Re: vmctl(8) pause never returns

2018-02-15 Thread Pratik Vyas 

* Abel Abraham Camarillo Ojeda  [2018-02-15 06:06:50 -0600]:


Synopsis:  vmctl(8) pause never returns
Category:  amd64
Environment:

   System  : OpenBSD 6.2
   Details : OpenBSD 6.2-current (GENERIC.MP) #5: Mon Feb 12
21:05:57 MST 2018

dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

   Architecture: OpenBSD.amd64
   Machine : amd64

Description:

   vmctl when called with numeric id of non existant vm stops
   indefinitely, but non when called with unknown name

How-To-Repeat:

   # vmd -dv
   doas vmd -dv
startup
failed to open /etc/vm.conf: No such file or directory

   [in another term]
   $ doas vmctl pause unknown; echo $?
vmctl: pause vm command failed: No such file or directory
0
   $ doas vmctl pause 1; echo $?
   [command is stuck here forever]

Fix:

   unknown


Hi Abel,

Thanks for the report.

I can reproduce this and see why it fails. Will send a diff to fix it today.

--
Pratik

Re: OpenBSD 6.2 IKED IPv6 Connections and address dropped

2018-02-15 Thread Remi Locherer 
On Thu, Feb 15, 2018 at 06:52:46PM -0200, R0me0 *** wrote:
> Hello guys!
> 
> I have a very weird issue, not sure if a bug, but seems.
> 
> Here my iked.conf
> 
> ikev2 "pufferfish"  passive esp from 0.0.0.0/0 to 192.10.10.0/24 \
>  local 10.10.10.10 peer any  \
>  ikesa enc aes-256 auth hmac-sha2-256 group modp2048 \
>  childsa enc aes-256 auth hmac-sha2-256 group modp2048 \
>  dstid pufferfish psk "mypsk" config address 192.10.10.15
> 
> My default gateway is fe80::1%vmx0
> 
> 
> If I run:
> 
> 
> /etc/rc.d/iked start
> 
> All IPV6 connections are dropped immediately .


iked does that to prevent traffic leakages. Either add IPv6 flows
to your iked.conf or start iked with "-6".


> 
> Even if I remove all IPV6 address from all interfaces I cant back
> 
> OpenBSD reboot is needed !
> 
> all patches applied using syspatch.
> 
> 
> 
> ping6 ::1
> PING ::1 (::1): 56 data bytes
> ping6: sendmsg: No route to host
> ping: wrote ::1 64 chars, ret=-1
> ^C
> --- ::1 ping statistics ---
> 1 packets transmitted, 0 packets received, 100.0% packet loss
> 
> 
> ping6 fe80::1%vmx0
> PING fe80::1%vmx0 (fe80::1%vmx0): 56 data bytes
> ping6: sendmsg: No route to host
> ping: wrote fe80::1%vmx0 64 chars, ret=-1
> ^C
> --- fe80::1%vmx0 ping statistics ---
> 1 packets transmitted, 0 packets received, 100.0% packet loss
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> *rebooting...OpenBSD 6.2 (GENERIC.MP ) #5: Fri Feb  2
> 23:02:19 CET 2018
> r...@syspatch-62-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 1056899072 (1007MB)avail mem = 1017901056
> (970MB)mpath0 at rootscsibus0 at mpath0: 256 targetsmainbus0 at rootbios0
> at mainbus0: SMBIOS rev. 2.7 @ 0xe0010 (242 entries)bios0: vendor Phoenix
> Technologies LTD version "6.00" date 04/05/2016bios0: VMware, Inc. VMware
> Virtual Platformacpi0 at bios0: rev 2acpi0: sleep states S0 S1 S4 S5acpi0:
> tables DSDT FACP BOOT APIC MCFG SRAT HPET WAETacpi0: wakeup devices
> PCI0(S3) USB_(S1) P2P0(S3) S1F0(S3) S2F0(S3) S8F0(S3) S16F(S3) S17F(S3)
> S18F(S3) S22F(S3) S23F(S3) S24F(S3) S25F(S3) PE40(S3) S1F0(S3) PE50(S3)
> [...]acpitimer0 at acpi0: 3579545 Hz, 24 bitsacpimadt0 at acpi0 addr
> 0xfee0: PC-AT compatcpu0 at mainbus0: apid 0 (boot processor)cpu0:
> Intel(R) Xeon(R) CPU E5-1650 v2 @ 3.50GHz, 3500.11 MHzcpu0:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,SSSE3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,ARATcpu0:
> 256KB 64b/line 8-way L2 cachecpu0: TSC frequency 3500112670 Hzcpu0: smt 0,
> core 0, package 0mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed
> rangescpu0: apic clock running at 65MHzcpu1 at mainbus0: apid 2
> (application processor)cpu1: Intel(R) Xeon(R) CPU E5-1650 v2 @ 3.50GHz,
> 3499.85 MHzcpu1:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,SSSE3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,ARATcpu1:
> 256KB 64b/line 8-way L2 cachecpu1: smt 0, core 0, package 2ioapic0 at
> mainbus0: apid 1 pa 0xfec0, version 11, 24 pinsacpimcfg0 at acpi0 addr
> 0xf000, bus 0-127acpihpet0 at acpi0: 14318179 Hzacpiprt0 at acpi0: bus
> 0 (PCI0)acpicpu0 at acpi0: C1(@1 halt!)acpicpu1 at acpi0: C1(@1
> halt!)"PNP0001" at acpi0 not configured"VMW0003" at acpi0 not
> configured"PNP0A05" at acpi0 not configuredacpiac0 at acpi0: AC unit
> onlinepvbus0 at mainbus0: VMwarevmt0 at pvbus0pci0 at mainbus0 bus 0pchb0
> at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x01ppb0 at pci0 dev 1
> function 0 "Intel 82443BX AGP" rev 0x01pci1 at ppb0 bus 1pcib0 at pci0 dev
> 7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x08pciide0 at pci0 dev 7
> function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel 0 configured to
> compatibility, channel 1 configured to compatibilitypciide0: channel 0
> disabled (no drives)pciide0: channel 1 disabled (no drives)piixpm0 at pci0
> dev 7 function 3 "Intel 82371AB Power" rev 0x08: SMBus disabled"VMware
> VMCI" rev 0x10 at pci0 dev 7 function 7 not configuredvga1 at pci0 dev 15
> function 0 "VMware SVGA II" rev 0x00wsdisplay0 at vga1 mux 1: console
> (80x25, vt100 emulation)wsdisplay0: screen 1-5 added (80x25, vt100
> emulation)mpi0 at pci0 dev 16 function 0 "Symbios Logic 53c1030" rev 0x01:
> apic 1 int 17mpi0: 0, firmware 1.3.41.32scsibus1 at

Re: xhci "NEC xHCI" controller problem without any kernel errors and messages

2018-02-15 Thread Denis 
The issue repeated on two different but the same family laptops.

I've tested it on Lenovo X220 i7 i2640 2.8GHz, and X220 i7 i2620 2.7GHz.
The overall configurations is identical except CPU frequency.

HDD loose block during R/W operation as in my previous post.

No any kernel errors present.

Thanks

On 2/2/2018 11:51 AM, Denis wrote:
> "Cannot read block" error when external HDD connected to "NEC xHCI"
> xhci0 controller in 5-15min of work.
> Just after "cannot read block" error is occurred HDD is unable to Read /
> Write by the system. Only reconnect can "reset" the error and HDD
> available for R/W again for some time.
>
> "Cannot read block" error is occurred while external data pass over xhci
> controller by reading / writing HDD (not in idle mode), in spite of both
> USB 3.0 cables has energy saving function what disables HDD spindle when
> it stays idle.
>
> Test conditions:
>
> - OpenBSD 6.2amd64 GENERIC.MP
> - X220 i7 laptop with USB3.0 NEC xHCI controller.
> - Seagate HDD connected trough "Norelsys NS106X" SATA 6Gb/s to USB3.0 cable.
> - The same HDD Tested with "Seagate USB3.0 cable " SATA 3Gb/s to USB3.0
> cable.
>
> By the kernel Norelsys cable detects as
> -
> umass0 at uhub1 port 1 configuration 1 interface 0 "Norelsys NS106X" rev
> 2.10/1.00 addr 2
> umass0: using SCSI over Bulk-Only
> scsibus4 at umass0: 2 targets, initiator 0
> sd2 at scsibus4 targ 1 lun 0:  SCSI4 0/direct fixed
> serial.
> -
>
> Seagate cable detects as
> -
> umass0 at uhub1 port 1 configuration 1 interface 0 "?? FreeAgent GoFlex"
> rev 3.00/0.11 addr 2
> umass0: using SCSI over Bulk-Only
> scsibus4 at umass0: 2 targets, initiator 0
> sd2 at scsibus4 targ 1 lun 0:  SCSI2
> 0/direct fixed
> -
>
> OpenBSD 6.2 (GENERIC.MP) #1: Thu Jan 18 11:09:28 UTC 2018
> r...@machine.net:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 8451125248 (8059MB)
> avail mem = 8192278528 (7812MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.6 @ 0xdae9c000 (64 entries)
> bios0: vendor LENOVO version "8DET72WW (1.42 )" date 02/18/2016
> bios0: LENOVO 5491C51
> acpi0 at bios0: rev 2
> acpi0: sleep states S0 S3 S4 S5
> acpi0: tables DSDT FACP SLIC SSDT SSDT SSDT HPET APIC MCFG ECDT ASF!
> TCPA SSDT SSDT DMAR UEFI UEFI UEFI
> acpi0: wakeup devices LID_(S3) SLPB(S3) IGBE(S4) EXP4(S4) EXP7(S4)
> EHC1(S3) EHC2(S3) HDEF(S4)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpihpet0 at acpi0: 14318179 Hz
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz, 2791.33 MHz
> cpu0:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
> cpu0: 256KB 64b/line 8-way L2 cache
> cpu0: TSC frequency 2791332320 Hz
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
> cpu0: apic clock running at 99MHz
> cpu0: mwait min=64, max=64, C-substates=0.2.1.1.2, IBE
> cpu1 at mainbus0: apid 1 (application processor)
> cpu1: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz, 2790.93 MHz
> cpu1:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
> cpu1: 256KB 64b/line 8-way L2 cache
> cpu1: smt 1, core 0, package 0
> cpu2 at mainbus0: apid 2 (application processor)
> cpu2: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz, 2790.93 MHz
> cpu2:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
> cpu2: 256KB 64b/line 8-way L2 cache
> cpu2: smt 0, core 1, package 0
> cpu3 at mainbus0: apid 3 (application processor)
> cpu3: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz, 2790.93 MHz
> cpu3:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,SENSOR,ARAT
> cpu3: 256KB 64b/line 8-way L2 cache
> cpu3: smt 1, core 1, package 0
> ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins
> acpimcfg0 at acpi0 addr 0xf800, bus 0-63
> acpiec0 at acpi0
> acpiprt0 at acpi0: bus 0

OpenBSD 6.2 IKED IPv6 Connections and address dropped

2018-02-15 Thread R0me0 *** 
Hello guys!

I have a very weird issue, not sure if a bug, but seems.

Here my iked.conf

ikev2 "pufferfish"  passive esp from 0.0.0.0/0 to 192.10.10.0/24 \
 local 10.10.10.10 peer any  \
 ikesa enc aes-256 auth hmac-sha2-256 group modp2048 \
 childsa enc aes-256 auth hmac-sha2-256 group modp2048 \
 dstid pufferfish psk "mypsk" config address 192.10.10.15

My default gateway is fe80::1%vmx0


If I run:


/etc/rc.d/iked start

All IPV6 connections are dropped immediately .

Even if I remove all IPV6 address from all interfaces I cant back

OpenBSD reboot is needed !

all patches applied using syspatch.



ping6 ::1
PING ::1 (::1): 56 data bytes
ping6: sendmsg: No route to host
ping: wrote ::1 64 chars, ret=-1
^C
--- ::1 ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss


ping6 fe80::1%vmx0
PING fe80::1%vmx0 (fe80::1%vmx0): 56 data bytes
ping6: sendmsg: No route to host
ping: wrote fe80::1%vmx0 64 chars, ret=-1
^C
--- fe80::1%vmx0 ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss







































































































































































*rebooting...OpenBSD 6.2 (GENERIC.MP ) #5: Fri Feb  2
23:02:19 CET 2018
r...@syspatch-62-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 1056899072 (1007MB)avail mem = 1017901056
(970MB)mpath0 at rootscsibus0 at mpath0: 256 targetsmainbus0 at rootbios0
at mainbus0: SMBIOS rev. 2.7 @ 0xe0010 (242 entries)bios0: vendor Phoenix
Technologies LTD version "6.00" date 04/05/2016bios0: VMware, Inc. VMware
Virtual Platformacpi0 at bios0: rev 2acpi0: sleep states S0 S1 S4 S5acpi0:
tables DSDT FACP BOOT APIC MCFG SRAT HPET WAETacpi0: wakeup devices
PCI0(S3) USB_(S1) P2P0(S3) S1F0(S3) S2F0(S3) S8F0(S3) S16F(S3) S17F(S3)
S18F(S3) S22F(S3) S23F(S3) S24F(S3) S25F(S3) PE40(S3) S1F0(S3) PE50(S3)
[...]acpitimer0 at acpi0: 3579545 Hz, 24 bitsacpimadt0 at acpi0 addr
0xfee0: PC-AT compatcpu0 at mainbus0: apid 0 (boot processor)cpu0:
Intel(R) Xeon(R) CPU E5-1650 v2 @ 3.50GHz, 3500.11 MHzcpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,SSSE3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,ARATcpu0:
256KB 64b/line 8-way L2 cachecpu0: TSC frequency 3500112670 Hzcpu0: smt 0,
core 0, package 0mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed
rangescpu0: apic clock running at 65MHzcpu1 at mainbus0: apid 2
(application processor)cpu1: Intel(R) Xeon(R) CPU E5-1650 v2 @ 3.50GHz,
3499.85 MHzcpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,MMX,FXSR,SSE,SSE2,SS,SSE3,PCLMUL,SSSE3,CX16,PCID,SSE4.1,SSE4.2,x2APIC,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,HV,NXE,RDTSCP,LONG,LAHF,PERF,ITSC,FSGSBASE,SMEP,ERMS,ARATcpu1:
256KB 64b/line 8-way L2 cachecpu1: smt 0, core 0, package 2ioapic0 at
mainbus0: apid 1 pa 0xfec0, version 11, 24 pinsacpimcfg0 at acpi0 addr
0xf000, bus 0-127acpihpet0 at acpi0: 14318179 Hzacpiprt0 at acpi0: bus
0 (PCI0)acpicpu0 at acpi0: C1(@1 halt!)acpicpu1 at acpi0: C1(@1
halt!)"PNP0001" at acpi0 not configured"VMW0003" at acpi0 not
configured"PNP0A05" at acpi0 not configuredacpiac0 at acpi0: AC unit
onlinepvbus0 at mainbus0: VMwarevmt0 at pvbus0pci0 at mainbus0 bus 0pchb0
at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x01ppb0 at pci0 dev 1
function 0 "Intel 82443BX AGP" rev 0x01pci1 at ppb0 bus 1pcib0 at pci0 dev
7 function 0 "Intel 82371AB PIIX4 ISA" rev 0x08pciide0 at pci0 dev 7
function 1 "Intel 82371AB IDE" rev 0x01: DMA, channel 0 configured to
compatibility, channel 1 configured to compatibilitypciide0: channel 0
disabled (no drives)pciide0: channel 1 disabled (no drives)piixpm0 at pci0
dev 7 function 3 "Intel 82371AB Power" rev 0x08: SMBus disabled"VMware
VMCI" rev 0x10 at pci0 dev 7 function 7 not configuredvga1 at pci0 dev 15
function 0 "VMware SVGA II" rev 0x00wsdisplay0 at vga1 mux 1: console
(80x25, vt100 emulation)wsdisplay0: screen 1-5 added (80x25, vt100
emulation)mpi0 at pci0 dev 16 function 0 "Symbios Logic 53c1030" rev 0x01:
apic 1 int 17mpi0: 0, firmware 1.3.41.32scsibus1 at mpi0: 16 targets,
initiator 7sd0 at scsibus1 targ 0 lun 0:  SCSI4
0/direct fixedsd0: 8192MB, 512 bytes/sector, 16777216 sectorsmpi0: target 0
Sync at 160MHz width 16bit offset 127 QAS 1 DT 1 IU 1ppb1 at pci0 dev 17
function 0 "VMware PCI" rev 0x02pci2 at ppb1 bus 2uhci0 at pci2 dev 0
function 0 "VMware UHCI" rev 0x00: apic 1 int 18ehci0 at pci2 dev 1
function 0 "VMware EHCI" rev 0x00: apic 1 int 19usb0 at ehci0: USB revision
2.0uhub0 at usb0 configuration 1 interface 0 "VMware EHCI root hub" rev
2.00/1.00 addr 1ahci0 at pci2 dev 3 function 0 "VMware AHCI" rev 0x00: apic
1 int 17, AHCI 1.3ahci0: port 0: 6.0Gb/sscsibus2 at ahci0: 32 targetscd0 at

Re: When installing to softraid, the OS installer creates an unnecessary EFI volume inside the softraid

2018-02-15 Thread Stuart Henderson 
On 2018/02/15 03:57, Tinker wrote:
> When you run the installer (e.g. flash "install62.fs" onto an USB
> memory stick) and install onto a softraid (e.g. by going into (S)hell
> mode at boot, creating a GPT partition table on your system drive e.g.
> "fdisk -igy -b 960 sd0", creating a softraid on sd0 using "bioctl" that
> then appears as sd2, and then install the OS on sd2), the installer
> will create an EFI boot partition on the inner softraid, even though
> that partition never will be used.

Not a huge surprise as the installer doesn't support softraid...
you can go behind its back and have some things work, but as you've
seen it isn't perfect.

Re: Bug in pf-logging, logging wrong rule number

2018-02-15 Thread Alexander Bluhm 
On Thu, Feb 15, 2018 at 10:25:07AM +0100, Illya Meyer wrote:
> I discovered a strange behaviour since OpenBSD 6.2 with pf logging, when 
> an "anchor" is in the ruleset of /etc/pf.conf. It logs in some cases the 
> rule number of the anchor and not the matching rule, although the 
> correct rule is used.

There is a still uncommited diff on tech@.  Sounds similar.
Can you try it?

https://marc.info/?l=openbsd-tech=151811546314589=2

bluhm

When installing to softraid, the OS installer creates an unnecessary EFI volume inside the softraid

2018-02-15 Thread Tinker 
Hi,

When you run the installer (e.g. flash "install62.fs" onto an USB
memory stick) and install onto a softraid (e.g. by going into (S)hell
mode at boot, creating a GPT partition table on your system drive e.g.
"fdisk -igy -b 960 sd0", creating a softraid on sd0 using "bioctl" that
then appears as sd2, and then install the OS on sd2), the installer
will create an EFI boot partition on the inner softraid, even though
that partition never will be used.

I guess what the installer does is "fdisk -igy -b 960" for any GPT
installation. If the destination block device is a softraid though, the
"-b 960" should be avoided. The user himself already took care of
ensuring that an EFI partition was provided on the parent block device.

Reproduction:

 * Flash install62 to a USB memory stick.
 * Boot the system from it
 * Go into (S)hell mode
 * Do "fdisk -igy -b 960 sd0"
 * Add a RAID partition e.g.
disklabel -E sd0
a a
(default offset)
(default size)
RAID(for RAID)
w
q
 * Do "bioctl -c C -r 8192 -l /dev/sd0a softraid0", type the password
 * Run "/install". When asked about device to install on, choose "sd2".
 * Complete the installation process

Bug:
The system will now have not only an EFI partition on sd0, but also one
on sd2.

This bug cannot be worked around except by modifying the install
script, as there is no suitable point at which the user could ctrl+Z
and then manually go into fdisk to remove the EFI partition and
reallocate that space to use.

This bug applies on OpenBSD 6.2 and I think I saw it in 6.0 or 6.1 also.

Thanks,
Tinker

Re: When installing to softraid, the OS installer creates an unnecessary EFI volume inside the softraid

2018-02-15 Thread Tinker 
On February 15, 2018 4:57 PM, Tinker  wrote:
>Hi,
..
> - Do "bioctl -c C -r 8192 -l /dev/sd0a softraid0", type the password

(And this creates sd2.)

> - Run "/install". When asked about device to install on, choose "sd2".

The specific interaction is:

Available disks are: sd0 sd1 sd2.
Which disk is the root disk? ('?' for details) [sd0] sd2
No valid MBR or GPT.
Use (W)hole disk MBR, whole disk (G)PT or (E)dit? [whole] gpt
Setting OpenBSD GPT partition to whole sd2...done.


The next step in the installer is disklabel.

This is where the unnecessary EFI partition sd2i is created.

It's about 430KB and creates no harm in itself, however it could
contribute indirectly to confusion and it is waste.

Fwd: Bug in pf-logging, logging wrong rule number (A0A2-7649-0969)

2018-02-15 Thread Illya Meyer 

The problem still exists in the -current-branch.



Betreff: Re: Bug in pf-logging, logging wrong rule number
Datum: Thu, 15 Feb 2018 14:02:00 +0100
Von: Otto Moerbeek 
An: Illya Meyer 

On Thu, Feb 15, 2018 at 01:29:55PM +0100, Illya Meyer wrote:


Am 15.02.2018 um 12:53 schrieb Otto Moerbeek:
> These fixes are not released as pacthes to 6.2.
> 
> -current is the development branch, which is different from a release

> branch. One way to try it is by installing a snapshot (of the
> development branch).
> 
> Snapshots can be found on your favorite mirror in pub/OpenBSD/snapshots

> and you can install them the same way as a release build.
> 
> 	-Otto


*Huffz* my first snapshot installation :o]

 Schnipp 8< 
OpenBSD 6.2-current (GENERIC.MP) #6: Tue Feb 13 20:16:11 MST 2018

Welcome to OpenBSD: The proactively secure Unix-like operating system.
 Schnapp 8< 

And unfortunately the problem is the same, still the wrong rule numbers :-(


OK, pleasse report this to bugs@

-Otto



Kind regards,
Illya



OpenBSD 6.2 (GENERIC.MP) #5: Wed Feb 14 23:11:22 CET 2018
r...@feuerwand.na.lokal:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4163919872 (3971MB)
avail mem = 4030709760 (3843MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xebfd0 (49 entries)
bios0: vendor American Megatrends Inc. version "5.6.5" date 12/13/2016
bios0: Thomas-Krenn.AG Default string
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT FIDT MCFG LPIT HPET SSDT SSDT SSDT UEFI
acpi0: wakeup devices PS2K(S3) PS2M(S3) XHC1(S4) PXSX(S4) PXSX(S4) PXSX(S4) 
PXSX(S4) PWRB(S0)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Celeron(R) CPU N2930 @ 1.83GHz, 1833.75 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu0: 1MB 64b/line 16-way L2 cache
cpu0: TSC frequency 1833749940 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 83MHz
cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3.3, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Celeron(R) CPU N2930 @ 1.83GHz, 1833.34 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu1: 1MB 64b/line 16-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Celeron(R) CPU N2930 @ 1.83GHz, 1833.34 MHz
cpu2: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu2: 1MB 64b/line 16-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Celeron(R) CPU N2930 @ 1.83GHz, 1833.34 MHz
cpu3: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu3: 1MB 64b/line 16-way L2 cache
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 1 pa 0xfec0, version 20, 87 pins
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (RP01)
acpiprt2 at acpi0: bus 2 (RP02)
acpiprt3 at acpi0: bus 3 (RP03)
acpiprt4 at acpi0: bus 4 (RP04)
acpiec0 at acpi0: not present
acpicpu0 at acpi0: C1(@1 halt!), PSS
acpicpu1 at acpi0: C1(@1 halt!), PSS
acpicpu2 at acpi0: C1(@1 halt!), PSS
acpicpu3 at acpi0: C1(@1 halt!), PSS
acpipwrres0 at acpi0: PLPE
acpipwrres1 at acpi0: PLPE
acpipwrres2 at acpi0: USBC, resource for EHC1, OTG1
acpipwrres3 at acpi0: CLK0, resource for CAM1
acpipwrres4 at acpi0: CLK1, resource for CAM0, CAM2
"MSFT0001" at acpi0 not configured
"MSFT0003" at acpi0 not configured
"DMA0F28" at acpi0 not configured
acpibtn0 at acpi0: PWRB
acpibtn1 at acpi0: SLPB
"INTCF0B" at acpi0 not configured
"INTCF1A" at acpi0 not configured
"INTCF1C" at acpi0 not configured
"SMO91D0" at acpi0 not configured
"MXT3432" at acpi0 not configured
acpivideo0 at acpi0: GFX0
cpu0: Enhanced SpeedStep 1833 MHz: speeds: 1827, 1826, 1660, 1494, 1328, 1162, 
996, 830, 498 MHz

vmctl(8) pause never returns

2018-02-15 Thread Abel Abraham Camarillo Ojeda 
>Synopsis:  vmctl(8) pause never returns
>Category:  amd64
>Environment:
System  : OpenBSD 6.2
Details : OpenBSD 6.2-current (GENERIC.MP) #5: Mon Feb 12
21:05:57 MST 2018

dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

Architecture: OpenBSD.amd64
Machine : amd64
>Description:
vmctl when called with numeric id of non existant vm stops
indefinitely, but non when called with unknown name
>How-To-Repeat:
# vmd -dv
doas vmd -dv
startup
failed to open /etc/vm.conf: No such file or directory

[in another term]
$ doas vmctl pause unknown; echo $?
vmctl: pause vm command failed: No such file or directory
0
$ doas vmctl pause 1; echo $?
[command is stuck here forever]
>Fix:
unknown
To: bugs@openbsd.org
Subject: vmctl(8) pause never returns

>Synopsis:  vmctl(8) pause never returns
>Category:  amd64
>Environment:
System  : OpenBSD 6.2
Details : OpenBSD 6.2-current (GENERIC.MP) #5: Mon Feb 12 21:05:57 
MST 2018
 
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP

Architecture: OpenBSD.amd64
Machine : amd64
>Description:
vmctl when called with numeric id of non existant vm stops
indefinitely, but non when called with unknown name
>How-To-Repeat:
# vmd -dv
doas vmd -dv
startup
failed to open /etc/vm.conf: No such file or directory

[in another term]
$ doas vmctl pause unknown; echo $?
vmctl: pause vm command failed: No such file or directory
0
$ doas vmctl pause 1; echo $?
[command is stuck here forever]
>Fix:
unknown

dmesg:
OpenBSD 6.2-current (GENERIC.MP) #5: Mon Feb 12 21:05:57 MST 2018
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8517390336 (8122MB)
avail mem = 8252248064 (7869MB)
enter_shared_special_pages: entered idt page va 0x8001 pa 0x1d5a000
enter_shared_special_pages: entered kutext page va 0x81832000 pa 
0x1832000
enter_shared_special_pages: entered kutext page va 0x81833000 pa 
0x1833000
enter_shared_special_pages: entered kutext page va 0x81834000 pa 
0x1834000
enter_shared_special_pages: entered kudata page va 0x81ac9000 pa 
0x1ac9000
cpu_enter_pages: entered tss+gdt page at va 0x81ab4000 pa 0x1ab4000
cpu_enter_pages: entered t.stack page at va 0x81ab5000 pa 0x1ab5000
cpu_enter_pages: cif_tss.tss_rsp0 = 0x81ab53e0
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xeed90 (55 entries)
bios0: vendor American Megatrends Inc. version "1605" date 10/25/2012
bios0: ASUSTeK COMPUTER INC. M5A97
acpi0 at bios0: rev 2
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP APIC MCFG HPET SSDT IVRS
acpi0: wakeup devices SBAZ(S4) UAR1(S4) P0PC(S4) UHC1(S4) UHC2(S4) USB3(S4) 
UHC4(S4) USB5(S4) UHC6(S4) UHC7(S4) PE20(S4) PE21(S4) PE22(S4) PE23(S4) 
PC02(S4) PC04(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 32 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
lapic_map: entered lapic page va 0x81aa8000 pa 0xfee0
cpu0 at mainbus0: apid 16 (boot processor)
cpu0: AMD FX(tm)-6300 Six-Core Processor, 3512.13 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,TOPEXT,CPCTR,ITSC,BMI1
cpu0: 64KB 64b/line 2-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 
16-way L2 cache, 8MB 64b/line 64-way L3 cache
cpu0: ITLB 48 4KB entries fully associative, 24 4MB entries fully associative
cpu0: DTLB 64 4KB entries fully associative, 64 4MB entries fully associative
acpitimer0: recalibrated TSC frequency 3511734282 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 200MHz
cpu0: mwait min=64, max=64, IBE
cpu1 at mainbus0cpu_enter_pages: entered tss+gdt page at va 0x800021ff8000 
pa 0x10f648000
cpu_enter_pages: entered t.stack page at va 0x800021ff9000 pa 0x10f649000
cpu_enter_pages: cif_tss.tss_rsp0 = 0x800021ff93e0
: apid 17 (application processor)
cpu1: AMD FX(tm)-6300 Six-Core Processor, 3511.72 MHz
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,HTT,SSE3,PCLMUL,MWAIT,SSSE3,FMA3,CX16,SSE4.1,SSE4.2,POPCNT,AES,XSAVE,AVX,F16C,NXE,MMXX,FFXSR,PAGE1GB,RDTSCP,LONG,LAHF,CMPLEG,SVM,EAPICSP,AMCR8,ABM,SSE4A,MASSE,3DNOWP,OSVW,IBS,XOP,SKINIT,WDT,FMA4,TCE,NODEID,TBM,TOPEXT,CPCTR,ITSC,BMI1
cpu1: 64KB 64b/line 2-way I-cache, 16KB 64b/line 4-way D-cache, 2MB 64b/line 
16-way L2 cache, 8MB 64b/line 64-way L3 cache
cpu1: ITLB 48 4KB entries fully associative, 24 4MB

Re: Bug in pf-logging, logging wrong rule number

2018-02-15 Thread Otto Moerbeek 
On Thu, Feb 15, 2018 at 10:25:07AM +0100, Illya Meyer wrote:

> Hello OpenBSD-Team,
> 
> I discovered a strange behaviour since OpenBSD 6.2 with pf logging, when an
> "anchor" is in the ruleset of /etc/pf.conf. It logs in some cases the rule
> number of the anchor and not the matching rule, although the correct rule is
> used.
> 
> I discovered the problem on three different machines (all AMD64).
> 
> Notes:
> - Occured since 6.2, 6.1 works as expected.
> - Without quick-rules, it logs always the anchor rule number.
> - With quick-rules, it logs the correct rule number, if the
>   matching rule is before the anchor and the anchor rule number,
>   if the rule matches is after the anchor.
> 
> I build a test without quick rules.
> 
> If you need more information, don't hesistate to contact me.
> 
> Thank you for your time and your work
> Illya Meyer

Does this still happen on current? There were some fixes by sashan@
related to anchors about two months ago.

-Otto

> 
> = Test environment =
> 
> OS: OpenBSD 6.2 (full patched)
> Machine: AMD64
> 
> ++   +-+   +-+
> | Client |---em0-| OpenBSD |-em1---| LAN |
> ++   +-+   +-+
> 
> OpenBSD is configured as bridge, but it is not necessary for producing the
> error.
> 
> Client: Linux on 10.69.245.50/16 attached on em0
> 
> OpenBSD:
>  hostname.em0 
> inet 10.69.228.156 255.255.0.0
>  /hostname.em0 
> 
>  hostname.em1 
> up
>  /hostname.em1 
> 
>  hostname.bridge0 
> add em0
> add em1
> up
>  /hostname.bridge0 
> 
>  sysctl.conf 
> net.inet.ip.forwarding=1
>  /sysctl.conf 
> 
>  1. Test 
> 
> Test without an anchor in the ruleset => Correct logging.
> 
>  pf.conf 
> int=em0
> ext=em1
> 
> set skip on lo
> 
> block in log on $ext from any to any
> block out log on $ext from any to any
> 
> pass out log on $ext proto tcp from any to any port 22
>  /pf.conf 
> 
>  pfctl -s rules | nl -v 0 
>  0  block drop in log on em1 all
>  1  block drop out log on em1 all
>  2  pass out log on em1 proto tcp from any to any port = 22 flags S/SA
>  /pfctl -s rules | nl -v 0 
> 
> > Logging with: tcpdump -nettti pflog0 src 10.69.245.50
> 
> Result (correct):
> > ping 10.69.0.1
> Feb 14 22:46:37.928813 rule 1/(match) block out on em1: 10.69.245.50 >
> 10.69.0.1: icmp: echo request (DF)
> 
> > ssh login@10.69.0.253
> Feb 14 22:47:19.519580 rule 2/(match) pass out on em1: 10.69.245.50.41986 >
> 10.69.0.253.22: S 1682236102:1682236102(0) win 29200  1460,sackOK,timestamp 201134 0,nop,wscale 7> (DF)
> 
> 
>  2. Test 
> 
> Test with an anchor in the ruleset => Incorrect logging.
> 
>  pf.conf 
> int=em0
> ext=em1
> 
> set skip on lo
> 
> block in log on $ext from any to any
> block out log on $ext from any to any
> 
> anchor "test/*"
> 
> pass out log on $ext proto tcp from any to any port 22
>  /pf.conf 
> 
>  pfctl -s rules | nl -v 0 
>  0  block drop in log on em1 all
>  1  block drop out log on em1 all
>  2  anchor "test/*" all
>  3  pass out log on em1 proto tcp from any to any port = 22 flags S/SA
>  /pfctl -s rules | nl -v 0 
> 
> > Logging with: tcpdump -nettti pflog0 src 10.69.245.50
> 
> Result:
> > ping 10.69.0.1
> Feb 14 22:49:29.310651 rule 2/(match) block out on em1: 10.69.245.50 >
> 10.69.0.1: icmp: echo request (DF)
> 
> > ssh login@10.69.0.253
> Feb 14 22:49:48.225126 rule 2/(match) pass out on em1: 10.69.245.50.41988 >
> 10.69.0.253.22: S 3757241004:3757241004(0) win 29200  1460,sackOK,timestamp 238312 0,nop,wscale 7> (DF)
> 
> Expected:
> > ping 10.69.0.1
> ... rule 1/(match) ...
> 
> > ssh login@10.69.0.253
> ... rule 3/(match) ...
> 

> OpenBSD 6.2 (GENERIC.MP) #5: Wed Feb 14 23:11:22 CET 2018
> r...@feuerwand.na.lokal:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 4163919872 (3971MB)
> avail mem = 4030709760 (3843MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xebfd0 (49 entries)
> bios0: vendor American Megatrends Inc. version "5.6.5" date 12/13/2016
> bios0: Thomas-Krenn.AG Default string
> acpi0 at bios0: rev 2
> acpi0: sleep states S0 S3 S4 S5
> acpi0: tables DSDT FACP APIC FPDT FIDT MCFG LPIT HPET SSDT SSDT SSDT UEFI
> acpi0: wakeup devices PS2K(S3) PS2M(S3) XHC1(S4) PXSX(S4) PXSX(S4) PXSX(S4) 
> PXSX(S4) PWRB(S0)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Celeron(R) CPU N2930 @ 1.83GHz, 1833.75 MHz
> cpu0: 
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
> cpu0: 1MB 64b/line 16-way L2 cache
> cpu0:

Bug in pf-logging, logging wrong rule number

2018-02-15 Thread Illya Meyer 

Hello OpenBSD-Team,

I discovered a strange behaviour since OpenBSD 6.2 with pf logging, when 
an "anchor" is in the ruleset of /etc/pf.conf. It logs in some cases the 
rule number of the anchor and not the matching rule, although the 
correct rule is used.


I discovered the problem on three different machines (all AMD64).

Notes:
- Occured since 6.2, 6.1 works as expected.
- Without quick-rules, it logs always the anchor rule number.
- With quick-rules, it logs the correct rule number, if the
  matching rule is before the anchor and the anchor rule number,
  if the rule matches is after the anchor.

I build a test without quick rules.

If you need more information, don't hesistate to contact me.

Thank you for your time and your work
Illya Meyer

= Test environment =

OS: OpenBSD 6.2 (full patched)
Machine: AMD64

++   +-+   +-+
| Client |---em0-| OpenBSD |-em1---| LAN |
++   +-+   +-+

OpenBSD is configured as bridge, but it is not necessary for producing 
the error.


Client: Linux on 10.69.245.50/16 attached on em0

OpenBSD:
 hostname.em0 
inet 10.69.228.156 255.255.0.0
 /hostname.em0 

 hostname.em1 
up
 /hostname.em1 

 hostname.bridge0 
add em0
add em1
up
 /hostname.bridge0 

 sysctl.conf 
net.inet.ip.forwarding=1
 /sysctl.conf 

 1. Test 

Test without an anchor in the ruleset => Correct logging.

 pf.conf 
int=em0
ext=em1

set skip on lo

block in log on $ext from any to any
block out log on $ext from any to any

pass out log on $ext proto tcp from any to any port 22
 /pf.conf 

 pfctl -s rules | nl -v 0 
 0  block drop in log on em1 all
 1  block drop out log on em1 all
 2  pass out log on em1 proto tcp from any to any port = 22 flags S/SA
 /pfctl -s rules | nl -v 0 

> Logging with: tcpdump -nettti pflog0 src 10.69.245.50

Result (correct):
> ping 10.69.0.1
Feb 14 22:46:37.928813 rule 1/(match) block out on em1: 10.69.245.50 > 
10.69.0.1: icmp: echo request (DF)


> ssh login@10.69.0.253
Feb 14 22:47:19.519580 rule 2/(match) pass out on em1: 
10.69.245.50.41986 > 10.69.0.253.22: S 1682236102:1682236102(0) win 
29200  (DF)



 2. Test 

Test with an anchor in the ruleset => Incorrect logging.

 pf.conf 
int=em0
ext=em1

set skip on lo

block in log on $ext from any to any
block out log on $ext from any to any

anchor "test/*"

pass out log on $ext proto tcp from any to any port 22
 /pf.conf 

 pfctl -s rules | nl -v 0 
 0  block drop in log on em1 all
 1  block drop out log on em1 all
 2  anchor "test/*" all
 3  pass out log on em1 proto tcp from any to any port = 22 flags S/SA
 /pfctl -s rules | nl -v 0 

> Logging with: tcpdump -nettti pflog0 src 10.69.245.50

Result:
> ping 10.69.0.1
Feb 14 22:49:29.310651 rule 2/(match) block out on em1: 10.69.245.50 > 
10.69.0.1: icmp: echo request (DF)


> ssh login@10.69.0.253
Feb 14 22:49:48.225126 rule 2/(match) pass out on em1: 
10.69.245.50.41988 > 10.69.0.253.22: S 3757241004:3757241004(0) win 
29200  (DF)


Expected:
> ping 10.69.0.1
... rule 1/(match) ...

> ssh login@10.69.0.253
... rule 3/(match) ...

OpenBSD 6.2 (GENERIC.MP) #5: Wed Feb 14 23:11:22 CET 2018
r...@feuerwand.na.lokal:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4163919872 (3971MB)
avail mem = 4030709760 (3843MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.0 @ 0xebfd0 (49 entries)
bios0: vendor American Megatrends Inc. version "5.6.5" date 12/13/2016
bios0: Thomas-Krenn.AG Default string
acpi0 at bios0: rev 2
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT FIDT MCFG LPIT HPET SSDT SSDT SSDT UEFI
acpi0: wakeup devices PS2K(S3) PS2M(S3) XHC1(S4) PXSX(S4) PXSX(S4) PXSX(S4) 
PXSX(S4) PWRB(S0)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Celeron(R) CPU N2930 @ 1.83GHz, 1833.75 MHz
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,SMEP,ERMS,SENSOR,ARAT
cpu0: 1MB 64b/line 16-way L2 cache
cpu0: TSC frequency 1833749940 Hz
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 83MHz
cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3.3, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Celeron(R) CPU N2930 @ 1.83GHz, 1833.34 MHz
cpu1:

Re: ipsec issue since at least 6.2 on VIA CPUs with padlock

2018-02-15 Thread Renaud Allard 


On 02/14/2018 11:26 PM, Mike Belopuhov wrote:

> 
> Hi,
> 
> Thank you for your report, I think I forgot to convert bits to bytes.
> Please test the diff below.
> 
> Cheers,
> Mike
> 
> 
> diff --git sys/arch/amd64/amd64/via.c sys/arch/amd64/amd64/via.c
> index c0e1e540b12..818c35f53d0 100644
> --- sys/arch/amd64/amd64/via.c
> +++ sys/arch/amd64/amd64/via.c
> @@ -177,13 +177,13 @@ viac3_crypto_newsession(u_int32_t *sidp, struct 
> cryptoini *cri)
>   ses->ses_klen = c->cri_klen;
>   ses->ses_cw0 = cw0;
>  
>   /* Build expanded keys for both directions */
>   AES_KeySetup_Encrypt(ses->ses_ekey, c->cri_key,
> - c->cri_klen);
> + c->cri_klen / 8);
>   AES_KeySetup_Decrypt(ses->ses_dkey, c->cri_key,
> - c->cri_klen);
> + c->cri_klen / 8);
>   for (i = 0; i < 4 * (AES_MAXROUNDS + 1); i++) {
>   ses->ses_ekey[i] = ntohl(ses->ses_ekey[i]);
>   ses->ses_dkey[i] = ntohl(ses->ses_dkey[i]);
>   }
>  
> diff --git sys/arch/i386/i386/via.c sys/arch/i386/i386/via.c
> index 860fa45c0ac..83a092c24b7 100644
> --- sys/arch/i386/i386/via.c
> +++ sys/arch/i386/i386/via.c
> @@ -178,13 +178,13 @@ viac3_crypto_newsession(u_int32_t *sidp, struct 
> cryptoini *cri)
>   ses->ses_klen = c->cri_klen;
>   ses->ses_cw0 = cw0;
>  
>   /* Build expanded keys for both directions */
>   AES_KeySetup_Encrypt(ses->ses_ekey, c->cri_key,
> - c->cri_klen);
> + c->cri_klen / 8);
>   AES_KeySetup_Decrypt(ses->ses_dkey, c->cri_key,
> - c->cri_klen);
> + c->cri_klen / 8);
>   for (i = 0; i < 4 * (AES_MAXROUNDS + 1); i++) {
>   ses->ses_ekey[i] = ntohl(ses->ses_ekey[i]);
>   ses->ses_dkey[i] = ntohl(ses->ses_dkey[i]);
>   }
>  
> 

Hi Mike,

That patch solved the issue. I was only able to test on i386, but I
suppose it's the same for amd64.

Thank you
Cheers




smime.p7s
Description: S/MIME Cryptographic Signature