Re: Constant rate mbuf leak

[Stuart Henderson]

ifconfig -A output (to show the interfaces including any tunnels/ppp/etc)
and describing what the system is doing might be helpful. any altq? nfs?
are you using AES crypto?

it would be good to get a good write-up into a PR so it's not lost
and so people who don't read misc will see it.


On 2011-02-11, Alan Wilkie a...@objcomp.com.au wrote:
 I have now upgraded my machine to OpenBSD 4.9-beta (GENERIC) #654: Wed 
 Feb  9 14:50:38 MST 2011, and I am still seeing a constant rate 
 consumption of mbufs.  I have tried a number of things (shutting down 
 all non-essential user processes, turning off network interfaces, etc), 
 but none have made any difference, the system consumes 256 byte mbufs at 
 a constant rate of 5 mbufs per second:

 # uptime  netstat -m
   3:23PM  up 26 mins, 3 users, load averages: 0.24, 0.35, 0.34
 8078 mbufs in use:
  7844 mbufs allocated to data
  117 mbufs allocated to packet headers
  117 mbufs allocated to socket names and addresses
 21/58/6144 mbuf 2048 byte clusters in use (current/peak/max)
 ...

 The system is very lightly loaded.  If I let it continue, the mbuf usage 
 increases to the point where the system becomes unusable.

 Can anybody point me in the right direction?  How can I figure out what 
 is allocating a data mbuf every 200ms?

 Thanks,

 Alan

 dmesg output follows:
 OpenBSD 4.9-beta (GENERIC) #654: Wed Feb  9 14:50:38 MST 2011
  t...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
 cpu0: Geode(TM) Integrated Processor by AMD PCS (AuthenticAMD 
 586-class) 500 MHz
 cpu0: FPU,DE,PSE,TSC,MSR,CX8,SEP,PGE,CMOV,CFLUSH,MMX
 real mem  = 536440832 (511MB)
 avail mem = 517533696 (493MB)
 mainbus0 at root
 bios0 at mainbus0: AT/286+ BIOS, date 20/70/03, BIOS32 rev. 0 @ 0xfac40
 pcibios0 at bios0: rev 2.0 @ 0xf/0x1
 pcibios0: pcibios_get_intr_routing - function not supported
 pcibios0: PCI IRQ Routing information unavailable.
 pcibios0: PCI bus #0 is the last bus
 bios0: ROM list: 0xc8000/0xa800
 cpu0 at mainbus0: (uniprocessor)
 amdmsr0 at mainbus0
 pci0 at mainbus0 bus 0: configuration mode 1 (bios)
 io address conflict 0x6100/0x100
 io address conflict 0x6200/0x200
 pchb0 at pci0 dev 1 function 0 AMD Geode LX rev 0x31
 glxsb0 at pci0 dev 1 function 2 AMD Geode LX Crypto rev 0x00: RNG AES
 vr0 at pci0 dev 6 function 0 VIA VT6105M RhineIII rev 0x96: irq 11, 
 address 00:00:24:ca:b3:74
 ukphy0 at vr0 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 
 0x004063, model 0x0034
 vr1 at pci0 dev 7 function 0 VIA VT6105M RhineIII rev 0x96: irq 5, 
 address 00:00:24:ca:b3:75
 ukphy1 at vr1 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 
 0x004063, model 0x0034
 vr2 at pci0 dev 8 function 0 VIA VT6105M RhineIII rev 0x96: irq 9, 
 address 00:00:24:ca:b3:76
 ukphy2 at vr2 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 
 0x004063, model 0x0034
 vr3 at pci0 dev 9 function 0 VIA VT6105M RhineIII rev 0x96: irq 12, 
 address 00:00:24:ca:b3:77
 ukphy3 at vr3 phy 1: Generic IEEE 802.3u media interface, rev. 3: OUI 
 0x004063, model 0x0034
 glxpcib0 at pci0 dev 20 function 0 AMD CS5536 ISA rev 0x03: rev 3, 
 32-bit 3579545Hz timer, watchdog, gpio
 gpio0 at glxpcib0: 32 pins
 pciide0 at pci0 dev 20 function 2 AMD CS5536 IDE rev 0x01: DMA, 
 channel 0 wired to compatibility, channel 1 wired to compatibility
 wd0 at pciide0 channel 0 drive 1: External Disk 0
 wd0: 1-sector PIO, LBA48, 238475MB, 488397168 sectors
 wd0(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 2
 pciide0: channel 1 ignored (disabled)
 ohci0 at pci0 dev 21 function 0 AMD CS5536 USB rev 0x02: irq 15, 
 version 1.0, legacy support
 ehci0 at pci0 dev 21 function 1 AMD CS5536 USB rev 0x02: irq 15
 usb0 at ehci0: USB revision 2.0
 uhub0 at usb0 AMD EHCI root hub rev 2.00/1.00 addr 1
 isa0 at glxpcib0
 isadma0 at isa0
 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
 com0: console
 com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
 pckbc0 at isa0 port 0x60/5
 pckbd0 at pckbc0 (kbd slot)
 pckbc0: using irq 1 for kbd slot
 wskbd0 at pckbd0: console keyboard
 pcppi0 at isa0 port 0x61
 spkr0 at pcppi0
 nsclpcsio0 at isa0 port 0x2e/2: NSC PC87366 rev 9: GPIO VLM TMS
 gpio1 at nsclpcsio0: 29 pins
 npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
 usb1 at ohci0: USB revision 1.0
 uhub1 at usb1 AMD OHCI root hub rev 1.00/1.00 addr 1
 biomask e5c5 netmask ffe5 ttymask 
 mtrr: K6-family MTRR support (2 registers)
 ulpt0 at uhub1 port 1 configuration 1 interface 0 HewLett Packard HP 
 LaserJet 1200 rev 1.10/1.00 addr 2
 ulpt0: using bi-directional mode
 vscsi0 at root
 scsibus0 at vscsi0: 256 targets
 softraid0 at root
 root on wd0a swap on wd0b dump on wd0b

HI,misc: E-100數碼電話系統36個月免息分期，出機低至HK$250!

[twitterforyou]

Having problems viewing this email? Please click here.For enquiry, please send 
email to powert...@epromotion.com.hk 

eg!f3i1h.d;%d8ge'e.9oh+f   f-$.ef   
d;;d=f%h)h+i;i5h3  powert...@epromotion.com.hk













eff(d8
f3e
f6e0fegd?!d;6oh+fih#ie.

Important Notice: Base on the Unsolicited Electronic Messages Ordinance, if you 
DO NOT want to receive any promotional email messages from us in the future, 
please kindly reply this e-mail for DELETION. If you would like to continue to 
receive our promotional email massages, you do not need to reply us.

Re: Bypassing ssh for ipsec transport flows

[G Douglas Davidson]

On Feb 8, 2011, at 10:20 AM, G Douglas Davidson wrote:

 I'm attempting to exclude ssh traffic from host to host IPSec transport
 traffic.  And not having much success on the OpenBSD side (OpenBSD to
 Racoon.)

 Here's what ipsec.conf looks like:

 --- ipsec.conf ---
  flow esp proto tcp from any to any port 22 type bypass

  ike esp transport from 10.222.0.1 to 10.222.0.100 \
local 10.222.0.1 peer 10.222.0.100 \
main auth hmac-sha1 enc aes group modp1024 \
quick auth hmac-sha1 enc aes group modp1024
 --- end ipsec.conf ---

 I've attempted to define the manual bypass flow in different places, but
 whenever the transport connection takes place, it seems that the flow set
up
 by the ike line takes precedence:

 --- ipsecctl -s output ---
 # ipsecctl -s all
 FLOWS:
 flow esp in from 10.222.0.100 to 10.222.0.1 peer 10.222.0.100 srcid
 10.222.0.1/32 dstid 10.222.0.100/32 type use
 flow esp out from 10.222.0.1 to 10.222.0.100 peer 10.222.0.100 srcid
 10.222.0.1/32 dstid 10.222.0.100/32 type require
 flow esp in proto tcp from ::/0 port ssh to ::/0 type bypass
 flow esp out proto tcp from ::/0 to ::/0 port ssh type bypass
 flow esp in proto tcp from 0.0.0.0/0 port ssh to 0.0.0.0/0 type bypass
 flow esp out proto tcp from 0.0.0.0/0 to 0.0.0.0/0 port ssh type bypass

 SAD:
 esp transport from 10.222.0.1 to 10.222.0.100 spi 0x0b68c273 auth hmac-sha1
 enc aes
 esp transport from 10.222.0.100 to 10.222.0.1 spi 0xf43c72ff auth hmac-sha1
 enc aes
 --- end ipsecctl -s output ---

 The result is that non-ssh traffic properly uses the esp transport flow:

 --- tcpdump with icmp ping ---
 # tcpdump -i vr1 -n host 10.222.0.100
 tcpdump: listening on vr1, link-type EN10MB
 10:11:49.244065 esp 10.222.0.100  10.222.0.1 spi 0xf43c72ff seq 41 len 116
 10:11:49.244400 esp 10.222.0.1  10.222.0.100 spi 0x0b68c273 seq 55 len 116
 10:11:50.244212 esp 10.222.0.100  10.222.0.1 spi 0xf43c72ff seq 42 len 116
 10:11:50.244549 esp 10.222.0.1  10.222.0.100 spi 0x0b68c273 seq 56 len 116
 --- end tcpdump ---

 Yet ssh traffic is coming in unencrypted, bypassing ipsec, but it sent back
 out via the ipsec channel (not bypassing.)

 --- tcpdump with ssh traffic ---
 10:14:26.959883 10.222.0.100.49165  10.222.0.1.22: S
831634158:831634158(0)
 win 65535 mss 1460,nop,wscale 3,nop,nop,timestamp 609281851 0,sackOK,eol
 (DF)
 10:14:26.960191 esp 10.222.0.1  10.222.0.100 spi 0x0b68c273 seq 58 len 84
 10:14:26.960531 10.222.0.100.49165  10.222.0.1.22: . ack 4184984667 win
65535
 nop,nop,timestamp 609281851 1116915592 (DF)
 10:14:27.025871 esp 10.222.0.1  10.222.0.100 spi 0x0b68c273 seq 59 len 100
 (DF)
 10:14:27.026220 10.222.0.100.49165  10.222.0.1.22: . ack 22 win 65535
 nop,nop,timestamp 609281852 1116915592 (DF)
 --- end tcpdump ---

 I can't seem to find how to affect the order of flow processing.  Can the
 order the changed?  And is it a first match or first most specific match?

 Bit confused.  The idea is I'd like to be able to ssh to any box and fix a
 potentially broken ipsec setup.

 Thanks for any help!

 --doug


The solution to this issue requires that flows be specified manually, and
isakmpd must be run with the -Ka flags.  When ipsec.conf is processed, the
most recent line processed becomes the first one checked, potentially
overriding other rules (what happens when isakmpd is allowed to create flows).
So specifying flows manually, in reverse order from how one wishes them to be
checked, where the first match encountered determines what happens, is the way
to go.

#In this example, the ssh bypasses will be checked first, and so ssh traffic
will not occur over ipsec.
flow esp in from 10.222.1.13 to 10.222.0.1 type use
flow esp out from 10.222.0.1 to 10.222.1.13 type require

flow esp in proto tcp from 10.222.1.13 to 10.222.0.1 port ssh type bypass
flow esp in proto tcp from 10.222.1.13 port ssh to 10.222.0.1 type bypass

And, in messing around with this, it's even nicer to set up a default tunnel
to the gateway for non local subnet traffic (and the source gateway to host
traffic), while allowing local hosts with ipsec set up to use transport (rules
exists on non-gateway hosts), and finally having a default for traffic between
local hosts that are not on ipsec to use a bypass rule (again, rule exists on
non-gateway hosts).  I also set up a bypass rule for traffic moving between
ipsec ports.  This may be necessary with tunnels having endpoints over a local
subnet.

This seems to be a nice setup to protect wireless traffic via IPSec.
Something along these lines on the OpenBSD gateway.

flow esp from any to 10.222.1.13 peer 10.222.1.13 type require

flow esp out proto udp from 10.222.0.1 port 500 to 10.222.1.13 port 500 type
bypass
flow esp in proto udp from 10.222.1.13 port 500 to 10.222.0.1 port 500 type
bypass

flow esp out proto tcp from 10.222.0.1 to 10.222.1.13 port 22 type bypass
flow esp in  proto tcp from 10.222.1.13 port 22 to 10.222.0.1 type bypass
flow esp in  proto tcp from 10.222.1.13 to 10.222.0.1 port 22 type 

OSPF6D on 4.7 not adding certain {passive} interfaces to RIB.

[a b]

Hi,

I've got a curious issue.

I have a simple ospf6d.conf as follows :
router-id 10.1.2.3
redistribute connected
redistribute static 
router-priority
10
area 0.0.0.0 {
hello-interval 3
router-dead-time 15
interface bnx1
{passive}
interface vlan5 {metric 5}
interface lo2 {passive}
interface lo6
{passive}
}


The loopback and vlan interfaces get added to the RIB without
problem.

bnx1 does not get added to the RIB unless I remove the {passive}
statement, in 
which case everything works fine.

All 4.7 errata have been
applied.

Has anyone come accross the same issue ?

Dmesg below.

Thanks
OpenBSD 4.7 (GENERIC.MP) #1: Fri Feb 11 22:42:45 UTC 2011
r...@example.com:/usr/src/sys/arch/i386/compile/GENERIC.MP
cpu0: Intel(R)
Xeon(R) CPU E5504 @ 2.00GHz (GenuineIntel 686-class) 2.01 GHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,
xTPR

real mem  = 3747373056 (3573MB)
avail mem = 3647221760 (3478MB)
mainbus0
at root
bios0 at mainbus0: AT/286+ BIOS, date 12/31/99, BIOS32 rev. 0 @
0xf, SMBIOS 
rev. 2.6 @ 0xdf7fe000 (127 entries)
bios0: vendor HP version
P64 date 03/30/2010
bios0: HP ProLiant DL360 G6
acpi0 at bios0: rev 2
acpi0:
tables DSDT FACP SPCR MCFG HPET  SPMI ERST APIC SRAT  BERT HEST 
DMAR
SSDT SSDT SSDT SSDT SSDT
acpi0: wakeup devices
acpitimer0 at acpi0: 3579545
Hz, 24 bits
acpihpet0 at acpi0: 14318179 Hz
acpimadt0 at acpi0 addr
0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0:
unknown i686 model 0x1a, can't get bus clock (0x0)
cpu0: apic clock running at
133MHz
cpu1 at mainbus0: apid 4 (application processor)
cpu1: Intel(R) Xeon(R)
CPU E5504 @ 2.00GHz (GenuineIntel 686-class) 2.01 GHz
cpu1:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,
xTPR

cpu2 at mainbus0: apid 2 (application processor)
cpu2: Intel(R) Xeon(R)
CPU E5504 @ 2.00GHz (GenuineIntel 686-class) 2.01 GHz
cpu2:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,
xTPR

cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Xeon(R)
CPU E5504 @ 2.00GHz (GenuineIntel 686-class) 2.01 GHz
cpu3:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUS
H,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,MWAIT,DS-CPL,VMX,EST,TM2,CX16,
xTPR

ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins
ioapic1
at mainbus0: apid 0 pa 0xfec8, version 20, 24 pins
acpiprt0 at acpi0: bus
1 (IP2P)
acpiprt1 at acpi0: bus -1 (IPT1)
acpiprt2 at acpi0: bus 3 (PT01)
acpiprt3 at acpi0: bus 10 (PT02)
acpiprt4 at acpi0: bus 7 (PT03)
acpiprt5 at
acpi0: bus 11 (PT04)
acpiprt6 at acpi0: bus 12 (PT05)
acpiprt7 at acpi0: bus
13 (PT06)
acpiprt8 at acpi0: bus 14 (PT07)
acpiprt9 at acpi0: bus 2 (PT08)
acpiprt10 at acpi0: bus 4 (PT09)
acpiprt11 at acpi0: bus 15 (PT0A)
acpiprt12
at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0: C3, C3, C1
acpicpu1 at acpi0: C3,
C3, C1
acpicpu2 at acpi0: C3, C3, C1
acpicpu3 at acpi0: C3, C3, C1
acpitz0 at
acpi0: critical temperature 31 degC
bios0: ROM list: 0xc/0xb000
0xcb000/0x3600! 0xce600/0x2c00! 0xd1200/0x4000
ipmi at mainbus0 not configured
cpu0: EST: PSS not yet available for this processor
pci0 at mainbus0 bus 0:
configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Intel 5520 Host
rev 0x13
ppb0 at pci0 dev 1 function 0 Intel X58 PCIE rev 0x13
pci1 at ppb0
bus 3
ciss0 at pci1 dev 0 function 0 Hewlett-Packard Smart Array rev 0x01:
apic 0 
int 4 (irq 7)
ciss0: 1 LD, HW rev 2, FW 3.00/3.00, 64bit fifo rro
scsibus0 at ciss0: 1 targets
sd0 at scsibus0 targ 0 lun 0: HP, LOGICAL
VOLUME, 3.00 SCSI3 0/direct fixed
sd0: 69973MB, 512 bytes/sec, 143305920 sec
total
ppb1 at pci0 dev 2 function 0 Intel X58 PCIE rev 0x13
pci2 at ppb1 bus
10
ppb2 at pci0 dev 3 function 0 Intel X58 PCIE rev 0x13
pci3 at ppb2 bus 7
em0 at pci3 dev 0 function 0 Intel PRO/1000 PT (82571EB) rev 0x06: apic 0
int 
0 (irq 7), address 00:15:17:ff:ff:ff
em1 at pci3 dev 0 function 1 Intel
PRO/1000 PT (82571EB) rev 0x06: apic 0 int 
10 (irq 11), address
00:15:17:ff:ff:ff
ppb3 at pci0 dev 4 function 0 Intel X58 PCIE rev 0x13
pci4
at ppb3 bus 11
ppb4 at pci0 dev 5 function 0 Intel X58 PCIE rev 0x13
pci5 at
ppb4 bus 12
ppb5 at pci0 dev 6 function 0 Intel X58 PCIE rev 0x13
pci6 at
ppb5 bus 13
ppb6 at pci0 dev 7 function 0 Intel X58 PCIE rev 0x13
pci7 at
ppb6 bus 14
ppb7 at pci0 dev 8 function 0 Intel X58 PCIE rev 0x13
pci8 at
ppb7 bus 2
bnx0 at pci8 dev 0 function 0 Broadcom BCM5709 rev 0x20: apic 0
int 7 (irq 7)
bnx1 at pci8 dev 0 function 1 Broadcom BCM5709 rev 0x20: apic
0 int 15 (irq 
11)
ppb8 at pci0 dev 9 function 0 Intel X58 PCIE rev 0x13
pci9 at ppb8 bus 4
ppb9 at pci0 dev 10 function 0 Intel X58 PCIE rev 0x13
pci10 at ppb9 bus 15
pchb1 at pci0 dev 13 function 0 vendor Intel, unknown

Re: Constant rate mbuf leak

[Lars Kotthoff]

 ifconfig -A output

lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33200
priority: 0
groups: lo
inet 127.0.0.1 netmask 0xff00
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
rl0: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500
lladdr xxx
priority: 0
media: Ethernet autoselect (none)
status: no carrier
inet xxx netmask 0xff00 broadcast xxx
inet6 xxx prefixlen 64 scopeid 0x1
rl1: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
lladdr xxx
priority: 0
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 xxx prefixlen 64 scopeid 0x2
rl2: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
lladdr xxx
priority: 0
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet6 xxx prefixlen 64 scopeid 0x3
inet xxx netmask 0xf800 broadcast xxx
ral0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500
lladdr xxx
priority: 4
groups: wlan
media: IEEE802.11 autoselect mode 11g hostap
status: active
ieee80211: nwid xxx chan xxx bssid xxx wpapsk xxx wpaprotos wpa1,wpa2 
wpaakms psk wpaciphers ccmp wpagroupcipher ccmp
inet6 xxx prefixlen 64 scopeid 0x4
inet xxx netmask 0x broadcast xxx
enc0: flags=0 mtu 1536
priority: 0
bridge0: flags=41UP,RUNNING mtu 1500
priority: 0
groups: bridge
pflog0: flags=141UP,RUNNING,PROMISC mtu 33200
priority: 0
groups: pflog

 altq? nfs?

Yes, both. Problem occurs without any of them as well though.

 are you using AES crypto?

Yes, encrypted partition backed by external USB disk.

 and describing what the system is doing might be helpful.

Not a whole lot. Mostly router and webserver. The load of the webserver does not
seem to make any difference though -- it's leaking mbufs at approximately the
same rate with virtually no load at all and max load (i.e. the 2MBit upstream
that my ISP gives me). Both no load and max has been sustained for several weeks
(I'm running a mirror now hence the high load), so I can definitely say that
it doesn't make a difference.

Lars

Invitacion Curso Expertos en Google.

[Mauricio Bravo R.]

Invitacisn a Curso Experto en Google y Posicionamiento Web Curso con sede
en:

Cd. de Mixico Viernes 4 de Marzo 2011

Guadalajara Viernes 11 de Marzo 2011

Canczn Viernes 18 de Marzo 2011

Tijuana Viernes 18 de Febrero 2011

Dirigido a Empresas que desean Mejorar su Posicionamiento Natural en
Buscadores.

Usuarios de Google Adwords interesados en Optimizar sus campaqas y
sistema de pago por click...

Interesados en publicidad masiva via correo electrsnico.

Para Mas informacisn visite Nuestra web GoogleparaNegocios.com

http://www.marketingengoogle.com/Curso_Posicionamiento_en_Google.php

Mauricio Bravo
Telefonos
55-56391597
01800-0440014

MarketingenGoogle.com

Twitter @negociosgoogle

alipm timeout

[Niels]

Hello
I'm running openbsd 4.8 stable and am having timeout errors with alipm. 
The machine hung during bootup and required a restart but it booted ok 
after that and now prints messages to the console and slows down. I 
checked out the stable branch just about right after installing it but 
didn't notice this until after updating the kernel to stable...


It looks like there is a known bug with alipm in 4.0 for sparc64 but I 
haven't found any mention of issues with i386. Should I just disable it 
in my kernel and run without it? - will this negatively affect the 
amount of energy the machine uses? I'm running this as a server/firewall 
for a small apt and so it will be on 24/7... Any known fixes or workarounds?


Thanks
Niels


dmesg:

OpenBSD 4.8-stable (GENERIC) #0: Wed Feb  9 21:25:55 EST 2011
r...@perry.my.domain:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: AMD Athlon(tm) Processor (AuthenticAMD 686-class, 256KB L2 
cache) 1.35 GHz
cpu0: 
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR

real mem  = 536358912 (511MB)
avail mem = 517627904 (493MB)
mainbus0 at root
bios0 at mainbus0: AT/286+ BIOS, date 02/21/01, BIOS32 rev. 0 @ 0xf0ef0, 
SMBIOS rev. 2.3 @ 0xf2ed0 (42 entries)
bios0: vendor Award Software, Inc. version ASUS A7A266 ACPI BIOS 
Revision 1002B date 02/21/2001

bios0: ASUSTeK Computer INC. A7A266
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
acpi at bios0 function 0x0 not configured
pcibios0 at bios0: rev 2.1 @ 0xf/0x17c2
pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xf16f0/208 (11 entries)
pcibios0: PCI Interrupt Router at 000:07:0 (Acer Labs M1533 ISA rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc/0xc800 0xd/0x4000! 0xd4000/0x800
cpu0 at mainbus0: (uniprocessor)
pci0 at mainbus0 bus 0: configuration mode 1 (bios)
pchb0 at pci0 dev 0 function 0 Acer Labs M1647 PCI rev 0x04
aliagp0 at pchb0
agp0 at aliagp0: aperture at 0xf800, size 0x400
ppb0 at pci0 dev 1 function 0 Acer Labs M5247 AGP/PCI-PC rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 NVIDIA GeForce2 MX rev 0xb2
wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
ohci0 at pci0 dev 2 function 0 Acer Labs M5237 USB rev 0x03: irq 9, 
version 1.0, legacy support
pciide0 at pci0 dev 4 function 0 Acer Labs M5229 UDMA IDE rev 0xc4: 
DMA, channel 0 configured to compatibility, channel 1 configured to 
compatibility

wd0 at pciide0 channel 0 drive 0: IBM-DTLA-307075
wd0: 16-sector PIO, LBA, 73308MB, 150136560 sectors
wd1 at pciide0 channel 0 drive 1: WDC WD200BB-75DEA0
wd1: 16-sector PIO, LBA, 19073MB, 39062500 sectors
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
wd1(pciide0:0:1): using PIO mode 4, Ultra-DMA mode 5
atapiscsi0 at pciide0 channel 1 drive 0
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: PLEXTOR, DVDR PX-716A, 1.06 ATAPI 
5/cdrom removable

atapiscsi1 at pciide0 channel 1 drive 1
scsibus1 at atapiscsi1: 2 targets
cd1 at scsibus1 targ 0 lun 0: SONY, DVD-ROM DDU1211, IYH1 ATAPI 
5/cdrom removable

cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2
cd1(pciide0:1:1): using PIO mode 4, Ultra-DMA mode 2
cmpci0 at pci0 dev 5 function 0 C-Media Electronics CMI8738/C3DX Audio 
rev 0x10: irq 9

audio0 at cmpci0
opl at cmpci0 not configured
mpu at cmpci0 not configured
ohci1 at pci0 dev 6 function 0 Acer Labs M5237 USB rev 0x03: irq 9, 
version 1.0, legacy support

pcib0 at pci0 dev 7 function 0 Acer Labs M1533 ISA rev 0x00
dc0 at pci0 dev 9 function 0 ADMtek AN983 rev 0x11: irq 9, address 
00:03:6d:20:3d:ac

acphy0 at dc0 phy 1: AC_UNKNOWN 10/100 PHY, rev. 0
xl0 at pci0 dev 10 function 0 3Com 3c905C 100Base-TX rev 0x6c: irq 5, 
address 00:50:da:12:44:41

bmtphy0 at xl0 phy 24: 3C905C internal PHY, rev. 4
TI TSB12LV23 FireWire rev 0x00 at pci0 dev 11 function 0 not configured
alipm0 at pci0 dev 17 function 0 Acer Labs M7101 Power rev 0x00: 74KHz 
clock

iic0 at alipm0
lm1 at iic0 addr 0x2d: AS99127F rev 2
iic0: addr 0x2f d0=00 d1=00 d2=00 d3=00 d4=00 e0=00 e1=00 e2=00 e3=00 
e4=00 e5=00 e6=00 e7=00 e8=00 e9=00 ea=00 eb=00 f6=f8 f7=10 words 
00= 01= 02= 03= 04= 05= 06= 07=

usb0 at ohci0: USB revision 1.0
uhub0 at usb0 Acer Labs OHCI root hub rev 1.00/1.00 addr 1
usb1 at ohci1: USB revision 1.0
uhub1 at usb1 Acer Labs OHCI root hub rev 1.00/1.00 addr 1
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask ff45 netmask ff65 ttymask 
mtrr: Pentium Pro MTRR 

Re: OSPF6D on 4.7 not adding certain {passive} interfaces to RIB.

[Manuel Guesdon]

Hi,

On Sun, 13 Feb 2011 12:50:52 + (GMT)
a b rclo...@yahoo.co.uk wrote:
| I've got a curious issue.
| 
...
| The loopback and vlan interfaces get added to the RIB without
| problem.
| 
| bnx1 does not get added to the RIB unless I remove the {passive}
| statement, in 
| which case everything works fine.
...
| Has anyone come accross the same issue ?

Yes, see:
http://wwhw.mail-archive.com/misc@openbsd.org/msg96980.html
  There a link to a patch from Patrick Coleman

http://www.openbsd.org/query-pr.html  
  Search PR 6559


Manuel 

Re: OSPF6D on 4.7 not adding certain {passive} interfaces to RIB.

[a b]

Awsome !

Thanks Manuel.

Think I'll hold out for it to become an errata patch
rather than applying the 
interim one.

I've also got an issue with BGPD not
complying with announce all when talking 
to an eBGP neighbor
(redistributing to a private ASN peer).  I'll do some more 
digging around the
PR database incase I've missed something, but if you know of 
something off
the top of your head like you did on this problem, feel free to 
let me know !
Thanks again !





- Original Message 
From: Manuel Guesdon
ml+openbsd.m...@oxymium.net
To: rclo...@yahoo.co.uk
Cc: misc@openbsd.org
Sent: Sun, 13 February, 2011 16:48:51
Subject: Re: OSPF6D on 4.7 not adding
certain {passive} interfaces to RIB.

Hi,

On Sun, 13 Feb 2011 12:50:52 +
(GMT)
a b rclo...@yahoo.co.uk wrote:
| I've got a curious issue.
| 
...
|
The loopback and vlan interfaces get added to the RIB without
| problem.
|
| bnx1 does not get added to the RIB unless I remove the {passive}
|
statement, in 
| which case everything works fine.
...
| Has anyone come
accross the same issue ?

Yes, see:
http://wwhw.mail-archive.com/misc@openbsd.org/msg96980.html
  There a link to
a patch from Patrick Coleman

http://www.openbsd.org/query-pr.html  
  Search
PR 6559


Manuel

Security: gnome-screensaver VS. switch user

[erikmccaskey64]

People usually suspend their laptop, so that they can continue their work 
when they open the laptop. OK!


Two choices [GNOME]:  


1 - Menu -gt; Shut Down -gt; Suspend
in this case, the gnome-screensaver locks the PC. but the gnome-screensaver is 
just a normal process, and it could be killed e.g.: 
http://securitytube.net/USB-Autorun-attacks-against-Linux-at-Shmoocon-2011-video.aspx
or using any method [video was just an example!!].






2 - Menu -gt; Log out -gt; Switch user -gt; Suspend
in this case, the GDM [???] protects the user [i mean it locks the PC from 
other users]




Which one is more secure/safer?

Re: Security: gnome-screensaver VS. switch user

[Antoine Jacoutot]

On Sun, 13 Feb 2011, erikmccaskey64 wrote:

 People usually suspend their laptop, so that they can continue their work 
 when they open the laptop. OK!
 
 
 Two choices [GNOME]:  
 
 
 1 - Menu -gt; Shut Down -gt; Suspend
 in this case, the gnome-screensaver locks the PC. but the gnome-screensaver 
 is just a normal process, and it could be killed e.g.: 
 http://securitytube.net/USB-Autorun-attacks-against-Linux-at-Shmoocon-2011-video.aspx
 or using any method [video was just an example!!].
 
 
 2 - Menu -gt; Log out -gt; Switch user -gt; Suspend
 in this case, the GDM [???] protects the user [i mean it locks the PC from 
 other users]
 
 
 Which one is more secure/safer?

There is no such 'Suspend' nor 'Switch user' menus in OpenBSD GNOME 
session, they're disabled. The only Suspend menu available is from GDM 
which will run zzz and at this point no one is logged in.
If you are able to see a 'Switch user' somewhere, please let me know how 
you achieved that...

-- 
Antoine

OpenBSD on plugcomputers

[Paolo Aglialoro]

Hi all,

there's much hype around about these plugcomputers which are going to spread
in the market.
Here are some interesting models:

http://www.ionicsplug.com/cirrus.html
http://www.tonidoplug.com/
http://www.globalscaletechnologies.com/p-41-dreamplug-devkit.aspx
http://www.globalscaletechnologies.com/p-32-guruplug-server-plus.aspx

Has anyone had experiences about installing OpenBSD on similar devices?
With which results?
Thanks

Re: OpenBSD on plugcomputers

[roberth]

On Sun, 13 Feb 2011 21:04:33 +0100
Paolo Aglialoro paol...@gmail.com wrote:

 Has anyone had experiences about installing OpenBSD on similar
 devices? With which results?

No.
Why?
The hardware is crap.
The idea itself is ok, but the execution is not up to expectations.
Overheating, breaking the hw, mostly related to the powersupply, ...
No point to consider them as a platform. Just read the user complaints.

Re: Security: gnome-screensaver VS. switch user

[Ted Unangst]

On Sun, Feb 13, 2011 at 3:26 PM, erikmccaskey64 erikmccaske...@zoho.com wrote:
 1 - Menu -gt; Shut Down -gt; Suspend
 in this case, the gnome-screensaver locks the PC. but the gnome-screensaver 
 is just a normal process, and it could be killed e.g.:
 http://securitytube.net/USB-Autorun-attacks-against-Linux-at-Shmoocon-2011-video.aspx
 or using any method [video was just an example!!].

wait, what?  you're concerned about security and you're using autorun?

Re: OpenBSD on plugcomputers

[Amit Kulkarni]

Know a person who brought a guru or sheeva plug, i forgot which one.
He had power supply issues...

On Sun, Feb 13, 2011 at 3:19 PM, roberth rob...@openbsd.pap.st wrote:
 On Sun, 13 Feb 2011 21:04:33 +0100
 Paolo Aglialoro paol...@gmail.com wrote:

 Has anyone had experiences about installing OpenBSD on similar
 devices? With which results?

 No.
 Why?
 The hardware is crap.
 The idea itself is ok, but the execution is not up to expectations.
 Overheating, breaking the hw, mostly related to the powersupply, ...
 No point to consider them as a platform. Just read the user complaints.

Re: OpenBSD on plugcomputers

[Josh Smith]

On Sunday, February 13, 2011, roberth rob...@openbsd.pap.st wrote:
 On Sun, 13 Feb 2011 21:04:33 +0100
 Paolo Aglialoro paol...@gmail.com wrote:

 Has anyone had experiences about installing OpenBSD on similar
 devices? With which results?

 No.
 Why?
 The hardware is crap.
 The idea itself is ok, but the execution is not up to expectations.
 Overheating, breaking the hw, mostly related to the powersupply, ...
 No point to consider them as a platform. Just read the user complaints.



I've had ok luck with my guruplug running debian, while I wouldn't
trust it to anything mission critical it's not been a horrible
platform to play around with and use for some minor home automation
tasks.

-- 
Josh Smith
KD8HRX
email/jabber:  juice...@gmail.com
phone:  304.237.9369(c)

Re: Constant rate mbuf leak

[Alan Wilkie]

I have located the mbuf leak, but I suspect not the root cause.  There 
was new code added in 4.8 concerning routing sockets that allocates an 
mbuf, but if a subsequent operation fails it schedules a timeout to 
retry and doesn't free the mbuf.  The rate of the timer is - no surprise 
- 5Hz.  The real question is why the routing socket operation fails in 
the first place, it must be something hardware specific or there would 
be lots more people suffering the same problem.


I'll put in a sendbug with all the details.

On 11/02/2011 3:31 PM, Alan Wilkie wrote:
I have now upgraded my machine to OpenBSD 4.9-beta (GENERIC) #654: 
Wed Feb  9 14:50:38 MST 2011, and I am still seeing a constant rate 
consumption of mbufs.  I have tried a number of things (shutting down 
all non-essential user processes, turning off network interfaces, 
etc), but none have made any difference, the system consumes 256 byte 
mbufs at a constant rate of 5 mbufs per second:


...

Re: OpenBSD on plugcomputers

[Nick Holland]

On 02/13/11 15:04, Paolo Aglialoro wrote:
 Hi all,
 
 there's much hype around about these plugcomputers which are going to spread
 in the market.

I've heard that.  many years ago, actually.
(heh.  Wikipedia says plug computers are only a couple years old.
That's not my memory.  Not worth me looking closer at this)
These will probably beat the flying car and controlled Fusion power
sources to serious market penetration, but...

 Here are some interesting models:
...

Before getting excited about these, go look at what has happened to
other stuff like this.

Usual process goes somewhere along the line of:

Developer spends a lot of time getting the OpenBSD toolchain ready for a
new platform, and fighting with the vendor of these Open-source
friendly (which should be read as Linux...and only THEIR
implementation) systems to get full (and accurate) documentation on the
hardware.

About the time the system is ready to be introduced as a mainstream
platform, several of the following happens:

* Manufacturer turns out to be a fraud.
* Manufacturer fails to make a profit and goes away.
* Manufacturer won't release documentation in a NDA-free, BSD compatible
way.
* Product is discontinued.
* Product is replaced by a new product which has almost the same model
number and same color case but none of the same guts, and thus is a
whole new product requiring a new porting effort.
* Availability proves to be a problem for people interested in buying.
* Cost is higher than superior hardware that already Just Works.
* Boot ROMs are buggier than the pile of dog droppings at a summer picnic.
* each new boot ROM revision breaks compatibility with existing code
(tested only on theirs!).
* Manufacturer discovers people are using the product in unintended ways
and revises the boot ROM to make booting an alternative OS more
difficult/impossible and incompatible with past porting effort.
* People discover the performance is that of a ten year old computer,
and they remember why they quit using ten year old computers.
* Manufacturer is found to have spent more time developing the website
and the hype machine than actually doing development of the product, and
success was defined as getting to a command prompt long enough to take
pictures.  I'll even go as far as to predict power supply problems,
just because that's usually what we see.

I suspect the people that coded for these things can add to this list.

Please feel free to build a box and not fulfill any of my above
predictions.  I look forward to being made to look like a fool, but I'm
not betting on it.

(I'm also having difficulty figuring out what to do with a wall-wart
format computer.  uh... I HATE wall warts!  Do we REALLY want to run
more wires to the wall wart?  I actually kinda like the NAS box format
systems -- a lot more practical for my uses, but which all suffered the
above problems, too)

Nick.

Re: Thinkpad x201 OBSD compatibility

[tkdchen]

2011/2/12 Vadim Zhukov persg...@gmail.com:
 On 11 February 2011 P3. 23:26:33 Chris wrote:
 I'm planning to buy a Thinkpad x201 laptop (not the tablet one) and
 wondering if anyone using it with OpenBSD at the moment. If so, is it
 100% OpenBSD compatible?

 Using X201i now. Almost all is working OK. Here are all problems I saw:

  - Bluetooth causes panics sometimes, especially after suspend/resume
 cycle. Do not try to disable radio while in OpenBSD. Also note that
 Bluetooth chip here does not allow to save even one key in his memory,
 but this looks like hardware limitation.

  - After switching away from X console is blank, but suspend/resume
 usually helps.

  - Note that Lenovo changed the fingerprint sensor, which is not
 supported by login_fingerprint.

  - NTFS causes problems exhausting kernel memory when, for example,
 running find(1) on Windows folder.

 All those are minorities, the machine itself works cool. I had no
 problems using OpenBSD, including lockups, except noted above.

 --
  Best wishes,
Vadim Zhukov

 A: Because it messes up the order in which people normally read text.
 Q: Why is top-posting such a bad thing?
 A: Top-posting.
 Q: What is the most annoying thing in e-mail?



Plus:
1. After resuming, USB doesn't work any more.
2. In X, when starting X, playing video using VLC, closing the
screensaver and resuming, the screen's brightness seems to be changed
to the maximum.
3. Also in X, machdep.lidsuspend would cause crash.