Re: DHCP over vr(4) on bridge(4) through vether(4) no working?

[Eric Huiban]

Raimo Niskanen wrote:

> I did a bridge configuration according to the FAQ with bridge0 containing
> athn0, vr1 and vether0.  vether0 got the IP address configuration that
> athn0 had before, dhcpd was reconfigured to serve vr0 and vether0 and that
> worked just fine.  DHCP over athn0 passes through bridge0 and vether0 to
> dhcpd as well as directly from vr0 to dhcpd.
> 
> But DHCP over vr1 through bridge0 and vether0 does not work.  I had to
> configure a static address on the access point to get any further.
> 
> I know that DHCP over vr0 that dhcpd serves directly works, and I know that
> it works when dhcpd serves athn0 directly, plus it works when dhcpd serves
> athn0 throught bridge0 and vether0.

did you try to add something like this in your pf.conf for "debug" :

set skip on { lo0, vr1, athn0 }

Eric

Re: Large datasize - how to limit physical memory?

[Raimo Niskanen]

On Fri, Oct 07, 2016 at 11:47:17AM -0400, Ted Unangst wrote:
> Raimo Niskanen wrote:
> > And the manual page is wrong in claiming that ulimit -m takes effect when
> > the system gets low on memory?
> > 
> > So the only memory limit that is enforced is ulimit -d?
> 
> yeah. i'll fix the manual. thanks for noticing.
> 
> > Bummer.
> > 
> > What I guess we (VM tricksters) would really want is MAP_NORESERVE...
> 
> that's not very hard to add. uvm has a concept of maxprot, which is the
> maximum protections one can add to a page. userland doesn't really get any
> control over this however. there could be a flag that leaves maxprot as none,
> and then we wouldn't need to count that as memory.
 
That would be super!

We (Erlang VM) currently tries use MAP_NORESERVE (and PROT_NONE) to
allocate a big address range and later remap some of it as PROT_READ |
PROT_WRITE when memory is needed.  The address range is used to be able to
quickly identify which kind of memory it is.

The current situation when MAP_NORESERVE is defined but ignored is
confusing and I hoped that PROT_NONE would be enough to make it behave as
MAP_NORESERVE, but to make MAP_NORESERVE work as intended would be much
better!

A big thanks if MAP_NORESERVE should get implemented!
-- 

/ Raimo Niskanen, Erlang/OTP, Ericsson AB

Re: DHCP over vr(4) on bridge(4) through vether(4) no working?

[Raimo Niskanen]

On Fri, Oct 07, 2016 at 11:07:43AM +0200, Raimo Niskanen wrote:
> On Fri, Oct 07, 2016 at 10:42:40AM +0200, LÉVAI Dániel wrote:
> > Raimo Niskanen @ 2016-10-07T09:46:06 +0200:
> > > Hello misc@
> > > 
> > > I have a home router where it seems that DHCP over vr(4) on bridge(4)
> > > through vether(4) does not work.
> > > 
> > [...]
> > > Any hints on how to procede?
> > 
> > Just a shot in the dark, but maybe:
> > 
> > http://marc.info/?l=openbsd-misc&m=147462832805431&w=2
> > http://undeadly.org/cgi?action=article&sid=20160725144108
> 
> Nice shot, but a close miss.  I have vr0-bridge0-vether0 and no dhclient
> running on neither vr0 nor vether0.  The client runs on vr2.  Also I see
> no log entrys in /var/log/daemon from dhcpd about getting a DHCPDISCOVER
> and sending a DHCPOFFER, which I get when the request comes in over
> athn0-bridge0-vether0...  So it is the incoming that does not arrive.

I have to back from that statement.  Now I am convinced it is the same bug!

And it seems to be enough to have a dhclient running on the same machine as
the bridge, or on the same interface type.

I have dhclient running on vr2 and bridge0 contains vr1, athn0 and vether0.

Some more tcpdumping shows that the DHCPDISCOVER comes in on vr1 and is not
distributed to any other bridge member.  But when a DHCPDISCOVER comes in on
athn0 it is distributed to vr1 and vether0.  dhcpd listens on vether0 but
the reply to DHCPDISCOVER is not delivered through vether0 and the bridge.
It shows up on athn0 directly and is not distributed to the other bridge
members.

So dhcpd and the bridge does some monkey business, possibly assisted by
dhclient working on an interface not in the bridge.

I think these all concern the same problem:
http://marc.info/?l=openbsd-misc&m=147462934705670&w=2
http://marc.info/?l=openbsd-bugs&m=147291369828477&w=2
http://marc.info/?l=openbsd-tech&m=147333147600814&w=2
so the devs are probably working on a solution.

My current workaround is to have dhcpd listen to vr0, vr1 and athn0, and
give out different address ranges on the different interfaces.

-- 

/ Raimo Niskanen, Erlang/OTP, Ericsson AB

Re: DHCP over vr(4) on bridge(4) through vether(4) no working?

[Raimo Niskanen]

On Sun, Oct 09, 2016 at 02:29:12PM +0200, Eric Huiban wrote:
> Raimo Niskanen wrote:
> 
> > I did a bridge configuration according to the FAQ with bridge0 containing
> > athn0, vr1 and vether0.  vether0 got the IP address configuration that
> > athn0 had before, dhcpd was reconfigured to serve vr0 and vether0 and that
> > worked just fine.  DHCP over athn0 passes through bridge0 and vether0 to
> > dhcpd as well as directly from vr0 to dhcpd.
> > 
> > But DHCP over vr1 through bridge0 and vether0 does not work.  I had to
> > configure a static address on the access point to get any further.
> > 
> > I know that DHCP over vr0 that dhcpd serves directly works, and I know that
> > it works when dhcpd serves athn0 directly, plus it works when dhcpd serves
> > athn0 throught bridge0 and vether0.
> 
> did you try to add something like this in your pf.conf for "debug" :
> 
> set skip on { lo0, vr1, athn0 }

Thanks for the tip but I think I have figured this out anyway, and other
packets than DHCP packets pass the firewall.  Plus vr1 and athn0 are
configured identically (they are both in group 'lan' and neither of them is
mentioned by name; only the group name is used in pf.conf, so there should
not be any difference between them) and DHCP througn athn0 works.

But I will keep the tip in mind for future use.

-- 

/ Raimo Niskanen, Erlang/OTP, Ericsson AB

Re: OpenBSD 6 + CARP + PFSYNC + vmware esxi 6 - stalled nat connections

[R0me0 ***]

Just a plus


After performed a ton of test's I bring up debian linux  freebsd and
Windows .

freebsd : with fetch tool  no issue using ftp causes the stalled

OpenBSD: wget and ftp tool causes connection stalled

linux debian: wget works

Windows: works

I tested the retrieve  with http://mirrors.slackware.com/slackware/
slackware-iso/slackware64-14.2-iso/slackware64-14.2-install-dvd.iso

Workaround to solve "ifconfig pfsync0 down" was use "no-sync" on nat rule

pass out  (no-sync) nat-to 10.20.30.40


Thanks

















2016-10-08 18:54 GMT-03:00 R0me0 *** :

> Hello Misc,
>
> I kindly would like to ask if anyone already faced something like this:
>
> I have the follow setup
>
> VMware 6 ( one physical interface )
>
> 2x OpenBSD 6 ( cloned machine) ( using E1000 ) ( was using vmxnet3 )
>
> OpenBSD Router running 3 carps ( ext / dmz / lan )
>
> Physical Carp interfaces has no IP
>
> em0 up
> em1 up
> em2 up
> em3 192.168.0.1/30 ( vmware virtual machine port VLAN ) ( tried with
> separeted vswitch )
>
> pfsync0 up syncdev em3 ( tried using syncpeer )
>
> DMZ (carped ) has 4 hosts running  OpenBSD 6
>
>
> ifconfig -g carp carpdemote 20
>
> Failover works as expected ( no issue )
>
> Issue : OpenBSD'S on  DMZ to internet
>
> ftp -d  openbsd.iso  ( I have stalled connection )
>
> pkg_add -u ( in the middle way connect goes stalled  )
>
> It just happen when performing NAT
>
>
> OpenBSD CARP Backup
>
> ifconfig pfsync0 down
>
> connections stop to be stalled
>
> This behavior is happening with OpenBSD hosts and http traffic
>
>
> Thanks in advance

Lenovo X1 Yoga Install Problem

[Jay Kruer]

Hi all,

I'm currently attempting to install OpenBSD 6.0 on a Lenovo X1 Yoga
(2016). I'm installing from a flash drive that I've imaged with
install60.fs using dd; I've verified the sha256 sums and all seems
okay with the image's integrity.

It manages to get to the bootloader, but after the boot> prompt it
spits out "cannot open hd0a:/etc/random.seed: No such file or
directory" then seemingly goes ahead and attempts to boot: "booting
hd0a:/6.0/amd64/bsd.rd"

Next it prints out what appears to be "entry point at 0x1001000" (the
text disappears too quickly for me to be certain) and halts on a black
screen.

Any ideas on how to proceed?

– Jay

Re: OpenBSD vmx driver performance on VMware 5.5 and 6.0

[Steve Shockley]

On 10/7/2016 6:41 AM, Henrik Lund Kramshøj wrote:


It is stable and works, and we can use both em and vmx driver, but only
get around 1.5 - 2.0 Gbit/s


I'm still on ESXi 5.1 in the lab and only have one host, but this seemed 
interesting enough to run some benchmarks.


VM host: ESXi 5.1, Dell R610, one port used for VMs
minecraft: OpenBSD 6.0, em
symon: OpenBSD 6.0, vmx
cerberus: OpenBSD 5.8, bnx1, Dell R210-2, one port used for network
storage: CentOS 7, E1000e, SuperMicro X8DT6, two ports in LACP
librenms: OpenBSD 6.0, vmx
Cisco 3750-E switch (no 10 GB used)

server  client  speed   notes
librenmsminecraft   289 MB/sec
librenmsstorage 791 MB/sec
storage librenms521 MB/sec  start 937, ended 231
storage librenms933 MB/sec
storage cerberus925 MB/sec
cerberuslibrenms468 MB/sec  Start 882, then ~200,
then back to ~800
cerberuslibrenms923 MB/sec
cerberusstorage 817 MB/sec
cerberussymon   925 MB/sec
symon   cerberus287 MB/sec
symon   cerberus478 MB/sec  Varied ~300 t0 ~700
symon   storage 817 MB/sec
symon   minecraft   867 MB/sec  Varied 472 to 1210
minecraft   symon   1250 MB/sec

In my case, it appears vmx performance varies widely, and em performance 
is generally good.  Let me know if you want any other combinations tested.