Re: Questions regarding unwind.conf (block list)

[myportslist20190323]

On 11/13/2019 at 5:15 PM, "Felix Maschek"  wrote:

>Unfortunately I'm not able to specify a valid block list in 
>unwind.conf. 
>I've added
>
>     block list /etc/unwind.blocklist

>But there seems to be a syntax error I can't solve. In the log I 

I think it just needs quotes: 

block list "/etc/unwind.blocklist"

Questions regarding unwind.conf (block list)

[Felix Maschek]

Hi,

I'm using unwind for a time and it is running perfect for me.

Now with the upcoming new plugin api of chrome with limited support for 
uBlock I'm looking for an alternative.


Unfortunately I'm not able to specify a valid block list in unwind.conf. 
I've added


    block list /etc/unwind.blocklist

My blocklist file contains (for testing purpose)

    heise.de
    stern.de

But there seems to be a syntax error I can't solve. In the log I have 
the following entries:


    Nov 14 00:09:29 vatrox unwind[52933]: /etc/unwind.conf:4: syntax error
    Nov 14 00:09:29 vatrox unwind[52933]: configuration reload failed

So, what is wrong here?

And a follow-up question: is it possible to load a huge blocklist (with, 
say 200.000) entries to replace the blocking within chrome?


Kind regards

Felix

syspatch -c (amd64) ftp: connect: Permission denied

[Strahil Nikolov]

Hello Community,

it seems that syspatch and pkg_add are having an issue with 'ftp: connect: 
Permission denied'.
System is 6.5 and access via ftp (based on my automatic syspatch script) has 
seized on 03 Nov 2019.
/etc/installurl is pointing to https://cdn.openbsd.org/pub/OpenBSD/ 

Is syspatch working for you ?


Thanks in advance.

Best Regards,
Strahil Nikolov

Re: pfsync on VLAN - supported ?

[Chris Cappuccio]

Rachel Roch [rr...@tutanota.de] wrote:
> Hi,
> 
> Both the man page and FAQ (https://www.openbsd.org/faq/pf/carp.html) 
>  talk about "physical interface" in 
> relation to the syncdev parameter.
> 
> Does this mean Bad Things (TM) will happen if I try to use a dedicated vlan 
> interface for pfsync ?
> 

It's as secure as your ethernet network is. There is no privacy or
authentication with pfsync. I don't think that using a vlan is 
considered a big problem these days. I'm absolutely amazed at the
volume of data that pfsync generates. Since so many boxes come with extra
ports, using a vlan may be more complicated than directly connecting
the boxes together (unless you have more than two machines)

Re: urtwn(4) gets wedged periodically

[Theo de Raadt]

Ian Darwin  wrote:

> On Wed, Nov 13, 2019 at 01:25:46PM -0500, Ted Unangst wrote:
> > > Can you give me the exact model of the one you bought recently? I have 
> > > half a mind to just write
> > > off mine as a loss and buy something else.
> > 
> > I am using this one: (the TL-WN725N N150 single band one)
> > 
> > https://www.amazon.com/TP-Link-wireless-network-Adapter-SoftAP/dp/B008IFXQFU/
> 
> I have that one and it wedges occasionally (on a MacBook Pro
> with 6.6-current), though infrequently.

Something keeps not being mentioned.

These are usb devices.  There are multiple usb bus drivers, with
usb2 and usb3 variations, and the usb subsystem itself.  The mailing
lists are full of discussions of bugs in usb.

But no, let's keep concluding these problems is narrowly restricted
to a specific brand of device...

Re: urtwn(4) gets wedged periodically

[Brennan Vincent]

> On Nov 13, 2019, at 2:24 PM, Ian Darwin  wrote:
> 
> On Wed, Nov 13, 2019 at 01:25:46PM -0500, Ted Unangst wrote:
>>> Can you give me the exact model of the one you bought recently? I have 
>>> half a mind to just write
>>> off mine as a loss and buy something else.
>> 
>> I am using this one: (the TL-WN725N N150 single band one)
>> 
>> https://www.amazon.com/TP-Link-wireless-network-Adapter-SoftAP/dp/B008IFXQFU/
> 
> I have that one and it wedges occasionally (on a MacBook Pro
> with 6.6-current), though infrequently.

That’s fine. Mine wedges every few hours or less. If “infrequently” means less 
than once a day, I am okay with it.

Do you need to reboot when it gets screwed up, or does a remove+reinsert get 
you up and running again?

Re: urtwn(4) gets wedged periodically

[Ian Darwin]

On Wed, Nov 13, 2019 at 01:25:46PM -0500, Ted Unangst wrote:
> > Can you give me the exact model of the one you bought recently? I have 
> > half a mind to just write
> > off mine as a loss and buy something else.
> 
> I am using this one: (the TL-WN725N N150 single band one)
> 
> https://www.amazon.com/TP-Link-wireless-network-Adapter-SoftAP/dp/B008IFXQFU/

I have that one and it wedges occasionally (on a MacBook Pro
with 6.6-current), though infrequently.

Re: 10Gbit network work only 1Gbit

[Hrvoje Popovski]

On 13.11.2019. 16:37, Gregory Edigarov wrote:
> could you please do one more test:
> "forwarding over ix0 and ix1, pf enabled, 5 tcp states"

with this generator i can't use tcp. generally pps with 5 or 50
states are more or less same ... problem with tcp testing is that i
can't get precise pps numbers ...

and only for you :)
with iperf3 (8 tcp streams) on client boxes i'm getting this results ...

forwarding over ix0 and ix1, pf and ipsec disabled
9.40Gbps

forwarding over ix0 and ix1, pf enabled, 8 tcp streams
7.40Gbps

forwarding over ix0 and ix1, ipsec established over em0, pf disabled
8.10Gbps

forwarding over ix0 and ix1, ipsec established over em0, pf enabled, 8
TCP streams
5.25Gbps


> On 13.11.19 12:52, Hrvoje Popovski wrote:
>> On 13.11.2019. 10:59, Hrvoje Popovski wrote:
>>> On 12.11.2019. 10:54, Szél Gábor wrote:
 Dear Hrvoje, Theo,

 Thank you for your answers!

 answers to the questions:
 -  who is parent interface for carp?  -> vlan  ( carp10 interface
 parent
 vlan10 -> vlan10 interface  parent -> trunk0 )
 - why vlan interfaces don't have ip address ? -> it wasn't needed! i
 think vlan interface need only tag packages. Carp (over vlan) interface
 have IP address.
>>> it's little strange to me to not have ip address on parent carp
>>> interface, but if it works for you ... ok..
>>>
 - vether implies that you have bridge? -> yes whe have only one bridge
 for bridget openvpn clients, but  we will eliminate it.


 we will do the following:
 - refresh our backup firewall to oBSD 6.6
 - replace trunk interface with aggr
 - remove bridge interface
>>> this is nice start to make you setup faster. big performance killer in
>>> your setup is ipsec and old hardware. maybe oce(4) but i never tested
>>> it, so i'm not sure ... if you can, change oce with ix, intel x520 is
>>> not that expensive ..
>>>
>>> bridge is slow, but only for traffic that goes through it. with ipsec,
>>> the same second when tunnel is established, forwarding performance will
>>> drop significantly on whole firewall ...
>>
>> i forgot numbers, so i did quick tests ..
>>
>>
>> forwarding over ix0 and ix1, pf and ipsec disabled
>> 1.35Mpps
>>
>> forwarding over ix0 and ix1, pf enabled, 500 UDP states
>> 800Kpps
>>
>> forwarding over ix0 and ix1, ipsec established over em0, pf disabled
>> 800Kpps
>>
>> forwarding over ix0 and ix1, ipsec established over em0, pf enabled, 500
>> UDP states
>> 550Kpps
>>
>>
>>
>> OpenBSD 6.6-current (GENERIC.MP) #453: Mon Nov 11 21:40:31 MST 2019
>>  dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>> real mem = 17115840512 (16322MB)
>> avail mem = 16584790016 (15816MB)
>> mpath0 at root
>> scsibus0 at mpath0: 256 targets
>> mainbus0 at root
>> bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xcf42c000 (99 entries)
>> bios0: vendor Dell Inc. version "2.8.0" date 06/26/2019
>> bios0: Dell Inc. PowerEdge R620
>> acpi0 at bios0: ACPI 3.0
>> acpi0: sleep states S0 S4 S5
>> acpi0: tables DSDT FACP APIC SPCR HPET DMAR MCFG WD__ SLIC ERST HEST
>> BERT EINJ TCPA PC__ SRAT SSDT
>> acpi0: wakeup devices PCI0(S5)
>> acpitimer0 at acpi0: 3579545 Hz, 24 bits
>> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
>> cpu0 at mainbus0: apid 4 (boot processor)
>> cpu0: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.53 MHz, 06-3e-04
>> cpu0:
>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
>>
>> cpu0: 256KB 64b/line 8-way L2 cache
>> cpu0: smt 0, core 2, package 0
>> mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
>> cpu0: apic clock running at 100MHz
>> cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
>> cpu1 at mainbus0: apid 6 (application processor)
>> cpu1: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.01 MHz, 06-3e-04
>> cpu1:
>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
>>
>> cpu1: 256KB 64b/line 8-way L2 cache
>> cpu1: smt 0, core 3, package 0
>> cpu2 at mainbus0: apid 8 (application processor)
>> cpu2: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.01 MHz, 06-3e-04
>> cpu2:
>> 

pfsync on VLAN - supported ?

[Rachel Roch]

Hi,

Both the man page and FAQ (https://www.openbsd.org/faq/pf/carp.html) 
 talk about "physical interface" in 
relation to the syncdev parameter.

Does this mean Bad Things (TM) will happen if I try to use a dedicated vlan 
interface for pfsync ?

Thanks !

Rachel

Re: urtwn(4) gets wedged periodically

[Ted Unangst]

Brennan Vincent wrote:
> 
> On 11/13/19 1:56 AM, Ted Unangst wrote:
> > Brennan Vincent wrote:
> >> Hello,
> >>
> >> I have a Wi-Fi USB adapter. urtwn(4) normally works fine, but it's a bit
> >> flaky...
> >> I don't think this is a hardware issue because the device is
> >> working fine on Ubuntu.
> > I think this is and isn't a hardware issue? I had the same problem with an
> > edimax a few years ago. I lost it and recently replaced it with a TP Link
> > model and it works a little better?
> >
> > There doesn't seem to be much variation in hardware designs, but I noticed
> > the old one was frequently very hot, and the new one is not.
> Ah, I think I am in a similar boat. Mine is an Edimax also, and it does 
> frequently get hot.
> 
> Can you give me the exact model of the one you bought recently? I have 
> half a mind to just write
> off mine as a loss and buy something else.

I am using this one: (the TL-WN725N N150 single band one)

https://www.amazon.com/TP-Link-wireless-network-Adapter-SoftAP/dp/B008IFXQFU/

Re: 10Gbit network work only 1Gbit

[Gregory Edigarov]

could you please do one more test:
"forwarding over ix0 and ix1, pf enabled, 5 tcp states"

On 13.11.19 12:52, Hrvoje Popovski wrote:

On 13.11.2019. 10:59, Hrvoje Popovski wrote:

On 12.11.2019. 10:54, Szél Gábor wrote:

Dear Hrvoje, Theo,

Thank you for your answers!

answers to the questions:
-  who is parent interface for carp?  -> vlan  ( carp10 interface parent
vlan10 -> vlan10 interface  parent -> trunk0 )
- why vlan interfaces don't have ip address ? -> it wasn't needed! i
think vlan interface need only tag packages. Carp (over vlan) interface
have IP address.

it's little strange to me to not have ip address on parent carp
interface, but if it works for you ... ok..


- vether implies that you have bridge? -> yes whe have only one bridge
for bridget openvpn clients, but  we will eliminate it.


we will do the following:
- refresh our backup firewall to oBSD 6.6
- replace trunk interface with aggr
- remove bridge interface

this is nice start to make you setup faster. big performance killer in
your setup is ipsec and old hardware. maybe oce(4) but i never tested
it, so i'm not sure ... if you can, change oce with ix, intel x520 is
not that expensive ..

bridge is slow, but only for traffic that goes through it. with ipsec,
the same second when tunnel is established, forwarding performance will
drop significantly on whole firewall ...


i forgot numbers, so i did quick tests ..


forwarding over ix0 and ix1, pf and ipsec disabled
1.35Mpps

forwarding over ix0 and ix1, pf enabled, 500 UDP states
800Kpps

forwarding over ix0 and ix1, ipsec established over em0, pf disabled
800Kpps

forwarding over ix0 and ix1, ipsec established over em0, pf enabled, 500
UDP states
550Kpps



OpenBSD 6.6-current (GENERIC.MP) #453: Mon Nov 11 21:40:31 MST 2019
 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17115840512 (16322MB)
avail mem = 16584790016 (15816MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xcf42c000 (99 entries)
bios0: vendor Dell Inc. version "2.8.0" date 06/26/2019
bios0: Dell Inc. PowerEdge R620
acpi0 at bios0: ACPI 3.0
acpi0: sleep states S0 S4 S5
acpi0: tables DSDT FACP APIC SPCR HPET DMAR MCFG WD__ SLIC ERST HEST
BERT EINJ TCPA PC__ SRAT SSDT
acpi0: wakeup devices PCI0(S5)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 4 (boot processor)
cpu0: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.53 MHz, 06-3e-04
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 2, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 100MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
cpu1 at mainbus0: apid 6 (application processor)
cpu1: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.01 MHz, 06-3e-04
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 3, package 0
cpu2 at mainbus0: apid 8 (application processor)
cpu2: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.01 MHz, 06-3e-04
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 4, package 0
cpu3 at mainbus0: apid 16 (application processor)
cpu3: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.01 MHz, 06-3e-04
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 8, package 0
cpu4 at mainbus0: apid 18 (application processor)
cpu4: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.01 MHz, 06-3e-04
cpu4:

Re: inteldrm changes cause high temperature / fan speeds

[Tero Koskinen]

Ted Unangst wrote on 13.11.2019 8.52:

Tero Koskinen wrote:

Eventually I pinned the problem down to April 14/15:

FAULTY 091f8f6587f dlg  Mon Apr 15 02:59:41 2019 +  the myx_cmd
FAULTY 1bbcb699ab8 dlg  Mon Apr 15 00:28:29 2019 +  there's a bunch
PROBLEM! 7f4dd37977d jsg  Sun Apr 14 10:14:50 2019 +  Update shared
drm code
OK 505701c75b3 visa Sun Apr 14 08:51:31 2019 +  Add lock

I must admit that I don't have yet any idea how to fix
the problematic commit (or what is actually wrong there).


This is not too surprising. It's still a bit of a mystery what's different
between machines that behave fine and those that don't.

I have the same machine, and it's never been problematic.

I note I'm at the same old bios I had when I first purchased it.
bios0: vendor LENOVO version "N23ET61W (1.36 )" date 01/17/2019


Note that my device is a desktop computer (Dell Optiplex 990)
with ultra small form factor (USFF) case - not Thinkpad or other laptop.

Otherwise I don't mind if fan or cpu is running at 100%, but
I am worried about the temperature. Idle 70C and 80+ C in
use temperatures will kill the device sooner or later (small case,
not so good ventilation).

Otto Moerbeek wrote on 13.11.2019 8.25:
>
> If you run top -S, do you see any process taking lots of CPU?

Nothing suspicious. I have some daemons, but they are mostly idle.

load averages:  0.06,  0.03,  0.00 
   gurb.koti 16:45:10
104 processes: 102 idle, 2 on processor 
 up  0:28
CPU0 states:  0.0% user,  0.0% nice,  0.0% sys,  0.0% spin,  0.0% intr, 
100% idle
CPU1 states:  0.0% user,  0.0% nice,  0.0% sys,  0.0% spin,  0.0% intr, 
100% idle
CPU2 states:  0.0% user,  0.0% nice,  0.0% sys,  0.0% spin,  0.0% intr, 
100% idle
CPU3 states:  0.0% user,  0.0% nice,  0.0% sys,  0.0% spin,  0.0% intr, 
100% idle

Memory: Real: 322M/1296M act/tot Free: 2542M Cache: 587M Swap: 0K/8189M

  PID USERNAME PRI NICE  SIZE   RES STATE WAIT  TIMECPU COMMAND
24353 root -2200K   11M sleep/3   -28:19  0.00% idle3
38595 root -2200K   11M sleep/2   -28:15  0.00% idle2
28685 root -2200K   11M sleep/1   -28:13  0.00% idle1
29534 root -2200K   11M sleep/0   -28:12  0.00% idle0
43437 _gitea100  129M   73M onproc/3  thrslee   0:04  0.00% gitea
20526 root  1000K   11M sleep/0   bored 0:01  0.00% softnet
0 root -1800K   11M sleep/0   schedul   0:01  0.00% swapper
93389 root -2200K   11M sleep/0   bored 0:01  0.00% 
softclock

66152 root  1000K   11M sleep/2   bored 0:01  0.00% systqmp
1 root  100  476K  444K idle  wait  0:01  0.00% init
83453 root  1000K   11M idle  bored 0:01  0.00% drmwq
49657 root  1000K   11M idle  bored 0:01  0.00% drmwq
61541 root  1000K   11M idle  usbatsk   0:01  0.00% usbatsk
51529 root  1000K   11M idle  bored 0:01  0.00% drmlwq
 9367 root  1000K   11M idle  bored 0:01  0.00% drmubwq
64175 root -1800K   11M idle  bored 0:01  0.00% smr
 2195 root  1000K   11M idle  bored 0:01  0.00% crynlk
7 root  1000K   11M idle  bored 0:01  0.00% drmtskl
 2429 root  1000K   11M idle  bored 0:01  0.00% drmlwq
38115 root  1000K   11M idle  bored 0:01  0.00% drmubwq
40710 root -1800K   11M sleep/1   reaper0:01  0.00% reaper
58981 root  68   200K   11M idle  pgzero0:01  0.00% 
zerothread
18061 www20   22M   27M sleep/1   select0:01  0.00% 
python2.7

29049 tkoskine  280 1504K 3624K onproc/0  - 0:00  0.00% top
77959 _unbound   20   33M   26M sleep/1   kqread0:00  0.00% unbound
 2955 www20   17M   21M sleep/0   select0:00  0.00% 
python2.7
45267 www20   13M   17M sleep/0   select0:00  0.00% 
python2.7

 5164 tkoskine   20 2128K 3068K sleep/0   kqread0:00  0.00% tmux
63466 root   20 1456K 4152K idle  poll  0:00  0.00% sshd
63357 _nsd   20   99M   83M idle  kqread0:00  0.00% nsd
92852 root  1800K   11M sleep/0   syncer0:00  0.00% update
48008 root   20 1616K 2044K sleep/0   poll  0:00  0.00% smbd
25978 root   20  800K  600K idle  kqread0:00  0.00% slaacd
95670 _nsd   20   32M   32M idle  poll  0:00  0.00% nsd
36212 root  1000K   11M idle  bored 0:00  0.00% i915
75047 root -2200K   11M idle  schto 0:00  0.00% 
i915/signal:2
53280 root -2200K   11M idle  schto 0:00  0.00% 
i915/signal:1
28187 root  1000K   11M idle  bored 0:00  0.00% 
i915-userptr-acq
78907 root -2200K   11M idle  schto 0:00  

Re: Redraw of terminal change in 6.6?

[Mischa]

> On 4 Nov 2019, at 16:51, Mischa  wrote:
>> On 2 Nov 2019, at 15:19, Hiltjo Posthuma  wrote:
>> On Sat, Nov 02, 2019 at 08:32:50AM +0100, Mischa wrote:
>>> Hi All,
>>> 
>>> Not sure if this is on my side, setting, or if something has changed with 
>>> tmux or top redrawing of the terminal.
>>> I am using tmux, over mosh, on one of my jump hosts to connect to other 
>>> hosts. In some of the windows I have a remote top -C running.
>>> When I am attaching the tmux session on a smaller display, for example my 
>>> phone, the output of top is fine.
>>> 
>>> However when I connect back with a larger display the output of top is 
>>> completely garbled. It does recover line by line when processes jump to a 
>>> different “rank”.
>>> 
>>> Below are two screenshots with roughly 5 minutes between them.
>>> Anything I can test? Change? Do?
>>> 
>>> Thanx!!
>>> 
>>> Mischa
>>> 
>> 
>> Hi,
>> 
>> Same issue here since upgrading from 6.5 to 6.6.
>> 
>> I don't use mosh, but connect via SSH to a remote machine and attaching to 
>> tmux
>> running irssi.  It is attached to a shared session. The first attached
>> resolution/window size is bigger.
>> 
>> Maybe it is fixed already:
>> https://cvsweb.openbsd.org/src/usr.bin/tmux/server-client.c
>> rev 1.296
> 
> Thanx! Will check it out.

With -current I am still seeing the issue. Anybody else?

Mischa

Re: [OpenIKED] Network traffic over VPN site-to-site tunnel stalls few times a day

[radek]

After upgrading my two endpoints to i386/6.6 it started to work flawlessly. 
There wasn't even one IKED restart within first two days of running.
Thank you Patrick, Stuart and everyone involved in making IKED work as 
expected. I really appreciate it.

# vmstat -m | head -n 17 
Memory statistics by bucket size
Size   In Use   Free   Requests  HighWater  Couldfree
  16  528752 1253321280  0
  32 1470 66 105757 640  5
  64  6001682554483 320  0
 128  124 36  42106 160  0
 256  446 18  51276  80  0
 512  108  4 166303  40  0
1024   46  6  48352  20  0
2048   13  3 74  10  0
4096   16  2  84574   5  0
8192   21  1 44   5  0
   163846  0505   5  0
   327686  0 11   5  0
   655362  0  12333   5  0
  5242881  0  1   5  0

# vmstat -w 4
 procsmemory   pagedisk traps  cpu
 r   s   avm fre  flt  re  pi  po  fr  sr wd0  int   sys   cs us sy id
 2  53   29M313M   54   0   0   0   0   0   0  27560  109  0  2 98
 0  57   30M312M  140   0   0   0   0   0   0  378   131  470  0  4 96
 0  55   29M313M   30   0   0   0   0   0   0  38343  547  0  3 97
 0  55   29M313M2   0   0   0   0   0   0  38017  529  0  3 97
 0  57   30M312M  140   0   0   0   0   0   0  374   124  512  0  5 94


On Sun, 22 Sep 2019 17:11:20 +0200
Radek  wrote:

> Thank you Stuart.
> I can't touch/upgrade these routers, but I have a bunch of Soekris/net5501 
> that I can use for testing -current. Unfortunately, they are i386. I hope the 
> arch doesn't matter in this case.
> I'll try -current asap.
> 
> Am I the only one @misc who's facing this kind of iked issue? Nobody else 
> reports having the same issue here...
> 
> On Fri, 20 Sep 2019 16:55:02 - (UTC)
> Stuart Henderson  wrote:
> 
> > On 2019-09-20, radek  wrote:
> > > Hello Patrick,
> > > I am sorry for the late reply.
> > >
> > > I have replaced my ALIX/Soekris production routers with APU1C and with PC 
> > > box (cpu0: Intel(R) Pentium(R) D CPU 2.80GHz, 2810.34 MHz, 0f-06-04). 
> > > Both are running 6.5/amd64 and both are fully syspatched.
> > 
> > Please try a -current snapshot for starters, quite a number of iked bugs
> > have been fixed since then including some which would cause connectivity
> > problems during rekeying. (If you *really* can't update the whole thing,
> > it should work to build -current iked on a 6.5 system, but no guarantees).
> > 
> > 
> 
> 
> -- 
> Radek
> 


-- 
Radek

Re: 10Gbit network work only 1Gbit

[Hrvoje Popovski]

On 13.11.2019. 10:59, Hrvoje Popovski wrote:
> On 12.11.2019. 10:54, Szél Gábor wrote:
>> Dear Hrvoje, Theo,
>>
>> Thank you for your answers!
>>
>> answers to the questions:
>> -  who is parent interface for carp?  -> vlan  ( carp10 interface parent
>> vlan10 -> vlan10 interface  parent -> trunk0 )
>> - why vlan interfaces don't have ip address ? -> it wasn't needed! i
>> think vlan interface need only tag packages. Carp (over vlan) interface
>> have IP address.
> 
> it's little strange to me to not have ip address on parent carp
> interface, but if it works for you ... ok..
> 
>> - vether implies that you have bridge? -> yes whe have only one bridge
>> for bridget openvpn clients, but  we will eliminate it.
>>
>>
>> we will do the following:
>> - refresh our backup firewall to oBSD 6.6
>> - replace trunk interface with aggr
>> - remove bridge interface
> 
> this is nice start to make you setup faster. big performance killer in
> your setup is ipsec and old hardware. maybe oce(4) but i never tested
> it, so i'm not sure ... if you can, change oce with ix, intel x520 is
> not that expensive ..
> 
> bridge is slow, but only for traffic that goes through it. with ipsec,
> the same second when tunnel is established, forwarding performance will
> drop significantly on whole firewall ...


i forgot numbers, so i did quick tests ..


forwarding over ix0 and ix1, pf and ipsec disabled
1.35Mpps

forwarding over ix0 and ix1, pf enabled, 500 UDP states
800Kpps

forwarding over ix0 and ix1, ipsec established over em0, pf disabled
800Kpps

forwarding over ix0 and ix1, ipsec established over em0, pf enabled, 500
UDP states
550Kpps



OpenBSD 6.6-current (GENERIC.MP) #453: Mon Nov 11 21:40:31 MST 2019
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17115840512 (16322MB)
avail mem = 16584790016 (15816MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xcf42c000 (99 entries)
bios0: vendor Dell Inc. version "2.8.0" date 06/26/2019
bios0: Dell Inc. PowerEdge R620
acpi0 at bios0: ACPI 3.0
acpi0: sleep states S0 S4 S5
acpi0: tables DSDT FACP APIC SPCR HPET DMAR MCFG WD__ SLIC ERST HEST
BERT EINJ TCPA PC__ SRAT SSDT
acpi0: wakeup devices PCI0(S5)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 4 (boot processor)
cpu0: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.53 MHz, 06-3e-04
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 2, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 100MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
cpu1 at mainbus0: apid 6 (application processor)
cpu1: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.01 MHz, 06-3e-04
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 3, package 0
cpu2 at mainbus0: apid 8 (application processor)
cpu2: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.01 MHz, 06-3e-04
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 4, package 0
cpu3 at mainbus0: apid 16 (application processor)
cpu3: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.01 MHz, 06-3e-04
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 8, package 0
cpu4 at mainbus0: apid 18 (application processor)
cpu4: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.01 MHz, 06-3e-04
cpu4:

Re: 10Gbit network work only 1Gbit

[Hrvoje Popovski]

On 12.11.2019. 10:54, Szél Gábor wrote:
> Dear Hrvoje, Theo,
> 
> Thank you for your answers!
> 
> answers to the questions:
> -  who is parent interface for carp?  -> vlan  ( carp10 interface parent
> vlan10 -> vlan10 interface  parent -> trunk0 )
> - why vlan interfaces don't have ip address ? -> it wasn't needed! i
> think vlan interface need only tag packages. Carp (over vlan) interface
> have IP address.

it's little strange to me to not have ip address on parent carp
interface, but if it works for you ... ok..

> - vether implies that you have bridge? -> yes whe have only one bridge
> for bridget openvpn clients, but  we will eliminate it.
> 
> 
> we will do the following:
> - refresh our backup firewall to oBSD 6.6
> - replace trunk interface with aggr
> - remove bridge interface

this is nice start to make you setup faster. big performance killer in
your setup is ipsec and old hardware. maybe oce(4) but i never tested
it, so i'm not sure ... if you can, change oce with ix, intel x520 is
not that expensive ..

bridge is slow, but only for traffic that goes through it. with ipsec,
the same second when tunnel is established, forwarding performance will
drop significantly on whole firewall ...

> if there was an update finised, I'll write again!

please do, i would like to hear