Re: fighting amplification attack --was: Re: pf: block drop not working

2021-05-07 Thread Tom Smyth
Hello Axel,

Check out fastnetmon  if you have SFLOW (Preferably ) or Netflow
support on your switches   /or routers facing external providers
you can put pps per second thresholds on .

but bear in mind if the amount of bandwdith being sent to your router
exceeds capacity you need to send a BGP community to
do  remote Triggered Black Holeto your providers...  RTBH ... (BGP
Communities) etc..

Best of Luck

On Fri, 7 May 2021 at 10:10, Axel Rau  wrote:
>
>
>
> > Am 05.05.2021 um 16:20 schrieb Stuart Henderson  > <mailto:s...@spacehopper.org>>:
> >
> > This is usually best dealt with in your DNS server software e.g. by using
> > the rrl-* configuration in NSD, see nsd.conf(5), or "rate-limit" config
> > section in BIND.
>
> Yes, I have this in place now, but I try to let the fw drop them:
> This seems not working:
> udp_inbound_dns_options = 'keep state (max-src-conn-rate 120/60, overload 
>  flush global )'
> …
> pass in quick on $red_if proto udp from any to { $ns4, $ns5 } \
> port { domain } tag RED_DMZ $udp_inbound_dns_options label "dns 
> inbound"
>
> Is this not possible with udp?
>
> Axel
> ---
> PGP-Key: CDE74120computing @ chaos claudius
>


-- 
Kindest regards,
Tom Smyth.



Re: pf: block drop not working

2021-05-05 Thread Tom Smyth
black_whole vs black_hole

check the table name ...

On Wed, 5 May 2021 at 12:11, Axel Rau  wrote:
>
> Hi all,
>
> in pf.conf, I have at the beginning:
> - - -
> table  persist file "/etc/pf/black_hole.txt"
> block drop in quick on $red_if from  flags any
>
> fw1# pfctl -s rules  | head -3
> block drop in quick on em2 from  to any
>
> fw1# pfctl -t black_hole -T show
> . . .
>146.168.0.0/16
> . . .
>
> But responses still going out from my ns:
>
>  0800 532: x.y.z.71.53 > 146.168.163.94.443: [udp sum ok] 1- 0/13/14(490) 
> (ttl 63, id 10399, len 518)
>  0800 72: 146.168.163.94.443 > x.y.z.21.53: [no udp cksum] 1+ RRSIG? 
> pizzaseo.com.(30) (ttl 249, id 3922, len 58)
>  0800 532: x.y.z.21.53 > 146.168.163.94.443: [udp sum ok] 1- 0/13/14(490) 
> (ttl 63, id 38336, len 518)
>  0800 72: 146.168.163.94.443 > x.y.z.171.53: [no udp cksum] 1+ RRSIG? 
> pizzaseo.com.(30) (ttl 249, id 55913, len 58)
>  0800 532: x.y.z.171.53 > 146.168.163.94.443: [udp sum ok] 1- 0/13/14(490) 
> (ttl 62, id 53578, len 518)
>
>
> What is wrong in my setup?
>
> Thanks, Axel
> ---
> PGP-Key: CDE74120computing @ chaos claudius
>


-- 
Kindest regards,
Tom Smyth.



Re: default Offset to 1MB boundaries for improved SSD (and Raid Virtual Disk) partition alignment

2021-04-21 Thread Tom Smyth
Christian, Otto, Thanks for your feedback on this one

Ill research it further,
but NTFS has 4K, 8K 32K and 64K Allocation units on the
filessystem and for Microsoft  windows running Exchange or Database workloads
they were recommending alignment of the NTFS partitions
on the 1MB offset also.

>From Otto's, explanation (Thanks) of 1/16  blocks would potentially
cross a boundary  of the
storage subsystem,
6.25% of reads(or writes)  could result in a double Read ( or double write)

of course the write issue is a bigger problem for the SSDs..

I can configure the partitions how I want ,for now anyway,

Ill do a little digging on FFS and FFS2 and see how the filesystem
database (or table)
is structured...

Thanks for the feedback it is very helpful to me

All the best,

Tom Smyth



On Wed, 21 Apr 2021 at 15:25, Christian Weisgerber  wrote:
>
> Tom Smyth:
>
> > if you were to have a 1MB file or  a database that needed to read 1MB
> > of data,  i
> > f the partitions are not aligned then
> > your underlying storage system need to load 2 chunks  or write 2
> > chunks for 1 MB of data, written,
>
> You seem to assume that FFS2 would align a 1MB file on an 1MB border
> within the filesystem.  That is not case.  That 1MB file will be
> aligned on a blocksize border (16/32/64 kB, depending on filesystem
> size).  Aligning the partition on n*blocksize has no effect on this.
>
> --
> Christian "naddy" Weisgerber  na...@mips.inka.de



-- 
Kindest regards,
Tom Smyth.



Re: default Offset to 1MB boundaries for improved SSD (and Raid Virtual Disk) partition alignment

2021-04-21 Thread Tom Smyth
Hello Otto, Christian,

I was relying on that paper for the pictures of the alignment issue,

VMFS  (vmware file system)since version 5 of vmwarehas allocation
units of 1MB each

https://kb.vmware.com/s/article/2137120

my understanding is that SSDs   have a similar allocation unit setup of 1MB,

and that aligning your file system to 1MB would improve performance


|OpenBSD Filesystem --|  FFS-Filesystem
|VMDK Virtual Disk file for Guest |  OpenBSD-Gusest-Disk0.vmdk
|vmware datastore--  |   1MB allocation
|Logical Storage Device / RAID---|
|SSD or DISK storage --|1MB allocation  unit (on some SSDs)

Figure 2 of the following paper shows what
https://www.usenix.org/legacy/event/usenix09/tech/full_papers/rajimwale/rajimwale.pdf
as your writes start to cross another underlying block boundary you
see a degradation of performance
largest impact is on a write o1 1MB (misaligned) across 2 blocks,
but it repeats as you increase the number  of MB in a transaction but
the % overhead
reduces for each additional 1MB in the Transaction.

If there is no downside to allocating  /Offsetting  filesystems on 1MB
boundaries,
can we do that by default to reduce wear on SSDs, and improve performance
in Virtualized Environments with large allocation units on what ever storage
subsystem they are running.

Thanks for your time

Tom Smyth




On Wed, 21 Apr 2021 at 08:49, Otto Moerbeek  wrote:
>
> On Wed, Apr 21, 2021 at 08:20:10AM +0100, Tom Smyth wrote:
>
> > Hi Christian,
> >
> > if you were to have a 1MB file or  a database that needed to read 1MB
> > of data,  i
> > f the partitions are not aligned then
> > your underlying storage system need to load 2 chunks  or write 2
> > chunks for 1 MB of data, written,
> >
> > So *worst* case you would double the workload for the storage hardware
> > (SSD or Hardware RAID with large chunks)  for each transaction
> > on writing to SSDs if you are not aligned one could *worst *case
> > double the write / wear rate.
> >
> > The improvement would be less for accessing small files and writing small 
> > files
> > (as they would need to be across  2 Chunks )
> >
> > The following paper explains (better  than I do )
> > https://www.vmware.com/pdf/esx3_partition_align.pdf
> >
> > if the cost is  1-8MB at the start of the disk (assuming partitions are 
> > sized
> >  so that they dont loose the ofset of 2048 sectors)
> > I think it is worth pursuing. (again I only have experience on amd64
> > /i386 hardware)
>
> Doing a quick scan trhough the pdf I only see talk about 64k boundaries.
>
> FFS(2) will split up any partiition in multiple cylinder groups. Each
> cylinder group starts with a superblock copy, inode tables and other
> meta datas before the data blocks of that cylinder group. Having the
> start of a partion a 1 1MB boundary does not get you those data blocks
> at a specific boundary. So I think your resoning does not apply to FFS(2).
>
> It might make sense to move the start to offset 128 for big
> partitions, so you align with the 64k boundary mentioned in the pdf,
> the block size is already 64k (for big parttiions).
>
> -Otto
>
> >
> > Thanks
> > Tom Smyth
> >
> > On Tue, 20 Apr 2021 at 22:52, Christian Weisgerber  
> > wrote:
> > >
> > > Tom Smyth:
> > >
> > > > just installing todays snapshot and the default offset on amd64 is 64,
> > > >  (as it has been for as long as I can remember)
> > >
> > > It was changed from 63 in 2010.
> > >
> > > > Is it worth while updating the defaults so that OpenBSD partition
> > > > layout will be optimal for SSD or other Virtualized RAID environments
> > > > with 1MB  Chunks,
> > >
> > > What are you trying to optimize with this?  FFS2 file systems reserve
> > > 64 kB at the start of a partition, and after that it's filesystem
> > > blocks, which are 16/32/64 kB, depending on the size of the filesystem.
> > > I can barely see an argument for aligning large partitions at 128
> > > sectors, but what purpose would larger multiples serve?
> > >
> > > > Is there a down side  to moving the default offset to 2048 ?
> > >
> > > Not really.  It wastes a bit of space, but that is rather insignificant
> > > for today's disk sizes.
> > >
> > > --
> > > Christian "naddy" Weisgerber  na...@mips.inka.de
> > >
> >
> >
> > --
> > Kindest regards,
> > Tom Smyth.
> >



-- 
Kindest regards,
Tom Smyth.



Re: default Offset to 1MB boundaries for improved SSD (and Raid Virtual Disk) partition alignment

2021-04-21 Thread Tom Smyth
Hi Christian,

if you were to have a 1MB file or  a database that needed to read 1MB
of data,  i
f the partitions are not aligned then
your underlying storage system need to load 2 chunks  or write 2
chunks for 1 MB of data, written,

So *worst* case you would double the workload for the storage hardware
(SSD or Hardware RAID with large chunks)  for each transaction
on writing to SSDs if you are not aligned one could *worst *case
double the write / wear rate.

The improvement would be less for accessing small files and writing small files
(as they would need to be across  2 Chunks )

The following paper explains (better  than I do )
https://www.vmware.com/pdf/esx3_partition_align.pdf

if the cost is  1-8MB at the start of the disk (assuming partitions are sized
 so that they dont loose the ofset of 2048 sectors)
I think it is worth pursuing. (again I only have experience on amd64
/i386 hardware)

Thanks
Tom Smyth

On Tue, 20 Apr 2021 at 22:52, Christian Weisgerber  wrote:
>
> Tom Smyth:
>
> > just installing todays snapshot and the default offset on amd64 is 64,
> >  (as it has been for as long as I can remember)
>
> It was changed from 63 in 2010.
>
> > Is it worth while updating the defaults so that OpenBSD partition
> > layout will be optimal for SSD or other Virtualized RAID environments
> > with 1MB  Chunks,
>
> What are you trying to optimize with this?  FFS2 file systems reserve
> 64 kB at the start of a partition, and after that it's filesystem
> blocks, which are 16/32/64 kB, depending on the size of the filesystem.
> I can barely see an argument for aligning large partitions at 128
> sectors, but what purpose would larger multiples serve?
>
> > Is there a down side  to moving the default offset to 2048 ?
>
> Not really.  It wastes a bit of space, but that is rather insignificant
> for today's disk sizes.
>
> --
> Christian "naddy" Weisgerber  na...@mips.inka.de
>


-- 
Kindest regards,
Tom Smyth.



default Offset to 1MB boundaries for improved SSD (and Raid Virtual Disk) partition alignment

2021-04-20 Thread Tom Smyth
Hello,

just installing todays snapshot and the default offset on amd64 is 64,
 (as it has been for as long as I can remember)
Is it worth while updating the defaults so that OpenBSD partition
layout will be optimal for SSD or other Virtualized RAID environments
with 1MB  Chunks,

Is there a down side  to moving the default offset to 2048 ?1MB
off set on 512 byte format disks.
we have been running 2048 offset as our starting offset,  for our
OpenBSD  installs for about 3 -4 years now and we have not come across
issues.

it is unlikely that this will be changed in 6.9  release but It might
be worth re-visiting as it would
make for more straightforward  aligned partitions on OpenBSD installs..

my experience is more for x86 / amd64   rather than other platforms ..

Kindest Regards,

Tom Smyth




-- 
Kindest regards,
Tom Smyth.



shells/nsh network shells, feedback and comments requested,

2021-04-18 Thread Tom Smyth
Hello,

If anyone has used shells/nsh (past or present)
 or has any ideas, opinions on it and its usability,
bug reports or questions can you let me know
(on or off list I don't mind).

I'm particularly interested in configuration limitations
you came across. (where you couldn't do something
in NSH that  you can do in base.

We will be working on it  to track  current, and hopefully
7.0 release.

Thanks
Tom Smyth



Re: Last shutdown date of old OpenBSD machine

2021-04-15 Thread Tom Smyth
Check dmesg i think that will have the boot time / date in it



On Thursday, 15 April 2021, Ales Tepina  wrote:

> Hi!
>
> I have a really old machine (it has DIN keyboard connector) with OpenBSD
> installed on it that was used as a router and its been sitting
> in the basement for quite a few years. I would like to find out the date
> when the machine was last shutdown.
>
> What would be the best way to go about looking for that info?
>
> I have two options as far as i can see but have not tried any of them to
> avoid messing up the date of last boot/shutdown:
> 1. Boot the machine and check the log files in /var/log
> 2. Attach the disk drive to another machine and mount the partition and
>   also check the info on some files
>
> Also, one important caveat. There is a good chance i won't be able to
> guess the password anymore. I think i know what it is, but i'm not sure
> since it was so long ago.
> Therefore booting into single user mode is probably the only choice for
> option 1.
>
> Thank you for your suggestions.
>
> Br, Ales
>
>

-- 
Kindest regards,
Tom Smyth.


Re: Technical Documentation - CARP

2021-04-13 Thread Tom Smyth
Hi Jannick

the man pages are also a good up to date source of information...

sometimes a paper from a few years ago states something like

X/Y is not supported... but as an OpenBSD developer once quiped
"yes we do add features from time to time"  :)

so the papers can give really good context and insights...
but refer to the manuals also to validate any improved syntax and or
features

Hope this helps
Tom Smyth

On Tue, 13 Apr 2021 at 09:34, jannick Weiss  wrote:
>
> Hello,my name is Jannick Weiss and i am currently in the process of taking
> my education as a datatechnician. As part of my education i have to do a
> presentation on a self-elected subject and i have chosen to talk about CARP.
>
> It is my understanding that it is you (OpenBSD) that have developed CARP.
> I am having trouble finding information about CARP, such as the different
> states the protocol goes through or how the election of the master node
> works specifically.
> If you can provide any documentation on CARP it would be greatly
> appreciated.
>
> In advance, thank you for any help you may provide.
>
> Best regards
>
> Jannick Weiss



-- 
Kindest regards,
Tom Smyth.



Re: 6.9 Current amd64 xfce seems to freeze and not respond to mouse clicks or keystrokes

2021-04-10 Thread Tom Smyth
Hi Ian,

Thanks for that  it seems to be the screensaver that was causing the issue.

do you have the screensaver enabled also ?

in hind sight it doesn't appear to be a hardware issue (or virtual
hardware issue )

thanks for your reply and feedback

On Sat, 10 Apr 2021 at 23:52, Ian Darwin  wrote:
>
> On Sat, Apr 10, 2021 at 10:22:17PM +0100, Tom Smyth wrote:
> > Hello,
> >
> > 1) issue does not occur with fvwm or with chrome running in fvwm
> >
> > so the issue seems to be confined to xfce, and I was running  just 1
> > xfce terminal session
> > 2) (so the issue is not related to chromium)
> >
> > > > I'm running OpenBSD on an Oracle Virtualbox VM
>
> I run xfce all the time on -current on amd64 on real hardware and do
> not have any such issue.



-- 
Kindest regards,
Tom Smyth.



Re: 6.9 Current amd64 xfce seems to freeze and not respond to mouse clicks or keystrokes

2021-04-10 Thread Tom Smyth
Geoff,
The force is strong with you :)

Thanks that worked xfce-screensaver was active but I was not seeing
the screen-saver

Appreciate your help

Tom Smyth

On Sat, 10 Apr 2021 at 22:48, gwes  wrote:
>
>
>
> On 4/10/21 5:22 PM, Tom Smyth wrote:
> > Hello,
> >
> > 1) issue does not occur with fvwm or with chrome running in fvwm
> >
> > so the issue seems to be confined to xfce, and I was running  just 1
> > xfce terminal session
> > 2) (so the issue is not related to chromium)
> >
> > Thanks
> >
> >
> > O
> > --
> > Kindest regards,
> > Tom Smyth.
> >
> Hi Tom,
> Some application that you can't see is grabbing focus and not letting go.
>
> On another OS using xfce (XUbuntu) the screensaver sometimes causes
> something
> extremely similar. Mouse cursor moves but nothing else responds.
> The workaround is to use control-alt-F1 to get a
> plain console and ps -ax | grep screen then doas kill .
>
> If it's not a screensaver it's almost always a second browser copy.
> I just find likely greedy candidates in the ps and kill until the
> problem goes away.
>
> If the X server won't let you use control-alt-Fx to change screens you'll
> have to ssh in.
>
> Geoff Steckel



-- 
Kindest regards,
Tom Smyth.



Re: 6.9 Current amd64 xfce seems to freeze and not respond to mouse clicks or keystrokes

2021-04-10 Thread Tom Smyth
Hello,

1) issue does not occur with fvwm or with chrome running in fvwm

so the issue seems to be confined to xfce, and I was running  just 1
xfce terminal session
2) (so the issue is not related to chromium)

Thanks


On Fri, 9 Apr 2021 at 19:09, Tom Smyth  wrote:
>
> just to update this thread,
>
> 1) the mouse pointer still moves around but It cant seem to select a
> window or text or any icon in a menu
>
> 2) i did increase the resolution using xrandr -s 1920x1080   at the
> start of the session without issue
>
> 3) crhomium is open when this happens
>
> Thanks
>
> On Fri, 9 Apr 2021 at 19:33, Tom Smyth  wrote:
> >
> > Hello
> >
> > 6.9 Current  amd64 xfce seems to freeze and not respond to  mouse
> > clicks  or keystrokes.  I cant seem to change windows or enter text on
> > the X terminal
> >
> >
> > im running OpenBSD on an Oracle Virtualbox VM
> >
> > however  +   does work and im able to restart the x
> > session using the console
> >
> > rcctl restart xenodm
> >
> > Ill try FVWM to see is it an  X11 issue or an issue with xfce
> >
> > just raising it incase someone else has noticed this issue
> >
> > dmesg below
> >
> > OpenBSD 6.9 (GENERIC.MP) #458: Fri Apr  9 01:05:30 MDT 2021
> > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> > real mem = 8573091840 (8175MB)
> > avail mem = 8297865216 (7913MB)
> > random: good seed from bootblocks
> > mpath0 at root
> > scsibus0 at mpath0: 256 targets
> > mainbus0 at root
> > bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xe1000 (10 entries)
> > bios0: vendor innotek GmbH version "VirtualBox" date 12/01/2006
> > bios0: innotek GmbH VirtualBox
> > acpi0 at bios0: ACPI 4.0
> > acpi0: sleep states S0 S5
> > acpi0: tables DSDT FACP APIC HPET MCFG SSDT
> > acpi0: wakeup devices
> > acpitimer0 at acpi0: 3579545 Hz, 32 bits
> > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> > cpu0 at mainbus0: apid 0 (boot processor)
> > cpu0: Intel(R) Core(TM) i7-10610U CPU @ 1.80GHz, 2304.35 MHz, 06-8e-0c
> > cpu0: 
> > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,SSSE3,CX16,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,RDRAND,NXE,RDTSCP,LONG,LAHF,ABM,3DNOWP,ITSC,FSGSBASE,AVX2,INVPCID,RDSEED,CLFLUSHOPT,MD_CLEAR,L1DF
> > cpu0: 256KB 64b/line 8-way L2 cache
> > cpu0: smt 0, core 0, package 0
> > mtrr: CPU supports MTRRs but not enabled by BIOS
> > cpu0: apic clock running at 1000MHz
> > cpu1 at mainbus0: apid 1 (application processor)
> > cpu1: Intel(R) Core(TM) i7-10610U CPU @ 1.80GHz, 2304.08 MHz, 06-8e-0c
> > cpu1: 
> > FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,SSSE3,CX16,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,RDRAND,NXE,RDTSCP,LONG,LAHF,ABM,3DNOWP,ITSC,FSGSBASE,AVX2,INVPCID,RDSEED,CLFLUSHOPT,MD_CLEAR,L1DF
> > cpu1: 256KB 64b/line 8-way L2 cache
> > cpu1: smt 0, core 1, package 0
> > ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins, remapped
> > acpihpet0 at acpi0: 14318179 Hz
> > acpimcfg0 at acpi0
> > acpimcfg0: addr 0xdc00, bus 0-63
> > acpiprt0 at acpi0: bus 0 (PCI0)
> > acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001
> > acpicmos0 at acpi0
> > acpibat0 at acpi0: BAT0 model "1" serial 0 type VBOX oem "innotek"
> > acpiac0 at acpi0: AC unit online
> > acpicpu0 at acpi0: C1(@1 halt!)
> > acpicpu1 at acpi0: C1(@1 halt!)
> > acpivideo0 at acpi0: GFX0
> > pci0 at mainbus0 bus 0
> > vga1 at pci0 dev 2 function 0 "VMware SVGA II" rev 0x00
> > wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
> > wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> > em0 at pci0 dev 3 function 0 "Intel 82540EM" rev 0x02: apic 2 int 19,
> > address 08:00:27:bd:cb:77
> > "InnoTek VirtualBox Guest Service" rev 0x00 at pci0 dev 4 function 0
> > not configured
> > auich0 at pci0 dev 5 function 0 "Intel 82801AA AC97" rev 0x01: apic 2
> > int 21, ICH
> > ac97: codec id 0x83847600 (SigmaTel STAC9700)
> > audio0 at auich0
> > piixpm0 at pci0 dev 7 function 0 "Intel 82371AB Power" rev 0x08: apic 2 int 
> > 23
> > iic0 at piixpm0
> > pcib0 at pci0 dev 31 function 0 "Intel 82801GBM LPC" rev 0x02
> > pciide0 at pci0 dev 31 function 1 "Intel 82371AB IDE" rev 0x01: DMA,
> > channel 0 configured to compatibility, channel 1 configured to
> > compatibility
> > wd0 at pciide0 

Re: OT: Dell EMC switches

2021-04-09 Thread Tom Smyth
+1 re arista switches...

On Friday, 9 April 2021, Diana Eichert  wrote:

> I second Arista switches, in my day job we use a lot of Arista
> switches.  Though one of the "issues" we see is Arista
> drops older tech regularly.  I believe their last presentation to us
> was 25G/100G/400G switches.
>
> On Thu, Apr 8, 2021 at 1:18 PM Mischa  wrote:
> >
> > Hi Ivo,
> >
> > I don’t have any experience with the Dell switches but what about the
> Arista DCS-7050QX-32 or DCS-7050QX-32S?
> > 32x40G QSFP+ for the 7050QX-32
> > 32x40G QSFP+ of which one QSFP+ can act as a dual personality to 4xSFP+
> for the 7050QX-32S. (mind the S)
> >
> > There are converters for the QSFP+ to turn them into a SFP+ port if you
> need more 10G but want to have a way to migrate to 40G.
> > You can do this with the Mellanox 655902-001 QSA adapter.
> >
> > Which is pretty much what we have in production. :)
> > Are you planning to buy new or eBay? There are some pretty good deals on
> eBay.
> >
> > Mischa
>
>

-- 
Kindest regards,
Tom Smyth.


Re: 6.9 Current amd64 xfce seems to freeze and not respond to mouse clicks or keystrokes

2021-04-09 Thread Tom Smyth
just to update this thread,

1) the mouse pointer still moves around but It cant seem to select a
window or text or any icon in a menu

2) i did increase the resolution using xrandr -s 1920x1080   at the
start of the session without issue

3) crhomium is open when this happens

Thanks

On Fri, 9 Apr 2021 at 19:33, Tom Smyth  wrote:
>
> Hello
>
> 6.9 Current  amd64 xfce seems to freeze and not respond to  mouse
> clicks  or keystrokes.  I cant seem to change windows or enter text on
> the X terminal
>
>
> im running OpenBSD on an Oracle Virtualbox VM
>
> however  +   does work and im able to restart the x
> session using the console
>
> rcctl restart xenodm
>
> Ill try FVWM to see is it an  X11 issue or an issue with xfce
>
> just raising it incase someone else has noticed this issue
>
> dmesg below
>
> OpenBSD 6.9 (GENERIC.MP) #458: Fri Apr  9 01:05:30 MDT 2021
> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 8573091840 (8175MB)
> avail mem = 8297865216 (7913MB)
> random: good seed from bootblocks
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xe1000 (10 entries)
> bios0: vendor innotek GmbH version "VirtualBox" date 12/01/2006
> bios0: innotek GmbH VirtualBox
> acpi0 at bios0: ACPI 4.0
> acpi0: sleep states S0 S5
> acpi0: tables DSDT FACP APIC HPET MCFG SSDT
> acpi0: wakeup devices
> acpitimer0 at acpi0: 3579545 Hz, 32 bits
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Core(TM) i7-10610U CPU @ 1.80GHz, 2304.35 MHz, 06-8e-0c
> cpu0: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,SSSE3,CX16,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,RDRAND,NXE,RDTSCP,LONG,LAHF,ABM,3DNOWP,ITSC,FSGSBASE,AVX2,INVPCID,RDSEED,CLFLUSHOPT,MD_CLEAR,L1DF
> cpu0: 256KB 64b/line 8-way L2 cache
> cpu0: smt 0, core 0, package 0
> mtrr: CPU supports MTRRs but not enabled by BIOS
> cpu0: apic clock running at 1000MHz
> cpu1 at mainbus0: apid 1 (application processor)
> cpu1: Intel(R) Core(TM) i7-10610U CPU @ 1.80GHz, 2304.08 MHz, 06-8e-0c
> cpu1: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,SSSE3,CX16,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,RDRAND,NXE,RDTSCP,LONG,LAHF,ABM,3DNOWP,ITSC,FSGSBASE,AVX2,INVPCID,RDSEED,CLFLUSHOPT,MD_CLEAR,L1DF
> cpu1: 256KB 64b/line 8-way L2 cache
> cpu1: smt 0, core 1, package 0
> ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins, remapped
> acpihpet0 at acpi0: 14318179 Hz
> acpimcfg0 at acpi0
> acpimcfg0: addr 0xdc00, bus 0-63
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001
> acpicmos0 at acpi0
> acpibat0 at acpi0: BAT0 model "1" serial 0 type VBOX oem "innotek"
> acpiac0 at acpi0: AC unit online
> acpicpu0 at acpi0: C1(@1 halt!)
> acpicpu1 at acpi0: C1(@1 halt!)
> acpivideo0 at acpi0: GFX0
> pci0 at mainbus0 bus 0
> vga1 at pci0 dev 2 function 0 "VMware SVGA II" rev 0x00
> wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> em0 at pci0 dev 3 function 0 "Intel 82540EM" rev 0x02: apic 2 int 19,
> address 08:00:27:bd:cb:77
> "InnoTek VirtualBox Guest Service" rev 0x00 at pci0 dev 4 function 0
> not configured
> auich0 at pci0 dev 5 function 0 "Intel 82801AA AC97" rev 0x01: apic 2
> int 21, ICH
> ac97: codec id 0x83847600 (SigmaTel STAC9700)
> audio0 at auich0
> piixpm0 at pci0 dev 7 function 0 "Intel 82371AB Power" rev 0x08: apic 2 int 23
> iic0 at piixpm0
> pcib0 at pci0 dev 31 function 0 "Intel 82801GBM LPC" rev 0x02
> pciide0 at pci0 dev 31 function 1 "Intel 82371AB IDE" rev 0x01: DMA,
> channel 0 configured to compatibility, channel 1 configured to
> compatibility
> wd0 at pciide0 channel 0 drive 0: 
> wd0: 128-sector PIO, LBA48, 131072MB, 268435456 sectors
> wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
> atapiscsi0 at pciide0 channel 1 drive 0
> scsibus1 at atapiscsi0: 2 targets
> cd0 at scsibus1 targ 0 lun 0:  removable
> cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
> ohci0 at pci0 dev 31 function 4 "Apple Intrepid USB" rev 0x00: apic 2
> int 23, version 1.0
> isa0 at pcib0
> isadma0 at isa0
> pckbc0 at isa0 port 0x60/5 irq 1 irq 12
> pckbd0 at pckbc0 (kbd slot)
> wskbd0 at pckbd0: console keyboard, using wsdisplay0
> pms0 at pckbc0 (aux slot)
> wsmouse0 at pms0 mux 0
> pcppi0 at isa0 port 0x61
> spkr0 at pcppi0
> usb0 at ohci0: USB r

6.9 Current amd64 xfce seems to freeze and not respond to mouse clicks or keystrokes

2021-04-09 Thread Tom Smyth
Hello

6.9 Current  amd64 xfce seems to freeze and not respond to  mouse
clicks  or keystrokes.  I cant seem to change windows or enter text on
the X terminal


im running OpenBSD on an Oracle Virtualbox VM

however  +   does work and im able to restart the x
session using the console

rcctl restart xenodm

Ill try FVWM to see is it an  X11 issue or an issue with xfce

just raising it incase someone else has noticed this issue

dmesg below

OpenBSD 6.9 (GENERIC.MP) #458: Fri Apr  9 01:05:30 MDT 2021
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8573091840 (8175MB)
avail mem = 8297865216 (7913MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xe1000 (10 entries)
bios0: vendor innotek GmbH version "VirtualBox" date 12/01/2006
bios0: innotek GmbH VirtualBox
acpi0 at bios0: ACPI 4.0
acpi0: sleep states S0 S5
acpi0: tables DSDT FACP APIC HPET MCFG SSDT
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i7-10610U CPU @ 1.80GHz, 2304.35 MHz, 06-8e-0c
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,SSSE3,CX16,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,RDRAND,NXE,RDTSCP,LONG,LAHF,ABM,3DNOWP,ITSC,FSGSBASE,AVX2,INVPCID,RDSEED,CLFLUSHOPT,MD_CLEAR,L1DF
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: CPU supports MTRRs but not enabled by BIOS
cpu0: apic clock running at 1000MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Core(TM) i7-10610U CPU @ 1.80GHz, 2304.08 MHz, 06-8e-0c
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,SSSE3,CX16,PCID,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,RDRAND,NXE,RDTSCP,LONG,LAHF,ABM,3DNOWP,ITSC,FSGSBASE,AVX2,INVPCID,RDSEED,CLFLUSHOPT,MD_CLEAR,L1DF
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins, remapped
acpihpet0 at acpi0: 14318179 Hz
acpimcfg0 at acpi0
acpimcfg0: addr 0xdc00, bus 0-63
acpiprt0 at acpi0: bus 0 (PCI0)
acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001
acpicmos0 at acpi0
acpibat0 at acpi0: BAT0 model "1" serial 0 type VBOX oem "innotek"
acpiac0 at acpi0: AC unit online
acpicpu0 at acpi0: C1(@1 halt!)
acpicpu1 at acpi0: C1(@1 halt!)
acpivideo0 at acpi0: GFX0
pci0 at mainbus0 bus 0
vga1 at pci0 dev 2 function 0 "VMware SVGA II" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
em0 at pci0 dev 3 function 0 "Intel 82540EM" rev 0x02: apic 2 int 19,
address 08:00:27:bd:cb:77
"InnoTek VirtualBox Guest Service" rev 0x00 at pci0 dev 4 function 0
not configured
auich0 at pci0 dev 5 function 0 "Intel 82801AA AC97" rev 0x01: apic 2
int 21, ICH
ac97: codec id 0x83847600 (SigmaTel STAC9700)
audio0 at auich0
piixpm0 at pci0 dev 7 function 0 "Intel 82371AB Power" rev 0x08: apic 2 int 23
iic0 at piixpm0
pcib0 at pci0 dev 31 function 0 "Intel 82801GBM LPC" rev 0x02
pciide0 at pci0 dev 31 function 1 "Intel 82371AB IDE" rev 0x01: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 128-sector PIO, LBA48, 131072MB, 268435456 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
atapiscsi0 at pciide0 channel 1 drive 0
scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0:  removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
ohci0 at pci0 dev 31 function 4 "Apple Intrepid USB" rev 0x00: apic 2
int 23, version 1.0
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
usb0 at ohci0: USB revision 1.0
uhub0 at usb0 configuration 1 interface 0 "Apple OHCI root hub" rev
1.00/1.00 addr 1
uhidev0 at uhub0 port 1 configuration 1 interface 0 "VirtualBox USB
Tablet" rev 1.10/1.00 addr 2
uhidev0: iclass 3/0
ums0 at uhidev0: 5 buttons, Z and W dir
wsmouse1 at ums0 mux 0
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
root on wd0a (619d721c1c3c871d.a) swap on wd0b dump on wd0b



Re: Does intel(4) support Iris Xe Graphics?

2021-04-07 Thread Tom Smyth
Hi Jonathan,
sorry missed the Bug Report... with the dmesg.
I thought the linux  dnmesg  where the hardware was working  would
have been useful if there was an issue with the hardware detection.
I suggested trying 6.8 incase there was a bug introduced in current
and would give a baseline...
suggested current  as the bug might already be fixed in current as
opposed to release ...


On Wed, 7 Apr 2021 at 11:56, Jonathan Gray  wrote:
>
> On Wed, Apr 07, 2021 at 11:34:54AM +0100, Tom Smyth wrote:
> > Try Current and 6.8  and see if you get a different result in each..
> > dmesgs are key for getting help on this type of query ...
>
> There is a snapshot dmesg in the bug report.  I don't see a benefit to
> 6.8 or linux dmesgs.



-- 
Kindest regards,
Tom Smyth.



Re: Does intel(4) support Iris Xe Graphics?

2021-04-07 Thread Tom Smyth
Try Current and 6.8  and see if you get a different result in each..
dmesgs are key for getting help on this type of query ...

On Wed, 7 Apr 2021 at 11:33, Tom Smyth  wrote:
>
> Hi Michel,
> if you send the dmesg  from OpenBSD when it is installed and Ubuntu
> it would help alot
> see the hardware that your box is running (and the hardware as
> detected by OpenBSD / Ubuntu
>
>
> On Wed, 7 Apr 2021 at 05:21, Michel von Behr  wrote:
> >
> > Thank you for the reply, Jonathan - FWIW I was able to run Ubuntu on the
> > machine just now. I still would like to try and install OpenBSD, if anyone
> > can help me diagnose/fix the problem I’m willing to try.
> >
> > Regards,
> >
> > Michel
> >
> > On Wed, 7 Apr 2021 at 2:33 AM Jonathan Gray  wrote:
> >
> > > On Tue, Apr 06, 2021 at 11:09:07AM +0400, Michel von Behr wrote:
> > > > Hi - (not a dev, just trying to use OpenBSD snapshot) whenever I try to
> > > > launch Xorg, either via xenodm or startx, I'm getting a kernel panic,
> > > > like "pool_do_get:
> > > > drmobj : page empty" (I already sent an e-mail [1] to b...@openbsd.org
> > > with
> > > > dmesg and all).
> > >
> > > The pool should already be initialised via
> > > i915_global_objects_init()
> > > i915_globals_init()
> > > inteldrm_attachhook()
> > >
> > > >
> > > > I'm wondering if the problem could be with my video card, Intel Iris Xe?
> > > > Even though dmesg shows that is was detected and should (?) be working.
> > > But
> > > > I can't find a reason why my laptop would not run Xorg.
> > > >
> > > > inteldrm0 at pci0 dev 2 function 0 "Intel Xe Graphics" rev 0x01
> > > > drm0 at inteldrm0
> > > > inteldrm0: msi, TIGERLAKE, gen 12
> > > >
> > >
> > > jcs@ has/had a tiger lake machine which could run Xorg with the
> > > linux 5.7 based drm in -current.  I'm not sure what is different here.
> > >
> > > >
> > > > Any pointing to the right direction would be appreciated. (If this
> > > problem
> > > > relates to Xorg specifically and not to OpenBSD please let me know).
> > > >
> > > > [1] https://marc.info/?l=openbsd-bugs=161754767328009=2
> > > >
> > > > Regards,
> > > >
> > > > Michel
> > > >
> > >
>
>
>
> --
> Kindest regards,
> Tom Smyth.



-- 
Kindest regards,
Tom Smyth.



Re: Does intel(4) support Iris Xe Graphics?

2021-04-07 Thread Tom Smyth
Hi Michel,
if you send the dmesg  from OpenBSD when it is installed and Ubuntu
it would help alot
see the hardware that your box is running (and the hardware as
detected by OpenBSD / Ubuntu


On Wed, 7 Apr 2021 at 05:21, Michel von Behr  wrote:
>
> Thank you for the reply, Jonathan - FWIW I was able to run Ubuntu on the
> machine just now. I still would like to try and install OpenBSD, if anyone
> can help me diagnose/fix the problem I’m willing to try.
>
> Regards,
>
> Michel
>
> On Wed, 7 Apr 2021 at 2:33 AM Jonathan Gray  wrote:
>
> > On Tue, Apr 06, 2021 at 11:09:07AM +0400, Michel von Behr wrote:
> > > Hi - (not a dev, just trying to use OpenBSD snapshot) whenever I try to
> > > launch Xorg, either via xenodm or startx, I'm getting a kernel panic,
> > > like "pool_do_get:
> > > drmobj : page empty" (I already sent an e-mail [1] to b...@openbsd.org
> > with
> > > dmesg and all).
> >
> > The pool should already be initialised via
> > i915_global_objects_init()
> > i915_globals_init()
> > inteldrm_attachhook()
> >
> > >
> > > I'm wondering if the problem could be with my video card, Intel Iris Xe?
> > > Even though dmesg shows that is was detected and should (?) be working.
> > But
> > > I can't find a reason why my laptop would not run Xorg.
> > >
> > > inteldrm0 at pci0 dev 2 function 0 "Intel Xe Graphics" rev 0x01
> > > drm0 at inteldrm0
> > > inteldrm0: msi, TIGERLAKE, gen 12
> > >
> >
> > jcs@ has/had a tiger lake machine which could run Xorg with the
> > linux 5.7 based drm in -current.  I'm not sure what is different here.
> >
> > >
> > > Any pointing to the right direction would be appreciated. (If this
> > problem
> > > relates to Xorg specifically and not to OpenBSD please let me know).
> > >
> > > [1] https://marc.info/?l=openbsd-bugs=161754767328009=2
> > >
> > > Regards,
> > >
> > > Michel
> > >
> >



-- 
Kindest regards,
Tom Smyth.



Re: sndiod on by default (does it need to be ? )

2021-02-21 Thread Tom Smyth
Thanks Stuart, appreciate your time on this,   and explanation of
the sndiod design

it was a case of I dont understand, dont use so I just disable.
and then I proceeded to ask out of turn shouldn't everyone else disable because
I dont understand or use it my self :/

Re attack surface / risk of other software that I use on top of OpenBSD
 I couldn't agree more with you

Thanks again..

On Sun, 21 Feb 2021 at 18:42, Stuart Henderson  wrote:
>
> On 2021-02-21, Tom Smyth  wrote:
> > my thinking is by having the service off by default would reduce the
> > default attack surface of the OS ?
>
> The attack surface is tiny.
>
> sndiod has a pair of processes each run as their own dedicated uid, one
> in a chroot jail containing no files and pledged to not allow access to
> read/write files anyway, the other (which needs to access audio-related
> nodes in /dev) using unveil to restrict itself to only the necessary
> ones. The pledges are very restrictive. No network access unless you use
> -L to enable the network server.
>
> I don't honestly think it's worth going to the trouble of disabling.
> Look at the other software you run which isn't enabled in OpenBSD by
> default - that's where your attack surface is ;)
>
>


-- 
Kindest regards,
Tom Smyth.



Re: sndiod on by default (does it need to be ? )

2021-02-21 Thread Tom Smyth
Hi folks,
thanks for everyone who replied on and off list,
I had not considered the console only user who uses audio also...
(I had not even considered this  so pardon my ignorance folks,
and thanks to Sebastian, Abel, and David for replying on and off list

I guess Ill just add rcctl disable sndiod to my deploy ment scripts
for my use cases :)

Thanks again to all who considered it

:)



On Sun, 21 Feb 2021 at 14:28, Tom Smyth  wrote:
>
> Hi Sebastian
> I get users want to listen to audio but if the only hardware is a buzzer and 
> the user is not running x what are the chances they are using audio on the 
> console only ?
>
> I can keep running
> rcctl disable sndiod
> Post install
>
> I thought linking audio support on by default to x would make sense as it is 
> likely such system is for users who may need audio
>
> Just a thought
> Thanks
>
>
> On Sunday, 21 February 2021, Sebastian Benoit  wrote:
>>
>> Tom Smyth(tom.sm...@wirelessconnect.eu) on 2021.02.21 04:08:48 +:
>> > Hello,
>> >
>> > I was wondering should sndiod (default) startup be determined based on
>> > whether or not
>> > it the install is a typical headless install (off) or  an install for
>> > a user machine with  running X
>> >
>> > is there a reason why one would need to run this daemon by default?
>>
>> Because users want to listen to audio.
>>
>> > my thinking is by having the service off by default would reduce the
>> > default attack surface of the OS ?
>>
>> How big is that attack surface? And especially compared to X?
>>
>> > perhaps the installer could use the answer to the question do you
>> > intend to run X   to determine whether or not to enable the sndiod
>> > daemon ?
>>
>> The difference is that a running sndiod is not noticable to you. Running X
>> is - you dont have a console anymore on your screen.
>>
>> Whereas a not running sndiod is noticable - no sound.
>>
>> Next to security, we try to make it easy for people to use OpenBSD. Not
>> asking questions when not needed is just that.
>>
>> /Benno
>
>
>
> --
> Kindest regards,
> Tom Smyth.



--
Kindest regards,
Tom Smyth.



Re: sndiod on by default (does it need to be ? )

2021-02-21 Thread Tom Smyth
Hi Sebastian
I get users want to listen to audio but if the only hardware is a buzzer
and the user is not running x what are the chances they are using audio on
the console only ?

I can keep running
rcctl disable sndiod
Post install

I thought linking audio support on by default to x would make sense as it
is likely such system is for users who may need audio

Just a thought
Thanks


On Sunday, 21 February 2021, Sebastian Benoit  wrote:

> Tom Smyth(tom.sm...@wirelessconnect.eu) on 2021.02.21 04:08:48 +:
> > Hello,
> >
> > I was wondering should sndiod (default) startup be determined based on
> > whether or not
> > it the install is a typical headless install (off) or  an install for
> > a user machine with  running X
> >
> > is there a reason why one would need to run this daemon by default?
>
> Because users want to listen to audio.
>
> > my thinking is by having the service off by default would reduce the
> > default attack surface of the OS ?
>
> How big is that attack surface? And especially compared to X?
>
> > perhaps the installer could use the answer to the question do you
> > intend to run X   to determine whether or not to enable the sndiod
> > daemon ?
>
> The difference is that a running sndiod is not noticable to you. Running X
> is - you dont have a console anymore on your screen.
>
> Whereas a not running sndiod is noticable - no sound.
>
> Next to security, we try to make it easy for people to use OpenBSD. Not
> asking questions when not needed is just that.
>
> /Benno
>


-- 
Kindest regards,
Tom Smyth.


sndiod on by default (does it need to be ? )

2021-02-20 Thread Tom Smyth
Hello,

I was wondering should sndiod (default) startup be determined based on
whether or not
it the install is a typical headless install (off) or  an install for
a user machine with  running X

is there a reason why one would need to run this daemon by default?

my thinking is by having the service off by default would reduce the
default attack surface of the OS ?

perhaps the installer could use the answer to the question do you
intend to run X   to determine whether or not to enable the sndiod
daemon ?

I hope this helps

-- 
Kindest regards,
Tom Smyth.



Re: bsd.rd ok , bsd explodes, trying to get traces

2021-02-09 Thread Tom Smyth
Hey Sven,

sorry just wondering have you tried running an alternate OS  and or memtest
x86 to see if the computer CPU memory is behaving its self  ?

also if it is an intel raid controller it usually has about 3 differentnt
settings (and alters the controllers firmware to present different
hardware   to the os

(legacy--->raid--> AHCI -->Enhanced)
Hope this helps


On Tue, 9 Feb 2021 at 20:56, Sven F.  wrote:

> Dear readers,
>
> I found a computer which behaves oddly.
> Only EFI boot is supported, I usually go the MBR way.
> The bios looks like a classic AMibios Intel stuff.
> The cpu is intel and there's an intel HD5500 graphic card
> ( trying to extract proper dmesg fails so far )
>
> When booting 6.8 basic amd64 installation the video
> signal is completely lost and network too ( suspect crash )
>
> I tried to `set  db_console 1` and change video mode
> with machine video before booting, and entering
> `boot dump` blindly ( video off )
> but after rebooting in bsd.rd /var/ has no dmesg.anything
> or some log
>
> I think the last line of boot i see is 'softraid0'
>
> There's probably a few tricks I should try to get the actual
> message, I will do my best to extract the (bsd.rd) dmesg now and post it as
> a reply ( and try boot current )
>
> Is there some boot option i can use or something i can do
> to extract the errors ? ( i do not see com ports anywhere either )
>
> Thank you for reading.
> --
> --
>
> -
> Knowing is not enough; we must apply. Willing is not enough; we must do
>
>

-- 
Kindest regards,
Tom Smyth.


Re: NIC Port L2 Switching capability

2021-01-25 Thread Tom Smyth
Hi Kaya

you need to create   a bridge interface and add the  interfaces you want to
switch packets between into the bridge,

man bridge
man switch
man ifconfig
will give you the information you need,


trunk is a bonding / team  / fail over interface and not for switching

because you are using a virtualisation platform you need to be wary of
hypervisor / virtualisation network stack  Security features / hacks /
shortcuts
some hypervisors filter traffic comming from a vm which has a different
source mac to the mac assigned to the vm network card  by the hyper-visor
and somehypervispors will only switch traffic to a vm if the destination
mac is the same as the mac of the virtual machine network card

all the best



On Mon, 25 Jan 2021 at 22:06, Kaya Saman  wrote:

> Hi,
>
>
> I'm wondering if it's possible to get OpenBSD to make the NIC ports act
> like a layer 2 switch?
>
>
> I made a quick test in VirtualBox (unfortunately I don't have any bare
> bones systems free to test with) and tried the following:
>
>
> create two systems, one called router , the other called client
>
>
> create vlans: vlan1, vlan2, vlan3
>
>
> create trunk interfaces on 3x virtual NIC's: trunk0 (em0), trunk1 (em1),
> trunk2 (em2)
>
>
> I then added the vlans to trunk0 by setting the vlandev to trunk0 in the
> hostname.if files.
>
>
> Of course a basic router-on-a-stick method like the above works fine but
> if I wanted the 3 vlans to also be on the trunk1 interface in a similar
> way to provisioning an L2 switch how would I go about it?
>
>
> I attempted to bridge trunk0 and trunk1. The result I got was that dhcp
> worked and the client was able to get an IPv4 address, I also had
> multicast traffic working when dynamically sending the client routes
> through OpenOSPF, as in I could see OSPFv2-hello and OSPFv2-dd packets
> being sent to 224.0.0.5 .
>
> What didn't work was ICMP packets were not being seen on the router
> systems NIC when I tried to use the ping command and in addition the
> OSPF routes would not propagate either.
>
> If I changed the virtual configuration back to trunk0 then everything
> worked as expected. It may just be a limitation of Vbox?
>
>
> In the meantime I have been looking at the docs:
>
> https://www.openbsd.org/papers/bsdcan2016-switchd.pdf
>
> https://man.openbsd.org/switch
>
>
> for the switch interface but is this really what I need here?
>
>
> Has anyone tried and succeeded with this kind of config?
>
>
> My main reason for wanting to use something like this is that I want to
> add a 10GbE NIC and switch into my production router platform while
> still keeping the same setup going to the 1GbE switch which is running
> in a 4-port LACP trunk.
>
>
>
> Of course an alternate would be to link the 1GbE switch to the 10GbE
> switch and do things that way, but the above would be more practical
> from a cabling sense.
>
>
>
> Has anyone got any ideas?
>
>
> Thanks a lot!
>
>
> Kaya
>
>
>
>

-- 
Kindest regards,
Tom Smyth.


Re: Fw: ospf question

2021-01-08 Thread Tom Smyth
Hello Mark
you need to give more detail on the IP address types are you using  b
roadcast networks or point to point / tunnel type addresses
are you seeing anything in
also can you be certain your hypervisor switches (real switches in the
datacentre
allow for vm -vm communication and dont filter  certain types of traffic (OSPF)

/var/log/messages when you run the daemons,
 are you allowing ip protocol 89 (OSPF) on your PF rules on boxes running pf ?
have you configured loopback ips on each router  (on a separate
loopback interface)
 on each open BSD Router  (so as not to have  127.0.0.0/8 routes advertised
have you confirmed you dont have a network conflict 2 routers with the
same ip range
 on interfaces that are not connected ..

you can start ospfd with -df  switches to see if there are any
warnings / messages
that might hint what is up and running

only other high level things I can thing of
is check your neighbour adjacencies are they forming, and focus where
they are not forming
and usual things for OSPF adjacencies not forming
MTU of interfaces not matching between neighbours
Authentication key
authentication type
authentication key id  usually = 1
switch between routers with a smaller MTU / L2MTU than what the
neighbour routers
have configured on their interfaces

if ospf neighbours are forming are you learning any routes..  avoid
static default
routes they are the spawn of satan and you can run into issues
learning and propagating
default routes otherwise ...

Peace out and Happy new year




On Fri, 8 Jan 2021 at 23:08, Mark  wrote:
>
> I'll try this message one more time.
>
> I have a question regarding the use of ospf with OpenBSD 6.8.
>
> > I have a network that consists of 23 OpenBSD 6.8 based routers (created, 
> > within a virtualbox environment on a GNU/Linux server, to match the 
> > physical network I manage - the only different being that the physical 
> > network consists of FreeBSD based routers rather than OpenBSD ones). I set 
> > this up after have replaced a FreeBSD based router with an OpenBSD based 
> > one in the real network and immediately experiencing an issue accessing 
> > parts of the network.
> >
> > Within my setup there is one router (router22) that is six hops away from 
> > the designated default gateway (which I'll call the firewall) and there are 
> > two paths (going different ways around the network) to get to it. I am able 
> > to run a traceroute to router22, but am not able to ping it or ssh onto it. 
> > If I ssh to the router connected to the firewall then I can ping and ssh to 
> > router22 (at that point it's only 5 hops away). If I reboot any router that 
> > lies within the path to router22 then I am subsequently able to ping and 
> > ssh router22 from the firewall.
> >
> > I have also subsequently duplicated the entire network again using FreeBSD 
> > 12.2 and the problem does not occur, so as far as I can see it's just an 
> > OpenBSD ospf issue.
> >
> > I first set this up after replacing a FreeBSD based router with an OpenBSD 
> > based one and experiencing another strange issue. In this instance the 
> > shortest path from my server network (accessible from router01) to 
> > router08, router11 and router12 was router01 <-> router13 <-> router21 <-> 
> > router08 <-> router11 <-> router12, when I put the OpenBSD router in as 
> > router13 I could no longer ping router08, router11 or router12 (though I 
> > could still ping router21). If I connected to a router in a different part 
> > of the network I was able to ping each of the inaccessible ones, so it was 
> > only when the OpenBSD based router was along the shortest path the issue 
> > manifested itself.
> >
> > Is anyone aware of incompatibilities between the OSPF implementation within 
> > OpenBSD and that provided by quagga on FreeBSD? Or of any limitations of 
> > OSPF on OpenBSD?
> >
> > In each setup I have the same hello and dead interval and have md5 crypt 
> > authentication in place on each link between routers. Each router is in 
> > area 0.0.0.0.
> >
> > regards,
> > Mark



-- 
Kindest regards,
Tom Smyth.



Re: Internal Microphone on Thinkpad X1 Carbon 7th gen not working

2020-12-04 Thread Tom Smyth
tel", unknown product 0x7360 (class wireless unknown subclass
> 0x40, rev 0x01) at pci1 dev 0 function 0 not configured
> ppb1 at pci0 dev 29 function 0 "Intel 300 Series PCIE" rev 0xf1: msi
> pci2 at ppb1 bus 3
> nvme0 at pci2 dev 0 function 0 "SanDisk WD Black NVMe" rev 0x00: msix,
> NVMe 1.3
> nvme0: WDC PC SN730 SDBQNTY-1T00-1001, firmware 11130101, serial
> 1951E5485614
> scsibus1 at nvme0: 2 targets, initiator 0
> sd0 at scsibus1 targ 1 lun 0: 
> sd0: 976762MB, 512 bytes/sector, 2000409264 sectors
> ppb2 at pci0 dev 29 function 4 "Intel 300 Series PCIE" rev 0xf1: msi
> pci3 at ppb2 bus 5
> ppb3 at pci3 dev 0 function 0 "Intel JHL6540 Thunderbolt" rev 0x02
> pci4 at ppb3 bus 6
> ppb4 at pci4 dev 0 function 0 "Intel JHL6540 Thunderbolt" rev 0x02: msi
> pci5 at ppb4 bus 7
> "Intel JHL6540 Thunderbolt" rev 0x02 at pci5 dev 0 function 0 not
> configured
> ppb5 at pci4 dev 1 function 0 "Intel JHL6540 Thunderbolt" rev 0x02: msi
> pci6 at ppb5 bus 8
> ppb6 at pci4 dev 2 function 0 "Intel JHL6540 Thunderbolt" rev 0x02: msi
> pci7 at ppb6 bus 45
> xhci1 at pci7 dev 0 function 0 "Intel JHL6540 Thunderbolt" rev 0x02: msi,
> xHCI 1.10
> usb1 at xhci1: USB revision 3.0
> uhub1 at usb1 configuration 1 interface 0 "Intel xHCI root hub" rev
> 3.00/1.00 addr 1
> ppb7 at pci4 dev 4 function 0 "Intel JHL6540 Thunderbolt" rev 0x02: msi
> pci8 at ppb7 bus 46
> pcib0 at pci0 dev 31 function 0 "Intel 300 Series LPC" rev 0x11
> azalia0 at pci0 dev 31 function 3 "Intel 300 Series HD Audio" rev 0x11: msi
> azalia0: codecs: Realtek ALC285, Intel/0x280b, using Realtek ALC285
> audio0 at azalia0
> ichiic0 at pci0 dev 31 function 4 "Intel 300 Series SMBus" rev 0x11: apic
> 2 int 16
> iic0 at ichiic0
> ichiic0: abort failed, status 0x41
> "Intel 300 Series SPI" rev 0x11 at pci0 dev 31 function 5 not configured
> em0 at pci0 dev 31 function 6 "Intel I219-V" rev 0x11: msi, address
> f8:75:a4:c8:62:06
> isa0 at pcib0
> isadma0 at isa0
> pckbc0 at isa0 port 0x60/5 irq 1 irq 12
> pckbd0 at pckbc0 (kbd slot)
> wskbd0 at pckbd0: console keyboard
> pms0 at pckbc0 (aux slot)
> wsmouse0 at pms0 mux 0
> pcppi0 at isa0 port 0x61
> spkr0 at pcppi0
> vmm0 at mainbus0: VMX/EPT
> efifb at mainbus0 not configured
> uhidev0 at uhub0 port 3 configuration 1 interface 0 "Yubico YubiKey
> OTP+FIDO+CCID" rev 2.00/5.26 addr 2
> uhidev0: iclass 3/1
> ukbd0 at uhidev0: 8 variable keys, 6 key codes
> wskbd1 at ukbd0 mux 1
> uhidev1 at uhub0 port 3 configuration 1 interface 1 "Yubico YubiKey
> OTP+FIDO+CCID" rev 2.00/5.26 addr 2
> uhidev1: iclass 3/0
> fido0 at uhidev1: input=64, output=64, feature=0
> ugen0 at uhub0 port 3 configuration 1 "Yubico YubiKey OTP+FIDO+CCID" rev
> 2.00/5.26 addr 2
> uvideo0 at uhub0 port 8 configuration 1 interface 0 "Azurewave Integrated
> Camera" rev 2.01/69.05 addr 3
> video0 at uvideo0
> uvideo1 at uhub0 port 8 configuration 1 interface 2 "Azurewave Integrated
> Camera" rev 2.01/69.05 addr 3
> video1 at uvideo1
> vscsi0 at root
> scsibus2 at vscsi0: 256 targets
> softraid0 at root
> scsibus3 at softraid0: 256 targets
> sd1 at scsibus3 targ 1 lun 0: 
> sd1: 976761MB, 512 bytes/sector, 2000407649 sectors
> root on sd1a (69b037e186d738a3.a) swap on sd1b dump on sd1b
> inteldrm0: 3840x2160, 32bpp
> wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation), using wskbd0
> wskbd1: connecting to wsdisplay0
> wsdisplay0: screen 1-5 added (std, vt100 emulation)
> iwm0: hw rev 0x310, fw ver 34.3125811985.0, address f8:e4:e3:30:0a:07
>
>

-- 
Kindest regards,
Tom Smyth.


Re: Fwd: PayPal pool for developer M1 Mac mini for OpenBSD port

2020-12-03 Thread Tom Smyth
Clearly I missed Patriks Email ...  earlier.. :/ sorry folks

+1 if experienced Devs are working on it...  it will happen
Best of luck to the people working on  getting it working ... cant be easy
without all the docs ...

Thanks

On Thu, 3 Dec 2020 at 22:39, Tom Smyth  wrote:

> Hi Jeff,
>
> as far as Im aware... if you donate to the project  they will source
> hardware as the project sees fit..
> if there is an M1 in want.html (where a developer is looking for one to
> make an initial POC before the project considers it viable to spend
> resources...
> it I would be happy to contribute...  for that purpose ..
>
> I dont think anyone has anything specific against apple. per sya..
>  there are objections to proprietary firmware...   and binary blobs...
> and this makes development of OpenSource Systems even harder than it
> already is...
>
> but yes tthe M1 looks awesome it will be interesting to see if  they open
> it up (a little) ...  but it is an arm chip ... so perhaps testing and
> providing
> open  arm hardware would help the project more...  check out want.html
>
> all of these are my own observations as a user over the years  and im not
> a developer in OpenBSD
>
> Thanks
> Tom SMyth
>
>
>
>
>
> On Thu, 3 Dec 2020 at 22:11, Jeff Joshua Rollin 
> wrote:
>
>>
>>
>>
>>  Forwarded Message 
>> Subject:Fwd: PayPal pool for developer M1 Mac mini for OpenBSD
>> port
>> Date:   Thu, 3 Dec 2020 21:56:51 +
>> From:   Jeff Joshua Rollin 
>>
>>
>>
>>
>>
>> Oops, forgot to reply to the list. Sorry for the duplicate, Mihai.
>>
>>
>> On 03/12/2020 01:18, Mihai Popescu wrote:
>> > I have only good wishes for the project, but I still don't get one
>> thing:
>> > why do some people start to behave oddly whenever Apple comes into
>> > discussion.
>> > They are doing a proprietary thing, closed as hell, no documentation
>> > and so
>> > on. Why is this impulse to write code for such a thing. Just asking ...
>>
>> Apple make great products. My iMac, which is nearly ten years old, runs
>> without problems even today (try that with Windows). iPads and iPhones
>> have much better lifetimes than Android devices - we'll see if the
>> increasing number of devices running "real Linux" make a dent in the
>> market, but either way there are AFAIK no phones using any of the BSDs
>> (unless you count macOS/iOS, which for these purposes I don't) anyway.
>>
>> Other than the fact that the platform is proprietary, the only other
>> thing that annoys me about Macs, and always has, is their half-arsed
>> attempt at a British keyboard, which unless it's changed since my iMac
>> was manufactured still puts @ and " in the wrong places for Brits -
>> exactly the opposite places on a US keyboard. (Even Commodore, infamous
>> in its day for reliability problems and which bought the Amiga company
>> in what no less august an institution than Amiga Format magazine called
>> "a rare fit of insight," managed that one.) Fortunately, if you also use
>> Linux/UNIX, the problem of switching between keyboards with @ and " in
>> 'the wrong place' is easily solved for X11 by selecting a Mac UK
>> keyboard in the software settings even on a PC. (They did stubbornly
>> stick with that crap butterfly keyboard for four years, for reasons
>> presumably best known to themselves, but luckily that era also seems to
>> be over, and I didn't bother buying one during that time, for that and
>> other reasons.)
>>
>> As for the proprietaryness, other than the fact that it's a nice new
>> hardware architecture as other people have mentioned, pretty much every
>> other architecture OpenBSD, NetBSD and Linux has ever run on (Amiga, Sun
>> and VAX, for example) is/was proprietary. And that's without considering
>> the closed peripherals (without which OpenBSD wouldn't have to eschew
>> NDAs) or the BMC on a Wintel - heaven knows what that thing really gets
>> up to.
>>
>> My £0.02
>>
>> Jeff.
>>
>>
>
> --
> Kindest regards,
> Tom Smyth.
>


-- 
Kindest regards,
Tom Smyth.


Re: PayPal pool for developer M1 Mac mini for OpenBSD port

2020-12-03 Thread Tom Smyth
Thanks Patrik,  Marcan, and Theo...

Interesting project...  OpenBSD on the M1 :) ...  best of luck with it



On Thu, 3 Dec 2020 at 22:11, Patrick Wildt  wrote:

> This really has shown how much interest there is in having OpenBSD
> running on those machines.  Still, we would all not be here without
> the OpenBSD project itself.  Not being able to host hackathons due to
> COVID-19 leaves an impact, and I hope that soon(TM) we'll be able to
> get back together to shut up and hack.
>
> I'm sure you all love using OpenBSD and hacking on OpenBSD as much as I
> do, so to help OpenBSD run infrastructure, organize hackathons and to
> flourish even more, please consider donating!
>
> https://www.openbsdfoundation.org/donations.html
> https://www.openbsd.org/donations.html
>
> Also a shoutout to marcan, who'll be doing a lot of reverse engineering
> on the M1.  He's pretty good, and I'm supporting his project by being a
> patron.  I'm looking forward to his work, because of all the people out
> there who can do it, he's definitely one of them.
>
> https://www.patreon.com/marcan
>
> Patrick
>
> Am Thu, Dec 03, 2020 at 02:33:34PM -0700 schrieb Ben Goren:
> > Oh, wow — it hasn’t even been a full day since I sent this out...and
> already enough of you have chipped in enough to buy not just a single M1
> system for Patrick, but also a second one for his partner in crime, Mark
> Kettenis.
> >
> > Thank you to all! This show of generosity and support and excitement is
> most welcome. (And, frankly, a bit overwhelming.)
> >
> > If anybody reading this still wishes to donate to the cause, despite the
> immediate needs being met, the money will be put to good use. There are
> other developers who will eventually need their own hardware, and there are
> always other sorts of expenses related to development. Feel free to chip in
> at Patrick’s original link:
> >
> > https://www.paypal.com/pools/c/8uPSkfNJMp
> >
> > ...or, of course, to the OpenBSD general fund (which can *ALWAYS* use
> donations):
> >
> > https://www.openbsd.org/donations.html
> >
> > Thanks again, everybody!
> >
> > b&
> >
> > > On Dec 2, 2020, at 2:59 PM, Ben Goren  wrote:
> > > Greetings, all!
> > >
> > > Patrick Wildt has set up a PayPal pool to raise funds to purchase an
> M1 Mac mini so he can start porting OpenBSD to the platform. If you’d like
> to be able to run OpenBSD on an M1 system, now would be a great time to
> throw some pennies his way.
> > >
> > > The donation link: https://paypal.me/pools/c/8uPSkfNJMp
> > >
> > > Read below for an idea of what one might expect if we can get a
> machine into Patrick’s hands.
> > >
> > > Cheers,
> > >
> > > b&
> > >
> > > Patrick wrote:
> > >
> > >> Yes, kettenis@ and me are the two ones doing the major work on
> porting
> > >> to new devices.  Not sure if kettenis@ is interested, but I can ask
> him.
> > >> I definitely am, a Mac Mini as a dedicated machine to do stuff with
> and
> > >> not care about what is installed would really help.
> > >>
> > >> Marcan has started a crowdfunding on Patreon.  He's a really capable
> > >> person, and he'll definitely lay a lot of groundwork needed for
> porting
> > >> OpenBSD to the platform.  He apparenetly will also do his work in a
> > >> dual-licensed fashion, so the BSDs will easily profit from it.
> > >>
> > >> So, the first steps are basically to follow Marcan's work and use all
> > >> that information and code to port OpenBSD as well.
> > >>
> > >> This *will* take some time, because essentially there are only the
> > >> binary drivers, but it's doable and I think with a bit of patience
> > >> we will have OpenBSD running on the M1 as well.
> > >>
> > >> Biggest hurdle, as always, will be support for graphics acceleration.
>
>

-- 
Kindest regards,
Tom Smyth.


Re: Fwd: PayPal pool for developer M1 Mac mini for OpenBSD port

2020-12-03 Thread Tom Smyth
Hi Jeff,

as far as Im aware... if you donate to the project  they will source
hardware as the project sees fit..
if there is an M1 in want.html (where a developer is looking for one to
make an initial POC before the project considers it viable to spend
resources...
it I would be happy to contribute...  for that purpose ..

I dont think anyone has anything specific against apple. per sya..
 there are objections to proprietary firmware...   and binary blobs...
and this makes development of OpenSource Systems even harder than it
already is...

but yes tthe M1 looks awesome it will be interesting to see if  they open
it up (a little) ...  but it is an arm chip ... so perhaps testing and
providing
open  arm hardware would help the project more...  check out want.html

all of these are my own observations as a user over the years  and im not
a developer in OpenBSD

Thanks
Tom SMyth





On Thu, 3 Dec 2020 at 22:11, Jeff Joshua Rollin 
wrote:

>
>
>
>  Forwarded Message 
> Subject:Fwd: PayPal pool for developer M1 Mac mini for OpenBSD port
> Date:   Thu, 3 Dec 2020 21:56:51 +
> From:   Jeff Joshua Rollin 
>
>
>
>
>
> Oops, forgot to reply to the list. Sorry for the duplicate, Mihai.
>
>
> On 03/12/2020 01:18, Mihai Popescu wrote:
> > I have only good wishes for the project, but I still don't get one thing:
> > why do some people start to behave oddly whenever Apple comes into
> > discussion.
> > They are doing a proprietary thing, closed as hell, no documentation
> > and so
> > on. Why is this impulse to write code for such a thing. Just asking ...
>
> Apple make great products. My iMac, which is nearly ten years old, runs
> without problems even today (try that with Windows). iPads and iPhones
> have much better lifetimes than Android devices - we'll see if the
> increasing number of devices running "real Linux" make a dent in the
> market, but either way there are AFAIK no phones using any of the BSDs
> (unless you count macOS/iOS, which for these purposes I don't) anyway.
>
> Other than the fact that the platform is proprietary, the only other
> thing that annoys me about Macs, and always has, is their half-arsed
> attempt at a British keyboard, which unless it's changed since my iMac
> was manufactured still puts @ and " in the wrong places for Brits -
> exactly the opposite places on a US keyboard. (Even Commodore, infamous
> in its day for reliability problems and which bought the Amiga company
> in what no less august an institution than Amiga Format magazine called
> "a rare fit of insight," managed that one.) Fortunately, if you also use
> Linux/UNIX, the problem of switching between keyboards with @ and " in
> 'the wrong place' is easily solved for X11 by selecting a Mac UK
> keyboard in the software settings even on a PC. (They did stubbornly
> stick with that crap butterfly keyboard for four years, for reasons
> presumably best known to themselves, but luckily that era also seems to
> be over, and I didn't bother buying one during that time, for that and
> other reasons.)
>
> As for the proprietaryness, other than the fact that it's a nice new
> hardware architecture as other people have mentioned, pretty much every
> other architecture OpenBSD, NetBSD and Linux has ever run on (Amiga, Sun
> and VAX, for example) is/was proprietary. And that's without considering
> the closed peripherals (without which OpenBSD wouldn't have to eschew
> NDAs) or the BMC on a Wintel - heaven knows what that thing really gets
> up to.
>
> My £0.02
>
> Jeff.
>
>

-- 
Kindest regards,
Tom Smyth.


Re: bridge(4) Problems when running under ESXi ?

2020-11-30 Thread Tom Smyth
Hello Heinrich,
as another hack you can setup virtual switches (separate ones for any given
link between two VMs  )

eg vm1--vswitch2---vm2---vswitch3--vm4
so if you have promiscuous enabled and you only have two vms attached to
the vswitch is not so bad...
but if you have 100x vms on a port with 100mb/s of traffic then you  can
generate a lot of traffic copies to other vms...

so what you can do is run  a virtual switch per vlan and then attach
individual vms to  a dedicated vswitch per vlan (kind of like private
vlans)  it sucks wbut will work...  a
and then they can be isolated on layer 2...

and then have the switch port configured as a tagged port facing the
physical port on the server...
 and  have an OpenBSD Box as a default gateway with a separate ip on each
vlan...

that way you can avoid nat nastiness on vmware...and have decent layer2 /
Layer3 separation controlled by OpenBSD

All the Best
Tom Smyth





On Mon, 30 Nov 2020 at 18:28, Heinrich Rebehn 
wrote:

> Hello Tom,
>
> Thank you very much for your in-depth explanations.
>
> Actually enabling mac changes and forged transmits did the trick. A HUGE
> trick:
>
> While A was pinging R, I tried to look at the icmp requests and replies on
> B’s vmx1 interface. But they did not show. Neither bridge0 or vmx0 showed
> anything from or to A. I then blocked all traffic in B’s pf. A still kept
> on pinging successfully. I then shut down B. A was still happily pinging R.
> This is really scary! I intended to protect a Linux host whose firewall I
> don’t trust, but now it seems that I can trust VMware’s vmswitch even less.
>
> I also love VMware, it is fine for playing with networks, subnetting,
> IPSec etc.. but I never used virtual switches before.
>
> If there isn’t any way to firewall another host without doing NAT (both in
> the same subnet’s IP range), then I am afraid the Linux firewall will have
> to do.
>
> With kind greetings,
>
> Heinrich
>
> On 29. Nov 2020, at 23:26, Tom Smyth  wrote:
>
> Hello Heinrich,
> it is not OpenBSD  it is a Vmware issue ...
>
> virtualnets / vswitches in ESXI are not proper switches... they forward
> packets based on static mac- virtual port entries.   (they do not do proper
> mac learning)
>
> you can set the vwswitch in the networking configuration section ... there
> are 2 places  you can set it ... in the vmnet and the vswitch setup in the
> vmnet setup config  in vsphere
>
> there are 3 workarounds
>
> 1) use promiscuous mode (you can set the promiscuous setting on the
> vswitch)  you will also need to allow mac changes and forged transmits
> (from memory)
> Upside (it works) and is Free
>
> downside each vm on that vswitch receives a copy of the frames sent and
> received   ...  promiscuous makes a vhub rather than a vswitch
> so it is slower than one would like
>
> 2) there is a lab test switch (it was in vmware labs I think)  that does
> mac learning however it does not do mac aging
> upside it works and is faster than promiscuous
> downside not againg out macs is just f**king dumb ...
>
> 3) get the enterprise enterprise enterprise +  licence and they will give
> you proper mac learning on the virtual switches
>
> and that is the reason I migrated to a different Virtual machine solution
> ...
>
> I love Vmware but they are optimistic when they call their vswitches
> switches ...  they are efficeint for non forwarding workloads and I can
> understand why they do the static map by default
> but for networking  (they dont even give you LACP on their enterprise
> licence you have to go for their top line license enterprise Plus (last
> time i checked)
>
> it is a pitty because I do like Vmware and moving off it was tough as
> breaking an addiction...
>
> Hope this helps
>
> Tom Smyth
>
>
>
> On Sun, 29 Nov 2020 at 22:10, Heinrich Rebehn 
> wrote:
>
>> Unfortunately, switching to vmx(4) did *not* do the trick
>>
>> -Heinrich
>>
>>
>> > On 29. Nov 2020, at 22:38, Heinrich Rebehn 
>> wrote:
>> >
>> > Some things I forgot:
>> >
>> > All interfaces are UP
>> > pf(4) ist disabled
>> > bridge0 sees a bunch of lladdrs on em0 and one on em1, which is that of
>> “A”
>> >
>> > -Heinrich
>> >
>> >
>> >> On 29. Nov 2020, at 22:29, Heinrich Rebehn > <mailto:heinrich.reb...@rebehn.net>> wrote:
>> >>
>> >> Hi all,
>> >>
>> >> I am trying to setup an OpenBSD 6.7 virtual machine under VMware ESXi
>> 6.7 to use as a filtering bridge between two virtual networks. I enabled
>> promiscuous mode for both virtual switches.
>> >> One network is the VMnet network, which 

Re: bridge(4) Problems when running under ESXi ?

2020-11-29 Thread Tom Smyth
Hello Heinrich,
it is not OpenBSD  it is a Vmware issue ...

virtualnets / vswitches in ESXI are not proper switches... they forward
packets based on static mac- virtual port entries.   (they do not do proper
mac learning)

you can set the vwswitch in the networking configuration section ... there
are 2 places  you can set it ... in the vmnet and the vswitch setup in the
vmnet setup config  in vsphere

there are 3 workarounds

1) use promiscuous mode (you can set the promiscuous setting on the
vswitch)  you will also need to allow mac changes and forged transmits
(from memory)
Upside (it works) and is Free

downside each vm on that vswitch receives a copy of the frames sent and
received   ...  promiscuous makes a vhub rather than a vswitch
so it is slower than one would like

2) there is a lab test switch (it was in vmware labs I think)  that does
mac learning however it does not do mac aging
upside it works and is faster than promiscuous
downside not againg out macs is just f**king dumb ...

3) get the enterprise enterprise enterprise +  licence and they will give
you proper mac learning on the virtual switches

and that is the reason I migrated to a different Virtual machine solution
...

I love Vmware but they are optimistic when they call their vswitches
switches ...  they are efficeint for non forwarding workloads and I can
understand why they do the static map by default
but for networking  (they dont even give you LACP on their enterprise
licence you have to go for their top line license enterprise Plus (last
time i checked)

it is a pitty because I do like Vmware and moving off it was tough as
breaking an addiction...

Hope this helps

Tom Smyth



On Sun, 29 Nov 2020 at 22:10, Heinrich Rebehn 
wrote:

> Unfortunately, switching to vmx(4) did *not* do the trick
>
> -Heinrich
>
>
> > On 29. Nov 2020, at 22:38, Heinrich Rebehn 
> wrote:
> >
> > Some things I forgot:
> >
> > All interfaces are UP
> > pf(4) ist disabled
> > bridge0 sees a bunch of lladdrs on em0 and one on em1, which is that of
> “A”
> >
> > -Heinrich
> >
> >
> >> On 29. Nov 2020, at 22:29, Heinrich Rebehn  <mailto:heinrich.reb...@rebehn.net>> wrote:
> >>
> >> Hi all,
> >>
> >> I am trying to setup an OpenBSD 6.7 virtual machine under VMware ESXi
> 6.7 to use as a filtering bridge between two virtual networks. I enabled
> promiscuous mode for both virtual switches.
> >> One network is the VMnet network, which is connected to the “outside
> world”.
> >>
> >> “A” ——> “B” ——> “R”
> >>
> >> “A” is a test machine192.168.1.152
> >> “B” is the bridgeNo IP. em0 connects to R, em1 connects to A
> >> “R” is the router provided by the hoster 192.168.1.1
> >>
> >> The addresses are only examples, the actual addresses a public IPs.
> >>
> >> When A tries to ping R, ist sends an arp request for R’s lladdr. R
> responds with its lladdr. Tcpdump on R’s em1 suggests that it is sent out
> on the virtual network. However, A does not see the arp reply, hence
> ping(8) fails.
> >>
> >> What am I missing? While browsing the mailing list archive, I just saw
> that vmx(4) might be a better choice, but I had not yet time to try it out.
> >>
> >>
> >> Any other known issues around bridge(4) or promiscuous mode under ESXi ?
> >>
> >> Thanks for any insights,
> >>
> >>  Heinrich
>
>

-- 
Kindest regards,
Tom Smyth.


Re: E-mail problem

2020-11-13 Thread Tom Smyth
Do u have an spf record for your domain and what domain are you sending
from?

What is your opensmtpd.conf
Do u have restrictions onciphers supported by your mta

On Friday, 13 November 2020, Berkay Tuncel  wrote:

> Hi all,
>
>
>
> We need an advice for our e-mail traffic with openbsd.org
>
>
> When I sent an e-mail to openbsd.org which is rhs, from 160.75.0.0/16, I
> got a TLS handshake error. On the other hand, when I tried from another
> subnet, there was no problem.
>
>
> Nevertheless, our mta has not a problem like this with any other mta.
> That's why, I think it can be a network related issue but still we need
> some help :)
>
>
> Thanks.
>
> Berkay
>


-- 
Kindest regards,
Tom Smyth.


Re: OBSD 6.8 vlan communication issues

2020-11-12 Thread Tom Smyth
Hi Len
Jacob has a point re checking vlan setup first by setting the parent on the
vlans to the em0 or em1 interface first

when you validate your vlan config  on the switch
setup the aggr0 interface
what does unifi say about the LACP status / Aggregation status on the
switch UI ?

also can you confirm that you are not doing any DHCP stuff / DHCP guard /
dhcp snooping  in Unifi  Switch which might affect network connectivity if
you have a dhcp server running on OpenBSD Box





On Thu, 12 Nov 2020 at 02:50, len zaifman  wrote:

> Thanks Tom,Aaron: I did 2 things,
>
> 1 re IPs - all ips removed from aggr0 and 1 ip for each vlan
>
> ifconfig -A | grep -A 7 vlan7 | grep -E 'vlan7
> inet' ; ifconfig aggr0 | grep inet
> vlan70: flags=8843 mtu 1500
>  inet 10.10.70.1 netmask 0xff00 broadcast 10.10.70.255
> vlan77: flags=8843 mtu 1500
>  inet 10.10.77.1 netmask 0xff00 broadcast 10.10.77.255
> vlan79: flags=8843 mtu 1500
>  inet 10.10.79.1 netmask 0xff00 broadcast 10.10.79.255
>
>
> Still no luck
>
>
> 2 I went to switch and made vlan70 the native vlan, with vlan 77,79
> still tagged to see if that would help. Still no ping even to the switch
> which is on vlan 70.
>
> Now the switch is back to all 3 vlans are tagged, no native vlan.
>
>
> I am trying to see vlan tags when i ping 10.10.7x.1 with tcpdump -e but
> no luck. I assume loopback interface is being used when i ping locally
> on the firewall so that doesn't work.
>
>
> I will contact switch vendor to see if they can help. But for openbsd,
> does the config look okay now? All ips on the vlan, not the parent
> interface?
>
>
> PS to Aaro'squestion re: sysctl
>
> sysctl for ip forwarding is set
>
> net.inet.ip.forwarding=1
>
>
> On 2020-11-11 7:32 p.m., Tom Smyth wrote:
> > Hi Len,
> > Hi Remove the Ip addresses from the agg0 interfaces
> >
> > put the Ip addresses on the vlan interfaces only
> >
> > ie
> > mg  /etc/hostname.vlanxxx
> > up vnetid xxx
> > inet 10.10.xx.1/24
> >
> > if you need to route between the vlans make sure you enable forwarding in
> > the kernel with sysctl
> >
> > when you get it working make sure to post to the Misc List :)
> >
> >
> >
> > Hope this helps,
> >
> >
> >
> >
> >
> >
> > On Thu, 12 Nov 2020 at 00:18, len zaifman  wrote:
> >
> >> I am setting up a new system as a firewall using OpenBSD 6.8 current
> >> -uname -a
> >> OpenBSD fw1.lfz.net 6.8 GENERIC.MP#175 amd64.
> >>
> >> I have 3 vlans 70,77,79 on  the firewall using two em devices, em0 and
> >> em1, in an aggregation to serve these vlans.
> >>
> >>
> >> There is a Unifi switch which has 2 ports (where em0,em1 are attached)
> >> set up to pass tagged vlans 70,77,79. The switch ip is 10.10.70.3.
> >>
> >> I have a linux host setup on vans 70,77,79 and at address 77 -
> >> 10.10.70.77, 10.10.77.77,10.10.79.77.
> >>
> >>
> >> So far i cannot communicate over the vlans. Before I vlanned these
> >> subnets : ie only vlan 1 everywhere - communication worked fine.
> >>
> >> So i do not believe there is a physical issue. The issues arose with the
> >> introduction of the vlans. Is there a configuration issue that anyone
> >> can spot?
> >>
> >>
> >> Thank you for any help you can give.
> >>
> >> Evidence:
> >>
> >> ping on the firewall works locally
> >>
> >> for n in 0 7 9 ; do ping -c 2 10.10.7${n}.1 ; done
> >> PING 10.10.70.1 (10.10.70.1): 56 data bytes
> >> 64 bytes from 10.10.70.1: icmp_seq=0 ttl=255 time=0.037 ms
> >> 64 bytes from 10.10.70.1: icmp_seq=1 ttl=255 time=0.025 ms
> >>
> >> --- 10.10.70.1 ping statistics ---
> >> 2 packets transmitted, 2 packets received, 0.0% packet loss
> >> round-trip min/avg/max/std-dev = 0.025/0.031/0.037/0.006 ms
> >> PING 10.10.77.1 (10.10.77.1): 56 data bytes
> >> 64 bytes from 10.10.77.1: icmp_seq=0 ttl=255 time=0.038 ms
> >> 64 bytes from 10.10.77.1: icmp_seq=1 ttl=255 time=0.025 ms
> >>
> >> --- 10.10.77.1 ping statistics ---
> >> 2 packets transmitted, 2 packets received, 0.0% packet loss
> >> round-trip min/avg/max/std-dev = 0.025/0.031/0.038/0.006 ms
> >> PING 10.10.79.1 (10.10.79.1): 56 data bytes
> >> 64 bytes from 10.10.79.1: icmp_seq=0 ttl=255 time=0.038 ms
> >> 64 bytes from 10.10.79.1: icmp_seq=1 ttl=255 time=0.025 ms
> >>
> >> --- 10.10.79.1 ping statistics ---
> >> 2 packets tran

Re: OBSD 6.8 vlan communication issues

2020-11-11 Thread Tom Smyth
127.0.0.1  UHhl   1   17 32768 1 lo0
> 192.168.7/24   192.168.7.4UCn10 - 4 re0
> 192.168.7.100:1b:21:18:88:72  UHLch  514796 - 3 re0
> 192.168.7.48c:ec:4b:7a:04:dc  UHLl   0  184 - 1 re0
> 192.168.7.255  192.168.7.4UHb00 - 1 re0
>
>
> the pf rules when pf enabled
>
> pfctl -sr
> block return all
> pass all flags S/SA
> block return in on ! lo0 proto tcp from any to any port 6000:6010
> block return out log proto tcp all user = 55
> block return out log proto udp all user = 55
> pass out log on aggr0 inet proto icmp from 10.10.70.0/24 to any label
> "pings"
> pass out log on aggr0 inet proto icmp from 10.10.77.0/24 to any label
> "pings"
> pass out log on aggr0 inet proto icmp from 10.10.79.0/24 to any label
> "pings"
> pass in on vlan70 all flags S/SA label "vlan70" tag vlan70
> pass out on vlan70 all flags S/SA label "vlan70o" tag vlan70o
>
> sysctl for ip forwarding is set
>
> net.inet.ip.forwarding=1
>
>
>

-- 
Kindest regards,
Tom Smyth.


Re: Issues converting from bridge(4) to switch(4)

2020-10-29 Thread Tom Smyth
what output does
switchctl monitor

give you

On Thu, 29 Oct 2020 at 17:16, John McGuigan  wrote:
>
> prometheus$ ifconfig em0
> em0: flags=808843 \
> mtu 1500
>   lladdr 00:0d:b9:be:ef:94
>   index 1 priority 0 llprio 3
>   groups: egress
>   media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
>   status: active
>   inet 192.168.1.80 netmask 0xff00 broadcast 192.168.1.255
>
> prometheus$ ifconfig em1
> em1: flags=8b43 MULTICAST> mtu 1500
>   lladdr 00:0d:b9:be:ef:95
>   index 2 priority 0 llprio 3
>   media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
>   status: active
>
> prometheus$ ifconfig em2
> em2: flags=8b43 MULTICAST> mtu 1500
>   lladdr 00:0d:b9:be:ef:96
>   index 3 priority 0 llprio 3
>   media: Ethernet autoselect (none)
>   status: no carrier
>
> prometheus$ cat /etc/hostname.em0
> dhcp
> prometheus$ cat /etc/hostname.em1
> up
> prometheus$ cat /etc/hostname.em2
> up
>
> On Thu, Oct 29, 2020 at 11:10 AM Tom Smyth  
> wrote:
> >
> > what is your ifconfig em0
> > ifconfig em1
> > ?
> >
> > On Thu, 29 Oct 2020 at 17:07, John McGuigan  wrote:
> > >
> > > Howdy misc,
> > >
> > > I have an APU2 with the following configuration under 6.8:
> > >
> > > em0 = WAN
> > > em1 = bridge0 LAN
> > > em2 = bridge0 LAN
> > > vether = 10.0.0.1
> > >
> > > prometheus$ cat /etc/hostname.bridge0
> > > add vether0
> > > add em1
> > > add em2
> > > up
> > >
> > > prometheus$ cat /etc/hostname.vether0
> > > inet 10.0.0.1 255.255.255.0 10.0.0.255
> > >
> > > I have dhcpd listening on vether0 and it works just fine. I have a
> > > client connected to em1 and it can ping 10.0.0.1 with no issues.
> > >
> > > The trouble started when I wanted to implement a switch(4) instead
> > > of the bridge(4):
> > >
> > > I moved /etc/hostname.bridge0 to /etc/hostname.switch0
> > >
> > > prometheus$ cat /etc/switchd.conf
> > > device "/dev/switch0"
> > >
> > > switchd was enabled via rcctl
> > >
> > > When I rebooted the system the client on em1 no longer got a dhcp
> > > response and can't ping 10.0.0.1
> > >
> > > ifconfig snippet:
> > >
> > > switch0: flags=41
> > > index 6 llprio 3
> > > groups: switch
> > > datapath 0x264921d244b07e9a maxflow 1 maxgroup 1000
> > > vether0 flags=0<>
> > > port 7 ifpriority 0 ifcost 0
> > > em1 flags=0<>
> > > port 2 ifpriority 0 ifcost 0
> > > em2 flags=0<>
> > > port 3 ifpriority 0 ifcost 0
> > > vether0: flags=8943 \
> > > mtu 1500
> > > lladdr fe:e1:ba:d0:0b:ca
> > > index 7 priority 0 llprio 3
> > > groups: vether
> > > media: Ethernet autoselect
> > > status: active
> > > inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255
> > >
> > >
> > > With tcpdump on vether0 I see the arp requests from the client for
> > > 10.0.0.1 but vether0 doesn't respond.
> > >
> > > I see the same arp traffic on switch0 and em1 via tcpdump too.
> > >
> > > The switch seems to have learned the mac address of the client:
> > >
> > > prometheus$ switchctl show macs
> > > SwitchPortTypeNameInfo
> > > 1   2   mac f0:de:f1:23:13:37   age 3s
> > >
> > > Unfortunately, I don't really know how to dig any deeper at this issue.
> > > Does anyone here see a glaring mistake or would be able to nudge me in
> > > a better direction?
> > >
> > > Thanks,
> > >
> > > John
> > >
> >
> >
> > --
> > Kindest regards,
> > Tom Smyth.



-- 
Kindest regards,
Tom Smyth.



Re: Issues converting from bridge(4) to switch(4)

2020-10-29 Thread Tom Smyth
what is your ifconfig em0
ifconfig em1
?

On Thu, 29 Oct 2020 at 17:07, John McGuigan  wrote:
>
> Howdy misc,
>
> I have an APU2 with the following configuration under 6.8:
>
> em0 = WAN
> em1 = bridge0 LAN
> em2 = bridge0 LAN
> vether = 10.0.0.1
>
> prometheus$ cat /etc/hostname.bridge0
> add vether0
> add em1
> add em2
> up
>
> prometheus$ cat /etc/hostname.vether0
> inet 10.0.0.1 255.255.255.0 10.0.0.255
>
> I have dhcpd listening on vether0 and it works just fine. I have a
> client connected to em1 and it can ping 10.0.0.1 with no issues.
>
> The trouble started when I wanted to implement a switch(4) instead
> of the bridge(4):
>
> I moved /etc/hostname.bridge0 to /etc/hostname.switch0
>
> prometheus$ cat /etc/switchd.conf
> device "/dev/switch0"
>
> switchd was enabled via rcctl
>
> When I rebooted the system the client on em1 no longer got a dhcp
> response and can't ping 10.0.0.1
>
> ifconfig snippet:
>
> switch0: flags=41
> index 6 llprio 3
> groups: switch
> datapath 0x264921d244b07e9a maxflow 1 maxgroup 1000
> vether0 flags=0<>
> port 7 ifpriority 0 ifcost 0
> em1 flags=0<>
> port 2 ifpriority 0 ifcost 0
> em2 flags=0<>
> port 3 ifpriority 0 ifcost 0
> vether0: flags=8943 \
> mtu 1500
> lladdr fe:e1:ba:d0:0b:ca
> index 7 priority 0 llprio 3
> groups: vether
> media: Ethernet autoselect
> status: active
> inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255
>
>
> With tcpdump on vether0 I see the arp requests from the client for
> 10.0.0.1 but vether0 doesn't respond.
>
> I see the same arp traffic on switch0 and em1 via tcpdump too.
>
> The switch seems to have learned the mac address of the client:
>
> prometheus$ switchctl show macs
> SwitchPortTypeNameInfo
> 1   2   mac f0:de:f1:23:13:37       age 3s
>
> Unfortunately, I don't really know how to dig any deeper at this issue.
> Does anyone here see a glaring mistake or would be able to nudge me in
> a better direction?
>
> Thanks,
>
> John
>


-- 
Kindest regards,
Tom Smyth.



Re: Chromium not starting on Thinkpad R40E with 6.8

2020-10-29 Thread Tom Smyth
Hi Anthony did you manage to try to move the chrome profile directory
so that you start with a fresh profile like As


On Thu, 29 Oct 2020 at 11:26, Anthony Campbell  wrote:
>
> On 28 Oct 2020, Stuart Henderson wrote:
> > On 2020-10-28, Anthony Campbell  wrote:
> > > I upgraded to the i386 version of 6.8-Release on three different
> > > Thinkpads R40E. On all of them, chromium fails to start, saying "Unable
> > > to allocate memory".
> >
> > How does your datasize limit look? Try bumping it as high as it will go
> > ("infinity" in login.conf, which I think results in 3145728 in ulimit -d)
> > and see if that helps.
> >
> > If it doesn't work at all please let me know so I can disable it on i386
> > and stop wasting time in the i386 bulk builds, it takes about 28 hours to
> > build which is a lot of time tying up the machine if the results are
> > useless :)
> >
> > iridium may do better (at least for a while..)
> >
> >
> Thanks for your reply, Stuart. Increasing the datasize limit as you
> suggested doesn't solve the problem, I'm afraid, but iridium does work
> I'm glad to say.  Many thanks.
>
> Anthony
> --
> Anthony Campbellhttps://www.acampbell.uk
>


--
Kindest regards,
Tom Smyth.



Re: suggestion for the installer

2020-10-29 Thread Tom Smyth
it possibly an inline indicator on wired on question
 which interface do you want to configure em0, em1 (down),
em2down)   [em0] :

but wireless interfaces will always be down before you associate with the AP...
that said if using DHCP it is pretty obvious when a link is down...
and on a static ip  you know how to set it so you know how to run
ifconfig to diagnose
it...
I dont feel that strongly about it ... but i can see it would help in
some situation
...  so if there is an existing network status line in the installer
perhaps appending a lnk down message there
would be helpful without impacting someone's terminal  (as highlighted
by Theo and Nick)

All the best,
Tom Smyth

On Thu, 29 Oct 2020 at 16:10, Theo de Raadt  wrote:
>
> Nick Holland  wrote:
>
> > On 2020-10-29 08:00, Harald Dunkel wrote:
> > > Hi folks,
> > >
> > > do you think it would be possible for the installer to show
> > > an eye-catching warning, if "ifconfig" reports "no carrier"
> > > for the network port to configure?
> > >
> > > Just a suggestion, of course
> > > Harri
> >
> > Why?
> > What problem are you trying to solve, and how many are you
> > planning on making for me in the process?
> >
> > I often end up setting up OpenBSD systems with no network
> > attached.  Nothing to warn me about.
> >
> > I very often install OpenBSD configuring several NICs when
> > only one has a network currently.  Again, PLEASE don't give
> > me three, five or ten bogus warning messages.
>
> Precisely.  vertical screen real-estate is valuable.  People
> often look up higher at what they've already done, and a warning
> would consume 1 line per interface, and reduce the visible context
> for a person performing an multi-network install manually, thereby
> increasing potential error.
>


-- 
Kindest regards,
Tom Smyth.



Re: suggestion for the installer

2020-10-29 Thread Tom Smyth
Hi Harald,

If im not mistaken when  the installer is running when you configure
dhcp on the interface
t will warn you that it is not receiving any leases.  I can see your
concerns about the static ip configuration
at a guess I think the issue   is there is no config on the interfaces
so they havent yet been instructed to start or put a config on them...


as a workaround when you start up  the installer you can select shell
or  hit  c to exit the installer back to a shell and you can
can do
ifconfig interface name
or
ifconfig interface_name up
and when you are done checking you can run the
install to restart the install process
I hope this helps a little


On Thu, 29 Oct 2020 at 12:06, Harald Dunkel  wrote:
>
> Hi folks,
>
> do you think it would be possible for the installer to show
> an eye-catching warning, if "ifconfig" reports "no carrier"
> for the network port to configure?
>
> Just a suggestion, of course
> Harri
>


-- 
Kindest regards,
Tom Smyth.



Re: Inphi CS4223 for 4x 10GbE SFP+

2020-10-22 Thread Tom Smyth
Hello,
re bypass mechanisms on on other platforms they can be just purely passive
relays, that when power is attached to the system
and the bios /EFI firmware confirms load (after the beep) an
8pole relay (that is normally closed electrically  linking two  RJ45 ports
together,
it can be useful in scenarios if you have only 1 interface from an uplink
provider
and only have routers with a single power supply each and you want to
create a
failsafe failover... I tend to use a scenario where the OS replicates the
connectivity
when the OS loads, i.e. place the 2 interfaces that are in the same bypass
group
into a bridge...

one has to be careful not to create loops with that type of config...

as far as im aware there is usually dip switches or jumper pins on the
mainboard
to facilitate it...
sorry for going off on a tangent here..  but when I heard bypass I thought
I would
share some of my humble experience here...

All the Best
Tom




On Tue, 20 Oct 2020 at 13:39, Stuart Henderson  wrote:

> On 2020-10-20, Harald Dunkel  wrote:
> > On 10/19/20 9:46 PM, Stuart Henderson wrote:
> >> On 2020-10-19, Harald Dunkel  wrote:
> >>>
> >>> What would these bypass problems look like? Hopefully the bypass
> feature
> >>> can be turned off/ignored.
> >>
> >> If there are problems then possibly 2 of the ports either won't work
> >> or will be connected directly to 2 of the other ports until a magic
> >> command is sent somehow (either gpio or via some memory mapped io
> >> port I guess, I don't know the hardware).
> >>
> >
> > You mean the bypass might be active, even though its not configured and
> > power is on? That sounds like a fatal problem to me. Is this restricted
> > to OpenBSD or are other operating systems affected as well?
>
> I don't know how it works on this hardware. The general idea of bypass
> NICs is so that they connect ports straight-through if the OS is not
> running correctly, so it depends how they detect whether the OS is running
> as to whether that will work.
>
> One would hope that it can be disabled if necessary, but one would also
> hope that BIOS/firmware vendors don't make silly mistakes and experience
> has shown that this is not always the case ;)
>
> It will probably be OK. But with new hardware, who knows!
>
>

-- 
Kindest regards,
Tom Smyth.


Re: fresh install

2020-10-19 Thread Tom Smyth
Hi Hakan,
easiest method would be to have your /home on a separate drive if
possible...   that way when you run the installer
your "OS Disk"  can be blown away by the auto partitioning and then
you can manually update the /etc/fstab to mount
/home to the home partition on your "Own UserDisk"

this I think is the most foolproof  (tom proof anyway )   way of doing it ...

the partition method / offsets may change from version to version (in
my humble experience) it may be because the different
disk manufacturers.

that said the OpenBSD Installers / upgrade tools are designed to be
straightforward, not to be too complex

for instance if you dont install a given install set eg xbase.tgz  at
install time, you can simply download it and extract the tgz
file in / and it will install the set just like the installer would.

If you love your data and you are unfamiliar with OpenBSDs partitions
and installers I would not be reinstalling the OS
over existing partitions without a backup.

the upgrade tools bsd.rd  / sysupgrade or the latest install.iso or
install.img are pretty  reliable when it comes to upgrades.
(even when I dont use the standard partition layouts)

I hope this helps

Tom Smyth




On Tue, 20 Oct 2020 at 00:14, Hakan E. Duran  wrote:
>
> Dear all,
>
> Having been a linux user for quite a while, I am used to doing a fresh 
> install every few years, following a few upgrades. I usually set a separate 
> partition for the /home directory to be able to inherit my settings to the 
> fresh installation. This is the first time I did an upgrade in OpenBSD from 
> 6.7 to 6.8, which actually went flawless, but being a skeptical linux user, I 
> am wondering how I can do a fresh install if need be, by preserving my user 
> directory. I chose the auto-partitioning during the installation of OpenBSD 
> 6.7 but I don't know if that would be possible in a scenario like this, since 
> I am not sure if the installation algorithm would recognize the /home 
> directory or not. Your guidance will be greatly appreciated.
>
> Hakan
>


-- 
Kindest regards,
Tom Smyth.



Re: bird make network unusable on 6.8-current

2020-10-19 Thread Tom Smyth
ction 0 "Intel 82540EM" rev 0x02: apic 1 int 19,
> address 08:00:27:d6:6e:dd
> "InnoTek VirtualBox Guest Service" rev 0x00 at pci0 dev 4 function 0
> not configured
> auich0 at pci0 dev 5 function 0 "Intel 82801AA AC97" rev 0x01: apic 1
> int 21, ICH
> ac97: codec id 0x83847600 (SigmaTel STAC9700)
> audio0 at auich0
> ohci0 at pci0 dev 6 function 0 "Apple Intrepid USB" rev 0x00: apic 1
> int 22, version 1.0
> piixpm0 at pci0 dev 7 function 0 "Intel 82371AB Power" rev 0x08: apic 1
> int 23
> iic0 at piixpm0
> ehci0 at pci0 dev 11 function 0 "Intel 82801FB USB" rev 0x00: apic 1
> int 19
> usb0 at ehci0: USB revision 2.0
> uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev
> 2.00/1.00 addr 1
> isa0 at pcib0
> isadma0 at isa0
> pckbc0 at isa0 port 0x60/5 irq 1 irq 12
> pckbd0 at pckbc0 (kbd slot)
> wskbd0 at pckbd0: console keyboard, using wsdisplay0
> pms0 at pckbc0 (aux slot)
> wsmouse0 at pms0 mux 0
> pcppi0 at isa0 port 0x61
> spkr0 at pcppi0
> usb1 at ohci0: USB revision 1.0
> uhub1 at usb1 configuration 1 interface 0 "Apple OHCI root hub" rev
> 1.00/1.00 addr 1
> vscsi0 at root
> scsibus2 at vscsi0: 256 targets
> softraid0 at root
> scsibus3 at softraid0: 256 targets
> root on wd0a (93ce6f2269537131.a) swap on wd0b dump on wd0b
> arp_rtrequest: bad gateway value: em0
> nd6_rtrequest: bad gateway value: em0
> nd6_rtrequest: bad gateway value: em0
> nd6_rtrequest: bad gateway value: em0
> arpresolve: 10.42.42.0: route contains no arp information
> arpresolve: 10.42.42.0: route contains no arp information
> arpresolve: 10.42.42.1: route contains no arp information
> arpresolve: 10.42.42.0: route contains no arp information
> arpresolve: 10.42.42.1: route contains no arp information
> arpresolve: 10.42.42.1: route contains no arp information
> arpresolve: 10.42.42.1: route contains no arp information
> arpresolve: 10.42.42.0: route contains no arp information
> arpresolve: 10.42.42.0: route contains no arp information
> arpresolve: 10.42.42.0: route contains no arp information
> [...]
>
>
>


-- 
Kindest regards,
Tom Smyth.



Re: Inphi CS4223 for 4x 10GbE SFP+

2020-10-19 Thread Tom Smyth
Hi Harald, check the Atom processor and make sure that it is not one
of those ones that fail after a while (some electrical issue) ...

On Mon, 19 Oct 2020 at 12:48, Harald Dunkel  wrote:
>
> Hi folks,
>
> I am about to order 2 network appliances, providing an
> "Inphi CS4223 for 4x 10GbE SFP+".
>
> Does this ring a bell? Is this already supported by 6.8? Other
> technical specs can be found on
>
> https://www.ibase.com.tw/english/ProductDetail/NetworkAppliance/FWA8506
>
> BTW, congratulations to the new release
>
>
> Regards
> Harri
>


-- 
Kindest regards,
Tom Smyth.



Re: Installation of 6.7 does not start on Lenovo ThinkPad P1 Gen 3

2020-10-18 Thread Tom Smyth
Hi Todd

try without the USB Docking device / LAN Dongle device cable attached
...  (I see something like that in the dmesg

use the bios to turn off things like the camera one by one and you
will find the incompatible piece of hardware (if it exists)

On Sun, 18 Oct 2020 at 05:07, Todd Brewster  wrote:
>
> Hi Tom,
>
> Thanks for the quick reply.
>
> the only other thing I can think of is to clear the partition table
>
> The laptop came with a pre-installed Win10, which I have overwritten with 
> Fedora.
>
> Ok just to confirm you are writing the install67.fs or install68.img
> to the USB drive... the usb drive is not encrypted..
>
> Correct, I wrote Install67.fs / install68.img to the USB Flash drive and then 
> booted from that flash.
>
> when you boot your laptop you get the usual OpenBSD boot prompt and you just 
> hit enter ?
>
> Well, actually I just wait for the timeout.
>
>
> looking at the dmesg it is saying softraid0 ... (which im assuming
> would only be relevant if you were loading an encrypted drive or a
> raid that is strange)
> I had not noticed that in a dmesg of a standard installer (I could be wrong)
>
> The drive is currently not encrypted. I compared the dmesg with the other 
> outputs
> and they all have the
> softraid0 at root
> scsibus2 at softraid0: 256 targets
> lines.
>
> Thanks and all the best,
>
> Todd



-- 
Kindest regards,
Tom Smyth.



Re: Installation of 6.7 does not start on Lenovo ThinkPad P1 Gen 3

2020-10-17 Thread Tom Smyth
Hi Todd,
im sorry to hear that you are having that hassle...
the only other thing I can think of is to clear the partition table
(if you have no other data stored)
on the hard disk,
I have had trouble with other installers (that said, not OpenBSDs)
where if I had one OS installed
on the disk before I would not be able to install because of some bug
in the way the
Partition tables were written by the other OS.

Ok  just to confirm you are writing the install67.fs or install68.img
to the USB drive...  the usb drive is not encrypted..

you are not writing the install6.7fs or install68.img to the internal
nvme disk of your laptop


when you boot your laptop you get the usual OpenBSD boot prompt and
you just hit enter ?


looking at the dmesg it is saying softraid0 ... (which im assuming
would only be relevant if you were loading an encrypted drive or a
raid that is strange)
I had not noticed that in a dmesg of a standard installer (I could be wrong)




On Sun, 18 Oct 2020 at 04:13, Todd Brewster  wrote:
>
> Hi Tom,
>
> Unfortunately, 6.8 stops exactly at the same point. I disabled almost 
> anything in BIOS or set it to a setting I considered the safest option.
>
> I verified that the USB flash works fine with the W540 I mentioned earlier.
>
> I specifically bought this laptop as it is officially fully supported to run 
> Fedora (which it actually does) and this made me assume that OpenBSD would 
> also run fine. I guess I run Fedora for now and try with 6.9 in a bit.
>
> Thanks and all the best,
>
> Todd
>
> On 15 October 2020 at 8:36, Tom Smyth  wrote:
>
> Hey Todd,
> Can you try to run one of the current snapshots just in case
> there is some new hardware in the P1 that is not recognised
>
> last of the hardware checks what INtel SGX setting do you have ?
> and what intel TXT Settting do you have ?
>
> Im running 6.8 current myself...
>
> On Thu, 15 Oct 2020 at 03:37, Todd Brewster  wrote:
>
>
> Hi Folks,
>
>
> I played around a bit, still no luck.
>
> boot -s, does not work
>
> boot -c, works; I can list the devices and I can switch on verbose. Verbose 
> does not provide additional insights, system is stuck exactly at the same 
> point.
>
>
> Any t-shoot ideas are very much appreciated.
>
>
> Thanks and all the best,
>
>
> Todd
>
>
>
>
> --
> Kindest regards,
> Tom Smyth.



-- 
Kindest regards,
Tom Smyth.



Re: Thinkpad T14/T14s - any experiences?

2020-10-16 Thread Tom Smyth
Hi Ashton,
I have the T15 and it has more or less the same hardware and it seems
to work good..
Getting OpenBSD and WIndows 10 to play nice and share the same drive
is not as easy as I would like
Both OS are happy until the other OS is there :) ...
I have the Nvida hybrid :( GPU (because of a 4 K screen) but it does work well..


On Fri, 16 Oct 2020 at 22:50, Ashton Fagg  wrote:
>
> On Wed, 14 Oct 2020 at 14:06, Jan Betlach  wrote:
> >
> >
> > I am about to install -current on my new T14s with Ryzen 4750u as well.
> >
> > I have browsed r/openbsd, there are two recent posts related to this. I 
> > have also chatted on Freenode / #openbsd as there are couple of guys 
> > running -current on their AMD Thinkpads.
> >
> > It seems that almost everything works. For suspend you need to switch the 
> > option from "Windows" to "Linux" in Bios (Config/Power/SleepState). Few 
> > people still report occasional problems with suspend.
> > Also, there's no userland clock_gettime on the 4750U (due to reported tsc 
> > skew).
> > Almost everything else works - wifi, acceleration, etc.
> >
> > Will report my own experience as soon as will get to -current installation.
> >
> > Jan
>
> Hey Jan,
>
> I ended up getting some free time today, so I went ahead and installed
> -current on this machine. So far, works great (have a few small
> issues, but these may be down to the fact that I don't know what I'm
> doing :-) I will be interested to hear if you have a similar
> experience (esp. with the small niggles I note below).
>
> I built the install disk from today's snapshot. No issues installing
> (including disk encryption).
>
> Suspend works, haven't tried Hibernate.
>
> WiFi works once you pull in the firmware.
>
> Brightness hotkeys and keyboard backlight hotkeys work fine.
>
> Thus far I have not tested ethernet but the device shows up so I am
> assuming it is fine. X runs fine, haven't noticed any tearing or
> anything. Even without a compositor running it's much
> smoother/performant than on Linux - without something like picom, Arch
> Linux would exhibit large amounts of tearing when playing video.
> OpenBSD does much better here.
>
> The machine doesn't seem to be running hotter than usual or anything either.
>
> A few minor issues (none are deal breakers in the slightest, at least for me):
>
> - Webcam doesn't appear to work
> - Sound works but ONLY through the headphone jack. Even with
> everything in mixerctl unmuted, no dice. The light on the mute hotkey
> stays lit. Oddly though if you are using headphones and press that
> key, the mute works. Thus far I haven't managed to investigate the
> volume keys. I will post separately about this because I suspect maybe
> I am not configuring it right.
> - My Lenovo USB-C dock is recognized - it provides power, USB and is
> also recognized as a sound output device. But the HDMI and
> displayports on it are totally dead. xrandr doesn't pick them up at
> all - I wonder if I need to boot the machine with the dock plugged in.
> That said, if I plug my monitor in via HDMI directly on the laptop, it
> works just fine.
>
> Anyhow, hope that helps anyone Googling for answers on this. :-)
>
> Cheers,
> Ash
>


-- 
Kindest regards,
Tom Smyth.



Re: Installation of 6.7 does not start on Lenovo ThinkPad P1 Gen 3

2020-10-15 Thread Tom Smyth
Hey Todd,
Can you try to run one of the current snapshots just in case
there is some new hardware  in the P1 that is not recognised

last of the hardware checks what INtel SGX setting do you have ?
and what intel TXT Settting do you have ?

Im running 6.8 current  myself...

On Thu, 15 Oct 2020 at 03:37, Todd Brewster  wrote:
>
> Hi Folks,
>
> I played around a bit, still no luck.
> boot -s, does not work
> boot -c, works; I can list the devices and I can switch on verbose. Verbose 
> does not provide additional insights, system is stuck exactly at the same 
> point.
>
> Any t-shoot ideas are very much appreciated.
>
> Thanks and all the best,
>
> Todd
>


-- 
Kindest regards,
Tom Smyth.



Re: Installation of 6.7 does not start on Lenovo ThinkPad P1 Gen 3

2020-10-13 Thread Tom Smyth
Hi Todd
I just got around to testing 6.7 (before trying Current on my T15 Gen1
which I think would be the same generation as your P1
are you using a docking station ? the Nvidia Chips can play silly
buggers on the
docked displays...

On Tue, 13 Oct 2020 at 21:50, Todd Brewster  wrote:
>
> server# dd if=install67.fs of=/dev/rsd6c bs=1m
> 454+1 records in
> 454+1 records out
> 476545024 bytes transferred in 61.800 secs (7711076 bytes/sec)
>
> USB works fine on ThinkPad W540, ThinkPad W530, and ThinkPad T430. Just my 
> brand new P1 gen3 does not work.
>
> On 13 October 2020 at 13:37, Tom Smyth  wrote:
>
> how did you create the USB Disk ?
>
> Have you made sure to remove all partitions / volumes from it before
> writing the image ?
>
> Can you try the USB Disk in another computer... ?
>
>
> On Tue, 13 Oct 2020 at 21:34, Todd Brewster  wrote:
>
>
> Hi Folks,
>
>
> My apologies for the late reply. I now have tried with exactly the same 
> result:
>
> - different (smaller) USB flash drive / different brand
>
> - disabled hyper threading
>
>
> Secure boot is disabled and since I deleted all keys, it would go into setup 
> mode if I would enable it. The laptop does not have AMT. To my surprise it 
> does not have a legacy boot option, only UEFI with secure boot on or off.
>
>
> Your help is very much appreciated.
>
>
> Thanks and all the best,
>
>
> Todd
>
>
> On 13 October 2020 at 2:37, Tom Smyth  wrote:
>
>
> Hey Todd,
>
> Hakan is right, and the way Lenvo ennumerates the USB Disk
>
> (as a hard disk vs some other type of disk) might be affecting you
>
> Cheers,
>
>
>
> On Tue, 13 Oct 2020 at 03:09, Hakan E. Duran  wrote:
>
>
>
> On 20/10/12 07:44PM, Tom Smyth wrote:
>
>
> I solved a similar issue by going into BIOS settings and into the boot
>
>
> order list, where I could actually see the USB drive, which didn't show
>
>
> on boot menu or anywhere else otherwise on a lenovo thinkpad X200.
>
>
>
> Good luck.
>
>
>
> Hakan
>
>
> > Can you try a different USB stick some drivers for sticks may not work
>
>
> > so well :/
>
>
> >
>
>
> > AFAIK Secure boot I think will allow for an initial load but then
>
>
> > crash (from my experience with windows installers half working)
>
>
> > Emperically I think the boot loader will be fine but kernel loading
>
>
> > might be stopped ) (im guessing loosely on that one and have not
>
>
> > looked
>
>
> > in too deep ...
>
>
> > Check Secure Boot Mode to setup Mode ? (as opposed to user mode )
>
>
> >
>
>
> > While you are in the neighbourhood and entirely irrelevant to the tread...
>
>
> > while you are in the bios kill off the Hyperthreading too :)
>
>
> > you may want to disable AMT : / (if you dont need out of band access
>
>
> > to your laptop (or anyone else ) (levovo is cool that they can
>
>
> > permanently
>
>
> > disable AMT )
>
>
> > Hope this helps
>
>
> >
>
>
> >
>
>
> >
>
>
> > On Mon, 12 Oct 2020 at 19:23, Todd Brewster  
> > wrote:
>
>
> > >
>
>
> > > Hi Tom,
>
>
> > >
>
>
> > > Thank you for your reply. To answer your questions:
>
>
> > > - secure boot is off
>
>
> > > - TPM is off
>
>
> > > - manufacturer TPM keys have been deleted
>
>
> > > - there is no other OS
>
>
> > >
>
>
> > > If secure boot would be an issue, I would expect no boot at all.
>
>
> > >
>
>
> > > I am pretty much stuck at the moment.
>
>
> > >
>
>
> > > Thanks and all the best,
>
>
> > >
>
>
> > > Todd
>
>
> >
>
>
> >
>
>
> >
>
>
> > --
>
>
> > Kindest regards,
>
>
> > Tom Smyth.
>
>
> >
>
>
>
>
>
> --
>
> Kindest regards,
>
> Tom Smyth.
>
>
>
>
> --
> Kindest regards,
> Tom Smyth.



-- 
Kindest regards,
Tom Smyth.



Re: Installation of 6.7 does not start on Lenovo ThinkPad P1 Gen 3

2020-10-13 Thread Tom Smyth
how did you create the USB Disk ?

Have you made sure to remove all partitions / volumes from it before
writing the image ?

Can you try the USB Disk in another computer... ?


On Tue, 13 Oct 2020 at 21:34, Todd Brewster  wrote:
>
> Hi Folks,
>
> My apologies for the late reply. I now have tried with exactly the same 
> result:
> - different (smaller) USB flash drive / different brand
> - disabled hyper threading
>
> Secure boot is disabled and since I deleted all keys, it would go into setup 
> mode if I would enable it. The laptop does not have AMT. To my surprise it 
> does not have a legacy boot option, only UEFI with secure boot on or off.
>
> Your help is very much appreciated.
>
> Thanks and all the best,
>
> Todd
>
> On 13 October 2020 at 2:37, Tom Smyth  wrote:
>
> Hey Todd,
> Hakan is right, and the way Lenvo ennumerates the USB Disk
> (as a hard disk vs some other type of disk) might be affecting you
> Cheers,
>
>
> On Tue, 13 Oct 2020 at 03:09, Hakan E. Duran  wrote:
>
>
> On 20/10/12 07:44PM, Tom Smyth wrote:
>
> I solved a similar issue by going into BIOS settings and into the boot
>
> order list, where I could actually see the USB drive, which didn't show
>
> on boot menu or anywhere else otherwise on a lenovo thinkpad X200.
>
>
> Good luck.
>
>
> Hakan
>
> > Can you try a different USB stick some drivers for sticks may not work
>
> > so well :/
>
> >
>
> > AFAIK Secure boot I think will allow for an initial load but then
>
> > crash (from my experience with windows installers half working)
>
> > Emperically I think the boot loader will be fine but kernel loading
>
> > might be stopped ) (im guessing loosely on that one and have not
>
> > looked
>
> > in too deep ...
>
> > Check Secure Boot Mode to setup Mode ? (as opposed to user mode )
>
> >
>
> > While you are in the neighbourhood and entirely irrelevant to the tread...
>
> > while you are in the bios kill off the Hyperthreading too :)
>
> > you may want to disable AMT : / (if you dont need out of band access
>
> > to your laptop (or anyone else ) (levovo is cool that they can
>
> > permanently
>
> > disable AMT )
>
> > Hope this helps
>
> >
>
> >
>
> >
>
> > On Mon, 12 Oct 2020 at 19:23, Todd Brewster  
> > wrote:
>
> > >
>
> > > Hi Tom,
>
> > >
>
> > > Thank you for your reply. To answer your questions:
>
> > > - secure boot is off
>
> > > - TPM is off
>
> > > - manufacturer TPM keys have been deleted
>
> > > - there is no other OS
>
> > >
>
> > > If secure boot would be an issue, I would expect no boot at all.
>
> > >
>
> > > I am pretty much stuck at the moment.
>
> > >
>
> > > Thanks and all the best,
>
> > >
>
> > > Todd
>
> >
>
> >
>
> >
>
> > --
>
> > Kindest regards,
>
> > Tom Smyth.
>
> >
>
>
>
>
> --
> Kindest regards,
> Tom Smyth.
>


-- 
Kindest regards,
Tom Smyth.



Re: Installation of 6.7 does not start on Lenovo ThinkPad P1 Gen 3

2020-10-13 Thread Tom Smyth
Hey Todd,
Hakan is right, and the way Lenvo ennumerates the USB Disk
(as a hard disk vs some other type of disk) might be affecting you
Cheers,


On Tue, 13 Oct 2020 at 03:09, Hakan E. Duran  wrote:
>
> On 20/10/12 07:44PM, Tom Smyth wrote:
> I solved a similar issue by going into BIOS settings and into the boot
> order list, where I could actually see the USB drive, which didn't show
> on boot menu or anywhere else otherwise on a lenovo thinkpad X200.
>
> Good luck.
>
> Hakan
> > Can you try a different USB stick some drivers for sticks may not work
> > so well :/
> >
> > AFAIK Secure boot I think will allow for an initial load but then
> > crash (from my experience with windows installers half working)
> > Emperically I think the boot loader will be fine but kernel loading
> > might be stopped ) (im guessing loosely on that one and have not
> > looked
> > in too deep ...
> > Check Secure Boot Mode to setup Mode ?   (as opposed to user mode )
> >
> > While you are in the neighbourhood and entirely irrelevant to the tread...
> > while you are in the bios kill off the Hyperthreading too :)
> > you may want to disable AMT : /  (if you dont need out of band access
> > to your laptop (or anyone else )   (levovo is cool that they can
> > permanently
> > disable AMT )
> > Hope this helps
> >
> >
> >
> > On Mon, 12 Oct 2020 at 19:23, Todd Brewster  
> > wrote:
> > >
> > > Hi Tom,
> > >
> > > Thank you for your reply. To answer your questions:
> > > - secure boot is off
> > > - TPM is off
> > > - manufacturer TPM keys have been deleted
> > > - there is no other OS
> > >
> > > If secure boot would be an issue, I would expect no boot at all.
> > >
> > > I am pretty much stuck at the moment.
> > >
> > > Thanks and all the best,
> > >
> > > Todd
> >
> >
> >
> > --
> > Kindest regards,
> > Tom Smyth.
> >



-- 
Kindest regards,
Tom Smyth.



Re: Installation of 6.7 does not start on Lenovo ThinkPad P1 Gen 3

2020-10-12 Thread Tom Smyth
Can you try a different USB stick some drivers for sticks may not work
so well :/

AFAIK Secure boot I think will allow for an initial load but then
crash (from my experience with windows installers half working)
Emperically I think the boot loader will be fine but kernel loading
might be stopped ) (im guessing loosely on that one and have not
looked
in too deep ...
Check Secure Boot Mode to setup Mode ?   (as opposed to user mode )

While you are in the neighbourhood and entirely irrelevant to the tread...
while you are in the bios kill off the Hyperthreading too :)
you may want to disable AMT : /  (if you dont need out of band access
to your laptop (or anyone else )   (levovo is cool that they can
permanently
disable AMT )
Hope this helps



On Mon, 12 Oct 2020 at 19:23, Todd Brewster  wrote:
>
> Hi Tom,
>
> Thank you for your reply. To answer your questions:
> - secure boot is off
> - TPM is off
> - manufacturer TPM keys have been deleted
> - there is no other OS
>
> If secure boot would be an issue, I would expect no boot at all.
>
> I am pretty much stuck at the moment.
>
> Thanks and all the best,
>
> Todd



-- 
Kindest regards,
Tom Smyth.



Re: Installation of 6.7 does not start on Lenovo ThinkPad P1 Gen 3

2020-10-12 Thread Tom Smyth
Hey Todd...
check your secure boot option in the bios... I think it will be in the
Security or Security Chip or TPM menu in the thinkpad

if that is enabled it will only load a recognised image at boot
time... just temporarily disable secure boot

Be careful dont disable the TPM completely if you have an encrypted
disk with another OS on your Laptop or you will lose the data if you
dont have
the Key (that could be stored in the the TPM)  backed up...

but the secure boot mode can be adjusted safely...  and that is
probably what is catching you out at the minute

All the Best,

Tom Smyth

On Mon, 12 Oct 2020 at 01:12, Todd Brewster  wrote:



-- 
Kindest regards,
Tom Smyth.



Re: OpenBSD fakeroot

2020-10-03 Thread Tom Smyth
Ok

root as in user as opposed to root as in location in filesystem

Thanks Richard...

On Sat, 3 Oct 2020 at 12:49, Richard Ipsum  wrote:
>
> Hi,
>
> Sorry I'm not sure I understand, but anyway as far as I know you have to be
> root already to use chroot, and the main goal of fakeroot is to avoid
> having to become root when you don't really need to. So fakeroot just
> gives the appearances of being root without actually running anything
> as root.
>
> Thanks,
> Richard
>
> On Sat, Oct 03, 2020 at 12:30:30PM +0100, Tom Smyth wrote:
> > Hi Richard,
> > pardon my ignorance but would chroot with  a copy of  the / and sub
> > directories,  do the same thing ?
> >
> > thanks
> >
> > On Sat, 3 Oct 2020 at 12:30, Richard Ipsum  wrote:
> > >
> > > Hi,
> > >
> > > I needed fakeroot for some tests I'm writing, but it seemed to be Linux
> > > only and looked like it would be hard to port.
> > >
> > > So I've written a fakeroot clone for OpenBSD, it's not complete but it
> > > does enough to be useful to me personally, if anyone's interested the
> > > code is here: https://git.vx21.xyz/sfakeroot/
> > >
> > > Since OpenBSD's coreutils are statically linked and it needs LD_PRELOAD
> > > to work you'll probably want to use it with sbase[1] to be able to do
> > > anything useful.
> > >
> > > Thanks,
> > > Richard
> > >
> > > [1]: https://git.suckless.org/sbase/
> > >
> >
> >
> > --
> > Kindest regards,
> > Tom Smyth.



-- 
Kindest regards,
Tom Smyth.



Re: OpenBSD fakeroot

2020-10-03 Thread Tom Smyth
Hi Richard,
pardon my ignorance but would chroot with  a copy of  the / and sub
directories,  do the same thing ?

thanks

On Sat, 3 Oct 2020 at 12:30, Richard Ipsum  wrote:
>
> Hi,
>
> I needed fakeroot for some tests I'm writing, but it seemed to be Linux
> only and looked like it would be hard to port.
>
> So I've written a fakeroot clone for OpenBSD, it's not complete but it
> does enough to be useful to me personally, if anyone's interested the
> code is here: https://git.vx21.xyz/sfakeroot/
>
> Since OpenBSD's coreutils are statically linked and it needs LD_PRELOAD
> to work you'll probably want to use it with sbase[1] to be able to do
> anything useful.
>
> Thanks,
> Richard
>
> [1]: https://git.suckless.org/sbase/
>


-- 
Kindest regards,
Tom Smyth.



Re: Intl I350 Network Card Not Found

2020-09-25 Thread Tom Smyth
Glad u got sorted
Thanks for posting that solution as it would help someonelse sometime in
the future


On Friday, 25 September 2020, Brandon Woodford  wrote:

> On Thu, Sep 17, 2020, at 1:39 PM, Brandon Woodford wrote:
> > Hello,
> >
> > I've been trying  to fix an issue with my Intel I350-T4 PCI Network card
> not being reported to the OpenBSD 6.7 system during boot. Looking through
> dmesg, I was not able to find any reference to the card or the em interface
> name that it should have. I've also tried updating all firmware with
> fw_update. After that I tried creating a /etc/hostname.em1 file that just
> has dhcp included in it and ran sh /etc/netstart. Unfortunately, no luck as
> of yet. I was able to find the boot_config(8) man page that describes a
> similar issue with the ne(4) driver. I went into the boot configuration and
> ran: find em and received a response of: em* at pci* dev -1 function -1
> flags 0x0. Not sure if that means anything.
> >
> > Quick note: the card does work on a separate system that is not OpenBSD
> but FreeBSD.
> >
> > Any help in the right direction is appreciated!
> >
> > Thanks.
>
> Update: I was able to solve this issue. I was using a PCIe 2 card in a
> PCIe 3 slot. My motherboard had an option to correct the slot to a previous
> generation of PCIe (for w/e reason it was called Gen1 in the BIOS). I had
> seen this option previously but kept it on auto. All link lights were
> working for the card during this time so I figured it was an OS issue.
> Turns out I was dead wrong... Changing the setting has fixed all the
> issues, so now the em firmware is loaded during boot.
>


-- 
Kindest regards,
Tom Smyth.


Re:

2020-09-19 Thread Tom Smyth
Hi Unicorn,

what do you have in in your em0 config
/etc/hostname.em0


are you in control of the KVM infrastructure ?  can you get a vio  nic
instead of a intel 1000
nic   it will generally perform better (according to my humble testing)

Hope this helps

Tom Smyth



On Sat, 19 Sep 2020 at 07:41, Unicorn  wrote:
>
> Hello,
>
> I am encountering a network related issue in a KVM VPS that I am using
> for OpenBSD. The way it appears to me is that /etc/netstart fails to
> get a network connection using dhcp on its first attempt, but works on
> the second attempt.
>
> While the system is booting, I see the following:
> > em0: no link. sleeping
>
> However, executing 'sh /etc/netstart' once the system is booted works:
> > em0: 123.123.123.123 lease accepted from [...]
>
> The same happened during first installation of OpenBSD, I just told it
> to use dhcp, it fails the first time, but works if I just do the same
> thing for the same interface again.
>
> Attached is the full output of dmesg, I attached it as a plain text
> file due to the line breaks hindering readability in email.
>
> I would appreciate any pointers as to what is happening and how I
> could fix it or work around it.
>
> Thanks a lot in advance!



-- 
Kindest regards,
Tom Smyth.



Re: Intl I350 Network Card Not Found

2020-09-17 Thread Tom Smyth
Try
Getting the intel firmware from the intel download site or
>From your pci card manufacturer...









On Thursday, 17 September 2020, Brandon Woodford  wrote:

> Hello,
>
> I've been trying  to fix an issue with my Intel I350-T4 PCI Network card
> not being reported to the OpenBSD 6.7 system during boot. Looking through
> dmesg, I was not able to find any reference to the card or the em interface
> name that it should have. I've also tried updating all firmware with
> fw_update. After that I tried creating a /etc/hostname.em1 file that just
> has dhcp included in it and ran sh /etc/netstart. Unfortunately, no luck as
> of yet. I was able to find the boot_config(8) man page that describes a
> similar issue with the ne(4) driver. I went into the boot configuration and
> ran: find em and received a response of: em* at pci* dev -1 function -1
> flags 0x0. Not sure if that means anything.
>
> Quick note: the card does work on a separate system that is not OpenBSD
> but FreeBSD.
>
> Any help in the right direction is appreciated!
>
> Thanks.
>


-- 
Kindest regards,
Tom Smyth.


Re: openconnect

2020-09-01 Thread Tom Smyth
Hello All,

Drifting off topic on this one but when I saw OpenVPN
Openvpn performance on OpenBSD (with Tap Interfaces)  is less than one
would expect..
even turning off ciphers and auth... you can still get about 80-90mb/s on a
machine
that would forward about 3.5Gb/s - 5Gb/s
In doing a test with tap interfaces and a userland bridge (thanks Claudio)
to test where the bottleneck was
(incase it was the Tap interface was slow) it looked like OpenBSD Tap
interfaces were not
performance of the tap interfaces were about 10% slower than bridging
physical interfaces
To blame... as OpenVPN vpn say themselves it needs a rewrite and perhaps
the code  inefficiencies in OpenVPN
combined with the OpenBSD Mitigations limit performance.

sorry for drifting a little off topic...
Tom Smyth




On Tue, 1 Sep 2020 at 14:40, Stuart Henderson  wrote:

> On 2020-09-01, Hrvoje Popovski  wrote:
> > Hi all,
> >
> > does anyone use an openconnect server on openbsd and have guidelines on
> > how to configure it? i see that an openconnect server can use radius, so
> > it's interesting to me. Which client do you use to connect to the
> > openconnect server?
>
> It worked when I tested after porting ocserv/openconnect, but I'm not using
> it in production. You should be able to connect to ocserv using either the
> openconnect client or cisco anyconnect client.
>
> > If there is something else that can use radius, i would like to know?
>
> at least these:
>
> - npppd (yeuch l2tp :)
>
> - openvpn (there's a username/pw auth method using a helper script,
> you can write something calling a radius client to check auth, also
> yeuch openvpn :)
>
> I did once see some code including radius support for iked but it
> was tied up with a bunch of other changes and looked a bit complex
> to separate. I don't recall whether it was just username/pw or if
> it did full EAP.
>
>
>

-- 
Kindest regards,
Tom Smyth.


Re: FireFox Browser 'Open File' error

2020-08-25 Thread Tom Smyth
0 dev 2 function 0 "Intel 82945GM Video" rev 0x03
> > drm0 at inteldrm0
> > intagp0 at inteldrm0
> > agp0 at intagp0: aperture at 0xd000, size 0x1000
> > inteldrm0: apic 1 int 16, I945GM, gen 3
> > "Intel 82945GM Video" rev 0x03 at pci0 dev 2 function 1 not configured
> > azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: msi
> > azalia0: codecs: Analog Devices AD1981HD, Conexant/0x2bfa, using Analog
> > Devices AD1981HD
> > audio0 at azalia0
> > ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02: apic 1 int
> 20
> > pci1 at ppb0 bus 2
> > em0 at pci1 dev 0 function 0 "Intel 82573L" rev 0x00: msi, address
> > 00:15:58:c4:f6:49
> > ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02: apic 1 int
> 21
> > pci2 at ppb1 bus 3
> > wpi0 at pci2 dev 0 function 0 "Intel PRO/Wireless 3945ABG" rev 0x02: msi,
> > MoW1, address 00:1b:77:4f:64:5f
> > ppb2 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x02: apic 1 int
> 22
> > pci3 at ppb2 bus 4
> > ppb3 at pci0 dev 28 function 3 "Intel 82801GB PCIE" rev 0x02: apic 1 int
> 23
> > pci4 at ppb3 bus 12
> > uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x02: apic 1 int
> 16
> > uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x02: apic 1 int
> 17
> > uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x02: apic 1 int
> 18
> > uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x02: apic 1 int
> 19
> > ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x02: apic 1 int
> 19
> > usb0 at ehci0: USB revision 2.0
> > uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev
> > 2.00/1.00 addr 1
> > ppb4 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xe2
> > pci5 at ppb4 bus 21
> > cbb0 at pci5 dev 0 function 0 "TI PCI1510 CardBus" rev 0x00: apic 1 int
> 16
> > cardslot0 at cbb0 slot 0 flags 0
> > cardbus0 at cardslot0: bus 22 device 0 cacheline 0x8, lattimer 0xb0
> > pcmcia0 at cardslot0
> > ichpcib0 at pci0 dev 31 function 0 "Intel 82801GBM LPC" rev 0x02: PM
> > disabled
> > pciide0 at pci0 dev 31 function 1 "Intel 82801GB IDE" rev 0x02: DMA,
> > channel 0 configured to compatibility, channel 1 configured to
> compatibility
> > atapiscsi0 at pciide0 channel 0 drive 0
> > scsibus1 at atapiscsi0: 2 targets
> > cd0 at scsibus1 targ 0 lun 0: 
> removable
> > cd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
> > pciide0: channel 1 ignored (disabled)
> > ahci0 at pci0 dev 31 function 2 "Intel 82801GBM AHCI" rev 0x02: msi, AHCI
> > 1.1
> > ahci0: port 0: 1.5Gb/s
> > scsibus2 at ahci0: 32 targets
> > sd0 at scsibus2 targ 0 lun 0: 
> > naa.5000cca521c3bc11
> > sd0: 57231MB, 512 bytes/sector, 117210240 sectors
> > ichiic0 at pci0 dev 31 function 3 "Intel 82801GB SMBus" rev 0x02: apic 1
> > int 23
> > iic0 at ichiic0
> > usb1 at uhci0: USB revision 1.0
> > uhub1 at usb1 configuration 1 interface 0 "Intel UHCI root hub" rev
> > 1.00/1.00 addr 1
> > usb2 at uhci1: USB revision 1.0
> > uhub2 at usb2 configuration 1 interface 0 "Intel UHCI root hub" rev
> > 1.00/1.00 addr 1
> > usb3 at uhci2: USB revision 1.0
> > uhub3 at usb3 configuration 1 interface 0 "Intel UHCI root hub" rev
> > 1.00/1.00 addr 1
> > usb4 at uhci3: USB revision 1.0
> > uhub4 at usb4 configuration 1 interface 0 "Intel UHCI root hub" rev
> > 1.00/1.00 addr 1
> > isa0 at ichpcib0
> > isadma0 at isa0
> > pckbc0 at isa0 port 0x60/5 irq 1 irq 12
> > pckbd0 at pckbc0 (kbd slot)
> > wskbd0 at pckbd0: console keyboard
> > pms0 at pckbc0 (aux slot)
> > wsmouse0 at pms0 mux 0
> > wsmouse1 at pms0 mux 0
> > pms0: Synaptics touchpad, firmware 6.2, 0x81a0b1 0x30 0x0 0xa04793
> 0x0
> > pcppi0 at isa0 port 0x61
> > spkr0 at pcppi0
> > aps0 at isa0 port 0x1600/31
> > npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
> > uhidev0 at uhub1 port 2 configuration 1 interface 0 "PixArt HP USB
> Optical
> > Mouse" rev 2.00/1.00 addr 2
> > uhidev0: iclass 3/1
> > ums0 at uhidev0: 3 buttons, Z dir
> > wsmouse2 at ums0 mux 0
> > vscsi0 at root
> > scsibus3 at vscsi0: 256 targets
> > softraid0 at root
> > scsibus4 at softraid0: 256 targets
> > root on sd0a (1e4c43cb065898fd.a) swap on sd0b dump on sd0b
> > WARNING: / was not properly unmounted
> > inteldrm0: 1024x768, 32bpp
> > wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation), using
> wskbd0
> > wsdisplay0: screen 1-5 added (std, vt100 emulation)
> > wsmouse2 detached
> > ums0 detached
> > uhidev0 detached
> > uhidev0 at uhub1 port 2 configuration 1 interface 0 "PixArt HP USB
> Optical
> > Mouse" rev 2.00/1.00 addr 2
> > uhidev0: iclass 3/1
> > ums0 at uhidev0: 3 buttons, Z dir
> > wsmouse2 at ums0 mux 0
> > uhidev1 at uhub3 port 1 configuration 1 interface 0 "Lite-On Technology
> > Corp. USB Keyboard" rev 1.10/1.09 addr 2
> > uhidev1: iclass 3/1
> > ukbd0 at uhidev1: 8 variable keys, 6 key codes
> > wskbd1 at ukbd0 mux 1
> > wskbd1: connecting to wsdisplay0
> > uhidev2 at uhub3 port 1 configuration 1 interface 1 "Lite-On Technology
> > Corp. USB Keyboard" rev 1.10/1.09 addr 2
> > uhidev2: iclass 3/0, 2 report ids
> > uhid0 at uhidev2 reportid 1: input=2, output=0, feature=0
> > uhid1 at uhidev2 reportid 2: input=1, output=0, feature=0
> > #
> >
> >
>


-- 
Kindest regards,
Tom Smyth.


Re: ThinkPad T14 AMD

2020-08-23 Thread Tom Smyth
IT is hard not to like the T Series Build quality ...
I have a laptop on my desk here that is working away after multiple
falls...  the ethernet port is bent on the main board (main board is
bent...  still works  1G FDX...
awesome...


On Sun, 23 Aug 2020 at 23:38, Rupert Gallagher  wrote:

> T14 AMD turned out to be the very best ThinkPad ever produced, as far as
> performance is concerned. The R5 cpu is faster than Intel's i7-10, and the
> R7 is faster than the i9, both on single core and multi core benchmarks.
> The T14 has a dual heat pipe, and its WAN slot can be used as a disk bay.
>
> The quality of the chassis is that of the T series.
>
>  Original Message 
> On Aug 23, 2020, 21:24, flint pyrite < flintnpyr...@gmail.com> wrote:
> I had an A485 everything worked except wifi, which I replaced with USB
> wifi stick. The laptop, however, turned out ot be a lemon. It is in
> repair depot as we speak. On of the cpu cores went bad, keys kept
> popping off and the synaptics mouse pad would not click and drag. Just
> so you know Lenov support is hideous. It has taken over a one (1)
> year and still counting to resolve these issues .
> WHat are the specs of the T14? Never heard of it.
> On Sun, Aug 23, 2020 at 1:06 PM Rupert Gallagher 
> wrote:
> >
> > Anybody managed to boot obsd on the T14? I tried, and it does not even
> start. By comparison, Debian chokes on a missing network driver, and Fedora
> just works.
>


-- 
Kindest regards,
Tom Smyth.


anyone running a Thinkpad T15 Gen1 with 4k display

2020-08-18 Thread Tom Smyth
anyone running a Thinkpad T15 Gen1  with 4k display

Im looking for a new laptop and I would like to Run OpenBSD on it  also ...

I was looking for the T series, and Im wondering  is anyone running

the T15 Ggen 1 with Nvidia NVIDIA GeForce MX330 GDDR5 2GB 64bits
Intel Wi-Fi 6 AX201 2x2ax

does anyone have experience with this Laptop...  thanks
Tom Smyth

-- 
Kindest regards,
Tom Smyth.



Re: aggr(4) not working with Intel XXV710 SFP28 on a Supermicro X11DPi-N(T)

2020-08-12 Thread Tom Smyth
:e1:ba:d0:7c:e9,
> key 0xb, port pri 0x8000 number 0x3
> ixl2 lacp actor state activity,aggregation,defaulted
> ixl2 lacp partner system pri 0x0 mac 00:00:00:00:00:00,
> key 0x0, port pri 0x0 number 0x0
> ixl2 lacp partner state activity,aggregation,sync
> ixl2 port
> groups: aggr
> media: Ethernet autoselect
> status: no carrier
>
>
> Same issue.  Anything else to try?
>
> This does work fine using trunk(4).
>
> Winfred
>
>

-- 
Kindest regards,
Tom Smyth.


Re: Managing PF logs

2020-08-07 Thread Tom Smyth
pf logs are stored in Tcpdump format,
so you can parse them with tcpdump before dumping them into your analysis
dbs 

On Fri, 7 Aug 2020 at 11:36, Carlos Lopez  wrote:

> Hi all,
>
>  I am thinking about how could be the best option to inject PF logs in
> Elasticsearch (or any similar platform). If I am not wrong, some years ago
> there is an option using a shell wrapper to store all pf logs in ASCII
> format and redirect all of them to a central syslog server (published in PF
> FAQ). More or less it is what I am looking for.
>
>  But maybe exists another best option in nowadays. Any ideas? Tips?
>
> Regards,
> C. L. Martinez
>
>

-- 
Kindest regards,
Tom Smyth.


Re: Droping UDP traffic

2020-07-31 Thread Tom Smyth
ot; rev 0x00: msi, address
> 00:30:48:d4:8d:ba
> ppb5 at pci0 dev 28 function 3 "Intel 82801I PCIE" rev 0x02: msi
> pci6 at ppb5 bus 11
> em3 at pci6 dev 0 function 0 "Intel 82573L" rev 0x00: msi, address
> 00:30:48:d4:8d:bb
> uhci3 at pci0 dev 29 function 0 "Intel 82801I USB" rev 0x02: apic 4 int 23
> uhci4 at pci0 dev 29 function 1 "Intel 82801I USB" rev 0x02: apic 4 int 22
> uhci5 at pci0 dev 29 function 2 "Intel 82801I USB" rev 0x02: apic 4 int 21
> ehci1 at pci0 dev 29 function 7 "Intel 82801I USB" rev 0x02: apic 4 int 23
> usb1 at ehci1: USB revision 2.0
> uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev
> 2.00/1.00 addr 1
> ppb6 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0x92
> pci7 at ppb6 bus 17
> radeondrm0 at pci7 dev 3 function 0 "ATI ES1000" rev 0x02
> drm0 at radeondrm0
> radeondrm0: apic 4 int 22
> pciide0 at pci7 dev 4 function 0 "ITExpress IT8213F" rev 0x00: DMA
> (unsupported), channel 0 wired to native-PCI, channel 1 wired to native-PCI
> pciide0: using apic 4 int 23 for native-PCI interrupt
> pciide0: channel 0 ignored (not responding; disabled or no drives?)
> pciide0: channel 1 ignored (not responding; disabled or no drives?)
> pcib0 at pci0 dev 31 function 0 "Intel 82801IR LPC" rev 0x02
> pciide1 at pci0 dev 31 function 2 "Intel 82801I SATA" rev 0x02: DMA,
> channel 0 configured to native-PCI, channel 1 configured to native-PCI
> pciide1: using apic 4 int 17 for native-PCI interrupt
> wd0 at pciide1 channel 0 drive 0: 
> wd0: 1-sector PIO, LBA48, 30560MB, 62586880 sectors
> wd0(pciide1:0:0): using PIO mode 4, Ultra-DMA mode 5
> ichiic0 at pci0 dev 31 function 3 "Intel 82801I SMBus" rev 0x02: apic 4
> int 17
> iic0 at ichiic0
> lm1 at iic0 addr 0x2d: W83627HF
> wbng0 at iic0 addr 0x2f: w83793g
> spdmem0 at iic0 addr 0x50: 1GB DDR2 SDRAM ECC PC2-5300CL5
> spdmem1 at iic0 addr 0x51: 1GB DDR2 SDRAM ECC PC2-5300CL5
> spdmem2 at iic0 addr 0x52: 1GB DDR2 SDRAM ECC PC2-5300CL5
> spdmem3 at iic0 addr 0x53: 1GB DDR2 SDRAM ECC PC2-5300CL5
> pciide2 at pci0 dev 31 function 5 "Intel 82801I SATA" rev 0x02: DMA,
> channel 0 wired to native-PCI, channel 1 wired to native-PCI
> pciide2: using apic 4 int 18 for native-PCI interrupt
> "Intel 82801I Thermal" rev 0x02 at pci0 dev 31 function 6 not configured
> usb2 at uhci0: USB revision 1.0
> uhub2 at usb2 configuration 1 interface 0 "Intel UHCI root hub" rev
> 1.00/1.00 addr 1
> usb3 at uhci1: USB revision 1.0
> uhub3 at usb3 configuration 1 interface 0 "Intel UHCI root hub" rev
> 1.00/1.00 addr 1
> usb4 at uhci2: USB revision 1.0
> uhub4 at usb4 configuration 1 interface 0 "Intel UHCI root hub" rev
> 1.00/1.00 addr 1
> usb5 at uhci3: USB revision 1.0
> uhub5 at usb5 configuration 1 interface 0 "Intel UHCI root hub" rev
> 1.00/1.00 addr 1
> usb6 at uhci4: USB revision 1.0
> uhub6 at usb6 configuration 1 interface 0 "Intel UHCI root hub" rev
> 1.00/1.00 addr 1
> usb7 at uhci5: USB revision 1.0
> uhub7 at usb7 configuration 1 interface 0 "Intel UHCI root hub" rev
> 1.00/1.00 addr 1
> isa0 at pcib0
> isadma0 at isa0
> com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
> com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
> pckbc0 at isa0 port 0x60/5 irq 1 irq 12
> pckbd0 at pckbc0 (kbd slot)
> wskbd0 at pckbd0: console keyboard
> pcppi0 at isa0 port 0x61
> spkr0 at pcppi0
> wbsio0 at isa0 port 0x2e/2: W83627HF rev 0x41
> lm2 at wbsio0 port 0x290/8: W83627HF
> lm1: disabling sensors due to alias with lm2
> vscsi0 at root
> scsibus1 at vscsi0: 256 targets
> softraid0 at root
> scsibus2 at softraid0: 256 targets
> root on wd0a (a310158b1ec5ebc2.a) swap on wd0b dump on wd0b
> initializing kernel modesetting (RV100 0x1002:0x515E 0x15D9:0xD480 0x02).
> radeondrm0: 1024x768, 16bpp
> wsdisplay0 at radeondrm0 mux 1: console (std, vt100 emulation), using
> wskbd0
> wsdisplay0: screen 1-5 added (std, vt100 emulation)
>
>

-- 
Kindest regards,
Tom Smyth.


Re: OpenBSD Hangs On

2020-07-19 Thread Tom Smyth
Paddy,

I wastnt engaging in FUD,
I was describing a situation which I and others experienced where there
were certain releases of
KVM / Linux Hypervisors which on Intel platforms on which OpenBSD
would Freeze,
the console would slow down and eventually become unresponsive,
if I recall correctly Proxmox 4.x worked ... and I think the versions up to
5.0-5.1 Didnt work so well
and version 6.x of proxmox seems to work well hosting OpenBSD...
the kernel preemption timer and some Hypervisor kernel versions
apparently were the source of the bug

ALl the Best ...



On Sun, 19 Jul 2020 at 23:43, Patrick Dohman 
wrote:

>
>
> > On Jun 23, 2020, at 11:31 AM, Tom Smyth 
> wrote:
> >
> > But newerversions of kvm / linux kernels  are unaffected
> > By the bug fyi
>
> Sounds like FUD.
> B.T.W where is Boba’s ride?
> Regards
> Patrick
>
>

-- 
Kindest regards,
Tom Smyth.


Re: OpenBSD Hangs On

2020-07-19 Thread Tom Smyth
Im not sure what you mean?

On Sun, 19 Jul 2020 at 23:43, Patrick Dohman 
wrote:

>
>
> > On Jun 23, 2020, at 11:31 AM, Tom Smyth 
> wrote:
> >
> > But newerversions of kvm / linux kernels  are unaffected
> > By the bug fyi
>
> Sounds like FUD.
> B.T.W where is Boba’s ride?
> Regards
> Patrick
>
>

-- 
Kindest regards,
Tom Smyth.


Flooding frames in a Bridge with many ports OpenBSD 6.3-6.7 amd 64

2020-07-08 Thread Tom Smyth
Hello

I have been aggregating about 95 vlans into a bridge and I notice the CPU
can be quite high
with softnet pegged quite high
in the bridge
so I have an untagged ix0 interface facing the gateway of the LAN which is
also an unprotected bridge port
and then I have 95 Vlans as protected  ports spread across 2other ix(4)
interfaces,

in doing some analysis  and quality checks on the network
I noticed that doing a packet capture on either of my trunk ix(4)
interfaces (both containing about 45 vlans each

so when my gateway is broadcasting an arp request , when this enters the
bridge on ix0

the kernel must copy the frame and craft 95 frames with different 802.1Q
Tags on it...
im wondering has anyone come across this issue before when bridging many
ports together.

this issue I hadn't fully considered before and I thought it might be a
useful edge case for those
optimising bridge forwarding.

Thanks
Tom Smyth





-- 
Kindest regards,
Tom Smyth.


Re: OpenBGPd announce fulltables +default

2020-06-24 Thread Tom Smyth
Thanks Stuart ... for the feedback

Appreciate it ...

On Wed, 24 Jun 2020 at 10:17, Stuart Henderson  wrote:

> On 2020-06-22, Tom Smyth  wrote:
> > Hello,
> > I notice that in the current manual
> > there is an option to  export none, default-route  with the
> > explanation below in the manual
> >
> > export (none|default-route)If set to none, no UPDATE messages will be
> > sent to the neighbor. If set to default-route, only the default route
> > will be announced to the neighbor. When export is modified the
> > neighbor session needs to be reset to become active.
> >
> > I was wondering is there an easy way to announce the default + full
> > tables for BGP customers who want to choose to migrate from default
> > routing to full table without contacting me ...
> >
> > something inside me says it would be wrong to add 0.0.0.0/0 network
> > (although if memory serves me correctly previous versions of OpenBGPd
> > would politely decline to do that :) and filter the crap out of that
> > for upstream Transit and Peers (non Customers ) ...
> >
>
> Adding to networks is exactly how you do this.
>
> For filters I would do this in a similar way to "mynetworks" in the
> example config (with a different prefix-set and controlled by a
> different community number) then you can enable/disable it easily
> per peer. Don't filter it *out* though - default to not sending
> anything and just permit it to the relevant peers.
>
>
>

-- 
Kindest regards,
Tom Smyth.


Re: OpenBSD Hangs On

2020-06-23 Thread Tom Smyth
But newerversions of kvm / linux kernels  are unaffected
By the bug fyi
On Tuesday, 23 June 2020, jin  wrote:

> Thanks!
>
> On Tue, Jun 23, 2020, 01:40 Tom Smyth 
> wrote:
>
>> Hi Jinn
>> This issue we came across a few years ago ,
>> it affects certain versions of KVM / Proxmox...
>> if you disable Intel Preemption timer...  in the Hypervisor  Linux
>> kernel
>> if you do a search misc lists ... with KVM and freeze and OpenBSD
>> you will see lots of discussions and the exact settings to put in the KVM
>> Hypervisor
>> it may relieve your situation..
>>
>>
>> Thanks
>> Tom Smyth
>>
>> On Mon, 22 Jun 2020 at 14:30, jin 
>> wrote:
>>
>>> Hello
>>>
>>> I've a virtual appliance on kvm and it hangs on every 3 days
>>> period approximately. The problem been there since its installation which
>>> was in March. When it happens, I can only make hard shutdown/reboot to
>>> recover my system from this issue because the system doesn't respond me.
>>> I'm using version 6.6 of OpenBSD and i already applied the all
>>> syspatches.
>>> I'm not certain but it looks like the problem could be related with
>>> syslog
>>> deamon.  May be it is too early to make an assumption but log messages
>>> (/var/log/messages) show that syslog daemon keeps restarting itself in 4
>>> hours periods.
>>>
>>> Could someone please point me to how to increase verbosity of the logs ?
>>> I'ld like to dig myself as much as possible.
>>>
>>> Fatih
>>> Sincerely
>>>
>>> dmesg output
>>>
>>> OpenBSD 6.6 (GENERIC) #7: Thu Mar 12 10:32:29 MDT 2020
>>> r...@syspatch-66-amd64.openbsd.org:
>>> /usr/src/sys/arch/amd64/compile/GENERIC
>>> real mem = 1056817152 (1007MB)
>>> avail mem = 1012228096 (965MB)
>>> mpath0 at root
>>> scsibus0 at mpath0: 256 targets
>>> mainbus0 at root
>>> bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf5940 (9 entries)
>>> bios0: vendor SeaBIOS version "rel-1.12.1-0-ga5cab58e9a3f-
>>> prebuilt.qemu.org"
>>> date 04/01/2014
>>> bios0: QEMU Standard PC (i440FX + PIIX, 1996)
>>> acpi0 at bios0: ACPI 1.0
>>> acpi0: sleep states S3 S4 S5
>>> acpi0: tables DSDT FACP APIC HPET
>>> acpi0: wakeup devices
>>> acpitimer0 at acpi0: 3579545 Hz, 24 bits
>>> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
>>> cpu0 at mainbus0: apid 0 (boot processor)
>>> cpu0: Westmere E56xx/L56xx/X56xx (Nehalem-C), 2295.15 MHz, 06-2c-01
>>> cpu0:
>>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,
>>> CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,PCLMUL,
>>> SSSE3,CX16,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,HV,NXE,LONG,
>>> LAHF,ARAT,MELTDOWN
>>> cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB
>>> 64b/line 16-way L2 cache
>>> cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
>>> cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
>>> cpu0: smt 0, core 0, package 0
>>> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
>>> cpu0: apic clock running at 1000MHz
>>> ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins
>>> acpihpet0 at acpi0: 1 Hz
>>> acpiprt0 at acpi0: bus 0 (PCI0)
>>> acpicpu0 at acpi0: C1(@1 halt!)
>>> "ACPI0006" at acpi0 not configured
>>> acpipci0 at acpi0 PCI0: _OSC failed
>>> acpicmos0 at acpi0
>>> "PNP0A06" at acpi0 not configured
>>> "PNP0A06" at acpi0 not configured
>>> "PNP0A06" at acpi0 not configured
>>> "QEMU0002" at acpi0 not configured
>>> "ACPI0010" at acpi0 not configured
>>> cpu0: using IvyBridge MDS workaround
>>> pvbus0 at mainbus0: KVM
>>> pvclock0 at pvbus0
>>> pci0 at mainbus0 bus 0
>>> pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
>>> pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00
>>> pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA,
>>> channel
>>> 0 wired to compatibility, channel 1 wired to compatibility
>>> pciide0: channel 0 disabled (no drives)
>>> pciide0: channel 1 disabled (no drives)
>>> uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 0 int
>>> 11
>>> piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03: a

OpenBGPd announce fulltables +default

2020-06-22 Thread Tom Smyth
Hello,
I notice that in the current manual
there is an option to  export none, default-route  with the
explanation below in the manual

export (none|default-route)If set to none, no UPDATE messages will be
sent to the neighbor. If set to default-route, only the default route
will be announced to the neighbor. When export is modified the
neighbor session needs to be reset to become active.

I was wondering is there an easy way to announce the default + full
tables for BGP customers who want to choose to migrate from default
routing to full table without contacting me ...

something inside me says it would be wrong to add 0.0.0.0/0 network
(although if memory serves me correctly previous versions of OpenBGPd
would politely decline to do that :) and filter the crap out of that
for upstream Transit and Peers (non Customers ) ...

-- 
Kindest regards,
Tom Smyth.



Re: OpenBSD Hangs On

2020-06-22 Thread Tom Smyth
Hi Jinn
This issue we came across a few years ago ,
it affects certain versions of KVM / Proxmox...
if you disable Intel Preemption timer...  in the Hypervisor  Linux  kernel
if you do a search misc lists ... with KVM and freeze and OpenBSD
you will see lots of discussions and the exact settings to put in the KVM
Hypervisor
it may relieve your situation..


Thanks
Tom Smyth

On Mon, 22 Jun 2020 at 14:30, jin 
wrote:

> Hello
>
> I've a virtual appliance on kvm and it hangs on every 3 days
> period approximately. The problem been there since its installation which
> was in March. When it happens, I can only make hard shutdown/reboot to
> recover my system from this issue because the system doesn't respond me.
> I'm using version 6.6 of OpenBSD and i already applied the all syspatches.
> I'm not certain but it looks like the problem could be related with syslog
> deamon.  May be it is too early to make an assumption but log messages
> (/var/log/messages) show that syslog daemon keeps restarting itself in 4
> hours periods.
>
> Could someone please point me to how to increase verbosity of the logs ?
> I'ld like to dig myself as much as possible.
>
> Fatih
> Sincerely
>
> dmesg output
>
> OpenBSD 6.6 (GENERIC) #7: Thu Mar 12 10:32:29 MDT 2020
> r...@syspatch-66-amd64.openbsd.org:
> /usr/src/sys/arch/amd64/compile/GENERIC
> real mem = 1056817152 (1007MB)
> avail mem = 1012228096 (965MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf5940 (9 entries)
> bios0: vendor SeaBIOS version "
> rel-1.12.1-0-ga5cab58e9a3f-prebuilt.qemu.org"
> date 04/01/2014
> bios0: QEMU Standard PC (i440FX + PIIX, 1996)
> acpi0 at bios0: ACPI 1.0
> acpi0: sleep states S3 S4 S5
> acpi0: tables DSDT FACP APIC HPET
> acpi0: wakeup devices
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Westmere E56xx/L56xx/X56xx (Nehalem-C), 2295.15 MHz, 06-2c-01
> cpu0:
>
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,PCLMUL,SSSE3,CX16,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,HV,NXE,LONG,LAHF,ARAT,MELTDOWN
> cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB
> 64b/line 16-way L2 cache
> cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
> cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
> cpu0: apic clock running at 1000MHz
> ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins
> acpihpet0 at acpi0: 1 Hz
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpicpu0 at acpi0: C1(@1 halt!)
> "ACPI0006" at acpi0 not configured
> acpipci0 at acpi0 PCI0: _OSC failed
> acpicmos0 at acpi0
> "PNP0A06" at acpi0 not configured
> "PNP0A06" at acpi0 not configured
> "PNP0A06" at acpi0 not configured
> "QEMU0002" at acpi0 not configured
> "ACPI0010" at acpi0 not configured
> cpu0: using IvyBridge MDS workaround
> pvbus0 at mainbus0: KVM
> pvclock0 at pvbus0
> pci0 at mainbus0 bus 0
> pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
> pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00
> pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel
> 0 wired to compatibility, channel 1 wired to compatibility
> pciide0: channel 0 disabled (no drives)
> pciide0: channel 1 disabled (no drives)
> uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 0 int 11
> piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03: apic 0 int
> 9
> iic0 at piixpm0
> vga1 at pci0 dev 2 function 0 "Bochs VGA" rev 0x02
> wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
> virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Network" rev 0x00
> vio0 at virtio0: address 52:54:00:a5:1f:57
> virtio0: msix shared
> eap0 at pci0 dev 4 function 0 "Ensoniq AudioPCI" rev 0x00: apic 0 int 11
> audio0 at eap0
> midi0 at eap0: 
> virtio1 at pci0 dev 5 function 0 "Qumranet Virtio Storage" rev 0x00
> vioblk0 at virtio1
> scsibus1 at vioblk0: 2 targets
> sd0 at scsibus1 targ 0 lun 0: 
> sd0: 51200MB, 512 bytes/sector, 104857600 sectors
> virtio1: msix shared
> virtio2 at pci0 dev 6 function 0 "Qumranet Virtio Memory Balloon" rev 0x00
> viomb0 at virtio2
> virtio2: apic 0 int 10
> isa0 at pcib0
> isadma0 at isa0
> fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
> pckbc0 

Re: Openbsd 6.6 amd64 stable bridge with 90 vlans does not forward packets after reboot

2020-06-16 Thread Tom Smyth
Hello,

This Issue is resolved in  OpenBSD6.7 Release and OpenBSD 6.7 Stable,

I no longer have to manually restart the bridge interface after reboot

Thanks


On Fri, 20 Mar 2020 at 01:20, Tom Smyth 
wrote:

> Hello,
>
> I have a box that I use to aggregate a number of vlans which are
> isolated from each other(using port protection groups  and bridged
> onto a 10G interface ix0
> these are configured using a standard  hostname.bridgefile as follows,
> cat /etc/hostname.bridge101
> maxaddr 16384 timeout 300
> up
> add ix0 -stp ix0
> add vlan604 protected vlan604 1 -stp vlan604
> add vlan4069 protected vlan4069 1 -stp vlan4069
> .
> .
> .
> add vlan3982 protected vlan43982 1 -stp vlan3982
>
> when I reboot the box ... the system does not seem to forward frames )
>
> but if I run
> sh /etc/netstart bridge101
>
> then the bridge forwards the packets just fine.
>
> interface configs are as follows
> cat /etc/hostname.ix0
> mtu 1700 up
>
> cat /etc/hostname.ix1
> mtu 1708 up
>
> cat /etc/hostname.vlan3982
> parent ix1 vnetid 3982 mtu 1700 up
>
>
> ifconfig bridge101 yields similar results after reboot as opposed to
> ifconfig bridge101 after restarting the interface
>
> the only differences I saw was the index
>
> after reboot the index of bridge101 was 6
>
> but after restarting the bridge101 the index of bridge101 was 98
> (which sounds to me like perhaps the bridge was being started before
> the vlans on bootup)
>
>
> has anyone come across this issue before?
> Thanks
>
>
>
>
> --
> Kindest regards,
> Tom Smyth.
>


-- 
Kindest regards,
Tom Smyth.


Re: www unreachable

2020-06-15 Thread Tom Smyth
It is not accessible from virgin media in Ireland either,
not connecting on 80 or 443 TCP ... via telnet...
dns is resolving
Tracing route to openbsd.org [129.128.5.194]
over a maximum of 30 hops:
  4 8 ms 5 ms 7 ms  109.255.249.254
  528 ms23 ms22 ms  84.116.239.10
  617 ms17 ms16 ms  84.116.238.62
  7 *** Request timed out.
  816 ms17 ms18 ms  84.116.135.46
  923 ms21 ms20 ms  84.116.135.69
 1019 ms19 ms34 ms  216.66.80.117
 1185 ms85 ms82 ms  72.52.92.166
 1295 ms95 ms97 ms  184.105.80.10
 13   115 ms   117 ms   115 ms  184.105.64.102
 14   122 ms   122 ms   123 ms  184.104.192.70
 15   133 ms   134 ms   131 ms  72.52.92.61
 16   130 ms   130 ms   130 ms  184.105.18.50
 17   135 ms   128 ms   129 ms  129.128.255.41
 18 *** Request timed out.
 19 *** Request timed out.
 20 *** Request timed out.
 21   133 ms   189 ms   741 ms  129.128.5.194

On Mon, 15 Jun 2020 at 10:50, Chris Bennett 
wrote:

> On Mon, Jun 15, 2020 at 09:43:03AM +0200, Thomas de Grivel wrote:
> > Hello,
> >
> > http://www.openbsd.org is unreachable.
> >
> > I wanted to know what's new in the current snapshots ?
> >
>
> I'm not sure about the website. You might have local DNS problems.
> Use dig to get the IP address (from a big nameserver like 8.8.8.8)
> and skip that problem.
>
> If you mean the current -release, yes the website is simplest in
> general terms only.
>
> If you mean -current, then the mailing lists and CVS are the right
> places to look. misc@ isn't very helpful, but tech@, etc. are excellent.
>
>
> DNS has problems in some places in the world. Usually just for hours.
> Annoying, but sites like OpenBSD have stable IP's and knowing that
> solves the problem quickly.
> If the site has a problem, someone else can clarify that.
>
> Chris Bennett
>
>
>

-- 
Kindest regards,
Tom Smyth.


Re: VMM Debian guest serial setup help needed

2020-06-13 Thread Tom Smyth
Hi George, if you are using the pre-built image
perhaps you can test image with  the Baud setting on a physical apu to
verify that the baud setting is correct ?

from what i can tell with debian there are a few ways of setting the
grub boot config  and perhaps there is a step missing..
hope this helps



On Fri, 12 Jun 2020 at 16:27, George  wrote:

>
> On 2020-06-10 4:29 p.m., Tom Smyth wrote:
> > Hi George,
> > a reboot on a serial console is probably due to the serial console speeds
> > miss matching, between your
> > console client and the console on the guest.
> >
> > make sure you are setting the console speed / parity, etc also
> >
> > this issue happens frequently also when booting the  PC Engines board
> where
> > the bios runs at 115200 baud , N 8 1
> > and then the OpenBSD Console changes to 9600 N 8 1 during boot (defaults
> on
> > installxx.fs / installxx.img
> >
> > hope this helps
> > Tom Smyth
>
> Thanks Tom! I agree I have seen this reboot behavior on apu's and a
> soekris device(s), but I am setting the rate properly or so I believe
> anyway. The trick with the install on APU's is to set the baud rate at
> install time along with the console port:
>
> stty com0 19200
> set tty com0
>
> Here though I have preinstalled and pre-build the OS and updated the
> GRUB config to use the console to send boot and other messages
> unfortunately apparently not really ...
>
>
> >
> > On Wed, 10 Jun 2020 at 21:01, George  wrote:
> >
> >> Hi guys,
> >>
> >> I apologize if this maybe out of topic even though it is truly related
> >> to VMM than Debian.
> >>
> >> I am trying to setup a VMM Debian based guest but I'm not able to get it
> >> to work. I found some description on the web about which settings to
> >> edit in grub.cfg to enable the serial console and created a VM with 10.3
> >> in qcow2 disk format in KVM. Now I am trying to start the same on
> >> OpenBSD 6.7 but keep getting the connected message and then just
> >> "Rebooting " after I hit some keyboard keys seems like baud rate issue
> >> but not sure.
> >>
> >> After messing with it for a while now I am getting a new error:
> >>
> >> vmctl: could not open disk image(s)
> >>
> >> even thought the disk is there and readable to the user I have setup in
> >> vm.conf in fact I have another VM with the same configuration and disk
> >> with the same permissions and in the same location that works (it is
> >> OpenBSD based).
> >>
> >> I would greatly appreciate it if someone has gone this path and can
> >> share some config info with me.
> >>
> >> Cheers and thanks in advance,
> >>
> >> George
> >>
> >>
> >>
> >>
>


-- 
Kindest regards,
Tom Smyth.


Re: VMM Debian guest serial setup help needed

2020-06-10 Thread Tom Smyth
Hi George,
a reboot on a serial console is probably due to the serial console speeds
miss matching, between your
console client and the console on the guest.

make sure you are setting the console speed / parity, etc also

this issue happens frequently also when booting the  PC Engines board where
the bios runs at 115200 baud , N 8 1
and then the OpenBSD Console changes to 9600 N 8 1 during boot (defaults on
installxx.fs / installxx.img

hope this helps
Tom Smyth

On Wed, 10 Jun 2020 at 21:01, George  wrote:

> Hi guys,
>
> I apologize if this maybe out of topic even though it is truly related
> to VMM than Debian.
>
> I am trying to setup a VMM Debian based guest but I'm not able to get it
> to work. I found some description on the web about which settings to
> edit in grub.cfg to enable the serial console and created a VM with 10.3
> in qcow2 disk format in KVM. Now I am trying to start the same on
> OpenBSD 6.7 but keep getting the connected message and then just
> "Rebooting " after I hit some keyboard keys seems like baud rate issue
> but not sure.
>
> After messing with it for a while now I am getting a new error:
>
> vmctl: could not open disk image(s)
>
> even thought the disk is there and readable to the user I have setup in
> vm.conf in fact I have another VM with the same configuration and disk
> with the same permissions and in the same location that works (it is
> OpenBSD based).
>
> I would greatly appreciate it if someone has gone this path and can
> share some config info with me.
>
> Cheers and thanks in advance,
>
> George
>
>
>
>

-- 
Kindest regards,
Tom Smyth.


Re: DNS and rdomains

2020-05-28 Thread Tom Smyth
Unbound can use root hints
And you can over ride nameservers learned  from dhclient
Check man dhclient for more info

And Set  your resolv.conf  nameservers to 127.0.0.1

Peace out






On Thursday, 28 May 2020, James  wrote:

> Thanks. Your solution works but is not ideal for my situation. The
> reason it's not ideal is that one of the rdomains gets its nameserver
> from DHCP and I don't think unbound can read this information.
>
> For example, In the case of a captive portal or floating between APs I
> would like DNS to work on different LANs where outbound DNS queries are
> blocked.
> I'm trying to build an isolated network environment in which all traffic
> is routed over an interface with a custom DNS server and no network leaks.
>
> My solution so far is as follows:
>  ___  ___
> |   ||   |
> | rdomain0  ||  rdomain1 |
> |   pair0   ||pair1  |
> |tun0   ||wlan0  |
> |___||___|
>
> with pf tagging and NAT'ing tun0 traffic behind wlan0.
> rdomain0 DNS queries should be routed to a fixed address and
> rdomain1 DNS queries should be sent to the nameserver as per
> /etc/resolv.conf generated from dhclient.
>
> Linux's implementation of network namespaces allows for custom
> resolv.conf files per network namespace [1]. The problem I currently face
> is that only 1 rdomain can perform DNS queries at a time by modifying
> /etc/resolv.conf.
>
> Thanks,
>
>
>
> [1] https://www.man7.org/linux/man-pages/man8/ip-netns.8.html
>
> On Wed, May 27, 2020 at 11:35:11PM +0100, Tom Smyth wrote:
>
>> howdy,
>>
>> you can use symbolic links for /etc/rc.d/nsd   to /etc/rc.d/nsd1
>> and to/etc/rc.d/nsd2  to  /etc/rc.d/nsdn  where 1,2 n are your  r
>> domains for your
>> dns servers (authoritive) or you can use unbound instead of nsd
>> if it is just a forwarding  dns server
>>
>> then use  for a dns server for rdomain1
>> rcctl enable nsd1
>> rcctl set nsd1 rtable=1
>>
>> repeat the procedure for each domain configured
>> rcctl enable nsd2
>> rcctl set nsd2 rtable=2
>>
>> then go back to rdomain0
>> route -T0 exec ksh
>> and then run the following to start each of your daemons
>>
>> rcctl start nsd1
>> rcctl start nsd2
>>
>> and so on and so fourth...
>>
>> I used to have issues starting and stopping daemons if I was not in
>> the correct domain when running the rcctl command,
>> I saw a diff by  ajacoutot   a few months / (years ago that might have
>> fixed the rcctl starting domains from a shell in a different
>> Rdomain...
>> I just got into the habit...  of going to the correct rdomain of the
>> daemon or rdomain0 before running the rcctl command to start / stop or
>> restart the daemon
>>
>> Hope this helps,
>>
>> Tom Smyth
>>
>>
>> On Wed, 27 May 2020 at 23:24, James  wrote:
>>
>>>
>>> Hi all,
>>>
>>> How can I allow different rdomains to use separate DNS nameservers?
>>>
>>> Thanks
>>>
>>>
>>
>> --
>> Kindest regards,
>> Tom Smyth.
>>
>>

-- 
Kindest regards,
Tom Smyth.


Re: DNS and rdomains

2020-05-27 Thread Tom Smyth
oh yeah you will have to adjust the flags for each daemon (to accept a
different
config file for each dns server in each Rdomain...

hope this helps...


On Wed, 27 May 2020 at 23:35, Tom Smyth 
wrote:

> howdy,
>
> you can use symbolic links for /etc/rc.d/nsd   to /etc/rc.d/nsd1
> and to/etc/rc.d/nsd2  to  /etc/rc.d/nsdn  where 1,2 n are your  r
> domains for your
> dns servers (authoritive) or you can use unbound instead of nsd
>  if it is just a forwarding  dns server
>
> then use  for a dns server for rdomain1
> rcctl enable nsd1
> rcctl set nsd1 rtable=1
>
> repeat the procedure for each domain configured
> rcctl enable nsd2
> rcctl set nsd2 rtable=2
>
> then go back to rdomain0
> route -T0 exec ksh
> and then run the following to start each of your daemons
>
> rcctl start nsd1
> rcctl start nsd2
>
> and so on and so fourth...
>
> I used to have issues starting and stopping daemons if I was not in
> the correct domain when running the rcctl command,
> I saw a diff by  ajacoutot   a few months / (years ago that might have
> fixed the rcctl starting domains from a shell in a different
> Rdomain...
> I just got into the habit...  of going to the correct rdomain of the
> daemon or rdomain0 before running the rcctl command to start / stop or
> restart the daemon
>
> Hope this helps,
>
> Tom Smyth
>
>
> On Wed, 27 May 2020 at 23:24, James  wrote:
> >
> > Hi all,
> >
> > How can I allow different rdomains to use separate DNS nameservers?
> >
> > Thanks
> >
>
>
> --
> Kindest regards,
> Tom Smyth.
>


-- 
Kindest regards,
Tom Smyth.


Re: DNS and rdomains

2020-05-27 Thread Tom Smyth
howdy,

you can use symbolic links for /etc/rc.d/nsd   to /etc/rc.d/nsd1
and to/etc/rc.d/nsd2  to  /etc/rc.d/nsdn  where 1,2 n are your  r
domains for your
dns servers (authoritive) or you can use unbound instead of nsd
 if it is just a forwarding  dns server

then use  for a dns server for rdomain1
rcctl enable nsd1
rcctl set nsd1 rtable=1

repeat the procedure for each domain configured
rcctl enable nsd2
rcctl set nsd2 rtable=2

then go back to rdomain0
route -T0 exec ksh
and then run the following to start each of your daemons

rcctl start nsd1
rcctl start nsd2

and so on and so fourth...

I used to have issues starting and stopping daemons if I was not in
the correct domain when running the rcctl command,
I saw a diff by  ajacoutot   a few months / (years ago that might have
fixed the rcctl starting domains from a shell in a different
Rdomain...
I just got into the habit...  of going to the correct rdomain of the
daemon or rdomain0 before running the rcctl command to start / stop or
restart the daemon

Hope this helps,

Tom Smyth


On Wed, 27 May 2020 at 23:24, James  wrote:
>
> Hi all,
>
> How can I allow different rdomains to use separate DNS nameservers?
>
> Thanks
>


-- 
Kindest regards,
Tom Smyth.



Re: Intel I210 Fiber Optic Ethernet Card Transceiver Info.

2020-05-12 Thread Tom Smyth
Hi Vertigo,
can you send on a dmesg,  what version and architecture OpenBSD are
you running.  ?
I believe dlg@ had added in SFP+ functionality between  OpenBSD 6.5
6.6 ?   ( it may have been SFP+ functionality on the ix(4) (and not
em(4)
driver)




On Tue, 12 May 2020 at 20:58, Vertigo Altair  wrote:
>
> Hi Misc,
>
> I have 2 questions about my dual port fiber optic ethernet card with Intel
> I210 chipset:
> 1. The ifconfig em0 media command output only shows that it supports
> multi-mode fiber (1G SX).
> Actually it worked when I tried single mode fiber. But I still wanted to
> report this to OpenBSD developers.
>
> 2. The ifconfig em0 sff or ifconfig em0 transceiver output does not return
> information about transceiver.
> Could the EM driver not support the transceiver / sff command set?
> I searched on Google but I couldn't find such an expression.
>
> You can find the relevant command outputs below.
> Thank you very much for your help in advance.
> Stay safe.
>
> # pcidump | grep Fiber
>  2:0:0: Intel I210 Fiber
>  3:0:0: Intel I210 Fiber
> # pcidump -v 2:0:0
>  2:0:0: Intel I210 Fiber
> 0x: Vendor ID: 8086, Product ID: 1536
> 0x0004: Command: 0147, Status: 0010
> 0x0008: Class: 02 Network, Subclass: 00 Ethernet,
> Interface: 00, Revision: 03
> 0x000c: BIST: 00, Header Type: 00, Latency Timer: 00,
> Cache Line Size: 10
> 0x0010: BAR mem 32bit addr: 0xdfd0/0x0008
> 0x0014: BAR empty ()
> 0x0018: BAR io addr: 0xd000/0x0020
> 0x001c: BAR mem 32bit addr: 0xdfd8/0x4000
> 0x0020: BAR empty ()
> 0x0024: BAR empty ()
> 0x0028: Cardbus CIS: 
> 0x002c: Subsystem Vendor ID:  Product ID: 
> 0x0030: Expansion ROM Base Address: 
> 0x0038: 
> 0x003c: Interrupt Pin: 01 Line: 0b Min Gnt: 00 Max Lat: 00
> 0x0040: Capability 0x01: Power Management
> State: D0
> 0x0050: Capability 0x05: Message Signalled Interrupts (MSI)
> Enabled: yes
> 0x0070: Capability 0x11: Extended Message Signalled Interrupts
> (MSI-X)
> Enabled: no; table size 5 (BAR 3:0)
> 0x00a0: Capability 0x10: PCI Express
> Link Speed: 2.5 / 2.5 GT/s, Link Width: x1 / x1
> 0x0100: Enhanced Capability 0x01: Advanced Error Reporting
> 0x0140: Enhanced Capability 0x03: Device Serial Number
> Serial Number: 00900b875ba7
> 0x01a0: Enhanced Capability 0x17: TPH Requester
>
> # ifconfig em0 media
> em0: flags=8802 mtu 1500
> lladdr fe:e1:ba:d0:92:da
> index 1 priority 0 llprio 3
> trunk: trunkdev aggr0
> media: Ethernet autoselect (none)
> status: no carrier
> supported media:
> media 1000baseSX mediaopt full-duplex
> media 1000baseSX
> media autoselect



-- 
Kindest regards,
Tom Smyth.



Re: Networking/pf question, I am not sure ?

2020-05-10 Thread Tom Smyth
Hello Clarence,

you would need to provide some more information about your setup,

ip addresses on interfaces , what is your pf.conf etc...

In your experia ( I believe they are android)
you can download the  hurricane electric network tools  (HE network
tools)  (a free app to run rudimentary network diagnostic commands,
such as ping traceroute dns lookup tests to identify the problem
associated with your connection when using openBSD..
that would help you diagnose the source of the connectivity problems
you are having...
Hope this helps

Tom Smyth


On Sun, 10 May 2020 at 13:09, man Chan  wrote:
>
> Hello,
> I recently setup a home network as followings (Just for fun):
> ISP  <> openbsd router (version 6.6 Stable) <--->  gigabits switch 
> (TP-Link TL-SG1008D) <-> linksys ea8300 (with wireless)
>
> everything works except that I can't use my sony xperia tablet to access 
> internet using the wireless function provide by the linksys-ea8300.
> When I replace the openbsd-router and switch with another wireless router, I 
> can use my sony xperia to access the internet.  Does any one try this before ?
> If yes, please let me to know how you do it.  Thanks.
> Clarence



-- 
Kindest regards,
Tom Smyth.



Re: IPv4 traffic over IPv6 tunnel approach

2020-05-08 Thread Tom Smyth
Martin
If I understand your question correctly ...

PC1 --IPV6  Gateway1

so you have a public ipv6 address on PC1 and Gateway 1

hostname.gif should specify  the real ipv6 address of PC1
and the real IPv6  address of gateway1 in it to establish the tunnel
#setup the tunnel interface with a command similar to the following
ifconfig gif1 tunnel PC1-IPV6Gateway1-IPV6
#setup an ip address (ipv4) on the gif tunnel
ifconfig gif1 inet  PC1-IPv4address/subnetmask

and do the the gateway

ifconfig gif1 tunnel  Gateway1-IPV6 PC1-IPV6
setup gateway ipv4 address on tunnel interface you just cratesed

ifconfig gif1 inet  PC1-IPv4address/subnetmask

then you just need to add a default  IPv4 Route on the client to the gateway


On Fri, 8 May 2020 at 20:05, Martin  wrote:
>
> Last thing I have to understand about gif(4) and IPv6 tunneling.
>
> Should I set gif(4) 'inet6 alias' = the same IPv6 of the local end of IPv6 
> tunnel interface or just set 'inet6 alias' for gif(4) in tunnel's IPv6 subnet?
>
> Martin
>
> ‐‐‐ Original Message ‐‐‐
> On Friday, May 8, 2020 4:41 PM, Tom Smyth  
> wrote:
>
> > Hi Martin,
> > If I understand your question correctly
> >
> > you need 2 endpoints to the tunnel...
> >
> > for gif(4) or any gre((4) based tunnel
> > you need the interface setup on both the client and the server (gateway)
> >
> > if you have a gateway serving multiple clients... then you need one
> > interface per client that you intend to connect
> > Thanks
> > Tom Smyth
> >
> > On Fri, 8 May 2020 at 17:38, Martin martin...@protonmail.com wrote:
> >
> > > Thanks for confirmation.
> > > Hope I understand gif(4) functionality right from its configuration. Can 
> > > I set /etc/hostname.gif0 from client's side only like below:
> > > /etc/hostname.gif0
> > > tunnel 10.20.30.40 195.203.212.221
> > > inet6 alias 2001:05a8::0001::::8542 128
> > > dest 2001:05a8::0001::::8541
> > > where
> > > tunnel 10.20.30.40 is client's address, 195.203.212.221 gateway machine 
> > > egress IPv4
> > > inet6 alias is the same IPv6 address of client's IPv6 local interface or 
> > > an IPv6 address in the same subnet.
> > > dest IPv6 is a destination IPv6 interface address of gateway machine.
> > > Do I need to setup gif0 on gateway machine to have encapsulation working?
> > > Martin
> > > ‐‐‐ Original Message ‐‐‐
> > > On Friday, May 8, 2020 1:43 PM, Kristjan Komlosi 
> > > kristjan.koml...@gmail.com wrote:
> > >
> > > > gif(4) should work fine, as it's designed to do what you described. The
> > > > best approach depends on the level of security you want to achieve. IPIP
> > > > tunnels aren't encrypted...
> > > > regards, kristjan
> > > > On 5/8/20 3:32 PM, Martin wrote:
> > > >
> > > > > I have IPv6 unidirectional tunnel between two machines. One of them 
> > > > > is gateway, another one is a client.
> > > > > The goal is to route IPv4 packets over IPv6 tunnel from client to 
> > > > > gateway and NAT IPv4 packet to egress on gateway machine.
> > > > > May I use gif(4) for it or what is the best approach to traverse IPv4 
> > > > > packets over IPv6 tun?
> > > > > Martin
> >
> > --
> >
> > Kindest regards,
> > Tom Smyth.
>
>


--
Kindest regards,
Tom Smyth.



Re: IPv4 traffic over IPv6 tunnel approach

2020-05-08 Thread Tom Smyth
Hi Martin,
If I understand your question correctly

you need 2 endpoints to the tunnel...

for gif(4) or any gre((4) based tunnel
you need the interface setup on both the client and the server (gateway)

if you have a gateway serving multiple clients... then you need one
interface per client that you intend to connect
Thanks
Tom Smyth

On Fri, 8 May 2020 at 17:38, Martin  wrote:
>
> Thanks for confirmation.
>
> Hope I understand gif(4) functionality right from its configuration. Can I 
> set /etc/hostname.gif0 from client's side only like below:
>
> /etc/hostname.gif0
> tunnel 10.20.30.40 195.203.212.221
> inet6 alias 2001:05a8::0001::::8542 128
> dest 2001:05a8::0001::::8541
>
> where
> tunnel 10.20.30.40 is client's address, 195.203.212.221 gateway machine 
> egress IPv4
> inet6 alias is the same IPv6 address of client's IPv6 local interface or an 
> IPv6 address in the same subnet.
> dest IPv6 is a destination IPv6 interface address of gateway machine.
>
> Do I need to setup gif0 on gateway machine to have encapsulation working?
>
> Martin
>
> ‐‐‐ Original Message ‐‐‐
> On Friday, May 8, 2020 1:43 PM, Kristjan Komlosi  
> wrote:
>
> > gif(4) should work fine, as it's designed to do what you described. The
> > best approach depends on the level of security you want to achieve. IPIP
> > tunnels aren't encrypted...
> >
> > regards, kristjan
> >
> > On 5/8/20 3:32 PM, Martin wrote:
> >
> > > I have IPv6 unidirectional tunnel between two machines. One of them is 
> > > gateway, another one is a client.
> > > The goal is to route IPv4 packets over IPv6 tunnel from client to gateway 
> > > and NAT IPv4 packet to egress on gateway machine.
> > > May I use gif(4) for it or what is the best approach to traverse IPv4 
> > > packets over IPv6 tun?
> > > Martin
>
>


-- 
Kindest regards,
Tom Smyth.



Bridge performance with vlans on ix(4) and protected ports ) diagnostic tips request

2020-05-06 Thread Tom Smyth
od
no _STA method
no _STA method
no _STA method
no _STA method
no _STA method
no _STA method
no _STA method
no _STA method
no _STA method
no _STA method
no _STA method
no _STA method
no _STA method
no _STA method
no _STA method
no _STA method
no _STA method
no _STA method
no _STA method
no _STA method
no _STA method
no _STA method
no _STA method
no _STA method
no _STA method
acpicpu0 at acpi0: C1(@1 halt!)
acpicpu1 at acpi0: C1(@1 halt!)
acpicpu2 at acpi0: C1(@1 halt!)
acpicpu3 at acpi0: C1(@1 halt!)
"ACPI0006" at acpi0 not configured
acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001
acpicmos0 at acpi0
"PNP0A06" at acpi0 not configured
"PNP0A06" at acpi0 not configured
"QEMU0002" at acpi0 not configured
"ACPI0010" at acpi0 not configured
"QEMUVGID" at acpi0 not configured
cpu0: using VERW MDS workaround
pvbus0 at mainbus0: KVM
pvclock0 at pvbus0
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82G33 Host" rev 0x00
vga1 at pci0 dev 1 function 0 "Bochs VGA" rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
uhci0 at pci0 dev 26 function 0 "Intel 82801I USB" rev 0x03: apic 0 int 10
uhci1 at pci0 dev 26 function 1 "Intel 82801I USB" rev 0x03: apic 0 int 10
uhci2 at pci0 dev 26 function 2 "Intel 82801I USB" rev 0x03: apic 0 int 11
ehci0 at pci0 dev 26 function 7 "Intel 82801I USB" rev 0x03: apic 0 int 11
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev
2.00/1.00 addr 1
azalia0 at pci0 dev 27 function 0 "Intel 82801I HD Audio" rev 0x03: msi
azalia0: no HD-Audio codecs
ppb0 at pci0 dev 28 function 0 vendor "Red Hat", unknown product
0x000c rev 0x00: apic 0 int 10
pci1 at ppb0 bus 1
ix0 at pci1 dev 0 function 0 "Intel 82599" rev 0x01: msi, address
00:12:c0:88:07:b8
ppb1 at pci0 dev 28 function 1 vendor "Red Hat", unknown product
0x000c rev 0x00: apic 0 int 10
pci2 at ppb1 bus 2
ix1 at pci2 dev 0 function 0 "Intel 82599" rev 0x01: msi, address
00:12:c0:88:07:b9
ppb2 at pci0 dev 28 function 2 vendor "Red Hat", unknown product
0x000c rev 0x00: apic 0 int 10
pci3 at ppb2 bus 3
ix2 at pci3 dev 0 function 0 "Intel 82599" rev 0x01: msi, address
00:12:c0:88:07:b6
ppb3 at pci0 dev 28 function 3 vendor "Red Hat", unknown product
0x000c rev 0x00: apic 0 int 10
pci4 at ppb3 bus 4
uhci3 at pci0 dev 29 function 0 "Intel 82801I USB" rev 0x03: apic 0 int 10
uhci4 at pci0 dev 29 function 1 "Intel 82801I USB" rev 0x03: apic 0 int 10
uhci5 at pci0 dev 29 function 2 "Intel 82801I USB" rev 0x03: apic 0 int 11
ehci1 at pci0 dev 29 function 7 "Intel 82801I USB" rev 0x03: apic 0 int 11
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev
2.00/1.00 addr 1
ppb4 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0x92
pci5 at ppb4 bus 5
ppb5 at pci5 dev 1 function 0 "Red Hat Qemu PCI-PCI" rev 0x00
pci6 at ppb5 bus 6
virtio0 at pci6 dev 5 function 0 "Qumranet Virtio SCSI" rev 0x00
vioscsi0 at virtio0: qsize 128
scsibus1 at vioscsi0: 255 targets
sd0 at scsibus1 targ 0 lun 0: 
sd0: 12288MB, 512 bytes/sector, 25165824 sectors, thin
virtio0: msix shared
virtio1 at pci6 dev 18 function 0 "Qumranet Virtio Network" rev 0x00
vio0 at virtio1: address 3a:28:3d:f6:05:45
virtio1: msix shared
ppb6 at pci5 dev 2 function 0 "Red Hat Qemu PCI-PCI" rev 0x00
pci7 at ppb6 bus 7
ppb7 at pci5 dev 3 function 0 "Red Hat Qemu PCI-PCI" rev 0x00
pci8 at ppb7 bus 8
ppb8 at pci5 dev 4 function 0 "Red Hat Qemu PCI-PCI" rev 0x00
pci9 at ppb8 bus 9
pcib0 at pci0 dev 31 function 0 "Intel 82801IB LPC" rev 0x02
ahci0 at pci0 dev 31 function 2 "Intel 82801I AHCI" rev 0x02: msi, AHCI 1.0
ahci0: port 1: 1.5Gb/s
scsibus2 at ahci0: 32 targets
cd0 at scsibus2 targ 1 lun 0:  removable
ichiic0 at pci0 dev 31 function 3 "Intel 82801I SMBus" rev 0x02: apic 0 int 10
iic0 at ichiic0
usb2 at uhci0: USB revision 1.0
uhub2 at usb2 configuration 1 interface 0 "Intel UHCI root hub" rev
1.00/1.00 addr 1
usb3 at uhci1: USB revision 1.0
uhub3 at usb3 configuration 1 interface 0 "Intel UHCI root hub" rev
1.00/1.00 addr 1
usb4 at uhci2: USB revision 1.0
uhub4 at usb4 configuration 1 interface 0 "Intel UHCI root hub" rev
1.00/1.00 addr 1
usb5 at uhci3: USB revision 1.0
uhub5 at usb5 configuration 1 interface 0 "Intel UHCI root hub" rev
1.00/1.00 addr 1
usb6 at uhci4: USB revision 1.0
uhub6 at usb6 configuration 1 interface 0 "Intel UHCI root hub" rev
1.00/1.00 addr 1
usb7 at uhci5: USB revision 1.0
uhub7 at usb7 configuration 1 interface 0 "Intel UHCI root hub" rev
1.00/1.00 addr 1
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
vscsi0 at root
scsibus3 at vscsi0: 256 targets
softraid0 at root
scsibus4 at softraid0: 256 targets
root on sd0a (cdebca84b665f93b.a) swap on sd0b dump on sd0b

-- 
Kindest regards,
Tom Smyth.



Re: Faking the same LAN over the Internet

2020-04-01 Thread Tom Smyth
Hi Chris, Dianna,

Gre is great and fast and a hell of a lot faster than OpenVPN...
However and it is a Big However...
Gre does not typically work Across NATs

L2 GRE tunnel interfaces u can run on OpenBSD
 include eoip(4)  egre(4), etherip(4)


On Wed, 1 Apr 2020 at 17:58, Chris Bennett
 wrote:
>
> On Wed, Apr 01, 2020 at 07:01:15AM -0600, Diana Eichert wrote:
> > have you considered looking at native OpenBSD tools?
> >
> > https://man.openbsd.org/egre.4
> >
>
> Wow! I had no idea about this.
> The manual page seems to be very clear, too.
>
> I have 2 servers at different ISPs and from home I almost always connect
> over my phone's hotspot.
>
> I will definitely be learning this!
>
> Thanks!
>
> Chris Bennett
>
>


-- 
Kindest regards,
Tom Smyth.



Re: Porting from linux

2020-03-26 Thread Tom Smyth
Howdy Putrid... :)
Kurt M and Mark Espie have given some talks available from U Tube

https://www.youtube.com/watch?v=eyK_LloYZu4

https://www.youtube.com/watch?v=aw2Gezj-Nkw

Peace out ...


On Thu, 26 Mar 2020 at 12:53,  wrote:
>
> I want to get into porting, I have experience
> installing from source particularly on linux.
>
> Is there a difference in how package works on
> linux and openbsd? Is there a guide anyone
> can point me to porting linux packages to
> openbsd?
>
> Are there different syscalls?
> Directory systems are almost the same, in
> concern to packages.
> Is there a need to edit the source?
>


-- 
Kindest regards,
Tom Smyth.



Re: Openbsd 6.6 amd64 stable bridge with 90 vlans does not forward packets after reboot

2020-03-19 Thread Tom Smyth
hi Aaron,

I tried that,  no such luck
!/bin/sleep 20  didnt work
i also tried  adding  sh /etc/netstart bridge101 to the rc.local that
didnt work,

I ended up just manually destroying the bridge and starting it with sh
/etc/netstart to get it running...
Thanks
Tom Smyth

On Fri, 20 Mar 2020 at 02:04, Aaron Mason  wrote:
>
> Hi Tom
>
> Just looking at /etc/netstart (admittedly for 6.1) and by all rights
> that shouldn't be happening - the VLAN interfaces should be starting
> well before the bridges.  Maybe add !sleep 1 to the top of the
> /etc/hostname.bridge101 file and see if it does better?
>
> On Fri, Mar 20, 2020 at 12:22 PM Tom Smyth  
> wrote:
> >
> > Hello,
> >
> > I have a box that I use to aggregate a number of vlans which are
> > isolated from each other(using port protection groups  and bridged
> > onto a 10G interface ix0
> > these are configured using a standard  hostname.bridgefile as follows,
> > cat /etc/hostname.bridge101
> > maxaddr 16384 timeout 300
> > up
> > add ix0 -stp ix0
> > add vlan604 protected vlan604 1 -stp vlan604
> > add vlan4069 protected vlan4069 1 -stp vlan4069
> > .
> > .
> > .
> > add vlan3982 protected vlan43982 1 -stp vlan3982
> >
> > when I reboot the box ... the system does not seem to forward frames )
> >
> > but if I run
> > sh /etc/netstart bridge101
> >
> > then the bridge forwards the packets just fine.
> >
> > interface configs are as follows
> > cat /etc/hostname.ix0
> > mtu 1700 up
> >
> > cat /etc/hostname.ix1
> > mtu 1708 up
> >
> > cat /etc/hostname.vlan3982
> > parent ix1 vnetid 3982 mtu 1700 up
> >
> >
> > ifconfig bridge101 yields similar results after reboot as opposed to
> > ifconfig bridge101 after restarting the interface
> >
> > the only differences I saw was the index
> >
> > after reboot the index of bridge101 was 6
> >
> > but after restarting the bridge101 the index of bridge101 was 98
> > (which sounds to me like perhaps the bridge was being started before
> > the vlans on bootup)
> >
> >
> > has anyone come across this issue before?
> > Thanks
> >
> >
> >
> >
> > --
> > Kindest regards,
> > Tom Smyth.
> >
>
>
> --
> Aaron Mason - Programmer, open source addict
> I've taken my software vows - for beta or for worse



-- 
Kindest regards,
Tom Smyth.



Openbsd 6.6 amd64 stable bridge with 90 vlans does not forward packets after reboot

2020-03-19 Thread Tom Smyth
Hello,

I have a box that I use to aggregate a number of vlans which are
isolated from each other(using port protection groups  and bridged
onto a 10G interface ix0
these are configured using a standard  hostname.bridgefile as follows,
cat /etc/hostname.bridge101
maxaddr 16384 timeout 300
up
add ix0 -stp ix0
add vlan604 protected vlan604 1 -stp vlan604
add vlan4069 protected vlan4069 1 -stp vlan4069
.
.
.
add vlan3982 protected vlan43982 1 -stp vlan3982

when I reboot the box ... the system does not seem to forward frames )

but if I run
sh /etc/netstart bridge101

then the bridge forwards the packets just fine.

interface configs are as follows
cat /etc/hostname.ix0
mtu 1700 up

cat /etc/hostname.ix1
mtu 1708 up

cat /etc/hostname.vlan3982
parent ix1 vnetid 3982 mtu 1700 up


ifconfig bridge101 yields similar results after reboot as opposed to
ifconfig bridge101 after restarting the interface

the only differences I saw was the index

after reboot the index of bridge101 was 6

but after restarting the bridge101 the index of bridge101 was 98
(which sounds to me like perhaps the bridge was being started before
the vlans on bootup)


has anyone come across this issue before?
Thanks




-- 
Kindest regards,
Tom Smyth.



Re: ACLs in PF ?

2020-03-12 Thread Tom Smyth
Hi Duncan,
Peter M Hansteen has a a great book  on pf
https://nostarch.com/pf3
and Peter M Hansteen also has a nice tutorial on PF
https://home.nuug.no/~peter/pftutorial/#1

The manuals are great but the links above help with some context also
to help people use the manuals more effectively
Hope this helps you ...

Thanks,
Tom Smyth

On Thu, 12 Mar 2020 at 06:46, Duncan Patton a Campbell
 wrote:
>
>
> easily solved by reading the right man pages.  ignore.
>
> Dhu
>
> On Thu, 12 Mar 2020 00:06:23 -0600
> Duncan Patton a Campbell  wrote:
>
> >
> > Hi all.
> >
> > This may seem naive but I am wondering there is a simple pf setup to 
> > perform positive access
> > control only accepting traffic from a definite limited set of IP/IP6 
> > addresses.
> >
> > RSVP thanks,
> >
> > Dhu
> >
> >
> >
> > --
> > Je suis Canadien. Ce n'est pas Francais ou Anglaise.
> >  C'est une esp`ece de sauvage: ne obliviscaris, vix ea nostra voco;-)
> >
> >
>
>
> --
> Je suis Canadien. Ce n'est pas Francais ou Anglaise.
>  C'est une esp`ece de sauvage: ne obliviscaris, vix ea nostra voco;-)
>


-- 
Kindest regards,
Tom Smyth.



Re: Time jumping forward issue under OpenBSD 6.6 VMM

2020-03-11 Thread Tom Smyth
Hi Ian,
I think this is a common problem, and has been an issue from time to
time on KVM machines
also, you can try an alternate counter and see how you get on,
if you check out Mischa Peters talk on VMM he has some workarounds
that he has deployed in production.
but for an NTP server the accuracy of the clock may cause you too much
problems..

as I said we had issues before with KVM and the timecounter
hardware... but the newer timecounters in recent versions
of OpenBSD  have worked really well for us.

I hope this helps,

Tom Smyth



On Tue, 3 Mar 2020 at 17:05, Ian Gregory  wrote:
>
> On Tue, 3 Mar 2020 at 15:47, mabi  wrote:
> > It looks like there is a time issue on that VM although I am running the 
> > default ntpd of OpenBSD 6.6 and I have added the following parameter into 
> > my /etc/sysctl.conf on that VM:
> >
> > kern.timecounter.hardware=tsc
>
> I've had similar issues with timekeeping within guests of VMM,
> although there are improvements in -current with the pvclock time
> source. Since the fix below I now see occasional instances of the
> clock stepping by a few whole seconds (typically less than 8s) but
> it's much less frequent and the magnitude is within the bounds of what
> ntpd can correct.
>
> See 
> http://openbsd-archive.7691.n7.nabble.com/pvclock-stability-tp376946p377922.html
> for some backstory
>
> (aside: I see similar small occasional clock jumps of an integer
> number of seconds on OpenBSD-6.6 guests using tsc running on a VMware
> ESXi host)
>
> Regards
> Ian
>


-- 
Kindest regards,
Tom Smyth.



Re: OpenBSD 6.0: PPPOE with vlan configure problem

2020-01-24 Thread Tom Smyth
Peter

I would check the authentication protocol and cycle
through various authentication protocols to see if the isp
has only one type of authentication protocol enabled
im not certain the "\" is required, I havent had to use
that on hostname.if files (in my experience)
I see it in the manual page example but that may be
try without that ...
also keep an eye on the MTU of the PPPoE ..

if the parent interface has an MTU of 1500 Bytes...
unencrypted pppoe would have an MTU of 1492
PPPoE with encryption would need an MTU of 1488
Hope this helps





On Sat, 25 Jan 2020 at 02:16, Peter Wong  wrote:

> Dear All,
> I'm trying to setup openbsd as router but could not get any internet
> connection.
> I need to set my external interface to vnetid 500. Below is my
> configuration:
>
> /etc/hostname.vlan500
> -inet vnetid 500 parent fxp0 up
>
> /etc/hostname.pppoe0
> inet 0.0.0.0.0 255.255.255.255 NONE pppoedev *vlan500 *authproto chap \
> authname "username" authkey "pass" up
> dest 0.0.0.1
> !/sbin/route add default -ifp pppoe0 0.0.0.1
>
> Questions:
> 1. How to diagnose pppoe connection, any log file?
> 2. Should the vlan interface name follow vlan or vnetid?
> 3. Does it need to change the pppoedev interface to fxp0 or vlan500 or
> something else?
>
> Please advise. Thank you.
>
> Regards,
> --
> Peter Wong
> 016-396 3326
>


-- 
Kindest regards,
Tom Smyth.


Re: Brand new server - bad adventures

2020-01-24 Thread Tom Smyth
> >> > delays there. No boot, again.
> >> >
> >> > My questions are:
> >> >
> >> > How can I get the rid of the error "init: can't open /dev/console:
> Device
> >> > not configured" to be able to boot into the system?
> >> >
> >> > if that was the only way (disabling inteldrm), would I repeat it each
> time I
> >> > issue syspatch?
> >> >
> >> > And each time syspatch (re)installs the kernel, should I get the error
> >> > "reorder_kernel: failed", because I modified (disabled inteldrm)
> kernel?
> >> >
> >> > Any words on "kbc: cmd word write error" when I tried the 'boot -c'?
> >> >
> >> > I thank you for your time in reading all these,
> >> > And many thanks for your suggestions, in advance!
> >> >
> >> > Best,
> >> > Özgür Kazancci
> >>
> >> --
> >> Andreas (Kusalananda) Kähäri
> >> SciLifeLab, NBIS, ICM
> >> Uppsala University, Sweden
> >>
> >> .
> >>
>
>

-- 
Kindest regards,
Tom Smyth.


Re: Assigning multiple IPv6 addresses to loopback

2020-01-23 Thread Tom Smyth
Hi Aham,

what I do is I add multiple loopback interfaces (it is useful in an ISP
context
so that when I add a loopback interface to ospf (to advertise the address
as an
intra area route )  (but I don't want to advertise the standard loopback
addresses
127.0.0.1)

eg
echo inet a.b.c.d/32  >/etc/hostname.lo2
  echo inet alias w.x.y.z/32  >>/etc/hostname.lo2

and just keep adding additional addresses using "inet alias"

Hope this helps







On Thu, 23 Jan 2020 at 11:04, Aham Brahmasmi  wrote:

> Namaste misc,
>
> In IPv6, what address prefix/range is recommended for use when
> assigning multiple addresses to the loopback interface?
>
> The use case is running multiple servers (nsd and unbound) on the same
> port but different loopback addresses. It is similar to what popped up
> on the other thread about dig.
>
> If I am not wrong, 127.0.0.1/8 is the loopback range in IPv4. On the
> other hand, in IPv6, there is only one loopback address - ::1/128 [1].
>
> And because there is only one loopback address, I do not know whether:
> 1) ::2/128, ::3/128 et al are RFC compliant IPv6 loopback addresses.
> 2) the very idea of running multiple servers on the same port but
> different loopback addresses is redundant in IPv6.
>
> Searching the internet throws up different mechanisms, but no definitive
> solution. In fact, someone went throught the entire trouble of writing
> up a draft RFC [3] to assign an address range. But for reasons that I do
> not know, the draft was allowed to expire.
>
> Dhanyavaad,
> ab
> [1] - https://www.iana.org/assignments/ipv6-address-space/
> [2] - https://www.iana.org/assignments/ipv6-multicast-addresses/
> [3] -
> https://tools.ietf.org/html/draft-smith-v6ops-larger-ipv6-loopback-prefix-04
> -----|-|-|-|-|-|-|--
>
>

-- 
Kindest regards,
Tom Smyth.


Re: Brand new server - bad adventures

2020-01-22 Thread Tom Smyth
Hello Ozgur,
if you are very stuck  and you want to get you could set the console
to com0 on the openbsd boot screen  and manage it via serial
(to get around the drm issue for now )
just make sure the bios screen you turn off logos (text boot up)
and set the openbsd console settings to the same speed as your
bios serial console settings (so that you have a seamless view of
going from bios / post screen to the openbsd console
as Jonathan said, if you set the boot up to legacy bios (rather than efi
firmware)
you will probably have better luck with the screen,
dmesg would be very helpful in identifying the hardware config on
your OpenBSD Box

Hope this helps,
Tom Smyth



On Wed, 22 Jan 2020 at 22:59, Jonathan Gray  wrote:

> On Wed, Jan 22, 2020 at 11:30:51PM +0300, Özgür Kazancci wrote:
> > Hello everyone! Greetings to misc people!
> >
> > Got a brand new dedicated server with a hardware: Intel Xeon-E 2274G -
> 64GB
> > DDR4 ECC 2666MHz - 2x SSD NVMe 960GB
> > and installed "brand new" OpenBSD 6.6 on it. (I'm managing it remotely
> via
> > KVM/IPMI)
> >
> > After the first boot, dmesg is outputting sequentally between few seconds
> > delays:
> > "wsdisplay0 at inteldrm0 mux 1
> > init: can't open /dev/console: Device not configured" and the system
> doesn't
> > boot at all.
> >
> > Please refer to the screenshot attached: https://ibb.co/sQbt7F7
> >
> > And after few hours of forums/IRC-logs readings, I tried to try the
> > suggestion of lots of similar-people: "disable inteldrm"
> >
> > To do that, during the boot I typed "boot -c", then got a brand new error
> > (IPMI/KVM freezes, no more keyboard input):
> > "kbc: cmd word write error" (with a weird cursor)
> > Please refer to the screenshot attached: https://ibb.co/QchqhtY
> >
> > Anyways, wanted to skip that -for now-, rebooted the server again, and
> > booted into bsd.rd, mounted the / and /usr on the harddisk, chrooted into
> > there and did;
> > "config -ef /bsd", then "disable inteldrm" and "quit" to save the
> changes.
> > Finally rebooted.
> >
> > The system booted up fine! Got the login prompt shell, logged in, well,
> with
> > -an another- brand new error :)
> >
> > "reorder_kernel: failed - see /usr/...GENERIC.MP/relink.log"
> >
> > I guess that was because I modified the kernel, anyway, wanted to skip
> that
> > too -for now-. Did what I always do the first: syspatch
> >
> > installed the patches, rebooted the system, aand...Tada! "inteldrm0 is
> back,
> > b1tch3z!" :)
> >
> > Dmesg has again: "init: can't open /dev/console: Device not configured"
> and
> > delays there. No boot, again.
> >
> > My questions are:
> >
> > How can I get the rid of the error "init: can't open /dev/console: Device
> > not configured" to be able to boot into the system?
> >
> > if that was the only way (disabling inteldrm), would I repeat it each
> time I
> > issue syspatch?
>
> It would be helpful if you would include a full dmesg.
>
> 1024x768 is the default mode when there are no connected outputs.
>
> You should see
> wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation), using wskbd0
>
> The way inteldrm claims the console changes depending on whether or not
> you are booting via efi.
>
>

-- 
Kindest regards,
Tom Smyth.


Re: Fwd: tap(4) performance tuning on (amd64)

2020-01-21 Thread Tom Smyth
Hello Claudio, All,


On Wed, 22 Jan 2020 at 01:01, Claudio Jeker  wrote:

> Surprised by the 20% better performance of the threaded version. I wonder
> if the single threaded version max out the performance of a single CPU.
> My tests running tcpbench just between two interfaces show no
> measurable performance difference between the different modes (for either
> tun or tap).

I will re-run the test  using bsd rather than bsd.mp   if that would help ?

Thanks


-- 
Kindest regards,
Tom Smyth.



Fwd: tap(4) performance tuning on (amd64)

2020-01-21 Thread Tom Smyth
in testing tap(4)  performance on the same box with the following config
using claudios userlandbridge (tbridge)  in between two tap interfaces
each tap was also added their own standard bridge(4) along with 1 physical
interface.

iperf3client--ix0--bridge0--tap0--tbridge--tap1--bridge1--ix1---iperf3svr

with a 1socket 2 core system that gives 3Gb/s we got the following
performance

tbridge -t gave 557Mb/s TCP throughput

btw (tbridge -t did not stop after  using ^C  or kill
but did respond to kill -s SIGKILL )

tbridge -s gave 455Mb/s TCP throughput

tbridge -p gave 448Mb/s TCP throughput

tbridge -k gave 458mb/s TCP througput

im going to try this again with more CPUs as the workload of forwarding in
this box involves 3 bridges in series.

I will also try with the tpmr(4) driver
so something about OpenVPN  has a bottleneck that reduces performance
by a factor of 3 -4x








-- Forwarded message -
From: Tom Smyth 
Date: Tue, 21 Jan 2020 at 11:15
Subject: Re: tap(4) performance tuning on (amd64)
To: Tom Smyth , Misc 


Thanks Claudio,

the program now seems to run without exiting ...  Ill do some tests
and get back to you
later
Tom Smyth

On Tue, 21 Jan 2020 at 03:09, Claudio Jeker 
wrote:
>
> On Tue, Jan 21, 2020 at 02:44:35AM +0000, Tom Smyth wrote:
> > Claudio,
> > Thanks for this,
> > I compiled  it on Openbsd 6.6 (stable) amd64
> >
> > it compiled without error
> >
> > the binary seems to run  fine but,
> > ./tbridge -k /dev/tap0 /dev/tap1
> >
> > runs and displays the usage message and  gives an errorlevel of 1
> > every time  use the -k or -t or -s or -p arguments   see  terminal
> > conversation below
> >
>
> Shit, I added a last minute check and as usual introduced a bug.
> Line 189 change if (ch != 0) to if (mode != 0)
>
> --
> :wq Claudio
>
> /*
>  * Copyright (c) 2020 Claudio Jeker 
>  *
>  * Permission to use, copy, modify, and distribute this software for any
>  * purpose with or without fee is hereby granted, provided that the above
>  * copyright notice and this permission notice appear in all copies.
>  *
>  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
WARRANTIES
>  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
>  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
>  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
>  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
>  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
>  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
>  */
> #include 
> #include 
> #include 
>
> #include 
> #include 
> #include 
> #include 
> #include 
> #include 
> #include 
> #include 
> #include 
> #include 
>
> volatile sig_atomic_tquit;
>
> static void
> do_read(int in, int out)
> {
> char buf[2048];
> ssize_t n, o;
>
> n = read(in, buf, sizeof(buf));
> if (n == -1)
> err(1, "read");
> o = write(out, buf, n);
> if (o == -1)
> err(1, "read");
> if (o != n)
> errx(1, "short write");
> }
>
> static void
> do_poll(int fd[2])
> {
> struct pollfd pfd[2];
> int n, i;
>
> while (quit == 0) {
> memset(pfd, 0, sizeof(pfd));
> pfd[0].fd = fd[0];
> pfd[0].events = POLLIN;
>
> pfd[1].fd = fd[1];
> pfd[1].events = POLLIN;
>
> n = poll(pfd, 2, INFTIM);
> if (n == -1)
> err(1, "poll");
> if (n == 0)
> errx(1, "poll: timeout");
> for (i = 0; i < 2; i++) {
> if (pfd[i].revents & POLLIN)
> do_read(fd[i], fd[(i + 1) & 0x1]);
> else if (pfd[i].revents & (POLLHUP | POLLERR))
> errx(1, "fd %d revents %x", i,
pfd[i].revents);
> }
> }
>
> }
>
> static void
> do_select(int fd[2])
> {
> fd_set readfds;
> int n, i, maxfd = -1;
>
> while (quit == 0) {
> FD_ZERO();
> for (i = 0; i < 2; i++) {
> if (fd[i] > maxfd)
> maxfd = fd[i];
> FD_SET(fd[i], );
> }
> n = select(maxfd + 1, , NULL, NULL, NULL);
> if (n == -1)
>

Re: tap(4) performance tuning on (amd64)

2020-01-21 Thread Tom Smyth
Thanks Claudio,

the program now seems to run without exiting ...  Ill do some tests
and get back to you
later
Tom Smyth

On Tue, 21 Jan 2020 at 03:09, Claudio Jeker  wrote:
>
> On Tue, Jan 21, 2020 at 02:44:35AM +0000, Tom Smyth wrote:
> > Claudio,
> > Thanks for this,
> > I compiled  it on Openbsd 6.6 (stable) amd64
> >
> > it compiled without error
> >
> > the binary seems to run  fine but,
> > ./tbridge -k /dev/tap0 /dev/tap1
> >
> > runs and displays the usage message and  gives an errorlevel of 1
> > every time  use the -k or -t or -s or -p arguments   see  terminal
> > conversation below
> >
>
> Shit, I added a last minute check and as usual introduced a bug.
> Line 189 change if (ch != 0) to if (mode != 0)
>
> --
> :wq Claudio
>
> /*
>  * Copyright (c) 2020 Claudio Jeker 
>  *
>  * Permission to use, copy, modify, and distribute this software for any
>  * purpose with or without fee is hereby granted, provided that the above
>  * copyright notice and this permission notice appear in all copies.
>  *
>  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
>  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
>  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
>  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
>  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
>  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
>  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
>  */
> #include 
> #include 
> #include 
>
> #include 
> #include 
> #include 
> #include 
> #include 
> #include 
> #include 
> #include 
> #include 
> #include 
>
> volatile sig_atomic_tquit;
>
> static void
> do_read(int in, int out)
> {
> char buf[2048];
> ssize_t n, o;
>
> n = read(in, buf, sizeof(buf));
> if (n == -1)
> err(1, "read");
> o = write(out, buf, n);
> if (o == -1)
> err(1, "read");
> if (o != n)
> errx(1, "short write");
> }
>
> static void
> do_poll(int fd[2])
> {
> struct pollfd pfd[2];
> int n, i;
>
> while (quit == 0) {
> memset(pfd, 0, sizeof(pfd));
> pfd[0].fd = fd[0];
> pfd[0].events = POLLIN;
>
> pfd[1].fd = fd[1];
> pfd[1].events = POLLIN;
>
> n = poll(pfd, 2, INFTIM);
> if (n == -1)
> err(1, "poll");
> if (n == 0)
> errx(1, "poll: timeout");
> for (i = 0; i < 2; i++) {
> if (pfd[i].revents & POLLIN)
> do_read(fd[i], fd[(i + 1) & 0x1]);
> else if (pfd[i].revents & (POLLHUP | POLLERR))
> errx(1, "fd %d revents %x", i, 
> pfd[i].revents);
> }
> }
>
> }
>
> static void
> do_select(int fd[2])
> {
> fd_set readfds;
> int n, i, maxfd = -1;
>
> while (quit == 0) {
> FD_ZERO();
> for (i = 0; i < 2; i++) {
> if (fd[i] > maxfd)
> maxfd = fd[i];
> FD_SET(fd[i], );
> }
> n = select(maxfd + 1, , NULL, NULL, NULL);
> if (n == -1)
> err(1, "select");
> if (n == 0)
> errx(1, "select: timeout");
> for (i = 0; i < 2; i++) {
> if (FD_ISSET(fd[i], ))
> do_read(fd[i], fd[(i + 1) & 0x1]);
> }
> }
> }
>
> static void
> do_kqueue(int fd[2])
> {
> struct kevent kev[2];
> int kq, i, n;
>
> if ((kq = kqueue()) == -1)
> err(1, "kqueue");
>
> memset(kev, 0, sizeof(kev));
> for (i = 0; i < 2; i++) {
> EV_SET([i], fd[i], EVFILT_READ, EV_ADD | EV_ENABLE,
> 0, 0, (void *)(intptr_t)i);
> }
> if (kevent(kq, kev, 2, NULL, 0, NULL) == -1)
> err(1, "kevent register");
>
> while (quit == 0) {
> n = kevent(kq, NULL, 0, kev, 2, NULL);
> if (n == -1)
&g

Re: tap(4) performance tuning on (amd64)

2020-01-21 Thread Tom Smyth
Thanks Claudio,
Ill investigate a little further

On Tue, 21 Jan 2020 at 03:09, Claudio Jeker  wrote:
>
> On Tue, Jan 21, 2020 at 02:44:35AM +0000, Tom Smyth wrote:
> > Claudio,
> > Thanks for this,
> > I compiled  it on Openbsd 6.6 (stable) amd64
> >
> > it compiled without error
> >
> > the binary seems to run  fine but,
> > ./tbridge -k /dev/tap0 /dev/tap1
> >
> > runs and displays the usage message and  gives an errorlevel of 1
> > every time  use the -k or -t or -s or -p arguments   see  terminal
> > conversation below
> >
>
> Shit, I added a last minute check and as usual introduced a bug.
> Line 189 change if (ch != 0) to if (mode != 0)
>
> --
> :wq Claudio
>
> /*
>  * Copyright (c) 2020 Claudio Jeker 
>  *
>  * Permission to use, copy, modify, and distribute this software for any
>  * purpose with or without fee is hereby granted, provided that the above
>  * copyright notice and this permission notice appear in all copies.
>  *
>  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
>  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
>  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
>  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
>  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
>  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
>  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
>  */
> #include 
> #include 
> #include 
>
> #include 
> #include 
> #include 
> #include 
> #include 
> #include 
> #include 
> #include 
> #include 
> #include 
>
> volatile sig_atomic_tquit;
>
> static void
> do_read(int in, int out)
> {
> char buf[2048];
> ssize_t n, o;
>
> n = read(in, buf, sizeof(buf));
> if (n == -1)
> err(1, "read");
> o = write(out, buf, n);
> if (o == -1)
> err(1, "read");
> if (o != n)
> errx(1, "short write");
> }
>
> static void
> do_poll(int fd[2])
> {
> struct pollfd pfd[2];
> int n, i;
>
> while (quit == 0) {
> memset(pfd, 0, sizeof(pfd));
> pfd[0].fd = fd[0];
> pfd[0].events = POLLIN;
>
> pfd[1].fd = fd[1];
> pfd[1].events = POLLIN;
>
> n = poll(pfd, 2, INFTIM);
> if (n == -1)
> err(1, "poll");
> if (n == 0)
> errx(1, "poll: timeout");
> for (i = 0; i < 2; i++) {
> if (pfd[i].revents & POLLIN)
> do_read(fd[i], fd[(i + 1) & 0x1]);
> else if (pfd[i].revents & (POLLHUP | POLLERR))
> errx(1, "fd %d revents %x", i, 
> pfd[i].revents);
> }
> }
>
> }
>
> static void
> do_select(int fd[2])
> {
> fd_set readfds;
> int n, i, maxfd = -1;
>
> while (quit == 0) {
> FD_ZERO();
> for (i = 0; i < 2; i++) {
> if (fd[i] > maxfd)
> maxfd = fd[i];
> FD_SET(fd[i], );
> }
> n = select(maxfd + 1, , NULL, NULL, NULL);
> if (n == -1)
> err(1, "select");
> if (n == 0)
> errx(1, "select: timeout");
> for (i = 0; i < 2; i++) {
> if (FD_ISSET(fd[i], ))
> do_read(fd[i], fd[(i + 1) & 0x1]);
> }
> }
> }
>
> static void
> do_kqueue(int fd[2])
> {
> struct kevent kev[2];
> int kq, i, n;
>
> if ((kq = kqueue()) == -1)
> err(1, "kqueue");
>
> memset(kev, 0, sizeof(kev));
> for (i = 0; i < 2; i++) {
> EV_SET([i], fd[i], EVFILT_READ, EV_ADD | EV_ENABLE,
> 0, 0, (void *)(intptr_t)i);
> }
> if (kevent(kq, kev, 2, NULL, 0, NULL) == -1)
> err(1, "kevent register");
>
> while (quit == 0) {
> n = kevent(kq, NULL, 0, kev, 2, NULL);
> if (n == -1)
> err(1, "kevent");
> 

Re: tap(4) performance tuning on (amd64)

2020-01-20 Thread Tom Smyth
Claudio,
Thanks for this,
I compiled  it on Openbsd 6.6 (stable) amd64

it compiled without error

the binary seems to run  fine but,
./tbridge -k /dev/tap0 /dev/tap1

runs and displays the usage message and  gives an errorlevel of 1
every time  use the -k or -t or -s or -p arguments   see  terminal
conversation below


test3b# ./tbridge -k /dev/tap0 /dev/tap1
tbridge -k | -p | -s | -t tapA tapB
persistentg3b# ./tbridge -p /dev/tap0 /dev/tap1
tbridge -k | -p | -s | -t tapA tapB
test3b# echo $?
1
test3b# ./tbridge -s /dev/tap0 /dev/tap1
tbridge -k | -p | -s | -t tapA tapB
test3b# echo $?
1
test3b# ./tbridge -t /dev/tap0 /dev/tap1
tbridge -k | -p | -s | -t tapA tapB
test3b# echo $?
1
test3b# ./tbridge /dev/tap0 /dev/tap1
test3b# echo $?
0

I tried with and without creating the tunnel interfaces first,  with
ifconfig tap create
i tried with our without running ifconfig tap1 up
i tried with and without adding each tap to a separate  bridge(4)
I ran  the binary as root  for all tests
I tried running tbridge with interface name "tap1" / "tap0"  as opposed
to the device name /dev/tap1 /dev/tap2 (just in case)

 will try with current  after I get some sleep
( was just trying to do a benchmark of release /stable vs  current  also )


Thanks for this it is a help
 as I was trying and (losing with socat)  I think socat port on
OpenBSD6.6 amd64
is compiled without tap / tun support

cheers,
Tom Smyth






On Mon, 20 Jan 2020 at 10:38, Claudio Jeker  wrote:
>
> On Fri, Jan 10, 2020 at 01:00:49PM +, Tom Smyth wrote:
> > Hi lads,
> >
> > I have been doing some testing with tap(4) and openvpn (standard ssl )
> > I have been using openvpn with tap and I have been trying with null
> > encryption. null authentication,
> > the performance of the tap interface  seems to be about 100-150Mb/s  on a 
> > system
> > which can give  3Gb/s-5Gb/s on ix(4) interfaces  in Bridge mode and
> > 4-8Gb/s on tpmr mode
> > I was wondering is there a sysctl setting that if modified would
> > improve the tap interface performance.
> > I have tried with tpmr(4) and  bridge(4)
> >
> > is there a simple way  testing a tap(4) interface throughput /
> > performance without Openvpn process
> >
> > I can try mlvpn and wireguard
> > but I would love if there was a trick where I can just test the tap(4)
> > interface  with something like pair(4)...
> >
> > ix0---bridge0--tap0---someprocess--tap1-bridge1--ix1
> > or
> > ix0--tpmr0--tap0--someprocess--tap1-tpmr1-ix1
> >
> > is there a simple "someprocess" that would provide forwarding packets
> > between tap0 and tap1 in userland
> > so that any performance testing on tap(4) interfaces does not have the
> > distractions of complex userland programs with encryption /
> > encapsulation overheads
> >
>
> I just wrote a simple tun/tap bridge for testing so here you go.
> Compile it with 'cc -Wall -o tbridge tbridge.c -lpthread' and run it
> with 'tbridge -k /dev/tun0 /dev/tun1' to wire tun0 and tun1 together.
> You can select between, select(2), poll(2), kqueue(2) and pthreads as the
> way on how to multiplex the reads.
>
> For me the code triggers scheduler inefficencies and causes packets drops
> on the output queue when there are multiple packet producers.
> --
> :wq Claudio
>
> /*
>  * Copyright (c) 2020 Claudio Jeker 
>  *
>  * Permission to use, copy, modify, and distribute this software for any
>  * purpose with or without fee is hereby granted, provided that the above
>  * copyright notice and this permission notice appear in all copies.
>  *
>  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
>  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
>  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
>  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
>  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
>  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
>  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
>  */
> #include 
> #include 
> #include 
>
> #include 
> #include 
> #include 
> #include 
> #include 
> #include 
> #include 
> #include 
> #include 
> #include 
>
> volatile sig_atomic_tquit;
>
> static void
> do_read(int in, int out)
> {
> char buf[2048];
> ssize_t n, o;
>
> n = read(in, buf, sizeof(buf));
> if (n == -1)
> err(1, "read");
> o = write(out, buf, n);
> if (o == -1)
> err(1, "read");
> if (o != n)
> errx(1, &

Re: Userland PCI drivers possible in OpenBSD?

2020-01-10 Thread Tom Smyth
Johannes,
Joseph asked a fair question and he got a direct answer
and a reason for it from two developers. It may not be the answer
that he wanted but the reason for not
implementing  what very experienced developers and computer
scientists determined that usermode PCI drivers like that would
introduce an unacceptable  security  risk for the OS and its users
As a user who wants increased performance yeah Usermode PCI drivers
 sound awesome.

DPDK and VPP all that stuff sound awesome for Networking ...
but they carry a heightened risk for instance one of the recent
Intel CVEs involved using Direct I/O feature which bascally taking
packets from a Nic and shoving them directly to CPU Cache ...
(one might guess at a glance why such features increase performance
but also increase the risk to the OS that happens to be running on
that same CPU )
so optimizations / short cuts or using little known or little
documented features of hardware  which lack the safeguards that
 the Kernel has built into it  is not such a hot idea...
again if you can make things secure and more performant  and
address the inherent risks associated with what is being asked

I think having a go at Devs is not the best way forward...

Regards,
Tom Smyth





On Fri, 10 Jan 2020 at 21:08, Johannes Krottmayer  wrote:
>
> On 10.01.20 at 17:26,  Theo de Raadt wrote:
> > We won't help you because we oppose the lack of a security barrier
> > in such designs.
>
> Detailed explanation (for us stupid users), please.
>
> The same non-response answer. Same with my (simple) User-Space GPIO
> driver.
>
> Please don't get wrong, but I had the opportunity to use OpenBSD as
> embedded OS for my future projects (primary control units). I had to
> change the scheduler, for real-time support and some other changes.
>
> Why at this time OpenBSD?
> - For me a good driver base
> - good code quality (I have learned much new coding techniques from
>   the code)
> - That's all
>
> Now without a little help from you?
> I started my own kernel. But beware, I start from the "void". Don't
> use any existing code from OpenBSD or other projects. Currently I
> have enough time to do this. Do you really think I'm stupid for
> (referring to other dismissive words to my person from you in the
> list) this? Maybe, but beware you don't know any of my other (closed)
> projects.
>
> You want kick me from the lists? Do it. Then I know your nature.
>


-- 
Kindest regards,
Tom Smyth.



Re: tap(4) performance tuning on (amd64)

2020-01-10 Thread Tom Smyth
Sorry
I realised I forgot to mention the version openvpn-2.4.7p1 and
OpenBSD6.6 Stable (amd64)
running on a 2 core (1socket) Xeon e5v2 KVM Guest with  Q35 Vm type
with intel ix(4) nics
I will test against Current also once I have gotten a baseline on the
release+ Patches version

Thanks,
Tom Smyth

On Fri, 10 Jan 2020 at 13:00, Tom Smyth  wrote:
>
> Hi lads,
>
> I have been doing some testing with tap(4) and openvpn (standard ssl )
> I have been using openvpn with tap and I have been trying with null
> encryption. null authentication,
> the performance of the tap interface  seems to be about 100-150Mb/s  on a 
> system
> which can give  3Gb/s-5Gb/s on ix(4) interfaces  in Bridge mode and
> 4-8Gb/s on tpmr mode
> I was wondering is there a sysctl setting that if modified would
> improve the tap interface performance.
> I have tried with tpmr(4) and  bridge(4)
>
> is there a simple way  testing a tap(4) interface throughput /
> performance without Openvpn process
>
> I can try mlvpn and wireguard
> but I would love if there was a trick where I can just test the tap(4)
> interface  with something like pair(4)...
>
> ix0---bridge0--tap0---someprocess--tap1-bridge1--ix1
> or
> ix0--tpmr0--tap0--someprocess--tap1-tpmr1-ix1
>
> is there a simple "someprocess" that would provide forwarding packets
> between tap0 and tap1 in userland
> so that any performance testing on tap(4) interfaces does not have the
> distractions of complex userland programs with encryption /
> encapsulation overheads
>
> Thanks  for your time
> Tom Smyth
>
> --
> Kindest regards,
> Tom Smyth.



-- 
Kindest regards,
Tom Smyth.



  1   2   3   4   >