SwitchMode 2  

If this is a switch where you are controlling devices through MQTT and you don't want direct relay control, like say if you have smart-plugs on the switched outlet or you just want it to control smart-bulbs in various places, you need this:

Backlog Rule1 on switch1#state=1 do publish mini4/stat/SWITCH1 {"STATE":"ON"} endon  
Backlog Rule1 + on switch1#state=0 do publish mini4/stat/SWITCH1 {"STATE":"OFF"} endon  
Rule1 on  

Then you can set up the appropriate automation in HA based on the Mini's switch.

(The previous version of the code I have for this was before the days of MQTT HomeAssistant auto-discovery in Tasmota, via SetOption19 1. Which has now been superceded by SetOption19 0 Tasmota integration auto-discovery in HomeAssistant. Try to keep up.)

Oh. Neat. Apparently Switch<->Relay detachment is superceded with an option, if you have it... I do not, on v8.1.0. If you do:

SetOption114 1  

ffmpeg -y -i youtube-audio-file.webm -ss 00:31:26.0 -t 00:00:27.0 -c:a copy useable-file.opus

ss is the starting time. t is the duration of the section you are capturing.

Suppose you want to actually see the encoded text, if, for example, you want to manually make a wifi QR file but don't know the text format some online converter gave you for a different net.

Turns out zbarimg from the gentoo zbar package (w/ use +imagemagick) gets you that capability.

qrencode -r ~/wifi-info -o ~/wifi.png -t png  
# verify
zbarimg ~/wifi.png  

I also had to use this to figure out what wireguard wanted because the iOS app is insanely inflexible in what it considers to be a config file.

Also, just for fun, here's the wifi QR code format:

Vars: ssid_name, wifi_password  
QR-Code:WIFI:S:ssid_name;T:WPA;P:wifi_password;;  

Detect malformation (Output ok means database is valid)
sqlite3> PRAGMA integrity_check;

New database from SQL contents
echo ".read /path/to/output.sql" | sqlite3 /path/to/new_database_file.db

Making your dump compatible with other SQL servers (MariaDB/MySQL)

• Remove double quotes around column names, search CREATE TABLE, CREATE INDEX
• Remove PRAGMA foreign_keys=OFF;
• Remove BEGIN TRANSACTION; and COMMIT; if you don't feel the need to create and populate a full DB in one transaction...

echo -n 'passphrase' |\  
sha512sum |\  
awk '{print $1}' |\  
xxd -r -p |\  
base64 -w 0  

Replace sha512sum with the CLI hasher of your choosing, and adjust (or remove) awk as needed.

You still have to code out your own alpn-responder.py, but there's a workable sample on the net.

You have to provide some kind of self-signed cert for it in lieu of ubuntu/debian? snakeoil key/cert pairs that seem to exist.

With dehydrated configured and my alpn-responder wrapped in an openrc init script, I was able to rewrite the ansible playbook without much trouble. The hard part was adapting it to distribute the cert to hass.io locally on rpi.

The plan: mhart/alpine-node supports versions back to 0.10 series, perfect. I need sqlite, so I lifted the trivial Docker recipe to add from jansanchez/sqlite-alpine:

RUN apk update \  
  && apk add sqlite \
  && apk add socat

Buuuut... prebuilt sqlite3 JS lib has builtin symbol ref for memcpy on glibc. Alpine uses musl. Supposedly some kind of newer version has a patch that is necessary over node_modules/sqlite3/src/gcc-preinclude.h. Of course, it's not in what gets pulled down, so patching is required.

See discussion at https://github.com/mapbox/node-sqlite3/issues/459

--- a/sqlite3/src/gcc-preinclude.h    2015-05-08 07:48:21.000000000 -0700
+++ b/sqlite3/src/gcc-preinclude.h    2018-11-18 12:10:23.528699071 -0800
@@ -1,6 +1,6 @@

 // https://rjpower9000.wordpress.com/2012/04/09/fun-with-shared-libraries-version-glibc_2-14-not-found/

-#if defined(__linux__) && defined(__x86_64__)
+#if defined(__GLIBC__) && defined(__linux__) && defined(__x86_64__)
 __asm__(".symver memcpy,memcpy@GLIBC_2.2.5");
 #endif

Application within npm/docker process is a little tricky but doable. I included the patched file in my image build repo to avoid dealing w/ patch in alpine (maybe it would have been fine).

RUN apk add --no-cache make gcc g++ libc-dev python

RUN npm install -g node-pre-gyp  
RUN npm install --prod

RUN mv gcc-preinclude.h node_modules/sqlite3/src/gcc-preinclude.h  
WORKDIR node_modules/sqlite3  
RUN node-pre-gyp configure  
RUN node-pre-gyp build verbose  

Ready to build & run on the coreOS host:

docker build -t n/ghost:1.0 /data/docker_import/ghost  
docker run -d --name ghost1 --restart unless-stopped --mount type=bind,src=/data/ghost1,dst=/app/content --dns x.x.x.x -p x.x.x.x:2369:2369 -e NODE_ENV=production n/ghost:1.0  

# add to ignition yaml:
systemd:  
  units:
    - name: var-lib-docker.mount
      enable: true
      contents: |
        [Unit]
        Before=local-fs.target
        [Mount]
        What=/dev/disk/by-label/docker_data
        Where=/var/lib/docker
        Type=ext4
        Options=rw,relatime,seclabel,data=ordered
        [Install]
        WantedBy=local-fs.target

# regenerate ignition json:
ct -in-file tansu-config.yml -out-file tansu-config.ignition 

# create disk image
qemu-img create -f raw /data/coreos/tansu_docker.img 500G

# add line to wrapper script around coreos_production_qemu.sh:
-drive if=virtio,format=raw,file=/data/coreos/tansu_docker.img,discard=unmap \

# restart coreOS, format ext4, mount new disk,
rsync -xavSH /var/lib/docker/ /mnt/  
# create /etc/systemd/system/var-lib-docker.mount
systemctl enable var-lib-docker.mount  
# stop docker containers
systemctl stop docker  
rsync -xavSH /var/lib/docker/ /mnt/  
# reboot

Important bit about systemd mounts: unit file must be named according to Where path. docker.mount would fail with a delightfully useless error message, var-lib-docker.mount is what the unit must be called.

# skip some of the ExAttr stuff during copy
cp -pX /Volumes/time-machine/Backups.db/host/Latest/etc/ssh_host* /etc/ssh_host*

# list ACLs
ls -le /etc/ssh_host*

# remove ACLs
chown -N /etc/ssh_host*

# fix ownership if necessary
chown root:wheel /etc/ssh/ssh_host*  

because ssh x@y watch -n 60 bin doesn't just work (Error opening terminal: unknown.), there's a temptation to use watch -n 60 ssh x@y bin, which does just work. younger me did this in the ultra primitive raid monitoring i set up back in 2006 on the mac pro (i didn't want a daemonized mdadm, just not a fan). the shabby version of watch i installed for mac w/ fink back then has finally ceased functioning, so it was time to figure out:

ssh-tx@y watch -n 60 bin

to force pseudo tty allocation and make watch happy.

it has the added benefit of reducing the auth.log pollution from ssh'ing into raid hosts every 60 seconds to cat /proc/mdstat, as now watch runs on the local host in a long-running ssh session. always the preferred outcome, just not instantaneously worky. i recall wanting to know if fink would work for installing watch, as it was lacking on the mac platform.

i also set up graylog for a modernish alert delivery mechanism, but fixing the old thing is nice too. it has, technically, worked quite well to date, but now that email is everywhere there's a win to be had there.

pkgutil --expand ~/Downloads/ExampleApp.pkg /tmp/ExampleApp.unpkg

# look at a file list, not needed for just extraction
lsbom comexample.pkg/Bom

# unpack the payload
cat Payload | gzip -d | cpio -id  

I use gentoo prefix. Usually root-owned in users/shared … I also like to replace the openssh daemon mac os uses.

The process grows in diceyness perhaps. Here goes.

Only ever set it up once (per major os version), then rsync deploy.

I tried bootstrapping normally. Boy. That was a thing. Not recommended.

It was actually easier for me to take my existing 10.7 prefix and upgrade the CHOST on it/rebuild/upgrade. Not, you know, like a lot, but easier (it worked).

Changing the CHOST - Gentoo Wiki was sort of semi-applicable, had some useful info.

clang on Mac OS X was the most critical information nexus.

#!/bin/bash

# this script upgrades a macos 10.7 portage 2.2.10 prefix installation
# into a macos 10.9 portage 2.2.14 prefix installation w/ clang/llvm3.5
# prefix purpose is universal ed25519 ssh (vim, coreutils, etc)

EPREFIX="/Users/Shared/gentoo/"

# user1 is original owner (username) of the prefix, user2 is new
USER1="XXX"  
USER2="XXXNew"

if [[ ${SHELL#${EPREFIX}} == ${SHELL} ]] ; then  
    # Fix weird segfaults due to missing LANG in environment
    perl -p -i -e 's/env -i HOME=\$HOME/env -i LANG=\$LANG HOME=\$HOME/' ${EPREFIX}startprefix
    echo "Fixed startprefix script"
    echo "run ${EPREFIX}startprefix now and rerun fix_gentoo.sh"
    exit 0;
fi

perl -p -i -e 's/XXX/XXXNew/g' ${EPREFIX}usr/lib/portage/pym/portage/const_autotool.py  
perl -p -i -e 's/XXX/XXXNew/g' ${EPREFIX}usr/share/portage/config/make.globals  
echo "Fixed portage user"

# CHOST Changeover
echo "CHOST=\"x86_64-apple-darwin13\"" >> ${EPREFIX}etc/portage/make.conf

# rebuild binutils-apple
emerge -v binutils-apple  
ln -s ${EPREFIX}usr/x86_64-apple-darwin13/binutils-bin ${EPREFIX}usr/x86_64-apple-darwin11/binutils-bin  
mkdir -p ${EPREFIX}usr/x86_64-apple-darwin11/x86_64-apple-darwin13/lib  
ln -s ${EPREFIX}usr/lib/gcc/x86_64-apple-darwin11/4.2.1 ${EPREFIX}usr/x86_64-apple-darwin11/x86_64-apple-darwin13/lib/gcc  
#ln -s ${EPREFIX}usr/x86_64-apple-darwin11/gcc-bin ${EPREFIX}usr/x86_64-apple-darwin13/gcc-bin
emerge -v binutils-config  
binutils-config 1  
env-update  
. ${EPREFIX}etc/profile

# rebuild gcc-apple
GCC_BUILDS=0  
while true; do  
    emerge -v gcc-apple
    STATUS=$?
    if [[ $STATUS == 0 ]]; then
        # gcc successfully built
        # this was taking about 5 attempts for me
         # really dunno what to say about that
        break;
    else
        GCC_BUILDS=$[$GCC_BUILDS + 1];
        if [ $GCC_BUILDS -gt 10 ]; then
            echo
            echo "GCC WOULD NOT BUILD AFTER 10 ATTEMPTS."
            echo
            exit 1;
        fi
    fi
done;  
rm ${EPREFIX}etc/env.d/04gcc-x86_64-apple-darwin11  
rm ${EPREFIX}etc/env.d/gcc/config-x86_64-apple-darwin11  
env-update  
. ${EPREFIX}etc/profile

# clean up, rebuild 4-5 packs, worked
emerge -v @preserved-rebuild  
rm -r ${EPREFIX}usr/x86_64-apple-darwin11  
rm -r ${EPREFIX}usr/bin/x86_64-apple-darwin11-*

# full changeover in profile, remove explicit CHOST
eselect profile set 5  
perl -p -i -e 's/CHOST="x86_64-apple-darwin13"//' ${EPREFIX}etc/portage/make.conf  
env-update  
. ${EPREFIX}etc/profile

# rebuild binutils w/ rebuilt gcc
emerge -v binutils-config binutils-apple  
. ${EPREFIX}etc/profile

# rebuild gcc w/ rebuilt gcc <== this actually never worked
emerge -v gcc-config  
#GCC_BUILDS=0
#while true; do
#    emerge -v gcc-apple
#    STATUS=$?
#    if [[ $STATUS == 0 ]]; then
#        # gcc successfully built
#        break;
#    else
#        GCC_BUILDS=$[$GCC_BUILDS + 1];
#        if [ $GCC_BUILDS -gt 10 ]; then
#            echo
#            echo "GCC WOULD NOT REBUILD AFTER 10 ATTEMPTS."
#            echo
#            exit 1;
#        fi
#    fi
#done;

# UPDATE PORTAGE TREE
# 1ST PATH IS PATH TO AN UPDATED PORTAGE TREE, IN MY CASE FROM FAILED BOOTSTRAP
rsync -avSH --delete-after --exclude distfiles/ --exclude metadata/ ~XXX/gentoo/usr/portage/ ${EPREFIX}usr/portage/  
rsync -avSH /Users/XXX/gentoo/usr/portage/distfiles/ ${EPREFIX}usr/portage/distfiles/  
emerge -v dev-libs/libiconv gcc-config binutils-apple  
# libffi upgrade needed, can't rebuild gcc now w/o portage upgrade
. ${EPREFIX}etc/profile
emerge -v gmp autoconf-wrapper automake-wrapper  
emerge -v mpfr dev-libs/libffi pidof-bsd file less coreutils  
hash -r  
emerge -v patch  
# two-step upgrade to portage 2.2.14(+?)
emerge -v =sys-apps/portage-2.2.10.1-r1  
emerge -v portage  
emerge -v gcc-apple  
. ${EPREFIX}etc/profile
emerge -v ncurses  
echo "sys-devel/llvm  clang" >> ${EPREFIX}etc/portage/package.use  
emerge -v llvm:0/3.4

# get libcxx-apple ebuild
wget https://github.com/fishman/timebomb-gentoo-osx-overlay/archive/master.zip  
unzip master.zip  
mv timebomb-gentoo-osx-overlay-master/sys-libs/libcxx-apple ${EPREFIX}usr/local/portage/sys-libs/  
rm -r timebomb-gentoo-osx-overlay-master  
ebuild ${EPREFIX}usr/local/portage/sys-libs/libcxx-apple manifest  
emerge -v libcxx-apple  
# pulled in a bunch of subversion dep bullshit but fine.

# set up portage environment to use clang(11)
mkdir ${EPREFIX}etc/portage/env  
echo "CC=clang  
CXX=clang++  
CFLAGS=\"${CFLAGS} -stdlib=libstdc++\"  
CXXFLAGS=\"${CXXFLAGS} -stdlib=libstdc++\"" > ${EPREFIX}etc/portage/env/clang  
echo "CC=clang  
CXX=clang++  
CFLAGS=\"${CFLAGS}\"  
CXXFLAGS=\"${CXXFLAGS} -std=c++11 -stdlib=libstdc++\"  
LDFLAGS=\"${LDFLAGS} -stdlib=libc++\"" > ${EPREFIX}etc/portage/env/clang11

# use clang11 for llvm-3.5+ & binutils-apple
echo ">=sys-devel/llvm-3.5                    clang11" >> ${EPREFIX}etc/portage/package.env  
echo "sys-devel/binutils-apple:6[libcxx]      clang11" >> ${EPREFIX}etc/portage/package.env

emerge -v llvm:0/3.5

echo ">=sys-devel/llvm-3.6.0" >> ${EPREFIX}etc/portage/package.mask

# building binutils-apple[libcxx] didn't happen

# strategically rebuild the system
emerge -v binutils-config  
emerge -v perl-cleaner perl  
perl-cleaner --all -- -v  
emerge -v gnuconfig gzip help2man which wget  
emerge -v ca-certificates eselect rsync glib:2 pkgconfig  
emerge -v python:2.7  
emerge -v libxslt gettext debianutils nano grep popt  
emerge -v gentoolkit baselayout-prefix  
emerge -vu csu libiconv perl-File-Spec automake libtool:2 expat \  
  perl-ExtUtils-Manifest ExtUtils-Manifest sed make gtk-doc-am
emerge -v dev-perl/libintl-perl  
emerge -v openssl

emerge --deselect -v pkgconfig glib:2 perl-cleaner ca-certificates portage python openssl groff \  
  eselect flex nano popt libxslt gettext libintl-perl Text-Unidecode gtk-doc-am debianutils expat \
  libtool:2 perl-ExtUtils-Manifest automake ExtUtils-Manifest help2man perl-File-Spec perl mpfr \
  gmp automake-wrapper autoconf-wrapper pax-utils libffi dev-libs/libiconv binutils-config \
  gcc-config mime-types zlib ncurses

# bzip won't build w/o FEATURE="allow_broken_install_names", i'm wary, just mask it
echo ">=app-arch/bzip2-1.0.6-r7" >> ${EPREFIX}etc/portage/package.mask

emerge -v nano  
emerge -vtuDN --with-bdeps y world  
emerge -av --depclean  
eclean-dist


# do your upgrade of openssh now, an 1.8 ebuild w/ just --with-pam works w/ password auth on mac os 10.9
# patches would probably help the 4-5 second delay on login, but i'm not worrying about that for now

I installed llvm 3.4/clang & used it to build llvm 3.5/clang, but didn’t actually use it for anything. just might sometime.

Additional SSH specific notes:

OpenSSH6.8p1 prefix ebuild forces -pam, which, I guess makes sense in a prefix context, but I prefer to make the prefix sshd replace the system one, so just replace usewith pam to –with-pam to econf in the ebuild. DNS resolution is one of the more fail-forward things happening on mac os. To prevent a five second delay on logins, add UseDNS no to sshdconfig.
Previous MacOS, like 10.7, had issues that required turning off AcceptEnv LANG LC* in the sshd_config. With 10.9, the behavior is ‘upgraded’ to segfaulting on missing LANG in environment, so AcceptEnv LANG is very much required.

END

follows the bootstrapping. first attempt.

TLDR: it doesn’t go very far, is very challenge, and requires much further research.

Download the newest bootstrap-prefix.sh script

'''
export EPREFIX=/Users/X/gentoo
./bootstrap-prefix.sh

hah yeah right!
'''

set up in ~/gentoo … we’ll have to move/chown after bootstrap because it hates root (and wheel)

apparently the bootstrap process for mac os 10.9 is reaaaaaally terrible. probably 10.8 as well from what i’ve read. the main issues stem from apple removing vital gnu dev components. gcc, automake, autoconf, libtool, readline (replaced w/ an incompatible .h system-accessible). the next issue is determining the proper blend of –std=gnu89 during various stage emerging.

getting through stage1 & 2 was quite difficult, involved path hacking, symlinking bash & perl into future gentoo tree … coaxing things to build by temp moving system includes, adding proper include paths directly to cflags (gentoo/usr/include, gentoo/tmp/usr/include). i mean … grisly.

gcc-apple, for example, requires CC="gcc -std=gnu89″. coreutils, on the other hand, will only build in 99+ mode. try and let as much build in/with/available 99 mode as possible.

CC="gcc -std=gnu89 " emerge --oneshot --nodeps -av gcc-apple emerge -av system (deselect a bunch of stuff from world) emerge -av system … goes ok, dies 37 pks in at gmp, –enable-cxx is on. fails super early, during configure, basically w/ no output.

interestingly, ncurses built fine w/ cxx enabled

in the bootstrapped environment, c++ stuff is not so build for some reason, perhaps substantial binary incompatibility due to gcc-apple 4.2. suspect llvm/clang would be ideal? gentoo llvm is at 3.6, apple is based on 3.5

install fsf gcc 4.7, use it (gcc-config, env-update, . gentoo/etc/profile) to build llvm/clang

llvm does not build.

Undefined symbols for architecture x86_64:  
  "llvm::TargetRegisterInfo::composeSubRegIndexLaneMaskImpl(unsigned int, unsigned int) const", referenced from:
      vtable for llvm::TargetRegisterInfo in libLLVMCodeGen.a(TargetRegisterInfo.o)
  "llvm::TargetRegisterInfo::composeSubRegIndicesImpl(unsigned int, unsigned int) const", referenced from:
      vtable for llvm::TargetRegisterInfo in libLLVMCodeGen.a(TargetRegisterInfo.o)
ld: symbol(s) not found for architecture x86_64  
collect2: error: ld returned 1 exit status  
/Users/table/gentoo/var/tmp/portage/sys-devel/llvm-3.6.0/work/llvm-3.6.0.src/Makefile.rules:1199: recipe for target '/Users/table/gentoo/var/tmp/portage/sys-devel/llvm-3.6.0/work/llvm-3.6.0.src-.amd64/Release/lib/libLLVM-3.6.dylib' failed

hmm. some things seem to work. it is odd. openssh is def old & shitty on 10.9… still kinda want that real sshd…

my spam scanning system, however, was another thing. amavis & spamassassin = such perl. it took several hours to figure this stuff out (due to minutes long ‘calculating dependencies’ on this ancient hardware).

TLDR:

emerge -utav $(qlist -IC 'virtual/perl-*')  

OK. so. I’ve seen other issues in the past, and they boiled down to ‘having the wrong things’ in world (/var/lib/portage/world).

OK, yeah, I’ve got perl-core/IO-Socket-IP in there … 7 virtuals … 6ish dev-perl packs. Maybe it’s that.

emerge --deselect -av IO-Socket-IP  
emerge -utavD perl  
# different, not fixed.
emerge --deselect -av virtual/perl-ExtUtils-ParseXS perl-File-Temp perl-IO-Zlib perl-Locale-Maketext-Simple perl-Net-Ping perl-Package-Constants perl-libnet  
emerge -utavD perl  
# different, not fixed.
emerge -utavD perl ... added all dev-perl packages ... then some others ... no help.

# start using qlist, from a gentoo forum suggestion
emerge -utav perl Net-HTTP JSON Net-DNS Net-SSLeay libwww-perl DBI DBD-mysql IO-Socket-IP HTML-Parser perl-version net-server perl-Pod-Parser spamassassin Net-Ping MIME-tools $(qlist -IC 'virtual/perl-*') dev-perl/extutils-pkgconfig  
emerge -utav perl Net-HTTP JSON Net-DNS Net-SSLeay libwww-perl DBI DBD-mysql IO-Socket-IP HTML-Parser perl-version net-server MIME-tools $(qlist -IC 'dev-perl/*') $(qlist -IC 'virtual/perl-*') dev-perl/extutils-pkgconfig amavisd-new  
emerge -utav $(qlist -IC 'dev-perl/*') $(qlist -IC 'virtual/perl-*') $(qlist -IC 'perl-core/*')

# aaaaaaand, this worked:
emerge -utav  $(qlist -IC 'virtual/perl-*')  

If you are having a hard time upgrading perl on gentoo, apparently emerge -u with all installed virtual/perl-* atoms is the way to go.

If it doesn’t work, I would guess that deselecting perl-core/* and virtual/perl-* from world was actually important.

suppose you have a server with sophisticated storage capabilities that you don’t always want to come up on boot. if, for example, booting in a recovery mode to poke around.

you could easily enough just add all the services to the default runlevel and set up a bunch of lines in /etc/rc.conf to make your services depend (use/need) on a central ’storage’ service.

so yeah, i’ve done that, but i also still don’t want my services to start automatically. in this particular case, i actually want to have to manually start things after confirming other things.

so…enter stacked runlevel, allowing me to easily start a set of services.

set up new runlevel:

# 'create' a runlevel called 'storage'
mkdir /etc/runlevels/storage  
# add the 'default' runlevel to the new runlevel
rc-update -s add default storage  
on boot, post-verify:

rc storage  

seems like it would have issues scaling to a variety of runlevel needs, but that’s why people use systemd. ’stacking’ works well ‘up’, not so great laterally.

nvram boot-args  
boot-args    maxloreserve=425 ncl=131072 initmcl=131072 nbuf=131072

sysctl.conf  
# boot time only: DONT WORK
# kern.ipc.maxsockets=2048
# kern.ipc.nmbclusters=131072


# regular net options:

#net.inet.tcp.delayed_ack=0
kern.maxfiles=204800  
#kern.ipc.maxsockets=204800

# Max backlog size, def 128

kern.ipc.somaxconn=4096

#kern.ipc.maxsockbuf=16777216
#kern.ipc.maxsockbuf=1572864
# previous entry:
#kern.ipc.maxsockbuf=8388608

# current:
#kern.ipc.maxsockbuf=33554432

#net.inet.tcp.sendspace=786432
#net.inet.tcp.recvspace=786432

# current :
#net.inet.tcp.sendspace=262144
#net.inet.tcp.recvspace=262144
#net.inet.tcp.sockthreshold=0
#net.smb.fs.tcpsndbuf=262144
#net.smb.fs.tcprcvbuf=262144
kern.sysv.shmmax=16777216  
kern.sysv.shmmin=1  
kern.sysv.shmmni=32  
kern.sysv.shmseg=8  
kern.sysv.shmall=4096



kern.ipc.maxsockbuf=4194304  
#kern.ipc.somaxconn=2048
#kern.ipc.nmbclusters=2048
net.inet.tcp.rfc1323=1  
net.inet.tcp.win_scale_factor=4  
net.inet.tcp.sockthreshold=16  
net.inet.tcp.sendspace=1042560  
net.inet.tcp.recvspace=1042560  
net.inet.tcp.mssdflt=1448  
net.inet.tcp.msl=15000  
net.inet.tcp.always_keepalive=0  
net.inet.tcp.delayed_ack=3  
net.inet.tcp.slowstart_flightsize=20  
net.inet.tcp.blackhole=2  
net.inet.udp.blackhole=1  
net.inet.icmp.icmplim=50  

I doubt that it is all correct at this point. I’ve noticed network interface resets.