Moin,
I have been dealing with memory-leaks on a host running an nginx
reverse proxy for some time. The host had been running 7.2 with nginx
1.23.1 (self compiled as i need some features not in the package) until
May, which was fine.
After upgrading to 7.3 and nginx-1.24.0, i started to see heavy
regards,
Tobias
On Sun, 2023-09-24 at 12:53 +0200, Rudolf Leitgeb wrote:
> Do the affected programs use the same libraries?
>
> On Sun, 2023-09-24 at 09:32 +0200, Tobias Fiebig wrote:
> > After upgrading to 7.3 and nginx-1.24.0, i started to see heavy
> > memory
> > lea
On Sun, 2023-09-24 at 13:07 +0200, Rudolf Leitgeb wrote:
> This libpcre2 library seems to be the only one, which is not
> used all over the place. The library itself may not even be buggy, it
> may just return something, which the new versions of the caller can't
> handle, or it may be unhappy with
> But yes, getting a specific commit there will be helpful.
Sadly it turns out that it is the commit i feared it would be:
> commit 7b24b93d67daa9c16d665129fd5d3e7dbc583e4f
> Author: Maxim Dounin
> Date: Fri Mar 24 02:57:43 2023 +0300
>
> SSL: enabled TLSv1.3 by default.
Feared, because
ore test-setups to run for some time; I will
be able to setup automation for that in the coming weeks.
With best regards,
Tobias
> On Sun, 2023-09-24 at 21:31 +0200, Tobias Fiebig wrote:
> >
> > > But yes, getting a specific commit there will be helpful.
> > Sadly it turn
Moin,
On Mon, 2023-10-23 at 20:52 +0300, Mikhail wrote:
> I think ipv6 just expand attack surface for the services for very
> little benefit, ...
Well,... there is a ton of reasons one may not want to deploy v6; I
disagree, but well, my boxes are dual-stack through-and-through; My
network, my rul
Might be MTU? Can you try what happens with `find /` ?
If it freezes then, too:
On both machines:
ping -s 1252 -D $remote_IP
if it works, increase by half the way to 1472, try if it still works:
ping -s 1362 -D $remote_IP
etc.
If it does not work, you half the distance to the previously work
Moin,
On Sat, 2024-03-09 at 17:24 +, Laura Smith wrote:
> Nice idea Tobias, but I forgot to mention both machines are on the
> same LAN, and the LAN is operating with standard MTU, no jumbos.
Would still give it a try, esp. given that a large text file cat also
shows this MTU-y behavior. ;-)
Moin,
as some more notifications started to stack up about bouncing messages
from various openbsd mailinglists (and my logs start to reach two digit
numbers over the past two weeks), i figured it might be good to send a
note about this:
The openbsd mailinglists break (for reasonable reasons) DKIM
Moin,
>
> I've disabled the From: rewriting for now after complaints that it
> makes things a lot less usable. We'll try preserving messages as
> sent instead, which means that text/html parts will now be passed
> through (sorry).
>
Darn, but i see where this can break the workflow of people.
I
Moin,
>
> I've disabled the From: rewriting for now after complaints that it
> makes things a lot less usable. We'll try preserving messages as
> sent instead, which means that text/html parts will now be passed
> through (sorry).
>
Darn, but i see where this can break the workflow of people.
I
Moin,
> I am intentionally double-posting this email (once from my personal
> domain, once from reads-this-mailinglist.com) to see how well
> preserving messages as sent works/impacts deliverability.
Some results on this: For the mail from @reads-this-mailinglist.com all
DMARC reports indicated
Moin,
> Is it not ARC meant to be the solution for
> this problem?
Yeah, technically, ARC _should_ help with this. However, in practice,
trusting ARC is not really that common.
> Would DMARC then consider the original
> DKIM and SPF tests?
Kind of; DMARC would trust the signed ARC headers that e
Moin,
I am currently playing around with some relayd things, and noticed that
relayd has a #define for RELAY_MAXHOSTS 32 (defined in 2007); Currently
planning to give 64 a shot.
Does somebody recall why this value was chosen? (Kind of trying to not
shoot myself in the foot there, if it is prevent
Heho,
I think getting the basis going is not too hard; There is LDAP and iirc also
krb5 in base (if not, it is in ports), and you can always shoot for AD with
smb4.
The bigger problem, though, is most likely getting a proper 'web-ish' SSO
provider for sth. like SAML or OpenID going. IIRC there
Heho,
I am running a small setup, where recently the boarder router VMs of a user
caused prolonged and consistent low bandwidth (2-3mb/s) yet high utilization
(many IOPS) disk utilization on the virtualization nodes (more writeup at [1]).
With a bit of digging, we figured out that this was cause
Heho,
> fwiw using a VM for a border router seems a strange choice.
Agree. It is called 'doing-stupid-things' for a reason. :-| ;-) 0:-)
> Also, having many routers in many networks fetch [...]
Yes, and for my own systems I do just that with some added python code around
it to make sure what I fe
Heho,
> BTW rpki-client is one of the (relatively few) cases where softdep is likely
> to give a significant improvement in performance.
I took this as motivation to do some benchmarks (defaults, noatime, softdep,
noatime+softdep, mfs, mfs+noatime) on a VM with eight cores and 8gb of memory
usin
having limited effect.
https://storage.fiebig.nl/s/H4ZHCwPN85yg4zN
Will add an update accordingly. :-)
With best regards,
Tobais
-Original Message-
From: owner-m...@openbsd.org On Behalf Of Tobias Fiebig
Sent: Monday, 1 August 2022 21:34
To: misc@openbsd.org
Subject: Re: rpki-client disk
Heho,
You are unable to connect to the mirror (https fails, and http as well).
Can you get into a shell (on the installer/bsd.rd) and check that:
- DNS resolution works and /etc/resolve.conf has the correct contents
- You can reach the mirror cdn.openbsd.org (ping, ftp get)
Do you have any netwo
the solution went off-list.
-Original Message-
From: latin...@vcn.bc.ca
Sent: Sunday, 7 August 2022 20:58
To: Tobias Fiebig
Subject: Re: Upgrading from 7.0 to 7.1
Hello Tobias
It ia a vm at host.
I am testing again with 7.0 installation to upgrade to 7.1, the reason is
because it failed
Heho,
The important part is not 'not adding an additional signature' but 'not
breaking the previous signature'. As long as you do not fiddle with anything in
there, things will be fine; But, as you most likely do (think: Adding a prefix
for the subject like [LISTNAME]), DKIM will be an issue (mo
Heho,
Any other VMs on the box? My first thought would be not enough tun devs,
default is iirc 4?
To make it work, if that is the case:
cd /dev ; sh ./MAKEDEV tun4 ; sh ./MAKEDEV tun5; sh ./MAKEDEV tun6
With best regards,
Tobias
-Original Message-
From: owner-m...@openbsd.org On Beh
Heho,
Ah, yeah, sorry, meant tap. Writing mails to late n stuff... :-/
With best regards,
Tobias
-Original Message-
From: Holger Glaess
Sent: Saturday, 1 October 2022 10:30
To: Tobias Fiebig ; 'OpenBSD general usage
list'
Subject: Re: VM(D) Interface Question
hi
no
Heho,
You can just quickly plug something together with the library script and
video.js?
https://github.com/videojs
Quickly threw together a streaming-playback some years ago:
https://git.aperture-labs.org/BBB-Things/bbb-stream-control/src/branch/main/var_www_html
; Should be totally server pl
Heho,
On Wed, 2023-01-04 at 00:04 +, Stuart Henderson wrote:
> stacking would refer to creating one softraid (say a raid1 mirror)
> and then creating a separate softraid device (say a crypto volume)
> using the first softraid disk as a component.
Incidentally, if you happen to have a thing fo
Heho,
> So, do you use RAID5 and how it behaves on your side?
Well, you found my reddit post. ;-) Since then, it kind-of became a
non-issue (got a somewhat different infrastructure where OpenBSD is
mostly in VMs). Still, the yolo-colo raid-10 (don't do that. seriously.
At least not if you feel at
Heho,
You have one of those fancy dual-cpu things (nvidia optimus); This can be
somewhat difficult, see also:
https://wiki.archlinux.org/title/Lenovo_ThinkPad_T530
"When using NVIDIA Optimus the Display port will not be accessible. To have
access, change the GPU to discrete in BIOS and auto det
Heho,
I personally run a Dell 7030 micro for a similar purpose; There is basically a
model from each 'big' vendor, and as outlined they are _really_ cheap as used
units on ebay.
There is a series called 'tiny mini micro' by "ServeTheHome" on our favorite
non-free video site which goes over a ra
Heho,
I am running OpenBGPd (on 7.1+binpatches), and have some tunnel links between
hosts and up/downstreams over wg tunnels.
I am basically wondering whether the behavior is known/normal and/or happened
to others, or if it is worth it to setup a test-setup to properly debug the
issue/document
1 connected wg0
(UP, unknown)
-Original Message-
From: owner-m...@openbsd.org On Behalf Of Stuart
Henderson
Sent: Wednesday, 13 July 2022 08:14
To: misc@openbsd.org
Subject: Re: OpenBGPD via (WG?) Tunnel Not Learning Routes
On 2022-07-13, Tobias Fiebig wrote:
> Heho,
>
Heho,
As mentioned, I gave it a shot with eoip, and that worked as intended. What I
noticed though, is that wg0 seems to stick around in bgpd, even after an
ifconfig wg0 destroy; I fixed this by using another ip range for transfer and
rebooting the downstream to make sure; In any case, with an
Subject: Re: OpenBGPD via (WG?) Tunnel Not Learning Routes
On Wed, Jul 13, 2022 at 11:01:09AM -, Stuart Henderson wrote:
> On 2022-07-13, Tobias Fiebig wrote:
> > Heho,
> >
> > When doing what i described in my message, I get the below messages.
> >
> > When I se
Heho,
If the machine just hardlocks (no panic), and the memory seems fine (did you
run memtest?), and there are no blown elcos on the motherboard, my first guess
would be testing another PSU; The pattern sounds familiar.
Also, the voltages do not necessarily look overly healthy... but that might
Moin,
On Wed, 2024-03-13 at 11:54 -0600, Todd C. Miller wrote:
> I've just added support to our majordomo for rewriting the From:
> header when the sender's domain has a DMARC policy. Messages from
> domains using DMARC will now have a From: header like:
Awesome, thanks!
> I could relax this bu
Moin,
> # perform nat64 (NOT WORKING)
> pass in to 64:ff9b::/96 af-to inet from ($wan:0)
Can you try if the same happens with a more specific rule (for
testing)?
i.e.:
pass in on igc3 inet6 from "put actual v6 prefix here" to 64:ff9b::/96
af-to inet from "actual IP on igc0"/32
I am su
36 matches
Mail list logo
