Re: weird carp failover behavior
On Thu, 20 Aug 2015 21:56:18 -0500 Patrick Dohman wrote: >Anything in your modem logs? DOCSIS layer 2 is a strange beast :) > >Any cabling issue such attenuators or splitters behind the modem? > >Regards >Patrick > > > >> On Aug 19, 2015, at 2:34 PM, Devin Reade wrote: >> >> I'm trying to understand an odd behavior during carp failover >> where one uplink goes numb until the demarc equipment is power >> cycled. >> >> Consider the following: >> >> ISP1-demarc ISP2-demarc >> | | >> SW1 (Net1) SW2 (Net2) - C >> |\ /| >> | X | >> |/ \| >> FW-A - FW-B >> |\ /| >> | X | >> |/ \| >> SW3 (Net3) SW4 (Net4) >> (no NAT) (NAT) >> | >> H4 >> >> ISP1-demarc and ISP2-demarc are the respective ISP's equipment >> (outside of my control, other than power cycling them). SWn are all >> unmanaged switches. >> >> FW-A, FW-B, and C are all OpenBSD boxes. FW-A and FW-B, in >> particular, are running 5.7-STABLE in a master/slave carp >> configuration. Things are set up so that traffic to/from Net3 is >> sent via ISP1 (no NAT) and traffic to/from Net4 is sent via ISP2 >> (using NAT on on FW-A and FW-B). H4 is a host sitting on Net4 in >> private address space. >> >> Static IPs are used throughout, including on both the SW1 and SW2 >> subnets. FW-n are routers, not bridges. Pfsync is running via >> a crossover cable between FW-A and FW-B. >> >> Behavior: >> >> In normal operations everything works as expected. During a carp >> failover, everything for Net3 via ISP1 also works as expected. >> However, during a failover I lose connectivity on Net4, in a >> qualified manner (see below) until ISP2-demarc is power cycled. >> >> The obvious first answer is that ISP2-demarc (which is a Motorola >> cable modem) probably has a limited number of MAC slots available >> to it. However, that doesn't seem quite right. More details ... >> >> Before failover, I set up a 'ping -n' running on H4 and going to >> a host elsewhere on the Internet (call it EXT). I also set up >> a 'ping -n' on C going to the carp IP of FW-A and FW-B on Net2 >> (lets call that Carp2). >> >> Now comes the wierd part. If I shut down the master, FW-A, I see >> the following: >> >> 1. the running pings from C to Carp2 continue to work until ^C >> 2. the running pings from H4 to EXT continue to work until ^C >> 3. a concurrent newly created ping from C to Carp2 fails >> 4. a concurrent newly created ping from H4 to EXT fails >> 5. all other outbound traffic from Net4 fails (this is just >>a generalization of (4). >> >> If I power cycle ISP2-demarc, sanity returns. That is, until >> FW-A comes back up and FW-B is demoted again. Then I get the same >> type of failures until ISP2-demarc is power cycled again. >> >> Power cycling switch SW2 instead of ISP2-demarc does not affect the >> outcome. >> >> Ok, so how about the MACs? On Net2 we have the following MACs: >> >> - ISP2-demarc-mac (on ISP2-demarc) >> - C-mac (on C) >> - FW-A-mac (physical MAC on FW-A) >> - FW-B-mac (physical MAC on FW-B) >> - Carp2-mac (the virtual MAC used by Carp2, which I've verified >> to be the same for both FW-A and FW-B when they are respectively >> running as master. >> >> One wart here, and a difference between Net1 and Net2 is that on >> Net1 both firewalls have their own IPs in addition to the Carp1 >> IP. However, on Net2 both firewall's hostname.if file contains >> only the 'up' keyword; no IP is used on that network until the >> machine becomes the carp master. >> >> So that means that when H4 is pinging EXT, the pings are being >> NAT'd to use the Carp1 IP. Therefore I wouldn't expect a failover >> to cause the modem's MAC slots to overflow. >> >> But the *really* weird part is what is happening with C; why would >> C not be able to ping Carp1 until ISP2-demarc is power-cycled, >> especially with SW2 isolating the latter from Carp1 and C? >> >> And the story with C gets better. If I set up a tcpdump on FW-B's >> Net2 interface, I see the following sequence of events: >> >> - before killing FW-A, I see arp requests and CARPv2 advertisements >> from FW-A (based on the skew), and that's about it (as expected) >> - upon shutting down FW-A, I see a CARPv2 packet from FW-B, and then >> start seeing the ping request/reply pairs coming in from C (as >> expected) >> - upon killing and restarting C's ping to Carp2, I no longer see the >> response on C, but I'm seeing both the request and response in >> FW-B's tcpdump. On C, I see only the echo response. (NOT expected) >> >> Does this last bit point the finger at SW2 being the culprit (perhaps >> not routing packets to the appropriate NIC port), even though power >> cycling SW2 isn't sufficient to fix the problem? >> >> Any other thoughts? >> >> Devin > if logistically possible, and it might not be, temporarily remove sw2 from the equation, and plug ISP2 and FW-B into SW1. both ISPs will come into the sa
Re: weird carp failover behavior
Anything in your modem logs? DOCSIS layer 2 is a strange beast :) Any cabling issue such attenuators or splitters behind the modem? Regards Patrick > On Aug 19, 2015, at 2:34 PM, Devin Reade wrote: > > I'm trying to understand an odd behavior during carp failover > where one uplink goes numb until the demarc equipment is power > cycled. > > Consider the following: > > ISP1-demarc ISP2-demarc > | | > SW1 (Net1) SW2 (Net2) - C > |\ /| > | X | > |/ \| > FW-A - FW-B > |\ /| > | X | > |/ \| > SW3 (Net3) SW4 (Net4) > (no NAT) (NAT) > | > H4 > > ISP1-demarc and ISP2-demarc are the respective ISP's equipment (outside > of my control, other than power cycling them). SWn are all unmanaged > switches. > > FW-A, FW-B, and C are all OpenBSD boxes. FW-A and FW-B, in particular, > are running 5.7-STABLE in a master/slave carp configuration. Things > are set up so that traffic to/from Net3 is sent via ISP1 (no NAT) and > traffic to/from Net4 is sent via ISP2 (using NAT on on FW-A and FW-B). > H4 is a host sitting on Net4 in private address space. > > Static IPs are used throughout, including on both the SW1 and SW2 > subnets. FW-n are routers, not bridges. Pfsync is running via > a crossover cable between FW-A and FW-B. > > Behavior: > > In normal operations everything works as expected. During a carp > failover, everything for Net3 via ISP1 also works as expected. > However, during a failover I lose connectivity on Net4, in a qualified > manner (see below) until ISP2-demarc is power cycled. > > The obvious first answer is that ISP2-demarc (which is a Motorola > cable modem) probably has a limited number of MAC slots available > to it. However, that doesn't seem quite right. More details ... > > Before failover, I set up a 'ping -n' running on H4 and going to > a host elsewhere on the Internet (call it EXT). I also set up > a 'ping -n' on C going to the carp IP of FW-A and FW-B on Net2 > (lets call that Carp2). > > Now comes the wierd part. If I shut down the master, FW-A, I see > the following: > > 1. the running pings from C to Carp2 continue to work until ^C > 2. the running pings from H4 to EXT continue to work until ^C > 3. a concurrent newly created ping from C to Carp2 fails > 4. a concurrent newly created ping from H4 to EXT fails > 5. all other outbound traffic from Net4 fails (this is just >a generalization of (4). > > If I power cycle ISP2-demarc, sanity returns. That is, until > FW-A comes back up and FW-B is demoted again. Then I get the same > type of failures until ISP2-demarc is power cycled again. > > Power cycling switch SW2 instead of ISP2-demarc does not affect the > outcome. > > Ok, so how about the MACs? On Net2 we have the following MACs: > > - ISP2-demarc-mac (on ISP2-demarc) > - C-mac (on C) > - FW-A-mac (physical MAC on FW-A) > - FW-B-mac (physical MAC on FW-B) > - Carp2-mac (the virtual MAC used by Carp2, which I've verified > to be the same for both FW-A and FW-B when they are respectively > running as master. > > One wart here, and a difference between Net1 and Net2 is that on > Net1 both firewalls have their own IPs in addition to the Carp1 > IP. However, on Net2 both firewall's hostname.if file contains > only the 'up' keyword; no IP is used on that network until the > machine becomes the carp master. > > So that means that when H4 is pinging EXT, the pings are being > NAT'd to use the Carp1 IP. Therefore I wouldn't expect a failover > to cause the modem's MAC slots to overflow. > > But the *really* weird part is what is happening with C; why would > C not be able to ping Carp1 until ISP2-demarc is power-cycled, especially > with SW2 isolating the latter from Carp1 and C? > > And the story with C gets better. If I set up a tcpdump on FW-B's Net2 > interface, I see the following sequence of events: > > - before killing FW-A, I see arp requests and CARPv2 advertisements > from FW-A (based on the skew), and that's about it (as expected) > - upon shutting down FW-A, I see a CARPv2 packet from FW-B, and then > start seeing the ping request/reply pairs coming in from C (as expected) > - upon killing and restarting C's ping to Carp2, I no longer see the > response on C, but I'm seeing both the request and response in FW-B's > tcpdump. On C, I see only the echo response. (NOT expected) > > Does this last bit point the finger at SW2 being the culprit (perhaps > not routing packets to the appropriate NIC port), even though power > cycling SW2 isn't sufficient to fix the problem? > > Any other thoughts? > > Devin
Re: SuperMicro thin mini itx?
Contact their support department. I ended up doing that anyway earlier this morning. If I don't hear back from them maybe I'll try calling tomorrow or something. They're actually pretty good about answering questions on the phone, even on the first call. They did get back to me via email, and the answer is "no". We'll have to look into substitutes next week I guess.
Re: Ubiquiti EdgeRouter Lite
Juan Francisco Cantero Hurtado wrote: > Slightly off-topic: > > Ubiquiti released recently a new router named EdgeRouter X. 49 USD, 5 > gigabit ports, 5W, dual-core 800Mhz, 256MB. > > It's a MIPS32, so if some developer is looking for a new platform for > OpenBSD... :P . The processor is licensed from Imagination, which I > guess that is more open than Cavium. I have not found a dmesg yet. > > http://dl.ubnt.com/datasheets/edgemax/EdgeRouter_X_DS.pdf > > http://www.embeddeddeveloper.com/cores/documents/MIPS32_1004K_rev1.pdf This spring, I asked a few OpenBSD MIPS devs about the project's interest in a MIPS32 port for the Creator CI20. It turns out that MIPS32 support was quietly removed last year: > > revision 1.20 > date: 2014/03/11 07:50:49; author: jasper; state: Exp; lines: +1 -15; > remove #if(n)def __LP64__ from the mips64 codebase, as mips32 never really > went anywhere. > > ok miod@ > I was pretty forcibly told that there was no interest, which is understandable. Without TLB magic or the below-mentioned EVA, a MIPS32 chip can only directly map 512 MB of memory, which is becoming unacceptable for everything but embedded devices. For more details, check out its wacky memory model: http://www.johnloomis.org/microchip/pic32/memory/memory.html ImgTec, the new owners of the ISA, added a workaround called Enhanced Virtual Addressing (EVA) in MIPS32 revision 3.5 (MIPS32r3.5). It increases the directly mapped memory limit to 3.5 GB. I don't know whether any OSs actually support it, though, and I remember hearing that it's not elegant (but that's just a vague memory). My description of the memory limit issue may have been misleading. If anyone notices mistakes, please correct me. :) So, if you want BSD on MIPS32, NetBSD is your best (only?) bet.
Re: Set screen resolution for inteldrm during boot ?
>No. > >We have no plans to do that, since the kernel would need to store >additional font sizes. Thanks for your answer. No problem - I thought I missed maybe some documentation about it. Only for my understanding, a „workaround" would then be to disable inteldrm in UKC to keep the default resolution of the console and use for X a xorg.conf ?
Re: Set screen resolution for inteldrm during boot ?
> I am new to OpenBSD - sorry if I ask about a already documented thing. > > I have here a Lenovo ThinkPad W541 which works till X without problems. > The dmesg shows, that the resolution switches to 2880x1620 during boot. > Is there a way (UKC) to change the resolution during boot for the console ? No. We have no plans to do that, since the kernel would need to store additional font sizes.
Set screen resolution for inteldrm during boot ?
Hello ! I am new to OpenBSD - sorry if I ask about a already documented thing. I have here a Lenovo ThinkPad W541 which works till X without problems. The dmesg shows, that the resolution switches to 2880x1620 during boot. Is there a way (UKC) to change the resolution during boot for the console ? Thanks for your help. Regards, Christoph dmesg : OpenBSD 5.8 (GENERIC.MP) #1234: Thu Aug 6 09:26:52 MDT 2015 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 33939300352 (32367MB) avail mem = 32906813440 (31382MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0x7cd2d000 (69 entries) bios0: vendor LENOVO version "GNET73WW (2.21 )" date 03/12/2015 bios0: LENOVO 20EFS00B00 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP DBGP ECDT HPET APIC MCFG SSDT SSDT SSDT SSDT SSDT SSDT SSDT PCCT SSDT TCPA UEFI POAT ASF! BATB FPDT UEFI acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) EXP3(S4) XHCI(S3) EHC1(S3) EHC2(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpiec0 at acpi0 acpihpet0 at acpi0: 14318179 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-4810MQ CPU @ 2.80GHz, 2794.08 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel(R) Core(TM) i7-4810MQ CPU @ 2.80GHz, 2793.53 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel(R) Core(TM) i7-4810MQ CPU @ 2.80GHz, 2793.53 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 1, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: Intel(R) Core(TM) i7-4810MQ CPU @ 2.80GHz, 2793.54 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT cpu3: 256KB 64b/line 8-way L2 cache cpu3: smt 1, core 1, package 0 cpu4 at mainbus0: apid 4 (application processor) cpu4: Intel(R) Core(TM) i7-4810MQ CPU @ 2.80GHz, 2793.53 MHz cpu4: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT cpu4: 256KB 64b/line 8-way L2 cache cpu4: smt 0, core 2, package 0 cpu5 at mainbus0: apid 5 (application processor) cpu5: Intel(R) Core(TM) i7-4810MQ CPU @ 2.80GHz, 2793.54 MHz cpu5: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT cpu5: 256KB 64b/line 8-way L2 cache cpu5: smt 1, core 2, package 0 cpu6 at mainbus0: apid 6 (application processor) cpu6: Intel(R) Core(TM) i7-4810MQ CPU @ 2.80GHz, 2793.53 MHz cpu6: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE
Re: Ubiquiti EdgeRouter Lite
On Tue, Aug 18, 2015 at 01:08:10PM -0400, Ted Unangst wrote: > Jona Joachim wrote: > > Thank you very much for the write-up! I'm looking into buying hardware > > to build a small OpenBSD home router and this looks interesting. > > You say that the machine will not be able to serve as an IPSEC gateway. > > Is that when you consider Gigabit ethernet or do you think that even a > > 10 Mbit connection will require too much computational power to do > > IPSEC on this machine? > > For comparison, md5 -t: > Time = 2.198556 seconds > Speed = 45484399.760570 bytes/second > > I don't use IPsec, and I notice that Ubiquiti don't mention it as a selling > point for the device. I would probably not use the edgerouter for anything too > far outside what the adverising materials say (just running openbsd instead). > > > You also mention the usb driver which is not so reliable. I don't see a > > USB port on the machine. Is this an internal bus? I would be interested > > to use it with hostapd with a usb wifi nic. > > The flash storage inside is attached via USB. > > As for power, it's a 12W supply. I'll have to hook it up to a meter and > measure. Update on that later. > > I would say it's an interesting alternative if you're specifically looking for > a non-PC router. I'm not sure it's the best router platform in general. Slightly off-topic: Ubiquiti released recently a new router named EdgeRouter X. 49 USD, 5 gigabit ports, 5W, dual-core 800Mhz, 256MB. It's a MIPS32, so if some developer is looking for a new platform for OpenBSD... :P . The processor is licensed from Imagination, which I guess that is more open than Cavium. I have not found a dmesg yet. http://dl.ubnt.com/datasheets/edgemax/EdgeRouter_X_DS.pdf http://www.embeddeddeveloper.com/cores/documents/MIPS32_1004K_rev1.pdf -- Juan Francisco Cantero Hurtado http://juanfra.info
Re: problems compiling latest 5.7 patches
On 2015-08-20, luke...@onemodel.org wrote: > The error messages make it look like the code is wrong & won't > build. > > Any suggestions? Is there any chance you've tried building things without having done 'make obj' first? If so, you might have some files lying around under /usr/src that shouldn't be there which may get in the way. There are ways to clean things but simplest is probably to just wipe /usr/src and try a clean checkout.
IPSec OpenBSD road warrior
Hi, I am trying to accomplish this: Connect a laptop (OpenBSD 5.7, road-warrior) with IPSec/VPN tunnel to an OpenBSD server. The laptop is sitting in different networks who all do NAT, the server has a static IPv4 address. The goal is to route all the traffic from the laptop to the server, encapsulated as IPSec packets. And then, forward those packages so that communciation goes entirly over 'server'. On both machines, I created a lo1 device with the addresses 10.0.0.1 (server) and 10.0.0.2 (laptop). So the configuration looks like: server NAT GW/DSL router ext:1.2.3.4 <-- internet --> ext:5.6.7.8 laptop lo1:10.0.0.1 int:192.168.0.1 <-> int: 192.168.0.10 lo1: 10.0.0.2 ipsec.conf on the client: ike esp from egress to 10.0.0.1 peer 1.2.3.4 psk "key" ipsec.conf on the server: ike passive esp from 10.0.0.1 to any srcid 'servername' psk "key" I can ping 10.0.0.1 (from client and server) and see that encrypted packages arrive and the enc0 says that I got icmp requests from 192.168.0.10. I don't know, how to set up my my default route on the laptop (should be 10.0.0.1) (and then, do NATting). On lo1, there do not arrive any packages. Any help is much appreciated. Thanks, Berger S.
Re: SuperMicro thin mini itx?
> From Supermicro website: > http://www.supermicro.nl/products/motherboard/ATOM/ > http://www.supermicro.nl/products/embedded/embedded_motherboard.cfm > > Recently I bought a X9SBAA-F on ebay and except this bug[1] everything > is working as it should. > > [1] http://marc.info/?l=openbsd-bugs&m=144001965023035&w=2 Hey, thanks for the dmesg. Here's another previous model X7SPA-HF-D525 report working excellent since 2011: http://marc.info/?l=openbsd-misc&m=143809718924583 The only gripe is the Matrox MGA G200eW used to work with X and not at present (some update in Xorg broke it): [100914.283] (EE) MGA(0): Unable to map Framebuffer FC00 80. Bad file descriptor (9) [100914.284] (WW) MGA(0): Could not retrieve video BIOS! [100914.284] (EE) MGA(0): Unable to detect video RAM. [100914.284] (EE) Screen(s) found, but none have a usable configuration. $ sudo lspci -nnvv -d 102b: 04:04.0 VGA compatible controller [0300]: Matrox Electronics Systems Ltd. MGA G200eW WPCM450 [102b:0532] (rev 0a) (prog-if 00 [VGA controller]) Subsystem: Super Micro Computer Inc Device [15d9:060a] Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx- Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- SERR-
Re: SuperMicro thin mini itx?
Quartz [qua...@sneakertech.com] wrote: > >Why would you contact their marketing department? That's silly. > > Well because I assume that marketing encompasses sales, and the sales > department kinda ought to know what products the company sells. > > > >Contact their support department. > > I ended up doing that anyway earlier this morning. If I don't hear back from > them maybe I'll try calling tomorrow or something. They're actually pretty good about answering questions on the phone, even on the first call.
Re: Ubiquiti EdgeRouter Lite
Stuart Henderson [s...@spacehopper.org] wrote: > On 2015-08-18, Ted Unangst wrote: > > I don't use IPsec, and I notice that Ubiquiti don't mention it as a selling > > point for the device. I would probably not use the edgerouter for anything > > too > > far outside what the adverising materials say (just running openbsd > > instead). > > The advertising materials quote things like 1Mpps, you aren't going to > see anything like that with OpenBSD. They are based around running EdgeOS > which uses hw acceleration, afaik this is difficult without Cavium's SDK. > They also get 700kpps with IPv6 forwarding (which is not hardware accelerated on that platform). The Cavium SDK fits in a bunch of memory and cache optimizations for the platform, there are some Cavium lessons to be learned. Also the general network stack improvement in the routing table and the MP work may be critical here! > Much as I like the idea of non-x86 for this, if I wanted a small router > running OpenBSD rather than a platform to hack on I'd first look at the > APU. (I don't have one myself but upgraded the OS on one at a customer's > recently, it doesn't seem to run as warm as it used to, possibly due to > the changes to the mwait-based idle loop which is in 5.8/-current). The APU is pretty nice for the price and the power consumption, like the ERL but faster with OpenBSD today. (The md5 -t test is 3.5x faster, for instance, 163195232 bytes/second.)
Re: KeePass 2.30- libpng and other errors
If you don't need the keepass 2x functionality, then the keepass 1x package is available and works great. On Aug 20, 2015 8:28 AM, "Andrzej Drewnowski" wrote: > Hello! > > I am trying to run KeePass on OpenBSD (amd64)- current (but on 5.7 are the > same errors). I installed Mono from packages and downloaded > KeePass-2.30-portable. Unfortunately I can't start KeePass because of this > errors: > > > SendMessage (25165861, 0x112c, 0x4, 0x4) > > libpng error: invalid after png_start_read_image or png_read_update_info > > libpng error: invalid after png_start_read_image or png_read_update_info > > libpng error: invalid after png_start_read_image or png_read_update_info > > libpng error: invalid after png_start_read_image or png_read_update_info > > SendMessage (25165855, 0x101f, 0x0, 0x0) > > SendMessage (0, 0x1203, 0x0, 0x7f7ee970) > > SendMessage (0, 0x1204, 0x0, 0x7f7ee970) > > SendMessage (0, 0x1203, 0x1, 0x7f7ee970) > > SendMessage (0, 0x1204, 0x1, 0x7f7ee970) > > SendMessage (0, 0x1203, 0x2, 0x7f7ee970) > > SendMessage (0, 0x1204, 0x2, 0x7f7ee970) > > SendMessage (0, 0x1203, 0x3, 0x7f7ee970) > > SendMessage (0, 0x1204, 0x3, 0x7f7ee970) > > SendMessage (0, 0x1203, 0x4, 0x7f7ee970) > > SendMessage (0, 0x1204, 0x4, 0x7f7ee970) > > * Assertion at strenc.c:183, condition `utf8!=NULL' not met > > > Stacktrace: > > > at <0x> > > at (wrapper managed-to-native) > KeePass.Native.NativeMethods.GetFileAttributes (string) <0x> > > at KeePass.Native.NativeMethods.FileExists (string) <0x0002d> > > at KeePass.Util.WinUtil.RemoveZoneIdentifier (string) <0x0006e> > > at KeePass.Forms.MainForm.OnFormLoadParallelAsync (object) <0x00090> > > at (wrapper runtime-invoke) .runtime_invoke_void__this___object > (object,intptr,intptr,intptr) <0x> > > > = > > Got a SIGABRT while executing native code. This usually indicates > > a fatal error in the mono runtime or one of the native libraries > > used by your application. > > = > > > Abort trap (core dumped) > > > > I would appreciate your help > > Regards > > Andrzej
Re: SuperMicro thin mini itx?
Why would you contact their marketing department? That's silly. Well because I assume that marketing encompasses sales, and the sales department kinda ought to know what products the company sells. Contact their support department. I ended up doing that anyway earlier this morning. If I don't hear back from them maybe I'll try calling tomorrow or something.
Re: SuperMicro thin mini itx?
From Supermicro website: http://www.supermicro.nl/products/motherboard/ATOM/ http://www.supermicro.nl/products/embedded/embedded_motherboard.cfm I know they sell Atom-based boards and various embedded boards, but just because it's Atom and/or embedded doesn't automatically mean it conforms to the thin-mini-itx standard. X9SBAA-F That one doesn't qualify either. Same issue with a high stack and no DC plug.
Re: USB mouse spontaneously detaching
Data point: plugging a no-name USB mouse into a PS/2 to USB adapter instead of directly into a USB 2.0 port on old HP amd64 board seems to have solved this in my case. Regards, Howard E.
KeePass 2.30- libpng and other errors
Hello! I am trying to run KeePass on OpenBSD (amd64)- current (but on 5.7 are the same errors). I installed Mono from packages and downloaded KeePass-2.30-portable. Unfortunately I can't start KeePass because of this errors: SendMessage (25165861, 0x112c, 0x4, 0x4) libpng error: invalid after png_start_read_image or png_read_update_info libpng error: invalid after png_start_read_image or png_read_update_info libpng error: invalid after png_start_read_image or png_read_update_info libpng error: invalid after png_start_read_image or png_read_update_info SendMessage (25165855, 0x101f, 0x0, 0x0) SendMessage (0, 0x1203, 0x0, 0x7f7ee970) SendMessage (0, 0x1204, 0x0, 0x7f7ee970) SendMessage (0, 0x1203, 0x1, 0x7f7ee970) SendMessage (0, 0x1204, 0x1, 0x7f7ee970) SendMessage (0, 0x1203, 0x2, 0x7f7ee970) SendMessage (0, 0x1204, 0x2, 0x7f7ee970) SendMessage (0, 0x1203, 0x3, 0x7f7ee970) SendMessage (0, 0x1204, 0x3, 0x7f7ee970) SendMessage (0, 0x1203, 0x4, 0x7f7ee970) SendMessage (0, 0x1204, 0x4, 0x7f7ee970) * Assertion at strenc.c:183, condition `utf8!=NULL' not met Stacktrace: at <0x> at (wrapper managed-to-native) KeePass.Native.NativeMethods.GetFileAttributes (string) <0x> at KeePass.Native.NativeMethods.FileExists (string) <0x0002d> at KeePass.Util.WinUtil.RemoveZoneIdentifier (string) <0x0006e> at KeePass.Forms.MainForm.OnFormLoadParallelAsync (object) <0x00090> at (wrapper runtime-invoke) .runtime_invoke_void__this___object (object,intptr,intptr,intptr) <0x> = Got a SIGABRT while executing native code. This usually indicates a fatal error in the mono runtime or one of the native libraries used by your application. = Abort trap (core dumped) I would appreciate your help Regards Andrzej
Re: per-vlan traffic control
On 20.08.2015 17:31, Paulo Coimbra wrote: Hi Atanas, Thanks for your response. I follow some configurations in that link you send, but nothing had effect. Packets is not going to queues. br, Paulo Coimbra 2015-08-20 10:55 GMT-03:00 Atanas Vladimirov : On 20.08.2015 16:35, Paulo Coimbra wrote: Well, considering that only outbound packets can be queued, I've changed some rules at pf.conf. Packets that are "outgoing" at $if_Internet, is upload. Packets that are "outgoing" at vlan100 is download, all right? My changed pf.conf below: (but even with these changes, doesn´t work for me, I getting 300Mb+ each direction.). Am I a dumb? (LMFAO). # # [0x01] Macros # $if_Internet="em1" # # [0x05] Queueing # queue Internet on $if_Internet bandwidth 10M queue vlan100_upload parent Internet bandwidth 5M max 5M default queue v100 on vlan100 bandwidth 10M queue vlan100_download parent v100 bandwidth 5M max 5M default Did you try to set the min bw as well: # # [0x05] Queueing # queue Internet on $if_Internet bandwidth 10M, min 9M max 10M queue vlan100_upload parent Internet bandwidth 5M, min 4M max 5M default queue v100 on vlan100 bandwidth 10M, min 9M max 10M queue vlan100_download parent v100 bandwidth 5M, min 4M max 5M default
Re: SuperMicro thin mini itx?
On Wed, Aug 19, 2015 at 1:47 AM, Quartz wrote: > We need to build some OpenBSD-based network devices that we'd strongly > prefer to be based on SuperMicro hardware. Does anyone know offhand if they > offer any products that conform to the Thin-Mini-ITX standard? Their > website is unhelpful and so far their marketing email hasn't responded to > inquiries. > Why would you contact their marketing department? That's silly. Contact their support department. If you don't mind waiting a day or so send them an email. If you want a faster answer call their support line. They'll answer your questions and won't require any type of account with them to get their assistance. -Gene
Re: per-vlan traffic control
Hi Atanas, Thanks for your response. I follow some configurations in that link you send, but nothing had effect. Packets is not going to queues. br, Paulo Coimbra 2015-08-20 10:55 GMT-03:00 Atanas Vladimirov : > On 20.08.2015 16:35, Paulo Coimbra wrote: > >> Well, considering that only outbound packets can be queued, I've changed >> some rules at pf.conf. Packets that are "outgoing" at $if_Internet, is >> upload. Packets that are "outgoing" at vlan100 is download, all right? My >> changed pf.conf below: (but even with these changes, doesnôt work for >> me, I >> getting 300Mb+ each direction.). Am I a dumb? (LMFAO). >> >> # >> # [0x01] Macros >> # >> $if_Internet="em1" >> >> # >> # [0x05] Queueing >> # >> queue Internet on $if_Internet bandwidth 10M >> queue vlan100_upload parent Internet bandwidth 5M max 5M default >> >> queue v100 on vlan100 bandwidth 10M >> queue vlan100_download parent v100 bandwidth 5M max 5M default >> >> # >> # [0x07] Packet Filtering >> # >> >> pass out quick on vlan100 set queue vlan100_download no state >> pass out quick on $if_Internet set queue vlan100_upload no state >> >> >> br, >> >> Paulo Coimbra >> >> > http://marc.info/?l=openbsd-misc&m=141085207225887&w=2 > > -- br, Paulo Coimbra
Re: redirect nor vpn (as I know it) solves this problem
On Wed, Aug 19, 2015 at 6:46 PM, Stuart Henderson wrote: > It's not *that* complex. It may be easier with tag rather than received-on > and if there's any confusion about rule ordering it may be easier to use > 'quick' and place them at the top of the ruleset. > > pass in quick proto tcp to $ext_if port 1234 rdr-to $server port 80 tag natrdr > pass out quick tagged natrdr nat-to $int_if Ah yes, thanks much, that construct does indeed work. Chris
Re: SuperMicro thin mini itx?
On 20.08.2015 04:46, Quartz wrote: Try the X10SBA Doesn't appear to fit the bill, unfortunately. That hdmi+displayport stack is too high, and while it has onboard DC12V it's missing the standardized plug on the back. Given that no one else has responded, I'm assuming that SuperMicro just doesn't make boards in this form factor, which is disappointing given how many other embedded solutions they offer. We'll probably have to go with an Intel model or something. Oh well. From Supermicro website: http://www.supermicro.nl/products/motherboard/ATOM/ http://www.supermicro.nl/products/embedded/embedded_motherboard.cfm Recently I bought a X9SBAA-F on ebay and except this bug[1] everything is working as it should. [1] http://marc.info/?l=openbsd-bugs&m=144001965023035&w=2
Re: per-vlan traffic control
On 20.08.2015 16:35, Paulo Coimbra wrote: Well, considering that only outbound packets can be queued, I've changed some rules at pf.conf. Packets that are "outgoing" at $if_Internet, is upload. Packets that are "outgoing" at vlan100 is download, all right? My changed pf.conf below: (but even with these changes, doesn´t work for me, I getting 300Mb+ each direction.). Am I a dumb? (LMFAO). # # [0x01] Macros # $if_Internet="em1" # # [0x05] Queueing # queue Internet on $if_Internet bandwidth 10M queue vlan100_upload parent Internet bandwidth 5M max 5M default queue v100 on vlan100 bandwidth 10M queue vlan100_download parent v100 bandwidth 5M max 5M default # # [0x07] Packet Filtering # pass out quick on vlan100 set queue vlan100_download no state pass out quick on $if_Internet set queue vlan100_upload no state br, Paulo Coimbra http://marc.info/?l=openbsd-misc&m=141085207225887&w=2
Re: per-vlan traffic control
Well, considering that only outbound packets can be queued, I've changed some rules at pf.conf. Packets that are "outgoing" at $if_Internet, is upload. Packets that are "outgoing" at vlan100 is download, all right? My changed pf.conf below: (but even with these changes, doesn´t work for me, I getting 300Mb+ each direction.). Am I a dumb? (LMFAO). # # [0x01] Macros # $if_Internet="em1" # # [0x05] Queueing # queue Internet on $if_Internet bandwidth 10M queue vlan100_upload parent Internet bandwidth 5M max 5M default queue v100 on vlan100 bandwidth 10M queue vlan100_download parent v100 bandwidth 5M max 5M default # # [0x07] Packet Filtering # pass out quick on vlan100 set queue vlan100_download no state pass out quick on $if_Internet set queue vlan100_upload no state br, Paulo Coimbra 2015-08-20 10:11 GMT-03:00 Josh Grosse : > On 2015-08-20 08:47, Paulo Coimbra wrote: > >> Hi all, >> >> I'm now doing some tests with openbsd+pf+queueing. My scenario is: >> >> [MIKROTIK 1] - [OPENBSD BOX]--[MIKROTIK 2] >> >> I've configured vlan 100 with physical interface em0 at openbsdBox and >> mikrotik 1, and create two queues (vlan100_in and vlan100_out) to limit >> bandwidth at 10M each direction. But... It doesn't works. >> > > [snip] > > queue v100 on em0 bandwidth 1000M >> queue vlan100_in parent v100 bandwidth 10M default >> queue vlan100_out parent v100 bandwidth 10M >> > > [snip] > > pass in quick on vlan100 set queue vlan100_in >> pass out quick on vlan100 set queue vlan100_out >> >> Any ideas? What am I doing wrong? >> > > Queuing only works on packets that are *outbound*. Once inbound packets > have arrived, they are already present. > > So, if you want to limit the rate of traffic from the Internet to your > local > LAN, do so when those packets are forwarded by the router. Those are > outbound > packets, and they can be queued. > > -- br, Paulo Coimbra
Re: per-vlan traffic control
On 2015-08-20 08:47, Paulo Coimbra wrote: Hi all, I'm now doing some tests with openbsd+pf+queueing. My scenario is: [MIKROTIK 1] - [OPENBSD BOX]--[MIKROTIK 2] I've configured vlan 100 with physical interface em0 at openbsdBox and mikrotik 1, and create two queues (vlan100_in and vlan100_out) to limit bandwidth at 10M each direction. But... It doesn't works. [snip] queue v100 on em0 bandwidth 1000M queue vlan100_in parent v100 bandwidth 10M default queue vlan100_out parent v100 bandwidth 10M [snip] pass in quick on vlan100 set queue vlan100_in pass out quick on vlan100 set queue vlan100_out Any ideas? What am I doing wrong? Queuing only works on packets that are *outbound*. Once inbound packets have arrived, they are already present. So, if you want to limit the rate of traffic from the Internet to your local LAN, do so when those packets are forwarded by the router. Those are outbound packets, and they can be queued.
Re: per-vlan traffic control
On Thu, Aug 20, 2015 at 09:47:09AM -0300, Paulo Coimbra wrote: > Hi all, Hello Paulo, > > I'm now doing some tests with openbsd+pf+queueing. My scenario is: > > [MIKROTIK 1] - [OPENBSD BOX]--[MIKROTIK 2] > > I've configured vlan 100 with physical interface em0 at openbsdBox and > mikrotik 1, and create two queues (vlan100_in and vlan100_out) to limit > bandwidth at 10M each direction. But... It doesn't works. > > My pf.conf is as follows: > --- SNIPPED --- > > queue v100 on em0 bandwidth 1000M > queue vlan100_in parent v100 bandwidth 10M default > queue vlan100_out parent v100 bandwidth 10M > --- SNIPPED --- > > Any ideas? What am I doing wrong? You didn't configure the 'max' parameter in your queue, so it's probably sharing the bandwidth. Try this: ... queue vlan100_in parent v100 bandwidth 10M, max 10M default queue vlan100_out parent v100 bandwidth 10M, max 10M ... > > thanx, > > Paulo Coimbra
Re: Pre-orders for 5.8
> To celebrate the upcoming 20 years anniversary release of OpenBSD, Salute! > four (instead of the usual one) songs are contributed and will be > included in the release. The song I contributed is being released > today: > >http://www.openbsd.org/lyrics.html#58c Thanks, nice tune, very catchy vocals, funny cartoons, liked the arrangement too, quote from the song: With every release, Puffy becomes better, so much better all the time. Indeed, and very rewarding experience using OpenBSD. Quite like the flite touch in the song too, reads mail subjects here so familiar "voice". > By the way, pre-orders for 5.8 CDs and posters were enabled moments ago. > > Also, please see: > >http://www.openbsd.org/58.html > > for more details about what is coming in this release. Great news, thanks again to everyone.
Re: per-vlan traffic control
Hi all, I'm now doing some tests with openbsd+pf+queueing. My scenario is: [MIKROTIK 1] - [OPENBSD BOX]--[MIKROTIK 2] I've configured vlan 100 with physical interface em0 at openbsdBox and mikrotik 1, and create two queues (vlan100_in and vlan100_out) to limit bandwidth at 10M each direction. But... It doesn't works. My pf.conf is as follows: # # [0x01] Macros # # # [0x02] Tables # # # [0x03] Options # set skip on lo # # [0x04] Traffic Normalization # # # [0x05] Queueing # queue v100 on em0 bandwidth 1000M queue vlan100_in parent v100 bandwidth 10M default queue vlan100_out parent v100 bandwidth 10M # # [0x06] Translation # # # [0x07] Packet Filtering # pass in quick on vlan100 set queue vlan100_in pass out quick on vlan100 set queue vlan100_out Any ideas? What am I doing wrong? thanx, Paulo Coimbra 2015-08-19 22:59 GMT-03:00 James Shupe : > On 8/19/2015 3:39 PM, Paulo Coimbra wrote: > > hi, > > This is my first mail to the list. It's possible limit traffic by Vlan > with > > openbsd? For example I would like to limit 50mb for Vlan 100. > > > > Br, > > > > Paulo Coimbra > > > > > > > http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/pf.conf.5?query=pf.conf&arch=i386 > > Read the QUEUEING section. > > -- br, Paulo Coimbra
Re: problems compiling latest 5.7 patches
The error messages make it look like the code is wrong & won't build. Any suggestions? Attached is the dmesg output I forgot to include the first time. Thanks. On 08/19/15 04:53, luke...@onemodel.org wrote: > I'm not an expert but am trying to follow the instructions > to rebuild my 5.7 stable system with the latest patches, > using the commands below. I'm pretty sure this same > script has worked for me in the past It fails at the last > line with exit code 1. I've duplicated the problem more > than once, and the last time, CVS didn't seem to pull down > any new files (it did the day before) so I'm thinking I've got > the latest code to work with. > > Any advice? Thanks in advance. > > Here's the relevant portion of the script I use: > > CVSROOT="anon...@anoncvs.ca.openbsd.org:/cvs" > STABLE_BRANCH='OPENBSD_5_7' > cd /usr/src > nice time cvs -q -d "$CVSROOT" up -r$STABLE_BRANCH -Pd > cd /usr/src/sys > nice time cvs -q -d "$CVSROOT" up -r$STABLE_BRANCH -Pd > cd /usr/xenocara > nice time cvs -q -d "$CVSROOT" up -r$STABLE_BRANCH -Pd > cd /usr/ports > nice time cvs -q -d "$CVSROOT" up -r$STABLE_BRANCH -Pd > # rebuild & install kernel: > cd /usr/src/sys/arch/$(machine)/conf/ > nice config GENERIC.MP > cd ../compile/GENERIC.MP > nice make clean && nice make > echo 'When ready, to install the new kernel:';read > nice make install > echo "NOW: manually reboot when ready; then do the stuff below as > needed; NOT DONE YET!" > exit > [...] > # rebuild userland & install it: > nice rm -rf /usr/obj/* > cd /usr/src > # [i also tried it with a 'make clean' here--same result] > nice make obj > cd /usr/src/etc && env DESTDIR=/ nice make distrib-dirs > cd /usr/src > nice make build > echo $? > > > Here is the output, which ends with the errors. Pls > pardon the line lengths, it's literal: > I/usr/src/gnu/usr.bin/binutils/ld -I../bfd > -I/usr/src/gnu/usr.bin/binutils/ld/../bfd > -I/usr/src/gnu/usr.bin/binutils/ld/../include > -I/usr/src/gnu/usr.bin/binutils/ld/../intl -I../intl -O2 -pipe > -DPIE_DEFAULT=1 -DLOCALEDIR="\"/usr/share/locale\"" -W -Wall > -Wstrict-p > rototypes -Wmissing-prototypes -O2 -pipe -DPIE_DEFAULT=1 -c > eelf_i386_obsd.c > In file included from eelf_i386_obsd.c:31: > /usr/src/gnu/usr.bin/binutils/ld/../include/getopt.h:116: warning: > function declaration isn't a prototype > eelf_i386_obsd.c: In function 'gldelf_i386_obsd_open_dynamic_archive': > eelf_i386_obsd.c:889: warning: unused parameter 'arch' > LIB_PATH='' /bin/sh /usr/src/gnu/usr.bin/binutils/ld/genscripts.sh > /usr/src/gnu/usr.bin/binutils/ld /usr/lib "/usr" > x86_64-unknown-openbsd5.7 x86_64-unknown-openbsd5.7 > amd64-unknown-openbsd5.7 "elf_x86_64_obsd" "/usr/local/lib /lib > /usr/lib" no elf_i386 "amd64-unknown-openbsd5.7" > cc -DHAVE_CONFIG_H -I. -I/usr/src/gnu/usr.bin/binutils/ld -I. > -D_GNU_SOURCE -I. -I/usr/src/gnu/usr.bin/binutils/ld -I../bfd > -I/usr/src/gnu/usr.bin/binutils/ld/../bfd > -I/usr/src/gnu/usr.bin/binutils/ld/../include > -I/usr/src/gnu/usr.bin/binutils/ld/../intl -I../intl -O2 -pipe > -DPIE_DEFAULT=1 -DLOCALEDIR="\"/usr/share/locale\"" -W -Wall > -Wstrict-prototypes -Wmissing-prototypes -O2 -pipe -DPIE_DEFAULT=1 -c > eelf_i386.c > In file included from eelf_i386.c:31: > /usr/src/gnu/usr.bin/binutils/ld/../include/getopt.h:116: warning: > function declaration isn't a prototype > eelf_i386.c: In function 'gldelf_i386_open_dynamic_archive': > eelf_i386.c:889: warning: unused parameter 'arch' > /bin/sh ./libtool --mode=link cc -W -Wall -Wstrict-prototypes > -Wmissing-prototypes -O2 -pipe -DPIE_DEFAULT=1 -o ld-new ldgram.o > ldlex.o lexsup.o ldlang.o mri.o ldctor.o ldmain.o ldwrite.o ldexp.o > ldemul.o ldver.o ldmisc.o ldfile.o ldcref.o eelf_x86_64_obsd.o > eelf_i386_obsd.o eelf_i386.o ../bfd/libbfd.la -liberty > mkdir .libs > cc -W -Wall -Wstrict-prototypes -Wmissing-prototypes -O2 -pipe > -DPIE_DEFAULT=1 -o ld-new ldgram.o ldlex.o lexsup.o ldlang.o mri.o > ldctor.o ldmain.o ldwrite.o ldexp.o ldemul.o ldver.o ldmisc.o ldfile.o > ldcref.o eelf_x86_64_obsd.o eelf_i386_obsd.o eelf_i386.o > ../bfd/.libs/libbfd.a -liberty > ldlex.o(.text+0x42d): In function `lex_redirect': > : warning: strcpy() is almost always misused, please use strlcpy() > ldmain.o(.text+0x1f72): In function `main': > : warning: strcat() is almost always misused, please use strlcat() > ldlex.o(.text+0x91f): In function `lex_warn_invalid': > : warning: sprintf() is often misused, please use snprintf() > cd . && /bin/sh ./config.status config.h > config.status: creating config.h > config.status: config.h is unchanged > make all-recursive > Making all in doc > Making all in po > cd . && /bin/sh ./config.status config.h > config.status: creating config.h > config.status: config.h is unchanged > cc -DHAVE_CONFIG_H -I. -I/usr/src/gnu/usr.bin/binutils/gas -I. > -D_GNU_SOURCE -I. -I/usr/src/gnu/usr.bin/binutils/gas -I../bfd > -I/usr/src/gnu/usr.bin/binutils/gas/config > -I/usr/src/gnu/usr.bin/binutils/gas/../
Re: Ubiquiti EdgeRouter Lite
On Tue, Aug 18, 2015 at 10:33:37PM -0400, dominik...@openmailbox.org wrote: > On 2015-08-18 11:42, Tobias Ulmer wrote: > >On Tue, Aug 18, 2015 at 01:59:49PM +, Jona Joachim wrote: > >>On 2015-08-18, Ted Unangst wrote: > >>> Predrag Punosevac wrote: > Dear All, > > I am contemplating buying a new machine which will act as a router/DNS > caching server for my home network. Is anybody currently running OpenBSD > on the Ubiquiti Networks EdgeRouter LITE in that capacity? I saw that in > June 2015 USB support was added which allows installing to local disk on > machine. Can anybody point me to a work in progress documentation diff > for installing 5.8 octeon port. I am reading right now > >>> > >>> Here are my notes, which are basic, but should be enough to get you > >>> through if > >>> you're familiar with openbsd. > >>> http://www.tedunangst.com/flak/post/OpenBSD-on-ERL > >> > >>Thank you very much for the write-up! I'm looking into buying hardware > >>to build a small OpenBSD home router and this looks interesting. > >>You say that the machine will not be able to serve as an IPSEC gateway. > >>Is that when you consider Gigabit ethernet or do you think that even a > >>10 Mbit connection will require too much computational power to do > >>IPSEC on this machine? > >>You also mention the usb driver which is not so reliable. I don't see a > >>USB port on the machine. Is this an internal bus? I would be interested > >>to use it with hostapd with a usb wifi nic. > > > >There is only one internal port, and you need that for storage. The > >internal flash is not supported and it's not all that much anyway. > > > >I've not tested it, but have my doubts uboot will boot from a usb > >storage device with a hub in between. > > > >> > >>Kindly, > >>Jona Joachim > > You can upgrade the internal usb storage capacity. Not all usb keys seems to > work though. A couple functioning models can be found at the Gentoo > MIPS/ERLite-3 page (https://wiki.gentoo.org/wiki/MIPS/ERLite-3). > That's because the usb timeout in uboot is pretty short. I'm using an external sata disk (1TB), works fine when you power sequence them right. Of course when the device draws its power from the internal bus, it needs to initialize quickly in order to respond to uboot probing in time. > I bought a 16 GB one to use in my ERL with OpenBSD but I haven't tested it > since I can't connect to the router's serial port. Seems it could be caused > by my cheap usb-to-serial cable with an CH340/341 which returns me only > garbage. I can type commands and see that they have an effect but all text > is garbage. Are you sure you're using the right baudrate? I've had no trouble with a self-made cable and ftdi/pl2302 converters. The ERL doesn't seem particularly sensitive. You might indeed have an adapter from the famous One Hung Lo factory... Do you not have some old box with a real serial port to test your theory? > > Do you guys have any idea? Or do I just need to buy a better usb-to-serial > converter with an FTDI processor like this one: > http://www.usconverters.com/usb-serial-adapter-xs882 > > Thanks for the help. > > Dom
Re: Ubiquiti EdgeRouter Lite
On 2015-08-20, Stuart Henderson wrote: > On 2015-08-18, Ted Unangst wrote: >> I don't use IPsec, and I notice that Ubiquiti don't mention it as a selling >> point for the device. I would probably not use the edgerouter for anything >> too >> far outside what the adverising materials say (just running openbsd instead). > > The advertising materials quote things like 1Mpps, you aren't going to > see anything like that with OpenBSD. They are based around running EdgeOS > which uses hw acceleration, afaik this is difficult without Cavium's SDK. > > Much as I like the idea of non-x86 for this, if I wanted a small router > running OpenBSD rather than a platform to hack on I'd first look at the > APU. (I don't have one myself but upgraded the OS on one at a customer's > recently, it doesn't seem to run as warm as it used to, possibly due to > the changes to the mwait-based idle loop which is in 5.8/-current). BTW since Ted posted md5 times, here's some from the APU to compare: $ md5 -t MD5 time trial. Processing 1 1-byte blocks... Digest = 52e5f9c9e6f656f3e1800dfa5579d089 Time = 0.615835 seconds Speed = 162381157.290508 bytes/second And cpu temp, this is sitting on top of a fanless switch under a desk - fwiw, it's doing pppoe/pf for a VDSL line, 1500 mtu on the pppoe interface with baby jumbos on the re(4), with some ipsec+l2tp, not especially busy. $ sysctl hw.sensors hw.sensors.km0.temp0=51.00 degC OpenBSD 5.8 (GENERIC.MP) #1235: Mon Aug 10 06:54:34 MDT 2015 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2098511872 (2001MB) avail mem = 2031079424 (1936MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0x7e16d820 (6 entries) bios0: vendor coreboot version "SageBios_PCEngines_APU-45" date 04/05/2014 bios0: PC Engines APU acpi0 at bios0: rev 0 acpi0: sleep states S0 S1 S3 S4 S5 acpi0: tables DSDT FACP SPCR HPET APIC HEST SSDT SSDT SSDT acpi0: wakeup devices AGPB(S4) HDMI(S4) PBR4(S4) PBR5(S4) PBR6(S4) PBR7(S4) PE20(S4) PE21(S4) PE22(S4) PE23(S4) PIBR(S4) UOH1(S3) UOH2(S3) UOH3(S3) UOH4(S3) UOH5(S3) [...] acpitimer0 at acpi0: 3579545 Hz, 32 bits acpihpet0 at acpi0: 14318180 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD G-T40E Processor, 1000.12 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,SSSE3,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,IBS,SKINIT,ITSC cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: 8 4MB entries fully associative cpu0: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 199MHz cpu0: mwait min=64, max=64, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD G-T40E Processor, 1000.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,SSSE3,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,IBS,SKINIT,ITSC cpu1: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 16-way L2 cache cpu1: 8 4MB entries fully associative cpu1: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative cpu1: smt 0, core 1, package 0 ioapic0 at mainbus0: apid 2 pa 0xfec0, version 21, 24 pins acpiprt0 at acpi0: bus -1 (AGPB) acpiprt1 at acpi0: bus -1 (HDMI) acpiprt2 at acpi0: bus 1 (PBR4) acpiprt3 at acpi0: bus 2 (PBR5) acpiprt4 at acpi0: bus 3 (PBR6) acpiprt5 at acpi0: bus -1 (PBR7) acpiprt6 at acpi0: bus 5 (PE20) acpiprt7 at acpi0: bus -1 (PE21) acpiprt8 at acpi0: bus -1 (PE22) acpiprt9 at acpi0: bus -1 (PE23) acpiprt10 at acpi0: bus 0 (PCI0) acpiprt11 at acpi0: bus 4 (PIBR) acpicpu0 at acpi0: !C2(0@100 io@0x841), C1(@1 halt!), PSS acpicpu1 at acpi0: !C2(0@100 io@0x841), C1(@1 halt!), PSS acpibtn0 at acpi0: PWRB cpu0: 1000 MHz: speeds: 1000 800 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "AMD AMD64 14h Host" rev 0x00 ppb0 at pci0 dev 4 function 0 "AMD AMD64 14h PCIE" rev 0x00: msi pci1 at ppb0 bus 1 re0 at pci1 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E (0x2c00), msi, address 00:0d:b9:32:ff:b4 rgephy0 at re0 phy 7: RTL8169S/8110S/8211 PHY, rev. 4 ppb1 at pci0 dev 5 function 0 "AMD AMD64 14h PCIE" rev 0x00: msi pci2 at ppb1 bus 2 re1 at pci2 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E (0x2c00), msi, address 00:0d:b9:32:ff:b5 rgephy1 at re1 phy 7: RTL8169S/8110S/8211 PHY, rev. 4 ppb2 at pci0 dev 6 function 0 "AMD AMD64 14h PCIE" rev 0x00: msi pci3 at ppb2 bus 3 re2 at pci3 dev 0 function 0 "Realtek 8168" rev 0x06: RTL8168E/8111E (0x2c00), msi, address 00:0d:b9:32:ff:b6 rgephy2 at re2 phy 7: RTL8169S/8110S/8211 PHY, rev. 4 ahci0 at pci0 de
Re: IPv6 source addresse selection
On 2015-08-19, Denis Fondras wrote: > Hi, > > I have an OpenBSD5.7 router with IPv6 enabled. I have multiple IPv6 addresses > : > - em0 : 2a00:6060::1/64 > - em1 : 2001:7f8:81::6:983:1/64 > - gif0 : 2001:470:11:c8::2/128 > > IPv6 access is provided by HurricaneElectric tunnel with BGP. > > When I try to reach 2001:7a8:b5ad::1, 2001:7f8:81::6:983:1 is selected as the > source address : > > PING6(56=40+8+8 bytes) 2001:7f8:81::6:983:1 --> 2001:7a8:b5ad::1 > ^C > --- 2001:7a8:b5ad::1 ping6 statistics --- > 3 packets transmitted, 0 packets received, 100.0% packet loss > > Even though : > # route -n get 2001:7a8:b5ad::1 >route to: 2001:7a8:b5ad::1 > destination: 2001:7a8:: >mask: ::: > gateway: 2001:470:11:c8::2 > interface: gif0 > if address: 2001:470:11:c8::2 >priority: 48 (bgp) > flags: > use mtuexpire > 138 0 0 > > Per RFC6724 : >Rule 5: Prefer outgoing interface. >If SA is assigned to the interface that will be used to send to D and >SB is assigned to a different interface, then prefer SA. Similarly, >if SB is assigned to the interface that will be used to send to D and >SA is assigned to a different interface, then prefer SB. > > Per se, it is not a big deal but in my case 2001:7f8:81::/48 is an IXP prefix > and it is not announced in the DFZ so packets never make it back to the > router. > > The issue is reproduced with OpenBSD5.8. > > Anything I could try before diving into the source address selection code ? You should be able force it to not be used by doing 'inet6 2001:7f8:81::6:983:1 pltime 0' (just applies to automatic selection, you can still set it manually for IXP peerings), but the behaviour you describe doesn't sound quite right so diving into in6_ifawithscope() seems like a good idea.
Re: Ubiquiti EdgeRouter Lite
On 2015-08-18, Ted Unangst wrote: > I don't use IPsec, and I notice that Ubiquiti don't mention it as a selling > point for the device. I would probably not use the edgerouter for anything too > far outside what the adverising materials say (just running openbsd instead). The advertising materials quote things like 1Mpps, you aren't going to see anything like that with OpenBSD. They are based around running EdgeOS which uses hw acceleration, afaik this is difficult without Cavium's SDK. Much as I like the idea of non-x86 for this, if I wanted a small router running OpenBSD rather than a platform to hack on I'd first look at the APU. (I don't have one myself but upgraded the OS on one at a customer's recently, it doesn't seem to run as warm as it used to, possibly due to the changes to the mwait-based idle loop which is in 5.8/-current).
