pfx->pfx_origin = PREFIX_FROM_KERNEL;
On 7/24/2025 10:59, Karl Denninger wrote:
BTW the reason this behavior is definitely bad news is the following:
Note that if the delegated address changes the host in question does
get it marked "deprecated" essentially immediately but
arge number of devices.
On 7/24/2025 07:47, Karl Denninger wrote:
Nope -- no change:
07:44:23.810602 IP6 (hlim 255, next-header ICMPv6 (58) payload length:
56) fe80::2e0:b4ff:fe68:f895 > ff02::1: [icmp6 sum ok] ICMP6, router
advertisement, length 56
hop limit 64, Flags [none], pr
e:
Hi Karl,
What if you use a = instead of the #? For example :vltime=86400:
I set rdnss and dnssl using = and that works.
John
On Thu, 24 Jul 2025 at 01:38, Karl Denninger wrote:
On 7/23/2025 16:47, Bjoern A. Zeeb wrote:
On Wed, 23 Jul 2025, Karl Denninger wrote:
Hi,
(s
On 7/23/2025 16:47, Bjoern A. Zeeb wrote:
On Wed, 23 Jul 2025, Karl Denninger wrote:
Hi,
(sorry I deleted the message as the tex/only part was barely parsable).
Can you, for testing, try adding an
addr="xxx:xxx:xxx:::":\
to one of your entries and see if the behaviour cha
rote:
I have tried the "noip4ll" and "noarp" option. Didn't change anything.
My issue ended up that dhcpcd said in the logs it would sent a dhcp
packet (the port 67/68 thing), but nothing appeared on the network.
And so the lease timed out after a long time and it remove
ck 'em both in there) --
and if so then perhaps default behavior should be changed.
--
Karl Denninger
k...@denninger.net
/The Market Ticker/
/[S/MIME encrypted email preferred]/
smime.p7s
Description: S/MIME Cryptographic Signature
.
If THAT is what's making it mad (its seeing reserved address packets
that are never routable coming from me) then my turning it off may fix
it, but I don't know.
--
Karl Denninger
k...@denninger.net
/The Market Ticker/
/[S/MIME encrypted email preferred]/
smime.p7s
Description: S/MIME Cryptographic Signature
On 6/18/2025 21:29, Zhenlei Huang wrote:
On Jun 19, 2025, at 6:00 AM, Karl Denninger wrote:
Resurrecting an older thread
Can you please point me to the thread ? I'd like to gather more
context from that.
It was under this title; should be in the archives from June of last year
00 Ed Maste wrote ---
> On Sun, 7 Aug 2022 at 01:32, Ben woodswoods...@freebsd.org> wrote:
> In the previous threads some objections were raised about dhcpcd's
> lack of sandboxing (Capsicum / privilege separation), which has since
> been addressed.
>
> I w
call which can be used to push
changes to a DDNS server and since its "one thing instead of two" if
you're on dynamic addresses and using DDNS its more-convenient than
dealing with it in both the "factory" DHCP software for IPv4 and in
dhcp6c for the "6" side.
--
Karl Denninger
k...@denninger.net
/The Market Ticker/
/[S/MIME encrypted email preferred]/
smime.p7s
Description: S/MIME Cryptographic Signature
expected on an immediate
basis but the box did come up, did get a delegation and my clients got
SLACC addresses as expected so "first blush" it looks good.
--
Karl Denninger
k...@denninger.net
/The Market Ticker/
/[S/MIME encrypted email preferred]/
smime.p7s
Description: S/MIME Cryptographic Signature
On 2/21/2025 14:18, Roy Marples wrote:
Aha!
On Fri, 21 Feb 2025 18:34:25 + Roy Marples wrote
---
> On Fri, 21 Feb 2025 17:49:28 +0000 Karl
Denninger wrote ---
> > The issue that I had with it not configuring properly on a
cold boot, as far as I
tps://reviews.freebsd.org/D22012
Maybe some FreeBSD comitter could pickup the torch and move things forward?
Roy
The issue that I had with it not configuring properly on a cold boot, as
far as I know, has not been addressed -- unless there are updates since
you and I conversed on that point.
--
K
v6ra_autoconf
ia_pd 0/::/56 intnet1/42 intnet2/56
Thanks.
- Chris
--
Karl Denninger
k...@denninger.net
/The Market Ticker/
/[S/MIME encrypted email preferred]/
OpenPGP_signature.asc
Description: OpenPGP digital signature
On 7/31/2024 08:00, Karl Denninger wrote:
On 7/31/2024 07:10, Roy Marples wrote:
Roy Marples
On Wed, 31 Jul 2024 03:38:46 +0100 Karl Denninger wrote ---
> Starting dhcpcd.
> dhcpcd-10.0.8 starting
> igb0: link state changed to UP
> igb1
On 7/31/2024 07:10, Roy Marples wrote:
Roy Marples
On Wed, 31 Jul 2024 03:38:46 +0100 Karl Denninger wrote ---
> Starting dhcpcd.
> dhcpcd-10.0.8 starting
> igb0: link state changed to UP
> igb1: link state changed to UP
> no in
On 7/30/2024 16:54, Karl Denninger wrote:
On 7/30/2024 10:44, Roy Marples wrote:
Don't use -T in the real world. It will exit once one address family completes.
You probably want the --noconfigure option.
Roy
Ah, ok.
Well, next couple days I cannot screw with the network configur
one script" that
handles both -- right now, with two programs, I have to deal with both
separately as there are things on that box that do have to be
reconfigured or at least restarted on an IP address change.
--
Karl Denninger
k...@denninger.net
/The Market Ticker/
/[S/
now delayed auth had been obsoleted, thanks for letting
me to notice.
I'll try dhcpcd instead of dhcp6c.
Best Regards,
--
Karl Denninger
k...@denninger.net
/The Market Ticker/
/[S/MIME encrypted email preferred]/
OpenPGP_signature.asc
Description: OpenPGP digital signature
Nevermind -- I found an old Bugzila entry on this; the mlx4 driver does
not autoload the dependency (mlx4en) kernel module. With that loaded
manually it now appears to be working properly.
On 7/25/2024 12:45, Karl Denninger wrote:
Unable to determine PCI device chain minimum BW
--
Karl
solve and neither do the release note or user manual
links)
Thanks in advance!
--
Karl Denninger
k...@denninger.net
/The Market Ticker/
/[S/MIME encrypted email preferred]/
OpenPGP_signature.asc
Description: OpenPGP digital signature
On 7/24/2024 04:10, Roy Marples wrote:
On Wed, 24 Jul 2024 02:48:15 +0100 Karl Denninger wrote ---
> I'd like to replicate this that is currently being sent up via
dhcp6c, which is not quite-clear to me from the docs on how to do that..
> #
>
plicate that in the config file for
dhcpcd; I can figure out the script I'm sure, but the base config is not
clear to me.
--
Karl Denninger
k...@denninger.net
/The Market Ticker/
/[S/MIME encrypted email preferred]/
OpenPGP_signature.asc
Description: OpenPGP digital signature
e /etc/rtadvd.conf
# Set the preferred lifetime to 10 minutes on advertised prefixes.
# All other parameters are default.
#
igb1:\
:pltime#600:
That's pretty-much it.
I'm on 12.2 at present on this box and have not yet checked 13.0.
--
Karl Denninger
k...@denninger.net <mailto:k...@denninger.net>
/The Market Ticker/
/[S/MIME encrypted email preferred]/
smime.p7s
Description: S/MIME Cryptographic Signature
his; snippet from
/etc/rc.conf:
#
# IPv6 on internal interface, autoconfigure
#
ifconfig_igb0_ipv6="inet6 accept_rtadv"
rtsold_enable="YES"
And it does.
.
(addresses and options)
status: active
nd6 options=23
--
Karl Denninger
k...@denninger.n
On 1/13/2020 10:26, Victor Sudakov wrote:
> Karl Denninger wrote:
>
> [dd]
>
>> Strongswan works fine with Win10 HOWEVER note that Windows 10 until
>> somewhat recently (last summer, I believe) and ALL PREVIOUS VERSIONS
>> (e.g. Win7, 8, etc.) had a SEVERE problem
see what I mean) and StrongSwan will happily allow that. If you set
something even better (e.g. modp2048) and haven't made the registry
changes on the client side then a client that hasn't done it with
registry changes (whether by Powershell or direct edit) will not be able
to connec
quite-severe incident
because it left the external connection completely invisible -- if there
had been nobody available on the "inside" to do that manually.....
I'm on 12-STABLE r343809 on the specific box in question.
--
Karl Denninger
k...@denninger.net <mailto:k...@denn
s
Which appears to be the same place you are pulling from.
On 12/9/2018 20:04, Jamie Landeg-Jones wrote:
> Karl Denninger wrote:
>
>> Since I can't find evidence of a FreeBSD problem internally this is more
>> of a "is anyone else seeing this on Cox?" sort of reque
?" sort of request; what I find
especially interesting, however, is that it /always /happens when
talking to Project machines for updates whether for packages or SVN,
which is why I'm bringing it here.
--
Karl Denninger
k...@denninger.net <mailto:k...@denninger.net>
/The Market Ticker/
/[S/MIME encrypted email preferred]/
smime.p7s
Description: S/MIME Cryptographic Signature
On 1/4/2018 10:32, Lewis Donzis wrote:
> On Jan 4, 2018, at 10:17 AM, Karl Denninger wrote:
>> I've written a fair bit of code that binds to both Ipv4 and v6 for
>> incoming connections, using two sockets (one for each.)
>>
>> Perusing around the 'net I see
.ibm.com/support/knowledgecenter/en/ssw_i5_54/rzab6/xacceptboth.htm
--
Karl Denninger
k...@denninger.net <mailto:k...@denninger.net>
/The Market Ticker/
/[S/MIME encrypted email preferred]/
smime.p7s
Description: S/MIME Cryptographic Signature
n purpose.
I'd like to ram that up someone's chute out at Microslug, never mind
that their default proposals are intentionally insecure (gee, I wonder
if someone in the government "asked nicely" for that?) That's fixable
with a bit of registry editing, but the lack of IKEv2 frag support is a
killer and has basically forced me to support OpenVPN when there are
windows clients around and you have no control (at all) over the
networks in the middle between the client and server.
--
Karl Denninger
k...@denninger.net <mailto:k...@denninger.net>
/The Market Ticker/
/[S/MIME encrypted email preferred]/
smime.p7s
Description: S/MIME Cryptographic Signature
e the
> network starts? Of is there a better way?
>
> Thanks!
I am seeing the same behavior with an X220 Thinkpad with (what I believe
is) the same Centrino (a/b/g capable) WiFi card. It works /most of the
time /eventually, but often will cycle two or three times before it
finally
implify the IPv4 gameplaying that's
necessary to have something behind a gateway router while on a "globally
visible", but possibly changing "at whim", IpV6 address.
I assume someone has gone after this issue by now so if there's "prior
art" a pointer would
omeone can confirm it's working
properly on other architectures but not on ARM.)
On 5/12/2017 12:45, Karl Denninger wrote:
> Under fairly heavy stress (~50% of the 100Mbps possible FDX performance)
> I've now run into a problem that is turning into something I can repeat
>
ot; outcome for that involuntary
situation. But in the event that a local process *would* cause a buffer
overrun the kernel will instead return an error to the calling process
and *not* toss the data on the floor.
--
Karl Denninger
k...@denninger.net <mailto:k...@denninger.net>
/The Market Ticker/
/[S/MIME encrypted email preferred]/
smime.p7s
Description: S/MIME Cryptographic Signature
that should be documented.
>
>
This is kinda serious in that the above manifestation in svn effectively
disables it for those of us that are on IPv4 connections and have no
provider capability for IPv6 at the present time. When I was running
10.2 this was not a problem but as soon as
The second bind() call does fail but if the application ignores the return
code.... Are you sure all the associated system call return codes are being
checked?
The right way to do this Imho is to have a parent process that calls bind and
listen, gets the notification of an incoming connection
On 3/23/2014 10:57 AM, Karl Denninger wrote:
On 3/23/2014 12:01 AM, Karl Denninger wrote:
On 3/22/2014 5:44 PM, Karl Denninger wrote:
FreeBSD-STABLE 10 r263037M
It *looks* like anything coming in through IPSEC and being decoded
in there never goes through the ipfw chain at all
On 3/23/2014 12:01 AM, Karl Denninger wrote:
On 3/22/2014 5:44 PM, Karl Denninger wrote:
FreeBSD-STABLE 10 r263037M
It *looks* like anything coming in through IPSEC and being decoded in
there never goes through the ipfw chain at all.
This may be addressed by PR185876 checking
On 3/22/2014 5:44 PM, Karl Denninger wrote:
FreeBSD-STABLE 10 r263037M
Configuration has outside IPSEC connections coming in to Strongswan
which should then be able to NAT back out to the Internet. The
premise here is that "roaming" people may connect to this box and
obtain both
FreeBSD-STABLE 10 r263037M
Configuration has outside IPSEC connections coming in to Strongswan
which should then be able to NAT back out to the Internet. The premise
here is that "roaming" people may connect to this box and obtain both
access to "inside" resources and outside Internet access,
On 4/20/2013 11:01 PM, Karl Denninger wrote:
> On 4/20/2013 9:36 PM, Karl Denninger wrote:
>> I don't think so -- gre is not involved in the config.
>>
>> On 4/20/2013 7:59 PM, Steven Hartland wrote:
>>> - Original Message - From: "Karl Denninger&q
On 4/20/2013 9:36 PM, Karl Denninger wrote:
> I don't think so -- gre is not involved in the config.
>
> On 4/20/2013 7:59 PM, Steven Hartland wrote:
>> - Original Message - From: "Karl Denninger"
>> ...
>>> My "ordinary" NAT entry
I don't think so -- gre is not involved in the config.
On 4/20/2013 7:59 PM, Steven Hartland wrote:
> - Original Message - From: "Karl Denninger"
> ...
>> My "ordinary" NAT entry is simply "nat 1 ip from any to any via em1",
>> whic
t translate those packets then I can use the VPN to get INTO
the network but I CANNOT use it to make the remote machine appears to be
PART OF the network, and that sucks.
Any ideas?
--
-- Karl Denninger
/The Market Ticker ®/ <http://market-ticker.org>
Cuda Systems LLC
power supply becomes a $200 one once the
warranty ends - good for them, not good for you.
Other than that, I've been pretty happy with their stuff. Sure beats a lot
of other "PC" vendors out there in terms of reliability, heat management,
BIOS updates, etc.
--
--
Karl Denning
48 matches
Mail list logo
