Best place for VM images
Hey friends, what is the best/recommended place to store the vmm images. In man 5 vm.conf is an example with /var/vmm/, is this the best location? Also if /var/vmm is its own partition, what would be the best mount options for it. I would assume nodev, nosuid are good. Any recommendations? Thanks and greetings Leo
Re: Best place for VM images
Hey, Hey friends, what is the best/recommended place to store the vmm images. In man 5 vm.conf is an example with/var/vmm/, is this the best location? Also if /var/vmm is its own partition, what would be the best mount options for it. I would assume nodev, nosuid are good. Any recommendations? Thanks and greetings Leo I've been putting mine in a dedicated partition. /var/vmm should probably be its own partition if used. nodev, nosuid are probably good choices there too. thank you for your answer. I am going to follow your advice here. Do you think this is something that should be put into the man page? I can imagine more people having this same question. Or do you think its to trivial and would just bloat up the man page? Thanks and greetings Leo
vmd: routing problem
Hey friends,
i am trying out vmd and I have a little problem getting networking going
inside the guest machine. I am not sure if this is a problem in vmd or
simply my misconfiguration.
From my datacenter i got the following data:
Main Server (OpenBSD GENERIC.MP#99 amd64)
#
IP: 144.76.102.204
Netmask: 255.255.255.224
Gateway: 144.76.102.193
Virtual Machine (OpenBSD GENERIC.MP#99 amd64)
#
I got an entire subnet from the datacenter. 136.243.186.160/29 So i
decided to use the following IP in it.
IP: 136.243.186.161
Netmask: 255.255.255.248
Gateway: 144.76.102.204
According to there documentation they always route all subnets on the
main IP. In my case 144.76.102.204.
On my host I configured the em0 interface according to the datacenter
data and it works fine. The host who runs vmd is connected correctly. In
my /etc/vm.conf i created a switch called "uplink" and added em0 to it.
When i check the current config via ifconfig i get the following.
em0: flags=8b43 mtu
1500
lladdr 90:1b:0e:8b:0f:34
description: hetzner-uplink
index 1 priority 0 llprio 3
groups: egress
media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
status: active
inet 144.76.102.204 netmask 0xffe0 broadcast 144.76.102.223
tap0: flags=8943 mtu 1500
lladdr fe:e1:ba:d0:7e:0a
description: vm1-if0-foobar
index 5 priority 0 llprio 3
groups: tap
status: active
bridge0: flags=41
description: switch1-uplink
index 7 llprio 3
groups: bridge
priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp
em0 flags=3
port 1 ifpriority 0 ifcost 0
tap0 flags=3
port 5 ifpriority 0 ifcost 0
Addresses (max cache: 100, timeout: 240):
0c:86:10:ed:35:58 em0 1 flags=0<>
My /etc/vm.conf looks like this:
switch "uplink" {
add em0
}
vm "foobar" {
memory 2G
disk "/tmp/1.vdi"
interface {
switch "uplink"
}
}
When i start the vm with my current /bsd.rd i start the installer and
insert the following:
Available network interfaces are: vio0 vlan0.
Which network interface do you wish to configure? (or 'done') [vio0]
IPv4 address for vio0? (or 'dhcp' or 'none') [dhcp] 136.243.186.161
Netmask for vio0? [255.255.255.248]
IPv6 address for vio0? (or 'autoconf' or 'none') [none]
Available network interfaces are: vio0 vlan0.
Which network interface do you wish to configure? (or 'done') [done]
Default IPv4 route? (IPv4 address or none) 144.76.102.204
add net default: gateway 144.76.102.204: Network is unreachable
Can you people see something that i might missed?
Big thanks in advance and greetings
Leo
Re: vmd: routing problem
Hey, On 07/20/17 06:25, Mike Larkin wrote: sysctl net.inet.ip.forwarding=1 ? I'm not a networking expert but I think your VM's subnet mask is wrong for the gateway you are trying to use. thank you for your response. I tryed it with net.inet.ip.forwarding being 1 and 0. Both don't work. About the subnet, thats what confuses me as well, but the data center tells me that it is correct. As far as i understand it they do some crazy stuff there with there IPv4 routing: https://wiki.hetzner.de/index.php/Zusaetzliche_IP-Adressen/en#Subnets Thanks and greetings Leo
Re: vmd: routing problem
Hey, On 07/20/17 13:05, Mischa Peters wrote: Can you ask them how they route the separate subnet to you? as far as i understand it they route the subnet on my main ip address. From there documentation: Newly assigned IPv4 subnets are statically routed on the main IP address of the server, so no gateway is required. I hope that answers your question. Thanks and greetings Leo
Re: vmd: routing problem
Hey, On 07/20/17 09:46, Denis Fondras wrote: Can you people see something that i might missed? The easy way would be enable forwarding, add a vether(4) on the host, bridge it with tap0 and configure it with an IP in the 136.243.186.160/29 subnet. Use that IP as the gateway in your VMs. i did a try where i did the following: 1: I enabled forwarding. 2: I added one IP from the 136.243.186.160/29 subnet as an alias to the main interface of the host 3: I added the main interface em0 and the by vmd created tap0 to a bridge0 4: I tryed to assign the same IP as the alias on em0 to the virtual machine. What would be the difference to your version where i use vether instead of an alias? Or did i missunderstand you? Thanks and greetings Leo
Re: after update imput/output error when I run terminal
Hey, On 07/31/17 06:57, Krzysztof Strzeszewski wrote: I update openbsd 6.1-current end is error. When I update, when I run terminal imput/output error on xfce. after upgrading to a clang snapshot you have to force pkg_add to reinstall all packages on your computer. pkg_add -D installed -uV This will do the trick. Greetings Leo
Re: the whole greylisting, spam filtering thing
Hey, On 09/29/17 15:06, Markus Rosjat wrote: my boss is getting on my nerves that greylisting is basically out of date because of things like outlook.com and mails ending up delayed for ever. So the next logical step would be to deploy a tool like rspamd or spamassasin to examin mail content. These tools need to be trained and if you have a small mailserver with less accounts this could take a while I imagine i assume that your boss is not an engineer and also not very familiar with how emails work. Greylisting it clearly NOT out of date at all. Greylisting simply makes use of stuff that is defined in the SMTP RFC. Every email server is allowed to temporary deny the delivery of an email and ask the sending server for another try. The problem in this case is clearly Microsoft who has no idea how email is supposed to work. You have two options here. A: Simply don't care about Microsoft and just send customers to a website where you describe the problem and tell them to contact Microsoft in order to fix there stuff. This works very well, my Company hosts around 2,3 Million mailboxes and we use Greylisting and customers are okay with it. B: You exclude the outlook.com outgoing servers from greylisting. Microsoft provides a list of IP addresses that they use for delivery: https://mail.live.com/mail/ipspace.aspx 65.54.190.0/26 65.54.190.64/26 65.54.190.128/26 65.54.190.192/26 65.55.116.0/26 65.55.111.64/26 65.55.116.64/26 65.55.111.128/26 65.55.34.0/26 65.55.34.64/26 65.55.34.128/26 65.55.34.192/26 65.55.90.0/26 65.55.90.64/26 65.55.90.128/26 65.55.90.192/26 65.54.51.64/26 65.54.61.64/26 207.46.66.0/28 157.55.0.192/26 157.55.1.128/26 157.55.2.0/26 157.55.2.64/26 Greetings Leo
Re: vmd: alpine-virt guest, clock synchronization issue
Hey, On 10/14/17 21:01, x9p wrote: While running Alpine-virt 3.6.2 VM guest under OpenBSD 6.1 host, i noticed the clock frequency is 2x slower on the guest machine. This can be a problem for applications that relies on accurate time. Even after sync clock with ntpd inside alpine-virt guest, it gets out-of-sync a few seconds later. I get on the guest about half the clock frequency of the host. i had the exact same problem and i fixed it by running the following command every minute. chronyd -q 'pool pool.ntp.org iburst' It's not a perfect solution, but it works fine. Greetings Leo
2 monitor with wsfb
Hello List, i have a new graphics card in my desktop. Its a AMD Radeon RX 480. As far as I understand the specs this is a polaris GPU. I used wsfb because the normal radeon driver does not work yet with this modern graphics card. I installed OpenBSD (6.3 GENERIC.MP#19 amd64) in the UEFI mode so that wsfb can use the wsdisplay framebuffer device. This works great. X runs great, Xfce works great, even watching Youtube videos works fine with wsfb. The only thing i did not manage to get working is my second monitor. It does not show up when i do xrandr --listmonitors. # xrandr --listmonitors xrandr: Failed to get size of gamma for output default Monitors: 1 0: +default 1920/508x1200/317+0+0 default As far as i understand the man 4 wsfb it states that "Multi-head configurations are supported". I asume that would also qualify for my second monitor, right? This here is my xorg.conf # cat /etc/X11/xorg.conf Section "Device" Identifier "default device" Driver "wsfb" EndSection Is there anything that i can add to my configuration so that i can use my second monitor? Thanks and greetings Leo OpenBSD 6.3-current (GENERIC.MP) #19: Tue May 1 08:26:20 MDT 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 17106407424 (16313MB) avail mem = 16579940352 (15811MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xea850 (59 entries) bios0: vendor American Megatrends Inc. version "1.90" date 09/20/2017 bios0: Micro-Star International Co., Ltd. MS-7A32 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT FIDT SSDT SSDT CRAT CDIT SSDT MCFG HPET SSDT UEFI IVRS SSDT SSDT acpi0: wakeup devices GPP0(S4) GPP1(S4) GPP2(S4) PTXH(S4) OBLW(S4) GPP3(S4) GPP4(S4) GPP5(S4) GPP6(S4) GPP7(S4) GPP8(S4) GPP9(S4) GPPA(S4) GPPB(S4) GPPC(S4) GPPD(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Ryzen 7 1700X Eight-Core Processor, 3400.51 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA cpu0: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 8-way L2 cache, 16MB 64b/line 16-way L3 cache cpu0: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD Ryzen 7 1700X Eight-Core Processor, 3399.99 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA cpu1: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 8-way L2 cache, 16MB 64b/line 16-way L3 cache cpu1: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: AMD Ryzen 7 1700X Eight-Core Processor, 3399.99 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA cpu2: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 8-way L2 cache, 16MB 64b/line 16-way L3 cache cpu2: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu2: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 3 (application processor) cpu3: AMD Ryzen 7 1700X Eight-Core Processor, 3399.99 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TCE,TOPEXT,CPCTR,
OpenBSD in qemu freezes randomly
Hi, i have searched the list archive and found some similar reports but none of them found a solution for the problem. (at least not the threads i have found) I run some OpenBSD 6.3 instances in a virtual environment. The host is some unknown Linux distribution with qemu on it. After the data center updated there kernels and also qemu my virtual OpenBSD instances startet to freeze randomly but almost always during login. They freeze up so hard that i cannot drop into a debugger or get any output whatsoever. There is not even a core dump, nothing. Just for testing purposes i installed a 6.2 as well and did syspatch on it just to see if the error happens there as well and it does. I have added a dmesg on the bottom of the email. I talked to the people at the datacenter and they confirmed that they did a Linux kernel update at the same time as the problems started. They send me a link to this bug report here from Arch. They say they don't use Arch, but the problem described here is exactly what i experienced as well: https://bugs.archlinux.org/task/55231 In this ticket someone commented the following: It looks like linux-4.12.8-1 is built with GCC: (GNU) 7.1.1 20170630, whereas linux-4.12.8-2 with GCC: (GNU) 7.2.0 (which apparently is still in testing) Could there be some sort of new optimization in GCC 7.2.0 that causes my OpenBSD instance to crash? I have looked around the misc@, tech@ archives and also on reddit. A lot of people seam to have this problem with there OpenBSD crashing after this quemu update. Is there something i could try in order to stabilize the servers? All servers are updated via syspatch and there is only one package installed on them: vim. The rest is as shipped in the sets. Thanks so much Leo OpenBSD 6.3 (GENERIC) #4: Sun Jun 17 11:09:51 CEST 2018 r...@syspatch-63-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC real mem = 2080227328 (1983MB) avail mem = 2010259456 (1917MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf68c0 (9 entries) bios0: vendor Hetzner version "2017" date 11/11/2017 bios0: Hetzner vServer acpi0 at bios0: rev 0 acpi0: sleep states S5 acpi0: tables DSDT FACP APIC HPET acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel Xeon Processor (Skylake, IBRS), 2100.29 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,AVX512F,AVX512DQ,RDSEED,ADX,SMAP,CLWB,AVX512CD,AVX512BW,AVX512VL,IBRS,IBPB,ARAT,XSAVEOPT,XSAVEC,XGETBV1,MELTDOWN cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 1000MHz ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins acpihpet0 at acpi0: 1 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpicpu0 at acpi0: C1(@1 halt!) "ACPI0006" at acpi0 not configured "PNP0A06" at acpi0 not configured "PNP0A06" at acpi0 not configured "PNP0A06" at acpi0 not configured "QEMU0002" at acpi0 not configured "ACPI0010" at acpi0 not configured pvbus0 at mainbus0: KVM pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02 pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00 pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility pciide0: channel 0 disabled (no drives) atapiscsi0 at pciide0 channel 1 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: ATAPI 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 uhci0 at pci0 dev 1 function 2 "Intel 82371SB USB" rev 0x01: apic 0 int 11 piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03: apic 0 int 9 iic0 at piixpm0 vga1 at pci0 dev 2 function 0 "Bochs VGA" rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Network" rev 0x00 vio0 at virtio0: address 96:00:00:07:a0:53 virtio0: msix shared virtio1 at pci0 dev 4 function 0 "Qumranet Virtio SCSI" rev 0x00 vioscsi0 at virtio1: qsize 128 scsibus2 at vioscsi0: 255 targets sd0 at scsibus2 targ 0 lun 0: SCSI3 0/direct fixed sd0: 19532MB, 512 bytes/sector, 40001536 sectors, thin virtio1: msix shared virtio2 at pci0 dev 5 function 0 "Qumranet Virtio Memory" rev 0x00 viomb0 at virtio2 virtio2: apic 0 int 10 virtio3 at pci0 dev 6 function
Re: OpenBSD in qemu freezes randomly
Hey, thank you very much for the link. I have forwarded it to the support staff at the datacenter. I hope they apply it very quickly. I let you know if this fixes the problem. Thanks and greetings Leo On 06/19/18 21:21, Kapetanakis Giannis wrote: They should try setting this on the host: kvm-intel.preemption_timer=0 It seems that this patch on linux kernel fixes the problem. https://patchwork.kernel.org/patch/10411125/ G
Keyboard repeats characters way to often
Hi, today I got my new Laptop. A Lenovo ThinkPad E485 with an AMD Ryzen CPU. I installed the latest OpenBSD -current on the device and a lot of stuff work very well. I used the traditional installation method without EFI. Only Wifi and Hybernate/Suspend don't work, but that was expected and is okay. The only big problem I have is that as soon as I start X I cannot use the keyboard correctly. Every time I type a character on the keyboard it gets repeated multiple times. Most often it gets repeated between 3 and 7 times. Do you have any idea what I could to in order to fix/debug this? I attach you a dmesg of the machine. Also here is some additional information that might help. # wsconsctl keyboard.type=pc-xt keyboard.bell.pitch=400 keyboard.bell.period=100 keyboard.bell.volume=50 keyboard.bell.pitch.default=400 keyboard.bell.period.default=100 keyboard.bell.volume.default=50 wsconsctl: Use explicit arg to view keyboard.map. keyboard.repeat.del1=400 keyboard.repeat.deln=100 keyboard.repeat.del1.default=400 keyboard.repeat.deln.default=100 keyboard.ledstate=0 keyboard.encoding=us mouse.type=synaptics mouse.rawmode=0 mouse.scale=1266,5676,1162,4690,0,45,54 mouse.tp.tapping=0 mouse.tp.scaling=0.163 mouse.tp.swapsides=0 mouse.tp.disable=0 mouse.tp.edges=0.0,5.0,10.0,5.0 mouse1.type=ps2 display.type=vga-pci display.emulations=vt100 display.screentypes=80x25,80x25bf,80x40,80x40bf,80x50,80x50bf display.focus=0 display.brightness=100.00% display.screen_on=250 display.screen_off=0 display.vblank=off display.kbdact=on display.msact=on display.outact=on I use the latest version of -current that I could find. I am on AMD64. Thanks so much for any hints. Greetings Leo $ dmesg OpenBSD 6.4-beta (GENERIC.MP) #302: Tue Sep 18 10:01:39 MDT 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 16622096384 (15852MB) avail mem = 16109076480 (15362MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.1 @ 0x986e9000 (62 entries) bios0: vendor LENOVO version "R0UET52W (1.32 )" date 09/01/2018 bios0: LENOVO 20KUCTO1WW acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP SSDT SSDT CRAT CDIT SSDT TPM2 UEFI MSDM BATB HPET APIC MCFG SBST IVRS FPDT SSDT SSDT SSDT UEFI SSDT acpi0: wakeup devices GPP0(S3) GPP1(S3) GPP2(S3) GPP3(S3) GPP4(S3) GPP5(S3) GPP6(S3) GP17(S3) XHC0(S3) XHC1(S3) GP18(S3) LID_(S3) SLPB(S3) acpitimer0 at acpi0: 3579545 Hz, 32 bits acpihpet0 at acpi0: 14318180 Hz acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Ryzen 7 2700U with Radeon Vega Mobile Gfx, 2196.25 MHz, 17-11-00 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA,IBPB,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu0: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 8-way L2 cache, 4MB 64b/line 16-way L3 cache cpu0: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 24MHz cpu0: mwait min=64, max=64, C-substates=1.1, IBE cpu1 at mainbus0: apid 1 (application processor) cpu1: AMD Ryzen 7 2700U with Radeon Vega Mobile Gfx, 2195.85 MHz, 17-11-00 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA,IBPB,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu1: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 8-way L2 cache, 4MB 64b/line 16-way L3 cache cpu1: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu1: smt 1, core 0, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: AMD Ryzen 7 2700U with Radeon Vega Mobile Gfx, 2195.84 MHz, 17-11-00 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE
Re: Keyboard repeats characters way to often
The only big problem I have is that as soon as I start X I cannot use the keyboard correctly. Every time I type a character on the keyboard it gets repeated multiple times. Most often it gets repeated between 3 and 7 times. Do you have any idea what I could to in order to fix/debug this? Could be tsc desync. Try a non-mp kernel or sysctl kern.timecounter.hardware=acpihpet0 thank you very much! The sysctl kern.timecounter.hardware=acpih option fixed the issue for me! Thank you very much! Greetings Leo
Re: Keyboard repeats characters way to often
On 09/19/18 03:29, Jonathan Gray wrote:
On Wed, Sep 19, 2018 at 03:03:12AM +0200, Leo Unglaub wrote:
The only big problem I have is that as soon as I start X I cannot use the
keyboard correctly. Every time I type a character on the keyboard it gets
repeated multiple times. Most often it gets repeated between 3 and 7 times.
Do you have any idea what I could to in order to fix/debug this?
Could be tsc desync.
Try a non-mp kernel or sysctl kern.timecounter.hardware=acpihpet0
thank you very much! The sysctl kern.timecounter.hardware=acpih option fixed
the issue for me!
Thank you very much!
Greetings
Leo
I had hoped it was gone with zen/17h. As it is very inconsistent as to
which systems have this problem (ie 16h apu laptop has the problem,
16h pcengines apu2 doesn't) we need to test if tsc is desynchronised
on boot.
Here is the old big hammer diff I had extended for 17h but I don't want
to force hpet in cases where tsc is not desynchronised between cores.
I am going to try the patch below and report back to you as soon as I
fixed my laptop. Because since I tryed the sysctl
kern.timecounter.hardware=acpihpet option I cannot start my laptop anymore.
During boot it now always fails with the error message "cpu2: failed to
become ready" and then the laptop just starts booting without a panic or
a debug prompt.
I managed to take a picture with my Phone before the Laptop rebootet
again: https://img3.picload.org/image/dlwdwodi/img_20180919_034116.jpg
As soon as i have it fixed i try the patch and report back to you.
Thanks and greetings
Leo
Index: tsc.c
===
RCS file: /cvs/src/sys/arch/amd64/amd64/tsc.c,v
retrieving revision 1.10
diff -u -p -r1.10 tsc.c
--- tsc.c 27 Jul 2018 21:11:31 - 1.10
+++ tsc.c 19 Sep 2018 01:16:24 -
@@ -32,6 +32,7 @@ int tsc_recalibrate;
uint64_t tsc_frequency;
int tsc_is_invariant;
+inttsc_desync;
uint tsc_get_timecount(struct timecounter *tc);
@@ -172,7 +173,7 @@ calibrate_tsc_freq(void)
return;
tsc_frequency = freq;
tsc_timecounter.tc_frequency = freq;
- if (tsc_is_invariant)
+ if (tsc_is_invariant && tsc_desync == 0)
tsc_timecounter.tc_quality = 2000;
}
@@ -206,10 +207,25 @@ tsc_timecounter_init(struct cpu_info *ci
tsc_frequency = tsc_freq_cpuid(ci);
tsc_is_invariant = 1;
+#ifdef MULTIPROCESSOR
+ /*
+* TSC often desynchronised between cores on
+* 15h (Bulldozer, Piledriver, Steamroller, Excavator)
+* 16h (Jaguar, Puma)
+* 17h (Zen)
+*/
+ if ((strcmp(cpu_vendor, "AuthenticAMD") == 0) &&
+ ((ci->ci_family == 0x15 && ci->ci_model <= 0x6f) ||
+(ci->ci_family == 0x16 && ci->ci_model <= 0x3f) ||
+(ci->ci_family == 0x17 && ci->ci_model <= 0x1f)))
+ tsc_desync = 1;
+#endif
+
/* Newer CPUs don't require recalibration */
if (tsc_frequency > 0) {
tsc_timecounter.tc_frequency = tsc_frequency;
- tsc_timecounter.tc_quality = 2000;
+ if (tsc_desync == 0)
+ tsc_timecounter.tc_quality = 2000;
} else {
tsc_recalibrate = 1;
tsc_frequency = cpufreq;
--
Leo Unglaub
Website: https://leo.unglaub.at
XMPP: leo-ungl...@jabber.ccc.de
:wq
Re: Keyboard repeats characters way to often
Hey,
i am sorry it took me so long to get back to you on this issue. As it
turns out this laptop has a lot of problems with OpenBSD so it took me a
long time to build your patch.
The patch below works fine and fixes the keyboard issue i had on my
Lenovo ThinkPad E485. Everything else works fine as expected!
Thanks for the patch!
Leo
On 09/19/18 03:29, Jonathan Gray wrote:
I had hoped it was gone with zen/17h. As it is very inconsistent as to
which systems have this problem (ie 16h apu laptop has the problem,
16h pcengines apu2 doesn't) we need to test if tsc is desynchronised
on boot.
Here is the old big hammer diff I had extended for 17h but I don't want
to force hpet in cases where tsc is not desynchronised between cores.
Index: tsc.c
===
RCS file: /cvs/src/sys/arch/amd64/amd64/tsc.c,v
retrieving revision 1.10
diff -u -p -r1.10 tsc.c
--- tsc.c 27 Jul 2018 21:11:31 - 1.10
+++ tsc.c 19 Sep 2018 01:16:24 -
@@ -32,6 +32,7 @@ int tsc_recalibrate;
uint64_t tsc_frequency;
int tsc_is_invariant;
+inttsc_desync;
uint tsc_get_timecount(struct timecounter *tc);
@@ -172,7 +173,7 @@ calibrate_tsc_freq(void)
return;
tsc_frequency = freq;
tsc_timecounter.tc_frequency = freq;
- if (tsc_is_invariant)
+ if (tsc_is_invariant && tsc_desync == 0)
tsc_timecounter.tc_quality = 2000;
}
@@ -206,10 +207,25 @@ tsc_timecounter_init(struct cpu_info *ci
tsc_frequency = tsc_freq_cpuid(ci);
tsc_is_invariant = 1;
+#ifdef MULTIPROCESSOR
+ /*
+* TSC often desynchronised between cores on
+* 15h (Bulldozer, Piledriver, Steamroller, Excavator)
+* 16h (Jaguar, Puma)
+* 17h (Zen)
+*/
+ if ((strcmp(cpu_vendor, "AuthenticAMD") == 0) &&
+ ((ci->ci_family == 0x15 && ci->ci_model <= 0x6f) ||
+(ci->ci_family == 0x16 && ci->ci_model <= 0x3f) ||
+(ci->ci_family == 0x17 && ci->ci_model <= 0x1f)))
+ tsc_desync = 1;
+#endif
+
/* Newer CPUs don't require recalibration */
if (tsc_frequency > 0) {
tsc_timecounter.tc_frequency = tsc_frequency;
- tsc_timecounter.tc_quality = 2000;
+ if (tsc_desync == 0)
+ tsc_timecounter.tc_quality = 2000;
} else {
tsc_recalibrate = 1;
tsc_frequency = cpufreq;
usbd_free_xfer: xfer=0xffffff041e9651e0 not free
Hello, i just upgraded to the latest snapshot and i noticed that all my external USB drives are not working anymore. (i tryed 3 different external drives) As soon as i plug them into an USB port I get the following message in my dmesg: usbd_free_xfer: xfer=0xff041e9651e0 not free I tryed all ports on my computer. USB2 and USB3, I both get the same error message. After that error message the drives does not show up in dmesg or in sysctl hw.disknames. In the snapshot from 2 weeks ago it still worked fine. Is this an error on my side or an error? The one thing that looks strange to me is that the dmesg starts different than it normally does. Here is some information about my system. Thanks and greetings Leo # sysctl kern.ostype=OpenBSD kern.osrelease=6.4 kern.osrevision=201811 kern.version=OpenBSD 6.4 (GENERIC.MP) #364: Thu Oct 11 13:30:23 MDT 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP kern.maxvnodes=42324 kern.maxproc=1310 kern.maxfiles=7030 kern.argmax=262144 kern.securelevel=1 kern.hostname=batdesk.wayne-data.enterprises kern.hostid=0 kern.clockrate=tick = 1, tickadj = 40, hz = 100, profhz = 100, stathz = 100 kern.dnsjackport=0 kern.posix1version=200809 kern.ngroups=16 kern.job_control=1 kern.saved_ids=1 kern.boottime=Sat Oct 13 18:38:44 2018 kern.domainname= kern.maxpartitions=16 kern.rawpartition=2 kern.maxthread=1950 kern.nthreads=305 kern.osversion=GENERIC.MP#364 kern.somaxconn=128 kern.sominconn=80 kern.nosuidcoredump=1 kern.fsync=1 kern.sysvmsg=1 kern.sysvsem=1 kern.sysvshm=1 kern.msgbufsize=98256 kern.malloc.buckets=16,32,64,128,256,512,1024,2048,4096,8192,16384,32768,65536,131072,262144,524288 kern.malloc.bucket.16=(calls = 20627 total_allocated = 3584 total_free = 138 elements = 256 high watermark = 1280 could_free = 0) kern.malloc.bucket.32=(calls = 13359 total_allocated = 2688 total_free = 114 elements = 128 high watermark = 640 could_free = 0) kern.malloc.bucket.64=(calls = 48033 total_allocated = 2496 total_free = 330 elements = 64 high watermark = 320 could_free = 726) kern.malloc.bucket.128=(calls = 58193 total_allocated = 11360 total_free = 319 elements = 32 high watermark = 160 could_free = 16) kern.malloc.bucket.256=(calls = 39460 total_allocated = 720 total_free = 71 elements = 16 high watermark = 80 could_free = 1) kern.malloc.bucket.512=(calls = 4892 total_allocated = 320 total_free = 21 elements = 8 high watermark = 40 could_free = 0) kern.malloc.bucket.1024=(calls = 6959 total_allocated = 552 total_free = 10 elements = 4 high watermark = 20 could_free = 104) kern.malloc.bucket.2048=(calls = 1343 total_allocated = 68 total_free = 9 elements = 2 high watermark = 10 could_free = 13) kern.malloc.bucket.4096=(calls = 3062 total_allocated = 625 total_free = 24 elements = 1 high watermark = 5 could_free = 1022) kern.malloc.bucket.8192=(calls = 747 total_allocated = 249 total_free = 8 elements = 1 high watermark = 5 could_free = 85) kern.malloc.bucket.16384=(calls = 1510 total_allocated = 26 total_free = 0 elements = 1 high watermark = 5 could_free = 0) kern.malloc.bucket.32768=(calls = 185 total_allocated = 12 total_free = 0 elements = 1 high watermark = 5 could_free = 0) kern.malloc.bucket.65536=(calls = 2574 total_allocated = 4 total_free = 0 elements = 1 high watermark = 5 could_free = 0) kern.malloc.bucket.131072=(calls = 25 total_allocated = 5 total_free = 0 elements = 1 high watermark = 5 could_free = 0) kern.malloc.bucket.262144=(calls = 0 total_allocated = 0 total_free = 0 elements = 1 high watermark = 5 could_free = 0) kern.malloc.bucket.524288=(calls = 11 total_allocated = 11 total_free = 0 elements = 1 high watermark = 5 could_free = 0) kern.malloc.kmemnames=free,,devbuf,,pcb,rtableifaddr,soopts,sysctl,counters,,ioctlops,iov,mount,,NFS_req,NFS_mount,,vnodes,namecache,UFS_quota,UFS_mount,shm,VM_map,sem,dirhash,ACPI,VM_pmapfile,file_desc,,proc,subproc,VFS_cluster,,,MFS_node,,,Export_Host,NFS_srvsock,,NFS_daemon,ip_moptions,in_multi,ether_multi,mrt,ISOFS_mount,ISOFS_node,MSDOSFS_mount,MSDOSFS_fat,MSDOSFS_node,ttys,exec,miscfs_mount,fusefs_mount,pfkey_data,tdb,xform_data,,pagedep,inodedep,newblk,,,indirdep,VM_swap,,UVM_amap,UVM_aobj,,USB,USB_device,USB_HC,,memdesc,,,crypto_data,,IPsec_credsemuldata,ip6_options,NDP,,,temp,NTFS_mount,NTFS_node,NTFS_fnode,NTFS_dir,NTFS_hash,NTFS_attr,NTFS_data,NTFS_decomp,NTFS_vrun,kqueue,,SYN_cache,UDF_mount,UDF_file_entry,UDF_file_id,,AGP_Memory,DRM kern.malloc.kmemstat.free=(inuse = 0, calls = 0, memuse = 0K, limblocks = 0, mapblocks = 0, maxused = 0K, limit = 78644K, spare = 0, sizes = (none)) kern.malloc.kmemstat.devbuf=(inuse = 2348, calls = 8920, memuse = 7417K, limblocks = 0, mapblocks = 0, maxused = 7565K, limit = 78644K, spare = 0, sizes = (16,32,64,128,256,512,1024,2048,4096,8192,16384,32768,65536,131072,524288)) kern.malloc.kmemstat.pcb=(inuse = 204, calls = 296, memuse = 32K, limblocks = 0, mapblocks = 0, maxused =
Re: Keyboard repeats characters way to often
Hey,
i just wanted to send a reminder that the following patch from jsg@
works very well and fixes the issue. I am running it for a few weeks now
and it works very well. Maybe this patch can get merged?
Thanks for the patch!
Greetings,
Leo
On 9/19/18 3:29 AM, Jonathan Gray wrote:
On Wed, Sep 19, 2018 at 03:03:12AM +0200, Leo Unglaub wrote:
The only big problem I have is that as soon as I start X I cannot use the
keyboard correctly. Every time I type a character on the keyboard it gets
repeated multiple times. Most often it gets repeated between 3 and 7 times.
Do you have any idea what I could to in order to fix/debug this?
Could be tsc desync.
Try a non-mp kernel or sysctl kern.timecounter.hardware=acpihpet0
thank you very much! The sysctl kern.timecounter.hardware=acpih option fixed
the issue for me!
Thank you very much!
Greetings
Leo
I had hoped it was gone with zen/17h. As it is very inconsistent as to
which systems have this problem (ie 16h apu laptop has the problem,
16h pcengines apu2 doesn't) we need to test if tsc is desynchronised
on boot.
Here is the old big hammer diff I had extended for 17h but I don't want
to force hpet in cases where tsc is not desynchronised between cores.
Index: tsc.c
===
RCS file: /cvs/src/sys/arch/amd64/amd64/tsc.c,v
retrieving revision 1.10
diff -u -p -r1.10 tsc.c
--- tsc.c 27 Jul 2018 21:11:31 - 1.10
+++ tsc.c 19 Sep 2018 01:16:24 -
@@ -32,6 +32,7 @@ int tsc_recalibrate;
uint64_t tsc_frequency;
int tsc_is_invariant;
+inttsc_desync;
uint tsc_get_timecount(struct timecounter *tc);
@@ -172,7 +173,7 @@ calibrate_tsc_freq(void)
return;
tsc_frequency = freq;
tsc_timecounter.tc_frequency = freq;
- if (tsc_is_invariant)
+ if (tsc_is_invariant && tsc_desync == 0)
tsc_timecounter.tc_quality = 2000;
}
@@ -206,10 +207,25 @@ tsc_timecounter_init(struct cpu_info *ci
tsc_frequency = tsc_freq_cpuid(ci);
tsc_is_invariant = 1;
+#ifdef MULTIPROCESSOR
+ /*
+* TSC often desynchronised between cores on
+* 15h (Bulldozer, Piledriver, Steamroller, Excavator)
+* 16h (Jaguar, Puma)
+* 17h (Zen)
+*/
+ if ((strcmp(cpu_vendor, "AuthenticAMD") == 0) &&
+ ((ci->ci_family == 0x15 && ci->ci_model <= 0x6f) ||
+(ci->ci_family == 0x16 && ci->ci_model <= 0x3f) ||
+(ci->ci_family == 0x17 && ci->ci_model <= 0x1f)))
+ tsc_desync = 1;
+#endif
+
/* Newer CPUs don't require recalibration */
if (tsc_frequency > 0) {
tsc_timecounter.tc_frequency = tsc_frequency;
- tsc_timecounter.tc_quality = 2000;
+ if (tsc_desync == 0)
+ tsc_timecounter.tc_quality = 2000;
} else {
tsc_recalibrate = 1;
tsc_frequency = cpufreq;
grow a filesystem on a softraid
Hey, i have the following setup: I have the drive sd1 with 20GB and on there i have one partition "a" with the type RAID. On that raid i have used bioctl to create an encrypted partition. When i decrypt sd1a it becomes sd3 and on there i have my normal sd3a with the type FFS. It works great but now i have to grow that disk in size. I used "disklabel -E sd1", enlarged the boundried to the new size and then enlarged the disk. It worked great, disklabel -h sd1 shows already the new size. But when i decrypt by using "bioctl -cC -l sd1a" the new sd3 is still on the old size. The problem is that i cannot enlarge the boundried on that sd3 disk. Any ideas what i can do in this case? Here is the disklabel from sd1, the disk with the RAID partition that i could resize correctly. # disklabel sd1 # /dev/rsd1c: type: SCSI disk: SCSI disk label: vol-vmai duid: 8243870d445950cf flags: bytes/sector: 512 sectors/track: 80 tracks/cylinder: 16 sectors/cylinder: 1280 cylinders: 16383 total sectors: 419430400 boundstart: 128 boundend: 419430400 drivedata: 0 16 partitions: #size offset fstype [fsize bsize cpg] a:419430272 128RAID c:4194304000 unused And here is the disklabel from the sd3 disk, the one that i get when i decrypt sd1a. # disklabel sd3 # /dev/rsd3c: type: SCSI disk: SCSI disk label: SR CRYPTO VMAIL duid: f7defe201b90c524 flags: bytes/sector: 512 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 1305 total sectors: 20969584 boundstart: 64 boundend: 20969584 drivedata: 0 16 partitions: #size offset fstype [fsize bsize cpg] a: 20964736 64 4.2BSD 2048 16384 12960 # /var/vmail c: 209695840 unused Maybe someone of you could be so kind and give me a hint into the right direction. That would be so nice, thanks! Greetings Leo # dmesg OpenBSD 6.7 (RAMDISK_CD) #177: Thu May 7 11:19:02 MDT 2020 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD real mem = 4177383424 (3983MB) avail mem = 4046757888 (3859MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf6a50 (10 entries) bios0: vendor Hetzner version "2017" date 11/11/2017 bios0: Hetzner vServer acpi0 at bios0: ACPI 1.0 acpi0: tables DSDT FACP APIC acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel Xeon Processor (Skylake, IBRS), 2100.23 MHz, 06-55-04 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,AVX512F,AVX512DQ,RDSEED,ADX,SMAP,CLWB,AVX512CD,AVX512BW,AVX512VL,PKU,MD_CLEAR,IBRS,IBPB,SSBD,ARAT,XSAVEOPT,XSAVEC,XGETBV1,MELTDOWN cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: apic clock running at 1000MHz cpu at mainbus0: not configured ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins acpiprt0 at acpi0: bus 0 (PCI0) acpicpu at acpi0 not configured "ACPI0006" at acpi0 not configured "PNP0A03" at acpi0 not configured acpicmos0 at acpi0 "PNP0A06" at acpi0 not configured "PNP0A06" at acpi0 not configured "PNP0A06" at acpi0 not configured "QEMU0002" at acpi0 not configured "ACPI0010" at acpi0 not configured cpu0: using VERW MDS workaround pvbus0 at mainbus0: KVM pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02 "Intel 82371SB ISA" rev 0x00 at pci0 dev 1 function 0 not configured pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility pciide0: channel 0 disabled (no drives) atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 "Intel 82371AB Power" rev 0x03 at pci0 dev 1 function 3 not configured vga1 at pci0 dev 2 function 0 "Bochs VGA" rev 0x02 vga1: aperture needed wsdisplay1 at vga1 mux 1: console (80x25, vt100 emulation) virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Network" rev 0x00 vio0 at virtio0: address 96:00:00:31:1f:b5 virtio0: msix shared virtio1 at pci0 dev 4 function 0 "Qumranet Virtio SCSI" rev 0x00 vioscsi0 at virtio1: qsize 128 sc
Re: grow a filesystem on a softraid
Hey, On 2020-07-22 16:03, Otto Moerbeek wrote: Backup, recreate the RAID, restore. THe RAID meta data includes the size and AFAIK, there is now way to change that after creation. alright, i will do that! Thanks so much for your help. Greetings from Vienna Leo
Relinking unique kernel failed after syspatch
Hello, today I wanted to apply the latest patches on our servers. They all worked fine, only on one server where i was missing some previous patches as well it got an error from syspatch. # syspatch Get/Verify syspatch62-005_ahopts.tgz 100% |**| 703 KB00:00 Installing patch 005_ahopts Get/Verify syspatch62-006_prevhdr... 100% |**| 783 KB00:00 Installing patch 006_prevhdr Get/Verify syspatch62-007_etherip... 100% |**| 1030 KB00:00 Installing patch 007_etherip Get/Verify syspatch62-008_unbound... 100% |**| 1294 KB00:00 Installing patch 008_unbound Get/Verify syspatch62-009_meltdow... 100% |**| 40344 KB00:13 Installing patch 009_meltdown Get/Verify syspatch62-010_ahauth.tgz 100% |**| 1095 KB00:00 Installing patch 010_ahauth Relinking to create unique kernel... failed! I looked into /usr/share/compile/GENERIC.MP/relink.log but the only thing in there is: (SHA256) /bsd: FAILED I have not rebooted the server in case there is some additional information I need to provide in order to fix this. (Is there even something to fix? Or is there already an improvement for this in 6.3)? Is it safe for me to reboot this server or do I have something else i need todo before rebooting the server? Here is a full dmesg from that machine: OpenBSD 6.2 (GENERIC.MP) #2: Sun Dec 10 21:14:42 CET 2017 r...@syspatch-62-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 6843424 (65294MB) avail mem = 66384637952 (63309MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xcbe08000 (78 entries) bios0: vendor FUJITSU // American Megatrends Inc. version "V5.0.0.11 R1.21.0 for D3401-H1x" date 05/15/2017 bios0: FUJITSU D3401-H1 acpi0 at bios0: rev 2 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT FIDT MCFG HPET SSDT LPIT SSDT SSDT SSDT SSDT SSDT DBGP DBG2 SSDT UEFI SSDT DMAR ASF! acpi0: wakeup devices PEGP(S4) PEG0(S4) PS2K(S3) PS2M(S3) PXSX(S4) RP09(S4) PXSX(S4) RP10(S4) PXSX(S4) RP11(S4) PXSX(S4) RP12(S4) PXSX(S4) RP13(S4) PXSX(S4) RP01(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz, 3408.00 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: TSC frequency 340800 Hz cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges cpu0: apic clock running at 23MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz, 3408.00 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT cpu1: 256KB 64b/line 8-way L2 cache cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz, 3408.00 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,SGX,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SENSOR,ARAT cpu2: 256KB 64b/line 8-way L2 cache cpu2: smt 0, core 2, package 0 cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Core(TM) i7-6700 CPU @ 3.40GHz, 3408.00 MHz cpu3: FPU,
Re: Relinking unique kernel failed after syspatch
Hey, On 03/20/18 05:43, Predrag Punosevac wrote: 1095 KB00:00 Installing patch 010_ahauth Relinking to create unique kernel... failed! I looked into /usr/share/compile/GENERIC.MP/relink.log but the only thing in there is: (SHA256) /bsd: FAILED https://marc.info/?l=openbsd-misc&m=151245106222333&w=2 thank you for the link. I am not sure it fits my case because i did not modify the kernel myself. This server is as unmodified as it gets, there are no packages installed, no binaries changed, ... . The only thing i modified on that server is /etc/ntpd.conf. Thanks anyway and greetings Leo
IPv6 problem after 6.3 upgrade
Hello, i have a IPv6 problem since i upgraded to 6.3. I cannot reach other hosts anymore over IPv6. Over IPv4 everything works fine. I have read the part with RFC 7217 in the faq/upgrade63.html but as far as I understand it I am not affected by that. # ping6 google.com PING google.com (2a00:1450:4001:814::200e): 56 data bytes ^C --- google.com ping statistics --- 12 packets transmitted, 0 packets received, 100.0% packet loss The server is a normal 6.3 installation without any modifications. The only thing I changed is /etc/ntpd.conf, the rest is as default as shipped. Here is the config: # cat /etc/hostname.vio0 inet 195.201.22.203 255.255.255.255 inet6 2a01:4f8:1c0c:4ed8::10 64 !route add -inet 172.31.1.1 -llinfo -link -static -iface vio0 !route add -inet default 172.31.1.1 # ifconfig vio0 vio0: flags=8843 mtu 1500 lladdr 96:00:00:07:a0:53 index 1 priority 0 llprio 3 groups: egress media: Ethernet autoselect status: active inet 195.201.22.203 netmask 0x inet6 fe80::db0d:ba42:756a:568b%vio0 prefixlen 64 scopeid 0x1 inet6 2a01:4f8:1c0c:4ed8::10 prefixlen 64 # cat /etc/mygate fe80::1%vio0 # route show -inet6 Routing tables Internet6: DestinationGatewayFlags Refs Use Mtu Prio Iface defaultfe80::1%vio0 UGS0 37 - 8 vio0 ::/96 localhost UGRS 00 32768 8 lo0 localhost localhost UHhl 10 20 32768 1 lo0 :::0.0.0.0/96 localhost UGRS 00 32768 8 lo0 2002::/24 localhost UGRS 00 32768 8 lo0 2002:7f00::/24 localhost UGRS 00 32768 8 lo0 2002:e000::/20 localhost UGRS 00 32768 8 lo0 2002:ff00::/24 localhost UGRS 00 32768 8 lo0 2a01:4f8:1c0c:4ed8 suramar.broken-isl UCn00 - 4 vio0 suramar.broken-isl 96:00:00:07:a0:53 UHLl 00 - 1 vio0 fe80::/10 localhost UGRS 02 32768 8 lo0 fec0::/10 localhost UGRS 00 32768 8 lo0 fe80::%vio0/64 fe80::db0d:ba42:75 UCn22 - 4 vio0 fe80::1%vio0 d2:74:7f:6e:37:e3 UHLch 1 45 - 3 vio0 fe80::cfe:57ff:fe3 d2:74:7f:6e:37:e3 UHLc 0 117 - 3 vio0 fe80::db0d:ba42:75 96:00:00:07:a0:53 UHLl 0 43 - 1 vio0 fe80::1%lo0fe80::1%lo0UHl00 32768 1 lo0 ff01::/16 localhost UGRS 01 32768 8 lo0 ff01::%vio0/32 fe80::db0d:ba42:75 Um 01 - 4 vio0 ff01::%lo0/32 localhost Um 01 32768 4 lo0 ff02::/16 localhost UGRS 01 32768 8 lo0 ff02::%vio0/32 fe80::db0d:ba42:75 Um 02 - 4 vio0 ff02::%lo0/32 localhost Um 01 32768 4 lo0 The IPv6 gateway itself is fully reachable. # ping6 fe80::1%vio0 PING fe80::1%vio0 (fe80::1%vio0): 56 data bytes 64 bytes from fe80::1%vio0: icmp_seq=0 hlim=64 time=0.691 ms 64 bytes from fe80::1%vio0: icmp_seq=1 hlim=64 time=0.792 ms 64 bytes from fe80::1%vio0: icmp_seq=2 hlim=64 time=0.293 ms 64 bytes from fe80::1%vio0: icmp_seq=3 hlim=64 time=0.597 ms ^C --- fe80::1%vio0 ping statistics --- 4 packets transmitted, 4 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 0.293/0.593/0.792/0.187 ms Here is a full dmesg # dmesg OpenBSD 6.3 (RAMDISK_CD) #98: Sat Mar 24 14:26:39 MDT 2018 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/RAMDISK_CD real mem = 2080227328 (1983MB) avail mem = 2013454336 (1920MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf68c0 (9 entries) bios0: vendor Hetzner version "2017" date 11/11/2017 bios0: Hetzner vServer acpi0 at bios0: rev 0 acpi0: tables DSDT FACP APIC HPET acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel Xeon Processor (Skylake, IBRS), 2100.42 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH
Re: IPv6 problem after 6.3 upgrade
Hi, Since you can reach your default gateway, but not "the outside world", the next step would be to try to see how far you can get. Use traceroute6 to see how for you get. Try a couple of different destinations and see if that makes a difference. Also, provide your routing table (the output of `netstat -rnf inet6`) so we can see if there are any problems there. i tryed 4 different IPv6 hosts and none of them are reachable from the 6.3 machine. From a different 6.2 machine in the same rack i can reach all of the addresses via IPv6. Here are the traceroute6 outputs: traceroute6 2a00:1450:4001:811::200e traceroute6 to 2a00:1450:4001:811::200e (2a00:1450:4001:811::200e), 64 hops max, 60 byte packets 1 * * * 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * * * 11 * * * 12 * * * 13 * * * 14 * * * 15 * * * 16 * * * ^C raceroute6 2a01:468:1000:9::3 traceroute6 to 2a01:468:1000:9::3 (2a01:468:1000:9::3), 64 hops max, 60 byte packets 1 * * * 2 * * * 3 * * * 4 * * * 5 * * * 6 * * * 7 * * * 8 * * * 9 * * * 10 * *^C Here is the output from the netstat command: # netstat -rnf inet6 Routing tables Internet6: DestinationGatewayFlags Refs Use Mtu Prio Iface defaultfe80::1%vio0 UGS0 86 - 8 vio0 ::/96 ::1UGRS 00 32768 8 lo0 ::1::1UHhl 10 20 32768 1 lo0 :::0.0.0.0/96 ::1UGRS 00 32768 8 lo0 2002::/24 ::1UGRS 00 32768 8 lo0 2002:7f00::/24 ::1UGRS 00 32768 8 lo0 2002:e000::/20 ::1UGRS 00 32768 8 lo0 2002:ff00::/24 ::1UGRS 00 32768 8 lo0 2a01:4f8:1c0c:4ed8::/642a01:4f8:1c0c:4ed8::10 UCn00 - 4 vio0 2a01:4f8:1c0c:4ed8::10 96:00:00:07:a0:53 UHLl 00 - 1 vio0 fe80::/10 ::1UGRS 02 32768 8 lo0 fec0::/10 ::1UGRS 00 32768 8 lo0 fe80::%vio0/64 fe80::db0d:ba42:756a:568b%vio0 UCn22 - 4 vio0 fe80::1%vio0 d2:74:7f:6e:37:e3 UHLch 1 118 - 3 vio0 fe80::cfe:57ff:fe3a:d3ed%vio0 d2:74:7f:6e:37:e3 UHLc 0 301 - 3 vio0 fe80::db0d:ba42:756a:568b%vio0 96:00:00:07:a0:53 UHLl 0 110 - 1 vio0 fe80::1%lo0fe80::1%lo0UHl00 32768 1 lo0 ff01::/16 ::1UGRS 01 32768 8 lo0 ff01::%vio0/32 fe80::db0d:ba42:756a:568b%vio0 Um 01 - 4 vio0 ff01::%lo0/32 ::1Um 01 32768 4 lo0 ff02::/16 ::1UGRS 01 32768 8 lo0 ff02::%vio0/32 fe80::db0d:ba42:756a:568b%vio0 Um 02 - 4 vio0 ff02::%lo0/32 ::1Um 01 32768 4 lo0 Here is a process overview of what is currently running on that system: # ps ax PID TT STAT TIME COMMAND 1 ?? Is 0:01.00 /sbin/init 66856 ?? Is 0:00.00 /sbin/slaacd 1513 ?? Ip 0:00.00 slaacd: frontend (slaacd) 86453 ?? Ip 0:00.00 slaacd: engine (slaacd) 3815 ?? Sp 0:00.03 /usr/sbin/syslogd 5379 ?? Isp 0:00.01 syslogd: [priv] (syslogd) 45806 ?? Is 0:00.00 pflogd: [priv] (pflogd) 92940 ?? Sp 0:00.30 pflogd: [running] -s 160 -i pflog0 -f /var/log/pflog (pflogd) 77250 ?? S Thanks and greetings Leo
Re: IPv6 problem after 6.3 upgrade
Hey, see "IPv6 broken on Hetzner.de vServer OpenBSD 6.3 / amd64" on bugs@ I'm pretty sure hetzner sets a static route to your link local address for the /64 they assign to you. Since the the link local address changes with RFC 7217 you blackhole the /64... you are right. It works fine when I disable RFC 7217 via -soii in my hostname.* file. I am going to open a ticket with Hetzner so that they can fix there routing. Because i asume using the -soii will not be a solution for the next couple of years. Thanks for helping me! Greetings Leo
Re: Large Filesystem
Hey, my largest filesystem with OpenBSD on it is 12TB and for the minimal usecase i have it works fine. I did not loose any data or so. I have it mounted with the following flags: local, noatime, nodev, noexec, nosuid, softdep The only thing i should mention is that one time the server crashed and i had to do a fsck during the next boot. It took around 10 hours for the 12TB. This might be something to keep in mind if you want to use this on a server. But if my memory serves me well otto did some changes to fsck on ffs2, so maybe thats a lot faster now. I hope this helps you a little bit! Greetings from Vienna Leo Am 14.11.2020 um 13:50 schrieb Mischa: I am currently in the process of building a large filesystem with 12 x 6TB 3.5" SAS in raid6, effectively ~55TB of storage, to serve as a central, mostly download, platform with around 100 concurrent connections. The current system is running FreeBSD with ZFS and I would like to see if it's possible on OpenBSD, as it's one of the last two systems on FreeBSD left.:) Has anybody build a large filesystem using FFS2? Is it a good idea? How does it perform? What are good tests to run? Your help and suggestions are really appriciated!
softraid0 errors after 6.8 upgrade
Hi, i upgraded my desktop to the latest 6.8 release. I uses sysupgrade to do the upgrade and everything worked fine. But now i noticed in my dmesg the following error messages: softraid0: sd6: i/o error 5 @ CRYPTO block 475440376 softraid0: sd6: i/o error 5 @ CRYPTO block 475440376 softraid0: sd6: i/o error 5 @ CRYPTO block 473833936 softraid0: sd6: i/o error 5 @ CRYPTO block 473833936 softraid0: sd6: i/o error 5 @ CRYPTO block 473833936 softraid0: sd6: i/o error 5 @ CRYPTO block 473833936 softraid0: sd6: i/o error 5 @ CRYPTO block 473833936 softraid0: sd6: i/o error 5 @ CRYPTO block 473833936 softraid0: sd6: i/o error 5 @ CRYPTO block 473833936 softraid0: sd6: i/o error 5 @ CRYPTO block 473833936 softraid0: sd6: i/o error 5 @ CRYPTO block 473833936 softraid0: sd6: i/o error 5 @ CRYPTO block 477298832 This only happens when i want to read certain files in /home. I checked with fsck but it reports the partition to be fine. Has this something todo with the upgrade? I did not find anything in the changelog. This setup uses OpenBSD 6.8 x64 on an AMD Ryzen processor with a full disc encryption setup. # mount /dev/sd6a on / type ffs (local, softdep) /dev/sd6k on /home type ffs (local, nodev, nosuid, softdep) /dev/sd6d on /tmp type ffs (local, nodev, nosuid, softdep) /dev/sd6f on /usr type ffs (local, nodev, softdep) /dev/sd6g on /usr/X11R6 type ffs (local, nodev, softdep) /dev/sd6h on /usr/local type ffs (local, nodev, wxallowed, softdep) /dev/sd6j on /usr/obj type ffs (local, nodev, nosuid, softdep) /dev/sd6i on /usr/src type ffs (local, nodev, nosuid, softdep) /dev/sd6e on /var type ffs (local, nodev, nosuid, softdep) /dev/sd8a on /mnt type ffs (local) I now switched to the latest snapshot and there there, but the error still exists. OpenBSD stormwind.wow-data.net 6.8 GENERIC.MP#173 amd64 What is the best way to fix this? Reinstall the entire machine? Thanks so much for your help. Greetings from Vienna Leo # uname -a OpenBSD stormwind.foo.bar 6.8 GENERIC.MP#173 amd64 stormwind# dmesg OpenBSD 6.8-current (GENERIC.MP) #173: Mon Nov 9 19:07:05 MST 2020 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 17105850368 (16313MB) avail mem = 16572129280 (15804MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xe6cf0 (59 entries) bios0: vendor American Megatrends Inc. version "1.NV" date 11/29/2019 bios0: Micro-Star International Co., Ltd. MS-7A32 acpi0 at bios0: ACPI 6.0 acpi0: sleep states S0 S3 S4 S5 acpi0: tables DSDT FACP APIC FPDT FIDT SSDT SSDT SSDT MCFG HPET SSDT UEFI IVRS SSDT CRAT CDIT SSDT SSDT WSMT acpi0: wakeup devices GPP0(S4) GPP1(S4) GPP3(S4) GPP4(S4) GPP5(S4) GPP6(S4) GPP7(S4) GPP8(S4) GPP9(S4) GPPA(S4) GPPB(S4) GPPC(S4) GPPD(S4) GPPE(S4) GPPF(S4) GP17(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 32 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: AMD Ryzen 7 1700X Eight-Core Processor, 3400.60 MHz, 17-01-01 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA,IBPB,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu0: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 8-way L2 cache, 16MB 64b/line 16-way L3 cache cpu0: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 99MHz cpu0: mwait min=64, max=64, IBE cpu1 at mainbus0: apid 2 (application processor) cpu1: AMD Ryzen 7 1700X Eight-Core Processor, 3400.03 MHz, 17-01-01 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,F16C,RDRAND,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,SKINIT,TCE,TOPEXT,CPCTR,DBKP,PCTRL3,MWAITX,ITSC,FSGSBASE,BMI1,AVX2,SMEP,BMI2,RDSEED,ADX,SMAP,CLFLUSHOPT,SHA,IBPB,XSAVEOPT,XSAVEC,XGETBV1,XSAVES cpu1: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line 8-way L2 cache, 16MB 64b/line 16-way L3 cache cpu1: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu1: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 4 (application processor) cpu2: AMD Ryzen 7 1700X Eight-Core Processor, 3400.03 MHz, 17-01-01 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36
Re: softraid0 errors after 6.8 upgrade
Hey, thank you very much for taking the time to respond. I am going to check the disk itself and if that checks out okay i am going to do the large file trick. If that does not help i am going to do a complete reinstall. Thanks you all for you help Greetings Leo Am 22.11.2020 um 18:52 schrieb Nick Holland: On 2020-11-22 06:04, Leo Unglaub wrote: Hi, i upgraded my desktop to the latest 6.8 release. I uses sysupgrade to do the upgrade and everything worked fine. But now i noticed in my dmesg the following error messages: softraid0: sd6: i/o error 5 @ CRYPTO block 475440376 softraid0: sd6: i/o error 5 @ CRYPTO block 475440376 softraid0: sd6: i/o error 5 @ CRYPTO block 473833936 softraid0: sd6: i/o error 5 @ CRYPTO block 473833936 softraid0: sd6: i/o error 5 @ CRYPTO block 473833936 softraid0: sd6: i/o error 5 @ CRYPTO block 473833936 softraid0: sd6: i/o error 5 @ CRYPTO block 473833936 softraid0: sd6: i/o error 5 @ CRYPTO block 473833936 softraid0: sd6: i/o error 5 @ CRYPTO block 473833936 softraid0: sd6: i/o error 5 @ CRYPTO block 473833936 softraid0: sd6: i/o error 5 @ CRYPTO block 473833936 softraid0: sd6: i/o error 5 @ CRYPTO block 477298832 sure sounds to me like your disk has issues. Doesn't look related to the upgrade process. This only happens when i want to read certain files in /home. I checked with fsck but it reports the partition to be fine. Has this something todo with the upgrade? I did not find anything in the changelog. sounds even more like your disk isn't good. fsck checks file *system* integrity. It does NOT check every sector on the disk for suitability to store data. The percentage of the disk that fsck reads in the process of doing its job is very small. If you want to test your backing disk, I'd do a: # dd if=/dev/rsdXc of=/dev/null bs=1m where "X" is your physical disk. If you want to see it's progress while running: # pkill -info dd will tell you how much has been read so far. IF that comes up bad, you MAY be able to "fix" your problem by deleting the files that are bad, then write a very large file to the entire partition where those damaged files were -- the disk will typically read-after-write verify that the data landed on the disk properly, and if it finds a bad spot, it will lock it out and put the failed write on a good spot (after you fill the disk, delete the "filler" file, of course). But be aware, your disk may not not healthy -- yes, bad spots and reallocated space is a normal thing for disks, but new bad spots, not so much. Nick.
unable to restart nsd with doas
Hey, i have a problem restarting nsd from a script that is run as doas. I have read the man page of doas several times, but i dont understand what i am doing wrong. Maybe someone of you could help me out. That would be so nice. My problem is": I have a script called "worker" and i invoce that script via doas sh /home/leo/bin/worker The script looks like this: #!/bin/sh tar xf /tmp/queue.tar -C /var/nsd/zonefiles/master rcctl restart nsd The tar command gets successfully executed as root and the files get extracted fine. But the rcctl command does not restart nsd. It just does nothing. Like it is not executed as root. Do you know what i am doing wrong here? My /etc/doas.conf looks like this: permit nopass leo as root cmd sh args /home/leo/bin/worker I am sure i am doing a very simple mistake here. But i cannot figure out what i am doing wrong. Could someone of you please be so kind to send me to the right direction? Thanks so much and greetings Leo
Re: unable to restart nsd with doas
I am soo sorry for the noise. doas works as expected, my tar command just exited silently with an error and rcctl never run as it should. So sorry for the noise, for the history archives, doas works as expected! Am 10.02.2021 um 19:25 schrieb Leo Unglaub: Hey, i have a problem restarting nsd from a script that is run as doas. I have read the man page of doas several times, but i dont understand what i am doing wrong. Maybe someone of you could help me out. That would be so nice. My problem is": I have a script called "worker" and i invoce that script via doas sh /home/leo/bin/worker The script looks like this: #!/bin/sh tar xf /tmp/queue.tar -C /var/nsd/zonefiles/master rcctl restart nsd The tar command gets successfully executed as root and the files get extracted fine. But the rcctl command does not restart nsd. It just does nothing. Like it is not executed as root. Do you know what i am doing wrong here? My /etc/doas.conf looks like this: permit nopass leo as root cmd sh args /home/leo/bin/worker I am sure i am doing a very simple mistake here. But i cannot figure out what i am doing wrong. Could someone of you please be so kind to send me to the right direction? Thanks so much and greetings Leo
relayd: Layer 7 proxy: forward failed
Hi,
i am trying to use relayd as an outbound proxy. I am following the
manual page and also the book "Httpd and Relayd Mastery". I did this on
the latest release 6.4 and also on the latest snapshot to make sure this
was not already fixed somewhere. I am on amd64.
My relayd config looks like this:
# cat /etc/relayd.conf
relay "proxy" {
listen on 127.0.0.1 port 8080
forward to destination
}
relay "proxy2" {
listen on 192.168.0.19 port 9090
forward to destination
}
I use this command to open up a connection from a different host in the
network:
$ curl -i -x 192.168.0.19:9090 openbsd.org
I used the following command when i am on the same host:
$ curl -i -x 127.0.0.1:8080 openbsd.org
I get the same error every time:
# relayd -df /etc/relayd.conf
startup
pfe: filter init done
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
socket_rlimit: max open files 1024
parent_tls_ticket_rekey: rekeying tickets
relay_privinit: adding relay proxy
protocol -1: name default
flags: used, relay flags: divert
tls session tickets: disabled
type: tcp
relay_privinit: adding relay proxy2
protocol -1: name default
flags: used, relay flags: divert
tls session tickets: disabled
type: tcp
init_tables: created 0 tables
relay_launch: running relay proxy
relay_launch: running relay proxy
relay_launch: running relay proxy2
relay_launch: running relay proxy
relay_launch: running relay proxy2
relay_launch: running relay proxy2
relay_connect: session 1: forward failed: Operation not permitted
relay_close: sessions inflight decremented, now 0
I used the following addition to the default pf.conf.
pass in on egress inet proto tcp to port 80 divert-to 127.0.0.1 port 8080
Is this a bug in my setup or a problem with relayd?
I also tryed the entire config from the book "Httpd and Relayd Mastery"
and even when i type it down 1 by 1 i get the same error.
Thanks and greetings
Leo
# dmesg
OpenBSD 6.4-current (GENERIC) #473: Wed Dec 5 21:55:23 MST 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
real mem = 1056899072 (1007MB)
avail mem = 1015734272 (968MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.5 @ 0xe1000 (10 entries)
bios0: vendor innotek GmbH version "VirtualBox" date 12/01/2006
bios0: innotek GmbH VirtualBox
acpi0 at bios0: rev 2
acpi0: sleep states S0 S5
acpi0: tables DSDT FACP APIC SSDT
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: AMD Ryzen 7 1700X Eight-Core Processor, 3400.47 MHz, 17-01-01
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,PCLMUL,MWAIT,SSSE3,CX16,SSE4.1,SSE4.2,MOVBE,POPCNT,AES,XSAVE,AVX,RDRAND,NXE,MMXX,FFXSR,RDTSCP,LONG,LAHF,AMCR8,ABM,SSE4A,MASSE,3DNOWP,FSGSBASE,AVX2,RDSEED,CLFLUSHOPT
cpu0: 64KB 64b/line 4-way I-cache, 32KB 64b/line 8-way D-cache, 512KB 64b/line
8-way L2 cache, 16MB 64b/line 16-way L3 cache
cpu0: ITLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
cpu0: smt 0, core 0, package 0
mtrr: CPU supports MTRRs but not enabled by BIOS
cpu0: apic clock running at 1000MHz
cpu0: mwait min=64, max=64
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 24 pins, remapped
acpiprt0 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0: C1(@1 halt!)
acpipci0 at acpi0 PCI0: 0x 0x0011 0x0001
acpiac0 at acpi0: AC unit online
acpivideo0 at acpi0: GFX0
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02
pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00
pciide0 at pci0 dev 1 function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel 0
configured to compatibility, channel 1 configured to compatibility
wd0 at pciide0 channel 0 drive 0:
wd0: 128-sector PIO, LBA, 16384MB, 33554432 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
atapiscsi0 at pciide0 channel 1 drive 0
scsibus1 at atapiscsi0: 2 targets
cd0 at scsibus1 targ 0 lun 0: ATAPI 5/cdrom removable
cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
vga1 at pci0 dev 2 function 0 "InnoTek VirtualBox Graphics Adapter" rev 0x00
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
em0 at pci0 dev 3 function 0 "Intel 82540EM" rev 0x02:
sysupgrade: exclude sets
Hi, i am a huge fan of sysupgrade. It works perfectly on my laptop where i use all sets that OpenBSD provides. But now i want to start to use sysupgrade on a router where i don't need the "x*" sets. I looked at the manual here (https://man.openbsd.org/sysupgrade) but did not find a way to exclude them (-x*) from the selection. In this case i also cannot use an answer file from a DHCP server because i don't control the DHCP environment in that network. So that option falls flat for me. Is there a way to remove sets from the installation that i am missing? Thanks so much! Leo
Re: sysupgrade: exclude sets
On 09.07.19 15:13, Theo de Raadt wrote: i am a huge fan of sysupgrade. It works perfectly on my laptop where i use all sets that OpenBSD provides. But now i want to start to use sysupgrade on a router where i don't need the "x*" sets. I looked at the manual here (https://man.openbsd.org/sysupgrade) but did not find a way to exclude them (-x*) from the selection. In this case i also cannot use an answer file from a DHCP server because i don't control the DHCP environment in that network. So that option falls flat for me. Is there a way to remove sets from the installation that i am missing? No there isn't. thank you very much for your answer. I looked into the source again and found a way that works for me. I use sysupgrade -n to download everything and then i remove the files manually from /home/_sysupgrade and then reboot. The installer reads the directory and only offers the sets stored in there. #!/bin/sh sysupgrade -n rm /home/_sysupgrade/x* rm /home/_sysupgrade/game* reboot I am sorry i did not think about this before asking on the mailing list. Thanks and greetings Leo :)
IPv6 Setup not working on Hetzner server
Hey friends, i have the exact same problem as Heiko had more than one year ago here on this mailinglist. See http://marc.info/?l=openbsd-misc&m=143231965324314&w=2 Sadly his temporary solution does not work for me so i have to bring this topic up again. I have a server at the german hoster "Hetzner". The IPv4 setup works fine, but the IPv6 setup does not work properly. I am unable to ping6 anything other than my gateway. The gateway is reachable over IPv6, but thats it. Nothing more is reachable. My subnet is 2a01:4f8:192:42d6:: / 64 and i assigned 2a01:4f8:192:42d6::10 to this server. The IPv6 gateway is for all Hetzner customers fe80::1 :::::. I configured my system as follows: > # cat /etc/hostname.em0 > inet 144.76.102.204 255.255.255.224 144.76.102.223 description hetzner-uplink > inet6 2a01:4f8:192:42d6::10 64 > # cat /etc/mygate > 144.76.102.193 > fe80::1 This results in the following config: > # ifconfig em0 > em0: flags=8843 mtu 1500 > lladdr 90:1b:0e:8b:0f:34 > description: hetzner-uplink > index 1 priority 0 llprio 3 > groups: egress > media: Ethernet autoselect (1000baseT > full-duplex,master,rxpause,txpause) > status: active > inet 144.76.102.204 netmask 0xffe0 broadcast 144.76.102.223 > inet6 fe80::921b:eff:fe8b:f34%em0 prefixlen 64 scopeid 0x1 > inet6 2a01:4f8:192:42d6::10 prefixlen 64 > But IPv6 does not work. Here are some examples: > # ping6 -c 3 google.com > PING6 google.com (2a00:1450:4001:80e::200e): 24 data bytes > ping6: sendmsg: No route to host > ping6: wrote google.com 32 chars, ret=-1 > ping6: sendmsg: No route to host > ping6: wrote google.com 32 chars, ret=-1 > ping6: sendmsg: No route to host > ping6: wrote google.com 32 chars, ret=-1 > --- google.com ping6 statistics --- > 3 packets transmitted, 0 packets received, 100.0% packet loss > # ping6 -c 3 fe80::921b:eff:fe8b:f34%em0 > PING6 fe80::921b:eff:fe8b:f34%em0 (fe80::921b:eff:fe8b:f34%em0): 24 data bytes > 32 bytes from fe80::921b:eff:fe8b:f34%em0, icmp_seq=0 hlim=64 time=0.188 ms > 32 bytes from fe80::921b:eff:fe8b:f34%em0, icmp_seq=1 hlim=64 time=0.088 ms > 32 bytes from fe80::921b:eff:fe8b:f34%em0, icmp_seq=2 hlim=64 time=0.087 ms > --- fe80::921b:eff:fe8b:f34%em0 ping6 statistics --- > 3 packets transmitted, 3 packets received, 0.0% packet loss > round-trip min/avg/max/std-dev = 0.087/0.121/0.188/0.047 ms Here are my routes and my ndp > # ndp -an > Neighbor Linklayer Address Netif ExpireS > Flags > 2a01:4f8:192:42d6::1090:1b:0e:8b:0f:34em0 permanent R l > fe80::921b:eff:fe8b:f34%em0 90:1b:0e:8b:0f:34em0 permanent R l > # route -n show -inet6 > Routing tables > > Internet6: > DestinationGatewayFlags > Refs Use Mtu Prio Iface > ::/96 ::1UGRS > 00 32768 8 lo0 > ::/104 ::1UGRS > 00 32768 8 lo0 > ::1::1UHl > 14 14 32768 1 lo0 > ::127.0.0.0/104::1UGRS > 00 32768 8 lo0 > ::224.0.0.0/100::1UGRS > 00 32768 8 lo0 > ::255.0.0.0/104::1UGRS > 00 32768 8 lo0 > :::0.0.0.0/96 ::1UGRS > 00 32768 8 lo0 > 2002::/24 ::1UGRS > 00 32768 8 lo0 > 2002:7f00::/24 ::1UGRS > 00 32768 8 lo0 > 2002:e000::/20 ::1UGRS > 00 32768 8 lo0 > 2002:ff00::/24 ::1UGRS > 00 32768 8 lo0 > 2a01:4f8:192:42d6::/64 2a01:4f8:192:42d6::10 UC > 00 - 4 em0 > 2a01:4f8:192:42d6::10 90:1b:0e:8b:0f:34 UHLl > 00 - 1 em0 > fe80::/10 ::1UGRS > 02 32768 8 lo0 > fec0::/10 ::1UGRS > 00 32768 8 lo0 > fe80::%em0/64 fe80::921b:eff:fe8b:f34%em0UC > 00 - 4 em0 > fe80::921b:eff:fe8b:f34%em090:1b:0e:8b:0f:34 UHLl > 00 - 1 em0 > fe80::1%lo0fe80::1%lo0UHl > 00 32768 1 lo0 > ff01::/16 ::1UGRS > 01 32768 8 lo0 > ff01::%em0/32
Re: IPv6 Setup not working on Hetzner server
Hey, On 12/02/16 13:14, Reyk Floeter wrote: This is a link-local address, you have to specify the interface scope id: $ cat /etc/mygate 144.76.102.193 fe80::1%em0 thanks for the hint. I fixed this but that alone still does not help me to send IPv6 data. Hetzner also needs to know your link-local address on em0, do they use the fe80::921b:eff:fe8b:f34%em0 derived from the MAC (I think they do) or do you have to configure something like fe80::2%em0 on your side? Thats a good question. Sadly they dont specify that in the docs and are also not willing to answer that via there support staff. All i could find in the documentation is the following line: For IPv6 on dedicated servers and virtual servers from the CX line, the gateway is fe80::1. Since this is a link-local address, the explicit specification of the network adapter (usually eth0) is necessary: # ip route add default via fe80::1 dev eth0 There answer is that it works on Linux without config and OpenBSD is not supported officially. I just found out that since i changed my mygate up to your suggestion that i now have to ping6 fe80::1%em0 first and then i am able to connecto to other hosts via IPv6. But not before i pinged the fe80::1%em0. WTF? Here are my rountes before the first ping to fe80::1 and then after the ping. Routing tables (before ping) Internet6: DestinationGatewayFlags Refs Use Mtu Prio Iface defaultfe80::1%em0UGS0 579 - 8 em0 ::/96 ::1UGRS 0 0 32768 8 lo0 ::/104 ::1UGRS 0 0 32768 8 lo0 ::1::1UHl 14 14 32768 1 lo0 ::127.0.0.0/104::1UGRS 0 0 32768 8 lo0 ::224.0.0.0/100::1UGRS 0 0 32768 8 lo0 ::255.0.0.0/104::1UGRS 0 0 32768 8 lo0 :::0.0.0.0/96 ::1UGRS 0 0 32768 8 lo0 2002::/24 ::1UGRS 0 0 32768 8 lo0 2002:7f00::/24 ::1UGRS 0 0 32768 8 lo0 2002:e000::/20 ::1UGRS 0 0 32768 8 lo0 2002:ff00::/24 ::1UGRS 0 0 32768 8 lo0 2a01:4f8:192:42d6::/64 2a01:4f8:192:42d6::10 UC 0 0 - 4 em0 2a01:4f8:192:42d6::10 90:1b:0e:8b:0f:34 UHLl 0 18 - 1 em0 fe80::/10 ::1UGRS 0 1 32768 8 lo0 fec0::/10 ::1UGRS 0 0 32768 8 lo0 fe80::%em0/64 fe80::921b:eff:fe8b:f34%em0UC 0 0 - 4 em0 fe80::921b:eff:fe8b:f34%em090:1b:0e:8b:0f:34 UHLl 0 0 - 1 em0 fe80::1%lo0fe80::1%lo0UHl0 0 32768 1 lo0 ff01::/16 ::1UGRS 0 1 32768 8 lo0 ff01::%em0/32 fe80::921b:eff:fe8b:f34%em0Um 0 1 - 4 em0 ff01::%lo0/32 ::1Um 0 1 32768 4 lo0 ff02::/16 ::1UGRS 0 1 32768 8 lo0 ff02::%em0/32 fe80::921b:eff:fe8b:f34%em0Um 0 1 - 4 em0 ff02::%lo0/32 ::1Um 0 1 32768 4 lo0 Routing tables (after ping) Internet6: DestinationGatewayFlags Refs Use Mtu Prio Iface defaultfe80::1%em0UGS0 581 - 8 em0 ::/96 ::1UGRS 0 0 32768 8 lo0 ::/104 ::1UGRS 0 0 32768 8 lo0 ::1::1UHl 14 14 32768 1 lo0 ::127.0.0.0/104::1UGRS 0 0 32768 8 lo0 ::224.0.0.0/100::1UGRS 0 0 32768 8 lo0 ::255.0.0.0/104::1UGRS 0 0 32768 8 lo0 :::0.0.
bioctl: unable to read passphrase
Hey friends, i have two identical ssd drives in my laptop. sd0 and sd1. I created a Raid 1 (mirroring) on them resulting in sd3. I used the following command: bioctl -c 1 -l sd0a,sd1a softraid0 On the resulting disk i created sd3b with 2 GB Swap and sd3a with 100GB with a type RAID. Now i want to put a crypto layer (Cryptoraid) on the resulting sd3a. I wanted to use the following command: bioctl -c C -l sd3a softraid0 But i get the following error message: bioctl: unable to read passphrase. Do you have any ideas why this is happening? Thanks and greetings Leo
Re: bioctl: unable to read passphrase
Hey, On 05/13/16 21:08, Ted Unangst wrote: you might try ktrace, since bioctl is not being very helpful here. the problem is that i dont have ktrace available on the install iso. I tryed to reproduce it on my OpenBSD desktop but there i dont have that problem. I looked up the part in the source where it prints this error message but i really dont understand why it is triggered. Any more ideas on why i could try? Big thanks and greetings Leo
Re: bioctl: unable to read passphrase
Hey, On 05/14/16 15:19, Stuart Henderson wrote: Your initial problem report was missing a lot of important information - this is the first mention of it only happening on the install iso, and you didn't mention what it is that you're running (release? snapshot? which date? which arch?) i am deeply sorry about that. The problem happens only on the installer from the 5.9 release. I used the AMD64 image of the release. But i think i found out what caused the problem. Every time i did a cd /dev && sh MAKEDEV all it did not work and bioctl could not read my passphrase anymore. When i just created the device nodes i needed manually it seams to work. Maybe this is a bug in the MAKEDEV script or i just missused it. Sorry about that. Thanks anyway! Greetings Leo
Re: bioctl: unable to read passphrase
Hey, On 05/15/16 09:23, Maurice McCarthy wrote: I believe the installation ramdisk has limited space so you likely used it all up with "MAKEDEV all". It is limited to install on very old systems. thanks for the answer. That actually would explain my problem! Maybe the bioctl error message could be tweaked a little bit to explain the problem a little bit more in detail. Thanks and greetings Leo
softraid0: sdx has unsupported sector size (4096)
Hey friends, my new external HDD has a sector size of 4096: # disklabel -h sd8 # /dev/rsd8c: type: SCSI disk: SCSI disk label: My Passport 0827 duid: 9210ccc858d72f52 flags: bytes/sector: 4096 sectors/track: 63 tracks/cylinder: 255 sectors/cylinder: 16065 cylinders: 45599 total sectors: 732558336 # total bytes: 2.7T boundstart: 64 boundend: 732558273 drivedata: 0 I wanted to create a crypto raid on that drive and used the following commands to create one. fdisk -igy sd8 Then i created a partition with disklabel -E sd8 resulting in the following disklabel: 16 partitions: #size offset fstype [fsize bsize cpg] a: 2.7T 64RAID c: 2.7T0 unused Now i wannted to use bioctl -cC -lsd8a softraid0 but i get the following error message: softraid0: sd8a has unsupported sector size (4096) softraid0: invalid metadata format I looked around and found an old email from Kenneth R Westerback on this mailinglist where he stated that the "4k problem" was solved at "c2k15" but never commited. Is there a reason it never got picked up again? Here i a link to the old post: http://misc.openbsd.narkive.com/xjppPBE5/softraid-4-bioctl-8-vs-non-512-byte-sectors-disks#post6 I am on OpenBSD 5.9 AMD64. Thanks and greetings Leo
Re: softraid0: sdx has unsupported sector size (4096)
Hey, On 05/15/16 12:34, Daniel Jakots wrote: It's in -current, see the commit [0] and the warning about softraid metadata change [1]. big thanks for the information. I must have missed it. Greetings Leo
Install OpenBSD on disks larger than 2TB
Hey, i am using OpenBSD with two harddrives. Both of them are 2 TB and i put them in a Raid 1 (mirroring) using softraid0. It works perfect, the system boots from the raid 1 and runs perfectly. Sadly now 2 TB is not enought disc space anymore and i got some new 4TB drives. I suceeded in crating a raid 1 on them, but i am unable to boot of those drives. Do you have any ideas what i could try next? Here is what i did so far: fdisk -igy sd0 fdisk -igy sd1 disklabel -E sd0 (created a partition of type RAID) disklabel -E sd1 (created the same disklayout) bioctl -c1 -l sd0a,sd1a softraid0 (resulted in sd2 beeing created) I can install OpenBSD on the new sd2 but i cannot boot from it. I used the latest snapshot to try this. Any ideas? Thanks and greetings Leo
Re: Install OpenBSD on disks larger than 2TB
Hey, On 07/22/16 10:29, Alexander Hall wrote: How did you install the system? If you didn't already, use the installer and point it at the softraid disk (likely sd2). If that doesn't help, please show what happens. "i am unable to boot" tells us nothing. i used the installer for installing OpenBSD. I selected sd2 during the install process and created a GPT layout on that disc. Then it continues by installing it normally. But in the last step i get the following error message: installboot: no OpenBSD partition Failed to install bootblocks. You will not be able to boot OpenBSD from sd2 I asume thats because OpenBSD cannot boot from GPT? Only from MBR? Thanks and greetings Leo
Re: Install OpenBSD on disks larger than 2TB
Hey, On 07/29/16 18:13, Noth wrote: OpenBSD can boot off UEFI & GPT since 5.9. Are you booting on MBR or UEFI? yes, thats true and it works fine. The problem here seams to be the raid 1. Booting from an Raid 1 with disks larger than 2 TB seams to be broken. Maybe its not intended to work, but i am unable to find a hint about that in the bioctl,bio,softraid manual page. (Maybe thats the wrong place?) Greetings Leo
Re: Install OpenBSD on disks larger than 2TB
Hey, Works for me: ~ $ sudo disklabel -p m sd2 # /dev/rsd2c: type: SCSI disk: SCSI disk label: SR RAID 1 duid: 7e4e73c2d1d85347 flags: bytes/sector: 512 sectors/track: 255 tracks/cylinder: 511 sectors/cylinder: 130305 cylinders: 44975 total sectors: 5860532576 # total bytes: 2861588.2M boundstart: 256 boundend: 5860532576 drivedata: 0 did you do anything special during the installation? Or did you simply follow the installer?
PHP 7.4: SSL routines:CONNECT_CR_CERT:certificate verify failed
Hey friends, i have a OpenBSD 7.0 server with all syspatches applied. On that server i have setup httpd and PHP 7.4 running via PHP-FPM. I followed the readme provided by the package and everything seams to be fine. There is only one issue when i try to establish a secure connection from PHP to another server. (sending an email in this case via SMTP). I get the following error: PHP Warning: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: error:14007086:SSL routines:CONNECT_CR_CERT:certificate verify failed I followed the readme to the point and populated /var/www/etc/ssl/ with all the recommended files (cert.pem and openssl.cnf). In the config file /etc/php-7.4.ini i added the folowing lines to point PHP-FPM to those files (the chroot /var/www gets appended by php): [curl] curl.cainfo = /etc/ssl/cert.pem [openssl] openssl.cafile = /etc/ssl/cert.pem The files are read by PHP, because when i remove then i get an error (as expected, just a verification that they are read as intended). But PHP is still unable to connect to that server. I ssh'ed into that server and did the openssl s_client manually. Just to verify that everything works as expected and it does: openssl s_client -tls1_2 -connect mail.foobar.com:587 openssl s_client -tls1_3 -connect mail.foobar.com:587 (both 1.2 and 1.3 work) Here is the successful response: CONNECTED(0003) 3143473289712:error:1400442E:SSL routines:CONNECT_CR_SRVR_HELLO:tlsv1 alert protocol version:/usr/src/lib/libssl/tls13_lib.c:151: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 5 bytes and written 201 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher: Session-ID: Session-ID-ctx: Master-Key: Start Time: 1640216653 Timeout : 7200 (sec) Verify return code: 0 (ok) --- Do you have any ideas on what might be wrong here? The error message sadly is not that helpful and as far as i know there is not that much i can do to get more detailed logs. Thanks in advance Leo OpenBSD 7.0 (GENERIC.MP) #3: Wed Dec 15 13:14:26 MST 2021 r...@syspatch-70-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 33537511424 (31983MB) avail mem = 32505069568 (30999MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf6a30 (11 entries) bios0: vendor Hetzner version "2017" date 11/11/2017 bios0: Hetzner vServer acpi0 at bios0: ACPI 1.0 acpi0: sleep states S5 acpi0: tables DSDT FACP APIC acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel Xeon Processor (Skylake, IBRS), 2294.85 MHz, 06-55-04 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,AVX512F,AVX512DQ,RDSEED,ADX,SMAP,CLWB,AVX512CD,AVX512BW,AVX512VL,MD_CLEAR,IBRS,IBPB,SSBD,ARAT,XSAVEOPT,XSAVEC,XGETBV1,MELTDOWN cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 999MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel Xeon Processor (Skylake, IBRS), 2294.59 MHz, 06-55-04 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,MPX,AVX512F,AVX512DQ,RDSEED,ADX,SMAP,CLWB,AVX512CD,AVX512BW,AVX512VL,MD_CLEAR,IBRS,IBPB,SSBD,ARAT,XSAVEOPT,XSAVEC,XGETBV1,MELTDOWN cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu1: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu1: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu1: smt 0, core 1, package 0 cpu2 at mainbus0: apid 2 (application processor) cpu2: Intel Xeon Processor (Skylake, IBRS), 2294.60 MHz, 06-55-04 cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ER
Re: PHP 7.4: SSL routines:CONNECT_CR_CERT:certificate verify failed
Hey, thank you for your reply. My first guess ist that the chain is not correct and so the server's certificate cannot be validated. you are correct about it. I read the openssl output wrong, i got confused by "Verify return code: 0 (ok)" and thought the connection was successful. But is was not. If you are sure that your PHP script connects to the right host then you can remove temporarily validation just to see if this will work. If so you should enable validation again and examine the chain on your mailserver. Yeah, i think this is (to my surprise) not a PHP issue.
Re: PHP 7.4: SSL routines:CONNECT_CR_CERT:certificate verify failed
Hey, Kind of strange that this works. Port 587 (submission) is usually set up to use STARTTLS, just like port 25 (smtp) so you would need specify -starttls smtp an an option to openssl s_client. Port 465 (submissions, formerly known as smtps) would work with mandatory TLS if the server supports that. Are you sure you are testing correctly? I would expect these to work: $ openssl s_client -connect mail.foobar.com:587 -starttls smtp you are absolutly correct. When i add the -starttls part i get a much better result. I am still confused why my version still printed "Verify return code: 0 (ok)" but you are right, that was wrong. When i use it with -starttls, then i get the following error: # openssl s_client -showcerts -connect mail.felberbrot.at:587 -starttls smtp CONNECTED(0003) depth=0 CN = *.foobar.com verify error:num=20:unable to get local issuer certificate verify return:1 write W BLOCK So yeah, seams like they have an issue in there certificate chain. I also tested this on an Alpine Linux, got the exact same error. So i assume that's there problem. Sorry for the noise! Thanks for the help and greetings Leo
OpenSMTPd: Unable to use TLS/SSL over IPv6
Hey friends,
i am running OpenBSD 7.0 with all patches applied. Some weeks ago i
noticed a very strange issue with my OpenSMTPd instance. People are
unable to use TLS when connecting via IPv6. This is not just my
observation, some people on misc@ told me so as well.
I talked to gilles@ in private and he could confirm the issue, but he
thinks its not related to OpenSMTPd itsef and might be even an OpenBSD
(LibreSSL) issue itself. gilles@ told me to post this to the ML because
it might be a little bit more complicated.
Here are some basics from the System. I am using the real hostname and
IP addresses so every one can look at the problem directly.
The Server is configured to use both IPv4 and IPv6:
$ cat /etc/hostname.vio0
inet 116.202.103.165 255.255.255.255
inet6 2a01:4f8:c010:3301::dead:beef 64 -soii
!route add -inet 172.31.1.1 -llinfo -link -static -iface vio0
!route add -inet default 172.31.1.1
I confimed it via ifconfig:
$ ifconfig vio0
vio0: flags=408843 mtu 1500
lladdr 96:00:00:31:1f:b5
index 1 priority 0 llprio 3
groups: egress
media: Ethernet autoselect
status: active
inet 116.202.103.165 netmask 0x
inet6 fe80::9400:ff:fe31:1fb5%vio0 prefixlen 64 scopeid 0x1
inet6 2a01:4f8:c010:3301::dead:beef prefixlen 64
I also can use ping and ping6 to reach other servers and the server can
be reached over IPv4 and IPv6. So this seams to work.
Here is my OpenSMTTPd config. The only thing i replaced is the
encryption key:
##
## Queue
##
queue compression
queue encryption x
##
## SMTP
##
smtp max-message-size 80M
smtp sub-addr-delim "+"
##
## Tables
##
table aliases file:/etc/mail/aliases
table vdomains file:/etc/mail/table-vdomains
table vaddr file:/etc/mail/table-vaddr
table credentials file:/etc/mail/table-credentials
table filter-dyndns file:/etc/mail/table-filter-dyndns
table vmailstub file:/etc/mail/table-vmailstub
##
## PKI
##
pki "*" cert "/etc/ssl/storm-peaks.northrend.azeroth.wow-data.net.fullchain.pem"
pki "*" key "/etc/ssl/private/storm-peaks.northrend.azeroth.wow-data.net.key"
##
## Filter
##
filter "check-dyndns" phase connect match rdns regex disconnect "550
no residential/dyndns connections"
filter "check-rdns" phase connect match !rdns disconnect "550 rDNS missmatch"
filter "check-fcrdns" phase connect match !fcrdns disconnect "550 FCrDNS
missmatch"
filter "dnsbl" proc-exec "filter-dnsbl -v ix.dnsbl.manitu.net dnsbl.dronebl.org
all.spamrats.com dnsbl.sorbs.net bl.spamcop.net"
##
## Listen
##
listen on lo0
listen on egress tls pki "*" filter { "check-dyndns" "check-rdns" "check-fcrdns"
"dnsbl" }
listen on egress port submission tls-require pki "*" auth
listen on egress port 25255 tls-require pki "*" auth
##
## Actions
##
action "outbound" relay
action "local-lmtp" lmtp "/var/dovecot/lmtp" rcpt-to virtual
##
## Matches
##
match from any for domain rcpt-to action "local-lmtp"
match auth from any for any action "outbound"
To me it looks like i am not doing anything different for IPv4 or IPv6.
I am just listening on egress and according to ifconfig is assigned to
vio0. But people cannot use SSL/TLS on IPv6, but it works fine when
using IPv4. This results in some emails getting delayed from IPv6
senders, until they downgrade or switch to IPv4.
Does someone of you have an idea why this might happen? To me the config
seams clean. Do you have this issue on other instances as well?
Thank you so much and greetings
Leo
OpenBSD 7.0 (GENERIC.MP) #3: Wed Dec 15 13:14:26 MST 2021
r...@syspatch-70-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4177379328 (3983MB)
avail mem = 4034760704 (3847MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf5ad0 (10 entries)
bios0: vendor Hetzner version "2017" date 11/11/2017
bios0: Hetzner vServer
acpi0 at bios0: ACPI 1.0
acpi0: sleep states S5
acpi0: tables DSDT FACP APIC HPET
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel Xeon Processor (Skylake, IBRS), 2100.37 MHz, 06-55-04
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,AVX512F,AVX512DQ,RDSEED,ADX,SMAP,CLWB,AVX512CD,AVX512BW,AVX512VL,PKU,MD_CLEAR,IBRS,IBPB,SSBD,ARAT,XSAVEOPT,XSAVEC,XGETBV1,MELTDOWN
cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line
16-way L2 cache
cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped
cpu0: DTLB 255 4KB entries direc
Re: OpenSMTPd: Unable to use TLS/SSL over IPv6
Hey, On 11/01/2022 21:28, Stuart Henderson wrote: I bet it is MTU related. Try lowering MTU on that interface (you cannot do it separately for IPv4 and IPv6 so it will change both, but that's not likely to be a problem) and get someone who has seen the problems to re-test. thank you so much for your answer. I would have never ever thought about the MTU in this case. I used the default 1500. I talked to the technical support from the datacenter (Hetzner Online) and they asured me that 1500 is correct. However, i have set the value to 1400 and asked some people who had the issue to re-test it. I will post the results of the test here so other people can find them via a search engine. Thank you so much, very kind of you!
Re: OpenSMTPd: Unable to use TLS/SSL over IPv6
Hey, On 1/13/22 19:18, Crystal Kolipe wrote: Well, I can connect to his server using: openssl s_client -starttls smtp -connect mail.unglaub.at:25 The handshake completes and I'm able to issue smtp commands. However smtpd always reports that opportunistic TLS failed, and downgrades to plaintext. when you connect to the server, can you do the SMTP dialog? I tried it on my server and other instances running OpenSMTPd and i get the following error: $ openssl s_client -starttls smtp -connect mail.unglaub.at:25 CONNECTED(0003) depth=2 C = US, O = Internet Security Research Group, CN = ISRG Root X1 verify return:1 depth=1 C = US, O = Let's Encrypt, CN = R3 verify return:1 depth=0 CN = storm-peaks.northrend.azeroth.wow-data.net verify return:1 --- Certificate chain 0 s:CN = storm-peaks.northrend.azeroth.wow-data.net i:C = US, O = Let's Encrypt, CN = R3 1 s:C = US, O = Let's Encrypt, CN = R3 i:C = US, O = Internet Security Research Group, CN = ISRG Root X1 2 s:C = US, O = Internet Security Research Group, CN = ISRG Root X1 i:O = Digital Signature Trust Co., CN = DST Root CA X3 --- Server certificate -BEGIN CERTIFICATE- XXX -END CERTIFICATE- subject=CN = storm-peaks.northrend.azeroth.wow-data.net issuer=C = US, O = Let's Encrypt, CN = R3 --- No client certificate CA names sent Peer signing digest: SHA256 Peer signature type: RSA-PSS Server Temp Key: X25519, 253 bits --- SSL handshake has read 5457 bytes and written 420 bytes Verification: OK --- New, TLSv1.3, Cipher is TLS_AES_256_GCM_SHA384 Server public key is 4096 bit Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- 250 HELP EHLO unglaub.at 250-storm-peaks.northrend.azeroth.wow-data.net Hello unglaub.at [2001:871:210:554:6c50:40ef:c73c:d401], pleased to meet you 250-8BITMIME 250-ENHANCEDSTATUSCODES 250-SIZE 83886080 250-DSN 250 HELP MAIL FROM: 250 2.0.0 Ok RCPT TO: RENEGOTIATING 139809772520832:error:1420410A:SSL routines:SSL_renegotiate:wrong ssl version:../ssl/ssl_lib.c:2142: Are the last two lines expected behavour? I get then on IPv4 and IPv6. Someone else beeing so kind trying to debug this send me something similar. I am shorting it down to the error itself: RENEGOTIATING 139809772520832:error:1420410A:SSL routines:SSL_renegotiate:wrong ssl version:../ssl/ssl_lib.c:2142: Greetings Leo
Re: OpenSMTPd: Unable to use TLS/SSL over IPv6
Hey, On 14/01/2022 08:31, Crystal Kolipe wrote: Reading the manual page for openssl, specifically the section on s_client would be a very good idea. thank you for the hint. I did not know about this behavour. It does not explain the initial bug, but certenly my testing of it. For the archive, here is the important part from the manual. If a connection is established with an SSL server, any data received from the server is displayed and any key presses will be sent to the server. When used interactively (which means neither -quiet nor -ign_eof have been given), the session will be renegotiated if the line begins with an R; if the line begins with a Q or if end of file is reached, the connection will be closed down. Thanks for letting me know :)
Re: OpenSMTPd: Unable to use TLS/SSL over IPv6
Hey, On 14/01/2022 09:19, Stuart Henderson wrote: That hostname doesn't match the certificate, it should validate ok for storm-peaks.northrend.azeroth.wow-data.net (I also checked with -servername to send SNI). There's no difference between v4 and v6 for that though. thank you very much for spending time in testing this again. Sadly i cannot reproduce the issue. For me the certificate validates correctly for the hostname storm-peaks.northrend.azeroth.wow-data.net. I also used a couple of online certificate checking tools and they also report that it works fine. (https://www.hardenize.com/report/storm-peaks.northrend.azeroth.wow-data.net/1642159474#email and https://www.hardenize.com/report/storm-peaks.northrend.azeroth.wow-data.net/1642159474#email) I read the OpenSMTPd code again last night and i cannot reproduce the initial issue. There is basically no difference in IPv4 and IPv6 connections when they arrive at OpenSMTPd. Its just an open socket and then OpenSMTPd operates on that completely ignoring the IP version. I grepped the log files and in the last 7 days i had 263183 connections via IPv6 to OpenSMTPd. 82% of them used TLS (ciphers=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 beeing the most used) according to the log. So i think this should be fine. Thanks for everyone spending time looking into this, but i don't think its a configuration or OpenBSD issue at this point. Thanks so much and greetings Leo
growfs on an encrypted softraid0
Hey friends, i have a 500GB drive that is fully encrypted using a softraid with raidlevel C. It works perfectly. But now the drive is getting full and i have to grow it. This server is running in the Hetzner Cloud and resizing the drive is supported to 10TB. With an unencrypted partition this works well in OpenBSD. I can use disklabel and growfs to enlarge the drive, but that does not work with an encrypted partition. Do you have any recommendations on what the best way forward is in this case? I tried adding a new 1TB drive and copying all the files over and just remounting it. But even with the super fast M2. SSD drives in there it took more than 3 days to finish. (lots of small files, its my email server) Having my email server down for 3 days is not really a good option for obvious reasons. I also tried doing an initial copy and then using rsync, but because dovecot (imap server from ports) uses a lot of hardlinks rsync is not working correctly even with the hard link option (bugs are described in the rsync man page) and openrsync does not support handling them. Do you have any ideas what i can do in this case? Thanks and greetings Leo OpenBSD 7.0 (GENERIC.MP) #5: Mon Jan 31 09:09:02 MST 2022 r...@syspatch-70-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 4177379328 (3983MB) avail mem = 4034740224 (3847MB) random: good seed from bootblocks mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xf5ad0 (10 entries) bios0: vendor Hetzner version "2017" date 11/11/2017 bios0: Hetzner vServer acpi0 at bios0: ACPI 1.0 acpi0: sleep states S5 acpi0: tables DSDT FACP APIC HPET acpi0: wakeup devices acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel Xeon Processor (Skylake, IBRS), 2100.34 MHz, 06-55-04 cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,AVX512F,AVX512DQ,RDSEED,ADX,SMAP,CLWB,AVX512CD,AVX512BW,AVX512VL,PKU,MD_CLEAR,IBRS,IBPB,SSBD,ARAT,XSAVEOPT,XSAVEC,XGETBV1,MELTDOWN cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu0: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 1000MHz cpu1 at mainbus0: apid 1 (application processor) cpu1: Intel Xeon Processor (Skylake, IBRS), 2100.07 MHz, 06-55-04 cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,SSSE3,FMA3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,FSGSBASE,BMI1,HLE,AVX2,SMEP,BMI2,ERMS,INVPCID,RTM,AVX512F,AVX512DQ,RDSEED,ADX,SMAP,CLWB,AVX512CD,AVX512BW,AVX512VL,PKU,MD_CLEAR,IBRS,IBPB,SSBD,ARAT,XSAVEOPT,XSAVEC,XGETBV1,MELTDOWN cpu1: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 512KB 64b/line 16-way L2 cache cpu1: ITLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu1: DTLB 255 4KB entries direct-mapped, 255 4MB entries direct-mapped cpu1: smt 0, core 1, package 0 ioapic0 at mainbus0: apid 0 pa 0xfec0, version 11, 24 pins acpihpet0 at acpi0: 1 Hz acpiprt0 at acpi0: bus 0 (PCI0) "ACPI0006" at acpi0 not configured acpipci0 at acpi0 PCI0 acpicmos0 at acpi0 "PNP0A06" at acpi0 not configured "PNP0A06" at acpi0 not configured "PNP0A06" at acpi0 not configured "QEMU0002" at acpi0 not configured "ACPI0010" at acpi0 not configured acpicpu0 at acpi0: C1(@1 halt!) acpicpu1 at acpi0: C1(@1 halt!) cpu0: using VERW MDS workaround pvbus0 at mainbus0: KVM pvclock0 at pvbus0 pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 "Intel 82441FX" rev 0x02 pcib0 at pci0 dev 1 function 0 "Intel 82371SB ISA" rev 0x00 pciide0 at pci0 dev 1 function 1 "Intel 82371SB IDE" rev 0x00: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility pciide0: channel 0 disabled (no drives) atapiscsi0 at pciide0 channel 1 drive 0 scsibus1 at atapiscsi0: 2 targets cd0 at scsibus1 targ 0 lun 0: removable cd0(pciide0:1:0): using PIO mode 4, DMA mode 2 piixpm0 at pci0 dev 1 function 3 "Intel 82371AB Power" rev 0x03: apic 0 int 9 iic0 at piixpm0 vga1 at pci0 dev 2 function 0 "Bochs VGA" rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) virtio0 at pci0 dev 3 function 0 "Qumranet Virtio Network" rev 0x00 vio0 at virtio0: address 96:00:00:31:1f:b5 virtio0: msix shared virtio1 at pci0 dev 4 function 0 "Qumranet Virtio SCSI" rev 0x00 v
Re: growfs on an encrypted softraid0
Hey, i have a 500GB drive that is fully encrypted using a softraid with raidlevel C. It works perfectly. But now the drive is getting full and i have to grow it. This server is running in the Hetzner Cloud and resizing the drive is supported to 10TB. With an unencrypted partition this works well in OpenBSD. I can use disklabel and growfs to enlarge the drive, but that does not work with an encrypted partition. correct... you can growfs a FS within an encrypted partition, but can not grow the encrypted partition. great, so at least i read the code right :) Does someone know if there is a patch around that maybe is waiting for reviews that would add the functionality of growing an encrypted partition itself? Do you have any recommendations on what the best way forward is in this case? I tried adding a new 1TB drive and copying all the files over and just remounting it. But even with the super fast M2. SSD drives in there it took more than 3 days to finish. (lots of small files, its my email server) well, you might want to have a chat with your service provider. There's nothing "super fast" about 500g in three days (though my VPS on my primary web/mail server also brags about SSDs...and the slowest disk performance I have seen in decades. I have a note-to-self in the .profile that a sysupgrade takes 15 minutes to keep me from freaking out during upgrades. Other systems I have with them have more expected performance. *shrug*) I spinned up the same server with Alpine Linux on it (LUKS with ext4) and there the 500gb got copied in around 37 minutes. I pupolated the 500gb with 1mb files with random content in them. So the disc speed seams fine. This is propobly something on OpenBSD, but i an not complaining about the speed. OpenBSD is fast enought in most cases. Just out of interrest, i tried the same with async+noatime and softdep+noatime and there was not that much difference. (around 30 minutes difference to no mount options other than default) I also tried doing an initial copy and then using rsync, but because dovecot (imap server from ports) uses a lot of hardlinks rsync is not working correctly even with the hard link option (bugs are described in the rsync man page) and openrsync does not support handling them. what? where? I'm not seeing what you are refering to here. Also a quick web search isn't showing a problem, but I am seeing a lot of people using rsync to back up dovecot maildir servers. (if totally off-topic to OpenBSD, please advise me off-list) If you use normal maildir for storage rsync is perfect. But i am using a feature called SIS (single instance storage). This is build into dovecot and available in the OpenBSD port of the software. This basically extracts attachments of emails and stores them externally. If you have the same attachment in multiple emails dovecot uses hard links. If you have for example people who mail you with always the same horrible pictures in email signatures then this reduces the disc usage a lot! Up to 80% less disc usage in some scenarios. The problem with rsync is, that as soon as you sync from one partition to another all hard links get copied as normal files. The hard linking only works on the same partition. So as soon as i use rsync the 500GB become around 1400GB. Move everything you can with rsync, then deal with your maildir separately. I've used "imapsync" before on a 30,000 user e-mail system -- first run took a day or more, final system-down cutover run took time, but we were down only a few hours (this was over a decade ago, don't hold me to the numbers). dovecot has a "dsync" tool. Haven't used it, but it would be worth a look at, I think. I think thats a good idea. I am going to solve this outside of OpenBSD on the protocol level. Maybe use a second server, migrate via imap and then switch the servers back. Something like that. Thanks for all the replies on and off list! Thanks and greetings! Leo
