Re: VMM 6.9amd64 host video acceleration

[Martin]

I use TigerVNC server on the Linux VM (Debian) plus dummy video driver and 
compiled vmm kernel modules for clock in sync and network...
https://github.com/voutilad/virtio_vmmci
https://github.com/voutilad/vmm_clock

On the OpenBSD host TigerVNC viewer has been installed.

Works absolutely amazing, like a physical computer.

For completely headless system I'd prefer OpenBSD and Alpine on VM. It depends 
on goals.

Martin

‐‐‐ Original Message ‐‐‐
On Wednesday, May 12, 2021 6:49 PM, David Anthony  
wrote:

> Hi Martin,
>
> Do you have any notes on how to view Linux GUI apps running on OpenBSD VMM?
>
> For instance, say I wanted to develop code on Debian w/ Visual Studio
> Code, and wanted to edit / view VS Code app from my host OpenBSD machine.
>
> Does that make sense?
>
> -David

Re: VMM 6.9amd64 host video acceleration

[Martin]

No Window'es or Linux'es on the hosts, just OpenBSD. Anyway, Debian works great 
on VMM, except the question's topic thing. Thank you for your attention)

Martin

‐‐‐ Original Message ‐‐‐
On Wednesday, May 12, 2021 6:25 PM, Theo de Raadt  wrote:

> I am terribly sorry you aren't satisfied with what is possible in OpenBSD,
> and will have to return to a Linux or Windows environment.
>
> Martin martin...@protonmail.com wrote:
>
> > Hi Theo,
> > Sure, for online videos I'm using OpenBSD host with appropriate browser 
> > installed. Just wonder about VMM to move all 'potentially dangerous' things 
> > to a linux VM and remove any browsers from the host.
> > Martin
> > ‐‐‐ Original Message ‐‐‐
> > On Wednesday, May 12, 2021 6:07 PM, Theo de Raadt dera...@openbsd.org wrote:
> >
> > > Have you considered using a real computer?
> > > Martin martin...@protonmail.com wrote:
> > >
> > > > Hi Dave,
> > > > Can you recommend any way to see online videos without shuttering? 
> > > > Modern CPUs can't smoothly play it in software emulation, unfortunately.
> > > > Martin
> > > > ‐‐‐ Original Message ‐‐‐
> > > > On Wednesday, May 12, 2021 1:43 PM, Dave Voutila d...@sisu.io wrote:
> > > >
> > > > > Martin writes:
> > > > >
> > > > > > Hi list,
> > > > > > Just wonder how to enable video acceleration on VMM guest's side 
> > > > > > (Debian) if it was possible. Maybe PCIe passthru should be present 
> > > > > > for that purpose?
> > > > >
> > > > > There is nothing to accelerate: vmd(8) doesn't emulate a display or
> > > > > video device. vmm(4) doesn't support pass-through to host hardware
> > > > > either.
> > > > > -dv

Re: VMM 6.9amd64 host video acceleration

[Martin]

Hi Mike,

Did it already as you replied.

Thanks.

Martin

‐‐‐ Original Message ‐‐‐
On Wednesday, May 12, 2021 6:20 PM, Mike Larkin  wrote:

> On Wed, May 12, 2021 at 06:06:14PM +, Martin wrote:
>
> > Hi Dave,
> > Can you recommend any way to see online videos without shuttering? Modern 
> > CPUs can't smoothly play it in software emulation, unfortunately.
>
> pkg_add youtube-dl
>
> pkg_add firefox (or chrome, etc)
>
> What's the problem here? Are you trying to watch 8k 240Hz videos or something?
>
> > Martin
> > ‐‐‐ Original Message ‐‐‐
> > On Wednesday, May 12, 2021 1:43 PM, Dave Voutila d...@sisu.io wrote:
> >
> > > Martin writes:
> > >
> > > > Hi list,
> > > > Just wonder how to enable video acceleration on VMM guest's side 
> > > > (Debian) if it was possible. Maybe PCIe passthru should be present for 
> > > > that purpose?
> > >
> > > There is nothing to accelerate: vmd(8) doesn't emulate a display or
> > > video device. vmm(4) doesn't support pass-through to host hardware
> > > either.
> > > -dv

Re: VMM 6.9amd64 host video acceleration

[Martin]

Hi Theo,

Sure, for online videos I'm using OpenBSD host with appropriate browser 
installed. Just wonder about VMM to move all 'potentially dangerous' things to 
a linux VM and remove any browsers from the host.

Martin

‐‐‐ Original Message ‐‐‐
On Wednesday, May 12, 2021 6:07 PM, Theo de Raadt  wrote:

> Have you considered using a real computer?
>
> Martin martin...@protonmail.com wrote:
>
> > Hi Dave,
> > Can you recommend any way to see online videos without shuttering? Modern 
> > CPUs can't smoothly play it in software emulation, unfortunately.
> > Martin
> > ‐‐‐ Original Message ‐‐‐
> > On Wednesday, May 12, 2021 1:43 PM, Dave Voutila d...@sisu.io wrote:
> >
> > > Martin writes:
> > >
> > > > Hi list,
> > > > Just wonder how to enable video acceleration on VMM guest's side 
> > > > (Debian) if it was possible. Maybe PCIe passthru should be present for 
> > > > that purpose?
> > >
> > > There is nothing to accelerate: vmd(8) doesn't emulate a display or
> > > video device. vmm(4) doesn't support pass-through to host hardware
> > > either.
> > > -dv

Re: spamd IPv6 listener 6.9amd64

[Martin]

Hi Peter,

Great book of PF. I've read it early in 2015, very useful.

Since last updates all the incoming connections to my mail servers are IPv6, 
unfortunately. Just before the updates it was IPv4, so spamd has been used for 
all the incoming connections outside whitelists of known peers. Works like a 
charm.

Now I'm looking forward to exchange spamd to rspamd (it has DKIM signing 
functionality) to replace spamd and dkimproxy which working in current 
configuration.

Hope it can provide required functionality for IPv6 networks.

Martin

‐‐‐ Original Message ‐‐‐
On Wednesday, May 12, 2021 4:47 PM, Peter Nicolai Mathias Hansteen 
 wrote:

> > 12.  mai 2021 kl. 15:24 skrev Martin martin...@protonmail.com:
> >
> > Hi list,
> > I can't find in spamd(8) how to enable IPv6 listener in addition to IPv4 
> > one.
> > Is it possible to set spamd(8) to listen on both IPv4 and IPv6?
>
> Unfortunately spamd is IPv4 only.
>
> Back in the day (2014ish?, about the time I was finishing up the 3rd ed of 
> The Book of PF) there was talk of and possibly even an ambition of making it 
> IPv6 capable. I remember discussing some of this with phessler at the time 
> and left the descriptions in the book somewhat vague on the matter, hoping to 
> get back to the issue soon. However I never saw code ready for testing.
>
> I was under the impression that one of the hurdles to overcome was to define 
> a sane version of greylisting to implement for IPv6 with its much larger set 
> of addresses. But there could easily have been other issues that affected the 
> effort.
>
> So until other news on the matter turns up, it is better to rdr-to port spamd 
> only for inet, not inet6.
>
> All the best,
> Peter
>
> —
> Peter N. M. Hansteen, member of the first RFC 1149 implementation team
> http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
> "Remember to set the evil bit on all malicious network traffic"
> delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: VMM 6.9amd64 host video acceleration

[Martin]

Hi Dave,

Can you recommend any way to see online videos without shuttering? Modern CPUs 
can't smoothly play it in software emulation, unfortunately.

Martin

‐‐‐ Original Message ‐‐‐
On Wednesday, May 12, 2021 1:43 PM, Dave Voutila  wrote:

> Martin writes:
>
> > Hi list,
> > Just wonder how to enable video acceleration on VMM guest's side (Debian) 
> > if it was possible. Maybe PCIe passthru should be present for that purpose?
>
> There is nothing to accelerate: vmd(8) doesn't emulate a display or
> video device. vmm(4) doesn't support pass-through to host hardware
> either.
>
> -dv

Re: VMM 6.9amd64 host video acceleration

[BergenBergen BergenBergen]

* mindless

On Wed, May 12, 2021 at 11:30 PM BergenBergen BergenBergen
 wrote:
>
> I just have to say this hatred and twisting of facts could be due to
> my mindness promotion of our operating system.
>
> I've hurt a lot of people. Jealousy is a m*.
>
> --Murk
>
>
>
> On Wed, May 12, 2021 at 8:09 PM Theo de Raadt  wrote:
> >
> > Have you considered using a real computer?
> >
> > Martin  wrote:
> >
> > > Hi Dave,
> > >
> > > Can you recommend any way to see online videos without shuttering? Modern 
> > > CPUs can't smoothly play it in software emulation, unfortunately.
> > >
> > > Martin
> > >
> > > ‐‐‐ Original Message ‐‐‐
> > > On Wednesday, May 12, 2021 1:43 PM, Dave Voutila  wrote:
> > >
> > > > Martin writes:
> > > >
> > > > > Hi list,
> > > > > Just wonder how to enable video acceleration on VMM guest's side 
> > > > > (Debian) if it was possible. Maybe PCIe passthru should be present 
> > > > > for that purpose?
> > > >
> > > > There is nothing to accelerate: vmd(8) doesn't emulate a display or
> > > > video device. vmm(4) doesn't support pass-through to host hardware
> > > > either.
> > > >
> > > > -dv
> > >
> > >
> >

Re: VMM 6.9amd64 host video acceleration

[BergenBergen BergenBergen]

I just have to say this hatred and twisting of facts could be due to
my mindness promotion of our operating system.

I've hurt a lot of people. Jealousy is a m*.

--Murk



On Wed, May 12, 2021 at 8:09 PM Theo de Raadt  wrote:
>
> Have you considered using a real computer?
>
> Martin  wrote:
>
> > Hi Dave,
> >
> > Can you recommend any way to see online videos without shuttering? Modern 
> > CPUs can't smoothly play it in software emulation, unfortunately.
> >
> > Martin
> >
> > ‐‐‐ Original Message ‐‐‐
> > On Wednesday, May 12, 2021 1:43 PM, Dave Voutila  wrote:
> >
> > > Martin writes:
> > >
> > > > Hi list,
> > > > Just wonder how to enable video acceleration on VMM guest's side 
> > > > (Debian) if it was possible. Maybe PCIe passthru should be present for 
> > > > that purpose?
> > >
> > > There is nothing to accelerate: vmd(8) doesn't emulate a display or
> > > video device. vmm(4) doesn't support pass-through to host hardware
> > > either.
> > >
> > > -dv
> >
> >
>

Re: spamd IPv6 listener 6.9amd64

[Peter Nicolai Mathias Hansteen]

> 12. mai 2021 kl. 15:24 skrev Martin :
> 
> Hi list,
> 
> I can't find in spamd(8) how to enable IPv6 listener in addition to IPv4 one.
> 
> Is it possible to set spamd(8) to listen on both IPv4 and IPv6?

Unfortunately spamd is IPv4 only.

Back in the day (2014ish?, about the time I was finishing up the 3rd ed of The 
Book of PF) there was talk of and possibly even an ambition of making it IPv6 
capable. I remember discussing some of this with phessler at the time and left 
the descriptions in the book somewhat vague on the matter, hoping to get back 
to the issue soon. However I never saw code ready for testing.

I was under the impression that one of the hurdles to overcome was to define a 
sane version of greylisting to implement for IPv6 with its much larger set of 
addresses. But there could easily have been other issues that affected the 
effort.

So until other news on the matter turns up, it is better to rdr-to port spamd 
only for inet, not inet6.

All the best,
Peter


—
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.






signature.asc
Description: Message signed with OpenPGP

Re: VMM 6.9amd64 host video acceleration

[Luke A. Call]

I think there are ways to get what you want w/o VMM, such as a
combination of regular X, separate user accounts for different
activities, ssh -X/-Y, and rarely, xhost.  Email me off-list if you want
details; I have described them here at least somewhat, in the past.

(Also given the fact that chrome/iridium and I think FF use
pledge/unveil now.)

On 2021-05-12 18:06:14+, Martin  wrote:
> Hi Dave,
> 
> Can you recommend any way to see online videos without shuttering? Modern 
> CPUs can't smoothly play it in software emulation, unfortunately.
> 
> Martin
> 
> ? Original Message ?
> On Wednesday, May 12, 2021 1:43 PM, Dave Voutila  wrote:
> 
> > Martin writes:
> >
> > > Hi list,
> > > Just wonder how to enable video acceleration on VMM guest's side (Debian) 
> > > if it was possible. Maybe PCIe passthru should be present for that 
> > > purpose?
> >
> > There is nothing to accelerate: vmd(8) doesn't emulate a display or
> > video device. vmm(4) doesn't support pass-through to host hardware
> > either.
> >
> > -dv
> 
> 

LLDB step over command

[misc]

Hello

Im on 6.9 release amd64. Switched to clang and lldb since gcc and gdb are not
in base anymore. My problem is during debugging for some functions 
command "next/step-over" behaves like "step/step-in".

example code (just for illustration purpose): 
#include
#include

int main()
{
int a = 5, b;
void *p = malloc(sizeof(int));
memcpy(p, (void *), sizeof(int));
b = *(int *)p;
return b;
}

compiled with: 
cc -g -Weverything -ansi -pedantic -O0 -o moveint moveint.c  

below is the snippet from session where lldb goes into malloc instead of
step over it.
...
-> 7void *p = malloc(sizeof(int));
  ^
   8memcpy(p, (void *), sizeof(int));
   9b = *(int *)p;
   10   return b;
(lldb) next
Process 18050 stopped
* thread #1, stop reason = step over failed (Could not create return address 
breakpoint. Return address (0x43eae9c89bd) permissions not found.)
frame #0: 0x043eae9c8ad0 moveint`malloc
moveint`malloc:
->  0x43eae9c8ad0 <+0>:  movq   0x11c9(%rip), %r11
0x43eae9c8ad7 <+7>:  callq  0x43eae9c8a40
0x43eae9c8adc <+12>: jmp0x43eae9c8a32
0x43eae9c8ae1 <+17>: pushq  $0x4
...

How should I deal with this? 

Thanks,
Serge.

Re: VMM 6.9amd64 host video acceleration

[Theo de Raadt]

I am terribly sorry you aren't satisfied with what is possible in OpenBSD,
and will have to return to a Linux or Windows environment.

Martin  wrote:

> Hi Theo,
> 
> Sure, for online videos I'm using OpenBSD host with appropriate browser 
> installed. Just wonder about VMM to move all 'potentially dangerous' things 
> to a linux VM and remove any browsers from the host.
> 
> Martin
> 
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Wednesday, May 12, 2021 6:07 PM, Theo de Raadt  wrote:
> 
> > Have you considered using a real computer?
> >
> > Martin martin...@protonmail.com wrote:
> >
> > > Hi Dave,
> > > Can you recommend any way to see online videos without shuttering? Modern 
> > > CPUs can't smoothly play it in software emulation, unfortunately.
> > > Martin
> > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> > > On Wednesday, May 12, 2021 1:43 PM, Dave Voutila d...@sisu.io wrote:
> > >
> > > > Martin writes:
> > > >
> > > > > Hi list,
> > > > > Just wonder how to enable video acceleration on VMM guest's side 
> > > > > (Debian) if it was possible. Maybe PCIe passthru should be present 
> > > > > for that purpose?
> > > >
> > > > There is nothing to accelerate: vmd(8) doesn't emulate a display or
> > > > video device. vmm(4) doesn't support pass-through to host hardware
> > > > either.
> > > > -dv
> 
> 

Re: VMM 6.9amd64 host video acceleration

[Theo de Raadt]

Have you considered using a real computer?


Martin  wrote:

> Hi Theo,
> 
> Sure, for online videos I'm using OpenBSD host with appropriate browser 
> installed. Just wonder about VMM to move all 'potentially dangerous' things 
> to a linux VM and remove any browsers from the host.
> 
> Martin
> 
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> On Wednesday, May 12, 2021 6:07 PM, Theo de Raadt  wrote:
> 
> > Have you considered using a real computer?
> >
> > Martin martin...@protonmail.com wrote:
> >
> > > Hi Dave,
> > > Can you recommend any way to see online videos without shuttering? Modern 
> > > CPUs can't smoothly play it in software emulation, unfortunately.
> > > Martin
> > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> > > On Wednesday, May 12, 2021 1:43 PM, Dave Voutila d...@sisu.io wrote:
> > >
> > > > Martin writes:
> > > >
> > > > > Hi list,
> > > > > Just wonder how to enable video acceleration on VMM guest's side 
> > > > > (Debian) if it was possible. Maybe PCIe passthru should be present 
> > > > > for that purpose?
> > > >
> > > > There is nothing to accelerate: vmd(8) doesn't emulate a display or
> > > > video device. vmm(4) doesn't support pass-through to host hardware
> > > > either.
> > > > -dv
> 
> 

Re: VMM 6.9amd64 host video acceleration

[Mike Larkin]

On Wed, May 12, 2021 at 06:06:14PM +, Martin wrote:
> Hi Dave,
>
> Can you recommend any way to see online videos without shuttering? Modern 
> CPUs can't smoothly play it in software emulation, unfortunately.
>

pkg_add youtube-dl

pkg_add firefox (or chrome, etc)

What's the problem here? Are you trying to watch 8k 240Hz videos or something?

> Martin
>
> ‐‐‐ Original Message ‐‐‐
> On Wednesday, May 12, 2021 1:43 PM, Dave Voutila  wrote:
>
> > Martin writes:
> >
> > > Hi list,
> > > Just wonder how to enable video acceleration on VMM guest's side (Debian) 
> > > if it was possible. Maybe PCIe passthru should be present for that 
> > > purpose?
> >
> > There is nothing to accelerate: vmd(8) doesn't emulate a display or
> > video device. vmm(4) doesn't support pass-through to host hardware
> > either.
> >
> > -dv
>
>

Re: VMM 6.9amd64 host video acceleration

[Theo de Raadt]

Have you considered using a real computer?

Martin  wrote:

> Hi Dave,
> 
> Can you recommend any way to see online videos without shuttering? Modern 
> CPUs can't smoothly play it in software emulation, unfortunately.
> 
> Martin
> 
> ‐‐‐ Original Message ‐‐‐
> On Wednesday, May 12, 2021 1:43 PM, Dave Voutila  wrote:
> 
> > Martin writes:
> >
> > > Hi list,
> > > Just wonder how to enable video acceleration on VMM guest's side (Debian) 
> > > if it was possible. Maybe PCIe passthru should be present for that 
> > > purpose?
> >
> > There is nothing to accelerate: vmd(8) doesn't emulate a display or
> > video device. vmm(4) doesn't support pass-through to host hardware
> > either.
> >
> > -dv
> 
> 

Re: spamd IPv6 listener 6.9amd64

[Aisha Tammy]

afaik spamd(8) does not support ipv6 (yet).
I also do not know if there is any ongoing effort for ipv6 to be added.

On 5/12/21 9:24 AM, Martin wrote:

Hi list,

I can't find in spamd(8) how to enable IPv6 listener in addition to IPv4 one.

Is it possible to set spamd(8) to listen on both IPv4 and IPv6?

Martin

Re: kernel size over time

[Theo de Raadt]

kernel-side code for X

Kent Watsen  wrote:

> I used to be able to install OpenBSD on a 1G disk (sets: -x* -g* -c*) and 
> 256M ram, but no more….now a 1280M disk + 384M ram is needed.
> 
> After a little sleuthing, the primary reason seems to be that the size of 
> /usr/share/relink/kernel/GENERIC/ has been growing:
> 
>   Rel  Size
>    
>   6.4  217M
>   6.5  223M
>   6.6  339M
>   6.7  
>   6.8  465M
>   6.9  469M
> 
> Not that it really matters, but does anyone know why the kernel has grown 
> this much over the releases?
> 
> K.
> 

Re: kernel size over time

[Antal Ispanovity]

Check the diff of release notes I guess

On Wed, May 12, 2021, 19:26 Kent Watsen  wrote:

> I used to be able to install OpenBSD on a 1G disk (sets: -x* -g* -c*) and
> 256M ram, but no more….now a 1280M disk + 384M ram is needed.
>
> After a little sleuthing, the primary reason seems to be that the size of
> /usr/share/relink/kernel/GENERIC/ has been growing:
>
> Rel  Size
>  
> 6.4  217M
> 6.5  223M
> 6.6  339M
> 6.7  
> 6.8  465M
> 6.9  469M
>
> Not that it really matters, but does anyone know why the kernel has grown
> this much over the releases?
>
> K.
>
>

kernel size over time

[Kent Watsen]

I used to be able to install OpenBSD on a 1G disk (sets: -x* -g* -c*) and 256M 
ram, but no more….now a 1280M disk + 384M ram is needed.

After a little sleuthing, the primary reason seems to be that the size of 
/usr/share/relink/kernel/GENERIC/ has been growing:

Rel  Size
 
6.4  217M
6.5  223M
6.6  339M
6.7  
6.8  465M
6.9  469M

Not that it really matters, but does anyone know why the kernel has grown this 
much over the releases?

K.

spamd IPv6 listener 6.9amd64

[Martin]

Hi list,

I can't find in spamd(8) how to enable IPv6 listener in addition to IPv4 one.

Is it possible to set spamd(8) to listen on both IPv4 and IPv6?

Martin

VMM 6.9amd64 host video acceleration

[Martin]

Hi list,

Just wonder how to enable video acceleration on VMM guest's side (Debian) if it 
was possible. Maybe PCIe passthru should be present for that purpose?

virtio_vmmci and vmm_clock kernel driver modules doesn't help.

Martin

Re: IKEv2: CHILD_SA is not created

[Денис Давыдов]

Finally solved! Tried TS one after another. To put it mildly, I'm
surprised. it turns out that the equipment on the remote side is configured
in such a way that for each TS I had to set up a separate connection. This
configuration working fine now:

ikev2 crypto-primary active esp \
  from 10.21.139.8/30 to 2.2.2.2 \
  peer 7.7.7.7 \
  ikesa auth hmac-sha2-256 enc aes-256 prf hmac-sha2-256 group modp2048
\
  childsa auth hmac-sha2-256 enc aes-256 group modp2048 \
  ikelifetime 86400 lifetime 28800 \
  psk "*"

ikev2 crypto-primary active esp \
  from 10.21.139.8/30 to 3.3.3.3 \
  peer 7.7.7.7 \
  ikesa auth hmac-sha2-256 enc aes-256 prf hmac-sha2-256 group modp2048
\
  childsa auth hmac-sha2-256 enc aes-256 group modp2048 \
  ikelifetime 86400 lifetime 28800 \
  psk "*"

Tobias, thanks for your time and attention to my problem.

On Wed, May 12, 2021 at 3:36 PM Денис Давыдов  wrote:

> Tobias,
>
> I replaced the OpenBSD with the same configuration:
> -> % uname -r -p
> 6.9 amd64
>
> Now, with this configuration:
>
> ikev2 crypto-primary active esp \
>   from any to any \
>   peer 7.7.7.7 \
>   ikesa auth hmac-sha2-256 enc aes-256 prf hmac-sha2-256 group
> modp2048 \
>   childsa auth hmac-sha2-256 enc aes-256 group modp2048 \
>   ikelifetime 86400 lifetime 28800 \
>   psk "*"
>
> I got NO_PROPOSAL_CHOSEN: https://pastebin.com/Puhx41DZ
>
> And with the original configuration, which was agreed with the provider:
>
> ikev2 crypto-primary active esp \
>   from 10.21.139.8/30 to 2.2.2.2 \
>   from 10.21.139.8/30 to 3.3.3.3 \
>   peer 7.7.7.7 \
>   ikesa auth hmac-sha2-256 enc aes-256 prf hmac-sha2-256 group
> modp2048 \
>   childsa auth hmac-sha2-256 enc aes-256 group modp2048 \
>   ikelifetime 86400 lifetime 28800 \
>   psk "*"
>
> I still got TS_UNACCEPTABLE: https://pastebin.com/nw0usUJi
>
> I don't know where to dig anymore. The remote side is not responding yet.
> I contacted another provider who shared their configuration from the same
> Cisco model ASA 5585 (IKEv2 works with that hardware without problems). The
> only difference is that they have no these two options (although, I am not
> an expert in Cisco IKEv2 configuration either):
>
> crypto map outside_map 2470 set connection-type answer-only
> crypto map outside_map 2470 set reverse-route
>
> I understand that everyone is already tired of this topic. I will be in
> close contact with this provider. If I can connect to their equipment, I'll
> write what the problem was. Most likely the problem is in their
> configuration, rather than the problem in iked itself. I am sorry for the
> time wasted.
>
> Oh! One more question: Can iked work with the same TS but different peers
> at the same time?  Am I correct in understanding that this is not possible?
> The remote side just offers the same settings for two public IP addresses
> from their side (they have two different crypto peers). So far, I just
> commented out the configuration with the second peer.
>
>
> On Wed, May 12, 2021 at 12:33 PM Tobias Heider 
> wrote:
>
>> On Wed, May 12, 2021 at 12:06:21PM +0300, Денис Давыдов wrote:
>> > I tried to specify an explicit parameter -T to disable NAT-Traversal
>> > auto-detection and use `local' parameter. Also according to your advice
>> > tried a configuration like this:
>> >
>> > ikev2 crypto-primary active esp \
>> >   from any to any \
>> >   local 1.1.1.1 peer 7.7.7.7 \
>> >   ikesa auth hmac-sha2-256 enc aes-256 prf hmac-sha2-256 group
>> modp2048
>> > \
>> >   childsa auth hmac-sha2-256 enc aes-256 group modp2048 \
>> >   ikelifetime 86400 lifetime 28800 \
>> >   psk "secret"
>> >
>> > And I got:
>> >
>> > May 12 08:45:17 crypto-gw2 iked[17640]: ikev2_pld_payloads: decrypted
>> > payload TSi nextpayload TSr critical 0x00 length 8
>> > May 12 08:45:17 crypto-gw2 iked[17640]: ikev2_pld_tss: count 1 length 0
>> > May 12 08:45:17 crypto-gw2 iked[17640]: ikev2_validate_ts: malformed
>> > payload: too short for header (0 < 8)
>> > May 12 08:45:17 crypto-gw2 iked[17640]: ikev2_validate_pld: malformed
>> > payload: shorter than minimum header size (0 < 4)
>>
>> This looks like you're running < 6.9 where any doesn't work for traffic
>> selectors.  Either try using 0.0.0.0/0 instead or even better update
>> to the latest version.
>>
>> >
>> > Full log: https://pastebin.com/MLC4VXSs
>> >
>> > P.S. Tried removing the ikelifetime and lifetime parameters as well. Did
>> > not help, the same behavior.
>> >
>> > On Tue, May 11, 2021 at 7:43 PM Tobias Heider 
>> > wrote:
>> >
>> > > From my limited understanding of cisco ASA configs i can't see any
>> > > obvious problems.
>> > >
>> > > You could try setting 'from any to any' on your side to see how the
>> server
>> > > responds. If the server is configured to narrow traffic selectors, the
>> > > handshake
>> > > should succeed and the log will tell you the exact traffic selectors

Re: 6.9 on VMware Workstation networking issues

[Martin]

Hi,

Please consider to move to VirtualBox. No any problems with networking at all 
on any host platform. Network works fine using OpenBSD VMM hypervisor too.

Martin

‐‐‐ Original Message ‐‐‐
On Wednesday, May 12, 2021 9:48 AM, Moritz Grimm  
wrote:

> Hi Masato,
>
> Thanks for checking. I'm currently stuck with Workstation Pro 15.5.7
> build-17171714.
> It seems likely that it is an interaction between Workstation and some
> changes between 6.8 and 6.9 that causes this regression. It's not clear
> whose fault it is for this misbehavior. However, none of the previous
> OpenBSD versions, various Linux distros, and Windows VMs I'm running
> exhibit this.
> It would be interesting to know, if there is more than just ENOBUFS and
> high Ofail numbers that I could look for to pinpoint the root cause ...
>
> Best regards,
> -Moritz
>
> On 12.05.21 11:14, Masato Asou wrote:
>
> > I've also tried VMware Workstation 16 Player on Windows10 Pro and the
> > netowrk is working fine.
> >
> > ---
> >
> > ASOU Masato
> > From: Masato Asou a...@soum.co.jp
> > Date: Wed, 12 May 2021 12:51:48 +0900 (JST)
> >
> > > Hi Moritz,
> > > I upgraded with the following command on my OpenBSD 6.8 release, and
> > > the network is working fine.
> > > $ doas sysupgrade
> > > I am using ESXi 6.7 and VMware Fusion 12.1.1 and em0 both environment,
> > > and network is working fine both environment.
> > >
> > > Isn't it a VMware Workstation problem?
> > > Can you try VirtualBox?
> > >
> > > ---
> > >
> > > ASOU Masato
> > > From: Moritz Grimm mgmlist...@mrsserver.net
> > > Date: Wed, 12 May 2021 00:32:42 +0200
> > >
> > > > Hi,
> > > > Networking has become unusable in all of my virtual installs of 6.9 on
> > > > VMware Workstation after an (otherwise uneventful) sysupgrade from 6.8
> > > > to 6.9. They've been working for years and I've upgraded them several
> > > > times without any issues so far.
> > > > netstat -ni shows a huge number of Ofail and ping almost always prints
> > > > and error from sendmsg ("No buffer space available"), but the
> > > > occasional ping and DNS lookup does go through (at a success rate of
> > > > <5%). These are the only error messages I am getting.
> > > > I'm using vmx(4), but also tried em(4) without any success.
> > > > None of the upgrade69.html configuration changes are applicable, and
> > > > my pf.conf parses without errors in 6.9.
> > > > The dmesg output (from version 6.8 below) is almost identical in 6.9,
> > > > which just shows slightly less memory available.
> > > > I've run out of debugging ideas and would appreciate some help. My
> > > > only "solution" right now was to revert to a 6.8 snapshot. I'm also a
> > > > bit worried that I might run into similar issues on my bare metal
> > > > installs (which are all "production"), so I haven't tried those, yet.
> > > > Thanks,
> > > > -Moritz
> > > > OpenBSD 6.8 (GENERIC.MP) #5: Mon Feb 22 04:36:10 MST 2021
> > > > r...@syspatch-68-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> > > > real mem = 519962624 (495MB)
> > > > avail mem = 489213952 (466MB)
> > > > random: good seed from bootblocks
> > > > mpath0 at root
> > > > scsibus0 at mpath0: 256 targets
> > > > mainbus0 at root
> > > > bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe0010 (620 entries)
> > > > bios0: vendor Phoenix Technologies LTD version "6.00" date 02/27/2020
> > > > bios0: VMware, Inc. VMware Virtual Platform
> > > > acpi0 at bios0: ACPI 4.0
> > > > acpi0: sleep states S0 S1 S4 S5
> > > > acpi0: tables DSDT FACP BOOT APIC MCFG SRAT HPET WAET
> > > > acpi0: wakeup devices PCI0(S3) USB_(S1) P2P0(S3) S1F0(S3) S2F0(S3)
> > > > S8F0(S3) S16F(S3) S17F(S3) S18F(S3) S22F(S3) S23F(S3) S24F(S3)
> > > > S25F(S3) PE40(S3) S1F0(S3) PE50(S3) [...]
> > > > acpitimer0 at acpi0: 3579545 Hz, 24 bits
> > > > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> > > > cpu0 at mainbus0: apid 0 (boot processor)
> > > > cpu0: Intel(R) Core(TM) i7-9850H CPU @ 2.60GHz, 2593.36 MHz, 06-9e-0d
> > > > cpu0:
> > > > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,CLFLUSHOPT,IBRS,IBPB,STIBP,L1DF,SSBD,ARAT,XSAVEOPT,XSAVEC,XSAVES
> > > > cpu0: 256KB 64b/line 8-way L2 cache
> > > > cpu0: smt 0, core 0, package 0
> > > > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
> > > > cpu0: apic clock running at 65MHz
> > > > cpu1 at mainbus0: apid 2 (application processor)
> > > > cpu1: Intel(R) Core(TM) i7-9850H CPU @ 2.60GHz, 2593.40 MHz, 06-9e-0d
> > > > cpu1:
> > > > 

Re: OpenBSD 6.9 ports upgrade failures

[Martin]

Hi,

Do you mean packages upgrade by using command:

$ doas pkg_add -uvi ?

If yes, you can remove failed packages for upgrade and reinstall them manually 
by the command:

$ doas pkg_add package_name

Martin

‐‐‐ Original Message ‐‐‐
On Wednesday, May 12, 2021 9:06 AM, Артём Мазуров  
wrote:

> Hello.
> I'm trying to upgrade ports after upgrading os to 6.9, but I get a lot
> of failures from various packages and I don't know how to approach them.
> One of those packages is python-3.8.6p0 -> python-3.8.8p0.
>
> > quirks-4.9 signed on 2021-05-11T16:31:32Z
> > Can't install python-3.8.8p0 because of libraries
> > |library ssl.48.2 not found
> > | /usr/lib/libssl.so.48.1 (system): minor is too small
> > | /usr/lib/libssl.so.49.0 (system): bad major
> > Direct dependencies for python-3.8.6p0->3.8.8p0 resolve to libffi-3.3
> > sqlite3-3.35.5 gettext-runtime-0.21p1 bzip2-1.0.8p0 xz-5.2.5>Full
> > dependency tree is sqlite3-3.35.5 gettext-runtime-0.21p1 xz-5.2.5
> > bzip2-1.0.8p0 libiconv-1.16p0 libffi-3.3
> > Couldn't find updates for python-3.8.6p0
> > Couldn't install python-3.8.8p0
>
> What should I make of this ?

Re: spamd IPv6 listener 6.9amd64

[Patrick Wildt]

Am Wed, May 12, 2021 at 09:46:28AM -0400 schrieb Aisha Tammy:
> afaik spamd(8) does not support ipv6 (yet).
> I also do not know if there is any ongoing effort for ipv6 to be added.
> 
> On 5/12/21 9:24 AM, Martin wrote:
> > Hi list,
> > 
> > I can't find in spamd(8) how to enable IPv6 listener in addition to IPv4 
> > one.
> > 
> > Is it possible to set spamd(8) to listen on both IPv4 and IPv6?
> > 
> > Martin
> > 

I'm using rspamd, that's a pretty good application.

Re: VMM 6.9amd64 host video acceleration

[Dave Voutila]

Martin writes:

> Hi list,
>
> Just wonder how to enable video acceleration on VMM guest's side (Debian) if 
> it was possible. Maybe PCIe passthru should be present for that purpose?

There is nothing to accelerate: vmd(8) doesn't emulate a display or
video device. vmm(4) doesn't support pass-through to host hardware
either.

-dv

Re: IKEv2: CHILD_SA is not created

[Денис Давыдов]

Tobias,

I replaced the OpenBSD with the same configuration:
-> % uname -r -p
6.9 amd64

Now, with this configuration:

ikev2 crypto-primary active esp \
  from any to any \
  peer 7.7.7.7 \
  ikesa auth hmac-sha2-256 enc aes-256 prf hmac-sha2-256 group modp2048
\
  childsa auth hmac-sha2-256 enc aes-256 group modp2048 \
  ikelifetime 86400 lifetime 28800 \
  psk "*"

I got NO_PROPOSAL_CHOSEN: https://pastebin.com/Puhx41DZ

And with the original configuration, which was agreed with the provider:

ikev2 crypto-primary active esp \
  from 10.21.139.8/30 to 2.2.2.2 \
  from 10.21.139.8/30 to 3.3.3.3 \
  peer 7.7.7.7 \
  ikesa auth hmac-sha2-256 enc aes-256 prf hmac-sha2-256 group modp2048
\
  childsa auth hmac-sha2-256 enc aes-256 group modp2048 \
  ikelifetime 86400 lifetime 28800 \
  psk "*"

I still got TS_UNACCEPTABLE: https://pastebin.com/nw0usUJi

I don't know where to dig anymore. The remote side is not responding yet. I
contacted another provider who shared their configuration from the same
Cisco model ASA 5585 (IKEv2 works with that hardware without problems). The
only difference is that they have no these two options (although, I am not
an expert in Cisco IKEv2 configuration either):

crypto map outside_map 2470 set connection-type answer-only
crypto map outside_map 2470 set reverse-route

I understand that everyone is already tired of this topic. I will be in
close contact with this provider. If I can connect to their equipment, I'll
write what the problem was. Most likely the problem is in their
configuration, rather than the problem in iked itself. I am sorry for the
time wasted.

Oh! One more question: Can iked work with the same TS but different peers
at the same time?  Am I correct in understanding that this is not possible?
The remote side just offers the same settings for two public IP addresses
from their side (they have two different crypto peers). So far, I just
commented out the configuration with the second peer.


On Wed, May 12, 2021 at 12:33 PM Tobias Heider 
wrote:

> On Wed, May 12, 2021 at 12:06:21PM +0300, Денис Давыдов wrote:
> > I tried to specify an explicit parameter -T to disable NAT-Traversal
> > auto-detection and use `local' parameter. Also according to your advice
> > tried a configuration like this:
> >
> > ikev2 crypto-primary active esp \
> >   from any to any \
> >   local 1.1.1.1 peer 7.7.7.7 \
> >   ikesa auth hmac-sha2-256 enc aes-256 prf hmac-sha2-256 group
> modp2048
> > \
> >   childsa auth hmac-sha2-256 enc aes-256 group modp2048 \
> >   ikelifetime 86400 lifetime 28800 \
> >   psk "secret"
> >
> > And I got:
> >
> > May 12 08:45:17 crypto-gw2 iked[17640]: ikev2_pld_payloads: decrypted
> > payload TSi nextpayload TSr critical 0x00 length 8
> > May 12 08:45:17 crypto-gw2 iked[17640]: ikev2_pld_tss: count 1 length 0
> > May 12 08:45:17 crypto-gw2 iked[17640]: ikev2_validate_ts: malformed
> > payload: too short for header (0 < 8)
> > May 12 08:45:17 crypto-gw2 iked[17640]: ikev2_validate_pld: malformed
> > payload: shorter than minimum header size (0 < 4)
>
> This looks like you're running < 6.9 where any doesn't work for traffic
> selectors.  Either try using 0.0.0.0/0 instead or even better update
> to the latest version.
>
> >
> > Full log: https://pastebin.com/MLC4VXSs
> >
> > P.S. Tried removing the ikelifetime and lifetime parameters as well. Did
> > not help, the same behavior.
> >
> > On Tue, May 11, 2021 at 7:43 PM Tobias Heider 
> > wrote:
> >
> > > From my limited understanding of cisco ASA configs i can't see any
> > > obvious problems.
> > >
> > > You could try setting 'from any to any' on your side to see how the
> server
> > > responds. If the server is configured to narrow traffic selectors, the
> > > handshake
> > > should succeed and the log will tell you the exact traffic selectors
> you
> > > need
> > > in your config (look for ikev2_pld_ts in the verbose log).
> > >
> > > On Tue, May 11, 2021 at 01:47:53PM +0300, Денис Давыдов wrote:
> > > > Tobias,
> > > >
> > > > The remote side gave me their Cisco ASA 5585 settings and they
> showed the
> > > > logs:
> > > >
> > > > object network Svc_2_2_2_2
> > > > host 2.2.2.2
> > > > object network Svc_3_3_3_3
> > > > host 3.3.3.3
> > > > crypto ipsec ikev2 ipsec-proposal ESP-AES256-SHA2
> > > > protocol esp encryption aes-256
> > > > protocol esp integrity sha-256
> > > >
> > > > object-group network Customer
> > > > description Customer
> > > > network-object 10.21.139.8 255.255.255.252
> > > > object-group network ISP-to-Customer
> > > > description ISP-to-Customer
> > > > network-object object Svc_2_2_2_2
> > > > network-object object Svc_3_3_3_3
> > > > access-list outside_cryptomap_2470 extended permit ip object-group
> > > > ISP-to-Customer object-group Customer
> > > > crypto ipsec ikev2 ipsec-proposal ESP-AES256-SHA2
> > > > crypto map outside_map 2470 match address outside_cryptomap_2470
> > > > crypto map 

Re: OpenBSD 6.9 ports upgrade failures

[Janne Johansson]

Den ons 12 maj 2021 kl 11:29 skrev Артём Мазуров :
> Hello.
> I'm trying to upgrade ports after upgrading os to 6.9, but I get a lot
> >|library ssl.48.2 not found
> >| /usr/lib/libssl.so.48.1 (system): minor is too small
> >| /usr/lib/libssl.so.49.0 (system): bad major

This usually means the pkg_add URL is wrong, perhaps because you have
something version-specific in PKG_PATH or /etc/installurl that points
to the wrong place, compared to your OS version.

-- 
May the most significant bit of your life be positive.

Re: 6.9 on VMware Workstation networking issues

[Moritz Grimm]

Hi Masato,

Thanks for checking. I'm currently stuck with Workstation Pro 15.5.7 
build-17171714.
It seems likely that it is an interaction between Workstation and some 
changes between 6.8 and 6.9 that causes this regression. It's not clear 
whose fault it is for this misbehavior. However, none of the previous 
OpenBSD versions, various Linux distros, and Windows VMs I'm running 
exhibit this.
It would be interesting to know, if there is more than just ENOBUFS and 
high Ofail numbers that I could look for to pinpoint the root cause ...


Best regards,
-Moritz

On 12.05.21 11:14, Masato Asou wrote:

I've also tried VMware Workstation 16 Player on Windows10 Pro and the
netowrk is working fine.
--
ASOU Masato

From: Masato Asou 
Date: Wed, 12 May 2021 12:51:48 +0900 (JST)


Hi Moritz,

I upgraded with the following command on my OpenBSD 6.8 release, and
the network is working fine.

$ doas sysupgrade

I am using ESXi 6.7 and VMware Fusion 12.1.1 and em0 both environment,
and network is working fine both environment.

Isn't it a VMware Workstation problem?
Can you try VirtualBox?
--
ASOU Masato

From: Moritz Grimm 
Date: Wed, 12 May 2021 00:32:42 +0200


Hi,


Networking has become unusable in all of my virtual installs of 6.9 on
VMware Workstation after an (otherwise uneventful) sysupgrade from 6.8
to 6.9. They've been working for years and I've upgraded them several
times without any issues so far.

netstat -ni shows a huge number of Ofail and ping almost always prints
and error from sendmsg ("No buffer space available"), but the
occasional ping and DNS lookup does go through (at a success rate of
<5%). These are the only error messages I am getting.

I'm using vmx(4), but also tried em(4) without any success.

None of the upgrade69.html configuration changes are applicable, and
my pf.conf parses without errors in 6.9.

The dmesg output (from version 6.8 below) is almost identical in 6.9,
which just shows slightly less memory available.

I've run out of debugging ideas and would appreciate some help. My
only "solution" right now was to revert to a 6.8 snapshot. I'm also a
bit worried that I might run into similar issues on my bare metal
installs (which are all "production"), so I haven't tried those, yet.


Thanks,

-Moritz


OpenBSD 6.8 (GENERIC.MP) #5: Mon Feb 22 04:36:10 MST 2021

r...@syspatch-68-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 519962624 (495MB)
avail mem = 489213952 (466MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe0010 (620 entries)
bios0: vendor Phoenix Technologies LTD version "6.00" date 02/27/2020
bios0: VMware, Inc. VMware Virtual Platform
acpi0 at bios0: ACPI 4.0
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT FACP BOOT APIC MCFG SRAT HPET WAET
acpi0: wakeup devices PCI0(S3) USB_(S1) P2P0(S3) S1F0(S3) S2F0(S3)
S8F0(S3) S16F(S3) S17F(S3) S18F(S3) S22F(S3) S23F(S3) S24F(S3)
S25F(S3) PE40(S3) S1F0(S3) PE50(S3) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-9850H CPU @ 2.60GHz, 2593.36 MHz, 06-9e-0d
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,CLFLUSHOPT,IBRS,IBPB,STIBP,L1DF,SSBD,ARAT,XSAVEOPT,XSAVEC,XSAVES
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 65MHz
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i7-9850H CPU @ 2.60GHz, 2593.40 MHz, 06-9e-0d
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,CLFLUSHOPT,IBRS,IBPB,STIBP,L1DF,SSBD,ARAT,XSAVEOPT,XSAVEC,XSAVES
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 0, package 2
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0
acpimcfg0: addr 0xf000, bus 0-127
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001
acpicmos0 at acpi0
"PNP0A05" at acpi0 not configured
acpibat0 at acpi0: BAT1 model "VMware Virtual Batt"
acpiac0 at acpi0: AC unit online
"PNP0A05" at acpi0 not configured
"PNP0A05" at acpi0 not configured
"PNP0A05" at acpi0 not configured
"PNP0A05" at acpi0 not configured
"PNP0A05" at acpi0 not configured
acpicpu0 at acpi0: C1(@1 halt!)
acpicpu1 at acpi0: C1(@1 halt!)
pvbus0 at mainbus0: VMware

Re: IKEv2: CHILD_SA is not created

[Tobias Heider]

On Wed, May 12, 2021 at 12:06:21PM +0300, Денис Давыдов wrote:
> I tried to specify an explicit parameter -T to disable NAT-Traversal
> auto-detection and use `local' parameter. Also according to your advice
> tried a configuration like this:
> 
> ikev2 crypto-primary active esp \
>   from any to any \
>   local 1.1.1.1 peer 7.7.7.7 \
>   ikesa auth hmac-sha2-256 enc aes-256 prf hmac-sha2-256 group modp2048
> \
>   childsa auth hmac-sha2-256 enc aes-256 group modp2048 \
>   ikelifetime 86400 lifetime 28800 \
>   psk "secret"
> 
> And I got:
> 
> May 12 08:45:17 crypto-gw2 iked[17640]: ikev2_pld_payloads: decrypted
> payload TSi nextpayload TSr critical 0x00 length 8
> May 12 08:45:17 crypto-gw2 iked[17640]: ikev2_pld_tss: count 1 length 0
> May 12 08:45:17 crypto-gw2 iked[17640]: ikev2_validate_ts: malformed
> payload: too short for header (0 < 8)
> May 12 08:45:17 crypto-gw2 iked[17640]: ikev2_validate_pld: malformed
> payload: shorter than minimum header size (0 < 4)

This looks like you're running < 6.9 where any doesn't work for traffic
selectors.  Either try using 0.0.0.0/0 instead or even better update
to the latest version.

> 
> Full log: https://pastebin.com/MLC4VXSs
> 
> P.S. Tried removing the ikelifetime and lifetime parameters as well. Did
> not help, the same behavior.
> 
> On Tue, May 11, 2021 at 7:43 PM Tobias Heider 
> wrote:
> 
> > From my limited understanding of cisco ASA configs i can't see any
> > obvious problems.
> >
> > You could try setting 'from any to any' on your side to see how the server
> > responds. If the server is configured to narrow traffic selectors, the
> > handshake
> > should succeed and the log will tell you the exact traffic selectors you
> > need
> > in your config (look for ikev2_pld_ts in the verbose log).
> >
> > On Tue, May 11, 2021 at 01:47:53PM +0300, Денис Давыдов wrote:
> > > Tobias,
> > >
> > > The remote side gave me their Cisco ASA 5585 settings and they showed the
> > > logs:
> > >
> > > object network Svc_2_2_2_2
> > > host 2.2.2.2
> > > object network Svc_3_3_3_3
> > > host 3.3.3.3
> > > crypto ipsec ikev2 ipsec-proposal ESP-AES256-SHA2
> > > protocol esp encryption aes-256
> > > protocol esp integrity sha-256
> > >
> > > object-group network Customer
> > > description Customer
> > > network-object 10.21.139.8 255.255.255.252
> > > object-group network ISP-to-Customer
> > > description ISP-to-Customer
> > > network-object object Svc_2_2_2_2
> > > network-object object Svc_3_3_3_3
> > > access-list outside_cryptomap_2470 extended permit ip object-group
> > > ISP-to-Customer object-group Customer
> > > crypto ipsec ikev2 ipsec-proposal ESP-AES256-SHA2
> > > crypto map outside_map 2470 match address outside_cryptomap_2470
> > > crypto map outside_map 2470 set pfs group14
> > > crypto map outside_map 2470 set connection-type answer-only
> > > crypto map outside_map 2470 set peer 1.1.1.1
> > > crypto map outside_map 2470 set ikev2 ipsec-proposal ESP-AES256-SHA2
> > > crypto map outside_map 2470 set nat-t-disable
> > > crypto map outside_map 2470 set reverse-route
> > > crypto ikev2 policy 100
> > > encryption aes-256
> > > integrity sha
> > > group 21 20 19 24 14 5 2
> > > prf sha
> > > lifetime seconds 28800
> > > tunnel-group 1.1.1.1 type ipsec-l2l
> > > tunnel-group 1.1.1.1 general-attributes
> > > default-group-policy GroupPolicy-Def-IKE2
> > > tunnel-group 1.1.1.1 ipsec-attributes
> > > ikev1 pre-shared-key *
> > > ikev2 remote-authentication pre-shared-key *
> > > ikev2 local-authentication pre-shared-key *
> > >  ikev2 local-authentication pre-shared-key *
> > >
> > > asa-8m-a5-820-l2l/sec/act# sh logg | i 1.1.1.1
> > > May 11 2021 13:35:11: %ASA-7-609001: Built local-host outside:1.1.1.1
> > > May 11 2021 13:35:11: %ASA-6-302015: Built inbound UDP connection
> > > 1392894457 for outside:1.1.1.1/500 (1.1.1.1/500) to identity:7.7.7.7/500
> > (
> > > 7.7.7.7/500)
> > > May 11 2021 13:35:11: %ASA-7-713906: IKE Receiver: Packet received on
> > > 7.7.7.7:500 from 1.1.1.1:500
> > > May 11 2021 13:35:11: %ASA-5-750002: Local:7.7.7.7:500 Remote:
> > 1.1.1.1:500
> > > Username:Unknown IKEv2 Received a IKE_INIT_SA request
> > > May 11 2021 13:35:11: %ASA-7-713906: IKE Receiver: Packet received on
> > > 7.7.7.7:500 from 1.1.1.1:500
> > > May 11 2021 13:35:11: %ASA-5-750007: Local:7.7.7.7:500 Remote:
> > 1.1.1.1:500
> > > Username:1.1.1.1 IKEv2 SA DOWN. Reason: application initiated
> > > May 11 2021 13:35:11: %ASA-4-113019: Group = 1.1.1.1, Username = 1.1.1.1,
> > > IP = 1.1.1.1, Session disconnected. Session Type: LAN-to-LAN, Duration:
> > > 0h:05m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: IKE Delete
> > > May 11 2021 13:35:11: %ASA-5-750006: Local:7.7.7.7:500 Remote:
> > 1.1.1.1:500
> > > Username:1.1.1.1 IKEv2 SA UP. Reason: New Connection Established
> > > May 11 2021 13:35:11: %ASA-6-113009: AAA retrieved default group policy
> > > (GroupPolicy-Def-IKE2) for user = 1.1.1.1
> > >
> > >
> > > P.S. This is strange, 

Re: 6.9 on VMware Workstation networking issues

[Masato Asou]

I've also tried VMware Workstation 16 Player on Windows10 Pro and the
netowrk is working fine.
--
ASOU Masato

From: Masato Asou 
Date: Wed, 12 May 2021 12:51:48 +0900 (JST)

> Hi Moritz,
> 
> I upgraded with the following command on my OpenBSD 6.8 release, and
> the network is working fine.
> 
> $ doas sysupgrade
> 
> I am using ESXi 6.7 and VMware Fusion 12.1.1 and em0 both environment,
> and network is working fine both environment.
> 
> Isn't it a VMware Workstation problem?
> Can you try VirtualBox?
> --
> ASOU Masato
> 
> From: Moritz Grimm 
> Date: Wed, 12 May 2021 00:32:42 +0200
> 
>> Hi,
>> 
>> 
>> Networking has become unusable in all of my virtual installs of 6.9 on
>> VMware Workstation after an (otherwise uneventful) sysupgrade from 6.8
>> to 6.9. They've been working for years and I've upgraded them several
>> times without any issues so far.
>> 
>> netstat -ni shows a huge number of Ofail and ping almost always prints
>> and error from sendmsg ("No buffer space available"), but the
>> occasional ping and DNS lookup does go through (at a success rate of
>> <5%). These are the only error messages I am getting.
>> 
>> I'm using vmx(4), but also tried em(4) without any success.
>> 
>> None of the upgrade69.html configuration changes are applicable, and
>> my pf.conf parses without errors in 6.9.
>> 
>> The dmesg output (from version 6.8 below) is almost identical in 6.9,
>> which just shows slightly less memory available.
>> 
>> I've run out of debugging ideas and would appreciate some help. My
>> only "solution" right now was to revert to a 6.8 snapshot. I'm also a
>> bit worried that I might run into similar issues on my bare metal
>> installs (which are all "production"), so I haven't tried those, yet.
>> 
>> 
>> Thanks,
>> 
>> -Moritz
>> 
>> 
>> OpenBSD 6.8 (GENERIC.MP) #5: Mon Feb 22 04:36:10 MST 2021
>> 
>> r...@syspatch-68-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>> real mem = 519962624 (495MB)
>> avail mem = 489213952 (466MB)
>> random: good seed from bootblocks
>> mpath0 at root
>> scsibus0 at mpath0: 256 targets
>> mainbus0 at root
>> bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe0010 (620 entries)
>> bios0: vendor Phoenix Technologies LTD version "6.00" date 02/27/2020
>> bios0: VMware, Inc. VMware Virtual Platform
>> acpi0 at bios0: ACPI 4.0
>> acpi0: sleep states S0 S1 S4 S5
>> acpi0: tables DSDT FACP BOOT APIC MCFG SRAT HPET WAET
>> acpi0: wakeup devices PCI0(S3) USB_(S1) P2P0(S3) S1F0(S3) S2F0(S3)
>> S8F0(S3) S16F(S3) S17F(S3) S18F(S3) S22F(S3) S23F(S3) S24F(S3)
>> S25F(S3) PE40(S3) S1F0(S3) PE50(S3) [...]
>> acpitimer0 at acpi0: 3579545 Hz, 24 bits
>> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
>> cpu0 at mainbus0: apid 0 (boot processor)
>> cpu0: Intel(R) Core(TM) i7-9850H CPU @ 2.60GHz, 2593.36 MHz, 06-9e-0d
>> cpu0:
>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,CLFLUSHOPT,IBRS,IBPB,STIBP,L1DF,SSBD,ARAT,XSAVEOPT,XSAVEC,XSAVES
>> cpu0: 256KB 64b/line 8-way L2 cache
>> cpu0: smt 0, core 0, package 0
>> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
>> cpu0: apic clock running at 65MHz
>> cpu1 at mainbus0: apid 2 (application processor)
>> cpu1: Intel(R) Core(TM) i7-9850H CPU @ 2.60GHz, 2593.40 MHz, 06-9e-0d
>> cpu1:
>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,CLFLUSHOPT,IBRS,IBPB,STIBP,L1DF,SSBD,ARAT,XSAVEOPT,XSAVEC,XSAVES
>> cpu1: 256KB 64b/line 8-way L2 cache
>> cpu1: smt 0, core 0, package 2
>> ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
>> acpimcfg0 at acpi0
>> acpimcfg0: addr 0xf000, bus 0-127
>> acpihpet0 at acpi0: 14318179 Hz
>> acpiprt0 at acpi0: bus 0 (PCI0)
>> acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001
>> acpicmos0 at acpi0
>> "PNP0A05" at acpi0 not configured
>> acpibat0 at acpi0: BAT1 model "VMware Virtual Batt"
>> acpiac0 at acpi0: AC unit online
>> "PNP0A05" at acpi0 not configured
>> "PNP0A05" at acpi0 not configured
>> "PNP0A05" at acpi0 not configured
>> "PNP0A05" at acpi0 not configured
>> "PNP0A05" at acpi0 not configured
>> acpicpu0 at acpi0: C1(@1 halt!)
>> acpicpu1 at acpi0: C1(@1 halt!)
>> pvbus0 at mainbus0: VMware
>> vmt0 at pvbus0
>> pci0 at mainbus0 bus 0
>> pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x01
>> ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x01
>> pci1 at ppb0 bus 1
>> pcib0 at pci0 dev 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x08
>> pciide0 at pci0 dev 7 function 1 "Intel 82371AB IDE" rev 

OpenBSD 6.9 ports upgrade failures

[Артём Мазуров]

Hello.
I'm trying to upgrade ports after upgrading os to 6.9, but I get a lot
of failures from various packages and I don't know how to approach them.
One of those packages is python-3.8.6p0 -> python-3.8.8p0.

>quirks-4.9 signed on 2021-05-11T16:31:32Z
>Can't install python-3.8.8p0 because of libraries
>|library ssl.48.2 not found
>| /usr/lib/libssl.so.48.1 (system): minor is too small
>| /usr/lib/libssl.so.49.0 (system): bad major
>Direct dependencies for python-3.8.6p0->3.8.8p0 resolve to libffi-3.3
>sqlite3-3.35.5 gettext-runtime-0.21p1 bzip2-1.0.8p0 xz-5.2.5>Full
>dependency tree is sqlite3-3.35.5 gettext-runtime-0.21p1 xz-5.2.5
>bzip2-1.0.8p0 libiconv-1.16p0 libffi-3.3
>
>Couldn't find updates for python-3.8.6p0
>Couldn't install python-3.8.8p0

What should I make of this ?

Re: IKEv2: CHILD_SA is not created

[Денис Давыдов]

I tried to specify an explicit parameter -T to disable NAT-Traversal
auto-detection and use `local' parameter. Also according to your advice
tried a configuration like this:

ikev2 crypto-primary active esp \
  from any to any \
  local 1.1.1.1 peer 7.7.7.7 \
  ikesa auth hmac-sha2-256 enc aes-256 prf hmac-sha2-256 group modp2048
\
  childsa auth hmac-sha2-256 enc aes-256 group modp2048 \
  ikelifetime 86400 lifetime 28800 \
  psk "secret"

And I got:

May 12 08:45:17 crypto-gw2 iked[17640]: ikev2_pld_payloads: decrypted
payload TSi nextpayload TSr critical 0x00 length 8
May 12 08:45:17 crypto-gw2 iked[17640]: ikev2_pld_tss: count 1 length 0
May 12 08:45:17 crypto-gw2 iked[17640]: ikev2_validate_ts: malformed
payload: too short for header (0 < 8)
May 12 08:45:17 crypto-gw2 iked[17640]: ikev2_validate_pld: malformed
payload: shorter than minimum header size (0 < 4)

Full log: https://pastebin.com/MLC4VXSs

P.S. Tried removing the ikelifetime and lifetime parameters as well. Did
not help, the same behavior.

On Tue, May 11, 2021 at 7:43 PM Tobias Heider 
wrote:

> From my limited understanding of cisco ASA configs i can't see any
> obvious problems.
>
> You could try setting 'from any to any' on your side to see how the server
> responds. If the server is configured to narrow traffic selectors, the
> handshake
> should succeed and the log will tell you the exact traffic selectors you
> need
> in your config (look for ikev2_pld_ts in the verbose log).
>
> On Tue, May 11, 2021 at 01:47:53PM +0300, Денис Давыдов wrote:
> > Tobias,
> >
> > The remote side gave me their Cisco ASA 5585 settings and they showed the
> > logs:
> >
> > object network Svc_2_2_2_2
> > host 2.2.2.2
> > object network Svc_3_3_3_3
> > host 3.3.3.3
> > crypto ipsec ikev2 ipsec-proposal ESP-AES256-SHA2
> > protocol esp encryption aes-256
> > protocol esp integrity sha-256
> >
> > object-group network Customer
> > description Customer
> > network-object 10.21.139.8 255.255.255.252
> > object-group network ISP-to-Customer
> > description ISP-to-Customer
> > network-object object Svc_2_2_2_2
> > network-object object Svc_3_3_3_3
> > access-list outside_cryptomap_2470 extended permit ip object-group
> > ISP-to-Customer object-group Customer
> > crypto ipsec ikev2 ipsec-proposal ESP-AES256-SHA2
> > crypto map outside_map 2470 match address outside_cryptomap_2470
> > crypto map outside_map 2470 set pfs group14
> > crypto map outside_map 2470 set connection-type answer-only
> > crypto map outside_map 2470 set peer 1.1.1.1
> > crypto map outside_map 2470 set ikev2 ipsec-proposal ESP-AES256-SHA2
> > crypto map outside_map 2470 set nat-t-disable
> > crypto map outside_map 2470 set reverse-route
> > crypto ikev2 policy 100
> > encryption aes-256
> > integrity sha
> > group 21 20 19 24 14 5 2
> > prf sha
> > lifetime seconds 28800
> > tunnel-group 1.1.1.1 type ipsec-l2l
> > tunnel-group 1.1.1.1 general-attributes
> > default-group-policy GroupPolicy-Def-IKE2
> > tunnel-group 1.1.1.1 ipsec-attributes
> > ikev1 pre-shared-key *
> > ikev2 remote-authentication pre-shared-key *
> > ikev2 local-authentication pre-shared-key *
> >  ikev2 local-authentication pre-shared-key *
> >
> > asa-8m-a5-820-l2l/sec/act# sh logg | i 1.1.1.1
> > May 11 2021 13:35:11: %ASA-7-609001: Built local-host outside:1.1.1.1
> > May 11 2021 13:35:11: %ASA-6-302015: Built inbound UDP connection
> > 1392894457 for outside:1.1.1.1/500 (1.1.1.1/500) to identity:7.7.7.7/500
> (
> > 7.7.7.7/500)
> > May 11 2021 13:35:11: %ASA-7-713906: IKE Receiver: Packet received on
> > 7.7.7.7:500 from 1.1.1.1:500
> > May 11 2021 13:35:11: %ASA-5-750002: Local:7.7.7.7:500 Remote:
> 1.1.1.1:500
> > Username:Unknown IKEv2 Received a IKE_INIT_SA request
> > May 11 2021 13:35:11: %ASA-7-713906: IKE Receiver: Packet received on
> > 7.7.7.7:500 from 1.1.1.1:500
> > May 11 2021 13:35:11: %ASA-5-750007: Local:7.7.7.7:500 Remote:
> 1.1.1.1:500
> > Username:1.1.1.1 IKEv2 SA DOWN. Reason: application initiated
> > May 11 2021 13:35:11: %ASA-4-113019: Group = 1.1.1.1, Username = 1.1.1.1,
> > IP = 1.1.1.1, Session disconnected. Session Type: LAN-to-LAN, Duration:
> > 0h:05m:00s, Bytes xmt: 0, Bytes rcv: 0, Reason: IKE Delete
> > May 11 2021 13:35:11: %ASA-5-750006: Local:7.7.7.7:500 Remote:
> 1.1.1.1:500
> > Username:1.1.1.1 IKEv2 SA UP. Reason: New Connection Established
> > May 11 2021 13:35:11: %ASA-6-113009: AAA retrieved default group policy
> > (GroupPolicy-Def-IKE2) for user = 1.1.1.1
> >
> >
> > P.S. This is strange, but with another provider, which has the Cisco ASA
> > 5585-SSP10, there are no such problems.
> >
> > --
> > Sincerely,
> > Denis
> >
> > On Fri, May 7, 2021 at 1:10 PM Tobias Heider 
> > wrote:
> >
> > > On Fri, May 07, 2021 at 12:17:35PM +0300, Денис Давыдов wrote:
> > > > Hello all,
> > > >
> > > > I can't understand why I got SA_INIT timeout:
> > > > May  5 13:18:54 crypto-gw2 iked[65530]: spi=0x73bcd531eb2e8899:
> sa_free:
> > > > SA_INIT timeout
> 

Re: Sparc64 LDOM not working past OpenBSD 6.5

[Andrew Grillet]

I have a T1000, and it runs 6.9 in primary and 7 guests.
However, attempts to create and install a new ldom config result
in complete loss of the device tree, and consequent inability to boot.

restore to factory, and then restore the ldom config created with OBSD 6.3
will produce a working system.

This system is available and currently could be used for testing, although
not on the public internet, and only during office hours in Europe/London
timezone - machine must be shut down out of office hours.

Andrew
.

On Wed, 12 May 2021 at 03:22, Ax0n  wrote:
>
> I have a SunFire T2000 that I originally installed 6.1 on. I set up LDOMs
> way back in May 2017. I kept all of the domains up to date until OpenBSD
> 6.6. After that, LDOMs would no longer work. The system would not boot
> unless I reverted back to the single domain default using
> bootmode config="factory-default"
>
> I kind of just forgot about the machine until 6.7 came out. I upgraded, and
> got the same errors upon trying to boot. I re-generated the LDOM config as
> outlined in this blog post I wrote:
>
> http://www.h-i-r.net/2017/05/logical-domains-on-sunfire-t2000-with.html
>
> That is, I dumped the factory-default config, used it as a template for the
> new LDOM configuration, edited a config file, applied the config to the
> directory and used ldomctl download to apply the LDOM config before
> resetting the system.
>
> Specifically, the errors I get now (and yes, some are repeats, but it's ALL
> I get from the console while booting) are:
>
> ERROR: /pci@780: Invalid hypervisor argument(s). function: b4
> ERROR: /pci@780: Invalid hypervisor argument(s). function: b4
> ERROR: /pci@780: Invalid hypervisor argument(s). function: b5
> WARNING: /pci@7c0/pci@0/pci@1/network: Missing network-vpd MD node
> WARNING: /pci@7c0/pci@0/pci@1/network: Missing network-vpd MD node
>
> And after that, the system hangs and I must exit to the ALOM system
> controller prompt to do anything further, such as revert the configuration
> and reset to make the system able to boot again.
>
> I searched and found one other person with this problem a while back ago,
> but no resolution. I have hardware right here in front of me and I'm not
> afraid to run -CURRENT and/or test patches to help. I am also willing to
> provide remote SSH access to the system controller if someone wants to hack
> on the hardware directly if it would help, though I think there are a few
> LDOM-capable sparc64 machines in developers' hands already.
>
> dmesg:
> console is /virtual-devices@100/console@1
> Copyright (c) 1982, 1986, 1989, 1991, 1993
> The Regents of the University of California.  All rights reserved.
> Copyright (c) 1995-2021 OpenBSD. All rights reserved.
> https://www.OpenBSD.org
>
> OpenBSD 6.9 (GENERIC.MP) #794: Sun Apr 18 12:34:31 MDT 2021
> dera...@sparc64.openbsd.org:/usr/src/sys/arch/sparc64/compile/GENERIC.MP
> real mem = 34225520640 (32640MB)
> avail mem = 33608228864 (32051MB)
> random: good seed from bootblocks
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root: Sun Fire T200
> cpu0 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz
> cpu1 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz
> cpu2 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz
> cpu3 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz
> cpu4 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz
> cpu5 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz
> cpu6 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz
> cpu7 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz
> cpu8 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz
> cpu9 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz
> cpu10 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz
> cpu11 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz
> cpu12 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz
> cpu13 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz
> cpu14 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz
> cpu15 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz
> cpu16 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz
> cpu17 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz
> cpu18 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz
> cpu19 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz
> cpu20 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz
> cpu21 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz
> cpu22 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz
> cpu23 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz
> cpu24 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz
> cpu25 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz
> cpu26 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz
> cpu27 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz
> cpu28 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz
> cpu29 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz
> cpu30 at mainbus0: SUNW,UltraSPARC-T1 (rev 0.0) @ 1200 MHz
> cpu31 at mainbus0: