lots of states (5.8)

[Tony Sarendal]

Hola amigos,

I'm doing some testing in the lab at the moment and just though I'd share.

pf0.swe69# pfctl -si | grep current
  current entries 50239413
pf0.swe69# vmstat -m | tail -n 1
In use 22035659K, total allocated 5678936K; utilization 388.0%
pf0.swe69#

4 tcpbench sessions through it (450kpps under normal running) :

pf0.swe69# netstat -I trunk0 -w1
trunk in  trunk out  total in  total out
 packets  errs  packets  errs colls   packets  errs  packets  errs colls
28547079349 0 32372963420  2822 0  114224543321 4 101542519853
 6675 0
  407927 0   408373 0 0   1631255 0  1225979 0 0
  413105 0   414141 0 0   1652684 0  1242994 0 0
  404324 0   404859 0 0   1617350 0  1215559 0 0
  408613 0   409500 0 0   1634610 0  1229346 0 0
  406545 0   407357 0 0   1626177 0  1222868 0 0
  412529 0   413248 0 0   1649941 0  1240605 0 0
  406656 0   407405 0 0   1626810 0  1222997 0 0
  411297 0   412122 0 0   1645393 0  1237101 0 0

httperf can maintain a session rate of 650 sessions per second (12k+ under
normal running):

cloud8.swe69$ route -T2 exec httperf --server 10.96.2.24 --uri /1k.bin
--num-conns 25000 --rate 650
httperf --client=0/1 --server=10.96.2.24 --port=80 --uri=/1k.bin --rate=650
--send-buffer=4096 --recv-buffer=16384 --num-conns=25000 --num-calls=1
Maximum connect burst length: 2

Total: connections 25000 requests 25000 replies 25000 test-duration 44.214 s

Connection rate: 565.4 conn/s (1.8 ms/conn, <=381 concurrent connections)
Connection time [ms]: min 190.9 avg 261.3 max 6408.1 median 198.5 stddev
334.3
Connection time [ms]: connect 43.0
Connection length [replies/conn]: 1.000

Request rate: 565.4 req/s (1.8 ms/req)
Request size [B]: 69.0

Reply rate [replies/s]: min 473.8 avg 624.6 max 672.6 stddev 64.4 (8
samples)
Reply time [ms]: response 1.2 transfer 217.1
Reply size [B]: header 211.0 content 1024.0 footer 0.0 (total 1235.0)
Reply status: 1xx=0 2xx=25000 3xx=0 4xx=0 5xx=0

CPU time [s]: user 0.63 system 43.59 (user 1.4% system 98.6% total 100.0%)
Net I/O: 720.0 KB/s (5.9*10^6 bps)

Errors: total 0 client-timo 0 socket-timo 0 connrefused 0 connreset 0
Errors: fd-unavail 0 addrunavail 0 ftab-full 0 other 0



50M+ states and still standing, pretty good I think.

/T



OpenBSD 5.8-stable (GENERIC.MP) #103: Mon May  9 12:15:30 CEST 2016
root@ob2.swe69:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 34300891136 (32711MB)
avail mem = 33257451520 (31716MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xec170 (34 entries)
bios0: vendor American Megatrends Inc. version "3.0" date 04/24/2015
bios0: Supermicro X10SLD
acpi0 at bios0: rev 2
acpi0: sleep states S0 S4 S5
acpi0: tables DSDT FACP APIC FPDT FIDT SSDT SSDT SSDT SSDT MCFG PRAD HPET
SSDT SSDT SPMI DMAR EINJ ERST HEST BERT
acpi0: wakeup devices PEGP(S4) PEG0(S4) PEGP(S4) PEG1(S4) PEGP(S4) PEG2(S4)
PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4)
PXSX(S4) RP05(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU E3-1241 v3 @ 3.50GHz, 3500.61 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT
,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSB
ASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Xeon(R) CPU E3-1241 v3 @ 3.50GHz, 3500.00 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT
,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSB
ASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Xeon(R) CPU E3-1241 v3 @ 3.50GHz, 3500.00 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT
,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSB

Re: tp-link tl-wn722n athn0: could not load firmware

[Mihai Popescu]

> I don't know where the problem is coming from.

I will try to feed it +5Vcc directly from the power supply then :-).
It will be it or motherboard ...

Re: tp-link tl-wn722n athn0: could not load firmware

[Stefan Sperling]

On Mon, May 23, 2016 at 02:46:16PM +0300, Mihai Popescu wrote:
> > I believe this is a power management issue with ehci(4).
> > Your device doesn't get enough juice to power up.
> 
> Hmmm, it is the second Lenovo machine i have with usb issues.
> 
> As far as you can tell, is it because of pure hardware or is it
> because of software drivers?
> 
> Thanks.

I don't know where the problem is coming from.

Re: ntpd: How to make TLS connection via IPv4?

[lists]

> Why don't you use an ipv4 only site for constraints?
> It will probably work.

Another option would be to have -4 and -6 options for the respective
program similar to other clients / servers on dual stacked machines.

This is probably not happening, so use any trick that gets you there.
Another option is to not use constraints, if this has its own quirks.

Fwd: Re: hostname.carp - CARP Bootup Woes Correct layout / format for >=5.9 - man page for hostname.carp

[Philipp Buehler]

just realized I didnt reply to the list so someone could pick up the 
diff for commit consideration


 Originalnachricht 
Betreff: Re: hostname.carp - CARP Bootup Woes Correct layout / format 
for >=5.9 - man page for hostname.carp

Datum: 20.05.2016 17:30
Von: Philipp Buehler 
An: Andy Lemin 

Am 20.05.2016 17:02 schrieb Andy Lemin:
Just if it helps anyone else having similar problems with CARP (was 
hoping
someone would make a comment about the man page for hostname.carp if it 
is

going to be so fussy about the order of parameters).


Thanks for boggling this down. I dont see a need for hostname.carp(5).
Extending the hostname.if(5) would be sufficient. Which by the way gives 
some

subtle clue:
==
Any lines not matching these packed formats are passed
 directly to ifconfig(8).  The packed formats are converted using a
 somewhat inflexible parser and the administrator should not expect 
magic
 -- if in doubt study ifconfig(8) and the per-driver manual pages to 
see

 what arguments are permitted.
==
The driver (carp(4)) manpage isn't much of a clue on positionals, but 
ifconfig(8) is:

==
 ifconfig carp-interface [advbase n] [advskew n] [balancing mode]
  [carpnodes vhid:advskew,vhid:advskew,...] [carpdev iface]
  [[-]carppeer peer_address] [pass passphrase] [state state]
  [vhid host-id]
==
The intermix with inet[6] is a different story..

LSS: An example like there is for a bridge setup in hostname.if(5) would 
be nice.


Shot across:
--- hostname.if.5   Sat Jun  6 15:13:07 2015
+++ hostname.if.5.carpexp   Wed May 11 22:51:32 2016
@@ -282,6 +282,20 @@
 static fxp0 8:0:20:1e:2f:2b
 up# and finally enable it
 .Ed
+.Sh CARP INTERFACE CONFIGURATION
+To enable a
+.Xr carp 4
+interface, the options have to be put in order as described in
+.Xr ifconfig 8 .
+Having a valid carppeer needs to have the inet/inet6 configuration
+first.
+.Pp
+For example:
+.Bd -literal -offset indent
+carpdev ix0 advbase 2 advskew 10 pass carppass vhid 1
+inet 10.2.1.254 255.255.255.0 10.2.1.255
+carppeer 10.2.1.253
+.Ed
 .Sh FILES
 .Bl -tag -width "/etc/hostname.XX"
 .It Pa /etc/hostname.XXX

--
pb

Re: ntpd: How to make TLS connection via IPv4?

[Stefan Wollny]

Am 05/23/16 um 15:50 schrieb Carlin Bingham:
>> My question is: Is it possible to persuade ntpd to make that
>> > connection via IPv4? 'man ntpd.conf' does not mention this. Any other
>> > hint on how to achive this other than remove the "block"-line in pf.conf?
>> > 
> In /etc/resolv.conf, add:
> 
>   family inet4

BINGO!

That was the missing piece of the puzzle! Added it to
'resolv.conf.tail', though.
(Maybe someone with more insight to the issue updates 'man ntpd.conf'
with this info?)

Thanks for your quick reply, Carlin!

Best,
STEFAN

Re: ntpd: How to make TLS connection via IPv4?

[Kapetanakis Giannis]

On 23/05/16 16:30, Stefan Wollny wrote:

Hi there!

I have 2 i386- and 2 amd64-machines, all running ~current. All report in
/var/log/messages lines like the following:

May 23 15:01:57 idefix ntpd[19978]: tls connect failed:
2a00:1450:4005:803::2004 (www.google.com): connect: No route to host

Obviously this is from
constraints from "https://www.google.com;
in /etc/ntpd.conf.

On every machine I have the following line in pf.conf:
block quick inet6 all

I think it is a valid guess that this prevents ntpd to make the
connection. My question is: Is it possible to persuade ntpd to make that
connection via IPv4? 'man ntpd.conf' does not mention this. Any other
hint on how to achive this other than remove the "block"-line in pf.conf?


Why don't you use an ipv4 only site for constraints?
It will probably work.

G

Re: OpenBSD on Mikrotik/RouterBoard hardware ?

[lists]

> My old companion, OpenBSD router/firewall (Intel Atom based and 5 
> Gigabit Intel network interfaces) died 2 weeks ago ... (Really think 
> motherbord is dead :( ).

Quickest choice would be to replicate the updated hardware spec from
last time with newer model optionally better manufacturer motherboard,
better cooling, new PSU, as far as you go with the network cards etc.

> I temporary replaced it by an unused old workstation based on AMD64x2 
> processor, 4GB Ram, and with a (unique) Realtek Gigabit card (I use vlan 
> for routing).
> 
> Installed it with OpenBSD 5.9 amd64, and works pretty well, but seems to 
> be difficult for this hardware to handle load.

Before throwing much more money, consider all aspects of the bottleneck.

> So I try to get a better hardware.
> 
> Context :
> Optic fiber with 200Mbits/s DL, 50Mbits/s UL came to home this week 
> (Tuesday) replacing 2 DSL connections.
> (that I keep for now : network throughput is somewhat ridiculous 
> compared to Optic fiber, but stability is really great : being an 
> homeworker, Internet uptime is a prime goal, despite the throughput).
> 
> About 20 VLAN to handle ... and for most of them, PF rules apply.
> 
> Compared to delivered "router" from ISP (SFR in France, "NB6V box" for 
> those who know this provider), this temporary "router" seems to lack of 
> CPU/network interrupts while downloading at high speed (above 10 
> MBytes/s) on WAN.

As you observed it is not fair to compare a minimal distribution on a
resource constrained embedded box, it is just a different device for
user convenience to get you started, mostly as a proof of concept ;-)

> ping on other hosts drastically increases (+50~200ms based from 4~10 ms 
> when link is not heavily used) while OpenBSD tries to route/firewall/nat 
> the WAN traffic.

This may be as simple as prioritising your return packets as intended.

> I already used Routerboards/RouterOS for several customers : works 
> pretty great while using high throughput Internet connections. 
> Customer's need is achieved for all cases, but the inside RouterOS 
> doesn't feat my needs. (IPv6 policy based routing, and IPv6 NPT for 
> instance).
> 
> About hardware :
> RB2011 (XXX) or RB3011 (XXX) can, I think, match my needs.

Inexpensive ubiquitous x86 systems can do much more for the cost range.
The difference is that in one case you get the optimisation pre-applied
with the device operating system in a convenient GUIsh style, while the
latter requires more insight but gives you more options in the long run.

There is absolutely incomparably more you can do better with a more
powerful hardware platform system and with better software toolkit.

> About software :
> OpenBSD stands out for a while for being my privileged OS for a 
> router/firewall, and clearly feats my needs while it's simple to handle 
> some particular cases ... (compared to a Linux based router for instance).

> If not, what's the best hardware you know to operate an OpenBSD router 
> with high throughput networks and many (about 450~500, including 
> bridge/tag rules) PF rules ?

This is up to you, the platforms listed on the main page say it all:

OpenBSD Platforms
[http://www.openbsd.org/plat.html]

> Best CPU, best known network driver (handling inside hardware 
> implementations), and so on ...

The interesting part of the question, success stories from the field.

Re: ntpd: How to make TLS connection via IPv4?

[Carlin Bingham]

On Mon, May 23, 2016 at 03:30:35PM +0200, Stefan Wollny wrote:
> Hi there!
> 
> I have 2 i386- and 2 amd64-machines, all running ~current. All report in
> /var/log/messages lines like the following:
> 
> May 23 15:01:57 idefix ntpd[19978]: tls connect failed:
> 2a00:1450:4005:803::2004 (www.google.com): connect: No route to host
> 
> Obviously this is from
>   constraints from "https://www.google.com;
> in /etc/ntpd.conf.
> 
> On every machine I have the following line in pf.conf:
>   block quick inet6 all
> 
> I think it is a valid guess that this prevents ntpd to make the
> connection. My question is: Is it possible to persuade ntpd to make that
> connection via IPv4? 'man ntpd.conf' does not mention this. Any other
> hint on how to achive this other than remove the "block"-line in pf.conf?
> 

In /etc/resolv.conf, add:

family inet4

--
Carlin 

ntpd: How to make TLS connection via IPv4?

[Stefan Wollny]

Hi there!

I have 2 i386- and 2 amd64-machines, all running ~current. All report in
/var/log/messages lines like the following:

May 23 15:01:57 idefix ntpd[19978]: tls connect failed:
2a00:1450:4005:803::2004 (www.google.com): connect: No route to host

Obviously this is from
constraints from "https://www.google.com;
in /etc/ntpd.conf.

On every machine I have the following line in pf.conf:
block quick inet6 all

I think it is a valid guess that this prevents ntpd to make the
connection. My question is: Is it possible to persuade ntpd to make that
connection via IPv4? 'man ntpd.conf' does not mention this. Any other
hint on how to achive this other than remove the "block"-line in pf.conf?

Additional info: One of the i386 acts as proxy (squid + privoxy) for the
others (not inline, not transparent), but can be passed by. This machine
could as well be a central ntp-server for my little network.

TIA.

Best,
STEFAN

~~
/etc/ntpd.conf
~~
listen on *
servers pool.ntp.org
sensor *
constraints from "https://www.google.com;



~~
dmesg
~~
OpenBSD 6.0-beta (GENERIC.MP) #2100: Sat May 21 21:00:16 MDT 2016
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17082359808 (16291MB)
avail mem = 16560041984 (15792MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xeb500 (35 entries)
bios0: vendor American Megatrends Inc. version "1.05.01" date 08/05/2015
bios0: Notebook W65_67SZ
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT ASF! SSDT SSDT SSDT MCFG HPET SSDT
SSDT SSDT DMAR
acpi0: wakeup devices PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4)
RP03(S4) PXSX(S4) RP04(S4) RLAN(S4) PXSX(S4) RP05(S4) PXSX(S4) RP06(S4)
PXSX(S4) RP07(S4) PXSX(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-4210M CPU @ 2.60GHz, 3093.25 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i5-4210M CPU @ 2.60GHz, 3092.83 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 1 (application processor)
cpu2: Intel(R) Core(TM) i5-4210M CPU @ 2.60GHz, 3092.83 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 1, core 0, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) i5-4210M CPU @ 2.60GHz, 3092.83 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,PERF,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xf800, bus 0-63
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 2 (RP01)
acpiprt2 at acpi0: bus 3 (RP03)
acpiprt3 at acpi0: bus 4 (RP04)
acpiprt4 at acpi0: bus 1 (P0P2)
acpiprt5 at acpi0: bus -1 (P0PA)
acpiprt6 at acpi0: bus -1 (P0PB)
acpiprt7 at acpi0: bus 1 (PEG0)
acpiec0 at acpi0
acpicpu0 at acpi0: C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS
acpicpu1 at acpi0: C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS
acpicpu2 at acpi0: C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS
acpicpu3 at acpi0: C2(200@148 mwait.1@0x33), C1(1000@1 mwait.1), PSS
acpitz0 at acpi0: critical temperature is 120 degC
"INT3F0D" at acpi0 not configured
"MSFT0001" at acpi0 not 

Re: tp-link tl-wn722n athn0: could not load firmware

[Mihai Popescu]

> I believe this is a power management issue with ehci(4).
> Your device doesn't get enough juice to power up.

Hmmm, it is the second Lenovo machine i have with usb issues.

As far as you can tell, is it because of pure hardware or is it
because of software drivers?

Thanks.

Re: tp-link tl-wn722n athn0: could not load firmware

[Stefan Sperling]

On Mon, May 23, 2016 at 12:49:56PM +0300, Mihai Popescu wrote:
> Hello,
> 
> I have this usb2.0 dongle, TP-LINK TL-WN722N wireless device. I've got
> it after I installed OpenBSD so I have run fw_update -a for firmware.
> Still I get this error athn0: could not load firmware after plugin.
> The manual page says it should be an error number in message, but it
> is not.
> 
> Wiki chipset page says it contains Atheros AR9002U as a chipset and
> AR9271 as a wireless chipset. The manual says support exists for
> AR9271, but AR9002U is not mentioned. The device shows in pictures
> only one chip marked AR9271.
> In one CVS message back in 2010 by Daniel Bergamini, it says AR9002U
> is supported along many others.
> Should I consider it as non supported, please?
> 
> Thanks

I believe this is a power management issue with ehci(4).
Your device doesn't get enough juice to power up.
See http://marc.info/?l=openbsd-tech=143645936727569=2

The device will probably work just fine on a different machine.

tp-link tl-wn722n athn0: could not load firmware

[Mihai Popescu]

Hello,

I have this usb2.0 dongle, TP-LINK TL-WN722N wireless device. I've got
it after I installed OpenBSD so I have run fw_update -a for firmware.
Still I get this error athn0: could not load firmware after plugin.
The manual page says it should be an error number in message, but it
is not.

Wiki chipset page says it contains Atheros AR9002U as a chipset and
AR9271 as a wireless chipset. The manual says support exists for
AR9271, but AR9002U is not mentioned. The device shows in pictures
only one chip marked AR9271.
In one CVS message back in 2010 by Daniel Bergamini, it says AR9002U
is supported along many others.
Should I consider it as non supported, please?

Thanks

dmesg & usbdev

OpenBSD 5.9-current (GENERIC.MP) #2005: Thu May  5 18:04:12 MDT 2016
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8029429760 (7657MB)
avail mem = 7781482496 (7421MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xeebc0 (57 entries)
bios0: vendor LENOVO version "9VKT33AUS" date 09/11/2013
bios0: LENOVO 1990RZ2
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC TCPA MCFG SLIC MCFG HPET SSDT
acpi0: wakeup devices PCE2(S4) PCE3(S4) PCE4(S4) PCE5(S4) PCE6(S4)
PCE7(S4) PCE9(S4) PCEA(S4) PCEB(S4) PCEC(S4) SBAZ(S4) PS2K(S3)
PS2M(S3) P0PC(S4) PE20(S4) PE21(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Athlon(tm) II X2 B26 Processor, 3194.52 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,NODEID,ITSC
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB
64b/line 16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative
cpu0: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative
cpu0: AMD erratum 721 detected and fixed
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 199MHz
cpu0: mwait min=64, max=64, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD Athlon(tm) II X2 B26 Processor, 3192.01 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,MWAIT,CX16,POPCNT,NXE,MMXX,FFXSR,PAGE1GB,LONG,3DNOW2,3DNOW,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,NODEID,ITSC
cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB
64b/line 16-way L2 cache
cpu1: ITLB 32 4KB entries fully associative, 16 4MB entries fully associative
cpu1: DTLB 48 4KB entries fully associative, 48 4MB entries fully associative
cpu1: AMD erratum 721 detected and fixed
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 3 pa 0xfec0, version 21, 24 pins
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpimcfg1 at acpi0 addr 0xe000, bus 0-255
acpihpet0 at acpi0: 14318180 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (P0P1)
acpiprt2 at acpi0: bus -1 (PCE2)
acpiprt3 at acpi0: bus -1 (PCE3)
acpiprt4 at acpi0: bus -1 (PCE4)
acpiprt5 at acpi0: bus -1 (PCE5)
acpiprt6 at acpi0: bus -1 (PCE6)
acpiprt7 at acpi0: bus -1 (PCE7)
acpiprt8 at acpi0: bus -1 (PCE9)
acpiprt9 at acpi0: bus -1 (PCEA)
acpiprt10 at acpi0: bus 2 (P0PC)
acpiprt11 at acpi0: bus 3 (PE20)
acpiprt12 at acpi0: bus -1 (PE21)
acpiprt13 at acpi0: bus -1 (PE22)
acpiprt14 at acpi0: bus 4 (PE23)
acpicpu0 at acpi0: C1(@1 halt!), PSS
acpicpu1 at acpi0: C1(@1 halt!), PSS
"PNP0501" at acpi0 not configured
"PNP0C31" at acpi0 not configured
acpibtn0 at acpi0: PWRB
cpu0: 3194 MHz: speeds: 3200 2500 1900 800 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "AMD RS880 Host" rev 0x00
ppb0 at pci0 dev 1 function 0 unknown vendor 0x17aa product 0x9602 rev 0x00
pci1 at ppb0 bus 1
radeondrm0 at pci1 dev 5 function 0 "ATI Radeon HD 4250" rev 0x00
drm0 at radeondrm0
radeondrm0: apic 3 int 18
ahci0 at pci0 dev 17 function 0 "ATI SBx00 SATA" rev 0x00: apic 3 int
19, AHCI 1.2
ahci0: port 0: 3.0Gb/s
ahci0: port 1: 1.5Gb/s
scsibus1 at ahci0: 32 targets
sd0 at scsibus1 targ 0 lun 0:  SCSI3
0/direct fixed naa.50014ee1018094dc
sd0: 305245MB, 512 bytes/sector, 625142448 sectors
cd0 at scsibus1 targ 1 lun 0:  ATAPI
5/cdrom removable
ohci0 at pci0 dev 18 function 0 "ATI SB700 USB" rev 0x00: apic 3 int
18, version 1.0, legacy support
ehci0 at pci0 dev 18 function 2 "ATI SB700 USB2" rev 0x00: apic 3 int 17
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "ATI EHCI root hub" rev 2.00/1.00 addr 1
ohci1 at pci0 dev 19 function 0 "ATI SB700 USB" rev 0x00: apic 3 int
18, version 1.0, legacy support
ehci1 at pci0 dev 19 function 2 "ATI SB700 USB2" rev 0x00: apic 3 int 17
usb1 at ehci1: USB revision 2.0

Re: OpenBSD on Mikrotik/RouterBoard hardware ?

[Michał Markowski]

2016-05-22 15:18 GMT+02:00 Stuart Henderson :
> I don't think MikroTik have any ARM boxes.

http://routerboard.com/RB3011UiAS-RM



--
Michał Markowski

Re: Secure PKG_PATH for doas

[Alexander Hall]

On May 19, 2016 12:49:25 AM GMT+02:00, Igor Mironov  
wrote:
>The packages and ports' FAQ mentions that those using doas need to pass
>keepenv { PKG_PATH } in the config file. Is there a way to instruct
>doas to take PKG_PATH (or another variable) from the target account's
>environment (~/.profile)?

As pointed out, $PKG_PATH might not be the solution, but

$ doas env PKG_PATH="$PKG_PATH" pkg_add ... 

Would work for you, unless you want to restrict doas to a certain command. Not 
that it matters much if you'd allow any custom PKG_PATH anyway. 

/Alexander 


/Alexander 

Re: is my dns server/ routing borked??, i could need some advice

[lists]

> >  For some reasons, i notice that i am not able to access some website in
> >  the first 10 minutes when i have my machine turned on.  
> > >>>
> > >>> If you have a broadband on premises equipment like a converter, modem,
> > >>> router, switch etc, you may consider replacing these, as with age some
> > >>> of them degrade (in capacitors, solder joints, jacks) and such devices
> > >>> have trouble working reliably until it warms up (or when they overheat).
> > >>>
> > >>> To report further details to the list, please start a new empty 
> > >>> message.  
> > >>
> > >> Well,the modem hardware is new.
> > >> my switches are ok, i have a local server that is up for 24/7, en even
> > >> that machine is loosing contact to the website.
> > > 
> > > So you're absolutely sure the hardware environment is fine.  There are
> > > two important tactics to employ then in troubleshooting.  First one is
> > > to bypass every equipment and connect the troubleshooting device direct
> > > to the upstream connection.  Then ensure you have full connectivity and
> > > move down the line to the point you find your issue.  You would follow
> > > this with the second tactic, drop the configuration from zero and make
> > > sure you have working connectivity and then start adding each piece of
> > > the software set up, until you find the part that generates the issues.
> > > 
> > >> it is pure a dns isue, but what i can resolv, i rewrote the complete
> > >> named stuff, added even the DNS server pool from that website, heck,
> > >> still no result...
> > > 
> > > Try unbound / nsd and see if this gives you a different result.  It is
> > > often just such a simple common issue, that it's hidden in plain sight.
> > > 
> > > Once you have found it, please report to the list your process+results.  
> > 
> > This gonna be fun for me.
> > But i will do it.  
> 
> I know very well what you mean.  Then, if you want to cut time short,
> you can preemptively start looking direct into the suspected trouble
> zone, either hardware, equipment configuration and/or software set up.
> 
> With this second approach, you can ask a direct question once you find
> the point of hesitation and/or concern.  Just walking the trouble path
> is often enough to get you out of the "unseeing" mode and find it quick.

One more important thing, if you are using the ISP provided name servers
or name service from the broadband equipment (duh), you can bypass these
and use own local direct resolving recursive name server on your gateway.

Re: is my dns server/ routing borked??, i could need some advice

[Ton Muller]

On 23-5-2016 8:10, li...@wrant.com wrote:
> Mon, 23 May 2016 07:40:27 +0200 Ton Muller 
>> On 22-5-2016 15:45, li...@wrant.com wrote:
>>> Sun, 22 May 2016 10:42:52 +0200 Ton Muller   

 For some reasons, i notice that i am not able to access some website in
 the first 10 minutes when i have my machine turned on.  
>>>
>>> If you have a broadband on premises equipment like a converter, modem,
>>> router, switch etc, you may consider replacing these, as with age some
>>> of them degrade (in capacitors, solder joints, jacks) and such devices
>>> have trouble working reliably until it warms up (or when they overheat).
>>>
>>> To report further details to the list, please start a new empty message.
>>>
>>> Regards,
>>> Anton
>>>   
>>
>> Well,the modem hardware is new.
>> my switches are ok, i have a local server that is up for 24/7, en even
>> that machine is loosing contact to the website.
> 
> So you're absolutely sure the hardware environment is fine.  There are
> two important tactics to employ then in troubleshooting.  First one is
> to bypass every equipment and connect the troubleshooting device direct
> to the upstream connection.  Then ensure you have full connectivity and
> move down the line to the point you find your issue.  You would follow
> this with the second tactic, drop the configuration from zero and make
> sure you have working connectivity and then start adding each piece of
> the software set up, until you find the part that generates the issues.
> 
>> it is pure a dns isue, but what i can resolv, i rewrote the complete
>> named stuff, added even the DNS server pool from that website, heck,
>> still no result...
> 
> Try unbound / nsd and see if this gives you a different result.  It is
> often just such a simple common issue, that it's hidden in plain sight.
> 
> Once you have found it, please report to the list your process+results.
> 

This gonna be fun for me.
But i will do it.


Tony...

Re: is my dns server/ routing borked??, i could need some advice

[lists]

Mon, 23 May 2016 07:40:27 +0200 Ton Muller 
> On 22-5-2016 15:45, li...@wrant.com wrote:
> > Sun, 22 May 2016 10:42:52 +0200 Ton Muller   
> >>
> >> For some reasons, i notice that i am not able to access some website in
> >> the first 10 minutes when i have my machine turned on.  
> > 
> > If you have a broadband on premises equipment like a converter, modem,
> > router, switch etc, you may consider replacing these, as with age some
> > of them degrade (in capacitors, solder joints, jacks) and such devices
> > have trouble working reliably until it warms up (or when they overheat).
> > 
> > To report further details to the list, please start a new empty message.
> > 
> > Regards,
> > Anton
> >   
> 
> Well,the modem hardware is new.
> my switches are ok, i have a local server that is up for 24/7, en even
> that machine is loosing contact to the website.

So you're absolutely sure the hardware environment is fine.  There are
two important tactics to employ then in troubleshooting.  First one is
to bypass every equipment and connect the troubleshooting device direct
to the upstream connection.  Then ensure you have full connectivity and
move down the line to the point you find your issue.  You would follow
this with the second tactic, drop the configuration from zero and make
sure you have working connectivity and then start adding each piece of
the software set up, until you find the part that generates the issues.

> it is pure a dns isue, but what i can resolv, i rewrote the complete
> named stuff, added even the DNS server pool from that website, heck,
> still no result...

Try unbound / nsd and see if this gives you a different result.  It is
often just such a simple common issue, that it's hidden in plain sight.

Once you have found it, please report to the list your process+results.