IPSec OpenBSD road warrior

2015-08-20 Thread Stefan Berger
Hi, 
I am trying to accomplish this:  Connect a laptop (OpenBSD 5.7, road-warrior) 
with IPSec/VPN tunnel to an OpenBSD server.  The laptop is sitting in different 
networks who all do NAT, the server has a static IPv4 address.  The goal is 
to route all the traffic from the laptop to the server, encapsulated as IPSec 
packets.  And then, forward those packages so that communciation goes entirly 
over 'server'. 

On both machines, I created a lo1 device with the addresses 10.0.0.1 (server) 
and 10.0.0.2 (laptop).  So the configuration looks like: 

server NAT GW/DSL router
ext:1.2.3.4   -- internet --  ext:5.6.7.8  laptop
lo1:10.0.0.1  int:192.168.0.1 -  int: 
192.168.0.10
   lo1: 
10.0.0.2

ipsec.conf on the client:
ike esp from egress to 10.0.0.1 peer 1.2.3.4 psk key

ipsec.conf on the server: 
ike passive esp from 10.0.0.1 to any srcid 'servername' psk key

I can ping 10.0.0.1 (from client and server) and see that encrypted packages 
arrive 
and the enc0 says that I got icmp requests from 192.168.0.10.  I don't know, 
how to 
set up my my default route on the laptop (should be 10.0.0.1) (and then, do 
NATting).  
On lo1, there do not arrive any packages. 

Any help is much appreciated. 

Thanks, 
Berger S. 



Re: problems compiling latest 5.7 patches

2015-08-20 Thread Stuart Henderson
On 2015-08-20, luke...@onemodel.org luke...@onemodel.org wrote:
 The error messages make it look like the code is wrong  won't
 build.

 Any suggestions?

Is there any chance you've tried building things without having done
'make obj' first? If so, you might have some files lying around under
/usr/src that shouldn't be there which may get in the way. There are
ways to clean things but simplest is probably to just wipe /usr/src
and try a clean checkout.



Re: Ubiquiti EdgeRouter Lite

2015-08-20 Thread Stuart Henderson
On 2015-08-18, Ted Unangst t...@tedunangst.com wrote:
 I don't use IPsec, and I notice that Ubiquiti don't mention it as a selling
 point for the device. I would probably not use the edgerouter for anything too
 far outside what the adverising materials say (just running openbsd instead).

The advertising materials quote things like 1Mpps, you aren't going to
see anything like that with OpenBSD. They are based around running EdgeOS
which uses hw acceleration, afaik this is difficult without Cavium's SDK.

Much as I like the idea of non-x86 for this, if I wanted a small router
running OpenBSD rather than a platform to hack on I'd first look at the
APU. (I don't have one myself but upgraded the OS on one at a customer's
recently, it doesn't seem to run as warm as it used to, possibly due to
the changes to the mwait-based idle loop which is in 5.8/-current).



Re: Ubiquiti EdgeRouter Lite

2015-08-20 Thread Stuart Henderson
On 2015-08-20, Stuart Henderson s...@spacehopper.org wrote:
 On 2015-08-18, Ted Unangst t...@tedunangst.com wrote:
 I don't use IPsec, and I notice that Ubiquiti don't mention it as a selling
 point for the device. I would probably not use the edgerouter for anything 
 too
 far outside what the adverising materials say (just running openbsd instead).

 The advertising materials quote things like 1Mpps, you aren't going to
 see anything like that with OpenBSD. They are based around running EdgeOS
 which uses hw acceleration, afaik this is difficult without Cavium's SDK.

 Much as I like the idea of non-x86 for this, if I wanted a small router
 running OpenBSD rather than a platform to hack on I'd first look at the
 APU. (I don't have one myself but upgraded the OS on one at a customer's
 recently, it doesn't seem to run as warm as it used to, possibly due to
 the changes to the mwait-based idle loop which is in 5.8/-current).

BTW since Ted posted md5 times, here's some from the APU to compare:

$ md5 -t
MD5 time trial.  Processing 1 1-byte blocks...
Digest = 52e5f9c9e6f656f3e1800dfa5579d089
Time   = 0.615835 seconds
Speed  = 162381157.290508 bytes/second

And cpu temp, this is sitting on top of a fanless switch under a desk -
fwiw, it's doing pppoe/pf for a VDSL line, 1500 mtu on the pppoe interface
with baby jumbos on the re(4), with some ipsec+l2tp, not especially busy.

$ sysctl hw.sensors
hw.sensors.km0.temp0=51.00 degC


OpenBSD 5.8 (GENERIC.MP) #1235: Mon Aug 10 06:54:34 MDT 2015
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 2098511872 (2001MB)
avail mem = 2031079424 (1936MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0x7e16d820 (6 entries)
bios0: vendor coreboot version SageBios_PCEngines_APU-45 date 04/05/2014
bios0: PC Engines APU
acpi0 at bios0: rev 0
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP SPCR HPET APIC HEST SSDT SSDT SSDT
acpi0: wakeup devices AGPB(S4) HDMI(S4) PBR4(S4) PBR5(S4) PBR6(S4) PBR7(S4) 
PE20(S4) PE21(S4) PE22(S4) PE23(S4) PIBR(S4) UOH1(S3) UOH2(S3) UOH3(S3) 
UOH4(S3) UOH5(S3) [...]
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpihpet0 at acpi0: 14318180 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD G-T40E Processor, 1000.12 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,SSSE3,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,IBS,SKINIT,ITSC
cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 
16-way L2 cache
cpu0: 8 4MB entries fully associative
cpu0: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 199MHz
cpu0: mwait min=64, max=64, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD G-T40E Processor, 1000.00 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,SSSE3,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,IBS,SKINIT,ITSC
cpu1: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 
16-way L2 cache
cpu1: 8 4MB entries fully associative
cpu1: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 21, 24 pins
acpiprt0 at acpi0: bus -1 (AGPB)
acpiprt1 at acpi0: bus -1 (HDMI)
acpiprt2 at acpi0: bus 1 (PBR4)
acpiprt3 at acpi0: bus 2 (PBR5)
acpiprt4 at acpi0: bus 3 (PBR6)
acpiprt5 at acpi0: bus -1 (PBR7)
acpiprt6 at acpi0: bus 5 (PE20)
acpiprt7 at acpi0: bus -1 (PE21)
acpiprt8 at acpi0: bus -1 (PE22)
acpiprt9 at acpi0: bus -1 (PE23)
acpiprt10 at acpi0: bus 0 (PCI0)
acpiprt11 at acpi0: bus 4 (PIBR)
acpicpu0 at acpi0: !C2(0@100 io@0x841), C1(@1 halt!), PSS
acpicpu1 at acpi0: !C2(0@100 io@0x841), C1(@1 halt!), PSS
acpibtn0 at acpi0: PWRB
cpu0: 1000 MHz: speeds: 1000 800 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 AMD AMD64 14h Host rev 0x00
ppb0 at pci0 dev 4 function 0 AMD AMD64 14h PCIE rev 0x00: msi
pci1 at ppb0 bus 1
re0 at pci1 dev 0 function 0 Realtek 8168 rev 0x06: RTL8168E/8111E (0x2c00), 
msi, address 00:0d:b9:32:ff:b4
rgephy0 at re0 phy 7: RTL8169S/8110S/8211 PHY, rev. 4
ppb1 at pci0 dev 5 function 0 AMD AMD64 14h PCIE rev 0x00: msi
pci2 at ppb1 bus 2
re1 at pci2 dev 0 function 0 Realtek 8168 rev 0x06: RTL8168E/8111E (0x2c00), 
msi, address 00:0d:b9:32:ff:b5
rgephy1 at re1 phy 7: RTL8169S/8110S/8211 PHY, rev. 4
ppb2 at pci0 dev 6 function 0 AMD AMD64 14h PCIE rev 0x00: msi
pci3 at ppb2 bus 3
re2 at pci3 dev 0 function 0 Realtek 8168 rev 0x06: RTL8168E/8111E (0x2c00), 
msi, address 00:0d:b9:32:ff:b6
rgephy2 at re2 phy 7: RTL8169S/8110S/8211 PHY, rev. 4
ahci0 at 

Re: weird carp failover behavior

2015-08-20 Thread Christopher Barry
On Thu, 20 Aug 2015 21:56:18 -0500
Patrick Dohman patrick_doh...@comcast.net wrote:

Anything in your modem logs? DOCSIS layer 2 is a strange beast :)

Any cabling issue such attenuators or splitters behind the modem?

Regards
Patrick



 On Aug 19, 2015, at 2:34 PM, Devin Reade g...@gno.org wrote:
 
 I'm trying to understand an odd behavior during carp failover
 where one uplink goes numb until the demarc equipment is power
 cycled.
 
 Consider the following:
 
 ISP1-demarc   ISP2-demarc
 |   |
 SW1 (Net1) SW2 (Net2) - C
 |\ /|
 | X |
 |/ \|
  FW-A - FW-B
 |\ /|
 | X |
 |/ \|
 SW3 (Net3) SW4 (Net4)
   (no NAT) (NAT)
 |
 H4
 
 ISP1-demarc and ISP2-demarc are the respective ISP's equipment
 (outside of my control, other than power cycling them).  SWn are all
 unmanaged switches.
 
 FW-A, FW-B, and C are all OpenBSD boxes.  FW-A and FW-B, in
 particular, are running 5.7-STABLE in a master/slave carp
 configuration.  Things are set up so that traffic to/from Net3 is
 sent via ISP1 (no NAT) and traffic to/from Net4 is sent via ISP2
 (using NAT on on FW-A and FW-B). H4 is a host sitting on Net4 in
 private address space.
 
 Static IPs are used throughout, including on both the SW1 and SW2
 subnets.  FW-n are routers, not bridges.  Pfsync is running via
 a crossover cable between FW-A and FW-B.
 
 Behavior:
 
 In normal operations everything works as expected.  During a carp
 failover, everything for Net3 via ISP1 also works as expected.
 However, during a failover I lose connectivity on Net4, in a
 qualified manner (see below) until ISP2-demarc is power cycled.
 
 The obvious first answer is that ISP2-demarc (which is a Motorola
 cable modem) probably has a limited number of MAC slots available
 to it.  However, that doesn't seem quite right.  More details ...
 
 Before failover, I set up a 'ping -n' running on H4 and going to
 a host elsewhere on the Internet (call it EXT).  I also set up
 a 'ping -n' on C going to the carp IP of FW-A and FW-B on Net2
 (lets call that Carp2).
 
 Now comes the wierd part.  If I shut down the master, FW-A, I see
 the following:
 
 1. the running pings from C to Carp2 continue to work until ^C
 2. the running pings from H4 to EXT continue to work until ^C
 3. a concurrent newly created ping from C to Carp2 fails
 4. a concurrent newly created ping from H4 to EXT fails
 5. all other outbound traffic from Net4 fails (this is just
a generalization of (4).
 
 If I power cycle ISP2-demarc, sanity returns.  That is, until
 FW-A comes back up and FW-B is demoted again.  Then I get the same
 type of failures until ISP2-demarc is power cycled again.
 
 Power cycling switch SW2 instead of ISP2-demarc does not affect the
 outcome.
 
 Ok, so how about the MACs?  On Net2 we have the following MACs:
 
 - ISP2-demarc-mac (on ISP2-demarc)
 - C-mac (on C)
 - FW-A-mac (physical MAC on FW-A)
 - FW-B-mac (physical MAC on FW-B)
 - Carp2-mac (the virtual MAC used by Carp2, which I've verified
   to be the same for both FW-A and FW-B when they are respectively
   running as master.
 
 One wart here, and a difference between Net1 and Net2 is that on
 Net1 both firewalls have their own IPs in addition to the Carp1
 IP.  However, on Net2 both firewall's hostname.if file contains
 only the 'up' keyword; no IP is used on that network until the
 machine becomes the carp master.
 
 So that means that when H4 is pinging EXT, the pings are being
 NAT'd to use the Carp1 IP.  Therefore I wouldn't expect a failover
 to cause the modem's MAC slots to overflow.
 
 But the *really* weird part is what is happening with C; why would
 C not be able to ping Carp1 until ISP2-demarc is power-cycled,
 especially with SW2 isolating the latter from Carp1 and C?
 
 And the story with C gets better.  If I set up a tcpdump on FW-B's
 Net2 interface, I see the following sequence of events:
 
 - before killing FW-A, I see arp requests and CARPv2 advertisements
   from FW-A (based on the skew), and that's about it (as expected)
 - upon shutting down FW-A, I see a CARPv2 packet from FW-B, and then
   start seeing the ping request/reply pairs coming in from C (as
 expected)
 - upon killing and restarting C's ping to Carp2, I no longer see the
   response on C, but I'm seeing both the request and response in
 FW-B's tcpdump.  On C, I see only the echo response. (NOT expected)
 
 Does this last bit point the finger at SW2 being the culprit (perhaps
 not routing packets to the appropriate NIC port), even though power
 cycling SW2 isn't sufficient to fix the problem?
 
 Any other thoughts?
 
 Devin


if logistically possible, and it might not be, temporarily remove sw2
from the equation, and plug ISP2 and FW-B into SW1. both ISPs will come
into the same unprotected switch, and both firewalls will transmit
through that switch.

still gags? it might be the CPE of ISP2, or might be some other subtle
config issue on the firewalls.
no gag? starting to 

Re: Ubiquiti EdgeRouter Lite

2015-08-20 Thread Tobias Ulmer
On Tue, Aug 18, 2015 at 10:33:37PM -0400, dominik...@openmailbox.org wrote:
 On 2015-08-18 11:42, Tobias Ulmer wrote:
 On Tue, Aug 18, 2015 at 01:59:49PM +, Jona Joachim wrote:
 On 2015-08-18, Ted Unangst t...@tedunangst.com wrote:
  Predrag Punosevac wrote:
  Dear All,
 
  I am contemplating buying a new machine which will act as a router/DNS
  caching server for my home network. Is anybody currently running OpenBSD
  on the Ubiquiti Networks EdgeRouter LITE in that capacity? I saw that in
  June 2015 USB support was added which allows installing to local disk on
  machine. Can anybody point me to a work in progress documentation diff
  for installing 5.8 octeon port.  I am reading right now
 
  Here are my notes, which are basic, but should be enough to get you 
  through if
  you're familiar with openbsd.
  http://www.tedunangst.com/flak/post/OpenBSD-on-ERL
 
 Thank you very much for the write-up! I'm looking into buying hardware
 to build a small OpenBSD home router and this looks interesting.
 You say that the machine will not be able to serve as an IPSEC gateway.
 Is that when you consider Gigabit ethernet or do you think that even a
 10 Mbit connection will require too much computational power to do
 IPSEC on this machine?
 You also mention the usb driver which is not so reliable. I don't see a
 USB port on the machine. Is this an internal bus? I would be interested
 to use it with hostapd with a usb wifi nic.
 
 There is only one internal port, and you need that for storage. The
 internal flash is not supported and it's not all that much anyway.
 
 I've not tested it, but have my doubts uboot will boot from a usb
 storage device with a hub in between.
 
 
 Kindly,
 Jona Joachim
 
 You can upgrade the internal usb storage capacity. Not all usb keys seems to
 work though. A couple functioning models can be found at the Gentoo
 MIPS/ERLite-3 page (https://wiki.gentoo.org/wiki/MIPS/ERLite-3).
 

That's because the usb timeout in uboot is pretty short. I'm using an
external sata disk (1TB), works fine when you power sequence them right.
Of course when the device draws its power from the internal bus, it
needs to initialize quickly in order to respond to uboot probing in
time.

 I bought a 16 GB one to use in my ERL with OpenBSD but I haven't tested it
 since I can't connect to the router's serial port. Seems it could be caused
 by my cheap usb-to-serial cable with an CH340/341 which returns me only
 garbage. I can type commands and see that they have an effect but all text
 is garbage.

Are you sure you're using the right baudrate? I've had no trouble with a
self-made cable and ftdi/pl2302 converters. The ERL doesn't seem
particularly sensitive. You might indeed have an adapter from the famous
One Hung Lo factory...
Do you not have some old box with a real serial port to test your
theory?

 
 Do you guys have any idea? Or do I just need to buy a better usb-to-serial
 converter with an FTDI processor like this one:
 http://www.usconverters.com/usb-serial-adapter-xs882
 
 Thanks for the help.
 
 Dom



Re: problems compiling latest 5.7 patches

2015-08-20 Thread luke350
The error messages make it look like the code is wrong  won't
build.

Any suggestions?

Attached is the dmesg output I forgot to include the first time.
Thanks.

On 08/19/15 04:53, luke...@onemodel.org wrote:
 I'm not an expert but am trying to follow the instructions
 to rebuild my 5.7 stable system with the latest patches,
 using the commands below. I'm pretty sure this same
 script has worked for me in the past  It fails at the last
 line with exit code 1.  I've duplicated the problem more
 than once, and the last time, CVS didn't seem to pull down
 any new files (it did the day before) so I'm thinking I've got
 the latest code to work with.

 Any advice?  Thanks in advance.

 Here's the relevant portion of the script I use:

 CVSROOT=anon...@anoncvs.ca.openbsd.org:/cvs
 STABLE_BRANCH='OPENBSD_5_7'
 cd /usr/src
 nice time cvs -q -d $CVSROOT up -r$STABLE_BRANCH -Pd
 cd /usr/src/sys
 nice time cvs -q -d $CVSROOT up -r$STABLE_BRANCH -Pd
 cd /usr/xenocara
 nice time cvs -q -d $CVSROOT up -r$STABLE_BRANCH -Pd
 cd /usr/ports
 nice time cvs -q -d $CVSROOT up -r$STABLE_BRANCH -Pd
 # rebuild  install kernel:
 cd /usr/src/sys/arch/$(machine)/conf/
 nice config GENERIC.MP
 cd ../compile/GENERIC.MP
 nice make clean  nice make
 echo 'When ready, Enter to install the new kernel:';read
 nice make install
 echo NOW: manually reboot when ready; then do the stuff below as 
 needed; NOT DONE YET!
 exit
 [...]
 # rebuild userland  install it:
 nice rm -rf /usr/obj/*
 cd /usr/src
 # [i also tried it with a 'make clean' here--same result]
 nice make obj
 cd /usr/src/etc  env DESTDIR=/ nice make distrib-dirs
 cd /usr/src
 nice make build
 echo $?


 Here is the output, which ends with the errors.  Pls
 pardon the line lengths, it's literal:
 I/usr/src/gnu/usr.bin/binutils/ld -I../bfd 
 -I/usr/src/gnu/usr.bin/binutils/ld/../bfd 
 -I/usr/src/gnu/usr.bin/binutils/ld/../include 
 -I/usr/src/gnu/usr.bin/binutils/ld/../intl -I../intl  -O2 -pipe 
 -DPIE_DEFAULT=1  -DLOCALEDIR=\/usr/share/locale\   -W -Wall 
 -Wstrict-p
 rototypes -Wmissing-prototypes -O2 -pipe  -DPIE_DEFAULT=1  -c 
 eelf_i386_obsd.c
 In file included from eelf_i386_obsd.c:31:
 /usr/src/gnu/usr.bin/binutils/ld/../include/getopt.h:116: warning: 
 function declaration isn't a prototype
 eelf_i386_obsd.c: In function 'gldelf_i386_obsd_open_dynamic_archive':
 eelf_i386_obsd.c:889: warning: unused parameter 'arch'
 LIB_PATH='' /bin/sh /usr/src/gnu/usr.bin/binutils/ld/genscripts.sh 
 /usr/src/gnu/usr.bin/binutils/ld /usr/lib /usr 
 x86_64-unknown-openbsd5.7 x86_64-unknown-openbsd5.7 
 amd64-unknown-openbsd5.7 elf_x86_64_obsd /usr/local/lib /lib 
 /usr/lib no elf_i386 amd64-unknown-openbsd5.7
 cc -DHAVE_CONFIG_H -I. -I/usr/src/gnu/usr.bin/binutils/ld -I. 
 -D_GNU_SOURCE -I. -I/usr/src/gnu/usr.bin/binutils/ld -I../bfd 
 -I/usr/src/gnu/usr.bin/binutils/ld/../bfd 
 -I/usr/src/gnu/usr.bin/binutils/ld/../include 
 -I/usr/src/gnu/usr.bin/binutils/ld/../intl -I../intl  -O2 -pipe 
 -DPIE_DEFAULT=1  -DLOCALEDIR=\/usr/share/locale\   -W -Wall 
 -Wstrict-prototypes -Wmissing-prototypes -O2 -pipe -DPIE_DEFAULT=1 -c 
 eelf_i386.c
 In file included from eelf_i386.c:31:
 /usr/src/gnu/usr.bin/binutils/ld/../include/getopt.h:116: warning: 
 function declaration isn't a prototype
 eelf_i386.c: In function 'gldelf_i386_open_dynamic_archive':
 eelf_i386.c:889: warning: unused parameter 'arch'
 /bin/sh ./libtool --mode=link cc -W -Wall -Wstrict-prototypes 
 -Wmissing-prototypes -O2 -pipe  -DPIE_DEFAULT=1   -o ld-new ldgram.o 
 ldlex.o lexsup.o  ldlang.o mri.o ldctor.o ldmain.o ldwrite.o ldexp.o 
 ldemul.o ldver.o  ldmisc.o ldfile.o ldcref.o eelf_x86_64_obsd.o 
 eelf_i386_obsd.o eelf_i386.o  ../bfd/libbfd.la -liberty
 mkdir .libs
 cc -W -Wall -Wstrict-prototypes -Wmissing-prototypes -O2 -pipe 
 -DPIE_DEFAULT=1 -o ld-new ldgram.o ldlex.o lexsup.o ldlang.o mri.o 
 ldctor.o ldmain.o ldwrite.o ldexp.o ldemul.o ldver.o ldmisc.o ldfile.o 
 ldcref.o eelf_x86_64_obsd.o eelf_i386_obsd.o eelf_i386.o 
 ../bfd/.libs/libbfd.a -liberty
 ldlex.o(.text+0x42d): In function `lex_redirect':
 : warning: strcpy() is almost always misused, please use strlcpy()
 ldmain.o(.text+0x1f72): In function `main':
 : warning: strcat() is almost always misused, please use strlcat()
 ldlex.o(.text+0x91f): In function `lex_warn_invalid':
 : warning: sprintf() is often misused, please use snprintf()
 cd .  /bin/sh ./config.status config.h
 config.status: creating config.h
 config.status: config.h is unchanged
 make  all-recursive
 Making all in doc
 Making all in po
 cd .  /bin/sh ./config.status config.h
 config.status: creating config.h
 config.status: config.h is unchanged
 cc -DHAVE_CONFIG_H -I. -I/usr/src/gnu/usr.bin/binutils/gas -I. 
 -D_GNU_SOURCE -I. -I/usr/src/gnu/usr.bin/binutils/gas -I../bfd 
 -I/usr/src/gnu/usr.bin/binutils/gas/config 
 -I/usr/src/gnu/usr.bin/binutils/gas/../include 
 -I/usr/src/gnu/usr.bin/binutils/gas/.. 
 -I/usr/src/gnu/usr.bin/binutils/gas/../bfd 
 -I/usr/src/gnu/usr.bin/binutils/gas/../intl 

Re: SuperMicro thin mini itx?

2015-08-20 Thread Quartz

Contact their support department.


I ended up doing that anyway earlier this morning. If I don't hear back from
them maybe I'll try calling tomorrow or something.


They're actually pretty good about answering questions on the phone,
even on the first call.


They did get back to me via email, and the answer is no. We'll have to 
look into substitutes next week I guess.




Re: Ubiquiti EdgeRouter Lite

2015-08-20 Thread Michael McConville
Juan Francisco Cantero Hurtado wrote:
 Slightly off-topic:
 
 Ubiquiti released recently a new router named EdgeRouter X. 49 USD, 5
 gigabit ports, 5W, dual-core 800Mhz, 256MB.
 
 It's a MIPS32, so if some developer is looking for a new platform for
 OpenBSD... :P . The processor is licensed from Imagination, which I
 guess that is more open than Cavium. I have not found a dmesg yet.
 
 http://dl.ubnt.com/datasheets/edgemax/EdgeRouter_X_DS.pdf
 
 http://www.embeddeddeveloper.com/cores/documents/MIPS32_1004K_rev1.pdf

This spring, I asked a few OpenBSD MIPS devs about the project's
interest in a MIPS32 port for the Creator CI20. It turns out that MIPS32
support was quietly removed last year:

 
 revision 1.20
 date: 2014/03/11 07:50:49;  author: jasper;  state: Exp;  lines: +1 -15;
 remove #if(n)def __LP64__ from the mips64 codebase, as mips32 never really 
 went anywhere.
 
 ok miod@
 

I was pretty forcibly told that there was no interest, which is
understandable. Without TLB magic or the below-mentioned EVA, a MIPS32
chip can only directly map 512 MB of memory, which is becoming
unacceptable for everything but embedded devices. For more details,
check out its wacky memory model:

http://www.johnloomis.org/microchip/pic32/memory/memory.html

ImgTec, the new owners of the ISA, added a workaround called Enhanced
Virtual Addressing (EVA) in MIPS32 revision 3.5 (MIPS32r3.5). It
increases the directly mapped memory limit to 3.5 GB. I don't know
whether any OSs actually support it, though, and I remember hearing that
it's not elegant (but that's just a vague memory).

My description of the memory limit issue may have been misleading. If
anyone notices mistakes, please correct me.  :)

So, if you want BSD on MIPS32, NetBSD is your best (only?) bet.



Re: weird carp failover behavior

2015-08-20 Thread Patrick Dohman
Anything in your modem logs? DOCSIS layer 2 is a strange beast :)

Any cabling issue such attenuators or splitters behind the modem?

Regards
Patrick



 On Aug 19, 2015, at 2:34 PM, Devin Reade g...@gno.org wrote:
 
 I'm trying to understand an odd behavior during carp failover
 where one uplink goes numb until the demarc equipment is power
 cycled.
 
 Consider the following:
 
 ISP1-demarc   ISP2-demarc
 |   |
 SW1 (Net1) SW2 (Net2) - C
 |\ /|
 | X |
 |/ \|
  FW-A - FW-B
 |\ /|
 | X |
 |/ \|
 SW3 (Net3) SW4 (Net4)
   (no NAT) (NAT)
 |
 H4
 
 ISP1-demarc and ISP2-demarc are the respective ISP's equipment (outside
 of my control, other than power cycling them).  SWn are all unmanaged
 switches.
 
 FW-A, FW-B, and C are all OpenBSD boxes.  FW-A and FW-B, in particular,
 are running 5.7-STABLE in a master/slave carp configuration.  Things
 are set up so that traffic to/from Net3 is sent via ISP1 (no NAT) and
 traffic to/from Net4 is sent via ISP2 (using NAT on on FW-A and FW-B).
 H4 is a host sitting on Net4 in private address space.
 
 Static IPs are used throughout, including on both the SW1 and SW2
 subnets.  FW-n are routers, not bridges.  Pfsync is running via
 a crossover cable between FW-A and FW-B.
 
 Behavior:
 
 In normal operations everything works as expected.  During a carp
 failover, everything for Net3 via ISP1 also works as expected.
 However, during a failover I lose connectivity on Net4, in a qualified
 manner (see below) until ISP2-demarc is power cycled.
 
 The obvious first answer is that ISP2-demarc (which is a Motorola
 cable modem) probably has a limited number of MAC slots available
 to it.  However, that doesn't seem quite right.  More details ...
 
 Before failover, I set up a 'ping -n' running on H4 and going to
 a host elsewhere on the Internet (call it EXT).  I also set up
 a 'ping -n' on C going to the carp IP of FW-A and FW-B on Net2
 (lets call that Carp2).
 
 Now comes the wierd part.  If I shut down the master, FW-A, I see
 the following:
 
 1. the running pings from C to Carp2 continue to work until ^C
 2. the running pings from H4 to EXT continue to work until ^C
 3. a concurrent newly created ping from C to Carp2 fails
 4. a concurrent newly created ping from H4 to EXT fails
 5. all other outbound traffic from Net4 fails (this is just
a generalization of (4).
 
 If I power cycle ISP2-demarc, sanity returns.  That is, until
 FW-A comes back up and FW-B is demoted again.  Then I get the same
 type of failures until ISP2-demarc is power cycled again.
 
 Power cycling switch SW2 instead of ISP2-demarc does not affect the
 outcome.
 
 Ok, so how about the MACs?  On Net2 we have the following MACs:
 
 - ISP2-demarc-mac (on ISP2-demarc)
 - C-mac (on C)
 - FW-A-mac (physical MAC on FW-A)
 - FW-B-mac (physical MAC on FW-B)
 - Carp2-mac (the virtual MAC used by Carp2, which I've verified
   to be the same for both FW-A and FW-B when they are respectively
   running as master.
 
 One wart here, and a difference between Net1 and Net2 is that on
 Net1 both firewalls have their own IPs in addition to the Carp1
 IP.  However, on Net2 both firewall's hostname.if file contains
 only the 'up' keyword; no IP is used on that network until the
 machine becomes the carp master.
 
 So that means that when H4 is pinging EXT, the pings are being
 NAT'd to use the Carp1 IP.  Therefore I wouldn't expect a failover
 to cause the modem's MAC slots to overflow.
 
 But the *really* weird part is what is happening with C; why would
 C not be able to ping Carp1 until ISP2-demarc is power-cycled, especially
 with SW2 isolating the latter from Carp1 and C?
 
 And the story with C gets better.  If I set up a tcpdump on FW-B's Net2
 interface, I see the following sequence of events:
 
 - before killing FW-A, I see arp requests and CARPv2 advertisements
   from FW-A (based on the skew), and that's about it (as expected)
 - upon shutting down FW-A, I see a CARPv2 packet from FW-B, and then
   start seeing the ping request/reply pairs coming in from C (as expected)
 - upon killing and restarting C's ping to Carp2, I no longer see the
   response on C, but I'm seeing both the request and response in FW-B's
   tcpdump.  On C, I see only the echo response. (NOT expected)
 
 Does this last bit point the finger at SW2 being the culprit (perhaps
 not routing packets to the appropriate NIC port), even though power
 cycling SW2 isn't sufficient to fix the problem?
 
 Any other thoughts?
 
 Devin



Re: per-vlan traffic control

2015-08-20 Thread Josh Grosse

On 2015-08-20 08:47, Paulo Coimbra wrote:

Hi all,

I'm now doing some tests with openbsd+pf+queueing. My scenario is:

[MIKROTIK 1] - [OPENBSD BOX]--[MIKROTIK 2]

I've configured vlan 100 with physical interface em0 at openbsdBox and
mikrotik 1, and create two queues (vlan100_in and vlan100_out) to limit
bandwidth at 10M each direction. But... It doesn't works.


[snip]


queue v100 on em0 bandwidth 1000M
queue vlan100_in parent  v100 bandwidth 10M default
queue vlan100_out parent v100 bandwidth 10M


[snip]


pass in quick on vlan100 set queue vlan100_in
pass out quick on vlan100 set queue vlan100_out

Any ideas? What am I doing wrong?


Queuing only works on packets that are *outbound*.  Once inbound packets
have arrived, they are already present.

So, if you want to limit the rate of traffic from the Internet to your 
local
LAN, do so when those packets are forwarded by the router.  Those are 
outbound

packets, and they can be queued.



Re: per-vlan traffic control

2015-08-20 Thread Paulo Coimbra
Well, considering that only outbound packets can be queued, I've changed
some rules at pf.conf. Packets that are outgoing at $if_Internet, is
upload. Packets that are outgoing at vlan100 is download, all right? My
changed pf.conf below: (but even with these changes, doesn´t work for me, I
getting 300Mb+ each direction.). Am I a dumb? (LMFAO).

#
# [0x01] Macros
#
$if_Internet=em1

#
# [0x05] Queueing
#
queue Internet on $if_Internet bandwidth 10M
queue vlan100_upload parent Internet bandwidth 5M max 5M default

queue v100 on vlan100 bandwidth 10M
queue vlan100_download parent v100 bandwidth 5M max 5M default

#
# [0x07] Packet Filtering
#

pass out quick on vlan100 set queue vlan100_download no state
pass out quick on $if_Internet set queue vlan100_upload no state


br,

Paulo Coimbra

2015-08-20 10:11 GMT-03:00 Josh Grosse j...@jggimi.homeip.net:

 On 2015-08-20 08:47, Paulo Coimbra wrote:

 Hi all,

 I'm now doing some tests with openbsd+pf+queueing. My scenario is:

 [MIKROTIK 1] - [OPENBSD BOX]--[MIKROTIK 2]

 I've configured vlan 100 with physical interface em0 at openbsdBox and
 mikrotik 1, and create two queues (vlan100_in and vlan100_out) to limit
 bandwidth at 10M each direction. But... It doesn't works.


 [snip]

 queue v100 on em0 bandwidth 1000M
 queue vlan100_in parent  v100 bandwidth 10M default
 queue vlan100_out parent v100 bandwidth 10M


 [snip]

 pass in quick on vlan100 set queue vlan100_in
 pass out quick on vlan100 set queue vlan100_out

 Any ideas? What am I doing wrong?


 Queuing only works on packets that are *outbound*.  Once inbound packets
 have arrived, they are already present.

 So, if you want to limit the rate of traffic from the Internet to your
 local
 LAN, do so when those packets are forwarded by the router.  Those are
 outbound
 packets, and they can be queued.




--
br,

Paulo Coimbra



Re: per-vlan traffic control

2015-08-20 Thread Paulo Coimbra
Hi Atanas,

Thanks for your response. I follow some configurations in that link you
send, but nothing had effect. Packets is not going to queues.

br,

Paulo Coimbra

2015-08-20 10:55 GMT-03:00 Atanas Vladimirov vl...@bsdbg.net:

 On 20.08.2015 16:35, Paulo Coimbra wrote:

 Well, considering that only outbound packets can be queued, I've changed
 some rules at pf.conf. Packets that are outgoing at $if_Internet, is
 upload. Packets that are outgoing at vlan100 is download, all right? My
 changed pf.conf below: (but even with these changes, doesn´t work for
 me, I
 getting 300Mb+ each direction.). Am I a dumb? (LMFAO).

 #
 # [0x01] Macros
 #
 $if_Internet=em1

 #
 # [0x05] Queueing
 #
 queue Internet on $if_Internet bandwidth 10M
 queue vlan100_upload parent Internet bandwidth 5M max 5M default

 queue v100 on vlan100 bandwidth 10M
 queue vlan100_download parent v100 bandwidth 5M max 5M default

 #
 # [0x07] Packet Filtering
 #

 pass out quick on vlan100 set queue vlan100_download no state
 pass out quick on $if_Internet set queue vlan100_upload no state


 br,

 Paulo Coimbra


 http://marc.info/?l=openbsd-miscm=141085207225887w=2




--
br,

Paulo Coimbra



Re: per-vlan traffic control

2015-08-20 Thread Atanas Vladimirov

On 20.08.2015 16:35, Paulo Coimbra wrote:
Well, considering that only outbound packets can be queued, I've 
changed

some rules at pf.conf. Packets that are outgoing at $if_Internet, is
upload. Packets that are outgoing at vlan100 is download, all right? 
My
changed pf.conf below: (but even with these changes, doesn´t work for 
me, I

getting 300Mb+ each direction.). Am I a dumb? (LMFAO).

#
# [0x01] Macros
#
$if_Internet=em1

#
# [0x05] Queueing
#
queue Internet on $if_Internet bandwidth 10M
queue vlan100_upload parent Internet bandwidth 5M max 5M default

queue v100 on vlan100 bandwidth 10M
queue vlan100_download parent v100 bandwidth 5M max 5M default

#
# [0x07] Packet Filtering
#

pass out quick on vlan100 set queue vlan100_download no state
pass out quick on $if_Internet set queue vlan100_upload no state


br,

Paulo Coimbra



http://marc.info/?l=openbsd-miscm=141085207225887w=2



Re: SuperMicro thin mini itx?

2015-08-20 Thread Atanas Vladimirov

On 20.08.2015 04:46, Quartz wrote:

Try the X10SBA


Doesn't appear to fit the bill, unfortunately. That hdmi+displayport
stack is too high, and while it has onboard DC12V it's missing the
standardized plug on the back.

Given that no one else has responded, I'm assuming that SuperMicro
just doesn't make boards in this form factor, which is disappointing
given how many other embedded solutions they offer. We'll probably
have to go with an Intel model or something. Oh well.


From Supermicro website:
http://www.supermicro.nl/products/motherboard/ATOM/
http://www.supermicro.nl/products/embedded/embedded_motherboard.cfm

Recently I bought a X9SBAA-F on ebay and except this bug[1] everything
is working as it should.

[1] http://marc.info/?l=openbsd-bugsm=144001965023035w=2



Re: redirect nor vpn (as I know it) solves this problem

2015-08-20 Thread Sonic
On Wed, Aug 19, 2015 at 6:46 PM, Stuart Henderson s...@spacehopper.org wrote:
 It's not *that* complex. It may be easier with tag rather than received-on
 and if there's any confusion about rule ordering it may be easier to use
 'quick' and place them at the top of the ruleset.

 pass in quick proto tcp to $ext_if port 1234 rdr-to $server port 80 tag natrdr
 pass out quick tagged natrdr nat-to $int_if

Ah yes, thanks much, that construct does indeed work.

Chris



Re: Pre-orders for 5.8

2015-08-20 Thread lists
 To celebrate the upcoming 20 years anniversary release of OpenBSD,

Salute!

 four (instead of the usual one) songs are contributed and will be
 included in the release. The song I contributed is being released
 today:
 
http://www.openbsd.org/lyrics.html#58c

Thanks, nice tune, very catchy vocals, funny cartoons, liked the
arrangement too, quote from the song:

With every release,
Puffy becomes better,
so much better all the time.

Indeed, and very rewarding experience using OpenBSD. Quite like the
flite touch in the song too, reads mail subjects here so familiar
voice.

 By the way, pre-orders for 5.8 CDs and posters were enabled moments ago.
 
 Also, please see:
 
http://www.openbsd.org/58.html
 
 for more details about what is coming in this release.

Great news, thanks again to everyone.



Re: per-vlan traffic control

2015-08-20 Thread Paulo Coimbra
Hi all,

I'm now doing some tests with openbsd+pf+queueing. My scenario is:

[MIKROTIK 1] - [OPENBSD BOX]--[MIKROTIK 2]

I've configured vlan 100 with physical interface em0 at openbsdBox and
mikrotik 1, and create two queues (vlan100_in and vlan100_out) to limit
bandwidth at 10M each direction. But... It doesn't works.

My pf.conf is as follows:

#
# [0x01] Macros
#

#
# [0x02] Tables
#

#
# [0x03] Options
#
set skip on lo

#
# [0x04] Traffic Normalization
#

#
# [0x05] Queueing
#
queue v100 on em0 bandwidth 1000M
queue vlan100_in parent  v100 bandwidth 10M default
queue vlan100_out parent v100 bandwidth 10M

#
# [0x06] Translation
#

#
# [0x07] Packet Filtering
#
pass in quick on vlan100 set queue vlan100_in
pass out quick on vlan100 set queue vlan100_out

Any ideas? What am I doing wrong?

thanx,

Paulo Coimbra


2015-08-19 22:59 GMT-03:00 James Shupe jsh...@hermetek.com:

 On 8/19/2015 3:39 PM, Paulo Coimbra wrote:
  hi,
  This is my first mail to the list. It's possible limit traffic by Vlan
 with
  openbsd? For example I would like to limit 50mb for Vlan 100.
 
  Br,
 
  Paulo Coimbra
 
 


 http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man5/pf.conf.5?query=pf.confarch=i386

 Read the QUEUEING section.




-- 
br,

Paulo Coimbra



Re: per-vlan traffic control

2015-08-20 Thread Rafael Zalamena
On Thu, Aug 20, 2015 at 09:47:09AM -0300, Paulo Coimbra wrote:
 Hi all,

Hello Paulo,

 
 I'm now doing some tests with openbsd+pf+queueing. My scenario is:
 
 [MIKROTIK 1] - [OPENBSD BOX]--[MIKROTIK 2]
 
 I've configured vlan 100 with physical interface em0 at openbsdBox and
 mikrotik 1, and create two queues (vlan100_in and vlan100_out) to limit
 bandwidth at 10M each direction. But... It doesn't works.
 
 My pf.conf is as follows:
 
--- SNIPPED ---
 
 queue v100 on em0 bandwidth 1000M
 queue vlan100_in parent  v100 bandwidth 10M default
 queue vlan100_out parent v100 bandwidth 10M
 
--- SNIPPED ---
 
 Any ideas? What am I doing wrong?

You didn't configure the 'max' parameter in your queue, so it's probably
sharing the bandwidth.

Try this:
...
queue vlan100_in parent  v100 bandwidth 10M, max 10M default
queue vlan100_out parent v100 bandwidth 10M, max 10M
...

 
 thanx,
 
 Paulo Coimbra



Re: Ubiquiti EdgeRouter Lite

2015-08-20 Thread Juan Francisco Cantero Hurtado
On Tue, Aug 18, 2015 at 01:08:10PM -0400, Ted Unangst wrote:
 Jona Joachim wrote:
  Thank you very much for the write-up! I'm looking into buying hardware
  to build a small OpenBSD home router and this looks interesting.
  You say that the machine will not be able to serve as an IPSEC gateway.
  Is that when you consider Gigabit ethernet or do you think that even a
  10 Mbit connection will require too much computational power to do
  IPSEC on this machine?
 
 For comparison, md5 -t:
 Time   = 2.198556 seconds
 Speed  = 45484399.760570 bytes/second
 
 I don't use IPsec, and I notice that Ubiquiti don't mention it as a selling
 point for the device. I would probably not use the edgerouter for anything too
 far outside what the adverising materials say (just running openbsd instead).
 
  You also mention the usb driver which is not so reliable. I don't see a
  USB port on the machine. Is this an internal bus? I would be interested
  to use it with hostapd with a usb wifi nic.
 
 The flash storage inside is attached via USB.
 
 As for power, it's a 12W supply. I'll have to hook it up to a meter and
 measure. Update on that later.
 
 I would say it's an interesting alternative if you're specifically looking for
 a non-PC router. I'm not sure it's the best router platform in general.

Slightly off-topic:

Ubiquiti released recently a new router named EdgeRouter X. 49 USD, 5
gigabit ports, 5W, dual-core 800Mhz, 256MB.

It's a MIPS32, so if some developer is looking for a new platform for
OpenBSD... :P . The processor is licensed from Imagination, which I
guess that is more open than Cavium. I have not found a dmesg yet.

http://dl.ubnt.com/datasheets/edgemax/EdgeRouter_X_DS.pdf

http://www.embeddeddeveloper.com/cores/documents/MIPS32_1004K_rev1.pdf


-- 
Juan Francisco Cantero Hurtado http://juanfra.info



Re: per-vlan traffic control

2015-08-20 Thread Atanas Vladimirov

On 20.08.2015 17:31, Paulo Coimbra wrote:

Hi Atanas,

Thanks for your response. I follow some configurations in that link you
send, but nothing had effect. Packets is not going to queues.

br,

Paulo Coimbra

2015-08-20 10:55 GMT-03:00 Atanas Vladimirov vl...@bsdbg.net:


On 20.08.2015 16:35, Paulo Coimbra wrote:

Well, considering that only outbound packets can be queued, I've 
changed
some rules at pf.conf. Packets that are outgoing at $if_Internet, 
is
upload. Packets that are outgoing at vlan100 is download, all 
right? My
changed pf.conf below: (but even with these changes, doesn´t work 
for

me, I
getting 300Mb+ each direction.). Am I a dumb? (LMFAO).

#
# [0x01] Macros
#
$if_Internet=em1

#
# [0x05] Queueing
#
queue Internet on $if_Internet bandwidth 10M
queue vlan100_upload parent Internet bandwidth 5M max 5M default

queue v100 on vlan100 bandwidth 10M
queue vlan100_download parent v100 bandwidth 5M max 5M default



Did you try to set the min bw as well:

 #
 # [0x05] Queueing
 #
 queue Internet on $if_Internet bandwidth 10M, min 9M max 10M
 queue vlan100_upload parent Internet bandwidth 5M, min 4M max 5M 
default


 queue v100 on vlan100 bandwidth 10M, min 9M max 10M
 queue vlan100_download parent v100 bandwidth 5M, min 4M max 5M default



KeePass 2.30- libpng and other errors

2015-08-20 Thread Andrzej Drewnowski
Hello!

I am trying to run KeePass on OpenBSD (amd64)- current (but on 5.7 are the
same errors). I installed Mono from packages and downloaded
KeePass-2.30-portable. Unfortunately I can't start KeePass because of this
errors:


SendMessage (25165861, 0x112c, 0x4, 0x4)

libpng error: invalid after png_start_read_image or png_read_update_info

libpng error: invalid after png_start_read_image or png_read_update_info

libpng error: invalid after png_start_read_image or png_read_update_info

libpng error: invalid after png_start_read_image or png_read_update_info

SendMessage (25165855, 0x101f, 0x0, 0x0)

SendMessage (0, 0x1203, 0x0, 0x7f7ee970)

SendMessage (0, 0x1204, 0x0, 0x7f7ee970)

SendMessage (0, 0x1203, 0x1, 0x7f7ee970)

SendMessage (0, 0x1204, 0x1, 0x7f7ee970)

SendMessage (0, 0x1203, 0x2, 0x7f7ee970)

SendMessage (0, 0x1204, 0x2, 0x7f7ee970)

SendMessage (0, 0x1203, 0x3, 0x7f7ee970)

SendMessage (0, 0x1204, 0x3, 0x7f7ee970)

SendMessage (0, 0x1203, 0x4, 0x7f7ee970)

SendMessage (0, 0x1204, 0x4, 0x7f7ee970)

* Assertion at strenc.c:183, condition `utf8!=NULL' not met


Stacktrace:


at unknown 0x

at (wrapper managed-to-native)
KeePass.Native.NativeMethods.GetFileAttributes (string) 0x

at KeePass.Native.NativeMethods.FileExists (string) 0x0002d

at KeePass.Util.WinUtil.RemoveZoneIdentifier (string) 0x0006e

at KeePass.Forms.MainForm.OnFormLoadParallelAsync (object) 0x00090

at (wrapper runtime-invoke) Module.runtime_invoke_void__this___object
(object,intptr,intptr,intptr) 0x


=

Got a SIGABRT while executing native code. This usually indicates

a fatal error in the mono runtime or one of the native libraries

used by your application.

=


Abort trap (core dumped)



I would appreciate your help

Regards

Andrzej



Re: SuperMicro thin mini itx?

2015-08-20 Thread Gene
On Wed, Aug 19, 2015 at 1:47 AM, Quartz qua...@sneakertech.com wrote:

 We need to build some OpenBSD-based network devices that we'd strongly
 prefer to be based on SuperMicro hardware. Does anyone know offhand if they
 offer any products that conform to the Thin-Mini-ITX standard? Their
 website is unhelpful and so far their marketing email hasn't responded to
 inquiries.


Why would you contact their marketing department?  That's silly.

Contact their support department.  If you don't mind waiting a day or so
send them an email.  If you want a faster answer call their support line.
They'll answer your questions and won't require any type of account with
them to get their assistance.

-Gene



Re: USB mouse spontaneously detaching

2015-08-20 Thread howard eisenberger
Data point: plugging a no-name USB mouse into a PS/2 to USB
adapter instead of directly into a USB 2.0 port on old HP amd64
board seems to have solved this in my case.

Regards,

Howard E.



Re: SuperMicro thin mini itx?

2015-08-20 Thread Quartz

 From Supermicro website:
http://www.supermicro.nl/products/motherboard/ATOM/
http://www.supermicro.nl/products/embedded/embedded_motherboard.cfm


I know they sell Atom-based boards and various embedded boards, but just 
because it's Atom and/or embedded doesn't automatically mean it conforms 
to the thin-mini-itx standard.




X9SBAA-F


That one doesn't qualify either. Same issue with a high stack and no DC 
plug.




Set screen resolution for inteldrm during boot ?

2015-08-20 Thread nawi
Hello !

I am new to OpenBSD - sorry if I ask about a already documented thing.

I have here a Lenovo ThinkPad W541 which works till X without problems.
The dmesg shows, that the resolution switches to 2880x1620 during boot.
Is there a way (UKC) to change the resolution during boot for the console ?

Thanks for your help.

Regards,


Christoph

dmesg :

OpenBSD 5.8 (GENERIC.MP) #1234: Thu Aug  6 09:26:52 MDT 2015
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 33939300352 (32367MB)
avail mem = 32906813440 (31382MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0x7cd2d000 (69 entries)
bios0: vendor LENOVO version GNET73WW (2.21 ) date 03/12/2015
bios0: LENOVO 20EFS00B00
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP DBGP ECDT HPET APIC MCFG SSDT SSDT SSDT SSDT SSDT
SSDT SSDT PCCT SSDT TCPA UEFI POAT ASF! BATB FPDT UEFI
acpi0: wakeup devices LID_(S4) SLPB(S3) IGBE(S4) EXP2(S4) EXP3(S4)
XHCI(S3) EHC1(S3) EHC2(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpiec0 at acpi0
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-4810MQ CPU @ 2.80GHz, 2794.08 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i7-4810MQ CPU @ 2.80GHz, 2793.53 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Core(TM) i7-4810MQ CPU @ 2.80GHz, 2793.53 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i7-4810MQ CPU @ 2.80GHz, 2793.54 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 1, package 0
cpu4 at mainbus0: apid 4 (application processor)
cpu4: Intel(R) Core(TM) i7-4810MQ CPU @ 2.80GHz, 2793.53 MHz
cpu4:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
cpu4: 256KB 64b/line 8-way L2 cache
cpu4: smt 0, core 2, package 0
cpu5 at mainbus0: apid 5 (application processor)
cpu5: Intel(R) Core(TM) i7-4810MQ CPU @ 2.80GHz, 2793.54 MHz
cpu5:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
cpu5: 256KB 64b/line 8-way L2 cache
cpu5: smt 1, core 2, package 0
cpu6 at mainbus0: apid 6 (application processor)
cpu6: Intel(R) Core(TM) i7-4810MQ CPU @ 2.80GHz, 2793.53 MHz
cpu6:

Re: Set screen resolution for inteldrm during boot ?

2015-08-20 Thread Theo de Raadt
 I am new to OpenBSD - sorry if I ask about a already documented thing.
 
 I have here a Lenovo ThinkPad W541 which works till X without problems.
 The dmesg shows, that the resolution switches to 2880x1620 during boot.
 Is there a way (UKC) to change the resolution during boot for the console ?

No.

We have no plans to do that, since the kernel would need to store
additional font sizes.



Re: IPv6 source addresse selection

2015-08-20 Thread Stuart Henderson
On 2015-08-19, Denis Fondras open...@ledeuns.net wrote:
 Hi,

 I have an OpenBSD5.7 router with IPv6 enabled. I have multiple IPv6 addresses 
 :
 - em0 : 2a00:6060::1/64
 - em1 : 2001:7f8:81::6:983:1/64
 - gif0 : 2001:470:11:c8::2/128

 IPv6 access is provided by HurricaneElectric tunnel with BGP.

 When I try to reach 2001:7a8:b5ad::1, 2001:7f8:81::6:983:1 is selected as the
 source address :

 PING6(56=40+8+8 bytes) 2001:7f8:81::6:983:1 -- 2001:7a8:b5ad::1
 ^C
 --- 2001:7a8:b5ad::1 ping6 statistics ---
 3 packets transmitted, 0 packets received, 100.0% packet loss

 Even though :
 # route -n get 2001:7a8:b5ad::1 
route to: 2001:7a8:b5ad::1
 destination: 2001:7a8::
mask: :::
 gateway: 2001:470:11:c8::2
   interface: gif0
  if address: 2001:470:11:c8::2
priority: 48 (bgp)
   flags: UP,GATEWAY,DONE
  use   mtuexpire
  138 0 0 

 Per RFC6724 :
Rule 5: Prefer outgoing interface.
If SA is assigned to the interface that will be used to send to D and
SB is assigned to a different interface, then prefer SA.  Similarly,
if SB is assigned to the interface that will be used to send to D and
SA is assigned to a different interface, then prefer SB.

 Per se, it is not a big deal but in my case 2001:7f8:81::/48 is an IXP prefix
 and it is not announced in the DFZ so packets never make it back to the 
 router.

 The issue is reproduced with OpenBSD5.8.

 Anything I could try before diving into the source address selection code ?

You should be able force it to not be used by doing 'inet6 2001:7f8:81::6:983:1
pltime 0' (just applies to automatic selection, you can still set it manually
for IXP peerings), but the behaviour you describe doesn't sound quite right so
diving into in6_ifawithscope() seems like a good idea.



Re: Ubiquiti EdgeRouter Lite

2015-08-20 Thread Chris Cappuccio
Stuart Henderson [s...@spacehopper.org] wrote:
 On 2015-08-18, Ted Unangst t...@tedunangst.com wrote:
  I don't use IPsec, and I notice that Ubiquiti don't mention it as a selling
  point for the device. I would probably not use the edgerouter for anything 
  too
  far outside what the adverising materials say (just running openbsd 
  instead).
 
 The advertising materials quote things like 1Mpps, you aren't going to
 see anything like that with OpenBSD. They are based around running EdgeOS
 which uses hw acceleration, afaik this is difficult without Cavium's SDK.
 

They also get 700kpps with IPv6 forwarding (which is not hardware accelerated
on that platform). The Cavium SDK fits in a bunch of memory and cache
optimizations for the platform, there are some Cavium lessons to be learned.
Also the general network stack improvement in the routing table and the
MP work may be critical here!

 Much as I like the idea of non-x86 for this, if I wanted a small router
 running OpenBSD rather than a platform to hack on I'd first look at the
 APU. (I don't have one myself but upgraded the OS on one at a customer's
 recently, it doesn't seem to run as warm as it used to, possibly due to
 the changes to the mwait-based idle loop which is in 5.8/-current).

The APU is pretty nice for the price and the power consumption, like the
ERL but faster with OpenBSD today. (The md5 -t test is 3.5x faster, for
instance, 163195232 bytes/second.)



Re: SuperMicro thin mini itx?

2015-08-20 Thread Chris Cappuccio
Quartz [qua...@sneakertech.com] wrote:
 Why would you contact their marketing department?  That's silly.
 
 Well because I assume that marketing encompasses sales, and the sales
 department kinda ought to know what products the company sells.
 
 
 Contact their support department.
 
 I ended up doing that anyway earlier this morning. If I don't hear back from
 them maybe I'll try calling tomorrow or something.

They're actually pretty good about answering questions on the phone,
even on the first call.



Re: SuperMicro thin mini itx?

2015-08-20 Thread lists
  From Supermicro website:
 http://www.supermicro.nl/products/motherboard/ATOM/
 http://www.supermicro.nl/products/embedded/embedded_motherboard.cfm
 
 Recently I bought a X9SBAA-F on ebay and except this bug[1] everything
 is working as it should.
 
 [1] http://marc.info/?l=openbsd-bugsm=144001965023035w=2

Hey, thanks for the dmesg.

Here's another previous model X7SPA-HF-D525 report working excellent
since 2011:

http://marc.info/?l=openbsd-miscm=143809718924583

The only gripe is the Matrox MGA G200eW used to work with X and not at
present (some update in Xorg broke it):

[100914.283] (EE) MGA(0): Unable to map Framebuffer FC00 80.  Bad file 
descriptor (9)
[100914.284] (WW) MGA(0): Could not retrieve video BIOS!
[100914.284] (EE) MGA(0): Unable to detect video RAM.
[100914.284] (EE) Screen(s) found, but none have a usable configuration.

$ sudo lspci -nnvv -d 102b:
04:04.0 VGA compatible controller [0300]: Matrox Electronics Systems Ltd. MGA 
G200eW WPCM450 [102b:0532] (rev 0a) (prog-if 00 [VGA controller])
Subsystem: Super Micro Computer Inc Device [15d9:060a]
Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- 
Stepping- SERR- FastB2B- DisINTx-
Status: Cap+ 66MHz- UDF- FastB2B+ ParErr- DEVSEL=medium TAbort- 
TAbort- MAbort- SERR- PERR- INTx-
Latency: 64 (4000ns min, 8000ns max), Cache Line Size: 32 bytes
Interrupt: pin A routed to IRQ 15
Region 0: Memory at fc00 (32-bit, prefetchable)
Region 1: Memory at fdffc000 (32-bit, non-prefetchable)
Region 2: Memory at fe00 (32-bit, non-prefetchable)
Capabilities: [dc] Power Management version 1
Flags: PMEClk- DSI+ D1- D2- AuxCurrent=0mA 
PME(D0-,D1-,D2-,D3hot-,D3cold-)
Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME-

tested on current snapshot:

OpenBSD 5.8-current (GENERIC.MP) #1240: Tue Aug 18 16:02:36 MDT 2015
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP



Re: SuperMicro thin mini itx?

2015-08-20 Thread Quartz

Why would you contact their marketing department?  That's silly.


Well because I assume that marketing encompasses sales, and the 
sales department kinda ought to know what products the company sells.




Contact their support department.


I ended up doing that anyway earlier this morning. If I don't hear back 
from them maybe I'll try calling tomorrow or something.




Re: KeePass 2.30- libpng and other errors

2015-08-20 Thread Peter Van Eenoo
If you don't need the keepass 2x functionality, then the keepass 1x package
is available and works great.
On Aug 20, 2015 8:28 AM, Andrzej Drewnowski andrewdrewnow...@gmail.com
wrote:

 Hello!

 I am trying to run KeePass on OpenBSD (amd64)- current (but on 5.7 are the
 same errors). I installed Mono from packages and downloaded
 KeePass-2.30-portable. Unfortunately I can't start KeePass because of this
 errors:


 SendMessage (25165861, 0x112c, 0x4, 0x4)

 libpng error: invalid after png_start_read_image or png_read_update_info

 libpng error: invalid after png_start_read_image or png_read_update_info

 libpng error: invalid after png_start_read_image or png_read_update_info

 libpng error: invalid after png_start_read_image or png_read_update_info

 SendMessage (25165855, 0x101f, 0x0, 0x0)

 SendMessage (0, 0x1203, 0x0, 0x7f7ee970)

 SendMessage (0, 0x1204, 0x0, 0x7f7ee970)

 SendMessage (0, 0x1203, 0x1, 0x7f7ee970)

 SendMessage (0, 0x1204, 0x1, 0x7f7ee970)

 SendMessage (0, 0x1203, 0x2, 0x7f7ee970)

 SendMessage (0, 0x1204, 0x2, 0x7f7ee970)

 SendMessage (0, 0x1203, 0x3, 0x7f7ee970)

 SendMessage (0, 0x1204, 0x3, 0x7f7ee970)

 SendMessage (0, 0x1203, 0x4, 0x7f7ee970)

 SendMessage (0, 0x1204, 0x4, 0x7f7ee970)

 * Assertion at strenc.c:183, condition `utf8!=NULL' not met


 Stacktrace:


 at unknown 0x

 at (wrapper managed-to-native)
 KeePass.Native.NativeMethods.GetFileAttributes (string) 0x

 at KeePass.Native.NativeMethods.FileExists (string) 0x0002d

 at KeePass.Util.WinUtil.RemoveZoneIdentifier (string) 0x0006e

 at KeePass.Forms.MainForm.OnFormLoadParallelAsync (object) 0x00090

 at (wrapper runtime-invoke) Module.runtime_invoke_void__this___object
 (object,intptr,intptr,intptr) 0x


 =

 Got a SIGABRT while executing native code. This usually indicates

 a fatal error in the mono runtime or one of the native libraries

 used by your application.

 =


 Abort trap (core dumped)



 I would appreciate your help

 Regards

 Andrzej



Re: Set screen resolution for inteldrm during boot ?

2015-08-20 Thread Christoph R. Murauer
No.

We have no plans to do that, since the kernel would need to store
additional font sizes.

Thanks for your answer.

No problem - I thought I missed maybe some documentation about it. Only for my 
understanding, a „workaround would then be to disable inteldrm in UKC to keep 
the default resolution of the console and use for X a xorg.conf ?