Re: Trying to move my httpd chroot
On Mar 16 20:58:59, alan01...@gmail.com wrote: > I don't have enough room in / to have my htdocs there so I want to > move it to /usr/htdocs. This is in 5.7. No problem I thought, I've > had to do it before. So my /etc/httpd.conf looks like this: > > chroot "/usr/htdocs" Why din't you use he standard /var/www? > And I get logging into /usr/htdocs/logs but httpd doesn''t seem to > find files in /usr/htdocs. What is your "root" directive for the server? Remember, it's relative to the chroot. > I get a 404 error that says OpenBSD httpd > in it but it can't find even index.html which does exist. I've played > with htdocs vs htdocs/. If I comment out the chroot line it finds > files in /var/www/htdocs. My /usr is in a different MBR partition > (actually an exended one) with 129 gigs free. You might be better off having /usr hold your /usr, and have a biug separate /var/www for your web content. Then you can leave httpd chroot the default. > Anybody tried to move their htdocs? I didn't find anything by > searching. I wouldn't want to write something and put it out there > for everybody to beat on. I did read the PDF and man pages. > > Also I found that if I set httpd_flags to "-d -v" in > /etc/rc.conf.local then booting the machine seems to hang there. Without -d, the httpd deamonizes into the background, and the boot goes on. With -d, it stays running in the foreground; only after you kill it, the boot will go on. Jan
Re: ntop on openbsd
Stuart Henderson writes: > On 2016-03-15, Indunil Jayasooriya wrote: >> Hi, >> >> i installed ntop by going to /usr/ports/net/ntop/ (then, make , make >> install) >> >> How to run it on web mode? > > This isn't the ntop you think it is, it's a super-old one which should > probably just be removed. Actually we have already removed it: http://marc.info/?l=openbsd-ports-cvs&m=142961757031312&w=2 -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
Re: Kernel panic while fiddling with route add/delete
On 20/03/16(Sun) 03:59, DarkSoul wrote: > Hello list, > > I was testing out a beta IPv6 service over PPPoE that our ISP is > developping, > and playing around with kernel PPPoE. > > My configuration is as follows : > - pppoe0 for IPv4 internet > - gif0 for IPv6 internet (Hurricane Electric tunnel) > - pppoe1 for test IPv6 internet (and only IPv6) > > It was kind of tricky since I played with route add/delete in succession, > along with destroying and rebuilding the interface (with /etc/netstart) > in order to find out what configuration could work : > - automatic ? > - static ? (By giving my own alias definition) > > I was also testing what IPv6 routes would work as a default route : > route add -inet6 default -ifp pppoe1 > With ADDR being fe80:: or ff02::1%pppoe1, and such. > (Some site even suggested ::0.0.0.1 but I think there is no way this > could work since this translates to ::1 ultimately) > > I also tested adding dummy IPv4 configuration lines like : > inet 0.0.0.0 255.255.255.255 NONE > dest 0.0.0.1 > > At one point, when trying out the above, "sh /etc/netstart pppoe1" just > hanged on me, > and upon rebooting, dmesg contained the following : > panic: kernel diagnostic assertion "(t->rn_flags & RNF_ROOT) == 0" > failed: file "../../../../net/radix.c", line 294 > > Since I was caught off-guard, I had no serial console lined up to catch > the full trace. > I'm just posting this in hopes this rings a bell to anyone. > > Sorry for not having more info, > I will try to reproduce it and post further findings. Which version of OpenBSD are you running? Could you at least post a dmesg?
vi core dump
I wasn't sure if this bug was major enough to warrant a sendbug. Seems like a minor error handling issue. If you start vi and issue the following command: :e +file then vi will end up trying a bad memcpy and aborting. Given that this command is silly I'd expect an error message or just a silent ignore. The command as given was intended to open a file named "+file". I should have typed ":e ./+file" since +cmds proceed the filename argument in an :edit command. I believe what ended up happening is that I told vi to open an unnamed file followed by executing the Ex command to open a file but without passing it the required filename. Despite it being a silly thing to type I feel like it probably shouldn't cause vi to core dump. But it is pretty minor so posting here. Michael
reference ipsec.conf in ipsec.4 under SEE ALSO?
I think it make sense for ipsec.4 to reference it's own configuration file under SEE ALSO. Index: ipsec.4 === RCS file: /cvs/src/share/man/man4/ipsec.4,v retrieving revision 1.83 diff -u -p -r1.83 ipsec.4 --- ipsec.4 16 Feb 2015 16:38:54 - 1.83 +++ ipsec.4 18 Mar 2016 20:51:05 - @@ -378,6 +378,7 @@ allocations). .\".Xr ipcomp 4 , .Xr options 4 , .Xr iked 8 , +.Xr ipsec.conf 5 , .Xr ipsecctl 8 , .Xr isakmpd 8 , .Xr sysctl 8
Re: Ruby 1.9.3 package on OpenBSD 5.9 (snapshots) missing
On Fri, Mar 18, 2016 at 10:49 AM, ML mail wrote: > Thanks for the info. I have now started to compile Ruby 1.9.3 on OpenBSD > 5.9 but face the following errors: > Check the port out of the CVS Attic, and try to built it via the ports system (it may need a few patches). Ruby 1.8.7 is still needed by other packages in the ports tree, which is why it is still in ports. Ruby 1.9.3 is not used by anything else in the ports tree, so it was removed after Ruby 2.0 was EOL. Thanks, Jeremy
Re: Highest Speed Network Packet Generator?
On 2015-12-26 19:23, Stuart Henderson wrote: On 2015-12-26, Mohammad BadieZadegan wrote: Hi everybody, I need a network packet generator that generates Network Packets with the HIGHEST Speed! Before I migrate to OpenBSD I used PKTGEN on Linux to generate this with the highest speed level. At this state I need one tools BUT on the OpenBSD. There's tcpbench (in base; does udp as well as tcp) or netblast (part of the netrate package). I don't think you will get anywhere near pktgen speeds though. Is that netmap (http://info.iet.unipi.it/~luigi/netmap/) useful in OpenBSD? No. Stuart, what's your motivation for thinking so? - NetMap is a zero-copying high-performance ethernet frame IO API that works via select() and ioctl on an FD and a linked list of memory buffers. Perhaps there are some X11-style weaknesses in the security model, but, at least as an optional feature in an OS, what do you see that is not perfect or reasonable about it (in particular in OpenBSD's current absence of someting to fill the same function)?
Re: Highest Speed Network Packet Generator?
Tinker writes: > On 2015-12-26 19:23, Stuart Henderson wrote: >> On 2015-12-26, Mohammad BadieZadegan wrote: >>> Hi everybody, >>> I need a network packet generator that generates Network Packets with >>> the >>> HIGHEST Speed! >>> Before I migrate to OpenBSD I used PKTGEN on Linux to generate this >>> with >>> the highest speed level. >>> At this state I need one tools BUT on the OpenBSD. >> >> There's tcpbench (in base; does udp as well as tcp) or netblast (part >> of >> the netrate package). I don't think you will get anywhere near pktgen >> speeds >> though. >> >>> Is that netmap (http://info.iet.unipi.it/~luigi/netmap/) useful in >>> OpenBSD? >> >> No. > > Stuart, what's your motivation for thinking so? - > > NetMap is a zero-copying high-performance ethernet frame IO API that > works via select() and ioctl on an FD and a linked list of memory > buffers. > > > Perhaps there are some X11-style weaknesses in the security model, but, > at least as an optional feature in an OS, what do you see that is not > perfect or reasonable about it (in particular in OpenBSD's current > absence of someting to fill the same function)? It has already been discussed before on this mailing-list. Please read the archives. http://marc.info/?l=openbsd-misc&s=netmap -- jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
Re: Highest Speed Network Packet Generator?
On 2016-03-21 01:26, Jeremie Courreges-Anglas wrote: Is that netmap (http://info.iet.unipi.it/~luigi/netmap/) useful in OpenBSD? No. Stuart, what's your motivation for thinking so? - NetMap is a zero-copying high-performance ethernet frame IO API that works via select() and ioctl on an FD and a linked list of memory buffers. Perhaps there are some X11-style weaknesses in the security model, but, at least as an optional feature in an OS, what do you see that is not perfect or reasonable about it (in particular in OpenBSD's current absence of someting to fill the same function)? It has already been discussed before on this mailing-list. Please read the archives. http://marc.info/?l=openbsd-misc&s=netmap I saw those posts back then but did not feel so convinced 'against' (though I agree TCP stack reimplementation in userland would be useless) - What about the usecases software-implemented networking switch or networking bridge, with or without filtering or transformation features? And what about the usecase of using the ethernet cable as a high-speed serial cable?
New, compatible laptops with warranty?
I know this topic has been hashed out a few times, but since it's a moving target, I need to ask again. My trusty Thinkpad X201t has finally been consigned to the parts bin[1]. I'm now looking for recommendations for a new or recent laptop that is *known* to work well with OpenBSD. ThinkPads or Dell Latitudes preferred. No larger than 15", preferably 14"-class. (The X201 was 12"-class!) Shoulds/wants: - Should have a "real" (not just USB) docking station. - Should be available with at least a 3-year on-site warranty. - Should be rugged enough to last ~5 years (including warranty service). - I'm willing to go with off-lease/refurb if I get find it from a highly-reputable source that will offer at least a 1yr replacement warranty. Suggestions/recommendations? Please feel free to reply *OFF-LIST*, particularly if you feel this has already been discussed recently enough that you need to flame me for it. Thanks, -Adam [1] The damage it suffered coming back from BSDCan 2015 has finally proved too much for me to repair. Since I bought it new, and I've used the more-expensive-than-the-laptop warranty to have the entire thing rebuilt at least twice in the last 6 years, it doesn't really owe me anything. So I'm not devastated, but still not looking forward to buying a new desktop-replacement-class laptop. P.S. If any of you need ThinkPad X2xx-generation parts, feel free to let me know :-( -- -Adam Thompson athom...@athompso.net
Relayd TLS client mode CA verification
Hello, OpenBSD current amd64 march 16 snapshot. I am using relayd as client for encrypted https connections. I would like to make relayd verification of CA. Now I have without verification: web browser encrypted stream -> 1 relayd in server mode -> unencrypted stream -> privoxy and divert using pf -> 2 relayd in client mode -> change destination port using pf -> Internet And it works! I only need to force verification of CA for certificates on 2 relayd, because as far as I understand relayd does not do this by default. Problem is that if I add: tls ca file "/etc/ssl/cert.pem" to http protocol, web browser is not able to reach TLS website. W.B. does not show error, but loads and loads and loads web page, but is not showing webpage.
FAQ broken links
Hi, I've noticed there are a lot of broken links in the FAQ. Some point to questions that have been removed, some to external resources that have disappeared. The diff below lists the ones that I've found. (The diff is not good enough to apply as-is, it's only intended to point out the location of the links.) Regards, Peter De Wachter Index: faq1.html === RCS file: /cvs/www/faq/faq1.html,v retrieving revision 1.166 diff -u -r1.166 faq1.html --- faq1.html 14 Mar 2016 20:51:53 - 1.166 +++ faq1.html 20 Mar 2016 17:23:40 - @@ -124,7 +124,7 @@ in source form at no charge. OpenBSD integrates cutting-edge security technology suitable for building firewalls and - private network services in a + private network services in a distributed environment. OpenBSD benefits from strong ongoing development in many areas, offering opportunities to work with emerging technologies with an @@ -134,7 +134,7 @@ For the vast majority of users, OpenBSD "Just Works" on their hardware for their application. Not only is tweaking and customizing rarely needed, it is actively - discouraged. + discouraged. Index: faq4.html === RCS file: /cvs/www/faq/faq4.html,v retrieving revision 1.387 diff -u -r1.387 faq4.html --- faq4.html 14 Mar 2016 09:08:04 - 1.387 +++ faq4.html 20 Mar 2016 17:23:42 - @@ -1929,7 +1929,6 @@ after system crashes, so it is suggested that the swap space (if set up at all) be bigger than the largest amount of RAM you are likely to ever install on the machine. -Read more about this in FAQ 14, Swap. /tmp: This is a world-writeable directory used for (as the name implies!) @@ -2505,8 +2504,7 @@ bootable. On some rare occasions, something may go wrong with the second -stage boot loader install. Reinstalling the second stage boot -loader is discussed here. +stage boot loader install. 4.13.3 - My (older, slower) machine booted, but hung at the @@ -2532,7 +2530,7 @@ After all, if someone were to make a "rogue" installXX.iso file, they would almost certainly change the installer to say everything verified successfully. -Thus, you must verify your installer +Thus, you must verify your installer downloads separately. 4.13.5 - My fdisk partition table is trashed or blank! @@ -2762,7 +2760,7 @@ disklabel, and http://www.openbsd.org/cgi-bin/man.cgi?query=restore";>restore the desired configuration from tape or other media, and install the -boot blocks. +http://www.openbsd.org/cgi-bin/man.cgi?query=installboot";>boot blocks. Disk imaging Index: faq5.html === RCS file: /cvs/www/faq/faq5.html,v retrieving revision 1.230 diff -u -r1.230 faq5.html --- faq5.html 25 Feb 2016 00:15:41 - 1.230 +++ faq5.html 20 Mar 2016 17:23:42 - @@ -894,8 +894,7 @@ 5.5 - Building a custom kernel -It is assumed you have read the above, and really -enjoy pain. +It is assumed you really enjoy pain. It is also assumed that you have a goal that can not be achieved by either a boot time configuration (UKC) or by configuring a GENERIC kernel. @@ -1258,7 +1257,7 @@ including attempting to upgrade from source or assuming a week old snapshot is "close enough" Checking out the wrong branch of the tree -Trying to customize or "optimize" your system +Trying to customize or "optimize" your system Here are some additional problems you might encounter, however: Index: faq9.html === RCS file: /cvs/www/faq/faq9.html,v retrieving revision 1.122 diff -u -r1.122 faq9.html --- faq9.html 27 Feb 2016 16:39:54 - 1.122 +++ faq9.html 20 Mar 2016 17:23:42 - @@ -182,9 +182,8 @@ Shells such as bash and many others can be added from packages or ports. -Users familiar with bash are encouraged to -try ksh before loading bash on their system -- it does what most people -desire of a shell. +Users familiar with bash are encouraged to try ksh before loading bash +on their system -- it does what most people desire of a shell. Password management on OpenBSD is different from password management on some other Unix-like operating systems. @@ -216,8 +215,8 @@ OpenBSD must be installed to one of the four "primary" partitions. Some other OSs encourage you to customize your kernel for your machine. -OpenBSD users are encouraged to simply use -the standard GENERIC kernel provided and tested by the developers. +OpenBSD users are encouraged to simply use the standard GENERIC kernel +provided and tested by the developers. Users attempting to "customize" or "optimize" their kernel usually cause far more problems than they solve, and will not be supported by developers. Index: faq10.html === RCS file: /cvs/www
BGP MPLS VPN Question
Is it possible to setup a multi-site BGP MPLS VPN? Currently, I have it working great between two sites running OpenBSD 5.9-current. I tried adding a third site to my simulation but it hasn't worked. The third site I have sharing the same MPLS label and routing domain. Is this where I am going wrong? Do I need to create a separate routing domain for the third site, another mpe interface with different MPLS label, and create static routes between the rdomains? Thank you again, Matt
