Laurent CARON | 20 Aug 11:35 2014

Strip private AS# from AS-PATH with OpenBGPd


While reviewing my BGP filters, i realized I don't filter private AS# in 
the AS-PATH.

According to OpenBGPd's man page, it is possible to use:

deny from any AS { 64512 64513 .... 65535 }

It would however be quite unmaintainable and not really clean.

Would it be possible to please implement AS ranges ?

deny from any { AS { 64512 to 65535 }, AS { 4200000000 to 4294967294 } }

Hope I didn't miss an obvious way.



Wesley MOUEDINE ASSABY | 20 Aug 10:34 2014

acpi error running openbsd snapshot 20140820 (amd64)


Running the install56.fs from an usb key give me the following error :

So i disabled acpi using UKC to be able to install :

OpenBSD is installed now, but running it with acpi support give me a 
kernel panic :

trace :

and ps :

Below, dmesg without acpi support :
OpenBSD 5.6-current (GENERIC.MP) #336: Tue Aug 19 20:39:19 MDT 2014

deraadt <at>
real mem = 1996161024 (1903MB)
avail mem = 1934336000 (1844MB)
User Kernel Config
UKC> disable acpi
358 acpi0 disabled
UKC> quit
(Continue reading)

Markus Rosjat | 20 Aug 07:59 2014

Re: rsync -a doesnt keep owner and permissions

Am 19.08.2014 17:14, schrieb Joseph Borg:
> Wouldn't something like duplicity work better for you in this case?
> Regards
> Sent from my iPad
well as far as I understand its just another abstraction layer added to 
rsync and I don't want to install something that
is basically using something I already have. But thanks for the sugession
>> On 19 Aug 2014, at 16:53, Markus Rosjat <rosjat <at>> wrote:
>> Am 19.08.2014 16:40, schrieb Erling Westenvik:
>>> On Tue, Aug 19, 2014 at 04:27:11PM +0200, Markus Rosjat wrote:
>>>> Is there any other thing I miss with the sudo  approach?
>>> Check out --usermap, --groupmap and --chown in the man page. Haven't
>>> tried them myself but AFAIK these options were added to rsync(1) late in
>>> 2013 or early in 2014.
>> this may work on a one file or user directory base but if I want to sync a  location like /var/www/htdocs this 
will be
>> a bit overkill and no I don't want to write a script for this if I can avoid it.
>>> --
>>> Vennlig hilsen/Kind regards
>>> Erling Westenvik
>> -- 
>> Markus Rosjat    fon: +49 351 8107223    mail: rosjat <at>
>> G+H Webservice GbR Gorzolla, Herrmann
>> Königsbrücker Str. 70, 01099 Dresden
(Continue reading)

Predrag Punosevac | 20 Aug 06:25 2014

foomatic-rip 'f' exited (retcode=9)

I had a simple printcap file for printing using lpd and foomatic-rip for
about seven years now but since past release it stop working

predrag <at> oko$ uname -a
OpenBSD 5.6 GENERIC.MP#333 amd64

lp|HP|HP Photosmart 5250:\

I am of course in the daemon group and /etc/ulpt0 is owned by daemon
with permission 664. Spooling directory has correct permission. This is
the only thing I see in log files

Aug 19 23:10:16 oko lpd[15224]: lp: filter 'f' exited (retcode=3D9)
Aug 19 23:10:16 oko lpd[15224]: mail sent to user predrag about job
stdin on printer lp ((null))
Aug 19 23:10:16 oko lpd[15224]: lp: job could not be printed

However /tmp/foomatic-rip-mF6GXB.log is a bit more revealing

foomatic-rip version 1.0.54 running...
called with arguments: '-w132', '-l66', '-i0', '-n', 'predrag', '-j',
'stdin', '-h', '', '/etc/foomatic/lpd/lp.ppd'
No printer definition (option "-P <name>") specified!

(Continue reading)

Charles Musser | 20 Aug 05:40 2014

ifconfig command for IPv6 tunnel


I'm experimenting with using IPv6 via a tunnel broker provided by an
ISP. The tunnel works, but I want to confirm my understanding of the
commands they gave me to set it up. These are the commands:

ifconfig gif0 tunnel
ifconfig gif0 inet6 alias 2001:470:1f04:204::2 2001:470:1f04:204::1 prefixlen 128
route -n add -inet6 default 2001:470:1f04:204::1

The first and third commands make sense to me; they set up an IPv4
tunnel interface and a default route for IPv6. After reading the
ifconfig(8) man page) I think I sort of understand what the second one
does. Side note: the two IPv6 addresses provided by the tunnel
broker are defined, in their terminology, as follows: <prefix>::1 is
the "server IPv6 address" and <prefix>::2 is the "client IPv6
address". Given that, I think the following is true:

- <prefix>::1 is the local address of the interface on the IPv6

- The "alias" parameter is superfluous in this case. I tried it without
  that and got the same result: an operating tunnel.

- Because gif0 is a point-to-point interface, <prefix>::2 (the
  server IP) is interpreted as the "dest_address" parameter mentioned
  in the ifconfig(8) man page.

- "dest_address" is the far end of the tunnel and, for point-to-point
  links, serves as the gateway. In this case, it leads to the broader
(Continue reading)

Long Wind | 20 Aug 03:13 2014

is there app like xosview available in OpenBSD?

I find xosview is available in FreeBSD
(I don't use KDE or GNOME)

Dan Shechter | 20 Aug 01:48 2014

VMWare vmx NIC order

Hi All.

I am installing amd64 snapshot from aug 8 on vmware workstation.

This VM has 5 interfaces.

I have changed them all to use vmxnet3 NIC.

vmx0 on openbsd is not ethernet0 in vmware, so are all other interfaces.

Any idea how to match the VMware's ethernet NIC order to OpenBSD's NIC's order?

Best Regards,
Dan. CCIE #13685 (RS/Sec/SP)
The CCIE troubleshooting blog:

Stan Gammons | 20 Aug 01:20 2014


Stan Gammons <s_gammons <at>> writes:

> On 07/29/14 04:01, Stuart Henderson wrote:
>> That's to do with the traffic that the system is handling, you
>> wouldn't normally expect to see all that much fragmented traffic. If
>> there are lots of fragments, are you using pppoe? If so then make sure
>> you either use 'scrub max-mss' or set suitable MTU on all machines on
>> the lan. (In some cases you can use a larger MTU with pppoe RFC4638,
>> but the re(4) driver doesn't yet support jumbo frames on the APU's nic
>> so this won't be available to you).
> Are there other issues with the re(4) driver on the APU besides jumbo
> frames?  The LED on the Ethernet ports on the one I have don't seem to
> be working right.  At 100 meg the amber link LED is on, but at 1 gig the
> LED is off.  I would have thought the green LED would be on for a 1 gig
> link.   Other than that, I'm pretty pleased with how OpenBSD runs on it.

 From the datasheet, "The RTL8111E supports customizable LED operation modes
via IO register offset 18h~19h". I haven't spotted anything setting this in
our driver so perhaps it's initialized to strange values by the BIOS.
"Standard" behaviour is for the link led to blink when it has link at any
speed, or "when this LED is high for extended periods, it indicates that a
link problem exists".

The datasheet is also annoyingly silent about the register config for jumbo

I tried to reply to this email several days ago only to learn the entire subnet my ISP assigned DCHP IP address
is on several of the IP blacklist.

Anyway.  Did you have to sign a NDA to get the datasheet?  I see on the RealTek website where they say it supports
(Continue reading)

Peter N. M. Hansteen | 20 Aug 00:16 2014

Google offering 5 travel grants for female computer scientists to attend EurBSDCon 2014

Via the organizers of the EuroBSDCon 2014 conference (also on the EuroBSDcon 2014 website[3]):

Google EMEA Women in Tech Conference and Travel grants for female
computer scientists

As part of Google’s ongoing commitment to encourage women to excel in
computing and technology, Google is pleased to offer Women in Tech
Travel and Conference Grants to attend the EuroBSDcon 2014 conference.

5 grants, are offered which include:
    * Free registration for the conference
    * Up to 1000 EUR towards travel costs (to be paid after the conference)

To be eligible for a grant, the candidate must:
    * Be a woman working in or studying Computer Science, Computer
      Engineering, or technical field related to the conference subject
    * Have a strong academic background
    * Demonstrated leadership in the workplace or in school
    * Attend the core day(s) of the main conference

How To Apply

To apply, submit the form found on their website[1] by the 31 August
2014 deadline.

To find out more about this Google program, please visit their website [2].

(Continue reading)

Ed Hynan | 19 Aug 22:46 2014

dlsym(): same symbols in prog and lib, segfault

This is with 5.5 release on i386 (32 bit).

When main program has more than one function pointer declared
with the *same names* as functions in a shared library, and
initializes one (at least) with the symbol from that library
with dlsym(), and references the second in some way (take
address, dereference/call. etc.), and the shared library
calls the second function, then the program segfaults at
the point of the lib making that call, but after has
printed messages like:
 	"WARNING: symbol(fn_02) size mismatch, relink your program"
apparently one for each reference to that symbol in either the
main program or library.

This is reliably repeatable, and is probably easier to understand
in code than in my description, so a near-minimal program and
Makefile are appended to this message.

For the test prog try:
# bug
% make clean; make
# workaround 1 -- initialize symbol in main prog
% make clean; make fix
# workaround 2 -- do not reference symbol in prog
% make clean; make fix2
# still bug, different output (FPIC defaults empty)
% make clean; make FPIC="-fPIC"

I'm sure this was not a problem with OpenBSD 4.9 because
the code that raised the issue was fine on that.
(Continue reading)

Mickael Torres | 19 Aug 18:56 2014

openbgpd ipv6 nexthop

Hi all,

I'm using openbgpd on a pair of carped firewall (openbsd 5.5-stable) to 
IPv4 routes to a cisco 7600. I set the nexthop to the carped IP and run 
two sessions
(one from each firewall) on the non-carp IP. This is working fine on 
IPv4 but when
trying to do the same for IPv6, the set nexthop statement in the 
bgpd.conf has no
effect. The cisco receives the prefixes with the non-carp IP of each 
firewall as nexthop.

When doing a bgpctl show the configured nexthop is printed:

# bgpctl show rib nei ip6_cr1-of1ams out
flags: * = Valid, > = Selected, I = via IBGP, A = Announced, S = Stale
origin: i = IGP, e = EGP, ? = Incomplete

flags destination          gateway          lpref   med aspath origin
AI*>  2a02:d48:2f:1c::1:0/125 2a02:d48:2f:1c::1:4    100     0 i
AI*>  2a02:d48:2f:1c::1:8/125 2a02:d48:2f:1c::1:4    100     0 i
AI*>  2a02:d48:2f:910::/64 2a02:d48:2f:1c::1:4    100     0 i
AI*>  2a02:d48:2f:911::/64 2a02:d48:2f:1c::1:4    100     0 i
AI*>  2a02:d48:2f:912::/64 2a02:d48:2f:1c::1:4    100     0 i
AI*>  2a02:d48:2f:913::/64 2a02:d48:2f:1c::1:4    100     0 i
AI*>  2a02:d48:2f:914::/64 2a02:d48:2f:1c::1:4    100     0 i

# ifconfig carp18 inet6
(Continue reading)