Re: Trying to access /dev/ttyUSB0 device from VM
On Sun, 17 Mar 2024 10:25:17 -0400 Stephen Wiley wrote: > Since it's just UART it probably wouldn't be too hard to use openpty > to to pass it through over the network. I wouldn't be surprised if > someone else already did this. > > On Sun, Mar 17, 2024 at 02:09:11PM +, Chris Narkiewicz wrote: > > Hardware passthrough is not supported by vmd. > > > > Best regards, > > Chris Narkiewicz > > > There is socat in ports (https://openports.pl/path/net/socat)
Re: Trying to access /dev/ttyUSB0 device from VM
On Sun, 17 Mar 2024 19:42:13 +0800 Sadeep Madurange wrote: > Hello, > > I set up a Linux VM on OpenBSD hoping to flash ESP32 programs from the > Linux VM. However when I plug the MCU in, I can't see it in the /dev > directory. > > Is what I'm trying to do even possible (accessing UART-over-USB > devices from a VM), and if so, is there anything special I need to > do, e.g., when I start the VM? > This is not supported at the moment as mentioned in the FAQ: https://www.openbsd.org/faq/faq16.html
Re: mailman on OpenBSD - linking problem
On Mon, 11 Mar 2024 21:16:05 +0300 Mark wrote: > On Mon, Mar 11, 2024 at 11:16 AM Michael Hekeler > wrote: > > > I don't know this mailman script but... > > Why did you strip first component from the request? > > Are these cgi's in /usr/local/lib/mailman/cgi-bin/admin or in > > /var/www/usr/local/lib/mailman/cgi-bin/admin? > > What is your chroot setting in httpd.conf? > > And IF you changed httpd chroot how do you start slowcgi(8)? > > What/where is socket? Where is path? > > > > > Hi Michael, > > What does "request strip 1" actually do in that case? > The cgi files are in /usr/local/lib/mailman/cgi-bin/ > chroot setting in httpd.conf: chroot "/" > Slowcgi starts with: slowcgi_flags="-p /" and it's socket path is: > /var/www/run/slowcgi.sock > > Slowcgi and httpd works fine. However two things I'd like to know; > > As I asked, what does "request strip 1" do and if I really need that? > > Secondly; how to combine two locations into one? So that; > "/admin" and "/admin/" would get captured both. you would have 2 locations like this location match "/admin" { request rewrite "/admin/" } location "/admin/" { ... } you should be able to generalize the 1st match to add a / to every request not having a / at the end when it is not pointing to a file (*.html/png/...) with something like this (note I've not tested this, so use at own risk :) ) location match "([^.]+)[^/]$" { request rewrite "%1/" }
Re: Using wayland on OpenBSD
On Sat, 25 Nov 2023 17:15:21 +0100 quen...@schibler.fr wrote: > I would like to develop a wayland app on OpenBSD, and I was wondering > if it was already possible to use wayland on a snapshot version. The > only requirement I have is to be able to run firefox, I obviously > don't expect anything to be stable and I will be happy to help by > providing feedback/bug report. > > - Quentin Schibler > Have a look here: https://www.openbsd.org/papers/eurobsdcon2023-matthieu-wayland-openbsd.pdf
Re: How Do I Get The OpenBSD Install Procedure To Stop Trashing My Bootloader?
On Thu, 13 Jul 2023 13:53:24 -0500 (EDT) "Jay F. Shachter" wrote: > Esteemed Colleagues: > > Every time I install OpenBSD (the latest version, 7.3), it trashes > GRUB, and renders my computer unbootable. I am guessing, and please > correct me if I am wrong, that this is because OpenBSD puts its > subpartition table in disk storage that has not been given to it. > > The internal hard drive is an MBR-partitioned disk belonging to a > computer that is configured to do Legacy boot. Microsoft Windows, > Linux, and Haiku are already installed. Microsoft Windows uses all > three primary partitions for itself, because that is what Windows > does, and every other operating system has to find a place for itself > within the extended partition. > > The bootloader is GRUB2, and has been, since I installed the Linux > system. The Linux system resides on two logical volumes (root and > swap) carved out of an LVM volume group that resides on the first > logical slice of the extended partition (which Linux calls /dev/sda5). > GRUB2 boots it by means of: > > insmod lvm > set root=(lvm/m5-springdale) > linux /boot/vmlinuz root=/dev/m5/springdale > initrd /boot/initramfs.img > > Haiku resides on the third logical slice of the extended partition, > which in Linux is called /dev/sda7, and is booted by means of: > > set root=(hd0,7) > chainloader +1 > > OpenBSD was installed -- repeatedly -- in the second logical slice of > the extended partition, which in Linux is called /dev/sda6 (and I > intend to install NetBSD in /dev/sda9, I have a very subtle sense of > humor), and there is already a stanza in my GRUB menu that has been > made ready for it: > > set root=(hd0,6) > chainloader +1 > > although I am also ready to boot it by means of kopenbsd, if > necessary. > > I never got to execute that stanza in the GRUB menu, however, because > the OpenBSD installation has always rendered my system unbootable. It > just didn't boot, not even into the GRUB menu. I had to repair my > system by booting from a recovery CD, mounting /dev/m5/springdale on, > e.g., /mnt, furnishing /mnt with appropriate proc, sys and dev > filesystems, doing a chroot to /mnt, and then doing a "grub2-install > /dev/sda". Which failed, complaining, inter alia, about a disk with > multiple partition tables. But if I did > > dd if=/dev/zero of=/dev/sda bs=512 skip=1 count=2 > > then grub2-install ceased complaining about a disk with multiple > partition tables, and it succeeded, and I could then reboot into the > GRUB menu. But now OpenBSD was unbootable. > > All of this has led me reasonably to theorize that OpenBSD puts its > subpartition table outside of the area that belongs to it, which is > the second logical slice of the extended partition, which is where I > tell it to install itself -- in particular, that it puts its > subpartition table near the MBR table, which is an area of disk that > does not belong to it, but, rather, to GRUB, which is, consequently, > trashed. > > If this is what is happening, then it is totally bogus. > > I have nothing against subpartitioning. Linux doesn't do it, but many > respectable operating systems do, like FreeBSD, NetBSD, and Solaris, > although Solaris, practically speaking, is usually installed so as to > use ZFS rather than UFS, so the entire concept of subpartitioning is > obsolete. > > (Parenthetically, when is OpenBSD going to support ZFS, and join the > category of operating systems in which I can do serious work, i.e., > Solaris, Linux, FreeBSD, and NetBSD? NetBSD didn't use to be in that > category, because its implementation of ZFS was brain-damaged, but > now it has a good implementation of ZFS, and now it is a member in > good standing of the category of operating systems in which I can do > serious work. OpenBSD is not, and in that regard it resembles Haiku, > or SkyOS, or Icaros, and that is regrettable, because OpenBSD has > other good features that would otherwise make me want to use it for > serious work. But I digress.) > > But my FreeBSD systems manage to do subpartitioning without trashing > GRUB and rendering my computers unbootable. I assume that is because > FreeBSD doesn't overwrite disk storage that doesn't belong to it, but > that, rather, it keeps its subpartition table in the area of disk > where it has been told to install itself. > > Now, I do not know for certain that OpenBSD overwrites parts of GRUB > with its subpartition table. I am only theorizing, based on strong > circumstantial evidence. What I do know is that every time I install > OpenBSD, it renders my computer unbootable. How do I get it to stop > doing that? > > Thank you in advance for any and all replies. > > Jay F. Shachter > 6424 North Whipple Street > Chicago IL 60645-4111 > (1-773)7613784 landline >
Re: OT: Running SOFTRAID on PCEngine APU2 via mPCIe to M.2 convertor board for NVME 2230 or 2242
On Sun, 21 May 2023 07:28:25 -0400 Daniel Ouellet wrote: > Hi, > > Anyone ever was able to find a mPCIe to M.2 convertor board on Amazon > that works for using M.2 NVME 2230 or 2242 drives or even M.2 SATA > (NGFF) in the APU2 like this: > > https://github.com/TobleMiner/M.2-NVMe-SSD-to-miniPCIe-adapter > > Scroll to the end and see the picture of the drives inside the APU2. > > The mSATA goes in the J12 slot as explained below (URL), but the J13 > and J14 are mPCIe slot, so it should be possible with the proper > adapter to also have an M.2 drives in this small box. > > https://github.com/pcengines/apu2-documentation/blob/master/docs/APU_mPCIe_capabilities.md > > Then may be I can run softraid on my OpenBSD APU2. > > I would very much appreciated if anyone happen to know the model that > they use or know that is working. > > Amazon have a very long list, but the description isn't to useful and > describe for use with USB, or wireless card and there is so many > different keys type, etc. > > Many thanks for your time. > > Daniel > It is not amazon, but here you can find one on ali express: https://www.aliexpress.com/item/1005004641053693.html?spm=a2g0o.detail.114.6.3a686a9ashFQUL=pcDetailBottomMoreOtherSeller=1007.40050.281175.0_id=1007.40050.281175.0=1007.40050.281175.0=ece8abbc-347c-47df-9c76-c292adefc4c1&_t=gps-id:pcDetailBottomMoreOtherSeller,scm-url:1007.40050.281175.0,pvid:ece8abbc-347c-47df-9c76-c292adefc4c1,tpp_buckets:668%232846%238109%231935_npi=3%40dis%21SEK%2166.65%2151.34%21%21%21%21%21%402101c5a716846710151784711e0835%211229942424882%21rec%21SE%211684149259
Re: URNDIS Phone Tethering
I was reluctant to send this direct to the b...@openbsd.org distro - but would that be a better destination that this distro? On Thu, Apr 27, 2023 at 12:39:11AM +0800, Rob Turner wrote: > Good evening, > > I'm new to OpenBSD and would like some help debugging this issue if possible. > On OpenBSD and Android 13 there is an issue with the URNDIS connection > dropping packets as soon as you try to do anything beyond basic pinging. > I've attached an email I found to b...@openbsd.org. The issue does not occur > with the same phone and laptop running Alpine, or using a different phone > running Android 11, so it appears isolated to this specific combination. > Happy to provide any debug information requested as I'm keen to get mobile > data service. Its a new laptop (Thinkpad Z13) whose soldered Wifi is > unsupported - and the only wifi dongle I could get working is only running at > ~8 Mbs. > > Thanks in advance, > > Rob > From openbsd-bugs Sun Jun 06 15:37:33 2021 > From: Janne Johansson > Date: Sun, 06 Jun 2021 15:37:33 + > To: openbsd-bugs > Subject: Re: URNDIS phone tethering doesn't work AMD64 and I386 6.9 OpenBSD > Message-Id: gmail ! com> > X-MARC-Message: https://marc.info/?l=openbsd-bugs=162299390130161 > > Sounds a lot like MTU issues. > > Den l=C3=B6r 5 juni 2021 kl 12:27 skrev Zen Floater2 .com>: > > > > I can ping and do DNS lookups but can't get any TCP through this interfac= > e > > anymore. > > lynx, fw_update, pkg_add,,, nothing works through urndis cell > > phone tethering anymore. > > > > Charlie > > > > --=20 > May the most significant bit of your life be positive.
URNDIS Phone Tethering
Good evening, I'm new to OpenBSD and would like some help debugging this issue if possible. On OpenBSD and Android 13 there is an issue with the URNDIS connection dropping packets as soon as you try to do anything beyond basic pinging. I've attached an email I found to b...@openbsd.org. The issue does not occur with the same phone and laptop running Alpine, or using a different phone running Android 11, so it appears isolated to this specific combination. Happy to provide any debug information requested as I'm keen to get mobile data service. Its a new laptop (Thinkpad Z13) whose soldered Wifi is unsupported - and the only wifi dongle I could get working is only running at ~8 Mbs. Thanks in advance, Rob >From openbsd-bugs Sun Jun 06 15:37:33 2021 From: Janne Johansson Date: Sun, 06 Jun 2021 15:37:33 + To: openbsd-bugs Subject: Re: URNDIS phone tethering doesn't work AMD64 and I386 6.9 OpenBSD Message-Id: X-MARC-Message: https://marc.info/?l=openbsd-bugs=162299390130161 Sounds a lot like MTU issues. Den l=C3=B6r 5 juni 2021 kl 12:27 skrev Zen Floater2 : > > I can ping and do DNS lookups but can't get any TCP through this interfac= e > anymore. > lynx, fw_update, pkg_add,,, nothing works through urndis cell > phone tethering anymore. > > Charlie --=20 May the most significant bit of your life be positive.
Re: Change (spoof) MAC address
On Tue, 03 Jan 2023 07:40:21 +0100 "Bodie" wrote: > On Mon Jan 2, 2023 at 8:53 PM CET, Rob Schmersel wrote: > > On Mon, 2 Jan 2023 13:44:30 +0100 > > Tomaž Kokolj wrote: > > > > > Hi everyone, > > > > > > I've requested a static IP from my ISP a long time ago and I > > > figured out that my ISP binds my IP based on a MAC address which > > > is connected to my WAN port. > > > > > > I was thinking about switching from Debian Linux to OpenBSD on my > > > router, but I can't figure out how to change my MAC address. > > > > > > I've tried the the following configurations for my > > > /etc/hostname.em0 (I'm testing this in VirtualBox): > > > # > > > inet autoconf lladdr 00:11:22:33:44:55 > > > # > > > > > > # > > > lladdr 00:11:22:33:44:55 > > > inet autoconf > > > # > > > > > > # > > > inet autoconf > > > lladdr 00:11:22:33:44:55 > > > # > > > In all of those configurations, my lladdr gets changed to > > > 00:11:22:33:44:55 but the inet line is missing from ifconfig which > > > means that my network isn't working. > > > > > > I have found this old (2012) blog post: > > > https://andrewmemory.wordpress.com/2012/12/06/changing-mac-address-on-openbsd/ > > > > > > Which suggested: > > > "Linux has /etc/network/interfaces, and OpenBSD has > > > /etc/hostname.if. I just changed my /etc/hostname.vr1 to: > > > > > > dhcp lladdr 00:11:22:33:44:55 > > > > > > and I was requesting an IP address using my new MAC address" > > > > > > If I do that my inet line is present and my network/internet is > > > working, but my lladdr line isn't changed. > > > > > > Any suggestions? > > > > > > Best regards, > > > Tomaz > > > > My ISPs (one at the house, one at my son's apartment) have the same > > setup and I'm using this in /etc/hostname.em0 > > > lladdr 00:11:22:33:44:55 > > > inet autoconf > > > > This will give the correct IP address in both cases. > > > > Good luck > > Which is interesting that it works as man page talks about this > format: > > IPv4 dynamic addressing via DHCP is requested using "inet autoconf" > inet autoconf [ifconfig_options] > The ISP has not really set a static ip, but uses dhcp server to set a fixed IP address based on your MAC address. You can configure such in dhcpd.conf with something like the following: subnet 192.168.1.0 netmask 255.255.255.0 { option routers 192.168.1.1; range 192.168.1.24 192.168.1.200; # Network # example host host { fixed-address 192.168.1.250; hardware ethernet 00:11:22:33:44:55; }
Re: Change (spoof) MAC address
On Mon, 2 Jan 2023 13:44:30 +0100 Tomaž Kokolj wrote: > Hi everyone, > > I've requested a static IP from my ISP a long time ago and I figured > out that my ISP binds my IP based on a MAC address which is connected > to my WAN port. > > I was thinking about switching from Debian Linux to OpenBSD on my > router, but I can't figure out how to change my MAC address. > > I've tried the the following configurations for my /etc/hostname.em0 > (I'm testing this in VirtualBox): > # > inet autoconf lladdr 00:11:22:33:44:55 > # > > # > lladdr 00:11:22:33:44:55 > inet autoconf > # > > # > inet autoconf > lladdr 00:11:22:33:44:55 > # > In all of those configurations, my lladdr gets changed to > 00:11:22:33:44:55 but the inet line is missing from ifconfig which > means that my network isn't working. > > I have found this old (2012) blog post: > https://andrewmemory.wordpress.com/2012/12/06/changing-mac-address-on-openbsd/ > > Which suggested: > "Linux has /etc/network/interfaces, and OpenBSD has /etc/hostname.if. > I just changed my /etc/hostname.vr1 to: > > dhcp lladdr 00:11:22:33:44:55 > > and I was requesting an IP address using my new MAC address" > > If I do that my inet line is present and my network/internet is > working, but my lladdr line isn't changed. > > Any suggestions? > > Best regards, > Tomaz My ISPs (one at the house, one at my son's apartment) have the same setup and I'm using this in /etc/hostname.em0 > lladdr 00:11:22:33:44:55 > inet autoconf This will give the correct IP address in both cases. Good luck
Possible typo in fw_update
On line 408, fw_update has the expression ${LOCALSRC:#file:}. The parameter substitution ${name:#word} is not documented in the manual page for ksh yet its behavior seems to be equivalent to ${LOCALSRC#file:}. Assuming this is a typo, a patch is provided to remove the colon. If it is not a typo, could someone explain what this syntax does? Is this was a typo however, and this parameter substitution is not officially supported, why did ksh not complain? Rob diff --git usr.sbin/fw_update/fw_update.sh usr.sbin/fw_update/fw_update.sh index 4b77d4c7bd7..dbc80257228 100644 --- usr.sbin/fw_update/fw_update.sh +++ usr.sbin/fw_update/fw_update.sh @@ -405,7 +405,7 @@ if [ "$LOCALSRC" ]; then FWURL="${LOCALSRC}" LOCALSRC= else - LOCALSRC="${LOCALSRC:#file:}" + LOCALSRC="${LOCALSRC#file:}" ! [ -d "$LOCALSRC" ] && echo "The path must be a URL or an existing directory" >&2 && exit 1
xset doesn't work in Xsetup_0
At xenodm's login screen pressing the Fn key makes a beep. I put the lines ${exec_prefix}/bin/xset b off > /xset.stdout 2> /xset.stderr echo "Error code: $?" > xset.ret at the end of /etc/X11/xenodm/Xsetup_0 yet the Fn key still makes a beep. There is no output from either stdin or stdout and it returns 0. How can I disable the beep? xset works correctly in ~/.xsession. Thanks Robert
Re: White noise with audio over headphones
On Wed, Jun 15, 2022 at 11:27 PM Alexandre Ratchov wrote: > On Wed, Jun 15, 2022 at 02:59:40PM -0500, Rob Whitlock wrote: > > I have a Lenovo T450 that plays audio over the speakers and headphones > but > > when the headphones are used there is some white noise playing all the > time > > as well as the audio. This white noise is not there with Windows 10 or > > Linux. OpenBSD recognizes the audio codec as a Realtek ALC292 but Linux > and > > the spec sheet for my laptop say it's a Realtek ALC3232. I suspect this > > might be causing the error but I'm not sure how to fix it. There was no > > mention of an ALC3232 in /usr/src/sys/dev/pci/azalia_codec.c while there > > was for ALC292. > > > > Hi, > > Could you try: > > mixerctl inputs.mix2_source=dac-0:1 > > and check if noise level changes? > That did the trick. Thanks! What made you think of this suggestion?
White noise with audio over headphones
I have a Lenovo T450 that plays audio over the speakers and headphones but when the headphones are used there is some white noise playing all the time as well as the audio. This white noise is not there with Windows 10 or Linux. OpenBSD recognizes the audio codec as a Realtek ALC292 but Linux and the spec sheet for my laptop say it's a Realtek ALC3232. I suspect this might be causing the error but I'm not sure how to fix it. There was no mention of an ALC3232 in /usr/src/sys/dev/pci/azalia_codec.c while there was for ALC292. I am running a snapshot that is a few days old. Here is the output of mixerctl -av when the headphones are plugged in: inputs.dac-0:1=126,126 inputs.dac-2:3=126,126 record.adc-2:3_mute=off [ off on ] record.adc-2:3=124,124 record.adc-0:1_mute=off [ off on ] record.adc-0:1=124,124 inputs.mix_source=spkr3,mic2,beep { spkr3 mic2 beep } inputs.mix_spkr3=120,120 inputs.mix_mic2=120,120 inputs.mix_beep=120,120 inputs.mix2_source=dac-0:1,mix { dac-0:1 mix } inputs.mix3_source=dac-2:3,mix { dac-2:3 mix } inputs.mix4_source=dac-0:1,dac-2:3 { dac-0:1 dac-2:3 } inputs.mic=85,85 outputs.spkr_source=mix3 [ mix2 mix3 ] outputs.spkr_mute=on [ off on ] outputs.spkr_eapd=on [ off on ] outputs.hp_source=mix2 [ mix2 mix3 ] outputs.hp_mute=off [ off on ] outputs.hp_boost=off [ off on ] outputs.hp_eapd=on [ off on ] outputs.spkr2_source=mix2 [ mix2 mix3 ] outputs.spkr2_mute=off [ off on ] outputs.spkr2_boost=off [ off on ] outputs.spkr2_eapd=on [ off on ] inputs.spkr3=85,85 inputs.mic2=85,85 outputs.mic2_dir=input-vr80 [ none input input-vr0 input-vr50 input-vr80 input-vr100 ] record.adc-0:1_source=mic [ spkr3 mic2 beep mix mic ] record.adc-2:3_source=spkr3 [ spkr3 mic2 beep mix ] outputs.hp_sense=plugged [ unplugged plugged ] outputs.mic2_sense=plugged [ unplugged plugged ] outputs.spkr_muters=hp { hp } outputs.master=126,126 outputs.master.mute=off [ off on ] outputs.master.slaves=dac-0:1,dac-2:3,spkr,hp,spkr2 { dac-0:1 dac-2:3 spkr hp spkr2 } record.volume=124,124 record.volume.mute=off [ off on ] record.volume.slaves=adc-2:3,adc-0:1 { adc-2:3 adc-0:1 mic spkr3 mic2 } record.enable=sysctl [ off on sysctl ] Here is the dmesg: OpenBSD 7.1-current (GENERIC.MP) #580: Mon Jun 13 10:13:31 MDT 2022 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8441913344 (8050MB) avail mem = 8168697856 (7790MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xccbfd000 (66 entries) bios0: vendor LENOVO version "JBET73WW (1.37 )" date 08/14/2019 bios0: LENOVO 20BU000EUS acpi0 at bios0: ACPI 5.0 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SLIC ASF! HPET ECDT APIC MCFG SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT PCCT SSDT TCPA SSDT UEFI MSDM BATB FPDT UEFI DMAR acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) XHCI(S3) EHC1(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpiec0 at acpi0 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz, 2195.27 MHz, 06-3d-04 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz, 2194.93 MHz, 06-3d-04 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz, 2194.93 MHz, 06-3d-04 cpu2:
Re: documentation
On Tue, 24 May 2022 12:36:50 -0300 Gustavo Rios wrote: > Hi folks, > > I would like to download a pdf version of the faq and pf guide for > openbsd 7.1. May some one here point me where i could fetch the pdf > documentation from ? > > Thanks a lot. > You might try wkhtmltopdf
Re: Can't attach gdb to cwm
On Thu, Mar 10, 2022 at 1:01 PM Rob Whitlock wrote: > On Wed, Mar 9, 2022 at 11:20 PM Philip Guenther > wrote: > >> On Wed, Mar 9, 2022 at 8:28 AM Rob Whitlock >> wrote: >> >>> I'm trying to attach gdb to an already running cwm but I get the >>> following >>> error: >>> >>> ptrace: Invalid argument. >>> >>> Why am I getting this error? Also, I have already set >>> kern.global_ptrace=1, >>> and both cwm and gdb are being run by the same user. This problem occurs >>> both with the gdb in base and the gdb/egdb in ports. >>> >> >> Let me guess: the cwm process is an ancestor of the shell where you're >> invoking gdb. We don't permit that as the reparenting done by ptrace() >> would create a loop in the process tree, which breaks assumptions by both >> kernel and userspace programs. If that's the case, run gdb from an ssh >> session or something like that. >> >> Hmm, I guess I never updated the ptrace(2) manpage to mention that... >> >> Philip Guenther >> > > Thanks, that fixed the problem. I decided to go about breaking the loop in > the process tree in a slightly different (maybe some would say quick and > dirty) way, which I'll describe here in case someone else has this problem. > If you start an xterm from your ~/.xsession (or whatever startup script > you're using) and do *not* exec your window manager, then that xterm will > not be a child of your window manager. If you then try to attach gdb to > your window manager, you won't get the error. In order to not have to > restart your X session in case you close that special xterm, you can put > the command to run xterm in a loop. > > while true; do xterm; done & > cwm # not "exec cwm" > > Robert > It seems this was more "quick and dirty" than I realized, as the backgrounded loop doesn't exit when X does, so it's probably better to just ignore this way of doing it and use ssh like Philip Gunther said. Robert
Re: Can't attach gdb to cwm
On Wed, Mar 9, 2022 at 11:20 PM Philip Guenther wrote: > On Wed, Mar 9, 2022 at 8:28 AM Rob Whitlock wrote: > >> I'm trying to attach gdb to an already running cwm but I get the following >> error: >> >> ptrace: Invalid argument. >> >> Why am I getting this error? Also, I have already set >> kern.global_ptrace=1, >> and both cwm and gdb are being run by the same user. This problem occurs >> both with the gdb in base and the gdb/egdb in ports. >> > > Let me guess: the cwm process is an ancestor of the shell where you're > invoking gdb. We don't permit that as the reparenting done by ptrace() > would create a loop in the process tree, which breaks assumptions by both > kernel and userspace programs. If that's the case, run gdb from an ssh > session or something like that. > > Hmm, I guess I never updated the ptrace(2) manpage to mention that... > > Philip Guenther > Thanks, that fixed the problem. I decided to go about breaking the loop in the process tree in a slightly different (maybe some would say quick and dirty) way, which I'll describe here in case someone else has this problem. If you start an xterm from your ~/.xsession (or whatever startup script you're using) and do *not* exec your window manager, then that xterm will not be a child of your window manager. If you then try to attach gdb to your window manager, you won't get the error. In order to not have to restart your X session in case you close that special xterm, you can put the command to run xterm in a loop. while true; do xterm; done & cwm # not "exec cwm" Robert
Can't attach gdb to cwm
I'm trying to attach gdb to an already running cwm but I get the following error: ptrace: Invalid argument. Why am I getting this error? Also, I have already set kern.global_ptrace=1, and both cwm and gdb are being run by the same user. This problem occurs both with the gdb in base and the gdb/egdb in ports.
Error on xenocara.tar.gz extraction
Attempting to extract xenocara.tar.gz while avoiding root proviliges as described here https://www.openbsd.org/faq/faq5.html#wsrc, I ran into an error, shown below: 0 thinkpad$ pwd /usr/xenocara 0 thinkpad$ ls -a . .. 0 thinkpad$ tar xzf /home/rob/openbsd_files/7.0/xenocara.tar.gz tar: Access/modification time set failed on: .: Operation not permitted 1 thinkpad$ ls -a . 3RDPARTY Makefile data docfont share .. CVSREADME dist driver libutil .gitignore MODULESappdistribetcproto xserver 0 thinkpad$ cd .. 0 thinkpad$ ls -ld xenocara drwxrwxr-x 16 root wsrc512 Jan 12 21:43 xenocara 0 thinkpad$ id uid=1001(rob) gid=1001 groups=1001, 0(wheel), 9(wsrc) 0 thinkpad$ Running ktrace on tar shows that tar is trying to set the mtime of ., which corresponds to /usr/xenocara, with the function futimens, which fails. According to the man page for futimens, if the times argument is non-NULL, which is the case here, then the caller must be the owner of the file or the superuser. For an unprivileged user, this is not the case, as, although /usr/xenocara has group wsrc, it has owner root. Running tar tzf xenocara.tar.gz shows an entry for . which seems to be causing this problem. If you instead run tar xzf xenocara.tar.gz -s '/^\.$//' to omit only the . entry when extracting, there is no more error. There is a side effect to adding this -s option, which is that /usr/xenocara's mtime gets updated to the time the tarball extraction took place, as opposed to the time that was recorded for . in the tarball. I don't know whether updating /usr/xenocara to the mtime that was recorded in the tarball was intentional behavior or not. If updating the mtime of /usr/xenocara was not intentional behavior, it would seem to me that the fix for this problem would be to not include the . directory when making the tarball xenocara.tar.gz. I was unable to locate any code that was responsible for creating xenocara.tar.gz so I have not included a diff. If anybody could tell me where that code is then that would be appreciated. As another issue, extracting ports.tar.gz as a non-privileged user in /usr, as described in the document whose address is given above, results in failure due to lack of permission, as a normal user does not have access to create the /usr/ports directory. I am running a snapshot of OpenBSD 7.0 that is only a few days old.
Re: What password manager do you recommend?
On Fri, 7 Jan 2022 14:53:33 -0500 fo...@dnmx.org wrote: > Hello. I hope this these types of questions are okay for an mailing > list.. I completely understand if they are not.. > > There's password-store, but it does need some shitty dependencies.. > Then there's opm, but since it doesn't seem to be popular > fuck-knows-who if it's secure(ish).. > > If I were to use password-store, I'd have dmenu pipe in the query, > then just pipe the password to `xclip -i -selection clipboard` which > is a decent setup I guess.. > I use bitwarden, plays nice with all devices used in my family (bought the premium service for backup, but you can run that yourself)
Re: Disk partition not recognized
On Mon, Dec 27, 2021 at 7:28 PM Rob Whitlock wrote: > Thanks for the work tracking down the problems. I reformatted the hard > drive to see if that would do anything and then I installed OpenBSD 7.0 > like you suggested and it started working. I used Disk Utility in MacOS > 10.15.7 Catalina, and when I reformatted it I got some errors from Disk > Utility. My guess is that Disk Utility is doing something incorrectly. > Correction: I reformatted it with diskutil, but I have since reformatted it with Disk Utility and it shows up in OpenBSD 7.0 as well.
Re: Disk partition not recognized
On Sat, Dec 25, 2021 at 8:46 AM Crystal Kolipe wrote: > OK, the issue lies with the four byte checksum at offset 0x58 in sector 1. > > Testing on OpenBSD 7.0 release and using your GPT: > > The kernel enters spoofgptlabel and reads sector 1. > > When we call gpt_chk_parts, the calculated checksum comes to 0x0BE89E52, > whereas the on-disk checksum is 0x3F7A886C, as you can see in the hexdumps. > > Note that the on-disk checksum is stored in little-endian format. > > As a result, gpt_chk_parts returns EINVAL. When control returns to > spoofgptlabel, it doesn't read the partitions contained within, and goes on > to try to read the second GPT at sector dsize-1, which in your case is > sector 9767541167. > > That's the reason why you don't see the non-OpenBSD partitions in your, > (spoofed), disklabel, the on-disk checksum of the partition entries does > not match the calculated checksum, so the kernel considers the GPT to be > invalid. > > If you want to test removing the call to gpt_chk_parts, thereby forcing > the kernel to parse whatever it finds and ignoring any checksum errors, the > attached diffs should allow you to do that. As you said that you were > still running OpenBSD 6.9, I've produced a diff against that too, including > the change in line 609 that I mentioned earlier, but it's untested. There > were other changes to this code between 6.9 and 7.0 that I have not really > looked at. > > On OpenBSD 7.0, with the diff applied, I am able to parse the GPT that you > supplied. > > I doubt that a kernel option to disable the checksum verification would be > appropriate or welcome, but I don't know how common the problem is. > Thanks for the work tracking down the problems. I reformatted the hard drive to see if that would do anything and then I installed OpenBSD 7.0 like you suggested and it started working. I used Disk Utility in MacOS 10.15.7 Catalina, and when I reformatted it I got some errors from Disk Utility. My guess is that Disk Utility is doing something incorrectly.
Re: Disk partition not recognized
On Thu, Dec 23, 2021 at 3:24 PM Crystal Kolipe wrote: > Again, there is nothing there that would stop it working. > > You have an MBR partition of type EE starting on sector 1, which is what is > checked for in gpt_chk_mbr, so unless I'm overlooking something it's > probably chocking in gpt_chk_hdr due to something unexpected in the GPT > header, > (LBA block 1). > Here is LBA block 1: 0200: 4546 4920 5041 5254 0100 5c00 EFI PART\... 0210: 34b3 c118 0100 4... 0220: aed9 3046 0200 2200 ..0F"... 0230: 8dd9 3046 0200 69b0 0a57 6918 ed44 ..0Fi..Wi..D 0240: 911b a568 af12 75ff 0200 ...h..u. 0250: 8000 8000 6c88 7a3f l.z? 0260: 0270: 0280: 0290: 02a0: 02b0: 02c0: 02d0: 02e0: 02f0: 0300: 0310: 0320: 0330: 0340: 0350: 0360: 0370: 0380: 0390: 03a0: 03b0: 03c0: 03d0: 03e0: 03f0:
Re: Disk partition not recognized
On Thu, Dec 23, 2021 at 2:14 PM Crystal Kolipe wrote: > On Thu, Dec 23, 2021 at 01:15:52PM -0500, Rob Whitlock wrote: > > On Thu, Dec 23, 2021 at 12:22 PM Crystal Kolipe < > kolip...@exoticsilicon.com> > > wrote: > > > > > If the spoofed label does not include your non-OpenBSD partitions, > then for > > > some reason the kernel is not parsing the data from the GPT, and we > will > > > presumably need a hexdump of the GPT to see why. > > > > > > > Here is the GPT (the third sector on the disk): > > There is nothing unusual about these GPT entries. Every field apart from > the > partition serial numbers is identical to what would be written by creating > the > layout you described in your first email using OpenBSD fdisk. > > When I create this exact layout, the spoofed disklabel includes the > non-OpenBSD > partitions. > > I suspect that your MBR is trashed. Can you send a dump of the first > sector, > LBA 0? > Sure, here it is. : 0010: 0020: 0030: 0040: 0050: 0060: 0070: 0080: 0090: 00a0: 00b0: 00c0: 00d0: 00e0: 00f0: 0100: 0110: 0120: 0130: 0140: 0150: 0160: 0170: 0180: 0190: 01a0: 01b0: 00fe 01c0: eefe 0100 feff 01d0: 01e0: 01f0: 55aa ..U.
Re: Disk partition not recognized
On Thu, Dec 23, 2021 at 12:22 PM Crystal Kolipe wrote: > If the spoofed label does not include your non-OpenBSD partitions, then for > some reason the kernel is not parsing the data from the GPT, and we will > presumably need a hexdump of the GPT to see why. > Here is the GPT (the third sector on the disk): 0400: 2873 2ac1 1ff8 d211 ba4b 00a0 c93e c93b (s*..K...>.; 0410: 864c bda4 7d17 024e a9f9 afc5 1ade 8d87 .L..}..N 0420: 2800 2740 0600 (...'@.. 0430: 4500 4600 4900 2000 E.F.I. . 0440: 5300 7900 7300 7400 6500 6d00 2000 5000 S.y.s.t.e.m. .P. 0450: 6100 7200 7400 6900 7400 6900 6f00 6e00 a.r.t.i.t.i.o.n. 0460: 0470: 0480: a2a0 d0eb e5b9 3344 87c0 68b6 b726 99c7 ..3D..h..&.. 0490: e5c7 5771 8f97 434a 96af fa66 4871 0488 ..Wq..CJ...fHq.. 04a0: 0048 0600 ffd7 3046 0200 .H0F 04b0: 04c0: 04d0: 04e0: 04f0: 0500: 0510: 0520: 0530: 0540: 0550: 0560: 0570: 0580: 0590: 05a0: 05b0: 05c0: 05d0: 05e0: 05f0:
Re: Disk partition not recognized
On Thu, Dec 23, 2021 at 1:15 AM Theo de Raadt wrote: > > Crystal Kolipe wrote: > > > On Tue, Dec 21, 2021 at 06:04:28PM -0500, Rob Whitlock wrote: > > > A problem seems to be that there is no disklabel entry for the ExFAT > > > partition. > > > > You probably wrote a BSD disklabel to the disk before creating the ExFAT partition. > > > > If there is no on-disk disklabel, the kernel will create one in memory based on information from other partitioning schemes, (MBR, GPT). So in this case, as you change those MBR or GPT partitions, those changes will be reflected in the disklabel that the kernel sees. > > > > Once you actually write a disklabel to the disk, that on-disk disklabel is then used in place of calculating one each time the disk is attached, and the automatic parsing of MBR and GPT partition information stops. > > > > To solve your problem, you need to add the details of the ExFAT partition to the BSD disklabel. You can either do that manually with the disklabel command, or since you do not have any OpenBSD partitions on the disk, you could overwrite the on-disk disklabel, allow the kernel to generate one automatically with the correct information, then optionally force it to be written to the disk by running disklabel and entering 'w' at the interactive prompt. > > This can be investigated with > > disklabel -d > > (BTW, when the disklabel is constructed from other information on the disk, > we call it a "spoofed label") I would like to avoid modifying the data on the disk. Is there a way to use disklabel to update the in-core copy of the disklabel with a spoofed label, without also writing it to disk? I see in the disklabel(5) manual page that the DIOCSDINFO ioctl updates the in-core copy, so it seems it should be technically possible, but I don't see how to do it with the disklabel(8) program. My understanding of disklabel -d is that it gives you a default disklabel to start with, but does not affect how or where the disklabel is written.
Re: Disk partition not recognized
On Wed, Dec 22, 2021 at 5:23 AM Crystal Kolipe wrote: > On Tue, Dec 21, 2021 at 06:04:28PM -0500, Rob Whitlock wrote: > > A problem seems to be that there is no disklabel entry for the ExFAT > > partition. > > You probably wrote a BSD disklabel to the disk before creating the ExFAT > partition. > I formatted the disk on a MacOS system, so I'm pretty sure there is no disklabel on the disk. > If there is no on-disk disklabel, the kernel will create one in memory > based on information from other partitioning schemes, (MBR, GPT). So in > this case, as you change those MBR or GPT partitions, those changes will be > reflected in the disklabel that the kernel sees. > > Once you actually write a disklabel to the disk, that on-disk disklabel is > then used in place of calculating one each time the disk is attached, and > the automatic parsing of MBR and GPT partition information stops. > > To solve your problem, you need to add the details of the ExFAT partition > to the BSD disklabel. You can either do that manually with the disklabel > command, or since you do not have any OpenBSD partitions on the disk, you > could overwrite the on-disk disklabel, allow the kernel to generate one > automatically with the correct information, then optionally force it to be > written to the disk by running disklabel and entering 'w' at the > interactive prompt. > I would like to not modify the on-disk contents. Is there a way to get OpenBSD to recognize the partition without writing things to the disk?
Disk partition not recognized
I have two disks, one an MBR partitioned 1TB external SSD, and the other a GPT partitioned 5TB external HDD. Both have a single ExFAT partition on them and both have the same contents. Both show up as sd1 under "sysctl hw.disknames" (when plugged in one at a time, that is). I am able to mount the MBR partitioned SSD with the command mount.exfat-fuse /dev/sd1i /mnt however when I try the same command with the GPT partitioned HDD I get the error FUSE exfat 1.2.8 ERROR: failed to open '/dev/sd1i': Device not configured. I checked that the /dev/sd1i block device exists. I am running OpenBSD 6.9. Here's the output of disklabel sd1 # /dev/rsd1c: type: SCSI disk: SCSI disk label: Expansion Desk duid: flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 608001 total sectors: 9767541167 boundstart: 0 boundend: 9767541167 drivedata: 0 16 partitions: #size offset fstype [fsize bsize cpg] c: 97675411670 unused Here's the output of fdisk -v sd1 Primary GPT: Disk: sd1 Usable LBA: 34 to 9767541133 [9767541167 Sectors] GUID: 570ab069-1869-44ed-911b-a568af1275ff #: type [ start: size ] guid name 0: EFI Sys [ 40: 409600 ] a4bd4c86-177d-4e02-a9f9-afc51ade8d87 EFI System Partition 1: FAT12[ 411648: 9767129088 ] 7157c7e5-978f-4a43-96af-fa6648710488 Secondary GPT: Disk: sd1 Usable LBA: 34 to 9767541133 [9767541167 Sectors] GUID: 570ab069-1869-44ed-911b-a568af1275ff #: type [ start: size ] guid name 0: EFI Sys [ 40: 409600 ] a4bd4c86-177d-4e02-a9f9-afc51ade8d87 EFI System Partition 1: FAT12[ 411648: 9767129088 ] 7157c7e5-978f-4a43-96af-fa6648710488 MBR: Disk: sd1 geometry: 267349/255/63 [4294961685 Sectors] Offset: 0 Signature: 0xAA55 Starting Ending LBA Info: #: id C H S - C H S [ start:size ] --- 0: EE 0 0 2 - 267349 89 3 [ 1: 4294967294 ] EFI GPT 1: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 2: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused 3: 00 0 0 0 - 0 0 0 [ 0: 0 ] unused A problem seems to be that there is no disklabel entry for the ExFAT partition. Additionally, xxd successfully reads the first few sectors of /dev/sd1c so I don't think the hardware is the issue. How can I mount the HDD ExFAT partition? Thanks! Rob
Re: miniroot.img boot-looping on rpi-4b
Nothing is connected to the Pi except the USB-C for power, the SD card, and the 3 serial wires. On 5/9/21, Justin Yang wrote: > Do you have any USB disks connected to your pi? If so, try to remove that > and boot again to see if it works. > > On Sunday, May 9, 2021, Rob Whitlock wrote: > >> Hello, >> >> I am trying to install OpenBSD 6.9 on a Raspberry Pi 4B. I copied >> miniroot69.img to the SD card with this command: >> >> dd if=miniroot69.img of=/dev/rdisk2 bs=1m >> >> I put it in the Pi and upon boot it fails with this error message >> printed out through serial: >> >> U-Boot 2021.01 (Apr 16 2021 - 15:39:01 +1000) >> >> DRAM: 1.9 GiB >> RPI 4 Model B (0xb03114) >> MMC: mmcnr@7e30: 1, emmc2@7e34: 0 >> Loading Environment from FAT... ** No partition table - mmc 0 ** >> In:serial >> Out: serial >> Err: serial >> Net: eth0: ethernet@7d58 >> PCIe BRCM: link up, 5.0 Gbps x1 (SSC) >> starting USB... >> Bus xhci_pci: probe failed, error -110 >> No working controllers found >> Hit any key to stop autoboot: 0 >> switch to partitions #0, OK >> mmc0 is current device >> ** Bad device specification :1 bootfstype ** >> "Synchronous Abort" handler, esr 0x9604 >> elr: 0009197c lr : 000930c8 (reloc) >> elr: 3b36d97c lr : 3b36f0c8 >> x0 : 6d63625f646e7320 x1 : 5f656c62 >> x2 : 3b3d30a0 x3 : 0001 >> x4 : 3afe9fe0 x5 : >> x6 : 3b3d30a0 x7 : 3b3d30b0 >> x8 : 3afea070 x9 : 0008 >> x10: 3b3d07f2 x11: 3af64780 >> x12: x13: 0004 >> x14: 3af4be58 x15: >> x16: 4110 x17: 2285e5950900a046 >> x18: 3af57da0 x19: 3afe9940 >> x20: 0811 x21: 0811 >> x22: x23: >> x24: x25: >> x26: 0028 x27: 0003 >> x28: x29: 3af4bac0 >> >> Code: 2a1b03e1 97e5 2a0003f8 140d (f8777800) >> Resetting CPU ... >> >> resetting ... >> >> Any help would be appreciated. >> >> Rob >> >> > > -- > Justin Yang >
miniroot.img boot-looping on rpi-4b
Hello, I am trying to install OpenBSD 6.9 on a Raspberry Pi 4B. I copied miniroot69.img to the SD card with this command: dd if=miniroot69.img of=/dev/rdisk2 bs=1m I put it in the Pi and upon boot it fails with this error message printed out through serial: U-Boot 2021.01 (Apr 16 2021 - 15:39:01 +1000) DRAM: 1.9 GiB RPI 4 Model B (0xb03114) MMC: mmcnr@7e30: 1, emmc2@7e34: 0 Loading Environment from FAT... ** No partition table - mmc 0 ** In:serial Out: serial Err: serial Net: eth0: ethernet@7d58 PCIe BRCM: link up, 5.0 Gbps x1 (SSC) starting USB... Bus xhci_pci: probe failed, error -110 No working controllers found Hit any key to stop autoboot: 0 switch to partitions #0, OK mmc0 is current device ** Bad device specification :1 bootfstype ** "Synchronous Abort" handler, esr 0x9604 elr: 0009197c lr : 000930c8 (reloc) elr: 3b36d97c lr : 3b36f0c8 x0 : 6d63625f646e7320 x1 : 5f656c62 x2 : 3b3d30a0 x3 : 0001 x4 : 3afe9fe0 x5 : x6 : 3b3d30a0 x7 : 3b3d30b0 x8 : 3afea070 x9 : 0008 x10: 3b3d07f2 x11: 3af64780 x12: x13: 0004 x14: 3af4be58 x15: x16: 4110 x17: 2285e5950900a046 x18: 3af57da0 x19: 3afe9940 x20: 0811 x21: 0811 x22: x23: x24: x25: x26: 0028 x27: 0003 x28: x29: 3af4bac0 Code: 2a1b03e1 97e5 2a0003f8 140d (f8777800) Resetting CPU ... resetting ... Any help would be appreciated. Rob
Re: bwfm NVRAM file
On Fri, 13 Mar 2020 16:41:41 +0100 Patrick Wildt wrote: > On Fri, Mar 13, 2020 at 12:12:18PM +0100, Rob Schmersel wrote: > > Hello, > > > > In order to use a SDIO based bwfm device a "NVRAM" configuration > > file will be needed besides the firmware file. This configuration > > file is expected to be in the /etc/firmware directory, in the form > > of brcmfmac{chip}-sdio.txt OR brcmfmac{chip}-sdio.nvram > > > > The need for this configuration file is not described in the man > > page. However the device will not be usable without one and an > > error message will be shown in the dmesg: > > "failed loadfirmware of file: brcmfmac{chip}-sdio.txt" > > > > Can I suggest to below attached patch. > > > > I'm a bit unsure on how to indicate where the configuration file > > comes from: Under Linux it is recommended that you read the NVRAM > > contents from EFI, which I don't think is possible to do under > > OpenBSD > > > > Hunting down the configuration file through your favorite search > > engine can be a frustrating excercise, although you can find them > > occasionally included in a windows driver or a linux distro. > > > > Question: Are there plans to include the NVRAM files in > > bwfm_firmware package? > > It all depends! The NVRAM file is board-design-specific. So, let's > assume OpenBSD and NetBSD would each build their own machine, using > the same chip and firmware. The NVRAM file contains a configuration > for the chip, so that it e.g. can limit TX/antenna gain or whatever. > This is important for stuff like CE certification. There are quite a > few settings, so it's very likely that the one board's chip needs a > different configuration than the other one's chip. > > So where do we get this file? If it's an x86-based machine, it's > likely they stored it as EFI variable. In OpenBSD, so far only the > ARM ports support calling into the Runtime Services using efi(4). > Since we don't have support for efi(4) on x86, OpenBSD cannot read > the EFI variables. For that you'll have to boot Linux, or some > other OS that has that feature. On some other x86 machines, the > vendor might provide the file as part of a Windows firmware package. > > Is it different on ARMs? Well, yes, but not sure if worse or even > better. The NVRAM file can usually be found on the vendor's Github. > > linux-firmware.git has started collecting and distributing some of > the files. So that will be a helpful source for us. Otherwise we > will have to collect them ourselves. > > For ARM there's still one commit left so that we can supply per- > board NVRAM files more easily. In essence: We're working on it! > > Patrick > Aah I did not find linux-firmware.git during my search, most likely as I was looking for bcm43341 nvram. That is not there :) for reference attahced the file I got through the windows driver for this specific mini pc from china BR/Rob #AP6234_NVRAM_V1.2_20140820_WIN8.1 manfid=0x2d0 prodid=0x0653 vendid=0x14e4 devid=0x4386 boardtype=0x0653 boardrev=0x1203 boardnum=22 macaddr=00:90:4c:c5:12:38 sromrev=3 #boardflags: # bit 19 3tswitch: 2.4GHz FEM: SP3T switch share with BT # bit 16 nopa: no external pa #keep original 0x200 boardflags=0x0090201 xtalfreq=37400 nocrc=1 ag0=255 aa2g=1 ccode=CN pa0itssit=0x20 #PA parameters for 2.4GHz #pa0b0=6957 default pa0b0=6727 pa0b1=-858 pa0b2=-178 tssifloor2g=69 # rssi params for 2.4GHz rssismf2g=0xf rssismc2g=0x8 rssisav2g=0x1 cckPwrOffset=3 # rssi params for 5GHz rssismf5g=0xf rssismc5g=0x7 #rssisav5g=0x1 rssisav5g=0x3 #PA parameters for lower a-band #pa1lob0=5659 default pa1lob0=5859 #pa1lob0=5659 pa1lob1=-693 pa1lob2=-178 tssifloor5gl=77 #PA parameters for midband pa1b0=5372 #pa1b0=5172 pa1b1=-671 pa1b2=-212 tssifloor5gm=77 #PA paramasdeters for high band #pa1hib0=5320 default pa1hib0=5620 #pa1hib1=-963 pa1hib1=-663 pa1hib2=-179 tssifloor5gh=74 rxpo5g=0 maxp2ga0=72 # 19.5dBm max; 18dBm target #Per rate power back-offs for g band, in .5 dB steps. Set it once you have the right numbers. cck2gpo=0x ofdm2gpo=0x # R54 16dBm; R48 17dBm; others 18dBm mcs2gpo0=0x # M0~ M4 17dBm mcs2gpo1=0x # M5M6 15dBm; M7 14.5dBm #max power for 5G maxp5ga0=68 # 16dBm target; 17.5dBm Max maxp5gla0=68 maxp5gha0=68 #Per rate power back-offs for a band, in .5 dB steps. Set it once you have the right numbers. ofdm5gpo=0x # R54 13.5dBm ofdm5glpo=0x ofdm5ghpo=0x mcs5gpo0=0x # M0~M4 16dBm (1dB higher than ofdm) mcs5gpo1=0x # M5M6 13.5dBm; M7 12dBm mcs5glpo0=0x mcs5glpo1=0x mcs5ghpo0=0x mcs5ghpo1=0x # Parameters for DAC2x mode and ALPF bypass # RF SW Truth Table: ctrl0 for BT_TX; ctrl1 or 5G Tx; ctrl2 for 5G Rx; Ctrl3
Re: bwfm NVRAM file
On Fri, 13 Mar 2020 13:41:48 +0100 Stefan Sperling wrote: > On Fri, Mar 13, 2020 at 12:12:18PM +0100, Rob Schmersel wrote: > > Question: Are there plans to include the NVRAM files in > > bwfm_firmware package? > > Yes, this is being worked on. See these recent commits by Patrick: > https://marc.info/?l=openbsd-cvs=158357502421524=2 > https://marc.info/?l=openbsd-cvs=158348413626641=2 > https://marc.info/?l=openbsd-cvs=158348535827039=2 > > I am not involved but it sounds like this issue could be resolved > in time for the next release. But please have patience. perfect :)
bwfm NVRAM file
Hello, In order to use a SDIO based bwfm device a "NVRAM" configuration file will be needed besides the firmware file. This configuration file is expected to be in the /etc/firmware directory, in the form of brcmfmac{chip}-sdio.txt OR brcmfmac{chip}-sdio.nvram The need for this configuration file is not described in the man page. However the device will not be usable without one and an error message will be shown in the dmesg: "failed loadfirmware of file: brcmfmac{chip}-sdio.txt" Can I suggest to below attached patch. I'm a bit unsure on how to indicate where the configuration file comes from: Under Linux it is recommended that you read the NVRAM contents from EFI, which I don't think is possible to do under OpenBSD Hunting down the configuration file through your favorite search engine can be a frustrating excercise, although you can find them occasionally included in a windows driver or a linux distro. Question: Are there plans to include the NVRAM files in bwfm_firmware package? Index: share/man/man4/bwfm.4 === RCS file: /cvs/src/share/man/man4/bwfm.4,v retrieving revision 1.10 diff -u -p -u -r1.10 bwfm.4 --- share/man/man4/bwfm.4 10 Nov 2019 14:10:41 - 1.10 +++ share/man/man4/bwfm.4 11 Mar 2020 15:41:49 - @@ -77,10 +77,18 @@ driver can be configured at runtime with or on boot with .Xr hostname.if 5 . .Sh FILES -The driver needs a firmware file which is loaded when the driver -attaches. +The +.Nm +driver needs a firmware file which is loaded when the +.Nm +driver attaches. A prepackaged version of the firmware can be installed using .Xr fw_update 1 . +.Pp +sdmmc connected devices need in addition a NVRAM configuration file, +which is also loaded when the +.Nm +driver attaches. .Sh EXAMPLES The following example scans for available networks: .Pp
add HISTORY to ldap.1
Ok? Index: ldap.1 === RCS file: /cvs/src/usr.bin/ldap/ldap.1,v retrieving revision 1.7 diff -u -p -r1.7 ldap.1 --- ldap.1 3 Jul 2018 10:10:09 - 1.7 +++ ldap.1 3 Jul 2018 19:19:21 - @@ -233,6 +233,11 @@ Match Group ldapusers .%R RFC 4516 .%T Lightweight Directory Access Protocol (LDAP): Uniform Resource Locator .Re +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 6.4 . .Sh AUTHORS .An -nosplit The
ber.3 diff from last ber source commit
I mistakenly committed modifications to the ber.3 man page (in snmpd). This man page is currently not linked into the build. I am sending this diff post-commit for visibility only. A work in progress. Comments welcome. Regards, Index: ber.3 === RCS file: /cvs/src/usr.sbin/snmpd/ber.3,v retrieving revision 1.13 retrieving revision 1.14 diff -u -p -r1.13 -r1.14 --- ber.3 1 Oct 2013 12:48:27 - 1.13 +++ ber.3 29 Jun 2018 15:18:03 - 1.14 @@ -1,4 +1,4 @@ -.\" $OpenBSD: ber.3,v 1.13 2013/10/01 12:48:27 reyk Exp $ +.\" $OpenBSD: ber.3,v 1.14 2018/06/29 15:18:03 rob Exp $ .\" .\" Copyright (c) 2007, 2012 Reyk Floeter .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: October 1 2013 $ +.Dd $Mdocdate: June 29 2018 $ .Dt BER 3 .Os .Sh NAME @@ -25,8 +25,10 @@ .Nm ber_replace_elements , .Nm ber_add_sequence , .Nm ber_add_set , +.Nm ber_add_enumerated , .Nm ber_add_integer , .Nm ber_get_integer , +.Nm ber_get_enumerated , .Nm ber_add_boolean , .Nm ber_get_boolean , .Nm ber_add_string , @@ -40,10 +42,12 @@ .Nm ber_add_eoc , .Nm ber_get_eoc , .Nm ber_add_oid , +.Nm ber_add_noid , .Nm ber_add_oidstring , .Nm ber_get_oid , .Nm ber_oid2ber , .Nm ber_string2oid , +.Nm ber_oid_cmp , .Nm ber_printf_elements , .Nm ber_scanf_elements , .Nm ber_get_writebuf , @@ -54,7 +58,7 @@ .Nm ber_free_elements , .Nm ber_calc_len , .Nm ber_set_application , -.Nm ber_set_writecallback +.Nm ber_set_writecallback , .Nm ber_free .Nd parse ASN.1 with Basic Encoding Rules .Sh SYNOPSIS @@ -78,6 +82,10 @@ .Ft "int" .Fn "ber_get_integer" "struct ber_element *root" "long long *val" .Ft "struct ber_element *" +.Fn "ber_add_enumerated" "struct ber_element *prev" "long long val" +.Ft "int" +.Fn "ber_get_enumerated" "struct ber_element *root" "long long *val" +.Ft "struct ber_element *" .Fn "ber_add_boolean" "struct ber_element *prev" "int bool" .Ft "int" .Fn "ber_get_boolean" "struct ber_element *root" "int *bool" @@ -104,6 +112,8 @@ .Ft "struct ber_element *" .Fn "ber_add_oid" "struct ber_element *prev" "struct ber_oid *oid" .Ft "struct ber_element *" +.Fn "ber_add_noid" "struct ber_element *prev" "struct ber_oid *oid, int n" +.Ft "struct ber_element *" .Fn "ber_add_oidstring" "struct ber_element *prev" "const char *string" .Ft "int" .Fn "ber_get_oid" "struct ber_element *root" "struct ber_oid *oid" @@ -111,6 +121,8 @@ .Fn "ber_oid2ber" "struct ber_oid *oid" "u_int8_t *buf" "size_t size" .Ft "int" .Fn "ber_string2oid" "const char *string" "struct ber_oid *oid" +.Ft "int" +.Fn "ber_oid_cmp" "struct ber_oid *oid" "struct ber_oid *oid" .Ft "struct ber_element *" .Fn "ber_printf_elements" "struct ber_element *prev" "char *format" "..." .Ft "int" @@ -153,6 +165,8 @@ using the .Fn ber_add_set , .Fn ber_add_integer , .Fn ber_get_integer , +.Fn ber_add_enumerated , +.Fn ber_get_enumerated , .Fn ber_add_boolean , .Fn ber_get_boolean , .Fn ber_add_string , @@ -182,11 +196,12 @@ struct ber_oid { .Ed .Pp .Fn ber_add_oid , +.Fn ber_add_noid , .Fn ber_add_oidstring , .Fn ber_get_oid , .Fn ber_oid2ber , -.Fn ber_oid_cmp , .Fn ber_string2oid +.Fn ber_oid_cmp , .Sh FORMAT STRINGS .Fn ber_printf_elements , .Fn ber_scanf_elements @@ -203,6 +218,7 @@ struct ber_oid { .Sh RETURN VALUES Upon successful completion .Fn ber_get_integer , +.Fn ber_get_enumerated , .Fn ber_get_boolean , .Fn ber_get_string , .Fn ber_get_nstring , @@ -225,6 +241,9 @@ The .Nm ber manpage first appeared in .Ox 4.3 . +.Sh STANDARDS +ITU-T Recommendation X.690, also known as ISO/IEC 8825-1: +Information technology - ASN.1 encoding rules. .Sh AUTHORS .An -nosplit The @@ -234,5 +253,13 @@ library was written by .An Marc Balmer Aq Mt m...@openbsd.org and .An Reyk Floeter Aq Mt r...@openbsd.org . +.Sh CAVEATS +Only the subset of +.Nm ber +data types specified above are supported. +.Pp +Indefinite length +.Nm ber +encoding is not supported. .Sh BUGS This manpage is a stub.
Re: dhclient release a lease?
On Mon, 14 May 2018 19:36:12 -0400 Quartzwrote: > > Currently there is no facility in dhclient(8) to issue RELEASE > > messages. I had no recollection of adding such a thing, and a > > quick > > > confirmed there is no DHCPRELEASE related code. > > Ergh. OK thanks, that's super annoying that it's not there. > > >Which > > signal(s) are used elsewhere to trigger RELEASE? Goggle is not > > coughing up an obvious answer. :-) > > It varies, IIRC on at least on other linux or bsd distro sending HUP > took a more literal approach ("hang up and leave") and sent a DHCP > release before nuking its lease cache, and I'm pretty sure somewhere > else you could send "SIGUSR2" or something. > On Red Hat/Debian (and derivatives) they use dhclient which has a -r switch to release the lease. From the man page: -r Release the current lease and stop the running DHCP client as previously recorded in the PID file. When shutdown via this method dhclient-script will be executed with the specific reason for calling the script set. The client normally doesn't release the current lease as this is not required by the DHCP protocol but some cable ISPs require their clients to notify the server if they wish to release an assigned IP address.
Re: event.3: libevent no longer prints to stderr
On Fri, Aug 04, 2017 at 07:53:19PM +0200, Ingo Schwarze wrote: > Hi Rob, > > thanks for looking at libevent documentation. It is in dire need > of improvements in multiple respects. > > Rob Pierce wrote on Fri, Aug 04, 2017 at 10:21:16AM -0400: > > > As of the last commit to src/lib/libevent/log.c the library > > no longer prints to stderr. Update man page accordingly. > > > > Ok? > > But honestly, i'm not convinced that this patch is right. > > Look at event.c. EVENT_SHOW_METHOD is still inspected (line 154), > and if it is set, the library does issue a message. > > But looking at the code and at the documentation, i instantly > see lots and lots of issues that need fixing. Unsorted: > > * EVENT_SHOW_METHOD ought to be documented in the ENVIRONMENT >section. The section name "ADDITIONAL NOTES" is bogus. > > * If you document an ENVIRONMENT variable, you should also say >which value(s) it is supposed to have (in this case, the value >is ignored, and even an empty value counts as "set", which is >not at all obvious). > > * The information is missing that that the variable is ignored >in setuid and setgid programs as defined by issetugid(2). > > * Talking about "displaying" something is useless in library >documentation. You also have to explain where the message >will appear. Certainly not on stdout, right? > > * In this case, the message won't appear anywhere at all by default, >not even in the system logs. > > * To make *any* messages from libevent appear anywhere at all, >the application program has to supply a logging callback >function using the public interface function >event_set_log_callback(3). Unfortunately, man -k tells me >that function isn't documented anywhere at all. >A classic case of user-level RTFS... :-( ... and there it is! Thanks Ingo. I didn't go deep enough. > * Don't you dare add yet more functions to event(3). >It is already of excessive size and conflating documentation for >classes of functions almost unrelated to each other - like, >what's the point of having signal_set(3) and bufferevent_read(3) >in the same manual page? > > I dimly remeber that somebody tried and started to clean this mess > up some years ago, but wasn't persistent enough to go anywhere with > it. If you want to look at that and don't find it instantly, i can > dig it up for you. Or you can simply start from scratch, the old > discussion didn't go so far that much would be lost starting over. > > If you want to tackle this, expect several days of work, > involving much reading of code. I will put it on my list! Regards, Rob > Yours, > Ingo > > > > Index: event.3 > > === > > RCS file: /cvs/src/lib/libevent/event.3,v > > retrieving revision 1.53 > > diff -u -p -r1.53 event.3 > > --- event.3 29 Jun 2017 01:25:59 - 1.53 > > +++ event.3 4 Aug 2017 14:08:44 - > > @@ -517,10 +517,6 @@ by setting the environment variable > > or > > .Va EVENT_NOSELECT , > > respectively. > > -By setting the environment variable > > -.Va EVENT_SHOW_METHOD , > > -.Nm libevent > > -displays the kernel notification method that it uses. > > .Sh RETURN VALUES > > Upon successful completion > > .Fn event_add
event.3: libevent no longer prints to stderr
As of the last commit to src/lib/libevent/log.c the library no longer prints to stderr. Update man page accordingly. Ok? Index: event.3 === RCS file: /cvs/src/lib/libevent/event.3,v retrieving revision 1.53 diff -u -p -r1.53 event.3 --- event.3 29 Jun 2017 01:25:59 - 1.53 +++ event.3 4 Aug 2017 14:08:44 - @@ -517,10 +517,6 @@ by setting the environment variable or .Va EVENT_NOSELECT , respectively. -By setting the environment variable -.Va EVENT_SHOW_METHOD , -.Nm libevent -displays the kernel notification method that it uses. .Sh RETURN VALUES Upon successful completion .Fn event_add
getifaddrs.3 xref to if_nameindex
if_nameindex(3) references getifaddrs(3). A getifaddrs(3) xref back to if_nameindex might be helpful. I found it the hard way. Rob Index: getifaddrs.3 === RCS file: /cvs/src/lib/libc/net/getifaddrs.3,v retrieving revision 1.21 diff -u -p -r1.21 getifaddrs.3 --- getifaddrs.321 Nov 2015 07:48:10 - 1.21 +++ getifaddrs.323 Jul 2017 16:54:33 - @@ -133,6 +133,7 @@ or .Sh SEE ALSO .Xr ioctl 2 , .Xr socket 2 , +.Xr if_nameindex 3 , .Xr sysctl 3 , .Xr netintro 4 , .Xr ifconfig 8
ifstated.conf.5 diff
I am not sure that it makes sense to mention implementation details in the man page in this regard (i.e. libevent). If people want to know the details, they can read the source code. In any event, true and false are not reserved words. Regards, Rob Index: ifstated.conf.5 === RCS file: /cvs/src/usr.sbin/ifstated/ifstated.conf.5,v retrieving revision 1.9 diff -u -p -r1.9 ifstated.conf.5 --- ifstated.conf.5 24 Apr 2012 14:56:09 - 1.9 +++ ifstated.conf.5 7 Jul 2017 13:36:22 - @@ -101,10 +101,7 @@ net = '( "ping -q -c 1 -w 1 192.168.0.1 .Sh TESTS AND EVENTS .Xr ifstated 8 delegates the process of testing to libevent which associates a value with -every test, in this case -.Em true -or -.Em false . +every test, in this case true or false . Whenever the value of a test associated with the current state changes, an event is triggered and the state's body is processed. .Sh STATE DEFINITIONS
missing punctuation in hifn.4 and hardclock.9
Stumbled across these in my travels. Rob Index: man4/hifn.4 === RCS file: /cvs/src/share/man/man4/hifn.4,v retrieving revision 1.50 diff -u -p -r1.50 hifn.4 --- man4/hifn.4 10 Dec 2015 21:00:51 - 1.50 +++ man4/hifn.4 27 Sep 2016 04:27:25 - @@ -36,7 +36,7 @@ The .Nm driver supports various cards containing the Hifn 7751, Hifn 7811, Hifn 7951, -Hifn 7955, Hifn 7956, or Hifn 9751 chipsets, such as +Hifn 7955, Hifn 7956, or Hifn 9751 chipsets, such as: .Bl -tag -width namenamenamena -offset indent .It Invertex AEON Comes as 128KB SRAM model, or 2MB DRAM model. Index: man9/hardclock.9 === RCS file: /cvs/src/share/man/man9/hardclock.9,v retrieving revision 1.11 diff -u -p -r1.11 hardclock.9 --- man9/hardclock.93 Apr 2016 06:43:59 - 1.11 +++ man9/hardclock.927 Sep 2016 04:27:39 - @@ -47,7 +47,7 @@ is an opaque, machine dependent structur previous machine state. .Pp .Fn hardclock -performs a variety of time related housekeeping tasks, such as +performs a variety of time related housekeeping tasks, such as: .Bl -bullet -offset indent .It If the current process has virtual or profiling interval
Re: minor updates to radiusd.8
New diff excluding the history section. Rob Index: radiusd.8 === RCS file: /cvs/src/usr.sbin/radiusd/radiusd.8,v retrieving revision 1.6 diff -u -p -r1.6 radiusd.8 --- radiusd.8 25 Aug 2015 01:12:59 - 1.6 +++ radiusd.8 18 Sep 2016 16:32:01 - @@ -29,6 +29,12 @@ The .Nm daemon implements the RADIUS protocol. .Pp +.Nm +can be enabled during system boot by setting the following in +.Pa /etc/rc.conf.local : +.Pp +.Dl radiusd_flags=\&"\&" +.Pp The options are as follows: .Bl -tag -width Ds .It Fl d @@ -49,7 +55,10 @@ Only check the configuration file for va Default configuration file. .El .Sh SEE ALSO -.Xr radiusd.conf 5 +.Xr radiusd.conf 5 , +.Xr radiusctl 8 , +.Xr rc.conf 8 +.Sh STANDARDS .Rs .%R RFC 2865 .%T "Remote Authentication Dial In User Service (RADIUS)"
minor updates to radiusd.8
Index: radiusd.8 === RCS file: /cvs/src/usr.sbin/radiusd/radiusd.8,v retrieving revision 1.6 diff -u -p -r1.6 radiusd.8 --- radiusd.8 25 Aug 2015 01:12:59 - 1.6 +++ radiusd.8 18 Sep 2016 15:10:26 - @@ -29,6 +29,12 @@ The .Nm daemon implements the RADIUS protocol. .Pp +.Nm +can be enabled during system boot by setting the following in +.Pa /etc/rc.conf.local : +.Pp +.Dl radiusd_flags=\&"\&" +.Pp The options are as follows: .Bl -tag -width Ds .It Fl d @@ -49,9 +55,17 @@ Only check the configuration file for va Default configuration file. .El .Sh SEE ALSO -.Xr radiusd.conf 5 +.Xr radiusd.conf 5 , +.Xr radiusctl 8 , +.Xr rc.conf 8 +.Sh STANDARDS .Rs .%R RFC 2865 .%T "Remote Authentication Dial In User Service (RADIUS)" .%D June 2000 .Re +.Sh HISTORY +The +.Nm +program first appeared in +.Ox 5.8 .
some more single user mode in /etc/rc
I wasn't actually looking for this, but stumbled across it while reviewing /etc/rc. Rob Index: rc === RCS file: /cvs/src/etc/rc,v retrieving revision 1.486 diff -u -p -r1.486 rc --- rc 10 Jul 2016 09:08:18 - 1.486 +++ rc 5 Sep 2016 14:54:47 - @@ -262,7 +262,7 @@ do_fsck() { stty status '^T' # Set shell to ignore SIGINT (2), but not children; shell catches SIGQUIT (3) -# and returns to single user after fsck. +# and returns to single-user mode after fsck. trap : 2 trap : 3 # Shouldn't be needed. @@ -289,9 +289,9 @@ if [[ $1 == shutdown ]]; then echo warning: cannot write random seed to disk fi - # If we are in secure level 0, assume single user mode. + # If we are in secure level 0, assume single-user mode. if (($(sysctl -n kern.securelevel) == 0)); then - echo 'single user: not running shutdown scripts' + echo 'single-user mode: not running shutdown scripts' else pkg_scripts=${pkg_scripts%%*( )} if [[ -n $pkg_scripts ]]; then
fix inconsistent man page use of "single user mode"
init.8 currently has six instances of "single-user mode" and three instances of "single-user shell", so fix the two "single user mode" outliers. Also, correct the only other two instances of man pages with "single user mode" in afterboot.8 and netstart.8. Index: init.8 === RCS file: /cvs/src/sbin/init/init.8,v retrieving revision 1.47 diff -u -p -r1.47 init.8 --- init.8 4 Sep 2011 18:20:48 - 1.47 +++ init.8 5 Sep 2016 12:24:32 - @@ -68,7 +68,7 @@ file as explained in the .Xr rc 8 manual. .It Fl s -Boot directly into single user mode. +Boot directly into single-user mode. .El .Pp Single-user mode is also entered if the boot scripts fail. @@ -265,7 +265,7 @@ When starting a window system or the login class .Dq default is used. -No resource changes are made when entering single user mode. +No resource changes are made when entering single-user mode. .Sh FILES .Bl -tag -width /etc/rc.securelevel -compact .It Pa /dev/console Index: afterboot.8 === RCS file: /cvs/src/share/man/man8/afterboot.8,v retrieving revision 1.156 diff -u -p -r1.156 afterboot.8 --- afterboot.8 2 Sep 2016 12:17:33 - 1.156 +++ afterboot.8 5 Sep 2016 12:29:10 - @@ -386,7 +386,7 @@ For example: .Ss System command scripts The .Pa /etc/rc.*\& -scripts are invoked at boot time, after single user mode has exited, +scripts are invoked at boot time, after single-user mode has exited, and at shutdown. The whole process is controlled, more or less, by the master script .Pa /etc/rc . Index: netstart.8 === RCS file: /cvs/src/share/man/man8/netstart.8,v retrieving revision 1.20 diff -u -p -r1.20 netstart.8 --- netstart.8 5 Dec 2015 18:43:12 - 1.20 +++ netstart.8 5 Sep 2016 12:29:10 - @@ -38,7 +38,7 @@ .Nm is the command script that is invoked by .Xr rc 8 -during an automatic reboot and after single user mode is exited; +during an automatic reboot and after single-user mode is exited; it performs network initialization. .Pp The
Consistent case and full stop in rc.8
Index: rc.8 === RCS file: /cvs/src/share/man/man8/rc.8,v retrieving revision 1.42 diff -u -p -r1.42 rc.8 --- rc.821 Nov 2015 19:43:50 - 1.42 +++ rc.85 Sep 2016 11:34:57 - @@ -194,11 +194,11 @@ not to run .Xr fsck 8 during the next boot. .It Pa /var/run/dmesg.boot -copy of +Copy of .Xr dmesg 8 saved by .Nm rc -at boot time +at boot time. .El .Sh SEE ALSO .Xr sysctl.conf 5 ,
s/separate/separated/ in pledge.2
Index: pledge.2 === RCS file: /cvs/src/lib/libc/sys/pledge.2,v retrieving revision 1.34 diff -u -p -r1.34 pledge.2 --- pledge.21 Sep 2016 10:06:30 - 1.34 +++ pledge.25 Sep 2016 11:08:34 - @@ -126,7 +126,7 @@ once. .Pp The .Ar promises -is specified as a string, with space separate keywords: +is specified as a string, with space separated keywords: .Bl -tag -width "tmppath" -offset indent .It Va "stdio" The following system calls are permitted to allow most basic functions
use router instead of forwarding gateway in faq6.html
The Background sections in both the Networking and PF - Building a Router FAQ use the term "router" as oppose to "forwarding gateway". As such, be consistent with the corresponding title in faq6.html. This may also be less confusing if relayd(8) is mentioned as providing application layer gateway functionality as suggested in my last diff sent to tech@. Alternatively, if "forwarding gateway" remains, consider referencing IP and/or network layer / layer 3 in the title. Regards, Rob Index: faq6.html === RCS file: /cvs/www/faq/faq6.html,v retrieving revision 1.383 diff -u -p -r1.383 faq6.html --- faq6.html 15 Aug 2016 02:22:13 - 1.383 +++ faq6.html 4 Sep 2016 13:37:14 - @@ -400,8 +400,7 @@ localhostLOCALHOST UH BASE-ADDRESS.MCA LOCALHOST U -Setting up your OpenBSD box as a forwarding -gateway +Setting up your OpenBSD box as a router This is covered in more detail here.
Re: remove password advice in afterboot.8 and passwd.1
> From: "Jason McIntyre" <j...@kerhand.co.uk> > To: "misc" <misc@openbsd.org> > Sent: Monday, April 18, 2016 2:03:26 AM > Subject: Re: remove password advice in afterboot.8 and passwd.1 > On Sun, Apr 17, 2016 at 11:23:14PM -0400, Rob Pierce wrote: > > Stop giving password advice. Instead, make a general statement about > > password > > strength in passwd.1. > > Rob > i don;t see why we should not try to give advice. After reading https://marc.info/?t=14173169791=1=2 (and other articles) I thought maybe the advice provided was no longer as relevant as it once was, and that this advice would require maintenance in two separate documents. However, after continued reading on the topic, maybe it is still strong advice that will stand the test of time, good information for new users, and consistent enough across both manual pages. Not sure. Rob
remove password advice in afterboot.8 and passwd.1
Stop giving password advice. Instead, make a general statement about password strength in passwd.1. Rob Index: afterboot.8 === RCS file: /cvs/src/share/man/man8/afterboot.8,v retrieving revision 1.153 diff -u -p -r1.153 afterboot.8 --- afterboot.8 8 Dec 2015 13:36:05 - 1.153 +++ afterboot.8 18 Apr 2016 03:18:04 - @@ -103,10 +103,6 @@ Change the password for the root user. (Note that throughout the documentation, the term .Dq superuser is a synonym for the root user.) -Choose a password that has digits and special characters -as well as from the upper and lower case alphabet. -Do not choose any word in any language. -It is common for an intruder to use dictionary attacks. Type the following command to change it: .Pp .Dl $ doas passwd root @@ -594,6 +590,7 @@ is contained within .Xr doas 1 , .Xr ksh 1 , .Xr man 1 , +.Xr passwd 1 , .Xr pkg_add 1 , .Xr ps 1 , .Xr vi 1 , Index: passwd.1 === RCS file: /cvs/src/usr.bin/passwd/passwd.1,v retrieving revision 1.44 diff -u -p -r1.44 passwd.1 --- passwd.126 Nov 2015 19:01:47 - 1.44 +++ passwd.118 Apr 2016 03:18:42 - @@ -49,13 +49,10 @@ First, the user is prompted for their cu If the current password is correctly typed, a new password is requested. The new password must be entered twice to avoid typing errors. .Pp -The new password should be at least six characters long and not -purely alphabetic. -Its total length must be less than +Password strength is a function of length and complexity. +The total password length must be less than .Dv _PASSWORD_LEN (currently 128 characters). -A mixture of both lower and uppercase letters, numbers, and -meta-characters is encouraged. .Pp The quality of the password can be enforced by specifying an external checking program via the
Re: man pages diff
> From: "Alexander Hall" <alexan...@beard.se> > To: "Jason McIntyre" <j...@kerhand.co.uk>, "misc" <misc@openbsd.org> > Cc: "Ingo Schwarze" <schwa...@usta.de> > Sent: Saturday, April 9, 2016 4:15:10 AM > Subject: Re: man pages diff > On April 7, 2016 10:40:24 PM GMT+02:00, Jason McIntyre <j...@kerhand.co.uk> > wrote: > >On Thu, Apr 07, 2016 at 10:13:02PM +0200, Ingo Schwarze wrote: > >> Hi, > >> Jason McIntyre wrote on Thu, Apr 07, 2016 at 08:35:52PM +0100: > >> > On Thu, Apr 07, 2016 at 03:15:01PM -0400, Rob Pierce wrote: > >> >> Change "super user" to "superuser". > >> > hmm. you have the weight of the man pages behind you, since they > >> > overwhelmingly use "superuser". > >> In that case, ... > >> > the trouble is, i don;t think "super > >> > user" is wrong, and i'm reluctant to do this... I just noticed this in afterboot.1 under the "Root password" section: "Note that throughout the documentation, the term "superuser" is a synonym for the root user." Rob
Re: diff for help.1
> From: "Pavan Maddamsetti" <pavan.maddamse...@gmail.com> > To: "misc" <misc@openbsd.org> > Sent: Friday, April 15, 2016 10:55:28 PM > Subject: Re: diff for help.1 > > Why not ed? vi(1) mentions ex(1) which is maybe good enough for a new user. Both the "Welcome to OpenBSD" email message as well as help.1 reference man and highlight the -k option, so maybe that is enough. Running man -k editor lists them all. When I reviewed help.1, given the other commands presented (e.g. cd, ls, cat) I would have expected some mention of a text editor to help a new user/admin (though afterboot.1 does reference vi(1) under SEE ALSO). Rob
Re: diff for help.1
On Fri, Apr 15, 2016 at 04:16:59PM -0400, Rob Pierce wrote: > Recent FAQ cleanup lost a reference to mg(1) (section 2.2). > > Text editors seem fundamental enough to include in help.1. > > While here, make consistent use of references to command arguments (Ar). > > Rob Sorry - clean diff with stray comments removed. Rob Index: help.1 === RCS file: /cvs/src/share/man/man1/help.1,v retrieving revision 1.1 diff -u -p -r1.1 help.1 --- help.1 27 Mar 2015 01:59:26 - 1.1 +++ help.1 15 Apr 2016 23:40:33 - @@ -88,7 +88,7 @@ in the system password file .It Cm man Interface to the system manual pages. For any of the commands listed below, type -.Ic man +.Ic man Ar command for detailed information on what it does and how to use it. .It Cm pwd Print working directory. @@ -109,12 +109,18 @@ Type for a detailed listing. .It Cm cat Although it has many more uses, -.Ic cat filename +.Ic cat Ar filename will print the contents of a plain-text file to the screen. +.It Cm vi +Edit text files. +For example, +.Ic vi Ar filename . +See also +.Xr mg 1 . .It Cm mkdir Make a directory. For example, -.Ic mkdir foobar . +.Ic mkdir Ar dirname . .It Cm rmdir Remove a directory. .It Cm rm
diff for help.1
Recent FAQ cleanup lost a reference to mg(1) (section 2.2). Text editors seem fundamental enough to include in help.1. While here, make consistent use of references to command arguments (Ar). Rob Index: help.1 === RCS file: /cvs/src/share/man/man1/help.1,v retrieving revision 1.1 diff -u -p -r1.1 help.1 --- help.1 27 Mar 2015 01:59:26 - 1.1 +++ help.1 15 Apr 2016 20:14:16 - @@ -88,7 +88,7 @@ in the system password file .It Cm man Interface to the system manual pages. For any of the commands listed below, type -.Ic man +.Ic man Ar command for detailed information on what it does and how to use it. .It Cm pwd Print working directory. @@ -109,12 +109,20 @@ Type for a detailed listing. .It Cm cat Although it has many more uses, -.Ic cat filename +.Ic cat Ar filename will print the contents of a plain-text file to the screen. +.It Cm vi +Edit text files. +.\" For example, +.\" .Ic vi Ar filename . +For example, +.Ic vi Ar filename . +See also +.Xr mg 1 . .It Cm mkdir Make a directory. For example, -.Ic mkdir foobar . +.Ic mkdir Ar dirname . .It Cm rmdir Remove a directory. .It Cm rm
add "route" promise to pledge.2
I wasn't sure of where to put it in the list. How is this? Rob Index: pledge.2 === RCS file: /cvs/src/lib/libc/sys/pledge.2,v retrieving revision 1.27 diff -u -p -r1.27 pledge.2 --- pledge.211 Mar 2016 06:36:51 - 1.27 +++ pledge.27 Apr 2016 20:00:19 - @@ -80,7 +80,8 @@ Only the and .Dv FIONBIO operations are allowed by default. -Use of the "tty" and "ioctl" promises receive more ioctl requests. +Use of the "tty", "ioctl", "route", "pf" and "audio" promises receive more ioctl +requests. .Pp .It Xr chmod 2 .It Xr fchmod 2 @@ -493,6 +494,21 @@ process: .Xr setrlimit 2 , .Xr getpriority 2 , .Xr setpriority 2 . +.It Va "route" +Allows a subset of +.Xr ioctl 2 +operations on network interfaces: +.Pp +.Dv SIOCGIFADDR , +.Dv SIOCGIFFLAGS , +.Dv SIOCGIFMETRIC , +.Dv SIOCGIFGMEMB , +.Dv SIOCGIFRDOMAIN , +.Dv SIOCGIFDSTADDR_IN6 , +.Dv SIOCGIFNETMASK_IN6 , +.Dv SIOCGNBRINFO_IN6 , +.Dv SIOCGIFINFO_IN6 , +.Dv SIOCGIFMEDIA . .It Va "pf" Allows a subset of .Xr ioctl 2
man pages diff
Change "super user" to "superuser". Rob Index: src/share/man/man4/pty.4 === RCS file: /cvs/src/share/man/man4/pty.4,v retrieving revision 1.21 diff -u -p -r1.21 pty.4 --- src/share/man/man4/pty.421 Nov 2015 08:04:20 - 1.21 +++ src/share/man/man4/pty.47 Apr 2016 19:12:07 - @@ -298,7 +298,7 @@ device nodes following the naming conven .Ox . Since .Pa ptm -impersonates the super user for some operations it needs to perform +impersonates the superuser for some operations it needs to perform to complete the allocation of a pseudo terminal, the .Pa /dev -directory must also be writeable by the super user. +directory must also be writeable by the superuser. Index: src/share/man/man5/login.conf.5 === RCS file: /cvs/src/share/man/man5/login.conf.5,v retrieving revision 1.62 diff -u -p -r1.62 login.conf.5 --- src/share/man/man5/login.conf.5 30 Mar 2016 06:58:06 - 1.62 +++ src/share/man/man5/login.conf.5 7 Apr 2016 19:12:07 - @@ -683,7 +683,7 @@ to indicate if the user is in group whee Some authentication types require the user to be in group wheel when using the .Xr su 1 -program to become super user. +program to become superuser. .El .Pp When the authentication program is executed, Index: src/usr.sbin/cron/crontab.1 === RCS file: /cvs/src/usr.sbin/cron/crontab.1,v retrieving revision 1.33 diff -u -p -r1.33 crontab.1 --- src/usr.sbin/cron/crontab.1 26 Oct 2015 15:50:06 - 1.33 +++ src/usr.sbin/cron/crontab.1 7 Apr 2016 19:12:07 - @@ -65,7 +65,7 @@ be listed in the .Pa /var/cron/cron.deny file in order to use .Nm . -If neither of these files exists then only the super user +If neither of these files exists then only the superuser will be allowed to use .Nm . .Em NOTE :
faq4.html
It looks like the cdrkit web site has been down for a while. Point to the debian package instead, or maybe delete altogether? Rob Index: faq4.html === RCS file: /cvs/www/faq/faq4.html,v retrieving revision 1.439 diff -u -p -r1.439 faq4.html --- faq4.html 1 Apr 2016 15:25:47 - 1.439 +++ faq4.html 2 Apr 2016 14:15:51 - @@ -266,7 +266,7 @@ In OpenBSD, you can create a CD from an Modern Windows and Macintosh systems can directly create CDs from ISO images. On Linux or other Unix-like systems, use applications such as -http://www.cdrkit.org/;>cdrkit. +https://packages.debian.org/source/sid/cdrkit;>cdrkit. 4.3.3 - Floppies
Re: faq12.html
> From: "Nick Holland"> To: "misc" > Sent: Wednesday, March 30, 2016 12:14:23 PM > Subject: Re: faq12.html > On 03/30/16 08:49, Theo Buehler wrote: > >> -The Zaurus has very little current available on its USB port, so many > >> +The Zaurus has very little currently available on its USB port, so many > > electrical current? > both what is there and "electrical current" are/would be precisely > correct, but "power" might be a more understood word. > Nick. I must admit that was a bit of helicopter editing on my part, so it caught me off guard. Changing "little" to "low" would solve any ambiguity. I am embarrassed to say that I studied electrical circuits way back when...
Re: faq12.html
> From: "Theo Buehler"> To: "misc" > Sent: Wednesday, March 30, 2016 8:50:20 AM > Subject: Re: faq12.html > > -The Zaurus has very little current available on its USB port, so many > > +The Zaurus has very little currently available on its USB port, so many > electrical current? > > USB devices will not work if they are directly attached to it. > > You will need to use a powered USB hub to run these devices. Yes, my mistake. Sorry for the noise.
faq12.html
For your consideration. Index: faq12.html === RCS file: /cvs/www/faq/faq12.html,v retrieving revision 1.125 diff -u -p -r1.125 faq12.html --- faq12.html 29 Mar 2016 01:27:39 - 1.125 +++ faq12.html 30 Mar 2016 12:30:48 - @@ -662,7 +662,7 @@ on SIMH page. 12.7.1 - USB devices aren't working properly -The Zaurus has very little current available on its USB port, so many +The Zaurus has very little currently available on its USB port, so many USB devices will not work if they are directly attached to it. You will need to use a powered USB hub to run these devices.
reference ipsec.conf in ipsec.4 under SEE ALSO?
I think it make sense for ipsec.4 to reference it's own configuration file under SEE ALSO. Index: ipsec.4 === RCS file: /cvs/src/share/man/man4/ipsec.4,v retrieving revision 1.83 diff -u -p -r1.83 ipsec.4 --- ipsec.4 16 Feb 2015 16:38:54 - 1.83 +++ ipsec.4 18 Mar 2016 20:51:05 - @@ -378,6 +378,7 @@ allocations). .\".Xr ipcomp 4 , .Xr options 4 , .Xr iked 8 , +.Xr ipsec.conf 5 , .Xr ipsecctl 8 , .Xr isakmpd 8 , .Xr sysctl 8
minor corrections diff for 59.html
Some punctuation, case and grammer corrections along with a few hrefs. For your consideration. Index: 59.html === RCS file: /cvs/www/59.html,v retrieving revision 1.72 diff -u -p -r1.72 59.html --- 59.html 16 Mar 2016 19:10:52 - 1.72 +++ 59.html 18 Mar 2016 19:48:20 - @@ -120,7 +120,7 @@ to 5.9. driver now supports sector mode for eMMC devices, such as those found on some BeagleBone Black boards. The http://www.openbsd.org/cgi-bin/man.cgi?query=cnmac;>cnmac(4) -driver now supports checksum offloading +driver now supports checksum offloading. The http://www.openbsd.org/cgi-bin/man.cgi?query=ipmi;>ipmi(4) driver now supports OpenIPMI compatible character device. ... @@ -171,7 +171,7 @@ to 5.9. Userland programs were audited so that they could be properly annotated with pledge(2). -This resulted in design changes such as +This resulted in design changes such as: addition of @@ -206,17 +206,17 @@ to 5.9. SMP network stack improvements: -The task processing incoming packets can now runs mostly in parallel +The task processing incoming packets can now run mostly in parallel of the rest of the kernel, this include: http://www.openbsd.org/cgi-bin/man.cgi?query=carp;>carp(4), http://www.openbsd.org/cgi-bin/man.cgi?query=trunk;>trunk(4), http://www.openbsd.org/cgi-bin/man.cgi?query=vlan;>vlan(4) and other pseudo-driver with the exception of -http://www.openbsd.org/cgi-bin/man.cgi?query=bridge;>bridge(4) -Ethernet decapsulation, ARP processing and MPLS forwarding path +http://www.openbsd.org/cgi-bin/man.cgi?query=bridge;>bridge(4). +Ethernet decapsulation, ARP processing and MPLS forwarding path. http://www.openbsd.org/cgi-bin/man.cgi?query=bpf;>bpf(4) -filter matching +filter matching. The Rx and Tx rings of the http://www.openbsd.org/cgi-bin/man.cgi?query=ix;>ix(4), @@ -228,10 +228,10 @@ to 5.9. http://www.openbsd.org/cgi-bin/man.cgi?query=gem;>gem(4), http://www.openbsd.org/cgi-bin/man.cgi?query=re;>re(4) and http://www.openbsd.org/cgi-bin/man.cgi?query=cas;>cas(4) -drivers can now be processed in parallel of the rest of the kernel +drivers can now be processed in parallel of the rest of the kernel. The Rx ring of the http://www.openbsd.org/cgi-bin/man.cgi?query=cnmac;>cnmac(4) -driver can now be processed in parallel of the rest of the kernel +driver can now be processed in parallel of the rest of the kernel. @@ -401,13 +401,20 @@ to 5.9. and reduce dynamic linking overhead. Handle intra-thread kills via new http://www.openbsd.org/cgi-bin/man.cgi?query=thrkill;>thrkill(2) -system call to tighten pledge(2) restrictions and improve pthread_kill(3) -and pthread_cancel(3) compliance. +system call to tighten +http://www.openbsd.org/cgi-bin/man.cgi?query=pledge;>pledge(2). +restrictions and improve +http://www.openbsd.org/cgi-bin/man.cgi?query=pthread_kill;>pthread_kill(3) +and +http://www.openbsd.org/cgi-bin/man.cgi?query=pthread_cancel;>pthread_cancel(3) +compliance. Added http://www.openbsd.org/cgi-bin/man.cgi?query=getpwnam_shadow;> getpwnam_shadow(3) and http://www.openbsd.org/cgi-bin/man.cgi?query=getpwuid_shadow;> getpwuid_shadow(3) -to permit tighter pledge(2) restrictions. +to permit tighter +http://www.openbsd.org/cgi-bin/man.cgi?query=pledge;>pledge(2). +restrictions. Added support to http://www.openbsd.org/cgi-bin/man.cgi?query=ktrace;>ktrace(1) the arguments to @@ -525,7 +532,7 @@ to 5.9. based on draft-rsa-dsa-sha2-256-03.txt and draft-ssh-ext-info-04.txt. http://www.openbsd.org/cgi-bin/man.cgi?query=ssh;>ssh(1): -Add an AddKeysToAgent client option which can be set to +add an AddKeysToAgent client option which can be set to yes, no, ask, or confirm, and defaults to no. When enabled, a private key that is used during authentication will be added to @@ -578,7 +585,7 @@ to 5.9. http://www.openbsd.org/cgi-bin/man.cgi?query=sshd;>sshd(8): refine compatibility workarounds for WinSCP. Fix a number of memory faults (double-free, free of uninitialised -memory, etc) in +memory, etc.) in http://www.openbsd.org/cgi-bin/man.cgi?query=ssh;>ssh(1) and http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen;>ssh-keygen(1). @@ -676,7 +683,7 @@ to 5.9. http://www.openbsd.org/cgi-bin/man.cgi?query=sshd;>sshd(8): fix some option parsing memory
Re: reference ipsec.conf in ipsec.4 under SEE ALSO?
> From: "Jason McIntyre" <j...@kerhand.co.uk> > To: "misc" <misc@openbsd.org> > Sent: Friday, March 18, 2016 5:40:07 PM > Subject: Re: reference ipsec.conf in ipsec.4 under SEE ALSO? > On Fri, Mar 18, 2016 at 04:59:29PM -0400, Rob Pierce wrote: >> I think it make sense for ipsec.4 to reference it's own configuration file >> under > > SEE ALSO. > fixed, thanks. but note SEE ALSO is sorted by section first, so it should > be after the options Xr. > jmc I totally missed that, thanks! Rob
Re: httpd syscall 72
>From Stuart in response to a previous inquiry: Rob > >> If you need a working version, the diffs aren't committed yet, so you can > >> rebuild httpd from source and it should work fine. > >> > > Thanks for the info Ted. I'm currently rebuilding the src, following the > > "5 - Building the System from Source" page. I just want to ask another > > question, can I just rebuild only the httpd from source? Thanks again. > > Yes, > > $ cd /usr/src/usr.sbin/httpd > $ cvs up -PdA > $ make obj && make depend && make > $ su root -c 'make install' > Thank you very much Stuart!
Re: iked ikev2 x509 authentication problem - no valid local certificate found
Sorry about the delay in replying. I’ve finally managed to get things to work. The patch, or rather upgrading to the latest iked in head helped. Removing the ‘ServerCertificateIssuerCommonName’ option from the Apple profile was the key bit that was causing problems. According to the official docs [1], adding ServerCertificateIssuerCommonName should cause the VPN client to send a certificate request to the server based on the CA, but was actually stopping the ‘cert’ part of the server side validation from completing. As a side point it seems that IOS 9.0.2 works as expected, but El Capitan 10.11.1 (beta2) has a segmentation fault after connecting that causes the connection, after successful validation, to drop. So, for the record, using certs on IOS 9.0.2 work correctly without having to do any password validation. However, the latest El Capitan 10.11.1 beta fails due to an Apple side issue. Thanks for all of you help. Rob [1] https://developer.apple.com/library/ios/featuredarticles/iPhoneConfigurationProfileRef/Introduction/Introduction.html > On 1 Oct 2015, at 20:37, m...@alumni.chalmers.se wrote: > > http://marc.info/?l=openbsd-tech=144362542514318=2 > <http://marc.info/?l=openbsd-tech=144362542514318=2> > >> On 1 okt. 2015, at 21:25, Rob <lists-openbsd@somerandom.net> wrote: >> >> Hi, >> >> I’m a little stuck getting two different clients connected to my OpenBSD >> 5.7 (i386) VPN ikev2 server. I suspect the clients are at fault as I can >> get past the error when connecting one OpenBSDs iked to another iked. >> >> FWIW the clients are both Apple, one IOS 9.1 device and one OSX 10.11.1 >> laptop, so I’m a little stuck with the VPN client I can use. >> >> I have the following configuration: >> >> ikev2 "road_warrior" passive esp \ >> from 192.168.20.0/24 to 192.168.40.0/24 \ >> local 192.168.20.4 peer any \ >> ikesa enc aes-128 prf hmac-sha2-256 \ >> auth hmac-sha2-256 group modp2048 \ >> childsa enc aes-128 auth hmac-sha2-256 \ >> srcid "local.example.net \ >> dstid "peer.example.net" \ >> config address 192.168.40.10/29 \ >> config netmask 255.255.255.0 \ >> config name-server 192.168.20.53 \ >> config protected-subnet 192.168.40.0/24 >> >> (IPs and names have been changed to protect the innocent) >> >> I have keys installed as follows: >> >> /etc/iked/ca/example.net.crt >> /etc/iked/certs/local.example.net.crt >> /etc/iked/private/local.key >> /etc/iked/pubkeys/fqdn/peer.example.net >> /etc/iked/local.pub >> >> >> I believe the client isn’t sending the certificate request, but I >> could be completely wrong, the error appears to be: >> >> ikev2_sa_negotiate: score 4 >> sa_stateflags: 0x18 -> 0x18 authvalid,sa (required 0x1f > cert,certvalid,auth,authvalid,sa) >> sa_stateok: VALID flags 0x18, require 0x1f cert,certvalid,auth,authvalid,sa >> sa_state: cannot switch: AUTH_SUCCESS -> VALID >> config_free_proposals: free 0x77286c80 >> ca_getreq: no valid local certificate found >> >> The client is sending peer.example.net.crt to the server, which gets >> validated correctly: >> >> ca_validate_cert: /C=UK/L=London/O=Example Net/CN=peer.example.net ok >> ikev2_dispatch_cert: peer certificate is valid >> sa_stateflags: 0x1c -> 0x1e certvalid,auth,authvalid,sa (required 0x1f > cert,certvalid,auth,authvalid,sa) >> >> I’ve been at this for a number of days and am completely stuck, so if >> anyone has any ideas/advice/clue-sticks I’d be very grateful. If you >> need any further log information please let me know. >> >> >> thanks >> >> Rob
Re: OS X 10.11 'El Capitan' IKEv2
Search for a utility on the App Store, by Apple called: Apple Configurator. This lets you generate a profile that allows you to set more of the VPN configuration than is available via the Network preference utility. It says IKEv2 is only for IOS, but it successfully installs on OSX. I’ve been using the profiles on El Capitan 10.11.x and IOS 9.x. Unfortunately, it gets a lot further, but fails to complete due to ’no valid local certificate’ - I’ve not to find the fix for this, despite some links being posted to a patch in this list. FWIW the profiles worked correctly with OpenSWAN on FreeBSD. > On 3 Oct 2015, at 05:40, matthew j weaverwrote: > >> On Aug 17, 2015, at 5:39 AM, Reyk Floeter wrote: >> >> On Sun, Aug 16, 2015 at 11:28:24PM +0300, Or Elimelech wrote: >>> Hello misc, >>> >>> Has anyone connected successfully between the new OS X ikev2 impl. >>> To an OpenBSD box? >>> >> >> No, we don't have the beta. >> >> Reyk > > I’ve put some hours into it. Doesn’t work out of the box (no surprises). > > Right now, as far as I can tell, OS X sends a real dubious proposal. That > results in iked (rightly) not sending an auth response. > > > ikev2_pld_sa: more 0 reserved 0 length 36 proposal #1 protoid ESP spisize 4 > xforms 3 spi 0x00c7832b > ikev2_pld_xform: more 3 reserved 0 length 8 type ENCR id 3DES > ikev2_pld_xform: more 3 reserved 0 length 8 type INTEGR id HMAC_SHA1_96 > ikev2_pld_xform: more 0 reserved 0 length 8 type ESN id NONE > [...] > ikev2_match_proposals: xform 1 <-> 2 (4): INTEGR HMAC_SHA1_96 (keylength 0 > <-> 0) > ikev2_match_proposals: xform 1 <-> 2 (2): ESN NONE (keylength 0 <-> 0) > ikev2_sa_negotiate: score 0 > ikev2_ike_auth_recv: no proposal chosen > ikev2_resp_recv: failed to send auth response > > > I’ve not yet surfaced where the ikev2 proposal/policy configs hide in OS X. > > cheers > weaver
Re: OS X 10.11 'El Capitan' IKEv2
Not unless Apple have release the App Store for OpenBSD ;-). Try the following links: https://wiki.strongswan.org/projects/strongswan/wiki/AppleIKEv2Profile & https://developer.apple.com/library/ios/featuredarticles/iPhoneConfigurationProfileRef/Introduction/Introduction.html. That should be enough to show for you to set up a correct profile. > On 3 Oct 2015, at 11:49, Ted Unangst <t...@tedunangst.com> wrote: > > Rob wrote: >> Search for a utility on the App Store, by Apple called: Apple Configurator. > > does it run on openbsd..?
Re: OpenBSD sendfile
On Fri, 2 Oct 2015 07:38:28 + (UTC) Stuart Hendersonwrote: > On 2015-09-30, Bogdan Andu wrote: > > If one needs this linux-like crap, sendfile,and cannot disable it, > > how is he suppose to handle it? > > Run it on linux? > > I'm surprised Yaws needs it though, from what it says on their website > it looks optional. > Sendfile support IS optional, from the include.mk: ifeq ($(HAVE_SENDFILE),true) ERLC_GENERIC_FLAGS += -DHAVE_SENDFILE endif ifeq ($(HAVE_ERLANG_SENDFILE),true) ERLC_GENERIC_FLAGS += -DHAVE_ERLANG_SENDFILE endif So check what is happening and send a report to YAWS if sendfile seems to be mandatory on OpenBSD, as then there is a bug in the makefile generation.
iked ikev2 x509 authentication problem - no valid local certificate found
Hi, I’m a little stuck getting two different clients connected to my OpenBSD 5.7 (i386) VPN ikev2 server. I suspect the clients are at fault as I can get past the error when connecting one OpenBSDs iked to another iked. FWIW the clients are both Apple, one IOS 9.1 device and one OSX 10.11.1 laptop, so I’m a little stuck with the VPN client I can use. I have the following configuration: ikev2 "road_warrior" passive esp \ from 192.168.20.0/24 to 192.168.40.0/24 \ local 192.168.20.4 peer any \ ikesa enc aes-128 prf hmac-sha2-256 \ auth hmac-sha2-256 group modp2048 \ childsa enc aes-128 auth hmac-sha2-256 \ srcid "local.example.net \ dstid "peer.example.net" \ config address 192.168.40.10/29 \ config netmask 255.255.255.0 \ config name-server 192.168.20.53 \ config protected-subnet 192.168.40.0/24 (IPs and names have been changed to protect the innocent) I have keys installed as follows: /etc/iked/ca/example.net.crt /etc/iked/certs/local.example.net.crt /etc/iked/private/local.key /etc/iked/pubkeys/fqdn/peer.example.net /etc/iked/local.pub I believe the client isn’t sending the certificate request, but I could be completely wrong, the error appears to be: ikev2_sa_negotiate: score 4 sa_stateflags: 0x18 -> 0x18 authvalid,sa (required 0x1f cert,certvalid,auth,authvalid,sa) sa_stateok: VALID flags 0x18, require 0x1f cert,certvalid,auth,authvalid,sa sa_state: cannot switch: AUTH_SUCCESS -> VALID config_free_proposals: free 0x77286c80 ca_getreq: no valid local certificate found The client is sending peer.example.net.crt to the server, which gets validated correctly: ca_validate_cert: /C=UK/L=London/O=Example Net/CN=peer.example.net ok ikev2_dispatch_cert: peer certificate is valid sa_stateflags: 0x1c -> 0x1e certvalid,auth,authvalid,sa (required 0x1f cert,certvalid,auth,authvalid,sa) I’ve been at this for a number of days and am completely stuck, so if anyone has any ideas/advice/clue-sticks I’d be very grateful. If you need any further log information please let me know. thanks Rob
Re: update/upgrade
On Sun, Sep 20, 2015 at 10:36:12PM -0400, Quartz wrote: > >Does your embedded storage run NOR/NAND or something like SDHC Memory > >Cards? > > > >If your systems are running SDHC you can easily create clones with a > >laptop& the DD utility. > > A couple of them do, but it doesn't matter in this case. The main issue with > compiling is that it can effectively knock the system offline for hours > which isn't acceptable. Any process that involves shutting the machine off > or booting into a separate OS image has the same problem. > > It's just a question of minimizing downtime. If availability is critical you might consider redundancy with CARP/pfsync.
Re: anoncvs.html.head
> Thanks Stuart. I am preparing a new diff which I will send shortly. I am holding off on sending the next diff until I figure out how to ensure that my diff does not get mangled by my email client. In particular, a hash (#) in an HTML anchor tag seems to get hosed by my zimbra web client. Playing with fetchmail, sendmail and mutt on my new OpenBSD desktop. Almost there... Rob
anoncvs.html.head
Simplified diff for consideration. I kept the change from "file sets" to "source files" as "file sets" has special meaning in the OpenBSD installation process. Also, only href the first instances of cvs(1). Regards, Index: anoncvs.html.head === RCS file: /cvs/www/build/mirrors/anoncvs.html.head,v retrieving revision 1.42 diff -u -p -r1.42 anoncvs.html.head --- anoncvs.html.head 2 Sep 2015 13:11:30 - 1.42 +++ anoncvs.html.head 14 Sep 2015 01:01:28 - @@ -39,7 +39,7 @@ source repositories: src - Houses all source code for the OpenBSD Operating System. ports - Houses the OpenBSD Ports. - www - Houses all OpenBSD web pages. (Including this one). + www - Houses all OpenBSD web pages (including this one). xenocara - Houses OpenBSD's active X.org v7 source tree. X11 and XF4 - Houses OpenBSD's adaptation of the http://www.XFree86.org/;>XFree86-3 and XFree86-4 @@ -135,17 +135,18 @@ Assuming the downloaded files, src.t -Not all people will wish to unpack all the file sets, but as the system +Not all people will wish to unpack all the source files, but as the system must be kept in sync, you will generally need to set up all trees. -You can also just use cvs(1) to "checkout" the source repository +You can also just use +http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/cvs.1?query=cvs +to "checkout" the source repository for you. This is discussed in the next section. After this, /usr/src will be a nice checkout area where all -http://www.openbsd.org/cgi-bin/man.cgi?query=cvssektion=1format=html;> -cvs(1) commands will work properly. +cvs(1) commands will work properly. Using CVS to Get and Update your Source Tree @@ -166,10 +167,10 @@ CVS server you are going to use. A list Once you have chosen which Anonymous CVS Server you will -use, you can start using cvs. For those of you +use, you can start using cvs(1). For those of you who have CDs you can start with the CVS checkout that is on the CD by using the method above to get the sources onto your system. -If you don't have a CD handy, use the method below to checkout the sources. +If you don't have a CD handy, use the method below to checkout the sources: First, start out by `get'-ing an initial tree: @@ -210,9 +211,11 @@ Confirm this, and the fingerprint will t ... + Note that the above format with SHA256 fingerprints was added after the release of OpenBSD 5.6; older versions only use MD5 fingerprints. + Anytime afterwards, to `update' this tree: (If you are following current): @@ -234,7 +237,7 @@ to merge changes in. NOTE: If you are updating a source tree that you initially fetched from a different server, or from a CD, you must -add the -d [cvsroot] option to cvs. +add the -d [cvsroot] option to cvs: # cd /usr/src # cvs -d anon...@anoncvs.ca.openbsd.org:/cvs -q up -Pd @@ -299,7 +302,7 @@ operation and get thoroughly involved in before getting "commit" access -- as a result of showing useful skills and high quality results they will naturally later be given developer access. -As well, people providing patches can create their "diff"s relative +As well, people providing patches can create their diffs relative to the CVS tree, which will ease integration. Example usages for cvs(1)
Re: Question about quotation rules
Hey Anthony, - Original Message - > From: "Anthony J. Bentley" <anth...@anjbe.name> > To: "Rob Pierce" <r...@2keys.ca> > Cc: "misc" <misc@openbsd.org> > Sent: Saturday, September 12, 2015 12:26:04 AM > Subject: Re: Question about quotation rules > Hi Rob, > > Rob Pierce writes: >> Good evening, >> >> Is there a written/unwritten rule for using quotation marks? Do man pages and >> web pages follow the same rules? >> >> When would I use 'this', "this", `this', ``this'', “this“, etc.? > > Generally: > > In manuals, use .Dq and .Sq for double and single quotes. > > In www, use " and '. > > > There are some other macros in mdoc(7) that generate quote marks (.Qq > and friends), when you specifically need straight quotes (e.g., code > listings) and can't just type " directly (e.g., on a macro line). > > For personal webpages I use UTF-8 quotes (U+2019/A, U+201C/D) directly. > But for pages with many authors, like www.openbsd.org, it's best to go > with what's simple and works: " and '. Keep the burden on authors light. > The text is what's important. > > `` '' is an artifact. The only place they look balanced is on the console > and in troff's PDF output. Everywhere else (such as the xterm and firefox > defaults) has displayed this unbalanced for years. " looks better and is > easier to type. > > -- > Anthony J. Bentley Great - that is the guidance I was looking for. Thanks!
Re: Question about quotation rules
- Original Message - > From: "Random832" <random...@fastmail.com> > To: "misc" <misc@openbsd.org> > Sent: Friday, September 11, 2015 8:09:10 PM > Subject: Re: Question about quotation rules > Rob Pierce <r...@2keys.ca> writes: > >> Good evening, >> >> Is there a written/unwritten rule for using quotation marks? Do man >> pages and web pages follow the same rules? >> >> When would I use 'this', "this", `this', ``this'', “this“, etc.? >> >> I guess this can be both a source problem as well as a display problem. >> >> Any suggestions regarding reasonable expectations for web page/man >> page consistency? > > There are macros for quotes in manpages in mdoc(7). The rendering is > device-dependent - on terminals, it will be unicode quotation marks in > unicode locales, and ``this'' in non-unicode locales. Ok - thanks for your response. I have been looking at mdoc...
security.html
Simplified diff. Full stop and standard unidirectional quotation marks. Rob Index: security.html === RCS file: /cvs/www/security.html,v retrieving revision 1.422 diff -u -p -r1.422 security.html --- security.html 2 Jul 2015 05:49:04 - 1.422 +++ security.html 14 Sep 2015 03:25:38 - @@ -112,7 +112,7 @@ skills. Some members of our security auditing team worked for Secure Networks, the company that made the industry's premier network security scanning software package Ballista (Secure Networks got purchased by Network -Associates, Ballista got renamed to Cybercop Scanner, and well...) +Associates, Ballista got renamed to Cybercop Scanner, and well...). That company did a lot of security research, and thus fit in well with the OpenBSD stance. OpenBSD passed Ballista's tests with flying colours since day 1. @@ -126,8 +126,8 @@ have fixed many simple and obvious carel and only months later discovered that the problems were in fact exploitable. (Or, more likely someone on http://online.securityfocus.com/archive/1;>BUGTRAQ -would report that other operating systems were vulnerable to a `newly -discovered problem', and then it would be discovered that OpenBSD had +would report that other operating systems were vulnerable to a "newly +discovered problem", and then it would be discovered that OpenBSD had been fixed in a previous release). In other cases we have been saved from full exploitability of complex step-by-step attacks because we had fixed one of the intermediate steps. An example of where we @@ -165,7 +165,7 @@ written somewhere, but perhaps not taken The Reward Our proactive auditing process has really paid off. Statements like -``This problem was fixed in OpenBSD about 6 months ago'' have become +"This problem was fixed in OpenBSD about 6 months ago" have become commonplace in security forums like http://online.securityfocus.com/archive/1;>BUGTRAQ.
Re: anoncvs.html.head
- Original Message - > From: "Stuart Henderson" <s...@spacehopper.org> > To: "misc" <misc@openbsd.org> > Sent: Saturday, September 12, 2015 11:58:29 AM > Subject: Re: anoncvs.html.head > On 2015-09-11, Rob Pierce <r...@2keys.ca> wrote: >>src - Houses all source code for the OpenBSD Operating System. >>ports - Houses the OpenBSD >> Ports. >> - www - Houses all OpenBSD web pages. (Including this one). >> + www - Houses all OpenBSD web pages (including this one). > > I like that > >>xenocara - Houses OpenBSD's active X.org v7 source tree. >>X11 and XF4 - Houses OpenBSD's adaptation of the >>http://www.XFree86.org/;>XFree86-3 and XFree86-4 >> @@ -122,7 +122,7 @@ with only one part of the tree. The two >> which contains the files used to create the kernel, and src.tar.gz >> which contains all the other "userland" utilities. >> In general, however, you will usually want both of them installed. >> -Assuming the downloaded files, src.tar.gz, >> +Assuming the downloaded files src.tar.gz, >> sys.tar.gz and xenocara.tar.gz are in /usr: > > I think this was OK as it was > >> >> -Not all people will wish to unpack all the file sets, but as the system >> +Not all people will wish to unpack all the source file, but as the system >> must be kept in sync, you will generally need to set up all trees. > > and this (and the new sentence doesn't quite make sense) > >> >> -You can also just use cvs(1) to "checkout" the source repository >> +You can also just use >> +> href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvssektion=1format=html;>cvs(1) >> +to "checkout" the source repository >> for you. This is discussed in the next section. > > OK I guess, though I don't think we need to hyperlink every instance of > a program name > >> @@ -160,16 +162,12 @@ from the errata> For more information on these "flavors" of OpenBSD, see >> here. >> >> -Once you have decided which tree to follow, you must choose which >> Anonymous >> -CVS server you are going to use. A list of these servers is >> -below. >> - >> >> -Once you have chosen which Anonymous CVS Server you >> will >> -use, you can start using cvs. For those of you >> +Once you have decided which tree to follow, and which > href="#CVSROOT">Anonymous CVS Server you will > > Please try and keep <80 columns in the source file where sensible > >> +use, you can start using > href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvssektion=1format=html;>cvs(1). >> For those of you >> who have CDs you can start with the CVS checkout that is on the CD by using >> the method above to get the sources onto your >> system. >> -If you don't have a CD handy, use the method below to checkout the sources. >> +If you don't have a CD handy, use the method below to checkout the sources: >> >> >> First, start out by `get'-ing an initial tree: >> @@ -210,9 +208,11 @@ Confirm this, and the fingerprint will t >> ... >> >> >> + >> Note that the above format with SHA256 fingerprints was added after the >> release of OpenBSD 5.6; older versions only use MD5 fingerprints. >> >> + >> Anytime afterwards, to `update' this tree: >> (If you are following current): >> >> @@ -234,7 +234,7 @@ to merge changes in. >> NOTE: >> If you are updating a source tree that you initially fetched >> from a different server, or from a CD, you must >> -add the -d [cvsroot] option to cvs. >> +add the -d [cvsroot] option to cvs: >> >> # cd /usr/src >> # cvs -d anon...@anoncvs.ca.openbsd.org:/cvs -q up -Pd >> @@ -295,11 +295,11 @@ directory, and a subsequent update will >> >> >> The anoncvs service gives fledgling developers a chance to learn CVS >> -operation and get thoroughly involved in the development process >> +operations and get thoroughly involved in the development process > > "operation" already seem ok > >> before getting "commit" access -- as a result of showing useful >> skills and high quality results they will naturally later be given >> developer access. >> -As well, people providing patches can create their "diff"s relative >> +As well, people providing patches can create their diffs relative >> to the CVS tree, which will ease integration. >> > > Example usages for cvs(1) Thanks Stuart. I am preparing a new diff which I will send shortly.
Re: anoncvs.html.head
Thanks Benny. I will review again and resubmit. Some responses in-line below. - Original Message - > From: "Benny Lofgren" <bl-li...@lofgren.biz> > To: "misc" <misc@openbsd.org> > Sent: Saturday, September 12, 2015 8:01:58 AM > Subject: Re: anoncvs.html.head > Hi Rob, > > On 2015-09-12 01:15, Rob Pierce wrote: >> This diff is a resend against the correct file: >> - some punctuation, line spacing and minor grammar fixes >> - "file sets" has a special meaning, so don't refer to src.tar.gz, >> xenocara.tar.gc,ports.tar.gz as "file sets" >> - cvs(1) hrefs >> - "diffs" is already used earlier on the page, so don't quote it >> Index: anoncvs.html.head >> === >> RCS file: /cvs/www/build/mirrors/anoncvs.html.head,v >> retrieving revision 1.42 >> diff -u -p -r1.42 anoncvs.html.head >> --- anoncvs.html.head2 Sep 2015 13:11:30 - 1.42 >> +++ anoncvs.html.head11 Sep 2015 22:10:15 - > > Just a few comments inline below. I think you posted this or a similar > diff to tech@ the other day, so maybe this is in the wrong place, but > I'll leave the comment as well in misc@ to avoid confusion. > > > ... >> @@ -135,11 +135,13 @@ Assuming the downloaded files, src.t >> >> >> >> -Not all people will wish to unpack all the file sets, but as the system >> +Not all people will wish to unpack all the source file, but as the system > > I think "source files" (plural), alternatively "all of the source file" > depending on your intention? Yes, I missed that - thanks. > >> must be kept in sync, you will generally need to set up all trees. >> >> >> -You can also just use cvs(1) to "checkout" the source repository >> +You can also just use >> +> href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvssektion=1format=html;>cvs(1) >> +to "checkout" the source repository > > Is that the correct URL? The use of "sektion" (which is a Swedish, > Danish or German spelling :-) ) instead of "sec" caught my eye. > > When I do the same search directly from www.openbsd.org I get this: > > http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/cvs.1?query=cvs=1 > > (I realize that the link you used is the same one already used elsewhere > in this page. But even if I copy and paste that link into my browser, > the web server redirects it to the one I pasted here. Maybe there is > some legacy stuff going on here, perhaps a server side change not yet > reflected in all of the html pages?) I will look into that. I must admit that I tend to grab existing text to complete an href, but in the future I will do the lookup and grab the actual URL. I was wondering were sektion came from! >> for you. This is discussed in the next section. >> >> >> @@ -160,16 +162,12 @@ from the errata> For more information on these "flavors" of OpenBSD, see >> here. >> >> -Once you have decided which tree to follow, you must choose which >> Anonymous >> -CVS server you are going to use. A list of these servers is >> -below. >> - >> >> -Once you have chosen which Anonymous CVS Server you >> will >> -use, you can start using cvs. For those of you >> +Once you have decided which tree to follow, and which > href="#CVSROOT">Anonymous CVS Server you will >> +use, you can start using > href="http://www.openbsd.org/cgi-bin/man.cgi?query=cvssektion=1format=html;>cvs(1). >> For those of you > > I don't know about you or the developers, but personally I kind of > prefer the original wording and paragraph division, except I would > change the second paragraph's repetitious use of "Once you have..." to > something like "When you have..." instead. Ok. I should stay away from "style" changes, and stick to obvious corrections and/or functional text changes. This just seemed a bit awkward to me. > > > And maybe remove the second href to the cvs server list. I don't know > about official policy here, but having several identical links so close > to each other in a text always confuses me and makes me click on all of > them, only to be annoyed I end up in the same place. :-) > > One objection to this would be that people who only read the second > paragraph in this example would miss the link altogether. I would then > contend that if you don't have the habit and patience of reading ALL the > relevant parts of a given piece of documentation
Re: ftp.html
Thanks Stuart - I totally missed that! I will also correct my anoncvs.html diff and resend against the correct file(s). Appreciate the response. How about this? Index: ftp.html.head === RCS file: /cvs/www/build/mirrors/ftp.html.head,v retrieving revision 1.21 diff -u -p -r1.21 ftp.html.head --- ftp.html.head 25 Jul 2015 19:16:47 - 1.21 +++ ftp.html.head 11 Sep 2015 21:09:36 - @@ -61,7 +61,7 @@ upgrade your system very quickly. Download via HTTP/FTP -OpenBSD can be also easily installed via HTTP or FTP. +OpenBSD can also be obtained via HTTP or FTP. Typically you need a single small piece of boot media (e.g., a boot floppy) and then the rest of the files can be installed from a number of locations, including directly off the Internet.
Re: anoncvs.html.head
See attached. - Original Message - From: "Rob Pierce" <r...@2keys.ca> To: "misc" <misc@openbsd.org> Sent: Friday, September 11, 2015 6:30:33 PM Subject: anoncvs.html.head This diff is a resend against the correct file: - some punctuation, line spacing and minor grammar fixes - "file sets" has a special meaning, so don't refer to src.tar.gz, xenocara.tar.gc,ports.tar.gz as "file sets" - cvs(1) hrefs - "diffs" is already used earlier on the page, so don't quote it Rob Index: anoncvs.html.head === RCS file: /cvs/www/build/mirrors/anoncvs.html.head,v retrieving revision 1.42 diff -u -p -r1.42 anoncvs.html.head --- anoncvs.html.head 2 Sep 2015 13:11:30 - 1.42 +++ anoncvs.html.head 11 Sep 2015 22:10:15 - @@ -39,7 +39,7 @@ source repositories: src - Houses all source code for the OpenBSD Operating System. ports - Houses the OpenBSD Ports. - www - Houses all OpenBSD web pages. (Including this one). + www - Houses all OpenBSD web pages (including this one). xenocara - Houses OpenBSD's active X.org v7 source tree. X11 and XF4 - Houses OpenBSD's adaptation of the http://www.XFree86.org/;>XFree86-3 and XFree86-4 @@ -122,7 +122,7 @@ with only one part of the tree. The two which contains the files used to create the kernel, and src.tar.gz which contains all the other "userland" utilities. In general, however, you will usually want both of them installed. -Assuming the downloaded files, src.tar.gz, +Assuming the downloaded files src.tar.gz, sys.tar.gz and xenocara.tar.gz are in /usr: @@ -135,11 +135,13 @@ Assuming the downloaded files, src.t -Not all people will wish to unpack all the file sets, but as the system +Not all people will wish to unpack all the source file, but as the system must be kept in sync, you will generally need to set up all trees. -You can also just use cvs(1) to "checkout" the source repository +You can also just use +http://www.openbsd.org/cgi-bin/man.cgi?query=cvssektion=1format=html;>cvs(1) +to "checkout" the source repository for you. This is discussed in the next section. @@ -160,16 +162,12 @@ from the erratahere. -Once you have decided which tree to follow, you must choose which Anonymous -CVS server you are going to use. A list of these servers is -below. - -Once you have chosen which Anonymous CVS Server you will -use, you can start using cvs. For those of you +Once you have decided which tree to follow, and which Anonymous CVS Server you will +use, you can start using http://www.openbsd.org/cgi-bin/man.cgi?query=cvssektion=1format=html;>cvs(1). For those of you who have CDs you can start with the CVS checkout that is on the CD by using the method above to get the sources onto your system. -If you don't have a CD handy, use the method below to checkout the sources. +If you don't have a CD handy, use the method below to checkout the sources: First, start out by `get'-ing an initial tree: @@ -210,9 +208,11 @@ Confirm this, and the fingerprint will t ... + Note that the above format with SHA256 fingerprints was added after the release of OpenBSD 5.6; older versions only use MD5 fingerprints. + Anytime afterwards, to `update' this tree: (If you are following current): @@ -234,7 +234,7 @@ to merge changes in. NOTE: If you are updating a source tree that you initially fetched from a different server, or from a CD, you must -add the -d [cvsroot] option to cvs. +add the -d [cvsroot] option to cvs: # cd /usr/src # cvs -d anon...@anoncvs.ca.openbsd.org:/cvs -q up -Pd @@ -295,11 +295,11 @@ directory, and a subsequent update will The anoncvs service gives fledgling developers a chance to learn CVS -operation and get thoroughly involved in the development process +operations and get thoroughly involved in the development process before getting "commit" access -- as a result of showing useful skills and high quality results they will naturally later be given developer access. -As well, people providing patches can create their "diff"s relative +As well, people providing patches can create their diffs relative to the CVS tree, which will ease integration. Example usages for cvs(1)
anoncvs.html.head
This diff is a resend against the correct file: - some punctuation, line spacing and minor grammar fixes - "file sets" has a special meaning, so don't refer to src.tar.gz, xenocara.tar.gc,ports.tar.gz as "file sets" - cvs(1) hrefs - "diffs" is already used earlier on the page, so don't quote it Rob Index: anoncvs.html.head === RCS file: /cvs/www/build/mirrors/anoncvs.html.head,v retrieving revision 1.42 diff -u -p -r1.42 anoncvs.html.head --- anoncvs.html.head 2 Sep 2015 13:11:30 - 1.42 +++ anoncvs.html.head 11 Sep 2015 22:10:15 - @@ -39,7 +39,7 @@ source repositories: src - Houses all source code for the OpenBSD Operating System. ports - Houses the OpenBSD Ports. - www - Houses all OpenBSD web pages. (Including this one). + www - Houses all OpenBSD web pages (including this one). xenocara - Houses OpenBSD's active X.org v7 source tree. X11 and XF4 - Houses OpenBSD's adaptation of the http://www.XFree86.org/;>XFree86-3 and XFree86-4 @@ -122,7 +122,7 @@ with only one part of the tree. The two which contains the files used to create the kernel, and src.tar.gz which contains all the other "userland" utilities. In general, however, you will usually want both of them installed. -Assuming the downloaded files, src.tar.gz, +Assuming the downloaded files src.tar.gz, sys.tar.gz and xenocara.tar.gz are in /usr: @@ -135,11 +135,13 @@ Assuming the downloaded files, src.t -Not all people will wish to unpack all the file sets, but as the system +Not all people will wish to unpack all the source file, but as the system must be kept in sync, you will generally need to set up all trees. -You can also just use cvs(1) to "checkout" the source repository +You can also just use +http://www.openbsd.org/cgi-bin/man.cgi?query=cvssektion=1format=html;>cvs(1) +to "checkout" the source repository for you. This is discussed in the next section. @@ -160,16 +162,12 @@ from the erratahere. -Once you have decided which tree to follow, you must choose which Anonymous -CVS server you are going to use. A list of these servers is -below. - -Once you have chosen which Anonymous CVS Server you will -use, you can start using cvs. For those of you +Once you have decided which tree to follow, and which Anonymous CVS Server you will +use, you can start using http://www.openbsd.org/cgi-bin/man.cgi?query=cvssektion=1format=html;>cvs(1). For those of you who have CDs you can start with the CVS checkout that is on the CD by using the method above to get the sources onto your system. -If you don't have a CD handy, use the method below to checkout the sources. +If you don't have a CD handy, use the method below to checkout the sources: First, start out by `get'-ing an initial tree: @@ -210,9 +208,11 @@ Confirm this, and the fingerprint will t ... + Note that the above format with SHA256 fingerprints was added after the release of OpenBSD 5.6; older versions only use MD5 fingerprints. + Anytime afterwards, to `update' this tree: (If you are following current): @@ -234,7 +234,7 @@ to merge changes in. NOTE: If you are updating a source tree that you initially fetched from a different server, or from a CD, you must -add the -d [cvsroot] option to cvs. +add the -d [cvsroot] option to cvs: # cd /usr/src # cvs -d anon...@anoncvs.ca.openbsd.org:/cvs -q up -Pd @@ -295,11 +295,11 @@ directory, and a subsequent update will The anoncvs service gives fledgling developers a chance to learn CVS -operation and get thoroughly involved in the development process +operations and get thoroughly involved in the development process before getting "commit" access -- as a result of showing useful skills and high quality results they will naturally later be given developer access. -As well, people providing patches can create their "diff"s relative +As well, people providing patches can create their diffs relative to the CVS tree, which will ease integration. Example usages for cvs(1) [demime 1.01d removed an attachment of type text/x-patch which had a name of cvs.diff.anoncvs.html.head]
Question about quotation rules
Good evening, Is there a written/unwritten rule for using quotation marks? Do man pages and web pages follow the same rules? When would I use 'this', "this", `this', ``this'', “this“, etc.? I guess this can be both a source problem as well as a display problem. Any suggestions regarding reasonable expectations for web page/man page consistency? U+0022 QUOTATION MARK " U+0027 APOSTROPHE ' U+0060 GRAVE ACCENT` U+00B4 ACUTE ACCENT´ U+2018 LEFT SINGLE QUOTATION MARK ‘ U+2019 RIGHT SINGLE QUOTATION MARK ’ U+201C LEFT DOUBLE QUOTATION MARK “ U+201D RIGHT DOUBLE QUOTATION MARK ” Many thanks. Rob
Re: ftp.html
Agreed about the word order. How about this? Index: ftp.html === RCS file: /cvs/www/ftp.html,v retrieving revision 1.673 diff -u -p -r1.673 ftp.html --- ftp.html25 Jul 2015 19:24:18 - 1.673 +++ ftp.html11 Sep 2015 12:30:18 - @@ -61,7 +61,7 @@ upgrade your system very quickly. Download via HTTP/FTP -OpenBSD can be also easily installed via HTTP or FTP. +OpenBSD can also be easily obtained via HTTP or FTP. Typically you need a single small piece of boot media (e.g., a boot floppy) and then the rest of the files can be installed from a number of locations, including directly off the Internet.
ftp.html
Reword since FTP is no longer used for installation (although the files can still be obtained via FTP). Index: ftp.html === RCS file: /cvs/www/ftp.html,v retrieving revision 1.673 diff -u -p -r1.673 ftp.html --- ftp.html25 Jul 2015 19:24:18 - 1.673 +++ ftp.html11 Sep 2015 12:30:18 - @@ -61,7 +61,7 @@ upgrade your system very quickly. Download via HTTP/FTP -OpenBSD can be also easily installed via HTTP or FTP. +OpenBSD can be also easily obtained via HTTP or FTP. Typically you need a single small piece of boot media (e.g., a boot floppy) and then the rest of the files can be installed from a number of locations, including directly off the Internet.
faq2.html
A few full stops and some line spacing. Rob Index: faq2.html === RCS file: /cvs/www/faq/faq2.html,v retrieving revision 1.127 diff -u -p -r1.127 faq2.html --- faq2.html 2 Jul 2015 05:49:04 - 1.127 +++ faq2.html 10 Sep 2015 14:47:30 - @@ -117,7 +117,7 @@ a message body of "help". Your subscription to the OpenBSD mail lists can also be maintained through the web interface at -http://lists.openbsd.org;>http://lists.openbsd.org +http://lists.openbsd.org;>http://lists.openbsd.org. Some of the more popular OpenBSD mailing lists @@ -345,7 +345,7 @@ characters? This is helpful to get the man page straight, with no non-printable -characters. +characters. Example: @@ -641,7 +641,7 @@ ddb> show panic ddb> -In this case, the panic string was "Kernel: page fault trap, code=0" +In this case, the panic string was "Kernel: page fault trap, code=0". Special note for SMP systems: @@ -709,7 +709,7 @@ ddb This tells us what function calls lead to the crash. -To find out the particular line of C code that caused the crash, you can do the following: +To find out the particular line of C code that caused the crash, you can do the following: Find the source file where the crashing function is defined in. In this example, that would be pf_route() in sys/net/pf.c. Recompile that source file with debug information: @@ -732,7 +732,7 @@ In the output, grep for the function nam Take this first hex number and add the offset from the 'Stopped at' line: -0x7d88 + 0x263 == 0x7feb. +0x7d88 + 0x263 == 0x7feb. Scroll down to that line (the assembler instruction should match the one quoted in the 'Stopped at' line), then up to the nearest C line number:
href in faq3.html
Regards, Index: faq3.html === RCS file: /cvs/www/faq/faq3.html,v retrieving revision 1.93 diff -u -p -r1.93 faq3.html --- faq3.html 2 Jul 2015 05:49:04 - 1.93 +++ faq3.html 11 Sep 2015 01:15:20 - @@ -139,7 +139,7 @@ CD is always closer than any mirror. Acc In the same directory as the installation sets, each mirror includes a file named SHA256 which contains checksums of the various installation files. You can confirm that none of the downloaded files were mangled in transit using -the sha256(1) command: +the http://www.openbsd.org/cgi-bin/man.cgi?query=sha256sektion=1;>sha256(1) command: $ sha256 -c SHA256
PkgCheck.pm can't locate new
I'm trying to install OpenBSD on a new machine so I can learn how to setup a router, but running into a strange problem. A Supermicro 5015A-H with Intel Atom 330 at 1.6 GHz When I tried to install the unbound package, it can't find it (even though it's in the directory, and the shell autocompletes the name) # pkg_add unbound_1.4.20.tgz Can't find package unbound_1.4.20.tgz (adding multiple -v doesn't elaborate on the problem) since the pkg_add didn't work, I thought I'd try some other pkg commands # pkg_info unbound_1.4.20.tgz (works fine) # pkg_check Packing-list sanity: ok Direct dependencies: ok Reverse dependencies: ok Files from packages: ok Can't locate object method new via package OpenBSD::PkgSpec at /usr/libdata/perl5/OpenBSD/PkgCheck.pm line 713 I get the same error when I try: A. OpenBSD 5.4 amd64 install54.iso B. OpenBSD 5.4 amd64 separate sets54.tgz C. OpenBSD 5.3 amd64 install54.iso D. OpenBSD 5.4 i386 install54.iso Any thoughts on what is this problem with finding method new ?
Re: A tricky pf + ecmp routing + squid question [Disregard - SOLVED]
On 2013-06-03 4:07, Stuart Henderson wrote: I've updated the README. In future please could you make sure that any suggestions relating to ports are sent (or at least CC'd) to the MAINTAINER? It's easy to miss things in the mailing lists (and a lot of developers don't read misc regularly). Thanks. Sure thing! Thanks for taking care of that. - R. -- [__ Robert Sheldon [__ No Problem [__ Information technology support and services [__ (530) 575-0278
A tricky pf + ecmp routing + squid question
I don't seem to be smart enough to figure this one out. I have a firewall with six physical interfaces: three local network (wifi, lan, and dmz), and three external interfaces that have been set up with multipath routing and nat and all that good stuff. I've been trying to get Squid up and running on this thing as a transparent www proxy, to no avail so far. After working with Amos Jeffries a bit, I found that Squid does a security check that compares the IP destination of the request to the hostname in the http request when in interception mode; since rdr-to rewrites a packet's destination address, Squid ends up trying to connect to itself and gives up with a forwarding loop error. (This is contrary to every single piece of documentation I've found so far on setting up Squid on OpenBSD ...) The solution seems to be to use divert-to. But, I can't divert-to on outbound traffic on the external interfaces, I can't trap inbound traffic on the external interfaces coming from the internal network without breaking ecmp (I think?), and none of the internal interfaces wants to accept traffic with a destination IP outside their subnet, naturally. So ... what do I do? Is there a way to set up a virtual interface and do something tricky and cool that won't make a mess of nat or outbound ecmp? Do I have to give up and put Squid on its own machine in the DMZ? (I'd rather not, that seems lame.) Is there something more straightforward that I'm missing? I'd really appreciate any help. I've been working on this for several solid days now. Thanks, - R. -- [__ Robert Sheldon [__ No Problem [__ Information technology support and services [__ (530) 575-0278
Re: A tricky pf + ecmp routing + squid question [Disregard - SOLVED]
Sorry for the noise. OpenBSD 5.3 introduced Squid 3.2, which now checks the destination IP of inbound packets against the Host: header in interception mode. This breaks rdr-to, which makes nearly every howto online incorrect (joy). There was a minor error in the Squid docs which confused me (http_port must have IP-of-interface-to-listen on:port, e.g., http_port 127.0.0.1:3129 intercept, instead of just http_port 3129 intercept as in the current docs), which caused the connection refused errors, which I stupidly misinterpreted. FWIW, the Squid docs link to http://www.openbsd.org/cgi-bin/cvsweb/ports/www/squid/pkg/README-main?rev=1.1;content-type=text%2Fplain, which have http_port 127.0.0.1:3129 transparent as the example, but as of Squid 3.1, transparent was deprecated in favor of intercept: http://www.squid-cache.org/Doc/config/http_port/ - R. -- [__ Robert Sheldon [__ No Problem [__ Information technology support and services [__ (530) 575-0278
Re: A tricky pf + ecmp routing + squid question [Disregard - SOLVED]
On 2013-06-02 2:35, Loïc BLOT wrote: Hello rob, i'm using squid since 3.1 on OpenBSD 5.2 with compiled sources (squid 3.2.5-9 and 3.3.4 at this time). I don't use an IP but the http_port 3129 as my configuration suggests: http_port 3128 http_port 3129 intercept And i have those rule in my PF pass in quick proto tcp to { 10.X.1.1 10.X.1.2, 10.X.1.3 } port { $squid_port $squid_intercept_port http } pass in quick inet proto tcp from { personnel captiveportal_auth } to any port { 80 8080 } rdr-to 10.X.1.1 port $squid_intercept_port And all works perfect :). I haven't tested on 5.3 because the BCM5720 which are disabled on 5.2 are enabled and cause problem on my second squid server... but i don't think this cause a problem. As a forward proxy or a reverse proxy? There's no way a Squid 3.2+ installation should work with rdr-to, unless: - the sources were modified to disable the security check described by Amos in http://www.squid-cache.org/mail-archive/squid-users/201208/0374.html; - or the destination IP of the requests matches the IP of the requested web server (reverse proxy, internal web server, or something). Amos spelled out the code change in 3.2+ in the mail post above. rdr-to rewrites the destination IP in the request. If Squid receives a request for a host (e.g. a get request for / on www.google.com), and the DNS lookup for the requested host does not match the destination IP of the request (e.g. the request was rdr-to'd 10.5.1.1), then Squid will refuse to forward the request to www.google.com. I can accept that maybe there's something going on that I still don't understand that's causing my particular configuration to require the listening IP in the http_port setting -- although I doubt it, I'm very very close to the configuration in the official Squid documentation at this point -- but I understand the rdr-to problem well enough now to assert that it won't work as intended except in a few specific cases. - R. -- [__ Robert Sheldon [__ No Problem [__ Information technology support and services [__ (530) 575-0278
pf.conf: sticky-address causes page fault in this config
I sent this in via sendbug() but am also posting it here in case I'm doing something obviously wrong. I've got a fresh from-scratch plain-vanilla 5.2-generic i386 install with a mildly complex pf.conf file. Adding sticky-address to a single rule reliably causes a page fault whenever the file is loaded (either via pfctl or system boot). There's nothing else too wonky on this system (I haven't had time to mess it up yet). The output from the page fault is: uvm_fault(0xd0a11920, 0xd6c7b000, 0, 1) - e kernel: page fault trap, code=0 Stopped at pf_test_rule+0xdbc: mov1 0xff70(%ebp),%eax ddb ...I couldn't run trace because it hard-locked at that point. I just found the instructions for setting ddb.console, so if someone needs the trace output I can trigger it again, but I'd like to avoid it if reasonable. I've appended the pf.conf file, with only minor changes to the external IP addresses (NNN.NNN.NNN.NNN), warts and all. A quick search of the openbsd-misc archives didn't turn anything up either. Is this a known thing, maybe fixed in 5.3 or elsewhere, ...? Thanks. - R. -- # $OpenBSD: pf.conf,v 1.37 2008/05/09 06:04:08 reyk Exp $ # # See pf.conf(5) for syntax and examples. # Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1 # in /etc/sysctl.conf if packets are to be forwarded between interfaces. # Useful macros for this network if_srv= rl0 if_dsl= rl1 if_sbb= re0 if_lan= fxp0 if_wifi = dc0 if_ext= { $if_dsl $if_sbb } if_int= { $if_lan $if_srv $if_wifi } ip_dsl= NNN.NNN.NNN.NNN ip_sbb= NNN.NNN.NNN.NNN ip_ext= { $ip_dsl $ip_sbb } gw_dsl= NNN.NNN.NNN.NNN gw_sbb= NNN.NNN.NNN.NNN net_lan = 192.168.0.0/24 net_wifi = 192.168.1.0/24 net_srv = 192.168.10.0/24 net_int = { 192.168.0.0/24 192.168.1.0/24 192.168.10.0/24 } ip_mail = 192.168.10.164 ip_lan= 192.168.0.1 # Default runtime options set block-policy drop # Block everything by default block # Redirect mail and webmail connections from external interfaces to the mail server. # Connections from the internal network need to bypass the rest of the rules in this #file to avoid getting mangled by routing later on. pass in on $if_ext proto tcp from any to $ip_ext port { 25 80 110 143 220 587 993 } rdr-to $ip_mail pass in quick on { $if_lan $if_wifi } proto tcp from { $net_lan $net_wifi } to $ip_ext port { 25 80 110 143 220 587 993 } rdr-to $ip_mail # Allow ssh connections to the firewall from the lan only. pass in on $if_lan proto tcp from $net_lan to $if_lan port ssh # Allow ssh connections to the srv interface from the firewall and local networks. pass on $if_srv proto tcp from $net_lan to $net_srv port ssh # Allow web connections to the srv interface from local and wifi networks. pass on $if_srv proto tcp from $net_int to $net_srv port 80 # Allow traffic to go out over the external interface. pass out on $if_ext # Allow traffic in from the LAN to anything else. pass in on $if_lan from $net_lan to ! $net_lan # Allow traffic in from wifi to anything not on the local network. pass in on $if_wifi from $net_wifi to ! 192.168.0.0/16 # Allow traffic from anywhere to the mail server on specific ports. pass on $if_srv proto tcp from any to any port { 25 80 110 143 220 587 993 } # Load balancing. pass in on $if_int from $net_int to { ! 192.168.0.0/16 } route-to { ($if_sbb $gw_sbb), ($if_dsl $gw_dsl) } round-robin #pass in on $if_int from $net_int to { ! 192.168.0.0/16 } route-to { $if_sbb $if_dsl } round-robin # To cause pf_test_rule to crash, comment the above round-robin rule and uncomment the following: #pass in on $if_int from $net_int to { ! 192.168.0.0/16 } route-to { ($if_sbb $gw_sbb), ($if_dsl $gw_dsl) } round-robin sticky-address # Send FTP and https connections out over only one of the interfaces; otherwise they may have trouble. pass in on $if_int proto tcp from $net_int to { ! 192.168.0.0/16 } port { ftp ftp-data https } route-to ($if_sbb $gw_sbb) # Re-route load-balanced packets to their correct external interfaces. pass out on $if_sbb from $if_dsl route-to ($if_dsl $gw_dsl) pass out on $if_dsl from $if_sbb route-to ($if_sbb $gw_sbb) # Block BitTorrent traffic. Sorry guys. :-/ (Do it from home.) block proto { tcp udp } from any to any port {6881:6999, 6969} # Exception for __. pass proto { tcp udp } from any to ! 192.168.0.0/16 port 6996 # Dropbox block to { 208.43.202.0/24, 199.47.216.0/22 } # Facebook. Added 10-25-2012. Sorry guys. block to { 31.13.64.0/18, 69.171.224.0/19, 66.220.144.0/20, 69.63.176.0/20, 204.15.20.0/22, 65.201.208.24/29, 65.204.104.128/28, 66.92.180.48/28, 66.93.78.176/29, 66.199.37.136/29 } block to { 67.200.105.48/30, 74.119.76.0/22, 173.252.64.0/18, 69.171.224.53, 69.171.228.74, 69.171.224.37, 69.171.237.32, 66.220.149.88, 69.171.237.16, 69.171.234.37, 69.171.229.11 } block to { 69.171.242.11, 66.220.149.11,
faq6.html correction
For your consideration. Rob Index: faq6.html === RCS file: /cvs/www/faq/faq6.html,v retrieving revision 1.300 diff -u -p -r1.300 faq6.html --- faq6.html 16 Aug 2012 02:40:18 - 1.300 +++ faq6.html 1 Sep 2012 15:06:57 - @@ -1882,7 +1882,7 @@ itself synchronized to, the a collection of publicly available time servers. Once your clock is accurately set, ntpd will hold it at a high degree of accuracy, however, if your clock is more than a few minutes -off, it is ihighly/i recommended that you bring it to close to +off, it is ihighly/i recommended that you bring it close to accurate initially, as it may take days or weeks to bring a very-off clock to sync. You can do this using the tt-s/tt option of ntpd(8) or any other
/etc/changelist update to comments
For your consideration. Rob Index: changelist === RCS file: /cvs/src/etc/changelist,v retrieving revision 1.76 diff -u -p -r1.76 changelist --- changelist 20 Sep 2012 12:51:43 - 1.76 +++ changelist 13 Oct 2012 23:32:41 - @@ -3,7 +3,7 @@ # List of files which the security script backs up and checks # for modifications. # -# Files prefixed with a '+' will have their md5 checksums stored, +# Files prefixed with a '+' will have their checksums stored, # not the actual files. #
Re: ss20's wanted for ports builds
On 7/19/12 11:15 AM, Theo de Raadt wrote: On Mon, Jul 16, 2012 at 08:45:30PM +0200, [BG-Consulting] Elmar Bschorer wrote: What do you mean with ss20? Actually a good question. At least for those old enough to remember the Soviet era SS-20 intermediate-range ballistic nucelar missiles. I'd like one of those too. OK, admission of nerdiness: All SS-20's were eliminated under the Intermediate and Shorter-range Nuclear Forces Treaty (INF), beginning in the late 80's and winding up during the early 90's, with final close-out inspections of all inspectable sites during the mid 90's, approximately at the same time as the START I Treaty kicked off. I have a decorative serving tray made from the metal of an eliminated ss-20. Off...topic? -Rob Payne
Re: OpenBSD forked
11 1010101 - Original Message - From: Peter J. Philipp p...@centroid.eu To: Theo de Raadt dera...@cvs.openbsd.org Cc: open...@laufenberg.ch, t...@tedunangst.com, misc@openbsd.org Sent: Sunday, June 17, 2012 3:31:36 PM Subject: Re: OpenBSD forked
Repost: Failed HP 360 Install from USB attached CD
Good afternoon, My apologies - the previous post was a little mangled. I have just attempted an install of the latest snapshot cd51.iso - dated 07/04/2012 5:55:00 PM on some new HP 360 servers. I am able to boot of the CD, but the boot hangs immediately after the following line is displayed: brgphy3 at bnx3 phy1: BCM5709 10/100/100baseT PHY, rev. 8 (see full dmesg below) This is also the case when trying to install by booting off the OpenBSD 5.0 CD disk 1 (and cd50.iso). I was able to install on the HP 360 servers by moving drives over from an HP 120 (which didn't have the same problem) with BSD already installed, booting off bsd.rd from disk, and reinstalling over the network, and subsequent installations booting to bsd.rd on disk to sd1 and swapping drives, etc. As such, I have OpenBSD 5.0 running on our HP 360 servers, but have never been able to boot and install from a USB attached CD (or USB memory stick). I should mention that when installing I also have a USB attached key board in addition to the USB attached CD Drive (see dmesg output below). This is an inconvenience more than anything, but it might point to some underlying issues? Has anyone seen similar problems? Many thanks. Rob = = = = = USB Keyboard attach, detach, and reattach = = = = = uhidev2 at uhub4 port 1 configuration 1 interface 0 GASIA GASIA USB KB Pro rev 1.10/2.10 addr 2 uhidev2: iclass 3/1 ukbd1 at uhidev2: 8 modifier keys, 6 key codes wskbd2 at ukbd1 mux 1 wskbd2: connecting to wsdisplay0 uhidev3 at uhub4 port 1 configuration 1 interface 1 GASIA GASIA USB KB Pro rev 1.10/2.10 addr 2 uhidev3: iclass 3/0, 2 report ids uhid0 at uhidev3 reportid 1: input=2, output=0, feature=0 uhid1 at uhidev3 reportid 2: input=1, output=0, feature=0 wskbd2: disconnecting from wsdisplay0 wskbd2 detached ukbd1 detached uhidev2 detached uhid0 detached uhid1 detached uhidev3 detached uhidev2 at uhub4 port 1 configuration 1 interface 0 GASIA GASIA USB KB Pro rev 1.10/2.10 addr 2 uhidev2: iclass 3/1 ukbd1 at uhidev2: 8 modifier keys, 6 key codes wskbd2 at ukbd1 mux 1 wskbd2: connecting to wsdisplay0 uhidev3 at uhub4 port 1 configuration 1 interface 1 GASIA GASIA USB KB Pro rev 1.10/2.10 addr 2 uhidev3: iclass 3/0, 2 report ids uhid0 at uhidev3 reportid 1: input=2, output=0, feature=0 uhid1 at uhidev3 reportid 2: input=1, output=0, feature=0 = = = = = USB attached CD Drive = = = = = wskbd2: disconnecting from wsdisplay0 wskbd2 detached ukbd1 detached uhidev2 detached uhid0 detached uhid1 detached uhidev3 detached uhidev2 at uhub4 port 1 configuration 1 interface 0 GASIA GASIA USB KB Pro rev 1.10/2.10 addr 2 uhidev2: iclass 3/1 ukbd1 at uhidev2: 8 modifier keys, 6 key codes wskbd2 at ukbd1 mux 1 wskbd2: connecting to wsdisplay0 uhidev3 at uhub4 port 1 configuration 1 interface 1 GASIA GASIA USB KB Pro rev 1.10/2.10 addr 2 uhidev3: iclass 3/0, 2 report ids uhid0 at uhidev3 reportid 1: input=2, output=0, feature=0 uhid1 at uhidev3 reportid 2: input=1, output=0, feature=0 umass0 at uhub1 port 7 configuration 1 interface 0 MediaTek Inc MT1836 rev 2.00/0.00 addr 2 umass0: using SCSI over Bulk-Only scsibus3 at umass0: 2 targets, initiator 0 cd0 at scsibus3 targ 1 lun 0: HL-DT-ST, DVDRAM GP10NW20, 1.03 SCSI0 5/cdrom removable serial.0e8d1836B3H5824_ cd0 detached scsibus3 detached umass0 detached = = = = = dmesg (USB devices were not present at reboot) = = = = = OpenBSD 5.0 (GENERIC.MP) #59: Wed Aug 17 10:19:44 MDT 2011 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz (GenuineIntel 686-class) 2.41 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACP I,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR, PDCM,DCA,SSE4.1,SSE4.2,POPCNT,AES real mem = 3747340288 (3573MB) avail mem = 3675979776 (3505MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf, SMBIOS rev. 2.7 @ 0xdf7fe000 (127 entries) bios0: vendor HP version P68 date 05/05/2011 bios0: HP ProLiant DL360 G7 acpi0 at bios0: rev 2 acpi0: sleep states S0 S4 S5 acpi0: tables DSDT FACP SPCR MCFG HPET SPMI ERST APIC SRAT BERT HEST DMAR SSDT SS DT SSDT SSDT SSDT acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimcfg0 at acpi0 addr 0xe000, bus 0-63 acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 133MHz cpu1 at mainbus0: apid 20 (application processor) cpu1: Intel(R) Xeon
Re: Where to buy Lemote FuLoong MIPS boxes?
On 12/17/2011 05:14 AM, Miod Vallat wrote: Lemoteo manufacturer of FuLoong and Yeloong, does have an store on www.taobao.com (http://loogson.taobao.com/), it's the official place to buy FuLoong/YeeLoong here in China. And they seem to sell Loongson 3A-based systems, unlike the dutch reseller. But my nonexistent knowledge of the chinese language does not help. I would like to get a 3A-based system in order to extend the OpenBSD/loongson port to these systems. (I also would like to get a 2G system, but I am quite confident the existing codebase will run unmodified on a 2G system, so that's not a priority). If anyone, fluent in chinese, could tell me if I can indeed order a 3A system from this site and have it shipped to western Europe, and wouldn't mind assisting me to place an order, this would be greatly appreciated. TIA, Miod (OpenBSD/loongson portmaster, in case you didn't notice) They indicate that there are systems available, but you never know until you really try :). Anyway you can not get it shipped to Western Europe via the shop, they only allow China internal shipping. There are however some services available on separate sites that allow you to order in China and get it shipped anywhere in the world. A quick search will get you some links (typical: you read about it, but since you don't need it you do not bookmark it). I would offer to be a courier as I'm flying home for Xmas, but I'm flying tomorrow morning and it is unfortunately to short to order and still get it here on time. Regards /Rob
Re: Where to buy Lemote FuLoong MIPS boxes?
On 12/14/2011 03:44 AM, Nomen Nescio wrote: The prices at the official European shop in the Netherlands are sky high. I thought this was supposed to be a 150 dollar PC. Does anybody have a good cheap source for these or other MIPS boxes? Thanks. Even here in China it is difficult to find. Just did a search on www.taobao.com (chinese eBay) and only 2 vendors showed up: http://s.taobao.com/search?q=2f6004rt=1323835584378 The fulong is selling for 1800 RMB, which is the same price as tekmote.nl is charging. /Rob
Re: CDDL vs GPL and maybe some implications for BSD?
Chris, feel free to get out of the US. We do not need any apologists here. The free world would not be so without us. Theo can adopt any policy he wishes in his British Commonwealth. No one gives a rat's ass. If his product is useful, I'll buy it. OpenBSD continues in spite of Theo's 'leadership.' Rob Payne On 8/26/11 9:01 AM, Chris Bennett wrote: I have to support Theo on this. I am also an American. Have you noticed OpenBSD's policy on crypto work? No Americans due to fucked up US laws, not even if they live outside of US. Have you noticed a while back that Theo was looking for Hackathon sites and said no US sites? Have you noticed world wide rioting and overthrowning of evil governments? Americans have become sheep, willing to put up with no jobs and no job making policies. My family already has an apartment in Guatemala. We are leaving as soon I recover from my shoulder surgery and my Dad gets his pensioner visa. I do not care to be stripped searched by flying in the US. We only travel by bus and train. Things are seriously screwed up here! Chris Bennett
nat-to and route-to specified in a single rule
Hello, In a multi-homed setup I am trying to route out packets over the secondary interface on which also NAT is done. The environment consists of a OpenBSD 4.9 Firewall with 3 em interfaces, connected to 2 DSL providers em0: internal interface em1: first DSL em2: second DSL I did dome testing with the understanding ruleset, where I have specified a nat-to and route-to statement in a single rule ### rules ### pass in log on em0 from 192.168.1.118 nat-to (e2gress:0) route-to (em2 80.100.x.x) pass out log on em2 ### states ### all icmp 74.125.77.104:8 - 80.100.x.x:54000 (192.168.1.118:9035) 0:0 all icmp 80.100.x.x:54000 - 74.125.77.104:8 0:0 This setup somewhat works. When pinging an upstream host, the packets get send out over the secondary interface, but the first packet is always dropped! According to the pf.conf man page this rule specification is possible. My question is this kind of rule specification allowed and intended to be working in PF? When splitting the nat-to / route-to statement in the ruleset everything works fine. ### rules ### pass in log on em0 from 192.168.1.118 route-to (em2 80.100.x.x) pass out log on em2 from 192.168.1.118 nat-to (em2:0) ### states ### all icmp 74.125.77.104:8 - 192.168.1.118:8779 0:0 all icmp 80.100.x.x:9676 (192.168.1.118:8779) - 74.125.77.104:8 0:0 Regards Rob