Syspatch -R failed after upgrading to 7.0, possible LLVM error

2021-11-04 Thread Liam Martin
Relinking to create unique kernel failed; after applying /var/db/kernel.SHA256 /bsd> and , this 
is what my relink.log looks like:


(SHA256) /bsd: OK
LD="ld" sh makegap.sh 0x gapdummy.o
ld -T ld.script -X --warn-common -nopie -o newbsd ${SYSTEM_HEAD} vers.o 
${OBJS}

LLVM ERROR: out of memory
PLEASE submit a bug report to https://bugs.llvm.org/ and include the 
crash backtrace.

Stack dump:
0.    Program arguments: ld -T ld.script -X --warn-common -nopie -o 
newbsd locore0.o [1946 object files later...] swapgeneric.o

Abort trap (core dumped)
*** Error 134 in /usr/share/relink/kernel/GENERIC.MP (Makefile:1788 
'newbsd': @echo ld -T ld.script -X --warn-common -nopie -o newbsd '${SYS...)


I would include recent dmesg output but it doesn't describe anything 
useful and shows a different problem in itself: Several instances of


wsmouse0 detached
ums0 detached
uhidev0 detached
uhidev0 at uhub0 port 7 configuration 1 interface 0 "Logitech USB 
Optical Mouse" rev 2.00/72.00 addr 2

uhidev0: iclass 3/1
ums0 at uhidev0: 3 buttons, Z dir
wsmouse0 at ums0 mux 0

on repeat.

And here's some sysctl output:

hw.machine=amd64
hw.model=Intel(R) Core(TM) i7-8700 CPU @ 3.20GHz
hw.ncpu=12
hw.byteorder=1234
hw.pagesize=4096
hw.disknames=sd0:c1ee24af7681944d,sd1:,sd2:af97cb0c91508e2d
hw.diskcount=3
...
hw.sensors.softraid0.drive0=online (sd2), OK
hw.cpuspeed=3192
hw.setperf=99
hw.vendor=CyberPowerPC
hw.product=C Series
hw.physmem=17071558656
hw.usermem=17071542272
hw.ncpufound=12
hw.allowpowerdown=1
hw.perfpolicy=manual
hw.smt=1
hw.ncpuonline=12

--
**/slrn is to pan as Purgatory is to Hell/**


OpenPGP_0xCB87D5427864E937.asc
Description: OpenPGP public key


OpenPGP_signature
Description: OpenPGP digital signature


Re: USB athn0 issue in AP mode (AR9280+AR7010) no DHCP leases to modern portable devices

2021-10-24 Thread Martin
Hi Stefan,

Just to check the issue is present, I've done live debug of pf rules to confirm 
that DHCP traffic not blocked. It seems something wrong in obtaining IPv4 
addresses from dhcpd. And problem lies outside pf I suppose.

Martin

‐‐‐ Original Message ‐‐‐
On Saturday, October 23, 2021 8:55 AM, Stefan Sperling  wrote:

> On Fri, Oct 22, 2021 at 06:53:17PM +0000, Martin wrote:
>
> > Hi there!
> > I have an issue with athn USB stick with modern wifi devices like Android 
> > phones etc.
> > I've set up athn0 as previous athn miniPCI-e cards (/etc/hostname.athn0, 
> > /etc/dhcpd.conf, /etc/pf.conf). No IP address given by OpenBSD7.0amd64 
> > host's DHCP for certain device once client has been connected to AP based 
> > on athn USB stick.
> > Tested only with portable devices, not PCs currently.
> > Looking forward to resolve this!
> > Martin
>
> No idea, sorry.




Re: Sony UWA-BR100 patch to recognize AR9280+AR7010 Atheros based USB card

2021-10-24 Thread Martin
Patch has been updated to use correct files and tested on a live system. Please 
add it to tree.

Thanks.

--- if_athn_usb.c.orig  Thu Apr 15 21:25:44 2021
+++ if_athn_usb.c   Thu Oct 21 18:58:08 2021
@@ -91,6 +91,8 @@
   ATHN_USB_FLAG_AR7010 },
{{ USB_VENDOR_PANASONIC, USB_PRODUCT_PANASONIC_N5HBZ055 },
   ATHN_USB_FLAG_AR7010 },
+   {{ USB_VENDOR_MELCO, USB_PRODUCT_MELCO_UWABR100 },
+  ATHN_USB_FLAG_AR7010 },
{{ USB_VENDOR_VIA, USB_PRODUCT_VIA_AR9271 }}
 };
 #define athn_usb_lookup(v, p)  \


--- usbdevs.origWed Sep  1 01:55:56 2021
+++ usbdevs Sun Oct 24 17:03:13 2021
@@ -3079,6 +3079,7 @@
 product MELCO WLIUCGNHP0x0158  WLI-UC-GNHP
 product MELCO WLIUCGN  0x015d  WLI-UC-GN
 product MELCO WLIUCG301N   0x016f  WLI-UC-G301N
+product MELCO UWABR100 0x017f  SONY UWA-BR100
 product MELCO WLIUCGNM 0x01a2  WLI-UC-GNM
 product MELCO WLIUCGNM20x01ee  WLI-UC-GNM2


‐‐‐ Original Message ‐‐‐
On Saturday, October 23, 2021 8:55 AM, Stefan Sperling  wrote:

> On Fri, Oct 22, 2021 at 07:02:20PM +0000, Martin wrote:
>
> > Hi Stefan,
> > Dev. patches to implement into source tree to recognize automatically Sony 
> > UWA-BR100 devices based on AR9280+AR7010.
>
> This patch is changing the wrong files.
> It should change the files 'usbdevs' and if_athn_usb.c only.
>
> usbdevs.h is a generated file, it should not be patched.
> It can be re-generated by running 'make' in the sys/dev/usb directory.
>
> > --- if_athn_usb.c.orig Tue Jun 8 15:29:31 2021
> > +++ if_athn_usb.c Tue Jun 8 15:34:11 2021
> > @@ -91,6 +91,8 @@
> > ATHN_USB_FLAG_AR7010 },
> > {{ USB_VENDOR_PANASONIC, USB_PRODUCT_PANASONIC_N5HBZ055 },
> > ATHN_USB_FLAG_AR7010 },
> >
> > -   {{ USB_VENDOR_MELCO, USB_PRODUCT_MELCO_UWABR100 },
> > -   ATHN_USB_FLAG_AR7010 },
> > {{ USB_VENDOR_VIA, USB_PRODUCT_VIA_AR9271 }}
> > };
> > #define athn_usb_lookup(v, p) \
> > --- usbdevs.h.orig Tue Jun 1 09:40:48 2021
> > +++ usbdevs.h Tue Jun 8 15:30:51 2021
> > @@ -3077,6 +3077,7 @@
> > #define USB_PRODUCT_MELCO_WLIUCGNHP 0x0158 /* WLI-UC-GNHP /
> > #define USB_PRODUCT_MELCO_WLIUCGN 0x015d / WLI-UC-GN /
> > #define USB_PRODUCT_MELCO_WLIUCG301N 0x016f / WLI-UC-G301N /
> > +#define USB_PRODUCT_MELCO_UWABR100 0x017f / SONY UWA-BR100 /
> > #define USB_PRODUCT_MELCO_WLIUCGNM 0x01a2 / WLI-UC-GNM /
> > #define USB_PRODUCT_MELCO_WLIUCGNM2 0x01ee / WLI-UC-GNM2 */Thanks for 
> > your attention.
> > Martin
> >




Sony UWA-BR100 patch to recognize AR9280+AR7010 Atheros based USB card

2021-10-22 Thread Martin
Hi Stefan,

Dev. patches to implement into source tree to recognize automatically Sony 
UWA-BR100 devices based on AR9280+AR7010.

--- if_athn_usb.c.orig  Tue Jun  8 15:29:31 2021
+++ if_athn_usb.c   Tue Jun  8 15:34:11 2021
@@ -91,6 +91,8 @@
   ATHN_USB_FLAG_AR7010 },
{{ USB_VENDOR_PANASONIC, USB_PRODUCT_PANASONIC_N5HBZ055 },
   ATHN_USB_FLAG_AR7010 },
+   {{ USB_VENDOR_MELCO, USB_PRODUCT_MELCO_UWABR100 },
+  ATHN_USB_FLAG_AR7010 },
{{ USB_VENDOR_VIA, USB_PRODUCT_VIA_AR9271 }}
 };
 #define athn_usb_lookup(v, p)  \

--- usbdevs.h.orig  Tue Jun  1 09:40:48 2021
+++ usbdevs.h   Tue Jun  8 15:30:51 2021
@@ -3077,6 +3077,7 @@
 #defineUSB_PRODUCT_MELCO_WLIUCGNHP 0x0158  /* WLI-UC-GNHP 
*/
 #defineUSB_PRODUCT_MELCO_WLIUCGN   0x015d  /* WLI-UC-GN */
 #defineUSB_PRODUCT_MELCO_WLIUCG301N0x016f  /* WLI-UC-G301N 
*/
+#defineUSB_PRODUCT_MELCO_UWABR100  0x017f  /* SONY 
UWA-BR100 */
 #defineUSB_PRODUCT_MELCO_WLIUCGNM  0x01a2  /* WLI-UC-GNM */
 #defineUSB_PRODUCT_MELCO_WLIUCGNM2 0x01ee  /* WLI-UC-GNM2 
*/


Thanks for your attention.

Martin



USB athn0 issue in AP mode (AR9280+AR7010) no DHCP leases to modern portable devices

2021-10-22 Thread Martin
Hi there!

I have an issue with athn USB stick with modern wifi devices like Android 
phones etc.

I've set up athn0 as previous athn miniPCI-e cards (/etc/hostname.athn0, 
/etc/dhcpd.conf, /etc/pf.conf). No IP address given by OpenBSD7.0amd64 host's 
DHCP for certain device once client has been connected to AP based on athn USB 
stick.

Tested only with portable devices, not PCs currently.

Looking forward to resolve this!

Martin




amd64 7.0 release where can I find original (patched) gcc 4x?

2021-10-22 Thread Martin
Hi there!

After upgrading from source, there is no gcc installed into appropriate 
location.

It seems it was disabled Base-GCC on the amd64 architecture. Mutt require 
default gcc for some plugins, and some progs need it too.

I have installed eggc (GCC 8x), but how to enable original OpenBSD patched GCC 
4x as default compiler?

Any suggestions can help!

Martin



How to set apparently number of VCPUs in VMM

2021-10-16 Thread Martin
Hi there!

In release notes it seems we can set more than one vCPU for guests running. The 
question is how to set it in vm.conf to achieve better performance for existed 
VMs?

Martin



Re: dhcp issues

2021-07-18 Thread Martin
Hi,

I confirm that dhclient don't read(apply) /etc/dhclient.conf configuration 
beginning from 6.9am64 and set in /etc/resolv.conf ISP search domain and 
nameserver(s) even without any complex setup in name resolution:

$ cat /etc/resolv.conf
search domain.name
nameserver ISP.nameserver
nameserver 127.0.0.1
lookup file bind

$ cat /etc/dhclient.conf
timeout 30;
retry 1;
reboot 3;
select-timeout 0;
backoff-cutoff 2;
initial-interval 1;

interface "re1" {
send dhcpd-lease-time 3600;
supersede dhcp-server-identifier 255.255.255.255;
supersede domain-name-servers 127.0.0.1;
request
subnet-mask,
broadcast-address,
routers;
require
routers,
subnet-mask;
ignore
host-name,
domain-name,
domain-search,
domain-name-servers,
interface-mtu,
ntp-servers,
time-offset;
}

/etc/dhclient.conf explicitly set to ignore "domain-search, 
domain-name-servers" from ISP but actually they both in first place of 
/etc/resolv.conf and update every time once IP address is assigned.

>From my observations, the behavior of ignoring /etc/dhclient.conf parameters 
>by dhclient appeared since 6.8amd64 was upgraded to 6.9amd64.

Hope this helps to find the issue.

Martin

‐‐‐ Original Message ‐‐‐
On Saturday, July 17, 2021 1:57 AM, Sonic  wrote:

> Having some issues after a sysupgrade to the latest snapshot (of this
> writing) - OpenBSD 6.9-current (GENERIC.MP) #131.
>
> Seems the base change to dhcpleased/resolvd has presented some issues.
> Pf does not start on boot as it claims my dhcp interface has no
> address, however after logging in I can load pf and almost resume
> normal operations. Apparently the interface does get an IP address,
> but the start of pf doesn't wait for it.
> Almost, because my supersedes, etc. in /etc/dhclient.conf are
> completely ignored.
> The only workaround I found was to disable resolvd so I could manually
> propagate /etc/resolv.conf without it being overwritten.




Re: terraform aws, got a problem I did not expect

2021-06-28 Thread Martin
Finally built all the providers I need for GCP, AWS, and local from Go sources 
and put them in appropriate place to look by Terraform.

Works like a charm with modern providers. It seems it isn't needed to put them 
into ports, but having builds for openbsd_amd64 in Terraform repo should be 
fine to download it automatically.

Martin

‐‐‐ Original Message ‐‐‐
On Saturday, June 26, 2021 11:29 PM, jslee  wrote:

> On Sun, 27 Jun 2021, at 02:06, Gregory Edigarov wrote:
>
> > I remember that for earlier versions of terraform all providers were
> > available as  OpenBSD packages/ports, that is now changed.
> > $ terraform init  
> > Initializing the backend...
> > Initializing provider plugins...
> >
> > -   Finding latest version of hashicorp/aws...
> >   Error: Incompatible provider version
> >   Provider registry.terraform.io/hashicorp/aws v3.47.0 does not have a
> > package available for your current platform, openbsd_amd64.
> >
>
> This is a very recent version of the AWS provider, which suggests to me that 
> you haven’t pinned your provider versions in the provider declarations. I 
> recommend doing that
>
> > How am I supposed to get providers ? May be a community have  one that
> > works under OpenBSD?
>
> It sounds like Hashicorp don’t provide binaries, so you’ll need to install a 
> Go toolchain and build them
>
> John




Re: go-1.16.2 out of memory when building Go written program

2021-06-23 Thread Martin
I've set ulimit -d 400

All builds have been done fine once changed.

Martin


Sent with ProtonMail Secure Email.

‐‐‐ Original Message ‐‐‐
On Wednesday, June 23, 2021 6:15 PM, Sven F.  wrote:

> On Wed, Jun 23, 2021 at 2:03 PM Martin martin...@protonmail.com wrote:
>
> > Hi list,
> > I try to build terraform-provider-aws and terraform-provider-google.
> > $ go build
> > produces an error "out of memory" .
> > May it be malloc related issue or how to fix it in other way?
> > Thank you for answer in advance.
> > Martin
>
> man login.conf
>
> -
>
> --
>
> ---
>
> Knowing is not enough; we must apply. Willing is not enough; we must do




go-1.16.2 out of memory when building Go written program

2021-06-23 Thread Martin
Hi list,

I try to build terraform-provider-aws and terraform-provider-google.

$ go build

produces an error "out of memory" .

May it be malloc related issue or how to fix it in other way?

Thank you for answer in advance.

Martin



Re: vmctl start: vm command failed: Operation already in progress (no one VM run in the same time)

2021-05-25 Thread Martin
Hi Dave,

You're right, name of VM is the same like in vm.conf. VM with different name 
starts correctly. But the message about 'operation already in progress' 
slightly confuses me.

Martin

‐‐‐ Original Message ‐‐‐
On Tuesday, May 25, 2021 10:57 AM, Dave Voutila  wrote:

> Martin martin...@protonmail.com writes:
>
> > Try to start VM from previously (<6.9) working command as below:
> > $ doas /usr/sbin/vmctl start -m 8G -c -n vmlan -d /path/to/vm.qcow2 vm
> > Now I have trouble with it on 6.9amd64 with 1-5 patches installed.
> > $ doas rcctl status vmd
> > vmd(ok)
> > command above returns:
> > vmctl start: vm command failed: Operation already in progress
>
> Common cause of this is having the vm already defined in vm.conf. Run
> vmd with verbose logging, ideally in the foreground, and please share
> the output.
>
> > Even if "$ vmctl check" shows ALL machines are stopped
> > if I stopped vmd I see proper error with non active vmd.sock
> > $ doas rcctl stop vmd
> > vmd(ok)
> > vmctl: connect: /var/run/vmd.sock: connection refused




vmctl start: vm command failed: Operation already in progress (no one VM run in the same time)

2021-05-25 Thread Martin
Hi list,

Try to start VM from previously (<6.9) working command as below:

$ doas /usr/sbin/vmctl start -m 8G -c -n vmlan -d /path/to/vm.qcow2 vm

Now I have trouble with it on 6.9amd64 with 1-5 patches installed.

$ doas rcctl status vmd
vmd(ok)

command above returns:
vmctl start: vm command failed: Operation already in progress

Even if "$ vmctl check" shows ALL machines are stopped

if I stopped vmd I see proper error with non active vmd.sock
$ doas rcctl stop vmd
vmd(ok)

vmctl: connect: /var/run/vmd.sock: connection refused

Any suggestions can help.

Martin




Re: Relayd TLS inspection and SNI

2021-05-21 Thread Martin
Hi,

MITM is an ancient attack technique and it is not a good idea because it breaks 
original cert chain. So client (application) will see that cert is different on 
its end. Most people and apps reject connection to a resource with fake cert 
which you're going to send to them.

But you can use Squid for MITM as Stuart recommended, from my side 
HaProxy/Nginx can help you too to do this. For SNI Snort/Suricata can be useful 
but for TLS up to v1.2 only.

Sniffing the traffic that way is a bad idea, most of services uses TLSv1.3 with 
encrypted SNI. So your work will disappear in months.

Martin

‐‐‐ Original Message ‐‐‐
On Friday, May 21, 2021 7:08 AM, Stuart Henderson  wrote:

> On 2021-05-18, BS Daemon b...@post.com wrote:
>
> >I like using the base OpenBSD utilities, and was
> >
> >
> > wondering if I'm doing something wrong, if relayd could be made to
> > support SNI for man-in-the-middle, or if there is an alternative
> > tool for doing this which would work.
>
> I can't help with relayd, but this does work with squid (and you can
> filter on user-agent in ACLs).




Re: Increase optical mouse/Synaptics touchpad speed in X11/spectrwm

2021-05-19 Thread Martin
Hi,

This command I'm looking for. Works great.

Martin

‐‐‐ Original Message ‐‐‐
On Monday, May 17, 2021 7:44 PM, Jonathan Thornburg  
wrote:

> In message https://marc.info/?l=openbsd-misc=162125055304096=1,
> Martin  asks how people adjust pointer
>
> speed on touchpads/mice/etc.
>
> I use 'xset': my .xinitrc contains the line
>
> xset m 1/4
>
> --
>
> -- "Jonathan Thornburg [remove -animal to reply]" 
> jth...@astro.indiana-zebra.edu
> Dept of Astronomy & IUCSS, Indiana University, Bloomington, Indiana, USA
> currently on the west coast of Canada
> "There was of course no way of knowing whether you were being watched
> at any given moment. How often, or on what system, the Thought Police
> plugged in on any individual wire was guesswork. It was even conceivable
> that they watched everybody all the time." -- George Orwell, "1984"




Re: Error making 002_libx11.patch.sig

2021-05-19 Thread Martin
Hi,

According to https://www.openbsd.org/faq/faq5.html#Xbld you should set right 
permissions and owner to your /usr/xobj directory as:

The object directory /usr/xobj should be empty and owned by build:wobj with 
mode 770.

and make the patch 002 according to:
# cd /usr/xenocara/lib/libX11
# make -f Makefile.bsd-wrapper obj
# make -f Makefile.bsd-wrapper build

Martin

‐‐‐ Original Message ‐‐‐
On Wednesday, May 19, 2021 1:42 AM, Theo de Raadt  wrote:

> You are not building using the correct procedure.
>
> Sorry, we don't have time to teach that.
>
> Please use the syspatches, or the snapshots, or learn to do full builds.
>
> The latter is fully documented in manual pages, and reaching for the
> mailing list is inappropriate.
>
> Jonathan Drews jdr...@mail.com wrote:
>
> > OpenBSD 6.9 GENERIC.MP#473 amd64
> > Hi Folks:
> > I am trying to patch Xenocara with 002_libx11.patch.sig. I first
> > applied make -f Makefile.bsd-wrapper obj. Afterwards
> > I get the following error message when I do make -f
> > Makefile.bsd-wrapper build:
> > checking that generated files are newer than configure... done
> > configure: creating ./config.status
> > config.status: creating Makefile
> > config.status: creating include/Makefile
> > rm: include/Makefile: Permission denied
> > config.status: error: could not create include/Makefile
> > *** Error 1 in . (/usr/X11R6/share/mk/bsd.xorg.mk:158
> > 'config.status')
> > *** Error 2 in /usr/xenocara/lib/libX11
> > (/usr/X11R6/share/mk/bsd.xorg.mk:196 'build')
> > my /usr/include has the following permissions
> > jack# ls -lhd /usr/include/
> > drwxr-xr-x 32 root bin 3.0K May 1 20:24 /usr/include/
> > My xenocara directory has the following permissions
> > jack# ls -lhd /usr/xenocara/
> > drwxr-xr-x 16 root wheel 512B Apr 17 16:16 /usr/xenocara/
> > Any ideas as to what I am doing wrong?
> > Kind regards,
> > Jonathan




Increase optical mouse/Synaptics touchpad speed in X11/spectrwm

2021-05-17 Thread Martin
Hi list,

I've tried to speed up pointer by:

xinput --set-prop 'USB MOUSE' 'CoordinateTransformation Matrix' 2 0 0 0 2 0 0 0 
1.5

no effect.

How do people adjust pointer speed on their touchpads and mouses?

Martin



Re: VMM 6.9amd64 host video acceleration

2021-05-17 Thread Martin


Hi James,

Yes, packages are in sync with 6.9/packages.

The computer is relatively modern based on AMD Ryzen 4750U with integrated 
Radeon Graphics.

Radeon uses 
http://firmware.openbsd.org/firmware/6.9/amdgpu-firmware-20201218.tgz from 
/etc/firmware/amdgpu

So LibGL should load by MESA-LOADER: /usr/X11R6/lib/modules/dri without 
problems as I think. The firmware is actual and supports integrated Radeon 
since 6.9.

Maybe somebody knows what can affect on LibGl? I can't determine root of the 
problem.

Martin

‐‐‐ Original Message ‐‐‐
On Sunday, May 16, 2021 1:08 PM, James Cook  wrote:

> On Thu, May 13, 2021 at 10:00:11AM +0000, Martin wrote:
>
> > By the way,
> > While running Firefox on OpenBSD host I have repeatedly appearing console 
> > messages like below:
> > ###!!! [Parent][MessageChannel] Error: 
> > (msgtype=0x6A0008,name=PMessagePort::Msg___delete__) Channel closing: too 
> > late to send/recv, messages will be lost
> > ###!!! [Parent][RunMessage] Error: Channel closing: too late to send/recv, 
> > messages will be lost
> > LibGl error: MESA-LOADER: failed to open radeonsi (search path 
> > /usr/X11R6/lib/modules/dri
> > LibGl error: failed to load driver: radeonsi
> > LibGl error: MESA-LOADER: failed to open swrast (search path 
> > /usr/X11R6/lib/modules/dri)
> > LibGl error: failed to load driver: swrast
> > Any advice is this normal or not?
> > Martin
>
> On my system at least, firefox tends to output some errrors on the
> console. I think some involved "Channel closing". If it would help, I
> can keep more careful track and report them to the list.
>
> The LibGl errors look less familiar. Stab in the dark: are your ports
> and system in sync? (I always run pkg_add -u after upgrading to a new
> snapshot.)
>
> 
>
> James




Re: VMM 6.9amd64 host video acceleration

2021-05-13 Thread Martin
By the way,

While running Firefox on OpenBSD host I have repeatedly appearing console 
messages like below:

###!!! [Parent][MessageChannel] Error: 
(msgtype=0x6A0008,name=PMessagePort::Msg___delete__) Channel closing: too late 
to send/recv, messages will be lost

###!!! [Parent][RunMessage] Error: Channel closing: too late to send/recv, 
messages will be lost

LibGl error: MESA-LOADER: failed to open radeonsi (search path 
/usr/X11R6/lib/modules/dri
LibGl error: failed to load driver: radeonsi
LibGl error: MESA-LOADER: failed to open swrast (search path 
/usr/X11R6/lib/modules/dri)
LibGl error: failed to load driver: swrast

Any advice is this normal or not?

Martin

‐‐‐ Original Message ‐‐‐
On Wednesday, May 12, 2021 1:43 PM, Dave Voutila  wrote:

> Martin writes:
>
> > Hi list,
> > Just wonder how to enable video acceleration on VMM guest's side (Debian) 
> > if it was possible. Maybe PCIe passthru should be present for that purpose?
>
> There is nothing to accelerate: vmd(8) doesn't emulate a display or
> video device. vmm(4) doesn't support pass-through to host hardware
> either.
>
> -dv




Re: VMM 6.9amd64 host video acceleration

2021-05-12 Thread Martin
I use TigerVNC server on the Linux VM (Debian) plus dummy video driver and 
compiled vmm kernel modules for clock in sync and network...
https://github.com/voutilad/virtio_vmmci
https://github.com/voutilad/vmm_clock

On the OpenBSD host TigerVNC viewer has been installed.

Works absolutely amazing, like a physical computer.

For completely headless system I'd prefer OpenBSD and Alpine on VM. It depends 
on goals.

Martin

‐‐‐ Original Message ‐‐‐
On Wednesday, May 12, 2021 6:49 PM, David Anthony  
wrote:

> Hi Martin,
>
> Do you have any notes on how to view Linux GUI apps running on OpenBSD VMM?
>
> For instance, say I wanted to develop code on Debian w/ Visual Studio
> Code, and wanted to edit / view VS Code app from my host OpenBSD machine.
>
> Does that make sense?
>
> -David




Re: VMM 6.9amd64 host video acceleration

2021-05-12 Thread Martin
No Window'es or Linux'es on the hosts, just OpenBSD. Anyway, Debian works great 
on VMM, except the question's topic thing. Thank you for your attention)

Martin

‐‐‐ Original Message ‐‐‐
On Wednesday, May 12, 2021 6:25 PM, Theo de Raadt  wrote:

> I am terribly sorry you aren't satisfied with what is possible in OpenBSD,
> and will have to return to a Linux or Windows environment.
>
> Martin martin...@protonmail.com wrote:
>
> > Hi Theo,
> > Sure, for online videos I'm using OpenBSD host with appropriate browser 
> > installed. Just wonder about VMM to move all 'potentially dangerous' things 
> > to a linux VM and remove any browsers from the host.
> > Martin
> > ‐‐‐ Original Message ‐‐‐
> > On Wednesday, May 12, 2021 6:07 PM, Theo de Raadt dera...@openbsd.org wrote:
> >
> > > Have you considered using a real computer?
> > > Martin martin...@protonmail.com wrote:
> > >
> > > > Hi Dave,
> > > > Can you recommend any way to see online videos without shuttering? 
> > > > Modern CPUs can't smoothly play it in software emulation, unfortunately.
> > > > Martin
> > > > ‐‐‐ Original Message ‐‐‐
> > > > On Wednesday, May 12, 2021 1:43 PM, Dave Voutila d...@sisu.io wrote:
> > > >
> > > > > Martin writes:
> > > > >
> > > > > > Hi list,
> > > > > > Just wonder how to enable video acceleration on VMM guest's side 
> > > > > > (Debian) if it was possible. Maybe PCIe passthru should be present 
> > > > > > for that purpose?
> > > > >
> > > > > There is nothing to accelerate: vmd(8) doesn't emulate a display or
> > > > > video device. vmm(4) doesn't support pass-through to host hardware
> > > > > either.
> > > > > -dv




Re: VMM 6.9amd64 host video acceleration

2021-05-12 Thread Martin
Hi Mike,

Did it already as you replied.

Thanks.

Martin

‐‐‐ Original Message ‐‐‐
On Wednesday, May 12, 2021 6:20 PM, Mike Larkin  wrote:

> On Wed, May 12, 2021 at 06:06:14PM +0000, Martin wrote:
>
> > Hi Dave,
> > Can you recommend any way to see online videos without shuttering? Modern 
> > CPUs can't smoothly play it in software emulation, unfortunately.
>
> pkg_add youtube-dl
>
> pkg_add firefox (or chrome, etc)
>
> What's the problem here? Are you trying to watch 8k 240Hz videos or something?
>
> > Martin
> > ‐‐‐ Original Message ‐‐‐
> > On Wednesday, May 12, 2021 1:43 PM, Dave Voutila d...@sisu.io wrote:
> >
> > > Martin writes:
> > >
> > > > Hi list,
> > > > Just wonder how to enable video acceleration on VMM guest's side 
> > > > (Debian) if it was possible. Maybe PCIe passthru should be present for 
> > > > that purpose?
> > >
> > > There is nothing to accelerate: vmd(8) doesn't emulate a display or
> > > video device. vmm(4) doesn't support pass-through to host hardware
> > > either.
> > > -dv




Re: VMM 6.9amd64 host video acceleration

2021-05-12 Thread Martin
Hi Theo,

Sure, for online videos I'm using OpenBSD host with appropriate browser 
installed. Just wonder about VMM to move all 'potentially dangerous' things to 
a linux VM and remove any browsers from the host.

Martin

‐‐‐ Original Message ‐‐‐
On Wednesday, May 12, 2021 6:07 PM, Theo de Raadt  wrote:

> Have you considered using a real computer?
>
> Martin martin...@protonmail.com wrote:
>
> > Hi Dave,
> > Can you recommend any way to see online videos without shuttering? Modern 
> > CPUs can't smoothly play it in software emulation, unfortunately.
> > Martin
> > ‐‐‐ Original Message ‐‐‐
> > On Wednesday, May 12, 2021 1:43 PM, Dave Voutila d...@sisu.io wrote:
> >
> > > Martin writes:
> > >
> > > > Hi list,
> > > > Just wonder how to enable video acceleration on VMM guest's side 
> > > > (Debian) if it was possible. Maybe PCIe passthru should be present for 
> > > > that purpose?
> > >
> > > There is nothing to accelerate: vmd(8) doesn't emulate a display or
> > > video device. vmm(4) doesn't support pass-through to host hardware
> > > either.
> > > -dv




Re: spamd IPv6 listener 6.9amd64

2021-05-12 Thread Martin
Hi Peter,

Great book of PF. I've read it early in 2015, very useful.

Since last updates all the incoming connections to my mail servers are IPv6, 
unfortunately. Just before the updates it was IPv4, so spamd has been used for 
all the incoming connections outside whitelists of known peers. Works like a 
charm.

Now I'm looking forward to exchange spamd to rspamd (it has DKIM signing 
functionality) to replace spamd and dkimproxy which working in current 
configuration.

Hope it can provide required functionality for IPv6 networks.

Martin

‐‐‐ Original Message ‐‐‐
On Wednesday, May 12, 2021 4:47 PM, Peter Nicolai Mathias Hansteen 
 wrote:

> > 12.  mai 2021 kl. 15:24 skrev Martin martin...@protonmail.com:
> >
> > Hi list,
> > I can't find in spamd(8) how to enable IPv6 listener in addition to IPv4 
> > one.
> > Is it possible to set spamd(8) to listen on both IPv4 and IPv6?
>
> Unfortunately spamd is IPv4 only.
>
> Back in the day (2014ish?, about the time I was finishing up the 3rd ed of 
> The Book of PF) there was talk of and possibly even an ambition of making it 
> IPv6 capable. I remember discussing some of this with phessler at the time 
> and left the descriptions in the book somewhat vague on the matter, hoping to 
> get back to the issue soon. However I never saw code ready for testing.
>
> I was under the impression that one of the hurdles to overcome was to define 
> a sane version of greylisting to implement for IPv6 with its much larger set 
> of addresses. But there could easily have been other issues that affected the 
> effort.
>
> So until other news on the matter turns up, it is better to rdr-to port spamd 
> only for inet, not inet6.
>
> All the best,
> Peter
>
> —
> Peter N. M. Hansteen, member of the first RFC 1149 implementation team
> http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
> "Remember to set the evil bit on all malicious network traffic"
> delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.




Re: VMM 6.9amd64 host video acceleration

2021-05-12 Thread Martin
Hi Dave,

Can you recommend any way to see online videos without shuttering? Modern CPUs 
can't smoothly play it in software emulation, unfortunately.

Martin

‐‐‐ Original Message ‐‐‐
On Wednesday, May 12, 2021 1:43 PM, Dave Voutila  wrote:

> Martin writes:
>
> > Hi list,
> > Just wonder how to enable video acceleration on VMM guest's side (Debian) 
> > if it was possible. Maybe PCIe passthru should be present for that purpose?
>
> There is nothing to accelerate: vmd(8) doesn't emulate a display or
> video device. vmm(4) doesn't support pass-through to host hardware
> either.
>
> -dv




spamd IPv6 listener 6.9amd64

2021-05-12 Thread Martin
Hi list,

I can't find in spamd(8) how to enable IPv6 listener in addition to IPv4 one.

Is it possible to set spamd(8) to listen on both IPv4 and IPv6?

Martin



VMM 6.9amd64 host video acceleration

2021-05-12 Thread Martin
Hi list,

Just wonder how to enable video acceleration on VMM guest's side (Debian) if it 
was possible. Maybe PCIe passthru should be present for that purpose?

virtio_vmmci and vmm_clock kernel driver modules doesn't help.

Martin




Re: 6.9 on VMware Workstation networking issues

2021-05-12 Thread Martin
Hi,

Please consider to move to VirtualBox. No any problems with networking at all 
on any host platform. Network works fine using OpenBSD VMM hypervisor too.

Martin

‐‐‐ Original Message ‐‐‐
On Wednesday, May 12, 2021 9:48 AM, Moritz Grimm  
wrote:

> Hi Masato,
>
> Thanks for checking. I'm currently stuck with Workstation Pro 15.5.7
> build-17171714.
> It seems likely that it is an interaction between Workstation and some
> changes between 6.8 and 6.9 that causes this regression. It's not clear
> whose fault it is for this misbehavior. However, none of the previous
> OpenBSD versions, various Linux distros, and Windows VMs I'm running
> exhibit this.
> It would be interesting to know, if there is more than just ENOBUFS and
> high Ofail numbers that I could look for to pinpoint the root cause ...
>
> Best regards,
> -Moritz
>
> On 12.05.21 11:14, Masato Asou wrote:
>
> > I've also tried VMware Workstation 16 Player on Windows10 Pro and the
> > netowrk is working fine.
> >
> > ---
> >
> > ASOU Masato
> > From: Masato Asou a...@soum.co.jp
> > Date: Wed, 12 May 2021 12:51:48 +0900 (JST)
> >
> > > Hi Moritz,
> > > I upgraded with the following command on my OpenBSD 6.8 release, and
> > > the network is working fine.
> > > $ doas sysupgrade
> > > I am using ESXi 6.7 and VMware Fusion 12.1.1 and em0 both environment,
> > > and network is working fine both environment.
> > >
> > > Isn't it a VMware Workstation problem?
> > > Can you try VirtualBox?
> > >
> > > ---
> > >
> > > ASOU Masato
> > > From: Moritz Grimm mgmlist...@mrsserver.net
> > > Date: Wed, 12 May 2021 00:32:42 +0200
> > >
> > > > Hi,
> > > > Networking has become unusable in all of my virtual installs of 6.9 on
> > > > VMware Workstation after an (otherwise uneventful) sysupgrade from 6.8
> > > > to 6.9. They've been working for years and I've upgraded them several
> > > > times without any issues so far.
> > > > netstat -ni shows a huge number of Ofail and ping almost always prints
> > > > and error from sendmsg ("No buffer space available"), but the
> > > > occasional ping and DNS lookup does go through (at a success rate of
> > > > <5%). These are the only error messages I am getting.
> > > > I'm using vmx(4), but also tried em(4) without any success.
> > > > None of the upgrade69.html configuration changes are applicable, and
> > > > my pf.conf parses without errors in 6.9.
> > > > The dmesg output (from version 6.8 below) is almost identical in 6.9,
> > > > which just shows slightly less memory available.
> > > > I've run out of debugging ideas and would appreciate some help. My
> > > > only "solution" right now was to revert to a 6.8 snapshot. I'm also a
> > > > bit worried that I might run into similar issues on my bare metal
> > > > installs (which are all "production"), so I haven't tried those, yet.
> > > > Thanks,
> > > > -Moritz
> > > > OpenBSD 6.8 (GENERIC.MP) #5: Mon Feb 22 04:36:10 MST 2021
> > > > r...@syspatch-68-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> > > > real mem = 519962624 (495MB)
> > > > avail mem = 489213952 (466MB)
> > > > random: good seed from bootblocks
> > > > mpath0 at root
> > > > scsibus0 at mpath0: 256 targets
> > > > mainbus0 at root
> > > > bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe0010 (620 entries)
> > > > bios0: vendor Phoenix Technologies LTD version "6.00" date 02/27/2020
> > > > bios0: VMware, Inc. VMware Virtual Platform
> > > > acpi0 at bios0: ACPI 4.0
> > > > acpi0: sleep states S0 S1 S4 S5
> > > > acpi0: tables DSDT FACP BOOT APIC MCFG SRAT HPET WAET
> > > > acpi0: wakeup devices PCI0(S3) USB_(S1) P2P0(S3) S1F0(S3) S2F0(S3)
> > > > S8F0(S3) S16F(S3) S17F(S3) S18F(S3) S22F(S3) S23F(S3) S24F(S3)
> > > > S25F(S3) PE40(S3) S1F0(S3) PE50(S3) [...]
> > > > acpitimer0 at acpi0: 3579545 Hz, 24 bits
> > > > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> > > > cpu0 at mainbus0: apid 0 (boot processor)
> > > > cpu0: Intel(R) Core(TM) i7-9850H CPU @ 2.60GHz, 2593.36 MHz, 06-9e-0d
> > > > cpu0:
> > > > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,AP

Re: OpenBSD 6.9 ports upgrade failures

2021-05-12 Thread Martin
Hi,

Do you mean packages upgrade by using command:

$ doas pkg_add -uvi ?

If yes, you can remove failed packages for upgrade and reinstall them manually 
by the command:

$ doas pkg_add package_name

Martin

‐‐‐ Original Message ‐‐‐
On Wednesday, May 12, 2021 9:06 AM, Артём Мазуров  
wrote:

> Hello.
> I'm trying to upgrade ports after upgrading os to 6.9, but I get a lot
> of failures from various packages and I don't know how to approach them.
> One of those packages is python-3.8.6p0 -> python-3.8.8p0.
>
> > quirks-4.9 signed on 2021-05-11T16:31:32Z
> > Can't install python-3.8.8p0 because of libraries
> > |library ssl.48.2 not found
> > | /usr/lib/libssl.so.48.1 (system): minor is too small
> > | /usr/lib/libssl.so.49.0 (system): bad major
> > Direct dependencies for python-3.8.6p0->3.8.8p0 resolve to libffi-3.3
> > sqlite3-3.35.5 gettext-runtime-0.21p1 bzip2-1.0.8p0 xz-5.2.5>Full
> > dependency tree is sqlite3-3.35.5 gettext-runtime-0.21p1 xz-5.2.5
> > bzip2-1.0.8p0 libiconv-1.16p0 libffi-3.3
> > Couldn't find updates for python-3.8.6p0
> > Couldn't install python-3.8.8p0
>
> What should I make of this ?




Re: Bidirectional audio between OpenBSD sndiod <-> Debian pulseaudio

2021-05-10 Thread Martin
Hi,

Great experience! But I have no possibility to recompile each sound producer 
software to have sndio support.

So my way is to use additional layer of well implemented sound architecture and 
it add additional layer to sound system for sure.

I've tried to use alsa-sndio module from https://github.com/Duncaen/alsa-sndio

Module builds successfully, but

$ sudo alsactl init
returns it can't find any audio hardware (Debian system is headless and run on 
VM).

Tried to add snd-dummy module from 
https://www.alsa-project.org/main/index.php/Matrix:Module-dummy
$ sudo modprobe snd-dummy

$ sudo alsactl init
Found hardware: "Dummy" "Dummy Mixer" "" "" ""

But how to output from alsa-sndio module using alsa is not clear for me.

I've created /etc/asound.conf as required by developers of alsa-sndio module.

$ cat /etc/asound.conf
pcm.!default (
 type sndio
 device "snd@192.168.33.1/0"

alsa don't use this config.

Do you have some experience how to use alsa modules to iteract with OpenBSD 
sndiod server?

Martin

‐‐‐ Original Message ‐‐‐
On Sunday, May 9, 2021 9:49 AM, Alexandre Ratchov  wrote:

> On Sat, May 08, 2021 at 10:29:35AM +, Martin wrote:
>
> > Hi list,
> > It is great to have bidirectional audio between OpenBSD host and Debian 
> > guest (headless). I hope I move in a right way to make this thing working.
> > Required configuration:
> > mic-in on OpenBSD host >> Debian VMM guest
> > audio-out from Debian VMM guest >> OpenBSD host
> > Does anybody using pulseaudio or any other driver to have
> > bidirectional network audio stream between VMM guest and OpenBSD
> > host system?
>
> Hi,
>
> These days I use a simiar setup with Alpine running in a
> OpenBSD-hosted VM. The main purpose of sndiod -L option is to handle
> such setups (don't forget to copy your ~/.sndio/cookie on the VM). In
> the past, I used a lot Debian, but on a real machine.
>
> I didn't try to involve pulseaudio or any alsa tweakery, to limit the
> number of audio software layers and in turn get the maximum audio
> stability. So I just rebuild the software I needed with sndio support
> enabled (that was mostly firefox and few audio players).




Bidirectional audio between OpenBSD sndiod <-> Debian pulseaudio

2021-05-08 Thread Martin
Hi list,

It is great to have bidirectional audio between OpenBSD host and Debian guest 
(headless). I hope I move in a right way to make this thing working.

Required configuration:
mic-in on OpenBSD host >> Debian VMM guest
audio-out from Debian VMM guest >> OpenBSD host

Does anybody using pulseaudio or any other driver to have bidirectional network 
audio stream between VMM guest and OpenBSD host system?

Martin



Read SMART from NVME disks like 'atactl /dev/sdx smartstatus' for HDDs

2021-05-08 Thread Martin
Hi list,

I'm looking a way to monitor SMART alike parameters of NVME drives in OpenBSD 
6.9amd64. How do people monitor modern disks?

Martin



Re: Release schedule/general product engineering

2021-04-22 Thread Martin Schröder
Am Do., 22. Apr. 2021 um 09:28 Uhr schrieb Andrew Grillet
:
> I wanted to know approximately when the next release would be available

http://www.openbsd.org/faq/faq1.html#WhatIs

"The OpenBSD team makes a new release approximately every six months,
with the target release dates in May and November."

Best
Martin



Working with encapsulated traffic using PF (pass incoming IPv4 from IPv6 gif tunnel)

2021-04-09 Thread Martin
Hello list,

I have working IPv4 OpenBSD router. There are no problems with native IPv4 and 
IPv6 traffic filtering/redirecting at all.

Now stuck with filtering IPv4 traffic encapsulated in IPv6 tunnel using gif 
interface.

IPv6 interface is tun0 which has assigned unique IPv6 address, and gif0 has the 
same unique IPv6 as tun0 with wrapped IPv4 into IPv6 as shows in configs.

The same configuration from the opposite side, except IPv4 and IPv6 source and 
destination addresses reversed to make a tunnel.

I'm not sure if I needed to use a bridge between tun0 and gif0 to have it 
working.

Looking for appropriate PF filtering rule to pass IPv4 encapsulated traffic 
appearing on tun0 and blocks by "block all" PF rule for some reason.

Any ideas welcome.

=== Side-a ===

# cat /etc/hostname.gif0
# gif0
up
description 'IPv4 over IPv6 tunnel'
# tunnel [src IPv6] [dst IPv6]
tunnel :::::18b5 :::::a503
inet alias 10.190.0.1
dest 10.190.0.2

# ifconfig tun0
tun0: flags=8051 mtu 1500
index 44 priority 0 llprio 3
groups: tun
status: active
inet6 fe80::5054:ffc:fe04:f824%tun0 ->  prefixlen 64 scopeid 0x2c
inet6 :::::18b5 ->  prefixlen 48

=== Side-b ===

# cat /etc/hostname.gif0
# gif0
up
description 'IPv4 over IPv6 tunnel'
# tunnel [src IPv6] [dst IPv6]
tunnel :::::a503 :::::18b5
inet alias 10.190.0.2
dest 10.190.0.1

# ifconfig tun0
tun0: flags=8051 mtu 1500
index 44 priority 0 llprio 3
groups: tun
status: active
inet6 fe80::2a15:f3af:fefb:a3b0%tun0 ->  prefixlen 64 scopeid 0x2c
inet6 :::::a503 ->  prefixlen 48



Re: PF blocks traffic from encapsulated IPv4 where tun0 (IPv6) gif0 (IPv4 in IPv6 tunnel)

2021-04-09 Thread Martin
In addition to pass encapsulated traffic by the rules below:

pass in log inet proto {ipencap, encap, etherip} from any to any keep state 
(if-bound)
pass out log inet proto {ipencap, encap, etherip} from any to any keep state 
(if-bound)

I set incoming rule for ICMP traffic pass from tun0 and gif0 interfaces. This 
rule works fine if IPv4 is not encapsulated (work for all IPv4 traffic 
appearing on any interface affected), but with IPv4 encap it doesn't work for 
some reason. And ICMP packets from IPv4 encapsulated always hit block all rule.

pass in on {tun0, gif0} inet proto icmp all icmp-type {echoreq, timex, 
paramprob, unreach code needfrag} keep state

Any ideas can help.

‐‐‐ Original Message ‐‐‐
On Thursday, April 8, 2021 9:11 AM, Martin  wrote:

> Some updates
>
> ipv6-icmp for both ends with IPv6 addresses works well even without 'set 
> skip':
>
> pass in on tun0 inet6 proto ipv6-icmp all icmp6-type {toobig, echoreq} keep 
> state
>
> So it confirmed filtering for IPv6 is working for tun0, but do not work for 
> IPv4 encapsulated for some reason.
>
> Please advice.
>
> ‐‐‐ Original Message ‐‐‐
> On Thursday, April 8, 2021 7:24 AM, Martin martin...@protonmail.com wrote:
>
> > Hello list,
> > IPv4 encapsulated traffic always hit rule:
> > block log (all, to pflog0)
> > If I set in pf.conf on both tunnel sides:
> > set skip on {tun0, gif0}
> > I can ping both IPv4 tunnel ends, but rdr-to rules don't work for IPv4 
> > encapsulated packets this way.
> > I've tried to allow encap protocol right after 'block log (all, to pflog0)' 
> > rule like below:
> > pass in log inet proto {ipencap, encap, etherip} from any to any keep state 
> > (if-bound)
> > pass out log inet proto {ipencap, encap, etherip} from any to any keep 
> > state (if-bound)
> > No effect, IPv4 encapsulated traffic blocked by 'block log (all, to 
> > pflog0)' rule all the times according to tcpdump as below:
> > 07:15:54.366210 rule 48/(match) block in on tun0: 10.190.0.1 > 10.190.0.2: 
> > [|icmp] (encap)
> > 07:15:55.366422 rule 48/(match) block in on tun0: 10.190.0.1 > 10.190.0.2: 
> > [|icmp] (encap)
> > The question is how to allow IPv4 encapsulated traffic for tun0 with gif0 
> > IPv4-in-IPv6?
> > Configs for both sides of tunnel:
> > === Side-a ===
> > cat /etc/hostname.gif0
> > ===
> > gif0
> > =
> > up
> > description 'IPv4 over IPv6 tunnel'
> > tunnel [src IPv6] [dst IPv6]
> > =
> > tunnel :::::18b5 :::::a503
> > inet alias 10.190.0.1
> > dest 10.190.0.2
> > ifconfig tun0
> > ==
> > tun0: flags=8051 mtu 1500
> >
> > index 44 priority 0 llprio 3
> > groups: tun
> > status: active
> > inet6 fe80::5054:ffc:fe04:f824%tun0 ->  prefixlen 64 scopeid 0x2c
> >
> > inet6 :::::18b5 ->  prefixlen 48
> >
> >
> > === Side-b ===
> > cat /etc/hostname.gif0
> > ===
> > gif0
> > =
> > up
> > description 'IPv4 over IPv6 tunnel'
> > tunnel [src IPv6] [dst IPv6]
> > =
> > tunnel :::::a503 :::::18b5
> > inet alias 10.190.0.2
> > dest 10.190.0.1
> > ifconfig tun0
> > ==
> > tun0: flags=8051 mtu 1500
> >
> > index 44 priority 0 llprio 3
> > groups: tun
> > status: active
> > inet6 fe80::2a15:f3af:fefb:a3b0%tun0 ->  prefixlen 64 scopeid 0x2c
> >
> > inet6 :::::a503 ->  prefixlen 48
> >




Re: PF blocks traffic from encapsulated IPv4 where tun0 (IPv6) gif0 (IPv4 in IPv6 tunnel)

2021-04-08 Thread Martin
Some updates

ipv6-icmp for both ends with IPv6 addresses works well even without 'set skip':

pass in on tun0 inet6 proto ipv6-icmp all icmp6-type {toobig, echoreq} keep 
state

So it confirmed filtering for IPv6 is working for tun0, but do not work for 
IPv4 encapsulated for some reason.

Please advice.

‐‐‐ Original Message ‐‐‐
On Thursday, April 8, 2021 7:24 AM, Martin  wrote:

> Hello list,
>
> IPv4 encapsulated traffic always hit rule:
>
> block log (all, to pflog0)
>
> If I set in pf.conf on both tunnel sides:
>
> set skip on {tun0, gif0}
>
> I can ping both IPv4 tunnel ends, but rdr-to rules don't work for IPv4 
> encapsulated packets this way.
>
> I've tried to allow encap protocol right after 'block log (all, to pflog0)' 
> rule like below:
>
> pass in log inet proto {ipencap, encap, etherip} from any to any keep state 
> (if-bound)
> pass out log inet proto {ipencap, encap, etherip} from any to any keep state 
> (if-bound)
>
> No effect, IPv4 encapsulated traffic blocked by 'block log (all, to pflog0)' 
> rule all the times according to tcpdump as below:
>
> 07:15:54.366210 rule 48/(match) block in on tun0: 10.190.0.1 > 10.190.0.2: 
> [|icmp] (encap)
> 07:15:55.366422 rule 48/(match) block in on tun0: 10.190.0.1 > 10.190.0.2: 
> [|icmp] (encap)
>
> The question is how to allow IPv4 encapsulated traffic for tun0 with gif0 
> IPv4-in-IPv6?
>
> Configs for both sides of tunnel:
>
> === Side-a ===
>
> cat /etc/hostname.gif0
>
> ===
>
> gif0
>
> =
>
> up
> description 'IPv4 over IPv6 tunnel'
>
> tunnel [src IPv6] [dst IPv6]
>
> =
>
> tunnel :::::18b5 :::::a503
> inet alias 10.190.0.1
> dest 10.190.0.2
>
> ifconfig tun0
>
> ==
>
> tun0: flags=8051 mtu 1500
>
> index 44 priority 0 llprio 3
> groups: tun
> status: active
> inet6 fe80::5054:ffc:fe04:f824%tun0 ->  prefixlen 64 scopeid 0x2c
>
> inet6 :::::18b5 ->  prefixlen 48
>
>
> === Side-b ===
>
> cat /etc/hostname.gif0
>
> ===
>
> gif0
>
> =
>
> up
> description 'IPv4 over IPv6 tunnel'
>
> tunnel [src IPv6] [dst IPv6]
>
> =
>
> tunnel :::::a503 :::::18b5
> inet alias 10.190.0.2
> dest 10.190.0.1
>
> ifconfig tun0
>
> ==
>
> tun0: flags=8051 mtu 1500
>
> index 44 priority 0 llprio 3
> groups: tun
> status: active
> inet6 fe80::2a15:f3af:fefb:a3b0%tun0 ->  prefixlen 64 scopeid 0x2c
>
> inet6 :::::a503 ->  prefixlen 48
>




PF blocks traffic from encapsulated IPv4 where tun0 (IPv6) gif0 (IPv4 in IPv6 tunnel)

2021-04-08 Thread Martin
Hello list,

IPv4 encapsulated traffic always hit rule:

block log (all, to pflog0)

If I set in pf.conf on both tunnel sides:

set skip on {tun0, gif0}

I can ping both IPv4 tunnel ends, but rdr-to rules don't work for IPv4 
encapsulated packets this way.

I've tried to allow encap protocol right after 'block log (all, to pflog0)' 
rule like below:

pass in log inet proto {ipencap, encap, etherip} from any to any keep state 
(if-bound)
pass out log inet proto {ipencap, encap, etherip} from any to any keep state 
(if-bound)

No effect, IPv4 encapsulated traffic blocked by 'block log (all, to pflog0)' 
rule all the times according to tcpdump as below:

07:15:54.366210 rule 48/(match) block in on tun0: 10.190.0.1 > 10.190.0.2: 
[|icmp] (encap)
07:15:55.366422 rule 48/(match) block in on tun0: 10.190.0.1 > 10.190.0.2: 
[|icmp] (encap)

The question is how to allow IPv4 encapsulated traffic for tun0 with gif0 
IPv4-in-IPv6?

Configs for both sides of tunnel:

=== Side-a ===

# cat /etc/hostname.gif0
# gif0
up
description 'IPv4 over IPv6 tunnel'
# tunnel [src IPv6] [dst IPv6]
tunnel :::::18b5 :::::a503
inet alias 10.190.0.1
dest 10.190.0.2

# ifconfig tun0
tun0: flags=8051 mtu 1500
index 44 priority 0 llprio 3
groups: tun
status: active
inet6 fe80::5054:ffc:fe04:f824%tun0 ->  prefixlen 64 scopeid 0x2c
inet6 :::::18b5 ->  prefixlen 48

=== Side-b ===

# cat /etc/hostname.gif0
# gif0
up
description 'IPv4 over IPv6 tunnel'
# tunnel [src IPv6] [dst IPv6]
tunnel :::::a503 :::::18b5
inet alias 10.190.0.2
dest 10.190.0.1

# ifconfig tun0
tun0: flags=8051 mtu 1500
index 44 priority 0 llprio 3
groups: tun
status: active
inet6 fe80::2a15:f3af:fefb:a3b0%tun0 ->  prefixlen 64 scopeid 0x2c
inet6 :::::a503 ->  prefixlen 48



Slow network performance - iperf3/tcpbench on local machine

2021-04-03 Thread Duncan Martin
Hi,

I'm trying to debug some general network slowness with my 6.8 server
(i7-3930k) that seems to affect all protocols (e.g. Samba capping at
70MB/s, FTP at 45MB/s for upload).  I've run some iperf3/tcpbench tests
and the results seems low even when running both client and server
on the same machine to eliminate the actual network.


Setting the client to localhost, I get an average of about 10Gbit/s in 
iperf3.

[  5]   0.00-10.00  sec  11.3 GBytes  9.74 Gbits/sec  sender
[  5]   0.00-10.00  sec  11.3 GBytes  9.74 Gbits/sec  receiver

tcpbench is a bit quicker:
Conn:   1 Mbps:11585.269 Peak Mbps:11602.117 Avg Mbps:11585.269
Conn:   1 Mbps:11580.000 Peak Mbps:11602.117 Avg Mbps:11580.000
Conn:   1 Mbps:11583.638 Peak Mbps:11602.117 Avg Mbps:11583.638
Conn:   1 Mbps:10029.172 Peak Mbps:11602.117 Avg Mbps:10029.172


Running with the IP address of the machine:

[  5]   0.00-10.00  sec  1.51 GBytes  1.30 Gbits/sec  sender
[  5]   0.00-10.00  sec  1.51 GBytes  1.30 Gbits/sec  receiver

Conn:   1 Mbps: 1026.018 Peak Mbps: 1543.406 Avg Mbps: 1026.018
Conn:   1 Mbps:  977.226 Peak Mbps: 1543.406 Avg Mbps:  977.226
Conn:   1 Mbps: 1281.376 Peak Mbps: 1543.406 Avg Mbps: 1281.376
Conn:   1 Mbps: 1128.490 Peak Mbps: 1543.406 Avg Mbps: 1128.490

smbclient to IP address is around 100-120MB/s depending on Samba
settings.  To localhost it goes up to 200MB/s. This is copying between
SSDs which manage 500MB/s directly.

Those tests were with PF disabled.  PF enabled is basically the same:
[  5]   0.00-10.00  sec  1.49 GBytes  1.28 Gbits/sec  sender
[  5]   0.00-10.00  sec  1.49 GBytes  1.28 Gbits/sec  receiver

With UDP, iperf3 seems broken (1Mbit/s), with tcpbench:

localhost:
Elapsed:   2 Mbps: 912.534 Peak Mbps: 926.653 Tx PPS:   77491
Elapsed:   21000 Mbps: 861.850 Peak Mbps: 926.653 Tx PPS:   73187

local IP:
Elapsed:   16000 Mbps: 908.789 Peak Mbps: 917.009 Tx PPS:   77173
Elapsed:   17000 Mbps: 788.132 Peak Mbps: 917.009 Tx PPS:   66927


systate with tcpbench running with TCP & IP address:
  3 users Load 1.31 0.64 0.32 caleb.home.duncanma 14:29:14

memory totals (in KB)PAGING   SWAPPING Interrupts
   real   virtual free   in  out   in  out  204 total
Active   211624211624 11526980   ops200 clock
All 4660156   4660156 19920940   pages3 ipi
  1 em0
Proc:r  d  s  wCsw   Trp   Sys   Int   Sof  Flt   forks ehci0
 1   105 299265634 1171   fkppw azalia1
  fksvm ahci0
   0.0%Int   0.7%Spn  17.5%Sys   0.8%Usr  81.0%Idle   pwait ehci1
|||||||||||   relck ahci1
= rlkok pckbc0
  noram
Namei Sys-cacheProc-cacheNo-cache ndcpy
Calls hits%hits %miss   % fltcp
  zfod
  cow
Disks   sd0   sd1   sd2   sd3  134892 fmin
seeks  179856 ftarg
xfers itarg
speed3K  3K 2 wired
  sec   0.0 0.0   pdfre
  pdscn
  pzidl  211289 IPKTS
   13 kmape  211288 OPKTS


and top:
load averages:  1.39,  1.01,  0.54
66 processes: 63 idle, 3 on processor
CPU00 states:  0.0% user,  0.0% nice,  0.0% sys,  0.0% spin,  0.0% intr,  100% 
idle
CPU01 states:  0.0% user,  0.0% nice,  0.0% sys,  0.0% spin,  0.0% intr,  100% 
idle
CPU02 states:  1.0% user,  0.0% nice, 53.3% sys,  2.0% spin,  0.0% intr, 43.7% 
idle
CPU03 states:  0.4% user,  0.0% nice, 48.9% sys,  2.0% spin,  0.0% intr, 48.7% 
idle
CPU04 states:  1.2% user,  0.0% nice,  7.8% sys,  0.0% spin,  0.0% intr, 91.0% 
idle
CPU05 states:  0.0% user,  0.0% nice,  0.0% sys,  0.0% spin,  0.0% intr,  100% 
idle
Memory: Real: 206M/4550M act/tot Free: 11G Cache: 3781M Swap: 0K/8197M

  PID USERNAME PRI NICE  SIZE   RES STATE WAIT  TIMECPU COMMAND
55082 duncan400  680K 2060K onproc/2  - 1:17 13.96% tcpbench
41980 duncan330  660K 2040K onproc/4  - 0:05  6.30% tcpbench


I also tried a different machine (i9-10850K) 

Default swap, crash dumps and savecore issues

2021-03-26 Thread martin mg
Hi !

kern.version=OpenBSD 6.9-beta (GENERIC.MP) #429: ...

I've been doing some tests recently in order to retrieve kernel dumps.
Using my Thinkpad T480 - 16Gb RAM, I did a very basic test install with
the simplest layout ever:
a=  /  40G (more than enough for /var/crash to hold the entire dump)
b= swap  17G

In order to trigger a dump, I used reboot(8) (# reboot -d) and I also
tested ddb> boot crash (modifying ddb.console=1 before securelevel change
and triggering ddb with CTRL+ALT+ESC as in ddb(4) man page).
Dump ended successfully ( #  Succeeded )

Now the issue I encountered was retrieving this dump using savecore
(manually
in singleusermode or automatically with the rc script).

By default, vm.swapencrypt.enable=1 so swap (by default) is encrypted with
a
"one time password". Now:

1) If dump is triggered from userland (in standard user session), although
I'm seeing
dump taking place before rebooting, there is absolutely NO WAY for me to
retrieve it
after rebooting.
 ==> # savecore -f /var/crash (booting in single usermode with >boot -s) =>
No dumps found
 ==> Letting rc script do it's thing: No core dump found

2) If dump is triggered while in singleusermode (>boot -s), then, core dump
can be retrieved
as expected with both method above.

3) If changing vm.swapencrypt.enable to 0 => Crash dumps can then be
retrieved as
expected even when triggered in user console session.

Something must be wrong with my default-encrypted swap then right?
Reading the mailing list, I was under the impression that, as crash dump
appears late
(after destroying the onetime encryption swap) and as savecore appears
early in the boot
process (before swap is onetime encrypted) there should not be any problem
retrieving those
dumps. However, without turning off default swap encryption, I am not able
to retrieve
those crash dumps when triggered in a standard user session.

Do you have any explanations / suggestions on how I could solve this issue?
Do we
absolutely need to turn off manually default swap encryption before
triggering a crash
dump if we are NOT in single user mode?

Thanks!


Encrypted home + hibernate: drives states? [ OpenBSD -current ]

2021-02-28 Thread martin mag
Hello!

My current partition setup is as follows (one SSD Disk, using -current
default kernel )
sd0a   100G RAID  == bioctl -c C -k sd1a ==> a=/
  b=swap

.  .

 p=/home (for sysupgrade to

 work without troubles)
sd0d   350G RAID  == bioctl -c C -C noauto -k sd1d ==>   a=/home/mmartin

(BTW, I use duids but for the sake of readers, using dev label here)

* Decryption of sd0a is done automatically at boot time => Perfect

* Decryption of sd0d (not automatically decrypted, see -C noauto),
is done with a modified rc script (just after wsconsctl), but it could be
done in /etc/rc.local (I just don't want to leave my keydisk too long
on my computer, personal preference ... debatable for sure).

I can run suspend (zzz) without any issue (but as I'm using FDE, I prefer not to
use it as encryption would be useless) and hibernate (ZZZ) seem to work
perfectly fine. The only problem I have is understanding in what state is
my sd0d partition.

sd0a is the encrypted root partition, automatically handled by the OS so when
waking from an hibernate state, the usb key needs to be inserted =>
When in hibernate mode, I assume sd0a is encrypted then .. right?

Now, as sd0d is handled manually (in /etc/rc or /etc/rc.local), I
don't really get in
which state it is when in hibernate mode. It doesn't seem to be
encrypted because
the usb key is not needed at wakeup time (or is it?.. but some key is
stored within the
image that is dumped to swap?. My first thought was that unmount /
detaching bioctl
should happen AFTER the system image is dumped to swap (so this cannot be
handled in /etc/apm/* files ... right?).
At the same time, I don't understand HOW it could not be encrypted as
powering off
the laptop (hibernate behaviour) will force bioctl to detach => hence
keep the drive
encrypted while powered off .. right?
Because of that, is there a high risk of getting corrupted data when
waking the laptop
up from hibernate state?

Last thing: If my /home/mmartin partition is not on the same drive or
partition as root,
should I avoid using hibernate if my laptop needs to be securely
powered-off? (swap
is on the encrypted drive sd0a (encrypted twice then but I read on
this mailing list that
the overhead is so low that everyone should do that if using FDE) so
is no factor
for a security breach)

Thank you very much!

PS: I use the -C noauto for my home partition because, IRL, I have a
small password
encrypted partition on the keydisk that, when decrypted, contains the key to
decrypt my home partition. (so automatic decryption is not going to
work for me).



[OpenBSD -current] Change event timer in main loop with kqueue

2021-02-26 Thread martin mag
Hello everyone!

I've been trying to use kqueue for the last couple of day but I keep
having an issue with EVFILT_TIMER filter. (I'm running Openbsd
-current)

Right now, I'm trying to do the following:
1) Initilialize a timer event @ 200ms, periodically.
2) Inside the main event loop => If this event is retrieved, print
elapsed time since last one
3) After 2 iterations, MODIFY the timer event to 1000ms and continue the loop
4) Code stops after 4 iterations as pb arise after the first timer
change @ iteration 2.

Reading the manpages kqueue(2), one sees that:
** ) An event is uniquely defined by the pair (ident, filter) ==>
in the example below (TIMER1, EVFILT_TIMER)
**)  "" Re-adding an existing event will modify the parameters of
the original event, and not result in a duplicate entry. "" => So
re-adding the event (TIMER1, EVFILT_TIMER) with a modified field
'data' should update the timer from 200ms to 1000ms.

=> Apparently, timer is updated, but not in the way I expected. See
below an example.

Here is the C program. I removed every 'error-checker' intentionally
as this is just a basic test:

#include 
#include 
#include 
#include 
#define TIMER1 202

int main(){
int kq=0, nev=0;
struct kevent evlist, chlist;
struct timespec start, stop, elapsed;

/* Initialize the queue */
kq = kqueue();
/* Register event to the queue */
EV_SET(, TIMER1, EVFILT_TIMER, EV_ADD | EV_ENABLE, 0, 200, 0);
kevent(kq, , 1, NULL, 0, NULL);

for (int i=0; i<4; i++){
clock_gettitme(CLOCK_MONOTONIC, );
nev = kevent(kq, NULL, 0, , 1, NULL);
printf("Iteration %d => nb events=%d\n", i+1, nev);
if (evlist.ident == TIMER1){
clock_gettime(CLOCK_MONOTONIC, );
timespecsub(, , );
printf("Time elapsed since previous iteration: %lld.%09lds\n",
   (long long) elapsed.tv_sec, (long long)
elapsed.tv_nsec);

/* > MODIFY TIMER <== */
if( (i+1)%2 == 0){
printf("Adjusting timer event ...\n");
EV_SET(, TIMER1, EVFILT_TIMER, EV_ADD |
EV_ENABLE, 0, 1000, 0);
/* I also tried this:   chlist.data = 1000;  but same
problem arise*/
/* Register modification within the queue */
kevent(kq, , 1, NULL, 0, NULL);
printf("Next event should happen %dms later", chlist.data);
  } /* End i%4 == 0

 } /* End evlist.ident == TIMER1 */

} /* End for loop */

return EXIT_SUCCESS;
}

*** Compiled with gcc-8.4.0
# egcc -o test_kqueue test_kqueue.c

*** OUTPUT of above program
Iteration 1 => nb events=1
Time elapsed since previous event:0.203417468s
==

Iteration 2 => nb events=1
Time elapsed since previous event:0.199534100s
Adjusting timer event 
Next event in 1000ms<< ===
This is where TIMER is changed

<< ===  and  kqueue is updated
==

Iteration 3 => nb events=1
Time elapsed since previous event:0.199848328<< === Problem here:

   << It should be ~1s not 0.2s (initial timer)
==

Iteration 4 => nb events=1
Time elapsed since previous event:0.999884957s   << === Now it's OK
Adjusting timer event 
Next event in 1000ms
==
*** END OF OUTPUT

So what I expected from my program was that Iteration 3 would be
retrieved 1second after iteration 2. But here, it is retrieved 0.2s
after only. This is AS IF the change wasn't taken into account yet
...? The expected behaviour is seen at iteration 4.

I'm pretty sure I'm not understanding correctly what happens but I
cannot figure out where I'm wrong in my example.

I did another test modifying the event timer (line 31 in program) in loop with:
TEST 1: (Added EV_ONESHOT)
  EV_SET(, TIMER1, EVFILT_TIMER, EV_ADD | EV_ENABLE |
EV_ONESHOT, 0, 1000, 0);   ===>> ONESHOT does not seem to be taken
into account as the event keeps beeing retrieved 1s apart. (the
expected behavior would that that only one event should be triggered
after this modification)

TEST 2 (Disabling event to see if it happens instantly or if it is
"delayed" as in the previous examples)
The ONLY change that work as expected is EV_DISABLE, which stops
events from being retrieved after iteration 2.

Could any one help me figure out what I'm doing wrong and how I can
manage modifying an existing timer event?

Thanks a lot!

PS: This is not a copy/paste program as I'm not sending the message
from the same PC. I hope I didn't do any typos rewritting
everything...



Latest snapshot, Logitech keyboard not working.

2021-02-09 Thread martin . quach
On amd64, upgrading from stable to snapshot my Logitech G413 \
keyboard is not sending keypresses. i.e) Pressing the "a" key \
does nothing. There’s an error message saying \
“uhidev_intr: bad repid 48” To test that it's not a
problem with my keyboard I noticed that the function keys still work. \
(The keyboard light). Also to test it's not just my computer I \
plugged in a different keyboard and everything works as it should. \
Below is my dmesg from 6.8 stable:

OpenBSD 6.8 (RAMDISK_CD) #94: Sun Oct 4 18:21:11 MDT 2020
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
real mem = 17111998464 (16319MB)
avail mem = 16589369344 (15820MB)
random: good seed from bootblocks
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xe6cf0 (60 entries)
bios0: vendor American Megatrends Inc. version "M.60" date 04/18/2020
bios0: Micro-Star International Co., Ltd MS-7B86
acpi0 at bios0: ACPI 6.0
acpi0: tables DSDT FACP APIC FPDT FIDT SSDT SSDT SSDT MCFG HPET UEFI IVRS PCCT 
SSDT CRAT CDIT SSDT
SSDT WSMT
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Ryzen 5 3600 6-Core Processor, 3600.46 MHz, 17-71-00
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT
SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXS
,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT
CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,U
IP,IBPB,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu0: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 
8-way L2 cache, 32MB
64b/line disabled L3 cache
cpu0: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu0: apic clock running at 100MHz
cpu0: mwait min=64, max=64, C-substates=1.1, IBE
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 13 pa 0xfec0, version 21, 24 pins
ioapic1 at mainbus0: apid 14 pa 0xfec01000, version 21, 32 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (GPP0)
acpiprt2 at acpi0: bus -1 (GPP1)
acpiprt3 at acpi0: bus -1 (GPP3)
acpiprt4 at acpi0: bus -1 (GPP4)
acpiprt5 at acpi0: bus -1 (GPP5)
acpiprt6 at acpi0: bus -1 (GPP6)
acpiprt7 at acpi0: bus -1 (GPP7)
acpiprt8 at acpi0: bus 38 (GPP8)
acpiprt9 at acpi0: bus -1 (GPP9)
acpiprt10 at acpi0: bus -1 (GPPA)
acpiprt11 at acpi0: bus -1 (GPPB)
acpiprt12 at acpi0: bus -1 (GPPC)
acpiprt13 at acpi0: bus -1 (GPPD)
acpiprt14 at acpi0: bus -1 (GPPE)
acpiprt15 at acpi0: bus -1 (GPPF)
acpiprt16 at acpi0: bus -1 (GP10)
acpiprt17 at acpi0: bus 39 (GP12)
acpiprt18 at acpi0: bus 40 (GP13)
acpiprt19 at acpi0: bus 48 (GP30)
acpiprt20 at acpi0: bus 49 (GP31)
acpiprt21 at acpi0: bus 3 (GPP2)
acpipci0 at acpi0 PCI0: 0x0010 0x0011 0x
acpicmos0 at acpi0
"PNP0C0C" at acpi0 not configured
amdgpio0 at acpi0 GPIO uid 0 addr 0xfed81500/0x400 irq 7, 184 pins
"PNP0C14" at acpi0 not configured
"PNP0C14" at acpi0 not configured
"AMDIF030" at acpi0 not configured
"PNP0C14" at acpi0 not configured
acpicpu at acpi0 not configured
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "AMD 17h/3xh Root Complex" rev 0x00
vendor "AMD", unknown product 0x1481 (class system subclass IOMMU, rev 0x00) at 
pci0 dev 0 function
2 not configured
pchb1 at pci0 dev 1 function 0 vendor "AMD", unknown product 0x1482 rev 0x00
ppb0 at pci0 dev 1 function 3 vendor "AMD", unknown product 0x1483 rev 0x00: msi
pci1 at ppb0 bus 3
xhci0 at pci1 dev 0 function 0 vendor "AMD", unknown product 0x43d5 rev 0x01: 
msi, xHCI 1.10
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 configuration 1 interface 0 "AMD xHCI root hub" rev 3.00/1.00 
addr 1
ahci0 at pci1 dev 0 function 1 "AMD 400 Series AHCI" rev 0x01: msi, AHCI 1.3.1
ahci0: port busy after first PMP probe FIS
ahci0: port busy after first PMP probe FIS
ahci0: port 0: 6.0Gb/s
ahci0: port busy after first PMP probe FIS
ahci0: port busy after first PMP probe FIS
ahci0: port 1: 6.0Gb/s
ahci0: port busy after first PMP probe FIS
ahci0: port busy after first PMP probe FIS
ahci0: port 4: 6.0Gb/s
ahci0: port busy after first PMP probe FIS
ahci0: port busy after first PMP probe FIS
ahci0: port 5: 6.0Gb/s
scsibus0 at ahci0: 32 targets
sd0 at scsibus0 targ 0 lun 0:  naa.500a07510f0f007b
sd0: 244198MB, 512 bytes/sector, 500118192 sectors, thin
sd1 at scsibus0 targ 1 lun 0:  naa.5000c5007a61b7f5
sd1: 953869MB, 512 bytes/sector, 1953525168 sectors
sd2 at scsibus0 targ 4 lun 0:  naa.50014ee20f4b362e
sd2: 953869MB, 512 

Re: OpenMPI 4.0.5 segfault with mpi_file_open() [ OpenBSD 6.8 release & current ]

2021-02-04 Thread martin mag
Great, Thank you very much for the help. I was absolutely not looking into
that direction. Working great again now :)

> I looked into the IO issue, one hint is found with
>
> export OMPI_MCA_io_base_verbose=40
> mpirun -np 1 -H localhost:1 ./mpitest
> ...
>  mca: base: components_open: found loaded component ompio
>  mca: base: components_open: component ompio open function successful
>  mca: base: components_open: found loaded component romio321
>  mca: base: components_open: component romio321 open function successful
> ...
>
> So in fact there are two IO components available: ompio and romio321. The
> first is selected (and fails).  If you select the second, mpitest works:
>
> $ mpirun -np 1 -H localhost:1 --mca io romio321 ./mpitest
> This is process 1 / 1
>
> You can make this permanent with
>
> export OMPI_MCA_io=romio321
>
> added to your login scripts.
>
> HTH.  (OpenMPI is too complicated for it's own good.)
>
>
> John
>
>
>
> On 2021-02-03 09:51, j...@bitminer.ca wrote:
>>
>> Hi Martin,
>>
>> I haven't run into your MPI_File_open issue (don't use it), but
>> your code does fail for me too in the same way.
>>
>>> $> mpirun -np 1 -H localhost:1 ./fmpitest
>>> fmpitest:/usr/local/lib/libmpi.so.5.0: ./fmpitest : WARNING:
>>> symbol(mpi_fortran_statuses_ignore_) size mismatch,
>>> relink your program
>>> fmpitest:/usr/local/lib/libmpi.so.5.0: ./fmpitest : WARNING:
>>> symbol(mpi_fortran_status_ignore_) size mismatch,
>>> relink your program
>>
>> The Fortran symbol error you see is common and I'm not sure of the
>> cause.  I did look into it at one point and decided all definitions were
>> in fact identical, so it might be a weird compiler+linker issue.
>>
>> It's never been symptomatic beyond the warning so I ignore it.
>>
>>
>> --John
>


OpenMPI 4.0.5 segfault with mpi_file_open() [ OpenBSD 6.8 release & current ]

2021-02-02 Thread martin mag
Hello everyone,

I'm all new to the OpenBSD world and decided to go full OpenBSD on my
thinkpad (T480). Yesterday, I installed devel/openmpi from packages
but it is not
working as expected (I'm surely doing something wrong as my tests are
extremely basic and are working on a linux live image).

Those are the steps I did after installing OpenBSD 6.8 - AMD64
(RELEASE or CURRENT) with default disk layout:

$> pkg_add gcc g95 openmpi gdb

$> mpirun --version
 mpirun (Open MPI) 4.0.5

$> mpicc --version
 egcc (GCC) 8.4.0

## Program I'm trying to run: mpitest.c ##

/* MPI test creating file */
#include 
#include 
#include 

int main(int argc, char *argv[])
{
MPI_File fh;
int rank, sze;

MPI_Init(NULL,NULL);
MPI_Comm_rank(MPI_COMM_WORLD, );
MPI_Comm_size(MPI_COMM_WORLD, );

printf("This is process %d / %d\n", rank+1, sze);

if(MPI_File_open(MPI_COMM_WORLD, "test.txt",
  MPI_MODE_CREATE|MPI_MODE_WRONLY,
  MPI_INFO_NULL, ))
{
printf("Unable to create file \"test.txt\" ...");
fflush(stdout);
}
else
{
MPI_File_close();
}
MPI_Finalize();
return 0;
}

## RUN PROGRAM:
According to /usr/local/share/doc/pkg-readmes/openmpi:

$> export OMPI_MCA_btl=self,tcp,vader
$> export OMPI_MCA_mpi_yield_when_idle=1
$> export PMIX_MCA_gds=hash
$> mpicc -o mpitest mpitest.c
$> mpirun -np 1 -H localhost:1 ./mpitest
 This is process 1/1
 [test:31721] *** Process received signal ***
 [test:31721] Signal: Segmentation fault (11)
 [test:31721] Signal code: Address not mapped (1)
 [test:31721] Failing at address: 0x130
 -
 Primary job  terminated normally, but 1 process returned
 a non-zero exit code. Per user-direction, the job hase beed aborted.
 -
 -
 mpirun noticed that process rank 0 with PID 0 on node test exited on
 signal 11 (Segmentation fault)
## END RUN PROGRAM

## RESULT OF GDB BACKTRACE ##
$> egdb ./mpitest
 (...)
 (gdb) run
 Starting program: /home/test/mpitest
 [New process 47898]
 This is process 1/1
 [New thread 123113]
 [New thread 580170]

 Thread 1 received signal SIGSEGV, Segmentation fault.
 0x00a58bd673c3 in mca_common_ompio_file_close() from
/usr/local/lib/libmca_common_ompio.so.2.0

 (gdb) backtrace
 #0 0x00a58bd673c3 in mca_common_ompio_file_close () from
/usr/local/lib/libmca_common_ompio.so.2.0
 #1 0x00a5ba9f15dc in mca_io_ompio_file_close () from
/usr/local/lib/openmpi/mca_io_ompio.so
 #2 0x00a5268c572c in file_destructor () from
/usr/local/lib/libmpi.so.5.0
 #3 0x00a5268c5cb9 in ompi_file_open () from
/usr/local/lib/libmpi.so.5.0
 #4 0x00a5268ef055 in PMPI_File_open () from
/usr/local/lib/libmpi.so.5.0
 #5 0x00a2c7864e5c in main ()

## END GDB RESULT ##

## FORTRAN TEST
I tried the same example using fortran (Fortran program not shown):
$> mpifort --version
 GNU Fortran (GCC) 8.4.0
$> mpifort -o fmpitest fmpitest.f90
$> mpirun -np 1 -H localhost:1 ./fmpitest
 fmpitest:/usr/local/lib/libmpi.so.5.0: ./fmpitest : WARNING:
 symbol(mpi_fortran_statuses_ignore_) size mismatch,
 relink your program
 fmpitest:/usr/local/lib/libmpi.so.5.0: ./fmpitest : WARNING:
 symbol(mpi_fortran_status_ignore_) size mismatch,
 relink your program

 Program received signal SIGSEGV: Segmentation fault -
 invalid memory reference
 (...)
## END OF FORTRAN TEST

## QUESTIONS
** Could anyone tell me what I'm doing wrong as those codes are compiling
fine on linux liveUSB ?
** Are those warnings from openmpi-fortran safe to ignore?

Thank you very much!

Martin

$> uname -a
 OpenBSD test.localhost 6.8 GENERIC.MP#98 amd64

PS: These errors appear in OpenBSD 6.8 Release OR Current
(1 snapshot per day tested for the last 5 days) on my thinkpad.



Re: relayd and stateless UDP traffic

2020-11-22 Thread Martin
TCP conns works excellent using relayd.

The final goal is to make OpenVPN UDP connection as below:

PC 10.0.20.3 -> relayd -> NAT to egress (IPsec) -> Internet

But UDP redirection rule seems to work only for incoming UDP connections. I'm 
not sure about this.

I've tried:

redirect udp-pass {
  listen on 10.0.20.1 udp port 1:65535
  forward to nat lookup
}

# rcctl -d restart relayd
returns config error.

Any suggestions how to redirect UDP stateless from PC in local network to 
system wide NAT to egress (IPsec).

Martin

‐‐‐ Original Message ‐‐‐
On Sunday, November 22, 2020 2:54 PM, Stuart Henderson  
wrote:

> On 2020-11-22, Martin martin...@protonmail.com wrote:
>
> > I'm looking for a solution to handle stateless UDP traffic by relayd from 
> > various apps which use UDP. For now relayd configured to forward TCP 
> > connections only.
> > The goal is to use OpenVPN UDP connection trough relayd proxy.
> > Any suggestions/examples for would help find a solution.
> > Martin
>
> See relayd.conf(5), the second paragraph of the PROTOCOLS section.




relayd and stateless UDP traffic

2020-11-22 Thread Martin
I'm looking for a solution to handle stateless UDP traffic by relayd from 
various apps which use UDP. For now relayd configured to forward TCP 
connections only.

The goal is to use OpenVPN UDP connection trough relayd proxy.

Any suggestions/examples for would help find a solution.

Martin



Re: Impact of 002_icmp6.patch

2020-10-30 Thread Martin Schröder
Am Fr., 30. Okt. 2020 um 13:36 Uhr schrieb Florian Obser :
> On Fri, Oct 30, 2020 at 11:58:41AM +0100, Martin Schröder wrote:
> > I'd much prefer that the project adopted a" v6 first, vintage ip
> > second" approach.
> > But I'm not a dev.
>
> ... you are saying if you were a dev things would be better?

Now who's putting words in whose mouth? :-)

I respect your decisions. And since I'm not a dev, my words don't
carry much value here.

> Thanks for ignoring all the hard work we put into making IPv6 better
> in OpenBSD.

I'm not. Thanks for your work.

Best
Martin



Re: Impact of 002_icmp6.patch

2020-10-30 Thread Martin Schröder
Am Fr., 30. Okt. 2020 um 11:54 Uhr schrieb Denis Fondras :
> Please, fix your tweet. The default install answer for IPv6 is 'none'.

This borders on "switch off v6 for security reasons", which would be just wrong.

I'd much prefer that the project adopted a" v6 first, vintage ip
second" approach.
But I'm not a dev.

Best
Martin



Should I download 'distfiles/by_cipher ' or 'rsysnc --exlude by_chipher' ?

2020-10-27 Thread Martin
Do I need 'distfiles/by_cipher' in mirrored repo?

Or may I exclude 'rsysnc --exlude by_cipher' while mirroring repository without 
negative effects possible?

Martin



Re: Switching layout in vmm linux guest on OpenBSD host with english layout only

2020-10-19 Thread Martin
TightVNC marked as Attic in ports/net/tightvnc CVS source tree. May I update it 
and return it back to the tree in order to have layout switching functionality?

Martin

‐‐‐ Original Message ‐‐‐
On Thursday, October 8, 2020 9:35 AM, Stuart Henderson  
wrote:

> On 2020/10/07 23:11, Mike Larkin wrote:
>
> > On Tue, Oct 06, 2020 at 02:28:54PM +, Martin wrote:
> >
> > > Hi,
> > > Linux Guest has virtual dummy video card to emulate video hardware. Linux 
> > > Guest has TightVNC server running also. It automatically starts on boot. 
> > > Guest has two layouts.
> > > The same Guest *.qcow2 image is running on both Linux host and OpenBSD 
> > > vmm host.
> > >
> > > 1.  When I connected from Linux host by TightVNC with EN layout only to 
> > > Guest, I can switch layout and I see symbols when input.
> > > 2.  When I connected from OpenBSD host by ssvnc with only EN layout 
> > > present, I can switch layout in Guest but no symbols input. Any pressed 
> > > key shows nothing, like keyboard is absent at all.
> > >
> > > Any fresh idea can help.
> > > Martin
> >
> > Whatever your issue is, it's not with vmm(4)/vmd(8) as we don't emulate a
> > keyboard at all. So it would sorta be hard to mess up the layout on a device
> > we don't even say we have.
>
> yep.
>
> > Go talk to the TightVNC or ssvnc people, the issue is in one of those two
> > products.
>
> ssvnc is old and doesn't have the keycodes extension.
>
> I suggest trying tigervnc's version of vncviewer first which I think
> supports it, otherwise try getting tightvnc built on OpenBSD.
>
> > > ‐‐‐ Original Message ‐‐‐
> > > On Friday, October 2, 2020 7:34 AM, Stuart Henderson s...@spacehopper.org 
> > > wrote:
> > >
> > > > On 2020-09-30, Martin martin...@protonmail.com wrote:
> > > >
> > > > > Graphical mode of vmm
> > > >
> > > > vmm has no graphical mode ..
> > > >
> > > > > and qemu
> > > >
> > > > and has no interaction with qemu.
> > > > If you're using qemu on OpenBSD then it's emulating a cpu in software,
> > > > not managing a VM on your real cpu.
> > > >
> > > > > Layout switching works fine in qemu on Debian host even the host has 
> > > > > single english layout.
> > > > > But layout switching doesn't work in vmm and can't be changed in any 
> > > > > way. OpenBSD host uses single english layout as Debian host.
> > > > > Looking any solution on how to fix it. Please suggest.
> > > >
> > > > Which vnc client are you using? AFAIK you want one which supports the
> > > > extension to use raw keycodes rather than keysyms for things to work
> > > > properly, I believe tigervnc's version of vncviewer does this.




bioctl -cC -l /dev/sd1a softraid0 for encryption two disks RAID1 mirrored

2020-10-19 Thread Martin
Hi misc,

I'd like to have two encrypted 1TB disks in RAID 1 mirror mode (no hardware 
RAID installed). Is it possible to use bioctl for that purpose or do I need to 
use HW RAID and encrypt mirrored disks with bioctl -cC -l /dev/sd1a softraid0 ?

Please advice.

Martin



Re: Switching layout in vmm linux guest on OpenBSD host with english layout only

2020-10-06 Thread Martin
Hi,

Linux Guest has virtual dummy video card to emulate video hardware. Linux Guest 
has TightVNC server running also. It automatically starts on boot. Guest has 
two layouts.

The _same_ Guest *.qcow2 image is running on both Linux host and OpenBSD vmm 
host.

1. When I connected from Linux host by TightVNC with EN layout only to Guest, I 
can switch layout and I see symbols when input.
2. When I connected from OpenBSD host by ssvnc with only EN layout present, I 
can switch layout in Guest but no symbols input. Any pressed key shows nothing, 
like keyboard is absent at all.

Any fresh idea can help.

Martin

‐‐‐ Original Message ‐‐‐
On Friday, October 2, 2020 7:34 AM, Stuart Henderson  
wrote:

> On 2020-09-30, Martin martin...@protonmail.com wrote:
>
> > Graphical mode of vmm
>
> vmm has no graphical mode ..
>
> > and qemu
>
> and has no interaction with qemu.
>
> If you're using qemu on OpenBSD then it's emulating a cpu in software,
> not managing a VM on your real cpu.
>
> > Layout switching works fine in qemu on Debian host even the host has single 
> > english layout.
> > But layout switching doesn't work in vmm and can't be changed in any way. 
> > OpenBSD host uses single english layout as Debian host.
> > Looking any solution on how to fix it. Please suggest.
>
> Which vnc client are you using? AFAIK you want one which supports the
> extension to use raw keycodes rather than keysyms for things to work
> properly, I believe tigervnc's version of vncviewer does this.




Switching layout in vmm linux guest on OpenBSD host with english layout only

2020-09-30 Thread Martin
I'm running headless Debian guest with two keyboard layouts. *.qcow2 qemu image 
has been imported from Debian host.
Graphical mode of vmm and qemu with Debian guest access using vncviewer for 
both hosts. The guest itself has vncserver to share screen using headless setup.

Layout switching works fine in qemu on Debian host even the host has single 
english layout.

But layout switching doesn't work in vmm and can't be changed in any way. 
OpenBSD host uses single english layout as Debian host.

Looking any solution on how to fix it. Please suggest.

Martin



Encrypted notepad software suggestions

2020-09-28 Thread Martin
Hi there!

I'm looking for some notepad with encryption of notes/files created. Simply 
Text File encryption is suitable too to hide some info from plain text files I 
have.

Please advice.

Martin



Re: Web based document / spredsheet editor

2020-09-22 Thread Martin Sukaný
Hi Ben

So far I know troff is just the command line-based tool   I would need 
something which is available through the web browser as well for the end users. 



Odesláno z iPhonu

> 22. 9. 2020 v 17:34, ben :
> 
> Troff.
> 
> 
> Ben Raskin.



Web based document / spredsheet editor

2020-09-22 Thread Martin Sukany
Hi colleges,

I need to set up some kind of collaborative environment (rich text docjuments, 
basic tables) — request is „something like google docs“. 

As I’m almost working in shell I have to say that I’m little bit lost in this 
area.

Could you recommend me some web-based application (idealy something which is 
„easily“ deployed on OpenBSD)? If it wouldn’t have behind some of the ‚big 
frameworks‘, it would be great.

Any hints welcomed … 

Thanks
M>


S pozdravem / Kind regards

Martin Sukaný
UNIX Engineer, Developer, DevOps specialist
xmpp: mar...@sukany.cz
phone: +420 776 275 713
email: mar...@sukany.cz
l: https://www.linkedin.com/in/martins6





Re: smtpd returns 'TempFail' and 'No route to destination' when using localhost as source behind NAT

2020-08-19 Thread Martin
As I know, table sources is needed to bind smtpd to an interface while mail 
sending, but table helonames is for session IP=name. sorces != helonames in my 
particular configuration. So it doesn't work for me.

smtpd should bind to local interface like localhost or another interface on 
local system, but smtpd should expose its external address in heloname of 
remote system from which mail actually send.

Any ideas?

Martin

‐‐‐ Original Message ‐‐‐
On Saturday, August 15, 2020 2:27 PM, Kastus Shchuka  wrote:

> On Sat, Aug 15, 2020 at 07:49:28AM +0000, Martin wrote:
>
> > It is worth to mention smtpd works absolutely fine for outgoing/incoming 
> > mail if local machine has static IP address when:
> > ...
> > table sources {1.2.3.4} equivalent to
> > table helonames {1.2.3.4 = smtp.domain.tld}
> > ...
> > And yes, I have exactly the same action in /etc/mail/smtpd.conf
> > ...
> > table sources {127.0.0.1}
> > table helonames {1.2.3.4 = smtp.domain.tld}
>
> Your helonames table does not have an entry for 127.0.0.1, that is why it 
> cannot find helo string for it.




Re: smtpd returns 'TempFail' and 'No route to destination' when using localhost as source behind NAT

2020-08-15 Thread Martin
It is worth to mention smtpd works absolutely fine for outgoing/incoming mail 
if local machine has static IP address when:
...
table sources {1.2.3.4} equivalent to
table helonames {1.2.3.4 = smtp.domain.tld}
...

And yes, I have exactly the same action in /etc/mail/smtpd.conf

...
table sources {127.0.0.1}
table helonames {1.2.3.4 = smtp.domain.tld}
...
action "outbound" relay src  helo-src 
...

It looks like a bug or misconfiguration.

Martin

‐‐‐ Original Message ‐‐‐
On Thursday, August 13, 2020 1:28 PM, Kastus  wrote:

> On Thu, Aug 13, 2020 at 10:35:32AM +, Martin wrote:
>
> > OpenSMTPd 6.7.0 OpenBSD 6.7-current on local machine. All machine's traffic 
> > redirected trough iked IPsec VPN to remote gateway machine and uses PF NAT 
> > rule first:
> > match out log on enc0 from 0.0.0.0/0 to 0.0.0.0/0 nat-to 10.100.0.2
> > where 10.100.0.2 is virtual IP to NAT all local machine's traffic right 
> > into IPsec VPN tunnel.
> > Other local machine's services successfully connect to their destinations 
> > using NAT from local machine's localhost by IPsec VPN.
> > Logically, smtpd should bind on 127.0.0.1 local machine and expose its 
> > external remote gateway machine's IP in heloname as configured:
> >
> > cat /etc/mail/smtpd.conf
> >
> > =
> >
> > ...
> > table sources {127.0.0.1}
> > table helonames {1.2.3.4 = smtp.domain.tld}
> > ...
>
> You don't show how you use these tables in action definitions in your config.
>
> You need to have something like
>
> action dxxx relay src  helo-src 




smtpd returns 'TempFail' and 'No route to destination' when using localhost as source behind NAT

2020-08-13 Thread Martin
OpenSMTPd 6.7.0 OpenBSD 6.7-current on local machine. All machine's traffic 
redirected trough iked IPsec VPN to remote gateway machine and uses PF NAT rule 
first:

match out log on enc0 from 0.0.0.0/0 to 0.0.0.0/0 nat-to 10.100.0.2

where 10.100.0.2 is virtual IP to NAT all local machine's traffic right into 
IPsec VPN tunnel.

Other local machine's services successfully connect to their destinations using 
NAT from local machine's localhost by IPsec VPN.

Logically, smtpd should bind on 127.0.0.1 local machine and expose its external 
remote gateway machine's IP in heloname as configured:

# cat /etc/mail/smtpd.conf
...
table sources {127.0.0.1}
table helonames {1.2.3.4 = smtp.domain.tld}
...

But any attempt to send mail returns errors as shown below and no messages are 
sent to their destinations in result.

smtpd [95677]: smtp-out: Error on 127.0.0.1 <-> 199.185.178.25 
(mail.openbsd.org): Failed to retrieve helo string
smtpd [95677]: smtp-out: Disabling route 127.0.0.1 <-> 199.185.178.25 
(mail.openbsd.org) for 15s
smtpd [95677]:  mta delivery evpid=9f2a1cf3a8e83deb 
from= to= rcpt=<-> source"-" 
relay="openbsd.org" delay=6m42s result="TempFail" stat="No valid route to 
destionatin"
smtpd [95677]: smtp-out: Enabling route 127.0.0.1 <-> 199.185.178.25 
(mail.openbsd.org)

Telnet connects from local machine to 199.185.178.25 successfully.

# telnet 199.185.178.25 25
Trying 199.185.178.25...
Connected to 199.185.178.25
Escape character is '^]'.
220 mail.openbsd.org ESMTP mail.openbsd.org; Thu Aug 13 04:26:10 2020


Please advice what I did wrong in configuring smtpd?
Can smtpd send messages in any way stays behind IPsec VPN NAT?

Martin







Re: How many IPs can I block before taking a performance hit?

2020-08-12 Thread Martin Sukany
Hi,

as the tables are stored in RAM anyway during thee processing it’s moreless 
matter of how fast are your DIMMs / CPU. I’m usually work with several tables 
with cca 30 K records - no impact on the performance so far. 


S pozdravem / Kind regards

Martin Sukaný
UNIX Engineer, Developer, DevOps specialist
xmpp: mar...@sukany.cz
phone: +420 776 275 713
email: mar...@sukany.cz
l: https://www.linkedin.com/in/martins6



> 12. 8. 2020 v 14:22, Stuart Harland :
> 
> This is one of those “How long is a piece of string” examples.
> 
> You don’t give a lot in the way of specifications so as to come up with a 
> reasonble guess. But the guesses are meaningless anyway, as the packet 
> filtering subsystems are pretty efficient and very rapid.
> 
> In reality with sufficient CPU clock speed and memory for the state tables, 
> you should be able to simultaneously block thousands and thousands, if not 
> more.
> 
> Not particularly scientific, but there we are.
> 
> Stuart
> 
>> On 12 Aug 2020, at 13:11, Alan McKay  wrote:
>> 
>> Hey folks,
>> 
>> This is one that is difficult to test in a test environment.
>> 
>> I've got OpenBSD 6.5 on a relatively new pair of servers each with 8G RAM.
>> 
>> With some scripting I'm looking at feeding block IPs to the firewalls
>> to block bad-guys in near real time, but in theory if we got attacked
>> by a bot net or something like that, it could result in a few thousand
>> IPs being blocked.  Possibly even 10s of thousands.
>> 
>> Are there any real-world data out there on how big of a block list we
>> can handle without impacting performance?
>> 
>> We're doing the standard /etc/blacklist to load a table and then have
>> a block on the table right at the top of the ruleset.
>> 
>> thanks,
>> -Alan
>> 
>> -- 
>> "You should sit in nature for 20 minutes a day.
>> Unless you are busy, then you should sit for an hour"
>>- Zen Proverb
>> 
> 



Re: OpenBSD 6.7-current VM on vmd collectd timesync problem

2020-08-02 Thread Martin
Does anyone hit this on 6.7-current?

Martin

‐‐‐ Original Message ‐‐‐
On Thursday, July 30, 2020 11:18 PM, Martin  wrote:

> I tried kern.timecounter.hardware=tsc, no effect.
>
> ‐‐‐ Original Message ‐‐‐
> On Thursday, July 30, 2020 10:46 PM, Brian Brombacher br...@planetunix.net 
> wrote:
>
> > Are you using: kern.timercounter.hardware=tsc ?
> > I’m on 6.7 release and no issue with collectd.
> >
> > > On Jul 30, 2020, at 4:53 PM, Martin martin...@protonmail.com wrote:
> > > I can test it on 6.7-current only, and I haven't tested collectd on 6.6 - 
> > > 6.7 -stable. TSC looks synchronized, ntpd corrects small amount of time 
> > > skew ~1s or less.
> > > VM time looks stable, but not enougth for time-series measurements.
> > > Do you know any command to check TSC is "synchronized"?
> > > Martin
> > > ‐‐‐ Original Message ‐‐‐‐‐‐‐
> > >
> > > > On Thursday, July 30, 2020 8:40 PM, Chris Cappuccio ch...@nmedia.net 
> > > > wrote:
> > > > Martin [martin...@protonmail.com] wrote:
> > > >
> > > > > VM using NTP protocol to fine tune clock from the OpenBSD 6.7-current 
> > > > > host, but collectd complain about clock skew in the past.
> > > > > Any ideas?
> > > >
> > > > Does this happen with 6.6 or 6.7 as well? 6.7-current uses the TSC 
> > > > directly
> > > > to gather timestamps, but it should only do this if the TSC are 
> > > > "synchronized".




Re: OpenBSD 6.7-current VM on vmd collectd timesync problem

2020-07-30 Thread Martin
I tried kern.timecounter.hardware=tsc, no effect.

‐‐‐ Original Message ‐‐‐
On Thursday, July 30, 2020 10:46 PM, Brian Brombacher  
wrote:

> Are you using: kern.timercounter.hardware=tsc ?
>
> I’m on 6.7 release and no issue with collectd.
>
> > On Jul 30, 2020, at 4:53 PM, Martin martin...@protonmail.com wrote:
> > I can test it on 6.7-current only, and I haven't tested collectd on 6.6 - 
> > 6.7 -stable. TSC looks synchronized, ntpd corrects small amount of time 
> > skew ~1s or less.
> > VM time looks stable, but not enougth for time-series measurements.
> > Do you know any command to check TSC is "synchronized"?
> > Martin
> > ‐‐‐ Original Message ‐‐‐
> >
> > > On Thursday, July 30, 2020 8:40 PM, Chris Cappuccio ch...@nmedia.net 
> > > wrote:
> > > Martin [martin...@protonmail.com] wrote:
> > >
> > > > VM using NTP protocol to fine tune clock from the OpenBSD 6.7-current 
> > > > host, but collectd complain about clock skew in the past.
> > > > Any ideas?
> > >
> > > Does this happen with 6.6 or 6.7 as well? 6.7-current uses the TSC 
> > > directly
> > > to gather timestamps, but it should only do this if the TSC are 
> > > "synchronized".




Re: OpenBSD 6.7-current VM on vmd collectd timesync problem

2020-07-30 Thread Martin
I can test it on 6.7-current only, and I haven't tested collectd on 6.6 - 6.7 
-stable. TSC looks synchronized, ntpd corrects small amount of time skew ~1s or 
less.

VM time looks stable, but not enougth for time-series measurements.

Do you know any command to check TSC is "synchronized"?

Martin

‐‐‐ Original Message ‐‐‐
On Thursday, July 30, 2020 8:40 PM, Chris Cappuccio  wrote:

> Martin [martin...@protonmail.com] wrote:
>
> > VM using NTP protocol to fine tune clock from the OpenBSD 6.7-current host, 
> > but collectd complain about clock skew in the past.
> > Any ideas?
>
> Does this happen with 6.6 or 6.7 as well? 6.7-current uses the TSC directly
> to gather timestamps, but it should only do this if the TSC are 
> "synchronized".




OpenBSD 6.7-current VM on vmd collectd timesync problem

2020-07-30 Thread Martin
Log messages from collectd installed on OpenBSD 6.7-current VM:

2020-07-30T12:42:08+00:00 192.168.20.15 collectd[75320]: Not sleeping because 
the next interval is 0.689 second in the past!
2020-07-30T12:42:25+00:00 192.168.20.15 collectd[75320]: Not sleeping because 
the next interval is 0.069 second in the past!

Setting 'Interval 5' or 10 in /etc/collectd.conf has no effect.

collectd sends UDP packets to syslog-ng on the host system anyway. And UDP 
packets arrive safely.

VM using NTP protocol to fine tune clock from the OpenBSD 6.7-current host, but 
collectd complain about clock skew in the past.

Any ideas?

Martin



Re: Fixed IP address for vmd dedicated VMs from dhcpd every boot/reboot

2020-07-25 Thread Martin
Thanks guys, this helps!

Martin

‐‐‐ Original Message ‐‐‐
On Saturday, July 25, 2020 8:41 AM, Kapetanakis Giannis 
 wrote:

> On 25/07/2020 11:28, Martin wrote:
>
> > Hi,
> > Sometimes dedicated VMs need fixed (the same) IP address assigned by dhcpd 
> > every run. I don't know how to achieve this by dhcpd configured. Every VM 
> > reboot it gets different IP. OpenBSD guests changes their IPs even without 
> > reboot, right in runtime.
> > For instance I need to assign these IP addresses to VMs every run to 
> > dedicated VMs by dhcpd:
> > OpenBSD obsd0.qcow2 10.0.1.12
> > OpenBSD obsd1.qcow2 10.0.1.13
> > OpenBSD obsd2.qcow2 10.0.1.14
> > Linux lin0.qcow2 10.0.1.22
> > Linux lin1.qcow2 10.0.1.23
> > It looks like MAC of guests changed every boot, so dhcpd assigned different 
> > IP address from the pool every boot/reboot.
> > Please advice any way how to fix it.
> > Thank you for answer in advance.
> > Martin
>
> Not familiar at all with VMM but vm.conf(5) says:
>
> [locked] lladdr [etheraddr]
> Change the link layer address (MAC address) of the
> interface on the VM guest side. If not specified, a
> randomized address will be assigned by vmd(8). If the
> locked keyword is specified, vmd(8) will drop packets
> from the VM with altered source addresses.
>
> dhcpd.conf(5) also has examples on how to assign same IP per host MAC
>
> G




Fixed IP address for vmd dedicated VMs from dhcpd every boot/reboot

2020-07-25 Thread Martin
Hi,

Sometimes dedicated VMs need fixed (the same) IP address assigned by dhcpd 
every run. I don't know how to achieve this by dhcpd configured. Every VM 
reboot it gets different IP. OpenBSD guests changes their IPs even without 
reboot, right in runtime.

For instance I need to assign these IP addresses to VMs every run to dedicated 
VMs by dhcpd:

OpenBSD obsd0.qcow2 10.0.1.12
OpenBSD obsd1.qcow2 10.0.1.13
OpenBSD obsd2.qcow2 10.0.1.14

Linux lin0.qcow2 10.0.1.22
Linux lin1.qcow2 10.0.1.23

It looks like MAC of guests changed every boot, so dhcpd assigned different IP 
address from the pool every boot/reboot.

Please advice any way how to fix it.

Thank you for answer in advance.

Martin



Cleaning system's old ibraries/files after update to next -release or -current

2020-07-14 Thread Martin
After system update I found lots of 'old' libraries versions and possibly 
binaries from previous releases.

Does anybody know an automated method to remove it after update? For instance 
previous libs before update to -current.

Martin


Re: Alpine-virt vmd guest tsc directive

2020-06-29 Thread Martin
About a year ago I set Debian by difficult way from official distribution 
without modifying official iso and preconfigured console output.

As Mike wrote, it is significantly better to find iso with virtio driver.

Martin

‐‐‐ Original Message ‐‐‐
On Monday, June 29, 2020 9:53 PM, Mike Larkin  wrote:

> On Mon, Jun 29, 2020 at 08:25:19PM +0000, Martin wrote:
>
> > Setting up Debian as vmm guest is not a trivial procedure and require 
> > Debian Linux host with KVM installed first to install your guest with 
> > screen connected.
>
> Why do you believe this? Setting up debian in vmm is not any harder than 
> setting
> up any other distribution. You just need to make sure to use their install iso
> that includes virtio. I think I used the minimal install iso (can't recall the
> name, might have even been the netinst one).
>
> > Once you have your host ready with KVM run a command to set iso up:
> > qemu-img create -f qcow2 linux.qcow2 128G
> > kvm -enable-kvm -vnc 127.0.0.1:0 -k en-us -monitor pty -m 2048 -net nic 
> > -net user -soundhw all -cdrom debian-linux.iso -boot -d -name linux -hda 
> > linux.qcow2
> > Install it and run the machine with VNC connection
> > kvm -enable-kvm -vnc 127.0.0.1:0 -k en-us -nographic -monitor pty -m 2048 
> > -net nic -net user -soundhw all -boot -d -name linux -hda linux.qcow
>
> You don't need to do any of this.
>
> -ml
>
> > Onece you do it please mail me back, I'll share next steps somewhere.
> > Martin
> > ‐‐‐ Original Message ‐‐‐
> > On Monday, June 29, 2020 7:53 PM, George g.lis...@nodeunit.com wrote:
> >
> > > On 2020-06-29 12:54 p.m., Martin wrote:
> > >
> > > > George, thanks for your feedback!
> > > > I'd prefer OpenBSD in 99% of situations, but now I need to roll out 
> > > > Docker. Docker = linux. So I have to solve all the major issues, 
> > > > especially with clock, and run it for a project using OpenBSD host of 
> > > > course.
> > >
> > > Work is an imposed 'choice' ;) and yes that is where virtualization
> > > shines a little light in the tunnel.
> > >
> > > > I set vmd Debian desktop guest a year ago with 5.2.x kernel which boots 
> > > > headless on vmd. Virtual framebuffer used for VNC connection from the 
> > > > same OpenBSD host by vnc viewer. Works perfectly, except clock...
> > >
> > > I would be interested in any instructions you might have on setting that 
> > > up.
> > >
> > > > Currently, rebuilt kernel and vmd from -current. Going to make 5.4.x 
> > > > related vmm_clock module for minimalist Alpine-virt Linux guest. I'll 
> > > > report about results once done.
> > >
> > > That would be great.
> > > Thanks.
> > >
> > > > Martin
> > > > ‐‐‐ Original Message ‐‐‐
> > > > On Monday, June 29, 2020 4:21 PM, George g.lis...@nodeunit.com wrote:
> > > >
> > > > > On 2020-06-29 8:51 a.m., Martin Sukany wrote:
> > > > >
> > > > > > Hi George,
> > > > > > did you solved the issue? I remember that I faces similar thing 
> > > > > > when I installed headless ubuntu as a guest … My issue was related 
> > > > > > to the fact that I used ‚boot cdrom‘ directive inside my 
> > > > > > configuration (seems that there is a bit inconsistency between the 
> > > > > > man page and the real configuration).
> > > > > > This is is a relevant piece of my config:
> > > > > > vm "ubuntu" {
> > > > > > memory 2G
> > > > > > cdrom /data/vms/_iso/mini-serial.iso
> > > > > > disk /data/vms/ubuntu.raw
> > > > > > interface tap { switch "uplink" }
> > > > > > disable
> > > > > > }
> > > > > > I had bad experience with usage of qcow2 disk format for Linux 
> > > > > > based guests — especially when you’re trying to do dozens of I/O 
> > > > > > operations — several disk containers crashed before I migrated them 
> > > > > > to raw format.
> > > > > > if you have more than 4 vms, don’t forget to create another 
> > > > > > /dev/tap device, otherwise you could expect the unexpectable 
> > > > > > behaviour :)
> > > > > > M>
> > > > > > Hello Martin,
> > > > >
> > > > > Thanks for the pointers. I abandoned my Linux efforts,

Re: Alpine-virt vmd guest tsc directive

2020-06-29 Thread Martin
Dave,

Alpine 3.12 works excellent with your kernel drivers. Absolutely amazing!

I've just built all of them and solve ton of time without experimenting with 
tsc kernel options.

virtio_vmmci
virtio_pci_obsd
vmm_clock

I followed all of your recommendations except adding tsc options to 
/etc/update-extlinux.conf
tsc=reliable
tsc=noirqtime

>From first view clock works excellent without any tsc kernel options.
'vmcl stop linux' command shut it down gracefully!

Thanks for your work. Great job!

Martin


‐‐‐ Original Message ‐‐‐
On Monday, June 29, 2020 8:51 PM, Dave Voutila  wrote:

> On Mon, Jun 29, 2020 at 4:46 PM Martin martin...@protonmail.com wrote:
>
> > According to man vmctl for both: -current and 6.7 -b should be used for 
> > base images. -b works just before kernel+vmm+vmctl -current update.
>
> Re-read it. You're mixing the`vmctl start` and `vmctl create`
> commands. They reuse options but the -b options have nothing to do
> with each other and even with `vmctl start` it's a flag for a kernel
> or custom bios...not an iso.
>
> > Please check https://man.openbsd.org/vmctl.8
> > Can it be a bug?
>
> No.
>
> -Dave




Re: Alpine-virt vmd guest tsc directive

2020-06-29 Thread Martin
Thanks, found mistake. Works like a charm!

‐‐‐ Original Message ‐‐‐
On Monday, June 29, 2020 8:51 PM, Dave Voutila  wrote:

> On Mon, Jun 29, 2020 at 4:46 PM Martin martin...@protonmail.com wrote:
>
> > According to man vmctl for both: -current and 6.7 -b should be used for 
> > base images. -b works just before kernel+vmm+vmctl -current update.
>
> Re-read it. You're mixing the`vmctl start` and `vmctl create`
> commands. They reuse options but the -b options have nothing to do
> with each other and even with `vmctl start` it's a flag for a kernel
> or custom bios...not an iso.
>
> > Please check https://man.openbsd.org/vmctl.8
> > Can it be a bug?
>
> No.
>
> -Dave




Re: Alpine-virt vmd guest tsc directive

2020-06-29 Thread Martin
According to man vmctl for both: -current and 6.7 -b should be used for base 
images. -b works just before kernel+vmm+vmctl -current update.

Please check https://man.openbsd.org/vmctl.8

Can it be a bug?

Martin

‐‐‐ Original Message ‐‐‐
On Monday, June 29, 2020 8:28 PM, Dave Voutila  wrote:

> On Mon, Jun 29, 2020 at 4:05 PM Martin martin...@protonmail.com wrote:
>
> > After build kernel+vmd+vmctl sources from -current I have an issue with 
> > installing a system from *.iso images.
> > The command below works fine before update, but not now
> > $ doas vmctl start -m 1G -c -n vmlan -b /home/iso/install67.iso -d 
> > /home/vmm/guest.qcow2 guest
>
> I don't believe that syntax was ever correct for vmctl(8). Check your use of 
> -b.




Re: Alpine-virt vmd guest tsc directive

2020-06-29 Thread Martin
Setting up Debian as vmm guest is not a trivial procedure and require Debian 
Linux host with KVM installed first to install your guest with screen connected.

Once you have your host ready with KVM run a command to set iso up:

qemu-img create -f qcow2 linux.qcow2 128G

kvm -enable-kvm -vnc 127.0.0.1:0 -k en-us -monitor pty -m 2048 -net nic -net 
user -soundhw all -cdrom debian-linux.iso -boot -d -name linux -hda linux.qcow2

Install it and run the machine with VNC connection

kvm -enable-kvm -vnc 127.0.0.1:0 -k en-us -nographic -monitor pty -m 2048 -net 
nic -net user -soundhw all -boot -d -name linux -hda linux.qcow

Onece you do it please mail me back, I'll share next steps somewhere.

Martin

‐‐‐ Original Message ‐‐‐
On Monday, June 29, 2020 7:53 PM, George  wrote:

> On 2020-06-29 12:54 p.m., Martin wrote:
>
> > George, thanks for your feedback!
> > I'd prefer OpenBSD in 99% of situations, but now I need to roll out Docker. 
> > Docker = linux. So I have to solve all the major issues, especially with 
> > clock, and run it for a project using OpenBSD host of course.
>
> Work is an imposed 'choice' ;) and yes that is where virtualization
> shines a little light in the tunnel.
>
> > I set vmd Debian desktop guest a year ago with 5.2.x kernel which boots 
> > headless on vmd. Virtual framebuffer used for VNC connection from the same 
> > OpenBSD host by vnc viewer. Works perfectly, except clock...
>
> I would be interested in any instructions you might have on setting that up.
>
> > Currently, rebuilt kernel and vmd from -current. Going to make 5.4.x 
> > related vmm_clock module for minimalist Alpine-virt Linux guest. I'll 
> > report about results once done.
>
> That would be great.
>
> Thanks.
>
> > Martin
> > ‐‐‐ Original Message ‐‐‐
> > On Monday, June 29, 2020 4:21 PM, George g.lis...@nodeunit.com wrote:
> >
> > > On 2020-06-29 8:51 a.m., Martin Sukany wrote:
> > >
> > > > Hi George,
> > > > did you solved the issue? I remember that I faces similar thing when I 
> > > > installed headless ubuntu as a guest … My issue was related to the fact 
> > > > that I used ‚boot cdrom‘ directive inside my configuration (seems that 
> > > > there is a bit inconsistency between the man page and the real 
> > > > configuration).
> > > > This is is a relevant piece of my config:
> > > > vm "ubuntu" {
> > > > memory 2G
> > > > cdrom /data/vms/_iso/mini-serial.iso
> > > > disk /data/vms/ubuntu.raw
> > > > interface tap { switch "uplink" }
> > > > disable
> > > > }
> > > > I had bad experience with usage of qcow2 disk format for Linux based 
> > > > guests — especially when you’re trying to do dozens of I/O operations — 
> > > > several disk containers crashed before I migrated them to raw format.
> > > > if you have more than 4 vms, don’t forget to create another /dev/tap 
> > > > device, otherwise you could expect the unexpectable behaviour :)
> > > > M>
> > > > Hello Martin,
> > >
> > > Thanks for the pointers. I abandoned my Linux efforts, too many issue
> > > and things to learn no time now. My goals could be satisfied by an
> > > OpenBSD VM and it is much better than most Linuxes ;). I have been
> > > swimming against the current (read using things/software/apis/os/tools
> > > etc. when people said it is not what is supposed to be done) but as of
> > > late I find it more relaxing going with it ;).
> > > Virtualization is such a ... mess which like everything else in our
> > > lives nowadays is designed to cover another mess ... I want to run Linux
> > > software on OpenBSD because I don't want to dedicate a machine to Linux
> > > and want to upgrade or run the version I want until I want ... I should
> > > be free to make that choice because of "I", sarcastic here, problem is
> > > CPU vendors and OS developers have to jump some hoops and add some
> > > features to make it happen ... and then things happen that the I does
> > > not like.
> > > Thanks for adding this info albeit to the wrong thread, I read it
> > > because I like Alpine and was thinking of it myself, but they don't have
> > > a ready console install version do they?
> > > Cheers,
> > > George
> > >
> > > > > > Hi guys,
> > > > > > I apologize if this maybe out of topic even though it is truly 
> > > > > > related
> > > > > > to VMM than Debian.
>

Re: Alpine-virt vmd guest tsc directive

2020-06-29 Thread Martin Sukany
There is quite nice article how to prepare own headless ISO — for Debian it’s 
quite the same …
https://giocher.com/words/2018/ubuntu-on-openbsd-vmm/


S pozdravem / Kind regards

Martin Sukaný
UNIX Engineer, Developer, DevOps specialist
xmpp: mar...@sukany.cz
phone: +420 776 275 713
email: mar...@sukany.cz
l: https://www.linkedin.com/in/martins6




> 29. 6. 2020 v 21:53, George :
> 
> 
> On 2020-06-29 12:54 p.m., Martin wrote:
>> George, thanks for your feedback!
>> 
>> I'd prefer OpenBSD in 99% of situations, but now I need to roll out Docker. 
>> Docker = linux. So I have to solve all the major issues, especially with 
>> clock, and run it for a project using OpenBSD host of course.
> 
> 
> Work is an imposed 'choice' ;) and yes that is where virtualization shines a 
> little light in the tunnel.
> 
> 
>> 
>> I set vmd Debian desktop guest a year ago with 5.2.x kernel which boots 
>> headless on vmd. Virtual framebuffer used for VNC connection from the same 
>> OpenBSD host by vnc viewer. Works perfectly, except clock...
> 
> 
> I would be interested in any instructions you might have on setting that up.
> 
> 
>> 
>> 
>> Currently, rebuilt kernel and vmd from -current. Going to make 5.4.x related 
>> vmm_clock module for minimalist Alpine-virt Linux guest. I'll report about 
>> results once done.
> 
> 
> That would be great.
> 
> Thanks.
> 
> 
>> 
>> Martin
>> 
>> ‐‐‐ Original Message ‐‐‐
>> On Monday, June 29, 2020 4:21 PM, George  wrote:
>> 
>>> On 2020-06-29 8:51 a.m., Martin Sukany wrote:
>>> 
>>>> Hi George,
>>>> did you solved the issue? I remember that I faces similar thing when I 
>>>> installed headless ubuntu as a guest … My issue was related to the fact 
>>>> that I used ‚boot cdrom‘ directive inside my configuration (seems that 
>>>> there is a bit inconsistency between the man page and the real 
>>>> configuration).
>>>> This is is a relevant piece of my config:
>>>> vm "ubuntu" {
>>>> memory 2G
>>>> cdrom /data/vms/_iso/mini-serial.iso
>>>> disk /data/vms/ubuntu.raw
>>>> interface tap { switch "uplink" }
>>>> disable
>>>> }
>>>> I had bad experience with usage of qcow2 disk format for Linux based 
>>>> guests — especially when you’re trying to do dozens of I/O operations — 
>>>> several disk containers crashed before I migrated them to raw format.
>>>> if you have more than 4 vms, don’t forget to create another /dev/tap 
>>>> device, otherwise you could expect the unexpectable behaviour :)
>>>> M>
>>> Hello Martin,
>>> 
>>> Thanks for the pointers. I abandoned my Linux efforts, too many issue
>>> and things to learn no time now. My goals could be satisfied by an
>>> OpenBSD VM and it is much better than most Linuxes ;). I have been
>>> swimming against the current (read using things/software/apis/os/tools
>>> etc. when people said it is not what is supposed to be done) but as of
>>> late I find it more relaxing going with it ;).
>>> 
>>> Virtualization is such a ... mess which like everything else in our
>>> lives nowadays is designed to cover another mess ... I want to run Linux
>>> software on OpenBSD because I don't want to dedicate a machine to Linux
>>> and want to upgrade or run the version I want until I want ... I should
>>> be free to make that choice because of "I", sarcastic here, problem is
>>> CPU vendors and OS developers have to jump some hoops and add some
>>> features to make it happen ... and then things happen that the I does
>>> not like.
>>> 
>>> Thanks for adding this info albeit to the wrong thread, I read it
>>> because I like Alpine and was thinking of it myself, but they don't have
>>> a ready console install version do they?
>>> 
>>> Cheers,
>>> 
>>> George
>>> 
>>>>>> Hi guys,
>>>>>> I apologize if this maybe out of topic even though it is truly related
>>>>>> to VMM than Debian.
>>>>>> I am trying to setup a VMM Debian based guest but I'm not able to get it
>>>>>> to work. I found some description on the web about which settings to
>>>>>> edit in grub.cfg to enable the serial console and created a VM with 10.3
>>>>>> in qcow2 disk format in KVM. Now I am trying to start the same on
>>>>>> OpenBSD 6.7 but keep getting the connected message and then just
>>>>>> "Rebooting " after I hit some keyboard keys seems like baud rate issue
>>>>>> but not sure.
>>>>>> After messing with it for a while now I am getting a new error:
>>>>>> vmctl: could not open disk image(s)
>>>>>> even thought the disk is there and readable to the user I have setup in
>>>>>> vm.conf in fact I have another VM with the same configuration and disk
>>>>>> with the same permissions and in the same location that works (it is
>>>>>> OpenBSD based).
>>>>>> I would greatly appreciate it if someone has gone this path and can
>>>>>> share some config info with me.
>>>>>> Cheers and thanks in advance,
>>>>>> George
>> 



signature.asc
Description: Message signed with OpenPGP


Re: Alpine-virt vmd guest tsc directive

2020-06-29 Thread Martin
Dave,

After build kernel+vmd+vmctl sources from -current I have an issue with 
installing a system from *.iso images.
The command below works fine before update, but not now

$ doas vmctl start -m 1G -c -n vmlan -b /home/iso/install67.iso -d 
/home/vmm/guest.qcow2 guest

Martin

‐‐‐ Original Message ‐‐‐
On Monday, June 29, 2020 3:14 PM, Dave Voutila  wrote:

> On Mon, Jun 29, 2020 at 10:57 AM Martin martin...@protonmail.com wrote:
>
> > Hi Dave,
> > Alpine kernel 5.4.43-1-virt guest openbsd 6.7 stable host. Try to compile 
> > vmd from -current to improve linux guests stability.
>
> Are you also running a -current kernel? vmm(4) is in the OpenBSD
> kernel...vmd(8) is in base.
>
> > set clocksource=tsc in /etc/update-extlinux.conf
> > run update-extlinux to install boot loader.
> > Next boot getting this in dmesg:
> > ...
> > [Frimware Bug]: TSC doesn't count with P0 frequency!
> > tsc: Fast TSC calibration failed
> > tsc: Unable to calibrate against PIT
> > tsc: No referece (HPET/PMTIMER) available
> > tsc: Marking TSC unstable due to could not calculate TSC khz
> > ...
>
> Honestly, chasing Linux tsc issues will waste your time. If you're
> using a -current snapshot, build https://github.com/voutilad/vmm_clock
> and load it as a Linux kernel module and give up chasing tsc
> calibration issues for now unless you want to get intimately familiar
> with the Linux kernel.
>
> > Dave, I've never asked about qcow2 or raw disks in any of my previous email.
>
> Apologies...saw another Martin (mar...@sukany.cz) reply to the same
> subject and thought you were the same Martin :-)
>
> -Dave




Re: Alpine-virt vmd guest tsc directive

2020-06-29 Thread Martin
Alpine has minimalist console ready install on ~40Mb *.iso initially if you 
chose -virt release. Can be installed out of the box for headless environment. 
With some additional env. binaries and configs + docker it grow up to 780Mb in 
*.qcow2 image. I suppose it will be a bit higher after additional kernel module 
build...

Martin

‐‐‐ Original Message ‐‐‐
On Monday, June 29, 2020 4:21 PM, George  wrote:

> On 2020-06-29 8:51 a.m., Martin Sukany wrote:
>
> > Hi George,
> > did you solved the issue? I remember that I faces similar thing when I 
> > installed headless ubuntu as a guest … My issue was related to the fact 
> > that I used ‚boot cdrom‘ directive inside my configuration (seems that 
> > there is a bit inconsistency between the man page and the real 
> > configuration).
> > This is is a relevant piece of my config:
> > vm "ubuntu" {
> > memory 2G
> > cdrom /data/vms/_iso/mini-serial.iso
> > disk /data/vms/ubuntu.raw
> > interface tap { switch "uplink" }
> > disable
> > }
> > I had bad experience with usage of qcow2 disk format for Linux based guests 
> > — especially when you’re trying to do dozens of I/O operations — several 
> > disk containers crashed before I migrated them to raw format.
> > if you have more than 4 vms, don’t forget to create another /dev/tap 
> > device, otherwise you could expect the unexpectable behaviour :)
> > M>
>
> Hello Martin,
>
> Thanks for the pointers. I abandoned my Linux efforts, too many issue
> and things to learn no time now. My goals could be satisfied by an
> OpenBSD VM and it is much better than most Linuxes ;). I have been
> swimming against the current (read using things/software/apis/os/tools
> etc. when people said it is not what is supposed to be done) but as of
> late I find it more relaxing going with it ;).
>
> Virtualization is such a ... mess which like everything else in our
> lives nowadays is designed to cover another mess ... I want to run Linux
> software on OpenBSD because I don't want to dedicate a machine to Linux
> and want to upgrade or run the version I want until I want ... I should
> be free to make that choice because of "I", sarcastic here, problem is
> CPU vendors and OS developers have to jump some hoops and add some
> features to make it happen ... and then things happen that the I does
> not like.
>
> Thanks for adding this info albeit to the wrong thread, I read it
> because I like Alpine and was thinking of it myself, but they don't have
> a ready console install version do they?
>
> Cheers,
>
> George
>
> > > > Hi guys,
> > > > I apologize if this maybe out of topic even though it is truly related
> > > > to VMM than Debian.
> > > > I am trying to setup a VMM Debian based guest but I'm not able to get it
> > > > to work. I found some description on the web about which settings to
> > > > edit in grub.cfg to enable the serial console and created a VM with 10.3
> > > > in qcow2 disk format in KVM. Now I am trying to start the same on
> > > > OpenBSD 6.7 but keep getting the connected message and then just
> > > > "Rebooting " after I hit some keyboard keys seems like baud rate issue
> > > > but not sure.
> > > > After messing with it for a while now I am getting a new error:
> > > > vmctl: could not open disk image(s)
> > > > even thought the disk is there and readable to the user I have setup in
> > > > vm.conf in fact I have another VM with the same configuration and disk
> > > > with the same permissions and in the same location that works (it is
> > > > OpenBSD based).
> > > > I would greatly appreciate it if someone has gone this path and can
> > > > share some config info with me.
> > > > Cheers and thanks in advance,
> > > > George




Re: Alpine-virt vmd guest tsc directive

2020-06-29 Thread Martin
George, thanks for your feedback!

I'd prefer OpenBSD in 99% of situations, but now I need to roll out Docker. 
Docker = linux. So I have to solve all the major issues, especially with clock, 
and run it for a project using OpenBSD host of course.

I set vmd Debian desktop guest a year ago with 5.2.x kernel which boots 
headless on vmd. Virtual framebuffer used for VNC connection from the same 
OpenBSD host by vnc viewer. Works perfectly, except clock...


Currently, rebuilt kernel and vmd from -current. Going to make 5.4.x related 
vmm_clock module for minimalist Alpine-virt Linux guest. I'll report about 
results once done.

Martin

‐‐‐ Original Message ‐‐‐
On Monday, June 29, 2020 4:21 PM, George  wrote:

> On 2020-06-29 8:51 a.m., Martin Sukany wrote:
>
> > Hi George,
> > did you solved the issue? I remember that I faces similar thing when I 
> > installed headless ubuntu as a guest … My issue was related to the fact 
> > that I used ‚boot cdrom‘ directive inside my configuration (seems that 
> > there is a bit inconsistency between the man page and the real 
> > configuration).
> > This is is a relevant piece of my config:
> > vm "ubuntu" {
> > memory 2G
> > cdrom /data/vms/_iso/mini-serial.iso
> > disk /data/vms/ubuntu.raw
> > interface tap { switch "uplink" }
> > disable
> > }
> > I had bad experience with usage of qcow2 disk format for Linux based guests 
> > — especially when you’re trying to do dozens of I/O operations — several 
> > disk containers crashed before I migrated them to raw format.
> > if you have more than 4 vms, don’t forget to create another /dev/tap 
> > device, otherwise you could expect the unexpectable behaviour :)
> > M>
>
> Hello Martin,
>
> Thanks for the pointers. I abandoned my Linux efforts, too many issue
> and things to learn no time now. My goals could be satisfied by an
> OpenBSD VM and it is much better than most Linuxes ;). I have been
> swimming against the current (read using things/software/apis/os/tools
> etc. when people said it is not what is supposed to be done) but as of
> late I find it more relaxing going with it ;).
>
> Virtualization is such a ... mess which like everything else in our
> lives nowadays is designed to cover another mess ... I want to run Linux
> software on OpenBSD because I don't want to dedicate a machine to Linux
> and want to upgrade or run the version I want until I want ... I should
> be free to make that choice because of "I", sarcastic here, problem is
> CPU vendors and OS developers have to jump some hoops and add some
> features to make it happen ... and then things happen that the I does
> not like.
>
> Thanks for adding this info albeit to the wrong thread, I read it
> because I like Alpine and was thinking of it myself, but they don't have
> a ready console install version do they?
>
> Cheers,
>
> George
>
> > > > Hi guys,
> > > > I apologize if this maybe out of topic even though it is truly related
> > > > to VMM than Debian.
> > > > I am trying to setup a VMM Debian based guest but I'm not able to get it
> > > > to work. I found some description on the web about which settings to
> > > > edit in grub.cfg to enable the serial console and created a VM with 10.3
> > > > in qcow2 disk format in KVM. Now I am trying to start the same on
> > > > OpenBSD 6.7 but keep getting the connected message and then just
> > > > "Rebooting " after I hit some keyboard keys seems like baud rate issue
> > > > but not sure.
> > > > After messing with it for a while now I am getting a new error:
> > > > vmctl: could not open disk image(s)
> > > > even thought the disk is there and readable to the user I have setup in
> > > > vm.conf in fact I have another VM with the same configuration and disk
> > > > with the same permissions and in the same location that works (it is
> > > > OpenBSD based).
> > > > I would greatly appreciate it if someone has gone this path and can
> > > > share some config info with me.
> > > > Cheers and thanks in advance,
> > > > George




Re: Alpine-virt vmd guest tsc directive

2020-06-29 Thread Martin
Hi Dave,

Alpine kernel 5.4.43-1-virt guest openbsd 6.7 stable host. Try to compile vmd 
from -current to improve linux guests stability.

set clocksource=tsc in /etc/update-extlinux.conf
run update-extlinux to install boot loader.

Next boot getting this in dmesg:

...
[Frimware Bug]: TSC doesn't count with P0 frequency!
tsc: Fast TSC calibration failed
tsc: Unable to calibrate against PIT
tsc: No referece (HPET/PMTIMER) available
tsc: Marking TSC unstable due to could not calculate TSC khz
...

Dave, I've never asked about qcow2 or raw disks in any of my previous email.

Martin


‐‐‐ Original Message ‐‐‐
On Monday, June 29, 2020 2:11 PM, Dave Voutila  wrote:

> On Mon, Jun 29, 2020 at 7:23 AM Martin martin...@protonmail.com wrote:
>
> > Hi list,
> > I'm using Alpine-virt linux (headless linux with 40Mb initial *.iso size) 
> > which has tsc issues. Alpine uses syslinux lightweight boot loader by 
> > default. In order to enable tsc I've added tsc=reliable tsc=noirqtime to 
> > /etc/update-extlinux.conf before console=ttyS0,115200 and updated it 
> > accordingly.
>
> You don't mention which Alpine and kernel version you're using. Also,
> you don't mention which OpenBSD version...-current or 6.7? Some major
> fixes just went into -current and look like they were in last night's
> amd64 snapshots.
>
> > It seems no changes in tsc usage prior to /dev/rtc0 as boot log shows:
> > ...
> >
> > -   Setting system clock using the hardware clock [UTC] ...hwclock: 
> > select() to /dev/rtc0 to wait for clock tick timed out
> > -   Failed to set the system clock
>
> /dev/rtc0 has nothing to do with the tsc or clocksource. This looks
> like a separate issue and your guest isn't properly using the emulated
> mc146818 device. I'm guessing there are bigger issues here.
>
> > ...
> > Does somebody know some way how set tsc as default clock source in Alpine 
> > 5.4.43-1-virt guest?
>
> Add the linux boot arg: clocksource=tsc
>
> But in all honesty, if you want better Linux guest stability, you'll
> need to use a -current snapshot.
>
> Regarding your comment about disks in your other email...what you saw
> with qcow2 vs raw probably has nothing to do with the emulated disks
> and everything to do with the stability improvements now in -current.
>
> -Dave




Re: Alpine-virt vmd guest tsc directive

2020-06-29 Thread Martin Sukany
Hi George,

did you solved the issue? I remember that I faces similar thing when I 
installed headless ubuntu as a guest … My issue was related to the fact that I 
used ‚boot cdrom‘ directive inside my configuration (seems that there is a bit 
inconsistency between the man page and the real configuration). 

This is is a relevant piece of my config:
vm "ubuntu" {
memory 2G
cdrom /data/vms/_iso/mini-serial.iso
disk /data/vms/ubuntu.raw
interface tap { switch "uplink" }
disable
}


I had bad experience with usage of qcow2 disk format for Linux based guests — 
especially when you’re trying to do dozens of I/O operations — several disk 
containers crashed before I migrated them to raw format. 

if you have more than 4 vms, don’t forget to create another /dev/tap device, 
otherwise you could expect the unexpectable behaviour :)

M>


> 
>> Hi guys,
>> 
>> I apologize if this maybe out of topic even though it is truly related
>> to VMM than Debian.
>> 
>> I am trying to setup a VMM Debian based guest but I'm not able to get it
>> to work. I found some description on the web about which settings to
>> edit in grub.cfg to enable the serial console and created a VM with 10.3
>> in qcow2 disk format in KVM. Now I am trying to start the same on
>> OpenBSD 6.7 but keep getting the connected message and then just
>> "Rebooting " after I hit some keyboard keys seems like baud rate issue
>> but not sure.
>> 
>> After messing with it for a while now I am getting a new error:
>> 
>> vmctl: could not open disk image(s)
>> 
>> even thought the disk is there and readable to the user I have setup in
>> vm.conf in fact I have another VM with the same configuration and disk
>> with the same permissions and in the same location that works (it is
>> OpenBSD based).
>> 
>> I would greatly appreciate it if someone has gone this path and can
>> share some config info with me.
>> 
>> Cheers and thanks in advance,
>> 
>> George
> 
> 



Alpine-virt vmd guest tsc directive

2020-06-29 Thread Martin
Hi list,

I'm using Alpine-virt linux (headless linux with 40Mb initial *.iso size) which 
has tsc issues. Alpine uses syslinux lightweight boot loader by default. In 
order to enable tsc I've added tsc=reliable tsc=noirqtime to 
/etc/update-extlinux.conf before console=ttyS0,115200 and updated it 
accordingly.

It seems no changes in tsc usage prior to /dev/rtc0 as boot log shows:
...
* Setting system clock using the hardware clock [UTC] ...hwclock: select() to 
/dev/rtc0 to wait for clock tick timed out
* Failed to set the system clock
...

Does somebody know some way how set tsc as default clock source in Alpine 
5.4.43-1-virt guest?

Martin


‐‐‐ Original Message ‐‐‐
On Wednesday, June 10, 2020 6:36 PM, George  wrote:

> Hi guys,
>
> I apologize if this maybe out of topic even though it is truly related
> to VMM than Debian.
>
> I am trying to setup a VMM Debian based guest but I'm not able to get it
> to work. I found some description on the web about which settings to
> edit in grub.cfg to enable the serial console and created a VM with 10.3
> in qcow2 disk format in KVM. Now I am trying to start the same on
> OpenBSD 6.7 but keep getting the connected message and then just
> "Rebooting " after I hit some keyboard keys seems like baud rate issue
> but not sure.
>
> After messing with it for a while now I am getting a new error:
>
> vmctl: could not open disk image(s)
>
> even thought the disk is there and readable to the user I have setup in
> vm.conf in fact I have another VM with the same configuration and disk
> with the same permissions and in the same location that works (it is
> OpenBSD based).
>
> I would greatly appreciate it if someone has gone this path and can
> share some config info with me.
>
> Cheers and thanks in advance,
>
> George




iked: macos couldn't connect

2020-06-29 Thread Martin Sukany
6,aes-192,aes-128 auth hmac-sha2-256,hmac-sha1 esn,noesn 
lifetime 10800 bytes 536870912 signature
spi=0xeb80a0271f6aa481: recv IKE_SA_INIT req 0 peer 62.245.102.32:500 local 
89.221.223.253:500, 604 bytes, policy 'securenet'
spi=0xeb80a0271f6aa481: ikev2_sa_responder_dh: want dh ECP_256, KE has MODP_2048
spi=0xeb80a0271f6aa481: ikev2_resp_recv: failed to negotiate IKE SA
spi=0xeb80a0271f6aa481: ikev2_add_error: INVALID_KE_PAYLOAD
spi=0xeb80a0271f6aa481: send IKE_SA_INIT res 0 peer 62.245.102.32:500 local 
89.221.223.253:500, 38 bytes
spi=0xeb80a0271f6aa481: recv IKE_SA_INIT req 0 peer 62.245.102.32:500 local 
89.221.223.253:500, 412 bytes, policy 'securenet'
spi=0xeb80a0271f6aa481: send IKE_SA_INIT res 0 peer 62.245.102.32:500 local 
89.221.223.253:500, 265 bytes
spi=0xeb80a0271f6aa481: recv IKE_AUTH req 1 peer 62.245.102.32:61705 local 
89.221.223.253:4500, 512 bytes, policy 'securenet'
spi=0xeb80a0271f6aa481: recv IKE_AUTH req 1 peer 62.245.102.32:61705 local 
89.221.223.253:4500, 512 bytes, policy 'securenet'
spi=0xeb80a0271f6aa481: recv IKE_AUTH req 1 peer 62.245.102.32:61705 local 
89.221.223.253:4500, 512 bytes, policy 'securenet'
spi=0xeb80a0271f6aa481: recv IKE_AUTH req 1 peer 62.245.102.32:61705 local 
89.221.223.253:4500, 512 bytes, policy 'securenet'
spi=0xeb80a0271f6aa481: recv IKE_AUTH req 1 peer 62.245.102.32:61705 local 
89.221.223.253:4500, 512 bytes, policy 'securenet'

in OS X I could see only the connection timed out. I have suspiction on:
spi=0xeb80a0271f6aa481: ikev2_resp_recv: failed to negotiate IKE SA

but not sure ….

Any ideas?

S pozdravem / Kind regards

Martin Sukaný
UNIX Engineer, Developer, DevOps specialist
xmpp: mar...@sukany.cz <mailto:mar...@sukany.cz>
phone: +420 776 275 713
email: mar...@sukany.cz <mailto:mar...@sukany.cz>
l: https://www.linkedin.com/in/martins6 <https://www.linkedin.com/in/martins6>






signature.asc
Description: Message signed with OpenPGP


iked: macos couldn't connect

2020-06-29 Thread Martin Sukany
6,aes-192,aes-128 auth hmac-sha2-256,hmac-sha1 esn,noesn 
lifetime 10800 bytes 536870912 signature
spi=0xeb80a0271f6aa481: recv IKE_SA_INIT req 0 peer 62.245.102.32:500 local 
89.221.223.253:500, 604 bytes, policy 'securenet'
spi=0xeb80a0271f6aa481: ikev2_sa_responder_dh: want dh ECP_256, KE has MODP_2048
spi=0xeb80a0271f6aa481: ikev2_resp_recv: failed to negotiate IKE SA
spi=0xeb80a0271f6aa481: ikev2_add_error: INVALID_KE_PAYLOAD
spi=0xeb80a0271f6aa481: send IKE_SA_INIT res 0 peer 62.245.102.32:500 local 
89.221.223.253:500, 38 bytes
spi=0xeb80a0271f6aa481: recv IKE_SA_INIT req 0 peer 62.245.102.32:500 local 
89.221.223.253:500, 412 bytes, policy 'securenet'
spi=0xeb80a0271f6aa481: send IKE_SA_INIT res 0 peer 62.245.102.32:500 local 
89.221.223.253:500, 265 bytes
spi=0xeb80a0271f6aa481: recv IKE_AUTH req 1 peer 62.245.102.32:61705 local 
89.221.223.253:4500, 512 bytes, policy 'securenet'
spi=0xeb80a0271f6aa481: recv IKE_AUTH req 1 peer 62.245.102.32:61705 local 
89.221.223.253:4500, 512 bytes, policy 'securenet'
spi=0xeb80a0271f6aa481: recv IKE_AUTH req 1 peer 62.245.102.32:61705 local 
89.221.223.253:4500, 512 bytes, policy 'securenet'
spi=0xeb80a0271f6aa481: recv IKE_AUTH req 1 peer 62.245.102.32:61705 local 
89.221.223.253:4500, 512 bytes, policy 'securenet'
spi=0xeb80a0271f6aa481: recv IKE_AUTH req 1 peer 62.245.102.32:61705 local 
89.221.223.253:4500, 512 bytes, policy 'securenet'

in OS X I could see only the connection timed out. I have suspiction on:
spi=0xeb80a0271f6aa481: ikev2_resp_recv: failed to negotiate IKE SA

but not sure ….

Any ideas?

S pozdravem / Kind regards

Martin Sukaný
UNIX Engineer, Developer, DevOps specialist
xmpp: mar...@sukany.cz
phone: +420 776 275 713
email: mar...@sukany.cz
l: https://www.linkedin.com/in/martins6






signature.asc
Description: Message signed with OpenPGP


OpenSMTPd can't sent mail behind IKEv2 NAT

2020-06-22 Thread Martin
I have working smtp server on OBSD 6.6 which did it's job successfully using 
egress server's IP before IPsec iked tunnel has been implemented.

/etc/mail/smtpd.conf
...
# smptd bound on server's egress interface (early setup with clearnet IP config 
without IPsec)
table sources {1.2.3.4}
table helonames {1.2.3.4 = smtp.domain.tld}
...

Now all server's traffic goes trough IKEv2 gateway with NAT, and smtpd runs on 
the same server, but now behind IPsec NAT.

The goal is that smtpd should send/receive mail trough IPsec tunnel. smtpd 
receives mail successfully but can't send mail trough IPsec tunnel.

Once mail is sent by mail agent, mailq reports "No valid route to destination". 
I tried to bind smtpd to localhost and IPsec server's local NAT interface in 
smtpd.conf but unsuccessfully:
...
table sources {127.0.0.1}
table helonames {4.3.2.1 = smtp.another-domain.tld}
...

I suppose smtpd uses system default routing table for delivering mail, instead 
of using IPsec gateway. And binding smtpd to localhost or IPsec NAT interface 
can't solve the problem.

Any suggestions what can be missed or misconfigured?

Martin


Re: It's been awhile

2020-06-17 Thread Martin Schröder
Am Mi., 17. Juni 2020 um 17:06 Uhr schrieb Rasmus Liland :
> Try to buy sticker_40_w for 7€ from here:
> https://kd85.com/notforsale.html

Note that the project will probably get no money from that site.
If you want more context, search the list.

Best
Martin



Re: [smartmontools] OpenBSD testers required

2020-06-08 Thread Martin Ziemer
On Fri, Jun 05, 2020 at 10:52:38AM +0200, Marek Benc wrote:
> There's been some changes in the OpenBSD port of smartmontools,
> tools for working with S.M.A.R.T diagnostic of hard drives and SSDs,
> the platform-specific code was modernized, so it would be quite useful
> if people could test these changes out to make sure they work on all
> systems, I tested them on a macppc system with an ATA drive.
> 
> The developer doesn't currently have access to a physical system
> with OpenBSD running on it, so they wrote the changes in a virtual
> machine.
> 
> You can find the changes here:
> https://github.com/smartmontools/smartmontools/pull/56
Tested on two amd64-systems. Worked on both systems.



Re: How do I set up a Wi-Fi access point (using APU2)?

2020-06-05 Thread Martin Schröder
Am Fr., 5. Juni 2020 um 19:14 Uhr schrieb infoomatic :
> it seems you skipped the firewall part of the document you were
> referring, you need NAT connections.

Or you do IPv6 instead of vintage-IP.

Best
Martin



Re: Filling a 4TB Disk with Random Data

2020-06-05 Thread Martin Schröder
Am Fr., 5. Juni 2020 um 09:21 Uhr schrieb Roderick :
> Is not there a SCSI command "sanitize" for that?

Secure erase: 
https://en.wikipedia.org/wiki/Parallel_ATA#HDD_passwords_and_security

Or you encrypt your device and throw away the key.

Best
Martin



/bsd: atascsi_passthru_done, timeout

2020-06-01 Thread Martin Schröder
Hi,
my firewall (APU2 with 6.7) shows this in messages ca. every other day.

smartctl shows the only disc is healthy, system is behaving fine.
Should I be worried?

dmesg is at https://paste.opensuse.org/11922555

Best
Martin



Re: Convert ffs1 to ffs2?

2020-05-20 Thread Martin Schröder
Am Mi., 20. Mai 2020 um 11:41 Uhr schrieb Михаил Попов :
> What is the best method to harden OpenBSD in a diskless mode?

Manually converting the fs to FFS2 using ed. That's what you are
interested in, right?



Re: 'post quantum' encryption algorithm(s) in latest libressl and upcoming 6.7 to chose

2020-05-09 Thread Martin
Some time ago Google bought 2000qbit version from D-wave and confirmed it is a 
quantum computer bla bla bla... but cluster consists of eight qbit blocks to 
build advertised capacity if I understand googles papers right.

My question was about decrypting currently generated and accumulated encrypted 
traffic after five - ten years on quantim computers if they were available. And 
which crypto algo. I have to use right now to prevent decryption in post 
quantum computing era.

Martin

‐‐‐ Original Message ‐‐‐
On Saturday, May 9, 2020 2:34 PM,  wrote:

> D-waves has too uncoupled qubits if I understand it correctly, it is nothing 
> to do about qubits quantity as we used to think about it. Like a "cluster" of 
> completely isolated hosts (which is already not a cluster or course).




Re: 'post quantum' encryption algorithm(s) in latest libressl and upcoming 6.7 to chose

2020-05-09 Thread Martin
This one 
https://www.tomshardware.com/news/d-wave-5000-qubit-first-sale,40470.html
is the most powerful 5000qbits quantum computer sells nowadays.

Moreother, D-Wave opened online service to access 5000qbit remotely for solving 
'special' tasks which can be accelerated using quantum architecture.

In 2016 Google tested some encryption sub-layer in Chrome browser to test 
quantum resistant encryption algo.

According to current online data collecting practices, after six years most of 
'old' algorithms will possible to decrypt directly from storage by 'modern' 
quantum computers.

Martin

‐‐‐ Original Message ‐‐‐
On Saturday, May 9, 2020 5:05 AM,  wrote:

> According to Damien Miller:
>
> > this is pretty much possible now, by enabling the experimental support
>
> for the XMSS PQ signature algorithm
>
> in the SSH




Re: IPv4 traffic over IPv6 tunnel approach

2020-05-08 Thread Martin
I have IPv6 point to point connection. Going to transmit IPv4 inside IPv6 
tunnel.

client has IPv6 ::::2
gateway has IPv6 ::::1

Martin

‐‐‐ Original Message ‐‐‐
On Friday, May 8, 2020 8:55 PM, Brian Brombacher  wrote:

> From your description, you want to pass IPv4 inside a tunnel that has an 
> outer protocol of IPv6. Your resulting hostname.gif0 looks like the exact 
> opposite of your description (IPv6 inside the tunnel with IPv4 outer).
>
> Clarify what you need please. Provide your existing hostname.if files for the 
> other interfaces if you need to.
>
> > On May 8, 2020, at 3:09 PM, Martin martin...@protonmail.com wrote:
> > Last thing I have to understand about gif(4) and IPv6 tunneling.
> > Should I set gif(4) 'inet6 alias' = the same IPv6 of the local end of IPv6 
> > tunnel interface or just set 'inet6 alias' for gif(4) in tunnel's IPv6 
> > subnet?
> > Martin
> > ‐‐‐ Original Message ‐‐‐
> >
> > > > On Friday, May 8, 2020 4:41 PM, Tom Smyth tom.sm...@wirelessconnect.eu 
> > > > wrote:
> > > > Hi Martin,
> > > > If I understand your question correctly
> > > > you need 2 endpoints to the tunnel...
> > > > for gif(4) or any gre((4) based tunnel
> > > > you need the interface setup on both the client and the server (gateway)
> > > > if you have a gateway serving multiple clients... then you need one
> > > > interface per client that you intend to connect
> > > > Thanks
> > > > Tom Smyth
> > > > On Fri, 8 May 2020 at 17:38, Martin martin...@protonmail.com wrote:
> > > > Thanks for confirmation.
> > > > Hope I understand gif(4) functionality right from its configuration. 
> > > > Can I set /etc/hostname.gif0 from client's side only like below:
> > > > /etc/hostname.gif0
> > > > tunnel 10.20.30.40 195.203.212.221
> > > > inet6 alias 2001:05a8::0001::::8542 128
> > > > dest 2001:05a8::0001::::8541
> > > > where
> > > > tunnel 10.20.30.40 is client's address, 195.203.212.221 gateway machine 
> > > > egress IPv4
> > > > inet6 alias is the same IPv6 address of client's IPv6 local interface 
> > > > or an IPv6 address in the same subnet.
> > > > dest IPv6 is a destination IPv6 interface address of gateway machine.
> > > > Do I need to setup gif0 on gateway machine to have encapsulation 
> > > > working?
> > > > Martin
> > > > ‐‐‐ Original Message ‐‐‐
> > > >
> > > > > On Friday, May 8, 2020 1:43 PM, Kristjan Komlosi 
> > > > > kristjan.koml...@gmail.com wrote:
> > > > > gif(4) should work fine, as it's designed to do what you described. 
> > > > > The
> > > > > best approach depends on the level of security you want to achieve. 
> > > > > IPIP
> > > > > tunnels aren't encrypted...
> > > > > regards, kristjan
> > > > > On 5/8/20 3:32 PM, Martin wrote:
> > > > >
> > > > > > I have IPv6 unidirectional tunnel between two machines. One of them 
> > > > > > is gateway, another one is a client.
> > > > > > The goal is to route IPv4 packets over IPv6 tunnel from client to 
> > > > > > gateway and NAT IPv4 packet to egress on gateway machine.
> > > > > > May I use gif(4) for it or what is the best approach to traverse 
> > > > > > IPv4 packets over IPv6 tun?
> > > > > > Martin
> > > > > > --
> > > > > > Kindest regards,
> > > > > > Tom Smyth.




Re: OpenBSD VPS hoster with unlimited/limited nonfiltered traffic

2020-05-08 Thread Martin
Good choice. Do they provide IP addresses from data-center's pool where VPSes 
located or from ISP range?

Martin

‐‐‐ Original Message ‐‐‐
On Friday, May 8, 2020 5:51 PM, Rich Kulawiec  wrote:

> (This is a cut-and-paste of something I sent in response to a similar
> question about FreeBSD last month.)
>
> I've been a customer of Panix (panix.com) for years and they're terrific.
> Inexpensive, flexible, responsive support, VERY high clue level, and
> proactive about patches/fixes. (There have been multiple instances
> in which they've fixed something before I knew it was a problem.
> They're fast, but deliberate: I don't think I've observed any instances
> where they had to back out a change.)
>
> They're also good about supporting pretty much whatever distribution you
> ask for: if there's customer demand/requests for it, they'll make it happen.
>
> ---rsk




'post quantum' encryption algorithm(s) in latest libressl and upcoming 6.7 to chose

2020-05-08 Thread Martin
Which 'quantum' resistant algorithms can be used right now to prevent data 
decryption in future by 'quantum' computers (when they can do this) of 
currently collected data flows?

Martin


Re: IPv4 traffic over IPv6 tunnel approach

2020-05-08 Thread Martin
Last thing I have to understand about gif(4) and IPv6 tunneling.

Should I set gif(4) 'inet6 alias' = the same IPv6 of the local end of IPv6 
tunnel interface or just set 'inet6 alias' for gif(4) in tunnel's IPv6 subnet?

Martin

‐‐‐ Original Message ‐‐‐
On Friday, May 8, 2020 4:41 PM, Tom Smyth  wrote:

> Hi Martin,
> If I understand your question correctly
>
> you need 2 endpoints to the tunnel...
>
> for gif(4) or any gre((4) based tunnel
> you need the interface setup on both the client and the server (gateway)
>
> if you have a gateway serving multiple clients... then you need one
> interface per client that you intend to connect
> Thanks
> Tom Smyth
>
> On Fri, 8 May 2020 at 17:38, Martin martin...@protonmail.com wrote:
>
> > Thanks for confirmation.
> > Hope I understand gif(4) functionality right from its configuration. Can I 
> > set /etc/hostname.gif0 from client's side only like below:
> > /etc/hostname.gif0
> > tunnel 10.20.30.40 195.203.212.221
> > inet6 alias 2001:05a8::0001::::8542 128
> > dest 2001:05a8::0001::::8541
> > where
> > tunnel 10.20.30.40 is client's address, 195.203.212.221 gateway machine 
> > egress IPv4
> > inet6 alias is the same IPv6 address of client's IPv6 local interface or an 
> > IPv6 address in the same subnet.
> > dest IPv6 is a destination IPv6 interface address of gateway machine.
> > Do I need to setup gif0 on gateway machine to have encapsulation working?
> > Martin
> > ‐‐‐ Original Message ‐‐‐
> > On Friday, May 8, 2020 1:43 PM, Kristjan Komlosi kristjan.koml...@gmail.com 
> > wrote:
> >
> > > gif(4) should work fine, as it's designed to do what you described. The
> > > best approach depends on the level of security you want to achieve. IPIP
> > > tunnels aren't encrypted...
> > > regards, kristjan
> > > On 5/8/20 3:32 PM, Martin wrote:
> > >
> > > > I have IPv6 unidirectional tunnel between two machines. One of them is 
> > > > gateway, another one is a client.
> > > > The goal is to route IPv4 packets over IPv6 tunnel from client to 
> > > > gateway and NAT IPv4 packet to egress on gateway machine.
> > > > May I use gif(4) for it or what is the best approach to traverse IPv4 
> > > > packets over IPv6 tun?
> > > > Martin
>
> --
>
> Kindest regards,
> Tom Smyth.




Re: IPv4 traffic over IPv6 tunnel approach

2020-05-08 Thread Martin
Thanks for confirmation.

Hope I understand gif(4) functionality right from its configuration. Can I set 
/etc/hostname.gif0 from client's side only like below:

/etc/hostname.gif0
tunnel 10.20.30.40 195.203.212.221
inet6 alias 2001:05a8::0001::::8542 128
dest 2001:05a8::0001::::8541

where
tunnel 10.20.30.40 is client's address, 195.203.212.221 gateway machine egress 
IPv4
inet6 alias is the same IPv6 address of client's IPv6 local interface or an 
IPv6 address in the same subnet.
dest IPv6 is a destination IPv6 interface address of gateway machine.

Do I need to setup gif0 on gateway machine to have encapsulation working?

Martin

‐‐‐ Original Message ‐‐‐
On Friday, May 8, 2020 1:43 PM, Kristjan Komlosi  
wrote:

> gif(4) should work fine, as it's designed to do what you described. The
> best approach depends on the level of security you want to achieve. IPIP
> tunnels aren't encrypted...
>
> regards, kristjan
>
> On 5/8/20 3:32 PM, Martin wrote:
>
> > I have IPv6 unidirectional tunnel between two machines. One of them is 
> > gateway, another one is a client.
> > The goal is to route IPv4 packets over IPv6 tunnel from client to gateway 
> > and NAT IPv4 packet to egress on gateway machine.
> > May I use gif(4) for it or what is the best approach to traverse IPv4 
> > packets over IPv6 tun?
> > Martin




IPv4 traffic over IPv6 tunnel approach

2020-05-08 Thread Martin
I have IPv6 unidirectional tunnel between two machines. One of them is gateway, 
another one is a client.
The goal is to route IPv4 packets over IPv6 tunnel from client to gateway and 
NAT IPv4 packet to egress on gateway machine.

May I use gif(4) for it or what is the best approach to traverse IPv4 packets 
over IPv6 tun?

Martin


Re: More than 16 partitions

2020-04-23 Thread Martin Schröder
Am Do., 23. Apr. 2020 um 21:31 Uhr schrieb :
> No problem. Would it be too crude a suggestion that we go back to the
> content now...?

You didn't provide any patch.



Start system daemon after postgresql/mysql database from packages using rc.conf.local

2020-04-22 Thread Martin
I need to change system daemon (smptd) start order during system boot to have 
it connected to a database which started from package scripts 
/etc/rc.conf.local.

Now /etc/rc.conf is untouched, database runs from /etc/rc.conf.local
pkg_scripts="postgresql"
smtpd starts first from rc.conf and crash because no database loaded from 
rc.conf.local script to fetch users.

Please suggest any workaround.

Martin


Keeping distfiles actual with port tree and cleaning old distfiles from storage automatically

2020-04-20 Thread Martin
I'm looking for a way to keep distfiles up-to-date locally with auto remove 
'old' ones in sync with actual ports tree.

Martin


Re: UNIX crash course

2020-04-19 Thread Martin
People recommend me these books https://www.openbsd.org/books.html for 
programming starting point. Here is a list of admin. related books too. Very 
comprehensive and useful books listed.

Martin

‐‐‐ Original Message ‐‐‐
On Sunday, April 19, 2020 7:15 PM, Chris Zakelj  wrote:

> Looking to the list for suggestions on becoming at least a
> semi-competent admin.  Long-time members may remember my trial-by-fire
> 15+ years ago when the boss ordered a T1 and the carrier's tech
> "helpfully" pointed the dmz interface at the (already outdated) NT4 file
> server.  My current situation is nothing like that, but thanks to all
> the recent trolls, I discovered that following the IEEE's transition
> from their email service being little more than a .forward alias into a
> full-fledged GMail suite, that Google wasn't forwarding emails it deemed
> spammy and caused the partial loss of nearly seven months' worth of
> mail.  Since I don't trust Google or pretty much any "free" provider at
> this point, that means doing it myself.  Some steps (registering a
> domain, ordering business-class service or a static IP, etc) are
> self-evident.  But after that, there's a lot I really need to learn
> beyond what's in the man pages, and my copy of 'Absolute OpenBSD' is
> quite dated at this point.  I've also got that misbehaving ARC-1200B
> card, so if dlg@ or another team member in the US/Canada has interest in
> figuring out what's going sideways, I'll pay for shipping both ways.




  1   2   3   4   5   6   7   8   9   10   >