Re: DNS resolution after VPN?

[Timo Myyrä]

Stuart Henderson  [2021-07-20, 11:24 +]:

> On 2021-07-20, Timo Myyrä  wrote:
>
>> Hi,
>>
>> Just started testing the new dhcleased,resolvd stuff and noticed that
>> DNS resolution won't work correctly once I open my VPN connection. Name
>> resolution works for external domains but not for the internal domains
>> resolved by the interal DNS servers.
>>
>> I'm using openconnect to setup VPN tunnel and it runs the
>> /etc/vpnc-script to setup networking after initing the tunnel. This
>> script adds the nameserver entries into /etc/resolv.conf.
>> But these entries in /etc/resolv.conf are done below following line:
>> nameserver 127.0.0.1 # resolvd: unwind
>>
>> This means the unwind is handling the DNS query passing and it doesn't
>> seem to notice the DNS server entries given by openconnect.
>>
>> What would be a good method to get DNS resolution working after running
>> openconnect? I'd like to prepend the DNS servers from VPN connection so
>> they are queried first, then fallback to other servers.
>>
>> Timo
>>
>>
>
> Untested but I would use unwind and try something like
>
> forwarder 
> preference recursor oDoT-dhcp dhcp stub
> force forwarder {vpndomain.com}
>
> For the forwarder address you might be able to statically configure
> it, if not then you could modify vpnc-script to have it update the
> address in unwind.conf and reload it.

Thanks, this works somewhat:

forwarder { $ip1 $ip2 }
force accept bogus forwarder { $internal_domain1 }
force accept bogus forwarder { $internal_domain2 }
...

A bit cubersome to list all internal domains but I there shouldn't be
that many of them in day-to-day use.
The DNS server IP's are pretty much static so manually adjusting the
unwind.conf is doable.

Timo

DNS resolution after VPN?

[Timo Myyrä]

Hi,

Just started testing the new dhcleased,resolvd stuff and noticed that
DNS resolution won't work correctly once I open my VPN connection. Name
resolution works for external domains but not for the internal domains
resolved by the interal DNS servers.

I'm using openconnect to setup VPN tunnel and it runs the
/etc/vpnc-script to setup networking after initing the tunnel. This
script adds the nameserver entries into /etc/resolv.conf.
But these entries in /etc/resolv.conf are done below following line:
nameserver 127.0.0.1 # resolvd: unwind

This means the unwind is handling the DNS query passing and it doesn't
seem to notice the DNS server entries given by openconnect.

What would be a good method to get DNS resolution working after running
openconnect? I'd like to prepend the DNS servers from VPN connection so
they are queried first, then fallback to other servers.

Timo

Re: pinentry-tty in OpenBSD? to be used with emacs

[Timo Myyrä]

I don't know about pinentry but emacs freezes sound familiar. Have you tried 
using the workaround given in following site: 
https://omecha.info/blog/org-capture-freezes-emacs.html

Timo

On Sun, Dec 8, 2019, at 17:27, Rudolf Sykora wrote:
> Dear list,
> 
> 
> I've been using mu4e to read email, and the passwords are read using
> gpg2 and the gpg-agent (both 2.2.12). Nowadays I use emacs running in a
> terminal (somehow any graphical emacs keeps to freeze randomly when I
> use mu4e together with the org-capture feature; terminal emacs just
> works). Until recently I used to ssh -X to my box to read email (and
> used a graphical window to enter my passphrase), but now I would like to
> use mosh instead (so that hibernating and waking up my notebook does not
> interrupt the connection). But as mosh cannot be used for X forwarding,
> I need to use a non-graphical means of entering a passphrase to
> gpg-agent. On linux, I believe, there is a pinentry-tty program, but
> that one is not available on OpenBSD. Also I found mentions of
> pinentry-emacs. I tried to install the elpa pinentry package, added
> allow-emacs-pinentry to ~/.gnupg/gpg-agent.conf, but whatever I tried, I
> don't see any sign that it ever does something.  There is also a
> pinentry-ncurses program available on OpenBSD, but that one seems to not
> play well with my emacs; I see some prompt in emacs, but I cannot enter
> the needed information.  Can anybody help me to get some way to enter a
> passphrase to be relayed to gpg-agent inside emacs running in a
> terminal?
> 
> I am using emacs 26.3 on OpenBSD 6.6.
> 
> 
> Thanks for any comments!
> 
> Rudolf Sykora
> 
>

Re: Question regarding wi-fi card support

[Timo Myyrä]

flauenroth  writes:

> Dear list, 
>
>
> I am in the need for a proper wi-fi solution for my Lenovo E485. 
>
> The original card was some qualcom stuff that went right into my
> trashcan. I´ve replaced it with a Intel Wireless AC 9260 2230 2x2 + BT
> Gigabit vPro since it was catching dust but no success. Now before I
> spent money on a proper card I want to make sure the card is supported
> and works properly. I am aware of the OpenBSD network FAQ and the
> hardware listed there but hopefully some fellow OpenBSD user can
> recommend a card. My EDIMAX EW-7811UN Wireless USB Adapter works
> pretty decent but it´s no real solution.
>
> Thanks in advance and have a nice weekend. 
>
>
> Fabian

I replaced the default wireless card with following which has worked just fine 
on my e485:
> iwm0 at pci4 dev 0 function 0 "Intel Dual Band Wireless-AC 8265" rev 0x78, msi

Timo

Re: OpenBSD on thinkpad x280

[Timo Myyrä]

Tristan Pilat  writes:

> Hi OpenBSD users and devs!
>
> I got a new laptop in January, a thinkpad x280. At that time my system
> running 'current' was very slow and I assumed the video acceleration
> wasn't working so I just sadly stuck with Debian for a while. I then
> saw that an update of the inteldrm landed in current a month ago or so
> so I tried yesterday to reinstall current. Unfortunately the system is
> still barely usable. Could you guys tell me why the video acceleration
> isn't handled? Isn't Kaby lake compatible for now? I saw this article
> (https://jcs.org/2017/05/22/xiaomiair) which says it is.
>
> The weird thing is that sometimes the computer is usable (not that fast 
> though) and sometimes it's very slow.
>
> Here's the dmesg:
>
>>OpenBSD 6.5-current (GENERIC.MP) #38: Thu May 23 22:22:19 MDT 2019
>>   dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>>real mem = 8322945024 (7937MB)
>>avail mem = 8060583936 (7687MB)
>>mpath0 at root
>>scsibus0 at mpath0: 256 targets
>>mainbus0 at root
>>bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x6f0bb000 (63 entries)
>>bios0: vendor LENOVO version "N20ET36W (1.21 )" date 09/06/2018
>>bios0: LENOVO 20KF001QFR
>>acpi0 at bios0: rev 2
>>acpi0: sleep states S0 S3 S4 S5
>>acpi0: tables DSDT FACP SSDT SSDT TPM2 UEFI SSDT SSDT HPET APIC MCFG
>>ECDT SSDT SSDT BOOT BATB SLIC SSDT SSDT SSDT LPIT WSMT SSDT SSDT SSDT
>>DBGP DBG2 MSDM DMAR ASF! FPDT UEFI BGRT
>>acpi0: wakeup devices GLAN(S4) XHC_(S3) XDCI(S4) HDAS(S4) RP01(S4)
>>PXSX(S4) RP02(S4) PXSX(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) PXSX(S4)
>>RP06(S4) PXSX(S4) RP07(S4) [...]
>>acpitimer0 at acpi0: 3579545 Hz, 24 bits
>>acpihpet0 at acpi0: 2399 Hz
>>acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
>>cpu0 at mainbus0: apid 0 (boot processor)
>>cpu0: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz, 1496.89 MHz, 06-8e-0a
>>cpu0:
>>FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
>>cpu0: 256KB 64b/line 8-way L2 cache
>>cpu0: smt 0, core 0, package 0
>>mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
>>cpu0: apic clock running at 23MHz
>>cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
>>cpu1 at mainbus0: apid 2 (application processor)
>>cpu1: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz, 1496.51 MHz, 06-8e-0a
>>cpu1:
>>FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
>>cpu1: 256KB 64b/line 8-way L2 cache
>>cpu1: smt 0, core 1, package 0
>>cpu2 at mainbus0: apid 4 (application processor)
>>cpu2: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz, 1496.51 MHz, 06-8e-0a
>>cpu2:
>>FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
>>cpu2: 256KB 64b/line 8-way L2 cache
>>cpu2: smt 0, core 2, package 0
>>cpu3 at mainbus0: apid 6 (application processor)
>>cpu3: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz, 1496.51 MHz, 06-8e-0a
>>cpu3:
>>FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
>>cpu3: 256KB 64b/line 8-way L2 cache
>>cpu3: smt 0, core 3, package 0
>>cpu4 at mainbus0: apid 1 (application processor)
>>cpu4: Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz, 1496.51 MHz, 06-8e-0a
>>cpu4:

Re: Issue with pkg_add against snapshots

[Timo Myyrä]

Ken M  writes:

> Example:
>
> https://fastly.cdn.openbsd.org/pub/OpenBSD/snapshots/packages/amd64/compton-0.1_beta2p2.tgz:
>  ftp: SSL write error: handshake failed: error:1404C044:SSL 
> routines:ST_OK:internal error
> signify: gzheader truncated
>
> Basically all my packages are showing this after a doas pkg_add -uUvVm
>
> Checking the link it resolves, tried another mirror, smae thing...
>
> Ken

There was some error in libssl which has been already fixed.
I did cvs up in /usr/src/lib/libssl and 'make install' in there to fix it. Also
the HTTP mirrors should work too while new snapshot is made.

timo

Re: Ways to get PostgreSQL working with base httpd?

[Timo Myyrä]

Chris Bennett  writes:

> I know that PostgreSQL can be accessed via a socket or through
> 127.0.0.1.
> It's crucial since I've set it up for quite a lot of functionality on
> some of my websites.
>
> What are good and secure ways to accomplish this?
> And why is one or the other better?
> I learned all kinds of stuff about the operator group in an
> unrelated thread, which has changed me to not give that out to any users
> at all.
>
> I just couldn't google or DuckDuckGo anything at all about this.
> Plus I would also like to know a little bit more than just cut and paste
> if anyone has time to offer that up.
>
> OT?
> I am assuming that for perl, since I wanted a full and clean startup.pl
> for mod_perl, I already know what modules I need to add from studying
> each module back a while ago.
>
> Thanks,
> Chris Bennett

I read your mail and I still don't know what you are trying to accomplish.
Could you give a more specific questions so they are easier to answer.

Timo

Re: Wireless not working with Linksys

[Timo Myyrä]

Stefan Sperling <s...@stsp.name> writes:

> On Sat, Sep 23, 2017 at 12:18:22PM +0300, Timo Myyrä wrote:
>> $ doas ifconfig iwn0 scan | grep MyNet
>> nwid MyNet chan 11 bssid xx:xx:xx:xx:xx:xx -21dBm HT-MCS23 
>> privacy,short_preamble,short_slottime,wpa2,wpa1 
>
> Try disabling WPA1 on your AP. In your AP's configuration,
> look for config items such as "WPA2", "CCMP", "AES" and enable them.
> Disable anything labeled "WPA1" and/or "TKIP".

Ah, this worked. Switched the AP security mode from "WPA2/WPA Personal mixed" to
"WPA2 Personal" and now I can associate and get DHCP lease from the AP. 

Seems the wpa1 support is needed when the AP is supporting both in order to
negotiate which mode to support.

Timo

Re: Wireless not working with Linksys

[Timo Myyrä]

timo.my...@wickedbsd.net (Timo Myyrä) writes:

> "Ted Unangst" <t...@tedunangst.com> writes:
>
>> TimoMyyrä wrote:
>>
>>> I just got Linksys 1900ACS wireless router and it works great, except with
>>> OpenBSD. I've got Thinkpad T430s running -current and I can't get DHCP 
>>> lease from the new
>>> router. 
>>> I noticed lines: "dhclient[22294]: fatal in iwn0: yielding responsibility" 
>>> in
>>> messages file which might be relating to this.
>>> 
>>> Any ideas what could be the problem and how to begin debugging this further?
>>
>> Does it work with 6.0? Does the network appear in scan?
>
> Haven't tested the older release, as I said just got the new router.
> I can try later with older bsd.rd to see if it works with it.
>
> But scan results see the 2.4Ghz network but not the 5Ghz network:
>
> $ doas ifconfig iwn0 scan | grep MyNet
> nwid MyNet chan 11 bssid xx:xx:xx:xx:xx:xx -21dBm HT-MCS23 
> privacy,short_preamble,short_slottime,wpa2,wpa1 
>
>
> timo

Actually, did quick test and seems that I can get link and ip when booting 6.0
bsd.rd.

Timo

Re: Wireless not working with Linksys

[Timo Myyrä]

"Ted Unangst"  writes:

> TimoMyyrä wrote:
>
>> I just got Linksys 1900ACS wireless router and it works great, except with
>> OpenBSD. I've got Thinkpad T430s running -current and I can't get DHCP lease 
>> from the new
>> router. 
>> I noticed lines: "dhclient[22294]: fatal in iwn0: yielding responsibility" in
>> messages file which might be relating to this.
>> 
>> Any ideas what could be the problem and how to begin debugging this further?
>
> Does it work with 6.0? Does the network appear in scan?

Haven't tested the older release, as I said just got the new router.
I can try later with older bsd.rd to see if it works with it.

But scan results see the 2.4Ghz network but not the 5Ghz network:

$ doas ifconfig iwn0 scan | grep MyNet
nwid MyNet chan 11 bssid xx:xx:xx:xx:xx:xx -21dBm HT-MCS23 
privacy,short_preamble,short_slottime,wpa2,wpa1 


timo

Wireless not working with Linksys

[Timo Myyrä]

Hi,

I just got Linksys 1900ACS wireless router and it works great, except with
OpenBSD. I've got Thinkpad T430s running -current and I can't get DHCP lease 
from the new
router. 
I noticed lines: "dhclient[22294]: fatal in iwn0: yielding responsibility" in
messages file which might be relating to this.

Any ideas what could be the problem and how to begin debugging this further?

Timo


OpenBSD 6.2-beta (RAMDISK_CD) #103: Mon Sep 18 23:35:48 MDT 2017
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
real mem = 16973611008 (16187MB)
avail mem = 16455442432 (15693MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdae9c000 (68 entries)
bios0: vendor LENOVO version "G7ETA4WW (2.64 )" date 10/08/2015
bios0: LENOVO 2355C16
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SLIC TCPA SSDT SSDT SSDT HPET APIC MCFG ECDT FPDT ASF! 
UEFI UEFI POAT SSDT SSDT DMAR UEFI DBG2
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz, 2594.57 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: TSC frequency 2594566800 Hz
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpiec0 at acpi0
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG_)
acpiprt2 at acpi0: bus 2 (EXP1)
acpiprt3 at acpi0: bus 3 (EXP2)
acpiprt4 at acpi0: bus 4 (EXP3)
acpiprt5 at acpi0: bus -1 (EXP5)
acpiprt6 at acpi0: bus -1 (EXP6)
acpiprt7 at acpi0: bus -1 (EXP7)
acpiprt8 at acpi0: bus -1 (EXP8)
acpicpu at acpi0 not configured
acpipwrres at acpi0 not configured
acpitz at acpi0 not configured
"PNP0C0D" at acpi0 not configured
"PNP0C0E" at acpi0 not configured
"LEN0071" at acpi0 not configured
"LEN0015" at acpi0 not configured
"SMO1200" at acpi0 not configured
"PNP0C0A" at acpi0 not configured
"ACPI0003" at acpi0 not configured
"LEN0078" at acpi0 not configured
"LEN0068" at acpi0 not configured
"PNP0C14" at acpi0 not configured
"PNP0C14" at acpi0 not configured
"PNP0C14" at acpi0 not configured
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core 3G Host" rev 0x09
"Intel HD Graphics 4000" rev 0x09 at pci0 dev 2 function 0 not configured
xhci0 at pci0 dev 20 function 0 "Intel 7 Series xHCI" rev 0x04: msi
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev 3.00/1.00 
addr 1
"Intel 7 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured
em0 at pci0 dev 25 function 0 "Intel 82579LM" rev 0x04: msi, address 
3c:97:0e:60:8d:ca
ehci0 at pci0 dev 26 function 0 "Intel 7 Series USB" rev 0x04: apic 2 int 16
usb1 at ehci0: USB revision 2.0
uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 
addr 1
"Intel 7 Series HD Audio" rev 0x04 at pci0 dev 27 function 0 not configured
ppb0 at pci0 dev 28 function 0 "Intel 7 Series PCIE" rev 0xc4: msi
pci1 at ppb0 bus 2
ppb1 at pci0 dev 28 function 1 "Intel 7 Series PCIE" rev 0xc4: msi
pci2 at ppb1 bus 3
iwn0 at pci2 dev 0 function 0 "Intel Centrino Advanced-N 6205" rev 0x34: msi, 
MIMO 2T2R, MoW, address 60:67:20:f8:17:f4
ppb2 at pci0 dev 28 function 2 "Intel 7 Series PCIE" rev 0xc4: msi
pci3 at ppb2 bus 4
sdhc0 at pci3 dev 0 function 0 "Ricoh 5U823 SD/MMC" rev 0x04: apic 2 int 18
sdhc0: SDHC 3.0, 50 MHz base clock
sdmmc0 at sdhc0: 4-bit, sd high-speed, mmc high-speed
ehci1 at pci0 dev 29 function 0 "Intel 7 Series USB" rev 0x04: apic 2 int 23
usb2 at ehci1: USB revision 2.0
uhub2 at usb2 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 
addr 1
"Intel QM77 LPC" rev 0x04 at pci0 dev 31 function 0 not configured
ahci0 at pci0 dev 31 function 2 "Intel 7 Series AHCI" rev 0x04: msi, AHCI 1.3
ahci0: port 0: 6.0Gb/s
ahci0: port 1: 1.5Gb/s
scsibus0 at ahci0: 32 targets
sd0 at scsibus0 targ 0 lun 0:  SCSI3 0/direct fixed 
naa.50025388400c34c6
sd0: 488386MB, 512 bytes/sector, 1000215216 sectors, thin
cd0 at scsibus0 targ 1 lun 0:  ATAPI 5/cdrom 
removable
"Intel 7 Series SMBus" rev 0x04 at pci0 dev 31 function 3 not configured
isa0 at mainbus0
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard
efifb0 at mainbus0: 1600x900, 32bpp
wsdisplay0 at efifb0 mux 1: console (std, vt100 emulation), using wskbd0
"Lenovo H5321 gw" rev 2.00/0.00 addr 2 at uhub0 port 4 not configured
uhub3 at uhub1 port 1 configuration 1 interface 0 "vendor 0x8087 product 
0x0024" rev 2.00/0.00 addr 2
"Lenovo Integrated Smart Card 

Re: PF packets being blocked...why?

[Timo Myyrä]

Hmm, have you enabled net.inet.ip.forwarding?

Timo

Steve Williams  writes:

> Hi,
>
> Packets from vether are going out NAT'd no problem.  I have 100%
> Internet access on 192.168.123.0/24.
>
> From my understanding, the "pass out quick inet all flags S/SA" allow
> packets out and should create state for the connection for any ipv4
> packets on any interface.
>
> Subsequent packets (these seem to have the "P"ush flag set) should
> match the state and not get blocked.
>
> Hum... perhaps the states are expiring too fast?
>
> How do I find out if the state existed at the time that the packet was
> blocked?
>
> Thanks,
> Steve W.
>
>
> On 26/06/2017 12:09 PM, Ville Valkonen wrote:
>> Hello,
>>
>> a quick glance and it seems you aren't allowing vether traffic to pass.
>>
>> --
>> Regards,
>> Ville
>>
>> On Jun 26, 2017 8:19 PM, "Steve Williams"
>> > > wrote:
>>
>> Hi,
>>
>> New install of OpenBSD 6.1 on apu2.  Love the little box.
>>
>> I have em0 as the connection to the Internet and I bridged em1 and
>> em2 together on 192.168.123.0.
>>
>> I've been using OpenBSD since the 2.7 days, but have never run NAT
>> so this is my first foray into that world.  I have followed the
>> FAQ on "building a router" almost vebatim. It's working fine, but
>> I am seeing some packets blocked with no effect on browsing behind
>> the OpenBSD box.
>>
>> My ruleset:
>>
>> # pfctl -sr
>> match in all scrub (no-df random-id)
>> match out on egress inet from ! (egress:network) to any nat-to
>> (egress:0) round-robin
>> block drop log quick from  to any
>> block drop log quick from  to any
>> block drop log all
>> pass out quick inet all flags S/SA
>> pass in on vether0 inet all flags S/SA
>> pass in on em1 inet all flags S/SA
>> pass in on em2 inet all flags S/SA
>> pass in on egress inet proto tcp from any to (egress) port = 22
>> flags S/SA
>> pass in on egress inet proto tcp from any to (egress) port = 993
>> flags S/SA
>> pass in on egress inet proto tcp from any to (egress) port = 80
>> flags S/SA
>> pass in on egress inet proto tcp from any to (egress) port = 443
>> flags S/SA
>>
>> # tcpdump -n -e -ttt -i pflog0# from man pflog man page
>> Jun 26 09:45:54.241145 rule 4/(match) block in on vether0:
>> 192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375) ack 1 win
>> 1805 (DF)
>> Jun 26 09:45:54.701283 rule 4/(match) block in on vether0:
>> 192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375) ack 1 win
>> 1805 (DF)
>> Jun 26 09:45:55.623757 rule 4/(match) block in on vether0:
>> 192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375) ack 1 win
>> 1805 (DF)
>> Jun 26 09:45:57.460985 rule 4/(match) block in on vether0:
>> 192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375) ack 1 win
>> 1805 (DF)
>> Jun 26 09:46:01.150933 rule 4/(match) block in on vether0:
>> 192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375) ack 1 win
>> 1805 (DF)
>> Jun 26 09:46:08.522599  rule 4/(match) block in on
>> vether0: 192.168.123.2.38022 > 216.58.216.165.443: P 0:1375(1375)
>> ack 1 win 1805 (DF)
>> Jun 26 09:46:47.479083 rule 4/(match) block in on vether0:
>> 192.168.123.2.46549 > 172.217.3.206.443: P
>> 4042174712:4042174735(23) ack 2564095917 win 1593 (DF)
>> Jun 26 09:46:47.896295 rule 4/(match) block in on vether0:
>> 192.168.123.2.53452 > 23.23.126.54.443: P
>> 4003838125:4003838156(31) ack 2044539346 win 65535 (DF)
>> Jun 26 09:46:47.896662 rule 4/(match) block in on vether0:
>> 192.168.123.2.53452 > 23.23.126.54.443: R 31:31(0) ack 1 win 65535
>> (DF)
>> Jun 26 09:46:47.896674 rule 4/(match) block in on vether0:
>> 192.168.123.2.59762 > 216.58.216.163.443: P
>> 113176577:113176608(31) ack 2619790719 win 1403 (DF)
>> Jun 26 09:46:47.896685 rule 4/(match) block in on vether0:
>> 192.168.123.2.59762 > 216.58.216.163.443: F 31:31(0) ack 1 win
>> 1403 (DF)
>> Jun 26 09:46:47.896711 rule 4/(match) block in on vether0:
>> 192.168.123.2.39279 > 31.13.77.6.443: P 4254697166:4254697197(31)
>> ack 2615144509 win 1545 (DF)
>> Jun 26 09:46:47.896735 rule 4/(match) block in on vether0:
>> 192.168.123.2.39279 > 31.13.77.6.443: R 31:31(0) ack 1 win 1545 (DF)
>>
>> # pfctl -R 4 -sr
>> block drop log all
>>
>> It is not all https traffice that is being blocked as I can hit my
>> banking site, etc.  Does anyone have an idea why are these packets
>> being blocked?
>>
>> Thanks,
>> Steve Williams
>>
>>
>>

Re: Unable to boot encrypted drive

[Timo Myyrä]

Joel Sing <j...@sing.id.au> writes:

> On Friday 06 January 2017 15:23:32 Timo Myyrä wrote:
>
>> Here's the output of installboot on running system:
>> $ doas installboot -v sd1
>> Using / as root
>> installing bootstrap on /dev/rsd1c
>> using first-stage /usr/mdec/biosboot, second-stage /usr/mdec/boot
>> sd1: softraid volume with 1 disk(s)
>> sd1: installing boot loader on softraid volume
>> /usr/mdec/boot is 6 blocks x 16384 bytes
>> sd0a: installing boot blocks on /dev/rsd0c, part offset 1104
>> master boot record (MBR) at sector 0
>> partition 0: type 0xEF offset 64 size 960
>> partition 3: type 0xA6 offset 1024 size 1000205876
>> /usr/mdec/biosboot will be written at sector 1024
>>
>> and heres from bsd.rd shell:
>> Using /mnt as root
>> installing bootstrap on /dev/rsd1c
>> using first-stage /mnt/usr/mdec/biosboot, second-stage /mnt/usr/mdec/boot
>> sd1: softraid volume with 1 disk(s)
>> sd1: installing boot loader on softraid volume
>> /mnt/usr/mdec/boot is 6 blocks x 16384 bytes
>> sd0a: installing boot blocks on /dev/rsd0c, part offset 1104
>> master boot record (MBR) at sector 0
>>  partition 0: type 0xEF offset 64 size 960
>>  partition 3: type 0xA6 offset 1024 size 1000205876
>> /mnt/usr/mdec/biosboot will be written at sector 1024
>>
>> Looking at the output it seems to just copy the regular boot files and
> skips
>> processing EFI stuff. And as the system boots with EFI it uses the old
>> bootloader and hence the problems with opening the crypto volume.
>
> Correct - it is installing the MBR/PBR boot block and boot loader, rather
than
> the EFI one.
>
>> Should there be check to see if the booted device has i partition with efi
>> folder and copy the EFI bootloader in that case?
>
> The code in question is the findgptefisys() function in
> src/usr.sbin/installboot/i386_installboot.c. It is likely that there is
> something up with your disk configuration (missing protective MBR,
incorrect
> GPT header, incorrect GPT signature, corrupt checksum, etc) that is making
it
> think that this is an MBR system, rather than a GPT one. That said, it is
also
> possible that it is a bug/corner case...
>
> If you're able to sprinkle some printf's through that function and
determine
> what check is failing, it would help narrow down the issue. You probably
also
> want to check the MBR and GPT to see what is actually on the disk.
>

Yeah, printfs and (also running fdisk) showed that I was missing the
protective
MBR. Shortly after I also learned that this is not fixed by running "fdisk -ig
sd0"
on a running system... At least I did backups before running it.
After reinstalling  I don't have the issue anymore.

Timo

Re: Unable to boot encrypted drive

[Timo Myyrä]

Joel Sing <j...@sing.id.au> writes:

> On Friday 06 January 2017 12:24:02 Timo Myyrä wrote:
>> And found it. Seems the efi partitions boot loader isn't updated.
>
> It should be - `installboot -r /mnt ${disk}` is run at the end of the
upgrade.
>
>> Manually copying the efi bootloader fixed the boot:
>> https://blog.jasper.la/openbsd-uefi-bootloader-howto/
>>
>> Why isn't the installer handling this?
>
> I cannot immediately see any reason why it should not be, but I do not have
a
> GPT machine available to test/verify - I presume there are no failures
> reported towards the end of the upgrade?
>
> Can you try running `installboot -v` against the softraid volume?
>
> If that works, can you boot bsd.rd, drop into a shell, mount the root volume
> on /mnt, then run `installboot -v -r /mnt` against the root disk?

Upgrades have seem to been successful when I've done them. I've used the
normal,
boot bsd.rd, do upgrade cycle for a while and haven't noticed any errors.

Here's the output of installboot on running system:
$ doas installboot -v sd1
Using / as root
installing bootstrap on /dev/rsd1c
using first-stage /usr/mdec/biosboot, second-stage /usr/mdec/boot
sd1: softraid volume with 1 disk(s)
sd1: installing boot loader on softraid volume
/usr/mdec/boot is 6 blocks x 16384 bytes
sd0a: installing boot blocks on /dev/rsd0c, part offset 1104
master boot record (MBR) at sector 0
partition 0: type 0xEF offset 64 size 960
partition 3: type 0xA6 offset 1024 size 1000205876
/usr/mdec/biosboot will be written at sector 1024

and heres from bsd.rd shell:
Using /mnt as root
installing bootstrap on /dev/rsd1c
using first-stage /mnt/usr/mdec/biosboot, second-stage /mnt/usr/mdec/boot
sd1: softraid volume with 1 disk(s)
sd1: installing boot loader on softraid volume
/mnt/usr/mdec/boot is 6 blocks x 16384 bytes
sd0a: installing boot blocks on /dev/rsd0c, part offset 1104
master boot record (MBR) at sector 0
partition 0: type 0xEF offset 64 size 960
partition 3: type 0xA6 offset 1024 size 1000205876
/mnt/usr/mdec/biosboot will be written at sector 1024

Looking at the output it seems to just copy the regular boot files and skips
processing EFI stuff. And as the system boots with EFI it uses the old
bootloader and hence the problems with opening the crypto volume.

Should there be check to see if the booted device has i partition with efi
folder and copy the EFI bootloader in that case?

In any case, I have following options on BIOS if they have any relation to
this:
UEFI/Legacy boot: UEFI only
  CMS Support: yes

Timo

Re: Unable to boot encrypted drive

[Timo Myyrä]

timo.my...@wickedbsd.net (Timo Myyrä) writes:

> Martin Ziemer <hor...@horrad.de> writes:
>
>>> I recently changed my FDE passphrase and now my laptop won't boot.
>>> Bootloader just gives me "invalid passphrase" when I try to unlock it on
boot.
>>> Its a bit odd as I can boot usb stick and manually open the drive and
upgrade
>>> the openbsd installation on it. It just won't work on the boot.
>> Some weeks ago I had a similar problem. The problem started, because
>> i changed the password from an system running an newer snapshot than
>> the encrypted System. (So "invalid passphrase" can also mean "too new
>> fde")
>>
>> The solution for me was starting an update from a new bsd.rd. After
>> the update everything was fine again.
>
> Hmm, seems to be something with the boot version.
> When I boot my installation I get:
> EFIBOOT 3.29 and I can't unlock the volume.
>
> I'm bit stuck on how to proceed, I downloaded miniroot60.fs from amd64
snapshots
> and made bootable stick. I can boot the system with it, manually unlock the
drive and do
> an upgrade. But after the upgrade I still can't boot the system. Shouldn't
the
> upgrade update the boot version as well?
>
> Timo

And found it. Seems the efi partitions boot loader isn't updated.
Manually copying the efi bootloader fixed the boot:
https://blog.jasper.la/openbsd-uefi-bootloader-howto/

Why isn't the installer handling this?

Timo

Re: Unable to boot encrypted drive

[Timo Myyrä]

Martin Ziemer  writes:

>> I recently changed my FDE passphrase and now my laptop won't boot.
>> Bootloader just gives me "invalid passphrase" when I try to unlock it on 
>> boot.
>> Its a bit odd as I can boot usb stick and manually open the drive and upgrade
>> the openbsd installation on it. It just won't work on the boot.
> Some weeks ago I had a similar problem. The problem started, because
> i changed the password from an system running an newer snapshot than
> the encrypted System. (So "invalid passphrase" can also mean "too new
> fde")
>
> The solution for me was starting an update from a new bsd.rd. After
> the update everything was fine again.

Hmm, seems to be something with the boot version.
When I boot my installation I get:
EFIBOOT 3.29 and I can't unlock the volume.

I'm bit stuck on how to proceed, I downloaded miniroot60.fs from amd64 snapshots
and made bootable stick. I can boot the system with it, manually unlock the 
drive and do
an upgrade. But after the upgrade I still can't boot the system. Shouldn't the
upgrade update the boot version as well?

Timo

Unable to boot encrypted drive

[Timo Myyrä]

Hi,

I recently changed my FDE passphrase and now my laptop won't boot.
Bootloader just gives me "invalid passphrase" when I try to unlock it on boot.
Its a bit odd as I can boot usb stick and manually open the drive and upgrade
the openbsd installation on it. It just won't work on the boot.

Would this be related to recent boot changes or would it be different issue?

Timo

OpenBSD 6.0-current (RAMDISK_CD) #106: Thu Jan  5 20:38:21 MST 2017
bu...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD
real mem = 16973611008 (16187MB)
avail mem = 16455446528 (15693MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdae9c000 (68 entries)
bios0: vendor LENOVO version "G7ETA4WW (2.64 )" date 10/08/2015
bios0: LENOVO 2355C16
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SLIC TCPA SSDT SSDT SSDT HPET APIC MCFG ECDT FPDT ASF! 
UEFI UEFI POAT SSDT SSDT DMAR SSDT UEFI DBG2
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-3320M CPU @ 2.60GHz, 2594.56 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: TSC frequency 2594564560 Hz
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpiec0 at acpi0
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (PEG_)
acpiprt2 at acpi0: bus 2 (EXP1)
acpiprt3 at acpi0: bus 3 (EXP2)
acpiprt4 at acpi0: bus 4 (EXP3)
acpiprt5 at acpi0: bus -1 (EXP5)
acpiprt6 at acpi0: bus -1 (EXP6)
acpiprt7 at acpi0: bus -1 (EXP7)
acpiprt8 at acpi0: bus -1 (EXP8)
acpicpu at acpi0 not configured
acpipwrres at acpi0 not configured
acpitz at acpi0 not configured
"PNP0C0D" at acpi0 not configured
"PNP0C0E" at acpi0 not configured
"LEN0071" at acpi0 not configured
"LEN0015" at acpi0 not configured
"SMO1200" at acpi0 not configured
"PNP0C0A" at acpi0 not configured
"ACPI0003" at acpi0 not configured
"LEN0078" at acpi0 not configured
"LEN0068" at acpi0 not configured
"PNP0C14" at acpi0 not configured
"PNP0C14" at acpi0 not configured
"PNP0C14" at acpi0 not configured
"INT3392" at acpi0 not configured
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Core 3G Host" rev 0x09
"Intel HD Graphics 4000" rev 0x09 at pci0 dev 2 function 0 not configured
xhci0 at pci0 dev 20 function 0 "Intel 7 Series xHCI" rev 0x04: msi
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev 3.00/1.00 
addr 1
"Intel 7 Series MEI" rev 0x04 at pci0 dev 22 function 0 not configured
em0 at pci0 dev 25 function 0 "Intel 82579LM" rev 0x04: msi, address 
3c:97:0e:60:8d:ca
ehci0 at pci0 dev 26 function 0 "Intel 7 Series USB" rev 0x04: apic 2 int 16
usb1 at ehci0: USB revision 2.0
uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 
addr 1
"Intel 7 Series HD Audio" rev 0x04 at pci0 dev 27 function 0 not configured
ppb0 at pci0 dev 28 function 0 "Intel 7 Series PCIE" rev 0xc4: msi
pci1 at ppb0 bus 2
ppb1 at pci0 dev 28 function 1 "Intel 7 Series PCIE" rev 0xc4: msi
pci2 at ppb1 bus 3
iwn0 at pci2 dev 0 function 0 "Intel Centrino Advanced-N 6205" rev 0x34: msi, 
MIMO 2T2R, MoW, address 60:67:20:f8:17:f4
ppb2 at pci0 dev 28 function 2 "Intel 7 Series PCIE" rev 0xc4: msi
pci3 at ppb2 bus 4
sdhc0 at pci3 dev 0 function 0 "Ricoh 5U823 SD/MMC" rev 0x04: apic 2 int 18
sdhc0: SDHC 3.0, 50 MHz base clock
sdmmc0 at sdhc0: 4-bit, sd high-speed, mmc high-speed
ehci1 at pci0 dev 29 function 0 "Intel 7 Series USB" rev 0x04: apic 2 int 23
usb2 at ehci1: USB revision 2.0
uhub2 at usb2 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00 
addr 1
"Intel QM77 LPC" rev 0x04 at pci0 dev 31 function 0 not configured
ahci0 at pci0 dev 31 function 2 "Intel 7 Series AHCI" rev 0x04: msi, AHCI 1.3
ahci0: port 0: 6.0Gb/s
ahci0: port 1: 1.5Gb/s
scsibus0 at ahci0: 32 targets
sd0 at scsibus0 targ 0 lun 0:  SCSI3 0/direct fixed 
naa.50025388400c34c6
sd0: 488386MB, 512 bytes/sector, 1000215216 sectors, thin
cd0 at scsibus0 targ 1 lun 0:  ATAPI 5/cdrom 
removable
"Intel 7 Series SMBus" rev 0x04 at pci0 dev 31 function 3 not configured
isa0 at mainbus0
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard
efifb0 at mainbus0: 1600x900, 32bpp
wsdisplay0 at efifb0 mux 1: console (std, vt100 emulation), using wskbd0
umass0 at uhub0 port 1 configuration 1 interface 0 "SanDisk Corporation Cruzer 
Mini" rev 2.00/0.20 addr 2
umass0: using SCSI over Bulk-Only
scsibus1 at umass0: 2 targets, initiator 0

Re: log monitoring recommendations?

[Timo Myyrä]

Patrick Dohman  writes:

> Any opinions/ideas regarding log monitoring. 
> Preferably something with definable actions.
> Hoping to test/obtain a fail2ban equivalent for BSD
>
> The following utilities were located in openports.se
> hatchet
> logsentry
> logsurfer
> swatch
>
> Regards
> Patrick
>

Check out SEC which is also in the ports.
http://simple-evcorr.sourceforge.net/SEC-tutorial/article.html

Timo

Losing display during boot

[Timo Myyrä]

Hi,

My NAS servers motherboard died and I'm trying to resurrect it with old
 motherboard I found. But I'm having trouble making it boot. The server seems 
to boot
 but gets stuck or starts to use wrong display. Last messages shown on screen 
is:

wskbd0 at pckbd0: console keyboard, using wsdisplay1

I guess the display at that point goes to wsdisplay1 which as far as I can tell,
doesn't exist. But the screen I'm viewing is wsdisplay0.

I recall having similar "missing display" issue a while back on my desktop. Then
it was caused by OpenBSD selecting 'wrong' display on boot as my desktop has
integrated Intel graphics adapter and discrete AMD card. But this is MSI
IM-945GC mini-itx motherboard so it shouldn't have multiple adapters so I'm a
bit stuck.

Looking at kernel config with boot -c I see following:
wsdisplay at vga0
wsdisplay0 at efifb0

This seems a bit curios as efifb seems to be linked to uefi and this motherboard
doesn't have it.
In any case I tried to disable efifb but still got stuck on same part.

Any ideas what I could try?

Timo

Re: Quick APU2 review

[Timo Myyrä]

Otto Moerbeek  writes:

> On Fri, Apr 15, 2016 at 06:12:41PM +0200, Christian Weisgerber wrote:
>
>> I bought a PC Engines APU2 this week and thought I'd write up my
>> impressions.
>> 
>> TL;DR: Recommended.
>> 
>> The obvious point of reference is the Soekris net6501.  Now, that
>> comparison isn't really fair since the net6501 is several years old
>> and the APU2 is a new design.  Then again, Soekris canceled their
>> successor model (after stringing along potential customers for a
>> year), so they're without a competitive product now.  Tough for them.
>> 
>> http://pcengines.ch/apu2c4.htm
>> https://soekris.com/products/net6501-1.html
>> 
>> Here's what the APU2 lacks: It has only three Ethernet ports instead
>> of four, no front-side Ethernet LEDs, no PCI-Express expansion slot,
>> no LOM.  On the plus side, it has two USB 3.0 ports instead of a
>> single USB 2.0 one.
>> 
>> Performance: Single-core speed of the APU2 seems to be comparable
>> to the net6501-70 (the fast model), but the APU2 has four cores
>> instead of two and it has AES-NI, which provides a big boost for
>> many crypto applications.  A "make -j4 build" took exactly 120
>> minutes.
>> 
>> Heat: The APUs have an innovative design where the CPU heat sink
>> is coupled to the case.  Since this is typically assembled by the
>> customer, a lot of attention is drawn to it and people obsess over
>> the CPU temperature.  It's a nonissue.  Case temperature is about
>> the same as for the net6501, where people are far less concerned,
>> even a "make -j4 build" didn't raise the CPU temperature much (57C
>> to 64.5C), and the design ensures good heat flow.  Ask me again in
>> six months how it did in a 33C summer environment, but I expect no
>> problems whatsoever.
>> 
>> The firmware is still being worked on; it's cobbled together from
>> coreboot, a MemTest86 module (takes about 1h45 for one pass on the
>> apu2c4), and iPXE.  It works.  I've booted via PXE, from an external
>> USB key, and from mSATA.
>> 
>> Miscellaneous: The case is really compact.  The order of the Ethernet
>> ports is reversed when compared to the Soekris and not marked on
>> the case.
>> 
>> And yes, the APU2 is fully supported by OpenBSD 5.9.
>> 
>> Overall, I like it a lot.  Compared to the net6501, the APU2 is
>> much cheaper and more powerful.  Compared to Intel Rangeley devices,
>> it is readily available in small quantities (like, one) and, to
>> pick the one that you can easily buy, again much cheaper than the
>> RCC-VE 2440.
>> 
>> My APU2 is serving as my home gateway now, replacing a net6501.
>> It feels good to be running an AMD CPU again. :-)
>> 
>> 
>> PS: I bought mine from NRG Systems GmbH, Augsburg, Germany, who
>> sell convenient board/case/PSU/SSD kits.  Board and case were
>> already assembled.
>> -- 
>> Christian "naddy" Weisgerber  na...@mips.inka.de
>
> A dmesg! My kingdom for a dmesg!
>  ;-)
>
>   -otto

Here's one from my apu.

Timo

OpenBSD 5.9-current (GENERIC.MP) #1973: Tue Mar 29 19:42:47 MDT 2016
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4261076992 (4063MB)
avail mem = 4127580160 (3936MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdffb7020 (7 entries)
bios0: vendor coreboot version "APU2A_20150928-19-gbc96368-dirty" date 
02/11/2016
bios0: PC Engines apu2
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S2 S3 S4 S5
acpi0: tables DSDT FACP SSDT APIC HEST SSDT SSDT HPET
acpi0: wakeup devices PWRB(S4) PBR4(S4) PBR5(S4) PBR6(S4) PBR7(S4) PBR8(S4) 
UOH1(S3) UOH3(S3) UOH5(S3) XHC0(S4)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD GX-412TC SOC, 998.37 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,ITSC,BMI1
cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line 
16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD GX-412TC SOC, 998.11 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,ITSC,BMI1
cpu1: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB 64b/line 
16-way L2 

Re: Mg scroll-up issue in xterm

[Timo Myyrä]

Christian Weisgerber <na...@mips.inka.de> writes:

> On 2015-12-27, Timo Myyrä <timo.my...@wickedbsd.net> wrote:
>
>> I noticed issue with mg scroll-up keybinding when "xterm*locale: true" is
set in
>> ~/.Xresources.
>> When the above option is set, mg requires that you type C-v C-v to
scroll-up
>> instead of single C-v. I'm not sure if this is bug or feature.
>
> That would be a bug, but I can't reproduce this.

Just did a bit more testing.
After stripping my ~/.Xresources to following:

xterm*loginShell: true
xterm*locale: utf-8

And using 'xrdb ~/.Xresources', opening new xterm I get the expected
behaviour.
If I change the config 's/utf-8/true/', use xrdb to update settings and open
new
Xterm I get the odd behaviour. It doesn't seem to be mg specific. The Xterm
itself shows this. With first config the key combination "^v^m" inserts
literal
^M to shell. With latter config shell does new line as though ^v never
happened.

By looking at Xterm man page seems that locale:true assumes all input is
utf-8
encoded already, with locale:utf-8 xterm uses luit to convert input to utf-8
with it. So input given to xterm isn't utf-8 on OpenBSD and needs luit to
convert it?

Timo

Mg scroll-up issue in xterm

[Timo Myyrä]

Hi,

I noticed issue with mg scroll-up keybinding when "xterm*locale: true" is set in
~/.Xresources.
When the above option is set, mg requires that you type C-v C-v to scroll-up
instead of single C-v. I'm not sure if this is bug or feature.
I just found it bit odd as other bindings such as C-f, C-s etc. seem to work
fine, its just the C-v that needs to be given twice.

Timo

Re: Mg scroll-up issue in xterm

[Timo Myyrä]

Tati Chevron <chev...@swabsit.com> writes:

> On Sun, Dec 27, 2015 at 06:21:41PM +0200, Timo Myyrä wrote:
>>I noticed issue with mg scroll-up keybinding when "xterm*locale: true" is
set in
>>~/.Xresources.
>>When the above option is set, mg requires that you type C-v C-v to
scroll-up
>>instead of single C-v. I'm not sure if this is bug or feature.
>
> ^V is traditionally used on UNIX like systems to 'insert the next character
> literally', for example if you type Control-V, Enter at the shell, you will
> produce ^M, or Control-V, Backspace will produce ^? which is a backspace
> character.
>
> This is what you are seeing, the first Control-v is swallowed before
reaching
> mg.

If that would be the case, shouldn't the mg insert ^M for when pressed C-v
C-m?
Currently it inserts newline.
Noticed following when trying this outside of mg in xterm running ksh.
With my full Xresources file, when pressing C-v C-m it inserts literal ^M to
shell prompt. In this xterm window the mg works normally.

In xterm running the stripped down Xresources, in shell prompt C-v C-m
inserts
newline as though C-v never happened. And there the mg requires the two C-v
calls to scroll up. Seems that I need to type C-v C-v C-m to get literal ^M
inserted to shell prompt. I'm not seeing how Xterm*locale:true should affect
the
C-v use in shell.

Timo

Re: Ifstated help needed

[Timo Myyrä]

Stuart Henderson <s...@spacehopper.org> writes:

> On 2015-12-24, Timo Myyrä <timo.my...@wickedbsd.net> wrote:
>
>> Hi,
>>
>> I'm trying to use ifstated to switch between my laptops wireless and wired
>> interface.
>> Currently it works when I don't have cable plugged in but once I plug in
the
>> cable the ifstated starts to switch between wired and wireless states and
won't
>> stay in wired state.
>>
>> So it seems the em0.link.down condition gets triggered in wired state but
why?
>> The dhclient seems to run so the em0 should have IP and so it should be
up.
>
> Kill ifstated and watch 'route -n monitor' when you plug in. Does state
> change more than once e.g. does it go up/down/up during negotiation
> with the switch? If so, you may need a sleep before re-checking link state.
>
> As it stands, I don't think this ifstated.conf is doing anything that
> you can't do just by running a dhclient on each interface all the time,
> dhclient already tracks link state itself, multiple priority routes
> work fine, and you aren't doing anything to alleviate the problem
> I mentioned in the other thread that does exist with that setup.

I'll look into the route stuff to see if I find the culprit.

I was operating under assumption that continual scanning of wireless networks
would drain more power. I'm using the bob beck's wireless scripts which
periodicly tries to associate with AP. When running both interfaces with
dhclient the wireless interface would try to scan and associate with AP even
if
I had ethernet cable attached.
Though I've already made the first mistake by going with assumption and not
actually measuring the power use the wireless would have.

I could probably tweak the wifinwid script a bit to skip AP scanning when em0
has carrier present.

But I'm testing the dhclient setup but it doesn't seem to work correctly. Once
I connect
ethernet cable I lose connectivity. Seems dhclient notices the em0 is up and
polls address for the interface and sets the routes:

$ ifconfig
...
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 3c:97:0e:60:8d:ca
priority: 0
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 192.168.0.105 netmask 0xff00 broadcast 192.168.0.255
iwn0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 60:67:20:f8:17:f4
priority: 4
groups: wlan
media: IEEE802.11 autoselect (HT-MCS7 mode 11n)
status: active
ieee80211: nwid TW-EAV510v4A4A3 chan 11 bssid 00:1e:ab:0a:a4:a4 -28dBm
wpakey  wpaprotos wpa1,wpa2 wpaakms psk wpaciphers tkip,ccmp
wpagroupcipher tkip
inet 192.168.0.106 netmask 0xff00 broadcast 192.168.0.255
...

$ route -n show
Routing tables

Internet:
DestinationGatewayFlags   Refs  Use   Mtu  Prio Iface
default192.168.0.254  UGS01 - 8 em0
default192.168.0.254  UGS27 -12 iwn0
127.0.0.1  127.0.0.1  UHl00 32768 1 lo0
192.168.0/24   192.168.0.106  UCP12 - 4 iwn0
192.168.0/24   192.168.0.105  UCP00 - 4 em0
192.168.0.105  3c:97:0e:60:8d:ca  UHLl   02 - 1 em0
192.168.0.106  60:67:20:f8:17:f4  UHLl   0   40 - 1 iwn0
192.168.0.254  link#2 UHLc   02 - 4 iwn0
192.168.0.255  192.168.0.106  UHPb   00 - 1 iwn0
192.168.0.255  192.168.0.105  UHPb   00 - 1 em0

Timo

Re: Ifstated help needed

[Timo Myyrä]

Zé Loff <zel...@zeloff.org> writes:

>> On 24/12/2015, at 10:07, Timo Myyrä <timo.my...@wickedbsd.net> wrote:
>>
>> Hi,
>>
>> I'm trying to use ifstated to switch between my laptops wireless and wired
>> interface
>
> man trunk

Just switched from using trunk as it won't renew the addresses. And I'd like
to
run the wireless down when I'm not using it to reduce power use.

>
>> Currently it works when I don't have cable plugged in but once I plug in
the
>> cable the ifstated starts to switch between wired and wireless states and
won't
>> stay in wired state.
>>
>> So it seems the em0.link.down condition gets triggered in wired state but
why?
>> The dhclient seems to run so the em0 should have IP and so it should be
up.
>>
>> Timo
>>
>> daemon:
>> Dec 24 10:43:29 phobos ifstated[31262]: changing state to wired
>> Dec 24 10:43:29 phobos dhclient[2004]: iwn0 down; exiting
>> Dec 24 10:43:33 phobos dhclient[22725]: DHCPREQUEST on em0 to
255.255.255.255
>> Dec 24 10:43:33 phobos dhclient[22725]: DHCPACK from 192.168.0.254
(00:1e:ab:0a:a4:a3)
>> Dec 24 10:43:33 phobos dhclient[22725]: bound to 192.168.0.105 -- renewal
in 43200 seconds.
>> Dec 24 10:43:33 phobos ifstated[31262]: changing state to wireless
>> Dec 24 10:43:33 phobos dhclient[5042]: em0 down; exiting
>> Dec 24 10:43:37 phobos dhclient[9581]: DHCPREQUEST on iwn0 to
255.255.255.255
>> Dec 24 10:43:37 phobos dhclient[9581]: DHCPACK from 192.168.0.254
(00:1e:ab:0a:a4:a3)
>> Dec 24 10:43:37 phobos dhclient[9581]: bound to 192.168.0.106 -- renewal in
43200 seconds.
>> Dec 24 10:44:29 phobos dhclient[9921]: DHCPREQUEST on iwn0 to
255.255.255.255
>> Dec 24 10:44:31 phobos findnwid: attached to network TW-EAV510v4A4A3 on
interface iwn0
>> ...
>>
>> ifstated.conf:
>> nwid  = '"[[ $(ifconfig iwn0 | sed -n \'/status/s/.*status: //p\') ==
\'active\' ]]" every 2'
>>
>> init-state wired
>>
>> state wireless {
>>init {
>>run "ifconfig em0 down"
>>run "ifconfig iwn0 up"
>>run "dhclient iwn0"
>>}
>>
>># check if we have active wireless network
>># if not, re-check for networks
>>if ! $nwid && em0.link.down
>>run "/usr/local/bin/findnwid iwn0"
>>
>>if em0.link.up
>>set-state wired
>> }
>>
>> state wired {
>>init {
>>run "ifconfig iwn0 down"
>>run "ifconfig em0 up"
>>run "dhclient em0"
>>}
>>
>>if em0.link.down
>>set-state wireless
>> }

Ifstated help needed

[Timo Myyrä]

Hi,

I'm trying to use ifstated to switch between my laptops wireless and wired
interface.
Currently it works when I don't have cable plugged in but once I plug in the
cable the ifstated starts to switch between wired and wireless states and won't
stay in wired state.

So it seems the em0.link.down condition gets triggered in wired state but why?
The dhclient seems to run so the em0 should have IP and so it should be up.

Timo

daemon:
Dec 24 10:43:29 phobos ifstated[31262]: changing state to wired
Dec 24 10:43:29 phobos dhclient[2004]: iwn0 down; exiting
Dec 24 10:43:33 phobos dhclient[22725]: DHCPREQUEST on em0 to 255.255.255.255
Dec 24 10:43:33 phobos dhclient[22725]: DHCPACK from 192.168.0.254 
(00:1e:ab:0a:a4:a3)
Dec 24 10:43:33 phobos dhclient[22725]: bound to 192.168.0.105 -- renewal in 
43200 seconds.
Dec 24 10:43:33 phobos ifstated[31262]: changing state to wireless
Dec 24 10:43:33 phobos dhclient[5042]: em0 down; exiting
Dec 24 10:43:37 phobos dhclient[9581]: DHCPREQUEST on iwn0 to 255.255.255.255
Dec 24 10:43:37 phobos dhclient[9581]: DHCPACK from 192.168.0.254 
(00:1e:ab:0a:a4:a3)
Dec 24 10:43:37 phobos dhclient[9581]: bound to 192.168.0.106 -- renewal in 
43200 seconds.
Dec 24 10:44:29 phobos dhclient[9921]: DHCPREQUEST on iwn0 to 255.255.255.255
Dec 24 10:44:31 phobos findnwid: attached to network TW-EAV510v4A4A3 on 
interface iwn0
...

ifstated.conf:
nwid  = '"[[ $(ifconfig iwn0 | sed -n \'/status/s/.*status: //p\') == 
\'active\' ]]" every 2'

init-state wired

state wireless {
init {
run "ifconfig em0 down"
run "ifconfig iwn0 up"
run "dhclient iwn0"
}

# check if we have active wireless network
# if not, re-check for networks
if ! $nwid && em0.link.down
run "/usr/local/bin/findnwid iwn0"

if em0.link.up
set-state wired
}

state wired {
init {
run "ifconfig iwn0 down"
run "ifconfig em0 up"
run "dhclient em0"
}

if em0.link.down 
set-state wireless
}

Re: The rant about browsers

[Timo Myyrä]

23.8.2014 17:31, Gregory Edigarov kirjoitti:

Hello Everybody.

Before anything I want to say big thanks to the developers of OpenBSD, 
for maintaining it. After some ~10 years of being the loyal OpenBSD 
user, I never had any problem with OpenBSD itself, besides may be 2 or 
three times.
It is impressive. Every other system I use gives problems from time to 
time, so I am thanking you, guys, every time I type a command.


Now onto the bitter part. For some reason, since, may be, AFAIR 5.2 
times, I do not see any browser that is working flawlessly under our 
loved system.

Everything is happened on the same set of sites I use routinely everyday.

I tried:
Firefox - bad, bad, bad. It fails 1000 times a day.

Chromium - it is better, in terms. Yes, it will not fail on the plain 
place (it is a Russian idiom, which means 'from nothing' or 'from no 
reason one can observe'), but left for some time it starts to be 
so slow... was forced  to stay away from it too. but after all it is 
the only browser under OpenBSD that have a working lastpass plugin. 
(and I need lastpass, if I want to share my passwords between home and 
job computers)


Seamonkey - potentially good project. but suffers from the same 
problems like firefox. although it is fails much much less, the 
frequency is still unacceptable for me.


I also used xombrero and it was good, but again, from somewhere 
between 5.2 - 5.3 times it has started to fail with an unacceptable 
frequency.


I know, I should write to upstream mailing lists of the projects I've 
mentioned above, but before that, I want to know if somebody else is 
suffering such problems and I am still sure maintatiners of the 
corresponding ports will do it better than me if they find it is a 
problem.


--
With best regards,
   Gregory Edigarov

dmesg follows:
OpenBSD 5.6-current (GENERIC.MP) #340: Fri Aug 22 15:06:09 MDT 2014
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 1568260096 (1495MB)
avail mem = 1517772800 (1447MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xeb170 (91 entries)
bios0: vendor American Megatrends Inc. version 0701 date 07/04/2012
bios0: ASUSTeK COMPUTER INC. P8H61-M2 USB3
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP APIC SSDT MCFG HPET
acpi0: wakeup devices PS2K(S4) PS2M(S4) BR20(S3) EUSB(S4) USBE(S4) 
PEX0(S4) PEX1(S4) PEX3(S4) PEX5(S4) PEX6(S4) PEX7(S4) P0P1(S4) 
P0P2(S4) P0P3(S4) P0P4(S4)

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Celeron(R) CPU G530 @ 2.40GHz, 2394.94 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,DEADLINE,XSAVE,NXE,LONG,LAHF,PERF,ITSC

cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.0, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Celeron(R) CPU G530 @ 2.40GHz, 2394.57 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,POPCNT,DEADLINE,XSAVE,NXE,LONG,LAHF,PERF,ITSC

cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xe000, bus 0-63
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 2 (PEX0)
acpiprt2 at acpi0: bus 3 (PEX1)
acpiprt3 at acpi0: bus 5 (PEX3)
acpiprt4 at acpi0: bus 6 (PEX5)
acpiprt5 at acpi0: bus -1 (PEX6)
acpiprt6 at acpi0: bus -1 (PEX7)
acpiprt7 at acpi0: bus 1 (P0P1)
acpiprt8 at acpi0: bus -1 (P0P2)
acpiprt9 at acpi0: bus -1 (P0P3)
acpiprt10 at acpi0: bus -1 (P0P4)
acpicpu0 at acpi0: C3, C2, C1, PSS
acpicpu1 at acpi0: C3, C2, C1, PSS
acpibtn0 at acpi0: PWRB
acpivideo0 at acpi0: GFX0
acpivout0 at acpivideo0: DD02
cpu0: Enhanced SpeedStep 2394 MHz: speeds: 2400, 2300, 2200, 2100, 
2000, 1900, 1800, 1700, 1600 MHz

pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 Intel Core 2G Host rev 0x09
ppb0 at pci0 dev 1 function 0 Intel Core 2G PCIE rev 0x09: msi
pci1 at ppb0 bus 1
vga1 at pci0 dev 2 function 0 Intel HD Graphics 2000 rev 0x09
intagp at vga1 not configured
inteldrm0 at vga1
drm0 at inteldrm0
drm: Memory usable by graphics device = 2048M
inteldrm0: 1280x1024
wsdisplay0 at vga1 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
Intel 6 Series MEI rev 0x04 at pci0 dev 22 function 0 not configured
ehci0 at pci0 dev 26 function 0 Intel 6 Series USB rev 0x05: apic 0 
int 23

usb0 at ehci0: USB 

ERR M after updating to newer snapshot

[Timo Myyrä]

Hi,

I'm dual-booting my desktop with BCD between Win7 and OpenBSD.
My disk has two primary partitions, one for Windows and second one for 
OpenBSD.
I just updated to latest snapshot via normal process but after rebooting 
I get stuck on ERR M.

Same thing happened on last update as well.
Last time I got things going by booting via CD and re-doing steps 
detailed in http://www.openbsd.org/faq/faq4.html#Multibooting


The FAQ tells that the causes for ERR M might be incorrectly run 
installboot or alteration of /boot file.
Is this common occurance? Does the boot file change on each upgrade or 
is there something more happening here?

I'd hate to do the PBR update steps after each update.

Timo

Re: ERR M after updating to newer snapshot

[Timo Myyrä]

Fred open...@crowsons.com writes:

 On 02/08/14 11:30, Timo Myyrä wrote:

 Hi,

 I'm dual-booting my desktop with BCD between Win7 and OpenBSD.
 My disk has two primary partitions, one for Windows and second one for
 OpenBSD.
 I just updated to latest snapshot via normal process but after rebooting
 I get stuck on ERR M.
 Same thing happened on last update as well.
 Last time I got things going by booting via CD and re-doing steps
 detailed in http://www.openbsd.org/faq/faq4.html#Multibooting

 The FAQ tells that the causes for ERR M might be incorrectly run
 installboot or alteration of /boot file.
 Is this common occurance? Does the boot file change on each upgrade or
 is there something more happening here?
 I'd hate to do the PBR update steps after each update.

 Timo

 Hi Timo,

 I used to get this when I forgot to update the openbsd.pbr as part of
 the upgrade process. I think you have to upgrade the pbr on windows as
 part of the upgrade process - on WinXP overwriting the existing pbr
 file with the new one was enough - not sure if this is the case with
 Win7.

 hth

 Fred

Yeap, got OpenBSD to boot by overwriting the old openbsd.pbr on it with newer
one. Didn't need to do the rest of steps. 

Seems that install ramdisk doesn't have any write support for NTFS
partitions so I can't directly update it from ramdisk. Gotta check if ramdisk
has FAT support so I wouldn't have to boot into Windows to update PBR.

Timo

Re: faq addition: working with mfs disks?

[Timo Myyrä]

26.1.2014 18:31, Илья Шипицин kirjoitti:

hello,

what do you think of adding a faq item which will give example how /tmp (or
any other write intensive temp disk partition) can be stored in mfs drive?

Ilya Shipitsin



Now that OpenBSD has tmpfs I'd use that instead of mfs.

I just added following on my /etc/fstab:

none /tmp tmpfs rw,nodev,nosuid,-s=1g,-m=1777 0 0
none /var/cache tmpfs rw,nodev,nosuid,-s=128m,-m=0755 0 0
none /var/run tmpfs rw,nodev,nosuid,-s=64m,-m=0755 0 0

Timo

Priority fixes for pf.conf(5)

[Timo Myyrä]

Hi,

I was reviewing my firewall rules and got confused about priority rules.  I
wasn't certain was it better to have higher priority number for a rule or
lower. After some digging it seems that the higher priority numbers get
processed first. I think the pf.conf(5) man page should document this so others
shouldn't have to dig for this info from PF FAQ. I don't 

While I looked for the priority info I noticed the queuing section has wrong
priorities listed in the example rule.

Here's a small patch to fix both.

Timo

Index: man5/pf.conf.5
===
RCS file: /cvs/src/share/man/man5/pf.conf.5,v
retrieving revision 1.530
diff -u -u -p -r1.530 pf.conf.5
--- man5/pf.conf.5  12 Oct 2013 21:44:57 -  1.530
+++ man5/pf.conf.5  27 Oct 2013 06:32:23 -
@@ -646,6 +646,8 @@ code point in the 802.1Q VLAN header.
 If two priorities are given, packets which have a TOS of
 .Ar lowdelay
 and TCP ACKs with no data payload will be assigned to the second one.
+Packets with higher priority number are processed first and packets with
+the same priority are processed in a round-robin fashion.
 .Pp
 For example:
 .Bd -literal -offset indent
@@ -1551,7 +1553,7 @@ pass out on em0 inet proto tcp from $dev
 pass out on em0 inet proto tcp from $employeehosts to any port 80 \e
   set queue employees
 pass out on em0 inet proto tcp from any to any port 22 \e
-  set (queue(ssh_bulk, ssh_interactive), prio (6, 3))
+  set (queue(ssh_bulk, ssh_interactive), prio (3, 6))
 pass out on em0 inet proto tcp from any to any port 25 \e
   set queue mail
 .Ed

Re: Is Radeon HD 4870 okay?

[Timo Myyrä]

Hi,

This is pretty much driver specific question but I think the OpenBSD
doesn't support that card out of box.

The git repo of radeonhd and radeon drivers have support for the 4870
if I remember correctly so if your interrested in building the drivers
yourself it should support your card.

I would have suggested that you get Radeon 3870 as it will have driver
and would be pretty powerful card itself.

Timo M

On Tue, Aug 11, 2009 at 11:10 PM, Sviatoslav Chagaevsl...@zb.lv wrote:
 Hello,

 I want to buy a new video card, and I'm considering ATI Radeon HD 4870.

 On UNIX (OpenBSD that is), I need the card to:
 * be capable of 1920x1...@60hz resolution on DVI-D
 * have 2D acceleration (including X-Video)
 3D acceleration would be nice but is not required.

 I dual-boot for games, so buying something older won't do, I need
 fairly modern and powerful hardware.

 My motherboard (ASUS M3N78-EM) has a GeForce 8300 chipset (not
 supported by open source/magic-number nv driver, and I couldn't force
 vesa driver to 1920x1080), I'm intending to run OpenBSD/amd64.

 So, will 4870 work okay in OBSD? If not, could you please suggest
 something that would meet the two above-mentioned criteria and be
 powerful enough for gaming?

 Thanks!

 --
 Sviatoslav Chagaev sl...@zb.lv

Re: About the OpenBSD repository

[Timo Myyrä]

On Fri, Jun 26, 2009 at 2:23 PM, Nidon...@foxserver.be wrote:
 Come on, it is fucking inefficient. The way it checks out *empty
 directories*
 and then garbage-collects them at the end of an update is beyond stupid.

 Not that i particularly care; but isn't git incapable of checking out
 empty directories?

 Besides that, it is perfectly possible to use git yourself privately
 alongside whatever the project is using; so I don't really get what
 the problem is.



Git tracks *contents* not files themselves.
Empty directories don't have content so they are ignored by git.

I too would like to see some nice BSD-licensed DVCS on OpenBSD.
I think that would be a major project to accomplish and I think I'd rather
see such energy go into developing OpenBSD, not developing the
development process :)

Timo

Re: automaticaly mount/umount encrypted $HOME or ...

[Timo Myyrä]

I encrypted my $HOME with bioctl and just put the 'bioctl -c C -l 
/dev/sd0g softraid0' line to my /etc/rc. 
Simple and working solution although it needs a little bit 
tweaking as currently I get dropped to single user mode if I 
misstype my passphrase.  This happens quite easily as I use dvorak 
layout that isn't loaded once the passphrase is prompted.  


Timo

Re: I can't connect to Internet

[Timo Myyrä]

Mnlcrrsc rayl...@gmail.com writes:

The package path variable should be in capital letters:
export PKG_PATH=ftp.openbsd.org/pub/OpenBSD/4.4/packages/i386/

Please, use your local mirror and not the main site for packages. 


Timo

Hi. I just installed Openbsd 4.4 and my first problem is that i 

can't connect

to Internet for downloading packages.

My configuration is perfectly configured, so i don't know what 

it is (i
already have configured a Debian and a Windows system).  My 

configuration is
192.168.1.1 gateway, 192.168.1.8 ipv4, 255.255.255.0 netmask, 

and the DNS

208.67.222.222 208.67.220.220 (opendns).

I write:
export pkg_path=ftp://ftp.openbsd.org/pub/OpenBsd/4.4/i386/

and then:

pkg_add kde (for example), but it says no packages available.

What could i do? Thank you very much for your help.

Re: dvorak keyboard not working still!

[Timo Myyrä]

I'm using dvorak layout on console and on X.

On X I use custom xmodmap to get C$C6 -letters.

On console I have keyboard.encoding=us.dvorak on
/etc/wsconsctl.conf.

One downside is that it doesn't work straight with my
USB-keyboard and I need to manually load dvorak with
sudo kbd us.dvorak and it works just fine after that.

I'm using -current branch but it did work on 4.3-release
too. I didn't choose dvorak on installation but added it
later.

Are you directly connected to server with your keyboard
etc or do you take remote connection to it?

Timo


[EMAIL PROTECTED] wrote:

[demime could not interpret encoding  - treating as plain text]
I still have no success trying all the advice given to me.  Dvorak 
is still not functional.  Anything else I should look into?  Please 
note, I'm trying to get this to work on the console.  This being a 
server, I don't have X running.  Below is what I tried:


wsconsctl keyboard.encoding=us.dvorak
   keyboard.encoding - us.dvorak

the line above is how my OpenBSD 4.3 server responded but asdf jkl; 
still produces asdf jkl;


/etc/kbdtype
   us.dvorak

and I rebooted, still asdf jkl; produces asdf jkl;

I even tried this before I sent my original post:

wsconsctl.conf
  keyboard.encoding=us.dvorak

and I rebooted, but still asdf jkl; produces asdf jkl;

The one thing I did not try is selecting us.dvorak when installing 
OpenBSD but I don't want to recreate my server at this point in 
time for a dvorak layout.  But believe me, I'll definitely try it 
the next time I install OpenBSD.


Please, anything else I should look into?  For those who responded, 
I appreciate the help.  Don't be offended about my next question.  
For those who have dvorak running, is it on an OpenBSD 4.3 release--
not stable?  I generally try to keep my OpenBSD installations as 
default as possible--except dvorak if I can get it running.

Broken CF or what?

[Timo Myyrä]

I was trying to install 4.3 to a SanDisk 1GB CF disk but the installer 
aborts when it tries to create the partitions to the disk


I get following when the creating partitions:
pciide:0:0:0: timeout waiting for DRQ, st=0x51 DRDY,DSC,ERR, err=0x00
wd0e: device timeout writing fsbn 47908 (wd0 bn 2100672, cn 521 tn 0 sn 
0) retrying

..
newfs: wtfs: write error on block 47908 Input/Output error


I updated the Soekris BIOS, tested it with 4.2,4.3 and -current but all 
give the same results. I also tried to change the wd* flags to '0xffc' 
to disable DMA.


Is there anything else to try or is the card just broken?

Re: aterm, rxvt -- memory usage

[Timo Myyrä]

Hi,

AFAIK urxvt isn't ported on OpenBSD. I think it doesn't have stable 
release yet.


You can check it out from their repo and compile it yourself. It's not a 
hard process.


Timo

Arun G Nair wrote:

On Mon, Apr 21, 2008 at 11:44 PM, Claer [EMAIL PROTECTED] wrote:
  

 I personnaly use unicode rxvt. It's a clone of rxvt that comes with
 unicode (oh surprising) and with client/server mode to reduce memory
 usage when you have serveral terms like I used to have.

 urxvt is also one of the rare terms out there with transparency and
 whitening the background and not darkening it.




Hi, I where can I find urxvt for openbsd ? I can't seem to find it in
ports. Am using 4.2.

-Arun

Can't get OpenVPN working

[Timo Myyrä]

Hey, I would appreciate if somebody could help me setup OpenVPN connection.

Here's the setup:

Server:  192.168.1.1
Soekris: sis0: 192.168.1.35: PXE boots from server
 sis1: Internet: gets dynamic IP from ISP
 sis2: 10.1.1.1: DHCP-server and gateway to LAN
 ral0: 172.16.1.1: Wlan interface to be used with OpenVPN
Desktop  nfe0: 10.1.1.10
Laptop   wpi0: 172.16.1.10

Deskop works nicely with soekris.

My client is my OpenBSD laptop.
I followed the instructions at: http://www.linux.com/articles/49990
I changed the IP's on the server and client configs.
The config uses server-bridge 172.16.1.1 255.255.255.0 172.16.1.100
172.16.1.120

I authenticated the laptop via SSH and then run and openvpn and it gave
the following:

Tue Nov  6 20:18:54 2007 OpenVPN 2.0.9 x86_64-unknown-openbsd4.2 [SSL]
[LZO] built on Aug 20 2007
Tue Nov  6 20:18:54 2007 IMPORTANT: OpenVPN's default port number is now
1194, based on an official port number assignment by IANA.  OpenVPN
2.0-beta16 and earlier used 5000 as the default port.
Tue Nov  6 20:18:54 2007 Control Channel Authentication: using
'/etc/openvpn/keys/ta.key' as a OpenVPN static key file
Tue Nov  6 20:18:54 2007 Outgoing Control Channel Authentication: Using
160 bit message hash 'SHA1' for HMAC authentication
Tue Nov  6 20:18:54 2007 Incoming Control Channel Authentication: Using
160 bit message hash 'SHA1' for HMAC authentication
Tue Nov  6 20:18:54 2007 Control Channel MTU parms [ L:1541 D:166 EF:66
EB:0 ET:0 EL:0 ]
Tue Nov  6 20:18:54 2007 Data Channel MTU parms [ L:1541 D:1450 EF:41 EB:4
ET:0 EL:0 ]
Tue Nov  6 20:18:54 2007 Local Options hash (VER=V4): '70f5b3af'
Tue Nov  6 20:18:54 2007 Expected Remote Options hash (VER=V4): 'a2e2498c'
Tue Nov  6 20:18:54 2007 NOTE: chroot will be delayed because of --client,
--pull, or --up-delay
Tue Nov  6 20:18:54 2007 NOTE: UID/GID downgrade will be delayed because
of --client, --pull, or --up-delay
Tue Nov  6 20:18:54 2007 UDPv4 link local: [undef]
Tue Nov  6 20:18:54 2007 UDPv4 link remote: 172.16.1.1:1194
Tue Nov  6 20:18:54 2007 TLS: Initial packet from 172.16.1.1:1194,
sid=c32cfb6f 891c696c
Tue Nov  6 20:18:54 2007 VERIFY OK: depth=1,
/C=FI/ST=Etela-Karjala/L=Lappeenranta/O=OpenVPN-TEST/CN=WickedBSD/emailAddres
[EMAIL PROTECTED]
Tue Nov  6 20:18:54 2007 VERIFY OK: nsCertType=SERVER
Tue Nov  6 20:18:54 2007 VERIFY OK: depth=0,
/C=FI/ST=Etela-Karjala/O=OpenVPN-TEST/CN=WickedBSD/[EMAIL PROTECTED]
kedbsd.no-ip.com
Tue Nov  6 20:18:55 2007 WARNING: 'dev-type' is used inconsistently,
local='dev-type tun', remote='dev-type tap'
Tue Nov  6 20:18:55 2007 WARNING: 'link-mtu' is used inconsistently,
local='link-mtu 1541', remote='link-mtu 1573'
Tue Nov  6 20:18:55 2007 WARNING: 'tun-mtu' is used inconsistently,
local='tun-mtu 1500', remote='tun-mtu 1532'
Tue Nov  6 20:18:55 2007 Data Channel Encrypt: Cipher 'BF-CBC' initialized
with 128 bit key
Tue Nov  6 20:18:55 2007 Data Channel Encrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
Tue Nov  6 20:18:55 2007 Data Channel Decrypt: Cipher 'BF-CBC' initialized
with 128 bit key
Tue Nov  6 20:18:55 2007 Data Channel Decrypt: Using 160 bit message hash
'SHA1' for HMAC authentication
Tue Nov  6 20:18:55 2007 Control Channel: TLSv1, cipher TLSv1/SSLv3
DHE-RSA-AES256-SHA, 1024 bit RSA
Tue Nov  6 20:18:55 2007 [WickedBSD] Peer Connection Initiated with
172.16.1.1:1194
Tue Nov  6 20:18:56 2007 SENT CONTROL [WickedBSD]: 'PUSH_REQUEST'
(status=1)
Tue Nov  6 20:18:56 2007 PUSH: Received control message:
'PUSH_REPLY,redirect-gateway local def1,route-gateway 172.16.1.1,ping
10,ping-restart 120,ifconfig 172.16.1.100 255.255.255.0'
Tue Nov  6 20:18:56 2007 OPTIONS IMPORT: timers and/or timeouts modified
Tue Nov  6 20:18:56 2007 OPTIONS IMPORT: --ifconfig/up options modified
Tue Nov  6 20:18:56 2007 OPTIONS IMPORT: route options modified
Tue Nov  6 20:18:56 2007 WARNING: Since you are using --dev tun, the
second argument to --ifconfig must be an IP address.  You are using
something (255.255.255.0) that looks more like a netmask. (silence this
warning with --ifconfig-nowarn)
Tue Nov  6 20:18:56 2007 WARNING: potential conflict between --remote
address [172.16.1.1] and --ifconfig address pair [172.16.1.100,
255.255.255.0] -- this is a warning only that is triggered when
local/remote addresses exist within the same /24 subnet as --ifconfig
endpoints. (silence this warning with --ifconfig-nowarn)
Tue Nov  6 20:18:56 2007 /sbin/ifconfig tun0 destroy
Tue Nov  6 20:18:56 2007 /sbin/ifconfig tun0 create
Tue Nov  6 20:18:56 2007 NOTE: Tried to delete pre-existing tun/tap
instance -- No Problem if failure
Tue Nov  6 20:18:56 2007 /sbin/ifconfig tun0 172.16.1.100 255.255.255.0
mtu 1500 netmask 255.255.255.255 up
Tue Nov  6 20:18:56 2007 TUN/TAP device /dev/tun0 opened
Tue Nov  6 20:18:56 2007 NOTE: unable to redirect default gateway --
Cannot read current default gateway from system
Tue Nov  6 20:18:56 2007 chroot to '/var/empty' and cd to '/' succeeded
Tue Nov  6 20:18:56 

Help needed to get PF working

[Timo Myyrä]

Hi,

I'm currently trying to configure small home network:
ADSL  Server / Firewall  Desktop

Now I'm working on building a proper firewall to my server. So far the
situation is following:

- Servers internet connection works
- Desktop receives IP, nameserver and default route from server's
DHCP service.
-Desktop can connect to server by SSH but can't connect to anything beyond
that.

Server's fxp0 gets dynamic IP from ISP and fxp1 uses static IP.

What I need:
-server running the most common services available to public. Then some
services available only to LAN.
-Desktop will only run games as client and will use the servers private
services

Here's my current pf.conf:

### MACROS ###
ext_if=fxp0
lan_if=fxp1
server_ip=xxx.xxx.xxx.xxx
pri_ports={ 20,21,22,25,80,110,113,123,443,2049,3306,6660,6669,6900:6999,8080}
# Ports open on server to LAN
pub_ports={ 20,21,22,25,80,110,113,123,443,6900:6999,8080} # Ports
open on server to internet
game_ports=27000:27040

lan_ip=xxx.xxx.xxx.xxx

p180_ip=xxx.xxx.xxx.xxx


### TABLES ###
table spamd-white persist
table intruders persist
table badhosts const {10.0.0.0/8, 176.16.0.0/12, 192.168.0.0/16}

### OPTIONS ###
set skip on lo
set block-policy return

set optimization normal

set loginterface fxp0
set limit { states 5, frags 10 } # Are these good limits, I
have 4GB RAM?


### TRAFFIC NORMALIZATION ###
scrub in all fragment reassemble

### BANDWIDTH MANAGEMENT ###


### TRANSLATION ###
nat-anchor ftp-proxy/*
nat on $ext_if from !($ext_if) to any - ($ext_if)


### REDIRECTION ###
rdr-anchor ftp-proxy/*
rdr pass on $lan_if proto tcp to port ftp - 127.0.0.1 port 8021
rdr pass on $ext_if proto tcp from any to any port smtp - 127.0.0.1 port 8025
no rdr on $ext_if proto tcp from spamd-white to any port smtp
rdr on $ext_if inet proto {tcp,udp} from any to ($ext_if) port
$game_ports - $p180_ip
rdr on $lan_if inet proto {tcp,udp} from $lan_ip to any - ($ext_if)

### ANCHORS ###
anchor ftp-proxy/*

### PACKET FILTERING ###
# Block rules
block in all# Default to block all incoming and outgoing traffic
block out all

# Antispoof
antispoof quick log for { lo $lan_if }

# Incoming traffic
pass in on $ext_if proto {tcp,udp} from port $game_ports to $p180_ip
#pass quick on $lan_if no state

pass in on $ext_if proto {tcp,udp} to ($ext_if) port $pub_ports
pass in log on $lan_if proto {tcp,udp} from ($lan_if) port $pri_ports
to $server_ip
pass in on $lan_if proto {tcp,udp} from any to any keep state

# Outgoing traffic
pass out log on $ext_if proto {tcp,udp} from ($ext_if) to port $pub_ports
pass out on $ext_if proto {tcp,udp,icmp} from $lan_ip to any

 How to change the pf.conf to allow desktop traffic to access the internet?
I have tried some solutions like removing the default block rules but it
still didn't work and I'm starting to run out of ideas.

Re: Help needed to get PF working

[Timo Myyrä]

Ah, I forgot to mention that the packet forwarding is indeed enabled 
already.
I checked the sample pf.conf on your webpage and edited it to change the 
interface names and commented the queue rules. I then loaded the rules 
with pfctl -f /etc/pf.new but still I could only access my server from 
my desktop.  Server can access both internet and my desktop just fine.
I tried to ping outside addresses with their IP's from the desktop to 
test if it would be some DNS issue but that didn't work either.

Any other ideas?

Timo

Calomel wrote:

Timo,

If this box is going to be a firewall and you expect to pass packets from
one interface to the other you _MUST_ enable packet forwarding. Even 
if pf
is setup correctly for your network, no packets will traverse between 
your

internal and external networks unless packet forwarding is turned on.

You can see if ip.forwarding is set to on=1 or off=0 by typing sysctl 
-a |

grep ip.forward. If ip.forwarding is off you can manually enable it by
typing sysctl net.inet.ip.forwarding=1. This command will only take
affect for this session and ip.forwarding will be set back to its 
previous

setting on reboot.

OpenBSD Pf Firewall how to ( pf.conf )
http://calomel.org/pf_config.html

--
 Calomel @ http://calomel.org

On Thu, Oct 25, 2007 at 09:15:22AM +0300, Timo Myyr? wrote:
 

Hi,

I'm currently trying to configure small home network:
ADSL  Server / Firewall  Desktop

Now I'm working on building a proper firewall to my server. So far the
situation is following:

- Servers internet connection works
- Desktop receives IP, nameserver and default route from server's
DHCP service.
-Desktop can connect to server by SSH but can't connect to anything 
beyond

that.

Server's fxp0 gets dynamic IP from ISP and fxp1 uses static IP.

What I need:
-server running the most common services available to public. Then some
services available only to LAN.
-Desktop will only run games as client and will use the servers private
services

Here's my current pf.conf:

### MACROS ###
ext_if=fxp0
lan_if=fxp1
server_ip=xxx.xxx.xxx.xxx
pri_ports={ 
20,21,22,25,80,110,113,123,443,2049,3306,6660,6669,6900:6999,8080}

# Ports open on server to LAN
pub_ports={ 20,21,22,25,80,110,113,123,443,6900:6999,8080} # Ports
open on server to internet
game_ports=27000:27040

lan_ip=xxx.xxx.xxx.xxx

p180_ip=xxx.xxx.xxx.xxx


### TABLES ###
table spamd-white persist
table intruders persist
table badhosts const {10.0.0.0/8, 176.16.0.0/12, 192.168.0.0/16}

### OPTIONS ###
set skip on lo
set block-policy return

set optimization normal

set loginterface fxp0
set limit { states 5, frags 10 } # Are these good limits, I
have 4GB RAM?


### TRAFFIC NORMALIZATION ###
scrub in all fragment reassemble

### BANDWIDTH MANAGEMENT ###


### TRANSLATION ###
nat-anchor ftp-proxy/*
nat on $ext_if from !($ext_if) to any - ($ext_if)


### REDIRECTION ###
rdr-anchor ftp-proxy/*
rdr pass on $lan_if proto tcp to port ftp - 127.0.0.1 port 8021
rdr pass on $ext_if proto tcp from any to any port smtp - 127.0.0.1 
port 8025

no rdr on $ext_if proto tcp from spamd-white to any port smtp
rdr on $ext_if inet proto {tcp,udp} from any to ($ext_if) port
$game_ports - $p180_ip
rdr on $lan_if inet proto {tcp,udp} from $lan_ip to any - ($ext_if)

### ANCHORS ###
anchor ftp-proxy/*

### PACKET FILTERING ###
# Block rules
block in all# Default to block all incoming and outgoing traffic
block out all

# Antispoof
antispoof quick log for { lo $lan_if }

# Incoming traffic
pass in on $ext_if proto {tcp,udp} from port $game_ports to $p180_ip
#pass quick on $lan_if no state

pass in on $ext_if proto {tcp,udp} to ($ext_if) port $pub_ports
pass in log on $lan_if proto {tcp,udp} from ($lan_if) port $pri_ports
to $server_ip
pass in on $lan_if proto {tcp,udp} from any to any keep state

# Outgoing traffic
pass out log on $ext_if proto {tcp,udp} from ($ext_if) to port 
$pub_ports

pass out on $ext_if proto {tcp,udp,icmp} from $lan_ip to any

How to change the pf.conf to allow desktop traffic to access the 
internet?

I have tried some solutions like removing the default block rules but it
still didn't work and I'm starting to run out of ideas.

Re: Help needed to get PF working

[Timo Myyrä]

Yeah, that was pretty much caused by the gmail account. The pf.conf I 
have on my server is formatted correctly.


Timo

Jack J. Woehr wrote:

On Oct 25, 2007, at 11:58 AM, Timo Myyrd wrote:


Any other ideas?


Here's a dumb idea: In your posting, a lot of lines in your pf.conf
file are
wrapped. I *hope* that happened in email and isn't actually the case in
the pf.conf file? One of those Sir, is the computer actually plugged
in? questions, but perhaps worth asking.

--
Jack J. Woehr
Director of Development
Absolute Performance, Inc.
[EMAIL PROTECTED]
303-443-7000 ext. 527

Re: Encrypting home partition

[Timo Myyrä]

Nick Guenther wrote:

On 10/6/07, Timo Myyrd [EMAIL PROTECTED] wrote:
  

I have read the mount_vnd manual page and it describes the mount options
of the image that are needed to succesfully mount the partition on boot
but didn't reveal if there's a method to encrypt whole partition. I know
it will give me small performance hit to encrypt whole partition but it
should be OK. I had all of my HD except the /boot partition encrypted
with Linux and I didn't notice any difference in casual use.

Currently waiting for the urandom to fill the image...

Timo



Hm? I don't understand what you don't understand.
There's no such thing as a half-encrypted svnd (=partition). If you
can mount an encrypted svnd then you have a totally encrypted drive.
If you put it in fstab even better, but you need to somehow get it to
ask you for a password (-k) or give it a saltfile (-K) from somewhere
when it does that (and you better not store that password on the same
laptop).

-Nick


  
I mean that can I encrypt my /dev/sd0g directly instead of creating 
image in it and encrypting and mounting that image as /home.

I tried to read about the svnd and it only seems to work on files.

Timo

Re: Encrypting home partition

[Timo Myyrä]

Just trying that but the slice encryption could use some instructions 
how to get the proper C/H/S -values. I tried quickly your factor method 
and got a errors from fdisk that those were incorrect and I've been 
searching the net for some help on how to calculate the proper values 
for my home slice: 117467280


Timo

Chris Kuethe wrote:

On 10/7/07, Timo Myyrd [EMAIL PROTECTED] wrote:
  

I mean that can I encrypt my /dev/sd0g directly instead of creating
image in it and encrypting and mounting that image as /home.
I tried to read about the svnd and it only seems to work on files.



https://www.mainframe.cx/~ckuethe/encrypted_disks.html

try that, and send me feedback, ok?

CK

Encrypting home partition

[Timo Myyrä]

I'm just trying to encrypt my laptops /home partition to hide my 
personal info if the worst happens and my lappy is stolen.


I'm wondering what would be the best method to encrypt the hard drive? I 
saw some discussion on the mailing list recently and somebody pointed 
out that I could encrypt whole partition.


I'm currently creating a image within a partition which I intend to 
encrypt then as instructed for example here: 
http://www.blackant.net/other/docs/howto-encrypted-home.php


Which would be a better method, the separate image or encrypt whole 
partition and how to encrypt whole partition on OpenBSD?


Timo

Re: Encrypting home partition

[Timo Myyrä]

I have read the mount_vnd manual page and it describes the mount options 
of the image that are needed to succesfully mount the partition on boot 
but didn't reveal if there's a method to encrypt whole partition. I know 
it will give me small performance hit to encrypt whole partition but it 
should be OK. I had all of my HD except the /boot partition encrypted 
with Linux and I didn't notice any difference in casual use.


Currently waiting for the urandom to fill the image...

Timo

Jacob Yocom-Piatt wrote:

Nick Guenther wrote:

On 10/6/07, Timo Myyrd [EMAIL PROTECTED] wrote:
 

I'm just trying to encrypt my laptops /home partition to hide my
personal info if the worst happens and my lappy is stolen.

I'm wondering what would be the best method to encrypt the hard 
drive? I

saw some discussion on the mailing list recently and somebody pointed
out that I could encrypt whole partition.

I'm currently creating a image within a partition which I intend to
encrypt then as instructed for example here:
http://www.blackant.net/other/docs/howto-encrypted-home.php

Which would be a better method, the separate image or encrypt whole
partition and how to encrypt whole partition on OpenBSD?



*The* way to make encrypted disks on OpenBSD is through vnconfig -k.
Go read up on that and come back.
Then here's what you can do (it's dead simple):
# vnconfig -k key svnd0 /path/to/image
# mount /dev/svnd0 /home

 #note: the image file should be available somewhere that isn't /home,
obviously... you may be able to have a /home with it on there and then
mount over that and it might keep working but it's just asking for
trouble to do it that way

  


using the -K switch for vnconfig is good if you're worried about 
offline brute forcing.



are you sure you want to encrypt your *whole* drive though? Is your
data really that secret? For most people there are only a few /really
secret/ things, and you can just make a small secure partition and
place them in there. Encryption does take a performance hit.

  


the performance hit is pretty unnoticeable unless you're doing lots of 
reads and writes, e.g. a fileserver. on a decently fast machine you 
can get 20-30 MBps read and write speed on an encrypted image which is 
plenty for your /home in most cases.



-Nick

Re: ThinkPad R60, no apm

[Timo Myyrä]

Afaik, R60 doesn't use apm at all so it should be pretty normal behavior 
for that laptop. I have T60 and it only supports ACPI.


Olaf Schreck wrote:

Hi,

I'm having a minor problem with apm and 4.2 snapshot on a Lenovo ThinkPad R60.

I noticed that halt -p does not power off.  I read reboot(8), and I have 
powerdown=YES in /etc/rc.shutdown.


It might be related to apm0 not being detected, dmesg below.  I also 
noticed the error/warning apm: connect error from the boot loader, before 
a kernel gets loaded.  Might be related.


Loading...
probing: pc0
apm: connect error
 mem[628k 3069M a20=on]
disk: hd0+
 OpenBSD/i386 BOOT 3.01
	boot 

Kernel is 4.2 (GENERIC.MP) #234, snapshot was pulled today.  I did 
enable acpi with config -ef /bsd.mp.  Same problem with 4.1-stable.


Maybe also related: In 4.2-snapshot sysctl hw.setperf does work, while 
4.1-stable would give me sysctl: hw.setperf: value is not available.



Any clues to get apm working?

Thanks, Olaf


dmesg:

OpenBSD 4.2 (GENERIC.MP) #234: Wed Aug  8 20:52:36 MDT 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz (GenuineIntel 686-class) 1.83 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR
real mem  = 3219550208 (3070MB)
avail mem = 3120197632 (2975MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 04/18/07, BIOS32 rev. 0 @ 0xfd690, SMBIOS 
rev. 2.4 @ 0xe0010 (68 entries)
bios0: vendor LENOVO version 7CETC6WW (2.16 ) date 04/18/2007
bios0: LENOVO 9461DXG
pcibios0 at bios0: rev 2.1 @ 0xfd620/0x9e0
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdea0/272 (15 entries)
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00)
pcibios0: PCI bus #22 is the last bus
bios0: ROM list: 0xc/0xfe00 0xd/0x1600 0xd1800/0x1000 0xdc000/0x4000! 
0xe/0x1!
acpi0 at mainbus0: rev 2
acpi0: tables DSDT FACP SSDT ECDT TCPA APIC MCFG HPET SLIC BOOT SSDT SSDT SSDT SSDT 
acpitimer at acpi0 not configured

acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 166 MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM)2 CPU T5600 @ 1.83GHz (GenuineIntel 686-class) 1.83 GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
ioapic0: duplicate apic id, remapped to apid 2
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (AGP_)
acpiprt2 at acpi0: bus 2 (EXP0)
acpiprt3 at acpi0: bus 3 (EXP1)
acpiprt4 at acpi0: bus 4 (EXP2)
acpiprt5 at acpi0: bus 12 (EXP3)
acpiprt6 at acpi0: bus 21 (PCI1)
acpiec at acpi0 not configured
acpicpu at acpi0 not configured
acpicpu at acpi0 not configured
acpitz at acpi0 not configured
acpitz at acpi0 not configured
acpibtn at acpi0 not configured
acpibtn at acpi0 not configured
acpibat at acpi0 not configured
acpibat at acpi0 not configured
acpiac at acpi0 not configured
acpidock at acpi0 not configured
cpu0: unknown Enhanced SpeedStep CPU, msr 0x06130b2506000b25
cpu0: using only highest and lowest power states
cpu0: Enhanced SpeedStep 1833 MHz (1292 mV): speeds: 1833, 1000 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82945GM MCH rev 0x03
ppb0 at pci0 dev 1 function 0 Intel 82945GM PCIE rev 0x03
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 vendor ATI, unknown product 0x7145 rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x02: apic 2 int 
17 (irq 11)
azalia0: host: High Definition Audio rev. 1.0
azalia0: codec: Analog Devices AD1981HD (rev. 2.0), HDA version 1.0
azalia0: codec: Conexant/0x2bfa (rev. 0.0), HDA version 0.9
azalia0: codec[1]: No support for modem function groups
azalia0: codec[1]: No audio function groups
audio0 at azalia0
ppb1 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x02
pci2 at ppb1 bus 2
bge0 at pci2 dev 0 function 0 Broadcom BCM5751M rev 0x21, BCM5750 C1 
(0x4201): apic 2 int 16 (irq 11), address 00:16:d3:b8:b3:03
brgphy0 at bge0 phy 1: BCM5750 10/100/1000baseT PHY, rev. 0
ppb2 at pci0 dev 28 function 1 Intel 82801GB PCIE rev 0x02
pci3 at ppb2 bus 3
wpi0 at pci3 dev 0 function 0 Intel PRO/Wireless 3945ABG rev 0x02: apic 2 int 
17 (irq 11), MoW2, address 00:1b:77:53:f6:6e
ppb3 at pci0 dev 28 function 2 Intel 82801GB PCIE rev 0x02
pci4 at ppb3 bus 4
ppb4 at pci0 dev 28 function 3 Intel 82801GB PCIE rev 0x02
pci5 at ppb4 bus 12
uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x02: apic 2 int 16 
(irq 11)
uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x02: apic 2 int 17 
(irq 11)
uhci2 at pci0 dev 29 

Re: Problems installing OpenBSD to Soekris

[Timo Myyrä]

Still having problems. I can't get the soekris to boot as far as I can tell.

I used fdisk and created slice for OpenBSD and then used disklabel to 
create the partitions inside it.

After that I extracted sets (base,etc,man) to the disk.
I used fdisk -u sd1 to update the MBR.
I modified the /etc/ttys to:
tty00 /usr/libexec/getty std.19200 vt220 on secure

I added following to boot.conf:
set tty com0

I connected the card to soekris and put the DB9 cable between soekris 
and my laptop.
Before turning power to soekris I gave command tip -19200 tty00 on my 
laptop and it replied connected.
After I turn on Soekris nothing happens. I wait a while, turn it off 
and mount the CF again with the reader.
I mounted the partitions again and check the /var/log/messages and it's 
empty. Shouldn't here be some info if the OpenBSD itself would have booted?


Any idea what to do next?

Re: Problems installing OpenBSD to Soekris

[Timo Myyrä]

Maurice Janssen wrote:

On Saturday, August 18, 2007 at 16:33:52 +0300, Timo Myyrd wrote:
  

Still having problems. I can't get the soekris to boot as far as I can tell.

I used fdisk and created slice for OpenBSD and then used disklabel to 
create the partitions inside it.

After that I extracted sets (base,etc,man) to the disk.
I used fdisk -u sd1 to update the MBR.
I modified the /etc/ttys to:
tty00 /usr/libexec/getty std.19200 vt220 on secure

I added following to boot.conf:
set tty com0



Don't forget to set the speed to 19200 here as well.  The default for
the kernel is 9600 bps and the getty is only started at the end of the
boot process.  Until then, you see nothing or rubbish at best at the
serial console.

  

Ok, I will add the stty com0 19200 to boot.conf

I connected the card to soekris and put the DB9 cable between soekris 
and my laptop.
Before turning power to soekris I gave command tip -19200 tty00 on my 
laptop and it replied connected.

After I turn on Soekris nothing happens.



If there's no output at all, then you might have the wrong serial cable
(there are quite a few types of serial null-modem cables) or the Soekris
is dead.  You should at least see the Soekris powering up, counting
memory and so on.  I suggest to get this part working first.

  
Any suggestions on how? I have Belkin null-modem serial cable which I 
bought from the same place as that soekris so it would be quite silly 
for a european soekris distributor to sell a null modem cables that 
won't work with soekrises.
Should Soekrisises error led lit up if there would be some problem or 
something. Now the only light that stays on is the 'power'.


I wait a while, turn it off 
and mount the CF again with the reader.
I mounted the partitions again and check the /var/log/messages and it's 
empty. Shouldn't here be some info if the OpenBSD itself would have booted?



If the system had booted OK, the boot log should be there.  Perhaps
there's a problem with the disk geometry (the card reader might use a
different translation then your Soekris), perhaps something went wrong
during the install with the bootblock?
I find it much easier to use pxeboot and let the installer handle all of
this.  But in either case, I think you should get the serial console
working first.

HTH,
Maurice

Re: Problems installing OpenBSD to Soekris

[Timo Myyrä]

Maurice Janssen wrote:

On Saturday, August 18, 2007 at 18:35:37 +0300, Timo Myyrd wrote:
  

Maurice Janssen wrote:


If there's no output at all, then you might have the wrong serial cable
(there are quite a few types of serial null-modem cables) or the Soekris
is dead.  You should at least see the Soekris powering up, counting
memory and so on.  I suggest to get this part working first.

  
Any suggestions on how? I have Belkin null-modem serial cable which I 
bought from the same place as that soekris so it would be quite silly 
for a european soekris distributor to sell a null modem cables that 
won't work with soekrises.



OK, should be fine then.  How do you make the connection?  I use
something like:
soekris|For hp300,i386,mac68k,macppc,mvmeppc,vax:\
:dv=/dev/tty00:tc=direct:tc=unixhost:
in /etc/remote and 'tip soekris' to connect to it.
  


I just have tried to use the command tip -19200 tty00. So I should 
make those additions to /etc/remote and re-try?


Should Soekrisises error led lit up if there would be some problem or 
something. Now the only light that stays on is the 'power'.



On the 4501, it's on when you turn it on and it goes off during the
POST.

Maurice

Re: Problems installing OpenBSD to Soekris

[Timo Myyrä]

Maurice Janssen wrote:

On Saturday, August 18, 2007 at 19:40:49 +0300, Timo Myyrd wrote:
  

Maurice Janssen wrote:


OK, should be fine then.  How do you make the connection?  I use
something like:
soekris|For hp300,i386,mac68k,macppc,mvmeppc,vax:\
   :dv=/dev/tty00:tc=direct:tc=unixhost:
in /etc/remote and 'tip soekris' to connect to it.
  
I just have tried to use the command tip -19200 tty00. So I should 
make those additions to /etc/remote and re-try?



I think the defaults for tty00 in /etc/remote are the same as I use.
So if you use the defaults, then I don't expect that it makes a
difference.
Is the red error LED on for a couple of seconds when you connect the
power supply?
Do you have another system to test the null modem cable?

Maurice

  

Yes, the error led is on for a few seconds.

Problems installing OpenBSD to Soekris

[Timo Myyrä]

Just tried to install OpenBSD 4.1 to my Soekris 4801 box but I'm having
little difficulties in it.

I added the CF card to a reader and connected it to my laptop which runs
openbsd. It finds the reader and the card (sd3) in it.
I tried to create partitions to the disk with disklabel -E sd3. It then
listed the MS-DOS partition on the disk. I create the partitions as normal
but after I quit writing the changes and try to make the filesystems it
gives error. When using the disklabel again it lists again the MS-DOS
partition so it appears that it won't write the changes to the disk at all
for some reason. Any idea how to get past it?

And am I correct to assume that I get my soekris working by just extracting
the sets manually to the created partitions and modifying the config files?
So I don't have to do anything beyond that? I got 1GB CF disk so I will have
plenty of space.

Also which sets can I drop? games and man sets are obvious but which x sets
can I drop? Everything else besides xbase or could I drop even that?

Timo Myyrd

Slow X on bsd.mp?

[Timo Myyrä]

Just installed OpenBSD from the latest snapshot. I used the AMD64 arch.
Now the weird thing is that X is terrible slow if I boot with the bsd.mp 
kernel. Basic kernel and X work fine together although the X isn't the 
fastest as I use vesa driver.


Is there anything to be done to increase responsiveness with the bsd.mp 
kernel? I'm clueless even what could cause such slowness.


Timo

Re: Slow X on bsd.mp?

[Timo Myyrä]

Peter N. M. Hansteen wrote:

Timo Myyrd [EMAIL PROTECTED] writes:

  

Is there anything to be done to increase responsiveness with the
bsd.mp kernel? I'm clueless even what could cause such slowness.



On i386 (well, my ThinkPad R60, Core duo) at least, 'enable acpi'
helps enormously.  


That is, after installing, at the boot prompt 'b bsd.mp -c', then
'enable acpi', then 'quit', and finally config -e etc as per the faq
section 5.9 (http://www.openbsd.org/faq/faq5.html#config)

Works for me(TM) - hopefully not a complete waste of time on amd64.

All the best,
  


Thank you, that worked for me too. Now the X is quite responsive with 
bsd.mp. Next goal is to try to get the avivo driver working...

Re: Zurich OpenBSD

[Timo Myyrä]

Merv Hammer wrote:
 Humpaa!

 On Thu, Jul 19, 2007 at 08:16:24AM +0100, The King of Norway wrote:

 I'm from the UK but currently in Ireland. I know of one other OpenBSD
 user here but never seen anyone else in a t-shirt.

 Sean.

 I'm a British OpenBSD devotee who has been living out in various parts
 of the Middle East for the last seven years.  Next Friday I am
 relocating with my wife and kids to Gorey, County Wexford - and I'll be
 bringing my t-shirts!

 So then you'll know of two other OpenBSD users in Ireland :)

 Had a poke around on the net for other OpenBSD users in Ireland myself
 and drew a blank, except for http://ie.bsd.net which doesn't seem to
 have seen much activity in a while.  Drop me a line if you fancy
 discussing Puffy over a pint!

 Merv.



I'm currently in Ireland, Dublin to be precise but relocating back to
Finland in two weeks.

Heh, OpenBSD users should have a salute or some sort of secret handshake :)

Timo

Slow X on Thinkpad T60

[Timo Myyrä]

Just installed OpenBDS-current on my Thinkpad T60 which has the ATI 
Mobility radeon X1400 graphics card. The card isn't supported by the 
open-source drivers so I'm pretty much stuck with the 'vesa' driver. 
Problem is that the X is terrible slow to react. For example it doesn't 
even display these letters as fast as I type them not mentioning the 
opening of new window.

Is there a way to get more speed to my X?

Timo

Re: OpenBSD on ThinkPad

[Timo Myyrä]

Hi,

I have Thinkpad T60 and I'm currently running Linux on it. I'm planning 
to switch to OpenBSD but I have a small question about the video playback.
The laptop has ATI Mobility X1400 Radeon graphics card. As far as I know 
the open source 'radeon' driver doesn't support that one so I'm forced 
to use the 'vesa' driver.
I know I can get the correct resolution using it but what about video 
playback. Will I be able to get good playback using the vesa driver? 
Also, can I get tv-out using it?

I'd hate to install OpenBSD just to notice it won't work.

-Zmyrgel-

atstake atstake wrote:

On 6/15/07, Pieter Verberne [EMAIL PROTECTED] wrote:

*I'm thinking of a R60 or T60. I have no interest in widescreen.


I bought a T60 recently -

o wpi(4) is not detected - fatal firmware error. From the manpage -
fatal firmware error. For some reason, the firmware crashed. The
driver will reset the hardware. This should not happen.

o APM is not detected

I am not sure whether other bits like Infrared, bluetooth would work
smoothly as well.

I sent the dmesg so hopefully everything will work by the time 4.2 
comes out.


At the time however, I installed Fedora Core 7 which detects
everything just fine (or with small tweaks here and there)

OpeBSD on Acer Travelmate

[Timo Myyrä]

Hi,

I recently installed OpenBSD-current from the latest snapshot on my Acer 
Travelmate 4202WLMI laptop and I'm having few issues with it. 

First is the USB -performance. I have USB-drive and when moving data between 
it and my laptop I get around 5-7MB/sec although in Linux I get 17-20MB/sec. 
Is this just that the USB-support is still at 1.1 and all I can do is wait 
for it to be updated or is there something to be done to increase it's 
performance? 

Second is that I recently read that ACPI support should start to be working 
but that isn't the case with my laptop as shown below. It just states that 
ACPI not configured. [attached acpidump]

And lastly and mainly my IPW3945 wireless adapter won't work. I installed the 
firmware as instructed by manual page and it gives the fatal firmware error 
when booting. 

Is there anything to be done to above cases except to wait? I'm relatively new 
to OpenBSD so solution for these could be some error I made somewhere.

My dmesg:
OpenBSD 4.1-current (GENERIC.MP) #1260: Fri Apr  6 01:51:07 MDT 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Genuine Intel(R) CPU T2300 @ 1.66GHz (GenuineIntel 686-class) 1.67 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR
real mem  = 534867968 (522332K)
avail mem = 480264192 (469008K)
using 4278 buffers containing 26865664 bytes (26236K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+ BIOS, date 03/09/06, BIOS32 rev. 0 @ 0xfd400, 
SMBIOS rev. 2.31 @ 0xe3810 (26 entries)
bios0: Acer Grapevine
pcibios0 at bios0: rev 2.1 @ 0xfd400/0xc00
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdea0/320 (18 entries)
pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00)
pcibios0: PCI bus #7 is the last bus
bios0: ROM list: 0xc/0xf200 0xe/0x1800! 0xe3800/0x800!
acpi at mainbus0 not configured
mainbus0: Intel MP Specification (Version 1.4)
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 166 MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Genuine Intel(R) CPU T2300 @ 1.66GHz (GenuineIntel 686-class) 1.67 GHz
cpu1: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,VMX,EST,TM2,xTPR
mainbus0: bus 0 is type PCI
mainbus0: bus 1 is type PCI
mainbus0: bus 5 is type PCI
mainbus0: bus 6 is type PCI
mainbus0: bus 7 is type ISA
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 Intel 82945GM MCH rev 0x03
ppb0 at pci0 dev 1 function 0 Intel 82945GM PCIE rev 0x03
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 NVIDIA GeForce 7300 Go rev 0xa1
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
azalia0 at pci0 dev 27 function 0 Intel 82801GB HD Audio rev 0x02: apic 2 
int 22 (irq 10)
azalia0: host: High Definition Audio rev. 1.0
azalia0: codec: 0x04x/0x10ec (rev. 0.2), HDA version 1.0
azalia0: codec: 0x04x/0x14f1 (rev. 0.0), HDA version 0.9
azalia0: codec[1]: No support for modem function groups
azalia0: codec[1]: No audio function groups
audio0 at azalia0
ppb1 at pci0 dev 28 function 0 Intel 82801GB PCIE rev 0x02
pci2 at ppb1 bus 2
ppb2 at pci0 dev 28 function 1 Intel 82801GB PCIE rev 0x02
pci3 at ppb2 bus 3
ppb3 at pci0 dev 28 function 2 Intel 82801GB PCIE rev 0x02
pci4 at ppb3 bus 4
ppb4 at pci0 dev 28 function 3 Intel 82801GB PCIE rev 0x02
pci5 at ppb4 bus 5
wpi0 at pci5 dev 0 function 0 Intel PRO/Wireless 3945ABG rev 0x02: apic 2 
int 19 (irq 10), address 00:13:02:03:7e:68
uhci0 at pci0 dev 29 function 0 Intel 82801GB USB rev 0x02: apic 2 int 23 
(irq 5)
uhci1 at pci0 dev 29 function 1 Intel 82801GB USB rev 0x02: apic 2 int 19 
(irq 10)
uhci2 at pci0 dev 29 function 2 Intel 82801GB USB rev 0x02: apic 2 int 18 
(irq 11)
uhci3 at pci0 dev 29 function 3 Intel 82801GB USB rev 0x02: apic 2 int 16 
(irq 6)
ehci0 at pci0 dev 29 function 7 Intel 82801GB USB rev 0x02: apic 2 int 23 
(irq 5)
ehci0: timed out waiting for BIOS
usb0 at ehci0: USB revision 2.0
uhub0 at usb0
uhub0: Intel EHCI root hub, rev 2.00/1.00, addr 1
uhub0: 8 ports with 8 removable, self powered
ppb5 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0xe2
pci6 at ppb5 bus 6
bce0 at pci6 dev 1 function 0 Broadcom BCM4401B0 rev 0x02: apic 2 int 21 
(irq 10), address 00:0f:b0:f0:eb:93
bmtphy0 at bce0 phy 1: BCM4401 10/100baseTX PHY, rev. 0
cbb0 at pci6 dev 4 function 0 ENE CB-1410 CardBus rev 0x01: apic 2 int 16 
(irq 6)
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 7 device 0 cacheline 0x8, lattimer 0x20
pcmcia0 at cardslot0
ichpcib0 at pci0 dev 31 function 0 Intel 82801GBM LPC rev 0x02: PM disabled
pciide0 at pci0 dev 31 function 2 Intel 82801GBM SATA rev 0x02: DMA, channel 
0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0