lock order reversal in dmesg?
Hi All, With one of the snapshots from Friday 1 June, I'm seeing more info in my dmesg than I typically do. Has some extra debugging been turned on? lock order reversal: 1st 0xff00bb0eecd8 vmmaplk (&map->lock) @ /usr/src/sys/uvm/uvm_fault.c:1441 2nd 0x80081138 drmdevlk (&dev->struct_mutex) @ /usr/src/sys/dev/pci/drm/i915/i915_gem.c:1801 lock order "&dev->struct_mutex"(rwlock) -> "&map->lock"(rwlock) first seen at: #0 witness_checkorder+0x494 #1 _rw_enter+0x56 #2 vm_map_lock_ln+0xac #3 uvm_map+0x191 #4 km_alloc+0x15a #5 bus_space_map+0x13b #6 i915_alloc_ifp+0x99 #7 intel_gtt_chipset_setup+0x152 #8 intel_enable_gtt+0x18 #9 i915_gem_init_hw+0x36 #10 i915_gem_init+0x23e #11 i915_driver_load+0xfb1 #12 inteldrm_attach+0x35b #13 config_attach+0x1fe #14 pci_probe_device+0x4e1 #15 pci_enumerate_bus+0xa7 #16 config_attach+0x1fe #17 mainbus_attach+0x237 #18 config_attach+0x1fe lock order "&map->lock"(rwlock) -> "&dev->struct_mutex"(rwlock) first seen at: #0 witness_checkorder+0x494 #1 _rw_enter_write+0x53 #2 i915_gem_object_wait_rendering__nonblocking+0x1ea #3 i915_gem_fault+0x137 #4 drm_fault+0x18a #5 uvm_fault+0x733 #6 trap+0x509 #7 Xalltraps_untramp+0xec lock order reversal: 1st 0x81ce85f8 &sched_lock (&sched_lock) @ /usr/src/sys/kern/kern_synch.c:444 2nd 0x8007e270 &dev_priv->irq_lock (&dev_priv->irq_lock) @ /usr/src/sys/dev/pci/drm/i915/intel_ringbuffer.c:1672 lock order "&dev_priv->irq_lock"(mutex) -> "&sched_lock"(sched_lock) first seen at: #0 witness_checkorder+0x494 #1 ___mp_lock+0x70 #2 schedclock+0x30 #3 hardclock+0xd5 #4 lapic_clockintr+0x2f #5 Xresume_lapic_ltimer+0x22 #6 x86_bus_space_mem_read_4+0x7 #7 i915_irq_handler+0x107 #8 intr_handler+0x68 #9 Xintr_ioapic_level11_untramp+0x141 #10 acpicpu_idle+0x232 #11 cpu_idle_cycle+0x10 lock order "&sched_lock"(sched_lock) -> "&dev_priv->irq_lock"(mutex) first seen at: #0 witness_checkorder+0x494 #1 _mtx_enter+0x31 #2 i9xx_ring_put_irq+0x35 #3 __i915_wait_request+0x344 #4 i915_gem_object_wait_rendering__nonblocking+0x1c6 #5 i915_gem_fault+0x137 #6 drm_fault+0x18a #7 uvm_fault+0x733 #8 trap+0x509 #9 Xalltraps_untramp+0xec Thanks!
mailing list archive page update recommendation
Hi All, It might be worth considering removing the reference to suish.net, as the weekly and daily lists haven't been updated since November 2017. https://www.openbsd.org/mail.html#Archives http://www.squish.net/pipermail/owc/ http://www.squish.net/pipermail/odc/ You might also consider linking here: http://openbsd-archive.7691.n7.nabble.com/
Re: IKED with multiple clients and nat
On 2018-06-01, J Vans <3...@startmail.com> wrote: > I am trying to route all of my ipv4 traffic through a particular server > using OpenIKED. I have it successfully set up so that each client can > connect, and the traffic passes through correctly, but it only works for > one client at a time. If Client A is connected by itself things work > just fine, but once I connect Client B, Client B works and client A no > longer is able to pass any traffic out. I restart IKED on Client A, and > Client B loses it's connection. > > I searched through misc and didn't find anyone talking about exactly > what I was trying to do, and a web search turned up one useful result > that claims using ikev2 I cannot do this without ipv6. > https://serverfault.com/questions/775238/two-road-warrior-clients-behind-the-same-nat-device-ikev2-strongswan-libreswa > The claim that nat can't differentiate between the traffic of each > client makes sense to me, but there is a lot I do not know. The claim in that reply about needing IPv6 and NAT not working is nonsense, the port numbers are different. This is exactly what NAT-T fixes. > I know that traffic can be tagged by IKED and have tried routing by tag > in pf to no avail. However, it is possible I have not done this correctly. > > My questions are: > > 1. If I want multiple "road warrior" clients behind nat in IKED do I > need to implement ipv6? > > 2. Is there a different way to accomplish this besides ipv6? > > > I don't have a setup handy to test at the moment but I don't think there's anything special to do here. If you show your config (iked, pf, outline of network setup) maybe somebody will notice something?
Re: IKED with multiple clients and nat
> On Jun 2, 2018, at 6:03 AM, Stuart Henderson wrote: > >> On 2018-06-01, J Vans <3...@startmail.com> wrote: >> I am trying to route all of my ipv4 traffic through a particular server >> using OpenIKED. I have it successfully set up so that each client can >> connect, and the traffic passes through correctly, but it only works for >> one client at a time. If Client A is connected by itself things work >> just fine, but once I connect Client B, Client B works and client A no >> longer is able to pass any traffic out. I restart IKED on Client A, and >> Client B loses it's connection. >> >> I searched through misc and didn't find anyone talking about exactly >> what I was trying to do, and a web search turned up one useful result >> that claims using ikev2 I cannot do this without ipv6. >> https://serverfault.com/questions/775238/two-road-warrior-clients-behind-the-same-nat-device-ikev2-strongswan-libreswa >> The claim that nat can't differentiate between the traffic of each >> client makes sense to me, but there is a lot I do not know. > > The claim in that reply about needing IPv6 and NAT not working is > nonsense, the port numbers are different. This is exactly what NAT-T > fixes. > >> I know that traffic can be tagged by IKED and have tried routing by tag >> in pf to no avail. However, it is possible I have not done this correctly. >> >> My questions are: >> >> 1. If I want multiple "road warrior" clients behind nat in IKED do I >> need to implement ipv6? >> >> 2. Is there a different way to accomplish this besides ipv6? >> >> >> > > I don't have a setup handy to test at the moment but I don't think > there's anything special to do here. If you show your config (iked, > pf, outline of network setup) maybe somebody will notice something? > I had a similar problem when trying to assign specific IP addresses based on asn1 id.
Re: Networking FAQ: VMM internet access
Thanks for updating. I don't understand the necessity of vether(4) interface in fourth option, I tested without it and didn't notice any change. But I would fail without your warning about DHCP, thank you :)
Re: IKED with multiple clients and nat
> On Jun 2, 2018, at 6:03 AM, Stuart Henderson wrote:
>
> > On 2018-06-01, J Vans <3...@startmail.com> wrote:
> > I am trying to route all of my ipv4 traffic through a particular server
> > using OpenIKED. I have it successfully set up so that each client can
> > connect, and the traffic passes through correctly, but it only works for
> > one client at a time. If Client A is connected by itself things work
> > just fine, but once I connect Client B, Client B works and client A no
> > longer is able to pass any traffic out. I restart IKED on Client A, and
> > Client B loses it's connection.
> >
> > I searched through misc and didn't find anyone talking about exactly
> > what I was trying to do, and a web search turned up one useful result
> > that claims using ikev2 I cannot do this without ipv6.
> > https://serverfault.com/questions/775238/two-road-warrior-clients-behind-the-same-nat-device-ikev2-strongswan-libreswa
> > The claim that nat can't differentiate between the traffic of each
> > client makes sense to me, but there is a lot I do not know.
>
> The claim in that reply about needing IPv6 and NAT not working is
> nonsense, the port numbers are different. This is exactly what NAT-T
> fixes.
>
> > I know that traffic can be tagged by IKED and have tried routing by tag
> > in pf to no avail. However, it is possible I have not done this correctly.
> >
> > My questions are:
> >
> > 1. If I want multiple "road warrior" clients behind nat in IKED do I
> > need to implement ipv6?
> >
> > 2. Is there a different way to accomplish this besides ipv6?
> >
> >
> >
>
> I don't have a setup handy to test at the moment but I don't think
> there's anything special to do here. If you show your config (iked,
> pf, outline of network setup) maybe somebody will notice something?
>
Thank you, I was after a "possible" or "not possible", and it sounds like what
I want to do is possible. Below are my the test configs.
I had a similar problem when trying to assign specific IP addresses based on
asn1 id.
I have this problem assigned ip addresses or no.
CONFIGS
Basically I have a vpn server on the public internet, and I want to be able to
be anywhere and route my traffic through that server.
CLIENT A ---\
> VPN > INTERNET
CLIENT B ---/
I am posting a less complicated setup, it is the configs from
http://puffysecurity.com/wiki/openikedoffshore.html
This setup works fine, but only for one client at a time. I can ping out on
one client, and as soon as I start iked on the other, the pinging stops.
In my more complicated setup I am using unbound for DNS and assigning static ip
addresses to each peer, but I am having this problem both ways so maybe start
simple and work from there.
SERVER CONFIGS
iked.conf
ikev2 passive ipcomp esp \
from 0.0.0.0/0 to 10.0.0.0/8 \
from 0.0.0.0/0 to 172.16.0.0/12 \
from 0.0.0.0/0 to 192.168.0.0/16 \
local $vpn_server_ip peer any \
srcid $vpn_server_ip \
tag IKED
pf.conf
set reassemble yes
set block-policy return
set loginterface egress
set skip on { lo, enc }
match in all scrub (no-df random-id max-mss 1440)
table persist
block in log
block in quick from urpf-failed label uRPF
block quick from
pass out all modulate state
pass in on egress proto udp from any to any port { isakmp, ipsec-nat-t }
pass in on egress proto { ah, esp }
pass out on egress \
from { 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 } \
to { ! 10.0.0.0/8, ! 172.16.0.0/12, ! 192.168.0.0/16 } \
nat-to (egress)
pass in quick inet proto icmp icmp-type { echoreq, unreach }
pass in quick proto tcp from any \
to (egress) port ssh \
flags S/SA modulate state \
(max-src-conn 15, max-src-conn-rate 15/5, overload flush
global)
sysctl.conf
net.inet.ip.forwarding=1
net.inet.ipcomp.enable=1
CLIENT CONFIGS (A and B are identical except $client_hostname)
iked.conf
ikev2 active ipcomp esp \
from 10.0.0.0/8 to 0.0.0.0/0 \
from 172.16.0.0/12 to 0.0.0.0/0 \
from 192.168.0.0/16 to 0.0.0.0/0 \
peer $vpn_server_ip \
srcid $client_hostname \
tag IKED
pf.conf
set reassemble yes
set block-policy return
set loginterface egress
set skip on { lo, enc }
match in all scrub (no-df random-id max-mss 1440)
table persist
block in log
block in quick from urpf-failed label uRPF
block quick from
pass out all modulate state
pass in quick inet proto icmp icmp-type { echoreq, unreach }
pass in quick proto tcp from any \
to (egress) port ssh \
flags S/SA modulate state \
(max-src-conn 15, max-src-conn-rate 15/5, overload flush
global)
sysctl.conf
net.inet.ip.forwarding=1
net.inet.ipcomp.enable=1
Re: Networking FAQ: VMM internet access
On Sat, Jun 02, 2018 at 06:26:16PM +0300, Leonid Bobrov wrote: > Thanks for updating. > > I don't understand the necessity of vether(4) interface in fourth > option, I tested without it and didn't notice any change. But I would > fail without your warning about DHCP, thank you :) > Hm, it failed for me without vether. Probably need someone more versed in networking internals to take a look at it.
Is anyone able to use certificates with openbsd iked/ikev2 and Apple iOS (iphone)?
Hello Last year (before about 3/27/2017 when "Add support for RFC4754 (ECDSA) and RFC7427 authentication" diff was committed to current), I had set up and had been able to connect iOS devices (iphone/ipad) to OpenBSD's iked, and have ikev2 VPN's happen, almost as if by, magic. Authentication was accomplished using certificates signed by a local authority and then distributed to the iOS devices. Since 3/27/17, this has not been working. I sent a couple of emails about this last year (the initial one: https://marc.info/?l=openbsd-bugs&m=149706080419488&w=2). Over the last year, I have tried many things. Even though I don't know anything about programming (or C), I tried making little changes to the iked source, all without success. (Is that any surprise? No. I was amazed at times that my changes even resulted in a program that would actually start up and run.) I have tried creating several different CA's and certificates, using various different algorithms (ECDSA and RSA, with varying key lengths), all without success. For example, I just tried creating a CA and certificates with ECDSA384/SHA2-384; I distribute those to the iOS device (which supports them), but, iked will not accept them and create a tunnel. In iked.conf, if I don't explicitly state something like "ecdsa384" as the authentication method (and, this requires having a local copy of the public key on the openbsd machine), iked falls back to rfc7427 for authentication, but it appears that iOS does not support this (yet?). I have been downgrading iked to a version before the 3/27/17 (every time I update -current), and this still allows my old certificates to work. But, that doesn't seem sustainable. I have no idea how to proceed? Has anyone been able to get -current (or at least, a snapshot after 3/27/17) version of iked to work with any iOS devices using certificates successfully? If so, I would really appreciate some advice on how it can be done. Thanks Ted
[ot] what happened to devio.us?
hi, what happened to the service at wolfman.devio.us? it's now been 15 days that i have been unable to log in. hope all is well.
pgrep/pkill in rc script
I have a 6.3 machine running four Minecraft instances (i.e. Java apps). I recently changed the rc script for one of them to use additional Java command-line arguments. I believe I ran into something similar to https://marc.info/?l=openbsd-misc&m=138268000201733, where pgrep would no longer match the command arguments since it was longer than 16 characters (although in my case it didn't match either from script or shell). However, the 16-character limit doesn't seem right, because my old command was already longer. Old command: /usr/local/jre-1.8.0/bin/java -Xms1536M -Xmx1536M -jar /var/games/minecraft/minecraft_server.jar nogui New command: /usr/local/jre-1.8.0/bin/java -server -Xms1536M -Xmx1536M -XX:+UseConcMarkSweepGC -XX:+UseParNewGC -XX:+CMSIncrementalPacing -XX:ParallelGCThreads=2 -XX:+AggressiveOpts -jar /var/games/minecraftss/minecraft_server.jar nogui So, with the old command, it's only comparing "-Xms1536M -Xmx" at 16 characters (or /usr/local/jre if it's referring to the executable), so I would think it wouldn't have worked with the old command, either. Fortunately, I was already running the four as different users, so I could work around it by using pgrep/pkill -U. However, I'm curious about the 16-character limit; I looked at the source for pkill, and the only limit I saw was _POSIX2_LINE_MAX. Or was the limit a red herring, and something else was causing my problem? Thanks.
NAT64 configuration issues
I'm struggling with a NAT64 config for my network and hoping someone
could hit me with a clue bat.
This is going to require a bit of explanation because the IPv6 clients
are not directly behind the OpenBSD server. So bear with me on this one.
+-+
| Router |
| |
| |
| |
+++
|| Gi0/1: 38.87.35.97 / 2606:9c80:3:1::/64 eui-64
||
OSPF |
|| Vio0: 38.87.35.102 / inet6 autoconf
+++
| OBSD Server |
| |
| |
| |
+++
|
|
|
| Vio1: 2606:9c80:dead:beef::38.87.35.102/96
X
Vio1 isn't actually connected to anything. But it carries an address
with my NAT64 prefix. OSPF is configured to redistributed connected
prefixes.
My pf.conf looks like this:
nat64# cat /etc/pf.conf
# $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
#
# See pf.conf(5) and /etc/examples/pf.conf
set skip on lo
# NAT64
pass in quick on vio1 inet6 from any to 2606:9c80:dead:beef::/96 \
af-to inet from (egress:0) keep state rtable 0
# Default firewall state
block return# block stateless traffic
pass# establish keep-state
# By default, do not permit remote connections to X11
block return in on ! lo0 proto tcp to port 6000:6010
# Port build user does not need network
block return out log proto {tcp udp} user _pbuild
IP Forwarding is enabled:
nat64# sysctl -a | grep forwarding
net.inet.ip.forwarding=1
net.inet.ip.mforwarding=0
net.inet6.ip6.forwarding=1
net.inet6.ip6.mforwarding=0
>From other places on the network, I can ping Vio1:
--- 2606:9c80:dead:beef::38.87.35.102 ping6 statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.206/0.258/0.316/0.045 ms
And the prefix is in the routing table:
#show ipv6 route 2606:9c80:dead:beef::/96
VRF name: default
Routing entry for 2606:9c80:dead:beef::/96
Codes: C - connected, S - static, K - kernel, O3 - OSPFv3, B - BGP, R -
RIP, A B - BGP Aggregate, I L1 - ISIS level 1, I L2 - ISIS level 2, NG -
Nexthop Group Static Route
O3 2606:9c80:dead:beef::/96 [110/20]
via fe80::99b8:c8c1:bceb:f98f, Vlan111
But I cannot ping out:
$ ping6 2606:9c80:dead:beef::808:808
PING6(56=40+8+8 bytes) 2606:9c80:3:1:5054:ff:fea3:911b -->
2606:9c80:dead:beef::808:808
^C
--- 2606:9c80:dead:beef::808:808 ping6 statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss
But I do see traffic hitting my OpenBSD box on the NAT64 prefix:
nat64# tshark -i vio0 -f "net 2606:9c80:dead:beef::/96"
Capturing on 'vio0'
1 0.00 2606:9c80:3:1:5054:ff:fea3:911b ?
2606:9c80:dead:beef::808:808 ICMPv6 70 Echo (ping) request
id=0xd104, seq=226, hop limit=63
2 1.025972 2606:9c80:3:1:5054:ff:fea3:911b ?
2606:9c80:dead:beef::808:808
-Daniel
relayd(8) relay to unix domain socket
Hello, Is it possible to relay to unix domain socket using relayd(8)? It seems that relayd(8) only works with protocols on top of IP. Here is my usecase: I have application server that only able to listen HTTP. (there are alternatives that work with fastcgi, and I can use them with httpd(8), but I want to run this one). I can make my server listen localhost, but I believe that two servers running on same machine should use domain sockets: it is simpler to implement security (no need to use pf, I can stay with file permissions to restrict which processes may access it) and in theory there is no TCP/IP overhead. Ilya
Re: relayd(8) relay to unix domain socket
On Sun, 3 Jun 2018 00:57:11 +0300 IL Ka wrote: > Is it possible to relay to unix domain socket using relayd(8)? > It seems that relayd(8) only works with protocols on top of IP. That's a good question. A similar question I would have is whether it is able to relay connections arbitrarily between IPv4 and IPv6. I wonder if it wouldn't be easier to hack something together with inetd(8) if you want to serve a unix domain socket over TCP/IP.
Re: relayd(8) relay to unix domain socket
> > > That's a good question. A similar question I would have is whether it is > able to relay connections arbitrarily between IPv4 and IPv6. > from relayd.conf: inet6 address-prefix: If the requested destination is an IPv4 address, relayd(8) will forward the connection to an IPv6 address So I believe it should work, but I have not tried it because I do not use ipv6. > > I wonder if it wouldn't be easier to hack something together with > inetd(8) if you want to serve a unix domain socket over TCP/IP. > I like application level (level 7) relay that relayd does for me, I do not think inetd(8) is aware of http:) And I also need TLS (https) that httpd and relayd can do. It seems that I have 2 solutions: 1) client--relayd--(http over tcp)--my_app_server 2) client--httpd--(fastcgi over domain socket)--my_app_server I want to serve my static files with httpd (should be faster than my application server, and more secure thanks to chroot), so I will go with second approach probably.
Re: NAT64 configuration issues
So I fixed this configuration simply by removing the /64 from Vio0. I
guess the IPv4 LAN segment can't have any preexisting IPv6 on it.
Thanks.
-Daniel
On 6/2/2018 15:51, Daniel Corbe wrote:
> I'm struggling with a NAT64 config for my network and hoping someone
> could hit me with a clue bat.
>
> This is going to require a bit of explanation because the IPv6 clients
> are not directly behind the OpenBSD server. So bear with me on this one.
>
> +-+
> | Router |
> | |
> | |
> | |
> +++
> || Gi0/1: 38.87.35.97 / 2606:9c80:3:1::/64 eui-64
> ||
> OSPF |
> || Vio0: 38.87.35.102 / inet6 autoconf
> +++
> | OBSD Server |
> | |
> | |
> | |
> +++
>|
>|
>|
>| Vio1: 2606:9c80:dead:beef::38.87.35.102/96
> X
>
> Vio1 isn't actually connected to anything. But it carries an address
> with my NAT64 prefix. OSPF is configured to redistributed connected
> prefixes.
>
> My pf.conf looks like this:
>
> nat64# cat /etc/pf.conf
> # $OpenBSD: pf.conf,v 1.55 2017/12/03 20:40:04 sthen Exp $
> #
> # See pf.conf(5) and /etc/examples/pf.conf
>
> set skip on lo
>
> # NAT64
> pass in quick on vio1 inet6 from any to 2606:9c80:dead:beef::/96 \
> af-to inet from (egress:0) keep state rtable 0
>
> # Default firewall state
> block return# block stateless traffic
> pass# establish keep-state
>
> # By default, do not permit remote connections to X11
> block return in on ! lo0 proto tcp to port 6000:6010
>
> # Port build user does not need network
> block return out log proto {tcp udp} user _pbuild
>
> IP Forwarding is enabled:
>
> nat64# sysctl -a | grep forwarding
> net.inet.ip.forwarding=1
> net.inet.ip.mforwarding=0
> net.inet6.ip6.forwarding=1
> net.inet6.ip6.mforwarding=0
>
> From other places on the network, I can ping Vio1:
>
> --- 2606:9c80:dead:beef::38.87.35.102 ping6 statistics ---
> 3 packets transmitted, 3 packets received, 0.0% packet loss
> round-trip min/avg/max/std-dev = 0.206/0.258/0.316/0.045 ms
>
> And the prefix is in the routing table:
>
> #show ipv6 route 2606:9c80:dead:beef::/96
>
> VRF name: default
> Routing entry for 2606:9c80:dead:beef::/96
> Codes: C - connected, S - static, K - kernel, O3 - OSPFv3, B - BGP, R -
> RIP, A B - BGP Aggregate, I L1 - ISIS level 1, I L2 - ISIS level 2, NG -
> Nexthop Group Static Route
>
> O3 2606:9c80:dead:beef::/96 [110/20]
>via fe80::99b8:c8c1:bceb:f98f, Vlan111
>
>
> But I cannot ping out:
>
> $ ping6 2606:9c80:dead:beef::808:808
> PING6(56=40+8+8 bytes) 2606:9c80:3:1:5054:ff:fea3:911b -->
> 2606:9c80:dead:beef::808:808
> ^C
> --- 2606:9c80:dead:beef::808:808 ping6 statistics ---
> 3 packets transmitted, 0 packets received, 100.0% packet loss
>
> But I do see traffic hitting my OpenBSD box on the NAT64 prefix:
>
> nat64# tshark -i vio0 -f "net 2606:9c80:dead:beef::/96"
> Capturing on 'vio0'
> 1 0.00 2606:9c80:3:1:5054:ff:fea3:911b ?
> 2606:9c80:dead:beef::808:808 ICMPv6 70 Echo (ping) request
> id=0xd104, seq=226, hop limit=63
> 2 1.025972 2606:9c80:3:1:5054:ff:fea3:911b ?
> 2606:9c80:dead:beef::808:808
>
> -Daniel
>
System crash freeze after patching OpenBSD 6.3
Hi,
My system started crashing and freezing after applying the latest patch.
Only a hard reset by pressing the power button brings the system back.
The symptoms seem identical to that described in:
https://marc.info/?l=openbsd-misc&m=152753921800394
The error I get is:
Kernel: protection fault trap, code=0
Stopped at wakeup_nt0 xae movq %rcx 0(%rax)
ddb{0}>
I'm unable to type anything at the ddb prompt.
Anybody else having similar issues after the latest patching? My current
patches are:
001_perl
002_libtls
003_arp
004_gif
005_httpd
006_ipseclen
007_libcrypto
008_ipsecout
dmesg is as follows:
OpenBSD 6.3 (GENERIC.MP) #3: Fri May 18 00:06:26 CEST 2018
r...@syspatch-63-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 8495558656 (8101MB)
avail mem = 8231010304 (7849MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.3 @ 0xf0450 (77 entries)
bios0: vendor Dell Inc. version "2.4.1" date 08/21/2007
bios0: Dell Inc. OptiPlex 745
acpi0 at bios0: rev 2
acpi0: TCPA checksum error
acpi0: sleep states S0 S1 S3 S4 S5
acpi0: tables DSDT FACP SSDT APIC BOOT ASF! MCFG HPET TCPA SLIC
acpi0: wakeup devices VBTN(S4) PCI0(S5) PCI4(S5) PCI2(S5) PCI3(S5) PCI1(S5)
PCI5(S5) PCI6(S5) USB0(S3) USB1(S3) USB2(S3) USB3(S3) USB4(S3)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Pentium(R) D CPU 3.40GHz, 3389.54 MHz
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,CNXT-ID,CX16,xTPR,PDCM,NXE,LONG,LAHF,MELTDOWN
cpu0: 2MB 64b/line 8-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 199MHz
cpu0: mwait min=64, max=64
cpu1 at mainbus0: apid 1 (application processor)
cpu1: Intel(R) Pentium(R) D CPU 3.40GHz, 3389.04 MHz
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,DTES64,MWAIT,DS-CPL,VMX,EST,CNXT-ID,CX16,xTPR,PDCM,NXE,LONG,LAHF,MELTDOWN
cpu1: 2MB 64b/line 8-way L2 cache
cpu1: smt 0, core 1, package 0
ioapic0 at mainbus0: apid 8 pa 0xfec0, version 20, 24 pins
, remapped to apid 8
acpimcfg0 at acpi0 addr 0xe000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 4 (PCI4)
acpiprt1 at acpi0: bus 2 (PCI2)
acpiprt2 at acpi0: bus -1 (PCI3)
acpiprt3 at acpi0: bus 1 (PCI1)
acpiprt4 at acpi0: bus 3 (PCI5)
acpiprt5 at acpi0: bus -1 (PCI6)
acpiprt6 at acpi0: bus 0 (PCI0)
acpicpu0 at acpi0: C1(@1 halt!)
acpicpu1 at acpi0: C1(@1 halt!)
acpibtn0 at acpi0: VBTN
memory map conflict 0xbf603c00/0x9fc400
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel 82Q965 Host" rev 0x02
ppb0 at pci0 dev 1 function 0 "Intel 82Q965 PCIE" rev 0x02: msi
pci1 at ppb0 bus 1
inteldrm0 at pci0 dev 2 function 0 "Intel 82Q965 Video" rev 0x02
drm0 at inteldrm0
intagp0 at inteldrm0
agp0 at intagp0: aperture at 0xd000, size 0x1000
inteldrm0: msi
inteldrm0: 1920x1080, 32bpp
wsdisplay0 at inteldrm0 mux 1: console (std, vt100 emulation)
wsdisplay0: screen 1-5 added (std, vt100 emulation)
"Intel 82Q965 Video" rev 0x02 at pci0 dev 2 function 1 not configured
uhci0 at pci0 dev 26 function 0 "Intel 82801H USB" rev 0x02: apic 8 int 16
uhci1 at pci0 dev 26 function 1 "Intel 82801H USB" rev 0x02: apic 8 int 17
ehci0 at pci0 dev 26 function 7 "Intel 82801H USB" rev 0x02: apic 8 int 22
usb0 at ehci0: USB revision 2.0
uhub0 at usb0 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00
addr 1
azalia0 at pci0 dev 27 function 0 "Intel 82801H HD Audio" rev 0x02: msi
azalia0: codecs: Analog Devices AD1983
audio0 at azalia0
ppb1 at pci0 dev 28 function 0 "Intel 82801H PCIE" rev 0x02: msi
pci2 at ppb1 bus 2
ppb2 at pci0 dev 28 function 4 "Intel 82801H PCIE" rev 0x02: msi
pci3 at ppb2 bus 3
bge0 at pci3 dev 0 function 0 "Broadcom BCM5754" rev 0x02, BCM5754/5787 A2
(0xb002): msi, address 00:1a:a0:ba:d6:36
brgphy0 at bge0 phy 1: BCM5787 10/100/1000baseT PHY, rev. 0
uhci2 at pci0 dev 29 function 0 "Intel 82801H USB" rev 0x02: apic 8 int 23
uhci3 at pci0 dev 29 function 1 "Intel 82801H USB" rev 0x02: apic 8 int 17
uhci4 at pci0 dev 29 function 2 "Intel 82801H USB" rev 0x02: apic 8 int 18
ehci1 at pci0 dev 29 function 7 "Intel 82801H USB" rev 0x02: apic 8 int 23
usb1 at ehci1: USB revision 2.0
uhub1 at usb1 configuration 1 interface 0 "Intel EHCI root hub" rev 2.00/1.00
addr 1
ppb3 at pci0 dev 30 function 0 "Intel 82801BA Hub-to-PCI" rev 0xf2
pci4 at ppb3 bus 4
pcib0 at pci0 dev 31 function 0 "Intel 82801H LPC" rev 0x02
pciide0 at pci0 dev 31 function 2 "Intel 82801H SATA" rev 0x02: DMA, channel
0 configured to na
Redistributing AS-external nexthops over OSPF
Hi all,
I've been doing a bit of labbing with some OpenBSD VM's in order to try and
learn how to use OpenBSD's OSPF and BGP tools, as my prior experience in this
sort of thing is running BIRD on Linux in dn42 [1].
In my current lab configuration, I have six OpenBSD VM's which I have divided
into two clusters of three nodes. Each cluster is fully meshed over gre(4)
point-to-point links, and each node has its primary IP addresses configured
on a second lo(4) device -- link-local addresses are used on the gre(4)
interfaces.
++ ++
| 01 |--++--| 04 |
++ || ++
| ++ ++ |
| | 00 | | 03 | |
| ++ ++ |
++ || ++
| 02 |--++--| 05 |
++ ++
On each of these nodes, I have configured ospf{,6}d(8) to broadcast down the
point-to-point gre(4) links and consider the second loopback as a stub
interface, i.e.:
area 0.0.0.0 {
# Each node in each cluster of three has two direct
# peers
interface gre0
interface gre1
interface lo1 { passive }
}
I have also configured bgpd(8) on each VM host and assigned an AS number to
each of the two clusters, the goal being to create an eBGP peering between
the two clusters and make each node in the first cluster reachable to each
node in the second cluster and vice versa.
I have therefore set up a gre(4) tunnel between the nodes labelled "00" and
"03" in the ASCII art above, and configured a BGP link between the two. The
external routes are propagated to all the nodes in both clusters, however
the issue I have is that I can't find a way to automatically propagate the
nexthop addresses (on the gre(4) tunnel between "00" and "03") to the other
routers behind them.
Attaching the ospfd's to the tunnel linking the two clusters (both in active
and passive mode) does not propagate these routes via OSPF. It's probably
possible to solve this issue by rewriting the nexthop attribute on the
border routers in bgpd(8), however I'm hesistant to do this having been
cautioned against it previously. I'm able to handle external nexthops at the
OSPF level with my BIRD-on-Linux configuration, so I'm not sure what I need
to be doing on OpenBSD to achieve the same result.
Cheers,
multiplexd
[1]: https://dn42.eu
Re: System crash freeze after patching OpenBSD 6.3
On June 2, 2018 5:44:01 PM AKDT, Joseph Olatt wrote:
>Hi,
>
>My system started crashing and freezing after applying the latest
>patch.
>Only a hard reset by pressing the power button brings the system back.
>The symptoms seem identical to that described in:
>
> https://marc.info/?l=openbsd-misc&m=152753921800394
>
>The error I get is:
>
> Kernel: protection fault trap, code=0
> Stopped at wakeup_nt0 xae movq %rcx 0(%rax)
> ddb{0}>
>
I've been doing some googling. Something is covered up. That "xae" appears
to be a rather 'sensitive' acromym of sorts for something to do with a remote
kill switch for automotive applications... Why would it show up in BSD code?
--
https://www.colmena.biz/~justina/contacto.php
