Re: pledge for sockets

2017-04-26 13:19 GMT+02:00 Luke Small : > I'm not saying to alter pledge necessarily, maybe make new system call > like pledge. There aren't any per-process pf rules that are applied. If your daemon has a specific user, you can make such rules in PF. The goal you stated can be reached already, w

Re: pledge for sockets

*path limitations on rpath rpath and wpath calls, why not limitations on > inet and unix? > > On Wed, Apr 26, 2017 at 6:26 AM Janne Johansson > wrote: > >> 2017-04-26 13:19 GMT+02:00 Luke Small : >> >>> I'm not saying to alter pledge necessarily, maybe ma

Re: Pf with secondary DNS resolution

I would make those rules have a table, and a cronjob to feed the table with the current ips that these hostnames resolve to. But of course, that implies you trust the replies you get all the time from that cronjob. 2017-05-03 22:16 GMT+02:00 Luke Small : > Is it worthwhile to set up a hook for p

Re: Pf with secondary DNS resolution

2017-05-04 1:56 GMT+02:00 Luke Small : > Four words Peter..."dynamic IP address". I'm sure that there are folks that > ssh into machines that are on a dynamic IP address that don't have a modem > on a power backup, or even possibly on an ISP that may down, possibly when > they are out of town. I d

Re: /etc/mygate equivalent for IPv6?

Just add the ipv6 gw ip to /etc/mygate. 2017-06-06 21:45 GMT+02:00 mabi : > Hi, > > What is the "standard" approach for adding an IPv6 default gateway to an > OpenBSD 6.1 machine analog to the /etc/mygate file for an IPv4 default > route? > > There are no /etc/mygate6 file and as such for now I

Re: inquiring about setting wxallowed on /home mountpoint

2017-06-13 7:29 GMT+02:00 Josh Stephens : > >> So my question is, will there be any security implications that I > >> should be concerned about with setting wxallowed in /etc/fstab to the > >> home mountpoint? > > > > Yes there is a security implication. From mount(8), > > Turn it off and accept t

Re: bug tracking system for OpenBSD

2017-06-19 19:01 GMT+02:00 Philipp Buehler < e1c1bac6253dc54a1e89ddc046585...@posteo.net>: > Am 19.06.2017 18:51 schrieb Harald Dunkel: > >> some reliable response time >> > > I've to decide between popcorn and other stuff with flames. > > Entitlement is a strong feeling, it seems. -- May the m

Re: amd64 snapshot 6 July

2017-07-09 10:50 GMT+02:00 Mihai Popescu : > Hello, > Just installed amd64 snapshot, dated 6 July and there are a few > problems at the start: > starting early daemons: syslogd(failed) pflogdpflogd[3376]: [priv] msg > PRIV_OPEN_LOG received ntpd(failed) > ld.so: ftp: can't load library 'libtls.so.

Re: permission denied local nfs mount

Make sure pf isn't stopping any packets also. 2017-07-29 1:36 GMT+02:00 Allan Streib : > 6.1 amd64 release > > My goal is to serve files from a directory in my home dir via httpd. As > I understand it the way to do this is a local NFS mount in the httpd > chroot. > > Basically following the FAQ f

Re: expr / (( )) different behavior

0 is parsed as octal in places, so 09 would be bogus if octal. 2017-08-11 12:56 GMT+02:00 Alessandro DE LAURENZIS : > Dear misc@ readers, > > I was doing a little exercise with integer arithmetics and noticed the > following: > > [snip] > $ echo $(expr -09

Re: expr / (( )) different behavior

2017-08-11 13:14 GMT+02:00 Alessandro DE LAURENZIS : > Hi Janne, > On Fri 11/08/2017 13:07, Janne Johansson wrote: > >> 0 is parsed as octal in places, so 09 would be bogus if octal. >> > [...] > > Thanks for the clarification; does that mean expr(1) can treat 10-b

Re: ftp.eu.openbsd.org no longer accepts anonymous ftp?

Will fix, have to handle strange 1:1 NAT after move to a new ftp.eu. 2017-08-19 12:16 GMT+02:00 Peter N. M. Hansteen : > On 08/19/17 11:44, Andreas Thulin wrote: > > Also, yesterday's > > > > # pkg_add -u > > > > failed for me, apparently for that same reason. > > Yes, that would happen. Then ag

Re: ftp.eu.openbsd.org no longer accepts anonymous ftp?

Fixed, now ftp works again, sorry for the glitch. 2017-08-20 19:33 GMT+02:00 Janne Johansson : > Will fix, have to handle strange 1:1 NAT after move to a new ftp.eu. > > > 2017-08-19 12:16 GMT+02:00 Peter N. M. Hansteen : > >> On 08/19/17 11:44, Andreas Thulin wrote: &

Re: 6.1 fails to boot on a 486

A few quick tests on 6.1-i386 in a VM showed that 20M seems to be minimum now, at 17-19M disk setup would segfault late in the installation and at 16M em0 couldn't get TX stuff allocated, so that failed even earlier. 2017-09-01 9:43 GMT+02:00 Mike Larkin : > On Thu, Aug 31, 2017 at 11:57:40PM -0

Re: TCP Window Scaling

Since 6.1 I think the max is 2M, and not 256k. Many programs will also allow you to bump limits using setsockopt. 2017-09-14 11:15 GMT+02:00 Andreas Krüger : > Hi All, > > I am wondering why there is no option to set the max tcp window > scaling sizes for send and receive since version 4.9. > I

Re: TCP Window Scaling

2017-09-14 13:08 GMT+02:00 Janne Johansson : > Since 6.1 I think the max is 2M, and not 256k. Many programs will also > allow you to bump limits using setsockopt. > > > httpd.conf: server "secret.site" { tcp { socket buffer 20971

Re: TCP Window Scaling

2017-09-14 13:24 GMT+02:00 Andreas Krüger : > How would i set i for ipsec tunnels or iperf etc. then? IPSec isn't using tcp so you wouldn't be able to. For iperf, you can read the manpage, like I have done for httpd/rsync. -w, --window n[KM] TCP window size (socket buffer si

Re: cron and desktop-computers

2017-09-15 14:48 GMT+02:00 Niels Kobschaetzki : > Hi, > > today I wondered if I need anacron on my laptop. cron(8) states in the man > page in the section "Daylight Saving Time and other time changes": > "If time has moved forward, those jobs that would have run in the interval > that has been ski

Re: Crypto softraid is supported on GPT/UEFI boot and not just on BIOS/MBR boot, right?

2017-09-29 3:31 GMT+02:00 Nick Holland : > > By that logic, we should have quit using cheap disks when they went over > 32MB. Or 120MB. Or 504MB. Or 128GB. Or ... > I have MBRs on 4TB SoftRaid volumes, works fine. > > fdisk, make the "entire" disk (welllthe first 2TB) OpenBSD. > disklabel,

Re: size of size_t

2017-10-12 20:04 GMT+02:00 : > Hi, > > >> I just discovered, to my dismay, that size_t is only 32 bits, even on > >> 64-bit processors. > Okay, I don't have a 64-bit machine running OpenBSD to check -- but is > 'long' > 64-bits on those? How did you manage to come to the first conclusion, given

Re: macppc netboot

2017-10-18 0:47 GMT+02:00 Daniel Boyd : > I'm attempting to install onto a G4 Cube with a busted CD-ROM drive. > I've never done network booting before, so I'm sure I'm just missing > something. > Make sure to read and follow ALL the steps in "man diskless" that has anything to do with PPC boots,

Re: dhclient expects IPv4 address in dhclient.conf

2018-05-02 16:06 GMT+02:00 Marc Peters : > Hi misc, > dhclient hates me. I would like to prepend an IPv6 nameserver in the > dhclient configuration on my router when connecting to my ISP, but > dhclient gives me following error: > > em1: /etc/dhclient.conf line 17: expecting IPv4 address. > em1: p

Re: dhclient expects IPv4 address in dhclient.conf

2018-05-02 18:07 GMT+02:00 Marc Peters : > On Wed, May 02, 2018 at 04:24:50PM +0200, Janne Johansson wrote: > > Seems common on other dhcpd's too: > > https://lists.isc.org/pipermail/dhcp-users/2012-May/015511.html > > > > ah, the option has a different name for

Re: OpenBSD logo on my private hompage. It is allowed?

Den fre 8 juni 2018 kl 04:41 skrev Eric Furman : > You can make and sell any product you want using OBSD. > No fee or questions asked. Even Baby-Mulching Machines. > ..and for that we are ever so thankful. -- May the most significant bit of your life be positive.

Re: 20% package loss on CARP after upgrade to 6.3

Den ons 20 juni 2018 kl 19:59 skrev Henrik Dige Semark : > Hey everybody, > > # Server 1 > My /etc/hostname.* for CARP's and pfsync + host adaptor: > https://pastebin.com/vrtuPqnQ > My /etc/pf.conf: https://pastebin.com/yhVkG4x4 > > # Server 2 > My /etc/hostname.* for CARP's and pfsync + host adap

Re: FTP login delay

Den ons 20 juni 2018 kl 23:28 skrev Maximilian Pichler < maxim.pich...@gmail.com>: > I've enabled ftpd and am experiencing very long delays (consistently > 75 seconds) when logging in from localhost. > > Running nc reveals that the connection is accepted immediately, but > the server waits before

Re: 20% package loss on CARP after upgrade to 6.3

Den tors 21 juni 2018 kl 10:31 skrev Stefan Sperling : > On Thu, Jun 21, 2018 at 10:07:06AM +0200, Janne Johansson wrote: > > Den ons 20 juni 2018 kl 19:59 skrev Henrik Dige Semark : > > > > > Hey everybody, > > > > > > # Server 1 > > > My /

Re: clearing the disk cache

Den tis 3 juli 2018 kl 10:59 skrev Maximilian Pichler < maxim.pich...@gmail.com>: > > > The buffer cache is implemented as two 2-queue and therefor a simple cat > > bigfile will not fill the cache. > > What sort of data structure or algorithm is this? Any reference would > be much appreciated. > >

Re: arm64 recommendation Pine64 or Rock64

Den sön 8 juli 2018 kl 07:04 skrev Predrag Punosevac : > I am in particularly keen on building an > embedded computer which will use Arduino UNO a microcontroller > motherboard(s) to pool DHT22 AM2302 Digital Temperature And Humidity > Measurement Sensor as well as HC-SR501 Human Sensor Module P

Re: Julia on OpenBSD?

Den fre 13 juli 2018 kl 10:46 skrev Rudolf Sykora : > Hello, > > has anyone any experience with running Julia (language) > on OpenBSD? How difficult was it to set it up? (It isn't > in the Ports.) > > http://daemonforums.org/showthread.php?p=63134 the internet seems to point to bcallah@ -- May

Re: autri(4) disabled by default

Den tis 31 juli 2018 kl 12:47 skrev Peter Kay : > I see autri(4) is disabled by default in an amd64 kernel, probably > others too, and has been for a very long time. > > I can't see any notice of why this is so, anyone know? > > > Seems like it came over with the initial amd64 port from i386, and

Re: Can't open /dev/bio on arm

Is there MAKEDEV things to add also? Den sön 5 aug. 2018 09:15Jonathan Gray skrev: > On Sat, Aug 04, 2018 at 06:38:20PM +1000, Jonathan Gray wrote: > > On Sat, Aug 04, 2018 at 05:37:11PM +1000, Jonathan Gray wrote: > > > On Sat, Aug 04, 2018 at 09:33:45AM +0300, Kihaguru Gathura wrote: > > > > H

Re: IPv6 router advertisement rdns not working?

Den tors 13 sep. 2018 kl 18:49 skrev Mike Coddington : > On Thu, Sep 13, 2018 at 06:15:28AM +0200, Sebastien Marie wrote: > > On Wed, Sep 12, 2018 at 10:26:40PM -0500, Mike Coddington wrote: > > > However, if I decide to go with just IPv6 by > > > simplifying my /etc/hostname.if file and using "i

Re: Routing stops after ipsec/gre tunnel activates

Den mån 1 okt. 2018 kl 16:56 skrev Kaya Saman : > Hi, > I've got an issue where something strange is happening with the routing > table after establishing an ipsec connection it's quite hard to > describe but what happens is that the tunnel establishes then routing > goes down completely. The

Re: 6.4 available but sources incorrect

Den tors 18 okt. 2018 kl 15:37 skrev Peter J. Philipp : > > Hi, > > I know the announcement hasn't made it out yet afaik. But I want to give > notice that on ftp.eu as well as cdn mirrors the sources don't check out. > For one the key is the old 6.3 key and then it fails to signify. > > pub -x SHA

Re: _writes_to_HOME directories in /

Den tors 18 okt. 2018 kl 19:55 skrev schwack : > > Was prepping for 6.4 upgrade and noticed a bunch of *_writes_to_HOME > directories in my root file systyem. (as shown below) > All created on Sept 16th. Not sure what I might have been doing on the system > that day. "building ports" most likely

Re: iked(8) bad-ip-version 7 (encap) error after 6.4 upgrade

Den 19 okt. 2018 kl 00:44 skrev Jason Tubnor : > 09:14:42.281631 (authentic,confidential): SPI 0x03096f78: bad-ip-version 7 > (encap) IPv7? I thought me using v6 was hipster enough, but the cool kids have surpassed me by far. (sorry for not helping with your actual issue though) -- May the most

Re: set owner/group: operation not permitted

Den ons 24 okt. 2018 kl 20:48 skrev Carlos Aguilar : > Then, when I execute the following command as unprivileged user sg: > sg:/home/sg$mv /var/www/cgi-bin/my-site/posts/messages/*.txt /tmp > I got the following error message: > > mv: /tmp/OneFile.txt: set owner/group: Operation not permitted >

Re: OpenBSD site

Manual edits, no hurry to jump on this weeks fashionable web framework, testing with lynx goes a long way to keep it simple and readable. Den lör 27 okt. 2018 kl 11:14 skrev misc nick : > > I was wondering how you maintain and update such high quality content in > OpenBSD's site. > Do you manuall

Re: vmm(4) direct device resources access from guests

Den tors 1 nov. 2018 kl 08:53 skrev Denis : > > Is it possible to have full I/O access to PCI-express devices from guest > OSes like Penguin? > https://www.openbsd.org/faq/faq16.html -- May the most significant bit of your life be positive.

Re: CURRENT userland does not compile due to games/glorkz

Den mån 12 nov. 2018 kl 09:00 skrev Jyri Hovila [Turvamies.fi] : > Theo: > Upgrade to from a snap. > Thanks, but: NO! XD > Seriously: As crazy as it may sound, I'm very stubborn about following the > CURRENT without taking shortcuts. It's not a shortcut, it is how it's done. It is not cheating, o

Re: Using /32 resp. /128 netmask for carp ips

Den fre 23 nov. 2018 kl 18:50 skrev Joerg Streckfuss : > > Dear list, > > i want to know why it is good practice to use /32 netmask for ipv4 > respectively /128 netmask for ipv6 addresses on carp interfaces, while using > the > "real" netmask for example /24 for a dedicated address on an interface

Re: Compiler warning in ctype.h

Den fre 6 mars 2020 kl 12:29 skrev Thomas de Grivel : > Hello, > > I was using base gcc but switching to base clang fixes the warnings on > -current at least. > Is base gcc not supported anymore ? > I think you are supposed to use whatever gets used when you call "cc" on the OpenBSD platform you

Re: S3 Virge support on IBM T23 for 6.6

Den ons 15 apr. 2020 kl 23:29 skrev Paolo Aglialoro : > Is this a hint that soon i386 architecture will be deprecated? > Considering that supported hw (at least graphics) is going more and more to > overlap with amd64, at the very end i386 would remain only for some > routerboards. > i386 has see

Re: S3 Virge support on IBM T23 for 6.6

Den tors 16 apr. 2020 kl 18:24 skrev Paolo Aglialoro : > Thanks Janne for the tech insight. > So, but for routerboards/CLI boxen, considering that this recent move > hinders GUI for most P3s, the really viable ones remain P3s/K7s with > different graphics boards (mostly desktop/tower) and early P4

Re: Regarding randomized times in crontab

Den tors 16 apr. 2020 kl 20:22 skrev Andreas Kusalananda Kähäri < andreas.kah...@abc.se>: > On Thu, Apr 16, 2020 at 11:14:59AM -0600, Theo de Raadt wrote: > > That is a lot of words to cover a simple concept: > > > > The specific random values are selected when cron(5) loads > > the crontab file.

Re: List a package's dependencies

Den mån 20 apr. 2020 kl 15:08 skrev Marc Espie : > On Sun, Apr 19, 2020 at 04:36:48PM +0200, Ingo Schwarze wrote: > > Part of that is due to the unavoidable complexity > > of the system. Other parts may be influenced by the fact that > > espie@ is not tedu@. > > I don't think tedu would do much b

Re: socket I/O on openbsd

You're still not telling what it is, where it came from, what it does. Noone here can mind read you. We will not admit we can see what is on your monitor, so .. step up to the challenge and show your work. https://i.imgur.com/ArfmbAf.gif Den ons 22 apr. 2020 kl 08:09 skrev Gustavo Rios : > apx_

Re: fw_update verify firmware?

Den tors 14 maj 2020 kl 06:27 skrev Mogens Jensen < mogens-jen...@protonmail.com>: > Normally I would just assume that fetched files are verified, but maybe > in the case with fw_update, the rationale is that firmware files are > binary blobs so we can't know if they are malicious anyway, therefor

Re: OpenBSD 6.7 and ffs2 FAQs

Den tors 28 maj 2020 kl 07:51 skrev Matthias : > On a fresh 6.7 installation, mount(8) shows 'type ffs'. Is there any way > to figure out the version number? > > https://undeadly.org/cgi?action=article;sid=20200326083657 -- May the most significant bit of your life be positive.

Re: Filling a 4TB Disk with Random Data

Den mån 1 juni 2020 kl 16:01 skrev Justin Noor : > Hi Misc, > Has anyone ever filled a 4TB disk with random data and/or zeros with > OpenBSD? > How long did it take? What did you use (dd, openssl)? Can you share the > command that you used? > My /dev/random on decent x86_64 give out more or less

Re: Filling a 4TB Disk with Random Data

Den fre 5 juni 2020 kl 09:23 skrev Roderick : > Is not there a SCSI command "sanitize" for that? > Can be issued with OpenBSD? > Perhaps his disc supports it. > Then again, if you count how many hours it will take to securely erase a disk, one might doubt the option of "just run this command and

Re: New tool to (quickly) check for available package upgrades

Den ons 17 juni 2020 kl 17:04 skrev Marc Espie : > > > > > > The concept you need to understand is snapshot shearing. > > > > > A full package snapshot is large enough that it's hard to > guarantee that > > > > > you will have a full snapshot on a mirror at any point in time. > > > > > In fact, yo

Re: dhcpd synchronization: leases recovery after downtime

Den lör 18 juli 2020 kl 23:28 skrev Guy Godfroy : > Hello, > > I am using two routers on OpenBSD (called mulder and scully), and I wish > to make dhcpd listen on a carp interface between both of them. I am > using the synchronization mechanism: > I noticed the same issue long time ago, but settle

Re: static IPv6 setup is not working stable

I have a setup where the virtualization (KVM) combined with the networking does present a IPv6 def-gw as both an fe80:: and the more normal 2001:a:b:c:d::1/64 and where the 2001-v6 ip works far better on virtual machines due to redundancy mac sync things on the network side, and since the ndp list

Re: static IPv6 setup is not working stable

? > > > > On 06 Aug 2020, at 15:51, Janne Johansson wrote: > > > > I have a setup where the virtualization (KVM) combined with the > networking does present a IPv6 def-gw as both an fe80:: here> and the more normal 2001:a:b:c:d::1/64 and where the 2001-v6 ip works >

Re: Should/will OpenBSD support ODROID-C4 board? (ARM A55)

Den tors 6 aug. 2020 kl 18:40 skrev : > Hardkernel, a Korean company, make an alternative to the Raspberry Pi, the > latest being the 'Odroid C4', CPU manufactured by Amlogic (American). > I owned an ODROID board in the past and was impressed with the hardware. > However, the software support for

Re: Adding more syspatch platform.

Den ons 12 aug. 2020 kl 00:50 skrev Predrag Punosevac : > Theo de Raadt wrote: > > No, it is a question of which additional platform, you avoided that > > didn't you > > octeon is the only one I can think of. > I would volunteer doing the work and dedicating two octeons of mine for building sysp

Re: Microsoft's war on plain text email in open source

Den ons 26 aug. 2020 kl 21:17 skrev Mike Hammett : > Text-only was great in 1985. > Mike Hammett > Intelligent Computing Solutions > Midwest Internet Exchange > The Brothers WISP > Being able to publish and/or send a really small file from computer A to computer B unchanged in this day and age is

Re: Routing and forwarding: directly connected computers

Den tors 3 sep. 2020 kl 11:39 skrev Ernest Stewart < erneststewar...@hotmail.com>: > I have a local network with 5 computers: > > computer1) > /etc/hostname.re0: 192.168.1.10 0xff00 > Different netmask here? > /etc/hostname.re1: 192.168.2.11 0x > /etc/hostname.re2: 192.168.2.12 0xff

Re: Routing and forwarding: directly connected computers

Den tors 3 sep. 2020 kl 14:55 skrev Ernest Stewart < erneststewar...@hotmail.com>: > I was actually wondering about using netmask 0x for the external > interface. As you noted, they are different networks, I just wanted to be > able to use any 192.168/16 ip address in the internal network

Re: Routing and forwarding: directly connected computers

Den tors 3 sep. 2020 kl 17:01 skrev Ernest Stewart < erneststewar...@hotmail.com>: > I forgot to say, in every computer I have /etc/sysctl.conf with > "net.inet.ip.forwarding=1". > > And I insist, what shocks me the most is that tcpdump shows in both > computers the right icmp packets but ping say

Re: SCM

Den mån 22 juli 2019 kl 17:05 skrev Австин Ким : > Hi, > > As someone completely new to OpenBSD the one immediate first impression > that most peculiarly sticks out like a sore thumb to me is the Project’s > use of CVS for source code management. I am curious why the Project > continues to use C

Re: SAD ( pkg_add does linux like stuff ie: not working, no explanation )

Den ons 28 aug. 2019 kl 16:06 skrev sven falempin : > Maybe obvious ? if so why no message from the software ? > # pkg_add php_curl > [URLHERE] php-curl-7.2.17.tgz > > > LIKE WHY PLEASE ? > Given that the differenc

Re: How can I remove sets installed by sysupgrade?

> > My reasoning behind NOT installing the X, Comp and Game sets have > little > to do with saving space, although I am using an 8GB SSD. I learned in my > research that one of the most fundamental ways to improve network/system > security is to minimize the attack surface by not installing un

Re: build error on octeon, 6.6

Den ons 6 nov. 2019 kl 23:36 skrev Christian Groessler : > Hi, > I've installed OpenBSD 6.6 on an EdgeRouter Lite. I wanted to rebuild > the system. > > Maybe the machine has too little memory? > > routie$ swapctl -lk > Device 1K-blocks UsedAvail Capacity Priority > /dev/sd0b 22

Re: build error on octeon, 6.6

I wonder if this part is relevant: c++: error: unable to execute command Is there any permissions on /net that prevents execution? I seems it wants to run stuff from here: ... *** Error 254 in /net/sirius/temp/routie-build/6.6/src/gnu/usr.bin/clang/libLLVM (:67 'AMDGPUTargetMachine.o': @c++ -O2

Re: Home NAS

Den lör 16 nov. 2019 kl 22:49 skrev Karel Gardas : > > I tried a home NAS with ZFS, then BTRFS. Those filesystems needs tons of > RAM (~1 GB of RAM by TB of disk), preferably ECC. > > For NAS you prefer ECC anyway and 1 GB RAM consumption per 1 TB of drive > is urban legend probably passed by folk

Re: SIGBUS on octeon for my program

There was a fix recently for the stack getting unaligned committed just recently, do you have that? If not, test on current. Den ons 27 nov. 2019 kl 14:48 skrev Peter J. Philipp : > Hi, > > My DNS program gets a SIGBUS when I execute it. I have ktraced it, upped > limits and searched in the mip

Re: Following patch or stable branch on Octeon

> > I was under impression that original octeon > (mips64) packages were built on SGI hardware which is no longer > supported so I was curios about new build machines. I am fully aware > that mips64 packages are available for 6.6 even though I try to stick > for most part with tools from the base.

Re: Awaiting a diff [was: Re: File systems...]

Den tors 9 jan. 2020 kl 02:11 skrev Ingo Schwarze : > > Are you aware that even Bob Beck@ is seriously scared of some > parts of our file system code, and of touching some parts of it? > Yes, this Bob Beck, who isn't really all that easily scared: > > https://www.youtube.com/watch?v=GnBbhXBDmwU

Re: Awaiting a diff [was: Re: File systems...]

Den fre 10 jan. 2020 kl 10:55 skrev Consus : > On 20:06 Thu 09 Jan, Marc Espie wrote: > > It's been that way for ages. But no-one volunteered > > to work on this. > > Anyone even knows about this? Aside from OpenBSD developers (who have > their plates full already) how an average person can find o

Re: FreeBSD daemon(8)-like command for OpenBSD

Den tors 30 jan. 2020 kl 21:08 skrev Patrick Kristiansen < patr...@tamstrup.dk>: > > Properly starting up a daemon process requires several steps, often > > involving unveil(2), pledge(2), chroot(2), prviledge dropping, > > sometimes fork+exec for privilege separation, and so on > > The process I

Re: FreeBSD daemon(8)-like command for OpenBSD

Den fre 31 jan. 2020 kl 11:48 skrev Andrew Easton : > On Fri, Jan 31, 2020 at 10:47:17AM +0100, Patrick Kristiansen wrote: > > On Fri, Jan 31, 2020, at 09:29, Janne Johansson wrote: > > > Den tors 30 jan. 2020 kl 21:08 skrev Patrick Kristiansen < > patr...@tamstrup.

Re: How to hide my server's IP?

Den mån 3 feb. 2020 kl 07:18 skrev Frank Beuth : > Otherwise it would be possible for an attacker to, for example, hack > your webapp to have it phone home to some external server controlled by > the attacker. ..and in the request logs see where the request comes from so this information is avai

Re: How to hide my server's IP?

> > Not sure I understand the whole hierarchy and flatness analogy, I'm very > new to all of this, but what do I tell those who claim that this leaking of > the IP poses a security risk and that they therefore should go with FreeBSD > jails instead? > Use a VM if you need to win over "checkboxing

Re: VLAN or aliases or? best way to isolate untrustable hosts in a small network

Den ons 5 feb. 2020 kl 13:07 skrev Denis : > I've made two VLANs to automatically assign random IPs from a pool by > dhcpd: > [...] > # /etc/hostname.vlan101 > description 'WLAN attached untrusted hosts' > inet 192.168.156.0/24 255.255.255.0 vlandev run0 > VLANs and wifi sounds like a non-star

Re: bad ip cksum 0! -> in enc interface

Den ons 5 feb. 2020 kl 21:01 skrev Riccardo Giuntoli : > If i sniff traffic over enc0 interface I found a strange error about ip > chksum: > > (DF) (ttl 63, id 43164, len 52) (DF) (ttl 64, id 18753, len 72, bad ip > cksum 0! -> c48a) > This is the error as you can review. > > I cannot find soluti

Re: bad ip cksum 0! -> in enc interface

Den ons 5 feb. 2020 kl 21:01 skrev Riccardo Giuntoli : > I'm setting up a roadwarrior type ikev2 secure connection from .es to .uk. > root@ganesha:/etc# cat hostname.enc0 > > root@smigol:/etc# cat hostname.enc0 > inet 172.16.44.2/32 > up > Why are you setting up hostname.enc0? What guide is recom

Re: Process Isolation

Den tors 6 feb. 2020 kl 10:22 skrev Charlie Burnett : > Sorry if this has been answered before but I couldn't find a satisfactory > answer searching for it, and this is more of an academic question. So > security focused Linux distros like Qubes go to extremes to > compartmentalize/isolate any and

Re: strange dmesg

Den lör 8 feb. 2020 kl 11:31 skrev : > Hi, > I have some strange output from dmesg, what could be ? > At the follwoing link I've posted some screenshots: > https://postimg.cc/gallery/1o4wsaw74/ > dmesg is contained in a memory buffer with (hopefully) room for more than one dmesg, so you can get p

Re: IPsec and MTU / fragmentation

Den mån 10 feb. 2020 kl 11:58 skrev Simen Stavdal : > Hi Lucas, > Have you tried to manipulate the mss during conversation setup? > This is done with the max-mss directive in pf.conf. > Basically, it takes the three way handshake, and overrides the MSS value in > the handshake to something lower t

Re: IPsec and MTU / fragmentation

Den mån 10 feb. 2020 kl 12:15 skrev Simen Stavdal : > True, but issue was related to downloading over http, which is over tcp. > So, if http is your only concern I would go for this option. > To me, it sounds just a bit like "let this person notice the other errors later". > Most clients are co

Re: IPsec and MTU / fragmentation

Den mån 10 feb. 2020 kl 16:27 skrev Simen Stavdal : > This is more a discussion about scalability and practical implementation. > We both know that PMTU will work partly at best, your entire path back > must support this, and also, the "offending" client must allow inbound > control messages on th

Re: IPsec and MTU / fragmentation

Den mån 10 feb. 2020 kl 18:18 skrev Peter Müller : > Hello Lucas, > as far as I understood, setting MTU on encN interfaces is not supported > since it is not mentioned by enc(4) and setting it manually fails: > > > machine# ifconfig enc0 mtu 1500 > > ifconfig: SIOCSIFMTU: Inappropriate ioctl for d

Re: IPsec and MTU / fragmentation

Den mån 10 feb. 2020 kl 20:53 skrev Simen Stavdal : > I think the more complete solution is to run some gif/gre inside ipsec and >> set low-enough MTU on that one, so it can correctly fragment incoming >> packets, and optionally rebuild the packets at the remote end, while also >> giving you an id

Re: IPsec and MTU / fragmentation

Den tis 11 feb. 2020 kl 10:25 skrev Simen Stavdal : > tunnel will be able to fragment all incoming ip before sending it into the > ipsec, which will not fragment for you. > The clients will not have to change, nor any other protocol that sends ip > via the double-tunnel.> > > If a client and a se

Re: OpenBSD <> Commercial VPNs

Try ipsec, I hear some of the commercial offerings almost manage that too. 2015-10-10 19:21 GMT+02:00 Jack J. Woehr : > Googled and not found much on connecting OpenBSD to proprietary VPN > offerings. > > I looked at OpenVPN which conceptually resembles Fortinet but doesn't seem > to have any wa

Re: Help with diff for Samsung 950 Pro NVMe (unable to map registers)

There is some preliminary work in the obsd tree also from dlg@: http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/nvme_pci.c 2015-11-17 3:00 GMT+01:00 Josh : > Thanks Ted for the reply and the hint. > After a bit of research, it seems the 950 Pro use a PCIe NVMe > interface as opposed to

Re: cdboot manpage

You do realize that what you are claiming differs from the part you quoted? 2015-12-03 10:08 GMT+01:00 Tati Chevron : > The manual page for cdboot says: > > If no commands are given for a short time, cdboot will then attempt to > load an OpenBSD kernel from the CD. It first looks for th

Re: "# systrace -c1000:1000 kate" for privilege escalated editing?

2015-12-04 0:10 GMT+01:00 Luke Small : > There must be some sort of kernel lock, because if you su - twice into the > 1000 user, it won't open a x window either! I'm sure there is a > conservative security policy at play, X and switching users requires you to read up on xauth, always has. --

Re: [OT] 1st search engine for Internet-connected devices

Yeah, everyone know they are small: http://www.rspb.org.uk/discoverandenjoynature/discoverandlearn/birdguide/families/tits.aspx 2015-12-04 17:32 GMT+01:00 Jan Stary : > https://www.shodan.io/search?query=big+tits > Exactly ONE hit. This can't be real. > > > On Dec 03 23:35:32, skin...@britvault.

Re: bsd.rd on Octeon ubnt_e200 doesn't fully boot

My ERL would not run SMP if coremask was 0x1 (ie, use only one cpu) so I setenv:ed the bootmask to add coremask=0x3 so that the bsd.mp would find both cores, otherwise it bombed while probing for the second. 2015-12-05 14:21 GMT+01:00 Daniel Ouellet : > Not the end of the world, I was trying to

Re: bsd.rd on Octeon ubnt_e200 doesn't fully boot

bootmask == bootcmd, typo. 2015-12-05 20:56 GMT+01:00 Janne Johansson : > My ERL would not run SMP if coremask was 0x1 (ie, use only one cpu) so I > setenv:ed the bootmask to add coremask=0x3 > -- May the most significant bit of your life be positive.

Re: Empty MFS on root

2015-12-08 21:18 GMT+01:00 Alexander Hall : > On December 8, 2015 4:21:16 PM GMT+01:00, Otto Moerbeek > wrote: > >On Tue, Dec 08, 2015 at 03:03:14PM +, Tati Chevron wrote: > > > >> Currently, it's possible, (as root), to do something like: > >> # mount_mfs -s 1g swap / > >> > >> which succeed

Re: FAQ 3.3 - suggested copyright clarification diff

2015-12-20 19:11 GMT+01:00 Tati Chevron : > On Sun, Dec 20, 2015 at 06:24:26PM +0100, ropers wrote: > >> But if I want to make my own bootable Blu-ray disc, for a single >> architecture, >> > using the files on the discs I purchased, is it necessary, for example, > to master it with the distributi

Re: text-mode gui

2015-12-22 22:10 GMT+01:00 : > deviation from line oriented interfaces > for the installer is not the way it can be handled by other systems, > meaning it's not the least common denominator that lends itself to > machine processing and there is point in improving this but going in > the reverse

Re: if I were to make a pkg-add diff

2016-01-04 4:22 GMT+01:00 Luke Small : > What I meant is, if a program sends a handful of pings to each mirror, > would it think it is being spammed and shutdown any further connections. > > What you meant was thousands of users sending handful of pings across the world to a lot of the mirrors eac

Re: syscall 5 "cpath" continues with octeon

2016-01-05 4:45 GMT+01:00 Fung : > --- > (OpenBSD 5.8-current (GENERIC) #1: Thu Nov 26 15:01:01 CET 2015) > Octeon ubnt_e100# version > U-Boot 1.1.1 (UBNT Build ID: 4670715-gbd7e2d7) (Build time: May 27 2014 - > 11:16:22) > > > > 6. via http://www.tedunangst.com/flak/post/OpenBSD-on-ER

Re: 5.9-beta upgrade stalled at base59.tgz 98% fetched, 51072 KB on first try, retry succeeds

2016-01-18 18:39 GMT+01:00 Peter N. M. Hansteen : > For about the last week, I've been seeing this oddity with the amd64 > installer when doing snap to snap upgrades on my laptop. > > My routine for quite a while has been to fetch snapshots off the local > mirror whenever I notice there's a new on

  1   2   3   4   5   6   >