Re: 82599ES support

[Evgeniy Sudyr]

I'm using AOC-STGN-i2S and can confirm it works perfect with ix(4)

On Tue, May 2, 2017 at 11:13 PM, Zeljko Jovanovic
 wrote:
> On 02.05.2017. 19:57, Lyndon Nerenberg wrote:
>
>> We're looking to buy some 10-gig SFP+ boards, and are eyeing up
>> Supermicro's 2-port boards (listed as the 'Intel 82599ES - AOC-STGN-i2S').
>>
>> ix(4) doesn't list the ES variant of the chip, and a quick grep through
>> the driver source doesn't mention it explicitly, either.  Are any of you
>> running this board under >= 6.0 ?
>>
>> (We need to buy these boards as part of a single lease, so I'm constrained
>> on what's available.  Otherwise I'd just buy some X520s.)
>
>
>
> 82599ES is the the "standard" two-interface chip, which is used in Intel
> X520 and many other boards.
>
> 82599EB is also a two-interface chip, but with XAUI interface only (no 10
> Gb/s serial capability for directly connecting to SFP+). I didn't see any
> boards which use it, but it would be suitable for XENPAK or X2 transceivers.
> So 82599ES is essentialy 82599EB + serdes.
>
> There is also 82599EN, which is a single port 82599ES.
>
>
> These data can be found in the 82599 datasheet. I am familiar with them,
> because five years ago I worked on a 82599ES board design, but sadly my
> company didn't mananage to finish it on time. There was suddenly more and
> more boards on the market, the prices dropped, and we abandoned the
> almost-completed project.
>



-- 
--
With regards,
Eugene Sudyr

NVM Express (NVMe) support status

[Evgeniy Sudyr]

Hi all,

I'm looking status of NVM Express support in -current (got Intel 750
consumer device
https://www-ssl.intel.com/content/www/us/en/solid-state-drives/solid-state-drives-750-series.html
for home desktop, but it looks like all devices are using the same
Specification).

I found 2 commits of nvme_pci.c from @dlg there:

http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/nvme_pci.c

But commit message sounds work is abandoned, because of problems faced.

I found specification exists there http://www.nvmexpress.org/specifications/

It also works for me under Linux and NVMe driver is maintained by
Intel developer Matthew Wilcox.
https://github.com/torvalds/linux/tree/master/drivers/nvme

Looks already implemented in FreeBSD (didn't tested yet):

http://svnweb.freebsd.org/base/head/sys/dev/nvme/nvme.h?view=log&pathrev=240616
https://svnweb.freebsd.org/base/head/sys/dev/nvme/

It will be great to get this "awesome fast" storage support in next
OpenBSD release(s).

Anybody aware of any plans on this?

--
With regards,
Evgeniy

OpenBSD ipsec performance on modern HW

[Evgeniy Sudyr]

Hi

I need to figure if I can improve isakmpd / ipsec performance in my setup
on openbsd -current

I have two boxes connected to each other via 1Gbit link and I'm using iperf
to test performance with default ipsec.conf between these two servers:

# cat ipsec.conf:
ike esp from aaa.aaa.aaa.118 to aaa.aaa.aaa.98

# ipsecctl -sa
FLOWS:
flow esp in from aaa.aaa.aaa.98 to aaa.aaa.aaa.118 peer aaa.aaa.aaa.98
srcid aaa.aaa.aaa.118/32 dstid aaa.aaa.aaa.98/32 type use
flow esp out from aaa.aaa.aaa.118 to aaa.aaa.aaa.98 peer aaa.aaa.aaa.98
srcid aaa.aaa.aaa.118/32 dstid aaa.aaa.aaa.98/32 type require

SAD:
esp tunnel from aaa.aaa.aaa.98 to aaa.aaa.aaa.118 spi 0x0a04680a auth
hmac-sha2-256 enc aes
esp tunnel from aaa.aaa.aaa.118 to aaa.aaa.aaa.98 spi 0x4b4f91bb auth
hmac-sha2-256 enc aes


BOX1 dmesg:
# dmesg
OpenBSD 5.4-beta (GENERIC.MP) #27: Fri Jul 12 10:35:54 MDT 2013
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 34333917184 (32743MB)
avail mem = 33412231168 (31864MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0x9a800 (90 entries)
bios0: vendor HP version "O33" date 07/06/2011
bios0: HP ProLiant DL160 G6
acpi0 at bios0: rev 2
acpi0: sleep states S0 S4 S5
acpi0: tables DSDT FACP APIC SPCR MCFG SPMI SLIC BOOT OEMB HPET SRAT DMAR
SSDT EINJ BERT ERST HEST
acpi0: wakeup devices NPE1(S4) NPE2(S4) NPE3(S4) NPE4(S4) NPE5(S4) NPE6(S4)
NPE7(S4) NPE8(S4) NPE9(S4) NPEA(S4) P0P1(S4) USB0(S4) USB1(S4) USB2(S4)
USB5(S4) EUSB(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz, 2400.45 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,
LAHF,PERF,ITSC
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
cpu0: apic clock running at 133MHz
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz, 2400.09 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,
LAHF,PERF,ITSC
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 18 (application processor)
cpu2: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz, 2400.09 MHz
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,
LAHF,PERF,ITSC
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 9, package 0
cpu3 at mainbus0: apid 20 (application processor)
cpu3: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz, 2400.09 MHz
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,
LAHF,PERF,ITSC
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 10, package 0
cpu4 at mainbus0: apid 32 (application processor)
cpu4: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz, 2400.09 MHz
cpu4:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,
LAHF,PERF,ITSC
cpu4: 256KB 64b/line 8-way L2 cache
cpu4: smt 0, core 0, package 1
cpu5 at mainbus0: apid 34 (application processor)
cpu5: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz, 2400.09 MHz
cpu5:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,
LAHF,PERF,ITSC
cpu5: 256KB 64b/line 8-way L2 cache
cpu5: smt 0, core 1, package 1
cpu6 at mainbus0: apid 50 (application processor)
cpu6: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz, 2400.09 MHz
cpu6:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,
LAHF,PERF,ITSC
cpu6: 256KB 64b/line 8-way L2 cache
cpu6: smt 0, core 9, package 1
cpu7 at mainbus0: apid 52 (application processor)
cpu7: Intel(R) Xeon(R) CPU E5620 @ 2.40GHz, 2400.09 MHz
cpu7:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX
,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,POPCNT,AES,NXE,LONG,
LAHF,PERF,ITSC
cpu7: 256KB 64b/line 8-way L2 cache
cpu

Re: OpenBSD ipsec performance on modern HW

[Evgeniy Sudyr]

systat output from one of Box-es:

4 usersLoad 0.89 0.35 0.22 Sun Jul 14 13:34:03
2013

memory totals (in KB)PAGING   SWAPPING
Interrupts
   real   virtual free   in  out   in  out12188
total
Active24660 24660  3930924   ops807
clock
All  102832102832  8336372   pages 4998 ipi
   6383 em0
Proc:r  d  s  wCsw   Trp   Sys   Int   Sof  Flt   forks em2
   6 109562637  3610 64629   78   fkppw
ehci0
  fksvm em4
   4.9%Int   7.3%Sys   0.0%Usr   0.0%Nic  87.8%Idle   pwait
uhci0
|||||||||||   relck
ehci1
||rlkok
pciide0
  noram
Namei Sys-cacheProc-cacheNo-cache ndcpy
Calls hits%hits %miss   % fltcp
  zfod
  cow
Disks   wd0 33614 fmin
seeks   44818 ftarg
xfers itarg
speed   8 wired
  sec pdfre
  pdscn
  pzidle
   25 kmapent



On Sun, Jul 14, 2013 at 1:25 PM, Christopher Zimmermann  wrote:

> On Sun, 14 Jul 2013 13:13:32 +0300
> Evgeniy Sudyr  wrote:
>
> > During iperf tests I see that both servers CPU usage is low and iperf
> > is only CPU consumer:
> >
> > load averages:  0.91,  0.36,
> > 0.39
> > gateway 15:55:06
> > 29 processes: 28 idle, 1 on processor
> > All CPUs:  0.0% user,  0.0% nice,  7.8% system,  5.8% interrupt,
> > 86.3% idle Memory: Real: 19M/95M act/tot Free: 31G Cache: 34M Swap:
> > 0K/32G
> >
> >   PID USERNAME PRI NICE  SIZE   RES STATE WAIT  TIMECPU
> > COMMAND 7243 root  280 1696K 1736K idle  - 6:45
> > 33.30% iperf 19984 ejectevg  280 1132K 2132K onproc/3  -
> > 0:02  1.46% top 23492 root   20 1692K  716K idle  -
> > 346:47  0.00% isakmpd
>
> Hi,
>
> I'm no expert in performance tuning, but I guess systat output would be
> more interesting since IPsec work is done in kernel - not in userspace.
> I also would guess that SMP doesn't help here, so doing the benchmarks
> with a non-SMP kernel would probably give better scaled % numbers for
> interrupt, system and userspace CPU usage.
>
> Christopher
>



-- 
--
With regards,
Eugene Sudyr

Re: OpenBSD ipsec performance on modern HW

[Evgeniy Sudyr]

top CPU load during iperf test


Box1:

load averages:  0.48,  0.17,  0.11  gateway1 18:40:59
24 processes: 23 idle, 1 on processor
CPU0 states:  0.0% user,  0.0% nice, 35.9% system, 15.8% interrupt, 48.3%
idle
CPU1 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100%
idle
CPU2 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100%
idle
CPU3 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100%
idle
CPU4 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100%
idle
CPU5 states:  0.0% user,  0.0% nice,  8.2% system,  1.2% interrupt, 90.6%
idle
CPU6 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100%
idle
CPU7 states:  0.0% user,  0.0% nice, 32.1% system,  0.6% interrupt, 67.3%
idle
Memory: Real: 19M/94M act/tot Free: 3845M Cache: 32M Swap: 0K/4302M


Box2:
load averages:  1.29,  0.43,  0.21 gateway2 18:41:42
30 processes: 29 idle, 1 on processor
CPU00 states:  0.0% user,  0.0% nice,  4.0% system, 87.3% interrupt,  8.7%
idle
CPU01 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100%
idle
CPU02 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100%
idle
CPU03 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100%
idle
CPU04 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100%
idle
CPU05 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100%
idle
CPU06 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100%
idle
CPU07 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100%
idle
CPU08 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100%
idle
CPU09 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100%
idle
CPU10 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100%
idle
CPU11 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100%
idle
CPU12 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100%
idle
CPU13 states:  0.0% user,  0.0% nice, 56.5% system,  0.0% interrupt, 43.5%
idle
CPU14 states:  0.0% user,  0.0% nice, 72.7% system, 11.9% interrupt, 15.4%
idle
CPU15 states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100%
idle
Memory: Real: 20M/98M act/tot Free: 31G Cache: 36M Swap: 0K/32G





On Sun, Jul 14, 2013 at 4:55 PM, Christian Weisgerber wrote:

> Evgeniy Sudyr  wrote:
>
> > I need to figure if I can improve isakmpd / ipsec performance in my setup
> > on openbsd -current
> >
> > I have two boxes connected to each other via 1Gbit link and I'm using
> iperf
> > to test performance with default ipsec.conf between these two servers:
> >
> > # cat ipsec.conf:
> > ike esp from aaa.aaa.aaa.118 to aaa.aaa.aaa.98
>
> Since both your machines have AES-NI, I'd use AES-GCM there
> ("quick enc aes-128-gcm").
>
> > BOX1 dmesg:
> > BOX2 dmesg:
>
> Those are ncpu=16 and ncpu=8 machines...
>
> > During iperf tests I see that both servers CPU usage is low and iperf is
> > only CPU consumer:
>
> That's the CPU usage summed over all cores.  But the OpenBSD kernel
> isn't multithreaded, so it only can make use of a fraction of the
> total CPU power.
>
> --
> Christian "naddy" Weisgerber  na...@mips.inka.de
>
>


-- 
--
With regards,
Eugene Sudyr

Re: OpenBSD ipsec performance on modern HW

[Evgeniy Sudyr]

All,

during my tests I seen that CPU on all cores and memory usage was very low.
Just interesting if there are any bottlenecks and how to fix them.

1) Does anybody care tcp stack tuning for high speed IPSEC ?
2) Can I run IPSEC (that's isakmpd ?) on other cores?


Pierre,
can you share your ipsec config to check same on my side.

Re: OpenBSD ipsec performance on modern HW

[Evgeniy Sudyr]

Thank you alot! I will try to repeat testing with -gcm today.


On Mon, Jul 22, 2013 at 10:16 AM, BARDOU Pierre  wrote:

> Hi,
>
> The testbed has been reused since I ran the tests, but the config was
> something standard like :
>
> ike esp from a.b.c.d/24  to e.f.g.h/24 peer i.j.k.l \
> main auth hmac-sha1 enc aes-256 \
> quick auth hmac-sha1 enc aes-256 psk "secret"
>
> If I remember well, for AES-GCM, there is no AUTH parameter, and it is
> phase 2 only. So it was something like :
> ike esp from a.b.c.d/24  to e.f.g.h/24 peer i.j.k.l \
> main auth hmac-sha1 enc aes-256 \
> quick enc aes-256-gcm psk "secret"
>
> If I've made syntax errors ipssecctl will tell you quickly btw.
>
> --
> Cordialement,
> Pierre BARDOU
>
> De : Evgeniy Sudyr [mailto:eject.in...@gmail.com]
> Envoyé : dimanche 21 juillet 2013 13:17
> À : BARDOU Pierre
> Cc : misc@openbsd.org
> Objet : Re: OpenBSD ipsec performance on modern HW
>
> All,
>
> during my tests I seen that CPU on all cores and memory usage was very low.
> Just interesting if there are any bottlenecks and how to fix them.
> 1) Does anybody care tcp stack tuning for high speed IPSEC ?
> 2) Can I run IPSEC (that's isakmpd ?) on other cores?
>
> Pierre,
> can you share your ipsec config to check same on my side.
>
>


--
--
With regards,
Eugene Sudyr

Xorg on ASRock i945GZ problem

[Evgeniy Sudyr]

Hi, all I have problem  with Xorg on -current. Card is supported (as I
see) but X not startx :(.

Look for my dmesg, xorg.conf and Xorg.0.log below and please let me
know if there is a way to debug this problem.


 int 23 (irq 5)
uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x01: apic 2
int 19 (irq 11)
uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x01: apic 2
int 18 (irq 15)
uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x01: apic 2
int 16 (irq 10)
ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x01: apic 2
int 23 (irq 5)
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb0 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xe1
pci1 at ppb0 bus 1
rl0 at pci1 dev 7 function 0 "Realtek 8139" rev 0x10: apic 2 int 22
(irq 3), address 00:13:8f:b3:e9:18
rlphy0 at rl0 phy 0: RTL internal PHY
ichpcib0 at pci0 dev 31 function 0 "Intel 82801GB LPC" rev 0x01: PM disabled
pciide0 at pci0 dev 31 function 1 "Intel 82801GB IDE" rev 0x01: DMA,
channel 0 configured to compatibility, channel 1 configured to
compatibility
atapiscsi0 at pciide0 channel 0 drive 1
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  ATAPI
5/cdrom removable
cd0(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2
pciide0: channel 1 ignored (disabled)
pciide1 at pci0 dev 31 function 2 "Intel 82801GB SATA" rev 0x01: DMA,
channel 0 configured to native-PCI, channel 1 configured to native-PCI
pciide1: using apic 2 int 19 (irq 11) for native-PCI interrupt
ichiic0 at pci0 dev 31 function 3 "Intel 82801GB SMBus" rev 0x01: apic
2 int 19 (irq 11)
iic0 at ichiic0
spdmem0 at iic0 addr 0x50: 512MB DDR2 SDRAM non-parity PC2-5300CL5
spdmem1 at iic0 addr 0x52: 512MB DDR2 SDRAM non-parity PC2-5300CL5
usb1 at uhci0: USB revision 1.0
uhub1 at usb1 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3 "Intel UHCI root hub" rev 1.00/1.00 addr 1
usb4 at uhci3: USB revision 1.0
uhub4 at usb4 "Intel UHCI root hub" rev 1.00/1.00 addr 1
isa0 at ichpcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pmsi0 at pckbc0 (aux slot)
pckbc0: using irq 12 for aux slot
wsmouse0 at pmsi0 mux 0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
wbsio0 at isa0 port 0x2e/2: W83627EHF rev 0x63
lm1 at wbsio0 port 0x290/8: W83627EHF
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
mtrr: Pentium Pro MTRR support
softraid0 at root
PXE boot MAC address 00:13:8f:b3:e9:18, interface rl0
nfs_boot: using interface rl0, with revarp & bootparams
nfs_boot: client_addr=192.168.100.28
nfs_boot: server_addr=192.168.100.254 hostname=eject
root on 192.168.100.254:/exports/eject/root
swap on 192.168.100.254:/exports/eject/swap
syncing disks...
OpenBSD 4.5-current (DISKLESS) #1: Thu Mar 19 15:08:47 EET 2009
   r...@eject:/usr/src/sys/arch/i386/compile/DISKLESS
cpu0: Intel(R) Pentium(R) 4 CPU 3.00GHz ("GenuineIntel" 686-class) 3 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,CX16,xTPR
real mem  = 1064595456 (1015MB)
avail mem = 1021075456 (973MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 04/24/07, BIOS32 rev. 0 @
0xf0010, SMBIOS rev. 2.4 @ 0xfbb30 (22 entries)
bios0: vendor American Megatrends Inc. version "P1.90" date 04/24/2007
acpi0 at bios0: rev 0
acpi0: tables DSDT FACP APIC MCFG OEMB
acpi0: wakeup devices P0P2(S4) P0P1(S4) PS2K(S4) PS2M(S4) UAR1(S4)
EUSB(S4) MC97(S4) HDAC(S4) P0P4(S4) P0P5(S4) P0P6(S4) P0P7(S4)
P0P8(S4) P0P9(S4) USB0(S4) USB1(S4) USB2(S4) USB3(S4) SLPB(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: apic clock running at 199MHz
vmt0 at mainbus0vmware: open failed, eax=, ecx=001e, edx=5658
: failed to open backdoor RPC channel
ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus -1 (P0P2)
acpiprt2 at acpi0: bus 1 (P0P1)
acpiprt3 at acpi0: bus -1 (P0P4)
acpiprt4 at acpi0: bus -1 (P0P5)
acpiprt5 at acpi0: bus -1 (P0P6)
acpiprt6 at acpi0: bus -1 (P0P7)
acpiprt7 at acpi0: bus -1 (P0P8)
acpiprt8 at acpi0: bus -1 (P0P9)
acpicpu0 at acpi0
acpibtn0 at acpi0: SLPB
acpibtn1 at acpi0: PWRB
bios0: ROM list: 0xc/0xae00! 0xcb000/0x1000
vesabios0 at mainbus0: version 3.0, Intel Corporation Intel(r) 82945G
Chipset Family Graphics Controller
vesabios0: VESA mode 0160: attributes 
vesabios0: VESA mode 0161: attributes 
vesabios0: VESA mode 0162: attributes 
vesabios0: VESA mode 0163: attributes 
vesabios0: VESA mode 0164: attributes 
vesabios0: VESA m

Plans for implementing RFC 5925

[Evgeniy Sudyr]

Dear OpenBSD developers,

 do you have any plans for implementing TCP-AO which is described in
RFC 5925 and Obsoletes RFC 2385 in near future?

-- 
With regards,
Evgeniy Sudyr

Partition Input/output error

[Evgeniy Sudyr]

 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 100MHz
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Xeon(R) CPU X5660 @ 2.80GHz, 2793.05 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,HTT,SSE3,SSSE3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
acpihpet0 at acpi0: 6250 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0: C1(@1 halt!)
acpicpu1 at acpi0: C1(@1 halt!)
"PNP0F13" at acpi0 not configured
"PNP0303" at acpi0 not configured
"PNP0700" at acpi0 not configured
"ACPI0007" at acpi0 not configured
"ACPI0007" at acpi0 not configured
pvbus0 at mainbus0: Xen 4.8
xen0 at pvbus0: features 0x2705, 32 grant table frames, event channel 1
xbf0 at xen0 backend 0 channel 6: disk
scsibus1 at xbf0: 2 targets
sd0 at scsibus1 targ 0 lun 0:  SCSI3 0/direct fixed
sd0: 5120MB, 512 bytes/sector, 10485760 sectors
xbf1 at xen0 backend 0 channel 7: disk
scsibus2 at xbf1: 2 targets
sd1 at scsibus2 targ 0 lun 0:  SCSI3 0/direct fixed
sd1: 1677724MB, 512 bytes/sector, 3435978752 sectors
"vkbd" at xen0: device/vkbd/0 not configured
xnf0 at xen0 backend 0 channel 8: address 00:17:3e:50:fd:99
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00
pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA,
channel 0 wired to compatibility, channel 1 wired to compatibility
pciide0: channel 0 disabled (no drives)
pciide0: channel 1 disabled (no drives)
uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 1 int 23
piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03: SMBus disabled
xspd0 at pci0 dev 2 function 0 "XenSource Platform Device" rev 0x01
vga1 at pci0 dev 3 function 0 "Bochs VGA" rev 0x02
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
isa0 at pcib0
isadma0 at isa0
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 1: density unknown
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pms0 at pckbc0 (aux slot)
wsmouse0 at pms0 mux 0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
usb0 at uhci0: USB revision 1.0
uhub0 at usb0 configuration 1 interface 0 "Intel UHCI root hub" rev
1.00/1.00 addr 1
uhidev0 at uhub0 port 1 configuration 1 interface 0 "QEMU QEMU USB
Tablet" rev 2.00/0.00 addr 2
uhidev0: iclass 3/0
ums0 at uhidev0: 3 buttons, Z dir
wsmouse1 at ums0 mux 0
vscsi0 at root
scsibus3 at vscsi0: 256 target
softraid0 at root
scsibus4 at softraid0: 256 targets
root on sd0a (9c43dedec3141fca.a) swap on sd0b dump on sd0b

Please advice for next troubleshooting steps.

--
With regards,
Evgeniy Sudyr

Re: Partition Input/output error

[Evgeniy Sudyr]

Yes, sorry my bad
# dd if=/dev/rsd1a of=/dev/null bs=1m count=1000
1000+0 records in
1000+0 records out
1048576000 bytes transferred in 6.088 secs (172228383 bytes/sec)

Unfortunately this not solves mount problem.

Also tried mount to other mount point:

# mount
/dev/sd0a on / type ffs (local)
/dev/sd1a on /tmp/1 type ffs (local)

# ls -lah /tmp/1
ls: /tmp/1: Input/output error

--
Evgeniy


On Mon, Apr 17, 2017 at 5:03 PM, Sterling Archer  wrote:
>
>
> On Mon, Apr 17, 2017 at 4:22 PM, Evgeniy Sudyr 
> wrote:
>
> snip
>
>> # dd if=/dev/sd1a  of=/dev/null bs=1m
>> dd: /dev/sd1a: Input/output error
>> 0+0 records in
>> 0+0 records out
>> 0 bytes transferred in 0.012 secs (0 bytes/sec)
>>
>
> Use /dev/rsd1a
>
>



-- 
--
With regards,
Eugene Sudyr

Re: OpenBSD ipsec performance on modern HW

[Evgeniy Sudyr]

Sorry for late response to my own thread :)

After almost 2 years I got same performance issues. I have 2 test
boxes (i5 CPU 650 @ 3.20GHz, 3192.42 MHz and i5-3470 CPU @ 3.20GHz,
3193.26 MHz) both with AES-NI support and this time I have a chance to
reply with  my results.

1) Without IPSEC I'm getting ± 920 Mbit/sec
2) With IPSEC and aes-128 or aes-256 enc I'm getting ± 270 Mbits/sec
3) With IPSEC and aes-128-gcm or aes-256-gcm enc I'm getting ± 600 Mbits/sec

All tests were done on -stable which is 5.6 GENERIC.MP#0 amd64.

I did traffic generation on same boxes I have IPSEC peers, this
resulted to high CPU usage on CPU0 on both boxes (± 80% on client and
± 55% on server), so this test is not 100% accurate from maximum
possible performance of view.

Did anybody have significantly better results? Any luck to improve
ipsec performance today?

Power of Proof:
Screenshot with my test results http://snag.gy/EmrTw.jpg
Screenshot top during test: http://snag.gy/p0HJT.jpg

cat ipsec.conf

ike esp from 192.168.7.226 to 192.168.8.114 \
main auth hmac-sha1 enc aes-256 group modp1024 \
quick enc aes-256-gcm group modp1024 \
psk "12345678"

--
Evgeniy Sudyr

On Mon, Jul 22, 2013 at 11:42 AM, Evgeniy Sudyr  wrote:
> Thank you alot! I will try to repeat testing with -gcm today.
>
>
> On Mon, Jul 22, 2013 at 10:16 AM, BARDOU Pierre  wrote:
>>
>> Hi,
>>
>> The testbed has been reused since I ran the tests, but the config was
>> something standard like :
>>
>> ike esp from a.b.c.d/24  to e.f.g.h/24 peer i.j.k.l \
>> main auth hmac-sha1 enc aes-256 \
>> quick auth hmac-sha1 enc aes-256 psk "secret"
>>
>> If I remember well, for AES-GCM, there is no AUTH parameter, and it is
>> phase 2 only. So it was something like :
>> ike esp from a.b.c.d/24  to e.f.g.h/24 peer i.j.k.l \
>> main auth hmac-sha1 enc aes-256 \
>> quick enc aes-256-gcm psk "secret"
>>
>> If I've made syntax errors ipssecctl will tell you quickly btw.
>>
>> --
>> Cordialement,
>> Pierre BARDOU
>>
>> De : Evgeniy Sudyr [mailto:eject.in...@gmail.com]
>> Envoyé : dimanche 21 juillet 2013 13:17
>> À : BARDOU Pierre
>> Cc : misc@openbsd.org
>> Objet : Re: OpenBSD ipsec performance on modern HW
>>
>> All,
>>
>> during my tests I seen that CPU on all cores and memory usage was very
>> low.
>> Just interesting if there are any bottlenecks and how to fix them.
>> 1) Does anybody care tcp stack tuning for high speed IPSEC ?
>> 2) Can I run IPSEC (that's isakmpd ?) on other cores?
>>
>> Pierre,
>> can you share your ipsec config to check same on my side.
>>
>
>
>
> --
> --
> With regards,
> Eugene Sudyr



-- 
--
With regards,
Eugene Sudyr

Panic: malloc: out of space in kmem_map

[Evgeniy Sudyr]

Hi all,

On -stable with patches installed  on Supermicro server, got Panic:
malloc: out of space in kmem_map.

This is first time this panic happened.

On this server haproxy and bgpd were running where haproxy was running
under  high load ± 3.5 before failure.

Sorry, but I have no access to serial console, only way I can get ddb
is KVM console.

I've placed them all there
https://www.dropbox.com/sh/dwmjt7wwunhk5gb/AABaNT5RwqLyggWlbGxOIgqPa?dl=0

This is  dmesg:

OpenBSD 5.6-stable (GENERIC.MP) #0: Thu Feb 12 16:16:18 EET 2015
root@router1-test:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 17128275968 (16334MB)
avail mem = 16663535616 (15891MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xec640 (131 entries)
bios0: vendor American Megatrends Inc. version "3.00" date 07/05/2013
bios0: Supermicro X9SRW-F
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S4 S5
acpi0: tables DSDT FACP APIC FPDT HPET PRAD SPMI SSDT EINJ ERST HEST
BERT DMAR MCFG
acpi0: wakeup devices P0P9(S1) EUSB(S4) USBE(S4) PEX0(S4) PWVE(S4)
PEX1(S4) PEX2(S4) PEX3(S4) PEX4(S4) PEX5(S4) PEX6(S4) PEX7(S4)
NPE1(S4) NPE2(S4) NPE3(S4) NPE4(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU E5-2609 v2 @ 2.50GHz, 2500.42 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS
cpu0: 256KB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 99MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.1.0, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Xeon(R) CPU E5-2609 v2 @ 2.50GHz, 2499.99 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS
cpu1: 256KB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Xeon(R) CPU E5-2609 v2 @ 2.50GHz, 2500.00 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS
cpu2: 256KB 64b/line 8-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Xeon(R) CPU E5-2609 v2 @ 2.50GHz, 2500.00 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS
cpu3: 256KB 64b/line 8-way L2 cache
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 0 pa 0xfec0, version 20, 24 pins
ioapic1 at mainbus0: apid 2 pa 0xfec01000, version 20, 24 pins
acpihpet0 at acpi0: 14318179 Hz
acpimcfg0 at acpi0 addr 0x8000, bus 0-255
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 9 (P0P9)
acpiprt2 at acpi0: bus 7 (PEX0)
acpiprt3 at acpi0: bus -1 (PEX1)
acpiprt4 at acpi0: bus -1 (PEX2)
acpiprt5 at acpi0: bus -1 (PEX3)
acpiprt6 at acpi0: bus -1 (PEX4)
acpiprt7 at acpi0: bus -1 (PEX5)
acpiprt8 at acpi0: bus -1 (PEX6)
acpiprt9 at acpi0: bus -1 (PEX7)
acpiprt10 at acpi0: bus 6 (P0PA)
acpiprt11 at acpi0: bus 1 (NPE1)
acpiprt12 at acpi0: bus -1 (NPE2)
acpiprt13 at acpi0: bus 3 (NPE3)
acpiprt14 at acpi0: bus -1 (NPE4)
acpiprt15 at acpi0: bus -1 (NPE5)
acpiprt16 at acpi0: bus -1 (NPE6)
acpiprt17 at acpi0: bus 4 (NPE7)
acpiprt18 at acpi0: bus -1 (NPE8)
acpiprt19 at acpi0: bus -1 (NPE9)
acpiprt20 at acpi0: bus -1 (NPEA)
acpicpu0 at acpi0: C2, C1, PSS
acpicpu1 at acpi0: C2, C1, PSS
acpicpu2 at acpi0: C2, C1, PSS
acpicpu3 at acpi0: C2, C1, PSS
acpibtn0 at acpi0: SLPB
acpibtn1 at acpi0: PWRB
ipmi at mainbus0 not configured
cpu0: Enhanced SpeedStep 2500 MHz: speeds: 2500, 2400, 2300, 2200,
2100, 2000, 1900, 1800, 1700, 1600, 1500, 1400, 1300, 1200 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel E5 v2 Host" rev 0x04
ppb0 at pci0 dev 1 function 0 "Intel E5 v2 PCIE" rev 0x04: msi
pci1 at ppb0 bus 1
em0 at pci1 dev 0 function 0 "Intel I350" rev 0x01: msi, address
a0:36:9f:54:73:78
em1 at pci1 dev 0 function 1 "Intel I350" rev 0x01: msi, address
a0:36:9f:54:73:79
em2 at pci1 dev 0 funct

Re: Panic: malloc: out of space in kmem_map

[Evgeniy Sudyr]

Sorry for delayed answer, I did both before:

show uvmexp

https://www.dropbox.com/sh/dwmjt7wwunhk5gb/AABTdTS98GLF2vRN56mn6knpa/Screen%20Shot%202015-04-02%20at%2011.37.20.png?dl=0
https://www.dropbox.com/sh/dwmjt7wwunhk5gb/AAAPsq3yPHI3w5u_-ViB-Elva/Screen%20Shot%202015-04-02%20at%2011.37.27.png?dl=0

show all pools:

https://www.dropbox.com/sh/dwmjt7wwunhk5gb/AAAbYVDgpH89Rh_g4Jl5ONOga/Screen%20Shot%202015-04-02%20at%2011.47.08.png?dl=0
https://www.dropbox.com/sh/dwmjt7wwunhk5gb/AACi9B7jT2gbmr1YQWKQeYRpa/Screen%20Shot%202015-04-02%20at%2011.47.14.png?dl=0
https://www.dropbox.com/sh/dwmjt7wwunhk5gb/AACi9B7jT2gbmr1YQWKQeYRpa/Screen%20Shot%202015-04-02%20at%2011.47.14.png?dl=0
https://www.dropbox.com/sh/dwmjt7wwunhk5gb/AAA62XYFUPFAZ37vVdiDpsm-a/Screen%20Shot%202015-04-02%20at%2011.47.20.png?dl=0
https://www.dropbox.com/sh/dwmjt7wwunhk5gb/AAD2K3pLsAqORiknjPaFHz3sa/Screen%20Shot%202015-04-02%20at%2011.47.52.png?dl=0

I had to restart server because I'm afraid that second (same hw) can
do same panic.

On Thu, Apr 2, 2015 at 3:04 PM, Mark Kettenis  wrote:
>> Date: Thu, 2 Apr 2015 13:16:12 +0200
>> From: Evgeniy Sudyr 
>>
>> Hi all,
>>
>> On -stable with patches installed  on Supermicro server, got Panic:
>> malloc: out of space in kmem_map.
>>
>> This is first time this panic happened.
>>
>> On this server haproxy and bgpd were running where haproxy was running
>> under  high load ± 3.5 before failure.
>>
>> Sorry, but I have no access to serial console, only way I can get ddb
>> is KVM console.
>>
>> I've placed them all there
>> https://www.dropbox.com/sh/dwmjt7wwunhk5gb/AABaNT5RwqLyggWlbGxOIgqPa?dl=0
>>
>> This is  dmesg:
>>
>> OpenBSD 5.6-stable (GENERIC.MP) #0: Thu Feb 12 16:16:18 EET 2015
>> root@router1-test:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>> real mem = 17128275968 (16334MB)
>> avail mem = 16663535616 (15891MB)
>> mpath0 at root
>> scsibus0 at mpath0: 256 targets
>> mainbus0 at root
>> bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xec640 (131 entries)
>> bios0: vendor American Megatrends Inc. version "3.00" date 07/05/2013
>> bios0: Supermicro X9SRW-F
>> acpi0 at bios0: rev 2
>> acpi0: sleep states S0 S1 S4 S5
>> acpi0: tables DSDT FACP APIC FPDT HPET PRAD SPMI SSDT EINJ ERST HEST
>> BERT DMAR MCFG
>> acpi0: wakeup devices P0P9(S1) EUSB(S4) USBE(S4) PEX0(S4) PWVE(S4)
>> PEX1(S4) PEX2(S4) PEX3(S4) PEX4(S4) PEX5(S4) PEX6(S4) PEX7(S4)
>> NPE1(S4) NPE2(S4) NPE3(S4) NPE4(S4) [...]
>> acpitimer0 at acpi0: 3579545 Hz, 24 bits
>> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
>> cpu0 at mainbus0: apid 0 (boot processor)
>> cpu0: Intel(R) Xeon(R) CPU E5-2609 v2 @ 2.50GHz, 2500.42 MHz
>> cpu0: 
>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS
>> cpu0: 256KB 64b/line 8-way L2 cache
>> cpu0: smt 0, core 0, package 0
>> mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
>> cpu0: apic clock running at 99MHz
>> cpu0: mwait min=64, max=64, C-substates=0.2.1.1.0, IBE
>> cpu1 at mainbus0: apid 2 (application processor)
>> cpu1: Intel(R) Xeon(R) CPU E5-2609 v2 @ 2.50GHz, 2499.99 MHz
>> cpu1: 
>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS
>> cpu1: 256KB 64b/line 8-way L2 cache
>> cpu1: smt 0, core 1, package 0
>> cpu2 at mainbus0: apid 4 (application processor)
>> cpu2: Intel(R) Xeon(R) CPU E5-2609 v2 @ 2.50GHz, 2500.00 MHz
>> cpu2: 
>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS
>> cpu2: 256KB 64b/line 8-way L2 cache
>> cpu2: smt 0, core 2, package 0
>> cpu3 at mainbus0: apid 6 (application processor)
>> cpu3: Intel(R) Xeon(R) CPU E5-2609 v2 @ 2.50GHz, 2500.00 MHz
>> cpu3: 
>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,DCA,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,A

Re: Panic: malloc: out of space in kmem_map

[Evgeniy Sudyr]

79876 85948 75577 0 11152 0 88
procpl   568   1183280   5012 0 012 0 83
processpl616   1183280   5014 0 014 0 84
zombiepl 144   11827800 1 0 0 1 0 81
ucredpl   96 39460   73 3 0 0 3 0 80
pgrppl40123570   25 1 0 0 1 0 80
sessionpl 64  3690   22 1 0 0 1 0 80
lockfpl   88 877503 1 0 0 1 0 80
filepl   120 437419685   0 3770 21640 21502 0   246 0 88
fdescpl  440   1183110   33 7 0 0 7 0 82
pipepl   120   1476460   14 2 0 0 2 0 80
kqueuepl 320 10940   10 2 0 0 2 0 80
knotepl  112 648140305   0 3686 13925 13800 0   214 0 84
sigapl   432   1183100   32 7 0 0 7 0 82
wqtasks   40  47700 1 0 0 1 0 81
ifaddritem64   390   39 1 0 0 1 0 80
scxspl   192  262677100 2 0 0 2 0 82
pfiaddrpl120804 1 0 0 1 0 80
ehcixfer 280  12906 1 0 0 1 0 80
namei   1024  839909000 3 0 0 3 0 83
vnodes   26425913025913  1728 0 0  1728 0 80
nchpl144  31705420 5922   220 0 0   220 0 80
ffsino   240  2304497025905  165030 0  1620 0 80
dino1pl  128  2304497025905   836 0 0   836 0 80
dirhash 1024 55990  255   864   800 0   219 0 80
pfrule  1336  1080   5831 0 031 0 87
pfstate  312 435832082   0   147392 564536 550614   0 16982 0 80
pfstkey  104 435957663   0   123762 144801 141211   0  4433 0 80
pfstitem  24 435787431   0   123762 15357 14515 0  1015 0 88
pfruleitem16 151715251   064225  2162  1819 0   413 0 88
pfrktable   1344   280   10 7 0 0 7 0 80
pfrke_plain  160   730   49 4 0 0 4 0 80
pfosfpen 112 28400  7106039 021 0 80
pfosfp40 16800  420 5 0 0 5 0 80
pffrent   40  34400 1 0 0 1 0 81
pffrag   112  17500 1 0 0 1 0221
strprocpl   2448   6000 2 0 0 2 0 82
strpolpl  48   3000 1 0 0 1 0 81
rtentpl  192  22519660   552430 2769141 0 27683 0 88
rtmask32   589106050251   408 0 0   408 0 80
rttmrpl   72  23359700 1500   11782 048 0 82
tcpcbpl  560 432751719   079760 107930 961180 12736 0 88
tcpqepl   32 100242953   0  406 9 0 0 9 0 84
sackhlpl  24 153853140  108 4 0 0 4 0 82
synpl248 145920650   0  940  2624  2545 0   111 0 88
plimitpl 152 30660   18 2 0 0 2 0 81
inpcbpl  360 432758797   079763 50904 43342 0  8102 0 88
pfsync724662200 1 0 0 1 0 81

In use 407355K, total allocated 0K; utilization inf%


Installed NICs em0-em7 are Intel I350-T4 (PCI-E), em8-em9 are I350 on board.

CPU

cpu0: Intel(R) Xeon(R) CPU E5-2609 v2 @ 2.50GHz, 2500.40 MHz
cpu1: Intel(R) Xeon(R) CPU E5-2609 v2 @ 2.50GHz, 2500.00 MHz
cpu2: Intel(R) Xeon(R) CPU E5-2609 v2 @ 2.50GHz, 2500.00 MHz
cpu3: Intel(R) Xeon(R) CPU E5-2609 v2 @ 2.50GHz, 2500.00 MHz


--
Evgeniy

On Sat, Apr 4, 2015 at 12:43 PM, Mark Kettenis  wrote:
>> Date: Sat, 4 Apr 2015 11:30:24 +0200
>> From: Evgeniy Sudyr 
>>
>> Sorry for delayed answer, I did both before:
>>
>> show uvmexp
>>
>> https://www.dropbox.com/sh/dwmjt7wwunhk5gb/AABTdTS98GLF2vRN56mn6knpa/Screen%20Shot%202015-04-02%20at%2011.37.20.png?dl=0
>> https://www.dropbox.com/sh/dwmjt7wwunhk5gb/AAAPsq3yPHI3w5u_-ViB-Elva/Screen%20Shot%202015-04-02%20at%2011.37.27.png?dl=0
>>
>> show all pools:
>>
>> https://www.dropbox.com/sh/dwmjt7wwunhk5gb/AAAbYVDgpH89Rh_g4Jl5ONOga/Screen%20Shot%202015-04-02%20at%2011.47.08.png?dl=0
>> https://www.dropbox.com/sh/dwmjt7wwunhk5gb/AACi9B7jT2gbmr1YQW

Re: Panic: malloc: out of space in kmem_map

[Evgeniy Sudyr]

How can I help identify this bug, so developers can fix it :)

On Sat, Apr 4, 2015 at 6:49 PM, Ted Unangst  wrote:
> Evgeniy Sudyr wrote:
>>   ACPI175742 18750K  18796K 78644K   5721140 0
>
> This looks rather high. I suspect a leak in the acpi code.
>



-- 
--
With regards,
Eugene Sudyr

Re: Panic: malloc: out of space in kmem_map

[Evgeniy Sudyr]

Thanks for paying attention to this issue!

[root@router2 ~]#  pstat -d ld acpi_nalloc ; date
acpi_nalloc at 0x81e0bf68: 10762059
Sun Apr  5 12:49:02 EEST 2015

[root@router2 ~]#  pstat -d ld acpi_nalloc ; date
acpi_nalloc at 0x81e0bf68: 10762059
Sun Apr  5 12:50:41 EEST 2015


Also uploaded sendbug output there
https://www.dropbox.com/s/g1lp3wcft2wriyg/sendbug.txt?dl=0

On Sun, Apr 5, 2015 at 12:16 AM, Ted Unangst  wrote:
> Evgeniy Sudyr wrote:
>> How can I help identify this bug, so developers can fix it :)
>
> Run sudo pstat -d ld acpi_nalloc; then wait some time and run it again. Though
> this looks like it could be a bug not in the OpenBSD ACPI code, but in the
> interpreted AML code.
>
> Debugging this over email is probably going to be hard. But if you use
> sendbug, it will include the output of acpidump, which may be helpful.
>
>
>>
>> On Sat, Apr 4, 2015 at 6:49 PM, Ted Unangst  wrote:
>> > Evgeniy Sudyr wrote:
>> >>   ACPI175742 18750K  18796K 78644K   5721140 0
>> >
>> > This looks rather high. I suspect a leak in the acpi code.
>
>



-- 
--
With regards,
Eugene Sudyr

Plans to support Intel X710-AM2 / XL710-AM1 / XL-710AM2 controllers

[Evgeniy Sudyr]

Hi,

any plans to support NICs based on Intel X710-AM2 / XL710-AM1 /
XL-710AM2 controllers (Formerly Fortville) in near future?

There are http://ark.intel.com/products/codename/44140/Fortville

I've found some commits in FreeBSD adding support to it back in Aug, 2014

https://svnweb.freebsd.org/base?view=revision&revision=269198
https://svnweb.freebsd.org/base/stable/10/sys/dev/ixl/

--
With regards,
Eugene Sudyr

Re: Panic: malloc: out of space in kmem_map

[Evgeniy Sudyr]

Stuart,

as part of troubleshooting, BIOS was upgraded from R 3.0 to latest R 3.2

http://www.supermicro.com/products/motherboard/Xeon/C600/X9SRW-F.cfm X9SRW5.115

How big chances are it hitted bug which was fixed in latest BIOS
relase and this will not occurs again? Did you noticed something we
can check with Supermicro support to make sure?

Many thanks!

--
Evgeniy



On Sun, Apr 5, 2015 at 1:35 PM, Stuart Henderson  wrote:
> On 2015/04/04 18:16, Ted Unangst wrote:
>> Evgeniy Sudyr wrote:
>> > How can I help identify this bug, so developers can fix it :)
>>
>> Run sudo pstat -d ld acpi_nalloc; then wait some time and run it again. 
>> Though
>> this looks like it could be a bug not in the OpenBSD ACPI code, but in the
>> interpreted AML code.
>
> The bios is old. There doesn't appear to be a changelog but it may be worth
> updating it, however there is always some risk in doing this..
>



-- 
--
With regards,
Eugene Sudyr

Re: NVM Express (NVMe) support status

[Evgeniy Sudyr]

Great news! I will make testing and will let you know how it works.

On Sat, Apr 16, 2016 at 12:18 AM, David Gwynne  wrote:
>
>> On 12 Feb 2016, at 7:01 PM, Evgeniy Sudyr  wrote:
>>
>> Hi all,
>>
>> I'm looking status of NVM Express support in -current (got Intel 750
>> consumer device
>> https://www-ssl.intel.com/content/www/us/en/solid-state-drives/solid-state-drives-750-series.html
>> for home desktop, but it looks like all devices are using the same
>> Specification).
>>
>> I found 2 commits of nvme_pci.c from @dlg there:
>>
>> http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/nvme_pci.c
>>
>> But commit message sounds work is abandoned, because of problems faced.
>>
>> I found specification exists there http://www.nvmexpress.org/specifications/
>>
>> It also works for me under Linux and NVMe driver is maintained by
>> Intel developer Matthew Wilcox.
>> https://github.com/torvalds/linux/tree/master/drivers/nvme
>>
>> Looks already implemented in FreeBSD (didn't tested yet):
>>
>> http://svnweb.freebsd.org/base/head/sys/dev/nvme/nvme.h?view=log&pathrev=240616
>> https://svnweb.freebsd.org/base/head/sys/dev/nvme/
>>
>> It will be great to get this "awesome fast" storage support in next
>> OpenBSD release(s).
>>
>> Anybody aware of any plans on this?
>
> it might work if you give it a go now.



-- 
--
With regards,
Eugene Sudyr

Can't change rtadvd route preference for the default route

[Evgeniy Sudyr]

Hi,

I want to change route preference for the default route in RA messages
which are sent to clients.

On 5.9 GENERIC.MP#1888 amd64 I do have rtadvd and changing rtflags in
rtadvd.conf doesn't changes

Default router Preference (it sends default value, where I define "l" = Low).

In config I have just two items set:

vlan6:\
   :raflags#64:\
   :rtflags="l":

raflags#64 (Other stateful configuration flag bit)
rtflags="l" (Low route preference for the route)

I'm always getting pref=medium for default router preference.

$ ndp -rn
fe80:::::5e0c%vlan0 if=vlan0, flags=O, pref=medium, expire=29m52s

However It works perfect for non-default route preference for the
route, but not default e.g.:

vlan6:\
   :raflags#64:rtflags="l":rtprefix="2001:1:1:1::":rtplen#64:

It will be great if someone can share working config options which
allows to change DRFAULT router preference RA message value.

--
With regards,
Eugene Sudyr

Re: Can't change rtadvd route preference for the default route

[Evgeniy Sudyr]

Jeremie, thank for paying attention to my post and explanation.

Finally I found that 0x58 (0x18 + 0x64) or :raflags#88: did what I
wanted - Other flag set and Default Router Preference set to Low (3).

Internet Control Message Protocol v6
Type: Router Advertisement (134)
Code: 0
Checksum: 0x06ee [correct]
Cur hop limit: 64
Flags: 0x58
0...  = Managed address configuration: Not set
.1..  = Other configuration: Set
..0.  = Home Agent: Not set
...1 1... = Prf (Default Router Preference): Low (3)
 .0.. = Proxy: Not set
 ..0. = Reserved: 0
Router lifetime (s): 1800
Reachable time (ms): 0
Retrans timer (ms): 0

As I see you also committed some changes to rtadvd.conf today, thank you again.

--
Evgeniy

On Wed, May 4, 2016 at 9:36 PM, Jeremie Courreges-Anglas  
wrote:
> Evgeniy Sudyr  writes:
>
>> Hi,
>>
>> I want to change route preference for the default route in RA messages
>> which are sent to clients.
>>
>> On 5.9 GENERIC.MP#1888 amd64 I do have rtadvd and changing rtflags in
>> rtadvd.conf doesn't changes
>>
>> Default router Preference (it sends default value, where I define "l" = Low).
>>
>> In config I have just two items set:
>>
>> vlan6:\
>>:raflags#64:\
>>:rtflags="l":
>>
>> raflags#64 (Other stateful configuration flag bit)
>> rtflags="l" (Low route preference for the route)
>
> I don't understand what "l" means here, rtadvd.conf(5) doesn't seem to
> mention this as a valid setting.
>
>> I'm always getting pref=medium for default router preference.
>>
>> $ ndp -rn
>> fe80:::::5e0c%vlan0 if=vlan0, flags=O, pref=medium, expire=29m52s
>>
>> However It works perfect for non-default route preference for the
>> route, but not default e.g.:
>>
>> vlan6:\
>>:raflags#64:rtflags="l":rtprefix="2001:1:1:1::":rtplen#64:
>>
>> It will be great if someone can share working config options which
>> allows to change DRFAULT router preference RA message value.
>
> As the rtflags description says, bits 4 and 3 are used to encode the
> preference.  "low" is 0x18 / 24.  :raflags#24: seems to do the trick
> here.
>
> Your mail points out three problems imo:
> - tcpdump doesn't show the preference
> - the documentation of raflags is lacking
> - it's a shame that raflags was used instead of a nicer config
>   abstraction.  I think :pref="low":managed#1: would be a bit easier
>   than playing with... bits.
>
> --
> jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE



-- 
--
With regards,
Eugene Sudyr

Re: ntpd tries to connect via ipv6

[Evgeniy Sudyr]

Sonic,

I can confirm same issue on -current when ntpd tries to use 
record to resolve constraints IP address.

Can you check and confirm if you don't have IPv6 address :)

I guess you should have at least link-local and loopback IPv6 addresses :)

ifconfig  | grep inet6
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3


# cat /etc/ntpd.conf
# $OpenBSD: ntpd.conf,v 1.14 2015/07/15 20:28:37 ajacoutot Exp $
#
# See ntpd.conf(5) and /etc/examples/ntpd.conf
#servers pool.ntp.org
#sensor *
constraints from "https://www.google.com";

# ntpd -d -s -v
ntp engine ready
set local clock to Tue May 31 20:51:36 EEST 2016 (offset 0.00s)
tls connect failed: 2a00:1450:401b:801::2004 (www.google.com):
connect: No route to host
no constraint reply from 2a00:1450:401b:801::2004 received in time,
next query 900s
constraint reply from 173.194.113.211: offset -0.803262

On Tue, May 31, 2016 at 6:36 PM, Sonic  wrote:
> Getting many such log entries:
> ===
> May 31 08:53:34 stargate ntpd[5702]: tls connect failed:
> 2607:f8b0:4009:808::2004 (www.google.com): connect: No route to host
> May 31 09:08:35 stargate ntpd[15803]: tls connect failed:
> 2607:f8b0:4009:808::2004 (www.google.com): connect: No route to host
> May 31 09:23:36 stargate ntpd[92515]: tls connect failed:
> 2607:f8b0:4009:808::2004 (www.google.com): connect: No route to host
> ===
>
> ntpd.conf has the line: constraints from "https://www.google.com";
>
> System has no ipv6 addresses. Unbound is resolving DNS server with "do-ip6: 
> no".
>
> resolv.conf uses "nameserver 127.0.0.1" (Unbound serving on this address)
>
> normal lookups (dig) only return the ipv4 address for www.google.com
>
> Why does ntpd attempt to connect on an ipv6 address?
>
> Thanks,
>
> Chris
>



-- 
--
With regards,
Eugene Sudyr

Re: NVM Express (NVMe) support status

[Evgeniy Sudyr]

Working for me my NVMe disk is Intel 750

http://www.intel.com/content/www/us/en/solid-state-drives/solid-state-drives-750-series.html
http://www.intel.com/content/dam/www/public/us/en/documents/product-specifications/ssd-750-spec.pdf

dmesg | grep -i nvme
nvme0 at pci1 dev 0 function 0 "Intel SSD DC P3700/P3600/P3500" rev
0x01: apic 2 int 16, NVMe 1.0
nvme0: INTEL SSDPE2MW012T4, firmware 8EV10174, serial CVCQ5222005G1P2DGN
scsibus0 at nvme0: 1 targets


I even did quick disk write performance testing (not analysed yet)

TEST #1
bonnie++ -u root -b -d /mnt -s 64g:128k -n 0

# iostat -w 5 sd0
  tty  sd0 cpu

 tin tout  KB/t  t/s  MB/s  us ni sy in id
   0   53 64.00 7953 497.06   0  0 12 11 77
   0   18 64.00 8267 516.72   0  0 13 11 76
   0   18 64.00 8586 536.64   0  0 13 11 75
   0   18 64.00 8638 539.90   0  0 14 13 73

TEST #2
dd if=/dev/zero of=/mnt/test bs=10M count=10 conv=sync
7490+0 records in
7489+0 records out
78527856640 bytes transferred in 72.323 secs (1085792228 bytes/sec)

iostat -w 5 sd0
  tty  sd0 cpu
 tin tout  KB/t  t/s  MB/s  us ni sy in id
   0   53 64.00 16092 1005.78   1  0 14 22 63
   0   19 64.00 16741 1046.27   1  0 15 24 59
   0   19 64.00 16619 1038.70   1  0 17 24 58
   0   19 64.00 16610 1038.10   1  0 17 24 58
   0   19 64.00 16582 1036.38   1  0 18 24 57
   0   19 64.00 16402 1025.11   1  0 17 24 58
   0   19 64.00 16371 1023.14   1  0 14 24 61
   0   19 64.00 16646 1040.38   1  0 15 24 61

Looks good so far for me for start.

Thanks dlg@ !

On Tue, Apr 19, 2016 at 10:14 AM, Evgeniy Sudyr  wrote:
> Great news! I will make testing and will let you know how it works.
>
> On Sat, Apr 16, 2016 at 12:18 AM, David Gwynne  wrote:
>>
>>> On 12 Feb 2016, at 7:01 PM, Evgeniy Sudyr  wrote:
>>>
>>> Hi all,
>>>
>>> I'm looking status of NVM Express support in -current (got Intel 750
>>> consumer device
>>> https://www-ssl.intel.com/content/www/us/en/solid-state-drives/solid-state-drives-750-series.html
>>> for home desktop, but it looks like all devices are using the same
>>> Specification).
>>>
>>> I found 2 commits of nvme_pci.c from @dlg there:
>>>
>>> http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/nvme_pci.c
>>>
>>> But commit message sounds work is abandoned, because of problems faced.
>>>
>>> I found specification exists there http://www.nvmexpress.org/specifications/
>>>
>>> It also works for me under Linux and NVMe driver is maintained by
>>> Intel developer Matthew Wilcox.
>>> https://github.com/torvalds/linux/tree/master/drivers/nvme
>>>
>>> Looks already implemented in FreeBSD (didn't tested yet):
>>>
>>> http://svnweb.freebsd.org/base/head/sys/dev/nvme/nvme.h?view=log&pathrev=240616
>>> https://svnweb.freebsd.org/base/head/sys/dev/nvme/
>>>
>>> It will be great to get this "awesome fast" storage support in next
>>> OpenBSD release(s).
>>>
>>> Anybody aware of any plans on this?
>>
>> it might work if you give it a go now.
>
>
>
> --
> --
> With regards,
> Eugene Sudyr



-- 
--
With regards,
Eugene Sudyr

Re: Packet loss on traffic flowing between VLANs

[Evgeniy Sudyr]

Tim,

from your problem description I can suggest you to check if you are not hitting

states hard limit with (note - during load when you can reproduce issue):

pfctl -si
pfctl -sm

Default limit is: stateshard limit1

--
Evgeniy

On Thu, Jun 2, 2016 at 3:29 AM, Tim Korn  wrote:
> Hi.  I have a pair of openBSD boxes (5.8) setup as a core/firewall.  I have
> ten VLANs tied to a physical NIC (Intel 82599).  This is a new setup and it
> was just recently put in service.  Traffic was fine (or at least we didn't
> notice any issues) until a large job was run which roughly doubled traffic
> going thru the firewall.  Traffic rate is still extremely low... roughly 2k
> packets per second on the interface in question and around 20Mb.  I have
> other identical openBSD boxes that don't use VLANs, and they pass multiple
> gigs of traffic per second, so I'm having a hard time not leaning towards
> it being a VLAN issue, however I don't know where to look to prove it.
>
> If a host in vlan100 pings a host in vlan101 I see packet loss on the first
> few packets, than all subsequent packets pass.  Stopping and restarting the
> ping results in the same thingfirst few pings lost, then responses and
> never fail again until the ping is stopped and restarted.  We see this
> behavior with pretty much any new connection.  I can replicate it
> consistently with ICMP, TCP, and UDP traffic.
>
> PF ruleset is quite basic.  Simple *pass in* rules on the VLANs and *pass
> out* is allowed on all interfaces.  icmp has a rule at the top saying "pass
> log quick proto icmp".  i really don't think theres a pf issue of any kind.
>
> I've run a tcpdump to confirm that packets come in on vlan100, and never
> leave vlan101.  Here is an example:
>
> Ping from host in vlan100 (you can see the seq start at 9.  first 8
> never left the firewall):
> [root@pakkit ~]# ping 10.95.1.50
> PING 10.95.1.50 (10.95.1.50) 56(84) bytes of data.
> 64 bytes from 10.95.1.50: icmp_seq=9 ttl=63 time=0.263 ms
> 64 bytes from 10.95.1.50: icmp_seq=10 ttl=63 time=0.341 ms
> 64 bytes from 10.95.1.50: icmp_seq=11 ttl=63 time=0.335 ms
> 64 bytes from 10.95.1.50: icmp_seq=12 ttl=63 time=0.348 ms
> 64 bytes from 10.95.1.50: icmp_seq=13 ttl=63 time=0.348 ms
>
>
>
> tcpdump on vlan100 showing 13 echo requests:
> [root@pci-ny2-fw1:~ (master)] tcpdump -neti vlan100 host 10.95.0.5 and
> host 10.95.1.50
> tcpdump: listening on vlan100, link-type EN10MB
> 00:0c:29:16:f7:bf 00:00:5e:00:01:64 0800 98: 10.95.0.5 > 10.95.1.50:
> icmp: echo request (DF)
> 00:0c:29:16:f7:bf 00:00:5e:00:01:64 0800 98: 10.95.0.5 > 10.95.1.50:
> icmp: echo request (DF)
> 00:0c:29:16:f7:bf 00:00:5e:00:01:64 0800 98: 10.95.0.5 > 10.95.1.50:
> icmp: echo request (DF)
> 00:0c:29:16:f7:bf 00:00:5e:00:01:64 0800 98: 10.95.0.5 > 10.95.1.50:
> icmp: echo request (DF)
> 00:0c:29:16:f7:bf 00:00:5e:00:01:64 0800 98: 10.95.0.5 > 10.95.1.50:
> icmp: echo request (DF)
> 00:0c:29:16:f7:bf 00:00:5e:00:01:64 0800 98: 10.95.0.5 > 10.95.1.50:
> icmp: echo request (DF)
> 00:0c:29:16:f7:bf 00:00:5e:00:01:64 0800 98: 10.95.0.5 > 10.95.1.50:
> icmp: echo request (DF)
> 00:0c:29:16:f7:bf 00:00:5e:00:01:64 0800 98: 10.95.0.5 > 10.95.1.50:
> icmp: echo request (DF)
> 00:0c:29:16:f7:bf 00:00:5e:00:01:64 0800 98: 10.95.0.5 > 10.95.1.50:
> icmp: echo request (DF)
> 24:6e:96:04:1b:d8 00:0c:29:16:f7:bf 0800 98: 10.95.1.50 > 10.95.0.5:
> icmp: echo reply
> 00:0c:29:16:f7:bf 00:00:5e:00:01:64 0800 98: 10.95.0.5 > 10.95.1.50:
> icmp: echo request (DF)
> 24:6e:96:04:1b:d8 00:0c:29:16:f7:bf 0800 98: 10.95.1.50 > 10.95.0.5:
> icmp: echo reply
> 00:0c:29:16:f7:bf 00:00:5e:00:01:64 0800 98: 10.95.0.5 > 10.95.1.50:
> icmp: echo request (DF)
> 24:6e:96:04:1b:d8 00:0c:29:16:f7:bf 0800 98: 10.95.1.50 > 10.95.0.5:
> icmp: echo reply
> 00:0c:29:16:f7:bf 00:00:5e:00:01:64 0800 98: 10.95.0.5 > 10.95.1.50:
> icmp: echo request (DF)
> 24:6e:96:04:1b:d8 00:0c:29:16:f7:bf 0800 98: 10.95.1.50 > 10.95.0.5:
> icmp: echo reply
> 00:0c:29:16:f7:bf 00:00:5e:00:01:64 0800 98: 10.95.0.5 > 10.95.1.50:
> icmp: echo request (DF)
> 24:6e:96:04:1b:d8 00:0c:29:16:f7:bf 0800 98: 10.95.1.50 > 10.95.0.5:
> icmp: echo reply
> ^C
> 1049 packets received by filter
> 0 packets dropped by kernel
>
>
> tcpdump on vlan101 showing only 5 echo requests:
> [root@pci-ny2-fw1:/etc/ (master)] tcpdump -neti vlan101 host 10.95.0.5
> and host 10.95.1.50
> tcpdump: listening on vlan101, link-type EN10MB
> 24:6e:96:04:1b:d8 24:6e:96:04:1c:84 0800 98: 10.95.0.5 > 10.95.1.50:
> icmp: echo request (DF)
> 24:6e:96:04:1c:84 00:00:5e:00:01:65 0800 98: 10.95.1.50 > 10.95.0.5:
> icmp: echo reply
> 24:6e:96:04:1b:d8 24:6e:96:04:1c:84 0800 98: 10.95.0.5 > 10.95.1.50:
> icmp: echo request (DF)
> 24:6e:96:04:1c:84 00:00:5e:00:01:65 0800 98: 10.95.1.50 > 10.95.0.5:
> icmp: echo reply
> 24:6e:96:04:1b:d8 24:6e:96:04:1c:84 0800 98: 10.95.0.5 > 10.95.1.50:
> icmp: echo request (DF)
> 24:6e:96:04:1c:84 00:00:5e:00:01:65 0800 98: 10.95.1.50 > 10.95.0.5:
> icmp: echo reply
> 24:6e:96:04

Re: Packet loss on traffic flowing between VLANs

[Evgeniy Sudyr]

Good to know it helped,

probably you also need check for "set optimization aggressive" it will
also reduce number of states if it works for your use cases.

--
Evgeniy

On Thu, Jun 2, 2016 at 2:40 PM, Tim Korn  wrote:
> Hi Evgeniy,
> Thank you for your reply.  The states hard limit was the problem.  The
> default limit is quite low :)
>
>
> --
> Tim Korn
> Network Ninja
>
>
> On Thu, Jun 2, 2016 at 3:48 AM, Evgeniy Sudyr  wrote:
>>
>> Tim,
>>
>> from your problem description I can suggest you to check if you are not
>> hitting
>>
>> states hard limit with (note - during load when you can reproduce issue):
>>
>> pfctl -si
>> pfctl -sm
>>
>> Default limit is: stateshard limit1
>>
>> --
>> Evgeniy
>>
>> On Thu, Jun 2, 2016 at 3:29 AM, Tim Korn  wrote:
>> > Hi.  I have a pair of openBSD boxes (5.8) setup as a core/firewall.  I
>> > have
>> > ten VLANs tied to a physical NIC (Intel 82599).  This is a new setup and
>> > it
>> > was just recently put in service.  Traffic was fine (or at least we
>> > didn't
>> > notice any issues) until a large job was run which roughly doubled
>> > traffic
>> > going thru the firewall.  Traffic rate is still extremely low... roughly
>> > 2k
>> > packets per second on the interface in question and around 20Mb.  I have
>> > other identical openBSD boxes that don't use VLANs, and they pass
>> > multiple
>> > gigs of traffic per second, so I'm having a hard time not leaning
>> > towards
>> > it being a VLAN issue, however I don't know where to look to prove it.
>> >
>> > If a host in vlan100 pings a host in vlan101 I see packet loss on the
>> > first
>> > few packets, than all subsequent packets pass.  Stopping and restarting
>> > the
>> > ping results in the same thingfirst few pings lost, then responses
>> > and
>> > never fail again until the ping is stopped and restarted.  We see this
>> > behavior with pretty much any new connection.  I can replicate it
>> > consistently with ICMP, TCP, and UDP traffic.
>> >
>> > PF ruleset is quite basic.  Simple *pass in* rules on the VLANs and
>> > *pass
>> > out* is allowed on all interfaces.  icmp has a rule at the top saying
>> > "pass
>> > log quick proto icmp".  i really don't think theres a pf issue of any
>> > kind.
>> >
>> > I've run a tcpdump to confirm that packets come in on vlan100, and never
>> > leave vlan101.  Here is an example:
>> >
>> > Ping from host in vlan100 (you can see the seq start at 9.  first 8
>> > never left the firewall):
>> > [root@pakkit ~]# ping 10.95.1.50
>> > PING 10.95.1.50 (10.95.1.50) 56(84) bytes of data.
>> > 64 bytes from 10.95.1.50: icmp_seq=9 ttl=63 time=0.263 ms
>> > 64 bytes from 10.95.1.50: icmp_seq=10 ttl=63 time=0.341 ms
>> > 64 bytes from 10.95.1.50: icmp_seq=11 ttl=63 time=0.335 ms
>> > 64 bytes from 10.95.1.50: icmp_seq=12 ttl=63 time=0.348 ms
>> > 64 bytes from 10.95.1.50: icmp_seq=13 ttl=63 time=0.348 ms
>> >
>> >
>> >
>> > tcpdump on vlan100 showing 13 echo requests:
>> > [root@pci-ny2-fw1:~ (master)] tcpdump -neti vlan100 host 10.95.0.5 and
>> > host 10.95.1.50
>> > tcpdump: listening on vlan100, link-type EN10MB
>> > 00:0c:29:16:f7:bf 00:00:5e:00:01:64 0800 98: 10.95.0.5 > 10.95.1.50:
>> > icmp: echo request (DF)
>> > 00:0c:29:16:f7:bf 00:00:5e:00:01:64 0800 98: 10.95.0.5 > 10.95.1.50:
>> > icmp: echo request (DF)
>> > 00:0c:29:16:f7:bf 00:00:5e:00:01:64 0800 98: 10.95.0.5 > 10.95.1.50:
>> > icmp: echo request (DF)
>> > 00:0c:29:16:f7:bf 00:00:5e:00:01:64 0800 98: 10.95.0.5 > 10.95.1.50:
>> > icmp: echo request (DF)
>> > 00:0c:29:16:f7:bf 00:00:5e:00:01:64 0800 98: 10.95.0.5 > 10.95.1.50:
>> > icmp: echo request (DF)
>> > 00:0c:29:16:f7:bf 00:00:5e:00:01:64 0800 98: 10.95.0.5 > 10.95.1.50:
>> > icmp: echo request (DF)
>> > 00:0c:29:16:f7:bf 00:00:5e:00:01:64 0800 98: 10.95.0.5 > 10.95.1.50:
>> > icmp: echo request (DF)
>> > 00:0c:29:16:f7:bf 00:00:5e:00:01:64 0800 98: 10.95.0.5 > 10.95.1.50:
>> > icmp: echo request (DF)
>> > 00:0c:29:16:f7:bf 00:00:5e:00:01:64 0800 98: 10.95.0.5 > 10.95.1.50:
>> > icmp: echo request (DF)
>> > 24:6e:96:04:1b:d8 00:0c:29:16:f7:bf 0800 98: 10.95.1.50 > 10.95.0.5:
>> > 

OpenBSD isakmpd and OS X El Capitan client

[Evgeniy Sudyr]

  Payload length: 56
Domain of interpretation: IPSEC (1)
Situation: 0001
Type Payload: Proposal (2) # 1
Next payload: NONE / No Next Payload  (0)
Payload length: 44
Proposal number: 1
Protocol ID: ISAKMP (1)
SPI Size: 0
Proposal transforms: 1
Type Payload: Transform (3) # 9
Next payload: NONE / No Next Payload  (0)
Payload length: 36
Transform number: 9
Transform ID: KEY_IKE (1)
Transform IKE Attribute Type (t=11,l=2) Life-Type : Seconds
Transform IKE Attribute Type (t=12,l=2) Life-Duration : 3600
Transform IKE Attribute Type (t=1,l=2)
Encryption-Algorithm : AES-CBC
Transform IKE Attribute Type (t=14,l=2) Key-Length : 256
Transform IKE Attribute Type (t=3,l=2)
Authentication-Method : PSK
Transform IKE Attribute Type (t=2,l=2) Hash-Algorithm : SHA
Transform IKE Attribute Type (t=4,l=2)
Group-Description : Alternate 1024-bit MODP group
Type Payload: Vendor ID (13) : Unknown Vendor ID
Next payload: Vendor ID (13)
Payload length: 20
Vendor ID: b8f26eaa4cbf1b9a150a3f12dd64d183
Vendor ID: Unknown Vendor ID
Type Payload: Vendor ID (13) : draft-ietf-ipsec-nat-t-ike-02\n
Next payload: Vendor ID (13)
Payload length: 20
Vendor ID: 90cb80913ebb696e086381b5ec427b1f
Vendor ID: draft-ietf-ipsec-nat-t-ike-02\n
Type Payload: Vendor ID (13) : draft-ietf-ipsec-nat-t-ike-03
Next payload: Vendor ID (13)
Payload length: 20
Vendor ID: 7d9419a65310ca6f2c179d9215529d56
Vendor ID: draft-ietf-ipsec-nat-t-ike-03
Type Payload: Vendor ID (13) : RFC 3947 Negotiation of
NAT-Traversal in the IKE
Next payload: Vendor ID (13)
Payload length: 20
Vendor ID: 4a131c81070358455c5728f20e95452f
Vendor ID: RFC 3947 Negotiation of NAT-Traversal in the IKE
Type Payload: Vendor ID (13) : RFC 3706 DPD (Dead Peer Detection)
Next payload: NONE / No Next Payload  (0)
Payload length: 20
Vendor ID: afcad71368a1f1c96b8696fc77570100
Vendor ID: RFC 3706 DPD (Dead Peer Detection)


I tried all proposals from dump I got from both client packets and
server site with no luck.

Anybody have success with OS X client and isakmpd? It will be nice to
see working main and quick config parts.


-- 
--
With regards,
Evgeniy Sudyr

Re: DynDNS client

[Evgeniy Sudyr]

Hi Laurence,

I'm using ipcheck-0.207p5 which is  fully compliant DynDNS.org client.

--
With regards,
Eugene Sudyr

On 4/16/2012 7:00 PM, Laurence Rochfort wrote:

Hello,

Is there a DynDNS client for OpenBSD?

Cheers,
Laurence.

Cyrus-SASL2-mysql problem on 4.2

[Evgeniy Sudyr]

Hello misc,

I installed cyrus-sasl-2.1.22p1-mysql from packages and trying make it
working, but during testsaslauthd queries I not get any results :(.
I enabled log queries in mysql but there is no connection attempts
from saslauthd to needed table (no connection, no auth, nothing).


As described in documentation I created smtpd.conf and pit it to
needed dir.

# cat /usr/local/lib/sasl2/smtpd.conf
pwcheck_method: auxprop
auxprop_plugin: sql
sql_engine: mysql
mech_list: PLAIN LOGIN
sql_user: postfix
sql_passwd: postfix
sql_hostnames: localhost
sql_database: postfix
sql_statement: SELECT password FROM mailbox WHERE username = '%u'
sql_verbose: yes
 
# saslauthd -d -a getpwent
saslauthd[19646] :main: num_procs  : 5
saslauthd[19646] :main: mech_option: NULL
saslauthd[19646] :main: run_path   : /var/sasl2
saslauthd[19646] :main: auth_mech  : getpwent
saslauthd[19646] :ipc_init: using accept lock file: 
/var/sasl2/mux.accept
saslauthd[19646] :detach_tty  : master pid is: 0
saslauthd[19646] :ipc_init: listening on socket: /var/sasl2/mux
saslauthd[19646] :main: using process model
saslauthd[19646] :have_baby   : forked child: 8299
saslauthd[8299] :get_accept_lock : acquired accept lock
saslauthd[19646] :have_baby   : forked child: 14091
saslauthd[19646] :have_baby   : forked child: 21287
saslauthd[19646] :have_baby   : forked child: 12263
 
# testsaslauthd -s smtpd -u eject -p mypassword
0: NO "authentication failed"
# testsaslauthd -u eject -p mypassword
0: NO "authentication failed"


 
===
In saslauthd debug output after query
1.
saslauthd[14091] :get_accept_lock : acquired accept lock
saslauthd[8299] :rel_accept_lock : released accept lock
saslauthd[8299] :do_auth : auth failure: [user=eject] [service=smtpd] 
[realm=] [mech=getpwent] [reason=Unknown]
saslauthd[8299] :do_request  : response: NO
saslauthd[8299] :do_auth : auth failure: [user=eject][service=imapd] 
[realm=] [mech=getpwent] [reason=Unknown]
saslauthd[8299] :do_request  : response: NO
 
 
# tail -f /var/mysql/query.log

nothing related to my queries

After this I run saslauthd with ktrace to see what files it read when
it runs. During running ktrace I run some queries.

# ktrace saslauthd -d -a getpwent
saslauthd[7962] :main: num_procs  : 5
saslauthd[7962] :main: mech_option: NULL
saslauthd[7962] :main: run_path   : /var/sasl2
saslauthd[7962] :main: auth_mech  : getpwent
saslauthd[7962] :ipc_init: using accept lock file: /var/sasl2/mux.accept
saslauthd[7962] :detach_tty  : master pid is: 0
saslauthd[7962] :ipc_init: listening on socket: /var/sasl2/mux
saslauthd[7962] :main: using process model
saslauthd[7962] :have_baby   : forked child: 23867
saslauthd[23867] :get_accept_lock : acquired accept lock
saslauthd[7962] :have_baby   : forked child: 16377
saslauthd[7962] :have_baby   : forked child: 24519
saslauthd[7962] :have_baby   : forked child: 28716

I discovered (see below) that saslauthd not looking for smtpd.conf during it :(
why?

# kdump | grep NAMI
  7962 ktrace   NAMI  "/sbin/saslauthd"
  7962 ktrace   NAMI  "/usr/sbin/saslauthd"
  7962 ktrace   NAMI  "/bin/saslauthd"
  7962 ktrace   NAMI  "/usr/bin/saslauthd"
  7962 ktrace   NAMI  "/usr/X11R6/bin/saslauthd"
  7962 ktrace   NAMI  "/usr/local/sbin/saslauthd"
  7962 saslauthd NAMI  "/usr/libexec/ld.so"
  7962 saslauthd NAMI  "/var/run/ld.so.hints"
  7962 saslauthd NAMI  "/usr/lib/libcrypto.so.13.0"
  7962 saslauthd NAMI  "/usr/lib/libc.so.41.0"
  7962 saslauthd NAMI  "/usr/lib/libcom_err.so.16.0"
  7962 saslauthd NAMI  "/usr/lib/libkrb5.so.16.0"
  7962 saslauthd NAMI  "/usr/lib/libasn1.so.16.0"
  7962 saslauthd NAMI  "/usr/lib/libgssapi.so.5.0"
  7962 saslauthd NAMI  "/etc/malloc.conf"
  7962 saslauthd NAMI  "/dev/log"
  7962 saslauthd NAMI  "/etc/localtime"
  7962 saslauthd NAMI  "/etc/localtime"
  7962 saslauthd NAMI  "/var/sasl2"
  7962 saslauthd NAMI  "/var/sasl2/saslauthd.pid.lock"
  7962 saslauthd NAMI  "/var/sasl2/mux.accept"
  7962 saslauthd NAMI  "/var/sasl2/mux"
  7962 saslauthd NAMI  "/var/sasl2/mux"
  7962 saslauthd NAMI  "/var/sasl2/mux"
  7962 saslauthd NAMI  "/var/sasl2/saslauthd.pid.lock"
  7962 saslauthd NAMI  "/var/sasl2/mux.accept"
  7962 saslauthd NAMI  "/var/sasl2/mux"

I will be sincerely thankful if  anybody advice what's wrong in my
case.

-- 
Best regards,
 Evgeniy  mailto:[EMAIL PROTECTED]

Terrible messages in /var/log/messages

[Evgeniy Sudyr]

Hello misc,

 After boot I see alot of terrible messages in /var/log/messages which
 are added to it every second.

 It look like driver bug. Maybe somebody can help resolve this
 problem.

 content of /var/run/dmsg.boot

OpenBSD 4.2 (GENERIC) #375: Tue Aug 28 10:38:44 MDT 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Pentium(R) 4 CPU 2.93GHz ("GenuineIntel" 686-class) 2.94 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT
 ,TM,SBF,SSE3,MWAIT,DS-CPL,CNXT-ID,xTPR
real mem  = 527790080 (503MB)
avail mem = 502685696 (479MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 01/23/06, BIOS32 rev. 0 @ 0xf0010, SMBIOS 
rev. 2.4 @ 0xf04d0 (45 entries)
bios0: vendor American Megatrends Inc. version "3.28" date 01/23/2006
bios0: Compaq Presario 061 PJ534AA-ABA SR1250NX NA440
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
apm0: flags 30102 dobusy 0 doidle 1
pcibios0 at bios0: rev 2.1 @ 0xf/0x1
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf8c60/304 (17 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82801FB LPC" rev 0x00)
pcibios0: PCI bus #2 is the last bus
bios0: ROM list: 0xc/0xa400!
cpu0 at mainbus0
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82915G/P/GV Host" rev 0x04
vga1 at pci0 dev 2 function 0 "Intel 82915G/P/GV Video" rev 0x04: aperture at 
0xd000, size 0x1000
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
azalia0 at pci0 dev 27 function 0 "Intel 82801FB HD Audio" rev 0x03: irq 10
azalia0: host: High Definition Audio rev. 1.0
azalia0: codec: Realtek ALC880 (rev. 5.0), HDA version 0.9
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 82801FB PCIE" rev 0x03
pci1 at ppb0 bus 1
uhci0 at pci0 dev 29 function 0 "Intel 82801FB USB" rev 0x03: irq 11
uhci1 at pci0 dev 29 function 1 "Intel 82801FB USB" rev 0x03: irq 3
uhci2 at pci0 dev 29 function 2 "Intel 82801FB USB" rev 0x03: irq 5
uhci3 at pci0 dev 29 function 3 "Intel 82801FB USB" rev 0x03: irq 10
ehci0 at pci0 dev 29 function 7 "Intel 82801FB USB" rev 0x03: irq 11
ehci0: timed out waiting for BIOS
usb0 at ehci0: USB revision 2.0
uhub0 at usb0: Intel EHCI root hub, rev 2.00/1.00, addr 1
ppb1 at pci0 dev 30 function 0 "Intel 82801BA AGP" rev 0xd3
pci2 at ppb1 bus 2
"VIA VT6306 FireWire" rev 0x80 at pci2 dev 1 function 0 not configured
rl0 at pci2 dev 2 function 0 "Realtek 8139" rev 0x10: irq 6, address 
00:11:2f:d7:ff:29
rlphy0 at rl0 phy 0: RTL internal PHY
sis0 at pci2 dev 3 function 0 "NS DP83815 10/100" rev 0x00, DP83815C: irq 3, 
address 00:a0:cc:a1:60:bb
nsphyter0 at sis0 phy 0: DP83815 10/100 PHY, rev. 1
ichpcib0 at pci0 dev 31 function 0 "Intel 82801FB LPC" rev 0x03: PM disabled
pciide0 at pci0 dev 31 function 2 "Intel 82801FB SATA" rev 0x03: DMA, channel 0 
wired to compatibility, channel 1 wir 
ed to compatibility
wd0 at pciide0 channel 1 drive 0: 
wd0: 16-sector PIO, LBA48, 114473MB, 234441648 sectors
atapiscsi0 at pciide0 channel 1 drive 1
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0 5/cdrom 
removable
wd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 5
cd0(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 2
ichiic0 at pci0 dev 31 function 3 "Intel 82801FB SMBus" rev 0x03: irq 10
iic0 at ichiic0
adt0 at iic0 addr 0x2e: sch5017 rev 0x89
usb1 at uhci0: USB revision 1.0
uhub1 at usb1: Intel UHCI root hub, rev 1.00/1.00, addr 1
usb2 at uhci1: USB revision 1.0
uhub2 at usb2: Intel UHCI root hub, rev 1.00/1.00, addr 1
usb3 at uhci2: USB revision 1.0
uhub3 at usb3: Intel UHCI root hub, rev 1.00/1.00, addr 1
usb4 at uhci3: USB revision 1.0
uhub4 at usb4: Intel UHCI root hub, rev 1.00/1.00, addr 1
isa0 at ichpcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
midi0 at pcppi0: 
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
biomask ff3d netmask ff7d ttymask 
pctr: user-level cycle counter enabled
mtrr: Pentium Pro MTRR support
ichiic0: exec: op 1, addr 0x2e, cmdlen 1, len 1, flags 0x00: timeout, status 
0x40
ichiic0: abort failed, status 0x42
ichiic0: exec: op 1, addr 0x2e, cmdlen 1, len 1, flags 0x00: timeout, status 0x0
ichiic0: abort failed, status 0x42
umass0 at uhub4 port 1 configuration 1 interface 0
umass0: vendor 0x058f USB Reader, rev 1.10/1.00, addr 2
umass0: using SCSI over Bulk-Only
scsibus1 at umass0: 2 targets
sd0 at scsibus1 targ 1 lun 0:  SCSI0 0/direct 
removable
sd0: drive offline
sd1 at scsibus1 targ 1 lun 1:  SCSI0 0/direct 
removable
sd1: drive offline
sd2 at scsibus1 targ 1 lun 2:  SCSI0 0/direct 
removable
sd2: drive offline
sd3 at scsibus1 

Re: ipsec vpn openbsd 4.2 / netgear DG834

[Evgeniy Sudyr]

Hello jcr,

Friday, November 23, 2007, 5:36:30 PM, you wrote:

> k .
> here i go

> i have red the misc list upside/down and right to left , but i can't 
> find a solution to my problhme

> Here is the LAn/WAn network


192.168.0/24(lan)-->>Netgear DG 834 (adsl + NAT + ipsec +ip fix A)
>   |
>   <---WEB--->
>|
>   Openbsd 4.2 
> (ipsec.conf+isakmpd.policy+ip fix B+ NAT) --> 10.7.22.0/24(lan)
>   
>   
> Very simple : lan to lan VPN between 2 GW (DH834 & Obsd)


> Here are the conf :

> netgear :

> local lan : 192.168.0.0/24
> remote lan : 10.7.22.0/24
> IKE :
> direction : initiator & respond
> mode : main
> diffie-Hellman : Groupe 2 (1024)
> local id : IP wan
> remote id: IP

> Params
> Crypto algo : 3DES
> Algo auth : SHA-1
> pre shared key : 123456789
> SA life time : 36000
> active PFS


> Openbsd :
> ipsec.conf

> ike dynamic esp tunnel from IP_B to IP_A \
>   main auth hmac-sha1 enc 3des group modp1024 \
>   quick auth hmac-sha1 enc 3des group modp1024 \
>   psk 123456789
> ike dynamic esp tunnel from 10.7.22.0/24 to 192.168.0.0/24 peer IP_A \
>   main auth hmac-sha1 enc 3des group modp1024 \
>   quick auth hmac-sha1 enc 3des group modp1024 \
>   psk 123456789

> i have tried passive & dynamic for ike esp .. it's the same

> isakmpd.policy

> KeyNote-Version: 2
> Authorizer: "POLICY"

> pf.conf

> pass in quick on $ext_if1 proto udp from $IP_A to $IP_B port {500,4500}
> pass out quick on $ext_if1 proto udp from $IP_B to $IP_A port {500,4500}

> pass in quick on $IP_B proto esp from $IP_A to $IP_B
> pass out quick on $IP_B proto esp from $IP_B to $IP_A

> pass in quick on enc0 proto ipencap from $IP_A to $IP_B keep state 
> (if-bound)
> pass out quick on enc0 proto ipencap from $IP_B to $IP_A keep state 
> (if-bound)

> pass in quick on enc0 from 192.168.0.0/24 to 10.7.22.0/24 keep state 
> (if-bound)
> pass out quick on enc0 from 10.7.22.0/24 to 192.168.0.0/24 keep state 
> (if-bound)


> i have a rule for nat on $IP_B


> enc0 is up and running

> i start my vpn with

> isakmpd -dv -D 8=99


> And Finally here is the Trouble , i got this on isakmpd console

> 151330.400513 Negt 30 message_negotiate_sa: transform 0 proto 1 proposal
> 0 ok
> 151330.400933 Negt 20 ike_phase_1_validate_prop: success
> 151330.401046 Negt 30 message_negotiate_sa: proposal 0 succeeded
> 151357.435134 Default transport_send_messages: giving up on exchange 
> peer-IP_A, no response from peer IP_A:500

> And this on the DG834

> Fri, 2007-11-23 14:13:30 - [idle] initiating Main Mode
> Fri, 2007-11-23 14:13:40 - [idle] STATE_MAIN_I1: retransmission; will 
> wait 20s for response
> Fri, 2007-11-23 14:14:00 - [idle] STATE_MAIN_I1: retransmission; will 
> wait 40s for response
> Fri, 2007-11-23 14:14:40 - [idle] max number of retransmissions reached
> STATE_MAIN_I1.  No acceptable response to our first IKE message


> and then i have this sequence always and always


> I can't find where is the trouble 

> i have tried with tcpdump... with : echo "p on" > /var/run/isakmpd.fif
> and tcpdump -r /var/run/isakmpd.pcap -vvn

> But i find nothing revelant...


> HELP would be welcome !

> I can give the TCPdump ouput ... but this mail is long enough for the 
> moment 

> JC

And what about your firewall ? Maybe it blocks incoming packets?
Another idea - maybe your provider block IKE messages?

Check this first :)

-- 
Best regards,
 Evgeniymailto:[EMAIL PROTECTED]

Re: Traffic accounting software

[Evgeniy Sudyr]

Hello Yuri,

Thursday, November 22, 2007, 2:56:14 PM, you wrote:

> Hello, misc.

> Can anyone share success story about traffic accounting on OpenBSD?

> I want to implement this on my router connecting office network to ISP.
> Currently I run Squid with SARG but non-HTTP traffic is left outside the
> statistics.

> I need following features:
> - counting all traffic going in/out ISP interface;
> - web interface/gui client;
> - reports by day/week/month/custom total traffic in/out;
> - reports by src/dst/service traffic consumption;
> - reports by top downloaders;

> All I found so far is either linux software or just flow collectors 
> without any web interface or reports system.

> Absolutely any help appreciated.

> Thanks in advance.

> --
> Yuri A. Spirin

Try use Netflow to build your local accounting system. I played with
pfflowd and flow-tools + mysql (as storage engine)

Read my real example there 
http://sudyr.blogspot.com/2007/11/traffic-accounting-with-flow-tools-and_20.html

-- 
Best regards,
 Evgeniymailto:[EMAIL PROTECTED]

Unsupported Card reader on TOSHIBA Satellite P105

[Evgeniy Sudyr]

Hello misc,

Now almost all works on my laptop -current! Great!

Only one device which I can't use is Card reader (embeded into
laptop).

I see in dmesg output that it isn't supported :( maybe it's possible
make it working ?

"TI PCIXX12 Multimedia Card Reader" rev 0x00 at pci4 dev 4 function 2 not 
configured
sdhc0 at pci4 dev 4 function 3 "TI PCIXX12 Secure Data" rev 0x00: irq 11
sdmmc0 at sdhc0



-- full dmesg output

OpenBSD 4.2-current (GENERIC) #558: Tue Nov 20 10:36:15 MST 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz ("GenuineIntel" 686-class) 1.68 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,CX16,xTPR
real mem  = 2137157632 (2038MB)
avail mem = 2058678272 (1963MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 12/22/06, BIOS32 rev. 0 @ 0xfd4a0, SMBIOS 
rev. 2.4 @ 0xdf010 (30 entries)
bios0: vendor TOSHIBA version "V3.30" date 12/22/2006
bios0: TOSHIBA Satellite P105
pcibios0 at bios0: rev 2.1 @ 0xfd4a0/0xb60
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdd70/224 (12 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #11 is the last bus
bios0: ROM list: 0xc/0xea00! 0xcf000/0x1800 0xdf000/0x1000! 0xe/0x1800!
acpi0 at mainbus0: rev 2
acpi0: tables DSDT FACP APIC HPET MCFG APIC BOOT SLIC SSDT SSDT SSDT 
acpi0: wakeup devices HDEF(S3) LANE(S5) PXS2(S4) PXS3(S4) PXS4(S4) PXS5(S4) 
PXS6(S4) USB1(S3) USB2(S3) USB3(S3) USB4(S3) USB7(S3) LANC(S5) CIR_(S5) 
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 2 (RP01)
acpiprt2 at acpi0: bus 3 (RP02)
acpiprt3 at acpi0: bus 4 (RP03)
acpiprt4 at acpi0: bus -1 (RP04)
acpiprt5 at acpi0: bus -1 (RP05)
acpiprt6 at acpi0: bus -1 (RP06)
acpiprt7 at acpi0: bus 10 (PCIB)
acpiec0 at acpi0
acpicpu0 at acpi0: C3, C2
acpicpu1 at acpi0: C3, C2
acpitz0 at acpi0: critical temperature 104 degC
acpiac0 at acpi0: AC unit online
acpibat0 at acpi0: BAT1 not present
acpibtn0 at acpi0: LID_
acpibtn1 at acpi0: PWRB
cpu0 at mainbus0
cpu0: unknown Enhanced SpeedStep CPU, msr 0x06130a2806000a28
cpu0: using only highest and lowest power states
cpu0: Enhanced SpeedStep 1667 MHz (1340 mV): speeds: 1667, 1000 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82945GM MCH" rev 0x03
vga1 at pci0 dev 2 function 0 "Intel 82945GM Video" rev 0x03: aperture at 
0xc000, size 0x1000
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
"Intel 82945GM Video" rev 0x03 at pci0 dev 2 function 1 not configured
azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: irq 11
azalia0: codec[s]: Conexant/0x5045
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02
pci1 at ppb0 bus 2
ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02
pci2 at ppb1 bus 3
ppb2 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x02
pci3 at ppb2 bus 4
uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x02: irq 7
uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x02: irq 11
uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x02: irq 11
uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x02: irq 11
ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x02: irq 7
ehci0: timed out waiting for BIOS
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 "Intel EHCI root hub" rev 2.00/1.00 addr 1
ppb3 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xe2
pci4 at ppb3 bus 10
cbb0 at pci4 dev 4 function 0 "TI PCIXX12 CardBus" rev 0x00: irq 11
"TI PCIXX12 FireWire" rev 0x00 at pci4 dev 4 function 1 not configured
"TI PCIXX12 Multimedia Card Reader" rev 0x00 at pci4 dev 4 function 2 not 
configured
sdhc0 at pci4 dev 4 function 3 "TI PCIXX12 Secure Data" rev 0x00: irq 11
sdmmc0 at sdhc0
fxp0 at pci4 dev 8 function 0 "Intel PRO/100 VM" rev 0x02, i82562: irq 11, 
address 00:16:36:d1:9e:4e
inphy0 at fxp0 phy 1: i82562ET 10/100 PHY, rev. 0
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 11 device 0 cacheline 0x0, lattimer 0x20
pcmcia0 at cardslot0
ichpcib0 at pci0 dev 31 function 0 "Intel 82801GBM LPC" rev 0x02: PM disabled
pciide0 at pci0 dev 31 function 2 "Intel 82801GBM SATA" rev 0x02: DMA, channel 
0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 190782MB, 390721968 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0 5/cdrom 
removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
ichiic0 at pci0 dev 31 function 3 "Intel 82801GB SMBus" rev 0x02: irq 11
iic0 at ichiic0
spdmem0 at iic0 addr 0x50: 1GB DDR2 SDRAM non-parity PC2-4200CL5 SO-DIMM

OpenBSD compatibe USB bluetooth adaptor.

[Evgeniy Sudyr]

Hello misc,

  I need recommendation for exact model of USB bluetooth adaptor to using with
  OpenBSD (I following current). Btw, http://openbsd.org/i386.html not
  have anything about supported devices, same as man ubt(4)
  http://www.openbsd.org/cgi-bin/man.cgi?query=ubt&sektion=4&format=html 

  Now I'm looking for http://www.dlink.com/products/?sec=0&pid=34 device.

If anybody have working Bluetooth send me model and manufacturer.

-- 
Best regards,
 Evgeniy  mailto:[EMAIL PROTECTED]

Re: System limits

[Evgeniy Sudyr]

Hello Bambero,

Friday, December 21, 2007, 11:50:38 AM, you wrote:

> Hello

> I have a problem with system limis (max_open_files, semaphors, etc).
> By default this settings are very restrictive, and I want to change
> them. So can anyone help me with that ?
> I'm running small hosting system with apache and ftp access (200
> accounts), and mail server courier-mta with spamassasin, and clamav.

> Which options should I change ?

> Thanks for any help.

> Regards,
> Bambero

First look for :

1. sysctl kern.maxfiles, kern.maxfilesperproc, kern.maxproc,
kern.maxusers ... maybe you also need net.inet.ip.portrange.first and
net.inet.ip.portrange.last. Look for sysctl -ad
2. ulimit


-- 
Best regards,
 Evgeniymailto:[EMAIL PROTECTED]

Zend Optimizer with apache and php5 on 4.2

[Evgeniy Sudyr]

Hi all,

I want use Zend optimizer with apache and php5.

I downloaded  ZendOptimizer-3.3.0a-openbsd3.4-i386.tar.gz from Zend
website (latest version is only for 3.4) and unpacked archive and copied PHP 
module from /data/5_2_x_comp/ZendOptimizer.so to /var/www/lib/ZendOptimizer.so

I put lines below to php.ini

;zend_optimizer.optimization_level=15
zend_extension="/var/www/lib/ZendOptimizer.so"

Module not loading :(


# php -v
Failed loading /var/www/lib/ZendOptimizer.so:  Cannot load specified object
PHP 5.2.3 with Suhosin-Patch 0.9.6.2 (cli) (built: Aug 16 2007 02:21:38)
Copyright (c) 1997-2007 The PHP Group
Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies


Is it possible run Zend optimizer with -current or 4.2 ? Please give a
bit instructions how make it workable.


  

-- 
Best regards,
 Evgeniy  mailto:[EMAIL PROTECTED]

Re: Zend Optimizer with apache and php5 on 4.2

[Evgeniy Sudyr]

Hello Marcos,

Monday, January 14, 2008, 7:18:27 PM, you wrote:

> Hello Evgeniy,

> You can try this how-to, this might work for you:

> Solution for ZendOptimizer to work under OpenBSD 4.1/i386
> 1. Download the file for OpenBSD 3.x as distributed by Zend
> currently ZendOptimizer-3.2.8-openbsd3.4-i386.tar.gz

> 2. Untar (tar -xzf ZendOpt*), and fetch the files
->> ZendOptimizer*/data/ZendExtensionManager.so
->> ZendOptimizer*/data/5_1_x_comp/ZendOptimizer.so
> where 5_1_x is the php you have installed

> 3. Put those file somewhere clean like
->> /var/www/lib/php/ZendExtensionManager.so
->> /var/www/lib/php/ZendOptimizer.so
> you NEED to keep the names unchanged

> 4. Simulate old libs (here's the magic)
> type in the console the following command
> # ln -s libm.so.2.3 /usr/lib/libm.so.1.0

> Alternatively, if you don't like symlinking you can edit the binaries and 
> change the
> string 'libm.so.1.0' into 'libm.so.2.3' in both of Zend*.so files
> - change 0x[31 2E 30] -> 0x[32 2E 33] in ZendExtensionManager.so at offset 
> 0x0720
> - change 0x[31 2E 30] -> 0x[32 2E 33] in ZendOptimizer.so at offset 0xCEAE

> 5. Edit your /var/www/conf/php.ini and add the section
> [Zend]
> zend_extension=/var/www/lib/php/ZendExtensionManager.so
> zend_extension=/var/www/lib/php/ZendOptimizer.so

> 6. Test
> Reboot your webserver
> # apachectl stop
> # apachectl start
> Write down one php page containing  and browse it !



> - Original Message - 
> From: "Evgeniy Sudyr" <[EMAIL PROTECTED]>
> To: 
> Sent: Monday, January 14, 2008 9:25 AM
> Subject: Zend Optimizer with apache and php5 on 4.2


> Hi all,

> I want use Zend optimizer with apache and php5.

> I downloaded  ZendOptimizer-3.3.0a-openbsd3.4-i386.tar.gz from Zend
> website (latest version is only for 3.4) and unpacked archive and copied PHP 
> module from
> /data/5_2_x_comp/ZendOptimizer.so to /var/www/lib/ZendOptimizer.so

> I put lines below to php.ini

> ;zend_optimizer.optimization_level=15
> zend_extension="/var/www/lib/ZendOptimizer.so"

> Module not loading :(


> # php -v
> Failed loading /var/www/lib/ZendOptimizer.so:  Cannot load specified object
> PHP 5.2.3 with Suhosin-Patch 0.9.6.2 (cli) (built: Aug 16 2007 02:21:38)
> Copyright (c) 1997-2007 The PHP Group
> Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies


> Is it possible run Zend optimizer with -current or 4.2 ? Please give a
> bit instructions how make it workable.





Thanks! I used this how-to but its not work for me :(

-- 
Best regards,
 Evgeniymailto:[EMAIL PROTECTED]

Re: Zend Optimizer with apache and php5 on 4.2

[Evgeniy Sudyr]

Hello Marcos,

Monday, January 14, 2008, 7:18:27 PM, you wrote:

> Hello Evgeniy,

> You can try this how-to, this might work for you:

> Solution for ZendOptimizer to work under OpenBSD 4.1/i386
> 1. Download the file for OpenBSD 3.x as distributed by Zend
> currently ZendOptimizer-3.2.8-openbsd3.4-i386.tar.gz

> 2. Untar (tar -xzf ZendOpt*), and fetch the files
->> ZendOptimizer*/data/ZendExtensionManager.so
->> ZendOptimizer*/data/5_1_x_comp/ZendOptimizer.so
> where 5_1_x is the php you have installed

> 3. Put those file somewhere clean like
->> /var/www/lib/php/ZendExtensionManager.so
->> /var/www/lib/php/ZendOptimizer.so
> you NEED to keep the names unchanged

> 4. Simulate old libs (here's the magic)
> type in the console the following command
> # ln -s libm.so.2.3 /usr/lib/libm.so.1.0

> Alternatively, if you don't like symlinking you can edit the binaries and 
> change the
> string 'libm.so.1.0' into 'libm.so.2.3' in both of Zend*.so files
> - change 0x[31 2E 30] -> 0x[32 2E 33] in ZendExtensionManager.so at offset 
> 0x0720
> - change 0x[31 2E 30] -> 0x[32 2E 33] in ZendOptimizer.so at offset 0xCEAE

> 5. Edit your /var/www/conf/php.ini and add the section
> [Zend]
> zend_extension=/var/www/lib/php/ZendExtensionManager.so
> zend_extension=/var/www/lib/php/ZendOptimizer.so

> 6. Test
> Reboot your webserver
> # apachectl stop
> # apachectl start
> Write down one php page containing  and browse it !



> - Original Message - 
> From: "Evgeniy Sudyr" <[EMAIL PROTECTED]>
> To: 
> Sent: Monday, January 14, 2008 9:25 AM
> Subject: Zend Optimizer with apache and php5 on 4.2


> Hi all,

> I want use Zend optimizer with apache and php5.

> I downloaded  ZendOptimizer-3.3.0a-openbsd3.4-i386.tar.gz from Zend
> website (latest version is only for 3.4) and unpacked archive and copied PHP 
> module from
> /data/5_2_x_comp/ZendOptimizer.so to /var/www/lib/ZendOptimizer.so

> I put lines below to php.ini

> ;zend_optimizer.optimization_level=15
> zend_extension="/var/www/lib/ZendOptimizer.so"

> Module not loading :(


> # php -v
> Failed loading /var/www/lib/ZendOptimizer.so:  Cannot load specified object
> PHP 5.2.3 with Suhosin-Patch 0.9.6.2 (cli) (built: Aug 16 2007 02:21:38)
> Copyright (c) 1997-2007 The PHP Group
> Zend Engine v2.2.0, Copyright (c) 1998-2007 Zend Technologies


> Is it possible run Zend optimizer with -current or 4.2 ? Please give a
> bit instructions how make it workable.





Unfortunately I can`t make it working :( nothing helps.

-- 
Best regards,
 Evgeniymailto:[EMAIL PROTECTED]

D-Link DWL-650 CardBus crash report

[Evgeniy Sudyr]

Hello all,

I bought D-Link G650 (ath) - which is present in
http://openbsd.org/i386.html list.

When I put this card into my laptop (Toshiba Satellite S6157) and try boot 
-current (GENERIC) I
get panic message at the end of boot.

= panic message =
# panic: pmap_remove_ptes: managed page without PG_PVLIST for
0xe6481000
Stopped at Debugger+0x4: leave
= panic message =

= show registers =
ds 0x10
es 0xd210 kernel_text+0x10
fs 0xe6430058
gs 0xe643
edi 0xd06a2200 i386_cpuid_ecxfeatures+0x780
esi 0xe6436b08
ebp 0xe6436adc
ebx 0
edx 0
ecx 0xd074fa64 kprintf_mutex
eax 0x1
eip 0xd045ee6c Debugger+0x4
cs  0x8
eflags 0x202
esp 0xe6436adc
ss 0xe6430010
Debugger+0x4: leave
= show registers =

I don't have serial console for "trace" and "ps" output, but I have
Photo Camera :)

= ps =
ps output there http://eject.name/openbsd/ps.jpg

= trace =
trace output there http://eject.name/openbsd/ps.jpg


Please give me know if I can help more in resolving this bug.
-- 
Best regards,
 Evgeniy  mailto:[EMAIL PROTECTED]

Re: D-Link DWL-650 CardBus crash report

[Evgeniy Sudyr]

Hello Miod,

Thursday, September 13, 2007, 10:58:21 AM, you wrote:

>> I bought D-Link G650 (ath) - which is present in
>> http://openbsd.org/i386.html list.
>>
>> When I put this card into my laptop (Toshiba Satellite S6157) and   
>> try boot -current (GENERIC) I
>> get panic message at the end of boot.

> [...]

>> Please give me know if I can help more in resolving this bug.

> Could you also provide a complete dmesg as well?

> Miod

# dmesg
OpenBSD 4.2 (GENERIC) #375: Tue Aug 28 10:38:44 MDT 2007
[EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel(R) Core(TM)2 CPU T5500 @ 1.66GHz ("GenuineIntel" 686-class) 1.68 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CF  
   
LUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,EST,TM2,CX16,xTPR
real mem  = 2137157632 (2038MB)
avail mem = 2058887168 (1963MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 12/22/06, BIOS32 rev. 0 @ 0xfd4a0, SMBIOS 
 
rev. 2.4 @ 0xdf010 (30 entries)
bios0: vendor TOSHIBA version "V3.30   " date 12/22/2006
bios0: TOSHIBA Satellite P105
pcibios0 at bios0: rev 2.1 @ 0xfd4a0/0xb60
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdd70/224 (12 entries)
pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #11 is the last bus
bios0: ROM list: 0xc/0xea00! 0xcf000/0x1800 0xdf000/0x1000! 0xe/0x1800!
acpi at mainbus0 not configured
cpu0 at mainbus0
cpu0: unknown Enhanced SpeedStep CPU, msr 0x06130a2806000a28
cpu0: using only highest and lowest power states
cpu0: Enhanced SpeedStep 1667 MHz (1340 mV): speeds: 1667, 1000 MHz
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82945GM MCH" rev 0x03
vga1 at pci0 dev 2 function 0 "Intel 82945GM Video" rev 0x03: aperture at 
0xc000  
   , size 0x1000
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
"Intel 82945GM Video" rev 0x03 at pci0 dev 2 function 1 not configured
azalia0 at pci0 dev 27 function 0 "Intel 82801GB HD Audio" rev 0x02: irq 11
azalia0: host: High Definition Audio rev. 1.0
azalia0: codec: Conexant/0x5045 (rev. 1.0), HDA version 1.0
audio0 at azalia0
ppb0 at pci0 dev 28 function 0 "Intel 82801GB PCIE" rev 0x02
pci1 at ppb0 bus 2
ppb1 at pci0 dev 28 function 1 "Intel 82801GB PCIE" rev 0x02
pci2 at ppb1 bus 3
wpi0 at pci2 dev 0 function 0 "Intel PRO/Wireless 3945ABG" rev 0x02: irq 11, 
MoW 
1, address 00:19:d2:22:62:fd
ppb2 at pci0 dev 28 function 2 "Intel 82801GB PCIE" rev 0x02
pci3 at ppb2 bus 4
uhci0 at pci0 dev 29 function 0 "Intel 82801GB USB" rev 0x02: irq 7
uhci1 at pci0 dev 29 function 1 "Intel 82801GB USB" rev 0x02: irq 11
uhci2 at pci0 dev 29 function 2 "Intel 82801GB USB" rev 0x02: irq 11
uhci3 at pci0 dev 29 function 3 "Intel 82801GB USB" rev 0x02: irq 11
ehci0 at pci0 dev 29 function 7 "Intel 82801GB USB" rev 0x02: irq 7
ehci0: timed out waiting for BIOS
usb0 at ehci0: USB revision 2.0
uhub0 at usb0: Intel EHCI root hub, rev 2.00/1.00, addr 1
ppb3 at pci0 dev 30 function 0 "Intel 82801BAM Hub-to-PCI" rev 0xe2
pci4 at ppb3 bus 10
cbb0 at pci4 dev 4 function 0 "TI PCIXX12 CardBus" rev 0x00: irq 11
"TI PCIXX12 FireWire" rev 0x00 at pci4 dev 4 function 1 not configured
"TI PCIXX12 Multimedia Card Reader" rev 0x00 at pci4 dev 4 function 2 not 
config  
   ured
sdhc0 at pci4 dev 4 function 3 "TI PCIXX12 Secure Data" rev 0x00: irq 11
sdmmc0 at sdhc0
fxp0 at pci4 dev 8 function 0 "Intel PRO/100 VM" rev 0x02, i82562: irq 11, 
addre   
  ss 00:16:36:d1:9e:4e
inphy0 at fxp0 phy 1: i82562ET 10/100 PHY, rev. 0
cardslot0 at cbb0 slot 0 flags 0
cardbus0 at cardslot0: bus 11 device 0 cacheline 0x0, lattimer 0x20
pcmcia0 at cardslot0
ichpcib0 at pci0 dev 31 function 0 "Intel 82801GBM LPC" rev 0x02: PM disabled
pciide0 at pci0 dev 31 function 2 "Intel 82801GBM SATA" rev 0x02: DMA, channel 
0  
wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: 
wd0: 16-sector PIO, LBA48, 190782MB, 390721968 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0:  SCSI0 5/cdrom 
re 
movable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
ichiic0 at pci0 dev 31 function 3 "Intel 82801GB SMBus" rev 0x02: irq 11
iic0 at ichiic0
usb1 at uhci0: USB revisi

Re: D-Link DWL-650 CardBus crash report

[Evgeniy Sudyr]

Hello Evgeniy,

Thursday, September 13, 2007, 10:41:53 AM, you wrote:

> Hello all,

> I bought D-Link G650 (ath) - which is present in
> http://openbsd.org/i386.html list.

> When I put this card into my laptop (Toshiba Satellite S6157) and try boot 
> -current (GENERIC) I
> get panic message at the end of boot.

> = panic message =
> # panic: pmap_remove_ptes: managed page without PG_PVLIST for
> 0xe6481000
> Stopped at Debugger+0x4: leave
> = panic message =

> = show registers =
> ds 0x10
> es 0xd210 kernel_text+0x10
> fs 0xe6430058
> gs 0xe643
> edi 0xd06a2200 i386_cpuid_ecxfeatures+0x780
> esi 0xe6436b08
> ebp 0xe6436adc
> ebx 0
> edx 0
> ecx 0xd074fa64 kprintf_mutex
> eax 0x1
> eip 0xd045ee6c Debugger+0x4
> cs  0x8
> eflags 0x202
> esp 0xe6436adc
> ss 0xe6430010
> Debugger+0x4: leave
> = show registers =

> I don't have serial console for "trace" and "ps" output, but I have
> Photo Camera :)

> = ps =
> ps output there http://eject.name/openbsd/ps.jpg

> = trace =
> trace output there http://eject.name/openbsd/ps.jpg
sorry, trace output there http://eject.name/openbsd/trace.jpg


> Please give me know if I can help more in resolving this bug.



-- 
Best regards,
 Evgeniymailto:[EMAIL PROTECTED]

Re: OpenBSD Apache with IPv6 VirtualHost

[Evgeniy Sudyr]

Try add record to DNS or/and hosts

On Sun, Jul 17, 2011 at 8:30 PM, joshua stein  wrote:
>> I try to configure the OpenBSD Apache to use IPv6 with Name based
>> VirtualHosts. But it doesn't work. apachectl configtest says:
>> [Sun Jul 17 18:12:53 2011] [error] Cannot resolve host
>> fd07:8085:b92f:1::1:1 port 80 --- ignoring!
>
> you need -U in httpd_flags in /etc/rc.conf.local
>
>



-- 
--
With regards,
Eugene Sudyr

Re: IPv6 status

[Evgeniy Sudyr]

Leal,

I think good start is to visit

http://www.kame.net
man inet6
man ip6


On Wed, Feb 9, 2011 at 4:31 PM, Orestes Leal R.
 wrote:
> colleagues, I need to know if the ipv6 status it's mature, or al least very
> usable
> and well conformant to rfcs, any comments, links,
>
> Best regards,
> LeaL
>
>



-- 
--
With regards,
Eugene Sudyr

Build darkice on OpenBSD 4.8

[Evgeniy Sudyr]

Hello, I'm trying to build darkice with mp3 support and getting error during
compile process. I have no idea if it's openbsd specific and need your guys
help.

My steps:

1) build lame http://sourceforge.net/projects/lame

tar zxf cd lame-3.98.4.tar.gz

cd lame-3.98.4/
./configure
make
make install

2) trying to compile darkice http://code.google.com/p/darkice/
cd /usr/src
wget http://darkice.googlecode.com/files/darkice-1.0.tar.gz
tar zxf darkice-1.0.tar.gz
cd darkice-1.0

./configure --with-lame-path=/usr/local --with-lame


# make
Making all in src
make  all-am
g++ -DHAVE_CONFIG_H -I. -I/usr/local/include-O2 -pedantic -Wall
 -pthread -g -O2 -MT AudioSource.o -MD -MP -MF .deps/AudioSource.Tpo -c -o
AudioSource.o AudioSource.cpp
In file included from /usr/include/g++/memory:60,
 from /usr/include/g++/string:48,
 from /usr/include/g++/bits/locale_classes.h:47,
 from /usr/include/g++/bits/ios_base.h:47,
 from /usr/include/g++/ios:48,
 from /usr/include/g++/ostream:45,
 from /usr/include/g++/iostream:45,
 from Exception.h:39,
 from Referable.h:39,
 from Source.h:39,
 from AudioSource.h:42,
 from AudioSource.cpp:36:
/usr/include/g++/limits: In static member function 'static char
std::numeric_limits::min()':
/usr/include/g++/limits:375: warning: overflow in implicit constant
conversion
/usr/include/g++/limits: In static member function 'static wchar_t
std::numeric_limits::max()':
/usr/include/g++/limits:530: warning: overflow in implicit constant
conversion
In file included from /usr/include/g++/bits/locale_facets.h:47,
 from /usr/include/g++/bits/basic_ios.h:44,
 from /usr/include/g++/ios:50,
 from /usr/include/g++/ostream:45,
 from /usr/include/g++/iostream:45,
 from Exception.h:39,
 from Referable.h:39,
 from Source.h:39,
 from AudioSource.h:42,
 from AudioSource.cpp:36:
/usr/include/g++/i386-unknown-openbsd4.9/bits/ctype_base.h: At global scope:
/usr/include/g++/i386-unknown-openbsd4.9/bits/ctype_base.h:55: warning:
overflow in implicit constant conversion
mv -f .deps/AudioSource.Tpo .deps/AudioSource.Po
g++ -DHAVE_CONFIG_H -I. -I/usr/local/include-O2 -pedantic -Wall
 -pthread -g -O2 -MT BufferedSink.o -MD -MP -MF .deps/BufferedSink.Tpo -c -o
BufferedSink.o BufferedSink.cpp
In file included from /usr/include/g++/memory:60,
 from /usr/include/g++/string:48,
 from /usr/include/g++/bits/locale_classes.h:47,
 from /usr/include/g++/bits/ios_base.h:47,
 from /usr/include/g++/ios:48,
 from /usr/include/g++/ostream:45,
 from /usr/include/g++/iostream:45,
 from Exception.h:39,
 from BufferedSink.cpp:59:
/usr/include/g++/limits: In static member function 'static char
std::numeric_limits::min()':
/usr/include/g++/limits:375: warning: overflow in implicit constant
conversion
/usr/include/g++/limits: In static member function 'static wchar_t
std::numeric_limits::max()':
/usr/include/g++/limits:530: warning: overflow in implicit constant
conversion
In file included from /usr/include/g++/bits/locale_facets.h:47,
 from /usr/include/g++/bits/basic_ios.h:44,
 from /usr/include/g++/ios:50,
 from /usr/include/g++/ostream:45,
 from /usr/include/g++/iostream:45,
 from Exception.h:39,
 from BufferedSink.cpp:59:
/usr/include/g++/i386-unknown-openbsd4.9/bits/ctype_base.h: At global scope:
/usr/include/g++/i386-unknown-openbsd4.9/bits/ctype_base.h:55: warning:
overflow in implicit constant conversion
mv -f .deps/BufferedSink.Tpo .deps/BufferedSink.Po
g++ -DHAVE_CONFIG_H -I. -I/usr/local/include-O2 -pedantic -Wall
 -pthread -g -O2 -MT CastSink.o -MD -MP -MF .deps/CastSink.Tpo -c -o
CastSink.o CastSink.cpp
In file included from /usr/include/g++/memory:60,
 from /usr/include/g++/string:48,
 from /usr/include/g++/bits/locale_classes.h:47,
 from /usr/include/g++/bits/ios_base.h:47,
 from /usr/include/g++/ios:48,
 from /usr/include/g++/ostream:45,
 from /usr/include/g++/iostream:45,
 from Exception.h:39,
 from Util.h:39,
 from CastSink.cpp:32:
/usr/include/g++/limits: In static member function 'static char
std::numeric_limits::min()':
/usr/include/g++/limits:375: warning: overflow in implicit constant
conversion
/usr/include/g++/limits: In static member function 'static wchar_t
std::numeric_limits::max()':
/usr/include/g++/limits:530: warning: overflow in implicit constant
conversion
In file included from /usr/include/g++/bits/locale_facets.h:47,

Re: [darkice] Re: Build darkice on OpenBSD 4.8

[Evgeniy Sudyr]

Anybody there was able to compile darkice on OpenBSD 4.8 or -current ?

On Tue, Mar 29, 2011 at 4:47 PM, Evgeniy Sudyr wrote:

> I got source from anoncvs and then added include to .cpp files
>
> #include "/usr/src/usr.sbin/nsd/compat/pselect.c"
>
> now I'm getting next error:
>
>
> /usr/include/g++/i386-unknown-openbsd4.9/bits/ctype_base.h: At global
> scope:
> /usr/include/g++/i386-unknown-openbsd4.9/bits/ctype_base.h:55: warning:
> overflow in implicit constant conversion
> mv -f .deps/main.Tpo .deps/main.Po
> g++ -DHAVE_CONFIG_H -I. -I/usr/local/include-O2 -pedantic -Wall
> -pthread -g -O2 -MT aflibDebug.o -MD -MP -MF .deps/aflibDebug.Tpo -c -o
> aflibDebug.o aflibDebug.cc
> mv -f .deps/aflibDebug.Tpo .deps/aflibDebug.Po
> g++ -DHAVE_CONFIG_H -I. -I/usr/local/include-O2 -pedantic -Wall
> -pthread -g -O2 -MT aflibConverter.o -MD -MP -MF .deps/aflibConverter.Tpo
-c
> -o aflibConverter.o aflibConverter.cc
> aflibConverter.cc: In member function 'int
> aflibConverter::resampleFast(int&, int, short int*, short int*)':
> aflibConverter.cc:525: warning: deprecated conversion from string constant
> to 'char*'
> aflibConverter.cc: In member function 'int
> aflibConverter::resampleWithFilter(int&, int, short int*, short int*, short
> int*, short int*, short unsigned int, short unsigned int, short unsigned
> int)':
> aflibConverter.cc:571: warning: deprecated conversion from string constant
> to 'char*'
> aflibConverter.cc:639: warning: deprecated conversion from string constant
> to 'char*'
> mv -f .deps/aflibConverter.Tpo .deps/aflibConverter.Po
> g++ -O2 -pedantic -Wall  -pthread -g -O2-o darkice AudioSource.o
> BufferedSink.o  CastSink.o FileSink.o Connector.o  MultiThreadedConnector.o
> DarkIce.o  Exception.o IceCast.o IceCast2.o  ShoutCast.o FileCast.o
> LameLibEncoder.o TwoLameLibEncoder.o  VorbisLibEncoder.o FaacEncoder.o
> aacPlusEncoder.o OssDspSource.o  SerialUlaw.o SolarisDspSource.o
> TcpSocket.o Util.o ConfigSection.o  DarkIceConfig.o Reporter.o
> AlsaDspSource.o JackDspSource.o main.o  aflibDebug.o  aflibConverter.o
> -L/usr/local/lib -lmp3lame
> SolarisDspSource.o(.text+0x160): In function `pselect(int, fd_set*,
> fd_set*, fd_set*, timespec const*, unsigned int const*)':
> /usr/src/usr.sbin/nsd/compat/pselect.c:23: multiple definition of
> `pselect(int, fd_set*, fd_set*, fd_set*, timespec const*, unsigned int
> const*)'
> FileSink.o(.text+0x240):/usr/src/usr.sbin/nsd/compat/pselect.c:23: first
> defined here
> TcpSocket.o(.text+0x190): In function `pselect(int, fd_set*, fd_set*,
> fd_set*, timespec const*, unsigned int const*)':
> /usr/src/usr.sbin/nsd/compat/pselect.c:23: multiple definition of
> `pselect(int, fd_set*, fd_set*, fd_set*, timespec const*, unsigned int
> const*)'
> FileSink.o(.text+0x240):/usr/src/usr.sbin/nsd/compat/pselect.c:23: first
> defined here
> Util.o(.text+0x260): In function `pselect(int, fd_set*, fd_set*, fd_set*,
> timespec const*, unsigned int const*)':
> /usr/src/usr.sbin/nsd/compat/pselect.c:23: multiple definition of
> `pselect(int, fd_set*, fd_set*, fd_set*, timespec const*, unsigned int
> const*)'
> FileSink.o(.text+0x240):/usr/src/usr.sbin/nsd/compat/pselect.c:23: first
> defined here
> aflibDebug.o(.text+0x3bf): In function `aflibDebug::debug(char const*,
> ...)':
> /usr/src/darkice-1.0/src/aflibDebug.cc:218: warning: vsprintf() is often
> misused, please use vsnprintf()
> Util.o(.text+0x1f1): In function `Util::strCpy(char*, char const*)':
> /usr/src/darkice-1.0/src/Util.cpp:144: warning: strcpy() is almost always
> misused, please use strlcpy()
> IceCast.o(.text+0x23f): In function `IceCast::sendLogin()':
> /usr/src/darkice-1.0/src/Referable.h:144: warning: sprintf() is often
> misused, please use snprintf()
> Exception.o(.text+0x1f9): In function `Exception::Exception(char const*,
> unsigned int, char const*, char const*, char const*, int)':
> /usr/src/darkice-1.0/src/Exception.cpp:128: warning: strcat() is almost
> always misused, please use strlcat()
> collect2: ld returned 1 exit status
> *** Error code 1
>
>
>
>
> On Tue, Mar 29, 2011 at 12:58 AM, Adrian Pardini  > wrote:
>
>> On Monday 28 March 2011 17:32:25 C
kos MarC3y wrote:
>> > On 28/03/11 22:03, Evgeniy Sudyr wrote:
>> > > Hi Akos,
>> > >
>> > > there is select.h manual from OpenBSD project
>> > >
>> > >
>> http://www.openbsd.org/cgi-bin/man.cgi?query=select&apropos=0&sektion=0&m
>> > >anpath=OpenBSD+Current&arch=i386&format=html
>> >
>> > thanks for the link.
>> >
>> &

Re: Force Internet traffic out IPSec VPN

[Evgeniy Sudyr]

What about mobile VPN?  For PUBKEY auth you can use UFQDN identities

http://openbsd.org/papers/asiabsdcon07-ipsec/mgp00065.html

and
http://www.openbsd.org/cgi-bin/man.cgi?query=isakmpd
http://www.openbsd.org/cgi-bin/man.cgi?query=ipsec.conf

On Fri, Apr 8, 2011 at 10:41 AM, Ivan Nudzik  wrote:
> It is not demand of PF... It's about IPSec behavior. IPSec tunnels could
> be established between exact 2 IPs, or exact 2 IP networks. You can't
> have IP net on one side of tunnel and rest of Internet on other side,
> which is case you wrote about.
> Solutions:
> 1. Build IP-IP IPSec and then build GRE tunnel on those 2 IP. You could
> route anything over GRE tunnel. Beware of encapsulation overhead, cause
> it is tunnel in tunnel.
> 2. Use OpenVPN instead of IPSec. It is far less painful.
>
> I.
>
> On Thu, 2011-04-07 at 16:51 -0700, Andrew Klettke wrote:
>> We have a working IPSec VPN between two 4.8 endpoints. One of them is at
>> a remote location, and the other at the main office. The remote location
>> has its own external, routable IP (to establish the VPN), and an
>> internal subnet behind it. The main office has its own external IP,
>> though which it is NATing its own internal subnet.
>>
>> Basically, I want to force all internet traffic from the remote,
>> internal subnet through the main office's internal gateway so it can NAT
>> out from there.
>>
>> I've been attempting to accomplish this with "route-to" and "reply-to"
>> rules on the remote box, but have had no luck. I know IPSec keeps its
>> own routing table, is this interfering? Is this possible to do with PF?
>
>



-- 
--
With regards,
Eugene Sudyr

Is monit broken in OpenBSD -current ?

[Evgeniy Sudyr]

Hello,

I've tried to use monit on my OpenBSD snapshot

Which is:

# uname -ap
OpenBSD openbsd.eject.name 4.9 GENERIC.MP#814 i386 Intel(R) Atom(TM)
CPU D425 @ 1.80GHz ("GenuineIntel" 686-class)


# pkg_info -v monit
Information for inst:monit-4.10.1p1

I tried to run it with "out of package config" and noticed that it not
starts as daemon:

/usr/local/bin/monit -d 300 -c /etc/monitrc -v


# /usr/local/bin/monit -d 300 -c /etc/monitrc -v
Runtime constants:
 Control file   = /etc/monitrc
 Log file   = (not defined)
 Pid file   = /var/run/monit.pid
 Debug  = True
 Log= False
 Use syslog = False
 Is Daemon  = True
 Use process engine = True
 Poll time  = 300 seconds
 Mail server(s) = localhost
 Mail from  = (not defined)
 Mail subject   = (not defined)
 Mail message   = (not defined)
 Start monit httpd  = False

The service list contains the following entries:

System Name   = openbsd.eject.name
 Monitoring mode  = active

---
Starting monit daemon


# ps ax | grep monit
 9314 p0  R+/10:00.00 grep monit


What's happened? How can I help you to debug this problem?


Btw, maybe it will be useful:

# gdb /usr/local/bin/monit
GNU gdb 6.3
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-openbsd4.9"...(no debugging
symbols found)

(gdb) run
Starting program: /usr/local/bin/monit

Program received signal SIGSEGV, Segmentation fault.
[Switching to process 15499, thread 0x84db3c00]
0x1c02420b in signal ()
(gdb) backtrace
#0  0x1c02420b in signal ()
#1  0x1c00bce9 in ?? ()
#2  0x3c0223b4 in __progname ()
#3  0xcfbf2514 in ?? ()
#4  0xcfbf2528 in ?? ()
#5  0x1c024408 in signal ()
#6  0x1c0188b2 in signal ()
#7  0x1c00a72a in ?? ()
#8  0x7fa2f200 in ?? ()
#9  0x in ?? ()


It works fine with the same scenario and config on my other machine
GENERIC.MP#335 amd64 Intel(R) Xeon(TM) CPU 3.00GHz

-- 
--
With regards,
Eugene Sudyr

Re: tftp - no route to host

[Evgeniy Sudyr]

Pavel,

1) Are you sure that you uncommented tftpd in inetd.conf ? Is inetd started ?
2) netstat -na | grep 69
3) tcpdump -ni lo port 69
4) check PF rules as Janne wrote before (maybe you need to pass or
just skip on lo). Btw, does it make any sense to use TFTP on localhost
? :)

--
Thanks!
Eugene Sudyr

On Fri, Apr 29, 2011 at 10:48 AM, Janne Johansson 
wrote:
> 2011/4/29 pavel pocheptsov 
>
>> openbsd 4.8
>> # cat /etc/pf.conf | grep tftp
>> pass in on $int_if inet proto udp from any to $int_if port tftp
>> # tftp 127.0.0.1
>>
>
> 127.0.0.1 would not be on the $int_if, would it?
>
> --
> B To our sweethearts and wives. B May they never meet. -- 19th century
toast
>
>



--
--
With regards,
Eugene Sudyr

Re: tftp - no route to host

[Evgeniy Sudyr]

Sorry, I've missed your netstat output, ignore part of my previous mail :)

On Fri, Apr 29, 2011 at 12:33 PM, Evgeniy Sudyr 
wrote:
> Pavel,
>
> 1) Are you sure that you uncommented tftpd in inetd.conf ? Is inetd started
?
> 2) netstat -na | grep 69
> 3) tcpdump -ni lo port 69
> 4) check PF rules as Janne wrote before (maybe you need to pass or
> just skip on lo). Btw, does it make any sense to use TFTP on localhost
> ? :)
>
> --
> Thanks!
> Eugene Sudyr
>
> On Fri, Apr 29, 2011 at 10:48 AM, Janne Johansson 
wrote:
>> 2011/4/29 pavel pocheptsov 
>>
>>> openbsd 4.8
>>> # cat /etc/pf.conf | grep tftp
>>> pass in on $int_if inet proto udp from any to $int_if port tftp
>>> # tftp 127.0.0.1
>>>
>>
>> 127.0.0.1 would not be on the $int_if, would it?
>>
>> --
>> B To our sweethearts and wives. B May they never meet. -- 19th century
toast
>>
>>
>
>
>
> --
> --
> With regards,
> Eugene Sudyr
>



--
--
With regards,
Eugene Sudyr

Slow disk IO HP DL120 G5 with LSI1068E

[Evgeniy Sudyr]

I have troubles with on OpenBSD 4.7 with HP DL 120 G5

Actually I'm trying to unpack src.tar.gz and see that it's very slow.

There is my systat during unpacking and dmesg for the server

 systat

   2 usersLoad 2.77 2.48 2.17  Tue Aug 31 19:46:02 2010

memory totals (in KB)PAGING   SWAPPING Interrupts
   real   virtual free   in  out   in  out  568 total
Active13212 13212  3281736   ops400 clock
All  410024410024  7342468   pages   79 ipi
 88 mpi0
Proc:r  d  s  wCsw   Trp   Sys   Int   Sof  Flt   forks   1 em0
2  6   164 1   25889   1009   fkppw uhci3
  fksvm ehci1
   0.0%Int   0.1%Sys   0.2%Usr   0.0%Nic  99.7%Idle   pwait
|||||||||||   relck
  rlkok
  noram
Namei Sys-cacheProc-cacheNo-cache ndcpy
Calls hits%hits %miss   % fltcp
  881  742   84   4 0 135  15 zfod
  cow
Disks   sd0 30764 fmin
seeks   41018 ftarg
xfers88   itarg
speed  761K49 wired
  sec   1.0   pdfre
  pdscn
  pzidle
   15 kmapent

 dmesg

OpenBSD 4.7 (GENERIC.MP) #130: Wed Mar 17 20:48:50 MDT 2010
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 3889758208 (3709MB)
avail mem = 3780005888 (3604MB)
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xdc010 (43 entries)
bios0: vendor HP version "O22" date 10/09/2009
bios0: HP ProLiant DL120 G5
acpi0 at bios0: rev 2
acpi0: tables DSDT FACP SPMI EINJ HEST BERT SSDT ERST MCFG APIC BOOT
SPCR SSDT SSDT SSDT
acpi0: wakeup devices USB4(S3) USB5(S3) USB7(S3) ESB2(S4) EXP1(S4)
EXP2(S4) EXP3(S4) EXP4(S4) EXP5(S4) EXP6(S4) USB1(S3) USB2(S3)
USB3(S3) USB6(S3) ESB1(S3) PCIB(S3) PWRB(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Xeon(R) CPU X3210 @ 2.13GHz, 2133.65 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG
cpu0: 4MB 64b/line 16-way L2 cache
cpu0: apic clock running at 266MHz
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Xeon(R) CPU X3210 @ 2.13GHz, 2133.33 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG
cpu1: 4MB 64b/line 16-way L2 cache
cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Xeon(R) CPU X3210 @ 2.13GHz, 2133.33 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG
cpu2: 4MB 64b/line 16-way L2 cache
cpu3 at mainbus0: apid 3 (application processor)
cpu3: Intel(R) Xeon(R) CPU X3210 @ 2.13GHz, 2133.33 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,xTPR,NXE,LONG
cpu3: 4MB 64b/line 16-way L2 cache
ioapic0 at mainbus0: apid 4 pa 0xfec0, version 20, 24 pins
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (PEG1)
acpiprt2 at acpi0: bus -1 (PEG2)
acpiprt3 at acpi0: bus 5 (EXP1)
acpiprt4 at acpi0: bus -1 (EXP2)
acpiprt5 at acpi0: bus -1 (EXP3)
acpiprt6 at acpi0: bus -1 (EXP4)
acpiprt7 at acpi0: bus 13 (EXP5)
acpiprt8 at acpi0: bus 14 (EXP6)
acpiprt9 at acpi0: bus 17 (PCIB)
acpicpu0 at acpi0: C3, PSS
acpicpu1 at acpi0: C3, PSS
acpicpu2 at acpi0: C3, PSS
acpicpu3 at acpi0: C3, PSS
acpibtn0 at acpi0: PWRB
ipmi at mainbus0 not configured
cpu0: Enhanced SpeedStep 2133 MHz: speeds: 2133, 1600 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 3200/3210 Host" rev 0x01
ppb0 at pci0 dev 1 function 0 "Intel 3200/3210 PCIE" rev 0x01: apic 4
int 16 (irq 5)
pci1 at ppb0 bus 1
mpi0 at pci1 dev 0 function 0 "Symbios Logic SAS1068E" rev 0x08: apic
4 int 16 (irq 5)
scsibus0 at mpi0: 112 targets
sd0 at scsibus0 targ 1 lun 0:  SCSI2
0/direct fixed
sd0: 237464MB, 512 bytes/sec, 486326272 sec total
uhci0 at pci0 dev 26 function 0 "Intel 

Re: Slow disk IO HP DL120 G5 with LSI1068E

[Evgeniy Sudyr]

Marco,

thank you for your super fast answer!

As I understood you told that I need to delete raid logical disk, and
use two separate disks.

I did it and I'm installing OpenBSD on first disk right now.

I have question for you - how should I "enable write cache on them
using scsi" ?

--
Thanks!



On Tue, Aug 31, 2010 at 7:00 PM, Marco Peereboom  wrote:
> Your disks have write cache disabled. B I started on a diff but hit a
> roadblock and didn't get back to figuring this out. B Currently the only
> way to "fix" this is to undo the raid volume and let the actual physical
> disks show up. B Then enable write cache on them using scsi. B Not really
> something for the faint hearted. B At some point I'll go spend some time
> to figure this out but not anytime soon :-(
>
> On Tue, Aug 31, 2010 at 06:52:44PM +0300, Evgeniy Sudyr wrote:
>> I have troubles with on OpenBSD 4.7 with HP DL 120 G5
>>
>> Actually I'm trying to unpack src.tar.gz and see that it's very slow.
>>
>> There is my systat during unpacking and dmesg for the server
>>
>> B systat
>>
>> B  B 2 users B  B Load 2.77 2.48 2.17 B  B  B  B  B  B  B  B  B  B  B Tue
Aug 31 19:46:02 2010
>>
>> B  B  B  B  B  B  memory totals (in KB) B  B  B  B  B  B PAGING B  SWAPPING
B  B  Interrupts
>> B  B  B  B  B  B real B  virtual B  B  free B  B  B  B  B  in B out B  in
B out B  B  B 568 total
>> Active B  B 13212 B  B  13212 B 3281736 B  ops B  B  B  B  B  B  B  B  B 
B  B  B  B  B 400 clock
>> All B  B  B 410024 B  B 410024 B 7342468 B  pages B  B  B  B  B  B  B  B 
B  B  B  B  B  79 ipi
>> B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B  B  B  B  B  B  B  B  B  B 88 mpi0
>> Proc:r B d B s B w B  B Csw B  Trp B  Sys B  Int B  Sof B Flt B  B  B 
forks B  B  B  1 em0
>> B  B  B  B  2 B 6 B  B  B  164 B  B  1 B  258 B  B 89 B  100 B  B 9 B  B 
B  fkppw B  B  B  B  uhci3
>> B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B  B  B  B  fksvm B  B  B  B  ehci1
>> B  B 0.0%Int B  0.1%Sys B  0.2%Usr B  0.0%Nic B 99.7%Idle B  B  B  pwait
>> | B  B | B  B | B  B | B  B | B  B | B  B | B  B | B  B | B  B | B  B | B 
B  B  relck
>> B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B  B  B  B  rlkok
>> B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B  B  B  B  noram
>> Namei B  B  B  B  Sys-cache B  B Proc-cache B  B No-cache B  B  B  B 
ndcpy
>> B  B  Calls B  B  hits B  B % B  B hits B  B  % B  B miss B  % B  B  B  B 
fltcp
>> B  B  B  881 B  B  B 742 B  84 B  B  B  4 B  B  0 B  B  135 B 15 B  B  B 
B  zfod
>> B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B  B  B  B  cow
>> Disks B  sd0 B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
30764 fmin
>> seeks B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
41018 ftarg
>> xfers B  B 88 B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B  B  B  itarg
>> speed B 761K B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B 49 wired
>> B  sec B  1.0 B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B  B  B  pdfre
>> B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B  B  B  B  pdscn
>> B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B  B  B  B  pzidle
>> B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B  B  B 15 kmapent
>>
>> B dmesg
>>
>> OpenBSD 4.7 (GENERIC.MP) #130: Wed Mar 17 20:48:50 MDT 2010
>> B  B  dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>> real mem = 3889758208 (3709MB)
>> avail mem = 3780005888 (3604MB)
>> mainbus0 at root
>> bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xdc010 (43 entries)
>> bios0: vendor HP version "O22" date 10/09/2009
>> bios0: HP ProLiant DL120 G5
>> acpi0 at bios0: rev 2
>> acpi0: tables DSDT FACP SPMI EINJ HEST BERT SSDT ERST MCFG APIC BOOT
>> SPCR SSDT SSDT SSDT
>> acpi0: wakeup devices USB4(S3) USB5(S3) USB7(S3) ESB2(S4) EXP1(S4)
>> EXP2(S4) EXP3(S4) EXP4(S4) EXP5(S4) EXP6(S4) USB1(S3) USB2(S3)
>> USB3(S3) USB6(S3) ESB1(S3) PCIB(S3) PWRB(S3)
>> acpitimer0 at acpi0: 3579545 Hz, 24 bits
>> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
>> cpu0 at mainbus0: apid 0 (boot processor)
>> cpu0: Intel(R) Xeon(R) CPU X3210 @ 2.13GHz, 2133.65 MHz
>> cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,
xTPR,NXE,LONG
>> cpu0: 4MB 64b/line 16-way L2 cache
>> cpu0: apic clock runnin

Re: Slow disk IO HP DL120 G5 with LSI1068E

[Evgeniy Sudyr]

Marco,

thank you for your super fast answer!

As I understood you told that I need to delete raid logical disk, and
use two separate disks.

1. I deleted array and selected disk 1 to be boot disk in LSI configuration.
2. During installation I was able to see 2 disks (as expected), so I
installed OBSD on 1st drive.
3. After installation I tried to do the same unpack and figured that it's

"Then enable write cache on them using scsi" - how can I do this ?

Let me know if I can help with this issues testing on my hardware :) -
I would like to help you in this!

--
Thank you!
Evgeniy Sudyr


On Tue, Aug 31, 2010 at 7:00 PM, Marco Peereboom  wrote:
> Your disks have write cache disabled. B I started on a diff but hit a
> roadblock and didn't get back to figuring this out. B Currently the only
> way to "fix" this is to undo the raid volume and let the actual physical
> disks show up. B Then enable write cache on them using scsi. B Not really
> something for the faint hearted. B At some point I'll go spend some time
> to figure this out but not anytime soon :-(
>
> On Tue, Aug 31, 2010 at 06:52:44PM +0300, Evgeniy Sudyr wrote:
>> I have troubles with on OpenBSD 4.7 with HP DL 120 G5
>>
>> Actually I'm trying to unpack src.tar.gz and see that it's very slow.
>>
>> There is my systat during unpacking and dmesg for the server
>>
>> B systat
>>
>> B  B 2 users B  B Load 2.77 2.48 2.17 B  B  B  B  B  B  B  B  B  B  B Tue
Aug 31 19:46:02 2010
>>
>> B  B  B  B  B  B  memory totals (in KB) B  B  B  B  B  B PAGING B  SWAPPING
B  B  Interrupts
>> B  B  B  B  B  B real B  virtual B  B  free B  B  B  B  B  in B out B  in
B out B  B  B 568 total
>> Active B  B 13212 B  B  13212 B 3281736 B  ops B  B  B  B  B  B  B  B  B 
B  B  B  B  B 400 clock
>> All B  B  B 410024 B  B 410024 B 7342468 B  pages B  B  B  B  B  B  B  B 
B  B  B  B  B  79 ipi
>> B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B  B  B  B  B  B  B  B  B  B 88 mpi0
>> Proc:r B d B s B w B  B Csw B  Trp B  Sys B  Int B  Sof B Flt B  B  B 
forks B  B  B  1 em0
>> B  B  B  B  2 B 6 B  B  B  164 B  B  1 B  258 B  B 89 B  100 B  B 9 B  B 
B  fkppw B  B  B  B  uhci3
>> B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B  B  B  B  fksvm B  B  B  B  ehci1
>> B  B 0.0%Int B  0.1%Sys B  0.2%Usr B  0.0%Nic B 99.7%Idle B  B  B  pwait
>> | B  B | B  B | B  B | B  B | B  B | B  B | B  B | B  B | B  B | B  B | B 
B  B  relck
>> B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B  B  B  B  rlkok
>> B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B  B  B  B  noram
>> Namei B  B  B  B  Sys-cache B  B Proc-cache B  B No-cache B  B  B  B 
ndcpy
>> B  B  Calls B  B  hits B  B % B  B hits B  B  % B  B miss B  % B  B  B  B 
fltcp
>> B  B  B  881 B  B  B 742 B  84 B  B  B  4 B  B  0 B  B  135 B 15 B  B  B 
B  zfod
>> B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B  B  B  B  cow
>> Disks B  sd0 B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
30764 fmin
>> seeks B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
41018 ftarg
>> xfers B  B 88 B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B  B  B  itarg
>> speed B 761K B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B 49 wired
>> B  sec B  1.0 B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B  B  B  pdfre
>> B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B  B  B  B  pdscn
>> B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B  B  B  B  pzidle
>> B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B  B  B 15 kmapent
>>
>> B dmesg
>>
>> OpenBSD 4.7 (GENERIC.MP) #130: Wed Mar 17 20:48:50 MDT 2010
>> B  B  dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>> real mem = 3889758208 (3709MB)
>> avail mem = 3780005888 (3604MB)
>> mainbus0 at root
>> bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xdc010 (43 entries)
>> bios0: vendor HP version "O22" date 10/09/2009
>> bios0: HP ProLiant DL120 G5
>> acpi0 at bios0: rev 2
>> acpi0: tables DSDT FACP SPMI EINJ HEST BERT SSDT ERST MCFG APIC BOOT
>> SPCR SSDT SSDT SSDT
>> acpi0: wakeup devices USB4(S3) USB5(S3) USB7(S3) ESB2(S4) EXP1(S4)
>> EXP2(S4) EXP3(S4) EXP4(S4) EXP5(S4) EXP6(S4) USB1(S3) USB2(S3)
>> USB3(S3) USB6(S3) ESB1(S3) PCIB(S3) PWRB(S3)
>> acpitimer0 at acpi0: 3579545 Hz, 24 bits
>> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
>> cpu0 at mainbus0: apid 0 (boot processor)
>> cpu0: Intel(R) Xeon(R) CP

Re: Slow disk IO HP DL120 G5 with LSI1068E

[Evgeniy Sudyr]

Did it, but looks something wrong:

1. scsi -f /dev/rsd0c -m 8 -P 3 -e
2. Opened vi where I edited WCE: 0 to 1 and and saved file
3. Message appears:

/var/tmp/scrvzvir1o: 2 lines, 16 characters.
SCIOCCOMMAND ioctl: Command accepted.
return status 3 (Sense Returned) host adapter status 2
Command out (6 of 6):
15 01 00 00 18 00

Data out (0 of 24):

Error code is "current errors"
Segment number is 00
Sense key is "Illegal request"
The Information field is not valid but contains  (0).
The Command Specific Information field is  (0).
Additional sense code: 24
Additional sense code qualifier: 00
sense (32 of 48):
70 00 05 00 00 00 00 0a 00 00 00 00 24 00 00 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00



On Tue, Aug 31, 2010 at 9:24 PM, Marco Peereboom  wrote:
> Something like:
>
> # scsi -f /dev/rsd0c -m 8
>
> change WCE: 0 to WCE: 1
>
> On Tue, Aug 31, 2010 at 08:20:18PM +0300, Evgeniy Sudyr wrote:
>> Marco,
>>
>> thank you for your super fast answer!
>>
>> As I understood you told that I need to delete raid logical disk, and
>> use two separate disks.
>>
>> I did it and I'm installing OpenBSD on first disk right now.
>>
>> I have question for you - how should I "enable write cache on them
>> using scsi" ?
>>
>> --
>> Thanks!
>>
>>
>>
>> On Tue, Aug 31, 2010 at 7:00 PM, Marco Peereboom 
wrote:
>> > Your disks have write cache disabled. B I started on a diff but hit a
>> > roadblock and didn't get back to figuring this out. B Currently the only
>> > way to "fix" this is to undo the raid volume and let the actual physical
>> > disks show up. B Then enable write cache on them using scsi. B Not
really
>> > something for the faint hearted. B At some point I'll go spend some time
>> > to figure this out but not anytime soon :-(
>> >
>> > On Tue, Aug 31, 2010 at 06:52:44PM +0300, Evgeniy Sudyr wrote:
>> >> I have troubles with on OpenBSD 4.7 with HP DL 120 G5
>> >>
>> >> Actually I'm trying to unpack src.tar.gz and see that it's very slow.
>> >>
>> >> There is my systat during unpacking and dmesg for the server
>> >>
>> >> B systat
>> >>
>> >> B B B 2 users B B B Load 2.77 2.48 2.17 B B B B B B B B B B B B B B B
B B B B B B Tue
>> Aug 31 19:46:02 2010
>> >>
>> >> B B B B B B B B B B B B memory totals (in KB) B B B B B B B B B B B
PAGING B B SWAPPING
>> B B B B Interrupts
>> >> B B B B B B B B B B B real B B virtual B B B B free B B B B B B B B B
B in B out B B in
>> B out B B B B B 568 total
>> >> Active B B B 13212 B B B B 13212 B 3281736 B B ops B B B B B B B B B B B
B B B B B B
>> B B B B B B B B B 400 clock
>> >> All B B B B B 410024 B B B 410024 B 7342468 B B pages B B B B B B B B B
B B B B B B
>> B B B B B B B B B B 79 ipi
>> >> B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B
B B B B B B B B B B B B B B
>> B B B B B B B B B B B B B B B B B B B 88 mpi0
>> >> Proc:r B d B s B w B B B Csw B B Trp B B Sys B B Int B B Sof B Flt B B B
B B
>> forks B B B B B B 1 em0
>> >> B B B B B B B B 2 B 6 B B B B B B 164 B B B B 1 B B 258 B B B 89 B B 100
B B B 9 B B B
>> B B fkppw B B B B B B B B uhci3
>> >> B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B
B B B B B B B B B B B B B B
>> B B B B B B B B fksvm B B B B B B B B ehci1
>> >> B B B 0.0%Int B B 0.1%Sys B B 0.2%Usr B B 0.0%Nic B 99.7%Idle B B B B B
B pwait
>> >> | B B B | B B B | B B B | B B B | B B B | B B B | B B B | B B B | B B B
| B B B | B
>> B B B B relck
>> >> B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B
B B B B B B B B B B B B B B
>> B B B B B B B B rlkok
>> >> B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B
B B B B B B B B B B B B B B
>> B B B B B B B B noram
>> >> Namei B B B B B B B B Sys-cache B B B Proc-cache B B B No-cache B B B
B B B B
>> ndcpy
>> >> B B B B Calls B B B B hits B B B % B B B hits B B B B % B B B miss B B %
B B B B B B B
>> fltcp
>> >> B B B B B B 881 B B B B B 742 B B 84 B B B B B B 4 B B B B 0 B B B B 135
B 15 B B B B B
>> B B zfod
>> >> B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B
B B B B B B B B B B B B B B
>> B B B B B B B B cow
>> >> Disks B B sd0 B B B B B B B B B B B B B B B B B B B B B B B B B B B B B
B B B B B B B B B B
>> 30764 fmin
>> >> seeks B B B B B B B B B B B B B B B B B B B B B B B B B B B B B B

Re: Slow disk IO HP DL120 G5 with LSI1068E

[Evgeniy Sudyr]

Guys,

I have no battery backed cache. I even don`t need it for current
configuration.

Why controller's cache matters if current write speed is 0.5 Mb/sec ?
In windows (prior installation OBSD) I noted ~ 80 MB/sec write speed
on same configuration.

My current test (after deleting array and installing on single SATA disk):

# dd if=/dev/zero of=/tmp/test bs=1 count=1000
1000+0 records in
1000+0 records out
1000 bytes transferred in 17.020 secs (587515 bytes/sec)

Ivan:
my controller is not HP SmartArray but LSI, not sure that HP
SmartStart supports it, but I will try it :)

---
Thanks!


On Tue, Aug 31, 2010 at 9:30 PM, Ivan Nudzik  wrote:
> Download "Smart Start" CD from HP site. Boot this CD and configure SCSI
> adapter an RAID settings. There is far more options to configure, than
> from SCSI adapter BIOS. Btw if you have battery backed cache, you can
> switch on write cache. You should also download and boot "Firmware
> CD"...
>
> I.
>
> On Tue, 2010-08-31 at 18:52 +0300, Evgeniy Sudyr wrote:
>
>> I have troubles with on OpenBSD 4.7 with HP DL 120 G5
>>
>> Actually I'm trying to unpack src.tar.gz and see that it's very slow.
>>
>> There is my systat during unpacking and dmesg for the server
>>
>> B systat
>>
>> B  B 2 users B  B Load 2.77 2.48 2.17 B  B  B  B  B  B  B  B  B  B  B Tue
Aug 31 19:46:02 2010
>>
>> B  B  B  B  B  B  memory totals (in KB) B  B  B  B  B  B PAGING B  SWAPPING
B  B  Interrupts
>> B  B  B  B  B  B real B  virtual B  B  free B  B  B  B  B  in B out B  in
B out B  B  B 568 total
>> Active B  B 13212 B  B  13212 B 3281736 B  ops B  B  B  B  B  B  B  B  B 
B  B  B  B  B 400 clock
>> All B  B  B 410024 B  B 410024 B 7342468 B  pages B  B  B  B  B  B  B  B 
B  B  B  B  B  79 ipi
>> B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B  B  B  B  B  B  B  B  B  B 88 mpi0
>> Proc:r B d B s B w B  B Csw B  Trp B  Sys B  Int B  Sof B Flt B  B  B 
forks B  B  B  1 em0
>> B  B  B  B  2 B 6 B  B  B  164 B  B  1 B  258 B  B 89 B  100 B  B 9 B  B 
B  fkppw B  B  B  B  uhci3
>> B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B  B  B  B  fksvm B  B  B  B  ehci1
>> B  B 0.0%Int B  0.1%Sys B  0.2%Usr B  0.0%Nic B 99.7%Idle B  B  B  pwait
>> | B  B | B  B | B  B | B  B | B  B | B  B | B  B | B  B | B  B | B  B | B 
B  B  relck
>> B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B  B  B  B  rlkok
>> B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B  B  B  B  noram
>> Namei B  B  B  B  Sys-cache B  B Proc-cache B  B No-cache B  B  B  B 
ndcpy
>> B  B  Calls B  B  hits B  B % B  B hits B  B  % B  B miss B  % B  B  B  B 
fltcp
>> B  B  B  881 B  B  B 742 B  84 B  B  B  4 B  B  0 B  B  135 B 15 B  B  B 
B  zfod
>> B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B  B  B  B  cow
>> Disks B  sd0 B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
30764 fmin
>> seeks B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
41018 ftarg
>> xfers B  B 88 B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B  B  B  itarg
>> speed B 761K B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B 49 wired
>> B  sec B  1.0 B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B  B  B  pdfre
>> B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B  B  B  B  pdscn
>> B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B  B  B  B  pzidle
>> B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B  B 
B  B  B 15 kmapent
>>
>> B dmesg
>>
>> OpenBSD 4.7 (GENERIC.MP) #130: Wed Mar 17 20:48:50 MDT 2010
>> B  B  dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>> real mem = 3889758208 (3709MB)
>> avail mem = 3780005888 (3604MB)
>> mainbus0 at root
>> bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xdc010 (43 entries)
>> bios0: vendor HP version "O22" date 10/09/2009
>> bios0: HP ProLiant DL120 G5
>> acpi0 at bios0: rev 2
>> acpi0: tables DSDT FACP SPMI EINJ HEST BERT SSDT ERST MCFG APIC BOOT
>> SPCR SSDT SSDT SSDT
>> acpi0: wakeup devices USB4(S3) USB5(S3) USB7(S3) ESB2(S4) EXP1(S4)
>> EXP2(S4) EXP3(S4) EXP4(S4) EXP5(S4) EXP6(S4) USB1(S3) USB2(S3)
>> USB3(S3) USB6(S3) ESB1(S3) PCIB(S3) PWRB(S3)
>> acpitimer0 at acpi0: 3579545 Hz, 24 bits
>> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
>> cpu0 at mainbus0: apid 0 (boot processor)
>> cpu0: Intel(R) Xeon(R) CPU X3210 @ 2.13GHz, 2133.65 MHz
>> cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,P

Re: pf redirect problem

[Evgeniy Sudyr]

Timothy,

I don't see where is you pass rules for redirected traffic on for both
external and internal (if you don`t skip it) interfaces ?

You have to add these pass rules to pf, it's pretty straightforward.

--
Thanks!
Evgeniy Sudyr


>pass in on $ext_nic proto tcp from any to 192.168.1.227 port ssh queue ssh
>pass in on $ext_nic proto tcp from any to 192.168.1.227 port www queue www


On Fri, Sep 3, 2010 at 1:12 AM, Timothy Beyer 
wrote:
> Here's some log output. B I forgot to note this is on OpenBSD 4.2. B The
first
> entry is a successful connection to one of the working redirects.
B Connection
> attempts to the redirect I'm trying to add don't show up in the log even
after
> adding a log directive in the filter rules.
>
> -T
>
>
> B tcpdump: listening on pflog0, link-type PFLOG
> Sep 02 15:00:13.263016 rule 24/(match) pass in on fxp0: 75.xxx.xxx.209.51635
>
> 192.168.1.16.22: [|tcp] (DF)
> Sep 02 15:00:14.783786 rule 0/(match) block in on fxp0:
208.xxx.xxx.236.32780
>> 38.xxx.xxx.206.53:[|domain]
> Sep 02 15:00:15.529433 rule 0/(match) block in on fxp0:
208.xxx.xxx.236.32780
>> 38.xxx.xxx.206.53:[|domain]
> Sep 02 15:00:16.279410 rule 0/(match) block in on fxp0:
208.xxx.xxx.236.32780
>> 38.xxx.xxx.206.53:[|domain]
> Sep 02 15:00:17.779913 rule 0/(match) block in on fxp0:
208.xxx.xxx.236.32780
>> 38.xxx.xxx.206.53:[|domain]
> Sep 02 15:00:18.529400 rule 0/(match) block in on fxp0:
208.xxx.xxx.236.32780
>> 38.xxx.xxx.206.53:[|domain]
> Sep 02 15:00:19.279498 rule 0/(match) block in on fxp0:
208.xxx.xxx.236.32780
>> 38.xxx.xxx.206.53:[|domain]
> Sep 02 15:00:20.780050 rule 0/(match) block in on fxp0: 208.xxx.xxx.236 >
> 38.xxx.xxx.206: icmp: echo request
> Sep 02 15:00:21.529443 rule 0/(match) block in on fxp0: 208.xxx.xxx.236 >
> 38.xxx.xxx.206: icmp: echo request
> Sep 02 15:00:22.28 rule 0/(match) block in on fxp0: 208.xxx.xxx.236 >
> 38.xxx.xxx.206: icmp: echo request
> 
> From: sven falempin [sven.falem...@gmail.com]
> Sent: Thursday, September 02, 2010 2:05 PM
> To: Timothy Beyer
> Cc: misc@openbsd.org
> Subject: Re: pf redirect problem
>
> tcpdump on pflog will probably help (see the FAQ)
>
> 2010/9/2 Timothy Beyer
> mailto:timot...@titaniumant.com>>
> Hello,
>
> I'm having trouble setting up a redirect rule and I'm not sure where I'm
> going
> wrong. B My redirect line and filter rules look like:
>
> rdr on $ext_nic proto tcp from any to 38.xxx.xxx.213 -> 192.168.1.227
> pass in on $ext_nic proto tcp from any to 192.168.1.227 port ssh queue ssh
> pass in on $ext_nic proto tcp from any to 192.168.1.227 port www queue www
>
> The output of 'pfctl -s nat' is:
>
> nat on fxp0 inet from 192.168.1.0/24<http://192.168.1.0/24> to any ->
> 38.xxx.xxx.206
> nat on fxp0 inet from 192.168.2.0/24<http://192.168.2.0/24> to any ->
> 38.xxx.xxx.207
> nat on fxp0 inet from 192.168.3.0/24<http://192.168.3.0/24> to any ->
> 38.xxx.xxx.208
> nat on dc3 inet from 192.168.1.0/24<http://192.168.1.0/24> to any ->
> 192.168.10.156
> nat on fxp0 inet from 192.168.10.15 to any -> 38.xxx.xxx.206
> rdr on fxp0 inet proto tcp from any to 38.xxx.xxx.209 -> 192.168.1.16
> rdr on fxp0 inet proto tcp from any to 38.xxx.xxx.210 -> 192.168.1.21
> rdr on fxp0 inet proto tcp from any to 38.xxx.xxx.212 -> 192.168.1.12
> rdr on fxp0 inet proto tcp from any to 38.xxx.xxx.211 -> 192.168.1.24
> rdr on fxp0 inet proto tcp from any to 38.xxx.xxx.213 -> 192.168.1.227
>
> All of the other redirects are working. B I see my filter rule in the
output
> from 'pfctl -s rules' but I can't connect via ssh from an external network
> after reloading pf.conf. B Any insight would be very much appreciated.
B I've
> posted my full conf at http://pastebin.com/TZa0WzE0 if needed.
>
> Thanks,
>
> Tim
>
>
>
>
> --
> B No doubt it is one of the functions of art to replace religious faith by
the
> effective ingredient of beauty. At least beauty must have the power of a
poem,
> that is to say of a crime .
>
>



--
--
With regards,
Eugene Sudyr

Re: Mobile VPN

[Evgeniy Sudyr]

I was able to get it working with 4.6/4.7 and E60/E65/E52 it works as
expected :)

Nokia VPN config tool will save hours instead trial by error.

On Fri, Oct 1, 2010 at 10:29 PM, Claudiu Pruna  wrote:

> On Fri, 2010-10-01 at 21:19 +0200, David Coppa wrote:
> > On Fri, Oct 1, 2010 at 9:11 PM, Claudiu Pruna 
> wrote:
> > >I was wondering has anyone got an S60 mobile phone to connect to
> > > OpenBSD Ipsec ?
> > >
> > >I did some tryies, but no luck.
> >
> > Maybe this is of some use:
> >
> > http://betabug.ch/wiki/VPNNotes
> >
> > I'm sorry, but I have no personal experiences with "mobile vpns"...
> >
> > cheers,
> > david
>
> thanks a lot, sounds very interesting, I will test it and see what
> happens ;)
>
> --
> Claudiu Pruna 
>
>


-- 
--
With regards,
Eugene Sudyr

IPSEC with lo interface

[Evgeniy Sudyr]

Guys, I have problem with IPSEC tunnel on OpenBSD 4.7-stable

I have ipsec vpn tunnel established between my gateway (default and
only one gateway for my internal network) and other ipsec peer.

I need allow clients from my internal network access to peer's
internal host (ZZZ.ZZZ.ZZZ.ZZZ) and use my lo1 IP address (using NAT)
and I have to use same outgoing IP for all clients, so I decided to
use NAT on loopback interface.

1) First question -is it good idea to use this configuration for this goal?


That's net to net tunnel, where my side network is lo1 interface network.

I'm able to connect from gateway host to remote network host, but not
from my local network :(

My configuration:

# sysctl -a | grep ip.forward
net.inet.ip.forwarding=1


# cat /etc/hostname.em0
inet XXX.XXX.XXX.XXX 255.255.255.224 description "External interface"

# cat /etc/hostname.lo1
inet 172.16.95.1 255.255.255.252 172.16.95.3 description "Loop back
interface"

# cat /etc/hostname.bge0
inet 192.168.0.1 255.255.255.0 description "Internal interface"

# ifconfig -a
lo0: flags=8149 mtu 33160
B B B B B B B  priority: 0
B B B B B B B  groups: lo
B B B B B B B  inet 127.0.0.1 netmask 0xff00
B B B B B B B  inet6 ::1 prefixlen 128
B B B B B B B  inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
em0: flags=8843 mtu 1500
B B B B B B B  lladdr 00:18:71:ec:e2:27
B B B B B B B  priority: 0
B B B B B B B  groups: egress
B B B B B B B  media: Ethernet autoselect (1000baseT full-duplex)
B B B B B B B  status: active
B B B B B B B  inet XXX.XXX.XXX.XXX netmask 0xffe0 broadcast
XXX.XXX.XXX.31
B B B B B B B  inet6 fe80::218:71ff:feec:e227%em0 prefixlen 64 scopeid 0x1
bge0: flags=8843 mtu 1500
B B B B B B B  lladdr 00:23:7d:aa:36:fe
B B B B B B B  priority: 0
B B B B B B B  media: Ethernet autoselect (1000baseT full-duplex)
B B B B B B B  status: active
B B B B B B B  inet 192.168.0.1 netmask 0xff00 broadcast 192.168.0.255
B B B B B B B  inet6 fe80::223:7dff:feaa:36fe%bge0 prefixlen 64 scopeid 0x2
enc0: flags=141 mtu 1536
B B B B B B B  priority: 0
lo1: flags=a149 mtu 1300
B B B B B B B  priority: 0
B B B B B B B  groups: lo
B B B B B B B  inet 172.16.95.1 netmask 0xfffc
pflog0: flags=141 mtu 33160
B B B B B B B  priority: 0
B B B B B B B  groups: pflog

# cat /etc/ipsec.conf
ike esp from 172.16.95.0/30 to ZZZ.ZZZ.ZZZ.ZZZ local XXX.XXX.XXX.XXX
peer YYY.YYY.YYY.YYY \
B B B B B B B  main auth hmac-sha1 enc 3des group modp1024 \
B B B B B B B  quick auth hmac-sha1 enc 3des group modp1024 \
B B B B B B B  psk "supersecret"

# ipsecctl -sa
FLOWS:

flow esp in from ZZZ.ZZZ.ZZZ.ZZZ to 172.16.95.1 peer YYY.YYY.YYY.YYY
srcid XXX.XXX.XXX.XXX/32 dstid YYY.YYY.YYY.YYY/32 type use
flow esp out from 172.16.95.1 to ZZZ.ZZZ.ZZZ.ZZZ peer YYY.YYY.YYY.YYY
srcid XXX.XXX.XXX.XXX/32 dstid YYY.YYY.YYY.YYY/32 type require

SAD:
esp tunnel from YYY.YYY.YYY.YYY to XXX.XXX.XXX.XXX spi 0xaef8f550 auth
hmac-sha1 enc 3des-cbc
esp tunnel from XXX.XXX.XXX.XXX to YYY.YYY.YYY.YYY spi 0xcacc183a auth
hmac-sha1 enc 3des-cbc


I'm able to connect to host in peer's network with telnet from gateway
using telnet:

# telnet -bB  172.16.95.1 ZZZ.ZZZ.ZZZ.ZZZ 1
Connected to ZZZ.ZZZ.ZZZ.ZZZ.
Escape character is '^]'.

# tcpdump -nei enc0
tcpdump: listening on enc0, link-type ENC
tcpdump: WARNING: compensating for unaligned libpcap packets
20:03:39.044938 (authentic,confidential): SPI 0x42be43c2:
172.16.95.1.23975 > YYY.YYY.YYY.YYY.1: S 976012868:976012868(0)
win 16384  (DF) [tos 0x10] (encap)
20:03:39.078097 (authentic,confidential): SPI 0x2b35c0b5:
YYY.YYY.YYY.YYY.1 > 172.16.95.1.23975: S 2500928027:2500928027(0)
ack 976012869 win 49248  (DF) (encap)
20:03:39.078121 (authentic,confidential): SPI 0x42be43c2:
172.16.95.1.23975 > YYY.YYY.YYY.YYY.1: . ack 1 win 16384
 (DF) [tos 0x10] (encap)


 netstat 

# netstat -rn -f encap
Routing tables

Encap:
Source Port  DestinationPort  Proto
SA(Address/Proto/Type/Direction)
ZZZ.ZZZ.ZZZ.ZZZ/32  0 172.16.95.1/32 0 0
YYY.YYY.YYY.YYY/esp/use/in
172.16.95.1/32 0 ZZZ.ZZZ.ZZZ.ZZZ/32  0 0
YYY.YYY.YYY.YYY/esp/require/out

=== My PF rules: ===

# cat /etc/pf.conf

set skip on {enc0, lo0}

# default rule
block log all

# nat
match out on lo1 inet proto tcp from 192.168.0.0/24 to ZZZ.ZZZ.ZZZ.ZZZ
port 1 nat-to 172.16.95.1

# internal interface
pass on bge0

# loobpack interface
pass on lo1

# ipsec
pass in on em0 inet proto esp from YYY.YYY.YYY.YYY to XXX.XXX.XXX.XXX
pass in on em0 inet proto udp from YYY.YYY.YYY.YYY to XXX.XXX.XXX.XXX port
500
pass out on em0 inet proto esp from XXX.XXX.XXX.XXX to YYY.YYY.YYY.YYY
pass out on em0 inet proto udp from XXX.XXX.XXX.XXX to YYY.YYY.YYY.YYY port
500


# ipsec tunnel was started with :)
isakmpd -K
ipsecctl -f /etc/ipsec.conf


Finally when I'm trying to access same host with telnet from my client
machine in internal network:

# traceroute ZZZ.ZZZ.ZZZ.ZZZ
traceroute to 193.254.169.51 (193.254.169.51), 64 hops max, 40 byte packets
 1  192.168.0.1

IPSEC with lo interface (copy)

[Evgeniy Sudyr]

Guys, I have problem with IPSEC tunnel on OpenBSD 4.7-stable

I have ipsec vpn tunnel established between my gateway (default and
only one gateway for my internal network) and other ipsec peer.

I need allow clients from my internal network access to peer's
internal host (ZZZ.ZZZ.ZZZ.ZZZ) and use my lo1 IP address (using NAT)
and I have to use same outgoing IP for all clients, so I decided to
use NAT on loopback interface.

1) First question -is it good idea to use this configuration for this goal?


That's net to net tunnel, where my side network is lo1 interface network.

I'm able to connect from gateway host to remote network host, but not
from my local network :(

My configuration:

# sysctl -a | grep ip.forward
net.inet.ip.forwarding=1


# cat /etc/hostname.em0
inet XXX.XXX.XXX.XXX 255.255.255.224 description "External interface"

# cat /etc/hostname.lo1
inet 172.16.95.1 255.255.255.252 172.16.95.3 description "Loop back interface"

# cat /etc/hostname.bge0
inet 192.168.0.1 255.255.255.0 description "Internal interface"

# ifconfig -a
lo0: flags=8149 mtu 33160
priority: 0
groups: lo
inet 127.0.0.1 netmask 0xff00
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
em0: flags=8843 mtu 1500
lladdr 00:18:71:ec:e2:27
priority: 0
groups: egress
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet XXX.XXX.XXX.XXX netmask 0xffe0 broadcast XXX.XXX.XXX.31
inet6 fe80::218:71ff:feec:e227%em0 prefixlen 64 scopeid 0x1
bge0: flags=8843 mtu 1500
lladdr 00:23:7d:aa:36:fe
priority: 0
media: Ethernet autoselect (1000baseT full-duplex)
status: active
inet 192.168.0.1 netmask 0xff00 broadcast 192.168.0.255
inet6 fe80::223:7dff:feaa:36fe%bge0 prefixlen 64 scopeid 0x2
enc0: flags=141 mtu 1536
priority: 0
lo1: flags=a149 mtu 1300
priority: 0
groups: lo
inet 172.16.95.1 netmask 0xfffc
pflog0: flags=141 mtu 33160
priority: 0
groups: pflog

# cat /etc/ipsec.conf
ike esp from 172.16.95.0/30 to ZZZ.ZZZ.ZZZ.ZZZ local XXX.XXX.XXX.XXX
peer YYY.YYY.YYY.YYY \
main auth hmac-sha1 enc 3des group modp1024 \
quick auth hmac-sha1 enc 3des group modp1024 \
psk "supersecret"

# ipsecctl -sa
FLOWS:

flow esp in from ZZZ.ZZZ.ZZZ.ZZZ to 172.16.95.1 peer YYY.YYY.YYY.YYY
srcid XXX.XXX.XXX.XXX/32 dstid YYY.YYY.YYY.YYY/32 type use
flow esp out from 172.16.95.1 to ZZZ.ZZZ.ZZZ.ZZZ peer YYY.YYY.YYY.YYY
srcid XXX.XXX.XXX.XXX/32 dstid YYY.YYY.YYY.YYY/32 type require

SAD:
esp tunnel from YYY.YYY.YYY.YYY to XXX.XXX.XXX.XXX spi 0xaef8f550 auth
hmac-sha1 enc 3des-cbc
esp tunnel from XXX.XXX.XXX.XXX to YYY.YYY.YYY.YYY spi 0xcacc183a auth
hmac-sha1 enc 3des-cbc


I'm able to connect to host in peer's network with telnet from gateway
using telnet:

# telnet -b  172.16.95.1 ZZZ.ZZZ.ZZZ.ZZZ 1
Connected to ZZZ.ZZZ.ZZZ.ZZZ.
Escape character is '^]'.

# tcpdump -nei enc0
tcpdump: listening on enc0, link-type ENC
tcpdump: WARNING: compensating for unaligned libpcap packets
20:03:39.044938 (authentic,confidential): SPI 0x42be43c2:
172.16.95.1.23975 > YYY.YYY.YYY.YYY.1: S 976012868:976012868(0)
win 16384  (DF) [tos 0x10] (encap)
20:03:39.078097 (authentic,confidential): SPI 0x2b35c0b5:
YYY.YYY.YYY.YYY.1 > 172.16.95.1.23975: S 2500928027:2500928027(0)
ack 976012869 win 49248  (DF) (encap)
20:03:39.078121 (authentic,confidential): SPI 0x42be43c2:
172.16.95.1.23975 > YYY.YYY.YYY.YYY.1: . ack 1 win 16384
 (DF) [tos 0x10] (encap)


 netstat 

# netstat -rn -f encap
Routing tables

Encap:
Source Port  DestinationPort  Proto
SA(Address/Proto/Type/Direction)
ZZZ.ZZZ.ZZZ.ZZZ/32  0 172.16.95.1/32 0 0
YYY.YYY.YYY.YYY/esp/use/in
172.16.95.1/32 0 ZZZ.ZZZ.ZZZ.ZZZ/32  0 0
YYY.YYY.YYY.YYY/esp/require/out

=== My PF rules: ===

# cat /etc/pf.conf

set skip on {enc0, lo0}

# default rule
block log all

# nat
match out on lo1 inet proto tcp from 192.168.0.0/24 to ZZZ.ZZZ.ZZZ.ZZZ
port 1 nat-to 172.16.95.1

# internal interface
pass on bge0

# loobpack interface
pass on lo1

# ipsec
pass in on em0 inet proto esp from YYY.YYY.YYY.YYY to XXX.XXX.XXX.XXX
pass in on em0 inet proto udp from YYY.YYY.YYY.YYY to XXX.XXX.XXX.XXX port 500
pass out on em0 inet proto esp from XXX.XXX.XXX.XXX to YYY.YYY.YYY.YYY
pass out on em0 inet proto udp from XXX.XXX.XXX.XXX to YYY.YYY.YYY.YYY port 500


# ipsec tunnel was started with :)
isakmpd -K
ipsecctl -f /etc/ipsec.conf


Finally when I'm trying to access same host with telnet from my client
machine in internal network:

# traceroute ZZZ.ZZZ.ZZZ.ZZZ
traceroute to 193.254.169.51 (193.254.169.51), 64 hops max, 40 byte packets
 1  192.168.0.1 (192.168.0.1)  0.292 ms  0.227 ms  0.239 ms

# traceroute 172.16.95.1
traceroute to 172.16.95.1 (172.16.95.1), 64 hops max, 40 byte packets
 1  172.16.95.1 (172.16.95.1)  0.295 ms  0.226 ms

IPSEC with lo interface (copy)

[Evgeniy Sudyr]

Guys, I have problem with IPSEC tunnel on OpenBSD 4.7-stable

I have ipsec vpn tunnel established between my gateway (default and

only one gateway for my internal network) and other ipsec peer.

I need allow clients from my internal network access to peer's

internal host (ZZZ.ZZZ.ZZZ.ZZZ) and use my lo1 IP address (using NAT)

and I have to use same outgoing IP for all clients, so I decided to

use NAT on loopback interface.

1) First question -is it good idea to use this configuration for this goal?


That's net to net tunnel, where my side network is lo1 interface network.

I'm able to connect from gateway host to remote network host, but not

from my local network :(

My configuration:
http://pastebin.ca/1957804

2) Can someone point me what's wrong with this configuration why from
local network traffic not goes to tunnel ? As I see there is little
misconfiguration and I spent much time, googled and re-read mail
archived for hours to find it, but no luck :(

Man ipsec.conf and FAQ don't helped me B :(

--
With regards,
Eugene Sudyr

Re: Sniffer detector for OpenBSD

[Evgeniy Sudyr]

Check list of companies which provides support there
http://openbsd.org/support.html

On Wed, Jan 26, 2011 at 5:37 PM, Orestes Leal R.
 wrote:
> the only isp in cuba it's named etecsa, here there is no such things like
> multiples isps,
> conections are slow (from 3kilobytes/s to 60kilobytes/s in the better cases
> and rarely)
> conections are expensive, I have internet through my employer and therefore
> my employer
> pays to etecsa for the link.
>
>> como tienes acceso a internet en cuba? yo soy de venezuela btw
>>
>> quisiera saber como functiona todo eso en cuba con los isp's, etc.
>>
>> On Mon, Jan 24, 2011 at 3:31 PM, Orestes Leal R.
>>  wrote:
>>>
>>> Actually I understand everything friend don't worry, TODO BIEN!
>>> Here in Cuba almost no one uses openbsd.
>>>
>>> Thanks a lot,
>>> LeaL
>>>
>>>
 I realize after I sent the note that my Spanish was completely screwed.
 My apologies.
 Here.
 Is there anyone close to you that uses openbsd or anyone you know in a
 neighboring country?
 I referenced Mexico and Colombia because help from native speakers may
 be
 more efficient.

 --- On Mon, 1/24/11, Super Biscuit  wrote:

 From: Super Biscuit 
 Subject: Re: Sniffer detector for OpenBSD
 To: "Orestes Leal R." 
 Cc: "misc@openbsd.org" 
 Date: Monday, January 24, 2011, 5:22 PM

 Try http://openports.se

 Use sniff and sniffer as the search queries.

 No hay nadie acerca de usted que esta usando OpenBSD. Disculpa mi pobre
 Castiliano.
 Talvez son gente en Mexico o Colombia.

 Ja tente, and use the search above.



 --- On Mon, 1/24/11, Orestes Leal R. 
 wrote:

 From: Orestes Leal R. 
 Subject: Sniffer detector for OpenBSD
 To: "misc@openbsd.org" 
 Date: Monday, January 24, 2011, 5:47 PM

 I've searching an sniffer detector for a LAN in OpenBSD unsucessfully,
 but found Sniffdet (outdated) and doesn't compile on
 OpenBSD4.8 and in all packages I dont know if there is one, any
 suggestions
 about this?

 I need to detect sniffers on my network possibly from Linux or or
 Windows
 Machines.



>>>
>>>
>>> --
>>> Using Opera's revolutionary email client: http://www.opera.com/mail/
>>>
>>>
>>
>>
>
>
> --
> Using Opera's revolutionary email client: http://www.opera.com/mail/
>
>



-- 
--
With regards,
Eugene Sudyr

IPv6 router with static addresses assignment not works

[Evgeniy Sudyr]

Hi all:

I have problem with my ipv6 router (two NICs) running on 4.8. I have
external IP address /64 and routed by ISP /48 network through that IP.
I want to use static addressing in my internal network, so I've choose
one /64 subnet in my /48 network and assigned xx::1 to my internal
router and assigned xx::2 IP and xx::1 to client host in my internal
network.

1) I'm able to ping client host from router and vice versa.
2) Firewall permitting icmp6 and not blocks packets (I'm logging
blocked packets and checked with tcpdump on pflog0).
3) I'm able to reach external IPv6 hosts from router and I'm able to
ping router from remote ipv6 hosts. problem is that
4) I can't reach external hosts from my client host xx::2 (or any
other IP).  I don't see requests on router's internal interface, but
see it with tcpdump on client host.
5) When I'm trying to ping client host from external host I see on
client host that packets reach client host and sends response but that
responses not reach xx::1. Ipv6 forwarding is enabled 100%.

Does anybody have clue why it not works?

Magic happens when I'm starting rtadvd re0 -c /etc/rtadvd.conf (where
I have same network specified) - then it works :).

My NIC is re0 at pci1 dev 0 function 0 "D-Link DGE-528T" rev 0x10:
RTL8169/8110SB (0x1000), apic 2 int 20 (irq 12), address
00:1e:58:2b:f3:d8
rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 3

# sysctl -a | grep inet6
net.inet6.ip6.forwarding=1
net.inet6.ip6.redirect=1
net.inet6.ip6.hlim=64
net.inet6.ip6.mrtproto=103
net.inet6.ip6.maxfragpackets=200
net.inet6.ip6.accept_rtadv=0
net.inet6.ip6.keepfaith=1
net.inet6.ip6.log_interval=5
net.inet6.ip6.hdrnestlimit=10
net.inet6.ip6.dad_count=1
net.inet6.ip6.auto_flowlabel=1
net.inet6.ip6.defmcasthlim=1
net.inet6.ip6.kame_version=OpenBSD-current
net.inet6.ip6.use_deprecated=1
net.inet6.ip6.rr_prune=5
net.inet6.ip6.v6only=1
net.inet6.ip6.maxfrags=200
net.inet6.ip6.mforwarding=0
net.inet6.ip6.multipath=0
net.inet6.ip6.multicast_mtudisc=0
net.inet6.ip6.neighborgcthresh=2048
net.inet6.ip6.maxifprefixes=16
net.inet6.ip6.maxifdefrouters=16
net.inet6.ip6.maxdynroutes=4096
net.inet6.ip6.dad_pending=0
net.inet6.icmp6.rediraccept=1
net.inet6.icmp6.redirtimeout=600
net.inet6.icmp6.nd6_prune=1
net.inet6.icmp6.nd6_delay=5
net.inet6.icmp6.nd6_umaxtries=3
net.inet6.icmp6.nd6_mmaxtries=3
net.inet6.icmp6.nd6_useloopback=1
net.inet6.icmp6.nodeinfo=1
net.inet6.icmp6.errppslimit=100
net.inet6.icmp6.nd6_maxnudhint=0
net.inet6.icmp6.mtudisc_hiwat=1280
net.inet6.icmp6.mtudisc_lowat=256
net.inet6.icmp6.nd6_debug=0
net.inet6.divert.recvspace=65636
net.inet6.divert.sendspace=65636

# uname -a
OpenBSD gateway 4.8 GENERIC.MP#335 amd64



-- 
--
With regards,
Eugene Sudyr

Re: IPv6 router with static addresses assignment not works

[Evgeniy Sudyr]

Joakim,

I set default gateway and it's present in routes list :). I've sorted
out and solved problem!!!

Unfortunatelly all of my office clients are Windows OSes which are too
"USER FRIENDLY" and it added Site-local route automatically :)

I was wondered to see this:

C:\Users\Evgeniy.Sudyr>netsh int ipv6 show route

Publish  Type  Met  PrefixIdx  Gateway/Interface Name
---    ---    ---  
No   Manual256  ::/0   11  fe80::218:e7ff:fefc:4a20
No   Manual256::/0   11
2aaa::::1b:1::1

 Where 2aaa::::1b:1::1 is statically set IPv6 default
gateway and fe80::218:e7ff:fefc:4a20 as automatically assigned IP
address with the same metric (I've used defaults and don't played with
it before).

With tcpdump I figured that it uses fe80::218:e7ff:fefc:4a20 as
default gateway all the time.

Obviously solution was to change metric value to something lower which
will be used instead fe80 router which is local address :).

To change route metric just simply use netsh or GUI :)

netsh int ipv6 set route ::/0 11 2aaa::::1b:1::1 0 100 no


Hope this will be useful for somebody else.

OpenBSD rocks!




On Sat, Feb 5, 2011 at 12:15 AM, Joakim Aronius  wrote:
> * Evgeniy Sudyr (eject.in...@gmail.com) wrote:
>> Magic happens when I'm starting rtadvd re0 -c /etc/rtadvd.conf (where
>> I have same network specified) - then it works :).
>>
>
> Hi there Evgeniy,
>
> Problem is that when you statically configure the IP parameters you do not 
> set the default gateway so the client does not know where to send packets 
> outside the v6 LAN.
>
> In my machines I have a line like this in my hostname.if
> !/sbin/route add -inet6 default 2001:db8:cc17:5::1
>
> ..but now when I have a look it seems like since 4.8 it is supported to ad a 
> default gateway address to /etc/mygate in the same way as for IPv4. So if you 
> only have a default GW thats what you should do.
>
> /Joakim
>



-- 
--
With regards,
Eugene Sudyr