from:"justin"

Theo de Raadt  wrote:

> going to use the other 95% of your text segment which, due to static-linking,
> you have placed at very convenient fixed-offset locations relative to whatever
> bug they find to exercise.

The static linking example is a bit of a red herring. Even if the program were
dynamically linked, dropping code that will never be used again is useful, at
least to me.

> You are confusing mechanism.  pledge blocks the operation in the kernel,
> not in the address space.  You think you can block the operation in the

I was just pointing out the similarity between dropping access to system calls
at the kernel level and dropping large application features no longer needed.
Perhaps I should have worded it better.

> Please don't talk to me about ASLR when you are making a static binary
> that has libc.a pieces at fixed offsets inside it.

That example is irrelevant, and just how I came to modifying uvm_map.c to
ratchet down protection bits. The idea is applicable to dynamically linked
applications as well.

> pledge does not drop access to system calls.  It blocks the *action*
> of it, inside the kernel.  You are muddling things together far too much.

That's a matter of semantics. The point is that pledge reduces attack surface by
reducing what a program is capable of doing at the system level. Dropping code
segments is just another mitigation.

> You will need to argue that I am wrong before you go any further.

It doesn't matter. I'm not interested in a debate. The point of the thread was
just to describe the situation and how ratcheting down protection bits solves
it, in case the bit ratcheting idea might be useful. I honestly don't care who
is right or wrong, or whether the feature is upstreamed. Take it or leave it. I
can always patch the kernel as I see fit. It's no problem for me.  That's the
beauty of open source, and I thank you and your team for making that possible.

You don't see the utility of such a feature. Very well. Thanks for your
consideration.

- Justin

On Fri, Jun 30, 2023 at 11:46 AM Theo de Raadt  wrote:
>
> Justin Handville  wrote:
>
> > Theo de Raadt  wrote:
> >
> > > > It's a cheap defense in depth protection that simplifies my use
> > > > case.
> >
> > > But I don't see a real security benefit of what you are trying to do.
> >
> > There may not be. At this point, it's more idiomatic. Don't need code?
> > Don't keep it. It's an experimental feature. I'm not too broken up if I
> > can't use it anymore. I'll find other ways, and I can always just patch
> > the kernel.
>
> I think you are confused by something.
>
> Attackers won't use the text you are unmapping, their method will use
> the text you have not unmapped.
>
> You will need to argue that I am wrong before you go any further.
>
> > I arrived at this feature because it's similar to a technique in
> > firmware, where code access can be trivially narrowed with an MPU. The
> > threat there is easier to perceive, since often there isn't a well
> > defined kernel in which access to hardware or cryptography can be
> > encapsulated with better guarded entry points.
>
> That argument holds no water with me.
>
> > I think that the immutable flag feature is useful, and I think that
> > making it automatic is a great security mitigation. I'm just curious
> > whether a feature like drop_this_init_code_I_will_never_call_again()
> > would also be useful.
>
> Attackers won't use the text you are unmapping, their method will use
> the text you have not unmapped.
>
> > Pledge and unveil can limit the impact of system calls, but within the
> > program itself, attackers can find unintended ways of using code.
>
> AGAIN:  Attackers won't use the text you are unmapping, their method will use
> the text you have not unmapped.  That is what they do with ROP.  You are
> probably capable of removing 5% of your text segment, but the attacker is
> going to use the other 95% of your text segment which, due to static-linking,
> you have placed at very convenient fixed-offset locations relative to whatever
> bug they find to exercise.
>
> > One
> > salient example I can think of where this may be dangerous is in a more
> > dynamic language where eval() or the code generator is needed at
> > startup, but is no longer needed after the program enters steady state.
> > We've seen plenty of attacks, like Log4J, where sloppy features can be
> > used to exploit a naked eval(). Certainly, one solution is to limit what
> > libraries are being used. But, another is to go a la carte as with
> > pledge, and say, "I no longer need eval(), so drop it."
>
> You are confusing mechanism.  pledge blocks the operation in the kernel,
> not in

Re: Immutable Page Protections

Theo de Raadt  wrote:

> > It's a cheap defense in depth protection that simplifies my use
> > case.

> But I don't see a real security benefit of what you are trying to do.

There may not be. At this point, it's more idiomatic. Don't need code?
Don't keep it. It's an experimental feature. I'm not too broken up if I
can't use it anymore. I'll find other ways, and I can always just patch
the kernel.

I arrived at this feature because it's similar to a technique in
firmware, where code access can be trivially narrowed with an MPU. The
threat there is easier to perceive, since often there isn't a well
defined kernel in which access to hardware or cryptography can be
encapsulated with better guarded entry points.

> Because then programs need active code to do so.  Where will those calls
> be?  Today, the kernel does it automatically before the program runs.
> You want to do it at c runtime startup?  It would be the same.  Or you
> want programs to have to do it themselves?  Like, lock_my_text_segment()
> called from inside main?  That really doesn't make sense.

I think that the immutable flag feature is useful, and I think that
making it automatic is a great security mitigation. I'm just curious
whether a feature like drop_this_init_code_I_will_never_call_again()
would also be useful.

Pledge and unveil can limit the impact of system calls, but within the
program itself, attackers can find unintended ways of using code.  One
salient example I can think of where this may be dangerous is in a more
dynamic language where eval() or the code generator is needed at
startup, but is no longer needed after the program enters steady state.
We've seen plenty of attacks, like Log4J, where sloppy features can be
used to exploit a naked eval(). Certainly, one solution is to limit what
libraries are being used. But, another is to go a la carte as with
pledge, and say, "I no longer need eval(), so drop it."

Yes, dynamic languages are an entirely other can of worms, and they
often have other ways to drop code. But, I think an argument could be
made for this being useful in a static C/C++ program. Init code and
other run-once code is still callable, which means that it's ripe for
gadgets. ASLR and other mitigations make this harder, but not impossible
as we've seen with various attacks to bypass these mitigations. It's
much harder to exploit what no longer exists...

> I'll think about it a bit.  But I am very much not convinced that those
> text segments you have lying around are a real risk.

That's the point of the thread. It's just food for thought. I know that
features that OpenBSD develop often pop up in other operating systems.
Dropping code, at least to me, seems like a natural progression of
dropping access to system calls.

- Justin

On Fri, Jun 30, 2023 at 8:58 AM Theo de Raadt  wrote:
>
> Justin Handville  wrote:
>
> > I'm assuming that misc@ is probably the best place for this e-mail,
> > although it gets a bit in the tech@ weeds.  I upgraded to 7.3 not so
> > long ago, and I noticed that a daemon I had written was no longer
> > working properly. For reasons that are probably too much to get into
> > here, I statically link the daemon. It's a single binary that makes use
> > of pledge / unveil, and privilege separation. This all works fine. It
> > also has another trick, which unfortunately no longer works in 7.3.
> >
> > To reduce the code footprint of this daemon as well as the potential
> > gadget attack surface, I have it drop any code that it will no longer
> > execute. This happens after fork / exec on a child, and also after
> > initialization code executes before the child process enters its steady
> > state. This is trivially done by grouping functions into custom page
> > aligned sections in the ELF binary, and running mprotect on these
> > sections with PROT_NONE. I considered munmap as well as other tricks,
> > but so far, this seems to be the most portable way to handle this trick
> > that I could think of between BSD and Linux. I'm sure others are more
> > clever.  It's a cheap defense in depth protection that simplifies my use
> > case.
> >
> > As of OpenBSD 7.3, when the immutable flag entered mainstream, this
> > trick no longer works. Given that my trick is a total hack, I'm not too
> > broken up about it.  Of course, this change led me to doing some poking
> > around.
>
> Sorry.
>
> But I don't see a real security benefit of what you are trying to do.
>
> > I noticed that in sys/uvm/uvm_map.c, an exception was granted to allow
> > Chrome to drop the write flag for a region for userland compatibility.
> > That makes sense as a temporary measure. I'm wondering, however, if it
> > might not make sense to think about this functionality differently.
> > Ins

Re: Immutable Page Protections

Dave Voutila  wrote:

> Have you considered a libexec approach instead? If the goal is to keep a
> child process having only the executable pages it needs for operations,
> why not split up the program design instead of mucking with ELF stuff?
> That surely has to be even more portable.

I have. There are other reasons for preferring a single static binary. I
agree that playing with ELF sections is problematic. But, on most
systems I use, this works. It's no worse than assumptions made for GC,
dynamic code generation, or fibers on most platforms. Of course, like
each of these assumptions, it's not guaranteed and, as with what
happened with 7.3, is likely to go away at any time.

It's fine. I have plenty of kernel patches I use on most OSes. I'll
probably just flesh this one out with its own system call and
alternative mode for ld.so. I just figured it was useful to point out
that at least one person is using this pattern.

- Justin

On Fri, Jun 30, 2023 at 8:03 AM Dave Voutila  wrote:
>
>
> Justin Handville  writes:
>
> > I'm assuming that misc@ is probably the best place for this e-mail,
> > although it gets a bit in the tech@ weeds.  I upgraded to 7.3 not so
> > long ago, and I noticed that a daemon I had written was no longer
> > working properly. For reasons that are probably too much to get into
> > here, I statically link the daemon. It's a single binary that makes use
> > of pledge / unveil, and privilege separation. This all works fine. It
> > also has another trick, which unfortunately no longer works in 7.3.
> >
> > To reduce the code footprint of this daemon as well as the potential
> > gadget attack surface, I have it drop any code that it will no longer
> > execute. This happens after fork / exec on a child, and also after
> > initialization code executes before the child process enters its steady
> > state. This is trivially done by grouping functions into custom page
> > aligned sections in the ELF binary, and running mprotect on these
> > sections with PROT_NONE. I considered munmap as well as other tricks,
> > but so far, this seems to be the most portable way to handle this trick
> > that I could think of between BSD and Linux. I'm sure others are more
> > clever.  It's a cheap defense in depth protection that simplifies my use
> > case.
>
> Have you considered a libexec approach instead? If the goal is to keep a
> child process having only the executable pages it needs for operations,
> why not split up the program design instead of mucking with ELF stuff?
> That surely has to be even more portable.
>
> >
> > As of OpenBSD 7.3, when the immutable flag entered mainstream, this
> > trick no longer works. Given that my trick is a total hack, I'm not too
> > broken up about it.  Of course, this change led me to doing some poking
> > around.
> >
> > I noticed that in sys/uvm/uvm_map.c, an exception was granted to allow
> > Chrome to drop the write flag for a region for userland compatibility.
> > That makes sense as a temporary measure. I'm wondering, however, if it
> > might not make sense to think about this functionality differently.
> > Instead of immutable memory regions, why can't we consider a more
> > pledge-like ratcheting for memory regions, where bits can be removed,
> > but never added back? How does this impact the gadget attack surface
> > that led to the immutable flag being considered to begin with?
> >
> > For the time being, I extended the exception in uvm_map.c on my own
> > OpenBSD systems to allow immutable regions to be stripped of all
> > protection flags with a call to mprotect. So, in addition to allowing RW
> > to R, if the region is any combination of PROT_READ, PROT_WRITE, or
> > PROT_EXEC, then it can be reduced to PROT_NONE. This seemed the safer
> > option for patching for now.  Of course, this further breaks the
> > definition of "immutable", but at least immutable regions can only have
> > protection bits removed.
> >
> > My reason for mailing misc@ is just to bring up this data point from a
> > single user. I'm certain that the OpenBSD developers have reasons for
> > preferring a pure immutable flag, but having a mechanism for ratcheting
> > down protections is useful at least for me, and is apparently useful
> > enough in userland going from RW to R, that an exception was carved out
> > for now. Of course, I'm more than happy to work with the developers to
> > come up with a plan for upstreaming this feature if it's something
> > useful. If not, I have no problem adding it to my personal list of
> > patches I maintain that I doubt anyone else would want or need.
> >
> > - Justin

Immutable Page Protections

I'm assuming that misc@ is probably the best place for this e-mail,
although it gets a bit in the tech@ weeds.  I upgraded to 7.3 not so
long ago, and I noticed that a daemon I had written was no longer
working properly. For reasons that are probably too much to get into
here, I statically link the daemon. It's a single binary that makes use
of pledge / unveil, and privilege separation. This all works fine. It
also has another trick, which unfortunately no longer works in 7.3.

To reduce the code footprint of this daemon as well as the potential
gadget attack surface, I have it drop any code that it will no longer
execute. This happens after fork / exec on a child, and also after
initialization code executes before the child process enters its steady
state. This is trivially done by grouping functions into custom page
aligned sections in the ELF binary, and running mprotect on these
sections with PROT_NONE. I considered munmap as well as other tricks,
but so far, this seems to be the most portable way to handle this trick
that I could think of between BSD and Linux. I'm sure others are more
clever.  It's a cheap defense in depth protection that simplifies my use
case.

As of OpenBSD 7.3, when the immutable flag entered mainstream, this
trick no longer works. Given that my trick is a total hack, I'm not too
broken up about it.  Of course, this change led me to doing some poking
around.

I noticed that in sys/uvm/uvm_map.c, an exception was granted to allow
Chrome to drop the write flag for a region for userland compatibility.
That makes sense as a temporary measure. I'm wondering, however, if it
might not make sense to think about this functionality differently.
Instead of immutable memory regions, why can't we consider a more
pledge-like ratcheting for memory regions, where bits can be removed,
but never added back? How does this impact the gadget attack surface
that led to the immutable flag being considered to begin with?

For the time being, I extended the exception in uvm_map.c on my own
OpenBSD systems to allow immutable regions to be stripped of all
protection flags with a call to mprotect. So, in addition to allowing RW
to R, if the region is any combination of PROT_READ, PROT_WRITE, or
PROT_EXEC, then it can be reduced to PROT_NONE. This seemed the safer
option for patching for now.  Of course, this further breaks the
definition of "immutable", but at least immutable regions can only have
protection bits removed.

My reason for mailing misc@ is just to bring up this data point from a
single user. I'm certain that the OpenBSD developers have reasons for
preferring a pure immutable flag, but having a mechanism for ratcheting
down protections is useful at least for me, and is apparently useful
enough in userland going from RW to R, that an exception was carved out
for now. Of course, I'm more than happy to work with the developers to
come up with a plan for upstreaming this feature if it's something
useful. If not, I have no problem adding it to my personal list of
patches I maintain that I doubt anyone else would want or need.

- Justin

Re: OpenBSD Hackathons

2023-05-12 Thread Justin Yates Fletcher

On Fri, 2023-05-12 at 20:18 +, Katherine Mcmillan wrote:
> Hi all,
> 
> Thank you for the helpful responses, this definitely explains some
> things!
> 
> I'm looking at organizing an OpenBSD Hackathon in the National
> Capital Region in Canada (could potentially be on the Gatineau,
> Quebec side) but having never been to an OpenBSD Hackathon, my
> interpretation might be quite different from the other Hackathons!
> That's fine, and I'm going to seek inspiration from attending a
> FreeBSD Hackathon, as that project makes their upcoming Hackathons
> public:  https://wiki.freebsd.org/Hackathon/202305
> 
> Thank you very much for the help and please feel free to contact me
> privately if you're interested in attending (either as a volunteer or
> developer) or otherwise supporting an OpenBSD Hackathon in the
> National Capital Region in Canada.
> 
> Sincerely,
> Katie

Hi Katie,

I'll make an assumption based upon what you have written and reply to
that.

I have no experience with hackathons except when working for a globally
recognized company that had no idea what a hackathon meant but tried to
do a few. When I learned that leadership set up a process to accept
what could be hacked on, and a process to determine the winning team of
the hackathons, I decided to skip the events.  :-(

Anyway, the official OpenBSD hackathons are limited to a select group.
There is no minimum size, I assume, because if these people want to
meet up then they do.

If you want to set up your own community OpenBSD hackathon then you
will need to do the advertising, signup process, and management of the
location/capacity vs signups, etc. yourself.

I do hope it goes well!

Justin

hw.ncpuonline (2 of 2)

2023-02-01 Thread Justin Muir

As requested, dmesg output:

OpenBSD 7.2 (GENERIC.MP) #758: Tue Sep 27 11:57:54 MDT 2022
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8012951552 (7641MB)
avail mem = 7752704000 (7393MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xe4800 (31 entries)
bios0: vendor Acer version "V1.07" date 10/24/2012
bios0: Acer Aspire V3-551G
acpi0 at bios0: ACPI 5.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP UEFI HPET APIC MCFG ASF! BOOT SLIC WDRT WDAT FPDT
SSDT SSDT
acpi0: wakeup devices PB4_(S5) PB5_(S5) PB6_(S5) PB7_(S5) SPB0(S4) SPB1(S4)
SPB2(S4) SPB3(S4) GEC_(S4) OHC1(S4) OHC2(S4) OHC3(S4) OHC4(S4) EHC1(S4)
EHC2(S4) EHC3(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpihpet0 at acpi0: 14318180 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 16 (boot processor)
cpu0: AMD A10-4600M APU with Radeon(tm) HD Graphics, 2296.92 MHz, 15-10-01
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,ITSC,BMI1
cpu0: 16KB 64b/line 4-way D-cache, 64KB 64b/line 2-way I-cache
cpu0: 2MB 64b/line 16-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, IBE
cpu1 at mainbus0: apid 17 (application processor)
cpu1: AMD A10-4600M APU with Radeon(tm) HD Graphics, 2295.94 MHz, 15-10-01
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,ITSC,BMI1
cpu1: 16KB 64b/line 4-way D-cache, 64KB 64b/line 2-way I-cache
cpu1: 2MB 64b/line 16-way L2 cache
cpu1: smt 1, core 0, package 0
cpu2 at mainbus0: apid 18 (application processor)
cpu2: AMD A10-4600M APU with Radeon(tm) HD Graphics, 2295.95 MHz, 15-10-01
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,ITSC,BMI1
cpu2: 16KB 64b/line 4-way D-cache, 64KB 64b/line 2-way I-cache
cpu2: 2MB 64b/line 16-way L2 cache
cpu2: smt 0, core 1, package 0
cpu3 at mainbus0: apid 19 (application processor)
cpu3: AMD A10-4600M APU with Radeon(tm) HD Graphics, 2295.94 MHz, 15-10-01
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,CPCTR,ITSC,BMI1
cpu3: 16KB 64b/line 4-way D-cache, 64KB 64b/line 2-way I-cache
cpu3: 2MB 64b/line 16-way L2 cache
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 4 pa 0xfec0, version 21, 24 pins, remapped
acpimcfg0 at acpi0
acpimcfg0: addr 0xf800, bus 0-63
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (PB2_)
acpiprt2 at acpi0: bus -1 (PB3_)
acpiprt3 at acpi0: bus 2 (PB4_)
acpiprt4 at acpi0: bus -1 (PB5_)
acpiprt5 at acpi0: bus -1 (PB6_)
acpiprt6 at acpi0: bus 3 (PB7_)
acpiprt7 at acpi0: bus -1 (SPB0)
acpiprt8 at acpi0: bus -1 (SPB1)
acpiprt9 at acpi0: bus -1 (SPB2)
acpiprt10 at acpi0: bus -1 (SPB3)
acpiprt11 at acpi0: bus 7 (P2P_)
acpiec0 at acpi0
acpibtn0 at acpi0: PWRB
acpibtn1 at acpi0: SLPB
acpipci0 at acpi0 PCI0
acpicmos0 at acpi0
"ETD0500" at acpi0 not configured
acpibat0 at acpi0: BAT1 model "13854139376292673" serial 3359 type Lion oem
"LG "
acpiac0 at acpi0: AC unit online
acpibtn2 at acpi0: LID_
"PNP0C14" at acpi0 not configured
"PNP0C14" at acpi0 not configured
acpicpu0 at acpi0: C2(0@100 io@0x841), C1(@1 halt!), PSS
acpicpu1 at acpi0: C2(0@100 io@0x841), C1(@1 halt!), PSS
acpicpu2 at acpi0: C2(0@100 io@0x841), C1(@1 halt!), PSS
acpicpu3 at acpi0: C2(0@100 io@0x841), C1(@1 halt!), PSS
acpivideo0 at acpi0: VGA_
acpivout0 at acpivideo0: LCD_
acpivideo1 at acpi0: VGA_
acpivout1 at acpivideo1: LCD_
acpivideo2 at acpi0: VGA_
cpu0: 2296 MHz: speeds: 2300 2000 1800 1600 1400 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "AMD 15/1xh Host" rev 0x00
radeondrm0 at pci0 dev 1 function 0 "ATI Aruba" rev 0x00
drm0 at radeondrm0
radeondrm0: msi
azalia0 at pci0 dev 1 function 1 vendor "ATI", unknown product 0x9902 rev
0x00: msi
azalia0: no supported codecs
ppb0 at pci0 dev 2 function 0 "AMD 15/1xh PCIE" rev 0x00: msi
pci1 at ppb0

hw.ncpuonline (1 of 2)

2023-02-01 Thread Justin Muir

As requested, output from lspci (dmesg coming shortly, currently running
custom kernel)

Architecture:amd64
Byte Order:  Little Endian
Active CPU(s):   4
Total CPU(s):4
Thread(s) per core:  1
Core(s) per socket:  4
Socket(s):   1
Vendor:  AuthenticAMD
CPU family:  21
Model:   16
Model name:  AMD A10-4600M APU with Radeon(tm) HD Graphics
Stepping:1
CPU MHz: 2300
L1d cache:   16K
L1i cache:   64K
L2 cache:2048K
Flags:   fpu vme de pse tsc msr pae mce cx8 apic sep mtrr
pge mca cmov pat pse36 cflsh mmx fxsr sse sse2 htt sse3 pclmulqdq monitor
ssse3 fma cx16 sse4_1 sse4_2 popcnt aes xsave osxsave avx f16c syscall nx
mmxext fxsr_opt pdpe1gb rdtscp lm lahf_lm cmp_legacy svm extapic cr8_legacy
lzcnt sse4a misalignsse 3dnowprefetch osvw ibs xop skinit wdt lwp fma4 tce
nodeid_msr tbm perfctr_core perfctr_nb


Thanks for all who have replied!

hw.ncpuonline

2023-01-31 Thread Justin Muir

Hi all,

I've got an AMD A10 with 4 cores and only 2 are online. I'm not sure how to
enable the other 2.

hw.ncpufound=4 btw

Any ideas out there?

Tia!

hw.ncpuonline

2023-01-31 Thread Justin Muir

Hi all,

I've got an AMD A10 with 4 cores and only 2 are online. I'm not sure how to
enable the other 2.

hw.ncpufound=4 btw

Any ideas out there?

Tia!

terminal emulators

2023-01-10 Thread Justin Muir

Hi all,

Just for the security-minded: run ldd xterm | wc -l
Then do the same for sakura, alacritty or whatever your favourite term
happens to be.

I'm still mulling over whether I should straight up switch to the one with
the least dependencies or just continue with xterm.

Any thoughts?


tia!

equivalent to linux/serial.h?

2022-12-30 Thread Justin Muir

Hello,

Just attempting to compile SDRAngel from source and I'm getting some errors
in the process.

The latest is: "linux/serial.h"  missing. Is there an equivalent I can
point to on OpenBSD?

I'm also having difficulties with the dab-cmdline library. The compile goes
haywire with a bunch of mismatches in header definitions. Is there an
equivalent to dab-cmdline in OBSD??


Tia!

Re: 0.0.0.0/32 in pf's tables

2022-11-08 Thread Justin Yates Fletcher

God abhors a naked singularity.


On Tue, 2022-11-08 at 22:47 +0300, 3 wrote:
> what religion forbids using 0.0.0.0/32 in tables? 0_0 but 0/0 can be
> used.. what's going on?! is the world going mad?
>

Re: miniroot.img boot-looping on rpi-4b

2021-05-09 Thread Justin Yang

Do you have any USB disks connected to your pi? If so, try to remove that
and boot again to see if it works.

On Sunday, May 9, 2021, Rob Whitlock  wrote:

> Hello,
>
> I am trying to install OpenBSD 6.9 on a Raspberry Pi 4B. I copied
> miniroot69.img to the SD card with this command:
>
> dd if=miniroot69.img of=/dev/rdisk2 bs=1m
>
> I put it in the Pi and upon boot it fails with this error message
> printed out through serial:
>
> U-Boot 2021.01 (Apr 16 2021 - 15:39:01 +1000)
>
> DRAM:  1.9 GiB
> RPI 4 Model B (0xb03114)
> MMC:   mmcnr@7e30: 1, emmc2@7e34: 0
> Loading Environment from FAT... ** No partition table - mmc 0 **
> In:serial
> Out:   serial
> Err:   serial
> Net:   eth0: ethernet@7d58
> PCIe BRCM: link up, 5.0 Gbps x1 (SSC)
> starting USB...
> Bus xhci_pci: probe failed, error -110
> No working controllers found
> Hit any key to stop autoboot:  0
> switch to partitions #0, OK
> mmc0 is current device
> ** Bad device specification :1 bootfstype **
> "Synchronous Abort" handler, esr 0x9604
> elr: 0009197c lr : 000930c8 (reloc)
> elr: 3b36d97c lr : 3b36f0c8
> x0 : 6d63625f646e7320 x1 : 5f656c62
> x2 : 3b3d30a0 x3 : 0001
> x4 : 3afe9fe0 x5 : 
> x6 : 3b3d30a0 x7 : 3b3d30b0
> x8 : 3afea070 x9 : 0008
> x10: 3b3d07f2 x11: 3af64780
> x12:  x13: 0004
> x14: 3af4be58 x15: 
> x16: 4110 x17: 2285e5950900a046
> x18: 3af57da0 x19: 3afe9940
> x20: 0811 x21: 0811
> x22:  x23: 
> x24:  x25: 
> x26: 0028 x27: 0003
> x28:  x29: 3af4bac0
>
> Code: 2a1b03e1 97e5 2a0003f8 140d (f8777800)
> Resetting CPU ...
>
> resetting ...
>
> Any help would be appreciated.
>
> Rob
>
>

-- 
Justin Yang

Iked windows client using certificates?

2021-04-01 Thread Justin Mayes

Hello everyone

Just wanted to check my sanity after so many days. I have ikev2 setup working
for windows machine for a long time using the following. So, to repeat this
works, it connects fine.

ikev2 passive esp \
from 0.0.0.0/0 to 10.0.5.0/24 \
peer any local 50.247.187.177 \
srcid 50.247.187.177 \
config address 10.0.5.0/24

now I have a second windows client with a different certificate that I also
want to connect at the same time but client B will disconnect client A. I need
to add a dstid to this config to make specific entries for each machine I
believe using ASN1_DN such as this? Or is there better way for clients with no
fixed IP or FQDN?

ikev2 passive esp \
from 0.0.0.0/0 to 10.0.5.0/24 \
peer any local 50.247.187.177 \
srcid 50.247.187.177 \
dstid
/C=US/ST=Illinois/L=HomeTown/O=OpenBSD/OU=iked/CN=myhostnameA.local/emailAddress=myem...@email.com
\
config address 10.0.5.0/24

ikev2 passive esp \
from 0.0.0.0/0 to 10.0.5.0/24 \
peer any local 50.247.187.177 \
srcid 50.247.187.177 \
dstid
/C=US/ST=Illinois/L=HomeTown/O=OpenBSD/OU=iked/CN=myhostnameB.local/emailAddress=myem...@email.com
\
config address 10.0.5.0/24

The problem is that no dstid format I can find will work. Once I add dstid it
fails to connect each time. Can someone help me here? Shouldn't this be
possible or am I reading the man page wrong. I'm certain the spelling is
correct and matches to the cert. The breakdown appears to be around here

Not working : Iked -dvv with ASN1_DN DSTID specified in iked.conf
ca_setauth: using SIG (RFC7427)
ca_setauth: auth length 393
ikev2_ike_auth_recv: unexpected auth method RSA_SIG, was expecting SIG

Working : iked -dvv with no DSTID specified in iked.conf
ca_setauth: switching SIG to RSA_SIG(*)
ca_setauth: auth length 393
ikev2_msg_auth: initiator auth data length 1156
ikev2_msg_authverify: method RSA_SIG keylen 1028 type X509_CERT
ikev2_msg_authverify: authentication successful

Creating a Partition for RAID Arrays

2020-09-16 Thread Justin Noor

Hello Misc,

We need to create a partition on an OpenBSD server for the sole purpose of
mounting RAID arrays.

The mount point would be something like:

/data

Then we will create directories in that partition and mount the arrays:

/data/raid1
/data/raid2
/data/raid3


How big should this partition be?

USB speakers

2020-08-14 Thread Justin Muir

Wondering whether anyone has experience with Logitech USB speakers?

Plugged in mine, did the rcctl rsnd/0 thingi from multimedia FAQ:
# rcctl set sndiod flags -f rsnd/0 -F rsnd/1
# rcctl restart sndiod

It doesn't work. As a matter of fact, the speaker light doesn't even come
on now.

Any suggestions?


tia!

J

Dmesg output below:

uaudio0 at uhub4 port 2 configuration 1 interface 1 "Logitech Logitech USB
Speaker" rev 1.10/0.07 addr 3
uaudio0: class v1, full-speed, sync, channels: 2 play, 0 rec, 7 ctls
audio1 at uaudio0
uhidev2 at uhub4 port 2 configuration 1 interface 2 "Logitech Logitech USB
Speaker" rev 1.10/0.07 addr 3
uhidev2: iclass 3/0
uhid3 at uhidev2: input=2, output=0, feature=0

Which AMD GPUs Work the Best with 6.7 Current and Above?

2020-07-22 Thread Justin Noor

Hello Misc,

Which AMD GPUs work the best for general purpose use?

“Best” is defined as the ability to run xenodm or startx to play every
videos, games, render 3D or CAD/CAM graphics, a desktop, etc. - without
causing any unexplainable or unreported crashes/freezes.

Specs:

6.7 Current
Ryzen 5 2600 processor

Thank you

how to mount phone?

2020-07-13 Thread Justin Muir

Hi,

Just wishing to mount my phone to access photos.

Here's the output from dmesg:

ugen0 at uhub0 port 3 "Alcatel U50? Alcatel U50?" rev 2.00/3.10 addr 2

Any ideas on how this might be mounted??


tia!

Encrypting vnodes with softraid0

2020-06-08 Thread Justin Noor

Hi @misc,

Is there anything problematic about encrypting vnode devices with
softraid0? I made this work on two USB drives and it seems to be fine.

For example, if I have a pre-existing external RAID5 array with 20TB of
pooled storage (filesystem type 4.2BSD), and I want to encrypt a 2TB
portion of it.

Create a 2TB file:

# dd if=/dev/urandom of=/mnt/cryptfile bs=1g count=2000

Create and format the vnode:

# vnconfig vnd0 /mnt/cryptfile
# fidisk -iy -g -b 960 vnd0
# disklabel -E vnd0 (Make one big 'a' partition of type 'RAID')

Create and format the crypto device, using a keydisk:

# bioctl -c C -k sd2a -l vnd0a softraid0
(device attached as sd3)
# dd if=/dev/zero of=/dev/rsd3c bs=1m count=1
# fdisk -iy -g -b 960 sd3
# disklabel -E sd3 (Make one big 'a' partition of type 4.2BSD)
# newfs sd3a

Mount the crypto device:

# mount /dev/sd3a /mnt/crypto_device

I feel like this method offers flexibility for those who don't need
full-disk encryption.

Re: Filling a 4TB Disk with Random Data

2020-06-04 Thread Justin Noor

Thanks you @misc.

Using dd with a large block size will likely be the course of action.

I really need to refresh my memory on this stuff. This is not something we
do, or need to do, everyday.

Paul your example shows:

bs=1048576

How did you choose that number? Could you have gone even bigger? Obviously
it is a multiple of 512.

The disks in point are 4TB Western Digital Blues. They have 4096 sector
sizes.

I used a 16G USB stick as a sacrificial lamb to experiment with dd.
Interestingly, there is no difference in time between 1m, 1k, and 1g. How
is that possible? Obviously this will not be an accurate comparison of the
WD disks, but it was still a good practice exercise.

Also Paul, to clarify a point you made, did you mean forget the random data
step, and just encrypt the disks with softraid0 crypto? I think I like that
idea because this is actually a traditional pre-encryption step. I don't
agree with it, but I respect the decision. For our purposes, encryption
only helps if the disks are off the machine, and someone is trying to
access them. This automatically implies that they were stolen. The chances
of disk theft around here are slim to none. We have no reason to worry
about forensics either - we're not storing nuclear secrets.

Thanks for your time

On Mon, Jun 1, 2020 at 7:28 AM Paul de Weerd  wrote:

> On Mon, Jun 01, 2020 at 06:58:01AM -0700, Justin Noor wrote:
> | Hi Misc,
> |
> | Has anyone ever filled a 4TB disk with random data and/or zeros with
> | OpenBSD?
>
> I do this before disposing of old disks.  Have written random data to
> several sizes of disk, not sure if I ever wiped a 4TB disk.
>
> | How long did it take? What did you use (dd, openssl)? Can you share the
> | command that you used?
>
> It takes quite some time, but OpenBSD (at least on modern hardware)
> can generate random numbers faster than you can write them to spinning
> disks (may be different with those fast nvme(4) disks).
>
> I simply used dd, with a large block size:
>
> dd if=/dev/random of=/dev/sdXc bs=1048576
>
> And then you wait.  The time it takes really depends on two factors:
> the size of the disk and the speed at which you write (whatever the
> bottleneck).  If you start, you can send dd the 'INFO' signal (`pkill
> -INFO dd` (or press Ctrl-T if your shell is set up for it with `stty
> status ^T`))  This will give you output a bit like:
>
> 30111+0 records in
> 30111+0 records out
> 31573671936 bytes transferred in 178.307 secs (177074202 bytes/sec)
>
> Now take the size of the disk in bytes, divide it by that last number
> and subtract the second number.  This is a reasonable ball-park
> indication of time remaining.
>
> Note that if you're doing this because you want to prevent others from
> reading back even small parts of your data, you are better of never
> writing your data in plain text (e.g. using softraid(4)'s CRYPTO
> discipline), or (if it's too late for that), to physically destroy the
> storage medium.  Due to smart disks remapping your data in case of
> 'broken' sectors, some old data can never be properly overwritten.
>
> Cheers,
>
> Paul 'WEiRD' de Weerd
>
> --
> >[<++>-]<+++.>+++[<-->-]<.>+++[<+
> +++>-]<.>++[<>-]<+.--.[-]
>  http://www.weirdnet.nl/
>

Filling a 4TB Disk with Random Data

2020-06-01 Thread Justin Noor

Hi Misc,

Has anyone ever filled a 4TB disk with random data and/or zeros with
OpenBSD?

How long did it take? What did you use (dd, openssl)? Can you share the
command that you used?

Thank you so much

Re: Failed to install bootblocks. You will not be able to boot OpenBSD

2020-04-04 Thread Justin Noor

Hi Otto,

Yes you're right - I wiped the 'i' partition during the custom
installation. I started over from scratch leaving the 'i' partition intact
and the installation was successful. Thank you for your time.

On Fri, Apr 3, 2020 at 12:49 PM Otto Moerbeek  wrote:

> On Fri, Apr 03, 2020 at 05:03:23PM +0200, Otto Moerbeek wrote:
>
> > On Fri, Apr 03, 2020 at 07:11:12AM -0700, Justin Noor wrote:
> >
> > > Hello OpenBSD Community,
> > >
> > > Hope you all are staying safe during these crazy times.
> > >
> > > I am looking for any feedback on an installation error that occurred
> using
> > > the custom-layout partition option across two SSDs.
> > >
> > > ERROR:
> > >
> > >   Installboot: no OpenBSD partition
> > >   Failed to install bootblocks.
> > >   You will not be able to boot OpenBSD from sd0
> > >
> > > VERSION:
> > >
> > >   OpenBSD 6.6 release/install66.fs media
> >
> > I don't think so, the logs below shows you were using a snapshot, or
> > maybe a mixed install (boot from a snap install.fs, but install older
> > sets; don't do that).
> >
> > That would be my bet. Since you neglected to show any more detailad
> > info like the way you partitioned or an install log it is impossible
> > to diagnose what is going on.
>
> Thought about it a bit more. Since you did an EFI install and
> installboot did not find your EFI partion (it fell back to MBR) I must
> conclude that your custom disklabel did not include an entry for the
> EFI partition. Normally that would have been the 'i' partition in the
> auto-created disklabel.
>
>
> -Otto
> >
> > >
> > > MACHINE ARCHITECTURE:
> > >
> > >   amd64/AMD Ryzen 5 chipset
> > >
> > > BACKGROUND:
> > >
> > > The plan was to install OpenBSD 6.6 across two disks. Previously, these
> > > disks had FreeBSD-12.1-ZFS installed on them. Since the disks were new
> and
> > > had no data on them, other than the FreeBSD installation sets, I
> decided
> > > not to clean the boot code area with 'dd if=/dev/zero of=/dev/rsd0c
> bs=1
> > > count=1'.
> > >
> > > INSTALLATION STEPS:
> > >
> > >   1) Initialized disks for a GPT schema:
> > >
> > >  # fdisk -iy -g -b 960 sd0
> > >  # fdisk -iy -g -b 960 sd1
> > >
> > >   2) Entered the installer, choosing the custom-layout option for a
> whole
> > > disk GPT
> > >   3) Cleared the auto-generated partitions, and created all new
> partitions
> > > across sd0 and sd1
> > >   4) At the error installer dropped into a shell. At the shell, I
> entered
> > > reboot, and the machine booted.
> > >   5) Logged into the machine and ran the installboot command:
> > >
> > >  $ doas installboot -nv sd0
> > >
> > >  Output:
> > >
> > >Using / as root
> > >would install bootstrap on /dev/rsd0c
> > >using first-stage /usr/mdec/biosboot, second-stage
> /usr/mdec/boot
> > >would copy /usr/mdec/boot to //boot
> > >looking for superblock at 65536
> > >bad superblock magic 0x0
> > >lookign for superblock at 8192
> > >found valid ffs1 superblock
> > >//boot is 6 blocks x 16384 bytes
> > >fs block shift 2; part offset 1024; inode block 24, offset 1704
> > >expecting 32-bit fs blocks (incr 0)
> > >master boot record (MBR) at secto 0
> > >partition 0: type 0xEE offset 1 size 4294967295
> > >installboot: no OpenBSD partition
> > >
> > > KEY OBSERVATIONS:
> > >
> > >   1) The error only occurs with the custom-layout option. When OpenBSD
> is
> > > installed on a single disk using the auto-layout option, the error
> does not
> > > occur
> > >
> > >   2) The error says there is "no OpenBSD partition," but there is an
> > > OpenBSD partition.
> > >
> > >   $ doas fdisk sd0
> > >
> > >   Output:
> > >
> > >Disk: sd0  Usable LBA: 64 to 976772081 [976772081 Sectors]
> > >   #: type   [start:size ]
> > >
> > >
> 
> > >   1: EFI Sys  [ 64: 960 ]
> > >   2: OpenBSD  [ 1024:   976772081 ]
> > >
> &g

Failed to install bootblocks. You will not be able to boot OpenBSD

2020-04-03 Thread Justin Noor

Hello OpenBSD Community,

Hope you all are staying safe during these crazy times.

I am looking for any feedback on an installation error that occurred using
the custom-layout partition option across two SSDs.

ERROR:

  Installboot: no OpenBSD partition
  Failed to install bootblocks.
  You will not be able to boot OpenBSD from sd0

VERSION:

  OpenBSD 6.6 release/install66.fs media

MACHINE ARCHITECTURE:

  amd64/AMD Ryzen 5 chipset

BACKGROUND:

The plan was to install OpenBSD 6.6 across two disks. Previously, these
disks had FreeBSD-12.1-ZFS installed on them. Since the disks were new and
had no data on them, other than the FreeBSD installation sets, I decided
not to clean the boot code area with 'dd if=/dev/zero of=/dev/rsd0c bs=1
count=1'.

INSTALLATION STEPS:

  1) Initialized disks for a GPT schema:

 # fdisk -iy -g -b 960 sd0
 # fdisk -iy -g -b 960 sd1

  2) Entered the installer, choosing the custom-layout option for a whole
disk GPT
  3) Cleared the auto-generated partitions, and created all new partitions
across sd0 and sd1
  4) At the error installer dropped into a shell. At the shell, I entered
reboot, and the machine booted.
  5) Logged into the machine and ran the installboot command:

 $ doas installboot -nv sd0

 Output:

   Using / as root
   would install bootstrap on /dev/rsd0c
   using first-stage /usr/mdec/biosboot, second-stage /usr/mdec/boot
   would copy /usr/mdec/boot to //boot
   looking for superblock at 65536
   bad superblock magic 0x0
   lookign for superblock at 8192
   found valid ffs1 superblock
   //boot is 6 blocks x 16384 bytes
   fs block shift 2; part offset 1024; inode block 24, offset 1704
   expecting 32-bit fs blocks (incr 0)
   master boot record (MBR) at secto 0
   partition 0: type 0xEE offset 1 size 4294967295
   installboot: no OpenBSD partition

KEY OBSERVATIONS:

  1) The error only occurs with the custom-layout option. When OpenBSD is
installed on a single disk using the auto-layout option, the error does not
occur

  2) The error says there is "no OpenBSD partition," but there is an
OpenBSD partition.

  $ doas fdisk sd0

  Output:

   Disk: sd0  Usable LBA: 64 to 976772081 [976772081 Sectors]
  #: type   [start:size ]


  1: EFI Sys  [ 64: 960 ]
  2: OpenBSD  [ 1024:   976772081 ]

  3) The machine seems to boot and run fine.

 $ doas reboot

  Output:

  probing: pc0 mem[640K 63M 92M 16M 3308M 1M 42M 29171M]
  disk: hd0 hd1
  >> OpenBSD/amd64 BOOTX64 3.46
  boot>
  booting hd0a:/bsd: 12858696+2749448+326464+0+704512
[806406+128+1021271]

  4) The system successfully updates to current - it generates the error -
but it updates and reboots on its own.

  5) The 'installboot' command generates a "bad superblock magic 0x0" error

QUESTIONS:

  Why does the error say that there is no OpenBSD partition?
  Why does the error only occur with the custom-layout option?
  Should I have cleaned the boot-code region with dd if=/dev/zero
of=/dev/rsd0c bs=1 count=1 before the installation?
  Is the "bad superblock magic 0x0 error" related to pre-existing garabage
in the boot-code region?

alacritty build

2020-03-10 Thread Justin Muir

Just wishing to give alacritty a go so I git'd the source and did a cargo
build.

I get this error after a while:

LLVM ERROR: out of memory
error: Could not compile `alacritty`

I tried increasing the dataset-cur and -max to 4000M in login.conf, didn't
seem to work.

Any ideas?

tia!

j

Re: Catastrophic machine freezes - X related

2020-03-08 Thread Justin Noor

You’re using tmux with or without X? We’re getting different errors. Thus
far my errors are definitely X related.

Coincidentally I was just working on this. My machine crashed, and my logs
are showing:

rwsleep_nsec: Xorg[98908]: fsleep: trying to sleep zero nanoseconds

I’m looking into it as we speak.

On Sun, Mar 8, 2020 at 4:09 PM Avon Robertson  wrote:

> On Sat, Feb 29, 2020 at 07:41:59AM -0800, Justin Noor wrote:
> > Awesome - thank you for your time and for the valuable information.
> >
> > That’s hilarious about the serial port. I’ll try plugging into a switch,
> > reproducing the crash, and SSHing into it. I still haven’t tried the
> > syslogd tip you mentioned either. It’s time for me to start learning more
> > about X. Will be in touch.
> >
> > Regards
> >
> > On Fri, Feb 28, 2020 at 6:57 AM Stuart Longland <
> stua...@longlandclan.id.au>
> > wrote:
> >
> > > On 28/2/20 11:32 pm, Justin Noor wrote:
> > > > Thanks for offering to help and sorry for the delay - I got dragged
> into
> > > a
> > > > work emergency. I finally managed to SCP my dmesg to a remote
> machine.
> > >
> > > Heh, no problems, these things happen.
> > >
> > > > As a refresher I have a 6.6 current machine that crashes when X is
> > > running,
> > > > and almost instantly when Firefox is running - it runs fine without
> X.
> > > The
> > > > machine becomes totally frozen - I have to perform a forced shutdown
> to
> > > > exit this state. The issue appears to be graphics related and is
> > > > inconsistent - sometimes it crashes immediately, other times it does
> not.
> > >
> > > Sometimes it might be the way a particular graphics toolkit "tickles"
> > > the video hardware too.  For instance FVWM uses libxcb for drawing
> > > graphics which means you're likely to be just working with 2D
> primitives.
> > >
> > > Then Firefox with its GTK+ back-end fires off a few RENDER extension
> > > requests to the X server and whoopsie!  Down she goes!
> > >
> > > > There are indeed some "unknown product" messages related to my PCI
> > > graphics
> > > > card in my dmesg, but I haven't been able to decipher them yet. Those
> > > > usually mean the device is not supported, but it is, and I'm sure I
> have
> > > > the correct driver (amdgpu0). Previously I had no issues for months,
> > > which
> > > > is why I suspected hardware failure. Admittedly I've been lucky with
> > > > graphics cards over the years, and don't know much about PCI.
> > >
> > > No issues for months running a previous version of OpenBSD or the same
> > > you're running now?
> > >
> > > One suggestion I made too was to maybe try setting up a serial console
> > > link… turns out the motherboard makers know how to tease:
> > >
> > > > com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
> > > > com0: probed fifo depth: 0 bytes
> > >
> > > That says there is a RS-232 port somewhere… so I had a look at the
> > > handbook:
> > >
> > >
> https://dlcdnets.asus.com/pub/ASUS/mb/SocketAM4/ROG_STRIX_B450-I_GAMING/E14337_ROG_STRIX_B450-I_GAMING_UM_PRINT.pdf
> > >
> > > They didn't wire it up to a pin header, which is annoying.
> > >
> > > On the video front, I did see this:
> > > > initializing kernel modesetting (POLARIS11 0x1002:0x67EF
> 0x1002:0x0B04
> > > > 0xE5).
> > > > amdgpu_irq_add_domain: stub
> > > > amdgpu_device_resize_fb_bar: stub
> > > > amdgpu: [powerplay] Failed to retrieve minimum clocks.
> > > > amdgpu0: 1360x768, 32bpp
> > > > wsdisplay0 at amdgpu0 mux 1: console (std, vt100 emulation), using
> wskbd0
> > > > wskbd1: connecting to wsdisplay0
> > > > wsdisplay0: screen 1-5 added (std, vt100 emulation)
> > >
> > > The "stub" messages make me wonder if we're hitting some
> > > not-yet-implemented features.  That "failed to retrieve minimum clocks"
> > > has been seen on Linux as well, and there it was related to PCI
> prefetch
> > > register programming.
> > >
> > > The machine you've got isn't much different to what I have at work
> > > actually: Rysen 7 1700 (so previous generation), and a RX550 video card
> > > (POLARIS12, maybe slightly newer?)… the machine is fitted with a RS-232
> > > serial port so I might try a little experiment wi

upgrade i386 kernel to amd64

2020-03-02 Thread Justin Muir

Hello all,

Running GENERIC i386 kernel on on a 64-bit amd machine. Just wondering
whether an upgrade amd64 is warranted. Any opinions?

If so, just upgrade system? Re-compile kernel? Other options?


tia!

J

Re: Catastrophic

2020-02-29 Thread Justin Noor

Yeah like Stuart said I need to reproduce the crash and get inside the
machine when it’s in that state. To be continued.

Best

On Fri, Feb 28, 2020 at 7:42 PM Avon Robertson  wrote:

> On Sat, Feb 29, 2020 at 12:57:07AM +1000, Stuart Longland wrote:
> > On 28/2/20 11:32 pm, Justin Noor wrote:
> > > Thanks for offering to help and sorry for the delay - I got dragged
> into a
> > > work emergency. I finally managed to SCP my dmesg to a remote machine.
> >
> > Heh, no problems, these things happen.
> >
> > > As a refresher I have a 6.6 current machine that crashes when X is
> running,
> > > and almost instantly when Firefox is running - it runs fine without X.
> The
> > > machine becomes totally frozen - I have to perform a forced shutdown to
> > > exit this state. The issue appears to be graphics related and is
> > > inconsistent - sometimes it crashes immediately, other times it does
> not.
> >
> > Sometimes it might be the way a particular graphics toolkit "tickles"
> > the video hardware too.  For instance FVWM uses libxcb for drawing
> > graphics which means you're likely to be just working with 2D primitives.
> >
> > Then Firefox with its GTK+ back-end fires off a few RENDER extension
> > requests to the X server and whoopsie!  Down she goes!
> >
> > > There are indeed some "unknown product" messages related to my PCI
> graphics
> > > card in my dmesg, but I haven't been able to decipher them yet. Those
> > > usually mean the device is not supported, but it is, and I'm sure I
> have
> > > the correct driver (amdgpu0). Previously I had no issues for months,
> which
> > > is why I suspected hardware failure. Admittedly I've been lucky with
> > > graphics cards over the years, and don't know much about PCI.
> >
> > No issues for months running a previous version of OpenBSD or the same
> > you're running now?
> >
> > One suggestion I made too was to maybe try setting up a serial console
> > link… turns out the motherboard makers know how to tease:
> >
> > > com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
> > > com0: probed fifo depth: 0 bytes
> >
> > That says there is a RS-232 port somewhere… so I had a look at the
> handbook:
> >
> https://dlcdnets.asus.com/pub/ASUS/mb/SocketAM4/ROG_STRIX_B450-I_GAMING/E14337_ROG_STRIX_B450-I_GAMING_UM_PRINT.pdf
> >
> > They didn't wire it up to a pin header, which is annoying.
> >
> > On the video front, I did see this:
> > > initializing kernel modesetting (POLARIS11 0x1002:0x67EF 0x1002:0x0B04
> > > 0xE5).
> > > amdgpu_irq_add_domain: stub
> > > amdgpu_device_resize_fb_bar: stub
> > > amdgpu: [powerplay] Failed to retrieve minimum clocks.
> > > amdgpu0: 1360x768, 32bpp
> > > wsdisplay0 at amdgpu0 mux 1: console (std, vt100 emulation), using
> wskbd0
> > > wskbd1: connecting to wsdisplay0
> > > wsdisplay0: screen 1-5 added (std, vt100 emulation)
> >
> > The "stub" messages make me wonder if we're hitting some
> > not-yet-implemented features.  That "failed to retrieve minimum clocks"
> > has been seen on Linux as well, and there it was related to PCI prefetch
> > register programming.
> >
> > The machine you've got isn't much different to what I have at work
> > actually: Rysen 7 1700 (so previous generation), and a RX550 video card
> > (POLARIS12, maybe slightly newer?)… the machine is fitted with a RS-232
> > serial port so I might try a little experiment with a USB stick and see
> > if I can install OpenBSD 6.6 to USB storage and try to reproduce the
> crash.
> > --
> > Stuart Longland (aka Redhatter, VK4MSL)
> >
> > I haven't lost my mind...
> >   ...it's backed up on a tape somewhere.
> >
>
> Hello Justin and Stuart,
>
> I hope the following may be of help in solving the cause of the crash.
>
> I have experienced a similar type of crash when using X on this machine
> for approximately the last 6 weeks. Prior to this, X had been running on
> this machine without apparent problems for 12 plus months.
>
> The only browser installed on this machine is lynx(1). My crashes have
> been random with no recognised culprit at the time of the crash, which
> usually occurred within 10 minutes of invoking startx(1).
>
> fvwm(1) is the only window manager installed on this machine. All my
> crashes have required the machine to be powered off to regain control.
>
> This machine's graphics card was identified by it's vendor as a:
>   Sapphire Nitro+ RX580 8G GDDR5 Graphics C

Re: Catastrophic

2020-02-29 Thread Justin Noor

Awesome - thank you for your time and for the valuable information.

That’s hilarious about the serial port. I’ll try plugging into a switch,
reproducing the crash, and SSHing into it. I still haven’t tried the
syslogd tip you mentioned either. It’s time for me to start learning more
about X. Will be in touch.

Regards

On Fri, Feb 28, 2020 at 6:57 AM Stuart Longland 
wrote:

> On 28/2/20 11:32 pm, Justin Noor wrote:
> > Thanks for offering to help and sorry for the delay - I got dragged into
> a
> > work emergency. I finally managed to SCP my dmesg to a remote machine.
>
> Heh, no problems, these things happen.
>
> > As a refresher I have a 6.6 current machine that crashes when X is
> running,
> > and almost instantly when Firefox is running - it runs fine without X.
> The
> > machine becomes totally frozen - I have to perform a forced shutdown to
> > exit this state. The issue appears to be graphics related and is
> > inconsistent - sometimes it crashes immediately, other times it does not.
>
> Sometimes it might be the way a particular graphics toolkit "tickles"
> the video hardware too.  For instance FVWM uses libxcb for drawing
> graphics which means you're likely to be just working with 2D primitives.
>
> Then Firefox with its GTK+ back-end fires off a few RENDER extension
> requests to the X server and whoopsie!  Down she goes!
>
> > There are indeed some "unknown product" messages related to my PCI
> graphics
> > card in my dmesg, but I haven't been able to decipher them yet. Those
> > usually mean the device is not supported, but it is, and I'm sure I have
> > the correct driver (amdgpu0). Previously I had no issues for months,
> which
> > is why I suspected hardware failure. Admittedly I've been lucky with
> > graphics cards over the years, and don't know much about PCI.
>
> No issues for months running a previous version of OpenBSD or the same
> you're running now?
>
> One suggestion I made too was to maybe try setting up a serial console
> link… turns out the motherboard makers know how to tease:
>
> > com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
> > com0: probed fifo depth: 0 bytes
>
> That says there is a RS-232 port somewhere… so I had a look at the
> handbook:
>
> https://dlcdnets.asus.com/pub/ASUS/mb/SocketAM4/ROG_STRIX_B450-I_GAMING/E14337_ROG_STRIX_B450-I_GAMING_UM_PRINT.pdf
>
> They didn't wire it up to a pin header, which is annoying.
>
> On the video front, I did see this:
> > initializing kernel modesetting (POLARIS11 0x1002:0x67EF 0x1002:0x0B04
> > 0xE5).
> > amdgpu_irq_add_domain: stub
> > amdgpu_device_resize_fb_bar: stub
> > amdgpu: [powerplay] Failed to retrieve minimum clocks.
> > amdgpu0: 1360x768, 32bpp
> > wsdisplay0 at amdgpu0 mux 1: console (std, vt100 emulation), using wskbd0
> > wskbd1: connecting to wsdisplay0
> > wsdisplay0: screen 1-5 added (std, vt100 emulation)
>
> The "stub" messages make me wonder if we're hitting some
> not-yet-implemented features.  That "failed to retrieve minimum clocks"
> has been seen on Linux as well, and there it was related to PCI prefetch
> register programming.
>
> The machine you've got isn't much different to what I have at work
> actually: Rysen 7 1700 (so previous generation), and a RX550 video card
> (POLARIS12, maybe slightly newer?)… the machine is fitted with a RS-232
> serial port so I might try a little experiment with a USB stick and see
> if I can install OpenBSD 6.6 to USB storage and try to reproduce the crash.
> --
> Stuart Longland (aka Redhatter, VK4MSL)
>
> I haven't lost my mind...
>   ...it's backed up on a tape somewhere.
>

Re: Catastrophic

2020-02-28 Thread Justin Noor

Thanks for offering to help and sorry for the delay - I got dragged into a
work emergency. I finally managed to SCP my dmesg to a remote machine.

As a refresher I have a 6.6 current machine that crashes when X is running,
and almost instantly when Firefox is running - it runs fine without X. The
machine becomes totally frozen - I have to perform a forced shutdown to
exit this state. The issue appears to be graphics related and is
inconsistent - sometimes it crashes immediately, other times it does not.
There are indeed some "unknown product" messages related to my PCI graphics
card in my dmesg, but I haven't been able to decipher them yet. Those
usually mean the device is not supported, but it is, and I'm sure I have
the correct driver (amdgpu0). Previously I had no issues for months, which
is why I suspected hardware failure. Admittedly I've been lucky with
graphics cards over the years, and don't know much about PCI.

dmesg:

OpenBSD 6.6-current (GENERIC) #606: Fri Jan 31 19:02:51 MST 2020
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 34268147712 (32680MB)
avail mem = 33217200128 (31678MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xe68e0 (48 entries)
bios0: vendor American Megatrends Inc. version "1001" date 09/27/2018
bios0: ASUSTeK COMPUTER INC. ROG STRIX B450-I GAMING
acpi0 at bios0: ACPI 6.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT FIDT SSDT SSDT CRAT CDIT SSDT MCFG SSDT
HPET SSDT UEFI BGRT WPBT IVRS SSDT
acpi0: wakeup devices GPP0(S4) GPP0(S4) GPP1(S4) GPP3(S4) GPP4(S4) GPP5(S4)
GPP6(S4) GPP7(S4) GPP8(S4) X161(S4) GPP9(S4) X162(S4) GPPA(S4) GPPB(S4)
GPPC(S4) GPPD(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Ryzen 5 2600 Six-Core Processor, 3394.18 MHz, 17-08-02
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA,IBPB,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu0: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB
64b/line 8-way L2 cache, 16MB 64b/line 16-way L3 cache
cpu0: ITLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully
associative
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=1.1, IBE
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
cpu at mainbus0: not configured
ioapic0 at mainbus0: apid 13 pa 0xfec0, version 21, 24 pins
ioapic1 at mainbus0: apid 14 pa 0xfec01000, version 21, 32 pins
acpimcfg0 at acpi0
acpimcfg0: addr 0xf800, bus 0-63
acpihpet0 at acpi0: 14318180 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (GPP0)
acpiprt2 at acpi0: bus -1 (GPP1)
acpiprt3 at acpi0: bus -1 (GPP3)
acpiprt4 at acpi0: bus -1 (GPP4)
acpiprt5 at acpi0: bus -1 (GPP5)
acpiprt6 at acpi0: bus -1 (GPP6)
acpiprt7 at acpi0: bus -1 (GPP7)
acpiprt8 at acpi0: bus 6 (GPP8)
acpiprt9 at acpi0: bus -1 (GPP9)
acpiprt10 at acpi0: bus -1 (GPPA)
acpiprt11 at acpi0: bus -1 (GPPB)
acpiprt12 at acpi0: bus -1 (GPPC)
acpiprt13 at acpi0: bus -1 (GPPD)
acpiprt14 at acpi0: bus -1 (GPPE)
acpiprt15 at acpi0: bus -1 (GPPF)
acpiprt16 at acpi0: bus 7 (GP17)
acpiprt17 at acpi0: bus 8 (GP18)
acpiprt18 at acpi0: bus 1 (GPP2)
acpiec0 at acpi0
acpicpu0 at acpi0: C2(0@400 io@0x414), C1(0@1 mwait), PSS
acpipci0 at acpi0 PCI0: 0x0010 0x0011 0x
acpicmos0 at acpi0
acpibtn0 at acpi0: PWRB
amdgpio0 at acpi0: GPIO uid 0 addr 0xfed81500/0x400 irq 7, 184 pins
"AMDIF030" at acpi0 not configured
"PNP0C14" at acpi0 not configured
"PNP0C14" at acpi0 not configured
"PNP0C14" at acpi0 not configured
cpu0: 3394 MHz: speeds: 3400 2800 1550 MHz
pci0 at mainbus0 bus 0
ksmn0 at pci0 dev 0 function 0 "AMD 17h Root Complex" rev 0x00
"AMD 17h IOMMU" rev 0x00 at pci0 dev 0 function 2 not configured
pchb0 at pci0 dev 1 function 0 "AMD 17h PCIE" rev 0x00
ppb0 at pci0 dev 1 function 3 "AMD 17h PCIE" rev 0x00: msi
pci1 at ppb0 bus 1
xhci0 at pci1 dev 0 function 0 vendor "AMD", unknown product 0x43d5 rev
0x01: msi, xHCI 1.10
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 configuration 1 interface 0 "AMD xHCI root hub" rev 3.00/1.00
addr 1
ahci0 at pci1 dev 0 function 1 "AMD 400 Series AHCI" rev 0x01: msi,

Re: error on xfce4 ports build

2020-02-16 Thread Justin Muir

Awesome! Thanks!

:)



On Sun, Feb 16, 2020 at 3:55 PM Justin Muir  wrote:

> Any ideas for this error??
>
> ==>  Checking files for gtk-xfce-engine-3.2.0p4
> >> Fetch
> https://archive.xfce.org/src/xfce/gtk-xfce-engine/3.2/gtk-xfce-engine-3.2.0.tar.bz2
> ftp: Error retrieving file: 404 Not Found
> >> Fetch
> https://ftp.openbsd.org/pub/OpenBSD/distfiles/xfce4/gtk-xfce-engine-3.2.0.tar.bz2
> ftp: Error retrieving file: 404 Not Found
> >> Fetch
> https://ftp.usa.openbsd.org/pub/OpenBSD/distfiles/xfce4/gtk-xfce-engine-3.2.0.tar.bz2
> ftp: Error retrieving file: 404 Not Found
> >> Fetch
> https://ftp.fr.openbsd.org/pub/OpenBSD/distfiles/xfce4/gtk-xfce-engine-3.2.0.tar.bz2
> ftp: Error retrieving file: 404 Not Found
> *** Error 1 in /usr/ports/x11/xfce4/gtk-xfce-engine
> (/usr/ports/infrastructure/mk/bsd.port.mk:2997
> '/usr/ports/distfiles/xfce4/gtk-xfce-engine-3.2.0.tar.bz2')
> *** Error 1 in /usr/ports/x11/xfce4/gtk-xfce-engine
> (/usr/ports/infrastructure/mk/bsd.port.mk:2327 '_internal-fetch')
> *** Error 1 in /usr/ports/x11/xfce4/gtk-xfce-engine
> (/usr/ports/infrastructure/mk/bsd.port.mk:2530
> '/usr/ports/pobj/gtk-xfce-engine-3.2.0/.extract_done')
> *** Error 1 in /usr/ports/x11/xfce4/gtk-xfce-engine
> (/usr/ports/infrastructure/mk/bsd.port.mk:2006
> '/usr/ports/packages/i386/all/gtk-xfce-engine-3.2.0p4.tgz')
> *** Error 1 in /usr/ports/x11/xfce4/gtk-xfce-engine
> (/usr/ports/infrastructure/mk/bsd.port.mk:2472 '_internal-package')
> *** Error 1 in /usr/ports/x11/xfce4/gtk-xfce-engine
> (/usr/ports/infrastructure/mk/bsd.port.mk:2451 'package')
> *** Error 1 in /usr/ports/x11/xfce4/gtk-xfce-engine
> (/usr/ports/infrastructure/mk/bsd.port.mk:2024
> '/var/db/pkg/gtk-xfce-engine-3.2.0p4/+CONTENTS')
> *** Error 1 in /usr/ports/x11/xfce4/gtk-xfce-engine
> (/usr/ports/infrastructure/mk/bsd.port.mk:2451 'install')
> ===> Exiting x11/xfce4/gtk-xfce-engine with an error
> *** Error 1 in /home/jkm/ports/x11/xfce4 (/usr/ports/infrastructure/mk/
> bsd.port.subdir.mk:137 'install')
>

error on xfce4 ports build

2020-02-16 Thread Justin Muir

Any ideas for this error??

==>  Checking files for gtk-xfce-engine-3.2.0p4
>> Fetch
https://archive.xfce.org/src/xfce/gtk-xfce-engine/3.2/gtk-xfce-engine-3.2.0.tar.bz2
ftp: Error retrieving file: 404 Not Found
>> Fetch
https://ftp.openbsd.org/pub/OpenBSD/distfiles/xfce4/gtk-xfce-engine-3.2.0.tar.bz2
ftp: Error retrieving file: 404 Not Found
>> Fetch
https://ftp.usa.openbsd.org/pub/OpenBSD/distfiles/xfce4/gtk-xfce-engine-3.2.0.tar.bz2
ftp: Error retrieving file: 404 Not Found
>> Fetch
https://ftp.fr.openbsd.org/pub/OpenBSD/distfiles/xfce4/gtk-xfce-engine-3.2.0.tar.bz2
ftp: Error retrieving file: 404 Not Found
*** Error 1 in /usr/ports/x11/xfce4/gtk-xfce-engine
(/usr/ports/infrastructure/mk/bsd.port.mk:2997
'/usr/ports/distfiles/xfce4/gtk-xfce-engine-3.2.0.tar.bz2')
*** Error 1 in /usr/ports/x11/xfce4/gtk-xfce-engine
(/usr/ports/infrastructure/mk/bsd.port.mk:2327 '_internal-fetch')
*** Error 1 in /usr/ports/x11/xfce4/gtk-xfce-engine
(/usr/ports/infrastructure/mk/bsd.port.mk:2530
'/usr/ports/pobj/gtk-xfce-engine-3.2.0/.extract_done')
*** Error 1 in /usr/ports/x11/xfce4/gtk-xfce-engine
(/usr/ports/infrastructure/mk/bsd.port.mk:2006
'/usr/ports/packages/i386/all/gtk-xfce-engine-3.2.0p4.tgz')
*** Error 1 in /usr/ports/x11/xfce4/gtk-xfce-engine
(/usr/ports/infrastructure/mk/bsd.port.mk:2472 '_internal-package')
*** Error 1 in /usr/ports/x11/xfce4/gtk-xfce-engine
(/usr/ports/infrastructure/mk/bsd.port.mk:2451 'package')
*** Error 1 in /usr/ports/x11/xfce4/gtk-xfce-engine
(/usr/ports/infrastructure/mk/bsd.port.mk:2024
'/var/db/pkg/gtk-xfce-engine-3.2.0p4/+CONTENTS')
*** Error 1 in /usr/ports/x11/xfce4/gtk-xfce-engine
(/usr/ports/infrastructure/mk/bsd.port.mk:2451 'install')
===> Exiting x11/xfce4/gtk-xfce-engine with an error
*** Error 1 in /home/jkm/ports/x11/xfce4 (/usr/ports/infrastructure/mk/
bsd.port.subdir.mk:137 'install')

Re: Catastrophic

2020-02-11 Thread Justin Noor

Yes the machine runs without X. I can scp a copy of my dmesg to a remote
machine and go from there. Will be in touch soon. Thank you.

On Sun, Feb 9, 2020 at 3:06 PM Stuart Longland 
wrote:

> On 27/1/20 11:59 pm, Justin Noor wrote:
> > I am unable to send any log files or anything. I had to send this
> > email from a different machine. I can take pictures of log files and
> > transfer the information, but I'm not sure where to start.
>
> A `dmesg` before the crash would at least tell us whether there's
> problematic hardware/drivers in use.  Even though it's not taken at the
> moment of the crash doesn't mean it's worthless.
>
> Has the machine got a serial port?  Maybe you could hook that up to a
> logging terminal emulator on another computer via a null-modem cable?
> (It may need to be a PCI(e)-connected serial port rather than USB, not
> many OSes support serial console over USB due to the complexities of USB
> itself.)
>
> Maybe you could configure syslogd(8) to send its logs via UDP to a
> syslog on another computer?  It might not catch the very last log
> messages, but maybe might capture enough?
> --
> Stuart Longland (aka Redhatter, VK4MSL)
>
> I haven't lost my mind...
>   ...it's backed up on a tape somewhere.
>
>

Re: strange dmesg

2020-02-08 Thread Justin Noor

Thank you. Yes they are truly superb devices. I’m using the RAM that it
came with, but I did change the mSATA SSD to a Samsung Evo. I haven’t found
time to investigate the weird output, but I don’t suspect any corruption -
the device works fine. Probably some garbage from previous boots as was
mentioned earlier. First time I’ve experienced that.

On Sat, Feb 8, 2020 at 4:50 PM Predrag Punosevac 
wrote:

> Justin Noor wrote:
>
> > I have the same output on a Protecli firewall device (it's not in
> > production yet) running 6.6 stable, and have yet to figure out what it
> > is.
> > I'm planning to spend some time on it next week. It's a brand new device
> > and there were no errors during installation.
> >
> > Specs:
> >
> >- Intel Dual Core Celeron J1800, 64 bit, 2.4GHz, 2MB L2 Cache
> >- 2 Intel Gigabit Ethernet NIC ports
> >- 2GB DDR3 RAM, 250GB Samsung Evo 860 mSATA SSD
>
> Protecli are super picky about RAM and SSD drives. I have had one in
> production for almost three years now. No problems. Please see dmesg
>
>
> OpenBSD 6.6 (GENERIC.MP) #4: Wed Jan 15 10:55:43 MST 2020
> r...@syspatch-66-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/
> GENERIC.MP
> real mem = 4165738496 (3972MB)
> avail mem = 4026773504 (3840MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xebea0 (51 entries)
> bios0: vendor American Megatrends Inc. version "5.6.5" date 08/15/2016
> acpi0 at bios0: ACPI 5.0
> acpi0: sleep states S0 S3 S4 S5
> acpi0: tables DSDT FACP APIC FPDT FIDT TCPA MCFG HPET SSDT SSDT SSDT UEFI
> SSDT TPM2
> acpi0: wakeup devices EHC1(S4) PXSX(S4) PXSX(S4) PXSX(S4) PXSX(S4)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz, 2000.33 MHz, 06-37-08
> cpu0:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
> cpu0: 1MB 64b/line 16-way L2 cache
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
> cpu0: apic clock running at 83MHz
> cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3.3, IBE
> cpu1 at mainbus0: apid 2 (application processor)
> cpu1: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz, 2000.01 MHz, 06-37-08
> cpu1:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
> cpu1: 1MB 64b/line 16-way L2 cache
> cpu1: smt 0, core 1, package 0
> cpu2 at mainbus0: apid 4 (application processor)
> cpu2: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz, 2000.02 MHz, 06-37-08
> cpu2:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
> cpu2: 1MB 64b/line 16-way L2 cache
> cpu2: smt 0, core 2, package 0
> cpu3 at mainbus0: apid 6 (application processor)
> cpu3: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz, 2000.01 MHz, 06-37-08
> cpu3:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
> cpu3: 1MB 64b/line 16-way L2 cache
> cpu3: smt 0, core 3, package 0
> ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 87 pins
> acpimcfg0 at acpi0
> acpimcfg0: addr 0xe000, bus 0-255
> acpihpet0 at acpi0: 14318179 Hz
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus 1 (RP01)
> acpiprt2 at acpi0: bus 2 (RP02)
> acpiprt3 at acpi0: bus 3 (RP03)
> acpiprt4 at acpi0: bus 4 (RP04)
> acpiec0 at acpi0: not present
> acpicpu0 at acpi0: C3(10@1500 mwait.1@0x52), C2(10@500 mwait.1@0x51),
> C1(1000@1 mwait.1), PSS
> acpicpu1 at acpi0: C3(10@1500 mwait.1@0x52), C2(10@500 mwait.1@0x51),
> C1(1000@1 mwait.1), PSS
> acpicpu2 at acpi0: C3(10@1500 mwait.1@0x52), C2(10@500 mwait.1@0x51),
> C1(1000@1 mwai

Re: strange dmesg

2020-02-08 Thread Justin Noor

I have the same output on a Protecli firewall device (it’s not in
production yet) running 6.6 stable, and have yet to figure out what it is.
I’m planning to spend some time on it next week. It’s a brand new device
and there were no errors during installation.

Specs:

   - Intel Dual Core Celeron J1800, 64 bit, 2.4GHz, 2MB L2 Cache
   - 2 Intel Gigabit Ethernet NIC ports
   - 2GB DDR3 RAM, 250GB Samsung Evo 860 mSATA SSD


On Sat, Feb 8, 2020 at 4:39 AM Peter Nicolai Mathias Hansteen <
pe...@bsdly.net> wrote:

>
>
> > 8. feb. 2020 kl. 11:28 skrev whistlez...@riseup.net:
> >
> > Hi,
> > I have some strange output from dmesg, what could be ?
> > At the follwoing link I've posted some screenshots:
> > https://postimg.cc/gallery/1o4wsaw74/
>
>
> Is this running on bare metal, or under a hypervisor of some sort?
>
> I vaguely remember odd dimes output like that on IIRC an early VMWare
> installs, but it *has* been a while.
>
> Then of course the simplest explanation is, as already mentioned in this
> thread, file system corruption.
>
> All the best,
> Peter
>
> —
> Peter N. M. Hansteen, member of the first RFC 1149 implementation team
> http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
> "Remember to set the evil bit on all malicious network traffic"
> delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
>
>
>
>
>

checksums after reboot

2020-02-07 Thread Justin Muir

Hello all,

Posting here for the first time! Using OBSD as daily laptop OS. Trying to
be a little more security conscious these days by keeping checksums on
system files with mtree. Did a reboot and several files were changed
including libcrypto.so, ld.so and several other system-level files. Is this
normal??

mtree output follows:


mtree: /bin checksum: 1727474656
mtree: /sbin checksum: 3442833101
mtree: /usr checksum: 1137647171
lib:modification time (Wed Jan 22 12:41:38 2020, Tue Feb  4 12:04:32
2020)
lib/libc.so.95.1:
size (2893116, 2893120)
modification time (Wed Jan 22 12:41:36 2020, Tue Feb  4 12:04:30 2020)
cksum (3157776744, 4009476025)
MD5 (ab1ac574505c48273fedbbc0ce628837, 79bd6ff366c43996d157916fb63582f7)
SHA1 (ab723fb1ee1d29ee2ef9282f7a9a05b2c7baa0a7,
0f2197e19d56de6876159b36aac12ca6ec2f8246)
SHA256 (491b6c07959ff7b67786482f9b2b8ee3ba9ed3da501c0d8aa61bdc4ff05962f3,
4b41309ed9a31f40df7a4b15a83d2911b8fe49713258d6f4a0477e3925ed352e)
lib/libcrypto.so.45.5:
size (5547056, 5542960)
modification time (Wed Jan 22 12:41:38 2020, Tue Feb  4 12:04:32 2020)
cksum (198244208, 1460674157)
MD5 (a3106c3da6334b5e66678471cfc616a2, e1b2bb24ef6e666bf70e383bce21341e)
SHA1 (7ccdb9bbfe91bf90f51a968f8681f7ab46311ee7,
9859801e46dce71101faab10d08aba2808f1c05b)
SHA256 (85cdf3a869f7b3188e87b813c670e416254684c81899ecbb0d186d87170aca75,
99e632e94af1856eb5f68aa4e0615a6d308e016b5cd8dfd8870038880d1fbc23)
libexec:
modification time (Wed Jan 22 12:41:32 2020, Tue Feb  4 12:04:26 2020)
libexec/ld.so:
size (215548, 215552)
modification time (Wed Jan 22 12:41:32 2020, Tue Feb  4 12:04:26 2020)
cksum (1247483624, 793552794)
MD5 (9905b266b14fc2d226ae92586dd1f3d0, f1771f9168554ce3bde6cd79e05198b2)
SHA1 (3087dc9e170a80908a19edebf72fe3907b4c647a,
6718f467ef5fbeabfab9d1bd2bf0122e039f5ad6)
SHA256 (ce71cc30020003075394870afaef4cc1794ab338372fc6a97c5d3a6eba6f096b,
76e6b6b95b42b5da0f3e2c111bd2832146b0712777dbde37a0f25204d88c6afa)
libexec/ld.so.save:
size (215552, 215548)
modification time (Wed Jan 22 12:41:32 2020, Tue Feb  4 12:04:26 2020)
cksum (1798370619, 1247483624)
MD5 (f0e64f89b1fcbff4806d69ca445a0c51, 9905b266b14fc2d226ae92586dd1f3d0)
SHA1 (3ea8795779523b9068095a2cae4d4388d75aeeed,
3087dc9e170a80908a19edebf72fe3907b4c647a)
SHA256 (e9700844dfdbbbef868acdda2843508a02611f093e901fbbf622d9bea40813ca,
ce71cc30020003075394870afaef4cc1794ab338372fc6a97c5d3a6eba6f096b)
share/relink:
modification time (Wed Jan 22 12:41:39 2020, Tue Feb  4 12:04:33 2020)
share/relink/kernel/GENERIC:
modification time (Wed Jan 22 12:42:30 2020, Tue Feb  4 12:05:24 2020)
share/relink/kernel/GENERIC/bsd:
size (13945700, 13925900)
modification time (Wed Jan 22 12:42:30 2020, Tue Feb  4 12:05:24 2020)
cksum (464539173, 3244898984)
MD5 (2e406172ac7ea57fd1f56cdba1f60b9f, aa1e9e6168ace6cc91d82e2aa2fb411d)
SHA1 (4c23d13593deddab012cf82cd1e67ceaeab46416,
1007ca8ce0812310a5a26f3d9060a0e9a417e068)
SHA256 (362e93fadea3e3bdf8e50cc56990f937396f0609a0621dc302630b1080b9cf31,
1d1cf22ac0ad326b2e3ca3d4a2e6be504642c9a11fe037a1813aa1a4c91ef802)
share/relink/kernel/GENERIC/gap.link:
size (634, 631)
modification time (Wed Jan 22 12:41:48 2020, Tue Feb  4 12:04:42 2020)
cksum (1981958432, 961752797)
MD5 (589ad1b6f4305d090dbb7e2158c2bb35, 0ba71faab2723a5aabde95d4f07725be)
SHA1 (6b4c02f46d4395da19b22f95ba28980f15a6b994,
b52aadc87f24bae637fec694b0f93a8b4965a0fc)
SHA256 (cdd29668abd765048142c080c7a35e09872230859d6bab1d92834956aa513343,
46e43e101d671057924ad720a2ae0d483dced103cd8740700d816ea767e5bd2e)
share/relink/kernel/GENERIC/gap.o:
size (21800, 14104)
modification time (Wed Jan 22 12:41:48 2020, Tue Feb  4 12:04:42 2020)
cksum (1090661334, 3982993640)
MD5 (053a341056b532d186c5c4fff1791e28, 75577d98b4806bee0fdcb11cda4cf0d6)
SHA1 (fc70c1c93f88f29ae879dbdb9caaf6b182b42a50,
71e868021e27081dec7caf44598abec56b0d71f0)
SHA256 (db6fec4c6a83d4a83fb741e6d2d5404c150a60ab6ec5a59461509dca4dd60eb6,
2d5f14542c8b0ce723cec5ddfc061b7d004e4affdde8d598b7283e9e28a992aa)
share/relink/kernel/GENERIC/lorder:
modification time (Wed Jan 22 12:41:48 2020, Tue Feb  4 12:04:42 2020)
cksum (3296514911, 652483269)
MD5 (66b1c2484aac81982c3f94079cadb56f, f8861886168cdcfb068e904066b8c4eb)
SHA1 (7580d260d7f4585d61d931ffcf1a90efd615329e,
6af7b9d6a181d8077905e0067deff3008074727b)
SHA256 (9c853f9fce52528d93c1a502df80c446b333860197ba41aa52304e7f027b846b,
05afcba96ca3eb09028ef535e2e722c2a0c6a5c13d90dd6b5871cfb7485f362c)
share/relink/kernel/GENERIC/newbsd.gdb:
size (63382308, 63370020)
modification time (Wed Jan 22 12:42:21 2020, Tue Feb  4 12:05:15 2020)
cksum (1806893663, 2736864751)
MD5 (7e6ecd5e1e84d61fdadf3c8f4ff5791e, 83e37a3e229a6d55ff5b075c8030e0c9)
SHA1 (fbfd507a689705626129ee98c3b41e4f3277fc1d,
1c0761c2451ee8698195017098e1ffd9af04c089)
SHA256 (951dd865332281779e1f17320e8b954c39b31eff46f2b4267e010464a1ba7ea6,
e2622e41ee2cf5dcde6c00f557d7ff46908546340550617a5feaf0071e689673)
share/relink/kernel/GENERIC/relink.log:
modification time (Wed Jan 22 12:42:31 2020, Tue Feb  4 12:05:25

Catastrophic

2020-01-27 Thread Justin Noor

Hello community,

I'm looking for any advice on how to troubleshoot some strange and
catastrophic behavior on my OpenBSD machine. Seemingly out of nowhere, it
started freezing to the extent that only a forced shutdown (holding down
the power button) gets me out of it. I suspect it's some kind of hardware
failure, but I'm not 100% sure. It crashes when xenodm is running.
Especially with firefox--it crashes instantly. If I disable xenodm it runs
fine. I am unable to send any log files or anything. I had to send this
email from a different machine. I can take pictures of log files and
transfer the information, but I'm not sure where to start. Any feedback
would be greatly appreciated.

Machine specs:

Version: 6.6 Current (always up-to-date)
Architecture: amd64
Kernel: '$ uname -a' OpenBSD myhost.myhost.com 6.6 GENERIC#601 amd64
Chipset: AMD Ryzen 5
GPU: Radeon RX 560 series, amdgpu0: msi

Thank you,

Justin Noor

Re: Tools for writers

2019-11-02 Thread Justin Noor

Mr. Hansteen what are your thoughts on Texlive?

On Sat, Nov 2, 2019 at 9:16 AM Peter Nicolai Mathias Hansteen <
pe...@bsdly.net> wrote:

>
>
> > 2. nov. 2019 kl. 16:00 skrev Oliver Leaver-Smith :
> >
> > What tools do people find useful for writing on OpenBSD? By writing I
> mean long form such as novels and technical books, including plot and
> character development, outlining, and formatting for publishing (not all
> the same application necessarily)
> >
> > I have found a number which boast Linux support, but not really anything
> that stands out which supports OpenBSD (aside from the obvious LaTeX et al.)
>
> I really can’t speak to plot and character development, but all three
> editions of The Book of PF were written using OpenOffice and later
> LibreOffice write on OpenBSD snapshots.
>
> Earlier versions of that manuscript were developed using DocBook SGML
> (editing with emacs), but the publisher (fortunately) did not want any
> truck with that.
>
> For any new projects I would likely look half-heartedly for something
> markdown based but would probably end up going the LibreOffice route again.
>
> —
> Peter N. M. Hansteen, member of the first RFC 1149 implementation team
> http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
> "Remember to set the evil bit on all malicious network traffic"
> delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.
>
>
>
>
>

Re: Two part question on httpd

2019-10-21 Thread Justin Noor

Try these sites:

https://learnbchs.org
https://kristaps.bsd.lv/kcgi

On Mon, Oct 21, 2019 at 11:20 AM Jeremy  wrote:

> Hello,
>
> I am experimenting with httpd's cgi options.
>
> Why when I run binaries written in C from /var/www/cgi-bin, it's allowed
> but if I use other compiled languages (ex: Haskell) I need to adjust the
> wxallowed options for where /var/www/cgi-bin is mounted?
>
> Is this due to where it says: "...The base system has no W^X-violating
> programs, but the ports tree contains quite a few" in the following?
> https://www.openbsd.org/faq/upgrade60.html
>
> Additionally, if c/c++ are indeed the few compiled languages which do
> not violate this option, where might one find a library to write a
> C program which interacts with mysql/mariadb? So far, I have only found
> mysql++ and would prefer not to use c++ unless there are no other
> options. My goal is to write a simple REST api which interacts with
> mysql, and serves via httpd. I already have one written in PHP, but
> would like to port it to a compiled language.
>
> Regards,
>
> -J
>

Re: wrong pkg_add url after sysupgrade

2019-10-09 Thread Justin Noor

For future reference you could also:

export PKG_PATH=“
https://cdn.openbsd.org/pub/OpenBSD/snapshots/amd64”

Or whatever your preferred mirror is.

Then pkg_add -u should work

On Wed, Oct 9, 2019 at 6:42 AM shadrock uhuru  wrote:

> after trying sysupgrade for the first time on my laptop running snapshots
> running the following command returns no such dir.
>
> doas pkg_add -u
> https://ftp.OpenBSD.org/pub/OpenBSD/6.6/packages/amd64/: no such dir
> pkg_info p5-finance
> https://ftp.OpenBSD.org/pub/OpenBSD/6.6/packages/amd64/: no such dir
>
> my /etc/installurl has
> cat /etc/installurl
> https://ftp.OpenBSD.org/pub/OpenBSD
>
> does this need editing
> if so what url should i use ?
>
> shadrock
>

Re: Suspend/Hibernate doesn't work after upgrading to the latest current snapshot

2019-04-14 Thread Justin Yang

Hi,

I just upgraded to the newest snapshot and the suspend issue is gone now.
Thanks!

On Mon, Apr 15, 2019, 02:12 Mike Larkin  wrote:

> On Sun, Apr 14, 2019 at 12:18:11PM +0800, Justin Yang wrote:
> > Hi,
> >
> > I always follow the -current, so I use an elder snapshot before this
> > upgrading, though I've not upgraded my laptop for more than one week.
> >
>
> There was a bug in suspend affecting a few machines, try today's snapshot
> and see if this is still an issue (the change was reverted).
>
> -ml
>
> > On Sun, Apr 14, 2019 at 1:20 AM Mike Larkin  wrote:
> >
> > > On Sat, Apr 13, 2019 at 10:54:14PM +0800, Justin Yang wrote:
> > > > Hi, all:
> > > >
> > > > After upgrading to the latest current snapshot today, I find that the
> > > > suspend and hibernate functions do not work anymore on my Xiaomi Air
> > > > laptop. It does trigger the black screen after typing zzz/ZZZ, or
> closing
> > > > the lid, but can not resume anymore. I try to dig into the log in
> > > > /var/log/message, but am not able to find anything useful. So could
> you
> > > > help me figure it out, please?
> > > >
> > > > My dmesg is attached with this mail. Thanks.
> > > >
> > > >
> > > > --
> > > > Justin Yang
> > >
> > >
> > > What were you running before the snapshot?
> > >
> > > > OpenBSD 6.5 (GENERIC.MP) #857: Thu Apr 11 08:02:35 MDT 2019
> > > > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/
> GENERIC.MP
> > > > real mem = 4156014592 (3963MB)
> > > > avail mem = 4020420608 (3834MB)
> > > > mpath0 at root
> > > > scsibus0 at mpath0: 256 targets
> > > > mainbus0 at root
> > > > bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xe6380 (64 entries)
> > > > bios0: vendor INSYDE Corp. version "XMAKB200P0200" date 11/02/2017
> > > > bios0: Timi TM1607
> > > > acpi0 at bios0: rev 2
> > > > acpi0: sleep states S0 S3 S4 S5
> > > > acpi0: tables DSDT FACP UEFI UEFI MSDM SSDT SSDT TPM2 SSDT SSDT ASF!
> > > ASPT BOOT DBGP HPET APIC MCFG SSDT SSDT LPIT WSMT SSDT SSDT SSDT SSDT
> DBGP
> > > DBG2 SSDT SSDT DMAR FPDT
> > > > acpi0: wakeup devices PWRB(S4) LID0(S3) GLAN(S4) XHC_(S3) XDCI(S4)
> > > HDAS(S4) RP01(S4) RP02(S4) RP03(S4) RP04(S4) RP05(S4) RP06(S4) RP07(S4)
> > > RP08(S4) RP10(S4) RP11(S4) [...]
> > > > acpitimer0 at acpi0: 3579545 Hz, 24 bits
> > > > acpihpet0 at acpi0: 2399 Hz
> > > > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> > > > cpu0 at mainbus0: apid 0 (boot processor)
> > > > cpu0: Intel(R) Core(TM) m3-7Y30 CPU @ 1.00GHz, 5540.71 MHz, 06-8e-09
> > > > cpu0:
> > >
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
> > > > cpu0: 256KB 64b/line 8-way L2 cache
> > > > cpu0: smt 0, core 0, package 0
> > > > mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
> > > > cpu0: apic clock running at 24MHz
> > > > cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
> > > > cpu1 at mainbus0: apid 2 (application processor)
> > > > cpu1: Intel(R) Core(TM) m3-7Y30 CPU @ 1.00GHz, 974.81 MHz, 06-8e-09
> > > > cpu1:
> > >
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
> > > > cpu1: 256KB 64b/line 8-way L2 cache
> > > > cpu1: smt 0, core 1, package 0
> > > > cpu2 at mainbus0: apid 1 (application processor)
> > > > cpu2: Intel(R) Core(TM) m3-7Y30 CPU @ 1.00GHz, 899.34 MHz, 06-8e-09
> > > > cpu2:
> > >
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HT

Re: Suspend/Hibernate doesn't work after upgrading to the latest current snapshot

2019-04-13 Thread Justin Yang

Hi,

I always follow the -current, so I use an elder snapshot before this
upgrading, though I've not upgraded my laptop for more than one week.

On Sun, Apr 14, 2019 at 1:20 AM Mike Larkin  wrote:

> On Sat, Apr 13, 2019 at 10:54:14PM +0800, Justin Yang wrote:
> > Hi, all:
> >
> > After upgrading to the latest current snapshot today, I find that the
> > suspend and hibernate functions do not work anymore on my Xiaomi Air
> > laptop. It does trigger the black screen after typing zzz/ZZZ, or closing
> > the lid, but can not resume anymore. I try to dig into the log in
> > /var/log/message, but am not able to find anything useful. So could you
> > help me figure it out, please?
> >
> > My dmesg is attached with this mail. Thanks.
> >
> >
> > --
> > Justin Yang
>
>
> What were you running before the snapshot?
>
> > OpenBSD 6.5 (GENERIC.MP) #857: Thu Apr 11 08:02:35 MDT 2019
> > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> > real mem = 4156014592 (3963MB)
> > avail mem = 4020420608 (3834MB)
> > mpath0 at root
> > scsibus0 at mpath0: 256 targets
> > mainbus0 at root
> > bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xe6380 (64 entries)
> > bios0: vendor INSYDE Corp. version "XMAKB200P0200" date 11/02/2017
> > bios0: Timi TM1607
> > acpi0 at bios0: rev 2
> > acpi0: sleep states S0 S3 S4 S5
> > acpi0: tables DSDT FACP UEFI UEFI MSDM SSDT SSDT TPM2 SSDT SSDT ASF!
> ASPT BOOT DBGP HPET APIC MCFG SSDT SSDT LPIT WSMT SSDT SSDT SSDT SSDT DBGP
> DBG2 SSDT SSDT DMAR FPDT
> > acpi0: wakeup devices PWRB(S4) LID0(S3) GLAN(S4) XHC_(S3) XDCI(S4)
> HDAS(S4) RP01(S4) RP02(S4) RP03(S4) RP04(S4) RP05(S4) RP06(S4) RP07(S4)
> RP08(S4) RP10(S4) RP11(S4) [...]
> > acpitimer0 at acpi0: 3579545 Hz, 24 bits
> > acpihpet0 at acpi0: 2399 Hz
> > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> > cpu0 at mainbus0: apid 0 (boot processor)
> > cpu0: Intel(R) Core(TM) m3-7Y30 CPU @ 1.00GHz, 5540.71 MHz, 06-8e-09
> > cpu0:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
> > cpu0: 256KB 64b/line 8-way L2 cache
> > cpu0: smt 0, core 0, package 0
> > mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
> > cpu0: apic clock running at 24MHz
> > cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
> > cpu1 at mainbus0: apid 2 (application processor)
> > cpu1: Intel(R) Core(TM) m3-7Y30 CPU @ 1.00GHz, 974.81 MHz, 06-8e-09
> > cpu1:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
> > cpu1: 256KB 64b/line 8-way L2 cache
> > cpu1: smt 0, core 1, package 0
> > cpu2 at mainbus0: apid 1 (application processor)
> > cpu2: Intel(R) Core(TM) m3-7Y30 CPU @ 1.00GHz, 899.34 MHz, 06-8e-09
> > cpu2:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
> > cpu2: 256KB 64b/line 8-way L2 cache
> > cpu2: smt 1, core 0, package 0
> > cpu3 at mainbus0: apid 3 (application processor)
> > cpu3: Intel(R) Core(TM) m3-7Y30 CPU @ 1.00GHz, 897.91 MHz, 06-8e-09
> > cpu3:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XG

Suspend/Hibernate doesn't work after upgrading to the latest current snapshot

2019-04-13 Thread Justin Yang

Hi, all:

After upgrading to the latest current snapshot today, I find that the
suspend and hibernate functions do not work anymore on my Xiaomi Air
laptop. It does trigger the black screen after typing zzz/ZZZ, or closing
the lid, but can not resume anymore. I try to dig into the log in
/var/log/message, but am not able to find anything useful. So could you
help me figure it out, please?

My dmesg is attached with this mail. Thanks.


-- 
Justin Yang
OpenBSD 6.5 (GENERIC.MP) #857: Thu Apr 11 08:02:35 MDT 2019
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4156014592 (3963MB)
avail mem = 4020420608 (3834MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xe6380 (64 entries)
bios0: vendor INSYDE Corp. version "XMAKB200P0200" date 11/02/2017
bios0: Timi TM1607
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP UEFI UEFI MSDM SSDT SSDT TPM2 SSDT SSDT ASF! ASPT BOOT 
DBGP HPET APIC MCFG SSDT SSDT LPIT WSMT SSDT SSDT SSDT SSDT DBGP DBG2 SSDT SSDT 
DMAR FPDT
acpi0: wakeup devices PWRB(S4) LID0(S3) GLAN(S4) XHC_(S3) XDCI(S4) HDAS(S4) 
RP01(S4) RP02(S4) RP03(S4) RP04(S4) RP05(S4) RP06(S4) RP07(S4) RP08(S4) 
RP10(S4) RP11(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 2399 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) m3-7Y30 CPU @ 1.00GHz, 5540.71 MHz, 06-8e-09
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 24MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) m3-7Y30 CPU @ 1.00GHz, 974.81 MHz, 06-8e-09
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 1 (application processor)
cpu2: Intel(R) Core(TM) m3-7Y30 CPU @ 1.00GHz, 899.34 MHz, 06-8e-09
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 1, core 0, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) m3-7Y30 CPU @ 1.00GHz, 897.91 MHz, 06-8e-09
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,XSAVEOPT,XSAVEC,XGETBV1,XSAVES,MELTDOWN
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins
acpimcfg0 at acpi0
acpimcfg0: addr 0xe000, bus 0-255
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (RP01)
acpiprt2 at acpi0: bus -1 (RP02)
acpiprt3 at acpi0: bus -1 (RP03)
acpiprt4 at acpi0: bus -1 (RP04)
acpiprt5 at acpi0: bus -1 (RP05)
acpiprt6 at acpi0: bus -1 (RP06)
acpiprt7 at acpi0: bus -1 (RP07)
acpiprt8 at acpi0: bus -1 (RP08)
acpiprt9 at acpi0: bus 1 (RP09)
acpiprt10 at acpi0: bus -1 (RP10)
acpiprt11 at acpi0: bus -1 (RP11)
acpiprt12 at acpi0: bus -1 (RP12)
acpiprt13 at acpi0: bus -1 (RP13)
acpiprt14 at acpi0: bus -1 (RP14)
acpiprt15 at acpi0: bus -1 (RP15)
acpiprt16 at acpi0: bus -1 (RP16)
acpiprt17 at acpi0: bus -1 (RP17)
acpiprt18 at acpi0: bus -1 (RP18)
acpiprt19 at acpi0: bu

Sometimes my laptop doesn't resume from suspend

2018-04-15 Thread Justin Yang

Hi, all:

I just find that my Xiaomi Air laptop, which has skylake inside and runs
OpenBSD 6.3 release, doesn't resume from suspend sometimes. My
/var/log/messages says:

...
Apr 15 16:32:12 openbsd-darkgeek /bsd: wskbd1: disconnecting from wsdisplay0
Apr 15 16:32:12 openbsd-darkgeek /bsd: wskbd1 detached
Apr 15 16:32:12 openbsd-darkgeek /bsd: ukbd0 detached
Apr 15 16:32:12 openbsd-darkgeek /bsd: uhidev0 detached
Apr 15 16:32:12 openbsd-darkgeek /bsd: wsmouse0 detached
Apr 15 16:32:12 openbsd-darkgeek /bsd: ums0 detached
Apr 15 16:32:12 openbsd-darkgeek /bsd: uhid0 detached
Apr 15 16:32:12 openbsd-darkgeek /bsd: uhid1 detached
Apr 15 16:32:12 openbsd-darkgeek /bsd: uhid2 detached
Apr 15 16:32:12 openbsd-darkgeek /bsd: uhid3 detached
Apr 15 16:32:12 openbsd-darkgeek /bsd: uhidev1 detached
Apr 15 16:32:13 openbsd-darkgeek /bsd: ugen0 detached
Apr 15 16:32:14 openbsd-darkgeek /bsd: video0 detached
Apr 15 16:32:14 openbsd-darkgeek /bsd: uvideo0 detached
Apr 15 21:53:30 openbsd-darkgeek /bsd: uhub0 detached
Apr 15 21:53:30 openbsd-darkgeek /bsd: uhub0 at usb0 configuration 1
interface 0 "Intel xHCI root hub" rev 3.00/1.00 addr 1
Apr 15 21:53:30 openbsd-darkgeek apmd: system resumed from sleep
Apr 15 21:53:30 openbsd-darkgeek /bsd: uhidev0 at uhub0 port 2
configuration 1 interface 0 "Logitech USB Receiver" rev 2.00/29.01 addr 2
Apr 15 21:53:30 openbsd-darkgeek /bsd: uhidev0: iclass 3/1
Apr 15 21:53:30 openbsd-darkgeek /bsd: ukbd0 at uhidev0: 8 variable keys, 6
key codes
Apr 15 21:53:31 openbsd-darkgeek /bsd: wskbd1 at ukbd0 mux 1
Apr 15 21:53:31 openbsd-darkgeek /bsd: wskbd1: connecting to wsdisplay0
Apr 15 21:53:31 openbsd-darkgeek /bsd: uhidev1 at uhub0 port 2
configuration 1 interface 1 "Logitech USB Receiver" rev 2.00/29.01 addr 2
Apr 15 21:53:31 openbsd-darkgeek /bsd: uhidev1: iclass 3/1, 17 report ids
Apr 15 21:53:31 openbsd-darkgeek /bsd: ums0 at uhidev1 reportid 2: 16
buttons, Z and W dir
Apr 15 21:53:31 openbsd-darkgeek /bsd: wsmouse0 at ums0
Apr 15 21:53:31 openbsd-darkgeek /bsd:  mux 0
Apr 15 21:53:31 openbsd-darkgeek /bsd: uhid0 at uhidev1 reportid 3:
input=4, output=0, feature=0
Apr 15 21:53:31 openbsd-darkgeek /bsd: uhid1 at uhidev1 reportid 4:
input=1, output=0, feature=0
Apr 15 21:53:31 openbsd-darkgeek /bsd: uhid2 at uhidev1 reportid 16:
input=6, output=6, feature=0
Apr 15 21:53:31 openbsd-darkgeek /bsd: uhid3 at uhidev1 reportid 17:
input=19, output=19, feature=0
Apr 15 21:53:31 openbsd-darkgeek /bsd: ugen0 at uhub0 port 3 "Intel
Bluetooth" rev 2.00/0.10 addr 3
Apr 15 21:53:32 openbsd-darkgeek /bsd: uvideo0 at uhub0 port 7
configuration 1 interface 0 "SunplusIT Inc XiaoMi USB 2.0 Webcam" rev
2.00/1.03 addr 4
Apr 15 21:53:32 openbsd-darkgeek /bsd: video0 at uvideo0
Apr 15 21:53:33 openbsd-darkgeek apmd: system suspending
Apr 15 21:53:34 openbsd-darkgeek /bsd: drm:pid45076:i915_drm_suspend
*ERROR* GEM idle failed, resume might fail
Apr 15 21:53:34 openbsd-darkgeek /bsd: wskbd1: disconnecting from wsdisplay0
Apr 15 21:53:34 openbsd-darkgeek /bsd: wskbd1 detached
Apr 15 21:53:34 openbsd-darkgeek /bsd: ukbd0 detached
Apr 15 21:53:34 openbsd-darkgeek /bsd: uhidev0 detached
Apr 15 21:53:34 openbsd-darkgeek /bsd: wsmouse0 detached
Apr 15 21:53:34 openbsd-darkgeek /bsd: ums0 detached
Apr 15 21:53:34 openbsd-darkgeek /bsd: uhid0 detached
Apr 15 21:53:34 openbsd-darkgeek /bsd: uhid1 detached
Apr 15 21:53:34 openbsd-darkgeek /bsd: uhid2 detached
Apr 15 21:53:34 openbsd-darkgeek /bsd: uhid3 detached
Apr 15 21:53:34 openbsd-darkgeek /bsd: uhidev1 detached
Apr 15 21:53:35 openbsd-darkgeek apmd: system suspending
Apr 15 21:53:36 openbsd-darkgeek /bsd: ugen0 detached
Apr 15 21:53:37 openbsd-darkgeek /bsd: video0 detached
Apr 15 21:53:37 openbsd-darkgeek /bsd: uvideo0 detached
Apr 15 21:53:38 openbsd-darkgeek /bsd: uhub0 detached
Apr 15 21:53:43 openbsd-darkgeek /bsd: uhub0 at usb0 configuration 1
interface 0 "Intel xHCI root hub" rev 3.00/1.00 addr 1
Apr 15 21:53:43 openbsd-darkgeek /bsd: WARNING put_domains failed at
/usr/src/sys/dev/pci/drm/i915/intel_display.c:15476
Apr 15 21:53:43 openbsd-darkgeek /bsd: WARNING drm_crtc_vblank_get(crtc) ==
0 failed at /usr/src/sys/dev/pci/drm/i915/intel_display.c:1451
...

Look, it says "drm:pid45076:i915_drm_suspend *ERROR* GEM idle failed,
resume might fail".

I have searched on Google and find a similar report this year here:

http://openbsd-archive.7691.n7.nabble.com/Problems-when-resuming-on-Skylake-td326788.html

So if you need more information, just tell me.

Thanks.

-- 
Justin Yang

Re: Unable to use vmm on Xiaomi Air laptop: failed to enter VMM mode

2018-04-10 Thread Justin Yang

Hi,

I just make vmm working on my Xiaomi Air laptop. I go to BIOS and set it to
legacy mode rather than UEFI mode, which is the default one. Then I
reinstall OpenBSD, and now vmm works like a charm, that "failed to
identify" line also disappears.

So I guess there might be something wrong with UEFI itself or OpenBSD's
UEFI support, but not sure.

2018-04-09 23:41 GMT+08:00 Mike Larkin <mlar...@azathoth.net>:

> On Mon, Apr 09, 2018 at 01:47:36AM +0800, Justin Yang wrote:
> > Hi,all:
> >
> > I just bought the Xiaomi Mi Air 12.5 laptop and installed OpenBSD-current
> > after reading this blog: https://jcs.org/2017/05/22/xiaomiair.
> >
> > Almost all the functions work except the vmm part. I am not able to
> start a
> > guest with the error in dmesg:
> >
> > cpu3: failed to enter VMM mode
> > cpu2: failed to enter VMM mode
> > cpu1: failed to enter VMM mode
> >
> >
> > I have searched on Google and tried my best to overcome this error, but
> > still could not figure it out. Could you help me please? I attach my
> dmesg
> > and {pf, sysctl, vm}.conf files in this email. Tell me if you need more
> > information. Thanks.
> >
> >  --
> > Justin Yang
>
> You also have "failed to identify" lines during boot.
>
> Can you try bumping the "10" in cpu_start_secondary (just bump both
> occurrances, it's in cpu.c) to someting like 1000, and also in
> vmm_start
> (in vmm.c0 and see if that fixes things?
>
> I am wondering if we aren't waiting long enough in this machine for these
> IPIs
> to complete.
>
> -ml
>
> > OpenBSD 6.3-current (GENERIC.MP) #147: Fri Apr  6 23:18:13 MDT 2018
> > dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> > real mem = 4156014592 (3963MB)
> > avail mem = 4022935552 (3836MB)
> > mpath0 at root
> > scsibus0 at mpath0: 256 targets
> > mainbus0 at root
> > bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x8a6f1000 (64 entries)
> > bios0: vendor INSYDE Corp. version "XMAKB200P0200" date 11/02/2017
> > bios0: Timi TM1607
> > acpi0 at bios0: rev 2
> > acpi0: sleep states S0 S3 S4 S5
> > acpi0: tables DSDT FACP UEFI UEFI MSDM SSDT SSDT TPM2 SSDT SSDT ASF!
> ASPT BOOT DBGP HPET APIC MCFG SSDT SSDT LPIT WSMT SSDT SSDT SSDT SSDT DBGP
> DBG2 SSDT SSDT DMAR FPDT BGRT
> > acpi0: wakeup devices PWRB(S4) LID0(S3) GLAN(S4) XHC_(S3) XDCI(S4)
> HDAS(S4) RP01(S4) RP02(S4) RP03(S4) RP04(S4) RP05(S4) RP06(S4) RP07(S4)
> RP08(S4) RP10(S4) RP11(S4) [...]
> > acpitimer0 at acpi0: 3579545 Hz, 24 bits
> > acpihpet0 at acpi0: 2399 Hz
> > acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> > cpu0 at mainbus0: apid 0 (boot processor)
> > cpu0: Intel(R) Core(TM) m3-7Y30 CPU @ 1.00GHz, 1197.63 MHz
> > cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,
> CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,
> PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,
> FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,
> DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,
> LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,
> SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,
> IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
> > cpu0: 256KB 64b/line 8-way L2 cache
> > cpu0: smt 0, core 0, package 0
> > mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
> > cpu0: apic clock running at 23MHz
> > cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
> > cpu1 at mainbus0: apid 2 (application processor)
> > cpu1: Intel(R) Core(TM) m3-7Y30 CPU @ 1.00GHz, 960.01 MHz
> > cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,
> CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,
> PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,
> FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,
> DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,
> LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,
> SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,
> IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
> > cpu1: 256KB 64b/line cpu1: failed to identify
> > 8-way L2 cachecpu2 at mainbus0
> > : apid 1 (application processor)
> > cpu1: smt 0, core 1, package 0
> > cpu2: Intel(R) Core(TM) m3-7Y30 CPU @ 1.00GHz, 897.91 MHz
> > cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,
> CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,
> PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,
> FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,
> DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,
> LONG,LAHF,ABM,3DNOWP,PERF,ITS

Unable to use vmm on Xiaomi Air laptop: failed to enter VMM mode

2018-04-08 Thread Justin Yang

Hi,all:

I just bought the Xiaomi Mi Air 12.5 laptop and installed OpenBSD-current
after reading this blog: https://jcs.org/2017/05/22/xiaomiair.

Almost all the functions work except the vmm part. I am not able to start a
guest with the error in dmesg:

cpu3: failed to enter VMM mode
cpu2: failed to enter VMM mode
cpu1: failed to enter VMM mode


I have searched on Google and tried my best to overcome this error, but
still could not figure it out. Could you help me please? I attach my dmesg
and {pf, sysctl, vm}.conf files in this email. Tell me if you need more
information. Thanks.

 --
Justin Yang
OpenBSD 6.3-current (GENERIC.MP) #147: Fri Apr  6 23:18:13 MDT 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4156014592 (3963MB)
avail mem = 4022935552 (3836MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.0 @ 0x8a6f1000 (64 entries)
bios0: vendor INSYDE Corp. version "XMAKB200P0200" date 11/02/2017
bios0: Timi TM1607
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP UEFI UEFI MSDM SSDT SSDT TPM2 SSDT SSDT ASF! ASPT BOOT 
DBGP HPET APIC MCFG SSDT SSDT LPIT WSMT SSDT SSDT SSDT SSDT DBGP DBG2 SSDT SSDT 
DMAR FPDT BGRT
acpi0: wakeup devices PWRB(S4) LID0(S3) GLAN(S4) XHC_(S3) XDCI(S4) HDAS(S4) 
RP01(S4) RP02(S4) RP03(S4) RP04(S4) RP05(S4) RP06(S4) RP07(S4) RP08(S4) 
RP10(S4) RP11(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 2399 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) m3-7Y30 CPU @ 1.00GHz, 1197.63 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 23MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) m3-7Y30 CPU @ 1.00GHz, 960.01 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
cpu1: 256KB 64b/line cpu1: failed to identify
8-way L2 cachecpu2 at mainbus0
: apid 1 (application processor)
cpu1: smt 0, core 1, package 0
cpu2: Intel(R) Core(TM) m3-7Y30 CPU @ 1.00GHz, 897.91 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: failed to identify
cpu2: smt 1, core 0, package 0
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Core(TM) m3-7Y30 CPU @ 1.00GHz, 897.91 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: failed to identify
cpu3: smt 1, core 1, package 0
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 120 pins
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (RP01)
acpiprt2 at acpi0: bus -1 (RP02)
acpiprt3 at acpi0: bus -1 (RP03)
acpiprt4 at acpi0: bus -1 (RP04)
acpiprt5 at acpi0: bus -1 (RP05)
acpiprt6 at acpi0: bus -1 (RP06)
acpiprt7 at acpi0: bus -1 (RP07)
acpiprt8 at acpi0: bus -1 (RP08)
acpiprt9 at acpi0: bus 1 (RP09)
acpiprt10 at acpi0: bus -1 (RP10)
acpiprt11 at acpi0: bus -1 (RP11)
acpiprt12 at acpi0: bus -1 (RP12)
acpiprt13 at acpi0: bus -1 (RP13)
acpiprt14 at acpi0: bus -1 (RP14)
acpiprt15 at acpi0: bus -1 (RP15)
acpiprt16 at acpi0: bus -1 (RP16)
acpiprt17 at acpi0: bus -1 (RP17)
acpiprt18 at acpi0: bus -1 (RP18)

Re: "switching console to com0"

2017-10-19 Thread Justin Mayes

Thanks for the replies all. This was very helpful. To clarify I was building 
some firewalls and didn’t have ssh running, a monitor/keyboard onsite, or 
install media. Disabling the serial port in the bios works though.

J

-Original Message-
From: Dahlberg, David [mailto:david.dahlb...@fkie.fraunhofer.de]
Sent: Tuesday, October 17, 2017 3:30 AM
To: Justin Mayes <jma...@careered.com>
Subject: Re: [misc] "switching console to com0"

Am Dienstag, den 17.10.2017, 04:03 +0000 schrieb Justin Mayes:
> Greetings all - what does one do when during the install you set the 
> default console to com0 and now your serial cable is not working?

Many possibilities:

- You ssh into the machine
- You just wait until booting has ended and the other ttys are started
- You boot the system from an external medium and edit boot.conf
- You type blindly (hoping that sending characters still works)
- You remove the serial port from your box (BIOS/EFI, PCI-Card)
  so that it is not discovered and /boot wont switch to it
  ... Or add an IMPI/iLO/etc "serial" port and make it become com0
- You reinstall the system
  ... from your backups (I guess you have them at hand, right? ;-)


And finally there is one possibility left. But you probably don't want to go 
into that. It is not for the faint hearted.

- Go buy yourself a new serial cable

Cheers
David

"switching console to com0"

2017-10-16 Thread Justin Mayes

Greetings all - what does one do when during the install you set the default 
console to com0 and now your serial cable is not working? I cannot login to set 
the default console back to use the keyboard and monitor. Instead of the boot 
prompt where I can normally change settings and/or enter single user mode I 
just get the message "switching console to com0" immediately without any delay 
to enter boot commands. Thanks for your time.

J

Re: ispec - PSK - issues

2016-08-18 Thread Justin Mayes

Hello all - 

I was also recently trying to do a simple ipsec/l2tp vpn. I found that it works 
fine for everything except my android 5.1.1 device. The odd thing is that when 
I watch the log and/or isakmpd output I can see it connect fine, authenticate 
to l2tp and so on then it immediately disconnects and says that the client 
caused the disconnection. When I google I see all sorts of issues with android 
but mostly related to 6+. I can even see in the log that npppd successfully 
authenticates my android and creates a tunnel, android just kills it all after 
1 second for some reason. Can anyone confirm that android 5.1.1 works with 
openbsd ipsec/l2tp before I spend more hours trying to figure out why just this 
android device is not working? Here is that tail of the log where l2tp is 
killed right after starting.

npppd[860]: ppp id=20 layer=base logtype=TUNNELSTART user="mike" duration=0sec 
layer2=L2TP layer2from=x.x.x.x:1701 auth=MS-CHAP-V2  ip=10.0.0.103 iface=pppx0
npppd[860]: ppp id=20 layer=base Using pipex=yes
npppd[860]: ppp id=20 layer=lcp terminated by peer
npppd[860]: l2tpd ctrl=21 RecvStopCCN result=GENERAL/1 error=none/0 
tunnel_id=13671 message=""
npppd[860]: l2tpd ctrl=21 call=1 SendCDN result=ADMINISTRATIVE_REASON/3
npppd[860]: l2tpd ctrl=21 call=1 logtype=PPPUnbind
npppd[860]: ppp id=20 layer=base logtype=TUNNELUSAGE user="mike" duration=0sec 
layer2=L2TP layer2from=x.x.x.x:1701 auth=MS-CHAP-V2 data_in=213bytes,9packets 
data_out=219bytes,10packets error_in=0 error_out=0 mppe=no iface=pppx0
npppd[860]: l2tpd ctrl=21 Received CDN in 'cleanup-wait' state
npppd[860]: l2tpd ctrl=21 logtype=Finished

Justin

-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Raul 
Miller
Sent: Tuesday, July 26, 2016 7:14 AM
To: Maurice Janssen <maur...@z74.net>
Cc: Steve Clement <st...@localhost.lu>; OpenBSD general usage list 
<misc@openbsd.org>
Subject: Re: ispec - PSK - issues

On Tue, Jul 26, 2016 at 2:08 AM, Maurice Janssen <maur...@z74.net> wrote:
>>https://code.google.com/p/android/issues/detail?id=196939
>
> Yeah, that's the link I wanted to send.  Somehow I managed to copy the 
> wrong link in my previous email.

I have been seeing a lot of copy errors myself, where I performed the 
keyboard action to trigger a copy but paste gives me something from an older 
context.

I'm sure a lot of people put a lot of time into making things work this way...

--
Raul

How to use an IrDA/USB bridge.

2016-05-29 Thread Justin Haynes

Misc -

I have an ACTiSYS IR4000US-KD USB IrDA bridge which is actually Sigmatel
inside.  I would like to use this to transfer files to and from my
Handspring Visor.  My problem is that this IrDA/USB bridge device is
only configured on a ugen device, while the birda utils are not able to
attach to a ugen device but only to a serial device such as a tty.

My assumption is that I either need a tty device on which to talk with
the IrDA bridge using a userspace program, or that there exists a
userspace utility that knows how to talk to the device via ugen.

Below is some relevant information and what I have tried.  What should
my next steps be to use this device to communicate with other devices
over IrDA?


$ uname -a
OpenBSD paddy.my.domain 5.9 GENERIC.MP#1888 amd64

Relevant lines from dmesg:
ugen1 at uhub3 port 1 "Sigmatel Inc IrDA/USB Bridge" rev 1.10/0.08 addr 2

Relevant line from usbdevs -v:
 port 1 addr 2: full speed, power 440 mA, config 1, IrDA/USB
Bridge(0x4200), Sigmatel Inc(0x066f), rev 0.08

When I try to use ircomm, installed from the OpenBSD 5.9 package
repository (inst:birda-1.1p1), it of course fails because I am trying to
use it with a ugen device:

$ id
uid=1000(justin) gid=1000(justin) groups=1000(justin), 0(wheel)
$ ls -al /dev/ugen1 /dev/ugen1.00 /dev/ugen1.01
ls: /dev/ugen1: No such file or directory
crw-rw  1 root  wheel   63,  16 May 14 00:07 /dev/ugen1.00
crw-rw  1 root  wheel   63,  17 May 14 00:07 /dev/ugen1.01
$ ircomm -d /dev/ugen1
Bad serial port
$ ircomm -d /dev/ugen1.01
Bad serial port
$ ircomm -d /dev/ugen1.02
Bad serial port
$

Re: [OT] 1st search engine for Internet-connected devices

2015-12-04 Thread justin


Wrong type of search string?

How about:

  * https://www.shodan.io/search?query=cisco
  * https://www.shodan.io/search?query=technicolor

Or even:

  * https://www.shodan.io/search?query=scada :(

+ Justin


On 2015-12-04 16:32, Jan Stary wrote:

https://www.shodan.io/search?query=big+tits
Exactly ONE hit. This can't be real.


On Dec 03 23:35:32, skin...@britvault.co.uk wrote:

His ISP wrote:

"Dude you have several hundred abuse emails,
what the fuck are you doing?"

Wired wrote:

"Shodan's big lesson is that the internet is more diverse than we 
think.
Think webserver, and you'll probably think of Apache or Microsoft, 
or

maybe Nginx, but Shodan's database of nearly 144 million webservers
shows that they're not the only ones out there - not by a long shot.
According to Shodan, Microsoft's Internet Information Server, or 
IIS,

runs about 8.5 million web servers, but that's dwarfed by one most
people have never heard of: Allegro Software Development's RomPager,
which runs on more than 22 million machines. IIS may run big 
websites
such as MSN.com, but RomPager runs on millions of routers, switches, 
and

printers."

CNN wrote:

"He found a car wash that could be turned on and off and a hockey 
rink
in Denmark that could be defrosted with a click of a button. A 
city's
entire traffic control system was connected to the Internet and 
could be
put into "test mode" with a single command entry. And he also found 
a

control system for a hydroelectric plant in France with two turbines
generating 3 megawatts each."

The BBC wrote:

"The US government has told thousands of companies to beef up 
protection

of computers which oversee power plants and other utilities.
The action comes after a survey revealed that thousands of these 
systems

can be found online.
The survey was carried out via a publicly available search engine 
that

pinpointed computers controlling critical infrastructure.
In total, the survey uncovered more than 500,000 potential targets."

See: http://www.shodan.io

Re: [OT] 1st search engine for Internet-connected devices

2015-12-03 Thread justin


Nice. ;)

On 2015-12-03 23:35, skin...@britvault.co.uk wrote:

His ISP wrote:

"Dude you have several hundred abuse emails,
what the fuck are you doing?"

Wired wrote:

"Shodan's big lesson is that the internet is more diverse than we 
think.

Think webserver, and you'll probably think of Apache or Microsoft, or
maybe Nginx, but Shodan's database of nearly 144 million webservers
shows that they're not the only ones out there - not by a long shot.
According to Shodan, Microsoft's Internet Information Server, or IIS,
runs about 8.5 million web servers, but that's dwarfed by one most
people have never heard of: Allegro Software Development's RomPager,
which runs on more than 22 million machines. IIS may run big websites
such as MSN.com, but RomPager runs on millions of routers, switches, 
and

printers."

CNN wrote:

"He found a car wash that could be turned on and off and a hockey 
rink

in Denmark that could be defrosted with a click of a button. A city's
entire traffic control system was connected to the Internet and could 
be

put into "test mode" with a single command entry. And he also found a
control system for a hydroelectric plant in France with two turbines
generating 3 megawatts each."

The BBC wrote:

"The US government has told thousands of companies to beef up 
protection

of computers which oversee power plants and other utilities.
The action comes after a survey revealed that thousands of these 
systems

can be found online.
The survey was carried out via a publicly available search engine 
that

pinpointed computers controlling critical infrastructure.
In total, the survey uncovered more than 500,000 potential targets."

See: http://www.shodan.io

Re: A branded USB stick as an alternative to the CD set?

2015-12-02 Thread justin


On 2015-12-02 16:21, Theo de Raadt wrote:

I have no clue what a hackathon costs, any ballpark averages?



http://www.openbsdfoundation.org/financials/2014/IncomeStatement2014.txt

http://www.openbsdfoundation.org/financials/2013/IncomeStatement2013.txt

These reports can be compared against 
http://www.openbsd.org/hackathons.html

to find events not listed in the OpenBSD Foundation report.  In that
case someone else stepped up to cover the costs.


Those 2014 figures look a lot healthier than the 2013 ones.  Hopefully 
that

keeps up, it's a good trajectory. :)

+ Justin

Re: NATing out enc0 traffic

2015-06-01 Thread Justin Mayes

I have this working. After learning more about route vs policy ipsec tunnels I 
added a policy for 'any' to 10.x and return traffic from the net is now passed 
back. I will go back to my cave now

-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of 
Justin Mayes
Sent: Friday, May 29, 2015 11:10 AM
To: misc@openbsd.org
Subject: Re: NATing out enc0 traffic

I think I am understanding this better after some more reading. My ipsec tunnel 
just connects the two subnets and when my nat traffic returns from the internet 
it does not match the policy for the tunnel because the source address is not 
192.x. What I need is some tunneling protocol that I can route like pptp or 
l2tp which is what npppd is for. I do not have access to configure the amazon 
side of the vpn for pptp or l2tp so I do not think this is not going to be 
possible. That seems odd. I assumed this would be a common setup

-Original Message-
From: Justin Mayes 
Sent: Thursday, May 28, 2015 1:52 PM
To: misc@openbsd.org
Subject: RE: NATing out enc0 traffic

I just wanted to send an update based on some feedback. My subject is 
misleading so let me clarify. I'm not attempting to nat between the networks on 
either side of the vpn. For examples sake assume 192.168.0.0/24 on one side of 
tunnel and 10.10.10.0/24 on the other.  I'm trying to allow servers on one side 
10.x of the tunnel to access the internet via the other side of the tunnel 
192.168.0.1. Egress works, 10.x client gets to the internet and replies come 
back. The return traffic comes back and the gateway drops it. I assume that pf 
translates it back to the 10.x address and has no route for that. I need it to 
go back through enc0. 

J

-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of 
Justin Mayes
Sent: Wednesday, May 27, 2015 2:47 PM
To: misc@openbsd.org
Subject: NATing out enc0 traffic

Greetings everyone

I am playing with amazon virtual private clouds (VPC). I have set a few up. I 
have no issues connecting ipsec from openbsd  - amazon VPC. All of these VPCs 
so far have their own internet connection going out from amazon that works fine.

[OpenBSD]ipsec-[VPC]-Internet

Next I am setting up a VPC that has no internet gateway. Instead the default 
gateway is the vpn and all traffic is sent back through the ipsec tunnel and 
then out the local network gateway.

[Internet]
^
|
|
|
[OpenBSD]---ipsec--[VPC]

I added these relevant lines to pf.conf

Match out on $ext_if from !($ext_if:network) nat-to ($ext_if) pass quick on 
enc0 keep state (if-bound)

With tcpdump and pfctl  I can tell that traffic from the vpc (10.0.0.0/8) comes 
across the tunnel and gets NATed out. I can see that traffic leave the external 
interface and I can see the reply come back to the external interface. The 
reply never hits enc0 though and never makes it back to the client.  Is there 
another piece to the setup I am missing? I assume what I am trying to do is 
possible. I would appreciate any insight or advice anyone may have in regards 
to this type of setup.

J

Re: NATing out enc0 traffic

2015-06-01 Thread Justin Mayes

No problem. I guess I should add that I'm not NATing enc0 as my subject 
suggests. I just have the usual 'match out on $ext_if...' nat rule in pf.conf 
and a 'set skip on enc0'. The real solution was understanding that ipsec tunnel 
in openbsd doesn’t use the route table so looking for a way to 'static route' 
ipsec /enc0 is nonsensical. This lack of automatic routable ipsec interface is 
probably not a big deal to the community because you can just make your own 
tunnel to get a routable interface assuming you can config both sides. It's 
only a problem in cases like mine where the other end of the vpn gives you a 
take it leave it config. 

-Original Message-
From: Adam Van Ymeren [mailto:adam.v...@gmail.com] 
Sent: Monday, June 1, 2015 2:16 PM
To: Justin Mayes
Cc: misc@openbsd.org
Subject: Re: NATing out enc0 traffic

Thanks for posting your adventure.  I didn't have enough PF knowledge to help 
debug, but it was an interesting read.

On Mon, Jun 1, 2015 at 3:11 PM, Justin Mayes jma...@careered.com wrote:
 I have this working. After learning more about route vs policy ipsec tunnels 
 I added a policy for 'any' to 10.x and return traffic from the net is now 
 passed back. I will go back to my cave now


 -Original Message-
 From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf 
 Of Justin Mayes
 Sent: Friday, May 29, 2015 11:10 AM
 To: misc@openbsd.org
 Subject: Re: NATing out enc0 traffic

 I think I am understanding this better after some more reading. My 
 ipsec tunnel just connects the two subnets and when my nat traffic 
 returns from the internet it does not match the policy for the tunnel 
 because the source address is not 192.x. What I need is some tunneling 
 protocol that I can route like pptp or l2tp which is what npppd is 
 for. I do not have access to configure the amazon side of the vpn for 
 pptp or l2tp so I do not think this is not going to be possible. That 
 seems odd. I assumed this would be a common setup

 -Original Message-
 From: Justin Mayes
 Sent: Thursday, May 28, 2015 1:52 PM
 To: misc@openbsd.org
 Subject: RE: NATing out enc0 traffic

 I just wanted to send an update based on some feedback. My subject is 
 misleading so let me clarify. I'm not attempting to nat between the networks 
 on either side of the vpn. For examples sake assume 192.168.0.0/24 on one 
 side of tunnel and 10.10.10.0/24 on the other.  I'm trying to allow servers 
 on one side 10.x of the tunnel to access the internet via the other side of 
 the tunnel 192.168.0.1. Egress works, 10.x client gets to the internet and 
 replies come back. The return traffic comes back and the gateway drops it. I 
 assume that pf translates it back to the 10.x address and has no route for 
 that. I need it to go back through enc0.

 J

 -Original Message-
 From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf 
 Of Justin Mayes
 Sent: Wednesday, May 27, 2015 2:47 PM
 To: misc@openbsd.org
 Subject: NATing out enc0 traffic

 Greetings everyone

 I am playing with amazon virtual private clouds (VPC). I have set a few up. I 
 have no issues connecting ipsec from openbsd  - amazon VPC. All of these 
 VPCs so far have their own internet connection going out from amazon that 
 works fine.


 [OpenBSD]ipsec-[VPC]-Internet


 Next I am setting up a VPC that has no internet gateway. Instead the default 
 gateway is the vpn and all traffic is sent back through the ipsec tunnel and 
 then out the local network gateway.

 [Internet]
 ^
 |
 |
 |
 [OpenBSD]---ipsec--[VPC]


 I added these relevant lines to pf.conf

 Match out on $ext_if from !($ext_if:network) nat-to ($ext_if) pass 
 quick on enc0 keep state (if-bound)

 With tcpdump and pfctl  I can tell that traffic from the vpc (10.0.0.0/8) 
 comes across the tunnel and gets NATed out. I can see that traffic leave the 
 external interface and I can see the reply come back to the external 
 interface. The reply never hits enc0 though and never makes it back to the 
 client.  Is there another piece to the setup I am missing? I assume what I am 
 trying to do is possible. I would appreciate any insight or advice anyone may 
 have in regards to this type of setup.

 J

Re: NATing out enc0 traffic

2015-05-29 Thread Justin Mayes

I think I am understanding this better after some more reading. My ipsec tunnel 
just connects the two subnets and when my nat traffic returns from the internet 
it does not match the policy for the tunnel because the source address is not 
192.x. What I need is some tunneling protocol that I can route like pptp or 
l2tp which is what npppd is for. I do not have access to configure the amazon 
side of the vpn for pptp or l2tp so I do not think this is not going to be 
possible. That seems odd. I assumed this would be a common setup

-Original Message-
From: Justin Mayes 
Sent: Thursday, May 28, 2015 1:52 PM
To: misc@openbsd.org
Subject: RE: NATing out enc0 traffic

I just wanted to send an update based on some feedback. My subject is 
misleading so let me clarify. I'm not attempting to nat between the networks on 
either side of the vpn. For examples sake assume 192.168.0.0/24 on one side of 
tunnel and 10.10.10.0/24 on the other.  I'm trying to allow servers on one side 
10.x of the tunnel to access the internet via the other side of the tunnel 
192.168.0.1. Egress works, 10.x client gets to the internet and replies come 
back. The return traffic comes back and the gateway drops it. I assume that pf 
translates it back to the 10.x address and has no route for that. I need it to 
go back through enc0. 

J

-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of 
Justin Mayes
Sent: Wednesday, May 27, 2015 2:47 PM
To: misc@openbsd.org
Subject: NATing out enc0 traffic

Greetings everyone

I am playing with amazon virtual private clouds (VPC). I have set a few up. I 
have no issues connecting ipsec from openbsd  - amazon VPC. All of these VPCs 
so far have their own internet connection going out from amazon that works fine.


[OpenBSD]ipsec-[VPC]-Internet


Next I am setting up a VPC that has no internet gateway. Instead the default 
gateway is the vpn and all traffic is sent back through the ipsec tunnel and 
then out the local network gateway.

[Internet]
^
|
|
|
[OpenBSD]---ipsec--[VPC]


I added these relevant lines to pf.conf

Match out on $ext_if from !($ext_if:network) nat-to ($ext_if) pass quick on 
enc0 keep state (if-bound)

With tcpdump and pfctl  I can tell that traffic from the vpc (10.0.0.0/8) comes 
across the tunnel and gets NATed out. I can see that traffic leave the external 
interface and I can see the reply come back to the external interface. The 
reply never hits enc0 though and never makes it back to the client.  Is there 
another piece to the setup I am missing? I assume what I am trying to do is 
possible. I would appreciate any insight or advice anyone may have in regards 
to this type of setup.

J

Re: NATing out enc0 traffic

2015-05-28 Thread Justin Mayes

I just wanted to send an update based on some feedback. My subject is 
misleading so let me clarify. I'm not attempting to nat between the networks on 
either side of the vpn. For examples sake assume 192.168.0.0/24 on one side of 
tunnel and 10.10.10.0/24 on the other.  I'm trying to allow servers on one side 
10.x of the tunnel to access the internet via the other side of the tunnel 
192.168.0.1. Egress works, 10.x client gets to the internet and replies come 
back. The return traffic comes back and the gateway drops it. I assume that pf 
translates it back to the 10.x address and has no route for that. I need it to 
go back through enc0. 

J

-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of 
Justin Mayes
Sent: Wednesday, May 27, 2015 2:47 PM
To: misc@openbsd.org
Subject: NATing out enc0 traffic

Greetings everyone

I am playing with amazon virtual private clouds (VPC). I have set a few up. I 
have no issues connecting ipsec from openbsd  - amazon VPC. All of these VPCs 
so far have their own internet connection going out from amazon that works fine.


[OpenBSD]ipsec-[VPC]-Internet


Next I am setting up a VPC that has no internet gateway. Instead the default 
gateway is the vpn and all traffic is sent back through the ipsec tunnel and 
then out the local network gateway.

[Internet]
^
|
|
|
[OpenBSD]---ipsec--[VPC]


I added these relevant lines to pf.conf

Match out on $ext_if from !($ext_if:network) nat-to ($ext_if) pass quick on 
enc0 keep state (if-bound)

With tcpdump and pfctl  I can tell that traffic from the vpc (10.0.0.0/8) comes 
across the tunnel and gets NATed out. I can see that traffic leave the external 
interface and I can see the reply come back to the external interface. The 
reply never hits enc0 though and never makes it back to the client.  Is there 
another piece to the setup I am missing? I assume what I am trying to do is 
possible. I would appreciate any insight or advice anyone may have in regards 
to this type of setup.

J

NATing out enc0 traffic

2015-05-27 Thread Justin Mayes

Greetings everyone

I am playing with amazon virtual private clouds (VPC). I have set a few up. I
have no issues connecting ipsec from openbsd  - amazon VPC. All of these
VPCs so far have their own internet connection going out from amazon that
works fine.


[OpenBSD]ipsec-[VPC]-Internet


Next I am setting up a VPC that has no internet gateway. Instead the default
gateway is the vpn and all traffic is sent back through the ipsec tunnel and
then out the local network gateway.

[Internet]
^
|
|
|
[OpenBSD]---ipsec--[VPC]


I added these relevant lines to pf.conf

Match out on $ext_if from !($ext_if:network) nat-to ($ext_if)
pass quick on enc0 keep state (if-bound)

With tcpdump and pfctl  I can tell that traffic from the vpc (10.0.0.0/8)
comes across the tunnel and gets NATed out. I can see that traffic leave the
external interface and I can see the reply come back to the external
interface. The reply never hits enc0 though and never makes it back to the
client.  Is there another piece to the setup I am missing? I assume what I am
trying to do is possible. I would appreciate any insight or advice anyone may
have in regards to this type of setup.

J

Making tftp download large files from tftpd

I will spare you all the backstory but I found that tftp could not download
files over 32 mb by default from tftpd. I know you can pass blocksize to tftpd
to handle much larger files but I was originally working with a client where
this wasn't possible. Tftp protocol has 2 bytes for block number which put a
65535 limit on that. tftpd data doesn't care and will just roll that over back
to 0 and keep sending data. Tftp client fails when there is block number roll
over because it is tracking all the blocks with an int so ends up comparing
its block counter which is now at 65536 to what comes off the network, 0 and
quits. I updated the tftp client code to use same data type as the network
side structs are using  - u_int16_t. Now tftp counter rolls along with server
and can send file of any size with or without a blocksize change. I feel like
this is mostly pointless but doesn't hurt anything. Will gladly provide the
actuall diffs. I have to look into that process for openbsd but just wanted to
check with the group first in case there was a reason an int was used that I
do not understand.

J

Re: Shadow TCP stacks

On the contrary: it_will_  make it impossible for people to know what 
 _we_  are doing. This is not one system I'm talking about: it's 
 countless independent VPNs. No one person in the world will ever know 
 what_we_  are doing.

'countless independent VPNs' + 'a one-time pre-shared key' = big trouble

My advice - Torproject.org
Currently the best math/crypto based solution to provide private service 
hosting and anonymous browsing. Open source, peer reviewed, thoroughly abused 
by smart people and so on. Tor also solves the very real metadata problem this 
paper does not even address. 

Any code that makes it into the kernel introduces complexity must offset its 
long term cost with usefulness. I don't think this repackaged port knocking 
mess passes that test.

J

-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of 
Giancarlo Razzolini
Sent: Monday, October 20, 2014 7:34 AM
To: Ian Grant
Cc: Bret Lambert; OpenBSD general usage list
Subject: Re: Shadow TCP stacks

On 19-10-2014 21:01, Ian Grant wrote:
 On the contrary: it_will_  make it impossible for people to know what 
 _we_  are doing. This is not one system I'm talking about: it's 
 countless independent VPNs. No one person in the world will ever know 
 what_we_  are doing.
Except perhaps for the nations with mass surveillance capabilities.

 It's not security by obscurity, it's a one-time pre-shared key.
Well, the need for a PSK doesn't change the fact that you're trying to conceal 
something, but not making it inherently more secure.

 You think someone can analyse all the HTTP traffic in a country? So 
 what if they could? By the time they've analysed the dumps the service 
 won't be on that host anymore.
In what world do you live? Didn't you followed the news regarding Eduard 
Snowden disclosures? Not only it is possible to analyze all HTTP traffic on any 
given country, but it's also possible to analyze ALL traffic on any given 
country. This is exactly what NSA is doing and perhaps others also. Hell, even 
some companies such as akamai and others can see a great chunk of the internet 
traffic.

 The issue I am addressing is not privacy. You would know that if you 
 had read the Foundation paper:


http://livelogic.blogspot.com/2014/10/the-foundation-parts-iii-iii.html
Yes, you're not addressing *just* privacy. But your original post e-mail 
subject of shadow TCP stacks is misleading.
 Well, they don't have a choice, because OpenBSD is open source, or 
 haven't you heard?
Even if you did manage to create a nice patch, bug free, with great security 
and all, I don't ever see this getting into the OpenBSD source tree. And, as 
Henning, an OpenBSD developer, putted on a reply to you, you don't get to 
decide what they put into their source code tree. As I said before, focus on 
the proper development of good and strong cryptography, and you'll sure see 
your contributions get into OpenBSD, provided they are in the project's 
interest, of course.

Cheers

[demime 1.01d removed an attachment of type application/pkcs7-signature which 
had a name of smime.p7s]

Re: Making tftp download large files from tftpd

Here is my diff to change the data type of the block variable so tftp can
handle tftpd block rollover when transferring large files.
May not be that useful but I'm just using something trivial (pun intended) to
learn the procedure.

J

From: Justin Mayes
Sent: Monday, October 20, 2014 9:26 AM
To: misc@openbsd.org
Subject: Making tftp download large files from tftpd

I will spare you all the backstory but I found that tftp could not download
files over 32 mb by default from tftpd. I know you can pass blocksize to tftpd
to handle much larger files but I was originally working with a client where
this wasn't possible. Tftp protocol has 2 bytes for block number which put a
65535 limit on that. tftpd data doesn't care and will just roll that over back
to 0 and keep sending data. Tftp client fails when there is block number roll
over because it is tracking all the blocks with an int so ends up comparing
its block counter which is now at 65536 to what comes off the network, 0 and
quits. I updated the tftp client code to use same data type as the network
side structs are using  - u_int16_t. Now tftp counter rolls along with server
and can send file of any size with or without a blocksize change. I feel like
this is mostly pointless but doesn't hurt anything. Will gladly provide the
actuall diffs. I have to look into that process for openbsd but just wanted to
check with the group first in case there was a reason an int was used that I
do not understand.

J

[demime 1.01d removed an attachment of type application/octet-stream which had 
a name of tftp.diff]

Re: Making tftp download large files from tftpd

I could. My original problem was with cisco rommon tftpdnld command as client 
failing talking to tftpd. I just notice the tftp client problem while testing 
locally. After this I intend to go back and make tftpd work with whatever cisco 
client is doing. Since that’s a two byte field in the rfc there is no way I 
know of that tftpd or any other server can get more than 65536 in there so all 
they can do is rollover. The only thing I can think is maybe cisco client 
starts at 1 rather than 0. A tcpdump will tell me in a little while. This is 
more of a learning experience for me. I want to go through motions of getting 
source, debugging some issue with gdb, updating the code, build and all that. 
I've done that many times in windows world but not in any unix like Oses. So 
far the exercise is a success in that I learned a ton and if that diff was 
worth anything to anyone, even better. Thanks for the tip tho James, its good 
advice.

J
-Original Message-
From: James A. Peltier [mailto:jpelt...@sfu.ca] 
Sent: Monday, October 20, 2014 5:34 PM
To: Justin Mayes
Cc: misc@openbsd.org
Subject: Re: Making tftp download large files from tftpd

- Original Message -
| I will spare you all the backstory but I found that tftp could not 
| download files over 32 mb by default from tftpd. I know you can pass 
| blocksize to tftpd to handle much larger files but I was originally 
| working with a client where this wasn't possible. Tftp protocol has 2 
| bytes for block number which put a
| 65535 limit on that. tftpd data doesn't care and will just roll that 
| over back to 0 and keep sending data. Tftp client fails when there is 
| block number roll over because it is tracking all the blocks with an 
| int so ends up comparing its block counter which is now at 65536 to 
| what comes off the network, 0 and quits. I updated the tftp client 
| code to use same data type as the network side structs are using  - 
| u_int16_t. Now tftp counter rolls along with server and can send file 
| of any size with or without a blocksize change. I feel like this is 
| mostly pointless but doesn't hurt anything. Will gladly provide the 
| actuall diffs. I have to look into that process for openbsd but just 
| wanted to check with the group first in case there was a reason an int 
| was used that I do not understand.
| 
| J

Or you could chainload iPXE to allow for the downloading of your file over HTTP 
which is much faster than TFTP to begin with.  This is indeed what we do.

--
James A. Peltier
IT Services - Research Computing Group
Simon Fraser University - Burnaby Campus
Phone   : 778-782-6573
Fax : 778-782-3045
E-Mail  : jpelt...@sfu.ca
Website : http://www.sfu.ca/itservices
Twitter : @sfu_rcg
Powering Engagement Through Technology

Re: Route-to with a dynamic 'next hop'

2014-10-14 Thread Justin Mayes

Thanks to both of you for the advice
Just to followup I ended up with the relayd 'routers' setup as described in man 
 page but with a script monitor rather than icmp. The monitor finds gateway for 
interface in route table and pings it with -I interface source address. Seems 
to work as desired. I also got it to work with ifstated but it seemed like more 
script and also a 2nd process when I have to run relayd for other purpose 
anyway. 


-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of 
Stuart Henderson
Sent: Friday, October 10, 2014 4:56 PM
To: misc@openbsd.org
Subject: Re: Route-to with a dynamic 'next hop'

On 2014-10-09, Justin Mayes jma...@careered.com wrote:
 Ok I got it working. Here is what I did

 Enabled multipath routing (sysctl)
 Added the relayd anchor to pf.conf
 Created a relayd.conf with this in it

 gw1=fxp0
 gw2=fxp1

 table gateways { $gw1 ip ttl 1, $gw2 ip ttl 1 } router uplinks {
   route 0.0.0.0/0 
   forward to gateways check icmp
 }

Your relayd test here just pings your own interface's local IP addresses.
For example if fxp0's address is 10.0.0.2, it is pinging 10.0.0.2.
ifconfig fxp0 down will cause it to be detected, but it won't even notice you 
pulling out the cable. Also I don't believe it will track your dynamic address.

One thing you could do in your situation is to use a route-to for the 
connection where you have a static address, and use a probability
PF rule to load balance, allowing other traffic to be hit the normal default 
route.

Another thing you could do is to use multiple route tables, and similarly use 
pf rules to direct traffic to use one table or another.

For failover you can have some external checker (maybe run from ifstated, or 
maybe a simple shell script run from cron) that adjusts the PF ruleset as 
appropriate. You could either switch the whole ruleset out by pointing pfctl -f 
to a different file, or put the relevant route-to pieces in an anchor.

Re: Keyboard through IPMI lag/skipping keys

2014-10-13 Thread Justin Winch

Thanks for the reply.  I am actually on the latest version.  Like I said I do
not have this problem with windows or centos linux.

 Subject: Re: Keyboard through IPMI lag/skipping keys
 From: m...@alumni.chalmers.se
 Date: Mon, 13 Oct 2014 07:47:47 +0200
 CC: misc@openbsd.org
 To: flas...@hotmail.com

 Tried upgrade to a newer IPMI firmware?

  On 13 okt 2014, at 02:11, Justin Winch flas...@hotmail.com wrote:

  I have a very irritating problem with the keyboard lag through IPMI on a
  supermicro X9DRT.  If i install centos I do not have the lag/missed
keystrokes
  and also I do not have this problem with any of my other hardware running
  openbsd.  Some keystrokes dont get logged others are logged twice.

  System--
  http://www.supermicro.com/products/system/2U/6027/SYS-6027TR-DTRF.cfm
  dmesg --

http://img.photobucket.com/albums/v641/2muchricemakesmesick/dmesgmaster.png~o
  riginal

  Can someone please tell me how I can fix this?  It pretty much makes the
  system useless.

  Thanks in advance

Keyboard through IPMI lag/skipping keys

2014-10-12 Thread Justin Winch

I have a very irritating problem with the keyboard lag through IPMI on a
supermicro X9DRT.  If i install centos I do not have the lag/missed keystrokes
and also I do not have this problem with any of my other hardware running
openbsd.  Some keystrokes dont get logged others are logged twice.

System--
http://www.supermicro.com/products/system/2U/6027/SYS-6027TR-DTRF.cfm
dmesg --
http://img.photobucket.com/albums/v641/2muchricemakesmesick/dmesgmaster.png~o
riginal

Can someone please tell me how I can fix this?  It pretty much makes the
system useless.

Thanks in advance

Re: Route-to with a dynamic 'next hop'

Ok I got it working. Here is what I did

Enabled multipath routing (sysctl)
Added the relayd anchor to pf.conf
Created a relayd.conf with this in it

gw1=fxp0
gw2=fxp1

table gateways { $gw1 ip ttl 1, $gw2 ip ttl 1 } 
router uplinks { 
route 0.0.0.0/0 
forward to gateways check icmp
}
Started relayd
Reloaded pf.conf

I then could see with 'relayctl show summary' my two gateways and their 'up' 
status as well as the default route to each with 'route show'. When I 'ifconfig 
down' one interface, 'relayctl show summary' showed it as down and then default 
route to it was removed automatically. Awesomeness.


-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of 
Justin Mayes
Sent: Wednesday, October 8, 2014 10:56 PM
To: misc@openbsd.org
Subject: Re: Route-to with a dynamic 'next hop'

I just watched Reyk's youtube. I'm going with relayd. I can see the 'routers' 
section in the man page for relayd to do what I want. 

http://www.youtube.com/watch?v=JtMxGslqGbM


-Original Message-
From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of 
Justin Mayes
Sent: Wednesday, October 8, 2014 10:04 PM
To: misc@openbsd.org
Subject: Route-to with a dynamic 'next hop'

Greetings all -

I have 2 internet connections. One of them is static IP, one is dynamic. I want 
to use both of them on my gateway. From the man pages and other docs I see the 
use of route-to in the pf.conf including the 'next-hop' that it requires. This 
is easy enough. Problem is that the next hop is hard coded IP in all examples. 
I need that next hop to get updated when my one WAN DHCP link is updated. I 
know about if:peer, if:broadcast, if:network ect but there is no if:gateway. 
Seems like you could have used dhclient-script to adjust pf config when ip 
changed but dhclient-script has been removed.  I also read that relayd has 
become the best option to accomplish this uplink load balancing in current 
versions of OpenBSD. I wanted to check with you all to make sure I'm not 
missing something basic with the load balanced uplink scenario in OpenBSD. As 
always, comments and suggestions are much appreciated.

J

Route-to dynamic next hop

I have 2 internet connections. One of them is static IP, one is dynamic. I
want to use both of them on my gateway. From the man pages and other docs I
see the use of route-to in the pf.conf including the 'next-hop' that it
requires. This is easy enough. Problem is that the next hop is hard coded IP
in all examples. I need that next hop to get updated when my one WAN DHCP link
is updated. I know about if:peer, if:broadcast, if:network ect but there is no
if:gateway. Seems like you could have used dhclient-script to adjust pf config
when ip changed but dhclient-script has been removed.  It also seems like
relayd has become the best option to accomplish this uplink load balancing. I
just wanted to check with you all to make sure I'm not missing something basic
with the load balanced uplink scenario in OpenBSD. As always, comments and
suggestions are much appreciated.

J

Re: Route-to with a dynamic 'next hop'

I did notice the problem with only detecting a LAN failure and was looking at a 
better monitor.  If I just used plain PF rules what would I use for the 
next-hop parameter to the route-to command? This IP is dynamic.

-Original Message-
From: Giancarlo Razzolini [mailto:grazzol...@gmail.com] 
Sent: Thursday, October 9, 2014 7:26 AM
To: Justin Mayes; misc@openbsd.org
Subject: Re: Route-to with a dynamic 'next hop'

On 09-10-2014 02:58, Justin Mayes wrote:
 Ok I got it working. Here is what I did

 Enabled multipath routing (sysctl)
 Added the relayd anchor to pf.conf
 Created a relayd.conf with this in it

 gw1=fxp0
 gw2=fxp1

 table gateways { $gw1 ip ttl 1, $gw2 ip ttl 1 }
 router uplinks {
   route 0.0.0.0/0
   forward to gateways check icmp
 }
 Started relayd
 Reloaded pf.conf

 I then could see with 'relayctl show summary' my two gateways and their 'up' 
 status as well as the default route to each with 'route show'. When I 
 'ifconfig down' one interface, 'relayctl show summary' showed it as down and 
 then default route to it was removed automatically. Awesomeness.

 -Original Message-
 From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of 
 Justin Mayes
 Sent: Wednesday, October 8, 2014 10:56 PM
 To: misc@openbsd.org
 Subject: Re: Route-to with a dynamic 'next hop'

 I just watched Reyk's youtube. I'm going with relayd. I can see the 'routers' 
 section in the man page for relayd to do what I want.

 http://www.youtube.com/watch?v=JtMxGslqGbM

 -Original Message-
 From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of 
 Justin Mayes
 Sent: Wednesday, October 8, 2014 10:04 PM
 To: misc@openbsd.org
 Subject: Route-to with a dynamic 'next hop'

 Greetings all -

 I have 2 internet connections. One of them is static IP, one is dynamic. I 
 want to use both of them on my gateway. From the man pages and other docs I 
 see the use of route-to in the pf.conf including the 'next-hop' that it 
 requires. This is easy enough. Problem is that the next hop is hard coded IP 
 in all examples. I need that next hop to get updated when my one WAN DHCP 
 link is updated. I know about if:peer, if:broadcast, if:network ect but there 
 is no if:gateway. Seems like you could have used dhclient-script to adjust pf 
 config when ip changed but dhclient-script has been removed.  I also read 
 that relayd has become the best option to accomplish this uplink load 
 balancing in current versions of OpenBSD. I wanted to check with you all to 
 make sure I'm not missing something basic with the load balanced uplink 
 scenario in OpenBSD. As always, comments and suggestions are much appreciated.

 J

There is no need to use relayd. Plain pf rules would do the trick, even 
on you dynamic interface. The relayd conf you made will only detect 
failure at the LAN network level. It will not detect internet failure. 
For that you would need to add another checks through icmp to ping 
external ip addresses. Or a check script. There is also the option of 
using ifstated. As, for the rules part you could use the route-to direct 
to the interface.

Cheers

Re: Route-to with a dynamic 'next hop'

My understanding of route-to is that if the destination is not on same network 
as the 'route-to' interface, you need the second 'next hop' parameter. All 
examples I was seeing show pf.conf this way. Is that not right? I will test 
with just the interface name.



-Original Message-
From: Giancarlo Razzolini [mailto:grazzol...@gmail.com] 
Sent: Thursday, October 9, 2014 8:52 AM
To: Justin Mayes; misc@openbsd.org
Subject: Re: Route-to with a dynamic 'next hop'

On 09-10-2014 10:16, Justin Mayes wrote:
 I did notice the problem with only detecting a LAN failure and was looking at 
 a better monitor.  If I just used plain PF rules what would I use for the 
 next-hop parameter to the route-to command? This IP is dynamic.

There is no next-hop. Just make your rule point to the interface. 
route-to (if). You can also make it route-to if. In either cases, you'd 
be better off using ifstated/relayd with anchors to dynamicaly change 
your rules, in case of link failures. Also, if possible, use snmp to 
query your modems/routers to determine the internet link availability.

Cheers

Re: Route-to with a dynamic 'next hop'