Re: Wireless network with bfwm sometimes works and sometimes doesn't
On Mon, Apr 08, 2024 at 11:30:07PM +0200, Stanislav Syekirin wrote: > This is my /etc/hostname.bwfm0: Please add a line saying 'debug' at the top if hostname.bwfm0: debug > join NETWORK_IN_QUESTION_5G wpakey PASSWORD > inet6 autoconf > inet autoconf > > I would appreciate any suggestions. Show us what is printed in dmesg with debug enabled when it fails to connect. Among other info it shows scan results. Does your AP appear in the list?
Re: 7.5 /var/log/messages - vfprintf %s NULL in "%.*s"
>The log message no longer appears after running > >cp /usr/share/terminfo/x/xterm-256color ~/.terminfo/x/ Indeed! After mkdir -p ~/.terminfo/t/ cp /usr/share/terminfo/t/tmux-256color ~/.terminfo/t/ (and the same for other termcaps used) those messages are gone from /var/log/messages. -- Eivind Eide "ONLY THOSE WHO ATTEMPT THE IMPOSSIBLE WILL ACHIEVE THE ABSURD" - Oceania Association of Autonomous Astronauts
Re: Ping blocked by firewall
On Tue, Apr 09, 2024 at 08:39:08AM +0200, Karel Lucas wrote:
> Hi all,
>
> For the first time I tested my new firewall with ping, and it is blocked. I
> don't know what the reason is, you can find the information below. I have a
> network with only regular clients, so no servers. I'm still using OpenBSD
> V7.4, and will upgrade once the firewall is up and running so I can test the
> upgrade process.
>
> /etc/pf.conf:
> ext_if = igc0 # Extern interface
> int_if = "{ igc1, igc2 }" # Intern interfaces
> localnet = "192.168.2.0/24"
> tcp_services = "{ smtp, domain, www, auth, http, https, pop3, pop3s }"
> udp_services = "{ domain, ntp }"
> email = "{ smtp, imap, imaps, imap3, pop3, pop3s }"
> icmp_types = "{ echoreq, unreach }"
> icmp6_types = "{ echoreq, unreach }"
> nameservers = "{ 195.121.1.34, 195.121.1.66 }"
> client_out = "{ ssh, domain, pop3, auth, nportntp, http, https, \
> ?? ?? ?? ?? 446, cvspserver, 2628, 5999, 8000, 8080 }"
> Martians = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \
> ?? ?? ?? 10.0.0.0/8, 169.254, 0.0/16, 192.0.2.0/24, \
> ?? ?? ?? 0.0.0.0/8, 240.0.0.0/4 }"
> set skip on lo
> # By default, do not permit remote connections to X11
> block return in on ! lo0 proto tcp to port 6000:6010
> block log all?? ?? ?? ?? # block stateless traffic
> # Letting ping through:
> pass log on inet proto icmp icmp-type $icmp_types
> pass log on inet6 proto icmp6 icmp6-type $icmp6_types
> # Allow out the default range for traceroute(*):
> # "base+nhops*nqueries-1" (3434+64*3-1)
> pass log out on ext_if inet proto udp to port 33433:33626 # for IPv4
> pass log out on ext_if inet6 proto udp to port 33433:33626 # for IPv6
> pass log quick on $ext_if inet proto {tcp, udp} from $localnet \
> ?? ?? to port $udp_services
> pass log on $ext_if inet proto icmp all icmp-type $icmp_types
> pass log on $ext_if inet proto tcp from $localnet to port $client_out
> block log in quick on $ext_if from $martians to any
> block log out quick on $ext_if from any to $martians
> pass log out proto tcp to port $tcp_services # establish keep-stat
> pass log log proto udp to port $udp_services # Establish keep-state
>
> /var/log/pflog:
> tcpdump: WARNING: snaplen raised from 116 to 160
> Apr 09 08:16:45.009497 :: > ff02::16: HBH multicast listener report v2, 2
> group record(S) [hlim 1]
> apr 09 08:16:45.009500 :: > ff02::16: HBH multicast listener report v2, 2
> group record(S) [hlim 1]
Hi Karel,
Hope you're well! Here is what you should add to your IPv6 icmp_types:
pass log on $ext_if inet6 proto ipv6-icmp all icmp6-type neighbrsol
pass log on $ext_if inet6 proto ipv6-icmp all icmp6-type neighbradv
This allows the NDP protocol to converse (it's similar to the IPv4 ARP).
I didn't see you had the problem with only IPv6, but the way I tested it, the
IPv4 worked fine. It was IPv6 that had the missing neighbour solicititation
and advertising.
Best Regards,
-pjp
--
my associated domains: callpeter.tel|centroid.eu|dtschland.eu|mainrechner.de
Re: 7.5: Fatal errors from eigrpd
This is most probably fallout from the imsg / ibuf API changes done
in 7.5. I need to setup a test system to see if I can figure out what goes
wrong.
On Mon, Apr 08, 2024 at 08:15:52PM +0200, Mark Leonard wrote:
> (Gah! Here's the post again in plaintext. Apologies.)
>
> Hello all,
>
> I'm running eigrpd in a VMWare environment and after upgrading to 7.5 from
> 7.4 I'm noticing eigrpd is failing with a couple different errors. In 7.4
> and prior I never had any problems.
>
> I tried to include everything that I thought might be relevant but if
> there's any other information I can provide please let me know.
>
> Has anyone else come across anything similar?
>
> Thanks,
> Mark
>
>
>
> examples:
>
> test1# eigrpd -dv
> startup
> eigrp_if_start: lo1 as 1 family ipv4
> eigrp_if_start: em0 as 1 family ipv4
> if_join_ipv4_group: interface em0 addr 224.0.0.10
> rt_new: prefix aa.bb.cc.1/32
> route_new: prefix aa.bb.cc.1/32 via connected distance (28160/0)
> rt_new: prefix 198.18.101.0/24
> route_new: prefix 198.18.101.0/24 via connected distance (28160/0)
> fatal in eigrpe: send_packet: get hdr failed
> rt_del: prefix aa.bb.cc.1/32
> route_del: prefix aa.bb.cc.1/32 via connected
> rt_del: prefix 198.18.101.0/24
> route_del: prefix 198.18.101.0/24 via connected
> route decision engine exiting
> kernel routing table decoupled
> waiting for children to terminate
> terminating
>
> and
>
> RouterTest# eigrpd -dv
> startup
> eigrp_if_start: em1 as 1 family ipv4
> if_join_ipv4_group: interface em1 addr 224.0.0.10
> rt_new: prefix 198.18.101.0/24
> route_new: prefix 198.18.101.0/24 via connected distance (28160/0)
> rt_del: prefix 198.18.101.0/24
> route_del: prefix 198.18.101.0/24 via connected
> route decision engine exiting
> kernel routing table decoupled
> waiting for children to terminate
> eigrp engine terminated; signal 11
> terminating
>
>
> This is happening on two of two upgraded VMs.
>
> SHA256 (/usr/sbin/eigrpd) =
> 3b85d7ac155afe4edd355f8b1d8c81f77c6254d96410af8b22f4018b756282a6
> (just in case)
>
> I've tried with net.inet.tcp.tso=0 and net.inet.tcp.tso=1. Same result.
>
> test1# uname -a
> OpenBSD test1.local 7.5 GENERIC.MP#82 amd64
>
> The configs I'm running are pretty basic:
>
> RouterTest# eigrpd -n
> configuration OK
> RouterTest# eigrpd -nv
>
>
> router-id 198.18.101.1
> fib-update yes
> rdomain 0
> fib-priority-internal 28
> fib-priority-external 28
> fib-priority-summary 28
>
>
> address-family ipv4 {
> autonomous-system 1 {
> k-values 1 0 1 0 0 0
> active-timeout 3
> maximum-hops 100
> maximum-paths 4
> variance 8
> default-metric 10 10 255 1 1500
>
>
> interface em1 {
> hello-interval 5
> holdtime 15
> delay 10
> bandwidth 10
> split-horizon yes
> }
> }
> }
>
>
> address-family ipv6 {
>
> }
--
:wq Claudio
Re: Ping blocked by firewall
I defined the table as stated in your book (3rd edition, page 42). However, that gives an error message. In the lines with that table: macro 'martians' not defined. Moreover, I now also have a Syntax error in lines 38, 39 and 46, causing the pf lines not to be loaded. Op 09-04-2024 om 08:53 schreef Peter N. M. Hansteen: On Tue, Apr 09, 2024 at 08:39:08AM +0200, Karel Lucas wrote: Hi all, For the first time I tested my new firewall with ping, and it is blocked. I don't know what the reason is, you can find the information below. I have a network with only regular clients, so no servers. I'm still using OpenBSD V7.4, and will upgrade once the firewall is up and running so I can test the upgrade process. Upgrading to 7.5 will not affect this particular problem I think. Still low on caffeine I spot two likely factors - your $localnet range overlaps with one of the ranges in $martians (which I anyway would recommend converting into a table), and your block referencing $martians comes after the pass rules that would have let icmp through. With no previous matching quick, last match applies. - Peter
Re: Ping blocked by firewall
On Tue, Apr 09, 2024 at 10:52:45AM +0200, Karel Lucas wrote: > I defined the table as stated in your book (3rd edition, page 42). However, > that gives an error message. In the lines with that table: macro 'martians' > not defined. Moreover, I now also have a Syntax error in lines 38, 39 and > 46, causing the pf lines not to be loaded. How abot showing what you did, showing the actual error messages so people here can actually help you? Just saying "it does not work" does not get you anywhere. -Otto > > Op 09-04-2024 om 08:53 schreef Peter N. M. Hansteen: > > On Tue, Apr 09, 2024 at 08:39:08AM +0200, Karel Lucas wrote: > > > Hi all, > > > > > > For the first time I tested my new firewall with ping, and it is blocked. > > > I > > > don't know what the reason is, you can find the information below. I have > > > a > > > network with only regular clients, so no servers. I'm still using OpenBSD > > > V7.4, and will upgrade once the firewall is up and running so I can test > > > the > > > upgrade process. > > Upgrading to 7.5 will not affect this particular problem I think. > > > > Still low on caffeine I spot two likely factors - your $localnet range > > overlaps > > with one of the ranges in $martians (which I anyway would recommend > > converting > > into a table), and your block referencing $martians comes after the pass > > rules > > that would have let icmp through. With no previous matching quick, last > > match > > applies. > > > > - Peter > > >
Re: Ping blocked by firewall
I moved the lines with the martians between the 'block log all' line and the ping lines. Furthermore, I changed the macro 'martians' to a table: table persist file "etc/martians". Messages during booting: /etc/pf.conf:29: syntax error /etc/pf.conf:29: macro 'martians' not defined /etc/pf.conf:30: macro 'martians' not defined /etc/pf.conf:38: syntax error /etc/pf.conf:39: syntax error /etc/pf.conf:46: syntax error Op 09-04-2024 om 11:13 schreef Otto Moerbeek: On Tue, Apr 09, 2024 at 10:52:45AM +0200, Karel Lucas wrote: I defined the table as stated in your book (3rd edition, page 42). However, that gives an error message. In the lines with that table: macro 'martians' not defined. Moreover, I now also have a Syntax error in lines 38, 39 and 46, causing the pf lines not to be loaded. How abot showing what you did, showing the actual error messages so people here can actually help you? Just saying "it does not work" does not get you anywhere. -Otto Op 09-04-2024 om 08:53 schreef Peter N. M. Hansteen: On Tue, Apr 09, 2024 at 08:39:08AM +0200, Karel Lucas wrote: Hi all, For the first time I tested my new firewall with ping, and it is blocked. I don't know what the reason is, you can find the information below. I have a network with only regular clients, so no servers. I'm still using OpenBSD V7.4, and will upgrade once the firewall is up and running so I can test the upgrade process. Upgrading to 7.5 will not affect this particular problem I think. Still low on caffeine I spot two likely factors - your $localnet range overlaps with one of the ranges in $martians (which I anyway would recommend converting into a table), and your block referencing $martians comes after the pass rules that would have let icmp through. With no previous matching quick, last match applies. - Peter
Re: Packages upgrade failure after upgrading to 7.5
On Mon, Apr 8, 2024 at 2:38 PM Stuart Henderson wrote: > > On 2024-04-08, Ioan Samarul wrote: > > Hello to you all! > > > > I upgraded without problem to 7.5, everything went smooth as always, > > except when I tried to upgrade the packages. > > > > This are the errors of `doas pkg_add -uV` (there is no version of > > firefox installed, if that helps) > > > > No pkgname in packing-list for .libs1-firefox-esr-91.13.0 > > No pkgname in packing-list for .libs1-firefox-esr-102.13.0 > > No pkgname in packing-list for .libs-firefox-esr-91.13.0 > > Warning: couldn't read packing-list from installed package firefox-119.0 > > File /var/db/pkg/firefox-119.0/+CONTENTS does not exist > > Error: firefox-119.0 missing from installation > > You have some corruption in /var/db/pkg. I would try pkg_check and allow > it to fix things. Thank you so much! Everything went smooth after the check. Never new about pgk_check. > > to_install: > > lcms2-2.15 => //lcms2-2.15/ > > updatedb-0p0 => //updatedb-0p0/ > > xz-5.4.5 => //xz-5.4.5/ > > zstd-1.5.5 => //zstd-1.5.5/ > > tiff-4.6.0 => //tiff-4.6.0/ > > quirks-7.14 => //quirks-7.14/ > > jpeg-3.0.2v0 => //jpeg-3.0.2v0/ > > ImageMagick-6.9.12.96 => ImageMagick-6.9.12.96/ImageMagick-6.9.12.88p0// > > lz4-1.9.4 => //lz4-1.9.4/ > > libxml-2.12.5 => > > libxml-2.12.5/libxml-2.11.5p0,.libs2-libxml-2.10.4,.libs2-libxml-2.9.13p2,.libs-libxml-2.9.13p2,.libs4-libxml-2.11.5p0,.libs1-libxml-2.10.4,.libs1-libxml-2.9.13p2,.libs3-libxml-2.10.4,.libs3-libxml-2.9.13p2,.libs7-libxml-2.11.5p0,.libs2-libxml-2.11.5p0,.libs-libxml-2.10.4,.libs8-libxml-2.11.5p0,.libs6-libxml-2.11.5p0,.libs-libxml-2.11.5p0,.libs1-libxml-2.11.5p0,.libs3-libxml-2.11.5p0,.libs5-libxml-2.11.5p0// > > libiconv-1.17 => //libiconv-1.17/ > > to_update: > > hwdata-0.374 => /hwdata-0.374// > > libebml-1.4.4 => /libebml-1.4.4// > > libjxl-0.8.2 => /libjxl-0.8.2// > > qtlocation-5.15.10 => /qtlocation-5.15.10// > > poppler-data-0.4.12 => /poppler-data-0.4.12// > > libavif-0.11.1p0 => /libavif-0.11.1p0// > > .libs5-libxml-2.11.5p0 => > > libxml-2.12.5/libxml-2.11.5p0,.libs2-libxml-2.10.4,.libs2-libxml-2.9.13p2,.libs-libxml-2.9.13p2,.libs4-libxml-2.11.5p0,.libs1-libxml-2.10.4,.libs1-libxml-2.9.13p2,.libs3-libxml-2.10.4,.libs3-libxml-2.9.13p2,.libs7-libxml-2.11.5p0,.libs2-libxml-2.11.5p0,.libs-libxml-2.10.4,.libs8-libxml-2.11.5p0,.libs6-libxml-2.11.5p0,.libs-libxml-2.11.5p0,.libs1-libxml-2.11.5p0,.libs3-libxml-2.11.5p0,.libs5-libxml-2.11.5p0// > > pkglocatedb-1.5 => /pkglocatedb-1.5// > > universal-ctags-6.0.0 => /universal-ctags-6.0.0// > > py3-packaging-23.1 => /py3-packaging-23.1// > > texlive_base-2022p0 => /texlive_base-2022p0// > > py3-ifaddr-0.2.0 => /py3-ifaddr-0.2.0// > > xclip-0.13p1 => /xclip-0.13p1// > > ffmpeg-4.4.4p2v1 => /ffmpeg-4.4.4p2v1// > > aspell-ro-3.3.2v1 => /aspell-ro-3.3.2v1// > > py3-regex-2023.6.3 => /py3-regex-2023.6.3// > > lua-5.2.4p1 => /lua-5.2.4p1// > > aom-3.8.1 => /aom-3.8.1// > > xfce4-mailwatch-1.3.1p1 => /xfce4-mailwatch-1.3.1p1// > > libvidstab-1.1.0 => /libvidstab-1.1.0// > > libev-4.33 => /libev-4.33// > > http-parser-2.9.4 => /http-parser-2.9.4// > > polybar-3.6.3p0 => /polybar-3.6.3p0// > > lua-compat53-0.9 => /lua-compat53-0.9// > > texlive_mktexlsr-2022p0 => /texlive_mktexlsr-2022p0// > > libheif-1.16.2p0 => /libheif-1.16.2p0// > > py3-autocommand-2.2.2 => /py3-autocommand-2.2.2// > > libcares-1.19.1 => /libcares-1.19.1// > > openal-1.23.1v0 => /openal-1.23.1v0// > > tesseract-ron-4.1.0v0 => /tesseract-ron-4.1.0v0// > > py3-jaraco.collections-3.8.0 => /py3-jaraco.collections-3.8.0// > > gtk+3-3.24.38 => /gtk+3-3.24.38// > > p5-Pango-1.227p3 => /p5-Pango-1.227p3// > > py3-socks-1.7.1p5 => /py3-socks-1.7.1p5// > > sqlite3-3.44.2 => /sqlite3-3.44.2// > > libunbound-1.19.1 => /libunbound-1.19.1// > > xfwm4-themes-4.10.0p0 => /xfwm4-themes-4.10.0p0// > > .libs3-libxml-2.9.13p2 => > > libxml-2.12.5/libxml-2.11.5p0,.libs2-libxml-2.10.4,.libs2-libxml-2.9.13p2,.libs-libxml-2.9.13p2,.libs4-libxml-2.11.5p0,.libs1-libxml-2.10.4,.libs1-libxml-2.9.13p2,.libs3-libxml-2.10.4,.libs3-libxml-2.9.13p2,.libs7-libxml-2.11.5p0,.libs2-libxml-2.11.5p0,.libs-libxml-2.10.4,.libs8-libxml-2.11.5p0,.libs6-libxml-2.11.5p0,.libs-libxml-2.11.5p0,.libs1-libxml-2.11.5p0,.libs3-libxml-2.11.5p0,.libs5-libxml-2.11.5p0// > > xfce4-appfinder-4.18.1 => /xfce4-appfinder-4.18.1// > > gvfs-1.50.6 => /gvfs-1.50.6// > > libvpx-1.13.1v0 => /libvpx-1.13.1v0// > > gmp-6.3.0 => /gmp-6.3.0// > > json-glib-1.6.6p1 => /json-glib-1.6.6p1// > > py3-MarkupSafe-2.1.3 => /py3-MarkupSafe-2.1.3// > > .libs-libxml-2.11.5p0 => > > libxml-2.12.5/libxml-2.11.5p0,.libs2-libxml-2.10.4,.libs2-libxml-2.9.13p2,.libs-libxml-2.9.13p2,.libs4-libxml-2.11.5p0,.libs1-libxml-2.10.4,.libs1-libxml-2.9.13p2,.libs3-libxml-2.10.4,.libs3-libxml-2.9.13
Re: Ping blocked by firewall
On Tue, Apr 09, 2024 at 10:52:45AM +0200, Karel Lucas wrote:
> I defined the table as stated in your book (3rd edition, page 42). However,
> that gives an error message. In the lines with that table: macro 'martians'
> not defined. Moreover, I now also have a Syntax error in lines 38, 39 and
> 46, causing the pf lines not to be loaded.
macro names are case sensitive, to wit
peter@kapet:~$ cat martians
Martians = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \
10.0.0.0/8, 169.254, 0.0/16, 192.0.2.0/24, \
0.0.0.0/8, 240.0.0.0/4 }"
block from $martians
peter@skapet:~$ doas pfctl -vnf martians
Martians = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12,
10.0.0.0/8, 169.254, 0.0/16, 192.0.2.0/24, 0.0.0.0/8, 240.0.0.0/4
}"
martians:5: macro 'martians' not defined
martians:5: syntax error
for conversion to tables, keep in mind that references need the
surrounding '<' and '>'.
--
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Libressl verify failure with 3.9.0
Thanks for the suggestion. The workaround does work, and creates (essentially) the same certificate, but one that does not fail verification with the new libressl. I did notice the option of not have the leading "20" for dates before 2050, but I did not know enough to try doing that. Ted > -Original Message- > > From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On > Behalf > > Of Theo Buehler > > Sent: Monday, April 08, 2024 6:45 AM > > To: Ted Wynnychenko > > Cc: 'OpenBSD misc'; b...@openbsd.org; js...@openbsd.org > > Subject: Re: Libressl verify failure with 3.9.0 > > > > On Sun, Apr 07, 2024 at 04:57:24PM -0500, Ted Wynnychenko wrote: > > > Hello, > > > > > > I recently updated to -current (about a week ago). > > > > > > I see that Libressl is at 3.9.1 just now, but I hope that won't be > an > > issue > > > (I did not see anything in the release notes that would impact my > > question). > > > --- > > > $ openssl version > > > LibreSSL 3.9.0 > > > --- > > > > > > Over the years, I have made certificates for personal > > servers/resources on > > > my home network. This is just for me, so I do some things that > would > > be > > > frowned on (although, technically, there is nothing "wrong" with > > them). > > > > > > In this case, since I have Apple iOS devices that I want to connect > > to > > > https, I backdate any certificates I create to 1/2/2019. Apple has > > imposed > > > a 300 or 800 day time limit on the validity for certificates > created > > after > > > (about) 7/1/2019. Since I don't want to constantly make new > > certificates > > > for my personal/home network, I have just been setting the > > certificates' > > > "not before" date to early 2019. > > > > > > Anyway, this had worked fine. > > > In fact, earlier this year (Jan 2024), I created a new certificate, > > and all > > > is good. > > > > > > A few weeks ago, I added a new thing to the network - a raspberry > pi > > (I got > > > as a gift about 2013 and installed a linux image from 2019 on it) > > that is > > > connected to the home alarm system. > > > > > > Since I was annoyed that my browser was constantly giving me self- > > signed > > > certificate warnings, I decided to make a certificate for the nginx > > running > > > on this appliance. > > > > > > I created a key, made a csr, and then signed it with: > > > openssl ca -startdate 2019010200Z -in pi.csr -out pi.pem - > config > > > /etc/ssl/openssl.cnf > > > > As a workaround, try using '-startdate 19010200Z' instead. I > think > > this is fallout from this commit: > > > > > https://github.com/openbsd/src/commit/3feee4c53fbd67a4a480080d8ef5ae835 > > d3fbf82 > > > > ASN1_TIME_set_string_X509() is documented as > > > > In LibreSSL, ASN1_TIME_set_string() and > > ASN1_TIME_set_string_X509() > > behave identically and always set the time object to a valid > value > > to use > > in an X.509 certificate. > > > > It seems to me that this is just wrong (it is true that both behave > > identically because RFC5280 is defined to 0), but they do not set the > > time object to "a valid value to use in an X.509 certificate". > > > > Confusingly, ASN1_TIME_adj_internal() actually honours its RFC5280 > > parameter by behaving the expected way whereas its meaning in > > ASN1_TIME_set_string_internal() is different. > > > > I am unsure if the bug is in my commit above or in our version of > > ASN1_TIME_set_string_X509() (or both). > > > > > > > > This all works fine, and a certificate is created > > > > > > When I check with: > > > openssl x509 -text -noout -in pi.pem > > > > > > everything seems as expected, including the not before/after dates: > > > > > > Validity > > > Not Before: Jan 2 00:00:00 2019 GMT > > > Not After : Apr 7 15:39:59 2054 GMT > > > > > > (yes, it is valid for 35 years - as I said before, if someone > breaks > > into my > > > house to secretly do things, I have way bigger problems) > > > > > > But, if I try to verify this on the openbsd system, I get: > > > > > > # openssl verify pi.pem > > > C = US, ST = Illinois, L = ***, O = ***, OU = ***, CN = *** > > > error 20 at 0 depth lookup:unable to get local issuer certificate > > > pi.pem: verification failed: 20 (unable to get local issuer > > certificate) > > > --- > > > > > > But, if I install this on the raspberry pi, which has a much older > > version > > > of openssl on it: > > > $ openssl version > > > OpenSSL 1.1.1c 28 May 2019 > > > > > > The certificate verifies without an issue: > > > $ openssl verify pi.pem > > > pi.pem: OK > > > > > > The last time I created a certificate was in January of this year > > > (1/22/2024). > > > I am thinking the openbsd system was using Libressl 3.8.2 at that > > point. > > > > > > I created that certificate in the exact same way, backdating the > > start date: > > > openssl ca -startdate 2019010200Z -in 54.csr -out 54.pem - > config > > > /etc/ssl/openssl.cnf > > > > > > This previously created c
Re: OpenBSD 7.5 bsd.upgrade hangs after sysupgrade
Дана 24/04/08 06:56PM, Nick Holland написа: > My 100% guess is that you have a machine that's very dependent upon > ACPI, and the install kernel's ACPI support is very minimal, or > has a funny UEFI system. Or a funny BIOS. Some machines work better > as UEFI, some work better running BIOS. A firmware upgrade may > change that (which could suck). > > There are other ways, though... > > First, I would verify that the 7.5 kernel boots -- copy it to /bsd75, > for example, then "boot bsd75 -s" (the -s is so it doesn't try to go > multi-user with a mixed new kernel/old userland/packages). If that > seems happy, just do a "remote upgrade", using the "Manual Upgrade > (without the install kernel)" process in > https://www.openbsd.org/faq/upgrade75.html. Hi Nick, just to report that I managed to upgrade to 7.5, although the process was definitely not straightforward. The laptop in question is dual-booted (using rEFInd) with Windows 10, which supports the built-in Qualcomm Atheros QCA6174 WiFi card, not supported by OpenBSD. In order for OpenBSD 7.4 to have network access, I had to use Realtek 802.11n USB WiFi adapter. I recalled what happened when I rebooted into Windows while leaving the USB WiFi adapter in the USB slot: the similar thing as in bsd.upgrade or the installation kernel - keyboard and mouse were completely unresponsive, and I had to power off by holding the power button. Someone more knowledgeable in the internals of OpenBSD and relevant hardware can probably offer a better explanation; I can only theorize that this doesn't happen in installed OpenBSD because the Atheros card is switched off in some way or at least rendered inactive, so it doesn't interfere with the USB WiFi adapter. OpenBSD kernel from the install media seems to behave more similar to Windows 10 in this regard - the device(s) report errors, and the system hangs. So, my successful idea was to: 1. dd install75.img to a USB flash disk from the working 7.4. 2. doas ifconfig urtwn0 down, then physically unplug the USB WiFi adapter and the USB flash with install75.img from OpenBSD 7.5. 3. **This is a necessary step (tested)!** Reboot into Windows 10, then insert the USB flash installation medium and reboot again from Windows 10. Theory: it is likely that Windows 10 drivers somehow interact with/reset the built-in Atheros card, enabling the boot loader from the installation medium to boot, and not hang. 4. Boot from the installation medium. The familiar "(I)nstall, (U)pgrade..." prompt appears. However, what's really weird is that the installer seems to be stuck in some kind of infinite loop trying to write to / (which is the installation filesystem, so it fails -- some kind of autoinstall script?), writing that error message and **then writing the prompt again.** Typing half-blindly "u" etc, I managed to upgrade to OpenBSD 7.5 (the infinite loop stopped once the installer started unpacking sets. * * * EPILOGUE: if there was ever a fund or a crowdfunding made specifically to create Qualcomm Atheros WiFi drivers for OpenBSD, I would gladly donate to it.
Re: Ping blocked by firewall
I managed to get ping through. The error was the "log" words in the lines. But this is just the beginning. Now I have another problem with traceroute, as well as with all the normal internet traffic that has to go through it. In the traceroute rules I replaced "$ext_if" with "egress", but that makes very little difference. Creating a table for the martians doesn't work either. I have restored the old situation, so that it does not cause an error message.
Re: Ping blocked by firewall
I can assure you that I did not use capital letters in the macro names,
and used the '<' and '>'.
Op 09-04-2024 om 11:58 schreef Peter N. M. Hansteen:
On Tue, Apr 09, 2024 at 10:52:45AM +0200, Karel Lucas wrote:
I defined the table as stated in your book (3rd edition, page 42). However,
that gives an error message. In the lines with that table: macro 'martians'
not defined. Moreover, I now also have a Syntax error in lines 38, 39 and
46, causing the pf lines not to be loaded.
macro names are case sensitive, to wit
peter@kapet:~$ cat martians
Martians = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, \
10.0.0.0/8, 169.254, 0.0/16, 192.0.2.0/24, \
0.0.0.0/8, 240.0.0.0/4 }"
block from $martians
peter@skapet:~$ doas pfctl -vnf martians
Martians = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8,
169.254, 0.0/16, 192.0.2.0/24, 0.0.0.0/8, 240.0.0.0/4 }"
martians:5: macro 'martians' not defined
martians:5: syntax error
for conversion to tables, keep in mind that references need the
surrounding '<' and '>'.
Upgrade 7.5 /usr full
Dear all. I just did my unattended upgrade to 7.5. I previously checked the available disk space in /usr, as suggested by the upgrade guide. My /usr size is 2 GB, as created by the installer. As this is above 1.1 GB I started the unattended upgrade using sysupgrade. The upgrade failed during the extraction of the sets, but managed to boot into 7.5. Now /usr ist at 105% capacity due to df. I assume, this is not supposed to happen? Is this a issue specific to my setup? Or should /usr simply have more space? Looking forward for some help. Cheers Ben
Re: Upgrade 7.5 /usr full
Check if you have /usr/ports or /usr/src. Le 9 avril 2024 15:16:17 GMT+02:00, Ben Jahmine a écrit : >Dear all. > >I just did my unattended upgrade to 7.5. I previously checked the >available disk space in /usr, as suggested by the upgrade guide. My /usr >size is 2 GB, as created by the installer. As this is above 1.1 GB I >started the unattended upgrade using sysupgrade. > >The upgrade failed during the extraction of the sets, but managed to >boot into 7.5. Now /usr ist at 105% capacity due to df. > >I assume, this is not supposed to happen? Is this a issue specific to my >setup? Or should /usr simply have more space? > >Looking forward for some help. > >Cheers > >Ben >
Re: 7.5 /var/log/messages - vfprintf %s NULL in "%.*s"
On Sat, Apr 06, 2024 at 02:42:25PM +0200, Eivind Eide wrote:
> After upgrading to 7.5 amd64 -stable (and all ports updated) I get
> these messages in /var/log/messages. This is with bash from ports
> inside tmux over SSH:
>
> tmux: vfprintf %s NULL in "%.*s"
> bash: vfprintf %s NULL in "%.*s"
> multitail: vfprintf %s NULL in "%.*s"
> vim: vfprintf %s NULL in "%.*s"
FYI, I grepped my messages and saw something similar:
mjoelnir:~ 9.04 14:10:46 % grep printf /var/log/messages
Apr 4 18:22:26 mjoelnir tumblerd: vfprintf %s NULL in "Unable to find part
with type='%s' for '%s'"
Apr 4 18:22:26 mjoelnir tumblerd: vfprintf %s NULL in "Unable to find part
with type='%s' for '%s'"
Apr 8 13:57:02 mjoelnir wrapper-2.0: vfprintf %s NULL in "day=%s, sun={%s, %s,
%s, %s}, moon={%s, %s, %s, %s, %s} "
Apr 8 13:57:02 mjoelnir wrapper-2.0: vfprintf %s NULL in "day=%s, sun={%s, %s,
%s, %s}, moon={%s, %s, %s, %s, %s} "
Apr 9 13:57:06 mjoelnir wrapper-2.0: vfprintf %s NULL in "day=%s, sun={%s, %s,
%s, %s}, moon={%s, %s, %s, %s, %s} "
Apr 9 13:57:06 mjoelnir wrapper-2.0: vfprintf %s NULL in "day=%s, sun={%s, %s,
%s, %s}, moon={%s, %s, %s, %s, %s} "
The "wrapper-2.0" program is, I think, part of XFCE, I see that name in
the desktop panel configuraion. Tumbler is something to do with D-Bus and
is also a required package by/for XFCE.
Cheers,
Robb.
mjoelnir:~ 9.04 14:11:01 % uname -a
OpenBSD mjoelnir.fritz.box 7.5 GENERIC.MP#18 amd64
mjoelnir:~ 9.04 14:10:54 % echo $TERM
rxvt-unicode-256color
mjoelnir:~ 9.04 14:10:50 % locale
LANG=
LC_COLLATE=C
LC_CTYPE=en_US.UTF-8
LC_MONETARY="C"
LC_NUMERIC="C"
LC_TIME="C"
LC_MESSAGES="C"
LC_ALL=
mjoelnir:~ 9.04 14:11:04 % egrep -v '^(#|$)' .xsession
NO_AT_BRIDGE=1 ; export NO_AT_BRIDGE
LC_CTYPE="en_US.UTF-8"; export LC_CTYPE
LC_COLLATE=C; export LC_COLLATE
xrandr --dpi 109
xset +fp /usr/local/share/fonts/Hack
xset +fp /usr/local/share/fonts/terminus
xset +fp /usr/local/share/fonts/victor-mono
/usr/local/bin/startxfce4
Re: Ping blocked by firewall
On Tue, Apr 09, 2024 at 10:52:45AM +0200, Karel Lucas wrote: > I defined the table as stated in your book (3rd edition, page 42). However, > that gives an error message. In the lines with that table: macro 'martians' > not defined. Moreover, I now also have a Syntax error in lines 38, 39 and > 46, causing the pf lines not to be loaded. The martians example only appears on page 91, and if you had read that book or other PF references, you would have known full well that the syntax for defining and referencing macros differs from how you define and reference tables. Please actually read the advice offered by contributors to this thread. -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Ping blocked by firewall
On Apr 09 08:39, Karel Lucas wrote: > For the first time I tested my new firewall with ping, and it is blocked. I > don't know what the reason is, you can find the information below. I have a > network with only regular clients, so no servers. I'm still using OpenBSD > V7.4, and will upgrade once the firewall is up and running so I can test the > upgrade process. I upgraded from OpenBSD 7.4 to OpenBSD 7.5 with zero issues using this example https://www.openbsd.org/faq/pf/example1.html Have you considered using that as a baseline?
Re: Ping blocked by firewall
The example I'm referring to is how to define a table (page 42), and I applied that to the martians example (page 91). Op 09-04-2024 om 16:06 schreef Peter N. M. Hansteen: On Tue, Apr 09, 2024 at 10:52:45AM +0200, Karel Lucas wrote: I defined the table as stated in your book (3rd edition, page 42). However, that gives an error message. In the lines with that table: macro 'martians' not defined. Moreover, I now also have a Syntax error in lines 38, 39 and 46, causing the pf lines not to be loaded. The martians example only appears on page 91, and if you had read that book or other PF references, you would have known full well that the syntax for defining and referencing macros differs from how you define and reference tables. Please actually read the advice offered by contributors to this thread.
Re: 7.5 /var/log/messages - vfprintf %s NULL in "%.*s"
On 2024-04-09, Eivind Eide wrote: >>The log message no longer appears after running >> >>cp /usr/share/terminfo/x/xterm-256color ~/.terminfo/x/ > > Indeed! After > mkdir -p ~/.terminfo/t/ > cp /usr/share/terminfo/t/tmux-256color ~/.terminfo/t/ > (and the same for other termcaps used) > those messages are gone from /var/log/messages. That shouldn't be necessary. Given 'if I do "env -i TERM=tmux-256color mutt" mutt opens WITHOUT triggering the message', that implies that one of the other variables set would be triggering it, can you either figure out which one or show the list so someone else can try to replicate it please? -- Please keep replies on the mailing list.
Re: Ping blocked by firewall
In /etc/pf.conf: table persist file "/etc/martians" In /etc/martians: 127.0.0.0/8 192.168.0.0/16 172.16.0.0/12 10.0.0.0/8 169.254.0.0/16 192.0.2.0/24 0.0.0.0/8 240.0.0.0/4 Op 09-04-2024 om 16:06 schreef Peter N. M. Hansteen: On Tue, Apr 09, 2024 at 10:52:45AM +0200, Karel Lucas wrote: I defined the table as stated in your book (3rd edition, page 42). However, that gives an error message. In the lines with that table: macro 'martians' not defined. Moreover, I now also have a Syntax error in lines 38, 39 and 46, causing the pf lines not to be loaded. The martians example only appears on page 91, and if you had read that book or other PF references, you would have known full well that the syntax for defining and referencing macros differs from how you define and reference tables. Please actually read the advice offered by contributors to this thread.
Re: Ping blocked by firewall
The errors were caused by the word 'log' in lines where it apparently did not belong. Those errors have now been resolved. In Peter Hansteen's book, the rules are clearly stated on page 91, and there is no 'match' in them. Op 09-04-2024 om 17:12 schreef l...@trungnguyen.me: Still dont know whats happening because we dont know what those line errors mean. When you changed the macros to tables, did you also update the rules to to match? On April 9, 2024 9:32:06 AM UTC, Karel Lucas wrote: I moved the lines with the martians between the 'block log all' line and the ping lines. Furthermore, I changed the macro 'martians' to a table: table persist file "etc/martians". Messages during booting: /etc/pf.conf:29: syntax error /etc/pf.conf:29: macro 'martians' not defined /etc/pf.conf:30: macro 'martians' not defined /etc/pf.conf:38: syntax error /etc/pf.conf:39: syntax error /etc/pf.conf:46: syntax error Op 09-04-2024 om 11:13 schreef Otto Moerbeek: On Tue, Apr 09, 2024 at 10:52:45AM +0200, Karel Lucas wrote: I defined the table as stated in your book (3rd edition, page 42). However, that gives an error message. In the lines with that table: macro 'martians' not defined. Moreover, I now also have a Syntax error in lines 38, 39 and 46, causing the pf lines not to be loaded. How abot showing what you did, showing the actual error messages so people here can actually help you? Just saying "it does not work" does not get you anywhere. -Otto Op 09-04-2024 om 08:53 schreef Peter N. M. Hansteen: On Tue, Apr 09, 2024 at 08:39:08AM +0200, Karel Lucas wrote: Hi all, For the first time I tested my new firewall with ping, and it is blocked. I don't know what the reason is, you can find the information below. I have a network with only regular clients, so no servers. I'm still using OpenBSD V7.4, and will upgrade once the firewall is up and running so I can test the upgrade process. Upgrading to 7.5 will not affect this particular problem I think. Still low on caffeine I spot two likely factors - your $localnet range overlaps with one of the ranges in $martians (which I anyway would recommend converting into a table), and your block referencing $martians comes after the pass rules that would have let icmp through. With no previous matching quick, last match applies. - Peter
Re: Upgrade 7.5 /usr full
On 2024-04-09, Ben Jahmine wrote: > Dear all. > > I just did my unattended upgrade to 7.5. I previously checked the > available disk space in /usr, as suggested by the upgrade guide. My /usr > size is 2 GB, as created by the installer. As this is above 1.1 GB I > started the unattended upgrade using sysupgrade. > > The upgrade failed during the extraction of the sets, but managed to > boot into 7.5. Now /usr ist at 105% capacity due to df. > > I assume, this is not supposed to happen? Is this a issue specific to my > setup? Or should /usr simply have more space? Nothing in sysupgrade or the installer checks to make sure that enough space is available and it can fail quite nastily if you run out of space. > Looking forward for some help. That size estimate in the upgrade guide hasn't been updated since OpenBSD 6.6 and is rather optimistic. After extracting a new install (assuming that you have a drive large enough that auto defaults created separate /usr and /usr/X11R6 partitions) you'll have ~1GB of files, so an upgrade from an older version with a drive with 1.1GB total is very likely to fail. 2GB for /usr is a bit tight anyway really - newer versions of the installer auto defaults have taken the other extreme and made it a bit larger than I'd usually want - though as of 7.5 it should be enough as long as old files are cleared out. Some options: - backup, reinstall with adjusted partition sizes, and restore - if there's an empty or unwanted partition immediately after /usr on disk (check disklabel) you could backup, boot an install kernel, drop to the shell, remove the extra partition, adjust size of /usr to take on the extra space, and growfs (hopefully you won't need to restore, but it is best to take precautions) - you could remove old unneeded files from /usr; the sysclean package can help identify these - in particular you're likely to find some old libraries in /usr/lib that are no longer needed and they'll likely be taking up a reasonable amount of space - sysclean will only list libraries if no package depends on them. options include rm or moving them to another filesystem. if you've gone through a few updates, the list will probably be quite long - you'll probably want to redirect to a file and view in an editor. -- Please keep replies on the mailing list.
Re: Ping blocked by firewall
Still dont know whats happening because we dont know what those line errors mean. When you changed the macros to tables, did you also update the rules to to match? On April 9, 2024 9:32:06 AM UTC, Karel Lucas wrote: >I moved the lines with the martians between the 'block log all' line and the >ping lines. Furthermore, I changed the macro 'martians' to a table: table > persist file "etc/martians". > >Messages during booting: >/etc/pf.conf:29: syntax error >/etc/pf.conf:29: macro 'martians' not defined >/etc/pf.conf:30: macro 'martians' not defined >/etc/pf.conf:38: syntax error >/etc/pf.conf:39: syntax error >/etc/pf.conf:46: syntax error > >Op 09-04-2024 om 11:13 schreef Otto Moerbeek: >> On Tue, Apr 09, 2024 at 10:52:45AM +0200, Karel Lucas wrote: >> >>> I defined the table as stated in your book (3rd edition, page 42). However, >>> that gives an error message. In the lines with that table: macro 'martians' >>> not defined. Moreover, I now also have a Syntax error in lines 38, 39 and >>> 46, causing the pf lines not to be loaded. >> How abot showing what you did, showing the actual error messages so >> people here can actually help you? Just saying "it does not work" does >> not get you anywhere. >> >> -Otto >>> Op 09-04-2024 om 08:53 schreef Peter N. M. Hansteen: On Tue, Apr 09, 2024 at 08:39:08AM +0200, Karel Lucas wrote: > Hi all, > > For the first time I tested my new firewall with ping, and it is blocked. > I > don't know what the reason is, you can find the information below. I have > a > network with only regular clients, so no servers. I'm still using OpenBSD > V7.4, and will upgrade once the firewall is up and running so I can test > the > upgrade process. Upgrading to 7.5 will not affect this particular problem I think. Still low on caffeine I spot two likely factors - your $localnet range overlaps with one of the ranges in $martians (which I anyway would recommend converting into a table), and your block referencing $martians comes after the pass rules that would have let icmp through. With no previous matching quick, last match applies. - Peter >
Re: Upgrade 7.5 /usr full
If you are by usb sticks you can find maybe useful one of old thread: https://marc.info/?l=openbsd-misc&m=169896854913334&w=2 Please remember to update /etc/fstab accordingly to the new layout of the final system before to reboot. -Dan Apr 9, 2024 18:37:39 Stuart Henderson : > Some options: > > - backup, reinstall with adjusted partition sizes, and restore
Re: Wireless network with bfwm sometimes works and sometimes doesn't
Thank you so much for the hint, now I understand what the debug option does. I have actually tried it, but, because `man ifconfig` says "this turns on extra console error logging", I incorrectly assumed that it would output to stdout or stderr, not to the system message buffer. Then, calling ifconfig from xterm, I couldn't see any debug output and wondered why the option does nothing. Anyway, here is the result of `dmesg | grep bwfm0`. Vodafone-7D3A_5G is the one I try to connect to, Vodafone-7D3A is same router but different frequency, as for the others, I assume that they belong to my neighbours: bwfm0 at sdmmc0 function 1 bwfm0: address e4:5f:01:4d:c2:2c bwfm0: begin active scan bwfm0: INIT -> SCAN bwfm0: end active scan bwfm0: best AP f0:af:85:9a:e4:23 "Vodafone-7D3A_5G" score 77 bwfm0: switching to network "Vodafone-7D3A_5G" bwfm0: - 4c:09:d4:8b:a1:9d 11 +179 54M ess privacy rsn "WLAN-721313"! bwfm0: - d4:e2:cb:14:d6:a0 11 +180 54M ess privacy rsn "Vodafone-D69C"! bwfm0: - d8:07:b6:ab:34:f24 +182 54M ess privacy rsn "TP-LINK_34F2"! bwfm0: - f0:af:85:9a:e4:226 +195 54M ess privacy rsn "Vodafone-7D3A"! bwfm0: + f0:af:85:9a:e4:23 112 +191 54M ess privacy rsn "Vodafone-7D3A_5G" bwfm0: - f2:af:85:9a:e4:126 +197 54M ess no! rsn! "Vodafone Hotspot"! bwfm0: - f2:af:85:9a:e4:326 +195 54M ess no! rsn! "Vodafone Homespot"! bwfm0: SCAN -> AUTH bwfm0: begin active scan bwfm0: AUTH -> SCAN bwfm0: end active scan bwfm0: + f0:af:85:9a:e4:23 112 +190 54M ess privacy rsn "Vodafone-7D3A_5G" bwfm0: SCAN -> AUTH bwfm0: begin active scan bwfm0: AUTH -> SCAN bwfm0: end active scan bwfm0: + f0:af:85:9a:e4:23 112 +189 54M ess privacy rsn "Vodafone-7D3A_5G" bwfm0: SCAN -> AUTH bwfm0: begin active scan bwfm0: AUTH -> SCAN bwfm0: end active scan bwfm0: + f0:af:85:9a:e4:23 112 +192 54M ess privacy rsn "Vodafone-7D3A_5G" bwfm0: SCAN -> AUTH bwfm0: begin active scan bwfm0: AUTH -> SCAN bwfm0: end active scan bwfm0: + f0:af:85:9a:e4:23 112 +193 54M ess privacy rsn "Vodafone-7D3A_5G" bwfm0: SCAN -> AUTH bwfm0: AUTH -> ASSOC bwfm0: begin active scan bwfm0: ASSOC -> SCAN bwfm0: end active scan bwfm0: SCAN -> SCAN bwfm0: end active scan bwfm0: + f0:af:85:9a:e4:23 112 +192 54M ess privacy rsn "Vodafone-7D3A_5G" bwfm0: SCAN -> AUTH bwfm0: begin active scan bwfm0: AUTH -> SCAN bwfm0: end active scan bwfm0: + f0:af:85:9a:e4:23 112 +191 54M ess privacy rsn "Vodafone-7D3A_5G" bwfm0: SCAN -> AUTH bwfm0: begin active scan bwfm0: AUTH -> SCAN bwfm0: end active scan bwfm0: + f0:af:85:9a:e4:23 112 +190 54M ess privacy rsn "Vodafone-7D3A_5G" bwfm0: SCAN -> AUTH bwfm0: begin active scan bwfm0: AUTH -> SCAN bwfm0: end active scan bwfm0: + f0:af:85:9a:e4:23 112 +191 54M ess privacy rsn "Vodafone-7D3A_5G" bwfm0: SCAN -> AUTH bwfm0: begin active scan bwfm0: AUTH -> SCAN bwfm0: end active scan bwfm0: + f0:af:85:9a:e4:23 112 +191 54M ess privacy rsn "Vodafone-7D3A_5G" bwfm0: SCAN -> AUTH bwfm0: begin active scan bwfm0: AUTH -> SCAN bwfm0: end active scan bwfm0: + f0:af:85:9a:e4:23 112 +190 54M ess privacy rsn "Vodafone-7D3A_5G" bwfm0: SCAN -> AUTH bwfm0: begin active scan bwfm0: AUTH -> SCAN bwfm0: end active scan bwfm0: + f0:af:85:9a:e4:23 112 +191 54M ess privacy rsn "Vodafone-7D3A_5G" bwfm0: SCAN -> AUTH bwfm0: begin active scan bwfm0: AUTH -> SCAN bwfm0: end active scan bwfm0: + f0:af:85:9a:e4:23 112 +190 54M ess privacy rsn "Vodafone-7D3A_5G" bwfm0: SCAN -> AUTH bwfm0: begin active scan bwfm0: AUTH -> SCAN bwfm0: end active scan bwfm0: + f0:af:85:9a:e4:23 112 +191 54M ess privacy rsn "Vodafone-7D3A_5G" bwfm0: SCAN -> AUTH bwfm0: begin active scan bwfm0: AUTH -> SCAN bwfm0: end active scan bwfm0: + f0:af:85:9a:e4:23 112 +191 54M ess privacy rsn "Vodafone-7D3A_5G" bwfm0: SCAN -> AUTH bwfm0: begin active scan bwfm0: AUTH -> SCAN bwfm0: end active scan bwfm0: + f0:af:85:9a:e4:23 112 +191 54M ess privacy rsn "Vodafone-7D3A_5G" bwfm0: SCAN -> AUTH bwfm0: begin active scan bwfm0: AUTH -> SCAN bwfm0: end active scan bwfm0: + f0:af:85:9a:e4:23 112 +191 54M ess privacy rsn "Vodafone-7D3A_5G" bwfm0: SCAN -> AUTH bwfm0: begin active scan bwfm0: AUTH -> SCAN bwfm0: end active scan bwfm0: + f0:af:85:9a:e4:23 112 +191 54M ess privacy rsn "Vodafone-7D3A_5G" bwfm0: SCAN -> AUTH bwfm0: begin active scan bwfm0: AUTH -> SCAN bwfm0: end active scan bwfm0: + f0:af:85:9a:e4:23 112 +191 54M ess privacy rsn "Vodafone-7D3A_5G" bwfm0: SCAN -> AUTH bwfm0: begin active scan bwfm0: AUTH -> SCAN bwfm0: end active scan bwfm0: + f0:af:85:9a:e4:23 112 +191 54M ess privacy rsn "Vodafone-7D3A_5G" bwfm0: SCAN -> AUTH bwfm0: begin active scan bwfm0: AUTH -> SCAN bwfm0: end active scan bwfm0: + f0:af:85:9a:e4:23 112 +191 54M ess privacy rsn "Vodafone-7D3A_5G" bwfm0: SCAN -> AUTH bwfm0: begin active scan bwfm0: AUTH -> SCAN
Re: Wireless network with bfwm sometimes works and sometimes doesn't
On Tue, Apr 09, 2024 at 07:15:55PM +0200, Stanislav Syekirin wrote: > Thank you so much for the hint, now I understand what the debug option does. > I have actually tried it, but, because `man ifconfig` says "this turns on > extra console error logging", I incorrectly assumed that it would output to > stdout or stderr, not to the system message buffer. Then, calling ifconfig > from xterm, I couldn't see any debug output and wondered why the option does > nothing. > > Anyway, here is the result of `dmesg | grep bwfm0`. Vodafone-7D3A_5G is the > one I try to connect to, Vodafone-7D3A is same router but different > frequency The AP on channel 112 is not responding to the initial AUTH frame. Given that other devices work fine the AP probably does not receive the frame, but it is unclear why. Does bwfm manage to connect to the 7D3A AP on channel 6?
Re: Wireless network with bfwm sometimes works and sometimes doesn't
Yes, it does. I'm not sure whether it's always the case, but this time it works. Dmesg output: bwfm0: SCAN -> AUTH bwfm0: AUTH -> ASSOC bwfm0: ASSOC -> RUN bwfm0: associated with f0:af:85:9a:e4:22 ssid "Vodafone-7D3A" channel 6 start 6Mb long preamble long slot time bwfm0: missed beacon threshold set to 30 beacons, beacon interval is 100 TU bwfm0: received msg 1/4 of the 4-way handshake from f0:af:85:9a:e4:22 bwfm0: sending msg 2/4 of the 4-way handshake to f0:af:85:9a:e4:22 bwfm0: received msg 3/4 of the 4-way handshake from f0:af:85:9a:e4:22 bwfm0: sending msg 4/4 of the 4-way handshake to f0:af:85:9a:e4:22 Regards Stanislav Syekirin On Di, 9 Apr 2024 19:47:36 +0200 Stefan Sperling wrote: On Tue, Apr 09, 2024 at 07:15:55PM +0200, Stanislav Syekirin wrote: Thank you so much for the hint, now I understand what the debug option does. I have actually tried it, but, because `man ifconfig` says "this turns on extra console error logging", I incorrectly assumed that it would output to stdout or stderr, not to the system message buffer. Then, calling ifconfig from xterm, I couldn't see any debug output and wondered why the option does nothing. Anyway, here is the result of `dmesg | grep bwfm0`. Vodafone-7D3A_5G is the one I try to connect to, Vodafone-7D3A is same router but different frequency The AP on channel 112 is not responding to the initial AUTH frame. Given that other devices work fine the AP probably does not receive the frame, but it is unclear why. Does bwfm manage to connect to the 7D3A AP on channel 6?
Re: Wireless network with bfwm sometimes works and sometimes doesn't
On Tue, Apr 09, 2024 at 08:31:50PM +0200, Stanislav Syekirin wrote: > Yes, it does. I'm not sure whether it's always the case, but this time it > works. Dmesg output: > > bwfm0: SCAN -> AUTH > bwfm0: AUTH -> ASSOC > bwfm0: ASSOC -> RUN > bwfm0: associated with f0:af:85:9a:e4:22 ssid "Vodafone-7D3A" channel 6 > start 6Mb long preamble long slot time > bwfm0: missed beacon threshold set to 30 beacons, beacon interval is 100 TU > bwfm0: received msg 1/4 of the 4-way handshake from f0:af:85:9a:e4:22 > bwfm0: sending msg 2/4 of the 4-way handshake to f0:af:85:9a:e4:22 > bwfm0: received msg 3/4 of the 4-way handshake from f0:af:85:9a:e4:22 > bwfm0: sending msg 4/4 of the 4-way handshake to f0:af:85:9a:e4:22 That looks fine. No idea why 5 Ghz doesn't work. It's difficult to diagnose issues on this device without additoional hardware because the firmware doesn't expose details about management frames to the driver. Do you have any of iwn/iwm/iwx or another device which could capture raw 802.11 frames of failed association attempts in monitor mode?
Re: Minimum viable HW for OpenBSD
Nice :) but rather thanks to j...@carnat.net Peter J. Philipp ezt írta (időpont: 2024. ápr. 8., Hét 19:05): > Hi, > > I lost the thread in my mutt, so I'm hoping marc.info will adjust it in > there, > the thread is here: > https://marc.info/?l=openbsd-misc&m=171059471410619&w=2 > > Thank you Gabor Nagy! Here is my RPI zero 2W(H) with working wifi in > hostap > mode, and hopefully working GPIO's I'm going to be studying those closer in > the future when I have some time. > > https://mainrechner.de/P4080036.JPG <-- on my tarot table > > Best Regards, > -pjp > > -- > my associated domains: callpeter.tel|centroid.eu|dtschland.eu| > mainrechner.de > >
newfs fast, but newfs_msdos and newfs_ext2fs very slow
Hi, I'm trying to figure out the best way to format a USB stick as FAT32. This is what I've tried: $ time doas newfs_msdos /dev/rsd1c /dev/rsd1c: 60007944 sectors in 7500993 FAT32 clusters (4096 bytes/cluster) bps=512 spc=8 res=32 nft=2 mid=0xf0 spt=63 hds=255 hid=0 bsec=60125184 bspf=58602 rdcl=2 infs=1 bkbs=2 20m08.34s real 0m00.35s user 0m12.81s system As you can see, it takes many minutes, and the elapsed time is much larger than the CPU time. Looking at top while the command runs shows that newfs_msdos has PRI -5, its CPU usage fluctuates around 0.5%, STATE is mostly "sleep" with WAIT being "physio". The same happens if I call newfs_ext2fs -I. For comparison, `newfs /dev/rsd1c` is almost instantaneous: 0m00.88s real 0m00.06s user 0m00.16s system. It doesn't work if the disk is already formatted as FAT32, though: I have to call `fdisk -e sd1`, and reinit, otherwise I get a "can't rewrite disk label" error; I'm not sure why newfs cares and newfs_msdos doesn't, maybe I'm doing it wrong somehow. How can I speed the creation of a FAT32 or Ext2 file system up? Best regards Stanislav Syekirin
ncurses in 7.5
Hello, https://www.openbsd.org/plus75.html says: Updated ncurses and associated libraries (form, panel, menu) to 6.4-20230826. but https://www.openbsd.org/75.html says: Ncurses 5.7 Is this an oversight or am I overlooking something?
Re: Wireless network with bfwm sometimes works and sometimes doesn't
Stefan Sperling wrote: Do you have any of iwn/iwm/iwx or another device which could capture raw 802.11 frames of failed association attempts in monitor mode? I have a neglected device with Intel Wireless 3160, which is listed on the iwm man page. Assuming OpenBSD will run on that device, what do I have to do? Regards Stanislav Syekirin
Re: RAID5 softraid inside VMM unable to read disklabel
Please ignore, sibiria on IRC clarified to me that boot support is limited to only RAID1, crypto, and RAID1c disciplines. -- jrmu IRCNow (https://ircnow.org) On Tue, Apr 09, 2024 at 03:50:19PM -0700, jrmu wrote: > I am practicing setting up RAID5 inside a virtual machine running > OpenBSD 7.5 in VMM on OpenBSD 7.4. > > I created 3 disks sd0, sd1, sd2, and sd3, and 4 disk devices (the fourth to > represent the RAID array itself): > > Welcome to the OpenBSD/amd64 7.5 installation program. > (I)nstall, (U)pgrade, (A)utoinstall or (S)hell? s > # cd /dev/ > # sh MAKEDEV sd0 sd1 sd2 sd3 > # fdisk -iy sd0 > Writing MBR at offset 0. > # fdisk -iy sd1 > Writing MBR at offset 0. > # fdisk -iy sd2 > Writing MBR at offset 0. > # disklabel -E sd0 > Label editor (enter '?' for help at any prompt) > sd0> a a > offset: [64] > size: [41942976] * > FS type: [4.2BSD] RAID > sd0*> w > sd0> q > No label changes. > # disklabel sd0 > layout > # disklabel -R sd1 layout > # disklabel -R sd2 layout > # rm layout > # bioctl -c 5 -l sd0a,sd1a,sd2a softraid0 > sd3 at scsibus4 targ 1 lun 0: > sd3: 40959MB, 512 bytes/sector, 83884800 sectors > softraid0: RAID 5 volume attached as sd3 > # dd if=/dev/zero of=/dev/rsd3c bs=1m count=1 > 1+0 records in > 1+0 records out > 1048576 bytes transferred in 0.028 secs (37044791 bytes/sec) > > And I verified the RAID5 array is online: > > # bioctl sd3 > Volume Status Size Device > softraid0 0 Online42949017600 sd3 RAID5 > 0 Online21474533376 0:0.0 noencl > 1 Online21474533376 0:1.0 noencl > 2 Online21474533376 0:2.0 noencl > > The rest of the OpenBSD installation proceeds as usual using sd3 as the > installation disk, but upon reboot, I run into this error: > > >> OpenBSD/amd64 BOOT 3.65 > open(sr0a:/etc/boot.conf): can't read disk label > boot> > cannot open sr0a:/etc/random.seed: can't read disk label > booting sr0a:/bsd: open sr0a:/bsd: can't read disk label > failed(100). will try /bsd > > RAID1 worked fine, it's just RAID5 throwing this error at me. > > -- > jrmu > IRCNow (https://ircnow.org)
RAID5 softraid inside VMM unable to read disklabel
I am practicing setting up RAID5 inside a virtual machine running OpenBSD 7.5 in VMM on OpenBSD 7.4. I created 3 disks sd0, sd1, sd2, and sd3, and 4 disk devices (the fourth to represent the RAID array itself): Welcome to the OpenBSD/amd64 7.5 installation program. (I)nstall, (U)pgrade, (A)utoinstall or (S)hell? s # cd /dev/ # sh MAKEDEV sd0 sd1 sd2 sd3 # fdisk -iy sd0 Writing MBR at offset 0. # fdisk -iy sd1 Writing MBR at offset 0. # fdisk -iy sd2 Writing MBR at offset 0. # disklabel -E sd0 Label editor (enter '?' for help at any prompt) sd0> a a offset: [64] size: [41942976] * FS type: [4.2BSD] RAID sd0*> w sd0> q No label changes. # disklabel sd0 > layout # disklabel -R sd1 layout # disklabel -R sd2 layout # rm layout # bioctl -c 5 -l sd0a,sd1a,sd2a softraid0 sd3 at scsibus4 targ 1 lun 0: sd3: 40959MB, 512 bytes/sector, 83884800 sectors softraid0: RAID 5 volume attached as sd3 # dd if=/dev/zero of=/dev/rsd3c bs=1m count=1 1+0 records in 1+0 records out 1048576 bytes transferred in 0.028 secs (37044791 bytes/sec) And I verified the RAID5 array is online: # bioctl sd3 Volume Status Size Device softraid0 0 Online42949017600 sd3 RAID5 0 Online21474533376 0:0.0 noencl 1 Online21474533376 0:1.0 noencl 2 Online21474533376 0:2.0 noencl The rest of the OpenBSD installation proceeds as usual using sd3 as the installation disk, but upon reboot, I run into this error: >> OpenBSD/amd64 BOOT 3.65 open(sr0a:/etc/boot.conf): can't read disk label boot> cannot open sr0a:/etc/random.seed: can't read disk label booting sr0a:/bsd: open sr0a:/bsd: can't read disk label failed(100). will try /bsd RAID1 worked fine, it's just RAID5 throwing this error at me. -- jrmu IRCNow (https://ircnow.org)
Re: 7.5 /var/log/messages - vfprintf %s NULL in "%.*s"
"Why 42? The lists account." writes: Tumbler is something to do with D-Bus and is also a required package by/for XFCE. Yeah, Tumbler / tumblerd is a service, accessible via D-Bus, that generates thumbnails for files, e.g. in ~/.cache/thumbnails or equivalent. (But i'm not an XFCE user myself.) Alexis.
Re: Wireless network with bfwm sometimes works and sometimes doesn't
On Wed, Apr 10, 2024 at 12:53:12AM +0200, Stanislav Syekirin wrote: > Stefan Sperling wrote: > > Do you have any of iwn/iwm/iwx or another device which could capture > > raw 802.11 frames of failed association attempts in monitor mode? > > I have a neglected device with Intel Wireless 3160, which is listed on the > iwm man page. Assuming OpenBSD will run on that device, what do I have to > do? ifconfig iwm0 mediaopt monitor ifconfig iwm0 chan 112 # assuming the AP has not moved channels ifconfig iwm0 up tcpdump -n -i iwm0 -y IEEE802_11_RADIO -s 4096 -w /tmp/iwm0.pcap Now attempt the failing association, then cancel tcpdump with Ctrl-C and send me the /tmp/iwm0.pcap file offlist.
