Potential grep bug?

2020-06-23 Thread Jordan Geoghegan 

Hello,

I was working on a couple POSIX regular expressions to search for and 
validate IPv4 and IPv6 addresses with optional CIDR blocks, and 
encountered some strange behaviour from the base system grep.


I wanted to validate my regex against a list of every valid IPv4 
address, so I generated a list with a zsh 1 liner:


 for i in {0..255}; do; echo $i.{0..255}.{0..255}.{0..255} ; done | 
tr '[:space:]' '\n' > IPv4.txt


My intentions were to test the regex by running it with 'grep -c' to 
confirm there was indeed 2^32 addresses matched, and I also wanted to 
benchmark and compare performance between BSD grep, GNU grep and 
ripgrep. The command I used:


   grep -Eoc 
"((25[0-5]|(2[0-4]|1{0,1}[[:digit:]]){0,1}[[:digit:]])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[[:digit:]]){0,1}[[:digit:]])(/[1-9]|/[1-2][[:digit:]]|/3[0-2])?"


My findings were surprising. Both GNU grep and ripgrep were able get 
through the file in roughly 10 and 20 minutes respectively, whereas the 
base system grep took over 20 hours! What interested me the most was 
that the base system grep when run with '-c' returned '0' for match 
count. It seems that 'grep -c' will have its counter overflow if there 
are more than 2^32-1 matches (4294967295) and then the counter will 
start counting from zero again for further matches.


    ryzen$ time zcat IPv4.txt.gz | grep -Eoc "((25[0-5]|(2[0-4]|1{0,1}...
    0
    1222m09.32s real  1224m28.02s user 1m16.17s system

    ryzen$ time zcat allip.txt.gz | ggrep -Eoc "((25[0-5]|(2[0-4]|1{0,1}...
    4294967296
    10m00.38s real    11m40.57s user 0m30.55s system

    ryzen$ time rg -zoc "((25[0-5]|(2[0-4]|1{0,1}...
    4294967296
    21m06.36s real    27m06.04s user 0m50.08s system

# See the counter overflow/reset:
    jot 4294967350 | grep -c "^[[:digit:]]"
    54

All testing was done on a Ryzen desktop machine running 6.7 stable.

The grep counting bug can be reproduced with this command:
   jot 4294967296 | nice grep -c "^[[:digit:]]"

Regards,

Jordan

Re: Suggestions re error: "USB read failed" accessing Infinite Noise TRNG?

2020-06-23 Thread Nick Holland 
On 2020-06-23 06:20, Why 42? The lists account. wrote:
> 
> Hi All,
> 
> Has anyone ever tried the Infinite Noise TRNG hardware random number generator
> with OpenBSD?

Actually...no.  Never felt any reason to.

> It's a USB stick that contains hardware to generate random numbers. See:
> https://github.com/13-37-org/infnoise
> 
> I had a couple of these working with ArchLinux and would like to try using
> them with OpenBSD.
>
> Using either 6.6 or 6.7 the device is recognised at boot time:
>> uftdi0 at uhub0 port 2 configuration 1 interface 0 "13-37.org Infinite Noise
>> TRNG" rev 2.00/10.00 addr 3 ucom0 at uftdi0 portno 1

so ... looks like is is pretending to be a serial port.  ucom0.
... 
> With libftdi1-1.4p2 installed I was able to compile the associated software
> using the supplied "Makefile.freebsd". So a pretty easy start ...

FreeBSD?
I'd be more surprised if this worked than if it didn't.

> This creates an executable "driver" called infnoise which can be run as a
> daemon e.g.

"driver" that runs as a "daemon".  I'm not entirely sure what that would
mean, to be honest.

>> doas ./infnoise -h
>> Usage: infnoise [options]
...
>> -s, --serial  - use specified device
   ^^^  Might want to play with that option.  Or not.
...
> Any suggestions? Where am I going wrong? Maybe I shouldn't have taken that
> shortcut with the freebsd makefile? Or a security issue?

First of all..what are you wanting this thing to do?  Provide random
data? how about just reading /dev/cuaU0?  And then...why not just use
/dev/random?

Or are you wanting this device to contribute to the OpenBSD random number
generator by stirring the entropy pool?

Are you expecting this /FreeBSD/ driver to reach into the /OpenBSD/
entropy pool and give it a good stir directly from ... userland?  That
sounds a bit scary.


However, I'd start by questioning the basic premise that OpenBSD needs
more entropy to seed its random number generator.  The OpenBSD developers
have spent a lot of time (and written some really good descriptions) on the
topic.  Many DIFFERENT things in OpenBSD *use* random numbers (so even if
you knew what the next "Random" number returned was going to be -- you
don't know if what task will be the one getting it!) and many DIFFERENT
things in OpenBSD agitate the entropy pool (so you aren't likely to know
what the next number returned will be), so you don't stand much of a
prayer of predicting the next result from a call to /dev/random.

Not only is the PRNG well stirred, a lot of modern hw has on-chip true
RNG noise sources which do basically the same as your little USB plug,
and OpenBSD uses at least a few of them.  Combine that with a lot of
"incredibly difficult to predict" things like hardware I/O and lots of
/dev/random data being used by things OTHER than your app...I really doubt
you will find much benefit to adding an external noise source to OpenBSD.

Nick.

Re: How do I get the man page for a package I haven't installed yet?

2020-06-23 Thread Eric Furman 
On Tue, Jun 23, 2020, at 2:20 PM, Theo de Raadt wrote:
> Ottavio Caruso  wrote:
> 
> > Hi,
> > 
> > Unless I've got it all wrong,  will only
> > display man pages for programs and commands in base. Is there a way to
> > display the man page for a package/port I haven't installed and/or
> > downloaded yet? (This assumes I haven't downloaded the ports cvs
> > tree).
> 
> Doing that would be very annoying and painful, and very few people
> would want it.  It would also substantially degrade the clarity at
> man.openbsd.org

I think the best option is if the program you want to install has
a web page would be to go there and ask them if they could
put up the docs you want.

Re: Any idea/suggestion for old Cisco router to be use running OpenBSD current for WG?

2020-06-23 Thread Kaya Saman 
Actually you reminded me about the Cisco Voice appliances which are 
basically PC servers. If I recall correctly they ran a Linux kernel too.


Unfortunately I never got to play around with the capabilities of one 
but you might have some luck with something like that. Of course it 
wouldn't be running Call Manager ;-)


- hang on... my memory is slowly coming back (it's been over 10 years 
lol), CCM used to also be available as a VM which could be run on 
VMware. Maybe the dedicated appliance would be a good choice of hardware 
to run OpenBSD on?


The ASA appliances may also be x86 based which could make them a 
candidate but with large price tags for new ones I'm not sure if anyone 
has tried doing anything crazy with them.



A quick google for the Unified Communication System came up with this:

https://www.google.com/search?q=cisco+call+manager+server=ALeKk03xeYq4NLgIyiUGtaNmoUnR3iaXnQ:1592950661912=lnms=isch=X=2ahUKEwi_7OPS-5jqAhUpTxUIHRbnCOkQ_AUoAXoECA0QAw=1918=955#imgrc=yRjG43cRTHU1nM


You might be really lucky with one of those devices! Hopefully someone 
with more experience will chime in and confirm.



Regards,


Kaya


On 2020-06-23 23:03, Daniel Ouellet wrote:

OpenBSD does run on some old Cisco routers, it's been done before. Sure
it's not officially supported nor does it support all the various
interfaces but it's known to work on some.

I am trying to dig up a dmesg showing it too.

Plus Cisco have some firewall type of device that are over price PC that
can run OpenBSD.

Here is an example using the4 old Cisco IDS-4215

https://komlositech.wordpress.com/2018/12/30/revive-a-cisco-ids-into-a-capable-openbsd-firewall/

I was just curious as to what stage it might be now.

I am not saying it make sense to do really power wise for sure.

May be Juniper instead as Juniper is based on FreeBSD anyway and it's an
over price PC with specialize network cards. (; Ok more then that, but
you get the picture I think.

I was just curious as to what it may be running on these days?

Could be Cisco routers, Cisco IDS, Cisco firewall, unless I am mistaken
they also have servers or used too anyway, and why not Juniper gear?

In short any box that appear to be Cisco or Juniper but that have
something different under the hood.

And yes, this is stupid if you look only at what you get compare to
other better choices.

I am not doing it for best performance, but for fell comfortable.

Call it marketing bullshit, because that's exactly what it is! (;

Daniel


On 6/23/20 12:37 PM, Kaya Saman wrote:

Hi, I totally understand the position you're in and sympathize.

I've never heard of Cisco routers being able to run OpenBSD though IOS
is based on BSD as far as I'm aware.

Not a direct solution to your use case but you could always run a
small mini-itx or SBC system behind the Cisco router. You could put it
as a firewall solution and have the OBSD box doing all the major
routing, vlans, firewall (pf) etc... while the Cisco could just simply
forward information between the private and public IP ranges. Or if
using dial-in then you can bridge the OBSD and Cisco then use OBSD as
the PPPoE device

It is one suggestion in any case though it might not be the most ideal.

Regards,

Kaya

On Tue, Jun 23, 2020 at 5:03 PM Daniel Ouellet  wrote:

Hi,

This might be a bit weird question, but I saw the wireguard being put in
the kernel in the last few days and I am very existed abut it oppose to
use the package on it and even today there was more on it.

Many thanks for this!!!

I also know there was effort and some Cisco router can run OpenBSD very
well, however I have no clue as to any of this stand now.

I don't have a problem to use APU type or other Ubiquit for small
OpenBSD router, but I wonder about using Cisco instead. The only reason
is for may be more stability, most likely less performance for sure, but
less change to have corrupted reboot on power lost, etc.

And sadly for some customers having what they see as computer as router
don't make them fell good, but seeing a Cisco box kind of wipe out the
impression. I am not saying it's justify, but perception is sometime
everything, but if I have my say in it I want all my routers to be
OpenBSD as much as I can where the needs is not to multiple Gb in speed.

So, any suggestion or updates as to what's now available and hopefully
in use now.

I really don't care for any special model, or even Juniper, as long as I
can put OpenBSD on it.

So any feedback as to where it's stand now and what's usable in a
reliable way would be greatly appreciated.

And yes I know I may well get better performance in some cases with a
small APU device then a Cisco one, but that's for what we all know may
not be logical to be used, but for sadly how some clients may fell, not
knowing any better.

I guess you can see that as some people do security by obstruction, but
we al know it's not more secure, this is routing by obstruction I guess
and may be less performant, but achieve comfort

How do I get the man page for a package I haven't installed yet?

2020-06-23 Thread Ottavio Caruso 
Hi,

Unless I've got it all wrong,  will only
display man pages for programs and commands in base. Is there a way to
display the man page for a package/port I haven't installed and/or
downloaded yet? (This assumes I haven't downloaded the ports cvs
tree).

Thanks

-- 
Ottavio Caruso

A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?

Re: Any idea/suggestion for old Cisco router to be use running OpenBSD current for WG?

2020-06-23 Thread Daniel Ouellet 
OpenBSD does run on some old Cisco routers, it's been done before. Sure
it's not officially supported nor does it support all the various
interfaces but it's known to work on some.

I am trying to dig up a dmesg showing it too.

Plus Cisco have some firewall type of device that are over price PC that
can run OpenBSD.

Here is an example using the4 old Cisco IDS-4215

https://komlositech.wordpress.com/2018/12/30/revive-a-cisco-ids-into-a-capable-openbsd-firewall/

I was just curious as to what stage it might be now.

I am not saying it make sense to do really power wise for sure.

May be Juniper instead as Juniper is based on FreeBSD anyway and it's an
over price PC with specialize network cards. (; Ok more then that, but
you get the picture I think.

I was just curious as to what it may be running on these days?

Could be Cisco routers, Cisco IDS, Cisco firewall, unless I am mistaken
they also have servers or used too anyway, and why not Juniper gear?

In short any box that appear to be Cisco or Juniper but that have
something different under the hood.

And yes, this is stupid if you look only at what you get compare to
other better choices.

I am not doing it for best performance, but for fell comfortable.

Call it marketing bullshit, because that's exactly what it is! (;

Daniel


On 6/23/20 12:37 PM, Kaya Saman wrote:
> Hi, I totally understand the position you're in and sympathize.
> 
> I've never heard of Cisco routers being able to run OpenBSD though IOS
> is based on BSD as far as I'm aware.
> 
> Not a direct solution to your use case but you could always run a
> small mini-itx or SBC system behind the Cisco router. You could put it
> as a firewall solution and have the OBSD box doing all the major
> routing, vlans, firewall (pf) etc... while the Cisco could just simply
> forward information between the private and public IP ranges. Or if
> using dial-in then you can bridge the OBSD and Cisco then use OBSD as
> the PPPoE device
> 
> It is one suggestion in any case though it might not be the most ideal.
> 
> Regards,
> 
> Kaya
> 
> On Tue, Jun 23, 2020 at 5:03 PM Daniel Ouellet  wrote:
>>
>> Hi,
>>
>> This might be a bit weird question, but I saw the wireguard being put in
>> the kernel in the last few days and I am very existed abut it oppose to
>> use the package on it and even today there was more on it.
>>
>> Many thanks for this!!!
>>
>> I also know there was effort and some Cisco router can run OpenBSD very
>> well, however I have no clue as to any of this stand now.
>>
>> I don't have a problem to use APU type or other Ubiquit for small
>> OpenBSD router, but I wonder about using Cisco instead. The only reason
>> is for may be more stability, most likely less performance for sure, but
>> less change to have corrupted reboot on power lost, etc.
>>
>> And sadly for some customers having what they see as computer as router
>> don't make them fell good, but seeing a Cisco box kind of wipe out the
>> impression. I am not saying it's justify, but perception is sometime
>> everything, but if I have my say in it I want all my routers to be
>> OpenBSD as much as I can where the needs is not to multiple Gb in speed.
>>
>> So, any suggestion or updates as to what's now available and hopefully
>> in use now.
>>
>> I really don't care for any special model, or even Juniper, as long as I
>> can put OpenBSD on it.
>>
>> So any feedback as to where it's stand now and what's usable in a
>> reliable way would be greatly appreciated.
>>
>> And yes I know I may well get better performance in some cases with a
>> small APU device then a Cisco one, but that's for what we all know may
>> not be logical to be used, but for sadly how some clients may fell, not
>> knowing any better.
>>
>> I guess you can see that as some people do security by obstruction, but
>> we al know it's not more secure, this is routing by obstruction I guess
>> and may be less performant, but achieve comfort obstruction confidence.
>>
>> I just have no clue if wireguard needs to be run, what can be achieve as
>> the CPU in all Cisco device is always under power, we all know that.
>>
>> This may not go anywhere, however I liked to look even if for nothing
>> else then just being fun to do if that can't even be usable.
>>
>> Many thanks for your time and feedback.
>>
>> Daniel
>>
>> PS; And yes, that's most likely stupid I know. Sometime what's used is
>> not always what make sense for other reason that are stupid.
>>
>

Re: Any idea/suggestion for old Cisco router to be use running OpenBSD current for WG?

2020-06-23 Thread Daniel Ouellet 
Thanks

I have run Edge router for a very long time, but that doesn't fit the
marketing bullshit needed. (;

I run my first one as far back as 2015.

https://marc.info/?l=openbsd-misc=144747982003992=2

And the new Ubiquiti most likely would have better performance compare
to many old cisco box possibly running OpenBSD.

That's sadly not the goal here.


On 6/23/20 1:40 PM, Jordan Geoghegan wrote:
> I don't know much about Cisco hardware, but I've had great luck with the
> Edgerouter line of products. I've run my home network on an Edgerouter
> Pro for several years now without issue, and have dozens of ER4 and
> ER-Lite devices out in the wild.
> 
> If you're looking for non-x86 routing solutions, then the Edgerouter is
> one of the best bets.
> 
> Regards,
> 
> Jordan
> 
> On 2020-06-23 09:01, Daniel Ouellet wrote:
>> Hi,
>>
>> This might be a bit weird question, but I saw the wireguard being put in
>> the kernel in the last few days and I am very existed abut it oppose to
>> use the package on it and even today there was more on it.
>>
>> Many thanks for this!!!
>>
>> I also know there was effort and some Cisco router can run OpenBSD very
>> well, however I have no clue as to any of this stand now.
>>
>> I don't have a problem to use APU type or other Ubiquit for small
>> OpenBSD router, but I wonder about using Cisco instead. The only reason
>> is for may be more stability, most likely less performance for sure, but
>> less change to have corrupted reboot on power lost, etc.
>>
>> And sadly for some customers having what they see as computer as router
>> don't make them fell good, but seeing a Cisco box kind of wipe out the
>> impression. I am not saying it's justify, but perception is sometime
>> everything, but if I have my say in it I want all my routers to be
>> OpenBSD as much as I can where the needs is not to multiple Gb in speed.
>>
>> So, any suggestion or updates as to what's now available and hopefully
>> in use now.
>>
>> I really don't care for any special model, or even Juniper, as long as I
>> can put OpenBSD on it.
>>
>> So any feedback as to where it's stand now and what's usable in a
>> reliable way would be greatly appreciated.
>>
>> And yes I know I may well get better performance in some cases with a
>> small APU device then a Cisco one, but that's for what we all know may
>> not be logical to be used, but for sadly how some clients may fell, not
>> knowing any better.
>>
>> I guess you can see that as some people do security by obstruction, but
>> we al know it's not more secure, this is routing by obstruction I guess
>> and may be less performant, but achieve comfort obstruction confidence.
>>
>> I just have no clue if wireguard needs to be run, what can be achieve as
>> the CPU in all Cisco device is always under power, we all know that.
>>
>> This may not go anywhere, however I liked to look even if for nothing
>> else then just being fun to do if that can't even be usable.
>>
>> Many thanks for your time and feedback.
>>
>> Daniel
>>
>> PS; And yes, that's most likely stupid I know. Sometime what's used is
>> not always what make sense for other reason that are stupid.
>>
>

Re: XFCE menu does not load with keyboard shortcut

2020-06-23 Thread Why 42? The lists account. 


On Tue, Jun 23, 2020 at 07:33:20PM +0100, Ed Gray wrote:
> I have an issue with XFCE on OpenBSD 6.6 and current on an amd64 system.
> XFCE works fine except for accessing the applications menu with the Alt +
> F1 keyboard shortcut. Instead of loading the menu it gets highlighted in
> grey and nothing happens. Clicking the menu loads it straight away.
> ...
> Does anyone else have this problem?

I'm running OpenBSD 6.7 (snapshot) for amd64 with XFCE as my desktop and
I don't have that problem. Alt + F1 anywhere opens the same menu that I
can get by clicking the right mouse button on the desktop background i.e.
The list of actions from "Open In New ..." through to "Applications".

Maybe check your $HOME/.xsession-errors log file?

Cheers,
Robb.

Re: Lenovo V130, boot failed with error "entry point at 0x1001000"

2020-06-23 Thread Matt Kunkel 
Here is the offending patch.  -current boots fine with it removed:

http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/arch/amd64/stand/efiboot/exec_i386.c.diff?r1=1.2=1.3=h

Appears bootx64.efi is carrying some board specific workaround for
HP / Computrace that breaks many others, including tianocore. Guess 
I'll submit a patch to reverse it since I don't have an Elitebook to
test with?

As a workaround, mount the efi partition and copy in boot64.efi from
6.6.

-Matt Kunkel

June 23, 2020 2:16 PM, "Sven Wolf"  wrote:

> Hi,
> 
> also after the new installation of the current snapshot the system stops with 
> "entry point at
> 0x1001000".
> It's interesting, that a installation via bsd.rd is possible. But after that 
> the system doesn't
> boot via bsd.mp/bsd.sp.
> 
> Best regards,
> Sven
> 
> On 6/21/20 8:55 PM, Sven Wolf wrote:
> 
>> Hi,
>> the update of the loader didn't help.
>> I've updated the bootx64.efi from 3.48 to 3.52. But the current kernel > 
>> doesn't load. I'll try a
>> re-installation.
>> Maybe @Otto can explain why the start of bsd.rd is possible and the > start 
>> of bsd.sp/bsd.mp is not
>> possible. Maybe I can build a custom kernel.
>> Best regards,
>> Sven
>>> On 6/21/20 8:33 PM, Sven Wolf wrote:
>>> Hi,
>>> 
>>> I found the same issue in a thread some weeks ago.
>>> https://marc.info/?l=openbsd-misc=159039904132502=2
>>> 
>>> I'll test an reinstall/older loader. Boot from mbr isn't an option :(
>>> 
>>> Best regards,
>>> Sven
>>> 
>>> On 6/21/20 8:20 PM, Sven Wolf wrote:
>> 
>> Hi,
>> 
>> I've upgraded my Lenovo V130 from snapshot 6.6 (April 2020) to the >>> 
>> snapshot from 2020-06-20.
>> The boot via boot.rd is always possible.
>> But when I load bsd.sp or bsd.rd the boot process stops with the >>> error 
>> "entry point 0x1001000".
>> Do you have an idea how I can fix this >>> error?
>> In the past I did't have any problem with openbsd on this machine.
>> 
>> I'll try tomorrow the next snapshot.
>> 
>> Thanks and best regards,
>> Sven
>> 
>>>

AMD Ryzen

2020-06-23 Thread Gregory Edigarov 

Hello,

Can somebody tell me overall impressions/success stories of those systems?
I am thinking of buying this system as my next desktop for OpenBSD of 
course, so please share.

Most interesting would be dmesgs of some working configurations.
Thanks a lot in advance
--
With best regards,
  Gregory Edigarov

Re: Lenovo V130, boot failed with error "entry point at 0x1001000"

2020-06-23 Thread Sven Wolf 

Hi,

also after the new installation of the current snapshot the system stops 
with "entry point at 0x1001000".
It's interesting, that a installation via bsd.rd is possible. But after 
that the system doesn't boot via bsd.mp/bsd.sp.


Best regards,
Sven

On 6/21/20 8:55 PM, Sven Wolf wrote:

Hi,

the update of the loader didn't help.
I've updated the bootx64.efi from 3.48 to 3.52. But the current kernel 
doesn't load. I'll try a re-installation.
Maybe @Otto can explain why the start of bsd.rd is possible and the 
start of bsd.sp/bsd.mp is not possible. Maybe I can build a custom kernel.


Best regards,
Sven


On 6/21/20 8:33 PM, Sven Wolf wrote:

Hi,

I found the same issue in a thread some weeks ago.
https://marc.info/?l=openbsd-misc=159039904132502=2

I'll test an reinstall/older loader. Boot from mbr isn't an option :(

Best regards,
Sven

On 6/21/20 8:20 PM, Sven Wolf wrote:

Hi,

I've upgraded my Lenovo V130 from snapshot 6.6 (April 2020) to the 
snapshot from 2020-06-20. The boot via boot.rd is always possible.
But when I load bsd.sp or bsd.rd the boot process stops with the 
error "entry point 0x1001000". Do you have an idea how I can fix this 
error?

In the past I did't have any problem with openbsd on this machine.

I'll try tomorrow the next snapshot.

Thanks and best regards,
Sven

XFCE menu does not load with keyboard shortcut

2020-06-23 Thread Ed Gray 
Hi,

I have an issue with XFCE on OpenBSD 6.6 and current on an amd64 system.
XFCE works fine except for accessing the applications menu with the Alt +
F1 keyboard shortcut. Instead of loading the menu it gets highlighted in
grey and nothing happens. Clicking the menu loads it straight away.

The shortcut is defined in the keyboard settings as the default for
xfce4-popup-applicationsmenu which is different from the shortcut for the
desktop menu. Sometimes in another application such as firefox when I press
Alt + F1 a second time I get the desktop menu appear, even though firefox
is maximised and I'm not on the desktop.

I can't confirm at the moment if it is specific to OpenBSD or XFCE in
general.

Does anyone else have this problem?

Regards
Ed Gray

Re: How do I get the man page for a package I haven't installed yet?

2020-06-23 Thread Theo de Raadt 
Ottavio Caruso  wrote:

> Hi,
> 
> Unless I've got it all wrong,  will only
> display man pages for programs and commands in base. Is there a way to
> display the man page for a package/port I haven't installed and/or
> downloaded yet? (This assumes I haven't downloaded the ports cvs
> tree).

Doing that would be very annoying and painful, and very few people
would want it.  It would also substantially degrade the clarity at
man.openbsd.org

Re: Any idea/suggestion for old Cisco router to be use running OpenBSD current for WG?

2020-06-23 Thread Jordan Geoghegan 
I don't know much about Cisco hardware, but I've had great luck with the 
Edgerouter line of products. I've run my home network on an Edgerouter 
Pro for several years now without issue, and have dozens of ER4 and 
ER-Lite devices out in the wild.


If you're looking for non-x86 routing solutions, then the Edgerouter is 
one of the best bets.


Regards,

Jordan

On 2020-06-23 09:01, Daniel Ouellet wrote:

Hi,

This might be a bit weird question, but I saw the wireguard being put in
the kernel in the last few days and I am very existed abut it oppose to
use the package on it and even today there was more on it.

Many thanks for this!!!

I also know there was effort and some Cisco router can run OpenBSD very
well, however I have no clue as to any of this stand now.

I don't have a problem to use APU type or other Ubiquit for small
OpenBSD router, but I wonder about using Cisco instead. The only reason
is for may be more stability, most likely less performance for sure, but
less change to have corrupted reboot on power lost, etc.

And sadly for some customers having what they see as computer as router
don't make them fell good, but seeing a Cisco box kind of wipe out the
impression. I am not saying it's justify, but perception is sometime
everything, but if I have my say in it I want all my routers to be
OpenBSD as much as I can where the needs is not to multiple Gb in speed.

So, any suggestion or updates as to what's now available and hopefully
in use now.

I really don't care for any special model, or even Juniper, as long as I
can put OpenBSD on it.

So any feedback as to where it's stand now and what's usable in a
reliable way would be greatly appreciated.

And yes I know I may well get better performance in some cases with a
small APU device then a Cisco one, but that's for what we all know may
not be logical to be used, but for sadly how some clients may fell, not
knowing any better.

I guess you can see that as some people do security by obstruction, but
we al know it's not more secure, this is routing by obstruction I guess
and may be less performant, but achieve comfort obstruction confidence.

I just have no clue if wireguard needs to be run, what can be achieve as
the CPU in all Cisco device is always under power, we all know that.

This may not go anywhere, however I liked to look even if for nothing
else then just being fun to do if that can't even be usable.

Many thanks for your time and feedback.

Daniel

PS; And yes, that's most likely stupid I know. Sometime what's used is
not always what make sense for other reason that are stupid.

Re: AMD Ryzen

2020-06-23 Thread Joe Barnett 

On 2020-06-23 08:56, Gregory Edigarov wrote:

Hello,

Can somebody tell me overall impressions/success stories of those 
systems?

I am thinking of buying this system as my next desktop for OpenBSD of
course, so please share.
Most interesting would be dmesgs of some working configurations.
Thanks a lot in advance
--
With best regards,
  Gregory Edigarov


I have a Ryzen 3 3200G sitting on an ASRock B450M-HDV R4.0 with 16GB 
RAM, and it seems to run OpenBSD (6.7) very well.  I added Window Maker 
via packages, along with a few others such as firefox-esr, pidgin, qgis, 
postgresql (both server and client), and a few others, again all from 
packages.  Bear in mind I usually use OpenBSD for network devices rather 
than on the desktop, but my experiment so far with the above system and 
config has been very positive -- very stable and responsive when booted 
into the graphical environment.  This machine has no wifi capability, so 
I cannot comment on that, and I do not have speakers attached, so cannot 
comment on sound support.


This CPU is a somewhat new-ish model with built-in Radeon Vega graphics 
which gave fits to several Linux distros*, but which seems to work right 
out of the box with OpenBSD 6.7.


*latest Debian, and latest Xubuntu experienced trouble on this machine 
when in graphical mode, though the latest regular Ubuntu does work 
nicely with this machine.


Good luck,

Joe

dmesg:
OpenBSD 6.7 (GENERIC.MP) #2: Thu Jun  4 09:55:08 MDT 2020

r...@syspatch-67-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

real mem = 14941401088 (14249MB)
avail mem = 14475939840 (13805MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.2 @ 0xe6cc0 (24 entries)
bios0: vendor American Megatrends Inc. version "P3.70" date 11/14/2019
bios0: ASRock B450M-HDV R4.0
acpi0 at bios0: ACPI 6.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT FIDT SSDT SSDT SSDT MCFG AAFT HPET 
UEFI SSDT CRAT CDIT SSDT SSDT WSMT
acpi0: wakeup devices GPP0(S4) GPP2(S4) GPP3(S4) GPP4(S4) GPP5(S4) 
GPP6(S4) GP17(S4) XHC0(S4) XHC1(S4) GP18(S4) GPP1(S4) PTXH(S4)

acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Ryzen 3 3200G with Radeon Vega Graphics, 3593.83 MHz, 17-18-01
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA,IBPB,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu0: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 
64b/line 8-way L2 cache, 4MB 64b/line 16-way L3 cache
cpu0: ITLB 64 4KB entries fully associative, 64 4MB entries fully 
associative
cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully 
associative

cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 24MHz
cpu0: mwait min=64, max=64, C-substates=1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: AMD Ryzen 3 3200G with Radeon Vega Graphics, 3593.21 MHz, 17-18-01
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA,IBPB,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu1: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 
64b/line 8-way L2 cache, 4MB 64b/line 16-way L3 cache
cpu1: ITLB 64 4KB entries fully associative, 64 4MB entries fully 
associative
cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully 
associative

cpu1: smt 0, core 2, package 0
cpu2 at mainbus0: apid 1 (application processor)
cpu2: AMD Ryzen 3 3200G with Radeon Vega Graphics, 3593.21 MHz, 17-18-01
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA,IBPB,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu2: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 
64b/line 8-way L2 cache, 4MB 64b/line 16-way L3 cache
cpu2: ITLB 64 4KB entries fully associative, 64 4MB entries fully 
associative
cpu2: DTLB 64 4KB entries fully associative, 64 4MB entries fully 
associative

cpu2: smt 0, core 1, package 0
cpu3 at mainbus0:

Re: Any idea/suggestion for old Cisco router to be use running OpenBSD current for WG?

2020-06-23 Thread Kaya Saman 
Hi, I totally understand the position you're in and sympathize.

I've never heard of Cisco routers being able to run OpenBSD though IOS
is based on BSD as far as I'm aware.

Not a direct solution to your use case but you could always run a
small mini-itx or SBC system behind the Cisco router. You could put it
as a firewall solution and have the OBSD box doing all the major
routing, vlans, firewall (pf) etc... while the Cisco could just simply
forward information between the private and public IP ranges. Or if
using dial-in then you can bridge the OBSD and Cisco then use OBSD as
the PPPoE device

It is one suggestion in any case though it might not be the most ideal.

Regards,

Kaya

On Tue, Jun 23, 2020 at 5:03 PM Daniel Ouellet  wrote:
>
> Hi,
>
> This might be a bit weird question, but I saw the wireguard being put in
> the kernel in the last few days and I am very existed abut it oppose to
> use the package on it and even today there was more on it.
>
> Many thanks for this!!!
>
> I also know there was effort and some Cisco router can run OpenBSD very
> well, however I have no clue as to any of this stand now.
>
> I don't have a problem to use APU type or other Ubiquit for small
> OpenBSD router, but I wonder about using Cisco instead. The only reason
> is for may be more stability, most likely less performance for sure, but
> less change to have corrupted reboot on power lost, etc.
>
> And sadly for some customers having what they see as computer as router
> don't make them fell good, but seeing a Cisco box kind of wipe out the
> impression. I am not saying it's justify, but perception is sometime
> everything, but if I have my say in it I want all my routers to be
> OpenBSD as much as I can where the needs is not to multiple Gb in speed.
>
> So, any suggestion or updates as to what's now available and hopefully
> in use now.
>
> I really don't care for any special model, or even Juniper, as long as I
> can put OpenBSD on it.
>
> So any feedback as to where it's stand now and what's usable in a
> reliable way would be greatly appreciated.
>
> And yes I know I may well get better performance in some cases with a
> small APU device then a Cisco one, but that's for what we all know may
> not be logical to be used, but for sadly how some clients may fell, not
> knowing any better.
>
> I guess you can see that as some people do security by obstruction, but
> we al know it's not more secure, this is routing by obstruction I guess
> and may be less performant, but achieve comfort obstruction confidence.
>
> I just have no clue if wireguard needs to be run, what can be achieve as
> the CPU in all Cisco device is always under power, we all know that.
>
> This may not go anywhere, however I liked to look even if for nothing
> else then just being fun to do if that can't even be usable.
>
> Many thanks for your time and feedback.
>
> Daniel
>
> PS; And yes, that's most likely stupid I know. Sometime what's used is
> not always what make sense for other reason that are stupid.
>

Re: OpenBSD Hangs On

2020-06-23 Thread Tom Smyth 
But newerversions of kvm / linux kernels  are unaffected
By the bug fyi
On Tuesday, 23 June 2020, jin  wrote:

> Thanks!
>
> On Tue, Jun 23, 2020, 01:40 Tom Smyth 
> wrote:
>
>> Hi Jinn
>> This issue we came across a few years ago ,
>> it affects certain versions of KVM / Proxmox...
>> if you disable Intel Preemption timer...  in the Hypervisor  Linux
>> kernel
>> if you do a search misc lists ... with KVM and freeze and OpenBSD
>> you will see lots of discussions and the exact settings to put in the KVM
>> Hypervisor
>> it may relieve your situation..
>>
>>
>> Thanks
>> Tom Smyth
>>
>> On Mon, 22 Jun 2020 at 14:30, jin 
>> wrote:
>>
>>> Hello
>>>
>>> I've a virtual appliance on kvm and it hangs on every 3 days
>>> period approximately. The problem been there since its installation which
>>> was in March. When it happens, I can only make hard shutdown/reboot to
>>> recover my system from this issue because the system doesn't respond me.
>>> I'm using version 6.6 of OpenBSD and i already applied the all
>>> syspatches.
>>> I'm not certain but it looks like the problem could be related with
>>> syslog
>>> deamon.  May be it is too early to make an assumption but log messages
>>> (/var/log/messages) show that syslog daemon keeps restarting itself in 4
>>> hours periods.
>>>
>>> Could someone please point me to how to increase verbosity of the logs ?
>>> I'ld like to dig myself as much as possible.
>>>
>>> Fatih
>>> Sincerely
>>>
>>> dmesg output
>>>
>>> OpenBSD 6.6 (GENERIC) #7: Thu Mar 12 10:32:29 MDT 2020
>>> r...@syspatch-66-amd64.openbsd.org:
>>> /usr/src/sys/arch/amd64/compile/GENERIC
>>> real mem = 1056817152 (1007MB)
>>> avail mem = 1012228096 (965MB)
>>> mpath0 at root
>>> scsibus0 at mpath0: 256 targets
>>> mainbus0 at root
>>> bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf5940 (9 entries)
>>> bios0: vendor SeaBIOS version "rel-1.12.1-0-ga5cab58e9a3f-
>>> prebuilt.qemu.org"
>>> date 04/01/2014
>>> bios0: QEMU Standard PC (i440FX + PIIX, 1996)
>>> acpi0 at bios0: ACPI 1.0
>>> acpi0: sleep states S3 S4 S5
>>> acpi0: tables DSDT FACP APIC HPET
>>> acpi0: wakeup devices
>>> acpitimer0 at acpi0: 3579545 Hz, 24 bits
>>> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
>>> cpu0 at mainbus0: apid 0 (boot processor)
>>> cpu0: Westmere E56xx/L56xx/X56xx (Nehalem-C), 2295.15 MHz, 06-2c-01
>>> cpu0:
>>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,
>>> CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,PCLMUL,
>>> SSSE3,CX16,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,HV,NXE,LONG,
>>> LAHF,ARAT,MELTDOWN
>>> cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB
>>> 64b/line 16-way L2 cache
>>> cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
>>> cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
>>> cpu0: smt 0, core 0, package 0
>>> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
>>> cpu0: apic clock running at 1000MHz
>>> ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins
>>> acpihpet0 at acpi0: 1 Hz
>>> acpiprt0 at acpi0: bus 0 (PCI0)
>>> acpicpu0 at acpi0: C1(@1 halt!)
>>> "ACPI0006" at acpi0 not configured
>>> acpipci0 at acpi0 PCI0: _OSC failed
>>> acpicmos0 at acpi0
>>> "PNP0A06" at acpi0 not configured
>>> "PNP0A06" at acpi0 not configured
>>> "PNP0A06" at acpi0 not configured
>>> "QEMU0002" at acpi0 not configured
>>> "ACPI0010" at acpi0 not configured
>>> cpu0: using IvyBridge MDS workaround
>>> pvbus0 at mainbus0: KVM
>>> pvclock0 at pvbus0
>>> pci0 at mainbus0 bus 0
>>> pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
>>> pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00
>>> pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA,
>>> channel
>>> 0 wired to compatibility, channel 1 wired to compatibility
>>> pciide0: channel 0 disabled (no drives)
>>> pciide0: channel 1 disabled (no drives)
>>> uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 0 int
>>> 11
>>> piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03: apic 0
>>> int
>>> 9
>>> iic0 at piixpm0
>>> vga1 at pci0 dev 2 function 0 "Bochs VGA" rev 0x02
>>> wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
>>> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
>>> virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Network" rev 0x00
>>> vio0 at virtio0: address 52:54:00:a5:1f:57
>>> virtio0: msix shared
>>> eap0 at pci0 dev 4 function 0 "Ensoniq AudioPCI" rev 0x00: apic 0 int 11
>>> audio0 at eap0
>>> midi0 at eap0: 
>>> virtio1 at pci0 dev 5 function 0 "Qumranet Virtio Storage" rev 0x00
>>> vioblk0 at virtio1
>>> scsibus1 at vioblk0: 2 targets
>>> sd0 at scsibus1 targ 0 lun 0: 
>>> sd0: 51200MB, 512 bytes/sector, 104857600 sectors
>>> virtio1: msix shared
>>> virtio2 at pci0 dev 6 function 0 "Qumranet Virtio Memory Balloon" rev
>>> 0x00
>>> viomb0 at virtio2
>>> virtio2: apic 0 int 10
>>> isa0 at pcib0
>>> isadma0 at isa0
>>> fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
>>> pckbc0 at isa0 port 0x60/5 irq

Re: OpenBSD Hangs On

2020-06-23 Thread jin 
Thanks!

On Tue, Jun 23, 2020, 01:40 Tom Smyth  wrote:

> Hi Jinn
> This issue we came across a few years ago ,
> it affects certain versions of KVM / Proxmox...
> if you disable Intel Preemption timer...  in the Hypervisor  Linux  kernel
> if you do a search misc lists ... with KVM and freeze and OpenBSD
> you will see lots of discussions and the exact settings to put in the KVM
> Hypervisor
> it may relieve your situation..
>
>
> Thanks
> Tom Smyth
>
> On Mon, 22 Jun 2020 at 14:30, jin 
> wrote:
>
>> Hello
>>
>> I've a virtual appliance on kvm and it hangs on every 3 days
>> period approximately. The problem been there since its installation which
>> was in March. When it happens, I can only make hard shutdown/reboot to
>> recover my system from this issue because the system doesn't respond me.
>> I'm using version 6.6 of OpenBSD and i already applied the all syspatches.
>> I'm not certain but it looks like the problem could be related with syslog
>> deamon.  May be it is too early to make an assumption but log messages
>> (/var/log/messages) show that syslog daemon keeps restarting itself in 4
>> hours periods.
>>
>> Could someone please point me to how to increase verbosity of the logs ?
>> I'ld like to dig myself as much as possible.
>>
>> Fatih
>> Sincerely
>>
>> dmesg output
>>
>> OpenBSD 6.6 (GENERIC) #7: Thu Mar 12 10:32:29 MDT 2020
>> r...@syspatch-66-amd64.openbsd.org:
>> /usr/src/sys/arch/amd64/compile/GENERIC
>> real mem = 1056817152 (1007MB)
>> avail mem = 1012228096 (965MB)
>> mpath0 at root
>> scsibus0 at mpath0: 256 targets
>> mainbus0 at root
>> bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf5940 (9 entries)
>> bios0: vendor SeaBIOS version "
>> rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org"
>> date 04/01/2014
>> bios0: QEMU Standard PC (i440FX + PIIX, 1996)
>> acpi0 at bios0: ACPI 1.0
>> acpi0: sleep states S3 S4 S5
>> acpi0: tables DSDT FACP APIC HPET
>> acpi0: wakeup devices
>> acpitimer0 at acpi0: 3579545 Hz, 24 bits
>> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
>> cpu0 at mainbus0: apid 0 (boot processor)
>> cpu0: Westmere E56xx/L56xx/X56xx (Nehalem-C), 2295.15 MHz, 06-2c-01
>> cpu0:
>>
>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,PCLMUL,SSSE3,CX16,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,HV,NXE,LONG,LAHF,ARAT,MELTDOWN
>> cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB
>> 64b/line 16-way L2 cache
>> cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
>> cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
>> cpu0: smt 0, core 0, package 0
>> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
>> cpu0: apic clock running at 1000MHz
>> ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins
>> acpihpet0 at acpi0: 1 Hz
>> acpiprt0 at acpi0: bus 0 (PCI0)
>> acpicpu0 at acpi0: C1(@1 halt!)
>> "ACPI0006" at acpi0 not configured
>> acpipci0 at acpi0 PCI0: _OSC failed
>> acpicmos0 at acpi0
>> "PNP0A06" at acpi0 not configured
>> "PNP0A06" at acpi0 not configured
>> "PNP0A06" at acpi0 not configured
>> "QEMU0002" at acpi0 not configured
>> "ACPI0010" at acpi0 not configured
>> cpu0: using IvyBridge MDS workaround
>> pvbus0 at mainbus0: KVM
>> pvclock0 at pvbus0
>> pci0 at mainbus0 bus 0
>> pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
>> pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00
>> pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA,
>> channel
>> 0 wired to compatibility, channel 1 wired to compatibility
>> pciide0: channel 0 disabled (no drives)
>> pciide0: channel 1 disabled (no drives)
>> uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 0 int 11
>> piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03: apic 0
>> int
>> 9
>> iic0 at piixpm0
>> vga1 at pci0 dev 2 function 0 "Bochs VGA" rev 0x02
>> wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
>> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
>> virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Network" rev 0x00
>> vio0 at virtio0: address 52:54:00:a5:1f:57
>> virtio0: msix shared
>> eap0 at pci0 dev 4 function 0 "Ensoniq AudioPCI" rev 0x00: apic 0 int 11
>> audio0 at eap0
>> midi0 at eap0: 
>> virtio1 at pci0 dev 5 function 0 "Qumranet Virtio Storage" rev 0x00
>> vioblk0 at virtio1
>> scsibus1 at vioblk0: 2 targets
>> sd0 at scsibus1 targ 0 lun 0: 
>> sd0: 51200MB, 512 bytes/sector, 104857600 sectors
>> virtio1: msix shared
>> virtio2 at pci0 dev 6 function 0 "Qumranet Virtio Memory Balloon" rev 0x00
>> viomb0 at virtio2
>> virtio2: apic 0 int 10
>> isa0 at pcib0
>> isadma0 at isa0
>> fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
>> pckbc0 at isa0 port 0x60/5 irq 1 irq 12
>> pckbd0 at pckbc0 (kbd slot)
>> wskbd0 at pckbd0: console keyboard, using wsdisplay0
>> pms0 at pckbc0 (aux slot)
>> wsmouse0 at pms0 mux 0
>> pcppi0 at isa0 port 0x61
>> spkr0 at pcppi0
>> usb0 at uhci0: USB revision 1.0
>> uhub0 at usb0 configuration

Any idea/suggestion for old Cisco router to be use running OpenBSD current for WG?

2020-06-23 Thread Daniel Ouellet 
Hi,

This might be a bit weird question, but I saw the wireguard being put in
the kernel in the last few days and I am very existed abut it oppose to
use the package on it and even today there was more on it.

Many thanks for this!!!

I also know there was effort and some Cisco router can run OpenBSD very
well, however I have no clue as to any of this stand now.

I don't have a problem to use APU type or other Ubiquit for small
OpenBSD router, but I wonder about using Cisco instead. The only reason
is for may be more stability, most likely less performance for sure, but
less change to have corrupted reboot on power lost, etc.

And sadly for some customers having what they see as computer as router
don't make them fell good, but seeing a Cisco box kind of wipe out the
impression. I am not saying it's justify, but perception is sometime
everything, but if I have my say in it I want all my routers to be
OpenBSD as much as I can where the needs is not to multiple Gb in speed.

So, any suggestion or updates as to what's now available and hopefully
in use now.

I really don't care for any special model, or even Juniper, as long as I
can put OpenBSD on it.

So any feedback as to where it's stand now and what's usable in a
reliable way would be greatly appreciated.

And yes I know I may well get better performance in some cases with a
small APU device then a Cisco one, but that's for what we all know may
not be logical to be used, but for sadly how some clients may fell, not
knowing any better.

I guess you can see that as some people do security by obstruction, but
we al know it's not more secure, this is routing by obstruction I guess
and may be less performant, but achieve comfort obstruction confidence.

I just have no clue if wireguard needs to be run, what can be achieve as
the CPU in all Cisco device is always under power, we all know that.

This may not go anywhere, however I liked to look even if for nothing
else then just being fun to do if that can't even be usable.

Many thanks for your time and feedback.

Daniel

PS; And yes, that's most likely stupid I know. Sometime what's used is
not always what make sense for other reason that are stupid.

Re: IKEDv2 and alias addresses

2020-06-23 Thread Sonic 
On Sun, Jun 21, 2020 at 5:20 PM Stuart Henderson  wrote:
>
> IIRC "local" isn't enough, some packets are still sent on the bound
> 0.0.0.0, the kernel chooses the source address (based on the local
> interface address in the route to the destination) and it can be
> the wrong address for the other side.

I believe that is what I saw. The passive side received packets on the
alias address but when it sent replies they went out the main address
instead.

As I'm getting a /29 via the cable modem which has some extra ports
and in some cases my openbsd firewalls also have extra ports, so
instead of bringing all 5 addresses into one port maybe configuring a
different interface with one of the aliases as its only address could
work, but I believe it would need to be in a different rdomain. Which
may be, in the end, a more elegant solution. Is there any appreciable
overhead using domains like this?

Thanks!

Re: obsd 6.7 - TOR relay (non-exit) & /var folder

2020-06-23 Thread Salvatore Cuzzilla 
Hi Gabriel,

thanks for the hint!

I actually use to "rcctl reload tor" to rotate the logs.
I now switched to "pkill -HUP -u _tor -U _tor -x tor" let's see if it's helping!


Regards,
Salvatore.


June 23, 2020 12:53 PM, "Salvatore Cuzzilla"  wrote:

> Hi Folks,
> 
> I’m running a TOR node on my [APU2c4 (SSD) + OBSD 6.7]
> 
> somehow the TOR process is polluting my /var folder until, after few days, 
> it’s fulfilled (~6G).
> In the beginning I thought that it was related to the daemon's logs, 
> something misconfigured within
> newsyslog.conf ... it’s not!
> 
> the funny thing is that, as soon as shut the daemon the /var folder is 
> free-up back again…
> 
> -
> 12:46:44 -ksh root@APU2c4 /var/tor/diff-cache # df -h | grep /var
> /dev/sd0e 6.3G 1.7G 4.4G 28% /var
> 
> 12:46:55 -ksh root@APU2c4 /var/tor/diff-cache # rcctl stop tor
> tor(ok)
> 
> 12:48:00 -ksh root@APU2c4 /var/tor/diff-cache # df -h | grep /var
> /dev/sd0e 6.3G 327M 5.7G 5% /var
> 12:48:00 -ksh root@APU2c4 /var/tor/diff-cache 
> -
> 
> I’m a bit lost, from where should I start?
> 
> Regards,
> Salvatore.

obsd 6.7 - TOR relay (non-exit) & /var folder

2020-06-23 Thread Salvatore Cuzzilla 
Hi Folks,

I’m running a TOR node on my [APU2c4 (SSD) + OBSD 6.7]

somehow the TOR process is polluting my /var folder until, after few days, it’s 
fulfilled (~6G).
In the beginning I thought that it was related to the daemon's logs, something 
misconfigured within newsyslog.conf ... it’s not!

the funny thing is that, as soon as shut the daemon the /var folder is free-up 
back again…

-
12:46:44 -ksh root@APU2c4 /var/tor/diff-cache # df -h | grep /var
/dev/sd0e  6.3G1.7G4.4G28%/var

12:46:55 -ksh root@APU2c4 /var/tor/diff-cache # rcctl stop tor
tor(ok)

12:48:00 -ksh root@APU2c4 /var/tor/diff-cache # df -h | grep /var
/dev/sd0e  6.3G327M5.7G 5%/var
12:48:00 -ksh root@APU2c4 /var/tor/diff-cache 
-

I’m a bit lost, from where should I start?


Regards,
Salvatore.

Suggestions re error: "USB read failed" accessing Infinite Noise TRNG?

2020-06-23 Thread Why 42? The lists account. 


Hi All,

Has anyone ever tried the Infinite Noise TRNG hardware random number generator
with OpenBSD?

It's a USB stick that contains hardware to generate random numbers. See:
https://github.com/13-37-org/infnoise

I had a couple of these working with ArchLinux and would like to try using
them with OpenBSD.

Using either 6.6 or 6.7 the device is recognised at boot time:
> uftdi0 at uhub0 port 2 configuration 1 interface 0 "13-37.org Infinite Noise
> TRNG" rev 2.00/10.00 addr 3 ucom0 at uftdi0 portno 1

With libftdi1-1.4p2 installed I was able to compile the associated software
using the supplied "Makefile.freebsd". So a pretty easy start ...
> make -f Makefile.freebsd
> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I 
> /usr/local/include/libftdi1  -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" 
> -DGIT_DATE=\"\"  -c libinfnoise.c
> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I 
> /usr/local/include/libftdi1  -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" 
> -DGIT_DATE=\"\"   -c healthcheck.c
> cc -c -o KeccakF-1600-reference.o Keccak/KeccakF-1600-reference.c -Wall 
> -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I /usr/local/include/libftdi1  
> -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" -DGIT_DATE=\"\" 
> ar rcs libinfnoise.a libinfnoise.o healthcheck.o KeccakF-1600-reference.o
> ranlib libinfnoise.a
> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I 
> /usr/local/include/libftdi1  -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" 
> -DGIT_DATE=\"\"  -fvisibility=hidden -o libinfnoise.so libinfnoise.o 
> healthcheck.o KeccakF-1600-reference.o  -L /usr/local/lib -Wl -lftdi1 -lm 
> -shared 
> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I 
> /usr/local/include/libftdi1  -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" 
> -DGIT_DATE=\"\"   -c infnoise.c
> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I 
> /usr/local/include/libftdi1  -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" 
> -DGIT_DATE=\"\"   -c daemon.c
> cc -Wall -Wextra -Werror -std=c99 -O3 -fPIC -I Keccak -I 
> /usr/local/include/libftdi1  -DGIT_VERSION=\"\" -DGIT_COMMIT=\"\" 
> -DGIT_DATE=\"\"  -o infnoise infnoise.o daemon.o libinfnoise.a -lftdi1 -lm 
> -L. -L /usr/local/lib
 
This creates an executable "driver" called infnoise which can be run as a
daemon e.g.
> doas ./infnoise -h
> Usage: infnoise [options]
> Options are:
> -D, --debug - turn on some debug output
> -R, --dev-random - write entropy to /dev/random instead of stdout
> -r, --raw - do not whiten the output
> -m, --multiplier  - write 256 bits * value for each 512 bits 
> written to
>   the Keccak sponge.  Default of 0 means write all the entropy.
> -n, --no-output - do not write random output data
> -p, --pidfile  - write process ID to file
> -d, --daemon - run in the background
> -s, --serial  - use specified device
> -l, --list-devices - list available devices
> -v, --version - show version information
> -h, --help - this help output
> ...

The "list-devices" mode works nicely:
> doas ./infnoise --list-devices
> ...
> ID: 0, Manufacturer: 13-37.org, Description: Infinite Noise TRNG, Serial: 
> 1337-ECA4E8A6

So far, so good ... But if I try getting actual random numbers, I get "read
failed":
> doas ./infnoise
> ...
> Error: USB read failed

Any suggestions? Where am I going wrong? Maybe I shouldn't have taken that
shortcut with the freebsd makefile? Or a security issue?

Thanks in advance.

Cheers,
Robb.

FYI: Intel 300 PCH termperature sensor now recognised

2020-06-23 Thread Why 42? The lists account. 


Hi All,

Just FYI, 

I noticed that with the newest OpenBSD versions (e.g. I currently have
6.7 GENERIC.MP#273 amd64) a bit more of the Intel Platform Controller Hub
(PCH) is now recognised. At boot time the kernel logs:
> pchtemp0 at pci0 dev 18 function 0 "Intel 300 Series Thermal" rev 0x30

And an additional temperature value for "pchtemp0" is now available:
> sysctl hw.sensors
> hw.sensors.cpu0.temp0=46.00 degC
> hw.sensors.acpitz1.temp0=27.80 degC (zone temperature)
> hw.sensors.pchtemp0.temp0=52.00 degC

Apparently it's the hottest thing in the system! Maybe not surprising
given all the things that the PCH chip is capable of doing :)

This is on an Intel NUC 8i5BEH. Some of the other functionality is not
yet recognised/configured:
> "Intel 300 Series Shared SRAM" rev 0x30 at pci0 dev 20 function 2 not 
> configured
> "Intel 300 Series MEI" rev 0x30 at pci0 dev 22 function 0 not configured
> "Intel 300 Series SPI" rev 0x30 at pci0 dev 31 function 5 not configured

Certainly SPI is Serial Peripheral Interface, though I don't know what it
might be connected to. SRAM is likely Static RAM, could potentially be
used for persistent storage e.g. for crash logging "between" boots.

Cheers,
Robb.

X/xenodm logs: '_XSERVTransSocketUNIXAccept: accept() failed'

2020-06-23 Thread Why 42? The lists account. 


Hi All,

I'm running 6.7 snapshot version (6.7 GENERIC.MP#273 amd64) as my main
desktop with XFCE.

A couple of time now I've noticed that these two files in /var/log have
become unexpectedly huge:
mjoelnir:log 23.06 09:44:15 # du -sh xenodm.log Xorg.0.log
378Mxenodm.log
487MXorg.0.log

Apart from the usual startup/initialisation messages (below) Xorg.0.log
contains many many instances of this message:
> mjoelnir:log 23.06 09:51:59 # grep -c '_XSERVTransSocketUNIXAccept: accept() 
> failed' Xorg.0.log  
> 8800235

The same message is logged to xenodm.log i.e.
> mjoelnir:log 23.06 09:53:14 # grep -c '_XSERVTransSocketUNIXAccept: accept() 
> failed' xenodm.log 
> 8800235

I don't know why or when this occurs, the xenodm messages aren't
timestamped, but I assume that there must be some an issue with xenodm or
the X11 subsystem. A search on the Internet only resulted in a couple of
hits, from 2010 and 2012, at least one of which was related to the Cygwin
platform - so quite different. I ran OpenBSD 6.6 for several months on
this system (Intel NUC 8i5) and don't recall ever seeing this issue.

The only other video issue/error I have noticed is this in the console or
output of dmesg:
> drm:pid54673:intel_pipe_update_start *ERROR* [drm] *ERROR* Potential atomic 
> update failure on pipe A

I don't know if that is related.

FYI: Excerpt from Xorg.0.log
> [26.343] (WW) checkDevMem: failed to open /dev/xf86 and /dev/mem
> (Operation not permitted)
> Check that you have set 'machdep.allowaperture=1'
> in /etc/sysctl.conf and reboot your machine
> refer to xf86(4) for details
> [26.343]linear framebuffer access unavailable
> [26.373] (--) Using wscons driver on /dev/ttyC4
> [26.386] 
> X.Org X Server 1.20.8
> X Protocol Version 11, Revision 0
> [26.386] Build Operating System: OpenBSD 6.7 amd64 
> [26.386] Current Operating System: OpenBSD mjoelnir.fritz.box 6.7 
> GENERIC.MP#273 amd64
> [26.386] Build Date: 15 June 2020  07:46:53PM
> [26.386]  
> [26.386] Current version of pixman: 0.38.4
> [26.386]Before reporting problems, check http://wiki.x.org
> to make sure that you have the latest version.
> [26.386] Markers: (--) probed, (**) from config file, (==) default 
> setting,
> (++) from command line, (!!) notice, (II) informational,
> (WW) warning, (EE) error, (NI) not implemented, (??) unknown.
> [26.386] (==) Log file: "/var/log/Xorg.0.log", Time: Tue Jun 16 20:04:24 
> 2020
> [26.388] (==) Using system config directory 
> "/usr/X11R6/share/X11/xorg.conf.d"
> [26.389] (==) No Layout section.  Using the first Screen section.
> [26.389] (==) No screen section available. Using defaults.
> [26.389] (**) |-->Screen "Default Screen Section" (0)
> [26.389] (**) |   |-->Monitor ""
> [26.390] (==) No monitor specified for screen "Default Screen Section".
> Using a default monitor configuration.
> [26.390] (==) Automatically adding devices
> [26.390] (==) Automatically enabling devices
> [26.390] (==) Not automatically adding GPU devices
> [26.390] (==) Max clients allowed: 256, resource mask: 0x1f
> [26.394] (==) FontPath set to:
> /usr/X11R6/lib/X11/fonts/misc/,
> /usr/X11R6/lib/X11/fonts/TTF/,
> /usr/X11R6/lib/X11/fonts/OTF/,
> /usr/X11R6/lib/X11/fonts/Type1/,
> /usr/X11R6/lib/X11/fonts/100dpi/,
> /usr/X11R6/lib/X11/fonts/75dpi/
> [26.394] (==) ModulePath set to "/usr/X11R6/lib/modules"
> [26.394] (II) The server relies on wscons to provide the list of input 
> devices.
> If no devices become available, reconfigure wscons or disable 
> AutoAddDevices.
> [26.394] (II) Loader magic: 0xeed1a3f9000
> [26.394] (II) Module ABI versions:
> [26.394]X.Org ANSI C Emulation: 0.4
> [26.394]X.Org Video Driver: 24.1
> [26.394]X.Org XInput driver : 24.1
> [26.394]X.Org Server Extension : 10.0
> [26.395] (--) PCI:*(0@0:2:0) 8086:3ea5:8086:2074 rev 1, Mem @ 
> 0xc000/16777216, 0x8000/1073741824, I/O @ 0x4000/64
> [26.395] (II) LoadModule: "glx"
> [26.396] (II) Loading /usr/X11R6/lib/modules/extensions/libglx.so
> [26.405] (II) Module glx: vendor="X.Org Foundation"
> [26.405]compiled for 1.20.8, module version = 1.0.0
> [26.405]ABI class: X.Org Server Extension, version 10.0
> [26.405] (==) Matched modesetting as autoconfigured driver 0
> [26.405] (==) Assigned the driver to the xf86ConfigLayout
> [26.405] (II) LoadModule: "modesetting"
> [26.405] (II) Loading /usr/X11R6/lib/modules/drivers/modesetting_drv.so
> [26.406] (II) Module modesetting: vendor="X.Org Foundation"
> [26.406]compiled for 1.20.8, module version = 1.20.8
> [26.406]Module class: X.Org Video Driver
> [26.406]ABI class: X.Org Video Driver, version 24.1
> [26.406] (II) modesetting: Driver for