Re: TCP FIN hangups in encrypted ESP tunnel

2021-07-07 Thread Ville Valkonen 
Hi,

not sure if related but my Linux box (also in Hetzner) also started to have
flaky connection lately.

--
Regards,
Ville

On Wed 7. Jul 2021 at 19.58, Peter J. Philipp  wrote:

> Hi,
>
> My VPS at Hetzner has very weird behaviour:
>
> last week it started hanging up scp'ing of large backups, so I worked hard
> to
> get these encrypted if it was a hangup attack.  Well surprise to me too the
> hangups are back.  I have tcpdump'ed the enc0 from both sides and the FIN
> does originate from the Hetzner VPS.  It's inside the secure channel but I
> did not activate it knowingly.  Even a ktrace does not show much, no
> signal,
> no close(), no shutdown().  The connection just drops on FIN and resulting
> RST's.  Here is a catpure of the FIN:
>
> seen from pod:
>
> 18:02:59.040443 (authentic,confidential): SPI 0xf2d38877:
> 2a01:4f8:c010:71dd::1 > 2003:a:60f:ce01::108: 2a01:4f8:c010:71dd::1.1022 >
> 2003:a:60f:ce01::108.40358: FP [tcp sum ok] 45961186:45962414(1228) ack
> 15902 win 268  [class 0x20]
> [flowlabel 0x3fceb] (len 1260, hlim 64) [class 0x20] (len 1300, hlim 64)
>
> seen from arda:
>
> 18:02:59.064240 (authentic,confidential): SPI 0xf2d38877:
> 2a01:4f8:c010:71dd::1 > 2003:a:60f:ce01::108: 2a01:4f8:c010:71dd::1.1022 >
> 2003:a:60f:ce01::108.40358: FP [tcp sum ok] 45961186:45962414(1228) ack
> 15902 win 268  [class 0x20]
> [flowlabel 0x3fceb] (len 1260, hlim 64) (len 1300, hlim 55)
>
> The download downloads a few MB and then it hangs up.
>
> Has anyone seen this sort of behaviour?  I don't think I changed much in my
> pf rules because up until last month backups downloaded flawlessly.  Here
> is
> my dmesg (after my signature):
>
> Best Regards,
> -peter
>
>
> OpenBSD 6.9 (GENERIC.MP) #3: Mon Jun  7 08:21:26 MDT 2021
> r...@syspatch-69-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/
> GENERIC.MP
> real mem = 2080227328 (1983MB)
> avail mem = 2001866752 (1909MB)
> random: good seed from bootblocks
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf5b10 (9 entries)
> bios0: vendor Hetzner version "2017" date 11/11/2017
> bios0: Hetzner vServer
> acpi0 at bios0: ACPI 3.0
> acpi0: sleep states S5
> acpi0: tables DSDT FACP APIC HPET MCFG
> acpi0: wakeup devices
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: AMD EPYC Processor (with IBPB), 2495.71 MHz, 17-01-02
> cpu0:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,TOPEXT,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA,IBPB,SSBD,XSAVEOPT,XSAVEC,XGETBV1
> cpu0: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
> 64b/line 8-way L2 cache
> cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
> cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
> cpu0: apic clock running at 1000MHz
> cpu1 at mainbus0: apid 1 (application processor)
> cpu1: AMD EPYC Processor (with IBPB), 2495.40 MHz, 17-01-02
> cpu1:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,TOPEXT,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA,IBPB,SSBD,XSAVEOPT,XSAVEC,XGETBV1
> cpu1: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
> 64b/line 8-way L2 cache
> cpu1: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
> cpu1: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
> cpu1: smt 0, core 0, package 1
> ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins
> acpihpet0 at acpi0: 1 Hz
> acpimcfg0 at acpi0
> acpimcfg0: addr 0xb000, bus 0-255
> acpiprt0 at acpi0: bus 0 (PCI0)
> "ACPI0006" at acpi0 not configured
> acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001
> acpicmos0 at acpi0
> "APP0005" at acpi0 not configured
> "PNP0A06" at acpi0 not configured
> "PNP0A06" at acpi0 not configured
> "QEMU0002" at acpi0 not configured
> "ACPI0010" at acpi0 not configured
> acpicpu0 at acpi0: C1(@1 halt!)
> acpicpu1 at acpi0: C1(@1 halt!)
> pvbus0 at mainbus0: KVM
> pvclock0 at pvbus0
> pci0 at mainbus0 bus 0
> pchb0 at pci0 dev 0 function 0 "Intel 82G33 Host" rev 0x00
> vga1 at pci0 dev 1 function 0 "Qumranet Virtio 1.x GPU" rev 0x01
> wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> ppb0 at pci0 dev 2 function 0 vendor "Red Hat", unknown product 0x000c rev
> 0x00: apic 0 int 22
> pci1

Re: OpenBSD VPN with Debian Buster Strongswan roadwarrior client

2021-02-19 Thread Ville Valkonen 
Hi,


On Fri 19. Feb 2021 at 5.28, marfabastewart 
wrote:

> If anyone else is configuring a VPN between an OpenBSD
> responder and a Debian Buster initiator with Strongswan
> on the Debian box, the following notes may spare you
> some pain.
>
> First, configure the OpenBSD responder using the FAQ and the
> X.509 Certificate Authentication section. A hearty thanks to
> the writers!!
>
> For Debian, we don't need the pfx files. Copy the
> client1.domain.tgz (created per the FAQ in the same X.509
> section above) to the Debian box.
>
> Inside client1.domain.tgz is local.pub. Copy that to
> /etc/iked/pubkeys/fqdn/client1.domain on the OpenBSD
> responder. Of course use the real name (which doesn't really
> have to resolve on the wider Internet) instead of
> "client1.domain."
>
> On the OpenBSD responder, your /etc/iked.conf should be
> something like:
>
> responder_ip="INSERT_ RESPONDER_IP_HERE"
> vpn_net="INSERT_SUBNET_HERE"
> mysrcid="INSERT_SRCID_HERE"
> mydns="INSERT_DNS_SERVER_IP_HERE"
> set fragmentation
> ikev2 'responder_x509' passive esp \
> from 0.0.0.0/0 to $vpn_net \
> local $responder_ip peer any \
> srcid $mysrcid \
> config address $vpn_net \
> config name-server $mydns \
> tag "ROADW"
>
> I believe you do need the set fragmentation line above.
> You can make up something for vpn_net, like 172.16.5.0/24.
>
> For DNS, I set up unbound to listen on vether0 and set
> "mydns" to be the IP of vether0. Make sure vpn_net is
> allowed in an access-control line in unbound.conf.
>
> Then start iked. That's it for the OpenBSD side.
>
> The Debian side took me longer.
>
> I initially saw this error on the OpenBSD responder side:
> "pool configured, but IKEV@_CP_REQUEST missing" and
> "ikev2_dispatch_cert: failed to send ike auth."
>
> The error on the responder happens if you don't configure vips on
> the Debian initiator. A search for "CP_REQUEST" led me to RFC5996
> and the source code in /usr/src, which makes it clear
> that not assigning a local address through vips on the Debian
> box was the source of much of my anguish.
>
> The rest of this is about configuring the Debian initiator.
>
> On the Debian box:
> sudo apt install strongswan
> sudo apt install strongswan-swanctl
>
> Go to the directory you copied client1.domain.tgz to.
> mkdir vpn
> cd vpn
> tar -xvzf ../client1.domain.tgz
> sudo cp certs/client1.domain.crt /etc/swanctl/x509
> sudo cp ca/ca.crt /etc/swanctl/x509ca
> sudo cp private/client1.domain.key /etc/swanctl/private
>
> Here is the /etc/swanctl/swanctl.conf:
>
> # ---
> connections {
>joeschmoe {
>   local_addrs  = YOUR_LOCAL_IP_HERE
>   remote_addrs = OPENBSD_RESPONDER_IP_HERE
> vips = 0.0.0.0
> encap = yes
>
>   local {
>  auth = pubkey
>  certs = client1.domain.crt # CHANGE
> # "client1.domain"
>  id = client1.domain# CHANGE
>   }
>   remote {
>  auth = pubkey
>  id = SRCID_HERE # same as $mysrcid on the
>  # OpenBSD responser
>   }
>   children {
>  joeschmoe {
> remote_ts = 0.0.0.0/0
>  }
>   }
>   version = 2
>}
> }
> authorities {
> joeschmoe {
> cacert = ca.crt
> }
> }
> # ---
>
> A couple of notes about swanctl.conf: I thought I needed
> fragmentation = force, but I think that's only for IKEv1 and
> everything seems to work without it. Just lower the mtu on
> the interface (use nm-connection-manager or nmcli ).
>
> The examples on strongswan.org
> I saw had "remote_ts = 0.0.0.0" instead of "remote_ts =
> 0.0.0.0/0" -- nothing worked for me until I added the "/0"
> to the end.


That's because it must match what you've configured on the Openbsd side (
0.0.0.0/0).

>
--
Kind regards,
Ville

Re: Cisco AnyConnect Secure Mobility Client Alternatives with MFA?

2021-01-31 Thread Ville Valkonen 
On Sun, 2021-01-31 at 21:41 +0300, Родин Максим wrote:
> Hello,
> Our employer decided that AnyConnect Secure Mobility Client with 
> multifactor Azure authentication is the only secure option to connect
> to 
> work. No alternatives, no discussions.
> There are packages for Windows and Linux only.
> Did anybody succeed in running vpn clients compatible with all that 
> funny stuff?
> 

Hi,

have you tried your luck with Openconnect? It's in packages. I've had
luck with that at least on Linux side on my work laptop.

--
Kind regards,
Ville

Re: adding user to a group

2021-01-10 Thread Ville Valkonen 
Not true. It's opposite.

--
Ville

On Fri 8. Jan 2021 at 19.53, Bodie  wrote:

>
>
> On 8.1.2021 16:21, Rudolf Sykora wrote:
> > Dear list,
> >
> >
> > I tried to add myself to the "dialer" group:
> >
> > #usermod -G dialer ruda
> >
> > But when I write
> >
> > $groups
> >
> > in a terminal I still do not see the new group. Not even if I open a
> > new login
> > shell (by writing "ksh -l"). However, when I log in in a text console
> > (ctrl-alt-1), I see the new group there.
> >
> > What is it that I have to do to have the membership updated, i.e., how
> > can I open e.g. a terminal in the running environment that would see my
> > new groups?
> >
> >
> > Thanks for comments
> > Ruda
>
> There seems to be some change in behavior in OpenBSD and to be honest do
> not
> know when it happened.
>
> This is your start https://man.openbsd.org/user
>
> which will get you to https://man.openbsd.org/usermod.8
>
> BUT using -G resets your membership and you will be in only group you
> specified.
> If you want to add additional group you need to use -S instead
>
>

Re: Desktop full text search

2019-09-18 Thread Ville Valkonen 
Hi,

the silver searcher and ripgrep are faster than grep for example.

--
Regards,
Ville

On Thu, 19 Sep 2019 at 6.36, Charlie Burnett  wrote:

> Try pdfgrep and catdoc in ports/pkg for documents I’d say, you could
> probably rig up a simple shell script to do it automatically...
> unfortunately don’t know what program(s) would be faster than grep?
>
> On Wed, Sep 18, 2019 at 3:26 PM Oriol Demaria 
> wrote:
>
> > Exactly I do the same... but is falling short or too slow. :)
> >
> > ---
> > Oriol Demaria
> > 2FFED630C16E4FF8
> >
> > On 18/09/2019 17:01, Charlie Burnett wrote:
> > > I use Gnome as a DE but I still just do it through a terminal-
> > > grep -R * “foo”
> > > from whatever directory I wanna find the text in, replace foo with the
> > > text
> > > you want.
> > >
> > > On Wed, Sep 18, 2019 at 10:38 AM Oriol Demaria 
> > > wrote:
> > >
> > >> So finding some code between large amounts of repos can be tricky. I
> > >> don't use Gnome or KDE so I was wondering what do people use for this.
> > >> Been looking at the ports and I see Xapian and others. Any advice on
> > >> a nice setup?
> > >>
> > >> Regards,
> > >>
> > >> --
> > >> Oriol Demaria
> > >> 2FFED630C16E4FF8
> > >>
> > >>
> >
>

Re: route-to rule problem after upgrading to 6.5

2019-05-19 Thread Ville Valkonen 
On Sun, 19 May 2019 at 12.14, Carlos Lopez  wrote:

> Hi all,
>
>   Yesterday, I have upgraded my home OpenBSD's fws from 6.4 to 6.5. All
> seems to work ok execpt with route-to rules. The following rules have
> been working smoothly in previous versions:
>
> pass in quick inet proto tcp from  to
>  port = 80 flags S/SA keep state (if-bound) label
> "Force access to Google sites via TOR" tag intlans-to-intlans route-to
> 172.22.56.5@vio4
> pass in quick inet proto tcp from  to
>  port = 443 flags S/SA keep state (if-bound) label
> "Force access to Google sites via TOR" tag intlans-to-intlans route-to
> 172.22.56.5@vio4
>
>   .. but with 6.5 fails ... Any idea?
> --
> Regards,
> C. L. Martinez
>

Hello Carlos,

you have "port = 443", shouldn't that be in "port 443" form? Didn't check
the pf.conf man page for the correct grammar while on mobile.

Regards,
Ville

Re: x260 hang at halt/reboot

2018-08-15 Thread Ville Valkonen 
Graah, tpm is disabled. Sorry for the noise.

On Wed, 15 Aug 2018 at 13.04, Ville Valkonen  wrote:

> Hello Stuart,
>
> do you happen to have any Linux partitions mounted? Figured out that after
> unmounting  those my laptop (x250) halts/suspends correctly.
>
> And is Trusted Platform Module disbled permanently?
>
> --
> Regards,
> Ville
>
> On Wed, 15 Aug 2018 at 0.32, Stuart Henderson  wrote:
>
>> I have a new (to me) X260 which hangs at halt/reboot. I've already
>> disabled the TPM as I have some recollection of that causing problems in
>> some cases but that hasn't helped. Any other suggestions? Thanks.
>>
>> OpenBSD 6.4-beta (GENERIC.MP) #209: Mon Aug 13 19:22:47 MDT 2018
>> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>> real mem = 8438833152 (8047MB)
>> avail mem = 8173891584 (7795MB)
>> mpath0 at root
>> scsibus0 at mpath0: 256 targets
>> mainbus0 at root
>> bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xd705d000 (63 entries)
>> bios0: vendor LENOVO version "R02ET66W (1.39 )" date 06/12/2018
>> bios0: LENOVO 20F6006YUK
>> acpi0 at bios0: rev 2
>> acpi0: sleep states S0 S3 S4 S5
>> acpi0: tables DSDT FACP UEFI SSDT SSDT ECDT HPET APIC MCFG SSDT SSDT DBGP
>> DBG2 BOOT BATB SLIC SSDT SSDT MSDM DMAR ASF! FPDT UEFI
>> acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP8(S4) XHCI(S3)
>> acpitimer0 at acpi0: 3579545 Hz, 24 bits
>> acpiec0 at acpi0
>> acpihpet0 at acpi0: 2399 Hz
>> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
>> cpu0 at mainbus0: apid 0 (boot processor)
>> cpu0: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz, 2195.47 MHz
>> cpu0:
>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
>> cpu0: 256KB 64b/line 8-way L2 cache
>> cpu0: smt 0, core 0, package 0
>> mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
>> cpu0: apic clock running at 24MHz
>> cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
>> cpu1 at mainbus0: apid 2 (application processor)
>> cpu1: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz, 2194.90 MHz
>> cpu1:
>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
>> cpu1: 256KB 64b/line 8-way L2 cache
>> cpu1: smt 0, core 1, package 0
>> cpu2 at mainbus0: apid 1 (application processor)
>> cpu2: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz, 2194.90 MHz
>> cpu2:
>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
>> cpu2: 256KB 64b/line 8-way L2 cache
>> cpu2: smt 1, core 0, package 0
>> cpu3 at mainbus0: apid 3 (application processor)
>> cpu3: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz, 2194.90 MHz
>> cpu3:
>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
>> cpu3: 256KB 64b/line 8-way L2 cache
>> cpu3: smt 1, core 1, package 0
>> ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins
>> acpimcfg0 at acpi0 addr 0xf800, bus 0-63
>> acpiprt0 at acpi0: bus 0 (PCI0)
>> acpiprt1 at acpi0: bus -1 (PEG0)
>> acpiprt2 at acpi0: bus -1 (PEG1)
>> acpiprt3 at acpi0: bus -1 (PEG2)
>> acpiprt4 at acpi0: bu

Re: x260 hang at halt/reboot

2018-08-15 Thread Ville Valkonen 
Hello Stuart,

do you happen to have any Linux partitions mounted? Figured out that after
unmounting  those my laptop (x250) halts/suspends correctly.

And is Trusted Platform Module disbled permanently?

--
Regards,
Ville

On Wed, 15 Aug 2018 at 0.32, Stuart Henderson  wrote:

> I have a new (to me) X260 which hangs at halt/reboot. I've already
> disabled the TPM as I have some recollection of that causing problems in
> some cases but that hasn't helped. Any other suggestions? Thanks.
>
> OpenBSD 6.4-beta (GENERIC.MP) #209: Mon Aug 13 19:22:47 MDT 2018
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 8438833152 (8047MB)
> avail mem = 8173891584 (7795MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xd705d000 (63 entries)
> bios0: vendor LENOVO version "R02ET66W (1.39 )" date 06/12/2018
> bios0: LENOVO 20F6006YUK
> acpi0 at bios0: rev 2
> acpi0: sleep states S0 S3 S4 S5
> acpi0: tables DSDT FACP UEFI SSDT SSDT ECDT HPET APIC MCFG SSDT SSDT DBGP
> DBG2 BOOT BATB SLIC SSDT SSDT MSDM DMAR ASF! FPDT UEFI
> acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP8(S4) XHCI(S3)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpiec0 at acpi0
> acpihpet0 at acpi0: 2399 Hz
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz, 2195.47 MHz
> cpu0:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
> cpu0: 256KB 64b/line 8-way L2 cache
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
> cpu0: apic clock running at 24MHz
> cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
> cpu1 at mainbus0: apid 2 (application processor)
> cpu1: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz, 2194.90 MHz
> cpu1:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
> cpu1: 256KB 64b/line 8-way L2 cache
> cpu1: smt 0, core 1, package 0
> cpu2 at mainbus0: apid 1 (application processor)
> cpu2: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz, 2194.90 MHz
> cpu2:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
> cpu2: 256KB 64b/line 8-way L2 cache
> cpu2: smt 1, core 0, package 0
> cpu3 at mainbus0: apid 3 (application processor)
> cpu3: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz, 2194.90 MHz
> cpu3:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
> cpu3: 256KB 64b/line 8-way L2 cache
> cpu3: smt 1, core 1, package 0
> ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins
> acpimcfg0 at acpi0 addr 0xf800, bus 0-63
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus -1 (PEG0)
> acpiprt2 at acpi0: bus -1 (PEG1)
> acpiprt3 at acpi0: bus -1 (PEG2)
> acpiprt4 at acpi0: bus 2 (EXP1)
> acpiprt5 at acpi0: bus 4 (EXP3)
> acpiprt6 at acpi0: bus -1 (EXP4)
> acpiprt7 at acpi0: bus -1 (EXP5)
> acpiprt8 at acpi0: bus -1 (EXP8)
> acpicpu0 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33),
> C1(1000@1 mwait.1), PSS
> acpicpu1 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33),
> C1(1000@1 mwait.1), PSS
> acpicpu2 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33),
> C1(1000@1 mwait.1), PSS
> acpicpu3 at acpi0: C3(200@1034 mwait.1@0x60), C2(200@151 mwait.1@0x33),
> C1(1000@1 mwait.1), PSS
> acpipwrres0 at

Re: pf - NAT not working after systemboot

2018-07-27 Thread Ville Valkonen 
On 26 July 2018 at 13:01, Thomas Huber  wrote:
> Hi misc,
>
> my current pf setup works fine but I face the problem, that NAT does not
> work directly after system boot. Only when a do a
>
> # pfctl -f /etc/pf.conf
>
> after the booting things a working correctly.
> Note: I don´t make any changes to pf.conf.
>
> Anybody any idea?
>
> General Setup:
> Hardware: PCengines APU2c4
> 2x vlan(4): vlan32 (private) vlan64 (wifi-guests)
> 2x pppoe(4):  ADSL-uplink.
>
> Thanks!
>
> Here is the pf.conf:
>
> table  { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 \
>172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 224.0.0.0/3 \
>192.168.0.0/16 198.18.0.0/15 198.51.100.0/24\
>203.0.113.0/24 }
> set block-policy drop
> set skip on lo0
> match in all scrub (no-df random-id max-mss 1440)
> match out on pppoe0 from vlan:network nat-to (pppoe0)
> match out on pppoe1 from vlan:network nat-to (pppoe1)
> block in quick on pppoe from  to any
> block return out quick on pppoe from any to 
> block all
> pass out quick inet
>
> pass out on vlan to vlan:network
> pass in quick on vlan from vlan:network to vlan
>
> pass in on vlan route-to {(pppoe0 pppoe0:network), (pppoe1 pppoe1:network)}
> least-states sticky-address
> pass in on vlan proto tcp to port https route-to {(pppoe0 pppoe0:network),
> (pppoe1 pppoe1:network)} source-hash
>
> block return in on vlan from vlan64:network to vlan32:network
> block return in on vlan inet proto tcp from any to any port 25
> pass in on egress inet proto icmp all
> pass in on egress inet proto tcp from any to (egress) port ssh

Hello,

as Solene mentioned, it's because the interface is not ready.

Maybe something like this (adapted from iked.conf manual page):
all rules that have pppoe mentioned, append (if-bound).

--
Regards,
Ville

Re: The vim display issue on OpenBSD

2018-03-12 Thread Ville Valkonen 
Hi,

can you please show your ~/.vimrc?

Thanks,
Ville

On Tue, 13 Mar 2018 at 4.52, Nan Xiao  wrote:

> I tried other options, but still the same problem ...
> Best Regards
> Nan Xiao
>
>
> On Tue, Mar 13, 2018 at 12:51 AM, jungle Boogie 
> wrote:
> > On 11 March 2018 at 18:18, Nan Xiao  wrote:
> >> Hi all,
> >>
> >> Update:
> >>
> >> I try to install vim-8.0.0987p0-no_x11, still the same problem, thanks!
> >
> > I am using vim-8.0.1589-no_x11-python3 without any issues on openBSD
> > snapshot from this morning.
> >
> >> Best Regards
> >> Nan Xiao
> >>
>
>

Re: TCP Window Scaling

2017-09-14 Thread Ville Valkonen 
Hello,

this is what Janne Johansson said in the earlier message:
"Since 6.1 I think the max is 2M, and not 256k."

Therefore, not surprised if 4MB will fail.

--
Regards,
Ville

On 14 September 2017 at 21:30, Andreas Krüger  wrote:
> I do manage to read the manual, but let me clarify this. I am not
> allowed to set a buffer larger than 256KB with iperf:
>
> $ uname -a
> OpenBSD odn1-fw-odn1-01 6.0 GENERIC.MP#0 amd64
>
> $ iperf -s -w 256KB
> 
> Server listening on TCP port 5001
> TCP window size:  256 KByte
> 
>
> $ iperf -s -w 4MB
> 
> Server listening on TCP port 5001
> TCP window size: 16.0 KByte (WARNING: requested 4.00 MByte)
> 
> $
>
> ANDREAS KRÜGER
> CTO Hosting and Infrastructure
>
> +45 51808863
> a...@patientsky.com
>
>
>
> PatientSky AS
> Hovfaret 17 B, NO-0275 Oslo, Norway
> patientsky.com
>
>
>
>
> 2017-09-14 19:46 GMT+02:00 Chris Cappuccio :
>> ipsec tunnels don't use TCP
>>
>> iperf has the -w option
>>
>> Andreas Kr??ger [a...@patientsky.com] wrote:
>>> How would i set i for ipsec tunnels or iperf etc. then?
>>> ANDREAS KR??GER
>>> CTO Hosting and Infrastructure
>>>
>>> +45 51808863
>>> a...@patientsky.com
>>>
>>>
>>>
>>> PatientSky AS
>>> Hovfaret 17 B, NO-0275 Oslo, Norway
>>> patientsky.com
>>>
>>>
>>>
>>>
>>> 2017-09-14 13:10 GMT+02:00 Janne Johansson :
>>> >
>>> > 2017-09-14 13:08 GMT+02:00 Janne Johansson :
>>> >>
>>> >> Since 6.1 I think the max is 2M, and not 256k. Many programs will also
>>> >> allow you to bump limits using setsockopt.
>>> >>
>>> >>
>>> >
>>> > httpd.conf:
>>> > server "secret.site" {
>>> > tcp {
>>> > socket buffer 2097152
>>> > }
>>> >
>>> > rsyncd.conf:
>>> >  ...
>>> > socket options = SO_SNDBUF=2097152
>>> >
>>> >
>>> > --
>>> > May the most significant bit of your life be positive.
>

Re: PF packets being blocked...why?

2017-06-26 Thread Ville Valkonen 
Hi,

yes, scratch my original message. Shouldn't reply while on the move.

--
Ville


On Jun 26, 2017 9:14 PM, "Steve Williams" <st...@williamsitconsulting.com>
wrote:

Hi,

Packets from vether are going out NAT'd no problem.  I have 100% Internet
access on 192.168.123.0/24.

>From my understanding, the "pass out quick inet all flags S/SA" allow
packets out and should create state for the connection for any ipv4 packets
on any interface.

Subsequent packets (these seem to have the "P"ush flag set) should match
the state and not get blocked.

Hum... perhaps the states are expiring too fast?

How do I find out if the state existed at the time that the packet was
blocked?

Thanks,
Steve W.



On 26/06/2017 12:09 PM, Ville Valkonen wrote:

Hello,

a quick glance and it seems you aren't allowing vether traffic to pass.

--
Regards,
Ville

On Jun 26, 2017 8:19 PM, "Steve Williams" <st...@williamsitconsulting.com>
wrote:

> Hi,
>
> New install of OpenBSD 6.1 on apu2.  Love the little box.
>
> I have em0 as the connection to the Internet and I bridged em1 and em2
> together on 192.168.123.0.
>
> I've been using OpenBSD since the 2.7 days, but have never run NAT so this
> is my first foray into that world.  I have followed the FAQ on "building a
> router" almost vebatim.  It's working fine, but I am seeing some packets
> blocked with no effect on browsing behind the OpenBSD box.
>
> My ruleset:
>
> # pfctl -sr
> match in all scrub (no-df random-id)
> match out on egress inet from ! (egress:network) to any nat-to (egress:0)
> round-robin
> block drop log quick from  to any
> block drop log quick from  to any
> block drop log all
> pass out quick inet all flags S/SA
> pass in on vether0 inet all flags S/SA
> pass in on em1 inet all flags S/SA
> pass in on em2 inet all flags S/SA
> pass in on egress inet proto tcp from any to (egress) port = 22 flags S/SA
> pass in on egress inet proto tcp from any to (egress) port = 993 flags S/SA
> pass in on egress inet proto tcp from any to (egress) port = 80 flags S/SA
> pass in on egress inet proto tcp from any to (egress) port = 443 flags S/SA
>
> # tcpdump -n -e -ttt -i pflog0# from man pflog man page
> Jun 26 09:45:54.241145 rule 4/(match) block in on vether0:
> 192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375) ack 1 win 1805 (DF)
> Jun 26 09:45:54.701283 rule 4/(match) block in on vether0:
> 192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375) ack 1 win 1805 (DF)
> Jun 26 09:45:55.623757 rule 4/(match) block in on vether0:
> 192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375) ack 1 win 1805 (DF)
> Jun 26 09:45:57.460985 rule 4/(match) block in on vether0:
> 192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375) ack 1 win 1805 (DF)
> Jun 26 09:46:01.150933 rule 4/(match) block in on vether0:
> 192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375) ack 1 win 1805 (DF)
> Jun 26 09:46:08.522599 rule 4/(match) block in on vether0:
> 192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375) ack 1 win 1805 (DF)
> Jun 26 09:46:47.479083 rule 4/(match) block in on vether0:
> 192.168.123.2.46549 > 172.217.3.206.443: P 4042174712:4042174735(23) ack
> 2564095917 win 1593 (DF)
> Jun 26 09:46:47.896295 rule 4/(match) block in on vether0:
> 192.168.123.2.53452 > 23.23.126.54.443: P 4003838125:4003838156(31) ack
> 2044539346 win 65535 (DF)
> Jun 26 09:46:47.896662 rule 4/(match) block in on vether0:
> 192.168.123.2.53452 > 23.23.126.54.443: R 31:31(0) ack 1 win 65535 (DF)
> Jun 26 09:46:47.896674 rule 4/(match) block in on vether0:
> 192.168.123.2.59762 > 216.58.216.163.443: P 113176577:113176608(31) ack
> 2619790719 win 1403 (DF)
> Jun 26 09:46:47.896685 rule 4/(match) block in on vether0:
> 192.168.123.2.59762 > 216.58.216.163.443: F 31:31(0) ack 1 win 1403 (DF)
> Jun 26 09:46:47.896711 rule 4/(match) block in on vether0:
> 192.168.123.2.39279 > 31.13.77.6.443: P 4254697166:4254697197(31) ack
> 2615144509 win 1545 (DF)
> Jun 26 09:46:47.896735 rule 4/(match) block in on vether0:
> 192.168.123.2.39279 > 31.13.77.6.443: R 31:31(0) ack 1 win 1545 (DF)
>
> # pfctl -R 4 -sr
> block drop log all
>
> It is not all https traffice that is being blocked as I can hit my banking
> site, etc.  Does anyone have an idea why are these packets being blocked?
>
> Thanks,
> Steve Williams
>
>
>
>

Re: PF packets being blocked...why?

2017-06-26 Thread Ville Valkonen 
Hello,

a quick glance and it seems you aren't allowing vether traffic to pass.

--
Regards,
Ville

On Jun 26, 2017 8:19 PM, "Steve Williams" 
wrote:

> Hi,
>
> New install of OpenBSD 6.1 on apu2.  Love the little box.
>
> I have em0 as the connection to the Internet and I bridged em1 and em2
> together on 192.168.123.0.
>
> I've been using OpenBSD since the 2.7 days, but have never run NAT so this
> is my first foray into that world.  I have followed the FAQ on "building a
> router" almost vebatim.  It's working fine, but I am seeing some packets
> blocked with no effect on browsing behind the OpenBSD box.
>
> My ruleset:
>
> # pfctl -sr
> match in all scrub (no-df random-id)
> match out on egress inet from ! (egress:network) to any nat-to (egress:0)
> round-robin
> block drop log quick from  to any
> block drop log quick from  to any
> block drop log all
> pass out quick inet all flags S/SA
> pass in on vether0 inet all flags S/SA
> pass in on em1 inet all flags S/SA
> pass in on em2 inet all flags S/SA
> pass in on egress inet proto tcp from any to (egress) port = 22 flags S/SA
> pass in on egress inet proto tcp from any to (egress) port = 993 flags S/SA
> pass in on egress inet proto tcp from any to (egress) port = 80 flags S/SA
> pass in on egress inet proto tcp from any to (egress) port = 443 flags S/SA
>
> # tcpdump -n -e -ttt -i pflog0# from man pflog man page
> Jun 26 09:45:54.241145 rule 4/(match) block in on vether0:
> 192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375) ack 1 win 1805 (DF)
> Jun 26 09:45:54.701283 rule 4/(match) block in on vether0:
> 192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375) ack 1 win 1805 (DF)
> Jun 26 09:45:55.623757 rule 4/(match) block in on vether0:
> 192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375) ack 1 win 1805 (DF)
> Jun 26 09:45:57.460985 rule 4/(match) block in on vether0:
> 192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375) ack 1 win 1805 (DF)
> Jun 26 09:46:01.150933 rule 4/(match) block in on vether0:
> 192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375) ack 1 win 1805 (DF)
> Jun 26 09:46:08.522599 rule 4/(match) block in on vether0:
> 192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375) ack 1 win 1805 (DF)
> Jun 26 09:46:47.479083 rule 4/(match) block in on vether0:
> 192.168.123.2.46549 > 172.217.3.206.443: P 4042174712:4042174735(23) ack
> 2564095917 win 1593 (DF)
> Jun 26 09:46:47.896295 rule 4/(match) block in on vether0:
> 192.168.123.2.53452 > 23.23.126.54.443: P 4003838125:4003838156(31) ack
> 2044539346 win 65535 (DF)
> Jun 26 09:46:47.896662 rule 4/(match) block in on vether0:
> 192.168.123.2.53452 > 23.23.126.54.443: R 31:31(0) ack 1 win 65535 (DF)
> Jun 26 09:46:47.896674 rule 4/(match) block in on vether0:
> 192.168.123.2.59762 > 216.58.216.163.443: P 113176577:113176608(31) ack
> 2619790719 win 1403 (DF)
> Jun 26 09:46:47.896685 rule 4/(match) block in on vether0:
> 192.168.123.2.59762 > 216.58.216.163.443: F 31:31(0) ack 1 win 1403 (DF)
> Jun 26 09:46:47.896711 rule 4/(match) block in on vether0:
> 192.168.123.2.39279 > 31.13.77.6.443: P 4254697166:4254697197(31) ack
> 2615144509 win 1545 (DF)
> Jun 26 09:46:47.896735 rule 4/(match) block in on vether0:
> 192.168.123.2.39279 > 31.13.77.6.443: R 31:31(0) ack 1 win 1545 (DF)
>
> # pfctl -R 4 -sr
> block drop log all
>
> It is not all https traffice that is being blocked as I can hit my banking
> site, etc.  Does anyone have an idea why are these packets being blocked?
>
> Thanks,
> Steve Williams
>
>
>
>

Re: sftp chroot

2017-06-14 Thread Ville Valkonen 
On 14 June 2017 at 11:33, Markus Rosjat  wrote:
> Hi there,
>
> I want to build an sftp environment where the user is chrooted to his home
> dir. So far so good but then again the user might need access to a webserver
> resource like /var/www/htdocs/some_dir
>
> As far as I understand a symlink doesnt work in the chroot setup and Im not
> quiet sure how to achieve this.
>
> I could simply make /var/www/htdocs/some_dir the home dir of the user but Im
> not sure if this is the recommended way.
>
> so once again adivce  is helpful :)
>
> regards
>
> --
> Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de
>
> G+H Webservice GbR Gorzolla, Herrmann
> Königsbrücker Str. 70, 01099 Dresden
>
> http://www.ghweb.de
> fon: +49 351 8107220   fax: +49 351 8107227
>
> Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before you
> print it, think about your responsibility and commitment to the ENVIRONMENT
>

Hi,

here's the NFS solution you were after:
$ grep 127.0.0.1 /etc/exports
/home/store/music -ro -mapall=extuser1 127.0.0.1
/home/store/not_sorted -ro -mapall=extuser1 127.0.0.1

and chroot /home/$user as usual. Now the extuser1 has an read only
access to certain shares.

Hackish? Definitely. Use at your own risk.

--
Regards,
Ville

Re: sftp chroot

2017-06-14 Thread Ville Valkonen 
Hi,

one option is to use local nfs mounts. That's what I've done.

--
Regards,
Ville


On Jun 14, 2017 11:34 AM, "Markus Rosjat"  wrote:

Hi there,

I want to build an sftp environment where the user is chrooted to his home
dir. So far so good but then again the user might need access to a
webserver resource like /var/www/htdocs/some_dir

As far as I understand a symlink doesnt work in the chroot setup and Im not
quiet sure how to achieve this.

I could simply make /var/www/htdocs/some_dir the home dir of the user but
Im not sure if this is the recommended way.

so once again adivce  is helpful :)

regards

-- 
Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before
you print it, think about your responsibility and commitment to the
ENVIRONMENT

Re: git clone failing in vmm

2017-03-04 Thread Ville Valkonen 
You completely missed the point.

--
Ville


On Mar 4, 2017 21:09, "Flipchan"  wrote:

U Can download the zip File for the master branch instead of useing git

Carlin Bingham  skrev: (4 mars 2017 01:31:31 CET)
>I'm having an issue with git clone failing in a vmm vm. Happens
>consistently
>for any large trees, example:
>
>$ git clone https://github.com/openbsd/src.git
>
>Cloning into 'src'...
>remote: Counting objects: 1672334, done.
>remote: Compressing objects: 100% (867/867), done.
>fatal: pack has bad object at offset 2242336: inflate returned -5
>fatal: index-pack failed
>
>This doesn't happen outside the vm.
>
>Syslog on the host says this:
>Mar  4 12:12:40 vorpal vmd[99431]: vionet queue notify - no space,
>dropping packet
>
>Other downloads (eg. downloading the sets) works fine, it's just git
>that
>fails.
>
>Anyone know what the problem might be or how to prevent it?
>
>
>The network on the host looks like this:
>
>vether0: flags=8943 mtu
>1500
>lladdr fe:e1:ba:d1:a5:21
>index 8 priority 0 llprio 3
>groups: vether
>media: Ethernet autoselect
>status: active
>inet 10.1.1.1 netmask 0xff00 broadcast 10.1.1.255
>bridge0: flags=41
>index 9 llprio 3
>groups: bridge
>  priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp
>vether0 flags=3
>port 8 ifpriority 0 ifcost 0
>tap0 flags=3
>port 10 ifpriority 0 ifcost 0
>tap0: flags=8942 mtu 1500
>lladdr fe:e1:ba:d2:bb:43
>description: vm2-if0-tmpvm
>index 10 priority 0 llprio 3
>groups: tap
>status: active
>
>--
>Carlin

--
Sincerly flipchan - LayerProx dev

Re: Sleep, Thinkpad x250

2016-07-12 Thread Ville Valkonen 
Hiya,

AFAIK the video card is the problem. Exit X and try to suspend &
resume. Works for me, also running X250.

--
Regards,
Ville

On 12 July 2016 at 21:50, Donald Allen  wrote:
> I have a Thinkpad x250 running 5.9 stable, up-to-date. This system
> will not re-awaken from sleep mode. No response to the power button --
> it just continues to sit there slowly blinking and does not respond to
> pings. Power cycling is the only way I've found to recover. dmesg
> below. I believe this is one of the Broadwell cpus Ted Unangst
> mentions in his blog post on OpenBSD and laptops.
>
> OpenBSD 5.9-stable (GENERIC.MP) #0: Tue Jul  5 21:42:13 EDT 2016
> d...@igor.allen.net:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 3959959552 (3776MB)
> avail mem = 3835744256 (3658MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xccbfd000 (65 entries)
> bios0: vendor LENOVO version "N10ET38W (1.17 )" date 08/20/2015
> bios0: LENOVO 20CMCTO1WW
> acpi0 at bios0: rev 2
> acpi0: sleep states S0 S3 S4 S5
> acpi0: tables DSDT FACP ASF! HPET ECDT APIC MCFG SSDT SSDT SSDT SSDT
> SSDT SSDT SSDT SSDT SSDT PCCT SSDT TCPA SSDT UEFI MSDM BATB FPDT UEFI
> acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) XHCI(S3) EHC1(S3)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpihpet0 at acpi0: 14318179 Hz
> acpiec0 at acpi0
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Core(TM) i3-5010U CPU @ 2.10GHz, 1995.70 MHz
> cpu0:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
> H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
> ,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA
> DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS
> GSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,SENSOR,ARAT
> cpu0: 256KB 64b/line 8-way L2 cache
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
> cpu0: apic clock running at 99MHz
> cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
> cpu1 at mainbus0: apid 1 (application processor)
> cpu1: Intel(R) Core(TM) i3-5010U CPU @ 2.10GHz, 1995.39 MHz
> cpu1:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
> H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
> ,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA
> DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS
> GSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,SENSOR,ARAT
> cpu1: 256KB 64b/line 8-way L2 cache
> cpu1: smt 1, core 0, package 0
> cpu2 at mainbus0: apid 2 (application processor)
> cpu2: Intel(R) Core(TM) i3-5010U CPU @ 2.10GHz, 1995.39 MHz
> cpu2:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
> H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
> ,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA
> DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS
> GSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,SENSOR,ARAT
> cpu2: 256KB 64b/line 8-way L2 cache
> cpu2: smt 0, core 1, package 0
> cpu3 at mainbus0: apid 3 (application processor)
> cpu3: Intel(R) Core(TM) i3-5010U CPU @ 2.10GHz, 1995.39 MHz
> cpu3:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
> H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
> ,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEA
> DLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FS
> GSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,PT,SENSOR,ARAT
> cpu3: 256KB 64b/line 8-way L2 cache
> cpu3: smt 1, core 1, package 0
> ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins
> acpimcfg0 at acpi0 addr 0xf800, bus 0-63
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus -1 (PEG_)
> acpiprt2 at acpi0: bus 2 (EXP1)
> acpiprt3 at acpi0: bus 3 (EXP2)
> acpiprt4 at acpi0: bus -1 (EXP3)
> acpicpu0 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33),
> C1(1000@1 mwait.1), PSS
> acpicpu1 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33),
> C1(1000@1 mwait.1), PSS
> acpicpu2 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33),
> C1(1000@1 mwait.1), PSS
> acpicpu3 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33),
> C1(1000@1 mwait.1), PSS
> acpipwrres0 at acpi0: PUBS, resource for XHCI, EHC1
> acpipwrres1 at acpi0: NVP3, resource for PEG_
> acpipwrres2 at acpi0: NVP2, resource for PEG_
> acpitz0 at acpi0: critical temperature is 128 degC
> acpibtn0 at acpi0: LID_
> acpibtn1 at acpi0: SLPB
> acpibat0 at acpi0: BAT0 model "45N" serial 15023 type LiP oem "SONY"
> acpibat1 at acpi0: BAT1

Re: kernel logs "v_type 1" and "f_type 1"

2016-05-09 Thread Ville Valkonen 
On 9 May 2016 at 16:03, Axel Rau  wrote:
> A firewall box (dual Atom N270, 2GB, 5 nics, running 5.8-current
(GENERIC.MP)
> #1219)
> suddenly started logging
> v_type 1
> f_type 1
> (up to 40 times/sec) and stopped routing.
>
> The effect went away after disconnecting all but one nic.
>
> Any help appreciated,
> Axel
> ---
> PGP-Key:29E99DD6  ☀  computing @ chaos claudius

Hi,

you forgot to attach:
- dmesg
- routes
- netstat

and probably something else.

--
Regards,
Ville

Re: Upgrade from snapshot to release.

2016-02-10 Thread Ville Valkonen 
On Feb 10, 2016 5:16 PM, "Paco Esteban"  wrote:
>
> Hi misc@,
>
> I've one machine that has 5.8-current (20th of October snapshot).
> This is a "hardly-ever-touched" machine and I would prefer to have it
> following -stable.
> Is it possible to go from 5.8-current to 5.9 (when it's available) using
> the installer ?
>
> I've been using OpenBSD since 3.4 but never really played with -current
> (with the exception of some tests playing with crappy SSD performance).
>
> Cheers,
>
> --
> Paco Esteban.
> GnuPG key: https://onna.be/44CA735E.html
>
> [demime 1.01d removed an attachment of type application/pgp-signature
which had a name of signature.asc]
>

Hi,

downgrading is not supported.

Anyway, if it's barely touched, why not to just spin a fresh install?

--
Regards,
Ville

Re: Upgrade from snapshot to release.

2016-02-10 Thread Ville Valkonen 
Hi,

On Feb 10, 2016 6:35 PM, "Ingo Schwarze" <schwa...@usta.de> wrote:
>
> Hi,
>
> Paco Esteban wrote on Wed, Feb 10, 2016 at 05:14:09PM +0100:
> > On Wed, 10 Feb 2016, Ville Valkonen wrote:
> >> On Feb 10, 2016 5:16 PM, "Paco Esteban" <p...@onna.be> wrote:
>
> >>> I've one machine that has 5.8-current (20th of October snapshot).
> >>> This is a "hardly-ever-touched" machine and I would prefer to have it
> >>> following -stable.
> >>> Is it possible to go from 5.8-current to 5.9 (when it's available)
using
> >>> the installer ?
>
> Yes.  There is no problem with that whatsoever.  Going from X-current
> to (X+1)-stable is supported in exactly the same way as going from
> X-stable to (X+1)-stable.  Equivalently, you can consider (X+1)-release
> as the latest version of X-current that will be made available.
>
> >> downgrading is not supported.
>
> Ville, please refrain from spreading wrong information.
>
> The meaning of "downgrading" is going from X-current to X-stable
> or from X-anything to Y-anything with X > Y.  That's not what Paco
> was talking about.

I stand corrected, tanks Ingo. And pardon for spreading the wrong
information.

> >> Anyway, if it's barely touched, why not to just spin a fresh install?
>
> A fresh install is always an option, but there is no need for it
> in this case.
>
> Yours,
>   Ingo

--
Ville

Re: Hi There! I am trying to install OpenBSD

2016-02-01 Thread Ville Valkonen 
Hi,

On 1 February 2016 at 08:21, Gabriele Tozzi <gabri...@tozzi.eu> wrote:
> This is my first message on the list so, first of all, hello everybody! :)
>
> I've recently bought a dedicated PC, planning to use it as a firewall by
> installing OpenBSD on it.
>
> I have downloaded the install80.iso, checked the sha sum, and read the
> installation guide.
> I have burned the iso to a cd-rom and checked the sha sum again on the
> machine I am trying to install.
> I have tested the hardware and the general functionality of the machine
> with common open source tools (memtest and succesfully installing a
> linux distro).
>
> When I boot the i386 OpenBSD 5.8 CD, it loads the kernel and writes a
> lot of blue stuff, then stops at:
>
> wdc_atapi_intr: warning: reading only 0 of 18 bytes
>
> For those who have a browser, here is a full screenshoot:
> http://imagebin.ca/v/2VR8MRMArdG7
>
> I've tried to look for this error using a search engine, but I
> surprisingly got zero results.

Check /usr/src/sys/dev/atapiscsi/atapiscsi.c and line 1042. A bit
above, there is the following comment:
1028 /* Exceptional case - drive want to transfer more
1029data than we have buffer for */

Though, no idea/time to see how to fix it.

--
Regards,
Ville Valkonen

Re: azalia(4) partially working on Intel NUC NUC5i7RYH

2015-12-18 Thread Ville Valkonen 
Hi,

there's no hdmi audio support yet.

Regards,
Ville
On Dec 18, 2015 6:10 PM, "Josh"  wrote:

> Hi,
>
> Just updated CVS tree around 4pm UTC today and I can't get any output
> sound.
>
> The bios of the NUC has an option "enable audio" which is ticked, and
> "Mini DP/HDMI audio" that was also ticked.
> I tried the above tests with both that "Mini DP/HDMI audio" ticked /
> not ticked, but same results. Impossible to get some sound out.
>
> Browsed the bug@ but didn't really find something related. Should I
> file a bug report?
>
> Cheers,
>
> On Mon, Nov 30, 2015 at 11:43 AM, Josh  wrote:
> > On Mon, Nov 30, 2015 at 11:24 AM, Alexandre Ratchov 
> wrote:
> >> On Mon, Nov 30, 2015 at 11:09:51AM +0800, Josh wrote:
> >>> Hi,
> >>>
> >>> Running amd64-current (last update at ~5pm UTC 29th Nov), azalia(4)
> >>> works partially on that NUC NUC5i7RYH device:
> >>> Recording through audacity for instance seems to work as I can see the
> >>> amplitude changing when speaking through the microphone.
> >>
> >> this indicates that data moves between the device and the host, so
> >> problems are likely to be caused by the mixer.
> >>
> >>> nuc$ mixerctl -av
> >>> inputs.dac-0:1=126,126
> >>> inputs.dac-2:3=126,126
> >>> record.adc-0:1_mute=off  [ off on ]
> >>> record.adc-0:1=124,124
> >>> record.adc-2:3_mute=off  [ off on ]
> >>> record.adc-2:3=124,124
> >>> inputs.mix_source=mic  { mic }
> >>> inputs.mix_mic=120,120
> >>> inputs.mix2_source=dac-0:1,mix  { dac-0:1 mix }
> >>> inputs.mix3_source=dac-2:3,mix  { dac-2:3 mix }
> >>> inputs.mic=85,85
> >>> outputs.mic_dir=input-vr80  [ none input input-vr0 input-vr50
> >>> input-vr80 input-vr100 ]
> >>> outputs.hp_source=mix2  [ mix2 mix3 ]
> >>> outputs.hp_mute=off  [ off on ]
> >>> outputs.hp_boost=off  [ off on ]
> >>
> >> ^^
> >> does setting outputs.hp_boost=on helps ?
> >>
> >
> > Unfortunately, I've tried and setting outputs.hp_boost=on does not help.

Re: can't boot from USB3.0 flash memory

2015-11-27 Thread Ville Valkonen 
On 26 November 2015 at 15:26, <freeu...@ruggedinbox.com> wrote:

> I have USB3.0 flash memory.(SANDISK)
> "OpenBSD 5.8 amd64/i386 on USB3.0"
>
> 1.USB3.0 flash memory connect to USB2.0/1.0
> boot: It's fine.
> 2.USB3.0 flash memory connect to USB3.0
> boot: can't boot!
>
> anyone don't need boot from USB3.0?
>

Hi,

do you happen to have an HP machine? Many of those have BIOS issues with
USB boot devices.

--
Regards,
Ville Valkonen

Re: can't boot from USB3.0 flash memory

2015-11-27 Thread Ville Valkonen 
gmail didn't show any attachment.
On Nov 27, 2015 3:20 PM, "Tati Chevron" <chev...@swabsit.com> wrote:

> On Fri, Nov 27, 2015 at 02:31:32PM +0200, Ville Valkonen wrote:
>
>> On 26 November 2015 at 15:26, <freeu...@ruggedinbox.com> wrote:
>>
>> I have USB3.0 flash memory.(SANDISK)
>>> "OpenBSD 5.8 amd64/i386 on USB3.0"
>>>
>>> 1.USB3.0 flash memory connect to USB2.0/1.0
>>> boot: It's fine.
>>> 2.USB3.0 flash memory connect to USB3.0
>>> boot: can't boot!
>>>
>>> anyone don't need boot from USB3.0?
>>>
>>>
>> Hi,
>>
>> do you happen to have an HP machine?
>>
>
> Didn't you read the attached dmesg?
>
> --
> Tati Chevron
> Perl and FORTRAN specialist.
> SWABSIT development and migration department.
> http://www.swabsit.com

Re: Getting Error on Implementation

2015-10-28 Thread Ville Valkonen 
On 28 October 2015 at 04:58, Yasir Israr  wrote:

> Hello..
>
> Getting installation problem on OpenBSD 5.8 in Dell R630 Server.
>
>
>
> -
>
> Regards,
>
> Yasir Israr
>
>
>
> ORION SOLUTIONS || ISO 9001-2008 Certified
>
> 1st Floor 14/18 Elign Road
>
> Civil Lines, Allahabad
>
> 9795610614  ≡ mobile|  
> ya...@orionsolutions.co.in
>
>   www.orionsolutions.co.in
>
>
Hi,

you really think people will be able to solve the problem without any
further information?

--
Regards,
Ville

Re: match rules and priorities

2015-10-08 Thread Ville Valkonen 
On 8 October 2015 at 11:36, Christer Solskogen  wrote:

> Hi!
>
> I'm having a bit trouble understanding match rules and priorities. I
> have a lot of traffic on other ports than http and https, but I want
> to have top priority on them instead of the others.
>
> So I have these rules:
> match proto tcp to port { ftp, http, https, 3129 } set prio 7
> match proto tcp from port { ftp, http, https, 3129 } set prio 7
>
> Do I need them both? And where in pf.conf should they be? I've tried
> having them on top, and on bottom, but still I get very low speeds for
> downloads on http.
>
> OpenBSD 5.8-current (GENERIC.MP) #1419: Sun Oct  4 12:28:54 MDT 2015
>
> --
> chs
>

Hello Christer,

you can only queue outgoing traffic. Once you think about it, that makes
sense.

--
Regards,
Ville

Re: nVIDIA driver on OpenBSD 5.7 Issue

2015-06-18 Thread Ville Valkonen 
On 18 June 2015 at 13:17, Mohammad BadieZadegan mbzade...@gmail.com wrote:
 Hi everybody,
 I have nVIDIA graphic card but it did not recognise by my OpenBSD5.7!
 It's my dmesg
 http://dmesgd.nycbug.org/index.cgi?action=dmesgddo=viewid=2742.
 I can use default OpenBSD X when I replaced nv by vesa in
 /etc/X11/xorg.conf but is that possible to use nVidia driver on OpenBSD?
 Regards.

Hi,

don't be surprised, Nvidia is not supported until someone sends a
patch (Nouveau). Therefore, your options are: 1) Use VESA 2) If the
machine has a second display card, use that by disabling Nvidia from
BIOS c) Change HW d) Use different OS.

--
Kind regards,
Ville Valkonen

Re: interesting package isue....cant find with a browser.

2015-04-27 Thread Ville Valkonen 
Hi,

On Apr 27, 2015 9:56 PM, Ton Muller spatie...@online.nl wrote:

 Ok.
 perhaps a bit cryptic.
 but this is the situation, the package portal is huge, ok, no problem
 with it.
 but finding a sertain package is a pain.
 i can recall from the time i was running 4.6, i when to below link
 http://www.openbsd.org/4.6_packages/i386.html

 a nice web portal opened with a discription what each package is.
 but for later versions it was removed.
 perhaps it is hidden, but i cant find it, i am not in for downloading
 26gb on packages, is there a faster way to see what package who is ?

 Tony.

install pkgmgr.

--
Regards,
Ville

Re: 5.7 upgrade question

2015-04-23 Thread Ville Valkonen 
On Apr 23, 2015 4:52 PM, Joseph Oficre seran...@gmail.com wrote:

 Hi @misc!
 As i see http://www.openbsd.org/faq/upgrade57.html  5.7 upgrade guide is
 ready. So if i want to upgrade from my 5.6 release i should use bsd.rd
 from latest snapshot. It means that i need to change my packages path to
 snapshot one, right?

 So, can  i swap it to 5.7 release package tree after may 1 without getting
 troubles? (cuz i dont want to update snapshots offten)


Hi,

short answer: wait until 1st of May.

Regards,
Ville

Re: Dmesg of Lenovo X250

2015-04-19 Thread Ville Valkonen 
Hi,

On 19 April 2015 at 02:47, Theo de Raadt dera...@cvs.openbsd.org wrote:
 dmesg of Lenovo X250 running snapshot dated on:
 -rw-r--r--  1 1001  0   1889 Apr 15 15:57:09 2015 SHA256.sig

 Most of the things work.

 List of things that doesn't work:
   - Wireless network, though I'd guess this will start to work once the
 firmware URL path points to snapshots again.
 +  These lines appear in dmesg after scan and trying to join a
 wap (scan works though):
iwm0: hw rev: 0x210, fw ver 25.228 (API ver 9), address 
 60:57:18:6a:df:8d
iwm0: could not initiate scan
   - Suspend, goes to sleep but doesn't resume.
   - X acceleration, VESA works though.
   - CPU turbomode doesn't work (I am aware it's mainly a marketing trick) and
 CPUs seems to get recognized with different MHz on every boot:
 cpu0: Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz, 2494.66 MHz
 And different boot:
 cpu0: Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz, 2494.60 MHz
 cpu1: Intel(R) Core(TM) i7-5600U CPU @ 2.60GHz, 2494.23 MHz
   - A few devices didn't get recognized:
 $ dmesg |grep -i not 
 intagp at vga1 not configured
 Intel 9 Series MEI rev 0x03 at pci0 dev 22 function 0 not configured
 Intel 9 Series Thermal rev 0x03 at pci0 dev 31 function 6 not 
 configured


 There are one or two in the project now, and some work to make them
 work...

 Support for newer generations of machines becomes rapidly better once
 more developers have them HINT.

Before purchasing the machine I was aware the hardware is rather new
and not likely fully supported yet. But that's okay, all the crucial
things works. And calms down to know there are developers with the
same machine :)

My current financial situation doesn't allow computer donations but
I've been doing monetary donations every now and then. Will also try
to contribute by testing diffs when possible.

Thanks,
Ville

Dmesg of Lenovo X250

2015-04-18 Thread Ville Valkonen 
 EmulateWheel True
[24.031] (**) Option EmulateWheelButton 2
[24.031] (**) Option YAxisMapping 4 5
[24.031] (**) ws: /dev/wsmouse: YAxisMapping: buttons 4 and 5
[24.031] (**) Option XAxisMapping 6 7
[24.031] (**) ws: /dev/wsmouse: XAxisMapping: buttons 6 and 7
[24.031] (II) XINPUT: Adding extended input device /dev/wsmouse
(type: MOUSE, id 8)
[24.032] (**) /dev/wsmouse: (accel) keeping acceleration scheme 1
[24.032] (**) /dev/wsmouse: (accel) acceleration profile 0
[24.032] (**) /dev/wsmouse: (accel) acceleration factor: 2.000
[24.032] (**) /dev/wsmouse: (accel) acceleration threshold: 4
/snip

--
Kind regards,
Ville Valkonen

Re: ssh help with X11Forwarding

2015-04-15 Thread Ville Valkonen 
Hello,

On 13 April 2015 at 15:10, dan mclaughlin thev...@openmailbox.org wrote:
 On Mon, 13 Apr 2015 16:49:02 +0530 Hrishikesh Murukkathampoondi 
 hris...@gmail.com wrote:
 Hello

 I am running OpenSD 5.6 on a x86 netbook. I am trying to setup X11 
 forwarding in ssh.

 In sshd_config I have added
 X11Forwarding yes

 In ssh_config I have added
 ForwardAgent yes
 ForwardX11 yes

 I have restarted sshd (pkill -HUP sshd)  and when I start ssh from the 
 client using ssh -X I get DISPLAY is not set when trying to launch an xterm.

 this is probably a bad idea. that will send the signal to all sshd processes,
 and not just the main server.

 the proper way to restart sshd is to use the pid in /var/run/sshd.pid ie

 $ kill -1 $(/var/run/sshd.pid)

Noup, kill HUP is completely okay. Have a look:
$ uname -r
5.6
$ grep -A 2 rc_reload /etc/rc.d/sshd
rc_reload() {
${daemon} ${daemon_flags} -t  pkill -HUP -f ^${pexp}
}

and for clarity:
$ grep pexp= /etc/rc.d/rc.subr |tail -1
pexp=${daemon}${daemon_flags:+ ${daemon_flags}}

--
Regards,
Ville

Re: httpd tls - what am i missing?

2015-03-23 Thread Ville Valkonen 
Hello Theodore,

On 23 March 2015 at 19:35, Theodore Wynnychenko t...@uchicago.edu wrote:
 Hello
 I think I missing something very obvious, but I have been struggling with 
 this for a while, and hope that someone will point out my
 oversight.

 Running current:
 OpenBSD 5.7-current (RAMDISK_CD) #818: Wed Mar 18 18:59:52 MDT 2015
 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD

 httpd up and running:

 ps ax:
 1235 ??  Is  0:00.01 httpd: parent (httpd)
  1598 ??  I   0:00.00 httpd: logger (httpd)
 27922 ??  I   0:00.01 httpd: server (httpd)
  2020 ??  I   0:00.01 httpd: server (httpd)
 19391 ??  I   0:00.01 httpd: server (httpd)

 Using this configuration file - httpd.conf:

 http_ip=10.0.128.67

 types {
 include /usr/share/misc/mime.types
 }

 server defualt {
This should be default :-)

--
Regards,
Ville Valkonen

Re: OpenBSD frozen when building OpenJDK 8u40 b25

2015-03-20 Thread Ville Valkonen 
On 20 March 2015 at 09:41, Dongsheng Song dongsheng.s...@gmail.com wrote:
 Hi ports,

 I download OpenJDK 8u40 b25 source from:

 https://jdk8.java.net/java-se-8-ri/
 https://www.java.net/download/openjdk/jdk8u40/ri/openjdk-8u40-src-b25-10_feb_2015.zip

 Then building it with jdk-1.7.0.71v0:

 http://ftp.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/jdk-1.7.0.71v0.tgz

 During the building, OpenBSD system frozen without any exception messages,
 I must do power off and power on manually.

 I'm running OpenBSD current:
 OpenBSD 5.7-current (GENERIC.MP) #895: Wed Mar 18 18:55:03 MDT 2015

 Which download and install from
 http://ftp.openbsd.org/pub/OpenBSD/snapshots/amd64/install57.iso

 Regards,
 Cauchy

Full dmesg?

Re: Very-small fully-functional systems?

2015-03-09 Thread Ville Valkonen 
On 9 March 2015 at 02:21, Bertrand Caplet bertrand.cap...@chunkz.net wrote:

 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA512

 Hey there,
 What about Raspberry Pi2 ? It's really cheap, nice CPU, ethernet and USB ! 
 And I think oBSD would be alright on it :)

 I'm looking for a very (physically) small (embedded) platform that can
 run OpenBSD properly, including at least:
 ...
 Locally, I can get RasPis, BeagleBone Blacks, and MinnowBoards cheaply.
 The RasPi isn't supported at all, the BeagleBone Black doesn't have USB
  ...
 Thanks,
 -Adam


Ahem Bertrand,

did you read Adam's mail, since he wrote The RasPi isn't supported at all ;)

--
Kind regards,
Ville

Re: OpenBSD Iscsid client

2015-02-21 Thread Ville Valkonen 
On 20 February 2015 at 23:37, Theron ZORBAS theronzor...@yahoo.com wrote:

 Hi Claudio,

 Thanks for your reply. I'll disable it.
 Also wanna ask you if you're planning about chap auth implementation.
 Have a good day.

 Theron



 On Friday, February 20, 2015 8:33 PM, Claudio Jeker 
 cje...@diehard.n-r-g.com wrote:
 On Fri, Feb 20, 2015 at 04:32:42PM +, Theron ZORBAS wrote:
  Hi Misc,
 
  I want to connect a nas device over iscsi under OpenBSD 5.5 amd64.
  I have information about nas ip address, chap and share.
  I've read man iscsi.conf but there is no part about chap auth.
  Also could not find any working example on net.
 
  Can anyone direct me please?
 

 iscsid does not support CHAP yet. Disable the auth and it should hopefully

 work.

 --
 :wq Claudio


Hello,

he wrote yet, which I'd interpret as: it will be supported in the future.

--
Regards,
Ville

Re: About pppoe PADI retries

2015-01-07 Thread Ville Valkonen 
Hello Theron,

missing PF.conf at least :)

--
Regards,
Ville Valkonen
On Jan 7, 2015 5:14 PM, Theron ZORBAS theronzor...@yahoo.com wrote:

 Hi Misc,

 I' think this is not fully OpenBSD issue but want to learn the reason of
 problem.


 Here it is:
 I have two adsl modems which are in bridge mode. Here is my configs:

 # cat /etc/hostname.em1
 up

 # cat /etc/hostname.em2
 up


 # cat /etc/hostname.pppoe0
 inet 0.0.0.0 255.255.255.255 NONE \
 pppoedev em1 authproto pap \
 authname 'username1@service' authkey 'password2' up
 dest 0.0.0.1
 !/sbin/route add default -ifp hostname.pppoe0 0.0.0.1

 # cat /etc/hostname.pppoe1
 inet 0.0.0.0 255.255.255.255 NONE \
 pppoedev em2 authproto pap \
 authname 'username2@service' authkey 'password2' up
 dest 0.0.0.1
 !/sbin/route add default -ifp hostname.pppoe1 0.0.0.1


 My public ip addreses are static. (I get them with these configs above.)

 pppoe0 has no problems but pppoe1 somehow redialing all the time. (Works
 for some minutes after that redials...)
 After thousands of PADI retries pf hangs and rules of pppoe1 do not work.
 When i reload pf with pfctl -f /etc/pf.conf everything goes on...

 Also there are lots of pppoe1: LCP keepalive timeout messages on dmesg.


 I use generic 5.5 amd64 kernel with all errata patches.

 My first suspect is the telecom guys. I'll want the change my port at
 their side.
 Also wanted to inform this second issue which may be releated with pf.

 So, what do you think about this problem? Am i missing something? Any
 proper or temporary solution at OpenBSD side? Is it an option
 PPPOE_TERM_UNKNOWN_SESSIONS releated issue which told in manpage of pppoe?

 --
 Thanks
 Theron

Re: Secure Secure Shell

2015-01-06 Thread Ville Valkonen 
Hello,

can you please stop crossposting? Thanks.

--
Regards,
Ville
On Jan 6, 2015 4:34 PM, whoami toask whoamito...@safe-mail.net wrote:

 https://stribika.github.io/2015/01/04/secure-secure-shell.html

 Is the default config for SSHD enough secure?

 Or the different distros modifications are the ones that make it not the
 best regarding security?

 Thanks.

Re: OpenBSD 5.6 - amd64 on Lenovo G480

2014-12-12 Thread Ville Valkonen 
On 12 December 2014 at 03:50, Leonardo Santagostini
lsantagost...@gmail.com wrote:
 Hello @misc,

 This mail is regarding about issues that im facing after doing a fresh
 install of 5.6 RELEASE and snapshot on my latptop

 The point is that after installing sucessfully i am trying to start X but
 screen goes black. The only way i have to go to console is pressing
 CTRL+ALT+F1 after lid close, suspend and resume.

 Just wanting to know what is the best way i can help you regarding this.

 i know sending:

 1) dmesg
 2) x.org.log

 Is ok, but i have no idea what else could help.

 So, please, just let me know what else is needed, so i can do my homework.

 (Also i tried snapshot from 12/08 but an libc version problem appears when
 x starts)

 Regards,
 Leonardo Santagostini

 http://ar.linkedin.com/in/santagostini

Hello Leonardo,

have you done fw_update -v ? Hard to say if it's needed since you
didn't include the dmesg.

--
Regards,
Ville Valkonen

Re: ffs and utf8

2014-11-29 Thread Ville Valkonen 
Hello,

On 29 November 2014 at 14:02, frantisek holop min...@obiit.org wrote:
 i have written for myself a small python3 script that
 removes accented characters and all utf8 symbols
 from filenames, a kind of utf-8 to ascii sanitizer.

Are you aware of 'detox' package?

--
Regards,
Ville

Re: Malformed request shuts down httpd

2014-11-28 Thread Ville Valkonen 
On 28 November 2014 at 13:26, Ezequiel Garzon m...@ezequiel-garzon.net wrote:
 Hello! I know a lot is happening to httpd lately, so maybe this is not
 an issue anymore. I've noticed that a malformed HTTP request such as

 $ printf 'GET /file\r\n\r\n'| nc myhost 80

 doesn't just silently fail, but rather shuts down httpd. My
 /etc/httpd.conf is minimal:

 server default {listen on egress port 80}

 Has anybody else tried this?

 Thanks and cheers,

 Ezequiel

Hello Ezequiel,

is that on release, stable or in current and on which hardware architecture?

--
Thanks,
Ville

ACPIEC error has vanished

2014-11-03 Thread Ville Valkonen 
Good day to everyone,

I've had this problem [1] for sometime now (2+ years apparently).
During the latest snapshot upgrade which I downloaded 30-10-2014, I
decided to give a shot and boot without acpiec disabled. To my
surprise it worked like a charm! Previously netlivelocks had really
high values but expectedly calmed down once the ACPI was working
properly. The perfpolicy is also kicking butts. Superb.

To show my appreciation towards your work I made an extra donation.
I'd also like to congratulate all the devs about the another neat
release. Thanks.

[1] http://thread.gmane.org/gmane.os.openbsd.misc/194383

--
Sincerely,
Ville Valkonen

Re: Firewall: Where is the bottleneck?

2014-10-03 Thread Ville Valkonen 
On 2 October 2014 23:36,  jum...@yahoo.de wrote:
 $ sysctl kern.netlivelocks
 kern.netlivelocks=2

 What does this means? I found something like a deadlock, when two processes
 block each other, I'm right?

This is useful information specially under the load. I don't have the
source code available at the moment but as far as I know/remember it
tells how much interrupts network devices create (this is likely
wrong, don't take it as a fact. And please, someone correct me).

 and interrupt statistics (by systat for example) would be helpful.

 You mean during peak load. I will send it on Monday.

Yes, that's correct. Sorry for not mention this in the first mail.

btw. if you could yet provide this information it would be great:
$ sudo pfctl -sa |grep -A 5 LIMITS

--
Regards,
Ville

Re: Firewall: Where is the bottleneck?

2014-10-03 Thread Ville Valkonen 
On 3 October 2014 11:11, Ville Valkonen weezeld...@gmail.com wrote:
 On 2 October 2014 23:36,  jum...@yahoo.de wrote:
 $ sysctl kern.netlivelocks
 kern.netlivelocks=2

 What does this means? I found something like a deadlock, when two processes
 block each other, I'm right?

 This is useful information specially under the load. I don't have the
 source code available at the moment but as far as I know/remember it
 tells how much interrupts network devices create (this is likely
 wrong, don't take it as a fact. And please, someone correct me).

 and interrupt statistics (by systat for example) would be helpful.

 You mean during peak load. I will send it on Monday.

 Yes, that's correct. Sorry for not mention this in the first mail.

 btw. if you could yet provide this information it would be great:
 $ sudo pfctl -sa |grep -A 5 LIMITS

Correction: rather use pfctl -s memory

Re: xombrero crashes with 'Bus error'

2014-10-02 Thread Ville Valkonen 
Hello Stefan,

just shooting in the dark, do you have a dbus daemon running?

Regards,
Ville
On Oct 2, 2014 12:07 PM, Stefan Wollny stefan.wol...@web.de wrote:

 Am 10/02/14 um 03:14 schrieb trondd:
  Are you rebuilding xombrero from the ports tree or reinstalling an
 existing
  built package?
 
  Is your ports tree from the same snapshot as your installed system?
 

 Yes, of course. I have two sripts to update to the latest snapshots.
 First one:

 #!/bin/sh
 #
 cd ~/Downloads/amd64/
 wget
 ftp://ftp.hostserver.de/pub/OpenBSD/snapshots/amd64/{IN*,SHA*,bsd*,*tgz}
 sudo cp /bsd.rd /bsd.rd.1
 sudo cp -p bsd.rd /
 sudo cp -p bsd.mp /bsd
 sudo mount -uw /usr
 sudo tar -C / -xzphf base*.tgz
 sudo tar -C / -xzphf comp*.tgz
 sudo tar -C / -xzphf man*.tgz
 sudo tar -C / -xzphf xbase*.tgz
 sudo tar -C / -xzphf xfont*.tgz
 sudo tar -C / -xzphf xserv*.tgz
 sudo tar -C / -xzphf xshare*.tgz
 sudo sysmerge
 print mount /usr RO
 sudo mount -ur /usr
 cd


 And after rebooting I run

 #!/bin/sh
 #
 cd /tmp
 sudo mount -uw /usr
 cd /usr/src
 sudo cvs -q up -Pd
 cd /usr/xenocara
 sudo cvs -q up -Pd
 cd /usr/ports
 sudo cvs -q up -Pd
 cd
 sudo pkg_add -ui
 sudo /usr/libexec/locate.updatedbsudo
 mount -ur /usr


 So I asssume that my system is up-to-date.

 Nevertheless as Juan pointed out in his reply that I seem to have some
 old ports lying around. So I deleted anything under /usr/ports and tried
 to get a fresh cvs-checkout which failed... but that is reported with an
 other thread.

 Any other idea why xombrero quits with the error reported?

 STEFAN

Re: Firewall: Where is the bottleneck?

2014-10-02 Thread Ville Valkonen 
Hello Patrick,

On 2 October 2014 17:32, Patrick jum...@yahoo.de wrote:
 Hi,

 I use a OpenBSD based firewall (version 5.2, I know I should upgrade but ...) 
 between a 8 host cluster of Linux server and 300 clients which will access 
 this clutser via VNC. Each server is connected with one gigabit port to a 
 dedicated switch and the firewall has on each site one gigabit (dedicated 
 switch and campus network).

 The users complains about slow VNC response times (if I connect a client 
 system to the dedicated switch, the access is faster, even during peak 
 hours), and the admins of the cluster blame my firewall :(.

 I use MRTG for traffic monitoring (data retrieves from OpenBSD in one minute 
 interval) and can see average traffic of 160 Mbit/s during office hours and 
 peaks and 280 Mbit/s. With bwm-ng and a five second interval I can see peaks 
 and 580 Mbit/s. The peak packets per second is arround 8 packets (also 
 measured with bwm-ng). The interrupt of CPU0 is in peak 25%. So with this 
 data I don't think the firewall is at the limit, I'm right?

 The server is a standard Intel Xeon (E3-1220V2, 4 Cores, 3.10 GHz) with 4 
 GByte of memory and 4 1 Gbit/s ethernet cooper Intel nics (driver em).

 Where is the problem? Can't the nics handle more packets/second? How can I 
 check for this?

 If I connect a client system directly to the dedicated system, the response 
 times are better.

 Thanks for your help,
 Patrick

In addition to dmesg, could you please provide the following information:
$ pfctl -si
$ sysctl kern.netlivelocks
and interrupt statistics (by systat for example) would be helpful.

Thanks!

--
Regards,
Ville

Re: Why are there no PKG_PATH defaults?

2014-09-25 Thread Ville Valkonen 
On 25 September 2014 01:30, Dmitrij D. Czarkoff czark...@gmail.com wrote:
 openda...@hushmail.com said:
 Then, in the event that someone installed via an ISO or some
 pre-defined VM (ie. a DigitalOcean droplets) -- how about a one-time
 script upon first root login to ask for such info?

   You do not have a `PKG_PATH` set for `pkg_add`. Would you like us to
 set it for you?  (Y/n) y

  Choose your nearest mirror:

  1. Continent
  2. Whatever
  3. ...

 FWIW the idea of presenting the list of mirrors suddenly starts to make
 sense, as now there is no browser in base install. But

 Alexander Hall said:
 I can't speak for others, but I'd be terribly annoyed by this.

 I absolutely agree with this sentiment.

 In my opinion, the best way to present list of mirrors would be to
 provide a command for fetching it, either in pkg_add(1) or in root.mail
 (the message root recieves upon completion of installation).  As I
 prefer the latter way, patch to root.mail follows.

 --
 Dmitrij D. Czarkoff

 Index: root.mail
 ===
 RCS file: /var/cvs/src/etc/root/root.mail,v
 retrieving revision 1.104
 diff -u -p -r1.104 root.mail
 --- root.mail   15 Jul 2014 22:05:29 -  1.104
 +++ root.mail   24 Sep 2014 22:05:12 -
 @@ -36,7 +36,9 @@ full list of packages for each architect
 ftp://ftp.openbsd.org/pub/OpenBSD/5.6/packages/

  If you do not find a package you want on the CD, please go look at your
 -nearest FTP mirror site.
 +nearest FTP mirror site.  To get a list of available mirrors, execute:
 +
 + ftp -o - http://ftp.openbsd.org/cgi-bin/ftplist.cgi

  Select your architecture and download the tarballs of your choice.  For 
 example
  to install the emacs package for amd64, execute:

Not that this would be a voting thing but I like the direction where
this is heading. More convenient than writing the address down or
remembering it.

--
Regards,
Ville

Re: Why are there no PKG_PATH defaults?

2014-09-24 Thread Ville Valkonen 
On 24 September 2014 14:12, Barbier, Jason jab...@serversave.us wrote:
 Just to point out if you do an install where you do select a mirror your
 mirror settings do seem to persist beyond the install, so it sounds like
 the problem is solved and user education is in order.

 *washes hands of the problem*

 --
 Jason Barbier | jab...@serversave.us
 Pro Patria Vigilans

And once you are behind a slow Internet connection and use a local
medium... all you can do is to remember :(

--
Regards,
Ville

Re: Why are there no PKG_PATH defaults?

2014-09-24 Thread Ville Valkonen 
Out of curiosity, what's wrong with the one that installer uses?

--
Regards,
Ville

On 24 September 2014 19:34, Alexander Hall alexan...@beard.se wrote:
 On September 24, 2014 6:09:04 PM CEST, openda...@hushmail.com wrote:
 Indeed, the installer only creates that if you install from a
mirror.  Apart from that, as someone else pointed out, which mirror
should one  choose?

Cool, I didn't know that.

Then, in the event that someone installed via an ISO or some
pre-defined VM (ie. a DigitalOcean droplets) -- how about a one-time
script upon first root login to ask for such info?

  You do not have a `PKG_PATH` set for `pkg_add`. Would you like us to
set it for you?  (Y/n) y

  Choose your nearest mirror:

  1. Continent
  2. Whatever
  3. ...

  There is currently no ports collection in `/usr/ports`. Would you
like us to get it for you? (Y/n)

 I can't speak for others, but I'd be terribly annoyed by this.

 Also, the script isn't trivial. Feel free to give it a go, share and use it 
 for your own sake, but I'd be surprised to see it go in.

 /Alexander


Thanks!

O.D.

On 24. september 2014 at 1:05 PM, Alexander Hall  wrote:On September
24, 2014 12:44:14 PM CEST, openda...@hushmail.com wrote:
 Because /etc/pkg.conf ?

Sorry, no such file over here.

Indeed, the installer only creates that if you install from a mirror.
Apart from that, as someone else pointed out, which mirror should one
choose?

/Alexander


O.D.

On 23. september 2014 at 1:47 PM, Alexander Hall  wrote:On
September
23, 2014 3:00:41 PM CEST, openda...@hushmail.com wrote:
Hi,

Expanding on the whole
http://en.wikipedia.org/wiki/Convention_over_configuration thing --
why aren't there any sane PKG_PATH defaults? Ie.:

release=$(uname -r)
architecture=$(uname -p)

export
PKG_PATH=ftp://ftp.openbsd.org/pub/OpenBSD/${release}/packages/${architecture}/

Because /etc/pkg.conf ?

/Alexander


Thanks!

O.D.

Re: videos in the browser

2014-09-19 Thread Ville Valkonen 
I'll get the popcorns.
On Sep 19, 2014 3:38 PM, Matti Karnaattu mkarnaa...@gmail.com wrote:

 Hi,

 I don't think that any web developer care OpenBSD because OpenBSD
 doesn't have graphical browser in base system. They don't care even if
 1000 OpenBSD users complain.

 Flash material will disappear from web less than three years and Flash
 videos will get replaced by Mpeg-4 AVC and WebM.

 I personally think that OpenBSD should embrace HTML5/ECMA Script by
 adding Web component + minimalistic browser around it to the base
 system in some point of future. Major reason for this is that web has
 become both defacto and dejure technology for graphical remote use and
 also it is standard way to create GUI. X clients are legacy today.
 This is even possible to do, because needed software components are
 almost completely available in BSD licenses.

 After all, I think top secure system should also allow running
 applications in secured manner, but it may cause challenges to avoid
 security holes.

Re: tools for monitoring network traffic

2014-09-19 Thread Ville Valkonen 
Hello Markus, have you checked pflow?

Regards, Ville
On Sep 19, 2014 4:11 PM, Markus Rosjat ros...@ghweb.de wrote:

 Hello,

 just a simple question with a properbly more complicated answer. Are there
 tools out there to simply monitor the network traffic for a webserver so
 you get information about which domain caused which traffic over a week or
 a day?

 I know I could go and reinvent the wheel by using pf and other tools but
 since Im a lazy guy I want to look for a solution that is already out
there.

 Thx for the help :)

 Regards

 --
 Markus Rosjatfon: +49 351 8107223mail: ros...@ghweb.de

 G+H Webservice GbR Gorzolla, Herrmann
 Königsbrücker Str. 70, 01099 Dresden

 http://www.ghweb.de
 fon: +49 351 8107220   fax: +49 351 8107227

 Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before
 you print it, think about your responsibility and commitment to the
 ENVIRONMENT

Re: Kernel Panic __mp_lock_held in kern_lock.c when using vmt0

2014-09-04 Thread Ville Valkonen 
Hello,

On 4 September 2014 11:30,  s.sm...@gmx.ch wrote:
 Hi all,
 ...
 [demime 1.01d removed an attachment of type image/png which had a name of 
 PS_1_2014-09-01 15_14_25-UI-SRV-MCR-01-test-FC.PNG]

 [demime 1.01d removed an attachment of type image/png which had a name of 
 PS_2_2014-09-01 15_14_25-UI-SRV-MCR-01-test-FC.PNG]

 [demime 1.01d removed an attachment of type image/png which had a name of 
 trace_2014-09-01 15_13_55-UI-SRV-MCR-01-test-FC.PNG]

attachments are be stripped in this mailing list. Mind to upload and
paste link(s), thanks.

--
Kind regards,
Ville Valkonen

Re: httpd URI rewriting / try_files

2014-08-28 Thread Ville Valkonen 
+1
On Aug 28, 2014 3:29 PM, Christopher Zimmermann chr...@openbsd.org
wrote:

 On Thu, 28 Aug 2014 14:37:34 +0300 Gregory Edigarov
 ediga...@qarea.com wrote:

  Hello
 
  are there any plans to implement uri rewriting or something in a manner
  of 'try_files' configuration option of nginx?

 I plan to add a URL stripping option, somewhat more powerful than the
 nginx alias directive:


 root [strip number] directory
 Set the document root of the server.  The directory is a
 pathname within the chroot(2) root directory of httpd.  If not
 specified, it defaults to /htdocs.  If the strip option is set,
 number
 path components are removed from the beginning of the URI before
 directory is prepended.

 this would allow you to do for example:

 location /wiki/ {
 strip 1
 root /dokuwiki
 directory index doku.php
 fastcgi socket /tmp/php.sock
 }


 Christopher


 --
 http://gmerlin.de
 OpenPGP: http://gmerlin.de/christopher.pub
 F190 D013 8F01 AA53 E080  3F3C F17F B0A1 D44E 4FEE

 [demime 1.01d removed an attachment of type application/pgp-signature
 which had a name of signature.asc]

Re: pkg_mgr error: Fatal error: Ustar ... Eror while reading header

2014-08-20 Thread Ville Valkonen 
Hello Daniel,

please see my answers inline.

On 19 August 2014 04:08, Daniel Villarreal yclwebmas...@gmail.com wrote:
 Sorry. This happens for lots of different programs... just tried to use
 pkg_mgr to install gif2png

 --- errors --
 Fatal error: Ustar
 [
 http://ftp.openbsd.org/pub/OpenBSD/5.5/packages/amd64/gif2png-2.5.2p1.tgz][share/doc/gif2png/README]:
 Error while reading header



 in root's .profile...
 *PKG_PATH=http://ftp.openbsd.org/pub/OpenBSD/$(uname
 http://ftp.openbsd.org/pub/OpenBSD/$(uname -r)/packages/$(uname -m)/*

Afaik. * shouldn't be the last char.

 # cat
 /etc/pkg.conf

 installpath=http://ftp.openbsd.org/pub/OpenBSD/5.5/packages/amd64

Missing '/' char from the end.

 Thanks,
 Daniel

--
Cheers,
Ville

Re: Microsoft keyboard and touchpad combo, touchpad doesn't work

2014-05-19 Thread Ville Valkonen 
On 19 May 2014 00:50, Martin Pieuchot mpieuc...@nolizard.org wrote:
 On 18/05/14(Sun) 21:15, Ville Valkonen wrote:
 Hello all,
 [...]
 I can see it attaches as wsmouse2 but nevertheless it doesn't work. Any help
 how to debug this further would be highly appreciated.

 Thanks in advance and keep up the good work!

 P.S. Yes, you can see there's Logitech Unifying receivers too. Doesn't change
 the situation even those are unplugged.

 ### dmesg starts 
 OpenBSD 5.5-current (GENERIC.MP) #125: Sun May 11 08:28:18 MDT 2014

 Could you try a more recent snapshot and report back if it still doesn't
 work?  A change that might help went in one day after the snapshot
 you're using.

 M.

Hello Martin,

should have had tried that in the first hand. Good news, works perfectly now.

Thanks a much!

--
Ville

Microsoft keyboard and touchpad combo, touchpad doesn't work

2014-05-18 Thread Ville Valkonen 
 configuration 1 interface 2 Logitech USB
Receiver rev 2.00/12.01 addr 5
uhidev8: iclass 3/0, 33 report ids
uhid16 at uhidev8 reportid 16: input=6, output=6, feature=0
uhid17 at uhidev8 reportid 17: input=19, output=19, feature=0
uhid18 at uhidev8 reportid 32: input=14, output=14, feature=0
uhid19 at uhidev8 reportid 33: input=31, output=31, feature=0
 dmesg ends #

--
Regards,
Ville Valkonen

Re: Microsoft keyboard and touchpad combo, touchpad doesn't work

2014-05-18 Thread Ville Valkonen 
On 18 May 2014 21:15, Ville Valkonen weezeld...@gmail.com wrote:
 Hello all,

 I bought a wireless keyboard and touchpad combo, Microsoft All-in-One Media
 keyboard to be specific
 (http://www.microsoft.com/hardware/en-us/p/all-in-one-media-keyboard).

 When attaching the kb+mouse this is the result (dmesg):
 uhub3 at uhub2 port 2 Terminus Technology USB 2.0 Hub rev 2.00/1.11 addr 3
 uhidev0 at uhub3 port 2 configuration 1 interface 0 Microsoft
 Microsoft\M-. Nano Transceiver v2.0 rev 2.00/9.34 addr 4
 uhidev0: iclass 3/1
 ukbd0 at uhidev0: 8 variable keys, 6 key codes
 wskbd1 at ukbd0 mux 1
 wskbd1: connecting to wsdisplay0
 uhidev1 at uhub3 port 2 configuration 1 interface 1 Microsoft
 Microsoft\M-. Nano Transceiver v2.0 rev 2.00/9.34 addr 4
 uhidev1: iclass 3/1, 26 report ids
 uhid0 at uhidev1 reportid 18: input=0, output=0, feature=1
 uhid1 at uhidev1 reportid 23: input=0, output=0, feature=1
 ums0 at uhidev1 reportid 26: 5 buttons, Z dir
 wsmouse2 at ums0 mux 0
 uhidev2 at uhub3 port 2 configuration 1 interface 2 Microsoft
 Microsoft\M-. Nano Transceiver v2.0 rev 2.00/9.34 addr 4
 uhidev2: iclass 3/0, 8 report ids
 uhid2 at uhidev2 reportid 3: input=1, output=0, feature=0
 uhid3 at uhidev2 reportid 4: input=1, output=0, feature=0
 uhid4 at uhidev2 reportid 7: input=7, output=0, feature=0
 uhid5 at uhidev2 reportid 8: input=1, output=0, feature=0

 I can see it attaches as wsmouse2 but nevertheless it doesn't work. Any help
 how to debug this further would be highly appreciated.

 Thanks in advance and keep up the good work!

 P.S. Yes, you can see there's Logitech Unifying receivers too. Doesn't change
 the situation even those are unplugged.

 ### dmesg starts 
 OpenBSD 5.5-current (GENERIC.MP) #125: Sun May 11 08:28:18 MDT 2014
 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
 real mem = 8237621248 (7856MB)
 avail mem = 8009576448 (7638MB)
 mpath0 at root
 scsibus0 at mpath0: 256 targets
 mainbus0 at root
 bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdae9d000 (68 entries)
 bios0: vendor LENOVO version G2ET97WW (2.57 ) date 10/25/2013
 bios0: LENOVO 2324BY9
 acpi0 at bios0: rev 2
 acpi0: sleep states S0 S3 S4 S5
 acpi0: tables DSDT FACP TCPA SSDT SSDT SSDT HPET APIC MCFG ECDT FPDT
 ASF! UEFI UEFI POAT SSDT SSDT UEFI DBG2
 acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP3(S4) XHCI(S3)
 EHC1(S3) EHC2(S3) HDEF(S4)
 acpitimer0 at acpi0: 3579545 Hz, 24 bits
 acpihpet0 at acpi0: 14318179 Hz
 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
 cpu0 at mainbus0: apid 0 (boot processor)
 cpu0: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz, 2395.02 MHz
 cpu0: 
 FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,XSAVE,AVX,F16C,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS
 cpu0: 256KB 64b/line 8-way L2 cache
 cpu0: smt 0, core 0, package 0
 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
 cpu0: apic clock running at 99MHz
 cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
 cpu1 at mainbus0: apid 1 (application processor)
 cpu1: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz, 2394.56 MHz
 cpu1: 
 FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,XSAVE,AVX,F16C,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS
 cpu1: 256KB 64b/line 8-way L2 cache
 cpu1: smt 1, core 0, package 0
 cpu2 at mainbus0: apid 2 (application processor)
 cpu2: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz, 2394.56 MHz
 cpu2: 
 FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,XSAVE,AVX,F16C,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS
 cpu2: 256KB 64b/line 8-way L2 cache
 cpu2: smt 0, core 1, package 0
 cpu3 at mainbus0: apid 3 (application processor)
 cpu3: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz, 2394.56 MHz
 cpu3: 
 FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,XSAVE,AVX,F16C,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS
 cpu3: 256KB 64b/line 8-way L2 cache
 cpu3: smt 1, core 1, package 0
 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
 acpimcfg0 at acpi0 addr 0xf800, bus 0-63
 acpiec0 at acpi0
 acpiprt0 at acpi0: bus 0 (PCI0)
 acpiprt1 at acpi0: bus -1 (PEG_)
 acpiprt2 at acpi0: bus 2 (EXP1)
 acpiprt3 at acpi0: bus 3 (EXP2)
 acpiprt4 at acpi0: bus -1 (EXP3)
 acpicpu0 at acpi0: C2, C1, PSS
 acpicpu1 at acpi0: C2, C1, PSS
 acpicpu2 at acpi0: C2, C1, PSS
 acpicpu3 at acpi0: C2, C1, PSS
 acpipwrres0 at acpi0

Re: Kernel error with March 20th amd64 snapshot

2014-03-24 Thread Ville Valkonen 
Hello gents,

and thanks to all involved, it's fixed in the latest snapshot.

Here are the snapshots I've used lately and marked whether it works:
24-03-2014/ [Works]
20-03-2014/ [Crashes]
24-02-2014/ [Works]

Hope this helps even a bit.

--
Regards,
Ville

On 24 March 2014 08:09, Philip Guenther guent...@gmail.com wrote:
 On Sun, Mar 23, 2014 at 10:49 PM, Peter Kane pwk...@gmail.com wrote:
 However, the problem of an automatic resume when a USB drive is attached on 
 suspend still persists.

 This is the problem that started some time ago, unrelated to mpi@'s
 recent changes, right?  So, what's the latest snapshot or cvs update
 you're sure did *not* have the problem, and what's the first you're
 sure *did* have the problem?

 (Regressions should be reported AFSAP)


 Philip Guenther

Re: Kernel error with March 20th amd64 snapshot

2014-03-22 Thread Ville Valkonen 
Hello Martin,

same crash happens here. A USB-monitor-hub is connected to a USB3 port
(though USB3 disabled from BIOS) in a computer. Same setup than
before, dongles are in the monitor hub. I can try if this is
reproducible with a USB2 port. Will let you know tomorrow.

Here's trace with ehcidebug=4 and usbdebug=6 enabled:
ukbd0 detached
uhidev0 detached
uvm_fault(0x81d44f20, 0x24, 0, 1) - e
kernel: page fault trap, code=0
Stopped at  strlcpy+0x16:   movzbl  0(%rcx),%eax
ddb{1} strlcpy() at strlcpy+0x16
config_detach() at config_detach+0x97
config_detach() at config_detach+0x143
usb_disconnect_port() at usb_disconnect_port+0x6a
uhub_detach() at uhub_detach+0x64
config_detach() at config_detach+0x143
usb_disconnect_port() at usb_disconnect_port+0x6a
uhub_explore() at uhub_explore+0x12b
uhub_explore() at uhub_explore+0x97
usb_explore() at usb_explore+0xcf
usb_task_thread() at usb_task_thread+0xb2
end trace frame: 0x0, count: -11

--
Regards,
Ville Valkonen

On 22 March 2014 19:31, Martin Pieuchot mpieuc...@nolizard.org wrote:
 On 22/03/14(Sat) 02:30, Shawn K. Quinn wrote:
 On Fri, Mar 21, 2014, at 07:34 PM, Tristan PILAT wrote:
  Hello,
 
  I noticed a crash with the March 20th amd64 snapshot. When I
  unplug my USB wireless mouse receiver, i get this;
 
  wskbd1: disconnecting from wsdisplay0
  wskbd1 detached
  ukbd0 detached
  uhidev0 detached
  uvm_faut(0x81dc6f00, 0x24, 0, 1) - e
  kernel: page faut trap, code=0
  Stopper at  strlcpy+0x16movzbl  0(%rcx), %eax
  ddb1{1}
 
  I own a thinkpad x230 and only the right side USB port is working
  after the upgrade, the two left side USB port are not working
  anymore. Find attached my dmesg.

 A similar crash happened with the March 19th snapshot here as well when
 switching computers on my USB KVM switch. My backtrace also indicates a
 kernel trap in strlcpy. I was about to upgrade to the March 20th
 snapshot to see if it was still there.

 It is likely to be there since it's the first time I here about such
 regression and sadly there's not enough information in your bug report
 to do anything :(

 Could you provide a dmesg with the USB keyboard (or whatever device
 causing the problem) plugged in and a trace when the panic occurs.

 See http://www.openbsd.org/report.html for more information.

 Martin

Re: ROUNDROBIN TRUNK

2014-03-15 Thread Ville Valkonen 
On 15 March 2014 10:03, Max Power open...@cpnetserver.net wrote:
 Hi,
 with Roundrobin Trunk, if a nic fails,
 all traffic stop or the other nic continues to work
 without problems...?

 Thank, Max Power.

Hello,

other IF steps in and no problems should occur.

--
Regards,
Ville Valkonen

Re: PkgCheck.pm can't locate new

2014-02-10 Thread Ville Valkonen 
On 10 February 2014 05:21, Rob Fabry robfabr...@yahoo.com wrote:
 I'm trying to install OpenBSD on a new machine so I can learn how
 to setup a
 router, but running into a strange problem.

 A Supermicro 5015A-H with Intel
 Atom 330 at 1.6 GHz

 When I tried to install the unbound package, it can't
 find it
 (even though it's in the directory, and the shell autocompletes
 the
 name)

 # pkg_add unbound_1.4.20.tgz
 Can't find package unbound_1.4.20.tgz
 (adding multiple -v doesn't elaborate on the problem)
 Any thoughts on what is this problem with finding method new
 ?

Hello Rob,

please read http://www.openbsd.org/faq/faq15.html.

In addition what does this command print?
$ env |grep PKG_PATH
*Hint it's covered in here* http://www.openbsd.org/faq/faq15.html#Easy.
Yet another hint: http://www.openbsd.org/faq/faq15.html#PkgInstall.

And finally the answer, you must use the absolute path when installing
packages without the PKG_PATH set.

Regards,
Ville

Re: PkgCheck.pm can't locate new

2014-02-10 Thread Ville Valkonen 
On 10 February 2014 15:26, Josh Grosse j...@jggimi.homeip.net wrote:
 On 2014-02-09 22:21, Rob Fabry wrote:

 I'm trying to install OpenBSD on a new machine so I can learn how
 to setup a
 router, but running into a strange problem.

 A Supermicro 5015A-H with Intel
 Atom 330 at 1.6 GHz

 When I tried to install the unbound package, it can't
 find it
 (even though it's in the directory, and the shell autocompletes
 the
 name)

 # pkg_add unbound_1.4.20.tgz
 Can't find package unbound_1.4.20.tgz
 (adding multiple -v doesn't elaborate on the problem)


 Hi.  pkg_add(1) uss $PKG_PATH, unless you use a directory path.  Try adding
 the directory:

 # pkg_add ./unbound_1.4.20.tgz

Bummer, you are right. That works too.

Regards,
Ville

Re: signify - verification failed

2014-01-15 Thread Ville Valkonen 
On 15 January 2014 23:19, Eivind Eide xeno...@gmail.com wrote:
 Installing packages suddenly fail with latest snapshot.

 Running i386 snapshot:
 OpenBSD 5.5-beta (GENERIC) #231: Tue Jan 14 10:40:22 MST 2014
 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC

 Problem appears as:

 sudo pkg_add -iv ImageMagick
 Update candidates: quirks-1.106 - quirks-1.106 (ok)
 ImageMagick-6.7.7.7p5:libwmf-0.2.8.4p0: ok
 ImageMagick-6.7.7.7p5:libltdl-2.4.2p0: ok
 pub fp: UQW0HmnVm5k=
 sig fp: qMGXBLsGJhI=
 signify: verification failed: checked against wrong key
 system(/usr/bin/signify, -p, /etc/signify/54pkg.pub, -V, -m,
 /tmp/pkgcontent.78a1QBH0o) failed: exit(1)
 --- +transfig-3.2.5ap0 ---
 Bad signature
 Packages with signatures: 2
 Fatal error: transfig-3.2.5ap0 is corrupted
  at /usr/libdata/perl5/OpenBSD/PkgAdd.pm line 659.

 These signatures are present:

 ls -l /etc/signify/
 total 24
 -rw-r--r--  1 root  wheel  106 Jan 14 18:25 54base.pub
 -rw-r--r--  1 root  wheel  110 Jan 14 18:25 54fw.pub
 -rw-r--r--  1 root  wheel  110 Jan 14 18:25 54pkg.pub
 -rw-r--r--  1 root  wheel  117 Jan 14 18:25 55base.pub
 -rw-r--r--  1 root  wheel  121 Jan 14 18:25 55fw.pub
 -rw-r--r--  1 root  wheel  121 Jan 14 18:25 55pkg.pub

 Anybody knows what to do?


 --



 Eivind Eide

 ONLY THOSE WHO ATTEMPT THE IMPOSSIBLE WILL ACHIEVE THE ABSURD
 - Oceania Association of Autonomous Astronauts

Hello Eivind,

I'd guess signatures/packages are just out of sync. Try again tomorrow
would be my solution.

Regards,
Ville

Re: Security

2014-01-10 Thread Ville Valkonen 
Hi,

did you disable chroot of the http server?

Regards,
Ville Valkonen
On Jan 10, 2014 8:37 AM, agrquinonez agrquino...@riseup.net wrote:

 Short story, long!

 I have had 1 OBSD box, with e-mail server (sendmail), 1 web page
 (apache), and anonymous ftp server for almost 14 years; upgrading by
 clean installations every 6 months, and without problems. I have 2 80GB
 hard drives (1 system, 1 /ftp/pub).

 This time, i installed DokuWiki, and Mailman over 5.3; failing with
 Mailman. I added 2 vhost to the web server. And at this time everything
 was going well. Before, the last upgrade; i decide to test the upgrade
 5.3-5.4 using the recommended method (install54.iso), and failed. It
 really, did not like me. After that, I did a clean installation of 5.4,
 and installed the full system, plus DokuWiki and dependencies; it
 happened on Jan 7 2014,

 Surprise, on Jan 9 2014; i found 1 soft link to the web server from
 /root; i began to review deeper, and found the file
 /var/www/logs/etag-state in chinese; 2 references to hinet (chinese)
 intenting to send spam (relay). Magically, appeared weird syntoms; and
 then 11:28 pm; i decided to do a new exact clean installation  to
 discover what could happen.

 Ideas are going to be really appreciated, because i am not a technical guy.

 Thanks.

 agrquinonez

 [demime 1.01d removed an attachment of type application/pgp-signature
 which had a name of signature.asc]

Re: Thinkpad x220i hangs after a few days of uptime

2013-12-18 Thread Ville Valkonen 
On 17 December 2013 14:10, Christian Weisgerber na...@mips.inka.de wrote:
 Stuart Henderson s...@spacehopper.org wrote:

  i am using a Thinpad x220i and I have a weired problem. Most of the
  time, i just put my notebook into suspend mode (zzz), so, I do not often
  reboot. After 4 or 5 days, my notebook suddenly stops and I
  can't do anything except pressing the power button for 4 or 5 seconds
  and reboot.

 Try disabling apmd, it is known to cause hangs on some systems.

 Which seems odd because my X230 suffers those hangs only when it
 is sitting there idling, but not when it is flat out busy or during
 interactive use.

 --
 Christian naddy Weisgerber  na...@mips.inka.de

Hello Christian,

X230i here and running smoothly. Out of curiosity, do you have the
latest bios updates?
$ uptime
2:06PM  up 8 days, 13:08, 5 users, load averages: 0.25, 0.33, 0.36

..and still going strong. This includes several cycles of suspend  resume.

Regards,
Ville Valkonen

Re: Thinkpad x220i hangs after a few days of uptime

2013-12-18 Thread Ville Valkonen 
On 18 December 2013 15:40, Bsd Club bsdclubho...@gmail.com wrote:
 Well, thanks for your replies so far.
 I am currently trying to repeat the problem but it didn't happen the
 last four days (apmd is running).

 @Ville alkonen:
 what applications do you use? I have quite a few big ones (chrome,
 firefox, xombrero, eclipse, java). I suspect that one of those
 programs is causing the trouble (they have coredumps quite often), so,
 I close the programs when I don't need them.

Firefox is usually always on and at the moment it takes ~830M, few
gvim instances, few xterms, mupdf, evince, chrome fairly often (for
facebook, for example) and other apps as needed.

 Is there a way to activate enhanced/deeper logging functionality?
I have:
$ ls -lsah /etc/malloc.conf
0 lrwxr-xr-x  1 root  wheel 1B Jul 17 14:12 /etc/malloc.conf@ - S

so if you want to have more information, compile the program with the
debug flag (-g). Later, you can examine the dump by commanding: gdb -c
firefox.core firefox and 'bt', for example.

For me Clementine seems to do dumps fairly often, been busy lately so
no time to debug unfortunately.

--
Regards,
Ville

 On 12/18/13, Ville Valkonen weezeld...@gmail.com wrote:
 On 17 December 2013 14:10, Christian Weisgerber na...@mips.inka.de wrote:
 Stuart Henderson s...@spacehopper.org wrote:

  i am using a Thinpad x220i and I have a weired problem. Most of the
  time, i just put my notebook into suspend mode (zzz), so, I do not
  often
  reboot. After 4 or 5 days, my notebook suddenly stops and I
  can't do anything except pressing the power button for 4 or 5 seconds
  and reboot.

 Try disabling apmd, it is known to cause hangs on some systems.

 Which seems odd because my X230 suffers those hangs only when it
 is sitting there idling, but not when it is flat out busy or during
 interactive use.

 --
 Christian naddy Weisgerber  na...@mips.inka.de

 Hello Christian,

 X230i here and running smoothly. Out of curiosity, do you have the
 latest bios updates?
 $ uptime
 2:06PM  up 8 days, 13:08, 5 users, load averages: 0.25, 0.33, 0.36

 ..and still going strong. This includes several cycles of suspend  resume.

 Regards,
 Ville Valkonen

Re: interruptions

2013-11-14 Thread Ville Valkonen 
dmesg?

Re: GM45 gpu hung error

2013-11-13 Thread Ville Valkonen 
On 13 November 2013 20:31,  ja...@cieti.lv wrote:
 On 13.11.2013 20:24, Theo de Raadt wrote:

 I have updated the BIOS already to A26. The story is that everything was
 great after KMS was introduced, but then at some point a diff was
 reduced to Linux or something else, which caused aforementioned
 problems.


 Awesome!  So since you know it was a diff, can you isolate it
 specifically?

 That's the process.

 Thanks.

 Sure. Please teach me how to get the source from a specific date to build
 and I'm on it. Last time I tried, it did not work. See here:
 http://marc.info/?l=openbsd-bugsm=137447697607912w=2

 What am I doing wrong?

Hello,

ahem.. you are not revealing all the needed information Tried to
compile, but got an error. Please specify all the commands you used
in compiling, thanks. Wild guess, you forgot to make depend?

--
Regards,
Ville Valkonen

Re: IBM x3250 M5 boot stopped at acpiec0

2013-11-09 Thread Ville Valkonen 
0x0008: Class: 01 Subclass: 06 Interface: 01 Revision: 02
0x000c: BIST: 00 Header Type: 00 Latency Timer: 00 Cache Line Size: 00
0x0010: BAR io addr: 0xf0f0/0x0008
0x0014: BAR io addr: 0xf0e0/0x0004
0x0018: BAR io addr: 0xf0d0/0x0008
0x001c: BAR io addr: 0xf0c0/0x0004
0x0020: BAR io addr: 0xf020/0x0010
0x0024: BAR mem 32bit addr: 0xdff04000/0x0400
0x0028: Cardbus CIS: 
0x002c: Subsystem Vendor ID: 8086 Product ID: 27c0
0x0030: Expansion ROM Base Address: 
0x0038: 
0x003c: Interrupt Pin: 02 Line: 07 Min Gnt: 00 Max Lat: 00
0x0080: Capability 0x05: Message Signaled Interrupts (MSI)
0x0070: Capability 0x01: Power Management
 0:31:3: Intel 82801GB SMBus
0x: Vendor ID: 8086 Product ID: 27da
0x0004: Command: 0001 Status: 0280
0x0008: Class: 0c Subclass: 05 Interface: 00 Revision: 02
0x000c: BIST: 00 Header Type: 00 Latency Timer: 00 Cache Line Size: 00
0x0010: BAR empty ()
0x0014: BAR empty ()
0x0018: BAR empty ()
0x001c: BAR empty ()
0x0020: BAR io addr: 0xf000/0x0020
0x0024: BAR empty ()
0x0028: Cardbus CIS: 
0x002c: Subsystem Vendor ID: 8086 Product ID: 27da
0x0030: Expansion ROM Base Address: 
0x0038: 
0x003c: Interrupt Pin: 02 Line: 07 Min Gnt: 00 Max Lat: 00
 2:0:0: Realtek 8168
0x: Vendor ID: 10ec Product ID: 8168
0x0004: Command: 0007 Status: 0010
0x0008: Class: 02 Subclass: 00 Interface: 00 Revision: 06
0x000c: BIST: 00 Header Type: 00 Latency Timer: 00 Cache Line Size: 10
0x0010: BAR io addr: 0xe000/0x0100
0x0014: BAR empty ()
0x0018: BAR mem prefetchable 64bit addr: 0xdfe04000/0x1000
0x0020: BAR mem prefetchable 64bit addr: 0xdfe0/0x4000
0x0028: Cardbus CIS: 
0x002c: Subsystem Vendor ID: 10ec Product ID: 8168
0x0030: Expansion ROM Base Address: 
0x0038: 
0x003c: Interrupt Pin: 01 Line: 05 Min Gnt: 00 Max Lat: 00
0x0040: Capability 0x01: Power Management
0x0050: Capability 0x05: Message Signaled Interrupts (MSI)
0x0070: Capability 0x10: PCI Express
Link Speed: 2.5 / 2.5 GT/s Link Width: x1 / x1
0x00b0: Capability 0x11: Extended Message Signaled Interrupts (MSI-X)
0x00d0: Capability 0x03: Vital Product Data (VPD)
 3:0:0: Realtek 8168
0x: Vendor ID: 10ec Product ID: 8168
0x0004: Command: 0007 Status: 0010
0x0008: Class: 02 Subclass: 00 Interface: 00 Revision: 06
0x000c: BIST: 00 Header Type: 00 Latency Timer: 00 Cache Line Size: 10
0x0010: BAR io addr: 0xd000/0x0100
0x0014: BAR empty ()
0x0018: BAR mem prefetchable 64bit addr: 0xdfd04000/0x1000
0x0020: BAR mem prefetchable 64bit addr: 0xdfd0/0x4000
0x0028: Cardbus CIS: 
0x002c: Subsystem Vendor ID: 10ec Product ID: 8168
0x0030: Expansion ROM Base Address: 
0x0038: 
0x003c: Interrupt Pin: 01 Line: 03 Min Gnt: 00 Max Lat: 00
0x0040: Capability 0x01: Power Management
0x0050: Capability 0x05: Message Signaled Interrupts (MSI)
0x0070: Capability 0x10: PCI Express
Link Speed: 2.5 / 2.5 GT/s Link Width: x1 / x1
0x00b0: Capability 0x11: Extended Message Signaled Interrupts (MSI-X)
0x00d0: Capability 0x03: Vital Product Data (VPD)
 5:1:0: Intel 82541GI
0x: Vendor ID: 8086 Product ID: 107c
0x0004: Command: 0007 Status: 0230
0x0008: Class: 02 Subclass: 00 Interface: 00 Revision: 05
0x000c: BIST: 00 Header Type: 00 Latency Timer: 20 Cache Line Size: 10
0x0010: BAR mem 32bit addr: 0xdfc4/0x0002
0x0014: BAR mem 32bit addr: 0xdfc2/0x0002
0x0018: BAR io addr: 0xc000/0x0040
0x001c: BAR empty ()
0x0020: BAR empty ()
0x0024: BAR empty ()
0x0028: Cardbus CIS: 
0x002c: Subsystem Vendor ID: 8086 Product ID: 1376
0x0030: Expansion ROM Base Address: dfc0
0x0038: 
0x003c: Interrupt Pin: 01 Line: 05 Min Gnt: ff Max Lat: 00
0x00dc: Capability 0x01: Power Management
0x00e4: Capability 0x07: PCI-X

--
Sincerely,
Ville Valkonen

Re: I can't figure out how to change the php-fpm memory limit

2013-10-05 Thread Ville Valkonen 
On 5 October 2013 12:06, John Tate j...@johntate.org wrote:
 I am trying to increase the memory limit on my nginx php-fpm server
 for wordpress.

 I've set the following in wp-config.php...

 define('WP_MEMORY_LIMIT', '128M');
 define('WP_MAX_MEMORY_LIMIT', '128M');

 php.ini has the following...

 memory_limit = 128M
 ;suhosin.memory_limit = 0

 The fpm server is also set to change this.

 php_admin_value[memory_limit] = 128M

 Yet wordpress claims it only has 40MB, how can this be?

 I believe it might be suhosin but I am unsure how to change this on an
 OpenBSD server. I've tried changing it in the settings for the php-fpm
 server pool.

 php_admin_value[suhosin.memory_limit] = 128M

 If someone can tell me how to change the limit that would be good. The
 changes I've made don't seem to effect anything.


 --
 www.johntate.org

Hi,

take a look into man login.conf

--
Regards,
Ville

Re: Gnome would not start

2013-09-26 Thread Ville Valkonen 
On 26 September 2013 16:19, Roelof Wobben rwob...@hotmail.com wrote:
 Everything works now. It was a typo at the dbus_daeamon.

 Next task: Find out how I can make my Nvidia Geforce GT 260 working.
 Openbsd uses now the vesa driver.

 Roelof

Hello,

a short answer: you can't except if you are going to port it.

Regards,
Ville Valkonen

Re: Premature end of script headers error with CGI

2013-09-02 Thread Ville Valkonen 
On 2 September 2013 21:42, obsd, cgi obsd...@postafiok.hu wrote:
 http://unix.stackexchange.com/questions/88062/how-to-enable-cgi-in-openbsd

 How could someone use a CGI (with a shell script) on OpenBSD? What could
 the problem be?

 The CGI is this:

 # cat /var/www/htdocs/cgi-bin/SEARCH.cgi
 printf Content-type: text/html\n\n;
 printf hi

 but it keeps saying:


 # cat /var/www/logs/error_log
 [Mon Aug 26 10:09:13 2013] [error] [client 10.0.2.2] Premature end of
 script headers: /htdocs/cgi-bin/SEARCH.cgi
 #


 yes, I tried many things..(permissions looks good, printf binary copied to
 chroot, httpd.conf looks ok..) several hours of pain.. can someone post a
 howto/URL?

 Thanks, have a better day :)

Hi,

I spotted that you are not using #! at the beginning of the file. Try
#!/bin/sh for example. Patrick also mentioned the line that should
help with premature end of script headers errors.

--
Sincerely,
Ville

Re: mysql.sock location

2013-08-18 Thread Ville Valkonen 
ehm.. 127.0.0.1 == localhost
On Aug 18, 2013 12:06 PM, Kārlis Miķelsons karlis.mikels...@lf.lv
wrote:

 Broken record: linking only works until you restart the server
 manually, as mysqld removes the socket and re-creates it when starting.
 The location of the socket is configured in /etc/my.cnf.  To use mysql
 with chrooted Apache / Nginx either use TCP connections, or set both
 /etc/my.cnf and /var/www/etc/my.cnf to point to a place inside the
 chroot jail.

 Or even simpler solution, tell MySQL to use TCP connections instead of
 UNIX sockets by connecting to 127.0.0.1 instead of localhost.


 Karlis

Re: mysql.sock location

2013-08-18 Thread Ville Valkonen 
fair enough. thanks for the clarification.


On 18 August 2013 14:13, Otto Moerbeek o...@drijf.net wrote:

 On Sun, Aug 18, 2013 at 01:29:14PM +0300, Ville Valkonen wrote:

  ehm.. 127.0.0.1 == localhost

 yes, but if you use 127.0.0.1 you force a tcp connection and no unix
 domain socket is even needed.

 -Otto

  On Aug 18, 2013 12:06 PM, K??rlis Mi??elsons karlis.mikels...@lf.lv
  wrote:
 
   Broken record: linking only works until you restart the server
   manually, as mysqld removes the socket and re-creates it when
 starting.
   The location of the socket is configured in /etc/my.cnf.  To use mysql
   with chrooted Apache / Nginx either use TCP connections, or set both
   /etc/my.cnf and /var/www/etc/my.cnf to point to a place inside the
   chroot jail.
  
   Or even simpler solution, tell MySQL to use TCP connections instead of
   UNIX sockets by connecting to 127.0.0.1 instead of localhost.
  
  
   Karlis

Re: log file's watchers

2013-08-10 Thread Ville Valkonen 
On 10 August 2013 16:10, alex pae33...@gmail.com wrote:
 Hi!
 Is anybody works with tools like logsentry, swatch, logtail or others?
 What is your preference?
 I install swatch on current i386 system. My swatch.conf like this:
 ..
 watchfor   /INVALID|REPEATED|INCOMPLETE|[Ff]ail /
 echo magenta_h
 bell 3
 mail addresses=myname\@mydomain, subject=Bad_login_attempt

 watchfor /invalid|repeated|incomplete/
  echo
  write myname
  mail addresses=myname\@localhost, subject=Authentication
 Problems

 watchfor /BAD SU|bad su/
  echo
  write myname
  mail addresses=myname\@localhost, subject=SU Problems
 
 When i start swatch:
 #/usr/local/bin/swatch --daemon --config-file=/etc/swatch.conf
 --tail-file=/var/log/authlog --pid-file=/var/run/swatch.pid
  it's OK but if run
 $su (with wrong password)
 system meets me by silence :(

 What's  wrong with my swatch.conf?

 Thanks,
 Alex

 P.S. DNS  mail servers works OK

Hello,

I started with swatch but for some reason it ended up creating zombie
forks. Then, I switched to logfmon and been using that for awhile now.
Serves my needs perfectly and I also find the syntax to be more
convenient than in swatch. Try and see what suits for your needs.

So, here's my 2 cents for this matter :)

--
Cheers,
Ville Valkonen

Re: HDMI audio

2013-07-13 Thread Ville Valkonen 
man azalia also states this clearly:
BUGS
 This driver does not support codecs that are intended for HDMI or
 DisplayPort connectivity.

Re: softdep issue in 5.3-current ?

2013-06-29 Thread Ville Valkonen 
On 29 June 2013 09:51, Andreas Bartelt o...@bartula.de wrote:

snip
 time ./buildsrc.sh took about 41 minutes at 5.3 release, then went down
 to 32 minutes at some point afterwards. At some point after June 7th,
 build time doubled to 64 minutes.
/snip

Hi Andreas,

story doesn't tell whether you have sysctl kern.pool_debug set to 0.
Is it? In release it is, in current it is not.

--
Sincerely,
Ville Valkonen

Re: X or cwm got slower

2013-06-27 Thread Ville Valkonen 
On 27 June 2013 07:29, f5b f...@163.com wrote:
 Found similar problems,
 big dimension images webpage cause CPU grow up to 95% in Xorg process in 
 recent snapshots
 but  5.3 release Xorg process only use 3% of CPU

 how to repeat the problem
 while using firefox browsing a web page
 this page have only thress pictures
 1. 4000x2448 1,521,707 bytes
 2. 3786x2840 4,946,823 bytes
 3. 4000x26521,253,906 bytes

Hi,

thanks to A. Polakov, he offered a solution: about:config,
gfx.xrender.enabled: false

--
Sincerely,
Ville Valkonen

Re: who is using obsd

2013-06-12 Thread Ville Valkonen 
..and it's even more usable with current.
On Jun 12, 2013 5:41 PM, Mark Duller mark.dul...@it.ox.ac.uk wrote:

 On 14/05/2013 16:18, David Coppa wrote:
  On Tue, May 14, 2013 at 4:41 PM, Mark Duller mark.dul...@it.ox.ac.uk
 wrote:
 
  The OP was talking about laptops... Ideally one would buy a laptop that
  works well with OpenBSD, but sometimes choice is limited due to
  workplace requirements etc.
 
  For a desktop computer I totally agree. I wouldn't even want to
  suspend or shutdown my desktop.
 
  The Macbook Pro in this case is an Intel.
 
  Then try again with -current and it should work, because we have kms
  for intel now.

 I just tried with OpenBSD 5.3 i386 and amd64 and it indeed has working
 resume and video.


 After a fresh install, executing 'apmd' then 'zzz' from within X
 suspends the system. Then closing and opening the lid does indeed resume
 the system. However if doing this on a fresh boot with no X running,
 then on resume there is no video display.


 I wasn't able to get the webcam working this time (in previous versions
 I got it working, though not reliably). I used the 'video' command but
 it just gives 'video: could not find a usable encoding' even trying
 various options. dmesg shows the following but uvideo0 doesn't actually
 exist in /dev/, perhaps that is related to the issue.

  uvideo0 at uhub0 port 2 configuration 1 interface 0 Apple Inc.
  FaceTime HD Camera (Built-in) rev 2.00/5.16 addr 6
  video0 at uvideo0


 There is also a timeout on boot (shown in dmesg below) that delays start
 up for about 1-2 min, I'm not sure how one would overcome this but it's
 not a big deal having to wait a bit (as rebooting should be not be very
 frequent).

 The built in wireless card (BCM43xx 1.0) is not detected in default
 install, but wired networking is fine. IIRC there is a firmware package
 one can install to get BCM wifi working.

 So, IMO OpenBSD is quite useable on a MacBook Pro (13-inch, Late 2011).
 Though given a choice, I think one is better off getting a system known
 to work very well with OpenBSD.


 dmesg
 OpenBSD 5.3 (GENERIC.MP) #58: Tue Mar 12 18:43:53 MDT 2013
 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP
 RTC BIOS diagnostic error
 afclock_battery,config_unit,fixed_disk,invalid_time
 cpu0: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz (GenuineIntel
 686-class) 2.80 GHz
 cpu0:


FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,PCLMUL,DTES64,MWAIT,D
S-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,D
EADLINE,AES,XSAVE,AVX,LAHF,PERF,ITSC
 real mem  = 2324434944 (2216MB)
 avail mem = 2275454976 (2170MB)
 mainbus0 at root
 bios0 at mainbus0: AT/286+ BIOS, date 07/29/05, SMBIOS rev. 2.4 @
 0xe (62 entries)
 bios0: vendor Apple Inc. version MBP81.88Z.0047.B26.1110311252 date
 10/31/11
 bios0: Apple Inc. MacBookPro8,1
 acpi0 at bios0: rev 2
 acpi0: sleep states S0 S3 S4 S5
 acpi0: tables DSDT FACP HPET APIC SBST ECDT SSDT SSDT SSDT SSDT SSDT
 SSDT SSDT MCFG SSDT SSDT SSDT
 acpi0: wakeup devices P0P2(S4) GFX0(S4) PEG1(S4) EC__(S4) GMUX(S3)
 HDEF(S4) GIGE(S4) SDXC(S3) RP01(S4) ARPT(S4) RP02(S4) RP03(S4) RP04(S4)
 EHC1(S3) EHC2(S3) ADP1(S4) LID0(S4)
 acpitimer0 at acpi0: 3579545 Hz, 24 bits
 acpihpet0 at acpi0: 14318179 Hz
 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
 cpu0 at mainbus0: apid 0 (boot processor)
 cpu0: apic clock running at 99MHz
 cpu1 at mainbus0: apid 2 (application processor)
 cpu1: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz (GenuineIntel
 686-class) 2.80 GHz
 cpu1:


FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,PCLMUL,DTES64,MWAIT,D
S-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,D
EADLINE,AES,XSAVE,AVX,LAHF,PERF,ITSC
 cpu2 at mainbus0: apid 1 (application processor)
 cpu2: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz (GenuineIntel
 686-class) 2.80 GHz
 cpu2:


FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,PCLMUL,DTES64,MWAIT,D
S-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,D
EADLINE,AES,XSAVE,AVX,LAHF,PERF,ITSC
 cpu3 at mainbus0: apid 3 (application processor)
 cpu3: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz (GenuineIntel
 686-class) 2.80 GHz
 cpu3:


FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,NXE,LONG,SSE3,PCLMUL,DTES64,MWAIT,D
S-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,D
EADLINE,AES,XSAVE,AVX,LAHF,PERF,ITSC
 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
 ioapic0: misconfigured as apic 0, remapped to apid 2
 acpiec0 at acpi0
 acpimcfg0 at acpi0 addr 0xe000, bus 0-155
 acpiprt0 at acpi0: bus 0 (PCI0)
 acpiprt1 at acpi0: bus 1 (P0P2)
 acpiprt2 at acpi0: bus 5

Re: HDMI audio

2013-06-11 Thread Ville Valkonen 
On 11 June 2013 08:38, Remco re...@d-compu.dyndns.org wrote:
 Ville Valkonen wrote:

 On 10 June 2013 23:44, Ville Valkonen weezeld...@gmail.com wrote:
 Hello,

 I wonder if there's support for HDMI audio (or am I missing something
 obvious here)?

 Tried play around with mixerctl but no success. These were the most
 appropriate values I found and changed:
 $ mixerctl -v |grep outputs |grep mix
 outputs.spkr_source=mix3  [ mix2 mix3 ]
 outputs.hp_source=mix2  [ mix2 mix3 ]
 outputs.mic2_source=mix2  [ mix2 mix3 ]

 and

 outputs.master.slaves=hp  { dac-0:1 dac-2:3 spkr hp mic2 }

 I confirmed with Linux that the sound through HDMI is enabled and
 working on the TV.

 So, hints are welcome.

 Thanks,
 Ville Valkonen

 ..with this time dmesg included. In addition, sound works perfectly
 via speakers and headphones.

 snip
 azalia0 at pci0 dev 27 function 0 Intel 7 Series HD Audio rev 0x04: msi
 azalia0: codecs: Realtek ALC269, Intel/0x2806, using Realtek ALC269
 audio0 at azalia0
 /snip

 I'm not sure if the Intel/0x2806 codec is the HDMI codec.

 Anyway, AFAICT HDMI codecs are hardcoded to be disabled. I suppose the
 necessary code to make it work is missing.

 From the azalia_init_codecs function in src/sys/dev/pci/azalia.c:
 /* Use the first codec capable of analog I/O.  If there are none,
  * use the first codec capable of digital I/O.  Skip HDMI codecs.
  */

 Also on the TODO list in src/sys/dev/pci/azalia.c:
  * TO DO:
  *  - multiple codecs (needed?)
  *  - multiple streams (needed?)

 I have an ATI graphics board with a separate azalia controller:
 azalia0 at pci1 dev 0 function 1 ATI Radeon HD 5470 Audio rev 0x00: msi
 azalia0: no supported codecs
 In my case I think the only need is the addition of HDMI audio support to
 azalia. In your case, assuming the Intel/0x2806 codec is your HDMI codec, I
 think multiple codec support is needed as well.

 For now I think you're out of luck with HDMI audio.

This makes sense, cheers Remco!

--
Sincerely,
Ville Valkonen

HDMI audio

2013-06-10 Thread Ville Valkonen 
Hello,

I wonder if there's support for HDMI audio (or am I missing something
obvious here)?

Tried play around with mixerctl but no success. These were the most
appropriate values I found and changed:
$ mixerctl -v |grep outputs |grep mix
outputs.spkr_source=mix3  [ mix2 mix3 ]
outputs.hp_source=mix2  [ mix2 mix3 ]
outputs.mic2_source=mix2  [ mix2 mix3 ]

and

outputs.master.slaves=hp  { dac-0:1 dac-2:3 spkr hp mic2 }

I confirmed with Linux that the sound through HDMI is enabled and
working on the TV.

So, hints are welcome.

Thanks,
Ville Valkonen

Re: HDMI audio

2013-06-10 Thread Ville Valkonen 
On 10 June 2013 23:44, Ville Valkonen weezeld...@gmail.com wrote:
 Hello,

 I wonder if there's support for HDMI audio (or am I missing something
 obvious here)?

 Tried play around with mixerctl but no success. These were the most
 appropriate values I found and changed:
 $ mixerctl -v |grep outputs |grep mix
 outputs.spkr_source=mix3  [ mix2 mix3 ]
 outputs.hp_source=mix2  [ mix2 mix3 ]
 outputs.mic2_source=mix2  [ mix2 mix3 ]

 and

 outputs.master.slaves=hp  { dac-0:1 dac-2:3 spkr hp mic2 }

 I confirmed with Linux that the sound through HDMI is enabled and
 working on the TV.

 So, hints are welcome.

 Thanks,
 Ville Valkonen

..with this time dmesg included. In addition, sound works perfectly
via speakers and headphones.

snip
OpenBSD 5.3-current (GENERIC.MP) #121: Mon May 27 10:39:10 MDT 2013
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3959615488 (3776MB)
avail mem = 3846500352 (3668MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdae9d000 (69 entries)
bios0: vendor LENOVO version G2ET82WW (2.02 ) date 09/11/2012
bios0: LENOVO 2324BY9
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP TCPA SSDT SSDT SSDT HPET APIC MCFG ECDT FPDT
ASF! UEFI UEFI POAT SSDT SSDT UEFI DBG2
acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP3(S4) XHCI(S3)
EHC1(S3) EHC2(S3) HDEF(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz, 2394.98 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,XSAVE,AVX,F16C,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: apic clock running at 99MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz, 2394.56 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,XSAVE,AVX,F16C,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS
cpu1: 256KB 64b/line 8-way L2 cache
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz, 2394.56 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,XSAVE,AVX,F16C,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS
cpu2: 256KB 64b/line 8-way L2 cache
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i3-3110M CPU @ 2.40GHz, 2394.56 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,XSAVE,AVX,F16C,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS
cpu3: 256KB 64b/line 8-way L2 cache
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpiec0 at acpi0
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG_)
acpiprt2 at acpi0: bus 2 (EXP1)
acpiprt3 at acpi0: bus 3 (EXP2)
acpiprt4 at acpi0: bus -1 (EXP3)
acpicpu0 at acpi0: C2, C1, PSS
acpicpu1 at acpi0: C2, C1, PSS
acpicpu2 at acpi0: C2, C1, PSS
acpicpu3 at acpi0: C2, C1, PSS
acpipwrres0 at acpi0: PUBS
acpitz0 at acpi0: critical temperature is 103 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpibat0 at acpi0: BAT0 model 45N1025 serial 10457 type LION oem LGC
acpibat1 at acpi0: BAT1 not present
acpiac0 at acpi0: AC unit online
acpithinkpad0 at acpi0
acpidock0 at acpi0: GDCK not docked (0)
cpu0: Enhanced SpeedStep 2394 MHz: speeds: 2400, 2300, 2200, 2100,
2000, 1900, 1800, 1700, 1600, 1500, 1400, 1300, 1200 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 Intel Core 3G Host rev 0x09
vga1 at pci0 dev 2 function 0 Intel HD Graphics 4000 rev 0x09
intagp0 at vga1
agp0 at intagp0: aperture at 0xe000, size 0x1000
inteldrm0 at vga1
drm0 at inteldrm0
inteldrm0: 1366x768
wsdisplay0 at vga1 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
Intel 7 Series MEI rev 0x04 at pci0 dev 22 function 0 not configured
em0 at pci0 dev 25 function 0 Intel 82579LM rev 0x04: msi, address
3c:97:0e:52:44:f6
ehci0 at pci0 dev 26 function 0 Intel 7 Series USB rev 0x04: apic 2 int 16
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 Intel 7 Series HD Audio rev 0x04: msi
azalia0: codecs: Realtek ALC269, Intel/0x2806, using Realtek ALC269
audio0 at azalia0
ppb0 at pci0 dev 28

Re: spam from Intel DRM in system log

2013-06-08 Thread Ville Valkonen 
On 8 June 2013 09:56, Sergey Bronnikov este...@gmail.com wrote:
 Hello,

 I installed latest OpenBSD snapshot yesterday.
 Notebook worked over the night with just started X server and xlock(1).

 I have found a lot messages like below in system log on the morning:
 error: [drm:pid9649:drmioctl] *ERROR* can't find authenticator
 error: [drm:pid9649:drmioctl] *ERROR* can't find authenticator
 error: [drm:pid9649:drmioctl] *ERROR* can't find authenticator

 Does developers aware about such problem?

 rror: [drm:pid9649:drmioctl] *ERROR* can't find authenticator
 error: [drm:pid9649:drmioctl] *ERROR* can't find authenticator
 error: [drm:pid9649:drmioctl] *ERROR* can't find authenticator
 error: [drm:pid9649:drmioctl] *ERROR* can't find authenticator
 error: [drm:pid9649:drmioctl] *ERROR* can't find authenticator
 error: [drm:pid9649:drmioctl] *ERROR* can't find authenticator
 error: [drm:pid9649:drmioctl] *ERROR* can't find authenticator
 error: [drm:pid9649:drmioctl] *ERROR* can't find authenticator
 error: [drm:pid9649:drmioctl] *ERROR* can't find authenticator
 error: [drm:pid9649:drmioctl] *ERROR* can't find authenticator
 error: [drm:pid9649:drmioctl] *ERROR* can't find authenticator
 error: [drm:pid9649:drmclose] *ERROR* can't find authenticator

Hi,

http://www.openbsd.org/faq/current.html#20130607b

--
Sincerely,
Ville Valkonen

Re: Why is there no pkg_find(1)?

2013-06-07 Thread Ville Valkonen 
On 7 June 2013 17:13, Marc Espie es...@nerim.net wrote:
 Just install ports-readmes-dancer

 There.


..or use pkg_mgr

Re: PF policy routing route-to rules don’t catch any packet

2013-06-05 Thread Ville Valkonen 
Hi,

just confirming one thing: did you flush the pf states between the
tests? I must admit, I mainly glanced the problem, so sorry if this is
an old tip. This was the first thing that popped into my mind when
reading about your solution.

--
Sincerely,
Ville Valkonen

On 5 June 2013 22:39, Raimundo Santos rait...@gmail.com wrote:
 I've got the issue solved by disabling states on all rules which deal with
 the tproxy.


 On 4 June 2013 11:28, Raimundo Santos rait...@gmail.com wrote:

 I am guessing that the problem lies with flags S/SA.

 Changing all rules to flags any, and the packets hits the rules, but
 things go worse: no web navigation... this is driving me mad!



 On 3 June 2013 13:09, Raimundo Santos rait...@gmail.com wrote:

 Hi there!

 I asked, without an answer, something about nat-to and real IPs. Well, I
 really need an answer there, so if someone get a clue, I will be glad tho
 hear :)

 Now, to the new issue!

 Here in our WiFi ISP we are have contracted a tproxy service from FreeBSD
 Brasil. It is somehow working, but I can not figure out exactly how. Here
 is a diagram of the desired paths:

 http://devio.us/~raitech/Obsd53PfTproxy.png

 These are my rules by now:

 RFC1918 = { 172.16/12, 192.168/16, 10/8, 127/8 }
 table INT_NET persist {  internal nets, all valid IPs }

 ext_if_1 = em0
 ext_gw_1 = 187.72.X.X
 ext_ip_1 = 187.72.X.X

 ext_if_2 = em1
 ext_gw_2 = 187.72.X.X
 ext_ip_2 = 187.72.X.X

 ext_if_3 = alc0
 ext_gw_3 = 187.72.X.X
 ext_ip_3 = 187.72.X.X

 int_if_1 = em2
 int_gw_1 = 187.72.X.X
 int_ip_1 = 187.72.X.X

 squid_master_if = em3
 squid_master_gw = 187.72.X.X
 squid_master_ip = 187.72.X.X

 set limit states 6304000
 set limit tables 5000
 set limit src-nodes 20
 set limit frags 3000
 set optimization aggressive
 set state-defaults pflow, no-sync

 set skip on lo

 block in log quick on {  \
  $ext_if_1,\
  $ext_if_2,\
  $ext_if_3,\
  $squid_master_if, \
  $int_if_1 } from $RFC1918 label blocking RFC1918

 # trying to prioritizing ACKs...
 match set prio (3,5)
 # ... and all traffic http. https over the others
 match proto tcp to port { http, https } set prio (5,6)
 match proto tcp from port { http, https } set prio (5,6)

 match proto tcp to port { ssh, 9876 } set prio(5,7)

 pass in on $int_if_1 proto tcp from { INT_NET, $int_gw_1 } to port http
 \
  route-to ($squid_master_if $squid_master_gw)

 pass in on { $ext_if_1, $ext_if_2, $ext_if_3 } proto tcp from port http \
  to { INT_NET, $int_gw_1 } \
  route-to ($squid_master_if $squid_master_gw)

 pass in on $squid_master_if proto tcp from { INT_NET, $int_gw_1 } to \
  port http no state route-to \
 { \
   ($ext_if_1 $ext_gw_1) , \
   ($ext_if_2 $ext_gw_2)   \
 } least-states label cahce external outbound balancing

 pass in on $squid_master_if proto tcp from port http\
  to { INT_NET, $int_gw_1 } route-to ($int_if_1 $int_gw_1)   \
  label cahce internal outbound routing

 An here are a pfctl -vsr output:

 block drop in log quick on em0 inet from 172.16.0.0/12 to any label
 blocking RFC1918
   [ Evaluations: 61764339  Packets: 332   Bytes: 32854   States:
 0 ]
   [ Inserted: uid 0 pid 19584 State Creations: 0 ]
 block drop in log quick on em0 inet from 192.168.0.0/16 to any label
 blocking RFC1918
   [ Evaluations: 5883927   Packets: 114   Bytes: 28621   States:
 0 ]
   [ Inserted: uid 0 pid 19584 State Creations: 0 ]
 block drop in log quick on em0 inet from 10.0.0.0/8 to any label
 blocking RFC1918
   [ Evaluations: 5883813   Packets: 170   Bytes: 18354   States:
 0 ]
   [ Inserted: uid 0 pid 19584 State Creations: 0 ]
 block drop in log quick on em0 inet from 127.0.0.0/8 to any label
 blocking RFC1918
   [ Evaluations: 5883643   Packets: 0 Bytes: 0   States:
 0 ]
   [ Inserted: uid 0 pid 19584 State Creations: 0 ]
 block drop in log quick on em1 inet from 172.16.0.0/12 to any label
 blocking RFC1918
   [ Evaluations: 60684174  Packets: 305   Bytes: 30912   States:
 0 ]
   [ Inserted: uid 0 pid 19584 State Creations: 0 ]
 block drop in log quick on em1 inet from 192.168.0.0/16 to any label
 blocking RFC1918
   [ Evaluations: 6862827   Packets: 93Bytes: 9232States:
 0 ]
   [ Inserted: uid 0 pid 19584 State Creations: 0 ]
 block drop in log quick on em1 inet from 10.0.0.0/8 to any label
 blocking RFC1918
   [ Evaluations: 6862734   Packets: 196   Bytes: 19396   States:
 0 ]
   [ Inserted: uid 0 pid 19584 State Creations: 0 ]
 block drop in log quick on em1 inet from 127.0.0.0/8 to any label
 blocking RFC1918
   [ Evaluations: 6862538   Packets: 0 Bytes: 0   States:
 0 ]
   [ Inserted: uid 0 pid 19584 State Creations: 0 ]
 block drop in log quick on alc0 inet from 172.16.0.0/12 to any label
 blocking RFC1918
   [ Evaluations: 50726925  Packets: 304   Bytes: 30856   States:
 0 ]
   [ Inserted: uid 0 pid 19584 State Creations: 0

Re: uvm_mapent_alloc: out of static map entries

2013-05-28 Thread Ville Valkonen 
On 28 May 2013 21:39, Chris Cappuccio ch...@nmedia.net wrote:
 carlos albino garcia grijalba [genesi...@hotmail.com] wrote:
 it is a server on production m a  little concerned about fail after upgrade 
 from 4.8 to 5.3 has some services on it

 Just upgrade to 5.3, pkg_add -r, and fix the fallout from ports changes. Read 
 the faq/current.html too


If he is upgrading to 5.3, he should read faq/upgrade53.html instead :)

--
Sincerely,
Ville Valkonen

[NOTICE] BIOS update for Jetway NC9K series motherboard (64bit support)

2013-05-06 Thread Ville Valkonen 
Hello Misc!

As there are probably other Jetway NC9K series motherboard owners in
the list, I'd like to share this information as it might come handy:
Jetway added support for EMT64 in the latest BIOS update and therefore
it is possible to run amd64 port of OpenBSD.

Update adds 64bit support for the following motherboard models:
- NC9KDL-2700
- NC9KDL-2550
- NC9KSL-2500

More info:
http://www.jetwaycomputer.com/NC9K.html

--
Sincerely,
Ville Valkonen

Re: snapshot ssh: ChrootDirectory sftp Connection closed

2013-04-16 Thread Ville Valkonen 
On 16 April 2013 07:25, f5b f...@163.com wrote:
 server
 kern.version=OpenBSD 5.3-current (GENERIC.MP) #71: Sat Apr 13 17:21:57 MDT 
 2013
 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

 /etc/ssh/sshd_config
 only add after last line

 Match Group share
 ForceCommand internal-sftp
 ChrootDirectory /home/chroot/

 # sshd -t   ##ok

 # mkdir /home/chroot/

 # adduser share

 frome other machine,
 the user share can not sftp to the server,
 but same config in Mar 1 snapshot, sftp is ok.


Hi,

same observations here.

--
Sincerely,
Ville Valkonen

Re: snapshot ssh: ChrootDirectory sftp Connection closed

2013-04-16 Thread Ville Valkonen 
On 16 April 2013 18:24, Stefan Johnson tigerphoenixdra...@gmail.com wrote:
 On Mon, Apr 15, 2013 at 11:25 PM, f5b f...@163.com wrote:

 server
 kern.version=OpenBSD 5.3-current (GENERIC.MP) #71: Sat Apr 13 17:21:57
 MDT 2013
 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

 /etc/ssh/sshd_config
 only add after last line

 Match Group share
 ForceCommand internal-sftp
 ChrootDirectory /home/chroot/

 # sshd -t   ##ok

 # mkdir /home/chroot/

 # adduser share

 frome other machine,
 the user share can not sftp to the server,
 but same config in Mar 1 snapshot, sftp is ok.


 1) Add user.  Make sure home directory is owned by root:wheel.  My example
 uses anonftp and the home directory is /home/anonftp
 # grep anonftp /etc/passwd
 anonftp:*:1004:10::/home/anonftp:/usr/bin/false
 # ls -ld /home/anonftp
 drwxr-xr-x  4 root  wheel  512 Aug 22  2012 /home/anonftp

 2) Make chroot home directory, and give it appropriate ownership and
 permissions to your needs:
 # ls -ld /home/anonftp/home
 drwxr-xr-x  3 root  users  512 Aug 22  2012 /home/anonftp/home
 # ls -ld /home/anonftp/home/anonftp
 drwxr-xr-x  2 anonftp  users  512 Jan 16 13:13 /home/anonftp/home/anonftp

 3) Ensure the Match block is set the way you want it.
 Match User anonftp
 X11Forwarding no
 AllowTcpForwarding no
 ForceCommand internal-sftp
 ChrootDirectory /home/anonftp

 If you wanted to allow full on connections (not just sftp) you would also
 need to set up tty devices and such in the chroot jail.  Since this is just
 sftp, the above should be sufficient.

 This is how I have it set up on my system, and it works fine.

 Hope this helps!


Hello Stefan,

so you surely were running current, right? Mine was working previously
but update to the latest snapshot (that was about a week ago) broke
it. Tried few things but no cigar. I'll try to report with more
details if I find time.

--
Sincerely,
Ville Valkonen

Re: mixerctl outputs.master.mute=on doesn't mute inputs.beep

2013-04-05 Thread Ville Valkonen 
Hello,

what says wsconsctl keyboard.bell.volume ? Have you tried to turn it to 0?

--
Sincerely,
Ville Valkonen


On 5 April 2013 15:07, Zé Loff zel...@zeloff.org wrote:

 Hi everyone

 The subject line pretty much sums it up... If I set outputs.master.mute
 to on (either with mixerctl or with the mute key on this ThinkPad), or
 set outputs.master=0,0, the beep is still audible, even if 'beep' is
 added to the outputs.master.slaves (which it isn't by default).
 Furthermore, setting inputs.beep to whatever has no effect, as the beep
 is always audible, and always at the same volume (which I guess is the
 cause of it not being muted).
 Incidentally, audioctl output_muted=0 doesn't mute the beep either...

 Is this expected behaviour?

 I am running amd64 -current #60 (Apr 2), Intel 3400 HD Audio, azalia,
 conexant codec.

 dmesg, audioctl and mixerctl appended FWIW


 Thanks in advance.



 dmesg

 OpenBSD 5.3-current (GENERIC.MP) #60: Tue Apr  2 18:53:53 MDT 2013
 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
 real mem = 4062691328 (3874MB)
 avail mem = 3946835968 (3763MB)
 mainbus0 at root
 bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xe0010 (78 entries)
 bios0: vendor LENOVO version 6QET69WW (1.39 ) date 04/26/2012
 bios0: LENOVO 3680WE9
 acpi0 at bios0: rev 2
 acpi0: sleep states S0 S3 S4 S5
 acpi0: tables DSDT FACP SSDT ECDT APIC MCFG HPET ASF! BOOT SSDT TCPA SSDT
 SSDT SSDT
 acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP1(S4) EXP2(S4)
 EXP3(S4) EXP4(S4) EXP5(S4) EHC1(S3) EHC2(S3) HDEF(S4)
 acpitimer0 at acpi0: 3579545 Hz, 24 bits
 acpiec0 at acpi0
 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
 cpu0 at mainbus0: apid 0 (boot processor)
 cpu0: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 1197.20 MHz
 cpu0:

FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF
,ITSC
 cpu0: 256KB 64b/line 8-way L2 cache
 cpu0: apic clock running at 133MHz
 cpu1 at mainbus0: apid 1 (application processor)
 cpu1: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 1197.00 MHz
 cpu1:

FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF
,ITSC
 cpu1: 256KB 64b/line 8-way L2 cache
 cpu2 at mainbus0: apid 4 (application processor)
 cpu2: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 1197.00 MHz
 cpu2:

FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF
,ITSC
 cpu2: 256KB 64b/line 8-way L2 cache
 cpu3 at mainbus0: apid 5 (application processor)
 cpu3: Intel(R) Core(TM) i5 CPU M 520 @ 2.40GHz, 1197.00 MHz
 cpu3:

FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,LAHF,PERF
,ITSC
 cpu3: 256KB 64b/line 8-way L2 cache
 ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
 ioapic0: misconfigured as apic 2, remapped to apid 1
 acpimcfg0 at acpi0 addr 0xe000, bus 0-255
 acpihpet0 at acpi0: 14318179 Hz
 acpiprt0 at acpi0: bus 0 (PCI0)
 acpiprt1 at acpi0: bus -1 (PEG_)
 acpiprt2 at acpi0: bus 13 (EXP1)
 acpiprt3 at acpi0: bus -1 (EXP2)
 acpiprt4 at acpi0: bus -1 (EXP3)
 acpiprt5 at acpi0: bus 5 (EXP4)
 acpiprt6 at acpi0: bus 2 (EXP5)
 acpicpu0 at acpi0: C3, C1, PSS
 acpicpu1 at acpi0: C3, C1, PSS
 acpicpu2 at acpi0: C3, C1, PSS
 acpicpu3 at acpi0: C3, C1, PSS
 acpipwrres0 at acpi0: PUBS
 acpitz0 at acpi0: critical temperature is 100 degC
 acpibtn0 at acpi0: LID_
 acpibtn1 at acpi0: SLPB
 acpibat0 at acpi0: BAT0 model 42T4694 serial   545 type LION oem SANYO
 acpibat1 at acpi0: BAT1 not present
 acpiac0 at acpi0: AC unit offline
 acpithinkpad0 at acpi0
 acpidock0 at acpi0: GDCK not docked (0)
 cpu0: Enhanced SpeedStep 1197 MHz: speeds: 2400, 2399, 2266, 2133, 1999,
 1866, 1733, 1599, 1466, 1333, 1199 MHz
 pci0 at mainbus0 bus 0
 pchb0 at pci0 dev 0 function 0 Intel Core Host rev 0x02
 vga1 at pci0 dev 2 function 0 Intel HD Graphics rev 0x02
 intagp0 at vga1
 agp0 at intagp0: aperture at 0xd000, size 0x1000
 inteldrm0 at vga1
 drm0 at inteldrm0
 inteldrm0: apic 1 int 16
 wsdisplay0 at vga1 mux 1: console (std, vt100 emulation)
 wsdisplay0: screen 1-5 added (std, vt100 emulation)
 Intel 3400 MEI rev 0x06 at pci0 dev 22 function 0 not configured
 Intel 3400 KT rev 0x06 at pci0 dev 22 function 3 not configured
 em0 at pci0 dev 25 function 0 Intel 82577LM rev 0x06: msi, address
 00:26:2d:fb:7c:63
 ehci0 at pci0 dev 26 function 0 Intel 3400 USB rev 0x06: apic 1 int 23
 usb0 at ehci0: USB revision 2.0

Re: rsync too slow between two disks with softraid crypto

2013-03-26 Thread Ville Valkonen 
On 26 March 2013 01:58, Luis luisl...@gmx.com wrote:
 When using two disks, times for data transfer are shorter, although
 unreasonable long for everyday use.

 It would be nice to be able to try softraid with 128 AES-XTS instead
 of 256, to check apples with apples.

 Regards.


 Luis

Hi,

it would be more interesting to perform the tests under Intel's i5 or i7 CPUs
since those have the AES support in hardware (afaik).

--
Sincerely,
Ville Valkonen

Re: rsync too slow between two disks with softraid crypto

2013-03-26 Thread Ville Valkonen 
On 26 March 2013 14:12, Ville Valkonen weezeld...@gmail.com wrote:
 On 26 March 2013 01:58, Luis luisl...@gmx.com wrote:
 When using two disks, times for data transfer are shorter, although
 unreasonable long for everyday use.

 It would be nice to be able to try softraid with 128 AES-XTS instead
 of 256, to check apples with apples.

 Regards.


 Luis

 Hi,

 it would be more interesting to perform the tests under Intel's i5 or i7 CPUs
 since those have the AES support in hardware (afaik).

 --
 Sincerely,
 Ville Valkonen

Well, that have been taken care of. Cheers jsing@ :)

--
Ville

Re: Announce: OpenSMTPD 5.3 released

2013-03-18 Thread Ville Valkonen 
On 18 March 2013 14:17, Gilles Chehade gil...@poolp.org wrote:
 Hi misc@,

 At AsiaBSDCon, eric@ has announced the release of OpenSMTPD 5.3 which is
 the first stable and production-ready release of OpenSMTPD.

 It is also the smtpd that will be shipping with OpenBSD 5.3.

 OpenSMTPD is brought to you by Gilles Chehade, Eric Faurot and Charles 
 Longeau.

Hi,

This, and KMS support. Damn, this is a nice day. Thanks for the all
hard working devs out there. This writing is my humble appreciation
towards you. And yes, I'm on my way to donate to keep things running
(and hopefully rest of you do the same ;)

--
Sincerely,
Ville Valkonen

Re: pf blocking active connections

2013-02-07 Thread Ville Valkonen 
On Feb 7, 2013 11:20 PM, Jan Stary h...@stare.cz wrote:

 On Feb 07 21:31:11, martijn...@gmail.com wrote:
  Thanks for all the quick responses, but if I understand you all
  correctly there is no way to cut off an established connection by adding
  an ip address to a blocked table, so I'm still left with my two stage
  drop off the connection (both adding the the ip to the table and killing
  the connection manually).

 Yes; these are two distinct actions:
 1. killing an active connection (pfctl -k)
 2. adding a host to a table (pfctl -t)
(whatever it may mean in the ruleset)

Swap the order.

Re: two equal filenames in one dir

2013-01-27 Thread Ville Valkonen 
' ' != '_'
On Jan 27, 2013 12:21 PM, Jiri B ji...@devio.us wrote:

 Hello,

 I'm confused, how is it possible I have two files with same
 names in one dir?

 $ ls -li
 total 1245376
 3611817 -rw-r--r--  1 jirib  jirib  168392755 Jan 14 23:35
 Crostata_Alla_Fruta.mp4
 3741698 -rw-r--r--  1 jirib  jirib  165519511 Mar 12  2010 Pizza
 Margherita-10115892.mp4
 3611818 -rw-r--r--  1 jirib  jirib  165519511 Jan 14 23:35
 Pizza_Margherita-10115892.mp4
 3741699 -rw-r--r--  1 jirib  jirib   68932635 Jul 31 21:02 jablecny
 kolac-46705666.mp4
 3611819 -rw-r--r--  1 jirib  jirib   68932635 Jan 14 23:35
 jablecny_kolac-46705666.mp4

 $ sysctl kern.version
 kern.version=OpenBSD 5.2-current (GENERIC.MP) #20: Mon Jan 21 17:23:23
 MST 2013
 t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

 jirib

Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?

2013-01-24 Thread Ville Valkonen 
On 24 January 2013 10:45, Reyk Floeter r...@openbsd.org wrote:
 On Wed, Jan 23, 2013 at 5:41 PM, Erling Westenvik
 erling.westen...@gmail.com wrote:
 I need to connect my ThinkPad T500 running 5.2 current to the wifi
 network here at my university.  E.g. the eduroam network which is
 available at most universities through, at least, Europe. After Googling
 around for a while I'm not sure whether OpenBSD yet has support for WPA2
 and PEAP/MSCHAPv2. And if it does: if someone could provide me with a
 sample ifconfig?


 I haven't checked wpa_supplicant for a while, but you can find it in
 ports and some people actually seem to use it with OpenBSD.

 You can even find examples, the following is from a university in
 Germany 
 (http://www.rz.rwth-aachen.de/aw/cms/rz/Themen/unsere_dienste/kommunikation/netzbetrieb/dienste/wlan/installation/~sib/openbsd/?lang=de):

 network={
 ssid=eduroam
 key_mgmt=WPA-EAP
 eap=TTLS
 identity=tim-acco...@rwth-aachen.de
 anonymous_identity=tim-acco...@rwth-aachen.de
 password=PASSWORT-FÜR-TIM-ACCOUNT
 ca_cert=/etc/certs/eduroam-chain.pem
 phase2=auth=PAP
 }

 But, again, I haven't tested it myself.

 Reyk

Interesting. Didn't know that works with wlan too. Thanks for the
info, although I am not able to test it in the near future.

--
Sincerely,
Ville Valkonen

Re: OpenBSD/iwn(4) support for WPA2/PEAP/MSCHAPv2?

2013-01-23 Thread Ville Valkonen 
On 23 January 2013 18:41, Erling Westenvik erling.westen...@gmail.com wrote:
 I need to connect my ThinkPad T500 running 5.2 current to the wifi
 network here at my university.  E.g. the eduroam network which is
 available at most universities through, at least, Europe. After Googling
 around for a while I'm not sure whether OpenBSD yet has support for WPA2
 and PEAP/MSCHAPv2. And if it does: if someone could provide me with a
 sample ifconfig?

 Cheers,

 Erling

Hi,

Unfortunately there's no support for PEAP/MSCHAPv2 at the moment.

--
Ville Valkonen

Re: how to upgrade gcc 4.2.1 to gcc-4.7.1

2013-01-17 Thread Ville Valkonen 
On 17 January 2013 16:29, WANG Siyuan wangsiyuanb...@gmail.com wrote:
 Hi,

 I install gcc 4.7 on openbsd using pkg_add. after installation, I use
 'gcc -v' to check, I found it is also gcc 4.2 !

 how to upgrade gcc 4.2 to gcc 4.7 on openbsd? thank you!


 --
 Yours sincerely,
 WANG Siyuan

Hi,

packages/ports gcc is renamed to egcc that it won't be mixed up to
system's gcc. Therefore, /usr/local/bin/ecpp is one that you want. And
no, you DON'T want to replace system's gcc.

--
Sincerely,
Ville Valkonen

Possible regression on dhclient (current)

2012-11-12 Thread Ville Valkonen 
Hello all,

I was surfing on a Web when suddenly all traffic stopped. Closer examination
revealed Too many open files failure with the dhclient. Since there have been
improvements in the dhclient lately, could this be related?

Tried to do pkill -TERM dhclient  sudo dhclient trunk0 but no cigar. Any
hints what to try the next time if this occurs? Uptime was 3 days if it happens
to matter. I'm also testing Brain Fuck Scheduler patch since it makes videos
playable. Yes, I can rule it out by running GENERIC if necessary.

Complete dmesg at the bottom of this message.

But now, here's some information:
$ dmesg |tail -100
...
arpresolve: 192.168.50.101: route without link local address
arpresolve: 192.168.50.101: route without link local address
arpresolve: 192.168.50.101: route without link local address
arpresolve: 192.168.50.101: route without link local address
arpresolve: 192.168.50.101: route without link local address
...

/var/log/daemon:
Nov 12 23:08:38  dhclient[9627]: DHCPDISCOVER on trunk0 to
255.255.255.255 port 67 interval 3
Nov 12 23:08:38  dhclient[9627]: DHCPOFFER from 192.168.50.101
(00:30:18:a4:f8:e3)
Nov 12 23:08:38  dhclient[9627]: DHCPREQUEST on trunk0 to
255.255.255.255 port 67
Nov 12 23:08:38  dhclient[9627]: DHCPACK from 192.168.50.101 (00:30:18:a4:f8:e3)
Nov 12 23:08:38  dhclient[7427]: socket open failed: Too many open files
Nov 12 23:08:38  dhclient[9627]: bound to 192.168.50.102 -- renewal in
300 seconds.
Nov 12 23:08:38  dhclient[9627]: DHCPDISCOVER on trunk0 to
255.255.255.255 port 67 interval 3
Nov 12 23:08:38  dhclient[9627]: DHCPOFFER from 192.168.50.101
(00:30:18:a4:f8:e3)
Nov 12 23:08:38  dhclient[9627]: DHCPREQUEST on trunk0 to
255.255.255.255 port 67
Nov 12 23:08:38  dhclient[9627]: DHCPACK from 192.168.50.101 (00:30:18:a4:f8:e3)
Nov 12 23:08:38  dhclient[7427]: socket open failed: Too many open files
Nov 12 23:08:38  dhclient[9627]: bound to 192.168.50.102 -- renewal in
300 seconds.

/var/log/messages
Nov 12 23:11:59  /bsd: arpresolve: 192.168.50.101: route without link
local address
Nov 12 23:12:21  /bsd: arpresolve: 192.168.50.101: route without link
local address
Nov 12 23:14:58  last message repeated 15 times
Nov 12 23:22:22  last message repeated 32 times
Nov 12 23:22:24  dhclient[9276]: SIOCDIFADDR failed (192.168.50.102):
Can't assign requested address
Nov 12 23:22:24  dhclient[9276]: SIOCDIFADDR failed (192.168.50.102):
Can't assign requested address
Nov 12 23:22:27  /bsd: arpresolve: 192.168.50.101: route without link
local address
Nov 12 23:23:04  last message repeated 5 times

$ ulimit -a
time(cpu-seconds)unlimited
file(blocks) unlimited
coredump(blocks) unlimited
data(kbytes) 716800
stack(kbytes)4096
lockedmem(kbytes)1298308
memory(kbytes)   3881796
nofiles(descriptors) 500
processes128

NOTICE: Closed Chromium since it had several descriptors opened. After that
fstat |wc -l   showed ~400. Tried to restart dhclient again but with no luck.


$ route -n show # (not using inet6)
Routing tables

Internet:
DestinationGatewayFlags   Refs  Use   Mtu  Prio Iface
default192.168.50.101 UGS4  192 - 8 trunk0
127/8  127.0.0.1  UGRS   00 33152 8 lo0
127.0.0.1  127.0.0.1  UH 2 2935 33152 4 lo0
192.168.50/24  link#5 UC 10 - 4 trunk0
192.168.50.101 00:30:18:a4:f8:e3  UHLc   0   55 - 4 trunk0
192.168.50.102 127.0.0.1  UG 00 3315256 lo0
224/4  127.0.0.1  URS00 33152 8 lo0


OpenBSD 5.2-current (GENERIC.MP) #0: Fri Nov  9 15:19:24 EET 2012
weezel@:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4121640960 (3930MB)
avail mem = 3989434368 (3804MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xe0010 (44 entries)
bios0: vendor LENOVO version 6JET93WW (1.51 ) date 03/26/2012
bios0: LENOVO 284756G
acpi0 at bios0: rev 4
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP HPET MCFG APIC BOOT SLIC SSDT SSDT SSDT
acpi0: wakeup devices P0P2(S4) P0P1(S4) USB0(S3) USB1(S3) USB2(S3)
USBR(S3) EHC1(S3) USB3(S3) USB4(S3) USB5(S3) EHC2(S3) HDEF(S4)
PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4)
RP04(S4) PXSX(S4) RP05(S4) RP06(S4) BLAN(S4) LID_(S3) SLPB(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM)2 Duo CPU T5870 @ 2.00GHz, 1995.34 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF
cpu0: 2MB 64b/line 8-way L2 cache
cpu0: apic clock running at 494MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R)

Re: Unified BSD?

2012-11-12 Thread Ville Valkonen 
On 12 November 2012 22:37, Robin  Björklin robin.bjork...@gmail.com wrote:
 As all of you probably know there's a lot of buzz around Gnu/Linux these
 days and I'm pretty sure you couldn't care less. What I'm wondering is why
 the BSD community which from what I can gather isn't as big as the Linux
 community have decided to split their resources into several different
 projects/forks/distributions. To me it seems *BSD would be in a more
 competitive shape if all developers would get in under one roof?

Different BSDs have different interests. Also, competitive shape is
ambiguous (competitive in speed?, portability?, security?, market
share?).

 Am I bat crap crazy for thinking it could be good to merge the four largest
 BSD variants out there, take the best bits and pieces out of each and
 create a Unified BSD?

Doesn't that apply for Linux too?

  1   2   >