Re: modern desktop update recommendations?

[Andy Ruhl]

On Tue, Mar 28, 2023 at 8:17 AM MLH  wrote:
>
> My ~10 yr old i3-based box needs to be updated. I can't compile
> anything nontrivial without the box rebooting anymore. I am far
> out of the loop on what NetBSD can run on these days. I have a
> Radeon HD 6450/7450/8450 that works very well and can use it and
> I would like to go with ssd as my old hds are starting to fail.
> My current motherboard is supposed to support (an early version
> of) efi but I never could get it to work. I suspect it only booted
> off of efi dvds and not hds.
>
> Huge numbers of choices these days but does anyone have recommendations
> on moderately-priced options that work well with NetBSD?

I've got a server that has existed since 1.4.2. I get all of this that
you're talking about. I just slowly upgrade hardware over time,
probably the same as you. It's a dual core Celeron with 8 gigs of
memory at the moment. I've been using rsync and dump/restore to move
to new disks. High quality SSDs are really cheap as long as you don't
need a lot of space. Like $30-40 for a 500 gig?

I accidentally "upgraded" from i386 to amd64 when I went to NetBSD-9.
Even that went relatively smoothly.

I'm looking hard at moving to something arm64 based. Maybe a pi4 or a
Rock64 or something. NetBSD seems to run pretty well on these.

I don't have specific advice unfortunately. Most everything I try just works.

Andy

Re: Wiki page review

[Andy Ruhl]

On Tue, Jan 3, 2023 at 11:54 PM Brook Milligan  wrote:
>
> I have written a page for the NetBSD Wiki on how to build bootable ARM images 
> using build.sh (see the attached PDF version).  Before I commit it, I would 
> appreciate feedback regarding its clarity and completeness.  If anyone is 
> willing to go through the process described, that would be ideal as a 
> verification of correctness.
>
> For now, it is linked under Tutorials -> System; if there is a better 
> location, please advise.

I'm not a fan of the word "concrete" in this context, and it might not
translate well to other languages.

At the end of the introduction section there is a point that says
"Install U-boot boot blocks." For clarity I might say "Install U-boot
boot blocks on build system." or add "from pkgsrc" just to try to
clarify.

Is the list of hardware supported by this method limited to what
bootblocks are available through U-boot? If that wasn't answered it
might be nice to say it.

Otherwise, good stuff. I have some ARM devices and I'm not familiar
enough with how they boot. I just get an image from somewhere, write
it, and go happily ignorant of how it actually works. I might try my
own build for the heck of it now.

Andy

Re: noob Question: How to format a floppy on a USB floppy disk drive (on RPi 4) ?

[Andy Ruhl]

I found 2 old amd64 floppy images from 2.0. No idea why I still have these:

-rwxr--r--   1 andy  andy  1474560 Nov 30  2004 boot1.fs
-rwxr--r--   1 andy  andy  1474560 Nov 30  2004 boot2.fs

Can you try writing a file of that size to one of those /dev/rsd files
using dd?

(The man page for fdformat says 2006, I'm surprised it's that new.)

Andy

Re: Race condition with Raspberry Pi 3 root on NFS

[Andy Ruhl]

On Sun, Oct 30, 2022 at 2:18 PM Aaron B.  wrote:
> This looks less like a bug and more working as designed - but in an
> weird edge case. Are there any magic workarounds to get multiuser
> without human attention?

There used to be a way to build a kernel with a hardcoded NFS root
option. I dug around in evbarm and aarch64 and didn't see something
familiar to me (from like 15 years ago when I was doing this).

Maybe someone can comment on if this still exists.

Andy

Re: Backing up "stuff"

[Andy Ruhl]

On Mon, Oct 17, 2022 at 5:21 PM Todd Gruhn  wrote:
>
> I have a MP3 tree zipped up.
>
> This file is 4.628GB
>
> What is a good way to back it up on something other
> than a SATA drive ?

Depends on a lot of stuff. DVD, USB stick, cloud storage, etc.

I try to GPG stuff that I know is going to be somewhere that I don't
have control of. Not perfect but better than nothing.

Andy

Re: Growing sshd process count

[Andy Ruhl]

On Fri, Oct 7, 2022 at 7:22 PM Mayuresh  wrote:
>
> On Fri, Oct 07, 2022 at 02:14:09PM -, Michael van Elst wrote:
> > Someone is brute-forcing your account passwords.
>
> Thanks. I think blacklistd is protecting me.
>
> But doesn't this qualify as a DDOS attack? The VPS provider (Hetzner)
> claims to provide DDOS protection. Shouldn't it have triggered in this
> scenario?

Probably not. The point of that attack is probably to break into your
system, not deny others from accessing it. But maybe they accomplish
the second thing if they can't break in.

Andy

Re: Does any common mortals here (not programmers or sysads) use NetBSD as their daily productivity driver?

[Andy Ruhl]

On Tue, Sep 27, 2022 at 5:04 AM Vitaly Shevtsov  wrote:
>
> I would use with pleasure if it supported my wifi chip and amd ryzen vesa 
> card (integrated)

I have a cheap USB WiFi adapter that I know is well supported with
NetBSD and other stuff just for this reason. Can't help you with the
vesa card though.

Andy

Re: Low power server ideas

[Andy Ruhl]

On Fri, Sep 2, 2022 at 8:15 AM Greg Troxel  wrote:
> I am not sure this is low enough power, but the PC engines apu2 has 3
> GbE interfaces and has pretty low power consumption.  My UPS reports 37
> VA, and that's an apu2, a USB hub, 2 ethernet switches one of which
> isn't particularly low power, and a POE access point on one of the
> switches.
>
> It's an amd64 cpu and can be had with 4G RAM.  Serial console only, no
> video at all.  Mine runs until I upgrade the software or the power is
> out longer than the UPS can deal with.   It is not particularly speedy
> CPU wise, but it's been great as a
> router/firewall/dns/everything-like-that running NetBSD.

Interesting. I guess if you wait long enough the mainstream stuff
becomes sort of embedded stuff. This would be easy to build and run
NetBSD as well...

Andy

Low power server ideas

[Andy Ruhl]

Hello all,

I've been running a NetBSD server on i386 for about 20 odd years, I
should go back and check when I actually started it. I sort of
accidentally upgraded it to amd64 a while back but it worked.

Anyways, it seems like time to move to something else, maybe lower
power if possible.

I found this which is very interesting:

https://blog.netbsd.org/tnf/entry/making_rockpro64_a_netbsd_server

Using a 128gig internal MMC would be plenty for OS and some local
storage then I would add some other disks, possibly SSD.

Looking for other ideas if anyone has any.

Thanks.

Andy

Re: A book seems to be missing here...

[Andy Ruhl]

On Wed, Aug 10, 2022 at 11:23 AM Michael Cheponis
 wrote:
>
> Was looking at no-starch press, and saw these 2 books:  
> http://culver.net/NetBSD/no-starch.jpg
>
> And I realized, you know, there seems to be a 'missing' book --- I see only 
> Absolute FreeBSD and Absolute OpenBSD.
>
> Is there any status on a  "NetBSD Book"  ?   Or is this pretty much it:  
> http://www.netbsd.org/docs/guide/en/?   (Which is great!  just not Dead 
> Trees.)

I have those. They are pretty old by now. I wondered the same thing at
the time. NetBSD still flies under the radar of most people I think.

I've got a system that's been running NetBSD for 20 years now, it just works.

Andy

Re: Gateway server experiencing degraded performance

[Andy Ruhl]

On Sun, May 15, 2022 at 7:52 AM Andrew K Adams  wrote:
>
> Hi, I’ve noticed a problem with my NetBSD server that I really could
> use some help with.  The server is acting as my home router (gateway)
> in ‘pass-through’ mode with Comcast Xfinity as the service provider.
> The only functions/services enabled on the server are: ip-forwarding,
> dhcp-client, and NTP.   And on the internal-facing lan: NAT, DHCP, and
> SSH.  The internal network supports 5+ wired hosts & 10+ wireless
> devices.  I currently have the 1Gig option with Comcast and when
> things are operating as expected, I see from an internal (wired) host
> 750mbs of throughput according to Comcast’s Xfinity speed test
> website.  The problem is that performance doesn’t last.  In anywhere
> from 3 weeks to 24 hours, my network performance (again, using the
> same wired host measured by Xfinity’s speed test) will drop to ~20mbs.
> And the change is clearly observable in all networking applications,
> e.g., Netflix.  I’m querying here, though, because the fix I’ve found
> is to reboot the server.  Upon reboot, I immediately go back to
> 750mbs.  Hence, I’d like to figure out how to troubleshoot what on my
> server is (eventually) degrading my network performance.
>
> The server is relatively new; I built it using an ASUS Mini ITX with
> two onboard GigE ethernet ports.  Here’s some relevant dmesg output:
>
> [ 1.00] NetBSD 9.1 (GENERIC) #0: Sun Oct 18 19:24:30 UTC 2020
> [ 1.00]
> mkre...@mkrepro.netbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
> [ 1.00] total memory = 3457 MB
> [ 1.00] avail memory = 3380 MB
>
> [ 1.025286] wm0 at pci0 dev 25 function 0: I217 LM Ethernet
> Connection (rev. 0x05)
> [ 1.025286] wm0: interrupting at msi2 vec 0
> [ 1.025286] wm0: PCI-Express bus
> [ 1.025286] wm0: 2048 words FLASH, version 0.13.4
> [ 1.025286] wm0: 0x6a4480
>
> [ 1.025286] re0 at pci3 dev 0 function 0: RealTek 8168/8111 PCIe
> Gigabit Ethernet (rev. 0x0c)
> [ 1.025286] re0: interrupting at msix4 vec 0
> [ 1.025286] re0: using 256 tx descriptors
>
>
> And from ifconfig (note, I’ve removed my IP & MAC address from the output):
>
> iquitos# ifconfig -a
> wm0: flags=0x8843 mtu 1500
> capabilities=7ff80
> capabilities=7ff80
> capabilities=7ff80
> enabled=0
> ec_capabilities=17
> ec_enabled=2
> media: Ethernet autoselect (1000baseT
> full-duplex,flowcontrol,rxpause,txpause)
> status: active
> inet X.X.X.X/20 broadcast 255.255.255.255 flags 0x0
> Inet6 X%wm0/64 flags 0x0 scopeid 0x1
> re0: flags=0x8843 mtu 1500
> capabilities=3f80
> capabilities=3f80
> enabled=0
> ec_capabilities=3
> ec_enabled=0
> media: Ethernet autoselect (1000baseT full-duplex)
> status: active
> inet 10.19.34.1/24 broadcast 10.19.34.255 flags 0x0
> inet6 fe80::728b:cdff:febc:831b%re0/64 flags 0x0 scopeid 0x2
> lo0: flags=0x8049 mtu 33176
> inet 127.0.0.1/8 flags 0x0
> inet6 ::1/128 flags 0x20
> inet6 fe80::1%lo0/64 flags 0x0 scopeid 0x3
>
>
> I’m not sure what other information would be useful, just let me know,
> and thank you in advance for help you can give me!

Just a question, not a requirement, but have you looked at Wireshark
traces comparing good performance vs. bad performance?

It's just another way to find possibly find a problem. I'm sure
someone else will have better ideas.

Andy

Re: Network Oddities

[Andy Ruhl]

On Fri, May 6, 2022 at 4:12 PM Ron Georgia  wrote:
>
> 1. Reading through the ifconfig.if man page I found this,
> "For each interface (nnX) that is to be configured, there should be
> either an ifconfig_nnX variable in rc.conf(5), or an /etc/ifconfig.nnX file"
> Also in "Setting up TCP/IP on NetBSD in practice" document,  I assumed
> the following meant that each interface needed an ifconfig.if file.
> /etc/ifconfig.xxx
>  This file is used for the automatic configuration of the network
> interfaces at boot, see ifconfig.if(5)
>
> https://netbsd.org/docs/guide/en/chap-net-practice.html#chap-net-practice-network-config
>

"That is to be configured" is the important phrase in the context of
this thread.

> 2. I was setting up a QEMU and NVMM, following  Using virtualization:
> QEMU and NVMM (https://www.netbsd.org/docs/guide/en/chap-virt.html). In
> section 30.3, "Configuring bridged networking on a NetBSD host" they
> walk through creating a tap and a bridge. The first run through my qemu
> vm worked, but the host network stopped working. I rebooted and neither
> the host or the guest had working networks. I am not sure why but it may
> be that I had ifconfig.wm1, ifconfig.tap0, ifconfig.bridge0. I thought
> maybe I would use wm1 for the host and wm0 for the guest. Bad idea.
>

I don't know, maybe that would work. Seems like a reasonable idea but
I'm not an expert on this topic.

It's also possible you bridged the VM + both real interfaces causing a
loop or something.

> I did remove the cable from wm0, removed ifconfig.wm0 and
> ifconfig.bridge0 from /etc. I reconfigured ifconfig.tap0 and now
> everything works. In my /etc I have ifconfig.wm1 and ifconfig.tap0
>

Yes. 1 interface per subnet for the most part is how you want to
configure things. 1 default gateway per machine (or VRF if you want to
get fancy).

> 3. "Why are you assuming that this should work?" Honestly, I don't know.
> Pure ignorance I suppose. However, I did learn a lot from this foray.

Good, this is the point. Once you drill into how IP networks work from
a host perspective, this all starts making sense. When you put 2
interfaces in the same subnet inside of the same layer 2 network, the
host starts to have problems figuring out which interface to send
packets out of. I deal with this type of thing all the time at work. I
think part of the problem is there is an assumption that "more
interfaces are better". Someone else said the right thing, anytime you
are putting 2 interfaces on the same network you need some "bundling"
or "bonding" method to make it work right. I'm most familiar with LACP
but there are other methods. Maybe that should be your next foray.

Andy

> On 5/4/22 12:32 AM, Andy Ruhl wrote:
> > On Tue, May 3, 2022 at 10:27 AM Ron Georgia  wrote:
> >>
> >> I am having some odd behavior from my NICs or maybe from the network or
> >> dhcpcd, not sure.
> >>
> >> With ethernet cables plugged into both wm0 and wm1. Everything works;
> >> however the only ifconfig file is ifconfig.wm1. Everything works.
> >> Reading through the docs, the recommendation is to have an ifconfig.if
> >> for each interface. The dhcpcd service is up and running without issue.
> >> I copy ifconfig.wm1 to ifconfig.wm0 and restart the network. But I get
> >> an error:
> >>
> >> sudo service network restart
> >> Stopping network.
> >> Deleting aliases.
> >> Downing network interfaces: wm0 wm1.
> >> Starting network.
> >> Hostname: netverbs57.ronverbs.dev
> >> IPv6 mode: host
> >> Configuring network interfaces: wm0 wm1.
> >> Adding interface aliases:.
> >> Waiting for DAD to complete for statically configured addresses...
> >> ifconfig: SIOCGIFAFLAG_IN6: Can't assign requested address
> >>
> >> After a reboot none of the nics have IP addresses. If I restart dhcpcd I
> >> get this error
> >>
> >> sudo service dhcpcd restart
> >> dhcpcd not running? (check /var/run/dhcpcd.pid).
> >> Starting dhcpcd.
> >> main: control_open: Connection refused
> >> [1]   Segmentation fault (core dumped) RC_PID= _rc_pid=
> >> _rc_original_stdout_fd= _rc_o...
> >>
> >> If I remove /etc/ifconfig.wm0 and reboot, everything returns to normal.
> >> However, if I restart the network, then restart dhcpcd, the same
> >> Sementation fault appears.
> >>
> >> I found this when I tried to create a bridge with a tap.
> >>
> >> Summary:
> >> With only /etc/ifconfig.wm1, both wm0 and wm1 work. The network can be
> >> restarted and dh

Re: Network Oddities

[Andy Ruhl]

On Tue, May 3, 2022 at 10:27 AM Ron Georgia  wrote:
>
> I am having some odd behavior from my NICs or maybe from the network or
> dhcpcd, not sure.
>
> With ethernet cables plugged into both wm0 and wm1. Everything works;
> however the only ifconfig file is ifconfig.wm1. Everything works.
> Reading through the docs, the recommendation is to have an ifconfig.if
> for each interface. The dhcpcd service is up and running without issue.
> I copy ifconfig.wm1 to ifconfig.wm0 and restart the network. But I get
> an error:
>
> sudo service network restart
> Stopping network.
> Deleting aliases.
> Downing network interfaces: wm0 wm1.
> Starting network.
> Hostname: netverbs57.ronverbs.dev
> IPv6 mode: host
> Configuring network interfaces: wm0 wm1.
> Adding interface aliases:.
> Waiting for DAD to complete for statically configured addresses...
> ifconfig: SIOCGIFAFLAG_IN6: Can't assign requested address
>
> After a reboot none of the nics have IP addresses. If I restart dhcpcd I
> get this error
>
> sudo service dhcpcd restart
> dhcpcd not running? (check /var/run/dhcpcd.pid).
> Starting dhcpcd.
> main: control_open: Connection refused
> [1]   Segmentation fault (core dumped) RC_PID= _rc_pid=
> _rc_original_stdout_fd= _rc_o...
>
> If I remove /etc/ifconfig.wm0 and reboot, everything returns to normal.
> However, if I restart the network, then restart dhcpcd, the same
> Sementation fault appears.
>
> I found this when I tried to create a bridge with a tap.
>
> Summary:
> With only /etc/ifconfig.wm1, both wm0 and wm1 work. The network can be
> restarted and dhcpcd can be restarted.
> Add /etc/ifconfig.wm0, reboot, no ip addresses assigned. Cannot restart
> dhcpcd, seg fault.
> Remove /etc/ifconfig.wm0 and reboot, back to normal. Both nics have
> addresses. Restart the network works, but restarting dhcpcd results in a
> seg fault.
>
> Anything I can look for?
>
> ===
> HELPFUL INFO
>
> ~> uname -a
> NetBSD netverbs57.ronverbs.dev 9.2 NetBSD 9.2 (GENERIC) #0: Wed May 12
> 13:15:55 UTC 2021
> mkre...@mkrepro.netbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC amd64
>
>
> from /etc/rc.conf
> # Add local overrides below.
> #
> hostname=netverbs57.ronverbs.dev
> dhcpcd=YES
> #dhcpcd_flags="-qM"
>
> Listing /etc
> ll /etc | grep ifconfig
> -rw-r--r--   1 root  wheel  20B Apr 10 07:09 ifconfig.wm1
>
> cat /etc/ifconfig.wm1
> up
> media autoselect
>
> ifconfig | grep -w inet
>  inet 192.168.1.182/24 broadcast 192.168.1.255 flags 0x0
>  inet 192.168.1.186/24 broadcast 192.168.1.255 flags 0x0
>  inet 127.0.0.1/8 flags 0x0
>
>
> sudo service dhcpcd status
> dhcpcd is running as pid 241.
>
>
> ifconfig
> wm0: flags=0x8843 mtu 1500
>  capabilities=7ff80
>  capabilities=7ff80
>  capabilities=7ff80
>  enabled=0
>  ec_capabilities=7
>  ec_enabled=2
>  address: 68:05:ca:1b:15:f8
>  media: Ethernet autoselect (1000baseT
> full-duplex,flowcontrol,master,rxpause,txpause)
>  status: active
>  inet 192.168.1.182/24 broadcast 192.168.1.255 flags 0x0
>  inet6 fe80::638a:f74a:53da:36bb%wm0/64 flags 0x0 scopeid 0x1
>  inet6 2600:6c5e:1d00:56de:7c0e:e015:3a9a:339c/64 flags 0x0
> wm1: flags=0x8843 mtu 1500
>  capabilities=7ff80
>  capabilities=7ff80
>  capabilities=7ff80
>  enabled=0
>  ec_capabilities=17
>  ec_enabled=2
>  address: 60:45:cb:71:10:be
>  media: Ethernet autoselect (1000baseT
> full-duplex,flowcontrol,master,rxpause,txpause)
>  status: active
>  inet 192.168.1.186/24 broadcast 192.168.1.255 flags 0x0
>  inet6 fe80::6245:cbff:fe71:10be%wm1/64 flags 0x0 scopeid 0x2
>  inet6 2600:6c5e:1d00:56de:b25c:5f71:1a4b:ea17/64 flags 0x0
> lo0: flags=0x8049 mtu 33624
>  inet 127.0.0.1/8 flags 0x0
>  inet6 ::1/128 flags 0x20
>  inet6 fe80::1%lo0/64 flags 0x0 scopeid 0x3
>
> ~> dmesg | grep wm0
> [ 1.050563] wm0 at pci2 dev 0 function 0: Intel i82574L (rev. 0x00)
> [ 1.050563] wm0: for TX and RX interrupting at msix2 vec 0 affinity to 1
> [ 1.050563] wm0: for TX and RX interrupting at msix2 vec 1 affinity to 2
> [ 1.050563] wm0: for LINK interrupting at msix2 vec 2
> [ 1.050563] wm0: PCI-Express bus
> [ 1.050563] wm0: 2048 words FLASH, version 1.8.0, Image Unique ID
> 
> [ 1.050563] wm0: ASPM L0s and L1 are disabled to workaround the errata.
> [ 1.050563] wm0: Ethernet address 68:05:ca:1b:15:f8
> [ 1.050563] wm0: 0x224480
> [ 1.050563] makphy0 at wm0 phy 1: Marvell 88E1149 Gigabit PHY, rev. 1
>
> ~> dmesg | grep wm1
> [ 1.050563] wm1 at pci0 dev 31 function 6: I219 V Ethernet
> Connection (rev. 0x00)
> [ 1.050563] wm1: interrupting at msi4 vec 0
> [ 1.050563] wm1: PCI-Express bus
> [ 1.050563] wm1: 4096 words FLASH, version 0.2.4
> [ 1.050563] wm1: Ethernet address 

Re: panic: /: bad dir ino null entry

[Andy Ruhl]

On Mon, Apr 4, 2022 at 9:17 AM Bartosz Maciejewski
 wrote:
>
> Hello,
>
> Does anybody know, how I can solve this problem below? Basically
> suddenly my NetBSD running in PV mode on XCP-NG host started rebooting
> with traceback like this:
>
> Clearing temporary files.
> Updating fontconfig cache:[  15.7400601] panic: /: bad dir ino 30113744
> at offset 37896192: null entry
>
> [  15.7400601] cpu0: Begin traceback...
> [  15.7400601] vpanic() at netbsd:vpanic+0x143
> [  15.7400601] snprintf() at netbsd:snprintf
> [  15.7400601] ufs_lookup() at netbsd:ufs_lookup+0x3ba
> [  15.7400601] VOP_LOOKUP() at netbsd:VOP_LOOKUP+0x34
> [  15.7400601] lookup_once() at netbsd:lookup_once+0x18b
> [  15.7400601] namei_tryemulroot() at netbsd:namei_tryemulroot+0x307
> [  15.7400601] namei() at netbsd:namei+0x41
> [  15.7400601] vn_open() at netbsd:vn_open+0x97
> [  15.7400601] do_open() at netbsd:do_open+0x103
> [  15.7400601] do_sys_openat() at netbsd:do_sys_openat+0x8b
> [  15.7400601] sys_open() at netbsd:sys_open+0x24
> [  15.7400601] syscall() at netbsd:syscall+0x9c
> [  15.7400601] --- syscall (number 5) ---
> [  15.7400601] 6f88f9a42a4a:
> [  15.7400601] cpu0: End traceback...
>
> [  15.7400601] dumping to dev 142,1 (offset=2097151, size=0): not possible
> [  15.7400601] rebooting...
>
> I detached disks and fsck it but after connecting back to same machine
> everything started again. When I press ctrl+C just right and I cancel
> "Updating fontconfig cache" phase, it boots to login prompt. With trials
> and errors I managed to identify that /var/cache/fontconfig is directory
> that when accessed, ls, du or whatever action I take with it, its
> momentally panic :/
>
> I even created new machine from scratch and tried to rsync everything
> without /var/cache/fontconfig, and after some time, new machine started
> producing same error.
>
> I'm 100% sure all disks in SR of XCP when this VMs are, are without
> errors, even forced checked its raid didn't show any errors.
>
> While searching I stumbled upon something barely fitting my case (I
> can't find it now), that was related to rrdtool producing lots of files.
> I do have on this machine cacti with that I'm feeding with snmp data
> from other machines.
>
> So, any help or pointing to right direction will be helpfull.
>
> System is currently running with NetBSD 9.2_STABLE
>
> uname -a
> NetBSD u-dom-fw01 9.2_STABLE NetBSD 9.2_STABLE (XEN3_DOMU) #0: Sat Jul
> 17 18:46:27 CEST 2021
> root@u-dom-fw01:/root/sysbuild/amd64/obj/usr/src/sys/arch/amd64/compile/XEN3_DOMU
> amd64
>

"Lots" probably means more than cacti is producing.

This is a bug. I've run into similar panics when there is either a bad
filesystem or a bad disk. If you can, open a PR.

Andy

Re: on itself installation

[Andy Ruhl]

On Wed, Dec 1, 2021 at 12:37 AM Lizbeth Mutterhunt, Ph.D
 wrote:
>
> I tried several ways to install NetBSD 9.2 and make it CURRENT afterwards. 
> But it is an obstacle, as installation program always writes on itself until 
> the memory of the stick is full.
>
> I tried: a) extended partition (didn't work, thoughts needs a primary!)
> b) gave the primary /dev/dk2s4, didnt't work
> c) took another USB-Stick with size of 16GB.
>
> what to do?

It would help to know what type of system you tried to install on.

Also, were you able to follow the install instructions here?:
https://www.netbsd.org/docs/guide/en/part-install.html

Very basically:

Write an install image from whatever version you want to an install
medium. That medium can be CD or USB, or virtual machine can boot
directly from the image.

Boot the machine from the image.

Follow the prompts from the installer to install the system.

What part of this are you stuck on?

Andy

Re: Thoughts regarding system-backups

[Andy Ruhl]

On Fri, Jul 30, 2021 at 8:08 AM Todd Gruhn  wrote:
>
> I acquired a 500MB disk from a lappy.
>
> Ideas for a package to do system-wide backups?
> Can I put the backup in a specific dir -- ORRR must I use the entire disk?
>
> Thank you

There are many strategies to do this. Investigate dump/restore, rsync,
tar, or even packages like bacula or amanda.

I use rsync daily and dump periodically to get some flexibility.

Andy

Re: Finding out at runtime which IPSEC options are built into the kernel (IPSEC_NAT_T?)

[Andy Ruhl]

On Sun, Jun 6, 2021 at 2:49 AM Matthias Petermann  wrote:
>
> ...looks like the IPSEC_NAT_T option no longer exists, but is included
> in IPSEC instead.
>
>
> OPTIONS(4):
>
> "
>   options IPSEC
>   Includes support for the IPsec protocol, using the implementation
> derived
>   from OpenBSD, relying on opencrypto(9) to carry out cryptographic
>   operations.  See ipsec(4) for details.
>
>   options IPSEC_DEBUG
>   Enables debugging code in IPsec stack.  See ipsec(4) for details.  The
>   IPSEC option includes support for IPsec Network Address Translator
>   traversal (NAT-T), as described in RFCs 3947 and 3948.  This feature
>   might be patent-encumbered in some countries.
> "
>
>
>
> Am 06.06.21 um 11:28 schrieb Matthias Petermann:
> > Hello,
> >
> > the subject probably already summarises the question - here is just a
> > brief background: I would like to establish an IPSEC connection from a
> > NetBSD box behind a NAT router to a IPSEC-VPN. My understanding is that
>
> > the kernel must have the appropriate IPSEC_NET_T-option for this. Can I
>
> > somehow find this out reliably at runtime?
> >
> > I have a NetBSD 9.2_STABLE with GENERIC kernel on evbarm.
> >
> > Small additional question: Does anyone here happen to have general
> > experience with whether and how a VPN connection to a FritzBox can be
> > established with NetBSD on-board means (racoon)? I have already done a
> > lot of research on this - most of the tutorials and blogs on this are
> > already over 5 years old, and there have already been several firmware
> > updates of the FritzBoxes in the meantime, so it is not easy to narrow
> > down where the error lies.
> >
> > Kind regards
> > Matthias
> >
>

Hopefully this helps someone searching:

The options(4) man page shows this line:

strings netbsd | sed -n 's/^_CFG_//p' | unvis (note that "netbsd" is
the kernel file, usually at /netbsd)

This will work if the kernel has the INCLUDE_CONFIG_FILE option which
I believe is on by default.

It shows all options compiled into the kernel. I've used it many times
to figure out what I did on some kernel.

Andy

Re: IPv6: in6_setscope: can't set scope for not loopback interface

[Andy Ruhl]

On Thu, Apr 22, 2021 at 2:10 AM Jörn Clausen  wrote:
>
> Hello Robert!
>
> Thanks for the reply. As you suggested, I tried tcpdump. BTW: This is all 
> happening on the actual network interface, not the loopback interface.

Yes but it's still useful to see ifconfig -a output as he asked for in
case you have some strange setup locally.

Andy

Re: Tunneling in NetBSD

[Andy Ruhl]

On Mon, Nov 16, 2020 at 7:29 AM Greg Troxel  wrote:
> There is another big issue lurking, which is how VPN approaches interact
> with firefwall traversal.  There are a lot of firewalls that block a lot
> of things out there.

Yes, very much true. I like a layer 4 methods on clients for this
reason. They seem to survive NAT.

Andy

Re: Tunneling in NetBSD

[Andy Ruhl]

Just a general question to this thread:

How do clients use OpenVPN? Do you have to install it, and is it
widely available? My basic research suggests that most clients will
have to install it.

What about built in VPN clients? Isn't L2TP pretty much standard?

Thanks.

Andy

Re: How to install KDE on NetBSD?

[Andy Ruhl]

On Sat, Sep 19, 2020 at 2:34 AM Barry Scott  wrote:
>
> I'd like to install KDE on NetBSD 9.
>
> Is there a guide I can follow with the details of which
> packages and config are required?

Make yourself aware of pkgsrc and pkgin.

When you get it set up, it should be as easy as "pkgin install kde4".

Andy

Re: I finally bricked my NetBSD system

[Andy Ruhl]

On Thu, Jul 16, 2020 at 9:28 PM Martin Husemann  wrote:
> Either set TERM and export it, or instead of chsh do some simple hack
> like:
>
> cp /bin/csh /usr/pkg/bin/tcsh

I'm not claiming this will work, just looking for feedback.

What about booting from install media and dropping /rescue/sh into
whatever the defined shell path is? Isn't that a statically linked
binary that should work pretty much anywhere? Isn't that kinda what
it's for?

Andy

Re: Securing DNS traffic

[Andy Ruhl]

So I'm not big into DNS and I don't have a firm grasp on all of these
techniques, but I have an idea.

This is all just a big game of who are you hiding from right? If you
hide from your ISP, now you have to trust the DNS server provider. Who
among them are to be trusted?

For example I'm pretty sure I could set up a DNS proxy somewhere in
the "cloud" on some minimal operating system, then run ipsec in
transport mode between my router and that server, and point all my
clients to my proxy. There, I've successfully hidden from my ISP. I
could do it over IPv6 just to be extra obfuscated.

But does my ISP now get interested and ask the cloud provider where my
DNS traffic is going, then they ask the DNS server provider on the
other end? This is all very black helicopter type of stuff but I
suppose it's possible. Is this really how far it goes? Do I really
have to do everything through Tor?

Maybe I missed something.

Andy

Low power system with built in GPS, WiFi?

[Andy Ruhl]

I'm currently using a Raspberry Pi Zero with a camera for something
(using raspbian), and I want to do something similar but I'm hoping to
get onboard GPS. I want to run it on a battery.

Also if the WiFi adapter could do hostap, this would be a bonus.

Does such a thing exist?

A USB camera could be used but I've never done anything with cameras
and NetBSD, is it possible?

The goal is to be able to stream video to another WiFi device, and
possibly log GPS location.

Thanks.

Andy

Question about resize_ffs or resize_root=YES

[Andy Ruhl]

I feel like I'm missing something here, if so sorry about that.

I have a VMWare virtual machine running 9.0. I did a quick minimal
system install on another disk to try to extend the root filesystem of
my main system disk. I extended the physical disk in VMWare, so I'm
trying to extend the root filesystem into it. There is only the root
partition.

resize_ffs exited without errors but it didn't do anything. Tried
multiple times, including with verbose. I mounted it in the temp
system and it's still it's old size. The man page seems to imply it
will extend the filesystem automatically. I tried writing the new
slice size with fdisk then doing resize_ffs, this didn't help.

I also tried booting with resize_root=YES and that didn't work either.

Am I missing something? I've never done this before.

Andy

Re: Moritz Systems

[Andy Ruhl]

On Wed, Mar 4, 2020 at 5:27 AM Kamil Rytarowski  wrote:
>
> I’m pleased to inform you about my new project. I have founded Moritz
> Systems. Moritz Systems is an IT start-up with focus to commercialize
> NetBSD derived products.

I wish you luck and good fortune. I hope some of that good fortune
gets fed back into the code!

My particular interest in commercial BSD based products is around
networking. I haven't done much to research this, but I'm aware of a
few things. It's always fun to see something new.

Andy

Re: sdf members : please participate in the poll for choice of OS

[Andy Ruhl]

I voted.

Linux is boring.

Andy

Re: Swap over NFS

[Andy Ruhl]

On Tue, Apr 2, 2019 at 2:07 AM BERTRAND Joël  wrote:
>
> Hello,
>
> I'm trying to configure swap over NFS (on a diskless workstation).
>
> I have created a swapfile on nfsserver:/srv/schwarz/ (swapfile.0) and
> added in client /etc/fstab :
>
> nfsserver:/srv/schwarz/swapfile.0 none swap sw,nfsmntpt=/swap
>
> nfs server seems to run as expected as client can mount
> nfsserver:/srv/schwarz in /
>
> But when I try to mount swap, sysctl returns an error :
>
> schwarz# swapctl -A
> mount_nfs: can't access /srv/schwarz/swapfile.0: Permission denied
> swapctl: 192.168.10.128:/srv/schwarz/swapfile.0: mount failed

I looked at an old Dreamcast nfs root from a long time ago and found
the fstab file, and it says this:

nfsserver_ip:/usr/local/dc / nfs rw,auto 0 0
nfsserver_ip:/usr/local/swap none swap sw,nfsmntpt=/swap 0 0

/usr/local/dc is the / filesystem, so swap is actually one directory
up from the root. I haven't seen the nfsserver side but I assume
/usr/local is exported.

I hope that helps.

Andy

Re: Install kernel and userland without source?

[Andy Ruhl]

On Sat, Feb 9, 2019 at 2:09 PM J. Lewis Muir  wrote:
>
> I have an amd64 router running the netbsd-8 stable branch that does not
> have sources and does not have pkgsrc, and I'd like to build the kernel
> and userland from source on another machine and then install them on the
> router; how do I do that?

I didn't read all of the responses, sorry if I repeated something.

I usually don't use source unless I want to build my own custom
kernel, but I just do that after installing a system and then adding
my kernel later.

I tend to upgrade by just downloading an install kernel and then
pointing it to a NetBSD ftp mirror.

At some point (maybe this is still true), you could do "build
distribution" and it would package the whole thing up into installable
packages.

You could point and install kernel at a local ftp server (or whatever
server) with these distribution files you built yourself and upgrade
your system that way.

I make backups of the system (/etc in particular) but the official
NetBSD builds installed over ftp with an install kernel "never" break
anything for me, so I've become very comfortable with it.

Andy

Re: Ethernet auto-select and concurrent 10, 100 and 1000 connections

[Andy Ruhl]

On Sat, Feb 2, 2019 at 10:18 AM  wrote:
>
> Hello,
>
> I have a NetBSD serving FFSv2 filesystems to various Windows nodes via
> Samba.
>
> The network efficiency seems to me underpar.
>
> There is very probably Samba tuning involved. Windows tuning too. But a
> question arised to me about miscellaneous speeds of ethernet cards
> connecting to a card on the NetBSD server able of auto-selecting the
> speed between 10 to 1000.
>
> The Windows boxes are very hetergoneous (one might even say that there
> are not too same Windows OS versions, because some hardware is quite
> old) and the cards range from 10 to 1000 able ethernet devices.
>
> Needless to say, there is a switch (Cisco) on which all the nodes are
> connected.
>
> When concurrent accesses to an auto-select ethernet card are done by
> ethernet cards ranging from 10 to 1000 speeds, are is this handled by
> the card?
>
> Is the speed adapted to each connected device? Or does the serving card
> fix the speed, during a slice of time, for all connexions to the minimum
> speed?
>
> What is the "cost" of switching the speed or, in other words, is
> connecting a 10base card able to slow done the whole throughput of the
> card even for other devices---due to the overhead of switching the speed
> depending on connected devices?
>
> (The other question relates to the switch but not to NetBSD: does the
> switch have a table for the connected devices and buffers the
> transactions, rewriting the packets to adjust for the speed of each of
> the devices?).
>
> If someone has any clue on the subject, I will be very thankful to
> learn!

As you probably suspect, this isn't a NetBSD issue, and is something
you can read on extensively on the internet. Maybe you need a place to
start, which is often where I find myself on many subjects. I probably
will miss something.

The switch negotiates connections on a port by port basis. So if one
device is 1 gig, it will negotiate 1 gig. If another device is 10
megabit, it will negotiate that. Each port is a separate entity. Then
you have half vs. full duplex. So what happens when they talk?

The switch does something at layer 2 called RED or WRED (Weighted
Random Early Detection) to decide if one port is going too fast for
another. It's not really an ideal place to be, and it usually happens
when either you have different adapter speeds or you have a whole lot
of machines on lots of ports trying to overrun 1 port (like an uplink
port).

But you're hoping it doesn't come to that. It's best if TCP just does
it's thing and sets the window size to one that both sides can handle
nicely and things "just work". RED or WRED will happen but hopefully
less.

I'd love someone to correct me if I'm wrong on this.

If you're asking if using a 10 megabit adapter is the best way to do
traffic shaping, it isn't, and that's a whole different subject that
probably doesn't belong here.

Andy

Re: IPv6 on NetBSD 8

[Andy Ruhl]

On Mon, Jan 28, 2019 at 5:23 PM Jan Danielsson
 wrote:
>
> Hello,
>
>I have a vague memory of having read that IPv6 autoconfiguration has
> changed in NetBSD 8.  Something along the line of "rtadvd is dead, now
> dhcpcd is the way to go".  Am I remembering correctly?  If so; has
> anyone written a migration guide?

I'm trying to become well educated on IPv6 but I'm learning new stuff
all the time. Probably a lot of people are.

dhcpcd is now the standard, and the dhcpcd.conf man page states this:

 ipv6Enable IPv6 on the interface, on by default.

 ipv6ra_autoconf
 Generate SLAAC addresses for each Prefix advertised by an IPv6
 Router Advertisement message with the Auto flag set.  On by
 default.

http://netbsd.gw.com/cgi-bin/man-cgi?dhcpcd.conf++NetBSD-current

So if you're doing something more fancy than just taking a router
advertisement and auto configuring an address, you'll probably have to
read that and figure it out. It seems pretty well functioned for IPv6
from how I read it.

I really need to do more IPv6 testing on NetBSD

Andy

Re: dhcpcd failure

[Andy Ruhl]

On Fri, Jan 18, 2019 at 2:09 AM Roy Marples  wrote:
>
> Hi Fred
>
> On 18/01/2019 06:05, triaxx wrote:
> > I experienced a dhcpcd that cannot connect to a Cisco gateway through a
> > fresh NetBSD 8.0. I tried dhclient which succeed.
> >
> > I didn't see relevant diff between MAIN and netbsd-8.
> >
> > I would like to send a PR but I'm interesting to know what informations
> > could be relevant/helping.
>
> You could try editing /etc/dhcpcd.conf and commenting out duid and using
> clientid. If that still fails, try commenting out both.
>
> If either work, complain to Cisco about their lack of RFC compliance.
> Regardless, let me know the outcome please.

If it really is a Cisco compliance issue, I'd like to see a wireshark
of the failing request and the successful one for my own amusement.
This command seems to work on my mac, I'm guessing it will be similar
on NetBSD except the interface name:

tshark -i en0 -f "udp port 67 or 68" -w dhcp.pcap

Andy

Re: message board recommendations

[Andy Ruhl]

On Mon, Jan 7, 2019 at 7:38 PM  wrote:
>
> Can anyone recommend a good* message board to use? I would prefer perl, but
> I'm not opposed to other languages. I didn't find anything with pkgin search
> so if there is already something packaged then please let me know.
>
> *It doesn't have to have all the bells and whistles. Just as long as its easy
> to install and maintain. Or I should say relatively easy. I Have already 
> looked
> at YaBB, which I think will meet my needs. Unfortunantly the installation may
> prove faulty. The file permissions listed in their docs don't work. I had to
> revert to the ole chmod -R 777 to get it working. Don't think I want to spend
> the time finding the least permissions per file.

A very long time ago (12 years?) I used phpbb and I liked it. It kind
of doesn't meet your specs for Perl and easy to use (it needs a
database back end). I don't remember any scary file permissions issues
but times were different back then. I think I tried yabb and didn't
use it for some reason, maybe the same reason as yours?

Andy

Re: Recommendations for small router?

[Andy Ruhl]

On Sun, Nov 25, 2018 at 12:26 PM Lars-Johan Liman  wrote:
>
> [Sorry, sent a version of this from the wrong account a minute ago ...]
>
> Hi!
>
> Can anyone recommend a small piece of equipment for a home router that
> supports the following:
>
> *) Decently supported by and stable operation with NetBSD.
>
> *) At least 4 GB RAM.
>
> *) At least 2 GigE-ports (preferrably 3-4), and able to shuffle bits at
>line speed between the two.
>
> *) Able to take a fairly large disk (possibly external) for medium speed
>storage. It doesn't have to blindingly fast (no video editing!), but
>I want to be able to have my home directory on it and use it from a
>different machine.
>
> *) Not too noisy (fanless preferred but not required).
>
> *) Graphics can be very basic, or it can have a serial interface.

Probably a lot of people have similar wants/needs. 4 gigs of memory
limits you mostly to i386 or amd64 unless I'm behind the times. You're
really talking about a Mini-ITX system probably. Those are pretty
prevalent and should be supported pretty well if you don't buy a
bleeding edge one.

On the smaller SoC Arm boards, I'm finding that NetBSD isn't as fast
as Linux although much nicer to work with.

The Rock64 isn't far off but doesn't have multiple network interfaces.
And I don't know how far along NetBSD support is yet. I see some
messages about it.

Looking forward to other responses.

Andy

Re: Serial SLIP Connection

[Andy Ruhl]

On Thu, Nov 1, 2018 at 10:50 AM Dan Plassche  wrote:
> ifconfig sl0 inet 10.0.2.7 10.0.2.6 arp up
> route add default 10.0.2.6
>
> 5. Setup interface on server
>
> ifconfig sl0 create
> slattach -l -s 9600 -t slip /dev/tty00
> ifconfig sl0 inet 10.0.2.6 10.0.2.7 arp up

I haven't done this in a really long time, but I don't remember
needing cu when using 2 directly attached machines over a null modem.
Just slattach. Maybe that changed.

I also seem to recall using a /30 and a netmask for both ends. Your
addresses don't belong to the same /30. Try using .1 and .2 or .5 and
.6.

Just stuff to try. I can't say that this info is useful 20 years later.

Andy

Re: Simple way to securely access remote machine that's behind a NAT?

[Andy Ruhl]

On Tue, Sep 25, 2018 at 8:49 AM David Young  wrote:
> I added UDP encapsulation to gre(4) in NetBSD specifically to pierce NAT
> firewalls, however, I don't know if Linux also has a UDP encapsulation
> for GRE.

That's pretty cool. I will try it at some point. That plus a private
IP address on both sides would solve this pretty cleanly.

This is off topic, but it was alluded to earlier:

I think it's possible for a router to forward an IP protocol inward
via NAT, such as GRE? Or am I mistaken?

Andy

Re: Recommended desktop environment?

[Andy Ruhl]

On Wed, Sep 5, 2018 at 3:09 AM Wean Irdeh  wrote:
>
> Hi all mailing list members! What is your recommended desktop environment for 
> NetBSD?

This should be fun. I'm way behind the times in this area. Way back in
the early 2000s or so I was using KDE3 on NetBSD quite happily. I
haven't used a desktop a whole lot since then for the usual boring
reasons.

I use blackbox if I need to use a desktop on any of the BSDs but it's
not got a lot of features. It works fine though.

Andy

Re: High latency for IPv6 on netbsd-8

[Andy Ruhl]

On Fri, Jul 27, 2018 at 8:46 PM, Gua Chung Lim  wrote:
> Scarcely, ping6 works at the first boot, while ping (IPv4) always works 
> pretty fine. Mostly, I have to disconnect and re-connect the network 3-4 
> times to have ping6 work. I haven't encountered this issue on netbsd-7.
>
> Related lines in /etc/rc.conf...
> # auto_ifconfig=YES
> #wpa_supplicant=YES
> #wpa_supplicant_flags="-i iwm0 -c /etc/wpa_supplicant.conf"
> ip6mode="autohost"
> dhcpcd=YES
> dhcpcd_flags="-t 0" # -b
> #ifconfig_wm0=dhcp
>
> I don't know where I shall investigate.
> Any suggestion would be much appreciated.
>
> * Gua Chung Lim (gua.chung...@gmail.com) wrote:
>> Hi,
>>
>> I have been using NetBSD 8.0 for a few days.
>> I found some inconsistency.
>> Sometimes I cannot ping6 anywhere.
>> But many times I can, and without touching any configuration.
>> Occasionally, I have to wait 10-15 minutes after boot,
>> in order to get access to IPv6 addresses.
>> Disabling NPF does not fix it.
>> I don't know much about IPv6, but on netbsd-7 it simply works.
>> Any suggestion would be highly appreciated.
>>
>> % grep dhcp /etc/rc.conf
>> dhcpcd=YES
>> dhcpcd_flags="-t 0"
>> #ifconfig_wm0=dhcp
>>
>> % cat /etc/resolv.conf
>> # Generated by resolvconf
>> nameserver 192.168.1.1
>> nameserver fe80::1%wm0

Based on these nameserver addresses, I'm assuming this is a host
underneath another router you have?

If that's the case, it might be useful to wireshark or tshark the IPv6
autoconfig process for NetBSD-7 and NetBSD-8 to see what the
difference is. If you can do this from the router that is providing
the IPv6 info, even better.

It should not take 10 minutes to get an IPv6 address after boot.

Andy

Re: How to debug IPV6

[Andy Ruhl]

On Sun, Jun 17, 2018 at 8:47 AM, D'Arcy Cain  wrote:
> I thought that I had everything set up properly but it doesn't
> communicate.  Here are two interfaces on the same network.

Try pinging the link local addresses as long as they are on the same
layer 2 segment. For example:

ping6 e80::230:48ff:fe8f:7608%wm0

If you can't do that, you have bigger issues.

Pinging all hosts as stated elsewhere and checking ndp -a is also helpful.

Andy

Re: RPI2 as a Router on a Stick

[Andy Ruhl]

On Sat, Apr 28, 2018 at 5:16 PM, Andy Ruhl <acr...@gmail.com> wrote:
> The other option which would have worked fine is if you made one of
> the vlans native and just configured one vlan on NetBSD, and put the
> other subnet on the "base" interface usmsc0.
>
> Cisco config would look like this:
>
> switchport mode trunk
> switchport trunk allowed vlan 101,102
> switchport trunk native vlan 101

Replying to myself.

Should have warned that this is vulnerable to a "Q in Q" attack but
it's not a big deal if it's just local traffic.

Andy

Re: RPI2 as a Router on a Stick

[Andy Ruhl]

On Sat, Apr 28, 2018 at 2:28 PM,   wrote:
> Hi NetBSD Users
>
> I've been working on a personal project to use a Raspberry Pi2 as a 'router
> on a stick' and have documented my progress: https://www.fukr.org.uk/?p=184
>
> I've only used NetBSD now and again and would like someone to proof-read the
> page. Would someone 'do the honours' and inform me of any glaring mistakes.

Amusing URL.

Looks good to me for the most part, although I have to admit I haven't
done this in years.

Don't enable remote root login. Just create a user and add it to the
wheel group so it can su to root. I suppose if it's not connected to
the internet or anything else, it's fine though.

This article assumes you're doing something like this on the Cisco:

switchport mode trunk
switchport trunk allowed vlan 101,102

The other option which would have worked fine is if you made one of
the vlans native and just configured one vlan on NetBSD, and put the
other subnet on the "base" interface usmsc0.

Cisco config would look like this:

switchport mode trunk
switchport trunk allowed vlan 101,102
switchport trunk native vlan 101

I have been meaning to make an internet facing router out of NetBSD
and npf for a while just never got around to it. My "lan" side network
is a Juniper switch (because BSD) with 4 vlans.

Andy

Re: Upgrading perl breaks netdisco

[Andy Ruhl]

On Sun, Apr 1, 2018 at 7:19 AM, Manuel Bouyer  wrote:
>
> Probably; if you upgrade perl you probably need to rebuild/reinstall every
> perl modules.
>

Disregard. This is meant for the netdisco list. Must be "net" in the
name that made me send to the wrong list...

Sorry about that.

Andy

Upgrading perl breaks netdisco

[Andy Ruhl]

I'm sorry if I missed something obvious. I searched a bit and couldn't
find the proper solution.

I have a raspberry pi I use to test some Netdisco stuff. I recently
upgraded it from jessie to stretch, and it broke Netdisco:

 $ netdisco-web start
Attempting to create directory /home/netdisco/perl5
Unable to create /home/netdisco/perl5/lib/perl5/5.24.1: No such file
or directory at /home/netdisco/perl5/lib/perl5/local/lib.pm line 686.
BEGIN failed--compilation aborted at /home/netdisco/bin/localenv line 7.
$ ~/bin/localenv cpanm --notest App::Netdisco
Attempting to create directory /home/netdisco/perl5
Unable to create /home/netdisco/perl5/lib/perl5/5.24.1: No such file
or directory at /home/netdisco/perl5/lib/perl5/local/lib.pm line 686.
BEGIN failed--compilation aborted at /home/netdisco/bin/localenv line 7.

5.24.1 seems to be the new version of perl, and this directory does
not exist. Some older ones do:

$ pwd
/home/netdisco/perl5/lib/perl5
$ ls -1d 5*
5.20.0
5.20.2

I'm sure I could just re-install and connect to the database that's
already there. Is this the best way though?

Thanks.

Andy

Re: TCP Timestamp Vulnerability

[Andy Ruhl]

On Thu, Mar 29, 2018 at 10:43 AM, Richard Sass  wrote:
> "The remote host implements TCP timestamps, as defined by RFC1323. A
> side effect of this feature is that the uptime of the remote host can be
> sometimes be computed."
>
> Additional: http://www.securiteam.com/securitynews/5NP0C153PI.html
>
> I think the thought behind this is that if a person can determine the uptime
> of a system then this might be additional information that could be used to
> target an attack. For example: if a system has been up for a year then it
> probably hasn't been patched with recent security patches giving the
> attacker another piece of information on how to attack the system. I'm not
> sure if there may be more to it than that.

Is this a similar problem then?

# hping --icmp-ts -c 1 127.0.0.1
HPING 127.0.0.1 (lo0 127.0.0.1): icmp mode set, 28 headers + 0 data bytes
len=40 ip=127.0.0.1 ttl=255 id=0 icmp_seq=0 rtt=0.5 ms
ICMP timestamp: Originate=15774697 Receive=15774697 Transmit=15774697
ICMP timestamp RTT tsrtt=1


--- 127.0.0.1 hping statistic ---
1 packets tramitted, 1 packets received, 0% packet loss
round-trip min/avg/max = 0.5/0.5/0.5 ms

I'm not aware of a way to prevent this reply without blocking all ICMP
which isn't always a good idea. Maybe npf can do it?

Andy

Re: Unable to join open WEP wireless network

[Andy Ruhl]

On Fri, Feb 2, 2018 at 2:55 AM, Martin Husemann  wrote:
> On Thu, Feb 01, 2018 at 09:34:48PM +, Xianwen Chen (???) wrote:
>> Dear Dave,
>> Thank you. An open WEP network is a network that does not require
>> password or key.
>
> Dave's point is: technically that should not be possible, how do you
> encrypt the packets when there is no key?

I was reading this from the context of "oh you have to use the old WEP
way" to connect to an open network using ifconfig. I remember doing
this many years ago.

I have no idea if stuff changed since then, but the ifconfig command
still appears to support connecting to open networks and WEP
networks... Just need to figure out what is happening in this case.

Andy

Re: Unable to join open WEP wireless network

[Andy Ruhl]

On Thu, Feb 1, 2018 at 4:25 AM, Chen, Xianwen (陈贤文)
 wrote:
> Dear NetBSD users,
>
> I am having trouble connecting NetBSD to an open WEP wireless network,
> called "ks-guest". Because my Android mobile phone is able to connect
> to "ks-guest", the network is functioning.
>
> "ifconfig iwi0 list scan" gives the following output:
> SSID  BSSID  CHAN RATE  S:N INT 
> CAPS
> ks-nett   24:01:c7:14:2a:601   54M  37:0
>  102 EPS  RSN WME
> ks-guest  10:bd:18:f0:26:f21   54M  69:0
>  102 ES   WME
> ks-mobil  10:bd:18:f0:26:f11   54M  69:0
>  102 EPS  RSN WME
> ks-mobil  24:01:c7:14:2a:611   54M  36:0
>  102 EPS  RSN WME
> ks-guest  24:01:c7:14:2d:d26   54M  55:0
>  102 ES   WME
> ks-guest  24:01:c7:14:27:326   54M  49:0
>  102 ES   WME
> GSS-KS30:b5:c2:3e:7b:d8   11   54M  51:0
>  100 EPS  RSN WME
> ks-nett   cc:d5:39:cc:61:a0   11   54M  52:0
>  102 EPS  RSN WME
> ks-guest  cc:d5:39:cc:61:a2   11   54M  53:0
>  102 ES   WME
> ks-mobil  cc:d5:39:cc:61:a1   11   54M  54:0
>  102 EPS  RSN WME
> KSA-Trakterietcc:d5:39:cc:61:a3   11   54M  50:0
>  102 EPS  RSN WME
>
> I try to connect to "ks-guest" by "ifconfig iwi0 ssid ks-guest
> -nwkey". When I run "ifconfig", the ssid is updated. However, the
> status remains "no network":
> iwi0: flags=8843 mtu 1500
> ssid ks-guest
> powersave off
> bssid 10:bd:18:f0:26:f0
> address: 00:12:f0:f2:14:c4
> media: IEEE802.11 autoselect
> status: no network
> inet6 fe80::212:f0ff:fef2:14c4%iwi0 prefixlen 64 detached scopeid 0x3
>
> I tried to specify bssid and channel by for example "ifconfig -s iwi0
> ssid ks-guest bssid 24:01:c7:14:2b:e2 chan 6 -nwke". However, the
> status does not change.

I might not be helping much but I will try.

I haven't done this in a really long time, but I know for sure that
this used to work. I would use an ifconfig command to connect to WEP
networks. This was an 802.11b network though, not sure if that makes a
difference.

Did you try without -nwkey? Did you try specifically setting the media
type (maybe "mode 11g" or whatever it is)?

Maybe try to tcpdump the interface to see if it really is offline...

Andy

Net neutrality changes?

[Andy Ruhl]

I'm wondering if anyone has seen any changes since the net neutrality vote?

I have 3 routers on "the internet" (home ISPs) in a trangle using
IPSEC and tunnels. I can no longer ping or connect to 2 of them.

The one I can connect to from the internet is my own. My ISP has a
statement that I read as "nothing will change" in regards to net
neutrality. The other 2 ISPs have no statements. And I can't connect
to the routers I have on their networks.

I'm hoping this is just some coincedence and I'm being paranoid...

Andy

Re: Can I install NetBSD on the same usb installation disk?

[Andy Ruhl]

On Fri, Nov 24, 2017 at 6:00 AM, Chavdar Ivanov  wrote:
> Rereading the question - you can do the same partition expansion if
> you are using the installation image, not the live image. If you want
> to reuse the remaining space for another reason, then I guess you
> could use fdisk to create partitions past the first NetBSD one and
> format these, but I've never tried it.

This is probably off topic, but I'll try anyway. I want to create a
USB install "disk", and then use another blank USB disk to install
onto.

Does this work? I haven't tried yet. This would be nice to test things
out so I don't disrupt the internal disks.

Andy

Re: Using a 4TB (Now 3TB) SATA disk with i386?

[Andy Ruhl]

On Mon, Nov 20, 2017 at 3:17 AM, Stephen Borrill
 wrote:
> Have I missed some context here? It is not complex to boot a BIOS-based
> machine from a GPT disk. That's what gpt biosboot is for. I've been using
> even on NetBSD 5 on a 4TB hardware RAID array (backported the changes from
> newer NetBSD to -5).

Yeah, you probably did.

I don't think anyone thinks the functionality doesn't exist.

My concern was that it was hard for me, as a new person to "large"
disks on NetBSD, to understand where to start.

There is conflicting information, or a complete lack of it depending
on where you look.

Michael's reply was exactly what I needed, and as far as I can tell,
that particular information doesn't exist anywhere else in "guide"
form (but please correct me if I'm wrong).

Again, this is in the context of a new person asking "where do I start".

When I searched on NetBSD and large disks, I came up with a page
talking about 137GB as a "large" disk:

https://www.netbsd.org/about/features.html

I can't find anywhere in the guide docs that discuss GPT or UEFI. It's
all over the place if I search but it's generally a little old. The
GPT stuff I found didn't point out that you don't have to manually
create a wedge anymore for instance.

Andy

Re: Netbsd-7/i386 won't boot on new motherboard/CPU

[Andy Ruhl]

On Thu, Nov 16, 2017 at 5:10 PM, ssartor  wrote:
> Kind of a ‘me too’ but I just bought a Zotac Zbox Ci327 for use as a small 
> home office server/firewall.  Like your MSI board, it has a newer generation 
> CPU, in this case a Celeron N3450 quad-core (Apollo Lake, Goldmont 
> architecture, slightly older than Kaby Lake).  In my case, neither NetBSD 7, 
> 8 or current would boot — always died with a ‘cpu 1: failed to start’ 
> message. After some poking around I found I could boot the machine by turning 
> off SMP (boot -1).  It’s running fine now on NetBSD 7 but it does seem as if 
> current generation Intel parts are problematic.

I built a new netbsd-8 kernel (with source from about the same time as
the binaries I used to install) and the only difference from GENERIC
is I enabled PAE in the config.

It now runs fine with smp and acpi enabled.

No idea why it was so unstable before.

Andy

Re: Some problems moving to new hardware with NetBSD-8/i386

[Andy Ruhl]

On Sat, Nov 18, 2017 at 6:24 AM, Manuel Bouyer  wrote:
>> 4. My wm based gigabit ethernet adapter has performance problems, I
>> was told about this in another thread. So I'm using a USB cdce one for
>> now. Seems to work fine. I'd rather use a PCI-E card. Can someone
>> recommend one?
>
> wm(4) should work. Maybe you have interrupt problems, probably related
> to the fact that you disable ACPI. If this is the case, other add-on
> adapters might have the same problem.

You're probably right. I built a new kernel with PAE enabled (no other
changes from GENERIC) and now the machine boots OK with smp and acpi.

The wm adapter works fine now as well.

Thanks.

Andy

Re: Some problems moving to new hardware with NetBSD-8/i386

[Andy Ruhl]

On Sun, Nov 19, 2017 at 8:19 AM,  <co...@sdf.org> wrote:
> On Sun, Nov 19, 2017 at 08:03:48AM -0700, Andy Ruhl wrote:
>> But now it works fine. Don't know why.
>
> There are some problems with -current people are working on, they
> don't always trigger or for everyone. I think you hit one of them.
>
> http://gnats.netbsd.org/52676

Yeah, likely. This is NetBSD-8 though, so it seems to exist there as well.

Andy

Re: Some problems moving to new hardware with NetBSD-8/i386

[Andy Ruhl]

On Sat, Nov 18, 2017 at 11:26 AM,   wrote:
> I assume these are the cause and effect, why do you need to disable SMP
> and ACPI?

You could be right. I build a kernel with PAE enabled from sources
from about the same time as the netbsd-8 level I installed.

I let it boot normally, and it boots fine.

I was having multiple problems with the machine not booting without
either -1, -2, or both in another thread.

Without -1 (disable smp) it would get to fsck and hang, and sometimes
panic if I used ctrl-c to break out of the hang.

Without -2 (disable acpi) it would hang at the last printf statement
in the kernel before init starts. Don't know why. -2 solved it. Maybe
this was not the real cause.

But now it works fine. Don't know why.

Andy

Re: Some problems moving to new hardware with NetBSD-8/i386

[Andy Ruhl]

On Sat, Nov 18, 2017 at 6:24 AM, Manuel Bouyer  wrote:
> Is it with X11, or a more general problem ? we don't have support for
> the kabylake graphics and default to the generic VESA driver, that
> may explain it.

Thanks for the education! This is why I use NetBSD.

I'm not using graphics, it's just a small headless server system.
Commands don't seem to run as quick as before for whatever reason.

I'm building a netbsd-8 PAE kernel now.

At some point I will try amd64. Not sure if it's possible to migrate
or if I will have to just rebuild it with a new root disk. I'll
research that.

Andy

Some problems moving to new hardware with NetBSD-8/i386

[Andy Ruhl]

Hello all, I tried searching on this stuff but didn't find much in
regards to NetBSD.

Unfortunately I'm not a developer, so I can't help to fix this
stuff... But I will help in any way I can.

My old machine died. I bought a cheap motherboard/memory/cpu combo
because in the past I found that buying something a year or 2 old was
a good idea. More stuff would be supported.

It's an MSI H110M Gaming motherboard, Micron 4gig DDR4 memory stick,
and Intel Celeron dual core G3930 Kaby Lake CPU. I haven't used Intel
stuff for a long time, it was AMD for years.

I'm having enough problems trying to upgrade my old i386 server
machine such that I'm hoping someone can tell me "Just by this
motherboard/memory/cpu" or even some pre-built machine. I want to
upgrade to amd64 (x86_64) at some point, and I will do that if it will
solve some of these problems.

Problems:

1. Memory is not detected as 4GB:

NetBSD 8.0_BETA (GENERIC.201711131530Z)
total memory = 2209 MB
avail memory = 2153 MB

The motherboard's BIOS reports 4096 MB of memory.

2. I can't boot the machine reliably without interrupting the
bootloader and doing this:

boot -1 -2 (disable SMP, disable ACPI)
(I can't figure out how to disable ACPI in the BIOS, but I can disable SMP)

Can someone recommend a kernel config that might be more stable?

-current doesn't seem to be significantly different. I still have to
boot with -1 -2 to make it stable.

3. Some hardware is not supported on the motherboard, but the one that
hurts the most is the ethernet adapter:

# dmesg | grep ^vendor
vendor 8086 product 1911 (miscellaneous system) at pci0 dev 8 function
0 not configured
vendor 8086 product a131 (miscellaneous DASP, revision 0x31) at pci0
dev 20 function 2 not configured
vendor 8086 product a13a (miscellaneous communications, revision 0x31)
at pci0 dev 22 function 0 not configured
vendor 8086 product a121 (miscellaneous memory, revision 0x31) at pci0
dev 31 function 2 not configured
vendor 8086 product 15b8 (ethernet network, revision 0x31) at pci0 dev
31 function 6 not configured

4. My wm based gigabit ethernet adapter has performance problems, I
was told about this in another thread. So I'm using a USB cdce one for
now. Seems to work fine. I'd rather use a PCI-E card. Can someone
recommend one?

5. It "feels" generally slow. Slower than my 8 or so year old AMD
system with 1 gig of memory. But I'm not sure if this is real.

Ok, enough for now.

Andy

Re: Using a 4TB (Now 3TB) SATA disk with i386?

[Andy Ruhl]

On Sat, Nov 18, 2017 at 3:42 AM, Michael van Elst  wrote:
> Use the gpt tool to create a GUUID Partition Table and add a ffs partition
> covering all free space, aligned for 4k physical sectors.
>
> - gpt create wd1
> - gpt add -a 4096 -t ffs -l A_unique_name_for_it wd1
>
> On older NetBSD, add the wedge manually as instructed by gpt, or reboot
> to let autodiscover do it. On newer NetBSD, gpt runs 'dkctl makewedges'
> for you.
>
> Use newfs to format the wedge.
>
> - newfs -O2 NAME=A_unique_name_for_it
>
> Add it to fstab.
>
> - NAME=A_unique_name_for_it /my/mount/path ffs rw,log 1 2
>
> Mount the filesystem
>
> - mount /my/mount/path

That was exactly what I needed, I have the new disk mounted and I'm
copying data to it now.

I'm having lots of problems trying to get this old machine onto newer
hardware, but I'll start a new thread about that.

Thanks!

Andy

Re: Using a 4TB (Now 3TB) SATA disk with i386?

[Andy Ruhl]

On Thu, Nov 2, 2017 at 6:15 AM, Jonathan A. Kollasch
<jakll...@kollasch.net> wrote:
> On Thu, Nov 02, 2017 at 05:56:07AM -0700, Andy Ruhl wrote:
> It's not uncommon for newer USB drives to present themselves with 4KiB
> logical sectors, despite the fact that the disks within are actually
> 4KiB physical sectors with 512-byte logical sectors.  Some of our tools,
> particularly back in the netbsd-6 days, do not deal well with
> non-DEV_BSIZE logical sectors.
>
> You should have little to no issue with internal SATA drives, as most
> of them present themselves with 512-byte logical sectors.

I now have a NetBSD-8/i386 machine with a 3TB disk:

wd1 at atabus1 drive 0
wd1: 
wd1: drive supports 16-sector PIO transfers, LBA48 addressing
wd1: 2794 GB, 5814021 cyl, 16 head, 63 sec, 512 bytes/sect x 5860533168 sectors
wd1: drive supports PIO mode 4, DMA mode 2, Ultra-DMA mode 6 (Ultra/133)
wd1(ahcisata0:1:0): using PIO mode 4, DMA mode 2, Ultra-DMA mode 6
(Ultra/133) (using DMA)

When I try to use fdisk to create a partition, it won't let me go
higher than 2TB.

I tried just using disklabel as well, and I have the same problem.

I see a Wiki page about creating wedges but it's talking about using
ccd and raid which I don't want to do. I just want a regular 3TB disk
with 1 ffsv2 partition.

Where should I start? I'm not finding "official" documentation (in the
guide for example).

Andy

Re: NetBSD-8/i386 SMP Panic? (was: Re: Netbsd-7/i386 won't boot on new motherboard/CPU)

[Andy Ruhl]

On Thu, Nov 16, 2017 at 3:53 AM, Robert Elz  wrote:

Thanks, as always, for your detailed responses.

>   | I think this is SMP related, but I'm not sure.
>
> That might make the issue more likely to occur, but is probably not
> directly related (that is, the busier the system gets, the more likely
> the pmap issues are to happen).

Yes, the machine is nearly unusable when booting with SMP (I think). I
booted it with -1 -2 last night and it's still running this morning.
All it has done is a few cvs checkouts and updates though.

Another detail, not sure if it's related:

I have a wm network adapter and performance with it was horrible, I
was getting +4000ms pings to my gateway on a wired gigabit network. I
switched to USB3 gigabit adapter (cdce) and things are working
normally.

I am checking out -current right now and I will build a kernel and report back.

There are no PRs about this recently, I'm willing to open one for this
panic if this will help.

Andy

NetBSD-8/i386 SMP Panic? (was: Re: Netbsd-7/i386 won't boot on new motherboard/CPU)

[Andy Ruhl]

Thanks for all of the responses!

On Wed, Nov 15, 2017 at 8:52 AM, Robert Elz  wrote:
>   | I rebooted and confirmed that it works (other than complaints about
>   | the disks which don't exist). ACPI appears to be working.
>
> NetBSD- (Beta) will have a newer ACPI in it than your old -7 kernel.

I'm actually using netbsd-8 from the 201711131530Z directory on nyftp.
I downloaded the install kernel from there and then did a full install
from the ftp site.

I tried booting with and without -2 and I'm not sure if it affects the
new problem I'm having.

>
>   | So now it hangs here:
>   | http://acruhl.freeshell.org/netbsd_wont_boot2.jpg
>   |
>   | (last message is kern.module.path=/stand/i386/8.0/modules)
>
> That's the last of the normal kernel printfs during boot, at that point,
> init should be running, and running /etc/rc
>
> If I had to guess, I'd say that your /dev/console isn't correct, as the
> next messages should be appearing there.   Check what's there (using the
> method you used to install to get your real root filesystem mounted and
> visible.)

I booted the install kernel and mounted the root disk and did sh
MAKEDEV all in /mnt/dev and it seems to have got me past that point.

Now I see "white" boot messages, but it sometimes hangs in fsck,
probably on /dev/rwd0e which is /usr. This happens if I use the
generic kernel I just installed or with the install kernel and do fsck
manually on /dev/wd0e.

Here's the hokey part. Sometimes ctrl-c hangs. Sometimes it dumps me
back to a prompt. Sometimes it panics.

If I boot with "boot -1 -2" it seems to solve the hangs during fsck,
but I'm not 100% sure about that.

I took photos of the panic at:

http://acruhl.freeshell.org/netbsd-i386-8-panic1.jpg
http://acruhl.freeshell.org/netbsd-i386-8-panic2.jpg

I think this is SMP related, but I'm not sure.

I got 2 panics that looked pretty similar to this when I did ctrl-c
during fsck which seemed to hang.

Andy

Re: Netbsd-7/i386 won't boot on new motherboard/CPU

[Andy Ruhl]

On Wed, Nov 15, 2017 at 6:35 AM, Robert Elz <k...@munnari.oz.au> wrote:
> Date:Wed, 15 Nov 2017 06:03:40 -0700
> From:    Andy Ruhl <acr...@gmail.com>
> Message-ID:  
> <cajcb3frzcp42hfag7jhvf1evlkic4+k6hmjd2jlpqwtt0se...@mail.gmail.com>
>
>   | I can't seem to make this motherboard's BIOS disable ACPI.
>
> The intent was to disable it in NetBSD via the boot prompt - but that
> is only possible if your boot.cfg (on the netbsd-7 root) was set up to
> give the menu and wait a few seconds for you to interrupt.
>
> If you don't have a menu entry for booting with ACPI disabled, you should
> still be able to boot manually from the boot prompt, just give
> netbsd the "-2" option.

Ok, I sort of got past that but it might still be an issue.

This is what I've done so far:

Booted the Netbsd-8 installer, used the /bin/sh prompt to mount the
internal disk and configure a USB network interface.

I put an install kernel in the root of the boot disk and rebooted.
Interruped the bootloader and booted the install kernel.

Before the reboot I unplugged all disks except the root disk, which is
partitioned "old style" with separate partitions for /, /usr, /tmp,
and /var

The installer complained about the disks it couldn't find but
eventually I upgraded to netbsd-8.

I rebooted and confirmed that it works (other than complaints about
the disks which don't exist). ACPI appears to be working.

So now it hangs here:

http://acruhl.freeshell.org/netbsd_wont_boot2.jpg

(last message is kern.module.path=/stand/i386/8.0/modules)

I don't know what's happening at this point.

Andy

(P.S. - For people new to NetBSD, disregard all of this. These are all
"old man" problems. Don't be discouraged by this nonsense! Just use
amd64 like normal people.)

Re: Netbsd-7/i386 won't boot on new motherboard/CPU

[Andy Ruhl]

On Wed, Nov 15, 2017 at 2:00 AM, Benny Siegert  wrote:
>> The kernel boots just past the first acpi message and then just sits
>> there "forever" (minutes is all I've waited).
>
> Try disabling ACPI. There is probably an option in the bootloader menu
> to do that.

I got a few private responses, thanks for that.

Some more notes:

I can't seem to make this motherboard's BIOS disable ACPI.

>From here I have sort of "chicken and egg" problems.

I wrote a i386/8.0 installer to a USB stick and it boots past the
kernel (so no ACPI issues), but it wants me to tell it what root disk
to use. I thought it would want to use the USB stick as the root. It
only allows me to give it "wd0a", which has a netbsd-7 userland and no
modules, so it just dumps me to a sh prompt.

Found out I need to tell the USB stick's bootloader to disable ACPI
and use no SMP (not sure about SMP though), then it boots semi
properly.

>From the /bin/sh I can't do "anything" though. I plugged in another
USB stick with an 8.0 install kernel, but I can't figure out how to
mount it. mount -t msdos /dev/sd1{a,d,e} /mnt doesn't work (Invalid
argument for sd1d, others don't exist). Also, ifconfig only shows lo0,
so no network adapter. I'll try putting another one in.

I guess I could try netbooting using PXE from the BIOS. Was hoping it
would be easier to get to 8.0 than that though.

Still working on it.

Andy

Netbsd-7/i386 won't boot on new motherboard/CPU

[Andy Ruhl]

I hastily bought a new motherboard, cpu, and memory combo because my
old machine wouldn't boot up anymore.

This is an i386 machine that has existed since somewhere in the 1.4.x
days. It's still i386.

It's an MSI Intel motherboard with a Celeron 3930 CPU.

Anyway, I tried a bunch of bios options, nothing made a difference. I
tried searching a little bit but didn't find much.

The kernel boots just past the first acpi message and then just sits
there "forever" (minutes is all I've waited).

I took a picture of it here:

http://acruhl.freeshell.org/netbsd_wont_boot.jpg

Any help or abuse for not finding the right RTFM would be appreciated.

Andy

Using a 4TB SATA disk with i386?

[Andy Ruhl]

Hello all,

I have a NetBSD 6.1 i386 system I need to modernize.

I tried plugging in a 4TB USB disk a while back and found "it doesn't
work" without doing something extra. What exactly that is, I'm not
sure yet.

It's time to replace my SATA disks because they are pretty old, but
it's not clear to me how to make a 4TB disk work. I have been reading
various stuff, including man pages and mail list archives, but I'm
surprised there's no clear instructions in the guide.

Did I miss something?

My plan is to install new disks and then at some point upgrade the
rest of the hardware (motherboard, memory, etc), and migrate to a more
current amd64 level.

Thanks.

Andy

Re: vioif(4) ipv6 issues?

[Andy Ruhl]

On Mon, Sep 18, 2017 at 8:36 PM, Jeff Rizzo  wrote:
>
> No;  can't ping the gateway.  The packets (near as I can tell) don't appear
> to be leaving the host; I *think* I've got it set up OK, but unlike my other
> setups, I don't have a convenient host on the same LAN to check.  :)
>
> So, no- DNS lookups not happening either.   I've probably just missed
> something obvious, though it *seems* to be set up like the others.

I haven't actually done that much IPv6 stuff on NetBSD, I'm mostly
doing it on network equipment so I can only give generic advice.

Check the routing table.

Check ifconfig  to see if there is an address on there you are
expecting.

How are you setting it up? SLAAC? If so, wireshark it looking for
router advertisements, ensure they are coming from where you expect.
It's possible you're getting autoconfig information from a bogus
router.

If it's DHCPv6 or static, look for the normal problems.

Just the normal stuff. Maybe you already know this.

Sounds like it could be a real bug in the virtual adapter though.

Andy

Re: vioif(4) ipv6 issues?

[Andy Ruhl]

On Sun, Sep 17, 2017 at 11:54 AM, Jeff Rizzo  wrote:
> I just noticed that a host of mine running as a Xen guest is not getting (or
> maybe just sending) ipv6 packets correctly.  It's running pretty much the
> same as some physical hosts, and the only difference I can see is the Xen
> (and vioif) aspect.
>
>
> This is under 7.1, but it was exhibiting the same behavior under 7.0.  It's
> *possible* the provider of the Xen guest is causing the issue, but as far as
> I can tell, packets are routed to me correctly.  (In fact, I can see
> incoming pings from an outside host, using tcpdump).  One other bit of info:
> from the problem host, when I traceroute6 to an outside host, I get this:
>
>
> foo1:riz  ~> traceroute6 -n www.netbsd.org
> traceroute6 to www.netbsd.org (2001:470:a085:999::80) from
> :XXX:2:790::5da6, 64 hops max, 12 byte packets
>  1  * :XXX:2:790::5da6  3001.66 ms !H  3001.53 ms !H
> foo1:riz  ~>

There's not a lot to go on here, but this might suggest that outbound
routing is messed up.

How are IPv6 dns lookups being done? If it's using an IPv6 DNS server
then something is working...

Can you ping your IPv6 gateway?

Andy

Re: VPN - almost got it

[Andy Ruhl]

On Wed, Sep 13, 2017 at 8:59 AM, D'Arcy Cain  wrote:
> ifconfig tun0 create
> ifconfig tun0 10.0.0.1 10.0.0.2 netmask 0xfffc
> route add 10.0.0.2/32 10.0.0.1 # should this be necessary?
> route add 192.168.215.0/24 10.0.0.2
>
> On the internal machine I do this:
>
> ifconfig tun0 create
> ifconfig tun0 10.0.0.2 10.0.0.1 netmask 0xfffc
> route add 10.0.0.1/32 10.0.0.2 # should this be necessary?
> route add 192.168.0.0/24 10.0.0.1
> /usr/bin/ssh -f -w 0:0 queen.vex.net true

Those static routes shouldn't be necessary, the 2 tun interfaces are
in the same subnet so no routing is needed.

Sorry, can't help with the rest, I haven't done this in NetBSD.

Andy

Re: dhcpcd and multiple IPv6 gateways on one interface

[Andy Ruhl]

On Tue, Sep 12, 2017 at 10:37 AM, Roy Bixler  wrote:
> I'm pretty sure that our network does not use Cisco as the router.  I
> think that the admin. uses some kind of a Linux distribution which he
> then sets up with an OSPF daemon and so forth.

I'll say it another way: Once you put an IPv6 address onto some
devices, Cisco in particular, they "just decide" to become a router
and do router advertisements. This is probably the case on your
network.

> Fair enough.  I've tried to do a little research myself and my
> understanding of Linux is that it sets up the multiple IPv6 default
> routes on the same interface when it gets advertisements from
> different routers which have the same preference.  Some folks may say
> that's not recommended, but I could see using it if load balancing is
> a consideration.  Otherwise, I would think it would be unnecessary.
> Why not just set one router to have a higher preference?  Then I'd
> imagine failover would occur if that router went down.  My only
> experience with setting up a network is with a small SOHO LAN, so I
> may easily be missing something.
>
> The routing table looks like this:
>
> % ip -f inet6 r
> 
> fe80::/64 dev br0  proto kernel  metric 256
> default via fe80::nnn:::2e47 dev br0  proto ra  metric 1024 expires 
> 1783sec hoplimit 64
> default via fe80::nnn:::2d5b dev br0  proto ra  metric 1024 expires 
> 1783sec hoplimit 64
> default via fe80::nnn:::2df3 dev br0  proto ra  metric 1024 expires 
> 1783sec hoplimit 64
>
> So there are 3 default IPv6 routes on the same interface.

So really, you have 2 issues here:

1. Who is sending out router advertisements? You can probably find
that out easily enough since the MAC is embedded in these link local
addresses. Might want to find out if those machines should be doing
that. Probably not.

2. How does a machine properly handle this situation? Linux seems to
just put in equal cost routes for all of them, so either they are load
balancing or they have some other selection criteria. Based on the
behavior of machines doing router advertisements, I would hope that
reachability is being done somehow, but maybe this is wishful
thinking. (Again, unresearched.)

Andy

Re: dhcpcd and multiple IPv6 gateways on one interface

[Andy Ruhl]

On Tue, Sep 12, 2017 at 9:28 AM, Roy Bixler  wrote:
> Update: something changed on the network and I'm not getting the
> syslog spam anymore.  The only evidence of the change I have is an
> "arp info overwritten" message for the IPv4 default router.  So, I
> suppose that the syslog spam might have been showing a real problem in
> the router configuration.  Whatever it was, I still see multiple
> default gateways for IPv6 in Linux, so I still have a question about
> that.
>

It is the case that certain network devices (ahh Cisco) like to "be a
router" as soon as you set up an IPv6 address on an interface. You
have to do a bunch of stuff to turn off router advertisements if you
just want an interface with an IPv6 address. This might be happening
in your network.

I'm not sure if there is a proper way for a host to handle this. Would
be interested to see what the routing table on the Linux machine looks
like. It would be interesting to know if it's trying to do
reachability for something (don't know what) and decide which one
works and put it higher in the table.

That was an unresearched response, hopefully someone else knows more.

Andy

Observations when using vm tools

[Andy Ruhl]

I've got netbsd-7/amd64 from a snapshot from a few weeks ago from
nyftp. It calls itself 7.1_STABLE.

I've installed open-vm-tools, xf86-video-vmware, and
xf86-input-vmmouse from the 7.0_2017Q2 pkgsrc packages. These tools

It's running inside VMWare Fusion on my Mac.

The mouse is working properly with X, when I have the VM in a window
and not full screen, the mouse doesn't need to be "unlocked".

However, if I resize the screen, I have to do xrandr -s XXXxYYY to
make it fit the window properly. Should it be resizing itself?

Andy

Re: Hypervisor advice

[Andy Ruhl]

On Wed, Aug 9, 2017 at 5:19 PM, Greg Troxel  wrote:
> I have been using xen, with the packages from pkgsrc, on NetBSD since
> 2005ish.  It has been totally solid.  Any semi-recent AMD or Intel
> processor will be fine.  See the xen howto for more discussion:
>
> https://wiki.netbsd.org/ports/xen/howto/

Just to be 100% clear, you're using NetBSD as the Hypervisor OS?

What virtual machines do you use? And are they Xen specific or not
aware that they are virtualized?

Andy

Hypervisor advice

[Andy Ruhl]

I've had a NetBSD/i386 machine that's been running since the late 90s
and various hardware iterations. I think it's time to move it to a
virtual machine. I need new hardware as well. It has about a 10 year
old AMD processor and 1 gig of memory. This is plenty, but the
hardware is getting unreliable.

I need advice on hypervisors and if it requires certain hardware,
hardware advice as well.

bhyve appeals to me for obvious reasons but I've never used it. I use
KVM and VMWare at work. Also VMWare Fusion on my Mac. Would prefer not
to pay too much if I need to pay for something. Never tried Xen but I
see posts about it here once in a while.

I plan on running other stuff on the hypervisor, probably OpenBSD.
Possibly something else as well, maybe a NAS or something.

Thoughts?

Thanks.

Andy

Re: The State of NPF?

[Andy Ruhl]

On Wed, Jul 26, 2017 at 8:19 PM, Christos Zoulas  wrote:
> Thanks for you detailed report. Yes, all these are known deficiencies.
> Some of them are easier to fix than others. We need to find someone to
> work on them. I've saved a copy of your message and I hope to find the
> time to open some PR's based on it so at least they don't get lost.

What happened to rmind? Did I miss something?

Andy

Re: creating a netbsd router

[Andy Ruhl]

Yes, it's possible. I did it with a raspberry pi for a short time.

As others have stated, bonding and bridging are 2 separate things...
Hopefully you know which one you want. Bridge is like creating a
switch out of some ports (like the LAN ports of a home router),
bonding (agr) is for attaching multiple interfaces to a switch
(aggregation of links between devices). And the switch needs to be
configured for it as well.

Follow the instructions to set up the kernel to forward packets:
http://www.netbsd.org/docs/guide/en/chap-net-practice.html#chap-net-practice-ipnat

This is a bit old, you're expected to use npf these days. I tried it a
few times but I haven't given it the proper time/attention to learn
the syntax. I set up a few simple looking statements that had
unpredictable results so I gave up basically. Probably should try it
again.

My real interest in this is IPv6... One of these days...

Andy

On Fri, Jul 14, 2017 at 9:53 AM, Derrick Lobo  wrote:
> I have a device with 8 network interface,so wondering if I can set this up
> as my router/switch
>
> I would like to create eth0 as the WAN interface and the remaining eth1-6 as
> the LAN interface so that I can connect multiple switches and devices
> directly on the 7 remaining ports.. is vlan, bridging the way to go .. linux
> uses bonding and im not sure if freebsds lagg is the same thing.. Anyone can
> provide information or link on how I can achieve this.
>
> So eth0  would have a public Ip while the rest ports would have one LAN IP
> whichis basically a 192.168.0.1  ip  and Irun DHCP namedb etc on these
> interface to support my LAN.
>
> Thanks
>
> Derrick Lobo

Re: DHCPv6

[Andy Ruhl]

On Sun, Dec 25, 2016 at 9:48 AM, Jan Danielsson
 wrote:
>The ISC dhcpd documentation states that the daemon only supports IPv4
> or IPv6 (options -4 and -6 are mutually exclusive), and that to support
> both IPv4 and IPv6 simultaneously one must start two instances of the
> daemon.  IMHO it makes sense - under those boundary conditions - to have
> a /etc/rc.d/dhcpd6 and the tweaks needed to keep them both running
> alongside each other.
>
>Thoughts?

That as well as an example config in /usr/share/examples/dhcp/
possibly called dhcpd6.conf should cover it.

Seems like a good idea.

Andy

Re: A single-board computer for NetBSD

[Andy Ruhl]

On Sat, Nov 19, 2016 at 8:44 AM, Thor Lancelot Simon  wrote:
> On Sat, Nov 19, 2016 at 12:59:14PM +0100, Martin Husemann wrote:
>>
>> If you can use serial instead of VGA and don't mind running -current,
>> the ERLITE Edge Router 3 is a more or less plug & play solution (though
>> from a NetBSD POV not 100% finished and stable yet, but getting better
>> quickly).
>
> Interestingly, this particular ERLITE hardware is nearly identical to the
> control plane of several low-end models of Juniper firewalls and switches,
> for example the SRX2xx.  I keep meaning to try to boot NetBSD on one of
> those -- they are getting agreeably cheap.

I see there are a few kernel configs for MikroTik routerboards. Does
anyone know if the newer stuff works? They are MIPS. There is one that
has wifi and is about $22 before shipping. They support netbooting
using the external reset button.

Only 32 megs of memory though, but it might work for basic stuff.

Andy

Re: IPv6 routing(?)

[Andy Ruhl]

On Thu, Nov 17, 2016 at 2:57 PM, Jan Danielsson
<jan.m.daniels...@gmail.com> wrote:
> On 2016-11-17 22:36, Andy Ruhl wrote:
>>>- The router can ping6 the host1's IPv6 address.
>>
>> I'm not really sure if this is relevant, but what source IP are you
>> using when this happens? Can you force it to be the external global
>> address?
>
>Using -S of ping6?
>
>router$ ping6 -S  
>
>.. seems to work fine.
>
>I honestly don't know what -I is supposed to do, and if it's at all
> relevant, but:
>
>router$ ping6 -I re0 
>
>.. yields "ping6: sendmsg: No route to host".  (Maybe it's grabbing
> the link-local address?)

Packets going out but not coming back seems to be the key.

IPv6 likes to have ICMP enabled for path mtu discovery, might look into that.

Also wondering if there is some issue receiving traffic, like you're
firewalled? If you don't see ping replies they could be getting
dropped before you can see them. Woud be nice to confirm by sniffing
the outside interface somehow.

Seems like not a forwarding issue like you say if you can ping the
outside global address.

Andy

Re: IPv6 routing(?)

[Andy Ruhl]

On Thu, Nov 17, 2016 at 2:28 PM, Jan Danielsson
 wrote:
>- The router can ping6 the host1's IPv6 address.

I'm not really sure if this is relevant, but what source IP are you
using when this happens? Can you force it to be the external global
address?

Andy

Re: Setting up IPv6

[Andy Ruhl]

On Tue, Nov 15, 2016 at 4:36 AM, Robert Elz  wrote:
> If you have a static IPv6 addr from the ISP, you can just configure
> another subnet for the other interface, and all should be fine.

What subnet? I don't think I have enough information from the original
message to decide if this is possible. He's only getting a single IPv6
address from the ISP right?

If I understand this right - if he's doing "autohost" on the hosts,
those should be getting a /64 advertisement, but it's not clear to me
where this prefix comes from if it's a global, routable one.

I just started using IPv6 and I have to use a tunnel to get it. My
tunnel ISP gives me 2 /64 networks, one for outside and one for
inside. I don't see an "inside" network here...

Andy

Re: What is th ....

[Andy Ruhl]

On Sun, Oct 16, 2016 at 1:45 PM, William A. Mahaffey III  
wrote:
>
> ... of the FreeBSD 'adduser' command under NetBSD 6.1.5 ? Bad brain fart :-/

Those don't have to be debilitating,

locate user | grep sbin

Andy

Re: slightly OT hardware question

[Andy Ruhl]

On Thu, May 26, 2016 at 8:57 AM,   wrote:
> There's also Erlite-3 at a much lower price point.
> https://blog.netbsd.org/tnf/entry/hands_on_experience_with_edgerouter

If we're talking MIPS now (on the arm list no less), what about
something like this:

https://wiki.openwrt.org/toh/gl-inet/gl-inet_64xx

Not supported by NetBSD as far as I can tell but it would be pretty
cool if it was.

Andy

Re: slightly OT hardware question

[Andy Ruhl]

On Wed, May 25, 2016 at 8:52 AM, William A. Mahaffey III  
wrote:
>
> Does anyone onlist know of any small (RPi-ish), cheap boxen w/ 2 or more
> working RJ45 ports (100 Mbit is OK), FreeBSD or NetBSD compatible ? I would
> like to use them as a firewall & an asterisk box. I found Utilite, kinda
> pricey, also Banana-Pi R1 (5 ports, however apparently wired somewhat
> weirdly on the board, NetBSD networking doesn't work there last I heard).
> Anyone got a little beastie like this working ? TIA & have a good one.

I've had good luck with the Seagate Dockstar, but it only has 1
ethernet port. It's so cheap (used on Ebay) that you shouldn't have
trouble buying a USB adapter. Apparently FreeBSD runs on it as well. I
haven't tried.

Andy

Re: Reformatting little USB-harddisks

[Andy Ruhl]

On Tue, Mar 8, 2016 at 9:13 AM, herbert langhans  wrote:
> Hi List,
> you sure know these little external USB-harddisks, often used for laptops
> or basic backups. Like WD-Passport and Seagate Expansion and whatever
> they name them.
>
> They come FAT formatted, right? Has anyone of you tried to
> reformat them for NetBSD? I guess its not a big thing, but I wonder if I
> can buy any brand (need it for portable server backup and need GID/UID) or
> there are some models what make trouble with formatting, partitioning or
> mounting.
>
> I had some trouble with USB-Sticks. Thats another story, but close
> enough the be alert just buying any plug n play solution what may not
> work later.
>

Most of these that I've used work just fine. You end up mounting them
as /dev/sdXe and use mount_msdos. /dev/sdXe is just a made up
disklabel that the machine makes to temporarily deal with it.

Some come formatted with ExFAT now which is not compatible with
NetBSD, and might never be as far as I know.

You can wipe them and use fdisk and disklabel to turn them into "real"
NetBSD disks without any problem. There might be a few that cause
issues but most work in my experience.

Andy

Re: Simple IPSEC client with certificate - phase 1 time out

[Andy Ruhl]

On Thu, Feb 25, 2016 at 3:10 PM, Frank Wille  wrote:
> Seems I forgot IPSEC_DEBUG, so I missed important information? I tried it
> again with a 7.0 kernel and IPSEC_DEBUG on my PowerBook and the cause
> turned out to be a bad "authentication_method" in my propsal:
>
> Feb 25 22:30:08 powerbook racoon: [1.2.3.4] ERROR: notification
> NO-PROPOSAL-CHOSEN received in unencrypted informational exchange.
>
> I had to replace "hybrid_rsa_client" by "rsasig" - although I'm not
> completely sure about the difference. I have a signed certificate and don't
> want to use any username or password authentication with xauth, so "rsasig"
> is probably ok...?
>
>
> Now I reach phase 2 and it looks to me that the VPN connection is
> established for a second, but a few seconds later I get "DPD: remote seems
> to be dead". No idea at the moment.
>
> Do I have to worry about "WARNING: unable to get certificate CRL(3)" ?
>
> What does "KA" mean?

Sorry, not a lot of help here, I just felt like replying.

I've been trying to get IPSEC transport mode set up between NetBSD and
a stupid router who's name I won't mention and it's not working. I
tried it with Linux and it's not working. I tried it with another
brand of router and it's not working. I tried the same brand of router
and it works. Probably because all the names of the toggles line up or
something ridiculous like that.

It might be worth trying some other OS or device just to sanity check
it and make sure it CAN work before you assume it's a NetBSD issue.

Would be really nice if there was an IPSEC secret decoder ring for
device compatibility/setup.

Andy

Re: Replace default SSH with pkgsrc version

[Andy Ruhl]

On Tue, Dec 8, 2015 at 5:32 AM, itgee...@googlemail.com
 wrote:
> Apologies for what may be a n00b question...
>
> I familiar with using pkgsrc to build the latest and greatest OpenSSH and
> then installing it, but this obviously doesn't overwrite the existing SSH
> package that comes with the build.
>
> How can I remove the default package and instruct the system to use the one
> I've built from pkgsrc?

NetBSD, and the other BSDs (that I'm aware of) don't use a package
manager for the base software. So you aren't removing the base ssh
software (which is openssh), you're just not starting it at boot time.

Build and install openssh if you must. The new startup script will be
/usr/pkg/share/examples/rc.d/sshd. Copy the existing /etc/rc.d/sshd to
another name, then put in the new one from examples, and restart using
/etc/rc.d/sshd restart.

> I'm using NetBSD/cobalt 5.22.

Doesn't matter, all NetBSD works the same.

Andy

Re: How to allow root telnet to a NetBSD 6.1.5 box

[Andy Ruhl]

On Sun, Nov 8, 2015 at 2:23 PM, Thor Lancelot Simon  wrote:
>
> That's irresponsible.  I for one won't help you do it.  Use SSH.

Agreed.

It's amazing how telnet still exists and even proliferates when it
doesn't have to.

Probably it should be requisite to explain why telnet is being used
before asking any questions on how to use it...

A guy I worked with a while back insisted on using it because Windows
doesn't have a built in SSH client. Even after someone sniffed his
password and showed him. Unbelievable.

Andy

rc.d/rc.conf cleanup?

[Andy Ruhl]

Hello all,

I have a NetBSD system that has existed since the late 90's.

The /etc/rc.d directory has a bunch of junk that shouldn't be in
there. The rc.conf is a mess as well.

I could go through each entry and clean it up manually, but I'm
wondering if there is an automated way to do this?

Thanks.

Andy

Re: NetBSD on Intel Celeron J1900 / ASRock Q1900B-ITX

[Andy Ruhl]

On Fri, Oct 16, 2015 at 6:26 AM, Jörn Clausen  wrote:
> Hello!
>
> Maybe this is a similar problem to the one reported by Sridhar earlier
> this month, maybe it's something different...
>
> I am trying to install NetBSD 7.0 on an ASRock Q1900B Mini-ITX board,
> but installation hangs there as well. The hard disk is detected, then
> the installer waits for about a minute, then the message
>
> uhub0:device problem, disabling port 1
>
> is shown, and boot and root devices are requested. I am trying to
> install from a CD-ROM attached via USB.
>
> The board has a serial connector, but I need some assistance actually
> booting via/to the serial console, in order to provide a full boot
> message log. I do have another NetBSD machine connected via a
> USB-to-Serial cable and programs like "cu" or "miniterm" seem to
> attach to /dev/dtyU0. What are probably good connection parameters?
> What do I have to do to make the problematic machine actually write to
> the serial console?

I don't think the default kernel writes to a serial console on amd64
or i386. Looks like there might be a boot CD that uses the console
here:

ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-7.0/amd64/installation/cdrom/

I wouldn't know what the serial port setup is without digging through
the config for the kernel on that CD, but guessing 9600 8n1 like most
stuff.

I've had pretty good luck with just booting an install kernel from
some boot device. You might be able to write the CD image to a USB
stick and give that a try as well.

Andy

Re: Help! I can't boot my Windows partition any more!

[Andy Ruhl]

On Wed, Sep 30, 2015 at 3:47 PM, Ottavio Caruso
 wrote:
> Hello,
>
> I used to dual boot Windows 7 and NetBSD.
>
> This is my fdisk:
>
>
> Disk: /dev/rwd0d
> NetBSD disklabel disk geometry:
> cylinders: 155061, heads: 16, sectors/track: 63 (1008 sectors/cylinder)
> total sectors: 156301488, bytes/sector: 512
>
> BIOS disk geometry:
> cylinders: 1023, heads: 240, sectors/track: 63 (15120 sectors/cylinder)
> total sectors: 156301488
>
> Partitions aligned to 2048 sector boundaries, offset 2048
>
> Partition table:
> 0: NTFS, OS/2 HPFS, QNX2 or Advanced UNIX (sysid 7)
> start 2048, size 204800 (100 MB, Cyls 0-13/163/19)
> 1: NTFS, OS/2 HPFS, QNX2 or Advanced UNIX (sysid 7)
> start 206848, size 63375360 (30945 MB, Cyls 13/163/20-4205/41/25)
> 2: NetBSD (sysid 169)
> start 63582208, size 46360576 (22637 MB, Cyls 4205/41/26-7271/83/35), 
> Active
> 3: Primary DOS with 32 bit FAT (sysid 11)
> start 109942784, size 46358528 (22636 MB, Cyls 7271/83/36-10337/93/13)
> First active partition: 2
> Drive serial number: 4067601000 (0xf272aa68)
>
>
> and this is my disklabel:
>
> -- bash-4.3$ sudo disklabel wd0
> # /dev/rwd0d:
> type: unknown
> disk: HITACHI HTS5425
> label:
> flags:
> bytes/sector: 512
> sectors/track: 63
> tracks/cylinder: 16
> sectors/cylinder: 1008
> cylinders: 155061
> total sectors: 156301488
> rpm: 3600
> interleave: 1
> trackskew: 0
> cylinderskew: 0
> headswitch: 0   # microseconds
> track-to-track seek: 0  # microseconds
> drivedata: 0
>
> 16 partitions:
> #sizeoffset fstype [fsize bsize cpg/sgs]
>  a:  17687376  63582208 4.2BSD   2048 16384 0  # (Cyl.  63077*-  
> 80624*)
>  b:204800  2048   NTFS # (Cyl.  2*-
> 205*)
>  c:  46360576  63582208 unused  0 0# (Cyl.  63077*- 
> 109070*)
>  d: 156301488 0 unused  0 0# (Cyl.  0 - 
> 155060)
>  e:  28673200  81269584 4.2BSD   2048 16384 0  # (Cyl.  80624*- 
> 109070*)
>  f:  63375360206848   NTFS # (Cyl.205*-  
> 63077*)
>  g:  46358528 109942784  MSDOS # (Cyl. 109070*- 
> 155060*)
>
>
> I marked my NetBSD partition active with SystemRescueCD, leaving me
> the only option to boot Windows from a usb drive with syslinux.
>
> Now the usb drive is unbootable, therefore I can only access NetBSD.
>
> How can I boot from Windows without recurring to an external computer?

It's been a while since I've messed with NetBSD on a PC, so I might
not be the best guy for this.

Sounds like your primary boot loader, the mbr loader, is missing? It
should prompt you to use an F key to load whatever primary partition
you want. Is it doing that? See the man page for mbr. You can probably
write it back to the MBR inside NetBSD and get the primary bootloader
back.

Andy

Re: Dunce awk question

[Andy Ruhl]

On Fri, Sep 25, 2015 at 8:34 AM, William A. Mahaffey III  
wrote:
>
>
> I am trying to use awk & grep to fashion a command to print out HDD temps,
> along w/ some identifying info:
>
> [wam@4256EE1, ~, 10:41:29am] 418 % sudo atactl wd0 identify | grep Model
> Model: HGST HTS721010A9E630, Rev: JB0OA3J0, Serial #: JR10046P1D5UXN
> [wam@4256EE1, ~, 10:41:31am] 419 % sudo atactl wd0 identify | grep Model |
> awk '{printf $3 " "}' -
> [wam@4256EE1, ~, 10:41:32am] 420 % uname -a
> NetBSD 4256EE1.CFD.COM 6.1.5 NetBSD 6.1.5 (GENERIC) amd64
> [wam@4256EE1, ~, 10:41:34am] 421 %
>
> I am only *weakly* familiar w/ GNU awk, where the above works. What am I
> missing here, I expected the above to print out the model # of the HDD.
> Please apply the clue-bat generously :-) 

print not printf

Andy

Re: Raspberri PI 2

[Andy Ruhl]

On Sep 18, 2015 3:01 PM, "Yves Bovard"  wrote:
>
> Hello everybody!
>
> I have trouble in using pkgsrc on a Raspberri Pi 2 with Netbsd 7.0 RC2.
When I want to compile pytho34, I have the following error:
> => Bootstrap dependency digest>=20010302: NOT found
> => Verifying reinstall for ../../pkgtools/digest
> ===> Checking for vulnerabilities in digest-20121220
> ===> Installing dependencies for digest-20121220
> ===> Overriding tools for digest-20121220
> ===> Extracting for digest-20121220
> ===> Patching for digest-20121220
> ===> Creating toolchain wrappers for digest-20121220
> ===> Configuring for digest-20121220
> => Modifying GNU configure scripts to avoid --recheck
> => Replacing config-guess with pkgsrc versions
> => Replacing config-sub with pkgsrc versions
> => Replacing install-sh with pkgsrc version
> configure: error: cannot find sources (digest.c) in . or ..
> *** Error code 1
>
> Stop.
> make[2]: stopped in /usr/pkgsrc/pkgtools/digest
> *** Error code 1
>
> Stop.
> make[1]: stopped in /usr/pkgsrc/pkgtools/digest
> *** Error code 1
>
> Stop.
> make: stopped in /usr/pkgsrc/lang/python34
>
> I just finished the installation, ran
>
> cvs -q -z2 -d anon...@anoncvs.netbsd.org:/cvsroot checkout -P pkgsrc
>
>
>
> And right after I tried to install python34 which ended with the previous
error
>
> What am I missing?
>
> Yves Bovard

Well, you're synching current so there could be issues. Did you try a
stable branch?

Andy

Re: leap second success

[Andy Ruhl]

On Jun 30, 2015 5:25 PM, Greg Troxel g...@ir.bbn.com wrote:


 All my NetBSD systems correctly handled the leap second, and are now
 showing leap indicator 01.  analog xclock nicely held the second hand at
 59 for 2s and ticked to 0 in time with the beep on WWV (US national time
 standard broadcast on HF).  macs, on the other hand, do not seem to be
 doing so well.

 Most of the world seems to have done well; I see only one pool peer
 that's off 1s now.

Darn, I was watching my Mac. Should have watched NetBSD!

Andy

NPF question

[Andy Ruhl]

I've been using pf for a long time, and I'm trying to convert to npf.

During testing (netbsd-7 from nyftp this month, vm on VMWare Fusion), I
found something that looks like a problem but I'm not sure. I'm using a
very stripped down version of the soho example config file in
/usr/share/examples/npf:

# $NetBSD: soho_gw-npf.conf,v 1.6 2014/02/08 01:32:19 rmind Exp $
#
# SOHO border
#
# This is a natting border gateway/webserver/mailserver/nameserver
# IPv4 only
#

$ext_if = wm0
$ext_v4 = inet4(wm0)
$ext_addrs = { inet4(wm0), inet6(wm0) }

$services_tcp = { http, https, smtp, domain, 6000, 9022 }
$services_udp = { domain, ntp, 6000 }
$localnet = { 192.168.224.0/24 }

procedure log {
log: npflog0
}

group external on $ext_if {
pass stateful out final all
block in final from 0.0.0.0/0
pass stateful in from any
}

group default {
pass final on lo0 all
block all
}

It's the line block in final from 0.0.0.0/0 that seems to be the problem.
I get this:

virtualnetbsd# /etc/rc.d/npf restart
Disabling NPF.
Enabling NPF.
npfctl: npfctl_config_send: Input/output error

If I change 0.0.0.0/0 to 192.168.224.0/24 or $localnet or some ip or
network and restart npf it works as expected (it blocks me from trying to
ssh in from the host if the rule matches, or not if the rule doesn't match).

Why is 0.0.0.0/0 invalid?

Andy

Bridge device on netbsd-6

[Andy Ruhl]

I've got a fairly recent build of netbsd6 from nyftp running on an i386
server.

I had a single wm0 interface, but I added a 4 port wm interface, so wm0
became wm4. This is fine.

However, I decided to bridge all of the wm interfaces together and I'm
getting strange results. Not all interfaces are forwarding.

They look like this:

$ brconfig -a
bridge0: flags=41UP,RUNNING
Configuration:
priority 32768 hellotime 2 fwddelay 15 maxage 20
ipfilter disabled flags 0x0
Interfaces:
wm4 flags=7LEARNING,DISCOVER,STP
port 5 priority 128 path cost 55 forwarding
wm3 flags=7LEARNING,DISCOVER,STP
port 4 priority 128 path cost 55 forwarding
wm2 flags=7LEARNING,DISCOVER,STP
port 3 priority 128 path cost 55 disabled
wm1 flags=7LEARNING,DISCOVER,STP
port 2 priority 128 path cost 55 disabled
wm0 flags=7LEARNING,DISCOVER,STP
port 1 priority 128 path cost 55 disabled
Address cache (max cache: 100, timeout: 1200):
00:26:5a:f7:87:56 wm4 282 flags=0
00:11:32:04:be:0b wm3 7 flags=0

I don't necessarily need STP. One of the disabled interfaces in this case
is plugged into a regular port, it's on a NAS, but it's not working. The
connection to a wifi access point is working.

If I change which interface gets the IP address (from wm4 to wm3 or wm2 for
example), the behavior of the bridge can change. Ports that weren't
forwarding are now forwarding for example. In one case, I got them all
working by moving the IP around a few times and using /etc/rc.d/network to
restart everything.

I don't know why it was working. Now it isn't anymore.

Is the bridge device known to be broken?

Andy

NetBSD on wifi router?

[Andy Ruhl]

Hello all,

I'm looking for a wifi router that supports NetBSD I would prefer some
commonly available hardware that I could install NetBSD onto, and hopefully
support the internal wifi adapter.

Does this exist?

I see there is something called wifiBSD but I'm not sure about it's status.

Thanks!

Andy

Re: NetBSD on wifi router?

[Andy Ruhl]

Yeah. I've got some hardware that should work, Raspberry Pi, Seagate
Dockstar, etc. The problem I ran into was that bridging my USB wifi adapter
to the internal interface was very flaky. It was dropping some frames and
passing others. A kind soul gave me a patch to run tcpdump on the bridge
interface to see what was happening but I put it on the back burner and
never followed up.

It just occurred to me that I never tested this on other platforms, it
could be broken on all platforms... I should test that...

I suppose I should just do my own research and look for what hardware these
newer wifi routers have in them and see if it intersects with supported
NetBSD stuff.

Andy

Re: NPF syntax

[Andy Ruhl]

On Mon, Mar 16, 2015 at 6:52 AM, D'Arcy J.M. Cain da...@netbsd.org wrote:

 I have decided to give up on pf after banging my head against the wall
 (and the OBSD mailing list) and try npf but I can't figure out the
 syntax.  I followed the example at http://www.netbsd.org/~rmind/npf/
 but I keep getting errors when I validate.  I reduced npf.conf to the
 following two lines:

 table friends type tree file /VEX/general/pf/friends.list
 table enemies type tree file /VEX/general/pf/enemies.list

 This gives me this error:

 # npfctl validate
 npfctl: table '0' is already defined

 If I remove one line I get this:

 # npfctl validate
 table 0 type tree

 If I put the full file and comment out the table lines I get this:

 # npfctl validate
 /etc/npf.conf:11:3: syntax error near 'alg'

 I am using the example config almost verbatim except for the table
 names and file paths.

 What am I missing here?


No help unfortunately, Im just here to say I'm having similar issues. I've
seen the npfctl error as well.

I had some other problems so I decided to see if I could start by blocking
all traffic. I'm trying to get a very simple rule to work:

block in final from 0.0.0.0/0

And it doesn't. Obviously I'm missing something very fundamental and I
haven't found it in the documentation yet. Maybe I have to use a table?

Frustrating.

Andy

Re: NetBSD for the dekstop

[Andy Ruhl]

On Tue, Feb 17, 2015 at 5:29 AM, Stephan stephan...@googlemail.com wrote:

 Hi!

 Is there anyone still interested in bringing NetBSD to the desktop?


It's already there, but I think I get your point.

My lightweight desktop OS of choice on older hardware is grudgingly
Lubuntu. I'm not a fan of Linux, but in this case it's pretty snappy and
apt-get works well. I install this on a USB stick and carry it around with
me.

If someone could build a live CD or light install that resembled Lubuntu
and had pkgin setup out of the box, I would be happy.

My #1 concern for newer users is easy connectivity with wifi. I haven't
seen a nice gui for wifi connectivity lately. If it exists, I need to check
it out...

Andy

Re: Using CARP with dhcpd?

[Andy Ruhl]

On Mon, Jan 26, 2015 at 2:58 AM, Christoph Kaegi k...@msw.ch wrote:


 If you distribute static IP configurations only: I wouldn't bother
 with failover. Let both of the DHCP servers make their offers. The client
 will choose one and ignore the other.


I thought about that but I'd like to find a suitable failover method even
if it's only for the exercise of doing it.

Andy

Re: Realtek RTL8723BE Wireless LAN 802.11n PCI-NIC #4 netbsd

[Andy Ruhl]

On Sat, Jan 24, 2015 at 10:43 PM, Berndt Josef Wulf w...@ping.net.au
wrote:

 G'day,

 Does NetBSD support above wireless card? It shows up as:

 pci2 at ppb1 bus 2
 pci2: i/o space, memory space enabled, rd/line, wr/inv ok
 vendor 0x10ec product 0xb723 (miscellaneous network) at pci2 dev 0
 function 0 not configured

 but the wireless device doesn't get configured?

 Its a wireless device supplied with the Gigabyte Brix mini PC's and
 whilst everything appears to be running fine, wireless doesn't get
 configured.


Doesn't appear so.

Andy

Using CARP with dhcpd?

[Andy Ruhl]

I'm trying to find evidence that carp can work with dhcpd. All of the
examples I have read are for ip level services, not layer 2.

The ISC dhcpd has it's own failover method, which might be what I should
use, but it would be nice if it it could work with carp.

It's not clear to me how carp disables the inactive interface on the
secondary machine. If it can still respond to layer 2 requests, this might
not work.

I realize that a simple test could be done to see if dhcp would still
listen and send ethernet frames on the carpX device on both sides, but it
would take some time to get to that point, and I haven't bought the second
carp device yet.

I'm using a static setup inside my dhcpd.conf (hardware ethernet and
fixed-address) so leases are not an issue (although dhcpd seems to be
able to deal with a lost lease file).

Another option could be to write a script to determine which machine is the
active carp one and then disable dhcpd if it isn't, but that's kinda messy.

Additionally, I'm still using pf and most examples are for carp and pf. It
would be nice to hear if someone was using it with npf. I need to switch to
npf apparently.

Thanks.

Andy