Using wayland on OpenBSD
I would like to develop a wayland app on OpenBSD, and I was wondering if it was already possible to use wayland on a snapshot version. The only requirement I have is to be able to run firefox, I obviously don't expect anything to be stable and I will be happy to help by providing feedback/bug report. - Quentin Schibler
sway package not found on -current
Hello ! I upgraded to current using sysupgrade -s so I could get the latest wayland related packages. I looked on openports and found that a sway port exists https://openports.pl/path/wayland/sway. When I pkg_info -Q sway, the package is not found. Does that mean that on snapshots a port is not always built into a binary package ? If so, do I have to build sway from source using the port ? Thanks !
Updating iwx firmware to 20220708 from 7.2 branch
I have a laptop using an AX210 network card (no ethernet), which is supported by -current, but not by 7.1. I installed 7.1 without configuring network, rebooted, and dumped the iwx firmware 20220708 onto a USB key. I tried to fw_update -p . but it did not detected iwx as added iwx. I tried fw_update -p . iwx, it added iwx, updated none, kept none. The interface did not showed up with ifconfig. Then I sh /etc/netstart, it does not output anything, and the interface does not appear. Running fw_update -d iwx yields "No firmware found for iwx", which makes me think that the previous fw_update command did not worked. - Quentin
Re: httpd slowcgi notes
Hi,
> server "local-fastcgi" {
> listen on egress port 80
> fastcgi
> }
have you tried specifying the fastcgi socket ?
Re: unbound auto-trust the root.key file
Hi Kevin, > can we not make unbound not try to write to it at all it seems that you are using auto-trust-anchor-file, but what you search for is trust-anchor-file. > and have a cronjob that runs to update it every so often to make sure it is > the correct key? Then you can use unbound-anchor to update it.
Re: fastcgi support in httpd(8)
> Hi, Hi > Due to the OpenBSD chroot, I have copied the folowing files into > /var/www. The libraries were generated from `ldd /usr/bin/perl`. > /usr/bin/perl > /usr/lib/libc.so.77.0 > /usr/lib/libm.so.9.0 > /usr/lib/libperl.so.15.0 > /usr/lib/libpthread.so.18.0 > /usr/lib/libutil.so.12.1 > /usr/libexec/ls.so > #!/usr/bin/perl So your /usr/bin/perl is actually /var/www/usr/bin/perl ?
sub
amd64 bsd.rd for 7.0, 7.1, 7.2
Hi,
I want to upgrade an amd64 system running 6.9. Following
the guide I would like to upgrade to 7.{0,1,2,3,4,5}
sequentially. However it looks like
wget https://cdn.openbsd.org/pub/OpenBSD/7.{0,1,2}/amd64/bsd.rd
returns 404 for all three queries.
Where can I find the bsd.rd images for these versions?
Thanks for your help.
Packet loss simulation + PFsync documentation
Hello everyone, I've been searching around and couldn't find a full description of the pfsync header format and all the different types of messages (some kind of RFC). Do you guys know whether or not there exists such a document ? or something similar that would review in details al the types of messages for pfsync ? I've read David Gwynne's paper about pfsync_v5 (openbsd.org/papers/pfsync_v5.pdf), and he gives a quick list of the different message types, but its work is 2 years old and maybe the protocol evolved since then ? Are there no other message types in the current implementation ? Also, does the protocol implement some kind of reliability mechanism, like message sequencing / acknowledgements messages ? How would pfsync behave in an environment with limited bandwith and subject to packets loss ? Lastly, I'd like to test pfsync in a simulated environment with potential packets loss/corruptions and/or with limited bandwith. I know I can emulate packets loss by adding probability to a block rule in pf.conf, and I'm not sure but I think ALTQ could help to add some bandwith limitation (though its main goal is more to implement QoS rules, again correct me if I'm wrong). I've heard of Dummynet for FreeBSD ; is there the equivalent for OpenBSD ? Thanks for reading me, Regards, Quentin Aebischer University of Sherbrooke, Canada
PF tcp sessions/s rate evaluation
Hello everyone, I'm currently a master degree student, and I'd like to benchmark packet filter over the number of tcp sessions per seconds it can handle. So I've got a very basic setup working, consisting of one server running OpenBSD 4.9 with PF (acting as firewall-router), and 2 PC's running Linux, acting respectively as client and webserver (running apache2 for the last). Basically, the client spams standard HTTP requests to the server via the firewall using a basic HTTP injector tool and evaluates the number of sucessful processed requests per seconds. As one can expect, there is an inverse relationship between the number of sessions/s a firewall can sustain and the size of the object of the request. To achieve maximum throughput, you've got to request big size objects (i.e 50KB or more), whereas to achieve maximum sessions rate per second, you've got to make requests with 0 size objects. Prior to this, I've run some tests with a Linux firewall running iptables, and I've come up with an average rate of 11300 sessions/s for 0 size objects (straight up results, no tweaks or improvements made). Moving on to the OpenBSD tests, I only achieved an average rate of 7000 sessions/s for 0 size object (starting up at 8000, slowly decreasing to 7000 - 6500 ...), which is way above the linux/iptables average rate . I then tried to make some tweaks in /etc/sysctl.conf, but no improvement so far. The ruleset I use is the following (copied from the OpenBSD pf tutorial) : set block-policy drop pass out quick pass in on $WAN inet proto tcp port 80 rdr-to $HTTP_SERVER_IP pass in inet proto icmp all pass in on $LAN. So I come here now to know whether you guys have any idea what sort of tweaks I could try to significantly enhance the number of tcp sessions per seconds processed by PF. I'm kind of a PF newbie, so I'm clueless for the moment . Any hints, thoughts or ideas is appreciated !
Re: PF tcp sessions/s rate evaluation
Thx for the reply. Well I've already increased the state table size to 15 entries, 1 was not enough (there was up to 7 simultaneous state entries during the test). Hardware wise, I'm using a xeon 2.4 GHz monocore with 1 GB of RAM. Since this server is used as firewall only, I've raised the kernel space memory to up to 90% of total memory. I don't want to make hasty conclusion, so I'll keep searching.. Ryan McBride a C)critB : There is not much to tweak, performance-wise. OpenBSD avoids such buttons like the plague, and besides: benchmarks should be run with a stock install, which is what 99% of users are going to be doing as well. You can try looking at the output of 'pfctl -si' and see if any of those is increasing a lot, it may give you some more hints. The only thing that jumps to mind is the states limit; if it's getting hit you'll see the memory counter increase. I can't make any suggestion for a good value for 'set limit states' though because you included zero information about the hardware you're testing on. On Tue, Aug 16, 2011 at 02:12:01PM -0400, Quentin Aebischer wrote: Hello everyone, I'm currently a master degree student, and I'd like to benchmark packet filter over the number of tcp sessions per seconds it can handle. So I've got a very basic setup working, consisting of one server running OpenBSD 4.9 with PF (acting as firewall-router), and 2 PC's running Linux, acting respectively as client and webserver (running apache2 for the last). Basically, the client spams standard HTTP requests to the server via the firewall using a basic HTTP injector tool and evaluates the number of sucessful processed requests per seconds. As one can expect, there is an inverse relationship between the number of sessions/s a firewall can sustain and the size of the object of the request. To achieve maximum throughput, you've got to request big size objects (i.e 50KB or more), whereas to achieve maximum sessions rate per second, you've got to make requests with 0 size objects. Prior to this, I've run some tests with a Linux firewall running iptables, and I've come up with an average rate of 11300 sessions/s for 0 size objects (straight up results, no tweaks or improvements made). Moving on to the OpenBSD tests, I only achieved an average rate of 7000 sessions/s for 0 size object (starting up at 8000, slowly decreasing to 7000 - 6500 ...), which is way above the linux/iptables average rate . I then tried to make some tweaks in /etc/sysctl.conf, but no improvement so far. The ruleset I use is the following (copied from the OpenBSD pf tutorial) : set block-policy drop pass out quick pass in on $WAN inet proto tcp port 80 rdr-to $HTTP_SERVER_IP pass in inet proto icmp all pass in on $LAN. So I come here now to know whether you guys have any idea what sort of tweaks I could try to significantly enhance the number of tcp sessions per seconds processed by PF. I'm kind of a PF newbie, so I'm clueless for the moment . Any hints, thoughts or ideas is appreciated ! --
NAT rule change with 4.6 current PF
Has the NAT rule syntax changed in 4.6 current from 3-dec? - (GENERIC.MP) #340 I dont see any change in the webpages: http://www.openbsd.org/faq/pf/nat.html A rule that worked in 4.6 release: nat pass on $ext_if proto tcp from 192.168.0.2 to any port 80 -> $ext_if_IP now generates an error: pf.conf:247: syntax error I had a look at the pf documentation and it now mentions nat-to rather than nat but perhaps I am misreading. A pointer would be much appreciated. Quentin
