Re: OBSD 4.7 and Via C7 motherboards problem
Hi, thanks for the answer! On Sat, 14.08.2010 at 09:45:30 +, Stuart Henderson s...@spacehopper.org wrote: If they are indeed different bios versions (you can probably tell from the dmesg lines that you do see, as the BIOS version is printed quite early), and you can get something that can run flashrom booted on them, you can extract bios from a working one and flash it to a non-working one... (double-check they are the same motherboard though). I have no way to check for the same motherboard, except by disasembling the device and trusting any printed information that might or might not be there. But it's worth a try. My supplier is already looking into this issue of possible BIOS uppgrades. On 2010-08-13, Toni Mueller openbsd-m...@oeko.net wrote: Having said that, what is the current common wisdom for reliable small CPE boxes that are reliable enough to be safely upgraded remotely, and will be safe to upgrade for several upcoming releases? Alix? X7SLA? Depends totally what you're looking for... I'm looking for a low-power box that can handle up to some 15-20 MBit/s of IPSEC traffic with ease, has two or more nics, and not much else. I'd prefer to have 1 gig of RAM, though. Low power means that I really want to stay below 30 watts, but preferably come close to 10 watts. The current machines with C7, 1 gig of RAM and notebook drive suck some 22 watts. Kind regards, --Toni++
Re: OBSD 4.7 and Via C7 motherboards problem
2010/8/16 Toni Mueller openbsd-m...@oeko.net: I'm looking for a low-power box that can handle up to some 15-20 MBit/s of IPSEC traffic with ease, has two or more nics, and not much else. I'd prefer to have 1 gig of RAM, though. Try the Lanner LEC 2026: http://www.sphinxcomputer.com/Lanner-Electronics-Inc-/Lanner-LEC-2026/p2734.h tml Haven't tried it yet, and it may be too expensive for you (ca. 400 netto). Best Martin
Re: OBSD 4.7 and Via C7 motherboards problem
On 2010-08-13, Toni Mueller openbsd-m...@oeko.net wrote: Hi Stuart, thanks for the idea. On Thu, 12.08.2010 at 12:09:02 +, Stuart Henderson s...@spacehopper.org wrote: Guessing based on very little information, but they probably have different BIOSes. Unfortunately, as I just hear, the manufacturer dropped support for these machines. My supplier also only learnt it when he asked the manufacturer for a new BIOS version. If they are indeed different bios versions (you can probably tell from the dmesg lines that you do see, as the BIOS version is printed quite early), and you can get something that can run flashrom booted on them, you can extract bios from a working one and flash it to a non-working one... (double-check they are the same motherboard though). Flashrom can work on OpenBSD but you'll need a patch to pciutils to use it, or it may be easier to boot some other os. Having said that, what is the current common wisdom for reliable small CPE boxes that are reliable enough to be safely upgraded remotely, and will be safe to upgrade for several upcoming releases? Alix? X7SLA? Depends totally what you're looking for...
Re: OBSD 4.7 and Via C7 motherboards problem
Hi Stuart, thanks for the idea. On Thu, 12.08.2010 at 12:09:02 +, Stuart Henderson s...@spacehopper.org wrote: Guessing based on very little information, but they probably have different BIOSes. Unfortunately, as I just hear, the manufacturer dropped support for these machines. My supplier also only learnt it when he asked the manufacturer for a new BIOS version. Having said that, what is the current common wisdom for reliable small CPE boxes that are reliable enough to be safely upgraded remotely, and will be safe to upgrade for several upcoming releases? Kind regards, --Toni++
Re: OBSD 4.7 and Via C7 motherboards problem
Hi, On Sun, 01.08.2010 at 13:49:07 -0700, Peter Merritt pwmerr...@weirdwater.org wrote: I have a firewall that has been running several versions of OpenBSD successfully, the last being 4.6. After installing 4.7, I could not get the firewall to pass any traffic from the lan side. I'm experiencing a very similar problem. My machines have trouble running 4.7. No matter what I tried, I arrive at memory address conflict 0xfb 0x100 or similar - it scrolls by too fast before the screen goes blank, and I can only make the machine responsive again by hitting the power button. The miracle is: On some machines, there is absolutely no problem, but on others, everything breaks. The machines themselves should be all of exactly the same make, although different batches of it. On the machines where the problem occurs, it even occurs with the bsd.rd kernel. :/ Below you find a dmesg of one of the working machines (naturally, since I couldn't get one out of the broken ones). Kind regards, --Toni++ OpenBSD 4.7 (GENERIC) #1: Sun May 30 16:44:59 CEST 2010 r...@w3.oeko.net:/usr/S/src.47/sys/arch/i386/compile/GENERIC cpu0: VIA Eden Processor 1200MHz (CentaurHauls 686-class) 1.20 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,SSE3,EST,TM2,xTPR real mem = 1005940736 (959MB) avail mem = 965959680 (921MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 10/15/08, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.5 @ 0xfc0c0 (47 entries) bios0: vendor American Megatrends Inc. version 080014 date 10/15/2008 acpi0 at bios0: rev 0 acpi0: tables DSDT FACP APIC MCFG OEMB HPET SSDT acpi0: wakeup devices PS2K(S3) PS2M(S3) USB1(S3) USB2(S3) USB3(S3) LAN1(S4) PCI1(S4) PCI2(S4) PCI3(S4) SLPB(S4) PWRB(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: RNG AES AES-CTR SHA1 SHA256 RSA cpu0: apic clock running at 99MHz ioapic0 at mainbus0: apid 1 pa 0xfec0, version 3, 24 pins acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (P0P1) acpiprt2 at acpi0: bus 2 (P0P2) acpicpu0 at acpi0: PSS acpibtn0 at acpi0: SLPB acpibtn1 at acpi0: PWRB bios0: ROM list: 0xc/0xe600 0xce800/0x1000 0xcf800/0x1000 0xd0800/0x1000 0xe7000/0x800! cpu0: Enhanced SpeedStep 1198 MHz: speeds: 1200, 400 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 VIA CX700 Host rev 0x10 viaagp0 at pchb0: v3 agp0 at viaagp0: aperture at 0xf000, size 0x1000 pchb1 at pci0 dev 0 function 1 VIA CX700 Host rev 0x00 pchb2 at pci0 dev 0 function 2 VIA CX700 Host rev 0x00 pchb3 at pci0 dev 0 function 3 VIA CX700 Host rev 0x00 pchb4 at pci0 dev 0 function 4 VIA CX700 Host rev 0x00 pchb5 at pci0 dev 0 function 7 VIA CX700 Host rev 0x00 ppb0 at pci0 dev 1 function 0 VIA VT8377 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 VIA S3 UniChrome Pro II IGP rev 0x03 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) rl0 at pci0 dev 8 function 0 Realtek 8139 rev 0x10: apic 1 int 16 (irq 10), address 44:4d:50:03:0e:d6 rlphy0 at rl0 phy 0: RTL internal PHY rl1 at pci0 dev 11 function 0 Realtek 8139 rev 0x10: apic 1 int 19 (irq 11), address 44:4d:50:32:08:19 rlphy1 at rl1 phy 0: RTL internal PHY pciide0 at pci0 dev 15 function 0 VIA CX700 IDE rev 0x00: ATA133, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 disabled (no drives) wd0 at pciide0 channel 1 drive 0: WDC WD800BEVE-00A0HT0 wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 5 uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x90: apic 1 int 20 (irq 10) ehci0 at pci0 dev 16 function 4 VIA VT6202 USB rev 0x90: apic 1 int 23 (irq 11) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 VIA EHCI root hub rev 2.00/1.00 addr 1 viapm0 at pci0 dev 17 function 0 VIA CX700 ISA rev 0x00 iic0 at viapm0 pchb6 at pci0 dev 17 function 7 VIA VX700 Host rev 0x00 ppb1 at pci0 dev 19 function 0 VIA CX700 Host rev 0x00 pci2 at ppb1 bus 2 azalia0 at pci2 dev 1 function 0 VIA HD Audio rev 0x10: apic 1 int 17 (irq 5) azalia0: codecs: VIA/0x1708 audio0 at azalia0 usb1 at uhci0: USB revision 1.0 uhub1 at usb1 VIA UHCI root hub rev 1.00/1.00 addr 1 isa0 at mainbus0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 wbsio0 at isa0 port 0x4e/2: W83697HF rev 0x12 wbsio0 port 0xa60/2 not configured npx0 at isa0 port 0xf0/16: reported by CPUID; using exception 16 mtrr: Pentium Pro MTRR support vscsi0 at root scsibus0 at vscsi0: 256 targets softraid0 at root root on wd0a swap on wd0b dump on wd0b
Re: OBSD 4.7 and Via C7 motherboards problem
Guessing based on very little information, but they probably have different BIOSes. On 2010-08-12, Toni Mueller openbsd-m...@oeko.net wrote: Hi, On Sun, 01.08.2010 at 13:49:07 -0700, Peter Merritt pwmerr...@weirdwater.org wrote: I have a firewall that has been running several versions of OpenBSD successfully, the last being 4.6. After installing 4.7, I could not get the firewall to pass any traffic from the lan side. I'm experiencing a very similar problem. My machines have trouble running 4.7. No matter what I tried, I arrive at memory address conflict 0xfb 0x100 or similar - it scrolls by too fast before the screen goes blank, and I can only make the machine responsive again by hitting the power button. The miracle is: On some machines, there is absolutely no problem, but on others, everything breaks. The machines themselves should be all of exactly the same make, although different batches of it. On the machines where the problem occurs, it even occurs with the bsd.rd kernel. :/ Below you find a dmesg of one of the working machines (naturally, since I couldn't get one out of the broken ones). Kind regards, --Toni++ OpenBSD 4.7 (GENERIC) #1: Sun May 30 16:44:59 CEST 2010 r...@w3.oeko.net:/usr/S/src.47/sys/arch/i386/compile/GENERIC cpu0: VIA Eden Processor 1200MHz (CentaurHauls 686-class) 1.20 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,SSE3,EST,TM2,xTPR real mem = 1005940736 (959MB) avail mem = 965959680 (921MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 10/15/08, BIOS32 rev. 0 @ 0xf0010, SMBIOS rev. 2.5 @ 0xfc0c0 (47 entries) bios0: vendor American Megatrends Inc. version 080014 date 10/15/2008 acpi0 at bios0: rev 0 acpi0: tables DSDT FACP APIC MCFG OEMB HPET SSDT acpi0: wakeup devices PS2K(S3) PS2M(S3) USB1(S3) USB2(S3) USB3(S3) LAN1(S4) PCI1(S4) PCI2(S4) PCI3(S4) SLPB(S4) PWRB(S3) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: RNG AES AES-CTR SHA1 SHA256 RSA cpu0: apic clock running at 99MHz ioapic0 at mainbus0: apid 1 pa 0xfec0, version 3, 24 pins acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 1 (P0P1) acpiprt2 at acpi0: bus 2 (P0P2) acpicpu0 at acpi0: PSS acpibtn0 at acpi0: SLPB acpibtn1 at acpi0: PWRB bios0: ROM list: 0xc/0xe600 0xce800/0x1000 0xcf800/0x1000 0xd0800/0x1000 0xe7000/0x800! cpu0: Enhanced SpeedStep 1198 MHz: speeds: 1200, 400 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 VIA CX700 Host rev 0x10 viaagp0 at pchb0: v3 agp0 at viaagp0: aperture at 0xf000, size 0x1000 pchb1 at pci0 dev 0 function 1 VIA CX700 Host rev 0x00 pchb2 at pci0 dev 0 function 2 VIA CX700 Host rev 0x00 pchb3 at pci0 dev 0 function 3 VIA CX700 Host rev 0x00 pchb4 at pci0 dev 0 function 4 VIA CX700 Host rev 0x00 pchb5 at pci0 dev 0 function 7 VIA CX700 Host rev 0x00 ppb0 at pci0 dev 1 function 0 VIA VT8377 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 VIA S3 UniChrome Pro II IGP rev 0x03 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) rl0 at pci0 dev 8 function 0 Realtek 8139 rev 0x10: apic 1 int 16 (irq 10), address 44:4d:50:03:0e:d6 rlphy0 at rl0 phy 0: RTL internal PHY rl1 at pci0 dev 11 function 0 Realtek 8139 rev 0x10: apic 1 int 19 (irq 11), address 44:4d:50:32:08:19 rlphy1 at rl1 phy 0: RTL internal PHY pciide0 at pci0 dev 15 function 0 VIA CX700 IDE rev 0x00: ATA133, channel 0 configured to compatibility, channel 1 configured to compatibility pciide0: channel 0 disabled (no drives) wd0 at pciide0 channel 1 drive 0: WDC WD800BEVE-00A0HT0 wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 5 uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x90: apic 1 int 20 (irq 10) ehci0 at pci0 dev 16 function 4 VIA VT6202 USB rev 0x90: apic 1 int 23 (irq 11) usb0 at ehci0: USB revision 2.0 uhub0 at usb0 VIA EHCI root hub rev 2.00/1.00 addr 1 viapm0 at pci0 dev 17 function 0 VIA CX700 ISA rev 0x00 iic0 at viapm0 pchb6 at pci0 dev 17 function 7 VIA VX700 Host rev 0x00 ppb1 at pci0 dev 19 function 0 VIA CX700 Host rev 0x00 pci2 at ppb1 bus 2 azalia0 at pci2 dev 1 function 0 VIA HD Audio rev 0x10: apic 1 int 17 (irq 5) azalia0: codecs: VIA/0x1708 audio0 at azalia0 usb1 at uhci0: USB revision 1.0 uhub1 at usb1 VIA UHCI root hub rev 1.00/1.00 addr 1 isa0 at mainbus0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo pckbc0 at isa0 port 0x60/5 pcppi0 at isa0 port 0x61 midi0 at pcppi0: PC speaker spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 wbsio0 at isa0 port 0x4e/2: W83697HF rev 0x12 wbsio0 port 0xa60/2 not
Re: OBSD 4.7 and Via C7 motherboards problem
* Geoff Steckel g...@oat.com [2010-08-08 22:47]: On 08/08/2010 03:28 PM, Henning Brauer wrote: * Geoff Steckelg...@oat.com [2010-08-08 20:29]: Your pf.conf should only hold state on one side. Multiple conflicting state table entries for the same connection ensure flaky failures. that is wrong in so many ways. first, should only hold state on one side is bullshit advice. holding state on both sides is absolutely fine. wether it is a good idea depends on a number of factors. it never really hurts. second, these state table entries will never ever collide. i may recommend a read here: http://bulabula.org/papers/2009/eurobsdcon-faster_packets/ especially slides 40 to 50 I'm saying what has worked for me. The state code has changed a lot since I did my last big set of tests. If states are truly unified between input and output interfaces, then the correct objection is: States found on any interface are reused quickly on all interfaces The documentation is not terribly clear about that. you have no idea what you are talking about, that part is clear. the above statements make no sense at all. we don't need to document the inner workings of the state table. there is no need for a user to know the details, at all. and if he wants to, there's the code. and my slides. I'm still a bit dubious about handling late FINs and other legal packets which the older PF code needed extra help to dispose correctly. i have no idea what you are talking about. -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: OBSD 4.7 and Via C7 motherboards problem
I've got a C7 board running 4.7 as my firewall. The configuration is a lot more baroque than yours... A couple of thoughts: Your pf.conf should only hold state on one side. Multiple conflicting state table entries for the same connection ensure flaky failures. I use quick wherever possible to eliminate hidden dependencies label entries on pf.conf rules can help show unexpected paths when testing, do before and after runs of netstat -ss pfctl -s labels pfctl -s state and diff them to check where packets are going Also tcpdump of pflog I.E. pass out quick log on $ext_if from ! ($ext_if) to any nat-to \ ($ext_if:0) label nat-rule pass out quick log on $ext_if all label ext-out pass out quick log on $int_if all flags any no-state label int-out pass in quick log on $ext_if all label ext-in pass in quick log on $int_if all flags any no-state label int-in This should show where things go. Geoff Steckel curmudgeon for hire My system: $ dmesg OpenBSD 4.7 (GENERIC) #558: Wed Mar 17 20:46:15 MDT 2010 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: VIA Esther processor 1500MHz (CentaurHauls 686-class) 1.51 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,APIC,SEP,MTRR,PGE,CMOV,PAT,CFLUSH,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,SSE3,EST,TM2 real mem = 1005023232 (958MB) avail mem = 965070848 (920MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 05/16/06, BIOS32 rev. 0 @ 0xfb570, SMBIOS rev. 2.3 @ 0xf (34 entries) bios0: vendor Phoenix Technologies, LTD version 6.00 PG date 05/16/2006 apm0 at bios0: Power Management spec V1.2 (slowidle) apm0: AC on, battery charge unknown acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xf/0xdc84 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdbb0/208 (11 entries) pcibios0: bad IRQ table checksum pcibios0: PCI BIOS has 11 Interrupt Routing table entries pcibios0: PCI Exclusive IRQs: 5 10 11 pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT8237 ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0xfe00 0xd/0x5000! cpu0 at mainbus0: (uniprocessor) cpu0: RNG AES AES-CTR SHA1 SHA256 RSA cpu0: unknown Enhanced SpeedStep CPU, msr 0x08100f1308000f13 cpu0: using only highest and lowest power states cpu0: Enhanced SpeedStep 1501 MHz: speeds: 1500, 800 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 VIA CN700 Host rev 0x00 viaagp0 at pchb0: v3 agp0 at viaagp0: aperture at 0xe800, size 0x1000 pchb1 at pci0 dev 0 function 1 VIA CN700 Host rev 0x00 pchb2 at pci0 dev 0 function 2 VIA CN700 Host rev 0x00 pchb3 at pci0 dev 0 function 3 VIA PT890 Host rev 0x00 pchb4 at pci0 dev 0 function 4 VIA CN700 Host rev 0x00 pchb5 at pci0 dev 0 function 7 VIA CN700 Host rev 0x00 ppb0 at pci0 dev 1 function 0 VIA VT8377 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 VIA S3 Unichrome PRO IGP rev 0x01 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) skc0 at pci0 dev 8 function 0 D-Link Systems DGE-530T A1 rev 0x11, Yukon (0x1): irq 11 sk0 at skc0 port A: address 00:0d:88:c8:2b:c8 eephy0 at sk0 phy 0: 88E1011 Gigabit PHY, rev. 3 VIA VT6306 FireWire rev 0x80 at pci0 dev 10 function 0 not configured re0 at pci0 dev 11 function 0 Realtek 8169 rev 0x10: RTL8169/8110SCd (0x1800), irq 5, address 00:30:18:a8:10:76 rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 2 pciide0 at pci0 dev 15 function 0 VIA VT6420 SATA rev 0x80: DMA pciide0: using irq 11 for native-PCI interrupt wd0 at pciide0 channel 1 drive 0: HTS541080G9SA00 wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 5 pciide1 at pci0 dev 15 function 1 VIA VT82C571 IDE rev 0x06: ATA133, channel 0 configured to compatibility, channel 1 configured to compatibility pciide1: channel 0 ignored (disabled) atapiscsi0 at pciide1 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: TSSTcorp, CDW/DVD SH-M522C, TS01 ATAPI 5/cdrom removable cd0(pciide1:1:0): using PIO mode 4, Ultra-DMA mode 2 uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x81: irq 10 uhci1 at pci0 dev 16 function 1 VIA VT83C572 USB rev 0x81: irq 10 uhci2 at pci0 dev 16 function 2 VIA VT83C572 USB rev 0x81: irq 11 uhci3 at pci0 dev 16 function 3 VIA VT83C572 USB rev 0x81: irq 11 ehci0 at pci0 dev 16 function 4 VIA VT6202 USB rev 0x86: irq 11 ehci0: timed out waiting for BIOS usb0 at ehci0: USB revision 2.0 uhub0 at usb0 VIA EHCI root hub rev 2.00/1.00 addr 1 viapm0 at pci0 dev 17 function 0 VIA VT8237 ISA rev 0x00 iic0 at viapm0 spdmem0 at iic0 addr 0x50: 1GB DDR2 SDRAM non-parity PC2-6400CL5 auvia0 at pci0 dev 17 function 5 VIA VT8233 AC97 rev 0x60: irq 11 ac97: codec id 0x56494170 (VIA Technologies VT1617) ac97: codec features headphone, 18 bit DAC, 18 bit ADC, KS Waves 3D audio0 at auvia0 vr0 at pci0 dev 18 function 0 VIA RhineII-2 rev 0x78: irq 10, address 00:30:18:a2:dd:0f ukphy0 at vr0
Re: OBSD 4.7 and Via C7 motherboards problem
* Geoff Steckel g...@oat.com [2010-08-08 20:29]: Your pf.conf should only hold state on one side. Multiple conflicting state table entries for the same connection ensure flaky failures. that is wrong in so many ways. first, should only hold state on one side is bullshit advice. holding state on both sides is absolutely fine. wether it is a good idea depends on a number of factors. it never really hurts. second, these state table entries will never ever collide. i may recommend a read here: http://bulabula.org/papers/2009/eurobsdcon-faster_packets/ especially slides 40 to 50 -- Henning Brauer, h...@bsws.de, henn...@openbsd.org BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting
Re: OBSD 4.7 and Via C7 motherboards problem
On 08/08/2010 03:28 PM, Henning Brauer wrote: * Geoff Steckelg...@oat.com [2010-08-08 20:29]: Your pf.conf should only hold state on one side. Multiple conflicting state table entries for the same connection ensure flaky failures. that is wrong in so many ways. first, should only hold state on one side is bullshit advice. holding state on both sides is absolutely fine. wether it is a good idea depends on a number of factors. it never really hurts. second, these state table entries will never ever collide. i may recommend a read here: http://bulabula.org/papers/2009/eurobsdcon-faster_packets/ especially slides 40 to 50 I'm saying what has worked for me. The state code has changed a lot since I did my last big set of tests. If states are truly unified between input and output interfaces, then the correct objection is: States found on any interface are reused quickly on all interfaces The documentation is not terribly clear about that. . I'm still a bit dubious about handling late FINs and other legal packets which the older PF code needed extra help to dispose correctly. Getting back to the original question, perhaps skip on $int would simplify debugging even further? geoff steckel curmudgeon for hire
Re: OBSD 4.7 and Via C7 motherboards problem
Peter, We purchased a couple of VIA C7 machines, specifically the NFR7500 for use as firewalls (http://www.via.com.tw/en/products/embedded/ProductDetail.jsp?id=341), and had an insane number of problems with the network interfaces, to the point of them being unusable (namely, they could not keep a link). We ended up just returning them; a Ubuntu Live CD worked perfectly, but 4.7 would not play nice with them. Just throwing that out there, you aren't the only one who has had issues with the C7 and VIA. Thanks, Andrew Klettke Optic Fusion NOC 253-830-2943 On 08/01/2010 01:49 PM, Peter Merritt wrote: I have a firewall that has been running several versions of OpenBSD successfully, the last being 4.6. After installing 4.7, I could not get the firewall to pass any traffic from the lan side. We have been having thunderstorms lately and I thought may be something was wrong with the nics so I changed the MB our for something similar, another c7 motherboard with 2 nics. I had the same problem, I can ping outside the network as well as the lan computers from the firewall. Tcpdump shows the lan traffic hitting the lan side, but no response back to the lan computers, lan traffic never gets to wan side nic. I put in a very minimal pf.conf and it still works the same. I'm at a loss what is wrong. pf.conf and dmess follows. Any ideas would be greatly appreciated. Peter Motherboard #1 Jetway 7f4k1G5D-LF 1.5ghz Motherboard #2 Jetway J7F4 1.2 Ghz # sysctl net.inet.ip.forwarding net.inet.ip.forwarding=1 # cat pf.min ext_if = re0 int_if = re1 match out log on egress from (self) to anytag EGRESS nat-to ($ext_if:0) port 1024:65535 #pass all pass out log on $ext_if all pass out log on $int_if all pass in log on $ext_if all pass in log on $int_if all # dmesg OpenBSD 4.7 (GENERIC) #558: Wed Mar 17 20:46:15 MDT 2010 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: VIA Eden Processor 1200MHz (CentaurHauls 686-class) 1.21 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,APIC,SEP,MTRR,PGE,CMOV,PAT,CFLUSH,ACPI,MM X,FXSR,SSE,SSE2,TM,SBF,SSE3,EST,TM2,xTPR real mem = 1005023232 (958MB) avail mem = 965070848 (920MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 11/25/08, BIOS32 rev. 0 @ 0xfa340, SMBIOS rev. 2.3 @ 0xf (33 entries) bios0: vendor Phoenix Technologies, LTD version 6.00 PG date 11/25/2008 apm0 at bios0: Power Management spec V1.2 (slowidle) apm0: AC on, battery charge unknown acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xf/0xc7f4 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfc720/208 (11 entries) pcibios0: bad IRQ table checksum pcibios0: PCI BIOS has 11 Interrupt Routing table entries pcibios0: PCI Exclusive IRQs: 5 10 11 15 pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT8237 ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x1 cpu0 at mainbus0: (uniprocessor) cpu0: RNG AES AES-CTR SHA1 SHA256 RSA cpu0: unknown Enhanced SpeedStep CPU, msr 0x04090c0a04000c0a cpu0: using only highest and lowest power states cpu0: Enhanced SpeedStep 1201 MHz: speeds: 1600, 533 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 VIA CN700 Host rev 0x00 viaagp0 at pchb0: v3 agp0 at viaagp0: aperture at 0xf800, size 0xe80 pchb1 at pci0 dev 0 function 1 VIA CN700 Host rev 0x00 pchb2 at pci0 dev 0 function 2 VIA CN700 Host rev 0x00 pchb3 at pci0 dev 0 function 3 VIA PT890 Host rev 0x00 pchb4 at pci0 dev 0 function 4 VIA CN700 Host rev 0x00 pchb5 at pci0 dev 0 function 7 VIA CN700 Host rev 0x00 ppb0 at pci0 dev 1 function 0 VIA VT8377 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 VIA S3 Unichrome PRO IGP rev 0x01 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) re0 at pci0 dev 9 function 0 Realtek 8169SC rev 0x10: RTL8169/8110SCd (0x1800), irq 10, address 00:30:18:ad:ed:96 rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 2 re1 at pci0 dev 11 function 0 Realtek 8169SC rev 0x10: RTL8169/8110SCd (0x1800), irq 11, address 00:30:18:ad:ed:97 rgephy1 at re1 phy 7: RTL8169S/8110S PHY, rev. 2 pciide0 at pci0 dev 15 function 0 VIA VT6420 SATA rev 0x80: DMA pciide0: using irq 15 for native-PCI interrupt wd0 at pciide0 channel 0 drive 0:ST380815AS wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 6 uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x81: irq 5 uhci1 at pci0 dev 16 function 1 VIA VT83C572 USB rev 0x81: irq 5 uhci2 at pci0 dev 16 function 2 VIA VT83C572 USB rev 0x81: irq 15 uhci3 at pci0 dev 16 function 3 VIA VT83C572 USB rev 0x81: irq 15 ehci0 at pci0 dev 16 function 4 VIA VT6202 USB rev 0x86: irq 10 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 VIA EHCI root hub rev 2.00/1.00 addr 1 viapm0 at pci0 dev 17 function 0 VIA VT8237 ISA rev 0x00 iic0 at viapm0 spdmem0 at iic0 addr 0x50: 1GB DDR2 SDRAM non-parity
Re: OBSD 4.7 and Via C7 motherboards problem
I put the drive into my firewall, completely different cpu and nics, would not work. Used my pf.conf with this drive, still would not work. Tried bare minimal pf.conf with nat and pass, sometimes would pass traffic, for random periods. Rebuild the kernel from fresh cvs source, same result. Right now will not pass dns from lan, just a one way conversation. I have worked for 2 days on still no closer to solving this. Peter -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Peter Merritt Sent: Sunday, August 01, 2010 6:43 PM To: misc@openbsd.org Subject: Re: OBSD 4.7 and Via C7 motherboards problem Thanks for the help, does look correct to me. Peter re0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:30:18:ad:ed:96 priority: 0 groups: egress media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause) status: active inet6 fe80::230:18ff:fead:ed96%re0 prefixlen 64 scopeid 0x1 inet XX.171.201.186 netmask 0xf800 broadcast XX.171.207.255 re1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:30:18:ad:ed:97 priority: 0 media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause) status: active inet6 fe80::230:18ff:fead:ed97%re1 prefixlen 64 scopeid 0x2 inet 192.168.0.254 netmask 0xff00 broadcast 192.168.0.255 Routing table on windows client: === Active Routes: Network DestinationNetmask Gateway Interface Metric 0.0.0.0 0.0.0.0192.168.0.254192.168.0.11 20 127.0.0.0255.0.0.0127.0.0.1 127.0.0.1 1 192.168.0.0255.255.255.0 192.168.0.11192.168.0.11 20 192.168.0.11 255.255.255.255127.0.0.1 127.0.0.1 20 192.168.0.255 255.255.255.255 192.168.0.11192.168.0.11 20 224.0.0.0240.0.0.0 192.168.0.11192.168.0.11 20 255.255.255.255 255.255.255.255 192.168.0.11192.168.0.11 1 Default Gateway: 192.168.0.254 -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Robert Sent: Sunday, August 01, 2010 4:30 PM To: misc@openbsd.org Subject: Re: OBSD 4.7 and Via C7 motherboards problem On Sun, 1 Aug 2010 13:49:07 -0700 Peter Merritt pwmerr...@weirdwater.org wrote: minimal pf.conf and it still works the same. I'm at a loss what is wrong. pf.conf and dmess follows. Any ideas would be greatly appreciated. Just some ideas: * check the routing tables on the client if they point to the firewall and on the firewall if it points outward (default routes etc.) * run ifconfig on the firewall to see if the Internet-facing nic is in the egress group regards, Robert
OBSD 4.7 and Via C7 motherboards problem
I have a firewall that has been running several versions of OpenBSD successfully, the last being 4.6. After installing 4.7, I could not get the firewall to pass any traffic from the lan side. We have been having thunderstorms lately and I thought may be something was wrong with the nics so I changed the MB our for something similar, another c7 motherboard with 2 nics. I had the same problem, I can ping outside the network as well as the lan computers from the firewall. Tcpdump shows the lan traffic hitting the lan side, but no response back to the lan computers, lan traffic never gets to wan side nic. I put in a very minimal pf.conf and it still works the same. I'm at a loss what is wrong. pf.conf and dmess follows. Any ideas would be greatly appreciated. Peter Motherboard #1 Jetway 7f4k1G5D-LF 1.5ghz Motherboard #2 Jetway J7F4 1.2 Ghz # sysctl net.inet.ip.forwarding net.inet.ip.forwarding=1 # cat pf.min ext_if = re0 int_if = re1 match out log on egress from (self) to anytag EGRESS nat-to ($ext_if:0) port 1024:65535 #pass all pass out log on $ext_if all pass out log on $int_if all pass in log on $ext_if all pass in log on $int_if all # dmesg OpenBSD 4.7 (GENERIC) #558: Wed Mar 17 20:46:15 MDT 2010 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: VIA Eden Processor 1200MHz (CentaurHauls 686-class) 1.21 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,APIC,SEP,MTRR,PGE,CMOV,PAT,CFLUSH,ACPI,MM X,FXSR,SSE,SSE2,TM,SBF,SSE3,EST,TM2,xTPR real mem = 1005023232 (958MB) avail mem = 965070848 (920MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 11/25/08, BIOS32 rev. 0 @ 0xfa340, SMBIOS rev. 2.3 @ 0xf (33 entries) bios0: vendor Phoenix Technologies, LTD version 6.00 PG date 11/25/2008 apm0 at bios0: Power Management spec V1.2 (slowidle) apm0: AC on, battery charge unknown acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xf/0xc7f4 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfc720/208 (11 entries) pcibios0: bad IRQ table checksum pcibios0: PCI BIOS has 11 Interrupt Routing table entries pcibios0: PCI Exclusive IRQs: 5 10 11 15 pcibios0: PCI Interrupt Router at 000:17:0 (VIA VT8237 ISA rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0x1 cpu0 at mainbus0: (uniprocessor) cpu0: RNG AES AES-CTR SHA1 SHA256 RSA cpu0: unknown Enhanced SpeedStep CPU, msr 0x04090c0a04000c0a cpu0: using only highest and lowest power states cpu0: Enhanced SpeedStep 1201 MHz: speeds: 1600, 533 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 VIA CN700 Host rev 0x00 viaagp0 at pchb0: v3 agp0 at viaagp0: aperture at 0xf800, size 0xe80 pchb1 at pci0 dev 0 function 1 VIA CN700 Host rev 0x00 pchb2 at pci0 dev 0 function 2 VIA CN700 Host rev 0x00 pchb3 at pci0 dev 0 function 3 VIA PT890 Host rev 0x00 pchb4 at pci0 dev 0 function 4 VIA CN700 Host rev 0x00 pchb5 at pci0 dev 0 function 7 VIA CN700 Host rev 0x00 ppb0 at pci0 dev 1 function 0 VIA VT8377 AGP rev 0x00 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 VIA S3 Unichrome PRO IGP rev 0x01 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) re0 at pci0 dev 9 function 0 Realtek 8169SC rev 0x10: RTL8169/8110SCd (0x1800), irq 10, address 00:30:18:ad:ed:96 rgephy0 at re0 phy 7: RTL8169S/8110S PHY, rev. 2 re1 at pci0 dev 11 function 0 Realtek 8169SC rev 0x10: RTL8169/8110SCd (0x1800), irq 11, address 00:30:18:ad:ed:97 rgephy1 at re1 phy 7: RTL8169S/8110S PHY, rev. 2 pciide0 at pci0 dev 15 function 0 VIA VT6420 SATA rev 0x80: DMA pciide0: using irq 15 for native-PCI interrupt wd0 at pciide0 channel 0 drive 0: ST380815AS wd0: 16-sector PIO, LBA48, 76319MB, 156301488 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 6 uhci0 at pci0 dev 16 function 0 VIA VT83C572 USB rev 0x81: irq 5 uhci1 at pci0 dev 16 function 1 VIA VT83C572 USB rev 0x81: irq 5 uhci2 at pci0 dev 16 function 2 VIA VT83C572 USB rev 0x81: irq 15 uhci3 at pci0 dev 16 function 3 VIA VT83C572 USB rev 0x81: irq 15 ehci0 at pci0 dev 16 function 4 VIA VT6202 USB rev 0x86: irq 10 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 VIA EHCI root hub rev 2.00/1.00 addr 1 viapm0 at pci0 dev 17 function 0 VIA VT8237 ISA rev 0x00 iic0 at viapm0 spdmem0 at iic0 addr 0x50: 1GB DDR2 SDRAM non-parity PC2-4200CL3 auvia0 at pci0 dev 17 function 5 VIA VT8233 AC97 rev 0x60: irq 10 ac97: codec id 0x414c4760 (Avance Logic ALC655 rev 0) audio0 at auvia0 usb1 at uhci0: USB revision 1.0 uhub1 at usb1 VIA UHCI root hub rev 1.00/1.00 addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2 VIA UHCI root hub rev 1.00/1.00 addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3 VIA UHCI root hub rev 1.00/1.00 addr 1 usb4 at uhci3: USB revision 1.0 uhub4 at usb4 VIA UHCI root hub rev 1.00/1.00 addr 1 isa0 at mainbus0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0:
Re: OBSD 4.7 and Via C7 motherboards problem
On Sun, 1 Aug 2010 13:49:07 -0700 Peter Merritt pwmerr...@weirdwater.org wrote: minimal pf.conf and it still works the same. I'm at a loss what is wrong. pf.conf and dmess follows. Any ideas would be greatly appreciated. Just some ideas: * check the routing tables on the client if they point to the firewall and on the firewall if it points outward (default routes etc.) * run ifconfig on the firewall to see if the Internet-facing nic is in the egress group regards, Robert
Re: OBSD 4.7 and Via C7 motherboards problem
Thanks for the help, does look correct to me. Peter re0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:30:18:ad:ed:96 priority: 0 groups: egress media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause) status: active inet6 fe80::230:18ff:fead:ed96%re0 prefixlen 64 scopeid 0x1 inet XX.171.201.186 netmask 0xf800 broadcast XX.171.207.255 re1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:30:18:ad:ed:97 priority: 0 media: Ethernet autoselect (100baseTX full-duplex,rxpause,txpause) status: active inet6 fe80::230:18ff:fead:ed97%re1 prefixlen 64 scopeid 0x2 inet 192.168.0.254 netmask 0xff00 broadcast 192.168.0.255 Routing table on windows client: === Active Routes: Network DestinationNetmask Gateway Interface Metric 0.0.0.0 0.0.0.0192.168.0.254192.168.0.11 20 127.0.0.0255.0.0.0127.0.0.1 127.0.0.1 1 192.168.0.0255.255.255.0 192.168.0.11192.168.0.11 20 192.168.0.11 255.255.255.255127.0.0.1 127.0.0.1 20 192.168.0.255 255.255.255.255 192.168.0.11192.168.0.11 20 224.0.0.0240.0.0.0 192.168.0.11192.168.0.11 20 255.255.255.255 255.255.255.255 192.168.0.11192.168.0.11 1 Default Gateway: 192.168.0.254 -Original Message- From: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] On Behalf Of Robert Sent: Sunday, August 01, 2010 4:30 PM To: misc@openbsd.org Subject: Re: OBSD 4.7 and Via C7 motherboards problem On Sun, 1 Aug 2010 13:49:07 -0700 Peter Merritt pwmerr...@weirdwater.org wrote: minimal pf.conf and it still works the same. I'm at a loss what is wrong. pf.conf and dmess follows. Any ideas would be greatly appreciated. Just some ideas: * check the routing tables on the client if they point to the firewall and on the firewall if it points outward (default routes etc.) * run ifconfig on the firewall to see if the Internet-facing nic is in the egress group regards, Robert
