Re: 7.5 install crashes on "entry point at 0x1001000" HP Elitebook 840 G10

[Comète]

Hello,

This is a link to a screenshot, I can't copy/paste at this step:

https://ibb.co/tpr8zBz

Thanks a lot !

Comete

Le 24 mai 2024 20:38:45 GMT+02:00, Mike Larkin  a écrit :
>On Fri, May 24, 2024 at 06:59:24AM +0000, Comète wrote:
>> Thanks Sven,
>>
>> I can't install OpenBDS because I get the error when trying to boot the 
>> install image.
>>
>> Comete
>>
>
>At the boot> prompt, can you show what "mach mem" prints?
>
>Thanks
>
>-ml
>
>> 24 mai 2024 07:48 "Sven Wolf"  a écrit:
>>
>> > Hi,
>> >
>> > I had a silimar issue on a Lenovo V130.
>> > For this machine I needed to remove the amdgpu driver in the kernel.
>> >
>> > See also:
>> > https://marc.info/?l=openbsd-misc=160232897421774=2
>> > https://marc.info/?l=openbsd-tech=160383074317608=2
>> >
>> > Do you get the error "entry point at 0x1001000" also with the bsd.rd 
>> > kernel or only after you
>> > installed the system with the bsd.mp/bsd.sp kernel?
>> >
>> > Best regards,
>> > Sven
>> >
>> > On 5/23/24 22:40, Comète wrote:
>> >
>> >> Hello,
>> >> I tried to install OpenBSD 7.5 on a new HP Elitebook 840 G10 (UEFI 
>> >> capable only) without success.
>> >> It is stuck at boot on "entry point at 0x1001000".
>> >> Even retried after a BIOS upgrade but no luck either.
>> >> I tried with a snapshot install too with the same result.
>> >> I post here what lspci returns from a debian bookworm:
>> >> 00:00.0 Host bridge: Intel Corporation Device a706
>> >> 00:02.0 VGA compatible controller: Intel Corporation Raptor Lake-P [Iris 
>> >> Xe Graphics] (rev 04)
>> >> 00:04.0 Signal processing controller: Intel Corporation Raptor Lake 
>> >> Dynamic Platform and Thermal
>> >> Framework Processor Participant
>> >> 00:06.0 PCI bridge: Intel Corporation Raptor Lake PCIe 4.0 Graphics Port
>> >> 00:06.2 PCI bridge: Intel Corporation Device a73d
>> >> 00:07.0 PCI bridge: Intel Corporation Raptor Lake-P Thunderbolt 4 PCI 
>> >> Express Root Port
>> >> 00:07.2 PCI bridge: Intel Corporation Raptor Lake-P Thunderbolt 4 PCI 
>> >> Express Root Port
>> >> 00:08.0 System peripheral: Intel Corporation GNA Scoring Accelerator 
>> >> module
>> >> 00:0a.0 Signal processing controller: Intel Corporation Raptor Lake 
>> >> Crashlog and Telemetry (rev 01)
>> >> 00:0d.0 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 USB 
>> >> Controller
>> >> 00:0d.2 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 NHI
>> >> 00:0d.3 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 NHI
>> >> 00:14.0 USB controller: Intel Corporation Alder Lake PCH USB 3.2 xHCI 
>> >> Host Controller (rev 01)
>> >> 00:14.2 RAM memory: Intel Corporation Alder Lake PCH Shared SRAM (rev 01)
>> >> 00:14.3 Network controller: Intel Corporation Raptor Lake PCH CNVi WiFi 
>> >> (rev 01)
>> >> 00:15.0 Serial bus controller: Intel Corporation Alder Lake PCH Serial IO 
>> >> I2C Controller #0 (rev
>> >> 01)
>> >> 00:16.0 Communication controller: Intel Corporation Alder Lake PCH HECI 
>> >> Controller (rev 01)
>> >> 00:16.3 Serial controller: Intel Corporation Alder Lake AMT SOL 
>> >> Redirection (rev 01)
>> >> 00:1c.0 PCI bridge: Intel Corporation Alder Lake PCH-P PCI Express Root 
>> >> Port #9 (rev 01)
>> >> 00:1e.0 Communication controller: Intel Corporation Alder Lake PCH UART 
>> >> #0 (rev 01)
>> >> 00:1e.2 Serial bus controller: Intel Corporation Alder Lake SPI 
>> >> Controller (rev 01)
>> >> 00:1f.0 ISA bridge: Intel Corporation Raptor Lake LPC/eSPI Controller 
>> >> (rev 01)
>> >> 00:1f.3 Multimedia audio controller: Intel Corporation Raptor Lake-P/U/H 
>> >> cAVS (rev 01)
>> >> 00:1f.4 SMBus: Intel Corporation Alder Lake PCH-P SMBus Host Controller 
>> >> (rev 01)
>> >> 00:1f.5 Serial bus controller: Intel Corporation Alder Lake-P PCH SPI 
>> >> Controller (rev 01)
>> >> 02:00.0 Non-Volatile memory controller: SK hynix BC901 NVMe Solid State 
>> >> Drive (DRAM-less) (rev 03)
>> >> 57:00.0 Wireless controller [0d40]: Intel Corporation XMM7560 LTE 
>> >> Advanced Pro Modem (rev 01)
>> >>> Thanks for your help.
>> >> Comete
>>

-- 
Envoyé de mon téléphone. Excusez la brièveté.

Re: 7.5 install crashes on "entry point at 0x1001000" HP Elitebook 840 G10

[Comète]

Thanks Sven,

I can't install OpenBDS because I get the error when trying to boot the install 
image.

Comete

24 mai 2024 07:48 "Sven Wolf"  a écrit:

> Hi,
> 
> I had a silimar issue on a Lenovo V130.
> For this machine I needed to remove the amdgpu driver in the kernel.
> 
> See also:
> https://marc.info/?l=openbsd-misc=160232897421774=2
> https://marc.info/?l=openbsd-tech=160383074317608=2
> 
> Do you get the error "entry point at 0x1001000" also with the bsd.rd kernel 
> or only after you
> installed the system with the bsd.mp/bsd.sp kernel?
> 
> Best regards,
> Sven
> 
> On 5/23/24 22:40, Comète wrote:
> 
>> Hello,
>> I tried to install OpenBSD 7.5 on a new HP Elitebook 840 G10 (UEFI capable 
>> only) without success.
>> It is stuck at boot on "entry point at 0x1001000".
>> Even retried after a BIOS upgrade but no luck either.
>> I tried with a snapshot install too with the same result.
>> I post here what lspci returns from a debian bookworm:
>> 00:00.0 Host bridge: Intel Corporation Device a706
>> 00:02.0 VGA compatible controller: Intel Corporation Raptor Lake-P [Iris Xe 
>> Graphics] (rev 04)
>> 00:04.0 Signal processing controller: Intel Corporation Raptor Lake Dynamic 
>> Platform and Thermal
>> Framework Processor Participant
>> 00:06.0 PCI bridge: Intel Corporation Raptor Lake PCIe 4.0 Graphics Port
>> 00:06.2 PCI bridge: Intel Corporation Device a73d
>> 00:07.0 PCI bridge: Intel Corporation Raptor Lake-P Thunderbolt 4 PCI 
>> Express Root Port
>> 00:07.2 PCI bridge: Intel Corporation Raptor Lake-P Thunderbolt 4 PCI 
>> Express Root Port
>> 00:08.0 System peripheral: Intel Corporation GNA Scoring Accelerator module
>> 00:0a.0 Signal processing controller: Intel Corporation Raptor Lake Crashlog 
>> and Telemetry (rev 01)
>> 00:0d.0 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 USB 
>> Controller
>> 00:0d.2 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 NHI
>> 00:0d.3 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 NHI
>> 00:14.0 USB controller: Intel Corporation Alder Lake PCH USB 3.2 xHCI Host 
>> Controller (rev 01)
>> 00:14.2 RAM memory: Intel Corporation Alder Lake PCH Shared SRAM (rev 01)
>> 00:14.3 Network controller: Intel Corporation Raptor Lake PCH CNVi WiFi (rev 
>> 01)
>> 00:15.0 Serial bus controller: Intel Corporation Alder Lake PCH Serial IO 
>> I2C Controller #0 (rev
>> 01)
>> 00:16.0 Communication controller: Intel Corporation Alder Lake PCH HECI 
>> Controller (rev 01)
>> 00:16.3 Serial controller: Intel Corporation Alder Lake AMT SOL Redirection 
>> (rev 01)
>> 00:1c.0 PCI bridge: Intel Corporation Alder Lake PCH-P PCI Express Root Port 
>> #9 (rev 01)
>> 00:1e.0 Communication controller: Intel Corporation Alder Lake PCH UART #0 
>> (rev 01)
>> 00:1e.2 Serial bus controller: Intel Corporation Alder Lake SPI Controller 
>> (rev 01)
>> 00:1f.0 ISA bridge: Intel Corporation Raptor Lake LPC/eSPI Controller (rev 
>> 01)
>> 00:1f.3 Multimedia audio controller: Intel Corporation Raptor Lake-P/U/H 
>> cAVS (rev 01)
>> 00:1f.4 SMBus: Intel Corporation Alder Lake PCH-P SMBus Host Controller (rev 
>> 01)
>> 00:1f.5 Serial bus controller: Intel Corporation Alder Lake-P PCH SPI 
>> Controller (rev 01)
>> 02:00.0 Non-Volatile memory controller: SK hynix BC901 NVMe Solid State 
>> Drive (DRAM-less) (rev 03)
>> 57:00.0 Wireless controller [0d40]: Intel Corporation XMM7560 LTE Advanced 
>> Pro Modem (rev 01)
>>> Thanks for your help.
>> Comete

7.5 install crashes on "entry point at 0x1001000" HP Elitebook 840 G10

[Comète]

Hello,

I tried to install OpenBSD 7.5 on a new HP Elitebook 840 G10 (UEFI capable 
only) without success. 
It is stuck at boot on "entry point at 0x1001000".
Even retried after a BIOS upgrade but no luck either.

I tried with a snapshot install too with the same result.

I post here what lspci returns from a debian bookworm:

00:00.0 Host bridge: Intel Corporation Device a706
00:02.0 VGA compatible controller: Intel Corporation Raptor Lake-P [Iris Xe 
Graphics] (rev 04)
00:04.0 Signal processing controller: Intel Corporation Raptor Lake Dynamic 
Platform and Thermal Framework Processor Participant
00:06.0 PCI bridge: Intel Corporation Raptor Lake PCIe 4.0 Graphics Port
00:06.2 PCI bridge: Intel Corporation Device a73d
00:07.0 PCI bridge: Intel Corporation Raptor Lake-P Thunderbolt 4 PCI Express 
Root Port
00:07.2 PCI bridge: Intel Corporation Raptor Lake-P Thunderbolt 4 PCI Express 
Root Port
00:08.0 System peripheral: Intel Corporation GNA Scoring Accelerator module
00:0a.0 Signal processing controller: Intel Corporation Raptor Lake Crashlog 
and Telemetry (rev 01)
00:0d.0 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 USB 
Controller
00:0d.2 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 NHI
00:0d.3 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 NHI
00:14.0 USB controller: Intel Corporation Alder Lake PCH USB 3.2 xHCI Host 
Controller (rev 01)
00:14.2 RAM memory: Intel Corporation Alder Lake PCH Shared SRAM (rev 01)
00:14.3 Network controller: Intel Corporation Raptor Lake PCH CNVi WiFi (rev 01)
00:15.0 Serial bus controller: Intel Corporation Alder Lake PCH Serial IO I2C 
Controller #0 (rev 01)
00:16.0 Communication controller: Intel Corporation Alder Lake PCH HECI 
Controller (rev 01)
00:16.3 Serial controller: Intel Corporation Alder Lake AMT SOL Redirection 
(rev 01)
00:1c.0 PCI bridge: Intel Corporation Alder Lake PCH-P PCI Express Root Port #9 
(rev 01)
00:1e.0 Communication controller: Intel Corporation Alder Lake PCH UART #0 (rev 
01)
00:1e.2 Serial bus controller: Intel Corporation Alder Lake SPI Controller (rev 
01)
00:1f.0 ISA bridge: Intel Corporation Raptor Lake LPC/eSPI Controller (rev 01)
00:1f.3 Multimedia audio controller: Intel Corporation Raptor Lake-P/U/H cAVS 
(rev 01)
00:1f.4 SMBus: Intel Corporation Alder Lake PCH-P SMBus Host Controller (rev 01)
00:1f.5 Serial bus controller: Intel Corporation Alder Lake-P PCH SPI 
Controller (rev 01)
02:00.0 Non-Volatile memory controller: SK hynix BC901 NVMe Solid State Drive 
(DRAM-less) (rev 03)
57:00.0 Wireless controller [0d40]: Intel Corporation XMM7560 LTE Advanced Pro 
Modem (rev 01)


Thanks for your help.

Comete

Re: Lenovo Thinkpad T14 Gen3 very slow on MP kernel, faster on GENERIC

[Comète]

Hi,

so I rebuild with your patch applied but it is still very slow with the bsd.mp 
kernel.

Thanks for you help

Morgan

18 octobre 2023 10:43 "Stuart Henderson"  a écrit:

> On 2023-10-17, Comète  wrote:
> 
>> Hi,
>> 
>> Wow ! you're absolutely right ! If I unplug, no lagg anymore.
>> So the solution should be to apply your patch and rebuild the kernel ?
> 
> It's certainly worth trying. If you do, please report back here.
> 
>> Thanks a lot !
>> 
>> Morgan
>> 
>> 17 octobre 2023 14:24 "Stuart Henderson"  a écrit:
>> 
>>> On 2023-10-16, Comète  wrote:
>> 
>> Hello,
>> 
>> I'm experiencing big slowdowns on a LENOVO Thinkpad T14 Gen3 when using MP 
>> kernel (on 7.3 and 7.4)
>> but strangely not on GENERIC.
>> For example, starting LibreOffice on GENERIC takes 7 seconds but 35 seconds 
>> on MP kernel. It's even
>> lagging when typing some text in an editor or a mail.
>> Switching to GENERIC and all is working as expected...
>> 
>> Thanks for your help !
>> 
>> Morgan
>> 
>> This is my dmesg on both kernels:
>> 
>> OpenBSD 7.4 (GENERIC) #1336: Tue Oct 10 08:52:22 MDT 2023
>> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
>> real mem = 34026549248 (32450MB)
>> avail mem = 32975671296 (31448MB)
>> random: good seed from bootblocks
>> mpath0 at root
>> scsibus0 at mpath0: 256 targets
>> mainbus0 at root
>> bios0 at mainbus0: SMBIOS rev. 3.4 @ 0x8f8a3000 (81 entries)
>> bios0: vendor LENOVO version "N3MET16W (1.15 )" date 06/25/2023
>>> No problem with MP here, but I have an older BIOS -
>>> 
>>> bios0 at mainbus0: SMBIOS rev. 3.4 @ 0x8d8a3000 (81 entries)
>>> bios0: vendor LENOVO version "N3MET12W (1.11 )" date 02/09/2023
>>> 
>>> (grumble stupid US date format)
>> 
>> bios0: LENOVO 21AHCTO1WW
>> efi0 at bios0: UEFI 2.7
>> efi0: Lenovo rev 0x1150
>> acpi0 at bios0: ACPI 6.3
>> acpi0: sleep states S0 S3 S4 S5
>> acpi0: tables DSDT FACP SSDT SSDT SSDT SSDT SSDT TPM2 HPET APIC MCFG ECDT 
>> SSDT SSDT SSDT SSDT SSDT
>> SSDT LPIT WSMT SSDT DBGP DBG2 NHLT MSDM SSDT BATB DMAR SSDT SSDT SSDT BGRT 
>> PHAT UEFI FPDT
>> acpi0: wakeup devices PEG0(S4) PEGP(S4) PEGP(S4) PEG2(S4) PEGP(S4) GLAN(S4) 
>> XHCI(S3) XDCI(S4)
>> HDAS(S4) CNVW(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) [...]
>> acpitimer0 at acpi0: 3579545 Hz, 24 bits
>> acpihpet0 at acpi0: 1920 Hz
>> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
>> cpu0 at mainbus0: apid 0 (boot processor)
>> cpu0: 12th Gen Intel(R) Core(TM) i7-1260P, 2151.34 MHz, 06-9a-03, patch 
>> 042c
>>> and different cpu:
>>> 
>>> cpu0: 12th Gen Intel(R) Core(TM) i5-1245U, 1568.55 MHz, 06-9a-04, patch 
>>> 042c
>>> 
>>> FWIW I can definitely get mine to throttle when it's busy. And your
>>> CPU uses a fair bit more power than mine (I specifically looked for a
>>> U rather than a P cpu for exactly this reason) so I'd guess might be
>>> easier to hit the throttle.
>>> 
>>> The OpenBSD kernel tries to set cpu clock speed high when on mains
>>> power, so it might be worth trying unplugged to see if there's any
>>> difference, or disable that thing with this
>>> 
>>> Index: sched_bsd.c
>>> ===
>>> RCS file: /cvs/src/sys/kern/sched_bsd.c,v
>>> retrieving revision 1.88
>>> diff -u -p -r1.88 sched_bsd.c
>>> --- sched_bsd.c 11 Oct 2023 15:42:44 - 1.88
>>> +++ sched_bsd.c 17 Oct 2023 12:10:41 -
>>> @@ -605,7 +605,7 @@ setperf_auto(void *v)
>>> if (cpu_setperf == NULL)
>>> return;
>>> 
>>> - if (hw_power) {
>>> + if (0 && hw_power) {
>>> speedup = 1;
>>> goto faster;
>>> }

Re: Lenovo Thinkpad T14 Gen3 very slow on MP kernel, faster on GENERIC

[Comète]

Hi,

Wow ! you're absolutely right ! If I unplug, no lagg anymore.
So the solution should be to apply your patch and rebuild the kernel ?

Thanks a lot !

Morgan

17 octobre 2023 14:24 "Stuart Henderson"  a écrit:

> On 2023-10-16, Comète  wrote:
> 
>> Hello,
>> 
>> I'm experiencing big slowdowns on a LENOVO Thinkpad T14 Gen3 when using MP 
>> kernel (on 7.3 and 7.4)
>> but strangely not on GENERIC.
>> For example, starting LibreOffice on GENERIC takes 7 seconds but 35 seconds 
>> on MP kernel. It's even
>> lagging when typing some text in an editor or a mail.
>> Switching to GENERIC and all is working as expected...
>> 
>> Thanks for your help !
>> 
>> Morgan
>> 
>> This is my dmesg on both kernels:
>> 
>> OpenBSD 7.4 (GENERIC) #1336: Tue Oct 10 08:52:22 MDT 2023
>> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
>> real mem = 34026549248 (32450MB)
>> avail mem = 32975671296 (31448MB)
>> random: good seed from bootblocks
>> mpath0 at root
>> scsibus0 at mpath0: 256 targets
>> mainbus0 at root
>> bios0 at mainbus0: SMBIOS rev. 3.4 @ 0x8f8a3000 (81 entries)
>> bios0: vendor LENOVO version "N3MET16W (1.15 )" date 06/25/2023
> 
> No problem with MP here, but I have an older BIOS -
> 
> bios0 at mainbus0: SMBIOS rev. 3.4 @ 0x8d8a3000 (81 entries)
> bios0: vendor LENOVO version "N3MET12W (1.11 )" date 02/09/2023
> 
> (grumble stupid US date format)
> 
>> bios0: LENOVO 21AHCTO1WW
>> efi0 at bios0: UEFI 2.7
>> efi0: Lenovo rev 0x1150
>> acpi0 at bios0: ACPI 6.3
>> acpi0: sleep states S0 S3 S4 S5
>> acpi0: tables DSDT FACP SSDT SSDT SSDT SSDT SSDT TPM2 HPET APIC MCFG ECDT 
>> SSDT SSDT SSDT SSDT SSDT
>> SSDT LPIT WSMT SSDT DBGP DBG2 NHLT MSDM SSDT BATB DMAR SSDT SSDT SSDT BGRT 
>> PHAT UEFI FPDT
>> acpi0: wakeup devices PEG0(S4) PEGP(S4) PEGP(S4) PEG2(S4) PEGP(S4) GLAN(S4) 
>> XHCI(S3) XDCI(S4)
>> HDAS(S4) CNVW(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) [...]
>> acpitimer0 at acpi0: 3579545 Hz, 24 bits
>> acpihpet0 at acpi0: 1920 Hz
>> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
>> cpu0 at mainbus0: apid 0 (boot processor)
>> cpu0: 12th Gen Intel(R) Core(TM) i7-1260P, 2151.34 MHz, 06-9a-03, patch 
>> 042c
> 
> and different cpu:
> 
> cpu0: 12th Gen Intel(R) Core(TM) i5-1245U, 1568.55 MHz, 06-9a-04, patch 
> 042c
> 
> FWIW I can definitely get mine to throttle when it's busy. And your
> CPU uses a fair bit more power than mine (I specifically looked for a
> U rather than a P cpu for exactly this reason) so I'd guess might be
> easier to hit the throttle.
> 
> The OpenBSD kernel tries to set cpu clock speed high when on mains
> power, so it might be worth trying unplugged to see if there's any
> difference, or disable that thing with this
> 
> Index: sched_bsd.c
> ===
> RCS file: /cvs/src/sys/kern/sched_bsd.c,v
> retrieving revision 1.88
> diff -u -p -r1.88 sched_bsd.c
> --- sched_bsd.c 11 Oct 2023 15:42:44 - 1.88
> +++ sched_bsd.c 17 Oct 2023 12:10:41 -
> @@ -605,7 +605,7 @@ setperf_auto(void *v)
> if (cpu_setperf == NULL)
> return;
> 
> - if (hw_power) {
> + if (0 && hw_power) {
> speedup = 1;
> goto faster;
> }

Lenovo Thinkpad T14 Gen3 very slow on MP kernel, faster on GENERIC

[Comète]

Hello,

I'm experiencing big slowdowns on a LENOVO Thinkpad T14 Gen3 when using MP 
kernel (on 7.3 and 7.4) but strangely not on GENERIC. 
For example, starting LibreOffice on GENERIC takes 7 seconds but 35 seconds on 
MP kernel. It's even lagging when typing some text in an editor or a mail.
Switching to GENERIC and all is working as expected...

Thanks for your help !

Morgan

This is my dmesg on both kernels:


OpenBSD 7.4 (GENERIC) #1336: Tue Oct 10 08:52:22 MDT 2023
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 34026549248 (32450MB)
avail mem = 32975671296 (31448MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.4 @ 0x8f8a3000 (81 entries)
bios0: vendor LENOVO version "N3MET16W (1.15 )" date 06/25/2023
bios0: LENOVO 21AHCTO1WW
efi0 at bios0: UEFI 2.7
efi0: Lenovo rev 0x1150
acpi0 at bios0: ACPI 6.3
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SSDT SSDT SSDT SSDT SSDT TPM2 HPET APIC MCFG ECDT SSDT 
SSDT SSDT SSDT SSDT
SSDT LPIT WSMT SSDT DBGP DBG2 NHLT MSDM SSDT BATB DMAR SSDT SSDT SSDT BGRT PHAT 
UEFI FPDT
acpi0: wakeup devices PEG0(S4) PEGP(S4) PEGP(S4) PEG2(S4) PEGP(S4) GLAN(S4) 
XHCI(S3) XDCI(S4)
HDAS(S4) CNVW(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 1920 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: 12th Gen Intel(R) Core(TM) i7-1260P, 2151.34 MHz, 06-9a-03, patch 042c
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,
SE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCI
,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,A
M,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,CLFLUSHOPT,C
WB,PT,SHA,UMIP,PKU,WAITPKG,PKS,MD_CLEAR,IBT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,IBRS_ALL,SKIP_L1DF
,MDS_NO,IF_PSCHANGE,TAA_NO,MISC_PKG_CT,ENERGY_FILT,DOITM,SBDR_SSDP_N,FBSDP_NO,PSDP_NO,RRSBA,OVERCLOC
,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu0: 48KB 64b/line 12-way D-cache, 32KB 64b/line 8-way I-cache, 1MB 64b/line 
10-way L2 cache, 18MB
64b/line 12-way L3 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 38MHz
cpu0: mwait min=64, max=64, C-substates=0.2.0.2.0.1.0.1, IBE
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins
acpimcfg0 at acpi0
acpimcfg0: addr 0xc000, bus 0-255
acpiec0 at acpi0
acpiprt0 at acpi0: bus 0 (PC00)
acpiprt1 at acpi0: bus 2 (PEG0)
acpiprt2 at acpi0: bus -1 (PEG2)
acpiprt3 at acpi0: bus -1 (RP01)
acpiprt4 at acpi0: bus -1 (RP02)
acpiprt5 at acpi0: bus -1 (RP03)
acpiprt6 at acpi0: bus -1 (RP04)
acpiprt7 at acpi0: bus -1 (RP05)
acpiprt8 at acpi0: bus -1 (RP06)
acpiprt9 at acpi0: bus -1 (RP07)
acpiprt10 at acpi0: bus -1 (RP08)
acpiprt11 at acpi0: bus -1 (RP09)
acpiprt12 at acpi0: bus -1 (RP10)
acpiprt13 at acpi0: bus -1 (RP11)
acpiprt14 at acpi0: bus -1 (RP12)
acpiprt15 at acpi0: bus -1 (RP13)
acpiprt16 at acpi0: bus -1 (RP14)
acpiprt17 at acpi0: bus -1 (RP15)
acpiprt18 at acpi0: bus -1 (RP16)
acpiprt19 at acpi0: bus -1 (RP17)
acpiprt20 at acpi0: bus -1 (RP18)
acpiprt21 at acpi0: bus -1 (RP19)
acpiprt22 at acpi0: bus -1 (RP20)
acpiprt23 at acpi0: bus -1 (RP21)
acpiprt24 at acpi0: bus -1 (RP22)
acpiprt25 at acpi0: bus -1 (RP23)
acpiprt26 at acpi0: bus -1 (RP24)
acpiprt27 at acpi0: bus -1 (RP25)
acpiprt28 at acpi0: bus -1 (RP26)
acpiprt29 at acpi0: bus -1 (RP27)
acpiprt30 at acpi0: bus -1 (RP28)
acpiprt31 at acpi0: bus 32 (TRP0)
acpiprt32 at acpi0: bus 80 (TRP2)
acpipci0 at acpi0 PC00: 0x 0x0011 0x0001
acpithinkpad0 at acpi0: version 2.0
acpiac0 at acpi0: AC unit online
acpibat0 at acpi0: BAT0 model "5B10W51867" serial 18480 type LiP oem "Sunwoda"
"LEN0111" at acpi0 not configured
"LEN0100" at acpi0 not configured
"INTC1046" at acpi0 not configured
"INTC1046" at acpi0 not configured
"INTC1046" at acpi0 not configured
"INTC1046" at acpi0 not configured
"LEN0130" at acpi0 not configured
"ELAN0676" at acpi0 not configured
"ACPI000E" at acpi0 not configured
pchgpio0 at acpi0 GPI0 addr 0xfd6e/0x1 0xfd6d/0x1 
0xfd6a/0x1
0xfd69/0x1 irq 14, 360 pins
acpibtn0 at acpi0: SLPB(wakeup)
acpicpu0 at acpi0: C3(200@1048 mwait.1@0x60), C2(350@127 

Re: Webcam support on Lenovo Thinkpad T14 Gen3 (Intel)

[Comète]

$ ffmpeg -f v4l2 -list_formats all -i /dev/video1
ffmpeg version 4.4.3 Copyright (c) 2000-2022 the FFmpeg developers
  built with OpenBSD clang version 13.0.0
  configuration: --enable-shared --arch=amd64 --cc=cc --enable-debug 
--disable-stripping --disable-indev=jack --disable-outdev=sdl2 
--enable-fontconfig --enable-frei0r --enable-gpl --enable-ladspa 
--enable-libaom --enable-libass --enable-libdav1d --enable-libfreetype 
--enable-libfribidi --enable-libgsm --enable-libmp3lame --enable-libopus 
--enable-libspeex --enable-libtheora --enable-libv4l2 --enable-libvorbis 
--enable-libvpx --enable-libx264 --enable-libx265 --enable-libxml2 
--enable-libxvid --enable-libzimg --enable-nonfree --enable-openssl 
--enable-libvidstab --extra-cflags='-I/usr/local/include -I/usr/X11R6/include' 
--extra-libs='-L/usr/local/lib -L/usr/X11R6/lib' --extra-ldsoflags= 
--mandir=/usr/local/man --objcc=/usr/bin/false --optflags='-O2 -pipe -g 
-Wno-redundant-decls'
  libavutil  56. 70.100 / 56. 70.100
  libavcodec 58.134.100 / 58.134.100
  libavformat58. 76.100 / 58. 76.100
  libavdevice58. 13.100 / 58. 13.100
  libavfilter 7.110.100 /  7.110.100
  libswscale  5.  9.100 /  5.  9.100
  libswresample   3.  9.100 /  3.  9.100
  libpostproc55.  9.100 / 55.  9.100
[video4linux2,v4l2 @ 0xdfad921b000] Raw   : Unsupported :Unknown UC 
Format :
/dev/video1: Immediate exit requested


$ ffmpeg -f v4l2 -list_formats all -i /dev/video0
ffmpeg version 4.4.3 Copyright (c) 2000-2022 the FFmpeg developers
  built with OpenBSD clang version 13.0.0
  configuration: --enable-shared --arch=amd64 --cc=cc --enable-debug 
--disable-stripping --disable-indev=jack --disable-outdev=sdl2 
--enable-fontconfig --enable-frei0r --enable-gpl --enable-ladspa 
--enable-libaom --enable-libass --enable-libdav1d --enable-libfreetype 
--enable-libfribidi --enable-libgsm --enable-libmp3lame --enable-libopus 
--enable-libspeex --enable-libtheora --enable-libv4l2 --enable-libvorbis 
--enable-libvpx --enable-libx264 --enable-libx265 --enable-libxml2 
--enable-libxvid --enable-libzimg --enable-nonfree --enable-openssl 
--enable-libvidstab --extra-cflags='-I/usr/local/include -I/usr/X11R6/include' 
--extra-libs='-L/usr/local/lib -L/usr/X11R6/lib' --extra-ldsoflags= 
--mandir=/usr/local/man --objcc=/usr/bin/false --optflags='-O2 -pipe -g 
-Wno-redundant-decls'
  libavutil  56. 70.100 / 56. 70.100
  libavcodec 58.134.100 / 58.134.100
  libavformat58. 76.100 / 58. 76.100
  libavdevice58. 13.100 / 58. 13.100
  libavfilter 7.110.100 /  7.110.100
  libswscale  5.  9.100 /  5.  9.100
  libswresample   3.  9.100 /  3.  9.100
  libpostproc55.  9.100 / 55.  9.100
[video4linux2,v4l2 @ 0xe580ab7a000] Compressed:   mjpeg :
MJPEG : 1920x1080 320x180 320x240 352x288 424x240 640x360 640x480 848x480 
960x540 1280x720
[video4linux2,v4l2 @ 0xe580ab7a000] Raw   : yuyv422 : 
YUYV : 640x480 320x180 320x240 352x288 424x240 640x360 848x480 960x540 1280x720 
1920x1080
/dev/video0: Immediate exit requested



8 octobre 2023 11:45 "Bryan Steele"  a écrit:

> Morgan wrote:
> 
>> Hello,
>> 
>> $ video -q -f /dev/video1
>> video: /dev/video1 has no usable YUV encodings
>> 
>> $ video -s 1920x1080 -f /dev/video1
>> video: /dev/video1 has no usable YUV encodings
>> 
>> thanks for your suggestion
>> 
>> Morgan
> 
> Are there any non-YUV formats supported?
> 
> $ ffmpeg -f v4l2 -list_formats all -i /dev/video1
> 
> -Bryan.

Re: Webcam support on Lenovo Thinkpad T14 Gen3 (Intel)

[Comète]

It does nothing more, just a black window and no error returned on the terminal.




7 octobre 2023 21:25 "Crystal Kolipe"  a écrit:

> On Sat, Oct 07, 2023 at 07:02:23PM +, Comte wrote:
> 
>> $ video -q -f /dev/video1
>> video: /dev/video1 has no usable YUV encodings
>> 
>> $ video -s 1920x1080 -f /dev/video1
>> video: /dev/video1 has no usable YUV encodings
> 
> What does video -g -f /dev/video0 do?
> 
> (The -g flag being of interest here).
> 
> This error:
> 
>> On 2023 Oct 07 (Sat) at 12:53:12 + (+), Comète wrote:
>> :Hi,
>> :
>> :$ video -f /dev/video0
>> :video: ioctl VIDIOC_DQBUF: Invalid argument
> 
> ... narrows it down quite a bit, but I'm still not sure why it's not working.

Re: Webcam support on Lenovo Thinkpad T14 Gen3 (Intel)

[Comète]

I thought that the webcam was broken but I've tested 
it with a live Debian 12 usb key and it works.




7 octobre 2023 21:02 "Comète"  a écrit:

> Hello,
> 
> $ video -q -f /dev/video1
> video: /dev/video1 has no usable YUV encodings
> 
> $ video -s 1920x1080 -f /dev/video1
> video: /dev/video1 has no usable YUV encodings
> 
> thanks for your suggestion
> 
> Morgan
> 
> 7 octobre 2023 18:56 "Marcus MERIGHI"  a écrit:
> 
>> Hello,
>> 
>> com...@geekandfree.org (Comète), 2023.10.07 (Sat) 17:02 (CEST):
>> 
>>> unfortunately, yes the slider is well opened and I can confirm that
>>> when it is closed no LED will be visible.
>> 
>> on my thinkpad X1 Carbon 5th Gen., /dev/video0 is the infrared camera,
>> /dev/video1 is the one I want.
>> 
>> video -s 1920x1080 -f /dev/video1
>> ^
>> gives me the best it can do, while
>> 
>> video -s 1920x1080 -f /dev/video0
>> ^
>> gives me a small, greenish, pixelated image.
>> 
>> Marcus
>> 
>>> 7 octobre 2023 15:06 "Peter Hessler"  a écrit:
>>> 
>>> A lot of the Thinkpad laptops have a physical switch that will
>>> cover/uncover the camera. Can you switch it to the other and try again?
>>> 
>>> -peter
>>> 
>>> On 2023 Oct 07 (Sat) at 12:53:12 + (+), Comète wrote:
>>> :Hi,
>>> :
>>> :$ video -f /dev/video0
>>> :video: ioctl VIDIOC_DQBUF: Invalid argument
>>> :
>>> :the LED lights up near the camera and a black window is displayed...
>>> :
>>> :
>>> :I've strictly followed https://www.openbsd.org/faq/faq13.html#webcam
>>> :
>>> :
>>> :then to answer Crystal:
>>> :
>>> :$ ffplay -f v4l2 -input_format yuyv422 -video_size 960x540 -i /dev/video0
>>> :ffplay version 4.4.3 Copyright (c) 2003-2022 the FFmpeg developers
>>> :built with OpenBSD clang version 13.0.0
>>> :configuration: --enable-shared --arch=amd64 --cc=cc --enable-debug 
>>> --disable-stripping
>>> :--disable-indev=jack --disable-outdev=sdl2 --enable-fontconfig 
>>> --enable-frei0r --ena
>>> :ble-gpl --enable-ladspa --enable-libaom --enable-libass --enable-libdav1d 
>>> --enable-libfreetype
>>> :--enable-libfribidi --enable-libgsm --enable-libmp3lame --enable-libopus 
>>> --ena
>>> :ble-libspeex --enable-libtheora --enable-libv4l2 --enable-libvorbis 
>>> --enable-libvpx
>>> :--enable-libx264 --enable-libx265 --enable-libxml2 --enable-libxvid 
>>> --enable-libzimg --en
>>> :able-nonfree --enable-openssl --enable-libvidstab 
>>> --extra-cflags='-I/usr/local/include
>>> :-I/usr/X11R6/include' --extra-libs='-L/usr/local/lib -L/usr/X11R6/lib' 
>>> --extra-ldsofla
>>> :gs= --mandir=/usr/local/man --objcc=/usr/bin/false --optflags='-O2 -pipe 
>>> -g -Wno-redundant-decls'
>>> :libavutil 56. 70.100 / 56. 70.100
>>> :libavcodec 58.134.100 / 58.134.100
>>> :libavformat 58. 76.100 / 58. 76.100
>>> :libavdevice 58. 13.100 / 58. 13.100
>>> :libavfilter 7.110.100 / 7.110.100
>>> :libswscale 5. 9.100 / 5. 9.100
>>> :libswresample 3. 9.100 / 3. 9.100
>>> :libpostproc 55. 9.100 / 55. 9.100
>>> :[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument
>>> :Input #0, video4linux2,v4l2, from '/dev/video0':
>>> :Duration: N/A, bitrate: 124416 kb/s
>>> :Stream #0:0: Video: rawvideo (YUY2 / 0x32595559), yuyv422, 960x540, 124416 
>>> kb/s, 15 fps, 15 tbr,
>>> :1000k tbn, 1000k tbc
>>> :[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument
>>> :[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument
>>> :[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument
>>> :
>>> :
>>> :and yes, to answer Jan:
>>> :
>>> :$ sysctl kern.video
>>> :kern.video.record=1
>>> :
>>> :
>>> :
>>> :Thanks a lot for your help.
>>> :
>>> :Morgan
>>> :
>>> :
>>> :7 octobre 2023 14:36 "Thomas Frohwein"  a écrit:
>>> :
>>> :> On Sat, Oct 07, 2023 at 07:08:21AM -0300, Crystal Kolipe wrote:
>>> :>
>>> :>> On Sat, Oct 07, 2023 at 08:51:36AM +, Comte wrote:
>>> :>> The webcam seems well detected but no image is displayed...
>>> :>>
>>> :>> What happens if you run /usr/X11R6/bin/video instead of using ffmpeg?
>>> :>>
>>

Re: Webcam support on Lenovo Thinkpad T14 Gen3 (Intel)

[Comète]

Hello,

$ video -q -f /dev/video1
video: /dev/video1 has no usable YUV encodings

$ video -s 1920x1080 -f /dev/video1
video: /dev/video1 has no usable YUV encodings


thanks for your suggestion

Morgan

7 octobre 2023 18:56 "Marcus MERIGHI"  a écrit:

> Hello, 
> 
> com...@geekandfree.org (Comète), 2023.10.07 (Sat) 17:02 (CEST):
> 
>> unfortunately, yes the slider is well opened and I can confirm that
>> when it is closed no LED will be visible.
> 
> on my thinkpad X1 Carbon 5th Gen., /dev/video0 is the infrared camera,
> /dev/video1 is the one I want.
> 
> video -s 1920x1080 -f /dev/video1
> ^
> gives me the best it can do, while
> 
> video -s 1920x1080 -f /dev/video0
> ^
> gives me a small, greenish, pixelated image.
> 
> Marcus
> 
>> 7 octobre 2023 15:06 "Peter Hessler"  a écrit:
>> 
>> A lot of the Thinkpad laptops have a physical switch that will
>> cover/uncover the camera. Can you switch it to the other and try again?
>> 
>> -peter
>> 
>> On 2023 Oct 07 (Sat) at 12:53:12 + (+), Comète wrote:
>> :Hi,
>> :
>> :$ video -f /dev/video0
>> :video: ioctl VIDIOC_DQBUF: Invalid argument
>> :
>> :the LED lights up near the camera and a black window is displayed...
>> :
>> :
>> :I've strictly followed https://www.openbsd.org/faq/faq13.html#webcam
>> :
>> :
>> :then to answer Crystal:
>> :
>> :$ ffplay -f v4l2 -input_format yuyv422 -video_size 960x540 -i /dev/video0
>> :ffplay version 4.4.3 Copyright (c) 2003-2022 the FFmpeg developers
>> :built with OpenBSD clang version 13.0.0
>> :configuration: --enable-shared --arch=amd64 --cc=cc --enable-debug 
>> --disable-stripping
>> :--disable-indev=jack --disable-outdev=sdl2 --enable-fontconfig 
>> --enable-frei0r --ena
>> :ble-gpl --enable-ladspa --enable-libaom --enable-libass --enable-libdav1d 
>> --enable-libfreetype
>> :--enable-libfribidi --enable-libgsm --enable-libmp3lame --enable-libopus 
>> --ena
>> :ble-libspeex --enable-libtheora --enable-libv4l2 --enable-libvorbis 
>> --enable-libvpx
>> :--enable-libx264 --enable-libx265 --enable-libxml2 --enable-libxvid 
>> --enable-libzimg --en
>> :able-nonfree --enable-openssl --enable-libvidstab 
>> --extra-cflags='-I/usr/local/include
>> :-I/usr/X11R6/include' --extra-libs='-L/usr/local/lib -L/usr/X11R6/lib' 
>> --extra-ldsofla
>> :gs= --mandir=/usr/local/man --objcc=/usr/bin/false --optflags='-O2 -pipe -g 
>> -Wno-redundant-decls'
>> :libavutil 56. 70.100 / 56. 70.100
>> :libavcodec 58.134.100 / 58.134.100
>> :libavformat 58. 76.100 / 58. 76.100
>> :libavdevice 58. 13.100 / 58. 13.100
>> :libavfilter 7.110.100 / 7.110.100
>> :libswscale 5. 9.100 / 5. 9.100
>> :libswresample 3. 9.100 / 3. 9.100
>> :libpostproc 55. 9.100 / 55. 9.100
>> :[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument
>> :Input #0, video4linux2,v4l2, from '/dev/video0':
>> :Duration: N/A, bitrate: 124416 kb/s
>> :Stream #0:0: Video: rawvideo (YUY2 / 0x32595559), yuyv422, 960x540, 124416 
>> kb/s, 15 fps, 15 tbr,
>> :1000k tbn, 1000k tbc
>> :[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument
>> :[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument
>> :[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument
>> :
>> :
>> :and yes, to answer Jan:
>> :
>> :$ sysctl kern.video
>> :kern.video.record=1
>> :
>> :
>> :
>> :Thanks a lot for your help.
>> :
>> :Morgan
>> :
>> :
>> :7 octobre 2023 14:36 "Thomas Frohwein"  a écrit:
>> :
>> :> On Sat, Oct 07, 2023 at 07:08:21AM -0300, Crystal Kolipe wrote:
>> :>
>> :>> On Sat, Oct 07, 2023 at 08:51:36AM +, Comte wrote:
>> :>> The webcam seems well detected but no image is displayed...
>> :>>
>> :>> What happens if you run /usr/X11R6/bin/video instead of using ffmpeg?
>> :>>
>> :>> # dmesg | grep "uvideo"
>> :>> ^
>> :>>
>> :>> Please post a full dmesg next time.
>> :>>
>> :>> uvideo0 at uhub1 port 4 configuration 1 interface 0 "Chicony Electronics 
>> Co.,Ltd. Integrated
>> :>> Camera" rev 2.01/54.20 addr 3
>> :>> video0 at uvideo0
>> :>> uvideo1 at uhub1 port 4 configuration 1 interface 2 "Chicony Electronics 
>> Co.,Ltd. Integrated
>> :>> Camera" rev 2.01/54.20 addr 3
>> :>> video1 at uvideo1
>> :>>
>> :>> However, this camera should almost certainly just work anyway.
>> :>>
>> :>> $ ffplay -f v4l2 -input_format mjpeg -video_size 1280x720 -i /dev/video0
>> :>> ^^^
>> :>>
>> :>> Why?
>> :>
>> :> Looks like Comte followed the console instructions at [1] to the letter.
>> :> It seems to me that jumping right to ffplay recording isn't the best
>> :> way for you to check the camera is working. Simplest way to test seems
>> :> to me:
>> :>
>> :> $ video -f /dev/video0
>> :>
>> :> And then you should see a window with the video stream...
>> :>
>> :> [1] https://www.openbsd.org/faq/faq13.html#webcam
>> :
>> 
>> --
>> Do you realize how many holes there could be if people would just take
>> the time to take the dirt out of them?

Re: Webcam support on Lenovo Thinkpad T14 Gen3 (Intel)

[Comète]

unfortunately, yes the slider is well opened and I can confirm that when it is 
closed no LED will be visible.

Thanks

Morgan


7 octobre 2023 15:06 "Peter Hessler"  a écrit:

> A lot of the Thinkpad laptops have a physical switch that will
> cover/uncover the camera. Can you switch it to the other and try again?
> 
> -peter
> 
> On 2023 Oct 07 (Sat) at 12:53:12 + (+), Comète wrote:
> :Hi,
> :
> :$ video -f /dev/video0
> :video: ioctl VIDIOC_DQBUF: Invalid argument
> :
> :the LED lights up near the camera and a black window is displayed...
> :
> :
> :I've strictly followed https://www.openbsd.org/faq/faq13.html#webcam
> :
> :
> :then to answer Crystal:
> :
> :$ ffplay -f v4l2 -input_format yuyv422 -video_size 960x540 -i /dev/video0 
> :ffplay version 4.4.3 Copyright (c) 2003-2022 the FFmpeg developers 
> :built with OpenBSD clang version 13.0.0 
> :configuration: --enable-shared --arch=amd64 --cc=cc --enable-debug 
> --disable-stripping
> :--disable-indev=jack --disable-outdev=sdl2 --enable-fontconfig 
> --enable-frei0r --ena
> :ble-gpl --enable-ladspa --enable-libaom --enable-libass --enable-libdav1d 
> --enable-libfreetype
> :--enable-libfribidi --enable-libgsm --enable-libmp3lame --enable-libopus 
> --ena
> :ble-libspeex --enable-libtheora --enable-libv4l2 --enable-libvorbis 
> --enable-libvpx
> :--enable-libx264 --enable-libx265 --enable-libxml2 --enable-libxvid 
> --enable-libzimg --en
> :able-nonfree --enable-openssl --enable-libvidstab 
> --extra-cflags='-I/usr/local/include
> :-I/usr/X11R6/include' --extra-libs='-L/usr/local/lib -L/usr/X11R6/lib' 
> --extra-ldsofla
> :gs= --mandir=/usr/local/man --objcc=/usr/bin/false --optflags='-O2 -pipe -g 
> -Wno-redundant-decls' 
> :libavutil 56. 70.100 / 56. 70.100 
> :libavcodec 58.134.100 / 58.134.100 
> :libavformat 58. 76.100 / 58. 76.100 
> :libavdevice 58. 13.100 / 58. 13.100 
> :libavfilter 7.110.100 / 7.110.100 
> :libswscale 5. 9.100 / 5. 9.100 
> :libswresample 3. 9.100 / 3. 9.100 
> :libpostproc 55. 9.100 / 55. 9.100 
> :[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument 
> :Input #0, video4linux2,v4l2, from '/dev/video0': 
> :Duration: N/A, bitrate: 124416 kb/s 
> :Stream #0:0: Video: rawvideo (YUY2 / 0x32595559), yuyv422, 960x540, 124416 
> kb/s, 15 fps, 15 tbr,
> :1000k tbn, 1000k tbc 
> :[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument 
> :[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument 
> :[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument
> :
> :
> :and yes, to answer Jan:
> :
> :$ sysctl kern.video
> :kern.video.record=1
> :
> :
> :
> :Thanks a lot for your help.
> :
> :Morgan
> :
> :
> :7 octobre 2023 14:36 "Thomas Frohwein"  a écrit:
> :
> :> On Sat, Oct 07, 2023 at 07:08:21AM -0300, Crystal Kolipe wrote:
> :> 
> :>> On Sat, Oct 07, 2023 at 08:51:36AM +, Comte wrote:
> :>> The webcam seems well detected but no image is displayed...
> :>> 
> :>> What happens if you run /usr/X11R6/bin/video instead of using ffmpeg?
> :>> 
> :>> # dmesg | grep "uvideo"
> :>> ^
> :>> 
> :>> Please post a full dmesg next time.
> :>> 
> :>> uvideo0 at uhub1 port 4 configuration 1 interface 0 "Chicony Electronics 
> Co.,Ltd. Integrated
> :>> Camera" rev 2.01/54.20 addr 3
> :>> video0 at uvideo0
> :>> uvideo1 at uhub1 port 4 configuration 1 interface 2 "Chicony Electronics 
> Co.,Ltd. Integrated
> :>> Camera" rev 2.01/54.20 addr 3
> :>> video1 at uvideo1
> :>> 
> :>> However, this camera should almost certainly just work anyway.
> :>> 
> :>> $ ffplay -f v4l2 -input_format mjpeg -video_size 1280x720 -i /dev/video0
> :>> ^^^
> :>> 
> :>> Why?
> :> 
> :> Looks like Comte followed the console instructions at [1] to the letter.
> :> It seems to me that jumping right to ffplay recording isn't the best
> :> way for you to check the camera is working. Simplest way to test seems
> :> to me:
> :> 
> :> $ video -f /dev/video0
> :> 
> :> And then you should see a window with the video stream...
> :> 
> :> [1] https://www.openbsd.org/faq/faq13.html#webcam
> :
> 
> -- 
> Do you realize how many holes there could be if people would just take
> the time to take the dirt out of them?

Re: Webcam support on Lenovo Thinkpad T14 Gen3 (Intel)

[Comète]

Not better with libv4l package installed...

Thanks

Morgan


Le 7 octobre 2023 15:10:18 GMT+02:00, Thomas Frohwein  
a écrit :
>On Sat, Oct 07, 2023 at 12:53:12PM +0000, Comète wrote:
>> Hi,
>> 
>> $ video -f /dev/video0
>> video: ioctl VIDIOC_DQBUF: Invalid argument
>> 
>> the LED lights up near the camera and a black window is displayed...
>> 
>> 
>> I've strictly followed https://www.openbsd.org/faq/faq13.html#webcam
>
>I'm not 100% sure about this, but maybe worth a try - see if installing
>libv4l from packages makes a difference:
>
># pkg_add libv4l
>
>> 
>> 
>> then to answer Crystal:
>> 
>> $ ffplay -f v4l2 -input_format yuyv422 -video_size 960x540 -i /dev/video0 
>> ffplay version 4.4.3 Copyright (c) 2003-2022 the FFmpeg developers 
>> built with OpenBSD clang version 13.0.0 
>> configuration: --enable-shared --arch=amd64 --cc=cc --enable-debug 
>> --disable-stripping
>> --disable-indev=jack --disable-outdev=sdl2 --enable-fontconfig 
>> --enable-frei0r --ena
>> ble-gpl --enable-ladspa --enable-libaom --enable-libass --enable-libdav1d 
>> --enable-libfreetype
>> --enable-libfribidi --enable-libgsm --enable-libmp3lame --enable-libopus 
>> --ena
>> ble-libspeex --enable-libtheora --enable-libv4l2 --enable-libvorbis 
>> --enable-libvpx
>> --enable-libx264 --enable-libx265 --enable-libxml2 --enable-libxvid 
>> --enable-libzimg --en
>> able-nonfree --enable-openssl --enable-libvidstab 
>> --extra-cflags='-I/usr/local/include
>> -I/usr/X11R6/include' --extra-libs='-L/usr/local/lib -L/usr/X11R6/lib' 
>> --extra-ldsofla
>> gs= --mandir=/usr/local/man --objcc=/usr/bin/false --optflags='-O2 -pipe -g 
>> -Wno-redundant-decls' 
>> libavutil 56. 70.100 / 56. 70.100 
>> libavcodec 58.134.100 / 58.134.100 
>> libavformat 58. 76.100 / 58. 76.100 
>> libavdevice 58. 13.100 / 58. 13.100 
>> libavfilter 7.110.100 / 7.110.100 
>> libswscale 5. 9.100 / 5. 9.100 
>> libswresample 3. 9.100 / 3. 9.100 
>> libpostproc 55. 9.100 / 55. 9.100 
>> [video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument 
>> Input #0, video4linux2,v4l2, from '/dev/video0': 
>> Duration: N/A, bitrate: 124416 kb/s 
>> Stream #0:0: Video: rawvideo (YUY2 / 0x32595559), yuyv422, 960x540, 124416 
>> kb/s, 15 fps, 15 tbr,
>> 1000k tbn, 1000k tbc 
>> [video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument 
>> [video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument 
>> [video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument
>> 
>> 
>> and yes, to answer Jan:
>> 
>> $ sysctl kern.video
>> kern.video.record=1
>> 
>> 
>> 
>> Thanks a lot for your help.
>> 
>> Morgan
>> 
>> 
>> 7 octobre 2023 14:36 "Thomas Frohwein"  a écrit:
>> 
>> > On Sat, Oct 07, 2023 at 07:08:21AM -0300, Crystal Kolipe wrote:
>> > 
>> >> On Sat, Oct 07, 2023 at 08:51:36AM +, Comte wrote:
>> >> The webcam seems well detected but no image is displayed...
>> >> 
>> >> What happens if you run /usr/X11R6/bin/video instead of using ffmpeg?
>> >> 
>> >> # dmesg | grep "uvideo"
>> >> ^
>> >> 
>> >> Please post a full dmesg next time.
>> >> 
>> >> uvideo0 at uhub1 port 4 configuration 1 interface 0 "Chicony Electronics 
>> >> Co.,Ltd. Integrated
>> >> Camera" rev 2.01/54.20 addr 3
>> >> video0 at uvideo0
>> >> uvideo1 at uhub1 port 4 configuration 1 interface 2 "Chicony Electronics 
>> >> Co.,Ltd. Integrated
>> >> Camera" rev 2.01/54.20 addr 3
>> >> video1 at uvideo1
>> >> 
>> >> However, this camera should almost certainly just work anyway.
>> >> 
>> >> $ ffplay -f v4l2 -input_format mjpeg -video_size 1280x720 -i /dev/video0
>> >> ^^^
>> >> 
>> >> Why?
>> > 
>> > Looks like Comte followed the console instructions at [1] to the letter.
>> > It seems to me that jumping right to ffplay recording isn't the best
>> > way for you to check the camera is working. Simplest way to test seems
>> > to me:
>> > 
>> > $ video -f /dev/video0
>> > 
>> > And then you should see a window with the video stream...
>> > 
>> > [1] https://www.openbsd.org/faq/faq13.html#webcam

Re: Webcam support on Lenovo Thinkpad T14 Gen3 (Intel)

[Comète]

Hi,

$ video -f /dev/video0
video: ioctl VIDIOC_DQBUF: Invalid argument

the LED lights up near the camera and a black window is displayed...


I've strictly followed https://www.openbsd.org/faq/faq13.html#webcam


then to answer Crystal:

$ ffplay -f v4l2 -input_format yuyv422 -video_size 960x540 -i /dev/video0 
ffplay version 4.4.3 Copyright (c) 2003-2022 the FFmpeg developers 
built with OpenBSD clang version 13.0.0 
configuration: --enable-shared --arch=amd64 --cc=cc --enable-debug 
--disable-stripping
--disable-indev=jack --disable-outdev=sdl2 --enable-fontconfig --enable-frei0r 
--ena
ble-gpl --enable-ladspa --enable-libaom --enable-libass --enable-libdav1d 
--enable-libfreetype
--enable-libfribidi --enable-libgsm --enable-libmp3lame --enable-libopus --ena
ble-libspeex --enable-libtheora --enable-libv4l2 --enable-libvorbis 
--enable-libvpx
--enable-libx264 --enable-libx265 --enable-libxml2 --enable-libxvid 
--enable-libzimg --en
able-nonfree --enable-openssl --enable-libvidstab 
--extra-cflags='-I/usr/local/include
-I/usr/X11R6/include' --extra-libs='-L/usr/local/lib -L/usr/X11R6/lib' 
--extra-ldsofla
gs= --mandir=/usr/local/man --objcc=/usr/bin/false --optflags='-O2 -pipe -g 
-Wno-redundant-decls' 
libavutil 56. 70.100 / 56. 70.100 
libavcodec 58.134.100 / 58.134.100 
libavformat 58. 76.100 / 58. 76.100 
libavdevice 58. 13.100 / 58. 13.100 
libavfilter 7.110.100 / 7.110.100 
libswscale 5. 9.100 / 5. 9.100 
libswresample 3. 9.100 / 3. 9.100 
libpostproc 55. 9.100 / 55. 9.100 
[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument 
Input #0, video4linux2,v4l2, from '/dev/video0': 
Duration: N/A, bitrate: 124416 kb/s 
Stream #0:0: Video: rawvideo (YUY2 / 0x32595559), yuyv422, 960x540, 124416 
kb/s, 15 fps, 15 tbr,
1000k tbn, 1000k tbc 
[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument 
[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument 
[video4linux2,v4l2 @ 0x68aa563e800] ioctl(VIDIOC_DQBUF): Invalid argument


and yes, to answer Jan:

$ sysctl kern.video
kern.video.record=1



Thanks a lot for your help.

Morgan


7 octobre 2023 14:36 "Thomas Frohwein"  a écrit:

> On Sat, Oct 07, 2023 at 07:08:21AM -0300, Crystal Kolipe wrote:
> 
>> On Sat, Oct 07, 2023 at 08:51:36AM +, Comte wrote:
>> The webcam seems well detected but no image is displayed...
>> 
>> What happens if you run /usr/X11R6/bin/video instead of using ffmpeg?
>> 
>> # dmesg | grep "uvideo"
>> ^
>> 
>> Please post a full dmesg next time.
>> 
>> uvideo0 at uhub1 port 4 configuration 1 interface 0 "Chicony Electronics 
>> Co.,Ltd. Integrated
>> Camera" rev 2.01/54.20 addr 3
>> video0 at uvideo0
>> uvideo1 at uhub1 port 4 configuration 1 interface 2 "Chicony Electronics 
>> Co.,Ltd. Integrated
>> Camera" rev 2.01/54.20 addr 3
>> video1 at uvideo1
>> 
>> However, this camera should almost certainly just work anyway.
>> 
>> $ ffplay -f v4l2 -input_format mjpeg -video_size 1280x720 -i /dev/video0
>> ^^^
>> 
>> Why?
> 
> Looks like Comte followed the console instructions at [1] to the letter.
> It seems to me that jumping right to ffplay recording isn't the best
> way for you to check the camera is working. Simplest way to test seems
> to me:
> 
> $ video -f /dev/video0
> 
> And then you should see a window with the video stream...
> 
> [1] https://www.openbsd.org/faq/faq13.html#webcam

Webcam support on Lenovo Thinkpad T14 Gen3 (Intel)

[Comète]

Hello,

I've tried to used the integrated webcam on my brand new Thinkpad T14 on 
OpenBSD 7.3 without success. I've followed the FAQ.
The webcam seems well detected but no image is displayed...
This is what I get:

# uname -a
OpenBSD hyperion.my.domain 7.3 GENERIC#1072 amd64


# usbdevs -v

   
Controller /dev/usb0:   

 
addr 01: 8086: Intel, xHCI root hub 

 
 super speed, self powered, config 1, rev 1.00  

 
 driver: uhub0  

 
addr 02: 2109:0817 VIA Labs, Inc., USB3.0 Hub   

 
 super speed, self powered, config 1, rev 6.23, iSerial 0   

 
 driver: uhub2  

 
addr 03: 0bda:0411 Generic, USB3.2 Hub  

 
 super speed, self powered, config 1, rev 39.20 

 
 driver: uhub3  

 
addr 04: 152d:0578 JMicron, USB to ATA/ATAPI Bridge 

 
 super speed, power 224 mA, config 1, rev 2.14, iSerial 
0123456789ABCDEF
 
 driver: umass0
addr 05: 0bda:8153 Realtek, USB 10/100/1000 LAN
 super speed, power 72 mA, config 1, rev 30.00, iSerial 01
 driver: ure0
Controller /dev/usb1:
addr 01: 8086: Intel, xHCI root hub
 super speed, self powered, config 1, rev 1.00
 driver: uhub1
addr 02: 27c6:6594 Goodix Technology Co., Ltd., Goodix USB2.0 MISC
 full speed, power 100 mA, config 1, rev 1.00, iSerial 
UIDE2B30F1D__MOC_B0 
 driver: ugen0
addr 03: 04f2:b74f Chicony Electronics Co.,Ltd., Integrated Camera
 high speed, power 500 mA, config 1, rev 54.20, iSerial 0001
 driver: uvideo0
 driver: uvideo1
 driver: ugen1
addr 04: 2109:2817 VIA Labs, Inc., USB2.0 Hub
 high speed, self powered, config 1, rev 6.23, iSerial 0
 driver: uhub4
addr 05: 1a40:0801 Terminus Technology, USB 2.0 Hub
 high speed, self powered, config 1, rev 1.00
 driver: uhub5
addr 06: 03f0:1a4a Lite-On Technology Corp., HP Wireless Slim Keyboard - Skylab 
EU
 full speed, power 100 mA, config 1, rev 0.66
 driver: uhidev0
 driver: uhidev1
 driver: uhidev2
addr 07: 19f7:0015 R\M-XDE Microphones, R\M-XDE NT-USB Mini
 full speed, power 100 mA, config 1, rev 1.18, iSerial 45803936
 driver: uaudio0
 driver: uhidev3
addr 08: 0bda:5411 Generic, USB2.1 Hub
 high speed, self powered, config 1, rev 39.20
 driver: uhub6
addr 09: 0bda:1100 Realtek, HID Device
 high speed, self powered, config 1, rev 1.01
 driver: uhidev4
addr 10: 2109:8884 VIA Labs, Inc., USB Billboard Device
 high speed, self powered, config 1, rev 0.01, iSerial 0001
 driver: ugen2
addr 11: 8087:0033 Intel, Bluetooth
 full speed, self powered, config 1, rev 0.00
 driver: ugen3


# sysctl kern.video.record
kern.video.record=1

# dmesg | grep "uvideo"
uvideo0 at uhub1 port 4 configuration 1 interface 0 "Chicony Electronics 
Co.,Ltd. Integrated Camera" rev 2.01/54.20 addr 3
video0 at uvideo0
uvideo1 at uhub1 port 4 configuration 1 interface 2 "Chicony Electronics 
Co.,Ltd. Integrated Camera" rev 2.01/54.20 addr 3
video1 at uvideo1

# video -q -f /dev/video0
video device /dev/video0:
  encodings: yuy2
  frame sizes (width x height, in pixels) and rates (in frames per second):
320x180: 30
320x240: 30
352x288: 30

rsync repo for firmwares

[Comète]

Hi,

is there any rsync mirror for firmwares ?

thanks.

Morgan

Re: Blocking users who change their IP address

[Comète]

6 octobre 2017 05:40 "Eric Johnson"  a écrit:

> On Fri, 6 Oct 2017, Mihai Popescu wrote:
> 
>> I'm at a small Wireless ISP in a small town and have only a Class C block
>> of addresses.
>> 
>> [...]
>> 
>> [...]
>> 
>> Very romantic, indeed, but it has nothing to do with OpenBSD.
>> Are you serious?
> 
> Since the primary firewall and the DHCP server (and pretty much everything
> else on my end) run on OpenBSD, if there is a way to do it with OpenBSD,
> for example with pf, then I think that it should be a very good place to
> ask the question.
> 
> Of course, if there is no way to address the problem on computers running
> OpenBSD, then I did ask in the wrong place.
> 
> Based on your response, I assume that OpenBSD must be useless for trying
> to solve that problem and I shall have to look elsewhere.
> 
> Eric

Hi,

you just have to read the "dhcpd" man page I think. If I understand correctly 
your request "-C" is what you're looking for.
I used this to build a captive portal in Python/Django on Matthieu Herrb's idea 
and work (https://hal-univ-tlse3.archives-ouvertes.fr/hal-01135123). I've not 
yet released the source code of the management interface but what you want to 
do can be done without code. Only with OpenBSD tools like PF and DHCPD.

Morgan

Re: relayd TLS load balancer for multiple websites

[Comète]

28 septembre 2017 15:50 "mabi"  a écrit:

> Thanks for the pointer regarding SNI not being supported in relayd. I will go 
> on and find another
> solution, probably HAproxy.
> 
>>  Original Message 
>> Subject: Re: relayd TLS load balancer for multiple websites
>> Local Time: September 28, 2017 3:02 PM
>> UTC Time: September 28, 2017 1:02 PM
>> From: mcmer-open...@tor.at
>> To: mabi 
>> openbsd-misc 
>> 
>> m...@protonmail.ch (mabi), 2017.09.28 (Thu) 13:32 (CEST):
>>> I was wondering if it is possible to use relayd as load balancer with
>>> TLS termination for multiple different websites residing on different
>>> server.
>> 
>> With a public IP per website: yes. Else: no.
>> 
>> reyk@, 2014-07-24, "no SNI yet"
>> https://marc.info/?l=openbsd-misc=140621533620964
>> 
>> recent thread:
>> https://marc.info/?l=openbsd-misc=150599591326006
>> 
>> Marcus
>> 
>> btw, protonmail"s "text/plain, base64, utf-8" reportedly keeps people
>> from seeing these messages.

Hi,

I use Nginx for this, in production, since many years, it's simple and works 
well.

Comete

Re: OpenBSD as a non-routing access point

[Comète]

Hi,

I had the same problem with 6.1 on Alix 2D13 boards, I've created a bridge0 
interface with vr0, vr1, vr2 and athn0 (the wireless one configured in hostap 
mode) but no ip address was given to any of the wifi connected devices by my 
dhcp server. 
However, all the computers linked with an ethernet cable to vr0, vr1 or vr2 get 
an ip...

But I found that specifying a "chan " option in the interface configuration 
file allowed the dhcp to pass on the wireless interface.

Is it a bug ?? 

By the way, no need to enable ipv4 forwarding with sysctl as I read in some 
posts.


Thanks

pf: pfi_kif_unref: rules refcount <= 0

[Comète]

Hi,

I run OpenBSD 6.0 GENERIC.MP#4 amd64 on a firewall and I recently discovered 
lots of these messages in
dmesg:

pf: pfi_kif_unref: rules refcount <= 0

do you know what it is ?

Thanks

Morgan

Re: strange behaviour with etherip bridge over IPSEC and UDP queries

[Comète]

28 mars 2017 16:40 "Scott Bonds" <sc...@ggr.com> a écrit:

> Interesting. I may have a similar problem and was planning to post about it 
> soon...in my case I've
> been playing with rdomains, using PF to NAT
> between them, and ikedv2. I've found that when I use ikedv2 to layer IPSEC on 
> top of my NATing
> traffic between rdomains, TCP passes fine, UDP does not, though I can see 
> requests and replies
> moving across enc0 (DNS requests that show the answer in the tcpdump output). 
> So, host -T
> google.com 8.8.8.8 (TCP DNS lookup) works but host google.com 8.8.8.8 (UDP 
> DNS lookup) does not.
> 
> On 03/28, Comète wrote:
> 
>> Hi,
>> 
>> I'm trying to build an IPSEC encrypted tunnel that works as a bridge. For
>> this, I use isakmpd and etherip, vether, bridge interfaces. On each VPN 
>> server
>> (Host A and B), I've got PF running on the external interface (em2). Both
>> hosts run OpenBSD 6.0 stable amd64.
>> Host A is my main server and host B is the
>> client.
>> 
>> Now the strange part:
>> 
>> - If PF is running on each host (A and B),
>> UDP queries from B to A network don't work (UDP only, TCP is ok. But I can 
>> see
>> UDP packets with tcpdump going from B to A and coming back but they don't go
>> out from the interface)
>> 
>> - I disable PF on Host B only with "rcctl disable pf
>> && reboot", all is working after reboot, all queries (dns, ntp...) are well
>> sent from B to A through the VPN. Now, I enable PF again without rebooting
>> with "pfctl -e && pfctl -f /etc/pf.conf" and it's still working. Then I start
>> "rcctl enable pf" and reboot, and it doesn't work anymore for UDP queries...
>> So to resume, if PF is started automatically at boot on host B (rcctl enable
>> pf) then UDP don't pass but if I start it manually (pfctl -e && pfctl -f
>> /etc/pf.conf), it works.
>> 
>> I've tried tcpdump -nettti pflog0 during DNS/NTP
>> queries but I don't see anything blocked. As I said, if I try tcpdump -nettti
>> em0 I can even see the answer from the DNS server coming back but dig doesn't
>> get it.
>> 
>> I just don't understand why my UDP packets don't pass, so if you have
>> a idea, you're welcome ;)
>> 
>> thanks.
>> 
>> This my setup on Host B (Host A is
>> similar)
>> 
>> ipsec.conf:
>> ---
>> 
>> ike active esp proto etherip from $local_gw
>> to $remote_gw \
>> main auth "hmac-sha1" enc "aes-128" group modp2048
>> lifetime 1800 \
>> quick enc "aes-128-gcm" group modp2048 lifetime 1200 \
>> srcid $local_gw
>> 
>> ipsecctl -sa
>> ---
>> ipsecctl -sa
>> FLOWS:
>> flow esp in
>> proto etherip from 10.65.12.10 to 10.65.13.10 peer 10.65.12.10 srcid
>> 10.65.13.10/32 dstid 10.65.12.10/32 type use
>> flow esp out proto etherip from
>> 10.65.13.10 to 10.65.12.10 peer 10.65.12.10 srcid 10.65.13.10/32 dstid
>> 10.65.12.10/32 type require
>> 
>> SAD:
>> esp tunnel from 10.65.13.10 to 10.65.12.10
>> spi 0xd5acc570 enc aes-128-gcm
>> esp tunnel from 10.65.12.10 to 10.65.13.10 spi
>> 0xe19efd9f enc aes-128-gcm
>> 
>> pf.conf:
>> 
>> ext_if = "em2"
>> int_if =
>> "internal"
>> 
>> match in all scrub (no-df random-id max-mss 1200)
>> antispoof for {
>> $ext_if, $int_if } inet
>> set skip on { lo, enc, $int_if }
>> set loginterface
>> $ext_if
>> match out on $ext_if from any to any nat-to ($ext_if)
>> block log all
>> pass quick on em0
>> 
>> # VPN
>> pass in on $ext_if proto udp from any to $ext_if port
>> { isakmp, ipsec-nat-t }
>> pass out on $ext_if proto udp from $ext_if to any port
>> { isakmp, ipsec-nat-t }
>> pass in on $ext_if proto esp from any to $ext_if
>> pass
>> out on $ext_if proto esp from $ext_if to any
>> 
>> /etc/hostname.bridge0:
>> --
>> link2
>> add etherip0
>> add vether0
>> add em0
>> group "internal"
>> up
>> 
>> /etc/hostname.etherip0
>> --
>> tunnel 10.65.13.10
>> 10.65.12.10
>> group internal
>> up
>> 
>> /etc/hostname.vether0
>> -
>> inet 10.14.254.35 255.255.0.0 NONE
>> description "Interconnexion"
>> group
>> "internal"
>> up
>> 
>> /etc/hostname.em0
>> --
>> up
>> 
>> /etc/hostname.em2
>> --
>> inet 10.65.13.10 255.255.255.0 NONE
>> description "Evil
>> Network"
>> group "external"
>> up
>> !route add -inet 10.65.12.0/24 10.65.13.1
>> /etc/sysctl.conf
>> 
>> net.inet.ip.forwarding=1
>> net.inet.etherip.allow=1


Problem resolved. I did all my tests without pluging the internal physical 
interface (em0) on Host B which is a member of the bridge0. As soon as I 
plugged it in a switch, everything worked !
So, it seems that even if the vether interface in the bridge is active, you 
also need to activate the physical one to make it work.

Strange because only UDP requests are concerned in this case...

Re: strange behaviour with etherip bridge over IPSEC and UDP queries

[Comète]

2 avril 2017 11:49 "Comète" <com...@daknet.org> a écrit:

>> On 03/28,
Comète wrote:
> 
> Hi,
> 
> I'm trying to build an IPSEC encrypted tunnel
that works as a bridge. For
> this, I use isakmpd and etherip, vether, bridge
interfaces. On each VPN server
> (Host A and B), I've got PF running on the
external interface (em2). Both
> hosts run OpenBSD 6.0 stable amd64.
> Host A
is my main server and host B is the
> client.
> 
> Now the strange part:
> 
>
- If PF is running on each host (A and B),
> UDP queries from B to A network
don't work (UDP only, TCP is ok. But I can see
> UDP packets with tcpdump
going from B to A and coming back but they don't go
> out from the interface)
> 
> - I disable PF on Host B only with "rcctl disable pf
> && reboot", all is
working after reboot, all queries (dns, ntp...) are well
> sent from B to A
through the VPN. Now, I enable PF again without rebooting
> with "pfctl -e &&
pfctl -f /etc/pf.conf" and it's still working. Then I start
> "rcctl enable
pf" and reboot, and it doesn't work anymore for UDP queries...
> So to resume,
if PF is started automatically at boot on host B (rcctl enable
> pf) then UDP
don't pass but if I start it manually (pfctl -e && pfctl -f
> /etc/pf.conf),
it works.
> 
> I've tried tcpdump -nettti pflog0 during DNS/NTP
> queries but
I don't see anything blocked. As I said, if I try tcpdump -nettti
> em0 I can
even see the answer from the DNS server coming back but dig doesn't
> get it.
> 
> I just don't understand why my UDP packets don't pass, so if you have
> a
idea, you're welcome ;)
> 
> thanks.
> 
> This my setup on Host B (Host A is
>
similar)
> 
> ipsec.conf:
> ---
> 
> ike active esp proto etherip from
$local_gw
> to $remote_gw \
> main auth "hmac-sha1" enc "aes-128" group
modp2048
> lifetime 1800 \
> quick enc "aes-128-gcm" group modp2048 lifetime
1200 \
> srcid $local_gw
> 
> ipsecctl -sa
> ---
> ipsecctl -sa
>
FLOWS:
> flow esp in
> proto etherip from 10.65.12.10 to 10.65.13.10 peer
10.65.12.10 srcid
> 10.65.13.10/32 dstid 10.65.12.10/32 type use
> flow esp
out proto etherip from
> 10.65.13.10 to 10.65.12.10 peer 10.65.12.10 srcid
10.65.13.10/32 dstid
> 10.65.12.10/32 type require
> 
> SAD:
> esp tunnel from
10.65.13.10 to 10.65.12.10
> spi 0xd5acc570 enc aes-128-gcm
> esp tunnel from
10.65.12.10 to 10.65.13.10 spi
> 0xe19efd9f enc aes-128-gcm
> 
> pf.conf:
>

> ext_if = "em2"
> int_if =
> "internal"
> 
> match in all scrub
(no-df random-id max-mss 1200)
> antispoof for {
> $ext_if, $int_if } inet
>
set skip on { lo, enc, $int_if }
> set loginterface
> $ext_if
> match out on
$ext_if from any to any nat-to ($ext_if)
> block log all
> pass quick on em0
>
> # VPN
> pass in on $ext_if proto udp from any to $ext_if port
> { isakmp,
ipsec-nat-t }
> pass out on $ext_if proto udp from $ext_if to any port
> {
isakmp, ipsec-nat-t }
> pass in on $ext_if proto esp from any to $ext_if
>
pass
> out on $ext_if proto esp from $ext_if to any
> 
>
/etc/hostname.bridge0:
> --
> link2
> add etherip0
> add
vether0
> add em0
> group "internal"
> up
> 
> /etc/hostname.etherip0
>
--
> tunnel 10.65.13.10
> 10.65.12.10
> group internal
>
up
> 
> /etc/hostname.vether0
> -
> inet 10.14.254.35
255.255.0.0 NONE
> description "Interconnexion"
> group
> "internal"
> up
> 
>
/etc/hostname.em0
> --
> up
> 
> /etc/hostname.em2
>
--
> inet 10.65.13.10 255.255.255.0 NONE
> description "Evil
>
Network"
> group "external"
> up
> !route add -inet 10.65.12.0/24 10.65.13.1
>
/etc/sysctl.conf
> 
> net.inet.ip.forwarding=1
>
net.inet.etherip.allow=1
> 
> 28 mars 2017 16:40 "Scott Bonds" <sc...@ggr.com>
a écrit:
> 
>> Interesting. I may have a similar problem and was planning to
post about it soon...in my case I've
>> been playing with rdomains, using PF
to NAT
>> between them, and ikedv2. I've found that when I use ikedv2 to layer
IPSEC on top of my NATing
>> traffic between rdomains, TCP passes fine, UDP
does not, though I can see requests and replies
>> moving across enc0 (DNS
requests that show the answer in the tcpdump output). So, host -T
>>
google.com 8.8.8.8 (TCP DNS lookup) works but host google.com 8.8.8.8 (UDP DNS
lookup) does not.
> 
> Hi,
> 
> up ! :)
> 
> Any idea about this problem ? Is
it a bug ? Or maybe a wrong setup ?
> 
> Thanks guys
> 
> Morgan

Hi,

i've
just noticed that pf states are different when PF is enabled at boot or not.
So when it is enabled at boot:

all udp 10.65.13.10:56371 (10.65.13.10:4500)
-> 10.65.12.10:4500 MULTIPLE:MULTIPLE (then in this
case UDP requests don't
work)

When PF is enabled manually (pfctl -e && pfctl -f /etc/pf.conf):

all
esp 10.65.13.10 -> 10.65.12.10 MULTIPLE:MULTIPLE (in this case UDP works)

Any
idea ? does this help ?

Thanks

Re: strange behaviour with etherip bridge over IPSEC and UDP queries

[Comète]

> On 03/28, Comète wrote:
> 
>> Hi,
>> 
>> I'm trying to build an IPSEC
encrypted tunnel that works as a bridge. For
>> this, I use isakmpd and
etherip, vether, bridge interfaces. On each VPN server
>> (Host A and B), I've
got PF running on the external interface (em2). Both
>> hosts run OpenBSD 6.0
stable amd64.
>> Host A is my main server and host B is the
>> client.
>> 
>>
Now the strange part:
>> 
>> - If PF is running on each host (A and B),
>> UDP
queries from B to A network don't work (UDP only, TCP is ok. But I can see
>>
UDP packets with tcpdump going from B to A and coming back but they don't go
>> out from the interface)
>> 
>> - I disable PF on Host B only with "rcctl
disable pf
>> && reboot", all is working after reboot, all queries (dns,
ntp...) are well
>> sent from B to A through the VPN. Now, I enable PF again
without rebooting
>> with "pfctl -e && pfctl -f /etc/pf.conf" and it's still
working. Then I start
>> "rcctl enable pf" and reboot, and it doesn't work
anymore for UDP queries...
>> So to resume, if PF is started automatically at
boot on host B (rcctl enable
>> pf) then UDP don't pass but if I start it
manually (pfctl -e && pfctl -f
>> /etc/pf.conf), it works.
>> 
>> I've tried
tcpdump -nettti pflog0 during DNS/NTP
>> queries but I don't see anything
blocked. As I said, if I try tcpdump -nettti
>> em0 I can even see the answer
from the DNS server coming back but dig doesn't
>> get it.
>> 
>> I just don't
understand why my UDP packets don't pass, so if you have
>> a idea, you're
welcome ;)
>> 
>> thanks.
>> 
>> This my setup on Host B (Host A is
>>
similar)
>> 
>> ipsec.conf:
>> ---
>> 
>> ike active esp proto etherip
from $local_gw
>> to $remote_gw \
>> main auth "hmac-sha1" enc "aes-128" group
modp2048
>> lifetime 1800 \
>> quick enc "aes-128-gcm" group modp2048 lifetime
1200 \
>> srcid $local_gw
>> 
>> ipsecctl -sa
>> ---
>> ipsecctl -sa
>> FLOWS:
>> flow esp in
>> proto etherip from 10.65.12.10 to 10.65.13.10 peer
10.65.12.10 srcid
>> 10.65.13.10/32 dstid 10.65.12.10/32 type use
>> flow esp
out proto etherip from
>> 10.65.13.10 to 10.65.12.10 peer 10.65.12.10 srcid
10.65.13.10/32 dstid
>> 10.65.12.10/32 type require
>> 
>> SAD:
>> esp tunnel
from 10.65.13.10 to 10.65.12.10
>> spi 0xd5acc570 enc aes-128-gcm
>> esp
tunnel from 10.65.12.10 to 10.65.13.10 spi
>> 0xe19efd9f enc aes-128-gcm
>>
>> pf.conf:
>> 
>> ext_if = "em2"
>> int_if =
>> "internal"
>> 
>>
match in all scrub (no-df random-id max-mss 1200)
>> antispoof for {
>>
$ext_if, $int_if } inet
>> set skip on { lo, enc, $int_if }
>> set
loginterface
>> $ext_if
>> match out on $ext_if from any to any nat-to
($ext_if)
>> block log all
>> pass quick on em0
>> 
>> # VPN
>> pass in on
$ext_if proto udp from any to $ext_if port
>> { isakmp, ipsec-nat-t }
>> pass
out on $ext_if proto udp from $ext_if to any port
>> { isakmp, ipsec-nat-t }
>> pass in on $ext_if proto esp from any to $ext_if
>> pass
>> out on $ext_if
proto esp from $ext_if to any
>> 
>> /etc/hostname.bridge0:
>>
--
>> link2
>> add etherip0
>> add vether0
>> add em0
>>
group "internal"
>> up
>> 
>> /etc/hostname.etherip0
>> --
>> tunnel 10.65.13.10
>> 10.65.12.10
>> group internal
>> up
>> 
>>
/etc/hostname.vether0
>> -
>> inet 10.14.254.35
255.255.0.0 NONE
>> description "Interconnexion"
>> group
>> "internal"
>> up
>> 
>> /etc/hostname.em0
>> --
>> up
>> 
>> /etc/hostname.em2
>> --
>> inet 10.65.13.10 255.255.255.0 NONE
>> description
"Evil
>> Network"
>> group "external"
>> up
>> !route add -inet 10.65.12.0/24
10.65.13.1
>> /etc/sysctl.conf
>> 
>> net.inet.ip.forwarding=1
>> net.inet.etherip.allow=1

28 mars 2017 16:40 "Scott Bonds" <sc...@ggr.com>
a écrit:

> Interesting. I may have a similar problem and was planning to
post about it soon...in my case I've
> been playing with rdomains, using PF to
NAT
> between them, and ikedv2. I've found that when I use ikedv2 to layer
IPSEC on top of my NATing
> traffic between rdomains, TCP passes fine, UDP
does not, though I can see requests and replies
> moving across enc0 (DNS
requests that show the answer in the tcpdump output). So, host -T
> google.com
8.8.8.8 (TCP DNS lookup) works but host google.com 8.8.8.8 (UDP DNS lookup)
does not.
> 

Hi,

up ! :)

Any idea about this problem ? Is it a bug ? Or
maybe a wrong setup ?

Thanks guys

Morgan

Re: strange behaviour with etherip bridge over IPSEC and UDP queries

[Comète]

28 mars 2017 16:40 "Scott Bonds" <sc...@ggr.com> a écrit:

> Interesting. I
may have a similar problem and was planning to post about it soon...in my case
I've
> been playing with rdomains, using PF to NAT
> between them, and ikedv2.
I've found that when I use ikedv2 to layer IPSEC on top of my NATing
> traffic
between rdomains, TCP passes fine, UDP does not, though I can see requests and
replies
> moving across enc0 (DNS requests that show the answer in the tcpdump
output). So, host -T
> google.com 8.8.8.8 (TCP DNS lookup) works but host
google.com 8.8.8.8 (UDP DNS lookup) does not.
> 
> On 03/28, Comète wrote:
>
>> Hi,
>> 
>> I'm trying to build an IPSEC encrypted tunnel that works as a
bridge. For
>> this, I use isakmpd and etherip, vether, bridge interfaces. On
each VPN server
>> (Host A and B), I've got PF running on the external
interface (em2). Both
>> hosts run OpenBSD 6.0 stable amd64.
>> Host A is my
main server and host B is the
>> client.
>> 
>> Now the strange part:
>> 
>> -
If PF is running on each host (A and B),
>> UDP queries from B to A network
don't work (UDP only, TCP is ok. But I can see
>> UDP packets with tcpdump
going from B to A and coming back but they don't go
>> out from the interface)
>> 
>> - I disable PF on Host B only with "rcctl disable pf
>> && reboot", all
is working after reboot, all queries (dns, ntp...) are well
>> sent from B to
A through the VPN. Now, I enable PF again without rebooting
>> with "pfctl -e
&& pfctl -f /etc/pf.conf" and it's still working. Then I start
>> "rcctl
enable pf" and reboot, and it doesn't work anymore for UDP queries...
>> So to
resume, if PF is started automatically at boot on host B (rcctl enable
>> pf)
then UDP don't pass but if I start it manually (pfctl -e && pfctl -f
>>
/etc/pf.conf), it works.
>> 
>> I've tried tcpdump -nettti pflog0 during
DNS/NTP
>> queries but I don't see anything blocked. As I said, if I try
tcpdump -nettti
>> em0 I can even see the answer from the DNS server coming
back but dig doesn't
>> get it.
>> 
>> I just don't understand why my UDP
packets don't pass, so if you have
>> a idea, you're welcome ;)
>> 
>> thanks.
>> 
>> This my setup on Host B (Host A is
>> similar)
>> 
>> ipsec.conf:
>>
---
>> 
>> ike active esp proto etherip from $local_gw
>> to
$remote_gw \
>> main auth "hmac-sha1" enc "aes-128" group modp2048
>> lifetime
1800 \
>> quick enc "aes-128-gcm" group modp2048 lifetime 1200 \
>> srcid
$local_gw
>> 
>> ipsecctl -sa
>> ---
>> ipsecctl -sa
>> FLOWS:
>> flow
esp in
>> proto etherip from 10.65.12.10 to 10.65.13.10 peer 10.65.12.10 srcid
>> 10.65.13.10/32 dstid 10.65.12.10/32 type use
>> flow esp out proto etherip
from
>> 10.65.13.10 to 10.65.12.10 peer 10.65.12.10 srcid 10.65.13.10/32 dstid
>> 10.65.12.10/32 type require
>> 
>> SAD:
>> esp tunnel from 10.65.13.10 to
10.65.12.10
>> spi 0xd5acc570 enc aes-128-gcm
>> esp tunnel from 10.65.12.10
to 10.65.13.10 spi
>> 0xe19efd9f enc aes-128-gcm
>> 
>> pf.conf:
>> 
>> ext_if = "em2"
>> int_if =
>> "internal"
>> 
>> match in all scrub (no-df
random-id max-mss 1200)
>> antispoof for {
>> $ext_if, $int_if } inet
>> set
skip on { lo, enc, $int_if }
>> set loginterface
>> $ext_if
>> match out on
$ext_if from any to any nat-to ($ext_if)
>> block log all
>> pass quick on em0
>> 
>> # VPN
>> pass in on $ext_if proto udp from any to $ext_if port
>> {
isakmp, ipsec-nat-t }
>> pass out on $ext_if proto udp from $ext_if to any
port
>> { isakmp, ipsec-nat-t }
>> pass in on $ext_if proto esp from any to
$ext_if
>> pass
>> out on $ext_if proto esp from $ext_if to any
>> 
>>
/etc/hostname.bridge0:
>> --
>> link2
>> add etherip0
>>
add vether0
>> add em0
>> group "internal"
>> up
>> 
>> /etc/hostname.etherip0
>> --
>> tunnel 10.65.13.10
>> 10.65.12.10
>> group
internal
>> up
>> 
>> /etc/hostname.vether0
>> -
>> inet
10.14.254.35 255.255.0.0 NONE
>> description "Interconnexion"
>> group
>>
"internal"
>> up
>> 
>> /etc/hostname.em0
>> --
>> up
>> 
>>
/etc/hostname.em2
>> --
>> inet 10.65.13.10 255.255.255.0 NONE
>> description "Evil
>> Network"
>> group "external"
>> up
>> !route add -inet
10.65.12.0/24 10.65.13.1
>> /etc/sysctl.conf
>> 
>>
net.inet.ip.forwarding=1
>> net.inet.etherip.allow=1


Yes this is exactly
what I have noticed too, I can clearly see the reply of my DNS query with the
DNS record resolved, but it stops here, dig can't get it. All TCP queries are
ok but no UDP at all (dns, ntp, tcpbench -u, ...)

strange behaviour with etherip bridge over IPSEC and UDP queries

[Comète]

Hi,

I'm trying to build an IPSEC encrypted tunnel that works as a bridge. For
this, I use isakmpd and etherip, vether, bridge interfaces. On each VPN server
(Host A and B), I've got PF running on the external interface (em2). Both
hosts run OpenBSD 6.0 stable amd64.
Host A is my main server and host B is the
client. 

Now the strange part:

- If PF is running on each host (A and B),
UDP queries from B to A network don't work (UDP only, TCP is ok. But I can see
UDP packets with tcpdump going from B to A and coming back but they don't go
out from the interface)

- I disable PF on Host B only with "rcctl disable pf
&& reboot", all is working after reboot, all queries (dns, ntp...) are well
sent from B to A through the VPN. Now, I enable PF again without rebooting
with "pfctl -e && pfctl -f /etc/pf.conf" and it's still working. Then I start
"rcctl enable pf" and reboot, and it doesn't work anymore for UDP queries...
So to resume, if PF is started automatically at boot on host B (rcctl enable
pf) then UDP don't pass but if I start it manually (pfctl -e && pfctl -f
/etc/pf.conf), it works.

I've tried tcpdump -nettti pflog0 during DNS/NTP
queries but I don't see anything blocked. As I said, if I try tcpdump -nettti
em0 I can even see the answer from the DNS server coming back but dig doesn't
get it.

I just don't understand why my UDP packets don't pass, so if you have
a idea, you're welcome ;)

thanks.

This my setup on Host B (Host A is
similar)

ipsec.conf:
---

ike active esp proto etherip from $local_gw
to $remote_gw \
main auth "hmac-sha1" enc "aes-128" group modp2048
lifetime 1800 \
quick enc "aes-128-gcm" group modp2048 lifetime 1200 \
srcid $local_gw

ipsecctl -sa
---
ipsecctl -sa
FLOWS:
flow esp in
proto etherip from 10.65.12.10 to 10.65.13.10 peer 10.65.12.10 srcid
10.65.13.10/32 dstid 10.65.12.10/32 type use
flow esp out proto etherip from
10.65.13.10 to 10.65.12.10 peer 10.65.12.10 srcid 10.65.13.10/32 dstid
10.65.12.10/32 type require

SAD:
esp tunnel from 10.65.13.10 to 10.65.12.10
spi 0xd5acc570 enc aes-128-gcm
esp tunnel from 10.65.12.10 to 10.65.13.10 spi
0xe19efd9f enc aes-128-gcm

pf.conf:

ext_if = "em2"
int_if =
"internal"

match in all scrub (no-df random-id max-mss 1200)
antispoof for {
$ext_if, $int_if } inet
set skip on { lo, enc, $int_if }
set loginterface
$ext_if
match out on $ext_if from any to any nat-to ($ext_if)
block log all
pass quick on em0

# VPN
pass in on $ext_if proto udp from any to $ext_if port
{ isakmp, ipsec-nat-t }
pass out on $ext_if proto udp from $ext_if to any port
{ isakmp, ipsec-nat-t }
pass in on $ext_if proto esp from any to $ext_if
pass
out on $ext_if proto esp from $ext_if to any

/etc/hostname.bridge0:
--
link2
add etherip0
add vether0
add em0
group "internal"
up

/etc/hostname.etherip0
--
tunnel 10.65.13.10
10.65.12.10
group internal
up

/etc/hostname.vether0
-
inet 10.14.254.35 255.255.0.0 NONE
description "Interconnexion"
group
"internal"
up

/etc/hostname.em0
--
up

/etc/hostname.em2
--
inet 10.65.13.10 255.255.255.0 NONE
description "Evil
Network"
group "external"
up
!route add -inet 10.65.12.0/24 10.65.13.1
/etc/sysctl.conf

net.inet.ip.forwarding=1
net.inet.etherip.allow=1

Re: jme0: watchdog timeout

[Comète]

9 février 2017 18:40 "Daniel Bolgheroni" <dan...@bolgh.eng.br> a écrit:

>
On Wed, Feb 08, 2017 at 10:04:04AM +, Comète wrote:
> 
>> Hi,
>> 
>> I
use OpenBSD 6.0 amd64 (stable) on a Shuttle XS35v2. I've installed
>> "ushare"
but same problem with "minidlna" and I don't think the problem comes
>> from
these apps... When I try to read a big file (ex.: a 1Go video) from my
>> DLNA
player, nothing starts playing and the jme driver on the Shuttle reports
>>
these warnings on dmesg:
>> 
>> jme0: watchdog timeout
>> jme0: stopping
transmitter
>> timeout!
>> jme0: stopping transmitter timeout!
>> jme0:
stopping transmitter
>> timeout!
>> jme0: watchdog timeout
>> jme0: stopping
transmitter timeout!
>> jme0:
>> stopping transmitter timeout!
>> jme0:
watchdog timeout
>> jme0: stopping
>> transmitter timeout!
>> jme0: stopping
transmitter timeout!
>> jme0: stopping
>> transmitter timeout!
>> jme0:
watchdog timeout
>> jme0: stopping transmitter
>> timeout!
>> jme0: stopping
transmitter timeout!
>> jme0: watchdog timeout
>> jme0:
>> watchdog timeout
>>
>> and the NIC sometimes stops working until I reboot the
>> machine.
>> 
>> I
saw an identical report on the mailing list some time ago, but I
>> didn't
manage to find it.
> 
> I did report to bugs@ a while ago:
> 
>
http://marc.info/?l=openbsd-bugs=146958374430709=2
> 
> --
> db

Ah ok
thanks, it was this post indeed ;) The man page says that Jonathan Gray ported
this driver and I had some mails exchange too with Brad Smith some years ago
who fixed some bugs on this driver. 
Did one of them already contact you about
this problem ?

Thanks.

Morgan

jme0: watchdog timeout

[Comète]

Hi,

I use OpenBSD 6.0 amd64 (stable) on a Shuttle XS35v2. I've installed
"ushare" but same problem with "minidlna" and I don't think the problem comes
from these apps... When I try to read a big file (ex.: a 1Go video) from my
DLNA player, nothing starts playing and the jme driver on the Shuttle reports
these warnings on dmesg:

jme0: watchdog timeout
jme0: stopping transmitter
timeout!
jme0: stopping transmitter timeout!
jme0: stopping transmitter
timeout!
jme0: watchdog timeout
jme0: stopping transmitter timeout!
jme0:
stopping transmitter timeout!
jme0: watchdog timeout
jme0: stopping
transmitter timeout!
jme0: stopping transmitter timeout!
jme0: stopping
transmitter timeout!
jme0: watchdog timeout
jme0: stopping transmitter
timeout!
jme0: stopping transmitter timeout!
jme0: watchdog timeout
jme0:
watchdog timeout

and the NIC sometimes stops working until I reboot the
machine.

I saw an identical report on the mailing list some time ago, but I
didn't manage to find it.

I join my dmesg if it can help.

Thanks for your
help.

Morgan
OpenBSD 6.0 (GENERIC.MP) #2: Mon Oct 17 10:22:47 CEST 2016

r...@stable-60-amd64.mtier.org:/binpatchng/work-binpatch60-amd64/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 2120941568 (2022MB)
avail mem = 2052247552 (1957MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xfc8b0 (23 entries)
bios0: vendor American Megatrends Inc. version "2.01" date 11/14/2012
bios0: Shuttle Inc. XS35
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC MCFG SLIC OEMB HPET GSCI
acpi0: wakeup devices P0P1(S4) AZAL(S3) P0P4(S4) P0P5(S4) JLAN(S3) P0P6(S4) 
RLAN(S3) P0P7(S4) P0P8(S4) P0P9(S4) USB0(S3) USB1(S3) USB2(S3) USB3(S3) EUSB(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Atom(TM) CPU D525 @ 1.80GHz, 2154.87 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF,PERF,SENSOR
cpu0: 512KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 199MHz
cpu0: mwait min=64, max=64, C-substates=0.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Atom(TM) CPU D525 @ 1.80GHz, 1795.50 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF,PERF,SENSOR
cpu1: 512KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 1 (application processor)
cpu2: Intel(R) Atom(TM) CPU D525 @ 1.80GHz, 1795.50 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF,PERF,SENSOR
cpu2: 512KB 64b/line 8-way L2 cache
cpu2: smt 1, core 0, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Atom(TM) CPU D525 @ 1.80GHz, 1795.50 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF,PERF,SENSOR
cpu3: 512KB 64b/line 8-way L2 cache
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 4 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 4 (P0P1)
acpiprt2 at acpi0: bus 1 (P0P4)
acpiprt3 at acpi0: bus 2 (P0P5)
acpiprt4 at acpi0: bus -1 (P0P6)
acpiprt5 at acpi0: bus 3 (P0P7)
acpiprt6 at acpi0: bus -1 (P0P8)
acpiprt7 at acpi0: bus -1 (P0P9)
acpiec0 at acpi0
acpicpu0 at acpi0: C1(@1 halt!)
acpicpu1 at acpi0: C1(@1 halt!)
acpicpu2 at acpi0: C1(@1 halt!)
acpicpu3 at acpi0: C1(@1 halt!)
acpitz0 at acpi0: critical temperature is 104 degC
"PNP0303" at acpi0 not configured
"PNP0F03" at acpi0 not configured
acpibtn0 at acpi0: SLPB
acpibtn1 at acpi0: PWRB
"PNP0C14" at acpi0 not configured
acpivideo0 at acpi0: GFX0
acpivout0 at acpivideo0: LCD_
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Pineview DMI" rev 0x02
inteldrm0 at pci0 dev 2 function 0 "Intel Pineview Video" rev 0x02
drm0 at inteldrm0
intagp0 at inteldrm0
agp0 at intagp0: aperture at 0xd000, size 0x1000
inteldrm0: msi
inteldrm0: 1024x768
wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
"Intel Pineview Video" rev 0x02 at pci0 dev 2 function 1 not configured
azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: msi
azalia0: codecs: IDT 92HD81B1X
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02: msi
pci1 at ppb0 bus 1
ppb1 

strange behaviour with route-to, default route, and ping -I

[Comète]

Hello,

I use route-to in my pf.conf to route packets from my LAN through 4
non-equal WAN links (multipath routing is disabled). It works nicely, but if I
try to send pings from the firewall itself through a specific WAN interface
with ping -I or traceroute -s commands, it's always the default route on the
FW that is used. I means the pings are always sent through the default route,
I can see them with tcpdump. I've tried to change the default route, then this
new one will be used whatever WAN interface I choose to send my pings, so it
really seems to be related to default route.
I'm sure i've forgotten
something, but I can't see what...

Thanks for your help

Morgan

Re: OSPFD over IPSEC

[Comète]

14 novembre 2016 22:50 "Remi Locherer" <remi.loche...@relo.ch> a écrit:
> On
Mon, Nov 14, 2016 at 04:50:21PM +, Comète wrote:
> 
>> 14 novembre 2016
14:50 "Remi Locherer" <remi.loche...@relo.ch> a écrit:
>> On
>> 2016-11-14
12:48, Comète wrote:
>> 
>> Hi,
>> I'm trying to run OSPFD over
>> IPSEC with
OpenBSD 6.0 stable, so I first
>> start looking at >
>>
http://undeadly.org/cgi?action=article=20131105075303
>> Now that etherip
>> has it's own interface in 6.0, I tried to replace gif > with
>> etherip
like
>> this:
> 
> [...]
> 
>> Can
>> you show pf.conf? Are there any blocks
if you check on pflog0 with tcpdump?
>> 
>> But why do you want to have
Ethernet frames tunneled? If you use gif
>> interfaces
>> and make ospfd
beeing active on it you save a few bits. That way
>> you can make
>> the MTU
bigger.
>> https://cway.cisco.com/tools/ipsec-overhead-calc can give you
>>
and idea how
>> big your MTU can be (needs an account but is free).
>> 
>> Be
careful when
>> configuring gif interfaces. ospfd only recognizes that it is a
>> 
>> point-to-point interface when you configure the netmask as
255.255.255.255.
>> I finally got it working. I forgot the 'link2' option in
/etc/hostname.bridge0
>> :
>> 
>> -=>> cat /etc/hostname.bridge0
>> add
etherip0 add vether0
>> up link2
>> 
>> but it
>> wasn't enough...
>> I had to
set 'net.inet.etherip.allow=1' in sysctl.conf
>> despite what it is said in
the 'etherip' man page:
>> 
>> "The sysctl(3) variable
>>
net.inet.etherip.allow must be set to 1, unless ipsec(4) is being used to
>>
protect the traffic."
>> 
>> This is what I don't understand, is there any
>>
particular case in this configuration or maybe something changed in 6.0 ?
>>
thanks
> 
> I can not tell you what is wrong with your configuration. Im not
using
> etherip. But why do you think you need to tunnel Ethernet? You don't
need it
> for ospf. rWWith gif interfaces you're doing ip-over-ip and don't
need
> bridge and vether. Then just add the gif interface to ospfd.conf.
I've made another test with GIF and vether interfaces following this tutorial:
http://undeadly.org/cgi?action=article=20131105075303 (the author talked
about multicast problems when using only gif...). It works too and I can see a
bandwith gain of 13 Mbps, with ipsec (aes-128-gcm) and pf enabled, compared to
the same setup with etherip interfaces. But again I needed to set
net.inet.etherip.allow=1 to make it work.

Re: OSPFD over IPSEC

[Comète]

14 novembre 2016 22:50 "Remi Locherer" <remi.loche...@relo.ch> a écrit:
> On
Mon, Nov 14, 2016 at 04:50:21PM +, Comète wrote:
> 
>> 14 novembre 2016
14:50 "Remi Locherer" <remi.loche...@relo.ch> a écrit:
>> On
>> 2016-11-14
12:48, Comète wrote:
>> 
>> Hi,
>> I'm trying to run OSPFD over
>> IPSEC with
OpenBSD 6.0 stable, so I first
>> start looking at >
>>
http://undeadly.org/cgi?action=article=20131105075303
>> Now that etherip
>> has it's own interface in 6.0, I tried to replace gif > with
>> etherip
like
>> this:
> 
> [...]
> 
>> Can
>> you show pf.conf? Are there any blocks
if you check on pflog0 with tcpdump?
>> 
>> But why do you want to have
Ethernet frames tunneled? If you use gif
>> interfaces
>> and make ospfd
beeing active on it you save a few bits. That way
>> you can make
>> the MTU
bigger.
>> https://cway.cisco.com/tools/ipsec-overhead-calc can give you
>>
and idea how
>> big your MTU can be (needs an account but is free).
>> 
>> Be
careful when
>> configuring gif interfaces. ospfd only recognizes that it is a
>> 
>> point-to-point interface when you configure the netmask as
255.255.255.255.
>> I finally got it working. I forgot the 'link2' option in
/etc/hostname.bridge0
>> :
>> 
>> -=>> cat /etc/hostname.bridge0
>> add
etherip0 add vether0
>> up link2
>> 
>> but it
>> wasn't enough...
>> I had to
set 'net.inet.etherip.allow=1' in sysctl.conf
>> despite what it is said in
the 'etherip' man page:
>> 
>> "The sysctl(3) variable
>>
net.inet.etherip.allow must be set to 1, unless ipsec(4) is being used to
>>
protect the traffic."
>> 
>> This is what I don't understand, is there any
>>
particular case in this configuration or maybe something changed in 6.0 ?
>>
thanks
> 
> I can not tell you what is wrong with your configuration. Im not
using
> etherip. But why do you think you need to tunnel Ethernet? You don't
need it
> for ospf. rWWith gif interfaces you're doing ip-over-ip and don't
need
> bridge and vether. Then just add the gif interface to ospfd.conf.


Ok,
good to know, I will test this too. In fact, I will need etherip for some
sites where I use VLANS. But for others, IP over IP will be ok. So thank you
for the advice.

If someone knows why, with etherip over IPSEC, I had to set
'net.inet.etherip.allow=1' in sysctl.conf ? The question is still opened...
Thanks

Re: OSPFD over IPSEC

[Comète]

14 novembre 2016 14:50 "Remi Locherer" <remi.loche...@relo.ch> a écrit:
> On
2016-11-14 12:48, Comète wrote:
> 
>> Hi,
>> I'm trying to run OSPFD over
IPSEC with OpenBSD 6.0 stable, so I first
>> start looking at >
http://undeadly.org/cgi?action=article=20131105075303
>> Now that etherip
has it's own interface in 6.0, I tried to replace gif > with
>> etherip like
this:
>> On one host:
>> 
>> -=>> cat /etc/hostname.bridge0
>> add
etherip0 add vether0
>> up
>> -=>> cat /etc/hostname.vether0
>> inet
10.60.10.2
>> 255.255.255.0 NONE up
>> -=>> cat /etc/hostname.etherip0
>>
tunnel 1.2.3.4 4.3.2.1
>> up
>> -=>> doas cat /etc/ipsec.conf
>> ike active
esp proto etherip from 1.2.3.4 to
>> 4.3.2.1 psk "mypassword"
>>> -=>> doas
ipsecctl -sa
>> FLOWS:
>> flow esp in proto
>> etherip from 4.3.2.1 to 1.2.3.4
peer 4.3.2.1 srcid 1.2.3.4/32 dstid > 4.3.2.1/32
>> type use
>> flow esp out
proto etherip from 1.2.3.4 to 4.3.2.1 peer 4.3.2.1 srcid
>> 1.2.3.4/32 dstid
4.3.2.1/32 type require
>> SAD:
>> esp tunnel from 4.3.2.1 to
>> 1.2.3.4 spi
0x3d8e9212 auth hmac-sha2-256 enc aes
>> esp tunnel from 1.2.3.4 to
>> 4.3.2.1
spi 0x900fc2c5 auth hmac-sha2-256 enc aes
>>> On the other host:
>>
--
>> -=>> cat /etc/hostname.bridge0
>> add etherip0 add
vether0
>> up
>> -=>> cat /etc/hostname.vether0
>> inet 10.60.10.1
255.255.255.0 NONE up
>> -=>> cat
>> /etc/hostname.etherip0
>> tunnel 4.3.2.1
1.2.3.4 up
>> -=>> doas cat
>> /etc/ipsec.conf
>> ike passive esp proto
etherip from 4.3.2.1 to 1.2.3.4 psk
>> "mypassword"
>>> -=>> doas ipsecctl -sa
>> FLOWS:
>> flow esp in proto etherip from
>> 1.2.3.4 to 4.3.2.1 peer 1.2.3.4
srcid 4.3.2.1/32 dstid 1.2.3.4/32 type > use
>> flow esp out proto etherip
from 4.3.2.1 to 1.2.3.4 peer 1.2.3.4 srcid
>> 4.3.2.1/32 dstid 1.2.3.4/32 type
require
>> SAD:
>> esp tunnel from 4.3.2.1 to
>> 1.2.3.4 spi 0x3d8e9212 auth
hmac-sha2-256 enc aes
>> esp tunnel from 1.2.3.4 to
>> 4.3.2.1 spi 0x900fc2c5
auth hmac-sha2-256 enc aes
>>> I forgot to mention that i
>> didn't set
net.inet.etherip.allow=1 and let it set to 0, as said in > "etherip"
>> man
page, because I use IPSEC.
>> As you can see the ipsec VPN is well
>>
established, but my problem is that I can't ping 10.60.10.1 from > 10.60.10.2
>> and 10.60.10.2 from 10.60.10.1.
>> On each vether interface, tcpdump
-nettti
>> shows me that nothing is going out of them.
>> Any idea ?
> 
> Can
you show pf.conf? Are there any blocks if you check on pflog0 with tcpdump?
>
> But why do you want to have Ethernet frames tunneled? If you use gif
interfaces
> and make ospfd beeing active on it you save a few bits. That way
you can make
> the MTU bigger.
https://cway.cisco.com/tools/ipsec-overhead-calc can give you
> and idea how
big your MTU can be (needs an account but is free).
> 
> Be careful when
configuring gif interfaces. ospfd only recognizes that it is a
>
point-to-point interface when you configure the netmask as 255.255.255.255.
I finally got it working. I forgot the 'link2' option in /etc/hostname.bridge0
:

-=>> cat /etc/hostname.bridge0
add etherip0 add vether0
up link2

but it
wasn't enough...
I had to set 'net.inet.etherip.allow=1' in sysctl.conf
despite what it is said in the 'etherip' man page:

"The sysctl(3) variable
net.inet.etherip.allow must be set to 1, unless ipsec(4) is being used to
protect the traffic."

This is what I don't understand, is there any
particular case in this configuration or maybe something changed in 6.0 ?
thanks

Re: OSPFD over IPSEC

[Comète]

14 novembre 2016 14:50 "Remi Locherer" <remi.loche...@relo.ch> a écrit:
> On
2016-11-14 12:48, Comète wrote:
> 
>> Hi,
>> I'm trying to run OSPFD over
IPSEC with OpenBSD 6.0 stable, so I first
>> start looking at >
http://undeadly.org/cgi?action=article=20131105075303
>> Now that etherip
has it's own interface in 6.0, I tried to replace gif > with
>> etherip like
this:
>> On one host:
>> 
>> -=>> cat /etc/hostname.bridge0
>> add
etherip0 add vether0
>> up
>> -=>> cat /etc/hostname.vether0
>> inet
10.60.10.2
>> 255.255.255.0 NONE up
>> -=>> cat /etc/hostname.etherip0
>>
tunnel 1.2.3.4 4.3.2.1
>> up
>> -=>> doas cat /etc/ipsec.conf
>> ike active
esp proto etherip from 1.2.3.4 to
>> 4.3.2.1 psk "mypassword"
>>> -=>> doas
ipsecctl -sa
>> FLOWS:
>> flow esp in proto
>> etherip from 4.3.2.1 to 1.2.3.4
peer 4.3.2.1 srcid 1.2.3.4/32 dstid > 4.3.2.1/32
>> type use
>> flow esp out
proto etherip from 1.2.3.4 to 4.3.2.1 peer 4.3.2.1 srcid
>> 1.2.3.4/32 dstid
4.3.2.1/32 type require
>> SAD:
>> esp tunnel from 4.3.2.1 to
>> 1.2.3.4 spi
0x3d8e9212 auth hmac-sha2-256 enc aes
>> esp tunnel from 1.2.3.4 to
>> 4.3.2.1
spi 0x900fc2c5 auth hmac-sha2-256 enc aes
>>> On the other host:
>>
--
>> -=>> cat /etc/hostname.bridge0
>> add etherip0 add
vether0
>> up
>> -=>> cat /etc/hostname.vether0
>> inet 10.60.10.1
255.255.255.0 NONE up
>> -=>> cat
>> /etc/hostname.etherip0
>> tunnel 4.3.2.1
1.2.3.4 up
>> -=>> doas cat
>> /etc/ipsec.conf
>> ike passive esp proto
etherip from 4.3.2.1 to 1.2.3.4 psk
>> "mypassword"
>>> -=>> doas ipsecctl -sa
>> FLOWS:
>> flow esp in proto etherip from
>> 1.2.3.4 to 4.3.2.1 peer 1.2.3.4
srcid 4.3.2.1/32 dstid 1.2.3.4/32 type > use
>> flow esp out proto etherip
from 4.3.2.1 to 1.2.3.4 peer 1.2.3.4 srcid
>> 4.3.2.1/32 dstid 1.2.3.4/32 type
require
>> SAD:
>> esp tunnel from 4.3.2.1 to
>> 1.2.3.4 spi 0x3d8e9212 auth
hmac-sha2-256 enc aes
>> esp tunnel from 1.2.3.4 to
>> 4.3.2.1 spi 0x900fc2c5
auth hmac-sha2-256 enc aes
>>> I forgot to mention that i
>> didn't set
net.inet.etherip.allow=1 and let it set to 0, as said in > "etherip"
>> man
page, because I use IPSEC.
>> As you can see the ipsec VPN is well
>>
established, but my problem is that I can't ping 10.60.10.1 from > 10.60.10.2
>> and 10.60.10.2 from 10.60.10.1.
>> On each vether interface, tcpdump
-nettti
>> shows me that nothing is going out of them.
>> Any idea ?
> 
> Can
you show pf.conf? Are there any blocks if you check on pflog0 with tcpdump?
pf is disabled on both ends

> 
> But why do you want to have Ethernet frames
tunneled? If you use gif interfaces
> and make ospfd beeing active on it you
save a few bits. That way you can make
> the MTU bigger.
https://cway.cisco.com/tools/ipsec-overhead-calc can give you
> and idea how
big your MTU can be (needs an account but is free).

I simply thought that
etherip interface was the new way to go, anyway I just tried the exact same
config as explained here:
http://undeadly.org/cgi?action=article=20131105075303
with gif interfaces
instead etherip and the problem is the same, I can't ping the vether interface
on the other host...

thanks for your help

OSPFD over IPSEC

[Comète]

Hi,

I'm trying to run OSPFD over IPSEC with OpenBSD 6.0 stable, so I first
start looking at http://undeadly.org/cgi?action=article=20131105075303
Now that etherip has it's own interface in 6.0, I tried to replace gif with
etherip like this:

On one host:


-=>> cat /etc/hostname.bridge0
add etherip0 add vether0
up

-=>> cat /etc/hostname.vether0
inet 10.60.10.2
255.255.255.0 NONE up

-=>> cat /etc/hostname.etherip0
tunnel 1.2.3.4 4.3.2.1
up

-=>> doas cat /etc/ipsec.conf
ike active esp proto etherip from 1.2.3.4 to
4.3.2.1 psk "mypassword"


-=>> doas ipsecctl -sa
FLOWS:
flow esp in proto
etherip from 4.3.2.1 to 1.2.3.4 peer 4.3.2.1 srcid 1.2.3.4/32 dstid 4.3.2.1/32
type use
flow esp out proto etherip from 1.2.3.4 to 4.3.2.1 peer 4.3.2.1 srcid
1.2.3.4/32 dstid 4.3.2.1/32 type require

SAD:
esp tunnel from 4.3.2.1 to
1.2.3.4 spi 0x3d8e9212 auth hmac-sha2-256 enc aes
esp tunnel from 1.2.3.4 to
4.3.2.1 spi 0x900fc2c5 auth hmac-sha2-256 enc aes


On the other host:
--

-=>> cat /etc/hostname.bridge0
add etherip0 add vether0
up
-=>> cat /etc/hostname.vether0
inet 10.60.10.1 255.255.255.0 NONE up

-=>> cat
/etc/hostname.etherip0
tunnel 4.3.2.1 1.2.3.4 up

-=>> doas cat
/etc/ipsec.conf
ike passive esp proto etherip from 4.3.2.1 to 1.2.3.4 psk
"mypassword"


-=>> doas ipsecctl -sa

FLOWS:
flow esp in proto etherip from
1.2.3.4 to 4.3.2.1 peer 1.2.3.4 srcid 4.3.2.1/32 dstid 1.2.3.4/32 type use
flow esp out proto etherip from 4.3.2.1 to 1.2.3.4 peer 1.2.3.4 srcid
4.3.2.1/32 dstid 1.2.3.4/32 type require

SAD:
esp tunnel from 4.3.2.1 to
1.2.3.4 spi 0x3d8e9212 auth hmac-sha2-256 enc aes
esp tunnel from 1.2.3.4 to
4.3.2.1 spi 0x900fc2c5 auth hmac-sha2-256 enc aes


I forgot to mention that i
didn't set net.inet.etherip.allow=1 and let it set to 0, as said in "etherip"
man page, because I use IPSEC.

As you can see the ipsec VPN is well
established, but my problem is that I can't ping 10.60.10.1 from 10.60.10.2
and 10.60.10.2 from 10.60.10.1. 

On each vether interface, tcpdump -nettti
shows me that nothing is going out of them.

Any idea ?

 
Thanks,

Morgan

Re: low bandwidth results with IPSEC enabled between two PC Engines APU2C2

[Comète]

10 novembre 2016 12:50 "Stefan Sperling"  a écrit:
 
> Yes,
that is worth trying as a workaround if you don't have
> clients that require
IKEv2. If you control both ends of the
> tunnel then there's absolutely no
reason not to try IKEv1.
> 
> I have never seen such a problem with isakmpd
but I'm not sure if
> I've ever even hit half a gigabyte in a single session
(I mostly
> use it to provide IPsec for mobile data on my phone).
> But since
isakmpd has been widely deployed for years I very
> much doubt it still has
such bugs.
> 
> Also note that it is currently impossible to run both isakmpd
> and iked on the same OpenBSD host, in case that matters.


Ok, indeed I
control both ends of the tunnel, then I give it a try.

Thank you.

Re: low bandwidth results with IPSEC enabled between two PC Engines APU2C2

[Comète]

10 novembre 2016 11:00 "Stefan Sperling" <s...@stsp.name> a écrit:

> On Thu,
Nov 10, 2016 at 09:00:07AM +, Comète wrote:
> 
>> Oh, should I understand
that IKEv2 is unusable on production ?
> 
> This question is
counter-productive because it demotivates volunteers.

My goal wasn't to
demotivate anyone. Sorry for that.

> 
> Developers may help you out of
kindness, or they may help you indirectly
> because the problem affects
themselves badly enough to make them care.
> But no volunteer will spend their
free time helping you just because
> you need something for production.
> 
>
Did you read the large letters in our licence text? Nobody here has any
>
obligation to help you with any problem you might have with the software.
> 
>
You're using software with a community of people attached to it, not some
>
product that you bought with features and promises written on the box that
>
you're now entitled to.

I don't want you to loose your free time answering my
question. I simply asked an advice, everyone is free to answer or not. And I
don't accuse anyone neither criticise the quality of the OS and the software.
Now, I can ask the question differently:

If I don't want the connection to be
reset every half gigabyte, should I better choose isakmpd ?

Thanks guys.

Re: low bandwidth results with IPSEC enabled between two PC Engines APU2C2

[Comète]

9 novembre 2016 16:40 "Stuart Henderson"  a écrit:
> On
2016-11-09, =?utf-8?B?Q29tw6h0ZQ==?=  wrote:
> 
>> Hi,
>>
>> I've made some bandwidth tests (on 6.0 stable - amd64) between two APU2C
>>
boxes connected with an Ethernet cable and an IPSEC VPN using IKEDv2. I get a
>> maximum bandwidth of 66 Avg Mbps when IPSEC is enable which is, I think,
very
>> low for an AES-NI enabled processor.
> 
> Try it with aes-128-gcm.

Ok
I will try.

> 
>> And about 30 seconds after the test is
>> started, I don't
know why, the connection is lost and I have restart IKED
>> daemon on the
"passive" host.
> 
> Anything in logs? Anything on-screen if you run iked -vd?
No, nothing strange appears if I run iked -vd.

Thanks

Re: low bandwidth results with IPSEC enabled between two PC Engines APU2C2

[Comète]

9 novembre 2016 16:40 "Christian Weisgerber" <na...@mips.inka.de> a écrit:
>
On 2016-11-09, "Comète" <com...@daknet.org> wrote:
> 
>> I've made some
bandwidth tests (on 6.0 stable - amd64) between two APU2C
>> boxes connected
with an Ethernet cable and an IPSEC VPN using IKEDv2. I get a
>> maximum
bandwidth of 66 Avg Mbps when IPSEC is enable which is, I think, very
>> low
for an AES-NI enabled processor.
> 
> Well, it still is a slow processor. For
best performance, I'd add
> "childsa enc aes-128-gcm" to the iked
configuration. The default
> cipher is aes-256-cbc with hmac-sha2-256, and the
latter has a
> noticeable performance impact.

Ok thanks for the idea, I will
test with these options.

>> And about 30 seconds after the test is
>>
started, I don't know why, the connection is lost and I have restart IKED
>>
daemon on the "passive" host.
> 
> Every half gigabyte of transferred data,
iked rekeys. There is a
> longstanding bug there that causes the ikeds to lose
synchronization.
> They will eventually resync on their own, but it takes
several
> minutes.

Oh, should I understand that IKEv2 is unusable on
production ? By the way, is it possible to reduce this delay when the iked
rekeys ?

Thanks.

low bandwidth results with IPSEC enabled between two PC Engines APU2C2

[Comète]

Hi,

I've made some bandwidth tests (on 6.0 stable - amd64) between two APU2C
boxes connected with an Ethernet cable and an IPSEC VPN using IKEDv2. I get a
maximum bandwidth of 66 Avg Mbps when IPSEC is enable which is, I think, very
low for an AES-NI enabled processor. And about 30 seconds after the test is
started, I don't know why, the connection is lost and I have restart IKED
daemon on the "passive" host.
If I disable the VPN, I get a maximum of 439 Avg
Mbps which is not fabulous for a 1 Gbps link but quite better than 66 Mbps.
The tests were made with tcpbench: tcpbench a.a.a.a on one host and tcpbench
-s on the other one.

No optimisation at all in sysctl.conf, only a default
install.

This is the IKEDv2 configuration file on host 2:

ikev2 "HDV" active
esp from $local_gw to $remote_gw \
  from $LAN_LOCAL to $LAN_HDV_INFRA
\
  peer $remote_gw srcid $local_gw psk "testpassword"

and the IKEDv2
configuration file on host 1:

ikev2 "HDV-CEV" passive esp from $local_gw to
$remote_gw \
  from $LAN_HDV_INFRA to $LAN_CEV \
  peer
$remote_gw srcid $local_gw psk "testpassword"

My question is, is there any
optimisation I can set somewhere to get a better result with max bandwidth ?
Thanks !

Morgan

Re: httpd (+ relayd ?) URL redirection, anyone?

[Comète]

26 juillet 2016 12:20 "Miles Keaton"  a écrit:
> Sorry
to bother the list with this, but still stumped after two days.
> 
> Trying to
switch from nginx to httpd, but there's just one thing left:
> 
> Having the
webserver pass some URLs to another port:
> 
> # working nginx config:
> http
{
> server {
> listen 80;
> # serving static here
> root /var/www/htdocs/test;
> # but this URL is sent to Ruby rack server
> location = /hello {
>
proxy_pass http://127.0.0.1:3000;
> }
> }
> }
> 
> I'm assuming I need relayd
to do this, but still stumped after two days of
> reading and experimenting
with man 5 relayd.conf.
> 
> Found this answer from Reyk from two years ago:
>
https://marc.info/?l=openbsd-misc=140508090726719=2
> ... but maybe the
syntax has changed since then, since relayd gives a syntax
> error for that
example, and any variation of it I've tried.
> 
> Any suggestions?
> 
> Thanks
in advance.


Hi,

maybe this should help you:
https://www.reddit.com/r/openbsd/comments/3qb2c4/some_observations_about_rela
yd/

rsync mirror for firmware.openbsd.org

[Comète]

Hi,

i would like to make an internal mirror but didn't find any rsync url to
mirror firmware.openbsd.org, is there any ?

Thanks.

Morgan

Re: OpenBSD 5.8 on VMware 5.5

[Comète]

2 décembre 2015 13:00 "Felipe Gomes"  a écrit:
> I just
wanted to thank everyone for their feedback. Thanks a lot!
> 
> You guys are
amazing.
> 
> Best regards,
> Felipe Gomes
> 
> On Wed, Dec 2, 2015 at 4:03
AM, Bruno Flueckiger  wrote:
> 
>> On 01.12.2015 16:50,
Felipe Gomes wrote:
>> 
>>> Folks,
>>> 
>>> I've been trying to search for
more information on OpenBSD as a VMWare
>>> guest, but I wasn't able to find
much... and the information is pretty
>>> much
>>> outdated.
>>> 
>>> What are
the recommendations for OpenBSD 5.8 (amd64) as a guest on VMware
>>> 5.5?
>>>
>>> Guest Operating System: should I pick "Other (64bit)" or FreeBSD?
>>> 
>>>
How does OpenBSD work with "virtual sockets" and "cores per virtual
>>>
socket"?
>>> 
>>> What is the best NIC? E1000, E1000E, VMXNET2 ENHANCED or
VMXNET3?
>>> 
>>> What is the recommended SCSI Controller? LSI Logic Parallel,
LSI Logic SAS
>>> or VMware Paravirtual?
>>> 
>>> I'd believe that all of
these options work... I just don't know which is
>>> more stable or perform
better.
>>> 
>>> Any other tips on fine tunning or special setting?
>>> 
>>>
I'm planning on migrating a few Soekris boxes to virtual machines. Is this
>>>
reliable? Is anyone running production OpenBSD servers on VMware?
>>> 
>>>
Thanks in advance!
>> 
>> I run a productive SMTP server with OpenBSD
5.8-stable on VMware 5.5 for
>> some
>> months and so far I didn't experience
any problems. Guest OS is FreeBSD,
>> NIC
>> is VMXNET3 and the controller is
LSI Logic Parallel.
>> 
>> There are plans for more OpenBSD servers on VMware
in the company I work
>> for
>> due to the small footprint of the OS and the
very good experience we have
>> so
>> far.
>> 
>> Cheers,
>> Bruno

Hi,

works
here like a charm, on prod with OpenBSD 5.8 amd64 :

Guest OS is FreeBSD 64
NIC is VMXNET3
scsi controller is paravirtual

multiple openbsd VMs on vmware
since 3 years without any problems.

Morgan

Re: Intel I211 NIC not working on Shuttle DS57U with latest snapshot

[Comète]

12 mai 2015 05:20 Jonathan Gray j...@jsg.id.au a écrit:
 On Mon, May 11, 2015 at 10:24:27PM +, Comète wrote:
 
 27 mars 2015 11:30 Brad Smith b...@comstyle.com a écrit:
 On 03/27/15 06:19, Comète wrote:
 
 Hi,
 
 i've just installed the latest snapshot on this new fanless little
 machine with 2 NICs (one I218-LM and another with I211 chipset) and the 
 I211
 is not detected, dmesg returning: EEPROM Checksum is not valid. I've 
 looked
 at man em and saw I211 was supported.
 
 Any idea ?
 
 Probably an unsupported configuration. Try this diff and see if it
 helps..
 
 http://marc.info/?l=openbsd-techm=142588283023584w=2
 
 --
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.
 
 Hi,
 
 this patch works with this machine. Thanks !
 
 Morgan
 
 Thanks for testing, I committed a modified version of that.
 It should work with future snapshots.

Nice ! Thanks !

Re: Intel I211 NIC not working on Shuttle DS57U with latest snapshot

[Comète]

27 mars 2015 11:30 Brad Smith b...@comstyle.com a écrit:
 On 03/27/15 06:19, Comète wrote:
 
 Hi,
 
 i've just installed the latest snapshot on this new fanless little
 machine with 2 NICs (one I218-LM and another with I211 chipset) and the I211
 is not detected, dmesg returning: EEPROM Checksum is not valid. I've looked
 at man em and saw I211 was supported.
 
 Any idea ?
 
 Probably an unsupported configuration. Try this diff and see if it
 helps..
 
 http://marc.info/?l=openbsd-techm=142588283023584w=2
 
 --
 This message has been scanned for viruses and
 dangerous content by MailScanner, and is
 believed to be clean.

Hi,

this patch works with this machine. Thanks !

Morgan

Re: tls with relayd (on 5.7) and key without password

[Comète]

That works ! Thanks a lot !

3 mai 2015 20:50 mxb  a écrit:

 
Try to
create symlink in /etc/ssl/private.
ln -s mydomain.org
(http://mydomain.org).key 1.2.3.4.key, where “1.2.3.4” is your address in
$ext_addr.
 
//mxb
 

 
On 3 maj 2015, at 13:04, Comète  wrote: 
Hi,

my
tls key has no password and i already use it for other stuff, so i try to
enable TLS with relayd like this:

http protocol http_tls {
   tls tlsv1
   tls ca key /etc/ssl/private/mydomain.org.key password 
   tls ca
cert /etc/ssl/mydomain.org.crt
}

relay transptls {
   listen on
$ext_addr port 443 tls
   protocol http_tls
   transparent forward
with tls to 127.0.0.1 port http
}

but i get this error:

startup
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
relay_load_certfiles: using ca certificate /etc/ssl/mydomain.org.crt
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
relay_load_certfiles: using ca key /etc/ssl/private/mydomain.org.key
/etc/relayd.conf:24: cannot load certificates for relay transptls
no actions,
nothing to do
ca exiting, pid 29173
pfe exiting, pid 19946
ca exiting, pid
3806
ca exiting, pid 24689
hce exiting, pid 32289
relay exiting, pid 22936
relay exiting, pid 25790

So, is it possible to use a tls key without password
with relayd ?

Thank you

Morgan
 

 

tls with relayd (on 5.7) and key without password

[Comète]

Hi,

my tls key has no password and i already use it for other stuff, so i try to 
enable TLS with relayd like this:

http protocol http_tls {
tls tlsv1
tls ca key /etc/ssl/private/mydomain.org.key password  
tls ca cert /etc/ssl/mydomain.org.crt
}

relay transptls {
listen on $ext_addr port 443 tls
protocol http_tls
transparent forward with tls to 127.0.0.1 port http
}

but i get this error:

startup
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
relay_load_certfiles: using ca certificate /etc/ssl/mydomain.org.crt
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
relay_load_certfiles: using ca key /etc/ssl/private/mydomain.org.key
/etc/relayd.conf:24: cannot load certificates for relay transptls
no actions, nothing to do
ca exiting, pid 29173
pfe exiting, pid 19946
ca exiting, pid 3806
ca exiting, pid 24689
hce exiting, pid 32289
relay exiting, pid 22936
relay exiting, pid 25790

So, is it possible to use a tls key without password with relayd ?

Thank you

Morgan

Intel I211 NIC not working on Shuttle DS57U with latest snapshot

[Comète]

Hi,

i've just installed the latest snapshot on this new fanless little
machine with 2 NICs (one I218-LM and another with I211 chipset) and the I211
is not detected, dmesg returning: EEPROM Checksum is not valid. I've looked
at man em and saw I211 was supported.

Any idea ?

Thank you.

Morgan
OpenBSD 5.7-current (GENERIC.MP) #896: Thu Mar 26 14:56:12 MDT 2015
t...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 2009530368 (1916MB)
avail mem = 1944829952 (1854MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xec2f0 (81 entries)
bios0: vendor American Megatrends Inc. version 1.05 date 01/16/2015
bios0: Shuttle Inc. DS57U
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT FIDT MCFG HPET SSDT UEFI SSDT ASF! SLIC SSDT 
SSDT SSDT DMAR
acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) PEG2(S4) 
PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) 
PXSX(S4) RP05(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Celeron(R) 3205U @ 1.50GHz, 1496.76 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,XSAVE,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,ERMS,INVPCID,RDSEED
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Celeron(R) 3205U @ 1.50GHz, 1496.54 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,XSAVE,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,ERMS,INVPCID,RDSEED
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins
acpimadt0: bogus nmi for apid 0
acpimadt0: bogus nmi for apid 2
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG0)
acpiprt2 at acpi0: bus -1 (PEG1)
acpiprt3 at acpi0: bus -1 (PEG2)
acpiprt4 at acpi0: bus 1 (RP01)
acpiprt5 at acpi0: bus -1 (RP02)
acpiprt6 at acpi0: bus 2 (RP03)
acpiprt7 at acpi0: bus 3 (RP04)
acpiprt8 at acpi0: bus -1 (RP05)
acpiprt9 at acpi0: bus -1 (RP06)
acpiprt10 at acpi0: bus -1 (RP07)
acpiprt11 at acpi0: bus -1 (RP08)
acpiec0 at acpi0: not present
acpicpu0 at acpi0: C2, C1, PSS
acpicpu1 at acpi0: C2, C1, PSS
acpipwrres0 at acpi0: PG00, resource for PEG0
acpipwrres1 at acpi0: PG01, resource for PEG1
acpipwrres2 at acpi0: PG02, resource for PEG2
acpipwrres3 at acpi0: FN00, resource for FAN0
acpipwrres4 at acpi0: FN01, resource for FAN1
acpipwrres5 at acpi0: FN02, resource for FAN2
acpipwrres6 at acpi0: FN03, resource for FAN3
acpipwrres7 at acpi0: FN04, resource for FAN4
acpitz0 at acpi0: critical temperature is 105 degC
acpitz1 at acpi0: critical temperature is 105 degC
acpibat0 at acpi0: BAT0 not present
acpibat1 at acpi0: BAT1 not present
acpibat2 at acpi0: BAT2 not present
acpibtn0 at acpi0: LID0
acpibtn1 at acpi0: SLPB
acpibtn2 at acpi0: PWRB
acpivideo0 at acpi0: GFX0
acpivout0 at acpivideo0: DD1F
cpu0: Enhanced SpeedStep 1496 MHz: speeds: 1501, 1500, 1400, 1300, 1200, 1100, 
1000, 900, 800, 700, 600, 500 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 Intel Core 5G Host rev 0x08
vga1 at pci0 dev 2 function 0 vendor Intel, unknown product 0x1606 rev 0x08
intagp at vga1 not configured
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
azalia0 at pci0 dev 3 function 0 Intel Core 5G HD Audio rev 0x08: msi
azalia0: No codecs found
xhci0 at pci0 dev 20 function 0 Intel 9 Series xHCI rev 0x03: msi
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 Intel xHCI root hub rev 3.00/1.00 addr 1
Intel 9 Series MEI rev 0x03 at pci0 dev 22 function 0 not configured
em0 at pci0 dev 25 function 0 Intel I218-LM rev 0x03: msi, address 
80:ee:73:ab:41:11
azalia1 at pci0 dev 27 function 0 Intel 9 Series HD Audio rev 0x03: msi
azalia1: codecs: Realtek ALC662
audio0 at azalia1
ppb0 at pci0 dev 28 function 0 Intel 9 Series PCIE rev 0xe3: msi
pci1 at ppb0 bus 1
ppb1 at pci0 dev 28 function 2 Intel 9 Series PCIE rev 0xe3: msi
pci2 at ppb1 bus 2
em1 at pci2 dev 0 function 0 Intel I211 rev 0x03: msiem1: The EEPROM Checksum 
Is Not Valid
em1: Unable to initialize the hardware
ppb2 at pci0 dev 28 function 3 Intel 9 Series PCIE rev 0xe3: msi
pci3 at ppb2 bus 3
vendor Realtek, 

em0 watchdog timeout on Thinkpad T440 laptop

[Comète]

Hi,

I use OpenBSD 5.6 GENERIC.MP (amd64) on a Thinkpad T440. I often use the
suspend state and i've noticed that after each suspend, in the next 5 minutes
after resuming, my network interface (em0) looses connection during about 1 or
2 minutes and then reconnect and so on, many times...
As you can see, the
dmesg shows many em0 watchdog timeouts.
I've tried to suspend when the laptop
is on the dock and without it, but the problem is the same. No problem with
the NIC when i don't suspend.

I use apmd_flags=-C in /etc/rc.conf.local
Any idea ?

Thanks for your help.

Morgan
OpenBSD 5.6 (GENERIC.MP) #5: Thu Dec 11 09:51:08 CET 2014

r...@stable-56-amd64.mtier.org:/binpatchng/work-binpatch56-amd64/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8246050816 (7864MB)
avail mem = 8017756160 (7646MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xbcd3d000 (61 entries)
bios0: vendor LENOVO version GJET80WW (2.30 ) date 10/20/2014
bios0: LENOVO 20B7S1TQ00
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP DBGP ECDT HPET APIC MCFG SSDT SSDT SSDT SSDT SSDT SSDT 
SSDT SSDT PCCT SSDT TCPA UEFI POAT ASF! BATB FPDT UEFI SSDT DMAR
acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) XHCI(S3) EHC1(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiec0 at acpi0
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 798.28 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 798.16 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 798.16 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i7-4600U CPU @ 2.10GHz, 798.16 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 40 pins
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG_)
acpiprt2 at acpi0: bus 2 (EXP1)
acpiprt3 at acpi0: bus 3 (EXP2)
acpiprt4 at acpi0: bus -1 (EXP3)
acpicpu0 at acpi0: C3, C1, PSS
acpicpu1 at acpi0: C3, C1, PSS
acpicpu2 at acpi0: C3, C1, PSS
acpicpu3 at acpi0: C3, C1, PSS
acpipwrres0 at acpi0: PUBS, resource for XHCI, EHC1
acpipwrres1 at acpi0: NVP3, resource for PEG_
acpipwrres2 at acpi0: NVP2, resource for PEG_
acpitz0 at acpi0: critical temperature is 200 degC
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: SLPB
acpibat0 at acpi0: BAT0 not present
acpibat1 at acpi0: BAT1 model 45N1736 serial   956 type LION oem SMP
acpiac0 at acpi0: AC unit offline
acpithinkpad0 at acpi0
cpu0: Enhanced SpeedStep 798 MHz: speeds: 2701, 2700, 2600, 2400, 2300, 2100, 
2000, 1800, 1700, 1600, 1400, 1300, 1100, 1000, 800, 756 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 Intel Core 4G Host rev 0x0b
vga1 at pci0 dev 2 function 0 Intel HD Graphics rev 0x0b
intagp at vga1 not configured
inteldrm0 at vga1
drm0 at inteldrm0
drm: Memory usable by graphics device = 2048M
error: [drm:pid0:i915_write32] *ERROR* Unknown unclaimed register before 
writing to 10
error: 

Re: em0 watchdog timeout on Thinkpad T440 laptop

[Comète]

29 janvier 2015 14:30 Jonathan Gray j...@jsg.id.au a écrit: 
 On Thu, Jan 29, 2015 at 12:54:34PM +, Comète wrote:
 
 Hi,
 
 I use OpenBSD 5.6 GENERIC.MP (amd64) on a Thinkpad T440. I often use the
 suspend state and i've noticed that after each suspend, in the next 5 minutes
 after resuming, my network interface (em0) looses connection during about 1 
 or
 2 minutes and then reconnect and so on, many times...
 As you can see, the
 dmesg shows many em0 watchdog timeouts.
 I've tried to suspend when the laptop
 is on the dock and without it, but the problem is the same. No problem with
 the NIC when i don't suspend.
 
 I use apmd_flags=-C in /etc/rc.conf.local
 Any idea ?
 
 This may be solved by the following commit in -current:
 
 revision 1.81
 date: 2014/11/05 15:30:17; author: claudio; state: Exp; lines: +90 -1; 
 commitid: qjAWexfO9LNS8Qo2;
 Implement yet another workaround for the k1 em(4)'s. This time for
 the i218 which is used in many modern laptops like the X240. This
 seems to stop the watchdog timeouts triggered by heavy traffic on
 such systems.
 Tested by myself, phessler, blambert and Donovan Watteau
 OK deraadt, brad
 
 Index: if_em_hw.c
 ===
 RCS file: /cvs/src/sys/dev/pci/if_em_hw.c,v
 retrieving revision 1.80
 diff -u -p -r1.80 if_em_hw.c
 --- if_em_hw.c 22 Jul 2014 13:12:11 - 1.80
 +++ if_em_hw.c 29 Jan 2015 13:19:11 -
 @@ -163,6 +163,7 @@ int32_t em_lv_phy_workarounds_ich8lan(s
 int32_t em_link_stall_workaround_hv(struct em_hw *);
 int32_t em_k1_gig_workaround_hv(struct em_hw *, boolean_t);
 int32_t em_k1_workaround_lv(struct em_hw *);
 +int32_t em_k1_workaround_lpt_lp(struct em_hw *, boolean_t);
 int32_t em_configure_k1_ich8lan(struct em_hw *, boolean_t);
 void em_gate_hw_phy_config_ich8lan(struct em_hw *, boolean_t);
 int32_t em_access_phy_wakeup_reg_bm(struct em_hw *, uint32_t,
 @@ -3709,6 +3710,16 @@ em_check_for_link(struct em_hw *hw)
 if (ret_val)
 return ret_val;
 }
 + /* Work-around I218 hang issue */
 + if ((hw-device_id == E1000_DEV_ID_PCH_LPTLP_I218_LM) ||
 + (hw-device_id == E1000_DEV_ID_PCH_LPTLP_I218_V) ||
 + (hw-device_id == E1000_DEV_ID_PCH_I218_LM3) ||
 + (hw-device_id == E1000_DEV_ID_PCH_I218_V3)) {
 + ret_val = em_k1_workaround_lpt_lp(hw,
 + hw-icp__is_link_up);
 + if (ret_val)
 + return ret_val;
 + }
 
 /*
 * Check if there was DownShift, must be checked
 @@ -10185,6 +10196,84 @@ em_k1_workaround_lv(struct em_hw *hw)
 
 return E1000_SUCCESS;
 }
 +
 +/**
 + * em_k1_workaround_lpt_lp - K1 workaround on Lynxpoint-LP
 + *
 + * When K1 is enabled for 1Gbps, the MAC can miss 2 DMA completion 
 indications
 + * preventing further DMA write requests. Workaround the issue by disabling
 + * the de-assertion of the clock request when in 1Gbps mode.
 + * Also, set appropriate Tx re-transmission timeouts for 10 and 100Half link
 + * speeds in order to avoid Tx hangs.
 + **/
 +int32_t
 +em_k1_workaround_lpt_lp(struct em_hw *hw, boolean_t link)
 +{
 + uint32_t fextnvm6 = E1000_READ_REG(hw, FEXTNVM6);
 + uint32_t status = E1000_READ_REG(hw, STATUS);
 + int32_t ret_val = E1000_SUCCESS;
 + uint16_t reg;
 +
 + if (link  (status  E1000_STATUS_SPEED_1000)) {
 + ret_val = em_read_kmrn_reg(hw, E1000_KMRNCTRLSTA_K1_CONFIG,
 + reg);
 + if (ret_val)
 + return ret_val;
 +
 + ret_val = em_write_kmrn_reg(hw, E1000_KMRNCTRLSTA_K1_CONFIG,
 + reg  ~E1000_KMRNCTRLSTA_K1_ENABLE);
 + if (ret_val)
 + return ret_val;
 +
 + usec_delay(10);
 +
 + E1000_WRITE_REG(hw, FEXTNVM6,
 + fextnvm6 | E1000_FEXTNVM6_REQ_PLL_CLK);
 +
 + ret_val = em_write_kmrn_reg(hw, E1000_KMRNCTRLSTA_K1_CONFIG,
 + reg);
 + } else {
 + /* clear FEXTNVM6 bit 8 on link down or 10/100 */
 + fextnvm6 = ~E1000_FEXTNVM6_REQ_PLL_CLK;
 +
 + if (!link || ((status  E1000_STATUS_SPEED_100) 
 + (status  E1000_STATUS_FD)))
 + goto update_fextnvm6;
 +
 + ret_val = em_read_phy_reg(hw, I217_INBAND_CTRL, reg);
 + if (ret_val)
 + return ret_val;
 +
 + /* Clear link status transmit timeout */
 + reg = ~I217_INBAND_CTRL_LINK_STAT_TX_TIMEOUT_MASK;
 +
 + if (status  E1000_STATUS_SPEED_100) {
 + /* Set inband Tx timeout to 5x10us for 100Half */
 + reg |= 5  I217_INBAND_CTRL_LINK_STAT_TX_TIMEOUT_SHIFT;
 +
 + /* Do not extend the K1 entry latency for 100Half */
 + fextnvm6 = ~E1000_FEXTNVM6_ENABLE_K1_ENTRY_CONDITION;
 + } else {
 + /* Set inband Tx timeout to 50x10us for 10Full/Half */
 + reg |= 50 
 + I217_INBAND_CTRL_LINK_STAT_TX_TIMEOUT_SHIFT;
 +
 + /* Extend the K1 entry latency for 10 Mbps */
 + fextnvm6 |= E1000_FEXTNVM6_ENABLE_K1_ENTRY_CONDITION;
 + }
 +
 + ret_val = em_write_phy_reg(hw, I217_INBAND_CTRL, reg);
 + if (ret_val)
 + return ret_val;
 +
 +update_fextnvm6:
 + E1000_WRITE_REG(hw, FEXTNVM6, fextnvm6);
 + }
 +
 + return ret_val;
 +
 +}
 +
 
 /***
 * e1000_gate_hw_phy_config_ich8lan - disable PHY config via hardware
 Index: if_em_hw.h

Re: pkg_add update checker?

[Comète]

21 novembre 2014 23:00 John Merriam j...@johnmerriam.net a écrit: 
 Hello. I am trying to write a script to check for updates to the binary
 packages by checking the output of pkg_add then sending an e-mail if
 something is found. My very simple script is this:
 
 #!/bin/ksh
 
 NEWPKGS=`pkg_add -Iusx | grep -v ^quirks\-`
 
 if [ $NEWPKGS !=  ]; then
 # send message to admin...
 fi
 
 Does that seem like it should work? Anyone know a better way to check
 for updates to packages automatically? I tried reading the code of
 pkg_add to see if there was a better way but I wasn't able to find one.
 Didn't find anything through searching either.
 
 This is one of those things I'd like to set up in a cron job to run
 once a day then forget about it until a message pops up in my Inbox so I'd
 like to get it right the first time. Thanks!
 
 --
 
 John Merriam


Maybe you're looking for this ? 
http://www.mtier.org/index.php/solutions/apps/openup/

Morgan

Re: poor network performance after wake from suspend

[Comète]

22 octobre 2014 09:30 Mike Larkin mlar...@azathoth.net a écrit: 
 On Fri, Sep 26, 2014 at 11:46:04AM +0400, Кирилл wrote:
 
 Hello.
 After apm -z and wake by wol (re0) sometimes machine becomes very slow on
 network operations (even ssh!)
 Help, please.
 Here is dmesg and ifconfig:
 
 ... snip ...
 
 re0: watchdog timeout
 
 Do you see only one of these watchdog timeouts or a bunch?
 
 And does this problem happen with non-WOL wakeups?
 
 -ml
 
 ifconfig re0
 re0: flags=108843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,WOL mtu 1500
 lladdr 00:21:85:52:d5:ea
 priority: 0
 groups: egress
 media: Ethernet autoselect (100baseTX full-duplex)
 status: active
 inet6 fe80::221:85ff:fe52:d5ea%re0 prefixlen 64 scopeid 0x1
 inet 192.168.1.4 netmask 0xff00 broadcast 192.168.1.255

Hi,

i have the same problem with a LENOVO Thinkpad T440 (em0) and an OpenBSD 5.5 
amd64 install.
The network became suddenly very slow after wake from suspend and i can see 
multiple in dmesg:

em0: watchdog timeout

I didn't try WOL wake up so i can say it happens after a normal resume.

Re: poor network performance after wake from suspend

[Comète]

22 octobre 2014 10:40 Peter Hessler phess...@theapt.org a écrit: 
 On 2014 Oct 22 (Wed) at 08:31:29 + (+), Com??te wrote:
 :22 octobre 2014 09:30 Mike Larkin mlar...@azathoth.net a ??crit:
 : On Fri, Sep 26, 2014 at 11:46:04AM +0400,  wrote:
 :
 : Hello.
 : After apm -z and wake by wol (re0) sometimes machine becomes very slow on
 : network operations (even ssh!)
 : Help, please.
 : Here is dmesg and ifconfig:
 :
 : ... snip ...
 :
 : re0: watchdog timeout
 :
 : Do you see only one of these watchdog timeouts or a bunch?
 :
 : And does this problem happen with non-WOL wakeups?
 :
 : -ml
 :
 : ifconfig re0
 : re0: flags=108843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,WOL mtu 1500
 : lladdr 00:21:85:52:d5:ea
 : priority: 0
 : groups: egress
 : media: Ethernet autoselect (100baseTX full-duplex)
 : status: active
 : inet6 fe80::221:85ff:fe52:d5ea%re0 prefixlen 64 scopeid 0x1
 : inet 192.168.1.4 netmask 0xff00 broadcast 192.168.1.255
 :
 :Hi,
 :
 :i have the same problem with a LENOVO Thinkpad T440 (em0) and an OpenBSD 5.5 
 amd64 install.
 :The network became suddenly very slow after wake from suspend and i can see 
 multiple in dmesg:
 :
 :em0: watchdog timeout
 :
 :I didn't try WOL wake up so i can say it happens after a normal resume.
 :
 
 FWIW, I don't see this on my Thinkpad x240 (em), nor on my Thinkpad
 T430s (also em).
 
 --
 You have junk mail.


I forgot to tell, i mainly use it with the dock.

strange behaviour with pkg_add -z

[Comète]

Hi,

i need to script some packages install, so i tried to use pkg_add -z 
option like this:


pkg_add -vzI python-idle-2

python-idle-2.7.5p0: ok
--- +python-idle-2.7.5p0 ---
If you want to use this package as your default system idle, as root
create symbolic links like so (overwriting any previous default):
ln -sf /usr/local/bin/idle2.7 /usr/local/bin/idle
Packages with signatures: 1

So it seems to work, but when i give another try with:

pkg_add -vzI python-idle-3
Ambiguous: python-idle-3 could be python-idle-2.7.5p0 
python-idle-3.3.2p0


So i don't really understand why i doesn't work with '-3'...
After deleting 'python-idle', i tried again to install python-idle-3 
first and... same problem.


I tried with 'python' package too without success.

So it seems that only a command like 'pkg_add -vzI mypackage-2' will 
work.


Is it a bug or simply something i didn't understand ?

Thanks

Morgan

Re: OpenBSD 5.4 under ProxmoxVE 3.1 / KVM 1.4: problems so far

[Comète]

Yes, i confirm that i have this problem too with vio network drivers 
with proxmox VE 2.x and OpenBSD 5.3 and 5.4. Nics stop receiving and 
transmitting. I also switched back to em driver.


Morgan


Le 29/12/2013 20:55, Adam Thompson a écrit :

Just an FYI at this time for anyone else searching on this problem. On
the other hand, feel free to share ideas if you have 'em.

OpenBSD 5.4 (RELEASE) does not appear to reliably receive ACPI signals
delivered by KVM.  Or, the version of kvm/qemu (1.4) that ships with
ProxmoxVE 3.1 (pve 3.1) fails to deliver ACPI shutdown signals to
OpenBSD reliably.  I'm not sure which.  Sometimes it works, sometimes
it doesn't.  Limited testing shows that ACPI events fail after the VM
has been up and running for a while - not sure how long, yet.

I'm using virtio drivers for both network and disk, but limited
testing so far does not show that this makes any difference.

I do note that vio(4) networking in this setup occasionally stops
transmitting or receiving; switching back to em(4) resolves that
particular issue (so far).  When the vio(4) driver goes awry, the only
immediate symptom is that the VM stops sending and receiving packets.
Later, I discover that afflicted VMs can no longer shut down cleanly,
either... presumably a KVM/OpenBSD interaction of some sort, I'm not
pointing fingers in *any* direction right now. (Especially since it
could be something I've done, too.)

So far everything appears stable enough to run in production with the
exception of vio(4).  I have had to virtually yank the plug on a few
VMs in order to shut them down, however... back to the good 'ol days
of SunOS 3: shutdown() { 'sync;sync;sync;halt -npq' } ;-).

OpenBSD server for diskless thinclients

[Comète]

Hi,

after reading these articles about Mtier experience 
(http://www.undeadly.org/cgi?action=articlesid=20110420080633 and 
http://undeadly.org/cgi?action=articlesid=20121026064602), i'm trying 
to set up a server to allow any client (diskless or not) on my network 
to be used as a thinclient when needed.
Actually, i managed to boot the kernel with pxeboot successfuly but i 
don't want to manage statically MAC addresses and IP with RARPD (i have 
a lot of clients), i just want to use the actual dhcp server to give IPs 
and serve the system with NFS.
I didn't find information to do this whithout rarpd in diskless(8) or 
even in Absolute OpenBSD.


Do you think, it is possible ?

Thanks.

Morgan

Re: Kernel panic with jme driver

[Comète]

Hi,

In March, i reported this bug on jme driver and hopefully Brad Smith 
answered with the following patch which work nicely, many thanks to him 
! Now two releases later, this patch is still not included. I sent him 2 
or 3 mails to ask why but didn't get any answer.
Do you know any particular reason for this patch not being applied ?

Thanks a lot !


Le 24/03/2013 15:46, Comète a écrit :
 Hello,
 
 i own a Shuttle XS35v2 and actually run OpenBSD 5.2 amd64 (SMP) on it.
 I run OpenBSD on this hardware since 4.9 and i always encountered the
 following problem, sorry for the late report it took me some time to
 identify it:
 
 The NIC uses the jme driver which run in a kernel panic each time i
 upload data from the XS35v2 to any other machine with a transfer rate
 above 7 Mbits/s (XS35v2 - other PC). No problem at all when
 downloading.
 
 I made some tests that you can follow to easily reproduce the crash:
 
 On the XS35:
 
 iperf -s
 
 On the other machine:
 
 iperf -c IP_XS35 -n 2048M -d
 
 This is a screenshot of the kernel panic message:
 
 https://cloud.geekandfree.org/public.php?service=filest=06ff6a95949e392989191588d360b875download
 
 and i join the dmesg:
 
 
 OpenBSD 5.2 (GENERIC.MP) #368: Wed Aug  1 10:04:49 MDT 2012
 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
 real mem = 2136670208 (2037MB)
 avail mem = 2057482240 (1962MB)
 mainbus0 at root
 bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xfc8b0 (23 entries)
 bios0: vendor American Megatrends Inc. version 080015 date 06/23/2011
 bios0: Standard XS35
 acpi0 at bios0: rev 2
 acpi0: sleep states S0 S3 S4 S5
 acpi0: tables DSDT FACP APIC MCFG SLIC OEMB HPET GSCI
 acpi0: wakeup devices P0P1(S4) AZAL(S3) P0P4(S4) P0P5(S4) JLAN(S3)
 P0P6(S4) P0P7(S4) P0P8(S4) P0P9(S4) USB0(S3) USB1(S3) USB2(S3)
 USB3(S3) EUSB(S3)
 acpitimer0 at acpi0: 3579545 Hz, 24 bits
 acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
 cpu0 at mainbus0: apid 0 (boot processor)
 cpu0: Intel(R) Atom(TM) CPU D525 @ 1.80GHz, 2154.83 MHz
 cpu0:
 FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF
 cpu0: 512KB 64b/line 8-way L2 cache
 cpu0: apic clock running at 199MHz
 cpu1 at mainbus0: apid 2 (application processor)
 cpu1: Intel(R) Atom(TM) CPU D525 @ 1.80GHz, 1795.50 MHz
 cpu1:
 FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF
 cpu1: 512KB 64b/line 8-way L2 cache
 cpu2 at mainbus0: apid 1 (application processor)
 cpu2: Intel(R) Atom(TM) CPU D525 @ 1.80GHz, 1795.50 MHz
 cpu2:
 FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF
 cpu2: 512KB 64b/line 8-way L2 cache
 cpu3 at mainbus0: apid 3 (application processor)
 cpu3: Intel(R) Atom(TM) CPU D525 @ 1.80GHz, 1795.50 MHz
 cpu3:
 FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF
 cpu3: 512KB 64b/line 8-way L2 cache
 ioapic0 at mainbus0: apid 4 pa 0xfec0, version 20, 24 pins
 ioapic0: misconfigured as apic 3, remapped to apid 4
 acpimcfg0 at acpi0 addr 0xe000, bus 0-255
 acpihpet0 at acpi0: 14318179 Hz
 acpiprt0 at acpi0: bus 0 (PCI0)
 acpiprt1 at acpi0: bus 4 (P0P1)
 acpiprt2 at acpi0: bus 1 (P0P4)
 acpiprt3 at acpi0: bus 2 (P0P5)
 acpiprt4 at acpi0: bus -1 (P0P6)
 acpiprt5 at acpi0: bus 3 (P0P7)
 acpiprt6 at acpi0: bus -1 (P0P8)
 acpiprt7 at acpi0: bus -1 (P0P9)
 acpiec0 at acpi0
 acpicpu0 at acpi0
 acpicpu1 at acpi0
 acpicpu2 at acpi0
 acpicpu3 at acpi0
 acpitz0 at acpi0: critical temperature is 104 degC
 acpibtn0 at acpi0: SLPB
 acpibtn1 at acpi0: PWRB
 acpivideo0 at acpi0: GFX0
 acpivout0 at acpivideo0: LCD_
 pci0 at mainbus0 bus 0
 pchb0 at pci0 dev 0 function 0 Intel Pineview DMI rev 0x02
 vga1 at pci0 dev 2 function 0 Intel Pineview Video rev 0x02
 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
 wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
 intagp0 at vga1
 agp0 at intagp0: aperture at 0xd000, size 0x1000
 inteldrm0 at vga1: apic 4 int 16
 drm0 at inteldrm0
 Intel Pineview Video rev 0x02 at pci0 dev 2 function 1 not configured
 azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x02: 
 msi
 azalia0: codecs: IDT 92HD81B1X
 audio0 at azalia0
 ppb0 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x02: msi
 pci1 at ppb0 bus 1
 ppb1 at pci0 dev 28 function 1 Intel 82801GB PCIE rev 0x02: msi
 pci2 at ppb1 bus 2
 JMicron SD/MMC rev 0x80 at pci2 dev 0 function 0 not configured
 sdhc0 at pci2 dev 0 function 2 JMicron SD Host Controller rev 0x80:
 apic 4 int 18
 sdmmc0 at sdhc0
 JMicron Memory Stick rev 0x80 at pci2 dev 0 function 3 not configured
 jme0 

Re: Kernel panic with jme driver

[Comète]

Sorry i forgot to include the patch:

Index: if_jme.c
===
RCS file: /home/cvs/src/sys/dev/pci/if_jme.c,v
retrieving revision 1.29
diff -u -p -r1.29 if_jme.c
--- if_jme.c29 Nov 2012 21:10:32 -  1.29
+++ if_jme.c29 Mar 2013 05:45:44 -
@@ -1058,48 +1058,31 @@ jme_encap(struct jme_softc *sc, struct m
struct jme_txdesc *txd;
struct jme_desc *desc;
struct mbuf *m;
-   int maxsegs;
int error, i, prod;
uint32_t cflags;

prod = sc-jme_cdata.jme_tx_prod;
txd = sc-jme_cdata.jme_txdesc[prod];

-   maxsegs = (JME_TX_RING_CNT - sc-jme_cdata.jme_tx_cnt) -
- (JME_TXD_RSVD + 1);
-   if (maxsegs  JME_MAXTXSEGS)
-   maxsegs = JME_MAXTXSEGS;
-   if (maxsegs  (sc-jme_txd_spare - 1))
-   panic(%s: not enough segments %d, sc-sc_dev.dv_xname,
-   maxsegs);
-
error = bus_dmamap_load_mbuf(sc-sc_dmat, txd-tx_dmamap,
 *m_head, BUS_DMA_NOWAIT);
+   if (error != 0  error != EFBIG)
+   goto drop;
if (error != 0) {
-   bus_dmamap_unload(sc-sc_dmat, txd-tx_dmamap);
-   error = EFBIG;
-   }
-   if (error == EFBIG) {
if (m_defrag(*m_head, M_DONTWAIT)) {
-   printf(%s: can't defrag TX mbuf\n,
-   sc-sc_dev.dv_xname);
-   m_freem(*m_head);
-   *m_head = NULL;
-   return (ENOBUFS);
+   error = ENOBUFS;
+   goto drop;
}
-   error = bus_dmamap_load_mbuf(sc-sc_dmat,
-txd-tx_dmamap, *m_head,
-BUS_DMA_NOWAIT);
-   if (error != 0) {
-   printf(%s: could not load defragged TX mbuf\n,
-   sc-sc_dev.dv_xname);
-   m_freem(*m_head);
-   *m_head = NULL;
-   return (error);
-   }
-   } else if (error) {
-   printf(%s: could not load TX mbuf\n, sc-sc_dev.dv_xname);
-   return (error);
+   error = bus_dmamap_load_mbuf(sc-sc_dmat, txd-tx_dmamap,
+*m_head, BUS_DMA_NOWAIT);
+   if (error != 0)
+   goto drop;
+   }
+
+   if (sc-jme_cdata.jme_tx_cnt + txd-tx_dmamap-dm_nsegs +
+   1  JME_TX_RING_CNT - 1) {
+   bus_dmamap_unload(sc-sc_dmat, txd-tx_dmamap);
+   return (ENOBUFS);
}

m = *m_head;
@@ -1127,7 +1110,6 @@ jme_encap(struct jme_softc *sc, struct m
desc-addr_hi = htole32(m-m_pkthdr.len);
desc-addr_lo = 0;
sc-jme_cdata.jme_tx_cnt++;
-   KASSERT(sc-jme_cdata.jme_tx_cnt  JME_TX_RING_CNT - JME_TXD_RSVD);
JME_DESC_INC(prod, JME_TX_RING_CNT);
for (i = 0; i  txd-tx_dmamap-dm_nsegs; i++) {
desc = sc-jme_rdata.jme_tx_ring[prod];
@@ -1137,10 +1119,7 @@ jme_encap(struct jme_softc *sc, struct m
htole32(JME_ADDR_HI(txd-tx_dmamap-dm_segs[i].ds_addr));
desc-addr_lo =
htole32(JME_ADDR_LO(txd-tx_dmamap-dm_segs[i].ds_addr));
-
sc-jme_cdata.jme_tx_cnt++;
-   KASSERT(sc-jme_cdata.jme_tx_cnt =
-JME_TX_RING_CNT - JME_TXD_RSVD);
JME_DESC_INC(prod, JME_TX_RING_CNT);
}

@@ -1163,6 +1142,11 @@ jme_encap(struct jme_softc *sc, struct m
 sc-jme_cdata.jme_tx_ring_map-dm_mapsize, BUS_DMASYNC_PREWRITE);

return (0);
+
+  drop:
+   m_freem(*m_head);
+   *m_head = NULL;
+   return (error);
}

void
@@ -1204,13 +1188,15 @@ jme_start(struct ifnet *ifp)
 * for the NIC to drain the ring.
 */
if (jme_encap(sc, m_head)) {
-   if (m_head == NULL) {
+   if (m_head == NULL)
ifp-if_oerrors++;
-   break;
+   else {
+   IF_PREPEND(ifp-if_snd, m_head);
+   ifp-if_flags |= IFF_OACTIVE;
}
-   ifp-if_flags |= IFF_OACTIVE;
break;
}
+
enq++;

#if NBPFILTER  0



Le 11/11/2013 18:22, Comète a écrit :

Hi,

In March, i reported this bug on jme driver and hopefully Brad Smith
answered with the following patch which work nicely, many thanks to
him ! Now two releases later, this patch is still not included. I sent
him 2 or 3 mails to ask why but didn't get any answer.
Do you know any particular reason for this patch not being applied ?

Thanks a lot !


Le 24/03/2013 15:46, Comète a écrit :
Hello,

i own

Re: nvidia driver what do you recommend

[Comète]

Hello,
I've tried vesa too and it works but it is limited to 1024x768... if you 
have any tips to allow 1440x900 with vesa, i take it...


Thanks

Morgan

Le 02/11/2013 16:10, Gilles Cafedjian a écrit :

Hello,

Indeed, switching to vesa driver in xorg.conf removed all the windows
lags.
I don't need any kind of 3D acceleration, so vesa is just enough to run
Emacs and resizing some windows.
I think the best will be to port Nouveau to OpenBSD, but it's not a
priority.
As I said, vesa is just good enough to work with basic 2D, for people
stuck with Nvidia.

Thanks,
Gilles Cafedjian.

Le 2013-10-30 08:08, Matthieu Herrb a écrit :

On Tue, Oct 29, 2013 at 05:36:43PM +0100, Gilles Cafedjian wrote:

I have the same problem but on a dell laptop with integrated NVidia 
chip. The chip is NVidia Geforce 8600M GS and since I upgraded to 5.4 
my laptop is unusable (very slow window movement). I'm thinking of 
reinstall 5.3 to have a working laptop. I can't change GPU chipset. 
There is a solution to get a working window manager back?


If the VESA BIOS on you machine supports the native resolution of the
panel, then running the vesa driver is probably faster than the nv
driver.

Otherwise, if some people with development skills want to help, I can
see 3 different projects there, with different levels of complexity
and interest (I currently miss time to work on these issues.):

project 1 - relatively easy
get yourself familiar with the shadowfb implementation in the vesa
driver and then fix it in xf86-video-nv. xf86-video-nv's shadowfb is
currently disabled because it crashes the driver. This would probably
bring most of the speed back for a relatively low effort.

project 2 - a bit harder
get yourself familiar with the EXA acceleration framework, and port
the current XAA code in xf86-video-nv to EXA. Bitblt operations should
give you a reasonable speed-up back on supported cards. But the XAA
code is full of magic numbers (no docs, remember) and since EXA is
probably also going to get dropped by X.Org in the future, this is
probably not the best choice, but it's still interesting to learn
about 2D acceleration in X.Org drivers.

project 3 - hard
dive into the world of DRI and TTM and port the nouveau kernel
driver(s) to OpenBSD. Thanks to jsg@ and kettenis@, OpenBSD has now a
Linux kernel kernel 3.8 compatible version of the dri infrastructure
(including TTM) for intel and radon chipsets. Getting the
corresponding nouveau code is thus possible. This is a multi-months
project but it's an exciting one and it will provide the most benefit
for people forced to use nVidia cards, and for the project in general
since having more people hacking in the dri code is also good for the
other drivers.

Re: OpenBSD maintenance compared to FreeBSD

[Comète]

Take a look at this page too (https://stable.mtier.org/). This is a 
great help to follow stable without compiling. I use it with all my 
servers.


Morgan


Le 30/10/2013 03:44, David Noel a écrit :

I started playing around with FreeBSD back in the 2.2.7 days. I'd
describe myself as a casual desktop/workstation user. Back in the day
I was attracted to OpenBSD's heavy focus on security but was pulled
towards FreeBSD due to a good friend of mine being a FreeBSD
contributor (dude, trust me, it's the way to go). Recently I've
purchased a handful of servers for a software project I've been
working on and have started reconsidering my choice of OS's.
Administering a single FreeBSD workstation isn't too much of a
headache; I've kind of gotten used to having to rebuild kernel and
world every few months as security advisories are released. But now
that I'm administering 6 of them I'm really starting to get annoyed by
the whole process: rebuild kernel... rebuild world... reboot, and then
pray that it doesn't blow up in my face (as it often does). That got
me thinking about OpenBSD. Looking at the security advisories the last
one I see was from nearly a year and a half ago! That's pretty
incredible to me. Does this mean that I could theoretically have
gotten away with a year and a half uptime? What's the catch here? I'm
sorry but I'm incredulous by how good it sounds so I have to ask. For
me the biggest selling points of an operating system are security and
maintenance. I've been wowed by ZFS, but really how often do
filesystems need to be fsck'd? --and I never take snapshots. I feel
like I could do without it. UFS+J is good enough. Given my priorities,
does it sound like OpenBSD could be the one for me?

Re: Notifies on CARP failover

[Comète]

I use ifstated for that. This is my config file:

init-state auto

carp_up = carp3.link.up  carp10.link.up  carp101.link.up  
carp100.link.up  carp254.link.up  carp2.link.up  carp7.link.up  
carp4.link.up


carp_down = carp3.link.down  carp10.link.down  carp101.link.down  
carp100.link.down  carp254.link.down  carp2.link.down  
carp7.link.down  carp4.link.down


state auto {
if $carp_up {
set-state primary
}
if $carp_down {
set-state backup
}
}

state primary {
init {
run /root/scripts/alert_ifstated.sh MASTER
}

if $carp_down {
set-state backup
}
}

state backup {
init {
run /root/scripts/alert_ifstated.sh BACKUP
}

if $carp_up {
set-state primary
}
}

This is the little script alert_ifstated.sh too:

#/bin/sh
ifconfig carp | mail -s [RTR Failover] `hostname` is now $1 
m...@address.me



Hope this helps...

Morgan


Le 24/10/2013 10:59, Andy a écrit :

Hi,

Could anyone point me in the right direction on how to have a script
be executed whenever a CARP failover or preempt event occurs?

Need to write a script to send an event message into our monitoring
systems so we can see when a change has occurred.

I haven't used ifstated yet, is this the right tool for this? and if
so could someone throw me an example if you have one?

Thanks, Andy.

Re: open bsd router

[Comète]

Yes, we use a lot of ALIX 2D13 as routers on many sites since 2 or 3 
years (nearly 20 ALIX boxes now). It works like a charm with a good 
compact flash card, no problem at all ! And i've recently discovered 
they even included a watchdog ;)


Morgan

Le 04/10/2013 23:45, Loïc BLOT a écrit :

Hello,
I also looked at ALIX board since a long time.
Is there anybody using Alix 2d13 with OpenBSD ?

Thanks in advance.
--
Best regards,
Loïc BLOT,
UNIX systems, security and network engineer
http://www.unix-experience.fr



Le vendredi 04 octobre 2013 à 15:05 +0200, Jan Stary a écrit :
On Oct 04 07:16:57, inform...@gmx.net wrote:
 http://www.pcengines.ch/product.htm
 http://en.wikipedia.org/wiki/Raspberry_Pi
 No, I'm not working for PC Engines. But I'm a huge fan of their
 products :-)

Just to praise PC Engines a little bit more:
when my ALIX.1C stopped working for some reason,
I sent it to PC Engines, who found that the board
is completely OK - it was my power supply
that was faulty (which I could then confirm).

Before sending it back, they kindly suggested
that ALIX.1E is a newer model that replaces
the ALIX.1C, so if I don't object ...
which I didn't.

The shipping didn't even cost me anything,
and they just replaced my old 1C with a new 1E.
Not to mention the chocolate.

In short, their customer service
is as good as the boards.

[demime 1.01d removed an attachment of type application/pgp-signature
which had a name of signature.asc]

Re: font weight changing

[Comète]

Le 29/03/2013 07:40, Ted Unangst a écrit :
In the latest snapshots, I've noticed something a little strange. In 
both

firefox and chrome, every once in a while a line of text will be a
little darker than usual. Like all the gray pixels that make up the 
smooth
antialiased edges are black. It kind of looks like bold text would 
look,
but the effect isn't as strong as actual bold. If I scroll up or down 
so
the line is redrawn it will appear normal, but maybe a different line 
will

be extra dark. Always seems to affect one whole line at a time.



I even saw it on Archlinux in january.

Re: Kernel panic with jme driver

[Comète]

Le 25/03/2013 05:59, Brad Smith a écrit :

On Sun, Mar 24, 2013 at 03:46:38PM +0100, Com??te wrote:

Hello,

i own a Shuttle XS35v2 and actually run OpenBSD 5.2 amd64 (SMP) on
it. I run OpenBSD on this hardware since 4.9 and i always
encountered the following problem, sorry for the late report it took
me some time to identify it:

The NIC uses the jme driver which run in a kernel panic each time i
upload data from the XS35v2 to any other machine with a transfer
rate above 7 Mbits/s (XS35v2 - other PC). No problem at all
when downloading.

I made some tests that you can follow to easily reproduce the crash:


Please test the following diff that should fix the obvious bug.


Index: if_jme.c
===
RCS file: /home/cvs/src/sys/dev/pci/if_jme.c,v
retrieving revision 1.29
diff -u -p -r1.29 if_jme.c
--- if_jme.c29 Nov 2012 21:10:32 -  1.29
+++ if_jme.c25 Mar 2013 04:54:01 -
@@ -1058,48 +1058,31 @@ jme_encap(struct jme_softc *sc, struct m
struct jme_txdesc *txd;
struct jme_desc *desc;
struct mbuf *m;
-   int maxsegs;
int error, i, prod;
uint32_t cflags;

prod = sc-jme_cdata.jme_tx_prod;
txd = sc-jme_cdata.jme_txdesc[prod];

-   maxsegs = (JME_TX_RING_CNT - sc-jme_cdata.jme_tx_cnt) -
- (JME_TXD_RSVD + 1);
-   if (maxsegs  JME_MAXTXSEGS)
-   maxsegs = JME_MAXTXSEGS;
-   if (maxsegs  (sc-jme_txd_spare - 1))
-   panic(%s: not enough segments %d, sc-sc_dev.dv_xname,
-   maxsegs);
-
error = bus_dmamap_load_mbuf(sc-sc_dmat, txd-tx_dmamap,
 *m_head, BUS_DMA_NOWAIT);
+   if (error != 0  error != EFBIG)
+   goto drop;
if (error != 0) {
-   bus_dmamap_unload(sc-sc_dmat, txd-tx_dmamap);
-   error = EFBIG;
-   }
-   if (error == EFBIG) {
if (m_defrag(*m_head, M_DONTWAIT)) {
-   printf(%s: can't defrag TX mbuf\n,
-   sc-sc_dev.dv_xname);
-   m_freem(*m_head);
-   *m_head = NULL;
-   return (ENOBUFS);
+   error = ENOBUFS;
+   goto drop;
}
-   error = bus_dmamap_load_mbuf(sc-sc_dmat,
-txd-tx_dmamap, *m_head,
-BUS_DMA_NOWAIT);
-   if (error != 0) {
-   printf(%s: could not load defragged TX mbuf\n,
-   sc-sc_dev.dv_xname);
-   m_freem(*m_head);
-   *m_head = NULL;
-   return (error);
-   }
-   } else if (error) {
-   printf(%s: could not load TX mbuf\n, sc-sc_dev.dv_xname);
-   return (error);
+   error = bus_dmamap_load_mbuf(sc-sc_dmat, txd-tx_dmamap,
+*m_head, BUS_DMA_NOWAIT);
+   if (error != 0)
+   goto drop;
+   }
+
+   if (sc-jme_cdata.jme_tx_cnt + txd-tx_dmamap-dm_nsegs +
+   1  JME_TX_RING_CNT - 1) {
+   bus_dmamap_unload(sc-sc_dmat, txd-tx_dmamap);
+   return (ENOBUFS);
}

m = *m_head;
@@ -1127,7 +1110,6 @@ jme_encap(struct jme_softc *sc, struct m
desc-addr_hi = htole32(m-m_pkthdr.len);
desc-addr_lo = 0;
sc-jme_cdata.jme_tx_cnt++;
-   KASSERT(sc-jme_cdata.jme_tx_cnt  JME_TX_RING_CNT - JME_TXD_RSVD);
JME_DESC_INC(prod, JME_TX_RING_CNT);
for (i = 0; i  txd-tx_dmamap-dm_nsegs; i++) {
desc = sc-jme_rdata.jme_tx_ring[prod];
@@ -1137,10 +1119,7 @@ jme_encap(struct jme_softc *sc, struct m
htole32(JME_ADDR_HI(txd-tx_dmamap-dm_segs[i].ds_addr));
desc-addr_lo =
htole32(JME_ADDR_LO(txd-tx_dmamap-dm_segs[i].ds_addr));
-
sc-jme_cdata.jme_tx_cnt++;
-   KASSERT(sc-jme_cdata.jme_tx_cnt =
-JME_TX_RING_CNT - JME_TXD_RSVD);
JME_DESC_INC(prod, JME_TX_RING_CNT);
}

@@ -1163,6 +1142,11 @@ jme_encap(struct jme_softc *sc, struct m
 	 sc-jme_cdata.jme_tx_ring_map-dm_mapsize, 
BUS_DMASYNC_PREWRITE);


return (0);
+
+  drop:
+   m_freem(*m_head);
+   *m_head = NULL;
+   return (error);
 }

 void
@@ -1204,13 +1188,13 @@ jme_start(struct ifnet *ifp)
 * for the NIC to drain the ring.
 */
if (jme_encap(sc, m_head)) {
-   if (m_head == NULL) {
+   if (m_head == NULL)
ifp-if_oerrors++;
-   break;
-   }
-   ifp-if_flags |= IFF_OACTIVE;
+   else
+ 

Kernel panic with jme driver

[Comète]

Hello,

i own a Shuttle XS35v2 and actually run OpenBSD 5.2 amd64 (SMP) on it. 
I run OpenBSD on this hardware since 4.9 and i always encountered the 
following problem, sorry for the late report it took me some time to 
identify it:


The NIC uses the jme driver which run in a kernel panic each time i 
upload data from the XS35v2 to any other machine with a transfer rate 
above 7 Mbits/s (XS35v2 - other PC). No problem at all when 
downloading.


I made some tests that you can follow to easily reproduce the crash:

On the XS35:

iperf -s

On the other machine:

iperf -c IP_XS35 -n 2048M -d

This is a screenshot of the kernel panic message:

https://cloud.geekandfree.org/public.php?service=filest=06ff6a95949e392989191588d360b875download

and i join the dmesg:


OpenBSD 5.2 (GENERIC.MP) #368: Wed Aug  1 10:04:49 MDT 2012

dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

real mem = 2136670208 (2037MB)
avail mem = 2057482240 (1962MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xfc8b0 (23 entries)
bios0: vendor American Megatrends Inc. version 080015 date 06/23/2011
bios0: Standard XS35
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC MCFG SLIC OEMB HPET GSCI
acpi0: wakeup devices P0P1(S4) AZAL(S3) P0P4(S4) P0P5(S4) JLAN(S3) 
P0P6(S4) P0P7(S4) P0P8(S4) P0P9(S4) USB0(S3) USB1(S3) USB2(S3) USB3(S3) 
EUSB(S3)

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Atom(TM) CPU D525 @ 1.80GHz, 2154.83 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF

cpu0: 512KB 64b/line 8-way L2 cache
cpu0: apic clock running at 199MHz
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Atom(TM) CPU D525 @ 1.80GHz, 1795.50 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF

cpu1: 512KB 64b/line 8-way L2 cache
cpu2 at mainbus0: apid 1 (application processor)
cpu2: Intel(R) Atom(TM) CPU D525 @ 1.80GHz, 1795.50 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF

cpu2: 512KB 64b/line 8-way L2 cache
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Atom(TM) CPU D525 @ 1.80GHz, 1795.50 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,TM2,SSSE3,CX16,xTPR,PDCM,MOVBE,NXE,LONG,LAHF

cpu3: 512KB 64b/line 8-way L2 cache
ioapic0 at mainbus0: apid 4 pa 0xfec0, version 20, 24 pins
ioapic0: misconfigured as apic 3, remapped to apid 4
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 4 (P0P1)
acpiprt2 at acpi0: bus 1 (P0P4)
acpiprt3 at acpi0: bus 2 (P0P5)
acpiprt4 at acpi0: bus -1 (P0P6)
acpiprt5 at acpi0: bus 3 (P0P7)
acpiprt6 at acpi0: bus -1 (P0P8)
acpiprt7 at acpi0: bus -1 (P0P9)
acpiec0 at acpi0
acpicpu0 at acpi0
acpicpu1 at acpi0
acpicpu2 at acpi0
acpicpu3 at acpi0
acpitz0 at acpi0: critical temperature is 104 degC
acpibtn0 at acpi0: SLPB
acpibtn1 at acpi0: PWRB
acpivideo0 at acpi0: GFX0
acpivout0 at acpivideo0: LCD_
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 Intel Pineview DMI rev 0x02
vga1 at pci0 dev 2 function 0 Intel Pineview Video rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
intagp0 at vga1
agp0 at intagp0: aperture at 0xd000, size 0x1000
inteldrm0 at vga1: apic 4 int 16
drm0 at inteldrm0
Intel Pineview Video rev 0x02 at pci0 dev 2 function 1 not configured
azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x02: 
msi

azalia0: codecs: IDT 92HD81B1X
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x02: msi
pci1 at ppb0 bus 1
ppb1 at pci0 dev 28 function 1 Intel 82801GB PCIE rev 0x02: msi
pci2 at ppb1 bus 2
JMicron SD/MMC rev 0x80 at pci2 dev 0 function 0 not configured
sdhc0 at pci2 dev 0 function 2 JMicron SD Host Controller rev 0x80: 
apic 4 int 18

sdmmc0 at sdhc0
JMicron Memory Stick rev 0x80 at pci2 dev 0 function 3 not configured
jme0 at pci2 dev 0 function 5 JMicron JMC250 rev 0x03: apic 4 int 17, 
address 80:ee:73:13:59:fa

jmphy0 at jme0 phy 1: JMP211 10/100/1000 PHY, rev. 1
ppb2 at pci0 dev 28 function 3 Intel 82801GB PCIE rev 0x02: msi
pci3 at ppb2 bus 3
Realtek 8188CE rev 0x01 at pci3 dev 0 function 0 not configured
uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x02: apic 4 
int 23
uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x02: apic 4 
int 19
uhci2 at pci0 dev 29 function 2 Intel 

Re: serial over USB

[Comète]

Hi,


Is anybody using an USB-to-serial connection to an ALIX?


Yes i am. We have many Alix 2D13 boards that we use as routers running 
OpenBSD 5.2 on many sites. I use a USB-to-serial cable to configure them 
without problem but i've never used anything else than screen or 
minicom. You could try with these tools...


The default baud rate on alix boards is 38400 but can be changed in 
cmos setup if you want (pressing S during memory test).


Morgan

Re: spamd-setup in crontab

[Comète]

Thanks for the tips but does anyone know where this problem come from ?


Le 14/11/2011 10:13, Manuel Giraud a C)crit :

Hi,

I've just set up a mail server with 5.0. I have put spamd in front (in
default greylisting mode). It works great following the man pages but
when I activate the spamd-setup entry in root's crontab, I receive the
following error by mail:

spamd-setup: ftp: Could not add blacklist uatrapsWriting -: : Illegal seek
Broken pipe

If i call spamd-setup as root i have no error message. (note: I've used
the default /etc/mail/spamd.conf file). How can I sort this out?

Re: spamd-setup in crontab

[Comète]

Same error message since one week on an old 4.6 install. But i didn't 
find the origin yet...


Le 14/11/2011 10:13, Manuel Giraud a C)crit :

Hi,

I've just set up a mail server with 5.0. I have put spamd in front (in
default greylisting mode). It works great following the man pages but
when I activate the spamd-setup entry in root's crontab, I receive the
following error by mail:

spamd-setup: ftp: Could not add blacklist uatrapsWriting -: : Illegal seek
Broken pipe

If i call spamd-setup as root i have no error message. (note: I've used
the default /etc/mail/spamd.conf file). How can I sort this out?

dhcrelay and rc.d in OpenBSD 5.0

[Comète]

Hi,

In 4.9, i used to start dhcrelay using /etc/rc.local like this:

/usr/sbin/dhcrelay -i vlan2 10.0.45.11
/usr/sbin/dhcrelay -i vlan5 10.0.45.11
/usr/sbin/dhcrelay -i vlan7 10.0.45.11
/usr/sbin/dhcrelay -i vlan100 10.11.1.8 10.22.1.8
/usr/sbin/dhcrelay -i vlan101 10.11.1.8 10.22.1.8

but now with 5.0, i saw that there was a script /etc/rc.d/dhcrelay

so, what is now the best way to set up all my dhcp relays ?

Thanks

Re: dhcrelay and rc.d in OpenBSD 5.0

[Comète]

On Wed, Nov 09, 2011 at 05:36:54PM +0100, Comhte wrote:

Hi,

In 4.9, i used to start dhcrelay using /etc/rc.local like this:

/usr/sbin/dhcrelay -i vlan2 10.0.45.11
/usr/sbin/dhcrelay -i vlan5 10.0.45.11
/usr/sbin/dhcrelay -i vlan7 10.0.45.11
/usr/sbin/dhcrelay -i vlan100 10.11.1.8 10.22.1.8
/usr/sbin/dhcrelay -i vlan101 10.11.1.8 10.22.1.8

but now with 5.0, i saw that there was a script /etc/rc.d/dhcrelay

so, what is now the best way to set up all my dhcp relays ?

Le 09/11/2011 18:59, Antoine Jacoutot a icrit :

You can still use rc.local(8) for that, it's easier when you have multiple 
dhcrelay running.


Ok, thanks a lot.

Re: Control of OpenBSD through a web interface

[Comète]

Without the need of a web interface, if your goal is to automate some 
boring tasks, you can have a look at Fabric (http://fabfile.org). I use 
it with a lot of servers everyday and it's very easy to script whatever 
you want.


Morgan

Le 15/06/2011 20:36, Jean-Frangois SIMON a icrit :

Hi,

I have a remote controlled machine which I manage by ssh and yet I'm in the
process of making up a small web page through which basic commands can be
passed.

I have no clear idea regarding how to design this, in the first place I
thought about a cgi script written in C which I did manage to have it say
hello world at the present time, but not yet much more.

There's not yet clear clues regarding how to make this peace of web
interface talk to the system and I would like to make it clean by means of
elegant way to deal with web page-  system communication.

Any clue regarding the way it could be ?

Thanks,

Jean-Frangois

Re: Problems with 4.5 as a KVM guest

[Comète]

same problem for me too.

Michiel van Baak a icrit :
 On 10:36, Sun 05 Jul 09, stan wrote:
 I am trying to get OpenBSD 4.5 working as a guest OS using KVM on Linux. I
 have been able to get 4.4 to install and run fine, but 4.5 never gives me a
 login prompt. The last message I see is about setting tty flgas. On the
 reboot after first install t paniced.
 
 I have the same. Google shows some others have as well.
 Any sugestions as to what to do to get this working?
 
 Run openbsd on real hardware :)

Re: random crashes on a firewall with OpenBSD 4.5-stable

[Comète]

Well i have tested the RAM with memtest, no error.

maybe another idea ?

Thanks

Daniel Gracia Garallar a C)crit :
Oh and maybe bad RAM; I've hit some nasty errors with these faulty 
DIMMs... :/


ComC(te escribiC3:

Hi,

we are using the last OpenBSD 4.5-stable release on an old Compaq 
Proliant ML350 as a firewall with spamd. But we encounter randomly 
some system crashes (once a week or two weeks). The system always 
displays the same message:


uvm_fault (0xd080d9e00x0,0,1) - e

kernel: page fault trap, code=0

Stopped at cac_pci_l0_intr_pending+0xb
push 0x34 (%eax)

What do you think it could be ? I thought about maybe a hardware 
problem but where exactly...


I join my dmesg below

Thanks for your advice !

OpenBSD 4.5-stable (GENERIC) #9: Sun May 17 22:59:17 CEST 2009
r...@arwen.saintlo.fr:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) III CPU family 1266MHz (GenuineIntel 
686-class) 1.27 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE 


real mem  = 267988992 (255MB)
avail mem = 250839040 (239MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @ 
0xf, SMBIOS rev. 2.3 @ 0xec000 (31 entries)

bios0: vendor Compaq version D11 date 01/29/2002
bios0: Compaq ProLiant ML350 G2
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC SPCR
acpi0: wakeup devices PBTN(S5)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 3 (boot processor)
cpu0: apic clock running at 132MHz
ioapic0 at mainbus0: apid 8 pa 0xfec0, version 11, 16 pins
ioapic0: misconfigured as apic 0, remapped to apid 8
ioapic1 at mainbus0: apid 2 pa 0xfec01000, version 11, 16 pins
ioapic1: misconfigured as apic 0, remapped to apid 2
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 2 (PCI1)
acpicpu0 at acpi0
acpitz0 at acpi0: critical temperature 31 degC
acpibtn0 at acpi0: PBTN
bios0: ROM list: 0xc/0x8000 0xc8000/0x1800 0xc9800/0x1800 
0xcb000/0x1800 0xcc800/0x4000! 0xd0800/0x1800 0xee000/0x2000!

pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 ServerWorks CNB20LE Host rev 0x06
pchb1 at pci0 dev 0 function 1 ServerWorks CNB20LE Host rev 0x06
pci1 at pchb1 bus 2
em0 at pci1 dev 1 function 0 Intel PRO/1000T (82544GC) rev 0x02: 
apic 2 int 0 (irq 5), address 00:02:b3:b9:0d:a4
em1 at pci1 dev 2 function 0 Intel PRO/1000T (82544GC) rev 0x02: 
apic 2 int 2 (irq 15), address 00:02:b3:b9:0d:7d
re0 at pci1 dev 3 function 0 D-Link Systems DGE-528T rev 0x10: 
RTL8169/8110SB (0x1000), apic 2 int 4 (irq 15), address 00:1c:f0:6f:38:7e

rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 3
cac0 at pci1 dev 4 function 0 DEC Compaq SMART RAID 42xx rev 0x01: 
apic 2 int 6 (irq 11), Smart Array 431

scsibus0 at cac0: 1 targets
sd0 at scsibus0 targ 0 lun 0: Compaq, RAID1 vol #00,  SCSI2 0/direct 
fixed

sd0: 34727MB, 512 bytes/sec, 71122560 sec total
re1 at pci1 dev 5 function 0 D-Link Systems DGE-528T rev 0x10: 
RTL8169/8110SB (0x1000), apic 2 int 8 (irq 15), address 00:1c:f0:62:eb:12

rgephy1 at re1 phy 7: RTL8169S/8110S PHY, rev. 3
fxp0 at pci0 dev 1 function 0 Intel 8255x rev 0x08, i82559: apic 2 
int 10 (irq 5), address 00:02:a5:44:33:f7

inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
ahc0 at pci0 dev 2 function 0 Adaptec AHA-3960D U160 rev 0x01: apic 
2 int 11 (irq 11)

scsibus1 at ahc0: 16 targets, initiator 7
ahc1 at pci0 dev 2 function 1 Adaptec AHA-3960D U160 rev 0x01: apic 
2 int 11 (irq 11)

scsibus2 at ahc1: 16 targets, initiator 7
st0 at scsibus2 targ 6 lun 0: COMPAQ, SDT-9000, 4.20 SCSI2 
1/sequential removable
fxp1 at pci0 dev 4 function 0 Intel 8255x rev 0x08, i82559: apic 2 
int 13 (irq 10), address 00:08:02:45:29:64

inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4
vga1 at pci0 dev 5 function 0 ATI Rage XL rev 0x27
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
Compaq Netelligent ASMC rev 0x00 at pci0 dev 6 function 0 not 
configured

piixpm0 at pci0 dev 15 function 0 ServerWorks CSB5 rev 0x92: polling
iic0 at piixpm0
iic0: addr 0x28 00=a0 01=10 02=03 03=01 04=7f 05=04 06=03 07=00 08=00 
09=00 0b=00 0c=03 0d=41 0e=02 0f=00 10=00 11=05 18=3a 19=10 20=ff 
21=ff 28=00 29=00 2a=04 2b=00 2c=00 2d=00 2e=00 30=00 31=00 32=00 
38=00 39=00 3a=00 3b=00 3c=00 3d=00 3e=00 40=08 41=08 42=80 48=03 
49=03 4a=03 50=00 51=80 58=00 59=00 60=f0 61=f0 68=af 69=af 70=ff 
71=00 78=ff 79=ff 80=2b 81=37 82=ff 88=f0 89=f0 8a=f0 90=3c 91=46 
92=ff 98=37 99=41 9a=ff a0=22 a1=2d a2=80 a8=ff a9=ff b0=00 b1=00 
b8=06 b9=00 words 00=a0a0 01=1010 02=0303 03=0101 04=7f7f 05=0404 
06=0303 07=

spdmem0 at iic0 addr 0x50: 256MB SDRAM registered ECC PC133CL2
pciide0 at pci0 dev 15 function 1 ServerWorks CSB5 IDE rev 0x92: DMA
atapiscsi0 at pciide0 channel 0 drive 0
scsibus3 at atapiscsi0: 2 targets
cd0 at scsibus3 targ 0 lun 0: COMPAQ, CRD-8402B, 1.03 ATAPI 5/cdrom 
removable

cd0(pciide0:0:0): using PIO 

random crashes on a firewall with OpenBSD 4.5-stable

[Comète]

Hi,

we are using the last OpenBSD 4.5-stable release on an old Compaq 
Proliant ML350 as a firewall with spamd. But we encounter randomly some 
system crashes (once a week or two weeks). The system always displays 
the same message:


uvm_fault (0xd080d9e00x0,0,1) - e

kernel: page fault trap, code=0

Stopped at cac_pci_l0_intr_pending+0xb
push 0x34 (%eax)

What do you think it could be ? I thought about maybe a hardware problem 
but where exactly...


I join my dmesg below

Thanks for your advice !

OpenBSD 4.5-stable (GENERIC) #9: Sun May 17 22:59:17 CEST 2009
r...@arwen.saintlo.fr:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) III CPU family 1266MHz (GenuineIntel 
686-class) 1.27 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE

real mem  = 267988992 (255MB)
avail mem = 250839040 (239MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @ 0xf, 
SMBIOS rev. 2.3 @ 0xec000 (31 entries)

bios0: vendor Compaq version D11 date 01/29/2002
bios0: Compaq ProLiant ML350 G2
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC SPCR
acpi0: wakeup devices PBTN(S5)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 3 (boot processor)
cpu0: apic clock running at 132MHz
ioapic0 at mainbus0: apid 8 pa 0xfec0, version 11, 16 pins
ioapic0: misconfigured as apic 0, remapped to apid 8
ioapic1 at mainbus0: apid 2 pa 0xfec01000, version 11, 16 pins
ioapic1: misconfigured as apic 0, remapped to apid 2
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 2 (PCI1)
acpicpu0 at acpi0
acpitz0 at acpi0: critical temperature 31 degC
acpibtn0 at acpi0: PBTN
bios0: ROM list: 0xc/0x8000 0xc8000/0x1800 0xc9800/0x1800 
0xcb000/0x1800 0xcc800/0x4000! 0xd0800/0x1800 0xee000/0x2000!

pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 ServerWorks CNB20LE Host rev 0x06
pchb1 at pci0 dev 0 function 1 ServerWorks CNB20LE Host rev 0x06
pci1 at pchb1 bus 2
em0 at pci1 dev 1 function 0 Intel PRO/1000T (82544GC) rev 0x02: apic 
2 int 0 (irq 5), address 00:02:b3:b9:0d:a4
em1 at pci1 dev 2 function 0 Intel PRO/1000T (82544GC) rev 0x02: apic 
2 int 2 (irq 15), address 00:02:b3:b9:0d:7d
re0 at pci1 dev 3 function 0 D-Link Systems DGE-528T rev 0x10: 
RTL8169/8110SB (0x1000), apic 2 int 4 (irq 15), address 00:1c:f0:6f:38:7e

rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 3
cac0 at pci1 dev 4 function 0 DEC Compaq SMART RAID 42xx rev 0x01: 
apic 2 int 6 (irq 11), Smart Array 431

scsibus0 at cac0: 1 targets
sd0 at scsibus0 targ 0 lun 0: Compaq, RAID1 vol #00,  SCSI2 0/direct fixed
sd0: 34727MB, 512 bytes/sec, 71122560 sec total
re1 at pci1 dev 5 function 0 D-Link Systems DGE-528T rev 0x10: 
RTL8169/8110SB (0x1000), apic 2 int 8 (irq 15), address 00:1c:f0:62:eb:12

rgephy1 at re1 phy 7: RTL8169S/8110S PHY, rev. 3
fxp0 at pci0 dev 1 function 0 Intel 8255x rev 0x08, i82559: apic 2 int 
10 (irq 5), address 00:02:a5:44:33:f7

inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4
ahc0 at pci0 dev 2 function 0 Adaptec AHA-3960D U160 rev 0x01: apic 2 
int 11 (irq 11)

scsibus1 at ahc0: 16 targets, initiator 7
ahc1 at pci0 dev 2 function 1 Adaptec AHA-3960D U160 rev 0x01: apic 2 
int 11 (irq 11)

scsibus2 at ahc1: 16 targets, initiator 7
st0 at scsibus2 targ 6 lun 0: COMPAQ, SDT-9000, 4.20 SCSI2 
1/sequential removable
fxp1 at pci0 dev 4 function 0 Intel 8255x rev 0x08, i82559: apic 2 int 
13 (irq 10), address 00:08:02:45:29:64

inphy1 at fxp1 phy 1: i82555 10/100 PHY, rev. 4
vga1 at pci0 dev 5 function 0 ATI Rage XL rev 0x27
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
Compaq Netelligent ASMC rev 0x00 at pci0 dev 6 function 0 not configured
piixpm0 at pci0 dev 15 function 0 ServerWorks CSB5 rev 0x92: polling
iic0 at piixpm0
iic0: addr 0x28 00=a0 01=10 02=03 03=01 04=7f 05=04 06=03 07=00 08=00 
09=00 0b=00 0c=03 0d=41 0e=02 0f=00 10=00 11=05 18=3a 19=10 20=ff 21=ff 
28=00 29=00 2a=04 2b=00 2c=00 2d=00 2e=00 30=00 31=00 32=00 38=00 39=00 
3a=00 3b=00 3c=00 3d=00 3e=00 40=08 41=08 42=80 48=03 49=03 4a=03 50=00 
51=80 58=00 59=00 60=f0 61=f0 68=af 69=af 70=ff 71=00 78=ff 79=ff 80=2b 
81=37 82=ff 88=f0 89=f0 8a=f0 90=3c 91=46 92=ff 98=37 99=41 9a=ff a0=22 
a1=2d a2=80 a8=ff a9=ff b0=00 b1=00 b8=06 b9=00 words 00=a0a0 01=1010 
02=0303 03=0101 04=7f7f 05=0404 06=0303 07=

spdmem0 at iic0 addr 0x50: 256MB SDRAM registered ECC PC133CL2
pciide0 at pci0 dev 15 function 1 ServerWorks CSB5 IDE rev 0x92: DMA
atapiscsi0 at pciide0 channel 0 drive 0
scsibus3 at atapiscsi0: 2 targets
cd0 at scsibus3 targ 0 lun 0: COMPAQ, CRD-8402B, 1.03 ATAPI 5/cdrom 
removable

cd0(pciide0:0:0): using PIO mode 4, DMA mode 2
ohci0 at pci0 dev 15 function 2 ServerWorks OSB4/CSB5 USB rev 0x05: 
apic 8 int 10 (irq 10), version 1.0, legacy support

pchb2 at pci0 dev 15 function 3 ServerWorks CSB5 LPC rev 0x00
usb0 at ohci0: USB 

Problem with binat and ftp-proxy

[Comète]

Hi,

i run an OpenBSD 4.3 firewall with 3 network interfaces : 1 LAN, 1 WAN
and 1 DMZ
I use ftp-proxy to allow ftp client connexions from my LAN and it works
well. On my DMZ, i have multiple servers (web,dns,smtp,etc...) and they
have all one different public IP. So, i use binat rules to nat them
easily and it works fine too.
But i need to allow these servers on DMZ to make FTP client connexions
to external servers too. So I have put a rdr rule like the one i did for
my lan to make my DMZ servers use the ftp-proxy daemon. But this doesn't
work, i can only connect to external FTP servers from my DMZ servers if
disable the binat rule associated with the server which try to connect.

My question is, is there a mean to do what i want to do ? :)

Thanks a lot !

below an extract of my pf rules:

nat on $ext_if from !$ext_if to any - $firewall_pub
nat-anchor ftp-proxy/*

binat on $ext_if from $dns1_priv to any - $dns1_pub
binat on $ext_if from $dns2_priv to any - $dns2_pub
binat on $ext_if from $web_ville_priv to any - $web_ville_pub
binat on $int_if from $web_ville_priv to any - $web_ville_pub

rdr-anchor ftp-proxy/*
rdr on { $int_if $dmz1_if } proto tcp from any to any port ftp - lo0
port 8021

...

pass in quick log on $dmz1_if inet proto tcp from $DMZ1 to lo0 port 8021
pass in quick log on $int_if inet proto tcp from acces_ftp_direct to
lo0 port 8021
anchor ftp-proxy/*

...

Re: Problem with binat and ftp-proxy

[Comète]

Indeed, this doesn't work either. I think i will try what Stuart 
proposed whereas i don't really see how to do...


thanks

Calomel a icrit :

See if this works for you. Using the ftp proxy with binat probably
will not work. Lets say 100.20.30.40 is the external ip. 


# cat /etc/rc.local
 /usr/sbin/ftp-proxy -a 100.20.30.40 -p 8021 -q bulk

# cat /etc/pf.conf
 Translation ###
rdr on $DMZIf inet proto tcp from $DMZ to any port ftp - lo0 port 8021

 Filtering #
pass in log on $DMZIf inet proto tcp from $DMZ to lo0 port 8021 $TcpState 
$FtpIntIf


 Ftp-Proxy how to (forward and reverse proxy)
 https://calomel.org/ftp_proxy.html

--
  Calomel @ https://calomel.org
  Open Source Research and Reference


On Tue, Sep 30, 2008 at 01:09:25PM +0200, Com??te wrote:

Hi,

i run an OpenBSD 4.3 firewall with 3 network interfaces : 1 LAN, 1 WAN
and 1 DMZ
I use ftp-proxy to allow ftp client connexions from my LAN and it works
well. On my DMZ, i have multiple servers (web,dns,smtp,etc...) and they
have all one different public IP. So, i use binat rules to nat them
easily and it works fine too.
But i need to allow these servers on DMZ to make FTP client connexions
to external servers too. So I have put a rdr rule like the one i did for
my lan to make my DMZ servers use the ftp-proxy daemon. But this doesn't
work, i can only connect to external FTP servers from my DMZ servers if
disable the binat rule associated with the server which try to connect.

My question is, is there a mean to do what i want to do ? :)

Thanks a lot !

below an extract of my pf rules:

nat on $ext_if from !$ext_if to any - $firewall_pub
nat-anchor ftp-proxy/*

binat on $ext_if from $dns1_priv to any - $dns1_pub
binat on $ext_if from $dns2_priv to any - $dns2_pub
binat on $ext_if from $web_ville_priv to any - $web_ville_pub
binat on $int_if from $web_ville_priv to any - $web_ville_pub

rdr-anchor ftp-proxy/*
rdr on { $int_if $dmz1_if } proto tcp from any to any port ftp - lo0
port 8021

...

pass in quick log on $dmz1_if inet proto tcp from $DMZ1 to lo0 port 8021
pass in quick log on $int_if inet proto tcp from acces_ftp_direct to
lo0 port 8021
anchor ftp-proxy/*

...

Re: Problem with binat and ftp-proxy

[Comète]

This was a good advice Stuart ! Thanks !
I used a pair of nat and rdr rule to replace my binat rule and it works
as expected !

thanks again guys.

Stuart Henderson a icrit :

On 2008-09-30, Comhte [EMAIL PROTECTED] wrote:

I use ftp-proxy to allow ftp client connexions from my LAN and it works
well. On my DMZ, i have multiple servers (web,dns,smtp,etc...) and they
have all one different public IP. So, i use binat rules to nat them
easily and it works fine too.
But i need to allow these servers on DMZ to make FTP client connexions
to external servers too. So I have put a rdr rule like the one i did for
my lan to make my DMZ servers use the ftp-proxy daemon. But this doesn't
work, i can only connect to external FTP servers from my DMZ servers if
disable the binat rule associated with the server which try to connect.

My question is, is there a mean to do what i want to do ? :)


pf.conf(5)

 Evaluation order of the translation rules is dependent on the type of the
 translation rules and of the direction of a packet.  binat rules are al-
 ways evaluated first.  Then either the rdr rules are evaluated on an in-
 bound packet or the nat rules on an outbound packet.  Rules of the same
 type are evaluated in the same order in which they appear in the ruleset.
 The first matching rule decides what action is taken.

So you need to disable the binat rule and use a pair of nat and
rdr instead.

Re: security fixes for packages

[Comète]

uh uh ! Don't be so nervous guy !
I just would like to know the reason why these fixes weren't provided. I 
can understand now as you tell me (so gently...) that there isn't enough
people to work on it. Ok i know the time such projects can take and it 
would have been easier to tell things like this, but when i asked the 
question, the first answer given to me was this link:

http://marc.info/?l=openbsd-miscm=119931837024703w=2
where it is said that -stable and -release are no use... i don't agree 
with this and it doesn't answer to my question i think.
So please, it's my turn to give you an advice, as you know to give them 
very well: keep cool :) and smile a bit...


anyway the thread is closed, thanks.

Comete

Daniel Ouellet a icrit :

Comhte wrote:
Ok, so does it mean that -stable or -release are useless ??? and 
people buy useless CDs every 6 monthes ? I can't believe it.

I really don't understand why these fixes are not provided anymore.


Then do something about it and start contributing too. May be you will 
see how painful this is to do when you will actually do something like 
that and then have big mouth clueless guys like you acting like you do 
now complaining about your freely given time to the project and 
thankless users like you.


They give you their time and you have the guts to complain and asked 
them to do more then they already do freely and on their own time!? No 
wonder that they do less and less in some special cases like this.


Keep complaining and may be one day it will simply not be available at 
all anymore. Then what will you do... Apologies then?



i don't want to go back to Debian... ;)


No one stop you by the way and I am sure you will not be miss either 
with your ungrateful attitude.


With all due respect, you should think before you write this one, really.

It is given free out of goodwill to you and you think you deserved more?

Regards,

Daniel

Re: security fixes for packages

[Comète]

So i make a proposal to avoid clueless guy like me to ask this 
question which seems to cause so many troubles:

What do you think about posting a message on this page:
http://www.openbsd.org/pkg-stable.html
which could say in a better english as mine :) :
OpenBSD -stable packages are not maintained anymore due to a lack of 
resources. If you are interested, you are welcome to give your help. ?


Comete


LEFIEUX Morgan a icrit :

Hi,

i was looking at this page http://www.openbsd.org/pkg-stable.html and 
would like to know why there is no security fixes for packages after 4.1 
release ?


Thanks.

Comete

Re: security fixes for packages

[Comète]

Ok, so does it mean that -stable or -release are useless ??? and people 
buy useless CDs every 6 monthes ? I can't believe it.

I really don't understand why these fixes are not provided anymore.

i don't want to go back to Debian... ;)

Stijn a icrit :

Check the archives. This question has been answered already several times.

Here's an answer from Nick Holland on such a question:
http://marc.info/?l=openbsd-miscm=119931837024703w=2

BR,
Stijn

LEFIEUX Morgan wrote:

Hi,

i was looking at this page http://www.openbsd.org/pkg-stable.html and 
would like to know why there is no security fixes for packages after 
4.1 release ?


Thanks.

Comete

Re: About Squid port for OpenBSD 4.2

[Comète]

Thanks but that doesn't help me, could you explain please ?

Alexander Schrijver a icrit :

openldap includes are installed in /usr/local/include/ and libraries
in /usr/local/lib/.

About Squid port for OpenBSD 4.2

[Comète]

Hi,

i'm trying to recompile SQUID 2.6-STABLE13 port for OpenBSD 4.2
with LDAP auth helpers and ldap_group helpers support and get errors
during the compilation. This is what i modified in the Makefile:

...
CONFIGURE_ARGS+=--datadir=${PREFIX}/share/squid \
   --enable-auth=basic digest \
   --enable-arp-acl \
   --enable-basic-auth-helpers=NCSA YP LDAP \
   --enable-digest-auth-helpers=password \
   --enable-external-acl-helpers=ip_user unix_group
ldap_group \
   --enable-removal-policies=lru heap \
   --enable-ssl \
   --enable-storeio=ufs diskd null \
   --localstatedir=${SQUIDDIR}
...

i precise that i have installed openldap-client package before to get
the ldap libraries and this is what i get when building Squid:

# make
Making all in LDAP
if cc -DHAVE_CONFIG_H -I.
-I/usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP 


-I../../../include
-I/usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/include -O2
-pipe -MT squid_ldap_auth.o -MD -MP -MF .deps/squid_ldap_auth.Tpo -c
-o squid_ldap_auth.o
/usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c; 


then mv -f .deps/squid_ldap_auth.Tpo .deps/squid_ldap_auth.Po; else
rm -f .deps/squid_ldap_auth.Tpo; exit 1; fi
/usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:121:18: 


lber.h: No such file or directory
/usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:122:18: 


ldap.h: No such file or directory
/usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:135: 


error: `LDAP_SCOPE_SUBTREE' undeclared here (not in a function)
/usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:139: 


error: `LDAP_DEREF_NEVER' undeclared here (not in a function)
/usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:145: 


error: `LDAP_NO_LIMIT' undeclared here (not in a function)
/usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:152: 


error: syntax error before '*' token
/usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:206: 


error: syntax error before '*' token
/usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c: 


In function `squid_ldap_errno':
/usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:208: 


error: `ld' undeclared (first use in this function)
/usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:208: 


error: (Each undeclared identifier is reported only once
/usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:208: 


error: for each function it appears in.)
/usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c: 


At top level:
/usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:211: 


error: syntax error before '*' token
/usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c: 


In function `squid_ldap_set_aliasderef':
/usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:213: 


error: `ld' undeclared (first use in this function)
/usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:213: 


error: `deref' undeclared (first use in this function)
/usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c: 


At top level:
/usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:216: 


error: syntax error before '*' token
/usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c: 


In function `squid_ldap_set_referrals':
/usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:218: 


error: `referrals' undeclared (first use in this function)
/usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:219: 


error: `ld' undeclared (first use in this function)
/usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:219: 


error: `LDAP_OPT_REFERRALS' undeclared (first use in this function)
/usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c: 


At top level:
/usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c:224: 


error: syntax error before '*' token
/usr/obj/ports/squid-2.6.STABLE13/squid-2.6.STABLE13/helpers/basic_auth/LDAP/squid_ldap_auth.c: 


In function `squid_ldap_set_timelimit':

ACLs in CUPS with users/groups in a LDAP directory

[Comète]

Hi,

i would like to use the ACLs in CUPS to give access to users and groups 
from a LDAP directory. I already did this on a linux machine with 
pam-ldap and nss-ldap, but on OpenBSD, pam and nss are not supported. So 
 i wonder if it was possible to do this another way ?


thanks

Comete