Re: dhclient broken on 2015-09-21 amd64 snapshot
On 2015/09/23 08:16, Kurt Mosiejczuk wrote: > On Wed, Sep 23, 2015 at 07:37:05AM +, Stuart Henderson wrote: > > On 2015-09-22, Kurt Mosiejczukwrote: > > > I just updated my current box to yesterdays (2015-09-21) snapshot. Now > > > it won't keep a network address. > > > That's a recent bug - should be fixed if you update again. > > Excellent. I'll watch my mirror for a newer snapshot. It just occurred > to me I didn't have a problem when using bsd.rd. Hopefully that is still > true when I try and install the new snapshot. > > Can you point me at the bug fix? I was looking at cvsweb again and the > newest change I could see there is 2 weeks ago... I believe this is the issue fixed by this commit - if you saved the previous kernel before updating, you might be able to boot with that instead. - PatchSet 4122 Date: 2015/09/22 11:05:00 Author: mpi Branch: HEAD Tag: (none) Log: When a connected route is deleted, pass the corresponding priority to rtrequest1(9) otherwise the route will remain attached to a stale ifa. Found by matthieu@ Members: route.c:1.240->1.241 Index: src/sys/net/route.c diff -u src/sys/net/route.c:1.240 src/sys/net/route.c:1.241 --- src/sys/net/route.c:1.240 Mon Sep 21 11:15:27 2015 +++ src/sys/net/route.c Tue Sep 22 10:05:00 2015 @@ -1,4 +1,4 @@ -/* $OpenBSD: route.c,v 1.240 2015/09/21 11:15:27 mpi Exp $ */ +/* $OpenBSD: route.c,v 1.241 2015/09/22 10:05:00 mpi Exp $ */ /* $NetBSD: route.c,v 1.14 1996/02/13 22:00:46 christos Exp $ */ /* @@ -1267,6 +1267,9 @@ if (flags & (RTF_LOCAL|RTF_BROADCAST)) prio = RTP_LOCAL; + + if (flags & RTF_CONNECTED) + prio = RTP_CONNECTED; error = rtrequest1(RTM_DELETE, , prio, , rtableid); if (error == 0) {
Separators [Was: lighter sleep]
North American? ... On 22/09/15 12:45 AM, Mark Kettenis wrote: From: Christian WeisgerberDate: Mon, 21 Sep 2015 14:29:03 + (UTC) On 2015-09-21, Stefan Sperling wrote: The function that parses funny numbers is iswdigit() which gets a wchar_t. But sleep(1) doesn't need that. The sole somewhat realistic use of i18n in sleep(1) is the decimal separator, so you could do $ sleep 1,5 in an appropriate locale. Of course the current code doesn't support that. And fortunately POSIX agrees with our implementation: The following operand shall be supported: time A non-negative decimal integer specifying the number of seconds for which to suspend execution. You could argue that the thousands separator should be supported though: $ sleep 1.000.000 if your locale is something vaguely european, and # sleep 1,000,000 for the north-americans. I grew up with "," separators as British Commonwealth, not North American. The Commonwealth does extend beyond Canada; the British Empire precedes the USA; so you might just call "," (as 10^3 separators) British, Commonwealth or non-Euro. Douglas (Australia) But let's not go there...
Re: ugen0 instead of urtwn0
> Those instructions are for 5.8 or possible 5.7, they aren't needed for > -current snapshots which already include this change. > Of course, I read the files. -- Thuban PubKey : http://yeuxdelibad.net/Divers/thuban.pub [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Gmane carries Squish OpenBSD Source Changes aggregate lists
Hi misc@ advocacy@ As mentioned on the OpenBSD Mailing Lists page [1] in the Other Lists section, the fine folks at squish.net [2] run daily and weekly source changes and ports changes summary lists: [1] http://www.openbsd.org/mail.html#OtherLists [2] http://www.squish.net/log/openbsd-source-changes/ Since May 2015 these are now carried also by Gmane [3] on yours truly humble request's and the kind cooperation by Lars Ingebrigtsen (responsible for and running Gmane and other useful services and software tools) [3] http://news.gmane.org/search.php?match=openbsd.changes These are now tested for a while and supposedly September is a good month to announce this insignificant addition, and the fact that these are also available by NNTP as well as honourable mention in the List Archives [4] section of the OpenBSD Mailing Lists page: [4] http://www.openbsd.org/mail.html#Archives Thank you for your time reading this, and everyone participating. Regards, Anton
Re: ugen0 instead of urtwn0
On 2015-09-23, Thubanwrote: > * Stefan Sperling le [22-09-2015 11:33:28 +0200]: >> >> Starting with pristine OpenBSD 5.8 kernel source (or 5.7, if you want to >> try your luck), add the line [..snip..] > Thank you for this very complete explanations. > > Currently, I can't build the kernel without any error vith the last > snapshot, even without modifying anything. > Same with current. > I'll wait some time and see. Those instructions are for 5.8 or possible 5.7, they aren't needed for -current snapshots which already include this change.
rookie questions about flavors
Hello, I'm not sure to understand correctly somme points : 1. A snapshot is a build made at one time of the developpement, more recent than *-stable* flavor. It is not *-current*. Can we consider a snapshot as an unreleased *5.8* at this time. Or is it above *5.8*? 2. In odrer to build the system, one can choose : - to follow *-current* with `cvs -d$CVSROOT checkout -P src` - to follow *-stable* with `cvs -d$CVSROOT checkout -rOPENBSD_5_7 -P src ` Is it possible to upgrade from 5.7 yo 5.8 using this flag : cvs -d$CVSROOT checkout -rOPENBSD_5_8 -P src 3. If one use a 5.8 snapshot (i.e [1] ), is it possible to apply updates for 5.8 *-stable* later? And if so, what PKG_PATH should be used to stay on 5.8? PKG_PATH=http://ftp.eu.openbsd.org/pub/OpenBSD/snapshots/packages/`uname -m`/ then switch to PKG_PATH=http://ftp.eu.openbsd.org/pub/OpenBSD/5.8/packages/`uname -m`/ when 5.8 is released? The missing packages must be replaced with ports build until the 19 Oct? Sorry for the long message. I know the best is to use *-current* or a *-stable* flavor, but I wish to understand these points in order to keep things clean. Regards [1]Â : http://ftp.openbsd.org/pub/OpenBSD/snapshots/amd64/install58.iso -- Thuban [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: rookie questions about flavors
On Wed, Sep 23, 2015 at 02:55:21PM +0200, Thuban wrote: > Hello, > I'm not sure to understand correctly somme points : > 1. A snapshot is a build made at one time of the developpement, more > recent than *-stable* flavor. > It is not *-current*. Can we consider a snapshot as an unreleased *5.8* > at this time. Or is it above *5.8*? Actually, snapshots are in almost all cases built from -current cvs checkouts. At times snaps have included not yet committed code that was in need of testing, but I'm not too sure how often that has happened recently. So any snapshot you download by now is past 5.8, with hints of things that will be in 5.9 (but the exact feature set of 5.9 is not yet known). > Is it possible to upgrade from 5.7 yo 5.8 using this flag : > cvs -d$CVSROOT checkout -rOPENBSD_5_8 -P src In almost all cases, a binary upgrade followed by sysmerge will be quicker and easier, but in the general case, yes. > 3. If one use a 5.8 snapshot (i.e [1] ), is it possible to apply updates > for 5.8 *-stable* later? No. As I said earlier (and would be clear from a careful reading of the FAQ), snapshots track -current, not -stable. - Peter -- Peter N. M. Hansteen, member of the first RFC 1149 implementation team http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/ "Remember to set the evil bit on all malicious network traffic" delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
Re: Making IPv6 NAT prefer privacy address
On 23 September 2015 at 15:34, Giancarlo Razzoliniwrote: > Em 23-09-2015 04:40, Stuart Henderson escreveu: >> Saves messing about with DHCPv6-PD > > I see. So you translate from what exactly? Wouldn't it be better to use > af-to instead of nat? Hello, Rather than announcing the prefix obtained via DHCPv6-PD you can pick a prefix from fd00::/8 and announce that on your network. It is the equivalent to RFC1918 addresses, except it is for IPv6. Therefore, it is not routable and you need to perform NAT on it. The global address is the one the router obtained via static configuration/SLAAC/DHCPv6, which will then be used by all your clients. > But I can relate to that, given that my CPE will > give me a PD, but won't route packets back because it thinks the prefix > is reachable using NDP. Hence the need for a proxy, which OpenBSD > currently doesn't have. > > Cheers, > Giancarlo Razzolini > Your CPE will see only the OpenBSD router's address so it should work. Marios
Re: Making IPv6 NAT prefer privacy address
Em 23-09-2015 04:40, Stuart Henderson escreveu: > Saves messing about with DHCPv6-PD I see. So you translate from what exactly? Wouldn't it be better to use af-to instead of nat? But I can relate to that, given that my CPE will give me a PD, but won't route packets back because it thinks the prefix is reachable using NDP. Hence the need for a proxy, which OpenBSD currently doesn't have. Cheers, Giancarlo Razzolini
Re: Booting Live openbsd image on fat32 media
The Windows DISKPART command-line utility (Windows Vista and later) can split your USB disk into multiple partitions. There are no GUI tools that can do this, to the best of my knowledge, though perhaps the Disk Management (diskmgmt.msc) snap-in can. On Mon, 21 Sep 2015 16:24:40 +0330 Mohammad BadieZadeganwrote: > OK, It's true, > But spliting the memstick into 2 partition causes more questions: > 1.What tools can do that best? > 2.What is the size of partitions? > 3.How can write OpenBSD memstick image on the last partition? > > On Mon, Sep 21, 2015 at 4:12 PM, Dmitrij D. Czarkoff > wrote: > > > Mohammad BadieZadegan said: > > > How put OpenBSD image on it that don't curropt its file system or > > > booting OpenBSD? > > > > The easiest way is to split your drive in two partitions: first one > > should be FAT32 if you want it so, and the last one should be > > OpenBSD slice. > > > > Windows and most consumer devices' firmwares don't read partition > > table on USB flash devices, so these systems won't notice your > > OpenBSD partition, but it will be bootable. > > > > -- > > Dmitrij D. Czarkoff
Re: rookie questions about flavors
Thanks a lot for this answer. > > 3. If one use a 5.8 snapshot (i.e [1] ), is it possible to apply updates > > for 5.8 *-stable* later? > > No. As I said earlier (and would be clear from a careful reading of the FAQ), > snapshots track -current, not -stable. Finding an install58.iso in a snapshot directory gave me some doubts about what i understood in the FAQ (as english is not my first language). -- Thuban PubKey : http://yeuxdelibad.net/Divers/thuban.pub [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: rookie questions about flavors
On 2015-09-23 09:41, Peter N. M. Hansteen wrote: On Wed, Sep 23, 2015 at 02:55:21PM +0200, Thuban wrote: Is it possible to upgrade from 5.7 yo 5.8 using this flag : cvs -d$CVSROOT checkout -rOPENBSD_5_8 -P src In almost all cases, a binary upgrade followed by sysmerge will be quicker and easier, but in the general case, yes. Source code "upgrades" are possible, but completely unsupported. So any user conducting one is entirely on his own. I used to do this when I was preparing live media images some years ago, so they would be ready the same day as an actual release. It requires *very* careful application of the Following -current FAQ entries, especially any ABI/API changes -- the so-called "flag day" actions. --- (I cannot believe I'm offering any sort of correction of a statement by Peter Hansteen. Is the sky falling?)
Re: dhclient broken on 2015-09-21 amd64 snapshot
On Wed, Sep 23, 2015 at 07:37:05AM +, Stuart Henderson wrote: > On 2015-09-22, Kurt Mosiejczukwrote: > > I just updated my current box to yesterdays (2015-09-21) snapshot. Now > > it won't keep a network address. > That's a recent bug - should be fixed if you update again. Excellent. I'll watch my mirror for a newer snapshot. It just occurred to me I didn't have a problem when using bsd.rd. Hopefully that is still true when I try and install the new snapshot. Can you point me at the bug fix? I was looking at cvsweb again and the newest change I could see there is 2 weeks ago... > > Did the dhclient change get overlooked? Am I doing something else > > obviously wrong? > This is unrelated, but dhclient just needed recompiling with the updated > headers ("include files") to know about the larger ifmedia struct, it > just uses it to check link status and didn't require any code changes. > On the other hand ifconfig does more processing with the media status, > e.g. passing the type to another function to look up the text description, > so the variable types need changing so that the larger values fit. Okay, good. Also glad I didn't work hard on getting an up to date source tree on the machine with no network currently to try and fix it :) > BTW this ifmedia change was because we were running out of space in > the structure for different media types (10base2, 10baseT, 100baseTX, > 1000baseSX, 1000baseT etc for ethernet, various modulation types for > 802.11 wireless, etc), the change allows space for more types for > future use (e.g. there's an IEEE working group, 802.3bz, looking at > standardizing 2.5/5Gb over cat5e, and other existing standards we don't > support yet). Cool. Thanks for the explanation on the change. --Kurt
Re: rookie questions about flavors
Josh Grosse wrote: > On 2015-09-23 09:41, Peter N. M. Hansteen wrote: > > On Wed, Sep 23, 2015 at 02:55:21PM +0200, Thuban wrote: > > >> Is it possible to upgrade from 5.7 yo 5.8 using this flag : > >> cvs -d$CVSROOT checkout -rOPENBSD_5_8 -P src > > > > In almost all cases, a binary upgrade followed by sysmerge will be > > quicker and > > easier, but in the general case, yes. > > Source code "upgrades" are possible, but completely unsupported. So any One of the reasons they're not supported is because that's not how developers upgrade. In particular, the machines building the 5.8 release were not upgraded from 5.7 that way. They were building current the whole time in between. You may well be the first person to even try it.
Re: SR RAID5 rebuild/stability issue.
On Tuesday 22 September 2015 09:58:57 Karel Gardas wrote: > On Tue, Sep 22, 2015 at 3:20 AM, Chris Cappucciowrote: > > Karel Gardas [gard...@gmail.com] wrote: > >> Let me ask, should SR RAID5 survive such testing or is for example > >> rebuilding with off-lined drive considered unsupported feature? > > > > It's new, considered experimental and not well tested. > > OK so I'll omit this from my testing. > > > Are you working with someone to bring your RAID1 changes in tree? The > > complete, understood improvements should be individually labeled > > and committed, one by one. > > So far on tech@ I was merely ignored, but this is probably due to the > fact that I posted patches[1][2][3] clearly marked as a > work-in-progress. Once the patch is complete I will offer my view how > it may be divided and perhaps discussion will start... It has not been ignored; but you've not yet received a reply :) > [1] https://www.mail-archive.com/tech@openbsd.org/msg25388.html > [2] https://www.mail-archive.com/tech@openbsd.org/msg25419.html > [3] https://www.mail-archive.com/tech@openbsd.org/msg25716.html
Re: Making IPv6 NAT prefer privacy address
Em 23-09-2015 11:49, Stuart Henderson escreveu: > Exactly. It also makes it easier to handle multiple ISPs for load-balancing > or failover, which IPv6 handles poorly (short of using BGP). Wouldn't multipath and properly constructed ifstated scripts be better in this case? Like reloading dhcpv6 servers, rtadvd, and anchors, etc. > > Also it's good for winding up IPv6 purists :-) Wound up me. :-) Cheers, Giancarlo Razzolini
Re: rookie questions about flavors
Am Mittwoch, den 23.09.2015, 14:55 +0200 schrieb Thuban: > 1. A snapshot is a build made at one time of the developpement, more > recent than *-stable* flavor. Correct. > It is not *-current*. Can we consider a snapshot as an unreleased > *5.8* > at this time. Or is it above *5.8*? At this point of time, it is fresher than 58. Look at -snapshot more as the -current of a few days ago (depending on your architecture). > 2. In odrer to build the system, one can choose : > - to follow *-current* with `cvs -d$CVSROOT checkout -P src` > - to follow *-stable* with `cvs -d$CVSROOT checkout -rOPENBSD_5_7 > -P src > ` > > Is it possible to upgrade from 5.7 yo 5.8 using this flag : > cvs -d$CVSROOT checkout -rOPENBSD_5_8 -P src Er, ay, never done it this way but I should think so, if you do it carefully. You should follow the instructions on the website nevertheless. > 3. If one use a 5.8 snapshot (i.e [1] ), is it possible to apply > updates > for 5.8 *-stable* later? No, as -snapshot is already newer than 58. > Sorry for the long message. I know the best is to use *-current* or a > *-stable* flavor, but I wish to understand these points in order to > keep > things clean. Well, usually there are two paths: To follow -current: * Use -snapshots * Update to -current (CVS) when you require it (e.g. to test some new code). To follow -stable(ish): * Install a -release * Update from CVS * OR use errata patches * OR use M:TIER stable service -- David Dahlberg Fraunhofer FKIE, Dept. Communication Systems (KOM) | Tel: +49-228-9435-845 Fraunhoferstr. 20, 53343 Wachtberg, Germany| Fax: +49-228-856277
Re: Making IPv6 NAT prefer privacy address
Em 23-09-2015 11:16, Marios Makassikis escreveu: > Rather than announcing the prefix obtained via DHCPv6-PD you can pick a prefix > from fd00::/8 and announce that on your network. > It is the equivalent to RFC1918 addresses, except it is for IPv6. Figured it. These are ULA, right? > Therefore, it is > not routable and you need to perform NAT on it. The global address is the one > the router obtained via static configuration/SLAAC/DHCPv6, which will then be > used by all your clients. It kind of defeats the purpose of IPv6, doesn't it? > Your CPE will see only the OpenBSD router's address so it should work. I ended up setting up a bridge for that. It's harder to filter on them though. I plan to port some NDP proxy to OpenBSD, but all of the candidates looked very cumbersome to my taste. I'll have eventually to do it, unless someone else beat me to it. Cheers, Giancarlo Razzolini
Re: SR RAID5 rebuild/stability issue.
On Monday 21 September 2015 23:02:39 Karel Gardas wrote: > Hello, > > due to work on SR RAID1 check summing support where I've touched SR > RAID internals (workunit scheduling) I'd like to test SR RAID5/6 > functionality on snapshot and on my tree to see that I've not broken > the stuff while hacking it. My current problem is that I'm not able to > come with some testing which would not break RAID5 (I'm starting with > it) after several hours of execution while using snapshot. My test is > basically: > - on one console in loop > mount raid to /raid > rsync /usr/src/ to /raid > compute sha1 sums of all files in /raid > umount /raid > mount /raid > check sha1 -- if failure, fail the test, if not, just repeat > - on another console in loop > - off line random drive > - wait random time (up to minute) > - rebuild raid with the offlined drive > - wait random time (up to 2 minutes) > - repeat > > Now, the issue with this is that I get sha1 errors from time to time. > Usually in such case the problematic source file contain some garbage. > Since I do not yet have a machine dedicated to this testing, I'm using > for this thinkpad T500 with one drive. I just created 4 RAID slices in > OpenBSD partition. Last week I've been using vndX devices (and files), > but this way I even got to kernel panic (on snapshot) like this one: > http://openbsd-archive.7691.n7.nabble.com/panic-ffs-valloc-dup-alloc-td25473 > 8.html -- so this weekend I've started testing with slices and so far not > panic, but still data corruption issue. Last snapshot I'm using for testing > is from last Sunday. > > Let me ask, should SR RAID5 survive such testing or is for example > rebuilding with off-lined drive considered unsupported feature? RAID5 should work (ignore RAID6 - it is still incomplete) and rebuilding should be functional: http://undeadly.org/cgi?action=article=20150413071009 When I reenabled RAID5, I had tested it reasonably as I could, but it still needs to be put through its paces. How are you offlining the drive? If you're doing it via bioctl then it will potentially behave differently to a hardware failure (top down through the bio(4)/softraid(4) driver, instead of bottom up via the I/O path). If you can dependably reproduce the issue then I would certainly be interested in tracking down the cause.
Re: Making IPv6 NAT prefer privacy address
On 2015/09/23 16:16, Marios Makassikis wrote: > On 23 September 2015 at 15:34, Giancarlo Razzolini> wrote: > > Em 23-09-2015 04:40, Stuart Henderson escreveu: > >> Saves messing about with DHCPv6-PD > > > > I see. So you translate from what exactly? Wouldn't it be better to use > > af-to instead of nat? > > Hello, > > Rather than announcing the prefix obtained via DHCPv6-PD you can pick a prefix > from fd00::/8 and announce that on your network. > It is the equivalent to RFC1918 addresses, except it is for IPv6. > Therefore, it is > not routable and you need to perform NAT on it. The global address is the one > the router obtained via static configuration/SLAAC/DHCPv6, which will then be > used by all your clients. > > > But I can relate to that, given that my CPE will > > give me a PD, but won't route packets back because it thinks the prefix > > is reachable using NDP. Hence the need for a proxy, which OpenBSD > > currently doesn't have. > > > > Cheers, > > Giancarlo Razzolini > > > > Your CPE will see only the OpenBSD router's address so it should work. Exactly. It also makes it easier to handle multiple ISPs for load-balancing or failover, which IPv6 handles poorly (short of using BGP). Also it's good for winding up IPv6 purists :-)
Re: rookie questions about flavors
On 2015-09-23 10:52, Ted Unangst wrote: You may well be the first person to even try it. Peter was correct, though. It is *possible*. :) I haven't produced live media since 5.1, so it's been several years since I last needed to do this. And, if I'd done a better job of pre-launch planning, I'd have built from a previous -current rather than already having all my -current systems beyond the nexxt -release.
Re: Making IPv6 NAT prefer privacy address
Giancarlo, Why are you unable to route your DHCPv6-PD? I ask because I have been able to use OpenBSD as a typical IPv4 NAT type of router as well as a pure IPv6 router (does use pf for firewalling the router and the PD subnet, but no NAT on IPv6) all for my home network LAN. I use a fair bit of custom scripts and a little known DHCPv6 client software not available in OpenBSD ports (at least last time I checked) to make it all work. But I've been using this setup now for at least 2 or more years now successfully and it can sometimes run reliably for 6 months without a hiccup. So maybe I can help. Sly On 09/23/2015 10:58 AM, Giancarlo Razzolini wrote: > Em 23-09-2015 11:49, Stuart Henderson escreveu: >> Exactly. It also makes it easier to handle multiple ISPs for load-balancing >> or failover, which IPv6 handles poorly (short of using BGP). > Wouldn't multipath and properly constructed ifstated scripts be better > in this case? Like reloading dhcpv6 servers, rtadvd, and anchors, etc. > >> Also it's good for winding up IPv6 purists :-) > Wound up me. :-) > > Cheers, > Giancarlo Razzolini
Adding zombies to a pf table?
Hello, Zombies are often attacking ports which don't have services running, such as telnet (most popular indeed), mysql, 3551, 8080, 13272, etc. With a default pf block drop in on $ext_if, how can those source ips be added to a table? Which all can be dropped & small queued. I've tried to overload a match statement, but that won't work. Or is there something handy in ports to help? Thanks. -- By the time they had diminished from 50 to 8, the other dwarves began to suspect "Hungry" ... -- Gary Larson, "The Far Side"
Re: dhclient broken on 2015-09-21 amd64 snapshot
On Wed, Sep 23, 2015 at 01:27:27PM +0100, Stuart Henderson wrote: > On 2015/09/23 08:16, Kurt Mosiejczuk wrote: > > Can you point me at the bug fix? I was looking at cvsweb again and the > > newest change I could see there is 2 weeks ago... > I believe this is the issue fixed by this commit - if you saved the > previous kernel before updating, you might be able to boot with that > instead. Ah. So the bug is even more unrelated to dhclient than I was thinking. A newer snapshot (from yesterday, 2015-09-22) was on my mirror today, and booting from the bsd.rd worked for upgrading to the newer snapshot with the fix. I'm guessing whatever caused the bug isn't enabled for the RAMDISK kernel. --Kurt
Re: UEFI boot attempt on AM1 platform with logs (9/16 snapshot)
> This picture shows > > Load address: Loader Data (2) 0xd0 for 4096KB FATAL > > This is what I want to know. 0xd0 + 4M is overlapping the kernel > area. > > I think the following diff or > > http://yasuoka.net/~yasuoka/BOOTX64.EFI > (updated) > > will fix the problem. Great, thanks. I grabbed the updated binary. `machine memory` is looking better, but no improvement on the boot situation, yet. This is with the latest install58.fs from 9/23 with BOOTX64.EFI replaced. http://i.imgur.com/oiEO3fr.jpg http://i.imgur.com/adwNcnk.jpg
Re: Making IPv6 NAT prefer privacy address
On 2015-09-22, Giancarlo Razzoliniwrote: > Nat on IPv6? Why? Saves messing about with DHCPv6-PD ;)
Re: dhclient broken on 2015-09-21 amd64 snapshot
On 2015-09-22, Kurt Mosiejczukwrote: > I just updated my current box to yesterdays (2015-09-21) snapshot. Now > it won't keep a network address. That's a recent bug - should be fixed if you update again. > I'm seeing a note on the current FAQ from the 12th indicating the > ifmedia options have been extended to 64 bits. I'm seeing a change to > ifconfig in the tree for this, but I don't see a corresponding change to > dhclient in the tree (looking at cvsweb). > > Did the dhclient change get overlooked? Am I doing something else > obviously wrong? This is unrelated, but dhclient just needed recompiling with the updated headers ("include files") to know about the larger ifmedia struct, it just uses it to check link status and didn't require any code changes. On the other hand ifconfig does more processing with the media status, e.g. passing the type to another function to look up the text description, so the variable types need changing so that the larger values fit. BTW this ifmedia change was because we were running out of space in the structure for different media types (10base2, 10baseT, 100baseTX, 1000baseSX, 1000baseT etc for ethernet, various modulation types for 802.11 wireless, etc), the change allows space for more types for future use (e.g. there's an IEEE working group, 802.3bz, looking at standardizing 2.5/5Gb over cat5e, and other existing standards we don't support yet).
Re: Making IPv6 NAT prefer privacy address
On 2015-09-22, Daniel Gillenwrote: > Hi > > I currently have the following rule to nat traffic out to the internet: > > match out on $if_ext inet6 from $if_int:network to any nat-to ($if_ext) > > But this chooses from one of the configures addresses (using round-robin). > > Is there a way I can configure pf to prefer the privacy address (the one > without my MAC in it)? Not at present.
HDMI on hp pavilion 10 10-f014au ?
Is there anything that can be done to get HDMI video functioning on this HP Pavilion 10 10-f015au? (dmesg below) After switching several times between virtual consoles with X11 running, it will begin to mostly mirror the laptop display on the HDMI device (a Toshiba Regza TV). It will be missing ten, maybe 15 big pixels at the top, left, and right borders. (Laptop pixels, not TV pixels.) > OpenBSD 5.8-current (GENERIC.MP) #1367: Sat Sep 12 14:59:55 MDT 2015 > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP > real mem = 1835790336 (1750MB) > avail mem = 1776250880 (1693MB) > mpath0 at root > scsibus0 at mpath0: 256 targets > mainbus0 at root > bios0 at mainbus0 > acpi0 at bios0: rev 2 > acpi0: sleep states S0 S3 S4 S5 > acpi0: tables DSDT FACP UEFI HPET APIC MCFG ASF! BOOT FPDT MSDM SSDT > SSDT SSDT SSDT SSDT > acpi0: wakeup devices GPP0(S5) GPP1(S4) OHC1(S3) OHC2(S3) OHC3(S3) > EHC1(S3) EHC2(S3) EHC3(S3) XHC0(S4) AWAD(S4) > acpitimer0 at acpi0: 3579545 Hz, 32 bits > acpihpet0 at acpi0: 14318180 Hz > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat > cpu0 at mainbus0: apid 0 (boot processor) > cpu0: AMD A4-1200 APU with Radeon(TM) HD Graphics, 998.27 MHz > cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPC NT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMC R8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,ITSC,BMI1 > cpu0: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 1MB > 64b/line 16-way L2 cache > cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative > cpu0: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative > cpu0: smt 0, core 0, package 0 > mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges > cpu0: apic clock running at 99MHz > cpu0: mwait min=64, max=64, IBE > cpu1 at mainbus0: apid 1 (application processor) > cpu1: AMD A4-1200 APU with Radeon(TM) HD Graphics, 998.13 MHz > cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS H,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPC NT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMC R8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TOPEXT,ITSC,BMI1 > cpu1: 32KB 64b/line 2-way I-cache, 32KB 64b/line 8-way D-cache, 1MB > 64b/line 16-way L2 cache > cpu1: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative > cpu1: DTLB 40 4KB entries fully associative, 8 4MB entries fully associative > cpu1: smt 0, core 1, package 0 > ioapic0 at mainbus0: apid 0 pa 0xfec0, version 21, 24 pins > ioapic1 at mainbus0: apid 5 pa 0xfec01000, version 21, 32 pins > ioapic1: misconfigured as apic 0, remapped to apid 5 > acpimcfg0 at acpi0 addr 0xf800, bus 0-63 > acpiprt0 at acpi0: bus 0 (PCI0) > acpiprt1 at acpi0: bus 1 (GPP0) > acpiprt2 at acpi0: bus 5 (GPP1) > acpiprt3 at acpi0: bus -1 (GPP2) > acpiprt4 at acpi0: bus -1 (GPP3) > acpiprt5 at acpi0: bus -1 (GFX_) > acpiec0 at acpi0 > acpicpu0 at acpi0: !C2(0@400 io@0x414), C1(@1 halt!), PSS > acpicpu1 at acpi0: !C2(0@400 io@0x414), C1(@1 halt!), PSS > acpipwrres0 at acpi0: FN00, resource for FAN0 > acpitz0 at acpi0: critical temperature is 118 degC > acpibtn0 at acpi0: PWRB > acpiac0 at acpi0: AC unit online > acpibat0 at acpi0: BAT0 model "Primary" serial 43346 03/09/2014 type > LIon oem "Hewlett-Packard" > acpibtn1 at acpi0: LID_ > acpivideo0 at acpi0: VGA_ > acpivideo1 at acpi0: VGA_ > cpu0: 998 MHz: speeds: 1000 900 800 700 600 MHz > pci0 at mainbus0 bus 0 > pchb0 at pci0 dev 0 function 0 "AMD AMD64 16h Host" rev 0x00 > vga1 at pci0 dev 1 function 0 vendor "ATI", unknown product 0x9839 rev 0x00 > wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) > wsdisplay0: screen 1-5 added (80x25, vt100 emulation) > azalia0 at pci0 dev 1 function 1 vendor "ATI", unknown product 0x9840 > rev 0x00: msi > azalia0: no supported codecs > pchb1 at pci0 dev 2 function 0 vendor "AMD", unknown product 0x1538 rev 0x00 > ppb0 at pci0 dev 2 function 2 "AMD AMD64 16h PCIE" rev 0x00: msi > pci1 at ppb0 bus 1 > rtsx0 at pci1 dev 0 function 0 "Realtek RTL8402 Card Reader" rev 0x01: msi > sdmmc0 at rtsx0 > re0 at pci1 dev 0 function 2 "Realtek 8101E" rev 0x06: RTL8402 > (0x4400), msi, address 14:58:d0:06:96:26 > rlphy0 at re0 phy 7: RTL8201E 10/100 PHY, rev. 2 > ppb1 at pci0 dev 2 function 3 "AMD AMD64 16h PCIE" rev 0x00: msi > pci2 at ppb1 bus 5 > "Ralink RT3290" rev 0x00 at pci2 dev 0 function 0 not configured > "Ralink Bluetooth" rev 0x00 at pci2 dev 0 function 1 not configured > xhci0 at pci0 dev 16 function 0 vendor "AMD", unknown product 0x7814 > rev 0x01: msi > usb0 at xhci0: USB revision 3.0 > uhub0 at usb0 "AMD xHCI root hub" rev 3.00/1.00 addr 1 > ahci0 at pci0 dev 17 function 0 "AMD Hudson-2 SATA" rev 0x00: apic 0 > int 19, AHCI 1.3 > ahci0: port 0: 6.0Gb/s > scsibus1 at ahci0: 32 targets > sd0 at scsibus1 targ 0 lun
Re: ugen0 instead of urtwn0
* Stefan Sperlingle [22-09-2015 11:33:28 +0200]: > On Mon, Sep 21, 2015 at 11:14:22AM +0200, Thuban wrote: > > Hi, > > I have a usb wifi dongle supposed to work with urtwn firmware. > > usbdevs returns WNA 1000Mv2 Netgear listed here [0] > > > > But the device is detected as ugen. > > > > How can I fix this? > > This device was added to -current after 5.8. > It will work out of the box in OpenBSD 5.9. > > The easiest way to get support for it is to use snapshots (i.e. -current). > See the "Snapshots" section in http://www.openbsd.org/faq/faq5.html#Flavors > > You can try to get it to work with 5.7 but this might not work. > Getting this device to work on 5.8 (to be released on Oct 18) should be > possible using the steps below. > > Starting with pristine OpenBSD 5.8 kernel source (or 5.7, if you want to > try your luck), add the line > > product NETGEAR WNA1000Mv20x9043 WNA1000Mv2 > > somewhere in the file /usr/src/sys/dev/usb/usbdevs > > as shown here: > > === > RCS file: /cvs/src/sys/dev/usb/usbdevs,v > retrieving revision 1.654 > retrieving revision 1.655 > diff -u -r1.654 -r1.655 > --- src/sys/dev/usb/usbdevs 2015/07/15 13:25:49 1.654 > +++ src/sys/dev/usb/usbdevs 2015/08/22 15:10:19 1.655 > @@ -3135,6 +3135,7 @@ > product NETGEAR WNA1100 0x9030 WNA1100 > product NETGEAR WNA1000 0x9040 WNA1000 > product NETGEAR WNA1000M 0x9041 WNA1000M > +product NETGEAR WNA1000Mv2 0x9043 WNA1000Mv2 > > /* Netgear(2) products */ > product NETGEAR2 MA101 0x4100 MA101 > > > Now run > > $ cd /usr/src/sys/dev/usb/ > $ make > > to re-create the USB device list header files usbdevs.h and usbdevs_data.h. > > Next, add the line > > { USB_VENDOR_NETGEAR, USB_PRODUCT_NETGEAR_WNA1000Mv2 }, > > to /usr/src/sys/dev/usb/if_urtwn.c somewhere in the driver's ID table, > as shown here: > > === > RCS file: /cvs/src/sys/dev/usb/if_urtwn.c,v > retrieving revision 1.48 > retrieving revision 1.49 > diff -u -r1.48 -r1.49 > --- src/sys/dev/usb/if_urtwn.c2015/06/12 15:47:31 1.48 > +++ src/sys/dev/usb/if_urtwn.c2015/08/22 15:19:33 1.49 > @@ -110,6 +110,7 @@ > { USB_VENDOR_IODATA,USB_PRODUCT_IODATA_WNG150UM }, > { USB_VENDOR_IODATA,USB_PRODUCT_IODATA_RTL8192CU }, > { USB_VENDOR_NETGEAR, USB_PRODUCT_NETGEAR_WNA1000M }, > + { USB_VENDOR_NETGEAR, USB_PRODUCT_NETGEAR_WNA1000Mv2 }, > { USB_VENDOR_NETGEAR, USB_PRODUCT_NETGEAR_RTL8192CU }, > { USB_VENDOR_NETGEAR4, USB_PRODUCT_NETGEAR4_RTL8188CU }, > { USB_VENDOR_NETWEEN, USB_PRODUCT_NETWEEN_RTL8192CU }, > > Now compile a new kernel and install it. > > For more information on the steps involved in compiling the kernel, > see http://www.openbsd.org/faq/faq5.html#Bld and in particular this > section: http://www.openbsd.org/faq/faq5.html#BldKernel Thank you for this very complete explanations. Currently, I can't build the kernel without any error vith the last snapshot, even without modifying anything. Same with current. I'll wait some time and see. Regards -- Thuban PubKey : http://yeuxdelibad.net/Divers/thuban.pub [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
Re: ipsec tunnel over IPv6
Nevermind! Worked it out⦠I spotted that the pings I were doing from the gateways were using the source address of the external interface, which was not part of the SA. explicitly adding the source address of the *internal* interface means it now looks good: # traceroute6 -s 2001:470:1f1d:301::1 2001:41c8:11a:5::1 traceroute6 to 2001:41c8:11a:5::1 (2001:41c8:11a:5::1) from 2001:470:1f1d:301::1, 64 hops max, 60 byte packets 1 2001:41c8:11a:5::1 (2001:41c8:11a:5::1) 32.884 ms 32.795 ms 32.316 ms # -Matt > On 23 Sep 2015, at 22:31, Matt Hamiltonwrote: > > Hi all, > Iâve just tried to set up an IPSec tunnel between two IPv6 networks, over IPv6 between the OpenBSD gateways. Isakmpd seems to have set the SAs up, but traffic is not flowing over the tunnel. > > A ipsec.conf: > > ike dynamic esp from 2001:470:1f1d:301::/64 to 2001:41c8:11a:5::/64 local 2001:470:1f1c:301::2 peer 2001:41c8:11a::1 \ > main auth hmac-sha1 enc aes group modp1024 \ > quick auth hmac-sha1 enc aes \ > srcid 2001:470:1f1c:301::2 dstid 2001:41c8:11a::1 \ > psk secret > > B ipsec.conf: > > ike dynamic esp from 2001:41c8:11a:5::/64 to 2001:470:1f1d:301::/64 local 2001:41c8:11a::1 peer 2001:470:1f1c:301::2 \ > main auth hmac-sha1 enc aes group modp1024 \ > quick auth hmac-sha1 enc aes \ > srcid 2001:41c8:11a::1 dstid 2001:470:1f1c:301::2 \ > psk secret > > A ipsecctl -sa: > > # ipsecctl -sa > FLOWS: > flow esp in from 2001:41c8:11a:5::/64 to 2001:470:1f1d:301::/64 peer 2001:41c8:11a::1 srcid 2001:470:1f1c:301::2/128 dstid 2001:41c8:11a::1/128 type use > flow esp out from 2001:470:1f1d:301::/64 to 2001:41c8:11a:5::/64 peer 2001:41c8:11a::1 srcid 2001:470:1f1c:301::2/128 dstid 2001:41c8:11a::1/128 type require > > SAD: > esp tunnel from 2001:470:1f1c:301::2 to 2001:41c8:11a::1 spi 0x74ed3662 auth hmac-sha1 enc aes > esp tunnel from 2001:41c8:11a::1 to 2001:470:1f1c:301::2 spi 0x7b1c75cd auth hmac-sha1 enc aes > > B ipsecctl -sa: > > FLOWS: > flow esp in from 2001:470:1f1d:301::/64 to 2001:41c8:11a:5::/64 peer 2001:470:1f1c:301::2 srcid 2001:41c8:11a::1/128 dstid 2001:470:1f1c:301::2/128 type use > flow esp out from 2001:41c8:11a:5::/64 to 2001:470:1f1d:301::/64 peer 2001:470:1f1c:301::2 srcid 2001:41c8:11a::1/128 dstid 2001:470:1f1c:301::2/128 type require > > SAD: > esp tunnel from 2001:470:1f1c:301::2 to 2001:41c8:11a::1 spi 0x74ed3662 auth hmac-sha1 enc aes > esp tunnel from 2001:41c8:11a::1 to 2001:470:1f1c:301::2 spi 0x7b1c75cd auth hmac-sha1 enc aes > > > A ping from A to B: > # ping6 2001:41c8:11a:5::1 > PING6(56=40+8+8 bytes) 2001:470:1f1c:301::2 --> 2001:41c8:11a:5::1 > 16 bytes from 2001:41c8:11a:5::1, icmp_seq=0 hlim=57 time=31.905 ms > 16 bytes from 2001:41c8:11a:5::1, icmp_seq=1 hlim=57 time=31.843 ms > 16 bytes from 2001:41c8:11a:5::1, icmp_seq=2 hlim=57 time=31.709 ms > ^C > --- 2001:41c8:11a:5::1 ping6 statistics --- > 3 packets transmitted, 3 packets received, 0.0% packet loss > round-trip min/avg/max/std-dev = 31.709/31.819/31.905/0.082 ms > > The ping works, but it is *not* going over the tunnel. tcpdump is not showing the traffic via enc0 or any ESP traffic on the external interface. Traceroute6 also shows all intermediate hops, i.e. no tunnel. > > Is it because, being IPv6, the networks on each end can route to each other (as opposed to on IPv4 normally they are RFC1918 networks) so OpenBSD send the packets the âeasyâ route? > > -Matt > > â > Matt Hamilton > Quernus > m...@quernus.co.uk > +44 117 325 3025 > 49b Easton Business Centre > Felix Road, Easton > Bristol, BS5 0HE > > Quernus Ltd is a company registered in England and Wales. Registered number: 09076246 > â Matt Hamilton Quernus m...@quernus.co.uk +44 117 325 3025 49b Easton Business Centre Felix Road, Easton Bristol, BS5 0HE Quernus Ltd is a company registered in England and Wales. Registered number: 09076246
Re: Recommended miniPCI express wireless module for PC Engines' APU system board?
The reason I am so onto this, is, there has been so many posts and threads has been here praising the PC Engines APU boards. I assume quite a few of you use it as a router, given its Ethernet ports. Then, why not add a wireless access point, too? That might be a popular request as well. Wi-Fi is important, but unfortunately it's a hit and miss. Thanks I'm using an APU as a firewall/router and it works very well. However, after experimenting with some different wireless cards, I actually opted to install a separate EnGenius EAP600 Access Point on the main floor of my house, using PoE to run to the router/switch. This was a better solution for me as the router was in the basement, and the wireless signal from the APU wasn't very good. To answer your original question, the card that seemed to work the best in the APU was an Atheros AR9280. Regards, Mike
Re: Adding zombies to a pf table?
Craig Skinner wrote: > Hello, > > Zombies are often attacking ports which don't have services running, > such as telnet (most popular indeed), mysql, 3551, 8080, 13272, etc. > > With a default pf block drop in on $ext_if, how can those source ips be > added to a table? Which all can be dropped & small queued. > > I've tried to overload a match statement, but that won't work. > > Or is there something handy in ports to help? block log those ports, then process the log file? block quick from block quick log in to port 8080 then you won't see them showing up in the log over and over.
ipsec tunnel over IPv6
Hi all, I’ve just tried to set up an IPSec tunnel between two IPv6 networks, over IPv6 between the OpenBSD gateways. Isakmpd seems to have set the SAs up, but traffic is not flowing over the tunnel. A ipsec.conf: ike dynamic esp from 2001:470:1f1d:301::/64 to 2001:41c8:11a:5::/64 local 2001:470:1f1c:301::2 peer 2001:41c8:11a::1 \ main auth hmac-sha1 enc aes group modp1024 \ quick auth hmac-sha1 enc aes \ srcid 2001:470:1f1c:301::2 dstid 2001:41c8:11a::1 \ psk secret B ipsec.conf: ike dynamic esp from 2001:41c8:11a:5::/64 to 2001:470:1f1d:301::/64 local 2001:41c8:11a::1 peer 2001:470:1f1c:301::2 \ main auth hmac-sha1 enc aes group modp1024 \ quick auth hmac-sha1 enc aes \ srcid 2001:41c8:11a::1 dstid 2001:470:1f1c:301::2 \ psk secret A ipsecctl -sa: # ipsecctl -sa FLOWS: flow esp in from 2001:41c8:11a:5::/64 to 2001:470:1f1d:301::/64 peer 2001:41c8:11a::1 srcid 2001:470:1f1c:301::2/128 dstid 2001:41c8:11a::1/128 type use flow esp out from 2001:470:1f1d:301::/64 to 2001:41c8:11a:5::/64 peer 2001:41c8:11a::1 srcid 2001:470:1f1c:301::2/128 dstid 2001:41c8:11a::1/128 type require SAD: esp tunnel from 2001:470:1f1c:301::2 to 2001:41c8:11a::1 spi 0x74ed3662 auth hmac-sha1 enc aes esp tunnel from 2001:41c8:11a::1 to 2001:470:1f1c:301::2 spi 0x7b1c75cd auth hmac-sha1 enc aes B ipsecctl -sa: FLOWS: flow esp in from 2001:470:1f1d:301::/64 to 2001:41c8:11a:5::/64 peer 2001:470:1f1c:301::2 srcid 2001:41c8:11a::1/128 dstid 2001:470:1f1c:301::2/128 type use flow esp out from 2001:41c8:11a:5::/64 to 2001:470:1f1d:301::/64 peer 2001:470:1f1c:301::2 srcid 2001:41c8:11a::1/128 dstid 2001:470:1f1c:301::2/128 type require SAD: esp tunnel from 2001:470:1f1c:301::2 to 2001:41c8:11a::1 spi 0x74ed3662 auth hmac-sha1 enc aes esp tunnel from 2001:41c8:11a::1 to 2001:470:1f1c:301::2 spi 0x7b1c75cd auth hmac-sha1 enc aes A ping from A to B: # ping6 2001:41c8:11a:5::1 PING6(56=40+8+8 bytes) 2001:470:1f1c:301::2 --> 2001:41c8:11a:5::1 16 bytes from 2001:41c8:11a:5::1, icmp_seq=0 hlim=57 time=31.905 ms 16 bytes from 2001:41c8:11a:5::1, icmp_seq=1 hlim=57 time=31.843 ms 16 bytes from 2001:41c8:11a:5::1, icmp_seq=2 hlim=57 time=31.709 ms ^C --- 2001:41c8:11a:5::1 ping6 statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 31.709/31.819/31.905/0.082 ms The ping works, but it is *not* going over the tunnel. tcpdump is not showing the traffic via enc0 or any ESP traffic on the external interface. Traceroute6 also shows all intermediate hops, i.e. no tunnel. Is it because, being IPv6, the networks on each end can route to each other (as opposed to on IPv4 normally they are RFC1918 networks) so OpenBSD send the packets the ‘easy’ route? -Matt — Matt Hamilton Quernus m...@quernus.co.uk +44 117 325 3025 49b Easton Business Centre Felix Road, Easton Bristol, BS5 0HE Quernus Ltd is a company registered in England and Wales. Registered number: 09076246
Re: Recommended miniPCI express wireless module for PC Engines' APU system board?
> I bought this card for my APU: > > http://www.amazon.com/dp/B005HMZ8B2/ > > Has worked great in AP mode. You will need the > bracket to make it full height. When I bought > it, it was $15, too. > > If I remember correctly, it shipped from China or > Tiawan and the estimate was a month, but it > arrived in maybe 10 days. You might want > to try to find one more local, I wasn't able to. So the one you recommend from Amazon got some mediocre reviews and comes from Asia. But it works, good for you, that's a plus. It is also a Qualcomm Atheros, maybe not so dissimilar from the ones PC Engines sells on their site: http://www.pcengines.ch/wle200nx.htm and http://www.pcengines.ch/wle600vx.htm On Amazon there are better reviewed Broadcom and Intel modules, shipping from USA, sold/fulfilled by Amazon, etc. Or who knows, since then PC Engines may offer revised modules which work better. Anyone has any +/- experiences with any of the add-on boards which works (or doesn't work) with the APU boards? Praise or recommend against any particular build? The reason I am so onto this, is, there has been so many posts and threads has been here praising the PC Engines APU boards. I assume quite a few of you use it as a router, given its Ethernet ports. Then, why not add a wireless access point, too? That might be a popular request as well. Wi-Fi is important, but unfortunately it's a hit and miss. Thanks
Re: SR RAID5 rebuild/stability issue.
On Wed, Sep 23, 2015 at 5:27 PM, Joel Singwrote: > RAID5 should work (ignore RAID6 - it is still incomplete) and rebuilding > should be functional: > > http://undeadly.org/cgi?action=article=20150413071009 > > When I reenabled RAID5, I had tested it reasonably as I could, but it still > needs to be put through its paces. How are you offlining the drive? If you're > doing it via bioctl then it will potentially behave differently to a hardware > failure (top down through the bio(4)/softraid(4) driver, instead of bottom up > via the I/O path). If you can dependably reproduce the issue then I would > certainly be interested in tracking down the cause. I'm using bioctl offlining indeed. And yes, the issue is easily duplicable, but it takes time. I'll send you my scripts off-list. Thanks for the note about RAID6.
Re: UEFI boot attempt on AM1 platform with logs (9/16 snapshot)
On Wed, 23 Sep 2015 14:40:52 -0500 Brian Conwaywrote: >> This picture shows >> >> Load address: Loader Data (2) 0xd0 for 4096KB FATAL >> >> This is what I want to know. 0xd0 + 4M is overlapping the kernel >> area. >> >> I think the following diff or >> >> http://yasuoka.net/~yasuoka/BOOTX64.EFI >> (updated) >> >> will fix the problem. > > Great, thanks. I grabbed the updated binary. `machine memory` is > looking better, Thanks. The test code for `machine memory' was removed from that binary.. Sorry. > but no improvement on the boot situation, yet. Umm. I reverted the test code. Can you try "machine memory" with http://yasuoka.net/~yasuoka/BOOTX64.EFI again? This will not fix the problem, but I'd like to verify my assumption is correct. --yasuoka
Re: Recommended miniPCI express wireless module for PC Engines' APU system board?
On 2015-09-23, Adamwrote: >> I bought this card for my APU: >> >> http://www.amazon.com/dp/B005HMZ8B2/ >> >> Has worked great in AP mode. You will need the >> bracket to make it full height. When I bought >> it, it was $15, too. >> >> If I remember correctly, it shipped from China or >> Tiawan and the estimate was a month, but it >> arrived in maybe 10 days. You might want >> to try to find one more local, I wasn't able to. > > So the one you recommend from Amazon got some mediocre reviews and comes from > Asia. But it works, good for you, that's a plus. It is also a Qualcomm > Atheros, maybe not so dissimilar from the ones PC Engines sells on their site: > http://www.pcengines.ch/wle200nx.htm and This one should work ok with athn(4). > http://www.pcengines.ch/wle600vx.htm This is a QCA9882 from the 802.11ac range, on Linux this uses the Ath10k driver. Not yet supported on OpenBSD. > On Amazon there are better reviewed Broadcom and Intel modules, shipping from > USA, sold/fulfilled by Amazon, etc. No HostAP on those. Broadcom is unlikely to work at all (unless it's an old b/g one with certain firmware versions). > Or who knows, since then PC Engines may offer revised modules which work > better. > > Anyone has any +/- experiences with any of the add-on boards which works (or > doesn't work) with the APU boards? Praise or recommend against any particular > build? > > The reason I am so onto this, is, there has been so many posts and threads > has been here praising the PC Engines APU boards. I assume quite a few of you > use it as a router, given its Ethernet ports. Then, why not add a wireless > access point, too? That might be a popular request as well. I like to put my APs in positions that will give good radio coverage, and routers in places where it's easier to run multiple cables to. YMMV, but for me these are rarely in the same place.
Re: rookie questions about flavors
On 2015-09-23, David Dahlbergwrote: > Am Mittwoch, den 23.09.2015, 14:55 +0200 schrieb Thuban: >> >> Is it possible to upgrade from 5.7 yo 5.8 using this flag : >> cvs -d$CVSROOT checkout -rOPENBSD_5_8 -P src > > Er, ay, never done it this way but I should think so, if you do it > carefully. You should follow the instructions on the website > nevertheless. You'll need to follow the parts of faq/current.html up to the 5.8-release cutoff point (indicated in comments in html source), and will also need to build xenocara and packages yourself. I wouldn't recommend it. The clean way is to install 5.7 now, then do an upgrade installation to 5.8 release when available.