Re: PC Engines APU alternative for OpenBSD - 2022h2

[David Anthony]

Another vote for ProtectCLI

On 9/28/22 5:55 PM, myml...@gmx.com wrote:


On 9/28/22 14:03, Stuart Henderson wrote:

On 2022-09-28, Sean Rider  wrote:
I have a 7.1 router/wg server running on a protectli FW4B and I've 
had no issues. Their customer service has been great too.


https://protectli.com/vault-4-port/

Those appear to be old versions of the cheap chinese boxes I mentioned
(because they have the now-hard-to-get em(4) instead of 2.5G igc(4))
but at about 2.5x the price



I'd suggest looking into protecli devices, I have a 6 port that has
worked flawlessly for years.

https://protectli.com/

Thomas

Re: PC Engines APU alternative for OpenBSD - 2022h2

[myml...@gmx.com]

On 9/28/22 14:03, Stuart Henderson wrote:

On 2022-09-28, Sean Rider  wrote:

I have a 7.1 router/wg server running on a protectli FW4B and I've had no 
issues. Their customer service has been great too.

https://protectli.com/vault-4-port/

Those appear to be old versions of the cheap chinese boxes I mentioned
(because they have the now-hard-to-get em(4) instead of 2.5G igc(4))
but at about 2.5x the price



I'd suggest looking into protecli devices, I have a 6 port that has
worked flawlessly for years.

https://protectli.com/

Thomas

Re: PC Engines APU alternative for OpenBSD - 2022h2

[Stuart Henderson]

On 2022-09-28, Sean Rider  wrote:
> I have a 7.1 router/wg server running on a protectli FW4B and I've had no 
> issues. Their customer service has been great too.
>
> https://protectli.com/vault-4-port/

Those appear to be old versions of the cheap chinese boxes I mentioned
(because they have the now-hard-to-get em(4) instead of 2.5G igc(4))
but at about 2.5x the price

Re: PC Engines APU alternative for OpenBSD - 2022h2

[Sean Rider]

I have a 7.1 router/wg server running on a protectli FW4B and I've had no 
issues. Their customer service has been great too.

https://protectli.com/vault-4-port/

On Wed, Sep 28, 2022, at 10:20 AM, Denis Fondras wrote:
> Le Wed, Sep 28, 2022 at 04:55:51PM +0200, Erik van Westen a écrit :
>> 
>> Have a look at shop.opnsense.com, they might have something.
>> 
>
> The DEC6xx/7xx/8xx are not fully supported by OpenBSD.
> I don't know about the bigger boxes but being based on the same SoC they are
> probably not supported.

Re: readpassphrase(3) buffer needs explicit_bzero(3) on error?

[Todd C . Miller]

On Wed, 28 Sep 2022 15:49:08 +0200, Alejandro Colomar wrote:

> I'd like to clarify if it's necessary to clear the buffer in the case
> that the function failed.  Most errors seem to be clearly triggered
> before the first byte is written to the buffer: EINVAL, EIO, EMFILE,
> ENFILE, ENOTTY.
> 
> But there is one, EINTR, which is not clear if there was any data
> written or not.  I think this should be clarified, for such a sensitive
> function.

There is no way to know whether or not any data was written to the
buffer before the signal was received.  It is safest to assume that
some data may have been written and use explicit_bzero() to clear
the buffer.

 - todd

Re: PC Engines APU alternative for OpenBSD - 2022h2

[Denis Fondras]

Le Wed, Sep 28, 2022 at 04:55:51PM +0200, Erik van Westen a écrit :
> 
> Have a look at shop.opnsense.com, they might have something.
> 

The DEC6xx/7xx/8xx are not fully supported by OpenBSD.
I don't know about the bigger boxes but being based on the same SoC they are
probably not supported.

Re: PC Engines APU alternative for OpenBSD - 2022h2

[Erik van Westen]

On 28-09-2022 16:27, Mikolaj Kucharski wrote:

Hi,

I'm using PC Engines for years. I have many of them. I want to buy more,
but they are not available on their main web site. I'm still planning to
buy them the moment they will show up on https://www.pcengines.ch/order.htm

However, after many weeks of waiting, I finally reached a point, when I
need to look for alternatives, as few of my hobbyist projects and plans
are on-hold for too long.

I'm looking for something similar like PC Engines APU board. Preferably
4 network cards, 4GB of RAM, low power consumption, no graphic card,
serial console access, suitable for wired and Wi-Fi and/or LTE router,
based on OpenBSD.

To give you an example, I have or had in the past, PC Engines with
OpenBSD as:

- plain simple Ethernet router
- fiber + Ethernet router
- Wi-Fi access point via Ethernet uplink
- Wi-Fi access point via LTE modem uplink
- WireGuard, OpenVPN endpoint
- DNS, DHCP, TFTP and PXE server
- print server and scanner via CUPS and SANE
- HTTP server, plus some automation daemons

Very typical stuff, nothing unusual I would say. I usually duplicate
above setups in various locations, like family house, relatives, and my
own place, but.. I run out of simple and reliable hardware to run it on,
hence this post. I don't want to run full blown PC, because of
electricity consumption and graphic card. In case of kernel panic() I
want to have a system with serial console, by design on motherboard,
not something additional.

 From architecture perspective I think most practical is amd64, but maybe
well supported arm64 would do. If you want to put RPi in the picture, I
don't think about it, as it has only one Ethernet interface.

PS: Please CC me in any replies.


Have a look at shop.opnsense.com, they might have something.

Erik

Re: PC Engines APU alternative for OpenBSD - 2022h2

[Stuart Henderson]

On 2022-09-28, Mikolaj Kucharski  wrote:
> I'm looking for something similar like PC Engines APU board. Preferably
> 4 network cards, 4GB of RAM, low power consumption, no graphic card,
> serial console access, suitable for wired and Wi-Fi and/or LTE router,
> based on OpenBSD.

Search with keywords like "mini pc router", "pfsense router" etc,
you will find a load of boxes along these lines (to pick the first
one I found, there are loads of choices of all very similar hardware)
- https://www.aliexpress.com/item/1005004420642522.html?
They do have video out as well but you can just configure OpenBSD
to use serial console.

Now that the 1G em(4) chips are out of stock everywhere, the common
NICs these days are igc(4) 2.5G ethernet (very common, to the extent that
"I225" will probably also do as a search term ..).


--
Please keep replies on the mailing list.

Re: how to compile neomutt+gpgme

[Stuart Henderson]

On 2022-09-27, Jon Fineman  wrote:
> I wanted to compile neomutt in ports and add gpgme. In the Makefile I 
> set FLAVOR as below.
> FLAVOR?=gpgme

Don't edit the Makefile for this, set it in the environment:

FLAVOR=gpgme make package

> But when I run make it builds 
> /usr/ports/pobj/neomutt-20220429/build-amd64
> without gpgme. See neomutt -v below.
>
> When I build the FLAVOR for notmuch I get my expected module in:
> /usr/ports/pobj/neomutt-20220429-notmuch
>
> I don't see a path of:
> /usr/ports/pobj/neomutt-20220429-gpgme
>
> desktop(/usr/ports/pobj)$: ls -ltrd neomutt-20220429*
> drwxr-xr-x  5 jjf  jjf  1024 Sep 26 15:02 neomutt-20220429-notmuch
> drwxr-xr-x  5 jjf  jjf  1024 Sep 27 12:05 neomutt-20220429
>
>
> What am I missing on setting? My goal is to build gpgme+notmuch.

For this you want

FLAVOR="gpgme notmuch" make package

Or just use packages, this is one of the combinations of flavours which
is built by default.

Re: PC Engines APU alternative for OpenBSD - 2022h2

[Stefan Sperling]

On Wed, Sep 28, 2022 at 02:27:48PM +, Mikolaj Kucharski wrote:
> Hi,
> 
> I'm using PC Engines for years. I have many of them. I want to buy more,
> but they are not available on their main web site. I'm still planning to
> buy them the moment they will show up on https://www.pcengines.ch/order.htm
> 
> However, after many weeks of waiting, I finally reached a point, when I
> need to look for alternatives, as few of my hobbyist projects and plans
> are on-hold for too long.
> 
> I'm looking for something similar like PC Engines APU board. Preferably
> 4 network cards, 4GB of RAM, low power consumption, no graphic card,
> serial console access, suitable for wired and Wi-Fi and/or LTE router,

jetway JBC430U941 are a decent alternative but they are also out
of stock everywhere.

Re: PC Engines APU alternative for OpenBSD - 2022h2

[Vincent Legoll]

Hello,

what about a Pine64 RockPro64, it has a PCIe slot where
you can put a multiport ethernet card or other things
depending on your project...

There's certainly a serial port usable as console on those
too.

Looks supported, according to :
https://www.openbsd.org/arm64.html

But you may want to wait for comments from someone
with actual real world experience of openbsd on those,
I don't own one.

Regards

-- 
Vincent Legoll

PC Engines APU alternative for OpenBSD - 2022h2

[Mikolaj Kucharski]

Hi,

I'm using PC Engines for years. I have many of them. I want to buy more,
but they are not available on their main web site. I'm still planning to
buy them the moment they will show up on https://www.pcengines.ch/order.htm

However, after many weeks of waiting, I finally reached a point, when I
need to look for alternatives, as few of my hobbyist projects and plans
are on-hold for too long.

I'm looking for something similar like PC Engines APU board. Preferably
4 network cards, 4GB of RAM, low power consumption, no graphic card,
serial console access, suitable for wired and Wi-Fi and/or LTE router,
based on OpenBSD.

To give you an example, I have or had in the past, PC Engines with
OpenBSD as:

- plain simple Ethernet router
- fiber + Ethernet router
- Wi-Fi access point via Ethernet uplink
- Wi-Fi access point via LTE modem uplink
- WireGuard, OpenVPN endpoint
- DNS, DHCP, TFTP and PXE server
- print server and scanner via CUPS and SANE
- HTTP server, plus some automation daemons

Very typical stuff, nothing unusual I would say. I usually duplicate
above setups in various locations, like family house, relatives, and my
own place, but.. I run out of simple and reliable hardware to run it on,
hence this post. I don't want to run full blown PC, because of
electricity consumption and graphic card. In case of kernel panic() I
want to have a system with serial console, by design on motherboard,
not something additional.

>From architecture perspective I think most practical is amd64, but maybe
well supported arm64 would do. If you want to put RPi in the picture, I
don't think about it, as it has only one Ethernet interface.

PS: Please CC me in any replies.

-- 
Regards,
 Mikolaj

readpassphrase(3) buffer needs explicit_bzero(3) on error?

[Alejandro Colomar]

Hi,

I'd like to clarify if it's necessary to clear the buffer in the case 
that the function failed.  Most errors seem to be clearly triggered 
before the first byte is written to the buffer: EINVAL, EIO, EMFILE, 
ENFILE, ENOTTY.


But there is one, EINTR, which is not clear if there was any data 
written or not.  I think this should be clarified, for such a sensitive 
function.


Also, adding explicit_bzero(3) to SEE ALSO might be desirable.

Cheers,

Alex

--



OpenPGP_signature
Description: OpenPGP digital signature

Re: AMD EPYC

[Hrvoje Popovski]

On 28.9.2022. 10:05, Kapetanakis Giannis wrote:
> Hi,
> 
> Looking for upgrading our firewall/router and thinking about switching from 
> Xeon to EPYC (73F3 - 16C @ 3.5 GHz).
> 
> Anyone running on EPYC? Any problems?
> 
> Alternative would be something like dual Intel Xeon Gold 5315Y - 8C @ 3.20
> 
> thanks,
> 
> Giannis
> 

Hi,

I'm running openbsd on

Supermicro AS-1114S-WTRT with
AMD EPYC 7413 24-Core Processor, 2650.00 MHz, 19-01-01


Dell PowerEdge R6515 with
AMD EPYC 7313P 16-Core Processor, 2994.38 MHz, 19-01-01
this one will be my new firewall


from time to time on:
Dell PowerEdge R7515 with
AMD EPYC 7702P 64-Core Processor, 1996.28 MHz, 17-31-00


I have Lenovo Thinkpad E14 gen2 with
AMD Ryzen 5 4500U with Radeon Graphics, 2370.55 MHz, 17-60-01


And all those boxes are working as you would expected.


Here's hw.sensors for 7313P when idle
alt-fw1# sysctl hw.sensors | grep freq
hw.sensors.cpu0.frequency0=18.00 Hz
hw.sensors.cpu1.frequency0=18.00 Hz
hw.sensors.cpu2.frequency0=185000.00 Hz
hw.sensors.cpu3.frequency0=18.00 Hz
hw.sensors.cpu4.frequency0=18.00 Hz
hw.sensors.cpu5.frequency0=18.00 Hz
hw.sensors.cpu6.frequency0=18.00 Hz
hw.sensors.cpu7.frequency0=18.00 Hz
hw.sensors.cpu8.frequency0=18.00 Hz
hw.sensors.cpu9.frequency0=175000.00 Hz
hw.sensors.cpu10.frequency0=18.00 Hz
hw.sensors.cpu11.frequency0=18.00 Hz
hw.sensors.cpu12.frequency0=18.00 Hz
hw.sensors.cpu13.frequency0=18.00 Hz
hw.sensors.cpu14.frequency0=18.00 Hz
hw.sensors.cpu15.frequency0=18.00 Hz


when doing stress -c 16
alt-fw1# sysctl hw.sensors | grep freq
hw.sensors.cpu0.frequency0=37.00 Hz
hw.sensors.cpu1.frequency0=37.00 Hz
hw.sensors.cpu2.frequency0=37.00 Hz
hw.sensors.cpu3.frequency0=37.00 Hz
hw.sensors.cpu4.frequency0=37.00 Hz
hw.sensors.cpu5.frequency0=37.00 Hz
hw.sensors.cpu6.frequency0=37.00 Hz
hw.sensors.cpu7.frequency0=37.00 Hz
hw.sensors.cpu8.frequency0=37.00 Hz
hw.sensors.cpu9.frequency0=37.00 Hz
hw.sensors.cpu10.frequency0=37.00 Hz
hw.sensors.cpu11.frequency0=37.00 Hz
hw.sensors.cpu12.frequency0=37.00 Hz
hw.sensors.cpu13.frequency0=37.00 Hz
hw.sensors.cpu14.frequency0=37.00 Hz
hw.sensors.cpu15.frequency0=37.00 Hz


Regarding networking, few days ago I've rediscover that if you have cpu
with 16 or more core's and 4 nic's that support 16 queues (mcx or ix) if
you enable all of them box freeze and you need to lower to 12 cores.
I'm playing with this problem right now and will send it to tech@ or bugs@

Re: AMD EPYC

[Paul de Weerd]

Hi Kapetanakis,

On Wed, Sep 28, 2022 at 11:05:35AM +0300, Kapetanakis Giannis wrote:
| Hi,
| 
| Looking for upgrading our firewall/router and thinking about switching from 
Xeon to EPYC (73F3 - 16C @ 3.5 GHz).
| 
| Anyone running on EPYC? Any problems?

I'm running on an AMD EPYC without any issues.  Couple of vmm(4) VMs,
various internet services (mail, dns, web, etc).  Rock solid with
OpenBSD.

[weerd@despair] $ sysctl hw.model
hw.model=AMD EPYC 3201 8-Core Processor

Cheers,

Paul 'WEiRD' de Weerd

--- dmesg 
OpenBSD 7.1 (GENERIC.MP) #465: Mon Apr 11 18:03:57 MDT 2022
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 68567597056 (65391MB)
avail mem = 66472255488 (63392MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xdab19000 (51 entries)
bios0: vendor American Megatrends Inc. version "1.0c" date 06/30/2020
bios0: Supermicro Super Server
acpi0 at bios0: ACPI 6.1
acpi0: sleep states S0 S5
acpi0: tables DSDT FACP APIC FPDT FIDT SSDT SPMI SSDT MCFG SSDT CRAT CDIT BERT 
EINJ HEST HPET SSDT UEFI IVRS SSDT WSMT
acpi0: wakeup devices S0D0(S3) S0D1(S3) S0D2(S3) S0D3(S3) S1D0(S3) S1D1(S3) 
S1D2(S3) S1D3(S3)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD EPYC 3201 8-Core Processor, 1500.27 MHz, 17-01-02
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA,IBPB,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu0: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 
8-way L2 cache
cpu0: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=1.1, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD EPYC 3201 8-Core Processor, 1500.00 MHz, 17-01-02
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA,IBPB,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu1: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 
8-way L2 cache
cpu1: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: AMD EPYC 3201 8-Core Processor, 1500.00 MHz, 17-01-02
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA,IBPB,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu2: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 
8-way L2 cache
cpu2: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu2: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: AMD EPYC 3201 8-Core Processor, 1500.00 MHz, 17-01-02
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA,IBPB,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu3: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 
8-way L2 cache
cpu3: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu3: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu3: smt 0, core 3, package 0
cpu4 at mainbus0: apid 8 (application processor)
cpu4: AMD EPYC 3201 8-Core Processor, 1500.00 MHz, 17-01-02
cpu4: 

AMD EPYC

[Kapetanakis Giannis]

Hi,

Looking for upgrading our firewall/router and thinking about switching from 
Xeon to EPYC (73F3 - 16C @ 3.5 GHz).

Anyone running on EPYC? Any problems?

Alternative would be something like dual Intel Xeon Gold 5315Y - 8C @ 3.20

thanks,

Giannis