Re: OpenBSD and you

[Anders Andersson]

On Tue, May 9, 2017 at 10:22 PM, Peter N. M. Hansteen  wrote:
> And I was just reminded off-list that the remark markdown variant
> (https://github.com/gnab/remark) used for this presentation requires
> javascript enabled in your browser.
>
> Sorry about that.
>
> I'll be looking into workarounds, hopefully some can be found.

Thank you for caring!

With Multiple PPPoE interfaces on one will work

[Steve]

 Hello,
In 5.7 it was possible to have multiple pppoe interfaces active and 
working.This used to work fine with ifstated monitoring for outage and changing 
routing appropriatelyIn either 5.8 or 5.9 this seems to have stopped 
working.With both interfaces configured only one interface will ever become 
active.
I am unable to test with 6.0 or 6.1 at the moment.
Is anyone familiar with this issue ?
Can anyone confirm if this is resolved in 6.0 or 6.1.
Thank you.

Re: list all system users, eg. _x11

[Luke Small]

Well, actually I like to play with firewall configurations and I set up
unbound and dnscrypt-proxy and I wanted to limit the users that are able to
receive dns requests on localhost port 53. I was trying to figure out what
user was listening. I haven't tried it yet, but I figure it is _dhcp and
_unbound. It didn't work when I limited it to _unbound alone. Maybe I
should have said that, but I wanted to generally know where the list was.

On Tue, May 9, 2017 at 1:57 PM andrew fabbro  wrote:

> Listing all users is trivial - I don't think that's what he's asking.
>
> He's asking is "how do I list all *system* users", presumably in a way
> that differentiates them from user accounts in some kind of authoritative
> way.
>
> I don't think there is a way.  You could:
>
> - Assume all users < uid 1000 are system users, but that is not hard
> enforced to my knowledge.  IIRC the OS will start with 1001 but an admin
> could override that at user creation time.
>
> - Use your preferred programming language or utility to parse out entries
> that begin with _ in /etc/passwd.  That won't get non-service-account
> entries like root, bin, etc.  Also, I don't think there's a technical
> prohibition to creating a new user account that starts with an underscore.
>
> - Differentiate by groups.  i.e., if all your users are in one group, then
> you know who isn't.
>
> I think if your admins don't do stupid things (create user accounts under
> 1000, create accounts starting with _, etc.) then just parsing /etc/passwd
> would likely be the simplest way.
>
> As practical experience, that's what I've done when migrating systems,
> etc.  I assume that people play by the rules, so if I need to identify all
> the user accounts (to recreate them on a new system or something), I
> exclude uids under 1000 as a starting point.
>
>
> On Mon, May 8, 2017 at 4:51 AM, Marcus MERIGHI 
> wrote:
>
>> and...@msu.edu (STeve Andre'), 2017.05.06 (Sat) 20:37 (CEST):
>> > On 05/06/17 14:27, Luke Small wrote:
>> > > Is there a way to determine all users on a system that the users
>> command
>> > > doesn't seem to show? like _x11 and _ntpd
>>
>> users(1) - list current users
>>
>> I'd try ps(1) and get all active users from there.
>>
>> If you are after *all* users (inactive ones as well) you could use
>> "getent(1) passwd" and parse from there.
>>
>> Marcus
>>
>> > What's a user?
>> >
>> > Maybe you want to look at /etc/passwd.  The first four lines are
>> >
>> > root:*:0:0:Charlie &:/root:/bin/ksh
>> > daemon:*:1:1:The devil himself:/root:/sbin/nologin
>> > operator:*:2:5:System &:/operator:/sbin/nologin
>> > bin:*:3:7:Binaries Commands and Source:/:/sbin/nologin
>> >
>> > You can parse that with awk and do stuff.  Read about passwd(5) to
>> > understand the format.  A login shell of /sbin/nologin means
>> > it isn't interactive.  That might get you started?
>> >
>> > --STeve Andre'
>> >
>> >
>> > !DSPAM:590e28ea17913841584367!
>> >
>>
>>
>
>
> --
> andrew fabbro
> and...@fabbro.org
>
>

Re: OpenBSD and you

[Peter N. M. Hansteen]

And I was just reminded off-list that the remark markdown variant
(https://github.com/gnab/remark) used for this presentation requires
javascript enabled in your browser.

Sorry about that.

I'll be looking into workarounds, hopefully some can be found.

- Peter
-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

Re: ThinkPad x250 with USB DAC (Audioquest DragonFly v1.2)

[G]

https://marc.info/?l=openbsd-misc=149408763225691=2

On 05/09/17 23:09, G wrote:
> i had problems with xhci driver too.
> I get
> "xhci0: wrong trb index (-1956096) max is 255"
> 
> I dont know if its relevant.
> 
> On 05/09/17 13:18, Stefan Sperling wrote:
>> On Tue, May 09, 2017 at 11:00:26AM +0100, Caolan McMahon wrote:
>>> uaudio_chan_open: error creating pipe: err=INVAL endpt=0x01
>>
>> The problem is that xhci(4) does not yet support isochronous
>> transfers which are needed for USB audio devices to work.
>> http://www.beyondlogic.org/usbnutshell/usb4.shtml#Isochronous
>>
>> AFAIK this also affects other devices such as cameras.
>>
>> USB disks work because they use bulk transfers.
>>
> 

Re: ThinkPad x250 with USB DAC (Audioquest DragonFly v1.2)

[G]

i had problems with xhci driver too.
I get
"xhci0: wrong trb index (-1956096) max is 255"

I dont know if its relevant.

On 05/09/17 13:18, Stefan Sperling wrote:
> On Tue, May 09, 2017 at 11:00:26AM +0100, Caolan McMahon wrote:
>> uaudio_chan_open: error creating pipe: err=INVAL endpt=0x01
> 
> The problem is that xhci(4) does not yet support isochronous
> transfers which are needed for USB audio devices to work.
> http://www.beyondlogic.org/usbnutshell/usb4.shtml#Isochronous
> 
> AFAIK this also affects other devices such as cameras.
> 
> USB disks work because they use bulk transfers.
> 

Re: OpenBSD and you

[Peter N. M. Hansteen]

I finally got around to updating this advocacy presentation with some
6.1 and post-6.1 points, and moving to a slightly more convenient (to
me) format which allows such things as links, including man.openbsd.org
links where relevant.

So here it is, for your advocacy needs -

https://home.nuug.no/~peter/openbsd_and_you/

Updates may happen occasionally.

- Peter

-- 
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.

pf queue definition: bandwidth resolution problem

[Carl Mascott]

Intel Atom D2500 1.66GHz
OpenBSD i386 v6.1-stable

I can't get pf to give me the queue bandwidths that I specify in pf.conf.

pf.conf:

queue rootq on $ext_if bandwidth 9M max 9M qlimit 100
queue qdef parent rootq bandwidth 3650K default
queue qrtp parent rootq bandwidth 350K min 350K burst 700K for 200ms
queue qweb parent rootq bandwidth 4M
queue qpri parent rootq bandwidth 900K min 50K burst 1800K for 200ms
queue qdns parent rootq bandwidth 100K min 10K burst 200K for 1000ms

output of pfctl -srules:

queue rootq on bge0 bandwidth 9M, max 9M qlimit 100
queue qdef parent rootq bandwidth 3M default qlimit 50
queue qrtp parent rootq bandwidth 350K, min 350K burst 700K for 200ms qlimit 50
queue qweb parent rootq bandwidth 4M qlimit 50
queue qpri parent rootq bandwidth 900K, min 50K burst 1M for 200ms qlimit 50
queue qdns parent rootq bandwidth 100K, min 10K burst 200K for 1000ms qlimit 50

Discrepancies in the above:

defined actual
-- -
qdef BW   3650K  3M
qpri burst  1800K  1M

It looks like for anything specified as abcdK the result is aM, i.e., for any 
bandwidth = 1000K the resulting bandwidth is truncated (not rounded) to 
msdM, where msd = most significant digit. Any bandwidth  
1000K works correctly.

Is this a bug, a misfeature, or a feature?
Thanks!

Re: OpenBSD 6.1: BOOTIA32 3.32 issue

[Michele Curti]

On Tue, May 09, 2017 at 09:36:02PM +0200, Michele Curti wrote:
> On Tue, May 09, 2017 at 10:20:03AM +0200, Michele Curti wrote:
> > Hi all, I tried to upgrade to OpenBSD 6.1 on an Asus X205TA (bay
> > trail, 32 bit efi, 64 bit os) but the bootloader do not correctly
> > detect the internal disk.
> > 
> > I also tried a fresh install, but things do not change.  Boot fails
> > and when I do a "machine diskinfo" I got a lot of "?" symbols (a video
> > here https://www.youtube.com/watch?v=fsomNX-oFTQ )
> > 
> > How can I debug the issue?
> > 
> 
> Compiling bootia32.efi :p
> 
> With sys/arch/amd64/stand/efiboot/efiboot.c revision 1.15 it works,
> revision 1.16 it fails.
> 
> I'll try to understand, thanks, Michele


With the following diff it works, bye!


Index: efiboot/efiboot.c
===
RCS file: /cvs/src/sys/arch/amd64/stand/efiboot/efiboot.c,v
retrieving revision 1.17
diff -u -p -r1.17 efiboot.c
--- efiboot/efiboot.c   3 Mar 2017 08:56:18 -   1.17
+++ efiboot/efiboot.c   9 May 2017 19:44:30 -
@@ -92,7 +92,7 @@ efi_main(EFI_HANDLE image, EFI_SYSTEM_TA
if (DevicePathType(dp) == MEDIA_DEVICE_PATH &&
DevicePathSubType(dp) == MEDIA_HARDDRIVE_DP) {
bios_bootdev = 0x80;
-   efi_bootdp = dp0;
+   efi_bootdp = dp;
break;
}
}

Re: OpenBSD 6.1: BOOTIA32 3.32 issue

[Michele Curti]

On Tue, May 09, 2017 at 10:20:03AM +0200, Michele Curti wrote:
> Hi all,
> I tried to upgrade to OpenBSD 6.1 on an Asus X205TA (bay trail, 32 bit
> efi, 64 bit os) but the bootloader do not correctly detect the internal
> disk.
> 
> I also tried a fresh install, but things do not change.
> Boot fails and when I do a "machine diskinfo" I got a lot of "?" 
> symbols (a video here https://www.youtube.com/watch?v=fsomNX-oFTQ )
> 
> How can I debug the issue?
> 

Compiling bootia32.efi :p

With sys/arch/amd64/stand/efiboot/efiboot.c revision 1.15 it works,
revision 1.16 it fails.

I'll try to understand, thanks,
Michele

> Thanks,
> Michele
> 

Re: Packet in and out on the same eithernet port.

[Daniel Melameth]

On Tue, May 9, 2017 at 8:24 AM, Peter Fraser  wrote:
> Because of one user's misconfiguration of Microsoft's HypeV, his virtual 
> machines were not getting the results
> of arp.  As a result of that configuration all the packets going to machines 
> on the same subnetwork were going
> to the default gateway. The default gateway was an OpenBSD 6.1 server.  
> OpenBSD  very slowly forward the
> packets back out the same  if (an em0) ...

Switch to hvn(4) and your packets will fly.

Re: list all system users, eg. _x11

[andrew fabbro]

Listing all users is trivial - I don't think that's what he's asking.

He's asking is "how do I list all *system* users", presumably in a way that
differentiates them from user accounts in some kind of authoritative way.

I don't think there is a way.  You could:

- Assume all users < uid 1000 are system users, but that is not hard
enforced to my knowledge.  IIRC the OS will start with 1001 but an admin
could override that at user creation time.

- Use your preferred programming language or utility to parse out entries
that begin with _ in /etc/passwd.  That won't get non-service-account
entries like root, bin, etc.  Also, I don't think there's a technical
prohibition to creating a new user account that starts with an underscore.

- Differentiate by groups.  i.e., if all your users are in one group, then
you know who isn't.

I think if your admins don't do stupid things (create user accounts under
1000, create accounts starting with _, etc.) then just parsing /etc/passwd
would likely be the simplest way.

As practical experience, that's what I've done when migrating systems,
etc.  I assume that people play by the rules, so if I need to identify all
the user accounts (to recreate them on a new system or something), I
exclude uids under 1000 as a starting point.


On Mon, May 8, 2017 at 4:51 AM, Marcus MERIGHI  wrote:

> and...@msu.edu (STeve Andre'), 2017.05.06 (Sat) 20:37 (CEST):
> > On 05/06/17 14:27, Luke Small wrote:
> > > Is there a way to determine all users on a system that the users
> command
> > > doesn't seem to show? like _x11 and _ntpd
>
> users(1) - list current users
>
> I'd try ps(1) and get all active users from there.
>
> If you are after *all* users (inactive ones as well) you could use
> "getent(1) passwd" and parse from there.
>
> Marcus
>
> > What's a user?
> >
> > Maybe you want to look at /etc/passwd.  The first four lines are
> >
> > root:*:0:0:Charlie &:/root:/bin/ksh
> > daemon:*:1:1:The devil himself:/root:/sbin/nologin
> > operator:*:2:5:System &:/operator:/sbin/nologin
> > bin:*:3:7:Binaries Commands and Source:/:/sbin/nologin
> >
> > You can parse that with awk and do stuff.  Read about passwd(5) to
> > understand the format.  A login shell of /sbin/nologin means
> > it isn't interactive.  That might get you started?
> >
> > --STeve Andre'
> >
> >
> > !DSPAM:590e28ea17913841584367!
> >
>
>


-- 
andrew fabbro
and...@fabbro.org

Re: iked, AES-GCM and certificates

[Jose Marinez]

Thanks Bobby. I'll give this a try and report back. Much appreciated. 

Thanks,
José 

> On May 8, 2017, at 6:58 PM, Bobby Johnson  wrote:
> 
> An ip from the range will be assigned to the connecting client.  I've had 
> issues in previous releases with multiple clients getting the same ip though.
> 
> 10.1.2.4 can be in that range, it doesn't need to be though.  The ip or 
> whatever you put there should be the CERT_CN.  I like to make sure it'll be 
> the CN so I modify the ikeca.cnf before each cert creation.  The name of the 
> file doesn't matter, and I think the CN could be whatever you like.  I make 
> the CN the client IP and fill in CERT_EMAIL and CERTFQDN for better 
> identification.
> 
> 
> 
> 
>> On Thu, May 4, 2017 at 12:32 PM, Jose Marinez  wrote:
>> Hi Guys,
>> 
>> While I personally haven't used OpenBSD for almost 20 years, I'm glad it's 
>> still around and strong when I need it most. Thank you.
>> 
>> Ok, so I have about 45 students and teachers that I would like to create a 
>> VPN for. I've looked at the alternatives and iked it is.
>> 
>> Our environment is mainly macOS/iOS.
>> 
>> I'm not by any means an expert in VPNs or crypto for that matter, but I'm a 
>> software engineer so I think I can figure this out.  With that in mind, I've 
>> created an etc/iked.conf file that looks like this:
>> 
>> ikev2 "school" passive esp from 0.0.0.0/0 to 192.168.1.0/24 \
>>  local 7.7.7.7 peer any \
>>  ikesa enc aes-128-gcm auth hmac-sha2-256 group ecp256 \
>>  childsa enc aes-128-gcm auth hmac-sha2-256 group ecp256 \
>>  ecdsa256 config address 192.168.1.0/24 \
>>  config name-server 192.168.1.1 config access-server 192.168.1.1
>> 
>> 
>> Here are my questions:
>> Strongswan has the concept of virtualips to deal with "road warriors." Would 
>> the range as I have set it up in my iked.conf deal with road warriors using 
>> say iPhones with IPs that I can't possibly hardcode?
>> In other words, will an IP from that range be assigned to the devices 
>> connecting?
>> 
>> My second question is dealing with certificates and ikectl:
>> In the ikectl man pages there's an example:
>> To create the certificate authority:
>> # ikectl ca vpn create
>> 
>> To create the certificates for the peers:
>> # ikectl ca vpn certificate 10.1.2.3 create
>> # ikectl ca vpn certificate 10.1.2.4 create
>> # ikectl ca vpn certificate 10.1.2.5 create
>> 
>> Add the host as a VPN peer:
>> # ikectl ca vpn install
>> # ikectl ca vpn certificate 10.1.2.3 install
>> 
>> Export the certificate and CAs for the peers:
>> # ikectl ca vpn certificate 10.2.3.4 export
>>  # ikectl ca vpn certificate 10.3.4.5 export
>> 
>> Create the tarballs and extract them to /etc/iked/
>> 10.2.3.4# tar -C /etc/iked -xzpf 10.2.3.4.tgz
>> 10.3.4.5# tar -C /etc/iked -xzpf 10.3.4.5.tgz
>> 
>> Questions:
>> When I create a certificate as in:
>> # ikectl ca vpn certificate 10.1.2.4 create
>> Is 10.1.2.4 hypothetically one of the IPs in the range that was used in 
>> iked.conf?
>> Last but not least, if I were to change the name of the certificate(s) from 
>> say 10.1.2.4.pem to one more descriptive, say... janesmith.pem, will it 
>> still match the IKEV2 identity when the device tries to connect?
>> 
>> Thanks in advance guys,
>> Jose
> 

Re: bridge/vether0 not working - BUG?

[Infoomatic]

> > > does it work when you put - inet alias X.X.X.Y 255.255.255.255 ?
> > 
> > unfortunately not. It's the same effect as with 255.255.255.224: working 
> > locally on the subnet, but not when routing is involved.
> > Thanks anyway for this idea!
> 
> Guess I was to fast! After a few minutes it was working (did not do anything 
> in the meantime!).
> The fun fact: I did a reboot with the .224 netmask in the file enabled again 
> and it also worked. This is weird, maybe someone could explain this (why the 
> .255 netmask?) to me, I have no clue why this now works and what causes this 
> behaviour.
> 

This is weird. I was too fast again. Something is really strange here. It is 
working on incoming stuff, e.g. also in pf on rules like 
"pass in quick inet proto tcp from any to X.X.X.Y port 4422 rdr-to 192.168.1.3 
port 22"

However, outgoing is not working.
"pass out quick from 192.168.1.3 to any nat-to X.X.X.Y" is NOT WORKING, but 
when I use the main ip-address X.X.X.X it is working.

Now the weird part:
As soon as I remove any alias in the /etc/hostname.vether0 and fire up 
"ifconfig vether0 inet alias X.X.X.Y netmask 255.255.255.224", the pf-rules 
work as expected supporting nat-to with any of the firewalls external 
ip-addresses. Could this be a bug?

Any further enlightenment would be highly appreciated, thanks!

Re: bridge/vether0 not working

[Infoomatic]

> > does it work when you put - inet alias X.X.X.Y 255.255.255.255 ?
> 
> unfortunately not. It's the same effect as with 255.255.255.224: working 
> locally on the subnet, but not when routing is involved.
> Thanks anyway for this idea!

Guess I was to fast! After a few minutes it was working (did not do anything in 
the meantime!).
The fun fact: I did a reboot with the .224 netmask in the file enabled again 
and it also worked. This is weird, maybe someone could explain this (why the 
.255 netmask?) to me, I have no clue why this now works and what causes this 
behaviour.

Re: bridge/vether0 not working

[Infoomatic]

> Von: "Hrvoje Popovski" 
> > /etc/hostname.vether0: 
> > up media autoselect
> > inet X.X.X.X 255.255.255.224 NONE
> > inet alias X.X.X.Y 255.255.255.224
> 
> 
> does it work when you put - inet alias X.X.X.Y 255.255.255.255 ?

unfortunately not. It's the same effect as with 255.255.255.224: working 
locally on the subnet, but not when routing is involved.
Thanks anyway for this idea!

Packet in and out on the same eithernet port.

[Peter Fraser]

Because of one user's misconfiguration of Microsoft's HypeV, his virtual 
machines were not getting the results
of arp.  As a result of that configuration all the packets going to machines on 
the same subnetwork were going
to the default gateway. The default gateway was an OpenBSD 6.1 server.  OpenBSD 
 very slowly forward the
packets back out the same  if (an em0) and the packets got to where they were 
supposed to go.

I a long time ago I tried to redirect, using pf, an external ip address back to 
an internal ip address. It did not work,
and I believe I was told it could not work. So I am surprised that the above 
was working at all. I also
don't understand why it was so slow.

The existence of the problem was discovered when the transmission time were so 
slow the timeout occurred.

bridge/vether0 not working

[Infoomatic]

Hi,

In my setup I use 4 ethernet ports for my firewall: 1 for the external, 1 
bridged for bridged hosts in the same external subnet, 2 as trunk to the 
internal network. I want to slowly migrate some (its not possible for all) of 
the hosts with external ip-addresses to the internal net. Thus, the firewall 
gets the external ip-address and uses pf (rdr-to, nat-to) to map this to the 
internal host.

I have a similar setup working like this (other ip-addresses, and no trunk for 
internal hosts, the rest is the same), but this beast is just not working. The 
primary external interface of the firewall works, but all other ip-address on 
vether0 are just working locally on the subnet, they seem to ignore the route. 
I am using OpenBSD 6.1 on amd64 with the latest patches applied via syspatch 
(thanks for that tool ;-)

netstat -nr shows:
X.X.X.0/27   X.X.X.X  UCPn   221427 - 4 vether0
X.X.X.0/27   X.X.X.Y  UCPn   00 - 4 vether0

/etc/hostname.bridge0:
add em0
add em1
add vether0
blocknonip em0
blocknonip em1
blocknonip vether0
up

/etc/hostname.vether0: 
up media autoselect
inet X.X.X.X 255.255.255.224 NONE
inet alias X.X.X.Y 255.255.255.224

If I fire up a "ifconfig vether0 inet alias X.X.X.Y netmask 255.255.255.224" I 
get a dmesg of "arpresolve: X.X.X.1: route contains no arp information". (what 
exactly means this message?)
However, if I delete the last line in /etc/hostname.vether0 (containing the 
alias statement), and then manually do a "ifconfig vether0 inet alias X.X.X.Y 
netmask 255.255.255.224" everything is fine and works as expected.

I am curious in this matter, and would really appreciate someone sharing 
his/her knowlegde to enlight a newcomer, thanks!

Kind regards,
infoomatic

Re: OpenBSd 5.9 dup-to

[Edgar Pettijohn]

Yes.

⁣Sent from BlueMail ​

On May 8, 2017, 8:35 PM, at 8:35 PM, Monah Baki  wrote:
>You have it setup in bridge mode?
>
>Thanks
>
>
>On Mon, May 8, 2017 at 9:01 PM Edgar Pettijohn
>
>wrote:
>
>>
>>
>> On 05/08/17 17:55, Monah Baki wrote:
>> > Hi all,
>> >
>> > I am running OpenBSD 5.9 on a Net4801 Soekris. It's acting as my
>gateway
>> > and all my internal machines on the 10.0.0.x network are able to
>get to
>> the
>> > internet.
>> >
>> > My ifconfig
>> >
>> > # ifconfig
>> > lo0: flags=8049 mtu 32768
>> >  priority: 0
>> >  groups: lo
>> >  inet6 ::1 prefixlen 128
>> >  inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
>> >  inet 127.0.0.1 netmask 0xff00
>> > sis0: flags=8843 mtu 1500
>> >  lladdr 00:00:24:c5:08:bc
>> >  priority: 0
>> >  groups: egress
>> >  media: Ethernet autoselect (100baseTX full-duplex)
>> >  status: active
>> >  inet 192.168.1.222 netmask 0xff00 broadcast
>192.168.1.255
>> > sis1: flags=8843 mtu 1500
>> >  lladdr 00:00:24:c5:08:bd
>> >  priority: 0
>> >  media: Ethernet autoselect (100baseTX full-duplex)
>> >  status: active
>> >  inet 10.0.0.1 netmask 0xff00 broadcast 10.0.0.255
>> > sis2: flags=8802 mtu 1500
>> >  lladdr 00:00:24:c5:08:be
>> >  priority: 0
>> >  media: Ethernet autoselect (none)
>> >  status: no carrier
>> >
>> >
>> >
>> >
>> >
>> > My pf.conf
>> >
>> >
>> > set skip on lo
>> >
>> > block return# block stateless traffic
>> > pass# establish keep-state
>> >
>> > pass out on sis0 inet from sis1:network to any nat-to sis0
>> > pass in on sis1 dup-to 10.0.0.2
>> > pass out on sis1 dup-to 10.0.0.2
>> >
>> >
>> >
>> > The 10.0.0.2 is the IP address of my Windows workstation running
>> wireshark,
>> > however I do not see any network traffic from my internal
>workstations.
>> >
>> > I actually prefer to copy traffic from sis1 to sis2 if possible and
>just
>> > connect directly my wireshark laptop to it
>> >
>> > Am I missing anything?
>> >
>> >
>> > Thanks
>> > Monah
>> I am using a soekris for my router as well.  I pretty much just
>followed
>> the advice here https://www.openbsd.org/faq/pf/example1.html and have
>> had no problems for over a year now.
>>
>> Edgar
>>
>>

Re: ThinkPad x250 with USB DAC (Audioquest DragonFly v1.2)

[Alexandre Ratchov]

On Tue, May 09, 2017 at 11:00:26AM +0100, Caolan McMahon wrote:
> 
> $ usbdevs
> addr 1: xHCI root hub, Intel
>  addr 5: AudioQuest DragonFly, AudioQuest inc.
>  addr 2: VFS5011 Fingerprint Reader, Validity Sensors
>  addr 3: Bluetooth, Intel
>  addr 4: Integrated Camera, J8AECPB08
> addr 1: EHCI root hub, Intel
>  addr 2: Rate Matching Hub, Intel
> 
> $ mplayer beep.wav
> # I hear nothing
> 
> $ dmesg
> ...
> uaudio0 at uhub0 port 1 configuration 1 interface 0 "AudioQuest inc.
> AudioQuest DragonFly" rev 1.00/1.20 addr 5
> uaudio0: audio rev 1.00, 2 mixer controls
> audio1 at uaudio0
> uaudio_chan_open: error creating pipe: err=INVAL endpt=0x01
^

Saddly, the xhci driver doesn't support isochronous transfers yet. 
You could try to disable the xhci driver and see if it works.

Re: ThinkPad x250 with USB DAC (Audioquest DragonFly v1.2)

[Stefan Sperling]

On Tue, May 09, 2017 at 11:22:17AM +0100, Caolan McMahon wrote:
> Thanks Stefan. Do you know if anyone is working on this?

I am not aware of anyone working on this at present.
I hope it will happen some day.

I would also benefit from this since one of my laptops has its
internal audio device wired up on USB at xhci.

Re: ThinkPad x250 with USB DAC (Audioquest DragonFly v1.2)

[Caolan McMahon]

Thanks Stefan. Do you know if anyone is working on this?

On 9 May 2017 at 11:18, Stefan Sperling  wrote:
> On Tue, May 09, 2017 at 11:00:26AM +0100, Caolan McMahon wrote:
>> uaudio_chan_open: error creating pipe: err=INVAL endpt=0x01
>
> The problem is that xhci(4) does not yet support isochronous
> transfers which are needed for USB audio devices to work.
> http://www.beyondlogic.org/usbnutshell/usb4.shtml#Isochronous
>
> AFAIK this also affects other devices such as cameras.
>
> USB disks work because they use bulk transfers.

Re: ThinkPad x250 with USB DAC (Audioquest DragonFly v1.2)

[Stefan Sperling]

On Tue, May 09, 2017 at 11:00:26AM +0100, Caolan McMahon wrote:
> uaudio_chan_open: error creating pipe: err=INVAL endpt=0x01

The problem is that xhci(4) does not yet support isochronous
transfers which are needed for USB audio devices to work.
http://www.beyondlogic.org/usbnutshell/usb4.shtml#Isochronous

AFAIK this also affects other devices such as cameras.

USB disks work because they use bulk transfers.

ThinkPad x250 with USB DAC (Audioquest DragonFly v1.2)

[Caolan McMahon]

I recently installed OpenBSD 6.1 on my Lenovo ThinkPad x250. I use a
USB DAC to listen to music because the built-in laptop audio is
terrible.

OpenBSD appears to detect the USB audio device, but is unable to play
any sound through it. I've seen similar posts on this list regarding
USB 2.0 audio devices and various internal USB hub combinations
causing issues, and I'm wondering if this device + laptop combination
is a lost cause?

Here's what I tried:

$ mplayer beep.wav
# I hear a beep from speakers

# plug in USB DAC, it appears to be detected

$ usbdevs
addr 1: xHCI root hub, Intel
 addr 5: AudioQuest DragonFly, AudioQuest inc.
 addr 2: VFS5011 Fingerprint Reader, Validity Sensors
 addr 3: Bluetooth, Intel
 addr 4: Integrated Camera, J8AECPB08
addr 1: EHCI root hub, Intel
 addr 2: Rate Matching Hub, Intel

$ mplayer beep.wav
# I hear nothing

$ dmesg
...
uaudio0 at uhub0 port 1 configuration 1 interface 0 "AudioQuest inc.
AudioQuest DragonFly" rev 1.00/1.20 addr 5
uaudio0: audio rev 1.00, 2 mixer controls
audio1 at uaudio0
uaudio_chan_open: error creating pipe: err=INVAL endpt=0x01
audio1: failed to start playback

$ aucat -f rsnd/0 -i beep.wav
# sound from speakers

$ aucat -f rsnd/1 -i beep.wav
rsnd/1: unsupported audio params

$ mixerctl -f /dev/mixer0
inputs.dac-0:1=126,126
inputs.dac-2:3=126,126
record.adc-2:3_mute=off
record.adc-2:3=124,124
record.adc-0:1_mute=off
record.adc-0:1=124,124
inputs.mix_source=spkr3,mic2,beep
inputs.mix_spkr3=120,120
inputs.mix_mic2=120,120
inputs.mix_beep=120,120
inputs.mix2_source=dac-0:1,mix
inputs.mix3_source=dac-2:3,mix
inputs.mix4_source=dac-0:1,dac-2:3
inputs.mic=85,85
outputs.spkr_source=mix3
outputs.spkr_mute=off
outputs.spkr_eapd=on
outputs.hp_source=mix2
outputs.hp_mute=off
outputs.hp_boost=off
outputs.hp_eapd=on
outputs.spkr2_source=mix2
outputs.spkr2_mute=off
outputs.spkr2_boost=off
outputs.spkr2_eapd=on
inputs.spkr3=85,85
inputs.mic2=85,85
outputs.mic2_dir=input-vr80
record.adc-0:1_source=mic
record.adc-2:3_source=spkr3
outputs.hp_sense=unplugged
outputs.mic2_sense=unplugged
outputs.spkr_muters=hp
outputs.master=126,126
outputs.master.mute=off
outputs.master.slaves=dac-0:1,dac-2:3,spkr,hp,spkr2
record.volume=124,124
record.volume.mute=off
record.volume.slaves=adc-2:3,adc-0:1

$ mixerctl -f /dev/mixer1
outputs.spkr.mute=off
outputs.spkr=81,81

$ audioctl -f /dev/audioctl0
name=azalia1
mode=
pause=0
active=0
nblks=2
blksz=4416
rate=44100
encoding=s16le
play.channels=2
play.bytes=0
play.errors=0
record.channels=2
record.bytes=0
record.errors=0

$ audioctl -f /dev/audioctl1
name=uaudio0
mode=
pause=1
active=0
nblks=2
blksz=4410
rate=44100
encoding=s24le3
play.channels=2
play.bytes=0
play.errors=0
record.channels=2
record.bytes=0
record.errors=0

# try rebooting and disabling xhci using boot -c

$ usbdevs
addr 1: EHCI root hub, Intel
 addr 2: Rate Matching Hub, Intel

# plugging in the USB DAC it is not detected at all

# I also tried rebooting and disabling ehci using boot -c, just in
# case, but predictably it worked the same as it did originally

$ usbdevs
addr 1: xHCI root hub, Intel
 addr 2: AudioQuest DragonFly, AudioQuest inc.
 addr 3: VFS5011 Fingerprint Reader, Validity Sensors
 addr 4: Bluetooth, Intel
 addr 5: Integrated Camera, J8AECPB08

$ dmesg
...
uaudio0 at uhub0 port 1 configuration 1 interface 0 "AudioQuest inc.
AudioQuest DragonFly" rev 1.00/1.20 addr 2
uaudio0: audio rev 1.00, 2 mixer controls
audio1 at uaudio0

$ aucat -f rsnd/0 -i downloads/beep.wav
# beep from speakers

$ aucat -f rsnd/1 -i downloads/beep.wav
rsnd/1: unsupported audio params


What else should I try?

Caolan

OpenBSD 6.1: BOOTIA32 3.32 issue

[Michele Curti]

Hi all,
I tried to upgrade to OpenBSD 6.1 on an Asus X205TA (bay trail, 32 bit
efi, 64 bit os) but the bootloader do not correctly detect the internal
disk.

I also tried a fresh install, but things do not change.
Boot fails and when I do a "machine diskinfo" I got a lot of "?" 
symbols (a video here https://www.youtube.com/watch?v=fsomNX-oFTQ )

How can I debug the issue?

Thanks,
Michele