Re: Cannot make state when using 'user' option in pf.conf
On Sun, Jan 26, 2014 at 04:03:59AM +0400, Vadim Zhukov wrote: 2014/1/26 Jiri B ji...@devio.us: Hello, I'm trying to understand why there's no PF state for a outgoing rule dedicated to dnscrypt-proxy (668) daemon. pf.conf says 'user' option needs effective ID... # ps -axo uid,ruid,gid,rgid,pid,args | grep dnscrypt 688 688 688 688 16665 /usr/local/sbin/dnscrypt-proxy -d --local-address=127.0.0.1:5331 --user=_dnscrypt-proxy # pfctl -sr block drop out log quick on egress from ! (egress:0) to any anchor test-out all pass out log quick on egress inet proto udp from any to 208.67.220.220 port = 443 user = 688 pass out log quick on egress inet proto tcp from any to 208.67.220.220 port = 443 user = 688 flags S/SA pass out log quick on egress inet proto icmp all icmp-type echoreq block drop in log quick from no-route to any block drop in log quick from urpf-failed to any block drop out log quick all block drop in log quick on egress inet from any to 255.255.255.255 anchor test-in all pass in log quick on egress inet proto icmp from any to (egress:0) icmp-type echoreq code 0 pass in log quick on egress inet proto tcp from any to (egress:0) port = 22 flags S/SA block drop in log quick all Now when dnscrypt-proxy tries to make a connection it is blocked. Interestingly there's even no logged outgoing connection, but just blocked return. # tcpdump -i pflog0 -n -e -ttt -vv tcpdump: WARNING: snaplen raised from 116 to 160 tcpdump: listening on pflog0, link-type PFLOG Jan 26 00:41:00.884036 rule 7/(match) [uid 0, pid 23524] block out on iwn0: [uid 0, pid 16665] 192.168.1.100.10976 208.67.220.220.443: udp 512 (ttl 64, id 9876, len 540, bad cksum 208! differs by e108) (from anchor) # pfctl -ss all tcp 192.168.1.100:16505 - 66.7.199.108:22 ESTABLISHED:ESTABLISHED Well it works if I add dnscrypt-proxy rule for root but why? Because the socket (hint: 1024) was opened with root rights, and therefore the uid=0 was saved there. But dnscrypt-proxy here listens on 5331 port and acts as client, it means it tries to connect to remote port 443. And what about not logged outgoing rule? jirib
Re: athn weirdness with two subnets
On Sunday 26 January 2014 04:29:54 Giancarlo Razzolini wrote: Em 25-01-2014 19:15, Eike Lantzsch escreveu: On Saturday 25 January 2014 11:11:43 you wrote: if you want athn0 and vr1 to be on the same network, bridge them together then assign an IP address to only one of the two. -ken Thanks Ken for the hint! I reckon that assigning IP addresses to both interfaces in the same network is not the correct approach. I tried your hint and at least the ALIX 2d13 is routing again. Just for the record: athn0 is the interface to assign the IP address. Otherwise it gets status no network and will not come up. # cat /etc/hostname.athn0 inet 192.168.12.1 255.255.255.128 chan 108 mediaopt hostap nwid mywlanid wpakey somelongkey # cat /etc/hostname.vr1 up media autoselect # cat /etc/hostname.bridge0 add athn0 add vr1 up And for the record again because somebody else had problems with this card: I can now connect via WiFi with my MACbook-Air on 5GHz (channel 108) but my Samsung Galaxy3 does not want to connect although it sees the network and the field strength is -39dBm @ 5540MHz. Trying the same on channel 6 results in nothing but a timeout error on both the MAC and the Samsung phone. No idea if this is due to the Compex card, the athn driver or the Samsung phone. On Sat, Jan 25, 2014 at 10:46 AM, Eike Lantzsch zp6...@gmx.net wrote: I'm using 5.4 stable on an ALIX 2D13 with Compex WLM200NX My internal network is 192.168.12.0/24 My ISP gives me 181.40.100.8 nm 255.255.255.0 gw 181.40.100.1 via DHCP with reserved IP address. This is on vr0 No problems here. I wanted to set up two internal networks on vr1: 192.168.12.0/25 and on vr2: 192.168.12.128/25 athn0 is also supposed to be on 192.168.12.0/25 The intended /etc/hostname.athn0 is: inet 192.168.12.2 255.255.255.128 /etc/hostname.vr0 dhcp /etc/hostname.vr1 inet 192.168.12.1 255.255.255.128 /etc/hostname.vr2 inet 192.168.12.129 255.255.255.128 The weirdness is as follows: according to ifconfig all interfaces are active BUT athn0 does not want to be on the same subnet with vr1 I cannot ping the internal IP 192.168.12.1 as long as athn0 is on 192.168.12.2 or any other address up to 192.168.12.126 that is in the subnet 192.168.12.128/25. I have to change athn0 to the other subnet with /etc/hostname.athn0 inet 192.168.12.130 255.255.255.128 In this case I can ping 192.168.12.1 and 192.168.12.130 (ping from inside the ALIX that is) [rest snipped for brevity] Or even better, bridge them and a vether(4) and assign the ip address to it, instead of one of the physical interfaces. Cheers, Interesting. I was just about to try this when your response came in, (OpenBSD Manual 6.9 A bridge acting as a DHCP server) but since athn0 does not come up unless I assign a network to it, I doubt that only assigning an IP to vether0 will do the trick. Does not come up is not exactly true. The interface comes up but it does not switch on the transmitter - no WiFi signal. I realise that the Atheros drivers still seem to be quite finniky - at least in hostap mode, or is this hardwired into the card? Anybody out there who did this? I can't imagine that this setup is so rare; at least every cheap consumer-grade router does this. Thanks Giancarlo! All the best Eike
Question about debugging WLAN communication
Hi! Does anybody know how to debug WiFi communications other than with this little gadget? Litepoint IQ2010 http://www.helmut-singer.de/stock/883620923.html Cheers Eike
Re: athn weirdness with two subnets
Eike Lantzsch zp6...@gmx.net writes: I realise that the Atheros drivers still seem to be quite finniky - at least in hostap mode, or is this hardwired into the card? I've only used one athn card (a pci version, I forget the exact make and model but I can dig it out of the pile) and while it was possible to get it configured, it was markedly less reliable than various ral cards I had at hand. I probably should offer that card to a developer if it's a fixable driver problem. Setting up an access point is fairly straightforward, but a flaky wireless card can be a pain. Also, if possible set up for the 5GHz band. There's a lot less noise there compared to 2.4GHz. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ Remember to set the evil bit on all malicious network traffic delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: athn weirdness with two subnets
On Sun, Jan 26, 2014 at 07:56:37AM -0300, Eike Lantzsch wrote: Interesting. I was just about to try this when your response came in, (OpenBSD Manual 6.9 A bridge acting as a DHCP server) but since athn0 does not come up unless I assign a network to it, I doubt that only assigning an IP to vether0 will do the trick. Does not come up is not exactly true. The interface comes up but it does not switch on the transmitter - no WiFi signal. Did you try 'ifconfig athn0 up'? Or likewise a line saying 'up' in /etc/hostname.athn0? vether and bridge are indeed the way to go. I'm running a setup like this and it works. This example should give you a working configuration (assuming vr0 is your LAN interface): # cat /etc/hostname.athn0 nwid mynetwork wpakey 'mypassword' media autoselect mode 11g mediaopt hostap chan 11 up # cat /etc/hostname.vether0 inet 10.1.1.1 255.255.255.0 NONE up # cat /etc/hostname.vr0 up # cat /etc/hostname.bridge0 add vether0 add vr0 add athn0 up
Re: Question about debugging WLAN communication
On Sun, Jan 26, 2014 at 08:06:51AM -0300, Eike Lantzsch wrote: Hi! Does anybody know how to debug WiFi communications other than with this little gadget? Try something like this: tcpdump -y IEEE802_11 -i athn0 tcpdump -y IEEE802_11_RADIO -i athn0 As usual, see the tcpdump man page for details.
Re: athn(4) questions about Tx power, Rx gain, and setting media (AR9220)
On Sat, Jan 25, 2014 at 05:36:55PM +0100, Márton Drótos wrote: This is a high power card, with 25dBm output power @802.11g 6Mbit and 22dBm @802.11g 54Mbit, and is connected to a pair of 8dBi omnidirectional antennae. However, both its range and its signal level at the same distance is similar to those of my generic wireless router provided by my ISP. An other interesting aspect is that when I connect to it either with an Android phone or with a laptop (Kubuntu or Linux Mint), they correctly connect with 802.11g 54Mbit, but tend to randomly downgrade the connection to as low as 802.11g 1Mbit, despite the fact that they are in less than 2m distance with direct visibility to the antennae. Using wget on the laptop, I couldn't get transfer speeds above ~1.5MBps (~12Mbit). I'm seeing similar behaviour with any card. OpenBSD access points always hover between 5 and 1 Mbit for me, no matter if it's ral or ath or athn or urtwn or... I believe the rate adaptation code decides to drop performance in noisy environments (i.e. most major cities where virtually every flat is now hosting an access point on the 2.4Ghz band). But I'm speculating and haven't truely investigated this yet. If you're interested in digging into this, you could study ieee80211_rssadapt.h and ieee80211_rssadapt.c, and figure out if the algorithm and its implementation are accurate (I wouldn't rule out bugs in this code), and if there are better alternatives we could use. Dragonflybsd have done some work in this area, and I would bet Linux and FreeBSD have done so, too. As to the rest of your questions: Is this the correct behaviour? Is it normal to have this amount of errors? Is there any oddity here? I don't really know. During initialization, the card is reset multiple times (needs a full reset), is this normal? This is normal. athn currently resets the chip when switching channels. The linux ath9k driver has a fast path for this where it doesn't do a full reset. But our athn driver doesn't do that at present. And I'm not even sure it's worth doing. I don't see any reference of the Tx power/gain or Rx gain settings in the logs. How could I check if the card is performing as intended? Depends on what you want to measure and under which conditions. Range? Packets per seconds? With/without much interference? All these factors influence each other. Wireless performance is generally a lot harder to measure than wired. Just because it says 54Mbit/s on the box doesn't mean you'll get that. Radio is a shared medium. Of course, if Linux or other BSDs give you better wireless performance during testing, it may well be that their driver or wireless stack is doing things we could do as well. But someone (you?) will have to dig into this and fix it, or nothing will change. Slow wifi is better than no wifi at all, so I'm trying every now and then to enhance our wifi driver support, which has started falling behind badly since Damien left the project. But I cannot spend much of my time on this. I'm willing to help where possible, of course. Furthermore, there seems to be a lot of CRC errors in the log, and beacon stuck messages. Is this normal? Again, no idea, unfortunately. Perhaps if you nicely asked Atheros for hardware documentation they would mail it to us on a pink pidgin and we could try find an answer in these docs?
OpenBSD 5.4 as guest under VMWare Server 2 install fails
Hello, I tried installing OpenBSD 5.4 as a guest OS in a VMWare Server 2 (yes, old platform) and it fails early on during the install process. Since the VMWare console doesn't allow me to copypaste the output, I took two screenshots (as per attachment but not sure if this lost support attachments). Anyway, the final message on screen is: cpu0 at mainbus0: apid 0 (boot processor) fatal protection fault (4) in supervisor mode trap type 4 code 0 eip d04a4968 cs eflags 10202 cr2 0 cpl 0 panic: trap type 4, code=0, pc=d04a4968 I first noticed this behavior when I tried installing OpenBSD 5.3. I then tried to install OpenBSD 5.2, which worked like a charm. The dmesg of the running OpenBSD 5.2 under VMWare Server 2 follows at the end. I am wondering if you could give me pointers as to why the install fails. -- nick +++dmesg of OpenBSD 5.2 OpenBSD 5.2 (GENERIC) #278: Wed Aug 1 10:04:16 MDT 2012 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Core(TM) i7-3615QM CPU @ 2.30GHz (GenuineIntel 686-class) 2.31 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,NXE,LONG,SSE3,SSSE3,CX16,SSE4.1,SSE4.2,POPCNT,LAHF real mem = 536342528 (511MB) avail mem = 516718592 (492MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 07/29/08, BIOS32 rev. 0 @ 0xfd780, SMBIOS rev. 2.4 @ 0xe4010 (45 entries) bios0: vendor Phoenix Technologies LTD version 6.00 date 07/29/2008 bios0: VMware, Inc. VMware Virtual Platform acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP BOOT APIC MCFG SRAT acpi0: wakeup devices PCI0(S3) USB_(S1) P2P0(S3) S1F0(S3) S2F0(S3) S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3) Z00P(S3) Z00Q(S3) Z00R(S3) Z00S(S3) Z00T(S3) Z00U(S3) Z00V(S3) Z00W(S3) Z00X(S3) Z00Y(S3) Z00Z(S3) Z010(S3) Z011(S3) Z012(S3) Z013(S3) Z014(S3) Z015(S3) Z016(S3) Z017(S3) Z018(S3) Z019(S3) Z01A(S3) Z01B(S3) P2P1(S3) S1F0(S3) S2F0(S3) S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3) Z00P(S3) Z00Q(S3) Z00R(S3) Z00S(S3) Z00T(S3) Z00U(S3) Z00V(S3) Z00W(S3) Z00X(S3) Z00Y(S3) Z00Z(S3) Z010(S3) Z011(S3) Z012(S3) Z013(S3) Z014(S3) Z015(S3) Z016(S3) Z017(S3) Z018(S3) Z019(S3) Z01A(S3) Z01B(S3) P2P2(S3) S1F0(S3) S2F0(S3) S3F0(S3) S4F0(S3) S5F0(S3) S6F0(S3) S7F0(S3) S8F0(S3) S9F0(S3) Z00P(S3) Z00Q(S3) Z00R(S3) Z00S(S3) Z00T(S3) Z00U(S3) Z00V(S3) Z00W(S3) Z00X(S3) Z00Y(S3) Z00Z(S3) Z010(S3) Z011(S3) Z012(S3) Z013(S3) Z014(S3) Z015(S3) Z016(S3) Z017(S3) Z018(S3) Z019(S3) Z01A(S3) Z01B(S3) P2P3(S3) S1F0(S3) S2F0(S3) S3F0(S3) S4F0(S3) S5F0(S3) S6F0! (S3) S7F0(S3) S8F0(S3) S9F0(S3) Z00P(S3) Z00Q(S3) Z00R(S3) Z00S(S3) Z00T(S3) Z00U(S3) Z00V(S3) Z00W(S3) Z00X(S3) Z00Y(S3) Z00Z(S3) Z010(S3) Z011(S3) Z012(S3) Z013(S3) Z014(S3) Z015(S3) Z016(S3) Z017(S3) Z018(S3) Z019(S3) Z01A(S3) Z01B(S3) PE40(S3) S1F0(S3) PE50(S3) S1F0(S3) PE60(S3) S1F0(S3) PE70(S3) S1F0(S3) PE80(S3) S1F0(S3) PE90(S3) S1F0(S3) PEA0(S3) S1F0(S3) PEB0(S3) S1F0(S3) PEC0(S3) S1F0(S3) PED0(S3) S1F0(S3) PEE0(S3) S1F0(S3) PE41(S3) S1F0(S3) PE42(S3) S1F0(S3) PE43(S3) S1F0(S3) PE44(S3) S1F0(S3) PE45(S3) S1F0(S3) PE46(S3) S1F0(S3) PE47(S3) S1F0(S3) PE51(S3) S1F0(S3) PE52(S3) S1F0(S3) PE53(S3) S1F0(S3) PE54(S3) S1F0(S3) PE55(S3) S1F0(S3) PE56(S3) S1F0(S3) PE57(S3) S1F0(S3) PE61(S3) S1F0(S3) PE62(S3) S1F0(S3) PE63(S3) S1F0(S3) PE64(S3) S1F0(S3) PE65(S3) S1F0(S3) PE66(S3) S1F0(S3) PE67(S3) S1F0(S3) PE71(S3) S1F0(S3) PE72(S3) S1F0(S3) PE73(S3) S1F0(S3) PE74(S3) S1F0(S3) PE75(S3) S1F0(S3) PE76(S3) S1F0(S3) PE77(S3) S1F0(S3) PE81(S3) S1F0(S3) PE82(S3) S1F0(S3) PE83(S3) S1! F0(S3) PE84(S3) S1F0(S3) PE85(S3) S1F0(S3) PE86(S3) S1F0(S3) P! E87(S3) S1F0(S3) PE91(S3) S1F0(S3) PE92(S3) S1F0(S3) PE93(S3) S1F0(S3) PE94(S3) S1F0(S3) PE95(S3) S1F0(S3) PE96(S3) S1F0(S3) PE97(S3) S1F0(S3) PEA1(S3) S1F0(S3) PEA2(S3) S1F0(S3) PEA3(S3) S1F0(S3) PEA4(S3) S1F0(S3) PEA5(S3) S1F0(S3) PEA6(S3) S1F0(S3) PEA7(S3) S1F0(S3) PEB1(S3) S1F0(S3) PEB2(S3) S1F0(S3) PEB3(S3) S1F0(S3) PEB4(S3) S1F0(S3) PEB5(S3) S1F0(S3) PEB6(S3) S1F0(S3) PEB7(S3) S1F0(S3) SLPB(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 65MHz ioapic0 at mainbus0: apid 1 pa 0xfec0, version 11, 24 pins acpimcfg0 at acpi0 addr 0xe000, bus 0-255 acpiprt0 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0 acpibat0 at acpi0: BAT1 not present acpibat1 at acpi0: BAT2 not present acpiac0 at acpi0: AC unit online acpibtn0 at acpi0: SLPB bios0: ROM list: 0xc/0x8000 0xc8000/0x1e00! 0xca000/0x1000 0xdc000/0x4000! 0xe4000/0x4000! vmt0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel 82443BX AGP rev 0x01 ppb0 at pci0 dev 1 function 0 Intel 82443BX AGP rev 0x01 pci1 at ppb0 bus 1 piixpcib0 at pci0 dev 7 function 0 Intel 82371AB PIIX4 ISA rev 0x08 pciide0 at pci0 dev 7 function 1 Intel
(off topic) Booth at SCaLE
The project has a booth at the Southern California Linux Expo (SCaLE) as it has in the past, I will be available to sit the booth and help out. https://www.socallinuxexpo.org/scale12 I've fallen out of touch with my previous contact and cannot get a hold of him. If anyone can point me in the right direction, I'd appreciate it. Thanks a ton. https://www.socallinuxexpo.org/scale12x Please contact me by e-mail off line. Thanks. Carl T.
Re: athn weirdness with two subnets
Thanks to Peter N. M. Hansteen and to Stefan Sperling! On Sunday 26 January 2014 12:35:46 Stefan Sperling wrote: On Sun, Jan 26, 2014 at 07:56:37AM -0300, Eike Lantzsch wrote: Interesting. I was just about to try this when your response came in, (OpenBSD Manual 6.9 A bridge acting as a DHCP server) but since athn0 does not come up unless I assign a network to it, I doubt that only assigning an IP to vether0 will do the trick. Does not come up is not exactly true. The interface comes up but it does not switch on the transmitter - no WiFi signal. Not true. WiFi signal now comes up on channel 108. See below Did you try 'ifconfig athn0 up'? Or likewise a line saying 'up' in /etc/hostname.athn0? vether and bridge are indeed the way to go. I'm running a setup like this and it works. This example should give you a working configuration (assuming vr0 is your LAN interface): The following adapted to my network setup: #cat /etc/hostname.vr0 dhcp # cat /etc/hostname.athn0 nwid mynetwork wpakey 'mypassword' media autoselect mediaopt hostap chan 108 #mode 11a (this is on 5GHz) up # cat /etc/hostname.vether0 inet 192.168.12.1 255.255.255.128 192.168.12.127 up # cat /etc/hostname.vr1 up # cat /etc/hostname.bridge0 add vether0 add vr1 add athn0 up dhcpd_flags=vether0 Yes, success! This works. MAC can connect but Samsung phone still not. [broadcast should not be necessary to mention explicitly but I had all kinds of weird behaviour before - so no harm done by including it in hostname] Now looking for a miniPCI ral card ... and working my way further through The Book of PF. All the best to y'all Eike -- no CC necessary. I'm subscribed to the group. but don't mind, I'm not finniky. Eike Lantzsch ZP6CGE
faq addition: working with mfs disks?
hello, what do you think of adding a faq item which will give example how /tmp (or any other write intensive temp disk partition) can be stored in mfs drive? Ilya Shipitsin
Re: faq addition: working with mfs disks?
On 01/26/14 11:31, éÌØÑ ûÉÐÉÃÉÎ wrote: hello, what do you think of adding a faq item which will give example how /tmp (or any other write intensive temp disk partition) can be stored in mfs drive? Ilya Shipitsin well... no. First, at this point, tmpfs is hopefully going to be replacing mfs (see mount_tmpfs(8)). Second, a reference in the FAQ to the man page would be good (for 5.5 or later), but beyond that, as the concept is pretty simple, any deficiencies should be addressed in the man page. Nick.
Re: Question about debugging WLAN communication
On Sunday 26 January 2014 12:37:44 Stefan Sperling wrote: On Sun, Jan 26, 2014 at 08:06:51AM -0300, Eike Lantzsch wrote: Hi! Does anybody know how to debug WiFi communications other than with this little gadget? Try something like this: tcpdump -y IEEE802_11 -i athn0 tcpdump -y IEEE802_11_RADIO -i athn0 As usual, see the tcpdump man page for details. Thanks very much! Somehow I didn't get anything with tcpdump at first but eventually made it. I see: authorization request authorization response association request association response then a few data packets from the Samsung phone but nothing from DHCP and eventually: disassociation deauthentication. So I guess that my problem is DHCP and not the wireless connection per se. At least I don't really have to see what's going on between antenna and antenna. Phew, 18000$ saved ;-) I just wonder why it works with my MACbook. The latter sends a lot of no-data packets which the Samsung phone does not. Does the athn driver or hardware think that the phone is sleeping and times out? Unfortunately I can send wireless cards to you but I'm unable to send what you need most - time. Thank you for your good work. Eike -- Eike Lantzsch ZP6CGE
Re: athn weirdness with two subnets
On Sun, Jan 26, 2014 at 01:22:17PM -0300, Eike Lantzsch wrote: The following adapted to my network setup: #cat /etc/hostname.vr0 dhcp # cat /etc/hostname.athn0 nwid mynetwork wpakey 'mypassword' media autoselect mediaopt hostap chan 108 #mode 11a (this is on 5GHz) up # cat /etc/hostname.vether0 inet 192.168.12.1 255.255.255.128 192.168.12.127 up # cat /etc/hostname.vr1 up # cat /etc/hostname.bridge0 add vether0 add vr1 add athn0 up dhcpd_flags=vether0 Yes, success! This works. Great! MAC can connect but Samsung phone still not. Perhaps the phone cannot do 5GHz wifi? chan 108 is 11a. [broadcast should not be necessary to mention explicitly but I had all kinds of weird behaviour before - so no harm done by including it in hostname] Now looking for a miniPCI ral card ... I believe it's hit and miss. I have an athn (AR9280) that works better than a ral I've got (RT2661). It may depend on chipset revisions. Newer ral devices supported by the ral driver (RT2700 and up) have been reported to work better than older ral chips.
Re: faq addition: working with mfs disks?
Nick Holland n...@holland-consulting.net wrote: First, at this point, tmpfs is hopefully going to be replacing mfs (see mount_tmpfs(8)). A word of caution: So far, if pushed hard enough, tmpfs is (1) losing files and (2) slower than actual storage on SSD. (I haven't tried with mfs.) -- Christian naddy Weisgerber na...@mips.inka.de
Re: faq addition: working with mfs disks?
On Sun, Jan 26, 2014 at 05:44:05PM +, Christian Weisgerber wrote: Nick Holland n...@holland-consulting.net wrote: First, at this point, tmpfs is hopefully going to be replacing mfs (see mount_tmpfs(8)). A word of caution: So far, if pushed hard enough, tmpfs is (1) losing files and (2) slower than actual storage on SSD. The 1st is unfortunately not reproduceable under conditions needed to debug it, and the 2nd one is dependent on a lot of parameters, like swap (measurement of mfs under same conditions welcome).
Re: faq addition: working with mfs disks?
26.1.2014 18:31, Илья Шипицин kirjoitti: hello, what do you think of adding a faq item which will give example how /tmp (or any other write intensive temp disk partition) can be stored in mfs drive? Ilya Shipitsin Now that OpenBSD has tmpfs I'd use that instead of mfs. I just added following on my /etc/fstab: none /tmp tmpfs rw,nodev,nosuid,-s=1g,-m=1777 0 0 none /var/cache tmpfs rw,nodev,nosuid,-s=128m,-m=0755 0 0 none /var/run tmpfs rw,nodev,nosuid,-s=64m,-m=0755 0 0 Timo
Re: Question about debugging WLAN communication
Eike Lantzsch zp6...@gmx.net writes: [...] I just wonder why it works with my MACbook. The latter sends a lot of no-data packets which the Samsung phone does not. Does the athn driver or hardware think that the phone is sleeping and times out? athn(4) doesn't mention this, but ath(4) does: Host AP mode doesn't support power saving. Clients attempting to use power saving mode may experience significant packet loss (disabling power saving on the client will fix this). -- jca | PGP: 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE (previous: 0x06A11494 / 61DB D9A0 00A4 67CF 2A90 8961 6191 8FBF 06A1 1494)
Novena open computing platform + openbsd?
Hi All, Saw this and found it very interesting: http://www.kosagi.com/w/index.php?title=Novena_Main_Page In summary the intention is to create an open laptop computer e.g. - All the components should have a reasonably complete set of NDA-free documentation. - No binary blobs should be required to boot and operate the system for the scenarios I care about (This one is a bit tricky). - The machine must be able to build its own firmware from source. - The physical design should be accessible. - The machine must be useful as a hardware and security hacking platform. See also: http://www.bunniestudios.com/ (Bunny is Andrew Huang - one of the primary project members.) The hardware spec. lists a Freescale iMX6 CPU, the system is currently booting a Linux kernel. How feasible would it be to get OpenBSD on this platform? What would be involved it getting a (complete) OpenBSD system implemented? (Searching didn't show me any previous discussion of novena + openbsd.) Cheers, Robb.
Re: faq addition: working with mfs disks?
previously on this list Timo Myyrä contributed: Now that OpenBSD has tmpfs I'd use that instead of mfs. I just added following on my /etc/fstab: none /tmp tmpfs rw,nodev,nosuid,-s=1g,-m=1777 0 0 none /var/cache tmpfs rw,nodev,nosuid,-s=128m,-m=0755 0 0 none /var/run tmpfs rw,nodev,nosuid,-s=64m,-m=0755 0 0 I use the script below for /dev on a ro root which uses mfs to copy /dev to /dev2 and then back so it's always updated. When I run sysmerge I just have to remember to umount /dev first to update the filesystem /dev and not the mfs and do this as the last step before a reboot to avoid issues. I think it's safe, atleast it seems alright so far. It does mean you need to restart daemons that use sockets like at the bottom of the script though. I've had one machine (faster than the others) where getty didn't come up without the sleeps though and didn't expect the sockets not being copied so I'm far from 100% sure about it or if tmpfs may be more suited or not? Can you copy files from /dev and mount to /dev in one line with tmpfs? Thinking about it now, I think I am running it from rc.local so running it early in the boot up will probably allow me to remove the sleeps and restarting the services. ___ #!/bin/sh /sbin/mount -uw / #Put /dev in ram for read only root without permission problems if [ ! -d /dev2 ]; then /bin/mkdir /dev2 fi #populate /dev2 with files from /dev except sockets (we can't do so in one go) /sbin/mount_mfs -i 2 -P /dev -s 1 /dev/wd0b /dev2 #Give time to settle so that getty runs reliably and login comes up. sleep 2 #populate /dev with files from /dev2 except sockets /sbin/mount_mfs -i 2 -P /dev2 -o nosuid,noexec -s 1 /dev/wd0b /dev sleep 2 /sbin/umount /dev2 #stop and start any daemons that create sockets in /dev /etc/rc.d/syslogd stop echo /etc/rc.d/syslogd start echo #/sbin/mount -urf / ___ -- ___ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd ___
Re: Novena open computing platform + openbsd?
On 01/26/14 18:38, Why 42? The lists account. wrote: Hi All, Saw this and found it very interesting: http://www.kosagi.com/w/index.php?title=Novena_Main_Page In summary the intention is to create an open laptop computer e.g. - All the components should have a reasonably complete set of NDA-free documentation. - No binary blobs should be required to boot and operate the system for the scenarios I care about (This one is a bit tricky). - The machine must be able to build its own firmware from source. - The physical design should be accessible. - The machine must be useful as a hardware and security hacking platform. See also: http://www.bunniestudios.com/ (Bunny is Andrew Huang - one of the primary project members.) The hardware spec. lists a Freescale iMX6 CPU, the system is currently booting a Linux kernel. How feasible would it be to get OpenBSD on this platform? What would be involved it getting a (complete) OpenBSD system implemented? (Searching didn't show me any previous discussion of novena + openbsd.) Cheers, Robb. Hi Robb, I've been following the Novena project and it could be really interesting. For OpenBSD to run on it we would need to get a couple of the Laptops to the Developers - but the imx already supports some iMX6 CPU's, but the armv7 port still needs work but is usable on the supported SoC's. hth Fred
Re: athn(4) questions about Tx power, Rx gain, and setting media (AR9220)
Hi Stefan, thank you for the response and the pointers. My replies are inline: On Sun, Jan 26, 2014 at 1:20 PM, Stefan Sperling s...@openbsd.org wrote: I believe the rate adaptation code decides to drop performance in noisy environments (i.e. most major cities where virtually every flat is now hosting an access point on the 2.4Ghz band). But I'm speculating and haven't truely investigated this yet. If you're interested in digging into this, you could study ieee80211_rssadapt.h and ieee80211_rssadapt.c, and figure out if the algorithm and its implementation are accurate (I wouldn't rule out bugs in this code), and if there are better alternatives we could use. Dragonflybsd have done some work in this area, and I would bet Linux and FreeBSD have done so, too. I will try to look at it, although I'm quite new to this topic, so the first step is to educate myself and to understand the framework. I don't see any reference of the Tx power/gain or Rx gain settings in the logs. How could I check if the card is performing as intended? Depends on what you want to measure and under which conditions. Range? Packets per seconds? With/without much interference? All these factors influence each other. Wireless performance is generally a lot harder to measure than wired. Just because it says 54Mbit/s on the box doesn't mean you'll get that. Radio is a shared medium. This is exactly why I formulated my questions as suspicions, I noticed that my high power card with high gain antennae provides similar range and signal levels as a standard wireless router, but I don't have exact measurements. I will try to dig deeper. Of course, if Linux or other BSDs give you better wireless performance during testing, it may well be that their driver or wireless stack is doing things we could do as well. But someone (you?) will have to dig into this and fix it, or nothing will change. Slow wifi is better than no wifi at all, so I'm trying every now and then to enhance our wifi driver support, which has started falling behind badly since Damien left the project. But I cannot spend much of my time on this. I'm willing to help where possible, of course. I'll try to experiment with my equipment, and I'll report my findings (and recommendations/patches, should I have any). Based on this discussion, the problems that I encountered are actually two, maybe separate issues: 1) rate adaptation issues, which generally affect access points, 2) card specific issues, which may affect Tx/Rx gain settings (or something completely different) At first, I'm planning to install Linux and/or other BSDs on my box to investigate the differences. If I find significant differences, I'll try to compare the implementations to see what is done differently. Of course I can't promise that I can come up with anything useful, but hopefully something could be improved. Best regards, Marton
dead disk
Hi, My Master machine is dead, exactly HDD(thank you God for CARP+pfsync) :). root@master[/etc]wd0(pciide0:0:0): timeout type: ata c_bcount: 16384 c_skip: 0 pciide0:0:0: bus-master DMA error: missing interrupt, status=0x20 pciide0 channel 0: reset failed for drive 0 wd0a: device timeout writing fsbn 48851424 of 48851424-48851455 (wd0 bn 48851488; cn 3040 tn 220 sn 28), retrying pciide0:0:0: not ready, st=0xd0BSY,DRDY,DSC, err=0x00 pciide0 channel 0: reset failed for drive 0 wd0a: device timeout writing fsbn 48851424 of 48851424-48851455 (wd0 bn 48851488; cn 3040 tn 220 sn 28), retrying pciide0:0:0: not ready, st=0xd0BSY,DRDY,DSC, err=0x00 pciide0 channel 0: reset failed for drive 0 wd0a: device timeout writing fsbn 48851424 of 48851424-48851455 (wd0 bn 48851488; cn 3040 tn 220 sn 28) /: got error 5 while accessing filesystem panic: softdep_deallocate_dependencies: unrecovered I/O error Stopped at Debugger+0x4: popl%ebp RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC! DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION! ddb
Re: unreliable connections
On Thu, Jan 16, 2014 at 8:26 PM, Stuart Henderson s...@spacehopper.org wrote: This could be an MTU or RWIN-related issue. Could my issue have anything to with the miscounting bug for inbound with pf on mentioned in the following commit? CVSROOT:/cvs Module name:src Changes by: henn...@cvs.openbsd.org 2014/01/23 16:51:29 Modified files: sys/net: if_bridge.c pf.c sys/netinet: ip_input.c ip_output.c ip_var.h tcp_input.c tcp_var.h udp_usrreq.c udp_var.h sys/netinet6 : ip6_output.c Log message: since the cksum rewrite the counters for hardware checksummed packets are are lie, since the software engine emulates hardware offloading and that is later indistinguishable. so kill the hw cksummed counters. introduce software checksummed packet counters instead. tcp/udp handles ip ipvshit, ip cksum covered, 6 has no ip layer cksum. as before we still have a miscounting bug for inbound with pf on, to be fixed in the next step. found by, prodding ok naddy And if so was the next step taken and is this miscounting bug fixed? Also recently in an attempt to keep a box at -current there occurred a kernel/userland mismatch that caused pf not to load on reboot after installing the kernel (everything was fine after building userland). I'm fairly certain trying to bring a box dated OpenBSD 5.4-current (GENERIC.MP) #5: Wed Jan 1 14:21:45 EST 2014 will have the same issue. If I attempt to do this remotely will I still be able to shell in in order to update userland (even though with no pf there is no nat and therefore access to/from the inside network will not be possible) after rebooting into the new kernel? Or might it be safe to build userland before rebooting into the new kernel? Thank you, Chris
libpthread fifo fdlock
Hi misc@, From http://marc.info/?l=openbsd-cvsm=133217901415880w=2 The ``sleep until we have a writer'' behaviour of an open() on a fifo does so with the file descriptor table locked, so if we are waiting for another thread to be our writer we will hang forever. Found this using zotero and firefox. This behavior indeed hangs latest FF+Zotero. Is it fixable? Thanks, Jack
Re: libpthread fifo fdlock
On Sun, Jan 26, 2014 at 03:44:14PM -0500, ido...@gmail.com wrote: Hi misc@, From http://marc.info/?l=openbsd-cvsm=133217901415880w=2 The ``sleep until we have a writer'' behaviour of an open() on a fifo does so with the file descriptor table locked, so if we are waiting for another thread to be our writer we will hang forever. Found this using zotero and firefox. This behavior indeed hangs latest FF+Zotero. Is it fixable? I've been running into this recently myself. What makes this worse, is that the process isn't even killable. Guenther tried to fix this, but it got backed out: http://anoncvs.estpak.ee/cgi-bin/cgit/openbsd-src/commit/?id=d8a387a9a09560b65562bc317ad63427bc9cb819 I was trying to look into this, but ran out of time :-( A workaround might be to patch either zotero or firefox, to open the fifo with O_RDWR instead of O_WRONLY. This way it won't block in open(). Here's my test program to trigger the issue. #include err.h #include fcntl.h #include stdio.h #include stdlib.h #include unistd.h #include pthread.h #include sys/types.h void * open_thread(void *threadid) { int fd; sleep(1); /* delay to let main run into FIFO open first */ printf(before open in thread\n); if ((fd = open(/tmp/regfile, O_CREAT| O_RDWR, 0600)) 0) err(1, open); printf(after open in thread\n); close(fd); pthread_exit(NULL); } int main(int argc, char** argv) { int fd; pthread_t thread; long t; if (pthread_create(thread, NULL, open_thread, (void *)t) != 0) err(1, pthread_create); mkfifo(/tmp/block.fifo, 0600); printf(before blocking open in main\n); if ((fd = open(/tmp/block.fifo, O_WRONLY)) 0) err(1, open); printf(after blocking open in main\n); close(fd); pthread_exit(NULL); exit(0); }
Re: dead disk
On Sun, Jan 26, 2014 at 11:40 AM, emigrant emig...@gmail.com wrote: My Master machine is dead, exactly HDD(thank you God for CARP+pfsync) :). root@master[/etc]wd0(pciide0:0:0): timeout type: ata c_bcount: 16384 c_skip: 0 ... /: got error 5 while accessing filesystem panic: softdep_deallocate_dependencies: unrecovered I/O error Stopped at Debugger+0x4: popl%ebp RUN AT LEAST 'trace' AND 'ps' AND INCLUDE OUTPUT WHEN REPORTING THIS PANIC! DO NOT EVEN BOTHER REPORTING THIS WITHOUT INCLUDING THAT INFORMATION! ddb This is a fundamental problem of softdeps:it can delay an operation to a point where other operations depend on it in a such a way that if the I/O for that first operation fails, the dependent operations cannot be undone and the failure propagated up safely. Rather than live a lie, it'll panic the system and die. I don't know exactly which operations can lead to that; if you need to know that you should go read the softdeps papers on Kirk McKusick's site. Philip Guenther