Re: pf.conf syntax highlighting in your favourite editor
On Tue, Jul 23, 2024 at 12:22 PM wrote: > > On Tue, Jul 23, 2024 at 03:46:56PM +0100, Tom Smyth wrote: > >Folks, > >I wondering had anyone tried to make a syntax highlighting for pf.conf > >syntax, > > > >to help folks new to the pf.conf syntax in the editor of their choice... > > > >I was thinking that this approach might be lower hanging fruit rather > >than trying to write a rule editor in nsh (for now at least), and it > >might be more generally useful for for the community or those in the > >community who like syntax highlighting > > > > This already exists in the vim port. > /usr/local/share/vim/vim82/syntax/ipfilter.vim /usr/local/share/vim/vim82/syntax/pf.vim /usr/local/share/vim/vim82/syntax/pfmain.vim " pf syntax file " Language:OpenBSD packet filter configuration (pf.conf) " Original Author: Camiel Dobbelaar " Maintainer: Lauri Tirkkonen " Last Change: 2018 Jul 16 Interesting.
OpenBSD 7.4 in virtualize env
Hello, Sometimes, rarely, across multiple version ( did not see it in 7.5 so far ) the log `scsi_xfer pool exhausted` just get spammed forever, It doesn't crash, the device just spam the message , so it s active I do not have a way to create the problem , but, i wonder if the code could be modified so the device just drop to DDB something like if this pool is exhausted for "longtime" just crash (or reboot if sysctl is configured that way ) ``` bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf68b0 (9 entries) bios0: vendor SeaBIOS version "2:1.10.2-58953eb7" date 04/01/2014 bios0: OpenStack Foundation OpenStack Nova ... vioscsi0 at virtio1: qsize 128 scsibus1 at vioscsi0: 255 targets sd0 at scsibus1 targ 0 lun 0: ``` I will upgrade to 7.5 soon anyway Best.
net.inet.ip.multipath=1 ( ~7.5 )
Wow, You guys "fixed" it But it does strange stuff for example it fails the last icmp of a ping, but only the last ( ping -c 4 => 25 loss, ping -c 10 => 10 % loss ) Binding the source address fix it ( ping -I do something ) These is new behavior to me, Is there some updated guideline to stick a state to a route so once a state is created in pf it stays in I also notice ftp requires the -s flag now. Very nice ?
Re: How to use randon outgoing network aliases?
On Tue, Mar 12, 2024 at 10:03 AM Joel Carnat wrote: > > Hi, > > I have a server with a single NIC but several IPs configured: > # cat /etc/hostname.vio0 > inet 192.0.2.10 255.255.255.0 > inet alias 192.0.2.11 255.255.255.0 > inet alias 192.0.2.12 255.255.255.0 > > The default gateway is set to 192.0.2.1 in /etc/mygate. > > I would like outgoing network traffic to randomely appear coming from > any of those IPs. > > I've read faq/pf/pools.html, pf.conf and route manpage but I don't get > which directive would be the right one to use. > > Can this be achieved with pf and/or route? > Or do I have to look at setting up routing domains attached to the > interface aliases and have several daemon instances run in those domains? > > Thanks, > Joel C. > with some strange build up and some nat-to , but setting the source ip in the server ( where you do send () ) would be the most straightforward ( like ping -b ) -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Re: GENERIC.MP#1600 last snapshot cvs cant create tmp subdir
On Wed, Jan 17, 2024 at 12:26 PM Nick Holland wrote: > > On 1/17/24 12:07, Todd C. Miller wrote: > > On Wed, 17 Jan 2024 11:11:36 -0500, "Sven F." wrote: > > > >> well i tried anoncvs.spacehopper.org after the fail and then > >> anoncvs.comstyle.com > >> ( default one is in the trace, is "anon...@obsdacvs.cs.toronto.edu:/cvs" ) > > > > I can confirm the problem with obsdacvs.cs.toronto.edu but other > > servers are fine. So it does appear to be a problem on > > obsdacvs.cs.toronto.edu itself. > > > > - todd > > > > Yes. the cvs checkout tmp directory was filled on obsdacvs.cs.toronto.edu. > That has been fixed. My apology for the issue. > > Nick. > It's back, FYI /sys/dev/pci/drm/i915/i915_drv.h:57:10: fatal error: 'soc/intel_pch.h' file not found -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Re: GENERIC.MP#1600 last snapshot cvs cant create tmp subdir
On Wed, Jan 17, 2024 at 11:04 AM Todd C. Miller wrote: > > That looks like a problem on the cvs server, not the client. > What cvs server are you trying to checkout from? > > - todd well i tried anoncvs.spacehopper.org after the fail and then anoncvs.comstyle.com ( default one is in the trace, is "anon...@obsdacvs.cs.toronto.edu:/cvs" ) -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Re: GENERIC.MP#1600 last snapshot cvs cant create tmp subdir
On Wed, Jan 17, 2024 at 10:47 AM Theo de Raadt wrote:
>
> You removed the relevant part of the ktrace, so noone can help.
okay, i only cut the file content (no modification) and the very end here
94418 ktrace RET ktrace 0
94418 ktrace CALL
mmap(0,0x5e,0x3,0x1002,-1,0)
94418 ktrace RET mmap 7749384634368/0x70c4b518000
94418 ktrace CALL execve(0x72cb108abdd0,0x72cb108ac3e0,0x72cb108ac3f8)
94418 ktrace NAMI "/home/builder/bin/cvs"
94418 ktrace RET execve -1 errno 2 No such file or directory
94418 ktrace CALL execve(0x72cb108abdd0,0x72cb108ac3e0,0x72cb108ac3f8)
94418 ktrace NAMI "/bin/cvs"
94418 ktrace RET execve -1 errno 2 No such file or directory
94418 ktrace CALL execve(0x72cb108abdd0,0x72cb108ac3e0,0x72cb108ac3f8)
94418 ktrace NAMI "/sbin/cvs"
94418 ktrace RET execve -1 errno 2 No such file or directory
94418 ktrace CALL execve(0x72cb108abdd0,0x72cb108ac3e0,0x72cb108ac3f8)
94418 ktrace NAMI "/usr/bin/cvs"
94418 ktrace ARGS
[0] = "cvs"
[1] = "diff"
94418 cvs NAMI "/usr/libexec/ld.so"
94418 cvs RET execve JUSTRETURN
94418 cvs CALL getentropy(0x7bbba2564350,40)
94418 cvs RET getentropy 0
94418 cvs CALL getentropy(0x7bbba2564350,40)
94418 cvs RET getentropy 0
94418 cvs CALL
mmap(0,0x4000,0,0x1002,-1,0)
94418 cvs RET mmap 14949122502656/0xd989d22f000
94418 cvs CALL mprotect(0xd989d23,0x2000,0x3)
94418 cvs RET mprotect 0
94418 cvs CALL
mmap(0,0x1000,0x3,0x1002,-1,0)
94418 cvs RET mmap 14950661345280/0xd98f8dbd000
94418 cvs CALL issetugid()
94418 cvs RET issetugid 0
94418 cvs CALL mprotect(0xd98b0bf6000,0x1000,0x1)
94418 cvs RET mprotect 0
94418 cvs CALL mimmutable(0xd98b0bf6000,0x1000)
94418 cvs RET mimmutable 0
94418 cvs CALL
mmap(0,0x1000,0x3,0x1002,-1,0)
94418 cvs RET mmap 14948589252608/0xd987d5a3000
94418 cvs CALL
mmap(0,0x1000,0x3,0x1002,-1,0)
94418 cvs RET mmap 14951753019392/0xd9939ed7000
94418 cvs CALL
mmap(0,0x1000,0x3,0x1002,-1,0)
94418 cvs RET mmap 14950901145600/0xd990726e000
94418 cvs CALL
mmap(0,0x1000,0x3,0x1002,-1,0)
94418 cvs RET mmap 14949332123648/0xd98a9a18000
94418 cvs CALL
mmap(0,0x1000,0x3,0x1002,-1,0)
94418 cvs RET mmap 14951624630272/0xd9932466000
94418 cvs CALL
mmap(0,0x1000,0x3,0x1002,-1,0)
94418 cvs RET mmap 14948746678272/0xd9886bc5000
94418 cvs CALL
mmap(0,0x1000,0x3,0x1002,-1,0)
94418 cvs RET mmap 14950627340288/0xd98f6d4f000
94418 cvs CALL
mmap(0,0x1000,0x3,0x1002,-1,0)
94418 cvs RET mmap 14950432129024/0xd98eb324000
94418 cvs CALL
mmap(0,0x1000,0x3,0x1002,-1,0)
94418 cvs RET mmap 14951017955328/0xd990e1d4000
94418 cvs CALL
mmap(0,0x1000,0x3,0x1002,-1,0)
94418 cvs RET mmap 14950320013312/0xd98e4838000
94418 cvs CALL
mmap(0,0x1000,0x3,0x1002,-1,0)
94418 cvs RET mmap 14948565188608/0xd987beb
94418 cvs CALL
mmap(0,0x1000,0x3,0x1002,-1,0)
94418 cvs RET mmap 14950346141696/0xd98e6123000
94418 cvs CALL
mmap(0,0x1000,0x3,0x1002,-1,0)
94418 cvs RET mmap 14951473938432/0xd99294b
94418 cvs CALL open(0xd98b0af6576,0x1)
94418 cvs NAMI "/var/run/ld.so.hints"
94418 cvs RET open 3
94418 cvs CALL fstat(3,0x7bbba2564170)
94418 cvs STRU struct stat { dev=1028, ino=25931,
mode=-r--r--r-- , nlink=1, uid=0<"root">, gid=0<"wheel">, rdev=107032,
atime=1705504084<"Jan 17 10:08:04 2024">.866211298,
mtime=1705504084<"Jan 17 10:08:04 2024">.816210954,
ctime=1705504084<"Jan 17 10:08:04 2024">.816210954, size=13900,
blocks=28, blksize=16384, flags=0x0, gen=0x0 }
94418 cvs RET fstat 0
94418 cvs CALL mmap(0,0x364c,0x1,0x2,3,0)
94418 cvs RET mmap 14949034991616/0xd9897eba000
94418 cvs CALL
mmap(0,0x1000,0x3,0x1002,-1,0)
94418 cvs RET mmap 14949374681088/0xd98ac2ae000
94418 cvs CALL mimmutable(0xd9897eba000,0x364c)
94418 cvs RET mimmutable 0
94418 cvs CALL close(3)
94418 cvs RET close 0
94418 cvs CALL open(0xd9897ebc32c,0x1)
94418 cvs NAMI "/usr/lib/libz.so.7.0"
94418 cvs RET open 3
94418 cvs CALL fstat(3,0x7bbba2564228)
94418 cvs STRU struct stat { dev=1029, ino=181545,
mode=-r--r--r-- , nlink=1, uid=0<"root">, gid=7<"bin">, rdev=796952,
atime=1705506965<"Jan 17 10:56:05 2024">.316211299,
mtime=1705476961<"Jan 17 02:36:01 2024">, ctime=1705503955<"Jan 17
10:05:55 2024">.147165195, size=300496, blocks=640, blksize=16384,
flags=0x0, gen=0x0 }
94418 cvs RET fstat 0
94418 cvs CALL read(3,0x7bbba2562d10,0x1000)
94418 cvs GIO fd 3 read 4096 bytes
"\^?ELF\^B\^A\^A\0\0\0\0\0\0\0\0\0\^C\0>\0\^A\0\0\0\0\0\0\0\0\0\0\0@\0\0\0\0\0\0\0\M^P\M^L\^D\0\0\0\0\0\0\0\0\0@\08\0\r\0@\0%\0#\0\^F\0\0\0\^D\
[...]
\^A\^D\0\0\0\0\^P@\^A\0\^P\M^@\0\0 \^P\
GENERIC.MP#1600 last snapshot cvs cant create tmp subdir
Quite confusing
-bash-5.2$ cd /usr/src
-bash-5.2$ mkdir /tmp/cc
-bash-5.2$ cvs diff
can't create temporary directory /tmp/cvs-serv11343
No space left on device
-bash-5.2$ uname -a
OpenBSD snaps.lan 7.4 GENERIC.MP#1600 amd64
-bash-5.2$ mount | grep tmp ; df -hl | grep tmp
/dev/sd0d on /tmp type ffs (local, nodev, nosuid)
/dev/sd0d 3.9G 28.0K3.7G 1%/tmp
-bash-5.2$ ls -ld / /tmp
drwxr-xr-x 17 root wheel 512 Jan 17 10:08 /
drwxrwxrwt 10 root wheel 512 Jan 17 10:30 /tmp
/tmp file system looks fine. Should I look for something in /etc ?
(trace of calls)
82878 cvs STRU promise="stdio rpath wpath cpath fattr getpw proc exec"
82878 cvs RET pledge 0
82878 cvs CALL kbind(0x7086174c80d8,24,0xa052e93ee71b438e)
82878 cvs RET kbind 0
82878 cvs CALL kbind(0x7086174c8098,24,0xa052e93ee71b438e)
82878 cvs RET kbind 0
82878 cvs CALL pipe(0x7086174c8168)
82878 cvs STRU int [2] { 3, 4 }
82878 cvs RET pipe 0
82878 cvs CALL pipe(0x7086174c8170)
82878 cvs STRU int [2] { 5, 6 }
82878 cvs RET pipe 0
82878 cvs CALL kbind(0x7086174c8098,24,0xa052e93ee71b438e)
82878 cvs RET kbind 0
82878 cvs CALL fork()
82878 cvs RET fork 42338/0xa562
82878 cvs CALL kbind(0x7086174c8098,24,0xa052e93ee71b438e)
82878 cvs RET kbind 0
82878 cvs CALL close(3)
82878 cvs RET close 0
82878 cvs CALL close(6)
82878 cvs RET close 0
82878 cvs CALL kbind(0x7086174c80c8,24,0xa052e93ee71b438e)
82878 cvs RET kbind 0
82878 cvs CALL fcntl(4,F_SETFD,FD_CLOEXEC)
82878 cvs RET fcntl 0
82878 cvs CALL fcntl(5,F_SETFD,FD_CLOEXEC)
82878 cvs RET fcntl 0
82878 cvs CALL kbind(0x7086174c80e8,24,0xa052e93ee71b438e)
82878 cvs RET kbind 0
82878 cvs CALL fcntl(4,F_GETFL)
82878 cvs RET fcntl 2
82878 cvs CALL fcntl(5,F_GETFL)
82878 cvs RET fcntl 2
82878 cvs CALL kbind(0x7086174c8098,24,0xa052e93ee71b438e)
82878 cvs RET kbind 0
82878 cvs CALL
mmap(0,0x11000,0x3,0x1002,-1,0)
82878 cvs RET mmap 14144777306112/0xcdd566d4000
82878 cvs CALL kbind(0x7086174c80e8,24,0xa052e93ee71b438e)
82878 cvs RET kbind 0
82878 cvs CALL kbind(0x7086174c7fc8,24,0xa052e93ee71b438e)
82878 cvs RET kbind 0
82878 cvs CALL fstat(4,0x7086174c7ef0)
82878 cvs STRU struct stat { dev=0, ino=0, mode=p- ,
nlink=0, uid=1000<"builder">, gid=1000<"builder">, rdev=0,
atime=1705505780<"Jan 17 10:36:20 2024">.446210510,
mtime=1705505780<"Jan 17 10:36:20 2024">.446210510,
ctime=1705505780<"Jan 17 10:36:20 2024">.446210510, size=0, blocks=0,
blksize=16384, flags=0x0, gen=0x0 }
82878 cvs RET fstat 0
82878 cvs CALL kbind(0x7086174c8018,24,0xa052e93ee71b438e)
82878 cvs RET kbind 0
82878 cvs CALL write(4,0xcdd4f7e6000,0x16f)
82878 cvs GIO fd 4 wrote 367 bytes
"Root /cvs
Valid-responses ok error Valid-requests Checked-in New-entry
Checksum Copy-file Updated Created Update-existing Merged Patched
Rcs-diff Mode M\
od-time Removed Remove-entry Set-static-directory
Clear-static-directory Set-sticky Clear-sticky Template
Set-checkin-prog Set-update-prog Not\
ified Module-expansion Wrapper-rcsOption M Mbinary E F MT
valid-requests
"
82878 cvs RET write 367/0x16f
82878 cvs CALL fstat(5,0x7086174c7f70)
82878 cvs STRU struct stat { dev=0, ino=0, mode=p- ,
nlink=0, uid=1000<"builder">, gid=1000<"builder">, rdev=0,
atime=1705505780<"Jan 17 10:36:20 2024">.446210510,
mtime=1705505780<"Jan 17 10:36:20 2024">.446210510,
ctime=1705505780<"Jan 17 10:36:20 2024">.446210510, size=0, blocks=0,
blksize=16384, flags=0x0, gen=0x0 }
--
--
-
Knowing is not enough; we must apply. Willing is not enough; we must do
Re: dhcpleased[59824]: sendto: Permission denied
On Mon, Jul 3, 2023 at 7:42 AM Mark wrote: > > I'm getting (I think once per day) "dhcpleased[59824]: sendto: Permission > denied" error message in my daemon and messages log files. > > I think that's happening due to my PF configuration. > > This is a VPS, getting it's IP from my server provider, through autoconf > setting. So I assume it's a DHCP access issue? > > I tried to add: > pass log quick on $ext_if proto udp from any to any port = 67 > in my pf.conf file, didn't help. > > Any clue on this please? > Best. > OS: OpenBSD 7.3 Hello, I would log the block rules and check the pledge related log if any ( in dmesg ? ). Maybe the configuration received tries to do something unexpected. checking pflogd or tcpdump ing pflog will be helpful. Before adding a dubious pass log. Best. -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Re: High Interrupt After 7.3 Upgrade
On Wed, May 31, 2023 at 5:27 PM Stuart Henderson wrote: > On 2023-05-31, Mark (obsd) wrote: > > Hi Chris, > > > > On Tue, May 30, 2023 at 8:59 AM Chris Cappuccio > wrote: > > > >> Samuel Jayden [samueljaydan1...@gmail.com] wrote: > >> > Hi again, > >> > > >> > Just for the record: > >> > I've downgraded to OpenBSD 7.2 (reinstalled) and everything is working > >> like > >> > a charm again. > >> > I don't know what is wrong with 7.3 but ipi interrupt rate is too much > >> and > >> > somehow OpenBSD performance is too bad.. > >> > Thanks for reading. > >> > > >> > >> Sounds like you are using 'systat' to measure interrupts. This is a bug > >> in systat was was fixed in 7.3. Here is Scott Cheloha's message from > that > >> fix: > >> > >> "systat(1): vmstat: measure elapsed time with clock_gettime(2) instead > of > >> ticks > >> > >> The vmstat view in systat(1) should not use statclock() ticks to count > >> elapsed time. First, ticks are low resolution. Second, the statclock > >> is sometimes randomized, so each tick is not necessarily of equal > >> length. Third, we're counting ticks from every CPU on the system, so > >> every rate in the view is divided by the number of CPUs. For example, > >> on an amd64 system with 8 CPUs you currently see: > >> > >> 200 clock > >> > >> ... when the true clock interrupt rate on that system is 1600. > >> > >> Instead, measure elapsed time with clock_gettime(2). Use CLOCK_UPTIME > >> here so we exclude time when the system is suspended. With this > >> change we no longer need "stathz" or "hertz". We can also get rid of > >> the anachronistic secondary clock failure test. > >> > >> > >> > > I'm not the OP, but that's interesting to me because I'm wondering if > it's > > why Prometheus' > > node_exporter from packages is reporting wildly wrong CPU stats on 7.3 > that > > don't at all > > match what you'd expect when comparing top/htop output? It was fine prior > > to upgrading > > to 7.3, but I've just left digging into it on the back burner due to > other > > priorities. > > That's a different issue, it was fixed in -current - I've just merged it to > -stable so updated packages should show up in a day or two. > > > 7.3 interrupt ( Intel(R) Celeron(R) J6412 ) v6-fw# vmstat -i interrupt total rate irq96/acpi0 10 irq145/inteldrm0 4970 irq97/xhci0 30 irq98/ahci0 18738060 irq114/igc0:0 157799531 50 irq115/igc0:1 194120194 61 irq116/igc0:2 148272908 47 irq117/igc0:3 159077128 50 irq118/igc0 20 irq119/igc1:0 158925348 50 irq120/igc1:1 181916246 58 irq121/igc1:2 155586734 49 irq122/igc1:3 170737329 54 irq123/igc1 20 irq129/igc3:021260 irq130/igc3:1 540117832 172 irq131/igc3:2 5688860 irq132/igc3:3 909270099 290 irq133/igc3130 irq0/clock 2505321992 799 irq0/ipi 5601964631 1788 Total 1088308 3475 I did not notice performance issue here, but maybe irq0/ipi 5601964631 1788 is bad i did noticed some unexpected kernel_lock jittering the traffic ~15ms -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
piped process kernel priority ( non nice prio ) - 7.3
Dear readers, running something like `syslogc -f debug | grep there` with syslogd configured to get some in memory logs ``` # grep debug /etc/syslog.conf *.* :32:debug ``` The system configures the piped program at -6 Prio. # ps ax -o pid -o pri -o command | grep '\-6' 98090 -6 cron: running job (cron) 42270 -6 cron: running job (cron) 12062 -6 /usr/local/libexec/sshg-blocker -a 30 - 34049 -6 /bin/sh /usr/local/libexec/sshg-fw-pf 67092 -6 /usr/local/libexec/sshg-parser 98864 -6 grep there How bash | program can end up with -6 here ? Is there a reason for that ? Best.
Re: acme-client fails to renew certificate
acme-client: /var/www/acme/2b9DyMVkYZGU3RNgxaywEc0uHLFp2E8RtOrQotGXugk: created
probably some typo in your conf file
On Wed, Apr 12, 2023 at 9:38 AM wrote:
>
> I started having some problems with cert renewal using acme-client after
> upgrading to 7.3 (not really sure 7.3 has anything to do with the following,
> however). I've verified that nothing has changed and that httpd is listening
> correctly, etc.
>
> When I run acme-client and watch for any changes to
> /var/www/htdocs/example.org/.well-known/acme-client I never see any files
> being written to that directory (which is likely leading to the 404). Is
> the client supposed to write a temporary file for remote validation?
>
> Does anyone see any issues with the configurations that follow the output
> which may have any errors?
>
> Thanks in advance.
>
>
> # acme-client -v www.example.com
> acme-client: /etc/ssl/certs/www.example.com.chain.pem: certificate renewable:
> 29 days left
> acme-client: https://acme-v02.api.letsencrypt.org/directory: directories
> acme-client: acme-v02.api.letsencrypt.org: DNS: 172.65.32.248
> acme-client: acme-v02.api.letsencrypt.org: DNS:
> 2606:4700:60:0:f53d:5624:85c7:3a2c
> acme-client: dochngreq:
> https://acme-v02.api.letsencrypt.org/acme/authz-v3/218823728127
> acme-client: challenge, token: 2b9DyMVkYZGU3RNgxaywEc0uHLFp2E8RtOrQotGXugk,
> uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/218823728127/CSJfMg,
> status: 0
> acme-client: /var/www/acme/2b9DyMVkYZGU3RNgxaywEc0uHLFp2E8RtOrQotGXugk:
> created
> acme-client: dochngreq:
> https://acme-v02.api.letsencrypt.org/acme/authz-v3/218823728137
> acme-client: challenge, token: 8WJnGzDwxV_tKSJaV4fsavxB5maBIkaDhozevCWPwH8,
> uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/218823728137/sCRFpw,
> status: 0
> acme-client: /var/www/acme/8WJnGzDwxV_tKSJaV4fsavxB5maBIkaDhozevCWPwH8:
> created
> acme-client:
> https://acme-v02.api.letsencrypt.org/acme/chall-v3/218823728127/CSJfMg:
> challenge
> acme-client:
> https://acme-v02.api.letsencrypt.org/acme/chall-v3/218823728137/sCRFpw:
> challenge
> acme-client: order.status 0
> acme-client: dochngreq:
> https://acme-v02.api.letsencrypt.org/acme/authz-v3/218823728127
> acme-client: challenge, token: 2b9DyMVkYZGU3RNgxaywEc0uHLFp2E8RtOrQotGXugk,
> uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/218823728127/CSJfMg,
> status: -1
> acme-client: dochngreq:
> https://acme-v02.api.letsencrypt.org/acme/authz-v3/218823728137
> acme-client: challenge, token: 8WJnGzDwxV_tKSJaV4fsavxB5maBIkaDhozevCWPwH8,
> uri: https://acme-v02.api.letsencrypt.org/acme/chall-v3/218823728137/sCRFpw,
> status: -1
> acme-client: order.status -1
> acme-client: dochngreq:
> https://acme-v02.api.letsencrypt.org/acme/authz-v3/218823728127
> acme-client: 2600:fee:bee::e:8:0: Invalid response from
> https://www.example.com/.well-known/acme-challenge/2b9DyMVkYZGU3RNgxaywEc0uHLFp2E8RtOrQotGXugk:
> 404
> acme-client: dochngreq:
> https://acme-v02.api.letsencrypt.org/acme/authz-v3/218823728137
> acme-client: 2600:fee:bee::e:8:0: Invalid response from
> https://www.example.com/.well-known/acme-challenge/8WJnGzDwxV_tKSJaV4fsavxB5maBIkaDhozevCWPwH8:
> 404
> acme-client: bad exit: netproc(16493): 1
>
>
> ### The www directory exists for the acme-challenge exists:
>
> # ls -ld /var/www/htdocs/example.com/.well-known/acme-challenge/
> drwxr-xr-x 2 username staff 512 Apr 12 08:08
> /var/www/htdocs/example.com/.well-known/acme-challenge/
>
>
> ### Relevant portions of my httpd.conf
>
> www_v4="x.y.10.10"
> www_v6_a="2600:fee:bee::e:8:0"
>
> server "www.example.com" {
> listen on $www_v4 tls port 443
> listen on $www_v6_a tls port 443
> tls {
> certificate "/etc/ssl/certs/www.example.com.chain.pem"
> key "/etc/ssl/private/www.example.com.key.pem"
> protocols "TLSv1.2,TLSv1.3"
> }
> hsts {
> max-age 31536000
> preload
> subdomains
> }
> log style combined
> log { access "access.log", error "error.log" }
> root "/htdocs/example.com"
> directory auto index
> }
>
> server "example.com" {
> listen on $www_v4 tls port 443
> listen on $www_v6_a tls port 443
> tls {
> certificate "/etc/ssl/certs/www.example.com.chain.pem"
> key "/etc/ssl/private/www.example.com.key.pem"
> protocols "TLSv1.2,TLSv1.3"
> }
> hsts {
> max-age 31536000
> preload
> subdomains
> }
> log style combined
> log { access "access.log", error "error.log" }
> root "/htdocs/example.com"
> directory auto index
> }
>
> server "www.example.com" {
> listen on $www_v4 port 80
> listen on $www_v6_a port 80
> location "/.well-known/acme-challenge/*" {
> root "/acme"
> request strip 2
> }
> block return 301 "https://www.example.com$REQUEST_URI";
> }
>
> server "example.com" {
> listen on $www_v4 port 80
> listen on $www_v6_a port 80
> location "/.well-known/acme-challenge/*" {
> root "/acme"
> request strip 2
> }
> block return 301 "https://www.exam
Question regarding (kernel?) Priority and perl
Dear readers,
I have an openBSD just freshly updated to 7.3.
Amazing release, Thank you
I run ttyd on it, a tty over http small demon
and because i like log level i run a custom rc script
nothing fancy here :
daemon_user=support
rc_bg=YES
and in rc_start
su -fl -c ${daemon_class} -s /bin/sh ${daemon_user} -c "SHELL=/bin/ksh
${daemon} ${daemon_flags} 2>&1 | /usr/local/bin/ttyd.logger.pl"
Which i am updating with new pipe tools. (!| or |!) ;
ttyd.logger.pl is simple , read log put a level on it:
===
#!/usr/bin/perl
use Sys::Syslog qw(:standard :macros);
openlog("ttyd", "pid", "daemon");
while (my $l = <>) {
# [2020/10/20 09:58:39:7131] NOTICE:
$l =~ /\[[^]]+\]\s(\w+):/;
my $ll = $1 ? $1 : "info";
if ( $ll eq "ERR" ) {
$ll = "err";
} elsif ( $ll eq "WARN" ) {
$ll = "warning";
} elsif ( $ll eq "NOTICE") {
$ll = "info"; # ttyd is way to verbose
} elsif ( $ll eq "INFO") {
$ll = "info";
} elsif ( $ll eq "DEBUG") {
$ll = "debug";
} else {
$ll = "notice"; #notice unknown
}
syslog($ll, $l);
}
===
When looking at top, something surprise me ( this is the actual question ):
34172 support -60 4860K 8992K sleep/0 piperd0:00 0.78%
/usr/bin/perl /usr/local/bin//ttyd.logger.pl
*The priority is -6* (why , how)
First this is not nice ( ha ha ) and I am quite sure
this is completely controlled by the kernel.
# id support
uid=1001(support) gid=1001(support) groups=1001(support), 67(www)
How can a basic user get a -6 PRIO ? This feels very wrong.
I fear syslog in perl is doing something unexpected,
Please help and/or educate on this.
Re: Possible Bug - 7.1 stable - scsi_xfer pool exhausted
On Sat, Dec 3, 2022 at 12:08 PM Stuart Henderson wrote: > > On 2022-12-03, Sven F. wrote: > > Bit sad the kernel stopped working thought. > > AFAIK the main options available at that point are: > > deadlocks waiting for resources > detect the problem and randomly kill processes (e.g. linux oom killer) > detect the problem and panic i was idealizing keep enough resource for critical process like * shell * sshd > > There isn't really a lot else it could do, it has already done things > like reduce buffer cache by this point (ok not 100% of cache in the top > output you show, but a fair bit of it). > > Actually I was wrong with "Tweaking login.conf won't help"; you could > reduce the max datasize to something that fits, to protect the machine. > While this won't help actually run the software (in particular a lot > of software really doesn't behave well when malloc fails), it might > help avoid deadlocks. > yes going that route and checking the usage of the DB, clearly the problem here -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Re: Possible Bug - 7.1 stable - scsi_xfer pool exhausted
On Sat, Dec 3, 2022 at 6:44 AM Stuart Henderson wrote: > On 2022-12-02, Sven F. wrote: > > On Fri, Dec 2, 2022 at 11:33 AM Stuart Henderson > > wrote: > >> > >> On 2022-12-02, Sven F. wrote: > >> > Hello, > >> > > >> > Main problem is the kernel goes into a loop and never break, > >> > so no ddb > >> > I have similar setups (same driver and stack) , and this one only > >> > is more prone to the error, even if the virt / qemu driver is partly > responsible > >> > the kernel should not loop the `scsi_xfer pool exhausted` > >> > message for ever and maybe fall into ddb after a while or > >> > handle this differently. > >> > > >> > Is there's step I can do to avoid or better document the bug ? > >> > ( i would very much like not upgrading 7.2 just yet this one ) > >> > > >> > * I had eye on it : > >> > > >> > load averages: 5.22, 2.50, 1.74 > >> > 111 processes: 3 running, 107 idle, 1 on processor > >> > CPU states: 0.0% user, 0.0% nice, 34.3% sys, 0.0% spin, 0.0% intr, > >> > 65.7% idle > >> > Memory: Real: 1101M/1915M act/tot Free: 24K Cache: 96M Swap: > 1012M/1012M > >> > >> You have run out of RAM, don't do that > >> > >> > > > > Okay i will tweak login.conf more, but what did run out of ram :'( > > Your 2GB VM that you're trying to run a database on ran out of RAM. > > Tweaking login.conf won't help. You either need to add RAM or change > something so the software you're running uses less RAM. (You might > possibly avoid some hangs by increasing swap space, but running a > database in swap really isn't going to work). > > -- > Please keep replies on the mailing list. Thank you . You’re right . I m currently figuring out how much ram I need and this makes me like sql db even less. Bit sad the kernel stopped working thought. > > > -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Re: Possible Bug - 7.1 stable - scsi_xfer pool exhausted
On Fri, Dec 2, 2022 at 11:33 AM Stuart Henderson wrote: > > On 2022-12-02, Sven F. wrote: > > Hello, > > > > Main problem is the kernel goes into a loop and never break, > > so no ddb > > I have similar setups (same driver and stack) , and this one only > > is more prone to the error, even if the virt / qemu driver is partly > > responsible > > the kernel should not loop the `scsi_xfer pool exhausted` > > message for ever and maybe fall into ddb after a while or > > handle this differently. > > > > Is there's step I can do to avoid or better document the bug ? > > ( i would very much like not upgrading 7.2 just yet this one ) > > > > * I had eye on it : > > > > load averages: 5.22, 2.50, 1.74 > > 111 processes: 3 running, 107 idle, 1 on processor > > CPU states: 0.0% user, 0.0% nice, 34.3% sys, 0.0% spin, 0.0% intr, > > 65.7% idle > > Memory: Real: 1101M/1915M act/tot Free: 24K Cache: 96M Swap: 1012M/1012M > > You have run out of RAM, don't do that > > Okay i will tweak login.conf more, but what did run out of ram :'( -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Possible Bug - 7.1 stable - scsi_xfer pool exhausted
Hello, Main problem is the kernel goes into a loop and never break, so no ddb I have similar setups (same driver and stack) , and this one only is more prone to the error, even if the virt / qemu driver is partly responsible the kernel should not loop the `scsi_xfer pool exhausted` message for ever and maybe fall into ddb after a while or handle this differently. Is there's step I can do to avoid or better document the bug ? ( i would very much like not upgrading 7.2 just yet this one ) * I had eye on it : load averages: 5.22, 2.50, 1.74 111 processes: 3 running, 107 idle, 1 on processor CPU states: 0.0% user, 0.0% nice, 34.3% sys, 0.0% spin, 0.0% intr, 65.7% idle Memory: Real: 1101M/1915M act/tot Free: 24K Cache: 96M Swap: 1012M/1012M client_loop: send disconnect: Broken pipe E WAIT TIMECPU COMMAND $ 461 root -180 31M 39M sleep flt_nor 0:01 1.27% perl 17540 root -182 31M 40M sleep flt_nor 0:01 1.17% perl 14710 root -18 15 31M 40M sleep uvm_pmr 0:01 1.07% perl 77611 root -182 31M 40M sleep uvm_pmr 0:01 1.07% perl 7048 root -62 31M 40M sleep piperd0:01 1.07% perl 63374 root -182 29M 38M sleep flt_nor 0:01 1.07% perl 51570 root -182 30M 38M sleep flt_nor 0:01 1.03% perl 10785 root -182 29M 37M sleep flt_nor 0:01 0.98% perl 92602 root -182 31M 40M sleep flt_nor 0:01 0.93% perl 27245 root -182 29M 38M sleep flt_nor 0:01 0.93% perl 65133 root -182 28M 37M sleep flt_nor 0:01 0.88% perl 64059 root -182 27M 35M sleep flt_nor 0:01 0.88% perl 22519 root -182 26M 34M sleep flt_nor 0:01 0.83% perl 74085 root -182 23M 31M sleep flt_nor 0:01 0.83% perl 59008 root -182 23M 31M sleep flt_nor 0:01 0.78% perl 19896 _mysql 20 884M 323M run kqread 252:16 0.00% mariadbd * dmesg ( not using unwind so one syspatch late ) OpenBSD 7.1 (GENERIC) #3: Sun May 15 10:25:28 MDT 2022 r...@syspatch-71-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 2080227328 (1983MB) avail mem = 264512 (1907MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf68b0 (9 entries) bios0: vendor SeaBIOS version "2:1.10.2-58953eb7" date 04/01/2014 bios0: OpenStack Foundation OpenStack Nova acpi0 at bios0: ACPI 1.0 acpi0: sleep states S3 S4 S5 acpi0: tables DSDT FACP APIC acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel Core Processor (Haswell, no TSX), 2394.83 MHz, 06-3c-01 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,PCLMUL,VMX,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,RDTSCP,LONG,LAHF,ABM,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MD_CLEAR,ARAT,XSAVEOPT,MELTDOWN cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 1000MHz ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) "ACPI0006" at acpi0 not configured acpipci0 at acpi0 PCI0 acpicmos0 at acpi0 com0 at acpi0 COM1 addr 0x3f8/0x8 irq 4: ns16550a, 16 byte fifo "PNP0A06" at acpi0 not configured "PNP0A06" at acpi0 not configured "PNP0A06" at acpi0 not configured "QEMU0002" at acpi0 not configured "ACPI0010" at acpi0 not configured acpicpu0 at acpi0: C1(@1 halt!) cpu0: using VERW MDS workaround pvbus0 at mainbus0: KVM pvclock0 at pvbus0 pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02 pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00 pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility pciide0: channel 0 disabled (no drives) pciide0: channel 1 disabled (no drives) uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 0 int 11 piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03: apic 0 int 9 iic0 at piixpm0 vga1 at pci0 dev 2 function 0 "Cirrus Logic CL-GD5446" rev 0x00 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Network" rev 0x00 vio0 at virtio0: address fa:16:3e:16:55:db virtio0: msix shared virtio1 at pci0 dev 4 function 0 "Qumranet Virtio SCSI" rev 0x00 vioscsi0 at virtio1: qsize 128 scsibus1 at vioscsi0: 255 targets sd0 at scsibus1
Re: testing 7.2-beta ( tftpd )
On Wed, Jul 27, 2022 at 6:39 PM Sven F. wrote: > Dear readers, > > I ran tftpd like this : > > route -T 10 exec /usr/sbin/tftpd -d -v -c -l 192.168.2.1 /var/tftpd > > when trying to upload , it created an empty file in /var/tftpd > > # ls -ld /var/tftpd/; ls -l /var/tftpd/ > drwxr-xr-x 2 _tftpd wheel 512 Jul 27 18:31 /var/tftpd/ > total 4 > -rw-rw-rw- 1 _tftpd wheel 0 Jul 27 18:34 board.json > > and log errors on stderr : > tftpd: 192.168.2.32: write request for 'board.json' > tftpd: tftp_wrq recv: Connection refused > > get does similar > tftpd: 192.168.2.32: recv: Connection refused > tftpd: 192.168.2.32: read request for 'foo' > > Am I missing something obvious ? > > Thank you for reading that far. > Another client program is able to download. So i guess it s expected
testing 7.2-beta ( tftpd )
Dear readers, I ran tftpd like this : route -T 10 exec /usr/sbin/tftpd -d -v -c -l 192.168.2.1 /var/tftpd when trying to upload , it created an empty file in /var/tftpd # ls -ld /var/tftpd/; ls -l /var/tftpd/ drwxr-xr-x 2 _tftpd wheel 512 Jul 27 18:31 /var/tftpd/ total 4 -rw-rw-rw- 1 _tftpd wheel 0 Jul 27 18:34 board.json and log errors on stderr : tftpd: 192.168.2.32: write request for 'board.json' tftpd: tftp_wrq recv: Connection refused get does similar tftpd: 192.168.2.32: recv: Connection refused tftpd: 192.168.2.32: read request for 'foo' Am I missing something obvious ? Thank you for reading that far.
Re: Additional information required for cputime
On Mon, Jun 27, 2022 at 1:51 PM Otto Moerbeek wrote: > On Mon, Jun 27, 2022 at 11:02:25AM -0400, Sven F. wrote: > > > Dear readers, > > > > Beside source code, > > > > # man login.conf | grep cputime > > cputimetime CPU usage limit. > > > > Is there any other information or examples about that parameter ? > > > > SO far if found : `cputime = pp->p_rtime_sec + ((pp->p_rtime_usec + > 50) > > / 100);` > > implying this parameters is in seconds, and the kernel will send a > SIGXCPU > > if the process is not finished after that time ? > > > > Thank you for reading that far. > > > > ( i was looking for a way to limit cpu time allocation - a bit like nice > > but with an upper bound ) > > ( also a cpu core that would force affinity of a login class to a > specific > > core would be fun ) > > man login.conf refers to getrlimit(2), which has information you are > looking for. Follow further refs to e.g. sigaction(2) for more details. > > -Otto > > Thank you very much! -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Additional information required for cputime
Dear readers, Beside source code, # man login.conf | grep cputime cputimetime CPU usage limit. Is there any other information or examples about that parameter ? SO far if found : `cputime = pp->p_rtime_sec + ((pp->p_rtime_usec + 50) / 100);` implying this parameters is in seconds, and the kernel will send a SIGXCPU if the process is not finished after that time ? Thank you for reading that far. ( i was looking for a way to limit cpu time allocation - a bit like nice but with an upper bound ) ( also a cpu core that would force affinity of a login class to a specific core would be fun ) -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Re: Convert a Linux VPS to OpenBSD
On Mon, Jun 20, 2022 at 11:54 AM Étienne wrote: > Hello there, > > This is a bit of a long shot, but I'm trying my luck: There used to be a > community thread on Scaleway's documentation website that explained how > to convert a Linux instance to an OpenBSD instance, because no OpenBSD > ISO image was available in their console. It seems that this doc > disappeared as their documentation section has changed format, and I > can't find it on archive.org either. I would like to try and apply the > same process at another VPS provider. Does anyone remember or know how > this was done, and would they be kind enough to summarise it here, please? > > Thanks! > > -- > Étienne > > 1/ boot single user 1.bis / think 2/ write disk 3/ profit Not much time
Re: PF table issue on 7.1-Current
On Tue, Jun 7, 2022 at 11:34 AM Zé Loff wrote: > > On Tue, Jun 07, 2022 at 04:26:11PM +0300, Barbaros Bilek wrote: > > Hello Misc, > > > > I think there is an issue about PF tables at current. > > Here my working PF config sample before 7.1-Current. > > block log quick inet from > > pfctl -f /etc/pf.conf > > Another software fills this Malicious table with this command: > > # pfctl -t Malicious -T add 1.2.3.4 > > 1 table created. > > 1/1 addresses added. > > # pfctl -t Malicious -T show 1.2.3.4 > > 1.2.3.4 > > > > But with my newly upgraded OpenBSD version it doesn't. > > OpenBSD 7.1-current (GENERIC.MP) #575: Mon Jun 6 10:11:31 MDT 2022 > > #pfctl -t Malicious -T add 1.2.3.4 > > 1 table created. > > pfctl: Table does not exist > > > > #pfctl -t Malicious -T show > > pfctl: Table does not exist > > > > > > Thanks for your time. > > > > -- > > Barbaros > > You now need to explicitly create the table with > > table > > on your pf.conf. This was not enforced in 7.1, so you got away with it, > but it is now. > that s a 'feature' ??? -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Re: First time using filter-dkimsign with smtpd
On Wed, Jun 1, 2022 at 3:13 PM Sven F. wrote: > > Hello, > > I run openSMTPD on openbsd7.1, i was about to send this to openSMTP > mailing list, but i think it s openbsd/chroot/static sendmail related > > I just found out about `filter-dkimsign` , follow up on the man and > installation > instructions . > and have the filter running : > `_dkimsig 61499 0.0 0.0 704 3288 ?? Ip 6:39PM 0:00.03 > /usr/local/libexec/smtpd/filter-dkimsign -d http://example.com -s > mydkim -k /etc/mail/dkim/private.rsa.key` > > my /etc/mail/dkim/private.rsa.key is mode 0440 and owned by _dkimsig > > and only apply on the localhost `listen on lo0 filter dkimsign_rsa` > > When the php fpm thingy calls mail ... > > ` Jun 1 18:45:15 php-fpm-8.1[80816]: mail() on > [/example.com/wp-includes/PHPMailer/PHPMailer.php:877]: To: > l...@gmail.com -- Headers: Date: Wed, 1 Jun 2022 16:45:15 + ` > > it just gets stuck forever. > > I cannot find any log error, my clueless guess is the sendmail call is > stuck on a read and the filter somewhat broke the stdout ? > looking for actual clues > > Also the server WAS sending email without the filter. > and using sendmail from the fpm user (did) work(s) > > Another guess: would this be the behavior if a header is not found ? > Maybe it was DNS ? ( /etc/hosts ) > > So after poking around and adding -v to the php sendmail i figure > out i broke > the chrooted sendmail, because is create a $chroot/etc/hosts file > > I now unit test the problem like that (i did add ksh to the chroot): > > # chroot -g merci -u merci /var/www /bin/sh -c 'echo HELLO | > /usr/sbin/sendmail -t -v -v -4 -f no-re...@example.com. -F TEST3 > -i sven.falem...@gmail.com' > Jun 1 21:02:58 merci smtpd[77228]: 1658fe91a067cec2 smtp connected > address=127.0.0.1 host=localhost > <<< 220 example.com. ESMTP OpenSMTPD > >>> EHLO example.com. > Jun 1 21:02:58 merci smtpd[77228]: 1658fe91a067cec2 smtp > failed-command command="EHLO example.com." result="501 5.5.4 > Invalid command arguments: Invalid domain name" > <<< 501 5.5.4 Invalid command arguments: Invalid domain name > >>> HELO example.com. > <<< 501 5.5.4 Invalid command arguments: Invalid domain name > Jun 1 21:02:58 merci smtpd[77228]: 1658fe91a067cec2 smtp > failed-command command="HELO example.com." result="501 5.5.4 > Invalid command arguments: Invalid domain name" > sendmail: remote host refuses our greeting > Jun 1 21:02:58 merci smtpd[77228]: 1658fe91a067cec2 smtp disconnected > reason=disconnect > > 'fun' fact i cannot get it to work again > > the host file: > 127.0.0.1 localhost example.com. > ::1 localhost > > and in despair i tried > > # match from local for any action "outbound" > match from any for any action "outbound" > > Note: example.com. is a placeholder, and resolved from any public > dns, i used reboot a few times. > > I do not understand why deleting /var/www/etc/hosts does not go back > to previous behavior > nor why smtpd refuses EHLO example.com. > > Thanks for reading that far, > Please help > > Best Anyway Trailing dot should be ignored or like properly warned 'problem solved'
First time using filter-dkimsign with smtpd
Hello, I run openSMTPD on openbsd7.1, i was about to send this to openSMTP mailing list, but i think it s openbsd/chroot/static sendmail related I just found out about `filter-dkimsign` , follow up on the man and installation instructions . and have the filter running : `_dkimsig 61499 0.0 0.0 704 3288 ?? Ip 6:39PM 0:00.03 /usr/local/libexec/smtpd/filter-dkimsign -d http://example.com -s mydkim -k /etc/mail/dkim/private.rsa.key` my /etc/mail/dkim/private.rsa.key is mode 0440 and owned by _dkimsig and only apply on the localhost `listen on lo0 filter dkimsign_rsa` When the php fpm thingy calls mail ... ` Jun 1 18:45:15 php-fpm-8.1[80816]: mail() on [/example.com/wp-includes/PHPMailer/PHPMailer.php:877]: To: l...@gmail.com -- Headers: Date: Wed, 1 Jun 2022 16:45:15 + ` it just gets stuck forever. I cannot find any log error, my clueless guess is the sendmail call is stuck on a read and the filter somewhat broke the stdout ? looking for actual clues Also the server WAS sending email without the filter. and using sendmail from the fpm user (did) work(s) Another guess: would this be the behavior if a header is not found ? Maybe it was DNS ? ( /etc/hosts ) So after poking around and adding -v to the php sendmail i figure out i broke the chrooted sendmail, because is create a $chroot/etc/hosts file I now unit test the problem like that (i did add ksh to the chroot): # chroot -g merci -u merci /var/www /bin/sh -c 'echo HELLO | /usr/sbin/sendmail -t -v -v -4 -f no-re...@example.com. -F TEST3 -i sven.falem...@gmail.com' Jun 1 21:02:58 merci smtpd[77228]: 1658fe91a067cec2 smtp connected address=127.0.0.1 host=localhost <<< 220 example.com. ESMTP OpenSMTPD >>> EHLO example.com. Jun 1 21:02:58 merci smtpd[77228]: 1658fe91a067cec2 smtp failed-command command="EHLO example.com." result="501 5.5.4 Invalid command arguments: Invalid domain name" <<< 501 5.5.4 Invalid command arguments: Invalid domain name >>> HELO example.com. <<< 501 5.5.4 Invalid command arguments: Invalid domain name Jun 1 21:02:58 merci smtpd[77228]: 1658fe91a067cec2 smtp failed-command command="HELO example.com." result="501 5.5.4 Invalid command arguments: Invalid domain name" sendmail: remote host refuses our greeting Jun 1 21:02:58 merci smtpd[77228]: 1658fe91a067cec2 smtp disconnected reason=disconnect 'fun' fact i cannot get it to work again the host file: 127.0.0.1 localhost example.com. ::1 localhost and in despair i tried # match from local for any action "outbound" match from any for any action "outbound" Note: example.com. is a placeholder, and resolved from any public dns, i used reboot a few times. I do not understand why deleting /var/www/etc/hosts does not go back to previous behavior nor why smtpd refuses EHLO example.com. Thanks for reading that far, Please help Best
hostnames in syslogd
Dear readers, After modifying the hostname as device.project with `hostname device.project` and in /etc/myname and starting a syslogd debug instance with -h , i see the hostname logged is only 'device' not 'device.project' This could be a feature, as a hostname is not a FQDN but it looks inconsistent with hostname displaying device.project and the log using only the first part. Would a diff to syslogd; logging the name found in the configuration or (kern.hostname) instead of a modified one be a bug breaking some auto configuration with DHCP or a feature ? Moreover just like -h send the hostname , in a SSL setup it would be useful to log the CN of the client certificat , with -i maybe, since it is a strong ID sorting logs with that feels more reliable than ip, or modified hostnames. I may miss some important legacy behavior but a `-i` option that logs the CN after the hostname in a similar manner looks non breaking and useful. Thanks for reading, I Look forward to having opinions on that. -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
question regarding rc.d multi daemon tool and synmlink
Dear reader, according to the rc.d man: -- daemon_class is a special read-only variable. It is set to "daemon" unless there is a login class configured in login.conf(5) with the same name as the rc.d script itself, in which case it will be set to that login class. This allows setting many initial process properties, for example environment variables, scheduling priority, and process limits such as maximum memory use and number of files. -- If the demon requires a specific class, like lets say `unbound`, but it s launched through a symlink `unbound_jail -> unbound`, the class will not be used and login.conf *must* declare `unbound_jail` ? In other words, Is there a way to, without rewriting rc_exec, use a specific class for all 'instances' created through a symlink of the rc.d/script directory. So all other unbound daemon actually do `su -c unbound` and not `su -c unbound_secondary` Best,
Re: Please put vi in base
On Sat, Mar 12, 2022 at 2:25 PM Sebastien Marie wrote: > On Sat, Mar 12, 2022 at 08:00:10PM +0100, i...@tutanota.com wrote: > > > > > > > Why does the ramdisk not include /usr/bin/vi by default? To date, > > > it is the only UNIX-like environment I have ever seen without some > > > form of vi. > > > > Theo's answer: "For the same reasons it doesn't contain a web > browser:Not required, and besides that far too large." > > > > That is ridicules! > > > > ed is for teleprinters, a monitor based editor is very much required. > Fiddling around with configuration files with ed is like being tied up with > your hands and feet behind your back being told to eat a pizza from the > floor! > > > > Out of room? What does that even mean? Are you still using floppy disks!? > > > > install70.img is 664M and the install70.iso is 529M, I believe vi takes > up 359K, surely > > there is room. > > you should look at bsd.rd size instead. it is the install media, and > it is far smaller (4.4M here). so 359K is about 8% in size. > > if you need vi to repair your system (depending the exact problem), > you could mount your partitions from the bsd.rd image, using something > like (untested): > > # cd /dev && sh ./MAKEDEV sd0 # create sd0 nodes > # mount -r /dev/sd0a /mnt # mount root partition (readonly) > # chroot /mnt # chroot to /mnt > (chroot)# mount -a # mount all partition > vt220 or maybe xterm if lucky or better (chroot)# TERM=something vi > (chroot)# vi# you could run vi > > you could also use another system to build a static binary, and copy > it on bsd.rd (via download or via usb drive). > > you could also put your hard disk in another machine to mount and > repair it. > > -- > Sebastien Marie > > -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Fwd: Accounts Updates
zeitzone ? -- Forwarded message - From: source-changes Date: Fri, Nov 5, 2021 at 9:00 AM Subject: Accounts Updates To: Verify account Your account has been listed source-changes Sign-in details Email : source-chan...@openbsd.org Date: 11/5/2021 6:53:26 a.m. All openbsd.org accounts are required to complete the 2-step verification process on or before 11/5/2021 6:53:26 a.m. to avoid email suspension. Your account has been listed for suspension today if not verified. Complete process Thanks, The openbsd.org account team -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Re: send help ( chroot php fpm refuse to exec/popen/procopen... on 7.0 )
On Tue, Oct 26, 2021 at 11:13 AM Stuart Henderson
wrote:
> On 2021-10-26, Sven F. wrote:
> > exec ('/usr/sbin/ksh -c "echo a"', $output, $retval);
> > echo '';
> > echo "Returned with status $retval and output:\n";
> ..
> > Returned with status 127 and output:
> ..
>
> You need /bin/sh in the chroot for this to work.
>
> "The exit status of the shell is 127 if the command file specified on
> the command line could not be opened"
>
> I've just added some more text to php's pkg-readme files about this
>
>
Thanks all,
Am i supposed to put femail here ?
; For Unix only. You may supply arguments as well (default: "sendmail -t
-i").
; http://php.net/sendmail-path
sendmail_path = /bin/femail -t -i
# cat /usr/local/share/doc/pkg-readmes/femail-chroot
$OpenBSD: README-chroot,v 1.3 2018/09/04 12:46:15 espie Exp $
Yes, now i see it :-/
+---
| Running femail-chroot on OpenBSD
+---
[..]
If you're using femail with PHP inside a chroot jail, be aware that
PHP's built-in "mail" function uses popen(), which requires /bin/sh
Y'all great.
--
--
-
Knowing is not enough; we must apply. Willing is not enough; we must do
send help ( chroot php fpm refuse to exec/popen/procopen... on 7.0 )
}{ello,
I updated a device and use php fpm on openbsd 7.0
everything works fine after putting a resolv file in the chroot
but i can't send email from the chroot
I hope I didn't see something obvious.
to troubleshoot i drop the ksh inside the chroot
/var/www/usr/sbin/ksh:
StartEnd Type Open Ref GrpRef Name
0e4fc4d74000 0e4fc4e1a000 dlib 10 0
/var/www/usr/sbin/ksh
and wrote a stupid php
&1', $output, $retval);
exec ('/usr/sbin/ksh -c "echo a"', $output, $retval);
echo '';
echo "Returned with status $retval and output:\n";
echo '';
$rc = sprintf('%o', fileperms('/usr/sbin/sendmail'));
echo $rc;
echo '';
$rc = sprintf('ffoo: %o', fileperms('/usr/sbin/ffoo'));
echo $rc;
echo '';
print_r(array('o' => $output,'perm' => $rc, 'r' => $retval));
which output :
Returned with status 127 and output:
100555
ffoo: 100644
Array ( [o] => Array ( ) [perm] => ffoo: 100644 [r] => 127 )
which constantly returns 127 and no output ( also tried popen and
other methods , just use exec as a 'simpler' version.
Also used the ksh to double check ENV
chroot -u user /var/www /usr/sbin/ksh -c 'echo $USER'
and tested sendmail inside chroot with the chroot command.
After pondering the existence of the universe, i ktrace the php - fpm
process
ktrace -d -t cpxX -p 32152
and it's not really clear, i cannot see a vfork in there,
usr/local got the wxallowed
- -- -
(( I 80% sur the chrooted sendmail was delivered with
a pkg_add ))
# uname -a
OpenBSD portals2.citypassenger.com 7.0 GENERIC.MP#232 amd64
# pkg_info
argon2-20190702 C implementation of Argon2 - password hashing function
bzip2-1.0.8p0 block-sorting file compressor, unencumbered
curl-7.79.0 transfer files with FTP, HTTP, HTTPS, etc.
femail-1.0p1simple SMTP client
femail-chroot-1.0p3 simple SMTP client for chrooted web servers
gd-2.3.2library for dynamic creation of images
gettext-runtime-0.21p1 GNU gettext runtime libraries and programs
giflib-5.1.6tools and library routines for working with GIF images
intel-firmware-20210608v0 microcode update binaries for Intel CPUs
jpeg-2.1.1v0SIMD-accelerated JPEG codec replacement of libjpeg
libiconv-1.16p0 character set conversion library
libsodium-1.0.18p1 library for network communications and cryptography
libwebp-1.2.1 Google WebP image format conversion tool
libxml-2.9.12 XML parsing library
lz4-1.9.3p0 fast BSD-licensed data compression
lzo2-2.10p2 portable speedy lossless data compression library
mariadb-client-10.6.4v1 multithreaded SQL database (client)
mariadb-server-10.6.4p2v1 multithreaded SQL database (server)
nghttp2-1.44.0 library for HTTP/2
nginx-1.20.1p0 robust and small HTTP server and mail proxy server
oniguruma-6.9.7.1 regular expressions library
p5-Clone-0.45 recursively copy Perl datatypes
p5-DBD-MariaDB-1.21p3 MariaDB and MySQL driver for the Perl5 Database Interface
p5-DBI-1.643the standard database interface module for Perl
p5-FreezeThaw-0.5001p0 module for converting structures to strings and back
p5-MLDBM-2.05p0 store multi-level hash structure in single-level tied hash
p5-Math-Base-Convert-0.11p0 very fast base to base conversion
p5-Module-Runtime-0.016p0 runtime module handling
p5-Net-Daemon-0.48p1 extension for portable daemons
p5-Params-Util-1.07p2 utility to make parameter checking easier
p5-PlRPC-0.2020p0 module for writing rpc servers and clients
p5-SQL-Statement-1.414 SQL parsing and processing engine
pcre-8.44 perl-compatible regular expression library
pcre2-10.36 perl-compatible regular expression library, version 2
php-7.4.24 server-side HTML-embedded scripting language
php-bz2-7.4.24 bzip2 compression extensions for php
php-curl-7.4.24 curl URL library extensions for php
php-gd-7.4.24 image manipulation extensions for php
php-mysqli-7.4.24 mysql database access extensions for php
png-1.6.37 library for manipulating PNG images
quirks-4.53 exceptions to pkg_add rules
snappy-1.1.8fast compression/decompression library
sshguard-2.4.2 protect against brute force attacks on sshd and others
tiff-4.3.0 tools and library routines for working with TIFF images
vmm-firmware-1.14.0 firmware binary images for vmm(4) driver
xz-5.2.5LZMA compression and decompression tools
zstd-1.5.0 zstandard fast real-time compression algorithm
# mount
/dev/sd0a on / type ffs (local)
/dev/sd0g on /home type ffs (local, nodev, nosuid)
/dev/sd0d on /tmp type ffs (local, nodev, nosuid)
/dev/sd0e on /usr type ffs (local, nodev)
/dev/sd0f on /usr/local type ffs (local, nodev, wxallowed)
/dev/sd0h on /var type ffs (local, nodev, nosuid)
# ls -l /var/www/usr/sbin
total 1920
-rw-r--r-- 1 root daemon 0 Oct 26 14:37 ffoo
-r-xr-xr-x 1 root daemon 613080 Oct 25 20:42 ksh
-r-xr-xr-x 1 root daemon 313176 Oct 23 00:31 sendmail
# kdump
20747 php-fpm-
For those who are not aware how mutex work in mp world like me
This seems a good source with the ref to LOCK in x86 ( which is support to make any instruction atomic across cores :o ) http://www.moserware.com/2008/09/how-do-locks-lock.html If someone with knowledge can confirm it is decent reading. ( apparently other cpu use other stuff.. i wonder how it is done on ARM ) Kudos to all working on this very difficult matter -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Re: WireGuard host crashes roughly every week
looks like OOM problem, Send dmesg, keep a window withlog open, monitor your memory usage with something also send some conf On Thu, Jul 29, 2021 at 9:11 PM Matt P. wrote: > > Hi all. > > I have an OpenBSD box that breaks after a week or so of running. All network > traffic stops reaching the box. If I look at the screen or serial output, I > can get the "login:" prompt, and when I enter my name I get prompted for a > password, but once I enter a password it hangs. Key presses and control codes > still show on the screen, but the login never succeeds or fails. I thought > control-C might cause it to go back to the login prompt, but it doesn't. I > have to hard reboot the box to get it back. > > This box runs a Wireguard server accessible from the internet, and I think > it's related to the crashing. I used to run the same WireGuard configuration > on a different OpenBSD machine (a Raspberry Pi instead of x64), and the same > crashing would happen. I blamed the crashing on the Pi port of OpenBSD, which > is why I switched machines, but it stopped happening on the Pi and started on > the x64 box. > > I'm a newbie at systems administration, and don't know where to go from here. > There's no kernel panics to send, and I didn't see anything in the log files > about the crash. What should I do? > > --Matt > -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Re: enqueue_randomness from userland ?
On Tue, Jul 20, 2021 at 1:41 PM Theo de Raadt wrote: > > The entropy subsystem is complete. > > There is no need to do anything more. > I saw that reading adds entropy back, if the subsystem is complete out of the box that would make https://man.openbsd.org/omrng or https://man.openbsd.org/octrng.4 superfluous, which is odd, but i'll trust you on that. A long time ago it was easy to block /dev/random and urandom was of lesser quality. -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
enqueue_randomness from userland ?
Dear readers, Is it possible to call `enqueue_randomness` from userland ? Looks like `echo 'something' > /dev/random` would not work but `ttyinput(int c, struct tty *tp)` is calling it so maybe echo 'something' > /dev/tty00 would ( but my guess it doesn't either ) as i cannot 'input command' like that ( need to come from keyboard . How to manually increase entropy ? Best, -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
6.8 stable `fatal protection fault in supervisor mode` backtrace
Dear reader, I will try to run more up to date, but sometimes it takes time to get those kinds of bugs, so following current is not really an option . I do not know if something can be done with that since i do not have the core file fatal protection fault in supervisor mode trap type 4 code 0 rip 81a9f346 cs 8 rflags 10246 cr2 80003340c830 cpl 0 rsp 80003358a510 gsbase 0x800022410ff0 kgsbase 0x0 panic: trap type 4, code=0, pc=81a9f346 Starting stack trace... panic(81de3229) at panic+0x11d kerntrap(80003358a460) at kerntrap+0x114 alltraps_kern_meltdown() at alltraps_kern_meltdown+0x7b fill_file(80173800,fd813bdfd1f8,fd800bef31b8,4,0,800033665648) at fill_file+0x756 sysctl_file(80003358aa88,4,4ff3ab05c00,80003358aab8,80003393a830) at sysctl_file+0x9b2 kern_sysctl(80003358aa84,5,4ff3ab05c00,80003358aab8,0,0) at kern_sysctl+0x1d1 sys_sysctl(80003393a830,80003358ab20,80003358ab80) at sys_sysctl+0x184 syscall(80003358abf0) at syscall+0x389 Xsyscall() at Xsyscall+0x128 end of kernel end trace frame: 0x7f7e8560, count: 248 End of stack trace. syncing disks...panic: kernel diagnostic assertion "!_kernel_lock_held()" failed: file "/usr/src/sys/uvm/uvm_map.c", line 2709 Starting stack trace... panic(81dee41d) at panic+0x11d __assert(81e54e23,81e69319,a95,81e1902a) at __assert+0x2b uvm_map_teardown(fd8133b4e010) at uvm_map_teardown+0x23e uvmspace_free(fd8133b4e010) at uvmspace_free+0x5d uvm_exit(800033665648) at uvm_exit+0x24 reaper(800022965158) at reaper+0x14c end trace frame: 0x0, count: 251 End of stack trace. best. -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Re: Source of the spin
On Wed, Jun 30, 2021 at 4:15 AM Stuart Henderson wrote: > > On 2021-06-29, Sven F. wrote: > > Dear readers, > > > > I probably did something silly again, > > Could you help with a bit of knowledge around performance ? > > My openbsd CPU (6.8) is spinning a lot : > > > > 0.0%Int 53.1%Spn 25.8%Sys 19.6%Usr 1.4%Idle > > > > * Is this bad ? > > * What kind of basic operation ( like basic shell scripting ) could do > > that ? ? > > > > Thank you, > > > > This means the kernel is spending a lot of time waiting for other CPUs > to exit locked sections. > > First things first, try 6.9, the malloc cache implementation changed > and that may help. > > Thank you, Can I use ktrace to check where the lock comes from ( can't really put 6.9 easily to test ) ? Will try to get 6.9 anyway, but it would be either to know what i need to test. -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Source of the spin
Dear readers, I probably did something silly again, Could you help with a bit of knowledge around performance ? My openbsd CPU (6.8) is spinning a lot : 0.0%Int 53.1%Spn 25.8%Sys 19.6%Usr 1.4%Idle * Is this bad ? * What kind of basic operation ( like basic shell scripting ) could do that ? ? Thank you, -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Re: Adding a prompt on the installer before overwriting the partition table
On Mon, Jun 28, 2021 at 10:55 AM Theo de Raadt wrote: > > Parodper wrote: > > > I think there should be a prompt in the installer before overwriting the > > partition tables. The current behavior is, when selecting the whole > > disk, to overwrite the partition table directly. > > Isn't it kind of obvious that selecting the whole disk requires > overwriting the partition table? > > The installer has acted this way for more than 20 years. It is well > documented. Haven't heard a complaint in a decade. Did you read the > installation docs? > > I doubt other major operating system installers ask you again if you are > sure you want this hidden but obvious step, so why should our installer? > Meanwhile, your change probably breaks including auto and templated > installs -- because a newly introduced question which isn't answered > will receive \n, and without y\n it fails. > > Furthermore I think the whole concept of installing multiple operating > systems on one disk and multiple-booting is increasingly complex to the > point of being a waste of time. Major operating systems don't make it > trivial. Why should the smaller systems be held to the standard of > making it easy? It is easy to get another machine, or use a virtual > machine. Sorry to break the news, but as a rule the most fragile > configurations of any software are the ones unused by the developers. > This is definately one. None of us use multiboot. > my 2 cents here, I multi booted in 1999 , it's mostly useless this days, as stated above, if i were in a hurry i would have a usb key with openBSD boolader and MAYBE a boot.conf so i ask the BIOS to go boot that ( with f8 or f12 or whatever the bios provides ) This key can also be used as an emergency tool in case of hard drive failures. (W)hole disk is quite clear I wonder if anyone is using XEN this days to have multiple OS -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Re: go-1.16.2 out of memory when building Go written program
On Wed, Jun 23, 2021 at 2:03 PM Martin wrote: > > Hi list, > > I try to build terraform-provider-aws and terraform-provider-google. > > $ go build > > produces an error "out of memory" . > > May it be malloc related issue or how to fix it in other way? > > Thank you for answer in advance. > > Martin > man login.conf -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Re: Prometheus on OpenBSD - does it work?
On Tue, Jun 15, 2021 at 11:47 AM Claudio Jeker wrote:
>
> On Tue, Jun 15, 2021 at 04:24:08PM +0200, Julien Pivotto wrote:
> > Hello,
> >
> > I am a Prometheus maintainer and we have received a bug regarding
> > Prometheus - prometheus would no longer work on OpenBSD since we
> > introduced MMAP:
> >
> > https://github.com/prometheus/prometheus/issues/8877
> > https://github.com/prometheus/prometheus/issues/8799
> >
> > I would like to know if the facts here are accurate and, on the
> > opposite, if there are happy openbsd users of Prometheus 2.19+.
> >
> > I see that Prometheus 2.24 is packaged upstream, so I guess there are
> > users. Can you please interact with us so we can better understand the
> > situation at play.
> >
>
> Unlike other OS OpenBSD does not automatically sync between mmap-ed memory
> of a file with any write() to the same file (OpenBSD has no unified
> cache). It requries use of msync(2) to make sure that mappings are
> properly updated.
>
> While prometheus works, it also does not. I looked into the code of TSDB
> and came to the conclusion that many operations (especially compaction)
> fail because TSDB writes to file handels but uses mmaps of the same memory
> at the same time.
>
> I fixed one case (which is the one mentioned in the issues index/index.go
> but then more errors show up when running tsdb go test. Including a SEGV
> in db_test.go
>
> I played a bit more with this and skipping the bad test in db_test.go it
> seems to mostly pass but errors out at the end:
>
> level=error msg="WAL corruption detected; truncating" err="unexpected
> CRC32 checksum 7c1a52ff, want 1020304"
> file=/tmp/test_corrupted095078964/01 pos=44
> PASS
> goleak: Errors on successful test run: found unexpected goroutines:
> [Goroutine 17761 in state chan send, with
> github.com/prometheus/prometheus/tsdb.(*SegmentWAL).cut.func1 on top of
> the stack:
> goroutine 17761 [chan send]:
> github.com/prometheus/prometheus/tsdb.(*SegmentWAL).cut.func1(0xc001262fd0,
> 0xc0eff0)
> /usr/ports/pobj/prometheus-2.27.1/go/src/all/tsdb/wal.go:571 +0x72
> created by github.com/prometheus/prometheus/tsdb.(*SegmentWAL).cut
> /usr/ports/pobj/prometheus-2.27.1/go/src/all/tsdb/wal.go:570 +0x7a
>
> Goroutine 18135 in state chan send, with
> github.com/prometheus/prometheus/tsdb.(*SegmentWAL).cut.func1 on top of
> the stack:
> goroutine 18135 [chan send]:
> github.com/prometheus/prometheus/tsdb.(*SegmentWAL).cut.func1(0xc99290,
> 0xc000be24b0)
> /usr/ports/pobj/prometheus-2.27.1/go/src/all/tsdb/wal.go:571 +0x72
> created by github.com/prometheus/prometheus/tsdb.(*SegmentWAL).cut
> /usr/ports/pobj/prometheus-2.27.1/go/src/all/tsdb/wal.go:570 +0x7a
> ]
> exit status 1
> FAILgithub.com/prometheus/prometheus/tsdb 83.561s
>
> The TSDB code is very hard to follow and debug. There is mmaps all over
> the place and it is unclear which files are written too and which are not.
> Also the MmapFile struct are not stored in some other structs and so it is
> not that simple to call msync.
> --
> :wq Claudio
>
> $OpenBSD$
>
> Add msync to sync mmap buffers
>
> diff --git tsdb/fileutil/mmap.go tsdb/fileutil/mmap.go
> index 4dbca4f97..516991c60 100644
> --- tsdb/fileutil/mmap.go
> +++ tsdb/fileutil/mmap.go
> @@ -71,3 +71,7 @@ func (f *MmapFile) File() *os.File {
> func (f *MmapFile) Bytes() []byte {
> return f.b
> }
> +
> +func (f *MmapFile) Sync() error {
> + return sync(f.b)
> +}
> diff --git tsdb/fileutil/mmap_unix.go tsdb/fileutil/mmap_unix.go
> index 043f4d408..c21829989 100644
> --- tsdb/fileutil/mmap_unix.go
> +++ tsdb/fileutil/mmap_unix.go
> @@ -28,3 +28,7 @@ func mmap(f *os.File, length int) ([]byte, error) {
> func munmap(b []byte) (err error) {
> return unix.Munmap(b)
> }
> +
> +func sync(b []byte) error {
> + return unix.Msync(b, unix.MS_ASYNC)
> +}
> diff --git tsdb/fileutil/mmap_windows.go tsdb/fileutil/mmap_windows.go
> index b94226412..c54b6b125 100644
> --- tsdb/fileutil/mmap_windows.go
> +++ tsdb/fileutil/mmap_windows.go
> @@ -44,3 +44,7 @@ func munmap(b []byte) error {
> }
> return nil
> }
> +
> +func sync(b []byte) error {
> + return nil
> +}
> diff --git tsdb/index/index.go tsdb/index/index.go
> index a6ade9455..723f2bc73 100644
> --- tsdb/index/index.go
> +++ tsdb/index/index.go
> @@ -552,6 +552,7 @@ func (w *Writer) finishSymbols() error {
> if err := w.writeAt(w.buf1.Get(), hashPos); err != nil {
> return err
> }
> + w.symbolFile.Sync()
>
> // Load in the symbol table efficiently for the rest of the index
> writing.
> w.symbols, err = NewSymbols(realByteSlice(w.symbolFile.Bytes()),
> FormatV2, int(w.toc.Symbols))
>
I use prometheus-2.13.1
on openbsd 6.7 - upgrading and testing - but do not do any compaction,
data are stored in another db
I run a 'modified' package to have multiple instance (see below), and
sort log level
Claudio Jeker is right
-
Re: Bufferbloat, FQ-CoDel, and performance
On Thu, Feb 25, 2021 at 8:38 PM Steven Shockley wrote: > > On 2/23/2021 4:04 PM, Stuart Henderson wrote: > > Oops, on interfaces *without* hw checksum offloading, like this: > > > > $ ifconfig em0 hwfeatures > > em0: flags=8843 mtu 1500 > > hwfeatures=10 hardmtu 9216 > > .. > > I can try it, but I don't think it'll help in my case: > > bnx0: flags=808843 mtu > 1500 > hwfeatures=26 hardmtu 9008 > > Thanks, though. > Can the patch sys/net/pf.c r1.1096 be applied on 6.8 ? or does it need some others files to be changed as well ? -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Re: snapshot of today, pkg_add -u changed behaviour
On Wed, Feb 24, 2021 at 12:06 PM Stuart Henderson wrote: > > On 2021-02-24, Marcus MERIGHI wrote: > > Hello! > > > > I just ugraded two machines to the snapshot of the day: > > > > OpenBSD 6.9-beta (GENERIC.MP) #357: Tue Feb 23 22:09:48 MST 2021 > > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > > > > When I run pkg_add -u afterwards, it just sits there, without output, > > for an unusually long time. > > > > With ^T it says: Processing Parameters. > > > > After some minutes the usual output starts. > > > > Just thought I'd mention it here, in case someone is worried about not > > seeing the familiar behaviour (as I was). > > > > Marcus > > > > > > Check for running ftp processes and you might get a better idea what > it's doing. Do you have a slow connection to the mirror you're using? > FETCH_CMD="ftp -v" pkg_add -u ? -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Re: 6.9 and (EFI/blackscreen) and UKC
On Thu, Feb 11, 2021 at 5:12 PM wrote: > > Having the same issue, since about a year ago > https://marc.info/?l=openbsd-bugs&m=160575016004118&w=2 > I do not see the model of the graphic card in your dmesg ? mine is HD 5500 I know HD630 is working way better, i tried to look at patches around inteldrm in freebsd , no luck X does not crash here , it cannot use screen 0 / lvds . It s quite difficult to debug This mail is more about UKC prompt behing unavailable I add to config the kernel with ssh With inteldrm disable I can start the X server, but it cant display a tube video for more than a minute I have little experience with graphic stuff, intel upgrade the HD graphics driver very very often on windows Have you tried 6.9-current ? -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
6.9 and (EFI/blackscreen) and UKC
Dear readers, Following some advice, i am trying to boot> boot -c UKC> disable inteldrm UKC> quit on 6.9 - beta that was advertised for testing. I have an error : `kbc: cmd word write error` and I cannot enter anything in UKC prompt It s quite problematic and overall disabling driver is usually not a good idea anyway ( referring to all the disable acpi to make it work ) ver num, turn on and off the led, ctrl+alt+suppr resets the device, I tried another keyboard to Pressing the key change the blinking rate of the UKC cursor. 'ghost' input (typing quit , enter ) does not work. I will reload today snaps and install . Please advice to get more info for debugging/troubleshooting, Thank you for reading. OpenBSD 6.9-beta (GENERIC.MP) #323: Tue Feb 9 10:19:03 MST 2021 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8485195776 (8092MB) avail mem = 8212697088 (7832MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xa4eef000 (81 entries) bios0: vendor American Megatrends Inc. version "5.011" date 06/19/2019 bios0: Intel H81U acpi0 at bios0: ACPI 5.0 acpi0: sleep states S0 S4 S5 acpi0: tables DSDT FACP APIC FPDT FIDT MCFG HPET SSDT UEFI LPIT SSDT ASF! SSDT SSDT SSDT DMAR acpi0: wakeup devices PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) PEG2(S4) PEGP(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz, 2694.11 MHz, 06-3d-04 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz, 2693.79 MHz, 06-3d-04 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 1 (application processor) cpu2: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz, 2693.78 MHz, 06-3d-04 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 1, core 0, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz, 2693.78 MHz, 06-3d-04 cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins acpimcfg0 at acpi0 acpimcfg0: addr 0xf800, bus 0-63 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG0) acpiprt2 at acpi0: bus -1 (PEG1) acpiprt3 at acpi0: bus -1 (PEG2) acpiprt4 at acpi0: bus -1 (RP01) acpiprt5 at acpi0: bus -1 (RP02) acpiprt6 at acpi0: bus 1 (RP03) acpiprt7 at acpi0: bus 2 (RP04) acpiprt8 at acpi0: bus -1 (RP05) acpiprt9 at acpi0: bus -1 (RP06) acpiprt10 at acpi0: bus -1 (RP07) acpiprt11 at acpi0: bus -1 (RP08) acpiec0 at acpi0: not present acpipci0 a
Re: bsd.rd ok , bsd explodes, trying to get traces
On Tue, Feb 9, 2021 at 3:59 PM Sven F. wrote: > > On Tue, Feb 9, 2021 at 3:45 PM Sven F. wrote: > > > > Dear readers, > > > > I found a computer which behaves oddly. > > Only EFI boot is supported, I usually go the MBR way. > > The bios looks like a classic AMibios Intel stuff. > > The cpu is intel and there's an intel HD5500 graphic card > > ( trying to extract proper dmesg fails so far ) > > > > When booting 6.8 basic amd64 installation the video > > signal is completely lost and network too ( suspect crash ) > > > > I tried to `set db_console 1` and change video mode > > with machine video before booting, and entering > > `boot dump` blindly ( video off ) > > but after rebooting in bsd.rd /var/ has no dmesg.anything > > or some log > > > > I think the last line of boot i see is 'softraid0' > > > > There's probably a few tricks I should try to get the actual > > message, I will do my best to extract the (bsd.rd) dmesg now and post it as > > a reply ( and try boot current ) > > > > Is there some boot option i can use or something i can do > > to extract the errors ? ( i do not see com ports anywhere either ) > > > > Thank you for reading. > > -- > > -- > > Looks like current already solved the problem, > > any chance to have this work on 'stable' ? > > OpenBSD 6.9-beta (GENERIC.MP) #323: Tue Feb 9 10:19:03 MST 2021 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > real mem = 8485195776 (8092MB) > avail mem = 8212697088 (7832MB) > random: good seed from bootblocks > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xa4eef000 (81 entries) > bios0: vendor American Megatrends Inc. version "5.011" date 06/19/2019 > bios0: Intel H81U > acpi0 at bios0: ACPI 5.0 > acpi0: sleep states S0 S4 S5 > acpi0: tables DSDT FACP APIC FPDT FIDT MCFG HPET SSDT UEFI LPIT SSDT > ASF! SSDT SSDT SSDT DMAR > acpi0: wakeup devices PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) PEG2(S4) > PEGP(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) > RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) [...] > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz, 2694.11 MHz, 06-3d-04 > cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN > cpu0: 256KB 64b/line 8-way L2 cache > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges > cpu0: apic clock running at 99MHz > cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE > cpu1 at mainbus0: apid 2 (application processor) > cpu1: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz, 2693.79 MHz, 06-3d-04 > cpu1: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN > cpu1: 256KB 64b/line 8-way L2 cache > cpu1: smt 0, core 1, package 0 > cpu2 at mainbus0: apid 1 (application processor) > cpu2: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz, 2693.78 MHz, 06-3d-04 > cpu2: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN > cpu2: 256KB 64b/line 8-way L2 cache > cpu2: smt 1, core 0, package 0 > cpu3 at mainbus0: apid 3 (application processor) > cpu3: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz, 2693.78 MHz, 06-3d-04 > cpu3: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,
Re: bsd.rd ok , bsd explodes, trying to get traces
On Tue, Feb 9, 2021 at 3:45 PM Sven F. wrote: > > Dear readers, > > I found a computer which behaves oddly. > Only EFI boot is supported, I usually go the MBR way. > The bios looks like a classic AMibios Intel stuff. > The cpu is intel and there's an intel HD5500 graphic card > ( trying to extract proper dmesg fails so far ) > > When booting 6.8 basic amd64 installation the video > signal is completely lost and network too ( suspect crash ) > > I tried to `set db_console 1` and change video mode > with machine video before booting, and entering > `boot dump` blindly ( video off ) > but after rebooting in bsd.rd /var/ has no dmesg.anything > or some log > > I think the last line of boot i see is 'softraid0' > > There's probably a few tricks I should try to get the actual > message, I will do my best to extract the (bsd.rd) dmesg now and post it as > a reply ( and try boot current ) > > Is there some boot option i can use or something i can do > to extract the errors ? ( i do not see com ports anywhere either ) > > Thank you for reading. > -- > -- Looks like current already solved the problem, any chance to have this work on 'stable' ? OpenBSD 6.9-beta (GENERIC.MP) #323: Tue Feb 9 10:19:03 MST 2021 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8485195776 (8092MB) avail mem = 8212697088 (7832MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xa4eef000 (81 entries) bios0: vendor American Megatrends Inc. version "5.011" date 06/19/2019 bios0: Intel H81U acpi0 at bios0: ACPI 5.0 acpi0: sleep states S0 S4 S5 acpi0: tables DSDT FACP APIC FPDT FIDT MCFG HPET SSDT UEFI LPIT SSDT ASF! SSDT SSDT SSDT DMAR acpi0: wakeup devices PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) PEG2(S4) PEGP(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz, 2694.11 MHz, 06-3d-04 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz, 2693.79 MHz, 06-3d-04 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 1 (application processor) cpu2: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz, 2693.78 MHz, 06-3d-04 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 1, core 0, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz, 2693.78 MHz, 06-3d-04 cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 ioapic0 at mainbu
bsd.rd ok , bsd explodes, trying to get traces
Dear readers, I found a computer which behaves oddly. Only EFI boot is supported, I usually go the MBR way. The bios looks like a classic AMibios Intel stuff. The cpu is intel and there's an intel HD5500 graphic card ( trying to extract proper dmesg fails so far ) When booting 6.8 basic amd64 installation the video signal is completely lost and network too ( suspect crash ) I tried to `set db_console 1` and change video mode with machine video before booting, and entering `boot dump` blindly ( video off ) but after rebooting in bsd.rd /var/ has no dmesg.anything or some log I think the last line of boot i see is 'softraid0' There's probably a few tricks I should try to get the actual message, I will do my best to extract the (bsd.rd) dmesg now and post it as a reply ( and try boot current ) Is there some boot option i can use or something i can do to extract the errors ? ( i do not see com ports anywhere either ) Thank you for reading. -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Re: Wireguard config and confusions
On Tue, Jan 5, 2021 at 4:58 PM Peter Fraser wrote: > I did get it work, but it took a lot of tries caused by my confusion. > I hope this message speed up other who try to configure wireguard. > I was trying to connect a windows 10 computer to an OpenBsd computer. > The problem was the OpenBSD computer was a 20 minute drive away, > And I didn't want to lock myself and others out if I made a mistake. > Which I did once and had to make the drive. > > 1) Ifconfig wg0 debug is not useful > 2) Ifconfig wg0 -debug is not documented, admittedly it is easy > guess it existence, but the other - options are documented > 3) If IP address give to wg0 on the server has to be available to the > outside world to allow establishing connections > This can be done by giving it an external IP address or using a rdr-to > in PF. > 4) the IP address of client interface is what will appear as the source > address of client, independent of whatever NATing goes on. > 5) You can't use the same wgpeer for multiple clients, each one has to be > unique. > 6) The wgpeer and wgaip have be set together, you cannot set the > separately. > 7) When the packets come in through wg0, the return packet will want to go > out through to default interface > To stop that you will need a route command to direct the packets back > to the wg0 interface, for that you will need the IP addresses involved. > 8) To keep your sanity, you want to have a private subnetwork, to be used > by all the clients just for this purpose. > Which allows you to construct the route command and set wgaip values. > 9) If you are connecting subnetworks you probably want a separate wg > interface for each subnetwork. > > > > > It went way smoother here ( an hour from scratch with openbsd and windows client ), i don't understand why someone would put a public ip on wg0 . Multi client setup could use an example for many reasons ( because it's probably design a way that is not obvious ) Overall it's a very good job. OP: debug is mostly for dev, or people reading code, not to help the setup -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
sshfs user on OpenBSD
Are you experiencing massive memory usage and or leaks in sshfs ? I think I Do
Logs, ' modernity', and stdout - daemon that log on stdout - prometheus
Many new software for ' reason ' think STDOUT is a logging interface.
Of course level may become complex , and nothing stops the new
https://www.freedesktop.org/software/systemd/man/sd-daemon.html * no comment *
The prometheus package just uses the nice rcctl tool to daemonize and pipe
to logger , fixing level to info : Production ready !
(I'm poking around this because I am integrating VictoriaMetrics.)
Fun fact none of them follow the SD_* tag to level the log, prometheus
is doing heroku style log , Victoria something similar, no info on
actual level ...
I first though logger could be made SD_* compliant and did it , but those
go program don't even follow that ( they probably more upstart friendly )
I can send that patch , on -d it reads stdin but look for the and
change level.
Logger is so basic , i fear any change would never made it into base
So i thought about a perl script , as perl is in base, like so:
--
# ls -l /usr/local/share/examples/prometheus/logger.pl
-rwxr--r-- 1 _prometheus wheel 246 Oct 19 17:35
/usr/local/share/examples/prometheus/logger.pl
--
[0]-[/home/VictoriaMetrics]
# cat /usr/local/share/examples/prometheus/logger.pl
#!/usr/bin/perl
use Sys::Syslog qw(:standard :macros);
openlog("prometheus", "pid", "daemon");
while (my $l = <>) {
$l =~ /level=(\w+)/;
my $ll = $1 ? $1 : "info";
$ll = ($ll eq "warn") ? "warning" : $ll;
syslog($ll, $l);
}
closelog();
--
and then the rc.start is like this :
--
rc_start() {
${rcexec} "${daemon} ${daemon_flags} < /dev/null 2>&1 | \
/usr/local/share/examples/prometheus/logger.pl"
}
--
I tried to inline the perl but it's just almost impossible to \ all
the $" etc.. correctly.
Maybe logger could have a -d hero and a -d sd to do that job, or it
just kept package base,
or a similar perl logger could be added so it shared for those new log
" method "
( I know ttyd is like that too )
I Hope to get some positive feedback on how to manage those log ,
and on pushing that for the package or going down the logger road
Best.
--
--
-
Knowing is not enough; we must apply. Willing is not enough; we must do
Re: Inphi CS4223 for 4x 10GbE SFP+
On Mon, Oct 19, 2020 at 10:55 AM Stuart Henderson wrote: > > On 2020-10-19, Harald Dunkel wrote: > > Hi folks, > > > > I am about to order 2 network appliances, providing an > > "Inphi CS4223 for 4x 10GbE SFP+". > > This is the PHY (physical interface layer) not the NIC type itself. > Since the gigabit are listed as i211 (which *is* a NIC type) it would > seem likely they are attached to the main chipset. > > I can't say for sure but I think there's a high chance that the 10G > will work, and at least some of the 1G will work, but you might run into > problems with the 1G "bypass" ports. > > dmesg would be of interest :) > > 1G works over the SFP , I don't remember having a bypass port on the SFPs when i tested the thing Very difficult to have more speed, apparently some kernel quirks are limiting that according to comment in the code i saw. I tested against a dlink ethernet to SFP , on loopback and with some deverton based hardware. -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
A few questions regarding WG(4)
Dear reader, i tested 6.8-beta and WG After going for behind NAT to behind NAT experiment , i went for two 'clients' behind a NAT to an openBSD device with a public IP called here 'Server' First of all , a minor detail, unless I thought wgport was not optional because the ifconfig output will not tell you the 'random port' chosen. So you cannot configure wgpeer after, unless you up the interface (1) 'Server' # ifconfig wg1 wg1: flags=80c3 mtu 1420 index 5 priority 0 llprio 3 wgport wgpubkey XdbTdbNzEASSXvgwAHrBuuBNHpeDtS0CGH3KsT7TxzY= wgpeer XxILKSdZ3JJr7fhAqzVNhNE4wbxJGfFlb4EYijqnU1k= wgendpoint XX tx: 13988, rx: 11164 last handshake: 135 seconds ago wgaip 192.168.5.1/24 wgpeer Xo6rmtAMkXhGIJOtulLhzCialGdzoPhDSHou+LWWfz8= wgendpoint XX tx: 10164, rx: 5992 last handshake: 9 seconds ago wgaip 192.168.0.0/16 groups: wg inet 192.168.5.1 netmask 0x broadcast 192.168.255.255 the wgaip filter is a bit confusing to me because i MAY want to allow 192.168.5.1 on both but not having overlapping subnet , or maybe it's dedicated to routing. The man page of WG(4) or the faq could have a more fancy example to illustrate correct use of wgaip The main question is related to the fact that I was unable to ping the peers from the 'server' until I pinged 192.168.5.1 from the two 'clients'. # ping 192.168.6.1 PING 192.168.6.1 (192.168.6.1): 56 data bytes ^C --- 192.168.6.1 ping statistics --- 5 packets transmitted, 0 packets received, 100.0% packet loss ## ping 192.168.5.1 or remote device here # ping 192.168.6.1 PING 192.168.6.1 (192.168.6.1): 56 data bytes 64 bytes from 192.168.6.1: icmp_seq=0 ttl=255 time=12.564 ms 64 bytes from 192.168.6.1: icmp_seq=1 ttl=255 time=16.005 ms Is this expected and/or due to the fact 192.168.6.1 is behind a NAT ? Best ( one client is i386 the other amd64 , 6.8 beta is working so far !) (1) # ifconfig wg2 create wgkey `openssl rand -base64 32` # ifconfig wg2 wg2: flags=8082 mtu 1420 index 6 priority 0 llprio 3 wgpubkey iKbEvJvgyyzcdRcefgXaC7BWkmfUTREtL5BWvFeKdHo= groups: wg vps105766# ifconfig wg2 up vps105766# ifconfig wg2 wg2: flags=80c3 mtu 1420 index 6 priority 0 llprio 3 wgport 16326 wgpubkey iKbEvJvgyyzcdRcefgXaC7BWkmfUTREtL5BWvFeKdHo= groups: wg man ``` wgport port Set the UDP port that the tunnel operates on. The interface will bind to INADDR_ANY and IN6ADDR_ANY_INIT. If no port is configured, one will be chosen automatically. ``` to ``` wgport port Set the UDP port that the tunnel operates on. The interface will bind to INADDR_ANY and IN6ADDR_ANY_INIT. If no port is configured, one will be chosen automatically when the interface is up. ``` ? -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Re: pf.conf parser/lint
On Fri, Sep 4, 2020 at 10:51 AM Tommy Nevtelen wrote: > > Hi there misc! > > Is there an external pfctl linter? we have bunch pf firwalls for which > we generate rules but also write some manual ones that get merged. Would > be nice if we could lint the rules before committed to vcs.. (yes we > test before they are applied on the machines as well but that is way too > late in a sane pipeline imho) > > Problem is that pfctl expects that all interfaces and everything is > correct (which makes sense for pfctl before loading). BUT it is hard to > run on a build machine or my laptop to get a general idea on where I'm > at (unless I'm missing some tricks somewhere) > > So I've been looking into parse.y in pfctl. It's been a long time since > I've messed around with very simple yacc stuff so kind of lost. > > Has anyone done anything like this? Would be good to know before I sink > more time into this (and probably fail) :) > > /T > I wonder if you plug the BNF at the end of the man to something like https://github.com/josephwecker/autohighlight if you can have a 'linter' -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Re: pf, send(2) and EACCES
On Thu, Aug 27, 2020 at 3:30 PM Daniel Jakots wrote: > > Hi, > > I'm chasing a weird behavior with postgresql. Sometimes (it's very > infrequent) a sql request fails with "could not send data to client: > Permission denied". I reported the problem on pgsql-general@ [0] and if > I understood correctly, this happens when pgsql uses send(2) and gets > EACCES. > > According to send(2) this happens when "The connection was blocked by > pf(4)". I have a cron that modifies a table with > `pfctl -t TABLE_NAME -Tr -f TABLE_FILE_PATH` > > The file is large so it's not exactly immediate. Could pf temporarily > block new connections while it loads the file? Or am I looking at the > wrong thing? > > > [0]: https://www.postgresql.org/message-id/20200827111031.5ee46257%40anegada > > > Cheers, > Daniel > pflog0 will tell you what is block if you log it, and can tell you if it is -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
Re: sysctl and panic
On Tue, Aug 4, 2020 at 7:25 PM Philip Guenther wrote: > > On Tue, Aug 4, 2020 at 12:23 PM Sven F. wrote: > ... >> >> # sysctl -w ddb.panic=1 >> sysctl: ddb.panic: Operation not permitted > > ... >> >> Is this expected and can be set only early in boot ? > > > Yes, exactly. Read the securelevel(7) or sysctl(2) manpages for details. > > >> >> is ddb.panic=0 still supported ? > > > Yes. > > Philip Guenther Thank you for your answer. -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
sysctl and panic
Dear readers, About to upgrade devices, the device did not reboot on panic (6.4 stable) and i ' d like to see kernel crash in new version # sysctl -w ddb.panic=1 sysctl: ddb.panic: Operation not permitted wait what ?? # id uid=0(root) gid=0(wheel) groups=0(wheel), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest) mkay .. Is this expected and can be set only early in boot ? is ddb.panic=0 still supported ? Thank you for reading .
Re: softraid/bioctl cant find device /dev/bio
On Mon, Aug 3, 2020 at 2:09 PM Brian Brombacher wrote: > > > > On Aug 3, 2020, at 12:22 PM, sven falempin > wrote: > > > > On Mon, Aug 3, 2020 at 12:00 PM Brian Brombacher > > wrote: > > > >> > >> > >> On Aug 3, 2020, at 11:51 AM, sven falempin > >> wrote: > >> > >> > >> > >> > >>> On Mon, Aug 3, 2020 at 11:38 AM Brian Brombacher > > >>> wrote: > >>> > >>> > >>> > On Aug 3, 2020, at 9:54 AM, sven falempin > >>> wrote: > > Hello > > I saw a similar issue in the mailing list around decembre 2019, > following an electrical problem softraid doesn't bring devices ups > > > # ls /dev/sd?? > /dev/sd0a /dev/sd0g /dev/sd0m /dev/sd1c /dev/sd1i /dev/sd1o /dev/sd2e > /dev/sd2k > /dev/sd0b /dev/sd0h /dev/sd0n /dev/sd1d /dev/sd1j /dev/sd1p /dev/sd2f > /dev/sd2l > /dev/sd0c /dev/sd0i /dev/sd0o /dev/sd1e /dev/sd1k /dev/sd2a /dev/sd2g > /dev/sd2m > /dev/sd0d /dev/sd0j /dev/sd0p /dev/sd1f /dev/sd1l /dev/sd2b /dev/sd2h > /dev/sd2n > /dev/sd0e /dev/sd0k /dev/sd1a /dev/sd1g /dev/sd1m /dev/sd2c /dev/sd2i > /dev/sd2o > /dev/sd0f /dev/sd0l /dev/sd1b /dev/sd1h /dev/sd1n /dev/sd2d /dev/sd2j > /dev/sd2p > # dmesg | grep 6.7 > OpenBSD 6.7 (RAMDISK_CD) #177: Thu May 7 11:19:02 MDT 2020 > # dmesg | grep sd > dera...@amd64.openbsd.org: > /usr/src/sys/arch/amd64/compile/RAMDISK_CD > wsdisplay1 at vga1 mux 1: console (80x25, vt100 emulation) > sd0 at scsibus1 targ 0 lun 0: > t10.ATA_QEMU_HARDDISK_Q > M5_ > sd0: 1907729MB, 512 bytes/sector, 3907029168 sectors, thin > sd1 at scsibus1 targ 1 lun 0: > t10.ATA_QEMU_HARDDISK_Q > M7_ > sd1: 1907729MB, 512 bytes/sector, 3907029168 sectors, thin > wskbd0 at pckbd0: console keyboard, using wsdisplay1 > softraid0: trying to bring up sd2 degraded > softraid0: sd2 was not shutdown properly > softraid0: sd2 is offline, will not be brought online > # bioctl -d sd2 > bioctl: Can't locate sd2 device via /dev/bio > # > > I suspect a missing devices in /dev ( but it seems i have the required > >>> one ) > and MAKEDEV all of course did a `uid 0 on /: out of inodes` > > I have backups but i ' d like to fix the issue ! > >>> > >>> Hi Sven, > >>> > >>> The device sd2 wasn’t attached by softraid, your /dev/bio is fine. > This > >>> can happen if softraid fails to find all component disks or the > metadata on > >>> one or more components does not match expectations (newer metadata > seen on > >>> other disks). Make sure all of the component disks are working. If > that > >>> is not the issue, you may need to re-run the command that you used to > >>> create the array and include -C force. Be very careful doing this, I > >>> suggest running the command once without -C force to ensure it found > all > >>> the components and fails to bring the array up due to the same error > >>> message you got (attempt to bring up degraded). > >>> > >>> If you’re not careful, you can blow out the whole array. > >>> > >>> -Brian > >>> > >>> > >>> The disk looks fine, the disklabel is ok, the array is just sd0 and > sda1 > >> both got the disklabel RAID part, > >> shall i do further checks ? > >> > >> # bioctl -c 1 -l /dev/sd0a,/dev/sd1a softraid0 > >> softraid0: trying to bring up sd2 degraded > >> softraid0: sd2 was not shutdown properly > >> softraid0: sd2 is offline, will not be brought online > >> softraid0: trying to bring up sd2 degraded > >> softraid0: sd2 was not shutdown properly > >> softraid0: sd2 is offline, will not be brought online > >> > >> I wouldnt like to blow the whole array ! sd0a should be in perfect > >> condition but unsure about sd1a, i probably need to bioctl -R sd1 > >> > >> > >> Traditionally at this point, I would run the command again with -C force > >> and my RAID 1 array is fine. I might be doing dangerous things and not > >> know, so other voices please chime in. > >> > >> [Moved to misc@] > >> > >> > >> > >> > > # bioctl -C force -c 1 -l /dev/sd0a,/dev/sd1a softraid0 > > sd2 at scsibus2 targ 1 lun 0: > > sd2: 1907726MB, 512 bytes/sector, 3907023473 sectors > > softraid0: RAID 1 volume attached as sd2 > > > > both volumes are online , partitions are visible > > but fsck is not happy at all :-( > > > > Can i do something before fsck -y ( i have backups ) > > Make sure your backups are good. > > Run fsck -n and see how wicked the issues are. It may just be cleaning > itself up after the electrical outage. > > I’m glad I have multiple partition and serious backup, waiting for disk change number two is dead 💀 Thanks for the help! > -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
