Re: 802.11n MIMO support in -current

[Scott Bonds]

wow, that's awesome!
I've been rocking a athn lately but I'll swap back to iwm to help test

On 12/10, Stefan Sperling wrote:

The net80211 stack and iwm(4) driver now support MIMO in -current.

In my own testing, things work just fine. But I have gotten used
to breaking other people's wifi without being aware of it.
So please test -current and let me know about any regressions.

Because iwm(4) devices have 2 antennas MCS 15 is the maximum Tx rate
the hardware will support. Support for 40MHz channels and Tx aggregation
are left for future work.

I owe several people attribution:

This work would have been impossible without the help from Theo Buehler (tb@).
He made significant contributions to the implementation of a new rate
scaling algorithm which supports MIMO.

Thanks to the researchers who released the MiRA paper to the internet.
I have studied a dozen papers or so, and eventually decided to implement
this one because it was the only paper which documented enough details
and which didn't impose impractical requirements.

Genua GmbH has funded most of the time I spent working on this project.
Without this kind of support I would not have attempted this project.

Re: Bizarre arp entry corruption

[Joe Holden]

On 10/12/2016 08:43, Mihai Popescu wrote:

seeing some bizarre behaviour on one box, on one specific interface:


Hello,

This looks like some stupid TV game, where contesters are given some
clues from time to time and they have to guess what is the real shit.

Do post your FULL dmesg and configurations for network if you really
want someone to even think at your issue. Isn't that obvious?

Bye!



Appreciate the useless response (but still better than nothing!), the 
affected box has since been reverted to older snapshot and thus no more 
debugging can be done - someone else will have to do it.


Not that dmesg is even relevant since it is a userland bug not a kernel 
problem but anyway:


OpenBSD 6.0-current (GENERIC.MP) #19: Wed Dec  7 12:07:13 MST 2016
bu...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4273471488 (4075MB)
avail mem = 4139397120 (3947MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.6 @ 0x9d000 (74 entries)
bios0: vendor American Megatrends Inc. version "1ADQW068" date 11/16/2010
bios0: Sun Microsystems SUN FIRE X4150
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S5
acpi0: tables DSDT FACP APIC SPCR MCFG SSDT OEMB HPET EINJ BERT ERST HEST
acpi0: wakeup devices SPE4(S1) SPE2(S1) SPE1(S1) P8PC(S1) P0P1(S1) 
UAR1(S1) P0P5(S1) P0P6(S1) P0P7(S1) NPE4(S1) NPE5(S1) NPE6(S1) NPE7(S1) 
USB0(S1) USB1(S1) USB2(S1) [...]

acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU E5450 @ 3.00GHz, 4189.89 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,XSAVE,LONG,LAHF,PERF,SENSOR

cpu0: 6MB 64b/line 16-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 7 var ranges, 88 fixed ranges
cpu0: apic clock running at 332MHz
cpu0: mwait min=64, max=64, C-substates=0.2.2.2, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Xeon(R) CPU E5450 @ 3.00GHz, 2992.51 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,XSAVE,LONG,LAHF,PERF,SENSOR

cpu1: 6MB 64b/line 16-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Xeon(R) CPU E5450 @ 3.00GHz, 2992.51 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,XSAVE,LONG,LAHF,PERF,SENSOR

cpu2: 6MB 64b/line 16-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Xeon(R) CPU E5450 @ 3.00GHz, 2992.52 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,DCA,SSE4.1,XSAVE,LONG,LAHF,PERF,SENSOR

cpu3: 6MB 64b/line 16-way L2 cache
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 4 pa 0xfec0, version 20, 24 pins
ioapic1 at mainbus0: apid 5 pa 0xfec8, version 20, 24 pins
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (NPES)
acpiprt2 at acpi0: bus 2 (SPE4)
acpiprt3 at acpi0: bus -1 (SPE2)
acpiprt4 at acpi0: bus 3 (SPE1)
acpiprt5 at acpi0: bus 4 (P8PC)
acpiprt6 at acpi0: bus 15 (P0P1)
acpiprt7 at acpi0: bus -1 (P0P5)
acpiprt8 at acpi0: bus -1 (P0P6)
acpiprt9 at acpi0: bus -1 (P0P7)
acpiprt10 at acpi0: bus 7 (NPE4)
acpiprt11 at acpi0: bus 11 (NPE5)
acpiprt12 at acpi0: bus 12 (NPE6)
acpiprt13 at acpi0: bus 13 (NPE7)
acpiprt14 at acpi0: bus 14 (P0P4)
acpiprt15 at acpi0: bus -1 (BR1E)
acpicpu0 at acpi0: C1(@1 halt!)
acpicpu1 at acpi0: C1(@1 halt!)
acpicpu2 at acpi0: C1(@1 halt!)
acpicpu3 at acpi0: C1(@1 halt!)
"PNP0501" at acpi0 not configured
"PNP0501" at acpi0 not configured
acpibtn0 at acpi0: PWRB
"IPI0001" at acpi0 not configured
ipmi at mainbus0 not configured
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 5000P Host" rev 0xb1
ppb0 at pci0 dev 2 function 0 "Intel 5000 PCIE" rev 0xb1
pci1 at ppb0 bus 1
ppb1 at pci1 dev 0 function 0 "Intel 6321ESB PCIE" rev 0x01
pci2 at ppb1 bus 2
ppb2 at pci2 dev 0 function 0 "Intel 6321ESB PCIE" rev 0x01
pci3 at ppb2 bus 3
ppb3 at pci2 dev 2 function 0 "Intel 6321ESB PCIE" rev 0x01
pci4 at ppb3 bus 4
em0 at pci4 dev 0 function 0 "Intel 80003ES2" rev 0x01: msi, address 
00:23:8b:57:b4:9e
em1 at pci4 dev 0 function 1 "Intel 80003ES2" rev 0x01: msi, address 
00:23:8b:57:b4:9f

ppb4 at pci1 dev 0 function 3 "Intel 6321ESB PCIE-PCIX" rev 0x01
pci5 at ppb4 bus 5
ppb5 at pci0 dev 3 function 0 "Intel 5000 PCIE" rev 0xb1
pci6 at ppb5 bus 6

Re: SSL/TLS troubleshooting

[Christian Schulte]

Am 12/10/16 um 22:57 schrieb Peter Hessler:
> On 2016 Dec 10 (Sat) at 22:56:05 +0100 (+0100), Christian Schulte wrote:
> :$ uname -a
> :OpenBSD t60.schulte.it 6.0 1KHZ.MP#7 amd64
> 
> You broke it.  Please use a GENERIC kernel, and it will work as normal.
> 

This is what I did using a recent source tree:

$ cd /usr/src/sys/arch/amd64/conf
$ config GENERIC.MP
$ cd /usr/src/sys/arch/amd64/compile/GENERIC.MP
$ make
$ make install
$ reboot

$ uname -a
OpenBSD t60.schulte.it 6.0 GENERIC.MP#2 amd64

$ cd /usr/src/lib/libssl
$ make clean
$ make obj
$ make depend
$ make
$ make install
$ cd /usr/src/lib/libcrypto
$ make clean
$ make obj
$ make depend
$ make
$ make install

This does not solve the issue, sadly.

Regards,
-- 
Christian

Re: SSL/TLS troubleshooting

[Christian Schulte]

Am 12/10/16 um 22:57 schrieb Peter Hessler:
> On 2016 Dec 10 (Sat) at 22:56:05 +0100 (+0100), Christian Schulte wrote:
> :$ uname -a
> :OpenBSD t60.schulte.it 6.0 1KHZ.MP#7 amd64
> 
> You broke it.  Please use a GENERIC kernel, and it will work as normal.
> 

This is the configuration in use. Do you really think that HZ=1000 is
causing this? Will give GENERIC.MP a try, of course.

$cat 1KHZ.MP
#   $OpenBSD: GENERIC.MP,v 1.10 2008/12/22 16:35:28 deraadt Exp $

include "arch/amd64/conf/GENERIC"

option  MULTIPROCESSOR
option  HZ=1000
option  BUFCACHEPERCENT=5
rmoptionPOOL_DEBUG
makeoptions DEBUG="-g"
cpu*at mainbus?

Thanks,
-- 
Christian

Re: SSL/TLS troubleshooting

[Christian Schulte]

Am 12/10/16 um 23:28 schrieb Karel Gardas:
> On Sat, Dec 10, 2016 at 10:56 PM, Christian Schulte  wrote:
>> It's 
>>
>> Operation timed out. Connections are very slow. Too slow so that they
> 
> Not sure about the issue, but I've seen that last night too. Generally
> speaking there were too high number of lost packets which made TCP
> slow to crawl or broken. It stayed around 2-3 hours and then suddenly
> resolved. And I was accessing this from Ubuntu 16.04.1 if that matters
> 

Never disappears here. I'd really like to know why I can access that
without any issue using Windows 10 but start running into issues when
using OpenBSD. I also doubt this is affecting OpenBSD users only.

Regards,
-- 
Christian

Re: SSL/TLS troubleshooting

[Karel Gardas]

On Sat, Dec 10, 2016 at 10:56 PM, Christian Schulte  wrote:
> It's 
>
> Operation timed out. Connections are very slow. Too slow so that they

Not sure about the issue, but I've seen that last night too. Generally
speaking there were too high number of lost packets which made TCP
slow to crawl or broken. It stayed around 2-3 hours and then suddenly
resolved. And I was accessing this from Ubuntu 16.04.1 if that matters

Re: SSL/TLS troubleshooting

[Peter Hessler]

On 2016 Dec 10 (Sat) at 22:56:05 +0100 (+0100), Christian Schulte wrote:
:$ uname -a
:OpenBSD t60.schulte.it 6.0 1KHZ.MP#7 amd64

You broke it.  Please use a GENERIC kernel, and it will work as normal.

Re: SSL/TLS troubleshooting

[Christian Schulte]

Am 12/10/16 um 21:43 schrieb Kai:
> Am 10. Dezember 2016 21:35:04 MEZ, schrieb Christian Schulte 
> :
>> Hello,
>>
>> I am facing an issue accessing an SSL/TLS webserver from OpenBSD. I
>> have
>> another box not running OpenBSD connected to the same router and that
>> box can connect to that server flawlessly. I already tried to
>> troubleshoot things with the administrator of that system without
>> success. Is there something I need to be aware of accessing SSL/TLS
>> (https) servers with OpenBSD? How can I capture information I can send
>> to the administrator of that system to help him/her find out what is
>> special about connections coming from OpenBSD?
>>
>> Regards,
> 
> I doubt this is special to OpenBSD. But you don't give any information to pin
> point this. What error do you get? 
> What tls version does the server offer?

It's 

Operation timed out. Connections are very slow. Too slow so that they
time out. Does not happen using that other box ever. So there is a
difference accessing that server from OpenBSD (tested with Java, Firefox
and Chromium) and from that other box. I am not having any issues
accessing other servers. I created a ticket with them already.



> What version is supported by your installation?
> 
> Are you using a current version of OpenBSD?

$ uname -a
OpenBSD t60.schulte.it 6.0 1KHZ.MP#7 amd64

Thanks,
-- 
Christian

Re: em(4) watchdog timeotu on current/amd64

[Adam Wolk]

On Wed, Dec 07, 2016 at 10:11:44AM -0700, johnwixard wrote:
> I am having the same problem, did you solve it?
> 
> /john
> 
> 
> 
> --
> View this message in context: 
> http://openbsd-archive.7691.n7.nabble.com/em-4-watchdog-timeotu-on-current-amd64-tp305845p309482.html
> Sent from the openbsd user - misc mailing list archive at Nabble.com.
> 

Unfoutnately I don't have any em(4) devices but I think the first step to 
diagnose
this would be to enable debugging output for the em driver.

Init is called from the watchdog handler so this *could* show how far it's
getting to. It would also be nice to know if both of you experienced this issue
before (older snaps). The last change to that driver was in October and there 
was a bunch
earlier this year.

Index: if_em.h
===
RCS file: /cvs/src/sys/dev/pci/if_em.h,v
retrieving revision 1.73
diff -u -p -r1.73 if_em.h
--- if_em.h 27 Oct 2016 03:06:53 -  1.73
+++ if_em.h 10 Dec 2016 21:00:57 -
@@ -243,7 +243,7 @@ typedef int boolean_t;
 #define SPEED_MODE_BIT (1<<21) /* On PCI-E MACs only */

 /* Defines for printing debug information */
-#define DEBUG_INIT 0
+#define DEBUG_INIT 1
 #define DEBUG_IOCTL0
 #define DEBUG_HW   0

Re: SSL/TLS troubleshooting

[Kai]

Am 10. Dezember 2016 21:35:04 MEZ, schrieb Christian Schulte :
>Hello,
>
>I am facing an issue accessing an SSL/TLS webserver from OpenBSD. I
>have
>another box not running OpenBSD connected to the same router and that
>box can connect to that server flawlessly. I already tried to
>troubleshoot things with the administrator of that system without
>success. Is there something I need to be aware of accessing SSL/TLS
>(https) servers with OpenBSD? How can I capture information I can send
>to the administrator of that system to help him/her find out what is
>special about connections coming from OpenBSD?
>
>Regards,

I doubt this is special to OpenBSD. But you don't give any information to pin
point this. What error do you get? What tls version does the server offer?
What version is supported by your installation?

Are you using a current version of OpenBSD?

Regards

SSL/TLS troubleshooting

[Christian Schulte]

Hello,

I am facing an issue accessing an SSL/TLS webserver from OpenBSD. I have
another box not running OpenBSD connected to the same router and that
box can connect to that server flawlessly. I already tried to
troubleshoot things with the administrator of that system without
success. Is there something I need to be aware of accessing SSL/TLS
(https) servers with OpenBSD? How can I capture information I can send
to the administrator of that system to help him/her find out what is
special about connections coming from OpenBSD?

Regards,
-- 
Christian

Re: IP Forwarding is not working?

[trondd]

On Fri, December 9, 2016 2:24 pm, é*·è*´å¼º wrote:
> Hi, I donâ**t really think ip forwarding is broken either as I can still
> access the Internet.
>
> # ifconfig
> lo0: flags=8049 mtu 32768
>index 6 priority 0 llprio 3
>groups: lo
>inet6 ::1 prefixlen 128
>inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
>inet 127.0.0.1 netmask 0xff00
> em0: flags=8843 mtu 1500
>lladdr 1a:cc:00:12:b1:9c
>index 1 priority 0 llprio 3
>media: Ethernet autoselect (100baseTX full-duplex)
>status: active
>inet 192.168.244.1 netmask 0xff00 broadcast 192.168.244.255
> em1: flags=8843 mtu 1500
>lladdr 1a:cc:00:12:b1:9d
>index 2 priority 0 llprio 3
>media: Ethernet autoselect (100baseTX full-duplex)
>status: active
>inet 192.168.1.1 netmask 0xff00 broadcast 192.168.1.255
> em2: flags=8843 mtu 1500
>lladdr 1a:cc:00:12:b1:9e
>index 3 priority 0 llprio 3
>media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
>status: active
>inet 192.168.2.1 netmask 0xff00 broadcast 192.168.2.255
> em3: flags=8843 mtu 1500
>lladdr 1a:cc:00:12:b1:9f
>index 4 priority 0 llprio 3
>media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause)
>status: active
>inet 192.168.3.1 netmask 0xff00 broadcast 192.168.3.255
> enc0: flags=0<>
>index 5 priority 0 llprio 3
>groups: enc
>status: active
> pppoe0: flags=8851 mtu 1492
>index 7 priority 0 llprio 3
>dev: em0 state: session
>sid: 0x69cc PADI retries: 15 PADR retries: 0 time: 4d 13:55:21
>sppp: phase network authproto pap authname "lan1201210025"
>groups: pppoe egress
>status: active
>inet 27.9.22.243 --> 27.9.20.1 netmask 0x
> pflog0: flags=141 mtu 33144
>index 8 priority 0 llprio 3
>groups: pflog
>
> # cat /etc/pf.conf
> #   $OpenBSD: pf.conf,v 1.54 2014/08/23 05:49:42 deraadt Exp $
> #
> # See pf.conf(5) and /etc/examples/pf.conf
>
> set skip on lo
>
> block return# block stateless traffic
> pass# establish keep-state
>
> # By default, do not permit remote connections to X11
> block return in on ! lo0 proto tcp to port 6000:6010
>
> pass out on egress from !(egress:network) to any nat-to (egress)
>

You're probably matching on the nat-to rule even when going from LAN to
LAN.  It reads like this:  Pass out on your internet interface from not
the internet to anywhere (the internet or even the LAN) and NAT it out the
internet interface.

You can't get to your LAN from the internet interface.  You need to
exclude the LAN networks from 'any' or add additional rules to match when
going LAN to LAN.

802.11n MIMO support in -current

[Stefan Sperling]

The net80211 stack and iwm(4) driver now support MIMO in -current.

In my own testing, things work just fine. But I have gotten used
to breaking other people's wifi without being aware of it.
So please test -current and let me know about any regressions.

Because iwm(4) devices have 2 antennas MCS 15 is the maximum Tx rate
the hardware will support. Support for 40MHz channels and Tx aggregation
are left for future work.

I owe several people attribution:

This work would have been impossible without the help from Theo Buehler (tb@).
He made significant contributions to the implementation of a new rate
scaling algorithm which supports MIMO. 

Thanks to the researchers who released the MiRA paper to the internet.
I have studied a dozen papers or so, and eventually decided to implement
this one because it was the only paper which documented enough details
and which didn't impose impractical requirements.

Genua GmbH has funded most of the time I spent working on this project.
Without this kind of support I would not have attempted this project.

Re: IP Forwarding is not working?

[雷致强]

Hello,

It turns out this only happens when I assign IPs to em1, em2 and em3 directly.
After I bridged them with different virtual ethernets, everything works fine.
Can anybody tell me why? Thanks!

> On 10 Dec 2016, at 2:21 PM, 雷致强  wrote:
>
> en0 en2 and en3 are on my Mac, which is ok, the IP it is assigned is
192.168.3.32 (en1). My problem is that I cannot ping 192.168.1.1 (em1),
192.168.2.1 (em2) yet I can ping 192.168.3.1 (em3, the NIC my Mac is
connecting to) and I can access the Internet. Moreover, all the devices cannot
access the devices on other LANs.
>
> This is what I got on the router:
>
> # route -inet
> route: unknown option -- i
> usage: route [-dnqtv] [-T tableid] command [[modifiers] args]
> commands: add, change, delete, exec, flush, get, monitor, show
> # route show -inet
> Routing tables
>
> Internet:
> DestinationGatewayFlags   Refs  Use   Mtu  Prio
Iface
> default27.9.20.1  UGS 2656 45894821 - 8
pppoe0
> BASE-ADDRESS.MCAST localhost  URS00 32768 8 lo0
> 27.9.20.1  27.9.22.243UH 1   48 - 8
pppoe0
> 27.9.22.24327.9.22.243UHl0   112560 - 1
pppoe0
> loopback   localhost  UGRS   00 32768 8 lo0
> localhost  localhost  UHl1  251 32768 1 lo0
> 192.168.1/24   192.168.1.1UC 0  1302369 - 4 em1
> 192.168.1.11a:cc:00:12:b1:9d  UHLl   063715 - 1 em1
> 192.168.1.255  192.168.1.1UHb0   350100 - 1 em1
> 192.168.2/24   192.168.2.1C  08 - 4 em2
> 192.168.2.11a:cc:00:12:b1:9e  UHLl   0 1951 - 1 em2
> 192.168.2.255  192.168.2.1Hb 01 - 1 em2
> 192.168.3/24   192.168.3.1UC 2   21 - 4 em3
> 192.168.3.11a:cc:00:12:b1:9f  UHLl   025515 - 1 em3
> 192.168.3.32   78:9f:70:79:b8:5a  UHLc   1  3399193 - 4 em3
> 192.168.3.33   f0:cb:a1:79:18:43  UHLc   067314 - 4 em3
> 192.168.3.255  192.168.3.1UHb0   75 - 1 em3
> 192.168.244/24 192.168.244.1  UC 00 - 4 em0
> 192.168.244.1  1a:cc:00:12:b1:9c  UHLl   00 - 1 em0
> 192.168.244.255192.168.244.1  UHb00 - 1 em0
>
>> On 10 Dec 2016, at 6:45 AM, Fred  wrote:
>>
>> On 12/09/16 19:35, 雷致强 wrote:
>>> Sorry, I posted the wrong ifconfig configuration, this is the one on my
Mac:
>>>
>>> $ ifconfig
>>> lo0: flags=8049 mtu 16384
>>> options=1203
>>> inet 127.0.0.1 netmask 0xff00
>>> inet6 ::1 prefixlen 128
>>> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
>>> nd6 options=201
>>> gif0: flags=8010 mtu 1280
>>> stf0: flags=0<> mtu 1280
>>> en1: flags=8863 mtu 1500
>>> ether 78:9f:70:79:b8:5a
>>> inet6 fe80::1c73:268c:55f4:65ef%en1 prefixlen 64 secured scopeid 0x4
>>> inet 192.168.3.32 netmask 0xff00 broadcast 192.168.3.255
>>> nd6 options=201
>>> media: autoselect
>>> status: active
>>> en0: flags=8863 mtu 1500
>>> options=10b
>>> ether 38:c9:86:08:81:84
>>> nd6 options=201
>>> media: autoselect (none)
>>> status: inactive
>>> en2: flags=963 mtu 1500
>>> options=60
>>> ether 2a:00:00:fa:2f:c0
>>> media: autoselect 
>>> status: inactive
>>> en3: flags=963 mtu 1500
>>> options=60
>>> ether 2a:00:00:fa:2f:c1
>>> media: autoselect 
>>> status: inactive
>>> p2p0: flags=8843 mtu 2304
>>> ether 0a:9f:70:79:b8:5a
>>> media: autoselect
>>> status: inactive
>>> awdl0: flags=8943 mtu
1484
>>> ether be:e7:72:f1:a8:96
>>> inet6 fe80::bce7:72ff:fef1:a896%awdl0 prefixlen 64 scopeid 0x9
>>> nd6 options=201
>>> media: autoselect
>>> status: active
>>> bridge0: flags=8863 mtu
1500
>>> options=63
>>> ether 2a:00:00:fa:2f:c0
>>> Configuration:
>>> id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
>>> maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
>>> root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
>>> ipfilter disabled flags 0x2
>>> member: en2 flags=3
>>> ifmaxaddr 0 port 6 priority 0 path cost 0
>>> member: en3 flags=3
>>> ifmaxaddr 0 port 7 priority 0 path cost 0
>>> nd6 options=201
>>> media: 
>>> status: inactive
>>> utun0: flags=8051 mtu 2000
>>> inet6 fe80::98f7:b520:f58b:14dc%utun0 prefixlen 64 scopeid 0xb
>>> nd6 options=201
>>> ppp0: flags=8051 mtu 1280
>>> inet 10.0.0.24 --> 10.0.0.1 netmask 0xff00
>>>
 On 10 Dec 2016, at 3:16 AM, Mihai Popescu  wrote:

 What is the ifconfig configuration of your PC?
 Do you run any pf configuration on your router?

 I really doubt ip forwarding is broken, even on a snapshot!
>>>
>> This is

Re: Is using dkim really worth?

[Walter Alejandro Iglesias]

On Sat, Dec 10, 2016 at 01:11:30PM +0100, Gilles Chehade wrote:
> On Sat, Dec 10, 2016 at 11:51:34AM +0100, Walter Alejandro Iglesias wrote:
> > I mentioned this in other thread, now I'll ask this question directly.
> > 
> > I was running my own mail server for a while but not enough to make a
> > conclusion.  I'd appreciate the opinion of the experienced.
> > 
> > I'm noticing messages with no spf or dkim records reach my gmail inbox.
> > At the same time, messages with spf and dkim 'pass' state go to gmail
> > spam (among them messages sent to me from people in this list).
> > 
> > So, in general and based on your experience, do you think using dkim
> > (that implies daemon, port redirections, etc.) is really worth?
> > 
>
> Depends on your volume and who you intend to send to.
>
> To be honest, setting up both SPF and DKIM takes a couple minutes and it
> will probably avoid some delivery issues which will waste much more than
> that to fix when they happen.

I installed dkim because I've read on internet is, among other things,
what gmail, hotmail, etc. (what most people use) take in care.  Not
exactly what I observe happens in practice as I explained above (I told
you I rescued a message of yours from gmail spam, remember?).

>
> I can understand why someone would be reluctant to setup dmarc, but dkim
> and spf are really a no brainer.

You say this because you surely are quite familiarized with all this
stuff! :-)

Anyway It wasn't my point how difficult is to setting it up (I have it
working since months) but if it's worth adding complexity.

>
> -- 
> Gilles Chehade
>
> https://www.poolp.org  @poolpOrg


Thanks for answering me!

Re: PC-Engines Wireless - PPPOE timeouts.

[Patrick Dohman]

Tom

Specific to your question the apu1d4 is configured to act as DSL bridge/PPPOE
gateway on one ethernet interface.

In addition a PCIe Atheros AR9281 is configured as a host-based access point
for wireless clients & a second ethernet interface is configured to supply
DHCP to la clients via a switch.

Please note the RSSI & noise of connected clients is typically considered good
& averages the following:

RSSI = -54dBm
Noise = -98dBm

Previously the apu1d4  was configured in conjunction with a DOCSIS cable modem
& intermittent modem resets were common.

I’ve gone ahead & purchased new surge protectors for all equipment including
the modern and router which seemed to increase the uptime of the bridge by
several days.

Regards
Patrick


> On Dec 10, 2016, at 4:54 AM, Tom  wrote:
>
> Hello Patrick,
>
> your mail sounds a bit confusing. I assume you have a following setup:
> - your board is configured as router.
> - your internal interface is the wireless athn0
> - your external interface is pppoe0 on a wired interface (like re0),
> but you do not tell us.
>
>>> Specifically if wireless retransmission and specifically interface can
>>> potentially cause pppope timeouts when acting as a bridge.
> ppp is never on a bridge nor acts as bridge.
>
>>> /bsd: pppoe0 LCP keepalive timeout
> This is the only useful line in your post to me. For sure your problem
> has nothing to do wireless or 80211.
> This happens when the physical connection to your ISP gets interrupted
> or, more likely, the ppp-implementation of your ISP has a different
> timeout than that which is hard coded in sys/net/if_spppsubr.c (15s
> with at least every third LCP-keepalive reaching us).
>
> To solve your problem you have two options:
> - Create at least every 30s some traffic on pppoe0 at all times.
> - Run a custum kernel. My workaround is modified if_spppsubr.c. My ISPs
> timeout-interval is 45s, so I increased MAXALIVECNT from 3 to 9. There
> is no warranty with this option at all! You are on your own.
>
>
> Good luck!

Re: Is using dkim really worth?

[Craig Skinner]

Hi Walter,

On Sat, 10 Dec 2016 11:51:34 +0100 Walter Alejandro Iglesias wrote:
> So, in general and based on your experience, do you think using dkim
> (that implies daemon, port redirections, etc.) is really worth?

In terms of delivery to popular free mail providers, it sees to me that
reverse DNS that matches forward DNS & HELO host name are worth more.

Strict SPF breaks with forwarding (mailing lists) so it it must be
vague (~all), which is a little value.

Any empty DMARC ("v=DMARC1\; p=none") record may help a tiny bit too.






All these extras try to change the Simple Mail Transfer Protocol in to
a Complicated Mail Transfer Protocol,.. because of the spam problem...

A few responsible ISPs block outbound access to port 25, forcing their
dynamic customers to authenticate through their port 587 relay servers.

Cheers,
-- 
Craig Skinner | http://linkd.in/yGqkv7

Re: Is using dkim really worth?

[Gilles Chehade]

On Sat, Dec 10, 2016 at 11:51:34AM +0100, Walter Alejandro Iglesias wrote:
> I mentioned this in other thread, now I'll ask this question directly.
> 
> I was running my own mail server for a while but not enough to make a
> conclusion.  I'd appreciate the opinion of the experienced.
> 
> I'm noticing messages with no spf or dkim records reach my gmail inbox.
> At the same time, messages with spf and dkim 'pass' state go to gmail
> spam (among them messages sent to me from people in this list).
> 
> So, in general and based on your experience, do you think using dkim
> (that implies daemon, port redirections, etc.) is really worth?
> 

Depends on your volume and who you intend to send to.

To be honest, setting up both SPF and DKIM takes a couple minutes and it
will probably avoid some delivery issues which will waste much more than
that to fix when they happen.

I can understand why someone would be reluctant to setup dmarc, but dkim
and spf are really a no brainer.

-- 
Gilles Chehade

https://www.poolp.org  @poolpOrg

Re: Is using dkim really worth?

[Joris Vanhecke]

On Sat, 10 Dec 2016, at 11:51 AM, Walter Alejandro Iglesias wrote:
> I mentioned this in other thread, now I'll ask this question directly.
> 
> I was running my own mail server for a while but not enough to make a
> conclusion.  I'd appreciate the opinion of the experienced.
> 
> I'm noticing messages with no spf or dkim records reach my gmail inbox.
> At the same time, messages with spf and dkim 'pass' state go to gmail
> spam (among them messages sent to me from people in this list).
> 
> So, in general and based on your experience, do you think using dkim
> (that implies daemon, port redirections, etc.) is really worth?
> 

Worth it for doing what?

If your primary goal is to stay out of gmail/hotmail/... spam folders
then I would say yes.
Setting up DMARC isn't that hard but a wrong config might get your
domain flagged for life.

Re: PC-Engines Wireless - PPPOE timeouts.

[Tom]

Hello Patrick,

your mail sounds a bit confusing. I assume you have a following setup:
- your board is configured as router.
- your internal interface is the wireless athn0
- your external interface is pppoe0 on a wired interface (like re0),
but you do not tell us.

>> Specifically if wireless retransmission and specifically interface can
>> potentially cause pppope timeouts when acting as a bridge.
ppp is never on a bridge nor acts as bridge.

>> /bsd: pppoe0 LCP keepalive timeout
This is the only useful line in your post to me. For sure your problem
has nothing to do wireless or 80211.
This happens when the physical connection to your ISP gets interrupted
or, more likely, the ppp-implementation of your ISP has a different
timeout than that which is hard coded in sys/net/if_spppsubr.c (15s
with at least every third LCP-keepalive reaching us).

To solve your problem you have two options:
- Create at least every 30s some traffic on pppoe0 at all times.
- Run a custum kernel. My workaround is modified if_spppsubr.c. My ISPs
timeout-interval is 45s, so I increased MAXALIVECNT from 3 to 9. There
is no warranty with this option at all! You are on your own.


Good luck!

Re: Ruby on Rails and httpd

[Joris Vanhecke]

On Fri, 9 Dec 2016, at 04:57 PM, Murk Fletcher wrote:
> Hi,
> 
> Has anybody managed to come up with a working configuration of this?
> 
> Thanks,
> Murk
> 

Hey,

I tested/used the uWSGI tool as a proxy between httpd and rails in 5.7
with success.
The uWSGI docs contain a section on both ruby/rails and obsd's httpd.

I haven't used that setup in production but the developers behind uWSGI
officially document this setup AND offer commercial support.

Regards,
Joris

Is using dkim really worth?

[Walter Alejandro Iglesias]

I mentioned this in other thread, now I'll ask this question directly.

I was running my own mail server for a while but not enough to make a
conclusion.  I'd appreciate the opinion of the experienced.

I'm noticing messages with no spf or dkim records reach my gmail inbox.
At the same time, messages with spf and dkim 'pass' state go to gmail
spam (among them messages sent to me from people in this list).

So, in general and based on your experience, do you think using dkim
(that implies daemon, port redirections, etc.) is really worth?

Re: Bizarre arp entry corruption

[Mihai Popescu]

>> seeing some bizarre behaviour on one box, on one specific interface:

Hello,

This looks like some stupid TV game, where contesters are given some
clues from time to time and they have to guess what is the real shit.

Do post your FULL dmesg and configurations for network if you really
want someone to even think at your issue. Isn't that obvious?

Bye!