Maxim Khitrov | 30 Jan 16:22 2015

Preserving unbound cache across reboots

Hi all,

I wrote two simple functions for rc.shutdown and rc.login that
save/restore unbound cache when the system is restarted. Since each
record has a relative TTL field, the cache can only be restored within
a short time window to avoid serving stale data to clients. I set this
window to 10 minutes; enough to survive a reboot, but not for any
extended downtime. Is there any interest in including this
functionality in the base OS (moved to /etc/rc)?

- Max

--- /var/backups/etc_rc.shutdown.current        Mon Aug  4 21:03:16 2014
+++ /etc/rc.shutdown    Fri Jan 30 10:06:11 2015
 <at>  <at>  -8,3 +8,17  <at>  <at> 
 powerdown=NO   # set to YES for powerdown

 # Add your local shutdown actions here.
+save_unbound_cache() {
+       local db=/var/db/unbound.cache
+       /etc/rc.d/unbound check || return
+       echo -n 'saving unbound cache: '
+       if unbound-control dump_cache > $db; then
+               chmod 0600 $db
+               echo 'done.'
+       else
+               rm -f $db
+       fi
(Continue reading)

Damon Getsman | 30 Jan 06:25 2015

Please disregard my last

  Of course, immediately after posting I finally stumbled across the
right web hit:
  Please disregard my premature request for assistance.  :)

fRANz | 29 Jan 20:56 2015

sudo nohup tcpdump at startup

Hello guys,
I implemented this config:

in order to stream pf logs to a remote machine.
If I add the command:

sudo nohup tcpdump -n -v -l -q -n -e -ttt -i pflog0 action block |
logger -t pf -p &

to the /etc/rc.local file and reboot the box, it works for the boot
time but then tcpdump process disappear (I'm sure the file is
processed because previous commands are committed successfully), like
something kills the process.

Just for test I move the command from /etc/rc.local to /etc/rc:
tcpdump still works perfectly, also after boot time, for every reboot.

What are differences between rc.local and rc executions? Could you
please help me to understand?
It's not a problem for me remove the command from rc.local and put it
in rc file but I'm curious to find the reason.

On this platform (OpenBSD 5.6 amd64 on PcEngines APU) rc.local is
invoked like this:

[ -f /etc/rc.local ] && sh /etc/rc.local

Thank you for any tip.
(Continue reading)

Alan McKay | 29 Jan 19:02 2015

ntpd.conf - add ability to read servers from an include file?

Hey folks,

Would anyone else see value in this?
Basically for the sake of automated deployments it would be nice / clean
to be able to do :

includeservers /path/to/file

And then read them all from the file.  And the same file would be used
as a table in pf.conf for NTP FW rules.  One server per line.

This would make initial deployments easier to automate (no need to
programmatically alter the config file), and then if you need to change
your NTP servers post-deployment it is cleaner as well with less chance
of human error. i.e. changing pf.conf is riskier than changing ntpd.conf




"Don't eat anything you've ever seen advertised on TV"
         - Michael Pollan, author of "In Defense of Food"

OpenBSD Store Misc | 29 Jan 17:53 2015

LibreSSL Official T-shirts

Hi everyone,

Some new awesome LibreSSL T-shirts are available to help fund 
developments. You can see them on

We’re running a small pre-order for about 2 weeks. If you have any 
questions please email us off list.

Yes, these are official products with funds directed back to the project.


PS: Thank you to everyone who supported us over the transition period.

Clément Hertling (Wxcafé | 29 Jan 13:05 2015

Crashes at boot on Xen virtual machine


I'm trying to run an OpenBSD virtual machine in Xen 4.4.
The install procedure worked fine, but when I boot the VM I get a kernel crash.
Linux VMs on this host work perfectly fine, and as I said the installer runs ok
too, so I'm not sure what's causing this.

Following is the dmesg output :

OpenBSD 5.6 (GENERIC.MP) #333: Fri Aug  8 00:20:21 MDT 2014
    deraadt <at>
real mem = 109047808 (103MB)
avail mem = 97517568 (93 MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4  <at>  0xfc001000 (12 entries)
bios0: vendor Xen version "4.4.1" date 12/11/2014
bios0: Xen HVM domU
acpi at bios0 not configured
mpbios0 at bios0: Intel MP Specification 1.4
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Celeron(R) CPU G1610  <at>  2.60GHz, 2594.52 MHz
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 100MHz
(Continue reading)

Comète | 29 Jan 13:54 2015

em0 watchdog timeout on Thinkpad T440 laptop


I use OpenBSD 5.6 GENERIC.MP (amd64) on a Thinkpad T440. I often use the
suspend state and i've noticed that after each suspend, in the next 5 minutes
after resuming, my network interface (em0) looses connection during about 1 or
2 minutes and then reconnect and so on, many times...
As you can see, the
dmesg shows many em0 watchdog timeouts.
I've tried to suspend when the laptop
is on the dock and without it, but the problem is the same. No problem with
the NIC when i don't suspend.

I use apmd_flags="-C" in /etc/rc.conf.local
Any idea ?

Thanks for your help.

OpenBSD 5.6 (GENERIC.MP) #5: Thu Dec 11 09:51:08 CET 2014
    root <at>
real mem = 8246050816 (7864MB)
avail mem = 8017756160 (7646MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7  <at>  0xbcd3d000 (61 entries)
bios0: vendor LENOVO version "GJET80WW (2.30 )" date 10/20/2014
bios0: LENOVO 20B7S1TQ00
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
(Continue reading)

Harald Dunkel | 29 Jan 10:46 2015

how to follow libressl stable in openBSD 5.6?

Hi folks,

Following OpenBSD 5.6 stable, what is the recommended
procedure to upgrade libressl to the most recent stable


Sam Good | 29 Jan 02:57 2015

httpd and native FastCGI basics

Since httpd is replacing apache/nginx, and httpd supports FastCGI,I thought I
would learn how to develop native FastCGI applications.But I seem to be having
trouble understanding how httpd.confspecifies how to interact with the FastCGI
Just to get things started, I was hoping to find a "hello world"
equivalent.From the website, I took the 'tiny-fcgi.c' example
program('ve gotten it to
compile, and linked it statically(so its easier in the /var/www/ chroot)It
doesn't read from stdin, just writes a generic text/html message inresponse to
any invocation.
But at documentation, for "Running applications" is rather
scant:"Web servers support FastCGI via new configuration directives. Since
thesedirectives are server-specific, get more information from the
documentation thataccompanies each server"The FastCGI whitepaper does not say
that sockets are used, but rather"The Web server creates FastCGI application
processes to handle requests. Theprocesses may be created at startup, or
created on demand."Also, man httpd.conf says only a few lines about the
'fastcgi' directive
I've tried configuring httpd.conf to just test the connection betweenhttpd and
'tiny-fcgi'but all I get are 500 error "Internal Server Error"with no
information in the /var/www/logs/error.log

If I have 'tiny-fcgi' compiled and linked statically and placed at
/var/www/cgi-bin/tiny-fcgi- do I need to have it running as a server, and if
so, how to start it? /var/www/cgi-bin/tiny-fcgi &or some other way (to get a
socket?)- how should I configure or what directives should I put in httpd.conf
?I tried:-------server "default" {  listen on $ext_addr port 80  location
"/cgi-bin/tiny-fcgi" {    fastcgi    root "/"  }}------but just get 500
internal server error
I have searched google for FastCGI+httpd+openbsd, but have only seen
(Continue reading)

Thomas Bohl | 29 Jan 02:50 2015

IPv6 gateway fe80::1 needs a ping to work

Hello List,

my vServer hosting provider states the IPv6 default gateway as fe80::1.
To get IPv6 traffic flowing it's necessary to ping fe80::1 fist.

For now I help myself with the following line in crontab
 <at> reboot sleep 10 && ping6 -c 10 fe80::1\%vio0 > /dev/null

It doesn't feel right though. Is there a better way?
ndp -s doesn't work because I'm unable to set set the R flag.

Apologies for the following information overload:

Freshly booted system:

# cat /etc/hostname.vio0
!route add default

inet6 2a03:4000:6:f0::47/64
inet6 alias 2a03:4000:6:f0::47:e/64
!route add -inet6 default fe80::1%vio0

# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768
         priority: 0
         groups: lo
         inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
         inet6 ::1 prefixlen 128
         inet netmask 0xff000000
(Continue reading)

opendaddy | 28 Jan 23:25 2015

Wouldn't `daemon_enable=YES` make more sense than `daemon_flags=""` in rc.conf.local?


Wouldn't `daemon_enable=YES` (like FreeBSD's rc.conf) make more sense for enabling daemons than
`daemon_flags=""` in rc.conf.local?

Most of my daemons don't have any flags so it looks a bit strange (and messy) with all these empty flag specs.