OpenBSD on Thinkpad X13s ARM-based laptop
Hi everyone, Has anyone tried to install and run OpenBSD on ARM-based Thinkpad X13s? What are the challenges on making OpenBSD run on it? Thank you.
Re: Multi path routing with BGPD
On 2023-06-01, Claudio Jeker wrote: > On Thu, Jun 01, 2023 at 04:58:54PM +, Valdrin MUJA wrote: >> Hi Claudio, >> >> Thanks for your reply. I think this is the saddest news lately. >> At this point, I have a question: >> This should not be a kernel issue, right? >> So, can I use an alternative like bird until this feature is developed? > > I'm not sure if bird does multipath on OpenBSD. Guess you will find out. btw, the tcpmd5 patches in the bird port are broken, it's somewhere on my todo list but you want to avoid md5 there for now.
Re: High Interrupt After 7.3 Upgrade
Hi Boyd, I noted the uptime values when I received notifications like "Internet is slow", "Intranet is too slow" from users. In all of them, the load average was 5 and above. This is what I mean with the firewall just slowed down. Also there were more error messages like these: pmap_unwire: wiring for pmap 0xfd8e8c2f8bd8 va 0xc000a44000 didn't change! In Fact I live with pmap_unwire messages but that time those messages were increased so much. That's nearly all I have at the moment. Thanks. On Thu, Jun 1, 2023 at 8:39 PM Boyd Stephens wrote: > On 5/2/23 13:24, Samuel Jayden wrote: > > > > My firewall just slowed down after upgrading from 7.2 to 7.3. > > Hello Samuel, > > When you mention that your "firewall just slowed down" specifically what > metric and/or anecdotal data are/were you using to determine this > particular status of its operation(s)? > > Secondly what type of network load is present when you experience these > issues? > > > Boyd Stephens > I85Cyber.org >
Re: High Interrupt After 7.3 Upgrade
On 5/2/23 13:24, Samuel Jayden wrote: My firewall just slowed down after upgrading from 7.2 to 7.3. Hello Samuel, When you mention that your "firewall just slowed down" specifically what metric and/or anecdotal data are/were you using to determine this particular status of its operation(s)? Secondly what type of network load is present when you experience these issues? Boyd Stephens I85Cyber.org
Re: Multi path routing with BGPD
On Thu, Jun 01, 2023 at 04:58:54PM +, Valdrin MUJA wrote:
> Hi Claudio,
>
> Thanks for your reply. I think this is the saddest news lately.
> At this point, I have a question:
> This should not be a kernel issue, right?
> So, can I use an alternative like bird until this feature is developed?
I'm not sure if bird does multipath on OpenBSD. Guess you will find out.
>
> From: Claudio Jeker
> Sent: Thursday, June 1, 2023 19:34
> To: Valdrin MUJA
> Cc: MISC@openbsd.org
> Subject: Re: Multi path routing with BGPD
>
> On Mon, May 29, 2023 at 07:29:14PM +, Valdrin MUJA wrote:
> > Hello,
> >
> > I try to setup multipath routing environment with OpenBSD's bgpd.
>
> multipath != add-path. OpenBGPD currently does not do multipath routing.
> It only uses the best path for the FIB and the nexthops are only resolved
> to one gateway.
>
> > As I understand from man page the keyword is add-path.
> > Here is my environmental report:
> >
> > 1. In my lab I simulate two wan links for each device.
> > 2. Each device also has a LAN network to announce.
> > 3. In the middle of these two devices there is another OpenBSD acting as
> > Router.
> >
> > Device 1 :
> > WAN1 : 192.168.10.2/24
> > WAN2: 10.1.1.2/24
> > LAN : 172.16.1.1/24
> > GRE1 : 172.31.1.1 -> 172.31.1.2 netmask /24 (over wan1)
> > GRE2 : 172.31.2.1 -> 172.31.2.2 netmask /24 (over wan2)
> >
> > Device 2 :
> > WAN1 : 192.168.20.2/24
> > WAN2: 10.1.2.2/24
> > LAN : 172.16.2.1/24
> > GRE1 : 172.31.1.2 -> 172.31.1.1 netmask /24 (over wan1)
> > GRE2 : 172.31.2.2 -> 172.31.2.1 netmask /24 (over wan2)
> >
> >
> > Router :
> > 192.168.10.1/24
> > 192.168.20.1/24
> > 10.1.1.1/24
> > 10.1.2.1/24
> >
> > -
> >
> > Here bgpd.conf file contents :
> >
> > Device1# cat /etc/bgpd.conf
> > AS 100
> > network 172.16.1.0/24
> > neighbor 172.31.1.2 {
> > remote-as 100
> > log updates
> > announce IPv4 unicast
> > announce add-path recv yes
> > announce add-path send best
> > }
> > neighbor 172.31.2.2 {
> > remote-as 100
> > log updates
> > announce IPv4 unicast
> > announce add-path recv yes
> > announce add-path send best
> > }
> > allow quick from { ibgp }
> > allow quick to { ibgp }
> >
> > Device2# cat /etc/bgpd.conf
> > AS 100
> > network 172.16.2.0/24
> > neighbor 172.31.1.1 {
> > remote-as 100
> > log updates
> > announce IPv4 unicast
> > announce add-path recv yes
> > announce add-path send best
> > }
> > neighbor 172.31.2.1 {
> > remote-as 100
> > log updates
> > announce IPv4 unicast
> > announce add-path recv yes
> > announce add-path send best
> > }
> > allow quick from { ibgp }
> > allow quick to { ibgp }
> >
> > Here bgpctl show outputs:
> >
> > #bgp connection is OK
> >
> > Device1# bgpctl show
> > Neighbor ASMsgRcvdMsgSent OutQ Up/Down
> > State/PrfRcvd
> > 172.31.1.2100 9 9 0 00:02:34 1
> > 172.31.2.2100 9 9 0 00:02:34 1
> >
> > # we can see rib tables are ready
> >
> > Device1# bgpctl show rib
> > flags: * = Valid, > = Selected, I = via IBGP, A = Announced,
> >S = Stale, E = Error
> > origin validation state: N = not-found, V = valid, ! = invalid
> > origin: i = IGP, e = EGP, ? = Incomplete
> >
> > flags ovs destination gateway lpref med aspath origin
> > AI*>N 172.16.1.0/240.0.0.0 100 0 i
> > I*> N 172.16.2.0/24172.31.1.2100 0 i
> > I*m N 172.16.2.0/24172.31.2.2100 0 i
> >
> > Device2# bgpctl show rib
> > flags: * = Valid, > = Selected, I = via IBGP, A = Announced,
> >S = Stale, E = Error
> > origin validation state: N = not-found, V = valid, ! = invalid
> > origin: i = IGP, e = EGP, ? = Incomplete
> >
> > flags ovs destination gateway lpref med aspath origin
> > I*> N 172.16.1.0/24172.31.1.1100 0 i
> > I*m N 172.16.1.0/24172.31.2.1100 0 i
> > AI*>N 172.16.2.0/240.0.0.0 100 0 i
> >
> >
> > But there is only one path in FIB table:
> >
> > Device1# bgpctl show fib | grep B
> > flags: B = BGP, C = Connected, S = Static
> >N = BGP Nexthop reachable via this route
> > B 48 172.16.2.0/24172.31.1.2
> >
> > Device2# bgpctl show fib | grep B
> > flags: B = BGP, C = Connected, S = Static
> >N = BGP Nexthop reachable via this route
> > B 48 172.16.1.0/24172.31.1.1
> >
> > Also my sysctl.conf is ok (net.inet.ip.multipath=1)
> > I just wanna add multpath routes for my networks as dynamic.
> >
> > It's ok with static routing(*) but I would like to achieve it as
> > dynamically with bgpd.
> > What is wrong with my configuration? Can you please help me.
> > Thanks.
> >
> > (*)
> > Device1# route add
Re: Multi path routing with BGPD
Hi Claudio,
Thanks for your reply. I think this is the saddest news lately.
At this point, I have a question:
This should not be a kernel issue, right?
So, can I use an alternative like bird until this feature is developed?
From: Claudio Jeker
Sent: Thursday, June 1, 2023 19:34
To: Valdrin MUJA
Cc: MISC@openbsd.org
Subject: Re: Multi path routing with BGPD
On Mon, May 29, 2023 at 07:29:14PM +, Valdrin MUJA wrote:
> Hello,
>
> I try to setup multipath routing environment with OpenBSD's bgpd.
multipath != add-path. OpenBGPD currently does not do multipath routing.
It only uses the best path for the FIB and the nexthops are only resolved
to one gateway.
> As I understand from man page the keyword is add-path.
> Here is my environmental report:
>
> 1. In my lab I simulate two wan links for each device.
> 2. Each device also has a LAN network to announce.
> 3. In the middle of these two devices there is another OpenBSD acting as
> Router.
>
> Device 1 :
> WAN1 : 192.168.10.2/24
> WAN2: 10.1.1.2/24
> LAN : 172.16.1.1/24
> GRE1 : 172.31.1.1 -> 172.31.1.2 netmask /24 (over wan1)
> GRE2 : 172.31.2.1 -> 172.31.2.2 netmask /24 (over wan2)
>
> Device 2 :
> WAN1 : 192.168.20.2/24
> WAN2: 10.1.2.2/24
> LAN : 172.16.2.1/24
> GRE1 : 172.31.1.2 -> 172.31.1.1 netmask /24 (over wan1)
> GRE2 : 172.31.2.2 -> 172.31.2.1 netmask /24 (over wan2)
>
>
> Router :
> 192.168.10.1/24
> 192.168.20.1/24
> 10.1.1.1/24
> 10.1.2.1/24
>
> -
>
> Here bgpd.conf file contents :
>
> Device1# cat /etc/bgpd.conf
> AS 100
> network 172.16.1.0/24
> neighbor 172.31.1.2 {
> remote-as 100
> log updates
> announce IPv4 unicast
> announce add-path recv yes
> announce add-path send best
> }
> neighbor 172.31.2.2 {
> remote-as 100
> log updates
> announce IPv4 unicast
> announce add-path recv yes
> announce add-path send best
> }
> allow quick from { ibgp }
> allow quick to { ibgp }
>
> Device2# cat /etc/bgpd.conf
> AS 100
> network 172.16.2.0/24
> neighbor 172.31.1.1 {
> remote-as 100
> log updates
> announce IPv4 unicast
> announce add-path recv yes
> announce add-path send best
> }
> neighbor 172.31.2.1 {
> remote-as 100
> log updates
> announce IPv4 unicast
> announce add-path recv yes
> announce add-path send best
> }
> allow quick from { ibgp }
> allow quick to { ibgp }
>
> Here bgpctl show outputs:
>
> #bgp connection is OK
>
> Device1# bgpctl show
> Neighbor ASMsgRcvdMsgSent OutQ Up/Down
> State/PrfRcvd
> 172.31.1.2100 9 9 0 00:02:34 1
> 172.31.2.2100 9 9 0 00:02:34 1
>
> # we can see rib tables are ready
>
> Device1# bgpctl show rib
> flags: * = Valid, > = Selected, I = via IBGP, A = Announced,
>S = Stale, E = Error
> origin validation state: N = not-found, V = valid, ! = invalid
> origin: i = IGP, e = EGP, ? = Incomplete
>
> flags ovs destination gateway lpref med aspath origin
> AI*>N 172.16.1.0/240.0.0.0 100 0 i
> I*> N 172.16.2.0/24172.31.1.2100 0 i
> I*m N 172.16.2.0/24172.31.2.2100 0 i
>
> Device2# bgpctl show rib
> flags: * = Valid, > = Selected, I = via IBGP, A = Announced,
>S = Stale, E = Error
> origin validation state: N = not-found, V = valid, ! = invalid
> origin: i = IGP, e = EGP, ? = Incomplete
>
> flags ovs destination gateway lpref med aspath origin
> I*> N 172.16.1.0/24172.31.1.1100 0 i
> I*m N 172.16.1.0/24172.31.2.1100 0 i
> AI*>N 172.16.2.0/240.0.0.0 100 0 i
>
>
> But there is only one path in FIB table:
>
> Device1# bgpctl show fib | grep B
> flags: B = BGP, C = Connected, S = Static
>N = BGP Nexthop reachable via this route
> B 48 172.16.2.0/24172.31.1.2
>
> Device2# bgpctl show fib | grep B
> flags: B = BGP, C = Connected, S = Static
>N = BGP Nexthop reachable via this route
> B 48 172.16.1.0/24172.31.1.1
>
> Also my sysctl.conf is ok (net.inet.ip.multipath=1)
> I just wanna add multpath routes for my networks as dynamic.
>
> It's ok with static routing(*) but I would like to achieve it as dynamically
> with bgpd.
> What is wrong with my configuration? Can you please help me.
> Thanks.
>
> (*)
> Device1# route add 172.16.2.0/24 172.31.1.2 -mpath
> add net 172.16.2.0/24: gateway 172.31.1.2
> Device1# route add 172.16.2.0/24 172.31.2.2 -mpath
> add net 172.16.2.0/24: gateway 172.31.2.2
> Device1# netstat -rnf inet | grep 172.16.2
> 172.16.2/24172.31.1.2 UGSP 00 - 8 gre1
> 172.16.2/24172.31.2.2 UGSP 00 - 8 gre2
>
> Device2# route add 172.16.1.0/24 172.31.1.1 -mpath
> add net
Re: Multi path routing with BGPD
On Mon, May 29, 2023 at 07:29:14PM +, Valdrin MUJA wrote:
> Hello,
>
> I try to setup multipath routing environment with OpenBSD's bgpd.
multipath != add-path. OpenBGPD currently does not do multipath routing.
It only uses the best path for the FIB and the nexthops are only resolved
to one gateway.
> As I understand from man page the keyword is add-path.
> Here is my environmental report:
>
> 1. In my lab I simulate two wan links for each device.
> 2. Each device also has a LAN network to announce.
> 3. In the middle of these two devices there is another OpenBSD acting as
> Router.
>
> Device 1 :
> WAN1 : 192.168.10.2/24
> WAN2: 10.1.1.2/24
> LAN : 172.16.1.1/24
> GRE1 : 172.31.1.1 -> 172.31.1.2 netmask /24 (over wan1)
> GRE2 : 172.31.2.1 -> 172.31.2.2 netmask /24 (over wan2)
>
> Device 2 :
> WAN1 : 192.168.20.2/24
> WAN2: 10.1.2.2/24
> LAN : 172.16.2.1/24
> GRE1 : 172.31.1.2 -> 172.31.1.1 netmask /24 (over wan1)
> GRE2 : 172.31.2.2 -> 172.31.2.1 netmask /24 (over wan2)
>
>
> Router :
> 192.168.10.1/24
> 192.168.20.1/24
> 10.1.1.1/24
> 10.1.2.1/24
>
> -
>
> Here bgpd.conf file contents :
>
> Device1# cat /etc/bgpd.conf
> AS 100
> network 172.16.1.0/24
> neighbor 172.31.1.2 {
> remote-as 100
> log updates
> announce IPv4 unicast
> announce add-path recv yes
> announce add-path send best
> }
> neighbor 172.31.2.2 {
> remote-as 100
> log updates
> announce IPv4 unicast
> announce add-path recv yes
> announce add-path send best
> }
> allow quick from { ibgp }
> allow quick to { ibgp }
>
> Device2# cat /etc/bgpd.conf
> AS 100
> network 172.16.2.0/24
> neighbor 172.31.1.1 {
> remote-as 100
> log updates
> announce IPv4 unicast
> announce add-path recv yes
> announce add-path send best
> }
> neighbor 172.31.2.1 {
> remote-as 100
> log updates
> announce IPv4 unicast
> announce add-path recv yes
> announce add-path send best
> }
> allow quick from { ibgp }
> allow quick to { ibgp }
>
> Here bgpctl show outputs:
>
> #bgp connection is OK
>
> Device1# bgpctl show
> Neighbor ASMsgRcvdMsgSent OutQ Up/Down
> State/PrfRcvd
> 172.31.1.2100 9 9 0 00:02:34 1
> 172.31.2.2100 9 9 0 00:02:34 1
>
> # we can see rib tables are ready
>
> Device1# bgpctl show rib
> flags: * = Valid, > = Selected, I = via IBGP, A = Announced,
>S = Stale, E = Error
> origin validation state: N = not-found, V = valid, ! = invalid
> origin: i = IGP, e = EGP, ? = Incomplete
>
> flags ovs destination gateway lpref med aspath origin
> AI*>N 172.16.1.0/240.0.0.0 100 0 i
> I*> N 172.16.2.0/24172.31.1.2100 0 i
> I*m N 172.16.2.0/24172.31.2.2100 0 i
>
> Device2# bgpctl show rib
> flags: * = Valid, > = Selected, I = via IBGP, A = Announced,
>S = Stale, E = Error
> origin validation state: N = not-found, V = valid, ! = invalid
> origin: i = IGP, e = EGP, ? = Incomplete
>
> flags ovs destination gateway lpref med aspath origin
> I*> N 172.16.1.0/24172.31.1.1100 0 i
> I*m N 172.16.1.0/24172.31.2.1100 0 i
> AI*>N 172.16.2.0/240.0.0.0 100 0 i
>
>
> But there is only one path in FIB table:
>
> Device1# bgpctl show fib | grep B
> flags: B = BGP, C = Connected, S = Static
>N = BGP Nexthop reachable via this route
> B 48 172.16.2.0/24172.31.1.2
>
> Device2# bgpctl show fib | grep B
> flags: B = BGP, C = Connected, S = Static
>N = BGP Nexthop reachable via this route
> B 48 172.16.1.0/24172.31.1.1
>
> Also my sysctl.conf is ok (net.inet.ip.multipath=1)
> I just wanna add multpath routes for my networks as dynamic.
>
> It's ok with static routing(*) but I would like to achieve it as dynamically
> with bgpd.
> What is wrong with my configuration? Can you please help me.
> Thanks.
>
> (*)
> Device1# route add 172.16.2.0/24 172.31.1.2 -mpath
> add net 172.16.2.0/24: gateway 172.31.1.2
> Device1# route add 172.16.2.0/24 172.31.2.2 -mpath
> add net 172.16.2.0/24: gateway 172.31.2.2
> Device1# netstat -rnf inet | grep 172.16.2
> 172.16.2/24172.31.1.2 UGSP 00 - 8 gre1
> 172.16.2/24172.31.2.2 UGSP 00 - 8 gre2
>
> Device2# route add 172.16.1.0/24 172.31.1.1 -mpath
> add net 172.16.1.0/24: gateway 172.31.1.1
> Device2# route add 172.16.1.0/24 172.31.2.1 -mpath
> add net 172.16.1.0/24: gateway 172.31.2.1
> Device2# netstat -rnf inet | grep 172.16.1
> 172.16.1/24172.31.1.1 UGSP 00 - 8 gre1
> 172.16.1/24172.31.2.1 UGSP 00 - 8 gre2
>
You don't need add-path for your setup
Re: build go projects with current: bad system call (core dumped)
On Thu, 1 Jun 2023 at 16:28, Stuart Henderson wrote: > On 2023-06-01, Thomas Huber wrote: > > Hi @misc, > > > > I face a problem with -current when building golang projects. > > This worked fine on 7.2 and I think it stopped working with 7.3 release. > > Now I try it on -current. > > > > I get the following error: > > "go: error obtaining buildID for go tool compile: signal: bad system call > > (core dumped)" > > > > The Projects I´m trying to build are the nats-server[1] and natscli[2]. > > go version go1.20.4 openbsd/amd64 > > > > Maybe someone on this list has a clue... > > Thanks Thomas (the u2k20 host) > > > > -- > > [1] https://github.com/nats-io/nats-server > > [2] https://github.com/nats-io/natscli > > > > If you have any old cached compiles lying around (.cache/go-build?) then > clear > them out and try again. > > thanks so far. but didn´t work with updated project dependencies nor a clean .cache/go-build.
Re: build go projects with current: bad system call (core dumped)
On 2023-06-01, Thomas Huber wrote: > Hi @misc, > > I face a problem with -current when building golang projects. > This worked fine on 7.2 and I think it stopped working with 7.3 release. > Now I try it on -current. > > I get the following error: > "go: error obtaining buildID for go tool compile: signal: bad system call > (core dumped)" > > The Projects I´m trying to build are the nats-server[1] and natscli[2]. > go version go1.20.4 openbsd/amd64 > > Maybe someone on this list has a clue... > Thanks Thomas (the u2k20 host) > > -- > [1] https://github.com/nats-io/nats-server > [2] https://github.com/nats-io/natscli > If you have any old cached compiles lying around (.cache/go-build?) then clear them out and try again.
Re: [7.3/i386] pf-badhost - Illegal instruction (core dumped)
On 2023-06-01, Radek wrote: > Hello Stuart, > >> What is the name of the core dump file? > Actually there isn't any .core file. > test73# find / -name '*.core' > test73# >From your earlier mail: test73# doas -u _pfbadhost pf-badhost -O openbsd doas (r...@test73.my.domain) password: Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction Illegal instruction (core dumped) Illegal instruction (core dumped) Illegal instruction (core dumped) Illegal instruction (core dumped) So there should be one. Anyway, since you are the one seeing the problem, you'll need to figure out a way to work out which of the many possible programs is hitting this. Maybe add echos to the script, or run it with set -x or something. There's nothing more others can do without more information.
Re: netstat: vfprintf %s NULL in " %2d %-5.16s"
Stuart Henderson wrote:
> On 2023-05-31, Benjamin Stürz wrote:
> > Hi misc@,
> >
> > while scrolling through my /var/log/messages I found this entry:
> > netstat: vfprintf %s NULL in " %2d %-5.16s"
> >
> > I tracked down the issue to line 278 of /usr/src/usr.bin/netstat/show.c:
> >> printf(" %2d %-5.16s", rtm->rtm_priority,
> >> if_indextoname(rtm->rtm_index, ifbuf))
> > It appears to me that if_indextoname(3) returns NULL for some reason,
> > and that this isn't being checked.
> >
> > Is this intentional? Or did I find a minor bug?
>
> I'd guess at a race, probably the route was pointing at a virtual
> interface that was removed during printing of the route table.
Still needs to be fixed, so that the code checks for NULL return before
passing it as a parameter. That means figuring out what to do in that
case.
Re: Cannot setup more than one WireGuard peer
Hi, It's because of preventing possible spoofs by each peer. from man wg(4) : The interface will accept tunneled traffic only from the peer configured with the most specific matching allowed IP address range for the incoming traffic, or drop it if no such match exists. That is, tunneled traffic routed to a given peer cannot return through another peer of the same wg interface. This ensures that peers cannot spoof another's traffic. In addition, it is explained that by reading the 2nd article of the document at the https://www.wireguard.com/papers/wireguard.pdf url address, it is determined which public key to encrypt according to the Allowed IP address. So for security reasons, it was designed that way in principle. If this can be assigned to an option, it's a kernel question entirely specific to wireguard implementation. From: owner-m...@openbsd.org on behalf of Consus Sent: Thursday, June 1, 2023 15:47 To: misc@openbsd.org Subject: Cannot setup more than one WireGuard peer Hi, I'm using OpenBSD 7.3 and I have the following issue with WireGuard: adding more than one peer via ifconfig breaks wgaip assignments. Initial configuration: $ doas ifconfig wg0 wg0: flags=80c3 mtu 1420 index 8 priority 0 llprio 3 wgport wgpubkey groups: wg inet 10.45.0.1 netmask 0xff00 broadcast 10.45.0.255 Adding a new peer: $ doas ifconfig wg0 wgpeer wgaip 10.45.0.2/24 $ doas ifconfig wg0 wg0: flags=80c3 mtu 1420 index 8 priority 0 llprio 3 wgport wgpubkey wgpeer tx: 0, rx: 0 wgaip 10.45.0.2/24 groups: wg inet 10.45.0.1 netmask 0xff00 broadcast 10.45.0.255 So far so good, adding another peer: $ doas ifconfig wg0 wgpeer wgaip 10.45.0.3/24 $ doas ifconfig wg0 wg0: flags=80c3 mtu 1420 index 8 priority 0 llprio 3 wgport wgpubkey wgpeer tx: 0, rx: 0 wgpeer tx: 0, rx: 0 wgaip 10.45.0.2/24 groups: wg inet 10.45.0.1 netmask 0xff00 broadcast 10.45.0.255 Bam. The first peer has lost it's wgaip, the second one gets invalid wgaip, hence nothing works. Merging it all in a single ifconfig line does not help either. Please halp.
Re: Cannot setup more than one WireGuard peer
Goddamit, 32 instead of 24. Sorry for the noise. On Thu, Jun 01, 2023 at 01:02:36PM +, Valdrin MUJA wrote: > Hi, > > It's because of preventing possible spoofs by each peer. > from man wg(4) : > The interface will accept tunneled traffic only from the peer configured with > the most specific matching allowed IP address range for the incoming traffic, > or drop it if no such match exists. That is, tunneled traffic routed to a > given peer cannot return through another peer of the same wg interface. This > ensures that peers cannot spoof another's traffic. > > In addition, it is explained that by reading the 2nd article of the document > at the https://www.wireguard.com/papers/wireguard.pdf url address, it is > determined which public key to encrypt according to the Allowed IP address. > > So for security reasons, it was designed that way in principle. > If this can be assigned to an option, it's a kernel question entirely > specific to wireguard implementation. > > > > From: owner-m...@openbsd.org on behalf of Consus > > Sent: Thursday, June 1, 2023 15:47 > To: misc@openbsd.org > Subject: Cannot setup more than one WireGuard peer > > Hi, > > I'm using OpenBSD 7.3 and I have the following issue with WireGuard: > adding more than one peer via ifconfig breaks wgaip assignments. > > Initial configuration: > > $ doas ifconfig wg0 > wg0: flags=80c3 mtu 1420 > index 8 priority 0 llprio 3 > wgport > wgpubkey > groups: wg > inet 10.45.0.1 netmask 0xff00 broadcast 10.45.0.255 > > Adding a new peer: > > $ doas ifconfig wg0 wgpeer wgaip 10.45.0.2/24 > $ doas ifconfig wg0 > wg0: flags=80c3 mtu 1420 > index 8 priority 0 llprio 3 > wgport > wgpubkey > wgpeer > tx: 0, rx: 0 > wgaip 10.45.0.2/24 > groups: wg > inet 10.45.0.1 netmask 0xff00 broadcast 10.45.0.255 > > So far so good, adding another peer: > > $ doas ifconfig wg0 wgpeer wgaip 10.45.0.3/24 > $ doas ifconfig wg0 > wg0: flags=80c3 mtu 1420 > index 8 priority 0 llprio 3 > wgport > wgpubkey > wgpeer > tx: 0, rx: 0 > wgpeer > tx: 0, rx: 0 > wgaip 10.45.0.2/24 > groups: wg > inet 10.45.0.1 netmask 0xff00 broadcast 10.45.0.255 > > Bam. The first peer has lost it's wgaip, the second one gets invalid > wgaip, hence nothing works. > > Merging it all in a single ifconfig line does not help either. > > Please halp. >
Re: [7.3/i386] pf-badhost - Illegal instruction (core dumped)
Hello Diana, > I realize he shared it here, but this an OpenBSD mailing list. I strongly > suggest you contact the author, don't just "hope" he regularly monitors this > list. > > I've contacted him before at his email address and he was very prompt in > reply. If I don't solve the problem here (public list) I'll contact Jordan. On Tue, 30 May 2023 19:29:33 -0600 "deich...@placebonol.com" wrote: > I realize he shared it here, but this an OpenBSD mailing list. I strongly > suggest you contact the author, don't just "hope" he regularly monitors this > list. > > I've contacted him before at his email address and he was very prompt in > reply. > > 73 > diana > KI5PGJ > > On May 30, 2023 8:05:04 AM MDT, Radek wrote: > >Hello and sorry for the late reply, > > > >> Did you contact the individual who provides pf-bafhost script? He has > >> always responded to me when I contacted him. > >No, I didn't. Jordan shared his scripts here, I hope he reads misc@. > > > Radek
Re: build go projects with current: bad system call (core dumped)
On 6/1/23 08:33, Thomas Huber wrote: > Hi @misc, > > I face a problem with -current when building golang projects. > This worked fine on 7.2 and I think it stopped working with 7.3 release. > Now I try it on -current. > > I get the following error: > "go: error obtaining buildID for go tool compile: signal: bad system call > (core dumped)" Update the 'sys' dependency to the latest version. > > The Projects I´m trying to build are the nats-server[1] and natscli[2]. > go version go1.20.4 openbsd/amd64 > > Maybe someone on this list has a clue... > Thanks Thomas (the u2k20 host) > > -- > [1] https://github.com/nats-io/nats-server > [2] https://github.com/nats-io/natscli
Re: [7.3/i386] pf-badhost - Illegal instruction (core dumped)
Hello Stuart,
> What is the name of the core dump file?
Actually there isn't any .core file.
test73# find / -name '*.core'
test73#
On Tue, 30 May 2023 14:41:37 - (UTC)
Stuart Henderson wrote:
> On 2023-05-30, Radek wrote:
> > Hello and sorry for the late reply,
> >
> >> Did you contact the individual who provides pf-bafhost script? He has
> >> always responded to me when I contacted him.
> > No, I didn't. Jordan shared his scripts here, I hope he reads misc@.
> >
> >> what program dumped core?
> > Some parts of [1]. How can I determine which lines do it?
>
> pf-badhost is a fairly large ksh script which calls a bunch of various
> other programs depending on what's present (3 different awks, 4
> different file fetching tools, 3 search tools, etc).
>
> It isn't likely to be the script itself which is SIGILLing but one of those
> other programs.
>
> What is the name of the core dump file?
>
> >> dmesg?
> > cpu0: Geode(TM) Integrated Processor by AMD PCS ("AuthenticAMD" 586-class)
> > 500 MHz, 05-0a-02
> > cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX,MMXX,3DNOW2,3DNOW
>
> so no SSE, etc.
>
>
Radek
Cannot setup more than one WireGuard peer
Hi, I'm using OpenBSD 7.3 and I have the following issue with WireGuard: adding more than one peer via ifconfig breaks wgaip assignments. Initial configuration: $ doas ifconfig wg0 wg0: flags=80c3 mtu 1420 index 8 priority 0 llprio 3 wgport wgpubkey groups: wg inet 10.45.0.1 netmask 0xff00 broadcast 10.45.0.255 Adding a new peer: $ doas ifconfig wg0 wgpeer wgaip 10.45.0.2/24 $ doas ifconfig wg0 wg0: flags=80c3 mtu 1420 index 8 priority 0 llprio 3 wgport wgpubkey wgpeer tx: 0, rx: 0 wgaip 10.45.0.2/24 groups: wg inet 10.45.0.1 netmask 0xff00 broadcast 10.45.0.255 So far so good, adding another peer: $ doas ifconfig wg0 wgpeer wgaip 10.45.0.3/24 $ doas ifconfig wg0 wg0: flags=80c3 mtu 1420 index 8 priority 0 llprio 3 wgport wgpubkey wgpeer tx: 0, rx: 0 wgpeer tx: 0, rx: 0 wgaip 10.45.0.2/24 groups: wg inet 10.45.0.1 netmask 0xff00 broadcast 10.45.0.255 Bam. The first peer has lost it's wgaip, the second one gets invalid wgaip, hence nothing works. Merging it all in a single ifconfig line does not help either. Please halp.
build go projects with current: bad system call (core dumped)
Hi @misc, I face a problem with -current when building golang projects. This worked fine on 7.2 and I think it stopped working with 7.3 release. Now I try it on -current. I get the following error: "go: error obtaining buildID for go tool compile: signal: bad system call (core dumped)" The Projects I´m trying to build are the nats-server[1] and natscli[2]. go version go1.20.4 openbsd/amd64 Maybe someone on this list has a clue... Thanks Thomas (the u2k20 host) -- [1] https://github.com/nats-io/nats-server [2] https://github.com/nats-io/natscli
Re: Python 3.10 required by py3-bsddb3 but not supported
On 01/06/23 11:02 +0100, Stuart Henderson wrote: > [moved to ports@; reply-to set] > > On 2023-05-31, Roger Marsh wrote: > > Script started on Wed May 31 10:43:00 2023 > > This pkg_info report shows Python 3.10 required by py3-bsddb3 after upgrade > > from OpenBSD 7.2 to 7.3 and package upgrade. > > > > As bsddb3 does not support Python 3.10 or later but does support Python 3.9 > > and earlier, surely the requirement should be on Python 3.9, or perhaps the > > py3-bsddb3 port should be removed. > > All py3-* ports are built against a single Python branch, in OpenBSD 7.3 > this is 3.10. It can't be mixed-and-matched. > > I think py-bsddb3 should be removed. > > Upstream has replaced it with py-berkeleydb > (https://www.jcea.es/programacion/pybsddb.htm) but we can't switch to that > unless someone updates databases/db to a newer version (probably either > 4.8.30 or 5.3.28 - newer ones have switched to a much more restrictive > license). > > Two ports used py-bsddb3: gramps (though this has preferred sqlite since 5.1 > back in 2019) - I've just removed the dependency, and kopano-core - I think > only a few parts of kopano-core use bsddb3, and AIUI users of kopano should > be migrating to grommunio anyway, I think robert@ was planning to remove the > port sometime. Anyway we either need to remove the dep on py-bsddb3, or > remove kopano-core, before we can remove the py-bsddb3 port. > I think kopano can be unhooked from the builds and we can still keep the port if someone really needs it for migration.
Re: Python 3.10 required by py3-bsddb3 but not supported
[moved to ports@; reply-to set] On 2023-05-31, Roger Marsh wrote: > Script started on Wed May 31 10:43:00 2023 > This pkg_info report shows Python 3.10 required by py3-bsddb3 after upgrade > from OpenBSD 7.2 to 7.3 and package upgrade. > > As bsddb3 does not support Python 3.10 or later but does support Python 3.9 > and earlier, surely the requirement should be on Python 3.9, or perhaps the > py3-bsddb3 port should be removed. All py3-* ports are built against a single Python branch, in OpenBSD 7.3 this is 3.10. It can't be mixed-and-matched. I think py-bsddb3 should be removed. Upstream has replaced it with py-berkeleydb (https://www.jcea.es/programacion/pybsddb.htm) but we can't switch to that unless someone updates databases/db to a newer version (probably either 4.8.30 or 5.3.28 - newer ones have switched to a much more restrictive license). Two ports used py-bsddb3: gramps (though this has preferred sqlite since 5.1 back in 2019) - I've just removed the dependency, and kopano-core - I think only a few parts of kopano-core use bsddb3, and AIUI users of kopano should be migrating to grommunio anyway, I think robert@ was planning to remove the port sometime. Anyway we either need to remove the dep on py-bsddb3, or remove kopano-core, before we can remove the py-bsddb3 port.
Python 3.10 required by py3-bsddb3 but not supported
Script started on Wed May 31 10:43:00 2023 This pkg_info report shows Python 3.10 required by py3-bsddb3 after upgrade from OpenBSD 7.2 to 7.3 and package upgrade. As bsddb3 does not support Python 3.10 or later but does support Python 3.9 and earlier, surely the requirement should be on Python 3.9, or perhaps the py3-bsddb3 port should be removed. Apologies if something is already happening and, or, for not saying earlier: the upgrade was done in mid-April. d630amd64$ pkg_info -R python-3.10.10p0 Information for inst:python-3.10.10p0 Required by: glib2-2.74.6 gnumeric-1.12.55 gobject-introspection-1.74.0p1 libproxy-0.4.18p2 libreoffice-7.5.1.2v0 py3-MarkupSafe-2.1.2 py3-alabaster-0.7.13 py3-apsw-3.35.4p1 py3-babel-2.12.1 py3-beaker-1.11.0p0 py3-brotli-1.0.9p3 py3-bsddb3-6.0.1p8 py3-cairo-1.23.0 py3-certifi-2022.12.7 py3-charset-normalizer-3.1.0 py3-cryptodome-3.15.0p1 py3-cython-0.29.32p1v0 py3-docutils-0.19p0 py3-gobject3-3.42.2p4 py3-idna-3.4 py3-imagesize-1.4.1p1 py3-importlib_metadata-5.1.0 py3-jinja2-3.1.2p1 py3-mako-1.2.4 py3-markdown-3.4.1p0 py3-packaging-23.0 py3-parsing-3.0.9p2 py3-pip-23.0.1 py3-pygments-2.14.0 py3-requests-2.28.2 py3-setuptools-64.0.3p1v0 py3-snowballstemmer-2.2.0p1 py3-sphinx-6.1.3 py3-sphinxcontrib-applehelp-1.0.4 py3-sphinxcontrib-devhelp-1.0.2p2 py3-sphinxcontrib-htmlhelp-2.0.1 py3-sphinxcontrib-jsmath-1.0.1p2 py3-sphinxcontrib-qthelp-1.0.3p2 py3-sphinxcontrib-serializinghtml-1.1.5p1 py3-sphinxcontrib-websupport-1.2.4p2 py3-stemmer-2.2.0.1 py3-tz-2022.7.1 py3-urllib3-1.26.15 py3-zipp-3.15.0 python-idle-3.10.10p0 python-tkinter-3.10.10 d630amd64$ exit Script done on Wed May 31 10:43:59 2023 This is the package upgrade script after upgrade to OpenBSD 7.3 Script started on Mon Apr 10 19:00:24 2023 d630amd64# pkg_info adwaita-icon-theme-42.0 base icon theme for GNOME apl-fonts-1.0p0 Adrian Smith's standard APL fonts apr-1.7.0 Apache Portable Runtime apr-util-1.6.1p4companion library to APR aspell-0.60.6.1p11 spell checker designed to eventually replace Ispell at-spi2-atk-2.38.0 atk-bridge for at-spi2 at-spi2-core-2.44.1 service interface for assistive technologies atk-2.38.0 accessibility toolkit used by gtk+ avahi-glib-0.8p1GLib and GObject integration libraries for avahi avahi-libs-0.8p2libraries and common data files for avahi boost-1.80.0p0v0free peer-reviewed portable C++ source libraries brotli-1.0.9p0 generic lossless compressor bzip2-1.0.8p0 block-sorting file compressor, unencumbered cairo-1.17.6vector graphics library cdparanoia-3.a9.8p4 CDDA reading utility with extra data verification features cdrtools-3.00p2 ISO 9660 filesystem and CD/DVD/BD creation tools chromium-105.0.5195.125 Chromium browser clucene-core-2.3.3.4p3 full-text search engine library cups-libs-2.4.2 CUPS libraries and headers curl-7.87.0 transfer files with FTP, HTTP, HTTPS, etc. cvsps-2.1p2 generate patchsets from CVS repositories cyrus-sasl-2.1.28 RFC SASL (Simple Authentication and Security Layer) db-4.6.21p7v0 Berkeley DB package, revision 4 dbus-1.14.0p0v0 message bus system dbus-daemon-launch-helper-1.14.0 DBus setuid helper for starting system services dconf-0.40.0configuration backend system desktop-file-utils-0.26 utilities for dot.desktop entries dvd+rw-tools-7.1p1 mastering tools for DVD+RW/+R/-R/-RW e2fsprogs-1.46.2p0 utilities to manipulate ext2 filesystems ee-1.5.2p2v0easy to use text editor enchant2-2.3.3 generic spell checking library evince-42.3-light GNOME document viewer flac-1.3.4p0free lossless audio codec fribidi-1.0.12 library implementing the Unicode Bidirectional Algorithm gcr-3.41.1 library for bits of crypto UI and parsing gdk-pixbuf-2.42.9p0 image data transformation library geoclue2-2.6.0p2modular geoinformation service on top of D-Bus gettext-runtime-0.21p1 GNU gettext runtime libraries and programs ghostscript-9.56.1 PostScript and PDF interpreter ghostscript-fonts-8.11p3 35 standard PostScript fonts with Adobe name aliases giflib-5.2.1tools and library routines for working with GIF images git-2.37.3 distributed version control system glew-2.2.0 GL Extension Wrangler library glib2-2.72.4p2 general-purpose utility library glib2-networking-2.72.2 network-related gio modules for GLib glm-0.9.8.5 C++ mathematics header-only library for OpenGL software gmake-4.3 GNU make gmp-6.2.1p0 library for arbitrary precision arithmetic gnuchess-6.2.9 chess program gnumeric-1.12.53spreadsheet application for GNOME gnupg-2.2.39GNU privacy guard - a free PGP replacement gnutls-3.7.7GNU Transport Layer Security library goffice-0.10.53 document centric objects and utilities graphene-1.10.8 thin layer of graphic data types graphite2-1.3.14rendering for complex writing systems gsettings-desktop-schemas-42.0 collection of shared
Re: High Interrupt After 7.3 Upgrade
On 2023-05-31, Sven F. wrote: > On Wed, May 31, 2023 at 5:27 PM Stuart Henderson > wrote: > >> On 2023-05-31, Mark (obsd) wrote: >> >> >> > I'm not the OP, but that's interesting to me because I'm wondering if it's >> > why Prometheus' >> > node_exporter from packages is reporting wildly wrong CPU stats on 7.3 that >> > don't at all match what you'd expect when comparing top/htop output? It >> > was fine prior >> > to upgrading to 7.3, but I've just left digging into it on the back burner >> > due to other >> > priorities. >> >> That's a different issue, it was fixed in -current - I've just merged it to >> -stable so updated packages should show up in a day or two. >> >> 7.3 interrupt ( Intel(R) Celeron(R) J6412 ) > > v6-fw# vmstat -i > interrupt total rate The node_exporter issue is not related to the number of interrupts, it is because programs written in go keep using static copies of information converted from OS C headers, and then hardly ever get round to updating them when things change in the OS.
Re: "ticking" noise when recording audio
- If you change the sndiod(8) rate (-r option), or buffer size (-b option) does the ticking change? - could you send me a short .wav file with the ticking sound? On Wed, May 31, 2023 at 11:59:20PM -0700, Courtney Hicks wrote: > Hello all, > > I am trying to record audio from a USB device. I successfully > get audio from it, however, there is a constant "ticking" sound > that happens whether or not audio is actually playing through > the device. Here's the device from the dmesg: > > uvideo0 at uhub0 port 7 configuration 1 interface 0 "MACROSIL AV TO USB2.0" > rev 2.00/1.21 addr 2 > video0 at uvideo0 > uaudio0 at uhub0 port 7 configuration 1 interface 3 "MACROSIL AV TO USB2.0" > rev 2.00/1.21 addr 2 > uaudio0: class v1, high-speed, sync, channels: 0 play, 1 rec, 2 ctls > audio1 at uaudio0 > > I enabled kern.audio.record, have tried aucat and ffmpeg to record > the audio to file, but they both suffer the same issue. Tried monitoring > with this command: > > $aucat -f snd/1 -d -r 96000 -o - | aucat -i - > stdout: rec, chan 0:1, 48000Hz, s24le4msb > snd/1: 48000Hz, rec 0:1, 18 blocks of 480 frames > stdout: started > started > stdout: stopped > > I can hear the audio I expect but behind the "ticking" noise. > I'm using this device to get audio/video from a VCR, I can confirm > it is not the VCR or this device since they both work fine with OBS > studio on Linux. Any help is much appreciated. > > Courtney > >
"ticking" noise when recording audio
Hello all, I am trying to record audio from a USB device. I successfully get audio from it, however, there is a constant "ticking" sound that happens whether or not audio is actually playing through the device. Here's the device from the dmesg: uvideo0 at uhub0 port 7 configuration 1 interface 0 "MACROSIL AV TO USB2.0" rev 2.00/1.21 addr 2 video0 at uvideo0 uaudio0 at uhub0 port 7 configuration 1 interface 3 "MACROSIL AV TO USB2.0" rev 2.00/1.21 addr 2 uaudio0: class v1, high-speed, sync, channels: 0 play, 1 rec, 2 ctls audio1 at uaudio0 I enabled kern.audio.record, have tried aucat and ffmpeg to record the audio to file, but they both suffer the same issue. Tried monitoring with this command: $aucat -f snd/1 -d -r 96000 -o - | aucat -i - stdout: rec, chan 0:1, 48000Hz, s24le4msb snd/1: 48000Hz, rec 0:1, 18 blocks of 480 frames stdout: started started stdout: stopped I can hear the audio I expect but behind the "ticking" noise. I'm using this device to get audio/video from a VCR, I can confirm it is not the VCR or this device since they both work fine with OBS studio on Linux. Any help is much appreciated. Courtney
Re: High Interrupt After 7.3 Upgrade
Hi, I hit the same case too. It looks like there's something wrong with the ipi: I have a system where I am running the current OpenBSD kernel dated May 21. The systat output and the vmstat -i output do not match, and there are serious differences between them. For example, while the ip in vmstat -i output is below 5000, the ip in systat output can go above 65000. I don't know if it's a coincidence, but I received complaints from users on a firewall I upgraded to 7.3 and then I've downgraded the system when I saw the systat values. Maybe the notifications from the user were not correct and I was in a hurry. It can be both; I am not sure. On the other hand, when the ix(4) tso code is fully committed(*), I wanna make detailed tests with Cisco Trex and share it. (*) I think the ix(4) tso code is partially committed, but I guess it's not completely finished yet, right? From: owner-m...@openbsd.org on behalf of Sven F. Sent: Thursday, June 1, 2023 00:35 To: misc@openbsd.org Subject: Re: High Interrupt After 7.3 Upgrade On Wed, May 31, 2023 at 5:27 PM Stuart Henderson wrote: > On 2023-05-31, Mark (obsd) wrote: > > Hi Chris, > > > > On Tue, May 30, 2023 at 8:59 AM Chris Cappuccio > wrote: > > > >> Samuel Jayden [samueljaydan1...@gmail.com] wrote: > >> > Hi again, > >> > > >> > Just for the record: > >> > I've downgraded to OpenBSD 7.2 (reinstalled) and everything is working > >> like > >> > a charm again. > >> > I don't know what is wrong with 7.3 but ipi interrupt rate is too much > >> and > >> > somehow OpenBSD performance is too bad.. > >> > Thanks for reading. > >> > > >> > >> Sounds like you are using 'systat' to measure interrupts. This is a bug > >> in systat was was fixed in 7.3. Here is Scott Cheloha's message from > that > >> fix: > >> > >> "systat(1): vmstat: measure elapsed time with clock_gettime(2) instead > of > >> ticks > >> > >> The vmstat view in systat(1) should not use statclock() ticks to count > >> elapsed time. First, ticks are low resolution. Second, the statclock > >> is sometimes randomized, so each tick is not necessarily of equal > >> length. Third, we're counting ticks from every CPU on the system, so > >> every rate in the view is divided by the number of CPUs. For example, > >> on an amd64 system with 8 CPUs you currently see: > >> > >> 200 clock > >> > >> ... when the true clock interrupt rate on that system is 1600. > >> > >> Instead, measure elapsed time with clock_gettime(2). Use CLOCK_UPTIME > >> here so we exclude time when the system is suspended. With this > >> change we no longer need "stathz" or "hertz". We can also get rid of > >> the anachronistic secondary clock failure test. > >> > >> > >> > > I'm not the OP, but that's interesting to me because I'm wondering if > it's > > why Prometheus' > > node_exporter from packages is reporting wildly wrong CPU stats on 7.3 > that > > don't at all > > match what you'd expect when comparing top/htop output? It was fine prior > > to upgrading > > to 7.3, but I've just left digging into it on the back burner due to > other > > priorities. > > That's a different issue, it was fixed in -current - I've just merged it to > -stable so updated packages should show up in a day or two. > > > 7.3 interrupt ( Intel(R) Celeron(R) J6412 ) v6-fw# vmstat -i interrupt total rate irq96/acpi0 10 irq145/inteldrm0 4970 irq97/xhci0 30 irq98/ahci0 18738060 irq114/igc0:0 157799531 50 irq115/igc0:1 194120194 61 irq116/igc0:2 148272908 47 irq117/igc0:3 159077128 50 irq118/igc0 20 irq119/igc1:0 158925348 50 irq120/igc1:1 181916246 58 irq121/igc1:2 155586734 49 irq122/igc1:3 170737329 54 irq123/igc1 20 irq129/igc3:021260 irq130/igc3:1 540117832 172 irq131/igc3:2 5688860 irq132/igc3:3 909270099 290 irq133/igc3130 irq0/clock 2505321992 799 irq0/ipi 5601964631 1788 Total 1088308 3475 I did not notice performance issue here, but maybe irq0/ipi 5601964631 1788 is bad i did noticed some unexpected kernel_lock jittering the traffic ~15ms -- -- - Knowing is not enough; we must apply. Willing is not enough; we must do
