default authentication-failed page
This is incredibly basic, but after reading httpd.conf(5) and random web searches, I’ve been unable to determine how to customize the default failed login page (from the "authenticate” directive in httpd.conf) to be something other than: 401 Unauthorized OpenBSD httpd I guessing this means that it cannot be customized, but would be thrilled if someone knew a way. K.
Re: SSL issue on 6.8 arm64 when upgrading to 6.9
On Fri, June 18, 2021 23:27, Theo de Raadt wrote: > Your clock is wrong. The boot process had such a line telling me my clock was wrong, but every date command got me the right date and time, so I ignored the message. >> Unable to connect using https. Use http instead? [no] > > Say yes. (And thus, understand and accept that openbsd file > distribution is signed using a very reliable static key -- more > than good enough). That did it. Using different mirror on http made it through. thanks, matheus -- "We will call you Cygnus, the God of balance you shall be."
Re: SSL issue on 6.8 arm64 when upgrading to 6.9
On Fri, 18 Jun 2021 23:21:40 -0300, "Nenhum_de_Nos" wrote: > TLS handshake failure: handshake failed: error:1404B410:SSL > routines:ST_CONNECT:sslv3 alert handshake failure > > is also present when I try to install any package on 6.8. I looked > for it over google and found no clues, just one patch that looks like > to issue tihs, but a full recompile would last longer then a fresh > 6.9 install. There was a problem a few days ago with cloudflare: https://marc.info/?l=openbsd-bugs=162336101708589=2 It seems it's still the case for me: $ nc -zvc cloudflare.cdn.openbsd.org 443 Connection to cloudflare.cdn.openbsd.org (104.17.249.92) 443 port [tcp/https] succeeded! nc: tls handshake failed (handshake failed: error:1404B42E:SSL routines:ST_CONNECT:tlsv1 alert protocol version) https://www.ssllabs.com/ssltest/analyze.html?d=cloudflare.cdn.openbsd.org says Assessment failed: Failed to communicate with the secure server I would try another CDN/mirror if I were you: $ nc -zvc fastly.cdn.openbsd.org 443 Connection to fastly.cdn.openbsd.org (151.101.126.217) 443 port [tcp/https] succeeded! TLS handshake negotiated TLSv1.2/ECDHE-RSA-AES128-GCM-SHA256 with host fastly.cdn.openbsd.org Peer name: fastly.cdn.openbsd.org Subject: /CN=fastly.cdn.openbsd.org Issuer: /C=BE/O=GlobalSign nv-sa/CN=GlobalSign Atlas R3 DV TLS CA 2020 Valid From: Mon Feb 22 20:12:22 2021 Valid Until: Sat Mar 26 20:12:22 2022 Cert Hash: SHA256:ca2b5d20050ce1e32adb901ed2fdffc2613b6f1ecec2fa89efa2338d8e8e6a96 OCSP URL: http://ocsp.globalsign.com/ca/gsatlasr3dvtlsca2020 Cheers, Daniel
Re: SSL issue on 6.8 arm64 when upgrading to 6.9
Your clock is wrong. > Unable to connect using https. Use http instead? [no] Say yes. (And thus, understand and accept that openbsd file distribution is signed using a very reliable static key -- more than good enough).
SSL issue on 6.8 arm64 when upgrading to 6.9
Hi, I can't update my raspberry pi 3B to 6.9. I get errors like this: Let's upgrade the sets! Location of sets? (disk http nfs or 'done') [http] HTTP proxy URL? (e.g. 'http://proxy:8080', or 'none') [none] (Unable to get list from ftp.openbsd.org, but that is OK) HTTP Server? (hostname or 'done') [cloudflare.cdn.openbsd.org] Server directory? [pub/OpenBSD/6.9/arm64] Unable to connect using https. Use http instead? [no] Location of sets? (disk http nfs or 'done') [http] HTTP proxy URL? (e.g. 'http://proxy:8080', or 'none') [none] (Unable to get list from ftp.openbsd.org, but that is OK) HTTP Server? (hostname or 'done') [cloudflare.cdn.openbsd.org] Server directory? [pub/OpenBSD/6.9/arm64] Unable to connect using https. Use http instead? [no] yes Unable to get a verified list of distribution sets. TLS handshake failure: handshake failed: error:1404B410:SSL routines:ST_CONNECT:sslv3 alert handshake failure Looked at http://cloudflare.cdn.openbsd.org/pub/OpenBSD/6.9/arm64 and found no OpenBSD/arm64 6.9 sets. The set names looked for were: bsd man69.tgz xserv69.tgz bsd.mp game69.tgz site69.tgz bsd.rd xbase69.tgz site69-rpi3_obsd.tgz base69.tgz xshare69.tgz comp69.tgz xfont69.tgz This line: TLS handshake failure: handshake failed: error:1404B410:SSL routines:ST_CONNECT:sslv3 alert handshake failure is also present when I try to install any package on 6.8. I looked for it over google and found no clues, just one patch that looks like to issue tihs, but a full recompile would last longer then a fresh 6.9 install. Has anyone seen this? Thanks. matheus -- "We will call you Cygnus, the God of balance you shall be."
Latest iwm firmware disconnects and requires a /bin/sh /etc/netstart iwm0 to reconnect
Possibly initiated by moving to a new access point. Thinkpad T550, Intel AC 7265 /etc/hostname.iwm0: nwid mynet wpakey mykey dhcp dmesg: OpenBSD 6.9-current (GENERIC.MP) #57: Mon Jun 7 14:04:52 MDT 2021 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 12549574656 (11968MB) avail mem = 12153782272 (11590MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xacbfd000 (65 entries) bios0: vendor LENOVO version "N11ET34W (1.10 )" date 08/20/2015 bios0: LENOVO 20CJS1ET00 acpi0 at bios0: ACPI 5.0 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SLIC ASF! HPET ECDT APIC MCFG SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT PCCT SSDT UEFI MSDM BATB FPDT UEFI DMAR acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) XHCI(S3) EHC1(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpihpet0 at acpi0: 14318179 Hz acpiec0 at acpi0 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz, 2195.28 MHz, 06-3d-04 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz, 2194.93 MHz, 06-3d-04 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz, 2194.94 MHz, 06-3d-04 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 1, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i5-5300U CPU @ 2.30GHz, 2194.93 MHz, 06-3d-04 cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,RDSEED,ADX,SMAP,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins acpimcfg0 at acpi0 acpimcfg0: addr 0xf800, bus 0-63 acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus -1 (PEG_) acpiprt2 at acpi0: bus 2 (EXP1) acpiprt3 at acpi0: bus 3 (EXP2) acpiprt4 at acpi0: bus -1 (EXP3) acpibtn0 at acpi0: LID_ acpibtn1 at acpi0: SLPB acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001 acpicmos0 at acpi0 acpibat0 at acpi0: BAT0 model "45N1743" serial 2312 type LiP oem "SONY" acpibat1 at acpi0: BAT1 model "45N1777" serial 590 type LION oem "SANYO" acpiac0 at acpi0: AC unit online acpithinkpad0 at acpi0: version 1.0 "PNP0C14" at acpi0 not configured "PNP0C14" at acpi0 not configured "PNP0C14" at acpi0 not configured "INT340F" at acpi0 not configured acpicpu0 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu1 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu2 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpicpu3 at acpi0: C3(200@233 mwait.1@0x40), C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS acpipwrres0
X11 SIGSEGV on VirtualBox
I'm trying to run xenodm on VirtualBox VM. VirtualBox 6.1.16_Ubuntu r140961 running on Ubuntu 20.04 with Intel card. VM uses VMSVGA display with NO 3D acceleration. Fresh OpenBSD 6.9 install, but I tried latest snapshot - same problem. When starting Xorg server, it crashes with SIGSEGV. Does anybody know why it happens? How can I generate some actionable debug output, such as stacktrace, to help identify root cause? Here is complete /var/log/Xorg.0.log: [13.815] (WW) checkDevMem: failed to open /dev/xf86 and /dev/mem (Operation not permitted) Check that you have set 'machdep.allowaperture=1' in /etc/sysctl.conf and reboot your machine refer to xf86(4) for details [13.815]linear framebuffer access unavailable [13.858] (--) Using wscons driver on /dev/ttyC4 [13.868] X.Org X Server 1.20.10 X Protocol Version 11, Revision 0 [13.868] Build Operating System: OpenBSD 6.9 amd64 [13.868] Current Operating System: OpenBSD ws.etacassiopeiae.net 6.9 GENERIC#4 amd64 [13.868] Build Date: 19 April 2021 11:06:48AM [13.868] [13.868] Current version of pixman: 0.38.4 [13.868]Before reporting problems, check http://wiki.x.org to make sure that you have the latest version. [13.868] Markers: (--) probed, (**) from config file, (==) default setting, (++) from command line, (!!) notice, (II) informational, (WW) warning, (EE) error, (NI) not implemented, (??) unknown. [13.868] (==) Log file: "/var/log/Xorg.0.log", Time: Fri Jun 18 21:17:03 2021 [13.869] (==) Using system config directory "/usr/X11R6/share/X11/xorg.conf.d" [13.871] (==) No Layout section. Using the first Screen section. [13.871] (==) No screen section available. Using defaults. [13.871] (**) |-->Screen "Default Screen Section" (0) [13.871] (**) | |-->Monitor "" [13.877] (==) No monitor specified for screen "Default Screen Section". Using a default monitor configuration. [13.877] (==) Automatically adding devices [13.877] (==) Automatically enabling devices [13.877] (==) Not automatically adding GPU devices [13.877] (==) Max clients allowed: 256, resource mask: 0x1f [13.883] (==) FontPath set to: /usr/X11R6/lib/X11/fonts/misc/, /usr/X11R6/lib/X11/fonts/TTF/, /usr/X11R6/lib/X11/fonts/OTF/, /usr/X11R6/lib/X11/fonts/Type1/, /usr/X11R6/lib/X11/fonts/100dpi/, /usr/X11R6/lib/X11/fonts/75dpi/ [13.883] (==) ModulePath set to "/usr/X11R6/lib/modules" [13.883] (II) The server relies on wscons to provide the list of input devices. If no devices become available, reconfigure wscons or disable AutoAddDevices. [13.883] (II) Loader magic: 0x897417d3f10 [13.883] (II) Module ABI versions: [13.883]X.Org ANSI C Emulation: 0.4 [13.883]X.Org Video Driver: 24.1 [13.883]X.Org XInput driver : 24.1 [13.883]X.Org Server Extension : 10.0 [13.885] (--) PCI:*(0@0:2:0) 15ad:0405:15ad:0405 rev 0, Mem @ 0xe000/33554432, 0xf000/2097152, I/O @ 0xd000/16 [13.885] (II) LoadModule: "glx" [13.887] (II) Loading /usr/X11R6/lib/modules/extensions/libglx.so [13.898] (II) Module glx: vendor="X.Org Foundation" [13.898]compiled for 1.20.10, module version = 1.0.0 [13.898]ABI class: X.Org Server Extension, version 10.0 [13.898] (==) Matched vmware as autoconfigured driver 0 [13.898] (==) Matched vesa as autoconfigured driver 1 [13.898] (==) Assigned the driver to the xf86ConfigLayout [13.898] (II) LoadModule: "vmware" [13.898] (II) Loading /usr/X11R6/lib/modules/drivers/vmware_drv.so [13.899] (II) Module vmware: vendor="X.Org Foundation" [13.899]compiled for 1.20.10, module version = 13.1.0 [13.899]Module class: X.Org Video Driver [13.899]ABI class: X.Org Video Driver, version 24.1 [13.899] (II) LoadModule: "vesa" [13.900] (II) Loading /usr/X11R6/lib/modules/drivers/vesa_drv.so [13.901] (II) Module vesa: vendor="X.Org Foundation" [13.901]compiled for 1.20.10, module version = 2.3.4 [13.901]Module class: X.Org Video Driver [13.902]ABI class: X.Org Video Driver, version 24.1 [13.902] (II) vmware: driver for VMware SVGA: vmware0405, vmware0710 [13.902] (II) VESA: driver for VESA chipsets: vesa [13.902] (WW) Falling back to old probe method for vesa [13.902] (II) vmware(0): Driver was compiled without KMS- and 3D support. [13.902] (WW) vmware(0): Disabling 3D support. [13.902] (WW) vmware(0): Disabling Render Acceleration. [13.902] (WW) vmware(0): Disabling RandR12+ support. [13.902] (--) vmware(0): VMware SVGA regs at (0xd000, 0xd001) [13.902] (II) Loading sub module "vgahw" [13.902] (II) LoadModule: "vgahw" [13.903] (II) Loading /usr/X11R6/lib/modules/libvgahw.so [13.903] (II) Module vgahw: vendor="X.Org Foundation" [13.903]compiled for 1.20.10,
Re: secure.io domain
how much?
Re: Machine age and OpenBSD - Thinkpad R51e
Hi, For other reason I'm not comfortable pushing that way, capacitors can give up after quite long time thus I'd probably check for 3-6 years old. Though I don't apply this to myself, I got a 20+ years Toshiba and very happy. Except the graphic card gave up so I it runs console, but I'm still happy with it for it woks well for purposes I need it. I found out OpenBSD is about the only universally running os, hardly found hw it could'nt support though as you mentionned peripherals could be missing. NB heat is aging faster, so consider underclocking, might not be popular but I usually do that for this purpose. Laptops can get quite warm. J.-François Le 16/06/2021 à 02:14, Thomas Vetere a écrit : Hello everyone, I was looking to get a laptop to run OpenBSD. The one I am looking at in particular is the Thinkpad R51e (2005). I like this particular model because it does not come with any extra hardware that OpenBSD does not support in the first place (bluetooth, camera, etc.) My main concern is the longevity that this model would have going forward. I already have a '94 Thinkpad that cannot run the latest OpenBSD well because hardware support was gradually dropped during code cleanups, etc (i.e. newer versions of X11 removed support for my ancient graphics chip because it just wasn't worth the time to maintain the code). Does anyone know, given the age of that model, how many years I might get out of it with OpenBSD and its packaged software before hardware support starts to drop? What is a good rule of thumb for selecting a machine to run OpenBSD with respect to its age? Thank you for your help!
secure.io domain
Would you consider selling this domain? -- Andy Booth Telephone: (+350) 5600-2587 Email: a...@booth.com Address: Booth.com, Ltd., Suite 4, 4 Giro's Passage, Gibraltar, GX11 1AA "Knowledge speaks, but wisdom listens." - Jimi Hendrix
Re: Counting traffic of one host through an OpenBSD computer
On 6/17/21 10:51 PM, Ibsen S Ripsbusker wrote: > My great and good friends, > > I want to know how much network traffic a Windows computer is > responsible for. The Windows computer is connected to a switch, > the switch is connected to a router running OpenBSD, and the router is > connected eventually to the internet service provider. > > Windows -- Switch OpenBSD ISP > Other computers --/ > > How can I find out how many bytes this Windows computer sent or received > through the router within some time period? There are several ways to do this, at least a couple will involve minor surgery on your PF rule set. One way is to set up with labels to your liking (see eg http://home.nuug.no/~peter/pftutorial/#97 and following) which you can then query. The other obvious candidate is to set up for pflow export (see eg http://home.nuug.no/~peter/pftutorial/#102 and following with links therein). Both of these approaches will get you the data, with potential for further fun (see eg https://bsdly.blogspot.com/2014/02/yes-you-too-can-be-evil-network.html) All the best, Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: TTY Count
Brian Empson wrote: > What is the proper way to increase the number of TTYs available on the > system? I have alot of users logged in on a machine and we run out of > TTYs every once in awhile. I guess you mean ptys. By default the system ships with 1 group of ptys (a group is 62), and can support up to 15 sets (for a total of 992) This is partially documented in the pty(4) manual page. You can add additional sets by running MAKEDEV, this adds 3 more sets: # cd /dev # sh MAKEDEV pty1 pty2 pty3
TTY Count
What is the proper way to increase the number of TTYs available on the system? I have alot of users logged in on a machine and we run out of TTYs every once in awhile. Thanks, Brian
can't set export GPG_TTY=$(tty)
hi everyone i have added export GPG_TTY=$(tty); eval $(gpg-agent --daemon) to my .profile file and also tried adding it to my .zshrc, my window manager is I3, when i open a terminal and and type env | grep GPG_TTY i get GPG_TTY=not a tty, if i run the export command in the terminal then i get GPG_TTY=/dev/ttype3 . where should i be putting the export command so that there is a tty ready when the terminal is opened. shadrock
APU4 pf performance fluctuations
It is well known that the APU2/4 underperforms when used as a router with OpenBSD, but I found that the throughput fluctuates quite a bit, and I think it has to do with CPU allocation and interrupts. My trivial setup simulating a home router/gateway: hostname.em0: dhcp hostname.em1: inet 10.3.2.1 255.255.255.0 pf.conf: pass match out on em0 inet from !(em0:network) to any nat-to (em0) Nothing else is running on the router, and throughput is tested with a simple iperf3 TCP benchmark between linux hosts on each side of the router, capped att 600 Mbit/s to get a stable baseline: iperf3 -b600M (that's just under the maximum throughput I saw, around 620 Mbit/s) I noticed that the speed always starts at a clean 600 Mbit/s, then eventually backs down to 4-500 Mbit/s, then back up again. The interval is on the order of a minute, but varies greatly. Looking at "systat cpu" during the transfer I noticed that during the fast speed, CPU 1 and 2 were busy at 45% each, while CPU 0 was handling interrupts at 25%. CPUUser Nice SystemSpin InterruptIdle 0 0.0% 0.0%0.0%0.4% 25.0% 74.7% 1 0.0% 0.0% 45.3%1.0%0.0% 53.7% 2 0.0% 0.0% 44.7%0.8%0.0% 54.5% 3 0.0% 0.0%0.0%0.0%0.0%100% This could go on for seconds up to minutes. Eventually whatever was running on CPU 1 and 2 migrated up to CPU 0, causing the bandwidth to drop down to 4-500 Mbit/s: CPUUser Nice SystemSpin InterruptIdle 0 0.0% 0.0% 76.8%1.0% 22.2%0.0% 1 0.0% 0.0%0.0%0.0%0.0%100% 2 0.0% 0.0%0.0%0.0%0.0%100% 3 0.0% 0.0%0.0%0.0%0.0%100% Now, waiting even further, I saw that the "System" load could sometimes move back to an idle core, and then the speed would get back to 600 Mbit/s again: CPUUser Nice SystemSpin InterruptIdle 0 0.0% 0.0%0.2%0.2% 23.0% 76.6% 1 0.0% 0.0% 99.0%1.0%0.0%0.0% 2 0.0% 0.0%0.0%0.0%0.0%100% 3 0.0% 0.0%0.0%0.0%0.0%100% I'm guessing that the interrupts are all tied to CPU 0 in hardware, and that whatever process that handles the networking initially selects one or more random idle core. Then, the system thinks "Aha, we should run these on the same core that handles the interrupts", moves them over, which then starves that core. This tells me that the rumour that OpenBSD can't use more than one core on this little device is not completely true. It works well for a long time initially with the load shared between two cores, while a third handles interrupts. Does this make sense? Is there a way to enforce the "shared cores" behaviour? // Anders