Re: poor network performance after wake from suspend
On Fri, Sep 26, 2014 at 11:46:04AM +0400, Кирилл wrote: Hello. After apm -z and wake by wol (re0) sometimes machine becomes very slow on network operations (even ssh!) Help, please. Here is dmesg and ifconfig: ... snip ... re0: watchdog timeout Do you see only one of these watchdog timeouts or a bunch? And does this problem happen with non-WOL wakeups? -ml ifconfig re0 re0: flags=108843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,WOL mtu 1500 lladdr 00:21:85:52:d5:ea priority: 0 groups: egress media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::221:85ff:fe52:d5ea%re0 prefixlen 64 scopeid 0x1 inet 192.168.1.4 netmask 0xff00 broadcast 192.168.1.255
Re: poor network performance after wake from suspend
22 octobre 2014 09:30 Mike Larkin mlar...@azathoth.net a écrit: On Fri, Sep 26, 2014 at 11:46:04AM +0400, Кирилл wrote: Hello. After apm -z and wake by wol (re0) sometimes machine becomes very slow on network operations (even ssh!) Help, please. Here is dmesg and ifconfig: ... snip ... re0: watchdog timeout Do you see only one of these watchdog timeouts or a bunch? And does this problem happen with non-WOL wakeups? -ml ifconfig re0 re0: flags=108843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,WOL mtu 1500 lladdr 00:21:85:52:d5:ea priority: 0 groups: egress media: Ethernet autoselect (100baseTX full-duplex) status: active inet6 fe80::221:85ff:fe52:d5ea%re0 prefixlen 64 scopeid 0x1 inet 192.168.1.4 netmask 0xff00 broadcast 192.168.1.255 Hi, i have the same problem with a LENOVO Thinkpad T440 (em0) and an OpenBSD 5.5 amd64 install. The network became suddenly very slow after wake from suspend and i can see multiple in dmesg: em0: watchdog timeout I didn't try WOL wake up so i can say it happens after a normal resume.
Re: poor network performance after wake from suspend
On 2014 Oct 22 (Wed) at 08:31:29 + (+), Com??te wrote: :22 octobre 2014 09:30 Mike Larkin mlar...@azathoth.net a ??crit: : On Fri, Sep 26, 2014 at 11:46:04AM +0400, wrote: : : Hello. : After apm -z and wake by wol (re0) sometimes machine becomes very slow on : network operations (even ssh!) : Help, please. : Here is dmesg and ifconfig: : : ... snip ... : : re0: watchdog timeout : : Do you see only one of these watchdog timeouts or a bunch? : : And does this problem happen with non-WOL wakeups? : : -ml : : ifconfig re0 : re0: flags=108843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,WOL mtu 1500 : lladdr 00:21:85:52:d5:ea : priority: 0 : groups: egress : media: Ethernet autoselect (100baseTX full-duplex) : status: active : inet6 fe80::221:85ff:fe52:d5ea%re0 prefixlen 64 scopeid 0x1 : inet 192.168.1.4 netmask 0xff00 broadcast 192.168.1.255 : :Hi, : :i have the same problem with a LENOVO Thinkpad T440 (em0) and an OpenBSD 5.5 amd64 install. :The network became suddenly very slow after wake from suspend and i can see multiple in dmesg: : :em0: watchdog timeout : :I didn't try WOL wake up so i can say it happens after a normal resume. : FWIW, I don't see this on my Thinkpad x240 (em), nor on my Thinkpad T430s (also em). -- You have junk mail.
Re: Why .cshrc and .profile in / ?
On 2014-10-20 Mon 11:32 AM |, worik wrote: In a fresh(ish) OpenBSD installation I note .cshrc and .profile in /. Rename them to /.cshrc~ /.profile~ and see what breaks... I always delete them due to having /etc/{profile,csh.cshrc,csh.login} install.site (http://www.openbsd.org/faq/faq4.html#site): cd / rm .cshrc .profile # Tidy up /root cd /root rm .klogin .Xdefaults .profile .cshrc .login ... .. cd /etc cat rc.firsttime.run rc.firsttime And this in rc.firsttime(8): ... .. cd /etc ... .. # Tidy skel/ grep -v '^set path = ' skel/.cshrc | grep -v 'set mail = ' csh.cshrc cat skel/.login csh.login rm skel/{.Xdefaults,.cshrc,.login,.mailrc,.profile} chmod 700 skel ... .. PATH, MAIL umask are defined once in /etc/login.conf - for all shells. # /etc/profile: [[ -o interactive ]] { [[ ${SHELL} == '/bin/ksh' ]] . /etc/ksh.kshrc [[ ${SHELL} == '/bin/rksh' ]] . /etc/ksh.kshrc 2/dev/null [[ -x /usr/bin/tset ]] { [[ -n ${XTERM_VERSION} ]] I='I' eval $(/usr/bin/tset -${I}sQ '-munknown:?vt220' ${TERM}) } } [[ -f /etc/proxy.conf ]] . /etc/proxy.conf
Re: Keyboard through IPMI lag/skipping keys
Replying on-list to an off-list email. Are you suggesting that I run a 9pin serial port to the machine for console admin? That is one option, and if you can do it, it's a simple and pretty trustworthy way to do things, whereas the embedded system handling IPMI is...not great ;-) However that's not what I was suggesting here. First off, as mentioned in my earlier post; I very strongly recommend using the dedicated lan port and a private network, or at least plugged into a switch port that's on a management vlan. These devices are absolutely not suitable for being exposed to internet traffic. An aside ... Default credentials on the supermicros are ADMIN/ADMIN. On the ones I have seen recently, if you do not connect up the management network port, *BY DEFAULT THEY RUN MANAGEMENT ON THE FIRST _MAIN_ NETWORK PORT* with the well known and simple password. (I mention this specifically as some readers may think IPMI is a risk and should be ignored - wrong - in this case it is a risk and must be handled, so better to describe a bit more :-) To change the lan port, on mine, you need to connect to the controller with the java crapware and there's an option to use the dedicated lan port only. Why A) this isn't the default anyway, and B) you can't do this and change the password from the bios setup screen, is a mystery. ... so, back to serial over lan. You can redirect a serial port so instead of being routed to a physical port on the motherboard, is routed to the IPMI BMC (controller), which allows you to access it over the network. No physical serial port is used. Apart from sidestepping the laggy keyboard problem on some systems, this also lets you copy kernel messages in text form, scrollback, etc. Speaking for the X10 series (earlier ones and other vendor BIOSes will be somewhat similar) you go to super IO configuration, serial port 1 configuration and set serial port 2 attribute [sic; consistency is not a strong point!] to SOL. Then in serial port console redirection set COM2/SOL to enabled and go to settings, set the speed (I would use 115200), and in X10* there's a silly 100x31 console option that I disable. Make sure redirection after POST is at least set to boot loader (on X10* it's ok to use always enable, on some other systems it must be set to boot loader only). There's also a Windows EMS option which I ignore. (doesn't apply to OP but for the benefit of anyone else reading who didn't set up the IPMI BMC, configure network on that too). The above is enough to get BIOS screens and the boot loader showing up, and you can check that in various ways. If you have a machine (Windows etc) that can fully run the java extensions, you can access SOL over the web interface or via IPMIView. If you have the standard open-source ipmitool installed you can ipmitool -I lanplus -H % -U ADMIN -P ADMIN sol activate (I run this from conserver to manage multi-user access and to log output in case of kernel crashes). Or you can ssh to the BMC - expect it to be slow to connect - and type start /system1/sol1 (this command is common to most BMCs). On mine you use [cr] [esc] T to exit this mode (this sequence is likely to differ between BMCs). (I can also start /system1/pwrmgtsvc1 and stop /system1/pwrmgtsvc1 to turn the machine on/off - for some other vendors just start /system1 works, or maybe something else; dig around with show / cd / help. Usually less hassle than the web interface).. When you've confirmed you can see the BIOS screens you can try the OpenBSD side - for a test just type stty com1 115200 and set tty com1 at the boot loader prompt, and boot, you should see boot messages appear on the sol. You won't get a login prompt at the end yet. If that works OK you can add stty com1 115200 and set tty com1 to /etc/boot.conf and enable a getty (login prompt) on the port by editing /etc/ttys (change tty01 to std.115200 and vt220 on secure). Since OpenBSD doesn't have dual serial+tty consoles, you won't see much on the monitor after rebooting with that in boot.conf - if you need to skip this, hold ctrl down during boot (specifically, it needs to be down at the point where the boot loader starts up), this tells the boot loader not to load boot.conf.
Re: poor network performance after wake from suspend
22 octobre 2014 10:40 Peter Hessler phess...@theapt.org a écrit: On 2014 Oct 22 (Wed) at 08:31:29 + (+), Com??te wrote: :22 octobre 2014 09:30 Mike Larkin mlar...@azathoth.net a ??crit: : On Fri, Sep 26, 2014 at 11:46:04AM +0400, wrote: : : Hello. : After apm -z and wake by wol (re0) sometimes machine becomes very slow on : network operations (even ssh!) : Help, please. : Here is dmesg and ifconfig: : : ... snip ... : : re0: watchdog timeout : : Do you see only one of these watchdog timeouts or a bunch? : : And does this problem happen with non-WOL wakeups? : : -ml : : ifconfig re0 : re0: flags=108843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,WOL mtu 1500 : lladdr 00:21:85:52:d5:ea : priority: 0 : groups: egress : media: Ethernet autoselect (100baseTX full-duplex) : status: active : inet6 fe80::221:85ff:fe52:d5ea%re0 prefixlen 64 scopeid 0x1 : inet 192.168.1.4 netmask 0xff00 broadcast 192.168.1.255 : :Hi, : :i have the same problem with a LENOVO Thinkpad T440 (em0) and an OpenBSD 5.5 amd64 install. :The network became suddenly very slow after wake from suspend and i can see multiple in dmesg: : :em0: watchdog timeout : :I didn't try WOL wake up so i can say it happens after a normal resume. : FWIW, I don't see this on my Thinkpad x240 (em), nor on my Thinkpad T430s (also em). -- You have junk mail. I forgot to tell, i mainly use it with the dock.
Re: Why .cshrc and .profile in / ?
Hi Craig, Craig R. Skinner wrote on Wed, Oct 22, 2014 at 10:47:40AM +0100: On 2014-10-20 Mon 11:32 AM |, worik wrote: In a fresh(ish) OpenBSD installation I note .cshrc and .profile in /. Rename them to /.cshrc~ /.profile~ and see what breaks... I always delete them due to having /etc/{profile,csh.cshrc,csh.login} That is not necessarily be good advice, depending on the circumstances, and depending on what you put into the files below /etc. You may only see what breaks when it is too late. The purpose of the shell dot files in / is to have safe fallbacks when the home directory of a non-privileged user logging in is currently unavailable. That may for example happen when /home is on NFS, or when the disk containing it is physically broken or just happens to be unmounted. Yours, Ingo
Re: Keyboard through IPMI lag/skipping keys
On 10/22/14 12:18, Stuart Henderson wrote: Since OpenBSD doesn't have dual serial+tty consoles, you won't see much on the monitor after rebooting with that in boot.conf - if you need to skip this, hold ctrl down during boot (specifically, it needs to be down at the point where the boot loader starts up), this tells the boot loader not to load boot.conf. For me this is the only problem of adopting your solution. We need the ability for people to eventually access the machine locally (with its monitor and keyboard) and see what is the situation. Do you know of any work been done on solving this limitation and allowing a double access to the machine (via SOL and via local monitor/keyboard)? Thanks. P.S. Thank you for this email, I found it very very useful. Thanks again!
libressl
Hi, Since we are already go with re-engineering of openssl becoming libressl, why not provide some clean and intuitive interface instead of that crap openssl(1) is? For example ressl(1) would be the new high level interface with very few selected frequently used functions, and openssl(1) with low level interface as it is now -- With best regards, Gregory Edigarov
Re: libressl
2014-10-22 16:33 GMT+02:00 Gregory Edigarov ediga...@qarea.com: openssl(1) is? For example ressl(1) would be the new high level interface with very few selected frequently used functions, and openssl(1) with low level interface as it is now http://www.openbsd.org/papers/eurobsdcon2014-libressl.html Best Martin
Re: quotas grace period none right away
Hello Otto, Monday, October 6, 2014, 10:42:32 AM, you wrote: OM Yeah. Have something similar in my tree. If -Wall is happy, so am I. OM Does it explain 5.4 problems though. OM I did not manage to reproduce those so far. It looks like the time_t patch is applicable to 5.5 (and later) only. Am I wrong? Is there going to be any (further) development about that bug in 5.4? -- Best regards, Borismailto:bo...@twopoint.com
Tor and Polipo
Hi, Does anyone know what's wrong with my Tor + Polipo setup? So far I've done `pkg_add tor pkg_add polipo`, uncommented `socksParentProxy` and `socksProxyType` in `/etc/polipo/config` and then `/etc/rc.d/tor start /etc/rc.d/polipo start`. However I'm still getting connection refused for 10.0.0.5:9050 / 10.0.0.5:9150. Thanks! O.D.
Re: Tor and Polipo
On Wed, Oct 22, 2014 at 5:12 PM, openda...@hushmail.com wrote: Hi, Does anyone know what's wrong with my Tor + Polipo setup? So far I've done `pkg_add tor pkg_add polipo`, uncommented `socksParentProxy` and `socksProxyType` in `/etc/polipo/config` and then `/etc/rc.d/tor start /etc/rc.d/polipo start`. However I'm still getting connection refused for 10.0.0.5:9050 / 10.0.0.5:9150. Thanks! O.D. What about proxyAddress and allowedClients ? Ciao, David -- If you try a few times and give up, you'll never get there. But if you keep at it... There's a lot of problems in the world which can really be solved by applying two or three times the persistence that other people will. -- Stewart Nelson
Re: libressl
Gregory Edigarov [ediga...@qarea.com] wrote: Hi, Since we are already go with re-engineering of openssl becoming libressl, why not provide some clean and intuitive interface instead of that crap openssl(1) is? For example ressl(1) would be the new high level interface with very few selected frequently used functions, and openssl(1) with low level interface as it is now Umm..What do you imagine this new ressl utility will do? There are a lot of examples of how to do very specific things with the openssl command line utility on the web today. Why is another utility, one with less features, why is it necessary?
Re: libressl
On 10/22/14 21:27, Chris Cappuccio wrote: Gregory Edigarov [ediga...@qarea.com] wrote: Hi, Since we are already go with re-engineering of openssl becoming libressl, why not provide some clean and intuitive interface instead of that crap openssl(1) is? For example ressl(1) would be the new high level interface with very few selected frequently used functions, and openssl(1) with low level interface as it is now Umm..What do you imagine this new ressl utility will do? There are a lot of examples of how to do very specific things with the openssl command line utility on the web today. Why is another utility, one with less features, why is it necessary? Yes, there are a lot of such examples, and these examples are only necessary and exist because openssl(1) interface is a crap. I do not believe OpenBSD is about such a crap. Instead, I think OpenBSD is about providing a clean and good engineered interfaces, to mostly eliminate the need for a lot of examples of how to do very specific things with the openssl command line utility (C). something like: ressl generate privkey ressl generate csr ressl sign etc. --
Re: libressl
On 10/22/14 21:27, Chris Cappuccio wrote: Gregory Edigarov [ediga...@qarea.com] wrote: Hi, Since we are already go with re-engineering of openssl becoming libressl, why not provide some clean and intuitive interface instead of that crap openssl(1) is? For example ressl(1) would be the new high level interface with very few selected frequently used functions, and openssl(1) with low level interface as it is now Umm..What do you imagine this new ressl utility will do? There are a lot of examples of how to do very specific things with the openssl command line utility on the web today. Why is another utility, one with less features, why is it necessary? Yes, there are a lot of such examples, and these examples are only necessary and exist because openssl(1) interface is a crap. I do not believe OpenBSD is about such a crap. Instead, I think OpenBSD is about providing a clean and good engineered interfaces, to mostly eliminate the need for a lot of examples of how to do very specific things with the openssl command line utility (C). something like: ressl generate privkey ressl generate csr ressl sign Those examples you speak of are... there is a better word. They are recipes. Changing to a whole new commandline will not help anyone.
multiple calls to OpenSSL_add_all_algorithms
Hello misc@, I'm currently trying to write a library that heavily relies on libcrypto. Because I don't want applications linking to it, to have to call OpenSSL_add_all_algorithms, for convenience, I added those calls to the appropriate places in my library. Because of this nature, the function is called multiple times, and even if I shielded it within my library it could still be called outside of it by an application using my library. On AMD64 (OpenBSD 5.5-stable) this hasn't given me any problems yet, but as soon as I run my code on i386 (5.6-current) it crashes with the following trace: #0 obj_name_LHASH_COMP (arg1=0x0, arg2=0x857b7630) at /usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/objects/o_names.c:97 #1 0x0e91190c in getrn (lh=0x867d0380, data=0x857b7630, rhash=Variable rhash is not available. ) at /usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/lhash/lhash.c:419 #2 0x0e911c92 in lh_insert (lh=0x867d0380, data=0x857b7630) at /usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/lhash/lhash.c:192 #3 0x0e8a0852 in OBJ_NAME_add (name=0x2e800aac aes-256-cfb, type=2, data=0x2e815360 \001) at /usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/objects/o_names.c:181 #4 0x0e8a0149 in EVP_add_cipher (c=0x2e815360) at /usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/evp/names.c:80 #5 0x0e8384f3 in OpenSSL_add_all_ciphers () at /usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/evp/c_allc.c:183 #6 0x0e8357bc in OPENSSL_add_all_algorithms_noconf () at /usr/src/lib/libcrypto/crypto/../../libssl/src/crypto/evp/c_all.c:76 I'm aware that the OpenSSL_add_all_algorithms(3) says: A typical application will call OpenSSL_add_all_algorithms() initially and EVP_cleanup() before exiting. but it doesn't explicitly says that it can only be called ones without causing problems. Could anyone tell me if this kind of use of this function is the undefined behaviour area that I should avoid or if this is a bug? If it is grey area that should be avoided, what is the recommended way to initialise ciphers and digests from within the library without risking crashes from initialization from within an application? I do use EVP_get_{cipher,digest}bynid(3), so all ciphers and digests need to be available. Sincerely, Martijn van Duren
Re: Tor and Polipo
On 22. oktober 2014 at 3:55 PM, Dawe dawed...@gmx.de wrote: I think you have to configure proxyAddress if you want polipo to listen on more than localhost: # Uncomment one of these if you want to allow remote clients to # connect: # proxyAddress = ::0# both IPv4 and IPv6 # proxyAddress = 0.0.0.0# IPv4 only If you use one machine for everything, you should point your browser proxy config at 127.0.0.1:8123 Hi, I'm still getting connection refused when trying to connect: ./my_text_browser --proxy 127.0.0.1:8123 --tor-control 127.0.0.1:9151 ./my_text_browser --proxy 10.0.0.5:8123 --tor-control 10.0.0.5:9151 I'm using one machine for everything (my OpenBSD VirtualBox at 10.0.0.5). Here's my current settings from `/etc/polipo/config`: # proxyAddress = 10.0.0.5 proxyAddress = 127.0.0.1 allowedClients = 127.0.0.1 socksParentProxy = localhost:9050 socksProxyType = socks5 Both Tor and Polipo seems to have started successfully according to `/var/log/messages`. Thank you! O.D.
Re: ViewVC
Hi Misc, I am resurrecting this 4 months old thread to leave electronic trace to people who find themselves trying to install ViewVC on OpenBSD. After four months of trying to adjust number of kernel file descriptors to compensate for the memory leak of the built in Python web server which comes with ViewVC I throw in the towel and migrated the ViewVC to stock Apache server # uname -a OpenBSD svnhub.int.autonlab.org 5.5 GENERIC.MP#315 amd64 To get ViewVC to work I have done the following: 1. Install www/mod_scgi devel/subversion lang/python/2.7 textproc/py-pygments devel/cvsgraph Note I didn't bother to create commit database. 2. Download ViewVC from a website and install using ./viewvc-install script. The only input viewvc-install expect is the location where binaries have to be installed in our case proabably /usr/local/bin/viewvc is appropriate location. 2. Enable mod_scgi by running a script (please see the package message) 3. Edit /var/www/conf/httpd.conf the line LoadModule scgi_module/usr/lib/apache/modules/mod_scgi.so should be present after you run the script from mod_scgi installation message. Remove the default ScriptAlias and add ScriptAlias /viewvc /usr/local/bin/viewvc-1.1.22/bin/cgi/viewvc.cgi ScriptAlias /query /usr/local/bin/viewvc-1.1.22/bin/cgi/query.cgi Note that I kept the name viewvc with the version of the program Replace Directory /var/www/cgi-bin with Directory /usr/local/bin/viewvc-1.1.22/bin/cgi 4. vi /usr/local/bin/viewvc-1.1.22/viewvc.conf specify CVS root in my case cvs_roots = CVS: /var/CVS specify Subversion root_parents in my case root_parents = /var/svn/svnrepos: svn optional enable_syntax_coloration = 1 use_cvsgraph = 1 cvsgraph = /usr/local/bin/cvsgraph 5. Make sure ViewVC has read access to CVS repositories. 6. Finally use flag -u to run Apache since otherwise be ready to put Perl, Python and ten other things into chroot. It is just not worth the effort IMHO for something I run internally. Cheers, Predrag Punosevac