Re: edge router lite with double NAT

[jungle boogie]

On 01/22/2017 04:44 PM, trondd wrote:

On Sun, January 22, 2017 7:19 pm, jungle boogie wrote:

On 01/22/2017 04:13 PM, trondd wrote:

On Sun, January 22, 2017 5:38 pm, jungle boogie wrote:

Hi All,

So I want to actually use my edge router lite instead of it collecting
dust. At the moment I don't have a way to put my ISP provided
router/modem into bridge mode. It acts as a DHCP server for my devices
and does all gateway stuff. This means it's double NATTed. Not ideal,
but I don't have a choice right now.





Problem is the BBB cannot do anything outside either 192.168.0.0/24 or
172.16.13.0/24, like curl websites, ping websites, etc.

pfctl is completely disabled on the ERL. What should I look at next to
see how I can get internet to the BBB?



First thought, if you have pf disabled on the ERL, then its not doing
NAT.

Can the ERL get to the internet?


Ok, and did you enable and configure pf on the ERL so it does NAT for BBB?



Shamefully copying the pf example from the FAQ:
int_if="{ cnmac0 cnmac1 }"
set block-policy drop
set loginterface egress
set skip on lo0
match in all scrub (no-df random-id max-mss 1440)
match out on egress inet from !(egress:network) to any nat-to (egress:0)
#block all
pass out quick inet
pass in on $int_if inet


I removed the martins bit because I'm expecting traffic from 192.168.0.0 
from cnmac0.


I can connect to the BBB but still cannot ping.

Is this not actually establishing NAT?

Thanks!

Re: RES_USE_EDNS0 and RES_USE_DNSSEC in libc resolver

[Mike Burns]

On 2017-01-23 02.09.25 +0100, Kirill Miazine wrote:
> Having spent several hours trying to find out whether RES_USE_DNSSEC
> actually does anything on OpenBSD, I have to ask for help...

http://marc.info/?l=openbsd-tech=141472101516574=2

It does nothing.

RES_USE_EDNS0 and RES_USE_DNSSEC in libc resolver

[Kirill Miazine]

Hi, list

Having spent several hours trying to find out whether RES_USE_DNSSEC actually 
does
anything on OpenBSD, I have to ask for help...

I'm actually debugging DNSSEC in Exim, which sets both RES_USE_EDNS0 and
RES_USE_DNSSEC options, sends queries to a local resolver that does
validations (I can confirm this with dig), but when res_search() is run,
the responses come without AD/DO set... I thought that this is strange.
So I dived into src/lib/libc/asr code (I started elsewhere, but my
searches took me there) and it looks like neither RES_USE_EDNS0 nor
RES_USE_DNSSEC does anything.

Is that right conclusion?

--
   -- Kirill Miazine 

Re: edge router lite with double NAT

[trondd]

On Sun, January 22, 2017 7:19 pm, jungle boogie wrote:
> On 01/22/2017 04:13 PM, trondd wrote:
>> On Sun, January 22, 2017 5:38 pm, jungle boogie wrote:
>>> Hi All,
>>>
>>> So I want to actually use my edge router lite instead of it collecting
>>> dust. At the moment I don't have a way to put my ISP provided
>>> router/modem into bridge mode. It acts as a DHCP server for my devices
>>> and does all gateway stuff. This means it's double NATTed. Not ideal,
>>> but I don't have a choice right now.
>>>
>>
>>>
>>> Problem is the BBB cannot do anything outside either 192.168.0.0/24 or
>>> 172.16.13.0/24, like curl websites, ping websites, etc.
>>>
>>> pfctl is completely disabled on the ERL. What should I look at next to
>>> see how I can get internet to the BBB?
>>>
>>
>> First thought, if you have pf disabled on the ERL, then its not doing
>> NAT.
>>
>> Can the ERL get to the internet?

Ok, and did you enable and configure pf on the ERL so it does NAT for BBB?

Re: adt(4) on Sun W1100z OpenBSD6.0-stable returns weird(?) temperature and RPM

[Theo de Raadt]

> I've noticed that the ADT driver correctly attaches, but reports weird
> (excessive?)
> temperature and RPM. Is adt7467 supported?
> 
> ###
> adt0 at iic0 addr 0x2e: adt7467 rev 0x71
> 
> $ sysctl -a | grep -e  degC -e RPM
> hw.sensors.acpitz0.temp0=45.00 degC (zone temperature)
> hw.sensors.adt0.temp0=109.00 degC (Remote)
> hw.sensors.adt0.temp1=109.00 degC (Internal)
> hw.sensors.adt0.temp2=0.00 degC (Remote)
> hw.sensors.adt0.fan0=675000 RPM
> hw.sensors.adt0.fan2=675000 RPM
> hw.sensors.kate0.temp2=63.00 degC

Early sensor devices were rather annoying.  Registers indicate a value
which needs to be scaled using per-device tables.  Assuming the device
has been properly wired externally with registers and capacitors.  If
that wiring diagram was changed, the vendor who put them into the
machine would know but we wouldn't.  We've even seen chips with some
of the sensors pins left floating or tied to ground.

These drivers were best effort.

Re: edge router lite with double NAT

[jungle boogie]

On 01/22/2017 04:13 PM, trondd wrote:

On Sun, January 22, 2017 5:38 pm, jungle boogie wrote:

Hi All,

So I want to actually use my edge router lite instead of it collecting
dust. At the moment I don't have a way to put my ISP provided
router/modem into bridge mode. It acts as a DHCP server for my devices
and does all gateway stuff. This means it's double NATTed. Not ideal,
but I don't have a choice right now.





Problem is the BBB cannot do anything outside either 192.168.0.0/24 or
172.16.13.0/24, like curl websites, ping websites, etc.

pfctl is completely disabled on the ERL. What should I look at next to
see how I can get internet to the BBB?



First thought, if you have pf disabled on the ERL, then its not doing NAT.

Can the ERL get to the internet?



Yes, I can ping google in this example:

$ ping -c 5 google.com
PING google.com (172.217.4.142): 56 data bytes
64 bytes from 172.217.4.142: icmp_seq=0 ttl=55 time=28.383 ms
64 bytes from 172.217.4.142: icmp_seq=1 ttl=55 time=27.436 ms
64 bytes from 172.217.4.142: icmp_seq=2 ttl=55 time=27.636 ms
64 bytes from 172.217.4.142: icmp_seq=3 ttl=55 time=29.606 ms
64 bytes from 172.217.4.142: icmp_seq=4 ttl=55 time=28.146 ms

--- google.com ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 27.436/28.241/29.606/0.762 ms

Re: edge router lite with double NAT

[trondd]

On Sun, January 22, 2017 5:38 pm, jungle boogie wrote:
> Hi All,
>
> So I want to actually use my edge router lite instead of it collecting
> dust. At the moment I don't have a way to put my ISP provided
> router/modem into bridge mode. It acts as a DHCP server for my devices
> and does all gateway stuff. This means it's double NATTed. Not ideal,
> but I don't have a choice right now.
>

>
> Problem is the BBB cannot do anything outside either 192.168.0.0/24 or
> 172.16.13.0/24, like curl websites, ping websites, etc.
>
> pfctl is completely disabled on the ERL. What should I look at next to
> see how I can get internet to the BBB?
>

First thought, if you have pf disabled on the ERL, then its not doing NAT.

Can the ERL get to the internet?

edge router lite with double NAT

[jungle boogie]

Hi All,

So I want to actually use my edge router lite instead of it collecting 
dust. At the moment I don't have a way to put my ISP provided 
router/modem into bridge mode. It acts as a DHCP server for my devices 
and does all gateway stuff. This means it's double NATTed. Not ideal, 
but I don't have a choice right now.


The edge router lite is connected to it via port 0 and has an IP of 
192.168.0.16. I have setup forwarding:

$ cat /etc/sysctl.conf
net.inet.ip.forwarding=1
net.inet6.ip6.forwarding=1

Setup DHCPD on port 1 on the ERL for an ip range 172.16.13.0/24 along 
with unbound querying various DNS providers. I have a port 1 on the ERL 
connected to a switch, which then has a beaglebone black connected to 
it. The BBB gets an IP and can do DNS queries with drill.


Problem is the BBB cannot do anything outside either 192.168.0.0/24 or 
172.16.13.0/24, like curl websites, ping websites, etc.


pfctl is completely disabled on the ERL. What should I look at next to 
see how I can get internet to the BBB?


ERL running:
OpenBSD 6.0-current (GENERIC) #0: Fri Jan 20 02:55:59 UTC 2017
build@octeon:/usr/src/sys/arch/octeon/compile/GENERIC


BBB is running freeBSD current, but I don't think the results would be 
different if it were openBSD.


I made a little diagram at the link below with some output from BBB/ERL:
https://clbin.com/Skby4

The switch isn't the problem because the same thing happens when the BBB 
is plugged into port 1 on the ERL.


What am I overlooking that's preventing internet access?

Many thanks!

adt(4) on Sun W1100z OpenBSD6.0-stable returns weird(?) temperature and RPM

[Jan Vlach]

Hello openbsd-misc,

I've got a legacy "Sun Microsystems W1100z" running 6.0-stable AMD64

I've noticed that the ADT driver correctly attaches, but reports weird
(excessive?)
temperature and RPM. Is adt7467 supported?

###
adt0 at iic0 addr 0x2e: adt7467 rev 0x71

$ sysctl -a | grep -e  degC -e RPM
hw.sensors.acpitz0.temp0=45.00 degC (zone temperature)
hw.sensors.adt0.temp0=109.00 degC (Remote)
hw.sensors.adt0.temp1=109.00 degC (Internal)
hw.sensors.adt0.temp2=0.00 degC (Remote)
hw.sensors.adt0.fan0=675000 RPM
hw.sensors.adt0.fan2=675000 RPM
hw.sensors.kate0.temp2=63.00 degC
###

Full `dmesg' and full `sysctl -a' follows. (sections divided by ###)

I've changed kern.hostname to  in sysctl output to protect the
guilty...

Thank you for your time,
Jan Vlach

### DMESG

OpenBSD 6.0 (GENERIC.MP) #2319: Tue Jul 26 13:00:43 MDT 2016
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 2130051072 (2031MB)
avail mem = 2061082624 (1965MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.33 @ 0xefeb0 (37 entries)
bios0: vendor Sun Microsystems version "R01-B5 S0" date 03/17/2006
bios0: Sun Microsystems W1100z/2100z
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP SRAT APIC SSDT
acpi0: wakeup devices USB0(S1) USB1(S1) Z009(S1) Z00A(S1) Z00B(S1) G0PA(S4) 
G0PB(S4) G1PA(S4) G1PB(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Opteron(tm) Processor 144, 1795.16 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,NXE,MMXX,LONG,3DNOW2,3DNOW
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 1MB 64b/line 
16-way L2 cache
cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
cpu0: AMD errata 89, 97, 101 present, BIOS upgrade may be required
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 199MHz
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 11, 24 pins
ioapic1 at mainbus0: apid 2 pa 0xe800, version 11, 4 pins
ioapic2 at mainbus0: apid 3 pa 0xe801, version 11, 4 pins
ioapic3 at mainbus0: apid 4 pa 0xe850, version 11, 4 pins
ioapic4 at mainbus0: apid 5 pa 0xe851, version 11, 4 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (TP2P)
acpiprt2 at acpi0: bus 2 (G0PA)
acpiprt3 at acpi0: bus 3 (G0PB)
acpiprt4 at acpi0: bus 9 (Z00D)
acpiprt5 at acpi0: bus 14 (G1PA)
acpiprt6 at acpi0: bus 19 (G1PB)
acpicpu0 at acpi0: C1(@1 halt!), PSS
acpitz0 at acpi0: critical temperature is 65 degC
acpibtn0 at acpi0: PWRB
"PNP0A05" at acpi0 not configured
"PNP0501" at acpi0 not configured
"PNP0501" at acpi0 not configured
cpu0: Cool'n'Quiet K8 1795 MHz: speeds: 1800 1000 MHz
pci0 at mainbus0 bus 0
ppb0 at pci0 dev 6 function 0 "AMD 8111" rev 0x07
pci1 at ppb0 bus 1
pciide0 at pci1 dev 2 function 0 "CMD Technology SiI3512 SATA" rev 0x01: DMA
pciide0: using apic 1 int 17 for native-PCI interrupt
ohci0 at pci1 dev 3 function 0 "NEC USB" rev 0x43: apic 1 int 18, version 1.0, 
legacy support
ohci1 at pci1 dev 3 function 1 "NEC USB" rev 0x43: apic 1 int 19, version 1.0, 
legacy support
ehci0 at pci1 dev 3 function 2 "NEC USB" rev 0x04: apic 1 int 16
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "NEC EHCI root hub" rev 2.00/1.00 addr 1
usb1 at ohci0: USB revision 1.0
uhub1 at usb1 "NEC OHCI root hub" rev 1.00/1.00 addr 1
usb2 at ohci1: USB revision 1.0
uhub2 at usb2 "NEC OHCI root hub" rev 1.00/1.00 addr 1
amdpcib0 at pci0 dev 7 function 0 "AMD 8111 LPC" rev 0x05
pciide1 at pci0 dev 7 function 1 "AMD 8111 IDE" rev 0x03: DMA, channel 0 
configured to compatibility, channel 1 configured to compatibility
wd0 at pciide1 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 78533MB, 160836480 sectors
wd1 at pciide1 channel 0 drive 1: 
wd1: 16-sector PIO, LBA, 76319MB, 156301488 sectors
wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
wd1(pciide1:0:1): using PIO mode 4, Ultra-DMA mode 5
wd2 at pciide1 channel 1 drive 0: 
wd2: 16-sector PIO, LBA48, 76293MB, 15625 sectors
wd2(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 5
amdiic0 at pci0 dev 7 function 2 "AMD 8111 SMBus" rev 0x02: SCI
iic0 at amdiic0
adt0 at iic0 addr 0x2e: adt7467 rev 0x71
amdpm0 at pci0 dev 7 function 3 "AMD 8111 Power" rev 0x05
ppb1 at pci0 dev 10 function 0 "AMD 8131 PCIX" rev 0x12
pci2 at ppb1 bus 2
aapic0 at pci0 dev 10 function 1 "AMD 8131 PCIX IOAPIC" rev 0x01
ppb2 at pci0 dev 11 function 0 "AMD 8131 PCIX" rev 0x12
pci3 at ppb2 bus 3
bge0 at pci3 dev 2 function 0 "Broadcom BCM5703X" rev 0x02, BCM5702/5703 A2 
(0x1002): apic 3 int 0, address 00:0a:e4:2a:31:92
brgphy0 at bge0 phy 1: BCM5703 10/100/1000baseT PHY, rev. 2
aapic1 at pci0 dev 11 function 1 "AMD 8131 PCIX IOAPIC" rev 0x01
pchb0 at pci0 dev 24 function 0 "AMD AMD64 0Fh 

Re: ETE - ETA

[Matt M]

ETA is a sort of "universally" recognized and used form. To be technical,
ETA and ETE would be synonymous in this case anyway.

The time to wait till arrival (eta) would correspond exactly with the time
it takes to complete the process (enroute).

On Sun, Jan 22, 2017 at 8:30 AM jean-francois  wrote:

> Hi,
>
> I always wondered what was ETA for during the installation process.
>
> As of today, I noticed this should read ETE as for Estimated Time Enroute.
>
> ETA stands for Estimated Time of Arrival and is therefore more or less
> constant.
>
> Regards

Re: ksh(1): overwritten prompt caused by UTF-8 character

[Anton Lindqvist]

On Sun, Jan 22, 2017 at 03:55:25PM +0100, Ingo Schwarze wrote:
> Hi,
> 
> Anton Lindqvist wrote on Sun, Jan 22, 2017 at 02:57:12PM +0100:
> 
> > I recently encountered a bug related to UTF-8 in ksh(1).
> > 
> > While inserting the following sequence, part of my prompt gets mangled:
> > 
> >   aö
> > 
> > With PS1='ksh$ ' I expect the following output:
> > 
> >   ksh$ öa
> > 
> > ... actual output:
> > 
> >   kshöaa
> 
> I cannot reproduce.  It works for me on OpenBSD-current (amd64).
> 
> Which version of OpenBSD are you using?

My bad, turns out this problem is related to my terminal emulator rather
than ksh. I can't re-produce the problem in either xterm or console.

Sorry for the noise.

Re: ksh(1): overwritten prompt caused by UTF-8 character

[Ingo Schwarze]

Hi,

Anton Lindqvist wrote on Sun, Jan 22, 2017 at 02:57:12PM +0100:

> I recently encountered a bug related to UTF-8 in ksh(1).
> 
> While inserting the following sequence, part of my prompt gets mangled:
> 
>   aö
> 
> With PS1='ksh$ ' I expect the following output:
> 
>   ksh$ öa
> 
> ... actual output:
> 
>   kshöaa

I cannot reproduce.  It works for me on OpenBSD-current (amd64).

Which version of OpenBSD are you using?

> Examining the output buffer when the 'ö' character is inserted
> shows the following, piped through hexdump:
> 
>   c3 61 08  |.a.|
> 0003
> 
> 0xc3 is the first byte of the 'ö' character and the trailing
> backspace (0x08) causes the cursor to move past the incomplete UTF-8
> sequence.

I don't understand what you are talking about here.  In particular,
what is that "output buffer" you are talking about?

> The backspace is emitted by the following lines in function x_ins:
> 
> $ sed -n 460,464p /usr/src/bin/ksh/emacs.c
>   if (adj == x_adj_done) {
> /* no */
> for (cp = xlp; cp > xcp; )
>   x_bs(*--cp);
>   }
> 
> A solution would be to only emit a backspace if cp[-1] is a UTF-8
> continuation byte and cp[-2] a UTF-8 start byte. This removes one of
> erroneous backspaces that eats the prompt.
> 
> Examining the output buffer when the last byte (0xb6) of 'ö' is
> inserted:
> 
>   08 c3 b6 61 08|...a.|
> 
> The leading erroneous backspace is caused by the following lines in
> function x_zots, introduced in r1.64:
> 
> $ sed -n 687,691p bin/ksh/emacs.c
>   if (str > xbuf && isu8cont(*str)) {
> while (str > xbuf && isu8cont(*str))
>   str--;
> x_e_putc('\b');
>   }
> 
> I haven't found any viable solution to not emit the backspace if a
> character is prepended, as opposed of appended.
> 
> Any ideas on how to solve this issue would be much appreciated.

I neither understand the problem nor any part of your analysis.

Sorry,
  Ingo

ETE - ETA

[jean-francois]

Hi,

I always wondered what was ETA for during the installation process.

As of today, I noticed this should read ETE as for Estimated Time Enroute.

ETA stands for Estimated Time of Arrival and is therefore more or less 
constant.


Regards

ksh(1): overwritten prompt caused by UTF-8 character

[Anton Lindqvist]

I recently encountered a bug related to UTF-8 in ksh(1).

While inserting the following sequence, part of my prompt gets mangled:

  aö

With PS1='ksh$ ' I expect the following output:

  ksh$ öa

... actual output:

  kshöaa

Examining the output buffer when the 'ö' character is inserted shows the
following, piped through hexdump:

  c3 61 08  |.a.|
0003

0xc3 is the first byte of the 'ö' character and the trailing backspace
(0x08) causes the cursor to move past the incomplete UTF-8 sequence. The
backspace is emitted by the following lines in function x_ins:

$ sed -n 460,464p /usr/src/bin/ksh/emacs.c
  if (adj == x_adj_done) {
/* no */
for (cp = xlp; cp > xcp; )
  x_bs(*--cp);
  }

A solution would be to only emit a backspace if cp[-1] is a UTF-8
continuation byte and cp[-2] a UTF-8 start byte. This removes one of
erroneous backspaces that eats the prompt.

Examining the output buffer when the last byte (0xb6) of 'ö' is
inserted:

  08 c3 b6 61 08|...a.|

The leading erroneous backspace is caused by the following lines in
function x_zots, introduced in r1.64:

$ sed -n 687,691p bin/ksh/emacs.c
  if (str > xbuf && isu8cont(*str)) {
while (str > xbuf && isu8cont(*str))
  str--;
x_e_putc('\b');
  }

I haven't found any viable solution to not emit the backspace if a
character is prepended, as opposed of appended.

Any ideas on how to solve this issue would be much appreciated.