Re: NAT for dual-WAN with public and private LAN

2018-02-18 Thread miraculli . 
On 17 February 2018 at 23:07, Richard Procter <richard.n.proc...@gmail.com>
wrote:
>
>
> On 18/02/2018, at 8:39 AM, Richard Procter wrote:
>
> > Hi,
> >
> > I've never attempted such a setup so the following are general pointers
> > which may be mistaken.
> >
> > On 18/02/2018, at 3:08 AM, miraculli . wrote:
> > [...]
> > I would attempt a simpler config first. I suspect you're following
> > the advice in https://www.openbsd.org/faq/pf/pools.html - which is
> >
> > pass in on $int_if from $lan_net \
> >route-to { ($ext_if1 $ext_gw1), ($ext_if2 $ext_gw2) } \
> >round-robin
> >
> > Only once this is working attempt to use the egress group as a
short-hand.
> >
> >> # START: here I want to block wifi-guests to have access to office-lan
but
> >> doesn´t seem to work too.
> >> block return out from vlan64:network to vlan32:network
> >> #END
> >
> > I would block this on the input side -- IIRC by the time the packet
> > has reached the output side it has already had its source address
> > rewritten by NAT. e.g.
> >
> > block in on $wifi_if to $office_if:network
> > block in on $office_if to $wifi_if:network # probably also want this
converse
>
> actually a simpler way to achieve this would be to preface the rules with
>
> block
>
> and then explicitly allow the traffic you want to pass, e.g.
>
> pass out inet
> pass in on ${int_if}
>
> (these rules apply only to new flows; e.g. if you make an outbound
> TCP connection, and the rules allow it, pf will then create a state that
> allows traffic in the reverse direction through; there's no need to
> specify this explicitly in the rules, and in fact the rules won't be
> consulted if a matching state already exists for a packet. One way to
> inspect existing states is via # systat state).
>
> >
> >> pass in on egress inet proto icmp icmp-type $icmp_types
> >
> > the icmp_types are probably too restrictive. e.g. TCP relies on
> > ICMP fragmentation-needed messages to implement MTU path discovery
> > over IPv4. OpenBSD implements secure defaults in its own handling
> > of ICMP so far as I know. e.g. it ignores ICMP redirects by default.
> >
> > $ sysctl net.inet.icmp.rediraccept
> > net.inet.icmp.rediraccept=0
> >
> > I myself am comfortable with
> >
> > pass inet proto icmp
> >
> > at the end of my pf.conf. (but I do not consider myself an
> > authority on pf configuration!)
> >
> >
> > good luck!
> >
> > Richard.
> >

Hi Richard,
and misc,

thanks for your advice and motivation to tinker a little bit more!
I think i got it working... at least tcpdump and pftop show something is
going on on both pppoe-links.

Just for the record, here is my new pf.conf which is also simplified and
made it more explicit.
It seems to work with interface-groups like vlan, pppoe.
Maybe I missunderstand what egress is meant for but anyways, I could
achieve the same with pppoe


table  { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 \
   172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 224.0.0.0/3 \
   192.168.0.0/16 198.18.0.0/15 198.51.100.0/24\
   203.0.113.0/24 }
set block-policy drop
#set loginterface egress
set skip on lo0
match in all scrub (no-df random-id max-mss 1440)
match out on pppoe0 from vlan:network nat-to (pppoe0)
match out on pppoe1 from vlan:network nat-to (pppoe1)
block in quick on pppoe from  to any
block return out quick on pppoe from any to 
block all
pass out on vlan to vlan:network
pass in quick on vlan from vlan:network to vlan
pass in on vlan route-to {(pppoe0 pppoe0:network), (pppoe1 pppoe1:network)}
round-robin
pass out on pppoe
block return in on vlan from vlan64:network to vlan32:network
pass in on egress inet proto icmp all
pass in on egress inet proto tcp from any to (egress) port 22


Still one thing to achieve: prefer vlan32 packets over vlan64.

Thanks a lot so far
Thomas

NAT for dual-WAN with public and private LAN

2018-02-17 Thread miraculli . 
Hi misc,

I just got an second ADSL-uplink installed and now I try to reconfigure my
pf.conf to load-balance NAT over both connections.
Just to be more concrete:
It is a Hotel-Setup with a guest accessible public Wifi-LAN (Ubuiqity UniFi
Devices)
and a private LAN for Office-Devices.

I use a PC-Engines APU2c4 with OpenBSD -stable (syspatched) as router
which has two ADSL-modems in bridge-mode attached:

* em0 -> pppoe0 (dynamic IP)
* em1 -> pppoe1 (fixed IP)

both connections seem to be fine:

$ ifconfig pppoe
pppoe0: flags=8851 mtu 1492
index 8 priority 0 llprio 3
dev: em0 state: session
sid: 0x219f PADI retries: 1 PADR retries: 0 time: 708d 10:27:47
sppp: phase network authproto pap
groups: pppoe egress
status: active
inet6 fe80::20d:b9ff:fe43:43b4%pppoe0 ->  prefixlen 64 scopeid 0x8
inet 87.174.xxx.xxx --> 87.186.xxx.xxx netmask 0x
pppoe1: flags=8851 mtu 1492
index 10 priority 0 llprio 3
dev: em1 state: session
sid: 0x1dd7 PADI retries: 3 PADR retries: 0 time: 03:01:57
sppp: phase network authproto pap
groups: pppoe
status: active
inet6 fe80::20d:b9ff:fe43:43b4%pppoe1 ->  prefixlen 64 scopeid 0xa
inet 217.86.xxx.xxx --> 217.5.xxx.xxx netmask 0x


Further I created two vlans over em2, one for the public wifi (vlan64) and
one for private lan (vlan32)

$ cat /etc/hostname.vlan32

inet 10.10.10.1 255.255.255.0 10.10.10.255 vlan 32 vlandev em2

$ cat /etc/hostname.vlan64
inet 10.64.0.1 255.192.0.0 10.127.255.255 vlan 64 vlandev em2


My pf.conf for the single WAN-uplinke looks like this.
I outlined the parts where I try to do the dual-WAN-NAT without success so
far.
My idea is to add pppoe1 to group egress.
But even without that I loose internet-connection for all my
network-clients.


# cat /etc/pf.conf

#   $OpenBSD: pf.conf,v 1.54 2014/08/23 05:49:42 deraadt Exp $
#
# See pf.conf(5) and /etc/examples/pf.conf

int_if="{ vlan32 vlan64 }"
ext_if="{ pppoe0 pppoe1 }"
icmp_types="{ echoreq }"
icmp6_types="{ echoreq }"
table  { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 \
   172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 224.0.0.0/3 \
   192.168.0.0/16 198.18.0.0/15 198.51.100.0/24\
   203.0.113.0/24 }
set block-policy drop
set loginterface egress
set skip on lo0
match in all scrub (no-df random-id max-mss 1440)
match out on egress from !(egress:network) to any nat-to (egress)
block in quick on egress from  to any
block return out quick on egress from any to 
block all
pass out quick inet
pass in on $int_if inet

# START: here I´m playing around to get NAT working
pass in on vlan inet route-to (egress egress:network) round-robin
pass in on vlan proto tcp from vlan:network to port https route-to (egress
egress:network)
# END

# START: here I want to block wifi-guests to have access to office-lan but
doesn´t seem to work too.
block return out from vlan64:network to vlan32:network
#END

pass in on egress inet proto icmp icmp-type $icmp_types
pass in on egress inet6 proto icmp6 all
pass in on egress inet proto tcp from any to (egress) port 22
pass in on egress inet6 proto tcp from any to (egress) port 22



#pfctl -nf /etc/pf.conf
seems to be fine too.




I want to achieve three things:

1.) proper load balancing over both WAN-uplinks

2.) reject access from public-wifi (vlan64) to office-lan (vlan32)

3.) always prefer packets from vlan32 over vlan64

4.) general advice for this setup if you spot some problems I´m not aware
of. ;-)


Thanks in advance, I hope someone can help!

best,
Thomas


# dmesg

OpenBSD 6.2 (GENERIC.MP) #5: Fri Feb  2 23:02:19 CET 2018
r...@syspatch-62-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/
GENERIC.MP
real mem = 4261076992 (4063MB)
avail mem = 4124921856 (3933MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xdffb7020 (7 entries)
bios0: vendor coreboot version "88a4f96" date 03/11/2016
bios0: PC Engines apu2
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S2 S3 S4 S5
acpi0: tables DSDT FACP SSDT APIC HEST SSDT SSDT HPET
acpi0: wakeup devices PWRB(S4) PBR4(S4) PBR5(S4) PBR6(S4) PBR7(S4) PBR8(S4)
UOH1(S3) UOH3(S3) UOH5(S3) XHC0(S4)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD GX-412TC SOC, 998.26 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,ITSC,BMI1
cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 2MB
64b/line 16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB

Re: Bad network performance on apu2c4

2017-11-04 Thread miraculli . 
Hi,

i´ve also an APU2 as router.
The uplink connection (16Mbit/s) is via pppoe(4) on em0
and i couldn´t manage to messure the throughput of this interface:
- iftop doesn´t work on pppoe and shows nothing on em0.
- ifperf also calculates some strange numbers (14669317741 Gbits/sec)
when trying to connect to one of the public iperf-servers from
https://iperf.fr/iperf-servers.php

how do you messure the performance?


2017-11-04 18:24 GMT+01:00 Peter Faiman :

> > On Nov 4, 2017, at 09:53, Chris Cappuccio  wrote:
> >
> > Rupert Gallagher [r...@protonmail.com] wrote:
> >>
> >> You seem to say that handling larger packets is a feature of having
> limited CPU. I disagree.
> >>
> >
> > Rupert, I'm saying that a slower CPU can process less packets per second.
> >
> > The important measurement is packets-per-second. The APU has plenty of
> > memory bandwidth to handle large volumes of data. For adequate CPU power,
> > you have to either lower the cost of processing (make software
> better/more
> > efficient) or you have to distribute the cost across the 4 cores of the
> APU2
> > (make software execution parallel).
> >
> >>> The same traffic level, with 1500 byte packets generates 6 times more
> packets per second than that traffic level with 9000 bytes packets.
> >>
> >> You divided 9000 by 1500 without mistakes. Congratulations.
> >>
> >
> > The point was clearly lost on you.
> >
> >>> There is ongoing work to improve the network stack performance on
> boxes like the APU2 (which have 4 cores). You will see improvements. If you
> want it better today, you need a faster box. Chris
> >>
> >> The apu2c4 is fast enough to saturate its Intel 1Gbits/sec link. It has
> three of those. If you connect all three to the switch, you get 3Gbps shy.
> No need for a faster box. You rather need a faster switch, class 7 S-FTP
> wires (better than class 6), and 2.5Gbps lan cards for clients.
> >
> > No, you don't need any of that. You have no idea what you are talking
> about.
> >
> > The APU requires software crafted to evenly distribute PER-PACKET
> PROCESSING
> > cost across multiple cores. That is what is happening in OpenBSD today.
> It has
> > been happening for years, and it is getting closer to becoming a reality
> with
> > OpenBSD + APU2, as well as other chipsets/platforms.
> >
> > For a couple years now, we've had interrupts processed by one core, PF on
> > another, and other parts of the kernel on a third core. But to accelerate
> > packet processing alone, we need interrupts handled on multiple cores,
> > PF processing handled on multiple cores. This is hard work.
> >
> > By the way, what I'm describing is the general-purpose OS approach towads
> > this problem. If you want to turn computer hardware into routers with
> little
> > other concern, the go-to platform is DPDK + VPP. It is something like an
> > order of magnitude faster than any general purpose OS (OpenBSD, Linux) at
> > packet pushing.
> >
> > https://www.reddit.com/r/networking/comments/6upchy/
> can_a_bsd_system_replicate_the_performance_of/dlvdq2e/
> >
> > Chris
>
> Thank you for this explanation. My uplink is only 240mbit and my APU2
> handles that perfectly, so I’m not having any of these problems. But the
> insight into the current state of networking was great! :)
>
> Peter
>



-- 
+49.179.1448024
Karl-Kunger-Straße 68
D - 12435 Berlin

Re: OpenBSD as Open Networking OS

2017-07-17 Thread miraculli . 
Thanks for your input.

I get the point with the closed ASICs. I wasn´t aware of that and it
explains why there is even no OpenWRT, pfsense etc. support for this
devices

sad.

best
Thomas





2017-07-17 11:45 GMT+02:00 Reyk Floeter <r...@openbsd.org>:
> Yes, I'm very interested in this but there is no "open" hardware.
>
> As Mischa mentioned, all of the platforms need vendor drivers
> and AFAIK all of them are gigantic and non-free *.
>
> OpenFlow is an alternative to control switches in a standard way
> without direct access to the switch chipsets, but it is a long way to
> get switchd(8) to this point. And it has limitations, of course.
>
> *) let me know if I'm wrong.
>
> Reyk
>
>> On 17.07.2017, at 11:00, miraculli . <miracu...@gmail.com> wrote:
>>
>> Hi misc,
>>
>> I just read about a trending topic: SDN and Open Networking.
>> The principal idea behind Open Networking is to allow the customer
>> to install a custom OS to switch-hardware.
>> The main software player in this business seems to be a penguin OS
>> called: Cumulus
>> There is also a overview of devices that are able install a custom OS:
>>
>> https://cumulusnetworks.com/products/hardware-compatibility-list/
>>
>> Is there any experience using OpenBSD in this domain and with this
>> kind of hardware?
>>
>> Thanks
>> Thomas
>>
>



-- 
+49.179.1448024
Karl-Kunger-Straße 68
D - 12435 Berlin

OpenBSD as Open Networking OS

2017-07-17 Thread miraculli . 
Hi misc,

I just read about a trending topic: SDN and Open Networking.
The principal idea behind Open Networking is to allow the customer
to install a custom OS to switch-hardware.
The main software player in this business seems to be a penguin OS
called: Cumulus
There is also a overview of devices that are able install a custom OS:

https://cumulusnetworks.com/products/hardware-compatibility-list/

Is there any experience using OpenBSD in this domain and with this
kind of hardware?

Thanks
Thomas

Re: relayd(8) dosn´t listen

2017-06-21 Thread miraculli . 
Hi Stuart,

thanks for your hints and pushing me in the right direction

Thomas



2017-06-21 2:49 GMT+02:00 Stuart Henderson <s...@spacehopper.org>:

> On 2017-06-20, miraculli . <miracu...@gmail.com> wrote:
> > For every aiohttp instance I created one vether(4) and assigned
> 10.0.0.x/24
> > to it
>
> Don't put addresses from the same /24 onto a bunch of different
> interfaces. Use one /24 and the others should be /32 aliases, all on a
> single interface.
>
> > Right now the main problem is that relayd(8) dosen´t listen (on
> 0.0.0.0:80),
> > as httpd does for example. What I´m missing here?
>
> Your expectations don't match your current config. You would get that
> behaviour with a "relay" but you use "redirect" so relayd isn't supposed
> to bind to a port itself, instead it adds a PF rdr-to rule to the relayd
> anchor to forward traffic to the relevant backend.
>
> - from relayd.conf(5) :-
>
>  Redirections
>Redirections are translated to pf(4) rdr-to rules for stateful
>forwarding to a target host from a health-checked table on
> layer 3.
>
>  Relays
>Relays allow application layer load balancing, TLS acceleration,
>and general purpose TCP proxying on layer 7.
>
>
>


-- 
+49.179.1448024
Karl-Kunger-Straße 68
D - 12435 Berlin

relayd(8) dosn´t listen

2017-06-20 Thread miraculli . 
Hi misc,

I try to setup relayd(8) as load balancer for two Python3.6 based aiohttp
web-servers on -stable. Right now I´m just playing around to get into it
so everything runs inside a VirtualBox Instance.
For every aiohttp instance I created one vether(4) and assigned 10.0.0.x/24
to it and start each aiohttp-server manually with it´s own host-IP on port
8080.
Mostly I followed the examples within "Relayd and Httpd Mastery"
by Marcus W. Lucas. There is no problem with this aiohttp-servers and
vether(4)
because relayd(8) successfully does the health check with
'check http "/" code 200'
Right now the main problem is that relayd(8) dosen´t listen (on 0.0.0.0:80),
as httpd does for example. What I´m missing here?

Thanks for your support!

Here are my configs and some further info that should be helpful:

$ doas cat /etc/sysctl.conf
net.inet.ip.forwarding=1



$ doas ifconfig vether
vether0: flags=8843 mtu 1500
lladdr fe:e1:ba:d0:f5:6f
index 5 priority 0 llprio 3
groups: vether
media: Ethernet autoselect
status: active
inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255
vether1: flags=8843 mtu 1500
lladdr fe:e1:ba:d1:22:b2
index 6 priority 0 llprio 3
groups: vether
media: Ethernet autoselect
status: active
inet 10.0.0.2 netmask 0xff00 broadcast 10.0.0.255

---

[start two aiohttp servers]
# python3.6 -m aiohttp.web -H 10.0.0.1 -P 8080 main:init &

[1] 53857

# python3.6 -m aiohttp.web -H 10.0.0.2 -P 8080 main:init &
[2] 39992


$ curl -I 10.0.0.1:8080
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 14
Date: Tue, 20 Jun 2017 21:03:41 GMT
Server: Python/3.6 aiohttp/2.1.0

$ curl -I 10.0.0.2:8080
HTTP/1.1 200 OK
Content-Type: text/plain; charset=utf-8
Content-Length: 14
Date: Tue, 20 Jun 2017 21:03:50 GMT
Server: Python/3.6 aiohttp/2.1.0

$ doas cat /etc/pf.conf:

set block-policy return
set loginterface egress
set skip on lo
match in all scrub (no-df random-id max-mss 1440)
anchor "relayd/*"
match out on egress inet from !(egress:network) to any nat-to (egress:0)
block all
pass out quick inet

$ doas cat /etc/relayd.conf
ext_if="0.0.0.0"
aio1="10.0.0.1"
aio2="10.0.0.2"
table  { $aio1, $aio2 }
# interval 10
# timeout 1000
# prefork 1

redirect www {
listen on $ext_if tcp port 80
forward to  port 8080 check http "/" code 200
}

$ doas relayd -n
configuration OK

$ doas relayd -dvv
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
pfe: filter init done
startup
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
relayd_tls_ticket_rekey: rekeying tickets
init_tables: created 1 tables
hce_notify_done: 10.0.0.1 (http code ok)
host 10.0.0.1, check http code (17ms,http code ok), state unknown -> up,
availability 100.00%
hce_notify_done: 10.0.0.2 (http code ok)
host 10.0.0.2, check http code (21ms,http code ok), state unknown -> up,
availability 100.00%
pfe_dispatch_hce: state 1 for host 1 10.0.0.1
pfe_dispatch_hce: state 1 for host 2 10.0.0.2
table www: 2 added, 0 deleted, 0 changed, 0 killed
pfe_sync: enabling ruleset
sync_ruleset: rule added to anchor "relayd/www"
hce_notify_done: 10.0.0.1 (http code ok)
hce_notify_done: 10.0.0.2 (http code ok)
[...]

---

$ netstat -na -f inet | grep LISTEN
tcp  0  0  127.0.0.1.25*.*LISTEN
tcp  0  0  *.22 *.*
 LISTEN
tcp  0  0  10.0.0.2.8080  *.*LISTEN
tcp  0  0  10.0.0.1.8080  *.*LISTEN

---

$ doas dmesg
OpenBSD 6.1 (GENERIC) #9: Mon Jun 12 20:33:41 CEST 2017
rob...@syspatch-61-amd64.openbsd.org:
/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 2130640896 (2031MB)
avail mem = 2061524992 (1966MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xe1000 (10 entries)
bios0: vendor innotek GmbH version "VirtualBox" date 12/01/2006
bios0: innotek GmbH VirtualBox
acpi0 at bios0: rev 2
acpi0: sleep states S0 S5
acpi0: tables DSDT FACP APIC SSDT
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM)2 Duo CPU T7500 @ 2.20GHz, 2214.92 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,MWAIT,SSSE3,NXE,LONG,LAHF
cpu0: 4MB 64b/line 16-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: CPU supports MTRRs but not enabled by BIOS
cpu0: apic clock running at 1000MHz
cpu0: mwait min=64, max=64
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0: C1(@1 halt!)
"PNP0303" at acpi0 not configured
"PNP0F03" at acpi0 not configured
acpibat0 at acpi0: BAT0 model "1" serial 0 type VBOX oem

Re: macbook EFI bootloader

2017-01-02 Thread miraculli . 
According to Paul Ammann's mail:

>From my experience, models released after 2008 (MacBook5 and higher)
should have
> GOP.


My MacbookPro (v 3.1) form mid 2007 utilizes UGA.



2016-12-29 15:50 GMT+01:00 YASUOKA Masahiko :

> On Tue, 27 Dec 2016 18:24:38 -0800
> Byron Klippert  wrote:
> > This setup gets as far as shown below and then stops...
> >
> > probing: pc0 mem[572K 64K 3039M 11M 60K 48K]
> > disk: hd0
> >>> OpenBSD/amd64 BOOTIA32 3.32
> > boot>
> > booting hd0a:/bsd: 6979304+2212872+258624+0+765952
> > [72+710280+477696]=0xae2350
> > entry point at 0xf001000 [7205c766, 3404, 24448b12, 1240a304]
> >
> >
> > I've tried booting with `boot> hd0a:/bsd.rd'. Also tried writing
> > install60.tgz and miniroot60.tgz to USB and got similar results there as
> > well.
> >
> >
> > Curious to know if the native EFI bootloader is designed to work with
> > this hardware?
>
> I'm not sure.  OpenBSD efiboot supports GOP for the graphic protocol
> but it doesn't support UGA.  FreeBSD supports both.
>
> Is there anyone who are sure whether the macbook is using UGA?
>
> --yasuoka
>
>


--
+49.179.1448024 <+49%20179%201448024>
Karl-Kunger-Straße 68
D - 12435 Berlin

Re: macbook EFI bootloader

2016-12-29 Thread miraculli . 
I try this for a while too.
(https://marc.info/?l=openbsd-misc=147945720728652=2)

Interesting that it works when installing from cd. But when I get you right
you stuck in the reboot-loop too when trying to boot from usb (install##.fs
/ miniroot##.fs)
I removed my super-drive and put a second ssd in, on which I want to
install OpenBSD.

I also recognised something similar when installing OpenBSD to a PC-Engine
APU.2 board.
On the APU.2 you only have to set correct serial output device at boot> and
everything works fine.

Maybe it is also needed to set some kind of efi-device ?!?
I did´t find the time to further investigate in this direction but maybe
someone on the list can help?

-- best mirac



2016-12-28 3:24 GMT+01:00 Byron Klippert :

> Hello Misc,
>
> Recently tried to get my intel macbook (circa '08) dual-booting with
> -current amd64 (December 26 snapshot).
>
> Within OSX I repartitioned the RootDisk and added a MS-DOS (FAT)
> partition for the OpenBSD install/disklabel. I booted from CD and
> installed to wd0 (using the OpenBSD fdisk partition). At this stage if I
> want to boot from wd0, I have to boot from CD and select hd0a:/bsd at
> the second stage boot loader. This works well enough, dmesg of the
> system below.
>
> When trying to boot directly from wd0 using the native EFI bootloader I
> placed BOOTIA32.EFI and BOOTX64.EFI in the EFI partition of the RootDisk
> so that I can select "EFI Partition" when booting (by holding option
> key).
>
> /dev/disk0
>#:   TYPE
> NAMESIZE   IDENTIFIER
>0:
> GUID_partition_scheme*120.0
> GB   disk0
>1:
> EFI 209.7 MB   disk0s1
>2:  Apple_HFS
> RootDisk118.6 GB   disk0s2
>3:   Microsoft Basic
> Data 1.1 GB disk0s3
>
>
> This setup gets as far as shown below and then stops...
>
> probing: pc0 mem[572K 64K 3039M 11M 60K 48K]
> disk: hd0
> >> OpenBSD/amd64 BOOTIA32 3.32
> boot>
> booting hd0a:/bsd: 6979304+2212872+258624+0+765952
> [72+710280+477696]=0xae2350
> entry point at 0xf001000 [7205c766, 3404, 24448b12, 1240a304]
>
>
> I've tried booting with `boot> hd0a:/bsd.rd'. Also tried writing
> install60.tgz and miniroot60.tgz to USB and got similar results there as
> well.
>
>
> Curious to know if the native EFI bootloader is designed to work with
> this hardware?
>
> Thanks,
>
> dmesg output:
>
> OpenBSD 6.0-current (GENERIC.MP) #73: Mon Dec 26 23:25:48 MST 2016
> bu...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 3171909632 (3024MB)
> avail mem = 3071180800 (2928MB)
> warning: no entropy supplied by boot loader
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xe (37 entries)
> bios0: vendor Apple Inc. version "MB21.88Z.00A5.B07.0706270922" date
> 06/27/07
> bios0: Apple Inc. MacBook2,1
> acpi0 at bios0: rev 2
> acpi0: sleep states S0 S3 S4 S5
> acpi0: tables DSDT FACP HPET APIC MCFG ASF! SBST ECDT SSDT SSDT SSDT
> acpi0: wakeup devices ADP1(S3) LID0(S3) PXS1(S4) PXS2(S4) USB1(S3)
> USB2(S3) USB3(S3) USB4(S3) USB7(S3) EC__(S3)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpihpet0 at acpi0: 14318179 Hz
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz, 2161.65 MHz
> cpu0:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,
> CMOV,PAT,PSE36,CFLUS
> H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,
> MWAIT,DS-CPL,VMX,EST,TM
> 2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF,SENSOR
> cpu0: 4MB 64b/line 16-way L2 cache
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
> cpu0: apic clock running at 166MHz
> cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2, IBE
> cpu1 at mainbus0: apid 1 (application processor)
> cpu1: Intel(R) Core(TM)2 CPU T7400 @ 2.16GHz, 2161.25 MHz
> cpu1:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,
> CMOV,PAT,PSE36,CFLUS
> H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,
> MWAIT,DS-CPL,VMX,EST,TM
> 2,SSSE3,CX16,xTPR,PDCM,NXE,LONG,LAHF,PERF,SENSOR
> cpu1: 4MB 64b/line 16-way L2 cache
> cpu1: smt 0, core 1, package 0
> ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins
> acpimcfg0 at acpi0 addr 0xf000, bus 0-255
> acpiec0 at acpi0
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus 1 (RP01)
> acpiprt2 at acpi0: bus 2 (RP02)
> acpiprt3 at acpi0: bus 3 (PCIB)
> acpicpu0 at acpi0: !C3(100@55 mwait@0x31), !C2(500@1 mwait@0x10),
> C1(1000@1 mwait), PSS
> acpicpu1 at acpi0: !C3(100@55 mwait@0x31), !C2(500@1 mwait@0x10),
> C1(1000@1 mwait), PSS
> acpiac0 at acpi0: AC unit online
> acpibtn0 at acpi0: LID0
> "APP0002" at acpi0 not configured
> acpibtn1 at acpi0: PWRB
> acpibtn2 at acpi0: SLPB
> "APP0001" at acpi0 not configured
> "APP0003" at acpi0 not configured
>

Re: Install to MacBookPro mid 2007 fails

2016-11-18 Thread miraculli . 
Yes, I boot from USB and want to use the whole disk.
But I don´t even get to the installer or into a shell.
The problem occurs during boot from install60.fs


2016-11-17 23:42 GMT+01:00 emtee <nick.smith@gmail.com>:
> Try this:
>
> Assuming you are installing from a USB drive and assuming further the
> whole disk will be used for Openbsd.
>
> Boot from the USB,
>
> Choose (s)hell option, we'll prepare the disk with a EFI system partition.
>
> fdisk -i -b 960 sd0
>
>
> Step 2
>
> - Run the install all the way to the Openbsd option  at the fdisk question.
>
> -in the disklabel editor partition the disk as usual, but leave the i
> partition untouched.
>
> Step3
>
> Finish the installation but don't reboot.
>
> Step 4
>
> format the partition and copy the uefi bootloader in place.
>
> /mnt/sbin/newfs_msdos sd0i
>
> mount /dev/sd0i /mnt2
>
> mkdir -p /mnt2/efi/boot
>
> cp /mnt/usr/mdec/BOOTX64.EFI /mnt2/efi/boot
>
> ---
>
> reboot, and restart.
>
>
>
>
>
> On 11/17/16 15:16, miraculli . wrote:
>> Hello misc,
>>
>> I try to install OpenBSD on my Apple MacBook Pro mid 2007 (or
>> MacBookPro3,1) for some time now with different -release and the
>> latest -snapshot versions with no success. The bootloader shows up and
>> tries to launch bsd.rd:
>>
>>
>> probing: pc0 mem [572K 64K 3053M 13M 60K 24K 76K 1024M]
>> disk: hd0 hd1* hd2*
>>>> OpenBSD/amd64 BOOTX64 3.30
>> boot>
>> cannot boot hd0a:/etc/random.seed: No such file or directory
>> booting hd0a:/bsd: 3356852+1412368+2413568+0+598016=0x76d238
>> entry point at 0xf001000 [7205c766, 3404, 24448b12, f4c0a304]
>>
>>
>> After printing this lines it takes several seconds and then it reboots.
>>
>> FreeBSD-11 is booting well on this device so I attached the dmesg
>> output from there, maybe it is helpful.
>>
>> Thanks in advance
>> Thomas
>> Copyright (c) 1992-2016 The FreeBSD Project.
>> Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
>>   The Regents of the University of California. All rights reserved.
>> FreeBSD is a registered trademark of The FreeBSD Foundation.
>> FreeBSD 11.0-RELEASE-p1 #0 r306420: Thu Sep 29 01:43:23 UTC 2016
>> r...@releng2.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64
>> FreeBSD clang version 3.8.0 (tags/RELEASE_380/final 262564) (based on LLVM
3.8.0)
>> VT(efifb): resolution 1440x900
>> CPU: Intel(R) Core(TM)2 Duo CPU T7500  @ 2.20GHz (2194.55-MHz K8-class
CPU)
>>   Origin="GenuineIntel"  Id=0x6fa  Family=0x6  Model=0xf  Stepping=10
>>
Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,
CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
>>
Features2=0xe3bd<SSE3,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM>
>>   AMD Features=0x20100800<SYSCALL,NX,LM>
>>   AMD Features2=0x1
>>   VT-x: HLT,PAUSE
>>   TSC: P-state invariant, performance statistics
>> real memory  = 4294967296 (4096 MB)
>> avail memory = 4087091200 (3897 MB)
>> Event timer "LAPIC" quality 400
>> ACPI APIC Table: 
>> FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
>> FreeBSD/SMP: 1 package(s) x 2 core(s)
>> random: unblocking device.
>> ioapic0: Changing APIC ID to 1
>> ioapic0  irqs 0-23 on motherboard
>> random: entropy device external interface
>> kbd0 at kbdmux0
>> netmap: loaded module
>> module_register_init: MOD_LOAD (vesa, 0x8101c950, 0) error 19
>> cryptosoft0:  on motherboard
>> acpi0:  on motherboard
>> acpi_ec0:  port 0x62,0x66 on acpi0
>> acpi0: Power Button (fixed)
>> hpet0:  iomem 0xfed0-0xfed003ff irq 0,8 on
acpi0
>> Timecounter "HPET" frequency 14318180 Hz quality 950
>> Event timer "HPET" frequency 14318180 Hz quality 450
>> Event timer "HPET1" frequency 14318180 Hz quality 440
>> Event timer "HPET2" frequency 14318180 Hz quality 440
>> cpu0:  on acpi0
>> cpu1:  on acpi0
>> atrtc0:  port 0x70-0x77 on acpi0
>> atrtc0: Warning: Couldn't map I/O.
>> Event timer "RTC" frequency 32768 Hz quality 0
>> attimer0:  port 0x40-0x43,0x50-0x53 on acpi0
>> Timecounter "i8254" frequency 1193182 Hz quality 0
>> Event timer "i8254" frequency 1193182 Hz quality 100
>> Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
>> acpi_timer0: <24-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0
>> acpi_acad0:  on acpi0
>> acpi_lid0:  on acpi0
>> acpi_bu

Install to MacBookPro mid 2007 fails

2016-11-17 Thread miraculli . 
Hello misc,

I try to install OpenBSD on my Apple MacBook Pro mid 2007 (or
MacBookPro3,1) for some time now with different -release and the
latest -snapshot versions with no success. The bootloader shows up and
tries to launch bsd.rd:


probing: pc0 mem [572K 64K 3053M 13M 60K 24K 76K 1024M]
disk: hd0 hd1* hd2*
>>OpenBSD/amd64 BOOTX64 3.30
boot>
cannot boot hd0a:/etc/random.seed: No such file or directory
booting hd0a:/bsd: 3356852+1412368+2413568+0+598016=0x76d238
entry point at 0xf001000 [7205c766, 3404, 24448b12, f4c0a304]


After printing this lines it takes several seconds and then it reboots.

FreeBSD-11 is booting well on this device so I attached the dmesg
output from there, maybe it is helpful.

Thanks in advance
Thomas
Copyright (c) 1992-2016 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 11.0-RELEASE-p1 #0 r306420: Thu Sep 29 01:43:23 UTC 2016
r...@releng2.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64
FreeBSD clang version 3.8.0 (tags/RELEASE_380/final 262564) (based on LLVM 
3.8.0)
VT(efifb): resolution 1440x900
CPU: Intel(R) Core(TM)2 Duo CPU T7500  @ 2.20GHz (2194.55-MHz K8-class CPU)
  Origin="GenuineIntel"  Id=0x6fa  Family=0x6  Model=0xf  Stepping=10
  
Features=0xbfebfbff
  Features2=0xe3bd
  AMD Features=0x20100800
  AMD Features2=0x1
  VT-x: HLT,PAUSE
  TSC: P-state invariant, performance statistics
real memory  = 4294967296 (4096 MB)
avail memory = 4087091200 (3897 MB)
Event timer "LAPIC" quality 400
ACPI APIC Table: 
FreeBSD/SMP: Multiprocessor System Detected: 2 CPUs
FreeBSD/SMP: 1 package(s) x 2 core(s)
random: unblocking device.
ioapic0: Changing APIC ID to 1
ioapic0  irqs 0-23 on motherboard
random: entropy device external interface
kbd0 at kbdmux0
netmap: loaded module
module_register_init: MOD_LOAD (vesa, 0x8101c950, 0) error 19
cryptosoft0:  on motherboard
acpi0:  on motherboard
acpi_ec0:  port 0x62,0x66 on acpi0
acpi0: Power Button (fixed)
hpet0:  iomem 0xfed0-0xfed003ff irq 0,8 on acpi0
Timecounter "HPET" frequency 14318180 Hz quality 950
Event timer "HPET" frequency 14318180 Hz quality 450
Event timer "HPET1" frequency 14318180 Hz quality 440
Event timer "HPET2" frequency 14318180 Hz quality 440
cpu0:  on acpi0
cpu1:  on acpi0
atrtc0:  port 0x70-0x77 on acpi0
atrtc0: Warning: Couldn't map I/O.
Event timer "RTC" frequency 32768 Hz quality 0
attimer0:  port 0x40-0x43,0x50-0x53 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
Timecounter "ACPI-fast" frequency 3579545 Hz quality 900
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0
acpi_acad0:  on acpi0
acpi_lid0:  on acpi0
acpi_button0:  on acpi0
acpi_button1:  on acpi0
pcib0:  port 0xcf8-0xcff on acpi0
pcib0: _OSC returned error 0x10
pcib0: could not evaluate _ADR - AE_NOT_FOUND
pci0:  on pcib0
CPU0: local APIC error 0x80
CPU0: local APIC error 0x80
CPU0: local APIC error 0x80
CPU0: local APIC error 0x80
CPU0: local APIC error 0x80
CPU0: local APIC error 0x80
pcib1:  at device 1.0 on pci0
pcib1: [GIANT-LOCKED]
pci1:  on pcib1
vgapci0:  port 0x5000-0x507f mem 
0xd200-0xd2ff,0xc000-0xcfff,0xd000-0xd1ff at device 0.0 
on pci1
uhci0:  port 0x60c0-0x60df at device 
26.0 on pci0
uhci0: LegSup = 0x3000
usbus0 on uhci0
uhci1:  port 0x60a0-0x60bf at device 
26.1 on pci0
usbus1 on uhci1
ehci0:  mem 
0xdb504c00-0xdb504fff at device 26.7 on pci0
usbus2: EHCI version 1.0
usbus2 on ehci0
hdac0:  mem 0xdb50-0xdb503fff at device 27.0 
on pci0
pcib2:  at device 28.0 on pci0
pcib2: [GIANT-LOCKED]
pcib3:  at device 28.2 on pci0
pcib3: [GIANT-LOCKED]
pcib4:  at device 28.4 on pci0
pcib4: [GIANT-LOCKED]
pci2:  on pcib4
ath0:  mem 0xd730-0xd730 at device 0.0 on pci2
ath0: [HT] enabling HT modes
ath0: [HT] RTS aggregates limited to 8 KiB
ath0: [HT] 2 RX streams; 2 TX streams
ath0: AR5418 mac 12.10 RF5133 phy 8.1
ath0: 2GHz radio: 0x; 5GHz radio: 0x00c0
pcib5:  at device 28.5 on pci0
pcib5: [GIANT-LOCKED]
pci3:  on pcib5
mskc0:  port 0x3000-0x30ff mem 
0xd720-0xd7203fff at device 0.0 on pci3
msk0:  on mskc0
msk0: Using defaults for TSO: 65518/35/2048
msk0: Ethernet address: 00:1b:63:9f:dc:af
miibus0:  on msk0
e1000phy0:  PHY 0 on miibus0
e1000phy0:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 
1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto, auto-flow
uhci2:  port 0x6080-0x609f at device 
29.0 on pci0
usbus3 on uhci2
uhci3:  port 0x6060-0x607f at device 
29.1 on pci0
usbus4 on uhci3
uhci4:  port 0x6040-0x605f at device 
29.2 on pci0
usbus5 on uhci4
ehci1:  mem 
0xdb504800-0xdb504bff at