Re: Issue updating spidermonkey
On Tue, Oct 20, 2020 at 08:26:05PM -0400, Brennan Vincent wrote: > Updated yesterday from 6.7 to a snapshot, and now: > > $ doas pkg_add -u doas pkg_add -u -Dsnap You need to do some things different once you change to -current snapshots. Might also have to wait for -current packages to match the -current snapshot sometimes. Chris Bennett > quirks-3.458 signed on 2020-10-18T13:56:14Z > Can't update spidermonkey-60.9.0v1->spidermonkey78-78.3.1v1: no update found > for spidermonkey-60.9.0v1 > Can't install polkit-0.116p1->0.118: can't resolve spidermonkey78-78.3.1v1 > > Is this expected soon after updating? Do I just need to wait for some > inconsistency in the pkg repo to be resolved? > > Thanks > >
Re: Multiple USB NICs
Stuart Longland wrote: > On 21/10/20 9:55 am, Lee Nelson wrote: > >> Alternatively use a single nic with vlans, and break out to separate > >> ports on a managed switch. > >> > > Yes, that could work too, but this is one side of a pfsync/carp > > redundant firewall setup, so I want to keep it as simple as possible. > > Silly question, what hardware are the USB NICs plugging into? > > USB trades off determinism for hot-pluggability, and it seems a > firewall, you absolutely do want an interface to appear in a specific > location. I'd be looking at something that plugs into the system > peripheral bus somehow (PCIe, PCI, ISA, … etc). Oh come on, you know the answer before you ask it. Using cheap hardware and expecting free software developers to pull magic out of their ass to make it solve unsolveable problems, and produce a result as too as state of the art expensive hardware --- or even cheaper hardware --- with DEDICATED PORTS -- it is madness. We can't do it. And we said so. And Lee gets it. But do the rest of the thread participants? I think it's fine for us as a community to humour the attempt for a bit, but THEN THE DISCUSSION MIGHT AS WELL END, as the consequences of the choice ARE WHAT THEY ARE. You get what you paid for. And we (OpenBSD) played no part in the decision or the consequences, hotplug is what it is. Can we end this discussion?
Re: Multiple USB NICs
On 21/10/20 9:55 am, Lee Nelson wrote: >> Alternatively use a single nic with vlans, and break out to separate >> ports on a managed switch. >> > Yes, that could work too, but this is one side of a pfsync/carp > redundant firewall setup, so I want to keep it as simple as possible. Silly question, what hardware are the USB NICs plugging into? USB trades off determinism for hot-pluggability, and it seems a firewall, you absolutely do want an interface to appear in a specific location. I'd be looking at something that plugs into the system peripheral bus somehow (PCIe, PCI, ISA, … etc). -- Stuart Longland (aka Redhatter, VK4MSL) I haven't lost my mind... ...it's backed up on a tape somewhere.
Re: ssl/libssl certificate validation broken?
On 20 Oct 21:01, Uwe Werler wrote: > Hi folks, > > before opening a bug report I'll ask here because I want to make sure that I > have not missed something. > > With the upgrade to 6.8 my cert validation seems to be broken because the > hashed certs in /etc/ssl/certs are not honored anymore. I usually stored our > L1 and L2 ca certs in /etc/ssl/certs and hashed them with "openssl certhash". > That worked for all my machines until 6.7 but broke with 6.8. Adding the ca > certs to /etc/ssl/cert.pem works. > > Did I miss something? I guess something changed during k2k20 in "certificate > chain validation in libcrypto"? > > Thanks and with kind regards. > > Uwe > Mmh, it seems to me that libssl is broken. After the upgrade to 6.8 my openldap proxies were screwed too. I configured explicitely olcTLSCACertificatePath: /etc/ssl/certs But that broke so I had to change to: olcTLSCACertificateFile: /etc/ssl/cert.pem ... and I had to change also /etc/openldap/ldap.conf from: TLS_CACERTDIR /etc/ssl/certs to TLS_CACERT /etc/ssl/cert.pem to keep syncrepl running. -- wq: ~uw
Re: ssl/libssl certificate validation broken?
On 20 Oct 21:01, Uwe Werler wrote: > Hi folks, > > before opening a bug report I'll ask here because I want to make sure that I > have not missed something. You should probably submit a real bug report instead of jumping to conclusions on misc@ > > With the upgrade to 6.8 my cert validation seems to be broken because the > hashed certs in /etc/ssl/certs are not honored anymore. I usually stored our > L1 and L2 ca certs in /etc/ssl/certs and hashed them with "openssl certhash". > That worked for all my machines until 6.7 but broke with 6.8. Adding the ca > certs to /etc/ssl/cert.pem works. > > Did I miss something? I guess something changed during k2k20 in "certificate > chain validation in libcrypto"? > > Thanks and with kind regards. > > Uwe > ... >Mmh, it seems to me that libssl is broken. After the upgrade to 6.8 my >openldap proxies were screwed too. I configured explicitely > >olcTLSCACertificatePath: /etc/ssl/certs > >But that broke so I had to change to: "Broke".. how? >olcTLSCACertificateFile: /etc/ssl/cert.pem > >... and I had to change also /etc/openldap/ldap.conf from: > >TLS_CACERTDIR /etc/ssl/certs > >to > >TLS_CACERT /etc/ssl/cert.pem > >to keep syncrepl running. You are a little bit thin on details here. The changes in the validator should not affect the loading of your certificates. Are you using openldap from packages or something else? So please pass on some details and perhaps a succint way to reproduce and include the error messages you see. Probably as a real bug report instead of misc discussions.
Re: Approved way to update installed ports after system upgrade?
On Tue, Oct 20, 2020 at 05:32:48PM -0700, Andrew Robertson wrote: > What's the standard way to upgrade installed ports after a system upgrade? > > > I've been trying to figure out how to do this properly, and it doesn't seem > to > > have any mention in the FAQ. Thanks in advance. >From https://www.openbsd.org/faq/upgrade68.html , I think this is your answer: "Finish up by upgrading the packages using pkg_add -u." -- James
UNIX printing demystified
Every now and then people post a "question" about printing to this mailng list which exposes their confusion. I am putting this email together so that anybody capable of searching through the mailing list can at least have terminology straight before asking for help. Information presented here is in the public domain and I make no claims of posting anything new. Table of Contents: 1. Print spooling overview: LPD, LPRng, CUPS 2. Common network printing protocols: LPD, IPP, JetDirect 3. Printer driver. 4. Input filters 5. ASCII and page description language PostScript(PS) 6. PostScript Printer Description (PPD) files 7. Printer recommendations 8. Code contribution 1. What is a print spooling? Why is needed? A print spooler is a program/daemon that accepts print jobs from a program or network. It typically consist of two programs: a print spooler daemon that sends jobs to a printer and a command to submit print jobs to the spooler daemon. In general spooler is not needed on an operating system that allows a single user to perform only one task at a time as long as that single user doesn't try to send multiple documents to the printer at the same time. However, UNIX has been designed multitasking, multiuser computer operating systems. Imagine that my wife and I send two documents to a printer at the same time. Her documents gets there first and gets printed. My document losses the race and my job is rejected because the device is busy. I wait a few minutes and I sent my document again but this time my daughter outrace me and her document get printed and not mine. Now imagine the organization with hundreds of users and only a few printers. This is exactly why we need a spooler program/daemon which will listen for the incoming printing requests, stores them in a spool queue, and then sends them to a printer when it becomes available. The original Berkeley spooling system is The Line Printer Daemon protocol/Line Printer Remote protocol (or LPD) and it is available on any default OpenBSD installation. LPD is super simple and writing a lpd daemon should not be a too difficult for an undergraduate CS student. For those of us who are old enough to remember legendary Richard Stevens https://www.oreilly.com/library/view/advanced-programming-in/9780321638014/ch21.html As the computer technology and printing proliferated among common folks like me some system admins felt the need to develop more complex queueing policies. People start hitting limitations of LPD and eventually Dr. Patrick Powell felt compel to rewrite a new spooler program/daemon which will be more capable of complex printing policies and easier to incorporate drivers and input filters (please see below) so the UNIX world got LPRng http://web.mit.edu/ops/services/print/Attic/src/doc/LPRng-HOWTO.html#toc2 as the project grew and never became truly financially viable eventually was replaced with newer and super complex spooling system called CUPS https://www.cups.org/documentation.html Now the true CUPS claim to fame is the support for the new Internet printing protocol (IPP). 2. What are network printing protocols? >From its inception UNIX was designed to a distributed computing environment. A bunch of developers will use dumb terminals to connect to the same computer and do some work. At the same time it became possible for printers to be first class citizens on the LAN. LPD is not just a spooling system it is also a network protocol spoken by the daemon itself but also spoken by any decent quality printer. The major limitation of LPD that is primarily single direction protocol. As printer became more sophisticated and more like a computers than microcontroller boards it became obvious that one could ask the printer about the level of the toner or the state of key mechanical components (drum comes to mind). Thus we got IPP. Actually, we got more than that. Most so called workgroup printers come with a built in CUPS server. That is not it. Manufacturer came up with many different network protocols. I will mention the one I use JetDirect. From wikipedia page: AppSocket, also known as Port 9100, RAW, JetDirect, or Windows TCPmon is a protocol that was developed by Tektronix. It is considered as 'the simplest, fastest, and generally the most reliable network protocol used for printers 3. What are the printer drivers? Do I need them. In "old good times" all printers were capable of printing raw ASCII code. You don't need any drivers to print raw ASCII text on most business grade printers. As printers became more sophisticated users wanted to print more complicated things like pictures as oppose to ASCII art. One of earliest examples of page description language was stack language developed by Adobe called PostScript (to be discussed more later in this document). A high quality (expensive in old times) printers came with built in interpreters for PostScript language. You don't need a driver to print on such printers. Then various m
Re: Approved way to update installed ports after system upgrade?
On Tue, 20 Oct 2020 17:32:48 -0700, Andrew Robertson wrote: > What's the standard way to upgrade installed ports after a system > upgrade? > > > I've been trying to figure out how to do this properly, and it > doesn't seem to > > have any mention in the FAQ. Thanks in advance. > "Finish up by upgrading the packages using pkg_add -u." from https://www.openbsd.org/faq/upgrade68.html For the very few ports that have a restricted license which mean we can't distribute packages, update the repository with cvs [1] and then run `make update` [1]: https://www.openbsd.org/anoncvs.html Cheers, Daniel
Approved way to update installed ports after system upgrade?
What's the standard way to upgrade installed ports after a system upgrade? I've been trying to figure out how to do this properly, and it doesn't seem to have any mention in the FAQ. Thanks in advance.
ssl/libssl certificate validation broken?
Hi folks, before opening a bug report I'll ask here because I want to make sure that I have not missed something. With the upgrade to 6.8 my cert validation seems to be broken because the hashed certs in /etc/ssl/certs are not honored anymore. I usually stored our L1 and L2 ca certs in /etc/ssl/certs and hashed them with "openssl certhash". That worked for all my machines until 6.7 but broke with 6.8. Adding the ca certs to /etc/ssl/cert.pem works. Did I miss something? I guess something changed during k2k20 in "certificate chain validation in libcrypto"? Thanks and with kind regards. Uwe
Issue updating spidermonkey
Updated yesterday from 6.7 to a snapshot, and now: $ doas pkg_add -u quirks-3.458 signed on 2020-10-18T13:56:14Z Can't update spidermonkey-60.9.0v1->spidermonkey78-78.3.1v1: no update found for spidermonkey-60.9.0v1 Can't install polkit-0.116p1->0.118: can't resolve spidermonkey78-78.3.1v1 Is this expected soon after updating? Do I just need to wait for some inconsistency in the pkg repo to be resolved? Thanks
Re: Multiple USB NICs
On Tue, 20 Oct 2020, Stuart Henderson wrote: On 2020-10-20, Lee Nelson wrote: The only real solution here, aside from using better hardware, seems to be to use adapters with different drivers. That is the approach I'm trying next. Alternatively use a single nic with vlans, and break out to separate ports on a managed switch. Yes, that could work too, but this is one side of a pfsync/carp redundant firewall setup, so I want to keep it as simple as possible.
possible relayd.conf(5) documentation mistake regarding session tickets
In relayd.conf(5), the tls section under PROTOCOLS states the following: no session tickets Disable TLS session tickets. relayd(8) supports stateless TLS session tickets (RFC 5077) to implement TLS session resumption. The default is to enable session tickets. However, an SSL Labs test[1] without `tls { session tickets }` specified shows no session tickets. $ uname -a OpenBSD lain.lan 6.8 GENERIC.MP#98 amd64 [1]: https://www.ssllabs.com/ssltest/ -- https://amissing.link
Re: Firefox libGL errors if unveil is enabled
On Mon, Oct 19, 2020 at 09:48:44AM +0530, Anirudh Oppiliappan wrote: > Firefox 81 gives the below errors, and tabs hang for about ~2-3 minutes > before becoming usable, when unveil is enabled: > > libGL error: failed to open /dev/drm0: No such file or directory > libGL error: failed to load driver: i965 > libGL error: MESA-LOADER: failed to open swrast (search paths > /usr/X11R6/lib/modules/dri) > libGL error: failed to load driver: swrast > > This is on Intel UHD 620, so intel(4). Workaround is to disable > unveil.{main,gpu,content}, but that's not ideal. I saw similar errors with layers.acceleration.force-enabled set on inteldrm0 at pci0 dev 2 function 0 "Intel UHD Graphics 620" rev 0x07 drm0 at inteldrm0 inteldrm0: msi, KABYLAKE, gen 9 ktrace showed that the gpu process tried opening libelf and libLLVM. The issue went away (and acceleration worked) when I added /usr/lib r to unveil.gpu. > > Thoughts? > > -- > Anirudh Oppiliappan > https://icyphox.sh >
Re: fresh install
Thank you so much Chris and Tom for your thoughtful and detailed replies. I found them inspiring and full of wisdom and appreciate your time in putting them together. Hakan signature.asc Description: PGP signature
Re: dmesg for 6.8-release on Pine A64+ 1GB (Arm64)
> A contrived test of network performance, using httpd(8) to serve a > large file from an mfs ramdisk over plain http, yields about 175 mbit/s > sustained transfer speed. I was not expecting to reach even 100 mbit/s > so this was a positive surprise, even if it's nowhere near the full > gigabit that other OSes can squeeze out of this board. > > > MFS isn't particularly fast, tcpbench is better if you want to isolate > network from storage io performance. (I was surprised to see pretty > much a full Gb/s from tcpbench on rpi4!) Thanks for the suggestion. I'm guessing the bottleneck is equal part httpd(8), equal part mfs; I can both dd and copy from the mfs ramdisk at about 85 mbyte/s. With tcpbench(1) the transfer speed reaches up to 370 mbit/s. Not bad!
Re: bird make network unusable on 6.8-current
Le mardi 20 octobre 2020 à 12:41 +, Stuart Henderson a écrit : > On 2020-10-20, Bastien Durel wrote: > > Le lundi 19 octobre 2020 à 17:17 +0100, Tom Smyth a écrit : > > > Hi Bastien, > > Hello > > > > > can you do a > > > route show -n |grep 10\.42 > > > > Boot time: > > > > default 10.42.42.1 UGS 5 5 - > > 8 em0 > > 10.42.2/24 10.42.42.21 UGS 0 0 - > > 8 em0 > > 10.42.42/24 10.42.42.69 UCn 3 0 - > > 4 em0 > > so here you have 10.42.42/24 directly connected > > > 10.42.42.1 40:62:31:01:4b:66 UHLch 1 2 - > > 3 em0 > > 10.42.42.3 d0:50:99:18:63:82 UHLc 1 4 - > > L 3 em0 > > 10.42.42.21 link#1 UHLch 1 2 - > > 3 em0 > > 10.42.42.69 08:00:27:d6:6e:dd UHLl 0 2 - > > 1 em0 > > 10.42.42.255 10.42.42.69 UHb 0 12 - > > 1 em0 > > > > After bird is started : > > > > > > default 10.42.42.1 UGS 5 6 - > > 8 em0 > > 10.42.2/24 10.42.42.21 UGS 0 0 - > > 8 em0 > > 10.42.42/24 10.42.42.69 U1 0 2 - > > 56 em0 > > 10.42.42.69 08:00:27:d6:6e:dd UHLl 0 10 - > > 1 em0 > > 10.42.42.255 10.42.42.69 UHb 0 14 - > > 1 em0 > > and here bird has overwritten it (the "prio 56" routes are a bit of a > clue > that it's likely to be added by bird; it doesn't understand openbsd's > route > priorities and just adds with the default priority which is 56) > > some way or other you'll need to stop it overriding your directly > connected > networks. I'm no expert in bird and when I've used it is has mostly > not been > handling the route table, only collecting BGP routes itself, but I > would > think you might be able to do that with a filter. > > From the config you showed I'm not seeing anything that seems like a > reason > to use bird over the OSPF daemons in base; they are definitely > preferred if > possible because they were written with awareness of the rest of > OpenBSD's > network stack. > > I tried to use bird because ospfd(8) seemed to had problems with wireguard tunnels (but I did not test it with 6.8 yet)
Re: bird make network unusable on 6.8-current
On 2020-10-20, Bastien Durel wrote: > Le lundi 19 octobre 2020 à 17:17 +0100, Tom Smyth a écrit : >> Hi Bastien, > Hello > >> can you do a >> route show -n |grep 10\.42 > > Boot time: > > default10.42.42.1 UGS55 - 8 em0 > 10.42.2/24 10.42.42.21UGS00 - 8 em0 > 10.42.42/2410.42.42.69UCn30 - 4 em0 so here you have 10.42.42/24 directly connected > 10.42.42.1 40:62:31:01:4b:66 UHLch 12 - 3 em0 > 10.42.42.3 d0:50:99:18:63:82 UHLc 14 - L 3 em0 > 10.42.42.21link#1 UHLch 12 - 3 em0 > 10.42.42.6908:00:27:d6:6e:dd UHLl 02 - 1 em0 > 10.42.42.255 10.42.42.69UHb0 12 - 1 em0 > > After bird is started : > > > default10.42.42.1 UGS56 - 8 em0 > 10.42.2/24 10.42.42.21UGS00 - 8 em0 > 10.42.42/2410.42.42.69U1 02 -56 em0 > 10.42.42.6908:00:27:d6:6e:dd UHLl 0 10 - 1 em0 > 10.42.42.255 10.42.42.69UHb0 14 - 1 em0 and here bird has overwritten it (the "prio 56" routes are a bit of a clue that it's likely to be added by bird; it doesn't understand openbsd's route priorities and just adds with the default priority which is 56) some way or other you'll need to stop it overriding your directly connected networks. I'm no expert in bird and when I've used it is has mostly not been handling the route table, only collecting BGP routes itself, but I would think you might be able to do that with a filter. >From the config you showed I'm not seeing anything that seems like a reason to use bird over the OSPF daemons in base; they are definitely preferred if possible because they were written with awareness of the rest of OpenBSD's network stack.
Re: Blobs
On 2020-10-20, SOUL_OF_ROOT 55 wrote: Oh it must be release time, the trolls come out. Note to other readers: please don't bother replying. https://marc.info/?a=14761972861&r=1&w=2
Re: Inphi CS4223 for 4x 10GbE SFP+
On 2020-10-20, Harald Dunkel wrote: > On 10/19/20 9:46 PM, Stuart Henderson wrote: >> On 2020-10-19, Harald Dunkel wrote: >>> >>> What would these bypass problems look like? Hopefully the bypass feature >>> can be turned off/ignored. >> >> If there are problems then possibly 2 of the ports either won't work >> or will be connected directly to 2 of the other ports until a magic >> command is sent somehow (either gpio or via some memory mapped io >> port I guess, I don't know the hardware). >> > > You mean the bypass might be active, even though its not configured and > power is on? That sounds like a fatal problem to me. Is this restricted > to OpenBSD or are other operating systems affected as well? I don't know how it works on this hardware. The general idea of bypass NICs is so that they connect ports straight-through if the OS is not running correctly, so it depends how they detect whether the OS is running as to whether that will work. One would hope that it can be disabled if necessary, but one would also hope that BIOS/firmware vendors don't make silly mistakes and experience has shown that this is not always the case ;) It will probably be OK. But with new hardware, who knows!
Re: Multiple USB NICs
On 2020-10-20, Lee Nelson wrote: > The only real solution here, aside from using better hardware, seems to be > to use adapters with different drivers. That is the approach I'm trying > next. Alternatively use a single nic with vlans, and break out to separate ports on a managed switch.
Re: South American mirrors?
On 2020-10-19, Eike Lantzsch wrote: > > Thanks Stuart for the quick answer. We'll see if and when UFPR > (Universidade Federal do Paraná) updates their mirror. > >> http://openbsd.c3sl.ufpr.br/pub/OpenBSD/ exists again (it was >> previously broken so was removed from the list) but does not have 6.8 >> yet. I see 6.8 is there now though packages are incomplete. I suspect they are actually syncing all files again, but bumped into a problem on one of the second-level mirrors where the 6.8 directory was accidentally removed.
Re: List of files to remove for upgrade
On 2020-10-20, Aisha Tammy wrote: > Hi, > > I'm wondering why the upgrade guide at > https://www.openbsd.org/faq/upgrade68.html > > doesn't contain more list of files to remove. > > Sysclean gives out a lot more names, but I haven't removed them yet cuz I > > trust the upgrade guide more as it is crosschecked by humans. > > But was still curious why this is much smaller than 66->67. > > > Aisha > > The upgrade guide only lists files that are likely to cause a problem if left, not all the now-obsolete files. sysclean is pretty good; I am happy removing any files listed by sysclean | egrep '^/usr/(lib|bin|sbin|include|X11R6)' without further checking (I do not make any changes to these system directories myself). Outside of those directories I do review the list to make sure that I don't remove files I've created myself or that have been created by software from packages (sysclean is able to avoid touching files listed in packages as @sample/@extra but not other files that might be created), but this doesn't take long.
Re: filters in OpenBSD in printing
On Mon, 19 Oct 2020 21:19:26 -0600, "Raymond, David" wrote: > I tried putting a filter that drives an HP Deskjet printer (works with > lprng on linux) as an output filter in printcap and it didn't work. > Would it be more proper to put it as an input filter? I am still on > version 6.7 of the OS. (I saw a recent post indicating that changes > were made to the lpr system in 6.8.) Yes, an input filter should work. I used to have an HP printer years ago and I used the following printcap entries. Maybe it will give your a starting point. There is some info at http://www.linuxprinting.org/lpd-doc.html on using foomatic-rip with BSD lpd, which appears to be what I based this on. psc2410|psc2400|psc 2410|HP PSC 2410:\ :lp=/dev/ulpt0:lf=/var/log/lpd-errs:mx#0:sh:sf:\ :sd=/var/spool/output: # See http://www.linuxprinting.org/lpd-doc.html printer|lp|ps|PostScript|HP PSC 2410 (PostScript):\ :if=/usr/local/libexec/lpr/foomatic-rip:tc=psc2410:\ :af=/usr/local/share/ppd/HP-PSC_2400-hpijs.ppd:
Re: bird make network unusable on 6.8-current
Le lundi 19 octobre 2020 à 17:17 +0100, Tom Smyth a écrit : > Hi Bastien, Hello > can you do a > route show -n |grep 10\.42 Boot time: default10.42.42.1 UGS55 - 8 em0 10.42.2/24 10.42.42.21UGS00 - 8 em0 10.42.42/2410.42.42.69UCn30 - 4 em0 10.42.42.1 40:62:31:01:4b:66 UHLch 12 - 3 em0 10.42.42.3 d0:50:99:18:63:82 UHLc 14 - L 3 em0 10.42.42.21link#1 UHLch 12 - 3 em0 10.42.42.6908:00:27:d6:6e:dd UHLl 02 - 1 em0 10.42.42.255 10.42.42.69UHb0 12 - 1 em0 After bird is started : default10.42.42.1 UGS56 - 8 em0 10.42.2/24 10.42.42.21UGS00 - 8 em0 10.42.42/2410.42.42.69U1 02 -56 em0 10.42.42.6908:00:27:d6:6e:dd UHLl 0 10 - 1 em0 10.42.42.255 10.42.42.69UHb0 14 - 1 em0 And a few seconds after : default10.42.42.1 UGS1 28 - 8 em0 default10.42.42.1 UG100 -56 em0 10.0.42.21 10.42.42.21UGH1 00 -56 em0 10.42.0/24 10.42.42.1 UG100 -56 em0 10.42.1.56/30 10.42.42.21UG100 -56 em0 10.42.1.64/30 10.42.42.21UG100 -56 em0 10.42.1.76/30 10.42.42.21UG100 -56 em0 10.42.2/24 10.42.42.21UGS0 10 - 8 em0 10.42.2/24 10.42.42.21UG100 -56 em0 10.42.2.25410.42.42.21UGH1 0 1088 -56 em0 10.42.7.6 10.42.42.21UGH1 00 -56 em0 10.42.7.7 10.42.42.21UGH1 00 -56 em0 10.42.7.53 10.42.42.21UGH1 00 -56 em0 10.42.42/2410.42.42.69U1h 31 95 -56 em0 10.42.42.6908:00:27:d6:6e:dd UHLl 0 19 - 1 em0 10.42.42.255 10.42.42.69UHb07 - 1 em0 10.60.77.5 10.42.42.1 UGH1 00 -56 em0 10.120/16 10.42.42.1 UG100 -56 em0 [...] As all routes are going through 10.42.42.1 or 10.42.42.21, all my routing table matches the grep Im guessing here but can you verify if BGP or Ospf is *Not* inserting routes that are more specific than your connected route on your interface say you have 10.42.42.x/24 on your interface em0 openbsd-test# ifconfig em0 | grep -v inet6 em0: flags=a08843 mtu 1500 lladdr 08:00:27:d6:6e:dd index 1 priority 0 llprio 3 groups: egress media: Ethernet autoselect (1000baseT full-duplex) status: active inet 10.42.42.69 netmask 0xff00 broadcast 10.42.42.255 and then you receive a /32 route 10.42.42.1 to point at another address once that route is installed your kernel wont know how to look up the mac address of 10.42.42.1 (because it will no longer try your physical interface) quick workaround is put a sciatic arp entry for the ips that are being inserted as a morespecific route than your connected route proper workaround filter out the more specifics If you need more specifics (have the more specific ips on a separate network that does not conflict with your connected routes Hope this helps I don't see routes to 10.42.42.1 or 10.42.42.21 (I've put full ospf status & ospf interface outputs) Note that ospfd(8) can run without crashing network, so I assume ospf works correctly in the network Regards, -- Bastien BIRD 2.0.7 ready. ospfv2: Interface em0 (10.42.42.0/24) Type: broadcast Area: 0.0.0.0 (0) State: DROther Priority: 1 Cost: 5 Hello timer: 10 Wait timer: 40 Dead timer: 40 Retransmit timer: 5 Designated router (ID): 10.42.42.21 Designated router (IP): 10.42.42.21 Backup designated router (ID): 10.42.42.1 Backup designated router (IP): 10.42.42.1 BIRD 2.0.7 ready. area 0.0.0.0 router 10.42.1.78 distance 15 router 10.42.42.21 metric 10 stubnet 10.42.1.76/30 metric 10 stubnet 10.42.2.254/32 metric 10 router 10.42.42.1 distance 5 network 10.120.0.20/30 metric 12 network 10.120.0.8/30 metric 12 network 10.120.0.4/30 metric 10 network 10.120.0.0/30 metric 10 network 10.42.42.0/24 metric 1 stubnet 10.255.255.0/24 metric 10 stubnet 10.42
Re: Inphi CS4223 for 4x 10GbE SFP+
On 10/19/20 9:46 PM, Stuart Henderson wrote: On 2020-10-19, Harald Dunkel wrote: What would these bypass problems look like? Hopefully the bypass feature can be turned off/ignored. If there are problems then possibly 2 of the ports either won't work or will be connected directly to 2 of the other ports until a magic command is sent somehow (either gpio or via some memory mapped io port I guess, I don't know the hardware). You mean the bypass might be active, even though its not configured and power is on? That sounds like a fatal problem to me. Is this restricted to OpenBSD or are other operating systems affected as well? Regards Harri