Re: Optimization Advice for High Resource Utilization PostgreSQL Query on OpenBSD
Hi J, Thank you for your detailed response and the practical advice. To address your points: *> CPU Utilization*: I understand that CPU consumption is not inherently bad and can be indicative of the system doing its job. The query performance from an end-user perspective is acceptable at the moment, but I'm preparing for increased load and want to ensure scalability. *> Performance Context*: The query in question is more frequent than a monthly summary but isn't run concurrently by a large number of users. Nevertheless, I am cautious about future growth and potential concurrent usage spikes. *> System Configuration*: I have not yet adjusted the sysctl.conf parameters, but I will look into tuning these based on your recommendations and PostgreSQL documentation. Specifically: kern.seminfo.semmni=60; kern.seminfo.semmns=1024; kern.shminfo.shmall=32768 *> PostgreSQL Settings*: Currently, max_connections and shared_buffers settings are at their default values. I will look into increasing shared_buffers to a quarter of RAM, considering our 16GB of memory. Adjusting temp_buffers and random_page_cost based on SSD usage will also be on my list. *> Further Tuning*: I will explore more detailed PostgreSQL tuning resources and forums for advice tailored to our setup and usage patterns. Your insights have been incredibly helpful. I will implement the suggested configurations and monitor the system's performance to ensure it meets our current and future needs. Thank you once again for your guidance. Best regards, Kihaguru On Sun, Aug 4, 2024 at 8:19 PM wrote: > On 30.07.24 14:04, Kihaguru Gathura wrote: > > > > Hi, > > > > I am seeking advice on optimizing a PostgreSQL query that is consuming > > a significant amount of CPU resources on my Dell PowerEdge T340 > > server. The server has an Intel Xeon E-2124 CPU @ 3.30GHz (4 cores, no > > Hyper-Threading) and 16GB RAM, running OpenBSD 7.3 (GENERIC.MP > > <http://GENERIC.MP>) #1125. > > This is a reasonably fast CPU and there is lots of RAM. No issues there. > > > > > The query in question occasionally utilizes around 40% of the CPU, > > with CPU1 and CPU2 being more utilized compared to CPU0 and CPU3. This > > suggests that the workload might not be well-balanced across all cores. > > > > As long as the CPU work is getting done, you don't care (or shouldn't > care) which CPU is doing the work. > > "top" is not a great tool for measuring CPU consumption of a process. > It > filters the measurements, resulting in a slow change approaching the > actual. The overall cpu consumption (top row or rows) is good. > > > I am monitoring the system to ensure that CPU usage by PostgreSQL does > > not lead to performance issues, especially if more queries are > > executed simultaneously. Other processes (such as httpd, relayd, etc.) > > are consuming minimal CPU time, indicating they are not contributing > > significantly to the overall load. > > > > The critical assumption you have made is that CPU consumption is bad. > This > is not necessarily true, it all depends on your circumstances. If > it is a "monthly summary", no big deal, you run it once a month. > > But if it is a "customer summary" and you have hundreds of customers all > running it concurrently that might be something to adjust or adapt to. > > Consider the point of view of the end-user. Is the query performance > OK? > If it actually OK then you have nothing to do. CPU measurements are > not visible to the end user and they don't care about them. > > If query performance is not "OK" then memory is the first thing to > adjust, followed by indexing (as you've started already). > > Configuring and tuning Postgresql is a lifelong ambition. There are > dozens if not hundreds of advice pages available. The first things > to do (you don't say if these are done, or not): > > - setup sysctl.conf to larger numbers, for example >kern.seminfo.semmni=60 >kern.seminfo.semmns=1024 >kern.shminfo.shmall=32768 > >Consult postgres documents for advice according to number of users >and database size. > > - setup postgres for suitable max_connections (leaving lots of margin) > > - setup postgres for lots of memory in use, shared_buffers=3GB for > example > Do not use more than about a quarter of RAM. Be sure that login.conf > entries for _postgresql user are suitable for this number. > > - setup postgres for temp_buffers larger; but seek tuning advice on > this. > > - setup postgres for random_page_cost = 1.0 provided that you have SSD > not >rotating disks. > > This is probably the wrong forum for detailed postgresql advice. You > might have to search elsewhere. > > good luck > > J >
Re: Optimization Advice for High Resource Utilization PostgreSQL Query on OpenBSD
Hi Christian, Thank you for your interest and suggestion. To give you an idea, here are the approximate row counts for the main tables involved in the query: - operations.requisitions: ~50,000 rows - operations.requisition_items: ~150,000 rows - operations.products: ~20,000 rows - operations.price_lists: ~ 60,000 rows - operations.price_lists_view_assort: ~20,000 rows - operations.vendors: ~200 rows While these numbers aren't in the billions, the complexity of the joins and the operations being performed, such as window functions and aggregations, contribute significantly to the CPU utilization. Partitioning is definitely something worth considering as the data grows. For now, I have created indexes and run VACUUM, which reduced CPU utilization from 40% to 30%. However, I'm aware that further optimization might be necessary. Thank you for your suggestion, and I will keep partitioning in mind as a potential next step if data volumes continue to grow. Best regards, Kihaguru On Sat, Aug 3, 2024 at 3:14 PM Christian Schulte wrote: > On 30.07.24 19:29, Kihaguru Gathura wrote: > > Hi Claudio, > > > > Yes, I did run 'Explain Analyze' on the query to diagnose the > > performance issues. Based on the analysis, I created indexes on the > > relevant columns and ran a VACUUM on the tables. This resulted in an > > improvement, reducing CPU utilization from 40% to 30%. > > Out of curiosity. How many records (table rows) are you talking about? > Maybe partitioning is the way to go, if you are dealing with huge > amounts of data. Indexing a couple of billions of records still makes > selecting expensive and you maybe want to partition things? > > -- > Christian > >
Re: Optimization Advice for High Resource Utilization PostgreSQL Query on OpenBSD
Hi Claudio, Yes, I did run 'Explain Analyze' on the query to diagnose the performance issues. Based on the analysis, I created indexes on the relevant columns and ran a VACUUM on the tables. This resulted in an improvement, reducing CPU utilization from 40% to 30%. I haven't yet delved into explicit Common Table Expressions (CTEs) or extensive query refactoring as this query is currently running in a production environment. While these optimizations are on my radar, implementing them requires careful consideration to avoid disrupting ongoing operations. I also considered creating indexes affecting views, but this requires creating materialized views first, which in turn necessitates extensive query refactoring. Given the production environment constraints, I opted to defer this step for now to avoid any disruptions. However, I am not sure if these additional steps would bring the utilization significantly down to a point where more queries can be executed simultaneously. Thank you for your input and assistance. Best regards, Kihaguru On Tue, Jul 30, 2024 at 3:42 PM Claudio Jeker wrote: > On Tue, Jul 30, 2024 at 03:04:54PM +0300, Kihaguru Gathura wrote: > > Hi, > > > > I am seeking advice on optimizing a PostgreSQL query that is consuming a > > significant amount of CPU resources on my Dell PowerEdge T340 server. The > > server has an Intel Xeon E-2124 CPU @ 3.30GHz (4 cores, no > Hyper-Threading) > > and 16GB RAM, running OpenBSD 7.3 (GENERIC.MP) #1125. > > > > The query in question occasionally utilizes around 40% of the CPU, with > > CPU1 and CPU2 being more utilized compared to CPU0 and CPU3. This > suggests > > that the workload might not be well-balanced across all cores. > > > > I am monitoring the system to ensure that CPU usage by PostgreSQL does > not > > lead to performance issues, especially if more queries are executed > > simultaneously. Other processes (such as httpd, relayd, etc.) are > consuming > > minimal CPU time, indicating they are not contributing significantly to > the > > overall load. > > > > The *top output* and *dmesg output* are included below. Given this setup, > > could someone please provide guidance on the best practices for > optimizing > > PostgreSQL performance under OpenBSD? Are there specific kernel or > > PostgreSQL configurations that might help distribute the load more evenly > > across all CPU cores, or is this a case that requires a more powerful > CPU? > > Did you EXPLAIN ANALYZE your query to see why it performs so bad? > In other words: Are you using the right indexes? > > -- > :wq Claudio >
Optimization Advice for High Resource Utilization PostgreSQL Query on OpenBSD
Hi, I am seeking advice on optimizing a PostgreSQL query that is consuming a significant amount of CPU resources on my Dell PowerEdge T340 server. The server has an Intel Xeon E-2124 CPU @ 3.30GHz (4 cores, no Hyper-Threading) and 16GB RAM, running OpenBSD 7.3 (GENERIC.MP) #1125. The query in question occasionally utilizes around 40% of the CPU, with CPU1 and CPU2 being more utilized compared to CPU0 and CPU3. This suggests that the workload might not be well-balanced across all cores. I am monitoring the system to ensure that CPU usage by PostgreSQL does not lead to performance issues, especially if more queries are executed simultaneously. Other processes (such as httpd, relayd, etc.) are consuming minimal CPU time, indicating they are not contributing significantly to the overall load. The *top output* and *dmesg output* are included below. Given this setup, could someone please provide guidance on the best practices for optimizing PostgreSQL performance under OpenBSD? Are there specific kernel or PostgreSQL configurations that might help distribute the load more evenly across all CPU cores, or is this a case that requires a more powerful CPU? Thank you in advance for your assistance. Best regards, Kihaguru *top Output:* load averages: 0.27, 0.07, 0.02 if.my.domain 14:11:3563 processes: 61 idle, 2 on processor up 63 days 06:11:29CPU0 states: 3.0% user, 0.0% nice, 1.6% sys, 0.0% spin, 0.0% intr, 95.4% idleCPU1 states: 47.9% user, 0.0% nice, 6.2% sys, 0.6% spin, 0.0% intr, 45.3% idleCPU2 states: 33.0% user, 0.0% nice, 4.0% sys, 0.0% spin, 0.0% intr, 63.0% idleCPU3 states: 5.8% user, 0.0% nice, 0.6% sys, 0.0% spin, 0.0% intr, 93.6% idleMemory: Real: 199M/3048M act/tot Free: 12G Cache: 1672M Swap: 0K/16G PID USERNAME PRI NICE SIZE RES STATE WAIT TIMECPU COMMAND77669 _postgre 580 169M 80M onproc/2 - 0:10 35.60% postgres1 _relayd20 5112K 8456K sleep/0 kqread 17:38 0.05% relayd16136 www20 8272K 12M sleep/1 kqread 40:05 0.00% httpd15178 www20 8140K 11M sleep/3 kqread 39:43 0.00% httpd41797 www20 7892K 11M sleep/3 kqread 39:40 0.00% httpd30439 _relayd20 1572K 4176K sleep/2 kqread 36:41 0.00% relayd48133 _relayd20 1564K 4148K sleep/1 kqread 35:55 0.00% relayd84898 _relayd2 0 1572K 4164K sleep/1 kqread 35:34 0.00% relayd88687 _relayd 20 5076K 8440K sleep/2 kqread 17:29 0.00% relayd 1500 _relayd20 5276K 8600K sleep/0 kqread 16:52 0.00% relayd58290 www20 1612K 2556K sleep/1 kqread6:24 0.00% slowcgi86189 _pflogd40 764K 1588K sleep/2 bpf 3:40 0.00% pflogd 5982 root 20 1120K 1584K idle kqread2:58 0.00% sshd45035 www20 2388K 4532K sleep/2 kqread1:21 0.00% httpd82363 _syslogd 20 1228K 1648K sleep/2 kqread 1:10 0.00% syslogd38604 _relayd20 1624K 4040K sleep/2 kqread1:08 0.00% relayd59324 _postgre 20 146M 7596K sleep/1 kqread1:02 0.00% postgres58070 _postgre 20 146M 15M sleep/3 kqread1:01 0.00% postgres11204 _relayd20 1468K 3816K sleep/1 kqread0:29 0.00% relayd 1 root 100 644K 632K idle wait 0:22 0.00% init68961 _postgre 20 146M 8984K sleep/2 kqread0:13 0.00% postgres28371 _postgre 20 146M 61M idle kqread 0:10 0.00% postgres12040 _postgre 20 146M 5604K idle kqread0:07 0.00% postgres45123 _ntp 20 1060K 2748K idle kqread0:07 0.00% ntpd67766 root 20 888K 1516K idle kqread0:06 0.00% cron11185 root 2 -20 992K 1296K idle kqread0:05 0.00% ntpd48084 kihaguru 280 2792K 4904K onproc/0 - 0:02 0.00% top33981 _postgre 20 146M 4908K idle kqread0:01 0.00% postgres 9380 _ntp 2 -20 1132K 2876K idle kqread0:01 0.00% ntpd 3091 kihaguru 20 1412K 3576K sleep/2 kqread0:00 0.00% sshd61657 root 20 3024K 5120K idle kqread0:00 0.00% relayd44011 kihaguru 30 1764K 6332K idle ttyin 0:00 0.00% psql88332 www20 2616K 2720K sleep/1 kqread 0:00 0.00% ShelveAssortItem57595 kihaguru 180 880K 904K idle sigsusp 0:00 0.00% ksh64781 kihaguru 20 1412K 3572K idle kqread0:00 0.00% sshd 1477 root 20 1220K 4348K idle kqread0:00 0.00% sshd52393 _smtpq 20 1676K 3548K idle kqread0:00 0.00% smtpd43301 _dhcp 20 868K 1760K idle kqread 0:00 0.00% dhcpleased 6184 _dhcp 20 856K 1780K idle kqread0:00 0.00% dhcpleased31249 root 20 728K 1480K idle netio 0:00 0.00% pflogd20367 root 20 752K 2492K idle netio 0:00 0.00% syslogd85654 _smtpd 20 2128K 4916K idle kqread0:00 0.00% smtpd30336 root 20 1728K 2296K i
Fwd: Support Update
Hi, This is a polite reminder to restore listing as follows. 0 C Kenya P T Nairobi Z P.O. Box 30164-00100 O Consultant I Kihaguru Njenga Gathura A M kihaguru.gath...@gmail.com U B +254 7 0697 0697 X N OpenBSD consulting. Speciality in web applications development with OpenBSD-httpd web server, PostgreSQL DBMS, FastCGI protocol and C programming language. Regards Kihaguru. -- Forwarded message - From: Kihaguru Gathura Date: Thu, 25 Jan 2024, 21:43 Subject: Re: Support Update To: Ingo Schwarze Cc: , Hi Ingo, Thank you for your understanding. The domain situation is lingering a bit too long due to reliability issues with my current provider. To preserve listing, Please update as follows. Regards, Kihaguru 0 C Kenya P T Nairobi Z P.O. Box 30164-00100 O Consultant I Kihaguru Njenga Gathura A M kihaguru.gath...@gmail.com U B +254 7 0697 0697 X N OpenBSD consulting. Speciality in web applications development with OpenBSD-httpd web server, PostgreSQL DBMS, FastCGI protocol and C programming language. On Sat, Jan 6, 2024 at 5:44 PM Ingo Schwarze wrote: > Hello once more, > > Ingo Schwarze wrote on Sat, Jan 06, 2024 at 03:16:49PM +0100: > > Kihaguru Gathura wrote > > on Tue, Jan 02, 2024 at 03:53:21PM +0300: > > >> 0 > >> C Kenya > >> P > >> T Nairobi > >> Z P.O. Box 30164-00100 > >> O IFINAX Ltd > >> I Kihaguru Njenga Gathura > >> A Bishops Road > >> M info@ifinax. net > > > As far as i can see, this is the only line you want to change, > > but the new version of the line is malformed: it must not contain > > angle brackets. > > > > It is not clear to me whether you want > > > > M i...@ifinax.net > > > > or > > > > M i...@pqscript.com > > > > or even something else? > > Apart from the HTTP issues reported earlier, i see issues with your SMTP > configuration as well: > >$ date > Sat Jan 6 15:21:00 CET 2024 >$ host -t any pqscript.com > Host pqscript.com not found: 3(NXDOMAIN) > > This is not good because a domain must have at least SOA and MX records > to be usable for SMTP. > >$ host -t soa ifinax.net > ifinax.net has SOA record ns1.safaricombusiness.co.ke. \ > EnterpriseISPSystems.Safaricom.co.ke. 2023121202 3600 1800 1209600 86400 >$ host -t mx ifinax.net ns1.safaricombusiness.co.ke > Using domain server: > Name: ns1.safaricombusiness.co.ke > Address: 41.203.208.129#53 > Aliases: > > ifinax.net mail is handled by 0 rat-03.safaricombusiness.co.ke. > ifinax.net mail is handled by 0 rat-04.safaricombusiness.co.ke. > ifinax.net mail is handled by 0 rat-01.safaricombusiness.co.ke. > ifinax.net mail is handled by 0 rat-02.safaricombusiness.co.ke. > >$ telnet rat-03.safaricombusiness.co.ke smtp > Trying 41.203.208.141... > Connected to rat-03.safaricombusiness.co.ke. > Escape character is '^]'. > 220 thk-tes-rat05.safaricombusiness.co.ke ESMTP > MAIL From: > 250 sender ok > RCPT To: > 550 #5.1.0 Address rejected. > QUIT > 221 thk-tes-rat05.safaricombusiness.co.ke > Connection closed by foreign host. > > The identical problem occurs when i relay the mail via the official > outgoing mailserver of the Karlsruhe Institute of Technology: > > Reporting-MTA: dns; smarthost.kit.edu > Action: failed > Final-Recipient: rfc822;i...@ifinax.net > Status: 5.0.0 > Remote-MTA: dns; rat-02.safaricombusiness.co.ke > Diagnostic-Code: smtp; 550 #5.1.0 Address rejected. > > So please fix your mail server first, and then tell me which email > address you want listed after that. > > Yours, > Ingo > > >> U > > > > While we are sorting this out, can we please also add a working > > WWW URI? I mean, a "Ltd" company almost certainly has a website > > nowadays, and listing that would be very helpful for users. > > > > However, this does not look good: > > > >$ date > > Sat Jan 6 15:01:57 CET 2024 > >$ printf "GET / HTTP/1.0\r\n\r\n" | nc ifinax.net http > > HTTP/1.0 302 Found > > Connection: close > > Content-Length: 486 > > Content-Type: text/html > > Date: Sat, 06 Jan 2024 14:02:15 GMT > > Location: https://ifinax.com/ > > Server: OpenBSD httpd > > > > > > [ ... snip ... ] > > > >$ printf "GET / HTTP/1.0\r\n\r\n" | nc -cvD ifinax.com https > > Connection to ifinax.com (41.90.23.242) 443 port [tcp/https] > succeeded! > > TLS handshake negotiated TLSv1.3/TLS_AES_256_GCM_SHA384 with host > ifinax.com > > Peer name: ifinax.com > >
Re: Support Update
Hi Ingo, Thank you for your understanding. The domain situation is lingering a bit too long due to reliability issues with my current provider. To preserve listing, Please update as follows. Regards, Kihaguru 0 C Kenya P T Nairobi Z P.O. Box 30164-00100 O Consultant I Kihaguru Njenga Gathura A M kihaguru.gath...@gmail.com U B +254 7 0697 0697 X N OpenBSD consulting. Speciality in web applications development with OpenBSD-httpd web server, PostgreSQL DBMS, FastCGI protocol and C programming language. On Sat, Jan 6, 2024 at 5:44 PM Ingo Schwarze wrote: > Hello once more, > > Ingo Schwarze wrote on Sat, Jan 06, 2024 at 03:16:49PM +0100: > > Kihaguru Gathura wrote > > on Tue, Jan 02, 2024 at 03:53:21PM +0300: > > >> 0 > >> C Kenya > >> P > >> T Nairobi > >> Z P.O. Box 30164-00100 > >> O IFINAX Ltd > >> I Kihaguru Njenga Gathura > >> A Bishops Road > >> M info@ifinax. net > > > As far as i can see, this is the only line you want to change, > > but the new version of the line is malformed: it must not contain > > angle brackets. > > > > It is not clear to me whether you want > > > > M i...@ifinax.net > > > > or > > > > M i...@pqscript.com > > > > or even something else? > > Apart from the HTTP issues reported earlier, i see issues with your SMTP > configuration as well: > >$ date > Sat Jan 6 15:21:00 CET 2024 >$ host -t any pqscript.com > Host pqscript.com not found: 3(NXDOMAIN) > > This is not good because a domain must have at least SOA and MX records > to be usable for SMTP. > >$ host -t soa ifinax.net > ifinax.net has SOA record ns1.safaricombusiness.co.ke. \ > EnterpriseISPSystems.Safaricom.co.ke. 2023121202 3600 1800 1209600 86400 >$ host -t mx ifinax.net ns1.safaricombusiness.co.ke > Using domain server: > Name: ns1.safaricombusiness.co.ke > Address: 41.203.208.129#53 > Aliases: > > ifinax.net mail is handled by 0 rat-03.safaricombusiness.co.ke. > ifinax.net mail is handled by 0 rat-04.safaricombusiness.co.ke. > ifinax.net mail is handled by 0 rat-01.safaricombusiness.co.ke. > ifinax.net mail is handled by 0 rat-02.safaricombusiness.co.ke. > >$ telnet rat-03.safaricombusiness.co.ke smtp > Trying 41.203.208.141... > Connected to rat-03.safaricombusiness.co.ke. > Escape character is '^]'. > 220 thk-tes-rat05.safaricombusiness.co.ke ESMTP > MAIL From: > 250 sender ok > RCPT To: > 550 #5.1.0 Address rejected. > QUIT > 221 thk-tes-rat05.safaricombusiness.co.ke > Connection closed by foreign host. > > The identical problem occurs when i relay the mail via the official > outgoing mailserver of the Karlsruhe Institute of Technology: > > Reporting-MTA: dns; smarthost.kit.edu > Action: failed > Final-Recipient: rfc822;i...@ifinax.net > Status: 5.0.0 > Remote-MTA: dns; rat-02.safaricombusiness.co.ke > Diagnostic-Code: smtp; 550 #5.1.0 Address rejected. > > So please fix your mail server first, and then tell me which email > address you want listed after that. > > Yours, > Ingo > > >> U > > > > While we are sorting this out, can we please also add a working > > WWW URI? I mean, a "Ltd" company almost certainly has a website > > nowadays, and listing that would be very helpful for users. > > > > However, this does not look good: > > > >$ date > > Sat Jan 6 15:01:57 CET 2024 > >$ printf "GET / HTTP/1.0\r\n\r\n" | nc ifinax.net http > > HTTP/1.0 302 Found > > Connection: close > > Content-Length: 486 > > Content-Type: text/html > > Date: Sat, 06 Jan 2024 14:02:15 GMT > > Location: https://ifinax.com/ > > Server: OpenBSD httpd > > > > > > [ ... snip ... ] > > > >$ printf "GET / HTTP/1.0\r\n\r\n" | nc -cvD ifinax.com https > > Connection to ifinax.com (41.90.23.242) 443 port [tcp/https] > succeeded! > > TLS handshake negotiated TLSv1.3/TLS_AES_256_GCM_SHA384 with host > ifinax.com > > Peer name: ifinax.com > > Subject: /CN=ifinax.com > > Issuer: /C=US/O=Let's Encrypt/CN=R3 > > Valid From: Fri Nov 3 08:43:56 2023 > > Valid Until: Thu Feb 1 08:43:55 2024 > > Cert Hash: > SHA256:aa6ea558a0d1e76067225762f3dbd8982cf5cbc73f1c66b9cc47111db05f65b0 > > OCSP URL: http://r3.o.lencr.org > >$ echo $? > > 0 > > > > It appears the TLS TCP connection to the https port works, but then > > the web server immediately closes the connection instead of waiting > > for HTTP requests. > > > > Can you fix the server such that we can add > > > > U https://ifinax.com/ > > > > or should a different URI be listed? > > > > Until these issues are worked out, i refrain from touching the existing > > entry for Kihaguru Njenga Gathura, for now. > > > >> B +254 7 0697 0697 > >> X > >> N OpenBSD consulting. Speciality in web applications > >> development with OpenBSD-httpd web server, PostgreSQL DBMS, FastCGI > >> protocol and C programming language. >
Support Update
0 C Kenya P T Nairobi Z P.O. Box 30164-00100 O IFINAX Ltd I Kihaguru Njenga Gathura A Bishops Road M info@ifinax. net U B +254 7 0697 0697 X N OpenBSD consulting. Speciality in web applications development with OpenBSD-httpd web server, PostgreSQL DBMS, FastCGI protocol and C programming language.
[no subject]
Greetings, The following message occurs when linking C files in OpenBSD 7.3 AMD64 Platform. <- fe-exec.c(fe-exec.o:(PQmakeEmptyPGresult) in archive /usr/local/lib/libpq.a): warning: strcpy() is almost always misused, please use strlcpy() -> Regards, Kihaguru
Re: Hardware RAID on Poweredge Servers
Thanks for the info. Regards, Kihaguru. On Fri, Mar 31, 2023 at 7:36 AM Kenneth Gober wrote: > On Thu, Mar 30, 2023 at 12:37 PM Kihaguru Gathura < > kihagurugath...@gmail.com> wrote: > >> Is hardware RAID on Poweredge servers (T340, PERC H330 in particular) >> generally stable enough for production or is it safer to stick with >> OpenBSD >> softraid? >> > > I haven't used the H330, but the PERC 5/i and the PERC H700 have worked > fine for > me. In terms of 'safety' I advise having a spare controller on hand > because if your > controller fails recovery will be simplest if you have the same controller > (with the same > firmware version) on hand. > > Note that mounting a RAID volume on a newer controller (or the same > controller with > newer firmware) may prevent that volume from being attached to an older > controller later. > So don't try doing fancy things like moving the drives to a newer system > to take a backup, > then trying to move them back to their original system later unless you > have the same > controller in both systems. > > In general I prefer hardware RAID because it's more likely you'll be able > to easily boot your > system if the array is running in a degraded state due to a drive failure > (perhaps you might > need to press F1 or something to continue). With softraid, you might need > to type special > commands at the console to force booting or mounting a volume with a > failed drive in it. > This may be a problem if you are in a rush to bring the system back up and > don't have a > convenient way to look up the necessary commands. > > -ken >
Hardware RAID on Poweredge Servers
Hello, Is hardware RAID on Poweredge servers (T340, PERC H330 in particular) generally stable enough for production or is it safer to stick with OpenBSD softraid? Regards, Kihaguru.
HP Proliant ML350 Generation9 (Gen9) E5-2620v4 on OpenBSD
Hello, Is HP Proliant ML350 Generation9 (Gen9) E5-2620v4 suited for OpenBSD? If so, does it run stably? Regards Kihaguru.
Re: MAKEDEV not creating ttyU devices that have unit numbers beyond 9
Got it, thanks! On Tue, 18 Jan 2022, 10:49 Otto Moerbeek, wrote: > On Tue, Jan 18, 2022 at 10:42:15AM +0300, Kihaguru Gathura wrote: > > > Hi > > > > Connecting a couple of modems but unable to make devices beyond cuaU9 > > > > root# sh /dev/MAKEDEV ttyU10 > > ttyU10: unknown device > > root# sh /dev/MAKEDEV ttyU11 > > ttyU11: unknown device > > root# sh /dev/MAKEDEV ttyU12 > > ttyU12: unknown device > > > > The devices show up as UMSM 10 UCOM 10 etcetera up to 27 at console > > > > What is the way to create devices with unit numbers beyond 9? > > > > Regards, > > > > Kihaguru. > > > See the MAKEDEV script: ttyU[0-9a-zA-Z] > > So after 9 comes a > > -Otto >
MAKEDEV not creating ttyU devices that have unit numbers beyond 9
Hi Connecting a couple of modems but unable to make devices beyond cuaU9 root# sh /dev/MAKEDEV ttyU10 ttyU10: unknown device root# sh /dev/MAKEDEV ttyU11 ttyU11: unknown device root# sh /dev/MAKEDEV ttyU12 ttyU12: unknown device The devices show up as UMSM 10 UCOM 10 etcetera up to 27 at console What is the way to create devices with unit numbers beyond 9? Regards, Kihaguru.
Re: umsm: sparc64
Hi, sparc64 dmesg buffer is populated by the message below and grows on a daily basis; I am writing for general guidance on how to solve this problem. umsm0: this device is not using CDC notify message in intr pipe. Please send your dmesg to , thanks. Please see the dmesg below. Thank you, Kihaguru On Wed, Jul 3, 2019 at 6:44 PM Kihaguru Gathura wrote: > > Try adding umsm to /sys/arch/sparc64/conf/GENERIC and build a new kernel. > > If it works ok, report back, maybe we can add it to the standard kernel. > > Have added umsm to GENERIC and built a new kernel => modem works as > desired at cuaU0 -s 115200. > > Next will build a multiprocessor kernel using GENERIC.MP and continue > testing and using the modem. > > However error messages noted at dmesg (umsm0: this device is not using > CDC notify message in intr pipe.) > > Thank you, > > Kihaguru. > > + > console is /pci@83,4000/isa@7/su@0,3f8 > Copyright (c) 1982, 1986, 1989, 1991, 1993 > The Regents of the University of California. All rights reserved. > Copyright (c) 1995-2019 OpenBSD. All rights reserved. > https://www.OpenBSD.org > > OpenBSD 6.5 (WWW) #0: Wed Jul 3 13:36:10 EAT 2019 > r...@www.datastore.ke:/usr/src/sys/arch/sparc64/compile/WWW > real mem = 17179869184 (16384MB) > avail mem = 16862699520 (16081MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root: Fujitsu Siemens PRIMEPOWER250 2x SPARC64 V > cpu0 at mainbus0: FJSV,SPARC64-V (rev 5.1) @ 1979 MHz > cpu0: physical 128K instruction (64 b/l), 128K data (64 b/l), 3072K > external (64 b/l) > "FJSV,SPARC64-V" at mainbus0 not configured > psycho0 at mainbus0 addr 0xfffb2000: SUNW,psycho, impl 0, version 4, ign c0 > psycho0: bus range 0-0, PCI bus 0 > psycho0: dvma map fe00-, STC0 enabled > pci0 at psycho0 > ebus0 at pci0 dev 1 function 0 "Sun PCIO EBus2" rev 0x01 > "FJSV,scfc" at ebus0 addr 21-210085, 22-220031, 26-260001, > 27-28 ivec 0x23 not configured > "FJSV,flashprom" at ebus0 addr 0-3f not configured > clock1 at ebus0 addr 25-251fff: mk48t59 > "FJSV,panel" at ebus0 addr 210011-210011 ivec 0x25 not configured > ebus1 at pci0 dev 7 function 0 "Acer Labs M1533 ISA" rev 0x00 > com0 at ebus1 addr 3f8-3ff ivec 0x2b: ns16550a, 16 byte fifo > com0: console > com1 at ebus1 addr 2e8-2ef ivec 0x2b: ns16550a, 16 byte fifo > hme0 at pci0 dev 1 function 1 "Sun HME" rev 0x01: ivec 0xe1, address > 00:0b:5d:f3:a7:5c > nsphyter0 at hme0 phy 1: DP83843 10/100 PHY, rev. 0 > mpi0 at pci0 dev 2 function 1 "Symbios Logic 53c1030" rev 0x07: ivec 0xe0 > mpi0: 0, firmware 1.0.12.0 > scsibus1 at mpi0: 16 targets, initiator 7 > sym0 at scsibus1 targ 0 lun 0: SCSI2 > 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00RAR_AAN0P5200RAR > sd0 at scsibus0 targ 0 lun 0: SCSI2 > 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00RAR_AAN0P5200RAR > sd0: 70007MB, 512 bytes/sector, 143374738 sectors > sym1 at scsibus1 targ 1 lun 0: SCSI2 > 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00SSL_AAN0P5200SSL > sd1 at scsibus0 targ 1 lun 0: SCSI2 > 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00SSL_AAN0P5200SSL > sd1: 70007MB, 512 bytes/sector, 143374738 sectors > mpi0: target 0 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1 > mpi0: target 1 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1 > pciide0 at pci0 dev 13 function 0 "Acer Labs M5229 UDMA IDE" rev 0xc4: > DMA, channel 0 configured to native-PCI, channel 1 configured to > native-PCI > pciide0: using ivec 0xe4 for native-PCI interrupt > atapiscsi0 at pciide0 channel 0 drive 0 > scsibus2 at atapiscsi0: 2 targets > cd0 at scsibus2 targ 0 lun 0: ATAPI > 5/cdrom removable > cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 > pciide0: channel 1 disabled (no drives) > ohci0 at pci0 dev 10 function 0 "Acer Labs M5237 USB" rev 0x03: ivec > 0xe9, version 1.0, legacy support > usb0 at ohci0: USB revision 1.0 > uhub0 at usb0 configuration 1 interface 0 "Acer Labs OHCI root hub" > rev 1.00/1.00 addr 1 > psycbrgphy0 at bge0 phy 1: BCM5703 10/100/1000baseT PHY, rev. 2 > timer0 at mainbus0 addr 0xfff8bc00 ivec 0xec, 0xed > umsm0 at uhub0 port 1 configuration 1 interface 0 "HUAWEI HUAWEI > Mobile" rev 2.00/1.02 addr 2 > ucom0 at umsm0 > umsm1 at uhub0 port 1 configuration 1 interface 1 "HUAWEI HUAWEI > Mobile" rev 2.00/1.02 addr 2 > ucom1 at umsm1 > umsm2 at uhub0 port 1 configuration 1 interface 2 "HUAWEI HUAWEI > Mobile" rev 2.00/1.02 addr 2 > ucom2 at umsm2 > umass0 at uhub0 port 1 configuration 1
Re: argv from bogus argc
Yes, I did ! Thank you. On Mon, May 24, 2021 at 4:51 PM Omar Polo wrote: > > Kihaguru Gathura writes: > > > While testing to determine command line arguments passed to a cgi file > > using the *function 1*, I receive the message *output 1.* > > one argument is passed and that is the name of the file. > > > > However, testing with a bogus number 30 for argc in *function 2*, > discloses > > multiple arguments beyond the last null argument argv[1] see *output 2.* > > There is also a null value at bogus argc number 29. > > > > Why are these additional argv values generated? > > haven't you gone out-of-bound and started printing the envp? > > > > > > > > > *Function 1:* > > > > > > > > /**/ > > > > void TestCommandLineArguments(int argc, char *argv[]) > > { > > unsigned short int i = 0; > > > > if (argc == 1) /* if one command line argument is passed > */ > > { > > PrintPageUpper(); > > > > while(i < argc) > > { > > printf("\t\t(i = %2$d) argc: %1$d, \ > >argv[%2$d]: \"%3$s\"\n", argc, \ > >i, argv[i]); > > i++; > > } > > > > PrintPageLower(); > > exit(EXIT_SUCCESS); > > > >} > > > > if (argc != 1) > > { > > PrintPageUpper(); > > puts("\t\t(Multiple Arguments)"); > > PrintPageLower(); > > exit(EXIT_SUCCESS); > > } > > } > > > > > > /**/ > > > > > > *Output 1: * > > > > (i = 0) argc: 1, argv[0]: "//xyz/xyz.html" > > > > > > > > > > > > > > *Function 2:* > > > > > > /**/ > > > > void TestCommandLineArguments(int argc, char *argv[]) > > { > > unsigned short int i = 0; > > #define BOGUS_ARGC 30 > > > > if (argc == 1) > > { > > PrintPageUpper(); > > > > while(i < BOGUS_ARGC) > > { > > printf("\t\t(i = %2$d) argc: %1$d, \ > >argv[%2$d]: \"%3$s\"\n", BOGUS_ARGC, \ > >i, argv[i]); > > i++; > > } > > > > PrintPageLower(); > > exit(EXIT_SUCCESS); > > > >} > > > > if (argc == 1) > > { > > PrintPageUpper(); > > puts("\t\t(Single Argument)"); > > PrintPageLower(); > > exit(EXIT_SUCCESS); > > } > > } > > > > > > /**/ > > > > *Output 2:* > > > > (i = 0) argc: 30, > argv[0]: > > "//xyz/xyz.html" > > (i = 1) argc: 30, > argv[1]: "(null)" > > (i = 2) argc: 30, > argv[2]: > > "SERVER_SOFTWARE=OpenBSD httpd" > > (i = 3) argc: 30, > argv[3]: > > "SERVER_PROTOCOL=HTTP/1.1" > > (i = 4) argc: 30, > argv[4]: > > "SERVER_NAME=xyz.com" > > (i = 5) argc: 30, > argv[5]: > > "SERVER_PORT=443" > > (i = 6) argc: 30, > argv[6]: > > "SERVER_ADDR=xyz.xyz.xy.xyz" > > (i = 7) argc: 30, > argv[7]: > > "REQUEST_URI=/xyz/xyz.html" > > (i = 8) argc: 30, > argv[8]: > > "REQUEST_METHOD=GET" > > (i = 9) argc: 30, > argv[9]: > > "REMOTE_PORT=36818" > > (i = 10) argc: 30, > argv[10]: > > "REMOTE_ADDR=xyz.xyz.xy.xyz" > > (i = 11) argc: 30, > argv[11]: "HTTPS=on" > > (i = 12) argc: 30, > argv[12]: > > &quo
argv from bogus argc
While testing to determine command line arguments passed to a cgi file using the *function 1*, I receive the message *output 1.* one argument is passed and that is the name of the file. However, testing with a bogus number 30 for argc in *function 2*, discloses multiple arguments beyond the last null argument argv[1] see *output 2.* There is also a null value at bogus argc number 29. Why are these additional argv values generated? *Function 1:* /**/ void TestCommandLineArguments(int argc, char *argv[]) { unsigned short int i = 0; if (argc == 1) /* if one command line argument is passed */ { PrintPageUpper(); while(i < argc) { printf("\t\t(i = %2$d) argc: %1$d, \ argv[%2$d]: \"%3$s\"\n", argc, \ i, argv[i]); i++; } PrintPageLower(); exit(EXIT_SUCCESS); } if (argc != 1) { PrintPageUpper(); puts("\t\t(Multiple Arguments)"); PrintPageLower(); exit(EXIT_SUCCESS); } } /**/ *Output 1: * (i = 0) argc: 1, argv[0]: "//xyz/xyz.html" *Function 2:* /**/ void TestCommandLineArguments(int argc, char *argv[]) { unsigned short int i = 0; #define BOGUS_ARGC 30 if (argc == 1) { PrintPageUpper(); while(i < BOGUS_ARGC) { printf("\t\t(i = %2$d) argc: %1$d, \ argv[%2$d]: \"%3$s\"\n", BOGUS_ARGC, \ i, argv[i]); i++; } PrintPageLower(); exit(EXIT_SUCCESS); } if (argc == 1) { PrintPageUpper(); puts("\t\t(Single Argument)"); PrintPageLower(); exit(EXIT_SUCCESS); } } /**/ *Output 2:* (i = 0) argc: 30,argv[0]: "//xyz/xyz.html" (i = 1) argc: 30,argv[1]: "(null)" (i = 2) argc: 30,argv[2]: "SERVER_SOFTWARE=OpenBSD httpd" (i = 3) argc: 30,argv[3]: "SERVER_PROTOCOL=HTTP/1.1" (i = 4) argc: 30,argv[4]: "SERVER_NAME=xyz.com" (i = 5) argc: 30,argv[5]: "SERVER_PORT=443" (i = 6) argc: 30,argv[6]: "SERVER_ADDR=xyz.xyz.xy.xyz" (i = 7) argc: 30,argv[7]: "REQUEST_URI=/xyz/xyz.html" (i = 8) argc: 30,argv[8]: "REQUEST_METHOD=GET" (i = 9) argc: 30,argv[9]: "REMOTE_PORT=36818" (i = 10) argc: 30,argv[10]: "REMOTE_ADDR=xyz.xyz.xy.xyz" (i = 11) argc: 30,argv[11]: "HTTPS=on" (i = 12) argc: 30,argv[12]: "HTTP_X_FORWARDED_FOR=xyz.xyz.xy.xyz" (i = 13) argc: 30,argv[13]: "HTTP_X_FORWARDED_BY=xyz.xyz.xy.xyz:8443" (i = 14) argc: 30,argv[14]: "HTTP_USER_AGENT=Mozilla/5.0 (X11; OpenBSD amd64; rv:62.0) Gecko/20100101 Firefox/62.0" (i = 15) argc: 30,argv[15]: "HTTP_UPGRADE_INSECURE_REQUESTS=1" (i = 16) argc: 30,argv[16]: "HTTP_HOST=xyz.com" (i = 17) argc: 30,argv[17]: "HTTP_CONNECTION=keep-alive" (i = 18) argc: 30,argv[18]: "HTTP_CACHE_CONTROL=max-age=0" (i = 19) argc: 30,argv[19]: "HTTP_ACCEPT_LANGUAGE=en-US,en;q=0.5" (i = 20) argc: 30,argv[20]: "HTTP_ACCEPT_ENCODING=gzip, deflate, br" (i = 21) argc: 30,argv[21]: "HTTP_ACCEPT=text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" (i = 22) argc: 30,argv[22]: "GATEWAY_INTERFACE=CGI/1.1" (i = 23) argc: 30
Re: Primepower 250 vs Sunfire v215
> not really possible with the primepower 250 (hard to find any kind of SSD There is industrial grade 80-pin SCA-2 SSD, Ultra320 by Hagiwara. Can be limited to 73GB or 147GB usable on a Primepower 250. They say and I quote: "Hagiwara specializes in industrial grade flash storage and our customers pay a premium for extra endurance and reliability." On Sunday, September 20, 2020, Claudio Jeker wrote: > On Sun, Sep 20, 2020 at 08:00:45PM +0300, Kihaguru Gathura wrote: >> > The Primepower is bigger and needs more power but if you find a box with >> > good CPUs and memory it should run faster than a V215 >> >> How did the performance of the PrimePower 250 SCSI drives compare to Sun >> Fire V215 SAS drives? > > Any spinning rust is slow compared to SSD disks. I run my Fire V215 with a > NVME disk for the busy partitions (but boot from the SAS drives). This is > not really possible with the primepower 250 (hard to find any kind of SSD > for that system). > > -- > :wq Claudio >
Re: HP microsever gen 10 AMD x3216
With pckbc disabled, boot stops at _ _ _ isa0 at mainbus0 >>> probing for com0 >>> probing for com0 failed >>> probing for com1 >>> probing for com1 failed >>> probing for com2 >>> probing for com2 failed >>> probing for vga0 >>> probing for vga0 failed _ Thanks Kihaguru On Sunday, March 21, 2021, Stuart Henderson wrote: > On 2021-03-20, Kihaguru Gathura wrote: >> Hello, >> >> OpenBSD 6.8 amd64 iso installation hangs @ >> >> _ >> _ >> _ >> isa0 at mainbus0 >> pckbc0 at isa0 port 0x60/5 irq 1 irq 12 >> _ >> >> >> Any lead on this? >> >> Thanks, >> >> Kihaguru >> > > Does it help to "boot -c" and "disable pckbc"? > > >
HP microsever gen 10 AMD x3216
Hello, OpenBSD 6.8 amd64 iso installation hangs @ _ _ _ isa0 at mainbus0 pckbc0 at isa0 port 0x60/5 irq 1 irq 12 _ Any lead on this? Thanks, Kihaguru
Re: WAF using OpenBSD relayd
Hi all, Any links to a basic WAF rule set that may be implemented with relayd is highly appreciated. The assessor will not give any details. Their suggestion on moving over to modsecurity is a rather generic approach to solving a problem, and a pathway to dependency...not interesting. [image: image.png] Kind regards, Kihaguru. On Sat, Aug 29, 2020 at 3:07 PM Stuart Henderson wrote: > On 2020-08-28, Kihaguru Gathura wrote: > > Hi, > > > > The subject to the previous email below read 'solved'. this was by error. > > this has not been solved. > > > > Any assistance is highly appreciated. > > I think you will need to talk to your assessors and ask what they're > > looking for. > > >
Primepower 250 vs Sunfire v215
Hi Theo, Thanks, This would have gotten me broke. Just looked at the price tags. unbelievable! Regards, Kihaguru. On Thursday, September 24, 2020, Theo de Raadt wrote: > Kihaguru Gathura wrote: > >> Do you have experience with the Oracle 3.2TB NVMe PCIE 3.0 Solid State >> Drive with the V215? > > Wow, you have a thick wallet. Use a regular laptop NVME + adapter card > for PCIE and find somewhere else to spend the money. >
Re: Primepower 250 vs Sunfire v215
Hi Claudio, Based on your experience, which is the go to make for NVME Drive? Do you have experience with the Oracle 3.2TB NVMe PCIE 3.0 Solid State Drive with the V215? Kind regards, Kihaguru. On Sunday, September 20, 2020, Claudio Jeker wrote: > On Sun, Sep 20, 2020 at 08:00:45PM +0300, Kihaguru Gathura wrote: >> > The Primepower is bigger and needs more power but if you find a box with >> > good CPUs and memory it should run faster than a V215 >> >> How did the performance of the PrimePower 250 SCSI drives compare to Sun >> Fire V215 SAS drives? > > Any spinning rust is slow compared to SSD disks. I run my Fire V215 with a > NVME disk for the busy partitions (but boot from the SAS drives). This is > not really possible with the primepower 250 (hard to find any kind of SSD > for that system). > > -- > :wq Claudio >
Re: Primepower 250 vs Sunfire v215
> The Primepower is bigger and needs more power but if you find a box with > good CPUs and memory it should run faster than a V215 How did the performance of the PrimePower 250 SCSI drives compare to Sun Fire V215 SAS drives? Thanks and regards, Kihaguru
Primepower 250 vs Sunfire v215
Hi, For those who have experience with older Sparc machines, Which hardware offers better reliability/stability? Fujitsu Primepower 250 or Sun fire V215. Kind regards Kihaguru.
WAF using OpenBSD relayd
Hi, The subject to the previous email below read 'solved'. this was by error. this has not been solved. Any assistance is highly appreciated. Kind regards, Kihaguru. -- Forwarded message ------ From: Kihaguru Gathura Date: Sunday, August 23, 2020 Subject: Re: No WAF detected - Solved To: misc Hi, The following template has previously worked as far as WAF detection is concerned. However accessors keep updating their tools, this configuration is no longer effective. Anyone using relayd as WAF? What sort of configuration options do you have? Kind regards, Kihaguru. --- # $OpenBSD: relayd.conf,v 1.5 2018/05/06 20:56:55 benno Exp $ # # Relay and protocol # http protocol httpp { pass request quick method "GET" block } relay httpr { # Listen on localhost, accept diverted connections from pf(4) listen on 127.0.0.1 port 8080 protocol httpp # Forward to the original target host forward to destination } http protocol httpsp { match request header append "X-Forwarded-For" value "$REMOTE_ADDR" match request header append "X-Forwarded-By" \ value "$SERVER_ADDR:$SERVER_PORT" match response header remove "Server" pass request quick url file "/etc/mydomain-url.txt" pass request quick path file "/etc/mydomain-path.txt" pass request quick method "GET" block tls keypair mydomain.com } relay httpsr { # Listen on localhost, accept diverted connections from pf(4) listen on 127.0.0.1 port 8443 tls protocol httpsp # Forward to the original target host forward with tls to destination } -------- -- Forwarded message - From: Kihaguru Gathura Date: Fri, Dec 27, 2019 at 10:40 PM Subject: Re: No WAF detected - Solved To: Kihaguru Gathura , misc Hi, WAF is detected when certain methods are filtered in relayd. Thanks, Kihaguru. On Monday, December 9, 2019, Kihaguru Gathura wrote: > > > Hi, > A message form assessors and further tests below. > > > > > I have configured relayd to serve a single url that accepts no parameters. This url is blocked by relayd with error 403 Forbidden if anything is appended to its end. > I would expect WAF detection in such a test case but this has not happened. > what other means are malicious payloads being delivered in this case? > > Thanks and regards, > Kihaguru > > > > > # $OpenBSD: relayd.conf,v 1.5 2018/05/06 20:56:55 benno Exp $ > # > # Relay and protocol > # > http protocol httpp { > return error > match response header remove "Server" > > pass > block quick path "/cgi-bin/index.cgi" value "*command=*" > pass quick path "/net/index.html" value "" > block > } > > relay httpr { > # Listen on localhost, accept diverted connections from pf(4) > listen on 127.0.0.1 port 8080 > protocol httpp > > # Forward to the original target host > forward to destination > } > > http protocol httpsp { > return error > match response header remove "Server" > > pass > block quick path "/cgi-bin/index.cgi" value "*command=*" > pass quick path "/net/index.html" value "" > block > > tls keypair example.net > } > > relay httpsr { > # Listen on localhost, accept diverted connections from pf(4) > listen on 127.0.0.1 port 8443 tls > protocol httpsp > > # Forward to the original target host > forward with tls to destination > } > --- > > On Thu, Dec 5, 2019 at 2:11 PM Stuart Henderson wrote: >> >> On 2019/12/05 00:17, Kihaguru Gathura wrote: >> > >> > >> > >> > On Wed, Dec 4, 2019 at 11:58 PM Kihaguru Gathura wrote: >> > >> > >> > >> > >>
Re: FireFox Browser 'Open File' error
Thank you for suggestions on unveil. Very helpful. Caution on running browser as root well received. Thanks and regards, Kihaguru. On Tue, Aug 25, 2020 at 9:37 PM Stuart Henderson wrote: > On 2020-08-25, Kihaguru Gathura wrote: > > Hi, > > > > I have tested on a 64 bit version of the same ThinkPad T60 and error is > > consistent.. > > See /usr/local/share/doc/pkg-readmes/firefox about unveil > > > However Firefox opens files from any folder as root on these same > machines > > running OpenBSD 6.5. > > Running any browser as root is not really a smart move > >
Re: FireFox Browser 'Open File' error
Hi, I have tested on a 64 bit version of the same ThinkPad T60 and error is consistent.. However Firefox opens files from any folder as root on these same machines running OpenBSD 6.5. Kind regards, Kihaguru. On Sat, Aug 22, 2020 at 9:34 AM Kihaguru Gathura wrote: > Hi, > > Firefox fails to list files at 'File Open' with error message: > > (firefox:89328): dconf-WARNING **: 09:12:15.835: failed to commit changes > to dconf: The given address is empty > > Please advise > > Regards, > > Kihaguru. > > > # > OpenBSD 6.7 (GENERIC.MP) #169: Thu May 7 11:37:15 MDT 2020 > dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP > real mem = 2137341952 (2038MB) > avail mem = 2082598912 (1986MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: date 04/30/07, BIOS32 rev. 0 @ 0xfd6b0, SMBIOS rev. 2.4 > @ 0xe0010 (68 entries) > bios0: vendor LENOVO version "79ETD3WW (2.13 )" date 04/30/2007 > bios0: LENOVO 195143U > acpi0 at bios0: ACPI 3.0 > acpi0: sleep states S0 S3 S4 S5 > acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET SLIC BOOT SSDT SSDT > SSDT SSDT > acpi0: wakeup devices LID_(S3) SLPB(S3) EXP0(S4) EXP1(S4) EXP2(S4) > EXP3(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB7(S3) HDEF(S4) > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpiec0 at acpi0 > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: Genuine Intel(R) CPU T2400 @ 1.83GHz ("GenuineIntel" 686-class) 1.83 > GHz, 06-0e-08 > cpu0: > FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,MWAIT,VMX,EST,TM2,xTPR,PDCM,NXE,PERF,SENSOR,MELTDOWN > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges > cpu0: apic clock running at 166MHz > cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2, IBE > cpu1 at mainbus0: apid 1 (application processor) > cpu1: Genuine Intel(R) CPU T2400 @ 1.83GHz ("GenuineIntel" 686-class) 1.83 > GHz, 06-0e-08 > cpu1: > FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,MWAIT,VMX,EST,TM2,xTPR,PDCM,NXE,PERF,SENSOR,MELTDOWN > ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins, remapped > acpimcfg0 at acpi0 > acpimcfg0: addr 0xf000, bus 0-63 > acpihpet0 at acpi0: 14318179 Hz > acpiprt0 at acpi0: bus 0 (PCI0) > acpiprt1 at acpi0: bus -1 (AGP_) > acpiprt2 at acpi0: bus 2 (EXP0) > acpiprt3 at acpi0: bus 3 (EXP1) > acpiprt4 at acpi0: bus 4 (EXP2) > acpiprt5 at acpi0: bus 12 (EXP3) > acpiprt6 at acpi0: bus 21 (PCI1) > acpicpu0 at acpi0: !C3(250@17 io@0x1015), !C2(500@1 io@0x1014), C1(1000@1 > halt), PSS > acpicpu1 at acpi0: !C3(250@17 io@0x1015), !C2(500@1 io@0x1014), C1(1000@1 > halt), PSS > acpipwrres0 at acpi0: PUBS, resource for USB0, USB2, USB7 > acpitz0 at acpi0: critical temperature is 127 degC > acpitz1 at acpi0: critical temperature is 99 degC > acpibtn0 at acpi0: LID_ > acpibtn1 at acpi0: SLPB > "PNP0A08" at acpi0 not configured > acpicmos0 at acpi0 > "IBM0071" at acpi0 not configured > "ATM1200" at acpi0 not configured > acpibat0 at acpi0: BAT0 model "COMPATIBLE" serial44 type LION oem > "SANYO" > acpiac0 at acpi0: AC unit online > acpithinkpad0 at acpi0: version 1.0 > acpidock0 at acpi0: GDCK not docked (0) > acpivideo0 at acpi0: VID_ > acpivout0 at acpivideo0: LCD0 > acpivideo1 at acpi0: VID_ > bios0: ROM list: 0xc/0xea00! 0xcf000/0x1000 0xd/0x1000 > 0xdc000/0x4000! 0xe/0x1! > cpu0: Enhanced SpeedStep 1829 MHz: speeds: 1833, 1333, 1000 MHz > pci0 at mainbus0 bus 0: configuration mode 1 (bios) > pchb0 at pci0 dev 0 function 0 "Intel 82945GM Host" rev 0x03 > inteldrm0 at pci0 dev 2 function 0 "Intel 82945GM Video" rev 0x03 > drm0 at inteldrm0 > intagp0 at inteldrm0 > agp0 at intagp0: aperture at 0xd000, size 0x1000 > inteldrm0: apic 1 int 16, I945GM, gen 3 > "Intel 82945GM Video" rev 0x03 at pci0 dev 2 function 1 not configured > azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: msi > azalia0: codecs: Analog Devices AD1981HD, Conexant/0x2bfa, using Analog > Devices AD1981HD > audio0 at azalia0 > ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02: apic 1 int 20 > pci1 at ppb0 bus 2 > em0 at pci1 dev 0 function 0 "Intel 82573L" rev 0x00: msi, address > 00:15:58:c4:f6:49 > ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02: apic 1 int 21 > pci2 at ppb1 bus 3 > wpi0 at pci2 dev 0 function 0 "Intel PRO/Wireless 3945ABG" rev 0x02: msi, > MoW1,
Fwd: No WAF detected - Solved
Hi, The following template has previously worked as far as WAF detection is concerned. However accessors keep updating their tools, this configuration is no longer effective. Anyone using relayd as WAF? What sort of configuration options do you have? Kind regards, Kihaguru. --- # $OpenBSD: relayd.conf,v 1.5 2018/05/06 20:56:55 benno Exp $ # # Relay and protocol # http protocol httpp { pass request quick method "GET" block } relay httpr { # Listen on localhost, accept diverted connections from pf(4) listen on 127.0.0.1 port 8080 protocol httpp # Forward to the original target host forward to destination } http protocol httpsp { match request header append "X-Forwarded-For" value "$REMOTE_ADDR" match request header append "X-Forwarded-By" \ value "$SERVER_ADDR:$SERVER_PORT" match response header remove "Server" pass request quick url file "/etc/mydomain-url.txt" pass request quick path file "/etc/mydomain-path.txt" pass request quick method "GET" block tls keypair mydomain.com } relay httpsr { # Listen on localhost, accept diverted connections from pf(4) listen on 127.0.0.1 port 8443 tls protocol httpsp # Forward to the original target host forward with tls to destination } ---- -- Forwarded message - From: Kihaguru Gathura Date: Fri, Dec 27, 2019 at 10:40 PM Subject: Re: No WAF detected - Solved To: Kihaguru Gathura , misc Hi, WAF is detected when certain methods are filtered in relayd. Thanks, Kihaguru. On Monday, December 9, 2019, Kihaguru Gathura wrote: > > > Hi, > A message form assessors and further tests below. > > > > > I have configured relayd to serve a single url that accepts no parameters. This url is blocked by relayd with error 403 Forbidden if anything is appended to its end. > I would expect WAF detection in such a test case but this has not happened. > what other means are malicious payloads being delivered in this case? > > Thanks and regards, > Kihaguru > > > > > # $OpenBSD: relayd.conf,v 1.5 2018/05/06 20:56:55 benno Exp $ > # > # Relay and protocol > # > http protocol httpp { > return error > match response header remove "Server" > > pass > block quick path "/cgi-bin/index.cgi" value "*command=*" > pass quick path "/net/index.html" value "" > block > } > > relay httpr { > # Listen on localhost, accept diverted connections from pf(4) > listen on 127.0.0.1 port 8080 > protocol httpp > > # Forward to the original target host > forward to destination > } > > http protocol httpsp { > return error > match response header remove "Server" > > pass > block quick path "/cgi-bin/index.cgi" value "*command=*" > pass quick path "/net/index.html" value "" > block > > tls keypair example.net > } > > relay httpsr { > # Listen on localhost, accept diverted connections from pf(4) > listen on 127.0.0.1 port 8443 tls > protocol httpsp > > # Forward to the original target host > forward with tls to destination > } > --- > > On Thu, Dec 5, 2019 at 2:11 PM Stuart Henderson wrote: >> >> On 2019/12/05 00:17, Kihaguru Gathura wrote: >> > >> > >> > >> > On Wed, Dec 4, 2019 at 11:58 PM Kihaguru Gathura wrote: >> > >> > >> > >> > >> Which is a better way to implement a WAF on OpenBSD using the base utilities? >> > > >> > > relayd configured in certain ways might be considered as a WAF. >> > >> > >> > All methods and all other security headers and path filters are coded in the web >> > application which had always been detected as a custom WAF until two weeks ago. >> > >> > I have now included relayd and a re-test passes all other requirements but does not detect >> > a WAF (please find sample configurations and test report below). >> > >> > Any hint highly appreciated >> >> I think you will need to talk to your assessors and ask what they're looking for. >> >
FireFox Browser 'Open File' error
Hi, Firefox fails to list files at 'File Open' with error message: (firefox:89328): dconf-WARNING **: 09:12:15.835: failed to commit changes to dconf: The given address is empty Please advise Regards, Kihaguru. # OpenBSD 6.7 (GENERIC.MP) #169: Thu May 7 11:37:15 MDT 2020 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP real mem = 2137341952 (2038MB) avail mem = 2082598912 (1986MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: date 04/30/07, BIOS32 rev. 0 @ 0xfd6b0, SMBIOS rev. 2.4 @ 0xe0010 (68 entries) bios0: vendor LENOVO version "79ETD3WW (2.13 )" date 04/30/2007 bios0: LENOVO 195143U acpi0 at bios0: ACPI 3.0 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET SLIC BOOT SSDT SSDT SSDT SSDT acpi0: wakeup devices LID_(S3) SLPB(S3) EXP0(S4) EXP1(S4) EXP2(S4) EXP3(S4) PCI1(S4) USB0(S3) USB1(S3) USB2(S3) USB7(S3) HDEF(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiec0 at acpi0 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Genuine Intel(R) CPU T2400 @ 1.83GHz ("GenuineIntel" 686-class) 1.83 GHz, 06-0e-08 cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,MWAIT,VMX,EST,TM2,xTPR,PDCM,NXE,PERF,SENSOR,MELTDOWN mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 166MHz cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Genuine Intel(R) CPU T2400 @ 1.83GHz ("GenuineIntel" 686-class) 1.83 GHz, 06-0e-08 cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,MWAIT,VMX,EST,TM2,xTPR,PDCM,NXE,PERF,SENSOR,MELTDOWN ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins, remapped acpimcfg0 at acpi0 acpimcfg0: addr 0xf000, bus 0-63 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (AGP_) acpiprt2 at acpi0: bus 2 (EXP0) acpiprt3 at acpi0: bus 3 (EXP1) acpiprt4 at acpi0: bus 4 (EXP2) acpiprt5 at acpi0: bus 12 (EXP3) acpiprt6 at acpi0: bus 21 (PCI1) acpicpu0 at acpi0: !C3(250@17 io@0x1015), !C2(500@1 io@0x1014), C1(1000@1 halt), PSS acpicpu1 at acpi0: !C3(250@17 io@0x1015), !C2(500@1 io@0x1014), C1(1000@1 halt), PSS acpipwrres0 at acpi0: PUBS, resource for USB0, USB2, USB7 acpitz0 at acpi0: critical temperature is 127 degC acpitz1 at acpi0: critical temperature is 99 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB "PNP0A08" at acpi0 not configured acpicmos0 at acpi0 "IBM0071" at acpi0 not configured "ATM1200" at acpi0 not configured acpibat0 at acpi0: BAT0 model "COMPATIBLE" serial44 type LION oem "SANYO" acpiac0 at acpi0: AC unit online acpithinkpad0 at acpi0: version 1.0 acpidock0 at acpi0: GDCK not docked (0) acpivideo0 at acpi0: VID_ acpivout0 at acpivideo0: LCD0 acpivideo1 at acpi0: VID_ bios0: ROM list: 0xc/0xea00! 0xcf000/0x1000 0xd/0x1000 0xdc000/0x4000! 0xe/0x1! cpu0: Enhanced SpeedStep 1829 MHz: speeds: 1833, 1333, 1000 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 "Intel 82945GM Host" rev 0x03 inteldrm0 at pci0 dev 2 function 0 "Intel 82945GM Video" rev 0x03 drm0 at inteldrm0 intagp0 at inteldrm0 agp0 at intagp0: aperture at 0xd000, size 0x1000 inteldrm0: apic 1 int 16, I945GM, gen 3 "Intel 82945GM Video" rev 0x03 at pci0 dev 2 function 1 not configured azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: msi azalia0: codecs: Analog Devices AD1981HD, Conexant/0x2bfa, using Analog Devices AD1981HD audio0 at azalia0 ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02: apic 1 int 20 pci1 at ppb0 bus 2 em0 at pci1 dev 0 function 0 "Intel 82573L" rev 0x00: msi, address 00:15:58:c4:f6:49 ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02: apic 1 int 21 pci2 at ppb1 bus 3 wpi0 at pci2 dev 0 function 0 "Intel PRO/Wireless 3945ABG" rev 0x02: msi, MoW1, address 00:1b:77:4f:64:5f ppb2 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x02: apic 1 int 22 pci3 at ppb2 bus 4 ppb3 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x02: apic 1 int 23 pci4 at ppb3 bus 12 uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x02: apic 1 int 16 uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x02: apic 1 int 17 uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x02: apic 1 int 18 uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x02: apic 1 int 19 ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x02: apic 1 int 19 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 addr 1 ppb4 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xe2 pci5 at ppb4 bus 21 cbb0 at pci5 dev 0 function 0 "TI PCI1510 CardBus" rev 0x00: apic 1 int 16 cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 22 device 0 cachel
Re: CPU usage of httpd+slowcgi
Hi Alceu, The Web applications in C, httpd+slowcgi+libpq are quite fast for very heavy database querying. Older dual core machines have limited memory up to 16 or 32 GB and moving to newer machines like a T2000 or T4-1 is advantageous in the respect of better memory capacity. On the flip side, these newer machines have eight cores or more. The fewer the better in this respect due to kernel locking considerations as advised. What are reliable SPARC hardware alternatives to T4-1 that offer higher memory capacity with fewer cores and low power consumption. Kind regards. Kihaguru On Wednesday, July 29, 2020, Alceu Rodrigues de Freitas Junior < glasswal...@yahoo.com.br> wrote: > Hi Kihaguru, > > Oh, well, didn't see anybody asking, so... why are you guys still using > a CGI if so much processing power is required? > > Basically anything will perform better nowadays, so unless the code is > really complicated, you're looking for a solution at the wrong place. > > Em 27/07/2020 14:52, Jordan Geoghegan escreveu: >> >> >> On 2020-07-24 03:16, Kihaguru Gathura wrote: >>> Hi, >>> >>> Which of the following legacy CPU types is best suited for very busy web >>> server httpd+slowcgi >>> >>> Niagara CPU Such as T2 - More parallel Threads and Low power per single >>> thread >>> Sparc64 CPU such as VI, VII - Fewer threads but more computing power per >>> thread. >>> >>> How is multithreading utilization of httpd+slowcgi like? >>> >>> Kind regards, >>> >>> Kihaguru. >> >> Hi Kihaguru, >> >> As with any computer, newer tends to be better with Moore's Law and all >> that. On sparc64 most of the logical cores that are shown are really >> just SMT pretending to be a bunch of cores. I have one machine that >> claims 128 cores, but in reality, its just 16 cores with 8-way SMT. >> sparc64 isn't renowned for its single core execution speed, so the >> faster the better in that regard. >> >> In my experience with running OpenBSD on sparc64, the kernel biglock or >> crypto became a bottleneck before other things did. (I've used T3 and T4 >> machines fairly extensively with OpenBSD). I've found that disk >> activity, networking and/or TLS would bottleneck before httpd became a >> bottleneck when I was running sparc64 web servers in production. If you >> are running very heavy scripts/programs with slowcgi, then you're >> results may be different. >> >> Things have likely improved dramatically in the past year or two with >> all the work done on removing the biglock, but the moral of the story >> remains, fewer, faster cores are likely to produce superior performance >> to numerous low power cores. >> >> Regards, >> >> Jordan >> > >
Re: CPU usage of httpd+slowcgi
Hi, It depends on the workload. I'd have thought for most things the max > really usable at the moment is probably somewhere in the region of 4-8 > cpu cores before kernel locking gets in the way too much. > > FWIW sparc64 ports builds are now done on T4 and they're really fast. > I think (but am not 100% sure) that this is carved into ldoms so the > number of cores visible to each OpenBSD instance is limited (so > contention between cores in the kernel is also limited). > > Up to how many cores will it be guaranteed that kernel locking 'will not get too much in the way' for hardware running a single instance of OpenBSD under heavy workload? Kind Regards, Kihaguru.
CPU usage of httpd+slowcgi
Hi, Which of the following legacy CPU types is best suited for very busy web server httpd+slowcgi Niagara CPU Such as T2 - More parallel Threads and Low power per single thread Sparc64 CPU such as VI, VII - Fewer threads but more computing power per thread. How is multithreading utilization of httpd+slowcgi like? Kind regards, Kihaguru.
Re: No WAF detected - Solved
Hi, WAF is detected when certain methods are filtered in relayd. Thanks, Kihaguru. On Monday, December 9, 2019, Kihaguru Gathura wrote: > > > Hi, > A message form assessors and further tests below. > > > > > I have configured relayd to serve a single url that accepts no parameters. This url is blocked by relayd with error 403 Forbidden if anything is appended to its end. > I would expect WAF detection in such a test case but this has not happened. > what other means are malicious payloads being delivered in this case? > > Thanks and regards, > Kihaguru > > > > > # $OpenBSD: relayd.conf,v 1.5 2018/05/06 20:56:55 benno Exp $ > # > # Relay and protocol > # > http protocol httpp { > return error > match response header remove "Server" > > pass > block quick path "/cgi-bin/index.cgi" value "*command=*" > pass quick path "/net/index.html" value "" > block > } > > relay httpr { > # Listen on localhost, accept diverted connections from pf(4) > listen on 127.0.0.1 port 8080 > protocol httpp > > # Forward to the original target host > forward to destination > } > > http protocol httpsp { > return error > match response header remove "Server" > > pass > block quick path "/cgi-bin/index.cgi" value "*command=*" > pass quick path "/net/index.html" value "" > block > > tls keypair example.net > } > > relay httpsr { > # Listen on localhost, accept diverted connections from pf(4) > listen on 127.0.0.1 port 8443 tls > protocol httpsp > > # Forward to the original target host > forward with tls to destination > } > ------- > > On Thu, Dec 5, 2019 at 2:11 PM Stuart Henderson wrote: >> >> On 2019/12/05 00:17, Kihaguru Gathura wrote: >> > >> > >> > >> > On Wed, Dec 4, 2019 at 11:58 PM Kihaguru Gathura wrote: >> > >> > >> > >> > >> Which is a better way to implement a WAF on OpenBSD using the base utilities? >> > > >> > > relayd configured in certain ways might be considered as a WAF. >> > >> > >> > All methods and all other security headers and path filters are coded in the web >> > application which had always been detected as a custom WAF until two weeks ago. >> > >> > I have now included relayd and a re-test passes all other requirements but does not detect >> > a WAF (please find sample configurations and test report below). >> > >> > Any hint highly appreciated >> >> I think you will need to talk to your assessors and ask what they're looking for. >> >
Re: No WAF detected
Hi, A message form assessors and further tests below. [image: image.png] I have configured relayd to serve a single url that accepts no parameters. This url is blocked by relayd with error 403 Forbidden if anything is appended to its end. I would expect WAF detection in such a test case but this has not happened. what other means are malicious payloads being delivered in this case? Thanks and regards, Kihaguru # $OpenBSD: relayd.conf,v 1.5 2018/05/06 20:56:55 benno Exp $ # # Relay and protocol # http protocol httpp { return error match response header remove "Server" pass block quick path "/cgi-bin/index.cgi" value "*command=*" pass quick path "/net/index.html" value "" block } relay httpr { # Listen on localhost, accept diverted connections from pf(4) listen on 127.0.0.1 port 8080 protocol httpp # Forward to the original target host forward to destination } http protocol httpsp { return error match response header remove "Server" pass block quick path "/cgi-bin/index.cgi" value "*command=*" pass quick path "/net/index.html" value "" block tls keypair example.net } relay httpsr { # Listen on localhost, accept diverted connections from pf(4) listen on 127.0.0.1 port 8443 tls protocol httpsp # Forward to the original target host forward with tls to destination } ------- On Thu, Dec 5, 2019 at 2:11 PM Stuart Henderson wrote: > On 2019/12/05 00:17, Kihaguru Gathura wrote: > > > > > > > > On Wed, Dec 4, 2019 at 11:58 PM Kihaguru Gathura > wrote: > > > > > > > > >> Which is a better way to implement a WAF on OpenBSD using the > base utilities? > > > > > > relayd configured in certain ways might be considered as a WAF. > > > > > > All methods and all other security headers and path filters are > coded in the web > > application which had always been detected as a custom WAF until two > weeks ago. > > > > I have now included relayd and a re-test passes all other > requirements but does not detect > > a WAF (please find sample configurations and test report below). > > > > Any hint highly appreciated > > I think you will need to talk to your assessors and ask what they're > looking for. > >
Re: Deleting softraid Devices Fujitsu Sparc
On Saturday, November 30, 2019, Karel Gardas wrote: > On 2019-11-28 20:09, Kihaguru Gathura wrote: >> >> www# bioctl sd2 displays the raid but www# bioctl -d sd2 does not delete >> the raid. > > Not sure what exactly do you expect from "delete", but -d option for softraid is more like detach than delete. Although man page is a bit confusing since first -d is described as delete and then in examples as detach. So well, what do you expect from it exactly? > To install OpenBSD on drive sd0 or sd1 currently part of the softraid drive sd2, requires first delete/detach the softraid.
Re: Deleting softraid Devices Fujitsu Sparc
On Thursday, November 28, 2019, Kihaguru Gathura wrote: > > > > www# bioctl sd2 displays the raid but www# bioctl -d sd2 does not delete the raid. > > > > On Thursday, November 28, 2019, Kihaguru Gathura wrote: >> >> >> On Thursday, November 28, 2019, Nick Holland wrote: >>> On 2019-11-27 11:23, Kihaguru Gathura wrote: >>>> Hi, >>>> >>>> An error while deleting softraid device follows >>>> >>>> -- >>>> Available disks are: sd0 sd1 sd2. >>>> Which disk is the root disk? ('?' for details) [sd0] ? >>>> sd0: FUJITSU, MAT3073N SUN72G, 0602 >>>> serial.FUJITSU_MAT3073N_SUN72G_000506B00RAR_AAN0P5200RAR (68.4G) >>>> sd1: FUJITSU, MAT3073N SUN72G, 0602 >>>> serial.FUJITSU_MAT3073N_SUN72G_000506B00SSL_AAN0P5200SSL (68.4G) >>>> sd2: OPENBSD, SR RAID 1, 006 (68.4G) >>>> Available disks are: sd0 sd1 sd2. >>>> Which disk is the root disk? ('?' for details) [sd0] ! >>>> Type 'exit' to return to install. >>>> www# bioctl -d sd2 >>>> bioctl: Can't locate sd2 device via /dev/bio >>>> >>>> >>>> The aim is to remove the device from the system and then: >>>> >>>> # dd if=/dev/zero of=/dev/rsd0c bs=1m count=1 >>>> # dd if=/dev/zero of=/dev/rsd1c bs=1m count=1 >>>> >>>> to reuse the disks. >>>> >>>> Thanks, >>>> >>>> Kihaguru >>>> >>> >>> The install kernels have very minimal disk support. In the case of >>> amd64/i386, it's one wd device -- wd0, not sure about sparc64, but >>> I'd bet a cheap lunch that sd2 is not there. :) >>> >> >> sd2 exists and www# bioctl sd2 displays the mirror. >> >> > www# bioctl sd2 displays the raid but www# bioctl -d sd2 does not delete the raid. > Meanwhile done # dd if=/dev/zero of=/dev/rsd2c bs=1m count=1 and reused the raid device. Kihaguru.
Re: Deleting softraid Devices Fujitsu Sparc
www# bioctl sd2 displays the raid but www# bioctl -d sd2 does not delete the raid. On Thursday, November 28, 2019, Kihaguru Gathura wrote: > > > On Thursday, November 28, 2019, Nick Holland wrote: >> On 2019-11-27 11:23, Kihaguru Gathura wrote: >>> Hi, >>> >>> An error while deleting softraid device follows >>> >>> -- >>> Available disks are: sd0 sd1 sd2. >>> Which disk is the root disk? ('?' for details) [sd0] ? >>> sd0: FUJITSU, MAT3073N SUN72G, 0602 >>> serial.FUJITSU_MAT3073N_SUN72G_000506B00RAR_AAN0P5200RAR (68.4G) >>> sd1: FUJITSU, MAT3073N SUN72G, 0602 >>> serial.FUJITSU_MAT3073N_SUN72G_000506B00SSL_AAN0P5200SSL (68.4G) >>> sd2: OPENBSD, SR RAID 1, 006 (68.4G) >>> Available disks are: sd0 sd1 sd2. >>> Which disk is the root disk? ('?' for details) [sd0] ! >>> Type 'exit' to return to install. >>> www# bioctl -d sd2 >>> bioctl: Can't locate sd2 device via /dev/bio >>> >>> >>> The aim is to remove the device from the system and then: >>> >>> # dd if=/dev/zero of=/dev/rsd0c bs=1m count=1 >>> # dd if=/dev/zero of=/dev/rsd1c bs=1m count=1 >>> >>> to reuse the disks. >>> >>> Thanks, >>> >>> Kihaguru >>> >> >> The install kernels have very minimal disk support. In the case of >> amd64/i386, it's one wd device -- wd0, not sure about sparc64, but >> I'd bet a cheap lunch that sd2 is not there. :) >> > > sd2 exists and www# bioctl sd2 displays the mirror. > > www# bioctl sd2 displays the raid but www# bioctl -d sd2 does not delete the raid.
Re: Deleting softraid Devices Fujitsu Sparc
On Thursday, November 28, 2019, Nick Holland wrote: > On 2019-11-27 11:23, Kihaguru Gathura wrote: >> Hi, >> >> An error while deleting softraid device follows >> >> -- >> Available disks are: sd0 sd1 sd2. >> Which disk is the root disk? ('?' for details) [sd0] ? >> sd0: FUJITSU, MAT3073N SUN72G, 0602 >> serial.FUJITSU_MAT3073N_SUN72G_000506B00RAR_AAN0P5200RAR (68.4G) >> sd1: FUJITSU, MAT3073N SUN72G, 0602 >> serial.FUJITSU_MAT3073N_SUN72G_000506B00SSL_AAN0P5200SSL (68.4G) >> sd2: OPENBSD, SR RAID 1, 006 (68.4G) >> Available disks are: sd0 sd1 sd2. >> Which disk is the root disk? ('?' for details) [sd0] ! >> Type 'exit' to return to install. >> www# bioctl -d sd2 >> bioctl: Can't locate sd2 device via /dev/bio >> >> >> The aim is to remove the device from the system and then: >> >> # dd if=/dev/zero of=/dev/rsd0c bs=1m count=1 >> # dd if=/dev/zero of=/dev/rsd1c bs=1m count=1 >> >> to reuse the disks. >> >> Thanks, >> >> Kihaguru >> > > The install kernels have very minimal disk support. In the case of > amd64/i386, it's one wd device -- wd0, not sure about sparc64, but > I'd bet a cheap lunch that sd2 is not there. :) > sd2 exists and www# bioctl sd2 displays the mirror. Thanks, Kihaguru
Deleting softraid Devices Fujitsu Sparc
Hi, An error while deleting softraid device follows -- Available disks are: sd0 sd1 sd2. Which disk is the root disk? ('?' for details) [sd0] ? sd0: FUJITSU, MAT3073N SUN72G, 0602 serial.FUJITSU_MAT3073N_SUN72G_000506B00RAR_AAN0P5200RAR (68.4G) sd1: FUJITSU, MAT3073N SUN72G, 0602 serial.FUJITSU_MAT3073N_SUN72G_000506B00SSL_AAN0P5200SSL (68.4G) sd2: OPENBSD, SR RAID 1, 006 (68.4G) Available disks are: sd0 sd1 sd2. Which disk is the root disk? ('?' for details) [sd0] ! Type 'exit' to return to install. www# bioctl -d sd2 bioctl: Can't locate sd2 device via /dev/bio The aim is to remove the device from the system and then: # dd if=/dev/zero of=/dev/rsd0c bs=1m count=1 # dd if=/dev/zero of=/dev/rsd1c bs=1m count=1 to reuse the disks. Thanks, Kihaguru
No WAF detected
Hi, htbridge (https://www.immuniweb.com/websec/) no longer detects WAF on one of my web servers configured with OpenBSD-httpd and PF on same machine; sample of pf.conf configuration as follows. # $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $ # # See pf.conf(5) and /etc/examples/pf.conf # don't filter on the loopback interface set skip on lo # scrub incoming packets match in all scrub (no-df) # set up a default deny policy block all # activate spoofing protection for all interfaces block in quick from urpf-failed pass in on bge0 from 192.168.0.0/24 to 192.168.0.254 pass out on bge0 from 192.168.0.254 to 192.168.0.0/24 pass in on egress proto tcp from any to egress port 22 modulate state pass in on egress proto tcp from any to egress port 80 modulate state pass in on egress proto tcp from any to egress port 443 modulate state pass out on egress proto tcp from any to any port smtp modulate state ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ /etc/pf.conf: 24 lines, 733 characters. www# pfctl -nf /etc/pf.conf www# pfctl -vf /etc/pf.conf --- Not sure what new criteria they are using to detect WAF. Which is a better way to implement a WAF on OpenBSD using the base utilities? Thank you, Kihaguru.
groups new
0 C Kenya P T Nairobi F irregular O OpenBSD Kenya I Kihaguru Njenga Gathura M kihaguru.gath...@engineer.com U N OpenBSD
PostgreSQL-Libpq linking warnings
Hi, The warnings below always appear while linking c files with postgresql-libpq on SPARC64 platform. Arm64 and i386 platforms don't display these errors. /usr/local/lib/libpq.a(fe-auth.o): In function `PQencryptPasswordConn': fe-auth.c:(.text+0x284): warning: strcpy() is almost always misused, please use strlcpy() /usr/local/lib/libpq.a(fe-connect.o): In function `internal_cancel': fe-connect.c:(.text+0x30f0): warning: strcat() is almost always misused, please use strlcat() /usr/local/lib/libpq.a(fe-connect.o): In function `PQsetClientEncoding': fe-connect.c:(.text+0xad4): warning: sprintf() is often misused, please use snprintf() Can the changes be effected at packages or does it have to be solved by postgresql team? Thanks and Regards, Kihaguru
Re: Unable to boot sparc from raid drive installation:Open ..... Invalid argument
Thanks for the detailed explanation. Really appreciated. All the best Regards, Kihaguru. On Mon, Sep 2, 2019 at 6:17 PM Stefan Sperling wrote: > On Mon, Sep 02, 2019 at 05:32:53PM +0300, Kihaguru Gathura wrote: > > Hi, > > > > Unable to boot with the following message > > > > open /pci@83,4000/FJSV,ulsa@2,1/disk@0,0:a/etc/random.seed: Invalid > argument > > open /pci@83,4000/FJSV,ulsa@2,1/disk@0,0:a/bsd: Invalid argument > > > Boot device: /pci@83,4000/FJSV,ulsa@2,1/disk@0,0 File and args: > > > Trying bsd... > > open /pci@83,4000/FJSV,ulsa@2,1/disk@0,0:a/etc/random.seed: Invalid > argument > > open /pci@83,4000/FJSV,ulsa@2,1/disk@0,0:a/bsd: Invalid argument > > BOOT_SPARC64(8)System Manager's Manual (sparc64) > BOOT_SPARC64(8) > > [...] > > To boot from a softraid(4) volume by default, boot-device must be set > to > a disk device hosting a chunk of the softraid volume: > >ok setenv boot-device disk0 > > and boot-file must contain the (sr) device name of the softraid volume > and optionally a partition letter and/or kernel: > >ok setenv boot-file sr0a:/bsd >
Re: Unable to boot sparc from raid drive installation:Open ..... Invalid argument
Thank you, Works well Regards, Kihaguru On Mon, Sep 2, 2019 at 6:07 PM Otto Moerbeek wrote: > On Mon, Sep 02, 2019 at 05:32:53PM +0300, Kihaguru Gathura wrote: > > > Hi, > > > > Unable to boot with the following message > > > > open /pci@83,4000/FJSV,ulsa@2,1/disk@0,0:a/etc/random.seed: Invalid > argument > > open /pci@83,4000/FJSV,ulsa@2,1/disk@0,0:a/bsd: Invalid argument > > > > Not sure the issue with softraid setup detailed below. Any assistance > > highly appreciated. > > > > Thanks and regards, > > Did you setup boot-file? > > Try > > boot sr0a:/bsd > > On the OpenBSD boot loader prompt. > > If that works you should setup boot-file as described in > > See http://man.openbsd.org/man8/sparc64/boot_sparc64.8 > > -Otto > > > > > Kihaguru. > > > > > > {0} ok boot cdrom > > Resetting ... > > > > Sep 02 08:57:03 GMT 2019 XSCF:I::[02030100] Start reset sequence > > Sep 02 08:57:04 GMT 2019 XSCF:I::[02030200] Reset released... > > > > Sep 02 08:57:07 GMT 2019 PowerOn SelfTest start > > POST:Testing Flash/SRAM > > POST:Testing SC > > POST:Testing XSCF > > POST:Banner > > POST:FATAL check > > POST:Testing Timer1 > > POST:Testing Tick > > POST:Testing MMU > > POST:Testing CPU Type > > POST:Testing DTAG > > POST:Memory Probe > > POST:Testing Memory > > POST:Testing Softint > > POST:Testing U2P > > POST:Testing Slave Device > > POST:Testing Master Device > > POST:System Configure > > POST:OBP Start > > screen not found. > > keyboard not found. > > Keyboard not present. Using ttya for input and output. > > > > Fujitsu Siemens PRIMEPOWER250 2x SPARC64 V, No Keyboard > > OpenBoot 3.18.1-1, 16384 MB memory installed > > Ethernet address 0:b:5d:f3:a7:5c, Host ID: 80f2a75c. > > XSCF Version: 4.12.1 > > > > > > > > Executing last command: boot cdrom > > Boot device: /pci@83,4000/ide@d/cdrom@0,0:f File and args: > > OpenBSD IEEE 1275 Bootblock 1.4 > > ..>> OpenBSD BOOT 1.12 > > Trying bsd... > > open /pci@83,4000/ide@d/cdrom@0,0:f/etc/random.seed: No such file or > > directory > > Booting /pci@83,4000/ide@d/cdrom@0,0:f/bsd > > 4145224@0x100+8120@0x13f4048+3255632@0x1c0+938672@0x1f1ad50 > > symbols @ 0xfeae4340 139 start=0x100 > > console is /pci@83,4000/isa@7/su@0,3f8 > > Copyright (c) 1982, 1986, 1989, 1991, 1993 > > The Regents of the University of California. All rights > reserved. > > Copyright (c) 1995-2019 OpenBSD. All rights reserved. > > https://www.OpenBSD.org > > > > OpenBSD 6.5 (RAMDISK) #156: Sun Apr 14 05:14:17 MDT 2019 > > dera...@sparc64.openbsd.org: > /usr/src/sys/arch/sparc64/compile/RAMDISK > > real mem = 17179869184 (16384MB) > > avail mem = 16869081088 (16087MB) > > mainbus0 at root: Fujitsu Siemens PRIMEPOWER250 2x SPARC64 V > > cpu0 at mainbus0: FJSV,SPARC64-V (rev 5.1) @ 1979 MHz > > cpu0: physical 128K instruction (64 b/l), 128K data (64 b/l), 3072K > > external (64 b/l) > > "FJSV,SPARC64-V" at mainbus0 not configured > > psycho0 at mainbus0 addr 0xfffb2000: SUNW,psycho, impl 0, version 4, ign > c0 > > psycho0: bus range 0-0, PCI bus 0 > > psycho0: dvma map fe00-, STC0 enabled > > pci0 at psycho0 > > ebus0 at pci0 dev 1 function 0 "Sun PCIO EBus2" rev 0x01 > > "FJSV,scfc" at ebus0 addr 21-210085, 22-220031, 26-260001, > > 27-28 ivec 0x23 not configured > > "FJSV,flashprom" at ebus0 addr 0-3f not configured > > clock1 at ebus0 addr 25-251fff: mk48t59 > > "FJSV,panel" at ebus0 addr 210011-210011 ivec 0x25 not configured > > ebus1 at pci0 dev 7 function 0 "Acer Labs M1533 ISA" rev 0x00 > > com0 at ebus1 addr 3f8-3ff ivec 0x2b: ns16550a, 16 byte fifo > > com0: console > > com1 at ebus1 addr 2e8-2ef ivec 0x2b: ns16550a, 16 byte fifo > > hme0 at pci0 dev 1 function 1 "Sun HME" rev 0x01: ivec 0xe1, address > > 00:0b:5d:f3:a7:5c > > nsphyter0 at hme0 phy 1: DP83843 10/100 PHY, rev. 0 > > mpi0 at pci0 dev 2 function 1 "Symbios Logic 53c1030" rev 0x07: ivec 0xe0 > > mpi0: 0, firmware 1.0.12.0 > > scsibus0 at mpi0: 16 targets, initiator 7 > > sd0 at scsibus0 targ 0 lun 0: SCSI2 > > 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00RAR_AAN0P5200RAR > > sd0: 70007MB, 512 bytes/sector, 143374738 sectors > > sd1 at scsibus0 targ 1 lun 0: SCSI2 > > 0/direct fixed serial.FUJI
Unable to boot sparc from raid drive installation:Open ..... Invalid argument
Hi, Unable to boot with the following message open /pci@83,4000/FJSV,ulsa@2,1/disk@0,0:a/etc/random.seed: Invalid argument open /pci@83,4000/FJSV,ulsa@2,1/disk@0,0:a/bsd: Invalid argument Not sure the issue with softraid setup detailed below. Any assistance highly appreciated. Thanks and regards, Kihaguru. {0} ok boot cdrom Resetting ... Sep 02 08:57:03 GMT 2019 XSCF:I::[02030100] Start reset sequence Sep 02 08:57:04 GMT 2019 XSCF:I::[02030200] Reset released... Sep 02 08:57:07 GMT 2019 PowerOn SelfTest start POST:Testing Flash/SRAM POST:Testing SC POST:Testing XSCF POST:Banner POST:FATAL check POST:Testing Timer1 POST:Testing Tick POST:Testing MMU POST:Testing CPU Type POST:Testing DTAG POST:Memory Probe POST:Testing Memory POST:Testing Softint POST:Testing U2P POST:Testing Slave Device POST:Testing Master Device POST:System Configure POST:OBP Start screen not found. keyboard not found. Keyboard not present. Using ttya for input and output. Fujitsu Siemens PRIMEPOWER250 2x SPARC64 V, No Keyboard OpenBoot 3.18.1-1, 16384 MB memory installed Ethernet address 0:b:5d:f3:a7:5c, Host ID: 80f2a75c. XSCF Version: 4.12.1 Executing last command: boot cdrom Boot device: /pci@83,4000/ide@d/cdrom@0,0:f File and args: OpenBSD IEEE 1275 Bootblock 1.4 ..>> OpenBSD BOOT 1.12 Trying bsd... open /pci@83,4000/ide@d/cdrom@0,0:f/etc/random.seed: No such file or directory Booting /pci@83,4000/ide@d/cdrom@0,0:f/bsd 4145224@0x100+8120@0x13f4048+3255632@0x1c0+938672@0x1f1ad50 symbols @ 0xfeae4340 139 start=0x100 console is /pci@83,4000/isa@7/su@0,3f8 Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2019 OpenBSD. All rights reserved. https://www.OpenBSD.org OpenBSD 6.5 (RAMDISK) #156: Sun Apr 14 05:14:17 MDT 2019 dera...@sparc64.openbsd.org:/usr/src/sys/arch/sparc64/compile/RAMDISK real mem = 17179869184 (16384MB) avail mem = 16869081088 (16087MB) mainbus0 at root: Fujitsu Siemens PRIMEPOWER250 2x SPARC64 V cpu0 at mainbus0: FJSV,SPARC64-V (rev 5.1) @ 1979 MHz cpu0: physical 128K instruction (64 b/l), 128K data (64 b/l), 3072K external (64 b/l) "FJSV,SPARC64-V" at mainbus0 not configured psycho0 at mainbus0 addr 0xfffb2000: SUNW,psycho, impl 0, version 4, ign c0 psycho0: bus range 0-0, PCI bus 0 psycho0: dvma map fe00-, STC0 enabled pci0 at psycho0 ebus0 at pci0 dev 1 function 0 "Sun PCIO EBus2" rev 0x01 "FJSV,scfc" at ebus0 addr 21-210085, 22-220031, 26-260001, 27-28 ivec 0x23 not configured "FJSV,flashprom" at ebus0 addr 0-3f not configured clock1 at ebus0 addr 25-251fff: mk48t59 "FJSV,panel" at ebus0 addr 210011-210011 ivec 0x25 not configured ebus1 at pci0 dev 7 function 0 "Acer Labs M1533 ISA" rev 0x00 com0 at ebus1 addr 3f8-3ff ivec 0x2b: ns16550a, 16 byte fifo com0: console com1 at ebus1 addr 2e8-2ef ivec 0x2b: ns16550a, 16 byte fifo hme0 at pci0 dev 1 function 1 "Sun HME" rev 0x01: ivec 0xe1, address 00:0b:5d:f3:a7:5c nsphyter0 at hme0 phy 1: DP83843 10/100 PHY, rev. 0 mpi0 at pci0 dev 2 function 1 "Symbios Logic 53c1030" rev 0x07: ivec 0xe0 mpi0: 0, firmware 1.0.12.0 scsibus0 at mpi0: 16 targets, initiator 7 sd0 at scsibus0 targ 0 lun 0: SCSI2 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00RAR_AAN0P5200RAR sd0: 70007MB, 512 bytes/sector, 143374738 sectors sd1 at scsibus0 targ 1 lun 0: SCSI2 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00SSL_AAN0P5200SSL sd1: 70007MB, 512 bytes/sector, 143374738 sectors mpi0: target 0 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1 mpi0: target 1 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1 pciide0 at pci0 dev 13 function 0 "Acer Labs M5229 UDMA IDE" rev 0xc4: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide0: using ivec 0xe4 for native-PCI interrupt atapiscsi0 at pciide0 channel 0 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: ATAPI 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 disabled (no drives) ohci0 at pci0 dev 10 function 0 "Acer Labs M5237 USB" rev 0x03: ivec 0xe9, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 configuration 1 interface 0 "Acer Labs OHCI root hub" rev 1.00/1.00 addr 1 psycho1 at mainbus0 addr 0xfff9e000: SUNW,psycho, impl 0, version 4, ign c0 psycho1: bus range 128-128, PCI bus 128 psycho1: dvma map fe00-, STC0 enabled, STC1 enabled pci1 at psycho1 bge0 at pci1 dev 1 function 0 "Fujitsu PRIMEPOWER250/450 LAN" rev 0x02, BCM5702/5703 A2 (0x1002): ivec 0xc0, address 00:0b:5d:f4:27:5c brgphy0 at bge0 phy 1: BCM5703 10/100/1000baseT PHY, rev. 2 timer0 at mainbus0 addr 0xfff8bc00 ivec 0xec, 0xed softraid0 at root scsibus2 at softraid0: 256 targets bootpath: /pci@83,4000/ide@d,0/cdrom@0,0:f root on rd0a swap on rd0b dump on rd0b erase ^?, werase ^W, kill ^U, intr ^C, status ^T Welcome to the OpenBSD/sparc64 6.5 installation program. (I)nstal
Support Update
0 C Kenya P T Nairobi Z P.O. Box 30164-00100 O Data Store Kenya I Kihaguru Njenga Gathura A Bishops Road M i...@pqscript.com U B +254 7 0697 0697 X N OpenBSD consulting. Speciality in web applications development with OpenBSD-httpd web server, PostgreSQL DBMS, FastCGI protocol and C programming language.
Re: umsm0: this device is not using CDC notify message in intr pipe. HP Compaq dc5750
On 6/29/19, Chris Cappuccio wrote: > Kihaguru Gathura [pqscr...@gmail.com] wrote: >> Hello, >> >> Huawei E303 modem now detaches in OpenBSD 6.5 This works fine on >> OpenBSD 6.2 same machine. >> > > There's a remote chance that this is fixed in 6.5-current. Some USB work > has been going on. But if that doesn't work, you'll have to try more > kernels > to figure out when this stopped working. Try 6.5-current first, then 6.4, > and then 6.3 to see which are broken. > This was working up and until OpenBSD 6.4 amd64.
Re: umsm: sparc64
On 7/4/19, Claudio Jeker wrote: > On Thu, Jul 04, 2019 at 12:52:15PM +0300, Kihaguru Gathura wrote: >> Hereby attached the new multiprocessor kernel with umsm working ok. >> >> The error message appears for each connection made to cuaU. This might >> potentially populate dmesg logs over time. >> >> Error message: >> umsm0: this device is not using CDC notify message in intr pipe. >> Please send your dmesg to , thanks. >> umsm0: intr buffer 0xc1 0x1 0x3 0x0 0x0 0x0 0x0: > > Can you try this USB device on a different OpenBSD machine (e.g. an amd64 > one). I wonder if this is the device just sending a bad message along the > way. The first byte should be 0xa1 (UCDC_NOTIFICATION) and not 0xc1. The device works well without errors on OpenBSD 6.4 amd64 (IBM Thinkpad T60) and OpenBSD 6.5 arm64 ( Raspberry Pi 3 Model B V1.2) The device detaches and has error (umsm2: this device is not using CDC notify message in intr pipe.) on OpenBSD 6.5 amd64 (HP dc5750 MT) of which i already sent email to b...@openbsd.org. Thanks. >> Kihaguru. >> >> www# dmesg >> console is /pci@83,4000/isa@7/su@0,3f8 >> Copyright (c) 1982, 1986, 1989, 1991, 1993 >> The Regents of the University of California. All rights >> reserved. >> Copyright (c) 1995-2019 OpenBSD. All rights reserved. >> https://www.OpenBSD.org >> >> OpenBSD 6.5 (WWW.MP) #0: Thu Jul 4 08:43:43 EAT 2019 >> kihag...@www.datastore.ke:/usr/src/sys/arch/sparc64/compile/WWW.MP >> real mem = 17179869184 (16384MB) >> avail mem = 16862576640 (16081MB) >> mpath0 at root >> scsibus0 at mpath0: 256 targets >> mainbus0 at root: Fujitsu Siemens PRIMEPOWER250 2x SPARC64 V >> cpu0 at mainbus0: FJSV,SPARC64-V (rev 5.1) @ 1979 MHz >> cpu0: physical 128K instruction (64 b/l), 128K data (64 b/l), 3072K >> external (64 b/l) >> cpu1 at mainbus0: FJSV,SPARC64-V (rev 5.1) @ 1979 MHz >> cpu1: physical 128K instruction (64 b/l), 128K data (64 b/l), 3072K >> external (64 b/l) >> psycho0 at mainbus0 addr 0xfffb2000: SUNW,psycho, impl 0, version 4, ign >> c0 >> psycho0: bus range 0-0, PCI bus 0 >> psycho0: dvma map fe00-, STC0 enabled >> pci0 at psycho0 >> ebus0 at pci0 dev 1 function 0 "Sun PCIO EBus2" rev 0x01 >> "FJSV,scfc" at ebus0 addr 21-210085, 22-220031, 26-260001, >> 27-28 ivec 0x23 not configured >> "FJSV,flashprom" at ebus0 addr 0-3f not configured >> clock1 at ebus0 addr 25-251fff: mk48t59 >> "FJSV,panel" at ebus0 addr 210011-210011 ivec 0x25 not configured >> ebus1 at pci0 dev 7 function 0 "Acer Labs M1533 ISA" rev 0x00 >> com0 at ebus1 addr 3f8-3ff ivec 0x2b: ns16550a, 16 byte fifo >> com0: console >> com1 at ebus1 addr 2e8-2ef ivec 0x2b: ns16550a, 16 byte fifo >> hme0 at pci0 dev 1 function 1 "Sun HME" rev 0x01: ivec 0xe1, address >> 00:0b:5d:f3:a7:5c >> nsphyter0 at hme0 phy 1: DP83843 10/100 PHY, rev. 0 >> mpi0 at pci0 dev 2 function 1 "Symbios Logic 53c1030" rev 0x07: ivec 0xe0 >> mpi0: 0, firmware 1.0.12.0 >> scsibus1 at mpi0: 16 targets, initiator 7 >> sym0 at scsibus1 targ 0 lun 0: SCSI2 >> 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00RAR_AAN0P5200RAR >> sd0 at scsibus0 targ 0 lun 0: SCSI2 >> 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00RAR_AAN0P5200RAR >> sd0: 70007MB, 512 bytes/sector, 143374738 sectors >> sym1 at scsibus1 targ 1 lun 0: SCSI2 >> 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00SSL_AAN0P5200SSL >> sd1 at scsibus0 targ 1 lun 0: SCSI2 >> 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00SSL_AAN0P5200SSL >> sd1: 70007MB, 512 bytes/sector, 143374738 sectors >> mpi0: target 0 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1 >> mpi0: target 1 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1 >> pciide0 at pci0 dev 13 function 0 "Acer Labs M5229 UDMA IDE" rev 0xc4: >> DMA, channel 0 configured to native-PCI, channel 1 configured to >> native-PCI >> pciide0: using ivec 0xe4 for native-PCI interrupt >> atapiscsi0 at pciide0 channel 0 drive 0 >> scsibus2 at atapiscsi0: 2 targets >> cd0 at scsibus2 targ 0 lun 0: ATAPI >> 5/cdrom removable >> cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 >> pciide0: channel 1 disabled (no drives) >> ohci0 at pci0 dev 10 function 0 "Acer Labs M5237 USB" rev 0x03: ivec >> 0xe9, version 1.0, legacy support >> usb0 at ohci0: USB revision 1.0 >> uhub0 at usb0 configuration 1 interface 0 "Acer Labs OHCI root hub" >> rev 1.00/1.00 addr 1 >> ps
Re: umsm: sparc64
V,ulsa@2,1/disk@0,0 root on sd0a (e489192361503865.a) swap on sd0b dump on sd0b umsm0: this device is not using CDC notify message in intr pipe. Please send your dmesg to , thanks. umsm0: intr buffer 0xc1 0x1 0x3 0x0 0x0 0x0 0x0 www# On 7/3/19, Kihaguru Gathura wrote: >> Try adding umsm to /sys/arch/sparc64/conf/GENERIC and build a new kernel. >> If it works ok, report back, maybe we can add it to the standard kernel. > > Have added umsm to GENERIC and built a new kernel => modem works as > desired at cuaU0 -s 115200. > > Next will build a multiprocessor kernel using GENERIC.MP and continue > testing and using the modem. > > However error messages noted at dmesg (umsm0: this device is not using > CDC notify message in intr pipe.) > > Thank you, > > Kihaguru. > > + > console is /pci@83,4000/isa@7/su@0,3f8 > Copyright (c) 1982, 1986, 1989, 1991, 1993 > The Regents of the University of California. All rights reserved. > Copyright (c) 1995-2019 OpenBSD. All rights reserved. > https://www.OpenBSD.org > > OpenBSD 6.5 (WWW) #0: Wed Jul 3 13:36:10 EAT 2019 > r...@www.datastore.ke:/usr/src/sys/arch/sparc64/compile/WWW > real mem = 17179869184 (16384MB) > avail mem = 16862699520 (16081MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root: Fujitsu Siemens PRIMEPOWER250 2x SPARC64 V > cpu0 at mainbus0: FJSV,SPARC64-V (rev 5.1) @ 1979 MHz > cpu0: physical 128K instruction (64 b/l), 128K data (64 b/l), 3072K > external (64 b/l) > "FJSV,SPARC64-V" at mainbus0 not configured > psycho0 at mainbus0 addr 0xfffb2000: SUNW,psycho, impl 0, version 4, ign c0 > psycho0: bus range 0-0, PCI bus 0 > psycho0: dvma map fe00-, STC0 enabled > pci0 at psycho0 > ebus0 at pci0 dev 1 function 0 "Sun PCIO EBus2" rev 0x01 > "FJSV,scfc" at ebus0 addr 21-210085, 22-220031, 26-260001, > 27-28 ivec 0x23 not configured > "FJSV,flashprom" at ebus0 addr 0-3f not configured > clock1 at ebus0 addr 25-251fff: mk48t59 > "FJSV,panel" at ebus0 addr 210011-210011 ivec 0x25 not configured > ebus1 at pci0 dev 7 function 0 "Acer Labs M1533 ISA" rev 0x00 > com0 at ebus1 addr 3f8-3ff ivec 0x2b: ns16550a, 16 byte fifo > com0: console > com1 at ebus1 addr 2e8-2ef ivec 0x2b: ns16550a, 16 byte fifo > hme0 at pci0 dev 1 function 1 "Sun HME" rev 0x01: ivec 0xe1, address > 00:0b:5d:f3:a7:5c > nsphyter0 at hme0 phy 1: DP83843 10/100 PHY, rev. 0 > mpi0 at pci0 dev 2 function 1 "Symbios Logic 53c1030" rev 0x07: ivec 0xe0 > mpi0: 0, firmware 1.0.12.0 > scsibus1 at mpi0: 16 targets, initiator 7 > sym0 at scsibus1 targ 0 lun 0: SCSI2 > 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00RAR_AAN0P5200RAR > sd0 at scsibus0 targ 0 lun 0: SCSI2 > 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00RAR_AAN0P5200RAR > sd0: 70007MB, 512 bytes/sector, 143374738 sectors > sym1 at scsibus1 targ 1 lun 0: SCSI2 > 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00SSL_AAN0P5200SSL > sd1 at scsibus0 targ 1 lun 0: SCSI2 > 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00SSL_AAN0P5200SSL > sd1: 70007MB, 512 bytes/sector, 143374738 sectors > mpi0: target 0 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1 > mpi0: target 1 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1 > pciide0 at pci0 dev 13 function 0 "Acer Labs M5229 UDMA IDE" rev 0xc4: > DMA, channel 0 configured to native-PCI, channel 1 configured to > native-PCI > pciide0: using ivec 0xe4 for native-PCI interrupt > atapiscsi0 at pciide0 channel 0 drive 0 > scsibus2 at atapiscsi0: 2 targets > cd0 at scsibus2 targ 0 lun 0: ATAPI > 5/cdrom removable > cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 > pciide0: channel 1 disabled (no drives) > ohci0 at pci0 dev 10 function 0 "Acer Labs M5237 USB" rev 0x03: ivec > 0xe9, version 1.0, legacy support > usb0 at ohci0: USB revision 1.0 > uhub0 at usb0 configuration 1 interface 0 "Acer Labs OHCI root hub" > rev 1.00/1.00 addr 1 > psycbrgphy0 at bge0 phy 1: BCM5703 10/100/1000baseT PHY, rev. 2 > timer0 at mainbus0 addr 0xfff8bc00 ivec 0xec, 0xed > umsm0 at uhub0 port 1 configuration 1 interface 0 "HUAWEI HUAWEI > Mobile" rev 2.00/1.02 addr 2 > ucom0 at umsm0 > umsm1 at uhub0 port 1 configuration 1 interface 1 "HUAWEI HUAWEI > Mobile" rev 2.00/1.02 addr 2 > ucom1 at umsm1 > umsm2 at uhub0 port 1 configuration 1 interface 2 "HUAWEI HUAWEI > Mobile" rev 2.00/1.02 addr 2 > ucom2 at umsm2 > umass0 at uhub0 port 1 configuration 1 interface 3 "HUAWEI HUAWEI > Mobile" rev 2.00/1.02 addr 2 > umass0: using SCSI
Re: umsm: sparc64
> Try adding umsm to /sys/arch/sparc64/conf/GENERIC and build a new kernel. > If it works ok, report back, maybe we can add it to the standard kernel. Have added umsm to GENERIC and built a new kernel => modem works as desired at cuaU0 -s 115200. Next will build a multiprocessor kernel using GENERIC.MP and continue testing and using the modem. However error messages noted at dmesg (umsm0: this device is not using CDC notify message in intr pipe.) Thank you, Kihaguru. + console is /pci@83,4000/isa@7/su@0,3f8 Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2019 OpenBSD. All rights reserved. https://www.OpenBSD.org OpenBSD 6.5 (WWW) #0: Wed Jul 3 13:36:10 EAT 2019 r...@www.datastore.ke:/usr/src/sys/arch/sparc64/compile/WWW real mem = 17179869184 (16384MB) avail mem = 16862699520 (16081MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root: Fujitsu Siemens PRIMEPOWER250 2x SPARC64 V cpu0 at mainbus0: FJSV,SPARC64-V (rev 5.1) @ 1979 MHz cpu0: physical 128K instruction (64 b/l), 128K data (64 b/l), 3072K external (64 b/l) "FJSV,SPARC64-V" at mainbus0 not configured psycho0 at mainbus0 addr 0xfffb2000: SUNW,psycho, impl 0, version 4, ign c0 psycho0: bus range 0-0, PCI bus 0 psycho0: dvma map fe00-, STC0 enabled pci0 at psycho0 ebus0 at pci0 dev 1 function 0 "Sun PCIO EBus2" rev 0x01 "FJSV,scfc" at ebus0 addr 21-210085, 22-220031, 26-260001, 27-28 ivec 0x23 not configured "FJSV,flashprom" at ebus0 addr 0-3f not configured clock1 at ebus0 addr 25-251fff: mk48t59 "FJSV,panel" at ebus0 addr 210011-210011 ivec 0x25 not configured ebus1 at pci0 dev 7 function 0 "Acer Labs M1533 ISA" rev 0x00 com0 at ebus1 addr 3f8-3ff ivec 0x2b: ns16550a, 16 byte fifo com0: console com1 at ebus1 addr 2e8-2ef ivec 0x2b: ns16550a, 16 byte fifo hme0 at pci0 dev 1 function 1 "Sun HME" rev 0x01: ivec 0xe1, address 00:0b:5d:f3:a7:5c nsphyter0 at hme0 phy 1: DP83843 10/100 PHY, rev. 0 mpi0 at pci0 dev 2 function 1 "Symbios Logic 53c1030" rev 0x07: ivec 0xe0 mpi0: 0, firmware 1.0.12.0 scsibus1 at mpi0: 16 targets, initiator 7 sym0 at scsibus1 targ 0 lun 0: SCSI2 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00RAR_AAN0P5200RAR sd0 at scsibus0 targ 0 lun 0: SCSI2 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00RAR_AAN0P5200RAR sd0: 70007MB, 512 bytes/sector, 143374738 sectors sym1 at scsibus1 targ 1 lun 0: SCSI2 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00SSL_AAN0P5200SSL sd1 at scsibus0 targ 1 lun 0: SCSI2 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00SSL_AAN0P5200SSL sd1: 70007MB, 512 bytes/sector, 143374738 sectors mpi0: target 0 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1 mpi0: target 1 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1 pciide0 at pci0 dev 13 function 0 "Acer Labs M5229 UDMA IDE" rev 0xc4: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide0: using ivec 0xe4 for native-PCI interrupt atapiscsi0 at pciide0 channel 0 drive 0 scsibus2 at atapiscsi0: 2 targets cd0 at scsibus2 targ 0 lun 0: ATAPI 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 disabled (no drives) ohci0 at pci0 dev 10 function 0 "Acer Labs M5237 USB" rev 0x03: ivec 0xe9, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 configuration 1 interface 0 "Acer Labs OHCI root hub" rev 1.00/1.00 addr 1 psycbrgphy0 at bge0 phy 1: BCM5703 10/100/1000baseT PHY, rev. 2 timer0 at mainbus0 addr 0xfff8bc00 ivec 0xec, 0xed umsm0 at uhub0 port 1 configuration 1 interface 0 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 2 ucom0 at umsm0 umsm1 at uhub0 port 1 configuration 1 interface 1 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 2 ucom1 at umsm1 umsm2 at uhub0 port 1 configuration 1 interface 2 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 2 ucom2 at umsm2 umass0 at uhub0 port 1 configuration 1 interface 3 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 2 umass0: using SCSI over Bulk-Only scsibus3 at umass0: 2 targets, initiator 0 cd1 at scsibus3 targ 1 lun 0: SCSI2 5/cdrom removable umass1 at uhub0 port 1 configuration 1 interface 4 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 2 umass1: using SCSI over Bulk-Only scsibus4 at umass1: 2 targets, initiator 0 sd2 at scsibus4 targ 1 lun 0: SCSI2 0/direct removable vscsi0 at root scsibus5 at vscsi0: 256 targets softraid0 at root scsibus6 at softraid0: 256 targets bootpath: /pci@83,4000/FJSV,ulsa@2,1/disk@0,0 root on sd0a (e489192361503865.a) swap on sd0b dump on sd0b umsm0: this device is not using CDC notify message in intr pipe. Please send your dmesg to , thanks. umsm0: intr buffer 0xc1 0x1 0x3 0x0 0x0 0x0 0x0 umsm0: this device is not using CDC notify message in intr pipe. Please send your dmesg to , thanks. umsm0: intr buffer 0xc1 0x1 0x3 0x0 0x0 0x0 0x0 umsm0: this device is not using CDC notify message i
umsm: sparc64
Hello, umsm is not being detected on this machine for Huawei E303 modem. Only interface 0 and 1 which are both umass are detected. interface 2 is umsm but not active please see boot message. Any guidance here is highly appreciated. Kihaguru. Jun 29 13:14:37 GMT 2019 PowerOn SelfTest start POST:Testing Flash/SRAM POST:Testing SC POST:Testing XSCF POST:Banner POST:FATAL check POST:Testing Timer1 POST:Testing Tick POST:Testing MMU POST:Testing CPU Type POST:Testing DTAG POST:Memory Probe POST:Testing Memory POST:Testing Softint POST:Testing U2P POST:Testing Slave Device POST:Testing Master Device POST:System Configure POST:OBP Start screen not found. keyboard not found. Keyboard not present. Using ttya for input and output. Fujitsu Siemens PRIMEPOWER250 2x SPARC64 V, No Keyboard OpenBoot 3.18.1-1, 16384 MB memory installed Ethernet address 0:b:5d:f3:a7:5c, Host ID: 80f2a75c. XSCF Version: 4.12.1 {0} ok boot Boot device: /pci@83,4000/FJSV,ulsa@2,1/disk@0,0 File and args: OpenBSD IEEE 1275 Bootblock 1.4 ..>> OpenBSD BOOT 1.11 Can't read disk label. Can't open disk label package Trying bsd... Booting /pci@83,4000/FJSV,ulsa@2,1/disk@0,0:a/bsd 9453456@0x100+112@0x1903f90+202800@0x1c0+3991504@0x1c31830 symbols @ 0xfe9e2400 165+610944+416267 start=0x100 [ using 1028408 bytes of bsd ELF symbol table ] console is /pci@83,4000/isa@7/su@0,3f8 Copyright (c) 1982, 1986, 1989, 1991, 1993 The Regents of the University of California. All rights reserved. Copyright (c) 1995-2018 OpenBSD. All rights reserved. https://www.OpenBSD.org OpenBSD 6.4 (GENERIC.MP) #6: Fri Oct 12 09:57:36 MDT 2018 dera...@sparc64.openbsd.org:/usr/src/sys/arch/sparc64/compile/GENERIC.MP real mem = 17179869184 (16384MB) avail mem = 16862707712 (16081MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root: Fujitsu Siemens PRIMEPOWER250 2x SPARC64 V cpu0 at mainbus0: FJSV,SPARC64-V (rev 5.1) @ 1979 MHz cpu0: physical 128K instruction (64 b/l), 128K data (64 b/l), 3072K external (64 b/l) cpu1 at mainbus0: FJSV,SPARC64-V (rev 5.1) @ 1979 MHz cpu1: physical 128K instruction (64 b/l), 128K data (64 b/l), 3072K external (64 b/l) psycho0 at mainbus0 addr 0xfffb2000: SUNW,psycho, impl 0, version 4, ign c0 psycho0: bus range 0-0, PCI bus 0 psycho0: dvma map fe00-, STC0 enabled pci0 at psycho0 ebus0 at pci0 dev 1 function 0 "Sun PCIO EBus2" rev 0x01 "FJSV,scfc" at ebus0 addr 21-210085, 22-220031, 26-260001, 27-28 ivec 0x23 not configured "FJSV,flashprom" at ebus0 addr 0-3f not configured clock1 at ebus0 addr 25-251fff: mk48t59 "FJSV,panel" at ebus0 addr 210011-210011 ivec 0x25 not configured ebus1 at pci0 dev 7 function 0 "Acer Labs M1533 ISA" rev 0x00 com0 at ebus1 addr 3f8-3ff ivec 0x2b: ns16550a, 16 byte fifo com0: console com1 at ebus1 addr 2e8-2ef ivec 0x2b: ns16550a, 16 byte fifo hme0 at pci0 dev 1 function 1 "Sun HME" rev 0x01: ivec 0xe1, address 00:0b:5d:f3:a7:5c nsphyter0 at hme0 phy 1: DP83843 10/100 PHY, rev. 0 mpi0 at pci0 dev 2 function 1 "Symbios Logic 53c1030" rev 0x07: ivec 0xe0 mpi0: 0, firmware 1.0.12.0 scsibus1 at mpi0: 16 targets, initiator 7 sym0 at scsibus1 targ 0 lun 0: SCSI2 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00RAR_AAN0P5200RAR sd0 at scsibus0 targ 0 lun 0: SCSI2 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00RAR_AAN0P5200RAR sd0: 70007MB, 512 bytes/sector, 143374738 sectors sym1 at scsibus1 targ 1 lun 0: SCSI2 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00SSL_AAN0P5200SSL sd1 at scsibus0 targ 1 lun 0: SCSI2 0/direct fixed serial.FUJITSU_MAT3073N_SUN72G_000506B00SSL_AAN0P5200SSL sd1: 70007MB, 512 bytes/sector, 143374738 sectors mpi0: target 0 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1 mpi0: target 1 Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1 pciide0 at pci0 dev 13 function 0 "Acer Labs M5229 UDMA IDE" rev 0xc4: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide0: using ivec 0xe4 for native-PCI interrupt atapiscsi0 at pciide0 channel 0 drive 0 scsibus2 at atapiscsi0: 2 targets cd0 at scsibus2 targ 0 lun 0: ATAPI 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2 pciide0: channel 1 disabled (no drives) ohci0 at pci0 dev 10 function 0 "Acer Labs M5237 USB" rev 0x03: ivec 0xe9, version 1.0, legacy support usb0 at ohci0: USB revision 1.0 uhub0 at usb0 configuration 1 interface 0 "Acer Labs OHCI root hub" rev 1.00/1.00 addr 1 psycho1 at mainbus0 addr 0xfff9e000: SUNW,psycho, impl 0, version 4, ign c0 psycho1: bus range 128-128, PCI bus 128 psycho1: dvma map fe00-, STC0 enabled, STC1 enabled pci1 at psycho1 bge0 at pci1 dev 1 function 0 "Fujitsu PRIMEPOWER250/450 LAN" rev 0x02, BCM5702/5703 A2 (0x1002): ivec 0xc0, address 00:0b:5d:f4:27:5c brgphy0 at bge0 phy 1: BCM5703 10/100/1000baseT PHY, rev. 2 "counter-timer" at mainbus0 addr 0xfff8bc00 not configured umass0 at uhub0 port 2 configuration 1 interface 0 "HUAWEI HUAWEI Mobile" rev 2.0
umsm0: this device is not using CDC notify message in intr pipe. HP Compaq dc5750
Hello, Huawei E303 modem now detaches in OpenBSD 6.5 This works fine on OpenBSD 6.2 same machine. Regards Kihaguru. www# dmesg OpenBSD 6.5 (GENERIC.MP) #3: Sat Apr 13 14:48:43 MDT 2019 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 4142624768 (3950MB) avail mem = 4007448576 (3821MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xed7e0 (66 entries) bios0: vendor Hewlett-Packard version "786E3 v02.10" date 01/25/2007 bios0: Hewlett-Packard HP Compaq dc5750 Microtower acpi0 at bios0: rev 0 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC ASF! MCFG TCPA SLIC HPET acpi0: wakeup devices COM1(S4) PCI0(S4) PEG1(S4) IGFX(S4) PCX1(S4) PCX2(S4) HUB_(S4) USB1(S3) USB2(S3) USB3(S3) USB4(S3) USB5(S3) EUS1(S3) PBTN(S4) acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+, 2095.06 MHz, 0f-6b-01 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,RDTSCP,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,3DNOWP cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 199MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+, 2094.75 MHz, 0f-6b-01 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,CX16,NXE,MMXX,FFXSR,RDTSCP,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,3DNOWP cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative cpu1: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative ioapic0 at mainbus0: apid 2 pa 0xfec0, version 21, 24 pins acpimcfg0 at acpi0 acpimcfg0: addr 0xe000, bus 0-64 acpihpet0 at acpi0: 14318180 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG1) acpiprt2 at acpi0: bus 1 (IGFX) acpiprt3 at acpi0: bus -1 (PCX1) acpiprt4 at acpi0: bus 63 (PCX2) acpiprt5 at acpi0: bus 7 (HUB_) acpicpu0 at acpi0: C1(@1 halt!), PSS acpicpu1 at acpi0: C1(@1 halt!), PSS acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001 acpicmos0 at acpi0 "PNP0003" at acpi0 not configured acpibtn0 at acpi0: PBTN "PNP0C14" at acpi0 not configured cpu0: PowerNow! K8 2095 MHz: speeds: 2100 2000 1800 1000 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "ATI RS480 Host" rev 0x10 ppb0 at pci0 dev 1 function 0 "ATI RS480 PCIE" rev 0x00 pci1 at ppb0 bus 1 radeondrm0 at pci1 dev 5 function 0 "ATI Radeon XPRESS 200" rev 0x00 drm0 at radeondrm0 radeondrm0: apic 2 int 17 vendor "ATI", unknown product 0x5874 (class display subclass miscellaneous, rev 0x00) at pci1 dev 5 function 1 not configured ppb1 at pci0 dev 7 function 0 "ATI RX480 PCIE" rev 0x00: msi pci2 at ppb1 bus 63 bge0 at pci2 dev 0 function 0 "Broadcom BCM5755" rev 0x02, BCM5755 A2 (0xa002): msi, address 00:1f:29:dc:de:9b brgphy0 at bge0 phy 1: BCM5755 10/100/1000baseT PHY, rev. 0 ahci0 at pci0 dev 18 function 0 "ATI SB600 SATA" rev 0x00: apic 2 int 22, AHCI 1.1 ahci0: port 0: 3.0Gb/s ahci0: port 1: 3.0Gb/s ahci0: port 2: 1.5Gb/s scsibus1 at ahci0: 32 targets sd0 at scsibus1 targ 0 lun 0: SCSI3 0/direct fixed t10.ATA_ST380815AS_9RW7BGSY_ sd0: 76319MB, 512 bytes/sector, 156301488 sectors sd1 at scsibus1 targ 1 lun 0: SCSI3 0/direct fixed t10.ATA_ST380815AS_9RW6J93H_ sd1: 76319MB, 512 bytes/sector, 156301488 sectors cd0 at scsibus1 targ 2 lun 0: ATAPI 5/cdrom removable ohci0 at pci0 dev 19 function 0 "ATI SB600 USB" rev 0x00: apic 2 int 16, version 1.0, legacy support ohci1 at pci0 dev 19 function 1 "ATI SB600 USB" rev 0x00: apic 2 int 17, version 1.0, legacy support ohci2 at pci0 dev 19 function 2 "ATI SB600 USB" rev 0x00: apic 2 int 18, version 1.0, legacy support ohci3 at pci0 dev 19 function 3 "ATI SB60spdmem0 at iic0 addr 0x50: 1GB DDR2 SDRAM non-parity PC2-5300CL5 spdmem1 at iic0 addr 0x51: 1GB DDR2 SDRAM non-parity PC2-5300CL5 spdmem2 at iic0 addr 0x52: 1GB DDR2 SDRAM non-parity PC2-5300CL5 spdmem3 at iic0 addr 0x53: 1GB DDR2 SDRAM non-parity PC2-5300CL5 pciide0 at pci0 dev 20 function 1 "ATI SB600 IDE" rev 0x00: DMA, channel 0 configured to native-PCI, channel 1 configured to native-PCI pciide0: using apic 2 int 16 for native-PCI interrupt azalia0 at pci0 dev 20 function 2 "ATI SBx00 HD Audio" rev 0x00: apic 2 int 16 azalia0: codecs: Realtek ALC260 audio0 at azalia0 pcib0 at pci0 dev 20 function 3 "ATI SB600 ISA" rev 0x00 ppb2 at pci0 dev 20 function 4 "ATI SB600 PCI" rev 0x00 pci3 at ppb2 bus 7 pchb1 at
HIPPA supported ciphers
OpenBSD 6.5 (GENERIC.MP) #84: Wed Apr 17 05:53:43 MDT 2019 Hi, SSL compliance tests below refers. (htbridge) 2:SUPPORTED CIPHERS TLSv1.2 TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 Non-compliant with HIPAA guidance TLS_RSA_WITH_CAMELL TLS_RSA_WITH_CAMELLIA_128_CBC_SHA Non-compliant with HIPAA guidance TLS_RSA_WITH_CAMELLIA_128_CBC_SHA Non-compliant with HIPAA guidance Under what circumstances could these ciphers be not considered for HIPPA compliance? Regards, Kihaguru.
CGI scripts 500 internal server error during concurrent post operation.
Hi, While testing, concurrent posting to a cgi script from two separate browsers causes an 500 internal server error on one browser but successful submission on the other. That indicates that the more users one has, the higher the chance that more people would be accessing the script at the same time and hence complaints about 500 internal server error. ** # $OpenBSD: httpd.conf,v 1.20 2018/06/13 15:08:24 reyk Exp $ server "xyz.com" { listen on * port 80 location "/.well-known/acme-challenge/*" { root "/acme" request strip 2 } location * { block return 302 "https://xyz.com$REQUEST_URI"; } } server "xyz.com" { listen on * tls port 443 hsts preload hsts subdomains tls { certificate "/etc/ssl/xyz.com.fullchain.pem" key "/etc/ssl/private/xyz.com.key" } location "/.well-known/acme-challenge/*" { root "/acme" request strip 2 } location "/xyz/*" { root "/" fastcgi } } *** www# dmesg OpenBSD 6.5 (GENERIC.MP) #84: Wed Apr 17 05:53:43 MDT 2019 dera...@arm64.openbsd.org:/usr/src/sys/arch/arm64/compile/GENERIC.MP real mem = 961462272 (916MB) avail mem = 903159808 (861MB) mainbus0 at root: Raspberry Pi 3 Model B Rev 1.2 cpu0 at mainbus0 mpidr 0: ARM Cortex-A53 r0p4 cpu0: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache cpu0: 512KB 64b/line 16-way L2 cache efi0 at mainbus0: UEFI 2.7 efi0: Das U-Boot rev 0x20190100 apm0 at mainbus0 simplefb0 at mainbus0: 656x416, 32bpp wsdisplay0 at simplefb0 mux 1 wsdisplay0: screen 0-5 added (std, vt100 emulation) simplebus0 at mainbus0: "soc" "dma" at simplebus0 not configured bcmintc0 at simplebus0 bcmdog0 at simplebus0 "cprman" at simplebus0 not configured bcmrng0 at simplebus0 "mailbox" at simplebus0 not configured "gpio" at simplebus0 not configured pluart0 at simplebus0 "mmc" at simplebus0 not configured "dsi" at simplebus0 not configured bcmtemp0 at simplebus0 bcmaux0 at simplebus0 com0 at simplebus0: ns16550, no working fifo com0: console dwctwo0 at simplebus0 "local_intc" at simplebus0 not configured "mmc" at simplebus0 not configured "gpiomem" at simplebus0 not configured "firmware" at simplebus0 not configured "power" at simplebus0 not configured "fb" at simplebus0 not configured "vchiq" at simplebus0 not configured "vcsm" at simplebus0 not configured "arm-pmu" at simplebus0 not configured "virtgpio" at simplebus0 not configured "expgpio" at simplebus0 not configured simplebus1 at mainbus0: "clocks" "clock" at simplebus1 not configured "clock" at simplebus1 not configured agtimer0 at mainbus0: tick rate 19200 KHz cpu1 at mainbus0 mpidr 1: ARM Cortex-A53 r0p4 cpu1: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache cpu1: 512KB 64b/line 16-way L2 cache cpu2 at mainbus0 mpidr 2: ARM Cortex-A53 r0p4 cpu2: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache cpu2: 512KB 64b/line 16-way L2 cache cpu3 at mainbus0 mpidr 3: ARM Cortex-A53 r0p4 cpu3: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache cpu3: 512KB 64b/line 16-way L2 cache usb0 at dwctwo0: USB revision 2.0 uhub0 at usb0 configuration 1 interface 0 "Broadcom DWC2 root hub" rev 2.00/1.00 addr 1 uhub1 at uhub0 port 1 configuration 1 interface 0 "Standard Microsystems product 0x9514" rev 2.00/2.00 addr 2 smsc0 at uhub1 port 1 configuration 1 interface 0 "Standard Microsystems SMSC9512/14" rev 2.00/2.00 addr 3 smsc0: address b8:27:eb:fd:e2:73 ukphy0 at smsc0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x0001f0, model 0x000c umass0 at uhub1 port 3 configuration 1 interface 0 "HP v222w" rev 2.00/11.00 addr 4 umass0: using SCSI over Bulk-Only scsibus0 at umass0: 2 targets, initiator 0 sd0 at scsibus0 targ 1 lun 0: SCSI2 0/direct removable serial.03f03f40AA000444 sd0: 7680MB, 512 bytes/sector, 15728640 sectors vscsi0 at root scsibus1 at vscsi0: 256 targets softraid0 at root scsibus2 at softraid0: 256 targets bootfile: sdboot device: sd0 root on sd0a (fb256b8cc93eac04.a) swap on sd0b dump on sd0b WARNING: CHECK AND RESET THE DATE! umsm0 at uhub1 port 4 configuration 1 interface 0 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 5 umsm1 at uhub1 port 4 configuration 1 interface 1 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 5 umsm0 detached umsm1 detached umsm0 at uhub1 port 4 configuration 1 interface 0 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 5 ucom0 at umsm0 umsm1 at uhub1 port 4 configuration 1 interface 1 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 5 ucom1 at umsm1 umsm2 at uhub1 port 4 configuration 1 interface 2 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 5 ucom2 at umsm2 umass1 at uhub1 port 4 configuration 1 interface 3 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 5 umass1
Re: OpenBSD httpd: PCI - DSS Compliance
The issue is now resolved. The alert message no longer appears. Thank you. Kihaguru. On 4/10/19, Kihaguru Gathura wrote: > Hi, > > The message below refers. Has httpd met the particular requirement > 6.5.1 - 6.5.10 as shown? or is it a matter of further configuration. > > "Requirement 6.5 > Fingerprinted versions of web software used on the website may contain > publicly known vulnerabilities (cf. PCI DSS 6.5.1-6.5.10). Investigate > as soon as possible. > Misconfiguration or weakness" > > actual report here: > > https://www.htbridge.com/websec/?id=cGZfIatq > > Thanks, > > Kihaguru. >
OpenBSD httpd: PCI - DSS Compliance
Hi, The message below refers. Has httpd met the particular requirement 6.5.1 - 6.5.10 as shown? or is it a matter of further configuration. "Requirement 6.5 Fingerprinted versions of web software used on the website may contain publicly known vulnerabilities (cf. PCI DSS 6.5.1-6.5.10). Investigate as soon as possible. Misconfiguration or weakness" actual report here: https://www.htbridge.com/websec/?id=cGZfIatq Thanks, Kihaguru.
HTTP SITE DOES NOT REDIRECT
Hi, https://www.htbridge.com SSL test reports as follows: HTTP SITE DOES NOT REDIRECT The HTTP version of the website does not redirect to the HTTPS version. We advise to enable redirection. Misconfiguration or weakness Web server configuration as follows: # $OpenBSD: httpd.conf,v 1.20 2018/06/13 15:08:24 reyk Exp $ server "xyz.com" { listen on * port 80 location "/.well-known/acme-challenge/*" { root "/acme" request strip 2 } location * { block return 302 "https://xyz.com$REQUEST_URI"; } } server "xyz.com" { listen on * tls port 443 hsts tls { certificate "/etc/ssl/xyz.com.fullchain.pem" key "/etc/ssl/private/xyz.com.key" } location "/.well-known/acme-challenge/*" { root "/acme" request strip 2 } location "/xyz.com/*" { root "/" fastcgi } } is this error justifiable considering the above configuration? Thanks, Kihaguru.
Web Server Internal IP Address/Internal Network Name Disclosure Vulnerability
Hi, Following a scan of web server with Qualys Community Edition, a vulnerability has been declared as below. Web Server Internal IP Address/Internal Network Name Disclosure Vulnerability port 80/tcp QID: 86247 Category: Web server CVE ID: CVE-2000-0649 Vendor Reference - Bugtraq ID: 1499 Service Modified: 10/01/2018 User Modified: - Edited: No PCI Vuln: Yes RESULTS: GET / HTTP/1.0 HTTP/1.0 302 Found Date: Fri, 01 Mar 2019 15:08:31 GMT Server: OpenBSD httpd Connection: close Content-Type: text/html Content-Length: 419 Location: https://192.168.1.101/ THREAT: Some Web servers contain a vulnerability giving remote attackers the ability to attain your internal IP address or internal network name. An attacker connected to a host on your network using HTTPS (typically on port 443) could craft a specially formed GET request from the Web server resulting in a 3XX Object Moved error message containing the internal IP address or internal network name of the Web server. A target host using HTTP may also be vulnerable to this issue. QID Detection Logic: The remote check for the web server internal IP address sends a HTTP GET request to the target web server. The QID is flagged if a "Content-location:" header or a 3xx redirect address in an HTTP response contains an RFC1918 IP address. PCI DSS 3.2 requirement 1.3.7 "do not disclose private IP addresses and routing information to unauthorized parties". This is a PCI Fail since confidential information about your network is leaked. IMPACT: Successful exploitation of this vulnerability results in the disclosure of your internal IP address or internal network name, which could then be used in further attacks against the target host. SOLUTION: There are no patches available at this time. Please contact your vendor for updates. Workaround: For IIS Web Server 6.x and prior: Check the Microsoft article on how to set the Hostname instead of internal IP address for IIS. For IIS 7.0 The release version of IIS7 by default includes the functionality of masking the IP address. Refer to Removing an IIS server's IP address from HTTP responses. For Apache Web Server: Modify the Apache configuration file as follows: - Set "ServerName" to a proper FQDN. or - Use module mod_rewrite to modify the 3xx error message returned by the server. No workaround information is available for other Web servers at this time. Refer to your vendor for an appropriate workaround. COMPLIANCE: Not Applicable EXPLOITABILITY: The Exploit-DB Reference: CVE-2000-0649 Description: Microsoft IIS 2.0/3.0/4.0/5.0/5.1 - Internal IP Address Disclosure - The Exploit-DB Ref : 20096 Link: http://www.exploit-db.com/exploits/20096 ASSOCIATED MALWARE: There is no malware information for this vulnerability. RESULTS: GET / HTTP/1.0 HTTP/1.0 302 Found Date: Fri, 01 Mar 2019 15:08:31 GMT Server: OpenBSD httpd Connection: close Content-Type: text/html Content-Length: 419 Location: https://192.168.1.101/ Web server configuration as follows: # $OpenBSD: httpd.conf,v 1.20 2018/06/13 15:08:24 reyk Exp $ server "xyz.com" { listen on * port 80 location "/.well-known/acme-challenge/*" { root "/acme" request strip 2 } location * { block return 302 "https://$HTTP_HOST$REQUEST_URI"; } } server "xyz.com" { listen on * tls port 443 hsts tls { certificate "/etc/ssl/xyz.com.fullchain.pem" key "/etc/ssl/private/xyz.com.key" } location "/.well-known/acme-challenge/*" { root "/acme" request strip 2 } location "/xyz.com/*" { root "/" fastcgi } } Any indications on how to prevent the disclosure? Regards, Kihaguru.
Missing libraries.
Hi, Any ideas on how to fix the missing libraries, www# pkg_add -v mini_sendmail-chroot Update candidates: quirks-3.91 -> quirks-3.91 quirks-3.91 signed on 2019-02-10T22:07:56Z Can't install mini_sendmail-chroot-1.3.9 because of libraries |library c.95.0 not found | /usr/lib/libc.so.92.6 (system): bad major Couldn't install mini_sendmail-chroot-1.3.9 www# www# dmesg OpenBSD 6.4-current (GENERIC.MP) #253: Sun Nov 4 23:26:31 MST 2018 dera...@arm64.openbsd.org:/usr/src/sys/arch/arm64/compile/GENERIC.MP real mem = 961421312 (916MB) avail mem = 902914048 (861MB) mainbus0 at root: Raspberry Pi 3 Model B Rev 1.2 cpu0 at mainbus0 mpidr 0: ARM Cortex-A53 r0p4 cpu0: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache cpu0: 512KB 64b/line 16-way L2 cache efi0 at mainbus0: UEFI 2.7 efi0: Das U-Boot rev 0x20180900 simplefb0 at mainbus0: 656x416, 32bpp wsdisplay0 at simplefb0 mux 1 wsdisplay0: screen 0-5 added (std, vt100 emulation) simplebus0 at mainbus0: "soc" bcmintc0 at simplebus0 bcmdog0 at simplebus0 bcmrng0 at simplebus0 pluart0 at simplebus0 bcmtemp0 at simplebus0 bcmaux0 at simplebus0 com0 at simplebus0: ns16550, no working fifo com0: console dwctwo0 at simplebus0 simplebus1 at mainbus0: "clocks" agtimer0 at mainbus0: tick rate 19200 KHz cpu1 at mainbus0 mpidr 1: ARM Cortex-A53 r0p4 cpu1: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache cpu1: 512KB 64b/line 16-way L2 cache cpu2 at mainbus0 mpidr 2: ARM Cortex-A53 r0p4 cpu2: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache cpu2: 512KB 64b/line 16-way L2 cache cpu3 at mainbus0 mpidr 3: ARM Cortex-A53 r0p4 cpu3: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache cpu3: 512KB 64b/line 16-way L2 cache usb0 at dwctwo0: USB revision 2.0 uhub0 at usb0 configuration 1 interface 0 "Broadcom DWC2 root hub" rev 2.00/1.00 addr 1 uhub1 at uhub0 port 1 configuration 1 interface 0 "Standard Microsystems product 0x9514" rev 2.00/2.00 addr 2 smsc0 at uhub1 port 1 configuration 1 interface 0 "Standard Microsystems SMSC9512/14" rev 2.00/2.00 addr 3 smsc0: address b8:27:eb:fd:e2:73 ukphy0 at smsc0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x0001f0, model 0x000c umass0 at uhub1 port 3 configuration 1 interface 0 "HP v222w" rev 2.00/11.00 addr 4 umass0: using SCSI over Bulk-Only scsibus0 at umass0: 2 targets, initiator 0 sd0 at scsibus0 targ 1 lun 0: SCSI2 0/direct removable serial.03f03f40AA000444 sd0: 7680MB, 512 bytes/sector, 15728640 sectors vscsi0 at root scsibus1 at vscsi0: 256 targets softraid0 at root scsibus2 at softraid0: 256 targets bootfile: sd0a:/bsd boot device: sd0 root on sd0a (87d0b25f285b037a.a) swap on sd0b dump on sd0b WARNING: CHECK AND RESET THE DATE! umsm0 at uhub1 port 2 configuration 1 interface 0 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 5 umsm1 at uhub1 port 2 configuration 1 interface 1 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 5 umsm0 detached umsm1 detached umsm0 at uhub1 port 2 configuration 1 interface 0 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 5 ucom0 at umsm0 umsm1 at uhub1 port 2 configuration 1 interface 1 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 5 ucom1 at umsm1 umsm2 at uhub1 port 2 configuration 1 interface 2 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 5 ucom2 at umsm2 umass1 at uhub1 port 2 configuration 1 interface 3 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 5 umass1: using SCSI over Bulk-Only scsibus3 at umass1: 2 targets, initiator 0 cd0 at scsibus3 targ 1 lun 0: SCSI2 5/cdrom removable umass2 at uhub1 port 2 configuration 1 interface 4 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 5 umass2: using SCSI over Bulk-Only scsibus4 at umass2: 2 targets, initiator 0 sd1 at scsibus4 targ 1 lun 0: SCSI2 0/direct removable LogOut[20584]: pledge "proc", syscall 66 LogOut[90880]: pledge "proc", syscall 66 LogOut[61523]: pledge "proc", syscall 66 LogOut[86166]: pledge "proc", syscall 66 LogOut[41775]: pledge "proc", syscall 66 www# Regards, Kihaguru.
Re: 3g/4g modem access from within chroot
Have removed the group assginment and instead did chown as follows: www# chown www:daemon /var/www/dev/cuaU2 www# chroot -u www /var/www /gathura/modem Status: 200 OK Content-type: text/html Connected to /dev/cuaU2 (speed 115200) AT+CMGF=1 OK [EOT] www# Thanks Edgar Kihaguru. On 2/8/19, Edgar Pettijohn wrote: > > On Feb 8, 2019 2:21 PM, Kihaguru Gathura wrote: >> >> > >> > Is there a /var/www/dev/cuaU2 >> >> Indeed this is present. created it before as follows: >> >> www# mkdir /var/www/dev >> www# cd /var/www/dev >> www# sh /dev/MAKEDEV ttyU2 >> www# ls >> cuaU2 ttyU2 >> www# >> >> > >> >> On 2/8/19, Edgar Pettijohn wrote: >> > >> > On Feb 8, 2019 9:01 AM, Kihaguru Gathura wrote: >> >> >> >> Hi, >> >> >> >> What effective way can be used to apply permission to /dev/cuaU2 to >> >> avoid the error below. >> >> >> >> >> >> www# chroot -u www /var/www cgi-bin/modem >> > >> > Is there a /var/www/dev/cuaU2 >> > >> >> Status: 200 OK >> >> Content-type: text/html >> >> >> >> cu: open("/dev/cuaU2"): Permission denied >> >> >> >> Note: chown www:daemon /dev/cuaU2 has not worked. chroot is in the >> >> root folder which allows devices. > > What about chown www:daemon /var/www/dev/cuaU0 This is a better option than assigning www to group dialer. > >> >> >> >> /dev/sd0a (87d0b25f285b037a.a) on /mnt type ffs (rw, >> >> asynchronous, local) >> >> /dev/sd0e (87d0b25f285b037a.e) on /mnt/home type ffs (rw, >> >> asynchronous, local, nodev, nosuid) >> >> /dev/sd0d (87d0b25f285b037a.d) on /mnt/usr type ffs (rw, >> >> asynchronous, local, nodev) >> >> > > Where is /var/www mounted? Mounted on /dev/sd0a > >> >> >> >> >> >> # dmesg >> >> OpenBSD 6.4-current (GENERIC.MP) #253: Sun Nov 4 23:26:31 MST 2018 >> >> >> >> dera...@arm64.openbsd.org:/usr/src/sys/arch/arm64/compile/GENERIC.MP >> >> real mem = 961421312 (916MB) >> >> avail mem = 902914048 (861MB) >> >> mainbus0 at root: Raspberry Pi 3 Model B Rev 1.2 >> >> cpu0 at mainbus0 mpidr 0: ARM Cortex-A53 r0p4 >> >> cpu0: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 >> >> D-cache >> >> cpu0: 512KB 64b/line 16-way L2 cache >> >> efi0 at mainbus0: UEFI 2.7 >> >> efi0: Das U-Boot rev 0x20180900 >> >> simplefb0 at mainbus0: 656x416, 32bpp >> >> wsdisplay0 at simplefb0 mux 1 >> >> wsdisplay0: screen 0-5 added (std, vt100 emulation) >> >> simplebus0 at mainbus0: "soc" >> >> bcmintc0 at simplebus0 >> >> bcmdog0 at simplebus0 >> >> bcmrng0 at simplebus0 >> >> pluart0 at simplebus0 >> >> bcmtemp0 at simplebus0 >> >> bcmaux0 at simplebus0 >> >> com0 at simplebus0: ns16550, no working fifo >> >> com0: console >> >> dwctwo0 at simplebus0 >> >> simplebus1 at mainbus0: "clocks" >> >> agtimer0 at mainbus0: tick rate 19200 KHz >> >> cpu1 at mainbus0 mpidr 1: ARM Cortex-A53 r0p4 >> >> cpu1: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 >> >> D-cache >> >> cpu1: 512KB 64b/line 16-way L2 cache >> >> cpu2 at mainbus0 mpidr 2: ARM Cortex-A53 r0p4 >> >> cpu2: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 >> >> D-cache >> >> cpu2: 512KB 64b/line 16-way L2 cache >> >> cpu3 at mainbus0 mpidr 3: ARM Cortex-A53 r0p4 >> >> cpu3: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 >> >> D-cache >> >> cpu3: 512KB 64b/line 16-way L2 cache >> >> usb0 at dwctwo0: USB revision 2.0 >> >> uhub0 at usb0 configuration 1 interface 0 "Broadcom DWC2 root hub" rev >> >> 2.00/1.00 addr 1 >> >> uhub1 at uhub0 port 1 configuration 1 interface 0 "Standard >> >> Microsystems product 0x9514" rev 2.00/2.00 addr 2 >> >> smsc0 at uhub1 port 1 configuration 1 interface 0 "Standard >> >> Microsystems SMSC9512/14" rev 2.00/2.00 addr 3 >> >> smsc0: address b8:27:eb:fd:e2:73 >> >> ukphy0 at smsc0 phy 1: Generic IEEE 802.3u media interface, rev. 3: >> >> OUI 0x000
Re: 3g/4g modem access from within chroot
Finally this works but wish to know any security implications if any. www# usermod -G dialer www www# chroot -u www /var/www /cgi-bin/modem Status: 200 OK Content-type: text/html Connected to /dev/cuaU2 (speed 115200) AT+CMGF=1 OK [EOT] www# Thanks Kihaguru. On 2/8/19, Kihaguru Gathura wrote: >> >> Is there a /var/www/dev/cuaU2 > > Indeed this is present. created it before as follows: > > www# mkdir /var/www/dev > www# cd /var/www/dev > www# sh /dev/MAKEDEV ttyU2 > www# ls > cuaU2 ttyU2 > www# > >> > > On 2/8/19, Edgar Pettijohn wrote: >> >> On Feb 8, 2019 9:01 AM, Kihaguru Gathura wrote: >>> >>> Hi, >>> >>> What effective way can be used to apply permission to /dev/cuaU2 to >>> avoid the error below. >>> >>> >>> www# chroot -u www /var/www cgi-bin/modem >> >> Is there a /var/www/dev/cuaU2 >> >>> Status: 200 OK >>> Content-type: text/html >>> >>> cu: open("/dev/cuaU2"): Permission denied >>> >>> Note: chown www:daemon /dev/cuaU2 has not worked. chroot is in the >>> root folder which allows devices. >>> >>> /dev/sd0a (87d0b25f285b037a.a) on /mnt type ffs (rw, >>> asynchronous, local) >>> /dev/sd0e (87d0b25f285b037a.e) on /mnt/home type ffs (rw, >>> asynchronous, local, nodev, nosuid) >>> /dev/sd0d (87d0b25f285b037a.d) on /mnt/usr type ffs (rw, >>> asynchronous, local, nodev) >>> >>> >>> >>> # dmesg >>> OpenBSD 6.4-current (GENERIC.MP) #253: Sun Nov 4 23:26:31 MST 2018 >>> dera...@arm64.openbsd.org:/usr/src/sys/arch/arm64/compile/GENERIC.MP >>> real mem = 961421312 (916MB) >>> avail mem = 902914048 (861MB) >>> mainbus0 at root: Raspberry Pi 3 Model B Rev 1.2 >>> cpu0 at mainbus0 mpidr 0: ARM Cortex-A53 r0p4 >>> cpu0: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 >>> D-cache >>> cpu0: 512KB 64b/line 16-way L2 cache >>> efi0 at mainbus0: UEFI 2.7 >>> efi0: Das U-Boot rev 0x20180900 >>> simplefb0 at mainbus0: 656x416, 32bpp >>> wsdisplay0 at simplefb0 mux 1 >>> wsdisplay0: screen 0-5 added (std, vt100 emulation) >>> simplebus0 at mainbus0: "soc" >>> bcmintc0 at simplebus0 >>> bcmdog0 at simplebus0 >>> bcmrng0 at simplebus0 >>> pluart0 at simplebus0 >>> bcmtemp0 at simplebus0 >>> bcmaux0 at simplebus0 >>> com0 at simplebus0: ns16550, no working fifo >>> com0: console >>> dwctwo0 at simplebus0 >>> simplebus1 at mainbus0: "clocks" >>> agtimer0 at mainbus0: tick rate 19200 KHz >>> cpu1 at mainbus0 mpidr 1: ARM Cortex-A53 r0p4 >>> cpu1: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 >>> D-cache >>> cpu1: 512KB 64b/line 16-way L2 cache >>> cpu2 at mainbus0 mpidr 2: ARM Cortex-A53 r0p4 >>> cpu2: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 >>> D-cache >>> cpu2: 512KB 64b/line 16-way L2 cache >>> cpu3 at mainbus0 mpidr 3: ARM Cortex-A53 r0p4 >>> cpu3: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 >>> D-cache >>> cpu3: 512KB 64b/line 16-way L2 cache >>> usb0 at dwctwo0: USB revision 2.0 >>> uhub0 at usb0 configuration 1 interface 0 "Broadcom DWC2 root hub" rev >>> 2.00/1.00 addr 1 >>> uhub1 at uhub0 port 1 configuration 1 interface 0 "Standard >>> Microsystems product 0x9514" rev 2.00/2.00 addr 2 >>> smsc0 at uhub1 port 1 configuration 1 interface 0 "Standard >>> Microsystems SMSC9512/14" rev 2.00/2.00 addr 3 >>> smsc0: address b8:27:eb:fd:e2:73 >>> ukphy0 at smsc0 phy 1: Generic IEEE 802.3u media interface, rev. 3: >>> OUI 0x0001f0, model 0x000c >>> umass0 at uhub1 port 3 configuration 1 interface 0 "HP v222w" rev >>> 2.00/11.00 addr 4 >>> umass0: using SCSI over Bulk-Only >>> scsibus0 at umass0: 2 targets, initiator 0 >>> sd0 at scsibus0 targ 1 lun 0: SCSI2 0/direct >>> removable serial.03f03f40AA000444 >>> sd0: 7680MB, 512 bytes/sector, 15728640 sectors >>> vscsi0 at root >>> scsibus1 at vscsi0: 256 targets >>> softraid0 at root >>> scsibus2 at softraid0: 256 targets >>> bootfile: sd0a:/bsd >>> boot device: sd0 >>> root on sd0a (87d0b25f285b037a.a) swap on sd0b dump on sd0b >>> WARNING: CHECK AND RESET THE DATE! >>> umsm0 at uhub1 port 5 configuration 1 interface 0 "H
Re: 3g/4g modem access from within chroot
> > Is there a /var/www/dev/cuaU2 Indeed this is present. created it before as follows: www# mkdir /var/www/dev www# cd /var/www/dev www# sh /dev/MAKEDEV ttyU2 www# ls cuaU2 ttyU2 www# > On 2/8/19, Edgar Pettijohn wrote: > > On Feb 8, 2019 9:01 AM, Kihaguru Gathura wrote: >> >> Hi, >> >> What effective way can be used to apply permission to /dev/cuaU2 to >> avoid the error below. >> >> >> www# chroot -u www /var/www cgi-bin/modem > > Is there a /var/www/dev/cuaU2 > >> Status: 200 OK >> Content-type: text/html >> >> cu: open("/dev/cuaU2"): Permission denied >> >> Note: chown www:daemon /dev/cuaU2 has not worked. chroot is in the >> root folder which allows devices. >> >> /dev/sd0a (87d0b25f285b037a.a) on /mnt type ffs (rw, >> asynchronous, local) >> /dev/sd0e (87d0b25f285b037a.e) on /mnt/home type ffs (rw, >> asynchronous, local, nodev, nosuid) >> /dev/sd0d (87d0b25f285b037a.d) on /mnt/usr type ffs (rw, >> asynchronous, local, nodev) >> >> >> >> # dmesg >> OpenBSD 6.4-current (GENERIC.MP) #253: Sun Nov 4 23:26:31 MST 2018 >> dera...@arm64.openbsd.org:/usr/src/sys/arch/arm64/compile/GENERIC.MP >> real mem = 961421312 (916MB) >> avail mem = 902914048 (861MB) >> mainbus0 at root: Raspberry Pi 3 Model B Rev 1.2 >> cpu0 at mainbus0 mpidr 0: ARM Cortex-A53 r0p4 >> cpu0: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache >> cpu0: 512KB 64b/line 16-way L2 cache >> efi0 at mainbus0: UEFI 2.7 >> efi0: Das U-Boot rev 0x20180900 >> simplefb0 at mainbus0: 656x416, 32bpp >> wsdisplay0 at simplefb0 mux 1 >> wsdisplay0: screen 0-5 added (std, vt100 emulation) >> simplebus0 at mainbus0: "soc" >> bcmintc0 at simplebus0 >> bcmdog0 at simplebus0 >> bcmrng0 at simplebus0 >> pluart0 at simplebus0 >> bcmtemp0 at simplebus0 >> bcmaux0 at simplebus0 >> com0 at simplebus0: ns16550, no working fifo >> com0: console >> dwctwo0 at simplebus0 >> simplebus1 at mainbus0: "clocks" >> agtimer0 at mainbus0: tick rate 19200 KHz >> cpu1 at mainbus0 mpidr 1: ARM Cortex-A53 r0p4 >> cpu1: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache >> cpu1: 512KB 64b/line 16-way L2 cache >> cpu2 at mainbus0 mpidr 2: ARM Cortex-A53 r0p4 >> cpu2: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache >> cpu2: 512KB 64b/line 16-way L2 cache >> cpu3 at mainbus0 mpidr 3: ARM Cortex-A53 r0p4 >> cpu3: 32KB 64b/line 2-way L1 VIPT I-cache, 32KB 64b/line 4-way L1 D-cache >> cpu3: 512KB 64b/line 16-way L2 cache >> usb0 at dwctwo0: USB revision 2.0 >> uhub0 at usb0 configuration 1 interface 0 "Broadcom DWC2 root hub" rev >> 2.00/1.00 addr 1 >> uhub1 at uhub0 port 1 configuration 1 interface 0 "Standard >> Microsystems product 0x9514" rev 2.00/2.00 addr 2 >> smsc0 at uhub1 port 1 configuration 1 interface 0 "Standard >> Microsystems SMSC9512/14" rev 2.00/2.00 addr 3 >> smsc0: address b8:27:eb:fd:e2:73 >> ukphy0 at smsc0 phy 1: Generic IEEE 802.3u media interface, rev. 3: >> OUI 0x0001f0, model 0x000c >> umass0 at uhub1 port 3 configuration 1 interface 0 "HP v222w" rev >> 2.00/11.00 addr 4 >> umass0: using SCSI over Bulk-Only >> scsibus0 at umass0: 2 targets, initiator 0 >> sd0 at scsibus0 targ 1 lun 0: SCSI2 0/direct >> removable serial.03f03f40AA000444 >> sd0: 7680MB, 512 bytes/sector, 15728640 sectors >> vscsi0 at root >> scsibus1 at vscsi0: 256 targets >> softraid0 at root >> scsibus2 at softraid0: 256 targets >> bootfile: sd0a:/bsd >> boot device: sd0 >> root on sd0a (87d0b25f285b037a.a) swap on sd0b dump on sd0b >> WARNING: CHECK AND RESET THE DATE! >> umsm0 at uhub1 port 5 configuration 1 interface 0 "HUAWEI HUAWEI >> Mobile" rev 2.00/1.02 addr 5 >> umsm1 at uhub1 port 5 configuration 1 interface 1 "HUAWEI HUAWEI >> Mobile" rev 2.00/1.02 addr 5 >> umsm0 detached >> umsm1 detached >> umsm0 at uhub1 port 5 configuration 1 interface 0 "HUAWEI HUAWEI >> Mobile" rev 2.00/1.02 addr 5 >> ucom0 at umsm0 >> umsm1 at uhub1 port 5 configuration 1 interface 1 "HUAWEI HUAWEI >> Mobile" rev 2.00/1.02 addr 5 >> ucom1 at umsm1 >> umsm2 at uhub1 port 5 configuration 1 interface 2 "HUAWEI HUAWEI >> Mobile" rev 2.00/1.02 addr 5 >> ucom2 at umsm2 >> umass1 at uhub1 port 5 configuration 1 interface 3 "HUAWEI HUAWEI >> Mobile" rev 2.00/1.02 addr
Re: 3g/4g modem access from within chroot
m1 umsm2 at uhub1 port 2 configuration 1 interface 2 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 5 ucom2 at umsm2 umass1 at uhub1 port 2 configuration 1 interface 3 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 5 umass1: using SCSI over Bulk-Only scsibus3 at umass1: 2 targets, initiator 0 cd0 at scsibus3 targ 1 lun 0: SCSI2 5/cdrom removable umass2 at uhub1 port 2 configuration 1 interface 4 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 5 umass2: using SCSI over Bulk-Only scsibus4 at umass2: 2 targets, initiator 0 sd1 at scsibus4 targ 1 lun 0: SCSI2 0/direct removable ucom0 detached umsm0 detached ucom1 detached umsm1 detached ucom2 detached umsm2 detached cd0 detached scsibus3 detached umass1 detached sd1 detached scsibus4 detached umass2 detached umsm0 at uhub1 port 2 configuration 1 interface 0 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 5 umsm1 at uhub1 port 2 configuration 1 interface 1 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 5 umsm0 detached umsm1 detached umsm0 at uhub1 port 2 configuration 1 interface 0 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 5 ucom0 at umsm0 umsm1 at uhub1 port 2 configuration 1 interface 1 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 5 ucom1 at umsm1 umsm2 at uhub1 port 2 configuration 1 interface 2 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 5 ucom2 at umsm2 umass1 at uhub1 port 2 configuration 1 interface 3 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 5 umass1: using SCSI over Bulk-Only scsibus3 at umass1: 2 targets, initiator 0 cd0 at scsibus3 targ 1 lun 0: SCSI2 5/cdrom removable umass2 at uhub1 port 2 configuration 1 interface 4 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 5scsibus4 at umass2: 2 targets, initiator 0 sd1 at scsibus4 targ 1 lun 0: SCSI2 0/direct removable ucom0 detached umsm0 detached ucom1 detached umsm1 detached ucom2 detached umsm2 detached cd0 detached scsibus3 detached umass1 detached sd1 detached scsibus4 detached umass2 detached umsm0 at uhub1 port 2 configuration 1 interface 0 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 5 umsm1 at uhub1 port 2 configuration 1 interface 1 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 5 umsm0 detached umsm1 detached umsm0 at uhub1 port 2 configuration 1 interface 0 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 5 ucom0 at umsm0 umsm1 at uhub1 port 2 configuration 1 interface 1 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 5 ucom1 at umsm1 umsm2 at uhub1 port 2 configuration 1 interface 2 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 5 ucom2 at umsm2 umass1 at uhub1 port 2 configuration 1 interface 3 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 5 umass1: using SCSI over Bulk-Only scsibus3 at umass1: 2 targets, initiator 0 cd0 at scsibus3 targ 1 lun 0: SCSI2 5/cdrom removable umass2 at uhub1 port 2 configuration 1 interface 4 "HUAWEI HUAWEI Mobile" rev 2.00/1.02 addr 5 umass2: using SCSI over Bulk-Only scsibus4 at umass2: 2 targets, initiator 0 sd1 at scsibus4 targ 1 lun 0: SCSI2 0/direct removable Thanks, Kihaguru. On 9/11/18, Kihaguru Gathura wrote: > Hi, > > I am able to send SMS using AT commands and C outside chroot using > code spinet below > > --- > #include > #include > #include > > #define MODEM_PATH "cu -l /dev/cuaU0 -s 115200" > > int main() > { > FILE *out; > char s[40]; > > printf("Content-type: text/html\n\n"); > > snprintf(s, sizeof(s), "%s", MODEM_PATH); > ~ > ~ > ~ > ~ > ~ > ~ > return(0); > } > > > however, running the program from within chroot, I get the message > > /dev/cuaU0 - No such file or directory > > All files needed by cu are properly copied to chroot and cu works fine. > > Question: > > 1: How do i get /dev/cuaU0 device accessible under chroot? > > 2: Is there a better i.e more secure approach to access modem from > within chroot? >
Re: performance of intel multithreading
Hi, On Wednesday, November 7, 2018, Nick Holland wrote: > On 11/05/18 23:51, Kihaguru Gathura wrote: >> Hi, >> >> From a security standpoint, >> which platform will offer better performance > > huh? What's your priority, security or performance? > Security is the Priority. > If you have one and no budget to buy something ...um... modern, use it. I have the PrimePower 250 > UltraSPARC will probably give them a bigger surprise. Please explain further if possible. But if you are > running web services, you are probably running apps written by someone > without any idea what they are doing in an interpreted language like > PHP, and the exact same exploits will take out either platform, because > the exploits will be at a much higher level than the processor. Self written services in C language. Thanks, Kihaguru.
Re: performance of intel multithreading
The PRIMERGY registers more cpu's a total of 24 when OpenBSD is installed On Tuesday, November 6, 2018, Kihaguru Gathura wrote: > Hi, > > From a security standpoint, which platform will offer better performance solution in web and database now that OpenBSD multithreading is switched off for Intel? > > > (Fujitsu PRIMEPOWER 250 - Version F - 2 X SPARC64 V 1.98 GHz) or (Fujitsu PRIMERGY RX300 S6 - 2 X Xeon 6 core 12 thread E5620 2.4 GHz) > > > Thanks, > > Kihaguru
performance of intel multithreading
Hi, >From a security standpoint, which platform will offer better performance solution in web and database now that OpenBSD multithreading is switched off for Intel? (Fujitsu PRIMEPOWER 250 - Version F - 2 X SPARC64 V 1.98 GHz) or (Fujitsu PRIMERGY RX300 S6 - 2 X Xeon 6 core 12 thread E5620 2.4 GHz) Thanks, Kihaguru
Libreoffice package missing in i386 tree
Hi, Is the LibreOffice package in the i386 tree expected for OpenBSD 6.4? not listed the mirrors so far. Kihaguru
Re: httpd and cgi
Thank you for that. The code below authenticates for all folders and cgi scripts work well as desired Any comments on correctness? .. # $OpenBSD: httpd.conf,v 1.18 2018/03/23 11:36:41 florian Exp $ server "xyz.co.ke" { listen on * port 80 listen on :: port 80 location "/.well-known/acme-challenge/*" { root "/acme" root strip 2 } location * { block return 302 "https://$HTTP_HOST$REQUEST_URI"; } } server "xyz.co.ke" { listen on * tls port 443 listen on :: tls port 443 hsts tls { certificate "/etc/ssl/xyz.co.ke.fullchain.pem" key "/etc/ssl/private/xyz.co.ke.key" } location "/.well-known/acme-challenge/*" { root "/acme" root strip 2 } authenticate "Staff Only" with "/htpasswds" root "/xyz.co.ke" location "/public/*" { directory auto index } location "/xyz/*" { root "/" fastcgi } } ........ > On 10/5/18, trondd wrote: >> On Thu, October 4, 2018 12:54 pm, Kihaguru Gathura wrote: >>> Hi, >>> >>> For the following httpd setup, cgi scripts give a 403 Page not found >>> on browser. However after removing the line: >>> >>> location "/*" { >>> authenticate "Staff Only" with "/htpasswds" >>> } >>> >>> cgi scripts run fine but no authentication for document root of course. >>> >>> Please explain the situation. >>> >>> >>> >>> ... >>># $OpenBSD: httpd.conf,v 1.18 2018/03/23 11:36:41 florian Exp $ >>> >>> server "xyz.co.ke" { >>> listen on * port 80 >>> listen on :: port 80 >>> location "/.well-known/acme-challenge/*" { >>> root "/acme" >>> root strip 2 >>> } >>> location * { >>> block return 302 >>> "https://$HTTP_HOST$REQUEST_URI"; >>> } >>> } >>> >>> server "xyz.co.ke" { >>> listen on * tls port 443 >>> listen on :: tls port 443 >>> hsts >>> tls { >>> certificate "/etc/ssl/xyz.co.ke.fullchain.pem" >>> key "/etc/ssl/private/xyz.co.ke.key" >>> } >>> location "/.well-known/acme-challenge/*" { >>> root "/acme" >>> root strip 2 >>> } >>> root "/xyz.co.ke" >>> location "/*" { >>> authenticate "Staff Only" with "/htpasswds" >>> } >>> >>> location "/public/*" { >>> directory auto index >>> } >>> location "/xyz/*" { >>> root "/" >>> fastcgi >>> authenticate "Staff Only" with "/htpasswds" >>> } >>> } >>> .. >>> >>> Thank you, >>> >>> Regards >>> >>> Kihaguru. >>> >> >> Move the location "/*" block to the bottom of the server block after the >> specific paths. >> >> >> location path {...} >> Specify server configuration rules for a specific location. The path >> argument will be matched against the request path with shell globbing >> rules. In case of multiple location statements in the same context, >> the first matching location statement will be put into effect, while >> all later ones will be ignored. Therefore it is advisable to match for >> more specific paths first and for generic ones later on. >> >> >
httpd and cgi
Hi, For the following httpd setup, cgi scripts give a 403 Page not found on browser. However after removing the line: location "/*" { authenticate "Staff Only" with "/htpasswds" } cgi scripts run fine but no authentication for document root of course. Please explain the situation. ... # $OpenBSD: httpd.conf,v 1.18 2018/03/23 11:36:41 florian Exp $ server "xyz.co.ke" { listen on * port 80 listen on :: port 80 location "/.well-known/acme-challenge/*" { root "/acme" root strip 2 } location * { block return 302 "https://$HTTP_HOST$REQUEST_URI"; } } server "xyz.co.ke" { listen on * tls port 443 listen on :: tls port 443 hsts tls { certificate "/etc/ssl/xyz.co.ke.fullchain.pem" key "/etc/ssl/private/xyz.co.ke.key" } location "/.well-known/acme-challenge/*" { root "/acme" root strip 2 } root "/xyz.co.ke" location "/*" { authenticate "Staff Only" with "/htpasswds" } location "/public/*" { directory auto index } location "/xyz/*" { root "/" fastcgi authenticate "Staff Only" with "/htpasswds" } } .. Thank you, Regards Kihaguru.
3g/4g modem access from within chroot
Hi, I am able to send SMS using AT commands and C outside chroot using code spinet below --- #include #include #include #define MODEM_PATH "cu -l /dev/cuaU0 -s 115200" int main() { FILE *out; char s[40]; printf("Content-type: text/html\n\n"); snprintf(s, sizeof(s), "%s", MODEM_PATH); ~ ~ ~ ~ ~ ~ return(0); } however, running the program from within chroot, I get the message /dev/cuaU0 - No such file or directory All files needed by cu are properly copied to chroot and cu works fine. Question: 1: How do i get /dev/cuaU0 device accessible under chroot? 2: Is there a better i.e more secure approach to access modem from within chroot?
support update
0 C Kenya P Nairobi T Nairobi Z P.O. Box 30164-00100 O Weenode I A Bishops Road M e...@weenode.com U B +254 706970697 X N Ultra-secure Enterprise Internet of Things (EIoT). Speciality in web applications development with OpenBSD-httpd web server, PostgreSQL DBMS, FastCGI protocol and C programming language on OpenBSD/ARM platforms.
Can't open /dev/bio on arm
Hi, I am getting message: bioctl: Can't open /dev/bio: Device not configured No clue whatsoever on how to go about this. Please assist. Instructions -- almandine# fdisk -iy sd0 Writing MBR at offset 0. almandine# fdisk -iy sd1 Writing MBR at offset 0. almandine# disklabel -E sd0 Label editor (enter '?' for help at any prompt) > a partition: [a] offset: [64] size: [15727571] * FS type: [4.2BSD] RAID > w > q No label changes. almandine# disklabel sd0 > layout almandine# disklabel -R sd1 layout almandine# rm layout almandine# bioctl -c 1 -l sd0a,sd1a softraid0 bioctl: Can't open /dev/bio: Device not configured -- dmesg --- almandine# dmesg OpenBSD 6.3-current (RAMDISK) #377: Wed Aug 1 23:25:45 MDT 2018 dera...@arm64.openbsd.org:/usr/src/sys/arch/arm64/compile/RAMDISK real mem = 958873600 (914MB) avail mem = 895877120 (854MB) mainbus0 at root: Raspberry Pi 3 Model B Rev 1.2 cpu0 at mainbus0 mpidr 0: ARM Cortex-A53 r0p4 efi0 at mainbus0: UEFI 2.7 efi0: Das U-Boot rev 0x0 simplefb0 at mainbus0: 656x416, 32bpp wsdisplay0 at simplefb0 wsdisplay0: screen 0 added (std, vt100 emulation) simplebus0 at mainbus0: "soc" bcmintc0 at simplebus0 bcmdog0 at simplebus0 bcmrng0 at simplebus0 pluart0 at simplebus0 bcmaux0 at simplebus0 com0 at simplebus0: ns16550, no working fifo com0: console dwctwo0 at simplebus0 simplebus1 at mainbus0: "clocks" agtimer0 at mainbus0: tick rate 19200 KHz usb0 at dwctwo0: USB revision 2.0 uhub0 at usb0 configuration 1 interface 0 "Broadcom DWC2 root hub" rev 2.00/1.00 addr 1 uhub1 at uhub0 port 1 configuration 1 interface 0 "Standard Microsystems product 0x9514" rev 2.00/2.00 addr 2 smsc0 at uhub1 port 1 configuration 1 interface 0 "Standard Microsystems SMSC9512/14" rev 2.00/2.00 addr 3 smsc0: address b8:27:eb:fd:e2:73 ukphy0 at smsc0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 0x0001f0, model 0x000c umass0 at uhub1 port 2 configuration 1 interface 0 "HP v222w" rev 2.00/11.00 addr 4 umass0: using SCSI over Bulk-Only scsibus0 at umass0: 2 targets, initiator 0 sd0 at scsibus0 targ 1 lun 0: SCSI2 0/direct removable serial.03f03f40AA000444 sd0: 7680MB, 512 bytes/sector, 15728640 sectors umass1 at uhub1 port 3 configuration 1 interface 0 "HP v222w" rev 2.00/11.00 addr 5 umass1: using SCSI over Bulk-Only scsibus1 at umass1: 2 targets, initiator 0 sd1 at scsibus1 targ 1 lun 0: SCSI2 0/direct removable serial.03f03f40AA000708 sd1: 7680MB, 512 bytes/sector, 15728640 sectors bootfile: sd0a:/bsd boot device: sd0 root on rd0a swap on rd0b dump on rd0b WARNING: CHECK AND RESET THE DATE! --- Regards, Kihaguru
support update
0 C Kenya P Nairobi T Nairobi Z P.O. Box 30164-00100 O Weenode I A Bishops Road M e...@weenode.com U B +254 706970697 X N Ultra-secure Enterprise Internet of Things (EIoT). Speciality in web applications development with OpenBSD-httpd web server, PostgreSQL DBMS, FastCGI protocol and C programming language on OpenBSD/ARM platforms.
Re: support update
Please use the latter submission also copied below to update my profile. Kindly note email has changed. On Tuesday, December 19, 2017, Kihaguru Gathura wrote: > 0 > C Kenya > P Nairobi > T Nairobi > Z P.O. Box 30164-00100 > O PQscript > I > A Bishops Road > M pqscr...@gmail.com > U > B +254 706970697 > X > N OpenBSD consulting. Speciality in web applications > development with OpenBSD-httpd web server, PostgreSQL DBMS, FastCGI protocol and C programming language. >
Re: no registration exists matching provided key
OpenBSD 6.2. precisely as summarised by Scott, however to overcome some pitfalls, full details to get TLS working for your domain www.example.com as follows. 1. Configure httpd.conf to work with your domain example.com as follows: # vi /etc/httpd.conf # $OpenBSD: httpd.conf,v 1.17 2017/04/16 08:50:49 ajacoutot Exp $ # # Macros # ext_addr="*" # # Global Options # # prefork 3 # # Servers # # A minimal default server server "default" { listen on $ext_addr port 80 } # A minimal www.example.com server server "www.example.com" { alias "example.com" listen on $ext_addr port 80 root "/htdocs/www.example.com" location "/.well-known/acme-challenge/*" { root "/acme" root strip 2 directory no auto index } } # Include MIME types instead of the built-in ones types { include "/usr/share/misc/mime.types" } 2. Create root folder for the domain and start httpd server to effect changes: # mkdir /var/www/htdocs/www.example.com # vi /etc/rc.conf.local httpd_flags= # rcctl enable httpd # rcctl start httpd httpd(ok) 3. Configure acme-client for your domain www.example.com domain: # vi /etc/acme-client.conf # # $OpenBSD: acme-client.conf,v 1.4 2017/03/22 11:14:14 benno Exp $ # authority letsencrypt { agreement url " https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"; api url " https://acme-v01.api.letsencrypt.org/directory"; account key "/etc/acme/letsencrypt-privkey.pem" } authority letsencrypt-staging { agreement url " https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"; api url " https://acme-staging.api.letsencrypt.org/directory"; account key "/etc/acme/letsencrypt-staging-privkey.pem" } domain www.example.com { alternative names { example.com } domain key "/etc/ssl/private/example.com.key" domain certificate "/etc/ssl/example.com.crt" domain full chain certificate "/etc/ssl/example.com.fullchain.pem" sign with letsencrypt } 4. Attempt to get the certificates: #acme-client -vvAD www.example.com .. acme-client: https://acme-v01.api.letsencrypt.org/acme/new-reg: bad HTTP: 400 acme-client: transfer buffer: [{ "type": "urn:acme:error:malformed", "detail": "Provided agreement URL [https://lecuments/LE-SA -v1.2-November-15-2017.pdf]", "status": 400 }] (267 bytes) acme-client: bad exit: netproc(71944): 1 5. The agreement URL needs to be updated(replaced) with the one provided in the error message above: # vi /etc/acme-client.conf # # # $OpenBSD: acme-client.conf,v 1.4 2017/03/22 11:14:14 benno Exp $ # authority letsencrypt { # agreement url " https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"; agreement url " https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf"; api url " https://acme-v01.api.letsencrypt.org/directory"; account key "/etc/acme/letsencrypt-privkey.pem" } authority letsencrypt-staging { # agreement url " https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf"; agreement url " https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf";
support update
0 C Kenya P Nairobi T Nairobi Z P.O. Box 30164-00100 O PQscript I A Bishops Road M pqscr...@gmail.com U B +254 706970697 X N OpenBSD consulting. Speciality in web applications development with OpenBSD-httpd web server, PostgreSQL DBMS, FastCGI protocol and C programming language.
support update
0 C Kenya P Nairobi T Nairobi Z P.O. Box 30164-00100 O PQscript I A Bishops Road M pqscr...@gmail.com U B +254 706970697 X N OpenBSD-httpd web server consulting. Specialize in web applications development with PostgreSQL-libpq and FastCGI in C.
Re: Displaying System Uptime via CGI script: not displayed when script is run under chroot.
And finally, Conclusion. (A: Section 6 below: Why is the system uptime string not displayed when the cgi script is run under chroot?) /bin/sh is needed at chroot for command interpretation. (B: Section 4 below: Why does running uptime program under chroot yield time that is not accurate? 6:54PM while the actual time was 9:54PM produced by running uptime as root immediately after.) /etc/localtime is needed at chroot for correct local time. (by Alexander) // # chroot -u www /var/www /cgi-bin/myuptimer.cgi Content-Type: text/plain;charset=us-ascii 1:31PM up 3:24, 1 user, load averages: 0.06, 0.08, 0.08 // However, the cron script workaround (by Raul) should be adopted for security reasons as suggested unanimously. Thanks to all. Kihaguru On Mon, Sep 26, 2016 at 7:19 PM, Stuart Henderson wrote: > On 2016-09-25, Kihaguru Gathura wrote: > > Thank you for ongoing suggestions, The web server in use is OpenBSD httpd > > and on a private network environment in perspective of security concerns. > > Raul's suggestion, "A simple workaround might be to create a cron script > which writes uptime to a file once a minute", seems far saner from a > security point of view than letting anyone who can hit port 80 execute > a program.
Re: Displaying System Uptime via CGI script: not displayed when script is run under chroot.
Thank you for ongoing suggestions, The web server in use is OpenBSD httpd and on a private network environment in perspective of security concerns. Kind regards, Kihaguru. On Sun, Sep 25, 2016 at 11:57 PM, Alceu Rodrigues de Freitas Junior < glasswal...@yahoo.com.br> wrote: > Em 25-09-2016 17:49, Alceu Rodrigues de Freitas Junior escreveu: > >> >> Last, but not least... not sure why C is your language of choice for CGI. >> >> > And looks like you're reinventing the wheel: > https://httpd.apache.org/docs/2.4/mod/mod_status.html
Displaying System Uptime via CGI script: not displayed when script is run under chroot.
Hi All, I have a small problem here. I am unable to display uptime online. THE PROBLEM: A: Section 6 below: Why is the system uptime string not displayed when the cgi script is run under chroot? B: Section 4 below: Why does running uptime program under chroot yield time that is not accurate? 6:54PM while the actual time was 9:54PM produced by running uptime as root immediately after. 1: OpenBSD 5.9 (GENERIC.MP) #1888: Fri Feb 26 01:20:19 MST 2016 2: DIRECTORY PERMISSIONS THE DEFAULT * # cd /var/www # ls -l total 40 drwxr-xr-x 2 root daemon 512 Feb 26 2016 bin drwx-T 2 www daemon 512 Feb 26 2016 cache drwxr-xr-x 3 root daemon 512 Sep 25 21:08 cgi-bin drwxr-xr-x 2 root daemon 512 Aug 16 13:45 conf drwxr-xr-x 4 root daemon 512 Aug 31 10:48 htdocs -rw--- 1 www daemon 69 Aug 27 08:15 htpasswd drwxr-xr-x 2 root daemon 512 Sep 25 00:00 logs drwxr-xr-x 2 root daemon 512 Sep 24 09:44 run drwxr-xr-x 5 root daemon 512 Sep 21 16:38 usr drwxr-xr-x 3 root daemon 512 Sep 24 00:28 var # ** 3: A CGI PROGRAM NAMED MYUPTIMER THAT SHOULD DISPLAY SYSTEM UPTIME. ** # vi /var/www/cgi-bin/myuptimer.c #include int main(void) { printf("Content-Type: text/plain;charset=us-ascii\n\n"); fflush(stdout); system("/usr/bin/uptime"); fflush(stdout); return 0; } ** 4: INSTALLING AND TESTING UPTIME PROGRAM UNDER CHROOT # cp /usr/bin/uptime /var/www/usr/bin # cp /usr/lib/libkvm.so.16.1 /var/www/usr/lib # cp /usr/lib/libc.so.84.2 /var/www/usr/lib # cp /usr/libexec/ld.so /var/www/usr/libexec # cp /var/run/utmp /var/www/var/run # # chroot -u www /var/www uptime 6:54PM up 1 day, 12:09, 2 users, load averages: 0.11, 0.13, 0.18 # # uptime 9:54PM up 1 day, 12:09, 1 user, load average: 0.11, 0.12, 0.13 * 5: RUNNING MYUPTIMER CGI PROGRAM AS ROOT YIELDS GOOD RESULT ** # /var/www/cgi-bin/myuptimer.cgi Content-Type: text/plain;charset=us-ascii 9:54PM up 1 day, 12:10, 1 user, load averages: 0.10, 0.12, 0.17 *** 6: HOWEVER RUNNING MYUPTIMER CGI PROGRAM UNDER CHROOT NOT SO: DISPLAYS OTHER TEXT BUT THE UPTIME STRING IS NOT OUTPUT. ** # chroot -u www /var/www /cgi-bin/myuptimer.cgi Content-Type: text/plain;charset=us-ascii *** Regards, Kihaguru. ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ /var/www/cgi-bin/uptimer.c: unmodified: line 1
Re: support new
Please add me to the support list or advice accordingly. I had made the same request on March 4th and this is a resend. Thank you for the early release of 5.9 ! Forever grateful for the treasure that OpenBSD is. regards, Kihaguru
Fwd: support new
-- Forwarded message -- From: Kihaguru Gathura Date: Fri, Mar 4, 2016 at 9:07 PM Subject: support new To: misc@openbsd.org 0 C Kenya P Nairobi T Nairobi Z P.O Box 51348-00200 O Consultant I Kihaguru Njenga A M kihaguru.nje...@gmail.com U B +254 706970697 X N OpenBSD installations and maintenance. Web applications development with OpenBSD-httpd web server and cgi in c.
support new
0 C Kenya P Nairobi T Nairobi Z P.O Box 51348-00200 O Consultant I Kihaguru Njenga A M kihaguru.nje...@gmail.com U B +254 706970697 X N OpenBSD installations and maintenance. Web applications development with OpenBSD-httpd web server and cgi in c.