Re: DDB Crash Report About if_ether.c and arpinit() Gelen Kutusu

Hello Samuel, I think you should give a chance to this commit: https://github.com/openbsd/src/commit/73fb5aae645f3bc12746fd705a937dfc9f9abc01 I hope it works for you. -- Valdrin From: owner-m...@openbsd.org on behalf of Samuel Jayden Sent: Wednesday, January

TSO and LRO while forwarding traffic

Hello Misc, I've got a question about TSO and LRO: How does enabling TSO and/or LRO on the Ethernet cards of a network device that will serve as a router and firewall affect the forward traffic of users accessing the internet behind this device? In short, should I keep these features on or tur

Re: Parallel PF

, 10/25/2023 4:18 PM keltezéssel, Valdrin MUJA írta: > Hello Sam, > > I don't have the answer to this question, but I can make a few comments on my > own behalf. Maybe it can give you an idea. > As far as I observed, it is not PF's turn yet. I guess what needs to be done

Re: Parallel PF

Hello Sam, I don't have the answer to this question, but I can make a few comments on my own behalf. Maybe it can give you an idea. As far as I observed, it is not PF's turn yet. I guess what needs to be done regarding cloned interfaces such as tun and the ethernet layer will be done first. In

porting snort3

Hello, Is there any plan for porting Snort3 into OpenBSD? Thanks. Best, Valdrin

mp-safe tun

Hello OpenBSD, I've been thinking about this since OpenBSD devs do a lot of mp-safe on the network stack: Is it possible to make /dev/tun device mp-safe/Multi-queue? Thanks for reading.

increasing NET_TASKQ for better performance?

Hello Misc, I run OpenBSD 7.3 as L3 firewall under VMware. I have some rdr-to rules. Here System information: cpu15: Intel(R) Xeon(R) Gold 6338 CPU @ 2.00GHz, 1995.63 MHz, 06-6a-06 I know CPU cores are not at too important at the moment but this server has 16 cores on it. I use vmx nics. dmesg i

Re: About Intel C3000 eMMC

s and /var/db/acpi via this e-mail. Maybe it can be a starting point for a developer who wants to look. Thank you for reading. From: Aaron Mason Sent: Sunday, June 11, 2023 14:45 To: Valdrin MUJA Cc: MISC@openbsd.org Subject: Re: About Intel C3000 eMMC On Sun, J

About Intel C3000 eMMC

Hello OpenBSD, I'm trying to install OpenBSD 7.3 on a Cordoba Edge Gateway CPE(*) device manufactured by Silicom-USA. However, OpenBSD does not recognize the Intel C3000 eMMC (SOC type) disk that comes on it. Is there a way to run this? Thanks. Also you can find the dmesg output in the attachme

Re: Multi path routing with BGPD

, June 1, 2023 19:34 To: Valdrin MUJA Cc: MISC@openbsd.org Subject: Re: Multi path routing with BGPD On Mon, May 29, 2023 at 07:29:14PM +, Valdrin MUJA wrote: > Hello, > > I try to setup multipath routing environment with OpenBSD's bgpd. multipath != add-path. OpenBGPD current

Re: Cannot setup more than one WireGuard peer

Hi, It's because of preventing possible spoofs by each peer. from man wg(4) : The interface will accept tunneled traffic only from the peer configured with the most specific matching allowed IP address range for the incoming traffic, or drop it if no such match exists. That is, tunneled traffic

Re: High Interrupt After 7.3 Upgrade

Hi, I hit the same case too. It looks like there's something wrong with the ipi: I have a system where I am running the current OpenBSD kernel dated May 21. The systat output and the vmstat -i output do not match, and there are serious differences between them. For example, while the ip in vmstat

Re: Route based IPsec

> > On 31 May 2023, at 18:33, Claudio Jeker wrote: > > > > On Wed, May 31, 2023 at 08:35:45AM +1000, David Gwynne wrote: > >> > >> > >>> On 27 May 2023, at 21:40, Stuart Henderson > >>> wrote: > >>> > >>

Re: Route based IPsec

: > > On 2023-05-27, Valdrin MUJA wrote: >>Does OpenBSD have routed based IPsec support? > > Not yet. while you wait, it might be possible to configure a gif tunnel protected by ipsec transport mode. dlg

Multi path routing with BGPD

Hello, I try to setup multipath routing environment with OpenBSD's bgpd. As I understand from man page the keyword is add-path. Here is my environmental report: 1. In my lab I simulate two wan links for each device. 2. Each device also has a LAN network to announce. 3. In the middle of t

Route based IPsec

Hello, I need Route based IPsec solution to set up between a firewall device and my OpenBSD firewall. However, I am a little confused about this: I created more than one enc device, I did policy based routing with PF but no results. I guess this is not the intended use of interfaces like enc

Using veb instead of bridge at vpls section

Hello folks, I have successfully configured the VPLS by following the instruction on https://pawa.lt/posts/2018/01/vpls-with-openbsd/. Everything worked like a charm. But when I tried to use veb(4) instead of bridge(4) , I got 'Device Busy' error. I'm guessing ldpd(8) doesn't support the veb i

Re: increasing max value of rdomain/rtable

, Valdrin MUJA wrote: > I want to increase the number of rdomain/rtable from 255 to 1024. I will do > this at my own risk. I had a look at the kernel code but couldn't figure out > how to upgrade it. I would be very grateful if you could guide me on this. > Thanks in advance. I

increasing max value of rdomain/rtable

Hello, I want to increase the number of rdomain/rtable from 255 to 1024. I will do this at my own risk. I had a look at the kernel code but couldn't figure out how to upgrade it. I would be very grateful if you could guide me on this. Thanks in advance. -- Valdrin

Re: apu2e4 intermittent network freeze

Wow! "Parallel forwarding" with multiqueue on em(4) is so beautiful, like a dream. Should we hope that we will see those beautiful days very soon? From: owner-m...@openbsd.org on behalf of Hrvoje Popovski Sent: Monday, January 31, 2022 20:52 To: Amarendra Godbole

Re: Adding Password Protection to Single User Mode

From: Paul de Weerd Sent: Tuesday, July 6, 2021 17:36 To: Valdrin MUJA Cc: misc@openbsd.org Subject: Re: Adding Password Protection to Single User Mode On Tue, Jul 06, 2021 at 12:27:03PM +, Valdrin MUJA wrote: | Hi Folks, | | I want to add a small password protection mechani

Adding Password Protection to Single User Mode

Hi Folks, I want to add a small password protection mechanism to "boot -s" (single-user mode). Therefore, I'm working on /sys/stand/boot/boot.c, I've written some code in boot.c, and run "make", "make obj", "make install" in /sys/. However, I couldn't enable my update "boot" binary on startup.

Re: Howto measure pps at forwarding plane

wrote: > On 2021-06-10, Valdrin MUJA wrote: > > Hello, > > > > I'm trying to figure out how much packets are being forwarded on my OpenBSD > > firewall. > > Here a small script i wrote. > > > > > > #!/bin/sh > > > > > > VAL

Re: bind dhcpd to IP address

Thanks, working like a charm. From: owner-m...@openbsd.org on behalf of Stuart Henderson Sent: Thursday, June 10, 2021 12:15 PM To: misc@openbsd.org Subject: Re: bind dhcpd to IP address On 2021-06-10, Ralf Horstmann wrote: > Hi Valdrin, > > that setup works f

Howto measure pps at forwarding plane

Hello, I'm trying to figure out how much packets are being forwarded on my OpenBSD firewall. Here a small script i wrote. #!/bin/sh VAL1=`netstat -s | grep 'packets forwarded' | head -1 | awk -F ' ' '{print $1}'` sleep 1 VAL2=`netstat -s | grep 'packets forwarded' | head -1 | awk -F ' ' '{p

Ynt: bind dhcpd to IP address

Thanks. I'll give a try. Gönderen: Ralf Horstmann Gönderildi: 10 Haziran 2021 Perşembe 08:42 Kime: misc@openbsd.org Bilgi: Valdrin MUJA Konu: Re: bind dhcpd to IP address Hi Valdrin, that setup works fine. You would use "ip helper-address" o

bind dhcpd to IP address

Hi misc, I have 5 vlans terminated in Cisco switch as Layer 3. So the users' gateway is Cisco switch. The default gateway of Cisco switch is OpenBSD 6.9, which works as an office firewall. The switch also works as a dhcp server. However, I want OpenBSD office firewall to also act as a dhcp s

PPPoE mtu overwrites/ignores

Hello misc, I try to change mtu size of my pppoe client but somehow that value returns to 1492 after getting ip address from ISP. I've opened a ticket them and got replied as '' you could use mtu up to 1600.'' So no limitation at their side... I have simple pppoe config: inet 0.0.0.0 255.255.2

speedtest-cli gives too bad result

Hi, I think speedtest-cli port is misbehaving.When i run speedtest-cli under OpenBSD OS it scores less then 40Mbit/s. But when i use this openbsd device as a router i can get the real internet speed which is 400mbit/s. (IP Forward + PF + NAT) I deployed an OpenBSD server on vultr.com assuming t

Layer2 Tunneling Over pppoe(4)

Hi Misc, Can we set up egre(4), etherip(4) or vxlan(4) tunnel over pppoe ? Sent with [ProtonMail](https://protonmail.com) Secure Email.

PF route-to and divert-packet

Hi Misc, I’m trying to use policy based routing (route-to) with divert-packet feature. I’m just using example code written at divert’s man page. (man divert) I’ve two WAN interfaces which are pppoe0(default gw) and pppoe. Those pf rules works below: # pass in log quick on vether10 inet proto udp f

PF route-to and divert-packet

Hi Misc, I’m trying to use policy based routing (route-to) with divert-packet feature. I’m just using example code written at divert’s man page. (man divert) I’ve two wan interfaces which are pppoe0(default gw) and pppoe1 Those pf rules works below: # pass in log quick on vether10 inet proto

Measuring Routing Table Capacity

Hi Misc, I have a device which installed OpenBSD. I want to measure how many routes the routing table can hold? In brief, I want to measure the routing table's capacity. Is there any way to do it? Sent with [ProtonMail](https://protonmail.com) Secure Email.

OpenBSD 6.8 Relase Time

Hi Misc, I'm looking forward to OpenBSD 6.8 release. On OpenBSD 6.8 page, `Released Oct XXX` is writing.. https://www.openbsd.org/68.html When will it be released? Sent with [ProtonMail](https://protonmail.com) Secure Email.

pmap_unwire: wiring for pmap error

Hi Misc, I'm getting some error messages on dmesg but couldn't understand what's really going on. I have one binary running under OpenBSD 6.7 and it crashes few times in a day. Also, system is working slowly.For example, when I run "ifconfig" command it runs for a few seconds.. I see these error

pmap_unwire: wiring for pmap error

md64/compile/[GENERIC.MP](http://generic.mp/) Enter 'help' for information ukc> nkmempg nkmempages = 762729960 ukc> # uptime 5:02PM up 3:20, 3 users, load averages: 0.90, 0.84, 0.89 56 processes: 54 idle, 2 on processor up 3:21 CPU0 states: 0.8% user, 0.0% nice, 0.2% sys, 0.0% spin, 4.8% intr, 94.2% idle CPU1 states: 0.4% user, 0.0% nice, 0.4% sys, 0.0% spin, 0.0% intr, 99.2% idle CPU2 states: 7.6% user, 0.0% nice, 17.8% sys, 0.6% spin, 0.0% intr, 74.1% idle CPU3 states: 5.4% user, 0.0% nice, 14.4% sys, 0.6% spin, 0.0% intr, 79.6% idle CPU4 states: 6.0% user, 0.0% nice, 15.2% sys, 0.2% spin, 0.0% intr, 78.6% idle CPU5 states: 2.8% user, 0.0% nice, 5.8% sys, 0.0% spin, 0.0% intr, 91.4% idle CPU6 states: 1.6% user, 0.0% nice, 2.2% sys, 0.2% spin, 0.0% intr, 96.0% idle CPU7 states: 1.0% user, 0.0% nice, 1.0% sys, 0.0% spin, 0.0% intr, 98.0% idle Memory: Real: 1568M/6249M act/tot Free: 25G Cache: 4362M Swap: 0K/4103M -- Valdrin Muja

Poor divert-packet performance

Hi Misc, I'm making some trials and benchmarks about pf's divert. My test environment is like this; I have 2 Linux devices and I have an OpenBSD device which are directly connected to an OpenBSD Device. This OpenBSD device acts likes a router. Network settings in OpenBSD: - vertigo# if

Disabling OpenBSD Login Prompt

Hi Misc, I want to disable OpenBSD Login prompt at startup -and also after logging out-. Because I want to run my external program instead of ksh. There is an login prompt also in my program and I want to use it.  I updated the /etc/ttys ;  valdrin# cat /etc/ttys # # $OpenBSD: ttys,v

Ynt: Disabling OpenBSD Login Prompt

t and run my program. Gönderen: Kapetanakis Giannis adına owner-m...@openbsd.org Gönderildi: 10 Haziran 2020 Çarşamba 12:21 Kime: misc@openbsd.org Konu: Re: Disabling OpenBSD Login Prompt On 10/06/2020 12:03, Valdrin MUJA wrote: > Hi Misc, > > I want to disable OpenBSD Login prompt at st

Disabling OpenBSD Login Prompt

Hi Misc, I want to disable OpenBSD Login prompt at startup -and also after logging out-. Because I want to run my external program instead of ksh. There is an login prompt also in my program and I want to use it. I updated the /etc/ttys ; valdrin# cat /etc/ttys # # $OpenBSD: ttys,v 1.2 2

Re: Howto change login mechanism on OpenBSD

Hello Again, Actually I updated the /etc/ttys file and add my program instead of getty. However, after boot, there was still OpenBSD login prompt before my program started.  On the other hand, I tried chpass -s $myprogram $user, but still I'm faced with the same problem again, there was OpenBS

Howto change login mechanism on OpenBSD

Hi Misc, I have an interactive shell program which has an authentication section and I want to login via my program. How can I do that? Actually I want to run this program instead of /bin/ksh. I changed the root's shell with "chsh -s /bin/{my_program} root" command. However, when the system bo

Golang under Arm or Octeon

Hi Misc, I want to learn if there is any work-in-progress port for Golang under Arm or Octeon cpu architectures? Thanks. -- Best wishes Valdrin Muja

OpenBSD and SDN

switchd go on supporting new features which is already included on it’s roadmap? I’m trying to understand OpenBSD’s vision and hope that we could see more OpenBSD’s futuristic secure features. Thanks for reading my questions and have a nice weekend. -- Best wishes Valdrin Muja