Audio" rev 0x04 at pci0 dev 27 function 0 not configured ehci1 at pci0 dev 29 function 0 "Intel 8 Series USB" rev 0x04: apic 8 int 23 usb2 at ehci1: USB revision 2.0 uhub2 at usb2 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 "Intel Q87 LPC" rev 0x04 at pci0 dev 31 function 0 not configured ahci0 at pci0 dev 31 function 2 "Intel 8 Series AHCI" rev 0x04: msi, AHCI 1.3 ahci0: port 0: 6.0Gb/s scsibus0 at ahci0: 32 targets sd0 at scsibus0 targ 0 lun 0: t10.ATA_KingFast_0303B0512_ sd0: 244198MB, 512 bytes/sector, 500118192 sectors, thin "Intel 8 Series SMBus" re
Panic in 7.2 and snapshots at boot due to acpi bios error
Hi! Really love OpenBSD and would like to get it working on my Samsung Galaxy Book Flex2 Alpha. NP730QDA-KA3US. Just offering this up because I can't send a dmesg. I get a kernel panic at boot with the following screen, https://photos.app.goo.gl/2NNHiTtG6LbTc5nx6 I believe it may be a bug in the acpi bios code for which there is no firmware update. It boots, linux, win 10/11, net and freebsds fine with acpi errors. I tried to disable acpi to see if I could get it installed and the installer ran but could not find the ethernet, wifi or ssd. Can anyone help with this? I'd be glad to provide more info if there is a way. Thanks, Jeff
Re: Installing OpenBSD on new Chromebook
On 10/29/22 8:50 AM, Nick Holland wrote: On 10/29/22 10:11, Jeff Ross wrote: On 10/29/22 1:29 AM, Stuart Henderson wrote: On 2022-10-28, Gabriel Busch de Brito wrote: All of places I'm finding with directions on how to do this are from circa 2015 and do not work now. Anybody have a pointer to a more updated set of directions I can try? I suggest that you follow the installation guide at the FAQ section of the website. Chromebooks aren't standard computers and usually come with a locked-down bootloader that will need disabling to install another OS. Also if it's arm rather than x86 there will be additional challenges beyond this. So there's not enough information in the original post to give any kind of pointer. Thanks Stuart. It's an HP Chromebook 14a-na1083d with an Intel Celeron N4500 with 4G ram and 128 eMMC drive. Booting up in developer mode it tells me that it is Model LANTIS-MEXL if that helps. Just install it, see what happens. If you want a guarantee, buy me one exactly like it, and I'll do what I'm suggesting you do. :) (and then you will discover why I call model numbers "market position statements", not "unique HW configuration identification systems") Or maybe better yet, see if it will boot from an OpenBSD install image on a USB drive, if it does, set up a full OpenBSD install on a USB drive and see what happens. I've had pretty good luck with HP PC-like systems that weren't sold with "standard" operating systems on them, but past experience is no indicator yada-yada-yada. Pain points if you get past booting are likely to be wireless and graphics. If you can get it to boot from a USB drive to test, you are probably good for an install. If you can't, probably not worth the effort. There MAY be tricks you can do, but you can put a lot of time and effort into forcing something to install OpenBSD and then find out X doesn't work. Or there's no functioning network. Or both. Nick. All good points, Nick. I have tried booting it from an install USB stick with no luck. Off list I was directed to https://mrchromebox.tech and that tells me that this is at least possible, and includes the crucial step I didn't know about to enable booting from an external disk and bypassing the check for an official ChromeOS disk. I'll be noodling around with this over the weekend--hopefully I'll be able to report success and, of course, include a dmesg. Jeff
Re: Installing OpenBSD on new Chromebook
On 10/29/22 1:29 AM, Stuart Henderson wrote: On 2022-10-28, Gabriel Busch de Brito wrote: All of places I'm finding with directions on how to do this are from circa 2015 and do not work now. Anybody have a pointer to a more updated set of directions I can try? I suggest that you follow the installation guide at the FAQ section of the website. Chromebooks aren't standard computers and usually come with a locked-down bootloader that will need disabling to install another OS. Also if it's arm rather than x86 there will be additional challenges beyond this. So there's not enough information in the original post to give any kind of pointer. Thanks Stuart. It's an HP Chromebook 14a-na1083d with an Intel Celeron N4500 with 4G ram and 128 eMMC drive. Booting up in developer mode it tells me that it is Model LANTIS-MEXL if that helps. I can get a linux dmesg from the linux VM if that helps at all. Not sure how much the VM would represent the actual hardware though. Jeff
Installing OpenBSD on new Chromebook
Hi all, I got a nice new laptop at Costco for under $200. I did the developer mode to get to a linux shell and installed a bunch of programs but I'd rather just wipe the whole disk and install OpenBSD. All of places I'm finding with directions on how to do this are from circa 2015 and do not work now. Anybody have a pointer to a more updated set of directions I can try? Thanks! Jeff Ross
Re: mg: how to indent using spaces instead of tabs
On 6/12/22 9:16 AM, Mihai Popescu wrote: ... mg will use a tab for indentation. Use something to replace every TAB occurrence in the source code with 8 spaces sequence. Well, not every TAB maybe? man 1 expand
GPS found but not "on"
Hi all, I have a USB GPS receiver that I'm trying to use on 7.0 amd64. It's recognized in dmesg: umodem0 at uhub1 port 4 configuration 1 interface 0 "u-blox AG - www.u-blox.com u-blox 7 - GPS/GNSS Receiver" rev 1.10/1.00 addr 4 umodem0: data interface 1, has CM over data, has no break umodem0: status change notification available ucom0 at umodem0 I added this line to /etc/ttys: cuaU0 "/sbin/ldattach nmea" unknown on softcar And after a reboot I see this in sysctl: jross@ip_cam:/home/jross $ sysctl -a | grep nmea hw.sensors.nmea0.indicator0=Off (Signal), UNKNOWN hw.sensors.nmea0.distance0=0.000 m (Altitude), WARNING Anyone have any ideas on how to get this thing turned "on"? Jeff Full dmesg: OpenBSD 7.0 (GENERIC.MP) #1: Fri Oct 29 12:04:07 MDT 2021 r...@syspatch-70-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8488550400 (8095MB) avail mem = 8215257088 (7834MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x7b896000 (51 entries) bios0: vendor American Megatrends Inc. version "5.11" date 07/09/2020 bios0: $(DEFAULT_STRING) $(DEFAULT_STRING) acpi0 at bios0: ACPI 5.0 acpi0: sleep states S0 S3 S5 acpi0: tables DSDT FACP APIC FPDT FIDT MCFG SSDT SSDT SSDT UEFI SSDT HPET SSDT SSDT SSDT LPIT BCFG PRAM CSRT WDAT acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Atom(TM) x5-Z8350 CPU @ 1.44GHz, 1440.32 MHz, 06-4c-04 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu0: 1MB 64b/line 16-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 79MHz cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3.3, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Atom(TM) x5-Z8350 CPU @ 1.44GHz, 1439.97 MHz, 06-4c-04 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu1: 1MB 64b/line 16-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Atom(TM) x5-Z8350 CPU @ 1.44GHz, 1439.99 MHz, 06-4c-04 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu2: 1MB 64b/line 16-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Atom(TM) x5-Z8350 CPU @ 1.44GHz, 1439.97 MHz, 06-4c-04 cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu3: 1MB 64b/line 16-way L2 cache cpu3: smt 0, core 3, package 0 ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 115 pins acpimcfg0 at acpi0 acpimcfg0: addr 0xe000, bus 0-255 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (RP01) acpiprt2 at acpi0: bus -1 (RP02) acpiprt3 at acpi0: bus -1 (RP03) acpiprt4 at acpi0: bus -1 (RP04) "INT33A4" at acpi0 not configured dwiic0 at acpi0 I2C7 addr 0x9142/0x1000 irq 38 iic0 at dwiic0 chvgpio0 at acpi0 GPO1 uid 2 addr 0xfed88000/0x8000 irq 48, 59 pins "INT33F4" at iic0 addr 0x34 not configured acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001 sdhc0 at acpi0 SDHA addr 0x9142c000/0x1000 irq 45 sdhc0: SDHC 3.0, 200 MHz base clock sdmmc0 at sdhc0: 8-bit, sd high-speed, mmc high-speed, ddr52, dma sdhc1 at acpi0 SDHB addr 0x9142a000/0x1000 irq 46 sdhc1: SDHC 3.0, 200 MHz base clock sdmmc1 at sdhc1: 4-bit, sd high-speed, mmc high-speed, ddr52, dma sdhc2 at acpi0 SHC1 addr 0x91428000/0x1000 irq 47 sdhc2: SDHC 3.0, 200 MHz base clock sdmmc2 at sdhc2: 4-bit, sd high-speed, mmc high-speed, ddr52, dma "INTL9C60" at acpi0 not configured "INTL9C60" at acpi0 not configured "8086228A" at acpi0 not configured "8086228A&qu
Re: Anyone successfully using encrypted mosquitto over websockets?
On 2/8/22 12:58 AM, Rémi Bougard wrote: Hi Jeff, On Mon, Feb 07, 2022 at 04:21:37PM -0700, Jeff Ross wrote I don't know the nuts and bolts of your configuration but I think a secure websocket connection must begin with "wss://", so maybe just change ws://ip_cam.openvistas.net:9001/mqtt into wss://ip_cam.openvistas.net:9001/mqtt and it will work ? I hope this helps. Rémi Good idea, Rémi but it doesn't make a change. I'm now looking into using a reverse proxy on my apache2 web server to redirect the mqtt traffic and take care of encryption. Thanks for replying! Jeff
Anyone successfully using encrypted mosquitto over websockets?
Hi all, I've been battling mosquitto and websockets for too long now. I have weewx weather software (https://weewx.com/) running on my firewall (running 386 current) capturing traffic from my weather station to upload to my https web server. mosquitto is supposed to be able to upload the weather changes in real time over websockets to my web server (still on 6.9) and it does so just fine over OpenVPN. mosquitto using the mqtt protocol on port 9001 with ssl disabled can capture and send data up to the webserver, but both Firefox and Chrome will not connect to the websockets port if the traffic is "insecure". Chrome at least has decent error messages: MQTT: Connecting to MQTT Websockets: ip_cam.openvistas.net 9001 (SSL Disabled) paho-mqtt.min.js:37 Mixed Content: The page at 'https://www.starhouse-observatory.org/weather/belchertown/' was loaded over HTTPS, but attempted to connect to the insecure WebSocket endpoint 'ws://ip_cam.openvistas.net:9001/mqtt'. This request has been blocked; this endpoint must be available over WSS. d._doConnect @ paho-mqtt.min.js:37 jquery.min.js:2 Uncaught DOMException: Failed to construct 'WebSocket': An insecure WebSocket connection may not be initiated from a page loaded over HTTPS. at d._doConnect (https://cdnjs.cloudflare.com/ajax/libs/paho-mqtt/1.1.0/paho-mqtt.min.js:37:251) at d.connect (https://cdnjs.cloudflare.com/ajax/libs/paho-mqtt/1.1.0/paho-mqtt.min.js:31:233) at Client.connect (https://cdnjs.cloudflare.com/ajax/libs/paho-mqtt/1.1.0/paho-mqtt.min.js:70:506) at connect (https://www.starhouse-observatory.org/weather/belchertown/js/belchertown.js?1644249956:1304:12) at HTMLDocument. (https://www.starhouse-observatory.org/weather/belchertown/:148:13) at l (https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js:2:29375) at c (https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js:2:29677) So far, *any* attempt to put this over ssl has failed with a myriad different errors. mosquitto itself has pathetic logging, ktracing the process in an attempt to figure out why has proven fruitless. The real question for the moment is to find out if anyone has got mosquitto/websockets working to push updates out to a web server over an encrypted connection. I know--lots of details lacking here and please accept my apologies in advance--there have been too many iterations to track :-( Feel free to apply the clue-by-four here or in private e-mail. Jeff
Re: "run0: missing endpoint" on OpenBSD 7.0
On 12/17/21 4:03 PM, Stefan Sperling wrote: On Fri, Dec 17, 2021 at 02:14:31PM -0700, Jeff Ross wrote: Hi all, Trying to replace an rsu usb wifi adapter with one that is a little more resilient because the rsu locks up about 4 or 5 times a day and it takes a reboot to get it to come back. Full dmesg follows but on both this amd64 computer and a rpi 3B+ the result is the same: run0 at uhub0 port 4 configuration 1 interface 0 "Ralink Technology RT2870" rev 2.00/0.01 addr 6 run0: missing endpoint And the run0 will not go any farther. I hate to do this but with Ubuntu 20.04 on an OdroidN2 it works perfectly: Looks like the USB configuration of your particular device is not recognized by our driver yet. Please run pkg_add usbutils and send the output of lsusb -v. Great--here you go! Bonus would be if the on-board wireless would get enabled as well. Bus 000 Device 001: ID 8086: Intel Corp. Device Descriptor: bLength 18 bDescriptorType 1 bcdUSB 3.00 bDeviceClass 9 Hub bDeviceSubClass 0 Unused bDeviceProtocol 1 Single TT bMaxPacketSize0 9 idVendor 0x8086 Intel Corp. idProduct 0x bcdDevice 1.00 iManufacturer 1 Intel iProduct 2 xHCI root hub iSerial 0 bNumConfigurations 1 Configuration Descriptor: bLength 9 bDescriptorType 2 wTotalLength 25 bNumInterfaces 1 bConfigurationValue 1 iConfiguration 0 bmAttributes 0xc0 Self Powered MaxPower 0mA Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 0 bAlternateSetting 0 bNumEndpoints 1 bInterfaceClass 9 Hub bInterfaceSubClass 0 Unused bInterfaceProtocol 0 Full speed (or root) hub iInterface 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x81 EP 1 IN bmAttributes 3 Transfer Type Interrupt Synch Type None Usage Type Data wMaxPacketSize 0x0002 1x 2 bytes bInterval 255 Hub Descriptor: bLength 22 bDescriptorType 42 nNbrPorts 13 wHubCharacteristic 0x Ganged power switching Ganged overcurrent protection TT think time 8 FS bits bPwrOn2PwrGood 10 * 2 milli seconds bHubContrCurrent 0 milli Ampere DeviceRemovable 0x00 0x00 PortPwrCtrlMask 0x00 0x00 Hub Port Status: Port 1: .02a0 5Gbps power Rx.Detect Port 2: .0503 Unknown Speed Recovery enable connect Port 3: .0503 Unknown Speed Recovery enable connect Port 4: .0503 Unknown Speed Recovery enable connect Port 5: .02a0 5Gbps power Rx.Detect Port 6: .02a0 5Gbps power Rx.Detect Port 7: .02a0 5Gbps power Rx.Detect Port 8: .0203 5Gbps power U0 enable connect Port 9: .02a0 5Gbps power Rx.Detect Port 10: .02a0 5Gbps power Rx.Detect Port 11: .02a0 5Gbps power Rx.Detect Port 12: .02a0 5Gbps power Rx.Detect Port 13: .02a0 5Gbps power Rx.Detect Device Status: 0x0001 Self Powered Bus 000 Device 002: ID 2109:2813 Device Descriptor: bLength 18 bDescriptorType 1 bcdUSB 2.10 bDeviceClass 9 Hub bDeviceSubClass 0 Unused bDeviceProtocol 1 Single TT bMaxPacketSize0 64 idVendor 0x2109 idProduct 0x2813 bcdDevice 90.11 iManufacturer 1 VIA Labs, Inc. iProduct 2 USB2.0 Hub iSerial 0 bNumConfigurations 1 Configuration Descriptor: bLength 9 bDescriptorType 2 wTotalLength 25 bNumInterfaces 1 bConfigurationValue 1 iConfiguration 0 bmAttributes 0xe0 Self Powered Remote Wakeup MaxPower 0mA Interface Descriptor: bLength 9 bDescriptorType 4 bInterfaceNumber 0 bAlternateSetting 0 bNumEndpoints 1 bInterfaceClass 9 Hub bInterfaceSubClass 0 Unused bInterfaceProtocol 0 Full speed (or root) hub iInterface 0 Endpoint Descriptor: bLength 7 bDescriptorType 5 bEndpointAddress 0x81 EP 1 IN bmAttributes 3 Transfer Type Interrupt Synch Type None Usage Type Data wMaxPacketSize 0x0001 1x 1 bytes bInterval 12 Hub Descriptor:
"run0: missing endpoint" on OpenBSD 7.0
Hi all, Trying to replace an rsu usb wifi adapter with one that is a little more resilient because the rsu locks up about 4 or 5 times a day and it takes a reboot to get it to come back. Full dmesg follows but on both this amd64 computer and a rpi 3B+ the result is the same: run0 at uhub0 port 4 configuration 1 interface 0 "Ralink Technology RT2870" rev 2.00/0.01 addr 6 run0: missing endpoint And the run0 will not go any farther. I hate to do this but with Ubuntu 20.04 on an OdroidN2 it works perfectly: [858425.236283] usb 1-1.4: new high-speed USB device number 28 using xhci-hcd [858425.360433] usb 1-1.4: New USB device found, idVendor=148f, idProduct=2870 [858425.360436] usb 1-1.4: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [858425.464282] usb 1-1.4: reset high-speed USB device number 28 using xhci-hcd [858425.588521] ieee80211 phy2: rt2x00_set_rt: Info - RT chipset 5390, rev 0502 detected [858425.597929] ieee80211 phy2: rt2x00_set_rf: Info - RF chipset 5370 detected [858425.598226] ieee80211 phy2: Selected rate control algorithm 'minstrel_ht' [858425.697149] ieee80211 phy2: rt2x00lib_request_firmware: Info - Loading firmware file 'rt2870.bin' [858425.697203] ieee80211 phy2: rt2x00lib_request_firmware: Info - Firmware detected - version: 0.36 [858425.959972] IPv6: ADDRCONF(NETDEV_UP): wlan2: link is not ready Once I set up the wifi through the ubuntu gui it joined my wireless network and got an IP no problem. Do I need a firmware file for this like Ubuntu loaded? Jeff dmesg: OpenBSD 7.0 (GENERIC.MP) #1: Fri Oct 29 12:04:07 MDT 2021 r...@syspatch-70-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8488550400 (8095MB) avail mem = 8215265280 (7834MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x7b896000 (51 entries) bios0: vendor American Megatrends Inc. version "5.11" date 07/09/2020 bios0: $(DEFAULT_STRING) $(DEFAULT_STRING) acpi0 at bios0: ACPI 5.0 acpi0: sleep states S0 S3 S5 acpi0: tables DSDT FACP APIC FPDT FIDT MCFG SSDT SSDT SSDT UEFI SSDT HPET SSDT SSDT SSDT LPIT BCFG PRAM CSRT WDAT acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Atom(TM) x5-Z8350 CPU @ 1.44GHz, 1440.27 MHz, 06-4c-04 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu0: 1MB 64b/line 16-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 79MHz cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3.3, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Atom(TM) x5-Z8350 CPU @ 1.44GHz, 1439.95 MHz, 06-4c-04 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu1: 1MB 64b/line 16-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Atom(TM) x5-Z8350 CPU @ 1.44GHz, 1439.97 MHz, 06-4c-04 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu2: 1MB 64b/line 16-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Atom(TM) x5-Z8350 CPU @ 1.44GHz, 1439.96 MHz, 06-4c-04 cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu3: 1MB 64b/line 16-way L2 cache cpu3: smt 0, core 3, package 0 ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 115 pins acpimcfg0 at acpi0 acpimcfg0: addr 0xe000, bus 0-255 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (RP01) acpiprt2 at acpi0: bus -1 (RP02) acpiprt3 at acpi0: bus -1 (RP03) acpiprt4 at acpi0: bus -1 (RP04) "INT33A4" at acpi0 not configured dwiic0 at acpi0 I2C7 addr 0x9142/0x1000
Re: Kind of OT - camera/ software to run a long term timelapse camera
On 11/15/21 11:21 AM, Steve Williams wrote: Hi, I have an OpenBSD server (APC) that runs 7x24 hosting my email, webserver, etc. As the season changes to winter, I thought of setting up a camera to do some timelapse photography out of the window pointing at the mountains. I am kind of lost in the huge variety of options... IP connected security camera, webcam... and whether to do the timelapse in the camera, or to have that controlled on the server... (taking a photo every x minutes and saving it on the OpenBSD server). I was trying to avoid having the images stored on an SD card in the camera as then physical access would be required to periodically extract the images / movie. If it's a USB camera, it would need to be supported by OpenBSD. But there are IP cameras, some which require drivers, some don't. It's a crazy complex world. Does anyone have recommendations to accomplish this? It's just a hobby so I don't want to spend a huge amount of money on it. Thanks, Steve Williams Hi Steve, I'm running a 4K Amcrest IP camera (Amcrest IP8M-2496EB 2.8mm) on a Raspberry Pi 3B+/OpenBSD 7.0. I wrote a python script using the amcrest module that captures about 5 frames / minute and stores locally on the RPi. rsync then ships them off to a separate server in my network that has a 5T external drive. A script on that external drive uses ffmpeg to make an mp4 movie that is uploaded daily to my web server at https://www.starhouse-observatory.org. The home page shows the latest image off the camera, below is a place to select and watch a day's movie. I'm happy to share the python script and other details if you want to go that route. Jeff
Re: OpenBSD 7.0--cron will not run a certain script
On 11/11/21 4:09 PM, Łukasz Moskała wrote: W dniu 11.11.2021 o 23:55, Jeff Ross pisze: Hi, /bin/sh -x /home/jross/sync_to_odroidn2.sh cat ./sync_to_ordoidn2.sh Looks like you have typo in file name to me :) odroid in first, ordoid in second. Egads. Thank you! That was indeed the problem :-) Jeff
OpenBSD 7.0--cron will not run a certain script
Hi all, This is on a Raspberry Pi 3B+ (dmesg to follow). Here's my crontab: jross@pi:/home/jross $ crontab -l SHELL=/bin/sh MAILTO="" # #minute hour mday month wday command */2 * * * * /bin/sh /home/jross/upload_latest.sh 2>&1 * * * * * python3 4Kwebcam_loop_no_scp.py 38 * * * * /bin/sh -x /home/jross/sync_to_odroidn2.sh 2>&1 The first 2 scripts work fine. The last one absolutely will not. Here's the very simple script: jross@pi:/home/jross $ cat ./sync_to_ordoidn2.sh #!/bin/sh logger "starting sync to odroidn2" pgrep -x rsync if [ $? -eq 0 ]; then echo "`date` rsync still running...exiting" >> /var/log/rsync_to_odroidn2.out else echo "`date` starting rsync..." >> /var/log/rsync_to_odroidn2.out /usr/local/bin/rsync -avPz /home/jross/webcam/ odroidn2:/samba/starhouse/webcam/ | tee -a /var/log/rsync_to_odroidn2.out echo "`date` finished rsync..." >> /var/log/rsync_to_odroidn2.out fi Here's where cron says it's firing the script: 2021-11-11 15:38:01.305599500 127.0.0.1: cron.info: Nov 11 15:38:01 cron[95324]: (jross) CMD (/bin/sh -x /home/jross/sync_to_odroidn2.sh 2>&1) But, no comment into syslog from the logger line and the script simply does not run. Running the script manually, though, works fine: 2021-11-11 15:47:05.959176500 127.0.0.1: user.notice: Nov 11 15:47:05 jross: starting sync to odroidn2 sending incremental file list 4Kwebcam_2021/ 4Kwebcam_2021/4Kwebcam_1636669302.jpg 2,113,298 100% 6.85MB/s 0:00:00 (xfr#1, to-chk=75/1323) 4Kwebcam_2021/4Kwebcam_1636669333.jpg 2,109,678 100% 1.48MB/s 0:00:01 (xfr#2, to-chk=74/1323) 4Kwebcam_2021/4Kwebcam_1636669357.jpg 2,108,931 100% 1.73MB/s 0:00:01 (xfr#3, to-chk=73/1323) ...and so on I originally had this script running under cron with */10 in the minute column. As a part of debugging I've adjusted the interval to every 5 minutes and then to a set minute in the hour. I'm using full paths everywhere in the script so it can't be that. I do not know what else to try... Jeff dmesg: jross@pi:/home/jross $ dmesg OpenBSD 7.0 (GENERIC.MP) #1332: Thu Sep 30 16:53:51 MDT 2021 dera...@arm64.openbsd.org:/usr/src/sys/arch/arm64/compile/GENERIC.MP real mem = 970907648 (925MB) avail mem = 908574720 (866MB) random: good seed from bootblocks mainbus0 at root: Raspberry Pi 3 Model B Plus Rev 1.3 cpu0 at mainbus0 mpidr 0: ARM Cortex-A53 r0p4 cpu0: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache cpu0: 512KB 64b/line 16-way L2 cache cpu0: CRC32,ASID16 cpu1 at mainbus0 mpidr 1: ARM Cortex-A53 r0p4 cpu1: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache cpu1: 512KB 64b/line 16-way L2 cache cpu1: CRC32,ASID16 cpu2 at mainbus0 mpidr 2: ARM Cortex-A53 r0p4 cpu2: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache cpu2: 512KB 64b/line 16-way L2 cache cpu2: CRC32,ASID16 cpu3 at mainbus0 mpidr 3: ARM Cortex-A53 r0p4 cpu3: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache cpu3: 512KB 64b/line 16-way L2 cache cpu3: CRC32,ASID16 efi0 at mainbus0: UEFI 2.8 efi0: Das U-Boot rev 0x20210700 apm0 at mainbus0 simplefb0 at mainbus0: 656x416, 32bpp wsdisplay0 at simplefb0 mux 1: console (std, vt100 emulation) wsdisplay0: screen 1-5 added (std, vt100 emulation) "system" at mainbus0 not configured "axi" at mainbus0 not configured simplebus0 at mainbus0: "soc" bcmclock0 at simplebus0 bcmmbox0 at simplebus0 bcmgpio0 at simplebus0 bcmaux0 at simplebus0 bcmdmac0 at simplebus0: DMA0 DMA2 DMA4 DMA5 DMA8 DMA9 DMA10 bcmintc0 at simplebus0 pluart0 at simplebus0 bcmsdhost0 at simplebus0: 250 MHz base clock sdmmc0 at bcmsdhost0: 4-bit, sd high-speed, mmc high-speed, dma dwctwo0 at simplebus0 bcmdog0 at simplebus0 bcmrng0 at simplebus0 bcmtemp0 at simplebus0 "local_intc" at simplebus0 not configured sdhc0 at simplebus0 sdhc0: SDHC 3.0, 200 MHz base clock sdmmc1 at sdhc0: 4-bit, sd high-speed, mmc high-speed "firmware" at simplebus0 not configured "power" at simplebus0 not configured "mailbox" at simplebus0 not configured "gpiomem" at simplebus0 not configured "fb" at simplebus0 not configured "vcsm" at simplebus0 not configured "clocks" at mainbus0 not configured "phy" at mainbus0 not configured "arm-pmu" at mainbus0 not configured agtimer0 at mainbus0: 19200 kHz "leds" at mainbus0 not configured "fixedregulator_3v3" at mainbus0 not configured "fixedregulator_5v0" at mainbus0 not configured "bootloader" at mainbus0 not configured dt: 445 probes usb0 at dwctwo0: USB revision 2.0 scsibus0 at sdmmc0: 2 targets, initiator 0 sd0 at scsibus0 targ 1 lun 0: removabl
Re: Install challenges
On 11/7/21 2:49 AM, Stuart Henderson wrote: On 2021-11-06, Jeff Ross wrote: A simpler solution for me might be some sort of command I can do at the boot prompt that would change the resolution of the monitor or maybe even the window. Anything like that available at all? That's not possible. In the installer you could ctrl-z and type this to clear the screen and reset the cursor to the home position: print '\033[2J\033[H' then fg to return to the prompt. Or run through on a separate machine/vm and make a note of what to type. It's likely that when you're booted onto a standard (non install) kernel with the DRM drivers that the screen will work better. That worked! Hooray! After installing 6.9 and running syspatch I got a panic just as the wsdisplay lines printed. Couldn't get anything more than the single line because the keyboard was dead. Booted into bsd.rd, then changed the server file path to 7.0, installed the bsd kernels, booted the 7.0 bsd.rd and did a fresh install. System is up and running 7 with no panic. Video is beautiful with no garbage at the bottom. Thank you once again Stuart! Jeff dmesg: OpenBSD 7.0 (GENERIC.MP) #232: Thu Sep 30 14:25:29 MDT 2021 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8488550400 (8095MB) avail mem = 8215261184 (7834MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x7b896000 (51 entries) bios0: vendor American Megatrends Inc. version "5.11" date 07/09/2020 bios0: $(DEFAULT_STRING) $(DEFAULT_STRING) acpi0 at bios0: ACPI 5.0 acpi0: sleep states S0 S3 S5 acpi0: tables DSDT FACP APIC FPDT FIDT MCFG SSDT SSDT SSDT UEFI SSDT HPET SSDT SSDT SSDT LPIT BCFG PRAM CSRT WDAT acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Atom(TM) x5-Z8350 CPU @ 1.44GHz, 1440.27 MHz, 06-4c-04 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,SENSOR,ARAT,MELTDOWN cpu0: 1MB 64b/line 16-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 79MHz cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3.3, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Atom(TM) x5-Z8350 CPU @ 1.44GHz, 1439.95 MHz, 06-4c-04 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,SENSOR,ARAT,MELTDOWN cpu1: 1MB 64b/line 16-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Atom(TM) x5-Z8350 CPU @ 1.44GHz, 1439.95 MHz, 06-4c-04 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,SENSOR,ARAT,MELTDOWN cpu2: 1MB 64b/line 16-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Atom(TM) x5-Z8350 CPU @ 1.44GHz, 1439.96 MHz, 06-4c-04 cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,SENSOR,ARAT,MELTDOWN cpu3: 1MB 64b/line 16-way L2 cache cpu3: smt 0, core 3, package 0 ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 115 pins acpimcfg0 at acpi0 acpimcfg0: addr 0xe000, bus 0-255 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (RP01) acpiprt2 at acpi0: bus -1 (RP02) acpiprt3 at acpi0: bus -1 (RP03) acpiprt4 at acpi0: bus -1 (RP04) "INT33A4" at acpi0 not configured dwiic0 at acpi0 I2C7 addr 0x9142/0x1000 irq 38 iic0 at dwiic0 chvgpio0 at acpi0 GPO1 uid 2 addr 0xfed88000/0x8000 irq 48, 59 pins "INT33F4" at iic0 addr 0x34 not configured acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001 sdhc0 at acpi0 SDHA addr 0x9142c000/0x1000 irq 45 sdhc0: SDHC 3.0, 200 MHz base clock sdmmc0 at sdhc0: 8-bit, sd high-speed, mmc high-speed, ddr52, dma sdhc1 at acpi0 SDHB addr 0x9142a000/0x1000 irq 46 sdhc1: SDHC 3.0, 200 MHz base clock sdmmc1 at sdhc1: 4-bit, sd high-speed, mmc high-speed, ddr52, dma sdhc2 at acpi0 S
Install challenges
Hi all, I'm trying to install OpenBSD on a new mini-pc stick computer. https://www.amazon.com/dp/B09DKW18BY?psc=1=ppx_yo2_dt_b_product_details install70.img dd-ed to a USB drive will not boot. With bios set to boot from the USB drive it falls through to the EFI shell. install69.img dd-ed to the exact same drive will boot so I'm fine with that. I can always upgrade to 7 after the system is up. This stick has HDMI 4K video but when the installer boots the bottom inch of my 48" 4K Visio monitor is garbage. When the installer finishes booting all of the installer prompts are down in the garbage and un-readable, which makes it *really* impossible to do an install. Aside--I know about the autoconfig option and might resort to that yet. A simpler solution for me might be some sort of command I can do at the boot prompt that would change the resolution of the monitor or maybe even the window. Anything like that available at all? Don't have a dmesg because no successful install--hope to change that ;-) Thanks! Jeff Ross
Re: 6.9 Installer succeeds, computer will not boot from hard drive
On 9/3/21 12:35 PM, Jeff Ross wrote: On 9/3/21 3:45 AM, Stuart Henderson wrote: On 2021-09-02, Jeff Ross wrote: This is a multi-part message in MIME format. --F51C046C214039690CD908CB Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Hi all, I bought one of these mini computers https://www.amazon.com/dp/B084WRRV51?psc=1=ppx_yo2_dt_b_product_details (installer dmesg follows). 6.9 installs just fine but the darn thing will *not* boot from the hard drive. I've tried installing using the Whole disk and GPT whole disk--neither one will boot. Bios gives me the option to boot from Hard Disk, USB Hard Disk, USB Key, IPv4, IPv6 and EFI. I've set to Hard Disk, then USB Hard Disk, then USB Key, then IPv4 and every time it falls through to IPv4. Try EFI with a GPT-based install. Thanks, Stuart. This doesn't work. Fallback option: find a small USB storage device (sandisk ultra fit or similar) and leave it in the machine to boot from. This does--until the boot process panics before it gets very far. I'm going to try -current just for fun. If that doesn't work I'm just going to send it back and try something else. Jeff No change with -current. For reference, here's the panic and trace, transcribed from photos so I hope there aren't too many typos: ddb{0}> show panic kernel page fault uvm_fault(0x82244830, 0x30,0,2) -> e drm_helper_probe_single_connector_modes(808c4000,7f , 7f) at drm_helper_probe_single_connector_modes+0x120 end trace frame: 0x8000223d0970, count: 0 ddb{0}> trace drm_helper_probe_single_connector_modes(808c4000,7f , 7f) at drm_helper_probe_single_connector_modes+0x120 drm_client_modset_probe(80210408) at output_pollexecute+0x22d taskq_thread(801ec280) at taskq_thread+0x81 end trace frame: )x), count: -5 I'll also send this in to sendbug. Jeff
Re: 6.9 Installer succeeds, computer will not boot from hard drive
On 9/3/21 3:45 AM, Stuart Henderson wrote: On 2021-09-02, Jeff Ross wrote: This is a multi-part message in MIME format. --F51C046C214039690CD908CB Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Hi all, I bought one of these mini computers https://www.amazon.com/dp/B084WRRV51?psc=1=ppx_yo2_dt_b_product_details (installer dmesg follows). 6.9 installs just fine but the darn thing will *not* boot from the hard drive. I've tried installing using the Whole disk and GPT whole disk--neither one will boot. Bios gives me the option to boot from Hard Disk, USB Hard Disk, USB Key, IPv4, IPv6 and EFI. I've set to Hard Disk, then USB Hard Disk, then USB Key, then IPv4 and every time it falls through to IPv4. Try EFI with a GPT-based install. Thanks, Stuart. This doesn't work. Fallback option: find a small USB storage device (sandisk ultra fit or similar) and leave it in the machine to boot from. This does--until the boot process panics before it gets very far. I'm going to try -current just for fun. If that doesn't work I'm just going to send it back and try something else. Jeff
Re: 6.9 Installer succeeds, computer will not boot from hard drive
On 9/3/21 2:34 AM, Maurice McCarthy wrote: At the boot prompt try boot> boot hd1a:/bsd If it works you can put it in boot.conf HTH Unfortunately, the boot process never gets to the boot prompt--it skips right over the newly installed hard drive. Jeff
6.9 Installer succeeds, computer will not boot from hard drive
Hi all, I bought one of these mini computers https://www.amazon.com/dp/B084WRRV51?psc=1=ppx_yo2_dt_b_product_details (installer dmesg follows). 6.9 installs just fine but the darn thing will *not* boot from the hard drive. I've tried installing using the Whole disk and GPT whole disk--neither one will boot. Bios gives me the option to boot from Hard Disk, USB Hard Disk, USB Key, IPv4, IPv6 and EFI. I've set to Hard Disk, then USB Hard Disk, then USB Key, then IPv4 and every time it falls through to IPv4. I initially installed linux on this and it ran about as good as ubuntu 20.04 ever does but I'd much rather use a real OS. Any thoughts/clue by fours greatly appreciated. Jeff Ross OpenBSD 6.9 (RAMDISK_CD) #456: Mon Apr 19 10:47:37 MDT 2021 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD real mem = 4120633344 (3929MB) avail mem = 3991724032 (3806MB) random: good seed from bootblocks mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x77864000 (51 entries) bios0: vendor American Megatrends Inc. version "V0.08" date 06/16/2020 bios0: AZW T4 acpi0 at bios0: ACPI 5.0 acpi0: tables DSDT FACP APIC FPDT FIDT MCFG SSDT SSDT SSDT UEFI SSDT HPET SSDT SSDT SSDT LPIT BCFG PRAM BGRT CSRT WDAT SSDT SSDT SSDT acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Atom(TM) x5-Z8500 CPU @ 1.44GHz, 1440.33 MHz, 06-4c-03 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN cpu0: 1MB 64b/line 16-way L2 cache cpu0: apic clock running at 79MHz cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3.3, IBE cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 115 pins acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (RP01) acpiprt2 at acpi0: bus 2 (RP02) acpiprt3 at acpi0: bus -1 (RP03) acpiprt4 at acpi0: bus -1 (RP04) acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001 "INT33A4" at acpi0 not configured sdhc0 at acpi0 SDHA addr 0x91a3a000/0x1000 irq 45 sdhc0: SDHC 3.0, 200 MHz base clock sdmmc0 at sdhc0: 8-bit, sd high-speed, mmc high-speed, ddr52, dma sdhc1 at acpi0 SDHB addr 0x91a38000/0x1000 irq 46 sdhc1: SDHC 3.0, 200 MHz base clock sdmmc1 at sdhc1: 4-bit, sd high-speed, mmc high-speed, ddr52, dma sdhc2 at acpi0 SHC1 addr 0x91a36000/0x1000 irq 47 sdhc2: SDHC 3.0, 200 MHz base clock sdmmc2 at sdhc2: 4-bit, sd high-speed, mmc high-speed, ddr52, dma "INTL9C60" at acpi0 not configured "INTL9C60" at acpi0 not configured "8086228A" at acpi0 not configured "8086228A" at acpi0 not configured "8086228E" at acpi0 not configured "8086228E" at acpi0 not configured "8086228E" at acpi0 not configured dwiic0 at acpi0 I2C1 addr 0x91a32000/0x1000 irq 32 iic0 at dwiic0 dwiic1 at acpi0 I2C2 addr 0x91a3/0x1000 irq 33 iic1 at dwiic1 "10EC5645" at iic1 addr 0x1a not configured dwiic2 at acpi0 I2C3 addr 0x91a2e000/0x1000 irq 34 iic2 at dwiic2 dwiic3 at acpi0 I2C4 addr 0x91a2c000/0x1000 irq 35 iic3 at dwiic3 dwiic4 at acpi0 I2C5 addr 0x91a2a000/0x1000 irq 36 iic4 at dwiic4 dwiic5 at acpi0 I2C6 addr 0x91a28000/0x1000 irq 37 iic5 at dwiic5 dwiic6 at acpi0 I2C7 addr 0x91a26000/0x1000 irq 38 iic6 at dwiic6 chvgpio0 at acpi0 GPO1 uid 2 addr 0xfed88000/0x8000 irq 48, 59 pins "INT34D3" at iic6 addr 0x6e not configured "808622A8" at acpi0 not configured "INT33D5" at acpi0 not configured acpicmos0 at acpi0 "PNP0C0C" at acpi0 not configured chvgpio1 at acpi0 GPO0 uid 1 addr 0xfed8/0x8000 irq 49, 56 pins chvgpio2 at acpi0 GPO2 uid 3 addr 0xfed9/0x8000 irq 50, 24 pins chvgpio3 at acpi0 GPO3 uid 4 addr 0xfed98000/0x8000 irq 91, 55 pins chvgpio4 at acpi0 GPO4 uid 5 "ACPI0011" at acpi0 not configured "INT33BD" at acpi0 not configured "ACPI000C" at acpi0 not configured "INT3400" at acpi0 not configured "INT3407" at acpi0 not configured "INT3403" at acpi0 not configured "INT3409" at acpi0 not configured acpicpu at acpi0 not configured acpipwrres at acpi0 not configured acpipwrres at acpi0 not configured acpipwrres at acpi0 not configured acpipwrres at acpi0 not configured acpipwrres at acpi0 not configured acpipwrres at acpi0 not configured acpipwrres at acpi0 not configured acpipwrres at acpi0 not configured acpipwrres at acpi0 not configured acpipwrres at acpi0 not configured acpipwrres at acpi0 not configured acpipwrres at acpi0 not configured acpipwrres at acpi0 not configured acpipwrres at acpi0 not configured acpipwrres at acpi0
Re: OpenCV on 6.9 can't open camera
On 8/10/21 6:22 AM, Karsten Pedersen wrote: I'd appreciate anyone's thoughts on fixing this! Not sure if this is a solution for you (unless you want to faff with creating some minimal Python bindings) but I hacked at the OpenBSD /usr/X11R6/bin/video source code to create a quick standalone C API to be used as a library. Yes, it is probably not so portable as OpenCV but it is much lighter in terms of dependencies. openbsd_cam.h [https://pastebin.com/1rDpFMR4] openbsd_cam.c [https://pastebin.com/kuv3KhCX] (Original program: https://cvsweb.openbsd.org/xenocara/app/video/video.c) I also chucked in some decoding so it basically provides you now with an array of bytes referring to RGB pixels. Best regards, Karsten Hi Karsten, Thanks for the reply. This looks like an interesting project but I think adapting it to my needs is going to be way above my pay grade! Jeff
Re: OpenCV on 6.9 can't open camera
On 8/10/21 1:14 AM, Kevin Lo wrote: On Mon, Aug 09, 2021 at 11:56:36AM -0600, Jeff Ross wrote: Hi, OpenCV (installed from the package) doesn't seem to be able to open the camera. The camera (in this case for testing a Logitech C910) can be accessed no problem with ffplay, fswebcam and video(1).?? I also opened the kern sysctls for both audio and video and chowned /dev/video to my user. I'd appreciate anyone's thoughts on fixing this! Hi, I encountered the same problem. Just committed a fix: https://marc.info/?l=openbsd-ports-cvs=162857744213080=2 Jeff Ross Kevin Thanks Kevin! I'm building the new 4.5.2 version now. Jeff
OpenCV on 6.9 can't open camera
Hi, I'm porting a python3 program I wrote for capturing jpegs from a USB based webcam, using OpenCV for capture and post-processing. I was running this on a RaspberryPi 3B+ under linux but I'm sick of battling crappy hardware and linux so I bought a Mini PC stick and installed 6.9. (dmesg follows) OpenCV (installed from the package) doesn't seem to be able to open the camera. The camera (in this case for testing a Logitech C910) can be accessed no problem with ffplay, fswebcam and video(1). I also opened the kern sysctls for both audio and video and chowned /dev/video to my user. jross@aurora-cam:/home/jross $ fswebcam -d v4l2:/dev/video0 -F3 --save test2.jpg --- Opening v4l2:/dev/video0... /dev/video0 opened. No input was specified, using the first. Adjusting resolution from 384x288 to 432x240. --- Capturing 3 frames... Captured 3 frames in 0.06 seconds. (46 fps) --- Processing captured image... Writing JPEG image to 'test2.jpg'. OpenCV not so much though: jross@aurora-cam:/home/jross $ cat open_test.py import cv2 as cv import subprocess cap = cv.VideoCapture(0, cv.CAP_V4L2) print(cap) if not cap.isOpened(): print("Open Failed!") elif cap.isOpened(): print("Open Succeeded!") height = cap.get(cv.CAP_PROP_FRAME_HEIGHT) width = cap.get(cv.CAP_PROP_FRAME_WIDTH) exposure = cap.get(cv.CAP_PROP_AUTO_EXPOSURE) print(height,width,exposure) frame = [] try: ret, temp_frame = cap.read() print(ret) except Exception as e: print(e) #kill anything else using the camera pid = subprocess.check_output("fuser -k /dev/video0",stderr=subprocess.STDOUT, shell=True)[:-1].decode('utf-8') print("Exception caught! %s" % (e)) frame.append(temp_frame) print(frame) jross@aurora-cam:/home/jross $ python3 open_test.py Open Failed! 0.0 0.0 0.0 False [None] I'd appreciate anyone's thoughts on fixing this! Jeff Ross dmesg: OpenBSD 6.9 (GENERIC.MP) #473: Mon Apr 19 10:40:28 MDT 2021 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 4099731456 (3909MB) avail mem = 3960090624 (3776MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xe9c60 (84 entries) bios0: vendor American Megatrends Inc. version "2.0" date 09/18/2020 bios0: AXON Mini PC Stick acpi0 at bios0: ACPI 6.0 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP FPDT FIDT MCFG DBG2 DBGP LPIT APIC NPKT PRAM WSMT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT UEFI BGRT WDAT NHLT acpi0: wakeup devices HDAS(S3) PRT0(S4) PRT1(S4) XHC_(S4) XDCI(S4) BRCM(S0) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimcfg0 at acpi0 acpimcfg0: addr 0xe000, bus 0-255 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Celeron(R) CPU J3355 @ 2.00GHz, 1996.01 MHz, 06-5c-09 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu0: 1MB 64b/line 16-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 19MHz cpu1 at mainbus0: apid 4 (application processor) cpu1: Intel(R) Celeron(R) CPU J3355 @ 2.00GHz, 1995.43 MHz, 06-5c-09 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SMEP,ERMS,MPX,RDSEED,SMAP,CLFLUSHOPT,PT,SHA,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu1: 1MB 64b/line 16-way L2 cache cpu1: smt 0, core 2, package 0 ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 120 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (RP01) acpiprt2 at acpi0: bus 2 (RP02) acpiprt3 at acpi0: bus -1 (RP03) acpiprt4 at acpi0: bus -1 (RP04) acpiprt5 at acpi0: bus -1 (RP05) acpiprt6 at acpi0: bus -1 (RP06) aplgpio0 at acpi0 GPO0 uid 1 addr 0xd0c5/0x76c irq 14, 78 pins acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001 acpicmos0 at acpi0 acpibtn0 at acpi0: PWRB aplgpio1 at acpi0 GPO1 uid 2 addr 0xd0c4/0x764 irq 14, 77 pins aplgpio2 at acpi0 GPO2 uid 3 addr 0xd0c7/0x674 irq 14, 47 pins aplgpio3 at acpi0 GPO3 uid 4 addr 0xd0c0/0x654 irq 14, 43 pins "ACPI0011" at acpi0 not configured "INT33A1" at acpi0 not configured "INT3400" at acpi0 not configu
Re: Upgrade to 6.8 issues
On 4/12/21 3:12 AM, Stuart Henderson wrote: On 2021-04-11, Jeff Ross wrote: Hi all, Just upgraded to 6.8 from 6.3 (yes, I know...) and now find a few of the websites I'm hosting are no longer connecting to postgres because pear DB is apparently no longer in ports. Fortunately so far they all appear to be *my* websites so no harm, no foul. The sites that I'm hosting through something like drupal7 or wordpress are all fine--it's only the sites that I created a gazillion years ago using pear DB that are really failing. Are there alternatives that I'm missing? Please, I really don't feel the need to move off apache2 just yet. Thanks, Jeff I don't recall pear DB being in ports, could you have installed it separately and just need to update it to work with current php? Generally pear things doesn't get added to ports unless needed for some particular application that is wanted in ports, but that is not so common these days as php applications normally bundle their own 'vendored' dependencies. To install them yourself you can use "pear install" (systemwide) or just for a particular project via a dependency manager e.g. "composer". (note pear DB is still available but no longer getting normal updates, see https://pear.php.net/package/DB/, see https://pear.php.net/package/MDB2 for similar current equivalent). Thanks Stuart! That was indeed the issue--I was just surprised that my old version of DB.php was deleted. There were a few more tweaks and pinches to make that big jump but nothing too hard to figure out. Jeff
Upgrade to 6.8 issues
Hi all, Just upgraded to 6.8 from 6.3 (yes, I know...) and now find a few of the websites I'm hosting are no longer connecting to postgres because pear DB is apparently no longer in ports. Fortunately so far they all appear to be *my* websites so no harm, no foul. The sites that I'm hosting through something like drupal7 or wordpress are all fine--it's only the sites that I created a gazillion years ago using pear DB that are really failing. Are there alternatives that I'm missing? Please, I really don't feel the need to move off apache2 just yet. Thanks, Jeff
Re: www.openbsd.org unreachable for a few days
On 15/12/2020 11:57, Ottavio Caruso wrote: Hi, I asked on Freenode#OpenBSD and apparently it's only me, but I haven't been able to access www.openbsd.org for a few days. There is nothing in my firewall/router that blocks OpenBSD.org. Ping, traceroute and telnet don't seem to access the site. Both browsing to the website and traceroute work for me (assuming obsd3.srv.ualberta.ca is actually where www.openbsd.org resides). Only just tried traceroute, but the website seems to have been up for me over the last several days, on both Manjaro Linux and Android. I'm in the UK (Newcastle upon Tyne, North East England), if that makes any difference. HTH Jeff.
Fwd: Fwd: PayPal pool for developer M1 Mac mini for OpenBSD port
Forwarded Message Subject:Fwd: PayPal pool for developer M1 Mac mini for OpenBSD port Date: Thu, 3 Dec 2020 21:56:51 + From: Jeff Joshua Rollin Oops, forgot to reply to the list. Sorry for the duplicate, Mihai. On 03/12/2020 01:18, Mihai Popescu wrote: I have only good wishes for the project, but I still don't get one thing: why do some people start to behave oddly whenever Apple comes into discussion. They are doing a proprietary thing, closed as hell, no documentation and so on. Why is this impulse to write code for such a thing. Just asking ... Apple make great products. My iMac, which is nearly ten years old, runs without problems even today (try that with Windows). iPads and iPhones have much better lifetimes than Android devices - we'll see if the increasing number of devices running "real Linux" make a dent in the market, but either way there are AFAIK no phones using any of the BSDs (unless you count macOS/iOS, which for these purposes I don't) anyway. Other than the fact that the platform is proprietary, the only other thing that annoys me about Macs, and always has, is their half-arsed attempt at a British keyboard, which unless it's changed since my iMac was manufactured still puts @ and " in the wrong places for Brits - exactly the opposite places on a US keyboard. (Even Commodore, infamous in its day for reliability problems and which bought the Amiga company in what no less august an institution than Amiga Format magazine called "a rare fit of insight," managed that one.) Fortunately, if you also use Linux/UNIX, the problem of switching between keyboards with @ and " in 'the wrong place' is easily solved for X11 by selecting a Mac UK keyboard in the software settings even on a PC. (They did stubbornly stick with that crap butterfly keyboard for four years, for reasons presumably best known to themselves, but luckily that era also seems to be over, and I didn't bother buying one during that time, for that and other reasons.) As for the proprietaryness, other than the fact that it's a nice new hardware architecture as other people have mentioned, pretty much every other architecture OpenBSD, NetBSD and Linux has ever run on (Amiga, Sun and VAX, for example) is/was proprietary. And that's without considering the closed peripherals (without which OpenBSD wouldn't have to eschew NDAs) or the BMC on a Wintel - heaven knows what that thing really gets up to. My £0.02 Jeff.
Re: mosquitto with websockets enabled?
On 11/25/20 3:03 PM, Stuart Henderson wrote: [moved to ports@ and cc'ing mosquitto maintainer] In gmane.os.openbsd.misc, Jeff Ross wrote: Greetings, I've been trying to build mosquitto with websockets enabled on 6.8 release. The web says that all I should have to do is edit config.mk and change WITH_WEBSOCKETS:=no to WITH_WEBSOCKETS:=yes. I also added libwebsockets from ports. I built a patch to do that and then built the port with that patch. test68# cd /usr/ports/net/mosquitto/patches/ test68# cat patch-config_mk --- config.mk.orig Wed Nov 25 09:33:17 2020 +++ config.mk Wed Nov 25 09:33:34 2020 @@ -65,7 +65,7 @@ WITH_SRV:=no # Build with websockets support on the broker. -WITH_WEBSOCKETS:=no +WITH_WEBSOCKETS:=yes # Use elliptic keys in broker WITH_EC:=yes However, I still get the following: test68# /usr/local/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf 1606323544: Error: Websockets support not available. 1606323544: Error found at /etc/mosquitto/mosquitto.conf:241. ktracing the command above I don't even see a place where it actually looks to see if websockets are enabled. I'm hoping someone has gone down this path before and can share the secret sauce to enable websockets. Alternatively, a suggestion for a different implementation of MQTT with websockets would be fine. Thanks, Jeff Ross config.mk is for the autoconf-based build system, the mosquitto port uses the CMake one instead so you need to set configure flags. This works for me - Jasper, what do you think about adding to the port? (either directly like this or as a flavour)? Index: Makefile === RCS file: /cvs/ports/net/mosquitto/Makefile,v retrieving revision 1.33 diff -u -p -r1.33 Makefile --- Makefile22 Aug 2020 13:55:07 - 1.33 +++ Makefile25 Nov 2020 21:42:00 - @@ -3,6 +3,7 @@ COMMENT = opensource MQTT broker DISTNAME = mosquitto-1.6.12 +REVISION = 0 SHARED_LIBS += mosquitto 1.0 # 1.5 SHARED_LIBS += mosquittopp 1.0 # 1.5 @@ -15,7 +16,7 @@ MAINTAINER = Jasper Lievisse Adriaanse # EPL/EDL PERMIT_PACKAGE = Yes -WANTLIB += c crypto m pthread ssl ${COMPILER_LIBCXX} +WANTLIB += c crypto m pthread ssl websockets ${COMPILER_LIBCXX} MASTER_SITES = https://mosquitto.org/files/source/ @@ -29,12 +30,15 @@ MODPY_RUNDEP= No MODPY_VERSION=${MODPY_DEFAULT_VERSION_3} BUILD_DEPENDS = devel/uthash +LIB_DEPENDS = www/libwebsockets DEBUG_PACKAGES = ${BUILD_PACKAGES} -CONFIGURE_ARGS= -DWITH_SRV=no +CONFIGURE_ARGS=-DWITH_SRV=no \ + -DWITH_WEBSOCKETS=yes # Pre-shared key support was intentionally removed from libressl CONFIGURE_ARGS += -DWITH_TLS_PSK=no +CONFIGURE_ENV += LDFLAGS="-L${LOCALBASE}/lib" CFLAGS += -I${LOCALBASE}/include Thanks, Stuart! I never would have hit upon the right combination of changes. Jeff
mosquitto with websockets enabled?
Greetings, I've been trying to build mosquitto with websockets enabled on 6.8 release. The web says that all I should have to do is edit config.mk and change WITH_WEBSOCKETS:=no to WITH_WEBSOCKETS:=yes. I also added libwebsockets from ports. I built a patch to do that and then built the port with that patch. test68# cd /usr/ports/net/mosquitto/patches/ test68# cat patch-config_mk --- config.mk.orig Wed Nov 25 09:33:17 2020 +++ config.mk Wed Nov 25 09:33:34 2020 @@ -65,7 +65,7 @@ WITH_SRV:=no # Build with websockets support on the broker. -WITH_WEBSOCKETS:=no +WITH_WEBSOCKETS:=yes # Use elliptic keys in broker WITH_EC:=yes However, I still get the following: test68# /usr/local/sbin/mosquitto -c /etc/mosquitto/mosquitto.conf 1606323544: Error: Websockets support not available. 1606323544: Error found at /etc/mosquitto/mosquitto.conf:241. ktracing the command above I don't even see a place where it actually looks to see if websockets are enabled. I'm hoping someone has gone down this path before and can share the secret sauce to enable websockets. Alternatively, a suggestion for a different implementation of MQTT with websockets would be fine. Thanks, Jeff Ross
Re: Sending Mail to misc
On Sun, 2020-10-18 at 15:00 -0400, J Doe wrote: > > On Oct 18, 2020, at 2:47 PM, Jeffrey Joshua Rollin < > > j...@jeffjoshua.club> wrote: > > > > Hi, > > > > I’m able to send mail from my iPad (sorry), but not from my OpenBSD > > machine (same address). Any ideas what could be causing this? > > > > In the meantime, thanks for 6.8 and happy anniversary. > > > > Jeff > > Hi, > > I sent two messages to misc yesterday from Thunderbird on Ubuntu > Linux 20.04 LTS and they also did not make it to the list. Perhaps > there is an issue on the mail server side ? > > Thanks, > > - J Well, I can't speak for your problem yesterday but if this message makes it then the problem was clearly on my side. Something was wrong with my smtp server settings but when I deleted my accounts and recreated them in Evolution, I was able to send a message to someone else. Maybe you could check your Ubuntu settings just in case you've done the same. Apologies to all as I should have checked this before sending anything. Jeff.
Re: Anyone tried NanoPi R2S or a 2 LAN SBC?
On 8/18/20 1:59 PM, Dani Deni wrote: Hello, trying to find a low powered single board computer with two gigabit LAN for router purposes. already checked the https://www.openbsd.org/arm64.html page, but google doesn't brings up any arm64 based SBC with 2 gigabit network ports that OpenBSD supports. or the NanoPi R2S can run OpenBSD? Anyone tried? https://www.friendlyarm.com/index.php?route=product/product_id=282 22$ ! cheap, low power usage and two gbit ethernet! It would be great if they wouldn't officially advert it with some custom OS :( With metal case to keep it from overheating (+$6.00), USB power supply and shipping to USA/Montana (DHL 10-17 days/$27, SF-Express 5-14 days/$42) for a total of $59.99/$74.99 this no longer falls into the category of "let's get one just to see!" Just saying.
Re: Howto change login mechanism on OpenBSD
On Wed, 2020-05-20 at 17:00 -0500, Edgar Pettijohn wrote: > On Wed, May 20, 2020 at 09:50:17PM + > > > > I believe /etc/ttys controls getty, which may or not help. Getty is > > respawned too. > > https://man.openbsd.org/man5/ttys.5 > > I think you're right. Might just need to change a line in /etc/ttys > to > execute /bin/{my_program}. > > Edgar > Perhaps a better way would be just to change the user's login shell to the name of your program: chpass -s $myprogram $user. That way you can use OpenBSD's login authentication, and login automatically runs the program when the user logs in; when the user quits the program they are automatically logged out. Provided there's no way to execute a shell from within the program, they therefore can't execute arbitrary code once logged in. It's easy to add a user for this single purpose: just add the user as normal, and specify $myprogram as the shell. Jeff.
Re: Display flickers after upgrade to 6.6
On Thu, 31 Oct 2019 13:47:06 + "Patrick Harper" wrote: > I haven't tried those settings yet (in my case GNOME Shell and > Xfdashboard cause the display to corrupt and seize up except the > cursor) but ShadowPrimary is a glamor option that should be > irrelevant if EXA is used. Thanks, my mistake, ShadowPrimary is a glamor-only option; this is clear from the radeon (4) man page; I believe I toggled this prior to switching to EXA in the hope that it would fix the corruption seen when I had previously toggled "SWcursor" in order to fix the mouse cursor vanishing when over certain widgets; this didn't help in my case (radeon/aruba/xfce). If anyone wants to try the changes I suggested, they can surely leave out the ShadowPrimary option. Toggling SwapbuffersWait and EnablePageFlip (to "off") was an attempt to eliminate some remaining 'rarely' flicker seen; it *seemed* to help, but I haven't spent a lot of time investigating, my goal was to get the machine usable again. The idea behind "EnablePageFlip" to "off" is that it seemed to look like graphic content was being rendered for some windows/widgets on one backbuffer but not on the other (again, I'm only speculating, as I don't know what's really going on under the hood), so that the content 'flickers' when page flipping is happening. This *could* be the result of a render operation succeeding for one back-buffer and failing for another; I don't really know. The idea behind "SwapbuffersWait" to "off" falls in the random guess category. I think one would expect to maybe see some tearing for GL applications if this option wasn't working correctly; but, I could also see how a fault here could lead to flickering (depending on the implementation), but is probably unlikely. I think changing this option may also have no effect. P.S. / Aside: For anyone experiencing graphics issues after installing 6.6, it might be a good idea to ensure that, if needed: machdep.allowaperture is set to the correct value (see: man xf86) for your system (and please be aware of the security implications of changing this value). regards, Jeff
Re: How can I contribute code to openbsd
On Mon, 30 Sep 2019 08:32:57 -0400.449998863 Nick Holland wrote: > while ! dead; do > DoSomething. > submission="sucks" # Accept this. It's probably true. > while [[ $submission == "sucks" ]]; do > SubmitIt > AcceptCriticism > learn > if [[ $criticism == "no way" ]]; do > break # not everything is appropriate. > fi > reviseBasedOnCriticism > done # Congrats, your submission was accepted! > done # not dead yet. ... > Nick. Respect Nick. If this is the official algorithm for helping the openbsd project, I think it's near to perfect. I've been thinking of the same question the OP asked; I don't think the value of having an expert critique one's work can be over-valued. regards, Jeff. P.S. Are there any urgent areas where the OpenBSD operating system project is short-handed?
Re: Will future programmers probably warn people not to use high-level programming languages just as most programmers today warn people not to use assembler?
On Tue, 29 Oct 2019 14:12:12 -0400 Mike wrote: > On 10/29/2019 1:17 PM, Nathan Hartman wrote: > > On Tue, Oct 29, 2019 at 7:41 AM Clark Block > > wrote: > >> Just as most programmers today warn people not to use assembler, > >> probably future programmers will warn people not to use high-level > >> programming languages. > > > > > > In the future, computers will program programmers. > > > > I remember programming back when it was the programmer, and not the > compiler, that did the optimizations. > > :) I also remember :-) I think compiler optimisations are great, but programmers must also optimise (examples: by using an algorithm with lower complexity, by being aware of locality of reference issues, etc.) Also, assembly language is, in my opinion, still useful for: - programming micro-controllers with scarce resources - programming graphics cards (shader code) - using processor features for which there exists no intrinsic function in a high level language. - proving to yourself that the compiler is actually doing the wrong thing with it's input when you suspect it (rare) With regards to assembly language (or any language for that matter), my opinion is this: use the right tool for the job; if the right tool is assembler, then use assembler, if the right tool is logo, use logo. A large part of programming is: 1) Knowing what you are trying to achieve 2) Having the ability to choose a good tool, that is, one of the right tools, to achieve what you want to achieve In my opinion, some sub-optimal things a programmer can do (and I know this because I also have these propensities) are: - cleaving only to tools one is comfortable and familiar with - doing something fancy, or using a fancy language/environment when a simpler choice is better - trading ease of code-maintenance/extendability/portability for small gains in performance I guess what I'm trying to say is that I think the issue doesn't really lie with high-level vs low-level; I think it's more about the programmer and the programmer's ability to make the (or one of the many) correct choices. regards, Jeff
Re: Display flickers after upgrade to 6.6
On Sat, 19 Oct 2019 17:59:41 +0200 Federico Giannici wrote: > On 2019-10-19 16:17, Andre Stoebe wrote: > > Hi, > > > > I ran into the same issue this morning. Disabling the compositor > > worked for me, but I noticed later that this is also documented in > > the package readme: > > > > Screen compositor > > = > > If you're using the modesetting X driver and experience window > > flickering when > > the compositor is enabled, you should force the window manager to > > use the XPresent method for vblank: > > > > $xfwm4 --vblank=xpresent --replace & > > I tried that command but it screwed all my windows (no more window > decorations and buttons, I cannot operate on windows)! > Now I had to came back to KDE... > :-( > > Regards > > > > This is documented upstream at > > https://git.xfce.org/xfce/xfwm4/tree/COMPOSITOR#n114 > > > > Haven't tested that yet and left the compositor disabled, but I > > guess this will fix your issues. If it does, that's probably a good > > reminder to first look in the readme next time (me included). ;) > > > > Regards, > > André > > Hi, I thought I'd relate my experience: I also experienced this issue on a machine recently upgraded to OpenBSD 6.6 which uses the aruba chipset and also running xfce. My workaround (which was based on 'try stuff to see what works') involved turning off compositing and (via xorg.conf.d): ... Option "AccelMethod" "EXA" Option "ShadowPrimary" "on" Option "SwapbuffersWait" "off" Option "EnablePageFlip" "off" ... This resolved issues with flickering, the mouse pointer vanishing and re-appearing depending on which window is below the pointer (enabling software mouse pointer for this was worse as garbage was rendered in a rect surrounding the pointer), and also *some* issues with logging in-out of an X session via xenodm. I still experience problems with the machine going to sleep and waking up, as sometimes, upon wake-up, the graphics go wonky, or don't update at all, or the mouse pointer goes wonky. Beyond the aforementioned, this set-up seems to allow me to use the machine as before, however, I am not an X11 expert nor a radeondrm driver expert; your mileage may very. If I ever try Andre's hint in the future (thank-you), I might report on success/failure. regards, Jeff
Re: When will be created a great desktop experience for OpenBSD?
On 5/7/19 4:23 PM, ropers wrote: Tangentially related: Does anyone here routinely use the default fvwm? Now for a really noobish question: Those that do, do you also launch graphical apps by typing something like this in xterm: $ firefox > /dev/null 2>&1 & or do you normally do something else that I've totally overlooked? (Again, this is about how people use stock default fvwm. If your answer begins with "install $this_other_launcher", it's probably not what I'm looking for, but thanks anyway.) I just do $ firefox in an xterm and let it start in that window. I have 9 windows available in the little floating window selector doohickey so one for firefox, one for Thunderbird, and mostly the rest for xterms. Jeff
Trace/BPT trap with casperjs on 6.4
After upgrading to 6.4 casperjs seems to be broken. % casperjs sample.js Trace/BPT trap This used to work fine with 6.3. Am I missing something obvious? Here's my dmesg: OpenBSD 6.4 (GENERIC.MP) #364: Thu Oct 11 13:30:23 MDT 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 1056817152 (1007MB) avail mem = 1015574528 (968MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf59a0 (9 entries) bios0: vendor SeaBIOS version "rel-1.11.0-0-g63451fca13-prebuilt.qemu-project.org" date 04/01/2014 bios0: QEMU Standard PC (i440FX + PIIX, 1996) acpi0 at bios0: rev 0 acpi0: sleep states S3 S4 S5 acpi0: tables DSDT FACP APIC HPET acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Common KVM processor, 2660.44 MHz, 0f-06-01 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,x2APIC,HV,NXE,LONG,LAHF,MELTDOWN cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 1000MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Common KVM processor, 2660.10 MHz, 0f-06-01 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,x2APIC,HV,NXE,LONG,LAHF,MELTDOWN cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu1: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu1: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu1: smt 0, core 1, package 0 ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins acpihpet0 at acpi0: 1 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0: C1(@1 halt!) acpicpu1 at acpi0: C1(@1 halt!) "ACPI0006" at acpi0 not configured acpicmos0 at acpi0 "PNP0A06" at acpi0 not configured "PNP0A06" at acpi0 not configured "PNP0A06" at acpi0 not configured "QEMU0002" at acpi0 not configured "ACPI0010" at acpi0 not configured pvbus0 at mainbus0: KVM pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02 pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00 pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility pciide0: channel 0 disabled (no drives) atapiscsi0 at pciide0 channel 1 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: ATAPI 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 0 int 11 piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03: apic 0 int 9 iic0 at piixpm0 vga1 at pci0 dev 2 function 0 "Bochs VGA" rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Memory" rev 0x00 viomb0 at virtio0 virtio0: apic 0 int 11 virtio1 at pci0 dev 10 function 0 "Qumranet Virtio Storage" rev 0x00 vioblk0 at virtio1 scsibus2 at vioblk0: 2 targets sd0 at scsibus2 targ 0 lun 0: SCSI3 0/direct fixed sd0: 3072MB, 512 bytes/sector, 6291456 sectors virtio1: msix shared virtio2 at pci0 dev 18 function 0 "Qumranet Virtio Network" rev 0x00 vio0 at virtio2: address 02:db:a7:f0:8d:52 virtio2: msix shared ppb0 at pci0 dev 30 function 0 "Red Hat Qemu PCI-PCI" rev 0x00 pci1 at ppb0 bus 1 ppb1 at pci0 dev 31 function 0 "Red Hat Qemu PCI-PCI" rev 0x00 pci2 at ppb1 bus 2 isa0 at pcib0 isadma0 at isa0 fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 pckbc0 at isa0 port 0x60/5 irq 1 irq 12 pckbd0 at pckbc0 (kbd slot) wskbd0 at pckbd0: console keyboard, using wsdisplay0 pms0 at pckbc0 (aux slot) wsmouse0 at pms0 mux 0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 configuration 1 interface 0 "Intel UHCI root hub" rev 1.00/1.00 addr 1 uhidev0 at uhub0 port 1 configuration 1 interface 0 "QEMU QEMU USB Tablet" rev 2.00/0.00 addr 2 uhidev0: iclass 3/0 ums0 at uhidev0: 3 buttons, Z dir wsmouse1 at ums0 mux 0 vscsi0 at root scsibus3 at vscsi0: 256 targets softraid0 at root scsibus4 at softraid0: 256 targets root on sd0a (51d03eeef9af3a89.a) swap on sd0b dump on sd0b fd0 at fdc0 drive 1: density unknown
Re: USB power management
Black electrical tape is my go to solution for those obnoxious flashing leds. Jeff On 6/12/18 12:17 PM, Thuban wrote: Hi, this might look as a stupid question, but I'm stuck and don't know where to look at this point. How would you disable an USB port? I would like to power off a USB drive (flashing blue LED at night) but keep it plugged, and power on when I need it. Any advice? Regards.
Cold / warm spare for OpenBSD server
Hello! I administer multiple OpenBSD machines which have been backing up via tar and sftp. I do have one server that is mission critical that I'd like to move to a more "warm" backup, perhaps using rsync. I already have a second server with the same hardware and OpenBSD version that is in a cold state but currently it would take some time to rebuild from the backup tars if something happened to the main server. I see this project as having two different stages. Because I've installed a lot of ports and packages outside of the base install, stage one would involve installing the same rev of OpenBSD on the redundant machine and having rsync sync everything (binaries, config, etc.) from production to the redundant machine. Then stage two would pare down the rsync config to only sync the dynamic data, like /var/mail, /etc configuration files and that kind of thing. My questions: Stage 1: sync the two machines so are initially identical. When syncing everything from existing to redundant machine in stage 1, what directories wouldn't need to be / shouldn't be synced? I suspect that /dev and /mnt probably shouldn't be synced and probably don't need to be synced if the server hardware and OS version is the same between machines. Likewise kernel files like /boot and /bsd probably don't need to be synced either unless upgrading the kernel for security patches. Are there other directories that shouldn't be or don't need to be synced? Stage 2: sync mail, /etc/passwd, etc. on a regular basis between the machines I need to mirror /etc, /var/mail, and any other directories with dynamically changing data. I'm not so concerned about logs so I probably won't sync all of /var. Similar to my question above, are there other directories that would have commonly changed data that I should be backing up on a semi-regular basis? Is rsync the best way to keep two OpenBSD servers in close sync with each other? Is rsync a reasonable way to initially mirror the installed ports and packages and configuration data from one machine to another? And is there a better way to go about having 2 servers in sync, one "hot" and one "warm"? Thanks! Jeff
Re: Options for dealing with DES crypt password file
I appreciate the suggestion but yeah, LDAP is totally overkill here. There's really only this one server that needs access to the auth info in the passwd file, so LDAP wouldn't really help me.
Re: Options for dealing with DES crypt password file
I completely understand. The running chainsaw analogy is pretty accurate here. OpenBSD is as secure as it is because you all remove as many chainsaws as possible. We needed to update those hashes anyway someday. I just wasn't expecting that day to be today. Thanks again! From: Theo de Raadt <dera...@openbsd.org> Sent: Thursday, January 11, 2018 12:49:33 PM To: Jeff Zimmerman Cc: misc@openbsd.org Subject: Re: Options for dealing with DES crypt password file > I was hoping that there was some hidden switch somewhere that would turn > the classic crypt back on. No such luck. That'd be like leaving a running chainsaw on the floor at a daycare center. When something is dangerous, we get rid of it.
Re: Options for dealing with DES crypt password file
I know, I'm ashamed to say that yes, this machine has been running (behind a restrictive firewall) for all of these years. I was hoping that there was some hidden switch somewhere that would turn the classic crypt back on. No such luck. But thank you for the quick response. I've been using OpenBSD for a lot of years and really appreciate your efforts Theo, and the efforts of everyone associated with the project. From: Theo de Raadt <dera...@openbsd.org> Sent: Thursday, January 11, 2018 12:29:59 PM To: Jeff Zimmerman Cc: misc@openbsd.org Subject: Re: Options for dealing with DES crypt password file > I've got an old server (OpenBSD 4.7 old) with a mixed bag of password hashes > in master.passwd. A majority of the passwords (hundreds) are old salted > DES crypt format. bummer > Am I correct in my research that everything but Blowfish was removed from > crypt() around OpenBSD 5.7? Are there any workarounds for me using the old > DES password hashes, or do we need to 'passwd ' for hundreds of users? There are no workarounds. The hashes cannot be reversed to make new passwords, and the legacy methods are removed intentionally because they are super weak You been running that on the internet? the shame!
Options for dealing with DES crypt password file
I've got an old server (OpenBSD 4.7 old) with a mixed bag of password hashes in master.passwd. A majority of the passwords (hundreds) are old salted DES crypt format. Am I correct in my research that everything but Blowfish was removed from crypt() around OpenBSD 5.7? Are there any workarounds for me using the old DES password hashes, or do we need to 'passwd ' for hundreds of users?
Re: Keeping up to date with ports and putting ports/pobj on wxallowed filesystem
On Thu, 9 Nov 2017 22:06:43 +0100 "Christoph R. Murauer" <n...@nawi.is> wrote: > If I understood your question correct ... > > > Running: OpenBSD6.2-release > > > > Goal: To run a secure and functional web server. > > (the server is currently up and running and used by > > the public at large) > > If there are security related patches or things needed to be fixed, > that the package works as it should, you can simple run pkg_add -iu Thanks for your replay Christoph. Please correct me if I'm wrong, but as I understand things, this only works if one is following OpenBSD-current. I am running -release. This is an in-use production server; I don't feel wise running -current. > You can add wxallowed to a already mounted filesystem using mount(8). In theory, I don't like this; I would rather keep preventing everything not mapped from /use/local from being able to have both writable and executeable pages, even if it's only temporary. > > Is it not worth it to update ports in this way; meaning, is it better > > to simply wait for OpenBSD6.3 and stick with binary packages only > > (as recommended on the openbsd.org site)? > > That depends on your requirements. See above. My answer also depends. Ideally, I'd want to jump on any update for any software for which a security advisory has been issued. Also, I do wish to track other non-critical updates to keep the server's software relatively up-to-date as not to fall behind; picking up performance and related enhancements in a bonus. In practice, at least for myself and my available time, this isn't always feasible (e.g. the ports tree doesn't have the latest software available as a port and it would also be a significant time commitment to build and install the software from the original source and successfully integrate it into OpenBSD.) For example, moving to php v7.1.11 or 7.2 fall into this category (see: http://www.securityfocus.com/bid/101745) . Looking at what the ports system has to do to make the php 7.0.23 package, I'd be spending my life getting 7.2 to build and work properly and I feel this is better left to those with more OpenBSD porting experience. Some software builds and integrates from original sources more easilym that is, the usual: ./configure {reasonable options} -> make -> make install procedure goes off withotu a hitch, or at least without too many edits. > > Also, is there an easy/sane way to remove packages that were only > > required for building once the ports have been updated? > > A port is a package. See make clean and so on for builded ports and > pkg_delete -a for packages. IMHO Who say, that something unneeded is > installed ? It also has no effect to the system if build deps. are > kept in the ports tree. I understand that the ports system first builds and packages a port, and then installs it. I could be doing something wrong, but it seems that some ports install dependencies to the system (pkg_add-style) that are required to *build* the package from source, but that aren't required to *run* the package (e.g. cmake). So, I definitely don't mind leaving the built packages in the ports tree, but I *do* mind leaving them installed on the system. -- Jeff <j...@grayspace.ca>
Re: Keeping up to date with ports and putting ports/pobj on wxallowed filesystem
On Thu, 9 Nov 2017 14:04:39 -0500 Jeff <j...@grayspace.ca> wrote: > Is it not worth it to update ports in this way; meaning, is it better > to simply wait for OpenBSD6.3 and stick with binary packages only > (as recommended on the openbsd.org site)? It is has been pointed out to me that my meaning here is unclear. I will attempt to clarify: openbsd.org says: The ports tree is meant for advanced users. Everyone is encouraged to use the pre-compiled binary packages. I do not imply that openbsd.org recommends waiting for the next release and not patching software. A better statement would possibly have been: Is it not worth it to update ports in this way; meaning, is it better to simply wait for OpenBSD6.3 and stick with binary packages? The openbsd.org site says: The ports tree is meant for advanced users. Everyone is encouraged to use the pre-compiled binary packages. I'm looking for the advice of those more experienced than myself. -- Jeff <j...@grayspace.ca>
Keeping up to date with ports and putting ports/pobj on wxallowed filesystem
Hello all, Is this the sane/correct thing to do? What is the impact? Running: OpenBSD6.2-release Goal: To run a secure and functional web server. (the server is currently up and running and used by the public at large) Previously: Only installing needed packages as binaries via pkg_add. Now: The thought is that the third-party packages being used by the server should be kept up to date. Ports tree via: $ cvs -qd anon...@anoncvs4.usa.openbsd.org:/cvs\ checkout -rOPENBSD_6_2 -P ports Problem: Some out of date packages found via 'out-of-date' e.g.: $ /usr/ports/infrastructure/bin/out-of-date ... Outdated ports: databases/mariadb,-main# 10.0.32v1 -> 10.0.33v1 databases/mariadb,-server # 10.0.32v1 -> 10.0.33v1 ... complain when running 'make update' (in this case mariadb). e.g.: Fatal: /usr/ports/pobj must be on a wxallowed filesystem\ (in lang/python/2.7) To solve this issue, this is what I've done: $cat /etc/mk.conf SUDO=/usr/bin/doas WRKOBJDIR=/usr/local/ports/pobj <--- (since /usr/local is on a wxallowed filesystem) Is this a rational solution to the problem? I'm somewhat regretting going this route as, unlike with pkg_add, building some ports from the tree pulls in more dependencies than via pkg_add (I am assuming that these are build dependencies and not run-time dependencies; please correct me if this is not so) Is it not worth it to update ports in this way; meaning, is it better to simply wait for OpenBSD6.3 and stick with binary packages only (as recommended on the openbsd.org site)? Also, is there an easy/sane way to remove packages that were only required for building once the ports have been updated? I'm loathe to do something like build the packages on another system and then install them as binary packages on the server; this seems like a lot of effort and, at least for myself might be prone to introduce other issues. Thank-you in advance; advice is appreciated. -- Jeff <j...@grayspace.ca>
Re: acme-client(1) and http_proxy
On 4/26/17 12:41 PM, Theo de Raadt wrote: I haven't seen anyone mention acme.sh yet--a shell script for letsencrypt with no external dependencies. https://github.com/Neilpang/acme.sh No external dependencies, and no security foundations. No privsep, no clear seperation. Using pretty much every unsafe pattern tied to security holes in the past. Using the openssl command *GO READ THAT CODE SOMETIME*, don't go read the libressl one, go read upstream openssl command source. No attempt at security. Just doing the job, and assuming every mistake later can be It's like constructing jetliners from foundational components, and by that I mean sticks and stones. I'm sorry, but I don't get it. It is crazy to recommend something that hasn't been STUDIED to ensure it dutifully tries to only perform the task and creates no new risk. Always good to hear from you, Theo! acme.sh does not require root/sudoer access. For sure I run it as an unprivileged user and hope you do as well! Jeff
Re: acme-client(1) and http_proxy
On 4/26/17 11:02 AM, Stuart Henderson wrote: On 2017-04-25, Adam Thompson <athom...@athompso.net> wrote: On 2017-04-25 05:27, Stuart Henderson wrote: * If you want to do dns-01 challenge with acme-client, you'll need to use Kristaps' version for now, base acme-client only supports the standard http challenge type. The UI isn't the simplest; use '-t dns-01', then it outputs "dns-01 domainname token.key", then you convert token.key into a suitable format for a DNS TXT record: "echo -n token.key | sha256 -b | tr -d = | tr + - | tr / _" Get the record to the nameserver, then send the whole "dns-01 domainname token.key" line back to acme-client, and cross fingers. If there are too many errors you'll lock yourself out for a period, so test with the staging server first. I haven't seen anyone mention acme.sh yet--a shell script for letsencrypt with no external dependencies. https://github.com/Neilpang/acme.sh It was trivial for me to write a dns api script for djbdns--very handy to have to bootstrap a new domain without previously setting up http in apache2 first. I'd send that out to anyone interested--ask me off list. Jeff
Re: Bad kernel for OpenBSD 6.1 sparc64 ?
On Sun, 23 Apr 2017, Stefan Sperling wrote: > On Sat, Apr 22, 2017 at 04:31:02PM -0600, Jeff wrote: > > Booting from sr0a seemed to do the trick to get my system upgraded to > > 6.1. Unfortunately, it's now panicing frequently with, "panic: > > psycho0: uncorrectable DMA error" but on different commands each time. > > Please follow the steps in https://www.openbsd.org/report.html > In the past we have found bugs in drivers where the hardware ends up > doing an out of bounds access during DMA transactions. On most platforms > those bugs don't get noticed but psycho on sparc64 is catching them > which results in this panic. Due to the criticality of my system, I installed 6.1 from scratch on a spare V120. That system seems to be working great. I was going to wait a few days and rebuild the first system to try and determine if it has a hardware issue but I'll wait and submit a bug report first. > > Question: After upgrading to 6.1, it's still booting with "OpenBSD > > BOOT 1.7" but I noticed when booting from the burned install61.iso > > CD, it reports BOOT 1.9. I tried running "installboot sd2" but > > there's no change. Is there another method I'm overlooking to > > update the boot image? > > Is sd2 your softraid disk? What does installboot -n -v sd2 say? > # installboot -n -v sd2 Using / as root would install bootstrap on /dev/rsd2c using first-stage /usr/mdec/bootblk, second-stage /usr/mdec/ofwboot boot block is 5840 bytes (12 blocks @ 512 bytes = 6144 bytes) sd2: softraid volume with 2 disk(s) sd0d: installing boot blocks on /dev/rsd0c would write boot block to disk /dev/rsd0c sd1d: installing boot blocks on /dev/rsd1c would write boot block to disk /dev/rsd1c # ls -l /usr/mdec total 428 -rw-r--r-- 1 root bin5840 Apr 1 16:21 bootblk -r--r--r-- 1 root bin 101048 Apr 1 16:21 ofwboot -r--r--r-- 1 root bin 53608 Apr 1 16:21 ofwboot.net -r--r--r-- 1 root bin 53320 Apr 1 16:21 ofwbootfd Based on the timestamps, things seem to be in order. Thanks! -Jeff
Re: Bad kernel for OpenBSD 6.1 sparc64 ?
On Fri, 21 Apr 2017, Jeff wrote: > On Fri, 21 Apr 2017, Stefan Sperling wrote: > > > On Thu, Apr 20, 2017 at 06:13:47PM -0600, Jeff wrote: > > > Hi, > > > > > > I have a Sunfire V120 (Sparc) with mirrored disks running OpenBSD 6.0. > > > I attempted to update to OpenBSD 6.1 using the files first from: > > > > > > http://mirrors.sonic.net/pub/OpenBSD/6.1/sparc64 > > > > > > Then from: > > > > > > https://ftp3.usa.openbsd.org/pub/OpenBSD/6.1/sparc64 > > > > > > First I tried to copy bsd.rd to / and boot from it. When I boot > > > using 6.1 bsd.rd (boot /bsd.rd), the boot messages still show > > > OpenBSD 6.0. > > > > Did you actually type '/boot bsd.rd'? > > When booting from softraid you need to pass the virtual 'sr' drive > > as part of the boot path. Try again with: boot sr0a:/bsd.rd > > > > >From the boot_sparc64(8) man page: > > > > To boot from a softraid(4) volume by default, boot-device must be set > > to > > a disk device hosting a chunk of the softraid volume: > > > >ok setenv boot-device disk0 > > > > and boot-file must contain the (sr) device name of the softraid volume > > and optionally a partition letter and/or kernel: > > > >ok setenv boot-file sr0a:/bsd > > > > Hi Stefan, > > Thanks! > > I must have missed that man page when I originally installed 6.0. > Booting with sr0a:/bsd* did work but it took a much longer time > loading the symbols with both bsd & bsd.rd. I'll be sure to read > that man page and try again later today after I'm done working (in > case I muck it up again). > > Using a non-standard name for the bsd.rd file seems to help clarify > things. > > ok printenv boot-device > boot-device = disk1:a /pci@1f,0/pci@1/scsi@8/disk@1,0:a > > ok boot disk1:a /bsd.rd.61 > ... > Executing last command: boot disk1:a /bsd.rd.61 > Boot device: /pci@1f,0/pci@1/scsi@8/disk@1,0:a File and args: > /bsd.rd.61 > OpenBSD IEEE 1275 Bootblock 1.4 > ..>> OpenBSD BOOT 1.7 > Can't read disk label. > Can't open disk label package > Drive not ready > Can't read disk label. > Can't open disk label package > sr0* > open /pci@1f,0/pci@1/scsi@8/disk@1,0:a/etc/random.seed: No such file or > directory > open /pci@1f,0/pci@1/scsi@8/disk@1,0:a/bsd.rd.61: No such file or directory > > Boot: > > lom> reset > > ok boot sr0a:/bsd.rd.61 > Boot device: /pci@1f,0/pci@1/scsi@8/disk@1,0:a File and args: > sr0a:/bsd.rd.61 > OpenBSD IEEE 1275 Bootblock 1.4 > ..>> OpenBSD BOOT 1.7 > Can't read disk label. > Can't open disk label package > Drive not ready > Can't read disk label. > Can't open disk label package > sr0* > Booting sr0:a/bsd.rd.61 > 4045496@0x100+1352@0x13dbab8+3251904@0x180+942400@0x1b19ec0 > symbols @ 0xfff42300 120 start=0x100 > console is /pci@1f,0/pci@1,1/isa@7/serial@0,3f8 > Copyright (c) 1982, 1986, 1989, 1991, 1993 >The Regents of the University of California. All rights reserved. > Copyright (c) 1995-2017 OpenBSD. All rights reserved. > https://www.OpenBSD.org > OpenBSD 6.1 (RAMDISK) #55: Sat Apr 1 17:41:52 MDT 2017 > dera...@sparc64.openbsd.org:/usr/src/sys/arch/sparc64/compile/RAMDISK > > Hi, Booting from sr0a seemed to do the trick to get my system upgraded to 6.1. Unfortunately, it's now panicing frequently with, "panic: psycho0: uncorrectable DMA error" but on different commands each time. I know this is old hardware so I'm trying to swap out hardware to see if it's hardware related but it's been pretty stable until I attempted to upgrade from 6.0. Thus far, I've swapped out the DIMMs. I think I'm going to try installing 6.1 on a spare V120 partially to see if I still have issues and partially to have a backup system. Question: After upgrading to 6.1, it's still booting with "OpenBSD BOOT 1.7" but I noticed when booting from the burned install61.iso CD, it reports BOOT 1.9. I tried running "installboot sd2" but there's no change. Is there another method I'm overlooking to update the boot image? Thanks! -Jeff
Re: Bad kernel for OpenBSD 6.1 sparc64 ?
On Fri, 21 Apr 2017, Stefan Sperling wrote: > On Thu, Apr 20, 2017 at 06:13:47PM -0600, Jeff wrote: > > Hi, > > > > I have a Sunfire V120 (Sparc) with mirrored disks running OpenBSD 6.0. > > I attempted to update to OpenBSD 6.1 using the files first from: > > > > http://mirrors.sonic.net/pub/OpenBSD/6.1/sparc64 > > > > Then from: > > > > https://ftp3.usa.openbsd.org/pub/OpenBSD/6.1/sparc64 > > > > First I tried to copy bsd.rd to / and boot from it. When I boot > > using 6.1 bsd.rd (boot /bsd.rd), the boot messages still show > > OpenBSD 6.0. > > Did you actually type '/boot bsd.rd'? > When booting from softraid you need to pass the virtual 'sr' drive > as part of the boot path. Try again with: boot sr0a:/bsd.rd > > >From the boot_sparc64(8) man page: > > To boot from a softraid(4) volume by default, boot-device must be set to > a disk device hosting a chunk of the softraid volume: > >ok setenv boot-device disk0 > > and boot-file must contain the (sr) device name of the softraid volume > and optionally a partition letter and/or kernel: > >ok setenv boot-file sr0a:/bsd > Hi Stefan, Thanks! I must have missed that man page when I originally installed 6.0. Booting with sr0a:/bsd* did work but it took a much longer time loading the symbols with both bsd & bsd.rd. I'll be sure to read that man page and try again later today after I'm done working (in case I muck it up again). Using a non-standard name for the bsd.rd file seems to help clarify things. ok printenv boot-device boot-device = disk1:a /pci@1f,0/pci@1/scsi@8/disk@1,0:a ok boot disk1:a /bsd.rd.61 ... Executing last command: boot disk1:a /bsd.rd.61 Boot device: /pci@1f,0/pci@1/scsi@8/disk@1,0:a File and args: /bsd.rd.61 OpenBSD IEEE 1275 Bootblock 1.4 ..>> OpenBSD BOOT 1.7 Can't read disk label. Can't open disk label package Drive not ready Can't read disk label. Can't open disk label package sr0* open /pci@1f,0/pci@1/scsi@8/disk@1,0:a/etc/random.seed: No such file or directory open /pci@1f,0/pci@1/scsi@8/disk@1,0:a/bsd.rd.61: No such file or directory Boot: lom> reset ok boot sr0a:/bsd.rd.61 Boot device: /pci@1f,0/pci@1/scsi@8/disk@1,0:a File and args: sr0a:/bsd.rd.61 OpenBSD IEEE 1275 Bootblock 1.4 ..>> OpenBSD BOOT 1.7 Can't read disk label. Can't open disk label package Drive not ready Can't read disk label. Can't open disk label package sr0* Booting sr0:a/bsd.rd.61 4045496@0x100+1352@0x13dbab8+3251904@0x180+942400@0x1b19ec0 symbols @ 0xfff42300 120 start=0x100 console is /pci@1f,0/pci@1,1/isa@7/serial@0,3f8 Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2017 OpenBSD. All rights reserved. https://www.OpenBSD.org OpenBSD 6.1 (RAMDISK) #55: Sat Apr 1 17:41:52 MDT 2017 dera...@sparc64.openbsd.org:/usr/src/sys/arch/sparc64/compile/RAMDISK
Bad kernel for OpenBSD 6.1 sparc64 ?
Hi, I have a Sunfire V120 (Sparc) with mirrored disks running OpenBSD 6.0. I attempted to update to OpenBSD 6.1 using the files first from: http://mirrors.sonic.net/pub/OpenBSD/6.1/sparc64 Then from: https://ftp3.usa.openbsd.org/pub/OpenBSD/6.1/sparc64 First I tried to copy bsd.rd to / and boot from it. When I boot using 6.1 bsd.rd (boot /bsd.rd), the boot messages still show OpenBSD 6.0. I selected update, selected my mirrored boot/root device but it would only give options to update bsd, bsd.rd & bsd.mp. I selected http and it defaulted to a URL that had /6.0/ in the path. I changed it to 6.1 but it wouldn't list any of the *61.tgz files. After rebooting normally (using the new /bsd), it would still show that I'm running 6.0 (and BOOT 1.7). Then I tried burning the install61.iso to a CD and booting from it. The boot messages would show OpenBSD 6.1 (and BOOT 1.9) and it gave me the option of updating with the *61.tgz files. Everything seemed to install just fine. However, upon rebooting with /bsd, the boot messages showed I was still running 6.0 (and BOOT 1.7). To make matters worse, my IP filters wouldn't load yielding the error: pfctl: DIOCADDRULE: Operation not supported by device Also, pkg_add -u gave the following error: Couldn't find updates for bash-4.3.46 gettext-0.19.7 libiconv-1.14p3 libidn-1.32p1 libpsl-0.13.0 libunistring-0.9.7 pcre-8.38p0 pkglocatedb-1.2 sudo-1.8.17.1 vim-7.4.1467p1-no_x11 wget-1.18 This, of course, broke internet access from my internal network. I tried upgrading again from the CD and also tried manually upgrading using the manual upgrade steps. All this still resulted in the above error. I finally decided to roll back by following the manual update steps but with the files from the install60.iso media. My firewall rules are working again. Could there be something wrong with the kernel files (bsd, bsd.rd) available for the OpenBSD 6.1 sparc64 release or am I missing a step? Thanks! -Jeff P.S. As an aside, after downgrading to 6.0, I ran add_pkg -u but forgot to change the URL in my /etc/pkg.conf back to 6.0 from 6.1. I let the packages install but should I do a full manual rollback to 6.0 before reattempting another 6.1 upgrade?
Re: PostgreSQL problem with mod_perl2 and Apache2
On 3/19/17 8:26 PM, Chris Bennett wrote: I have been switching over to mod_perl2 and Apache2. I finally found some good info to fill in the blanks. Sigh. Everything seems to be pulling into place fine, but I may still have some stuff messed up or should I upgrade to a fresher snap? OpenBSD 6.1-beta (GENERIC.MP) #220: Thu Mar 9 06:40:02 MST 2017 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 4277862400 (4079MB) avail mem = 4143546368 (3951MB) I can send a full dmesg if helpful. I am running Apache2 error_log at debug. I get this message, is it important? [Sun Mar 19 21:04:41.049481 2017] [core:notice] [pid 45788] AH00052: child pid 17244 exit signal Bus error (10) But I get a 500 error on a perfectly good page. Stopping and restarting PostgreSQL fixes problem. [Sun Mar 19 20:53:33.137631 2017] [perl:error] [pid 4540] [client 192.168.0.8:42252] DBI connect('dbname=benconphotos;host=127.0.0.1;port=5432','bencon',...) failed: FATAL: sorry, too many clients already at /usr/local/libdata/perl5/site_perl/MyPerl/PortableBuildingsGuide.pm line 59.\n, referer: http://192.168.0.8/customer/portable_buildings/Metal_Roofing.html This occurs randomly on any page. I am not running Firefox 52 yet. I am the only client, so that isn't the problem. I added kern.seminfo.semmni=60 # PostgreSQL kern.seminfo.semmns=1024# PostgreSQL Could the fact that I don't have crap for memory be the problem? Any help appreciated! Chris Bennett I use this on a server with 8G ram: # For PostgreSQL Port kern.seminfo.semmni=512 kern.seminfo.semmns=4096 kern.shminfo.shmall=65536 kern.shminfo.shmmax=536870912 But the error suggests that you are making too many connections to postgres. What is max_connections in postgresql.conf set to? By default is is set at 100--I have mine set at: jross@luna:/home/jross $ psql -d template1 Null display is "NULL". Timing is on. psql (9.5.3) Type "help" for help. jross@template1 localhost# show max_connections; max_connections - 80 (1 row) Time: 0.643 ms and this is a fairly busy webserver running apache2 (no mode_perl though). If you really are running out of connections (check the postgres logs to make sure) I'd suggest adding a connection pooler like pgbouncer in front of postgres rather than just blindly bumping up max_connections. Jeff
Re: Making sense of ktrace
On 11/23/16 8:25 PM, Jeremie Courreges-Anglas wrote: "Andy Bradford" <amb-open...@bradfords.org> writes: Thus said Jeff Ross on Wed, 23 Nov 2016 15:42:08 -0700: The stack may indeed be too damaged--I get the following but it doesn't look very helpful: More likely the symbols were stripped. Assuming this was installed from sources, edit conf-cc and add -g, then edit conf-ld and remove the -s: $ head -1 conf-cc cc -O2 -g $ head -1 conf-ld cc Better add -g here too. $ Then recompile and try again (e.g. get a new core file and run gdb again). Andy I made the change to conf-cc and conf-ld and indeed, I got a core file that showed the source and the point of failure. Thanks Andy and Jeremie! Jeff
Re: Making sense of ktrace
On 11/23/16 1:16 PM, Otto Moerbeek wrote: On Wed, Nov 23, 2016 at 12:37:12PM -0700, Jeff Ross wrote: Hi all, I've got a program that seg faults on OpenBSD 6.0 AMD64 release that runs fine on 5.9 i386. I'm checking to see if will also run on 5.9 AMD64 right now but it doesn't appear to be w^x related. To be sure I've mounted that partition with wxallowed. Here are the last few lines from kdump--would sure appreciate it if someone could shed some light on what's happening. 47868 fastforward CALL mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0) 47868 fastforward RET mmap 9049032314880/0x83ae45b5000 47868 fastforward CALL mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0) 47868 fastforward RET mmap 9049215606784/0x83aef482000 47868 fastforward CALL mmap(0,0xa000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0) 47868 fastforward RET mmap 9047796883456/0x83a9ab82000 47868 fastforward CALL mprotect(0x83b09fd2000,0x1000,0x1) 47868 fastforward RET mprotect 0 47868 fastforward CALL munmap(0x83a9ab82000,0xa000) 47868 fastforward RET munmap 0 47868 fastforward CALL mprotect(0x83870f07000,0x1000,0x1) 47868 fastforward RET mprotect 0 47868 fastforward CALL getthrid() 47868 fastforward RET getthrid 1047868/0xffd3c 47868 fastforward CALL __set_tcb(0x83b14ce3600) 47868 fastforward RET __set_tcb 0 47868 fastforward CALL mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0) 47868 fastforward RET mmap 9049102131200/0x83ae884a000 47868 fastforward CALL mprotect(0x83ae884a000,0x1000,0x1) 47868 fastforward RET mprotect 0 47868 fastforward CALL mprotect(0x83ae884a000,0x1000,0x3<PROT_READ|PROT_WRITE>) 47868 fastforward RET mprotect 0 47868 fastforward CALL mprotect(0x83ae884a000,0x1000,0x1) 47868 fastforward RET mprotect 0 47868 fastforward CALL sigaction(SIGPIPE,0x7f7cdec0,0) 47868 fastforward STRU struct sigaction { handler=SIG_IGN, mask=0<>, flags=0<> } 47868 fastforward RET sigaction 0 47868 fastforward PSIG SIGSEGV SIG_DFL code SEGV_MAPERR<1> addr=0x71008620 trapno=6 47868 fastforward NAMI "fastforward.core" The program is aborted by a SIGSEGV. Thta means it is accessing a memory location that is not allocated by the program. I've re-compiled this also with what I found on the internet to make a core file that gdb can use but that's even more of a mystery to me than ktrace. Is there a better debugger that I can use? Thanks, Jeff Ross $ gdb fastforward fastforward.core then type the command bt, should give you some clue, if the stack isn't damaged too much. -Otto Thank you, Otto! The stack may indeed be too damaged--I get the following but it doesn't look very helpful: jross@luna:/package/mail/sqmail/sqmail-3.2.13 $ sudo gdb /var/qmail/bin/fastforward fastforward.core GNU gdb 6.3 Copyright 2004 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "amd64-unknown-openbsd6.0"...(no debugging symbols found) Core was generated by `fastforward'. Program terminated with signal 11, Segmentation fault. (no debugging symbols found) Loaded symbols for /var/qmail/bin/fastforward Reading symbols from /usr/lib/libc.so.88.0...done. Loaded symbols for /usr/lib/libc.so.88.0 Reading symbols from /usr/libexec/ld.so...done. Loaded symbols for /usr/libexec/ld.so #0 0x0115d4803035 in ?? () from /var/qmail/bin/fastforward (gdb) bt #0 0x0115d4803035 in ?? () from /var/qmail/bin/fastforward #1 0x0115d4802545 in ?? () from /var/qmail/bin/fastforward #2 0x0115d48015f2 in ?? () from /var/qmail/bin/fastforward #3 0x in ?? () (gdb) I built fastforward with cc -g -O0 -include /usr/include/errno.h -pipe is there a better incantation? Thanks again! Jeff
Making sense of ktrace
Hi all, I've got a program that seg faults on OpenBSD 6.0 AMD64 release that runs fine on 5.9 i386. I'm checking to see if will also run on 5.9 AMD64 right now but it doesn't appear to be w^x related. To be sure I've mounted that partition with wxallowed. Here are the last few lines from kdump--would sure appreciate it if someone could shed some light on what's happening. 47868 fastforward CALL mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0) 47868 fastforward RET mmap 9049032314880/0x83ae45b5000 47868 fastforward CALL mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0) 47868 fastforward RET mmap 9049215606784/0x83aef482000 47868 fastforward CALL mmap(0,0xa000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0) 47868 fastforward RET mmap 9047796883456/0x83a9ab82000 47868 fastforward CALL mprotect(0x83b09fd2000,0x1000,0x1) 47868 fastforward RET mprotect 0 47868 fastforward CALL munmap(0x83a9ab82000,0xa000) 47868 fastforward RET munmap 0 47868 fastforward CALL mprotect(0x83870f07000,0x1000,0x1) 47868 fastforward RET mprotect 0 47868 fastforward CALL getthrid() 47868 fastforward RET getthrid 1047868/0xffd3c 47868 fastforward CALL __set_tcb(0x83b14ce3600) 47868 fastforward RET __set_tcb 0 47868 fastforward CALL mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0) 47868 fastforward RET mmap 9049102131200/0x83ae884a000 47868 fastforward CALL mprotect(0x83ae884a000,0x1000,0x1) 47868 fastforward RET mprotect 0 47868 fastforward CALL mprotect(0x83ae884a000,0x1000,0x3<PROT_READ|PROT_WRITE>) 47868 fastforward RET mprotect 0 47868 fastforward CALL mprotect(0x83ae884a000,0x1000,0x1) 47868 fastforward RET mprotect 0 47868 fastforward CALL sigaction(SIGPIPE,0x7f7cdec0,0) 47868 fastforward STRU struct sigaction { handler=SIG_IGN, mask=0<>, flags=0<> } 47868 fastforward RET sigaction 0 47868 fastforward PSIG SIGSEGV SIG_DFL code SEGV_MAPERR<1> addr=0x71008620 trapno=6 47868 fastforward NAMI "fastforward.core" I've re-compiled this also with what I found on the internet to make a core file that gdb can use but that's even more of a mystery to me than ktrace. Is there a better debugger that I can use? Thanks, Jeff Ross
Re: Redirect all traffic to new server
On 10/31/16 11:48 AM, Jeff Ross wrote: On 10/31/16 7:54 AM, Jan Stary wrote: On Oct 30 11:28:55, jr...@openvistas.net wrote: Hi all, I'm moving to a new server hosted at m5 and I'm ready to pull the trigger on making the switch. In the past doing this sort of move I've run into dns update delays--even with the ttl on my dns set to 300, there is a lot of e-mail especially that continues to attempt to deliver to the old server long after the dns update has taken place. It seems like I should be able to use pf to redirect all inbound traffic except ssh to the new server. I tried redirecting web traffic as a test with the following rule in pf.conf: #pass all non-ssl web traffic to luna pass in quick proto tcp to port www rdr-to luna.openvistas.net port 80 but that doesn't work--the connection never completes. httpd is for sure working on the new server--I've been using an /etc/hosts file to test from my home Mac and the web sites all work fine. The rule references the name. Are you sure it resolves to the new address already? Would it be safer to just hardcode the IP address for the transition? Also, this is probably not your _entire_ pf.conf For example, there is no rule letting the redirected packet out. Jan Yes, the domain name resolves. I followed the example that Philipp pointed me toward and that fixed the issue of redirecting web traffic. Thanks for the reply! Jeff Update: I found a tutorial on relayd on calomel.org that helped me better understand relayd. I know full what what the openbsd community thinks (and rightfully so most of the time) about these sorts of articles and how fast they become outdated and worthless but this one helped me better understand relayd. https://calomel.org/relayd.html Based on that, I saw that I needed a very simple TCP port relay. This relayd.conf file redirected all web traffic from my existing server to the new server hosted at m5: ## Macros # varley_addr="64.85.162.217" luna_addr="207.158.15.155" www="80" ## TCP port relay and forwarder # protocol "tcp_service" { tcp { nodelay, socket buffer 65536 } } relay "www_forwarder" { listen on $varley_addr port $www protocol "tcp_service" forward to $luna_addr port $www } I will also note that the relayd.conf man page also has all of this information--see the second relay example--and now that I better understand relayd as a whole the rest of the man page makes more sense as well. I've further extended my initial configuration to include smtp, smtps, submission and imaps with this configuration: prefork 10 ## Macros # varley_addr="64.85.162.217" luna_addr="207.158.15.155" www="80" smtp="25" imaps="993" smtps="465" submission="587" ## TCP port relay and forwarder # protocol "tcp_service" { tcp { nodelay, socket buffer 65536 } } relay "www_forwarder" { listen on $varley_addr port $www protocol "tcp_service" forward to $luna_addr port $www } relay "smtp_forwarder" { listen on $varley_addr port $smtp protocol "tcp_service" forward to $luna_addr port $smtp } relay "imaps_forwarder" { listen on $varley_addr port $imaps protocol "tcp_service" forward to $luna_addr port $imaps } relay "smtps_forwarder" { listen on $varley_addr port $smtps protocol "tcp_service" forward to $luna_addr port $smtps } relay "submission_forwarder" { listen on $varley_addr port $submission protocol "tcp_service" forward to $luna_addr port $submission } relayd -n -f /etc/relayd.conf says the configuration is OK so after peak business hours for my clients I'll turn on relayd and see what happens. If you are familiar with relayd and see something wrong with my configuration, please chime in. I'll report success and any possible glitches I run across for the archives. Thanks for your help and for reading! Jeff Ross
Re: Redirect all traffic to new server
On 10/31/16 7:54 AM, Jan Stary wrote: On Oct 30 11:28:55, jr...@openvistas.net wrote: Hi all, I'm moving to a new server hosted at m5 and I'm ready to pull the trigger on making the switch. In the past doing this sort of move I've run into dns update delays--even with the ttl on my dns set to 300, there is a lot of e-mail especially that continues to attempt to deliver to the old server long after the dns update has taken place. It seems like I should be able to use pf to redirect all inbound traffic except ssh to the new server. I tried redirecting web traffic as a test with the following rule in pf.conf: #pass all non-ssl web traffic to luna pass in quick proto tcp to port www rdr-to luna.openvistas.net port 80 but that doesn't work--the connection never completes. httpd is for sure working on the new server--I've been using an /etc/hosts file to test from my home Mac and the web sites all work fine. The rule references the name. Are you sure it resolves to the new address already? Would it be safer to just hardcode the IP address for the transition? Also, this is probably not your _entire_ pf.conf For example, there is no rule letting the redirected packet out. Jan Yes, the domain name resolves. I followed the example that Philipp pointed me toward and that fixed the issue of redirecting web traffic. Thanks for the reply! Jeff
Re: Redirect all traffic to new server
On 10/31/16 12:10 AM, Philipp Buehler wrote: Am 30.10.2016 18:28 schrieb Jeff Ross: It seems like I should be able to use pf to redirect all inbound traffic except ssh to the new server. I tried redirecting web traffic as a test with the following rule in pf.conf: #pass all non-ssl web traffic to luna pass in quick proto tcp to port www rdr-to luna.openvistas.net port 80 I just assume that the incoming interface is the same that would be needed to reach luna.openvistas.net? If so, please see pf.conf(5) in Translation/rdr-to along the 'received-on' example. The rdr-to (as of now) will likely send the SYN to the the desired address, but the src-ip-address will still be of the initial one ("browser") and thus the SYN-ACK (emitted from luna) goes there where it'll be ignored for not being legit. The example with received-on will fix this. HTH, That worked--I'll try to extend that for the other types of traffic I have on the existing server. Thanks! Jeff
Redirect all traffic to new server
Hi all, I'm moving to a new server hosted at m5 and I'm ready to pull the trigger on making the switch. In the past doing this sort of move I've run into dns update delays--even with the ttl on my dns set to 300, there is a lot of e-mail especially that continues to attempt to deliver to the old server long after the dns update has taken place. It seems like I should be able to use pf to redirect all inbound traffic except ssh to the new server. I tried redirecting web traffic as a test with the following rule in pf.conf: #pass all non-ssl web traffic to luna pass in quick proto tcp to port www rdr-to luna.openvistas.net port 80 but that doesn't work--the connection never completes. httpd is for sure working on the new server--I've been using an /etc/hosts file to test from my home Mac and the web sites all work fine. This morning it occurred to me that this could probably be done better with relayd. I read (and re-read) the relayd man pages but I'll be the first to admit that this sort of networking is not my cup of tea and I really don't want to botch this. Would relayd be the correct solution to redirect all traffic except ssh to my new server? If so, a clue-by-four as to what to put in relayd.conf would be greatly appreciated! Thanks, Jeff Ross
Re: i386 or amd64?
On 9/21/16 2:15 PM, Christian Weisgerber wrote: On 2016-09-20, Jeff Ross <jr...@openvistas.net> wrote: Subject: i386 or amd64? If the hardware supports it, run amd64. If I have 8GB, I for sure want to use it all. You will need amd64 for that. But even if you have less memory, the larger address space is beneficial. Also, AES-NI support is only implemented for amd64. And some crypto algorithms are just faster on 64 bits. amd64 has this caveat: "(Some Intel processors lack support for important PAE NX bit, which means those machines will run without any W^X support -- it is thus safer to run those machines in i386 mode)." That is true but very misleading. It concerns only some rare early CPUs. The only ones I can find in Wikipedia's lists of Intel CPUs are the "Nocona" Xeons from 2004. I have now removed that caveat from the page. Hello and thanks to all that responded! I'll install amd64 on my server--it is being configured right now. dmesg to follow. Thank you naddy for clarifying the amd64.html page and making OpenBSD's already superb documentation even better. Jeff
i386 or amd64?
Hi all, I've had a server with corenetworks for quite a few years now but after changes at corenetworks (their recent name change after acquisition by another company, no current servers available, no communication about the change of ownership with existing customers and an email exchange with sales@), I've decided it is best jump ship now rather than wait for a hard and possibly immediate deadline. I've just rented a server with 8GB of ram from m5hosting (based in large part from the many recommendations I read while searching misc@ on marc.info). Now the question is: i386 which is what I've always run on my 2 GB ram server, or amd64? http://www.openbsd.org/amd64.html and http://www.openbsd.org/i386.html are curiously silent on the amount of ram that can be accessed. If I have 8GB, I for sure want to use it all. I know there was a time when i386 was limited to the amount of ram it can access (32 bit) but now amd64 has this caveat: "(Some Intel processors lack support for important PAE NX bit, which means those machines will run without any W^X support -- it is thus safer to run those machines in i386 mode)." How does this fit with the recent work in 6.0+? How can I tell if the Xeon 3220 processor has the PAE NX bit? I see nothing in the tech sheet about PAE NX. http://ark.intel.com/products/28034/Intel-Xeon-Processor-X3220-8M-Cache-2_40-GHz-1066-MHz-FSB I have a little less than 2 weeks to make the transition so not a lot of time for install and try. Thanks in advance for any suggestions--dmesgs supplied once I get access. Jeff Ross Open Vistas Networking
Installing php-5.6.18-ap2 alongside php.5.6.18
Hi all, Running 5.9 and preparing for moving to apache2 in advance of 6.0. I'm running apache-httpd-openbsd-1.3.20140502p6 currently with php-5.6.18 and quite a few php modules. I'm trying to get apache-httpd-2.4.18p1 running on port 81 so I can test all of my vhosts before I pull the plug on apache-httpd-openbsd. Is it possible to install php-5.6.18-ap2 at the same time as php-5.6.18 without building from source? I've tried sudo pkg_add -B /usr/local/apache2/ php-5.6.18-ap2 but that fails: #pkg_add -B /usr/local/apache2/ php-5.6.18-ap2 Can't install php-5.6.18-ap2 because of conflicts (php-5.6.18) --- php-5.6.18-ap2 --- Can't install php-5.6.18-ap2: conflicts If I have to build from source to test that's okay--just hoping for a pointer to a quicker method that isn't yet obvious to me. Thanks, Jeff Ross
Re: [OT] Cloud storage accessible via sftp or rsync/ssh?
On 7/20/16 8:31 AM, Sam Hays wrote: 2016-07-20 11:27 GMT+02:00 John Long <codeb...@inbox.lv>: Can anybody recommend a good cloud storage provider that has access via sftp or rsync tunneled through ssh? Everything I have found seems targeted at Windows, Linux, phones etc. with no platform-agnostic interface. Consider AWS / S3? I believe there is an OpenBSD port for aws-cli. I do realize this isn't 1:1 for what you asked, hard to beat the pricing and flexibility, though. Sam s3cmd is a python script that includes the ability to "sync" directories and S3 buckets. Not quite rsync but close. I use it to sync a local directory on my server storing level 0 through 7 dump files with an S3 bucket. Works great, easy to script. https://sourceforge.net/projects/s3tools/files/s3cmd/ For easy, graphical access to your S3 buckets, try S3 Organizer (used to be s3fox), a firefox extension. Jeff
Re: syslogd on 6.0-beta
Hi Tim, I await with bated breath to see where the problem is--can't be because the version of OpenBSD is too old. Jeff On 5/25/16 4:54 PM, trondd wrote: On Wed, May 25, 2016 6:39 pm, Jeff Ross wrote: Hello again, syslogd doesn't actually work for me on 6.0-beta either. OpenBSD 6.0-beta (GENERIC.MP) #1768: Wed May 18 12:01:43 MDT 2016 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP I had been running a May 16th snapshot and didn't have a problem that I noticed. I just now updated to a May 25th snapshot and still don't have this problem. Tim.
syslogd on 6.0-beta
63699 logger RET mprotect 0 63699 logger CALL mprotect(0x2a9f3000,0x1000,0x1) 63699 logger RET mprotect 0 63699 logger CALL munmap(0x87d73000,0x5000) 63699 logger RET munmap 0 63699 logger CALL mprotect(0x3bc51000,0x190,0x3<PROT_READ|PROT_WRITE>) 63699 logger RET mprotect 0 63699 logger CALL mprotect(0x1bc51000,0x125d,0x7<PROT_READ|PROT_WRITE|PROT_EXEC>) 63699 logger RET mprotect 0 63699 logger CALL mprotect(0x3bc51000,0x190,0x1) 63699 logger RET mprotect 0 63699 logger CALL mprotect(0x1bc51000,0x125d,0x5<PROT_READ|PROT_EXEC>) 63699 logger RET mprotect 0 63699 logger CALL mprotect(0x3bc53000,0x1000,0x1) 63699 logger RET mprotect 0 63699 logger CALL mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0) 63699 logger RET mmap 2146504704/0x7ff11000 63699 logger CALL mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0) 63699 logger RET mmap -2061213696/0x85246000 63699 logger CALL getthrid() 63699 logger RET getthrid 1063699/0x103b13 63699 logger CALL __set_tcb(0x7ff11640) 63699 logger RET __set_tcb 0 63699 logger CALL kbind(0xcf7ef088,12,0xe755f07f323e9b25) 63699 logger RET kbind 0 63699 logger CALL mmap(0,0x1000,0x3<PROT_READ|PROT_WRITE>,0x1002<MAP_PRIVATE|MAP_ANON>,-1,0) 63699 logger RET mmap 2093277184/0x7cc4e000 63699 logger CALL mprotect(0x7cc4e000,0x1000,0x1) 63699 logger RET mprotect 0 63699 logger CALL kbind(0xcf7ef048,12,0xe755f07f323e9b25) 63699 logger RET kbind 0 63699 logger CALL mprotect(0x7cc4e000,0x1000,0x3<PROT_READ|PROT_WRITE>) 63699 logger RET mprotect 0 63699 logger CALL mprotect(0x7cc4e000,0x1000,0x1) 63699 logger RET mprotect 0 63699 logger CALL kbind(0xcf7eec08,12,0xe755f07f323e9b25) 63699 logger RET kbind 0 63699 logger CALL kbind(0xcf7eec08,12,0xe755f07f323e9b25) 63699 logger RET kbind 0 63699 logger CALL getlogin_r(0x2aa04100,32) 63699 logger RET getlogin_r 0 63699 logger CALL kbind(0xcf7eec08,12,0xe755f07f323e9b25) 63699 logger RET kbind 0 63699 logger CALL kbind(0xcf7eec08,12,0xe755f07f323e9b25) 63699 logger RET kbind 0 63699 logger CALL close(1) 63699 logger RET close 0 63699 logger CALL kbind(0xcf7eec08,12,0xe755f07f323e9b25) 63699 logger RET kbind 0 63699 logger CALL pledge(0x3bc510ae,0) 63699 logger STRU pledge request="stdio" 63699 logger RET pledge 0 63699 logger CALL kbind(0xcf7eec08,12,0xe755f07f323e9b25) 63699 logger RET kbind 0 63699 logger CALL kbind(0xcf7eec08,12,0xe755f07f323e9b25) 63699 logger RET kbind 0 63699 logger CALL kbind(0xcf7eec08,12,0xe755f07f323e9b25) 63699 logger RET kbind 0 63699 logger CALL kbind(0xcf7ebca8,12,0xe755f07f323e9b25) 63699 logger RET kbind 0 63699 logger CALL kbind(0xcf7ebc68,12,0xe755f07f323e9b25) 63699 logger RET kbind 0 63699 logger CALL kbind(0xcf7ebca8,12,0xe755f07f323e9b25) 63699 logger RET kbind 0 63699 logger CALL kbind(0xcf7ebca8,12,0xe755f07f323e9b25) 63699 logger RET kbind 0 63699 logger CALL sendsyslog(0xcf7ec807,23,0<>) 63699 logger RET sendsyslog -1 errno 57 Socket is not connected 63699 logger CALL kbind(0xcf7eec08,12,0xe755f07f323e9b25) 63699 logger RET kbind 0 63699 logger CALL mprotect(0x7cc4e000,0x1000,0x3<PROT_READ|PROT_WRITE>) 63699 logger RET mprotect 0 63699 logger CALL mprotect(0x7cc4e000,0x1000,0x1) 63699 logger RET mprotect 0 63699 logger CALL mprotect(0x7cc4e000,0x1000,0x3<PROT_READ|PROT_WRITE>) 63699 logger RET mprotect 0 63699 logger CALL mprotect(0x7cc4e000,0x1000,0x1) 63699 logger RET mprotect 0 63699 logger CALL munmap(0x7cc4e000,0x1000) 63699 logger RET munmap 0 63699 logger CALL exit(0) Highlighting the appropriate part: 63699 logger CALL kbind(0xcf7ebca8,12,0xe755f07f323e9b25) 63699 logger RET kbind 0 63699 logger CALL sendsyslog(0xcf7ec807,23,0<>) 63699 logger RET sendsyslog -1 errno 57 Socket is not connected 63699 logger CALL kbind(0xcf7eec08,12,0xe755f07f323e9b25) 63699 logger RET kbind 0 63699 logger CALL mprotect(0x7cc4e000,0x1000,0x3<PROT_READ|PROT_WRITE>) How long has this firewall been up? jross@fw:/home/jross $ uptime 4:31PM up 34 mins, 1 user, load averages: 1.34, 1.28, 1.12 So, how do I re-connect the sendsyslogsocket? dmesg follows Jeff Ross ross@fw:/home/jross $ dmesg OpenBSD 6.0-beta (GENERIC.MP) #1768: Wed May 18 12:01:43 MDT 2016 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz ("GenuineIntel" 686-class) 1.84 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,S
Re: syslog on 5.6
Thank you, Theo. I know this is true. I was tempted to jump right to 5.9 but decided to heed the directions on http://www.openbsd.org/faq/upgrade56.html " *Note: Upgrades are only supported from one release to the release immediately following it. Do not skip releases. If you got lucky skipping releases in the past, you may not this time."* On Wed, May 25, 2016 at 1:39 PM, Theo de Raadt <dera...@cvs.openbsd.org> wrote: > We only "support" the last release, and we only make errata available > for the last two releases. We don't maintain old code because none of > us run it. > > 5.6 is end-of-life, so you are on your own. > > > So far I haven't been able to get syslog to log anything other than it's > > startup message. > > > > I'm using the stock syslog.conf file. > > > > logger test message does nothing so I ktraced it. > > > > The interesting part is: > > > > 22461 logger RET sigprocmask ~0x10100<SIGKILL|SIGSTOP> > > 22461 logger CALL sendsyslog(0xcfbda6a8,0x27) > > 22461 logger RET sendsyslog -1 errno 57 Socket is not connected > > 22461 logger CALL sigprocmask(SIG_BLOCK,~0<>) > > 22461 logger RET sigprocmask 0<> > > 22461 logger CALL > mprotect(0x39cd6000,0x1000,0x3<PROT_READ|PROT_WRITE>) > > > > So how would I re-connect sendsyslog? > > > > Rebooted a couple of times after upgrading to 5.6--I'll be glad to get > past > > all of these hurdles so I can get up to 5.9! > > > > Thanks, > > > > Jeff Ross
syslog on 5.6
So far I haven't been able to get syslog to log anything other than it's startup message. I'm using the stock syslog.conf file. logger test message does nothing so I ktraced it. The interesting part is: 22461 logger RET sigprocmask ~0x10100<SIGKILL|SIGSTOP> 22461 logger CALL sendsyslog(0xcfbda6a8,0x27) 22461 logger RET sendsyslog -1 errno 57 Socket is not connected 22461 logger CALL sigprocmask(SIG_BLOCK,~0<>) 22461 logger RET sigprocmask 0<> 22461 logger CALL mprotect(0x39cd6000,0x1000,0x3<PROT_READ|PROT_WRITE>) So how would I re-connect sendsyslog? Rebooted a couple of times after upgrading to 5.6--I'll be glad to get past all of these hurdles so I can get up to 5.9! Thanks, Jeff Ross
pf sanity check
Hi all, I am incrementally bringing my server up to date. I was on 5.5-current so following the instructions I upgraded to 5.6 stable. I re-wrote my pf.conf to remove the oldqueue rules and to simplify the rule set. Checks okay for syntax but it doesn't seem to be redirecting mail to spamd. If I telnet to my server on port 25 I do not see the stutter of the banner at all. Here's my current pf.conf for other eyes--maybe I've made a thinko in these new ruless # $OpenBSD: pf.conf,v 1.49 2009/09/17 06:39:03 jmc Exp $ # # See pf.conf(5) for syntax and examples. # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 # in /etc/sysctl.conf if packets are to be forwarded between interfaces. ext_if="re0" # External Public Interface tcp_services = "{ 22,53,113,25,993,465,80,443 }" udp_services = "{ domain, ntp, 1194 }" icmp_types = "{ echoreq, unreach }" table persist table persist set block-policy return set loginterface $ext_if set skip on { lo, tun } match on $ext_if inet all scrub (no-df max-mss 1398) # filter rules and anchor for ftp-proxy(8) anchor "ftp-proxy/*" pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021 # anchor for relayd(8) block log all block in log quick proto tcp from to any # rules for spamd(8) table persist table persist file "/etc/mail/nospamd" pass in log on egress proto tcp from any to any port smtp \ rdr-to 127.0.0.1 port spamd pass in log on egress proto tcp from to any port smtp pass in log on egress proto tcp from to any port smtp pass out log on egress proto tcp to any port smtp pass in log quick on egress proto tcp to port $tcp_services pass in log quick on egress proto udp to port $udp_services pass out log quick on egress from any to any Thanks! Jeff Ross
Re: apache-httpd-openbsd?
On 5/9/16 4:26 PM, Daniel Jakots wrote: On Mon, 9 May 2016 15:03:30 -0600, Jeff Ross <jr...@openvistas.net> wrote: Trying to install apache-httpd-openbsd in -current https://marc.info/?l=openbsd-ports-cvs=146186762111571=2 Hmm--I went through all of the ports@ messages looking for a removal announcement but didn't find one. Thank you, Daniel! Jeff
Re: apache-httpd-openbsd?
On 5/9/16 4:25 PM, Fred wrote: On 05/09/16 22:58, Jeff Ross wrote: On 5/9/16 3:21 PM, arrowscr...@mail.com wrote: try pkg_add http://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/apache-httpd-2.4.20p1.tgz That's apache 2.4, I want the 1.3.9 version that is, as my subject line says, apache-httpd-openbsd. Jeff It was removed 11 days ago: http://cvsweb.openbsd.org/cgi-bin/cvsweb/ports/www/apache-httpd-openbsd/Attic/Makefile You'll need a cvs version before 28 Apr 16 if you want to build it yourself. Cheers Fred Thanks, Fred! That explains the missing package! Jeff
Re: apache-httpd-openbsd?
On 5/9/16 4:30 PM, Stuart Henderson wrote: On 2016-05-09, Jeff Ross <jr...@openvistas.net> wrote: Trying to install apache-httpd-openbsd in -current and it seems the package is no longer available. Correct. Options: - (preferred) migrate your configuration to a maintained http server version. I need mod_rewrite so I guess I'm headed for apache2. - install 5.9 release. - checkout an old version of the port (mkdir -p /usr/ports/mystuff/www; cd /usr/ports/mystuff/www; cvs get -D \ 2016/04/01 -d apache-httpd-openbsd ports/www/apache-httpd-openbsd) and build it yourself; things will break again at some point though. I cvs uped my src and ports and built the system from source but when I try to install apache-httpd-openbsd from ports I'm getting the "reading plist|Error: unknown fragment SHARED at /usr/libdata/perl5/OpenBSD/Subst.pm line 109, <$fh> line 2." error. that's not unexpected; the PFRAG.shared complexity has been removed from ports now that vax is no longer a supported arch. Okay--I think this must be above my pay grade because I can't see how vax is related, nor do I think I need to know ;-) Thank you, Stuart, as always! Jeff
Re: apache-httpd-openbsd?
On 5/9/16 3:21 PM, arrowscr...@mail.com wrote: try pkg_add http://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/apache-httpd-2.4.20p1.tgz That's apache 2.4, I want the 1.3.9 version that is, as my subject line says, apache-httpd-openbsd. Jeff
apache-httpd-openbsd?
Hi all, Trying to install apache-httpd-openbsd in -current and it seems the package is no longer available. I cvs uped my src and ports and built the system from source but when I try to install apache-httpd-openbsd from ports I'm getting the "reading plist|Error: unknown fragment SHARED at /usr/libdata/perl5/OpenBSD/Subst.pm line 109, <$fh> line 2." error. As I saw suggested in a recent message to ports@ (1) I rebuilt pkg_add from /usr/src/usr.sbin/pkg_add/ but that made no difference. dmesg below Thanks, Jeff Ross (1) http://marc.info/?l=openbsd-ports=146213655323699=2 OpenBSD 5.9-current (GENERIC.MP) #1: Mon May 9 13:08:53 MDT 2016 r...@fw.openvistas.net:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz ("GenuineIntel" 686-class) 1.84 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,LAHF,PERF,SENSOR real mem = 1040486400 (992MB) avail mem = 1007853568 (961MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: date 07/29/05, SMBIOS rev. 2.4 @ 0xe (38 entries) bios0: vendor Apple Inc. version "MM21.88Z.009A.B00.0706281359" date 06/28/07 bios0: Apple Inc. Macmini2,1 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP HPET APIC MCFG ASF! SBST ECDT SSDT SSDT SSDT acpi0: wakeup devices PXS1(S4) PXS2(S4) USB1(S3) USB2(S3) USB3(S3) USB4(S3) USB7(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 166MHz cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz ("GenuineIntel" 686-class) 1.84 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,LAHF,PERF,SENSOR ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpiec0 at acpi0 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (RP01) acpiprt2 at acpi0: bus 2 (RP02) acpiprt3 at acpi0: bus 3 (PCIB) acpicpu0 at acpi0: !C2(500@1 mwait@0x10), C1(1000@1 mwait), PSS acpicpu1 at acpi0: !C2(500@1 mwait@0x10), C1(1000@1 mwait), PSS acpibtn0 at acpi0: PWRB "APP0001" at acpi0 not configured acpivideo0 at acpi0: GFX0 bios0: ROM list: 0xc/0xe600! cpu0: Enhanced SpeedStep 1834 MHz: speeds: 1833, 1667, 1500, 1333, 1000 MHz memory map conflict 0xe00f8000/0x1000 memory map conflict 0xfed1c000/0x4000 memory map conflict 0xfffb/0x3 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 "Intel 82945GM Host" rev 0x03 inteldrm0 at pci0 dev 2 function 0 "Intel 82945GM Video" rev 0x03 drm0 at inteldrm0 intagp0 at inteldrm0 agp0 at intagp0: aperture at 0x4000, size 0x1000 inteldrm0: apic 1 int 16 error: [drm:pid0:drm_edid_block_valid] *ERROR* EDID checksum is invalid, remainder is 30 Raw EDID: 00 ff ff ff ff ff ff 00 4c 2d 15 15 39 31 53 53 11 0f 01 03 6c 26 1e 78 2a 6f 86 a2 5a 4d 94 24 1a 4f 54 bf ef 80 81 81 71 4f 01 01 01 01 01 01 01 01 01 01 01 01 30 30 00 98 51 51 2a 40 30 30 13 00 78 2d 11 00 00 00 00 00 00 00 00 38 4b 4b 51 0e 00 0a 20 20 20 20 20 20 00 00 00 fc 00 53 79 6e 63 4d 61 73 74 74 72 0a 20 20 00 00 00 00 00 48 39 39 59 34 33 33 38 33 39 39 20 20 00 00 error: [drm:pid0:drm_edid_block_valid] *ERROR* EDID checksum is invalid, remainder is 30 Raw EDID: 00 ff ff ff ff ff ff 00 4c 2d 15 15 39 31 53 53 11 0f 01 03 6c 26 1e 78 2a 6f 86 a2 5a 4d 94 24 1a 4f 54 bf ef 80 81 81 71 4f 01 01 01 01 01 01 01 01 01 01 01 01 30 30 00 98 51 51 2a 40 30 30 13 00 78 2d 11 00 00 00 00 00 00 00 00 38 4b 4b 51 0e 00 0a 20 20 20 20 20 20 00 00 00 fc 00 53 79 6e 63 4d 61 73 74 74 72 0a 20 20 00 00 00 00 00 48 39 39 59 34 33 33 38 33 39 39 20 20 00 00 error: [drm:pid0:drm_edid_block_valid] *ERROR* EDID checksum is invalid, remainder is 30 Raw EDID: 00 ff ff ff ff ff ff 00 4c 2d 15 15 39 31 53 53 11 0f 01 03 6c 26 1e 78 2a 6f 86 a2 5a 4d 94 24 1a 4f 54 bf ef 80 81 81 71 4f 01 01 01 01 01 01 01 01 01 01 01 01 30 30 00 98 51 51 2a 40 30 30 13 00 78 2d 11 00 00 00 00 00 00 00 00 38 4b 4b 51 0e 00 0a 20 20 20 20 20 20 00 00 00 fc 00 53 79 6e 63 4d 61 73 74 74 72 0a 20 20 00 00 00 00 00 48 39 39 59 34 33 33 38 33 39 39 20 20 00 00 error: [drm:pid0:drm_edid_block_valid] *ERROR* EDID checksum is invalid, remainder is 30 Raw EDID: 00 ff ff ff ff ff ff 00 4c 2d 15 15 39 31 53 53 11 0f 01 03 6c 26 1e 78 2a 6f 86 a2 5a 4d 94 24 1a 4f 54 bf ef 80 81 81 71 4f 01 01 01 01 01 01 01 01 01 01 01 01
Re: Socklog on OpenBSD -current
On 3/29/16 5:42 PM, Stuart Henderson wrote: On 2016-03-29, Jeff Ross <jr...@openvistas.net> wrote: Greetings all! I've been away from OpenBSD for a while and for sure I've missed more than a few things. Just updated a firewall in anticipation of upgrading my server but there are things that have changed. What has me puzzled now is the change to syslogd. For literally years I've run socklog from ports to replace the stock syslog with no problems but now it simply doesn't work on 5.9 -current. My former installations of socklog all listen to /dev/log but when I couldn't get anything to work listening there I switched to listening to 0.0.0.0:514 but still no joy. If anyone out there is using socklog, or possibly any alternative to syslog, I'd sure appreciate a clue by four to get socklog running again. OpenBSD's syslog functions now use sendsyslog(2) which doesn't use /dev/log sockets any more. Here is where syslogd was modified to do things this way: http://anoncvs.spacehopper.org/openbsd-src/commit/?id=c40e16771993e74275857863c928d7f9cffe3699 - it's probably not all that complex to convert other logging daemons, but afaik nobody has yet felt the need to do this for any of the alternative log daemons in ports. If you don't want to write code and want to stick with socklog, the easiest way is probably a minimal syslogd(8) setup that forwards everything via UDP. Thank you, Stuart! As always, you've been very helpful. For now I'll stick to forwarding and play with the code as time permits. Jeff
Socklog on OpenBSD -current
Greetings all! I've been away from OpenBSD for a while and for sure I've missed more than a few things. Just updated a firewall in anticipation of upgrading my server but there are things that have changed. What has me puzzled now is the change to syslogd. For literally years I've run socklog from ports to replace the stock syslog with no problems but now it simply doesn't work on 5.9 -current. My former installations of socklog all listen to /dev/log but when I couldn't get anything to work listening there I switched to listening to 0.0.0.0:514 but still no joy. If anyone out there is using socklog, or possibly any alternative to syslog, I'd sure appreciate a clue by four to get socklog running again. Thanks! Jeff dmesg; OpenBSD 5.9-current (GENERIC.MP) #1682: Tue Mar 29 12:08:00 MDT 2016 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz ("GenuineIntel" 686-class) 1.84 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,LAHF,PERF,SENSOR real mem = 1040486400 (992MB) avail mem = 1008070656 (961MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: date 07/29/05, SMBIOS rev. 2.4 @ 0xe (38 entries) bios0: vendor Apple Inc. version "MM21.88Z.009A.B00.0706281359" date 06/28/07 bios0: Apple Inc. Macmini2,1 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP HPET APIC MCFG ASF! SBST ECDT SSDT SSDT SSDT acpi0: wakeup devices PXS1(S4) PXS2(S4) USB1(S3) USB2(S3) USB3(S3) USB4(S3) USB7(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 166MHz cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz ("GenuineIntel" 686-class) 1.84 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,LAHF,PERF,SENSOR ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 1 acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpiec0 at acpi0 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (RP01) acpiprt2 at acpi0: bus 2 (RP02) acpiprt3 at acpi0: bus 3 (PCIB) acpicpu0 at acpi0: !C2(500@1 mwait@0x10), C1(1000@1 mwait), PSS acpicpu1 at acpi0: !C2(500@1 mwait@0x10), C1(1000@1 mwait), PSS acpibtn0 at acpi0: PWRB "PNP0A08" at acpi0 not configured "PNP0C02" at acpi0 not configured "PNP0C0F" at acpi0 not configured "PNP0C0F" at acpi0 not configured "PNP0C0F" at acpi0 not configured "PNP0C0F" at acpi0 not configured "PNP0C0F" at acpi0 not configured "PNP0C0F" at acpi0 not configured "PNP0C0F" at acpi0 not configured "PNP0C0F" at acpi0 not configured "APP0001" at acpi0 not configured "PNP0C09" at acpi0 not configured "PNP0200" at acpi0 not configured "INT0800" at acpi0 not configured "PNP0103" at acpi0 not configured "PNP" at acpi0 not configured "PNP0C04" at acpi0 not configured "PNP0C02" at acpi0 not configured "PNP0B00" at acpi0 not configured "PNP0100" at acpi0 not configured acpivideo0 at acpi0: GFX0 bios0: ROM list: 0xc/0xe600! cpu0: Enhanced SpeedStep 1834 MHz: speeds: 1833, 1667, 1500, 1333, 1000 MHz memory map conflict 0xe00f8000/0x1000 memory map conflict 0xfed1c000/0x4000 memory map conflict 0xfffb/0x3 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 "Intel 82945GM Host" rev 0x03 inteldrm0 at pci0 dev 2 function 0 "Intel 82945GM Video" rev 0x03 drm0 at inteldrm0 intagp0 at inteldrm0 agp0 at intagp0: aperture at 0x4000, size 0x1000 inteldrm0: apic 1 int 16 inteldrm0: 1600x900 wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation) wsdisplay0: screen 1-5 added (std, vt100 emulation) vendor "Intel", unknown product 0x27a3 (class DASP subclass Time and Frequency, rev 0x03) at pci0 dev 7 function 0 not configured azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: msi azalia0: codecs: Sigmatel STAC9220/1 audio0 at azalia0 ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02: apic 1 int 17 pci1 at ppb0 bus 1 mskc0 at pci1 dev 0 function 0 "Marvell Yukon 88E8053" rev 0x22, Yukon-2 EC rev. A3 (0x2): apic 1 int 16 msk0 at mskc0 port A: address 00:1f:f3:44:ee:6f eephy0 at
When should tables be used in pf.conf?
Hi, We've been using pf.conf and tables for years but have recently embarked on a project to optimize pf.conf. In reading about tables it's not clear when tables are more efficient than individual rules. Is there a definitive point? Is it three entries? six entries? ten entries? If it's not a constant, is there a simple test that we can run to determine if a table is more efficient than individual rules in each case? Thanks! Jeff --
Re: isolating untrusted programs in ssh chroot jails
You said at beginning of your comments now i don't use firefox (or any 'modern browser) may I ask which browser you like to use? And for what reasons? thanks in advance On Thu, Mar 19, 2015 at 7:56 PM, dan mclaughlin thev...@openmailbox.org wrote: here are the scripts i wrote to make this easier. these really were made for my own use, but i hope others may find them useful. i would be interested to know if anyone else actually does find them useful. would also be glad to know of any errors/problems/things that can go wrong i didn't think of. the first one (jail_new) creates a new jail (and possibly the user). the second one (jail_pkgadd) adds a package and its dependencies to an existing jail. they are expected to be in the same directory (jail_new cannot add packages (-p) otherwise). to relate to my earlier examples: $ jail_new -tu _inmate:_chaingang /home/jail will create the jail in /home/jail and also the user _inmate and group _chaingang. this case it will be just be a regular shell account (just chrooted). $ jail_new -t _inmate:_chaingang /home/jail will create the jail, but will not create the user:group. a real case: $ jail_new -tux -k /home/null/.ssh/id_rsa.pub -p w3m,feh:/usr/release/pkg browse /home/browse w3m -B this command sets up the terminal (-t) and X (-x) in a directory (here /home/browse), creates a user (-u) (in this case 'browse'), uses the given key file (-k) for the authorized keys, installs the packages (-p) w3m and feh (and all of their dependencies) from directory /usr/release/pkg, and sets 'w3m -B' to run automatically via ForceCommand in sshd_config. this is the equivalent of: $ jail_new -tux -k /home/null/.ssh/id_rsa.pub browse /home/browse w3m -B $ jail_pkgadd -p /usr/release/pkg w3m /home/browse $ jail_pkgadd -p /usr/release/pkg feh /home/browse if you want bzip2 in there as well, you can always add it later: $ jail_pkgadd -p /usr/release/pkg bzip2 /home/browse or, if PKG_PATH is set (and not remote) you can omit -p $ jail_pkgadd bzip2 /home/browse if PKG_PATH is set, and is remote, you need: $ jail_pkgadd -r bzip2 /home/browse (note: will only allow a single directory for PKG_PATH) this can be used by running: $ Xephyr :1 env DISPLAY=:1 ssh -X browse@localhost (side note: w3m runs 'display' to display an image, so i create a symlink to feh to view images) another case: $ jail_new -tuxr -k /home/null/.ssh/id_rsa.pub -p xpdf:scp://null@node02/usr/release/pkg pdf /home/pdf you need to specify -r (remote) directly to use remote pkg src. which is the equivalent of: $ jail_new -tux -k /home/null/.ssh/id_rsa.pub pdf /home/pdf $ jail_pkgadd -r -p scp://null@node02/usr/release/pkg xpdf /home/pdf which can be used: $ cp test.pdf /home/pdf/tmp $ Xephyr :1 env DISPLAY=:1 ssh -X browse@localhost xpdf -fullscreen /tmp/test.pdf (in this case it may be best not to use ForceCommand, since you may want to open multiple documents.) WARNING use at your own peril. if you can't read the scripts, you probably shouldn't use them, and then i am certain there are other glaring security flaws you need to know about. i include these because it is a dull pain in the ass to do this manually, and hopefully someone may get some use out of them. other than that, do with it what you wish. they are as fool-proof as i could make them, so that i don't shoot myself in the foot accidently (and i have been around long enough to have done that a few times, even while being careful). but you never know. jail_new: -- #!/bin/ksh USAGE=${0##*/} [-jrtux] [-k authkeys] [-p pkg[,pkg2...][:pkgpath]] user[:group] path [cmd [args ...]] [[ $1 = -h ]] { echo USAGE $USAGE; return 0; } #-t sets PermitTTY and copies files for term #-x sets X11Forwarding and copies files for X (fonts,xauth) #-u creates user; fails if user exists #-j joins group; needed to join existing group #-p pkg[,pkg2...][:pkgpath] #-r allows remote pkg access #uses existing PKG_PATH #pkgpath arg overrides PKG_PATH #only accepts a lone pkgpath PATH=/sbin:/bin:/usr/sbin:/usr/bin echov() { eval echo \\$$1\; } isemptyv() { eval [ \${#$1} -eq 0 ]; } notemptyv() { eval [ \${#$1} -gt 0 ]; } alias xt='set -o xtrace' alias xt-='set +o xtrace' if [ $(id -u) -eq 0 ];then echo ERR cannot run as root return 1 fi _sshd_config=/etc/ssh/sshd_config _sshd_config_tmp=/tmp/sshd_config trap rm -f $_sshd_config_tmp 0 2 #for convenience _fontdir=/usr/X11R6/lib/X11/fonts _terminfo=/usr/share/misc/terminfo.db _termcap=/usr/share/misc/termcap _do_x=no _do_tty=no _do_useradd= _do_joingrp= _do_remote= _authkeys= _pkg= _pkgpath= _userhome=/home/cell while getopts :jrtuxk:p: _opt;do case $_opt in j) _do_joingrp=yes ;; r) _do_remote=-r ;; t) _do_tty=yes ;; u) _do_useradd=yes ;; x) _do_x=yes ;; k) _authkeys=$OPTARG if [ ! -f
Re: Just a thank you.
Ditto! On Sat, Mar 14, 2015 at 5:44 PM, Maurice McCarthy m...@mythic-beasts.com wrote: On Fri, Mar 13, 2015 at 06:09:05PM -0700 or thereabouts, Benjamin Heath wrote: Hi, This seems non-sequitur somehow, but I would simply like thank all the developers of OpenBSD for continuing work on the only OS that I really trust. I learn plenty just by lurking on this list. I also appreciate having a set of developers with the fortitude to entirely reject very flawed systems, and I like that simply because someone has to. Just thanks. Ben. +1. Totally agree. I have now completely abandoned linux. Thanks Hugely Maurice
CARP problem
I've been using CARP for years and it's always done exactly what I wanted and expected. We recently added a second ISP and another NIC to each of our firewalls. Each firewall now has 3 NIC's and three CARP interfaces. The original two are working fine, but the third CARP interface (carp2) shows up as MASTER on both the primary and failover firewalls. I have verified password, vhid and pf.conf and still can't figure out what I might have done wrong. Both firewalls have net.inet.carp.preempt=1 Here is some output from tcpdump: firewall-master 10:34:01.697488 CARPv2-advertise 36: vhid=10 advbase=1 advskew=15 demote=0 (DF) [tos 0x10] 10:34:01.975823 CARPv2-advertise 36: vhid=10 advbase=1 advskew=99 demote=0 (DF) [tos 0x10] 10:34:02.767475 CARPv2-advertise 36: vhid=10 advbase=1 advskew=15 demote=0 (DF) [tos 0x10] 10:34:03.375808 CARPv2-advertise 36: vhid=10 advbase=1 advskew=99 demote=0 (DF) [tos 0x10] 10:34:03.837465 CARPv2-advertise 36: vhid=10 advbase=1 advskew=15 demote=0 (DF) [tos 0x10] 10:34:04.776092 CARPv2-advertise 36: vhid=10 advbase=1 advskew=99 demote=0 (DF) [tos 0x10] 10:34:04.907466 CARPv2-advertise 36: vhid=10 advbase=1 advskew=15 demote=0 (DF) [tos 0x10] 10:34:05.977465 CARPv2-advertise 36: vhid=10 advbase=1 advskew=15 demote=0 (DF) [tos 0x10] 10:34:06.176254 CARPv2-advertise 36: vhid=10 advbase=1 advskew=99 demote=0 (DF) [tos 0x10] firewall-backup 10:34:42.225616 CARPv2-advertise 36: vhid=10 advbase=1 advskew=15 demote=0 (DF) [tos 0x10] 10:34:42.449469 CARPv2-advertise 36: vhid=10 advbase=1 advskew=99 demote=0 (DF) [tos 0x10] 10:34:43.295464 CARPv2-advertise 36: vhid=10 advbase=1 advskew=15 demote=0 (DF) [tos 0x10] 10:34:43.849458 CARPv2-advertise 36: vhid=10 advbase=1 advskew=99 demote=0 (DF) [tos 0x10] 10:34:44.365459 CARPv2-advertise 36: vhid=10 advbase=1 advskew=15 demote=0 (DF) [tos 0x10] 10:34:45.249484 CARPv2-advertise 36: vhid=10 advbase=1 advskew=99 demote=0 (DF) [tos 0x10] 10:34:45.435175 CARPv2-advertise 36: vhid=10 advbase=1 advskew=15 demote=0 (DF) [tos 0x10] Suggestions please? Thanks! --
Re: lynx is gone?
Its not in my pay grade to offer a technical opinion on Lynx removal! But ,,WHAT r u folks using instead, considering?? thanks OpenBSD
Re: Best way forward w.r.t. apache/nginx/httpd?
In more or less the same boat, without php as our virtual sites are simple display only. However for future business developement we have wondered the same. I am inn agreement with your choice of (1) as that would be ours pending feedback here from those who know. On Mon, Dec 29, 2014 at 7:30 AM, T. Ribbrock emga...@gmx.net wrote: Hi all, I'm finally getting round to updating my home server (gets a fresh 5.6 install). Of course, there were a lot of changes over the past versions, one of them being the whole apache - nginx - httpd migration. My webserver has a CMS running which requires PHP and MySQL, plus a few more PHP-applications. Also, I have two or three virtual sites running and I'm currently considering having a look at something like Owncloud and/or Citadel. Given the current state of development in OpenBSD, I'm now wondering what the best way forward is for me: a) Install apache-httpd-openbsd from ports and keep my configuration basically as is Advantage: Less work to get everything running - I've done OpenBSD re-installs like that several times over the past years Disadvantage: I guess that the new httpd will get a lot more developer attention, so this does not seem the ideal option longterm, but I could always migrate to httpd later, e.g. when upgrading to 5.7 or (more likely) 5.8 b) Migrate to nginx This seems to be the least interesting option - not only do I have to migrate now, but once more in the future, as nginx is also on the way out (so, the same developer attention caveat applies as with apache) c) Migrate to httpd From what I've gathered so far from this list, this would basically require me to switch to -current, as the 5.6 version is too fresh and too many changes have happened since - or am I being pessimistic here? I've never run -current before, hence, I'm a bit hesitant... I tend to go for a) because I do not want to migrate twice - but maybe somebody else has some interesting points that I have not considered yet? I'd appreciate the input! Regards, Thomas -- - Thomas Ribbrockhttp://www.ribbrock.org/ You have to live on the edge of reality - to make your dreams come true!
Re: Sun/Cassini Quad Gigabit Card Not Detected
Brad, Thanks! I made the one line change and it had no effect. Do I need other changes from current? Thanks again, Jeff On Sun, Nov 16, 2014 at 12:53:13AM -0500, Brad Smith wrote: On Mon, Nov 10, 2014 at 01:41:10PM -0500, Jeff wrote: # arp -a # arp -a firewall-x.usedmoviefinder.com (172.16.103.1) at 00:00:00:00:00:00 on cas0 static # netstat -in NameMtu Network Address Ipkts IerrsOpkts Oerrs Colls lo0 32768 Link 0 00 0 0 lo0 32768 ::1/128 ::1 0 00 0 0 lo0 32768 fe80::%lo0/ fe80::1%lo0 0 00 0 0 lo0 32768 127/8 127.0.0.10 00 0 0 bge01500 Link 00:0c:76:4e:5d:6e 104457 0 1546 0 0 bge01500 172.16/16 172.16.157.192 104457 0 1546 0 0 cas01500 Link 00:00:00:00:00:00 106705 0 148 0 0 cas01500 172.16/16 172.16.103.1106705 0 148 0 0 cas1* 1500 Link 00:00:00:00:00:000 00 0 0 cas2* 1500 Link 00:00:00:00:00:000 00 0 0 cas3* 1500 Link 00:00:00:00:00:000 00 0 0 enc0* 0 Link 0 00 0 0 pflog0 33192 Link 0 0 2566 0 0 Hi Jeff, Can you please try updating the sys/dev/pci/if_cas.c file to the -current code I just commited and apply the following diff to see if the MAC address is retreived properly and the MAC address is adjusted as appropriate for the multi port board? Index: if_cas.c === RCS file: /cvs/src/sys/dev/pci/if_cas.c,v retrieving revision 1.34 diff -u -p -u -p -r1.34 if_cas.c --- if_cas.c 16 Nov 2014 05:46:20 - 1.34 +++ if_cas.c 16 Nov 2014 05:50:15 - @@ -280,6 +280,7 @@ next: desc += strlen(local-mac-address) + 1; bcopy(desc, sc-sc_arpcom.ac_enaddr, ETHER_ADDR_LEN); + sc-sc_arpcom.ac_enaddr[5] += pa-pa_device; rv = 0; } break; -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.
Re: Sun/Cassini Quad Gigabit Card Not Detected
Here's why I think that they're zero. Should I look somewhere else? # ifconfig cas cas0: flags=28863UP,BROADCAST,NOTRAILERS,RUNNING,SIMPLEX,MULTICAST,NOINET6 mtu 1500 lladdr 00:00:00:00:00:00 priority: 0 media: Ethernet autoselect (1000baseT full-duplex) status: active inet 172.16.103.1 netmask 0x broadcast 172.16.255.255 cas1: flags=28822BROADCAST,NOTRAILERS,SIMPLEX,MULTICAST,NOINET6 mtu 1500 lladdr 00:00:00:00:00:00 priority: 0 media: Ethernet autoselect (none) status: no carrier cas2: flags=28822BROADCAST,NOTRAILERS,SIMPLEX,MULTICAST,NOINET6 mtu 1500 lladdr 00:00:00:00:00:00 priority: 0 media: Ethernet autoselect (none) status: no carrier cas3: flags=28822BROADCAST,NOTRAILERS,SIMPLEX,MULTICAST,NOINET6 mtu 1500 lladdr 00:00:00:00:00:00 priority: 0 media: Ethernet autoselect (none) status: no carrier On Mon, Nov 10, 2014 at 11:10:32AM -0700, Theo de Raadt wrote: I've made progress. OpenBSD now recognizes the four cas NIC's and detects active/no carrier, but won't pass any traffic. I suspect that it's because the mac addr (lladdr) is all zero's Doubt it is all zero. I suspect you will find that they have been changed to the kernel to somewhat random values. Which means, different each time. --
Re: Sun/Cassini Quad Gigabit Card Not Detected
# arp -a # arp -a firewall-x.usedmoviefinder.com (172.16.103.1) at 00:00:00:00:00:00 on cas0 static # netstat -in NameMtu Network Address Ipkts IerrsOpkts Oerrs Colls lo0 32768 Link 0 00 0 0 lo0 32768 ::1/128 ::1 0 00 0 0 lo0 32768 fe80::%lo0/ fe80::1%lo0 0 00 0 0 lo0 32768 127/8 127.0.0.10 00 0 0 bge01500 Link 00:0c:76:4e:5d:6e 104457 0 1546 0 0 bge01500 172.16/16 172.16.157.192 104457 0 1546 0 0 cas01500 Link 00:00:00:00:00:00 106705 0 148 0 0 cas01500 172.16/16 172.16.103.1106705 0 148 0 0 cas1* 1500 Link 00:00:00:00:00:000 00 0 0 cas2* 1500 Link 00:00:00:00:00:000 00 0 0 cas3* 1500 Link 00:00:00:00:00:000 00 0 0 enc0* 0 Link 0 00 0 0 pflog0 33192 Link 0 0 2566 0 0 On Mon, Nov 10, 2014 at 11:16:00AM -0700, Theo de Raadt wrote: Yes, but look in arp -a and also in netstat -in
Sun/Cassini Quad Gigabit Card Not Detected
Hi, I've installed OpenBSD 5.6 (i386) on a dual processor XEON box which has a 4 port Sun (Sun# 501-6738-10) Gigabit NIC card. dmesg doesn't have any indication that the card is installed. Booting Linux shows the card as Sun/Cassini which I believe should be handled by the cas driver. pcidump shows the following (I think that the NS Saturn is the NIC card): Domain /dev/pci0: 0:0:0: Intel E7505 Host 0:0:1: Intel E7505 Error Reporting 0:1:0: Intel E7505 AGP 0:2:0: Intel E7505 PCI 0:2:1: Intel E7505 PCI 0:30:0: Intel 82801BA Hub-to-PCI 0:31:0: Intel 82801DB LPC 0:31:1: Intel 82801DB IDE 0:31:3: Intel 82801DB SMBus 1:0:0: NVIDIA Riva TNT2 2:28:0: Intel 82870P2 IOxAPIC 2:29:0: Intel 82870P2 PCIX-PCIX 2:30:0: Intel 82870P2 IOxAPIC 2:31:0: Intel 82870P2 PCIX-PCIX 3:1:0: Broadcom BCM5703X 3:2:0: Intel unknown 4:0:0: NS Saturn 4:1:0: NS Saturn 4:2:0: NS Saturn 4:3:0: NS Saturn 6:1:0: TI TSB43AB22 FireWire Any ideas on how to get OpenBSD to recognise this card? Thanks! Jeff Any ideas on how to get OpenBSD to recognise this card? Thanks! Jeff
Re: Sun/Cassini Quad Gigabit Card Not Detected
Rafael, Thanks for responding. Here are the outputs that you requested: dmesg: OpenBSD 5.6 (GENERIC.MP) #299: Fri Aug 8 00:10:33 MDT 2014 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Xeon(TM) CPU 2.66GHz (GenuineIntel 686-class) 2.67 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,CNXT-ID,xTPR,PERF real mem = 2146906112 (2047MB) avail mem = 2099359744 (2002MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 09/26/06, BIOS32 rev. 0 @ 0xfb000, SMBIOS rev. 2.2 @ 0xf (57 entries) bios0: vendor IBM version -[OPE151A]- date 09/26/2006 bios0: IBM -[6221LJU]- acpi0 at bios0: rev 0 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP ASF! APIC acpi0: wakeup devices HUB0(S5) HUBA(S5) HUBB(S5) PS2M(S4) PS2K(S4) USB0(S1) USB1(S1) USB3(S1) MODM(S5) PCI0(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 133MHz cpu1 at mainbus0: apid 6 (application processor) cpu1: Intel(R) Xeon(TM) CPU 2.66GHz (GenuineIntel 686-class) 2.67 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,CNXT-ID,xTPR,PERF ioapic0 at mainbus0: apid 4 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 4 ioapic1 at mainbus0: apid 5 pa 0xfec8, version 20, 24 pins ioapic2 at mainbus0: apid 6 pa 0xfec80400, version 20, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 6 (HUB0) acpiprt2 at acpi0: bus 5 (HUBA) acpiprt3 at acpi0: bus 3 (HUBB) acpicpu0 at acpi0 acpicpu1 at acpi0 acpibtn0 at acpi0: PWRB bios0: ROM list: 0xc/0xa800 0xcc000/0x1800 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel E7505 Host rev 0x03 agp at pchb0 not configured Intel E7505 Error Reporting rev 0x03 at pci0 dev 0 function 1 not configured ppb0 at pci0 dev 1 function 0 Intel E7505 AGP rev 0x03 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 NVIDIA Riva TNT2 rev 0x15 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb1 at pci0 dev 2 function 0 Intel E7505 PCI rev 0x03 pci2 at ppb1 bus 2 Intel 82870P2 IOxAPIC rev 0x04 at pci2 dev 28 function 0 not configured ppb2 at pci2 dev 29 function 0 Intel 82870P2 PCIX-PCIX rev 0x04 pci3 at ppb2 bus 3 bge0 at pci3 dev 1 function 0 Broadcom BCM5703X rev 0x02, BCM5702/5703 A2 (0x1002): apic 6 int 0, address 00:0c:76:4e:5d:6e brgphy0 at bge0 phy 1: BCM5703 10/100/1000baseT PHY, rev. 2 ppb3 at pci3 dev 2 function 0 vendor Intel, unknown product 0x537c rev 0x07 pci4 at ppb3 bus 4 NS Saturn rev 0x30 at pci4 dev 0 function 0 not configured NS Saturn rev 0x30 at pci4 dev 1 function 0 not configured NS Saturn rev 0x30 at pci4 dev 2 function 0 not configured NS Saturn rev 0x30 at pci4 dev 3 function 0 not configured Intel 82870P2 IOxAPIC rev 0x04 at pci2 dev 30 function 0 not configured ppb4 at pci2 dev 31 function 0 Intel 82870P2 PCIX-PCIX rev 0x04 pci5 at ppb4 bus 5 Intel E7505 PCI rev 0x03 at pci0 dev 2 function 1 not configured ppb5 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x82 pci6 at ppb5 bus 6 TI TSB43AB22 FireWire rev 0x00 at pci6 dev 1 function 0 not configured ichpcib0 at pci0 dev 31 function 0 Intel 82801DB LPC rev 0x02 pciide0 at pci0 dev 31 function 1 Intel 82801DB IDE rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: Maxtor 6Y200P0 wd0: 16-sector PIO, LBA48, 194481MB, 398297088 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 pciide0: channel 1 disabled (no drives) ichiic0 at pci0 dev 31 function 3 Intel 82801DB SMBus rev 0x02: apic 4 int 17 iic0 at ichiic0 iic0: addr 0x22 01=01 02=02 03=03 04=04 05=05 06=06 07=07 08=08 09=09 0a=0a 0b=0b 0c=0c 0d=0d 0e=0e 0f=0f 10=10 11=11 12=12 13=13 14=14 15=15 16=16 17=17 18=18 19=19 1a=1a 1b=1b 1c=1c 1d=1d 1e=1e 1f=1f 20=20 21=21 22=22 23=23 24=24 25=25 26=26 27=27 28=28 29=29 2a=2a 2b=2b 2c=2c 2d=2d 2e=2e 2f=2f 30=30 31=31 32=32 33=33 34=34 35=35 36=36 37=37 38=38 39=39 3a=3a 3b=3b 3c=3c 3d=3d 3e=3e 3f=3f 40=40 41=41 42=42 43=43 44=44 45=45 46=46 47=47 48=48 49=49 4a=4a 4b=4b 4c=4c 4d=4d 4e=4e 4f=4f 50=50 51=51 52=52 53=53 54=54 55=55 56=56 57=57 58=58 59=59 5a=5a 5b=5b 5c=5c 5d=5d 5e=5e 5f=5f 60=60 61=61 62=62 63=63 64=64 65=65 66=66 67=67 68=68 69=69 6a=6a 6b=6b 6c=6c 6d=6d 6e=6e 6f=6f 70=70 71=71 72=72 73=73 74=74 75=75 76=76 77=77 78=78 79=79 7a=7a 7b=7b 7c=7c 7d=7d 7e=7e 7f=7f 80=80 81=81 82=82 83=83 84=84 85=85 86=86 87=87 88=88 89=89 8a=8a 8b=8b 8c=8c 8d=8d 8e=8e 8f=8f 90=90 91=91 92=92 93=93 94=94 95=95 96=96 97=97 98=98 99=99 9a=9a 9b=9b 9c=9c 9d=9d 9e=9e 9f=9f a0=a0 a1=a1 a2=a2
Re: Sun/Cassini Quad Gigabit Card Not Detected
Miod, Thanks! I've made progress. OpenBSD now recognizes the four cas NIC's and detects active/no carrier, but won't pass any traffic. I suspect that it's because the mac addr (lladdr) is all zero's Jeff On Sun, Nov 09, 2014 at 07:43:15PM +, Miod Vallat wrote: Hi, I've installed OpenBSD 5.6 (i386) on a dual processor XEON box which has a 4 port Sun (Sun# 501-6738-10) Gigabit NIC card. dmesg doesn't have any indication that the card is installed. Booting Linux shows the card as Sun/Cassini which I believe should be handled by the cas driver. The cas(4) driver for this hardware is not enabled in the i386 and amd64 kernels, and is probably untested on these platforms. You might want to add cas* at pci? to the kernel configuration file and rebuild it, and see if it works. Miod
Re: Sun/Cassini Quad Gigabit Card Not Detected
Hi, Here is the output from dmesg after the kernel rebuild: OpenBSD 5.6 (CASSINI) #1: Sun Nov 9 16:38:22 EST 2014 r...@firewall-m.rtr.com:/usr/src/sys/arch/i386/compile/CASSINI cpu0: Intel(R) Xeon(TM) CPU 2.66GHz (GenuineIntel 686-class) 2.66 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,CNXT-ID,xTPR,PERF real mem = 2146906112 (2047MB) avail mem = 2099343360 (2002MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 09/26/06, BIOS32 rev. 0 @ 0xfb000, SMBIOS rev. 2.2 @ 0xf (57 entries) bios0: vendor IBM version -[OPE151A]- date 09/26/2006 bios0: IBM -[6221LJU]- acpi0 at bios0: rev 0 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP ASF! APIC acpi0: wakeup devices HUB0(S5) HUBA(S5) HUBB(S5) PS2M(S4) PS2K(S4) USB0(S1) USB1(S1) USB3(S1) MODM(S5) PCI0(S5) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 132MHz cpu1 at mainbus0: apid 6 (application processor) cpu1: Intel(R) Xeon(TM) CPU 2.66GHz (GenuineIntel 686-class) 2.66 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,CNXT-ID,xTPR,PERF cpu2 at mainbus0: apid 7 (application processor) cpu2: Intel(R) Xeon(TM) CPU 2.66GHz (GenuineIntel 686-class) 2.66 GHz cpu2: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,CNXT-ID,xTPR,PERF cpu3 at mainbus0: apid 1 (application processor) cpu3: Intel(R) Xeon(TM) CPU 2.66GHz (GenuineIntel 686-class) 2.66 GHz cpu3: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,CNXT-ID,xTPR,PERF ioapic0 at mainbus0: apid 4 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 0, remapped to apid 4 ioapic1 at mainbus0: apid 5 pa 0xfec8, version 20, 24 pins ioapic2 at mainbus0: apid 6 pa 0xfec80400, version 20, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 6 (HUB0) acpiprt2 at acpi0: bus 5 (HUBA) acpiprt3 at acpi0: bus 3 (HUBB) acpicpu0 at acpi0 acpicpu1 at acpi0 acpicpu2 at acpi0 acpicpu3 at acpi0 acpibtn0 at acpi0: PWRB bios0: ROM list: 0xc/0xa800 0xcc000/0x1800 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel E7505 Host rev 0x03 agp at pchb0 not configured Intel E7505 Error Reporting rev 0x03 at pci0 dev 0 function 1 not configured ppb0 at pci0 dev 1 function 0 Intel E7505 AGP rev 0x03 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 NVIDIA Riva TNT2 rev 0x15 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb1 at pci0 dev 2 function 0 Intel E7505 PCI rev 0x03 pci2 at ppb1 bus 2 Intel 82870P2 IOxAPIC rev 0x04 at pci2 dev 28 function 0 not configured ppb2 at pci2 dev 29 function 0 Intel 82870P2 PCIX-PCIX rev 0x04 pci3 at ppb2 bus 3 bge0 at pci3 dev 1 function 0 Broadcom BCM5703X rev 0x02, BCM5702/5703 A2 (0x1002): apic 6 int 0, address 00:0c:76:4e:5d:6e brgphy0 at bge0 phy 1: BCM5703 10/100/1000baseT PHY, rev. 2 ppb3 at pci3 dev 2 function 0 vendor Intel, unknown product 0x537c rev 0x07 pci4 at ppb3 bus 4 cas0 at pci4 dev 0 function 0 NS Saturn rev 0x30: apic 6 int 4, address 00:00:00:00:00:00 nsgphy0 at cas0 phy 1: DP83865 10/100/1000 PHY, rev. 8 cas1 at pci4 dev 1 function 0 NS Saturn rev 0x30: apic 6 int 5, address 00:00:00:00:00:00 gentbi0 at cas1 phy 0: Generic ten-bit interface, rev. 0 cas2 at pci4 dev 2 function 0 NS Saturn rev 0x30: apic 6 int 6, address 00:00:00:00:00:00 nsgphy1 at cas2 phy 1: DP83865 10/100/1000 PHY, rev. 8 cas3 at pci4 dev 3 function 0 NS Saturn rev 0x30: apic 6 int 7, address 00:00:00:00:00:00 gentbi1 at cas3 phy 0: Generic ten-bit interface, rev. 0 Intel 82870P2 IOxAPIC rev 0x04 at pci2 dev 30 function 0 not configured ppb4 at pci2 dev 31 function 0 Intel 82870P2 PCIX-PCIX rev 0x04 pci5 at ppb4 bus 5 Intel E7505 PCI rev 0x03 at pci0 dev 2 function 1 not configured ppb5 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x82 pci6 at ppb5 bus 6 TI TSB43AB22 FireWire rev 0x00 at pci6 dev 1 function 0 not configured ichpcib0 at pci0 dev 31 function 0 Intel 82801DB LPC rev 0x02 pciide0 at pci0 dev 31 function 1 Intel 82801DB IDE rev 0x02: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: Maxtor 6Y200P0 wd0: 16-sector PIO, LBA48, 194481MB, 398297088 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 pciide0: channel 1 disabled (no drives) ichiic0 at pci0 dev 31 function 3 Intel 82801DB SMBus rev 0x02: apic 4 int 17 iic0 at ichiic0 iic0: addr 0x22 01=01 02=02 03=03 04=04 05=05 06=06 07=07 08=08 09=09 0a=0a 0b=0b 0c=0c 0d=0d 0e=0e 0f=0f 10=10
Re: Change routing tables when ISP goes down
Thanks to everyone for your help/suggestions. I think that I'm headed in the right direction. I still can't seem to force a ping through a particular interface, even when I have both interfaces as default routes (I've tried both with and without mpath). If it matters, in both cases I used a lower priority (higher #) for our low speed metered connection. Here's my current routing information: default10.150.228.105 UGS5 168287 - 8 fxp0 default192.168.243.1 UGS00 -16 fxp1 and ping -I 192.168.243.152 8.8.4.4 still sends traffic out through fxp0. I have verified that if I swap the priorities that all traffic goes out through fxp1 so I know that that connection works. It feels like I'm missing something obvious here. Can someone point me in the right direction? Thanks again! Jeff On Wed, Oct 01, 2014 at 07:35:41PM -0300, Giancarlo Razzolini wrote: On 01-10-2014 14:14, Jeff wrote: It sounds like ping -I is what I was looking for, but when I use it, it seems to be sending out the packet with the right source address, but sending it to the wrong interface.are there any tricks here? You must enforce through pf route-to the packets to go through the right interface. Or, better yet, you should use multipath routing. Enable it on your systctl.conf. It will allow you to have multiple default gateways. If they both have the same priority the connections will go out in a simple round-robin fashion. Then you should use ifstated, as mentioned by others. If your ISP's routers support SNMP, you could use it to check for the link status instead of relying on external pinging. I only use it as last resort. On some of my modems I even have a small script that connect with on the administrative web interface to check if the link is up. On others I use telnet and expect. I only use ping as a last resort. I could help you with more elaborated examples, but I hope you got the idea. Cheers [demime 1.01d removed an attachment of type application/pkcs7-signature which had a name of smime.p7s]
Re: Change routing tables when ISP goes down
Hi Everyone, With the addition of a carefully constructed route-to rule I now have all of the individual pieces working. Now, with some careful plumbing and testing I should be all set. The final solution will be a combination of ifstated, multipath routing (prioritized) and ping -I; thanks to everyone for your suggestions and patience!!! Jeff On Thu, Oct 02, 2014 at 04:09:12PM +, Stuart Henderson wrote: On 2014-10-02, Jeff j...@usedmoviefinder.com wrote: Thanks to everyone for your help/suggestions. I think that I'm headed in the right direction. I still can't seem to force a ping through a particular interface, even when I have both interfaces as default routes (I've tried both with and without mpath). If it matters, in both cases I used a lower priority (higher #) for our low speed metered connection. Here's my current routing information: default10.150.228.105 UGS5 168287 - 8 fxp0 default192.168.243.1 UGS00 -16 fxp1 and ping -I 192.168.243.152 8.8.4.4 still sends traffic out through fxp0. ping -I only selects the source address, not the outgoing route. (With pf route-to rules suggested by others in the thread, that choice of source address can *then* result in a different route being taken, but it's not automatic). To use your lower-priority default route, you need some way to take the first route out of action. One possibility is to use something like ifconfig fxp0 down. Another is to have some kind of periodic check that removes the prio 8 default route. There have been a few suggestions to use ifstated for this - that can work - alternatives include a simple script run from cron, or relayd has some code to handle this - check the routers section in relayd.conf(5).
Change routing tables when ISP goes down
I have a very unreliable ISP (approximately 97% uptime). Many of the times that they go down, I'm connected and can ping within their limited network, but can't get to the outside world. In these cases, I have an alternate slow speed connection that I use. Right now, I manually change the default route and use pfctl to invoke an alternate pf.conf file. I'm thinking that OpenOSPF, BIRD or one of the other routing oriented daemons might be a way to automate switching back and forth. Does anyone suggestions on effective ways to automate/manage this? Thanks! Jeff