Re: freeradius denies to authentocate with eap-tls

[Mikhael Lialin]

Hello and good day.

Finally found the actual reason.

The outer client is failed eap tls because of packet fragmentation. on 
interface mtu is set as 1500, and packet is 1514.


from tshark:

RADIUS 1514 Access-Request id=4[BoundErrorUnreassembled Packet]
RADIUS 1514 Access-Request id=4, Duplicate 
Request[BoundErrorUnreassembled Packet]
RADIUS 1514 Access-Request id=4, Duplicate 
Request[BoundErrorUnreassembled Packet]
RADIUS 1514 Access-Request id=4, Duplicate 
Request[BoundErrorUnreassembled Packet]


any idea why this happen ?

Thank you.

On 3/2/23 00:55, Mikhael Lialin wrote:


Hello.

Answered to moved to ports thread, and realised that it not posted in 
thread.


So copying messages here as attachments.

Finally found the cause - fragmented packet reassembly error.

Thank you.
On 2/26/23 15:37, Robert Klein wrote:

Hi,

I'm answering this to the misc list.

The ktrace is a bit heavy to read.  Could you run freeradius from the
command line as follows

/usr/local/sbin/radiusd -X >radius.log

and sent this file?


But first, if you didn't change the configuration, I don't believe
you can use freeradius at all.   Didn't you at least set up some files
in /etc/raddb, e.g. client.conf, users.conf, proxy.conf?  No changes in
sites and/or modules?

Best regards
Robert


On Sat, 25 Feb 2023 02:18:20 +0400
Mikhael Lialin  wrote:


Hi.

Trying to setup witi with radius eap-tls authentication.

And getting time out while authenticated.

Tried with custome setup, and default setup with generated
certificates within installation.

in ktrace of rediusd something waiting:

28664 radiusd  RET   wait4 -1 errno 10 No child processes

all configuration of freeradius are default after installation,
nothing were modified.

Please help.

Debug ant ktrace session attached.


Mikhael.

Weird clang behavior

[Ali Farzanrad]

Hi,

Is it normal to have such behavior?

$ cat loop.c
int
main(void)
{
for (;;)
;
}
$ clang -O1 -Wall -Wextra -S -o loop.c.s loop.c
$ clang++ -O1 -Wall -Wextra -S -o loop.cxx.s loop.c
clang++: warning: treating 'c' input as 'c++' when in C++ mode, this behavior 
is deprecated [-Wdeprecated]
$ diff -U8 loop.c.s loop.cxx.s
--- loop.c.sThu Mar  2 11:55:02 2023
+++ loop.cxx.s  Thu Mar  2 11:55:08 2023
@@ -5,20 +5,16 @@
.type   main,@function
 main:   # @main
.cfi_startproc
 # %bb.0:
pushq   %rbp
.cfi_def_cfa_offset 16
.cfi_offset %rbp, -16
movq%rsp, %rbp
-   .cfi_def_cfa_register %rbp
-   .p2align4, 0x90
-.LBB0_1:# =>This Inner Loop Header: Depth=1
-   jmp .LBB0_1
 .Lfunc_end0:
.size   main, .Lfunc_end0-main
.cfi_endproc
 # -- End function
.section
.text.__llvm_retpoline_r11,"axG",@progbits,__llvm_retpoline_r11,comdat
.hidden __llvm_retpoline_r11# -- Begin function 
__llvm_retpoline_r11
.weak   __llvm_retpoline_r11
.p2align4, 0xcc


See that jmp instruction which is removed.
Without that jmp instruction the main function might reach other codes!

Re: Weird clang behavior

[Otto Moerbeek]

On Thu, Mar 02, 2023 at 12:00:18PM +, Ali Farzanrad wrote:

> Hi,
> 
> Is it normal to have such behavior?
> 
> $ cat loop.c
> int
> main(void)
> {
>   for (;;)
>   ;
> }
> $ clang -O1 -Wall -Wextra -S -o loop.c.s loop.c
> $ clang++ -O1 -Wall -Wextra -S -o loop.cxx.s loop.c
> clang++: warning: treating 'c' input as 'c++' when in C++ mode, this behavior 
> is deprecated [-Wdeprecated]
> $ diff -U8 loop.c.s loop.cxx.s
> --- loop.c.s  Thu Mar  2 11:55:02 2023
> +++ loop.cxx.sThu Mar  2 11:55:08 2023
> @@ -5,20 +5,16 @@
>   .type   main,@function
>  main:   # @main
>   .cfi_startproc
>  # %bb.0:
>   pushq   %rbp
>   .cfi_def_cfa_offset 16
>   .cfi_offset %rbp, -16
>   movq%rsp, %rbp
> - .cfi_def_cfa_register %rbp
> - .p2align4, 0x90
> -.LBB0_1:# =>This Inner Loop Header: Depth=1
> - jmp .LBB0_1
>  .Lfunc_end0:
>   .size   main, .Lfunc_end0-main
>   .cfi_endproc
>  # -- End function
>   .section
> .text.__llvm_retpoline_r11,"axG",@progbits,__llvm_retpoline_r11,comdat
>   .hidden __llvm_retpoline_r11# -- Begin function 
> __llvm_retpoline_r11
>   .weak   __llvm_retpoline_r11
>   .p2align4, 0xcc
> 
> 
> See that jmp instruction which is removed.
> Without that jmp instruction the main function might reach other codes!
> 

See https://en.cppreference.com/w/cpp/language/for "Notes"

In C++, a for loop that has no observable behaviour can be removed.
Note that "observable behaviour" has a specific definition in C++.

-Otto

Re: Recommended place to store static arp entries

[Stuart Henderson]

On 2023-03-01, Raimo Niskanen  wrote:
> On Tue, Feb 28, 2023 at 02:35:18PM +0100, Claudio Jeker wrote:
>> On Tue, Feb 28, 2023 at 03:30:18PM +0200, Cristian Danila wrote:
>> > Dear Misc,
>> > 
>> > I would really appreciate if more experienced members of you
>> > could suggest if there is a dedicated place or recommended
>> > place for OpenBSD where static arp entries should be stored.
>> > I found many answers over the internet, in some books it is
>> > mentioning /etc/netstart.
>> > Also on very old thread fro OpenBSD I see it was discussed at
>> > some point a possible idea like /etc/arp.conf
>> > https://marc.info/?l=openbsd-bugs&m=103773290509612&w=2
>> > In the same thread it was mentioned rc.conf but definitly rc.conf
>> > is a file that states that is should not be edited.
>> > Or maybe rc.conf.local as an alternative?
>> > 
>> > Where do you recommend storing static arp entries?
>> 
>> To be honest I never had the need to store static arp entries. So for me
>> the best place is /dev/null. Now if I really had to choose I would select
>> the interface's hostname.if file to add static entries. It is the place
>> where the interface gets its network which is the place arp entries hang
>> off of. It will all be configured together and immediatly usable.
>
> Please exuse me if this is a stupid counter question,
> but isn't this what ethers(5) is for?

Not really - you could use it as input to a handrolled script if you
wanted, but the main purpose of that file is to lookup addresses/names
for ether_ntohost()/ether_hostton().

Like Claudio, if I needed this I'd add ! commands in hostname.if.

Usually the only place I'd do MAC enforcement (and then only rarely)
would be on switches though.

-- 
Please keep replies on the mailing list.

Re: Using scan_ffs to recover a disklabel

[Stuart Henderson]

On 2023-02-21, cho...@jtan.com  wrote:
> Well the numbers scan_ffs gave me were gibberish. The manual warns
> that it only looks for ffs1 partitions, not ffs2, but I ran it
> anyway and tried poking variations on the numbers it gave me into
> disklabel. That didn't work.

Glad you got the data back - btw netbsd scanffs does have ffs2 support.

Re: Recommended place to store static arp entries

[Daniele B.]

> 
>> Please exuse me if this is a stupid counter question,
>> but isn't this what ethers(5) is for?
> 
> Not really - you could use it as input to a handrolled script if you
> wanted, but the main purpose of that file is to lookup addresses/names
> for ether_ntohost()/ether_hostton().
> 
> Like Claudio, if I needed this I'd add ! commands in hostname.if.
> 
> Usually the only place I'd do MAC enforcement (and then only rarely)
> would be on switches though.

At this point it is better to enforce mac constraints in pf.conf than
loosing on portability (changing hardware, etc) enforcing mac in hostname.if, 
my opinion.


-- Daniele Bonini

Re: Recommended place to store static arp entries

[Crystal Kolipe]

On Thu, Mar 02, 2023 at 04:58:11PM +0100, Daniele B. wrote:
> At this point it is better to enforce mac constraints in pf.conf than
> loosing on portability (changing hardware, etc) enforcing mac in hostname.if, 
> my opinion.

The /etc/hostname.if files can take a MAC address as the if part now, so that
is not necessarily an issue.

Re: Recommended place to store static arp entries

[Daniele B.]

> The /etc/hostname.if files can take a MAC address as the if part now, so that
> is not necessarily an issue.

Interesting though, how to specify the mac?

However this doesnt change much in portability coordinates, if you litterally 
switch you bsd
from an hardware system to an other one luckly you will change mac too.

The flexibility of pf enforcing these kind of ner rules comes really in handy.

Re: Recommended place to store static arp entries

[Crystal Kolipe]

On Thu, Mar 02, 2023 at 05:33:09PM +0100, Daniele B. wrote:
> 
> > The /etc/hostname.if files can take a MAC address as the if part now, so 
> > that
> > is not necessarily an issue.
> 
> Interesting though, how to specify the mac?
> 
> However this doesnt change much in portability coordinates, if you litterally 
> switch you bsd
> from an hardware system to an other one luckly you will change mac too.

If you add or remove an NIC on a system that is using /etc/hostname.mac then
the other NICs will still read the correct configuration.  That was not
always true with hostname.if.

If you change the hardware completely, then of course you are likely to have
to make changes to the networking configuration.  That's almost unavoidable.

Questions about man gcc-local

[Stanislav Syekirin]

Hi all,

is the man page for gcc-local 
(https://man.openbsd.org/OpenBSD-7.2/gcc-local) up to date? It 
mentions, for example, i386, but OpenBSD 7.2 on i386 doesn't seem to 
include gcc. Also, the link to gcc(1) at the bottom of the man page is 
dead.


Regards
Stanislav

openbsd get really hot/warm

[lm2]

hello



unfortunately since a week I was wondering about something :

on two old hp elitebook, it looks like under win7 and linux/LMDE, that at a 
general glance everything looks correct



but on openbsd, something happens, even if CPU is not high : it's a huge 
overheating, with fans going almost everytime in the high speed, and lower case 
of the laptop, almost burning (in a way it's really warm, impossible to get it 
a minute on laps)

I saw the same problem on an asus laptop.

is there anyway to know where it come from?



openbsd v7.1



under win7 and linux (lmde5), this problem doesnt happens. It's really strange.
thak you for ideas

Re: openbsd get really hot/warm

[Peter N. M. Hansteen]

On Thu, Mar 02, 2023 at 06:43:02PM +0100, l...@netc.fr wrote:
> 
> unfortunately since a week I was wondering about something :
> 
> on two old hp elitebook, it looks like under win7 and linux/LMDE, that at a 
> general glance everything looks correct
> 
> but on openbsd, something happens, even if CPU is not high : it's a huge 
> overheating, with fans going almost everytime in the high speed, and lower 
> case of the laptop, almost burning (in a way it's really warm, impossible to 
> get it a minute on laps)
> 
> I saw the same problem on an asus laptop.
> 
> is there anyway to know where it come from?

See if you can't get some effect from using apm/apmd (see 
https://man.openbsd.org/apm).

- Peter

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: openbsd get really hot/warm

[Mike Larkin]

On Thu, Mar 02, 2023 at 06:43:02PM +0100, l...@netc.fr wrote:
>
> hello
>
>
>
> unfortunately since a week I was wondering about something :
>
> on two old hp elitebook, it looks like under win7 and linux/LMDE, that at a 
> general glance everything looks correct
>
>
>
> but on openbsd, something happens, even if CPU is not high : it's a huge 
> overheating, with fans going almost everytime in the high speed, and lower 
> case of the laptop, almost burning (in a way it's really warm, impossible to 
> get it a minute on laps)
>
> I saw the same problem on an asus laptop.
>
> is there anyway to know where it come from?
>
>
>
> openbsd v7.1
>
>
>
> under win7 and linux (lmde5), this problem doesnt happens. It's really 
> strange.
> thak you for ideas

man sendbug

Re: openbsd get really hot/warm

[Stuart Henderson]

On 2023-03-02, l...@netc.fr  wrote:
>
> hello
>
>
>
> unfortunately since a week I was wondering about something :
>
> on two old hp elitebook, it looks like under win7 and linux/LMDE, that at a 
> general glance everything looks correct
>
>
>
> but on openbsd, something happens, even if CPU is not high : it's a huge 
> overheating, with fans going almost everytime in the high speed, and lower 
> case of the laptop, almost burning (in a way it's really warm, impossible to 
> get it a minute on laps)
>
> I saw the same problem on an asus laptop.
>
> is there anyway to know where it come from?

Plugged in or on battery?

If that's plugged in, is it any better on battery?

>
>
> openbsd v7.1
>
>
>
> under win7 and linux (lmde5), this problem doesnt happens. It's really 
> strange.
> thak you for ideas
>


-- 
Please keep replies on the mailing list.

Re: Questions about man gcc-local

[Stuart Henderson]

On 2023-03-02, Stanislav Syekirin  
wrote:
> Hi all,
>
> is the man page for gcc-local 
> (https://man.openbsd.org/OpenBSD-7.2/gcc-local) up to date? It 
> mentions, for example, i386, but OpenBSD 7.2 on i386 doesn't seem to 
> include gcc. Also, the link to gcc(1) at the bottom of the man page is 
> dead.

Architectures which fully switched to clang as the base compiler don't
build the OpenBSD version of gcc any more. (They do have a newer gcc in
ports, in general those try to be in sync with changes to base gcc too -
for example PIE by default).

Archs which still use gcc in base do have the gcc(1) manual, e.g. sparc64

Re: Questions about man gcc-local

[Jason McIntyre]

On Thu, Mar 02, 2023 at 10:22:51PM -, Stuart Henderson wrote:
> On 2023-03-02, Stanislav Syekirin 
>  wrote:
> > Hi all,
> >
> > is the man page for gcc-local 
> > (https://man.openbsd.org/OpenBSD-7.2/gcc-local) up to date? It 
> > mentions, for example, i386, but OpenBSD 7.2 on i386 doesn't seem to 
> > include gcc. Also, the link to gcc(1) at the bottom of the man page is 
> > dead.
> 
> Architectures which fully switched to clang as the base compiler don't
> build the OpenBSD version of gcc any more. (They do have a newer gcc in
> ports, in general those try to be in sync with changes to base gcc too -
> for example PIE by default).
> 
> Archs which still use gcc in base do have the gcc(1) manual, e.g. sparc64
> 
> 

i don;t think we should be installing gcc-local(1) on any archs where
gcc isnt happening:

$ uname -a
OpenBSD manila.kerhand.co.uk 7.2 GENERIC.MP#22 amd64
$ man gcc
man: No entry for gcc in the manual.

jmc

Re: Recommended place to store static arp entries

[Daniel Jakots]

On Tue, 28 Feb 2023 14:35:18 +0100, Claudio Jeker
 wrote:

> To be honest I never had the need to store static arp entries. So for
> me the best place is /dev/null.

Not op, but I have such a need: I own an wifi AP which tends to not
being able to let arp pass, in one direction. All the rest is fine, so
as long the router can reach the hosts in the LANs.

I ended up having in my router:

$ cat /etc/rc.local
arp -Fs 192.0.2.1 00:11:22:33:44:55
[...]

for the required devices using wifi.

Of course I'm not happy about the situation, but it's a good work around
for this shitty device.

Cheers,
Daniel