Re: OpenBSD runs hotter than Linux with same laptop, draws more electricity?

[Kirill A . Korinsky]

On Tue, 02 Jul 2024 09:54:09 +0100,
Stuart Henderson  wrote:
> 
> A lot of this is down to Linux having spent more time on optimising
> things for power consumption. Things like choices made in the scheduler
> (deciding which cpu to run a process on) have an effect, especially on
> certain cpu types, as well as code selecting cpu frequencies etc.
> 

Also, not all drivers support hardware power saving features. For example,
as far as I know, iwx and similar drivers do not.

-- 
wbr, Kirill

Re: /tmp on mfs is blocked

[Kirill A . Korinsky]

and here we go:

~ $ ps auxl | grep D
USER PID %CPU %MEMVSZ   RSS TT STAT   STARTED   TIME COMMAND
  UID  PPID CPU PRI NI WCHAN
root   40744 0.0 1.3 1049488 218256 ?? D 2:59PM0:13.90 
/sbin/mount_nfs 0 1  0 -18  0 anonget
catap  13530 0.0 2.0 1039528 330124 ?? DpU   3:04PM0:23.48 
ungoogled-chromi 1000 68942  0 -18  0 fltasgi
catap   7160 0.0 0.7 821464 107612 ?? DpU   3:04PM0:04.48 
ungoogled-chromi 1000 68942  0  -5  0 biowait
catap  26061 0.0 0.6 766536 92496 ?? DpU   3:05PM0:00.77 
ungoogled-chromi 1000 68942  0  -5  0 biowait
catap  81520 0.0 0.0  1528  1176 p3 D+p   5:23PM0:00.00 ls /tmp 
 1000 62543  0  10  0 inode
catap  57257 0.0 0.0   108   384 C0 R+/1  5:24PM0:00.00 grep D  
 1000 70049 29  53  0 -
~ $ doas sysctl ddb.trigger=1
Stopped at  db_enter+0x14:  popq%rbp
ddb{0}> show locks
exclusive rwlock sysctllk r = 0 (0x82739928)
exclusive kernel_lock _lock r = 0 (0x827c32d0)
ddb{0}>

Thus, doas reboot won't reboot machine from this state. After that
machine is completly stuck. Reboot from ddb works. shutdown -r now also
doesn't work.

And easy way to achive this is run VM inside VMD which forces system to
start using swap. As soon as it uses swap, around 500-700 mb is enough, 300
doesn't, it goes into this state.

Should I dulicate it inside bugs@?

--
wbr, Kirill

Re: /tmp on mfs is blocked

[Kirill A . Korinsky]

>
> I never doubt that, but I had rebuild kernel on my machine with WITNESS, to
> be able to get more usefull reason if such case happened again.
>

Seems that I had boot wrong kernel, or

option WITNESS
option WITNESS_WATCH

wasn't enough, will reboot and double test it. The good news that I can
reproduce it releativly easy.

Anyway, here ps with l:

src $ ps auxl | grep D
USER   PID %CPU %MEM   VSZ   RSS TT  STAT   STARTED   TIME COMMAND  
  UID  PPID CPU PRI  NI WCHAN
root 55404  0.0  4.5 1049492 734588 ??  D  Fri02AM0:14.09 
/sbin/mount_mfs  0 1   0 -18   0 anonget
catap66849  0.0  2.6 395840 427736 ??  DpUFri02AM3:41.21 
ungoogled-chromi  1000 82788   1  -5   0 vinvalb
catap56100  0.0  1.4 895404 235868 ??  DpUFri02AM1:39.80 
ungoogled-chromi  1000 82788   0  -5   0 getblk
catap33124  0.0  1.7 988916 287816 ??  DpUFri02AM0:39.19 
ungoogled-chromi  1000 82788   0  -5   0 biowait
catap22342  0.0  1.0 820260 173008 ??  DpU10:46AM0:06.15 
ungoogled-chromi  1000 82788   0  -5   0 getblk
catap64977  0.0  0.0  1348  4044 ??  D   2:12PM0:00.01 
/usr/X11R6/bin/x  1000 70379   0  10   0 inode
catap93974  0.0  0.0  1140  1804 p2  D+p 2:12PM0:00.00 man ps   
 1000  6039   0  -5   0 getblk
catap68803  0.0  0.0   796  1332 p3  S+p 2:16PM0:00.00 grep D   
 1000 55628   0  -6   0 piperd
src $

anything which is touching /tmp is blocked, and df -i says:

mfs:55404  2028910296608   163085816% 326  269816 1%   
/tmp

and top says about this

load averages:  0.75,  0.94,  1.26   matebook.local 14:21:53
135 processes: 1 running, 130 idle, 4 on processorup 0 days 12:13:33
4   CPUs:  2.3% user,  0.0% nice,  0.9% sys,  0.5% spin,  0.0% intr, 96.3% 
id
Memory: Real: 10G/14G act/tot Free: 895M Cache: 2631M Swap: 555M/16G

--
wbr, Kirill

Re: /tmp on mfs is blocked

[Kirill A . Korinsky]

On Fri, 28 Jun 2024 11:09:56 +0100,
Crystal Kolipe  wrote:
> 
> The mfs code has been stable for many releases in all of these scenarios.
> 

I never doubt that, but I had rebuild kernel on my machine with WITNESS, to
be able to get more usefull reason if such case happened again.

-- 
wbr, Kirill

Re: /tmp on mfs is blocked

[Kirill A . Korinsky]

On Fri, 28 Jun 2024 07:24:16 +0100,
Dan  wrote:
> 
> What about permissions over /tmp?
> 
> I really think you are talking of /tmp over mfs, mh.. in my own
> flavour (different setup) I have to *very versatilly* adjust permissions
> to use it. Never mind.. I'm wondering you remain locked there..
>

Well, I had issue with wrong permission at /tmp on mfs and it lead to
discover a bug inside emacs' tram mode :)

Neverless this setup with /tmp on mfs seems to have right perssion, at least
right enough to run X11 and things like Chrome for something like a month.

-- 
wbr, Kirill

/tmp on mfs is blocked

[Kirill A . Korinsky]

misc@,

I just encountered wired case when my /tmp was blocked, and nothing had
worked.

via ps I saw:

  root 59095  0.0  1.1 1049488 174152 ??  D  Wed10PM0:40.02 
/sbin/mount_mfs -o rw -o nodev -o nosuid -s 1024m swap /tmp

and fstat -p 59095 points nothing abnormal:

  USER CMD  PID   FD MOUNTINUM  MODE R/WSZ|DV
  root mount_mfs  59095 text /   53639  -r-xr-xr-x r   240160
  root mount_mfs  59095   wd /   2  drwxr-xr-x r  512

htop reports that some swap was used and df points that ~200mb were used and
/tmp had plenty of free space.

Have you seen that before? How can I dig it future?

-- 
wbr, Kirill

Re: accidentally overwritten wrong drive with DD, please help

[Kirill A . Korinsky]

On Thu, 27 Jun 2024 21:33:15 +0100,
Anon Loli  wrote:
> 
> It'd be nice if someone can share any experiences with this matter (which 
> fall under the
> conditions that which I imposed on myself), especially fsdb, assuming that it
> can actually help in this matter... in an understandable fashion... unless I
> waste 5 days on it (and still get nothing lol)
>

Something like 20 years ago I had reformated XFS with some data and rebuild
it's from scratch. I have lost almost none metadata, and it was possible to
rebuild. It took me couple of weeks to do it.

Your case much worst. I have no idea how FFS is designed, but I bet that you
had lost all your file names. Anyway, content of files should be intact that
can be extracted with some kind of fuzzy search.

But if you have some encrypted blobs, find them can be another challenge.

Can you rebuild your FS from scratch by hand? Well, it is possible, but I
think that you need to invest months, maybe years, of work.

> 
> So as far as I understand, because of the 1st 74M being gone (the index of the
> FS and stuff I'm guessing), that's like the entire FS is corrupt, so I'm
> guessing I'd somehow have to go trough the entire 220/239G of data with 
> fsdb...
> and my guess is that it won't be fast
> 

I suggest you to use some software that may scan your image and try to
extract something. But I can't suggest anything which may support OpenBSD FS.

-- 
wbr, Kirill

Re: accidentally overwritten wrong drive with DD, please help

[Kirill A . Korinsky]

On Thu, 27 Jun 2024 16:02:36 +0100,
Anon Loli  wrote:
> 
> I'm not using anything commercial OR proprietary
>
[...]
> 
> No one is getting any image or file or anything from me, and I'm not sending 
> my
> drives to anyone. This might sound rude or stupid to you, I'm sorry, but 
> that's
> not debatable..
>

Well, when you're on you own.

I really doubt that many software supports OpenBSD FS.

> It sure does sound like a hobby for a while!
>
> Can't I just need to somehow fix the 1st 74M, and then somehow magically the
> FFS sd3i magically is alive again, mountable and ridable? (get the 
> double-meaning?
> xD)
> I'm wondering how filesystems and how FFS2 works, and if maybe the 74M can be
> somewhat easily fixable, like do filesystems keep an index of files and I
> overwrote 74M of that index, or something like that?
>

"something like that", indeed.

At begining FS, far less that the first 74M, it has the header and some
structures that defines trees and other things like file names.

Can you recreate it? Perhabs.

-- 
wbr, Kirill

Re: accidentally overwritten wrong drive with DD, please help

[Kirill A . Korinsky]

On Thu, 27 Jun 2024 05:12:57 +0100,
Anon Loli  wrote:
> 
> But the steps that I already took is good, right? Is my corrupt data backed up
> at least? I need the raw disc copy, not the sd3i copy, right? Should I copy
> both? I have space
>

Made as many copy of different things as you can. Better to make useless
copy here now than miss something and understand it when no return.

> 
> why is everyone recommending rsync then?
> 

Personally, I understand your emails at some point like you had FS with
files mounted. Probably not only I had understand it that way.

> 
> No kidding? The 1st few people made it sound like it's going to be relatively
> easy :(
> 

Depends on your luck.

Right now we have some comercial and open-source software which may support
OpenBSD FS, or may simple make a search in data to get some files.

Anyway, this isn't easy and fast task.

If you really need your data I suggest to contact a few companies which
recover data, explain to them that had happened and provide to them your
images.

Different tools may find different files, or different part of the same file
:) and after that you need to recombinided it into your real files.

Sounds like a hobby for a while, isn't it?

-- 
wbr, Kirill

Re: accidentally overwritten wrong drive with DD, please help

[Kirill A . Korinsky]

On Tue, 25 Jun 2024 04:05:45 +0100,
"B. Atticus Grobe"  wrote:
> 
> A word of warning: even multiple overwrites are not guaranteed to erase any 
> kind
> of flash-based storage. This applies even to some spinning rust now that have
> intermediate flash storage caches on them (although those tend to be
> enterprise-level devices).
> 
> SSD/NVME's made by a reputable manufacturer usually have a secure delete 
> function,
> but there are cases where this doesn't work, or doesn't work entirely, etc.
> 

This is a very interesting point, thank you.

Do you know any kind of behavior for TRIM? 

So, literally, here no way to secure remove data from SSD/NVME.

-- 
wbr, Kirill

Re: accidentally overwritten wrong drive with DD, please help

[Kirill A . Korinsky]

On Mon, 24 Jun 2024 19:29:52 +0100,
Anon Loli  wrote:
> 
> Encryption is a must, it's not just family photos, but even if it was, I'm
> still not putting them on clear disk
>

You may fill your disk, after you recover everything with random data.
Couple of times. It removes everything.

-- 
wbr, Kirill

Re: libopensmtpd with res_query_async never calls cb

[Kirill A . Korinsky]

On Fri, 14 Jun 2024 13:13:17 +0100,
Kirill A. Korinsky  wrote:
> 
> Anyway, I'm puzzling that to do next.
>

long story short: my code contains asr_abort and when it had happened it
doesn't decrease internal counter that lead to the deadlock.

Anyway, I suggest to add DEBUG print into asr_abort because right now it is
missed, and such output may save many hours of debuging.

Something like this:

diff --git lib/libc/asr/asr.c lib/libc/asr/asr.c
index c4ee2dd103f..afdbe00 100644
--- lib/libc/asr/asr.c
+++ lib/libc/asr/asr.c
@@ -173,6 +173,8 @@ DEF_WEAK(asr_resolver_free);
 void
 asr_abort(struct asr_query *as)
 {
+   DPRINT("asr: asr_abort(%p) %s ctx=[%p]\n", as,
+   _asr_querystr(as->as_type), as->as_ctx);
_asr_async_free(as);
 }
 


-- 
wbr, Kirill

Re: booting and RAID-5

[Kirill A . Korinsky]

On Sat, 15 Jun 2024 14:05:07 +0100,
Marco van Hulten  wrote:
> 
> Would a good approach be to create a root device on one disk (and maybe
> altroots on one or both of the others) and use the rest of all disks as
> RAID-5 device?  Or is there a good reason to boot from a disk separate
> from the envisioned RAID-5 configuration?
> 

Why not use dedicated RAID-1 for / instead?

-- 
wbr, Kirill

Re: Do I need to wipe encrypted dual boot NVME before installation

[Kirill A . Korinsky]

On Sat, 15 Jun 2024 10:01:51 +0100,
lafermedesanim...@posteo.net wrote:
> 
> I have a dual boot Devuan/OpenBSD, I wrote random data on my
> drive and then install the OSes, both are encrypted.
> Now, I want to remove this dual boot to have only OpenBSD
> and use it as a daily driver.
> My plan for this is to boot a GNU/Linux live usb, erase LUKS keys
> with cryptsetup command, use the wipefs command to erase LUKS
> header and reinstall OpenBSD with full disk encryption.
> Is it secure enough ? Do I need to do something with OpenBSD
> encrypted data as I have to with the LUKS keys/header on GNU/Linux ?
> 

Probably I don't understand your attack vecor, but where I stay if you
reinstall with reformat whole disk, old data on the disk will be replaced or
not, but it shouldn't create an issue, should it?

-- 
wbr, Kirill

Re: crippled my laptop trying to reclaim root space

[Kirill A . Korinsky]

On Thu, 13 Jun 2024 02:29:02 +0100,
"Brian Conway"  wrote:
> 
> A note on how you got into the original situation without addressing all
> the things you've done since: /dev should only be a few dozen KB in size
> (less than 50). Some time in the past, you likely wrote a significant
> amount of data to a new file in /dev rather than the device you intended.

just an example of such application is logfmon which has cachefile which it
removes and creates, after it was read.

So, if you run it under root with /dev/null as cache file, you'll lose your
/dev/null, and soon it will be quite big.

-- 
wbr, Kirill

libopensmtpd with res_query_async never calls cb

[Kirill A . Korinsky]

misc@,

I dig into issue when callback which is scheduled via res_query_async never
fired inside opensmtpd filter which uses libopensmtpd.

I've tried both res_query_async and getrrsetbyname_async without any
differences on OpenBSD 7.5

The code looks like:

if ((query =
getrrsetbyname_async(domain, C_IN, T_TXT, 0, NULL)) == 
NULL)
osmtpd_err(1, "res_query_async");
if ((sig->query = event_asr_run(query, ar_rr_resolve, sig)) == NULL)
osmtpd_err(1, "event_asr_run");

where ar_rr_resolve is callback which need to be fired, the whole code:
https://github.com/catap/opensmtpd-filter-auth/blob/master/main.c#L863-L881

For one event loop it may setup a few quereis and some domain migth similar.

After spending a lot of time with debug I narrow down to the issue in
event_asr_dispatch which re-schedule event_add, and it never had happened.
Nor timeout, nor inout, nothing. Not always. Sometimes.

Thus, I've rebuild libc with enabled debug to use ASR_DEBUG and here an
output which proves that behaviour.

Anyway, I'm puzzling that to do next.

tcpdump:

14:09:36.760807 127.0.0.1.44226 > 127.0.0.1.53: [bad udp cksum 50fe! -> de34] 
64311+ TXT? 20240125rsa._domainkey.mx.catap.net.(53) (ttl 64, id 35656, len 81, 
bad ip cksum 0! -> f151)
14:09:36.785096 127.0.0.1.53 > 127.0.0.1.44226: 64311$ q: TXT? 
20240125rsa._domainkey.mx.catap.net. 2/0/0 20240125rsa._domainkey.mx.catap.net. 
CNAME[|domain] (ttl 64, id 25945, len 533, bad ip cksum 0! -> 157d)
14:09:36.785283 127.0.0.1.15520 > 127.0.0.1.53: [bad udp cksum 4cfe! -> 6b81] 
2100+ TXT? 20240125rsa.domainkey.catap.net.(49) (ttl 64, id 27815, len 77, bad 
ip cksum 0! -> ff7)
14:09:36.785305 127.0.0.1.53 > 127.0.0.1.15520: 2100$ q: TXT? 
20240125rsa.domainkey.catap.net. 1/0/0 20240125rsa.domainkey.catap.net. 
TXT[|domain] (ttl 64, id 15297, len 493, bad ip cksum 0! -> 3f3d)
14:09:36.863795 127.0.0.1.18298 > 127.0.0.1.53: [bad udp cksum 50fe! -> 4fc4] 
53518+ TXT? 20240125rsa._domainkey.mx.catap.net.(53) (ttl 64, id 23044, len 81, 
bad ip cksum 0! -> 2296)
14:09:36.863838 127.0.0.1.53 > 127.0.0.1.18298: 53518$ q: TXT? 
20240125rsa._domainkey.mx.catap.net. 2/0/0 20240125rsa._domainkey.mx.catap.net. 
CNAME[|domain] (ttl 64, id 51168, len 533, bad ip cksum 0! -> b2f5)
14:09:36.863990 127.0.0.1.36692 > 127.0.0.1.53: [bad udp cksum 4dfe! -> 41fd] 
14366+ TXT? 20240125rsa._domainkey.korins.ky.(50) (ttl 64, id 61731, len 78, 
bad ip cksum 0! -> 8b79)
14:09:36.865962 127.0.0.1.2727 > 127.0.0.1.53: [bad udp cksum 4cfe! -> 94e4] 
55043+ TXT? 20240125rsa.domainkey.catap.net.(49) (ttl 64, id 32069, len 77, bad 
ip cksum 0! -> ff58)
14:09:36.865977 127.0.0.1.53 > 127.0.0.1.2727: 55043$ q: TXT? 
20240125rsa.domainkey.catap.net. 1/0/0 20240125rsa.domainkey.catap.net. 
TXT[|domain] (ttl 64, id 57083, len 493, bad ip cksum 0! -> 9c02)
14:09:36.866528 127.0.0.1.45954 > 127.0.0.1.53: [bad udp cksum 51fe! -> 8452] 
25459+ TXT? 20240125ed25519._domainkey.korins.ky.(54) (ttl 64, id 15424, len 
82, bad ip cksum 0! -> 4059)
14:09:36.896741 127.0.0.1.53 > 127.0.0.1.36692: 14366$ q: TXT? 
20240125rsa._domainkey.korins.ky. 2/0/0 20240125rsa._domainkey.korins.ky. 
CNAME[|domain] (ttl 64, id 1532, len 539, bad ip cksum 0! -> 74d4)
14:09:36.997396 127.0.0.1.53 > 127.0.0.1.45954: 25459$ q: TXT? 
20240125ed25519._domainkey.korins.ky. 2/0/0 
20240125ed25519._domainkey.korins.ky. CNAME[|domain] (ttl 64, id 37600, len 
208, bad ip cksum 0! -> e93a)

asr log:

Jun 14 14:09:36 mx0 smtpd[37708]: auth: using thread-local resolver
Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: checking for update of 
"/etc/resolv.conf"
Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: asr_ctx_ref(ctx=0x22f67302840) 
refcount=1
Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: asr_async_new(ctx=0x22f67302840) 
type=2 refcount=2
Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: asr_ctx_unref(ctx=0x22f67302840) 
refcount=3
Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: asr_run(0x22f672e1460, 
0x72f8081d0ea8) ASR_GETRRSETBYNAME ctx=[0x22f67302840]
Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: 
res_query_async_ctx("20240125rsa._domainkey.mx.catap.net.", 1, 16)
Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: asr_async_new(ctx=0x22f67302840) 
type=0 refcount=2
Jun 14 14:09:36 mx0 smtpd[37708]: auth: - asr_setup_query -
Jun 14 14:09:36 mx0 smtpd[37708]: auth: ;; HEADER id:0x37fbop:0   RD
z:0 ADr:NOERROR qd:1 an:0 ns:0 ar:0
Jun 14 14:09:36 mx0 smtpd[37708]: auth: ;; QUERY SECTION:
Jun 14 14:09:36 mx0 smtpd[37708]: auth: 20240125rsa._domainkey.mx.catap.net.
IN TXT
Jun 14 14:09:36 mx0 smtpd[37708]: auth: --
Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: [ASR_GETRRSETBYNAME@0x22f672e1460] 
ASR_STATE_INIT -> ASR_STATE_SUBQUERY
Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: asr_run(0x22f67310620, 
0x72f8081d0ea8) ASR_SEND ctx=[0x22f67302840]
Jun 14 14:09:36 mx0 smtpd[37708]: auth: asr: [ASR_SEND@0x22f67310620] 
ASR_STATE_INIT -> ASR_STATE_NEXT_NS
Jun 14 14:09:36 

Re: cpu cores

[Kirill A . Korinsky]

Greetings,

On Mon, 10 Jun 2024 13:15:13 +0100,
Riccardo Mottola  wrote:
> 
> This is for workstation use, mixed user and developer. To each its own.
> I bet it ends depending also on cache, memory and specific jobs.
> 

Do not forget about IO, which can be a bottel neck in case of compiling.

Have you tried to run compilation with the same parallerism with and without
HT enabled?

For example build kernel with -j10 which is bigger than number of CPU with
enabled HT on that machine (4 / 8):

without HT:

8m42.07s real27m31.80s user 4m55.68s system

vs with HT:

8m38.82s real50m47.22s user 8m41.53s system


-- 
wbr, Kirill

Re: Share one of machines IP via WireGuard

[Kirill A . Korinsky]

On Sat, 08 Jun 2024 15:56:06 +0100,
Stuart Henderson  wrote:
> 
> I think this should be possible with the standard route table, without
> route-to. Essentially you need:
> 
> 1. your machine to answer arp for the wg ip so other hosts will send
> ethernet packets to it
> 
> 2. your machine to not be configured with the wg ip itself
> 
> 3. route entries such that those packets end up sent out the wg interface
> (you may possibly need a route command with -ifp wg0)
> 

Thanks, after re-reading map page for route I was able to figure it out in
quite simple way, without NAT, routing domain, dedicated MAC which was added
to separate things with hope to make things easy.

So, here the resulted config:

Client:

  rdomain 1
  wgrtable 0
  wgkey ...
  wgpeer ... \
  wgendpoint 1.2.3.4 51820 \
  wgaip 0.0.0.0/0 \
  wgpka 25 \
  wgpsk ...
  inet 1.2.4.5/28
  up
  !route -T 1 add default 1.2.4.1

Server:

  wgkey ...
  wgpeer ... \
  wgaip 1.2.4.5/32 \
  wgpka 25 \
  wgpsk ...
  wgport 51820
  inet 127.255.255.255/32
  up
  !route add -inet 1.2.4.5 -llinfo -link -static -iface \$if

Without inet 127.255.255.255/32 adding a static route fails as:

  add host 1.2.4.5: gateway wg0: Network is unreachable


-- 
wbr, Kirill

Re: Share one of machines IP via WireGuard

[Kirill A . Korinsky]

On Fri, 07 Jun 2024 16:25:48 +0100,
Stuart Henderson  wrote:
>
> I think you'll need proxy ARP then.
>

After a few attempts to make it works, I think I need help.

My setup.

Server: where em0 is uplink with routed 1.2.3.4/24 and 1.2.4.5/24 with
expected gateway 1.2.3.1 and 1.2.4.1, em0 is included into bridge0 and
1.2.3.4/24 is configured as input point at route domain 0.

To make things simpler each IP is associeted with it's own MAC address and
switch expects that 1.2.4.5 with 00:50:56:01:1d:40. So, I have:

  $ cat /etc/hostname.vether1   
   
  lladdr 00:50:56:01:1d:40
  rdomain 2
  up
  !arp -s 1.2.4.5 00:50:56:01:1d:40 pub

  $ cat /etc/hostname.wg0 
  rdomain 2
  wgkey ...
  wgpeer ... \
  wgaip 1.2.4.5/32 \
  wgpka 25
  wgport 51820
  wgrtable 0
  up
  $ 

when I run ping from client to 1.2.4.1 I see traffic on wg0 on the server,
but I can't figure out how to redirect it to vether1 and send to the switch.

I feel that I miss some pice. I see route-to in pf.conf which probably the
missed pice but I can't figure out how to use it.

--
wbr, Kirill

Re: cpu cores

[Kirill A . Korinsky]

On Sat, 08 Jun 2024 11:09:29 +0100,
Omar Polo  wrote:
> 
> On 2024/06/08 10:09:07 +0100, Kirill A. Korinsky  wrote:
> > On Sat, 08 Jun 2024 04:57:49 +0100,
> > Gustavo Rios  wrote:
> > > 
> > > i have installed obsd on my dell notebook 8 cores processor. When i 
> > > execute
> > > the top utility, it is showed the cores, from 0 (cpu0) to 7 (cpu7), but
> > > cpu1 and cpu3 is not listed. What is the problem ?
> > > 
> > 
> > A blind guess: sysctl hw.smt=1 may return your hypertreading cores.
> 
> which is a very bad advice to give.  There's a reason sysctl hw.smt=1
> defaults to that value.  One should rather give a "blind guess" of "your
> hyperthread cores are disabled by default" rather than give a bad advice
> without explanation.

I'll make my advice cleaner, I defently mean that missed cores probably is
disabled becuae it is hyperthreading ones which can be seen as offline in
htop, or enable via sysctl.

Also, I'd like to add that from security point of view SMT in general and
hyperthreading as an example is very bad idea.

Thus, here old but interesting results that enabling hyperthreading has
negative effect on performance of have CPU used applications:
https://web.archive.org/web/20220325090914/http://users.telenet.be/nicvroom/performanceP4.htm

-- 
wbr, Kirill

Re: cpu cores

[Kirill A . Korinsky]

On Sat, 08 Jun 2024 04:57:49 +0100,
Gustavo Rios  wrote:
> 
> i have installed obsd on my dell notebook 8 cores processor. When i execute
> the top utility, it is showed the cores, from 0 (cpu0) to 7 (cpu7), but
> cpu1 and cpu3 is not listed. What is the problem ?
> 

A blind guess: sysctl hw.smt=1 may return your hypertreading cores.

-- 
wbr, Kirill

Re: Open Source / BSD License Copyright infringements

[Kirill A . Korinsky]

On Fri, 07 Jun 2024 12:08:45 +0100,
Florian Obser  wrote:
> 
> On 2024-06-07 12:04 +02, "Peter N. M. Hansteen"  wrote:
> > I tend to summarize along the lines of "BSD licensed means you can do 
> > whatever
> > you damned well please with the code except claim that you wrote it all 
> > yourself"
> 
> And this is why I get very grumpy when things like copilot steal my
> code. I'm already giving it away, but oooh no, that's not enough.
> 

...and things will be quite ugly for users of that technology as soon as it
steals AGPL or patented code.

-- 
wbr, Kirill

Re: Open Source / BSD License Copyright infringements

[Kirill A . Korinsky]

On Fri, 07 Jun 2024 10:48:45 +0100,
Stuart Longland  wrote:
>
> GPL means they have to share changes they make with the person
> "receiving" the binaries (which includes the end user, since they were
> shipped the binaries stored on the boot device in said appliance).  As
> the copyright holder, you can then take people to court if they withhold
> such modified sources, since that's a license violation.
>

I'd like to add that AGPL requires to share the code of netwrok services as
well to anyone who uses it. Yep, via network.

At the end of the day this license if banned in Google:
https://opensource.google/documentation/reference/using/agpl-policy/

--
wbr, Kirill

Re: Share one of machines IP via WireGuard

[Kirill A . Korinsky]

On Fri, 07 Jun 2024 12:36:20 +0100,
Stuart Henderson  wrote:
> 
> Configure the IP address on the wg interface with some subnet of 1.2.4.0/24 
> that
> includes 1.2.4.5, and use wgaip 1.2.4.5/32 (or a larger block if you wish to 
> route
> multiple addresses over wg) for the relevant peer.
> 

Here the catch on which I blocked: I do have only two IPs from two different
network on em0 and it's all.

The switch on ISP side I assume simple routes to my port traffic for both IP
and I strugle on how redirect traffic from wg interface to em, I can't use
bridge and I can't expect that traffic is routed via em's IP.

-- 
wbr, Kirill

Share one of machines IP via WireGuard

[Kirill A . Korinsky]

misc@,

I wonder if it is possible to share an IP associated with a machine through
a WireGuard connection?

Suppose I have a machine that has two IPs on different networks:
 - 1.2.3.4/24 gw 1.2.3.1
 - 1.2.4.5/24 gw 1.2.5.1

I'd like to allow incoming connections via WG to 1.2.3.4 and forward 1.2.4.5
to the WG client.

The best I can do now is create rdomain with wg and vether interfaces, and
use PF nat to vether.

But maybe it is possible to avoid NAT somehow?

-- 
wbr, Kirill

Re: Open Source / BSD License Copyright infringements

[Kirill A . Korinsky]

On Thu, 06 Jun 2024 03:33:53 +0100,
"Peter J. Philipp"  wrote:
> 
> This isn't about Patents, this is about Copyright.  And that's the sole 
> interest of mine, and Lawyers are there for a reason.  It should interest 
> OpenBSD in one form or another since i used the same Copyright and License 
> as them, if the outcome may be that the Copyright does not protect my works 
> and its license then there is no need to retain a license at the top of every 
> source file at all.

I do not understand how you plan to prove that someone infringed on some
part of your code by removing copyrigths from it and selling it.

Especially if the result is binary and the copyrights are comments in the
source code.

> Again, like I said, all I have to go on is hearsay, and I'm looking for a 
> mistake that the entity did indeed change the license and copyright of the 
> original source code.  If they did that mistake, then I got them.  And they 
> will be sued.
> 
> This should also be interesting to the GNU open sourcers because as far as 
> their "Copyleft" is concerned it has come to my attention that Artificial 
> Intelligence has been ripping off their code, stripping their licenses in the 
> process and making the final outcome theirs.  If you're watching the scene, 
> programmers are suing.  And rightfully so.
> 

This door has already been opened, and the most notable case I suppose is
that Linux developers took some code from BSD and put GPL on it:
https://marc.info/?l=linux-wireless=117572345902445=2

Anyway, I have seen more than once when someone puts components under a
different OpenSource license and relicenses them under something else. The
last example that I've seen is bzip3:
https://github.com/kspalaiologos/bzip3?tab=readme-ov-file#licensing

-- 
wbr, Kirill

Re: Open Source / BSD License Copyright infringements

[Kirill A . Korinsky]

On Wed, 05 Jun 2024 06:08:23 +0100,
"Peter J. Philipp"  wrote:
> 
> I have been made aware of hearsay that someone took my open source code
> protected under the same license as OpenBSD and sold it for a lot of money.
> I have no proof of this personally but I ask you to help me find evidence of
> this.  There is not much I can do about this, except if the person or persons
> were stupid enough to change the license to their names.
>

The only way to be protected is to try to make patent for some algorithms,
but it is expensive in terms of fee to support in different countries (for
example Germany fee is close to €2k/year at the end of the table) and
requires a lot of paperwork by quite expensive lawyers.

So in the end you never know the outcome and predicting the decision of the
court is impossible. Ok, the only known outcome of the court is that your
lawyer makes very good money.

-- 
wbr, Kirill

Re: mounting audio cd

[Kirill A . Korinsky]

On Sat, 01 Jun 2024 07:44:10 +0100,
Geoff Steckel  wrote:
> 
> On 5/31/24 15:46, Harald Arnesen wrote:
> > MIZSEI Zoltán [31/05/2024 20.15]:
> > 
> >> Interestingly BeOS and Haiku lets you to mount an audio cd, it
> >> generates a vfs from the toc and shows the tracks as wav or flac
> >> (fixme), it does an automatic conversion behind the courtains if you
> >> copy a file from an audio cd.
> > 
> > Linux also had such a thing in the past - I can't remember the name of
> > the file-system.
> fuse(4) + part of a CD player + A Simple Matter of Programming
> 

Here quite old FUSE project which can be, probably, brings to live
https://github.com/steelcandy2/audiofs

-- 
wbr, Kirill

Re: New filters auth and sign

[Kirill A . Korinsky]

On Sat, 01 Jun 2024 08:45:00 +0100,
"Corey Hickman"  wrote:
> 
> does it have policy server included? for instance, when DKIM fails, the 
> policy can be set up to deny the message.
> 

Right now it ignores DMARC as if it doesn't exist.

Doing a DMARC lookup for domain and inserting it's results into the header
is possible and not a big deal, but it has some issues.

The first is parsing the From header. It is durable, but different MUA may
follow different logic and parser for this can be quite complicated. And
complicated means bugs.

The second is more ideological. DMARC needs something that aggregates the
results and sends out reports. It shouldn't be a filter for smtpd. But a
filter can write it's decision to log, and something should harvest it to
process and create reports that need to be sent. Anyway, forensic reports,
which should be close to real-time and include a lot of things from the
original email, is a much more complicated story.

All this brings up the question of personal data / GDPR and DMARC. I know of
a very good analysis of DMARC and GDPR in the case of German law [1], which
can be summarized as a quote:

  The reports are fundamentally permitted and justified under data
  protection law. However, the principle of proportionality is to be
  complied with at all times.

Based on this analysis, I assume that only aggregated reports can be used
without legal headaches in the EU.

But implementing only a part of DMARC seems as much worse than not
implementing it at all, and implementing it in its entirety requires a lot
of pieces in place, much more than just a filter.

Thus, DMARC was discussed on the OpenBSD mailing lists a few months ago [2].

As a conclusion, I personally use the p=none policy, because I assume that
my mail should be delivered, and To is not the final destination, it's a
kind of starting direction of the mail's way to the recipient.

Footnotes:
[1]  
https://certified-senders.org/wp-content/uploads/2018/08/Report_DMARC_and_GDPR.pdf

[2]  https://marc.info/?l=openbsd-misc=171015367409290=2

-- 
wbr, Kirill

Re: New filters auth and sign

[Kirill A . Korinsky]

On Sat, 01 Jun 2024 00:34:41 +0100,
Kirill A. Korinsky  wrote:
> 
> Greetings,
> 
> I'd like to announce a two new filters for OpenSMTD which better to use
> together: auth and sign.
>

Oops, wrong list. It should be m...@opensmtpd.org.

Sorry for nosy.

-- 
wbr, Kirill

New filters auth and sign

[Kirill A . Korinsky]

Greetings,

I'd like to announce a two new filters for OpenSMTD which better to use
together: auth and sign.

auth is a filter which verify DKMI, ARC and SPF, and iprev. It adds
Authentication-Results header or ARC-Authentication-Results.

sign is a filter which adds DKMI or ARC signature, or ARC seal.

For example, I run configuration:

  filter "auth" proc-exec "filter-auth"
  listen on egress port smtp ... filter { admdscrub, "auth", dnsbl }

  filter sign_ed25519 proc-exec "filter-sign -a ed25519-sha256 -D 
/etc/mail/domains \
 -s 20240125ed25519 -k /etc/mail/dkim/20240125.ed25519.key" user 
_dkimsign group _dkimsign
  filter sign_rsa proc-exec "filter-sign -a rsa-sha256 -D /etc/mail/domains \
 -s 20240125rsa -k /etc/mail/dkim/20240125.rsa.key" user _dkimsign 
group _dkimsign

  filter arc_auth proc-exec "filter-auth -A"
  filter arc_sign proc-exec "filter-sign -A -a rsa-sha256 -d mx.catap.net \
 -s 20240125rsa -k /etc/mail/dkim/20240125.rsa.key" user _dkimsign 
group _dkimsign
  filter arc_seal proc-exec "filter-sign -S -a rsa-sha256 -d mx.catap.net \
 -s 20240125rsa -k /etc/mail/dkim/20240125.rsa.key" user _dkimsign 
group _dkimsign

  filter sign chain { sign_ed25519 sign_rsa arc_auth arc_sign arc_seal }

  listen on egress port submission ... filter sign

Here all incomming messages is autorised by adding Authentication-Results,
and all outcomming messages:
 - signed by two DKMI signature with correct domain (list in /etc/mail/domains)
 - signed by one ARC signature with domain mx.catap.net
 - seal by one ARC seal with domain mx.catap.net

Yeah, it is possible to use different selectors for ARC signature and seal,
but I haven't tested it.

The code is based on Martijn van Duren's filter-dkimsign, filter-dkimverify
and filter-spf, and I also used some pices from spfwalk.c from OpenSMTPD.

Man pages for both filters are updated.

Thus, sign filter is drop-in replacment for filter-dkimsign.

Code available here:
 - https://github.com/catap/opensmtpd-filter-auth
 - https://github.com/catap/opensmtpd-filter-sign

I also attached ports for OpenBSD which I used to run it.

How stable it is? Well, enough to share and ask for feedback. It may
contains bugs, but it should be fine to use.

Produced signature was tested against gmail, yahoo, icloud.com and dkimpy
and it holds. Anyway, outlook.com fails on ARC signature with errors 35 or
47 (what does it mean?) and produced invalid signature as the next in ARC
chain (tested by dkimpy).

Thus, this email were sent via server which uses that filters, so, headers
from this email a good example.

-- 
wbr, Kirill


filters.tgz
Description: Binary data

Re: amd64 bsd.rd for 7.0, 7.1, 7.2

[Kirill A . Korinsky]

On Fri, 31 May 2024 10:02:57 +0100,
"Quentin Carbonneaux"  wrote:
> 
> I want to upgrade an amd64 system running 6.9. Following
> the guide I would like to upgrade to 7.{0,1,2,3,4,5}
> sequentially. However it looks like
> 
> wget https://cdn.openbsd.org/pub/OpenBSD/7.{0,1,2}/amd64/bsd.rd
> 
> returns 404 for all three queries.
> 
> Where can I find the bsd.rd images for these versions?
> 
> Thanks for your help.
> 

Not all mirrors hosts old versions.

For example https://mirror.leaseweb.com/pub/OpenBSD/ from europe has old
versions, but it migth be different from your location.

-- 
wbr, Kirill

Re: How to set number of blocks in fdisk GPT

[Kirill A . Korinsky]

On Thu, 30 May 2024 10:06:11 +0100,
04-psyche.tot...@icloud.com wrote:
> 
> How can I choose the blocks parametres in the command:
> 
> fdisk -gy -b blocks disk
> 
> The man page does not indicate how to make an informed choice. I couldn’t 
> find relevant help on the internet.
> 

As suggested at https://www.openbsd.org/faq/faq14.html you may use 532480.

Which is the minimum size of such partition due to a limitation of FAT32.

Some details can be found here:
https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/configure-uefigpt-based-hard-drive-partitions

-- 
wbr, Kirill

Re: Configure User-Agent is relayd HTTP Check ?

[Kirill A . Korinsky]

On Wed, 29 May 2024 17:19:32 +0100,
Joel Carnat  wrote:
> 
> Thank you! I went for solution 2 but it seems the string is not send
> properly by relayd.
>

It sends as is, so the rigth approach, let me quote the man is:

 check binary send data expect data [tls]
 For each host in the table, a TCP connection is established on
 the port specified, then the send data is converted into binary
 and sent.  Incoming (binary) data is then read and is expected to
 match against a binary conversion of the expect data using
 memcmp(3).  data must be populated with a string containing an
 even number of hexadecimal single-byte characters and must not be
 empty.  This can be useful with binary protocols such as LDAP and
 SNMP.  If the tls keyword is present, the transaction will occur
 in a TLS tunnel.

-- 
wbr, Kirill

Re: Configure User-Agent is relayd HTTP Check ?

[Kirill A . Korinsky]

On Wed, 29 May 2024 12:19:15 +0100,
Joel Carnat  wrote:
> 
> Is there a way to specify a User-Agent value for the check http or shall I 
> rather tell relayd to validate on "code 418"?

here two possible way to overstep it.

1. Use `check script /some/script` which uses curl, wget, ftp or any other
way to make HTTP call which is accepted by that server.

2. Use `check send "HEAD /health HTTP/1.1\r\nHost: host\r\nUser-Agent: 
dummy\r\n\r\n" expect "200 OK HTTP/1.1"`

(I haven't tested it, it may contains typos, but it should make an idea)

-- 
wbr, Kirill

Re: httpd & pixelfed

[Kirill A . Korinsky]

Greetings,

On Wed, 29 May 2024 00:01:07 +0100,
Am Jam  wrote:
> 
> For posterity's sake, my working /etc/httpd.conf is below:
>

Maybe it is worth making a port for pixelfed to allow others to install it
as easily as pkg_add pixelfed with some polish documented in the
description?

-- 
wbr, Kirill

Re: how to fsck automatically at boot

[Kirill A . Korinsky]

On Wed, 22 May 2024 12:53:11 +0100,
Nick Holland  wrote:
> 
> For reasons of multi-hour fsck's on a few systems, I'm looking at
> remounting the problem file systems as "rw" when writing is actually
> needed and "ro" after the writing is complete (IN THIS APPLICATION, this
> is known) to reduce my "at risk of power outage" window a lot, but I
> suspect this will fall deeply within the category of "when I break
> things, I get to keep all the pieces". :)
> 

Do you need atime on that FS? Disable it dramatically reduces chances of
manual interraction with fsck. If you move forward and add sync which slow
down write but allows to get almost zero porbability of fsck interraction.

-- 
wbr, Kirill

Re: how to fsck automatically at boot

[Kirill A . Korinsky]

On Mon, 20 May 2024 14:22:26 +0100,
Mik J  wrote:
> 
> aa929243b0f5.a /var/mylogs ffs rw,nodev,nosuid 1 2

You may add noatime which should decrease probability of issues when an
outage had happened.

Also, you may consider to use sync option which should future decrease
probability of issues on an outage.

-- 
wbr, Kirill

Re: kernel rebuild to debug problem

[Kirill A . Korinsky]

On Sun, 19 May 2024 20:52:56 +0100,
Kapetanakis Giannis  wrote:
> 
> I'm trying to bisect a bug and compile an older kernel from cvs
> 
> cvs checkout -D "2023-01-05" src/sys
> 
> and following https://www.openbsd.org/faq/faq5.html#Options
> + make install
> 
> New kernel compiles and boots but I get:
> 
> # pfctl -f /etc/pf.conf
> pfctl: DIOCADDRULE: Operation not supported by device
> 
> # pfctl -sr
> pfctl: Permission denied
> 
> # pfctl -si | head -1
> Status: Enabled for 0 days 00:05:03  Debug: err
> 
> any ideas about this?
> 

You need to build / use no only old kernel but the whole system.

The simplest way is to use archived version of snapshots from
https://openbsd.cs.toronto.edu/archive/ or another mirror.

-- 
wbr, Kirill

Re: Kernel debugging

[Kirill A . Korinsky]

On Sat, 11 May 2024 21:49:42 +0100,
Daniel Hejduk  wrote:
> 
> Is there any way to build the kernel on Linux preferably Arch Linux?
>

It is theoretically possible, but you need to change Makefiles a lot, and
probably to hack your toolchain.

-- 
wbr, Kirill

Re: Kernel debugging

[Kirill A . Korinsky]

On Sat, 11 May 2024 20:28:08 +0100,
Daniel Hejduk  wrote:
> 
> I want to enable kernel debugging how can I do it?
> 

See: https://man.openbsd.org/options

-- 
wbr, Kirill

Re: Localnet Hacking

[Kirill A . Korinsky]

On Sat, 11 May 2024 03:52:32 +0100,
Lucretia  wrote:
> 
> I have a laptop and am looking to purchase a second computer. Neither of them 
> will be connected to The Internet, but will be networked together.
> 
> My goal is to study networking, starting with some of the most basic commands 
> and routines. This will be purely for educational purposes. I may build upon 
> the network later, perhaps with unconventional devices, but for now I want to 
> focus just on having two Amd64 machines communicating with one another.
>

I wonder why to buy any physical devices if you may run virtual machines?

-- 
wbr, Kirill

Re: webssh does not install

[Kirill A . Korinsky]

On Mon, 06 May 2024 04:14:16 +0100,
Eyüp Hakan Duran  wrote:
> 
>--- stderr
>thread 'main' panicked at cryptography-cffi/build.rs:61:49:
>unable to find openssl include path

Try to run it with env OPENSSL_DIR="/usr" OPENSSL_STATIC=0

-- 
wbr, Kirill

Re: Desktop performance

[Kirill A . Korinsky]

On Sun, 05 May 2024 21:52:11 +0200,
Bodie  wrote:
> 
> openfiles is very questionable, did you measure with fstat(1) how many of
> them do you have when you run Firefox or Chrome or did you have any errors
> in logs regarding exhausting that limit?
>

I run my desktop with default settings (512) and got an issue only once,
when tried to build huge Java project with very complicated maven build
which includes a few custom plugins. Restart of that build helps.

Ok, I know second way to encoutner it. doveadm fetch over archive of mail
which contians a user with hundreds of folders.

-- 
wbr, Kirill

Re: ATB.com

[Kirill A . Korinsky]

On Sun, 05 May 2024 20:49:32 +0200,
Austin Hook  wrote:
> 
> In the past 6 months is has gotten more and more difficult to sign-on 
> to with Firefox and OpenBSD, as they have tried to make their sites more 
> and more bullet proof. 
>

Yeah, an industry to figth bots is qutie popular these days and a lot of
companies tries to use it or make their own, in-house, solution.

The worst things waits us tomorrow, when you can't go to the web site
without using Apple or Google kind of VPN which works only on their devices
and OS.

Until that tomorrow is happened, here alway a hope.

> It seems to go through an amazing number of redirects, and then gets hung 
> up in the process.  Sometimes, tapping different cadences with lots of 
> control-R or control-F5 sequences, I can get through.  It must be a matter 
> of timing.
> 
> I guess it works better with other operating systems and/or browsers.  In 
> fact I do have much better luck with Chromium + OpenBSD although not 
> always.

Have you tried to enable WebAssembly?

I do use chromium with WebAssembly enabled without any issue had openned
https://personal.atb.com/ from Europe, note Canada.

> 
> I'd prefer to use Firefox, so long as it exists semi-independently of 
> monsters like Google.

See www/ungoogled-chromium which is chromium without google.

-- 
wbr, Kirill

Re: Desktop performance

[Kirill A . Korinsky]

On Sat, 04 May 2024 22:32:46 +0200,
Chris Bennett  wrote:
> 
> My luck with web searches is about zero. Even swapping to different
> search engines just gives me crap that's too old or ridiculously wrong.
> 

I have a strong feeling that LLM models adds too much "new" text that makes
the OpenBSD community, which is quite small... how can I put it? Well, it
looks like that search engine like Google or Bing seems this community to be
too small fraction of knowledge which isn't worth to be indexed.

Yes, the indexes include some old sites, but it looks like the mail listings
are ignored, for example.

-- 
wbr, Kirill

Re: obsd wifi

[Kirill A . Korinsky]

On Sat, 04 May 2024 21:39:18 +0200,
Manuel Solis  wrote:
> 
> You could check your interfaces with "ifconfig", then you could see which
> interface you have, the most common are iwm0, iwn0, or something like that,
>

Here the catch: they need a firmware and system needs an internet to get one.

-- 
wbr, Kirill

Re: panic: unix: lock not held

[Kirill A . Korinsky]

On Fri, 03 May 2024 04:29:24 +0200,
Amit Kulkarni  wrote:
> 
> Unable to boot to a prompt. How do I recover by booting an older kernel?
> There is no /obsd to try out.

Keep current /bsd as /obsd in the case of snapshot migth work only if you're
updating quite oftne, otherwise the userland migth not work with old kernel
due to changes in syscalls for example.

-- 
wbr, Kirill

Re: >10W idle power usage on framework laptop 12th gen 13inch

[Kirill A . Korinsky]

On Thu, 02 May 2024 00:33:47 +0200,
"Nathaniel Griswold"  wrote:
> 
> Does apmd keep a running average for the current and voltage or is it based 
> on instantaneous (as close as that can be)?
>

As far as I understand the code it devides hw.sensors.acpibat0.amphour3
(remaining capacity, Ah) by hw.sensors.acpibat0.current0 (rate, A) to
compute life estimation. See acpi.c

-- 
wbr, Kirill

Re: >10W idle power usage on framework laptop 12th gen 13inch

[Kirill A . Korinsky]

On Wed, 01 May 2024 23:58:53 +0200,
"Nathaniel Griswold"  wrote:
> 
> I guess it's a matter of figuring out which drivers or kernel features are 
> saving so much power.
>

From your dmesg:

  iwx0 at pci6 dev 0 function 0 "Intel Wi-Fi 6 AX210" rev 0x1a, msix

if you read the end of man page for iwx you'll see:

  This driver does not support powersave mode.

-- 
wbr, Kirill

Re: >10W idle power usage on framework laptop 12th gen 13inch

[Kirill A . Korinsky]

On Wed, 01 May 2024 23:54:52 +0200,
"Nathaniel Griswold"  wrote:
> 
> Interesting, maybe i'll test on it.
>

I've played with this patch a bit more today, as result I've inlined an
updated version to end of this email.

> > Regarding estimated life time:
> > 
> >   Battery state: high, 66% remaining, 152 minutes life estimate
> >   AC adapter state: not connected
> >   Performance adjustment mode: powersaving (400 MHz)
> > 
> > which is like 2x from usual numbers.
> > 
> 
> This is for idle current usage?
> 
> I tried disabling cores in my bios down to 3 CPUs and did comparisons and i 
> didn't really notice a savings.

Yep, it is.

With a few reboot and restart heavy application like chrome with ton of
tabs, rebuilding whole kernel a few times on battery (!), it running 3 hours
10 minutes, and I've started with ~95% battery, not 100%.

A bit history from logs regarding apmd:

1. Snapshot's kernel:

  Apr 28 13:32:23 matebook apmd: battery status: CRITICAL. external power 
status: not connected. estimated battery life 14% (11 minutes life time 
estimate)

2. Solene's patch:

  May  1 11:52:28 matebook apmd: battery status: CRITICAL. external power 
status: not connected. estimated battery life 14% (14 minutes life time 
estimate)

3. Attached patch:

  Battery state: CRITICAL, 13% remaining, 31 minutes life estimate
  AC adapter state: not connected
  Performance adjustment mode: powersaving (400 MHz)

Thus, the current version quite comfortable to use.

diff --git sys/kern/sched_bsd.c sys/kern/sched_bsd.c
index 25b221c1ee2..c01bb93d94f 100644
--- sys/kern/sched_bsd.c
+++ sys/kern/sched_bsd.c
@@ -65,8 +65,11 @@ void update_loadavg(void *);
 void   schedcpu(void *);
 uint32_t   decay_aftersleep(uint32_t, uint32_t);
 
+extern struct cpuset sched_all_cpus;
 extern struct cpuset sched_idle_cpus;
 
+extern int sched_smt;
+
 /*
  * constants for averages over 1, 5, and 15 minutes when sampling at
  * 5 second intervals.
@@ -573,6 +576,7 @@ void (*cpu_setperf)(int);
 #define PERFPOL_MANUAL 0
 #define PERFPOL_AUTO 1
 #define PERFPOL_HIGH 2
+#define PERFPOL_POWERSAVING 4
 int perflevel = 100;
 int perfpolicy = PERFPOL_AUTO;
 
@@ -583,7 +587,9 @@ int perfpolicy = PERFPOL_AUTO;
 #include 
 
 void setperf_auto(void *);
+void setperf_powersaving(void *);
 struct timeout setperf_to = TIMEOUT_INITIALIZER(setperf_auto, NULL);
+struct timeout setperf_to_powersaving = 
TIMEOUT_INITIALIZER(setperf_powersaving, NULL);
 extern int hw_power;
 
 void
@@ -653,6 +659,101 @@ faster:
timeout_add_msec(_to, 100);
 }
 
+void
+setperf_powersaving(void *v)
+{
+   static uint64_t *idleticks, *totalticks;
+   static int downbeats;
+   int i, j = 0;
+   int speedup = 0;
+   CPU_INFO_ITERATOR cii;
+   struct cpu_info *ci, *firstoffline = NULL, *lastidle = NULL;
+   uint64_t idle, total, allidle = 0, alltotal = 0;
+
+   if (perfpolicy != PERFPOL_POWERSAVING)
+   goto recover;
+
+   if (cpu_setperf == NULL)
+   goto recover;
+
+   if (hw_power)
+   goto recover;
+
+   if (!idleticks)
+   if (!(idleticks = mallocarray(ncpusfound, sizeof(*idleticks),
+   M_DEVBUF, M_NOWAIT | M_ZERO)))
+   return;
+   if (!totalticks)
+   if (!(totalticks = mallocarray(ncpusfound, sizeof(*totalticks),
+   M_DEVBUF, M_NOWAIT | M_ZERO))) {
+   free(idleticks, M_DEVBUF,
+   sizeof(*idleticks) * ncpusfound);
+   return;
+   }
+   CPU_INFO_FOREACH(cii, ci) {
+   if (!cpu_is_online(ci)) {
+   if (!firstoffline && (sched_smt || ci->ci_smt_id == 0))
+   firstoffline = ci;
+   continue;
+   }
+   total = 0;
+   for (i = 0; i < CPUSTATES; i++) {
+   total += ci->ci_schedstate.spc_cp_time[i];
+   }
+   total -= totalticks[j];
+   idle = ci->ci_schedstate.spc_cp_time[CP_IDLE] - idleticks[j];
+   if (idle < total / 3)
+   speedup = 1;
+   alltotal += total;
+   allidle += idle;
+   idleticks[j] += idle;
+   totalticks[j] += total;
+   /* it shoul keep at least one CPU online */
+   if (j++ && cpuset_isset(_idle_cpus, ci))
+   lastidle = ci;
+   }
+   if (allidle < alltotal / 3)
+   speedup = 1;
+   if (speedup)
+   /* twice as long here because we check every 200ms */
+   downbeats = 1;
+
+   if (speedup && perflevel != 100) {
+   perflevel = 100;
+   cpu_setperf(perflevel);
+   } else if (speedup && firstoffline) {
+   
atomic_clearbits_int(>ci_schedstate.spc_schedflags,
+   

Re: >10W idle power usage on framework laptop 12th gen 13inch

[Kirill A . Korinsky]

On Tue, 30 Apr 2024 18:07:50 +0200,
"Nathaniel Griswold"  wrote:
> 
> What could be taking so much power? CPUs are idling.

You may try this patch.

It is extention of powersave mode which disabling / enabling CPUs.

It should degradate to single-core mode, but it may contains bugs :)

Right now I'm writing this email from kernel with this patch, on this
mode. Well. It had boot and seems to work.

Anyway, I not sure that I'll run it for long, it had feeling that idle
system is overload, but I'll try.

Regarding estimated life time:

  Battery state: high, 66% remaining, 152 minutes life estimate
  AC adapter state: not connected
  Performance adjustment mode: powersaving (400 MHz)

which is like 2x from usual numbers.

diff --git sys/kern/sched_bsd.c sys/kern/sched_bsd.c
index 25b221c1ee2..8941675a7f9 100644
--- sys/kern/sched_bsd.c
+++ sys/kern/sched_bsd.c
@@ -65,8 +65,11 @@ void update_loadavg(void *);
 void   schedcpu(void *);
 uint32_t   decay_aftersleep(uint32_t, uint32_t);
 
+extern struct cpuset sched_all_cpus;
 extern struct cpuset sched_idle_cpus;
 
+extern int sched_smt;
+
 /*
  * constants for averages over 1, 5, and 15 minutes when sampling at
  * 5 second intervals.
@@ -573,6 +576,7 @@ void (*cpu_setperf)(int);
 #define PERFPOL_MANUAL 0
 #define PERFPOL_AUTO 1
 #define PERFPOL_HIGH 2
+#define PERFPOL_POWERSAVING 4
 int perflevel = 100;
 int perfpolicy = PERFPOL_AUTO;
 
@@ -583,7 +587,9 @@ int perfpolicy = PERFPOL_AUTO;
 #include 
 
 void setperf_auto(void *);
+void setperf_powersaving(void *);
 struct timeout setperf_to = TIMEOUT_INITIALIZER(setperf_auto, NULL);
+struct timeout setperf_to_powersaving = 
TIMEOUT_INITIALIZER(setperf_powersaving, NULL);
 extern int hw_power;
 
 void
@@ -653,6 +659,77 @@ faster:
timeout_add_msec(_to, 100);
 }
 
+void
+setperf_powersaving(void *v)
+{
+   static uint64_t *idleticks, *totalticks;
+   static int downbeats;
+   int i, j = 0;
+   int speedup = 0;
+   CPU_INFO_ITERATOR cii;
+   struct cpu_info *ci, *firstidle = NULL, *lastonline = NULL;
+   uint64_t idle, total, allidle = 0, alltotal = 0;
+
+   if (perfpolicy != PERFPOL_POWERSAVING)
+   return;
+
+   if (cpu_setperf == NULL)
+   return;
+
+   if (!idleticks)
+   if (!(idleticks = mallocarray(ncpusfound, sizeof(*idleticks),
+   M_DEVBUF, M_NOWAIT | M_ZERO)))
+   return;
+   if (!totalticks)
+   if (!(totalticks = mallocarray(ncpusfound, sizeof(*totalticks),
+   M_DEVBUF, M_NOWAIT | M_ZERO))) {
+   free(idleticks, M_DEVBUF,
+   sizeof(*idleticks) * ncpusfound);
+   return;
+   }
+   CPU_INFO_FOREACH(cii, ci) {
+   if (!cpu_is_online(ci)) {
+   if (!firstidle && (sched_smt || ci->ci_smt_id == 0))
+   firstidle = ci;
+   continue;
+   }
+   total = 0;
+   for (i = 0; i < CPUSTATES; i++) {
+   total += ci->ci_schedstate.spc_cp_time[i];
+   }
+   total -= totalticks[j];
+   idle = ci->ci_schedstate.spc_cp_time[CP_IDLE] - idleticks[j];
+   if (idle < total / 3)
+   speedup = 1;
+   alltotal += total;
+   allidle += idle;
+   idleticks[j] += idle;
+   totalticks[j] += total;
+   if (j++)
+   lastonline = ci;
+   }
+   if (allidle < alltotal / 3)
+   speedup = 1;
+   if (speedup)
+   /* twice as long here because we check every 200ms */
+   downbeats = 1;
+
+   if (speedup && perflevel != 100) {
+   perflevel = 100;
+   cpu_setperf(perflevel);
+   } else if (speedup && firstidle)
+   cpuset_add(_all_cpus, firstidle);
+   else if (!speedup && perflevel != 0 && --downbeats <= 0) {
+   perflevel = 0;
+   cpu_setperf(perflevel);
+   } else if (!speedup && lastonline)
+   cpuset_del(_all_cpus, lastonline);
+
+   /* every 200ms to have a better resolution of the load */
+   timeout_add_msec(_to_powersaving, 200);
+}
+
+
 int
 sysctl_hwsetperf(void *oldp, size_t *oldlenp, void *newp, size_t newlen)
 {
@@ -691,6 +768,9 @@ sysctl_hwperfpolicy(void *oldp, size_t *oldlenp, void 
*newp, size_t newlen)
case PERFPOL_AUTO:
strlcpy(policy, "auto", sizeof(policy));
break;
+   case PERFPOL_POWERSAVING:
+   strlcpy(policy, "powersaving", sizeof(policy));
+   break;
case PERFPOL_HIGH:
strlcpy(policy, "high", sizeof(policy));
break;
@@ -709,6 +789,8 @@ sysctl_hwperfpolicy(void *oldp, size_t *oldlenp, void 
*newp, size_t newlen)
 

Re: >10W idle power usage on framework laptop 12th gen 13inch

[Kirill A . Korinsky]

On Tue, 30 Apr 2024 21:00:25 +0200,
Kirill A. Korinsky  wrote:
> 
> On Tue, 30 Apr 2024 18:36:57 +0200,
> Stuart Henderson  wrote:
> > 
> > https://cneira.github.io/posts/openbsd-save-battery-changes/
> 
> Do you have an idea what had happened with it?
> 

After reading some code I have a conclusion that such hack doesn't required
anymore. At least after [1]. RR works strickly from active CPU, so, no need
to skip idle one.

Have I missed something?

Footnotes:
[1]  
https://github.com/openbsd/src/commit/9ac452c773fe76f659962b5d2542d591385a4b06

-- 
wbr, Kirill

Re: >10W idle power usage on framework laptop 12th gen 13inch

[Kirill A . Korinsky]

On Tue, 30 Apr 2024 18:36:57 +0200,
Stuart Henderson  wrote:
> 
> On 2024-04-30, Nathaniel Griswold  wrote:
> > What could be taking so much power? CPUs are idling.
> 
> some things in this area that people have been looking into:
> 
> https://cneira.github.io/posts/openbsd-save-battery-changes/

Quite interesting patch and approach.

Seems that code were changed and such approach should be re-invented.

Do you have an idea what had happened with it?

-- 
wbr, Kirill

Re: Caddy webserver is not in the ports tree

[Kirill A . Korinsky]

On Tue, 30 Apr 2024 15:30:25 +0200,
"Souji Thenria"  wrote:
> 
> Could you elaborate on your point that Go ports are a pain? I thought a
> port written in Go would probably be easier to maintain
> because no additional libraries are needed to run the program, and
> cross-compilation is relatively easy, too.
> 

Just an example of a go port which creates some issue you may see
docker-compose.

It requires to be patched for some dependencies to fix syscalls, and an
update may requires additional patches.

Also, it is distributed without vendor folder that means it requires
internet access during the build.

So, instead I prepare vendor folder as the second artifact.

-- 
wbr, Kirill

Re: >10W idle power usage on framework laptop 12th gen 13inch

[Kirill A . Korinsky]

On Tue, 30 Apr 2024 15:01:43 +0200,
"Nathaniel Griswold"  wrote:
> 
> My serperf seems to be at a consistent zero in my idle tests which makes
> me think the patch may not help my idle tests much, but may help actual
> usage.
>

In my personal use case it allows to win near 30 minutes of battery
life. As example I've picked two morning when I haven't run anything
heavy like calls in zoom.

Without powersaving:

Apr 27 10:13:42 matebook apmd: system resumed from sleep
Apr 27 10:13:42 matebook apmd: battery status: high. external power status: 
not connected. estimated battery life 100% (1130 minutes life time estimate)
Apr 27 11:27:52 matebook apmd: battery status: low. external power status: 
not connected. estimated battery life 50% (65 minutes life time estimate)
Apr 27 12:24:12 matebook apmd: battery status: CRITICAL. external power 
status: not connected. estimated battery life 15% (20 minutes life time 
estimate)

after 1h 14m I had left 50% of battery, and aftre 2h 11m had 15%.

With powersaving:

Apr 30 11:07:21 matebook apmd: system resumed from sleep
Apr 30 11:07:21 matebook apmd: battery status: high. external power status: 
not connected. estimated battery life 100% (2506 minutes life time estimate)
Apr 30 12:46:12 matebook apmd: battery status: low. external power status: 
not connected. estimated battery life 50% (111 minutes life time estimate)
Apr 30 13:56:00 matebook apmd: battery status: CRITICAL. external power 
status: not connected. estimated battery life 15% (32 minutes life time 
estimate)

after 1h 29m I had left 50% of battery, and after 2h 39m had 15%.

So, this patch allows to run the same machine on the same usage longer with
some performance penalty which seems quite fair.

-- 
wbr, Kirill

Re: fw_update

[Kirill A . Korinsky]

On Tue, 30 Apr 2024 12:35:17 +0200,
fr...@lilo.org wrote:
> 
> How does fw_update install the drivers?

It downloads firmware from http://firmware.openbsd.org/firmware/
and installs it as package in system.

> How does it know which driver is missing on the system?

It checks patterns from /usr/share/misc/firmware_patterns which maps
firmware to a pattern in dmesg.

> All these questions to install the drivers manually (offline)

You may download it by hand and install as fw_update /path/to/firmware.tgz

-- 
wbr, Kirill

Re: >10W idle power usage on framework laptop 12th gen 13inch

[Kirill A . Korinsky]

On Tue, 30 Apr 2024 11:17:35 +0200,
Kirill A. Korinsky  wrote:
> 
> Frankly speaking I never care about watt consumption, but offline time which
> is depend on it is important in my case, so here the recovered patch.
> 

Here a bit updated version which introduced a flag -P in apmd which you may
control via rcctl and enable / disable that feature without rebooting and
recompiling kernel, apmd and apm.

diff --git sys/kern/sched_bsd.c sys/kern/sched_bsd.c
index 25b221c1ee2..b1e5bd142c3 100644
--- sys/kern/sched_bsd.c
+++ sys/kern/sched_bsd.c
@@ -573,6 +573,7 @@ void (*cpu_setperf)(int);
 #define PERFPOL_MANUAL 0
 #define PERFPOL_AUTO 1
 #define PERFPOL_HIGH 2
+#define PERFPOL_POWERSAVING 4
 int perflevel = 100;
 int perfpolicy = PERFPOL_AUTO;
 
@@ -583,7 +584,9 @@ int perfpolicy = PERFPOL_AUTO;
 #include 
 
 void setperf_auto(void *);
+void setperf_powersaving(void *);
 struct timeout setperf_to = TIMEOUT_INITIALIZER(setperf_auto, NULL);
+struct timeout setperf_to_powersaving = 
TIMEOUT_INITIALIZER(setperf_powersaving, NULL);
 extern int hw_power;
 
 void
@@ -653,6 +656,76 @@ faster:
timeout_add_msec(_to, 100);
 }
 
+void
+setperf_powersaving(void *v)
+{
+   static uint64_t *idleticks, *totalticks;
+   static int downbeats;
+   int i, j = 0;
+   int speedup = 0;
+   CPU_INFO_ITERATOR cii;
+   struct cpu_info *ci;
+   uint64_t idle, total, allidle = 0, alltotal = 0;
+
+   if (perfpolicy != PERFPOL_POWERSAVING)
+   return;
+
+   if (cpu_setperf == NULL)
+   return;
+
+   if (hw_power) {
+   speedup = 1;
+   goto faster;
+   }
+
+   if (!idleticks)
+   if (!(idleticks = mallocarray(ncpusfound, sizeof(*idleticks),
+   M_DEVBUF, M_NOWAIT | M_ZERO)))
+   return;
+   if (!totalticks)
+   if (!(totalticks = mallocarray(ncpusfound, sizeof(*totalticks),
+   M_DEVBUF, M_NOWAIT | M_ZERO))) {
+   free(idleticks, M_DEVBUF,
+   sizeof(*idleticks) * ncpusfound);
+   return;
+   }
+   CPU_INFO_FOREACH(cii, ci) {
+   if (!cpu_is_online(ci))
+   continue;
+   total = 0;
+   for (i = 0; i < CPUSTATES; i++) {
+   total += ci->ci_schedstate.spc_cp_time[i];
+   }
+   total -= totalticks[j];
+   idle = ci->ci_schedstate.spc_cp_time[CP_IDLE] - idleticks[j];
+   if (idle < total / 3)
+   speedup = 1;
+   alltotal += total;
+   allidle += idle;
+   idleticks[j] += idle;
+   totalticks[j] += total;
+   j++;
+   }
+   if (allidle < alltotal / 3)
+   speedup = 1;
+   if (speedup)
+   /* twice as long here because we check every 200ms */
+   downbeats = 1;
+
+   if (speedup && perflevel != 100) {
+faster:
+   perflevel = 100;
+   cpu_setperf(perflevel);
+   } else if (!speedup && perflevel != 0 && --downbeats <= 0) {
+   perflevel = 0;
+   cpu_setperf(perflevel);
+   }
+
+   /* every 200ms to have a better resolution of the load */
+   timeout_add_msec(_to_powersaving, 200);
+}
+
+
 int
 sysctl_hwsetperf(void *oldp, size_t *oldlenp, void *newp, size_t newlen)
 {
@@ -691,6 +764,9 @@ sysctl_hwperfpolicy(void *oldp, size_t *oldlenp, void 
*newp, size_t newlen)
case PERFPOL_AUTO:
strlcpy(policy, "auto", sizeof(policy));
break;
+   case PERFPOL_POWERSAVING:
+   strlcpy(policy, "powersaving", sizeof(policy));
+   break;
case PERFPOL_HIGH:
strlcpy(policy, "high", sizeof(policy));
break;
@@ -709,6 +785,8 @@ sysctl_hwperfpolicy(void *oldp, size_t *oldlenp, void 
*newp, size_t newlen)
perfpolicy = PERFPOL_MANUAL;
else if (strcmp(policy, "auto") == 0)
perfpolicy = PERFPOL_AUTO;
+   else if (strcmp(policy, "powersaving") == 0)
+   perfpolicy = PERFPOL_POWERSAVING;
else if (strcmp(policy, "high") == 0)
perfpolicy = PERFPOL_HIGH;
else
@@ -716,6 +794,8 @@ sysctl_hwperfpolicy(void *oldp, size_t *oldlenp, void 
*newp, size_t newlen)
 
if (perfpolicy == PERFPOL_AUTO) {
timeout_add_msec(_to, 200);
+   } else if (perfpolicy == PERFPOL_POWERSAVING) {
+   timeout_add_msec(_to_powersaving, 200);
} else if (perfpolicy == PERFPOL_HIGH) {
perflevel = 100;
cpu_setperf(perflevel);
diff --git usr.sbin/apmd/apm-proto.h usr.sbin/apmd/apm-proto.h
index 867d0afbd70..166618e996f 100644
--- usr.sbin/apmd/apm-p

Re: >10W idle power usage on framework laptop 12th gen 13inch

[Kirill A . Korinsky]

On Tue, 30 Apr 2024 05:31:21 +0200,
"Nathaniel Griswold"  wrote:
>
> > I had near the same question sometime ago but on different machine, and I've
> > discovered a patch which I've inlinded into this email.
> >
>
> Hm, ok, i'll try it. Do you have any insight into whether obsdfreqd has
> similar power saving to this patch? It seems to set the perf similarly. I
> wasn't having much luck with obsdfreqd as far as wattage, however...
>

Well, I haven't tried it but I've read documentation [1] and it seems a bit
differently, isn't it?

On idle this laptop has on 400 MHz, and provided patch decrease
responsibility of system when it runs on battery, but allows to win some
time on it. Like additionall half an hour or a bit more.

Frankly speaking I never care about watt consumption, but offline time which
is depend on it is important in my case, so here the recovered patch.

Footnotes:
[1]  https://git.sr.ht/~solene/obsdfreqd

--
wbr, Kirill

Re: >10W idle power usage on framework laptop 12th gen 13inch

[Kirill A . Korinsky]

Greetings,

On Sun, 28 Apr 2024 18:53:09 +0200,
"Nathaniel Griswold"  wrote:
> 
> Any ideas if it's remediable or where to start digging?
> 

I had near the same question sometime ago but on different machine, and I've
discovered a patch which I've inlinded into this email.

My laptop on last snapshot has consumption:

  hw.sensors.acpibat0.volt1=11.14 VDC (current voltage)
  hw.sensors.acpibat0.current0=0.97 A (rate)

and after this patch:

  hw.sensors.acpibat0.volt1=11.14 VDC (current voltage)
  hw.sensors.acpibat0.current0=0.52 A (rate)

anyway, it has a price tag: response of the system is a bit slower.

So, the Alternate cpu policy on battery patch.

Original author of this patch is Solene which she announced at
https://marc.info/?l=openbsd-tech=163259444331471=2

She also made benchmarks and some explanation:
https://dataswamp.org/%7Esolene/2021-09-26-openbsd-power-usage.html

Here the version which follows minor changes.

It requires to rebuild kernel, apm and apmd.

diff --git sys/kern/sched_bsd.c sys/kern/sched_bsd.c
index 25b221c1ee2..b1e5bd142c3 100644
--- sys/kern/sched_bsd.c
+++ sys/kern/sched_bsd.c
@@ -573,6 +573,7 @@ void (*cpu_setperf)(int);
 #define PERFPOL_MANUAL 0
 #define PERFPOL_AUTO 1
 #define PERFPOL_HIGH 2
+#define PERFPOL_POWERSAVING 4
 int perflevel = 100;
 int perfpolicy = PERFPOL_AUTO;
 
@@ -583,7 +584,9 @@ int perfpolicy = PERFPOL_AUTO;
 #include 
 
 void setperf_auto(void *);
+void setperf_powersaving(void *);
 struct timeout setperf_to = TIMEOUT_INITIALIZER(setperf_auto, NULL);
+struct timeout setperf_to_powersaving = 
TIMEOUT_INITIALIZER(setperf_powersaving, NULL);
 extern int hw_power;
 
 void
@@ -653,6 +656,76 @@ faster:
timeout_add_msec(_to, 100);
 }
 
+void
+setperf_powersaving(void *v)
+{
+   static uint64_t *idleticks, *totalticks;
+   static int downbeats;
+   int i, j = 0;
+   int speedup = 0;
+   CPU_INFO_ITERATOR cii;
+   struct cpu_info *ci;
+   uint64_t idle, total, allidle = 0, alltotal = 0;
+
+   if (perfpolicy != PERFPOL_POWERSAVING)
+   return;
+
+   if (cpu_setperf == NULL)
+   return;
+
+   if (hw_power) {
+   speedup = 1;
+   goto faster;
+   }
+
+   if (!idleticks)
+   if (!(idleticks = mallocarray(ncpusfound, sizeof(*idleticks),
+   M_DEVBUF, M_NOWAIT | M_ZERO)))
+   return;
+   if (!totalticks)
+   if (!(totalticks = mallocarray(ncpusfound, sizeof(*totalticks),
+   M_DEVBUF, M_NOWAIT | M_ZERO))) {
+   free(idleticks, M_DEVBUF,
+   sizeof(*idleticks) * ncpusfound);
+   return;
+   }
+   CPU_INFO_FOREACH(cii, ci) {
+   if (!cpu_is_online(ci))
+   continue;
+   total = 0;
+   for (i = 0; i < CPUSTATES; i++) {
+   total += ci->ci_schedstate.spc_cp_time[i];
+   }
+   total -= totalticks[j];
+   idle = ci->ci_schedstate.spc_cp_time[CP_IDLE] - idleticks[j];
+   if (idle < total / 3)
+   speedup = 1;
+   alltotal += total;
+   allidle += idle;
+   idleticks[j] += idle;
+   totalticks[j] += total;
+   j++;
+   }
+   if (allidle < alltotal / 3)
+   speedup = 1;
+   if (speedup)
+   /* twice as long here because we check every 200ms */
+   downbeats = 1;
+
+   if (speedup && perflevel != 100) {
+faster:
+   perflevel = 100;
+   cpu_setperf(perflevel);
+   } else if (!speedup && perflevel != 0 && --downbeats <= 0) {
+   perflevel = 0;
+   cpu_setperf(perflevel);
+   }
+
+   /* every 200ms to have a better resolution of the load */
+   timeout_add_msec(_to_powersaving, 200);
+}
+
+
 int
 sysctl_hwsetperf(void *oldp, size_t *oldlenp, void *newp, size_t newlen)
 {
@@ -691,6 +764,9 @@ sysctl_hwperfpolicy(void *oldp, size_t *oldlenp, void 
*newp, size_t newlen)
case PERFPOL_AUTO:
strlcpy(policy, "auto", sizeof(policy));
break;
+   case PERFPOL_POWERSAVING:
+   strlcpy(policy, "powersaving", sizeof(policy));
+   break;
case PERFPOL_HIGH:
strlcpy(policy, "high", sizeof(policy));
break;
@@ -709,6 +785,8 @@ sysctl_hwperfpolicy(void *oldp, size_t *oldlenp, void 
*newp, size_t newlen)
perfpolicy = PERFPOL_MANUAL;
else if (strcmp(policy, "auto") == 0)
perfpolicy = PERFPOL_AUTO;
+   else if (strcmp(policy, "powersaving") == 0)
+   perfpolicy = PERFPOL_POWERSAVING;
else if (strcmp(policy, "high") == 0)
perfpolicy = PERFPOL_HIGH;
else
@@ -716,6 +794,8 @@ sysctl_hwperfpolicy(void *oldp, size_t *oldlenp, 

Re: OpenSMTP lmtp without unix users

[Kirill A . Korinsky]

Greetings,

On Sat, 27 Apr 2024 17:31:24 +0200,
"Nicolas Goy"  wrote:
> 
> How can I make it work with a single vmail unix user? Without losing the
> catchall?
> 

I do have a bit more complicated setup.

smtpd.conf:

   table local-emails   file:/etc/mail/local-emails
   table aliasesfile:/etc/mail/aliases
   table domainsfile:/etc/mail/domains
   table credentialspasswd:/etc/mail/credentials

   ...

   listen on egress inet4 port smtp tls pki mx.catap.net \
  filter { admdscrub, "auth", dnsbl }

   action deliver_lmtp lmtp "/var/dovecot/lmtp" rcpt-to virtual 
   match from any for domain  \
 ! rcpt-to  action deliver_lmtp


so tables:

1. local-emails is a list of email which can be reached only inside mail
server. For example I like to have nice email for printer, but I don't like
when it start to recieve spam :)

2. credentials is shared with dovecot and has format:

  :::extra_fields

thus, usually I use short version:

  :::

where password is hash which I get via smtpctl encryp.

3. domains is just a list of supported domains. I don't really need it here,
but keep it because it is re-used inside DKIM signature generator.

4. alisases, it is usual alliases plus each user from credentials should
have record like:

  u...@email.com: vmail

to redirect his email to dovecot. No record here means user may send email
(auth on mail server) but never get anything back. And mail server says that
user do not exists which can be an issue for some servers.

-- 
wbr, Kirill

Re: mongo shell on openBSD

[Kirill A . Korinsky]

On Mon, 22 Apr 2024 17:40:22 +0200,
Luca Leone wrote:
> 
> I successfully installed the mongodb-4.4.2 package on the server which run 
> openBSD 7.4. It's the db of a node js app.
> Locally on my Mac, I interact with the local mongo db through the mongo 
> shell. I'd like to do the same on the server with the installed mongo db BUT 
> there's no "mongo shell" package and I could not find any doc explaining how 
> to install the mongo shell on openBSD. Is there a way? Or is there an 
> alternative way to interact directly with the db?
> 

Base on doc [1] you're looking for binary with name mongo which is part of
port mongodb version 44 [2]. So, I assume that if you install mongodb,
you'll have that you're looking for.

Footnotes:
[1]  https://www.mongodb.com/docs/v4.4/mongo/

[2]  https://github.com/openbsd/ports/blob/master/databases/mongodb/44/pkg/PLIST

-- 
wbr, Kirill

Re: syntax error in httpd.conf file

[Kirill A . Korinsky]

On Fri, 19 Apr 2024 13:30:47 +0200,
Luca Leone wrote:
> 
> I'll keep working on it, but after a couple of days spent on this stuff I'm 
> starting to think that maybe to serve my node app there should be an easier 
> way than openbsd ;)
>

I guess you mean someting like that?

  table  { 127.0.0.1 }

  http protocol https {
  match request header append "X-Forwarded-For" value "$REMOTE_ADDR"

  tls keypair birbi.biz:443
  pass request forward to 
  }

  relay https {
  listen on egress port https tls
  protocol https

  forward to  port 3000
  }

-- 
wbr, Kirill

Re: Migrate to different FS layout of OpenBSD

[Kirill A . Korinsky]

On Sun, 07 Apr 2024 12:02:05 +0200,
Stuart Henderson wrote:
> 
> softraid doesn't allow creating a 'degraded mirror' i.e. a single drive
> that you can later add another drive to make a RAID1. You would need at
> least one spare drive to do what you want.
> 

Thanks, that is a kind of inside which I've been looking for.

-- 
wbr, Kirill

Re: Migrate to different FS layout of OpenBSD

[Kirill A . Korinsky]

On Sat, 06 Apr 2024 23:14:39 +0200,
Peter Hessler wrote:
> 
> RAID0 is called that because zero is what you'll recover if you lose a
> disk.  This is amazingly dangerous, and you're going to have a bad time.
> 
> Do a backup, then restore from backup.
> 

I was totally misslead. I mean that I have RAID1 which is know as mirror.

To be clear: here a two identical servers where I'd like to change FS
layout, and before I go to reinstall everything, I can try this approach.

-- 
wbr, Kirill

Migrate to different FS layout of OpenBSD

[Kirill A . Korinsky]

Folks,

I'm looking for a way to migrate to different layout some OpenBSD systems.

All of them has RAID0 and as far as I think I may something like this:

1. Remove second disk from RAID.
2. Build a new RAID0 on the second disk.
3. Make desires layout on the second RAID.
4. dump | restore
5. Boot from the second RAID.
6. Add the first disk to the second RAID.

I have re-read https://www.openbsd.org/faq/faq14.html a few times and I
feel that this is quite risky.

So, questions:
1. Has anyone done something like this before?
2. Do you have any instruction or that to expect?

Thanks in advance.

-- 
wbr, Kirill

Re: Bash instead of ksh

[Kirill A . Korinsky]

On Mon, 01 Apr 2024 18:24:06 +0200,
Karel Lucas wrote:
> 
> Instead of ksh I want to use bash as a general shell. But how can I set
> it up that way? Bash is already installed.
> 

https://man.openbsd.org/chsh

-- 
wbr, Kirill

Re: Today's snapshot brokes some Qt app?

[Kirill A . Korinsky]

On Mon, 01 Apr 2024 04:03:11 +0200,
Lucas de Sena wrote:
> 
> Telegram-desktop (net/tdesktop) also crashed here after a package update.
> 
> I then noticed it was caused by linking issues with the qt6 libraries.
> Deleting and adding net/tdesktop simply solved that.
> 
> That should not be a problem tho.  Applications are normally reinstalled
> after the library is updated (or does that only happen when a major
> version of the library is installed?).

I'd like to confirm that reinstall of tdesktop helps.

Also, when I run an upgrade of packgages, I saw that wireshark was updated
after update of qt that may explains why did it work.

-- 
wbr, Kirill

Today's snapshot brokes some Qt app?

[Kirill A . Korinsky]

Folks,

I just run: pkg_add -D snap -u

After that I've discovered that some Qt apps are crashing with errors like:

  Cannot add multiple registrations for QtQuick
  Abort trap (core dumped) 

for example telegram-desktop crashes but wireshark doesn't.

-- 
wbr, Kirill

Touchpad stuck on click

[Kirill A . Korinsky]

Folks,

I have encountered a wired issue with touchpad: it stay in status similar to
pushed left button. I can move it, but I can't select anything.

If I make rigth click, it may clicks, or may ignore it.

I have no idea how to dig it, but it appears after move from 7.4 to
snapshot, and it's here for couple of weeks.

Hardware: Huawei Matebook X 2020

  ~ $ doas wsconsctl mouse
  mouse.type=touchpad
  mouse.rawmode=0
  mouse.scale=0,3643,0,2000,0,31,31
  mouse.reverse_scrolling=1
  mouse.tp.tapping=1,3,2
  mouse.tp.mtbuttons=1
  mouse.tp.scaling=0.221
  mouse.tp.swapsides=0
  mouse.tp.disable=0
  mouse.tp.edges=0.0,5.0,10.0,5.0
  ~ $ 

Rigth now it was reproduced on snapshot without any additional patches.

If you have any idea how to dig future, I'll appriciete that.

Thanks.

-- 
wbr, Kirill

Re: Camera or mic works on video calls, but not both

[Kirill A . Korinsky]

On Sun, 24 Mar 2024 02:45:16 +0100,
Sadeep Madurange wrote:
> 
> Then I tried Zoom on firefox (doesn't work with chromium at all). I can
> both see and hear the other party. They can hear me, but can't see my
> video. I see a warning on my end saying that it couldn't detect my
> camera.

As far as I recall zoom requries WebAssembly to work which is disabled by
default at chromiun. You may enable it by starting chromium with environment
variable ENABLE_WASM=1.

Keep in mind that you should close all it's processes, and not just run
command like `env ENABLE_WASM=1 chromium` because it uses IPC to open a new
window / frame from current process, if it exists. 

-- 
wbr, Kirill

Re: Fwd: Disk encryption cipher

[Kirill A . Korinsky]

On Wed, 06 Mar 2024 10:40:31 +0100,
Daniele B. wrote:
> 
> Initially I blacklisted his ip. Then, understood the music, I started to find 
> its approaching intriguing.. ;D
> 

I wonder how did you blacklist someone by IP who sents his emails into
maillist? By parsing all Received headers to find some bad IP? Or?

-- 
wbr, Kirill

Re: how to external encrypted drive that supports OpenBSD and FreeBSD?

[Kirill A . Korinsky]

On Fri, 01 Mar 2024 18:08:39 +0100,
beecdadd...@danwin1210.de wrote:
> 
> that will do! is just backup! thank you very much

If you need only backup... why not use restic?

> what if it wasn't read-only and was active partition with writing?
> 

See https://www.openbsd.org/faq/faq14.html#softraid as anoter way.

-- 
wbr, Kirill

Re: mirror.bytemark.co.uk appears to have removed all OpenBSD content?

[Kirill A . Korinsky]

On Tue, 27 Feb 2024 14:59:32 +0100,
Kenneth Gober wrote:
> 
> Slightly off topic, but does anyone know of any archives that have
> packages for 3.0, 3.1, 3.2, and/or 3.3?  Especially 3.0 -- the only
> site I've ever found with 3.0 packages may have been incomplete.
>

https://mirror.leaseweb.com/pub/OpenBSD

whcih also has rsync mirror BTW

-- 
wbr, Kirill

Re: YubiKey blocked by pcscd(8)

[Kirill A . Korinsky]

On Tue, 27 Feb 2024 15:05:08 +0100,
Lévai, Dániel wrote:
> 
> Hi all,
> 
> I was wondering if it's possible to use a YubiKey 5 a bit more conveniently 
> if trying to use more than one of its features.
>

I use it for:
 - GnuPG signature and as SSH key;
 - a TOTP generator

See:

  ~ $ doas rcctl check pcscd  
  pcscd(ok)
  ~ $ ykman list

  WARNING: No OTP HID backend available. OTP protocols will not function.
  ERROR: Unable to list devices for connection
  YubiKey 5C Nano (5.1.0) [CCID] Serial: XXX
  ~ $ ykman oath accounts list | wc -l
  WARNING: No OTP HID backend available. OTP protocols will not function.
72
  ~ $

-- 
wbr, Kirill

Re: Automatic OS updates

[Kirill A . Korinsky]

On Wed, 21 Feb 2024 21:11:05 +0100,
Stuart Henderson wrote:
> 
> If you're using sysupgrade -s, you also want -Dsnap in pkg_add.
> 

After double check in man it seems not nessesary, let me quote:

 %c  Expands to the string "snapshots" when running a -current or -beta
 kernel, or if the command line option -D snap | -D snapshot is
 specified.  Otherwise, %c expands to %v, which selects a release
 version.

-- 
wbr, Kirill

Re: Automatic OS updates

[Kirill A . Korinsky]

On Wed, 21 Feb 2024 18:05:56 +0100,
b...@fea.st wrote:
> 
> FWIW if you guys want to yell at me for spreading bad ideas,
> I've posted how to do automatic updates here:
> 
> https://openbsd.pages.dev/auto-updates/
> 
> I'm both trying out the Hugo package and like, documenting
> how I've set things up in case I have to reinstall.
> 
> Time moves fast and I'm damn impressed by how smooth the
> BSD experience is.
> 

I suggest to add that regression may occure during an upgrade.

And personally, bug fixing a nigth upgrade is not something that I
prefer to do with morning coffee.

-- 
wbr, Kirill

Re: Block HTTP requests from non-browser clients

[Kirill A . Korinsky]

On Wed, 21 Feb 2024 14:57:29 +0100,
Sadeep Madurange wrote:
> 
> Is there a way to block non-browser clients from accessing a website
> (e.g., scraping attempts by bots or even software like Selenium that
> might programmatically control a browser), preferrably before the
> requests reach the webserver?
> 
> I'm wondering if there's a to do that with, for example, pf to block
> such requests completely rather than responding with a 403.
> 

Here the whole industry which is called Bot Managment which solves that
issue via analyzing request, offers to some edge cases captcha and so
on.

A trivial bot can be catch by regex against User-Agent, or via rate
limit. But more sophisticated ones need a lot of tools, which may
include things like crossing user agent with TLS-level extentions inside
Hello packet, checks against lists of blacklisted IPs and so on.

As far as I know the best public availabe list of "bad IP" is
https://www.blocklist.de/ which isn't full but allows to ban
automatically something. Thus, you may use spamd-setup in blocking mode
to fill pf rules via cron.

-- 
wbr, Kirill

Re: certbot in cron - best way?

[Kirill A . Korinsky]

Greetings,

On Tue, 20 Feb 2024 16:43:27 +0100,
m...@phosphorus.com.br wrote:
> 
> Which setup are you using to automatically update certs with certbot, in
> cron, and keeping /etc/httpd.conf updated accordingly?
> 

I use records in /etc/acme-client.conf like:

  authority letsencrypt {
  api url "https://acme-v02.api.letsencrypt.org/directory;
  account key "/etc/acme/letsencrypt-privkey.crt"
  }

  domain mx1.catap.net {
  alternative names { mx.catap.net }
  domain key "/etc/ssl/private/mx1.catap.net.key"
  domain full chain certificate "/etc/ssl/mx1.catap.net.crt"
  sign with letsencrypt
  }

which is very similar to an example with one notable exception: I use
path which complaint with relayd pki settings, and also keep full chain.

The certificates is updated on two possible way.

When a machine is dedicated for a single service and it has only one
certificate I keep inside /etc/daily.local

  acme-client $(hostname) && /usr/sbin/rcctl restart relayd smtpd dovecot

which restart relayed daemons when certificate is updated.

Or machine which is used as web hosting with multiple domain, here I use
relayd to terminate SSL and update is via /etc/daily.local as:

  SSL_UPDATED=0
  for domain in $(awk '/^domain/ { print $2 }' /etc/acme-client.conf)
  do
  acme-client $domain && SSL_UPDATED=1
  done

  if [ $SSL_UPDATED -ne 0 ]; then
  rcctl restart relayd
  fi

-- 
wbr, Kirill

Re: Ignore some USB devices

[Kirill A . Korinsky]

On Tue, 20 Feb 2024 00:21:30 +0100,
Stuart Henderson wrote:
>
> No - ugen acts as a fallback. If a USB device is claimed by another driver,
> ugen won't get a chance to attach to it.
>
> There is a common mechanism to recognise devices by vid/pid for special
> handling - sometimes to prevent attaching - sometimes for other adaptations
> which are needed. If you're interested, see sys/dev/usb/usb_quirks.c and look
> at how UQ_BAD_HID is used to knock out devices which would normally be
> claimed by uhid(4); you could use something similar to prevent e.g. uaudio
> from attaching to a certain device. However, it would require compiling
> the kernel to configure it.
>

Thanks, this is that I'm looking for.

I hope that I can do it without rebuilding the kernel, but after reading
some code around I see that adding a global flag to ignore some USB
devices makes code quite frigile. Or should be duplicated a lot.

--
wbr, Kirill

Re: Ignore some USB devices

[Kirill A . Korinsky]

On Mon, 19 Feb 2024 23:09:35 +0100,
Stuart Henderson wrote:
> 
> > I read that as it is impossible to blacklist a device, right?
> 
> Only by running a kernel where the driver's attach routine has been
> modified to skip attaching the device e.g. if it matches certain
> vendor/device id. OpenBSD doesn't have any other way to detach a USB
> driver from a device.
> 

As an alternative solution, is it possible to enforce ugen to specific
device by vendor and product IDs?

I've tried:

  $ doas config -e -o /bsd.new /bsd
  ukc> find ugen
  309 ugen* at uhub*|uhub* port -1 configuration -1 interface -1 vendor -1 
product -1 release -1 flags 0x0
  ukc> find uaudio
  303 uaudio* at uhub*|uhub* port -1 configuration -1 interface -1 vendor -1 
product -1 release -1 flags 0x0
  ukc> add ugen
  Device not complete number or * is missing
  ukc> add ugen*
  Clone Device (DevNo, 'q' or '?') ? 309
  Insert before Device (DevNo, 'q' or '?') ? 303
  303 ugen* at uhub*|uhub* port -1 configuration -1 interface -1 vendor -1 
product -1 release -1 flags 0x0
  ukc> change 303
  303 ugen* at uhub*|uhub* port -1 configuration -1 interface -1 vendor -1 
product -1 release -1 flags 0x0
  change [n] y
  port [-1] ?
  configuration [-1] ?
  interface [-1] ?
  vendor [-1] ? 0x041e
  product [-1] ? 0x3130
  release [-1] ?
  flags [0] ?
  303 ugen* changed
  303 ugen* at uhub*|uhub* port -1 configuration -1 interface -1 vendor 0x41e 
product 0x3130 release -1 flags 0x0
  ukc> find ugen*
  303 ugen* at uhub*|uhub* disable port -1 configuration -1 interface -1 vendor 
0x41e product 0x3130 release -1 flags 0x0
  310 ugen* at uhub*|uhub* port -1 configuration -1 interface -1 vendor -1 
product -1 release -1 flags 0x0
  ukc> quit
  Saving modified kernel.

with no luck.

-- 
wbr, Kirill

Re: Ignore some USB devices

[Kirill A . Korinsky]

On Mon, 19 Feb 2024 22:43:45 +0100,
Jan Stary wrote:
> 
> On Feb 19 22:33:53, kir...@korins.ky wrote:
> > 
> > I use the rsnd/1 or rsnd/2 to listen music via wireless headphones,
> 
> Why do you have two of those?
>

Because it depends on the order of attaching devices.

> > and rsnd/0 with wired headset to make video calls.
> > 
> > I never use display's audio and it creates only issue for me.
> 
> To be clear: even when you connect the display,
> presumably because you want to use it as a display
> (and maybe even its camera), you want the sound
> to stay at whatever snd device you are using;
> in particular, you don't want sndio to switch
> to the new snd device provided by the newly plugged
> display's uaudio.
> 
> Is there a setting in the display
> that would completely disable its audio?
>

No, this display hasn't got any settigns which I'm aware of.

See: LG UltraFine 5K

> > Let take two use cases:
> > 1. Listen some music when laptop is connected to the display on wireless
> >headphones by attaching USB dongle;
> > 2. Connect laptop to the display when listen some music on wireless
> >headphones via USB dongle.
> > 
> > The first one leads to rsnd/2 as desired device, and the second one to
> > rsnd/1 as desired device.
> > 
> > As side effect of (2) music might be redirect to the display which has
> > quite hight default level of volume.
> > 
> > So, right now to attach laptop to the screen and do not wake famly up at
> > the night I should:
> >  - pause the music;
> >  - deattach USB dongle;
> >  - connect laptop to the screen;
> >  - attach USB dongle;
> >  - and finaly resume music.
> 
> You could also detach-and-reattach the headphones dongle
> *after* you attach the display.
>

Yeah, it still to many things to do :(

> You could also send a dmesg showing all of those devies.
> 

attched

-- 
wbr, Kirill
OpenBSD 7.5-beta (GENERIC.MP) #39: Mon Feb 19 12:28:22 CET 2024

ca...@matebook.sa31-home.catap.net:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 16890646528 (16108MB)
avail mem = 16357588992 (15599MB)
random: good seed from bootblocks
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 3.2 @ 0x8e2c2000 (32 entries)
bios0: vendor HUAWEI version "1.10" date 01/12/2023
bios0: HUAWEI EUL-WX9
efi0 at bios0: UEFI 2.7
efi0: XX rev 0x10010
acpi0 at bios0: ACPI 5.1
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP UEFI SSDT SSDT SSDT SSDT SSDT TPM2 SSDT MSDM LPIT WSMT 
SSDT DBGP DBG2 SSDT NHLT HPET APIC MCFG SSDT SSDT DMAR FPDT BGRT
acpi0: wakeup devices XHC_(S3) XDCI(S4) HDAS(S4) RP01(S4) PXSX(S4) RP02(S4) 
PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) RP06(S4) 
PXSX(S4) RP07(S4) [...]
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpihpet0 at acpi0: 2399 Hz
acpimadt0 at acpi0 addr 0xfee0: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Core(TM) i5-10210U CPU @ 1.60GHz, 3292.33 MHz, 06-8e-0c, patch 
00f8
cpu0: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,IBRS_ALL,SKIP_L1DFL,MDS_NO,MISC_PKG_CT,ENERGY_FILT,FB_CLEAR,RRSBA,GDS_CTRL,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu0: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 
4-way L2 cache, 6MB 64b/line 12-way L3 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 10 var ranges, 88 fixed ranges
cpu0: apic clock running at 24MHz
cpu0: mwait min=64, max=64, C-substates=0.2.1.2.4.1.1.1, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Core(TM) i5-10210U CPU @ 1.60GHz, 3292.33 MHz, 06-8e-0c, patch 
00f8
cpu1: 
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,SDBG,FMA3,CX16,xTPR,PDCM,PCID,SSE4.1,SSE4.2,x2APIC,MOVBE,POPCNT,DEADLINE,AES,XSAVE,AVX,F16C,RDRAND,NXE,PAGE1GB,RDTSCP,LONG,LAHF,ABM,3DNOWP,PERF,ITSC,FSGSBASE,TSC_ADJUST,SGX,BMI1,AVX2,SMEP,BMI2,ERMS,INVPCID,MPX,RDSEED,ADX,SMAP,CLFLUSHOPT,PT,SRBDS_CTRL,MD_CLEAR,IBRS,IBPB,STIBP,L1DF,SSBD,SENSOR,ARAT,IBRS_ALL,SKIP_L1DFL,MDS_NO,MISC_PKG_CT,ENERGY_FILT,FB_CLEAR,RRSBA,GDS_CTRL,XSAVEOPT,XSAVEC,XGETBV1,XSAVES
cpu1: 32KB 64b/line 8-way D-cache, 32KB 64b/line 8-way I-cache, 256KB 64b/line 
4-way L2 cache, 6MB 64b/line 12-way L3 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Core(TM) i5-10210U CPU @ 1.60GHz, 3189.24 MHz, 06-8e-0c, patch 
00f8
cpu2: 

Re: Ignore some USB devices

[Kirill A . Korinsky]

On Mon, 19 Feb 2024 22:32:18 +0100,
Jan Stary wrote:
> 
> So get some normal headphones that plug into the laptop
> (without creating a new device)
> and simply connect the display when you want,
> or don't connect it when you don't.
> 

I read that as it is impossible to blacklist a device, right?

-- 
wbr, Kirill

Re: Ignore some USB devices

[Kirill A . Korinsky]

On Mon, 19 Feb 2024 22:15:40 +0100,
Jan Stary wrote:
> 
> On Feb 19 22:08:40, kir...@korins.ky wrote:
> > On Mon, 19 Feb 2024 21:58:51 +0100,
> > Thomas L. wrote:
> > > 
> > > you can select which audio device is used with -f/-F flags to sndiod
> > > (details in man-page) in /etc/rc.conf.local. maybe that helps?
> > 
> > thanks, but I right now I do have:
> > 
> >   ~ $ rcctl get sndiod flags
> >   -f rsnd/0 -F rsnd/1 -F rsnd/2
> 
> Do you actualy want to switch between the three?
> What are the three audio devices you want to use, and why?

I use the rsnd/1 or rsnd/2 to listen music via wireless headphones,
and rsnd/0 with wired headset to make video calls.

I never use display's audio and it creates only issue for me.

>
> > that works almost fine, but requires to deattach USB dongle
> 
> What USB dongle?

Creative BT-W5

> 
> > before I connect laptop to the display.
> > If I forgot to do it, the display's audio will be rsnd/2 with priority.
> 
> What is the rsnd/2 you _want_?
> How does _detaching_ anything before the display attaches help that?
> 

Right now I do have 3 audio devices:
 - embeded inside laptop;
 - embeded inside display;
 - USB dongle to connect to bluetooth headphones.

The first one is always rsdn/0; and the next two depends on the order of
connection.

Let take two use cases:
1. Listen some music when laptop is connected to the display on wireless
   headphones by attaching USB dongle;
2. Connect laptop to the display when listen some music on wireless
   headphones via USB dongle.

The first one leads to rsnd/2 as desired device, and the second one to
rsnd/1 as desired device.

As side effect of (2) music might be redirect to the display which has
quite hight default level of volume.

So, right now to attach laptop to the screen and do not wake famly up at
the night I should:
 - pause the music;
 - deattach USB dongle;
 - connect laptop to the screen;
 - attach USB dongle;
 - and finaly resume music.

If I find the way to blacklist display's audio device, this can be as
simple as connect laptop to the display.

-- 
wbr, Kirill

Re: Ignore some USB devices

[Kirill A . Korinsky]

On Mon, 19 Feb 2024 21:58:51 +0100,
Thomas L. wrote:
> 
> you can select which audio device is used with -f/-F flags to sndiod
> (details in man-page) in /etc/rc.conf.local. maybe that helps?

thanks, but I right now I do have:

  ~ $ rcctl get sndiod flags
  -f rsnd/0 -F rsnd/1 -F rsnd/2
  ~ $

that works almost fine, but requires to deattach USB dongle before I
connect laptop to the display.

If I forgot to do it, the display's audio will be rsnd/2 with priority.


-- 
wbr, Kirill

Re: Ignore some USB devices

[Kirill A . Korinsky]

On Mon, 19 Feb 2024 20:34:10 +0100,
Nowarez Market wrote:
> 
> After all your list of *american gigs* missed only that OS.
> Just do a switch to Windows and you solved. Maybe...
> 

Well, I doubt that this display works well on Windows.

The first OS which supports it was macOS, but support of this display
isn't stable and if attach and deattach it often, the macOS may hang out
on some iteration :)

-- 
wbr, Kirill

Re: Ignore some USB devices

[Kirill A . Korinsky]

On Mon, 19 Feb 2024 20:10:46 +0100,
Nowarez Market wrote:
> 
> >Feb 19, 2024 19:46:21 Kirill A. Korinsky :
> >
> >I can't disable uaudio because I use it, and I can't uplug (physically)
> >the LG's Audio because it is integrated into the display which I'm
> >using.
> 
> Curious, what is the connection between your display audio that comes
> watched so magically by your station ?
> 
> Sorry for my investigation..but sometimes seems falks just miss Windows
> left click to unplug stuff..
> 

This is USB-C display and I connect my laptop to it via single USB-C
port.

This connection attach the display, the AC addpater, the USB hub, and
integrated video and audio.

If I can do not connect it, I won't ask about how to ban some devices.

-- 
wbr, Kirill

Re: Ignore some USB devices

[Kirill A . Korinsky]

On Mon, 19 Feb 2024 19:09:16 +0100,
deich...@placebonol.com wrote:
>
> You can enter the kernel on boot and disable device drivers,
> boot-config(8) .

I do have two USB audio device:

  ~ $ usbdevs  -v
  Controller /dev/usb0:
  ...
  addr 07: 043e:9a66 LG Electronics Inc., LG UltraFine Display Audio
   high speed, self powered, config 1, rev 0.03
   driver: uaudio0
  ...
  addr 13: 041e:3130 Creative, Creative BT-W5
   full speed, self powered, config 1, rev 10.00, iSerial 
D97E0B7F86B95AC32000
   driver: uhidev10
   driver: uhidev11
   driver: uaudio1
  ~ $ 

both of them is managed by uaudio. How can I dissable the first one,
without disabling the second one?

I can't disable uaudio because I use it, and I can't uplug (physically)
the LG's Audio because it is integrated into the display which I'm
using.

Ideally I'm looking for a syntax like:

  disable uaudio vendor 0x043e product 0x9a66

--
wbr, Kirill

Re: Ignore some USB devices

[Kirill A . Korinsky]

On Mon, 19 Feb 2024 17:10:27 +0100,
Nowarez Market wrote:
> 
> You should be able to do it by the /etc/bsd.re-config file, you can start 
> from here:
> 
> http://man.openbsd.org/bsd.re-config
> 
> Please be very careful.
> 
> (It needs two reboots to apply any change)
> 

I feel consfused: isn't it a way to exclude some module?

If yes, it isn't that I'm looking.

For example, I'm using USB audio, but I'd like to ban USB audio which is
included into my display, but not ban the module because if I do so, I
won't able to use USB audio dingle which I use to connect to wireless
headphones.

Right now I have:

  ~ $ usbdevs  
  Controller /dev/usb0:
  addr 01: 8086: Intel, xHCI root hub
  addr 02: 1050:0404 Yubico, YubiKey CCID
  addr 03: 13d3:56f2 Azurewave, USB camera
  addr 04: 8087:0026 Intel, Bluetooth
  addr 05: 043e:9a61 LG Electronics Inc., USB2.1 Hub
  addr 06: 043e:9a73 LG USA, product 0x9a73
  addr 07: 043e:9a66 LG Electronics Inc., LG UltraFine Display Audio
  addr 08: 043e:9a68 LG Electronlcs Inc., LG UltraFine Display Camera
  addr 09: 05ac:0265 Apple Inc., Magic Trackpad
  addr 10: 05ac:026c Apple Inc., Magic Keyboard with Numeric Keypad
  addr 11: 043e:9a70 LG Electronics Inc., LG UltraFine Display Controls
  addr 12: 0a12:4010 Cambridge Silicon Radio, product 0x4010
  addr 13: 041e:3130 Creative, Creative BT-W5
  ~ $

and I would like somehow to disable

  addr 07: 043e:9a66 LG Electronics Inc., LG UltraFine Display Audio
  addr 08: 043e:9a68 LG Electronlcs Inc., LG UltraFine Display Camera

but keeping

  addr 03: 13d3:56f2 Azurewave, USB camera
  addr 13: 041e:3130 Creative, Creative BT-W5

I've tried to play with config -e /bsd but the best that I can figure
out is how to disable uaudio, and not only one, specific, device.

-- 
wbr, Kirill

Ignore some USB devices

[Kirill A . Korinsky]

Folks,

I run OpenBSD and some times connect an external display which contains
integraded web cam, microphone and speakers.

Web-cam doesn't work, but both microphone and speakers work.

Is it possible to ignore it somehow?

Ideally I'm for a black list of usb divecs base on some id.

Thanks.

-- 
wbr, Kirill

Re: sysupgrade fails firmware fetch

[Kirill A . Korinsky]

On Sun, 18 Feb 2024 10:57:27 +0100,
Stuart Henderson wrote:
> 
> It's not too bad as long as the person building firmware tgz gets a
> heads-up before the version number is updated.
> 

Specially that right now it still can be run as:

  env VERSION=74 fw_update -p http://firmware.openbsd.org/firmware/snapshots

I do not say that is good, but it isn't a disaster.

Special for guys who runs on development snapshots.

-- 
wbr, Kirill

Re: sysupgrade fails firmware fetch

[Kirill A . Korinsky]

On Sat, 17 Feb 2024 22:27:52 +0100,
Sonic wrote:
> 
> Seems it's looking for a 7.5 directory (-current apparently just moved
> to 7.5-beta) instead of the snapshot directory.
> 

And using snapshot directory fails because wrong signature:

  ~ $ doas fw_update -p http://firmware.openbsd.org/firmware/snapshots 
  fw_update: failed.
  signify: verification failed: checked against wrong key
  Signature check of SHA256.sig failed
  ~ $ 

-- 
wbr, Kirill

Re: Improve support of Go

[Kirill A . Korinsky]

On Thu, 15 Feb 2024 15:09:01 +0100,
Joel Sing wrote:
>
> The operating system specific parts of the Go syscall package are effectively
> deprecated/frozen (and have been for nearly 10 years, hence not being 
> updated):
>
>   https://pkg.go.dev/syscall
>
>   
> https://go.googlesource.com/proposal/+/refs/heads/master/design/freeze-syscall.md
>
> On the other hand, golang.org/x/sys/unix is maintained and updated
> semi-regularly:
>
>   https://pkg.go.dev/golang.org/x/sys/unix
>
> With the exception of the OpenBSD syscall numbers:
>
>   
> https://cs.opensource.google/go/x/sys/+/master:unix/zsysnum_openbsd_amd64.go;l=8
>

Anyway, some systems are rebuild qutie often. For example Solaris [1] or FreeBSD
[2]. And current state of syscall numbers for OpenBSD misses a lot [3].

Here my point: it is deprected, but still in use for some large applications
like Docker, and we have two options here: (1) update it / fix it in Go, (2)
patch each application by replacing Syscall.EBADMSG for example [4]. From my
point of view move by (1) seems the simpler way which allows to reduce number of
hacks / patches in ports.

Footnotes:
[1]  
https://github.com/golang/go/commit/ea14b633627f467a2e35eb7f67df6f3ed60469c0

[2]  https://go-review.googlesource.com/c/go/+/563835

[3]  https://github.com/catap/go/commit/c9cb73913d79e490f167ff1c0a651d69c700f02a

[4]  https://github.com/search?q=repo%3Aopenbsd%2Fports%20EBADMSG=code

--
wbr, Kirill

Re: Improve support of Go

[Kirill A . Korinsky]

On Tue, 13 Feb 2024 13:10:44 +0100,
Janne Johansson wrote:
> 
> I can run them on mips64 for you at least.
> 

I'll appriciete this. After that I only need
 - arm
 - arm64
 - ppc64
 - riscv64

Can you run something like this?

  doas pkg_add bash git go
  git clone -b opebsd-syscalls https://github.com/catap/go.git
  cd go/src
  ulimit -S -d $(ulimit -H -d)
  env CGO_ENABLED=1 CC=cc CXX=c++ ./make.bash
  cd syscall
  env GOOS=openbsd GOARCH=%ARCH% CC=cc CXX=c++ PATH=$(pwd)/../../bin:$PATH 
./mkall.sh
  git diff > /tmp/go-mips64.diff

and send me back /tmp/go-mips64.diff?

But it requires some time to bootstrap go and everything. Inside full
virtulization for i386 it works near an hour on not that fast host.

I assume that on real mips64 it might be something like this.

-- 
wbr, Kirill

Improve support of Go

[Kirill A . Korinsky]

Good day,

I'm updating go's syscall table to modern OpenBSD (7.4).

For some architectures it was updated more than decade ago, and a lot of things
had changed.

To do it I need to run commands like:

  cd src
  ulimit -S -d $(ulimit -H -d)
  env CGO_ENABLED=1 CC=cc CXX=c++ ./make.bash
  cd syscall
  env GOOS=openbsd GOARCH=%ARCH% CC=cc CXX=c++ PATH=$(pwd)/../../bin:$PATH 
./mkall.sh

where %ARCH% is one of go's architecutres:
 - 386
 - amd64
 - arm
 - arm64
 - mips64
 - ppc64
 - riscv64

The part with amd64 and 386 was quite easy. But the next parts... well..

I stuck with attempt to install OpenBSD into qemu. I can't figure out how to
boot an installer :(

To move forward I need some help.

The first way if someone can share the way to boot / install OpenBSD into qemu.

And an alternative and simpler way I guess, if someone can grand me shell to
that machine or run commands above on OpenBSD with installed go inside source
tree from this branch: https://github.com/catap/go/tree/opebsd-syscalls

Thanks.

--
wbr, Kirill

Re: Run VM with 16G or more?

[Kirill A. Korinsky]

And one more noticed bug in vmd regarding memory.

If I changed memory in /etc/vm.conf for running machine, run rcctl reload vmd,
and restart VM... It has no effect.

The VM should be shutdown before reload.

--
wbr, Kirill

Re: Run VM with 16G or more?

[Kirill A. Korinsky]

> On 2. Jan 2024, at 19:58, Kirill A. Korinsky  wrote:
> 
> Anyway, right now it fails as:
> 
>> vmctl: start vm command failed: Invalid argument
> 
> and if I revert may changes (to 10G for example) at cat /etc/login.conf.d/vmd 
> from:
>> vmd:\
>>  :datasize=100G:\
>>  :tc=daemon:
> 
> 
> it's failed as (which is expected):
>> vmctl: start vm command failed: Cannot allocate memory
> 
> 

Forgotten log for the error "Invalid argument" that says nothing I assume

> Jan  2 20:14:07 island vmd: vmd: config_setvm: vm 3 restarted after 11.346817 
> seconds, limit 0/3
> Jan  2 20:14:07 island vmd: vmd: vm_opentty: vm podman tty /dev/ttyp2 uid 
> 1000 gid 4 mode 620
> Jan  2 20:14:07 island vmd: vmm: vm_register: registering vm 3
> Jan  2 20:14:07 island vmd: vmm: vm_remove: vmm vmm_start_vm removing vm 3 
> from running config
> Jan  2 20:14:07 island vmd: vmm: vm_stop: vmm vmm_start_vm stopping vm 3
> Jan  2 20:14:07 island vmd: vmd: podman: failed to start vm
> Jan  2 20:14:07 island vmd: vmd: vm_stop: vmd vmd_dispatch_vmm stopping vm 3
> Jan  2 20:14:07 island vmd: vmm: vmm_sighdlr: handling signal 20


--
wbr, Kirill

Re: Run VM with 16G or more?

[Kirill A. Korinsky]

> On 2. Jan 2024, at 20:13, Mischa  wrote:
> 
> On 2024-01-02 19:58, Kirill A. Korinsky wrote:
>>> On 2. Jan 2024, at 19:17, Dave Voutila  wrote:
>>>> vmd: failed to start vm podman
>>>> vmd: vm_stop: vmd config_setvm stopping vm 3
>>>> This machine runs 4 more VM and this one (huge) should be 5th.
>>> Try this:
>>> # cd /dev && sh MAKEDEV tap4
>>> By default I believe on amd64 we create tap[0-3]. You might need to
>>> define additional special files to represent 4+ taps.
>> I really think that this should be documented at 
>> https://www.openbsd.org/faq/faq16.html 
>> <https://www.openbsd.org/faq/faq16.html>
> 
> It's in man vm.conf, to an extend:
> 
> CAVEATS
> Each guest requires one tap(4) device per assigned interface and one
> pty(4) device.  Administrators may need to create additional devices
> using MAKEDEV(8).

ok, I agree that this is documented.  But not original issue with memory.

--
wbr, Kirill

Re: Run VM with 16G or more?

[Kirill A. Korinsky]

> On 2. Jan 2024, at 19:17, Dave Voutila  wrote:
> 
>> vmd: failed to start vm podman
>> vmd: vm_stop: vmd config_setvm stopping vm 3
>> 
>> This machine runs 4 more VM and this one (huge) should be 5th.
> 
> Try this:
> 
> # cd /dev && sh MAKEDEV tap4
> 
> By default I believe on amd64 we create tap[0-3]. You might need to
> define additional special files to represent 4+ taps.

I really think that this should be documented at 
https://www.openbsd.org/faq/faq16.html 

Anyway, right now it fails as:

> vmctl: start vm command failed: Invalid argument

and if I revert may changes (to 10G for example) at cat /etc/login.conf.d/vmd 
from:
> vmd:\
>   :datasize=100G:\
>   :tc=daemon:


it's failed as (which is expected):
> vmctl: start vm command failed: Cannot allocate memory


--
wbr, Kirill

Re: Run VM with 16G or more?

[Kirill A. Korinsky]

> On 2. Jan 2024, at 18:41, Dave Voutila  wrote:
> "Kirill A. Korinsky"  writes:

>> vmctl -v start... doesn't help a bit
> 
> How much physicaly memory does the host machine have? We currently don't
> allow oversubscribing memory with vmm/vmd. If the host only has 16GB
> that could be the cause.

hw.physmem=137257779200
hw.usermem=133537726464

and machine is used only for run VMs.

> If that's not the case, can you run vmd in debug mode and get the log
> output?

Sure, I run /usr/sbin/vmd -vvv -d and the error is:

vmd: config_setvm: vm 3 restarted after 9.757221 seconds, limit 0/3
vmd: config_setvm: can't open tap tap
vmd: failed to start vm podman
vmd: vm_stop: vmd config_setvm stopping vm 3

This machine runs 4 more VM and this one (huge) should be 5th.

--
wbr, Kirill