Re: 7.5 install crashes on "entry point at 0x1001000" HP Elitebook 840 G10
Hi, thanks Philip for your diagnostic. I will be available to make some tests when someone will have time to spend on it. Thanks a lot. Regards, Comete 4 juillet 2024 07:14 "Philip Guenther" a écrit: > On Mon, Jun 24, 2024 at 2:16 AM Comète wrote: > >> finally i'm still stuck on this problem. Are there any other tests I can do ? > > It looks like this machine has a physical memory layout (available > physical addresses) that OpenBSD doesn't currently support, and the > usual suspects have other things going so no immediate plans to work > on changing that. Sorry it won't work for you. > > Philip Guenther > >> Thank you >> >> Comete >> >> 27 mai 2024 21:24 "Comète" a écrit: >> >> Hi Aaron, >> >> thanks for the idea. Booting the regular kernel as suggested, has the same >> result: >> it freezes on "entry point at 0x1001000" too. >> >> Thanks a lot. >> >> Comete >> >> 27 mai 2024 04:48 "Aaron Mason" a écrit: >> >> Hi >> >> Can you try booting the regular kernel? You should be able to do it this way: >> >> boot> /7.5/amd64/bsd >> >> If it makes it past the stage where the install kernel fails, it'll >> panic at the lack of root, which is expected. >> >> Might be a pointless move but it might help eliminate the install >> kernel as a variable. >> >> On Fri, May 24, 2024 at 10:30 PM Comète wrote: >> >> Thanks Sven, >> >> I can't install OpenBDS because I get the error when trying to boot the >> install image. >> >> Comete >> >> 24 mai 2024 07:48 "Sven Wolf" a écrit: >> >> Hi, >> >> I had a silimar issue on a Lenovo V130. >> For this machine I needed to remove the amdgpu driver in the kernel. >> >> See also: >> https://marc.info/?l=openbsd-misc&m=160232897421774&w=2 >> https://marc.info/?l=openbsd-tech&m=160383074317608&w=2 >> >> Do you get the error "entry point at 0x1001000" also with the bsd.rd kernel >> or only after you >> installed the system with the bsd.mp/bsd.sp kernel? >> >> Best regards, >> Sven >> >> On 5/23/24 22:40, Comète wrote: >> >> Hello, >> I tried to install OpenBSD 7.5 on a new HP Elitebook 840 G10 (UEFI capable >> only) without success. >> It is stuck at boot on "entry point at 0x1001000". >> Even retried after a BIOS upgrade but no luck either. >> I tried with a snapshot install too with the same result. >> I post here what lspci returns from a debian bookworm: >> 00:00.0 Host bridge: Intel Corporation Device a706 >> 00:02.0 VGA compatible controller: Intel Corporation Raptor Lake-P [Iris Xe >> Graphics] (rev 04) >> 00:04.0 Signal processing controller: Intel Corporation Raptor Lake Dynamic >> Platform and Thermal >> Framework Processor Participant >> 00:06.0 PCI bridge: Intel Corporation Raptor Lake PCIe 4.0 Graphics Port >> 00:06.2 PCI bridge: Intel Corporation Device a73d >> 00:07.0 PCI bridge: Intel Corporation Raptor Lake-P Thunderbolt 4 PCI >> Express Root Port >> 00:07.2 PCI bridge: Intel Corporation Raptor Lake-P Thunderbolt 4 PCI >> Express Root Port >> 00:08.0 System peripheral: Intel Corporation GNA Scoring Accelerator module >> 00:0a.0 Signal processing controller: Intel Corporation Raptor Lake Crashlog >> and Telemetry (rev 01) >> 00:0d.0 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 USB >> Controller >> 00:0d.2 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 NHI >> 00:0d.3 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 NHI >> 00:14.0 USB controller: Intel Corporation Alder Lake PCH USB 3.2 xHCI Host >> Controller (rev 01) >> 00:14.2 RAM memory: Intel Corporation Alder Lake PCH Shared SRAM (rev 01) >> 00:14.3 Network controller: Intel Corporation Raptor Lake PCH CNVi WiFi (rev >> 01) >> 00:15.0 Serial bus controller: Intel Corporation Alder Lake PCH Serial IO >> I2C Controller #0 (rev >> 01) >> 00:16.0 Communication controller: Intel Corporation Alder Lake PCH HECI >> Controller (rev 01) >> 00:16.3 Serial controller: Intel Corporation Alder Lake AMT SOL Redirection >> (rev 01) >> 00:1c.0 PCI bridge: Intel Corporation Alder Lake PCH-P PCI Express Root Port >> #9 (rev 01) >> 00:1e.0 Communication controller: Intel Corporation Alder Lake PCH UART #0 >> (rev 01) >> 00:1e.2 Serial bus controller: Intel Corporation Alder Lake SPI Controller >> (rev 01) >> 00:1f.0 ISA bridge: Intel Corporation Raptor Lake LPC/eSPI Controller (rev >> 01) >> 00:1f.3 Multimedia audio controller: Intel Corporation Raptor Lake-P/U/H >> cAVS (rev 01) >> 00:1f.4 SMBus: Intel Corporation Alder Lake PCH-P SMBus Host Controller (rev >> 01) >> 00:1f.5 Serial bus controller: Intel Corporation Alder Lake-P PCH SPI >> Controller (rev 01) >> 02:00.0 Non-Volatile memory controller: SK hynix BC901 NVMe Solid State >> Drive (DRAM-less) (rev 03) >> 57:00.0 Wireless controller [0d40]: Intel Corporation XMM7560 LTE Advanced >> Pro Modem (rev 01) >> Thanks for your help. >> Comete >> >> -- >> Aaron Mason - Programmer, open source addict >> I've taken my software vows - for beta or for worse
Re: 7.5 install crashes on "entry point at 0x1001000" HP Elitebook 840 G10
Hello, finally i'm still stuck on this problem. Are there any other tests I can do ? Thank you Comete 27 mai 2024 21:24 "Comète" a écrit: > Hi Aaron, > > thanks for the idea. Booting the regular kernel as suggested, has the same > result: > it freezes on "entry point at 0x1001000" too. > > Thanks a lot. > > Comete > > 27 mai 2024 04:48 "Aaron Mason" a écrit: > >> Hi >> >> Can you try booting the regular kernel? You should be able to do it this way: >> >> boot> /7.5/amd64/bsd >> >> If it makes it past the stage where the install kernel fails, it'll >> panic at the lack of root, which is expected. >> >> Might be a pointless move but it might help eliminate the install >> kernel as a variable. >> >> On Fri, May 24, 2024 at 10:30 PM Comète wrote: >> >>> Thanks Sven, >>> >>> I can't install OpenBDS because I get the error when trying to boot the >>> install image. >>> >>> Comete >>> >>> 24 mai 2024 07:48 "Sven Wolf" a écrit: >>> >>> Hi, >>> >>> I had a silimar issue on a Lenovo V130. >>> For this machine I needed to remove the amdgpu driver in the kernel. >>> >>> See also: >>> https://marc.info/?l=openbsd-misc&m=160232897421774&w=2 >>> https://marc.info/?l=openbsd-tech&m=160383074317608&w=2 >>> >>> Do you get the error "entry point at 0x1001000" also with the bsd.rd kernel >>> or only after you >>> installed the system with the bsd.mp/bsd.sp kernel? >>> >>> Best regards, >>> Sven >>> >>> On 5/23/24 22:40, Comète wrote: >>> >>> Hello, >>> I tried to install OpenBSD 7.5 on a new HP Elitebook 840 G10 (UEFI capable >>> only) without success. >>> It is stuck at boot on "entry point at 0x1001000". >>> Even retried after a BIOS upgrade but no luck either. >>> I tried with a snapshot install too with the same result. >>> I post here what lspci returns from a debian bookworm: >>> 00:00.0 Host bridge: Intel Corporation Device a706 >>> 00:02.0 VGA compatible controller: Intel Corporation Raptor Lake-P [Iris Xe >>> Graphics] (rev 04) >>> 00:04.0 Signal processing controller: Intel Corporation Raptor Lake Dynamic >>> Platform and Thermal >>> Framework Processor Participant >>> 00:06.0 PCI bridge: Intel Corporation Raptor Lake PCIe 4.0 Graphics Port >>> 00:06.2 PCI bridge: Intel Corporation Device a73d >>> 00:07.0 PCI bridge: Intel Corporation Raptor Lake-P Thunderbolt 4 PCI >>> Express Root Port >>> 00:07.2 PCI bridge: Intel Corporation Raptor Lake-P Thunderbolt 4 PCI >>> Express Root Port >>> 00:08.0 System peripheral: Intel Corporation GNA Scoring Accelerator module >>> 00:0a.0 Signal processing controller: Intel Corporation Raptor Lake >>> Crashlog and Telemetry (rev 01) >>> 00:0d.0 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 USB >>> Controller >>> 00:0d.2 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 NHI >>> 00:0d.3 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 NHI >>> 00:14.0 USB controller: Intel Corporation Alder Lake PCH USB 3.2 xHCI Host >>> Controller (rev 01) >>> 00:14.2 RAM memory: Intel Corporation Alder Lake PCH Shared SRAM (rev 01) >>> 00:14.3 Network controller: Intel Corporation Raptor Lake PCH CNVi WiFi >>> (rev 01) >>> 00:15.0 Serial bus controller: Intel Corporation Alder Lake PCH Serial IO >>> I2C Controller #0 (rev >>> 01) >>> 00:16.0 Communication controller: Intel Corporation Alder Lake PCH HECI >>> Controller (rev 01) >>> 00:16.3 Serial controller: Intel Corporation Alder Lake AMT SOL Redirection >>> (rev 01) >>> 00:1c.0 PCI bridge: Intel Corporation Alder Lake PCH-P PCI Express Root >>> Port #9 (rev 01) >>> 00:1e.0 Communication controller: Intel Corporation Alder Lake PCH UART #0 >>> (rev 01) >>> 00:1e.2 Serial bus controller: Intel Corporation Alder Lake SPI Controller >>> (rev 01) >>> 00:1f.0 ISA bridge: Intel Corporation Raptor Lake LPC/eSPI Controller (rev >>> 01) >>> 00:1f.3 Multimedia audio controller: Intel Corporation Raptor Lake-P/U/H >>> cAVS (rev 01) >>> 00:1f.4 SMBus: Intel Corporation Alder Lake PCH-P SMBus Host Controller >>> (rev 01) >>> 00:1f.5 Serial bus controller: Intel Corporation Alder Lake-P PCH SPI >>> Controller (rev 01) >>> 02:00.0 Non-Volatile memory controller: SK hynix BC901 NVMe Solid State >>> Drive (DRAM-less) (rev 03) >>> 57:00.0 Wireless controller [0d40]: Intel Corporation XMM7560 LTE Advanced >>> Pro Modem (rev 01) >>> Thanks for your help. >>> Comete >> >> -- >> Aaron Mason - Programmer, open source addict >> I've taken my software vows - for beta or for worse
Re: 7.5 install crashes on "entry point at 0x1001000" HP Elitebook 840 G10
Hi Aaron, thanks for the idea. Booting the regular kernel as suggested, has the same result: it freezes on "entry point at 0x1001000" too. Thanks a lot. Comete 27 mai 2024 04:48 "Aaron Mason" a écrit: > Hi > > Can you try booting the regular kernel? You should be able to do it this way: > > boot> /7.5/amd64/bsd > > If it makes it past the stage where the install kernel fails, it'll > panic at the lack of root, which is expected. > > Might be a pointless move but it might help eliminate the install > kernel as a variable. > > On Fri, May 24, 2024 at 10:30 PM Comète wrote: > >> Thanks Sven, >> >> I can't install OpenBDS because I get the error when trying to boot the >> install image. >> >> Comete >> >> 24 mai 2024 07:48 "Sven Wolf" a écrit: >> >> Hi, >> >> I had a silimar issue on a Lenovo V130. >> For this machine I needed to remove the amdgpu driver in the kernel. >> >> See also: >> https://marc.info/?l=openbsd-misc&m=160232897421774&w=2 >> https://marc.info/?l=openbsd-tech&m=160383074317608&w=2 >> >> Do you get the error "entry point at 0x1001000" also with the bsd.rd kernel >> or only after you >> installed the system with the bsd.mp/bsd.sp kernel? >> >> Best regards, >> Sven >> >> On 5/23/24 22:40, Comète wrote: >> >> Hello, >> I tried to install OpenBSD 7.5 on a new HP Elitebook 840 G10 (UEFI capable >> only) without success. >> It is stuck at boot on "entry point at 0x1001000". >> Even retried after a BIOS upgrade but no luck either. >> I tried with a snapshot install too with the same result. >> I post here what lspci returns from a debian bookworm: >> 00:00.0 Host bridge: Intel Corporation Device a706 >> 00:02.0 VGA compatible controller: Intel Corporation Raptor Lake-P [Iris Xe >> Graphics] (rev 04) >> 00:04.0 Signal processing controller: Intel Corporation Raptor Lake Dynamic >> Platform and Thermal >> Framework Processor Participant >> 00:06.0 PCI bridge: Intel Corporation Raptor Lake PCIe 4.0 Graphics Port >> 00:06.2 PCI bridge: Intel Corporation Device a73d >> 00:07.0 PCI bridge: Intel Corporation Raptor Lake-P Thunderbolt 4 PCI >> Express Root Port >> 00:07.2 PCI bridge: Intel Corporation Raptor Lake-P Thunderbolt 4 PCI >> Express Root Port >> 00:08.0 System peripheral: Intel Corporation GNA Scoring Accelerator module >> 00:0a.0 Signal processing controller: Intel Corporation Raptor Lake Crashlog >> and Telemetry (rev 01) >> 00:0d.0 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 USB >> Controller >> 00:0d.2 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 NHI >> 00:0d.3 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 NHI >> 00:14.0 USB controller: Intel Corporation Alder Lake PCH USB 3.2 xHCI Host >> Controller (rev 01) >> 00:14.2 RAM memory: Intel Corporation Alder Lake PCH Shared SRAM (rev 01) >> 00:14.3 Network controller: Intel Corporation Raptor Lake PCH CNVi WiFi (rev >> 01) >> 00:15.0 Serial bus controller: Intel Corporation Alder Lake PCH Serial IO >> I2C Controller #0 (rev >> 01) >> 00:16.0 Communication controller: Intel Corporation Alder Lake PCH HECI >> Controller (rev 01) >> 00:16.3 Serial controller: Intel Corporation Alder Lake AMT SOL Redirection >> (rev 01) >> 00:1c.0 PCI bridge: Intel Corporation Alder Lake PCH-P PCI Express Root Port >> #9 (rev 01) >> 00:1e.0 Communication controller: Intel Corporation Alder Lake PCH UART #0 >> (rev 01) >> 00:1e.2 Serial bus controller: Intel Corporation Alder Lake SPI Controller >> (rev 01) >> 00:1f.0 ISA bridge: Intel Corporation Raptor Lake LPC/eSPI Controller (rev >> 01) >> 00:1f.3 Multimedia audio controller: Intel Corporation Raptor Lake-P/U/H >> cAVS (rev 01) >> 00:1f.4 SMBus: Intel Corporation Alder Lake PCH-P SMBus Host Controller (rev >> 01) >> 00:1f.5 Serial bus controller: Intel Corporation Alder Lake-P PCH SPI >> Controller (rev 01) >> 02:00.0 Non-Volatile memory controller: SK hynix BC901 NVMe Solid State >> Drive (DRAM-less) (rev 03) >> 57:00.0 Wireless controller [0d40]: Intel Corporation XMM7560 LTE Advanced >> Pro Modem (rev 01) >> Thanks for your help. >> Comete > > -- > Aaron Mason - Programmer, open source addict > I've taken my software vows - for beta or for worse
Re: 7.5 install crashes on "entry point at 0x1001000" HP Elitebook 840 G10
Hello, This is a link to a screenshot, I can't copy/paste at this step: https://ibb.co/tpr8zBz Thanks a lot ! Comete Le 24 mai 2024 20:38:45 GMT+02:00, Mike Larkin a écrit : >On Fri, May 24, 2024 at 06:59:24AM +, Comète wrote: >> Thanks Sven, >> >> I can't install OpenBDS because I get the error when trying to boot the >> install image. >> >> Comete >> > >At the boot> prompt, can you show what "mach mem" prints? > >Thanks > >-ml > >> 24 mai 2024 07:48 "Sven Wolf" a écrit: >> >> > Hi, >> > >> > I had a silimar issue on a Lenovo V130. >> > For this machine I needed to remove the amdgpu driver in the kernel. >> > >> > See also: >> > https://marc.info/?l=openbsd-misc&m=160232897421774&w=2 >> > https://marc.info/?l=openbsd-tech&m=160383074317608&w=2 >> > >> > Do you get the error "entry point at 0x1001000" also with the bsd.rd >> > kernel or only after you >> > installed the system with the bsd.mp/bsd.sp kernel? >> > >> > Best regards, >> > Sven >> > >> > On 5/23/24 22:40, Comète wrote: >> > >> >> Hello, >> >> I tried to install OpenBSD 7.5 on a new HP Elitebook 840 G10 (UEFI >> >> capable only) without success. >> >> It is stuck at boot on "entry point at 0x1001000". >> >> Even retried after a BIOS upgrade but no luck either. >> >> I tried with a snapshot install too with the same result. >> >> I post here what lspci returns from a debian bookworm: >> >> 00:00.0 Host bridge: Intel Corporation Device a706 >> >> 00:02.0 VGA compatible controller: Intel Corporation Raptor Lake-P [Iris >> >> Xe Graphics] (rev 04) >> >> 00:04.0 Signal processing controller: Intel Corporation Raptor Lake >> >> Dynamic Platform and Thermal >> >> Framework Processor Participant >> >> 00:06.0 PCI bridge: Intel Corporation Raptor Lake PCIe 4.0 Graphics Port >> >> 00:06.2 PCI bridge: Intel Corporation Device a73d >> >> 00:07.0 PCI bridge: Intel Corporation Raptor Lake-P Thunderbolt 4 PCI >> >> Express Root Port >> >> 00:07.2 PCI bridge: Intel Corporation Raptor Lake-P Thunderbolt 4 PCI >> >> Express Root Port >> >> 00:08.0 System peripheral: Intel Corporation GNA Scoring Accelerator >> >> module >> >> 00:0a.0 Signal processing controller: Intel Corporation Raptor Lake >> >> Crashlog and Telemetry (rev 01) >> >> 00:0d.0 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 USB >> >> Controller >> >> 00:0d.2 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 NHI >> >> 00:0d.3 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 NHI >> >> 00:14.0 USB controller: Intel Corporation Alder Lake PCH USB 3.2 xHCI >> >> Host Controller (rev 01) >> >> 00:14.2 RAM memory: Intel Corporation Alder Lake PCH Shared SRAM (rev 01) >> >> 00:14.3 Network controller: Intel Corporation Raptor Lake PCH CNVi WiFi >> >> (rev 01) >> >> 00:15.0 Serial bus controller: Intel Corporation Alder Lake PCH Serial IO >> >> I2C Controller #0 (rev >> >> 01) >> >> 00:16.0 Communication controller: Intel Corporation Alder Lake PCH HECI >> >> Controller (rev 01) >> >> 00:16.3 Serial controller: Intel Corporation Alder Lake AMT SOL >> >> Redirection (rev 01) >> >> 00:1c.0 PCI bridge: Intel Corporation Alder Lake PCH-P PCI Express Root >> >> Port #9 (rev 01) >> >> 00:1e.0 Communication controller: Intel Corporation Alder Lake PCH UART >> >> #0 (rev 01) >> >> 00:1e.2 Serial bus controller: Intel Corporation Alder Lake SPI >> >> Controller (rev 01) >> >> 00:1f.0 ISA bridge: Intel Corporation Raptor Lake LPC/eSPI Controller >> >> (rev 01) >> >> 00:1f.3 Multimedia audio controller: Intel Corporation Raptor Lake-P/U/H >> >> cAVS (rev 01) >> >> 00:1f.4 SMBus: Intel Corporation Alder Lake PCH-P SMBus Host Controller >> >> (rev 01) >> >> 00:1f.5 Serial bus controller: Intel Corporation Alder Lake-P PCH SPI >> >> Controller (rev 01) >> >> 02:00.0 Non-Volatile memory controller: SK hynix BC901 NVMe Solid State >> >> Drive (DRAM-less) (rev 03) >> >> 57:00.0 Wireless controller [0d40]: Intel Corporation XMM7560 LTE >> >> Advanced Pro Modem (rev 01) >> >>> Thanks for your help. >> >> Comete >> -- Envoyé de mon téléphone. Excusez la brièveté.
Re: 7.5 install crashes on "entry point at 0x1001000" HP Elitebook 840 G10
Thanks Sven, I can't install OpenBDS because I get the error when trying to boot the install image. Comete 24 mai 2024 07:48 "Sven Wolf" a écrit: > Hi, > > I had a silimar issue on a Lenovo V130. > For this machine I needed to remove the amdgpu driver in the kernel. > > See also: > https://marc.info/?l=openbsd-misc&m=160232897421774&w=2 > https://marc.info/?l=openbsd-tech&m=160383074317608&w=2 > > Do you get the error "entry point at 0x1001000" also with the bsd.rd kernel > or only after you > installed the system with the bsd.mp/bsd.sp kernel? > > Best regards, > Sven > > On 5/23/24 22:40, Comète wrote: > >> Hello, >> I tried to install OpenBSD 7.5 on a new HP Elitebook 840 G10 (UEFI capable >> only) without success. >> It is stuck at boot on "entry point at 0x1001000". >> Even retried after a BIOS upgrade but no luck either. >> I tried with a snapshot install too with the same result. >> I post here what lspci returns from a debian bookworm: >> 00:00.0 Host bridge: Intel Corporation Device a706 >> 00:02.0 VGA compatible controller: Intel Corporation Raptor Lake-P [Iris Xe >> Graphics] (rev 04) >> 00:04.0 Signal processing controller: Intel Corporation Raptor Lake Dynamic >> Platform and Thermal >> Framework Processor Participant >> 00:06.0 PCI bridge: Intel Corporation Raptor Lake PCIe 4.0 Graphics Port >> 00:06.2 PCI bridge: Intel Corporation Device a73d >> 00:07.0 PCI bridge: Intel Corporation Raptor Lake-P Thunderbolt 4 PCI >> Express Root Port >> 00:07.2 PCI bridge: Intel Corporation Raptor Lake-P Thunderbolt 4 PCI >> Express Root Port >> 00:08.0 System peripheral: Intel Corporation GNA Scoring Accelerator module >> 00:0a.0 Signal processing controller: Intel Corporation Raptor Lake Crashlog >> and Telemetry (rev 01) >> 00:0d.0 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 USB >> Controller >> 00:0d.2 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 NHI >> 00:0d.3 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 NHI >> 00:14.0 USB controller: Intel Corporation Alder Lake PCH USB 3.2 xHCI Host >> Controller (rev 01) >> 00:14.2 RAM memory: Intel Corporation Alder Lake PCH Shared SRAM (rev 01) >> 00:14.3 Network controller: Intel Corporation Raptor Lake PCH CNVi WiFi (rev >> 01) >> 00:15.0 Serial bus controller: Intel Corporation Alder Lake PCH Serial IO >> I2C Controller #0 (rev >> 01) >> 00:16.0 Communication controller: Intel Corporation Alder Lake PCH HECI >> Controller (rev 01) >> 00:16.3 Serial controller: Intel Corporation Alder Lake AMT SOL Redirection >> (rev 01) >> 00:1c.0 PCI bridge: Intel Corporation Alder Lake PCH-P PCI Express Root Port >> #9 (rev 01) >> 00:1e.0 Communication controller: Intel Corporation Alder Lake PCH UART #0 >> (rev 01) >> 00:1e.2 Serial bus controller: Intel Corporation Alder Lake SPI Controller >> (rev 01) >> 00:1f.0 ISA bridge: Intel Corporation Raptor Lake LPC/eSPI Controller (rev >> 01) >> 00:1f.3 Multimedia audio controller: Intel Corporation Raptor Lake-P/U/H >> cAVS (rev 01) >> 00:1f.4 SMBus: Intel Corporation Alder Lake PCH-P SMBus Host Controller (rev >> 01) >> 00:1f.5 Serial bus controller: Intel Corporation Alder Lake-P PCH SPI >> Controller (rev 01) >> 02:00.0 Non-Volatile memory controller: SK hynix BC901 NVMe Solid State >> Drive (DRAM-less) (rev 03) >> 57:00.0 Wireless controller [0d40]: Intel Corporation XMM7560 LTE Advanced >> Pro Modem (rev 01) >>> Thanks for your help. >> Comete
7.5 install crashes on "entry point at 0x1001000" HP Elitebook 840 G10
Hello, I tried to install OpenBSD 7.5 on a new HP Elitebook 840 G10 (UEFI capable only) without success. It is stuck at boot on "entry point at 0x1001000". Even retried after a BIOS upgrade but no luck either. I tried with a snapshot install too with the same result. I post here what lspci returns from a debian bookworm: 00:00.0 Host bridge: Intel Corporation Device a706 00:02.0 VGA compatible controller: Intel Corporation Raptor Lake-P [Iris Xe Graphics] (rev 04) 00:04.0 Signal processing controller: Intel Corporation Raptor Lake Dynamic Platform and Thermal Framework Processor Participant 00:06.0 PCI bridge: Intel Corporation Raptor Lake PCIe 4.0 Graphics Port 00:06.2 PCI bridge: Intel Corporation Device a73d 00:07.0 PCI bridge: Intel Corporation Raptor Lake-P Thunderbolt 4 PCI Express Root Port 00:07.2 PCI bridge: Intel Corporation Raptor Lake-P Thunderbolt 4 PCI Express Root Port 00:08.0 System peripheral: Intel Corporation GNA Scoring Accelerator module 00:0a.0 Signal processing controller: Intel Corporation Raptor Lake Crashlog and Telemetry (rev 01) 00:0d.0 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 USB Controller 00:0d.2 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 NHI 00:0d.3 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 NHI 00:14.0 USB controller: Intel Corporation Alder Lake PCH USB 3.2 xHCI Host Controller (rev 01) 00:14.2 RAM memory: Intel Corporation Alder Lake PCH Shared SRAM (rev 01) 00:14.3 Network controller: Intel Corporation Raptor Lake PCH CNVi WiFi (rev 01) 00:15.0 Serial bus controller: Intel Corporation Alder Lake PCH Serial IO I2C Controller #0 (rev 01) 00:16.0 Communication controller: Intel Corporation Alder Lake PCH HECI Controller (rev 01) 00:16.3 Serial controller: Intel Corporation Alder Lake AMT SOL Redirection (rev 01) 00:1c.0 PCI bridge: Intel Corporation Alder Lake PCH-P PCI Express Root Port #9 (rev 01) 00:1e.0 Communication controller: Intel Corporation Alder Lake PCH UART #0 (rev 01) 00:1e.2 Serial bus controller: Intel Corporation Alder Lake SPI Controller (rev 01) 00:1f.0 ISA bridge: Intel Corporation Raptor Lake LPC/eSPI Controller (rev 01) 00:1f.3 Multimedia audio controller: Intel Corporation Raptor Lake-P/U/H cAVS (rev 01) 00:1f.4 SMBus: Intel Corporation Alder Lake PCH-P SMBus Host Controller (rev 01) 00:1f.5 Serial bus controller: Intel Corporation Alder Lake-P PCH SPI Controller (rev 01) 02:00.0 Non-Volatile memory controller: SK hynix BC901 NVMe Solid State Drive (DRAM-less) (rev 03) 57:00.0 Wireless controller [0d40]: Intel Corporation XMM7560 LTE Advanced Pro Modem (rev 01) Thanks for your help. Comete
Re: Lenovo Thinkpad T14 Gen3 very slow on MP kernel, faster on GENERIC
Hi, so I rebuild with your patch applied but it is still very slow with the bsd.mp kernel. Thanks for you help Morgan 18 octobre 2023 10:43 "Stuart Henderson" a écrit: > On 2023-10-17, Comète wrote: > >> Hi, >> >> Wow ! you're absolutely right ! If I unplug, no lagg anymore. >> So the solution should be to apply your patch and rebuild the kernel ? > > It's certainly worth trying. If you do, please report back here. > >> Thanks a lot ! >> >> Morgan >> >> 17 octobre 2023 14:24 "Stuart Henderson" a écrit: >> >>> On 2023-10-16, Comète wrote: >> >> Hello, >> >> I'm experiencing big slowdowns on a LENOVO Thinkpad T14 Gen3 when using MP >> kernel (on 7.3 and 7.4) >> but strangely not on GENERIC. >> For example, starting LibreOffice on GENERIC takes 7 seconds but 35 seconds >> on MP kernel. It's even >> lagging when typing some text in an editor or a mail. >> Switching to GENERIC and all is working as expected... >> >> Thanks for your help ! >> >> Morgan >> >> This is my dmesg on both kernels: >> >> OpenBSD 7.4 (GENERIC) #1336: Tue Oct 10 08:52:22 MDT 2023 >> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC >> real mem = 34026549248 (32450MB) >> avail mem = 32975671296 (31448MB) >> random: good seed from bootblocks >> mpath0 at root >> scsibus0 at mpath0: 256 targets >> mainbus0 at root >> bios0 at mainbus0: SMBIOS rev. 3.4 @ 0x8f8a3000 (81 entries) >> bios0: vendor LENOVO version "N3MET16W (1.15 )" date 06/25/2023 >>> No problem with MP here, but I have an older BIOS - >>> >>> bios0 at mainbus0: SMBIOS rev. 3.4 @ 0x8d8a3000 (81 entries) >>> bios0: vendor LENOVO version "N3MET12W (1.11 )" date 02/09/2023 >>> >>> (grumble stupid US date format) >> >> bios0: LENOVO 21AHCTO1WW >> efi0 at bios0: UEFI 2.7 >> efi0: Lenovo rev 0x1150 >> acpi0 at bios0: ACPI 6.3 >> acpi0: sleep states S0 S3 S4 S5 >> acpi0: tables DSDT FACP SSDT SSDT SSDT SSDT SSDT TPM2 HPET APIC MCFG ECDT >> SSDT SSDT SSDT SSDT SSDT >> SSDT LPIT WSMT SSDT DBGP DBG2 NHLT MSDM SSDT BATB DMAR SSDT SSDT SSDT BGRT >> PHAT UEFI FPDT >> acpi0: wakeup devices PEG0(S4) PEGP(S4) PEGP(S4) PEG2(S4) PEGP(S4) GLAN(S4) >> XHCI(S3) XDCI(S4) >> HDAS(S4) CNVW(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) [...] >> acpitimer0 at acpi0: 3579545 Hz, 24 bits >> acpihpet0 at acpi0: 1920 Hz >> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat >> cpu0 at mainbus0: apid 0 (boot processor) >> cpu0: 12th Gen Intel(R) Core(TM) i7-1260P, 2151.34 MHz, 06-9a-03, patch >> 042c >>> and different cpu: >>> >>> cpu0: 12th Gen Intel(R) Core(TM) i5-1245U, 1568.55 MHz, 06-9a-04, patch >>> 042c >>> >>> FWIW I can definitely get mine to throttle when it's busy. And your >>> CPU uses a fair bit more power than mine (I specifically looked for a >>> U rather than a P cpu for exactly this reason) so I'd guess might be >>> easier to hit the throttle. >>> >>> The OpenBSD kernel tries to set cpu clock speed high when on mains >>> power, so it might be worth trying unplugged to see if there's any >>> difference, or disable that thing with this >>> >>> Index: sched_bsd.c >>> === >>> RCS file: /cvs/src/sys/kern/sched_bsd.c,v >>> retrieving revision 1.88 >>> diff -u -p -r1.88 sched_bsd.c >>> --- sched_bsd.c 11 Oct 2023 15:42:44 - 1.88 >>> +++ sched_bsd.c 17 Oct 2023 12:10:41 - >>> @@ -605,7 +605,7 @@ setperf_auto(void *v) >>> if (cpu_setperf == NULL) >>> return; >>> >>> - if (hw_power) { >>> + if (0 && hw_power) { >>> speedup = 1; >>> goto faster; >>> }
Re: Lenovo Thinkpad T14 Gen3 very slow on MP kernel, faster on GENERIC
Hi, Wow ! you're absolutely right ! If I unplug, no lagg anymore. So the solution should be to apply your patch and rebuild the kernel ? Thanks a lot ! Morgan 17 octobre 2023 14:24 "Stuart Henderson" a écrit: > On 2023-10-16, Comète wrote: > >> Hello, >> >> I'm experiencing big slowdowns on a LENOVO Thinkpad T14 Gen3 when using MP >> kernel (on 7.3 and 7.4) >> but strangely not on GENERIC. >> For example, starting LibreOffice on GENERIC takes 7 seconds but 35 seconds >> on MP kernel. It's even >> lagging when typing some text in an editor or a mail. >> Switching to GENERIC and all is working as expected... >> >> Thanks for your help ! >> >> Morgan >> >> This is my dmesg on both kernels: >> >> OpenBSD 7.4 (GENERIC) #1336: Tue Oct 10 08:52:22 MDT 2023 >> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC >> real mem = 34026549248 (32450MB) >> avail mem = 32975671296 (31448MB) >> random: good seed from bootblocks >> mpath0 at root >> scsibus0 at mpath0: 256 targets >> mainbus0 at root >> bios0 at mainbus0: SMBIOS rev. 3.4 @ 0x8f8a3000 (81 entries) >> bios0: vendor LENOVO version "N3MET16W (1.15 )" date 06/25/2023 > > No problem with MP here, but I have an older BIOS - > > bios0 at mainbus0: SMBIOS rev. 3.4 @ 0x8d8a3000 (81 entries) > bios0: vendor LENOVO version "N3MET12W (1.11 )" date 02/09/2023 > > (grumble stupid US date format) > >> bios0: LENOVO 21AHCTO1WW >> efi0 at bios0: UEFI 2.7 >> efi0: Lenovo rev 0x1150 >> acpi0 at bios0: ACPI 6.3 >> acpi0: sleep states S0 S3 S4 S5 >> acpi0: tables DSDT FACP SSDT SSDT SSDT SSDT SSDT TPM2 HPET APIC MCFG ECDT >> SSDT SSDT SSDT SSDT SSDT >> SSDT LPIT WSMT SSDT DBGP DBG2 NHLT MSDM SSDT BATB DMAR SSDT SSDT SSDT BGRT >> PHAT UEFI FPDT >> acpi0: wakeup devices PEG0(S4) PEGP(S4) PEGP(S4) PEG2(S4) PEGP(S4) GLAN(S4) >> XHCI(S3) XDCI(S4) >> HDAS(S4) CNVW(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) [...] >> acpitimer0 at acpi0: 3579545 Hz, 24 bits >> acpihpet0 at acpi0: 1920 Hz >> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat >> cpu0 at mainbus0: apid 0 (boot processor) >> cpu0: 12th Gen Intel(R) Core(TM) i7-1260P, 2151.34 MHz, 06-9a-03, patch >> 042c > > and different cpu: > > cpu0: 12th Gen Intel(R) Core(TM) i5-1245U, 1568.55 MHz, 06-9a-04, patch > 042c > > FWIW I can definitely get mine to throttle when it's busy. And your > CPU uses a fair bit more power than mine (I specifically looked for a > U rather than a P cpu for exactly this reason) so I'd guess might be > easier to hit the throttle. > > The OpenBSD kernel tries to set cpu clock speed high when on mains > power, so it might be worth trying unplugged to see if there's any > difference, or disable that thing with this > > Index: sched_bsd.c > === > RCS file: /cvs/src/sys/kern/sched_bsd.c,v > retrieving revision 1.88 > diff -u -p -r1.88 sched_bsd.c > --- sched_bsd.c 11 Oct 2023 15:42:44 - 1.88 > +++ sched_bsd.c 17 Oct 2023 12:10:41 - > @@ -605,7 +605,7 @@ setperf_auto(void *v) > if (cpu_setperf == NULL) > return; > > - if (hw_power) { > + if (0 && hw_power) { > speedup = 1; > goto faster; > }
Lenovo Thinkpad T14 Gen3 very slow on MP kernel, faster on GENERIC
Hello, I'm experiencing big slowdowns on a LENOVO Thinkpad T14 Gen3 when using MP kernel (on 7.3 and 7.4) but strangely not on GENERIC. For example, starting LibreOffice on GENERIC takes 7 seconds but 35 seconds on MP kernel. It's even lagging when typing some text in an editor or a mail. Switching to GENERIC and all is working as expected... Thanks for your help ! Morgan This is my dmesg on both kernels: OpenBSD 7.4 (GENERIC) #1336: Tue Oct 10 08:52:22 MDT 2023 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 34026549248 (32450MB) avail mem = 32975671296 (31448MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.4 @ 0x8f8a3000 (81 entries) bios0: vendor LENOVO version "N3MET16W (1.15 )" date 06/25/2023 bios0: LENOVO 21AHCTO1WW efi0 at bios0: UEFI 2.7 efi0: Lenovo rev 0x1150 acpi0 at bios0: ACPI 6.3 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SSDT SSDT SSDT SSDT SSDT TPM2 HPET APIC MCFG ECDT SSDT SSDT SSDT SSDT SSDT SSDT LPIT WSMT SSDT DBGP DBG2 NHLT MSDM SSDT BATB DMAR SSDT SSDT SSDT BGRT PHAT UEFI FPDT acpi0: wakeup devices PEG0(S4) PEGP(S4) PEGP(S4) PEG2(S4) PEGP(S4) GLAN(S4) XHCI(S3) XDCI(S4) HDAS(S4) CNVW(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 1920 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: 12th Gen Intel(R) Core(TM) i7-1260P, 2151.34 MHz, 06-9a-03, patch 042c cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE, SE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCI ,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,A M,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,CLFLUSHOPT,C WB,PT,SHA,UMIP,PKU,WAITPKG,PKS,MD_CLEAR,IBT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,IBRS_ALL,SKIP_L1DF ,MDS_NO,IF_PSCHANGE,TAA_NO,MISC_PKG_CT,ENERGY_FILT,DOITM,SBDR_SSDP_N,FBSDP_NO,PSDP_NO,RRSBA,OVERCLOC ,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu0: 48KB 64b/line 12-way D-cache, 32KB 64b/line 8-way I-cache, 1MB 64b/line 10-way L2 cache, 18MB 64b/line 12-way L3 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 38MHz cpu0: mwait min=64, max=64, C-substates=0.2.0.2.0.1.0.1, IBE cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured cpu at mainbus0: not configured ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins acpimcfg0 at acpi0 acpimcfg0: addr 0xc000, bus 0-255 acpiec0 at acpi0 acpiprt0 at acpi0: bus 0 (PC00) acpiprt1 at acpi0: bus 2 (PEG0) acpiprt2 at acpi0: bus -1 (PEG2) acpiprt3 at acpi0: bus -1 (RP01) acpiprt4 at acpi0: bus -1 (RP02) acpiprt5 at acpi0: bus -1 (RP03) acpiprt6 at acpi0: bus -1 (RP04) acpiprt7 at acpi0: bus -1 (RP05) acpiprt8 at acpi0: bus -1 (RP06) acpiprt9 at acpi0: bus -1 (RP07) acpiprt10 at acpi0: bus -1 (RP08) acpiprt11 at acpi0: bus -1 (RP09) acpiprt12 at acpi0: bus -1 (RP10) acpiprt13 at acpi0: bus -1 (RP11) acpiprt14 at acpi0: bus -1 (RP12) acpiprt15 at acpi0: bus -1 (RP13) acpiprt16 at acpi0: bus -1 (RP14) acpiprt17 at acpi0: bus -1 (RP15) acpiprt18 at acpi0: bus -1 (RP16) acpiprt19 at acpi0: bus -1 (RP17) acpiprt20 at acpi0: bus -1 (RP18) acpiprt21 at acpi0: bus -1 (RP19) acpiprt22 at acpi0: bus -1 (RP20) acpiprt23 at acpi0: bus -1 (RP21) acpiprt24 at acpi0: bus -1 (RP22) acpiprt25 at acpi0: bus -1 (RP23) acpiprt26 at acpi0: bus -1 (RP24) acpiprt27 at acpi0: bus -1 (RP25) acpiprt28 at acpi0: bus -1 (RP26) acpiprt29 at acpi0: bus -1 (RP27) acpiprt30 at acpi0: bus -1 (RP28) acpiprt31 at acpi0: bus 32 (TRP0) acpiprt32 at acpi0: bus 80 (TRP2) acpipci0 at acpi0 PC00: 0x 0x0011 0x0001 acpithinkpad0 at acpi0: version 2.0 acpiac0 at acpi0: AC unit online acpibat0 at acpi0: BAT0 model "5B10W51867" serial 18480 type LiP oem "Sunwoda" "LEN0111" at acpi0 not configured "LEN0100" at acpi0 not configured "INTC1046" at acpi0 not configured "INTC1046" at acpi0 not configured "INTC1046" at acpi0 not configured "INTC1046" at acpi0 not configured "LEN0130" at acpi0 not configured "ELAN0676" at acpi0 not configured "ACPI000E" at acpi0 not configured pchgpio0 at acpi0 GPI0 addr 0xfd6e/0x1 0xfd6d/0x1 0xfd6a/0x1 0xfd69/0x1 irq 14, 360 pins acpibtn0 at acpi0: SLPB(wakeup) acpicpu0 at acpi0: C3(200@1048 mwait.1@0x60), C2(350@127 mwait.1@0x21)
Re: Webcam support on Lenovo Thinkpad T14 Gen3 (Intel)
$ ffmpeg -f v4l2 -list_formats all -i /dev/video1 ffmpeg version 4.4.3 Copyright (c) 2000-2022 the FFmpeg developers built with OpenBSD clang version 13.0.0 configuration: --enable-shared --arch=amd64 --cc=cc --enable-debug --disable-stripping --disable-indev=jack --disable-outdev=sdl2 --enable-fontconfig --enable-frei0r --enable-gpl --enable-ladspa --enable-libaom --enable-libass --enable-libdav1d --enable-libfreetype --enable-libfribidi --enable-libgsm --enable-libmp3lame --enable-libopus --enable-libspeex --enable-libtheora --enable-libv4l2 --enable-libvorbis --enable-libvpx --enable-libx264 --enable-libx265 --enable-libxml2 --enable-libxvid --enable-libzimg --enable-nonfree --enable-openssl --enable-libvidstab --extra-cflags='-I/usr/local/include -I/usr/X11R6/include' --extra-libs='-L/usr/local/lib -L/usr/X11R6/lib' --extra-ldsoflags= --mandir=/usr/local/man --objcc=/usr/bin/false --optflags='-O2 -pipe -g -Wno-redundant-decls' libavutil 56. 70.100 / 56. 70.100 libavcodec 58.134.100 / 58.134.100 libavformat58. 76.100 / 58. 76.100 libavdevice58. 13.100 / 58. 13.100 libavfilter 7.110.100 / 7.110.100 libswscale 5. 9.100 / 5. 9.100 libswresample 3. 9.100 / 3. 9.100 libpostproc55. 9.100 / 55. 9.100 [video4linux2,v4l2 @ 0xdfad921b000] Raw : Unsupported :Unknown UC Format : /dev/video1: Immediate exit requested $ ffmpeg -f v4l2 -list_formats all -i /dev/video0 ffmpeg version 4.4.3 Copyright (c) 2000-2022 the FFmpeg developers built with OpenBSD clang version 13.0.0 configuration: --enable-shared --arch=amd64 --cc=cc --enable-debug --disable-stripping --disable-indev=jack --disable-outdev=sdl2 --enable-fontconfig --enable-frei0r --enable-gpl --enable-ladspa --enable-libaom --enable-libass --enable-libdav1d --enable-libfreetype --enable-libfribidi --enable-libgsm --enable-libmp3lame --enable-libopus --enable-libspeex --enable-libtheora --enable-libv4l2 --enable-libvorbis --enable-libvpx --enable-libx264 --enable-libx265 --enable-libxml2 --enable-libxvid --enable-libzimg --enable-nonfree --enable-openssl --enable-libvidstab --extra-cflags='-I/usr/local/include -I/usr/X11R6/include' --extra-libs='-L/usr/local/lib -L/usr/X11R6/lib' --extra-ldsoflags= --mandir=/usr/local/man --objcc=/usr/bin/false --optflags='-O2 -pipe -g -Wno-redundant-decls' libavutil 56. 70.100 / 56. 70.100 libavcodec 58.134.100 / 58.134.100 libavformat58. 76.100 / 58. 76.100 libavdevice58. 13.100 / 58. 13.100 libavfilter 7.110.100 / 7.110.100 libswscale 5. 9.100 / 5. 9.100 libswresample 3. 9.100 / 3. 9.100 libpostproc55. 9.100 / 55. 9.100 [video4linux2,v4l2 @ 0xe580ab7a000] Compressed: mjpeg : MJPEG : 1920x1080 320x180 320x240 352x288 424x240 640x360 640x480 848x480 960x540 1280x720 [video4linux2,v4l2 @ 0xe580ab7a000] Raw : yuyv422 : YUYV : 640x480 320x180 320x240 352x288 424x240 640x360 848x480 960x540 1280x720 1920x1080 /dev/video0: Immediate exit requested 8 octobre 2023 11:45 "Bryan Steele" a écrit: > Morgan wrote: > >> Hello, >> >> $ video -q -f /dev/video1 >> video: /dev/video1 has no usable YUV encodings >> >> $ video -s 1920x1080 -f /dev/video1 >> video: /dev/video1 has no usable YUV encodings >> >> thanks for your suggestion >> >> Morgan > > Are there any non-YUV formats supported? > > $ ffmpeg -f v4l2 -list_formats all -i /dev/video1 > > -Bryan.
Re: Webcam support on Lenovo Thinkpad T14 Gen3 (Intel)
It does nothing more, just a black window and no error returned on the terminal. 7 octobre 2023 21:25 "Crystal Kolipe" a écrit: > On Sat, Oct 07, 2023 at 07:02:23PM +, Comte wrote: > >> $ video -q -f /dev/video1 >> video: /dev/video1 has no usable YUV encodings >> >> $ video -s 1920x1080 -f /dev/video1 >> video: /dev/video1 has no usable YUV encodings > > What does video -g -f /dev/video0 do? > > (The -g flag being of interest here). > > This error: > >> On 2023 Oct 07 (Sat) at 12:53:12 + (+), Comète wrote: >> :Hi, >> : >> :$ video -f /dev/video0 >> :video: ioctl VIDIOC_DQBUF: Invalid argument > > ... narrows it down quite a bit, but I'm still not sure why it's not working.
Re: Webcam support on Lenovo Thinkpad T14 Gen3 (Intel)
I thought that the webcam was broken but I've tested it with a live Debian 12 usb key and it works. 7 octobre 2023 21:02 "Comète" a écrit: > Hello, > > $ video -q -f /dev/video1 > video: /dev/video1 has no usable YUV encodings > > $ video -s 1920x1080 -f /dev/video1 > video: /dev/video1 has no usable YUV encodings > > thanks for your suggestion > > Morgan > > 7 octobre 2023 18:56 "Marcus MERIGHI" a écrit: > >> Hello, >> >> com...@geekandfree.org (Comète), 2023.10.07 (Sat) 17:02 (CEST): >> >>> unfortunately, yes the slider is well opened and I can confirm that >>> when it is closed no LED will be visible. >> >> on my thinkpad X1 Carbon 5th Gen., /dev/video0 is the infrared camera, >> /dev/video1 is the one I want. >> >> video -s 1920x1080 -f /dev/video1 >> ^ >> gives me the best it can do, while >> >> video -s 1920x1080 -f /dev/video0 >> ^ >> gives me a small, greenish, pixelated image. >> >> Marcus >> >>> 7 octobre 2023 15:06 "Peter Hessler" a écrit: >>> >>> A lot of the Thinkpad laptops have a physical switch that will >>> cover/uncover the camera. Can you switch it to the other and try again? >>> >>> -peter >>> >>> On 2023 Oct 07 (Sat) at 12:53:12 + (+), Comète wrote: >>> :Hi, >>> : >>> :$ video -f /dev/video0 >>> :video: ioctl VIDIOC_DQBUF: Invalid argument >>> : >>> :the LED lights up near the camera and a black window is displayed... >>> : >>> : >>> :I've strictly followed https://www.openbsd.org/faq/faq13.html#webcam >>> : >>> : >>> :then to answer Crystal: >>> : >>> :$ ffplay -f v4l2 -input_format yuyv422 -video_size 960x540 -i /dev/video0 >>> :ffplay version 4.4.3 Copyright (c) 2003-2022 the FFmpeg developers >>> :built with OpenBSD clang version 13.0.0 >>> :configuration: --enable-shared --arch=amd64 --cc=cc --enable-debug >>> --disable-stripping >>> :--disable-indev=jack --disable-outdev=sdl2 --enable-fontconfig >>> --enable-frei0r --ena >>> :ble-gpl --enable-ladspa --enable-libaom --enable-libass --enable-libdav1d >>> --enable-libfreetype >>> :--enable-libfribidi --enable-libgsm --enable-libmp3lame --enable-libopus >>> --ena >>> :ble-libspeex --enable-libtheora --enable-libv4l2 --enable-libvorbis >>> --enable-libvpx >>> :--enable-libx264 --enable-libx265 --enable-libxml2 --enable-libxvid >>> --enable-libzimg --en >>> :able-nonfree --enable-openssl --enable-libvidstab >>> --extra-cflags='-I/usr/local/include >>> :-I/usr/X11R6/include' --extra-libs='-L/usr/local/lib -L/usr/X11R6/lib' >>> --extra-ldsofla >>> :gs= --mandir=/usr/local/man --objcc=/usr/bin/false --optflags='-O2 -pipe >>> -g -Wno-redundant-decls' >>> :libavutil 56. 70.100 / 56. 70.100 >>> :libavcodec 58.134.100 / 58.134.100 >>> :libavformat 58. 76.100 / 58. 76.100 >>> :libavdevice 58. 13.100 / 58. 13.100 >>> :libavfilter 7.110.100 / 7.110.100 >>> :libswscale 5. 9.100 / 5. 9.100 >>> :libswresample 3. 9.100 / 3. 9.100 >>> :libpostproc 55. 9.100 / 55. 9.100 >>> :[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument >>> :Input #0, video4linux2,v4l2, from '/dev/video0': >>> :Duration: N/A, bitrate: 124416 kb/s >>> :Stream #0:0: Video: rawvideo (YUY2 / 0x32595559), yuyv422, 960x540, 124416 >>> kb/s, 15 fps, 15 tbr, >>> :1000k tbn, 1000k tbc >>> :[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument >>> :[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument >>> :[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument >>> : >>> : >>> :and yes, to answer Jan: >>> : >>> :$ sysctl kern.video >>> :kern.video.record=1 >>> : >>> : >>> : >>> :Thanks a lot for your help. >>> : >>> :Morgan >>> : >>> : >>> :7 octobre 2023 14:36 "Thomas Frohwein" a écrit: >>> : >>> :> On Sat, Oct 07, 2023 at 07:08:21AM -0300, Crystal Kolipe wrote: >>> :> >>> :>> On Sat, Oct 07, 2023 at 08:51:36AM +, Comte wrote: >>> :>> The webcam seems well detected but no image is displayed... >>> :>> >>> :>> What happens if you run /usr/X11R6/bin/video inste
Re: Webcam support on Lenovo Thinkpad T14 Gen3 (Intel)
Hello, $ video -q -f /dev/video1 video: /dev/video1 has no usable YUV encodings $ video -s 1920x1080 -f /dev/video1 video: /dev/video1 has no usable YUV encodings thanks for your suggestion Morgan 7 octobre 2023 18:56 "Marcus MERIGHI" a écrit: > Hello, > > com...@geekandfree.org (Comète), 2023.10.07 (Sat) 17:02 (CEST): > >> unfortunately, yes the slider is well opened and I can confirm that >> when it is closed no LED will be visible. > > on my thinkpad X1 Carbon 5th Gen., /dev/video0 is the infrared camera, > /dev/video1 is the one I want. > > video -s 1920x1080 -f /dev/video1 > ^ > gives me the best it can do, while > > video -s 1920x1080 -f /dev/video0 > ^ > gives me a small, greenish, pixelated image. > > Marcus > >> 7 octobre 2023 15:06 "Peter Hessler" a écrit: >> >> A lot of the Thinkpad laptops have a physical switch that will >> cover/uncover the camera. Can you switch it to the other and try again? >> >> -peter >> >> On 2023 Oct 07 (Sat) at 12:53:12 + (+), Comète wrote: >> :Hi, >> : >> :$ video -f /dev/video0 >> :video: ioctl VIDIOC_DQBUF: Invalid argument >> : >> :the LED lights up near the camera and a black window is displayed... >> : >> : >> :I've strictly followed https://www.openbsd.org/faq/faq13.html#webcam >> : >> : >> :then to answer Crystal: >> : >> :$ ffplay -f v4l2 -input_format yuyv422 -video_size 960x540 -i /dev/video0 >> :ffplay version 4.4.3 Copyright (c) 2003-2022 the FFmpeg developers >> :built with OpenBSD clang version 13.0.0 >> :configuration: --enable-shared --arch=amd64 --cc=cc --enable-debug >> --disable-stripping >> :--disable-indev=jack --disable-outdev=sdl2 --enable-fontconfig >> --enable-frei0r --ena >> :ble-gpl --enable-ladspa --enable-libaom --enable-libass --enable-libdav1d >> --enable-libfreetype >> :--enable-libfribidi --enable-libgsm --enable-libmp3lame --enable-libopus >> --ena >> :ble-libspeex --enable-libtheora --enable-libv4l2 --enable-libvorbis >> --enable-libvpx >> :--enable-libx264 --enable-libx265 --enable-libxml2 --enable-libxvid >> --enable-libzimg --en >> :able-nonfree --enable-openssl --enable-libvidstab >> --extra-cflags='-I/usr/local/include >> :-I/usr/X11R6/include' --extra-libs='-L/usr/local/lib -L/usr/X11R6/lib' >> --extra-ldsofla >> :gs= --mandir=/usr/local/man --objcc=/usr/bin/false --optflags='-O2 -pipe -g >> -Wno-redundant-decls' >> :libavutil 56. 70.100 / 56. 70.100 >> :libavcodec 58.134.100 / 58.134.100 >> :libavformat 58. 76.100 / 58. 76.100 >> :libavdevice 58. 13.100 / 58. 13.100 >> :libavfilter 7.110.100 / 7.110.100 >> :libswscale 5. 9.100 / 5. 9.100 >> :libswresample 3. 9.100 / 3. 9.100 >> :libpostproc 55. 9.100 / 55. 9.100 >> :[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument >> :Input #0, video4linux2,v4l2, from '/dev/video0': >> :Duration: N/A, bitrate: 124416 kb/s >> :Stream #0:0: Video: rawvideo (YUY2 / 0x32595559), yuyv422, 960x540, 124416 >> kb/s, 15 fps, 15 tbr, >> :1000k tbn, 1000k tbc >> :[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument >> :[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument >> :[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument >> : >> : >> :and yes, to answer Jan: >> : >> :$ sysctl kern.video >> :kern.video.record=1 >> : >> : >> : >> :Thanks a lot for your help. >> : >> :Morgan >> : >> : >> :7 octobre 2023 14:36 "Thomas Frohwein" a écrit: >> : >> :> On Sat, Oct 07, 2023 at 07:08:21AM -0300, Crystal Kolipe wrote: >> :> >> :>> On Sat, Oct 07, 2023 at 08:51:36AM +, Comte wrote: >> :>> The webcam seems well detected but no image is displayed... >> :>> >> :>> What happens if you run /usr/X11R6/bin/video instead of using ffmpeg? >> :>> >> :>> # dmesg | grep "uvideo" >> :>> ^ >> :>> >> :>> Please post a full dmesg next time. >> :>> >> :>> uvideo0 at uhub1 port 4 configuration 1 interface 0 "Chicony Electronics >> Co.,Ltd. Integrated >> :>> Camera" rev 2.01/54.20 addr 3 >> :>> video0 at uvideo0 >> :>> uvideo1 at uhub1 port 4 configuration 1 interface 2 "Chicony Electronics >> Co.,Ltd. Integrated >> :>> Camera" rev 2.01/54.20 addr 3 >> :>> video1 at uvideo1 >> :>> >> :>> However, this camera should almost certainly just work anyway. >> :>> >> :>> $ ffplay -f v4l2 -input_format mjpeg -video_size 1280x720 -i /dev/video0 >> :>> ^^^ >> :>> >> :>> Why? >> :> >> :> Looks like Comte followed the console instructions at [1] to the letter. >> :> It seems to me that jumping right to ffplay recording isn't the best >> :> way for you to check the camera is working. Simplest way to test seems >> :> to me: >> :> >> :> $ video -f /dev/video0 >> :> >> :> And then you should see a window with the video stream... >> :> >> :> [1] https://www.openbsd.org/faq/faq13.html#webcam >> : >> >> -- >> Do you realize how many holes there could be if people would just take >> the time to take the dirt out of them?
Re: Webcam support on Lenovo Thinkpad T14 Gen3 (Intel)
unfortunately, yes the slider is well opened and I can confirm that when it is closed no LED will be visible. Thanks Morgan 7 octobre 2023 15:06 "Peter Hessler" a écrit: > A lot of the Thinkpad laptops have a physical switch that will > cover/uncover the camera. Can you switch it to the other and try again? > > -peter > > On 2023 Oct 07 (Sat) at 12:53:12 + (+), Comète wrote: > :Hi, > : > :$ video -f /dev/video0 > :video: ioctl VIDIOC_DQBUF: Invalid argument > : > :the LED lights up near the camera and a black window is displayed... > : > : > :I've strictly followed https://www.openbsd.org/faq/faq13.html#webcam > : > : > :then to answer Crystal: > : > :$ ffplay -f v4l2 -input_format yuyv422 -video_size 960x540 -i /dev/video0 > :ffplay version 4.4.3 Copyright (c) 2003-2022 the FFmpeg developers > :built with OpenBSD clang version 13.0.0 > :configuration: --enable-shared --arch=amd64 --cc=cc --enable-debug > --disable-stripping > :--disable-indev=jack --disable-outdev=sdl2 --enable-fontconfig > --enable-frei0r --ena > :ble-gpl --enable-ladspa --enable-libaom --enable-libass --enable-libdav1d > --enable-libfreetype > :--enable-libfribidi --enable-libgsm --enable-libmp3lame --enable-libopus > --ena > :ble-libspeex --enable-libtheora --enable-libv4l2 --enable-libvorbis > --enable-libvpx > :--enable-libx264 --enable-libx265 --enable-libxml2 --enable-libxvid > --enable-libzimg --en > :able-nonfree --enable-openssl --enable-libvidstab > --extra-cflags='-I/usr/local/include > :-I/usr/X11R6/include' --extra-libs='-L/usr/local/lib -L/usr/X11R6/lib' > --extra-ldsofla > :gs= --mandir=/usr/local/man --objcc=/usr/bin/false --optflags='-O2 -pipe -g > -Wno-redundant-decls' > :libavutil 56. 70.100 / 56. 70.100 > :libavcodec 58.134.100 / 58.134.100 > :libavformat 58. 76.100 / 58. 76.100 > :libavdevice 58. 13.100 / 58. 13.100 > :libavfilter 7.110.100 / 7.110.100 > :libswscale 5. 9.100 / 5. 9.100 > :libswresample 3. 9.100 / 3. 9.100 > :libpostproc 55. 9.100 / 55. 9.100 > :[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument > :Input #0, video4linux2,v4l2, from '/dev/video0': > :Duration: N/A, bitrate: 124416 kb/s > :Stream #0:0: Video: rawvideo (YUY2 / 0x32595559), yuyv422, 960x540, 124416 > kb/s, 15 fps, 15 tbr, > :1000k tbn, 1000k tbc > :[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument > :[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument > :[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument > : > : > :and yes, to answer Jan: > : > :$ sysctl kern.video > :kern.video.record=1 > : > : > : > :Thanks a lot for your help. > : > :Morgan > : > : > :7 octobre 2023 14:36 "Thomas Frohwein" a écrit: > : > :> On Sat, Oct 07, 2023 at 07:08:21AM -0300, Crystal Kolipe wrote: > :> > :>> On Sat, Oct 07, 2023 at 08:51:36AM +, Comte wrote: > :>> The webcam seems well detected but no image is displayed... > :>> > :>> What happens if you run /usr/X11R6/bin/video instead of using ffmpeg? > :>> > :>> # dmesg | grep "uvideo" > :>> ^ > :>> > :>> Please post a full dmesg next time. > :>> > :>> uvideo0 at uhub1 port 4 configuration 1 interface 0 "Chicony Electronics > Co.,Ltd. Integrated > :>> Camera" rev 2.01/54.20 addr 3 > :>> video0 at uvideo0 > :>> uvideo1 at uhub1 port 4 configuration 1 interface 2 "Chicony Electronics > Co.,Ltd. Integrated > :>> Camera" rev 2.01/54.20 addr 3 > :>> video1 at uvideo1 > :>> > :>> However, this camera should almost certainly just work anyway. > :>> > :>> $ ffplay -f v4l2 -input_format mjpeg -video_size 1280x720 -i /dev/video0 > :>> ^^^ > :>> > :>> Why? > :> > :> Looks like Comte followed the console instructions at [1] to the letter. > :> It seems to me that jumping right to ffplay recording isn't the best > :> way for you to check the camera is working. Simplest way to test seems > :> to me: > :> > :> $ video -f /dev/video0 > :> > :> And then you should see a window with the video stream... > :> > :> [1] https://www.openbsd.org/faq/faq13.html#webcam > : > > -- > Do you realize how many holes there could be if people would just take > the time to take the dirt out of them?
Re: Webcam support on Lenovo Thinkpad T14 Gen3 (Intel)
Not better with libv4l package installed... Thanks Morgan Le 7 octobre 2023 15:10:18 GMT+02:00, Thomas Frohwein a écrit : >On Sat, Oct 07, 2023 at 12:53:12PM +0000, Comète wrote: >> Hi, >> >> $ video -f /dev/video0 >> video: ioctl VIDIOC_DQBUF: Invalid argument >> >> the LED lights up near the camera and a black window is displayed... >> >> >> I've strictly followed https://www.openbsd.org/faq/faq13.html#webcam > >I'm not 100% sure about this, but maybe worth a try - see if installing >libv4l from packages makes a difference: > ># pkg_add libv4l > >> >> >> then to answer Crystal: >> >> $ ffplay -f v4l2 -input_format yuyv422 -video_size 960x540 -i /dev/video0 >> ffplay version 4.4.3 Copyright (c) 2003-2022 the FFmpeg developers >> built with OpenBSD clang version 13.0.0 >> configuration: --enable-shared --arch=amd64 --cc=cc --enable-debug >> --disable-stripping >> --disable-indev=jack --disable-outdev=sdl2 --enable-fontconfig >> --enable-frei0r --ena >> ble-gpl --enable-ladspa --enable-libaom --enable-libass --enable-libdav1d >> --enable-libfreetype >> --enable-libfribidi --enable-libgsm --enable-libmp3lame --enable-libopus >> --ena >> ble-libspeex --enable-libtheora --enable-libv4l2 --enable-libvorbis >> --enable-libvpx >> --enable-libx264 --enable-libx265 --enable-libxml2 --enable-libxvid >> --enable-libzimg --en >> able-nonfree --enable-openssl --enable-libvidstab >> --extra-cflags='-I/usr/local/include >> -I/usr/X11R6/include' --extra-libs='-L/usr/local/lib -L/usr/X11R6/lib' >> --extra-ldsofla >> gs= --mandir=/usr/local/man --objcc=/usr/bin/false --optflags='-O2 -pipe -g >> -Wno-redundant-decls' >> libavutil 56. 70.100 / 56. 70.100 >> libavcodec 58.134.100 / 58.134.100 >> libavformat 58. 76.100 / 58. 76.100 >> libavdevice 58. 13.100 / 58. 13.100 >> libavfilter 7.110.100 / 7.110.100 >> libswscale 5. 9.100 / 5. 9.100 >> libswresample 3. 9.100 / 3. 9.100 >> libpostproc 55. 9.100 / 55. 9.100 >> [video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument >> Input #0, video4linux2,v4l2, from '/dev/video0': >> Duration: N/A, bitrate: 124416 kb/s >> Stream #0:0: Video: rawvideo (YUY2 / 0x32595559), yuyv422, 960x540, 124416 >> kb/s, 15 fps, 15 tbr, >> 1000k tbn, 1000k tbc >> [video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument >> [video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument >> [video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument >> >> >> and yes, to answer Jan: >> >> $ sysctl kern.video >> kern.video.record=1 >> >> >> >> Thanks a lot for your help. >> >> Morgan >> >> >> 7 octobre 2023 14:36 "Thomas Frohwein" a écrit: >> >> > On Sat, Oct 07, 2023 at 07:08:21AM -0300, Crystal Kolipe wrote: >> > >> >> On Sat, Oct 07, 2023 at 08:51:36AM +, Comte wrote: >> >> The webcam seems well detected but no image is displayed... >> >> >> >> What happens if you run /usr/X11R6/bin/video instead of using ffmpeg? >> >> >> >> # dmesg | grep "uvideo" >> >> ^ >> >> >> >> Please post a full dmesg next time. >> >> >> >> uvideo0 at uhub1 port 4 configuration 1 interface 0 "Chicony Electronics >> >> Co.,Ltd. Integrated >> >> Camera" rev 2.01/54.20 addr 3 >> >> video0 at uvideo0 >> >> uvideo1 at uhub1 port 4 configuration 1 interface 2 "Chicony Electronics >> >> Co.,Ltd. Integrated >> >> Camera" rev 2.01/54.20 addr 3 >> >> video1 at uvideo1 >> >> >> >> However, this camera should almost certainly just work anyway. >> >> >> >> $ ffplay -f v4l2 -input_format mjpeg -video_size 1280x720 -i /dev/video0 >> >> ^^^ >> >> >> >> Why? >> > >> > Looks like Comte followed the console instructions at [1] to the letter. >> > It seems to me that jumping right to ffplay recording isn't the best >> > way for you to check the camera is working. Simplest way to test seems >> > to me: >> > >> > $ video -f /dev/video0 >> > >> > And then you should see a window with the video stream... >> > >> > [1] https://www.openbsd.org/faq/faq13.html#webcam
Re: Webcam support on Lenovo Thinkpad T14 Gen3 (Intel)
Hi, $ video -f /dev/video0 video: ioctl VIDIOC_DQBUF: Invalid argument the LED lights up near the camera and a black window is displayed... I've strictly followed https://www.openbsd.org/faq/faq13.html#webcam then to answer Crystal: $ ffplay -f v4l2 -input_format yuyv422 -video_size 960x540 -i /dev/video0 ffplay version 4.4.3 Copyright (c) 2003-2022 the FFmpeg developers built with OpenBSD clang version 13.0.0 configuration: --enable-shared --arch=amd64 --cc=cc --enable-debug --disable-stripping --disable-indev=jack --disable-outdev=sdl2 --enable-fontconfig --enable-frei0r --ena ble-gpl --enable-ladspa --enable-libaom --enable-libass --enable-libdav1d --enable-libfreetype --enable-libfribidi --enable-libgsm --enable-libmp3lame --enable-libopus --ena ble-libspeex --enable-libtheora --enable-libv4l2 --enable-libvorbis --enable-libvpx --enable-libx264 --enable-libx265 --enable-libxml2 --enable-libxvid --enable-libzimg --en able-nonfree --enable-openssl --enable-libvidstab --extra-cflags='-I/usr/local/include -I/usr/X11R6/include' --extra-libs='-L/usr/local/lib -L/usr/X11R6/lib' --extra-ldsofla gs= --mandir=/usr/local/man --objcc=/usr/bin/false --optflags='-O2 -pipe -g -Wno-redundant-decls' libavutil 56. 70.100 / 56. 70.100 libavcodec 58.134.100 / 58.134.100 libavformat 58. 76.100 / 58. 76.100 libavdevice 58. 13.100 / 58. 13.100 libavfilter 7.110.100 / 7.110.100 libswscale 5. 9.100 / 5. 9.100 libswresample 3. 9.100 / 3. 9.100 libpostproc 55. 9.100 / 55. 9.100 [video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument Input #0, video4linux2,v4l2, from '/dev/video0': Duration: N/A, bitrate: 124416 kb/s Stream #0:0: Video: rawvideo (YUY2 / 0x32595559), yuyv422, 960x540, 124416 kb/s, 15 fps, 15 tbr, 1000k tbn, 1000k tbc [video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument [video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument [video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument and yes, to answer Jan: $ sysctl kern.video kern.video.record=1 Thanks a lot for your help. Morgan 7 octobre 2023 14:36 "Thomas Frohwein" a écrit: > On Sat, Oct 07, 2023 at 07:08:21AM -0300, Crystal Kolipe wrote: > >> On Sat, Oct 07, 2023 at 08:51:36AM +, Comte wrote: >> The webcam seems well detected but no image is displayed... >> >> What happens if you run /usr/X11R6/bin/video instead of using ffmpeg? >> >> # dmesg | grep "uvideo" >> ^ >> >> Please post a full dmesg next time. >> >> uvideo0 at uhub1 port 4 configuration 1 interface 0 "Chicony Electronics >> Co.,Ltd. Integrated >> Camera" rev 2.01/54.20 addr 3 >> video0 at uvideo0 >> uvideo1 at uhub1 port 4 configuration 1 interface 2 "Chicony Electronics >> Co.,Ltd. Integrated >> Camera" rev 2.01/54.20 addr 3 >> video1 at uvideo1 >> >> However, this camera should almost certainly just work anyway. >> >> $ ffplay -f v4l2 -input_format mjpeg -video_size 1280x720 -i /dev/video0 >> ^^^ >> >> Why? > > Looks like Comte followed the console instructions at [1] to the letter. > It seems to me that jumping right to ffplay recording isn't the best > way for you to check the camera is working. Simplest way to test seems > to me: > > $ video -f /dev/video0 > > And then you should see a window with the video stream... > > [1] https://www.openbsd.org/faq/faq13.html#webcam
Webcam support on Lenovo Thinkpad T14 Gen3 (Intel)
Hello, I've tried to used the integrated webcam on my brand new Thinkpad T14 on OpenBSD 7.3 without success. I've followed the FAQ. The webcam seems well detected but no image is displayed... This is what I get: # uname -a OpenBSD hyperion.my.domain 7.3 GENERIC#1072 amd64 # usbdevs -v Controller /dev/usb0: addr 01: 8086: Intel, xHCI root hub super speed, self powered, config 1, rev 1.00 driver: uhub0 addr 02: 2109:0817 VIA Labs, Inc., USB3.0 Hub super speed, self powered, config 1, rev 6.23, iSerial 0 driver: uhub2 addr 03: 0bda:0411 Generic, USB3.2 Hub super speed, self powered, config 1, rev 39.20 driver: uhub3 addr 04: 152d:0578 JMicron, USB to ATA/ATAPI Bridge super speed, power 224 mA, config 1, rev 2.14, iSerial 0123456789ABCDEF driver: umass0 addr 05: 0bda:8153 Realtek, USB 10/100/1000 LAN super speed, power 72 mA, config 1, rev 30.00, iSerial 01 driver: ure0 Controller /dev/usb1: addr 01: 8086: Intel, xHCI root hub super speed, self powered, config 1, rev 1.00 driver: uhub1 addr 02: 27c6:6594 Goodix Technology Co., Ltd., Goodix USB2.0 MISC full speed, power 100 mA, config 1, rev 1.00, iSerial UIDE2B30F1D__MOC_B0 driver: ugen0 addr 03: 04f2:b74f Chicony Electronics Co.,Ltd., Integrated Camera high speed, power 500 mA, config 1, rev 54.20, iSerial 0001 driver: uvideo0 driver: uvideo1 driver: ugen1 addr 04: 2109:2817 VIA Labs, Inc., USB2.0 Hub high speed, self powered, config 1, rev 6.23, iSerial 0 driver: uhub4 addr 05: 1a40:0801 Terminus Technology, USB 2.0 Hub high speed, self powered, config 1, rev 1.00 driver: uhub5 addr 06: 03f0:1a4a Lite-On Technology Corp., HP Wireless Slim Keyboard - Skylab EU full speed, power 100 mA, config 1, rev 0.66 driver: uhidev0 driver: uhidev1 driver: uhidev2 addr 07: 19f7:0015 R\M-XDE Microphones, R\M-XDE NT-USB Mini full speed, power 100 mA, config 1, rev 1.18, iSerial 45803936 driver: uaudio0 driver: uhidev3 addr 08: 0bda:5411 Generic, USB2.1 Hub high speed, self powered, config 1, rev 39.20 driver: uhub6 addr 09: 0bda:1100 Realtek, HID Device high speed, self powered, config 1, rev 1.01 driver: uhidev4 addr 10: 2109:8884 VIA Labs, Inc., USB Billboard Device high speed, self powered, config 1, rev 0.01, iSerial 0001 driver: ugen2 addr 11: 8087:0033 Intel, Bluetooth full speed, self powered, config 1, rev 0.00 driver: ugen3 # sysctl kern.video.record kern.video.record=1 # dmesg | grep "uvideo" uvideo0 at uhub1 port 4 configuration 1 interface 0 "Chicony Electronics Co.,Ltd. Integrated Camera" rev 2.01/54.20 addr 3 video0 at uvideo0 uvideo1 at uhub1 port 4 configuration 1 interface 2 "Chicony Electronics Co.,Ltd. Integrated Camera" rev 2.01/54.20 addr 3 video1 at uvideo1 # video -q -f /dev/video0 video device /dev/video0: encodings: yuy2 frame sizes (width x height, in pixels) and rates (in frames per second): 320x180: 30 320x240: 30 352x288: 30 424x
rsync repo for firmwares
Hi, is there any rsync mirror for firmwares ? thanks. Morgan
Re: Blocking users who change their IP address
6 octobre 2017 05:40 "Eric Johnson" a écrit: > On Fri, 6 Oct 2017, Mihai Popescu wrote: > >> I'm at a small Wireless ISP in a small town and have only a Class C block >> of addresses. >> >> [...] >> >> [...] >> >> Very romantic, indeed, but it has nothing to do with OpenBSD. >> Are you serious? > > Since the primary firewall and the DHCP server (and pretty much everything > else on my end) run on OpenBSD, if there is a way to do it with OpenBSD, > for example with pf, then I think that it should be a very good place to > ask the question. > > Of course, if there is no way to address the problem on computers running > OpenBSD, then I did ask in the wrong place. > > Based on your response, I assume that OpenBSD must be useless for trying > to solve that problem and I shall have to look elsewhere. > > Eric Hi, you just have to read the "dhcpd" man page I think. If I understand correctly your request "-C" is what you're looking for. I used this to build a captive portal in Python/Django on Matthieu Herrb's idea and work (https://hal-univ-tlse3.archives-ouvertes.fr/hal-01135123). I've not yet released the source code of the management interface but what you want to do can be done without code. Only with OpenBSD tools like PF and DHCPD. Morgan
Re: relayd TLS load balancer for multiple websites
28 septembre 2017 15:50 "mabi" a écrit: > Thanks for the pointer regarding SNI not being supported in relayd. I will go > on and find another > solution, probably HAproxy. > >> Original Message >> Subject: Re: relayd TLS load balancer for multiple websites >> Local Time: September 28, 2017 3:02 PM >> UTC Time: September 28, 2017 1:02 PM >> From: mcmer-open...@tor.at >> To: mabi >> openbsd-misc >> >> m...@protonmail.ch (mabi), 2017.09.28 (Thu) 13:32 (CEST): >>> I was wondering if it is possible to use relayd as load balancer with >>> TLS termination for multiple different websites residing on different >>> server. >> >> With a public IP per website: yes. Else: no. >> >> reyk@, 2014-07-24, "no SNI yet" >> https://marc.info/?l=openbsd-misc&m=140621533620964 >> >> recent thread: >> https://marc.info/?l=openbsd-misc&m=150599591326006 >> >> Marcus >> >> btw, protonmail"s "text/plain, base64, utf-8" reportedly keeps people >> from seeing these messages. Hi, I use Nginx for this, in production, since many years, it's simple and works well. Comete
Re: OpenBSD as a non-routing access point
Hi, I had the same problem with 6.1 on Alix 2D13 boards, I've created a bridge0 interface with vr0, vr1, vr2 and athn0 (the wireless one configured in hostap mode) but no ip address was given to any of the wifi connected devices by my dhcp server. However, all the computers linked with an ethernet cable to vr0, vr1 or vr2 get an ip... But I found that specifying a "chan " option in the interface configuration file allowed the dhcp to pass on the wireless interface. Is it a bug ?? By the way, no need to enable ipv4 forwarding with sysctl as I read in some posts. Thanks
pf: pfi_kif_unref: rules refcount <= 0
Hi, I run OpenBSD 6.0 GENERIC.MP#4 amd64 on a firewall and I recently discovered lots of these messages in dmesg: pf: pfi_kif_unref: rules refcount <= 0 do you know what it is ? Thanks Morgan
Re: strange behaviour with etherip bridge over IPSEC and UDP queries
28 mars 2017 16:40 "Scott Bonds" a écrit: > Interesting. I may have a similar problem and was planning to post about it > soon...in my case I've > been playing with rdomains, using PF to NAT > between them, and ikedv2. I've found that when I use ikedv2 to layer IPSEC on > top of my NATing > traffic between rdomains, TCP passes fine, UDP does not, though I can see > requests and replies > moving across enc0 (DNS requests that show the answer in the tcpdump output). > So, host -T > google.com 8.8.8.8 (TCP DNS lookup) works but host google.com 8.8.8.8 (UDP > DNS lookup) does not. > > On 03/28, Comète wrote: > >> Hi, >> >> I'm trying to build an IPSEC encrypted tunnel that works as a bridge. For >> this, I use isakmpd and etherip, vether, bridge interfaces. On each VPN >> server >> (Host A and B), I've got PF running on the external interface (em2). Both >> hosts run OpenBSD 6.0 stable amd64. >> Host A is my main server and host B is the >> client. >> >> Now the strange part: >> >> - If PF is running on each host (A and B), >> UDP queries from B to A network don't work (UDP only, TCP is ok. But I can >> see >> UDP packets with tcpdump going from B to A and coming back but they don't go >> out from the interface) >> >> - I disable PF on Host B only with "rcctl disable pf >> && reboot", all is working after reboot, all queries (dns, ntp...) are well >> sent from B to A through the VPN. Now, I enable PF again without rebooting >> with "pfctl -e && pfctl -f /etc/pf.conf" and it's still working. Then I start >> "rcctl enable pf" and reboot, and it doesn't work anymore for UDP queries... >> So to resume, if PF is started automatically at boot on host B (rcctl enable >> pf) then UDP don't pass but if I start it manually (pfctl -e && pfctl -f >> /etc/pf.conf), it works. >> >> I've tried tcpdump -nettti pflog0 during DNS/NTP >> queries but I don't see anything blocked. As I said, if I try tcpdump -nettti >> em0 I can even see the answer from the DNS server coming back but dig doesn't >> get it. >> >> I just don't understand why my UDP packets don't pass, so if you have >> a idea, you're welcome ;) >> >> thanks. >> >> This my setup on Host B (Host A is >> similar) >> >> ipsec.conf: >> --- >> >> ike active esp proto etherip from $local_gw >> to $remote_gw \ >> main auth "hmac-sha1" enc "aes-128" group modp2048 >> lifetime 1800 \ >> quick enc "aes-128-gcm" group modp2048 lifetime 1200 \ >> srcid $local_gw >> >> ipsecctl -sa >> --- >> ipsecctl -sa >> FLOWS: >> flow esp in >> proto etherip from 10.65.12.10 to 10.65.13.10 peer 10.65.12.10 srcid >> 10.65.13.10/32 dstid 10.65.12.10/32 type use >> flow esp out proto etherip from >> 10.65.13.10 to 10.65.12.10 peer 10.65.12.10 srcid 10.65.13.10/32 dstid >> 10.65.12.10/32 type require >> >> SAD: >> esp tunnel from 10.65.13.10 to 10.65.12.10 >> spi 0xd5acc570 enc aes-128-gcm >> esp tunnel from 10.65.12.10 to 10.65.13.10 spi >> 0xe19efd9f enc aes-128-gcm >> >> pf.conf: >> >> ext_if = "em2" >> int_if = >> "internal" >> >> match in all scrub (no-df random-id max-mss 1200) >> antispoof for { >> $ext_if, $int_if } inet >> set skip on { lo, enc, $int_if } >> set loginterface >> $ext_if >> match out on $ext_if from any to any nat-to ($ext_if) >> block log all >> pass quick on em0 >> >> # VPN >> pass in on $ext_if proto udp from any to $ext_if port >> { isakmp, ipsec-nat-t } >> pass out on $ext_if proto udp from $ext_if to any port >> { isakmp, ipsec-nat-t } >> pass in on $ext_if proto esp from any to $ext_if >> pass >> out on $ext_if proto esp from $ext_if to any >> >> /etc/hostname.bridge0: >> -- >> link2 >> add etherip0 >> add vether0 >> add em0 >> group "internal" >> up >> >> /etc/hostname.etherip0 >> -- >> tunnel 10.65.13.10 >> 10.65.12.10 >> group internal >> up >> >> /etc/hostname.vether0 >> - >> inet 10.14.254.35 255.255.0.0 NONE >> description "Interconnexion" >> group >> "internal" >> up >> >> /etc/hostname.em0 >> -- >> up >> >> /etc/hostname.em2 >> -- >> inet 10.65.13.10 255.255.255.0 NONE >> description "Evil >> Network" >> group "external" >> up >> !route add -inet 10.65.12.0/24 10.65.13.1 >> /etc/sysctl.conf >> >> net.inet.ip.forwarding=1 >> net.inet.etherip.allow=1 Problem resolved. I did all my tests without pluging the internal physical interface (em0) on Host B which is a member of the bridge0. As soon as I plugged it in a switch, everything worked ! So, it seems that even if the vether interface in the bridge is active, you also need to activate the physical one to make it work. Strange because only UDP requests are concerned in this case...
Re: strange behaviour with etherip bridge over IPSEC and UDP queries
2 avril 2017 11:49 "Comète" a écrit: >> On 03/28, Comète wrote: > > Hi, > > I'm trying to build an IPSEC encrypted tunnel that works as a bridge. For > this, I use isakmpd and etherip, vether, bridge interfaces. On each VPN server > (Host A and B), I've got PF running on the external interface (em2). Both > hosts run OpenBSD 6.0 stable amd64. > Host A is my main server and host B is the > client. > > Now the strange part: > > - If PF is running on each host (A and B), > UDP queries from B to A network don't work (UDP only, TCP is ok. But I can see > UDP packets with tcpdump going from B to A and coming back but they don't go > out from the interface) > > - I disable PF on Host B only with "rcctl disable pf > && reboot", all is working after reboot, all queries (dns, ntp...) are well > sent from B to A through the VPN. Now, I enable PF again without rebooting > with "pfctl -e && pfctl -f /etc/pf.conf" and it's still working. Then I start > "rcctl enable pf" and reboot, and it doesn't work anymore for UDP queries... > So to resume, if PF is started automatically at boot on host B (rcctl enable > pf) then UDP don't pass but if I start it manually (pfctl -e && pfctl -f > /etc/pf.conf), it works. > > I've tried tcpdump -nettti pflog0 during DNS/NTP > queries but I don't see anything blocked. As I said, if I try tcpdump -nettti > em0 I can even see the answer from the DNS server coming back but dig doesn't > get it. > > I just don't understand why my UDP packets don't pass, so if you have > a idea, you're welcome ;) > > thanks. > > This my setup on Host B (Host A is > similar) > > ipsec.conf: > --- > > ike active esp proto etherip from $local_gw > to $remote_gw \ > main auth "hmac-sha1" enc "aes-128" group modp2048 > lifetime 1800 \ > quick enc "aes-128-gcm" group modp2048 lifetime 1200 \ > srcid $local_gw > > ipsecctl -sa > --- > ipsecctl -sa > FLOWS: > flow esp in > proto etherip from 10.65.12.10 to 10.65.13.10 peer 10.65.12.10 srcid > 10.65.13.10/32 dstid 10.65.12.10/32 type use > flow esp out proto etherip from > 10.65.13.10 to 10.65.12.10 peer 10.65.12.10 srcid 10.65.13.10/32 dstid > 10.65.12.10/32 type require > > SAD: > esp tunnel from 10.65.13.10 to 10.65.12.10 > spi 0xd5acc570 enc aes-128-gcm > esp tunnel from 10.65.12.10 to 10.65.13.10 spi > 0xe19efd9f enc aes-128-gcm > > pf.conf: > > ext_if = "em2" > int_if = > "internal" > > match in all scrub (no-df random-id max-mss 1200) > antispoof for { > $ext_if, $int_if } inet > set skip on { lo, enc, $int_if } > set loginterface > $ext_if > match out on $ext_if from any to any nat-to ($ext_if) > block log all > pass quick on em0 > > # VPN > pass in on $ext_if proto udp from any to $ext_if port > { isakmp, ipsec-nat-t } > pass out on $ext_if proto udp from $ext_if to any port > { isakmp, ipsec-nat-t } > pass in on $ext_if proto esp from any to $ext_if > pass > out on $ext_if proto esp from $ext_if to any > > /etc/hostname.bridge0: > -- > link2 > add etherip0 > add vether0 > add em0 > group "internal" > up > > /etc/hostname.etherip0 > -- > tunnel 10.65.13.10 > 10.65.12.10 > group internal > up > > /etc/hostname.vether0 > - > inet 10.14.254.35 255.255.0.0 NONE > description "Interconnexion" > group > "internal" > up > > /etc/hostname.em0 > -- > up > > /etc/hostname.em2 > -- > inet 10.65.13.10 255.255.255.0 NONE > description "Evil > Network" > group "external" > up > !route add -inet 10.65.12.0/24 10.65.13.1 > /etc/sysctl.conf > > net.inet.ip.forwarding=1 > net.inet.etherip.allow=1 > > 28 mars 2017 16:40 "Scott Bonds" a écrit: > >> Interesting. I may have a similar problem and was planning to post about it soon...in my case I've >> been playing with rdomains, using PF to NAT >> between them, and ikedv2. I've found that when I use ikedv2 to layer IPSEC on top of my NATing >> traffic between rdomains, TCP passes fine, UDP does not, though I can see requests and replies >> moving across enc0 (DNS requests that show the answer in the tcpdump output). So, host -T >> google.com 8.8.8.8 (TCP DNS lookup) works but host google.com 8.8.8.8 (UDP DNS lookup) does not. > > Hi, > > up ! :) > > Any idea about this problem ? Is it a bug ? Or maybe a wrong setup ? > > Thanks guys > > Morgan Hi, i've just noticed that pf states are different when PF is enabled at boot or not. So when it is enabled at boot: all udp 10.65.13.10:56371 (10.65.13.10:4500) -> 10.65.12.10:4500 MULTIPLE:MULTIPLE (then in this case UDP requests don't work) When PF is enabled manually (pfctl -e && pfctl -f /etc/pf.conf): all esp 10.65.13.10 -> 10.65.12.10 MULTIPLE:MULTIPLE (in this case UDP works) Any idea ? does this help ? Thanks
Re: strange behaviour with etherip bridge over IPSEC and UDP queries
> On 03/28, Comète wrote: > >> Hi, >> >> I'm trying to build an IPSEC encrypted tunnel that works as a bridge. For >> this, I use isakmpd and etherip, vether, bridge interfaces. On each VPN server >> (Host A and B), I've got PF running on the external interface (em2). Both >> hosts run OpenBSD 6.0 stable amd64. >> Host A is my main server and host B is the >> client. >> >> Now the strange part: >> >> - If PF is running on each host (A and B), >> UDP queries from B to A network don't work (UDP only, TCP is ok. But I can see >> UDP packets with tcpdump going from B to A and coming back but they don't go >> out from the interface) >> >> - I disable PF on Host B only with "rcctl disable pf >> && reboot", all is working after reboot, all queries (dns, ntp...) are well >> sent from B to A through the VPN. Now, I enable PF again without rebooting >> with "pfctl -e && pfctl -f /etc/pf.conf" and it's still working. Then I start >> "rcctl enable pf" and reboot, and it doesn't work anymore for UDP queries... >> So to resume, if PF is started automatically at boot on host B (rcctl enable >> pf) then UDP don't pass but if I start it manually (pfctl -e && pfctl -f >> /etc/pf.conf), it works. >> >> I've tried tcpdump -nettti pflog0 during DNS/NTP >> queries but I don't see anything blocked. As I said, if I try tcpdump -nettti >> em0 I can even see the answer from the DNS server coming back but dig doesn't >> get it. >> >> I just don't understand why my UDP packets don't pass, so if you have >> a idea, you're welcome ;) >> >> thanks. >> >> This my setup on Host B (Host A is >> similar) >> >> ipsec.conf: >> --- >> >> ike active esp proto etherip from $local_gw >> to $remote_gw \ >> main auth "hmac-sha1" enc "aes-128" group modp2048 >> lifetime 1800 \ >> quick enc "aes-128-gcm" group modp2048 lifetime 1200 \ >> srcid $local_gw >> >> ipsecctl -sa >> --- >> ipsecctl -sa >> FLOWS: >> flow esp in >> proto etherip from 10.65.12.10 to 10.65.13.10 peer 10.65.12.10 srcid >> 10.65.13.10/32 dstid 10.65.12.10/32 type use >> flow esp out proto etherip from >> 10.65.13.10 to 10.65.12.10 peer 10.65.12.10 srcid 10.65.13.10/32 dstid >> 10.65.12.10/32 type require >> >> SAD: >> esp tunnel from 10.65.13.10 to 10.65.12.10 >> spi 0xd5acc570 enc aes-128-gcm >> esp tunnel from 10.65.12.10 to 10.65.13.10 spi >> 0xe19efd9f enc aes-128-gcm >> >> pf.conf: >> >> ext_if = "em2" >> int_if = >> "internal" >> >> match in all scrub (no-df random-id max-mss 1200) >> antispoof for { >> $ext_if, $int_if } inet >> set skip on { lo, enc, $int_if } >> set loginterface >> $ext_if >> match out on $ext_if from any to any nat-to ($ext_if) >> block log all >> pass quick on em0 >> >> # VPN >> pass in on $ext_if proto udp from any to $ext_if port >> { isakmp, ipsec-nat-t } >> pass out on $ext_if proto udp from $ext_if to any port >> { isakmp, ipsec-nat-t } >> pass in on $ext_if proto esp from any to $ext_if >> pass >> out on $ext_if proto esp from $ext_if to any >> >> /etc/hostname.bridge0: >> -- >> link2 >> add etherip0 >> add vether0 >> add em0 >> group "internal" >> up >> >> /etc/hostname.etherip0 >> -- >> tunnel 10.65.13.10 >> 10.65.12.10 >> group internal >> up >> >> /etc/hostname.vether0 >> - >> inet 10.14.254.35 255.255.0.0 NONE >> description "Interconnexion" >> group >> "internal" >> up >> >> /etc/hostname.em0 >> -- >> up >> >> /etc/hostname.em2 >> -- >> inet 10.65.13.10 255.255.255.0 NONE >> description "Evil >> Network" >> group "external" >> up >> !route add -inet 10.65.12.0/24 10.65.13.1 >> /etc/sysctl.conf >> >> net.inet.ip.forwarding=1 >> net.inet.etherip.allow=1 28 mars 2017 16:40 "Scott Bonds" a écrit: > Interesting. I may have a similar problem and was planning to post about it soon...in my case I've > been playing with rdomains, using PF to NAT > between them, and ikedv2. I've found that when I use ikedv2 to layer IPSEC on top of my NATing > traffic between rdomains, TCP passes fine, UDP does not, though I can see requests and replies > moving across enc0 (DNS requests that show the answer in the tcpdump output). So, host -T > google.com 8.8.8.8 (TCP DNS lookup) works but host google.com 8.8.8.8 (UDP DNS lookup) does not. > Hi, up ! :) Any idea about this problem ? Is it a bug ? Or maybe a wrong setup ? Thanks guys Morgan
Re: strange behaviour with etherip bridge over IPSEC and UDP queries
28 mars 2017 16:40 "Scott Bonds" a écrit: > Interesting. I may have a similar problem and was planning to post about it soon...in my case I've > been playing with rdomains, using PF to NAT > between them, and ikedv2. I've found that when I use ikedv2 to layer IPSEC on top of my NATing > traffic between rdomains, TCP passes fine, UDP does not, though I can see requests and replies > moving across enc0 (DNS requests that show the answer in the tcpdump output). So, host -T > google.com 8.8.8.8 (TCP DNS lookup) works but host google.com 8.8.8.8 (UDP DNS lookup) does not. > > On 03/28, Comète wrote: > >> Hi, >> >> I'm trying to build an IPSEC encrypted tunnel that works as a bridge. For >> this, I use isakmpd and etherip, vether, bridge interfaces. On each VPN server >> (Host A and B), I've got PF running on the external interface (em2). Both >> hosts run OpenBSD 6.0 stable amd64. >> Host A is my main server and host B is the >> client. >> >> Now the strange part: >> >> - If PF is running on each host (A and B), >> UDP queries from B to A network don't work (UDP only, TCP is ok. But I can see >> UDP packets with tcpdump going from B to A and coming back but they don't go >> out from the interface) >> >> - I disable PF on Host B only with "rcctl disable pf >> && reboot", all is working after reboot, all queries (dns, ntp...) are well >> sent from B to A through the VPN. Now, I enable PF again without rebooting >> with "pfctl -e && pfctl -f /etc/pf.conf" and it's still working. Then I start >> "rcctl enable pf" and reboot, and it doesn't work anymore for UDP queries... >> So to resume, if PF is started automatically at boot on host B (rcctl enable >> pf) then UDP don't pass but if I start it manually (pfctl -e && pfctl -f >> /etc/pf.conf), it works. >> >> I've tried tcpdump -nettti pflog0 during DNS/NTP >> queries but I don't see anything blocked. As I said, if I try tcpdump -nettti >> em0 I can even see the answer from the DNS server coming back but dig doesn't >> get it. >> >> I just don't understand why my UDP packets don't pass, so if you have >> a idea, you're welcome ;) >> >> thanks. >> >> This my setup on Host B (Host A is >> similar) >> >> ipsec.conf: >> --- >> >> ike active esp proto etherip from $local_gw >> to $remote_gw \ >> main auth "hmac-sha1" enc "aes-128" group modp2048 >> lifetime 1800 \ >> quick enc "aes-128-gcm" group modp2048 lifetime 1200 \ >> srcid $local_gw >> >> ipsecctl -sa >> --- >> ipsecctl -sa >> FLOWS: >> flow esp in >> proto etherip from 10.65.12.10 to 10.65.13.10 peer 10.65.12.10 srcid >> 10.65.13.10/32 dstid 10.65.12.10/32 type use >> flow esp out proto etherip from >> 10.65.13.10 to 10.65.12.10 peer 10.65.12.10 srcid 10.65.13.10/32 dstid >> 10.65.12.10/32 type require >> >> SAD: >> esp tunnel from 10.65.13.10 to 10.65.12.10 >> spi 0xd5acc570 enc aes-128-gcm >> esp tunnel from 10.65.12.10 to 10.65.13.10 spi >> 0xe19efd9f enc aes-128-gcm >> >> pf.conf: >> >> ext_if = "em2" >> int_if = >> "internal" >> >> match in all scrub (no-df random-id max-mss 1200) >> antispoof for { >> $ext_if, $int_if } inet >> set skip on { lo, enc, $int_if } >> set loginterface >> $ext_if >> match out on $ext_if from any to any nat-to ($ext_if) >> block log all >> pass quick on em0 >> >> # VPN >> pass in on $ext_if proto udp from any to $ext_if port >> { isakmp, ipsec-nat-t } >> pass out on $ext_if proto udp from $ext_if to any port >> { isakmp, ipsec-nat-t } >> pass in on $ext_if proto esp from any to $ext_if >> pass >> out on $ext_if proto esp from $ext_if to any >> >> /etc/hostname.bridge0: >> -- >> link2 >> add etherip0 >> add vether0 >> add em0 >> group "internal" >> up >> >> /etc/hostname.etherip0 >> -- >> tunnel 10.65.13.10 >> 10.65.12.10 >> group internal >> up >> >> /etc/hostname.vether0 >> - >> inet 10.14.254.35 255.255.0.0 NONE >> description "Interconnexion" >> group >> "internal" >> up >> >> /etc/hostname.em0 >> -- >> up >> >> /etc/hostname.em2 >> -- >> inet 10.65.13.10 255.255.255.0 NONE >> description "Evil >> Network" >> group "external" >> up >> !route add -inet 10.65.12.0/24 10.65.13.1 >> /etc/sysctl.conf >> >> net.inet.ip.forwarding=1 >> net.inet.etherip.allow=1 Yes this is exactly what I have noticed too, I can clearly see the reply of my DNS query with the DNS record resolved, but it stops here, dig can't get it. All TCP queries are ok but no UDP at all (dns, ntp, tcpbench -u, ...)
strange behaviour with etherip bridge over IPSEC and UDP queries
Hi, I'm trying to build an IPSEC encrypted tunnel that works as a bridge. For this, I use isakmpd and etherip, vether, bridge interfaces. On each VPN server (Host A and B), I've got PF running on the external interface (em2). Both hosts run OpenBSD 6.0 stable amd64. Host A is my main server and host B is the client. Now the strange part: - If PF is running on each host (A and B), UDP queries from B to A network don't work (UDP only, TCP is ok. But I can see UDP packets with tcpdump going from B to A and coming back but they don't go out from the interface) - I disable PF on Host B only with "rcctl disable pf && reboot", all is working after reboot, all queries (dns, ntp...) are well sent from B to A through the VPN. Now, I enable PF again without rebooting with "pfctl -e && pfctl -f /etc/pf.conf" and it's still working. Then I start "rcctl enable pf" and reboot, and it doesn't work anymore for UDP queries... So to resume, if PF is started automatically at boot on host B (rcctl enable pf) then UDP don't pass but if I start it manually (pfctl -e && pfctl -f /etc/pf.conf), it works. I've tried tcpdump -nettti pflog0 during DNS/NTP queries but I don't see anything blocked. As I said, if I try tcpdump -nettti em0 I can even see the answer from the DNS server coming back but dig doesn't get it. I just don't understand why my UDP packets don't pass, so if you have a idea, you're welcome ;) thanks. This my setup on Host B (Host A is similar) ipsec.conf: --- ike active esp proto etherip from $local_gw to $remote_gw \ main auth "hmac-sha1" enc "aes-128" group modp2048 lifetime 1800 \ quick enc "aes-128-gcm" group modp2048 lifetime 1200 \ srcid $local_gw ipsecctl -sa --- ipsecctl -sa FLOWS: flow esp in proto etherip from 10.65.12.10 to 10.65.13.10 peer 10.65.12.10 srcid 10.65.13.10/32 dstid 10.65.12.10/32 type use flow esp out proto etherip from 10.65.13.10 to 10.65.12.10 peer 10.65.12.10 srcid 10.65.13.10/32 dstid 10.65.12.10/32 type require SAD: esp tunnel from 10.65.13.10 to 10.65.12.10 spi 0xd5acc570 enc aes-128-gcm esp tunnel from 10.65.12.10 to 10.65.13.10 spi 0xe19efd9f enc aes-128-gcm pf.conf: ext_if = "em2" int_if = "internal" match in all scrub (no-df random-id max-mss 1200) antispoof for { $ext_if, $int_if } inet set skip on { lo, enc, $int_if } set loginterface $ext_if match out on $ext_if from any to any nat-to ($ext_if) block log all pass quick on em0 # VPN pass in on $ext_if proto udp from any to $ext_if port { isakmp, ipsec-nat-t } pass out on $ext_if proto udp from $ext_if to any port { isakmp, ipsec-nat-t } pass in on $ext_if proto esp from any to $ext_if pass out on $ext_if proto esp from $ext_if to any /etc/hostname.bridge0: -- link2 add etherip0 add vether0 add em0 group "internal" up /etc/hostname.etherip0 -- tunnel 10.65.13.10 10.65.12.10 group internal up /etc/hostname.vether0 - inet 10.14.254.35 255.255.0.0 NONE description "Interconnexion" group "internal" up /etc/hostname.em0 -- up /etc/hostname.em2 -- inet 10.65.13.10 255.255.255.0 NONE description "Evil Network" group "external" up !route add -inet 10.65.12.0/24 10.65.13.1 /etc/sysctl.conf net.inet.ip.forwarding=1 net.inet.etherip.allow=1
Re: jme0: watchdog timeout
9 février 2017 18:40 "Daniel Bolgheroni" a écrit: > On Wed, Feb 08, 2017 at 10:04:04AM +, Comète wrote: > >> Hi, >> >> I use OpenBSD 6.0 amd64 (stable) on a Shuttle XS35v2. I've installed >> "ushare" but same problem with "minidlna" and I don't think the problem comes >> from these apps... When I try to read a big file (ex.: a 1Go video) from my >> DLNA player, nothing starts playing and the jme driver on the Shuttle reports >> these warnings on dmesg: >> >> jme0: watchdog timeout >> jme0: stopping transmitter >> timeout! >> jme0: stopping transmitter timeout! >> jme0: stopping transmitter >> timeout! >> jme0: watchdog timeout >> jme0: stopping transmitter timeout! >> jme0: >> stopping transmitter timeout! >> jme0: watchdog timeout >> jme0: stopping >> transmitter timeout! >> jme0: stopping transmitter timeout! >> jme0: stopping >> transmitter timeout! >> jme0: watchdog timeout >> jme0: stopping transmitter >> timeout! >> jme0: stopping transmitter timeout! >> jme0: watchdog timeout >> jme0: >> watchdog timeout >> >> and the NIC sometimes stops working until I reboot the >> machine. >> >> I saw an identical report on the mailing list some time ago, but I >> didn't manage to find it. > > I did report to bugs@ a while ago: > > http://marc.info/?l=openbsd-bugs&m=146958374430709&w=2 > > -- > db Ah ok thanks, it was this post indeed ;) The man page says that Jonathan Gray ported this driver and I had some mails exchange too with Brad Smith some years ago who fixed some bugs on this driver. Did one of them already contact you about this problem ? Thanks. Morgan
jme0: watchdog timeout
Hi, I use OpenBSD 6.0 amd64 (stable) on a Shuttle XS35v2. I've installed "ushare" but same problem with "minidlna" and I don't think the problem comes from these apps... When I try to read a big file (ex.: a 1Go video) from my DLNA player, nothing starts playing and the jme driver on the Shuttle reports these warnings on dmesg: jme0: watchdog timeout jme0: stopping transmitter timeout! jme0: stopping transmitter timeout! jme0: stopping transmitter timeout! jme0: watchdog timeout jme0: stopping transmitter timeout! jme0: stopping transmitter timeout! jme0: watchdog timeout jme0: stopping transmitter timeout! jme0: stopping transmitter timeout! jme0: stopping transmitter timeout! jme0: watchdog timeout jme0: stopping transmitter timeout! jme0: stopping transmitter timeout! jme0: watchdog timeout jme0: watchdog timeout and the NIC sometimes stops working until I reboot the machine. I saw an identical report on the mailing list some time ago, but I didn't manage to find it. I join my dmesg if it can help. Thanks for your help. Morgan OpenBSD 6.0 (GENERIC.MP) #2: Mon Oct 17 10:22:47 CEST 2016 r...@stable-60-amd64.mtier.org:/binpatchng/work-binpatch60-amd64/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2120941568 (2022MB) avail mem = 2052247552 (1957MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xfc8b0 (23 entries) bios0: vendor American Megatrends Inc. version "2.01" date 11/14/2012 bios0: Shuttle Inc. XS35 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC MCFG SLIC OEMB HPET GSCI acpi0: wakeup devices P0P1(S4) AZAL(S3) P0P4(S4) P0P5(S4) JLAN(S3) P0P6(S4) RLAN(S3) P0P7(S4) P0P8(S4) P0P9(S4) USB0(S3) USB1(S3) USB2(S3) USB3(S3) EUSB(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Atom(TM) CPU D525 @ 1.80GHz, 2154.87 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF,PERF,SENSOR cpu0: 512KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 199MHz cpu0: mwait min=64, max=64, C-substates=0.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Atom(TM) CPU D525 @ 1.80GHz, 1795.50 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF,PERF,SENSOR cpu1: 512KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 1 (application processor) cpu2: Intel(R) Atom(TM) CPU D525 @ 1.80GHz, 1795.50 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF,PERF,SENSOR cpu2: 512KB 64b/line 8-way L2 cache cpu2: smt 1, core 0, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Atom(TM) CPU D525 @ 1.80GHz, 1795.50 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF,PERF,SENSOR cpu3: 512KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 4 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 4 (P0P1) acpiprt2 at acpi0: bus 1 (P0P4) acpiprt3 at acpi0: bus 2 (P0P5) acpiprt4 at acpi0: bus -1 (P0P6) acpiprt5 at acpi0: bus 3 (P0P7) acpiprt6 at acpi0: bus -1 (P0P8) acpiprt7 at acpi0: bus -1 (P0P9) acpiec0 at acpi0 acpicpu0 at acpi0: C1(@1 halt!) acpicpu1 at acpi0: C1(@1 halt!) acpicpu2 at acpi0: C1(@1 halt!) acpicpu3 at acpi0: C1(@1 halt!) acpitz0 at acpi0: critical temperature is 104 degC "PNP0303" at acpi0 not configured "PNP0F03" at acpi0 not configured acpibtn0 at acpi0: SLPB acpibtn1 at acpi0: PWRB "PNP0C14" at acpi0 not configured acpivideo0 at acpi0: GFX0 acpivout0 at acpivideo0: LCD_ pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel Pineview DMI" rev 0x02 inteldrm0 at pci0 dev 2 function 0 "Intel Pineview Video" rev 0x02 drm0 at inteldrm0 intagp0 at inteldrm0 agp0 at intagp0: aperture at 0xd000, size 0x1000 inteldrm0: msi inteldrm0: 1024x768 wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation) wsdisplay0: screen 1-5 added (std, vt100 emulation) "Intel Pineview Video" rev 0x02 at pci0 dev 2 function 1 not configured azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: msi azalia0: codecs: IDT 92HD81B1X audio0 at azalia0 ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02: msi pci1 at ppb0 bus 1 ppb1 at
strange behaviour with route-to, default route, and ping -I
Hello, I use route-to in my pf.conf to route packets from my LAN through 4 non-equal WAN links (multipath routing is disabled). It works nicely, but if I try to send pings from the firewall itself through a specific WAN interface with ping -I or traceroute -s commands, it's always the default route on the FW that is used. I means the pings are always sent through the default route, I can see them with tcpdump. I've tried to change the default route, then this new one will be used whatever WAN interface I choose to send my pings, so it really seems to be related to default route. I'm sure i've forgotten something, but I can't see what... Thanks for your help Morgan
Re: OSPFD over IPSEC
14 novembre 2016 22:50 "Remi Locherer" a écrit: > On Mon, Nov 14, 2016 at 04:50:21PM +, Comète wrote: > >> 14 novembre 2016 14:50 "Remi Locherer" a écrit: >> On >> 2016-11-14 12:48, Comète wrote: >> >> Hi, >> I'm trying to run OSPFD over >> IPSEC with OpenBSD 6.0 stable, so I first >> start looking at > >> http://undeadly.org/cgi?action=article&sid=20131105075303 >> Now that etherip >> has it's own interface in 6.0, I tried to replace gif > with >> etherip like >> this: > > [...] > >> Can >> you show pf.conf? Are there any blocks if you check on pflog0 with tcpdump? >> >> But why do you want to have Ethernet frames tunneled? If you use gif >> interfaces >> and make ospfd beeing active on it you save a few bits. That way >> you can make >> the MTU bigger. >> https://cway.cisco.com/tools/ipsec-overhead-calc can give you >> and idea how >> big your MTU can be (needs an account but is free). >> >> Be careful when >> configuring gif interfaces. ospfd only recognizes that it is a >> >> point-to-point interface when you configure the netmask as 255.255.255.255. >> I finally got it working. I forgot the 'link2' option in /etc/hostname.bridge0 >> : >> >> -=>> cat /etc/hostname.bridge0 >> add etherip0 add vether0 >> up link2 >> >> but it >> wasn't enough... >> I had to set 'net.inet.etherip.allow=1' in sysctl.conf >> despite what it is said in the 'etherip' man page: >> >> "The sysctl(3) variable >> net.inet.etherip.allow must be set to 1, unless ipsec(4) is being used to >> protect the traffic." >> >> This is what I don't understand, is there any >> particular case in this configuration or maybe something changed in 6.0 ? >> thanks > > I can not tell you what is wrong with your configuration. Im not using > etherip. But why do you think you need to tunnel Ethernet? You don't need it > for ospf. rWWith gif interfaces you're doing ip-over-ip and don't need > bridge and vether. Then just add the gif interface to ospfd.conf. I've made another test with GIF and vether interfaces following this tutorial: http://undeadly.org/cgi?action=article&sid=20131105075303 (the author talked about multicast problems when using only gif...). It works too and I can see a bandwith gain of 13 Mbps, with ipsec (aes-128-gcm) and pf enabled, compared to the same setup with etherip interfaces. But again I needed to set net.inet.etherip.allow=1 to make it work.
Re: OSPFD over IPSEC
14 novembre 2016 22:50 "Remi Locherer" a écrit: > On Mon, Nov 14, 2016 at 04:50:21PM +, Comète wrote: > >> 14 novembre 2016 14:50 "Remi Locherer" a écrit: >> On >> 2016-11-14 12:48, Comète wrote: >> >> Hi, >> I'm trying to run OSPFD over >> IPSEC with OpenBSD 6.0 stable, so I first >> start looking at > >> http://undeadly.org/cgi?action=article&sid=20131105075303 >> Now that etherip >> has it's own interface in 6.0, I tried to replace gif > with >> etherip like >> this: > > [...] > >> Can >> you show pf.conf? Are there any blocks if you check on pflog0 with tcpdump? >> >> But why do you want to have Ethernet frames tunneled? If you use gif >> interfaces >> and make ospfd beeing active on it you save a few bits. That way >> you can make >> the MTU bigger. >> https://cway.cisco.com/tools/ipsec-overhead-calc can give you >> and idea how >> big your MTU can be (needs an account but is free). >> >> Be careful when >> configuring gif interfaces. ospfd only recognizes that it is a >> >> point-to-point interface when you configure the netmask as 255.255.255.255. >> I finally got it working. I forgot the 'link2' option in /etc/hostname.bridge0 >> : >> >> -=>> cat /etc/hostname.bridge0 >> add etherip0 add vether0 >> up link2 >> >> but it >> wasn't enough... >> I had to set 'net.inet.etherip.allow=1' in sysctl.conf >> despite what it is said in the 'etherip' man page: >> >> "The sysctl(3) variable >> net.inet.etherip.allow must be set to 1, unless ipsec(4) is being used to >> protect the traffic." >> >> This is what I don't understand, is there any >> particular case in this configuration or maybe something changed in 6.0 ? >> thanks > > I can not tell you what is wrong with your configuration. Im not using > etherip. But why do you think you need to tunnel Ethernet? You don't need it > for ospf. rWWith gif interfaces you're doing ip-over-ip and don't need > bridge and vether. Then just add the gif interface to ospfd.conf. Ok, good to know, I will test this too. In fact, I will need etherip for some sites where I use VLANS. But for others, IP over IP will be ok. So thank you for the advice. If someone knows why, with etherip over IPSEC, I had to set 'net.inet.etherip.allow=1' in sysctl.conf ? The question is still opened... Thanks
Re: OSPFD over IPSEC
14 novembre 2016 14:50 "Remi Locherer" a écrit: > On 2016-11-14 12:48, Comète wrote: > >> Hi, >> I'm trying to run OSPFD over IPSEC with OpenBSD 6.0 stable, so I first >> start looking at > http://undeadly.org/cgi?action=article&sid=20131105075303 >> Now that etherip has it's own interface in 6.0, I tried to replace gif > with >> etherip like this: >> On one host: >> >> -=>> cat /etc/hostname.bridge0 >> add etherip0 add vether0 >> up >> -=>> cat /etc/hostname.vether0 >> inet 10.60.10.2 >> 255.255.255.0 NONE up >> -=>> cat /etc/hostname.etherip0 >> tunnel 1.2.3.4 4.3.2.1 >> up >> -=>> doas cat /etc/ipsec.conf >> ike active esp proto etherip from 1.2.3.4 to >> 4.3.2.1 psk "mypassword" >>> -=>> doas ipsecctl -sa >> FLOWS: >> flow esp in proto >> etherip from 4.3.2.1 to 1.2.3.4 peer 4.3.2.1 srcid 1.2.3.4/32 dstid > 4.3.2.1/32 >> type use >> flow esp out proto etherip from 1.2.3.4 to 4.3.2.1 peer 4.3.2.1 srcid >> 1.2.3.4/32 dstid 4.3.2.1/32 type require >> SAD: >> esp tunnel from 4.3.2.1 to >> 1.2.3.4 spi 0x3d8e9212 auth hmac-sha2-256 enc aes >> esp tunnel from 1.2.3.4 to >> 4.3.2.1 spi 0x900fc2c5 auth hmac-sha2-256 enc aes >>> On the other host: >> -- >> -=>> cat /etc/hostname.bridge0 >> add etherip0 add vether0 >> up >> -=>> cat /etc/hostname.vether0 >> inet 10.60.10.1 255.255.255.0 NONE up >> -=>> cat >> /etc/hostname.etherip0 >> tunnel 4.3.2.1 1.2.3.4 up >> -=>> doas cat >> /etc/ipsec.conf >> ike passive esp proto etherip from 4.3.2.1 to 1.2.3.4 psk >> "mypassword" >>> -=>> doas ipsecctl -sa >> FLOWS: >> flow esp in proto etherip from >> 1.2.3.4 to 4.3.2.1 peer 1.2.3.4 srcid 4.3.2.1/32 dstid 1.2.3.4/32 type > use >> flow esp out proto etherip from 4.3.2.1 to 1.2.3.4 peer 1.2.3.4 srcid >> 4.3.2.1/32 dstid 1.2.3.4/32 type require >> SAD: >> esp tunnel from 4.3.2.1 to >> 1.2.3.4 spi 0x3d8e9212 auth hmac-sha2-256 enc aes >> esp tunnel from 1.2.3.4 to >> 4.3.2.1 spi 0x900fc2c5 auth hmac-sha2-256 enc aes >>> I forgot to mention that i >> didn't set net.inet.etherip.allow=1 and let it set to 0, as said in > "etherip" >> man page, because I use IPSEC. >> As you can see the ipsec VPN is well >> established, but my problem is that I can't ping 10.60.10.1 from > 10.60.10.2 >> and 10.60.10.2 from 10.60.10.1. >> On each vether interface, tcpdump -nettti >> shows me that nothing is going out of them. >> Any idea ? > > Can you show pf.conf? Are there any blocks if you check on pflog0 with tcpdump? > > But why do you want to have Ethernet frames tunneled? If you use gif interfaces > and make ospfd beeing active on it you save a few bits. That way you can make > the MTU bigger. https://cway.cisco.com/tools/ipsec-overhead-calc can give you > and idea how big your MTU can be (needs an account but is free). > > Be careful when configuring gif interfaces. ospfd only recognizes that it is a > point-to-point interface when you configure the netmask as 255.255.255.255. I finally got it working. I forgot the 'link2' option in /etc/hostname.bridge0 : -=>> cat /etc/hostname.bridge0 add etherip0 add vether0 up link2 but it wasn't enough... I had to set 'net.inet.etherip.allow=1' in sysctl.conf despite what it is said in the 'etherip' man page: "The sysctl(3) variable net.inet.etherip.allow must be set to 1, unless ipsec(4) is being used to protect the traffic." This is what I don't understand, is there any particular case in this configuration or maybe something changed in 6.0 ? thanks
Re: OSPFD over IPSEC
14 novembre 2016 14:50 "Remi Locherer" a écrit: > On 2016-11-14 12:48, Comète wrote: > >> Hi, >> I'm trying to run OSPFD over IPSEC with OpenBSD 6.0 stable, so I first >> start looking at > http://undeadly.org/cgi?action=article&sid=20131105075303 >> Now that etherip has it's own interface in 6.0, I tried to replace gif > with >> etherip like this: >> On one host: >> >> -=>> cat /etc/hostname.bridge0 >> add etherip0 add vether0 >> up >> -=>> cat /etc/hostname.vether0 >> inet 10.60.10.2 >> 255.255.255.0 NONE up >> -=>> cat /etc/hostname.etherip0 >> tunnel 1.2.3.4 4.3.2.1 >> up >> -=>> doas cat /etc/ipsec.conf >> ike active esp proto etherip from 1.2.3.4 to >> 4.3.2.1 psk "mypassword" >>> -=>> doas ipsecctl -sa >> FLOWS: >> flow esp in proto >> etherip from 4.3.2.1 to 1.2.3.4 peer 4.3.2.1 srcid 1.2.3.4/32 dstid > 4.3.2.1/32 >> type use >> flow esp out proto etherip from 1.2.3.4 to 4.3.2.1 peer 4.3.2.1 srcid >> 1.2.3.4/32 dstid 4.3.2.1/32 type require >> SAD: >> esp tunnel from 4.3.2.1 to >> 1.2.3.4 spi 0x3d8e9212 auth hmac-sha2-256 enc aes >> esp tunnel from 1.2.3.4 to >> 4.3.2.1 spi 0x900fc2c5 auth hmac-sha2-256 enc aes >>> On the other host: >> -- >> -=>> cat /etc/hostname.bridge0 >> add etherip0 add vether0 >> up >> -=>> cat /etc/hostname.vether0 >> inet 10.60.10.1 255.255.255.0 NONE up >> -=>> cat >> /etc/hostname.etherip0 >> tunnel 4.3.2.1 1.2.3.4 up >> -=>> doas cat >> /etc/ipsec.conf >> ike passive esp proto etherip from 4.3.2.1 to 1.2.3.4 psk >> "mypassword" >>> -=>> doas ipsecctl -sa >> FLOWS: >> flow esp in proto etherip from >> 1.2.3.4 to 4.3.2.1 peer 1.2.3.4 srcid 4.3.2.1/32 dstid 1.2.3.4/32 type > use >> flow esp out proto etherip from 4.3.2.1 to 1.2.3.4 peer 1.2.3.4 srcid >> 4.3.2.1/32 dstid 1.2.3.4/32 type require >> SAD: >> esp tunnel from 4.3.2.1 to >> 1.2.3.4 spi 0x3d8e9212 auth hmac-sha2-256 enc aes >> esp tunnel from 1.2.3.4 to >> 4.3.2.1 spi 0x900fc2c5 auth hmac-sha2-256 enc aes >>> I forgot to mention that i >> didn't set net.inet.etherip.allow=1 and let it set to 0, as said in > "etherip" >> man page, because I use IPSEC. >> As you can see the ipsec VPN is well >> established, but my problem is that I can't ping 10.60.10.1 from > 10.60.10.2 >> and 10.60.10.2 from 10.60.10.1. >> On each vether interface, tcpdump -nettti >> shows me that nothing is going out of them. >> Any idea ? > > Can you show pf.conf? Are there any blocks if you check on pflog0 with tcpdump? pf is disabled on both ends > > But why do you want to have Ethernet frames tunneled? If you use gif interfaces > and make ospfd beeing active on it you save a few bits. That way you can make > the MTU bigger. https://cway.cisco.com/tools/ipsec-overhead-calc can give you > and idea how big your MTU can be (needs an account but is free). I simply thought that etherip interface was the new way to go, anyway I just tried the exact same config as explained here: http://undeadly.org/cgi?action=article&sid=20131105075303 with gif interfaces instead etherip and the problem is the same, I can't ping the vether interface on the other host... thanks for your help
OSPFD over IPSEC
Hi, I'm trying to run OSPFD over IPSEC with OpenBSD 6.0 stable, so I first start looking at http://undeadly.org/cgi?action=article&sid=20131105075303 Now that etherip has it's own interface in 6.0, I tried to replace gif with etherip like this: On one host: -=>> cat /etc/hostname.bridge0 add etherip0 add vether0 up -=>> cat /etc/hostname.vether0 inet 10.60.10.2 255.255.255.0 NONE up -=>> cat /etc/hostname.etherip0 tunnel 1.2.3.4 4.3.2.1 up -=>> doas cat /etc/ipsec.conf ike active esp proto etherip from 1.2.3.4 to 4.3.2.1 psk "mypassword" -=>> doas ipsecctl -sa FLOWS: flow esp in proto etherip from 4.3.2.1 to 1.2.3.4 peer 4.3.2.1 srcid 1.2.3.4/32 dstid 4.3.2.1/32 type use flow esp out proto etherip from 1.2.3.4 to 4.3.2.1 peer 4.3.2.1 srcid 1.2.3.4/32 dstid 4.3.2.1/32 type require SAD: esp tunnel from 4.3.2.1 to 1.2.3.4 spi 0x3d8e9212 auth hmac-sha2-256 enc aes esp tunnel from 1.2.3.4 to 4.3.2.1 spi 0x900fc2c5 auth hmac-sha2-256 enc aes On the other host: -- -=>> cat /etc/hostname.bridge0 add etherip0 add vether0 up -=>> cat /etc/hostname.vether0 inet 10.60.10.1 255.255.255.0 NONE up -=>> cat /etc/hostname.etherip0 tunnel 4.3.2.1 1.2.3.4 up -=>> doas cat /etc/ipsec.conf ike passive esp proto etherip from 4.3.2.1 to 1.2.3.4 psk "mypassword" -=>> doas ipsecctl -sa FLOWS: flow esp in proto etherip from 1.2.3.4 to 4.3.2.1 peer 1.2.3.4 srcid 4.3.2.1/32 dstid 1.2.3.4/32 type use flow esp out proto etherip from 4.3.2.1 to 1.2.3.4 peer 1.2.3.4 srcid 4.3.2.1/32 dstid 1.2.3.4/32 type require SAD: esp tunnel from 4.3.2.1 to 1.2.3.4 spi 0x3d8e9212 auth hmac-sha2-256 enc aes esp tunnel from 1.2.3.4 to 4.3.2.1 spi 0x900fc2c5 auth hmac-sha2-256 enc aes I forgot to mention that i didn't set net.inet.etherip.allow=1 and let it set to 0, as said in "etherip" man page, because I use IPSEC. As you can see the ipsec VPN is well established, but my problem is that I can't ping 10.60.10.1 from 10.60.10.2 and 10.60.10.2 from 10.60.10.1. On each vether interface, tcpdump -nettti shows me that nothing is going out of them. Any idea ? Thanks, Morgan
Re: low bandwidth results with IPSEC enabled between two PC Engines APU2C2
10 novembre 2016 12:50 "Stefan Sperling" a écrit: > Yes, that is worth trying as a workaround if you don't have > clients that require IKEv2. If you control both ends of the > tunnel then there's absolutely no reason not to try IKEv1. > > I have never seen such a problem with isakmpd but I'm not sure if > I've ever even hit half a gigabyte in a single session (I mostly > use it to provide IPsec for mobile data on my phone). > But since isakmpd has been widely deployed for years I very > much doubt it still has such bugs. > > Also note that it is currently impossible to run both isakmpd > and iked on the same OpenBSD host, in case that matters. Ok, indeed I control both ends of the tunnel, then I give it a try. Thank you.
Re: low bandwidth results with IPSEC enabled between two PC Engines APU2C2
10 novembre 2016 11:00 "Stefan Sperling" a écrit: > On Thu, Nov 10, 2016 at 09:00:07AM +, Comète wrote: > >> Oh, should I understand that IKEv2 is unusable on production ? > > This question is counter-productive because it demotivates volunteers. My goal wasn't to demotivate anyone. Sorry for that. > > Developers may help you out of kindness, or they may help you indirectly > because the problem affects themselves badly enough to make them care. > But no volunteer will spend their free time helping you just because > you need something for production. > > Did you read the large letters in our licence text? Nobody here has any > obligation to help you with any problem you might have with the software. > > You're using software with a community of people attached to it, not some > product that you bought with features and promises written on the box that > you're now entitled to. I don't want you to loose your free time answering my question. I simply asked an advice, everyone is free to answer or not. And I don't accuse anyone neither criticise the quality of the OS and the software. Now, I can ask the question differently: If I don't want the connection to be reset every half gigabyte, should I better choose isakmpd ? Thanks guys.
Re: low bandwidth results with IPSEC enabled between two PC Engines APU2C2
9 novembre 2016 16:40 "Stuart Henderson" a écrit: > On 2016-11-09, =?utf-8?B?Q29tw6h0ZQ==?= wrote: > >> Hi, >> >> I've made some bandwidth tests (on 6.0 stable - amd64) between two APU2C >> boxes connected with an Ethernet cable and an IPSEC VPN using IKEDv2. I get a >> maximum bandwidth of 66 Avg Mbps when IPSEC is enable which is, I think, very >> low for an AES-NI enabled processor. > > Try it with aes-128-gcm. Ok I will try. > >> And about 30 seconds after the test is >> started, I don't know why, the connection is lost and I have restart IKED >> daemon on the "passive" host. > > Anything in logs? Anything on-screen if you run iked -vd? No, nothing strange appears if I run iked -vd. Thanks
Re: low bandwidth results with IPSEC enabled between two PC Engines APU2C2
9 novembre 2016 16:40 "Christian Weisgerber" a écrit: > On 2016-11-09, "Comète" wrote: > >> I've made some bandwidth tests (on 6.0 stable - amd64) between two APU2C >> boxes connected with an Ethernet cable and an IPSEC VPN using IKEDv2. I get a >> maximum bandwidth of 66 Avg Mbps when IPSEC is enable which is, I think, very >> low for an AES-NI enabled processor. > > Well, it still is a slow processor. For best performance, I'd add > "childsa enc aes-128-gcm" to the iked configuration. The default > cipher is aes-256-cbc with hmac-sha2-256, and the latter has a > noticeable performance impact. Ok thanks for the idea, I will test with these options. >> And about 30 seconds after the test is >> started, I don't know why, the connection is lost and I have restart IKED >> daemon on the "passive" host. > > Every half gigabyte of transferred data, iked rekeys. There is a > longstanding bug there that causes the ikeds to lose synchronization. > They will eventually resync on their own, but it takes several > minutes. Oh, should I understand that IKEv2 is unusable on production ? By the way, is it possible to reduce this delay when the iked rekeys ? Thanks.
low bandwidth results with IPSEC enabled between two PC Engines APU2C2
Hi, I've made some bandwidth tests (on 6.0 stable - amd64) between two APU2C boxes connected with an Ethernet cable and an IPSEC VPN using IKEDv2. I get a maximum bandwidth of 66 Avg Mbps when IPSEC is enable which is, I think, very low for an AES-NI enabled processor. And about 30 seconds after the test is started, I don't know why, the connection is lost and I have restart IKED daemon on the "passive" host. If I disable the VPN, I get a maximum of 439 Avg Mbps which is not fabulous for a 1 Gbps link but quite better than 66 Mbps. The tests were made with tcpbench: tcpbench a.a.a.a on one host and tcpbench -s on the other one. No optimisation at all in sysctl.conf, only a default install. This is the IKEDv2 configuration file on host 2: ikev2 "HDV" active esp from $local_gw to $remote_gw \ from $LAN_LOCAL to $LAN_HDV_INFRA \ peer $remote_gw srcid $local_gw psk "testpassword" and the IKEDv2 configuration file on host 1: ikev2 "HDV-CEV" passive esp from $local_gw to $remote_gw \ from $LAN_HDV_INFRA to $LAN_CEV \ peer $remote_gw srcid $local_gw psk "testpassword" My question is, is there any optimisation I can set somewhere to get a better result with max bandwidth ? Thanks ! Morgan
Re: httpd (+ relayd ?) URL redirection, anyone?
26 juillet 2016 12:20 "Miles Keaton" a écrit: > Sorry to bother the list with this, but still stumped after two days. > > Trying to switch from nginx to httpd, but there's just one thing left: > > Having the webserver pass some URLs to another port: > > # working nginx config: > http { > server { > listen 80; > # serving static here > root /var/www/htdocs/test; > # but this URL is sent to Ruby rack server > location = /hello { > proxy_pass http://127.0.0.1:3000; > } > } > } > > I'm assuming I need relayd to do this, but still stumped after two days of > reading and experimenting with man 5 relayd.conf. > > Found this answer from Reyk from two years ago: > https://marc.info/?l=openbsd-misc&m=140508090726719&w=2 > ... but maybe the syntax has changed since then, since relayd gives a syntax > error for that example, and any variation of it I've tried. > > Any suggestions? > > Thanks in advance. Hi, maybe this should help you: https://www.reddit.com/r/openbsd/comments/3qb2c4/some_observations_about_rela yd/
rsync mirror for firmware.openbsd.org
Hi, i would like to make an internal mirror but didn't find any rsync url to mirror firmware.openbsd.org, is there any ? Thanks. Morgan
Re: OpenBSD 5.8 on VMware 5.5
2 décembre 2015 13:00 "Felipe Gomes" a écrit: > I just wanted to thank everyone for their feedback. Thanks a lot! > > You guys are amazing. > > Best regards, > Felipe Gomes > > On Wed, Dec 2, 2015 at 4:03 AM, Bruno Flueckiger wrote: > >> On 01.12.2015 16:50, Felipe Gomes wrote: >> >>> Folks, >>> >>> I've been trying to search for more information on OpenBSD as a VMWare >>> guest, but I wasn't able to find much... and the information is pretty >>> much >>> outdated. >>> >>> What are the recommendations for OpenBSD 5.8 (amd64) as a guest on VMware >>> 5.5? >>> >>> Guest Operating System: should I pick "Other (64bit)" or FreeBSD? >>> >>> How does OpenBSD work with "virtual sockets" and "cores per virtual >>> socket"? >>> >>> What is the best NIC? E1000, E1000E, VMXNET2 ENHANCED or VMXNET3? >>> >>> What is the recommended SCSI Controller? LSI Logic Parallel, LSI Logic SAS >>> or VMware Paravirtual? >>> >>> I'd believe that all of these options work... I just don't know which is >>> more stable or perform better. >>> >>> Any other tips on fine tunning or special setting? >>> >>> I'm planning on migrating a few Soekris boxes to virtual machines. Is this >>> reliable? Is anyone running production OpenBSD servers on VMware? >>> >>> Thanks in advance! >> >> I run a productive SMTP server with OpenBSD 5.8-stable on VMware 5.5 for >> some >> months and so far I didn't experience any problems. Guest OS is FreeBSD, >> NIC >> is VMXNET3 and the controller is LSI Logic Parallel. >> >> There are plans for more OpenBSD servers on VMware in the company I work >> for >> due to the small footprint of the OS and the very good experience we have >> so >> far. >> >> Cheers, >> Bruno Hi, works here like a charm, on prod with OpenBSD 5.8 amd64 : Guest OS is FreeBSD 64 NIC is VMXNET3 scsi controller is paravirtual multiple openbsd VMs on vmware since 3 years without any problems. Morgan
Re: Intel I211 NIC not working on Shuttle DS57U with latest snapshot
12 mai 2015 05:20 "Jonathan Gray" a écrit: > On Mon, May 11, 2015 at 10:24:27PM +, Comète wrote: > >> 27 mars 2015 11:30 "Brad Smith" a écrit: >>> On 03/27/15 06:19, Comète wrote: >>> >>>> Hi, >>>> >>>> i've just installed the latest snapshot on this new fanless little >>>> machine with 2 NICs (one I218-LM and another with I211 chipset) and the >>>> I211 >>>> is not detected, dmesg returning: "EEPROM Checksum is not valid". I've >>>> looked >>>> at "man em" and saw I211 was supported. >>>> >>>> Any idea ? >>> >>> Probably an unsupported configuration. Try this diff and see if it >>> helps.. >>> >>> http://marc.info/?l=openbsd-tech&m=142588283023584&w=2 >>> >>> -- >>> This message has been scanned for viruses and >>> dangerous content by MailScanner, and is >>> believed to be clean. >> >> Hi, >> >> this patch works with this machine. Thanks ! >> >> Morgan > > Thanks for testing, I committed a modified version of that. > It should work with future snapshots. Nice ! Thanks !
Re: Intel I211 NIC not working on Shuttle DS57U with latest snapshot
27 mars 2015 11:30 "Brad Smith" a écrit: > On 03/27/15 06:19, Comète wrote: > >> Hi, >> >> i've just installed the latest snapshot on this new fanless little >> machine with 2 NICs (one I218-LM and another with I211 chipset) and the I211 >> is not detected, dmesg returning: "EEPROM Checksum is not valid". I've looked >> at "man em" and saw I211 was supported. >> >> Any idea ? > > Probably an unsupported configuration. Try this diff and see if it > helps.. > > http://marc.info/?l=openbsd-tech&m=142588283023584&w=2 > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. Hi, this patch works with this machine. Thanks ! Morgan
Re: tls with relayd (on 5.7) and key without password
That works ! Thanks a lot ! 3 mai 2015 20:50 "mxb" a écrit:  Try to create symlink in /etc/ssl/private. ln -s mydomain.org (http://mydomain.org).key 1.2.3.4.key, where â1.2.3.4â is your address in $ext_addr.  //mxb   On 3 maj 2015, at 13:04, Comète wrote: Hi, my tls key has no password and i already use it for other stuff, so i try to enable TLS with relayd like this: http protocol "http_tls" {    tls tlsv1    tls ca key "/etc/ssl/private/mydomain.org.key" password ""    tls ca cert "/etc/ssl/mydomain.org.crt" } relay transptls {    listen on $ext_addr port 443 tls    protocol "http_tls"    transparent forward with tls to "127.0.0.1" port http } but i get this error: startup socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 relay_load_certfiles: using ca certificate /etc/ssl/mydomain.org.crt socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 relay_load_certfiles: using ca key /etc/ssl/private/mydomain.org.key /etc/relayd.conf:24: cannot load certificates for relay transptls no actions, nothing to do ca exiting, pid 29173 pfe exiting, pid 19946 ca exiting, pid 3806 ca exiting, pid 24689 hce exiting, pid 32289 relay exiting, pid 22936 relay exiting, pid 25790 So, is it possible to use a tls key without password with relayd ? Thank you Morgan  Â
tls with relayd (on 5.7) and key without password
Hi, my tls key has no password and i already use it for other stuff, so i try to enable TLS with relayd like this: http protocol "http_tls" { tls tlsv1 tls ca key "/etc/ssl/private/mydomain.org.key" password "" tls ca cert "/etc/ssl/mydomain.org.crt" } relay transptls { listen on $ext_addr port 443 tls protocol "http_tls" transparent forward with tls to "127.0.0.1" port http } but i get this error: startup socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 relay_load_certfiles: using ca certificate /etc/ssl/mydomain.org.crt socket_rlimit: max open files 1024 socket_rlimit: max open files 1024 relay_load_certfiles: using ca key /etc/ssl/private/mydomain.org.key /etc/relayd.conf:24: cannot load certificates for relay transptls no actions, nothing to do ca exiting, pid 29173 pfe exiting, pid 19946 ca exiting, pid 3806 ca exiting, pid 24689 hce exiting, pid 32289 relay exiting, pid 22936 relay exiting, pid 25790 So, is it possible to use a tls key without password with relayd ? Thank you Morgan
Intel I211 NIC not working on Shuttle DS57U with latest snapshot
Hi, i've just installed the latest snapshot on this new fanless little machine with 2 NICs (one I218-LM and another with I211 chipset) and the I211 is not detected, dmesg returning: "EEPROM Checksum is not valid". I've looked at "man em" and saw I211 was supported. Any idea ? Thank you. Morgan OpenBSD 5.7-current (GENERIC.MP) #896: Thu Mar 26 14:56:12 MDT 2015 t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2009530368 (1916MB) avail mem = 1944829952 (1854MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xec2f0 (81 entries) bios0: vendor American Megatrends Inc. version "1.05" date 01/16/2015 bios0: Shuttle Inc. DS57U acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT FIDT MCFG HPET SSDT UEFI SSDT ASF! SLIC SSDT SSDT SSDT DMAR acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) PEG2(S4) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Celeron(R) 3205U @ 1.50GHz, 1496.76 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,XSAVE,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,ERMS,INVPCID,RDSEED cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Celeron(R) 3205U @ 1.50GHz, 1496.54 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,XSAVE,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,ERMS,INVPCID,RDSEED cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins acpimadt0: bogus nmi for apid 0 acpimadt0: bogus nmi for apid 2 acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG0) acpiprt2 at acpi0: bus -1 (PEG1) acpiprt3 at acpi0: bus -1 (PEG2) acpiprt4 at acpi0: bus 1 (RP01) acpiprt5 at acpi0: bus -1 (RP02) acpiprt6 at acpi0: bus 2 (RP03) acpiprt7 at acpi0: bus 3 (RP04) acpiprt8 at acpi0: bus -1 (RP05) acpiprt9 at acpi0: bus -1 (RP06) acpiprt10 at acpi0: bus -1 (RP07) acpiprt11 at acpi0: bus -1 (RP08) acpiec0 at acpi0: not present acpicpu0 at acpi0: C2, C1, PSS acpicpu1 at acpi0: C2, C1, PSS acpipwrres0 at acpi0: PG00, resource for PEG0 acpipwrres1 at acpi0: PG01, resource for PEG1 acpipwrres2 at acpi0: PG02, resource for PEG2 acpipwrres3 at acpi0: FN00, resource for FAN0 acpipwrres4 at acpi0: FN01, resource for FAN1 acpipwrres5 at acpi0: FN02, resource for FAN2 acpipwrres6 at acpi0: FN03, resource for FAN3 acpipwrres7 at acpi0: FN04, resource for FAN4 acpitz0 at acpi0: critical temperature is 105 degC acpitz1 at acpi0: critical temperature is 105 degC acpibat0 at acpi0: BAT0 not present acpibat1 at acpi0: BAT1 not present acpibat2 at acpi0: BAT2 not present acpibtn0 at acpi0: LID0 acpibtn1 at acpi0: SLPB acpibtn2 at acpi0: PWRB acpivideo0 at acpi0: GFX0 acpivout0 at acpivideo0: DD1F cpu0: Enhanced SpeedStep 1496 MHz: speeds: 1501, 1500, 1400, 1300, 1200, 1100, 1000, 900, 800, 700, 600, 500 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel Core 5G Host" rev 0x08 vga1 at pci0 dev 2 function 0 vendor "Intel", unknown product 0x1606 rev 0x08 intagp at vga1 not configured wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) azalia0 at pci0 dev 3 function 0 "Intel Core 5G HD Audio" rev 0x08: msi azalia0: No codecs found xhci0 at pci0 dev 20 function 0 "Intel 9 Series xHCI" rev 0x03: msi usb0 at xhci0: USB revision 3.0 uhub0 at usb0 "Intel xHCI root hub" rev 3.00/1.00 addr 1 "Intel 9 Series MEI" rev 0x03 at pci0 dev 22 function 0 not configured em0 at pci0 dev 25 function 0 "Intel I218-LM" rev 0x03: msi, address 80:ee:73:ab:41:11 azalia1 at pci0 dev 27 function 0 "Intel 9 Series HD Audio" rev 0x03: msi azalia1: codecs: Realtek ALC662 audio0 at azalia1 ppb0 at pci0 dev 28 function 0 "Intel 9 Series PCIE" rev 0xe3: msi pci1 at ppb0 bus 1 ppb1 at pci0 dev 28 function 2 "Intel 9 Series PCIE" rev 0xe3: msi pci2 at ppb1 bus 2 em1 at pci2 dev 0 function 0 "Intel I211" rev 0x03: msiem1: The EEPROM Checksum Is Not Valid em1: Unable to initialize the hardware ppb2 at pci0 dev 28 function 3 "Intel 9 Series PCIE" rev 0xe3: msi pci3 at p
Re: em0 watchdog timeout on Thinkpad T440 laptop
29 janvier 2015 14:30 "Jonathan Gray" a écrit: > On Thu, Jan 29, 2015 at 12:54:34PM +, Comète wrote: > >> Hi, >> >> I use OpenBSD 5.6 GENERIC.MP (amd64) on a Thinkpad T440. I often use the >> suspend state and i've noticed that after each suspend, in the next 5 minutes >> after resuming, my network interface (em0) looses connection during about 1 >> or >> 2 minutes and then reconnect and so on, many times... >> As you can see, the >> dmesg shows many em0 watchdog timeouts. >> I've tried to suspend when the laptop >> is on the dock and without it, but the problem is the same. No problem with >> the NIC when i don't suspend. >> >> I use apmd_flags="-C" in /etc/rc.conf.local >> Any idea ? > > This may be solved by the following commit in -current: > > revision 1.81 > date: 2014/11/05 15:30:17; author: claudio; state: Exp; lines: +90 -1; > commitid: qjAWexfO9LNS8Qo2; > Implement yet another workaround for the k1 em(4)'s. This time for > the i218 which is used in many modern laptops like the X240. This > seems to stop the watchdog timeouts triggered by heavy traffic on > such systems. > Tested by myself, phessler, blambert and Donovan Watteau > OK deraadt, brad > > Index: if_em_hw.c > === > RCS file: /cvs/src/sys/dev/pci/if_em_hw.c,v > retrieving revision 1.80 > diff -u -p -r1.80 if_em_hw.c > --- if_em_hw.c 22 Jul 2014 13:12:11 - 1.80 > +++ if_em_hw.c 29 Jan 2015 13:19:11 - > @@ -163,6 +163,7 @@ int32_t em_lv_phy_workarounds_ich8lan(s > int32_t em_link_stall_workaround_hv(struct em_hw *); > int32_t em_k1_gig_workaround_hv(struct em_hw *, boolean_t); > int32_t em_k1_workaround_lv(struct em_hw *); > +int32_t em_k1_workaround_lpt_lp(struct em_hw *, boolean_t); > int32_t em_configure_k1_ich8lan(struct em_hw *, boolean_t); > void em_gate_hw_phy_config_ich8lan(struct em_hw *, boolean_t); > int32_t em_access_phy_wakeup_reg_bm(struct em_hw *, uint32_t, > @@ -3709,6 +3710,16 @@ em_check_for_link(struct em_hw *hw) > if (ret_val) > return ret_val; > } > + /* Work-around I218 hang issue */ > + if ((hw->device_id == E1000_DEV_ID_PCH_LPTLP_I218_LM) || > + (hw->device_id == E1000_DEV_ID_PCH_LPTLP_I218_V) || > + (hw->device_id == E1000_DEV_ID_PCH_I218_LM3) || > + (hw->device_id == E1000_DEV_ID_PCH_I218_V3)) { > + ret_val = em_k1_workaround_lpt_lp(hw, > + hw->icp__is_link_up); > + if (ret_val) > + return ret_val; > + } > > /* > * Check if there was DownShift, must be checked > @@ -10185,6 +10196,84 @@ em_k1_workaround_lv(struct em_hw *hw) > > return E1000_SUCCESS; > } > + > +/** > + * em_k1_workaround_lpt_lp - K1 workaround on Lynxpoint-LP > + * > + * When K1 is enabled for 1Gbps, the MAC can miss 2 DMA completion > indications > + * preventing further DMA write requests. Workaround the issue by disabling > + * the de-assertion of the clock request when in 1Gbps mode. > + * Also, set appropriate Tx re-transmission timeouts for 10 and 100Half link > + * speeds in order to avoid Tx hangs. > + **/ > +int32_t > +em_k1_workaround_lpt_lp(struct em_hw *hw, boolean_t link) > +{ > + uint32_t fextnvm6 = E1000_READ_REG(hw, FEXTNVM6); > + uint32_t status = E1000_READ_REG(hw, STATUS); > + int32_t ret_val = E1000_SUCCESS; > + uint16_t reg; > + > + if (link && (status & E1000_STATUS_SPEED_1000)) { > + ret_val = em_read_kmrn_reg(hw, E1000_KMRNCTRLSTA_K1_CONFIG, > + ®); > + if (ret_val) > + return ret_val; > + > + ret_val = em_write_kmrn_reg(hw, E1000_KMRNCTRLSTA_K1_CONFIG, > + reg & ~E1000_KMRNCTRLSTA_K1_ENABLE); > + if (ret_val) > + return ret_val; > + > + usec_delay(10); > + > + E1000_WRITE_REG(hw, FEXTNVM6, > + fextnvm6 | E1000_FEXTNVM6_REQ_PLL_CLK); > + > + ret_val = em_write_kmrn_reg(hw, E1000_KMRNCTRLSTA_K1_CONFIG, > + reg); > + } else { > + /* clear FEXTNVM6 bit 8 on link down or 10/100 */ > + fextnvm6 &= ~E1000_FEXTNVM6_REQ_PLL_CLK; > + > + if (!link || ((status & E1000_STATUS_SPEED_100) && > + (status & E1000_STATUS_FD))) > + goto update_fextnvm6; > + > + ret_val = em_read_phy_reg(hw, I217_INBAND_CTRL, ®); > + if (ret_val) > + return ret_val; > + > + /* Clear link status transmit timeout */ > + reg &= ~I217_INBAND_CTRL_LINK_STAT_TX_TIMEOUT_MASK; > + > + if (status & E1000_STATUS_SPEED_100) { > + /* Set inband Tx timeout to 5x10us for 100Half */ > + reg |= 5 << I217_INBAND_CTRL_LINK_STAT_TX_TIMEOUT_SHIFT; > + > + /* Do not extend the K1 entry latency for 100H
em0 watchdog timeout on Thinkpad T440 laptop
Hi, I use OpenBSD 5.6 GENERIC.MP (amd64) on a Thinkpad T440. I often use the suspend state and i've noticed that after each suspend, in the next 5 minutes after resuming, my network interface (em0) looses connection during about 1 or 2 minutes and then reconnect and so on, many times... As you can see, the dmesg shows many em0 watchdog timeouts. I've tried to suspend when the laptop is on the dock and without it, but the problem is the same. No problem with the NIC when i don't suspend. I use apmd_flags="-C" in /etc/rc.conf.local Any idea ? Thanks for your help. Morgan OpenBSD 5.6 (GENERIC.MP) #5: Thu Dec 11 09:51:08 CET 2014 r...@stable-56-amd64.mtier.org:/binpatchng/work-binpatch56-amd64/src/sys/arch/amd64/compile/GENERIC.MP real mem = 8246050816 (7864MB) avail mem = 8017756160 (7646MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xbcd3d000 (61 entries) bios0: vendor LENOVO version "GJET80WW (2.30 )" date 10/20/2014 bios0: LENOVO 20B7S1TQ00 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP DBGP ECDT HPET APIC MCFG SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT PCCT SSDT TCPA UEFI POAT ASF! BATB FPDT UEFI SSDT DMAR acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) XHCI(S3) EHC1(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiec0 at acpi0 acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 798.28 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 798.16 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 798.16 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 1, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 798.16 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG_) acpiprt2 at acpi0: bus 2 (EXP1) acpiprt3 at acpi0: bus 3 (EXP2) acpiprt4 at acpi0: bus -1 (EXP3) acpicpu0 at acpi0: C3, C1, PSS acpicpu1 at acpi0: C3, C1, PSS acpicpu2 at acpi0: C3, C1, PSS acpicpu3 at acpi0: C3, C1, PSS acpipwrres0 at acpi0: PUBS, resource for XHCI, EHC1 acpipwrres1 at acpi0: NVP3, resource for PEG_ acpipwrres2 at acpi0: NVP2, resource for PEG_ acpitz0 at acpi0: critical temperature is 200 degC acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpibat0 at acpi0: BAT0 not present acpibat1 at acpi0: BAT1 model "45N1736" serial 956 type LION oem "SMP" acpiac0 at acpi0: AC unit offline acpithinkpad0 at acpi0 cpu0: Enhanced SpeedStep 798 MHz: speeds: 2701, 2700, 2600, 2400, 2300, 2100, 2000, 1800, 1700, 1600, 1400, 1300, 1100, 1000, 800, 756 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel Core 4G Host" rev 0x0b vga1 at pci0 dev 2 function 0 "Intel HD Graphics" rev 0x0b intagp at vga1 not configured inteldrm0 at vga1 drm0 at inteldrm0 drm: Memory usable by graphics device = 2048M error: [drm:pid0:i915_write32] *ERROR* Unknown unclaimed register before writing to 10 error: [drm:pid0:in
Re: pkg_add update checker?
21 novembre 2014 23:00 "John Merriam" a écrit: > Hello. I am trying to write a script to check for updates to the binary > packages by checking the output of pkg_add then sending an e-mail if > something is found. My very simple script is this: > > #!/bin/ksh > > NEWPKGS=`pkg_add -Iusx | grep -v "^quirks\-"` > > if [ "$NEWPKGS" != "" ]; then > # send message to admin... > fi > > Does that seem like it should work? Anyone know a better way to check > for updates to packages automatically? I tried reading the code of > pkg_add to see if there was a better way but I wasn't able to find one. > Didn't find anything through searching either. > > This is one of those things I'd like to set up in a cron job to run > once a day then forget about it until a message pops up in my Inbox so I'd > like to get it right the first time. Thanks! > > -- > > John Merriam Maybe you're looking for this ? http://www.mtier.org/index.php/solutions/apps/openup/ Morgan
Re: poor network performance after wake from suspend
22 octobre 2014 10:40 "Peter Hessler" a écrit: > On 2014 Oct 22 (Wed) at 08:31:29 + (+), Com??te wrote: > :22 octobre 2014 09:30 "Mike Larkin" a ??crit: > :> On Fri, Sep 26, 2014 at 11:46:04AM +0400, wrote: > :> > :>> Hello. > :>> After apm -z and wake by wol (re0) sometimes machine becomes very slow on > :>> network operations (even ssh!) > :>> Help, please. > :>> Here is dmesg and ifconfig: > :> > :> ... snip ... > :> > :>> re0: watchdog timeout > :> > :> Do you see only one of these watchdog timeouts or a bunch? > :> > :> And does this problem happen with non-WOL wakeups? > :> > :> -ml > :> > :>> ifconfig re0 > :>> re0: flags=108843 mtu 1500 > :>> lladdr 00:21:85:52:d5:ea > :>> priority: 0 > :>> groups: egress > :>> media: Ethernet autoselect (100baseTX full-duplex) > :>> status: active > :>> inet6 fe80::221:85ff:fe52:d5ea%re0 prefixlen 64 scopeid 0x1 > :>> inet 192.168.1.4 netmask 0xff00 broadcast 192.168.1.255 > : > :Hi, > : > :i have the same problem with a LENOVO Thinkpad T440 (em0) and an OpenBSD 5.5 > amd64 install. > :The network became suddenly very slow after wake from suspend and i can see > multiple in dmesg: > : > :em0: watchdog timeout > : > :I didn't try WOL wake up so i can say it happens after a normal resume. > : > > FWIW, I don't see this on my Thinkpad x240 (em), nor on my Thinkpad > T430s (also em). > > -- > You have junk mail. I forgot to tell, i mainly use it with the dock.
Re: poor network performance after wake from suspend
22 octobre 2014 09:30 "Mike Larkin" a écrit: > On Fri, Sep 26, 2014 at 11:46:04AM +0400, Кирилл wrote: > >> Hello. >> After apm -z and wake by wol (re0) sometimes machine becomes very slow on >> network operations (even ssh!) >> Help, please. >> Here is dmesg and ifconfig: > > ... snip ... > >> re0: watchdog timeout > > Do you see only one of these watchdog timeouts or a bunch? > > And does this problem happen with non-WOL wakeups? > > -ml > >> ifconfig re0 >> re0: flags=108843 mtu 1500 >> lladdr 00:21:85:52:d5:ea >> priority: 0 >> groups: egress >> media: Ethernet autoselect (100baseTX full-duplex) >> status: active >> inet6 fe80::221:85ff:fe52:d5ea%re0 prefixlen 64 scopeid 0x1 >> inet 192.168.1.4 netmask 0xff00 broadcast 192.168.1.255 Hi, i have the same problem with a LENOVO Thinkpad T440 (em0) and an OpenBSD 5.5 amd64 install. The network became suddenly very slow after wake from suspend and i can see multiple in dmesg: em0: watchdog timeout I didn't try WOL wake up so i can say it happens after a normal resume.
strange behaviour with pkg_add -z
Hi, i need to script some packages install, so i tried to use pkg_add -z option like this: pkg_add -vzI python-idle-2 python-idle-2.7.5p0: ok --- +python-idle-2.7.5p0 --- If you want to use this package as your default system idle, as root create symbolic links like so (overwriting any previous default): ln -sf /usr/local/bin/idle2.7 /usr/local/bin/idle Packages with signatures: 1 So it seems to work, but when i give another try with: pkg_add -vzI python-idle-3 Ambiguous: python-idle-3 could be python-idle-2.7.5p0 python-idle-3.3.2p0 So i don't really understand why i doesn't work with '-3'... After deleting 'python-idle', i tried again to install python-idle-3 first and... same problem. I tried with 'python' package too without success. So it seems that only a command like 'pkg_add -vzI mypackage-2' will work. Is it a bug or simply something i didn't understand ? Thanks Morgan
Re: OpenBSD 5.4 under ProxmoxVE 3.1 / KVM 1.4: problems so far
Yes, i confirm that i have this problem too with vio network drivers with proxmox VE 2.x and OpenBSD 5.3 and 5.4. Nics stop receiving and transmitting. I also switched back to em driver. Morgan Le 29/12/2013 20:55, Adam Thompson a écrit : Just an FYI at this time for anyone else searching on this problem. On the other hand, feel free to share ideas if you have 'em. OpenBSD 5.4 (RELEASE) does not appear to reliably receive ACPI signals delivered by KVM. Or, the version of kvm/qemu (1.4) that ships with ProxmoxVE 3.1 (pve 3.1) fails to deliver ACPI shutdown signals to OpenBSD reliably. I'm not sure which. Sometimes it works, sometimes it doesn't. Limited testing shows that ACPI events fail after the VM has been up and running for a while - not sure how long, yet. I'm using virtio drivers for both network and disk, but limited testing so far does not show that this makes any difference. I do note that vio(4) networking in this setup occasionally stops transmitting or receiving; switching back to em(4) resolves that particular issue (so far). When the vio(4) driver goes awry, the only immediate symptom is that the VM stops sending and receiving packets. Later, I discover that afflicted VMs can no longer shut down cleanly, either... presumably a KVM/OpenBSD interaction of some sort, I'm not pointing fingers in *any* direction right now. (Especially since it could be something I've done, too.) So far everything appears stable enough to run in production with the exception of vio(4). I have had to virtually yank the plug on a few VMs in order to shut them down, however... back to the good 'ol days of SunOS 3: "shutdown() { 'sync;sync;sync;halt -npq' }" ;-).
OpenBSD server for diskless thinclients
Hi, after reading these articles about Mtier experience (http://www.undeadly.org/cgi?action=article&sid=20110420080633 and http://undeadly.org/cgi?action=article&sid=20121026064602), i'm trying to set up a server to allow any client (diskless or not) on my network to be used as a thinclient when needed. Actually, i managed to boot the kernel with pxeboot successfuly but i don't want to manage statically MAC addresses and IP with RARPD (i have a lot of clients), i just want to use the actual dhcp server to give IPs and serve the system with NFS. I didn't find information to do this whithout rarpd in diskless(8) or even in "Absolute OpenBSD". Do you think, it is possible ? Thanks. Morgan
Re: Kernel panic with jme driver
Sorry i forgot to include the patch: Index: if_jme.c === RCS file: /home/cvs/src/sys/dev/pci/if_jme.c,v retrieving revision 1.29 diff -u -p -r1.29 if_jme.c --- if_jme.c29 Nov 2012 21:10:32 - 1.29 +++ if_jme.c29 Mar 2013 05:45:44 - @@ -1058,48 +1058,31 @@ jme_encap(struct jme_softc *sc, struct m struct jme_txdesc *txd; struct jme_desc *desc; struct mbuf *m; - int maxsegs; int error, i, prod; uint32_t cflags; prod = sc->jme_cdata.jme_tx_prod; txd = &sc->jme_cdata.jme_txdesc[prod]; - maxsegs = (JME_TX_RING_CNT - sc->jme_cdata.jme_tx_cnt) - - (JME_TXD_RSVD + 1); - if (maxsegs > JME_MAXTXSEGS) - maxsegs = JME_MAXTXSEGS; - if (maxsegs < (sc->jme_txd_spare - 1)) - panic("%s: not enough segments %d", sc->sc_dev.dv_xname, - maxsegs); - error = bus_dmamap_load_mbuf(sc->sc_dmat, txd->tx_dmamap, *m_head, BUS_DMA_NOWAIT); + if (error != 0 && error != EFBIG) + goto drop; if (error != 0) { - bus_dmamap_unload(sc->sc_dmat, txd->tx_dmamap); - error = EFBIG; - } - if (error == EFBIG) { if (m_defrag(*m_head, M_DONTWAIT)) { - printf("%s: can't defrag TX mbuf\n", - sc->sc_dev.dv_xname); - m_freem(*m_head); - *m_head = NULL; - return (ENOBUFS); + error = ENOBUFS; + goto drop; } - error = bus_dmamap_load_mbuf(sc->sc_dmat, -txd->tx_dmamap, *m_head, -BUS_DMA_NOWAIT); - if (error != 0) { - printf("%s: could not load defragged TX mbuf\n", - sc->sc_dev.dv_xname); - m_freem(*m_head); - *m_head = NULL; - return (error); - } - } else if (error) { - printf("%s: could not load TX mbuf\n", sc->sc_dev.dv_xname); - return (error); + error = bus_dmamap_load_mbuf(sc->sc_dmat, txd->tx_dmamap, +*m_head, BUS_DMA_NOWAIT); + if (error != 0) + goto drop; + } + + if (sc->jme_cdata.jme_tx_cnt + txd->tx_dmamap->dm_nsegs + + 1 > JME_TX_RING_CNT - 1) { + bus_dmamap_unload(sc->sc_dmat, txd->tx_dmamap); + return (ENOBUFS); } m = *m_head; @@ -1127,7 +1110,6 @@ jme_encap(struct jme_softc *sc, struct m desc->addr_hi = htole32(m->m_pkthdr.len); desc->addr_lo = 0; sc->jme_cdata.jme_tx_cnt++; - KASSERT(sc->jme_cdata.jme_tx_cnt < JME_TX_RING_CNT - JME_TXD_RSVD); JME_DESC_INC(prod, JME_TX_RING_CNT); for (i = 0; i < txd->tx_dmamap->dm_nsegs; i++) { desc = &sc->jme_rdata.jme_tx_ring[prod]; @@ -1137,10 +1119,7 @@ jme_encap(struct jme_softc *sc, struct m htole32(JME_ADDR_HI(txd->tx_dmamap->dm_segs[i].ds_addr)); desc->addr_lo = htole32(JME_ADDR_LO(txd->tx_dmamap->dm_segs[i].ds_addr)); - sc->jme_cdata.jme_tx_cnt++; - KASSERT(sc->jme_cdata.jme_tx_cnt <= -JME_TX_RING_CNT - JME_TXD_RSVD); JME_DESC_INC(prod, JME_TX_RING_CNT); } @@ -1163,6 +1142,11 @@ jme_encap(struct jme_softc *sc, struct m sc->jme_cdata.jme_tx_ring_map->dm_mapsize, BUS_DMASYNC_PREWRITE); return (0); + + drop: + m_freem(*m_head); + *m_head = NULL; + return (error); } void @@ -1204,13 +1188,15 @@ jme_start(struct ifnet *ifp) * for the NIC to drain the ring. */ if (jme_encap(sc, &m_head)) { - if (m_head == NULL) { + if (m_head == NULL) ifp->if_oerrors++; - break; + else { + IF_PREPEND(&ifp->if_snd, m_head); + ifp->if_flags |= IFF_OACTIVE; } - ifp->if_flags |= IFF_OACTIVE; break; } + enq++; #if NBPFILTER > 0 Le 11/11/2013 18:22, Comète a écrit : Hi, In March, i reported this bug on jme driver and hopefully Brad Smith answered with the following patch which work
Re: Kernel panic with jme driver
Hi, In March, i reported this bug on jme driver and hopefully Brad Smith answered with the following patch which work nicely, many thanks to him ! Now two releases later, this patch is still not included. I sent him 2 or 3 mails to ask why but didn't get any answer. Do you know any particular reason for this patch not being applied ? Thanks a lot ! Le 24/03/2013 15:46, Comète a écrit : > Hello, > > i own a Shuttle XS35v2 and actually run OpenBSD 5.2 amd64 (SMP) on it. > I run OpenBSD on this hardware since 4.9 and i always encountered the > following problem, sorry for the late report it took me some time to > identify it: > > The NIC uses the jme driver which run in a kernel panic each time i > upload data from the XS35v2 to any other machine with a transfer rate > above 7 Mbits/s (XS35v2 -> other PC). No problem at all when > downloading. > > I made some tests that you can follow to easily reproduce the crash: > > On the XS35: > > iperf -s > > On the other machine: > > iperf -c IP_XS35 -n 2048M -d > > This is a screenshot of the kernel panic message: > > https://cloud.geekandfree.org/public.php?service=files&t=06ff6a95949e392989191588d360b875&download > > and i join the dmesg: > > > OpenBSD 5.2 (GENERIC.MP) #368: Wed Aug 1 10:04:49 MDT 2012 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > real mem = 2136670208 (2037MB) > avail mem = 2057482240 (1962MB) > mainbus0 at root > bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xfc8b0 (23 entries) > bios0: vendor American Megatrends Inc. version "080015" date 06/23/2011 > bios0: Standard XS35 > acpi0 at bios0: rev 2 > acpi0: sleep states S0 S3 S4 S5 > acpi0: tables DSDT FACP APIC MCFG SLIC OEMB HPET GSCI > acpi0: wakeup devices P0P1(S4) AZAL(S3) P0P4(S4) P0P5(S4) JLAN(S3) > P0P6(S4) P0P7(S4) P0P8(S4) P0P9(S4) USB0(S3) USB1(S3) USB2(S3) > USB3(S3) EUSB(S3) > acpitimer0 at acpi0: 3579545 Hz, 24 bits > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: Intel(R) Atom(TM) CPU D525 @ 1.80GHz, 2154.83 MHz > cpu0: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF > cpu0: 512KB 64b/line 8-way L2 cache > cpu0: apic clock running at 199MHz > cpu1 at mainbus0: apid 2 (application processor) > cpu1: Intel(R) Atom(TM) CPU D525 @ 1.80GHz, 1795.50 MHz > cpu1: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF > cpu1: 512KB 64b/line 8-way L2 cache > cpu2 at mainbus0: apid 1 (application processor) > cpu2: Intel(R) Atom(TM) CPU D525 @ 1.80GHz, 1795.50 MHz > cpu2: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF > cpu2: 512KB 64b/line 8-way L2 cache > cpu3 at mainbus0: apid 3 (application processor) > cpu3: Intel(R) Atom(TM) CPU D525 @ 1.80GHz, 1795.50 MHz > cpu3: > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF > cpu3: 512KB 64b/line 8-way L2 cache > ioapic0 at mainbus0: apid 4 pa 0xfec0, version 20, 24 pins > ioapic0: misconfigured as apic 3, remapped to apid 4 > acpimcfg0 at acpi0 addr 0xe000, bus 0-255 > acpihpet0 at acpi0: 14318179 Hz > acpiprt0 at acpi0: bus 0 (PCI0) > acpiprt1 at acpi0: bus 4 (P0P1) > acpiprt2 at acpi0: bus 1 (P0P4) > acpiprt3 at acpi0: bus 2 (P0P5) > acpiprt4 at acpi0: bus -1 (P0P6) > acpiprt5 at acpi0: bus 3 (P0P7) > acpiprt6 at acpi0: bus -1 (P0P8) > acpiprt7 at acpi0: bus -1 (P0P9) > acpiec0 at acpi0 > acpicpu0 at acpi0 > acpicpu1 at acpi0 > acpicpu2 at acpi0 > acpicpu3 at acpi0 > acpitz0 at acpi0: critical temperature is 104 degC > acpibtn0 at acpi0: SLPB > acpibtn1 at acpi0: PWRB > acpivideo0 at acpi0: GFX0 > acpivout0 at acpivideo0: LCD_ > pci0 at mainbus0 bus 0 > pchb0 at pci0 dev 0 function 0 "Intel Pineview DMI" rev 0x02 > vga1 at pci0 dev 2 function 0 "Intel Pineview Video" rev 0x02 > wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) > wsdisplay0: screen 1-5 added (80x25, vt100 emulation) > intagp0 at vga1 > agp0 at intagp0: aperture at 0xd000, size 0x1000 > inteldrm0 at vga1: apic 4 int 16 > drm0 at inteldrm0 > "Intel Pineview Video" rev 0x02 at pci0 dev 2 function 1 not configured > azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: > msi > azalia0: codecs: IDT 92HD81B1X > audio0 at azalia0 > ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02: msi > pci1 at ppb0 bus 1 > ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02: msi > pci2 at ppb1 bus 2 > "JMicron SD/MMC" rev 0x80 at pci2 dev 0 function 0 not configured > sdhc0 at pci2 dev 0 function 2 "JMicron SD Host Cont
Re: nvidia driver what do you recommend
Hello, I've tried vesa too and it works but it is limited to 1024x768... if you have any tips to allow 1440x900 with vesa, i take it... Thanks Morgan Le 02/11/2013 16:10, Gilles Cafedjian a écrit : Hello, Indeed, switching to vesa driver in xorg.conf removed all the windows lags. I don't need any kind of 3D acceleration, so vesa is just enough to run Emacs and resizing some windows. I think the best will be to port Nouveau to OpenBSD, but it's not a priority. As I said, vesa is just good enough to work with basic 2D, for people stuck with Nvidia. Thanks, Gilles Cafedjian. Le 2013-10-30 08:08, Matthieu Herrb a écrit : On Tue, Oct 29, 2013 at 05:36:43PM +0100, Gilles Cafedjian wrote: I have the same problem but on a dell laptop with integrated NVidia chip. The chip is NVidia Geforce 8600M GS and since I upgraded to 5.4 my laptop is unusable (very slow window movement). I'm thinking of reinstall 5.3 to have a working laptop. I can't change GPU chipset. There is a solution to get a working window manager back? If the VESA BIOS on you machine supports the native resolution of the panel, then running the vesa driver is probably faster than the nv driver. Otherwise, if some people with development skills want to help, I can see 3 different projects there, with different levels of complexity and interest (I currently miss time to work on these issues.): project 1 - relatively easy get yourself familiar with the shadowfb implementation in the vesa driver and then fix it in xf86-video-nv. xf86-video-nv's shadowfb is currently disabled because it crashes the driver. This would probably bring most of the speed back for a relatively low effort. project 2 - a bit harder get yourself familiar with the EXA acceleration framework, and port the current XAA code in xf86-video-nv to EXA. Bitblt operations should give you a reasonable speed-up back on supported cards. But the XAA code is full of magic numbers (no docs, remember) and since EXA is probably also going to get dropped by X.Org in the future, this is probably not the best choice, but it's still interesting to learn about 2D acceleration in X.Org drivers. project 3 - hard dive into the world of DRI and TTM and port the nouveau kernel driver(s) to OpenBSD. Thanks to jsg@ and kettenis@, OpenBSD has now a Linux kernel kernel 3.8 compatible version of the dri infrastructure (including TTM) for intel and radon chipsets. Getting the corresponding nouveau code is thus possible. This is a multi-months project but it's an exciting one and it will provide the most benefit for people forced to use nVidia cards, and for the project in general since having more people hacking in the dri code is also good for the other drivers.
Re: OpenBSD maintenance compared to FreeBSD
Take a look at this page too (https://stable.mtier.org/). This is a great help to follow "stable" without compiling. I use it with all my servers. Morgan Le 30/10/2013 03:44, David Noel a écrit : I started playing around with FreeBSD back in the 2.2.7 days. I'd describe myself as a casual desktop/workstation user. Back in the day I was attracted to OpenBSD's heavy focus on security but was pulled towards FreeBSD due to a good friend of mine being a FreeBSD contributor ("dude, trust me, it's the way to go"). Recently I've purchased a handful of servers for a software project I've been working on and have started reconsidering my choice of OS's. Administering a single FreeBSD workstation isn't too much of a headache; I've kind of gotten used to having to rebuild kernel and world every few months as security advisories are released. But now that I'm administering 6 of them I'm really starting to get annoyed by the whole process: rebuild kernel... rebuild world... reboot, and then pray that it doesn't blow up in my face (as it often does). That got me thinking about OpenBSD. Looking at the security advisories the last one I see was from nearly a year and a half ago! That's pretty incredible to me. Does this mean that I could theoretically have gotten away with a year and a half uptime? What's the catch here? I'm sorry but I'm incredulous by how good it sounds so I have to ask. For me the biggest selling points of an operating system are security and maintenance. I've been wowed by ZFS, but really how often do filesystems need to be fsck'd? --and I never take snapshots. I feel like I could do without it. UFS+J is good enough. Given my priorities, does it sound like OpenBSD could be the one for me?
Re: Notifies on CARP failover
I use ifstated for that. This is my config file: init-state auto carp_up = "carp3.link.up && carp10.link.up && carp101.link.up && carp100.link.up && carp254.link.up && carp2.link.up && carp7.link.up && carp4.link.up" carp_down = "carp3.link.down && carp10.link.down && carp101.link.down && carp100.link.down && carp254.link.down && carp2.link.down && carp7.link.down && carp4.link.down" state auto { if $carp_up { set-state primary } if $carp_down { set-state backup } } state primary { init { run "/root/scripts/alert_ifstated.sh MASTER" } if $carp_down { set-state backup } } state backup { init { run "/root/scripts/alert_ifstated.sh BACKUP" } if $carp_up { set-state primary } } This is the little script "alert_ifstated.sh" too: #/bin/sh ifconfig carp | mail -s "[RTR Failover] `hostname` is now $1" m...@address.me Hope this helps... Morgan Le 24/10/2013 10:59, Andy a écrit : Hi, Could anyone point me in the right direction on how to have a script be executed whenever a CARP failover or preempt event occurs? Need to write a script to send an event message into our monitoring systems so we can see when a change has occurred. I haven't used ifstated yet, is this the right tool for this? and if so could someone throw me an example if you have one? Thanks, Andy.
Re: open bsd router
Yes, we use a lot of ALIX 2D13 as routers on many sites since 2 or 3 years (nearly 20 ALIX boxes now). It works like a charm with a good compact flash card, no problem at all ! And i've recently discovered they even included a watchdog ;) Morgan Le 04/10/2013 23:45, Loïc BLOT a écrit : Hello, I also looked at ALIX board since a long time. Is there anybody using Alix 2d13 with OpenBSD ? Thanks in advance. -- Best regards, Loïc BLOT, UNIX systems, security and network engineer http://www.unix-experience.fr Le vendredi 04 octobre 2013 à 15:05 +0200, Jan Stary a écrit : On Oct 04 07:16:57, inform...@gmx.net wrote: > >http://www.pcengines.ch/product.htm > >http://en.wikipedia.org/wiki/Raspberry_Pi > No, I'm not working for PC Engines. But I'm a huge fan of their > products :-) Just to praise PC Engines a little bit more: when my ALIX.1C stopped working for some reason, I sent it to PC Engines, who found that the board is completely OK - it was my power supply that was faulty (which I could then confirm). Before sending it back, they kindly suggested that ALIX.1E is a newer model that replaces the ALIX.1C, so if I don't object ... which I didn't. The shipping didn't even cost me anything, and they just replaced my old 1C with a new 1E. Not to mention the chocolate. In short, their customer service is as good as the boards. [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: font weight changing
Le 29/03/2013 07:40, Ted Unangst a écrit : In the latest snapshots, I've noticed something a little strange. In both firefox and chrome, every once in a while a line of text will be a little darker than usual. Like all the gray pixels that make up the smooth antialiased edges are black. It kind of looks like bold text would look, but the effect isn't as strong as actual bold. If I scroll up or down so the line is redrawn it will appear normal, but maybe a different line will be extra dark. Always seems to affect one whole line at a time. I even saw it on Archlinux in january.
Re: Kernel panic with jme driver
Le 25/03/2013 05:59, Brad Smith a écrit : On Sun, Mar 24, 2013 at 03:46:38PM +0100, Com??te wrote: Hello, i own a Shuttle XS35v2 and actually run OpenBSD 5.2 amd64 (SMP) on it. I run OpenBSD on this hardware since 4.9 and i always encountered the following problem, sorry for the late report it took me some time to identify it: The NIC uses the jme driver which run in a kernel panic each time i upload data from the XS35v2 to any other machine with a transfer rate above 7 Mbits/s (XS35v2 -> other PC). No problem at all when downloading. I made some tests that you can follow to easily reproduce the crash: Please test the following diff that should fix the obvious bug. Index: if_jme.c === RCS file: /home/cvs/src/sys/dev/pci/if_jme.c,v retrieving revision 1.29 diff -u -p -r1.29 if_jme.c --- if_jme.c29 Nov 2012 21:10:32 - 1.29 +++ if_jme.c25 Mar 2013 04:54:01 - @@ -1058,48 +1058,31 @@ jme_encap(struct jme_softc *sc, struct m struct jme_txdesc *txd; struct jme_desc *desc; struct mbuf *m; - int maxsegs; int error, i, prod; uint32_t cflags; prod = sc->jme_cdata.jme_tx_prod; txd = &sc->jme_cdata.jme_txdesc[prod]; - maxsegs = (JME_TX_RING_CNT - sc->jme_cdata.jme_tx_cnt) - - (JME_TXD_RSVD + 1); - if (maxsegs > JME_MAXTXSEGS) - maxsegs = JME_MAXTXSEGS; - if (maxsegs < (sc->jme_txd_spare - 1)) - panic("%s: not enough segments %d", sc->sc_dev.dv_xname, - maxsegs); - error = bus_dmamap_load_mbuf(sc->sc_dmat, txd->tx_dmamap, *m_head, BUS_DMA_NOWAIT); + if (error != 0 && error != EFBIG) + goto drop; if (error != 0) { - bus_dmamap_unload(sc->sc_dmat, txd->tx_dmamap); - error = EFBIG; - } - if (error == EFBIG) { if (m_defrag(*m_head, M_DONTWAIT)) { - printf("%s: can't defrag TX mbuf\n", - sc->sc_dev.dv_xname); - m_freem(*m_head); - *m_head = NULL; - return (ENOBUFS); + error = ENOBUFS; + goto drop; } - error = bus_dmamap_load_mbuf(sc->sc_dmat, -txd->tx_dmamap, *m_head, -BUS_DMA_NOWAIT); - if (error != 0) { - printf("%s: could not load defragged TX mbuf\n", - sc->sc_dev.dv_xname); - m_freem(*m_head); - *m_head = NULL; - return (error); - } - } else if (error) { - printf("%s: could not load TX mbuf\n", sc->sc_dev.dv_xname); - return (error); + error = bus_dmamap_load_mbuf(sc->sc_dmat, txd->tx_dmamap, +*m_head, BUS_DMA_NOWAIT); + if (error != 0) + goto drop; + } + + if (sc->jme_cdata.jme_tx_cnt + txd->tx_dmamap->dm_nsegs + + 1 > JME_TX_RING_CNT - 1) { + bus_dmamap_unload(sc->sc_dmat, txd->tx_dmamap); + return (ENOBUFS); } m = *m_head; @@ -1127,7 +1110,6 @@ jme_encap(struct jme_softc *sc, struct m desc->addr_hi = htole32(m->m_pkthdr.len); desc->addr_lo = 0; sc->jme_cdata.jme_tx_cnt++; - KASSERT(sc->jme_cdata.jme_tx_cnt < JME_TX_RING_CNT - JME_TXD_RSVD); JME_DESC_INC(prod, JME_TX_RING_CNT); for (i = 0; i < txd->tx_dmamap->dm_nsegs; i++) { desc = &sc->jme_rdata.jme_tx_ring[prod]; @@ -1137,10 +1119,7 @@ jme_encap(struct jme_softc *sc, struct m htole32(JME_ADDR_HI(txd->tx_dmamap->dm_segs[i].ds_addr)); desc->addr_lo = htole32(JME_ADDR_LO(txd->tx_dmamap->dm_segs[i].ds_addr)); - sc->jme_cdata.jme_tx_cnt++; - KASSERT(sc->jme_cdata.jme_tx_cnt <= -JME_TX_RING_CNT - JME_TXD_RSVD); JME_DESC_INC(prod, JME_TX_RING_CNT); } @@ -1163,6 +1142,11 @@ jme_encap(struct jme_softc *sc, struct m sc->jme_cdata.jme_tx_ring_map->dm_mapsize, BUS_DMASYNC_PREWRITE); return (0); + + drop: + m_freem(*m_head); + *m_head = NULL; + return (error); } void @@ -1204,13 +1188,13 @@ jme_start(struct ifnet *ifp) * for the NIC to drain the ring. */ if (jme_encap(sc, &m_head)) { - if (m_head == NULL) { + if (m_head == NULL) ifp->if_oerrors++; - break; - } - ifp->if_flags |= IFF_
Kernel panic with jme driver
Hello, i own a Shuttle XS35v2 and actually run OpenBSD 5.2 amd64 (SMP) on it. I run OpenBSD on this hardware since 4.9 and i always encountered the following problem, sorry for the late report it took me some time to identify it: The NIC uses the jme driver which run in a kernel panic each time i upload data from the XS35v2 to any other machine with a transfer rate above 7 Mbits/s (XS35v2 -> other PC). No problem at all when downloading. I made some tests that you can follow to easily reproduce the crash: On the XS35: iperf -s On the other machine: iperf -c IP_XS35 -n 2048M -d This is a screenshot of the kernel panic message: https://cloud.geekandfree.org/public.php?service=files&t=06ff6a95949e392989191588d360b875&download and i join the dmesg: OpenBSD 5.2 (GENERIC.MP) #368: Wed Aug 1 10:04:49 MDT 2012 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2136670208 (2037MB) avail mem = 2057482240 (1962MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xfc8b0 (23 entries) bios0: vendor American Megatrends Inc. version "080015" date 06/23/2011 bios0: Standard XS35 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC MCFG SLIC OEMB HPET GSCI acpi0: wakeup devices P0P1(S4) AZAL(S3) P0P4(S4) P0P5(S4) JLAN(S3) P0P6(S4) P0P7(S4) P0P8(S4) P0P9(S4) USB0(S3) USB1(S3) USB2(S3) USB3(S3) EUSB(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Atom(TM) CPU D525 @ 1.80GHz, 2154.83 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF cpu0: 512KB 64b/line 8-way L2 cache cpu0: apic clock running at 199MHz cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Atom(TM) CPU D525 @ 1.80GHz, 1795.50 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF cpu1: 512KB 64b/line 8-way L2 cache cpu2 at mainbus0: apid 1 (application processor) cpu2: Intel(R) Atom(TM) CPU D525 @ 1.80GHz, 1795.50 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF cpu2: 512KB 64b/line 8-way L2 cache cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Atom(TM) CPU D525 @ 1.80GHz, 1795.50 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF cpu3: 512KB 64b/line 8-way L2 cache ioapic0 at mainbus0: apid 4 pa 0xfec0, version 20, 24 pins ioapic0: misconfigured as apic 3, remapped to apid 4 acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 4 (P0P1) acpiprt2 at acpi0: bus 1 (P0P4) acpiprt3 at acpi0: bus 2 (P0P5) acpiprt4 at acpi0: bus -1 (P0P6) acpiprt5 at acpi0: bus 3 (P0P7) acpiprt6 at acpi0: bus -1 (P0P8) acpiprt7 at acpi0: bus -1 (P0P9) acpiec0 at acpi0 acpicpu0 at acpi0 acpicpu1 at acpi0 acpicpu2 at acpi0 acpicpu3 at acpi0 acpitz0 at acpi0: critical temperature is 104 degC acpibtn0 at acpi0: SLPB acpibtn1 at acpi0: PWRB acpivideo0 at acpi0: GFX0 acpivout0 at acpivideo0: LCD_ pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel Pineview DMI" rev 0x02 vga1 at pci0 dev 2 function 0 "Intel Pineview Video" rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) intagp0 at vga1 agp0 at intagp0: aperture at 0xd000, size 0x1000 inteldrm0 at vga1: apic 4 int 16 drm0 at inteldrm0 "Intel Pineview Video" rev 0x02 at pci0 dev 2 function 1 not configured azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: msi azalia0: codecs: IDT 92HD81B1X audio0 at azalia0 ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02: msi pci1 at ppb0 bus 1 ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02: msi pci2 at ppb1 bus 2 "JMicron SD/MMC" rev 0x80 at pci2 dev 0 function 0 not configured sdhc0 at pci2 dev 0 function 2 "JMicron SD Host Controller" rev 0x80: apic 4 int 18 sdmmc0 at sdhc0 "JMicron Memory Stick" rev 0x80 at pci2 dev 0 function 3 not configured jme0 at pci2 dev 0 function 5 "JMicron JMC250" rev 0x03: apic 4 int 17, address 80:ee:73:13:59:fa jmphy0 at jme0 phy 1: JMP211 10/100/1000 PHY, rev. 1 ppb2 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x02: msi pci3 at ppb2 bus 3 "Realtek 8188CE" rev 0x01 at pci3 dev 0 function 0 not configured uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x02: apic 4 int 23 uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x02: apic 4 int 19 uhci2 at
Re: serial over USB
Hi, Is anybody using an USB-to-serial connection to an ALIX? Yes i am. We have many Alix 2D13 boards that we use as routers running OpenBSD 5.2 on many sites. I use a USB-to-serial cable to configure them without problem but i've never used anything else than screen or minicom. You could try with these tools... The default baud rate on alix boards is 38400 but can be changed in cmos setup if you want (pressing S during memory test). Morgan
Re: spamd-setup in crontab
Thanks for the tips but does anyone know where this problem come from ? Le 14/11/2011 10:13, Manuel Giraud a C)crit : Hi, I've just set up a mail server with 5.0. I have put spamd in front (in default greylisting mode). It works great following the man pages but when I activate the spamd-setup entry in root's crontab, I receive the following error by mail: spamd-setup: ftp: Could not add blacklist uatrapsWriting -: : Illegal seek Broken pipe If i call spamd-setup as root i have no error message. (note: I've used the default /etc/mail/spamd.conf file). How can I sort this out?
Re: spamd-setup in crontab
Same error message since one week on an old 4.6 install. But i didn't find the origin yet... Le 14/11/2011 10:13, Manuel Giraud a C)crit : Hi, I've just set up a mail server with 5.0. I have put spamd in front (in default greylisting mode). It works great following the man pages but when I activate the spamd-setup entry in root's crontab, I receive the following error by mail: spamd-setup: ftp: Could not add blacklist uatrapsWriting -: : Illegal seek Broken pipe If i call spamd-setup as root i have no error message. (note: I've used the default /etc/mail/spamd.conf file). How can I sort this out?
Re: dhcrelay and rc.d in OpenBSD 5.0
On Wed, Nov 09, 2011 at 05:36:54PM +0100, Comhte wrote: Hi, In 4.9, i used to start dhcrelay using /etc/rc.local like this: /usr/sbin/dhcrelay -i vlan2 10.0.45.11 /usr/sbin/dhcrelay -i vlan5 10.0.45.11 /usr/sbin/dhcrelay -i vlan7 10.0.45.11 /usr/sbin/dhcrelay -i vlan100 10.11.1.8 10.22.1.8 /usr/sbin/dhcrelay -i vlan101 10.11.1.8 10.22.1.8 but now with 5.0, i saw that there was a script /etc/rc.d/dhcrelay so, what is now the best way to set up all my dhcp relays ? Le 09/11/2011 18:59, Antoine Jacoutot a icrit : You can still use rc.local(8) for that, it's easier when you have multiple dhcrelay running. Ok, thanks a lot.
dhcrelay and rc.d in OpenBSD 5.0
Hi, In 4.9, i used to start dhcrelay using /etc/rc.local like this: /usr/sbin/dhcrelay -i vlan2 10.0.45.11 /usr/sbin/dhcrelay -i vlan5 10.0.45.11 /usr/sbin/dhcrelay -i vlan7 10.0.45.11 /usr/sbin/dhcrelay -i vlan100 10.11.1.8 10.22.1.8 /usr/sbin/dhcrelay -i vlan101 10.11.1.8 10.22.1.8 but now with 5.0, i saw that there was a script /etc/rc.d/dhcrelay so, what is now the best way to set up all my dhcp relays ? Thanks
Re: Control of OpenBSD through a web interface
Without the need of a web interface, if your goal is to automate some boring tasks, you can have a look at Fabric (http://fabfile.org). I use it with a lot of servers everyday and it's very easy to script whatever you want. Morgan Le 15/06/2011 20:36, Jean-Frangois SIMON a icrit : Hi, I have a remote controlled machine which I manage by ssh and yet I'm in the process of making up a small web page through which basic commands can be passed. I have no clear idea regarding how to design this, in the first place I thought about a cgi script written in C which I did manage to have it say "hello world" at the present time, but not yet much more. There's not yet clear clues regarding how to make this peace of web interface talk to the system and I would like to make it clean by means of elegant way to deal with web page<-> system communication. Any clue regarding the way it could be ? Thanks, Jean-Frangois
Re: Problems with 4.5 as a KVM guest
same problem for me too. Michiel van Baak a icrit : > On 10:36, Sun 05 Jul 09, stan wrote: >> I am trying to get OpenBSD 4.5 working as a guest OS using KVM on Linux. I >> have been able to get 4.4 to install and run fine, but 4.5 never gives me a >> login prompt. The last message I see is about setting tty flgas. On the >> reboot after first install t paniced. > > I have the same. Google shows some others have as well. >> Any sugestions as to what to do to get this working? > > Run openbsd on real hardware :)
Re: random crashes on a firewall with OpenBSD 4.5-stable
Well i have tested the RAM with memtest, no error. maybe another idea ? Thanks Daniel Gracia Garallar a C)crit : Oh and maybe bad RAM; I've hit some nasty errors with these faulty DIMMs... :/ ComC(te escribiC3: Hi, we are using the last OpenBSD 4.5-stable release on an old Compaq Proliant ML350 as a firewall with spamd. But we encounter randomly some system crashes (once a week or two weeks). The system always displays the same message: uvm_fault (0xd080d9e00x0,0,1) -> e kernel: page fault trap, code=0 Stopped at cac_pci_l0_intr_pending+0xb push 0x34 (%eax) What do you think it could be ? I thought about maybe a hardware problem but where exactly... I join my dmesg below Thanks for your advice ! OpenBSD 4.5-stable (GENERIC) #9: Sun May 17 22:59:17 CEST 2009 r...@arwen.saintlo.fr:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) III CPU family 1266MHz ("GenuineIntel" 686-class) 1.27 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 267988992 (255MB) avail mem = 250839040 (239MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf, SMBIOS rev. 2.3 @ 0xec000 (31 entries) bios0: vendor Compaq version "D11" date 01/29/2002 bios0: Compaq ProLiant ML350 G2 acpi0 at bios0: rev 0 acpi0: tables DSDT FACP APIC SPCR acpi0: wakeup devices PBTN(S5) acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 3 (boot processor) cpu0: apic clock running at 132MHz ioapic0 at mainbus0: apid 8 pa 0xfec0, version 11, 16 pins ioapic0: misconfigured as apic 0, remapped to apid 8 ioapic1 at mainbus0: apid 2 pa 0xfec01000, version 11, 16 pins ioapic1: misconfigured as apic 0, remapped to apid 2 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 2 (PCI1) acpicpu0 at acpi0 acpitz0 at acpi0: critical temperature 31 degC acpibtn0 at acpi0: PBTN bios0: ROM list: 0xc/0x8000 0xc8000/0x1800 0xc9800/0x1800 0xcb000/0x1800 0xcc800/0x4000! 0xd0800/0x1800 0xee000/0x2000! pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 "ServerWorks CNB20LE Host" rev 0x06 pchb1 at pci0 dev 0 function 1 "ServerWorks CNB20LE Host" rev 0x06 pci1 at pchb1 bus 2 em0 at pci1 dev 1 function 0 "Intel PRO/1000T (82544GC)" rev 0x02: apic 2 int 0 (irq 5), address 00:02:b3:b9:0d:a4 em1 at pci1 dev 2 function 0 "Intel PRO/1000T (82544GC)" rev 0x02: apic 2 int 2 (irq 15), address 00:02:b3:b9:0d:7d re0 at pci1 dev 3 function 0 "D-Link Systems DGE-528T" rev 0x10: RTL8169/8110SB (0x1000), apic 2 int 4 (irq 15), address 00:1c:f0:6f:38:7e rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 3 cac0 at pci1 dev 4 function 0 "DEC Compaq SMART RAID 42xx" rev 0x01: apic 2 int 6 (irq 11), Smart Array 431 scsibus0 at cac0: 1 targets sd0 at scsibus0 targ 0 lun 0: SCSI2 0/direct fixed sd0: 34727MB, 512 bytes/sec, 71122560 sec total re1 at pci1 dev 5 function 0 "D-Link Systems DGE-528T" rev 0x10: RTL8169/8110SB (0x1000), apic 2 int 8 (irq 15), address 00:1c:f0:62:eb:12 rgephy1 at re1 phy 7: RTL8169S/8110S PHY, rev. 3 fxp0 at pci0 dev 1 function 0 "Intel 8255x" rev 0x08, i82559: apic 2 int 10 (irq 5), address 00:02:a5:44:33:f7 inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 ahc0 at pci0 dev 2 function 0 "Adaptec AHA-3960D U160" rev 0x01: apic 2 int 11 (irq 11) scsibus1 at ahc0: 16 targets, initiator 7 ahc1 at pci0 dev 2 function 1 "Adaptec AHA-3960D U160" rev 0x01: apic 2 int 11 (irq 11) scsibus2 at ahc1: 16 targets, initiator 7 st0 at scsibus2 targ 6 lun 0: SCSI2 1/sequential removable fxp1 at pci0 dev 4 function 0 "Intel 8255x" rev 0x08, i82559: apic 2 int 13 (irq 10), address 00:08:02:45:29:64 inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4 vga1 at pci0 dev 5 function 0 "ATI Rage XL" rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) "Compaq Netelligent ASMC" rev 0x00 at pci0 dev 6 function 0 not configured piixpm0 at pci0 dev 15 function 0 "ServerWorks CSB5" rev 0x92: polling iic0 at piixpm0 iic0: addr 0x28 00=a0 01=10 02=03 03=01 04=7f 05=04 06=03 07=00 08=00 09=00 0b=00 0c=03 0d=41 0e=02 0f=00 10=00 11=05 18=3a 19=10 20=ff 21=ff 28=00 29=00 2a=04 2b=00 2c=00 2d=00 2e=00 30=00 31=00 32=00 38=00 39=00 3a=00 3b=00 3c=00 3d=00 3e=00 40=08 41=08 42=80 48=03 49=03 4a=03 50=00 51=80 58=00 59=00 60=f0 61=f0 68=af 69=af 70=ff 71=00 78=ff 79=ff 80=2b 81=37 82=ff 88=f0 89=f0 8a=f0 90=3c 91=46 92=ff 98=37 99=41 9a=ff a0=22 a1=2d a2=80 a8=ff a9=ff b0=00 b1=00 b8=06 b9=00 words 00=a0a0 01=1010 02=0303 03=0101 04=7f7f 05=0404 06=0303 07= spdmem0 at iic0 addr 0x50: 256MB SDRAM registered ECC PC133CL2 pciide0 at pci0 dev 15 function 1 "ServerWorks CSB5 IDE" rev 0x92: DMA atapiscsi0 at pciide0 channel 0 drive 0 scsibus3 at atapiscsi0: 2 targets cd0 at scsibus3 targ 0 lun 0: ATAPI 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, DMA mode 2 ohci0 at pci0 dev
random crashes on a firewall with OpenBSD 4.5-stable
Hi, we are using the last OpenBSD 4.5-stable release on an old Compaq Proliant ML350 as a firewall with spamd. But we encounter randomly some system crashes (once a week or two weeks). The system always displays the same message: uvm_fault (0xd080d9e00x0,0,1) -> e kernel: page fault trap, code=0 Stopped at cac_pci_l0_intr_pending+0xb push 0x34 (%eax) What do you think it could be ? I thought about maybe a hardware problem but where exactly... I join my dmesg below Thanks for your advice ! OpenBSD 4.5-stable (GENERIC) #9: Sun May 17 22:59:17 CEST 2009 r...@arwen.saintlo.fr:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) III CPU family 1266MHz ("GenuineIntel" 686-class) 1.27 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 267988992 (255MB) avail mem = 250839040 (239MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf, SMBIOS rev. 2.3 @ 0xec000 (31 entries) bios0: vendor Compaq version "D11" date 01/29/2002 bios0: Compaq ProLiant ML350 G2 acpi0 at bios0: rev 0 acpi0: tables DSDT FACP APIC SPCR acpi0: wakeup devices PBTN(S5) acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 3 (boot processor) cpu0: apic clock running at 132MHz ioapic0 at mainbus0: apid 8 pa 0xfec0, version 11, 16 pins ioapic0: misconfigured as apic 0, remapped to apid 8 ioapic1 at mainbus0: apid 2 pa 0xfec01000, version 11, 16 pins ioapic1: misconfigured as apic 0, remapped to apid 2 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 2 (PCI1) acpicpu0 at acpi0 acpitz0 at acpi0: critical temperature 31 degC acpibtn0 at acpi0: PBTN bios0: ROM list: 0xc/0x8000 0xc8000/0x1800 0xc9800/0x1800 0xcb000/0x1800 0xcc800/0x4000! 0xd0800/0x1800 0xee000/0x2000! pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 "ServerWorks CNB20LE Host" rev 0x06 pchb1 at pci0 dev 0 function 1 "ServerWorks CNB20LE Host" rev 0x06 pci1 at pchb1 bus 2 em0 at pci1 dev 1 function 0 "Intel PRO/1000T (82544GC)" rev 0x02: apic 2 int 0 (irq 5), address 00:02:b3:b9:0d:a4 em1 at pci1 dev 2 function 0 "Intel PRO/1000T (82544GC)" rev 0x02: apic 2 int 2 (irq 15), address 00:02:b3:b9:0d:7d re0 at pci1 dev 3 function 0 "D-Link Systems DGE-528T" rev 0x10: RTL8169/8110SB (0x1000), apic 2 int 4 (irq 15), address 00:1c:f0:6f:38:7e rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 3 cac0 at pci1 dev 4 function 0 "DEC Compaq SMART RAID 42xx" rev 0x01: apic 2 int 6 (irq 11), Smart Array 431 scsibus0 at cac0: 1 targets sd0 at scsibus0 targ 0 lun 0: SCSI2 0/direct fixed sd0: 34727MB, 512 bytes/sec, 71122560 sec total re1 at pci1 dev 5 function 0 "D-Link Systems DGE-528T" rev 0x10: RTL8169/8110SB (0x1000), apic 2 int 8 (irq 15), address 00:1c:f0:62:eb:12 rgephy1 at re1 phy 7: RTL8169S/8110S PHY, rev. 3 fxp0 at pci0 dev 1 function 0 "Intel 8255x" rev 0x08, i82559: apic 2 int 10 (irq 5), address 00:02:a5:44:33:f7 inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4 ahc0 at pci0 dev 2 function 0 "Adaptec AHA-3960D U160" rev 0x01: apic 2 int 11 (irq 11) scsibus1 at ahc0: 16 targets, initiator 7 ahc1 at pci0 dev 2 function 1 "Adaptec AHA-3960D U160" rev 0x01: apic 2 int 11 (irq 11) scsibus2 at ahc1: 16 targets, initiator 7 st0 at scsibus2 targ 6 lun 0: SCSI2 1/sequential removable fxp1 at pci0 dev 4 function 0 "Intel 8255x" rev 0x08, i82559: apic 2 int 13 (irq 10), address 00:08:02:45:29:64 inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4 vga1 at pci0 dev 5 function 0 "ATI Rage XL" rev 0x27 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) "Compaq Netelligent ASMC" rev 0x00 at pci0 dev 6 function 0 not configured piixpm0 at pci0 dev 15 function 0 "ServerWorks CSB5" rev 0x92: polling iic0 at piixpm0 iic0: addr 0x28 00=a0 01=10 02=03 03=01 04=7f 05=04 06=03 07=00 08=00 09=00 0b=00 0c=03 0d=41 0e=02 0f=00 10=00 11=05 18=3a 19=10 20=ff 21=ff 28=00 29=00 2a=04 2b=00 2c=00 2d=00 2e=00 30=00 31=00 32=00 38=00 39=00 3a=00 3b=00 3c=00 3d=00 3e=00 40=08 41=08 42=80 48=03 49=03 4a=03 50=00 51=80 58=00 59=00 60=f0 61=f0 68=af 69=af 70=ff 71=00 78=ff 79=ff 80=2b 81=37 82=ff 88=f0 89=f0 8a=f0 90=3c 91=46 92=ff 98=37 99=41 9a=ff a0=22 a1=2d a2=80 a8=ff a9=ff b0=00 b1=00 b8=06 b9=00 words 00=a0a0 01=1010 02=0303 03=0101 04=7f7f 05=0404 06=0303 07= spdmem0 at iic0 addr 0x50: 256MB SDRAM registered ECC PC133CL2 pciide0 at pci0 dev 15 function 1 "ServerWorks CSB5 IDE" rev 0x92: DMA atapiscsi0 at pciide0 channel 0 drive 0 scsibus3 at atapiscsi0: 2 targets cd0 at scsibus3 targ 0 lun 0: ATAPI 5/cdrom removable cd0(pciide0:0:0): using PIO mode 4, DMA mode 2 ohci0 at pci0 dev 15 function 2 "ServerWorks OSB4/CSB5 USB" rev 0x05: apic 8 int 10 (irq 10), version 1.0, legacy support pchb2 at pci0 dev 15 function 3 "ServerWorks CSB5 LPC" rev 0x00 usb0 at ohci0: USB revision 1.0 uhub0 at usb0 "ServerWo
Re: Problem with binat and ftp-proxy
This was a good advice Stuart ! Thanks ! I used a pair of nat and rdr rule to replace my binat rule and it works as expected ! thanks again guys. Stuart Henderson a icrit : On 2008-09-30, Comhte <[EMAIL PROTECTED]> wrote: I use ftp-proxy to allow ftp client connexions from my LAN and it works well. On my DMZ, i have multiple servers (web,dns,smtp,etc...) and they have all one different public IP. So, i use binat rules to nat them easily and it works fine too. But i need to allow these servers on DMZ to make FTP client connexions to external servers too. So I have put a rdr rule like the one i did for my lan to make my DMZ servers use the ftp-proxy daemon. But this doesn't work, i can only connect to external FTP servers from my DMZ servers if disable the binat rule associated with the server which try to connect. My question is, is there a mean to do what i want to do ? :) pf.conf(5) Evaluation order of the translation rules is dependent on the type of the translation rules and of the direction of a packet. binat rules are al- ways evaluated first. Then either the rdr rules are evaluated on an in- bound packet or the nat rules on an outbound packet. Rules of the same type are evaluated in the same order in which they appear in the ruleset. The first matching rule decides what action is taken. So you need to disable the binat rule and use a pair of nat and rdr instead.
Re: Problem with binat and ftp-proxy
Indeed, this doesn't work either. I think i will try what Stuart proposed whereas i don't really see how to do... thanks Calomel a icrit : See if this works for you. Using the ftp proxy with binat probably will not work. Lets say 100.20.30.40 is the external ip. # cat /etc/rc.local /usr/sbin/ftp-proxy -a 100.20.30.40 -p 8021 -q bulk # cat /etc/pf.conf Translation ### rdr on $DMZIf inet proto tcp from $DMZ to any port ftp -> lo0 port 8021 Filtering # pass in log on $DMZIf inet proto tcp from $DMZ to lo0 port 8021 $TcpState $FtpIntIf Ftp-Proxy "how to" (forward and reverse proxy) https://calomel.org/ftp_proxy.html -- Calomel @ https://calomel.org Open Source Research and Reference On Tue, Sep 30, 2008 at 01:09:25PM +0200, Com??te wrote: Hi, i run an OpenBSD 4.3 firewall with 3 network interfaces : 1 LAN, 1 WAN and 1 DMZ I use ftp-proxy to allow ftp client connexions from my LAN and it works well. On my DMZ, i have multiple servers (web,dns,smtp,etc...) and they have all one different public IP. So, i use binat rules to nat them easily and it works fine too. But i need to allow these servers on DMZ to make FTP client connexions to external servers too. So I have put a rdr rule like the one i did for my lan to make my DMZ servers use the ftp-proxy daemon. But this doesn't work, i can only connect to external FTP servers from my DMZ servers if disable the binat rule associated with the server which try to connect. My question is, is there a mean to do what i want to do ? :) Thanks a lot ! below an extract of my pf rules: nat on $ext_if from !$ext_if to any -> $firewall_pub nat-anchor "ftp-proxy/*" binat on $ext_if from $dns1_priv to any -> $dns1_pub binat on $ext_if from $dns2_priv to any -> $dns2_pub binat on $ext_if from $web_ville_priv to any -> $web_ville_pub binat on $int_if from $web_ville_priv to any -> $web_ville_pub rdr-anchor "ftp-proxy/*" rdr on { $int_if $dmz1_if } proto tcp from any to any port ftp -> lo0 port 8021 ... pass in quick log on $dmz1_if inet proto tcp from $DMZ1 to lo0 port 8021 pass in quick log on $int_if inet proto tcp from to lo0 port 8021 anchor "ftp-proxy/*" ...
Problem with binat and ftp-proxy
Hi, i run an OpenBSD 4.3 firewall with 3 network interfaces : 1 LAN, 1 WAN and 1 DMZ I use ftp-proxy to allow ftp client connexions from my LAN and it works well. On my DMZ, i have multiple servers (web,dns,smtp,etc...) and they have all one different public IP. So, i use binat rules to nat them easily and it works fine too. But i need to allow these servers on DMZ to make FTP client connexions to external servers too. So I have put a rdr rule like the one i did for my lan to make my DMZ servers use the ftp-proxy daemon. But this doesn't work, i can only connect to external FTP servers from my DMZ servers if disable the binat rule associated with the server which try to connect. My question is, is there a mean to do what i want to do ? :) Thanks a lot ! below an extract of my pf rules: nat on $ext_if from !$ext_if to any -> $firewall_pub nat-anchor "ftp-proxy/*" binat on $ext_if from $dns1_priv to any -> $dns1_pub binat on $ext_if from $dns2_priv to any -> $dns2_pub binat on $ext_if from $web_ville_priv to any -> $web_ville_pub binat on $int_if from $web_ville_priv to any -> $web_ville_pub rdr-anchor "ftp-proxy/*" rdr on { $int_if $dmz1_if } proto tcp from any to any port ftp -> lo0 port 8021 ... pass in quick log on $dmz1_if inet proto tcp from $DMZ1 to lo0 port 8021 pass in quick log on $int_if inet proto tcp from to lo0 port 8021 anchor "ftp-proxy/*" ...
Re: security fixes for packages
So i make a proposal to avoid "clueless guy" like me to ask this question which seems to cause so many troubles: What do you think about posting a message on this page: http://www.openbsd.org/pkg-stable.html which could say in a better english as mine :) : "OpenBSD -stable packages are not maintained anymore due to a lack of resources. If you are interested, you are welcome to give your help." ? Comete LEFIEUX Morgan a icrit : Hi, i was looking at this page http://www.openbsd.org/pkg-stable.html and would like to know why there is no security fixes for packages after 4.1 release ? Thanks. Comete
Re: security fixes for packages
uh uh ! Don't be so nervous guy ! I just would like to know the reason why these fixes weren't provided. I can understand now as you tell me (so gently...) that there isn't enough people to work on it. Ok i know the time such projects can take and it would have been easier to tell things like this, but when i asked the question, the first answer given to me was this link: http://marc.info/?l=openbsd-misc&m=119931837024703&w=2 where it is said that -stable and -release are no use... i don't agree with this and it doesn't answer to my question i think. So please, it's my turn to give you an advice, as you know to give them very well: keep cool :) and smile a bit... anyway the thread is closed, thanks. Comete Daniel Ouellet a icrit : Comhte wrote: Ok, so does it mean that -stable or -release are useless ??? and people buy useless CDs every 6 monthes ? I can't believe it. I really don't understand why these fixes are not provided anymore. Then do something about it and start contributing too. May be you will see how painful this is to do when you will actually do something like that and then have big mouth clueless guys like you acting like you do now complaining about your freely given time to the project and thankless users like you. They give you their time and you have the guts to complain and asked them to do more then they already do freely and on their own time!? No wonder that they do less and less in some special cases like this. Keep complaining and may be one day it will simply not be available at all anymore. Then what will you do... Apologies then? i don't want to go back to Debian... ;) No one stop you by the way and I am sure you will not be miss either with your ungrateful attitude. With all due respect, you should think before you write this one, really. It is given free out of goodwill to you and you think you deserved more? Regards, Daniel
Re: security fixes for packages
Ok, so does it mean that -stable or -release are useless ??? and people buy useless CDs every 6 monthes ? I can't believe it. I really don't understand why these fixes are not provided anymore. i don't want to go back to Debian... ;) Stijn a icrit : Check the archives. This question has been answered already several times. Here's an answer from Nick Holland on such a question: http://marc.info/?l=openbsd-misc&m=119931837024703&w=2 BR, Stijn LEFIEUX Morgan wrote: Hi, i was looking at this page http://www.openbsd.org/pkg-stable.html and would like to know why there is no security fixes for packages after 4.1 release ? Thanks. Comete
Re: About Squid port for OpenBSD 4.2
Thanks but that doesn't help me, could you explain please ? Alexander Schrijver a icrit : openldap includes are installed in /usr/local/include/ and libraries in /usr/local/lib/.
About Squid port for OpenBSD 4.2
Hi, i'm trying to recompile SQUID 2.6-STABLE13 port for OpenBSD 4.2 with LDAP auth helpers and ldap_group helpers support and get errors during the compilation. This is what i modified in the Makefile: ... CONFIGURE_ARGS+=--datadir="${PREFIX}/share/squid" \ --enable-auth="basic digest" \ --enable-arp-acl \ --enable-basic-auth-helpers="NCSA YP LDAP" \ --enable-digest-auth-helpers="password" \ --enable-external-acl-helpers="ip_user unix_group ldap_group" \ --enable-removal-policies="lru heap" \ --enable-ssl \ --enable-storeio="ufs diskd null" \ --localstatedir="${SQUIDDIR}" ... i precise that i have installed openldap-client package before to get the ldap libraries and this is what i get when building Squid: # make Making all in LDAP if cc -DHAVE_CONFIG_H -I. -I/usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP -I../../../include -I/usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/include -O2 -pipe -MT squid_ldap_auth.o -MD -MP -MF ".deps/squid_ldap_auth.Tpo" -c -o squid_ldap_auth.o /usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c; then mv -f ".deps/squid_ldap_auth.Tpo" ".deps/squid_ldap_auth.Po"; else rm -f ".deps/squid_ldap_auth.Tpo"; exit 1; fi /usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:121:18: lber.h: No such file or directory /usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:122:18: ldap.h: No such file or directory /usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:135: error: `LDAP_SCOPE_SUBTREE' undeclared here (not in a function) /usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:139: error: `LDAP_DEREF_NEVER' undeclared here (not in a function) /usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:145: error: `LDAP_NO_LIMIT' undeclared here (not in a function) /usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:152: error: syntax error before '*' token /usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:206: error: syntax error before '*' token /usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c: In function `squid_ldap_errno': /usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:208: error: `ld' undeclared (first use in this function) /usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:208: error: (Each undeclared identifier is reported only once /usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:208: error: for each function it appears in.) /usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c: At top level: /usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:211: error: syntax error before '*' token /usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c: In function `squid_ldap_set_aliasderef': /usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:213: error: `ld' undeclared (first use in this function) /usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:213: error: `deref' undeclared (first use in this function) /usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c: At top level: /usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:216: error: syntax error before '*' token /usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c: In function `squid_ldap_set_referrals': /usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:218: error: `referrals' undeclared (first use in this function) /usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:219: error: `ld' undeclared (first use in this function) /usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:219: error: `LDAP_OPT_REFERRALS' undeclared (first use in this function) /usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c: At top level: /usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:224: error: syntax error before '*' token /usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c: In function `squid_ldap_set_
ACLs in CUPS with users/groups in a LDAP directory
Hi, i would like to use the ACLs in CUPS to give access to users and groups from a LDAP directory. I already did this on a linux machine with pam-ldap and nss-ldap, but on OpenBSD, pam and nss are not supported. So i wonder if it was possible to do this another way ? thanks Comete