Re: Cgi shell script in httpd

[Ingo Schwarze]

Hi Jordon,

Jordon wrote on Sun, Dec 31, 2017 at 09:29:05PM -0600:

> I thought it would be nice to create a shell script with the old name
> that would spit out a simple page saying the name changed and providing
> a link to the new cgi app.  I made the shell script but for the life of
> me cannot get it to work.  Is this allowed/supported in httpd?
> If so, any idea what I could be missing?

You are providing no information whatsoever, so let me try a shot in
the utter dark and hope i don't hit any of the cats on your couch:

Maybe you are running httpd(8) chroot(2)ed but don't have any sh(1)
binary in the chroot?  That's a common error.

By the way, putting a shell binary in a chroot (or any other
interpreter for that matter, like PHP) is an ugly thing to do, so
a good alternative might be to write the redirect CGI program in C
as well (which you already managed to do for something more
complicated), or even simpler, make it a static HTML page and tell
httpd.conf(5) with location { no fastcgi } and types { } to simply
serve it as text/html, even if the name ends in *.cgi or something
like that.

Yours,
  Ingo

Cgi shell script in httpd

[Jordon]

Over the last few days I have been learning the BCHS approach at web design.  I 
am not a web designer (i had to learn CSS as part of this!) but have enjoyed 
this little adventure.  My goal was to make an web interface to view data that 
i provide in a c++ library and so far i have been pretty successful.
In doing some cleaning up and reorganizing, i have renamed the cgi program.  I 
thought it would be nice to create a shell script with the old name that would 
spit out a simple page saying the name changed and providing a link to the new 
cgi app.  I made the shell script but for the life of me cannot get it to work. 
 Is this allowed/supported in httpd?  If so, any idea what I could be missing?

Re: gcc-4.9.4 package build signal 11 [Segmentation fault] on Ubiquiti Unifi Security Gateway

[Diana Eichert]

Since the default kernel is single proc I've reverted to GENERIC bsd and 
I'm still having issues building package.


I'm wondering if the system is to resource constrainted.  Do you know 
which system was used to build octeon release?


thanks

On Sat, 30 Dec 2017, Visa Hankala wrote:


On Fri, Dec 29, 2017 at 09:01:06PM -0700, Diana Eichert wrote:

Hi misc@ long time since I posted

collect2: error: ld terminated with signal 11 [Segmentation fault]

while building gcc-4.9.4 package on Ubiquiti Unifi Security Gateway

I'm running 12/22/2017 octeon snapshot, bsd.mp GENERIC.MP kernel.

System built 109 packages before Seg Fault when building gcc-4.9.4

When posting dmesg I just noticed all the "write failed: errno 14" messages


There are SMP-related bugs in the low-level machine-dependent memory
management code. The current workaround is to restart the build.

6.2 song?

[Tom Smyth]

Hi all, happy new year...


Above my pay grade... but  I did go to sleep thinking about Dancing in
the Dark ...  THought of KARL ASLR and thought ... this might just
work...  for a song...

Ode to KARL

Some OS get up in the evening, and they ain't got nothing to say
they come home in the morning, they go to bed feeling the same way
they ain't nothing but tired, man the're just tired and bored with themselves
Hey there baby, they could use just a little help
[Chorus:]
You can't start a fire, you can't start a fire when you dont know where to start
there are gun's for hire but we leave them dancing in the dark

Message just keep getting clearer, radio's on and I'm moving mem round my place
I check my look in the mirror i reboot to change my clothes my hair my face
Man they ain't getting nowhere they can just go through my dump like this
There's something happening somewhere.. they just dont know where that is :)

[Chorus:]

You sit around getting older there's a joke here somewhere and it's on them
I'll shake this world off my shoulders come on baby the laughs on me
Stay on the streets of this town and they'll try carving you up alright
They say you got to stay hungry hey baby I'm just about starving tonight
I'm dying for some action I'm sick of sitting 'round here trying to write
This code
I need a love reaction come on baby give me just one look

The following words need to be modifed to be made relevant .

[Chorus:]
You can't start a fire, sittin' 'round cryin' over a broken heart
This gun's for hire even if we're just dancing in the dark

You can't start a fire, worryin' about your little world falling apart
This gun's for hire even if we're just dancing in the dark

Even if we're just dancing in the dark
Even if we're just dancing in the dark
Even if we're just dancing in the dark

Hey baby!

6.2 song?

[Jungle Boogie]

Hi All,

There's only a few more hours remaining in 2017, at least in my time
zone, are we going to get the 6.2 song before then?

https://www.openbsd.org/62.html

Thanks and happy new year!

Re: Addblock + Badhost blocking via unbound(8) and pf anchors

[Jordan Geoghegan]

Hi Freddy,

I just ran some further benchmarks between your first and second script, 
compared to mine, and again similar results were found. Your second 
script was significantly faster than the first, but still didn't match 
the grep-piped-into-awk config.


This shouldn't be the case though. I did further testing on my PowerMac 
G4 500Mhz workstation running 6.2, which I chose because I thought a 
single core ppc G4 500Mhz vs a mips64 dual core 500Mhz would be a pretty 
epic showdown. I ran each script twice and wrote the output to /dev/null 
to ensure disk I/O wasn't a factor. The StevenBlack hosts file has on 
average ~47,000 lines including comments.


The results were somewhat surprising:

The G4 cranked out the scripts with these times:

*Your 1st script: an average of 1.415 seconds**
*

*Your 2nd script: an average of 0.54 seconds*

*My script: an average of 1.71 seconds*


This clearly shows things the way they are supposed to be, with my 
script being grossly inefficient and yours being clearly superior. See 
below for the times on the Edgerouter Lite:


(Note: All tested times are slower than previous results from last email 
due to the machine being under a modest network load during testing. 
Load remained consistent due to it being a long running slow 5 megabit 
bulk network transfer it was routing. This was unavoidable due to it 
being a production machine.)


*Your first script came in at an average of 20.8 seconds*

*Your second script came in at an average of 13.75 seconds *

*And my script came in at an average of 10.25 seconds. *

These results are shockingly poor compared to a G4 of the same clock 
speed. The leads me to believe there may be some Octeon specific 
inefficiencies at play here, namely floating point. None of the 
Edgerouter units have an FPU I believe ( I know for sure the Lite 
doesn't) and I am wondering if awk makes heavy use of floating point, 
and thus it having to abuse the emulated fpu? During the all awk 
scripts, the ERLite becomes cpu bound on 1 core.


It would be awesome if an awk guru here could confirm whether awk makes 
heavy use of the fpu.


If this is indeed the case, then the PowerPC would have an extreme 
advantage with its beefy AltiVec unit.


So I suppose for those folks running my addblocking scripts, it would be 
wise to use Freddy Dissaux's all awk hostfile conversion method  if 
you're running a more conventional architecture. It would be great if 
someone here could post some test results on an arm64 board!


I am now very curious to see how Perl compares against these results. I 
hope I can find the time to play around with making a nice optimized 
script.



On 12/31/17 03:41, Freddy DISSAUX wrote:

Hello Jordan,


I have tried using all awk for the script before, but I find piping the
grep output into awk to be 2-3x faster on the Edgerouter Lite. I just
ran some timed tests for your script against mine on the ErLite, and I
got similar results, with my script completing in ~6 seconds against the
StevenBlack hosts file, and yours at ~14 seconds. This may not be the
case on more conventional architectures. I am considering rewriting the
script in Perl to see if that runs any faster.


Could you try

awk 'BEGIN { OFS = "" } NF == 2 && $1 == "0.0.0.0" { print "local-zone: \"", $2, "\" redirect"; print 
"local-data: \"", $2, " A 0.0.0.0\"" }' hosts > ads.conf

If i understand my tests, 2 print without concat are faster than
1 print with concat (and faster than 1 printf)


cat hosts | grep '^0\.0\.0\.0' | awk '{print "local-zone: \""$2"\" redirect\nlocal-data: 
\""$2" A 0.0.0.0\""}' > ads.conf

UUOC:

grep '^0\.0\.0\.0' host | awk '{print "local-zone: \""$2"\" redirect\nlocal-data: \""$2" A 
0.0.0.0\""}' > ads.conf


Regards,

Re: gcc-4.9.4 package build signal 11 [Segmentation fault] on Ubiquiti Unifi Security Gateway

[Janne Johansson]

2017-12-30 5:01 GMT+01:00 Diana Eichert :

> Hi misc@ long time since I posted
>
> collect2: error: ld terminated with signal 11 [Segmentation fault]
>
> while building gcc-4.9.4 package on Ubiquiti Unifi Security Gateway
>
> I'm running 12/22/2017 octeon snapshot, bsd.mp GENERIC.MP kernel.
>
> System built 109 packages before Seg Fault when building gcc-4.9.4
>
>
I think I got those on my Octeon also, but I thought gcc had figured out a
way to drive my
box into swap and die so I just stopped trying to build gcc from ports.


-- 
May the most significant bit of your life be positive.

Re: adsuck

[Rupert Gallagher]

You will be happier by simply feeding the blacklist to unbound.

Re: Broadcast/Multicast & NTP - CAPWAP

[Patrick Dohman]

> On Dec 30, 2017, at 7:06 PM, Philip Guenther  wrote:
> 
> 
> Uh, no.
> 
> Frankly, this sounds like grasping at straws; you need to pause and 
> actually write down *testable* details before trying to come up with
> (more) hypotheses.  As I wrote before:
> 
>>> If the latter, then you should take it down a level and describe what you 
>>> tried to do, what you expected to see "on the wire/in the air", and what 
>>> you _actually_ saw there?
> 

I’ll go ahead update the Wi-Fi password & see if that makes things worse.
Regards
Patrick

Re: OpenBSD 6.2 and 6.1 on Proxmox 5.1 irratic ping interval sluggish timer

[Tom Smyth]

Hello
I have tried acpitimer0 but this does not seem to help with the
irratic sleep timer,
as you can see the delay in the sleep timer
seems to be progressive, as the uptime gets longer the
delay gets worse

I hope this helps,

date;sleep 1;date;uptime
Sun Dec 31 11:54:47 GMT 2017
Sun Dec 31 11:54:48 GMT 2017
11:54AM  up 7 mins, 2 users, load averages: 0.00, 0.01, 0.00

# date;sleep 1;date;uptime
Sun Dec 31 13:43:37 GMT 2017
Sun Dec 31 13:43:44 GMT 2017
 1:43PM  up  1:56, 2 users, load averages: 0.42, 0.36, 0.22

# sysctl kern.timecounter
kern.timecounter.tick=1
kern.timecounter.timestepwarnings=0
kern.timecounter.hardware=acpitimer0
kern.timecounter.choice=i8254(0) acpihpet0(1000) acpitimer0(1000)
dummy(-100)

# dmesg
OpenBSD 6.2 (RAMDISK_CD) #132: Tue Oct  3 21:26:51 MDT 2017
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
real mem = 4278042624 (4079MB)
avail mem = 4144635904 (3952MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf68e0 (10 entries)
bios0: vendor SeaBIOS version
"rel-1.10.2-0-g5f4c7b1-prebuilt.qemu-project.org" date 04/01/2014
bios0: QEMU Standard PC (i440FX + PIIX, 1996)
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC HPET SRAT
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU X5650 @ 2.67GHz, 534.12 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,SSSE3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ARAT
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB
64b/line 16-way L2 cache
cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: apic clock running at 1000MHz
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu at acpi0 not configured
"ACPI0006" at acpi0 not configured
"PNP0F13" at acpi0 not configured
"PNP0700" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"QEMU0002" at acpi0 not configured
"ACPI0010" at acpi0 not configured
pvbus0 at mainbus0: KVM
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
"Intel 82371SB ISA" rev 0x00 at pci0 dev 1 function 0 not configured
pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
pciide0: channel 0 disabled (no drives)
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  ATAPI 5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 0 int 11
"Intel 82371AB Power" rev 0x03 at pci0 dev 1 function 3 not configured
vga1 at pci0 dev 2 function 0 "Bochs VGA" rev 0x02
vga1: aperture needed
wsdisplay1 at vga1 mux 1: console (80x25, vt100 emulation)
virtio0 at pci0 dev 5 function 0 "Qumranet Virtio SCSI" rev 0x00
vioscsi0 at virtio0: qsize 128
scsibus1 at vioscsi0: 255 targets
sd0 at scsibus1 targ 0 lun 0:  SCSI3 0/direct fixed
sd0: 4096MB, 512 bytes/sector, 8388608 sectors, thin
virtio0: msix shared
virtio1 at pci0 dev 18 function 0 "Qumranet Virtio Network" rev 0x00
vio0 at virtio1: address 7a:9d:0c:7a:8c:e6
virtio1: msix shared
ppb0 at pci0 dev 30 function 0 "Red Hat Qemu PCI-PCI" rev 0x00
pci1 at ppb0 bus 1
ppb1 at pci0 dev 31 function 0 "Red Hat Qemu PCI-PCI" rev 0x00
pci2 at ppb1 bus 2
usb0 at uhci0: USB revision 1.0
uhub0 at usb0 configuration 1 interface 0 "Intel UHCI root hub" rev
1.00/1.00 addr 1
isa0 at mainbus0
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay1
softraid0 at root
scsibus2 at softraid0: 256 targets
root on rd0a swap on rd0b dump on rd0b
syncing disks... done
rebooting...
OpenBSD 6.2 (GENERIC.MP) #134: Tue Oct  3 21:22:29 MDT 2017
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4278042624 (4079MB)
avail mem = 4141363200 (3949MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf68e0 (10 entries)
bios0: vendor SeaBIOS version
"rel-1.10.2-0-g5f4c7b1-prebuilt.qemu-project.org" date 04/01/2014
bios0: QEMU Standard PC (i440FX + PIIX, 1996)
acpi0 at bios0: rev 0
acpi0: sleep states S3 S4 S5
acpi0: tables DSDT FACP APIC HPET SRAT
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU X5650 @ 2.67GHz, 526.64 MHz
cpu0: 

Re: renice and network forwarding

[Tom Smyth]

Hi Lads,
Sorry for the delay some other project work got in my way
@martin Please find my responses to your queries in line


On 4 December 2017 at 10:09, Martin Pieuchot  wrote:
>
> The thread responsible for processing packets being forwarded is
> 'softnet'.  Like almost all others kernel threads is has a higher
> priority than userland processes.  So renice is useless in that case.
>
> This thread already uses as much CPU time as possible.  What is your
> problem?  What do you want to achieve?

I just wanted to squeeze more performance out of a router I thought
(wrongly)  that if OpenBSD out of the box was for general computing
 that some CPU
time would be sacrificed by default to accomodate general user loads,
Disk i/o  Graphics etc..
Thanks for the carlification about the kernel threads vs userland threads


>
> There's no such performance tweak.  However note that if you're
> bridging interfaces you might suffer.  That's because nobody did
> the work to take the bridge(4) out of the KERNEL_LOCK().  So it's
> a totally different issue than the forwarding path.

Yes Im using the Bridge to  bridge a group of individual vlan interfaces from
a wholesale provider and then merge them onto the one vlan interface.
so forwarding in bridge is limited by  performance of 1 CPU for bridge
forwarding

Just to clarify can I double performance by running 2 Bridges and splitting load
instead of using  1x  uplink bridged to 100 vlans  on one bridge
use  2x uplinks each into their own bridge and then each bridge with
50vlans each
would that provide improved performance or is it one thread / process
for bridge forwarding
regardless the number of bridges

>
>> Also is the softnet process (as seen by  command top -SH)  only
>> interrupt handling of packets ?
>
> It's processing all incoming packets.
>
Thanks
>>  or does it cover processing (e.g. forwarding if enabled ) (either
>> bridging or routing depending on network config)
>
> All of them but some configurations work better because they don't
> require to grab the KERNEL_LOCK().
>
>> any advice  welcome ...
>
> What do you want to achieve?  Better performances?  With which setup?
In this case Im simply using OpenBSD as a bridging devices to combine
(bridge) a load of vlans
into 1vlan, each vlan is isolated using pf to limit broadcast domains..

>
> Cheers,
> Martin



-- 
Kindest regards,
Tom Smyth

Mobile: +353 87 6193172
The information contained in this E-mail is intended only for the
confidential use of the named recipient. If the reader of this message
is not the intended recipient or the person responsible for
delivering it to the recipient, you are hereby notified that you have
received this communication in error and that any review,
dissemination or copying of this communication is strictly prohibited.
If you have received this in error, please notify the sender
immediately by telephone at the number above and erase the message
You are requested to carry out your own virus check before
opening any attachment.

Re: adsuck

[Stefan Wollny]

Am 12/28/17 um 23:58 schrieb Rupert Gallagher:
> The last update is 5 years old, and its blacklists are obsolete.
> 
> https://github.com/conformal/adsuck/tree/master/files
> 
> Sent from ProtonMail Mobile
> 

Hi Rupert,

you are quite right - the default blacklist from mvps is outdated. This
is why I weekly do the following (serves my requirements and speed is no
priority):

#!/bin/sh
#
# /home//Downloads/mvps must exist!
#
# clean up first:
rm -f /home//Downloads/mvps/*
#
cd /home//Downloads/mvps
wget -4 -nc --no-proxy --no-cache --no-cookies
http://winhelp2002.mvps.org/hosts.zip
unzip hosts.zip
#
dos2unix HOSTS
#
# no comments
egrep -v '^#' HOSTS > Hosts
#
# no empty lines
sed -n -i '/0\.0\.0\.0 /,$p' Hosts
#
# check if anything does _not_ go to 0.0.0.0
if [[ $(awk '{print $1}' Hosts | uniq) != '0.0.0.0' ]]; then
printf "mvps-hosts-File manipulated! Bye, bye! \n";
exit 1
fi
#
# Show the date of update in /etc/hosts
echo "## Updated: `date +%Y-%m-%d`" > hosts_date
#
# Replace all 0.0.0.0 with 127.0.0.1 (aka 'localhost')
sed 's/0.0.0.0/127.0.0.1/' Hosts > hosts.tmp
#
# build new hosts-file
cat hosts_date /home//hosts_private hosts.tmp > hosts
#
# Keep last hosts-file
doas cp /etc/hosts /etc/hosts.last
#
# Replace old with new hosts-file
doas cp hosts /etc/hosts
#
# Back to home
cd /home/
# reconnect with new hosts-file
print "reconnect NOW "
doas sh /etc/netstart



As I will give Jordan's solution a go I will check other blacklists as well.

Best,
STEFAN

OpenBSD 6.2 and 6.1 on Proxmox 5.1 irratic ping interval sluggish timer

[Tom Smyth]

Hello

when I the following commands in openbsd

date;sleep 1;date;uptime
I get the following output ads you can see there is a 20 second
delay instead of a 1 second delay
Sun Dec 31 11:22:15 GMT 2017
Sun Dec 31 11:22:35 GMT 2017
11:22AM  up 11:20, 2 users, load averages: 1.02, 0.99, 0.89


kern.timecounter.tick=1
kern.timecounter.timestepwarnings=0
kern.timecounter.hardware=acpihpet0
kern.timecounter.choice=i8254(0) acpihpet0(1000) acpitimer0(1000)
dummy(-100)


I will change the timecounter but on the previous version Proxmox it didnt help
The proxmox vm is a standard vm with hardware KVM enabled and Host CPU
presented to the VM... other hardware Storage, networking etc are
presented as virtio paravirtualised drivers

demsg output  below
OpenBSD 6.2 (GENERIC.MP) #134: Tue Oct  3 21:22:29 MDT 2017
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4278042624 (4079MB)
avail mem = 4141363200 (3949MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf68e0 (10 entries)
bios0: vendor SeaBIOS version
"rel-1.10.2-0-g5f4c7b1-prebuilt.qemu-project.org" date 04/01/2014
bios0: QEMU Standard PC (i440FX + PIIX, 1996)
acpi0 at bios0: rev 0
acpi0: sleep states S3 S4 S5
acpi0: tables DSDT FACP APIC HPET SRAT
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU X5650 @ 2.67GHz, 526.64 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,SSSE3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ARAT
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB
64b/line 16-way L2 cache
cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 1000MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Xeon(R) CPU X5650 @ 2.67GHz, 798.55 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,HTT,SSE3,PCLMUL,SSSE3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ARAT
cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB
64b/line 16-way L2 cache
cpu1: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu1: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins
acpihpet0 at acpi0: 1 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0: C1(@1 halt!)
acpicpu1 at acpi0: C1(@1 halt!)
"ACPI0006" at acpi0 not configured
"PNP0F13" at acpi0 not configured
"PNP0700" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"QEMU0002" at acpi0 not configured
"ACPI0010" at acpi0 not configured
pvbus0 at mainbus0: KVM
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00
pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
pciide0: channel 0 disabled (no drives)
atapiscsi0 at pciide0 channel 1 drive 0
scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0:  ATAPI 5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 0 int 11
piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03: apic 0 int 9
iic0 at piixpm0
vga1 at pci0 dev 2 function 0 "Bochs VGA" rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
virtio0 at pci0 dev 5 function 0 "Qumranet Virtio SCSI" rev 0x00
vioscsi0 at virtio0: qsize 128
scsibus2 at vioscsi0: 255 targets
sd0 at scsibus2 targ 0 lun 0:  SCSI3 0/direct fixed
sd0: 4096MB, 512 bytes/sector, 8388608 sectors, thin
virtio0: msix shared
virtio1 at pci0 dev 18 function 0 "Qumranet Virtio Network" rev 0x00
vio0 at virtio1: address 7a:9d:0c:7a:8c:e6
virtio1: msix shared
ppb0 at pci0 dev 30 function 0 "Red Hat Qemu PCI-PCI" rev 0x00
pci1 at ppb0 bus 1
ppb1 at pci0 dev 31 function 0 "Red Hat Qemu PCI-PCI" rev 0x00
pci2 at ppb1 bus 2
isa0 at pcib0
isadma0 at isa0
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
usb0 at uhci0: USB revision 1.0
uhub0 at usb0 configuration 1 interface 0 "Intel UHCI root hub" rev

Re: trunk0 link aggregation interface and PF rules not working

[Marcus MERIGHI]

den...@mindall.org (Denis), 2017.12.30 (Sat) 13:15 (CET):
> Trying to make aggregation using two wireless interfaces on OpenBSD 6.1
> amd64 but unsuccessful.
> 
> Both wireless interfaces successfully connects to its networks and have

these are different networks?

> DHCP assigned IP addresses.
> Both configs are listed below:
> 
> $ cat /etc/hostname.iwn0
> dhcp bssid BSSID_MAC nwid NWID wpa wpakey WPAKEY wpaprotos wpa2
> $ cat /etc/hostname.athn0
> dhcp bssid BSSID_MAC1 nwid NWID1 wpa wpakey WPAKEY1 wpaprotos wpa2

"dhcp" - but trunkport interfaces do not have the IP themselves!

> For trunk0 intefrace I have assigned different modes available while
> testing: failover, lacp, and loadbalance
> 
> $cat /etc/hostname.trunk0
> trunkproto failover trunkport iwn0 trunkport athn0 192.168.20.1 netmask
> 255.255.255.0
> #trunkproto lacp trunkport iwn0 trunkport athn0 192.168.20.1 netmask
> 255.255.255.0
> #trunkproto loadbalance trunkport iwn0 trunkport athn0 192.168.20.1
> netmask 255.255.255.0

do not assign an IP and run dhclient on trunk0!

> By PF I set trunk0 as an egress interface in PF instead of previously

PF does not set the egress interface, it just happens to know where the
default route points to

> used athn0 and iwn0 for outgoing traffic.
> 
> #cat /etc/pf.conf
> 
> ext_iftrunk0
> #ext_ifathn0
> #ext_ifiwn0

Where's the interesting part of pf.conf(5)?

> $cat /etc/sysctl.conf
> 
> net.inet.ip.forwarding=1
> #net.inet.ip.mforwarding=1
> #net.inet.ip.multipath=1

No need for that unless you use the machine with the two wireless
interfaces as a router.

> No traffic goes over trunk0, 

How is your system supposed to know you want your packets delivered via
trunk0? No route points towards it, exept the one for 192.168.20.1, I
suppose. Show the routes! (netstat -anrfinet)

> but all perfectly works if I reverse my PF config to iwn0 or athn0
> interfaces as egress ones.

PF just shows your problems, it is not the cause.

> Please give an advice what I'm doing wrong.

sorry to put it that bluntly, but read trunk(4), EXAMPLES:

# ifconfig em0 up
# ifconfig ath0 nwid my_net up
# ifconfig trunk0 trunkproto failover trunkport em0 trunkport ath0 \
192.168.1.1 netmask 255.255.255.0

The trunkport interfaces do not have an IP config. The trunkX has!

Happy new year, Marcus