Shawn Webb lattera

## qemu-aarch64.zsh
#!/usr/local/bin/zsh

function usage() {
	echo "USAGE: ${0} -d /path/to/disk -b /path/to/bios"
	exit 0
}

bios=""
disk=""

## 2015-09-09_0910-qemu.log
WARNING: Image format was not specified for './disk.img' and probing guessed raw.
         Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted.
         Specify the 'raw' format explicitly to remove the restrictions.
QEMU 2.3.0 monitor - type 'help' for more information
(qemu) QEMU waiting for connection on: disconnected:telnet::4444,server
Warning: netdev net0 has no peer
Warning: nic net0 has no peer
qemu: terminating on signal 2

## power.zsh
#!/usr/local/bin/zsh
# power.zsh
# Copyright (C) 2015 Shawn Webb <shawn.webb@hardenedbsd.org>
# License: 2-Clause BSD License
#
# This little script exports non-required pools and detaches their
# geli providers before shutting down or rebooting.

# This needs to be in a specific order as these pools depend on each
# other

## gist:627b3932f1e6239182f0
Unread portion of the kernel message buffer:
[57220] kernel trap 9 with interrupts disabled
[57220]
[57220]
[57220] Fatal trap 9: general protection fault while in kernel mode
[57220] cpuid = 7; apic id = 07
[57220] instruction pointer     = 0x20:0xffffffff80a4e963
[57220] stack pointer           = 0x28:0xfffffe0463690710
[57220] frame pointer           = 0x28:0xff000000ff898989
[57220] code segment            = base 0x0, limit 0xfffff, type 0x1b

## openbsd_malloc_notes.txt
OpenBSD malloc version attempted to import into HardenedBSD: 5.8
HardenedBSD version: 39

I first copied malloc.c and malloc.3 to src/contrib/openbsd_malloc.

I added a WITH_OBSDMALLOC flag to src/share/mk/bsd.src.opts that
optionally switches from jemalloc to OpenBSD malloc.

I created the directory src/lib/libc/stdlib/openbsd_malloc and copied
over src/lib/libc/stdlib/jemalloc/Makefile.inc over to use as a

## -
#!/bin/sh
#-
# Copyright (c) 2015 HardenedBSD
# Author: Shawn Webb <shawn.webb@hardenedbsd.org>
#
# This work originally sponsored by G2, Inc
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:

## -
  PID              START                END PRT  RES PRES REF SHD FLAG TP PATH
 5247       0x570c579000       0x570c6d4000 r-x  256  261   3   2 CN-- vn /usr/local/bin/snort
 5247       0x570c8d3000       0x570c8d7000 r--    4    0   1   0 CN-- vn /usr/local/bin/snort
 5247       0x570c8d7000       0x570c8d8000 rw-    1    0   1   0 C--- vn /usr/local/bin/snort
 5247       0x570c8d8000       0x570d748000 rw- 2591 2591   1   0 C-S- df
 5247      0x3b8789ba000      0x3b8789d9000 r-x   31   31  72   0 CN-- vn /libexec/ld-elf.so.1
 5247      0x3b8789d9000      0x3b878a08000 rw-   41   41   1   0 C--- df
 5247      0x3b878a08000      0x3b878a09000 rw-    1    1   1   0 ---- df
 5247      0x3b878bd8000      0x3b878bda000 rw-    2    2   1   0 C--- df
 5247      0x3b878bda000      0x3b878c0b000 r-x    3    4   2   1 CN-- vn /usr/local/lib/libsfbpf.so.0.0.1

## -
diff --git a/libexec/rtld-elf/rtld.c b/libexec/rtld-elf/rtld.c
index 280d9f1..79a4206 100644
--- a/libexec/rtld-elf/rtld.c
+++ b/libexec/rtld-elf/rtld.c
@@ -515,6 +515,10 @@ _rtld(Elf_Addr *sp, func_ptr_type *exit_proc, Obj_Entry **objp)
     dbg("initializing thread locks");
     lockdflt_init();

+    if (aux_info[AT_STACKPROT] != NULL &&
+      aux_info[AT_STACKPROT]->a_un.a_val != 0)

## typescript
Script started on Thu Feb 11 19:14:23 2016
[1m[3m%[23m[1m[m                                                                                                                                                                                                                
 
k...webb/testpie\
[m[23m[24m[J[37m[1mhbsd-dev-laptop[shawn][m[00m:[34m[1m/home/shawn/gocode/src/gitlab.labs.g2-inc.net/shawn.webb/testpie[m[00m $ [K[108C[19:14:23][118D[?1h=[?2004heecho $GOPATH[?1l>[?2004l
kecho\/home/shawn/gocode
[1m[3m%[23m[1m[m                                                                                                                                                                                                                
 
k...webb/testpie\
[m[23m[24m[J[37m[1mhbsd-dev-laptop[shawn][m[00m:[34m[1m/home/shawn/gocode/src/gitlab.labs.g2-inc.net/shawn.webb/testpie[m[00m $ [K[108C[19:14:29][118D[?1h=[?2004hGGOROOT=${HOME}/projects/go ${HOME}/projects/go/bin/go ins

## Article.md

      
        
          
            
              
              1 file
            
          
          
            
              
              0 forks
            
          
          
            
              
              1 comment
            
          
          
            
              
              1 star
            
          
        
        
          
              
          
          
            
                lattera
                / Article.md
            
            
              Created
              June 4, 2016 17:16
            
              
                Configuring TunnelBroker (Hurricane Electric 6in4 tunnel) in OPNsense
              
          
        
      
        
  
      
    Introduction

OPNsense supports native IPv6 as well as tunneled IPv6. This article shows how to set up TunnelBroker, Hurricane Electric's IPv6-in-IPv4 tunnel, with OPNsense. If you're based in the US and you use Netflix, you might not want to follow these instructions. Netflix now blocks TunnelBroker. I have confirmed this myself.
If you use IRC or need access to SMTP over the TunnelBroker connection, Hurricane Electric requires you to go through their free IPv6 certification process. Their "sage" level is the highest level and will allow you to enable IRC and SMTP. Note that your OPNsense firewall must be directly connected to the Internet. Being behind a NAT will not work.
The rest of this article assumes you already have a TunnelBroker account. If not, sign up and go through the free IPv6 certification process. Screenshots are provided throughout this article.
Background
	#!/usr/local/bin/zsh

	function usage() {
	echo "USAGE: ${0} -d /path/to/disk -b /path/to/bios"
	exit 0
	}

	bios=""
	disk=""
	WARNING: Image format was not specified for './disk.img' and probing guessed raw.
	Automatically detecting the format is dangerous for raw images, write operations on block 0 will be restricted.
	Specify the 'raw' format explicitly to remove the restrictions.
	QEMU 2.3.0 monitor - type 'help' for more information
	(qemu) QEMU waiting for connection on: disconnected:telnet::4444,server
	Warning: netdev net0 has no peer
	Warning: nic net0 has no peer
	qemu: terminating on signal 2
	#!/usr/local/bin/zsh
	# power.zsh
	# Copyright (C) 2015 Shawn Webb <shawn.webb@hardenedbsd.org>
	# License: 2-Clause BSD License
	#
	# This little script exports non-required pools and detaches their
	# geli providers before shutting down or rebooting.

	# This needs to be in a specific order as these pools depend on each
	# other
	Unread portion of the kernel message buffer:
	[57220] kernel trap 9 with interrupts disabled
	[57220]
	[57220]
	[57220] Fatal trap 9: general protection fault while in kernel mode
	[57220] cpuid = 7; apic id = 07
	[57220] instruction pointer = 0x20:0xffffffff80a4e963
	[57220] stack pointer = 0x28:0xfffffe0463690710
	[57220] frame pointer = 0x28:0xff000000ff898989
	[57220] code segment = base 0x0, limit 0xfffff, type 0x1b
	OpenBSD malloc version attempted to import into HardenedBSD: 5.8
	HardenedBSD version: 39

	I first copied malloc.c and malloc.3 to src/contrib/openbsd_malloc.

	I added a WITH_OBSDMALLOC flag to src/share/mk/bsd.src.opts that
	optionally switches from jemalloc to OpenBSD malloc.

	I created the directory src/lib/libc/stdlib/openbsd_malloc and copied
	over src/lib/libc/stdlib/jemalloc/Makefile.inc over to use as a
	#!/bin/sh
	#-
	# Copyright (c) 2015 HardenedBSD
	# Author: Shawn Webb <shawn.webb@hardenedbsd.org>
	#
	# This work originally sponsored by G2, Inc
	#
	# Redistribution and use in source and binary forms, with or without
	# modification, are permitted provided that the following conditions
	# are met:
	PID START END PRT RES PRES REF SHD FLAG TP PATH
	5247 0x570c579000 0x570c6d4000 r-x 256 261 3 2 CN-- vn /usr/local/bin/snort
	5247 0x570c8d3000 0x570c8d7000 r-- 4 0 1 0 CN-- vn /usr/local/bin/snort
	5247 0x570c8d7000 0x570c8d8000 rw- 1 0 1 0 C--- vn /usr/local/bin/snort
	5247 0x570c8d8000 0x570d748000 rw- 2591 2591 1 0 C-S- df
	5247 0x3b8789ba000 0x3b8789d9000 r-x 31 31 72 0 CN-- vn /libexec/ld-elf.so.1
	5247 0x3b8789d9000 0x3b878a08000 rw- 41 41 1 0 C--- df
	5247 0x3b878a08000 0x3b878a09000 rw- 1 1 1 0 ---- df
	5247 0x3b878bd8000 0x3b878bda000 rw- 2 2 1 0 C--- df
	5247 0x3b878bda000 0x3b878c0b000 r-x 3 4 2 1 CN-- vn /usr/local/lib/libsfbpf.so.0.0.1
	diff --git a/libexec/rtld-elf/rtld.c b/libexec/rtld-elf/rtld.c
	index 280d9f1..79a4206 100644
	--- a/libexec/rtld-elf/rtld.c
	+++ b/libexec/rtld-elf/rtld.c
	@@ -515,6 +515,10 @@ _rtld(Elf_Addr sp, func_ptr_type exit_proc, Obj_Entry **objp)
	dbg("initializing thread locks");
	lockdflt_init();

	+ if (aux_info[AT_STACKPROT] != NULL &&
	+ aux_info[AT_STACKPROT]->a_un.a_val != 0)
	Script started on Thu Feb 11 19:14:23 2016
	[1m[3m%[23m[1m[m k...webb/testpie\ [m[23m[24m[J[37m[1mhbsd-dev-laptop[shawn][m[00m:[34m[1m/home/shawn/gocode/src/gitlab.labs.g2-inc.net/shawn.webb/testpie[m[00m $ [K[108C[19:14:23][118D[?1h=[?2004heecho $GOPATH[?1l>[?2004l
	kecho\/home/shawn/gocode
	[1m[3m%[23m[1m[m k...webb/testpie\ [m[23m[24m[J[37m[1mhbsd-dev-laptop[shawn][m[00m:[34m[1m/home/shawn/gocode/src/gitlab.labs.g2-inc.net/shawn.webb/testpie[m[00m $ [K[108C[19:14:29][118D[?1h=[?2004hGGOROOT=${HOME}/projects/go ${HOME}/projects/go/bin/go ins