guest - flak

network transparent audio with sndiod and vmd

Another way to isolate untrusted media players is to run them in a virtual machine. I was joking with mlarkin that if he’s run out of things to work on, he can add audio emulation to vmd. But of course, this is actually pretty easy to do (playing sounds, not emulating audio), thanks to network support in sndiod.

The setup is fairly easy. To export the audio device on the host side, run sndiod. Or kill and restart, or whatever.

sndiod -L

On the guest side, specifying the audio device can vary by program, but the default can be set via environment variable.

env AUDIODEVICE=snd@ mpg123 song31.mp3

And with that...

BSD fight buffer reign
Flowing blood in circuit vein
Quagmire, Hellfire, RAMhead Count
Puffy rip attacker out

Posted 2017-05-27 21:08:34 by tedu Updated: 2017-05-27 21:08:34
Tagged: openbsd

openbsd changes of note 622

Catching up to current.

Don’t let windows fall off the end of the world in calmwm.

Remove last remnants of rtsol in the intaller, netstart, everywhere.

Allow setting of guest MSRs from vmd, a prerequisite for migration. Also add support for reading and writing device state.

Use freezero in many places in libcrypto.

Resynchronize the guest RTC via vmmci when the host resumes from suspend. Only for OpenBSD guests.

Provide pluggable queueing interface for pf, hiding H-FSC behind an abstraction layer. What could be next?

Revise octeon MDIO driver. Lets all the ethernet ports on the EdgeRouter Pro work.

Introduce an inline function sstosa to convert struct sockaddr_storage to struct sockaddr in a typesafe manner instead of sprinkling casts everywhere.

Continue reading openbsd changes of note 622...

Posted 2017-05-21 16:41:49 by tedu Updated: 2017-05-21 16:41:49
Tagged: openbsd

experiments with prepledge

MP3 is officially dead, so I figure I should listen to my collection one last time before it vanishes entirely. The provenance of some of these files is a little suspect however, and since I know one shouldn’t open files from strangers, I’d like to take some precautions against malicious malarkey. This would be a good use for pledge, perhaps, if we can get it working.

At the same time, an occasional feature request for pledge is the ability to specify restrictions before running a program. Given some untrusted program, wrap its execution in a pledge like environment. There are other system call sandbox mechanisms that can do this (systrace was one), but pledge is quite deliberately designed not to support this. But maybe we can bend it to our will.

Continue reading experiments with prepledge...

Posted 2017-05-20 16:28:36 by tedu Updated: 2017-05-20 16:28:36
Tagged: c openbsd programming

documentation is thoroughly hard

Documentation is good, so therefore more documentation must be better, right? A few examples where things may have gotten out of control.

A fine example is the old OpenBSD install instructions. Once you’ve installed OpenBSD once or twice, the process is quite simple, but you’d never know this based on reading the instructions. Compare the files for 4.8 INSTALL and 5.8 INSTALL. Both begin with a brief intro to the project. Then 4.8 has an enormous list of mirrors, which seems fairly redundant if you’ve already found the install file. Followed by an enormous list of every supported variant of every supported device. Including a table of IO port configurations for ISA devices. Finally, after 1600 lines of introduction we get to the actual installation instructions. (Compared to line 231 for 5.8.) This includes a full page of text about how to install from tape, which nobody ever does. It took some time to recognize that all this documentation was actually an impediment to new users. Attempting to answer every possible question floods the reader with information for questions they were never planning to ask.

Continue reading documentation is thoroughly hard...

Posted 2017-05-18 20:24:42 by tedu Updated: 2017-05-19 02:48:31
Tagged: openbsd software

openbsd changes of note 621

More stuff, more fun.

Fix script to not perform tty operations on things that aren’t ttys. Detected by pledge.

New strstr implementation from musl using the much faster two way matching algorithm.

Provide TCB (thread control block) macros for mips64. Now every arch has them.

Add a NAT-T keepalive timer to iked.

In the arm64 pmap, switch pool allocators to avoid running out of KVA when the system is busy.

Merge libdrm 2.4.79.

Prevent cvs server process from reading and buffering too much data when the network is slower than the disk. The flow control mechanism detected this, but the message to slow down wasn’t actually being processed by the reader loop in time, leading to memory exhaustion.

Continue reading openbsd changes of note 621...

Posted 2017-05-15 16:23:04 by tedu Updated: 2017-05-19 22:28:26
Tagged: openbsd

openbsd changes of note 620

6.1 is old news.

Add 8265 and 3168 support to the iwm driver.

Zero some more kernel memory before use, to prevent padding leaks if the structures ever change.

Some changes to libtls. Allow retrieving the cert chain. This somewhat contradicts my original mandate for libtls that it not expose any gnarly X.509 details to the user, but certs are a fact of life and if you have to build a cert chain downloading tool, you’d want to use the cool API, no? Reality eventually corrupts all our dreams. Also, sneak peak, some adjustment to library internals to allow relayd’s privsep engine to work with libtls.

Give tmux clients names. There have been lots of small improvements to tmux over the past six months which haven’t seemed notable in isolation, but shoutout to all the little fixes, too.

Refinements to syslogd’s internal logging code. More consistency, less snowflake.

The neverending project to add sizes to free calls in the kernel is closer to ending.

64 bit bus address support for the msk driver, required for onboard nic in the Overdrive 1000 to work. And use MSI.

Quiesce sensors during suspend and resume so that callbacks aren’t running for detached drivers.

Introduce freezero to libc, a function that combines explicit_bzero and free, but in a potentially optimal way if the memory can be directly unmapped. Use it in a bunch of places.

Mention the installer bug that has the consequence that some users must remove a trailing /6.1 from the uri in the installurl file.

Posted 2017-04-12 16:27:57 by tedu Updated: 2017-04-12 16:27:57
Tagged: openbsd

openbsd changes of note 8

Wrapping up the best ever release.

Fix some bugs in scan_scaled. Add tests. Fix more bugs.

mandoc cgi mode redirects to better URLs.

Some fixes to vmd to handle controls sockets and TTYs and reboot and other edge cases better.

Configure and apply the multitouch-tracking functions of wsmouse.

Convert some code here and there to using recallocarray.

Improve documentation for the jungle that is sysctl.

Too many use after free bugs in USB drivers, so, for release, revert memory synchronization change to usbdi.c that only works if code elsewhere is correct.

Import dhcrelay6, a DHCPv6 relay, for people living in the past in the future.

The pledge group “ioctl” has been split into a few more targeted permissions.

Add slaacd, a Stateless Address AutoConfiguration Daemon, for people living in the future in the present.

Audio fixes for azalia on Kaby Lake processors.

A great many fixes to vmd to support guests other than OpenBSD. With seabios support, the new default, even penguins can fly.

Fix a leak of stack contents in kernel exec functions.

Kernel W^X comes to arm64.

Add ”(compatible with GNU linkers)” to the lld version output so that configure scripts which only look for magic strings work.

Implement a driver for Marvell’s XHCI controller found on some arm devices.

Merge Mesa 13.0.6

TLS ticket support in httpd.

Add support for RFC4754 (ECDSA) and RFC7427 authentication to iked. Add support to reflect the responder IKEv2 COOKIE, as used by Azure.

Add signify public keys for syspatch for the current and next release.

Unlock tree, we are now hacking on 6.1-current.

Posted 2017-04-05 15:35:22 by tedu Updated: 2017-04-05 15:35:22
Tagged: openbsd

openbsd changes of note 7

The OpenBSD 61. It comes at night.

Enable the short slot time feature in 802.11n mode.

Update to terminfo-20170128.

Reduce per packet allocations for crypto.9 (IPsec) from three to one.

Introduce Xen interrupt barriers. Xen interrupt handlers run in thread context, so the usual intr_barrier() function doesn’t work.

In tmux, collect sequences of printable ASCII characters and process them together instead of handling them one by one. This is significantly faster.

Delete the obsolete fork/exec/exit emulation hooks. Last remnant of compat for other systems dies, after removal of linux compat.

Tweak the scheduler to move threads around a little less.

Add percpu counters for TCP stats. And ipv6, icmp6, divert. And carp and pfsync.

Continue reading openbsd changes of note 7...

Posted 2017-03-14 18:31:02 by tedu Updated: 2017-03-14 18:31:02
Tagged: openbsd

openbsd changes of note 6

In a bit of a hurry, but here’s some random stuff that happened.

Add connection timeout for ftp (http). Mostly for the installer so it can error out and try something else.

simplefb for framebuffer on armv7 devices like rpi.

Complete https support for the installer.

find -delete support like all the other kids have.

The ongoing effort to rewrite many libssl and libcrypto man pages is still ongoing.

Remove “CVS tips” section from the web site. This forbidden knowledge is now forbidden.

Add cross compiler build support for clang.

Prevent boot from crashing on amd64 by allocating a buffer on the heap instead of the extremely tiny stack.

Build with -fno-builtin because otherwise clang would optimize the local versions of functions like _dl_memset into a call to memset, which doesn’t exist.

Continue reading openbsd changes of note 6...

Posted 2017-02-07 13:55:57 by tedu Updated: 2017-02-07 13:55:57
Tagged: openbsd

turn your network inside out with one pf.conf trick

I think this falls somewhere a little short of common knowledge, but obvious once you know it. It lets machines roam in and out of the network without too much config fiddling. Instead, we configure machines to always use “cloud” services but intercept the packets to provide local services.

Here’s the pf.conf rules I have on my router.

pass in on cnmac1 proto { udp , tcp } from any to any port domain rdr-to port domain pass in on cnmac1 proto { udp , tcp } from any to any port ntp rdr-to port ntp

This steals any DNS or NTP traffic bound for the internet and redirects it back to the local machine, servicing it locally.

Normally one gets a DNS server via DHCP, but I usually prefer to use So I override that option in dhclient.conf. Works great outside the house. But when I’m home, then I really do want to use the local server because that’s the one that knows about other hostnames on the network. This lets me keep a hardcoded config on my laptop and fix it at the router.

Similarly with NTP, although the situation is a little different since we don’t usually get that from the DHCP server. Instead it’s configured once. I could use the server pool, but it’s silly to have a half dozen machines each probing several upstream servers. For a while I used a config that pointed at the router directly, but then when I take a laptop on the road, it can’t sync time at all. Solution: point everything at in ntpd.conf, and again have the router fix it up. (Bonus benefit: Windows and Apple machines will also now use the router’s time service with no config fiddling either.)

In short, permanently configure laptops for mobile use, and then configure the router to provide optimized services. This is typically easier than trying to configure the laptop to detect which network it’s using.

Posted 2017-01-04 09:16:52 by tedu Updated: 2017-01-04 09:16:52
Tagged: openbsd

openbsd changes of note 5

New year, old changes.

bluhm, mikeb, and mpi are continuing ongoing work to introduce the NET_LOCK. The plan is to replace splsoftnet() with an rwlock. However, unlike splsoftnet, rwlocks are not recursive, which requires some care in acquiring the lock once, only once, and in just the right spot. This is complicated by the fact that the network stack has many layers calling into each other. And in the case of NFS, even stranger dangers. In the mean time, some macros are used to allow switching between splsoftnet and rwlock until all the issues are solved.

kettenis is working to fix various warnings generated by the clang compiler. krw is also fixing a bunch of compiler warnings.

visa’s work on octeon now includes a MMC driver for the EdgeRouter Pro.

Continue reading openbsd changes of note 5...

Posted 2017-01-03 18:55:28 by tedu Updated: 2017-01-03 19:26:58
Tagged: openbsd

watt time is left

So Apple no longer knows how to make a battery meter. The good news is OpenBSD is still here for all your desktop needs. How does its battery meter work?

The simplest interface to get battery status info is to run apm. This gives us both percentage and an estimate of time remaining.

Continue reading watt time is left...

Posted 2016-12-16 13:49:18 by tedu Updated: 2016-12-16 13:49:18
Tagged: computers openbsd software

who even calls link_ntoa?

So there’s a buffer overflow in link_ntoa. What does this mean? CERT says an attacker may be able to execute arbitrary code, but who can be an attacker? Where is link_ntoa used?

What does link_ntoa even do? I’ve never heard of this function before.

The link_ntoa() function takes a link-level address and returns an ASCII string representing some of the information present, including the link level address itself, and the interface name or number, if present. This facility is experimental and is still subject to change.

Networking something or other I guess.

First place to look is in libc itself, where the function lives. The implementation lives in net/linkaddr.c but it’s the declaration that’s of particular interest.


The PROTO_DEPRECATED macro marks a function as exported from the library, but not for use internally. We can also verify with grep that nothing in libc calls link_ntoa, but with the symbol marking we can be confident we haven’t missed any thing.

Moving on to base, we find a few occurrences.

sbin/route/route.c: printf("%s: link %s; ", which, link_ntoa(&su->sdl)); sbin/route/show.c: return (link_ntoa(sdl)); usr.bin/netstat/show.c: return (link_ntoa(sdl));

This is used to print route information obtained from the kernel. So if you haven’t patched yet, before you run route show again, make sure you trust the kernel.

Posted 2016-12-07 03:00:07 by tedu Updated: 2016-12-07 03:00:07
Tagged: openbsd software

openbsd changes of note 2

Things happened, stuff changed.

X550 support among other ix changes and cleanup.

Ongoing switch work. Better OpenFlow compat. You know it’s serious when tcpdump gets an update.

Loongson 3A support.

Turn ipstat into a set of percpu counters. Per CPU counters allow simple statistics to be collected in a lockless manner, collating them as necessary. The basic mechanism was introduced a little earlier in October.

Hydrogen bomb fixes.

Dedicated build user builds for xenocara.

Some iwm diffs, since committed. reducing rx latency. ack rates. reduce retry limit.

PCI info ioctl for DRM.

Assorted changes to pool memory management. More mbuf pool changes to come.

Something else of potential interest: pine64 bootloader.

Posted 2016-11-23 02:37:09 by tedu Updated: 2016-11-23 02:37:09
Tagged: openbsd software

openbsd changes of note

Stuff happened, things changed.

mcl2k2 pools and the em conversion. The details are in the commits, but the short story is that due to hardware limitations, a number of tradeoffs need to be made between performance and memory usage. The em chip can (mostly) only be programmed to write to 2k buffers. However, ethernet payloads are not nicely aligned. They’re two bytes off. Leading to a costly choice. Provide a 2k buffer, and then copy all the data after the fact, which is slow. Or allocate a larger than 2k buffer, and provide em with a pointer that’s 2 bytes offset. Previously, the next size up from 2k was 4k, which is quite wasteful. The new 2k2 buffer size still wastes a bit of memory, but much less.

Continue reading openbsd changes of note...

Posted 2016-11-16 21:28:16 by tedu Updated: 2016-11-16 21:28:16
Tagged: openbsd software

process listing consistency

POSIX specifies that there is a ps utility to list processes, although it doesn’t describe how the command is implemented. In fact, it’s not possible to implement ps using only POSIX interfaces. However it’s implemented, it’s unlikely to use double buffering, which means on a sufficiently busy system, the results may be inconsistent. If lots of processes are being created and exited while ps runs, some of the output may be “before” and some “after”. Much like a game without vsync.

In order to test for inconsistency, we need to create lots of processes, but in a predictable way. Then we run ps over and over, looking for discrepancies. Enter the chicken and the egg.

Continue reading process listing consistency...

Posted 2016-10-06 12:26:37 by tedu Updated: 2016-10-06 12:26:37
Tagged: c openbsd programming

OpenBSD on HP Stream 7

Recent events have rocked the mobile computing world to its core. OpenBSD retired the zaurus port, leaving users in desperate need of a new device. And not long before that, Microsoft released the Anniversary Update to Windows 10, but with free space requirements such that it’s nigh impossible to install on cheap 32GB eMMC equipped devices such as the HP Stream series, leaving users searching for a new lightweight operating system. With necessity as both mother and father, the scene is set for a truly epic pairing. OpenBSD on the HP Stream 7.

The HP Stream line is a series of budget computers in a couple form factors. The Stream 11 is a fairly typical netbook. However, the Stream 7 and 8 are tablets. They look like cheap Android devices, but inside the case, they’re real boys, er PCs, with Intel Atom CPUs.

Continue reading OpenBSD on HP Stream 7...

Posted 2016-09-10 13:17:55 by tedu Updated: 2016-09-12 14:46:42
Tagged: computers gadget openbsd

doas mastery

It’s been a year since the introduction of doas, so it’s clearly time to write a book. Or maybe a pamphlet.

UNIX systems have two classes of user, the super user and regular users. The super user is super, and everybody else is not. This concentration of power keeps things simple, but also means that often too much power is granted. Usually we only need super user powers to perform one task. We would rather not have such power all the time. Think of the responsibility that would entail! Like the sudo command, doas allows for subdivision of super user privileges, granting them only for specific tasks.

The doas command itself has a few options, which we’ll discuss somewhat later, but the most interesting part is the configuration file. This is where the real magic happens.

Continue reading doas mastery...

Posted 2016-09-05 09:02:36 by tedu Updated: 2016-09-19 01:19:43
Tagged: openbsd software