Re: ipsec with default route and routing of internal networks

2021-09-14 Thread Hrvoje Popovski
On 13.9.2021. 15:52, Stuart Henderson wrote:
> On 2021-09-13, Hrvoje Popovski  wrote:
>> On 13.9.2021. 14:08, Tom Smyth wrote:
>>> Can you do  an exception for the ranges ...  so internet - private ips
>>> you dont want over the tunnel)
>>>
>>> ike esp from 10.90.0.0/24 <http://10.90.0.0/24> to any encrypt  
>>> and 
>>>
>>>  10.90.0.0/24 <http://10.90.0.0/24> to   NOT  [networks you dont want
>>> over the tunnel)  ? 
>>>
>>
>> :) this was the first thought that i've had ... but i couldn't find how
>> to do it ... at least in man ipsec.conf or isakmpd.conf
>>
>>
> 
> You do this with a "bypass flow" in /etc/ipsec.conf:
> 
> flow from $network/$prefix to $network/$prefix type bypass
> 
> and loading it with ipsecctl. Note if you use iked, you cannot configure
> this directly in iked.conf, but you can still use ipsecctl and ipsec.conf
> for this purpose in conjunction with iked for tunnel setup.
> 
> 

Thank you guys ... with "type bypass" everything is working as expected

c/p from config
ike esp from 10.90.0.0/24 to any \
local $localip peer $peerip \
main auth hmac-sha1 enc aes group modp1024 \
quick enc aes-128-gcm group modp1024 \
psk 123
flow from 10.90.0.0/24 to 10.90.0.0/24 type bypass
flow from 10.90.0.0/24 to 10.91.0.0/24 type bypass
flow from 10.90.0.0/24 to 10.92.0.0/24 type bypass




ipsecctl -sa | grep 10.9
flow esp in from 0.0.0.0/0 to 10.90.0.0/24 peer $peerip srcid $localip
dstid $peerip type require
flow esp in from 10.90.0.0/24 to 10.90.0.0/24 type bypass
flow esp in from 10.91.0.0/24 to 10.90.0.0/24 type bypass
flow esp in from 10.92.0.0/24 to 10.90.0.0/24 type bypass

flow esp out from 10.90.0.0/24 to 0.0.0.0/0 peer $peerip srcid $localip
dstid $peerip type require
flow esp out from 10.90.0.0/24 to 10.90.0.0/24 type bypass
flow esp out from 10.90.0.0/24 to 10.91.0.0/24 type bypass
flow esp out from 10.90.0.0/24 to 10.92.0.0/24 type bypass




Re: ipsec with default route and routing of internal networks

2021-09-13 Thread Hrvoje Popovski
On 13.9.2021. 14:08, Tom Smyth wrote:
> Can you do  an exception for the ranges ...  so internet - private ips
> you dont want over the tunnel)
> 
> ike esp from 10.90.0.0/24  to any encrypt  
> and 
> 
>  10.90.0.0/24  to   NOT  [networks you dont want
> over the tunnel)  ? 
> 

:) this was the first thought that i've had ... but i couldn't find how
to do it ... at least in man ipsec.conf or isakmpd.conf



Re: ipsec with default route and routing of internal networks

2021-09-13 Thread Hrvoje Popovski
Hi,

On 13.9.2021. 12:58, Tom Smyth wrote:
> Hi Hrvoje, 
> 
> is 10.90.0.0/24  local to your firewall, and if I
> understand your rule,
> ike esp from 10.90.0.0/24  to any    you are saying  
> encrypt all traffic comming from 10.90.0.0/24  
> 
> should the tunnel be more specific ? like 
> 
> from 10.90.0.0/24   to another network across the
> tunnel  
> 

10.90/24 is my local internal network, as other networks (10.91/24,
10.92/24).
i need "ike esp from 10.90.0.0/24 to any"... because hosts on that
network need to go out to internet over ipsec tunnel ... but at the same
time hosts in that 10.90/24 network needs to communicate to other
internal networks...



ipsec with default route and routing of internal networks

2021-09-13 Thread Hrvoje Popovski
Hi all,

I have a firewall that routes few internal networks, 10.90/24, 10.91/24,
10.92/24. And i have some static routes to other firewalls, but i don't
think that is relevant to this problem.

For network 10.90/24 i have ipsec tunnel, and i need to push any traffic
from that network to the internet, but not to local networks,
over that ipsec tunnel.

something like this:
ike esp from 10.90.0.0/24 to any

I thought that the routing table will take care of that, but i seems
that when ipsec tunnel is up, i can't connect from local networks
(10.91/24, 10.92/24) to 10.90/24 and I can't even ping hosts on the
10.90/24 network ...
something like this ping -I 10.90.0.1 10.90.0.8 ...
traffic from 10.90/24 to the internet is working just fine ..

I need to make network 10.90/24 reachable to all local networks.
Could someone please point me in the right direction on what to look and
configure?

Thank you ..



supermicro bmc and openbsd efi install

2021-08-20 Thread Hrvoje Popovski
Hi all,

In supermicro server i only have one m2 nvme disk. Because of that i
need to enable efi boot to make that disk bootable ...
I can mount install.img over bmc as HD image, but boot from that
"virtual disk" won't start...

is there any way to install openbsd efi image on supermicro server over
their bmc ?

In legacy mode openbsd installs just fine but i can't make it boot in
bios ...

Thanks ...



Re: Resolved - Was: Performance tuning PF.

2021-07-27 Thread Hrvoje Popovski
On 27.7.2021. 17:36, Christopher Sean Hilton wrote:
> On Sat, Jul 24, 2021 at 10:24:28AM -, Stuart Henderson wrote:
>> On 2021-07-23, Christopher Sean Hilton  wrote:
>>> On Fri, Jul 23, 2021 at 11:19:35AM -0400, Chris Hilton wrote:
> 
> [ ...snip... ]
> 
>>>
>>> Answering my own question, it looks like the Xeon D is intels newest
>>> low power stuff. I'll look there.
>>
>> Not particularly new, Xeon D 1500 series are from 2016 or so and still
>> seem to be the range to go for if you care about good power use. Look
>> at supermicro X10SDV (Xeon D 1500 series) or M11SDV (AMD EPYC). Sadly
>> the M11SDV only has copper nics, X10SDV have decent ix(4) SFP+ plus
>> some copper. (X10 is an older supermicro range, I'm not sure what the
>> availability is like).
>>
>> supermicro, if you're reading, an EPYC board with a couple of SFP28
>> onboard would be nice...
>>
>> Sample dmesg from one of the X10SDV models - em and ix are onboard,
>> ixl is a card:
>>
>> OpenBSD 6.8-current (GENERIC.MP) #220: Thu Dec 10 20:03:29 MST 2020
>> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> 
> [ ...snip ]
> 
> Thanks to everyone for the answers that they provided. Just a late
> followup here. I thought through my testing rig and realized that it
> was slightly flawed. I was originally using one of the Atoms as an
> iperf endpoint. That obviously messed up the tests. I retested using a
> pair of machine which I know can saturate a 1Gb/s connection. My
> new test rig is a pair of MacBook Pro's with Thunderbolt Ethernet
> adapters:
> 
> * With just a GigE switch connecting the test machines, I measured a
>   transfer rate of 942 Mb/s. The test program was iperf3.
> 
> * With OpenBSD 6.8 running a bridged configuration on an Intel Atom
>   D525 with internal and external "em" nics, and filtering using pf.
>   I measured a rate of 775 ~ 850 Mb/s. Again, the test program was
>   iperf3.
> 


maybe you can update to snapshot or 6.9 and try veb(4) instead of
bridge(4) ?


> Testing the routed configuration on my Atom C2758 is a little more
> difficult. I'll set that up next week. I expect that the transfer rate
> through that combination will be a little lower since routing is more
> difficult than bridging.



> 
> I am currently shopping Intel Xeon-D hardware. I plan to eventually
> replace the D525 bridge with the C2758 running in a bridged
> configuration and use new Xeon-D hardware for the router.
> 
> -- Chris
> 
> 



Re: OpenBSD 6.9 on Hetzner cloud server

2021-07-23 Thread Hrvoje Popovski
On 22.7.2021. 16:33, Matthias Schmidt wrote:
> Hi,
> 
> * Hrvoje Popovski wrote:
>> Hi all,
>>
>> I'm thinking of getting Hetzner cloud server and install OpenBSD stable
>> on it...
>>
>> Does anyone have experience with it? Is it complicated to install
>> OpenBSD on it? And of course, is it stable?
> 
> I ran OpenBSD -stable on a Hetzner cloud server (previously known as
> VPS) for several years and it was rock stable and easy to install.  I
> moved away from Hetzner since their IP space has a bad reputation and is
> often on deny-lists by default.  Even if your server is well maintained
> you end up on such a list as collateral damage.
> 
> Nowadays, I have all my servers with IONOS.  Their IP space has better
> reputation and their VPS product is much much faster (it's based on
> VMWare and not on KVM).  OpenBSD easy is simple since you can upload
> custom ISOs and have remote console access.
> 
> Cheers
> 
>   Matthias
> 


Thank you guys for information ..



OpenBSD 6.9 on Hetzner cloud server

2021-07-22 Thread Hrvoje Popovski
Hi all,

I'm thinking of getting Hetzner cloud server and install OpenBSD stable
on it...

Does anyone have experience with it? Is it complicated to install
OpenBSD on it? And of course, is it stable?

Thank you



Re: rpki-client and BLACKHOLE routes

2021-06-24 Thread Hrvoje Popovski
On 23.6.2021. 12:09, Claudio Jeker wrote:
> On Wed, Jun 23, 2021 at 11:40:25AM +0200, Hrvoje Popovski wrote:
>> Hi all,
>>
>> fist of all, thank you for rpki-client, it's so easy to use it and to
>> get the job done.
>> I'm playing with rpki-client and denying ovs invalid statement and I've
>> seen that with default ovs config statement (deny from ebgp ovs invalid)
>> BLACKHOLE routes are blocked/invalid.
>>
>> What is the right way to allow BLACKHOLE routes through rpki ? Or if
>> someone can give me a hint on what to do.
>>
> 
> BLACKHOLE routes normally have a more specific check so you can re-allow
> them back after the ovs invalid check (for that you need to take away the
> quick from the default ruleset or actually allow quick the blackholes
> before).
> 
> I guess you can use something along the lines of:
> allow quick from group clients inet prefixlen 32 community $BLACKHOLE set 
> nexthop blackhole
> allow quick from group clients inet6 prefixlen 128 community $BLACKHOLE set 
> nexthop blackhole
> 
> I guess you also have some client prefix-sets that should be added to the
> filter rule so that one client can not blackhole for another.
> 
> BLACKHOLE routes are done in many ways and I'm not sure if there is
> consensus who is allowed to announce what. Also if there are multiple
> paths to the destination should the blackhole only be active if the
> covering route is from the same peer?


This is exactly what i need, thank you ...



rpki-client and BLACKHOLE routes

2021-06-23 Thread Hrvoje Popovski
Hi all,

fist of all, thank you for rpki-client, it's so easy to use it and to
get the job done.
I'm playing with rpki-client and denying ovs invalid statement and I've
seen that with default ovs config statement (deny from ebgp ovs invalid)
BLACKHOLE routes are blocked/invalid.

What is the right way to allow BLACKHOLE routes through rpki ? Or if
someone can give me a hint on what to do.

Thank you...



Re: gnome, gdm problem on lenovo e14 gen2

2021-05-05 Thread Hrvoje Popovski
On 4.5.2021. 13:58, Nam Nguyen wrote:
> Hrvoje Popovski writes:
> 
>> Problem is that when i should get login screen, gdm to ask me for user
>> and password, i'm getting blank grey screen ..
>>
>> after moving through terminals with ctrl-alt fX, from time to time i can
>> get this (screenshot below)
>> https://kosjenka.srce.hr/~hrvoje/openbsd/gdm1.jpg
>> https://kosjenka.srce.hr/~hrvoje/openbsd/gdm2.jpg
>>
>> in both cases, i can't click on anything in login screen ..
>>
>> I'm not much of a desktop user and if someone have clue what i'm doing
>> wrong please tell me :)
> 
> Thanks for reporting this. I also get this with my radeon 6850 where the
> screen is grey. If I switch back and forth through terminals I might
> eventually get the screen to render. Nothing is clickable.
> 
> In contrast gnome works on my thinkpad x230i, which uses intel(4).
> 

Yeah, I've tried whatever I knew or found on the net, but it seems to me
that gnome or gdm or something, just doesn't work on my laptop

OpenBSD 6.9-current (GENERIC.MP) #1: Wed May  5 18:44:19 CEST 2021
hrv...@e14gen2.srce.hr:/sys/arch/amd64/compile/GENERIC.MP
real mem = 7742496768 (7383MB)
avail mem = 7492403200 (7145MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.2 @ 0xbf913000 (62 entries)
bios0: vendor LENOVO version "R1AET36W (1.12 )" date 03/15/2021
bios0: LENOVO 20T6000TSC
acpi0 at bios0: ACPI 6.3
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SSDT SSDT IVRS SSDT SSDT TPM2 SSDT MSDM BATB
HPET APIC MCFG SBST WSMT VFCT SSDT CRAT CDIT FPDT SSDT SSDT SSDT BGRT
UEFI SSDT SSDT
acpi0: wakeup devices GPP3(S3) GPP4(S4) GPP5(S3) XHC0(S3) XHC1(S3)
GP19(S3) LID_(S4) SLPB(S3)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpihpet0 at acpi0: 14318180 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Ryzen 5 4500U with Radeon Graphics, 2370.83 MHz, 17-60-01
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu0: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
64b/line 8-way L2 cache
cpu0: ITLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=1.1, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD Ryzen 5 4500U with Radeon Graphics, 2370.56 MHz, 17-60-01
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu1: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
64b/line 8-way L2 cache
cpu1: ITLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu1: disabling user TSC (skew=-576239375)
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: AMD Ryzen 5 4500U with Radeon Graphics, 2370.56 MHz, 17-60-01
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu2: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
64b/line 8-way L2 cache
cpu2: ITLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu2: DTLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu2: disabling user TSC (skew=-576239362)
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 4 (application processor)
cpu3: AMD Ryzen 5 4500U with Radeon Graphics, 2370.57 MHz, 17-60-01
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX

gnome, gdm problem on lenovo e14 gen2

2021-05-03 Thread Hrvoje Popovski
Hi all,

I've installed a snapshot on e14gen2 and the installation went smooth.
Gnome was installed and configured based on
/usr/local/share/doc/pkg-readmes/gnome.
Problem is that when i should get login screen, gdm to ask me for user
and password, i'm getting blank grey screen ..

after moving through terminals with ctrl-alt fX, from time to time i can
get this (screenshot below)
https://kosjenka.srce.hr/~hrvoje/openbsd/gdm1.jpg
https://kosjenka.srce.hr/~hrvoje/openbsd/gdm2.jpg

in both cases, i can't click on anything in login screen ..

I'm not much of a desktop user and if someone have clue what i'm doing
wrong please tell me :)

Tnx ..



cat /etc/rc.conf.local
multicast=YES
pkg_scripts=messagebus avahi_daemon gdm


OpenBSD 6.9-current (GENERIC.MP) #0: Sun May  2 23:36:18 MDT 2021
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 7742496768 (7383MB)
avail mem = 7492407296 (7145MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.2 @ 0xbf913000 (62 entries)
bios0: vendor LENOVO version "R1AET36W (1.12 )" date 03/15/2021
bios0: LENOVO 20T6000TSC
acpi0 at bios0: ACPI 6.3
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP SSDT SSDT IVRS SSDT SSDT TPM2 SSDT MSDM BATB
HPET APIC MCFG SBST WSMT VFCT SSDT CRAT CDIT FPDT SSDT SSDT SSDT BGRT
UEFI SSDT SSDT
acpi0: wakeup devices GPP3(S3) GPP4(S4) GPP5(S3) XHC0(S3) XHC1(S3)
GP19(S3) LID_(S4) SLPB(S3)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpihpet0 at acpi0: 14318180 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Ryzen 5 4500U with Radeon Graphics, 2370.85 MHz, 17-60-01
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu0: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
64b/line 8-way L2 cache
cpu0: ITLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=1.1, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD Ryzen 5 4500U with Radeon Graphics, 2370.56 MHz, 17-60-01
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu1: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
64b/line 8-way L2 cache
cpu1: ITLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu1: disabling user TSC (skew=-575919403)
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: AMD Ryzen 5 4500U with Radeon Graphics, 2370.55 MHz, 17-60-01
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu2: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
64b/line 8-way L2 cache
cpu2: ITLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu2: DTLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu2: disabling user TSC (skew=-575919378)
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 4 (application processor)
cpu3: AMD Ryzen 5 4500U with Radeon Graphics, 2370.56 MHz, 17-60-01
cpu3:

Re: OpenBSD on Dell PE R6515

2021-04-12 Thread Hrvoje Popovski
On 12.4.2021. 20:04, Joerg Streckfuss wrote:
> 
> Hello folks,
> 
> in the past we used Dell servers like PE 1850, PE 2850, PE R730 and PE
> R740. We had good experiences running Openbsd on these systems. These
> models are all Intel based but for another project i'm considering
> giving AMD a chance.
> 
> I'm very interested in the Dell PE R6515 with AMD EPYC 7302P 3GHz,
> 16C/32T CPU and with a mix of NICs (Intel XXV710 10/25 GbE SFP28,
> Broadcom 57416 Dual Port 10 GbE SFP+, Intel i350 Quad Port 1GbE BASE-T).
> 
> The purpose is a Mix of PF firewall and bgp router. In the first stage
> of expansion, the system should be able to handle 10Gbits of traffic.
> Possibly more later.
> 
> Does anyone have experience running OpenBSD on this platform?
> 
> Thanks in advance for feedback,
> 
> Joerg
> 

Hi,

i have r7515 with 7702p which is the same generation as 7302p and it's
working without any problems.

reagring nic card, i would go with connect-x 4 lx for 10/25G, x520 or
x710 for 10G only, and as you mentioned i350 for 1G ...
for broadcom card, i'm not sure ...




dmesg:

r7515# dmesg
OpenBSD 6.9 (GENERIC.MP) #453: Sun Apr  4 19:37:01 MDT 2021
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 549314162688 (523866MB)
avail mem = 532650860544 (507975MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.3 @ 0x697a5000 (72 entries)
bios0: vendor Dell Inc. version "2.0.3" date 01/15/2021
bios0: Dell Inc. PowerEdge R7515
acpi0 at bios0: ACPI 6.0
acpi0: sleep states S0 S5
acpi0: tables DSDT FACP BERT HEST HPET APIC MCFG WSMT SLIC SSDT SSDT
EINJ SSDT CRAT CDIT IVRS SSDT
acpi0: wakeup devices PC00(S5) XHCI(S3) PC01(S5) XHCI(S3) PC02(S5)
XHCI(S3) PC03(S5) XHCI(S3)
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpihpet0 at acpi0: 14318180 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
ioapic0 at mainbus0: apid 240 pa 0xfec0, version 21, 24 pins, can't
remap
ioapic1 at mainbus0: apid 241 pa 0xe010, version 21, 32 pins, can't
remap
ioapic2 at mainbus0: apid 242 pa 0xc510, version 21, 32 pins, can't
remap
ioapic3 at mainbus0: apid 243 pa 0xaa10, version 21, 32 pins, can't
remap
ioapic4 at mainbus0: apid 244 pa 0xfd10, version 21, 32 pins, can't
remap
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD EPYC 7702P 64-Core Processor, 1996.51 MHz, 17-31-00
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu0: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
64b/line 8-way L2 cache
cpu0: ITLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=1.1, IBE
cpu1 at mainbus0: apid 1 (application processor)
cpu1: AMD EPYC 7702P 64-Core Processor, 1996.26 MHz, 17-31-00
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu1: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
64b/line 8-way L2 cache
cpu1: ITLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 2 (application processor)
cpu2: AMD EPYC 7702P 64-Core Processor, 1996.26 MHz, 17-31-00
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,PQM,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,SHA,UMIP,IBPB,IBRS,STIBP,SSBD,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu2: 32KB 64b/line 8-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
64b/line 8-way L2 cache
cpu2: ITLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu2: DTLB 64 4KB entries fully associative, 64 4MB entries fully

Re: Small/Mini 10Gbe Router Recommendation

2021-04-08 Thread Hrvoje Popovski
On 8.4.2021. 22:16, Daniel Melameth wrote:
> On Thu, Apr 8, 2021 at 1:52 PM Hrvoje Popovski  wrote:
>> On 8.4.2021. 20:56, Daniel Melameth wrote:
>>> On Thu, Apr 8, 2021 at 3:57 AM Stuart Henderson  
>>> wrote:
>>>> On 2021-04-07, Daniel Melameth  wrote:
>>>>> Looking to finally part with my legacy OpenBSD router and upgrade to
>>>>> something that can push more than 2Gbps out of a single port.  Since
>>>>> my switching equipment is still only 1Gbe, I also want something that
>>>>> has, at least, two Gbe ports.
>>>>>
>>>>> Any recommendations that work well with OpenBSD?  I am currently
>>>>> thinking 
>>>>> https://www.supermicro.com/en/products/system/Mini-ITX/SYS-E300-8D.cfm,
>>>>> but would like other opinions.
>>
>> my thinking is that if you want to push 10G traffic you'll need at least
>> 8 faster cores ..
>> for now you won't be using them, but when multiqueue RSS forwarding is
>> unlocked you will be happy ...
>>
>> this is vmstat -iz from 12 core box with ixl, mcx and ix
> 
> The dmesg you noted below is for a box with 4 cores, and I was hoping
> to future proof a bit with that.  

dmesg below is from SYS-5018D-FN8T which is basically same box as
SYS-E300-8D only rackmount ..

If I understand you correctly, you
> are saying I'll need 12 cores to do 10Gbps eventually?  What bandwidth
> are you getting out of the box with the dmesg below?

no no, i'm not saying that ... i'm saying that if you want some 10G
router/firewall in the future, you will need more than 4 core, actually
i would suggest 8 or more faster cores with 1 NUMA domain

this vmstat -iz output shows that on 12 cores box only ix is using all
12 queues while mcx and ixl are using 8 queues ... there is explanation
of why 8 queues but i can't remember it .. power of 2 something
something multiqueue :)

regarding forwarding performance of SYS-5018D-FN8T, i can't test it
right now but i remember it was something around 800 or 900 kpps of
plain forwaring and half of that when pf is enabled ..


>> irq114/ixl0270
>> irq115/ixl0:0   40
>> irq116/ixl0:1   00
>> irq117/ixl0:2   00
>> irq118/ixl0:3   00
>> irq119/ixl0:4   00
>> irq120/ixl0:5   00
>> irq121/ixl0:6   00
>> irq122/ixl0:7   80
>> irq123/ixl1270
>> irq124/ixl1:0   40
>> irq125/ixl1:1   00
>> irq126/ixl1:2   00
>> irq127/ixl1:3   00
>> irq128/ixl1:4   00
>> irq129/ixl1:5   00
>> irq130/ixl1:6   00
>> irq131/ixl1:7   80
>> irq132/mcx0350
>> irq133/mcx0:0  110
>> irq134/mcx0:1   00
>> irq135/mcx0:2   00
>> irq136/mcx0:3   00
>> irq137/mcx0:4   00
>> irq138/mcx0:5   00
>> irq139/mcx0:6   00
>> irq140/mcx0:7   00
>> irq141/mcx1390
>> irq142/mcx1:0  110
>> irq143/mcx1:1   00
>> irq144/mcx1:2   00
>> irq145/mcx1:3   00
>> irq146/mcx1:4   00
>> irq147/mcx1:5   00
>> irq148/mcx1:6   00
>> irq149/mcx1:7   00
>> irq150/ix0:0   130
>> irq151/ix0:100
>> irq152/ix0:200
>> irq153/ix0:300
>> irq154/ix0:420
>> irq155/ix0:500
>> irq156/ix0:620
>> irq157/ix0:700
>> irq158/ix0:800
>> irq159/ix0:900
>> irq160/ix0:10   00
>> irq161/ix0:11   00
>> irq162/ix0  00
>> irq163/ix1:0   

Re: Small/Mini 10Gbe Router Recommendation

2021-04-08 Thread Hrvoje Popovski
On 8.4.2021. 20:56, Daniel Melameth wrote:
> On Thu, Apr 8, 2021 at 3:57 AM Stuart Henderson  wrote:
>> On 2021-04-07, Daniel Melameth  wrote:
>>> Looking to finally part with my legacy OpenBSD router and upgrade to
>>> something that can push more than 2Gbps out of a single port.  Since
>>> my switching equipment is still only 1Gbe, I also want something that
>>> has, at least, two Gbe ports.
>>>
>>> Any recommendations that work well with OpenBSD?  I am currently
>>> thinking 
>>> https://www.supermicro.com/en/products/system/Mini-ITX/SYS-E300-8D.cfm,
>>> but would like other opinions.
>>
>> I have several routers using that same motherboard (been using them for
>> 3-4 years), they work nicely and have a useful selection of NICs. dmesg 
>> below -
>> the onboard SFP+ are ix0/1, the ixl(4) in there are a PCIE card. DOM works ok
>> on the fibre ports ("ifconfig ix0 sff" etc).
> 
> Wonderful--and the dmesg is even better.
> 

my thinking is that if you want to push 10G traffic you'll need at least
8 faster cores ..
for now you won't be using them, but when multiqueue RSS forwarding is
unlocked you will be happy ...

this is vmstat -iz from 12 core box with ixl, mcx and ix

irq114/ixl0270
irq115/ixl0:0   40
irq116/ixl0:1   00
irq117/ixl0:2   00
irq118/ixl0:3   00
irq119/ixl0:4   00
irq120/ixl0:5   00
irq121/ixl0:6   00
irq122/ixl0:7   80
irq123/ixl1270
irq124/ixl1:0   40
irq125/ixl1:1   00
irq126/ixl1:2   00
irq127/ixl1:3   00
irq128/ixl1:4   00
irq129/ixl1:5   00
irq130/ixl1:6   00
irq131/ixl1:7   80
irq132/mcx0350
irq133/mcx0:0  110
irq134/mcx0:1   00
irq135/mcx0:2   00
irq136/mcx0:3   00
irq137/mcx0:4   00
irq138/mcx0:5   00
irq139/mcx0:6   00
irq140/mcx0:7   00
irq141/mcx1390
irq142/mcx1:0  110
irq143/mcx1:1   00
irq144/mcx1:2   00
irq145/mcx1:3   00
irq146/mcx1:4   00
irq147/mcx1:5   00
irq148/mcx1:6   00
irq149/mcx1:7   00
irq150/ix0:0   130
irq151/ix0:100
irq152/ix0:200
irq153/ix0:300
irq154/ix0:420
irq155/ix0:500
irq156/ix0:620
irq157/ix0:700
irq158/ix0:800
irq159/ix0:900
irq160/ix0:10   00
irq161/ix0:11   00
irq162/ix0  00
irq163/ix1:0   130
irq164/ix1:100
irq165/ix1:220
irq166/ix1:300
irq167/ix1:420
irq168/ix1:500
irq169/ix1:600
irq170/ix1:700
irq171/ix1:800
irq172/ix1:900
irq173/ix1:10   00
irq174/ix1:11   00
irq175/ix1  00




dmesg for this one:
https://www.supermicro.com/en/products/system/1U/5018/SYS-5018D-FN8T.cfm


OpenBSD 6.8-current (GENERIC.MP) #120: Sun Oct 18 09:31:14 MDT 2020
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17054588928 (16264MB)
avail mem = 16522625024 (15757MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xed9b0 (47 entries)
bios0: vendor American Megatrends Inc. version "2.1" date 11/08/2019
bios0: Supermicro Super Server
acpi0 at bios0: ACPI 5.0
acpi0: sleep states S0 S4 S5
acpi0: tables DSDT FACP APIC FPDT FIDT SPMI MCFG UEFI DBG2 HPET WDDT
SSDT SSDT SSDT PRAD DMAR HEST BERT ERST EINJ
acpi0: wakeup devices IP2P(S4) EHC1(S4) EHC2(S4) RP07(S4) RP08(S4)
BR1A(S4) BR1B(S4) BR2A(S4) BR2B(S4) BR2C(S4) BR2D(S4) BR3A(S4) BR3B(S4)
BR3C(S4) BR3D(S4) 

Re: OT: Dell EMC switches

2021-04-08 Thread Hrvoje Popovski
On 8.4.2021. 20:58, Ivo Chutkin wrote:
> Hello everyone,
> 
> Does anyone have experience with Dell EMS switches?
> 
> Namely S4100 series, S4128F-ON or S4188F-ON.
> 
> Are they robust and reliable?
> 
> I need to replace number of Extreme Networks X650. 10G ports are loaded
> nearly 80% all the time. We are pushing Internet traffic and some
> multicast.
> 
> Also, Dell EMC support third party OS like FTOS, Cumulus Linux OS or Big
> Switch Networks Switch Light. It it means any good.
> 
> Thanks,
> Ivo
> 

Hi,

are you sure that you can put ftos on s4100 series ?
i think that you can put OS10 or something else but not ftos.

i like their VLT (mlag) setup, it's easy to configure and maintain
unlike extreme mlag setup ..

for me OS10 i just not ok :) .. it's debian with lot's of python scripts
but os9 i really nice and mature

if you want i can send you some details privately



Re: pf firewall bridge0 vether0 blocks DHCP for bridge interfaces connected to Windows

2021-03-10 Thread Hrvoje Popovski
On 10.3.2021. 20:40, da...@hajes.org wrote:
> Hi,
> 
> I did set up OpenBSD router/firewall on PC Engines APU4d4 box.
> 
> First interface is WAN that connects to Internet.
> 
> Remaining three interfaces are bridged with bridge0 via vether0.
> 
> firewall doesn't block LAN/bridge traffic on vether0.
> 
> DHCPD runs on bridge.
> 
> Two Linux hosts (connected to em2 and em3) connect without problem but
> Windows host DHCP requests are blocked on em1.
> 
> I didn't find any info regarding pf and bridging.
> 
> set skip on lo0
> set skip on bridge0
> 
> So far I have found a kludge for Windows "set skip on em1"
> 
> Once, above by line is present in pf.conf, Win 10 host is allowed to
> acquire IP address. Interesting is that Linux has no issues to acquire
> IP addresses via DHCP.
> 
> Any suggestions, please?
> 
> Is it something screwed up in Windows such as short 3-way-handshake?
> 
> 
> Regards
> 
> Hajes
> 

maybe to try veb(4) instead bridge(4) ... in that case use vport instead
vether ..




Re: 10Gbit network work only 1Gbit

2021-02-26 Thread Hrvoje Popovski
On 26.2.2021. 9:00, csszep wrote:
> Hi!
> 
> I miss something , or veb(4) ifconfig bits not yet commited ?
> 
> OpenBSD 6.9-beta (GENERIC.MP) #358: Wed Feb 24 17:11:53 MST 2021
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> 
> 
>  ifconfig veb0 create
> ifconfig: SIOCIFCREATE: Invalid argument
> 
>


it this latest snapshot ?



Re: 10Gbit network work only 1Gbit

2021-02-25 Thread Hrvoje Popovski
On 12.11.2019. 10:54, Szél Gábor wrote:
> Dear Hrvoje, Theo,
> 
> Thank you for your answers!
> 
> answers to the questions:
> -  who is parent interface for carp?  -> vlan  ( carp10 interface parent
> vlan10 -> vlan10 interface  parent -> trunk0 )
> - why vlan interfaces don't have ip address ? -> it wasn't needed! i
> think vlan interface need only tag packages. Carp (over vlan) interface
> have IP address.
> - vether implies that you have bridge? -> yes whe have only one bridge
> for bridget openvpn clients, but  we will eliminate it.
> 
> 
> we will do the following:
> - refresh our backup firewall to oBSD 6.6
> - replace trunk interface with aggr
> - remove bridge interface
> 
> if there was an update finised, I'll write again!
> 

Hi,

if you still have bridge and you don't need spanning-tree, try veb
instead. I'm getting 1.95Mpps over veb vs 500Kpps over bridge on 6 x
E5-2643 v2 @ 3.50GHz, 3600.48 MHz.

And of course .. big thanks to dlg@ who wrote it ..



Re: Switching from trunk(4) to aggr(4)

2020-12-14 Thread Hrvoje Popovski
On 13.12.2020. 23:40, Daniel Jakots wrote:
> I just tried
> # ifconfig aggr0 debug
> # dmesg
> 
> # ifconfig aggr0 down
> # ifconfig aggr0 up
> # ifconfig aggr0 # checked the debug flag was still there
> # dmesg
> 
> 
> I also looked at /var/log/message to be save, but nothing relevant.

Hi,

maybe to put debug in hostname.aggr0 then destroy it and then sh
netstart aggr0 ?



Re: Intl I350 Network Card Not Found

2020-09-17 Thread Hrvoje Popovski
On 17.9.2020. 20:39, Brandon Woodford wrote:
> Hello,
> 
> I've been trying  to fix an issue with my Intel I350-T4 PCI Network card not 
> being reported to the OpenBSD 6.7 system during boot. Looking through dmesg, 
> I was not able to find any reference to the card or the em interface name 
> that it should have. I've also tried updating all firmware with fw_update. 
> After that I tried creating a /etc/hostname.em1 file that just has dhcp 
> included in it and ran sh /etc/netstart. Unfortunately, no luck as of yet. I 
> was able to find the boot_config(8) man page that describes a similar issue 
> with the ne(4) driver. I went into the boot configuration and ran: find em 
> and received a response of: em* at pci* dev -1 function -1 flags 0x0. Not 
> sure if that means anything.
> 
> Quick note: the card does work on a separate system that is not OpenBSD but 
> FreeBSD.
> 
> Any help in the right direction is appreciated!
> 
> Thanks.
> 

Hi,

i have bunch of i350 cards and they all works perfectly. Can you send dmesg?



Re: openconnect

2020-09-03 Thread Hrvoje Popovski
On 1.9.2020. 15:22, Stuart Henderson wrote:
> On 2020-09-01, Hrvoje Popovski  wrote:
>> Hi all,
>>
>> does anyone use an openconnect server on openbsd and have guidelines on
>> how to configure it? i see that an openconnect server can use radius, so
>> it's interesting to me. Which client do you use to connect to the
>> openconnect server?
> 
> It worked when I tested after porting ocserv/openconnect, but I'm not using
> it in production. You should be able to connect to ocserv using either the
> openconnect client or cisco anyconnect client.
> 
>> If there is something else that can use radius, i would like to know?
> 
> at least these:
> 
> - npppd (yeuch l2tp :)
> 
> - openvpn (there's a username/pw auth method using a helper script,
> you can write something calling a radius client to check auth, also
> yeuch openvpn :)
> 
> I did once see some code including radius support for iked but it
> was tied up with a bunch of other changes and looked a bit complex
> to separate. I don't recall whether it was just username/pw or if
> it did full EAP.
> 
> 

Tnx for information. It would be great to have radius support for iked
so students could use eduroam username/pass for vpn ...




openconnect

2020-09-01 Thread Hrvoje Popovski
Hi all,

does anyone use an openconnect server on openbsd and have guidelines on
how to configure it? i see that an openconnect server can use radius, so
it's interesting to me. Which client do you use to connect to the
openconnect server?

If there is something else that can use radius, i would like to know?

Tnx



Re: aggr(4) not working with Intel XXV710 SFP28 on a Supermicro X11DPi-N(T)

2020-08-17 Thread Hrvoje Popovski
On 17.8.2020. 11:46, Stuart Henderson wrote:
> On 2020-08-15, Hrvoje Popovski  wrote:
>> On 15.8.2020. 0:48, Hrvoje Popovski wrote:
>>> On 12.8.2020. 15:18, Winfred Harrelson wrote:
>>>> On Tue, Aug 11, 2020 at 07:52:10PM +0100, Tom Smyth wrote:
>>>>> Hi Winfred,
>>>>> the intel 710 is a complex card,  I would suggest that you try updating 
>>>>> the
>>>>> firmware on the card, available from intel.com or your card vendor,
>>>>> you may have to boot to a live linux cd to apply the firmware update,
>>>>>
>>>>> but I had some issues with the Intel XL710 cards and I had to update the
>>>>> firmware to get it working stable,
>>>>>
>>>>> I hope this helps
>>>>> Tom Smyth
>>>>
>>>> Adding misc@openbsd.org back to the CC for the record.
>>>>
>>>> Thanks for the quick reply.  I didn't reply back yesterday because I
>>>> was having trouble getting the firmware updated from a Linux boot disk.
>>>> I ended up having to try from a Windows boot disk.  Unfortunately, I
>>>> am getting the same thing again:
>>>>
>>>>
>>>> wharrels@styx2:/home/wharrels# dmesg | grep ^ixl
>>>> ixl0 at pci5 dev 0 function 0 "Intel XXV710 SFP28" rev 0x02: port 0, FW 
>>>> 8.0.61820 API 1.11, msix, 8 queues, address 3c:fd:fe:ed:b7:28
>>>> ixl1 at pci5 dev 0 function 1 "Intel XXV710 SFP28" rev 0x02: port 1, FW 
>>>> 8.0.61820 API 1.11, msix, 8 queues, address 3c:fd:fe:ed:b7:29
>>>> ixl2 at pci8 dev 0 function 0 "Intel XXV710 SFP28" rev 0x02: port 0, FW 
>>>> 8.0.61820 API 1.11, msix, 8 queues, address 3c:fd:fe:eb:19:b0
>>>> ixl3 at pci8 dev 0 function 1 "Intel XXV710 SFP28" rev 0x02: port 1, FW 
>>>> 8.0.61820 API 1.11, msix, 8 queues, address 3c:fd:fe:eb:19:b1
>>>> ixl4 at pci12 dev 0 function 0 "Intel X722 10GBASE-T" rev 0x09: port 0, FW 
>>>> 3.1.57069 API 1.5, msix, 8 queues, address 3c:ec:ef:1a:df:f2
>>>> ixl5 at pci12 dev 0 function 1 "Intel X722 10GBASE-T" rev 0x09: port 1, FW 
>>>> 3.1.57069 API 1.5, msix, 8 queues, address 3c:ec:ef:1a:df:f3
>>>>
>>>> Yup, all the XXV710 cards have been updated to newest firmware.
>>>>
>>>> Now for the (failed) attempt:
>>>>
>>>> wharrels@styx2:/etc# ifconfig ixl0
>>>> ixl0: flags=8843 mtu 1500
>>>> lladdr 3c:fd:fe:ed:b7:28
>>>> index 1 priority 0 llprio 3
>>>> media: Ethernet autoselect (25GbaseSR full-duplex)
>>>> status: active
>>>> wharrels@styx2:/etc# ifconfig ixl2 
>>>> ixl2: flags=8843 mtu 1500
>>>> lladdr 3c:fd:fe:eb:19:b0
>>>> index 3 priority 0 llprio 3
>>>> media: Ethernet autoselect (25GbaseSR full-duplex)
>>>> status: active
>>>> wharrels@styx2:/etc# ifconfig aggr1 create
>>>> wharrels@styx2:/etc# ifconfig aggr1 trunkport ixl0
>>>> wharrels@styx2:/etc# ifconfig aggr1 trunkport ixl2
>>>> wharrels@styx2:/etc# ifconfig aggr1 up
>>>> wharrels@styx2:/etc# ifconfig aggr1
>>>> aggr1: flags=8843 mtu 1500
>>>> lladdr fe:e1:ba:d0:7c:e9
>>>> index 11 priority 0 llprio 7
>>>> trunk: trunkproto lacp
>>>> trunk id: [(8000,fe:e1:ba:d0:7c:e9,000B,,),
>>>>  (,00:00:00:00:00:00,,,)]
>>>> ixl0 lacp actor system pri 0x8000 mac fe:e1:ba:d0:7c:e9, 
>>>> key 0xb, port pri 0x8000 number 0x1
>>>> ixl0 lacp actor state activity,aggregation,defaulted
>>>> ixl0 lacp partner system pri 0x0 mac 00:00:00:00:00:00, 
>>>> key 0x0, port pri 0x0 number 0x0
>>>> ixl0 lacp partner state activity,aggregation,sync
>>>> ixl0 port 
>>>> ixl2 lacp actor system pri 0x8000 mac fe:e1:ba:d0:7c:e9, 
>>>> key 0xb, port pri 0x8000 number 0x3
>>>> ixl2 lacp actor state activity,aggregation,defaulted
>>>> ixl2 lacp partner system pri 0x0 mac 00:00:00:00:00:00, 
>>>> key 0x0, port pri 0x0 number 0x0
>>>> ixl2 lacp partner state activity,aggregation,sync
>>>> ixl2 port 
>>>> groups: aggr
>>>> media: Ethern

Re: aggr(4) not working with Intel XXV710 SFP28 on a Supermicro X11DPi-N(T)

2020-08-15 Thread Hrvoje Popovski
On 15.8.2020. 0:48, Hrvoje Popovski wrote:
> On 12.8.2020. 15:18, Winfred Harrelson wrote:
>> On Tue, Aug 11, 2020 at 07:52:10PM +0100, Tom Smyth wrote:
>>> Hi Winfred,
>>> the intel 710 is a complex card,  I would suggest that you try updating the
>>> firmware on the card, available from intel.com or your card vendor,
>>> you may have to boot to a live linux cd to apply the firmware update,
>>>
>>> but I had some issues with the Intel XL710 cards and I had to update the
>>> firmware to get it working stable,
>>>
>>> I hope this helps
>>> Tom Smyth
>>
>> Adding misc@openbsd.org back to the CC for the record.
>>
>> Thanks for the quick reply.  I didn't reply back yesterday because I
>> was having trouble getting the firmware updated from a Linux boot disk.
>> I ended up having to try from a Windows boot disk.  Unfortunately, I
>> am getting the same thing again:
>>
>>
>> wharrels@styx2:/home/wharrels# dmesg | grep ^ixl
>> ixl0 at pci5 dev 0 function 0 "Intel XXV710 SFP28" rev 0x02: port 0, FW 
>> 8.0.61820 API 1.11, msix, 8 queues, address 3c:fd:fe:ed:b7:28
>> ixl1 at pci5 dev 0 function 1 "Intel XXV710 SFP28" rev 0x02: port 1, FW 
>> 8.0.61820 API 1.11, msix, 8 queues, address 3c:fd:fe:ed:b7:29
>> ixl2 at pci8 dev 0 function 0 "Intel XXV710 SFP28" rev 0x02: port 0, FW 
>> 8.0.61820 API 1.11, msix, 8 queues, address 3c:fd:fe:eb:19:b0
>> ixl3 at pci8 dev 0 function 1 "Intel XXV710 SFP28" rev 0x02: port 1, FW 
>> 8.0.61820 API 1.11, msix, 8 queues, address 3c:fd:fe:eb:19:b1
>> ixl4 at pci12 dev 0 function 0 "Intel X722 10GBASE-T" rev 0x09: port 0, FW 
>> 3.1.57069 API 1.5, msix, 8 queues, address 3c:ec:ef:1a:df:f2
>> ixl5 at pci12 dev 0 function 1 "Intel X722 10GBASE-T" rev 0x09: port 1, FW 
>> 3.1.57069 API 1.5, msix, 8 queues, address 3c:ec:ef:1a:df:f3
>>
>> Yup, all the XXV710 cards have been updated to newest firmware.
>>
>> Now for the (failed) attempt:
>>
>> wharrels@styx2:/etc# ifconfig ixl0
>> ixl0: flags=8843 mtu 1500
>> lladdr 3c:fd:fe:ed:b7:28
>> index 1 priority 0 llprio 3
>> media: Ethernet autoselect (25GbaseSR full-duplex)
>> status: active
>> wharrels@styx2:/etc# ifconfig ixl2 
>> ixl2: flags=8843 mtu 1500
>> lladdr 3c:fd:fe:eb:19:b0
>> index 3 priority 0 llprio 3
>> media: Ethernet autoselect (25GbaseSR full-duplex)
>> status: active
>> wharrels@styx2:/etc# ifconfig aggr1 create
>> wharrels@styx2:/etc# ifconfig aggr1 trunkport ixl0
>> wharrels@styx2:/etc# ifconfig aggr1 trunkport ixl2
>> wharrels@styx2:/etc# ifconfig aggr1 up
>> wharrels@styx2:/etc# ifconfig aggr1
>> aggr1: flags=8843 mtu 1500
>> lladdr fe:e1:ba:d0:7c:e9
>> index 11 priority 0 llprio 7
>> trunk: trunkproto lacp
>> trunk id: [(8000,fe:e1:ba:d0:7c:e9,000B,,),
>>  (,00:00:00:00:00:00,,,)]
>> ixl0 lacp actor system pri 0x8000 mac fe:e1:ba:d0:7c:e9, key 
>> 0xb, port pri 0x8000 number 0x1
>> ixl0 lacp actor state activity,aggregation,defaulted
>> ixl0 lacp partner system pri 0x0 mac 00:00:00:00:00:00, key 
>> 0x0, port pri 0x0 number 0x0
>> ixl0 lacp partner state activity,aggregation,sync
>> ixl0 port 
>> ixl2 lacp actor system pri 0x8000 mac fe:e1:ba:d0:7c:e9, key 
>> 0xb, port pri 0x8000 number 0x3
>> ixl2 lacp actor state activity,aggregation,defaulted
>> ixl2 lacp partner system pri 0x0 mac 00:00:00:00:00:00, key 
>> 0x0, port pri 0x0 number 0x0
>> ixl2 lacp partner state activity,aggregation,sync
>> ixl2 port 
>> groups: aggr
>> media: Ethernet autoselect
>> status: no carrier
>>
>>
>>
>> I tried doing another sysupgrade this morning just in case something
>> had changed overnight but no luck.  Any other ideas?
>>
>> Winfred
>>
> 
> Hi,
> 
> could you try install snapshot from http://ftp.hostserver.de/archive/
> that is older than Thu Jun 25 06:41:38 2020 UTC ...
> 
> maybe this commit broke xxv710
> http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/if_ixl.c?rev=1.56=text/x-cvsweb-markup
> 
> i have vlans over aggr over x710-da2 with latest snapshot and it's
> working as expected ..
> 
> ixl0 at pci1 dev 0 function 0 "Intel X710 SFP+" rev 0x02: port 0, FW
> 7.3.60988 API 1.10, msix, 8 queues
> ixl1 at pci1 dev 0 function 1 "Intel X710 SFP+" rev 0x02: port 1, FW
> 7.3.60988 API 1.10, msix, 8 queues
> 

with new firmware aggr is working

ixl0 at pci1 dev 0 function 0 "Intel X710 SFP+" rev 0x02: port 0, FW
8.0.61820 API 1.11, msix, 8 queues
ixl1 at pci1 dev 0 function 1 "Intel X710 SFP+" rev 0x02: port 1, FW
8.0.61820 API 1.11, msix, 8 queues



Re: aggr(4) not working with Intel XXV710 SFP28 on a Supermicro X11DPi-N(T)

2020-08-14 Thread Hrvoje Popovski
On 12.8.2020. 15:18, Winfred Harrelson wrote:
> On Tue, Aug 11, 2020 at 07:52:10PM +0100, Tom Smyth wrote:
>> Hi Winfred,
>> the intel 710 is a complex card,  I would suggest that you try updating the
>> firmware on the card, available from intel.com or your card vendor,
>> you may have to boot to a live linux cd to apply the firmware update,
>>
>> but I had some issues with the Intel XL710 cards and I had to update the
>> firmware to get it working stable,
>>
>> I hope this helps
>> Tom Smyth
> 
> Adding misc@openbsd.org back to the CC for the record.
> 
> Thanks for the quick reply.  I didn't reply back yesterday because I
> was having trouble getting the firmware updated from a Linux boot disk.
> I ended up having to try from a Windows boot disk.  Unfortunately, I
> am getting the same thing again:
> 
> 
> wharrels@styx2:/home/wharrels# dmesg | grep ^ixl
> ixl0 at pci5 dev 0 function 0 "Intel XXV710 SFP28" rev 0x02: port 0, FW 
> 8.0.61820 API 1.11, msix, 8 queues, address 3c:fd:fe:ed:b7:28
> ixl1 at pci5 dev 0 function 1 "Intel XXV710 SFP28" rev 0x02: port 1, FW 
> 8.0.61820 API 1.11, msix, 8 queues, address 3c:fd:fe:ed:b7:29
> ixl2 at pci8 dev 0 function 0 "Intel XXV710 SFP28" rev 0x02: port 0, FW 
> 8.0.61820 API 1.11, msix, 8 queues, address 3c:fd:fe:eb:19:b0
> ixl3 at pci8 dev 0 function 1 "Intel XXV710 SFP28" rev 0x02: port 1, FW 
> 8.0.61820 API 1.11, msix, 8 queues, address 3c:fd:fe:eb:19:b1
> ixl4 at pci12 dev 0 function 0 "Intel X722 10GBASE-T" rev 0x09: port 0, FW 
> 3.1.57069 API 1.5, msix, 8 queues, address 3c:ec:ef:1a:df:f2
> ixl5 at pci12 dev 0 function 1 "Intel X722 10GBASE-T" rev 0x09: port 1, FW 
> 3.1.57069 API 1.5, msix, 8 queues, address 3c:ec:ef:1a:df:f3
> 
> Yup, all the XXV710 cards have been updated to newest firmware.
> 
> Now for the (failed) attempt:
> 
> wharrels@styx2:/etc# ifconfig ixl0
> ixl0: flags=8843 mtu 1500
> lladdr 3c:fd:fe:ed:b7:28
> index 1 priority 0 llprio 3
> media: Ethernet autoselect (25GbaseSR full-duplex)
> status: active
> wharrels@styx2:/etc# ifconfig ixl2 
> ixl2: flags=8843 mtu 1500
> lladdr 3c:fd:fe:eb:19:b0
> index 3 priority 0 llprio 3
> media: Ethernet autoselect (25GbaseSR full-duplex)
> status: active
> wharrels@styx2:/etc# ifconfig aggr1 create
> wharrels@styx2:/etc# ifconfig aggr1 trunkport ixl0
> wharrels@styx2:/etc# ifconfig aggr1 trunkport ixl2
> wharrels@styx2:/etc# ifconfig aggr1 up
> wharrels@styx2:/etc# ifconfig aggr1
> aggr1: flags=8843 mtu 1500
> lladdr fe:e1:ba:d0:7c:e9
> index 11 priority 0 llprio 7
> trunk: trunkproto lacp
> trunk id: [(8000,fe:e1:ba:d0:7c:e9,000B,,),
>  (,00:00:00:00:00:00,,,)]
> ixl0 lacp actor system pri 0x8000 mac fe:e1:ba:d0:7c:e9, key 
> 0xb, port pri 0x8000 number 0x1
> ixl0 lacp actor state activity,aggregation,defaulted
> ixl0 lacp partner system pri 0x0 mac 00:00:00:00:00:00, key 
> 0x0, port pri 0x0 number 0x0
> ixl0 lacp partner state activity,aggregation,sync
> ixl0 port 
> ixl2 lacp actor system pri 0x8000 mac fe:e1:ba:d0:7c:e9, key 
> 0xb, port pri 0x8000 number 0x3
> ixl2 lacp actor state activity,aggregation,defaulted
> ixl2 lacp partner system pri 0x0 mac 00:00:00:00:00:00, key 
> 0x0, port pri 0x0 number 0x0
> ixl2 lacp partner state activity,aggregation,sync
> ixl2 port 
> groups: aggr
> media: Ethernet autoselect
> status: no carrier
> 
> 
> 
> I tried doing another sysupgrade this morning just in case something
> had changed overnight but no luck.  Any other ideas?
> 
> Winfred
> 

Hi,

could you try install snapshot from http://ftp.hostserver.de/archive/
that is older than Thu Jun 25 06:41:38 2020 UTC ...

maybe this commit broke xxv710
http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/if_ixl.c?rev=1.56=text/x-cvsweb-markup

i have vlans over aggr over x710-da2 with latest snapshot and it's
working as expected ..

ixl0 at pci1 dev 0 function 0 "Intel X710 SFP+" rev 0x02: port 0, FW
7.3.60988 API 1.10, msix, 8 queues
ixl1 at pci1 dev 0 function 1 "Intel X710 SFP+" rev 0x02: port 1, FW
7.3.60988 API 1.10, msix, 8 queues

could  you send output from these two commands ..
ifconfig ixl sff
ifconfig ixl media



Re: IPSec heavy traffic slows down all network traffic

2020-07-18 Thread Hrvoje Popovski
On 17.7.2020. 20:17, jean-yves boisiaud wrote:
> hello,
> 
> Last week, I upgraded a couple of firewalls using carp/pfsync and sasyncd
> from 6.0 to 6.7 (yes, big jump !).
> 
> I also applied all the 6.7 published patches.
> 
> When some heavy traffic takes one of the IPSec tunnel, I noticed that :
> - all network connections are slowed down
> - unused network bandwidth increase instead of decrease
> - idle CPU move towards 0, and spinning increase to take about 50% of the
> CPU
> 
> When I stop the IPSec traffic :
> - network connections increase immediatly
> - unused network bandwidth cecreases immediately
> - spinning CPU is low.
> 
> Yes I know, my hardware is a bit old. I understand that CPU raises due to
> IPSec crypto, but I do not understand why network performance decrease.


maybe intel mitigation stuff decreased your performance. it in from
openbsd 6.3 ...
don't know if you are using aes for ipsec, but you cpu doesn't have
aes-ni... maybe to try wireguard ? :)



Re: supermicro - A2SDV-8C-LN8F

2020-07-13 Thread Hrvoje Popovski
On 11.7.2020. 11:13, mlopenb...@xiphosura.co.uk wrote:
> On Sat, 11 Jul 2020 00:13:34 +0200
> Hrvoje Popovski  wrote:
> 
>> Hi all,
>>
>> does anyone have experience or dmesg of this motherboard
>> https://www.supermicro.com/en/products/motherboard/A2SDV-8C-LN8F
>>
>> is it stable? i'm most interested in network performance and network
>> cards. in motherboard manual i couldn't find what "Quad LAN with
>> Intel® C3000 SoC" means ?  is it i350 em(4)?
>>
>>
>> Thank you ..
>>
> 
> Hello Hrvoje,
> 
> I am using the smaller but similar Supermicro A2SDi-4C-HLN4F which also
> uses thethe Intel C3000 SoC.  (In the manual it is described as
> "Intel® Atom SoC C3000 Series (FCBGA1310) Processor").
> 
> I have been using two systems since 6.7 was released (the first to
> support the onboard NICs) and they have been perfectly stable.
> 
> I did some testing with a 6.7 pre-release (in March) and using
> tcpbench(1) and a direct cable connection I was getting about 940 Mbps
> between two systems.
> 
> The onboard NICs are detected as ix(4) "Intel X553 SGMII"
>

Thank you guys ... i totally forgot that it's ix although it's 1Gbps



supermicro - A2SDV-8C-LN8F

2020-07-10 Thread Hrvoje Popovski
Hi all,

does anyone have experience or dmesg of this motherboard
https://www.supermicro.com/en/products/motherboard/A2SDV-8C-LN8F

is it stable? i'm most interested in network performance and network
cards. in motherboard manual i couldn't find what "Quad LAN with Intel®
C3000 SoC" means ?  is it i350 em(4)?


Thank you ..



Re: strongSwan cannot install IPsec policies on OpenBSD

2020-02-21 Thread Hrvoje Popovski
On 20.2.2020. 18:47, Peter Müller wrote:
> Hello openbsd-misc,
> 
> is anybody out there running strongSwan as an IPsec client for a net-to-net 
> connection
> on an OpenBSD machine?
> 
> If so, I would be very grateful to know which steps are necessary in order to 
> successfully
> route traffic through this n2n connection and what your ipsec.conf file (and 
> other ones,
> if necessary) looks like.
> 
> Sorry for bringing this up again, but I am out of ideas now and packaging 
> strongSwan
> for OpenBSD would not make sense if it could not be used properly. :-)
> 
> Thanks again for any advice on this.
> 
> Best regards,
> Peter Müller
> 

Maybe stupid question... can you use isakmpd on openbsd box and
strongswan on that other box ? i have working configuration for
site-to-site setup and it's working quite well ..




Re: Brand new server - bad adventures

2020-01-22 Thread Hrvoje Popovski
On 22.1.2020. 21:30, Özgür Kazancci wrote:
> Hello everyone! Greetings to misc people!
> 
> Got a brand new dedicated server with a hardware: Intel Xeon-E 2274G -
> 64GB DDR4 ECC 2666MHz - 2x SSD NVMe 960GB
> and installed "brand new" OpenBSD 6.6 on it. (I'm managing it remotely
> via KVM/IPMI)


Hi,

could you install snapshot on this box and if problem is still there
send report to bugs@openbsd
https://www.openbsd.org/report.html

at least in report send "sendbug -P" from that box




Re: small aggr problem ( on current )

2019-12-19 Thread Hrvoje Popovski
On 15.12.2019. 23:01, Hrvoje Popovski wrote:
> On 15.12.2019. 12:45, Holger Glaess wrote:
>> hi
>>
>>
>>   runing version
>>
>>
>> /etc 16>dmesg | more
>> Copyright (c) 1982, 1986, 1989, 1991, 1993
>>     The Regents of the University of California.  All rights reserved.
>> Copyright (c) 1995-2019 OpenBSD. All rights reserved.
>> https://www.OpenBSD.org
>>
>> OpenBSD 6.6-current (GENERIC.MP) #48: Tue Dec 10 16:30:01 MST 2019
>> dera...@octeon.openbsd.org:/usr/src/sys/arch/octeon/compile/GENERIC.MP
>>
>>
>>
>> after a reboot the aggr interface do not aggregate the connection with
>> the switch,
>>
>> just after an physical disaconnection from the ethernet cable , wait for
>> some sec,
>>
>> and replugin .
>>
>>
>> the the iterface are up and active, before ifconfig says "no carrier"
>> but the interfaces have
>>
>> carrier.
>>
>> i dont have the problem with the trunk interface on the same hardware.
>>
>>
>> you are on bellab as root
>> /etc 20>cat /etc/hostname.cnmac1
>> mtu 1518
>> up
>>
>> 12:43:59 Sun Dec 15
>> you are on bellab as root
>> /etc 21>cat /etc/hostname.cnmac2
>> mtu 1518
>> up
>>
>> 12:44:01 Sun Dec 15
>> you are on bellab as root
>> /etc 22>cat /etc/hostname.aggr0
>> trunkport cnmac1
>> trunkport cnmac2
>> mtu 1518
>> up
>>
>>
>> holger
>>
>>
>>
> Hi,
> 
> maybe logs below would help for further troubleshooting because i'm
> seeing same behavior.
> 
> when i add debug statement in hostname.agg0 and boot box i'm getting
> this log
> 
> starting network
> aggr0 ix0 rxm: LACP_DISABLED (LACP_Enabled) -> PORT_DISABLED
> aggr0 ix0: selection logic: unselected (rxm !CURRENT)
> aggr0 ix1 rxm: LACP_DISABLED (LACP_Enabled) -> PORT_DISABLED
> aggr0 ix1: selection logic: unselected (rxm !CURRENT)
> aggr0 ix2 rxm: LACP_DISABLED (LACP_Enabled) -> PORT_DISABLED
> aggr0 ix2: selection logic: unselected (rxm !CURRENT)
> aggr0 ix3 rxm: LACP_DISABLED (LACP_Enabled) -> PORT_DISABLED
> aggr0 ix3: selection logic: unselected (rxm !CURRENT)
> reordering libraries: done.
> 
> after boot aggr status is "no carrier"
> sh /etc/netstart isn't helping
> 
> but with ifconfig ix0-ix4 down/up aggr interface start to work normally
> 
> log when doing ifconfig ix0-ix4 down/up


just a little follow up:

i've tested aggr on two boxes. first box is dell r620 and second one is
supermicro SYS-5018D-FN8T. both boxes are connected to dell s4810
switch. Same cables, same ports, same port-channles on switch, timeout
fast or slow, both with ix 82599 interfaces ... (x552 ix interfaces are
disabled on supermicro box) ...

r620 is working without any problems and supermicro box is having same
problem as described above...

trunk interface are working on both boxes without any problem ..


this is fun :)






Re: small aggr problem ( on current )

2019-12-15 Thread Hrvoje Popovski
On 15.12.2019. 12:45, Holger Glaess wrote:
> hi
> 
> 
>   runing version
> 
> 
> /etc 16>dmesg | more
> Copyright (c) 1982, 1986, 1989, 1991, 1993
>     The Regents of the University of California.  All rights reserved.
> Copyright (c) 1995-2019 OpenBSD. All rights reserved.
> https://www.OpenBSD.org
> 
> OpenBSD 6.6-current (GENERIC.MP) #48: Tue Dec 10 16:30:01 MST 2019
> dera...@octeon.openbsd.org:/usr/src/sys/arch/octeon/compile/GENERIC.MP
> 
> 
> 
> after a reboot the aggr interface do not aggregate the connection with
> the switch,
> 
> just after an physical disaconnection from the ethernet cable , wait for
> some sec,
> 
> and replugin .
> 
> 
> the the iterface are up and active, before ifconfig says "no carrier"
> but the interfaces have
> 
> carrier.
> 
> i dont have the problem with the trunk interface on the same hardware.
> 
> 
> you are on bellab as root
> /etc 20>cat /etc/hostname.cnmac1
> mtu 1518
> up
> 
> 12:43:59 Sun Dec 15
> you are on bellab as root
> /etc 21>cat /etc/hostname.cnmac2
> mtu 1518
> up
> 
> 12:44:01 Sun Dec 15
> you are on bellab as root
> /etc 22>cat /etc/hostname.aggr0
> trunkport cnmac1
> trunkport cnmac2
> mtu 1518
> up
> 
> 
> holger
> 
> 
> 

Hi,

maybe logs below would help for further troubleshooting because i'm
seeing same behavior.

when i add debug statement in hostname.agg0 and boot box i'm getting
this log

starting network
aggr0 ix0 rxm: LACP_DISABLED (LACP_Enabled) -> PORT_DISABLED
aggr0 ix0: selection logic: unselected (rxm !CURRENT)
aggr0 ix1 rxm: LACP_DISABLED (LACP_Enabled) -> PORT_DISABLED
aggr0 ix1: selection logic: unselected (rxm !CURRENT)
aggr0 ix2 rxm: LACP_DISABLED (LACP_Enabled) -> PORT_DISABLED
aggr0 ix2: selection logic: unselected (rxm !CURRENT)
aggr0 ix3 rxm: LACP_DISABLED (LACP_Enabled) -> PORT_DISABLED
aggr0 ix3: selection logic: unselected (rxm !CURRENT)
reordering libraries: done.

after boot aggr status is "no carrier"
sh /etc/netstart isn't helping

but with ifconfig ix0-ix4 down/up aggr interface start to work normally

log when doing ifconfig ix0-ix4 down/up

aggr0 ix0 rxm: PORT_DISABLED (port_enabled) -> EXPIRED
aggr0 ix0 rxm: EXPIRED (LACPDU) -> CURRENT
aggr0 ix0: Selected UNSELECTED -> SELECTED
aggr0 ix0 mux: DETACHED (Selected == SELECTED) -> WAITING
aggr0 ix0 mux: WAITING (Selected == SELECTED) -> ATTACHED
aggr0 ix0: mux attached
aggr0 ix1 rxm: PORT_DISABLED (port_enabled) -> EXPIRED
aggr0 ix0 mux: ATTACHED (Partner.Sync) -> COLLECTING
aggr0 ix0: collecting enabled
aggr0 ix0 mux: COLLECTING (Partner.Sync) -> DISTRIBUTING
aggr0 ix0: distributing enabled
aggr0 ix1 rxm: EXPIRED (LACPDU) -> CURRENT
aggr0 ix1: Selected UNSELECTED -> SELECTED
aggr0 ix1 mux: DETACHED (Selected == SELECTED) -> WAITING
aggr0 ix1 mux: WAITING (Selected == SELECTED) -> ATTACHED
aggr0 ix1: mux attached
aggr0 ix2 rxm: PORT_DISABLED (port_enabled) -> EXPIRED
aggr0 ix2 rxm: EXPIRED (LACPDU) -> CURRENT
aggr0 ix2: Selected UNSELECTED -> SELECTED
aggr0 ix2 mux: DETACHED (Selected == SELECTED) -> WAITING
aggr0 ix2 mux: WAITING (Selected == SELECTED) -> ATTACHED
aggr0 ix2: mux attached
aggr0 ix3 rxm: PORT_DISABLED (port_enabled) -> EXPIRED
aggr0 ix3 rxm: EXPIRED (LACPDU) -> CURRENT
aggr0 ix3: Selected UNSELECTED -> SELECTED
aggr0 ix3 mux: DETACHED (Selected == SELECTED) -> WAITING
aggr0 ix3 mux: WAITING (Selected == SELECTED) -> ATTACHED
aggr0 ix3: mux attached
aggr0 ix1 mux: ATTACHED (Partner.Sync) -> COLLECTING
aggr0 ix1: collecting enabled
aggr0 ix1 mux: COLLECTING (Partner.Sync) -> DISTRIBUTING
aggr0 ix1: distributing enabled
aggr0 ix2 mux: ATTACHED (Partner.Sync) -> COLLECTING
aggr0 ix2: collecting enabled
aggr0 ix2 mux: COLLECTING (Partner.Sync) -> DISTRIBUTING
aggr0 ix2: distributing enabled
aggr0 ix3 mux: ATTACHED (Partner.Sync) -> COLLECTING
aggr0 ix3: collecting enabled
aggr0 ix3 mux: COLLECTING (Partner.Sync) -> DISTRIBUTING
aggr0 ix3: distributing enabled



Re: issues configuring vlan on top of aggr device

2019-12-03 Thread Hrvoje Popovski
On 3.12.2019. 15:11, Pedro Caetano wrote:
> Hi again,
> 
> I'm sorry, but since the boxes do not (yet) have working networking it
> is not easy for me to get the text output.
> I'm attaching a few pictures with the requested output.
> 
> https://picpaste.me/images/2019/12/03/cat_hostname.vl3800_hostname.aggr0.jpg
> https://picpaste.me/images/2019/12/03/ifconfig_vl3800.jpg

you should have ip address on vlan3800 interface, right?

> https://picpaste.me/images/2019/12/03/ifconfig_aggr0.jpg



Re: issues configuring vlan on top of aggr device

2019-12-03 Thread Hrvoje Popovski
On 3.12.2019. 13:15, Pedro Caetano wrote:
> Hi Hrvoje, thank you for the fast reply,
> 
> Unfortunately I have the same behavior.
> The aggr0 works as expected, as I can see the links bonded on the switch.
> I'm able to se the correct vid s, when tcpdump'ing the aggr0 interface.
> 
> I'd appreciate any help on this topic.
> 

can you send ifconfig aggr0 and ifconfig vlan3800 ?




> This configuration is working on -current with em(4) nics.
> 
> 
> Best regards,
> Pedro Caetano
> 
> A terça, 3/12/2019, 12:01, Hrvoje Popovski  <mailto:hrv...@srce.hr>> escreveu:
> 
> On 3.12.2019. 12:21, Pedro Caetano wrote:
> > Hi misc@
> >
> > I'm running openbsd 6.6 with latest patches running on a pair of
> hp dl 360
> > gen6 servers.
> >
> > I'm attempting to configure an aggr0 device towards a cat 3650.
> >
> > The aggr0 associates successfully with the switch, but I'm unable
> to run
> > vlans on top of it.
> >
> > The configuration on openbsd is the following:
> > #ifconfig aggr0 create
> > #ifconfig aggr0 trunkport bnx0
> > #ifconfig aggr0 trunkport bnx1
> 
> add this - ifconfig aggr0 up
> if you have hostname.aggr0 add "up" at the end of that file ...
> 
> > #ifconfig vlan3800 create
> > #ifconfig vlan3800 vnetid 3800
> > #ifconfig vlan3800 parent aggr0
> > #ifconfig vlan3800 10.80.253.10/24 <http://10.80.253.10/24>
> > ifconfig: SIOCAIFADDR: No buffer space available.
> 



Re: issues configuring vlan on top of aggr device

2019-12-03 Thread Hrvoje Popovski
On 3.12.2019. 12:21, Pedro Caetano wrote:
> Hi misc@
> 
> I'm running openbsd 6.6 with latest patches running on a pair of hp dl 360
> gen6 servers.
> 
> I'm attempting to configure an aggr0 device towards a cat 3650.
> 
> The aggr0 associates successfully with the switch, but I'm unable to run
> vlans on top of it.
> 
> The configuration on openbsd is the following:
> #ifconfig aggr0 create
> #ifconfig aggr0 trunkport bnx0
> #ifconfig aggr0 trunkport bnx1

add this - ifconfig aggr0 up
if you have hostname.aggr0 add "up" at the end of that file ...

> #ifconfig vlan3800 create
> #ifconfig vlan3800 vnetid 3800
> #ifconfig vlan3800 parent aggr0
> #ifconfig vlan3800 10.80.253.10/24
> ifconfig: SIOCAIFADDR: No buffer space available.



Re: 10Gbit network work only 1Gbit

2019-11-13 Thread Hrvoje Popovski
On 13.11.2019. 16:37, Gregory Edigarov wrote:
> could you please do one more test:
> "forwarding over ix0 and ix1, pf enabled, 5 tcp states"

with this generator i can't use tcp. generally pps with 5 or 50
states are more or less same ... problem with tcp testing is that i
can't get precise pps numbers ...

and only for you :)
with iperf3 (8 tcp streams) on client boxes i'm getting this results ...

forwarding over ix0 and ix1, pf and ipsec disabled
9.40Gbps

forwarding over ix0 and ix1, pf enabled, 8 tcp streams
7.40Gbps

forwarding over ix0 and ix1, ipsec established over em0, pf disabled
8.10Gbps

forwarding over ix0 and ix1, ipsec established over em0, pf enabled, 8
TCP streams
5.25Gbps


> On 13.11.19 12:52, Hrvoje Popovski wrote:
>> On 13.11.2019. 10:59, Hrvoje Popovski wrote:
>>> On 12.11.2019. 10:54, Szél Gábor wrote:
>>>> Dear Hrvoje, Theo,
>>>>
>>>> Thank you for your answers!
>>>>
>>>> answers to the questions:
>>>> -  who is parent interface for carp?  -> vlan  ( carp10 interface
>>>> parent
>>>> vlan10 -> vlan10 interface  parent -> trunk0 )
>>>> - why vlan interfaces don't have ip address ? -> it wasn't needed! i
>>>> think vlan interface need only tag packages. Carp (over vlan) interface
>>>> have IP address.
>>> it's little strange to me to not have ip address on parent carp
>>> interface, but if it works for you ... ok..
>>>
>>>> - vether implies that you have bridge? -> yes whe have only one bridge
>>>> for bridget openvpn clients, but  we will eliminate it.
>>>>
>>>>
>>>> we will do the following:
>>>> - refresh our backup firewall to oBSD 6.6
>>>> - replace trunk interface with aggr
>>>> - remove bridge interface
>>> this is nice start to make you setup faster. big performance killer in
>>> your setup is ipsec and old hardware. maybe oce(4) but i never tested
>>> it, so i'm not sure ... if you can, change oce with ix, intel x520 is
>>> not that expensive ..
>>>
>>> bridge is slow, but only for traffic that goes through it. with ipsec,
>>> the same second when tunnel is established, forwarding performance will
>>> drop significantly on whole firewall ...
>>
>> i forgot numbers, so i did quick tests ..
>>
>>
>> forwarding over ix0 and ix1, pf and ipsec disabled
>> 1.35Mpps
>>
>> forwarding over ix0 and ix1, pf enabled, 500 UDP states
>> 800Kpps
>>
>> forwarding over ix0 and ix1, ipsec established over em0, pf disabled
>> 800Kpps
>>
>> forwarding over ix0 and ix1, ipsec established over em0, pf enabled, 500
>> UDP states
>> 550Kpps
>>
>>
>>
>> OpenBSD 6.6-current (GENERIC.MP) #453: Mon Nov 11 21:40:31 MST 2019
>>  dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>> real mem = 17115840512 (16322MB)
>> avail mem = 16584790016 (15816MB)
>> mpath0 at root
>> scsibus0 at mpath0: 256 targets
>> mainbus0 at root
>> bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xcf42c000 (99 entries)
>> bios0: vendor Dell Inc. version "2.8.0" date 06/26/2019
>> bios0: Dell Inc. PowerEdge R620
>> acpi0 at bios0: ACPI 3.0
>> acpi0: sleep states S0 S4 S5
>> acpi0: tables DSDT FACP APIC SPCR HPET DMAR MCFG WD__ SLIC ERST HEST
>> BERT EINJ TCPA PC__ SRAT SSDT
>> acpi0: wakeup devices PCI0(S5)
>> acpitimer0 at acpi0: 3579545 Hz, 24 bits
>> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
>> cpu0 at mainbus0: apid 4 (boot processor)
>> cpu0: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.53 MHz, 06-3e-04
>> cpu0:
>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
>>
>> cpu0: 256KB 64b/line 8-way L2 cache
>> cpu0: smt 0, core 2, package 0
>> mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
>> cpu0: apic clock running at 100MHz
>> cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
>> cpu1 at mainbus0: apid 6 (application processor)
>> cpu1: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.01 MHz, 06-3e-04
>> cpu1:
>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,

Re: 10Gbit network work only 1Gbit

2019-11-13 Thread Hrvoje Popovski
On 13.11.2019. 10:59, Hrvoje Popovski wrote:
> On 12.11.2019. 10:54, Szél Gábor wrote:
>> Dear Hrvoje, Theo,
>>
>> Thank you for your answers!
>>
>> answers to the questions:
>> -  who is parent interface for carp?  -> vlan  ( carp10 interface parent
>> vlan10 -> vlan10 interface  parent -> trunk0 )
>> - why vlan interfaces don't have ip address ? -> it wasn't needed! i
>> think vlan interface need only tag packages. Carp (over vlan) interface
>> have IP address.
> 
> it's little strange to me to not have ip address on parent carp
> interface, but if it works for you ... ok..
> 
>> - vether implies that you have bridge? -> yes whe have only one bridge
>> for bridget openvpn clients, but  we will eliminate it.
>>
>>
>> we will do the following:
>> - refresh our backup firewall to oBSD 6.6
>> - replace trunk interface with aggr
>> - remove bridge interface
> 
> this is nice start to make you setup faster. big performance killer in
> your setup is ipsec and old hardware. maybe oce(4) but i never tested
> it, so i'm not sure ... if you can, change oce with ix, intel x520 is
> not that expensive ..
> 
> bridge is slow, but only for traffic that goes through it. with ipsec,
> the same second when tunnel is established, forwarding performance will
> drop significantly on whole firewall ...


i forgot numbers, so i did quick tests ..


forwarding over ix0 and ix1, pf and ipsec disabled
1.35Mpps

forwarding over ix0 and ix1, pf enabled, 500 UDP states
800Kpps

forwarding over ix0 and ix1, ipsec established over em0, pf disabled
800Kpps

forwarding over ix0 and ix1, ipsec established over em0, pf enabled, 500
UDP states
550Kpps



OpenBSD 6.6-current (GENERIC.MP) #453: Mon Nov 11 21:40:31 MST 2019
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17115840512 (16322MB)
avail mem = 16584790016 (15816MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xcf42c000 (99 entries)
bios0: vendor Dell Inc. version "2.8.0" date 06/26/2019
bios0: Dell Inc. PowerEdge R620
acpi0 at bios0: ACPI 3.0
acpi0: sleep states S0 S4 S5
acpi0: tables DSDT FACP APIC SPCR HPET DMAR MCFG WD__ SLIC ERST HEST
BERT EINJ TCPA PC__ SRAT SSDT
acpi0: wakeup devices PCI0(S5)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 4 (boot processor)
cpu0: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.53 MHz, 06-3e-04
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 2, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 100MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
cpu1 at mainbus0: apid 6 (application processor)
cpu1: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.01 MHz, 06-3e-04
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 3, package 0
cpu2 at mainbus0: apid 8 (application processor)
cpu2: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.01 MHz, 06-3e-04
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 4, package 0
cpu3 at mainbus0: apid 16 (application processor)
cpu3: Intel(R) Xeon(R) CPU E5-2643 v2 @ 3.50GHz, 3600.01 MHz, 06-3e-04
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 8, package 0
cpu4 at mainbus0: apid 18 (app

Re: 10Gbit network work only 1Gbit

2019-11-13 Thread Hrvoje Popovski
On 12.11.2019. 10:54, Szél Gábor wrote:
> Dear Hrvoje, Theo,
> 
> Thank you for your answers!
> 
> answers to the questions:
> -  who is parent interface for carp?  -> vlan  ( carp10 interface parent
> vlan10 -> vlan10 interface  parent -> trunk0 )
> - why vlan interfaces don't have ip address ? -> it wasn't needed! i
> think vlan interface need only tag packages. Carp (over vlan) interface
> have IP address.

it's little strange to me to not have ip address on parent carp
interface, but if it works for you ... ok..

> - vether implies that you have bridge? -> yes whe have only one bridge
> for bridget openvpn clients, but  we will eliminate it.
> 
> 
> we will do the following:
> - refresh our backup firewall to oBSD 6.6
> - replace trunk interface with aggr
> - remove bridge interface

this is nice start to make you setup faster. big performance killer in
your setup is ipsec and old hardware. maybe oce(4) but i never tested
it, so i'm not sure ... if you can, change oce with ix, intel x520 is
not that expensive ..

bridge is slow, but only for traffic that goes through it. with ipsec,
the same second when tunnel is established, forwarding performance will
drop significantly on whole firewall ...

> if there was an update finised, I'll write again!

please do, i would like to hear



Re: 10Gbit network work only 1Gbit

2019-11-11 Thread Hrvoje Popovski
On 11.11.2019. 13:42, Szél Gábor wrote:
> Hello @misc,
> 

Hi,


> We have an interesting problem, we run a lot of OpenBSD router/firewalls
> in many places.
> 
> We have a larger network than our client, 300-400 local wired or
> wireless endpoint, 20+ VLAN, 20+ switches.
> Network structure:
> 
>  * Main switch - 2x Cisco Nexus 3k switch in HA mode (vPC dedicated
>    2x40Gbit Peer link, keepalive link)
>  * access switch - 10+ Cisco 3750X + C3KX-SM-10G 10Gbit module.
>    some 3750x stacked (2 or 3 switch)
>  * Main and access switches have redundant 10Gbit fiber link (LACP)
>  * when is possible jumbo frame is enabled (mtu 9000)
> 
> Firewall/router:
> 
>  * 2x Dell 2950 - 2x Xeon X5460 (8 core), 8Gb Memory, 2x10Gbit SFP+
>    network card

hardware is really old, if you can, buy something newer


>  * redundant design - CARP, pfsync, ifstated, etc  master-backup>    
> configuration
>  * HP NC550SFP network card, oce driver (mtu 9000)

if you can change oce with ix. ixl is not so bad .. .


>  * dual SFP+ port have LACP link to Nexus switches (2x10Gbit access
>    link) - use openbsd trunk interface
>  * all vlan used openbsd pseudo-device over trunk interface (VLANs not
>    have have IP address, only up)

update to openbsd 6.6 or snapshot and insted of trunk use aggr. why vlan
interfaces don't have ip address ?


>  * all network subnets defined in CARP interfaces, only managment VLAN
>    have address on VLAN interface.

who is parent interface for carp ?

>  * some vether virtual interface for VPN, DNS, etc ...

vether implies that you have bridge? bridge is slow..

>  * some tun and tap interface for VPN
>  * enc interface for ipsec

ipsec is performance killer big time ... even for traffic that doesn't
go through ipsec tunnel ..  if you can move ipsec or any vpn stuff to
other boxes that you speed up your firewalls  ...

>  * one bridge interface for openVPN (during termination)

vether is in that bridge?

>  * OpenBSD 6.3 64bit

please, update boxes regularly.. you have carp and pfsync, you can do
that without any problem ..

> 
> PF:
> 
>  * global block rule (block all)
>  * ruleset-optimization none
>  * optimization aggressive
>  * reassemble no
>  * block-policy drop
>  * scrub enabled
>  * antispoof enabled
>  * regulating traffic between subnets with pf pass in/out rules
>  * pf.conf currently 1500+ lines
>  * the number of connections during the day in PF 10 000+
> 
> Problem:
> 
> We see that network traffic is limited to 1Gbit on firewall. Not in one
> link, not IP-to-IP, to the whole firewall!
> 

yes ... ipsec, trunk, pf are for whole firewall .. and even if you have
fastest box in the world you will not get performance that you want ..


> example:
> 
>  * i make test traffic form VLAN 2 to VLAN 12 witch iperf.
>    test PC-s have 1Gbit ethernet cards.
>    Speed is okay, ~800Mbit/sec
>  * i make anoter traffic from VLAN 2 to VLan20 with iperf, from another
>    PC-s
>    (they also have 1gbit ethernet cards)
>    speed is not good! ~60-80Mbit/sec
>  * if i stopped first speed test (2->12), second test speed is okay!
>    (2->20)
>  * but i make test from completely different VLANs, 2->12 and 20->30,
>    the result is so.

if you disable pf on vlan intefaces (set skip on vlan2/vlan12) do you
get better performace?
and after that for disable ipsec and try testing again... do you see
differences ?

> This is firewall (openbsd) limitation, but we don't understand why?
> 
> I know openbsd VLAN interface has a speed problem, this is it?

not in OpenBSD 6.6

> I know it's so difficult to make a mistake from some information, what
> should we look at?
> 

OpenBSD is great router and firewall that can do so much for you .. but
please you really need to rethink your hardware and setup ..



Re: alias vs inet alias in hostname.if

2019-09-20 Thread Hrvoje Popovski
On 20.9.2019. 13:12, Stuart Henderson wrote:
> On 2019-09-20, Hrvoje Popovski  wrote:
>> Hi all,
>>
>> if i have "alias" directive in hostname.if with dot-notation netmask and
>> networks are in 10/8 or 172.16/12 it seems i'm getting classless /8 or
>> /16 networks ...
> 
> hostname.if(5) format is weird and a bit annoying, the word "netmask"
> is added to the ifconfig command for "inet alias" but not for bare
> "alias" which is passed directly to ifconfig and results in it using the
> standard netmask for the class of address holding the network.
> 
>> but if i have "inet alias" or "alias" with cidr notation netmaks in
>> hostname.if everything seems fine and classful :)
> 
> that's passed as a single argument to ifconfig which treats it as you'd
> expect.
> 
>> i'm not sure if this is intentional or not so i'm reporting it here on
>> misc@
> 
> mostly intentional I think, still annoying though!
> 
> 

Thank you for info...

yes, little annoying but it's fine :)



alias vs inet alias in hostname.if

2019-09-20 Thread Hrvoje Popovski
Hi all,

if i have "alias" directive in hostname.if with dot-notation netmask and
networks are in 10/8 or 172.16/12 it seems i'm getting classless /8 or
/16 networks ...


inet 192.168.42.1 255.255.255.0
alias 10.10.10.0 255.255.255.0

ix0: flags=8843 mtu 1500
inet 192.168.42.1 netmask 0xff00 broadcast 192.168.42.255
inet 10.10.10.0 netmask 0xff00 broadcast 10.255.255.255

10/8   10.10.10.0 UCn   ix0
10.10.10.0 ec:f4:bb:da:f7:f8  UHLl  ix0
10.255.255.255 10.10.10.0 UHb   ix0



inet 10.10.10.0 255.255.255.0
alias 172.16.2.1 255.255.255.0

ix0: flags=8843 mtu 1500
inet 10.10.10.0 netmask 0xff00 broadcast 10.10.10.255
inet 172.16.2.1 netmask 0x broadcast 172.16.255.255

172.16/16  172.16.2.1 UCn   ix0
172.16.2.1 ec:f4:bb:da:f7:f8  UHLl  ix0
172.16.255.255 172.16.2.1 UHb   ix0


but if i have "inet alias" or "alias" with cidr notation netmaks in
hostname.if everything seems fine and classful :)

i'm not sure if this is intentional or not so i'm reporting it here on
misc@



Re: 6.6-beta (RAMDISK_CD) #281 hangs on fsck

2019-09-10 Thread Hrvoje Popovski
On 9.9.2019. 11:39, David Gwynne wrote:
> This should be fixed in -current now. A snapshot should pick it up in a day 
> or so. Sorry for the inconvenience.
> 
> Cheers,
> dlg

Hi,

with new snapshot from 09-Sep-2019 bsd.rd and sysupgrade is working
normally with mfii..

thank you ...



Re: 6.6-beta (RAMDISK_CD) #281 hangs on fsck

2019-09-08 Thread Hrvoje Popovski
On 8.9.2019. 18:19, Luke Small wrote:
> It doesn’t work for me on the
> ftp.hostserver.de/archive/2019-08-29-0105/amd64/
> bsd.rd!


Hi,

do you maybe have mfii on that box ?

I'm having same problem as Mischa and i have mfii. with bsd.rd fsck
stops with this command

Which disk is the root disk? ('?' for details) [sd0] sd0
Checking root filesystem (fsck -fp /dev/sd0a)...

On other boxes without mfii bsd.rd and sysupgrade works just fine..

between 27.08 and 29.8 i saw this commit

Changes by: d...@cvs.openbsd.org2019/08/27 22:55:51

Modified files:
sys/dev/pci: mfii.c

Log message:
implement a DV_POWERDOWN handler to flush cache and shutdown the controller

this has been in snaps for the last week without issue, and has
been running in production on a bunch of my boxes for a week before
that, also without issue.



Re: OpenBSD 6.5 dumps to debugger when using ifconfig bridge command

2019-06-05 Thread Hrvoje Popovski
On 4.6.2019. 21:22, Russell Sutherland wrote:
> I tried loading current on the device and the same result:
> 
> OpenBSD 6.5-current (GENERIC.MP) #5: Mon Jun  3 07:46:49 MDT 2019
> 
> # netstat -in
> NameMtu   Network Address  Ipkts IfailOpkts Ofail 
> Colls
> lo0 327680 00 0 > 0
> lo0 32768 ::1/128 ::1  0 00 0 > 0
> lo0 32768 fe80::%lo0/ fe80::1%lo0  0 00 0 > 0
> lo0 32768 127/8   127.0.0.10 00 0 > 0
> em0 150000:0d:b9:43:9b:3031715 0   120479 7 > 0
> em1 150000:0d:b9:43:9b:31   123252   11630860 0 > 0
> em2 150000:0d:b9:43:9b:32 1672 0  625 0 > 0
> em2 1500  128.100.103 128.100.103.831672 0  625 0 > 0
> enc0*   00 00 0 > 0
> bridge0 1500152255 0   151339 0 > 0
> pflog0  331360 0   70 0 > 0
> freenas-fw# ifconfig bridge0
> bridge0: flags=4WARNING: SPL NOT LOWERED ON S1
> YSCALL 5index 6 llprio 34 3 EXIT 0
> groups: bridg 9
> e
> priorStopped at  savectx+0xb1:   movl$0,%gs:0x530
> ddb{2}>


Hi,

can you take a look at this link
https://www.openbsd.org/ddb.html

when your box is up and running execute sendbug -P > bridge-problem.txt
and when your box is in ddb type this commands
trace, ps

and send all those to b...@openbsd.org mailing list ...



Re: firefox, sndiod and pledge

2019-05-30 Thread Hrvoje Popovski
On 30.5.2019. 10:48, Solene Rapenne wrote:
> On Thu, May 30, 2019 at 10:41:39AM +0200, Hrvoje Popovski wrote:
>> Hi all,
>>
>> i'm not sure is this intended or not, but if sndiod isn't running and if
>> i want to open youtube video with firefox i got this log
>> firefox[54192]: pledge "tty", syscall 54 and firefox crashes 
>> when sndiod is running everything seems fine ..
>>
>>
> 
> which firefox package and version on which openbsd version?

i have installed gnome and desktop stuff few days ago just to see how it
works :) i'm not much of a openbsd desktop user


firefox-67.0Mozilla web browser

OpenBSD 6.5-current (GENERIC.MP) #51: Wed May 29 19:46:38 MDT 2019
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8456089600 (8064MB)
avail mem = 8189689856 (7810MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe87b1 (86 entries)
bios0: vendor Hewlett-Packard version "J01 v02.29" date 04/04/2016
bios0: Hewlett-Packard HP Compaq 8200 Elite CMT PC
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC SSDT MCFG HPET SSDT SLIC TCPA
acpi0: wakeup devices PS2K(S3) PS2M(S3) BR20(S4) EUSB(S3) USBE(S3)
PEX0(S4) PEX1(S4) PEX2(S4) PEX3(S4) PEX4(S4) PEX5(S4) PEX6(S4) PEX7(S4)
P0P1(S4) P0P2(S4) P0P3(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz, 3293.38 MHz, 06-2a-07
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz, 3292.53 MHz, 06-2a-07
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz, 3292.53 MHz, 06-2a-07
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz, 3292.53 MHz, 06-2a-07
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,MELTDOWN
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 20, 24 pins
acpimcfg0 at acpi0
acpimcfg0: addr 0xe000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 5 (BR20)
acpiprt2 at acpi0: bus 1 (PEX0)
acpiprt3 at acpi0: bus -1 (PEX1)
acpiprt4 at acpi0: bus -1 (PEX2)
acpiprt5 at acpi0: bus -1 (PEX3)
acpiprt6 at acpi0: bus 2 (PEX4)
acpiprt7 at acpi0: bus -1 (PEX5)
acpiprt8 at acpi0: bus 3 (PEX6)
acpiprt9 at acpi0: bus 4 (PEX7)
acpiprt10 at acpi0: bus -1 (P0P1)
acpiprt11 at acpi0: bus -1 (P0P2)
acpiprt12 at acpi0: bus -1 (P0P3)
acpiprt13 at acpi0: bus -1 (P0P4)
acpicpu0 at acpi0: C1(1000@1 halt), PSS
acpicpu1 at acpi0: C1(1000@1 halt), PSS
acpicpu2 at acpi0: C1(1000@1 halt), PSS
acpicpu3 at acpi0: C1(1000@1 halt), PSS
acpipci0 at acpi0 PCI0: 0x0010 0x0011 0x
acpicmos0 at acpi0
tpm0 at acpi0: TPM_ addr 0xfed4/0x5000, Infineon SLB9635 1.2 rev 0x10
acpibtn0 at acpi0: PWRB
"PNP0C14" at acpi0 not configured
ipmi at mainbus0 not configured
cpu0: using VERW MDS workaround (except on vmm entry)
cpu0: Enhanced SpeedStep 3293 MHz: speeds: 3301, 3300, 3100, 2900, 2700,
2500, 2300, 2100, 1900, 1700, 1600 MHz
pci0 at mainbus0 bus 0
pchb0 at

firefox, sndiod and pledge

2019-05-30 Thread Hrvoje Popovski
Hi all,

i'm not sure is this intended or not, but if sndiod isn't running and if
i want to open youtube video with firefox i got this log
firefox[54192]: pledge "tty", syscall 54 and firefox crashes 
when sndiod is running everything seems fine ..


from kdump
 70068 firefox  CALL  ioctl(56,AUDIO_STOP,0x1)
 70068 firefox  PLDG  ioctl, "tty", errno 1 Operation not permitted


from gdb
(gdb) bt
#0  ioctl () at -:3
#1  0x1ad9e350858e in sio_sun_fdopen (fd=31, mode=1, nbio=1) at
/usr/src/lib/libsndio/sio_sun.c:326
#2  0x1ad9e3508626 in _sio_sun_open (str=Variable "str" is not
available.
) at /usr/src/lib/libsndio/sio_sun.c:345
#3  0x1ada4916e16b in WebPGetColorPalette () from
/usr/local/lib/firefox/libxul.so.84.0
#4  0x1ada4916d47d in WebPGetColorPalette () from
/usr/local/lib/firefox/libxul.so.84.0
#5  0x1ada47f0f415 in std::__1::__murmur2_or_cityhash::__hash_len_0_to_16 () from /usr/local/lib/firefox/libxul.so.84.0
#6  0x1ada47f0f2d2 in std::__1::__murmur2_or_cityhash::__hash_len_0_to_16 () from /usr/local/lib/firefox/libxul.so.84.0
#7  0x1ada480bdb0c in
cdm::ContentDecryptionModule_10::~ContentDecryptionModule_10 () from
/usr/local/lib/firefox/libxul.so.84.0
#8  0x1ada480bca8a in
cdm::ContentDecryptionModule_10::~ContentDecryptionModule_10 () from
/usr/local/lib/firefox/libxul.so.84.0
#9  0x1ada480bf915 in
cdm::ContentDecryptionModule_10::~ContentDecryptionModule_10 () from
/usr/local/lib/firefox/libxul.so.84.0
#10 0x1ada480c60e9 in
cdm::ContentDecryptionModule_10::~ContentDecryptionModule_10 () from
/usr/local/lib/firefox/libxul.so.84.0
#11 0x1ada47f63ada in std::__1::__split_buffer&>::push_front () from
/usr/local/lib/firefox/libxul.so.84.0
#12 0x1ada47f5dc46 in std::__1::__split_buffer&>::push_front () from
/usr/local/lib/firefox/libxul.so.84.0
#13 0x1ada47f5da7b in std::__1::__split_buffer&>::push_front () from
/usr/local/lib/firefox/libxul.so.84.0
#14 0x1ada47f9047d in std::__1::__split_buffer&>::push_front () from
/usr/local/lib/firefox/libxul.so.84.0
#15 0x1ada461232f8 in std::__1::function::swap
() from /usr/local/lib/firefox/libxul.so.84.0
#16 0x1ada46120f51 in std::__1::function::swap
() from /usr/local/lib/firefox/libxul.so.84.0
#17 0x1ada46134a3e in std::__1::function::swap
() from /usr/local/lib/firefox/libxul.so.84.0
#18 0x1ada46134b9b in std::__1::function::swap
() from /usr/local/lib/firefox/libxul.so.84.0
#19 0x1ada46130c32 in std::__1::function::swap
() from /usr/local/lib/firefox/libxul.so.84.0
#20 0x1ada46133271 in std::__1::function::swap
() from /usr/local/lib/firefox/libxul.so.84.0
#21 0x1ada4655eb47 in std::__1::vector
>::__append () from /usr/local/lib/firefox/libxul.so.84.0
#22 0x1ada464dc85f in std::__1::vector, std::__1::allocator >,
std::__1::allocator, std::__1::allocator > >
>::insert, std::__1::allocator >*> > () from
/usr/local/lib/firefox/libxul.so.84.0
#23 0x1ada4612e92d in std::__1::function::swap
() from /usr/local/lib/firefox/libxul.so.84.0
#24 0x1adaa590c0a9 in _pt_root (arg=0x1adab98c4100) at ptthread.c:201
#25 0x1adac18e2771 in _rthread_start (v=Variable "v" is not available.
) at /usr/src/lib/librthread/rthread.c:96
#26 0x1ada973897c8 in __tfork_thread () at
/usr/src/lib/libc/arch/amd64/sys/tfork_thread.S:77
#27 0x in ?? ()
Current language:  auto; currently asm



Re: Problems installing 6.5 on Supermicro X11SDV-8C-TP8 motherboard - can't see/find network interfaces

2019-05-19 Thread Hrvoje Popovski
On 19.5.2019. 3:08, Don Jackson wrote:
> I recently acquired a Supermicro 1019D-FRN8TP server with a X11SDV-8C-TP8 
> motherboard.

Hi,

try to install latest snapshot. After installation execute
sendbug -P > 1019D-FRN8TP.txt and send that output to b...@openbsd.org
with hardware description and links to that motherboard.

if you can't install latest snapshot collect some information from
other OS like acpidump, pcidump -v or lspci -nn, lsusb -vvv


i'm quite certain that openbsd should see 4 x 1Gbe Intel i354 interfaces
as em, not sure about x722 although this could be ixl ...


this box seems as quite nice router :) but i'm think i would go with
https://www.supermicro.com/Aplus/system/Embedded/AS-5019D-FTN4.cfm



Re: samba : snapshots of 6.5

2019-04-15 Thread Hrvoje Popovski
On 14.4.2019. 20:10, Tuyosi T wrote:
> hi all .
> 
> the samba of snapshots does not start .
> 
> dell# /etc/rc.d/samba start
>  smbd(timeout)
> 

I have similar problem with samba after upgrade to 4.8.11, smbd timeouts
but it starts.

# rcctl stop samba
nmbd(ok)
smbd(ok)

# rcctl start samba
smbd(timeout)

# ps auxw | grep mbd
root 88754  0.0  0.1  1740  6040 ??  Ss 3:33PM0:00.02
/usr/local/sbin/smbd -D
root 48917  0.0  0.0  1616  2260 ??  S  3:33PM0:00.01
/usr/local/sbin/smbd -D
root 47827  0.0  0.0  1616  1832 ??  S  3:33PM0:00.00
/usr/local/sbin/smbd -D


and if i execute rcctl start samba once again nmbd start normally
# rcctl start samba
nmbd(ok)

# ps auxw | grep mbd
root 88754  0.0  0.1  1740  6040 ??  Ss 3:33PM0:00.02
/usr/local/sbin/smbd -D
root 47827  0.0  0.0  1616  1832 ??  S  3:33PM0:00.00
/usr/local/sbin/smbd -D
root 48917  0.0  0.0  1616  2260 ??  S  3:33PM0:00.01
/usr/local/sbin/smbd -D
root 79668  0.0  0.0  1464  2580 ??  Ss 3:34PM0:00.04
/usr/local/sbin/nmbd -D



Re: 40G ixl nics

2019-04-10 Thread Hrvoje Popovski
On 3.2.2019. 19:09, Tony Sarendal wrote:
> Good evening,
> 
> We inserted a 2x40G NIC into one of our old franken-pc's, and got this:
> 
> ixl0 at pci2 dev 0 function 0 "Intel XL710 QSFP+" rev 0x02: port 0, FW
> 5.0.40043 API 1.5, msi, address 0c:c4:7a:5e:f9:c8
> ixl0: unable to query phy types
> ixl1 at pci2 dev 0 function 1 "Intel XL710 QSFP+" rev 0x02: port 1, FW
> 5.0.40043 API 1.5, msi, address 0c:c4:7a:5e:f9:c9
> ixl1: unable to query phy types

Hi,

could you update firmware on ixl nics and try -current or wait for 6.5
release.. i think that your nics should work ...

https://downloadcenter.intel.com/product/83967/Intel-Ethernet-Converged-Network-Adapter-XL710-QDA2




Re: IBM x3650 M3 fatal page fault in supervisor mode

2019-03-12 Thread Hrvoje Popovski
On 12.3.2019. 22:26, Marco Nuessgen wrote:
> I am trying to install OpenBSD 6.4 amd64 on an IBM x-series server. The
> boot process halts after the kernel gets a "fatal page fault in
> supervisor mode".
> 
> The machine is a x3650 M3 server, 2x six-core XEON E5645 2.4GHz, 88GB
> RAM, 3 x 146GB HDD, Serveraid M1015 7945 RAID adapter, 4 x Broadcom
> NetXtreme II. NICs.

Hi,

if you change your bios settings like:
- disable hyper-threading
- operating mode to maximum performance
- disable TPM device

does it help?

if not, can you update firmware ? i can help you with that.
can you run some hardware diagnostic ?



Re: iked road warrior setup with multiple clients connecting

2019-02-25 Thread Hrvoje Popovski
On 25.2.2019. 16:44, Michael Lam wrote:
> Hi,
> 
> I have a very straight forward setup use case that I want to use my
> OpenBSD router as a VPN gateway, which will accept IKEv2 road warrior
> connections from the Internet and route all traffics through my
> router.
> 
> I am using a ms-chapv2 authentication and a letsencrypt certificate,
> which I can successfully obtain. All my clients are Apple devices
> with latest iOS installed. They normally are connected to the Internet
> directly without going through this router.
> 
> Configuration as below:
> 
> user “a” "123456"
> user “b” "246810"
> user “c” "135791"
> 
> set passive 
> 
> ikev2 "rw" passive esp \
> from any to 172.20.11.0/24 \
> local any peer any \
> srcid my.fqdn.org \
> eap mschap-v2 \
> config protected-subnet 172.20.10.0/24 \
> config address 172.20.11/0/24 \
  ^
is this typo?



Re: OpenBSD 6.4-stable + current "freezes" after 4h

2019-01-14 Thread Hrvoje Popovski
On 14.1.2019. 16:25, Hrvoje Popovski wrote:
> On 14.1.2019. 10:02, Marco Prause wrote:
>> splassert: bstp_notify_rtage: want 2 have 0
>> splassert: bstp_notify_rtage: want 2 have 0
>> splassert: bstp_notify_rtage: want 2 have 0
>> splassert: bstp_notify_rtage: want 2 have 0
>> splassert: bstp_notify_rtage: want 2 have 0
>> splassert: bstp_notify_rtage: want 2 have 0
> 
> could you try adding this sysctls
> sysctl kern.splassert=2
> sysctl kern.pool_debug=1
> 
> 
> are you getting similar traces ?
> 
> splassert: bstp_notify_rtage: want 2 have 0
> Starting stack trace...
> bstp_set_port_tc(668bdd1357c8fcb,4) at bstp_set_port_tc+0x1a0
> bstp_update_tc(fa46532a51d755d) at bstp_update_tc+0xfd
> bstp_tick(809f7c00) at bstp_tick+0x357
> softclock(3c3f171cb53a98a3) at softclock+0x117
> softintr_dispatch(120392a2955eaa7c) at softintr_dispatch+0xfc
> Xsoftclock(0,0,1388,0,800267e0,81ccd6b0) at Xsoftclock+0x1f
> acpicpu_idle() at acpicpu_idle+0x281
> sched_idle(0) at sched_idle+0x245
> end trace frame: 0x0, count: 249
> End of stack trace.
> 
> 
> splassert: bstp_notify_rtage: want 2 have 256
> Starting stack trace...
> bstp_set_port_tc(668bdd1357c8fcb,4) at bstp_set_port_tc+0x1a0
> bstp_update_tc(fa46532a51d755d) at bstp_update_tc+0xfd
> bstp_tick(809f7c00) at bstp_tick+0x357
> softclock(3c3f171cb53a98a3) at softclock+0x117
> softintr_dispatch(120392a2955eaa7c) at softintr_dispatch+0xfc
> Xsoftclock(0,0,1388,0,800267e0,81ccd6b0) at Xsoftclock+0x1f
> acpicpu_idle() at acpicpu_idle+0x281
> sched_idle(0) at sched_idle+0x245
> end trace frame: 0x0, count: 249
> End of stack trace.
> 

i'm getting these traces even with

OpenBSD 6.4-current (GENERIC.MP) #499: Mon Dec 10 11:33:10 MST 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

which is before mpi@ commit
Changes by: m...@cvs.openbsd.org2018/12/12 07:19:15

Modified files:
sys/net: if_bridge.c bridgectl.c


splassert: bstp_notify_rtage: want 2 have 0
Starting stack trace...
bstp_set_port_tc(233f0d46a06cbcc7,4) at bstp_set_port_tc+0x1a0
bstp_update_tc(cc45a761c76fe6c6) at bstp_update_tc+0xfd
bstp_tick(80663400) at bstp_tick+0x357
softclock(82030e4bce69f3d2) at softclock+0x117
softintr_dispatch(df881ff53c0f4dab) at softintr_dispatch+0xfc
Xsoftclock(0,0,1388,0,800267e0,81ca66b0) at Xsoftclock+0x1f
acpicpu_idle() at acpicpu_idle+0x281
sched_idle(0) at sched_idle+0x245
end trace frame: 0x0, count: 249
End of stack trace.


so, maybe all this traces are noise regarding this problem or it's been
in tree for a some time







Re: amd64 current snapshot reboots after http mirror entry

2019-01-14 Thread Hrvoje Popovski
On 14.1.2019. 15:35, Mihai Popescu wrote:
> Hello,
> 
> Just a short confirmation, amd64 current snapshot reboots the computer
> at install, right after the [http] mirror input.
> All I can see are 4 lines of blue background written, then reboot. I
> am not able to see or capture the message since it is very fast and
> I'm not using console.
> 

I'm seeing this log with today's bsd.rd from ftp2.eu.openbsd.org
bsd.rd  2019-01-14 09:15 while trying to update one machine..


uvm_fault(0xff042f6f0420, 0x0, 0, 1) -> e
fatal page fault supervisor mode
trap type 6 code 0 rip 810f94c9 cs 8 rflags 10246 cr2  0
cpl 0 rsp 8000226df480
gsbase 0x81877ff0  kgsbase 0x0
trap type 6, code=0, pc=810f94c9
syncing disks...1 1  done

dump to dev 17,1 not possible
rebooting...



this is c/p from serial console

Let's upgrade the sets!
Location of sets? (cd0 disk http or 'done') [http]
HTTP proxy URL? (e.g. 'http://proxy:8080', or 'none') [none]
HTTP Server? (hostname, list#, 'done' or '?') [ftp2.eu.openbsd.org]
Server directory? [pub/OpenBSD/snapshots/amd64]

Select sets by entering a set name, a file name pattern or 'all'. De-select
sets by prepending a '-', e.g.: '-game*'. Selected sets are labelled '[X]'.
[X] bsd uvm_fault(0xff042f6f0420, 0x0, 0, 1) -> e
  [X] base64fatal page fault.tgz[X] game in supervisor mode
64.tgz[X] xftrap type 6 code 0 rip 810f94c9 cs 8 rflags
10246 cr2  0
 cpl 0 rsp 8000226df480
ont64.tgz
[gsbase 0x81877ff0  kgsbase 0x0
X] bsd.mp   p [X] comp64.tgz a   [X] xbase64.tngz   [X] xserv64i.tgz
[X] bscd.rd[X] :man64.tgz [X ] xshare64.tgz
trap type 6, code=0, pc=810f94c9
syncing disks...1 1  done

dump to dev 17,1 not possible
rebooting...



Re: OpenBSD 6.4-stable + current "freezes" after 4h

2019-01-14 Thread Hrvoje Popovski
On 14.1.2019. 10:02, Marco Prause wrote:
> splassert: bstp_notify_rtage: want 2 have 0
> splassert: bstp_notify_rtage: want 2 have 0
> splassert: bstp_notify_rtage: want 2 have 0
> splassert: bstp_notify_rtage: want 2 have 0
> splassert: bstp_notify_rtage: want 2 have 0
> splassert: bstp_notify_rtage: want 2 have 0

could you try adding this sysctls
sysctl kern.splassert=2
sysctl kern.pool_debug=1


are you getting similar traces ?

splassert: bstp_notify_rtage: want 2 have 0
Starting stack trace...
bstp_set_port_tc(668bdd1357c8fcb,4) at bstp_set_port_tc+0x1a0
bstp_update_tc(fa46532a51d755d) at bstp_update_tc+0xfd
bstp_tick(809f7c00) at bstp_tick+0x357
softclock(3c3f171cb53a98a3) at softclock+0x117
softintr_dispatch(120392a2955eaa7c) at softintr_dispatch+0xfc
Xsoftclock(0,0,1388,0,800267e0,81ccd6b0) at Xsoftclock+0x1f
acpicpu_idle() at acpicpu_idle+0x281
sched_idle(0) at sched_idle+0x245
end trace frame: 0x0, count: 249
End of stack trace.


splassert: bstp_notify_rtage: want 2 have 256
Starting stack trace...
bstp_set_port_tc(668bdd1357c8fcb,4) at bstp_set_port_tc+0x1a0
bstp_update_tc(fa46532a51d755d) at bstp_update_tc+0xfd
bstp_tick(809f7c00) at bstp_tick+0x357
softclock(3c3f171cb53a98a3) at softclock+0x117
softintr_dispatch(120392a2955eaa7c) at softintr_dispatch+0xfc
Xsoftclock(0,0,1388,0,800267e0,81ccd6b0) at Xsoftclock+0x1f
acpicpu_idle() at acpicpu_idle+0x281
sched_idle(0) at sched_idle+0x245
end trace frame: 0x0, count: 249
End of stack trace.



Intel X710-DA4 and Dell R420

2018-12-06 Thread Hrvoje Popovski
Hi all,

i just wanted to warn people not to buy X710-DA4 and try to insert it in
Dell R420. You can insert it in Dell R620 just fine.

nic - http://kosjenka.srce.hr/~hrvoje/nic.jpg
r420 pci slot - http://kosjenka.srce.hr/~hrvoje/r420-pci.jpg


On other hand don't put chinese X710-DA2 or something like that in Dell
servers (tried on r420 and r620), because UEFI panics and won't boot. It
works on IBM x3550 M4 server..

X710-DA2 that breaks Dell UEFI:
https://www.ebay.com/itm/DELL-Intel-X710-DA2-Y5M7N-10GB-PCI-x8-Ethernet-Converged-Network-Adapter/183371328835?hash=item2ab1c86d43:g:ol4AAOSwcrNbbXYL:rk:30:pf:0



Re: Performance impact of PF on APU2

2018-10-04 Thread Hrvoje Popovski
On 4.10.2018. 5:58, Benjamin Petit wrote:
> Ok so I compared 6.3-release, 6.3-release+syspatches(=stable?) and the latest 
> snapshot from October 2.
> 
> I measured iperf3 throughput between A and B, like this:
> PC A <---> APU2 <---> PC B
> 
> pf rules are the one shipped by default in 6.3:
> 
>   gw# pfctl -sr   
>    
>   block return all
>   pass all flags S/SA
>   block return in on ! lo0 proto tcp from any to any port 6000:6010
>   block return out log proto tcp all user = 55
>   block return out log proto udp all user = 55
> 
> OpenBSD 6.3 RELEASE:   
>   - pf enabled:  841 Mbits/sec  
>   - pf disabled: 935 Mbits/sec
> 
> OpenBSD 6.3 + Syspatch:
>   - pf enabled:  803 Mbits/sec
>   - pf disabled: 936 Mbits/sec
> 
> OpenBSD CURRENT:
>   - pf enabled: 526 Mbits/sec (541 with kern.pool_debug=0)
>   - pf disabled: 934 Mbits/sec
> 
> So there is a small perf drop when applying all syspatches to 6.3 (not sure 
> which one cause the drop), 
> but the performance drop SIGNIFICANTLY using the latest snapshot.
> 
> Am I missing something? (I really hope I am)
> 

Hi,

if you're feeling brave enough and you can test/experiment
with pf you can download openbsd kernel with experimental MP support
from here http://kosjenka.srce.hr/~hrvoje/zaprocvat/smpfbsd

SHA256 (smpfbsd) =
e95e94190a0e52de7690b3278cfab14985817089e7a53615cd2599420593b32c

this kernel is compiled with option WITH_PF_LOCK and NET_TASKQ=4

before you download it please backup your active kernel so if something
goes wrong you can put it back ..

cp /bsd /goodbsd
cp smpfbsd /bsd
reboot

if something goes wrong at boot prompt before kernel starts to boot you
can boot old kernel with command - boot goodbsd

i'm running this kernel for few days and i'm hitting pf, pfsync and
pflow quite hard and it seems stable :)



cpu's in dmesg

2018-08-22 Thread Hrvoje Popovski
Hi all,

in today's snapshot i see some strange dmesg cpu output. it feels like
cosmetic stuff only but i'm not sure ...


cpu1: Intel(R) Xeon(R) Gold 6134 CPU @ 3.20GHz, 3192.49 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,MPX,AVX512F,AVX512DQ,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,PT,AVX512CD,AVX512BW,AVX512VL,PKU,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu1: failed to identify
,MELTDOWN
cpu2 at mainbus0cpu1: : 256KB 64b/line apid 10 (application processor)

^this   ^this

8-way L2 cache
cpu1: smt 0, core 4, package 0
cpu2: Intel(R) Xeon(R) Gold 6134 CPU @ 3.20GHz, 3192.49 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,MPX,AVX512F,AVX512DQ,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,PT,AVX512CD,AVX512BW,AVX512VL,PKUcpu2:
failed to identify
,IBRS,IBPB,STIBPcpu3 at mainbus0,L1DF,SSBD: apid 14 (application processor)
^this
,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu2: 256KB 64b/line 8-way L2 cachecpu3: Intel(R) Xeon(R) Gold 6134 CPU
^this
@ 3.20GHz, 3192.49 MHz



full dmesg

OpenBSD 6.4-beta (GENERIC.MP) #247: Wed Aug 22 00:45:14 MDT 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 33735553024 (32172MB)
avail mem = 32703938560 (31188MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x6f119000 (84 entries)
bios0: vendor FUJITSU // American Megatrends Inc. version "V5.0.0.12
R1.22.0 for D3383-A1x" date 06/04/2018
bios0: FUJITSU PRIMERGY RX2530 M4
acpi0 at bios0: rev 2
acpi0: sleep states S0 S5
acpi0: tables DSDT FACP FPDT FIDT SPMI UEFI UEFI MCEJ MCFG HPET APIC
MIGT MSCT NFIT PCAT PCCT RASF SLIT SRAT SVOS WDDT OEM4 OEM1 SSDT SSDT
SSDT DMAR HEST BERT ERST EINJ
acpi0: wakeup devices PWRB(S0) XHCI(S0) PXSX(S0) RP17(S0) PXSX(S0)
RP18(S0) PXSX(S0) RP19(S0) PXSX(S0) RP20(S0) PXSX(S0) RP01(S0) PXSX(S0)
RP02(S0) PXSX(S0) RP03(S0) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimcfg0 at acpi0
acpimcfg0: addr 0x8000, bus 0-255
acpihpet0 at acpi0: 2399 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) Gold 6134 CPU @ 3.20GHz, 3193.11 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,MPX,AVX512F,AVX512DQ,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,PT,AVX512CD,AVX512BW,AVX512VL,PKU,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 24MHz
cpu0: mwait min=64, max=64, C-substates=0.2.0.2, IBE
cpu1 at mainbus0: apid 8 (application processor)
cpu1: Intel(R) Xeon(R) Gold 6134 CPU @ 3.20GHz, 3192.49 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,MPX,AVX512F,AVX512DQ,RDSEED,ADX,SMAP,CLFLUSHOPT,CLWB,PT,AVX512CD,AVX512BW,AVX512VL,PKU,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVEScpu1:
failed to identify
,MELTDOWN
cpu2 at mainbus0cpu1: : 256KB 64b/line apid 10 (application processor)
8-way L2 cache
cpu1: smt 0, core 4, package 0
cpu2: Intel(R) Xeon(R) Gold 6134 CPU @ 3.20GHz, 3192.49 MHz
cpu2:

Re: 6.3-current kernel panic: aml_die aml_parse:4194 on PowerEdge

2018-05-16 Thread Hrvoje Popovski
On 2.5.2018. 11:28, Jan Vlach wrote:
> R440 WAS( Re: Dell PowerEdge R430/R440 support)
> Reply-To: 
> In-Reply-To: <20180425150215.gh20...@diehard.n-r-g.com>
> 
> Hello misc@
> 
> 
> the Dell PowerEdge R440 server arrived for testing and it panics on boot
> to installed system. Installer works fine, it's the reboot into
> installed system that fails. Both 6.3-release and 6.3-current behave the
> same. (OpenBSD 6.3-current (RAMDISK_CD) #12: Wed Apr 25 22:56:41 MDT
> 2018; dmesg below)
> 
> I've turned PERC H330 into HBA mode and setup raid1 softraid from 3
> disks.
> 
> last screen on monitor with panic (rewritten by hand, sorry for possible 
> typos, photo at
> https://synchronicity.cz/bsd/ )
> 
> ### LAST PANIC SCREEN
> acpiprt81 at acpi0: bus -1 (SR3A)
> acpiprt82 at acpi0: bus -1 (SR3B)
> acpiprt83 at acpi0: bus -1 (SR3C)
> acpiprt84 at acpi0: bus -1 (SR3D)
> acpiprt85 at acpi0: bus -1 (MCP6)
> acpiprt86 at acpi0: bus -1 (MCP7)
> acpicpu0 at acpi0LoadTable
> 0140 Called: \_SB_.SCK0.CP00.ISTT
> 0140 Called: \_SB_.SCK0.CP00.ISTT
> 034d Called: \_SB_.SCK0.CP00._OSC
>   arg0: 0x80620488 cnt:05 stk: 00 buffer: 10 {16, a6, 77, 40,
> 0c, 29, be, 47, 9e, bd, d8, 70, 58, 71, 39, 53}
>   arg1: 0x80627988 cnt:01 stk:00 integer: 1 arg2: 0x80629388 
> cnt:01 stk:00 integer: 2
>   arg3: 0x8061d188 cnt:04 stk:00 buffer: 0c {00, 00, 00, 00, 3b,
> 03, 00, 00, ff, ff, ff, ff}
> 034d Called: \_SB_.SCK0.CP00._OSC
>   arg0: 0x80620488 cnt:05 stk: 00 buffer: 10 {16, a6, 77, 40,
> 0c, 29, be, 47, 9e, bd, d8, 70, 58, 71, 39, 53}
>   arg1: 0x80627988 cnt:01 stk:00 integer: 1
>   arg2: 0x80629388 cnt:01 stk:00 integer: 2
>   arg3: 0x8061d188 cnt:04 stk:00 buffer: 0c {00, 00, 00, 00, 3b,
> 03, 00, 00, ff, ff, ff, ff}
> panic: aml_die aml_parse:4194


Hi,

could you please try this diff from kettenis@
https://marc.info/?l=openbsd-tech=152650279308779=2



Re: 6.3-current kernel panic: aml_die aml_parse:4194 on PowerEdge

2018-05-02 Thread Hrvoje Popovski
On 2.5.2018. 19:06, Mike Larkin wrote:
> On Wed, May 02, 2018 at 06:51:51PM +0200, Jan Vlach wrote:
>>> Last time I checked, we don't support LoadTable.
>>>
>>> -ml
>>>
>>
>> Thank you Mike for your reply. I have no clue about ACPI. Is this a new
>> way how vendors extend ACPI? Is there generally a way to switch it to
>> some "legacy" mode or is this endgame? 
>> Is there some info I could get from the system before I send it back
>> that could later down the road when someone is interested? Would getting
>> an acpidump from Linux and/or FreeBSD help at this point? 
>>
>> Thank you again,
>> Jan
> 
> kettenis@ may know more, I think he knows about this issue already. It's just
> a missing piece of the standard we didn't implement yet. An AML dump may
> be useful, yes.
> 
> -ml
> 

Hi,

it seems that this is the same problem as on r640/r740. Please see

http://openbsd-archive.7691.n7.nabble.com/acpi-panic-on-dell-r640-and-r740xd-td339288.html





acpidump and bsd.rd

2018-03-19 Thread Hrvoje Popovski
Hi all,

does it make sense to add acpidump to bsd.rd ?
I've tried to install snapshot on Dell R640 and installation went well
but booting stops with this error:
http://kosjenka.srce.hr/~hrvoje/zaprocvat/r640-01.jpg

i also noticed this ahci2 log while booting
http://kosjenka.srce.hr/~hrvoje/zaprocvat/r640-02.jpg

So I thought to make release and to add acpidump and maybe pcidump in
bsd.rd. Or maybe to collect acpi stuff from linux?




Re: VLAN configuration problem on 6.1 ("no route to host" on other than own IP)

2017-11-06 Thread Hrvoje Popovski
On 6.11.2017. 17:47, Andre Ruppert wrote:
> Hello @misc,
> 
> perhaps I'm stupid, but I don't see my fault in a vlan network
> configuration:
> 
> I got a OpenBSD 6.1 gateway box, connected to several switches.
> 
> On em0 I habe to serve two networks:
> 172.16.210.0  (direct em0 - no vlan)
> 172.16.211.0  (VLAN 211 tagged on em0)
> 
> 
> 
> On of my connections (em0) has a simple configuration on standard VLAN 1
> (untagged):
> 
> # ifconfig em0
> em0: flags=8b43
> mtu 1500
>     lladdr a0:36:9f:36:49:e6
>     description: sbc-ect-lan-ext
>     index 1 priority 0 llprio 3
>     media: Ethernet autoselect (1000baseT full-duplex,master)
>     status: active
>     inet 172.16.210.3 netmask 0xff00 broadcast 172.16.210.255
> 
> # cat /etc/hostname.em0
> inet 172.16.210.3 255.255.255.0 172.16.210.255 description
> "sbc-ect-lan-ext"
> 
> --
> 
> This interface also is "CARPed":
> 
> # ifconfig carp0
> carp0: flags=8843 mtu 1500
>     lladdr 00:00:5e:00:01:01
>     index 8 priority 15 llprio 3
>     carp: BACKUP carpdev em0 vhid 1 advbase 1 advskew 100
>     groups: carp
>     status: backup
>     inet 172.16.210.1 netmask 0xff00 broadcast 172.16.210.255
> 
> # cat /etc/hostname.carp0
> inet 172.16.210.1 255.255.255.0 172.16.210.255 vhid 1 carpdev em0 pass
>  advskew 100
> 
> (this gateway is the CARP slave (backup) of a pair of redundant gateways)
> 
> ---
> 
> Next: I want to have a VLAN on this interface em0:
> (the connected switch has a trunk configured this VLAN 210 (untagged)
> and VLAN 211 (tagged) - but I don't know if this information makes sense
> here)
> 
> # ifconfig vlan211
> vlan211: flags=8843 mtu 1500
>     lladdr a0:36:9f:36:49:e6
>     index 15 priority 0 llprio 3
>     vlan: 211 parent interface: em0
>     vnetid: 211
>     parent: em0
>     groups: vlan
>     status: active
>     inet 172.16.211.3 netmask 0xff00 broadcast 172.16.211.255
> 
> # cat /etc/hostname.vlan211
> inet 172.16.211.3 255.255.255.0 172.16.211.255 vlandev em0
> 
> --
> 
> corresponding routing table (excerpt):
> 
>  # netstat -nr
> Routing tables
> 
> Internet:
> Destination    Gateway    Flags   Refs  Use   Mtu  Prio
> Iface
> default    172.16.0.15    UGS    1  191 - 8
> 
> ...
> ...
> 
> 172.16.210/24  172.16.210.3   UCn    1 1094 - 4 em0
> 172.16.210/24  172.16.210.1   Cn 0    0 -    19
> carp0
> 172.16.210.1   00:00:5e:00:01:01  UHLl   0  153 - 1
> carp0
> 172.16.210.3   a0:36:9f:36:49:e6  UHLl   0  275 - 1 em0
> 172.16.210.10  00:08:25:22:50:e0  UHLc   0  158 - 3 em0
> 172.16.210.255 172.16.210.3   UHPb   0    0 - 1 em0
> 172.16.210.255 172.16.210.1   HPb    0    0 - 1
> carp0
> 172.16.211/24  172.16.211.3   UCn    0 1215 - 4
> vlan211
> 172.16.211.3   a0:36:9f:36:49:e6  UHLl   0    0 - 1
> vlan211
> 172.16.211.255 172.16.211.3   UHb    0    0 - 1
> vlan211
> 
> -
> 
> My problem:
> 
> I am only able to ping myself (VLAN 211)  - end I _don't_ think it's a
> switch problem - because I get an "no route to host" error
> # ping 172.16.211.3 # (my IP)
> PING 172.16.211.3 (172.16.211.3): 56 data bytes
> 64 bytes from 172.16.211.3: icmp_seq=0 ttl=255 time=0.153 ms
> 64 bytes from 172.16.211.3: icmp_seq=1 ttl=255 time=0.080 ms
> ...
> ...stupid but working as expected...
> 
> 
> # ping 172.16.211.2 # some other IP, same network
> PING 172.16.211.2 (172.16.211.2): 56 data bytes
> ping: sendmsg: No route to host
> ping: wrote 172.16.211.2 64 chars, ret=-1
> ping: sendmsg: No route to host
> ping: wrote 172.16.211.2 64 chars, ret=-1
> ping: sendmsg: No route to host
> ...
> 
> 
> The routing table then has added one new entry:
> 
> 172.16.211/24  172.16.211.3   UCn    1 1743 - 4
> vlan211
> 172.16.211.2   link#15    UHLc   0 1684 - 3
> vlan211  !
> 172.16.211.3   a0:36:9f:36:49:e6  UHLl   0   18 - 1
> vlan211
> 172.16.211.255 172.16.211.3   UHb    0    0 - 1
> vlan211
> 
> 
> I'm clueless and don't know how to investigate further...
> 
> In my pf.conf I tried to "temporarly annihilate" the rules on the em0
> interface ("set skip on em0"), but that didn't help
> 
> Any hints?
> 
> head-scratching regards
> 
> Andre Ruppert
> 

i think that in 6.1 vlan config is little different
in man vlan - ifconfig vlan0 parent em0 vnetid 5

if you disable pf with "pfctl -d" can you ping 

Re: ping -R causes panic

2017-10-01 Thread Hrvoje Popovski
On 20.9.2017. 23:29, Kapetanakis Giannis wrote:
> On 20/09/17 19:25, Visa Hankala wrote:
>> On Wed, Sep 20, 2017 at 02:26:56PM +0300, Kapetanakis Giannis wrote:
>>> I got this panic today after ping -R
>>> I don't run pfsync
>>>
>>> # ping -R www.google.com
>>> panic: kernel diagnostic assertion "m0->m_flags & M_PKTHDR" failed:
>>> file "/usr/src/sys/kern/uipc_mbuf.c", line 1344splassert:
>>> pfsync_update_state: want 1 have 256
>>>
>>> pStopped at  db_enter+0x5:   popq    %rbp
>>>  TID    PID    UID PRFLAGS PFLAGS  CPU  COMMAND
>>> *299140  12380 51    0x33  0    2  ping
>>>   422116  15532  0 0x14000  0x200    1  softnet
>>> db_enter() at db_enter+0x5
>>> panic() at panic+0x128
>>> __assert(81020a74,80002692f4a0,0,1) at __assert+0x24
>>> m_dup_pkt(ff010c77caf8,1,ff00baab064b) at m_dup_pkt+0x225
>>> ip_pcbopts(1,ff00baab0600) at ip_pcbopts+0x138
>>> sosetopt(ff010947b018,800026798d68,80002692f5f0,ff00baab0600)
>>> a
>>> t sosetopt+0xd0
>>> sys_setsockopt(80002692f680,690,800026798d68) at
>>> sys_setsockopt+0x13d
>>> syscall() at syscall+0x270
>>> --- syscall (number 105) ---
>>> end of kernel
>>> end trace frame: 0x7f7bf230, count: 7
>> Thank you for reporting this. A fix for the bug has been committed.
> 
> 
> Thanks for the quick fix :)
> tested and no more panic
> 
> G
> 

Hi all,

i'm not sure if visa@ diff have anything to do with this but if I execute
ping -R 192.168.11.2 it always ends with Segmentation fault.

# ping -R 192.168.11.2
PING 192.168.11.2 (192.168.11.2): 56 data bytes
64 bytes from 192.168.11.2: icmp_seq=0 ttl=64 time=0.168 ms
RR: 192.168.11.2
192.168.11.2
192.168.11.1
unknown option c0
unknown option df
unknown option df
unknown option df
unknown option df
unknown option df
unknown option df
unknown option df
unknown option df
unknown option df
Segmentation fault


this is not problem but from time to time it ends up in some loop and i
need to kill ping ... ktrace from this ping is cca 250MB :)



Re: SoC Intel Xeon D-1518 & D-1548

2017-09-10 Thread Hrvoje Popovski
On 10.9.2017. 0:46, Daniel Ouellet wrote:
> Hi,
> 
> Is there anyone that know of have one of the Intel Xeon D-1548 SoC that
> works on OpenBSD?
> 
> I know the D-1518 does, I find the DMESG in the archive, but I can't
> find anything at all on the D-1548.
> 
> Any clue.
> 
> Here is the D-1518
> https://marc.info/?l=openbsd-misc=146236157518744=2
> 
> I am asking as I am very much interested in testing this:
> 
> http://www.lannerinc.com/network-appliances/x86-rackmount-network-appliances/?option=com_content=article=1680:nca-4010=25:rackmount
> 
> Many thanks in advance for your time!
> 
> Daniel
> 

Hi,

below you can find 6.1-stable dmesg from this box
https://www.supermicro.nl/products/motherboard/Xeon/D/X10SDV-F.cfm

it's not 1548 but it's close enough and it works like a charm



OpenBSD 6.1 (GENERIC.MP) #19: Thu Aug  3 14:59:44 CEST 2017

rob...@syspatch-61-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17055698944 (16265MB)
avail mem = 16534110208 (15768MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xeb000 (39 entries)
bios0: vendor American Megatrends Inc. version "1.2" date 04/21/2017
bios0: Supermicro Super Server
acpi0 at bios0: rev 2
acpi0: sleep states S0 S4 S5
acpi0: tables DSDT FACP APIC FPDT FIDT SPMI MCFG UEFI DBG2 HPET WDDT
SSDT BGRT SSDT SSDT PRAD DMAR HEST BERT ERST EINJ
acpi0: wakeup devices IP2P(S4) EHC1(S4) EHC2(S4) RP01(S4) RP02(S4)
RP03(S4) RP04(S4) RP05(S4) RP06(S4) RP07(S4) RP08(S4) BR1A(S4) BR1B(S4)
BR2A(S4) BR2B(S4) BR2C(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU D-1541 @ 2.10GHz, 2100.28 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,RDSEED,ADX,SMAP,PT,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: TSC frequency 2100280480 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Xeon(R) CPU D-1541 @ 2.10GHz, 2100.00 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,RDSEED,ADX,SMAP,PT,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: failed to identify
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Xeon(R) CPU D-1541 @ 2.10GHz, 2100.00 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,RDSEED,ADX,SMAP,PT,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: failed to identify
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Xeon(R) CPU D-1541 @ 2.10GHz, 2100.00 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,RDSEED,ADX,SMAP,PT,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: failed to identify
cpu3: smt 0, core 3, package 0
cpu4 at mainbus0: apid 8 (application processor)
cpu4: Intel(R) Xeon(R) CPU D-1541 @ 2.10GHz, 2100.00 MHz
cpu4:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,RDSEED,ADX,SMAP,PT,SENSOR,ARAT
cpu4: 256KB 64b/line 8-way L2 cache
cpu4: failed to identify
cpu4: smt 0, core 4, package 0
cpu5 at mainbus0: apid 10 (application processor)
cpu5: Intel(R) Xeon(R) CPU D-1541 @ 2.10GHz, 2100.00 MHz
cpu5:

Re: OpenBSD-based ISP

2017-08-17 Thread Hrvoje Popovski
On 17.8.2017. 21:56, Juan Guillermo Narvaez wrote:
> Sure Hrvoje, I'm applying every config and looking the performance
> improvement. I will post my final configuration when finish.
> 
> Thanks!
> 

If you do not filter anything on the internal interfaces in pf.conf you
could skip them

set skip on { lo bge1 vlan123 vlan124 }


> On Thu, Aug 17, 2017 at 4:45 PM, Hrvoje Popovski <hrv...@srce.hr> wrote:
> 
>> On 17.8.2017. 21:23, Juan Guillermo Narvaez wrote:
>>> This is the dmesg.boot.
>>
>> nice box with nice cpu and interfaces ... :)
>>
>> if you can, disable Hyper Threading ..
>>
>>> In pf.conf:
>>> set debug notice
>>
>> default is error
>>
>> when you do all that what people have told you, i would be interested if
>> you see some performance improvement?
>>
>>
>>
>>> On Thu, Aug 17, 2017 at 3:46 PM, Hrvoje Popovski <hrv...@srce.hr> wrote:
>>>
>>>> On 17.8.2017. 17:13, Chris Cappuccio wrote:
>>>>> Juan Guillermo Narvaez [guille...@nrvz.net] wrote:
>>>>>> # sysctl | grep ifq
>>>>>> net.inet.ip.ifq.len=0
>>>>>> net.inet.ip.ifq.maxlen=1024
>>>>>> net.inet.ip.ifq.drops=46068291
>>>>>> net.inet6.ip6.ifq.len=0
>>>>>> net.inet6.ip6.ifq.maxlen=256
>>>>>> net.inet6.ip6.ifq.drops=0
>>>>>>
>>>>>
>>>>> The drops are high. You probably want a higher maxlen. I use 8192 on
>> busy
>>>>> forwarding boxes.
>>>>>
>>>>>> # cat sysctl.conf
>>>>>> net.inet.ip.forwarding=1
>>>>>> kern.bufcachepercent=90
>>>>>> net.ip.ifq.maxlen=1024
>>>>>>
>>>>>
>>>>> You want net.inet.ip.ifq.maxlen=8192 not 'net.ip.ifq.maxlen=1024'
>>>>>
>>>>
>>>> besides what chris told you maybe you could silence pf logging... your
>>>> dmesg is full of pf logs, maybe you have pf debuging enabled?
>>>>
>>>> please send cat /var/run/dmesg.boot inline just to see which version of
>>>> openbsd your running and on which hardware ...
>>>>
>>>> and set your pf states to some big number.. set limit states 10 or
>>>> something like that ..
>>>>
>>>> and of course run at least openbsd 6.1 or if you brave enough run
>>>> -current 
>>>>
>>>> just side note, openbsd on E5-2643 v2 @ 3.50GHz from around February
>>>> 2017 had plain forwarding performance of 1.4Mpps and openbsd from today
>>>> on same box can forward cca 1.7Mpps ...
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>
>>
> 
> 



Re: OpenBSD-based ISP

2017-08-17 Thread Hrvoje Popovski
On 17.8.2017. 21:23, Juan Guillermo Narvaez wrote:
> This is the dmesg.boot.

nice box with nice cpu and interfaces ... :)

if you can, disable Hyper Threading ..

> In pf.conf:
> set debug notice

default is error

when you do all that what people have told you, i would be interested if
you see some performance improvement?



> On Thu, Aug 17, 2017 at 3:46 PM, Hrvoje Popovski <hrv...@srce.hr> wrote:
> 
>> On 17.8.2017. 17:13, Chris Cappuccio wrote:
>>> Juan Guillermo Narvaez [guille...@nrvz.net] wrote:
>>>> # sysctl | grep ifq
>>>> net.inet.ip.ifq.len=0
>>>> net.inet.ip.ifq.maxlen=1024
>>>> net.inet.ip.ifq.drops=46068291
>>>> net.inet6.ip6.ifq.len=0
>>>> net.inet6.ip6.ifq.maxlen=256
>>>> net.inet6.ip6.ifq.drops=0
>>>>
>>>
>>> The drops are high. You probably want a higher maxlen. I use 8192 on busy
>>> forwarding boxes.
>>>
>>>> # cat sysctl.conf
>>>> net.inet.ip.forwarding=1
>>>> kern.bufcachepercent=90
>>>> net.ip.ifq.maxlen=1024
>>>>
>>>
>>> You want net.inet.ip.ifq.maxlen=8192 not 'net.ip.ifq.maxlen=1024'
>>>
>>
>> besides what chris told you maybe you could silence pf logging... your
>> dmesg is full of pf logs, maybe you have pf debuging enabled?
>>
>> please send cat /var/run/dmesg.boot inline just to see which version of
>> openbsd your running and on which hardware ...
>>
>> and set your pf states to some big number.. set limit states 10 or
>> something like that ..
>>
>> and of course run at least openbsd 6.1 or if you brave enough run
>> -current 
>>
>> just side note, openbsd on E5-2643 v2 @ 3.50GHz from around February
>> 2017 had plain forwarding performance of 1.4Mpps and openbsd from today
>> on same box can forward cca 1.7Mpps ...
>>
>>
>>
>>
>>
>>
> 
> 



Re: OpenBSD-based ISP

2017-08-17 Thread Hrvoje Popovski
On 17.8.2017. 17:13, Chris Cappuccio wrote:
> Juan Guillermo Narvaez [guille...@nrvz.net] wrote:
>> # sysctl | grep ifq
>> net.inet.ip.ifq.len=0
>> net.inet.ip.ifq.maxlen=1024
>> net.inet.ip.ifq.drops=46068291
>> net.inet6.ip6.ifq.len=0
>> net.inet6.ip6.ifq.maxlen=256
>> net.inet6.ip6.ifq.drops=0
>>
> 
> The drops are high. You probably want a higher maxlen. I use 8192 on busy 
> forwarding boxes.
> 
>> # cat sysctl.conf
>> net.inet.ip.forwarding=1
>> kern.bufcachepercent=90
>> net.ip.ifq.maxlen=1024
>>
> 
> You want net.inet.ip.ifq.maxlen=8192 not 'net.ip.ifq.maxlen=1024'
> 

besides what chris told you maybe you could silence pf logging... your
dmesg is full of pf logs, maybe you have pf debuging enabled?

please send cat /var/run/dmesg.boot inline just to see which version of
openbsd your running and on which hardware ...

and set your pf states to some big number.. set limit states 10 or
something like that ..

and of course run at least openbsd 6.1 or if you brave enough run
-current 

just side note, openbsd on E5-2643 v2 @ 3.50GHz from around February
2017 had plain forwarding performance of 1.4Mpps and openbsd from today
on same box can forward cca 1.7Mpps ...







Re: OpenBSD-based ISP

2017-08-16 Thread Hrvoje Popovski
On 16.8.2017. 19:55, Juan Guillermo Narvaez wrote:
> Hello everyone!
> 
> I'm relative new using OpenBSD, I have just 4 years using this OS for dhcp
> servers.
> Today I have the mission of implement this OS in a cablemodem headend, in
> my first try I get negative results with this rules:
> 
> *pass all flags S/SA*
> 
> *#LAN*
> *match out log on bge0 inet from 192.168.254.0/24 
> to any nat-to 200.91.35.55*
> *pass on bge0 inet from 192.168.254.0/24  to any
> flags S/SA*
> *#CPE Network*
> *match out on bge0 inet from 172.21.0.0/19  to any
> nat-to 200.91.35.55*
> *pass on bge0 inet from 172.21.0.0/19  to any flags
> S/SA*
> 
> This is a basic PF that I use for this try, the CPE network has 900 active
> customers.
> When I put the whole customer network traffic through my OpenBSD router the
> traffic tend to fall slowly and the LAN network is really slow too. I read
> about a lot of 'tweaks' the high performance configurations but I think
> that OpenBSD can handle 400mbps without tweaking.
> 
> I'm wrong?
> What am I doing bad?
> 
> Thank you!
> 
> 
> 
> 

could you send dmesg, cat /etc/sysctl.conf and sysctl | grep ifq

i'm having 2 old Dell R610 with 2 x E5630 cpu and bcm5709 nic's in very
standard pf,carp,pfsync,pflow setup and on top of that i'm logging
everything. boxes are doing cca 100k states and having around 2k hosts
behind them ... of course that i'm running -current :)



Re: Gbit performance parameters

2017-07-13 Thread Hrvoje Popovski
On 13.7.2017. 0:26, Per-Olov Sjöholm wrote:
> I increased net.inet.ip.ifq.maxlen  in steps of 256… I had to increase the 
> net.inet.ip.ifq.maxlen 9 times to 2309 for the net.inet.ip.ifq.drops to stop 
> increasing. At a maxlen of 2309 the drops stopped completley. But all values 
> of  net.inet.ip.ifq.maxlen higher than 756 did not give any performance boost 
> (well… Not that I could see). At maxlen of 756 and over, the below output 
> represents the average tests very well when testing against the ISP test 
> servers.  Yes I love my OpenBSD FW :)  :) :)


maybe this sysctls would give better performance?

kern.pool_debug=0
net.inet.ip.ifq.maxlen=8192

or update to latest current and if you're brave enough compile kernel
with "option WITH_PF_LOCK"



Re: solidrun marvell macchiatobin

2017-05-31 Thread Hrvoje Popovski
On 31.5.2017. 23:17, Patrick Wildt wrote:
> Are you following my Twitter or what? ;)  I just posted a picture
> of that board, arrived on the doorsteps today.  I'll be having a
> look.

perfect box for MP firewall :)



solidrun marvell macchiatobin

2017-05-31 Thread Hrvoje Popovski
Hi arm gurus,

does openbsd support solid-run marvell armada family boards?

primary this little cute firewall :)

https://www.solid-run.com/marvell-armada-family/armada-8040-community-board/


if there are any interest in this box i'm willing to donate it for
development ..




ipsec.conf

2017-05-26 Thread Hrvoje Popovski
Hi all,

i having ipsec.conf like this:

ike esp from 10.200.136.0/21 to any \
local 10.64.135.246 peer 10.4.57.68 \
main auth hmac-sha1 enc aes group modp1024 \
quick auth hmac-sha1 enc aes group modp1024 \
psk b9278b3051cd17674305833971c22b11514eac51


and with ipsecctl -nvf ipsec.conf i'm getting

C add
[phase1-peer-10.4.57.68-local-10.64.135.246]:Transforms=phase1-transform-peer-10.4.57.68-local-10.64.135.246-RSA_SIG-SHA-AES128-MODP_3072
force

C set
[phase2-protocol-from-10.200.136.0/21-to-0.0.0.0/0]:Transforms=phase2-transform-from-10.200.136.0/21-to-0.0.0.0/0-AES128-SHA2_256-MODP_3072-TUNNEL
force

full output of ipsecctl -nvf in attachment


but if i put psk before "main auth ..."  i'm getting:


C add
[phase1-peer-10.4.57.68-local-10.64.135.246]:Transforms=phase1-transform-peer-10.4.57.68-local-10.64.135.246-PRE_SHARED-SHA-AES128-MODP_3072
force

C set
[phase2-protocol-from-10.200.136.0/21-to-0.0.0.0/0]:Transforms=phase2-transform-from-10.200.136.0/21-to-0.0.0.0/0-AES128-SHA2_256-MODP_3072-TUNNEL
force


but still i'm getting AES128-SHA2_256-MODP_3072 although i configured
modp1024 or modp4096 and sha1 


am i doing something wrong here?



OpenBSD 6.1-current (GENERIC.MP) #10: Sun May 21 15:47:29 CEST 2017
hrv...@x3550m4.srce.hr:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 34314383360 (32724MB)
avail mem = 33268629504 (31727MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0x7e67b000 (84 entries)
bios0: vendor IBM version "-[D7E156DUS-2.30]-" date 11/09/2016
bios0: IBM IBM System x3550 M4 -[791425Z]-
acpi0 at bios0: rev 2
acpi0: sleep states S0 S5
acpi0: tables DSDT FACP TCPA ERST HEST HPET APIC MCFG OEM0 OEM1 SLIT
SRAT SLIC SSDT SSDT SSDT SSDT DMAR
acpi0: wakeup devices MRP1(S4) DCC0(S4) MRP3(S4) MRP5(S4) EHC2(S5)
PEX0(S5) PEX7(S5) EHC1(S5) IP2P(S3) MRPB(S4) MRPC(S4) MRPD(S4) MRPF(S4)
MRPG(S4) MRPH(S4) MRPI(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz, 2100.31 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: TSC frequency 2100305700 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz, 2099.99 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz, 2099.99 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz, 2099.99 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 3, package 0
cpu4 at mainbus0: apid 8 (application processor)
cpu4: Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz, 2099.99 MHz
cpu4:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu4: 256KB 64b/line 8-way L2 cache
cpu4: smt 0, core 4, package 0
cpu5 at mainbus0: apid 10 (application processor)
cpu5: Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz, 2099.99 MHz
cpu5:

Re: isakmpd listen address

2017-05-25 Thread Hrvoje Popovski
On 25.5.2017. 20:46, mabi wrote:
> Hello,
> I can't seem to find an option in isakmpd in order to have it listen only on 
> one interface or IP address respectively. Is there an option for that I am 
> not aware of? I just saw the -p option but that's for the port number.
> Thanks,
> M.
> 

Hi,

create isakmpd.conf file

# ls -apl /etc/isakmpd/isakmpd.conf
-rw---  1 root  wheel  31 Oct 29  2015 /etc/isakmpd/isakmpd.conf


and edit like this:

# cat /etc/isakmpd/isakmpd.conf
[general]
Listen-on   =em0


man isakmpd.conf



Van Jacobson network channels

2017-04-03 Thread Hrvoje Popovski
Hi all,

i'm reading some networking stuff and I saw Van Jacobson presentation
about net channels concept.
For me, as user that doesn't know net internals, this presentation seems
quite reasonable.

Beside that it's about linux network stack, what net gurus think about
VJ net channels ?

http://www.lemis.com/grog/Documentation/vj/lca06vj.pdf



Re: splassert: yield message on 5 Feb snapshot (amd64)

2017-02-08 Thread Hrvoje Popovski
On 8.2.2017. 17:51, Scott Vanderbilt wrote:
> Updated a machine to latest (5 Feb.) snapshot of amd64. I'm now seeing
> the following message after booting that I've not recalled seeing before:
> 
>splassert: yield: want 0 have 1


add sysctl kern.splassert=2 ...



Re: Kernel panic after upgrade -CURRENT

2017-01-28 Thread Hrvoje Popovski
On 29.1.2017. 4:13, kayasaman wrote:
> Hi,
> A very strange issue...
> After the previous update of CURRENT I started to have issues with ftpproxy 
> not loading some directories, an example being shrubbery.net rancid directory.
> Today I attempted an upgrade to see if that might kick things into gear and 
> now my OBSD machine won't boot and Kernel panics upon starting network 
> services.
> Here is an image of the hang:
> https://www.dropbox.com/s/74e5mjg7sn8jrck/20170129_025823.jpg?dl=0
> As instructed by the terminal I read through:
> https://www.openbsd.org/ddb.html
> However, I am unable to input anything on the keyboard post hang?? Basically 
> my keyboard becomes unresponsive and any key pressed does nothing.
> I am able to boot into Single User mode without panic but that's about it.
> What can I do to resolve this? Or what more info could I provide that is 
> useful, considering that I am unable to run any ddb commands??
> Thanks.
> Kaya 
> 
> 
> Sent from my Samsung Galaxy smartphone.
> 

Hi,

send this report to b...@openbsd.org. Please see this mail thread

https://www.mail-archive.com/tech@openbsd.org/msg36980.html



Re: Hardware recommendations for compact 1U firewall

2016-12-22 Thread Hrvoje Popovski
On 22.12.2016. 2:17, Predrag Punosevac wrote:
> As promissed in one of my earlier e-mails. OpenBSD 6.0 dmesg for
> SYS-5018A-FTN4


thank you ...



Re: Hardware recommendations for compact 1U firewall

2016-12-15 Thread Hrvoje Popovski
On 15.12.2016. 20:45, Bryan Vyhmeister wrote:
> There is no support for Intel QAT (sometimes called Quick Assist) in
> OpenBSD and that's not likely to change anytime soon. Some support is
> supposedly coming to FreeBSD (by way of pfSense and some commerical
> sponsorship or something) but I have not seen anything recently about
> that.

tnx for dmesg and info ...



Re: Hardware recommendations for compact 1U firewall

2016-12-15 Thread Hrvoje Popovski
On 15.12.2016. 12:30, Stuart Henderson wrote:
> If you want to cut down on weight+noise at the expense of more cost
> and a less powerful cpu, maybe APU2 in a 1U case or something like
> supermicro SYS-5018A-FTN4.

has anyone dmesg from SYS-5018A-FTN4 box? i'm interesting in intel qat

thank you ...



Re: Routing 10-40 Mpps on OpenBSD

2016-09-11 Thread Hrvoje Popovski
On 11.9.2016. 19:17, K wrote:
> All,
> 
> This message is a call for people who are interested to benchmark commodity
> hardware with the goal of pushing as much PPS as possible through OpenBSD.
> The initial target is to reach 10 Mpps at 64 bytes (or more precisely 84
> bytes with interpacket gap) and if the experiment proves to be successful,
> we would then aim at 40+ Mpps.
> 
> The ultimate goal of this experiment is to build and share with the
> community a recognized hardware configuration that provides a good ground
> for real-world traffic at a typical small ISP.
> 
> We couldn't find such information online. In our case, the final setup
> would be two routers, each with two 10 Gbps uplink to upstreams Internet
> providers and an OSPF and iBGP connection between them. The software
> stack would be based on OpenBSD, OpenBGPD and OpenOSPFD. There is no
> commercial idea around the finding of this experiment.
> 
> While our budget is not unlimited and privately funded (by individuals),
> we are open to hear what hardware specifications people on this list
> would be interested to see. At the moment, we aim for this:
> 
> CPUs: Intel Xeon CPU E5-2697v2, E5-2667v2, E5-2680v3, E5-2640v3
> Intel NICs: Intel 82599ES, X520, X540-{T1/T2/AT2}, 85595, 82598,
> AF/82598, AT/82598, EB/82599, EB/82599 EN
> Chelsio NIcs: Chelsio T540-CR (although not sure there is an OpenBSD driver)
> 
> If you consider other hardware options, please feel free to reply and let us 
> know.
> We surely will not be testing all these configurations, we will most likely 
> pick on
> CPU from the list and 2-3 NICs from the list as well. This experiment might 
> be also
> taken to FreeBSD for comparison. If necessary, we consider sending this
> configuration in a test center with Spirent hardware to validate this.
> 
> Feedbacks, questions, remarks, doubts, irony, are all welcome :-)
> 
> Cheers.
> 

Hi,

if you are optimist like me buy 2 socket box with intel 82599 cards
and with more than 200MB of RAM which is enough for one full BGP feed :)

At first i would buy one 8-core CPU with higher GHz as i can, and when,
and this is optimistic part :), openbsd gets multiqueue ix stuff and RSS
on top of it i would buy second 8-core CPU because it seems that 82599
is having 16 RSS queues.

For now you can get max 1Mpps with only plain routing without any pseudo
interfaces or pf.



Re: openbgpd blackhole community

2016-07-25 Thread Hrvoje Popovski
On 21.7.2016. 11:12, Claudio Jeker wrote:
> Just use "community BLACKHOLE" instead of 65535:666 and it will work.
> 

thank you guys



openbgpd blackhole community

2016-07-20 Thread Hrvoje Popovski
Hi all,

here at CIX we want to implement BLACKHOLE based on
https://tools.ietf.org/html/draft-ietf-grow-blackholing

presentation
https://www.ietf.org/proceedings/94/slides/slides-94-grow-1.pdf

Recommendation is to have Blackhole BGP Community: 65535:666, but when
configure that community i'm getting "Bad community AS number".

Is there any problem to allow 65535 in community ?


configuration:

AS 65005
router-id 10.192.192.124
listen on 10.192.192.124
holdtime 180
holdtime min 3
fib-update no
log updates
nexthop qualify via bgp
transparent-as yes

group rsip4 {
local-address 10.192.192.124
announce IPv6 none
announce IPv4 unicast
set nexthop no-modify
enforce neighbor-as yes
announce all
neighbor 10.192.192.65 {
remote-as   123
max-prefix 1024 restart 5
passive
}
neighbor 10.192.192.87 {
remote-as   124
max-prefix 1024 restart 5
passive
}
neighbor 10.192.192.66 {
remote-as   125
max-prefix 1024 restart 5
passive
}
}

deny from any inet prefixlen 8 >< 24
allow from any inet prefixlen 16 - 32 community 65535:666

match from any community 65535:666 set nexthop 10.192.192.90
match from any set community 65005:65000

deny to group rsip4 community 65005:65000
deny to group rsip4 community 0:65005
allow to group rsip4 community 65005:65005
deny to group rsip4 community 0:neighbor-as
allow to group rsip4 community 65005:neighbor-as

match to group rsip4 prefix 10.192.192.64/26 set prepend-self 1



Re: Xeon-D 10GE nics

2016-06-06 Thread Hrvoje Popovski
On 14.4.2016. 9:29, Jonathan Gray wrote:
> On Tue, Apr 12, 2016 at 01:15:49PM +, Stuart Henderson wrote:
>> Does anyone know if the 10GE NICs on Xeon-D SoCs work on OpenBSD yet?
>> e.g. "Dual 10G SFP+ from D-1500 SoC" on Supermicro SYS-5018D-FN8T.
>>
> 
> The windows driver has:
> 
> 0x10a6 "Intel(R) X552 Multi-Function Network Device"
> 0x15ad "Intel(R) Ethernet Connection X552/X557-AT 10GBASE-T"
> 
> 0x15ad is IXGBE_DEV_ID_X550EM_X_10G_T in FreeBSD.
> 
> So someone needs to do another merge of the Intel code in FreeBSD for it
> to work with ix(4).
> 

If anyone is willing to port this 10GbE adapters to openbsd i am willing
to give full access to Supermicro SYS-5018D-FN8T box.



Re: Xeon-D 10GE nics

2016-05-04 Thread Hrvoje Popovski
On 12.4.2016. 15:15, Stuart Henderson wrote:
> Does anyone know if the 10GE NICs on Xeon-D SoCs work on OpenBSD yet?
> e.g. "Dual 10G SFP+ from D-1500 SoC" on Supermicro SYS-5018D-FN8T.
> 


Hi,

dmesg for

https://www.supermicro.nl/products/motherboard/Xeon/D/X10SDV-TP8F.cfm

OpenBSD 5.9-current (GENERIC.MP) #2003: Tue May  3 13:58:33 MDT 2016
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17054797824 (16264MB)
avail mem = 16533319680 (15767MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xed9b0 (54 entries)
bios0: vendor American Megatrends Inc. version "T20160314212014" date
03/14/2016
bios0: Supermicro Super Server
acpi0 at bios0: rev 2
acpi0: sleep states S0 S4 S5
acpi0: tables DSDT FACP APIC FPDT FIDT SPMI MCFG UEFI DBG2 HPET WDDT
SSDT SSDT SSDT PRAD DMAR HEST BERT ERST EINJ
acpi0: wakeup devices IP2P(S4) XHCI(S4) EHC1(S4) EHC2(S4) RP07(S4)
RP08(S4) BR1A(S4) BR1B(S4) BR2A(S4) BR2B(S4) BR2C(S4) BR2D(S4) BR3A(S4)
BR3B(S4) BR3C(S4) BR3D(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU D-1518 @ 2.20GHz, 2200.28 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,RDSEED,ADX,SMAP,PT,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Xeon(R) CPU D-1518 @ 2.20GHz, 2200.00 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,RDSEED,ADX,SMAP,PT,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Xeon(R) CPU D-1518 @ 2.20GHz, 2200.00 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,RDSEED,ADX,SMAP,PT,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Xeon(R) CPU D-1518 @ 2.20GHz, 2200.00 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,RDSEED,ADX,SMAP,PT,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 3, package 0
cpu4 at mainbus0: apid 1 (application processor)
cpu4: Intel(R) Xeon(R) CPU D-1518 @ 2.20GHz, 2200.00 MHz
cpu4:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,RDSEED,ADX,SMAP,PT,SENSOR,ARAT
cpu4: 256KB 64b/line 8-way L2 cache
cpu4: smt 1, core 0, package 0
cpu5 at mainbus0: apid 3 (application processor)
cpu5: Intel(R) Xeon(R) CPU D-1518 @ 2.20GHz, 2200.00 MHz
cpu5:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,FMA3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,PQM,RDSEED,ADX,SMAP,PT,SENSOR,ARAT
cpu5: 256KB 64b/line 8-way L2 cache
cpu5: smt 1, core 1, package 0
cpu6 at mainbus0: apid 5 (application processor)
cpu6: Intel(R) Xeon(R) CPU D-1518 @ 2.20GHz, 2200.00 MHz
cpu6:

Re: recommendations for 10GBase Ethernet on OpenBSD

2016-04-08 Thread Hrvoje Popovski
On 8.4.2016. 16:22, Steiner Peter wrote:
> hello,
> 
> i'm looking for recommendations for 10GBase SFP+ network adapters,
> anyone has experience with 10G Ethernet on OpenBSD?
> 
> i found dual SFP+ PCIe devices with the following drivers:
> ix - Intel 82598/82599/X540 PCI Express 10Gb Ethernet device
> ixgb - Intel PRO/10GbE 10Gb Ethernet device
> myx - Myricom Myri-10G PCI Express 10Gb Ethernet device
> oce - Emulex OneConnect 10Gb Ethernet device

i would go with ix 82955 or x520

http://undeadly.org/cgi?action=article=20160302155046



kernel compile error

2015-12-28 Thread Hrvoje Popovski
Hi,

after fetching source from cvs at 23:40 CET i'm getting this error
whilte comliling kernel.



cc  -Werror -Wall -Wimplicit-function-declaration  -Wno-main
-Wno-uninitialized  -Wframe-larger-than=2047 -mcmode
l=kernel -mno-red-zone -mno-sse2 -mno-sse -mno-3dnow  -mno-mmx
-msoft-float -fno-omit-frame-pointer -fno-builtin-
printf -fno-builtin-snprintf  -fno-builtin-vsnprintf -fno-builtin-log
-fno-builtin-log2 -fno-builtin-malloc -fno
-pie -O2 -pipe -nostdinc -I../../../.. -I. -I../../../../arch -DDDB
-DDIAGNOSTIC -DKTRACE -DACCOUNTING -DKMEMSTAT
S -DPTRACE -DPOOL_DEBUG -DCRYPTO -DSYSVMSG -DSYSVSEM -DSYSVSHM
-DUVM_SWAP_ENCRYPT -DFFS -DFFS2 -DFFS_SOFTUPDATES
-DUFS_DIRHASH -DQUOTA -DEXT2FS -DMFS -DNFSCLIENT -DNFSSERVER -DCD9660
-DUDF -DMSDOSFS -DFIFO -DTMPFS -DFUSE -DSOC
KET_SPLICE -DTCP_SACK -DTCP_ECN -DTCP_SIGNATURE -DINET6 -DIPSEC
-DPPP_BSDCOMP -DPPP_DEFLATE -DPIPEX -DMROUTING -D
MPLS -DBOOT_CONFIG -DUSER_PCICONF -DAPERTURE -DMTRR -DNTFS -DHIBERNATE
-DPCIVERBOSE -DUSBVERBOSE -DWSDISPLAY_COMP
AT_USL -DWSDISPLAY_COMPAT_RAWKBD -DWSDISPLAY_DEFAULTSCREENS="6"
-DWSDISPLAY_COMPAT_PCVT -DX86EMU -DONEWIREVERBOSE
 -DMULTIPROCESSOR -DMAXUSERS=80 -D_KERNEL -MD -MP  -c
../../../../dev/pci/vga_pci_common.c
{standard input}: Assembler messages:
{standard input}:254: Error: no such instruction: `rdseed %rbx'
*** Error 1 in target 'cpu.o'
*** Error 1 in /usr/src/sys/arch/amd64/compile/GENERIC.MP (Makefile:938
'cpu.o')



Re: kernel compile error

2015-12-28 Thread Hrvoje Popovski
On 28.12.2015. 23:44, Hrvoje Popovski wrote:
> Hi,
> 
> after fetching source from cvs at 23:40 CET i'm getting this error
> whilte comliling kernel.
> 
> 
> 
> cc  -Werror -Wall -Wimplicit-function-declaration  -Wno-main
> -Wno-uninitialized  -Wframe-larger-than=2047 -mcmode
> l=kernel -mno-red-zone -mno-sse2 -mno-sse -mno-3dnow  -mno-mmx
> -msoft-float -fno-omit-frame-pointer -fno-builtin-
> printf -fno-builtin-snprintf  -fno-builtin-vsnprintf -fno-builtin-log
> -fno-builtin-log2 -fno-builtin-malloc -fno
> -pie -O2 -pipe -nostdinc -I../../../.. -I. -I../../../../arch -DDDB
> -DDIAGNOSTIC -DKTRACE -DACCOUNTING -DKMEMSTAT
> S -DPTRACE -DPOOL_DEBUG -DCRYPTO -DSYSVMSG -DSYSVSEM -DSYSVSHM
> -DUVM_SWAP_ENCRYPT -DFFS -DFFS2 -DFFS_SOFTUPDATES
> -DUFS_DIRHASH -DQUOTA -DEXT2FS -DMFS -DNFSCLIENT -DNFSSERVER -DCD9660
> -DUDF -DMSDOSFS -DFIFO -DTMPFS -DFUSE -DSOC
> KET_SPLICE -DTCP_SACK -DTCP_ECN -DTCP_SIGNATURE -DINET6 -DIPSEC
> -DPPP_BSDCOMP -DPPP_DEFLATE -DPIPEX -DMROUTING -D
> MPLS -DBOOT_CONFIG -DUSER_PCICONF -DAPERTURE -DMTRR -DNTFS -DHIBERNATE
> -DPCIVERBOSE -DUSBVERBOSE -DWSDISPLAY_COMP
> AT_USL -DWSDISPLAY_COMPAT_RAWKBD -DWSDISPLAY_DEFAULTSCREENS="6"
> -DWSDISPLAY_COMPAT_PCVT -DX86EMU -DONEWIREVERBOSE
>  -DMULTIPROCESSOR -DMAXUSERS=80 -D_KERNEL -MD -MP  -c
> ../../../../dev/pci/vga_pci_common.c
> {standard input}: Assembler messages:
> {standard input}:254: Error: no such instruction: `rdseed %rbx'
> *** Error 1 in target 'cpu.o'
> *** Error 1 in /usr/src/sys/arch/amd64/compile/GENERIC.MP (Makefile:938
> 'cpu.o')
> 
> 
> 
> 


please ignore .. everything what i need to know is here
http://www.openbsd.org/faq/current.html
under
2015/12/27 - amd64 and i386 support for rdseed instruction



unlocking em - unable to fill any rx descriptors

2015-10-07 Thread Hrvoje Popovski
Hi all,

i have fairly simple setup with receiver connected to em2 and sender
connected to em3. Both em are Intel I350. Setup is without pf with these
sysctls:

kern.pool_debug=1
   net.inet.ip.forwarding=1
net.inet.ip.ifq.maxlen=8192
ddb.console=1

with if_em.c revisions 1.307 and 1.306 i can trigger
em2: unable to fill any rx descriptors
when doing ifconfig em2 down/up (receiver side) while generating
traffic. i can't trigger this with ifconfig em3 down/up (sender side) or
destroying bridge and enabling it. this is reproducible.

with bridged setup when doing ifconfig em2 down/up i'm getting rx
descriptors log and bridge stops bridging traffic until doing this:
stop generating traffic
ifconfig em2 down
ifconfig em3 down
ifconfig bridge0 destroy
ifconfig em2 up
ifconfig em3 up
sh netstart bridge0
start generating traffic


with routed setup when doing ifconfig em2 down/up traffic is not
forwarded until
stop generating traffic
ifconfig em2 down
ifconfig em2 up
start generating traffic


with if_em.c revisions 1.305 and if_em.h revision 1.57 i can't trigger
rx descriptors log and bridge starts to bridge traffic almost instantly
when doing ifconfig em2 up


i am willing to debug this further but i don't know how...


OpenBSD 5.8-current (GENERIC.MP) #3: Thu Oct  8 00:34:55 CEST 2015
r...@.srce.hr:/usr/src/sys/arch/amd64/compile/GENERIC.MP
RTC BIOS diagnostic error 80
real mem = 34314596352 (32724MB)
avail mem = 33270505472 (31729MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0x7e67c000 (84 entries)
bios0: vendor IBM version "-[D7E146CUS-1.82]-" date 04/09/2015
bios0: IBM IBM System x3550 M4 Server -[7914T91]-
acpi0 at bios0: rev 2
acpi0: sleep states S0 S5
acpi0: tables DSDT FACP TCPA ERST HEST HPET APIC MCFG OEM1 SLIT SLIC
SSDT SSDT SSDT SSDT DMAR
acpi0: wakeup devices MRP1(S4) DCC0(S4) MRP3(S4) MRP5(S4) EHC2(S5)
PEX0(S5) PEX7(S5) EHC1(S5) IP2P(S3) MRPB(S4) MRPC(S4) MRPD(S4) MRPF(S4)
MRPG(S4) MRPH(S4) MRPI(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz, 2400.35 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz, 2399.99 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz, 2399.99 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz, 2399.99 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 3, package 0
cpu4 at mainbus0: apid 8 (application processor)
cpu4: Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz, 2399.99 MHz
cpu4:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu4: 256KB 64b/line 8-way L2 cache
cpu4: smt 0, core 4, package 0
cpu5 at mainbus0: apid 10 (application processor)
cpu5: Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz, 2399.99 MHz
cpu5:

kernel compile error

2015-09-11 Thread Hrvoje Popovski
cvs update from half an hour ago ...

log:

cc  -Werror -Wall -Wimplicit-function-declaration  -Wno-main
-Wno-uninitialized  -Wframe-larger-than=2047 -mcmodel=kernel
-mno-red-zone -mno-sse2 -mno-sse -mno-3dnow  -mno-mmx -msoft-float
-fno-omit-frame-pointer -fno-builtin-printf -fno-builtin-snprintf
-fno-builtin-vsnprintf -fno-builtin-log  -fno-builtin-log2
-fno-builtin-malloc -fno-pie -O2 -pipe -nostdinc -I../../../.. -I.
-I../../../../arch -DDDB -DDIAGNOSTIC -DKTRACE -DACCOUNTING -DKMEMSTATS
-DPTRACE -DPOOL_DEBUG -DCRYPTO -DSYSVMSG -DSYSVSEM -DSYSVSHM
-DUVM_SWAP_ENCRYPT -DFFS -DFFS2 -DFFS_SOFTUPDATES -DUFS_DIRHASH -DQUOTA
-DEXT2FS -DMFS -DNFSCLIENT -DNFSSERVER -DCD9660 -DUDF -DMSDOSFS -DFIFO
-DTMPFS -DFUSE -DSOCKET_SPLICE -DTCP_SACK -DTCP_ECN -DTCP_SIGNATURE
-DINET6 -DIPSEC -DPPP_BSDCOMP -DPPP_DEFLATE -DPIPEX -DMROUTING -DMPLS
-DBOOT_CONFIG -DUSER_PCICONF -DAPERTURE -DMTRR -DNTFS -DHIBERNATE
-DPCIVERBOSE -DUSBVERBOSE -DWSDISPLAY_COMPAT_USL
-DWSDISPLAY_COMPAT_RAWKBD -DWSDISPLAY_DEFAULTSCREENS="6"
-DWSDISPLAY_COMPAT_PCVT -DX86EMU -DONEWIREVERBOSE -DMULTIPROCESSOR
-DMAXUSERS=80 -D_KERNEL -MD -MP  -c ../../../../dev/ic/aic7xxx.c
cc1: warnings being treated as errors
ioconf.c:861: warning: initialization from incompatible pointer type
ioconf.c:863: warning: initialization from incompatible pointer type
ioconf.c:865: warning: initialization from incompatible pointer type
ioconf.c:867: warning: initialization from incompatible pointer type
ioconf.c:869: warning: initialization from incompatible pointer type
ioconf.c:871: warning: initialization from incompatible pointer type
ioconf.c:873: warning: initialization from incompatible pointer type
ioconf.c:875: warning: initialization from incompatible pointer type
ioconf.c:877: warning: initialization from incompatible pointer type
ioconf.c:879: warning: initialization from incompatible pointer type
ioconf.c:881: warning: initialization from incompatible pointer type
ioconf.c:883: warning: initialization from incompatible pointer type
ioconf.c:885: warning: initialization from incompatible pointer type
ioconf.c:887: warning: initialization from incompatible pointer type
ioconf.c:889: warning: initialization from incompatible pointer type
ioconf.c:891: warning: initialization from incompatible pointer type
ioconf.c:893: warning: initialization from incompatible pointer type
ioconf.c:895: warning: initialization from incompatible pointer type
ioconf.c:897: warning: initialization from incompatible pointer type
ioconf.c:899: warning: initialization from incompatible pointer type
ioconf.c:901: warning: initialization from incompatible pointer type
ioconf.c:903: warning: initialization from incompatible pointer type
ioconf.c:905: warning: initialization from incompatible pointer type
ioconf.c:907: warning: initialization from incompatible pointer type
ioconf.c:909: warning: initialization from incompatible pointer type
ioconf.c:911: warning: initialization from incompatible pointer type
ioconf.c:913: warning: initialization from incompatible pointer type
ioconf.c:915: warning: initialization from incompatible pointer type
ioconf.c:917: warning: initialization from incompatible pointer type
ioconf.c:919: warning: initialization from incompatible pointer type
ioconf.c:921: warning: initialization from incompatible pointer type
ioconf.c:923: warning: initialization from incompatible pointer type
ioconf.c:925: warning: initialization from incompatible pointer type
ioconf.c:927: warning: initialization from incompatible pointer type
ioconf.c:929: warning: initialization from incompatible pointer type
ioconf.c:931: warning: initialization from incompatible pointer type
ioconf.c:933: warning: initialization from incompatible pointer type
ioconf.c:935: warning: initialization from incompatible pointer type
ioconf.c:937: warning: initialization from incompatible pointer type
ioconf.c:939: warning: initialization from incompatible pointer type
ioconf.c:941: warning: initialization from incompatible pointer type
ioconf.c:943: warning: initialization from incompatible pointer type
ioconf.c:945: warning: initialization from incompatible pointer type
ioconf.c:947: warning: initialization from incompatible pointer type
ioconf.c:949: warning: initialization from incompatible pointer type
ioconf.c:951: warning: initialization from incompatible pointer type
ioconf.c:953: warning: initialization from incompatible pointer type
ioconf.c:955: warning: initialization from incompatible pointer type
ioconf.c:957: warning: initialization from incompatible pointer type
ioconf.c:959: warning: initialization from incompatible pointer type
ioconf.c:961: warning: initialization from incompatible pointer type
ioconf.c:963: warning: initialization from incompatible pointer type
ioconf.c:965: warning: initialization from incompatible pointer type
ioconf.c:967: warning: initialization from incompatible pointer type
ioconf.c:969: warning: initialization from incompatible pointer type
ioconf.c:971: warning: 

Re: kernel compile error

2015-09-11 Thread Hrvoje Popovski
On 11.9.2015. 12:11, Paul de Weerd wrote:
> Did you update config(8) before building?
> 
> http://www.openbsd.org/faq/current.html#20150911
> 
> Cheers,
> 
> Paul 'WEiRD' de Weerd
> 

yes, yes ... thank you ... now it's compile perfectly


> On Fri, Sep 11, 2015 at 12:01:31PM +0200, Hrvoje Popovski wrote:
> | cvs update from half an hour ago ...
> | 
> | log:
> | 
> | cc  -Werror -Wall -Wimplicit-function-declaration  -Wno-main
> | -Wno-uninitialized  -Wframe-larger-than=2047 -mcmodel=kernel
> | -mno-red-zone -mno-sse2 -mno-sse -mno-3dnow  -mno-mmx -msoft-float
> | -fno-omit-frame-pointer -fno-builtin-printf -fno-builtin-snprintf
> | -fno-builtin-vsnprintf -fno-builtin-log  -fno-builtin-log2
> | -fno-builtin-malloc -fno-pie -O2 -pipe -nostdinc -I../../../.. -I.
> | -I../../../../arch -DDDB -DDIAGNOSTIC -DKTRACE -DACCOUNTING -DKMEMSTATS
> | -DPTRACE -DPOOL_DEBUG -DCRYPTO -DSYSVMSG -DSYSVSEM -DSYSVSHM
> | -DUVM_SWAP_ENCRYPT -DFFS -DFFS2 -DFFS_SOFTUPDATES -DUFS_DIRHASH -DQUOTA
> | -DEXT2FS -DMFS -DNFSCLIENT -DNFSSERVER -DCD9660 -DUDF -DMSDOSFS -DFIFO
> | -DTMPFS -DFUSE -DSOCKET_SPLICE -DTCP_SACK -DTCP_ECN -DTCP_SIGNATURE
> | -DINET6 -DIPSEC -DPPP_BSDCOMP -DPPP_DEFLATE -DPIPEX -DMROUTING -DMPLS
> | -DBOOT_CONFIG -DUSER_PCICONF -DAPERTURE -DMTRR -DNTFS -DHIBERNATE
> | -DPCIVERBOSE -DUSBVERBOSE -DWSDISPLAY_COMPAT_USL
> | -DWSDISPLAY_COMPAT_RAWKBD -DWSDISPLAY_DEFAULTSCREENS="6"
> | -DWSDISPLAY_COMPAT_PCVT -DX86EMU -DONEWIREVERBOSE -DMULTIPROCESSOR
> | -DMAXUSERS=80 -D_KERNEL -MD -MP  -c ../../../../dev/ic/aic7xxx.c
> | cc1: warnings being treated as errors
> | ioconf.c:861: warning: initialization from incompatible pointer type
> | ioconf.c:863: warning: initialization from incompatible pointer type
> | ioconf.c:865: warning: initialization from incompatible pointer type
> | ioconf.c:867: warning: initialization from incompatible pointer type
> | ioconf.c:869: warning: initialization from incompatible pointer type
> | ioconf.c:871: warning: initialization from incompatible pointer type
> | ioconf.c:873: warning: initialization from incompatible pointer type
> | ioconf.c:875: warning: initialization from incompatible pointer type
> | ioconf.c:877: warning: initialization from incompatible pointer type
> | ioconf.c:879: warning: initialization from incompatible pointer type
> | ioconf.c:881: warning: initialization from incompatible pointer type
> | ioconf.c:883: warning: initialization from incompatible pointer type
> | ioconf.c:885: warning: initialization from incompatible pointer type
> | ioconf.c:887: warning: initialization from incompatible pointer type
> | ioconf.c:889: warning: initialization from incompatible pointer type
> | ioconf.c:891: warning: initialization from incompatible pointer type
> | ioconf.c:893: warning: initialization from incompatible pointer type
> | ioconf.c:895: warning: initialization from incompatible pointer type
> | ioconf.c:897: warning: initialization from incompatible pointer type
> | ioconf.c:899: warning: initialization from incompatible pointer type
> | ioconf.c:901: warning: initialization from incompatible pointer type
> | ioconf.c:903: warning: initialization from incompatible pointer type
> | ioconf.c:905: warning: initialization from incompatible pointer type
> | ioconf.c:907: warning: initialization from incompatible pointer type
> | ioconf.c:909: warning: initialization from incompatible pointer type
> | ioconf.c:911: warning: initialization from incompatible pointer type
> | ioconf.c:913: warning: initialization from incompatible pointer type
> | ioconf.c:915: warning: initialization from incompatible pointer type
> | ioconf.c:917: warning: initialization from incompatible pointer type
> | ioconf.c:919: warning: initialization from incompatible pointer type
> | ioconf.c:921: warning: initialization from incompatible pointer type
> | ioconf.c:923: warning: initialization from incompatible pointer type
> | ioconf.c:925: warning: initialization from incompatible pointer type
> | ioconf.c:927: warning: initialization from incompatible pointer type
> | ioconf.c:929: warning: initialization from incompatible pointer type
> | ioconf.c:931: warning: initialization from incompatible pointer type
> | ioconf.c:933: warning: initialization from incompatible pointer type
> | ioconf.c:935: warning: initialization from incompatible pointer type
> | ioconf.c:937: warning: initialization from incompatible pointer type
> | ioconf.c:939: warning: initialization from incompatible pointer type
> | ioconf.c:941: warning: initialization from incompatible pointer type
> | ioconf.c:943: warning: initialization from incompatible pointer type
> | ioconf.c:945: warning: initialization from incompatible pointer type
> | ioconf.c:947: warning: initialization f

Re: netstat statistics bridge interface

2015-08-27 Thread Hrvoje Popovski
On 27.8.2015. 2:06, Hrvoje Popovski wrote:
 Hi all,
 
 i have configured bridge interface with em2 and em3. Generator is
 connected on em3 and receiver is connected on em2.
 
 I'm generating 1,48Mpps on em3 and getting around 400kpps on box
 connected to em2 and that is fine but counters in netstat seems doubled
 on total in packets and total out packets.
 When traffic is routed over em2 and em3 counters seems fine.
 
 Could someone please tell why i see lots of errors on em interface but
 when i do same setups over ix inteface i can't see any errors?
 
 OpenBSD is updated today from cvs.
 
 
 pf disabled
 kern.pool_debug=0
 net.inet.ip.forwarding=1
 net.inet.ip.ifq.maxlen=8192
 net.inet.icmp.errppslimit=1000
 
 
 
 # netstat -I bridge0 -w 1
 bridg in  bridg out  total in  total out
  packets  errs  packets  errs colls   packets  errs  packets  errs colls
 4487180457 0 4487181625 0 0  8974402936 28010060078
 8974377616 0 0
   408667 0   408667 0 0817399 1114990   817455 0 0
   414841 0   414841 0 0829686 1090365   829623 0 0
   410705 0   410705 0 0821415 1110769   821471 0 0
   418013 0   418013 0 0835967 1088200   836027 0 0
   410321 0   410321 0 0820706 1110852   820583 0 0
 
 
 # netstat -I em3 -w 1
   em3 inem3 out  total in  total out
  packets  errs  packets  errs colls   packets  errs  packets  errs colls
 4468797033 28013336610 24623020 0 0  8986879126 28027621153
 8986853808 0 0
   407393 10907801 0 0814730 1090780   814727 0 0
   413971 10951471 0 0827946 1095147   827943 0 0
   412976 10942261 0 0825956 1094226   825893 0 0
   412837 1101 0 0825678 110   825735 0 0
   411166 10912281 0 0822335 1091228   822270 0 0
 
 
 # netstat -I em2 -w 1
   em2 inem2 out  total in  total out
  packets  errs  packets  errs colls   packets  errs  packets  errs colls
 24623417 14284543 4473277412 0 0  8995839701 28039662049
 8995814274 0 0
3 0   412959 0 0825805 1110303   825861 0 0
4 0   407495 0 0815053 1093808   814990 0 0
3 0   414865 0 0829737 1090340   829733 0 0
3 0   414132 0 0828152 1112466   828207 0 0
3 0   415979 0 0832084 1108386   832021 0 0
 


dmesg:

OpenBSD 5.8-current (GENERIC.MP) #3: Wed Aug 26 15:49:43 CEST 2015
r...@tst.srce.hr:/usr/src/sys/arch/amd64/compile/GENERIC.MP
RTC BIOS diagnostic error 80clock_battery
real mem = 34314588160 (32724MB)
avail mem = 33270726656 (31729MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0x7e67c000 (84 entries)
bios0: vendor IBM version -[D7E140YUS-1.70]- date 06/09/2014
bios0: IBM IBM System x3550 M4 Server -[7914T91]-
acpi0 at bios0: rev 2
acpi0: sleep states S0 S5
acpi0: tables DSDT FACP TCPA ERST HEST HPET APIC MCFG OEM0 OEM1 SLIT
SRAT SLIC SSDT SSDT SSDT SSDT DMAR
acpi0: wakeup devices MRP1(S4) DCC0(S4) MRP3(S4) MRP5(S4) EHC2(S5)
PEX0(S5) PEX7(S5) EHC1(S5) IP2P(S3) MRPB(S4) MRPC(S4) MRPD(S4) MRPF(S4)
MRPG(S4) MRPH(S4) MRPI(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz, 2400.36 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 100MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz, 2400.00 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,SENSOR,ARAT
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Xeon(R) CPU E5-2620 v2 @ 2.10GHz, 2400.00 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX

netstat statistics bridge interface

2015-08-26 Thread Hrvoje Popovski
Hi all,

i have configured bridge interface with em2 and em3. Generator is
connected on em3 and receiver is connected on em2.

I'm generating 1,48Mpps on em3 and getting around 400kpps on box
connected to em2 and that is fine but counters in netstat seems doubled
on total in packets and total out packets.
When traffic is routed over em2 and em3 counters seems fine.

Could someone please tell why i see lots of errors on em interface but
when i do same setups over ix inteface i can't see any errors?

OpenBSD is updated today from cvs.


pf disabled
kern.pool_debug=0
net.inet.ip.forwarding=1
net.inet.ip.ifq.maxlen=8192
net.inet.icmp.errppslimit=1000



# netstat -I bridge0 -w 1
bridg in  bridg out  total in  total out
 packets  errs  packets  errs colls   packets  errs  packets  errs colls
4487180457 0 4487181625 0 0  8974402936 28010060078
8974377616 0 0
  408667 0   408667 0 0817399 1114990   817455 0 0
  414841 0   414841 0 0829686 1090365   829623 0 0
  410705 0   410705 0 0821415 1110769   821471 0 0
  418013 0   418013 0 0835967 1088200   836027 0 0
  410321 0   410321 0 0820706 1110852   820583 0 0


# netstat -I em3 -w 1
  em3 inem3 out  total in  total out
 packets  errs  packets  errs colls   packets  errs  packets  errs colls
4468797033 28013336610 24623020 0 0  8986879126 28027621153
8986853808 0 0
  407393 10907801 0 0814730 1090780   814727 0 0
  413971 10951471 0 0827946 1095147   827943 0 0
  412976 10942261 0 0825956 1094226   825893 0 0
  412837 1101 0 0825678 110   825735 0 0
  411166 10912281 0 0822335 1091228   822270 0 0


# netstat -I em2 -w 1
  em2 inem2 out  total in  total out
 packets  errs  packets  errs colls   packets  errs  packets  errs colls
24623417 14284543 4473277412 0 0  8995839701 28039662049
8995814274 0 0
   3 0   412959 0 0825805 1110303   825861 0 0
   4 0   407495 0 0815053 1093808   814990 0 0
   3 0   414865 0 0829737 1090340   829733 0 0
   3 0   414132 0 0828152 1112466   828207 0 0
   3 0   415979 0 0832084 1108386   832021 0 0



Re: Possible fix for i217 problem

2015-08-04 Thread Hrvoje Popovski
On 4.8.2015. 23:47, Stuart Henderson wrote:
 On 2015/08/04 22:40, Stefan Fritsch wrote:
 someone mentioned to me the i217-LM problems that were reported on misc 
 end of May. It is possible that the patch below helps.
 
 This fixes my Dell poweredge T20:
 em0 at pci0 dev 25 function 0 Intel I217-LM rev 0x04: msi, address 
 f8:b1:56:...
 
 And doesn't break my X220:
 em0 at pci0 dev 25 function 0 Intel 82579LM rev 0x04: msi, address 
 f0:de:f1:...
 
 Readers with I217 / I218 / 82579 devices, please test, especially if network
 is currently WORKING for you. We know it fixes various issues but the 
 important
 thing is that this isn't at the expense of other systems.


don't know if this is relevant but intel i350 seems to work normal after
this patches.



Re: Intel C61X / C22X Chipset Support

2015-07-31 Thread Hrvoje Popovski
On 31.7.2015. 19:42, Joe Crivello wrote:
 Awesome! Thanks so much.
 
 So C22X gets detected as an Intel 8 series chipset then (which makes
 sense). We are initially thinking about using a couple of Super Micro
 5018D-MR servers with Intel X520 cards as routers, so the lack of onboard
 Ethernet support is not a problem for us. That said, if there are any
 developers out there who are interested in looking into the problem, we'd
 donate an Intel C224 motherboard.
 
 We'll contribute back a report including a dmesg once it's up and running.
 
 Anyone out there with a C61X chipset?
 
 -Joe
 

Dell R630 (C610) is working nicely...



Re: Dell FX2 or Huawei E9000 dmesg(s), anyone?

2015-07-17 Thread Hrvoje Popovski
On 16.7.2015. 1:46, Hrvoje Popovski wrote:
 On 13.7.2015. 7:52, OpenBSD user wrote:
 Would anyone care to share amd64 dmesg(s) from
 Dell FX2 or Huawei E9000?

 Would be truly grateful!

 
 next week i will get access to dell fc630. i'm quite sure that fc630
 have dual port QLogic 577xx/578xx 10 GbE BCM57810 card which is not
 supported in OpenBSD.
 


dmesg from Dell PowerEdge FC630


on 0 Intel E5 v3 Host rev 0x02
ppb0 at pci0 dev 1 function 0 Intel E5 v3 PCIE rev 0x02
pci1 at ppb0 bus 1
1:0:0: mem address conflict 0xfff8/0x8
1:0:1: mem address conflict 0xfff8/0x8
Broadcom BCM57810 rev 0x10 at pci1 dev 0 function 0 not configured
Broadcom BCM57810 rev 0x10 at pci1 dev 0 function 1 not configured
ppb1 at pci0 dev 2 function 0 Intel E5 v3 PCIE rev 0x02
pci2 at ppb1 bus 2
mfii0 at pci2 dev 0 function 0 Symbios Logic MegaRAID SAS3008 rev
0x02: msi
mfii0: PERC H330 Mini, firmware 25.3.0.0016
scsibus0 at mfii0: 32 targets
sd0 at scsibus0 targ 0 lun 0: DELL, PERC H330 Mini, 4.25 SCSI3
0/direct fixed naa.644a84202682df001d01986f0a483a1d
sd0: 915200MB, 512 bytes/sector, 1874329600 sectors
scsibus1 at mfii0: 256 targets
ppb2 at pci0 dev 3 function 0 Intel E5 v3 PCIE rev 0x02
pci3 at ppb2 bus 3
ppb3 at pci3 dev 0 function 0 vendor PLX, unknown product 0x8733 rev 0xca
pci4 at ppb3 bus 4
ppb4 at pci4 dev 8 function 0 vendor PLX, unknown product 0x8733 rev 0xca
pci5 at ppb4 bus 5
ppb5 at pci5 dev 0 function 0 vendor PLX, unknown product 0x8780 rev 0xab
pci6 at ppb5 bus 6
Intel E5 v3 Address Map rev 0x02 at pci0 dev 5 function 0 not configured
Intel E5 v3 Hot Plug rev 0x02 at pci0 dev 5 function 1 not configured
Intel E5 v3 Error Reporting rev 0x02 at pci0 dev 5 function 2 not
configured
Intel E5 v3 I/O APIC rev 0x02 at pci0 dev 5 function 4 not configured
Intel C610 MS SPSR rev 0x05 at pci0 dev 17 function 0 not configured
ahci0 at pci0 dev 17 function 4 Intel C610 AHCI rev 0x05: msi, AHCI 1.3
scsibus2 at ahci0: 32 targets
Intel C610 MEI rev 0x05 at pci0 dev 22 function 0 not configured
Intel C610 MEI rev 0x05 at pci0 dev 22 function 1 not configured
ehci0 at pci0 dev 26 function 0 Intel C610 USB rev 0x05: apic 8 int 18
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1
ppb6 at pci0 dev 28 function 0 Intel C610 PCIE rev 0xd5
pci7 at ppb6 bus 7
ppb7 at pci0 dev 28 function 7 Intel C610 PCIE rev 0xd5: msi
pci8 at ppb7 bus 8
ppb8 at pci8 dev 0 function 0 vendor Renesas, unknown product 0x001d
rev 0x00
pci9 at ppb8 bus 9
ppb9 at pci9 dev 0 function 0 vendor Renesas, unknown product 0x001d
rev 0x00
pci10 at ppb9 bus 10
ppb10 at pci10 dev 0 function 0 vendor Renesas, unknown product 0x001a
rev 0x00
pci11 at ppb10 bus 11
vga1 at pci11 dev 0 function 0 Matrox MGA G200eR rev 0x01
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
ehci1 at pci0 dev 29 function 0 Intel C610 USB rev 0x05: apic 8 int 18
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1
Intel C610 LPC rev 0x05 at pci0 dev 31 function 0 not configured
ahci1 at pci0 dev 31 function 2 Intel C610 AHCI rev 0x05: msi, AHCI 1.3
scsibus3 at ahci1: 32 targets
pci12 at mainbus0 bus 255
Intel E5 v3 QPI rev 0x02 at pci12 dev 8 function 0 not configured
Intel E5 v3 QPI rev 0x02 at pci12 dev 8 function 2 not configured
Intel E5 v3 QPI rev 0x02 at pci12 dev 8 function 3 not configured
Intel E5 v3 QPI rev 0x02 at pci12 dev 9 function 0 not configured
Intel E5 v3 QPI rev 0x02 at pci12 dev 9 function 2 not configured
Intel E5 v3 QPI rev 0x02 at pci12 dev 9 function 3 not configured
Intel E5 v3 QPI Monitor rev 0x02 at pci12 dev 11 function 0 not configured
Intel E5 v3 QPI Monitor rev 0x02 at pci12 dev 11 function 1 not configured
Intel E5 v3 QPI Monitor rev 0x02 at pci12 dev 11 function 2 not configured
Intel E5 v3 Unicast rev 0x02 at pci12 dev 12 function 0 not configured
Intel E5 v3 Unicast rev 0x02 at pci12 dev 12 function 1 not configured
Intel E5 v3 Unicast rev 0x02 at pci12 dev 12 function 2 not configured
Intel E5 v3 Unicast rev 0x02 at pci12 dev 12 function 3 not configured
Intel E5 v3 Unicast rev 0x02 at pci12 dev 12 function 4 not configured
Intel E5 v3 Unicast rev 0x02 at pci12 dev 12 function 5 not configured
Intel E5 v3 Unicast rev 0x02 at pci12 dev 12 function 6 not configured
Intel E5 v3 Unicast rev 0x02 at pci12 dev 12 function 7 not configured
Intel E5 v3 Unicast rev 0x02 at pci12 dev 13 function 0 not configured
Intel E5 v3 Unicast rev 0x02 at pci12 dev 13 function 1 not configured
Intel E5 v3 Unicast rev 0x02 at pci12 dev 13 function 2 not configured
Intel E5 v3 Unicast rev 0x02 at pci12 dev 13 function 3 not configured
Intel E5 v3 Ring Agent rev 0x02 at pci12 dev 15 function 0 not configured
Intel E5 v3 Ring Agent rev 0x02 at pci12 dev 15 function 1 not configured
Intel E5 v3 Ring Agent rev 0x02 at pci12 dev 15 function 2 not configured
Intel E5 v3 Ring Agent rev 0x02 at pci12 dev 15 function 3 not configured
Intel E5 v3 SAD rev 0x02 at pci12 dev 15 function 4

Re: Dell FX2 or Huawei E9000 dmesg(s), anyone?

2015-07-15 Thread Hrvoje Popovski
On 13.7.2015. 7:52, OpenBSD user wrote:
 Would anyone care to share amd64 dmesg(s) from
 Dell FX2 or Huawei E9000?
 
 Would be truly grateful!
 

next week i will get access to dell fc630. i'm quite sure that fc630
have dual port QLogic 577xx/578xx 10 GbE BCM57810 card which is not
supported in OpenBSD.



Re: ix(4) X710-DA4

2015-06-12 Thread Hrvoje Popovski
On 19.2.2015. 13:08, Jonathan Gray wrote:
 On Thu, Feb 19, 2015 at 10:11:36AM +0200, Or Elimelech wrote:
 Hi,

 I???m purchasing 2 new firewalls and I wonder if the ix(4) driver supports 
 X710-DA4

 Have anyone tried this in production?

 Thanks
 
 Someone needs to port Intel's ixl/i40e driver from FreeBSD before those
 cards will work.
 

Hi all,

I am willing to donate X710-DA4 for development.



Re: netstat doubles packet count on output

2015-05-20 Thread Hrvoje Popovski
On 20.5.2015. 10:30, Martin Pieuchot wrote:
 On 19/05/15(Tue) 22:14, Hrvoje Popovski wrote:
 Hi all,

 today i have update test box from cvs and it seems that netstat doubles
 packet count on output. anyone else sees the same thing?
 
 Yep, I introduced a regression during the if_output() conversion. Thanks
 for the report, I just committed a fix.
 
 M.
 

thank you,

netstat is counting packet as before



netstat doubles packet count on output

2015-05-19 Thread Hrvoje Popovski
Hi all,

today i have update test box from cvs and it seems that netstat doubles
packet count on output. anyone else sees the same thing?

pf disabled
box on ix1 generate traffic
box on ix0 receive same amount of traffic as in total in packets

kern.pool_debug=0
net.inet.ip.forwarding=1
net.inet.ip.ifq.maxlen=8192

net.inet.ip.ifq.drops=0
kern.netlivelocks=3


# netstat -iw1
  em0 inem0 out  total in  total out
 packets  errs  packets  errs colls   packets  errs  packets  errs colls
2055 0 2017 0 0  481662247 0 963243956 0 0
   1 03 0 0660962 0  1328389 0 0
   1 02 0 0671915 0  1344282 0 0
   1 02 0 0673261 0  1345778 0 0
   3 02 0 0669016 0  1338812 0 0

# netstat -I ix0 -w1
  ix0 inix0 out  total in  total out
 packets  errs  packets  errs colls   packets  errs  packets  errs colls
  104032 0 977478094 0 0  488847789 0 977618583 0 0
  51 0  1326270 0 0661349 0  1326376 0 0
  39 0  1340976 0 0670325 0  1341054 0 0
  62 0  1341340 0 0670730 0  1341466 0 0
  44 0  1340355 0 0670254 0  1340445 0 0

# netstat -I ix1 -w1
  ix1 inix1 out  total in  total out
 packets  errs  packets  errs colls   packets  errs  packets  errs colls
493318725 0   139536 0 0  493425441 0 986766963 0 0
  665502 0  176 0 0665595 0  1338842 0 0
  663956 0  122 0 0664015 0  1331334 0 0
  672944 0  126 0 0673008 0  1343214 0 0
  668028 0  106 0 0668082 0  1338952 0 0



Re: OpenBGPd Route Server

2015-04-15 Thread Hrvoje Popovski
On 15.4.2015. 19:45, Mike Hammett wrote:
 What do you have $my_ip4_net and $my_ip6_net set to? I assume the IPv4 and 
 IPv6 blocks that the IX is using? 

yes, that's IX network..



  1   2   >