Re: Remove the mirrored site at openbsd.das.ufsc.br
Hi, We are working on it. I was responsible for keeping this mirror updated but, since 2010, there were significant changes in the lab (in a brazilian engineering school) and I have lost my account and ssh access to the machine. Trying to contact the so called "sysadmin" responsible was unsuccessfully. Next step is to get a car and go there. Thanks for the heads up! Cheers, Luciano. On 20 November 2015 at 22:15, Tae Wong wrote: > I want the mirrored site to be removed at the following location: > openbsd.das.ufsc.br > > The archived site is last updated in 2010.
pf match counter peak causes firewall to lag
Hello, I have issues with firewall lags while there is peak in match rule counter in pf. Normally it has match ratio of about 1500/sec, but several times a day it jumps to somewhere around 6k/sec and firewall lags, some traffic gets dropped. This takes a few seconds. Lag causes system to delay sending carp packets and sometimes backup box promotes itself to master and immediately back to backup. Sadly, after sending inverse ARP. I workarounded this issue by setting advbase to 10. Another problem is obviously with normal forwarding traffic, like lags in online games or iptv streams. There is no visible raise in cpu utilization, but cpu load goes from about 0.7 to 1.5 and there are packets getting dropped on wan interface. Box is Core i3 530 on Supermicro X8SIL with 2x1GB RAM, intel 40GB SSD, two 82574 and two 82571 NICs. In afternoon hours it is loaded on 40k/25k tx/rx pps on wan interface. Looking to systat vmstat, LAN and WAN nics are getting around 7.5k interrupts, while pfsync about 2.5-3k and interrupts in top take about 60-70%. I tried to switch NICs for i350, but it had no effect, same thing with openBSD versions, 5.6 5.7 and 5.8 have same behavior. I also tried to replacing other hardware like CPU for Xeon X3430 or motherboard S5500BC with Xeon E5620, but without effect. Happens also on backup box when it runs as master (same hw config). System is running GENERIC.MP stable amd64 kernel. I read in some discussions, that raising interrupt limit and rx/tx queue in em(4) driver or using broadcoms instead of intels might help, but didnt try it yet. Is there any way to determine what is causing the peaks and how to prevent them or getting system powerful enough to handle them? pfctl -si Status: Enabled for 0 days 22:12:20 Debug: err State Table Total Rate current entries66901 searches 500333027562588.6/s inserts 47704143 596.7/s removals47637242 595.9/s Counters match 96819915 1211.2/s bad-offset 00.0/s fragment18500.0/s short 860.0/s normalize 480.0/s memory7862289.8/s bad-timestamp 00.0/s congestion 3948624 49.4/s ip-option 243410.3/s proto-cksum00.0/s state-mismatch 1644853 20.6/s state-insert 4640.0/s state-limit00.0/s src-limit 00.0/s synproxy39480.0/s translate 00.0/s no-route 00.0/s kern.netlivelocks=1534 netstat -si em0 1500 1533962428 266567 955232172 0 0 em1 1500 979515291 8697 1526507571 0 0 em2 1500 6970941 0 140093911 0 0 em3*1500 0 00 0 0 OpenBSD 5.8-stable (GENERIC.MP) #1: Sun Nov 15 17:29:19 CET 2015 :/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2121859072 (2023MB) avail mem = 2053718016 (1958MB) mpath0 at root scsibus0 at mpath0: 256 targets mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.6 @ 0x9f000 (68 entries) bios0: vendor American Megatrends Inc. version "1.1" date 05/27/2010 bios0: Supermicro X8SIL acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP APIC MCFG OEMB HPET GSCI DMAR SSDT EINJ BERT ERST HEST acpi0: wakeup devices P0P1(S4) P0P3(S4) P0P4(S4) P0P5(S4) P0P6(S4) BR1E(S4) PS2K(S4) PS2M(S4) USB0(S4) USB1(S4) USB2(S4) USB3(S4) USB4(S4) USB5(S4) U SB6(S4) GBE_(S4) [...] acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Core(TM) i3 CPU 530 @ 2.93GHz, 2933.75 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL ,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCNT,NXE,LONG,LAHF,PERF,ITSC,SENSOR,ARAT cpu0: 256KB 64b/line 8-way L2 cache cpu0: smt 0, core 0, package 0 mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges cpu0: apic clock running at 133MHz cpu0: mwait min=64, max=64, C-substates=0.2.1.1, IBE cpu1 at mainbus0: apid 4 (application processor) cpu1: Intel(R) Core(TM) i3 CPU 530 @ 2.93GHz, 2933.34 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL ,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,POPCN
Re: pf match counter peak causes firewall to lag
On Sat, Nov 21, 2015 at 6:21 AM, Martin Hlavatý wrote: > I have issues with firewall lags while there is peak in match > rule counter in pf. Normally it has match ratio of about > 1500/sec, but several times a day it jumps to somewhere > around 6k/sec and firewall lags, some traffic gets dropped. > This takes a few seconds. > > Lag causes system to delay sending carp packets and > sometimes backup box promotes itself to master and > immediately back to backup. Sadly, after sending inverse ARP. > I workarounded this issue by setting advbase to 10. > > Another problem is obviously with normal forwarding traffic, > like lags in online games or iptv streams. > > There is no visible raise in cpu utilization, but cpu load goes > from about 0.7 to 1.5 and there are packets getting dropped > on wan interface. > > Box is Core i3 530 on Supermicro X8SIL with 2x1GB RAM, > intel 40GB SSD, two 82574 and two 82571 NICs. In afternoon > hours it is loaded on 40k/25k tx/rx pps on wan interface. > > Looking to systat vmstat, LAN and WAN nics are getting > around 7.5k interrupts, while pfsync about 2.5-3k > and interrupts in top take about 60-70%. > > I tried to switch NICs for i350, but it had no effect, same > thing with openBSD versions, 5.6 5.7 and 5.8 have same > behavior. I also tried to replacing other hardware like CPU > for Xeon X3430 or motherboard S5500BC with Xeon E5620, > but without effect. Happens also on backup box when it > runs as master (same hw config). > > System is running GENERIC.MP stable amd64 kernel. > > I read in some discussions, that raising interrupt limit and > rx/tx queue in em(4) driver or using broadcoms instead > of intels might help, but didnt try it yet. > > Is there any way to determine what is causing the peaks > and how to prevent them or getting system powerful > enough to handle them? > > pfctl -si > Status: Enabled for 0 days 22:12:20 Debug: err > > State Table Total Rate > current entries66901 > searches 500333027562588.6/s > inserts 47704143 596.7/s > removals47637242 595.9/s > Counters > match 96819915 1211.2/s > bad-offset 00.0/s > fragment18500.0/s > short 860.0/s > normalize 480.0/s > memory7862289.8/s > bad-timestamp 00.0/s > congestion 3948624 49.4/s > ip-option 243410.3/s > proto-cksum00.0/s > state-mismatch 1644853 20.6/s > state-insert 4640.0/s > state-limit00.0/s > src-limit 00.0/s > synproxy39480.0/s > translate 00.0/s > no-route 00.0/s > > kern.netlivelocks=1534 > > netstat -si > em0 1500 1533962428 266567 955232172 0 0 > em1 1500 979515291 8697 1526507571 0 0 > em2 1500 6970941 0 140093911 0 0 > em3*1500 0 00 0 0 Are you doing packet queuing with pf? What's the value of net.inet.ip.ifq.maxlen and net.inet.ip.ifq.drops? You might want to try disabling any power-saving features on that hardware.
httpd: Custom 404 page
There is a way to redirect 404 errors on my main domain or to a customized page? System: OpenBSD 5.7-stable i386 with httpd Gianluca D.Muscelli i...@gianlucamuscelli.it
Bridge and blocknonip
Hello,
Sorry for what may appear to be a strange question, but shouldn't
there be a check against IFBIF_BLOCKNONIP in bridge_output() in
sys/net/if_bridge.c?
Something like this :
--- if_bridge.c.origTue Jul 21 00:54:29 2015
+++ if_bridge.c Sat Nov 21 16:05:12 2015
@@ -1051,6 +1051,10 @@
(m->m_flags & (M_BCAST | M_MCAST)) == 0)
continue;
+ if (p->bif_flags & IFBIF_BLOCKNONIP &&
bridge_blocknonip(eh, m)) {
+ continue;
+ }
+
if (IF_QFULL(&dst_if->if_snd)) {
IF_DROP(&dst_if->if_snd);
sc->sc_if.if_oerrors++;
Re: inteldrm(4) display corruption on MacBook
Hi Ossi, Your digging: > I went digging what produces the error > > error: [drm:pid0:inteldrm_attach] *ERROR* failed to init modeset > > and it looks like in sys/dev/pci/drm/drm_irq.c:1.66 > > drm_irq_install() calls > > if (drm_dev_to_irq(dev) == 0) > return -EINVAL; > > drm_dev_to_irq(dev) returns 0 and my skills end here to dig this > further. > > these lines in dmesg are my debugging from kernel (and "stacktrace"): > > error: [drm:pid0:drm_dev_to_irq] *ERROR* irq == 0 > error: [drm:pid0:drm_irq_install] *ERROR* oherrala: drm_irq_install: > drm_dev_to_irq > error: [drm:pid0:i915_load_modeset_init] *ERROR* oherrala: > i915_load_modeset_init: drm_irq_install > error: [drm:pid0:inteldrm_attach] *ERROR* oherrala: i915_drm.c: failed to > init modeset Helped quite a bit. I'm fairly certain the diff I just committed will fix your problem. Cheers, Mark
Re: httpd: Custom 404 page
There is a way to redirect 404 errors on my main domain or to a customized
page?
System: OpenBSD 5.7-stable i386 with httpd
Not really, because the behaviour is hard coded within httpd:
/usr/src/usr.sbin/httpd/server_http.c :
/* A CSS stylesheet allows minimal customization by the user */
style = "body { background-color: white; color: black; font-family: "
"'Comic Sans MS', 'Chalkboard SE', 'Comic Neue', sans-serif; }\n"
"hr { border: 0; border-bottom: 1px dashed; }\n";
/* Generate simple HTML error document */
if ((bodylen = asprintf(&body,
"\n"
"\n"
"\n"
"%03d %s\n"
"\n"
"\n"
"\n"
"%03d %s\n"
"\n%s\n"
"\n"
"\n",
code, httperr, style, code, httperr, HTTPD_SERVERNAME)) == -1)
goto done;
/* Add basic HTTP headers */
if (asprintf(&httpmsg,
"HTTP/1.0 %03d %s\r\n"
"Date: %s\r\n"
"Server: %s\r\n"
"Connection: close\r\n"
"Content-Type: text/html\r\n"
"Content-Length: %d\r\n"
"%s"
"\r\n"
"%s",
code, httperr, tmbuf, HTTPD_SERVERNAME, bodylen,
extraheader == NULL ? "" : extraheader,
desc->http_method == HTTP_METHOD_HEAD ? "" : body) == -1)
goto done;
If you just want some simple customization, then you could modify this file,
and recompile a customised httpd.
I'm actually working on a few patches to allow this, and also simple URL
re-writing. For example calling a single script to handle all URLs under a
specific path.
E.G.
http://www.example.com/foo/
All to call a specific script, and pass the URL to it, so that content can be
generated dymanically based on the URL.
--
Tati Chevron
Perl and FORTRAN specialist.
SWABSIT development and migration department.
http://www.swabsit.com
Re: pf match counter peak causes firewall to lag
On Sat, Nov 21, 2015 at 2:43 PM, Daniel Melameth wrote: > On Sat, Nov 21, 2015 at 6:21 AM, Martin Hlavatý wrote: >> I have issues with firewall lags while there is peak in match >> rule counter in pf. Normally it has match ratio of about >> 1500/sec, but several times a day it jumps to somewhere >> around 6k/sec and firewall lags, some traffic gets dropped. >> This takes a few seconds. >> >> Lag causes system to delay sending carp packets and >> sometimes backup box promotes itself to master and >> immediately back to backup. Sadly, after sending inverse ARP. >> I workarounded this issue by setting advbase to 10. >> >> Another problem is obviously with normal forwarding traffic, >> like lags in online games or iptv streams. >> >> There is no visible raise in cpu utilization, but cpu load goes >> from about 0.7 to 1.5 and there are packets getting dropped >> on wan interface. >> >> Box is Core i3 530 on Supermicro X8SIL with 2x1GB RAM, >> intel 40GB SSD, two 82574 and two 82571 NICs. In afternoon >> hours it is loaded on 40k/25k tx/rx pps on wan interface. >> >> Looking to systat vmstat, LAN and WAN nics are getting >> around 7.5k interrupts, while pfsync about 2.5-3k >> and interrupts in top take about 60-70%. >> >> I tried to switch NICs for i350, but it had no effect, same >> thing with openBSD versions, 5.6 5.7 and 5.8 have same >> behavior. I also tried to replacing other hardware like CPU >> for Xeon X3430 or motherboard S5500BC with Xeon E5620, >> but without effect. Happens also on backup box when it >> runs as master (same hw config). >> >> System is running GENERIC.MP stable amd64 kernel. >> >> I read in some discussions, that raising interrupt limit and >> rx/tx queue in em(4) driver or using broadcoms instead >> of intels might help, but didnt try it yet. >> >> Is there any way to determine what is causing the peaks >> and how to prevent them or getting system powerful >> enough to handle them? >> >> pfctl -si >> Status: Enabled for 0 days 22:12:20 Debug: err >> >> State Table Total Rate >> current entries66901 >> searches 500333027562588.6/s >> inserts 47704143 596.7/s >> removals47637242 595.9/s >> Counters >> match 96819915 1211.2/s >> bad-offset 00.0/s >> fragment18500.0/s >> short 860.0/s >> normalize 480.0/s >> memory7862289.8/s >> bad-timestamp 00.0/s >> congestion 3948624 49.4/s >> ip-option 243410.3/s >> proto-cksum00.0/s >> state-mismatch 1644853 20.6/s >> state-insert 4640.0/s >> state-limit00.0/s >> src-limit 00.0/s >> synproxy39480.0/s >> translate 00.0/s >> no-route 00.0/s >> >> kern.netlivelocks=1534 >> >> netstat -si >> em0 1500 1533962428 266567 955232172 0 0 >> em1 1500 979515291 8697 1526507571 0 0 >> em2 1500 6970941 0 140093911 0 0 >> em3*1500 0 00 0 0 > > Are you doing packet queuing with pf? What's the value of > net.inet.ip.ifq.maxlen and net.inet.ip.ifq.drops? You might want to > try disabling any power-saving features on that hardware. > Yes, I am doing queuing net.inet.ip.ifq.maxlen=1536 I modified this from original value of 768, but it has no effect net.inet.ip.ifq.drops=3851664
OpenSMTPD/mail stuck in queue with incorrect relay
Hi all, I'm replacing a security appliance that was on OpenBSD 5.5 with the new hotness on OpenBS 5.8. Everything is going smoothly except email. The box is connected to a private network, it has no route to the internet. I'd like it to listen on localhost only and relay all mail to a host running smtp on the private network. I can see from the logs that opensmtpd has used DNS to find the MX record for my domain smtp.example.com and it trying to contact that host directly. That's due to a mistake in my previous mail configuration. /etc/mail/smtpd.conf now reads: ## # $OpenBSD: smtpd.conf,v 1.7 2014/03/12 18:21:34 tedu Exp $ listen on lo0 table aliases db:/etc/mail/aliases.db accept for local alias deliver to mbox accept from local for any \ relay via smtp://smtp.pvt.example.com as @example.com ## New mail to ch...@example.com works fine. How to I tell smtpd to re-route massages currently in the queue to the smarthost at smtp.pvt.example.com? -- Chris __o "All I was trying to do was get home from work." _`\<,_ -Rosa Parks ___(*)/_(*).___o..___..o...ooO..._ Christopher Sean Hilton[chris/at/vindaloo/dot/com] [demime 1.01d removed an attachment of type application/pgp-signature]
Re: OpenSMTPD/mail stuck in queue with incorrect relay
> How to I tell smtpd to re-route massages currently in the queue to the > smarthost at smtp.pvt.example.com? > I haven't checked lately but it was not possible last time I asked.
Re: VGC-LV50DB: Intel G45: Xorg does not work in native 1920x1200 mode
Jonathan,
Thank you for your attention!
> So the vga output isn't actually present/connected?
It is my understanding that VGA1 is for connecting external monitor.
Screen is responding only to xrandr --output LVDS1.
# cvt 1920 1200
# 1920x1200 59.88 Hz (CVT 2.30MA) hsync: 74.56 kHz; pclk: 193.25 MHz
Modeline "1920x1200_60.00" 193.25 1920 2056 2256 2592 1200 1203
1209 1245 -hsync +vsync
# xrandr --newmode "1920x1200_60.00" 193.25 1920 2056 2256 2592 1200
1203 1209 1245 -hsync +vsync
# xrandr --addmode LVDS1 1920x1200_60.00
X Error of failed request: BadMatch (invalid parameter attributes)
Major opcode of failed request: 140 (RANDR)
Minor opcode of failed request: 18 (RRAddOutputMode)
Serial number of failed request: 32
Current serial number in output stream: 33
Changing the VGA1 to --primary only makes the screen black.
> A bit of a long shot but you could try the following:
Thank you for your time! Unfortunately, still the same.
There are no changes in xrandr output as well.
Same 1600x1200 with Linux, so I guess it might be Xorg..
Is there any use to provide dmesg with some i915 debugging turned on?
> Index: sys/dev/pci/drm/i915/intel_display.c
> ===
> RCS file: /cvs/src/sys/dev/pci/drm/i915/intel_display.c,v
> retrieving revision 1.56
> diff -u -p -r1.56 intel_display.c
> --- sys/dev/pci/drm/i915/intel_display.c 25 Sep 2015 09:42:14 -
> 1.56
> +++ sys/dev/pci/drm/i915/intel_display.c 18 Nov 2015 15:57:22 -
> @@ -10850,6 +10850,9 @@ static struct intel_quirk intel_quirks[]
> /* Sony Vaio Y cannot use SSC on LVDS */
> { 0x0046, 0x104d, 0x9076, quirk_ssc_force_disable },
>
> + /* Sony VGC-LV50DB cannot use SSC on LVDS */
> + { 0x2e22, 0x104d, 0x9043, quirk_ssc_force_disable },
> +
> /* Acer Aspire 5734Z must invert backlight brightness */
> { 0x2a42, 0x1025, 0x0459, quirk_invert_brightness },
--- dmesg.GENERIC.MPWed Nov 18 00:54:00 2015
+++ dmesg.new Wed Nov 18 00:53:50 2015
@@ -1,7 +1,7 @@
-OpenBSD 5.8-current (GENERIC.MP) #1621: Mon Nov 16 14:03:33 MST 2015
-dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
+OpenBSD 5.8-current (GENERIC.MP_i915_changes) #0: Tue Nov 17 19:05:58 JST 2015
+
r...@foo.oct-net.ne.jp:/usr/src/sys/arch/amd64/compile/GENERIC.MP_i915_changes
real mem = 4074307584 (3885MB)
-avail mem = 3946672128 (3763MB)
+avail mem = 3946713088 (3763MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
@@ -15,15 +15,15 @@
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
-cpu0: Intel(R) Core(TM)2 Duo CPU E7200 @ 2.53GHz, 2521.02 MHz
+cpu0: Intel(R) Core(TM)2 Duo CPU E7200 @ 2.53GHz, 3529.40 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,NXE,LONG,LAHF,PERF,SENSOR
cpu0: 3MB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
-cpu0: apic clock running at 275MHz
+cpu0: apic clock running at 265MHz
cpu0: mwait min=64, max=64, C-substates=0.2.2.2.2, IBE
cpu1 at mainbus0: apid 1 (application processor)
-cpu1: Intel(R) Core(TM)2 Duo CPU E7200 @ 2.53GHz, 2621.49 MHz
+cpu1: Intel(R) Core(TM)2 Duo CPU E7200 @ 2.53GHz, 2520.67 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,NXE,LONG,LAHF,PERF,SENSOR
cpu1: 3MB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
@@ -42,7 +42,7 @@
acpicpu1 at acpi0: !C2(500@1 mwait.1@0x10), C1(1000@1 mwait.1), PSS
acpibtn0 at acpi0: SLPB
acpibtn1 at acpi0: PWRB
-cpu0: Enhanced SpeedStep 2521 MHz: speeds: 2533, 2136, 1870, 1603 MHz
+cpu0: Enhanced SpeedStep 3529 MHz: speeds: 2533, 2136, 1870, 1603 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel G45 Host" rev 0x03
inteldrm0 at pci0 dev 2 function 0 "Intel G45 Video" rev 0x03
@@ -94,7 +94,7 @@
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5
ichiic0 at pci0 dev 31 function 3 "Intel 82801JI SMBus" rev 0x00: apic 2 int 18
iic0 at ichiic0
-iic0: addr 0x2f 00=1e 01=e0 02=80 04=25 06=25 07=e0 08=1f 09=80 0a=4e
10=4b 13=1e 14=0f 15=0f 16=0f 17=06 18=12 19=64 1a=64 1b=64 1c=64
1d=64 20=01 21=0e 22=0c 23=03 25=04 26=02 28=07 29=0f 2c=7f 2d=ff
2f=50 30=41 31=70 32=55 33=48 34=55 38=ec 39=ec 3a=ec 3b=ec 3c=ec
40=26 41=01 42=2b 43=6a 44=01 45=2a 46=72 47=08 48=59 49=f5 4a=c8
4b=4c 4c=f8 4d=ff 4e=9b 50=31 51=26 52=7f 53=05 54=7f 55=05 56=4c
57=7f 58=28 59=7f 5a=2d 5b=59 5c=7f 5d=4c 5e=7f 5f=3f 60=66 61=7f
62=4f 63=7f 64=42 65=7f 66=7f 67=51 68=7f 69=45 6a=99 6b=7f 6c=54
6d=7f 6e=48 6f=cc 70=7f 71=57 72=7f 73=4e 74=ff 75=7f 76=5a 77=7f
78=51 79=02 80=26 81=01 82=1e 83=6a 84=01 85=
Re: Bridge and blocknonip
On Sat, Nov 21, 2015 at 04:22:51PM +0100, Momtchil Momtchev wrote:
> Hello,
>
> Sorry for what may appear to be a strange question, but shouldn't there
> be a check against IFBIF_BLOCKNONIP in bridge_output() in
> sys/net/if_bridge.c?
>
Why? bridge_output() is used for packets that are sent from local
interfaces. I think you should be aware if you're running any non-IP
service on your OpenBSD machine.
I think your change would also break bridge_send_icmp_err() with
IFBIF_BLOCKNONIP, which is used by bridge_ipsec() and
bridge_fragment(). blocknonip and tunnels are not uncommon.
btw., what OpenBSD version is this diff for? This is not -current.
Reyk
> Something like this :
>
> --- if_bridge.c.origTue Jul 21 00:54:29 2015
> +++ if_bridge.c Sat Nov 21 16:05:12 2015
> @@ -1051,6 +1051,10 @@
> (m->m_flags & (M_BCAST | M_MCAST)) == 0)
> continue;
>
> + if (p->bif_flags & IFBIF_BLOCKNONIP &&
> bridge_blocknonip(eh, m)) {
> + continue;
> + }
> +
> if (IF_QFULL(&dst_if->if_snd)) {
> IF_DROP(&dst_if->if_snd);
> sc->sc_if.if_oerrors++;
>
--
Re: Bridge and blocknonip
On 22/11/2015 00:34, Reyk Floeter wrote: On Sat, Nov 21, 2015 at 04:22:51PM +0100, Momtchil Momtchev wrote: Hello, Sorry for what may appear to be a strange question, but shouldn't there be a check against IFBIF_BLOCKNONIP in bridge_output() in sys/net/if_bridge.c? Why? bridge_output() is used for packets that are sent from local interfaces. I think you should be aware if you're running any non-IP service on your OpenBSD machine. I think your change would also break bridge_send_icmp_err() with IFBIF_BLOCKNONIP, which is used by bridge_ipsec() and bridge_fragment(). blocknonip and tunnels are not uncommon. btw., what OpenBSD version is this diff for? This is not -current. Thanks for the quick reply. That was my impression too, but it seems that bridge_output is also used sometimes for forwarding ARP requests by a code path that I haven't found yet - it is not a direct forwarding, it is like some kind of a proxy-ARP mechanism. I have a modified bridge and for me it makes sense (it is for a box that bridges IP6 traffic and routes IP4 traffic - so I am blocking IP4 only with BLOCKNONIP), I just wondered why it was not there and if I was missing something. Who does call bridge_output? Isn't output always on the underlying interface, not directly on the bridge?
Re: Virtualization: vmm with Linux guests - when?
On Tue, Nov 17, 2015 at 03:46:59PM +, Luis P. Mendes wrote: > Hi, > > I know that development time is not a determinisc thing, but > nonetheless I'd like to know if it's closer to one, six, twelve (or > more) months until we get the possibility to run Linux guests > through vmm. No idea. There are about 100 other things that are more important to me than running Linux guests. And those 100 things will have my attention before I focus even one minute on working through Linux guest support. If *you* wanted to take on the challenge, I'd say the first thing that needs to be done would be the bootloader, once I get the rest of the userland bits in. Once committed, go look at usr.sbin/vmd/loadfile_elf.c and retrofit it to be able to load a linux kernel with proper kernel args/cmdline support, then come back with your diff. -ml > > I'd be happy even without a graphical interface, if the clients can > run in xvfb mode and have graphical connections via VNC. > > What about hardware pass-through? I don't recall to have read about > this. Is it something that is already possible? > > Thanks in advance for any info on this. > > > -- > > > Luis Mendes
Re: inteldrm(4) display corruption on MacBook
Thanks so much for that commit. The system boots up and has a very brief moment of display corruption before it switches to inteldrm(4) and works perfectly. This works on both my 2013 MacBook Air (Haswell HD 5000 graphics)) and 2015 MacBook Air (Broadwell HD 6000 graphics). I haven't had a chance to test the 12-inch Retina MacBook or any other system yet but should be able to test some more in a few days. The only problem I have found so far now is that xbacklight does not seem to work on the Broadwell system although it works fine on the Haswell one. Thanks again! I am really happy to be able to finally use a Mac system with OpenBSD, efiboot, and inteldrm(4)! Bryan
