Re: Sudden reboot every 5-10 minutes on latest snapshot

[Alexandre Ratchov]

On Sat, May 25, 2024 at 09:13:56AM +, Ali Farzanrad wrote:
> 
> Even when azalia is disabled my system gets sudden reboots.
> First sudden reboot was just after playing a music; but next 2 reboots
> was happened without playing anything.
> 

This suggests the reboots are not directly caused by the azalia's msi
vs old-style interrupts.

I'd suggest that you find and old enough snapshot (or release) that
used to work reliably on this machine and make sure it still works
reliably with the old software version. Not just an hour, use it few
days for real work.

This would confirm that the hardware is still OK. Take few quick notes
of what devices are involved, how the machine is used, etc. Save the
dmesg.

If this isn't a hardware problem, then grab a new snapshot and try to
understand what changed, compare the dmesg, compare the usage pattern
etc. Possibly start bissecting the kernel until you find the change
that causes the reboots.

HTH

Re: Sudden reboot every 5-10 minutes on latest snapshot

[Thomas Frohwein]

On Sat, May 25, 2024 at 12:06:39PM +, Ali Farzanrad wrote:
> Ali Farzanrad  wrote:
> > Alexandre Ratchov  wrote:
> > > On Fri, May 24, 2024 at 09:04:29PM +, Ali Farzanrad wrote:
> > > > Alexandre Ratchov  wrote:
> > > > > On Fri, May 24, 2024 at 04:30:52PM +, Ali Farzanrad wrote:

[...]

> > I have another problem here.  My USB keyboard works great in BOOTX64.EFI
> > but will not work on kernel config.
> > 
> > I created /etc/bsd.re-config file and rebooted my system twice to
> > disable azalia and then checked if it is disabled using config(8) and
> > dmesg(8).
> > 
> > Even when azalia is disabled my system gets sudden reboots.
> > First sudden reboot was just after playing a music; but next 2 reboots
> > was happened without playing anything.
> > 
> > > Then, just do your regular stuff and see if the system reboots.
> 
> I tested again with my patch.  When azalia is disabled, it suddenly
> reboots after few minutes, without playing anything.  When azalia is
> enabled, it lives.
> 

This looks to me like you are chasing down a new rabbit hole every time
I open one of your emails. I'd suggest you take a step back from all
the stuff you seem to be trying without having a firm grasp on how to
observe or report reproducibility. Have you tried out sthen@'s advice
to check old kernels + snapshots[1]? I may have missed your response to
this. You wrote that you rarely got the issue prior 17-May-2024? If
that *is correct*, then you should be able to bisect using the snapshot
archive around what date things change.

I am highlighting *is correct* above because your issue seems to be
unpredictable enough that a few minutes of testing don't mean anything.
I suggest you try to find a *clear difference*, meaning between a
snapshot where no reboot happens for ideally a whole day of use, and
the next one where it clearly happens very quickly (and reproducible
at least a second or third time).

Your reports also make me wonder how much customization you are
running. You've mentioned at least compiling custom kernels and
setting bsd.re-config. It's easy to find yourself in virtually
unsolvable scenarios by configuring too much. It might be best to try
a clean install, ideally without activating xenodm/X11.

[1] https://marc.info/?l=openbsd-misc=171646884302309=2

Re: nginx + php = system() not working?

[Noth]

On 25/05/2024 17:51, F Bax wrote:
I tried a few things with nginx not in chroot; but got permission 
errors. The message provided no clue as to which file/directory might 
be causing it; so eventually I gave up.
After some brainstorming; we decided to run inside chroot; use php 
functions other than system() and use a cron job to do the work that 
is outside chroot.
Now a new issue; nginx does not start during boot; yet does start 
manually - why? The following commands were issued immediately after boot.

# cat /etc/rc.conf.local
nginx_flags=""
pkg_scripts=php83_fpm
# /etc/rc.d/nginx start


You forgot to run rcctl enable nginx so that nginx is added to the 
pkg_scripts= line. Only system daemons can be enabled by adding them as 
$daemon_flags= in /etc/rc.conf.local . Package daemons must be 
explicitely added to pkg_scripts= .


Cheers,

Noth



nginx(ok)

On Fri, May 17, 2024 at 10:19 AM Souji Thenria 
 wrote:


On Fri May 17, 2024 at 2:56 PM BST, F Bax wrote:
> In /etc/rc.conf.local - I changed nginx_flags="-u -p /home/Testing"
> (home directory of a real user).
> reboot system and now browser is refused connection
> This site can’t be reached 192.168.1.131 refused to connect.
> Neither /var/www/logs/{access|error}.log is changed.
> What else needs to change?

Can you verify that nginx is running?
You may have an error in your configuration. You can check the nginx
configuration using nginx -t.

Another issue might be that nginx is still running as www and doesn't
have access to /home/Testing.

Regards,
Souji

Re: wifi

[Stuart Henderson]

On 2024-05-24, Gustavo Rios  wrote:
> --b1957806193be4bf
> Content-Type: text/plain; charset="UTF-8"
> Content-Transfer-Encoding: quoted-printable
>
> Is there plan to add support ?

Can't say for sure what somebody might like to work on, but from reading
posts from people using these on other OS (which aren't very positive)
I wouldn't think this is worth the trouble. I'd suggest looking for an
iwm or iwx card in the same form factor (which shouldn't be expensive)
and try swapping it.

feedback on nsh running on OpenBSD

[Tom Smyth]

Folks
if any of you are using nsh on OpenBSD and
you have any feedback  likes or dislikes would be glad to hear of them, I
will try to incorporate any feedback in the course on nsh  in BSDCan or in
the manual page for nsh

Thanks

-- 
Kindest regards,
Tom Smyth.

Re: 7.5 install crashes on "entry point at 0x1001000" HP Elitebook 840 G10

[Mike Larkin]

On Sat, May 25, 2024 at 07:51:31AM +0200, Comète wrote:
> Hello,
>
> This is a link to a screenshot, I can't copy/paste at this step:
>
> https://ibb.co/tpr8zBz
>
> Thanks a lot !
>
> Comete
>

looks fine. probably our choice of physaddr conflicting with something
from efi.

> Le 24 mai 2024 20:38:45 GMT+02:00, Mike Larkin  a écrit :
> >On Fri, May 24, 2024 at 06:59:24AM +, Comète wrote:
> >> Thanks Sven,
> >>
> >> I can't install OpenBDS because I get the error when trying to boot the 
> >> install image.
> >>
> >> Comete
> >>
> >
> >At the boot> prompt, can you show what "mach mem" prints?
> >
> >Thanks
> >
> >-ml
> >
> >> 24 mai 2024 07:48 "Sven Wolf"  a écrit:
> >>
> >> > Hi,
> >> >
> >> > I had a silimar issue on a Lenovo V130.
> >> > For this machine I needed to remove the amdgpu driver in the kernel.
> >> >
> >> > See also:
> >> > https://marc.info/?l=openbsd-misc=160232897421774=2
> >> > https://marc.info/?l=openbsd-tech=160383074317608=2
> >> >
> >> > Do you get the error "entry point at 0x1001000" also with the bsd.rd 
> >> > kernel or only after you
> >> > installed the system with the bsd.mp/bsd.sp kernel?
> >> >
> >> > Best regards,
> >> > Sven
> >> >
> >> > On 5/23/24 22:40, Comète wrote:
> >> >
> >> >> Hello,
> >> >> I tried to install OpenBSD 7.5 on a new HP Elitebook 840 G10 (UEFI 
> >> >> capable only) without success.
> >> >> It is stuck at boot on "entry point at 0x1001000".
> >> >> Even retried after a BIOS upgrade but no luck either.
> >> >> I tried with a snapshot install too with the same result.
> >> >> I post here what lspci returns from a debian bookworm:
> >> >> 00:00.0 Host bridge: Intel Corporation Device a706
> >> >> 00:02.0 VGA compatible controller: Intel Corporation Raptor Lake-P 
> >> >> [Iris Xe Graphics] (rev 04)
> >> >> 00:04.0 Signal processing controller: Intel Corporation Raptor Lake 
> >> >> Dynamic Platform and Thermal
> >> >> Framework Processor Participant
> >> >> 00:06.0 PCI bridge: Intel Corporation Raptor Lake PCIe 4.0 Graphics Port
> >> >> 00:06.2 PCI bridge: Intel Corporation Device a73d
> >> >> 00:07.0 PCI bridge: Intel Corporation Raptor Lake-P Thunderbolt 4 PCI 
> >> >> Express Root Port
> >> >> 00:07.2 PCI bridge: Intel Corporation Raptor Lake-P Thunderbolt 4 PCI 
> >> >> Express Root Port
> >> >> 00:08.0 System peripheral: Intel Corporation GNA Scoring Accelerator 
> >> >> module
> >> >> 00:0a.0 Signal processing controller: Intel Corporation Raptor Lake 
> >> >> Crashlog and Telemetry (rev 01)
> >> >> 00:0d.0 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 
> >> >> USB Controller
> >> >> 00:0d.2 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 
> >> >> NHI
> >> >> 00:0d.3 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 
> >> >> NHI
> >> >> 00:14.0 USB controller: Intel Corporation Alder Lake PCH USB 3.2 xHCI 
> >> >> Host Controller (rev 01)
> >> >> 00:14.2 RAM memory: Intel Corporation Alder Lake PCH Shared SRAM (rev 
> >> >> 01)
> >> >> 00:14.3 Network controller: Intel Corporation Raptor Lake PCH CNVi WiFi 
> >> >> (rev 01)
> >> >> 00:15.0 Serial bus controller: Intel Corporation Alder Lake PCH Serial 
> >> >> IO I2C Controller #0 (rev
> >> >> 01)
> >> >> 00:16.0 Communication controller: Intel Corporation Alder Lake PCH HECI 
> >> >> Controller (rev 01)
> >> >> 00:16.3 Serial controller: Intel Corporation Alder Lake AMT SOL 
> >> >> Redirection (rev 01)
> >> >> 00:1c.0 PCI bridge: Intel Corporation Alder Lake PCH-P PCI Express Root 
> >> >> Port #9 (rev 01)
> >> >> 00:1e.0 Communication controller: Intel Corporation Alder Lake PCH UART 
> >> >> #0 (rev 01)
> >> >> 00:1e.2 Serial bus controller: Intel Corporation Alder Lake SPI 
> >> >> Controller (rev 01)
> >> >> 00:1f.0 ISA bridge: Intel Corporation Raptor Lake LPC/eSPI Controller 
> >> >> (rev 01)
> >> >> 00:1f.3 Multimedia audio controller: Intel Corporation Raptor 
> >> >> Lake-P/U/H cAVS (rev 01)
> >> >> 00:1f.4 SMBus: Intel Corporation Alder Lake PCH-P SMBus Host Controller 
> >> >> (rev 01)
> >> >> 00:1f.5 Serial bus controller: Intel Corporation Alder Lake-P PCH SPI 
> >> >> Controller (rev 01)
> >> >> 02:00.0 Non-Volatile memory controller: SK hynix BC901 NVMe Solid State 
> >> >> Drive (DRAM-less) (rev 03)
> >> >> 57:00.0 Wireless controller [0d40]: Intel Corporation XMM7560 LTE 
> >> >> Advanced Pro Modem (rev 01)
> >> >>> Thanks for your help.
> >> >> Comete
> >>
>
> --
> Envoyé de mon téléphone. Excusez la brièveté.
>

Re: nginx + php = system() not working?

[F Bax]

I tried a few things with nginx not in chroot; but got permission errors.
The message provided no clue as to which file/directory might be causing
it; so eventually I gave up.
After some brainstorming; we decided to run inside chroot; use php
functions other than system() and use a cron job to do the work that is
outside chroot.
Now a new issue; nginx does not start during boot; yet does start
manually - why? The following commands were issued immediately after boot.
# cat /etc/rc.conf.local
nginx_flags=""
pkg_scripts=php83_fpm
# /etc/rc.d/nginx start


nginx(ok)

On Fri, May 17, 2024 at 10:19 AM Souji Thenria 
wrote:

> On Fri May 17, 2024 at 2:56 PM BST, F Bax wrote:
> > In /etc/rc.conf.local - I changed nginx_flags="-u -p /home/Testing"
> > (home directory of a real user).
> > reboot system and now browser is refused connection
> > This site can’t be reached 192.168.1.131 refused to connect.
> > Neither /var/www/logs/{access|error}.log is changed.
> > What else needs to change?
>
> Can you verify that nginx is running?
> You may have an error in your configuration. You can check the nginx
> configuration using nginx -t.
>
> Another issue might be that nginx is still running as www and doesn't
> have access to /home/Testing.
>
> Regards,
> Souji
>

Re: Sudden reboot every 5-10 minutes on latest snapshot

[Ali Farzanrad]

Ali Farzanrad  wrote:
> Alexandre Ratchov  wrote:
> > On Fri, May 24, 2024 at 09:04:29PM +, Ali Farzanrad wrote:
> > > Alexandre Ratchov  wrote:
> > > > On Fri, May 24, 2024 at 04:30:52PM +, Ali Farzanrad wrote:
> > > > > Hi again,
> > > > > 
> > > > > During my tests it seems that this version of kernel works fine:
> > > > > 
> > > > > # TZ=UTC cvs -Qd /cvs get -D "2024-05-17 19:30" -P src
> > > > > 
> > > > > But this version of kernel will cause sudden reboots without any 
> > > > > kernel
> > > > > panic or message after 5-60 minutes in my Minisforum UM790:
> > > > > 
> > > > > # TZ=UTC cvs -Qd /cvs get -D "2024-05-17 20:00" -P src
> > > > > 
> > > > > After investigation I found this patch could fix my problem:
> > > > > 
> > > > > Index: azalia.c
> > > > > ===
> > > > > RCS file: /home/cvs/src/sys/dev/pci/azalia.c,v
> > > > > diff -u -p -r1.287 azalia.c
> > > > > --- azalia.c  17 May 2024 19:43:45 -  1.287
> > > > > +++ azalia.c  24 May 2024 16:26:38 -
> > > > > @@ -557,6 +557,16 @@ azalia_pci_attach(struct device *parent,
> > > > >   azalia_pci_write(sc->pc, sc->tag, ICH_PCI_MMC, reg);
> > > > >   }
> > > > >  
> > > > > + /* disable MSI for AMD Summit Ridge/Raven Ridge HD Audio */
> > > > > + if (PCI_VENDOR(sc->pciid) == PCI_VENDOR_AMD) {
> > > > > + switch (PCI_PRODUCT(sc->pciid)) {
> > > > > + case PCI_PRODUCT_AMD_17_HDA:
> > > > > + case PCI_PRODUCT_AMD_17_1X_HDA:
> > > > > + case PCI_PRODUCT_AMD_HUDSON2_HDA:
> > > > > + pa->pa_flags &= ~PCI_FLAGS_MSI_ENABLED;
> > > > > + }
> > > > > + }
> > > > > +
> > > > >   /* interrupt */
> > > > >   if (pci_intr_map_msi(pa, ) && pci_intr_map(pa, )) {
> > > > >   printf(": can't map interrupt\n");
> > > > > 
> > > > > However it breaks my front 3.5mm audio port and I should use my
> > > > > USB-to-3.5mm audio port adapter again.
> > > > > 
> > > > > How may I investigate more?
> > > > > 
> > > > 
> > > > could you confirm that the system reboots only while you're using the
> > > > azalia device?
> > > 
> > > I disabled sndiod, and unplugged my USB-to-3.5mm audio adapter and also
> > > unplugged front 3.5mm audio port, then reboot my OpenBSD and waited on
> > > xenodm login screen for few minutes; most of the time it reboots in
> > > less than 10 minutes... without any interaction from me, or playing
> > > anything...
> > > 
> > 
> > Could you disable the azalia driver and redo your test? reboot, then
> > on the boot(8) prompt type "boot -c", then "disable azalia", then
> > "quit".
> 
> I have another problem here.  My USB keyboard works great in BOOTX64.EFI
> but will not work on kernel config.
> 
> I created /etc/bsd.re-config file and rebooted my system twice to
> disable azalia and then checked if it is disabled using config(8) and
> dmesg(8).
> 
> Even when azalia is disabled my system gets sudden reboots.
> First sudden reboot was just after playing a music; but next 2 reboots
> was happened without playing anything.
> 
> > Then, just do your regular stuff and see if the system reboots.

I tested again with my patch.  When azalia is disabled, it suddenly
reboots after few minutes, without playing anything.  When azalia is
enabled, it lives.

Re: Sudden reboot every 5-10 minutes on latest snapshot

[Ali Farzanrad]

Alexandre Ratchov  wrote:
> On Fri, May 24, 2024 at 09:04:29PM +, Ali Farzanrad wrote:
> > Alexandre Ratchov  wrote:
> > > On Fri, May 24, 2024 at 04:30:52PM +, Ali Farzanrad wrote:
> > > > Hi again,
> > > > 
> > > > During my tests it seems that this version of kernel works fine:
> > > > 
> > > > # TZ=UTC cvs -Qd /cvs get -D "2024-05-17 19:30" -P src
> > > > 
> > > > But this version of kernel will cause sudden reboots without any kernel
> > > > panic or message after 5-60 minutes in my Minisforum UM790:
> > > > 
> > > > # TZ=UTC cvs -Qd /cvs get -D "2024-05-17 20:00" -P src
> > > > 
> > > > After investigation I found this patch could fix my problem:
> > > > 
> > > > Index: azalia.c
> > > > ===
> > > > RCS file: /home/cvs/src/sys/dev/pci/azalia.c,v
> > > > diff -u -p -r1.287 azalia.c
> > > > --- azalia.c17 May 2024 19:43:45 -  1.287
> > > > +++ azalia.c24 May 2024 16:26:38 -
> > > > @@ -557,6 +557,16 @@ azalia_pci_attach(struct device *parent,
> > > > azalia_pci_write(sc->pc, sc->tag, ICH_PCI_MMC, reg);
> > > > }
> > > >  
> > > > +   /* disable MSI for AMD Summit Ridge/Raven Ridge HD Audio */
> > > > +   if (PCI_VENDOR(sc->pciid) == PCI_VENDOR_AMD) {
> > > > +   switch (PCI_PRODUCT(sc->pciid)) {
> > > > +   case PCI_PRODUCT_AMD_17_HDA:
> > > > +   case PCI_PRODUCT_AMD_17_1X_HDA:
> > > > +   case PCI_PRODUCT_AMD_HUDSON2_HDA:
> > > > +   pa->pa_flags &= ~PCI_FLAGS_MSI_ENABLED;
> > > > +   }
> > > > +   }
> > > > +
> > > > /* interrupt */
> > > > if (pci_intr_map_msi(pa, ) && pci_intr_map(pa, )) {
> > > > printf(": can't map interrupt\n");
> > > > 
> > > > However it breaks my front 3.5mm audio port and I should use my
> > > > USB-to-3.5mm audio port adapter again.
> > > > 
> > > > How may I investigate more?
> > > > 
> > > 
> > > could you confirm that the system reboots only while you're using the
> > > azalia device?
> > 
> > I disabled sndiod, and unplugged my USB-to-3.5mm audio adapter and also
> > unplugged front 3.5mm audio port, then reboot my OpenBSD and waited on
> > xenodm login screen for few minutes; most of the time it reboots in
> > less than 10 minutes... without any interaction from me, or playing
> > anything...
> > 
> 
> Could you disable the azalia driver and redo your test? reboot, then
> on the boot(8) prompt type "boot -c", then "disable azalia", then
> "quit".

I have another problem here.  My USB keyboard works great in BOOTX64.EFI
but will not work on kernel config.

I created /etc/bsd.re-config file and rebooted my system twice to
disable azalia and then checked if it is disabled using config(8) and
dmesg(8).

Even when azalia is disabled my system gets sudden reboots.
First sudden reboot was just after playing a music; but next 2 reboots
was happened without playing anything.

> Then, just do your regular stuff and see if the system reboots.

Re: unknown USB vendor

[Rob Schmersel]

On Fri, 24 May 2024 11:51:49 +0200
Mizsei Zoltán  wrote:

> Probably https://wikidevi.wi-cat.ru/AMPAK_AP6212
> 
> Peter J. Philipp írta 2024. máj.. 24, P-n 11:39 órakor:
> > Hi,
> >
> > I got a "are you a human?" on google so I switched to qwant.com for 
> > searching
> > but the search is not as good.  I'm looking for the USB vendor of
> > this USB
> > vendor id.  0x02d0, and the device id is 0xa9a6.  Afaict this is a 
> > ure(4)
> > device with a builtin usb hub.  But there is no other markings on
> > the outside, related to manufacturer.  It does not get detected by
> > default on an April
> > kernel code.  It does have a micro-USB cable for the raspberry pi
> > zero 2 that
> > I wanted to use this with.
> >
> > Anyone have any details on these vendor and device id's?
> >
> > Best Regards,
> > -pjp
> >
> > -- 
> > ** all info about me:  lynx https://callpeter.tel, dig loc
> > delphinusdns.org **  
> 

From an RPI 4 dmesg:
...
bwfm0 at sdmmc0 function 1
manufacturer 0x02d0, product 0xa9a6 at sdmmc0 
...

Re: wifi

[Otto Moerbeek]

I have no idea 

It depends on a lot of tings: availbility of docs from Realtek,
availability of hardware, availability of desire and time from a
developer.

FreeBSD has a driver, it uses their "bolt a Linux driver on a FreeBSD
kernel" framework we don't have. So no easy port of that one.

-Otto


On Fri, May 24, 2024 at 08:54:40PM -0300, Gustavo Rios wrote:

> Is there plan to add support ?
> 
> Thanks a lot
> 
> Em qui., 23 de mai. de 2024 às 04:10, Otto Moerbeek 
> escreveu:
> 
> > On Thu, May 23, 2024 at 03:56:01AM -0300, Gustavo Rios wrote:
> >
> > > Here you have them:
> >
> > ...
> > "Realtek 8821CE" rev 0x00 at pci2 dev 0 function 0 not configured
> >
> > That means there is no driver available in OpenBSD for that card.
> >
> > -Otto
> >
> 
> 
> -- 
> The lion and the tiger may be more powerful, but the wolves do not perform
> in the circus

Re: Sudden reboot every 5-10 minutes on latest snapshot

[Alexandre Ratchov]

On Fri, May 24, 2024 at 09:04:29PM +, Ali Farzanrad wrote:
> Alexandre Ratchov  wrote:
> > On Fri, May 24, 2024 at 04:30:52PM +, Ali Farzanrad wrote:
> > > Hi again,
> > > 
> > > During my tests it seems that this version of kernel works fine:
> > > 
> > > # TZ=UTC cvs -Qd /cvs get -D "2024-05-17 19:30" -P src
> > > 
> > > But this version of kernel will cause sudden reboots without any kernel
> > > panic or message after 5-60 minutes in my Minisforum UM790:
> > > 
> > > # TZ=UTC cvs -Qd /cvs get -D "2024-05-17 20:00" -P src
> > > 
> > > After investigation I found this patch could fix my problem:
> > > 
> > > Index: azalia.c
> > > ===
> > > RCS file: /home/cvs/src/sys/dev/pci/azalia.c,v
> > > diff -u -p -r1.287 azalia.c
> > > --- azalia.c  17 May 2024 19:43:45 -  1.287
> > > +++ azalia.c  24 May 2024 16:26:38 -
> > > @@ -557,6 +557,16 @@ azalia_pci_attach(struct device *parent,
> > >   azalia_pci_write(sc->pc, sc->tag, ICH_PCI_MMC, reg);
> > >   }
> > >  
> > > + /* disable MSI for AMD Summit Ridge/Raven Ridge HD Audio */
> > > + if (PCI_VENDOR(sc->pciid) == PCI_VENDOR_AMD) {
> > > + switch (PCI_PRODUCT(sc->pciid)) {
> > > + case PCI_PRODUCT_AMD_17_HDA:
> > > + case PCI_PRODUCT_AMD_17_1X_HDA:
> > > + case PCI_PRODUCT_AMD_HUDSON2_HDA:
> > > + pa->pa_flags &= ~PCI_FLAGS_MSI_ENABLED;
> > > + }
> > > + }
> > > +
> > >   /* interrupt */
> > >   if (pci_intr_map_msi(pa, ) && pci_intr_map(pa, )) {
> > >   printf(": can't map interrupt\n");
> > > 
> > > However it breaks my front 3.5mm audio port and I should use my
> > > USB-to-3.5mm audio port adapter again.
> > > 
> > > How may I investigate more?
> > > 
> > 
> > could you confirm that the system reboots only while you're using the
> > azalia device?
> 
> I disabled sndiod, and unplugged my USB-to-3.5mm audio adapter and also
> unplugged front 3.5mm audio port, then reboot my OpenBSD and waited on
> xenodm login screen for few minutes; most of the time it reboots in
> less than 10 minutes... without any interaction from me, or playing
> anything...
> 

Could you disable the azalia driver and redo your test? reboot, then
on the boot(8) prompt type "boot -c", then "disable azalia", then
"quit".

Then, just do your regular stuff and see if the system reboots.

Re: 7.5 install crashes on "entry point at 0x1001000" HP Elitebook 840 G10

[Comète]

Hello,

This is a link to a screenshot, I can't copy/paste at this step:

https://ibb.co/tpr8zBz

Thanks a lot !

Comete

Le 24 mai 2024 20:38:45 GMT+02:00, Mike Larkin  a écrit :
>On Fri, May 24, 2024 at 06:59:24AM +, Comète wrote:
>> Thanks Sven,
>>
>> I can't install OpenBDS because I get the error when trying to boot the 
>> install image.
>>
>> Comete
>>
>
>At the boot> prompt, can you show what "mach mem" prints?
>
>Thanks
>
>-ml
>
>> 24 mai 2024 07:48 "Sven Wolf"  a écrit:
>>
>> > Hi,
>> >
>> > I had a silimar issue on a Lenovo V130.
>> > For this machine I needed to remove the amdgpu driver in the kernel.
>> >
>> > See also:
>> > https://marc.info/?l=openbsd-misc=160232897421774=2
>> > https://marc.info/?l=openbsd-tech=160383074317608=2
>> >
>> > Do you get the error "entry point at 0x1001000" also with the bsd.rd 
>> > kernel or only after you
>> > installed the system with the bsd.mp/bsd.sp kernel?
>> >
>> > Best regards,
>> > Sven
>> >
>> > On 5/23/24 22:40, Comète wrote:
>> >
>> >> Hello,
>> >> I tried to install OpenBSD 7.5 on a new HP Elitebook 840 G10 (UEFI 
>> >> capable only) without success.
>> >> It is stuck at boot on "entry point at 0x1001000".
>> >> Even retried after a BIOS upgrade but no luck either.
>> >> I tried with a snapshot install too with the same result.
>> >> I post here what lspci returns from a debian bookworm:
>> >> 00:00.0 Host bridge: Intel Corporation Device a706
>> >> 00:02.0 VGA compatible controller: Intel Corporation Raptor Lake-P [Iris 
>> >> Xe Graphics] (rev 04)
>> >> 00:04.0 Signal processing controller: Intel Corporation Raptor Lake 
>> >> Dynamic Platform and Thermal
>> >> Framework Processor Participant
>> >> 00:06.0 PCI bridge: Intel Corporation Raptor Lake PCIe 4.0 Graphics Port
>> >> 00:06.2 PCI bridge: Intel Corporation Device a73d
>> >> 00:07.0 PCI bridge: Intel Corporation Raptor Lake-P Thunderbolt 4 PCI 
>> >> Express Root Port
>> >> 00:07.2 PCI bridge: Intel Corporation Raptor Lake-P Thunderbolt 4 PCI 
>> >> Express Root Port
>> >> 00:08.0 System peripheral: Intel Corporation GNA Scoring Accelerator 
>> >> module
>> >> 00:0a.0 Signal processing controller: Intel Corporation Raptor Lake 
>> >> Crashlog and Telemetry (rev 01)
>> >> 00:0d.0 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 USB 
>> >> Controller
>> >> 00:0d.2 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 NHI
>> >> 00:0d.3 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 NHI
>> >> 00:14.0 USB controller: Intel Corporation Alder Lake PCH USB 3.2 xHCI 
>> >> Host Controller (rev 01)
>> >> 00:14.2 RAM memory: Intel Corporation Alder Lake PCH Shared SRAM (rev 01)
>> >> 00:14.3 Network controller: Intel Corporation Raptor Lake PCH CNVi WiFi 
>> >> (rev 01)
>> >> 00:15.0 Serial bus controller: Intel Corporation Alder Lake PCH Serial IO 
>> >> I2C Controller #0 (rev
>> >> 01)
>> >> 00:16.0 Communication controller: Intel Corporation Alder Lake PCH HECI 
>> >> Controller (rev 01)
>> >> 00:16.3 Serial controller: Intel Corporation Alder Lake AMT SOL 
>> >> Redirection (rev 01)
>> >> 00:1c.0 PCI bridge: Intel Corporation Alder Lake PCH-P PCI Express Root 
>> >> Port #9 (rev 01)
>> >> 00:1e.0 Communication controller: Intel Corporation Alder Lake PCH UART 
>> >> #0 (rev 01)
>> >> 00:1e.2 Serial bus controller: Intel Corporation Alder Lake SPI 
>> >> Controller (rev 01)
>> >> 00:1f.0 ISA bridge: Intel Corporation Raptor Lake LPC/eSPI Controller 
>> >> (rev 01)
>> >> 00:1f.3 Multimedia audio controller: Intel Corporation Raptor Lake-P/U/H 
>> >> cAVS (rev 01)
>> >> 00:1f.4 SMBus: Intel Corporation Alder Lake PCH-P SMBus Host Controller 
>> >> (rev 01)
>> >> 00:1f.5 Serial bus controller: Intel Corporation Alder Lake-P PCH SPI 
>> >> Controller (rev 01)
>> >> 02:00.0 Non-Volatile memory controller: SK hynix BC901 NVMe Solid State 
>> >> Drive (DRAM-less) (rev 03)
>> >> 57:00.0 Wireless controller [0d40]: Intel Corporation XMM7560 LTE 
>> >> Advanced Pro Modem (rev 01)
>> >>> Thanks for your help.
>> >> Comete
>>

-- 
Envoyé de mon téléphone. Excusez la brièveté.

znc webadmin module V 7.4 and 7.5

[latinfo]

Hello

i was using znc on OpenBSD 7.4 and it worked correctly, then i did a clean
installation of 7.5 and znc does not create the webadmin page, irssi said
that webadmin module is loaded! Then i went back to 7.4 and it has the
exact same behaviour. Tested adding LoadModule webadmin at znc.conf and it
failed.

i went to znc irc channel and they said that it could be the OpenBSD package.

Could somebody help please?

Thanks misc

Re: wifi

[Gustavo Rios]

Is there plan to add support ?

Thanks a lot

Em qui., 23 de mai. de 2024 às 04:10, Otto Moerbeek 
escreveu:

> On Thu, May 23, 2024 at 03:56:01AM -0300, Gustavo Rios wrote:
>
> > Here you have them:
>
> ...
> "Realtek 8821CE" rev 0x00 at pci2 dev 0 function 0 not configured
>
> That means there is no driver available in OpenBSD for that card.
>
> -Otto
>


-- 
The lion and the tiger may be more powerful, but the wolves do not perform
in the circus

Re: Sudden reboot every 5-10 minutes on latest snapshot

[Ali Farzanrad]

Alexandre Ratchov  wrote:
> On Fri, May 24, 2024 at 04:30:52PM +, Ali Farzanrad wrote:
> > Hi again,
> > 
> > During my tests it seems that this version of kernel works fine:
> > 
> > # TZ=UTC cvs -Qd /cvs get -D "2024-05-17 19:30" -P src
> > 
> > But this version of kernel will cause sudden reboots without any kernel
> > panic or message after 5-60 minutes in my Minisforum UM790:
> > 
> > # TZ=UTC cvs -Qd /cvs get -D "2024-05-17 20:00" -P src
> > 
> > After investigation I found this patch could fix my problem:
> > 
> > Index: azalia.c
> > ===
> > RCS file: /home/cvs/src/sys/dev/pci/azalia.c,v
> > diff -u -p -r1.287 azalia.c
> > --- azalia.c17 May 2024 19:43:45 -  1.287
> > +++ azalia.c24 May 2024 16:26:38 -
> > @@ -557,6 +557,16 @@ azalia_pci_attach(struct device *parent,
> > azalia_pci_write(sc->pc, sc->tag, ICH_PCI_MMC, reg);
> > }
> >  
> > +   /* disable MSI for AMD Summit Ridge/Raven Ridge HD Audio */
> > +   if (PCI_VENDOR(sc->pciid) == PCI_VENDOR_AMD) {
> > +   switch (PCI_PRODUCT(sc->pciid)) {
> > +   case PCI_PRODUCT_AMD_17_HDA:
> > +   case PCI_PRODUCT_AMD_17_1X_HDA:
> > +   case PCI_PRODUCT_AMD_HUDSON2_HDA:
> > +   pa->pa_flags &= ~PCI_FLAGS_MSI_ENABLED;
> > +   }
> > +   }
> > +
> > /* interrupt */
> > if (pci_intr_map_msi(pa, ) && pci_intr_map(pa, )) {
> > printf(": can't map interrupt\n");
> > 
> > However it breaks my front 3.5mm audio port and I should use my
> > USB-to-3.5mm audio port adapter again.
> > 
> > How may I investigate more?
> > 
> 
> could you confirm that the system reboots only while you're using the
> azalia device?

I disabled sndiod, and unplugged my USB-to-3.5mm audio adapter and also
unplugged front 3.5mm audio port, then reboot my OpenBSD and waited on
xenodm login screen for few minutes; most of the time it reboots in
less than 10 minutes... without any interaction from me, or playing
anything...

> when you apply above diff, is audio unstable or it doesn't work at
> all?

It doesn't work at all.  No input, no output.  Even sndioctl will
freeze.

However when I plug my USB-to-3.5mm audio adapter, and run sndiod with
these arguments: -f rsnd/0 -F rsnd/1
I have audio output.  However I don't have audio input for such a long
time, maybe 2 months (if it could help I can search for latest version
of kernel which my mic works with USB-to-3.5mm audio adapter).

With latest kernel front 3.5mm audio port works great, both as input and
as output; the only problem that I have with it is sudden reboots :(

Re: 7.5 install crashes on "entry point at 0x1001000" HP Elitebook 840 G10

[Mike Larkin]

On Fri, May 24, 2024 at 06:59:24AM +, Comète wrote:
> Thanks Sven,
>
> I can't install OpenBDS because I get the error when trying to boot the 
> install image.
>
> Comete
>

At the boot> prompt, can you show what "mach mem" prints?

Thanks

-ml

> 24 mai 2024 07:48 "Sven Wolf"  a écrit:
>
> > Hi,
> >
> > I had a silimar issue on a Lenovo V130.
> > For this machine I needed to remove the amdgpu driver in the kernel.
> >
> > See also:
> > https://marc.info/?l=openbsd-misc=160232897421774=2
> > https://marc.info/?l=openbsd-tech=160383074317608=2
> >
> > Do you get the error "entry point at 0x1001000" also with the bsd.rd kernel 
> > or only after you
> > installed the system with the bsd.mp/bsd.sp kernel?
> >
> > Best regards,
> > Sven
> >
> > On 5/23/24 22:40, Comète wrote:
> >
> >> Hello,
> >> I tried to install OpenBSD 7.5 on a new HP Elitebook 840 G10 (UEFI capable 
> >> only) without success.
> >> It is stuck at boot on "entry point at 0x1001000".
> >> Even retried after a BIOS upgrade but no luck either.
> >> I tried with a snapshot install too with the same result.
> >> I post here what lspci returns from a debian bookworm:
> >> 00:00.0 Host bridge: Intel Corporation Device a706
> >> 00:02.0 VGA compatible controller: Intel Corporation Raptor Lake-P [Iris 
> >> Xe Graphics] (rev 04)
> >> 00:04.0 Signal processing controller: Intel Corporation Raptor Lake 
> >> Dynamic Platform and Thermal
> >> Framework Processor Participant
> >> 00:06.0 PCI bridge: Intel Corporation Raptor Lake PCIe 4.0 Graphics Port
> >> 00:06.2 PCI bridge: Intel Corporation Device a73d
> >> 00:07.0 PCI bridge: Intel Corporation Raptor Lake-P Thunderbolt 4 PCI 
> >> Express Root Port
> >> 00:07.2 PCI bridge: Intel Corporation Raptor Lake-P Thunderbolt 4 PCI 
> >> Express Root Port
> >> 00:08.0 System peripheral: Intel Corporation GNA Scoring Accelerator module
> >> 00:0a.0 Signal processing controller: Intel Corporation Raptor Lake 
> >> Crashlog and Telemetry (rev 01)
> >> 00:0d.0 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 USB 
> >> Controller
> >> 00:0d.2 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 NHI
> >> 00:0d.3 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 NHI
> >> 00:14.0 USB controller: Intel Corporation Alder Lake PCH USB 3.2 xHCI Host 
> >> Controller (rev 01)
> >> 00:14.2 RAM memory: Intel Corporation Alder Lake PCH Shared SRAM (rev 01)
> >> 00:14.3 Network controller: Intel Corporation Raptor Lake PCH CNVi WiFi 
> >> (rev 01)
> >> 00:15.0 Serial bus controller: Intel Corporation Alder Lake PCH Serial IO 
> >> I2C Controller #0 (rev
> >> 01)
> >> 00:16.0 Communication controller: Intel Corporation Alder Lake PCH HECI 
> >> Controller (rev 01)
> >> 00:16.3 Serial controller: Intel Corporation Alder Lake AMT SOL 
> >> Redirection (rev 01)
> >> 00:1c.0 PCI bridge: Intel Corporation Alder Lake PCH-P PCI Express Root 
> >> Port #9 (rev 01)
> >> 00:1e.0 Communication controller: Intel Corporation Alder Lake PCH UART #0 
> >> (rev 01)
> >> 00:1e.2 Serial bus controller: Intel Corporation Alder Lake SPI Controller 
> >> (rev 01)
> >> 00:1f.0 ISA bridge: Intel Corporation Raptor Lake LPC/eSPI Controller (rev 
> >> 01)
> >> 00:1f.3 Multimedia audio controller: Intel Corporation Raptor Lake-P/U/H 
> >> cAVS (rev 01)
> >> 00:1f.4 SMBus: Intel Corporation Alder Lake PCH-P SMBus Host Controller 
> >> (rev 01)
> >> 00:1f.5 Serial bus controller: Intel Corporation Alder Lake-P PCH SPI 
> >> Controller (rev 01)
> >> 02:00.0 Non-Volatile memory controller: SK hynix BC901 NVMe Solid State 
> >> Drive (DRAM-less) (rev 03)
> >> 57:00.0 Wireless controller [0d40]: Intel Corporation XMM7560 LTE Advanced 
> >> Pro Modem (rev 01)
> >>> Thanks for your help.
> >> Comete
>

Re: Q: Problems forwarding traffic using pf ...

[Zé Loff]

On Fri, May 24, 2024 at 06:04:25PM +0200, Peter N. M. Hansteen wrote:
> On Thu, May 23, 2024 at 11:14:20AM +0200, Why 42? The lists account. wrote:
> > pfctl reports:
> > # pfctl -vvs rules | grep @
> > @0 block return log all
> > @1 pass in log on em0 inet proto udp from 192.168.178.166 to any tag UDP
> > @2 pass out log on ure0 all flags S/SA tagged UDP

Why setting "flags S/SA" on a rule meant for UDP packets?

> > 
> > I see that rule 1 is matched, but never rule 2. E.g.
> > ...
> > May 23 10:32:06.602759 rule 0/(match) block in on em0: 192.168.178.179.5353 
> > > 224.0.0.251.5353: 46[|domain] (DF)
> > May 23 10:32:06.603963 rule 0/(match) block in on em0: 
> > fe80::4434:8bff:fecd:b116.5353 > ff02::fb.5353: 46[|domain] [flowlabel 
> > 0xbaff9]
> > May 23 10:32:09.700212 rule 0/(match) block in on em0: 192.168.178.254 > 
> > 224.0.0.1: igmp query [len 12] (DF) [tos 0xc0] [ttl 1]
> > May 23 10:32:13.267374 rule 1/(match) pass in on em0: 192.168.178.166.56334 
> > > 192.168.178.11.54321: udp 7
> 
> So this last one never leaves, right?
> 
> what does the gateway's routing table say about how to reach the destination 
> network?
> 
> also relevant, what is the configuration of the interfaces involved?
> 
> I'm thinking this could be down to using RFC1918 addresses and not being 
> extra careful
> about netmasks and routes, but we need more info on the actual configuration 
> to be sure.
> 
> - Peter
> 
> -- 
> Peter N. M. Hansteen, member of the first RFC 1149 implementation team
> https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/
> "Remember to set the evil bit on all malicious network traffic"
> delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
> 

-- 
 

Re: Sudden reboot every 5-10 minutes on latest snapshot

[Alexandre Ratchov]

On Fri, May 24, 2024 at 04:30:52PM +, Ali Farzanrad wrote:
> Hi again,
> 
> During my tests it seems that this version of kernel works fine:
> 
> # TZ=UTC cvs -Qd /cvs get -D "2024-05-17 19:30" -P src
> 
> But this version of kernel will cause sudden reboots without any kernel
> panic or message after 5-60 minutes in my Minisforum UM790:
> 
> # TZ=UTC cvs -Qd /cvs get -D "2024-05-17 20:00" -P src
> 
> After investigation I found this patch could fix my problem:
> 
> Index: azalia.c
> ===
> RCS file: /home/cvs/src/sys/dev/pci/azalia.c,v
> diff -u -p -r1.287 azalia.c
> --- azalia.c  17 May 2024 19:43:45 -  1.287
> +++ azalia.c  24 May 2024 16:26:38 -
> @@ -557,6 +557,16 @@ azalia_pci_attach(struct device *parent,
>   azalia_pci_write(sc->pc, sc->tag, ICH_PCI_MMC, reg);
>   }
>  
> + /* disable MSI for AMD Summit Ridge/Raven Ridge HD Audio */
> + if (PCI_VENDOR(sc->pciid) == PCI_VENDOR_AMD) {
> + switch (PCI_PRODUCT(sc->pciid)) {
> + case PCI_PRODUCT_AMD_17_HDA:
> + case PCI_PRODUCT_AMD_17_1X_HDA:
> + case PCI_PRODUCT_AMD_HUDSON2_HDA:
> + pa->pa_flags &= ~PCI_FLAGS_MSI_ENABLED;
> + }
> + }
> +
>   /* interrupt */
>   if (pci_intr_map_msi(pa, ) && pci_intr_map(pa, )) {
>   printf(": can't map interrupt\n");
> 
> However it breaks my front 3.5mm audio port and I should use my
> USB-to-3.5mm audio port adapter again.
> 
> How may I investigate more?
> 

could you confirm that the system reboots only while you're using the
azalia device?

when you apply above diff, is audio unstable or it doesn't work at
all?

Re: Sudden reboot every 5-10 minutes on latest snapshot

[Ali Farzanrad]

Hi again,

During my tests it seems that this version of kernel works fine:

# TZ=UTC cvs -Qd /cvs get -D "2024-05-17 19:30" -P src

But this version of kernel will cause sudden reboots without any kernel
panic or message after 5-60 minutes in my Minisforum UM790:

# TZ=UTC cvs -Qd /cvs get -D "2024-05-17 20:00" -P src

After investigation I found this patch could fix my problem:

Index: azalia.c
===
RCS file: /home/cvs/src/sys/dev/pci/azalia.c,v
diff -u -p -r1.287 azalia.c
--- azalia.c17 May 2024 19:43:45 -  1.287
+++ azalia.c24 May 2024 16:26:38 -
@@ -557,6 +557,16 @@ azalia_pci_attach(struct device *parent,
azalia_pci_write(sc->pc, sc->tag, ICH_PCI_MMC, reg);
}
 
+   /* disable MSI for AMD Summit Ridge/Raven Ridge HD Audio */
+   if (PCI_VENDOR(sc->pciid) == PCI_VENDOR_AMD) {
+   switch (PCI_PRODUCT(sc->pciid)) {
+   case PCI_PRODUCT_AMD_17_HDA:
+   case PCI_PRODUCT_AMD_17_1X_HDA:
+   case PCI_PRODUCT_AMD_HUDSON2_HDA:
+   pa->pa_flags &= ~PCI_FLAGS_MSI_ENABLED;
+   }
+   }
+
/* interrupt */
if (pci_intr_map_msi(pa, ) && pci_intr_map(pa, )) {
printf(": can't map interrupt\n");

However it breaks my front 3.5mm audio port and I should use my
USB-to-3.5mm audio port adapter again.

How may I investigate more?

> > > > My Minisforum UM790 keeps reboot every 5-10 minutes, without any Kernel
> > > > Panic or visible message how may I debug it?
> > > > I'm using latest OpenBSD snapshot with this amd64/BUILDINFO:
> > > > Build date: 1716424636 - Thu May 23 00:37:16 UTC 2024
> > > 
> > > Not a lot to go on really.
> > > 
> > > Is the machine doing anything or just idle?
> > 
> > It get reboot even in xenodm login screen without any interaction from me.
> > 
> > > Is X running?
> > 
> > It's funny.  I disabled the xenodm and it lived for more than 10 minutes;
> > then I enabled and started xenodm and it suddenly rebooted after few
> > minutes!
> > 
> > Next time I keep xenodm running, but switched to ttyC0 terminal using
> > Alt+Ctrl+F1 key and it lived for more than 10 minutes; then I just
> > switched to Xorg using Alt+Ctrl+F5 and it suddenly rebooted again after
> > few minutes!
> > 
> > > Do you get the same with 7.5? if yes, try older releases - can you
> > > find one where it doesn't happen?
> > 
> > I rarely got same issue in previous snapshots (I think my last snapshot
> > was for 6 days ago and I had no serious issue with that).
> > 
> > I think I sould compile and test previous versions of xenocara, right?
> 
> Try with just an older kernel first and leave userland alone.
> ftp.hostserver.de and openbsd.cs.toronto.edu both have some old
> snaps in /archive. (If no snap was built on a certain day then
> the files will be identical in the archive so no point testing
> when there was no change - you can use what(1) to show the
> version - I'd save a few under names like /bsd.mp.
> and type "boot bsd.mp." at the boot loader).
> 
> 
> > > >
> > > > # (dmesg; sysctl hw.sensors)
> > > > OpenBSD 7.5-current (GENERIC.MP) #78: Wed May 22 18:31:14 MDT 2024
> > > > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> > > > real mem = 31909883904 (30431MB)
> > > > avail mem = 30921310208 (29488MB)
> > > > random: good seed from bootblocks
> > > > mpath0 at root
> > > > scsibus0 at mpath0: 256 targets
> > > > mainbus0 at root
> > > > bios0 at mainbus0: SMBIOS rev. 3.5 @ 0x9ab7f000 (45 entries)
> > > > bios0: vendor American Megatrends International, LLC. version "1.01" 
> > > > date 06/05/2023
> > > > bios0: Micro Computer (HK) Tech Limited F7BSC
> > > > efi0 at bios0: UEFI 2.8
> > > > efi0: American Megatrends rev 0x5001d
> > > > acpi0 at bios0: ACPI 6.4
> > > > acpi0: sleep states S0 S4 S5
> > > > acpi0: tables DSDT FACP SSDT SSDT FIDT MCFG FPDT VFCT BGRT TPM2 SSDT 
> > > > CRAT CDIT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT WSMT APIC IVRS 
> > > > SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT
> > > > acpi0: wakeup devices GPP1(S4) GPP0(S4) GPP5(S4) GPP7(S4) GP11(S4) 
> > > > SWUS(S4) GP12(S4) SWUS(S4)
> > > > acpitimer0 at acpi0: 3579545 Hz, 32 bits
> > > > acpimcfg0 at acpi0
> > > > acpimcfg0: addr 0xe000, bus 0-255
> > > > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> > > > cpu0 at mainbus0: apid 0 (boot processor)
> > > > cpu0: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 
> > > > 19-74-01, patch 0a704101
> > > > cpu0: cpuid 1 
> > > > edx=178bfbff
> > > >  
> > > > ecx=76f8320b
> > > > cpu0: cpuid 6 eax=4 ecx=1
> > > > cpu0: cpuid 7.0 
> > > > ebx=f1bf97a9
> > > >  ecx=405fce edx=1000
> > > > cpu0: cpuid d.1 eax=f
> > > > cpu0: cpuid 8001 edx=2fd3fbff 
> > > > ecx=75c237ff
> > > > cpu0: cpuid 8007 edx=e799
> > > > cpu0: cpuid 8008 
> > > > ebx=791ef257
> > > > cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way 

Re: Q: Problems forwarding traffic using pf ...

[Peter N. M. Hansteen]

On Thu, May 23, 2024 at 11:14:20AM +0200, Why 42? The lists account. wrote:
> pfctl reports:
> # pfctl -vvs rules | grep @
> @0 block return log all
> @1 pass in log on em0 inet proto udp from 192.168.178.166 to any tag UDP
> @2 pass out log on ure0 all flags S/SA tagged UDP
> 
> I see that rule 1 is matched, but never rule 2. E.g.
> ...
> May 23 10:32:06.602759 rule 0/(match) block in on em0: 192.168.178.179.5353 > 
> 224.0.0.251.5353: 46[|domain] (DF)
> May 23 10:32:06.603963 rule 0/(match) block in on em0: 
> fe80::4434:8bff:fecd:b116.5353 > ff02::fb.5353: 46[|domain] [flowlabel 
> 0xbaff9]
> May 23 10:32:09.700212 rule 0/(match) block in on em0: 192.168.178.254 > 
> 224.0.0.1: igmp query [len 12] (DF) [tos 0xc0] [ttl 1]
> May 23 10:32:13.267374 rule 1/(match) pass in on em0: 192.168.178.166.56334 > 
> 192.168.178.11.54321: udp 7

So this last one never leaves, right?

what does the gateway's routing table say about how to reach the destination 
network?

also relevant, what is the configuration of the interfaces involved?

I'm thinking this could be down to using RFC1918 addresses and not being extra 
careful
about netmasks and routes, but we need more info on the actual configuration to 
be sure.

- Peter

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: OpenBSD 7.4 in virtualize env

[jrmu]

> Sometimes, rarely, across multiple version ( did not see it in 7.5 so far )
> the log `scsi_xfer pool exhausted` just get spammed forever,
> 
> It doesn't crash, the device just spam the message , so it s active
> 
> I do not have a way to create the problem , but,
> i wonder if the code could be modified so the device just drop to DDB
>Did you run out of memory / swap perhaps?

I have noticed that occurring when my system runs out of swap space.

-- 
jrmu
IRCNow (https://ircnow.org)


signature.asc
Description: PGP signature

Re: OpenBSD 7.4 in virtualize env

[Stuart Henderson]

On 2024-05-24, Sven F.  wrote:
> --c4123906193364e5
> Content-Type: text/plain; charset="UTF-8"
>
> Hello,
>
> Sometimes, rarely, across multiple version ( did not see it in 7.5 so far )
> the log `scsi_xfer pool exhausted` just get spammed forever,
>
> It doesn't crash, the device just spam the message , so it s active
>
> I do not have a way to create the problem , but,
> i wonder if the code could be modified so the device just drop to DDB

It can, just change the printf to panic.

/sys/scsi/scsi_base.c r1.283 fixed the main thing triggering that
problem, but it was already committed before 7.4

OpenBSD 7.4 in virtualize env

[Sven F.]

Hello,

Sometimes, rarely, across multiple version ( did not see it in 7.5 so far )
the log `scsi_xfer pool exhausted` just get spammed forever,

It doesn't crash, the device just spam the message , so it s active

I do not have a way to create the problem , but,
i wonder if the code could be modified so the device just drop to DDB

something like if this pool is exhausted for "longtime" just crash
(or reboot if sysctl is configured that way )

```
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf68b0 (9 entries)
bios0: vendor SeaBIOS version "2:1.10.2-58953eb7" date 04/01/2014
bios0: OpenStack Foundation OpenStack Nova
...
vioscsi0 at virtio1: qsize 128
scsibus1 at vioscsi0: 255 targets
sd0 at scsibus1 targ 0 lun 0: 
```

I will upgrade to 7.5 soon anyway

Best.

Re: Q: Problems forwarding traffic using pf ...

[Why 42? The lists account.]

Hi Guys,

Thanks for the feedback, to address your points:

1> Possibly stupid question, but did you set the sysctl(s) to enable forwarding?

Yes I tried this pf rule change with version 4 forwarding
(net.inet.ip.forwarding) both enabled and disabled.

Either way the pf "pass out tagged" rule is never matched.

I didn't reboot after changing this setting. It's not clear to me if that
is necessary. For the version 6 variable (net.inet6.ip6.forwarding) "man
2 sysctl" states: 

"... changing this variable during operation may cause serious trouble.
 Hence, this variable should only be set at bootstrap time."

Whatever that might mean. Anyway, for the version 4 variable there no
similar remark.


2> And there is also mforwarding
3> And multicast=YES rc.conf.local

In this first simple proof/test I just tried to forward some UDP. So this
is not yet relevant. But I think you are both right, if I get as far as
doing multicasting, I'll probably need those.

Out of interest I grepped in /etc and it seems that setting multicast=YES
influences the netstart script. When multicast is not "YES" then the
route for 224.0.0.0/4 is deleted and re-added to the IP loopback address
with an option "reject".

Cheers,
Robb.

Re: unknown USB vendor

[Mizsei Zoltán]

Probably https://wikidevi.wi-cat.ru/AMPAK_AP6212

Peter J. Philipp írta 2024. máj.. 24, P-n 11:39 órakor:
> Hi,
>
> I got a "are you a human?" on google so I switched to qwant.com for 
> searching
> but the search is not as good.  I'm looking for the USB vendor of this 
> USB
> vendor id.  0x02d0, and the device id is 0xa9a6.  Afaict this is a 
> ure(4)
> device with a builtin usb hub.  But there is no other markings on the 
> outside, related to manufacturer.  It does not get detected by default 
> on an April
> kernel code.  It does have a micro-USB cable for the raspberry pi zero 
> 2 that
> I wanted to use this with.
>
> Anyone have any details on these vendor and device id's?
>
> Best Regards,
> -pjp
>
> -- 
> ** all info about me:  lynx https://callpeter.tel, dig loc delphinusdns.org **

-- 
--Z--

unknown USB vendor

[Peter J. Philipp]

Hi,

I got a "are you a human?" on google so I switched to qwant.com for searching
but the search is not as good.  I'm looking for the USB vendor of this USB
vendor id.  0x02d0, and the device id is 0xa9a6.  Afaict this is a ure(4)
device with a builtin usb hub.  But there is no other markings on the outside, 
related to manufacturer.  It does not get detected by default on an April
kernel code.  It does have a micro-USB cable for the raspberry pi zero 2 that
I wanted to use this with.

Anyone have any details on these vendor and device id's?

Best Regards,
-pjp

-- 
** all info about me:  lynx https://callpeter.tel, dig loc delphinusdns.org **

Re: 7.5 install crashes on "entry point at 0x1001000" HP Elitebook 840 G10

[Comète]

Thanks Sven,

I can't install OpenBDS because I get the error when trying to boot the install 
image.

Comete

24 mai 2024 07:48 "Sven Wolf"  a écrit:

> Hi,
> 
> I had a silimar issue on a Lenovo V130.
> For this machine I needed to remove the amdgpu driver in the kernel.
> 
> See also:
> https://marc.info/?l=openbsd-misc=160232897421774=2
> https://marc.info/?l=openbsd-tech=160383074317608=2
> 
> Do you get the error "entry point at 0x1001000" also with the bsd.rd kernel 
> or only after you
> installed the system with the bsd.mp/bsd.sp kernel?
> 
> Best regards,
> Sven
> 
> On 5/23/24 22:40, Comète wrote:
> 
>> Hello,
>> I tried to install OpenBSD 7.5 on a new HP Elitebook 840 G10 (UEFI capable 
>> only) without success.
>> It is stuck at boot on "entry point at 0x1001000".
>> Even retried after a BIOS upgrade but no luck either.
>> I tried with a snapshot install too with the same result.
>> I post here what lspci returns from a debian bookworm:
>> 00:00.0 Host bridge: Intel Corporation Device a706
>> 00:02.0 VGA compatible controller: Intel Corporation Raptor Lake-P [Iris Xe 
>> Graphics] (rev 04)
>> 00:04.0 Signal processing controller: Intel Corporation Raptor Lake Dynamic 
>> Platform and Thermal
>> Framework Processor Participant
>> 00:06.0 PCI bridge: Intel Corporation Raptor Lake PCIe 4.0 Graphics Port
>> 00:06.2 PCI bridge: Intel Corporation Device a73d
>> 00:07.0 PCI bridge: Intel Corporation Raptor Lake-P Thunderbolt 4 PCI 
>> Express Root Port
>> 00:07.2 PCI bridge: Intel Corporation Raptor Lake-P Thunderbolt 4 PCI 
>> Express Root Port
>> 00:08.0 System peripheral: Intel Corporation GNA Scoring Accelerator module
>> 00:0a.0 Signal processing controller: Intel Corporation Raptor Lake Crashlog 
>> and Telemetry (rev 01)
>> 00:0d.0 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 USB 
>> Controller
>> 00:0d.2 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 NHI
>> 00:0d.3 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 NHI
>> 00:14.0 USB controller: Intel Corporation Alder Lake PCH USB 3.2 xHCI Host 
>> Controller (rev 01)
>> 00:14.2 RAM memory: Intel Corporation Alder Lake PCH Shared SRAM (rev 01)
>> 00:14.3 Network controller: Intel Corporation Raptor Lake PCH CNVi WiFi (rev 
>> 01)
>> 00:15.0 Serial bus controller: Intel Corporation Alder Lake PCH Serial IO 
>> I2C Controller #0 (rev
>> 01)
>> 00:16.0 Communication controller: Intel Corporation Alder Lake PCH HECI 
>> Controller (rev 01)
>> 00:16.3 Serial controller: Intel Corporation Alder Lake AMT SOL Redirection 
>> (rev 01)
>> 00:1c.0 PCI bridge: Intel Corporation Alder Lake PCH-P PCI Express Root Port 
>> #9 (rev 01)
>> 00:1e.0 Communication controller: Intel Corporation Alder Lake PCH UART #0 
>> (rev 01)
>> 00:1e.2 Serial bus controller: Intel Corporation Alder Lake SPI Controller 
>> (rev 01)
>> 00:1f.0 ISA bridge: Intel Corporation Raptor Lake LPC/eSPI Controller (rev 
>> 01)
>> 00:1f.3 Multimedia audio controller: Intel Corporation Raptor Lake-P/U/H 
>> cAVS (rev 01)
>> 00:1f.4 SMBus: Intel Corporation Alder Lake PCH-P SMBus Host Controller (rev 
>> 01)
>> 00:1f.5 Serial bus controller: Intel Corporation Alder Lake-P PCH SPI 
>> Controller (rev 01)
>> 02:00.0 Non-Volatile memory controller: SK hynix BC901 NVMe Solid State 
>> Drive (DRAM-less) (rev 03)
>> 57:00.0 Wireless controller [0d40]: Intel Corporation XMM7560 LTE Advanced 
>> Pro Modem (rev 01)
>>> Thanks for your help.
>> Comete

custom syspatch

[Kapetanakis Giannis]

Suppose I want to add a custom patch to a release system (backport patch from 
current and compile on release),
but keep the system able to load more official syspatches:

is it enough to put the relevant new object file (say pf.o) in 
/usr/share/relink/kernel/GENERIC.MP/
and just do reorder_kernel? 

The new object will come from manually compiling release sources kernel with 
specific patch backported from current (on another machine).

I took for example syspatch74-009_pf.tgz

Apart from the pf.o I also see vers.o and gap.o
Should I also provide a new gap.o? I don't understand what this does.

In Makefile I see
newbsd:
   ${MAKE_GAP}
   ${SYSTEM_LD_HEAD}
   ${SYSTEM_LD} swapgeneric.o
   ${SYSTEM_LD_TAIL}
   rm -f bsd.gdb
   mv -f newbsd bsd

so makegap.sh is run from ${MAKE_GAP} which seems to provide a new gap.o

Thanks,

G

Re: 7.5 install crashes on "entry point at 0x1001000" HP Elitebook 840 G10

[Sven Wolf]

Hi,

I had a silimar issue on a Lenovo V130.
For this machine I needed to remove the amdgpu driver in the kernel.

See also:
https://marc.info/?l=openbsd-misc=160232897421774=2
https://marc.info/?l=openbsd-tech=160383074317608=2

Do you get the error "entry point at 0x1001000" also with the bsd.rd 
kernel or only after you installed the system with the bsd.mp/bsd.sp kernel?


Best regards,
Sven


On 5/23/24 22:40, Comète wrote:

Hello,

I tried to install OpenBSD 7.5 on a new HP Elitebook 840 G10 (UEFI capable 
only) without success.
It is stuck at boot on "entry point at 0x1001000".
Even retried after a BIOS upgrade but no luck either.

I tried with a snapshot install too with the same result.

I post here what lspci returns from a debian bookworm:

00:00.0 Host bridge: Intel Corporation Device a706
00:02.0 VGA compatible controller: Intel Corporation Raptor Lake-P [Iris Xe 
Graphics] (rev 04)
00:04.0 Signal processing controller: Intel Corporation Raptor Lake Dynamic 
Platform and Thermal Framework Processor Participant
00:06.0 PCI bridge: Intel Corporation Raptor Lake PCIe 4.0 Graphics Port
00:06.2 PCI bridge: Intel Corporation Device a73d
00:07.0 PCI bridge: Intel Corporation Raptor Lake-P Thunderbolt 4 PCI Express 
Root Port
00:07.2 PCI bridge: Intel Corporation Raptor Lake-P Thunderbolt 4 PCI Express 
Root Port
00:08.0 System peripheral: Intel Corporation GNA Scoring Accelerator module
00:0a.0 Signal processing controller: Intel Corporation Raptor Lake Crashlog 
and Telemetry (rev 01)
00:0d.0 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 USB 
Controller
00:0d.2 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 NHI
00:0d.3 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 NHI
00:14.0 USB controller: Intel Corporation Alder Lake PCH USB 3.2 xHCI Host 
Controller (rev 01)
00:14.2 RAM memory: Intel Corporation Alder Lake PCH Shared SRAM (rev 01)
00:14.3 Network controller: Intel Corporation Raptor Lake PCH CNVi WiFi (rev 01)
00:15.0 Serial bus controller: Intel Corporation Alder Lake PCH Serial IO I2C 
Controller #0 (rev 01)
00:16.0 Communication controller: Intel Corporation Alder Lake PCH HECI 
Controller (rev 01)
00:16.3 Serial controller: Intel Corporation Alder Lake AMT SOL Redirection 
(rev 01)
00:1c.0 PCI bridge: Intel Corporation Alder Lake PCH-P PCI Express Root Port #9 
(rev 01)
00:1e.0 Communication controller: Intel Corporation Alder Lake PCH UART #0 (rev 
01)
00:1e.2 Serial bus controller: Intel Corporation Alder Lake SPI Controller (rev 
01)
00:1f.0 ISA bridge: Intel Corporation Raptor Lake LPC/eSPI Controller (rev 01)
00:1f.3 Multimedia audio controller: Intel Corporation Raptor Lake-P/U/H cAVS 
(rev 01)
00:1f.4 SMBus: Intel Corporation Alder Lake PCH-P SMBus Host Controller (rev 01)
00:1f.5 Serial bus controller: Intel Corporation Alder Lake-P PCH SPI 
Controller (rev 01)
02:00.0 Non-Volatile memory controller: SK hynix BC901 NVMe Solid State Drive 
(DRAM-less) (rev 03)
57:00.0 Wireless controller [0d40]: Intel Corporation XMM7560 LTE Advanced Pro 
Modem (rev 01)


Thanks for your help.

Comete

Re: advice debugging lockups with swap-thrashing symptoms?

[James Cook]

You are probably haunted by a bad issue with DMA memory and running out of
it. Your top is missing -SH since then you would probably see the
pagedameon go bananas. The problem is you have not enough memory below 4G
but the pagedaemon is not able to properly free memory there since it has
no proper tracking for that condition. It only knows memory is short and
tries to drop as much as possible over and over again. As a result your
system becomes unresponsive.

The boot loader can print the memory map. Which should show you
how much memory is below 4G (I think the command is machine mem).

This is a known issue and there is some work going on to fix the problem.
--
:wq Claudio


Thanks, Claudio. Let me know if I can help by testing anything.

In case it's useful, here is the output of "machine memory" at the 
boot prompt. Transcribed by hand so there are probably errors.


boot> machine memory
Region 0: type 1 at 0x0 for 609KB
Region 1: type 2 at 0xf for 64KB
Region 2: type 2 at 0xfec0 for 20480KB
Region 3: type 2 at 0xe000 for 262144KB
Region 4: type 2 at 0x98400 for 31KB
Region 5: type 2 at 0xcfdf for 64KB
Region 6: type 1 at 0x10 for 3404292KB
Region 7: type 3 at 0xcfde3000 for 52KB
Region 8: type 4 at 0xcfde for 12KB
REgion 9: type 1 at 0x1 for 13369344KB
Low ram: 609KB  High ram: 3404292KB
Total free memory: 16774245KB

--
James

7.5 install crashes on "entry point at 0x1001000" HP Elitebook 840 G10

[Comète]

Hello,

I tried to install OpenBSD 7.5 on a new HP Elitebook 840 G10 (UEFI capable 
only) without success. 
It is stuck at boot on "entry point at 0x1001000".
Even retried after a BIOS upgrade but no luck either.

I tried with a snapshot install too with the same result.

I post here what lspci returns from a debian bookworm:

00:00.0 Host bridge: Intel Corporation Device a706
00:02.0 VGA compatible controller: Intel Corporation Raptor Lake-P [Iris Xe 
Graphics] (rev 04)
00:04.0 Signal processing controller: Intel Corporation Raptor Lake Dynamic 
Platform and Thermal Framework Processor Participant
00:06.0 PCI bridge: Intel Corporation Raptor Lake PCIe 4.0 Graphics Port
00:06.2 PCI bridge: Intel Corporation Device a73d
00:07.0 PCI bridge: Intel Corporation Raptor Lake-P Thunderbolt 4 PCI Express 
Root Port
00:07.2 PCI bridge: Intel Corporation Raptor Lake-P Thunderbolt 4 PCI Express 
Root Port
00:08.0 System peripheral: Intel Corporation GNA Scoring Accelerator module
00:0a.0 Signal processing controller: Intel Corporation Raptor Lake Crashlog 
and Telemetry (rev 01)
00:0d.0 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 USB 
Controller
00:0d.2 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 NHI
00:0d.3 USB controller: Intel Corporation Raptor Lake-P Thunderbolt 4 NHI
00:14.0 USB controller: Intel Corporation Alder Lake PCH USB 3.2 xHCI Host 
Controller (rev 01)
00:14.2 RAM memory: Intel Corporation Alder Lake PCH Shared SRAM (rev 01)
00:14.3 Network controller: Intel Corporation Raptor Lake PCH CNVi WiFi (rev 01)
00:15.0 Serial bus controller: Intel Corporation Alder Lake PCH Serial IO I2C 
Controller #0 (rev 01)
00:16.0 Communication controller: Intel Corporation Alder Lake PCH HECI 
Controller (rev 01)
00:16.3 Serial controller: Intel Corporation Alder Lake AMT SOL Redirection 
(rev 01)
00:1c.0 PCI bridge: Intel Corporation Alder Lake PCH-P PCI Express Root Port #9 
(rev 01)
00:1e.0 Communication controller: Intel Corporation Alder Lake PCH UART #0 (rev 
01)
00:1e.2 Serial bus controller: Intel Corporation Alder Lake SPI Controller (rev 
01)
00:1f.0 ISA bridge: Intel Corporation Raptor Lake LPC/eSPI Controller (rev 01)
00:1f.3 Multimedia audio controller: Intel Corporation Raptor Lake-P/U/H cAVS 
(rev 01)
00:1f.4 SMBus: Intel Corporation Alder Lake PCH-P SMBus Host Controller (rev 01)
00:1f.5 Serial bus controller: Intel Corporation Alder Lake-P PCH SPI 
Controller (rev 01)
02:00.0 Non-Volatile memory controller: SK hynix BC901 NVMe Solid State Drive 
(DRAM-less) (rev 03)
57:00.0 Wireless controller [0d40]: Intel Corporation XMM7560 LTE Advanced Pro 
Modem (rev 01)


Thanks for your help.

Comete

Re: Q: Problems forwarding traffic using pf ...

[Zé Loff]

On Thu, May 23, 2024 at 08:24:03PM +0300, Kapetanakis Giannis wrote:
> On 23/05/2024 20:18, Peter N. M. Hansteen wrote:
> > On Thu, May 23, 2024 at 11:14:20AM +0200, Why 42? The lists account. wrote:
> > > I need to quickly create a solution for forwarding multicast traffic
> > > between two systems, so I though perhaps I could use pf to do just that
> > > by writing some rules along the lines of:
> > > 
> > >  1. pass in on iface A proto UDP ... tag mcast
> > >  2. pass out on iface B tagged mcast
> > > 
> > >  And another pair of rules for the reverse direction B -> A.
> > > 
> > > (Obviously I'd add more options to filter specific addresses, etc.)
> > Possibly stupid question, but did you set the sysctl(s) to enable 
> > forwarding?
> > 
> > $ sysctl net.inet.ip.forwarding
> > 
> > and
> > 
> > $ sysctl net.inet6.ip6.forwarding
> > 
> > will provide the answer (as in, if those values are not 1, forwarding
> > between interfaces is not enabled)
> > 
> > 
> And there is also mforwarding
> 
> net.inet.ip.forwarding
> net.inet.ip.mforwarding
> net.inet6.ip6.forwarding
> net.inet6.ip6.mforwarding
> 
> G
> 

And multicast=YES rc.conf.local
-- 
 

Re: Q: Problems forwarding traffic using pf ...

[Kapetanakis Giannis]

On 23/05/2024 20:18, Peter N. M. Hansteen wrote:

On Thu, May 23, 2024 at 11:14:20AM +0200, Why 42? The lists account. wrote:

I need to quickly create a solution for forwarding multicast traffic
between two systems, so I though perhaps I could use pf to do just that
by writing some rules along the lines of:

 1. pass in on iface A proto UDP ... tag mcast
 2. pass out on iface B tagged mcast

 And another pair of rules for the reverse direction B -> A.

(Obviously I'd add more options to filter specific addresses, etc.)

Possibly stupid question, but did you set the sysctl(s) to enable forwarding?

$ sysctl net.inet.ip.forwarding

and

$ sysctl net.inet6.ip6.forwarding

will provide the answer (as in, if those values are not 1, forwarding
between interfaces is not enabled)



And there is also mforwarding

net.inet.ip.forwarding
net.inet.ip.mforwarding
net.inet6.ip6.forwarding
net.inet6.ip6.mforwarding

G

Re: Q: Problems forwarding traffic using pf ...

[Peter N. M. Hansteen]

On Thu, May 23, 2024 at 11:14:20AM +0200, Why 42? The lists account. wrote:
> I need to quickly create a solution for forwarding multicast traffic
> between two systems, so I though perhaps I could use pf to do just that
> by writing some rules along the lines of:
> 
> 1. pass in on iface A proto UDP ... tag mcast
> 2. pass out on iface B tagged mcast
> 
> And another pair of rules for the reverse direction B -> A.
> 
> (Obviously I'd add more options to filter specific addresses, etc.)

Possibly stupid question, but did you set the sysctl(s) to enable forwarding?

$ sysctl net.inet.ip.forwarding

and

$ sysctl net.inet6.ip6.forwarding

will provide the answer (as in, if those values are not 1, forwarding
between interfaces is not enabled)


-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
https://bsdly.blogspot.com/ https://www.bsdly.net/ https://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: advice debugging lockups with swap-thrashing symptoms?

[Claudio Jeker]

On Thu, May 23, 2024 at 03:37:24PM +, James Cook wrote:
> On Thu, May 23, 2024 at 08:00:37AM GMT, Nick Holland wrote:
> > On 5/23/24 03:18, Stuart Henderson wrote:
> > > On 2024-05-22, James Cook  wrote:
> > > > One of my OpenBSD boxes sometimes gets in a weird locked-up or
> > > > almost-locked-up state. I'm wondering what I can do to debug it
> > > > further next time it happens.
> > > ...
> > > > I would also expect the cache number to be much higher. E.g. on
> > > > this occasion, I was running "git annex fsck", which reads plenty
> > > > of data from disk.
> > > 
> > > Heavy filesystem access can result in this sort of thing, I used to
> > > have unpacked ports source on one of my machines for grepping over,
> > > the machine was pretty much unusable for anything else while that was
> > > running.
> > > 
> > > Might be worth trying some noatime mount flags if you don't already have
> > > them, at least then you can avoid turning some reads into writes.
> > > 
> > 
> > Definitely a possibility.  Long time ago, I think I asked about the
> > possibility of a "disknice" to throttle disk access on individual
> > tasks.  TedU@ came through for me with something that definitely solved
> > my problem, and I use it from time to time since -- basically, it just
> > suspends a particular program occasionally, which lets other programs
> > have a chance to get disk access.  I saved it (and made a tiny update
> > that is needed now) and put it here:
> > 
> > https://holland-consulting.net/scripts/disknice.html
> > 
> > 
> > Also...
> > I've seen disks "fail" where they get super-slow.  The failure modes
> > seems to be difficulty reading data...but after enough retries, it
> > succeeds, resetting the retry counter back to zero, and then the next
> > read encounters the same problem.  You may be able to hear lots of
> > activity on the drive with little obvious progress.   I'm not convinced
> > this is your problem, but ... something to consider.
> > 
> > Nick.
> 
> Thanks for the pointers. disknice sounds useful. However I am skeptical that
> this can be explained away as a normal consequence of intense filesystem
> access, for a few reasons.
> 
> 1. In the past, even the mouse pointer has frozen. (I'm 95% sure of this
> from memory. Will note it more carefully next time this happens.) Surely
> that shouldn't depend on disk access? See also tmux/xterm updating very
> slowly; does that depend on the filesystem?
> 
> 2. The low 165M cache number makes me suspicious. With 14G free and plenty
> of data being read, shouldn't that grow? E.g. right now it's at 11G (and I'm
> running git annex fsck like I was before; I have a lot of data to fsck). I
> believe I've seen similar small cache numbers in the past.
> 
> 3. The git annex fsck was running on a different hard disk. (Normally it
> sits in a cubpoard; I've hooked it up temporarily.) Swap, /, /home etc are
> all on a different SSD. I am running the same thing now (different disk) and
> perceive no impact on performance. That's not to say there wasn't intense
> access to the SSD, though; Firefox is a suspect here.
> 
> Nonetheless, if I can't make any other progress, I'll look into noatime
> and/or disknice. (I really wish I could reliably reproduce this, but
> unfortunately it just happens every few days or weeks with no apparent
> pattern other than the system being under some load when it happens.)
> 
> (I'll note one other thing, just in case: I also experience random crashes
> and restarts with this machine that seem to be hardware-related. Very
> different from what I'm describing here; has even happened during BIOS POST,
> and with no disks inside the machine. I just mention it because it opens the
> possibility of unreliable hardware involved, in case that changes things.)
> 

You are probably haunted by a bad issue with DMA memory and running out of
it. Your top is missing -SH since then you would probably see the
pagedameon go bananas. The problem is you have not enough memory below 4G
but the pagedaemon is not able to properly free memory there since it has
no proper tracking for that condition. It only knows memory is short and
tries to drop as much as possible over and over again. As a result your
system becomes unresponsive.

The boot loader can print the memory map. Which should show you
how much memory is below 4G (I think the command is machine mem).

This is a known issue and there is some work going on to fix the problem.
-- 
:wq Claudio

Re: advice debugging lockups with swap-thrashing symptoms?

[James Cook]

On Thu, May 23, 2024 at 08:00:37AM GMT, Nick Holland wrote:

On 5/23/24 03:18, Stuart Henderson wrote:

On 2024-05-22, James Cook  wrote:

One of my OpenBSD boxes sometimes gets in a weird locked-up or
almost-locked-up state. I'm wondering what I can do to debug it
further next time it happens.

...

I would also expect the cache number to be much higher. E.g. on
this occasion, I was running "git annex fsck", which reads plenty
of data from disk.


Heavy filesystem access can result in this sort of thing, I used to
have unpacked ports source on one of my machines for grepping over,
the machine was pretty much unusable for anything else while that was
running.

Might be worth trying some noatime mount flags if you don't already have
them, at least then you can avoid turning some reads into writes.



Definitely a possibility.  Long time ago, I think I asked about the
possibility of a "disknice" to throttle disk access on individual
tasks.  TedU@ came through for me with something that definitely solved
my problem, and I use it from time to time since -- basically, it just
suspends a particular program occasionally, which lets other programs
have a chance to get disk access.  I saved it (and made a tiny update
that is needed now) and put it here:

https://holland-consulting.net/scripts/disknice.html


Also...
I've seen disks "fail" where they get super-slow.  The failure modes
seems to be difficulty reading data...but after enough retries, it
succeeds, resetting the retry counter back to zero, and then the next
read encounters the same problem.  You may be able to hear lots of
activity on the drive with little obvious progress.   I'm not convinced
this is your problem, but ... something to consider.

Nick.


Thanks for the pointers. disknice sounds useful. However I am 
skeptical that this can be explained away as a normal consequence 
of intense filesystem access, for a few reasons.


1. In the past, even the mouse pointer has frozen. (I'm 95% sure 
of this from memory. Will note it more carefully next time this 
happens.) Surely that shouldn't depend on disk access? See also 
tmux/xterm updating very slowly; does that depend on the filesystem?


2. The low 165M cache number makes me suspicious. With 14G free 
and plenty of data being read, shouldn't that grow? E.g. right now 
it's at 11G (and I'm running git annex fsck like I was before; I 
have a lot of data to fsck). I believe I've seen similar small cache 
numbers in the past.


3. The git annex fsck was running on a different hard disk. (Normally 
it sits in a cubpoard; I've hooked it up temporarily.) Swap, /, /home 
etc are all on a different SSD. I am running the same thing now 
(different disk) and perceive no impact on performance. That's not 
to say there wasn't intense access to the SSD, though; Firefox is 
a suspect here.


Nonetheless, if I can't make any other progress, I'll look into 
noatime and/or disknice. (I really wish I could reliably reproduce 
this, but unfortunately it just happens every few days or weeks 
with no apparent pattern other than the system being under some 
load when it happens.)


(I'll note one other thing, just in case: I also experience random 
crashes and restarts with this machine that seem to be hardware-related. 
Very different from what I'm describing here; has even happened 
during BIOS POST, and with no disks inside the machine. I just 
mention it because it opens the possibility of unreliable hardware 
involved, in case that changes things.)


--
James

Re: How to assign apps to cwm groups?

[Sadeep Madurange]

On 2024-05-23 22:07:27, Sadeep Madurange wrote:
> I'm trying to assign xterm to group 1 and firefox to group 2. Then,
> I'd like to only see a specific group at any given time. 
> 
> After logging in, I start xterm. Then I start firefox. Problem is
> firefox opens right on top of my terminal. I expected it to open in
> group 2 such that either it's not visible till I press 4+2 or start
> firefox in group 2 and move me to group 2 automatically. Is that not
> how groups work?
> 
> Also, with the config below and firefox and terminal open, when I
> press 4+1 nothing happens (I still see firefox and xterm stacked).
> When I press 4+2, both windows disappears. 
> 
> Can someone please let me know how I can configure groups to work a
> little like workspaces in i3, if that's possible?

Actually, it seems to be working. Not sure what I did, but works as
expected with the following config.

sticky no

autogroup 1"xterm,XTerm"
autogroup 2"Firefox"

# Commands
command mail   "xterm -e 'cd ~/Downloads && mutt -F ~/.mutt/muttrc'"
command firefoxfirefox

bind-key 4-Returnterminal
bind-key 4-d menu-cmd
bind-key 4S-rrestart
bind-key 4S-equit
bind-key 4S-qwindow-close

bind-key 4-1group-only-1
bind-key 4-2group-only-2
bind-key 4-3group-only-3
bind-key 4-4group-only-4
bind-key 4-5group-only-5
bind-key 4-6group-only-6
bind-key 4-7group-only-7
bind-key 4-8group-only-8
bind-key 4-9group-only-9

bind-key 4S-1   window-movetogroup-1
bind-key 4S-2   window-movetogroup-2
bind-key 4S-3   window-movetogroup-3
bind-key 4S-4   window-movetogroup-4
bind-key 4S-5   window-movetogroup-5
bind-key 4S-6   window-movetogroup-6
bind-key 4S-7   window-movetogroup-7
bind-key 4S-8   window-movetogroup-8
bind-key 4S-9   window-movetogroup-9

# Mouse bindings
bind-mouse M-2  window-lower
bind-mouse M-3  window-resize

-- 
Sadeep Madurange
PGP: 103BF9E3E750BF7E

How to assign apps to cwm groups?

[Sadeep Madurange]

Hello,

I'm trying to assign xterm to group 1 and firefox to group 2. Then, I'd
like to only see a specific group at any given time. 

After logging in, I start xterm. Then I start firefox. Problem is
firefox opens right on top of my terminal. I expected it to open in
group 2 such that either it's not visible till I press 4+2 or start
firefox in group 2 and move me to group 2 automatically. Is that not how
groups work?

Also, with the config below and firefox and terminal open, when I press
4+1 nothing happens (I still see firefox and xterm stacked). When I
press 4+2, both windows disappears. 

Can someone please let me know how I can configure groups to work a
little like workspaces in i3, if that's possible?

cwmrc content:

sticky no

bind-key 4-Return "terminal"
bind-key 4-d "menu-exec"
bind-key 4S-r "restart"
bind-key 4S-e "quit"
bind-key 4S-q "window-close"

bind-key 4-1 "group-only-1"
bind-key 4-2 "group-only-2"
bind-key 4-3 "group-only-3"

# Groups
autogroup 1 "xterm,XTerm"
autogroup 2 "Firefox"

# Mouse bindings
bind-mouse M-2  window-lower
bind-mouse M-3  window-resize

-- 
Sadeep Madurange
PGP: 103BF9E3E750BF7E

Re: Sudden reboot every 5-10 minutes on latest snapshot

[Stuart Henderson]

On 2024/05/23 12:12, Ali Farzanrad wrote:
> Hi Stuart,
> 
> Stuart Henderson  wrote:
> > On 2024-05-23, Ali Farzanrad  wrote:
> > > Hi misc@,
> > >
> > > My Minisforum UM790 keeps reboot every 5-10 minutes, without any Kernel
> > > Panic or visible message how may I debug it?
> > > I'm using latest OpenBSD snapshot with this amd64/BUILDINFO:
> > > Build date: 1716424636 - Thu May 23 00:37:16 UTC 2024
> > 
> > Not a lot to go on really.
> > 
> > Is the machine doing anything or just idle?
> 
> It get reboot even in xenodm login screen without any interaction from me.
> 
> > Is X running?
> 
> It's funny.  I disabled the xenodm and it lived for more than 10 minutes;
> then I enabled and started xenodm and it suddenly rebooted after few
> minutes!
> 
> Next time I keep xenodm running, but switched to ttyC0 terminal using
> Alt+Ctrl+F1 key and it lived for more than 10 minutes; then I just
> switched to Xorg using Alt+Ctrl+F5 and it suddenly rebooted again after
> few minutes!
> 
> > Do you get the same with 7.5? if yes, try older releases - can you
> > find one where it doesn't happen?
> 
> I rarely got same issue in previous snapshots (I think my last snapshot
> was for 6 days ago and I had no serious issue with that).
> 
> I think I sould compile and test previous versions of xenocara, right?

Try with just an older kernel first and leave userland alone.
ftp.hostserver.de and openbsd.cs.toronto.edu both have some old
snaps in /archive. (If no snap was built on a certain day then
the files will be identical in the archive so no point testing
when there was no change - you can use what(1) to show the
version - I'd save a few under names like /bsd.mp.
and type "boot bsd.mp." at the boot loader).


> > >
> > > # (dmesg; sysctl hw.sensors)
> > > OpenBSD 7.5-current (GENERIC.MP) #78: Wed May 22 18:31:14 MDT 2024
> > > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> > > real mem = 31909883904 (30431MB)
> > > avail mem = 30921310208 (29488MB)
> > > random: good seed from bootblocks
> > > mpath0 at root
> > > scsibus0 at mpath0: 256 targets
> > > mainbus0 at root
> > > bios0 at mainbus0: SMBIOS rev. 3.5 @ 0x9ab7f000 (45 entries)
> > > bios0: vendor American Megatrends International, LLC. version "1.01" date 
> > > 06/05/2023
> > > bios0: Micro Computer (HK) Tech Limited F7BSC
> > > efi0 at bios0: UEFI 2.8
> > > efi0: American Megatrends rev 0x5001d
> > > acpi0 at bios0: ACPI 6.4
> > > acpi0: sleep states S0 S4 S5
> > > acpi0: tables DSDT FACP SSDT SSDT FIDT MCFG FPDT VFCT BGRT TPM2 SSDT CRAT 
> > > CDIT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT WSMT APIC IVRS SSDT 
> > > SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT
> > > acpi0: wakeup devices GPP1(S4) GPP0(S4) GPP5(S4) GPP7(S4) GP11(S4) 
> > > SWUS(S4) GP12(S4) SWUS(S4)
> > > acpitimer0 at acpi0: 3579545 Hz, 32 bits
> > > acpimcfg0 at acpi0
> > > acpimcfg0: addr 0xe000, bus 0-255
> > > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> > > cpu0 at mainbus0: apid 0 (boot processor)
> > > cpu0: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, 
> > > patch 0a704101
> > > cpu0: cpuid 1 
> > > edx=178bfbff
> > >  
> > > ecx=76f8320b
> > > cpu0: cpuid 6 eax=4 ecx=1
> > > cpu0: cpuid 7.0 
> > > ebx=f1bf97a9
> > >  ecx=405fce edx=1000
> > > cpu0: cpuid d.1 eax=f
> > > cpu0: cpuid 8001 edx=2fd3fbff 
> > > ecx=75c237ff
> > > cpu0: cpuid 8007 edx=e799
> > > cpu0: cpuid 8008 
> > > ebx=791ef257
> > > cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 1MB 
> > > 64b/line 8-way L2 cache, 16MB 64b/line 16-way L3 cache
> > > cpu0: smt 0, core 0, package 0
> > > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
> > > cpu0: apic clock running at 24MHz
> > > cpu0: mwait min=64, max=64, C-substates=1.1, IBE
> > > cpu1 at mainbus0: apid 2 (application processor)
> > > cpu1: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, 
> > > patch 0a704101
> > > cpu1: smt 0, core 1, package 0
> > > cpu2 at mainbus0: apid 4 (application processor)
> > > cpu2: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, 
> > > patch 0a704101
> > > cpu2: smt 0, core 2, package 0
> > > cpu3 at mainbus0: apid 6 (application processor)
> > > cpu3: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, 
> > > patch 0a704101
> > > cpu3: smt 0, core 3, package 0
> > > cpu4 at mainbus0: apid 8 (application processor)
> > > cpu4: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, 
> > > patch 0a704101
> > > cpu4: smt 0, core 4, package 0
> > > cpu5 at mainbus0: apid 10 (application processor)
> > > cpu5: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, 
> > > patch 0a704101
> > > cpu5: smt 0, core 5, package 0
> > > cpu6 at mainbus0: apid 12 (application processor)
> > > cpu6: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, 
> > > patch 0a704101
> > > cpu6: smt 0, core 6, package 0
> > > cpu7 at mainbus0: apid 14 (application 

Re: Sudden reboot every 5-10 minutes on latest snapshot

[Ali Farzanrad]

Hi Stuart,

Stuart Henderson  wrote:
> On 2024-05-23, Ali Farzanrad  wrote:
> > Hi misc@,
> >
> > My Minisforum UM790 keeps reboot every 5-10 minutes, without any Kernel
> > Panic or visible message how may I debug it?
> > I'm using latest OpenBSD snapshot with this amd64/BUILDINFO:
> > Build date: 1716424636 - Thu May 23 00:37:16 UTC 2024
> 
> Not a lot to go on really.
> 
> Is the machine doing anything or just idle?

It get reboot even in xenodm login screen without any interaction from me.

> Is X running?

It's funny.  I disabled the xenodm and it lived for more than 10 minutes;
then I enabled and started xenodm and it suddenly rebooted after few
minutes!

Next time I keep xenodm running, but switched to ttyC0 terminal using
Alt+Ctrl+F1 key and it lived for more than 10 minutes; then I just
switched to Xorg using Alt+Ctrl+F5 and it suddenly rebooted again after
few minutes!

> Do you get the same with 7.5? if yes, try older releases - can you
> find one where it doesn't happen?

I rarely got same issue in previous snapshots (I think my last snapshot
was for 6 days ago and I had no serious issue with that).

I think I sould compile and test previous versions of xenocara, right?

> >
> > # (dmesg; sysctl hw.sensors)
> > OpenBSD 7.5-current (GENERIC.MP) #78: Wed May 22 18:31:14 MDT 2024
> > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> > real mem = 31909883904 (30431MB)
> > avail mem = 30921310208 (29488MB)
> > random: good seed from bootblocks
> > mpath0 at root
> > scsibus0 at mpath0: 256 targets
> > mainbus0 at root
> > bios0 at mainbus0: SMBIOS rev. 3.5 @ 0x9ab7f000 (45 entries)
> > bios0: vendor American Megatrends International, LLC. version "1.01" date 
> > 06/05/2023
> > bios0: Micro Computer (HK) Tech Limited F7BSC
> > efi0 at bios0: UEFI 2.8
> > efi0: American Megatrends rev 0x5001d
> > acpi0 at bios0: ACPI 6.4
> > acpi0: sleep states S0 S4 S5
> > acpi0: tables DSDT FACP SSDT SSDT FIDT MCFG FPDT VFCT BGRT TPM2 SSDT CRAT 
> > CDIT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT WSMT APIC IVRS SSDT SSDT 
> > SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT
> > acpi0: wakeup devices GPP1(S4) GPP0(S4) GPP5(S4) GPP7(S4) GP11(S4) SWUS(S4) 
> > GP12(S4) SWUS(S4)
> > acpitimer0 at acpi0: 3579545 Hz, 32 bits
> > acpimcfg0 at acpi0
> > acpimcfg0: addr 0xe000, bus 0-255
> > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> > cpu0 at mainbus0: apid 0 (boot processor)
> > cpu0: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, 
> > patch 0a704101
> > cpu0: cpuid 1 
> > edx=178bfbff
> >  
> > ecx=76f8320b
> > cpu0: cpuid 6 eax=4 ecx=1
> > cpu0: cpuid 7.0 
> > ebx=f1bf97a9
> >  ecx=405fce edx=1000
> > cpu0: cpuid d.1 eax=f
> > cpu0: cpuid 8001 edx=2fd3fbff 
> > ecx=75c237ff
> > cpu0: cpuid 8007 edx=e799
> > cpu0: cpuid 8008 
> > ebx=791ef257
> > cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 1MB 
> > 64b/line 8-way L2 cache, 16MB 64b/line 16-way L3 cache
> > cpu0: smt 0, core 0, package 0
> > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
> > cpu0: apic clock running at 24MHz
> > cpu0: mwait min=64, max=64, C-substates=1.1, IBE
> > cpu1 at mainbus0: apid 2 (application processor)
> > cpu1: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, 
> > patch 0a704101
> > cpu1: smt 0, core 1, package 0
> > cpu2 at mainbus0: apid 4 (application processor)
> > cpu2: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, 
> > patch 0a704101
> > cpu2: smt 0, core 2, package 0
> > cpu3 at mainbus0: apid 6 (application processor)
> > cpu3: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, 
> > patch 0a704101
> > cpu3: smt 0, core 3, package 0
> > cpu4 at mainbus0: apid 8 (application processor)
> > cpu4: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, 
> > patch 0a704101
> > cpu4: smt 0, core 4, package 0
> > cpu5 at mainbus0: apid 10 (application processor)
> > cpu5: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, 
> > patch 0a704101
> > cpu5: smt 0, core 5, package 0
> > cpu6 at mainbus0: apid 12 (application processor)
> > cpu6: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, 
> > patch 0a704101
> > cpu6: smt 0, core 6, package 0
> > cpu7 at mainbus0: apid 14 (application processor)
> > cpu7: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, 
> > patch 0a704101
> > cpu7: smt 0, core 7, package 0
> > cpu8 at mainbus0: apid 1 (application processor)
> > cpu8: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.01 MHz, 19-74-01, 
> > patch 0a704101
> > cpu8: smt 1, core 0, package 0
> > cpu9 at mainbus0: apid 3 (application processor)
> > cpu9: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.01 MHz, 19-74-01, 
> > patch 0a704101
> > cpu9: smt 1, core 1, package 0
> > cpu10 at mainbus0: apid 5 (application processor)
> > cpu10: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.01 MHz, 19-74-01, 
> > patch 0a704101
> > cpu10: 

Re: advice debugging lockups with swap-thrashing symptoms?

[Nick Holland]

On 5/23/24 03:18, Stuart Henderson wrote:

On 2024-05-22, James Cook  wrote:

One of my OpenBSD boxes sometimes gets in a weird locked-up or
almost-locked-up state. I'm wondering what I can do to debug it
further next time it happens.

...

I would also expect the cache number to be much higher. E.g. on
this occasion, I was running "git annex fsck", which reads plenty
of data from disk.


Heavy filesystem access can result in this sort of thing, I used to
have unpacked ports source on one of my machines for grepping over,
the machine was pretty much unusable for anything else while that was
running.

Might be worth trying some noatime mount flags if you don't already have
them, at least then you can avoid turning some reads into writes.



Definitely a possibility.  Long time ago, I think I asked about the
possibility of a "disknice" to throttle disk access on individual
tasks.  TedU@ came through for me with something that definitely solved
my problem, and I use it from time to time since -- basically, it just
suspends a particular program occasionally, which lets other programs
have a chance to get disk access.  I saved it (and made a tiny update
that is needed now) and put it here:

https://holland-consulting.net/scripts/disknice.html


Also...
I've seen disks "fail" where they get super-slow.  The failure modes
seems to be difficulty reading data...but after enough retries, it
succeeds, resetting the retry counter back to zero, and then the next
read encounters the same problem.  You may be able to hear lots of
activity on the drive with little obvious progress.   I'm not convinced
this is your problem, but ... something to consider.

Nick.

Re: how to fsck automatically at boot

[Nick Holland]

On 5/22/24 08:08, Kirill A. Korinsky wrote:

On Wed, 22 May 2024 12:53:11 +0100,
Nick Holland  wrote:


For reasons of multi-hour fsck's on a few systems, I'm looking at
remounting the problem file systems as "rw" when writing is actually
needed and "ro" after the writing is complete (IN THIS APPLICATION, this
is known) to reduce my "at risk of power outage" window a lot, but I
suspect this will fall deeply within the category of "when I break
things, I get to keep all the pieces". :)



Do you need atime on that FS? Disable it dramatically reduces chances of
manual interraction with fsck. If you move forward and add sync which slow
down write but allows to get almost zero porbability of fsck interraction.


Already done. :)
This is a backup system I have -- lots of symlinks, lots of files.  Cool
thing is, the fsck is painful, but almost never have to help the fsck along,
at least once softdep was removed and they quit crashing in the middle of
backups. (softdep removal really hurt these systems -- some tasks went from
an hour or so to many hours...but it doesn't impact my life one bit.  On
the other hand, obviously I was tickling some of those softdep bugs I had
heard hit some people).


And in other news: couple days ago, I said I rarely need manual intervention
on the systems I just yank the cords from.  Well, this morning, a system I
manage remotely apparently had a couple power events, and one system needed
help with the fsck.  That's what happens when one boasts. :D

Nick.

Re: Sudden reboot every 5-10 minutes on latest snapshot

[Stuart Henderson]

On 2024-05-23, Ali Farzanrad  wrote:
> Hi misc@,
>
> My Minisforum UM790 keeps reboot every 5-10 minutes, without any Kernel
> Panic or visible message how may I debug it?
> I'm using latest OpenBSD snapshot with this amd64/BUILDINFO:
> Build date: 1716424636 - Thu May 23 00:37:16 UTC 2024

Not a lot to go on really.

Is the machine doing anything or just idle?
Is X running?
Do you get the same with 7.5? if yes, try older releases - can you
find one where it doesn't happen?

>
> # (dmesg; sysctl hw.sensors)
> OpenBSD 7.5-current (GENERIC.MP) #78: Wed May 22 18:31:14 MDT 2024
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 31909883904 (30431MB)
> avail mem = 30921310208 (29488MB)
> random: good seed from bootblocks
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 3.5 @ 0x9ab7f000 (45 entries)
> bios0: vendor American Megatrends International, LLC. version "1.01" date 
> 06/05/2023
> bios0: Micro Computer (HK) Tech Limited F7BSC
> efi0 at bios0: UEFI 2.8
> efi0: American Megatrends rev 0x5001d
> acpi0 at bios0: ACPI 6.4
> acpi0: sleep states S0 S4 S5
> acpi0: tables DSDT FACP SSDT SSDT FIDT MCFG FPDT VFCT BGRT TPM2 SSDT CRAT 
> CDIT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT WSMT APIC IVRS SSDT SSDT 
> SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT
> acpi0: wakeup devices GPP1(S4) GPP0(S4) GPP5(S4) GPP7(S4) GP11(S4) SWUS(S4) 
> GP12(S4) SWUS(S4)
> acpitimer0 at acpi0: 3579545 Hz, 32 bits
> acpimcfg0 at acpi0
> acpimcfg0: addr 0xe000, bus 0-255
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, 
> patch 0a704101
> cpu0: cpuid 1 
> edx=178bfbff
>  
> ecx=76f8320b
> cpu0: cpuid 6 eax=4 ecx=1
> cpu0: cpuid 7.0 
> ebx=f1bf97a9
>  ecx=405fce edx=1000
> cpu0: cpuid d.1 eax=f
> cpu0: cpuid 8001 edx=2fd3fbff 
> ecx=75c237ff
> cpu0: cpuid 8007 edx=e799
> cpu0: cpuid 8008 
> ebx=791ef257
> cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 1MB 64b/line 
> 8-way L2 cache, 16MB 64b/line 16-way L3 cache
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
> cpu0: apic clock running at 24MHz
> cpu0: mwait min=64, max=64, C-substates=1.1, IBE
> cpu1 at mainbus0: apid 2 (application processor)
> cpu1: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, 
> patch 0a704101
> cpu1: smt 0, core 1, package 0
> cpu2 at mainbus0: apid 4 (application processor)
> cpu2: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, 
> patch 0a704101
> cpu2: smt 0, core 2, package 0
> cpu3 at mainbus0: apid 6 (application processor)
> cpu3: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, 
> patch 0a704101
> cpu3: smt 0, core 3, package 0
> cpu4 at mainbus0: apid 8 (application processor)
> cpu4: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, 
> patch 0a704101
> cpu4: smt 0, core 4, package 0
> cpu5 at mainbus0: apid 10 (application processor)
> cpu5: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, 
> patch 0a704101
> cpu5: smt 0, core 5, package 0
> cpu6 at mainbus0: apid 12 (application processor)
> cpu6: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, 
> patch 0a704101
> cpu6: smt 0, core 6, package 0
> cpu7 at mainbus0: apid 14 (application processor)
> cpu7: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, 
> patch 0a704101
> cpu7: smt 0, core 7, package 0
> cpu8 at mainbus0: apid 1 (application processor)
> cpu8: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.01 MHz, 19-74-01, 
> patch 0a704101
> cpu8: smt 1, core 0, package 0
> cpu9 at mainbus0: apid 3 (application processor)
> cpu9: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.01 MHz, 19-74-01, 
> patch 0a704101
> cpu9: smt 1, core 1, package 0
> cpu10 at mainbus0: apid 5 (application processor)
> cpu10: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.01 MHz, 19-74-01, 
> patch 0a704101
> cpu10: smt 1, core 2, package 0
> cpu11 at mainbus0: apid 7 (application processor)
> cpu11: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.01 MHz, 19-74-01, 
> patch 0a704101
> cpu11: smt 1, core 3, package 0
> cpu12 at mainbus0: apid 9 (application processor)
> cpu12: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.01 MHz, 19-74-01, 
> patch 0a704101
> cpu12: smt 1, core 4, package 0
> cpu13 at mainbus0: apid 11 (application processor)
> cpu13: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.01 MHz, 19-74-01, 
> patch 0a704101
> cpu13: smt 1, core 5, package 0
> cpu14 at mainbus0: apid 13 (application processor)
> cpu14: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.01 MHz, 19-74-01, 
> patch 0a704101
> cpu14: smt 1, core 6, package 0
> cpu15 at mainbus0: apid 15 (application processor)
> cpu15: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.01 MHz, 19-74-01, 
> patch 0a704101
> 

Sudden reboot every 5-10 minutes on latest snapshot

[Ali Farzanrad]

Hi misc@,

My Minisforum UM790 keeps reboot every 5-10 minutes, without any Kernel
Panic or visible message how may I debug it?
I'm using latest OpenBSD snapshot with this amd64/BUILDINFO:
Build date: 1716424636 - Thu May 23 00:37:16 UTC 2024

# (dmesg; sysctl hw.sensors)
OpenBSD 7.5-current (GENERIC.MP) #78: Wed May 22 18:31:14 MDT 2024
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 31909883904 (30431MB)
avail mem = 30921310208 (29488MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.5 @ 0x9ab7f000 (45 entries)
bios0: vendor American Megatrends International, LLC. version "1.01" date 
06/05/2023
bios0: Micro Computer (HK) Tech Limited F7BSC
efi0 at bios0: UEFI 2.8
efi0: American Megatrends rev 0x5001d
acpi0 at bios0: ACPI 6.4
acpi0: sleep states S0 S4 S5
acpi0: tables DSDT FACP SSDT SSDT FIDT MCFG FPDT VFCT BGRT TPM2 SSDT CRAT CDIT 
SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT SSDT WSMT APIC IVRS SSDT SSDT SSDT SSDT 
SSDT SSDT SSDT SSDT SSDT SSDT
acpi0: wakeup devices GPP1(S4) GPP0(S4) GPP5(S4) GPP7(S4) GP11(S4) SWUS(S4) 
GP12(S4) SWUS(S4)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimcfg0 at acpi0
acpimcfg0: addr 0xe000, bus 0-255
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, patch 
0a704101
cpu0: cpuid 1 
edx=178bfbff
 
ecx=76f8320b
cpu0: cpuid 6 eax=4 ecx=1
cpu0: cpuid 7.0 
ebx=f1bf97a9
 ecx=405fce edx=1000
cpu0: cpuid d.1 eax=f
cpu0: cpuid 8001 edx=2fd3fbff 
ecx=75c237ff
cpu0: cpuid 8007 edx=e799
cpu0: cpuid 8008 
ebx=791ef257
cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 1MB 64b/line 
8-way L2 cache, 16MB 64b/line 16-way L3 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 24MHz
cpu0: mwait min=64, max=64, C-substates=1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, patch 
0a704101
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, patch 
0a704101
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, patch 
0a704101
cpu3: smt 0, core 3, package 0
cpu4 at mainbus0: apid 8 (application processor)
cpu4: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, patch 
0a704101
cpu4: smt 0, core 4, package 0
cpu5 at mainbus0: apid 10 (application processor)
cpu5: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, patch 
0a704101
cpu5: smt 0, core 5, package 0
cpu6 at mainbus0: apid 12 (application processor)
cpu6: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, patch 
0a704101
cpu6: smt 0, core 6, package 0
cpu7 at mainbus0: apid 14 (application processor)
cpu7: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.00 MHz, 19-74-01, patch 
0a704101
cpu7: smt 0, core 7, package 0
cpu8 at mainbus0: apid 1 (application processor)
cpu8: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.01 MHz, 19-74-01, patch 
0a704101
cpu8: smt 1, core 0, package 0
cpu9 at mainbus0: apid 3 (application processor)
cpu9: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.01 MHz, 19-74-01, patch 
0a704101
cpu9: smt 1, core 1, package 0
cpu10 at mainbus0: apid 5 (application processor)
cpu10: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.01 MHz, 19-74-01, patch 
0a704101
cpu10: smt 1, core 2, package 0
cpu11 at mainbus0: apid 7 (application processor)
cpu11: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.01 MHz, 19-74-01, patch 
0a704101
cpu11: smt 1, core 3, package 0
cpu12 at mainbus0: apid 9 (application processor)
cpu12: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.01 MHz, 19-74-01, patch 
0a704101
cpu12: smt 1, core 4, package 0
cpu13 at mainbus0: apid 11 (application processor)
cpu13: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.01 MHz, 19-74-01, patch 
0a704101
cpu13: smt 1, core 5, package 0
cpu14 at mainbus0: apid 13 (application processor)
cpu14: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.01 MHz, 19-74-01, patch 
0a704101
cpu14: smt 1, core 6, package 0
cpu15 at mainbus0: apid 15 (application processor)
cpu15: AMD Ryzen 9 7940HS w/ Radeon 780M Graphics, 4000.01 MHz, 19-74-01, patch 
0a704101
cpu15: smt 1, core 7, package 0
ioapic0 at mainbus0: apid 33 pa 0xfec0, version 21, 24 pins, can't remap
ioapic1 at mainbus0: apid 34 pa 0xfec01000, version 21, 32 pins, can't remap
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (GPP1)
acpiprt2 at acpi0: bus -1 (GPP2)
acpiprt3 at acpi0: bus -1 (GPP0)
acpiprt4 at acpi0: bus -1 (GPP3)
acpiprt5 at acpi0: bus -1 (GPP4)
acpiprt6 at acpi0: bus 2 (GPP5)
acpiprt7 at acpi0: bus -1 (GPP6)
acpiprt8 at 

Q: Problems forwarding traffic using pf ...

[Why 42? The lists account.]

Hi All,

I need to quickly create a solution for forwarding multicast traffic
between two systems, so I though perhaps I could use pf to do just that
by writing some rules along the lines of:

1. pass in on iface A proto UDP ... tag mcast
2. pass out on iface B tagged mcast

And another pair of rules for the reverse direction B -> A.

(Obviously I'd add more options to filter specific addresses, etc.)

So I tried to do a quick test / proof of concept. Here is the pf.conf:
# cat pf.conf
set skip on lo0
set block-policy return
set debug warning

# Begin by blocking everything
block log all   # Begin by blocking everything
pass  in  log on em0proto udp from 192.168.178.166 tag UDP
pass  out log on ure0   tagged UDP
###match route dup-to ure0 tagged TAG_UP

# Allow all outbound
#pass out log modulate state

The two "pass" lines are the basis of the idea. This seems to be pretty
much identical to the tagging example "INTNET" in the pf.conf man page.

pfctl reports:
# pfctl -vvs rules | grep @
@0 block return log all
@1 pass in log on em0 inet proto udp from 192.168.178.166 to any tag UDP
@2 pass out log on ure0 all flags S/SA tagged UDP

I see that rule 1 is matched, but never rule 2. E.g.
...
May 23 10:32:06.602759 rule 0/(match) block in on em0: 192.168.178.179.5353 > 
224.0.0.251.5353: 46[|domain] (DF)
May 23 10:32:06.603963 rule 0/(match) block in on em0: 
fe80::4434:8bff:fecd:b116.5353 > ff02::fb.5353: 46[|domain] [flowlabel 0xbaff9]
May 23 10:32:09.700212 rule 0/(match) block in on em0: 192.168.178.254 > 
224.0.0.1: igmp query [len 12] (DF) [tos 0xc0] [ttl 1]
May 23 10:32:13.267374 rule 1/(match) pass in on em0: 192.168.178.166.56334 > 
192.168.178.11.54321: udp 7
May 23 10:32:20.592971 rule 0/(match) block in on em0: 192.168.178.179.5353 > 
224.0.0.251.5353: 16 [3q][|domain] (DF)
May 23 10:32:21.136275 rule 0/(match) block in on em0: 192.168.178.252.5353 > 
224.0.0.251.5353: 48084+[|domain]
May 23 10:32:21.137074 rule 0/(match) block in on em0: 192.168.178.252.5353 > 
224.0.0.251.5353: 0* [0q] 3/0/3[|domain]
...
May 23 10:32:48.588466 rule 1/(match) pass in on em0: 192.168.178.166.56335 > 
192.168.178.11.54321: udp 42
May 23 10:32:49.705282 rule 0/(match) block in on em0: 192.168.178.179.5353 > 
224.0.0.251.5353: 0[|domain] (DF)
May 23 10:32:49.705839 rule 0/(match) block in on em0: 
fe80::4434:8bff:fecd:b116.5353 > ff02::fb.5353: 0[|domain] [flowlabel 0xbaff9]
...

I must be missing something, but what?

Both interfaces are up and configured with IP addresses.
I'm running the current snapshot i.e. 7.5 GENERIC.MP#77 amd64.

Thanks in advance!

Cheers,
Robb.

Re: wifi

[Mizsei Zoltán]

>From a quick glance it is a bog-standard m.2 / NGFF card, so it should be 
>fairly trivial to replace the card with a supported one,  see the removal 
>steps at 01:30 : 
https://www.youtube.com/watch?app=desktop=dqJ9LjY0Jco


Stuart Henderson írta 2024. máj.. 23, Cs-n 09:23 órakor:
> On 2024-05-23, Gustavo Rios  wrote:
>> --1fa3f9061917b744
>> Content-Type: text/plain; charset="UTF-8"
>>
>> Hi folks!
>>
>> I would like to setup my openbsd wifi but up to now, no success.
>> Here is my lspci output. May some one help me ?
>>
>> Thanks a lot.
>>
>> 02:00.0 Network controller: Realtek Semiconductor Co., Ltd. RTL8821CE
>> 802.11ac PCIe Wireless Network Adapter
>
> OpenBSD doesn't support Realtek 11ac wifi.
>
>
> -- 
> Please keep replies on the mailing list.

-- 
--Z--

Re: wifi

[Stuart Henderson]

On 2024-05-23, Gustavo Rios  wrote:
> --1fa3f9061917b744
> Content-Type: text/plain; charset="UTF-8"
>
> Hi folks!
>
> I would like to setup my openbsd wifi but up to now, no success.
> Here is my lspci output. May some one help me ?
>
> Thanks a lot.
>
> 02:00.0 Network controller: Realtek Semiconductor Co., Ltd. RTL8821CE
> 802.11ac PCIe Wireless Network Adapter

OpenBSD doesn't support Realtek 11ac wifi.


-- 
Please keep replies on the mailing list.

Re: advice debugging lockups with swap-thrashing symptoms?

[Stuart Henderson]

On 2024-05-22, James Cook  wrote:
> One of my OpenBSD boxes sometimes gets in a weird locked-up or
> almost-locked-up state. I'm wondering what I can do to debug it
> further next time it happens.
...
> I would also expect the cache number to be much higher. E.g. on
> this occasion, I was running "git annex fsck", which reads plenty
> of data from disk.

Heavy filesystem access can result in this sort of thing, I used to
have unpacked ports source on one of my machines for grepping over,
the machine was pretty much unusable for anything else while that was
running.

Might be worth trying some noatime mount flags if you don't already have
them, at least then you can avoid turning some reads into writes.

Re: wifi

[Otto Moerbeek]

On Thu, May 23, 2024 at 03:56:01AM -0300, Gustavo Rios wrote:

> Here you have them:

...
"Realtek 8821CE" rev 0x00 at pci2 dev 0 function 0 not configured 

That means there is no driver available in OpenBSD for that card.

-Otto

Re: wifi

[Gustavo Rios]

Here you have them:



Em qui., 23 de mai. de 2024 às 02:59, Otto Moerbeek 
escreveu:

> On Thu, May 23, 2024 at 01:44:57AM -0300, Gustavo Rios wrote:
>
> > Hi folks!
> >
> > I would like to setup my openbsd wifi but up to now, no success.
> > Here is my lspci output. May some one help me ?
> >
> > Thanks a lot.
> >
> > 02:00.0 Network controller: Realtek Semiconductor Co., Ltd. RTL8821CE
> > 802.11ac PCIe Wireless Network Adapter
> >
> > --
> > The lion and the tiger may be more powerful, but the wolves do not
> perform
> > in the circus
>
> It helps more to send a dmesg, to see what the kernel thinks about the
> device,
>
> -Otto
>


-- 
The lion and the tiger may be more powerful, but the wolves do not perform
in the circus
OpenBSD 7.5 (GENERIC.MP) #82: Wed Mar 20 15:48:40 MDT 2024
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8242978816 (7861MB)
avail mem = 7972106240 (7602MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.4 @ 0x5d033000 (75 entries)
bios0: vendor Dell Inc. version "1.16.0" date 06/20/2023
bios0: Dell Inc. Inspiron 15 3520
efi0 at bios0: UEFI 2.7
efi0: Dell rev 0x1
acpi0 at bios0: ACPI 6.3
acpi0: sleep states S0 S4 S5
acpi0: tables DSDT FACP SSDT SSDT SSDT HPET APIC MCFG SSDT SSDT SSDT NHLT SSDT 
LPIT SSDT SSDT DBGP DBG2 BOOT MSDM SSDT TPM2 DMAR SSDT SSDT SSDT SSDT PHAT BGRT 
FPDT
acpi0: wakeup devices PEG0(S4) PEGP(S4) PEGP(S4) PEG2(S4) PEGP(S4) XHCI(S0) 
XDCI(S4) HDAS(S4) CNVW(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) 
PXSX(S4) RP04(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 1920 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: 12th Gen Intel(R) Core(TM) i3-1215U, 4390.68 MHz, 06-9a-04, patch 042a
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,PT,SHA,UMIP,PKU,WAITPKG,PKS,MD_CLEAR,IBT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,IBRS_ALL,SKIP_L1DFL,MDS_NO,IF_PSCHANGE,TAA_NO,MISC_PKG_CT,ENERGY_FILT,DOITM,SBDR_SSDP_N,FBSDP_NO,PSDP_NO,RRSBA,OVERCLOCK,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu0: 48KB 64b/line 12-way D-cache, 32KB 64b/line 8-way I-cache, 1MB 64b/line 
10-way L2 cache, 10MB 64b/line 10-way L3 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 38MHz
cpu0: mwait min=64, max=64, C-substates=0.2.0.2.0.1.0.1, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: 12th Gen Intel(R) Core(TM) i3-1215U, 4390.69 MHz, 06-9a-04, patch 042a
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,PT,SHA,UMIP,PKU,WAITPKG,PKS,MD_CLEAR,IBT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,IBRS_ALL,SKIP_L1DFL,MDS_NO,IF_PSCHANGE,TAA_NO,MISC_PKG_CT,ENERGY_FILT,DOITM,SBDR_SSDP_N,FBSDP_NO,PSDP_NO,RRSBA,OVERCLOCK,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu1: 48KB 64b/line 12-way D-cache, 32KB 64b/line 8-way I-cache, 1MB 64b/line 
10-way L2 cache, 10MB 64b/line 10-way L3 cache
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 8 (application processor)
cpu2: 12th Gen Intel(R) Core(TM) i3-1215U, 3991.51 MHz, 06-9a-04, patch 042a
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,PT,SHA,UMIP,PKU,WAITPKG,PKS,MD_CLEAR,IBT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,IBRS_ALL,SKIP_L1DFL,MDS_NO,IF_PSCHANGE,TAA_NO,MISC_PKG_CT,ENERGY_FILT,DOITM,SBDR_SSDP_N,FBSDP_NO,PSDP_NO,RRSBA,OVERCLOCK,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu2: 48KB 64b/line 12-way D-cache, 32KB 64b/line 8-way I-cache, 1MB 64b/line 
10-way L2 cache, 10MB 64b/line 10-way L3 cache
cpu2: smt 0, core 4, package 0
cpu3 at mainbus0: apid 9 (application processor)
cpu3: 12th Gen Intel(R) Core(TM) i3-1215U, 3991.51 MHz, 06-9a-04, patch 042a
cpu3: 

Re: wifi

[Otto Moerbeek]

On Thu, May 23, 2024 at 01:44:57AM -0300, Gustavo Rios wrote:

> Hi folks!
> 
> I would like to setup my openbsd wifi but up to now, no success.
> Here is my lspci output. May some one help me ?
> 
> Thanks a lot.
> 
> 02:00.0 Network controller: Realtek Semiconductor Co., Ltd. RTL8821CE
> 802.11ac PCIe Wireless Network Adapter
> 
> -- 
> The lion and the tiger may be more powerful, but the wolves do not perform
> in the circus

It helps more to send a dmesg, to see what the kernel thinks about the device,

-Otto

wifi

[Gustavo Rios]

Hi folks!

I would like to setup my openbsd wifi but up to now, no success.
Here is my lspci output. May some one help me ?

Thanks a lot.

02:00.0 Network controller: Realtek Semiconductor Co., Ltd. RTL8821CE
802.11ac PCIe Wireless Network Adapter

-- 
The lion and the tiger may be more powerful, but the wolves do not perform
in the circus

advice debugging lockups with swap-thrashing symptoms?

[James Cook]

Hi,

One of my OpenBSD boxes sometimes gets in a weird locked-up or
almost-locked-up state. I'm wondering what I can do to debug it
further next time it happens.

It feels like swap thrashing, but top reports plenty of memory free.


Symptoms:


1. top reports lots of free memory, small act/tot and cache amounts,
   and some swap space used.

See example output of "top -ud1" below. Note I ran pkill -9 firefox
before running that command, so apparently it's taking a while even
for kill -9 to have an effect.

It's weird the act/tot amounts are so small when free is so high.

I would also expect the cache number to be much higher. E.g. on
this occasion, I was running "git annex fsck", which reads plenty
of data from disk. With my vague understanding of the vm system I
would expect this to result in lots being cached.


3. Hard disk light is constantly active. (Swapping?)


2. System is completely or almost completely unresponsive.

Usually when this happens the X11 display appears completely frozen
and I can't ssh to the machine, switch to another virtual terminal,
or otherwise interact. (I think pinging the box still works in
this case.) I will sometimes notice the system slowing down for
a minute or so, and hard disk activity increasing, before it
completely grinds to a halt.

The most recent time I got lucky, and I could still use ssh and run
simple commands like top and dmesg. After several minutes, I even
saw the X11 display update. My tmux-in-xterm windows were still
trying to redraw themselves for several minutes after being resized:
a few lines were displayed but many were still missing.

Just now, about 40 minutes after the lock-up, my system started
responding quickly again, as if nothing was ever wrong. Maybe it
hepled that I killed some processes including firefox, but I did
that probably more than 10 minutes ago.


below dmesg is from when it was in the almost-locked-up state. I
think the filesystem full messages at the end can be ignored; that
was an issue I resolved earlier. I'm pretty sure I've observed this
on 7.4 and/or 7.5 before I switched to current.

-- 
James


angel ~ $ top -ud1
load averages:  8.17, 10.86, 10.03angel.falsifian.org 18:44:22
200 processes: 1 starting, 6 running, 171 idle, 1 stopped, 18 dead, 3 on 
processor  up 0 days 04:10:10
CPU0 states:  7.6% user,  0.0% nice,  8.4% sys,  6.6% spin,  2.6% intr, 74.8% 
idle
CPU1 states: 10.1% user,  0.0% nice, 10.6% sys,  4.8% spin,  0.0% intr, 74.5% 
idle
CPU2 states:  9.8% user,  0.0% nice, 10.3% sys,  4.9% spin,  0.0% intr, 75.0% 
idle
Memory: Real: 88K/1197M act/tot Free: 14G Cache: 165M Swap: 1046M/32G

  PIDUID   PRI NICE  SIZE   RES STATE WAIT  TIMECPU COMMAND
77712   1000620   39M   20K run/1 - 3:21 30.52% tmux
79301   1000600 1752K   20K run/1 - 0:42 29.59% sshd-session
96911 48620   10M   20K run/2 - 1:30 26.56% unwind
 9794 35610  133M 3156K onproc/2  - 8:12 25.20% Xorg
59778   1000100  610M   20M run/1 thrdeat  19:05 10.84% firefox
27864   1000180 1308K4K sleep/0   sigsusp   0:31  4.98% sh
48161   1000-60 1308K4K sleep/2   piperd0:31  4.59% sh


dmesg:


OpenBSD 7.5-current (GENERIC.MP) #77: Sun May 19 16:08:08 MDT 2024
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17160474624 (16365MB)
avail mem = 16619134976 (15849MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.4 @ 0xf0100 (59 entries)
bios0: vendor Award Software International, Inc. version "F7" date 11/20/2009
bios0: Gigabyte Technology Co., Ltd. GA-MA790XT-UD4P
acpi0 at bios0: ACPI 1.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SSDT HPET MCFG TAMG APIC
acpi0: wakeup devices PCI0(S5) USB0(S3) USB1(S3) USB2(S3) USB3(S3) USB4(S3) 
USB5(S3) USB6(S3) SBAZ(S4) P2P_(S5) PCE2(S4) PCE3(S4) PCE4(S4) PCE5(S4) 
PCE6(S4) PCE7(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpihpet0 at acpi0: 14318180 Hz
acpimcfg0 at acpi0
acpimcfg0: addr 0xe000, bus 0-255
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Phenom(tm) II X3 710 Processor, 2611.93 MHz, 10-04-02, patch 01db
cpu0: cpuid 1 
edx=178bfbff
 ecx=802009
cpu0: cpuid 8001 
edx=efd3fbff 
ecx=37ff
cpu0: cpuid 8007 edx=1f9
cpu0: 64KB 64b/line 2-way D-cache, 64KB 64b/line 2-way I-cache
cpu0: 512KB 64b/line 16-way L2 cache
cpu0: smt 0, core 0, package 0
cpu0: AMD erratum 721 detected and fixed
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 200MHz
cpu0: mwait min=64, max=64, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD Phenom(tm) II X3 710 Processor, 2611.94 MHz, 10-04-02, patch 01db
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: AMD Phenom(tm) II X3 710 Processor, 2612.02 MHz, 

Re: how to fsck automatically at boot

[Stuart Henderson]

On 2024-05-22, Kirill A  Korinsky  wrote:
> On Wed, 22 May 2024 12:53:11 +0100,
> Nick Holland  wrote:
>> 
> Do you need atime on that FS? Disable it dramatically reduces chances of
> manual interraction with fsck.

btw: you probably _do_ want atime on /tmp (see /etc/daily).
But that's a fairly good candidate for MFS anyway.

Re: httpd & nextcloud

[Souji Thenria]

On Wed May 22, 2024 at 4:46 PM BST, Am Jam wrote:

Your tip led me in the right direction and I now have what I need. Thank
you!



Glad I could help.


One thing to note. I had to add the following line to get everything to
work:
-   location "/" { block return 301 "$https://$SERVER_NAME/index.php; }

I added this line because, for some reason, without this line, navigating
to "www.domain.com" would fail.
But I noticed that navigating specifically to "www.domain.com/index.php"
worked.


You might be able to resolve this, by putting the directory index
configuration

directory index "index.php"


in this location context:

location "/*.php*" {
root "/nextcloud"
fastcgi socket "/run/php-fpm.sock"
pass
}


I'm not sure if you can specify the directory index for an entire server
context or if you need to define it inside a location context.

Re: httpd & nextcloud

[Am Jam]

Hi Souji,

Your tip led me in the right direction and I now have what I need. Thank
you!

One thing to note. I had to add the following line to get everything to
work:
-   location "/" { block return 301 "$https://$SERVER_NAME/index.php; }

I added this line because, for some reason, without this line, navigating
to "www.domain.com" would fail.
But I noticed that navigating specifically to "www.domain.com/index.php"
worked.

For posterity's sake, here is my "working" /etc/httpd.conf:

server "www.domain.com" {
listen on * tls port 443

# acme-challenge TLS location
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
}

# enable HTTP Strict Transport Security
hsts {
preload
subdomains
max-age 15768000
}

tls {
certificate "/etc/ssl/domain.io.fullchain.pem"
key "/etc/ssl/private/domain.io.key"
}

# set max upload size to 1G (in bytes)
connection max request body 1048576000
connection max requests 1000
connection request timeout 3600
connection timeout 3600

# set root directory
root "/nextcloud"
directory index "index.php"

block drop

# ensure that no "*.php*" files can be fetched from these directories
location "/config/*" { block drop }
location "/data/*" { block drop }
location "/*.php*" {
root "/nextcloud"
fastcgi socket "/run/php-fpm.sock"
pass
}

location "/dist/*" {
root "/nextcloud"
pass
}

location "/apps/*" {
root "/nextcloud"
pass
}

location "/core/*" {
root "/nextcloud"
pass
}

location "/updater/*" {
root "/nextcloud"
pass
}

location "/" { block return 301 "https://$SERVER_NAME/index.php; }
location "/nextcloud" { block return 301 "$DOCUMENT_URI/index.php" }
location "/nextcloud/" { block return 301 "$DOCUMENT_URI/index.php" }
location "/.well-known/carddav" { block return 301
"https://$SERVER_NAME/remote.php/dav; }
location "/.well-known/caldav" { block return 301
"https://$SERVER_NAME/remote.php/dav; }
location "/.well-known/webfinger" { block return 301
"/index.php/.well-known/webfinger" }
location "/.well-known/nodeinfo" { block return 301
"/index.php/.well-known/nodeinfo" }

location "/ocs-provider/*" {
block return 301 "$DOCUMENT_URI/index.php"
}

location "/ocm-provider/*" {
block return 301 "$DOCUMENT_URI/index.php"
}
}



On Wed, May 22, 2024 at 9:58 AM Souji Thenria 
wrote:

> On Wed May 22, 2024 at 2:38 PM BST, Am Jam wrote:
> > Hi Everyone,
>
> Hi Am,
>
> > Before anyone asks, removing "/nextcloud" from each of the location
> strings
> > does not work.
> > When I do that I get an "ERR_EMPTY_RESPONSE" error in my browser
> (Chrome).
> > My httpd.conf below was inspired by the one outlined in the nextcloud
> > pkg-readme.
>
> Did you also remove the line: 'request strip 1'?
>
> So that instead of
> > location "/nextcloud/*.php*" {
> > root "/nextcloud"
> > request strip 1
> > fastcgi socket "/run/php-fpm.sock"
> > pass
> > }
>
> you should have:
> location "/*.php*" {
> root "/nextcloud"
> fastcgi socket "/run/php-fpm.sock"
> pass
> }
>
>
> Regards,
> Souji
>

Re: httpd & nextcloud

[Souji Thenria]

On Wed May 22, 2024 at 2:38 PM BST, Am Jam wrote:

Hi Everyone,


Hi Am,


Before anyone asks, removing "/nextcloud" from each of the location strings
does not work.
When I do that I get an "ERR_EMPTY_RESPONSE" error in my browser (Chrome).
My httpd.conf below was inspired by the one outlined in the nextcloud
pkg-readme.


Did you also remove the line: 'request strip 1'?

So that instead of

location "/nextcloud/*.php*" {
root "/nextcloud"
request strip 1
fastcgi socket "/run/php-fpm.sock"
pass
}


you should have:
location "/*.php*" {
   root "/nextcloud"
   fastcgi socket "/run/php-fpm.sock"
   pass
}


Regards,
Souji

httpd & nextcloud

[Am Jam]

Hi Everyone,

I am trying to run a small nextcloud website and I'm having a problem with
the URLs.
I installed nextcloud via pkg_add, and all of its files were installed
under /var/www/nextcloud.
The pkg-readmes were helpful in getting nextcloud working with httpd.

However, though everything "works", my URLs look like this:
-   www.domain.com/nextcloud/index.php/foo/bar/...

And I can't for the life of me seem to edit /etc/httpd.conf to make it so
my URLs look like this:
-   www.domain.com/index.php/foo/bar/...

Furthermore, I can only access nextcloud if I navigate to
-   www.domain.com/nextcloud

I would prefer to access nextcloud by navigating to
-   www.domain.com


Even if I add the following line to /etc/httpd.conf, it works only in the
web browser and nextcloud-specific iOS apps don't fully work properly:
-   location "/" { block return 301 "nextcloud/index.php" }


My /etc/httpd.conf is below.
Am I missing something obvious?

Before anyone asks, removing "/nextcloud" from each of the location strings
does not work.
When I do that I get an "ERR_EMPTY_RESPONSE" error in my browser (Chrome).
My httpd.conf below was inspired by the one outlined in the nextcloud
pkg-readme.

Thanks in advance.

server "www.domain.com" {
listen on * tls port 443

# acme-challenge TLS location
location "/.well-known/acme-challenge/*" {
root "/acme"
request strip 2
}

# enable HTTP Strict Transport Security
hsts {
preload
subdomains
max-age 15768000
}

tls {
certificate "/etc/ssl/domain.com.fullchain.pem"
key "/etc/ssl/private/domain.com.key"
}

# set root directory
root "/nextcloud"
directory index "index.php"

# set max upload size to 1G (in bytes)
connection max request body 1048576000
connection max requests 1000
connection request timeout 3600
connection timeout 3600

block drop

# ensure that no "*.php*" files can be fetched from these directories
location "/nextcloud/config/*" { block drop }
location "/nextcloud/data/*" { block drop }
location "/nextcloud/*.php*" {
root "/nextcloud"
request strip 1
fastcgi socket "/run/php-fpm.sock"
pass
}

location "/nextcloud/dist/*" {
root "/nextcloud"
request strip 1
pass
}

location "/nextcloud/apps/*" {
root "/nextcloud"
request strip 1
pass
}

location "/nextcloud/core/*" {
root "/nextcloud"
request strip 1
pass
}

location "/nextcloud/updater/*" {
root "/nextcloud"
request strip 1
pass
}

location "/nextcloud" { block return 301 "$DOCUMENT_URI/index.php" }
location "/nexctloud/" { block return 301 "$DOCUMENT_URI/index.php" }
location "/.well-known/carddav" { block return 301
"https://$SERVER_NAME/nextcloud/remote.php/dav; }
location "/.well-known/caldav" { block return 301
"https://$SERVER_NAME/nextcloud/remote.php/dav; }
location "/.well-known/webfinger" { block return 301
"/nextcloud/index.php/.well-known/webfinger" }
location "/.well-known/nodeinfo" { block return 301
"/nextcloud/index.php/.well-known/nodeinfo" }

location "/nextcloud/ocs-provider/*" {
block return 301 "$DOCUMENT_URI/index.php"
}

location "/nextcloud/ocm-provider/*" {
block return 301 "$DOCUMENT_URI/index.php"
}
}

Re: how to fsck automatically at boot

[Kirill A . Korinsky]

On Wed, 22 May 2024 12:53:11 +0100,
Nick Holland  wrote:
> 
> For reasons of multi-hour fsck's on a few systems, I'm looking at
> remounting the problem file systems as "rw" when writing is actually
> needed and "ro" after the writing is complete (IN THIS APPLICATION, this
> is known) to reduce my "at risk of power outage" window a lot, but I
> suspect this will fall deeply within the category of "when I break
> things, I get to keep all the pieces". :)
> 

Do you need atime on that FS? Disable it dramatically reduces chances of
manual interraction with fsck. If you move forward and add sync which slow
down write but allows to get almost zero porbability of fsck interraction.

-- 
wbr, Kirill

Re: Bgpd multipath conf

[Marco Agostani]

In the end I found out a way to  manage mutipath.
Outside the bgpd daemon.
Basically I evaluate the bgp peer status from ifstated rules and I 
install/remove static multipath route on variation.
The first test seem promising.
In the end I can even manage carp based on peer availabilty with this approach.

If someone is interested in conf I can post as well as soon as I finish my test 
base.


Cheers
M.



Caterpillar: Confidential Green
-Original Message-
From: Benjamin Raskin 
Sent: Thursday, May 16, 2024 3:47 PM
To: Stuart Henderson ; Marco Agostani 

Cc: misc@openbsd.org
Subject: Re: Bgpd multipath conf

CAUTION: EXTERNAL EMAIL  This is a message from raskinbenjam...@gmail.com.  Use 
caution when opening unexpected emails and do not click on links or attachments 
from unknown senders. For more resources, visit security.cat.com/phishing.

__
I'm working on something similar right now for bgpd, where any connected /128 
ipv6 address will be announced over bgp.

For example if the router is connected to an adjacent host that has assigned 
itself an address through slaac such that the router has an entry for that 
particular host in the routing table, then the router will announce the host's 
/128 address.

On Thu, May 16, 2024 at 6:24 AM Stuart Henderson  
wrote:
>
> On 2024-05-16, Marco Agostani  wrote:
> > Ok so in the end is there a way to install more then one route in the 
> > kernel table through bgpd or not ?
>
> No. That is what "bgpd ... does not handle adding multiple paths for
> the same prefix to the FIB" means. (FIB = "forwarding information
> base" = kernel route table)
>
> > And if it's something that could be done in the future ?
>
> could? sure, if someone were to write the code to support it.
>
> I don't think it will be a particularly easy thing to do though.
>
>
> --
> Please keep replies on the mailing list.
>

Re: how to fsck automatically at boot

[Nick Holland]

On 5/21/24 08:28, Stuart Henderson wrote:

On 2024-05-21, Nick Holland  wrote:

...


When I remove that disk the boot sequence stops and asks for a fsck
I would like that this disk is mounted when it's present, but when it's not 
installed I don't want the boot sequence to stop


Make it also "noauto" in fstab and mount it in rc.local.


Last I tried this, it didn't do what I wanted -- "noauto" still expects
to have the disk there and will fsck it on boot.  Failure to be able to
do this stops the boot.  It's been a while since I last tried this, so
perhaps something has changed (including my recollection?)


See fstab(5) about fs_passno.


ah, so "0" or blank. cool. learned something.
That will simplify a few things!


And this might be a solution for the OP's problem:
make /usr and /usr/* "ro" during normal operation


reorder_kernel is run in the background from /etc/rc; for RO /usr
you need to wait for that to finish.


And I forgot that. d'oh.
So yes, file my tidbit under "REALLY BAD ADVICE" and ignore it.

For reasons of multi-hour fsck's on a few systems, I'm looking at
remounting the problem file systems as "rw" when writing is actually
needed and "ro" after the writing is complete (IN THIS APPLICATION, this
is known) to reduce my "at risk of power outage" window a lot, but I
suspect this will fall deeply within the category of "when I break
things, I get to keep all the pieces". :)

Nick.

 

Re: how to fsck automatically at boot

[Mik J]

Hello Nick, Stuart, Kirill, Jan,
Thank you for all your answers.






Le mardi 21 mai 2024 à 14:31:13 UTC+2, Stuart Henderson 
 a écrit : 





On 2024-05-21, Nick Holland  wrote:
> On 5/20/24 09:37, Jan Stary wrote:
>> On May 20 13:22:26, mikyde...@yahoo.fr wrote:
>>> Hello,
>>> 
>>> I have two use cases and problems with fsck.
>>> 
>>> 1) When my openbsd boots after an outage, the system asks me to fsck /, 
>>> /usr, /var or /home manually.
>>> So I do
>>> fsck /dev/sd0a
>>> And then I'm asked questions and I usually answer F
>>> 
>>> So my question is that I want this process to be done automatically at boot 
>>> time for each partition that has a problem.
>> 
>> The /etc/rc boot script calls fsck -p;
>> if that fails, it means fsck -p was unable to fix a major problem.
>> It is the point that it requires an admin's intervention.
>> 
>> You would have to change the fsck call to fsck -y;
>> but don't do that.

AIUI the rationale for not using -y by default is that fsck may do
further damage to a badly damaged disk. But in practice many people
wouldn't do anything other than hit 'y' lots or 'F' when fsck
complains, in which case patching /etc/rc to run -y by default
isn't going to be any worse... And there are certainly some classes
of system where you don't really care about losing data (i.e. you
can recreate from config management or backups) but you do want to
maximise the chances of being able to connect in remotely, and in
that case -y can definitely help.

> I'd look at why your file systems are always needing these manual
> interventions after a hard shutdown.  I routinely power down my
> personal systems with yanking the power cord if it would take me
> longer "properly" connect a console and properly shut down.

That really depends on what the system is doing.

>>> When I remove that disk the boot sequence stops and asks for a fsck
>>> I would like that this disk is mounted when it's present, but when it's not 
>>> installed I don't want the boot sequence to stop
>> 
>> Make it also "noauto" in fstab and mount it in rc.local.
>
> Last I tried this, it didn't do what I wanted -- "noauto" still expects
> to have the disk there and will fsck it on boot.  Failure to be able to
> do this stops the boot.  It's been a while since I last tried this, so
> perhaps something has changed (including my recollection?)

See fstab(5) about fs_passno.

> And this might be a solution for the OP's problem:
> make /usr and /usr/* "ro" during normal operation

reorder_kernel is run in the background from /etc/rc; for RO /usr
you need to wait for that to finish.

-- 
Please keep replies on the mailing list.

Re: IPv6 routing problems with vether and vmm

[Stuart Henderson]

On 2024/05/21 20:30, jrmu wrote:
> Greetings,
> 
> > > I also don't control the entire /48.
> > >
> > > Here is the information I was given:
> > >
> > > My IPv6 Address Subnet: 2602:fccf:400:41::/64
> > > Hypervisor' IPv6 Gateway: 2602:fccf:400::1
> > >
> > > I was only given a /64.
> > 
> > So you should use a /64 prefix length not the /48 which you have.
> > 
> > See EXAMPLES in route(8) for how to set the gateway.
> 
> Please excuse my ignorance here, as I am unfamiliar with networking. Can
> you explain why /64 is the correct prefix length?

Because that is the information they gave you:

"Here is the information I was given:
My IPv6 Address Subnet: 2602:fccf:400:41::/64"

> I am confused because it seems not analogous to IPv4.

Your provider has decided to use a different config method for v6
compared to v4.

They probably have a route for the whole /64 to your MAC address to
avoid having to do neighbour discovery (NDP) for addresses in your
subnet.

If they did NDP, they have to try to find the MAC address to send
packets for that individual address. So if that address isn't in
the (limited size) NDP cache their router would need to buffer the
packet, try to resolve the address, if that address is not configured
anywhere they'd need to wait for a timeout before possibly generating a
host-unreachable icmp6 message and discarding the packet. These are all
slow operations using cpu resources on a router where those resources
are usually quite limited.

Now consider the number of addresses in the subnet and that someone
on the internet can send packets to any address. There are similar
issues for v4 (using ARP rather than NDP to find MAC addresses) but the
scale is vastly different - and most addresses will be in use anyway
so most of the time a randomly addressed packet will already have the
MAC address in the ARP cache.

There are other ways to handle this (e.g. add a small 'link net' between
the router and your host) but config for that is a bit more hassle
to do on the provider's side - typically with that setup you'd have
a separate vlan per customer too, as well as the route table entry
across the provider's network for the link net, using more resources on
routers/switches.

> In the IPv4 example, my address is 104.167.241.211, the gateway is
> 104.167.241.193, and the subnet mask 255.255.255.192. The network length
> then is /26. I don't control the entire /26 subnet, only one single IPv4
> address within it, but my network would have a prefix length of /26.

All of the /26 is probably directly reachable (using ARP to lookup
the MAC address). And vice-versa, other addresses in the /26 will
be expecting to be able to send packets to you directly rather than
going via the gateway.

> Isn't using a prefix length of /48 the same in the case of IPv6? I don't
> control the entire /48, but the gateway 2602:fccf:400::1 shares the
> first 48 network bits with my IPv6 address 2602:fccf:400:41::

You almost certainly can't reach the rest of the /48 without going
via the gateway.

> If I were to set the routing prefix length to 64, then I could manually
> add an extra route to the IPv6 gateway. But then, wouldn't I want to set
> my IPv4 address with a subnet mask of 255.255.255.255, so that the
> network length would be 32 rather than 26, and also add a manual route
> there?

Some providers do do that for v4, but if they had they'd be telling you
to use the /32. There's a lot less reason to do it for v4 though.

Re: packet filter silently ignores a rule

[Maksim Rodin]

Hello!
This was the first thing I checked.
But I think there was a deadly combo of two factors:
1) the continuation character
2) The nuance described in man pf.conf:
"Care should be taken when
commenting out multi-line text: the comment is effective until the end of
the entire block."

After continuous experimenting with the rules there are too many
commented lines mixed with real config blocks in my pf.conf.

I really have to do some cleaning.

Thank you everybody for all your help!

On Tue May 21 16:49:00 2024, Steve Williams wrote:
> A lot of Unix configuration files have an issue with the continuation
> character "\" IF THERE IS A SPACE AFTER IT!!
> 
> Make sure that the \ is the last character on the line!
> 
> S.
> 
> On 20/05/2024 11:01 p.m., Maksim Rodin wrote:
> > I solved the problem by copying the entire rule block right after
> > the old one and commenting out the old one.
> > 
> > New:
> > pass in on egress inet proto tcp to (egress) port $mail_ports \
> > keep state (max-src-conn 20, \
> > max-src-conn-rate 35/300, overload  \
> > flush global) \
> > rdr-to $mail_server
> > 
> > Old:
> > pass in on egress inet proto tcp to (egress) \
> > port $mail_ports \
> > keep state (max-src-conn 20, \
> > max-src-conn-rate 35/300, overload  \
> > flush global) rdr-to $mail_server
> > 
> > I only split one line and merged two other lines into one
> > but I think I did it correctly and I do not see any logical
> > changes in the block.
> > 
> > I still cannot understand what happened because there were no
> > uncommented excess lines within the old block.
> > 
> > Before copying the entire rule block I even occasionally made
> > a typo in the old rule and checked it with pfctl -nf /etc/pf.conf.
> > PF still did as if there were no block with the typo at all:
> > 
> > pass in on egress inet proto tcp to (egress) \
> > ort $mail_ports \
> > keep state (max-src-conn 20, \
> > max-src-conn-rate 35/300, overload  \
> > flush global) rdr-to $mail_server
> > 
> > 
> > 
> > On Mon May 20 11:43:21 2024, Maksim Rodin wrote:
> > > Hello,
> > > I use OpenBSD 7.5 stable amd64.
> > > I uncommented an old rule and the corresponding macro in pf.conf
> > > which definitely worked when the
> > > machine was on version 7.3 and possibly 7.4.
> > > 
> > > After that:
> > > pfctl -nf /etc/pf.conf shows nothing
> > > pfctl -f /etc/pf.conf shows nothing
> > > So Packet Filter seems to be happy with the config as a whole.
> > > 
> > > pfctl -vvsr shows the old rules WITHOUT the uncommented one.
> > > pfctl -vvnf /etc/pf.conf warns that the uncommented macro
> > > used in the uncommented rule is NOT used.
> > > 
> > > The output of pfctl -vvnf /etc/pf.conf is appended as
> > > pfctl_vvnf file
> > > The output of pfctl -vvsr is appended as
> > > pfctl_vvsr file
> > > 
> > > 
> > > Did I miss something when changing the configuration?
> > > 
> > > The uncommented section 1 is:
> > > mail_ports = "{ submission imaps }"
> > > 
> > > The uncommented section 2 is:
> > > pass in on egress inet proto tcp to (egress) \
> > >   port $mail_ports \
> > >   keep state (max-src-conn 20, \
> > >   max-src-conn-rate 35/300, overload  \
> > >   flush global) rdr-to $mail_server
> > > 
> > > 
> > > My whole pf.conf (all uncommented lines):
> > > int_if = "{ vether1 em1 em2 em3 }"
> > > table  { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 \
> > > 169.254.0.0/16 172.16.0.0/12 192.0.2.0/24 \
> > > 192.168.0.0/16 198.18.0.0/15 198.51.100.0/24 \
> > > }
> > > table  persist
> > > table  persist file "/etc/mail/nospamd"
> > > table  persist file "/etc/pf/bad_ips"
> > > 
> > > transmission_server = "192.168.1.65"
> > > mail_server = "192.168.1.171"
> > > 
> > > mail_ports = "{ submission imaps }"
> > > 
> > > block log all
> > > set limit table-entries 100
> > > set block-policy drop
> > > set syncookies adaptive (start 29%, end 15%)
> > > set skip on lo
> > > 
> > > match in all scrub (no-df random-id max-mss 1440)
> > > match out on egress inet from (vether1:network) \
> > >   to any nat-to (egress:0)
> > > 
> > > block in quick on egress from  to any
> > > block return out quick on egress from any to 
> > > block quick from 
> > > 
> > > pass out quick inet
> > > pass in on $int_if inet
> > > 
> > > pass in on egress inet proto tcp  \
> > >   to (egress) port 22 keep state \
> > >   (max-src-conn 2, max-src-conn-rate 2/300, \
> > >   overload  flush global)
> > > 
> > > pass in on egress inet proto { tcp udp }  \
> > >   to (egress) port domain keep state \
> > >   (max-src-states 10) \
> > >   rdr-to 127.0.0.1 port 8053
> > > 
> > > pass in on $int_if inet proto { tcp udp } from \
> > >   (vether1:network) to (egress) port domain
> > > 
> > > pass in on egress inet proto { tcp udp } \
> > >   to (egress) port 5 \
> > >   rdr-to $transmission_server
> > > 
> > > pass in on egress inet proto tcp to (egress) \
> > >   port $mail_ports \
> > >   keep state (max-src-conn 20, \
> > >   

Re: IPv6 routing problems with vether and vmm

[jrmu]

Greetings,

> > I also don't control the entire /48.
> >
> > Here is the information I was given:
> >
> > My IPv6 Address Subnet: 2602:fccf:400:41::/64
> > Hypervisor' IPv6 Gateway: 2602:fccf:400::1
> >
> > I was only given a /64.
> 
> So you should use a /64 prefix length not the /48 which you have.
> 
> See EXAMPLES in route(8) for how to set the gateway.

Please excuse my ignorance here, as I am unfamiliar with networking. Can
you explain why /64 is the correct prefix length?

I am confused because it seems not analogous to IPv4.

In the IPv4 example, my address is 104.167.241.211, the gateway is
104.167.241.193, and the subnet mask 255.255.255.192. The network length
then is /26. I don't control the entire /26 subnet, only one single IPv4
address within it, but my network would have a prefix length of /26.

Isn't using a prefix length of /48 the same in the case of IPv6? I don't
control the entire /48, but the gateway 2602:fccf:400::1 shares the
first 48 network bits with my IPv6 address 2602:fccf:400:41::

If I were to set the routing prefix length to 64, then I could manually
add an extra route to the IPv6 gateway. But then, wouldn't I want to set
my IPv4 address with a subnet mask of 255.255.255.255, so that the
network length would be 32 rather than 26, and also add a manual route
there?

-- 
jrmu
IRCNow (https://ircnow.org)


signature.asc
Description: PGP signature

Re: IPv6 routing problems with vether and vmm

[Willy Manga]

.
On 21/05/2024 22:04, jrmu wrote:

Greetings,


Here is my configuration:



Inside hypervisor:



hypervisor$ cat /etc/hostname.em1
inet 104.167.241.211 0xffc0
inet6 2602:fccf:400:41:: 48


Why are you using 48 as mask here and not 64?


I don't have control over the hypervisor's gateway, that is provided by
my ISP.


Okay but my question still apply here. em1 IPv6 address should have /64 
as mask and not 48.




Your gateway must have a (static) route saying we can reach 2602:fccf::/36
(or a any smaller subnet you will use in your hypervisor) via
em1.IPv6.address. I will pick 2602:fccf:400::/48 as the block you plan to
use for all your VMs.


I also don't control the entire /48.

Here is the information I was given:

My IPv6 Address Subnet: 2602:fccf:400:41::/64
Hypervisor' IPv6 Gateway: 2602:fccf:400::1
I was only given a /64.


When you manage a hypervisor, using only 1x/64 is less than ideal. It's 
just not enough because you can have more than 1 'type of usage'. I 
always request at least 1x/56.


You have at least 2 solutions:

1. Use  the prefix 2602:fccf:400:41::/64 for all your interfaces . For 
em1 , avoid the first address. It works but some device will not happily 
accept your packets. Use anything else between  2602:fccf:400:41::1 and 
2602:fccf:400:41:::: . Again use 64 as your mask and not 
48 on em1.


2. Ask your ISP 2 things:
2.1 Establish point to point with you from 1 prefix
2.2 Route you *another* prefix (as explained in my previous email).

If they find difficult to route more than 1x/64 (that will be a shame ) 
they can stick to 1x/64 but honestly it should not be a big deal.



--
Willy Manga

Re: IPv6 routing problems with vether and vmm

[Stuart Henderson]

On 2024-05-21, jrmu  wrote:
>
> --qhuug7BO2jqFJSbi
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
>
> Greetings,
>
>> > Here is my configuration:
>>=20
>> > Inside hypervisor:
>>=20
>> > hypervisor$ cat /etc/hostname.em1
>> > inet 104.167.241.211 0xffc0
>> > inet6 2602:fccf:400:41:: 48
>>=20
>> Why are you using 48 as mask here and not 64?
>
> I don't have control over the hypervisor's gateway, that is provided by
> my ISP.
>
>> Your gateway must have a (static) route saying we can reach 2602:fccf::/36
>> (or a any smaller subnet you will use in your hypervisor) via
>> em1.IPv6.address. I will pick 2602:fccf:400::/48 as the block you plan to
>> use for all your VMs.
>
> I also don't control the entire /48.
>
> Here is the information I was given:
>
> My IPv6 Address Subnet: 2602:fccf:400:41::/64
> Hypervisor' IPv6 Gateway: 2602:fccf:400::1
>
> I was only given a /64.

So you should use a /64 prefix length not the /48 which you have.

See EXAMPLES in route(8) for how to set the gateway.

Important message for Apple Silicon OpenBSD/arm64 users

[Mark Kettenis]

As indicated here:

  https://social.treehouse.systems/@AsahiLinux/112449204541186432

The system firmware that comes with macOS Sonoma 14.5 triggers a bug
in the m1n1 bootloader that is used to boot OpenBSD on these machines.
The bug will prevent OpenBSD from booting on some machines after the
macOS update has been installed.  The recommended fix is to update the
"stage1" m1n1 by booting into macOS and running:

  $ curl https://alx.sh | sh

choosing the 'm' option when prompted to upgrade as indicated in the
aforementioned post.  This should work even if you've already
installed the macOS update.

We've also released a new version of the "apple-boot" firmware (which
contains a "stage2" m1n1) that has a workaround for the bug. To
install this new firmware on OpenBSD 7.5 or -current, you can do:

  # fw_update
  # installboot sd0

This must be done before updating macOS.  You can verify that the
workaround is installed with the following command:

  # eeprom -p | grep m1n1
  asahi,m1n1-stage2-version: '1.4.14'

If the displayed version number is 1.4.14 or later, the workaround is
installed.

OpenBSD 7.4 users should upgrade to OpenBSD 7.5.

Cheers,

Mark

Re: IPv6 routing problems with vether and vmm

[jrmu]

Greetings,

> > Here is my configuration:
> 
> > Inside hypervisor:
> 
> > hypervisor$ cat /etc/hostname.em1
> > inet 104.167.241.211 0xffc0
> > inet6 2602:fccf:400:41:: 48
> 
> Why are you using 48 as mask here and not 64?

I don't have control over the hypervisor's gateway, that is provided by
my ISP.

> Your gateway must have a (static) route saying we can reach 2602:fccf::/36
> (or a any smaller subnet you will use in your hypervisor) via
> em1.IPv6.address. I will pick 2602:fccf:400::/48 as the block you plan to
> use for all your VMs.

I also don't control the entire /48.

Here is the information I was given:

My IPv6 Address Subnet: 2602:fccf:400:41::/64
Hypervisor' IPv6 Gateway: 2602:fccf:400::1

I was only given a /64.

Thanks for your help.

-- 
jrmu
IRCNow (https://ircnow.org)


signature.asc
Description: PGP signature

Re: IPv6 routing problems with vether and vmm

[Willy Manga]

Hi


On 21/05/2024 04:01, jrmu wrote:
> Here is my configuration:

> Inside hypervisor:

> hypervisor$ cat /etc/hostname.em1
> inet 104.167.241.211 0xffc0
> inet6 2602:fccf:400:41:: 48

Why are you using 48 as mask here and not 64?

Here is a suggestion in term of routing.

From your configuration, you can even restrict the mask here since it's 
a point to point between your hypervisor and your gateway.

something like

/etc/hostname.em1
inet6 2602:fccf::2 127

should be okay.
Of course you configure your gateway with

2602:fccf::3/127


> hypervisor$ cat /etc/mygate
> 104.167.241.193
> 2602:fccf:400::1

From my suggestion, you can change that IPv6 with 2602:fccf::3

Your gateway must have a (static) route saying we can reach 
2602:fccf::/36 (or a any smaller subnet you will use in your hypervisor) 
via em1.IPv6.address. I will pick 2602:fccf:400::/48 as the block you 
plan to use for all your VMs.


Assuming your gateway is running OpenBSD, the route will be:

route add -inet6 2602:fccf:400::/48  2602:fccf::2

Now from the hypervisor, you originate that prefix. e.g

route add -inet6 -blackhole  2602:fccf:400::/48 ::1

All packets in that block by default is 'swallowed' here.

Now any subnet used by any interface (like vether0) here will be 
reachable from the Internet and of course the VM as well will reach 
other networks.



--
Willy Manga

Re: how to fsck automatically at boot

[Stuart Henderson]

On 2024-05-21, Nick Holland  wrote:
> On 5/20/24 09:37, Jan Stary wrote:
>> On May 20 13:22:26, mikyde...@yahoo.fr wrote:
>>> Hello,
>>> 
>>> I have two use cases and problems with fsck.
>>> 
>>> 1) When my openbsd boots after an outage, the system asks me to fsck /, 
>>> /usr, /var or /home manually.
>>> So I do
>>> fsck /dev/sd0a
>>> And then I'm asked questions and I usually answer F
>>> 
>>> So my question is that I want this process to be done automatically at boot 
>>> time for each partition that has a problem.
>> 
>> The /etc/rc boot script calls fsck -p;
>> if that fails, it means fsck -p was unable to fix a major problem.
>> It is the point that it requires an admin's intervention.
>> 
>> You would have to change the fsck call to fsck -y;
>> but don't do that.

AIUI the rationale for not using -y by default is that fsck may do
further damage to a badly damaged disk. But in practice many people
wouldn't do anything other than hit 'y' lots or 'F' when fsck
complains, in which case patching /etc/rc to run -y by default
isn't going to be any worse... And there are certainly some classes
of system where you don't really care about losing data (i.e. you
can recreate from config management or backups) but you do want to
maximise the chances of being able to connect in remotely, and in
that case -y can definitely help.

> I'd look at why your file systems are always needing these manual
> interventions after a hard shutdown.  I routinely power down my
> personal systems with yanking the power cord if it would take me
> longer "properly" connect a console and properly shut down.

That really depends on what the system is doing.

>>> When I remove that disk the boot sequence stops and asks for a fsck
>>> I would like that this disk is mounted when it's present, but when it's not 
>>> installed I don't want the boot sequence to stop
>> 
>> Make it also "noauto" in fstab and mount it in rc.local.
>
> Last I tried this, it didn't do what I wanted -- "noauto" still expects
> to have the disk there and will fsck it on boot.  Failure to be able to
> do this stops the boot.  It's been a while since I last tried this, so
> perhaps something has changed (including my recollection?)

See fstab(5) about fs_passno.

> And this might be a solution for the OP's problem:
> make /usr and /usr/* "ro" during normal operation

reorder_kernel is run in the background from /etc/rc; for RO /usr
you need to wait for that to finish.

-- 
Please keep replies on the mailing list.

Re: how to fsck automatically at boot

[Nick Holland]

On 5/20/24 09:37, Jan Stary wrote:

On May 20 13:22:26, mikyde...@yahoo.fr wrote:

Hello,

I have two use cases and problems with fsck.

1) When my openbsd boots after an outage, the system asks me to fsck /, /usr, 
/var or /home manually.
So I do
fsck /dev/sd0a
And then I'm asked questions and I usually answer F

So my question is that I want this process to be done automatically at boot 
time for each partition that has a problem.


The /etc/rc boot script calls fsck -p;
if that fails, it means fsck -p was unable to fix a major problem.
It is the point that it requires an admin's intervention.

You would have to change the fsck call to fsck -y;
but don't do that.


I'd look at why your file systems are always needing these manual
interventions after a hard shutdown.  I routinely power down my
personal systems with yanking the power cord if it would take me
longer "properly" connect a console and properly shut down.

yeah, I get fscks, but I rarely get a manual intervention required.
It does happen...but rarely.


(Also, don't let a server have power outages, obviously.)


This is because I use a small server without screen and keyboard.


So what? That is no excuse to leave broken filesystems unattended.


2) I have another disk in my small server, and I mount one partition of it with 
in fstab
aa929243b0f5.a /var/mylogs ffs rw,nodev,nosuid 1 2
When I remove that disk the boot sequence stops and asks for a fsck
I would like that this disk is mounted when it's present, but when it's not 
installed I don't want the boot sequence to stop


Make it also "noauto" in fstab and mount it in rc.local.


Last I tried this, it didn't do what I wanted -- "noauto" still expects
to have the disk there and will fsck it on boot.  Failure to be able to
do this stops the boot.  It's been a while since I last tried this, so
perhaps something has changed (including my recollection?)


I have some backup servers with big file systems that can take hours to
fsck. I pulled the mount lines out of /etc/fstab and put them in a
separate script that is invoked at boot from /etc/rc.local

And this might be a solution for the OP's problem:
make /usr and /usr/* "ro" during normal operation, and move all the
"lots of volatile data" stuff over to partitions that are mounted post
boot by a separate script.  Maybe make /tmp an MFS if that's an option.
That will minimize the fsck problems, and allow the system to come up
for either manual, remote fixing or even fsck -y in the mountall script.
Don't forget you ro'd the /usr partitions, otherwise your upgrades will
be unpleasant. :)

Nick.

Re: packet filter silently ignores a rule

[Stuart Henderson]

On 2024-05-21, Maksim Rodin  wrote:
> I solved the problem by copying the entire rule block right after
> the old one and commenting out the old one.
>
> New:
> pass in on egress inet proto tcp to (egress) port $mail_ports \
>   keep state (max-src-conn 20, \
>   max-src-conn-rate 35/300, overload  \
>   flush global) \
>   rdr-to $mail_server
>
> Old:
> pass in on egress inet proto tcp to (egress) \
>   port $mail_ports \
>   keep state (max-src-conn 20, \
>   max-src-conn-rate 35/300, overload  \
>   flush global) rdr-to $mail_server
>
> I only split one line and merged two other lines into one
> but I think I did it correctly and I do not see any logical
> changes in the block.
...
>> My whole pf.conf (all uncommented lines):

We can't tell if it was done correctly because you excluded commented
lines from the file you showed. Read pf.conf(5) DESCRIPTION section,
paragraph starting "The current line can be extended over multiple
lines".

Re: packet filter silently ignores a rule

[Maksim Rodin]

I solved the problem by copying the entire rule block right after
the old one and commenting out the old one.

New:
pass in on egress inet proto tcp to (egress) port $mail_ports \
keep state (max-src-conn 20, \
max-src-conn-rate 35/300, overload  \
flush global) \
rdr-to $mail_server

Old:
pass in on egress inet proto tcp to (egress) \
port $mail_ports \
keep state (max-src-conn 20, \
max-src-conn-rate 35/300, overload  \
flush global) rdr-to $mail_server

I only split one line and merged two other lines into one
but I think I did it correctly and I do not see any logical
changes in the block.

I still cannot understand what happened because there were no
uncommented excess lines within the old block.

Before copying the entire rule block I even occasionally made
a typo in the old rule and checked it with pfctl -nf /etc/pf.conf.
PF still did as if there were no block with the typo at all:

pass in on egress inet proto tcp to (egress) \
ort $mail_ports \
keep state (max-src-conn 20, \
max-src-conn-rate 35/300, overload  \
flush global) rdr-to $mail_server



On Mon May 20 11:43:21 2024, Maksim Rodin wrote:
> Hello,
> I use OpenBSD 7.5 stable amd64.
> I uncommented an old rule and the corresponding macro in pf.conf
> which definitely worked when the
> machine was on version 7.3 and possibly 7.4.
> 
> After that:
> pfctl -nf /etc/pf.conf shows nothing
> pfctl -f /etc/pf.conf shows nothing
> So Packet Filter seems to be happy with the config as a whole.
> 
> pfctl -vvsr shows the old rules WITHOUT the uncommented one.
> pfctl -vvnf /etc/pf.conf warns that the uncommented macro
> used in the uncommented rule is NOT used.
> 
> The output of pfctl -vvnf /etc/pf.conf is appended as
> pfctl_vvnf file
> The output of pfctl -vvsr is appended as
> pfctl_vvsr file
> 
> 
> Did I miss something when changing the configuration?
> 
> The uncommented section 1 is:
> mail_ports = "{ submission imaps }"
> 
> The uncommented section 2 is:
> pass in on egress inet proto tcp to (egress) \
>   port $mail_ports \
>   keep state (max-src-conn 20, \
>   max-src-conn-rate 35/300, overload  \
>   flush global) rdr-to $mail_server
> 
> 
> My whole pf.conf (all uncommented lines):
> int_if = "{ vether1 em1 em2 em3 }"
> table  { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 \
>169.254.0.0/16 172.16.0.0/12 192.0.2.0/24 \
>192.168.0.0/16 198.18.0.0/15 198.51.100.0/24 \
> }
> table  persist
> table  persist file "/etc/mail/nospamd"
> table  persist file "/etc/pf/bad_ips"
> 
> transmission_server = "192.168.1.65"
> mail_server = "192.168.1.171"
> 
> mail_ports = "{ submission imaps }"
> 
> block log all
> set limit table-entries 100
> set block-policy drop
> set syncookies adaptive (start 29%, end 15%)
> set skip on lo
> 
> match in all scrub (no-df random-id max-mss 1440)
> match out on egress inet from (vether1:network) \
>   to any nat-to (egress:0)
> 
> block in quick on egress from  to any
> block return out quick on egress from any to 
> block quick from 
> 
> pass out quick inet
> pass in on $int_if inet
> 
> pass in on egress inet proto tcp  \
>   to (egress) port 22 keep state \
>   (max-src-conn 2, max-src-conn-rate 2/300, \
>   overload  flush global)
> 
> pass in on egress inet proto { tcp udp }  \
>   to (egress) port domain keep state \
>   (max-src-states 10) \
>   rdr-to 127.0.0.1 port 8053
> 
> pass in on $int_if inet proto { tcp udp } from \
>   (vether1:network) to (egress) port domain
> 
> pass in on egress inet proto { tcp udp } \
>   to (egress) port 5 \
>   rdr-to $transmission_server
> 
> pass in on egress inet proto tcp to (egress) \
>   port $mail_ports \
>   keep state (max-src-conn 20, \
>   max-src-conn-rate 35/300, overload  \
>   flush global) rdr-to $mail_server
> 
> pass in on egress proto tcp to (egress) \
>   port smtp divert-to 127.0.0.1 port spamd
> pass in on egress proto tcp from  to (egress) \
>   port smtp rdr-to $mail_server
> pass in log on egress proto tcp from  \
>   to (egress) port smtp \
>   rdr-to $mail_server
> pass out on egress proto tcp to (egress) port smtp
> 
> 
> -- 
> Best regards
> Maksim Rodin

> warning: macro 'mail_ports' not used
> Loaded 714 passive OS fingerprints
> int_if = "{ vether1 em1 em2 em3 }"
> table  { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 
> 172.16.0.0/12 192.0.2.0/24 192.168.0.0/16 198.18.0.0/15 198.51.100.0/24 }
> table  persist
> table  persist file "/etc/mail/nospamd"
> table  persist file "/etc/pf/bad_ips"
> transmission_server = "192.168.1.65"
> mail_server = "192.168.1.171"
> mail_ports = "{ submission imaps }"
> set limit table-entries 100
> set block-policy drop
> set syncookies adaptive (start 29%, end 15%)
> set skip on { lo }
> @0 block drop log all
> @1 match in all scrub (no-df random-id max-mss 1440)
> @2 match out on egress inet from 

IPv6 routing problems with vether and vmm

[jrmu]

Greetings,

I'm running into issues with IPv6 networking using vmm with an openbsd guest, 
both running OpenBSD 7.5. Setup and diagnostic info here: 

https://paste.ircnow.org/05ejwpmf4hi74xuz0h2n

I am setting up an openbsd virtual machine inside vmm using this
configuration:

https://wiki.ircnow.org/?n=Vmm.Configure

IPv4 networking inside the virtual machine works fine, but IPv6 is
failing. I can use the hypervisor's IPv6 address 2602:fccf:400:41:: but
am unable to use IPv6 from the virtual machines.

Here is my configuration:

Inside hypervisor:

hypervisor$ cat /etc/hostname.em1
inet 104.167.241.211 0xffc0
inet6 2602:fccf:400:41:: 48
hypervisor$ cat /etc/mygate
104.167.241.193
2602:fccf:400::1
hypervisor$ cat /etc/hostname.vether0
inet 104.167.241.49 255.255.255.248
inet6 2602:fccf:400:41::1 64
hypervisor$ cat /etc/hostname.bridge0
add vether0

Inside virtual machine:
vm# cat /etc/hostname.vio0
inet 104.167.241.51 0xffc0
inet6 2602:fccf:400:41:51:: 64
vm# cat /etc/mygate
104.167.241.49
2602:fccf:400:41::1

Hypervisor ifconfig, route, arp, and ndp:

hypervisor$ ifconfig
lo0: flags=2008049 mtu 32768
index 4 priority 0 llprio 3
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
inet 127.0.0.1 netmask 0xff00
em0: flags=8802 mtu 1500
lladdr 00:25:90:5a:2d:93
index 1 priority 0 llprio 3
media: Ethernet autoselect (none)
status: no carrier
em1: flags=8843 mtu 1500
lladdr 00:25:90:5a:2d:92
index 2 priority 0 llprio 3
groups: egress
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 104.167.241.211 netmask 0xffc0 broadcast 104.167.241.255
inet6 fe80::225:90ff:fe5a:2d92%em1 prefixlen 64 scopeid 0x2
inet6 2602:fccf:400:41:: prefixlen 48
enc0: flags=0<>
index 3 priority 0 llprio 3
groups: enc
status: active
bridge0: flags=41 mtu 1500
description: switch1-switch0
index 5 llprio 3
groups: bridge
priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp
tap1 flags=3
port 15 ifpriority 0 ifcost 0
tap2 flags=3
port 10 ifpriority 0 ifcost 0
tap0 flags=3
port 8 ifpriority 0 ifcost 0
vether0 flags=3
port 6 ifpriority 0 ifcost 0
vether0: flags=8943 mtu 1500
lladdr fe:e1:ba:d0:6f:27
index 6 priority 0 llprio 3
groups: vether
media: Ethernet autoselect
status: active
inet 104.167.241.49 netmask 0xfff8 broadcast 104.167.241.55
inet6 fe80::fce1:baff:fed0:6f27%vether0 prefixlen 64 scopeid 0x6
inet6 2602:fccf:400:41::1 prefixlen 64
pflog0: flags=141 mtu 33136
index 7 priority 0 llprio 3
groups: pflog
tap0: flags=8943 mtu 1500
lladdr fe:e1:ba:d1:76:b7
description: vm1-if0-mattbsd
index 8 priority 0 llprio 3
groups: tap
status: active
tap2: flags=8943 mtu 1500
lladdr fe:e1:ba:d3:f5:02
description: vm3-if0-errorbsd
index 10 priority 0 llprio 3
groups: tap
status: active
tap1: flags=8943 mtu 1500
lladdr fe:e1:ba:d8:99:f9
description: vm2-if0-jrmu
index 15 priority 0 llprio 3
groups: tap
status: active

hypervisor$ route -n show

Routing tables

Internet:
DestinationGatewayFlags   Refs  Use   Mtu  Prio Iface
default104.167.241.193UGS   1146767 - 8 em1  
224/4  127.0.0.1  URS00 32768 8 lo0  
104.167.241.192/26 104.167.241.211UCn112147 - 4 em1  
104.167.241.48/29  104.167.241.49 UCn60 - 4 vether0
104.167.241.48 link#6 UHLc   0   17 - 3 vether0
104.167.241.49 fe:e1:ba:d0:6f:27  UHLl   0 8098 - 1 vether0
104.167.241.50 e8:8b:27:7b:7a:01  UHLc   0 1439 - 3 vether0
104.167.241.51 e8:8b:27:7b:7a:02  UHLc   022740 - 3 vether0
104.167.241.52 link#6 UHLc   0   84 - 3 vether0
104.167.241.53 link#6 UHLc   0   15 - 3 vether0
104.167.241.54 e8:8b:27:7b:7a:03  UHLc   0 1069 - 3 vether0
104.167.241.55 104.167.241.49 UHb0 1005 - 1 vether0
104.167.241.193ac:1f:6b:fe:ca:98  UHLch  1 5705 - 3 em1  
104.167.241.21100:25:90:5a:2d:92  UHLl   0 9427 - 1 em1  
104.167.241.255104.167.241.211UHb0 4455 - 1 em1  
127/8  127.0.0.1  UGRS   00 32768 8 lo0  
127.0.0.1  127.0.0.1  UHhl   12 32768 1 lo0  

Internet6:
Destination Gateway 
Flags   Refs  Use   Mtu  

Re: [PATCH] [cwm] config option to run all apps maximized

[ZenitDS]

Hi,

I am experiencing a similar issue in my setup, in my case when running
$ xterm -geometry 500x500+0+0
the window lags a lot when toggling maximization again. It happens also
if you use client_toggle_fullscreen instead. Also, is there any reason that you 
maximize
instead of fullscreen? Toggling fullscreen I feel is better, since you don't 
get to see
the border.

Best regards

Re: how to fsck automatically at boot

[Kirill A . Korinsky]

On Mon, 20 May 2024 14:22:26 +0100,
Mik J  wrote:
> 
> aa929243b0f5.a /var/mylogs ffs rw,nodev,nosuid 1 2

You may add noatime which should decrease probability of issues when an
outage had happened.

Also, you may consider to use sync option which should future decrease
probability of issues on an outage.

-- 
wbr, Kirill

Re: how to fsck automatically at boot

[Jan Stary]

On May 20 13:22:26, mikyde...@yahoo.fr wrote:
> Hello,
> 
> I have two use cases and problems with fsck.
> 
> 1) When my openbsd boots after an outage, the system asks me to fsck /, /usr, 
> /var or /home manually.
> So I do
> fsck /dev/sd0a
> And then I'm asked questions and I usually answer F
> 
> So my question is that I want this process to be done automatically at boot 
> time for each partition that has a problem.

The /etc/rc boot script calls fsck -p;
if that fails, it means fsck -p was unable to fix a major problem.
It is the point that it requires an admin's intervention.

You would have to change the fsck call to fsck -y;
but don't do that.

(Also, don't let a server have power outages, obviously.)

> This is because I use a small server without screen and keyboard.

So what? That is no excuse to leave broken filesystems unattended.

> 2) I have another disk in my small server, and I mount one partition of it 
> with in fstab
> aa929243b0f5.a /var/mylogs ffs rw,nodev,nosuid 1 2
> When I remove that disk the boot sequence stops and asks for a fsck
> I would like that this disk is mounted when it's present, but when it's not 
> installed I don't want the boot sequence to stop

Make it also "noauto" in fstab and mount it in rc.local.

(Also, don't remove disks from servers, obviously.)

how to fsck automatically at boot

[Mik J]

Hello,

I have two use cases and problems with fsck.

1) When my openbsd boots after an outage, the system asks me to fsck /, /usr, 
/var or /home manually.
So I do
fsck /dev/sd0a
And then I'm asked questions and I usually answer F

So my question is that I want this process to be done automatically at boot 
time for each partition that has a problem.
If there's no problem, the system would boot at usual.

This is because I use a small server without screen and keyboard.

2) I have another disk in my small server, and I mount one partition of it with 
in fstab
aa929243b0f5.a /var/mylogs ffs rw,nodev,nosuid 1 2
When I remove that disk the boot sequence stops and asks for a fsck

I would like that this disk is mounted when it's present, but when it's not 
installed I don't want the boot sequence to stop


Is there a way to do these tasks or should I use a script that is executed by 
/etc/rc.local ?

Thank you

Re: pf anchors attached to irrelevant states

[Kapetanakis Giannis]

On 19/05/2024 19:35, Kapetanakis Giannis wrote:
> On 19/05/2024 14:37, Stuart Henderson wrote:
>> On 2024-05-19, Kapetanakis Giannis  wrote:
>>> This is a bit strange. pf works normal, but rules after an enchor an
>>> being attached to the anchor (somehow).
>>>
>>> All states that are created from rules after the anchor, show the anchor
>>> (pf rule) number instead of (only) the rule number in pfctl -vv and in
>>> pflog.
>> I can confirm this is a problem, definitely seen in 7.4, I can't remember
>> if 7.3 was affected. 7.2 from Dec 22 seems ok.
>
> 7.3 release was also affected, just tested on a vm.
>
> G

It seems that this was introduced with 1.1169 of pf.c (2023/01/05)

https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/net/pf.c.diff?r1=1.1168=1.1169=date=h

reverting to 1.1168 shows then rules numbers correct both in pflog and pfctl.

Rest of kernel is on 2023-01-12

G

packet filter silently ignores a rule

[Maksim Rodin]

Hello,
I use OpenBSD 7.5 stable amd64.
I uncommented an old rule and the corresponding macro in pf.conf
which definitely worked when the
machine was on version 7.3 and possibly 7.4.

After that:
pfctl -nf /etc/pf.conf shows nothing
pfctl -f /etc/pf.conf shows nothing
So Packet Filter seems to be happy with the config as a whole.

pfctl -vvsr shows the old rules WITHOUT the uncommented one.
pfctl -vvnf /etc/pf.conf warns that the uncommented macro
used in the uncommented rule is NOT used.

The output of pfctl -vvnf /etc/pf.conf is appended as
pfctl_vvnf file
The output of pfctl -vvsr is appended as
pfctl_vvsr file


Did I miss something when changing the configuration?

The uncommented section 1 is:
mail_ports = "{ submission imaps }"

The uncommented section 2 is:
pass in on egress inet proto tcp to (egress) \
port $mail_ports \
keep state (max-src-conn 20, \
max-src-conn-rate 35/300, overload  \
flush global) rdr-to $mail_server


My whole pf.conf (all uncommented lines):
int_if = "{ vether1 em1 em2 em3 }"
table  { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 \
   169.254.0.0/16 172.16.0.0/12 192.0.2.0/24 \
   192.168.0.0/16 198.18.0.0/15 198.51.100.0/24 \
}
table  persist
table  persist file "/etc/mail/nospamd"
table  persist file "/etc/pf/bad_ips"

transmission_server = "192.168.1.65"
mail_server = "192.168.1.171"

mail_ports = "{ submission imaps }"

block log all
set limit table-entries 100
set block-policy drop
set syncookies adaptive (start 29%, end 15%)
set skip on lo

match in all scrub (no-df random-id max-mss 1440)
match out on egress inet from (vether1:network) \
to any nat-to (egress:0)

block in quick on egress from  to any
block return out quick on egress from any to 
block quick from 

pass out quick inet
pass in on $int_if inet

pass in on egress inet proto tcp  \
to (egress) port 22 keep state \
(max-src-conn 2, max-src-conn-rate 2/300, \
overload  flush global)

pass in on egress inet proto { tcp udp }  \
to (egress) port domain keep state \
(max-src-states 10) \
rdr-to 127.0.0.1 port 8053

pass in on $int_if inet proto { tcp udp } from \
(vether1:network) to (egress) port domain

pass in on egress inet proto { tcp udp } \
to (egress) port 5 \
rdr-to $transmission_server

pass in on egress inet proto tcp to (egress) \
port $mail_ports \
keep state (max-src-conn 20, \
max-src-conn-rate 35/300, overload  \
flush global) rdr-to $mail_server

pass in on egress proto tcp to (egress) \
port smtp divert-to 127.0.0.1 port spamd
pass in on egress proto tcp from  to (egress) \
port smtp rdr-to $mail_server
pass in log on egress proto tcp from  \
to (egress) port smtp \
rdr-to $mail_server
pass out on egress proto tcp to (egress) port smtp


-- 
Best regards
Maksim Rodin
warning: macro 'mail_ports' not used
Loaded 714 passive OS fingerprints
int_if = "{ vether1 em1 em2 em3 }"
table  { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 
172.16.0.0/12 192.0.2.0/24 192.168.0.0/16 198.18.0.0/15 198.51.100.0/24 }
table  persist
table  persist file "/etc/mail/nospamd"
table  persist file "/etc/pf/bad_ips"
transmission_server = "192.168.1.65"
mail_server = "192.168.1.171"
mail_ports = "{ submission imaps }"
set limit table-entries 100
set block-policy drop
set syncookies adaptive (start 29%, end 15%)
set skip on { lo }
@0 block drop log all
@1 match in all scrub (no-df random-id max-mss 1440)
@2 match out on egress inet from (vether1:network:*) to any nat-to (egress:0:*) 
round-robin
@3 block drop in quick on egress from  to any
@4 block return out quick on egress from any to 
@5 block drop quick from  to any
@6 pass out quick inet all flags S/SA
@7 pass in on vether1 inet all flags S/SA
@8 pass in on em1 inet all flags S/SA
@9 pass in on em2 inet all flags S/SA
@10 pass in on em3 inet all flags S/SA
@11 pass in on egress inet proto tcp from any to (egress:*) port = 22 flags 
S/SA keep state (source-track rule, max-src-conn 2, max-src-conn-rate 2/300, 
overload  flush global, src.track 300)
@12 pass in on egress inet proto tcp from any to (egress:*) port = 53 flags 
S/SA keep state (source-track global, max-src-states 10) rdr-to 127.0.0.1 port 
8053
@13 pass in on egress inet proto udp from any to (egress:*) port = 53 keep 
state (source-track global, max-src-states 10) rdr-to 127.0.0.1 port 8053
@14 pass in on vether1 inet proto tcp from (vether1:network:*) to (egress:*) 
port = 53 flags S/SA
@15 pass in on em1 inet proto tcp from (vether1:network:*) to (egress:*) port = 
53 flags S/SA
@16 pass in on em2 inet proto tcp from (vether1:network:*) to (egress:*) port = 
53 flags S/SA
@17 pass in on em3 inet proto tcp from (vether1:network:*) to (egress:*) port = 
53 flags S/SA
@18 pass in on vether1 inet proto udp from (vether1:network:*) to (egress:*) 
port = 53
@19 pass in on em1 inet proto udp from (vether1:network:*) to (egress:*) 

Re: kernel rebuild to debug problem

[Kapetanakis Giannis]

On 20/05/2024 00:03, Kirill A. Korinsky wrote:
> On Sun, 19 May 2024 20:52:56 +0100,
> Kapetanakis Giannis  wrote:
>> I'm trying to bisect a bug and compile an older kernel from cvs
>>
>> cvs checkout -D "2023-01-05" src/sys
>>
>> and following https://www.openbsd.org/faq/faq5.html#Options
>> + make install
>>
>> New kernel compiles and boots but I get:
>>
>> # pfctl -f /etc/pf.conf
>> pfctl: DIOCADDRULE: Operation not supported by device
>>
>> # pfctl -sr
>> pfctl: Permission denied
>>
>> # pfctl -si | head -1
>> Status: Enabled for 0 days 00:05:03  Debug: err
>>
>> any ideas about this?
>>
> You need to build / use no only old kernel but the whole system.
>
> The simplest way is to use archived version of snapshots from
> https://openbsd.cs.toronto.edu/archive/ or another mirror.


Thanks for the reply.

I did also build pfctl.

Unfortunately the date I'm looking for is older than the archives on toronto or 
hostserver.de

Anyway I'll try a build the whole system. Any hints of what specific is needed 
would be nice, since building the whole system every time until I find the 
commit I'm looking for would be a pain.

G

Re: kernel rebuild to debug problem

[Kirill A . Korinsky]

On Sun, 19 May 2024 20:52:56 +0100,
Kapetanakis Giannis  wrote:
> 
> I'm trying to bisect a bug and compile an older kernel from cvs
> 
> cvs checkout -D "2023-01-05" src/sys
> 
> and following https://www.openbsd.org/faq/faq5.html#Options
> + make install
> 
> New kernel compiles and boots but I get:
> 
> # pfctl -f /etc/pf.conf
> pfctl: DIOCADDRULE: Operation not supported by device
> 
> # pfctl -sr
> pfctl: Permission denied
> 
> # pfctl -si | head -1
> Status: Enabled for 0 days 00:05:03  Debug: err
> 
> any ideas about this?
> 

You need to build / use no only old kernel but the whole system.

The simplest way is to use archived version of snapshots from
https://openbsd.cs.toronto.edu/archive/ or another mirror.

-- 
wbr, Kirill

kernel rebuild to debug problem

[Kapetanakis Giannis]

I'm trying to bisect a bug and compile an older kernel from cvs

cvs checkout -D "2023-01-05" src/sys

and following https://www.openbsd.org/faq/faq5.html#Options
+ make install

New kernel compiles and boots but I get:

# pfctl -f /etc/pf.conf
pfctl: DIOCADDRULE: Operation not supported by device

# pfctl -sr
pfctl: Permission denied

# pfctl -si | head -1
Status: Enabled for 0 days 00:05:03  Debug: err

any ideas about this?

G

Re: pf anchors attached to irrelevant states

[Markus Wernig]

On 5/19/24 13:37, Stuart Henderson wrote:


I can confirm this is a problem, definitely seen in 7.4, I can't remember
if 7.3 was affected. 7.2 from Dec 22 seems ok.


Yes, 7.3 is affected. It is the same problem reported here:
https://marc.info/?l=openbsd-misc=168754952806369

Re: pf anchors attached to irrelevant states

[Kapetanakis Giannis]

On 19/05/2024 14:37, Stuart Henderson wrote:

On 2024-05-19, Kapetanakis Giannis  wrote:

This is a bit strange. pf works normal, but rules after an enchor an
being attached to the anchor (somehow).

All states that are created from rules after the anchor, show the anchor
(pf rule) number instead of (only) the rule number in pfctl -vv and in
pflog.

I can confirm this is a problem, definitely seen in 7.4, I can't remember
if 7.3 was affected. 7.2 from Dec 22 seems ok.


7.3 release was also affected, just tested on a vm.

G

Re: pf anchors attached to irrelevant states

[Stuart Henderson]

On 2024-05-19, Kapetanakis Giannis  wrote:
> This is a bit strange. pf works normal, but rules after an enchor an 
> being attached to the anchor (somehow).
>
> All states that are created from rules after the anchor, show the anchor 
> (pf rule) number instead of (only) the rule number in pfctl -vv and in 
> pflog.

I can confirm this is a problem, definitely seen in 7.4, I can't remember
if 7.3 was affected. 7.2 from Dec 22 seems ok.

pf anchors attached to irrelevant states

[Kapetanakis Giannis]

This is a bit strange. pf works normal, but rules after an enchor an 
being attached to the anchor (somehow).


All states that are created from rules after the anchor, show the anchor 
(pf rule) number instead of (only) the rule number in pfctl -vv and in 
pflog.


Here is a quite simple example.

# pfctl -sr -a'*' -vv | egrep -v "Evaluations|Inserted" | head -6
@0 match in all scrub (no-df random-id)
@1 pass in quick on vio0 from  to any flags S/SA set (prio 6) keep 
state (if-bound, pflow) tag from_external
@2 anchor "test" quick all {
@0 pass out log quick on egress inet proto tcp from any to any port = 2000 
flags S/SA keep state (if-bound) rdr-to 127.0.0.1
}
@3 pass out log quick inet proto tcp from any to yy.yy.yy.yy port = 22 flags 
S/SA keep state (if-bound, pflow)

Test traffic for anchor rule works fine (xx.xx.xx.xx is my external ip)

# telnet 8.8.8.8 2000

pflog: May 19 13:54:03.427024 rule 2.test.0/(match) pass out on vio0: xx.xx.xx.36179 
> 8.8.8.8.2000: S 4080176752:4080176752(0) win 16384  (DF) [tos 0x10]

# pfctl -ss -vv | grep -A3 8.8.8.8
vio0 tcp xx.xx.xx.xx:36179 -> 127.0.0.1:2000 (8.8.8.8:2000)   
SYN_SENT:CLOSED
   [4080176752 + 2]  [0 + 1]
   age 00:00:01, expires in 00:01:59, 1:0 pkts, 64:0 bytes, anchor 2, rule 0 
<<<--- this rule 0 of anchor which is correct
   id: 661391580039aaa3 creatorid: bfd893f9


See what happens if I try to triger rule @3 and ssh to yy.yy.yy.yy

pflog: May 19 13:55:42.386186 rule 2/(match) pass out on vio0: xx.xx.xx.xx.23564 > 
yy.yy.yy.yy.22: S 3631867116:3631867116(0) win 16384  (DF) [tos 0x48]

pfctl -ss -vv|grep -A3 yy.yy.yy.yy
vio0 tcp xx.xx.xx.xx:23564 -> yy.yy.yy.yy:22   ESTABLISHED:ESTABLISHED
   [3631869502 + 37760] wscale 6  [3744464382 + 16384] wscale 7
   age 00:01:10, expires in 23:58:54, 16:19 pkts, 3229:3857 bytes, anchor 2, 
rule 3, pflow
   id: 661391580039ab07 creatorid: bfd893f9

pflog, logs "rule 2" which is the anchor instead of "rule 3"

pfctl,  shows "anchor 2, rule 3" instead of just "rule 3"

Traffic works normally but there is something fishy here.

quick on anchor does not make any difference, although to my understanding it 
shouldn't matter either set or not set in this case.

G

Re: smtpd outgoing mail configuration

[Ampie Niemand]

On Fri, May 17, 2024 at 08:12:27AM +0200, fr...@lilo.org wrote:

How to forward outgoing mail to a remote SMTP server with smtpd?

I found this page, but it's out of date I think.
https://romanzolotarev.com/openbsd/smtpd-forward.html

Tks
Pascal



I have mine setup like this and its working.

My /etc/mail/smtpd.conf:  
 
--- start file ---
#   $OpenBSD: smtpd.conf,v 1.14 2019/11/26 20:14:38 gilles Exp $  
 
# This is the smtpd server system-wide configuration file.
# See smtpd.conf(5) for more information. 
 
table aliases file:/etc/mail/aliases  
 
listen on socket  
 
# To accept external mail, replace with: listen on all
listen on all 
 
action "local_mail" mbox alias   
action "outbound" relay host smtp://"   
 
# Uncomment the following to accept external mail for domain match from 
# any   
for domain "" action "local_mail"
match from local for local action "local_mail"
match from local for any action "outbound"
 
--- End file ---  
 
# doas rcctl enable smtpd 
# doas 

Re: pax and ext2fs

[Walter Alejandro Iglesias]

On Sat May 18 08:50:21 2024 Philip Guenther wrote:
> > So yeah, what's needed is pathconfat(2)** but whether this winding loose 
> > end ("That poor yak.") merits that much code and surface is yet to be 
> > examined deeply.
>
> The fix for this has now been committed, so it'll be in 7.6 and a near
> future snapshot.
>

And you wrote the library!

Philip Guenther at https://austingroupbugs.net/view.php?id=1831 wrote:

   With a fresh cup of coffee, it's 'obvious' the correct action is to
   use pathconfat(AT_FDCWD, path, _PC_TIMESTAMP_RESOLUTION,
   AT_SYMLINK_NOFOLLOW)

   This was touched on in https://austingroupbugs.net/view.php?id=786
   [^] (c.f.  Geoff's comment 2827 from 2015) so maybe I should just
   implement this in OpenBSD and drag everyone else along from there. :)


No yaks for Philip "John Wayne" Guether, only cows. ;-)


>
> Philip Guenther
>
>


Walter

Re: nginx + php = system() not working?

[Stuart Henderson]

On 2024-05-17, Martijn van Duren  wrote:
> On Thu, 2024-05-16 at 21:58 -0400, F Bax wrote:
>> I think I missed something simple? I installed 7.5 release in a VM. I then 
>> installed nginx and PHP 8.3.3; with pkg_add. I then ran these two commands:
>> # rcctl enable php83_fpm
>> # rcctl start php83_fpm
>> I found an issue with php system() function; so created this simple script 
>> which produces "HiThere"; why is the date not presented?
>> 
>> >   echo 'Hi';
>>   system( 'date' );
>>   echo 'There';
>> ?>
>
> All the advise I've seen is horrible. chroot isn't enabled by default
> without a reason (php and security have a history).
> My first question would by why you need system() in the first place.
> If you need the date/time, just use
> https://www.php.net/manual/en/class.datetime.php. If it's just a proof
> of concept be more precise in what you want to achieve and see if
> there's a PHP library equivalent. If there's no reasonable way to
> achieve it (which I highly doubt) I advise to copy the required binary
> (and dependencies) into the chroot and make a memo to keep them up to
> date.

There's some information about this in PHP's pkg-readme file.

-- 
Please keep replies on the mailing list.

Re: pax and ext2fs

[Philip Guenther]

On Thu, May 16, 2024 at 12:08 AM Philip Guenther  wrote:
> On Wed, May 15, 2024 at 1:14 AM Philip Guenther  wrote:
...
>> I think you've managed to hit a spot where the POSIX standard doesn't 
>> provide a way for a program to find the information it needs to do its job 
>> correctly.  I've filed a ticket there
>>https://austingroupbugs.net/view.php?id=1831
>>
>> We'll see if my understanding of pathconf() is incorrect or if someone has a 
>> great idea for how to get around this...
>
> So yeah, what's needed is pathconfat(2)** but whether this winding loose end 
> ("That poor yak.") merits that much code and surface is yet to be examined 
> deeply.

The fix for this has now been committed, so it'll be in 7.6 and a near
future snapshot.


Philip Guenther

Re: nginx + php = system() not working?

[Dan]

"Souji Thenria"  wrote:

> Another issue might be that nginx is still running as www and doesn't
> have access to /home/Testing.

As per above suggestion double check that the user by which you
run nginx (usually www) has access almost by the group to
to the prefix directory declared by the -p flag, and to the subfolders.
(and clearly you can't manage to do that on an usr home dir..)

Then you should double check your phpfpm user and group by the
php-fpm.conf in the following declarations:

; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default
user's group ;   will be used.
user = www
group = www


-dan

Re: nginx + php = system() not working?

[Souji Thenria]

On Fri May 17, 2024 at 2:56 PM BST, F Bax wrote:

In /etc/rc.conf.local - I changed nginx_flags="-u -p /home/Testing"
(home directory of a real user).
reboot system and now browser is refused connection
This site can’t be reached 192.168.1.131 refused to connect.
Neither /var/www/logs/{access|error}.log is changed.
What else needs to change?


Can you verify that nginx is running?
You may have an error in your configuration. You can check the nginx
configuration using nginx -t.

Another issue might be that nginx is still running as www and doesn't
have access to /home/Testing.

Regards,
Souji

Re: nginx + php = system() not working?

[Martijn van Duren]

On Thu, 2024-05-16 at 21:58 -0400, F Bax wrote:
> I think I missed something simple? I installed 7.5 release in a VM. I then 
> installed nginx and PHP 8.3.3; with pkg_add. I then ran these two commands:
> # rcctl enable php83_fpm
> # rcctl start php83_fpm
> I found an issue with php system() function; so created this simple script 
> which produces "HiThere"; why is the date not presented?
> 
>    echo 'Hi';
>   system( 'date' );
>   echo 'There';
> ?>

All the advise I've seen is horrible. chroot isn't enabled by default
without a reason (php and security have a history).
My first question would by why you need system() in the first place.
If you need the date/time, just use
https://www.php.net/manual/en/class.datetime.php. If it's just a proof
of concept be more precise in what you want to achieve and see if
there's a PHP library equivalent. If there's no reasonable way to
achieve it (which I highly doubt) I advise to copy the required binary
(and dependencies) into the chroot and make a memo to keep them up to
date.

martijn@

Re: nginx + php = system() not working?

[F Bax]

Thanks for the tips and security warnings Mike, Souji and Dan,
In php-fpm.conf - I changed "; chroot = /var/www" to comment.
In /etc/rc.conf.local - I changed nginx_flags="-u -p /home/Testing"
(home directory of a real user).
reboot system and now browser is refused connection
This site can’t be reached 192.168.1.131 refused to connect.
Neither /var/www/logs/{access|error}.log is changed.
 /var/log/php-fpm.log show normal startup; then nothing in any /var/log/
files.
[17-May-2024 09:41:59] NOTICE: fpm is running, pid 8072
[17-May-2024 09:41:59] NOTICE: ready to handle connections
What else needs to change?

Re: nginx + php = system() not working?

[Dan]

It can even help to run nginx in "unsecure mode" if you want to stay
not chrooted:

nginx_flags="-u -p /home/mytests"

man nginx

; while php-fpm.conf should remain with the default values 
; in this case..


-dan


Mike Fischer  wrote:

> 
> > Am 17.05.2024 um 03:58 schrieb F Bax :
> > 
> > I think I missed something simple? I installed 7.5 release in a VM.
> > I then installed nginx and PHP 8.3.3; with pkg_add. I then ran
> > these two commands: # rcctl enable php83_fpm # rcctl start php83_fpm
> > I found an issue with php system() function; so created this simple
> > script which produces "HiThere"; why is the date not presented?
> >  >   system( 'date' );
> >   echo 'There';
> > ?>
> 
> You are probably running the php83_fpm process accessed from nginx in
> the default chroot(2) environment? 

Re: nginx + php = system() not working?

[Dan]

May 17, 2024 11:30:25 Souji Thenria :

> -u   By default nginx will chroot(2) to the home
>  directory of the user running the daemon, typically
>  "www", or to the home directory of user in
>  nginx.conf.  The -u option disables this behaviour,
>  and returns nginx to the original "unsecure"
>  behaviour.
>
> But it doesn't do it on other systems; I cross-checked with nginx
> installed on a FreeBSD, where this option doesn't exist.


Indeed take care about this option as I use it every day in my dev 
environment.. ;-)

Re: nginx + php = system() not working?

[Souji Thenria]

On Fri May 17, 2024 at 4:38 AM BST, Mike Fischer wrote:

OpenBSD httpd would be a different situation because it runs in a
chroot(2) environment by default. You can’t call on a PHP-FPM process
that is not also running in the chroot(2) environment. The
communication between httpd(8) and PHP-FPM fails due to differing
opinions about the root of the filesystem when applied to the paths
passed from httpd to PHP-FPM. At least I have not managed to get this
to work.

But AFAIK nginx does not run chroot(2)ed by default. So PHP-FPM does
not need to either.


On OpenBSD, nginx chroots its process by default. Here is a snippet from
the man page nginx(8).

-u   By default nginx will chroot(2) to the home
directory of the user running the daemon, typically
"www", or to the home directory of user in
nginx.conf.  The -u option disables this behaviour,
and returns nginx to the original "unsecure"
behaviour.

But it doesn't do it on other systems; I cross-checked with nginx
installed on a FreeBSD, where this option doesn't exist.

Since nginx and php_fpm chroot their processes to the same directory (if
not changed), nginx should be able to write to the php_fpm socket.